Merge branch 'main' into tasiaiso-documentation

2024-05-17 02:09:06 -04:00 · 2024-05-17 02:09:06 -04:00 · 43f6a3a482
commit 43f6a3a482
parent d7eda01c16 e56dc207d1
21 changed files with 582 additions and 298 deletions
--- a/apps/admin/index.html
+++ b/apps/admin/index.html
@ -4,7 +4,8 @@
 		<script>
 			const g_data = $data;
 		</script>
-		<link rel="stylesheet" href="w3.css"></link>
+		<link rel="stylesheet" href="w3.css" />
+		<!-- prettier-ignore -->
 		<style>
 			/* 2018 Valiant Poppy */
 			.w3-theme-l5 {color:#000 !important; background-color:#fbf3f3 !important}
--- a/apps/admin/script.js
+++ b/apps/admin/script.js
@ -42,10 +42,27 @@ window.addEventListener('load', function () {
 		} else if (description.type === 'textarea') {
 			return html`
 				<li class="w3-row">
-					<label class="w3-quarter" for=${'gs_' + key} style="font-weight: bold">${key}</label>
+					<label class="w3-quarter" for=${'gs_' + key} style="font-weight: bold"
+						>${key}</label
+					>
 					<div class="w3-rest w3-padding">${description.description}</div>
-					<textarea class="w3-input" style="vertical-align: top; resize: vertical" id=${'gs_' + key}>${description.value}</textarea>
-					<button class="w3-button w3-right w3-quarter w3-theme-action" @click=${(e) => global_settings_set(key, e.srcElement.previousElementSibling.value)}>Set</button>
+					<textarea
+						class="w3-input"
+						style="vertical-align: top; resize: vertical"
+						id=${'gs_' + key}
+					>
+${description.value}</textarea
+					>
+					<button
+						class="w3-button w3-right w3-quarter w3-theme-action"
+						@click=${(e) =>
+							global_settings_set(
+								key,
+								e.srcElement.previousElementSibling.value
+							)}
+					>
+						Set
+					</button>
 				</li>
 			`;
 		} else {
@ -61,13 +78,17 @@ window.addEventListener('load', function () {
 	}
 	const user_template = (user, permissions) => html`
 		<li class="w3-card w3-margin">
-			<button class="w3-button w3-theme-action" @click=${(e) => delete_user(user)}>Delete</button>
+			<button
+				class="w3-button w3-theme-action"
+				@click=${(e) => delete_user(user)}
+			>
+				Delete
+			</button>
 			${user}: ${permissions.map((x) => permission_template(x))}
 		</li>
 	`;
 	const users_template = (users) =>
-		html`
-			<header class="w3-container w3-theme-l2"><h2>Users</h2></header>
+		html` <header class="w3-container w3-theme-l2"><h2>Users</h2></header>
 			<ul class="w3-ul">
 				${Object.entries(users).map((u) => user_template(u[0], u[1]))}
 			</ul>`;
--- a/apps/identity/app.js
+++ b/apps/identity/app.js
@ -78,7 +78,7 @@ async function main() {
 					alert('Successfully created: ' + id);
 					await tfrpc.rpc.reload();
 				} catch (e) {
-					alert('Error creating identity: ' + e);
+					alert('Error creating identity: ' + e.message);
 				}
 			}
 			handler.hide_id = function hide_id(event, element) {
@ -116,16 +116,18 @@ async function main() {
 		<div class="w3-card-4 w3-margin">
 			<header class="w3-container w3-theme-l2"><h2>Identities</h2></header>
 			<ul class="w3-ul">` +
-				ids
-					.map(
-						(id) => `<li style="overflow: hidden; text-wrap: nowrap; text-overflow: ellipsis">
+			ids
+				.map(
+					(
+						id
+					) => `<li style="overflow: hidden; text-wrap: nowrap; text-overflow: ellipsis">
 				<button onclick="handler.export_id(event)" data-id="${id}" class="w3-button w3-theme">Export Identity</button>
 				<button onclick="handler.delete_id(event)" data-id="${id}" class="w3-button w3-theme">Delete Identity</button>
 				${id}
 			</li>`
-					)
-					.join('\n') +
-				`	</ul>
+				)
+				.join('\n') +
+			`	</ul>
 		</div>
 	</body>`
 	);
--- a/apps/ssb.json
+++ b/apps/ssb.json
@ -1,5 +1,5 @@
 {
 	"type": "tildefriends-app",
 	"emoji": "🐌",
-	"previous": "&vEaOZjrNb0u9rhNqrQ8eU9TlOFlo4HsgW6hbI7VdIT0=.sha256"
+	"previous": "&wA6sLaDxtYeFdVCCu8jyhPsGYtGZEjbWQHeGOn0Yifg=.sha256"
 }
--- a/apps/ssb/tf-app.js
+++ b/apps/ssb/tf-app.js
@ -264,6 +264,7 @@ class TfElement extends LitElement {
 					hash=${this.hash}
 					.unread=${this.unread}
 					@refresh=${() => (this.unread = [])}
+					?loading=${this.loading}
 				></tf-tab-news>
 			`;
 		} else if (this.tab === 'connections') {
@ -344,13 +345,15 @@ class TfElement extends LitElement {
 					([k, v]) => html`
 						<button
 							title=${v}
-							class="w3-bar-item w3-padding-large w3-hover-theme tab ${self.tab ==
-							v
+							class="w3-bar-item w3-padding w3-hover-theme tab ${self.tab == v
 								? 'w3-theme-l2'
 								: 'w3-theme-l1'}"
 							@click=${() => self.set_tab(v)}
 						>
 							${k}
+							<span class=${self.tab == v ? '' : 'w3-hide-small'}
+								>${v.charAt(0).toUpperCase() + v.substring(1)}</span
+							>
 						</button>
 					`
 				)}
@ -358,10 +361,12 @@ class TfElement extends LitElement {
 		`;
 		let contents = !this.loaded
 			? this.loading
-				? html`<div class="w3-panel w3-theme-l5 w3-card-4 w3-padding-large w3-round-xlarge">
-					Loading...
-				</div>
-				${this.render_tab()}`
+				? html`<div
+							class="w3-panel w3-theme-l5 w3-card-4 w3-padding-large w3-round-xlarge"
+						>
+							Loading...
+						</div>
+						${this.render_tab()}`
 				: html`<div>Select or create an identity.</div>`
 			: this.render_tab();
 		return html`
--- a/apps/ssb/tf-compose.js
+++ b/apps/ssb/tf-compose.js
@ -295,14 +295,18 @@ class TfComposeElement extends LitElement {
 				{
 					values: values,
 					selectTemplate: function (item) {
-						return item ? `[@${item.original.key}](${item.original.value})` : undefined;
+						return item
+							? `[@${item.original.key}](${item.original.value})`
+							: undefined;
 					},
 				},
 				{
 					trigger: '&',
 					values: this.autocomplete,
 					selectTemplate: function (item) {
-						return item ? `![${item.original.key}](${item.original.value})` : undefined;
+						return item
+							? `![${item.original.key}](${item.original.value})`
+							: undefined;
 					},
 				},
 			],
@ -544,7 +548,7 @@ class TfComposeElement extends LitElement {
 							@paste=${this.paste}
 							contenteditable
 							.innerText=${live(draft.text ?? '')}
-							></span>
+						></span>
 					</div>
 					<div class="w3-half w3-padding">
 						${content_warning}
--- a/apps/ssb/tf-message.js
+++ b/apps/ssb/tf-message.js
@ -247,9 +247,7 @@ ${JSON.stringify(mention, null, 2)}</pre
 		if (mentions.length) {
 			let self = this;
 			return html`
-				<fieldset
-					style="padding: 0.5em; border: 1px solid black"
-				>
+				<fieldset style="padding: 0.5em; border: 1px solid black">
 					<legend>Mentions</legend>
 					${mentions.map((x) => self.render_mention(x))}
 				</fieldset>
--- a/apps/ssb/tf-tab-connections.js
+++ b/apps/ssb/tf-tab-connections.js
@ -7,9 +7,11 @@ class TfTabConnectionsElement extends LitElement {
 		return {
 			broadcasts: {type: Array},
 			identities: {type: Array},
+			my_identities: {type: Array},
 			connections: {type: Array},
 			stored_connections: {type: Array},
 			users: {type: Object},
+			server_identity: {type: String},
 		};
 	}

@ -20,15 +22,22 @@ class TfTabConnectionsElement extends LitElement {
 		let self = this;
 		this.broadcasts = [];
 		this.identities = [];
+		this.my_identities = [];
 		this.connections = [];
 		this.stored_connections = [];
 		this.users = {};
+		tfrpc.rpc.getIdentities().then(function (identities) {
+			self.my_identities = identities || [];
+		});
 		tfrpc.rpc.getAllIdentities().then(function (identities) {
 			self.identities = identities || [];
 		});
 		tfrpc.rpc.getStoredConnections().then(function (connections) {
 			self.stored_connections = connections || [];
 		});
+		tfrpc.rpc.getServerIdentity().then(function (identity) {
+			self.server_identity = identity;
+		});
 	}

 	render_connection_summary(connection) {
@ -96,6 +105,16 @@ class TfTabConnectionsElement extends LitElement {
 	}

 	render_connection(connection) {
+		let requests = Object.values(
+			connection.requests.reduce(function (accumulator, value) {
+				let key = `${value.name}:${Math.sign(value.request_number)}`;
+				if (!accumulator[key]) {
+					accumulator[key] = Object.assign({count: 0}, value);
+				}
+				accumulator[key].count++;
+				return accumulator;
+			}, {})
+		);
 		return html`
 			<button
 				class="w3-button w3-theme-d1"
@ -107,9 +126,20 @@ class TfTabConnectionsElement extends LitElement {
 			${connection.tunnel !== undefined
 				? '🚇'
 				: html`(${connection.host}:${connection.port})`}
-			<div>${connection.requests.map(x => html`
-				<span class="w3-tag w3-small">${x.request_number > 0 ? '🟩' : '🟥'} ${x.name}</span>
-			`)}</div>
+			<div>
+				${requests.map(
+					(x) => html`
+						<span class="w3-tag w3-small"
+							>${x.request_number > 0 ? '🟩' : '🟥'} ${x.name}
+							<span
+								class="w3-badge w3-white"
+								style=${x.count > 1 ? undefined : 'display: none'}
+								>${x.count}</span
+							></span
+						>
+					`
+				)}
+			</div>
 			<ul>
 				${this.connections
 					.filter((x) => x.tunnel === this.connections.indexOf(connection))
@ -178,6 +208,16 @@ class TfTabConnectionsElement extends LitElement {
 					${this.identities.map(
 						(x) =>
 							html`<li class="w3-bar">
+								${x == this.server_identity
+									? html`<span class="w3-tag w3-medium w3-round w3-theme-l1"
+											>🖥 local server</span
+										>`
+									: undefined}
+								${this.my_identities.indexOf(x) != -1
+									? html`<span class="w3-tag w3-medium w3-round w3-theme-d1"
+											>😎 you</span
+										>`
+									: undefined}
 								<tf-user id=${x} .users=${this.users}></tf-user>
 							</li>`
 					)}
--- a/apps/ssb/tf-tab-news.js
+++ b/apps/ssb/tf-tab-news.js
@ -12,6 +12,7 @@ class TfTabNewsElement extends LitElement {
 			following: {type: Array},
 			drafts: {type: Object},
 			expanded: {type: Object},
+			loading: {type: Boolean},
 		};
 	}

@ -113,6 +114,19 @@ class TfTabNewsElement extends LitElement {
 					.users=${this.users}
 				></tf-profile>`
 			: undefined;
+		let edit_profile;
+		if (
+			!this.loading &&
+			this.users[this.whoami]?.name === undefined &&
+			this.hash.substring(1) != this.whoami
+		) {
+			edit_profile = html` <div
+				class="w3-panel w3-padding w3-round w3-card-4 w3-theme-l3"
+			>
+				ℹ️ Follow your identity link ☝️ above to edit your profile and set your
+				name.
+			</div>`;
+		}
 		return html`
 			<p class="w3-bar">
 				<button
@ -124,6 +138,7 @@ class TfTabNewsElement extends LitElement {
 			</p>
 			<div>
 				Welcome, <tf-user id=${this.whoami} .users=${this.users}></tf-user>!
+				${edit_profile}
 			</div>
 			<div>
 				<tf-compose
--- a/apps/ssb/tf-user.js
+++ b/apps/ssb/tf-user.js
@ -19,6 +19,11 @@ class TfUserElement extends LitElement {
 	}

 	render() {
+		let image = html`<span
+			class="w3-theme-light w3-circle"
+			style="display: inline-block; width: 2em; height: 2em; text-align: center; line-height: 2em"
+			>?</span
+		>`;
 		let name = this.users?.[this.id]?.name;
 		name =
 			name !== undefined
@ -26,21 +31,20 @@ class TfUserElement extends LitElement {
 				: html`<a target="_top" href=${'#' + this.id}>${this.id}</a>`;

 		if (this.users[this.id]) {
-			let image = this.users[this.id].image;
-			image = typeof image == 'string' ? image : image?.link;
-			return html` <div style="display: inline-block; font-weight: bold">
-				<img
-					style="width: 2em; height: 2em; vertical-align: middle; border-radius: 50%"
-					?hidden=${image === undefined}
-					src="${image ? '/' + image + '/view' : undefined}"
-				/>
-				${name}
-			</div>`;
-		} else {
-			return html` <div style="display: inline-block; font-weight: bold">
-				${name}
-			</div>`;
+			let image_link = this.users[this.id].image;
+			image_link =
+				typeof image_link == 'string' ? image_link : image_link?.link;
+			if (image_link !== undefined) {
+				image = html`<img
+					class="w3-circle"
+					style="width: 2em; height: 2em; vertical-align: middle"
+					src="/${image_link}/view"
+				/>`;
+			}
 		}
+		return html` <div style="display: inline-block; font-weight: bold">
+			${image} ${name}
+		</div>`;
 	}
 }

--- a/core/client.js
+++ b/core/client.js
@ -208,7 +208,10 @@ class TfNavigationElement extends LitElement {
 					</div>
 				</div>
 			`;
-		} else {
+		} else if (
+			this.credentials?.session?.name &&
+			this.credentials.session.name !== 'guest'
+		) {
 			return html`
 				<link type="text/css" rel="stylesheet" href="/static/w3.css" />
 				<button
--- a/core/core.js
+++ b/core/core.js
@ -8,116 +8,6 @@ let gStatsTimer = false;
 const k_content_security_policy =
 	'sandbox allow-downloads allow-top-navigation-by-user-activation';

-const k_mime_types = {
-	css: 'text/css',
-	html: 'text/html',
-	js: 'text/javascript',
-	json: 'text/json',
-	map: 'application/json',
-	svg: 'image/svg+xml',
-};
-
-const k_magic_bytes = [
-	{bytes: [0xff, 0xd8, 0xff, 0xdb], type: 'image/jpeg'},
-	{
-		bytes: [
-			0xff, 0xd8, 0xff, 0xe0, 0x00, 0x10, 0x4a, 0x46, 0x49, 0x46, 0x00, 0x01,
-		],
-		type: 'image/jpeg',
-	},
-	{bytes: [0xff, 0xd8, 0xff, 0xee], type: 'image/jpeg'},
-	{
-		bytes: [
-			0xff,
-			0xd8,
-			0xff,
-			0xe1,
-			null,
-			null,
-			0x45,
-			0x78,
-			0x69,
-			0x66,
-			0x00,
-			0x00,
-		],
-		type: 'image/jpeg',
-	},
-	{bytes: [0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a], type: 'image/png'},
-	{bytes: [0x47, 0x49, 0x46, 0x38, 0x37, 0x61], type: 'image/gif'},
-	{bytes: [0x47, 0x49, 0x46, 0x38, 0x39, 0x61], type: 'image/gif'},
-	{
-		bytes: [
-			0x52,
-			0x49,
-			0x46,
-			0x46,
-			null,
-			null,
-			null,
-			null,
-			0x57,
-			0x45,
-			0x42,
-			0x50,
-		],
-		type: 'image/webp',
-	},
-	{bytes: [0x3c, 0x73, 0x76, 0x67], type: 'image/svg+xml'},
-	{
-		bytes: [
-			null,
-			null,
-			null,
-			null,
-			0x66,
-			0x74,
-			0x79,
-			0x70,
-			0x6d,
-			0x70,
-			0x34,
-			0x32,
-		],
-		type: 'audio/mpeg',
-	},
-	{
-		bytes: [
-			null,
-			null,
-			null,
-			null,
-			0x66,
-			0x74,
-			0x79,
-			0x70,
-			0x69,
-			0x73,
-			0x6f,
-			0x6d,
-		],
-		type: 'video/mp4',
-	},
-	{
-		bytes: [
-			null,
-			null,
-			null,
-			null,
-			0x66,
-			0x74,
-			0x79,
-			0x70,
-			0x6d,
-			0x70,
-			0x34,
-			0x32,
-		],
-		type: 'video/mp4',
-	},
-	{bytes: [0x4d, 0x54, 0x68, 0x64], type: 'audio/midi'},
-];
-
 let k_static_files = [
 	{uri: '/', path: 'index.html', type: 'text/html; charset=UTF-8'},
 ];
@ -577,7 +467,8 @@ async function getProcessBlob(blobId, key, options) {
 				if (
 					process.credentials &&
 					process.credentials.session &&
-					process.credentials.session.name
+					process.credentials.session.name &&
+					process.credentials.session.name !== 'guest'
 				) {
 					let id = ssb.createIdentity(process.credentials.session.name);
 					await process.sendIdentities();
@ -595,6 +486,8 @@ async function getProcessBlob(blobId, key, options) {
 						]
 					);
 					return id;
+				} else {
+					throw new Error('Must be signed-in to create an account.');
 				}
 			};
 			if (process.credentials?.permissions?.administration) {
@ -938,29 +831,6 @@ function startsWithBytes(data, bytes) {
 	}
 }

-/**
- * TODOC
- * @param {*} path
- * @returns
- */
-function guessTypeFromName(path) {
-	let extension = path.split('.').pop();
-	return k_mime_types[extension];
-}
-
-/**
- * TODOC
- * @param {*} data
- * @returns
- */
-function guessTypeFromMagicBytes(data) {
-	for (let magic of k_magic_bytes) {
-		if (startsWithBytes(data, magic.bytes)) {
-			return magic.type;
-		}
-	}
-}
-
 /**
 * TODOC
 * @param {*} response
@ -976,7 +846,9 @@ function sendData(response, data, type, headers, status_code) {
 			Object.assign(
 				{
 					'Content-Type':
-						type || guessTypeFromMagicBytes(data) || 'application/binary',
+						type ||
+						httpd.mime_type_from_magic_bytes(data) ||
+						'application/binary',
 					'Content-Length': data.byteLength,
 				},
 				headers || {}
@ -1345,7 +1217,9 @@ async function blobHandler(request, response, blobId, uri) {
 					'Content-Security-Policy': k_content_security_policy,
 				};
 				data = await getBlobOrContent(id);
-				let type = guessTypeFromName(uri) || guessTypeFromMagicBytes(data);
+				let type =
+					httpd.mime_type_from_extension(uri) ||
+					httpd.mime_type_from_magic_bytes(data);
 				sendData(response, data, type, headers);
 			}
 		} else {
--- a/src/httpd.js.c
+++ b/src/httpd.js.c
@ -31,6 +31,10 @@

 #define tf_countof(a) ((int)(sizeof((a)) / sizeof(*(a))))

+#define CYAN "\e[1;36m"
+#define MAGENTA "\e[1;35m"
+#define RESET "\e[0m"
+
 const int64_t k_refresh_interval = 1ULL * 7 * 24 * 60 * 60 * 1000;

 static JSValue _authenticate_jwt(JSContext* context, const char* jwt);
@ -416,6 +420,7 @@ static JSValue _httpd_endpoint_start(JSContext* context, JSValueConst this_val,
 	*listener = (httpd_listener_t) { .context = context, .tls = JS_DupValue(context, argv[1]) };
 	tf_tls_context_t* tls = tf_tls_context_get(listener->tls);
 	int assigned_port = tf_http_listen(http, port, tls, _httpd_listener_cleanup, listener);
+	tf_printf(CYAN "~😎 Tilde Friends" RESET " is now up at " MAGENTA "http%s://127.0.0.1:%d/" RESET ".\n", tls ? "s" : "", assigned_port);
 	return JS_NewInt32(context, assigned_port);
 }

@ -493,6 +498,151 @@ static JSValue _httpd_auth_query(JSContext* context, JSValueConst this_val, int
 	return result;
 }

+typedef struct _magic_bytes_t
+{
+	const char* type;
+	uint8_t bytes[12];
+	uint8_t ignore[12];
+} magic_bytes_t;
+
+static bool _magic_bytes_match(const magic_bytes_t* magic, const uint8_t* actual, size_t size)
+{
+	if (size < sizeof(magic->bytes))
+	{
+		return false;
+	}
+
+	int length = (int)tf_min(sizeof(magic->bytes), size);
+	for (int i = 0; i < length; i++)
+	{
+		if ((magic->bytes[i] & ~magic->ignore[i]) != (actual[i] & ~magic->ignore[i]))
+		{
+			return false;
+		}
+	}
+	return true;
+}
+
+static JSValue _httpd_mime_type_from_magic_bytes(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
+{
+	JSValue result = JS_UNDEFINED;
+	size_t size = 0;
+	uint8_t* bytes = tf_util_try_get_array_buffer(context, &size, argv[0]);
+	if (bytes)
+	{
+
+		const magic_bytes_t k_magic_bytes[] = {
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xdb },
+			},
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xe0, 0x00, 0x10, 0x4a, 0x46, 0x49, 0x46, 0x00, 0x01 },
+			},
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xee },
+			},
+			{
+				.type = "image/jpeg",
+				.bytes = { 0xff, 0xd8, 0xff, 0xe1, 0x00, 0x00, 0x45, 0x78, 0x69, 0x66, 0x00, 0x00 },
+				.ignore = { 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "image/png",
+				.bytes = { 0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a },
+			},
+			{
+				.type = "image/gif",
+				.bytes = { 0x47, 0x49, 0x46, 0x38, 0x37, 0x61 },
+			},
+			{
+				.type = "image/gif",
+				.bytes = { 0x47, 0x49, 0x46, 0x38, 0x39, 0x61 },
+			},
+			{
+				.type = "image/webp",
+				.bytes = { 0x52, 0x49, 0x46, 0x46, 0x00, 0x00, 0x00, 0x00, 0x57, 0x45, 0x42, 0x50 },
+				.ignore = { 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "image/svg+xml",
+				.bytes = { 0x3c, 0x73, 0x76, 0x67 },
+			},
+			{
+				.type = "audio/mpeg",
+				.bytes = { 0x00, 0x00, 0x00, 0x00, 0x66, 0x74, 0x79, 0x70, 0x6d, 0x70, 0x34, 0x32 },
+				.ignore = { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "video/mp4",
+				.bytes = { 0x00, 0x00, 0x00, 0x00, 0x66, 0x74, 0x79, 0x70, 0x69, 0x73, 0x6f, 0x6d },
+				.ignore = { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "video/mp4",
+				.bytes = { 0x00, 0x00, 0x00, 0x00, 0x66, 0x74, 0x79, 0x70, 0x6d, 0x70, 0x34, 0x32 },
+				.ignore = { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+			},
+			{
+				.type = "audio/midi",
+				.bytes = { 0x4d, 0x54, 0x68, 0x64 },
+			},
+		};
+
+		for (int i = 0; i < tf_countof(k_magic_bytes); i++)
+		{
+			if (_magic_bytes_match(&k_magic_bytes[i], bytes, size))
+			{
+				result = JS_NewString(context, k_magic_bytes[i].type);
+				break;
+			}
+		}
+	}
+	return result;
+}
+
+static const char* _ext_to_content_type(const char* ext, bool use_fallback)
+{
+	if (ext)
+	{
+		typedef struct _ext_type_t
+		{
+			const char* ext;
+			const char* type;
+		} ext_type_t;
+
+		const ext_type_t k_types[] = {
+			{ .ext = ".html", .type = "text/html; charset=UTF-8" },
+			{ .ext = ".js", .type = "text/javascript; charset=UTF-8" },
+			{ .ext = ".mjs", .type = "text/javascript; charset=UTF-8" },
+			{ .ext = ".css", .type = "text/css; charset=UTF-8" },
+			{ .ext = ".png", .type = "image/png" },
+			{ .ext = ".json", .type = "application/json" },
+			{ .ext = ".map", .type = "application/json" },
+			{ .ext = ".svg", .type = "image/svg+xml" },
+		};
+
+		for (int i = 0; i < tf_countof(k_types); i++)
+		{
+			if (strcmp(ext, k_types[i].ext) == 0)
+			{
+				return k_types[i].type;
+			}
+		}
+	}
+	return use_fallback ? "application/binary" : NULL;
+}
+
+static JSValue _httpd_mime_type_from_extension(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
+{
+	const char* name = JS_ToCString(context, argv[0]);
+	const char* type = _ext_to_content_type(strrchr(name, '.'), false);
+	JS_FreeCString(context, name);
+	return type ? JS_NewString(context, type) : JS_UNDEFINED;
+}
+
 static void _httpd_finalizer(JSRuntime* runtime, JSValue value)
 {
 	tf_http_t* http = JS_GetOpaque(value, _httpd_class_id);
@ -622,30 +772,6 @@ typedef struct _http_file_t
 	char etag[512];
 } http_file_t;

-static const char* _ext_to_content_type(const char* ext)
-{
-	if (ext)
-	{
-		if (strcmp(ext, ".html") == 0)
-		{
-			return "text/html; charset=UTF-8";
-		}
-		else if (strcmp(ext, ".js") == 0 || strcmp(ext, ".mjs") == 0)
-		{
-			return "text/javascript; charset=UTF-8";
-		}
-		else if (strcmp(ext, ".css") == 0)
-		{
-			return "text/css; charset=UTF-8";
-		}
-		else if (strcmp(ext, ".png") == 0)
-		{
-			return "image/png";
-		}
-	}
-	return "application/binary";
-}
-
 static void _httpd_endpoint_static_read(tf_task_t* task, const char* path, int result, const void* data, void* user_data)
 {
 	http_file_t* file = user_data;
@ -654,7 +780,7 @@ static void _httpd_endpoint_static_read(tf_task_t* task, const char* path, int r
 	{
 		if (strcmp(path, "core/tfrpc.js") == 0)
 		{
-			const char* content_type = _ext_to_content_type(strrchr(path, '.'));
+			const char* content_type = _ext_to_content_type(strrchr(path, '.'), true);
 			const char* headers[] = {
 				"Content-Type",
 				content_type,
@ -667,7 +793,7 @@ static void _httpd_endpoint_static_read(tf_task_t* task, const char* path, int r
 		}
 		else
 		{
-			const char* content_type = _ext_to_content_type(strrchr(path, '.'));
+			const char* content_type = _ext_to_content_type(strrchr(path, '.'), true);
 			const char* headers[] = {
 				"Content-Type",
 				content_type,
@ -1075,7 +1201,7 @@ static JSValue _authenticate_jwt(JSContext* context, const char* jwt)
 	tf_task_t* task = tf_task_get(context);
 	tf_ssb_t* ssb = tf_task_get_ssb(task);
 	char public_key_b64[k_id_base64_len] = { 0 };
-	tf_ssb_db_identity_visit(ssb, ":auth", _public_key_visit, public_key_b64);
+	tf_ssb_db_identity_visit(ssb, ":admin", _public_key_visit, public_key_b64);

 	const char* payload = jwt + dot[0] + 1;
 	size_t payload_length = dot[1] - dot[0] - 1;
@ -1145,15 +1271,12 @@ static void _visit_auth_identity(const char* identity, void* user_data)
 static bool _get_auth_private_key(tf_ssb_t* ssb, uint8_t* out_private_key)
 {
 	char id[k_id_base64_len] = { 0 };
-	tf_ssb_db_identity_visit(ssb, ":auth", _visit_auth_identity, id);
+	tf_ssb_db_identity_visit(ssb, ":admin", _visit_auth_identity, id);
 	if (*id)
 	{
-		return tf_ssb_db_identity_get_private_key(ssb, ":auth", id, out_private_key, crypto_sign_SECRETKEYBYTES);
-	}
-	else
-	{
-		return tf_ssb_db_identity_create(ssb, ":auth", out_private_key + crypto_sign_PUBLICKEYBYTES, out_private_key);
+		return tf_ssb_db_identity_get_private_key(ssb, ":admin", id, out_private_key, crypto_sign_SECRETKEYBYTES);
 	}
+	return false;
 }

 static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
@ -1162,21 +1285,15 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
 	{
 		return NULL;
 	}
-	uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
-	if (!_get_auth_private_key(ssb, private_key))
-	{
-		return NULL;
-	}

 	uv_timespec64_t now = { 0 };
 	uv_clock_gettime(UV_CLOCK_REALTIME, &now);

-	JSContext* context = tf_ssb_get_context(ssb);
-
 	const char* header_json = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
 	char header_base64[256];
 	sodium_bin2base64(header_base64, sizeof(header_base64), (uint8_t*)header_json, strlen(header_json), sodium_base64_VARIANT_URLSAFE_NO_PADDING);

+	JSContext* context = tf_ssb_get_context(ssb);
 	JSValue payload = JS_NewObject(context);
 	JS_SetPropertyStr(context, payload, "name", JS_NewString(context, name));
 	JS_SetPropertyStr(context, payload, "exp", JS_NewInt64(context, now.tv_sec * 1000 + now.tv_nsec / 1000000LL + k_refresh_interval));
@ -1191,12 +1308,17 @@ static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
 	unsigned long long signature_length = 0;
 	char signature_base64[256] = { 0 };

-	if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0)
+	uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
+	if (_get_auth_private_key(ssb, private_key))
 	{
-		sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
-		size_t size = strlen(header_base64) + 1 + strlen(payload_base64) + 1 + strlen(signature_base64) + 1;
-		result = tf_malloc(size);
-		snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64);
+		if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0)
+		{
+			sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
+			size_t size = strlen(header_base64) + 1 + strlen(payload_base64) + 1 + strlen(signature_base64) + 1;
+			result = tf_malloc(size);
+			snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64);
+		}
+		sodium_memzero(private_key, sizeof(private_key));
 	}

 	JS_FreeCString(context, payload_string);
@ -1518,6 +1640,8 @@ void tf_httpd_register(JSContext* context)
 	JS_SetPropertyStr(context, httpd, "start", JS_NewCFunction(context, _httpd_endpoint_start, "start", 2));
 	JS_SetPropertyStr(context, httpd, "set_http_redirect", JS_NewCFunction(context, _httpd_set_http_redirect, "set_http_redirect", 1));
 	JS_SetPropertyStr(context, httpd, "auth_query", JS_NewCFunction(context, _httpd_auth_query, "auth_query", 1));
+	JS_SetPropertyStr(context, httpd, "mime_type_from_magic_bytes", JS_NewCFunction(context, _httpd_mime_type_from_magic_bytes, "mime_type_from_magic_bytes", 1));
+	JS_SetPropertyStr(context, httpd, "mime_type_from_extension", JS_NewCFunction(context, _httpd_mime_type_from_extension, "mime_type_from_extension", 1));
 	JS_SetPropertyStr(context, global, "httpd", httpd);
 	JS_FreeValue(context, global);
 }
--- a/src/main.c
+++ b/src/main.c
@ -48,6 +48,7 @@ static int _tf_command_import(const char* file, int argc, char* argv[]);
 static int _tf_command_export(const char* file, int argc, char* argv[]);
 static int _tf_command_run(const char* file, int argc, char* argv[]);
 static int _tf_command_sandbox(const char* file, int argc, char* argv[]);
+static int _tf_command_verify(const char* file, int argc, char* argv[]);
 static int _tf_command_usage(const char* file);

 typedef struct _command_t
@ -62,6 +63,7 @@ const command_t k_commands[] = {
 	{ "sandbox", _tf_command_sandbox, "Run a sandboxed tildefriends sandbox process (used internally)." },
 	{ "import", _tf_command_import, "Import apps to SSB." },
 	{ "export", _tf_command_export, "Export apps from SSB." },
+	{ "verify", _tf_command_verify, "Verify a feed." },
 	{ "test", _tf_command_test, "Test SSB." },
 };

@ -266,6 +268,59 @@ static int _tf_command_export(const char* file, int argc, char* argv[])
 	tf_ssb_destroy(ssb);
 	return EXIT_SUCCESS;
 }
+
+static int _tf_command_verify(const char* file, int argc, char* argv[])
+{
+	const char* identity = NULL;
+	const char* db_path = k_db_path_default;
+	bool show_usage = false;
+
+	while (!show_usage)
+	{
+		static const struct option k_options[] = {
+			{ "id", required_argument, NULL, 'u' },
+			{ "db-path", required_argument, NULL, 'd' },
+			{ "help", no_argument, NULL, 'h' },
+			{ 0 },
+		};
+		int c = getopt_long(argc, argv, "i:d:h", k_options, NULL);
+		if (c == -1)
+		{
+			break;
+		}
+
+		switch (c)
+		{
+		case '?':
+		case 'h':
+		default:
+			show_usage = true;
+			break;
+		case 'i':
+			identity = optarg;
+			break;
+		case 'd':
+			db_path = optarg;
+			break;
+		}
+	}
+
+	if (show_usage)
+	{
+		tf_printf("\n%s import [options] [paths...]\n\n", file);
+		tf_printf("options:\n");
+		tf_printf("  -i, --identity identity  Identity to verify.\n");
+		tf_printf("  -d, --db-path db_path    SQLite database path (default: %s).\n", k_db_path_default);
+		tf_printf("  -h, --help               Show this usage information.\n");
+		return EXIT_FAILURE;
+	}
+
+	tf_printf("Verifying %s...\n", identity);
+	tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path, NULL);
+	bool verified = tf_ssb_db_verify(ssb, identity);
+	tf_ssb_destroy(ssb);
+	return verified ? EXIT_SUCCESS : EXIT_FAILURE;
+}
 #endif

 typedef struct tf_run_args_t
--- a/src/ssb.c
+++ b/src/ssb.c
@ -1019,7 +1019,18 @@ static bool _tf_ssb_verify_and_strip_signature_internal(JSContext* context, JSVa

 bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* out_id, size_t out_id_size, char* out_signature, size_t out_signature_size, int* out_flags)
 {
-	if (_tf_ssb_verify_and_strip_signature_internal(context, val, out_id, out_id_size, out_signature, out_signature_size))
+	JSValue reordered = JS_NewObject(context);
+	JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous"));
+	JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author"));
+	JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence"));
+	JS_SetPropertyStr(context, reordered, "timestamp", JS_GetPropertyStr(context, val, "timestamp"));
+	JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash"));
+	JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content"));
+	JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature"));
+	bool result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size);
+	JS_FreeValue(context, reordered);
+
+	if (result)
 	{
 		if (out_flags)
 		{
@ -1027,27 +1038,26 @@ bool tf_ssb_verify_and_strip_signature(JSContext* context, JSValue val, char* ou
 		}
 		return true;
 	}
-	else
+
+	reordered = JS_NewObject(context);
+	JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous"));
+	JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence"));
+	JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author"));
+	JS_SetPropertyStr(context, reordered, "timestamp", JS_GetPropertyStr(context, val, "timestamp"));
+	JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash"));
+	JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content"));
+	JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature"));
+	result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size);
+	JS_FreeValue(context, reordered);
+	if (result)
 	{
-		JSValue reordered = JS_NewObject(context);
-		JS_SetPropertyStr(context, reordered, "previous", JS_GetPropertyStr(context, val, "previous"));
-		JS_SetPropertyStr(context, reordered, "sequence", JS_GetPropertyStr(context, val, "sequence"));
-		JS_SetPropertyStr(context, reordered, "author", JS_GetPropertyStr(context, val, "author"));
-		JS_SetPropertyStr(context, reordered, "timestamp", JS_GetPropertyStr(context, val, "timestamp"));
-		JS_SetPropertyStr(context, reordered, "hash", JS_GetPropertyStr(context, val, "hash"));
-		JS_SetPropertyStr(context, reordered, "content", JS_GetPropertyStr(context, val, "content"));
-		JS_SetPropertyStr(context, reordered, "signature", JS_GetPropertyStr(context, val, "signature"));
-		bool result = _tf_ssb_verify_and_strip_signature_internal(context, reordered, out_id, out_id_size, out_signature, out_signature_size);
-		JS_FreeValue(context, reordered);
-		if (result)
+		if (out_flags)
 		{
-			if (out_flags)
-			{
-				*out_flags = k_tf_ssb_message_flag_sequence_before_author;
-			}
-			return true;
+			*out_flags = k_tf_ssb_message_flag_sequence_before_author;
 		}
+		return true;
 	}
+
 	return false;
 }

@ -2555,6 +2565,11 @@ void tf_ssb_destroy(tf_ssb_t* ssb)
 	}
 }

+bool tf_ssb_is_shutting_down(tf_ssb_t* ssb)
+{
+	return ssb->shutting_down;
+}
+
 void tf_ssb_run(tf_ssb_t* ssb)
 {
 	uv_run(ssb->loop, UV_RUN_DEFAULT);
@ -2712,22 +2727,30 @@ typedef struct _connect_t
 static void _tf_on_connect_getaddrinfo(uv_getaddrinfo_t* addrinfo, int result, struct addrinfo* info)
 {
 	connect_t* connect = addrinfo->data;
-	if (result == 0 && info)
+	if (!connect->ssb->shutting_down)
 	{
-		struct sockaddr_in addr = *(struct sockaddr_in*)info->ai_addr;
-		addr.sin_port = htons(connect->port);
-		tf_ssb_connection_create(connect->ssb, connect->host, &addr, connect->key);
+		if (result == 0 && info)
+		{
+			struct sockaddr_in addr = *(struct sockaddr_in*)info->ai_addr;
+			addr.sin_port = htons(connect->port);
+			tf_ssb_connection_create(connect->ssb, connect->host, &addr, connect->key);
+		}
+		else
+		{
+			tf_printf("getaddrinfo(%s) => %s\n", connect->host, uv_strerror(result));
+		}
 	}
-	else
-	{
-		tf_printf("getaddrinfo(%s) => %s\n", connect->host, uv_strerror(result));
-	}
-	tf_free(connect);
 	uv_freeaddrinfo(info);
+	tf_ssb_unref(connect->ssb);
+	tf_free(connect);
 }

 void tf_ssb_connect(tf_ssb_t* ssb, const char* host, int port, const uint8_t* key)
 {
+	if (ssb->shutting_down)
+	{
+		return;
+	}
 	connect_t* connect = tf_malloc(sizeof(connect_t));
 	*connect = (connect_t) {
 		.ssb = ssb,
@ -2739,11 +2762,13 @@ void tf_ssb_connect(tf_ssb_t* ssb, const char* host, int port, const uint8_t* ke
 	tf_ssb_connections_store(ssb->connections_tracker, host, port, id);
 	snprintf(connect->host, sizeof(connect->host), "%s", host);
 	memcpy(connect->key, key, k_id_bin_len);
+	tf_ssb_ref(ssb);
 	int r = uv_getaddrinfo(ssb->loop, &connect->req, _tf_on_connect_getaddrinfo, host, NULL, &(struct addrinfo) { .ai_family = AF_INET });
 	if (r < 0)
 	{
 		tf_printf("uv_getaddrinfo: %s\n", uv_strerror(r));
 		tf_free(connect);
+		tf_ssb_unref(ssb);
 	}
 }

@ -3608,7 +3633,6 @@ void tf_ssb_verify_strip_and_store_message(tf_ssb_t* ssb, JSValue value, tf_ssb_
 	}
 	else
 	{
-		printf("nope\n");
 		_tf_ssb_verify_strip_and_store_finish(async);
 	}
 }
--- a/src/ssb.connections.c
+++ b/src/ssb.connections.c
@ -86,6 +86,10 @@ typedef struct _tf_ssb_connections_get_next_t
 static void _tf_ssb_connections_get_next_work(tf_ssb_t* ssb, void* user_data)
 {
 	tf_ssb_connections_get_next_t* next = user_data;
+	if (tf_ssb_is_shutting_down(ssb))
+	{
+		return;
+	}
 	next->ready = _tf_ssb_connections_get_next_connection(next->connections, next->host, sizeof(next->host), &next->port, next->key, sizeof(next->key));
 }

@ -159,6 +163,10 @@ typedef struct _tf_ssb_connections_update_t
 static void _tf_ssb_connections_update_work(tf_ssb_t* ssb, void* user_data)
 {
 	tf_ssb_connections_update_t* update = user_data;
+	if (tf_ssb_is_shutting_down(ssb))
+	{
+		return;
+	}
 	sqlite3_stmt* statement;
 	sqlite3* db = tf_ssb_acquire_db_writer(ssb);
 	if (update->attempted)
--- a/src/ssb.db.c
+++ b/src/ssb.db.c
@ -163,6 +163,7 @@ void tf_ssb_db_init(tf_ssb_t* ssb)
 		"  private_key TEXT UNIQUE"
 		")");
 	_tf_ssb_db_exec(db, "CREATE INDEX IF NOT EXISTS identities_user ON identities (user, public_key)");
+	_tf_ssb_db_exec(db, "DELETE FROM identities WHERE user = ':auth'");

 	bool populate_fts = false;
 	if (!_tf_ssb_db_has_rows(db, "PRAGMA table_list('messages_fts')"))
@ -735,12 +736,12 @@ bool tf_ssb_db_blob_store(tf_ssb_t* ssb, const uint8_t* blob, size_t size, char*
 	return result;
 }

-bool tf_ssb_db_get_message_by_author_and_sequence(
-	tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, double* out_timestamp, char** out_content)
+bool tf_ssb_db_get_message_by_author_and_sequence(tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, char* out_previous,
+	size_t out_previous_size, double* out_timestamp, char** out_content, char* out_hash, size_t out_hash_size, char* out_signature, size_t out_signature_size, int* out_flags)
 {
 	bool found = false;
 	sqlite3_stmt* statement;
-	const char* query = "SELECT id, timestamp, json(content) FROM messages WHERE author = ?1 AND sequence = ?2";
+	const char* query = "SELECT id, previous, timestamp, json(content), hash, signature, flags FROM messages WHERE author = ?1 AND sequence = ?2";
 	sqlite3* db = tf_ssb_acquire_db_reader(ssb);
 	if (sqlite3_prepare(db, query, -1, &statement, NULL) == SQLITE_OK)
 	{
@ -748,15 +749,41 @@ bool tf_ssb_db_get_message_by_author_and_sequence(
 		{
 			if (out_message_id)
 			{
-				strncpy(out_message_id, (const char*)sqlite3_column_text(statement, 0), out_message_id_size - 1);
+				snprintf(out_message_id, out_message_id_size, "%s", (const char*)sqlite3_column_text(statement, 0));
+			}
+			if (out_previous)
+			{
+				if (sqlite3_column_type(statement, 1) == SQLITE_NULL)
+				{
+					if (out_previous_size)
+					{
+						*out_previous = '\0';
+					}
+				}
+				else
+				{
+					snprintf(out_previous, out_previous_size, "%s", (const char*)sqlite3_column_text(statement, 1));
+				}
 			}
 			if (out_timestamp)
 			{
-				*out_timestamp = sqlite3_column_double(statement, 1);
+				*out_timestamp = sqlite3_column_double(statement, 2);
 			}
 			if (out_content)
 			{
-				*out_content = tf_strdup((const char*)sqlite3_column_text(statement, 2));
+				*out_content = tf_strdup((const char*)sqlite3_column_text(statement, 3));
+			}
+			if (out_hash)
+			{
+				snprintf(out_hash, out_hash_size, "%s", (const char*)sqlite3_column_text(statement, 4));
+			}
+			if (out_signature)
+			{
+				snprintf(out_signature, out_signature_size, "%s", (const char*)sqlite3_column_text(statement, 5));
+			}
+			if (out_flags)
+			{
+				*out_flags = sqlite3_column_int(statement, 6);
 			}
 			found = true;
 		}
@ -1634,6 +1661,7 @@ bool tf_ssb_db_register_account(tf_ssb_t* ssb, const char* name, const char* pas
 	{
 		if (sqlite3_bind_text(statement, 1, value, value_length, NULL) == SQLITE_OK)
 		{
+			tf_printf("added user to properties\n");
 			result = sqlite3_step(statement) == SQLITE_DONE;
 		}
 		sqlite3_finalize(statement);
@ -1784,3 +1812,65 @@ void tf_ssb_db_resolve_index_async(tf_ssb_t* ssb, const char* host, void (*callb
 	};
 	tf_ssb_run_work(ssb, _tf_ssb_db_resolve_index_work, _tf_ssb_db_resolve_index_after_work, request);
 }
+
+bool tf_ssb_db_verify(tf_ssb_t* ssb, const char* id)
+{
+	JSContext* context = tf_ssb_get_context(ssb);
+	bool verified = true;
+	int64_t sequence = -1;
+	if (tf_ssb_db_get_latest_message_by_author(ssb, id, &sequence, NULL, 0))
+	{
+		for (int64_t i = 1; i <= sequence; i++)
+		{
+			char message_id[k_id_base64_len];
+			char previous[256];
+			double timestamp;
+			char* content = NULL;
+			char hash[32];
+			char signature[256];
+			int flags = 0;
+			if (tf_ssb_db_get_message_by_author_and_sequence(
+					ssb, id, i, message_id, sizeof(message_id), previous, sizeof(previous), &timestamp, &content, hash, sizeof(hash), signature, sizeof(signature), &flags))
+			{
+				JSValue message = tf_ssb_format_message(context, previous, id, i, timestamp, hash, content, signature, flags);
+				char calculated_id[k_id_base64_len];
+				char extracted_signature[256];
+				int calculated_flags = 0;
+				if (!tf_ssb_verify_and_strip_signature(context, message, calculated_id, sizeof(calculated_id), extracted_signature, sizeof(extracted_signature), &calculated_flags))
+				{
+					tf_printf("author=%s sequence=%" PRId64 " verify failed.\n", id, i);
+					verified = false;
+				}
+				if (calculated_flags != flags)
+				{
+					tf_printf("author=%s sequence=%" PRId64 " flag mismatch %d => %d.\n", id, i, flags, calculated_flags);
+					verified = false;
+				}
+				if (strcmp(message_id, calculated_id))
+				{
+					tf_printf("author=%s sequence=%" PRId64 " id mismatch %s => %s.\n", id, i, message_id, calculated_id);
+					verified = false;
+				}
+				JS_FreeValue(context, message);
+				tf_free(content);
+
+				if (!verified)
+				{
+					break;
+				}
+			}
+			else
+			{
+				tf_printf("Unable to find message with sequence=%" PRId64 " for author=%s.", i, id);
+				verified = false;
+				break;
+			}
+		}
+	}
+	else
+	{
+		tf_printf("Unable to get latest message for author '%s'.\n", id);
+		verified = false;
+	}
+	return verified;
+}
--- a/src/ssb.db.h
+++ b/src/ssb.db.h
@ -122,12 +122,19 @@ JSValue tf_ssb_db_get_message_by_id(tf_ssb_t* ssb, const char* id, bool is_keys)
 ** @param sequence The message sequence number.
 ** @param[out] out_message_id Populated with the message identifier.
 ** @param out_message_id_size The size of the out_message_id buffer.
+** @param[out] out_previous Populated with the previous message identifier.
+** @param out_previous_size The size of the out_previous buffer.
 ** @param[out] out_timestamp Populated with the timestamp.
 ** @param[out] out_content Populated with the message content.  Free with tf_free().
+** @param[out] out_hash Populated with the message hash format.
+** @param out_hash_size The size of the out_hash buffer.
+** @param[out] out_signature Populated with the message signature.
+** @param out_signature_size The size of the out_signature buffer.
+** @param[out] out_flags Populated with flags describing the format of the message.
 ** @return True if the message was found and retrieved.
 */
-bool tf_ssb_db_get_message_by_author_and_sequence(
-	tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, double* out_timestamp, char** out_content);
+bool tf_ssb_db_get_message_by_author_and_sequence(tf_ssb_t* ssb, const char* author, int64_t sequence, char* out_message_id, size_t out_message_id_size, char* out_previous,
+	size_t out_previous_size, double* out_timestamp, char** out_content, char* out_hash, size_t out_hash_size, char* out_signature, size_t out_signature_size, int* out_flags);

 /**
 ** Get information about the last message from an author.
@ -379,6 +386,14 @@ bool tf_ssb_db_set_property(tf_ssb_t* ssb, const char* id, const char* key, cons
 */
 void tf_ssb_db_resolve_index_async(tf_ssb_t* ssb, const char* host, void (*callback)(const char* path, void* user_data), void* user_data);

+/**
+** Verify an author's feed.
+** @param ssb The SSB instance.
+** @param id The author'd identity.
+** @return true If the feed verified successfully.
+*/
+bool tf_ssb_db_verify(tf_ssb_t* ssb, const char* id);
+
 /**
 ** An SQLite authorizer callback.  See https://www.sqlite.org/c3ref/set_authorizer.html for use.
 ** @param user_data User data registered with the authorizer.
--- a/src/ssb.h
+++ b/src/ssb.h
@ -144,6 +144,13 @@ tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, const char* db_path
 */
 void tf_ssb_destroy(tf_ssb_t* ssb);

+/**
+** Checking if the SSB instance is in the process of shutting down.
+** @param ssb The SSB instance.
+** @return true If the SSB instance is shutting down.
+*/
+bool tf_ssb_is_shutting_down(tf_ssb_t* ssb);
+
 /**
 ** Start optional periodic work.
 ** @param ssb The SSB instance.
--- a/src/ssb.js.c
+++ b/src/ssb.js.c
@ -399,10 +399,11 @@ static void _tf_ssb_getIdentityInfo_visit(const char* identity, void* data)
 	identity_info_work_t* request = data;
 	request->identities = tf_resize_vec(request->identities, (request->count + 1) * sizeof(char*));
 	request->names = tf_resize_vec(request->names, (request->count + 1) * sizeof(char*));
-	request->identities[request->count] = tf_strdup(identity);
+	char buffer[k_id_base64_len];
+	snprintf(buffer, sizeof(buffer), "@%s", identity);
+	request->identities[request->count] = tf_strdup(buffer);
 	request->names[request->count] = NULL;
 	request->count++;
-	;
 }

 static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data)
@ -419,8 +420,8 @@ static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data)
 		"		RANK() OVER (PARTITION BY messages.author ORDER BY messages.sequence DESC) AS author_rank, "
 		"		messages.content ->> 'name' AS name "
 		"	FROM messages "
-		"	JOIN identities ON  messages.author = ids.value "
-		"	WHERE WHERE identities.user = ? AND json_extract(messages.content, '$.type') = 'about' AND content ->> 'about' = messages.author AND name IS NOT NULL) "
+		"	JOIN identities ON messages.author = ('@' || identities.public_key) "
+		"	WHERE identities.user = ? AND json_extract(messages.content, '$.type') = 'about' AND content ->> 'about' = messages.author AND name IS NOT NULL) "
 		"WHERE author_rank = 1 ",
 		-1, &statement, NULL);
 	if (request->result == SQLITE_OK)
@ -428,22 +429,26 @@ static void _tf_ssb_getIdentityInfo_work(tf_ssb_t* ssb, void* user_data)
 		if (sqlite3_bind_text(statement, 1, request->name, -1, NULL) == SQLITE_OK)
 		{
 			int r = SQLITE_OK;
-			while ((r = sqlite3_step(statement)) == SQLITE_OK)
+			while ((r = sqlite3_step(statement)) == SQLITE_ROW)
 			{
+				const char* identity = (const char*)sqlite3_column_text(statement, 0);
+				const char* name = (const char*)sqlite3_column_text(statement, 1);
 				for (int i = 0; i < request->count; i++)
 				{
-					const char* identity = (const char*)sqlite3_column_text(statement, 0);
-					const char* name = (const char*)sqlite3_column_text(statement, 1);
-					if (strcmp(request->identities[i], identity) == 0 && !request->names[i])
+					if (!request->names[i] && strcmp(request->identities[i], identity) == 0)
 					{
 						request->names[i] = tf_strdup(name);
+						break;
 					}
-					break;
 				}
 			}
 		}
 		sqlite3_finalize(statement);
 	}
+	else
+	{
+		tf_printf("prepare failed: %s.\n", sqlite3_errmsg(db));
+	}

 	tf_ssb_db_identity_get_active(db, request->name, request->package_owner, request->package_name, request->active_identity, sizeof(request->active_identity));
 	if (!*request->active_identity && request->count)
@ -576,29 +581,6 @@ static JSValue _tf_ssb_appendMessageWithIdentity(JSContext* context, JSValueCons
 	return result;
 }

-static JSValue _tf_ssb_getMessage(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
-{
-	JSValue result = JS_NULL;
-	tf_ssb_t* ssb = JS_GetOpaque(this_val, _tf_ssb_classId);
-	if (ssb)
-	{
-		const char* id = JS_ToCString(context, argv[0]);
-		int64_t sequence = 0;
-		JS_ToInt64(context, &sequence, argv[1]);
-		double timestamp = -1.0;
-		char* contents = NULL;
-		if (tf_ssb_db_get_message_by_author_and_sequence(ssb, id, sequence, NULL, 0, &timestamp, &contents))
-		{
-			result = JS_NewObject(context);
-			JS_SetPropertyStr(context, result, "timestamp", JS_NewFloat64(context, timestamp));
-			JS_SetPropertyStr(context, result, "content", JS_NewString(context, contents));
-			tf_free(contents);
-		}
-		JS_FreeCString(context, id);
-	}
-	return result;
-}
-
 static JSValue _tf_ssb_blobGet(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
 {
 	JSValue result = JS_NULL;
@ -1891,7 +1873,6 @@ void tf_ssb_register(JSContext* context, tf_ssb_t* ssb)
 	JS_SetPropertyStr(context, object, "getAllIdentities", JS_NewCFunction(context, _tf_ssb_getAllIdentities, "getAllIdentities", 0));
 	JS_SetPropertyStr(context, object, "getActiveIdentity", JS_NewCFunction(context, _tf_ssb_getActiveIdentity, "getActiveIdentity", 3));
 	JS_SetPropertyStr(context, object, "getIdentityInfo", JS_NewCFunction(context, _tf_ssb_getIdentityInfo, "getIdentityInfo", 3));
-	JS_SetPropertyStr(context, object, "getMessage", JS_NewCFunction(context, _tf_ssb_getMessage, "getMessage", 2));
 	JS_SetPropertyStr(context, object, "blobGet", JS_NewCFunction(context, _tf_ssb_blobGet, "blobGet", 1));
 	JS_SetPropertyStr(context, object, "messageContentGet", JS_NewCFunction(context, _tf_ssb_messageContentGet, "messageContentGet", 1));
 	JS_SetPropertyStr(context, object, "connections", JS_NewCFunction(context, _tf_ssb_connections, "connections", 0));
--- a/tools/autotest.py
+++ b/tools/autotest.py
@ -83,6 +83,13 @@ try:
 	driver.switch_to.frame(wait.until(expected_conditions.presence_of_element_located((By.ID, 'document'))))
 	id1 = wait.until(expected_conditions.presence_of_element_located((By.TAG_NAME, 'li'))).text.split(' ')[-1]

+	driver.get('http://localhost:8888/~core/admin/')
+	wait.until(expected_conditions.presence_of_element_located((By.ID, 'document')))
+	driver.switch_to.frame(driver.find_element(By.ID, 'document'))
+	wait.until(expected_conditions.presence_of_element_located((By.ID, 'gs_room_name'))).send_keys('test room')
+	wait.until(expected_conditions.presence_of_element_located((By.XPATH, '//*[@id="gs_room_name"]/following-sibling::button'))).click()
+	driver.switch_to.alert.accept()
+
 	driver.get('http://localhost:8888')
 	wait.until(expected_conditions.presence_of_element_located((By.ID, 'document')))
 	driver.switch_to.frame(driver.find_element(By.ID, 'document'))
@ -106,9 +113,15 @@ try:
 		except:
 			pass

-	tf_tab_news = wait.until(exists_in_shadow_root(tf_app, By.ID, 'tf-tab-news')).shadow_root
-	tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'edit').send_keys('Hello, world!')
-	tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'submit').click()
+	# WebDriverException (shadow root is detached)
+	while True:
+		try:
+			tf_tab_news = wait.until(exists_in_shadow_root(tf_app, By.ID, 'tf-tab-news')).shadow_root
+			tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'edit').send_keys('Hello, world!')
+			tf_tab_news.find_element(By.ID, 'tf-compose').shadow_root.find_element(By.ID, 'submit').click()
+			break
+		except:
+			pass

 	driver.switch_to.default_content()
 	driver.find_element(By.ID, 'allow').click()