📎 Update version.txt file

📎 Fix tests
Merge pull request #2983 from penpot/niwinz-invitations-fixes
2026-01-18 03:10:49 -05:00 · 2023-02-27 10:37:39 +01:00 · 2023-02-25 10:35:00 +01:00 · 2023-02-24 15:50:40 +01:00 · 2023-02-24 15:44:29 +01:00 · 2023-02-24 15:41:15 +01:00
286 changed files with 18596 additions and 9455 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,17 +1,36 @@
 # CHANGELOG
-
-## :rocket: Next
-
-### :boom: Breaking changes & Deprecations
-
-### :sparkles: New features
+## 1.17.2

 ### :bug: Bugs fixed

-### :arrow_up: Deps updates
+- Fix invite members button text [Taiga #4794](https://tree.taiga.io/project/penpot/issue/4794)
+- Fix problem with opacity in frames [Taiga #4795](https://tree.taiga.io/project/penpot/issue/4795)
+- Fix correct behaviour for space-around and added space-evenly option
+- Fix duplicate with alt and undo only undo one step [Taiga #4746](https://tree.taiga.io/project/penpot/issue/4746)
+- Fix problem creating frames inside layout [Taiga #4844](https://tree.taiga.io/project/penpot/issue/4844)
+
+## 1.17.2
+
+### :bug: Bugs fixed
+- Fix paste board inside itself [Taiga #4775](https://tree.taiga.io/project/penpot/issue/4775)
+- Fix middle button panning can drag guides [Taiga #4266](https://tree.taiga.io/project/penpot/issue/4266)

 ### :heart: Community contributions by (Thank you!)

+- To @ondrejkonec: for some code contributions on this release.
+
+## 1.17.1
+
+### :bug: Bugs fixed
+- Fix components groups items show the component name in list mode [Taiga #4770](https://tree.taiga.io/project/penpot/issue/4770)
+- Fix typing CMD+Z on MacOS turns the cursor into a Zoom cursor [Taiga #4778](https://tree.taiga.io/project/penpot/issue/4778)
+- Fix white space on small screens [Taiga #4774](https://tree.taiga.io/project/penpot/issue/4774)
+- Fix button spacing on delete acount modal [Taiga #4762](https://tree.taiga.io/project/penpot/issue/4762)
+- Fix invitations input on team management and onboarding modal [Taiga #4760](https://tree.taiga.io/project/penpot/issue/4760)
+- Fix weird numeration creating new elements in dashboard [Taiga #4755](https://tree.taiga.io/project/penpot/issue/4755)
+- Fix can move shape with lens zoom active [Taiga #4787](https://tree.taiga.io/project/penpot/issue/4787)
+- Fix social links broken [Taiga #4759](https://tree.taiga.io/project/penpot/issue/4759)
+- Fix tooltips on left toolbar [Taiga #4793](https://tree.taiga.io/project/penpot/issue/4793)

 ## 1.17.0

@@ -23,6 +42,16 @@
 - Handoff visual improvements [Taiga #3124](https://tree.taiga.io/project/penpot/us/3124)
 - Dynamic alignment only in sight [Github 1971](https://github.com/penpot/penpot/issues/1971)
 - Add some accessibility to shortcut panel [Taiga #4713](https://tree.taiga.io/project/penpot/issue/4713)
+- Add shortcuts for text editing [Taiga #2052](https://tree.taiga.io/project/penpot/us/2052)
+- Second level boards treated as groups in terms of selection [Taiga #4269](https://tree.taiga.io/project/penpot/us/4269)
+- Performance improvements both for backend and frontend
+- Accessibility improvements for login area [Taiga #4353](https://tree.taiga.io/project/penpot/us/4353)
+- Outbound webhooks [Taiga #4577](https://tree.taiga.io/project/penpot/us/4577)
+- Add copy invitation link to the invitation options [Taiga #4213](https://tree.taiga.io/project/penpot/us/4213)
+- Dynamic alignment only in sight [Taiga #3537](https://tree.taiga.io/project/penpot/us/3537)
+- Improve naming of layers [Taiga #4036](https://tree.taiga.io/project/penpot/us/4036)
+- Add zoom lense [Taiga #4691](https://tree.taiga.io/project/penpot/us/4691)
+- Detect potential problems with custom font vertical metrics [Taiga #4697](https://tree.taiga.io/project/penpot/us/4697)

 ### :bug: Bugs fixed

@@ -63,6 +92,18 @@
 - Fix hidden layers inside groups become visible after the group visibility is changed[Taiga #4710](https://tree.taiga.io/project/penpot/issue/4710)
 - Fix format of HSLA color on viewer [Taiga #4393](https://tree.taiga.io/project/penpot/issue/4393)
 - Fix some typos [Taiga #4724](https://tree.taiga.io/project/penpot/issue/4724)
+- Fix ctrl+c for inspect code [Taiga #4739](https://tree.taiga.io/project/penpot/issue/4739)
+- Fix text in custom font is not at the expected position at export [Taiga #4394](https://tree.taiga.io/project/penpot/issue/4394)
+- Fix unneeded popup when updating local components [Taiga #4430](https://tree.taiga.io/project/penpot/issue/4430)
+- Fix multiuser - "Shadow" element is not updating immediately [Taiga #4709](https://tree.taiga.io/project/penpot/issue/4709)
+- Fix paths not flagged as modified when resized [Taiga #4742](https://tree.taiga.io/project/penpot/issue/4742)
+- Fix resend invitation doesn't reset the expiration date [Taiga #4741](https://tree.taiga.io/project/penpot/issue/4741)
+- Fix incorrect state after undo page creation [Taiga #4690](https://tree.taiga.io/project/penpot/issue/4690)
+- Fix copy paste texts with typography assets linked [Taiga #4750](https://tree.taiga.io/project/penpot/issue/4750)
+
+### :heart: Community contributions by (Thank you!)
+
+- To @iprithvitharun: let's make UX Writing contributions in Open Source a trend!

 ## 1.16.2-beta

--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ Being web based, Penpot is not dependent on operating systems or local installat
 Using SVG as no other design and prototyping tool does, Penpot files sport compatibility with most of the vectorial tools, are tech friendly and extremely easy to use on the web. We make sure you will always own your work.

 <p align="center">
-  <img src="https://penpot.app/images/open-source.png" alt="Open Source">
+  <img src="https://penpot.app/images/readme/open-source.png" alt="Open Source">
 </p>


@@ -93,7 +93,7 @@ You will find the following categories:
 - [Penpot in your language](https://community.penpot.app/c/penpot-in-your-language/12)

 <p align="center">
-  <img src="https://penpot.app/images/cross-teams.webp" alt="Community">
+  <img src="https://penpot.app/images/readme/cross-teams.webp" alt="Community">
 </p>

 ## Contributing ##
--- a/backend/deps.edn
+++ b/backend/deps.edn
@@ -22,8 +22,8 @@
  java-http-clj/java-http-clj {:mvn/version "0.4.3"}

  funcool/yetti
-  {:git/tag "v9.11"
-   :git/sha "6f9197a"
+  {:git/tag "v9.12"
+   :git/sha "51646d8"
   :git/url "https://github.com/funcool/yetti.git"
   :exclusions [org.slf4j/slf4j-api]}

--- a/backend/resources/app/emails-mjml/change-email/en.mjml
+++ b/backend/resources/app/emails-mjml/change-email/en.mjml
@@ -48,8 +48,8 @@
          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://www.instagram.com/penpot.app/" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/penpot" padding="0 8px" />
        </mj-social>
      </mj-column>
    </mj-section>
--- a/backend/resources/app/emails-mjml/invite-to-team/en.mjml
+++ b/backend/resources/app/emails-mjml/invite-to-team/en.mjml
@@ -41,8 +41,8 @@
          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://www.instagram.com/penpot.app/" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/penpot" padding="0 8px" />
        </mj-social>
      </mj-column>
    </mj-section>
--- a/backend/resources/app/emails-mjml/password-recovery/en.mjml
+++ b/backend/resources/app/emails-mjml/password-recovery/en.mjml
@@ -50,8 +50,8 @@
          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://www.instagram.com/penpot.app/" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/penpot" padding="0 8px" />
        </mj-social>
      </mj-column>
    </mj-section>
--- a/backend/resources/app/emails-mjml/register/en.mjml
+++ b/backend/resources/app/emails-mjml/register/en.mjml
@@ -47,8 +47,8 @@
          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://www.instagram.com/penpot.app/" padding="0 8px" />
+          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/penpot" padding="0 8px" />
        </mj-social>
      </mj-column>
    </mj-section>
--- a/backend/resources/app/emails/change-email/en.html
+++ b/backend/resources/app/emails/change-email/en.html
@@ -103,9 +103,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -129,9 +129,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -143,7 +143,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -157,9 +157,9 @@
            <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -211,9 +211,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -225,7 +225,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -239,9 +239,9 @@
            <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:425px;"
            >
@@ -257,9 +257,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -271,7 +271,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -285,9 +285,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -301,7 +301,7 @@
         align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
      >
        <tr>
-      
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -321,7 +321,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -341,7 +341,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -361,7 +361,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -370,7 +370,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -381,7 +381,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -390,7 +390,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -401,7 +401,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
          </tr>
        </table>
      <![endif]-->
@@ -411,9 +411,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -425,7 +425,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -439,9 +439,9 @@
            <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -457,9 +457,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
--- a/backend/resources/app/emails/invite-to-team/en.html
+++ b/backend/resources/app/emails/invite-to-team/en.html
@@ -103,9 +103,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -129,9 +129,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -143,7 +143,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -157,9 +157,9 @@
            <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -201,9 +201,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -215,7 +215,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -229,9 +229,9 @@
            <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:425px;"
            >
@@ -247,9 +247,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -261,7 +261,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -275,9 +275,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -291,7 +291,7 @@
         align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
      >
        <tr>
-      
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -311,7 +311,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -331,7 +331,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -351,7 +351,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -360,7 +360,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -371,7 +371,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -380,7 +380,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -391,7 +391,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
          </tr>
        </table>
      <![endif]-->
@@ -401,9 +401,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -415,7 +415,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -429,9 +429,9 @@
            <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -447,9 +447,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
--- a/backend/resources/app/emails/password-recovery/en.html
+++ b/backend/resources/app/emails/password-recovery/en.html
@@ -103,9 +103,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -129,9 +129,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -143,7 +143,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -157,9 +157,9 @@
            <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -206,9 +206,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -220,7 +220,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -234,9 +234,9 @@
            <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:425px;"
            >
@@ -252,9 +252,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -266,7 +266,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -280,9 +280,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -296,7 +296,7 @@
         align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
      >
        <tr>
-      
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -316,7 +316,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -336,7 +336,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -356,7 +356,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -365,7 +365,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -376,7 +376,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -385,7 +385,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -396,7 +396,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
          </tr>
        </table>
      <![endif]-->
@@ -406,9 +406,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -420,7 +420,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -434,9 +434,9 @@
            <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -452,9 +452,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
--- a/backend/resources/app/emails/register/en.html
+++ b/backend/resources/app/emails/register/en.html
@@ -103,9 +103,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -129,9 +129,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -143,7 +143,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -157,9 +157,9 @@
            <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -201,9 +201,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -215,7 +215,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -229,9 +229,9 @@
            <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:425px;"
            >
@@ -247,9 +247,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -261,7 +261,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -275,9 +275,9 @@
            <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -291,7 +291,7 @@
         align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
      >
        <tr>
-      
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -311,7 +311,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -331,7 +331,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -351,7 +351,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -360,7 +360,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -371,7 +371,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
              <td>
            <![endif]-->
                      <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -380,7 +380,7 @@
                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                              <tr>
                                <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                    <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                  </a>
                                </td>
@@ -391,7 +391,7 @@
                      </table>
                      <!--[if mso | IE]>
              </td>
-            
+
          </tr>
        </table>
      <![endif]-->
@@ -401,9 +401,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
@@ -415,7 +415,7 @@
          </td>
        </tr>
      </table>
-      
+
      <table
         align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
      >
@@ -429,9 +429,9 @@
            <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
              <!--[if mso | IE]>
                  <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
        <tr>
-      
+
            <td
               class="" style="vertical-align:top;width:600px;"
            >
@@ -447,9 +447,9 @@
              </div>
              <!--[if mso | IE]>
            </td>
-          
+
        </tr>
-      
+
                  </table>
                <![endif]-->
            </td>
--- a/backend/resources/rlimit.edn
+++ b/backend/resources/rlimit.edn
@@ -3,8 +3,8 @@
 {:default
 [[:default :window "200000/h"]]

- #{:command/get-teams}
+ #{:query/teams}
 [[:burst :bucket "5/1/5s"]]

- #{:command/get-profile}
- [[:burst :bucket "60/60/1m"]]}
+ #{:query/profile}
+ [[:burst :bucket "100/60/1m"]]}
--- a/backend/scripts/build
+++ b/backend/scripts/build
@@ -12,6 +12,7 @@ cp ../CHANGES.md target/classes/changelog.md;

 clojure -T:build jar;
 mv target/penpot.jar target/dist/penpot.jar
+cp resources/log4j2.xml target/dist/log4j2.xml
 cp scripts/run.template.sh target/dist/run.sh;
 cp scripts/manage.py target/dist/manage.py
 chmod +x target/dist/run.sh;
--- a/backend/scripts/manage.py
+++ b/backend/scripts/manage.py
@@ -19,10 +19,10 @@ PREPL_URI = "tcp://localhost:6063"
 def get_prepl_conninfo():
    uri_data = urlparse(PREPL_URI)
    if uri_data.scheme != "tcp":
-        raise RuntimeException(f"invalid PREPL_URI: {PREPL_URI}")
+        raise RuntimeError(f"invalid PREPL_URI: {PREPL_URI}")

    if not isinstance(uri_data.netloc, str):
-        raise RuntimeException(f"invalid PREPL_URI: {PREPL_URI}")
+        raise RuntimeError(f"invalid PREPL_URI: {PREPL_URI}")

    host, port = uri_data.netloc.split(":", 2)

@@ -46,7 +46,7 @@ def send_eval(expr):
            result = json.load(f)
            tag = result.get("tag", None)
            if tag != "ret":
-                raise RuntimeException("unexpected response from PREPL")
+                raise RuntimeError("unexpected response from PREPL")
            return result.get("val", None), result.get("exception", None)

 def encode(val):
--- a/backend/scripts/repl
+++ b/backend/scripts/repl
@@ -45,12 +45,11 @@ export PENPOT_STORAGE_ASSETS_S3_BUCKET=penpot
 export OPTIONS="
       -A:jmx-remote -A:dev \
       -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
-       -J-Djdk.attach.allowAttachSelf \
       -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
-       -J-Xms50m \
-       -J-Xmx1024m \
-       -J-XX:+UseZGC \
+       -J-XX:+UseG1GC \
       -J-XX:-OmitStackTraceInFastThrow \
+       -J-Xms50m -J-Xmx1024m \
+       -J-Djdk.attach.allowAttachSelf \
       -J-XX:+UnlockDiagnosticVMOptions \
       -J-XX:+DebugNonSafepoints";

--- a/backend/scripts/run.template.sh
+++ b/backend/scripts/run.template.sh
@@ -18,5 +18,7 @@ if [ -f ./environ ]; then
    source ./environ
 fi

+export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow $JVM_OPTS"
+
 set -x
 exec $JAVA_CMD $JVM_OPTS "$@" -jar penpot.jar -m app.main
--- a/backend/src/app/auth/oidc.clj
+++ b/backend/src/app/auth/oidc.clj
@@ -21,7 +21,7 @@
   [app.http.session :as session]
   [app.loggers.audit :as audit]
   [app.main :as-alias main]
-   [app.rpc.commands.profile :as profile]
+   [app.rpc.queries.profile :as profile]
   [app.tokens :as tokens]
   [app.util.json :as json]
   [app.util.time :as dt]
@@ -50,7 +50,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn- discover-oidc-config
-  [cfg {:keys [::base-uri] :as opts}]
+  [cfg {:keys [base-uri] :as opts}]
  (let [discovery-uri (u/join base-uri ".well-known/openid-configuration")
        response      (ex/try! (http/req! cfg
                                          {:method :get :uri (str discovery-uri)}
@@ -64,10 +64,17 @@
        nil)

      (= 200 (:status response))
-      (let [data (json/decode (:body response))]
-        {:token-uri (get data :token_endpoint)
-         :auth-uri  (get data :authorization_endpoint)
-         :user-uri  (get data :userinfo_endpoint)})
+      (let [data      (json/decode (:body response))
+            token-uri (get data :token_endpoint)
+            auth-uri  (get data :authorization_endpoint)
+            user-uri  (get data :userinfo_endpoint)]
+        (l/debug :hint "oidc uris discovered"
+                 :token-uri token-uri
+                 :auth-uri auth-uri
+                 :user-uri user-uri)
+        {:token-uri token-uri
+         :auth-uri  auth-uri
+         :user-uri  user-uri})

      :else
      (do
@@ -110,7 +117,7 @@
    (if-let [opts (prepare-oidc-opts cfg)]
      (do
        (l/info :hint "provider initialized"
-                :provider :oidc
+                :provider "oidc"
                :method (if (:discover? opts) "discover" "manual")
                :client-id (:client-id opts)
                :client-secret (obfuscate-string (:client-secret opts))
@@ -122,7 +129,7 @@
                :roles      (:roles opts))
        opts)
      (do
-        (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :oidc)
+        (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "oidc")
        nil))))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -144,13 +151,13 @@
               (string? (:client-secret opts)))
        (do
          (l/info :hint "provider initialized"
-                  :provider :google
+                  :provider "google"
                  :client-id (:client-id opts)
                  :client-secret (obfuscate-string (:client-secret opts)))
          opts)

        (do
-          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :google)
+          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "google")
          nil)))))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -196,13 +203,13 @@
               (string? (:client-secret opts)))
        (do
          (l/info :hint "provider initialized"
-                  :provider :github
+                  :provider "github"
                  :client-id (:client-id opts)
                  :client-secret (obfuscate-string (:client-secret opts)))
          opts)

        (do
-          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :github)
+          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "github")
          nil)))))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -225,14 +232,14 @@
               (string? (:client-secret opts)))
        (do
          (l/info :hint "provider initialized"
-                  :provider :gitlab
+                  :provider "gitlab"
                  :base-uri base
                  :client-id (:client-id opts)
                  :client-secret (obfuscate-string (:client-secret opts)))
          opts)

        (do
-          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :gitlab)
+          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "gitlab")
          nil)))))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -275,8 +282,19 @@
                          "accept" "application/json"}
                :uri (:token-uri provider)
                :body (u/map->query-string params)}]
+
+    (l/trace :hint "request access token"
+             :provider (:name provider)
+             :client-id (:client-id provider)
+             :client-secret (obfuscate-string (:client-secret provider))
+             :grant-type (:grant_type params)
+             :redirect-uri (:redirect_uri params))
+
    (->> (http/req! cfg req)
         (p/map (fn [{:keys [status body] :as res}]
+                  (l/trace :hint "access token response"
+                           :status status
+                           :body body)
                  (if (= status 200)
                    (let [data (json/decode body)]
                      {:token (get data :access_token)
@@ -289,12 +307,19 @@
 (defn- retrieve-user-info
  [{:keys [provider] :as cfg} tdata]
  (letfn [(retrieve []
+            (l/trace :hint "request user info"
+                     :uri (:user-uri provider)
+                     :token (obfuscate-string (:token tdata))
+                     :token-type (:type tdata))
            (http/req! cfg
                       {:uri (:user-uri provider)
                        :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
                        :timeout 6000
                        :method :get}))
          (validate-response [response]
+            (l/trace :hint "user info response"
+                     :status (:status response)
+                     :body   (:body response))
            (when-not (s/int-in-range? 200 300 (:status response))
              (ex/raise :type :internal
                        :code :unable-to-retrieve-user-info
@@ -309,7 +334,7 @@
            (if-let [get-email-fn (:get-email-fn provider)]
              (get-email-fn tdata info)
              (let [attr-kw (cf/get :oidc-email-attr :email)]
-                (get info attr-kw))))
+                (p/resolved (get info attr-kw)))))

          (get-name [info]
            (let [attr-kw (cf/get :oidc-name-attr :name)]
@@ -325,6 +350,7 @@
                              (qualify-props provider))}))

          (validate-info [info]
+            (l/trace :hint "authentication info" :info info)
            (when-not (s/valid? ::info info)
              (l/warn :hint "received incomplete profile info object (please set correct scopes)"
                      :info (pr-str info))
@@ -334,10 +360,10 @@
                        :info info))
            info)]

-    (-> (retrieve)
-        (p/then validate-response)
-        (p/then process-response)
-        (p/then validate-info))))
+    (->> (retrieve)
+         (p/fmap validate-response)
+         (p/mcat process-response)
+         (p/fmap validate-info))))

 (s/def ::backend ::us/not-empty-string)
 (s/def ::email ::us/not-empty-string)
@@ -349,7 +375,7 @@
                   ::fullname
                   ::props]))

-(defn get-info
+(defn retrieve-info
  [{:keys [provider] :as cfg} {:keys [params] :as request}]
  (letfn [(validate-oidc [info]
            ;; If the provider is OIDC, we can proceed to check
@@ -396,12 +422,14 @@
          (p/then' validate-oidc)
          (p/then' (partial post-process state))))))

-(defn- get-profile
+(defn- retrieve-profile
  [{:keys [::db/pool ::wrk/executor] :as cfg} info]
  (px/with-dispatch executor
    (with-open [conn (db/open pool)]
      (some->> (:email info)
-               (profile/get-profile-by-email conn)))))
+               (profile/retrieve-profile-data-by-email conn)
+               (profile/populate-additional-data conn)
+               (profile/decode-profile-row)))))

 (defn- redirect-response
  [uri]
@@ -415,9 +443,9 @@
    (redirect-response uri)))

 (defn- generate-redirect
-  [cfg request info profile]
+  [{:keys [::session/session] :as cfg} request info profile]
  (if profile
-    (let [sxf    (session/create-fn cfg (:id profile))
+    (let [sxf    (session/create-fn session (:id profile))
          token  (or (:invitation-token info)
                     (tokens/generate (::main/props cfg)
                                      {:iss :auth
@@ -432,12 +460,11 @@
        (ex/raise :type :restriction
                  :code :profile-blocked))

-      (when-let [collector (::audit/collector cfg)]
-        (audit/submit! collector {:type "command"
-                                  :name "login-with-password"
-                                  :profile-id (:id profile)
-                                  :ip-addr (audit/parse-client-ip request)
-                                  :props (audit/profile->props profile)}))
+      (audit/submit! cfg {:type "command"
+                          :name "login-with-password"
+                          :profile-id (:id profile)
+                          :ip-addr (audit/parse-client-ip request)
+                          :props (audit/profile->props profile)})

      (->> (redirect-response uri)
           (sxf request)))
@@ -469,8 +496,8 @@
 (defn- callback-handler
  [cfg request]
  (letfn [(process-request []
-            (p/let [info    (get-info cfg request)
-                    profile (get-profile cfg info)]
+            (p/let [info    (retrieve-info cfg request)
+                    profile (retrieve-profile cfg info)]
              (generate-redirect cfg request info profile)))

          (handle-error [cause]
@@ -522,24 +549,23 @@

 (s/def ::providers (s/map-of ::us/keyword (s/nilable ::provider)))

-(s/def ::routes vector?)
-
 (defmethod ig/pre-init-spec ::routes
  [_]
-  (s/keys :req [::session/manager
-                ::http/client
+  (s/keys :req [::http/client
                ::wrk/executor
                ::main/props
                ::db/pool
-                ::providers]))
+                ::providers
+                ::session/session]))

 (defmethod ig/init-key ::routes
-  [_ {:keys [::wrk/executor] :as cfg}]
+  [_ {:keys [::wrk/executor ::session/session] :as cfg}]
  (let [cfg (update cfg :provider d/without-nils)]
-    ["" {:middleware [[session/authz cfg]
+    ["" {:middleware [[(:middleware session)]
                      [hmw/with-dispatch executor]
                      [hmw/with-config cfg]
-                      [provider-lookup]]}
+                      [provider-lookup]
+                      ]}
     ["/auth/oauth"
      ["/:provider"
       {:handler auth-handler
@@ -547,3 +573,4 @@
      ["/:provider/callback"
       {:handler callback-handler
        :allowed-methods #{:get}}]]]))
+
--- a/backend/src/app/cli/manage.clj
+++ b/backend/src/app/cli/manage.clj
@@ -10,8 +10,9 @@
   [app.common.logging :as l]
   [app.db :as db]
   [app.main :as main]
-   [app.rpc.commands.auth :as auth]
-   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.auth :as cmd.auth]
+   [app.rpc.mutations.profile :as profile]
+   [app.rpc.queries.profile :refer [retrieve-profile-data-by-email]]
   [clojure.string :as str]
   [clojure.tools.cli :refer [parse-opts]]
   [integrant.core :as ig])
@@ -54,17 +55,16 @@
                                         :type :password}))]
    (try
      (db/with-atomic [conn (:app.db/pool system)]
-        (->> (auth/create-profile! conn
-                                  {:fullname fullname
-                                   :email email
-                                   :password password
-                                   :is-active true
-                                   :is-demo false})
-             (auth/create-profile-rels! conn)))
+        (->> (cmd.auth/create-profile conn
+                                     {:fullname fullname
+                                      :email email
+                                      :password password
+                                      :is-active true
+                                      :is-demo false})
+             (cmd.auth/create-profile-relations conn)))

      (when (pos? (:verbosity options))
        (println "User created successfully."))
-
      (System/exit 0)

      (catch Exception _e
@@ -79,7 +79,7 @@
      (db/with-atomic [conn (:app.db/pool system)]
        (let [email    (or (:email options)
                           (read-from-console {:label "Email:"}))
-              profile  (profile/get-profile-by-email conn email)]
+              profile  (retrieve-profile-data-by-email conn email)]
          (when-not profile
            (when (pos? (:verbosity options))
              (println "Profile does not exists."))
--- a/backend/src/app/config.clj
+++ b/backend/src/app/config.clj
@@ -126,7 +126,6 @@
 (s/def ::database-max-pool-size ::us/integer)

 (s/def ::quotes-teams-per-profile ::us/integer)
-(s/def ::quotes-access-tokens-per-profile ::us/integer)
 (s/def ::quotes-projects-per-team ::us/integer)
 (s/def ::quotes-invitations-per-team ::us/integer)
 (s/def ::quotes-profiles-per-team ::us/integer)
@@ -282,7 +281,6 @@
                   ::public-uri

                   ::quotes-teams-per-profile
-                   ::quotes-access-tokens-per-profile
                   ::quotes-projects-per-team
                   ::quotes-invitations-per-team
                   ::quotes-profiles-per-team
--- a/backend/src/app/db.clj
+++ b/backend/src/app/db.clj
@@ -167,7 +167,11 @@
  (instance? javax.sql.DataSource v))

 (s/def ::pool pool?)
+(s/def ::conn some?)
+
+;; DEPRECATED: to be removed in 1.18
 (s/def ::conn-or-pool some?)
+(s/def ::pool-or-conn some?)

 (defn closed?
  [pool]
@@ -233,46 +237,44 @@
  [pool]
  (jdbc/get-connection pool))

-(def ^:private default-opts
-  {:builder-fn sql/as-kebab-maps})
-
 (defn exec!
  ([ds sv]
-   (jdbc/execute! ds sv default-opts))
+   (exec! ds sv {}))
  ([ds sv opts]
-   (jdbc/execute! ds sv (merge default-opts opts))))
+   (jdbc/execute! ds sv (assoc opts :builder-fn sql/as-kebab-maps))))

 (defn exec-one!
-  ([ds sv]
-   (jdbc/execute-one! ds sv default-opts))
+  ([ds sv] (exec-one! ds sv {}))
  ([ds sv opts]
-   (jdbc/execute-one! ds sv
-                      (-> (merge default-opts opts)
-                          (assoc :return-keys (::return-keys? opts false))))))
+   (jdbc/execute-one! ds sv (assoc opts :builder-fn sql/as-kebab-maps))))

 (defn insert!
-  [ds table params & {:as opts}]
-  (exec-one! ds
-             (sql/insert table params opts)
-             (merge {::return-keys? true} opts)))
+  ([ds table params] (insert! ds table params nil))
+  ([ds table params opts]
+   (exec-one! ds
+              (sql/insert table params opts)
+              (merge {:return-keys true} opts))))

 (defn insert-multi!
-  [ds table cols rows & {:as opts}]
-  (exec! ds
-         (sql/insert-multi table cols rows opts)
-         (merge {::return-keys? true} opts)))
+  ([ds table cols rows] (insert-multi! ds table cols rows nil))
+  ([ds table cols rows opts]
+   (exec! ds
+          (sql/insert-multi table cols rows opts)
+          (merge {:return-keys true} opts))))

 (defn update!
-  [ds table params where & {:as opts}]
-  (exec-one! ds
-             (sql/update table params where opts)
-             (merge {::return-keys? true} opts)))
+  ([ds table params where] (update! ds table params where nil))
+  ([ds table params where opts]
+   (exec-one! ds
+              (sql/update table params where opts)
+              (merge {:return-keys true} opts))))

 (defn delete!
-  [ds table params & {:as opts}]
-  (exec-one! ds
-             (sql/delete table params opts)
-             (merge {::return-keys? true} opts)))
+  ([ds table params] (delete! ds table params nil))
+  ([ds table params opts]
+   (exec-one! ds
+              (sql/delete table params opts)
+              (assoc opts :return-keys true))))

 (defn is-row-deleted?
  [{:keys [deleted-at]}]
@@ -281,34 +283,56 @@
          (inst-ms (dt/now)))))

 (defn get*
-  "Retrieve a single row from database that matches a simple filters. Do
-  not raises exceptions."
-  [ds table params & {:as opts}]
-  (let [rows (exec! ds (sql/select table params opts))
-        rows (cond->> rows
-               (::remove-deleted? opts true)
-               (remove is-row-deleted?))]
-    (first rows)))
+  "Internal function for retrieve a single row from database that
+  matches a simple filters."
+  ([ds table params]
+   (get* ds table params nil))
+  ([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
+   (let [rows (exec! ds (sql/select table params opts))
+         rows (cond->> rows
+                check-deleted?
+                (remove is-row-deleted?))]
+     (first rows))))

 (defn get
-  "Retrieve a single row from database that matches a simple
-  filters. Raises :not-found exception if no object is found."
-  [ds table params & {:as opts}]
-  (let [row (get* ds table params opts)]
-    (when (and (not row) (::check-deleted? opts true))
-      (ex/raise :type :not-found
-                :code :object-not-found
-                :table table
-                :hint "database object not found"))
-    row))
+  ([ds table params]
+   (get ds table params nil))
+  ([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
+   (let [row (get* ds table params opts)]
+     (when (and (not row) check-deleted?)
+       (ex/raise :type :not-found
+                 :code :object-not-found
+                 :table table
+                 :hint "database object not found"))
+     row)))
+
+(defn get-by-params
+  "DEPRECATED"
+  ([ds table params]
+   (get-by-params ds table params nil))
+  ([ds table params {:keys [check-not-found] :or {check-not-found true} :as opts}]
+   (let [row (get* ds table params (assoc opts :check-deleted? check-not-found))]
+     (when (and (not row) check-not-found)
+       (ex/raise :type :not-found
+                 :code :object-not-found
+                 :table table
+                 :hint "database object not found"))
+     row)))

 (defn get-by-id
-  [ds table id & {:as opts}]
-  (get ds table {:id id} opts))
+  ([ds table id]
+   (get ds table {:id id} nil))
+  ([ds table id opts]
+   (let [opts (cond-> opts
+                (contains? opts :check-not-found)
+                (assoc :check-deleted? (:check-not-found opts)))]
+     (get ds table {:id id} opts))))

 (defn query
-  [ds table params & {:as opts}]
-  (exec! ds (sql/select table params opts)))
+  ([ds table params]
+   (query ds table params nil))
+  ([ds table params opts]
+   (exec! ds (sql/select table params opts))))

 (defn pgobject?
  ([v]
--- a/backend/src/app/db/sql.clj
+++ b/backend/src/app/db/sql.clj
@@ -7,7 +7,6 @@
 (ns app.db.sql
  (:refer-clojure :exclude [update])
  (:require
-   [app.db :as-alias db]
   [clojure.string :as str]
   [next.jdbc.optional :as jdbc-opt]
   [next.jdbc.sql.builder :as sql]))
@@ -44,10 +43,8 @@
  ([table where-params opts]
   (let [opts (merge default-opts opts)
         opts (cond-> opts
-                (::db/for-update? opts) (assoc :suffix "FOR UPDATE")
-                (::db/for-share? opts)  (assoc :suffix "FOR KEY SHARE")
-                (:for-update opts)      (assoc :suffix "FOR UPDATE")
-                (:for-key-share opts)   (assoc :suffix "FOR KEY SHARE"))]
+                (:for-update opts)    (assoc :suffix "FOR UPDATE")
+                (:for-key-share opts) (assoc :suffix "FOR KEY SHARE"))]
     (sql/for-query table where-params opts))))

 (defn update
--- a/backend/src/app/http.clj
+++ b/backend/src/app/http.clj
@@ -6,22 +6,13 @@

 (ns app.http
  (:require
-   [app.auth.oidc :as-alias oidc]
   [app.common.data :as d]
   [app.common.logging :as l]
   [app.common.transit :as t]
-   [app.db :as-alias db]
-   [app.http.access-token :as actoken]
-   [app.http.assets :as-alias assets]
-   [app.http.awsns :as-alias awsns]
-   [app.http.debug :as-alias debug]
   [app.http.errors :as errors]
   [app.http.middleware :as mw]
   [app.http.session :as session]
-   [app.http.websocket :as-alias ws]
   [app.metrics :as mtx]
-   [app.rpc :as-alias rpc]
-   [app.rpc.doc :as-alias rpc.doc]
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]
@@ -73,6 +64,7 @@
                 :http/max-body-size (:max-body-size cfg)
                 :http/max-multipart-body-size (:max-multipart-body-size cfg)
                 :xnio/io-threads (:io-threads cfg)
+                 :xnio/worker-threads (:worker-threads cfg)
                 :xnio/dispatch (:executor cfg)
                 :ring/async true}

@@ -121,41 +113,64 @@
 ;; HTTP ROUTER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

+(s/def ::assets map?)
+(s/def ::awsns-handler fn?)
+(s/def ::debug-routes (s/nilable vector?))
+(s/def ::doc-routes (s/nilable vector?))
+(s/def ::feedback fn?)
+(s/def ::oauth map?)
+(s/def ::oidc-routes (s/nilable vector?))
+(s/def ::rpc-routes (s/nilable vector?))
+(s/def ::session ::session/session)
+(s/def ::storage map?)
+(s/def ::ws fn?)
+
 (defmethod ig/pre-init-spec ::router [_]
-  (s/keys :req [::session/manager
-                ::actoken/manager
-                ::ws/routes
-                ::rpc/routes
-                ::rpc.doc/routes
-                ::oidc/routes
-                ::assets/routes
-                ::debug/routes
-                ::db/pool
-                ::mtx/routes
-                ::awsns/routes]))
+  (s/keys :req-un [::mtx/metrics
+                   ::ws
+                   ::storage
+                   ::assets
+                   ::session
+                   ::feedback
+                   ::awsns-handler
+                   ::debug-routes
+                   ::oidc-routes
+                   ::rpc-routes
+                   ::doc-routes]))

 (defmethod ig/init-key ::router
-  [_ cfg]
+  [_ {:keys [ws session metrics assets feedback] :as cfg}]
  (rr/router
   [["" {:middleware [[mw/server-timing]
                      [mw/format-response]
                      [mw/params]
                      [mw/parse-request]
-                      [session/soft-auth cfg]
-                      [actoken/soft-auth cfg]
+                      [session/middleware-1 session]
                      [mw/errors errors/handle]
                      [mw/restrict-methods]]}

-     (::mtx/routes cfg)
-     (::assets/routes cfg)
-     (::debug/routes cfg)
+     ["/metrics" {:handler (::mtx/handler metrics)
+                  :allowed-methods #{:get}}]
+
+     ["/assets" {:middleware [[session/middleware-2 session]]}
+      ["/by-id/:id" {:handler (:objects-handler assets)}]
+      ["/by-file-media-id/:id" {:handler (:file-objects-handler assets)}]
+      ["/by-file-media-id/:id/thumbnail" {:handler (:file-thumbnails-handler assets)}]]
+
+     (:debug-routes cfg)

     ["/webhooks"
-      (::awsns/routes cfg)]
+      ["/sns" {:handler (:awsns-handler cfg)
+               :allowed-methods #{:post}}]]

-     (::ws/routes cfg)
+     ["/ws/notifications" {:middleware [[session/middleware-2 session]]
+                           :handler ws
+                           :allowed-methods #{:get}}]

-     ["/api" {:middleware [[mw/cors]]}
-      (::oidc/routes cfg)
-      (::rpc.doc/routes cfg)
-      (::rpc/routes cfg)]]]))
+     ["/api" {:middleware [[mw/cors]
+                           [session/middleware-2 session]]}
+      ["/feedback" {:handler feedback
+                    :allowed-methods #{:post}}]
+      (:doc-routes cfg)
+      (:oidc-routes cfg)
+      (:rpc-routes cfg)]]]))
--- a/backend/src/app/http/access_token.clj
+++ b/backend/src/app/http/access_token.clj
@@ -1,96 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.http.access-token
-  (:require
-   [app.common.logging :as l]
-   [app.common.spec :as us]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.main :as-alias main]
-   [app.tokens :as tokens]
-   [app.worker :as-alias wrk]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.request :as yrq]))
-
-
-(s/def ::manager
-  (s/keys :req [::db/pool ::wrk/executor ::main/props]))
-
-(defmethod ig/pre-init-spec ::manager [_] ::manager)
-(defmethod ig/init-key ::manager [_ cfg] cfg)
-(defmethod ig/halt-key! ::manager [_ _])
-
-(def header-re #"^Token\s+(.*)")
-
-(defn- get-token
-  [request]
-  (some->> (yrq/get-header request "authorization")
-           (re-matches header-re)
-           (second)))
-
-(defn- decode-token
-  [props token]
-  (when token
-    (tokens/verify props {:token token :iss "access-token"})))
-
-(defn- get-token-perms
-  [pool token-id]
-  (when-not (db/read-only? pool)
-    (when-let [token (db/get* pool :access-token {:id token-id} {:columns [:perms]})]
-      (some-> (:perms token)
-              (db/decode-pgarray #{})))))
-
-(defn- wrap-soft-auth
-  [handler {:keys [::manager]}]
-  (us/assert! ::manager manager)
-
-  (let [{:keys [::wrk/executor ::main/props]} manager]
-    (fn [request respond raise]
-      (let [token (get-token request)]
-        (->> (px/submit! executor (partial decode-token props token))
-             (p/fnly (fn [claims cause]
-                       (when cause
-                         (l/trace :hint "exception on decoding malformed token" :cause cause))
-                       (let [request (cond-> request
-                                       (map? claims)
-                                       (assoc ::id (:tid claims)))]
-                         (handler request respond raise)))))))))
-
-(defn- wrap-authz
-  [handler {:keys [::manager]}]
-  (us/assert! ::manager manager)
-  (let [{:keys [::wrk/executor ::db/pool]} manager]
-    (fn [request respond raise]
-      (if-let [token-id (::id request)]
-        (->> (px/submit! executor (partial get-token-perms pool token-id))
-             (p/fnly (fn [perms cause]
-                       (cond
-                         (some? cause)
-                         (raise cause)
-
-                         (nil? perms)
-                         (handler request respond raise)
-
-                         :else
-                         (let [request (assoc request ::perms perms)]
-                           (handler request respond raise))))))
-        (handler request respond raise)))))
-
-(def soft-auth
-  {:name ::soft-auth
-   :compile (fn [& _]
-              (when (contains? cf/flags :access-tokens)
-                wrap-soft-auth))})
-
-(def authz
-  {:name ::authz
-   :compile (fn [& _]
-              (when (contains? cf/flags :access-tokens)
-                wrap-authz))})
--- a/backend/src/app/http/assets.clj
+++ b/backend/src/app/http/assets.clj
@@ -115,10 +115,7 @@
 (s/def ::cache-max-age ::dt/duration)
 (s/def ::signature-max-age ::dt/duration)

-(s/def ::routes vector?)
-
-;; FIXME: namespace qualified params
-(defmethod ig/pre-init-spec ::routes [_]
+(defmethod ig/pre-init-spec ::handlers [_]
  (s/keys :req-un [::storage
                   ::wrk/executor
                   ::mtx/metrics
@@ -126,9 +123,9 @@
                   ::cache-max-age
                   ::signature-max-age]))

-(defmethod ig/init-key ::routes
+(defmethod ig/init-key ::handlers
  [_ cfg]
-  ["/assets"
-   ["/by-id/:id" {:handler (partial objects-handler cfg)}]
-   ["/by-file-media-id/:id" {:handler (partial file-objects-handler cfg)}]
-   ["/by-file-media-id/:id/thumbnail" {:handler (partial file-thumbnails-handler cfg)}]])
+  {:objects-handler (partial objects-handler cfg)
+   :file-objects-handler (partial file-objects-handler cfg)
+   :file-thumbnails-handler (partial file-thumbnails-handler cfg)})
+
--- a/backend/src/app/http/awsns.clj
+++ b/backend/src/app/http/awsns.clj
@@ -28,20 +28,18 @@
 (declare parse-notification)
 (declare process-report)

-(defmethod ig/pre-init-spec ::routes [_]
+(defmethod ig/pre-init-spec ::handler [_]
  (s/keys :req [::http/client
                ::main/props
                ::db/pool
                ::wrk/executor]))

-(defmethod ig/init-key ::routes
+(defmethod ig/init-key ::handler
  [_ {:keys [::wrk/executor] :as cfg}]
-  (letfn [(handler [request respond _]
-            (let [data (-> request yrq/body slurp)]
-              (px/run! executor #(handle-request cfg data)))
-            (respond (yrs/response 200)))]
-    ["/sns" {:handler handler
-             :allowed-methods #{:post}}]))
+  (fn [request respond _]
+    (let [data (-> request yrq/body slurp)]
+      (px/run! executor #(handle-request cfg data)))
+    (respond (yrs/response 200))))

 (defn handle-request
  [cfg data]
@@ -107,7 +105,8 @@
  [cfg headers]
  (let [tdata (get headers "x-penpot-data")]
    (when-not (str/empty? tdata)
-      (let [result (tokens/verify (::main/props cfg) {:token tdata :iss :profile-identity})]
+      (let [sprops (::main/props cfg)
+            result (tokens/verify sprops {:token tdata :iss :profile-identity})]
        (:profile-id result)))))

 (defn- parse-notification
--- a/backend/src/app/http/debug.clj
+++ b/backend/src/app/http/debug.clj
@@ -16,8 +16,8 @@
   [app.http.middleware :as mw]
   [app.http.session :as session]
   [app.rpc.commands.binfile :as binf]
-   [app.rpc.commands.files-create :refer [create-file]]
-   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.files.create :refer [create-file]]
+   [app.rpc.queries.profile :as profile]
   [app.util.blob :as blob]
   [app.util.template :as tmpl]
   [app.util.time :as dt]
@@ -39,9 +39,9 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn authorized?
-  [pool {:keys [::session/profile-id]}]
+  [pool {:keys [profile-id]}]
  (or (= "devenv" (cf/get :host))
-      (let [profile (ex/ignoring (profile/get-profile pool profile-id))
+      (let [profile (ex/ignoring (profile/retrieve-profile-data pool profile-id))
            admins  (or (cf/get :admins) #{})]
        (contains? admins (:email profile)))))

@@ -61,7 +61,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn index-handler
-  [{:keys [::db/pool]} request]
+  [{:keys [pool]} request]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -81,7 +81,7 @@
  "select revn, changes, data from file_change where file_id=? and revn = ?")

 (defn- retrieve-file-data
-  [{:keys [::db/pool]} {:keys [params ::session/profile-id] :as request}]
+  [{:keys [pool]} {:keys [params profile-id] :as request}]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -107,9 +107,8 @@
        (prepare-download-response data filename)

        (contains? params :clone)
-        (let [profile    (profile/get-profile pool profile-id)
-              project-id (:default-project-id profile)
-              data       (blob/decode data)]
+        (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
+              data       (some-> data blob/decode)]
          (create-file pool {:id (uuid/next)
                             :name (str "Cloned file: " filename)
                             :project-id project-id
@@ -118,7 +117,7 @@
          (yrs/response 201 "OK CREATED"))

        :else
-        (prepare-response (blob/decode data))))))
+        (prepare-response (some-> data blob/decode))))))

 (defn- is-file-exists?
  [pool id]
@@ -126,9 +125,8 @@
    (-> (db/exec-one! pool [sql id]) :exists)))

 (defn- upload-file-data
-  [{:keys [::db/pool]} {:keys [::session/profile-id params] :as request}]
-  (let [profile    (profile/get-profile pool profile-id)
-        project-id (:default-project-id profile)
+  [{:keys [pool]} {:keys [profile-id params] :as request}]
+  (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
        data       (some-> params :file :path io/read-as-bytes blob/decode)]

    (if (and data project-id)
@@ -164,7 +162,7 @@
              :code :method-not-found)))

 (defn file-changes-handler
-  [{:keys [::db/pool]} {:keys [params] :as request}]
+  [{:keys [pool]} {:keys [params] :as request}]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -204,7 +202,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn error-handler
-  [{:keys [::db/pool]} request]
+  [{:keys [pool]} request]
  (letfn [(parse-id [request]
            (let [id (get-in request [:path-params :id])
                  id (parse-uuid id)]
@@ -253,7 +251,7 @@
    LIMIT 100")

 (defn error-list-handler
-  [{:keys [::db/pool]} request]
+  [{:keys [pool]} request]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -270,7 +268,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn export-handler
-  [{:keys [::db/pool] :as cfg} {:keys [params ::session/profile-id] :as request}]
+  [{:keys [pool] :as cfg} {:keys [params profile-id] :as request}]

  (let [file-ids (->> (:file-ids params)
                      (remove empty?)
@@ -289,8 +287,7 @@
                   (assoc ::binf/include-libraries? libs?)
                   (binf/export-to-tmpfile!))]
      (if clone?
-        (let [profile    (profile/get-profile pool profile-id)
-              project-id (:default-project-id profile)]
+        (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)]
          (binf/import!
           (assoc cfg
                  ::binf/input path
@@ -312,16 +309,15 @@


 (defn import-handler
-  [{:keys [::db/pool] :as cfg} {:keys [params ::session/profile-id] :as request}]
+  [{:keys [pool] :as cfg} {:keys [params profile-id] :as request}]
  (when-not (contains? params :file)
    (ex/raise :type :validation
              :code :missing-upload-file
              :hint "missing upload file"))

-  (let [profile    (profile/get-profile pool profile-id)
-        project-id (:default-project-id profile)
+  (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
        overwrite? (contains? params :overwrite)
-        migrate?   (contains? params :migrate)
+        migrate? (contains? params :migrate)
        ignore-index-errors? (contains? params :ignore-index-errors)]

    (when-not project-id
@@ -349,14 +345,15 @@

 (defn health-handler
  "Mainly a task that performs a health check."
-  [{:keys [::db/pool]} _]
-  (try
-    (db/exec-one! pool ["select count(*) as count from server_prop;"])
-    (yrs/response 200 "OK")
-    (catch Throwable cause
-      (l/warn :hint "unable to execute query on health handler"
-              :cause cause)
-      (yrs/response 503 "KO"))))
+  [{:keys [pool]} _]
+  (db/with-atomic [conn pool]
+    (try
+      (db/exec-one! conn ["select count(*) as count from server_prop;"])
+      (yrs/response 200 "OK")
+      (catch Throwable cause
+        (l/warn :hint "unable to execute query on health handler"
+                :cause cause)
+        (yrs/response 503 "KO")))))

 (defn changelog-handler
  [_ _]
@@ -384,17 +381,16 @@
           (raise (ex/error :type :authentication
                            :code :only-admins-allowed))))))})

+
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::db/pool
-                ::wrk/executor
-                ::session/manager]))
+  (s/keys :req-un [::db/pool ::wrk/executor ::session/session]))

 (defmethod ig/init-key ::routes
-  [_ {:keys [::db/pool ::wrk/executor] :as cfg}]
+  [_ {:keys [session pool executor] :as cfg}]
  [["/readyz" {:middleware [[mw/with-dispatch executor]
                            [mw/with-config cfg]]
               :handler health-handler}]
-   ["/dbg" {:middleware [[session/authz cfg]
+   ["/dbg" {:middleware [[session/middleware-2 session]
                         [with-authorization pool]
                         [mw/with-dispatch executor]
                         [mw/with-config cfg]]}
--- a/backend/src/app/http/errors.clj
+++ b/backend/src/app/http/errors.clj
@@ -11,8 +11,6 @@
   [app.common.exceptions :as ex]
   [app.common.logging :as l]
   [app.http :as-alias http]
-   [app.http.access-token :as-alias actoken]
-   [app.http.session :as-alias session]
   [clojure.spec.alpha :as s]
   [cuerdas.core :as str]
   [yetti.request :as yrq]
@@ -28,9 +26,7 @@

 (defn get-context
  [request]
-  (let [claims (-> {}
-                   (into (::session/token-claims request))
-                   (into (::actoken/token-claims request)))]
+  (let [claims (:session-token-claims request)]
    (merge
     *context*
     {:path          (:path request)
@@ -53,10 +49,6 @@
  [err _]
  (yrs/response 401 (ex-data err)))

-(defmethod handle-exception :authorization
-  [err _]
-  (yrs/response 403 (ex-data err)))
-
 (defmethod handle-exception :restriction
  [err _]
  (yrs/response 400 (ex-data err)))
--- a/backend/src/app/http/feedback.clj
+++ b/backend/src/app/http/feedback.clj
@@ -0,0 +1,80 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.http.feedback
+  "A general purpose feedback module."
+  (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
+   [app.common.spec :as us]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.emails :as eml]
+   [app.rpc.queries.profile :as profile]
+   [app.worker :as wrk]
+   [clojure.spec.alpha :as s]
+   [integrant.core :as ig]
+   [promesa.core :as p]
+   [promesa.exec :as px]
+   [yetti.request :as yrq]
+   [yetti.response :as yrs]))
+
+(declare ^:private send-feedback)
+(declare ^:private handler)
+
+(defmethod ig/pre-init-spec ::handler [_]
+  (s/keys :req-un [::db/pool ::wrk/executor]))
+
+(defmethod ig/init-key ::handler
+  [_ {:keys [executor] :as cfg}]
+  (let [enabled? (contains? cf/flags :user-feedback)]
+    (if enabled?
+      (fn [request respond raise]
+        (-> (px/submit! executor #(handler cfg request))
+            (p/then' respond)
+            (p/catch raise)))
+      (fn [_ _ raise]
+        (raise (ex/error :type :validation
+                         :code :feedback-disabled
+                         :hint "feedback module is disabled"))))))
+
+(defn- handler
+  [{:keys [pool] :as cfg} {:keys [profile-id] :as request}]
+  (let [ftoken (cf/get :feedback-token ::no-token)
+        token  (yrq/get-header request "x-feedback-token")
+        params (d/merge (:params request)
+                        (:body-params request))]
+    (cond
+      (uuid? profile-id)
+      (let [profile (profile/retrieve-profile-data pool profile-id)
+            params  (assoc params :from (:email profile))]
+        (send-feedback pool profile params))
+
+      (= token ftoken)
+      (send-feedback cfg nil params))
+
+    (yrs/response 204)))
+
+(s/def ::content ::us/string)
+(s/def ::from    ::us/email)
+(s/def ::subject ::us/string)
+(s/def ::feedback
+  (s/keys :req-un [::from ::subject ::content]))
+
+(defn- send-feedback
+  [pool profile params]
+  (let [params      (us/conform ::feedback params)
+        destination (cf/get :feedback-destination)]
+    (eml/send! {::eml/conn pool
+                ::eml/factory eml/feedback
+                :from     destination
+                :to       destination
+                :profile  profile
+                :reply-to (:from params)
+                :email    (:from params)
+                :subject  (:subject params)
+                :content  (:content params)})
+    nil))
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@@ -9,17 +9,14 @@
  (:require
   [app.common.data :as d]
   [app.common.logging :as l]
-   [app.common.spec :as us]
   [app.config :as cf]
   [app.db :as db]
   [app.db.sql :as sql]
-   [app.http.session.tasks :as-alias tasks]
   [app.main :as-alias main]
   [app.tokens :as tokens]
   [app.util.time :as dt]
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
   [integrant.core :as ig]
   [promesa.core :as p]
   [promesa.exec :as px]
@@ -48,55 +45,55 @@

 (defprotocol ISessionManager
  (read [_ key])
+  (decode [_ key])
  (write! [_ key data])
  (update! [_ data])
  (delete! [_ key]))

-(s/def ::manager #(satisfies? ISessionManager %))
+(s/def ::session #(satisfies? ISessionManager %))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; STORAGE IMPL
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(s/def ::session-params
-  (s/keys :req-un [::user-agent
-                   ::profile-id
-                   ::created-at]))
-
 (defn- prepare-session-params
-  [key params]
-  (us/assert! ::us/not-empty-string key)
-  (us/assert! ::session-params params)
-
-  {:user-agent (:user-agent params)
-   :profile-id (:profile-id params)
-   :created-at (:created-at params)
-   :updated-at (:created-at params)
-   :id key})
+  [props data]
+  (let [profile-id (:profile-id data)
+        user-agent (:user-agent data)
+        created-at (or (:created-at data) (dt/now))
+        token      (tokens/generate props {:iss "authentication"
+                                           :iat created-at
+                                           :uid profile-id})]
+    {:user-agent user-agent
+     :profile-id profile-id
+     :created-at created-at
+     :updated-at created-at
+     :id token}))

 (defn- database-manager
  [{:keys [::db/pool ::wrk/executor ::main/props]}]
-  ^{::wrk/executor executor
-    ::db/pool pool
-    ::main/props props}
  (reify ISessionManager
    (read [_ token]
      (px/with-dispatch executor
        (db/exec-one! pool (sql/select :http-session {:id token}))))

-    (write! [_ key params]
+    (decode [_ token]
      (px/with-dispatch executor
-        (let [params (prepare-session-params key params)]
+        (tokens/verify props {:token token :iss "authentication"})))
+
+    (write! [_ _ data]
+      (px/with-dispatch executor
+        (let [params (prepare-session-params props data)]
          (db/insert! pool :http-session params)
          params)))

-    (update! [_ params]
+    (update! [_ data]
      (let [updated-at (dt/now)]
        (px/with-dispatch executor
          (db/update! pool :http-session
                      {:updated-at updated-at}
-                      {:id (:id params)})
-          (assoc params :updated-at updated-at))))
+                      {:id (:id data)})
+          (assoc data :updated-at updated-at))))

    (delete! [_ token]
      (px/with-dispatch executor
@@ -104,26 +101,27 @@
        nil))))

 (defn inmemory-manager
-  [{:keys [::db/pool ::wrk/executor ::main/props]}]
+  [{:keys [::wrk/executor ::main/props]}]
  (let [cache (atom {})]
-    ^{::main/props props
-      ::wrk/executor executor
-      ::db/pool pool}
    (reify ISessionManager
      (read [_ token]
        (p/do (get @cache token)))

-      (write! [_ key params]
+      (decode [_ token]
+        (px/with-dispatch executor
+          (tokens/verify props {:token token :iss "authentication"})))
+
+      (write! [_ _ data]
        (p/do
-          (let [params (prepare-session-params key params)]
-            (swap! cache assoc key params)
+          (let [{:keys [token] :as params} (prepare-session-params props data)]
+            (swap! cache assoc token params)
            params)))

-      (update! [_ params]
+      (update! [_ data]
        (p/do
          (let [updated-at (dt/now)]
-            (swap! cache update (:id params) assoc :updated-at updated-at)
-            (assoc params :updated-at updated-at))))
+            (swap! cache update (:id data) assoc :updated-at updated-at)
+            (assoc data :updated-at updated-at))))

      (delete! [_ token]
        (p/do
@@ -146,34 +144,25 @@
 ;; MANAGER IMPL
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(declare ^:private assign-auth-token-cookie)
-(declare ^:private assign-authenticated-cookie)
-(declare ^:private clear-auth-token-cookie)
-(declare ^:private clear-authenticated-cookie)
-(declare ^:private gen-token)
+(declare assign-auth-token-cookie)
+(declare assign-authenticated-cookie)
+(declare clear-auth-token-cookie)
+(declare clear-authenticated-cookie)

 (defn create-fn
-  [{:keys [::manager]} profile-id]
-  (us/assert! ::manager manager)
-  (us/assert! ::us/uuid profile-id)
-
-  (let [props (-> manager meta ::main/props)]
-    (fn [request response]
-      (let [uagent (yrq/get-header request "user-agent")
-            params {:profile-id profile-id
-                    :user-agent uagent
-                    :created-at (dt/now)}
-            token  (gen-token props params)]
-
-        (->> (write! manager token params)
-             (p/fmap (fn [session]
-                       (l/trace :hint "create" :profile-id profile-id)
-                       (-> response
-                           (assign-auth-token-cookie session)
-                           (assign-authenticated-cookie session)))))))))
+  [manager profile-id]
+  (fn [request response]
+    (let [uagent  (yrq/get-header request "user-agent")
+          params  {:profile-id profile-id
+                   :user-agent uagent}]
+      (-> (write! manager nil params)
+          (p/then (fn [session]
+                    (l/trace :hint "create" :profile-id profile-id)
+                    (-> response
+                        (assign-auth-token-cookie session)
+                        (assign-authenticated-cookie session))))))))
 (defn delete-fn
-  [{:keys [::manager]}]
-  (us/assert! ::manager manager)
+  [manager]
  (letfn [(delete [{:keys [profile-id] :as request}]
            (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
                  cookie  (yrq/get-cookie request cname)]
@@ -188,92 +177,68 @@
            (clear-auth-token-cookie)
            (clear-authenticated-cookie))))))

-(defn- gen-token
-  [props {:keys [profile-id created-at]}]
-  (tokens/generate props {:iss "authentication"
-                          :iat created-at
-                          :uid profile-id}))
-(defn- decode-token
-  [props token]
-  (when token
-    (tokens/verify props {:token token :iss "authentication"})))
+(def middleware-1
+  (letfn [(decode-cookie [manager cookie]
+            (if-let [value (:value cookie)]
+              (decode manager value)
+              (p/resolved nil)))

-(defn- get-token
-  [request]
-  (let [cname  (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-        cookie (some-> (yrq/get-cookie request cname) :value)]
-    (when-not (str/empty? cookie)
-      cookie)))
+          (wrap-handler [manager handler request respond raise]
+            (let [cookie (some->> (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
+                                  (yrq/get-cookie request))]
+              (->> (decode-cookie manager cookie)
+                   (p/fnly (fn [claims _]
+                             (cond-> request
+                               (some? claims) (assoc :session-token-claims claims)
+                               :always        (handler respond raise)))))))]
+    {:name :session-1
+     :compile (fn [& _]
+                (fn [handler manager]
+                  (partial wrap-handler manager handler)))}))

-(defn- get-session
-  [manager token]
-  (some->> token (read manager)))
+(def middleware-2
+  (letfn [(wrap-handler [manager handler request respond raise]
+            (-> (retrieve-session manager request)
+                (p/finally (fn [session cause]
+                             (cond
+                               (some? cause)
+                               (raise cause)

-(defn- renew-session?
-  [{:keys [updated-at] :as session}]
-  (and (dt/instant? updated-at)
-       (let [elapsed (dt/diff updated-at (dt/now))]
-         (neg? (compare default-renewal-max-age elapsed)))))
+                               (nil? session)
+                               (handler request respond raise)

-(defn- wrap-reneval
-  [respond manager session]
-  (fn [response]
-    (p/let [session (update! manager session)]
-      (-> response
-          (assign-auth-token-cookie session)
-          (assign-authenticated-cookie session)
-          (respond)))))
+                               :else
+                               (let [request (-> request
+                                                 (assoc :profile-id (:profile-id session))
+                                                 (assoc :session-id (:id session)))
+                                     respond (cond-> respond
+                                               (renew-session? session)
+                                               (wrap-respond manager session))]
+                                 (handler request respond raise)))))))

-(defn- wrap-soft-auth
-  [handler {:keys [::manager]}]
-  (us/assert! ::manager manager)
+          (retrieve-session [manager request]
+            (let [cname  (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
+                  cookie (yrq/get-cookie request cname)]
+              (some->> (:value cookie) (read manager))))

-  (let [{:keys [::wrk/executor ::main/props]} (meta manager)]
-    (fn [request respond raise]
-      (let [token (get-token request)]
-        (->> (px/submit! executor (partial decode-token props token))
-             (p/fnly (fn [claims cause]
-                       (when cause
-                         (l/trace :hint "exception on decoding malformed token" :cause cause))
+          (renew-session? [{:keys [updated-at] :as session}]
+            (and (dt/instant? updated-at)
+                 (let [elapsed (dt/diff updated-at (dt/now))]
+                   (neg? (compare default-renewal-max-age elapsed)))))

-                       (let [request (cond-> request
-                                       (map? claims)
-                                       (-> (assoc ::token-claims claims)
-                                           (assoc ::token token)))]
-                         (handler request respond raise)))))))))
+          ;; Wrap respond with session renewal code
+          (wrap-respond [respond manager session]
+            (fn [response]
+              (p/let [session (update! manager session)]
+                (-> response
+                    (assign-auth-token-cookie session)
+                    (assign-authenticated-cookie session)
+                    (respond)))))]

-(defn- wrap-authz
-  [handler {:keys [::manager]}]
-  (us/assert! ::manager manager)
-  (fn [request respond raise]
-    (if-let [token (::token request)]
-      (->> (get-session manager token)
-           (p/fnly (fn [session cause]
-                     (cond
-                       (some? cause)
-                       (raise cause)
-
-                       (nil? session)
-                       (handler request respond raise)
-
-                       :else
-                       (let [request (-> request
-                                         (assoc ::profile-id (:profile-id session))
-                                         (assoc ::id (:id session)))
-                             respond (cond-> respond
-                                       (renew-session? session)
-                                       (wrap-reneval manager session))]
-                         (handler request respond raise))))))
-
-      (handler request respond raise))))
-
-(def soft-auth
-  {:name ::soft-auth
-   :compile (constantly wrap-soft-auth)})
-
-(def authz
-  {:name ::authz
-   :compile (constantly wrap-authz)})
+    {:name :session-2
+     :compile (fn [& _]
+                (fn [handler manager]
+                  (partial wrap-handler manager handler)))}))

 ;; --- IMPL

@@ -335,26 +300,21 @@
 ;; TASK: SESSION GC
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(s/def ::tasks/max-age ::dt/duration)
+(declare sql:delete-expired)

-(defmethod ig/pre-init-spec ::tasks/gc [_]
-  (s/keys :req [::db/pool]
-          :opt [::tasks/max-age]))
+(s/def ::max-age ::dt/duration)

-(defmethod ig/prep-key ::tasks/gc
+(defmethod ig/pre-init-spec ::gc-task [_]
+  (s/keys :req-un [::db/pool]
+          :opt-un [::max-age]))
+
+(defmethod ig/prep-key ::gc-task
  [_ cfg]
-  (let [max-age (cf/get :auth-token-cookie-max-age default-cookie-max-age)]
-    (merge {::tasks/max-age max-age} (d/without-nils cfg))))
+  (merge {:max-age default-cookie-max-age}
+         (d/without-nils cfg)))

-(def ^:private
-  sql:delete-expired
-  "delete from http_session
-    where updated_at < now() - ?::interval
-       or (updated_at is null and
-           created_at < now() - ?::interval)")
-
-(defmethod ig/init-key ::tasks/gc
-  [_ {:keys [::db/pool ::tasks/max-age] :as cfg}]
+(defmethod ig/init-key ::gc-task
+  [_ {:keys [pool max-age] :as cfg}]
  (l/debug :hint "initializing session gc task" :max-age max-age)
  (fn [_]
    (db/with-atomic [conn pool]
@@ -366,3 +326,9 @@
                 :deleted result)
        result))))

+(def ^:private
+  sql:delete-expired
+  "delete from http_session
+    where updated_at < now() - ?::interval
+       or (updated_at is null and
+           created_at < now() - ?::interval)")
--- a/backend/src/app/http/websocket.clj
+++ b/backend/src/app/http/websocket.clj
@@ -12,7 +12,6 @@
   [app.common.pprint :as pp]
   [app.common.spec :as us]
   [app.db :as db]
-   [app.http.session :as session]
   [app.metrics :as mtx]
   [app.msgbus :as mbus]
   [app.util.time :as dt]
@@ -35,7 +34,7 @@
 (def state (atom {}))

 (defn- on-connect
-  [{:keys [::mtx/metrics]} wsp]
+  [{:keys [metrics]} wsp]
  (let [created-at (dt/now)]
    (swap! state assoc (::ws/id @wsp) wsp)
    (mtx/run! metrics
@@ -49,7 +48,7 @@
                :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0)))))

 (defn- on-rcv-message
-  [{:keys [::mtx/metrics]} _ message]
+  [{:keys [metrics]} _ message]
  (mtx/run! metrics
            :id :websocket-messages-total
            :labels recv-labels
@@ -57,7 +56,7 @@
  message)

 (defn- on-snd-message
-  [{:keys [::mtx/metrics]} _ message]
+  [{:keys [metrics]} _ message]
  (mtx/run! metrics
            :id :websocket-messages-total
            :labels send-labels
@@ -96,6 +95,7 @@
     :user-agent       (::ws/user-agent @wsp)
     :ip-addr          (::ws/remote-addr @wsp)
     :last-activity-at (::ws/last-activity-at @wsp)
+     :http-session-id  (::ws/http-session-id @wsp)
     :subscribed-file  (-> wsp deref ::file-subscription :file-id)
     :subscribed-team  (-> wsp deref ::team-subscription :team-id)}))

@@ -120,7 +120,7 @@
 (defmethod handle-message :connect
  [cfg wsp _]

-  (let [msgbus     (::mbus/msgbus cfg)
+  (let [msgbus     (:msgbus cfg)
        conn-id    (::ws/id @wsp)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
@@ -139,7 +139,7 @@

 (defmethod handle-message :disconnect
  [cfg wsp _]
-  (let [msgbus     (::mbus/msgbus cfg)
+  (let [msgbus     (:msgbus cfg)
        conn-id    (::ws/id @wsp)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
@@ -173,7 +173,7 @@

 (defmethod handle-message :subscribe-team
  [cfg wsp {:keys [team-id] :as params}]
-  (let [msgbus     (::mbus/msgbus cfg)
+  (let [msgbus     (:msgbus cfg)
        conn-id    (::ws/id @wsp)
        session-id (::session-id @wsp)
        output-ch  (::ws/output-ch @wsp)
@@ -205,7 +205,7 @@

 (defmethod handle-message :subscribe-file
  [cfg wsp {:keys [file-id] :as params}]
-  (let [msgbus     (::mbus/msgbus cfg)
+  (let [msgbus     (:msgbus cfg)
        conn-id    (::ws/id @wsp)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
@@ -258,7 +258,7 @@

 (defmethod handle-message :unsubscribe-file
  [cfg wsp {:keys [file-id] :as params}]
-  (let [msgbus     (::mbus/msgbus cfg)
+  (let [msgbus     (:msgbus cfg)
        conn-id    (::ws/id @wsp)
        session-id (::session-id @wsp)
        profile-id (::profile-id @wsp)
@@ -288,7 +288,7 @@

 (defmethod handle-message :pointer-update
  [cfg wsp {:keys [file-id] :as message}]
-  (let [msgbus     (::mbus/msgbus cfg)
+  (let [msgbus     (:msgbus cfg)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
        subs       (::file-subscription @wsp)
@@ -313,47 +313,39 @@
 ;; HTTP HANDLER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

+(s/def ::msgbus ::mbus/msgbus)
 (s/def ::session-id ::us/uuid)
+
 (s/def ::handler-params
  (s/keys :req-un [::session-id]))

-(defn- http-handler
-  [cfg {:keys [params ::session/profile-id] :as request} respond raise]
-  (let [{:keys [session-id]} (us/conform ::handler-params params)]
-    (cond
-      (not profile-id)
-      (raise (ex/error :type :authentication
-                       :hint "Authentication required."))
+(defmethod ig/pre-init-spec ::handler [_]
+  (s/keys :req-un [::msgbus ::db/pool ::mtx/metrics]))

-      (not (yws/upgrade-request? request))
-      (raise (ex/error :type :validation
-                       :code :websocket-request-expected
-                       :hint "this endpoint only accepts websocket connections"))
-
-      :else
-      (do
-        (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
-
-        (->> (ws/handler
-              ::ws/on-rcv-message (partial on-rcv-message cfg)
-              ::ws/on-snd-message (partial on-snd-message cfg)
-              ::ws/on-connect (partial on-connect cfg)
-              ::ws/handler (partial handle-message cfg)
-              ::profile-id profile-id
-              ::session-id session-id)
-             (yws/upgrade request)
-             (respond))))))
-
-(defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::mbus/msgbus
-                ::mtx/metrics
-                ::db/pool
-                ::session/manager]))
-
-(s/def ::routes vector?)
-
-(defmethod ig/init-key ::routes
+(defmethod ig/init-key ::handler
  [_ cfg]
-  ["/ws/notifications" {:middleware [[session/authz cfg]]
-                        :handler (partial http-handler cfg)
-                        :allowed-methods #{:get}}])
+  (fn [{:keys [profile-id params] :as req} respond raise]
+    (let [{:keys [session-id]} (us/conform ::handler-params params)]
+      (cond
+        (not profile-id)
+        (raise (ex/error :type :authentication
+                         :hint "Authentication required."))
+
+        (not (yws/upgrade-request? req))
+        (raise (ex/error :type :validation
+                         :code :websocket-request-expected
+                         :hint "this endpoint only accepts websocket connections"))
+
+        :else
+        (do
+          (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
+
+          (->> (ws/handler
+                ::ws/on-rcv-message (partial on-rcv-message cfg)
+                ::ws/on-snd-message (partial on-snd-message cfg)
+                ::ws/on-connect (partial on-connect cfg)
+                ::ws/handler (partial handle-message cfg)
+                ::profile-id profile-id
+                ::session-id session-id)
+               (yws/upgrade req)
+               (respond)))))))
--- a/backend/src/app/loggers/audit.clj
+++ b/backend/src/app/loggers/audit.clj
@@ -20,7 +20,6 @@
   [app.loggers.audit.tasks :as-alias tasks]
   [app.loggers.webhooks :as-alias webhooks]
   [app.main :as-alias main]
-   [app.metrics :as mtx]
   [app.rpc :as-alias rpc]
   [app.tokens :as tokens]
   [app.util.retry :as rtry]
@@ -30,7 +29,6 @@
   [cuerdas.core :as str]
   [integrant.core :as ig]
   [lambdaisland.uri :as u]
-   [promesa.core :as p]
   [promesa.exec :as px]
   [yetti.request :as yrq]))

@@ -77,28 +75,20 @@
      (merge (:props profile))
      (d/without-nils)))

-(defn clean-props
-  [{:keys [profile-id] :as event}]
-  (let [invalid-keys #{:session-id
-                       :password
-                       :old-password
-                       :token}
-        xform (comp
-               (remove (fn [kv]
-                         (qualified-keyword? (first kv))))
-               (remove (fn [kv]
-                         (contains? invalid-keys (first kv))))
-               (remove (fn [[k v]]
-                         (and (= k :profile-id)
-                              (= v profile-id))))
-               (filter (fn [[_ v]]
-                         (or (string? v)
-                             (keyword? v)
-                             (uuid? v)
-                             (boolean? v)
-                             (number? v)))))]
+(def reserved-props
+  #{:session-id
+    :password
+    :old-password
+    :token})

-    (update event :props #(into {} xform %))))
+(defn clean-props
+  [props]
+  (into {}
+        (comp
+         (d/without-nils)
+         (d/without-qualified)
+         (remove #(contains? reserved-props (key %))))
+        props))

 ;; --- SPECS

@@ -132,7 +122,7 @@
  (s/keys :req [::wrk/executor ::db/pool]))

 (defmethod ig/pre-init-spec ::collector [_]
-  (s/keys :req [::db/pool ::wrk/executor ::mtx/metrics]))
+  (s/keys :req [::db/pool ::wrk/executor]))

 (defmethod ig/init-key ::collector
  [_ {:keys [::db/pool] :as cfg}]
@@ -143,8 +133,8 @@
    :else
    cfg))

-(defn- persist-event!
-  [pool event]
+(defn- handle-event!
+  [conn-or-pool event]
  (us/verify! ::event event)
  (let [params {:id (uuid/next)
                :name (:name event)
@@ -159,9 +149,9 @@
      ;; this case we just retry the operation.
      (rtry/with-retry {::rtry/when rtry/conflict-exception?
                        ::rtry/max-retries 6
-                        ::rtry/label "persist-audit-log"}
+                        ::rtry/label "persist-audit-log-event"}
        (let [now (dt/now)]
-          (db/insert! pool :audit-log
+          (db/insert! conn-or-pool :audit-log
                      (-> params
                          (update :props db/tjson)
                          (update :ip-addr db/inet)
@@ -180,7 +170,7 @@
                            :else               label)
            dedupe?       (boolean (and batch-key batch-timeout))]

-        (wrk/submit! ::wrk/conn pool
+        (wrk/submit! ::wrk/conn conn-or-pool
                     ::wrk/task :process-webhook-event
                     ::wrk/queue :webhooks
                     ::wrk/max-retries 0
@@ -191,16 +181,19 @@
                     ::webhooks/event
                     (-> params
                         (dissoc :ip-addr)
-                         (dissoc :type)))))))
+                         (dissoc :type)))))
+    params))

 (defn submit!
  "Submit audit event to the collector."
-  [{:keys [::wrk/executor ::db/pool] :as collector} params]
-  (us/assert! ::collector collector)
-  (->> (px/submit! executor (partial persist-event! pool (d/without-nils params)))
-       (p/merr (fn [cause]
-                 (l/error :hint "audit: unexpected error processing event" :cause cause)
-                 (p/resolved nil)))))
+  [{:keys [::wrk/executor] :as cfg} params]
+  (let [conn (or (::db/conn cfg) (::db/pool cfg))]
+    (us/assert! ::wrk/executor executor)
+    (us/assert! ::db/pool-or-conn conn)
+    (try
+      (handle-event! conn (d/without-nils params))
+      (catch Throwable cause
+        (l/error :hint "audit: unexpected error processing event" :cause cause)))))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; TASK: ARCHIVE
@@ -247,7 +240,7 @@
     from audit_log
    where archived_at is null
    order by created_at asc
-    limit 256
+    limit 128
      for update skip locked;")

 (defn archive-events
@@ -323,7 +316,7 @@
    where archived_at is not null")

 (defn- clean-archived
-  [{:keys [pool]}]
+  [{:keys [::db/pool]}]
  (let [result (db/exec-one! pool [sql:clean-archived])
        result (:next.jdbc/update-count result)]
    (l/debug :hint "delete archived audit log entries" :deleted result)
--- a/backend/src/app/loggers/webhooks.clj
+++ b/backend/src/app/loggers/webhooks.clj
@@ -111,7 +111,7 @@
                              " where id=?")
                         err
                         (:id whook)]
-                    res (db/exec-one! pool sql {::db/return-keys? true})]
+                    res (db/exec-one! pool sql {:return-keys true})]
                (when (>= (:error-count res) max-errors)
                  (db/update! pool :webhook {:is-active false} {:id (:id whook)})))

--- a/backend/src/app/main.clj
+++ b/backend/src/app/main.clj
@@ -12,24 +12,14 @@
   [app.common.logging :as l]
   [app.config :as cf]
   [app.db :as-alias db]
-   [app.http.access-token :as-alias actoken]
-   [app.http.assets :as-alias http.assets]
-   [app.http.awsns :as http.awsns]
   [app.http.client :as-alias http.client]
-   [app.http.debug :as-alias http.debug]
-   [app.http.session :as-alias session]
-   [app.http.session.tasks :as-alias session.tasks]
-   [app.http.websocket :as http.ws]
-   [app.loggers.audit :as-alias audit]
+   [app.http.session :as-alias http.session]
   [app.loggers.audit.tasks :as-alias audit.tasks]
   [app.loggers.webhooks :as-alias webhooks]
   [app.loggers.zmq :as-alias lzmq]
   [app.metrics :as-alias mtx]
   [app.metrics.definition :as-alias mdef]
-   [app.msgbus :as-alias mbus]
   [app.redis :as-alias rds]
-   [app.rpc :as-alias rpc]
-   [app.rpc.doc :as-alias rpc.doc]
   [app.srepl :as-alias srepl]
   [app.storage :as-alias sto]
   [app.util.time :as dt]
@@ -190,9 +180,6 @@
   ::mtx/metrics
   {:default default-metrics}

-   ::mtx/routes
-   {::mtx/metrics (ig/ref ::mtx/metrics)}
-
   :app.migrations/all
   {:main (ig/ref :app.migrations/migrations)}

@@ -200,7 +187,7 @@
   {::rds/uri     (cf/get :redis-uri)
    ::mtx/metrics (ig/ref ::mtx/metrics)}

-   ::mbus/msgbus
+   :app.msgbus/msgbus
   {:backend   (cf/get :msgbus-backend :redis)
    :executor  (ig/ref ::wrk/executor)
    :redis     (ig/ref ::rds/redis)}
@@ -220,20 +207,16 @@
   ::http.client/client
   {::wrk/executor (ig/ref ::wrk/executor)}

-   ::session/manager
+   :app.http.session/manager
   {::db/pool      (ig/ref ::db/pool)
    ::wrk/executor (ig/ref ::wrk/executor)
    ::props        (ig/ref :app.setup/props)}

-   ::actoken/manager
-   {::db/pool      (ig/ref ::db/pool)
-    ::wrk/executor (ig/ref ::wrk/executor)
-    ::props        (ig/ref :app.setup/props)}
+   :app.http.session/gc-task
+   {:pool        (ig/ref ::db/pool)
+    :max-age     (cf/get :auth-token-cookie-max-age)}

-   ::session.tasks/gc
-   {::db/pool (ig/ref ::db/pool)}
-
-   ::http.awsns/routes
+   :app.http.awsns/handler
   {::props              (ig/ref :app.setup/props)
    ::db/pool            (ig/ref ::db/pool)
    ::http.client/client (ig/ref ::http.client/client)
@@ -276,44 +259,48 @@
   {::http.client/client (ig/ref ::http.client/client)}

   ::oidc/routes
-   {::http.client/client (ig/ref ::http.client/client)
-    ::db/pool            (ig/ref ::db/pool)
-    ::props              (ig/ref :app.setup/props)
-    ::wrk/executor       (ig/ref ::wrk/executor)
-    ::oidc/providers     {:google (ig/ref ::oidc.providers/google)
-                          :github (ig/ref ::oidc.providers/github)
-                          :gitlab (ig/ref ::oidc.providers/gitlab)
-                          :oidc   (ig/ref ::oidc.providers/generic)}
-    ::audit/collector    (ig/ref ::audit/collector)
-    ::session/manager    (ig/ref ::session/manager)}
+   {::http.client/client   (ig/ref ::http.client/client)
+    ::db/pool              (ig/ref ::db/pool)
+    ::props                (ig/ref :app.setup/props)
+    ::wrk/executor         (ig/ref ::wrk/executor)
+    ::oidc/providers       {:google (ig/ref ::oidc.providers/google)
+                            :github (ig/ref ::oidc.providers/github)
+                            :gitlab (ig/ref ::oidc.providers/gitlab)
+                            :oidc   (ig/ref ::oidc.providers/generic)}
+    ::http.session/session (ig/ref :app.http.session/manager)}

+   ;; TODO: revisit the dependencies of this service, looks they are too much unused of them
   :app.http/router
-   {::session/manager    (ig/ref ::session/manager)
-    ::actoken/manager    (ig/ref ::actoken/manager)
-    ::wrk/executor       (ig/ref ::wrk/executor)
-    ::db/pool            (ig/ref ::db/pool)
-    ::rpc/routes         (ig/ref ::rpc/routes)
-    ::rpc.doc/routes     (ig/ref ::rpc.doc/routes)
-    ::props              (ig/ref :app.setup/props)
-    ::mtx/routes         (ig/ref ::mtx/routes)
-    ::oidc/routes        (ig/ref ::oidc/routes)
-    ::http.debug/routes  (ig/ref ::http.debug/routes)
-    ::http.assets/routes (ig/ref ::http.assets/routes)
-    ::http.ws/routes     (ig/ref ::http.ws/routes)
-    ::http.awsns/routes  (ig/ref ::http.awsns/routes)}
+   {:assets        (ig/ref :app.http.assets/handlers)
+    :feedback      (ig/ref :app.http.feedback/handler)
+    :session       (ig/ref :app.http.session/manager)
+    :awsns-handler (ig/ref :app.http.awsns/handler)
+    :debug-routes  (ig/ref :app.http.debug/routes)
+    :oidc-routes   (ig/ref ::oidc/routes)
+    :ws            (ig/ref :app.http.websocket/handler)
+    :metrics       (ig/ref ::mtx/metrics)
+    :public-uri    (cf/get :public-uri)
+    :storage       (ig/ref ::sto/storage)
+    :rpc-routes    (ig/ref :app.rpc/routes)
+    :doc-routes    (ig/ref :app.rpc.doc/routes)
+    :executor      (ig/ref ::wrk/executor)}

   :app.http.debug/routes
-   {::db/pool         (ig/ref ::db/pool)
-    ::wrk/executor    (ig/ref ::wrk/executor)
-    ::session/manager (ig/ref ::session/manager)}
+   {:pool     (ig/ref ::db/pool)
+    :executor (ig/ref ::wrk/executor)
+    :storage  (ig/ref ::sto/storage)
+    :session  (ig/ref :app.http.session/manager)

-   :app.http.websocket/routes
-   {::db/pool         (ig/ref ::db/pool)
-    ::mtx/metrics     (ig/ref ::mtx/metrics)
-    ::mbus/msgbus     (ig/ref :app.msgbus/msgbus)
-    ::session/manager (ig/ref ::session/manager)}
+    ::db/pool      (ig/ref ::db/pool)
+    ::wrk/executor (ig/ref ::wrk/executor)
+    ::sto/storage  (ig/ref ::sto/storage)}

-   :app.http.assets/routes
+   :app.http.websocket/handler
+   {:pool     (ig/ref ::db/pool)
+    :metrics  (ig/ref ::mtx/metrics)
+    :msgbus   (ig/ref :app.msgbus/msgbus)}
+
+   :app.http.assets/handlers
   {:metrics           (ig/ref ::mtx/metrics)
    :assets-path       (cf/get :assets-path)
    :storage           (ig/ref ::sto/storage)
@@ -321,32 +308,36 @@
    :cache-max-age     (dt/duration {:hours 24})
    :signature-max-age (dt/duration {:hours 24 :minutes 5})}

+   :app.http.feedback/handler
+   {:pool     (ig/ref ::db/pool)
+    :executor (ig/ref ::wrk/executor)}
+
   :app.rpc/climit
-   {::mtx/metrics  (ig/ref ::mtx/metrics)
-    ::wrk/executor (ig/ref ::wrk/executor)}
+   {:metrics  (ig/ref ::mtx/metrics)
+    :executor (ig/ref ::wrk/executor)}

   :app.rpc/rlimit
-   {::wrk/executor           (ig/ref ::wrk/executor)
-    ::wrk/scheduled-executor (ig/ref ::wrk/scheduled-executor)}
+   {:executor  (ig/ref ::wrk/executor)
+    :scheduled-executor (ig/ref ::wrk/scheduled-executor)}

   :app.rpc/methods
-   {::audit/collector    (ig/ref ::audit/collector)
-    ::http.client/client (ig/ref ::http.client/client)
+   {::http.client/client (ig/ref ::http.client/client)
    ::db/pool            (ig/ref ::db/pool)
    ::wrk/executor       (ig/ref ::wrk/executor)
-    ::session/manager    (ig/ref ::session/manager)
-    ::ldap/provider      (ig/ref ::ldap/provider)
-    ::sto/storage        (ig/ref ::sto/storage)
-    ::mtx/metrics        (ig/ref ::mtx/metrics)
-    ::mbus/msgbus        (ig/ref ::mbus/msgbus)
-    ::rds/redis          (ig/ref ::rds/redis)
-
-    ::rpc/climit         (ig/ref ::rpc/climit)
-    ::rpc/rlimit         (ig/ref ::rpc/rlimit)
-
    ::props              (ig/ref :app.setup/props)
-
+    ::ldap/provider      (ig/ref ::ldap/provider)
    :pool                (ig/ref ::db/pool)
+    :session             (ig/ref :app.http.session/manager)
+    :sprops              (ig/ref :app.setup/props)
+    :metrics             (ig/ref ::mtx/metrics)
+    :storage             (ig/ref ::sto/storage)
+    :msgbus              (ig/ref :app.msgbus/msgbus)
+    :public-uri          (cf/get :public-uri)
+    :redis               (ig/ref ::rds/redis)
+    :http-client         (ig/ref ::http.client/client)
+    :climit              (ig/ref :app.rpc/climit)
+    :rlimit              (ig/ref :app.rpc/rlimit)
+    :executor            (ig/ref ::wrk/executor)
    :templates           (ig/ref :app.setup/builtin-templates)
    }

@@ -354,12 +345,7 @@
   {:methods (ig/ref :app.rpc/methods)}

   :app.rpc/routes
-   {::rpc/methods     (ig/ref :app.rpc/methods)
-    ::db/pool         (ig/ref ::db/pool)
-    ::wrk/executor    (ig/ref ::wrk/executor)
-    ::session/manager (ig/ref ::session/manager)
-    ::actoken/manager (ig/ref ::actoken/manager)
-    ::props           (ig/ref :app.setup/props)}
+   {:methods (ig/ref :app.rpc/methods)}

   ::wrk/registry
   {:metrics (ig/ref ::mtx/metrics)
@@ -372,7 +358,7 @@
     :storage-gc-touched (ig/ref ::sto/gc-touched-task)
     :tasks-gc           (ig/ref :app.tasks.tasks-gc/handler)
     :telemetry          (ig/ref :app.tasks.telemetry/handler)
-     :session-gc         (ig/ref ::session.tasks/gc)
+     :session-gc         (ig/ref :app.http.session/gc-task)
     :audit-log-archive  (ig/ref ::audit.tasks/archive)
     :audit-log-gc       (ig/ref ::audit.tasks/gc)

@@ -433,11 +419,6 @@
   ::lzmq/receiver
   {}

-   ::audit/collector
-   {::db/pool           (ig/ref ::db/pool)
-    ::wrk/executor      (ig/ref ::wrk/executor)
-    ::mtx/metrics       (ig/ref ::mtx/metrics)}
-
   ::audit.tasks/archive
   {::props              (ig/ref :app.setup/props)
    ::db/pool            (ig/ref ::db/pool)
--- a/backend/src/app/metrics.clj
+++ b/backend/src/app/metrics.clj
@@ -87,7 +87,6 @@
     ::definitions definitions
     ::registry registry}))

-
 (defn- handler
  [registry _ respond _]
  (let [samples  (.metricFamilySamples ^CollectorRegistry registry)
@@ -96,18 +95,6 @@
    (respond {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
              :body (.toString writer)})))

-
-
-(s/def ::routes vector?)
-(defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::metrics]))
-
-(defmethod ig/init-key ::routes
-  [_ {:keys [::metrics]}]
-  (let [registry (::registry metrics)]
-    ["/metrics" {:handler (partial handler registry)
-                 :allowed-methods #{:get}}]))
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Implementation
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/backend/src/app/migrations.clj
+++ b/backend/src/app/migrations.clj
@@ -302,12 +302,6 @@
   {:name "0098-add-quotes-table"
    :fn (mg/resource "app/migrations/sql/0098-add-quotes-table.sql")}

-   {:name "0099-add-access-token-table"
-    :fn (mg/resource "app/migrations/sql/0099-add-access-token-table.sql")}
-
-   {:name "0100-mod-profile-indexes"
-    :fn (mg/resource "app/migrations/sql/0100-mod-profile-indexes.sql")}
-
  ])


--- a/backend/src/app/migrations/sql/0099-add-access-token-table.sql
+++ b/backend/src/app/migrations/sql/0099-add-access-token-table.sql
@@ -1,19 +0,0 @@
-DROP TABLE IF EXISTS access_token;
-CREATE TABLE access_token (
-  id uuid NOT NULL DEFAULT uuid_generate_v4() PRIMARY KEY,
-  profile_id uuid NOT NULL REFERENCES profile(id) ON DELETE CASCADE DEFERRABLE,
-
-  created_at timestamptz NOT NULL DEFAULT now(),
-  updated_at timestamptz NOT NULL DEFAULT now(),
-
-  name text NOT NULL,
-  token text NOT NULL,
-  perms text[] NULL
-);
-
-ALTER TABLE access_token
-  ALTER COLUMN name SET STORAGE external,
-  ALTER COLUMN token SET STORAGE external,
-  ALTER COLUMN perms SET STORAGE external;
-
-CREATE INDEX access_token__profile_id__idx ON access_token(profile_id);
--- a/backend/src/app/migrations/sql/0100-mod-profile-indexes.sql
+++ b/backend/src/app/migrations/sql/0100-mod-profile-indexes.sql
@@ -1,31 +0,0 @@
-ALTER TABLE profile
-  ADD COLUMN default_project_id uuid NULL REFERENCES project(id) ON DELETE SET NULL DEFERRABLE,
-  ADD COLUMN default_team_id uuid NULL REFERENCES team(id) ON DELETE SET NULL DEFERRABLE;
-
-CREATE INDEX profile__default_project__idx ON profile(default_project_id);
-CREATE INDEX profile__default_team__idx ON profile(default_team_id);
-
-with profiles as (
-  select p.id,
-         tpr.team_id as default_team_id,
-         ppr.project_id as default_project_id
-    from profile as p
-    join team_profile_rel as tpr
-      on (tpr.profile_id = p.id and
-          tpr.is_owner is true)
-    join project_profile_rel as ppr
-      on (ppr.profile_id = p.id and
-          ppr.is_owner is true)
-    join project as pj
-      on (pj.id = ppr.project_id)
-    join team as tm
-      on (tm.id = tpr.team_id)
-   where pj.is_default is true
-     and tm.is_default is true
-     and pj.team_id = tm.id
-)
-update profile
-   set default_team_id = p.default_team_id,
-       default_project_id = p.default_project_id
-  from profiles as p
- where profile.id = p.id;
--- a/backend/src/app/redis.clj
+++ b/backend/src/app/redis.clj
@@ -193,7 +193,6 @@

 (defn get-or-connect
  [{:keys [::cache] :as state} key options]
-  (us/assert! ::redis state)
  (-> state
      (assoc ::connection
             (or (get @cache key)
@@ -206,6 +205,7 @@

 (defn add-listener!
  [{:keys [::connection] :as conn} listener]
+  (us/assert! ::connection-holder conn)
  (us/assert! ::pubsub-connection connection)
  (us/assert! ::pubsub-listener listener)
  (.addListener ^StatefulRedisPubSubConnection @connection
@@ -213,9 +213,10 @@
  conn)

 (defn publish!
-  [{:keys [::connection]} topic message]
+  [{:keys [::connection] :as conn} topic message]
  (us/assert! ::us/string topic)
  (us/assert! ::us/bytes message)
+  (us/assert! ::connection-holder conn)
  (us/assert! ::default-connection connection)

  (let [pcomm (.async ^StatefulRedisConnection @connection)]
@@ -223,7 +224,8 @@

 (defn subscribe!
  "Blocking operation, intended to be used on a thread/agent thread."
-  [{:keys [::connection]} & topics]
+  [{:keys [::connection] :as conn} & topics]
+  (us/assert! ::connection-holder conn)
  (us/assert! ::pubsub-connection connection)
  (try
    (let [topics (into-array String (map str topics))
@@ -234,7 +236,8 @@

 (defn unsubscribe!
  "Blocking operation, intended to be used on a thread/agent thread."
-  [{:keys [::connection]} & topics]
+  [{:keys [::connection] :as conn} & topics]
+  (us/assert! ::connection-holder conn)
  (us/assert! ::pubsub-connection connection)
  (try
    (let [topics (into-array String (map str topics))
@@ -244,8 +247,8 @@
      (throw (InterruptedException. (ex-message cause))))))

 (defn rpush!
-  [{:keys [::connection]} key payload]
-  (us/assert! ::default-connection connection)
+  [{:keys [::connection] :as conn} key payload]
+  (us/assert! ::connection-holder conn)
  (us/assert! (or (and (vector? payload)
                       (every? bytes? payload))
                  (bytes? payload)))
@@ -267,8 +270,8 @@
      (throw (InterruptedException. (ex-message cause))))))

 (defn blpop!
-  [{:keys [::connection]} timeout & keys]
-  (us/assert! ::default-connection connection)
+  [{:keys [::connection] :as conn} timeout & keys]
+  (us/assert! ::connection-holder conn)
  (try
    (let [keys    (into-array Object (map str keys))
          cmd     (.sync ^StatefulRedisConnection @connection)
@@ -283,7 +286,8 @@
      (throw (InterruptedException. (ex-message cause))))))

 (defn open?
-  [{:keys [::connection]}]
+  [{:keys [::connection] :as conn}]
+  (us/assert! ::connection-holder conn)
  (us/assert! ::pubsub-connection connection)
  (.isOpen ^StatefulConnection @connection))

@@ -331,7 +335,7 @@
 (defn eval!
  [{:keys [::mtx/metrics ::connection] :as state} script]
  (us/assert! ::redis state)
-  (us/assert! ::default-connection connection)
+  (us/assert! ::connection-holder state)
  (us/assert! ::rscript/script script)

  (let [cmd   (.async ^StatefulRedisConnection @connection)
--- a/backend/src/app/rpc.clj
+++ b/backend/src/app/rpc.clj
@@ -7,7 +7,6 @@
 (ns app.rpc
  (:require
   [app.auth.ldap :as-alias ldap]
-   [app.common.data :as d]
   [app.common.exceptions :as ex]
   [app.common.logging :as l]
   [app.common.spec :as us]
@@ -15,12 +14,10 @@
   [app.config :as cf]
   [app.db :as db]
   [app.http :as-alias http]
-   [app.http.access-token :as-alias actoken]
   [app.http.client :as-alias http.client]
-   [app.http.session :as-alias session]
+   [app.http.session :as-alias http.session]
   [app.loggers.audit :as audit]
   [app.loggers.webhooks :as-alias webhooks]
-   [app.main :as-alias main]
   [app.metrics :as mtx]
   [app.msgbus :as-alias mbus]
   [app.rpc.climit :as climit]
@@ -74,78 +71,71 @@
 (defn- rpc-query-handler
  "Ring handler that dispatches query requests and convert between
  internal async flow into ring async flow."
-  [methods {:keys [params path-params] :as request} respond raise]
-  (let [type       (keyword (:type path-params))
-        profile-id (or (::session/profile-id request)
-                       (::actoken/profile-id request))
+  [methods {:keys [profile-id session-id path-params params] :as request} respond raise]
+  (let [type   (keyword (:type path-params))
+        data   (-> params
+                   (assoc ::request-at (dt/now))
+                   (assoc ::http/request request))
+        data   (if profile-id
+                 (-> data
+                     (assoc :profile-id profile-id)
+                     (assoc ::profile-id profile-id)
+                     (assoc ::session-id session-id))
+                 (dissoc data :profile-id ::profile-id))
+        method (get methods type default-handler)]

-        data       (-> params
-                       (assoc ::request-at (dt/now))
-                       (assoc ::http/request request))
-        data       (if profile-id
-                     (-> data
-                         (assoc :profile-id profile-id)
-                         (assoc ::profile-id profile-id))
-                     (dissoc data :profile-id ::profile-id))
-        method     (get methods type default-handler)]
-
-    (->> (method data)
-         (p/mcat (partial handle-response request))
-         (p/fnly (fn [response cause]
-                   (if cause
-                     (raise (ex/wrap-with-context cause {:profile-id profile-id}))
-                     (respond response)))))))
+    (-> (method data)
+        (p/then (partial handle-response request))
+        (p/then respond)
+        (p/catch (fn [cause]
+                   (let [context {:profile-id profile-id}]
+                     (raise (ex/wrap-with-context cause context))))))))

 (defn- rpc-mutation-handler
  "Ring handler that dispatches mutation requests and convert between
  internal async flow into ring async flow."
-  [methods {:keys [params path-params] :as request} respond raise]
-  (let [type       (keyword (:type path-params))
-        profile-id (or (::session/profile-id request)
-                       (::actoken/profile-id request))
-        data       (-> params
-                       (assoc ::request-at (dt/now))
-                       (assoc ::http/request request))
-        data       (if profile-id
-                     (-> data
-                         (assoc :profile-id profile-id)
-                         (assoc ::profile-id profile-id))
-                     (dissoc data :profile-id))
-        method     (get methods type default-handler)]
-
-    (->> (method data)
-         (p/mcat (partial handle-response request))
-         (p/fnly (fn [response cause]
-                   (if cause
-                     (raise (ex/wrap-with-context cause {:profile-id profile-id}))
-                     (respond response)))))))
+  [methods {:keys [profile-id session-id path-params params] :as request} respond raise]
+  (let [type   (keyword (:type path-params))
+        data   (-> params
+                   (assoc ::request-at (dt/now))
+                   (assoc ::http/request request))
+        data   (if profile-id
+                 (-> data
+                     (assoc :profile-id profile-id)
+                     (assoc ::profile-id profile-id)
+                     (assoc ::session-id session-id))
+                 (dissoc data :profile-id ::profile-id))
+        method (get methods type default-handler)]
+    (-> (method data)
+        (p/then (partial handle-response request))
+        (p/then respond)
+        (p/catch (fn [cause]
+                   (let [context {:profile-id profile-id}]
+                     (raise (ex/wrap-with-context cause context))))))))

 (defn- rpc-command-handler
  "Ring handler that dispatches cmd requests and convert between
  internal async flow into ring async flow."
-  [methods {:keys [params path-params] :as request} respond raise]
-  (let [type       (keyword (:type path-params))
-        etag       (yrq/get-header request "if-none-match")
-        profile-id (or (::session/profile-id request)
-                       (::actoken/profile-id request))
+  [methods {:keys [profile-id session-id path-params params] :as request} respond raise]
+  (let [cmd    (keyword (:type path-params))
+        etag   (yrq/get-header request "if-none-match")

-        data       (-> params
-                       (assoc ::request-at (dt/now))
-                       (assoc ::session/id (::session/id request))
-                       (assoc ::http/request request)
-                       (assoc ::cond/key etag)
-                       (cond-> (uuid? profile-id)
-                         (assoc ::profile-id profile-id)))
-
-        method    (get methods type default-handler)]
+        data   (-> params
+                   (assoc ::request-at (dt/now))
+                   (assoc ::http/request request)
+                   (assoc ::cond/key etag)
+                   (cond-> (uuid? profile-id)
+                     (-> (assoc ::profile-id profile-id)
+                         (assoc ::session-id session-id))))

+        method (get methods cmd default-handler)]
    (binding [cond/*enabled* true]
-      (->> (method data)
-           (p/mcat (partial handle-response request))
-           (p/fnly (fn [response cause]
-                     (if cause
-                       (raise (ex/wrap-with-context cause {:profile-id profile-id}))
-                       (respond response))))))))
+      (-> (method data)
+          (p/then (partial handle-response request))
+          (p/then respond)
+          (p/catch (fn [cause]
+                     (let [context {:profile-id profile-id}]
+                       (raise (ex/wrap-with-context cause context)))))))))

 (defn- wrap-metrics
  "Wrap service method with metrics measurement."
@@ -153,46 +143,18 @@
  (let [labels (into-array String [(::sv/name mdata)])]
    (fn [cfg params]
      (let [tp (dt/tpoint)]
-        (->> (f cfg params)
-             (p/fnly (fn [_ _]
-                       (mtx/run! metrics
-                                 :id metrics-id
-                                 :val (inst-ms (tp))
-                                 :labels labels))))))))
-
-
-(defn- wrap-authentication
-  [_ f {:keys [::auth] :as mdata}]
-  (fn [cfg params]
-    (let [profile-id (::profile-id params)]
-      (if (and auth (not (uuid? profile-id)))
-        (p/rejected
-         (ex/error :type :authentication
-                   :code :authentication-required
-                   :hint "authentication required for this endpoint"))
-        (f cfg params)))))
-
-(defn- wrap-access-token
-  "Wraps service method with access token validation."
-  [_ f {:keys [::sv/name] :as mdata}]
-  (if (contains? cf/flags :access-tokens)
-    (fn [cfg params]
-      (let [request (::http/request params)]
-        (if (contains? request ::actoken/id)
-          (let [perms (::actoken/perms request #{})]
-            (if (contains? perms name)
-              (f cfg params)
-              (p/rejected
-               (ex/error :type :authorization
-                         :code :operation-not-allowed
-                         :allowed perms))))
-          (f cfg params))))
-    f))
+        (p/finally
+          (f cfg params)
+          (fn [_ _]
+            (mtx/run! metrics
+                      :id metrics-id
+                      :val (inst-ms (tp))
+                      :labels labels)))))))

 (defn- wrap-dispatch
  "Wraps service method into async flow, with the ability to dispatching
  it to a preconfigured executor service."
-  [{:keys [::wrk/executor] :as cfg} f mdata]
+  [{:keys [executor] :as cfg} f mdata]
  (with-meta
    (fn [cfg params]
      (->> (px/submit! executor (px/wrap-bindings #(f cfg params)))
@@ -202,7 +164,8 @@

 (defn- wrap-audit
  [cfg f mdata]
-  (if-let [collector (::audit/collector cfg)]
+  (if (or (contains? cf/flags :webhooks)
+          (contains? cf/flags :audit-log))
    (letfn [(handle-audit [params result]
              (let [resultm    (meta result)
                    request    (::http/request params)
@@ -219,8 +182,7 @@
                                           (merge (::audit/props resultm))
                                           (dissoc :profile-id)
                                           (dissoc :type)))
-                                   (d/without-qualified)
-                                   (d/without-nils))
+                                   (audit/clean-props))

                    event      {:type (or (::audit/type resultm)
                                          (::type cfg))
@@ -248,46 +210,50 @@
                                    (::webhooks/event? resultm)
                                    false)}]

-                (audit/submit! collector event)))
+                (audit/submit! cfg event)))

            (handle-request [cfg params]
              (->> (f cfg params)
-                   (p/mcat (fn [result]
-                             (->> (handle-audit params result)
-                                  (p/map (constantly result)))))))]
+                   (p/fnly (fn [result cause]
+                             (when-not cause
+                               (handle-audit params result))))))]
+
      (if-not (::audit/skip mdata)
        (with-meta handle-request mdata)
        f))
    f))

-(defn- wrap-spec-conform
-  [_ f mdata]
-  (let [spec (or (::sv/spec mdata) (s/spec any?))]
-    (fn [cfg params]
-      (let [params (ex/try! (us/conform spec params))]
-        (if (ex/exception? params)
-          (p/rejected params)
-          (f cfg params))))))
-
-(defn- wrap-all
-  [cfg f mdata]
-  (as-> f $
-    (wrap-dispatch cfg $ mdata)
-    (wrap-metrics cfg $ mdata)
-    (cond/wrap cfg $ mdata)
-    (retry/wrap-retry cfg $ mdata)
-    (climit/wrap cfg $ mdata)
-    (rlimit/wrap cfg $ mdata)
-    (wrap-audit cfg $ mdata)
-    (wrap-spec-conform cfg $ mdata)
-    (wrap-authentication cfg $ mdata)
-    (wrap-access-token cfg $ mdata)))
-
 (defn- wrap
  [cfg f mdata]
-  (l/debug :hint "register method" :name (::sv/name mdata))
-  (let [f (wrap-all cfg f mdata)]
-    (with-meta #(f cfg %) mdata)))
+  (let [f     (as-> f $
+                (wrap-dispatch cfg $ mdata)
+                (cond/wrap cfg $ mdata)
+                (retry/wrap-retry cfg $ mdata)
+                (wrap-metrics cfg $ mdata)
+                (climit/wrap cfg $ mdata)
+                (rlimit/wrap cfg $ mdata)
+                (wrap-audit cfg $ mdata))
+
+        spec  (or (::sv/spec mdata) (s/spec any?))
+        auth? (::auth mdata true)]
+
+
+    (l/debug :hint "register method" :name (::sv/name mdata))
+    (with-meta
+      (fn [params]
+        ;; Raise authentication error when rpc method requires auth but
+        ;; no profile-id is found in the request.
+        (let [profile-id (if (= "command" (::type cfg))
+                           (::profile-id params)
+                           (:profile-id params))]
+          (p/do!
+           (if (and auth? (not (uuid? profile-id)))
+             (ex/raise :type :authentication
+                       :code :authentication-required
+                       :hint "authentication required for this endpoint")
+             (let [params (us/conform spec params)]
+               (f cfg params))))))
+      mdata)))

 (defn- process-method
  [cfg vfn]
@@ -298,70 +264,73 @@
 (defn- resolve-query-methods
  [cfg]
  (let [cfg (assoc cfg ::type "query" ::metrics-id :rpc-query-timing)]
-    (->> (sv/scan-ns
-          'app.rpc.queries.projects
-          'app.rpc.queries.profile
-          'app.rpc.queries.viewer
-          'app.rpc.queries.fonts)
+    (->> (sv/scan-ns 'app.rpc.queries.projects
+                     'app.rpc.queries.files
+                     'app.rpc.queries.teams
+                     'app.rpc.queries.profile
+                     'app.rpc.queries.viewer
+                     'app.rpc.queries.fonts)
         (map (partial process-method cfg))
         (into {}))))

 (defn- resolve-mutation-methods
  [cfg]
  (let [cfg (assoc cfg ::type "mutation" ::metrics-id :rpc-mutation-timing)]
-    (->> (sv/scan-ns
-          'app.rpc.mutations.media
-          'app.rpc.mutations.profile
-          'app.rpc.mutations.projects
-          'app.rpc.mutations.fonts
-          'app.rpc.mutations.share-link)
+    (->> (sv/scan-ns 'app.rpc.mutations.media
+                     'app.rpc.mutations.profile
+                     'app.rpc.mutations.files
+                     'app.rpc.mutations.projects
+                     'app.rpc.mutations.teams
+                     'app.rpc.mutations.fonts
+                     'app.rpc.mutations.share-link)
         (map (partial process-method cfg))
         (into {}))))

 (defn- resolve-command-methods
  [cfg]
  (let [cfg (assoc cfg ::type "command" ::metrics-id :rpc-command-timing)]
-    (->> (sv/scan-ns
-          'app.rpc.commands.access-token
-          'app.rpc.commands.audit
-          'app.rpc.commands.auth
-          'app.rpc.commands.feedback
-          'app.rpc.commands.fonts
-          'app.rpc.commands.binfile
-          'app.rpc.commands.comments
-          'app.rpc.commands.demo
-          'app.rpc.commands.files
-          'app.rpc.commands.files-create
-          'app.rpc.commands.files-share
-          'app.rpc.commands.files-temp
-          'app.rpc.commands.files-update
-          'app.rpc.commands.ldap
-          'app.rpc.commands.management
-          'app.rpc.commands.media
-          'app.rpc.commands.profile
-          'app.rpc.commands.projects
-          'app.rpc.commands.search
-          'app.rpc.commands.teams
-          'app.rpc.commands.verify-token
-          'app.rpc.commands.viewer
-          'app.rpc.commands.webhooks)
+    (->> (sv/scan-ns 'app.rpc.commands.binfile
+                     'app.rpc.commands.comments
+                     'app.rpc.commands.management
+                     'app.rpc.commands.verify-token
+                     'app.rpc.commands.search
+                     'app.rpc.commands.media
+                     'app.rpc.commands.teams
+                     'app.rpc.commands.auth
+                     'app.rpc.commands.ldap
+                     'app.rpc.commands.demo
+                     'app.rpc.commands.webhooks
+                     'app.rpc.commands.audit
+                     'app.rpc.commands.files
+                     'app.rpc.commands.files.update
+                     'app.rpc.commands.files.create
+                     'app.rpc.commands.files.temp)
         (map (partial process-method cfg))
         (into {}))))

+(s/def ::ldap (s/nilable map?))
+(s/def ::msgbus ::mbus/msgbus)
+(s/def ::climit (s/nilable ::climit/climit))
+(s/def ::rlimit (s/nilable ::rlimit/rlimit))
+
+(s/def ::public-uri ::us/not-empty-string)
+(s/def ::sprops map?)
+
 (defmethod ig/pre-init-spec ::methods [_]
-  (s/keys :req [::audit/collector
-                ::session/manager
-                ::http.client/client
+  (s/keys :req [::http.client/client
                ::db/pool
-                ::mbus/msgbus
                ::ldap/provider
-                ::sto/storage
-                ::mtx/metrics
-                ::main/props
                ::wrk/executor]
-          :opt [::climit
-                ::rlimit]
-          :req-un [::db/pool]))
+          :req-un [::sto/storage
+                   ::http.session/session
+                   ::sprops
+                   ::public-uri
+                   ::msgbus
+                   ::rlimit
+                   ::climit
+                   ::wrk/executor
+                   ::mtx/metrics
+                   ::db/pool]))

 (defmethod ig/init-key ::methods
  [_ cfg]
@@ -383,20 +352,12 @@
                   ::queries
                   ::commands]))

-(s/def ::routes vector?)
-
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::methods
-                ::db/pool
-                ::main/props
-                ::wrk/executor
-                ::session/manager
-                ::actoken/manager]))
+  (s/keys :req-un [::methods]))

 (defmethod ig/init-key ::routes
-  [_ {:keys [::methods] :as cfg}]
-  [["/rpc" {:middleware [[session/authz cfg]
-                         [actoken/authz cfg]]}
+  [_ {:keys [methods] :as cfg}]
+  [["/rpc"
    ["/command/:type" {:handler (partial rpc-command-handler (:commands methods))}]
    ["/query/:type" {:handler (partial rpc-query-handler (:queries methods))}]
    ["/mutation/:type" {:handler (partial rpc-mutation-handler (:mutations methods))
--- a/backend/src/app/rpc/climit.clj
+++ b/backend/src/app/rpc/climit.clj
@@ -46,7 +46,7 @@
                   (p/rejected
                    (ex/error :type :internal
                              :code :concurrency-limit-reached
-                              :queue (-> limiter meta ::bkey name)
+                              :queue (-> limiter meta :bkey name)
                              :cause cause))

                   (some? cause)
@@ -56,7 +56,7 @@
                   (p/resolved result))))))

 (defn- create-limiter
-  [{:keys [::wrk/executor ::mtx/metrics ::bkey ::skey concurrency queue-size]}]
+  [{:keys [executor metrics concurrency queue-size bkey skey]}]
  (let [labels   (into-array String [(name bkey)])
        on-queue (fn [instance]
                   (l/trace :hint "enqueued"
@@ -100,10 +100,10 @@
                  :on-run on-run}]

    (-> (pxb/create options)
-        (vary-meta assoc ::bkey bkey ::skey skey))))
+        (vary-meta assoc :bkey bkey :skey skey))))

 (defn- create-cache
-  [{:keys [::wrk/executor] :as params} config]
+  [{:keys [executor] :as params} config]
  (let [listener (reify RemovalListener
                   (onRemoval [_ key _val cause]
                     (l/trace :hint "cache: remove" :key key :reason (str cause))))
@@ -113,8 +113,8 @@
                     (let [[bkey skey] key]
                       (when-let [config (get config bkey)]
                         (-> (merge params config)
-                             (assoc ::bkey bkey)
-                             (assoc ::skey skey)
+                             (assoc :bkey bkey)
+                             (assoc :skey skey)
                             (create-limiter))))))]

  (.. (Caffeine/newBuilder)
@@ -134,16 +134,14 @@

 (defmethod ig/prep-key ::rpc/climit
  [_ cfg]
-  (merge {::path (cf/get :rpc-climit-config)}
+  (merge {:path (cf/get :rpc-climit-config)}
         (d/without-nils cfg)))

-(s/def ::path ::fs/path)
-
 (defmethod ig/pre-init-spec ::rpc/climit [_]
-  (s/keys :req [::wrk/executor ::mtx/metrics ::path]))
+  (s/keys :req-un [::wrk/executor ::mtx/metrics ::fs/path]))

 (defmethod ig/init-key ::rpc/climit
-  [_ {:keys [::path] :as params}]
+  [_ {:keys [path] :as params}]
  (when (contains? cf/flags :rpc-climit)
    (if-let [config (some->> path slurp edn/read-string)]
      (do
@@ -165,8 +163,7 @@
      (l/warn :hint "unable to load configuration" :config (str path)))))


-(s/def ::rpc/climit
-  (s/nilable #(satisfies? IConcurrencyManager %)))
+(s/def ::climit #(satisfies? IConcurrencyManager %))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; PUBLIC API
@@ -179,7 +176,7 @@
     (p/wrap (do ~@body))))

 (defn wrap
-  [{:keys [::rpc/climit]} f {:keys [::queue ::key-fn] :as mdata}]
+  [{:keys [climit]} f {:keys [::queue ::key-fn] :as mdata}]
  (if (and (some? climit)
           (some? queue))
    (if-let [config (get @climit queue)]
@@ -195,6 +192,7 @@
            (let [key [queue (key-fn params)]
                  lim (get climit key)]
              (invoke! lim (partial f cfg params))))
+
          (let [lim (get climit queue)]
            (fn [cfg params]
              (invoke! lim (partial f cfg params))))))
--- a/backend/src/app/rpc/commands/access_token.clj
+++ b/backend/src/app/rpc/commands/access_token.clj
@@ -1,87 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.commands.access-token
-  (:require
-   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
-   [app.db :as db]
-   [app.main :as-alias main]
-   [app.rpc :as-alias rpc]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.quotes :as quotes]
-   [app.tokens :as tokens]
-   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]))
-
-(defn- decode-row
-  [{:keys [perms] :as row}]
-  (cond-> row
-    (db/pgarray? perms "text")
-    (assoc :perms (db/decode-pgarray perms #{}))))
-
-(defn- create-access-token
-  [{:keys [::conn ::main/props]} profile-id name perms]
-  (let [created-at (dt/now)
-        token-id   (uuid/next)
-        token      (tokens/generate props {:iss "access-token"
-                                           :tid token-id
-                                           :iat created-at})]
-    (db/insert! conn :access-token
-                {:id token-id
-                 :name name
-                 :token token
-                 :profile-id profile-id
-                 :created-at created-at
-                 :updated-at created-at
-                 :perms (db/create-array conn "text" perms)})))
-
-(defn repl-create-access-token
-  [{:keys [::db/pool] :as system} profile-id name perms]
-  (db/with-atomic [conn pool]
-    (let [props (:app.setup/props system)]
-      (create-access-token {::conn conn ::main/props props}
-                           profile-id
-                           name
-                           perms))))
-
-(s/def ::name ::us/not-empty-string)
-(s/def ::perms ::us/set-of-strings)
-
-(s/def ::create-access-token
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::name ::perms]))
-
-(sv/defmethod ::create-access-token
-  {::doc/added "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id name perms]}]
-  (db/with-atomic [conn pool]
-    (let [cfg (assoc cfg ::conn conn)]
-      (quotes/check-quote! conn
-                           {::quotes/id ::quotes/access-tokens-per-profile
-                            ::quotes/profile-id profile-id})
-      (-> (create-access-token cfg profile-id name perms)
-          (decode-row)))))
-
-(s/def ::delete-access-token
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::us/id]))
-
-(sv/defmethod ::delete-access-token
-  {::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id id]}]
-  (db/delete! pool :access-token {:id id :profile-id profile-id})
-  nil)
-
-(s/def ::get-access-tokens
-  (s/keys :req [::rpc/profile-id]))
-
-(sv/defmethod ::get-access-tokens
-  {::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id]}]
-  (->> (db/query pool :access-token {:profile-id profile-id})
-       (mapv decode-row)))
--- a/backend/src/app/rpc/commands/audit.clj
+++ b/backend/src/app/rpc/commands/audit.clj
@@ -42,7 +42,7 @@
   :profile-id :ip-addr :props :context])

 (defn- handle-events
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id events ::http/request]}]
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id events ::http/request] :as params}]
  (let [ip-addr (audit/parse-client-ip request)
        xform   (comp
                 (map #(assoc % :profile-id profile-id))
--- a/backend/src/app/rpc/commands/auth.clj
+++ b/backend/src/app/rpc/commands/auth.clj
@@ -19,10 +19,10 @@
   [app.main :as-alias main]
   [app.rpc :as-alias rpc]
   [app.rpc.climit :as climit]
-   [app.rpc.commands.profile :as profile]
   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
+   [app.rpc.queries.profile :as profile]
   [app.tokens :as tokens]
   [app.util.services :as sv]
   [app.util.time :as dt]
@@ -52,10 +52,24 @@
                            (str/split #"@" 2))]
      (contains? domains candidate))))

+(def ^:private sql:profile-existence
+  "select exists (select * from profile
+                   where email = ?
+                     and deleted_at is null) as val")
+
+(defn check-profile-existence!
+  [conn {:keys [email] :as params}]
+  (let [email  (str/lower email)
+        result (db/exec-one! conn [sql:profile-existence email])]
+    (when (:val result)
+      (ex/raise :type :validation
+                :code :email-already-exists))
+    params))
+
 ;; ---- COMMAND: login with password

 (defn login-with-password
-  [{:keys [::db/pool] :as cfg} {:keys [email password] :as params}]
+  [{:keys [::db/pool session] :as cfg} {:keys [email password] :as params}]

  (when-not (or (contains? cf/flags :login)
                (contains? cf/flags :login-with-password))
@@ -91,10 +105,11 @@
            profile)]

    (db/with-atomic [conn pool]
-      (let [profile    (->> (profile/get-profile-by-email conn email)
+      (let [profile    (->> (profile/retrieve-profile-data-by-email conn email)
                            (validate-profile)
-                            (profile/decode-row)
-                            (profile/strip-private-attrs))
+                            (profile/strip-private-attrs)
+                            (profile/populate-additional-data conn)
+                            (profile/decode-profile-row))

            invitation (when-let [token (:invitation-token params)]
                         (tokens/verify (::main/props cfg) {:token token :iss :team-invitation}))
@@ -107,13 +122,14 @@
                         (assoc profile :is-admin (let [admins (cf/get :admins)]
                                                    (contains? admins (:email profile)))))]
        (-> response
-            (rph/with-transform (session/create-fn cfg (:id profile)))
+            (rph/with-transform (session/create-fn session (:id profile)))
            (rph/with-meta {::audit/props (audit/profile->props profile)
                            ::audit/profile-id (:id profile)}))))))

+(s/def ::scope ::us/string)
 (s/def ::login-with-password
  (s/keys :req-un [::email ::password]
-          :opt-un [::invitation-token]))
+          :opt-un [::invitation-token ::scope]))

 (sv/defmethod ::login-with-password
  "Performs authentication using penpot password."
@@ -132,8 +148,8 @@
  "Clears the authentication cookie and logout the current session."
  {::rpc/auth false
   ::doc/added "1.15"}
-  [cfg _]
-  (rph/with-transform {} (session/delete-fn cfg)))
+  [{:keys [session] :as cfg} _]
+  (rph/with-transform {} (session/delete-fn session)))

 ;; ---- COMMAND: Recover Profile

@@ -210,7 +226,7 @@

  (validate-register-attempt! cfg params)

-  (let [profile (when-let [profile (profile/get-profile-by-email pool (:email params))]
+  (let [profile (when-let [profile (profile/retrieve-profile-data-by-email pool (:email params))]
                  (cond
                    (:is-blocked profile)
                    (ex/raise :type :restriction
@@ -251,11 +267,10 @@

 ;; ---- COMMAND: Register Profile

-(defn create-profile!
+(defn create-profile
  "Create the profile entry on the database with limited set of input
  attrs (all the other attrs are filled with default values)."
-  [conn {:keys [email] :as params}]
-  (us/assert! ::us/email email)
+  [conn params]
  (let [id        (or (:id params) (uuid/next))
        props     (-> (audit/extract-utm-params params)
                      (merge (:props params))
@@ -276,7 +291,7 @@
        is-demo   (:is-demo params false)
        is-muted  (:is-muted params false)
        is-active (:is-active params false)
-        email     (str/lower email)
+        email     (str/lower (:email params))

        params    {:id id
                   :fullname (:fullname params)
@@ -291,7 +306,7 @@
                   :is-demo is-demo}]
    (try
      (-> (db/insert! conn :profile params)
-          (profile/decode-row))
+          (profile/decode-profile-row))
      (catch org.postgresql.util.PSQLException e
        (let [state (.getSQLState e)]
          (if (not= state "23505")
@@ -301,17 +316,15 @@
                      :hint "email already exists"
                      :cause e)))))))

-(defn create-profile-rels!
-  [conn {:keys [id] :as profile}]
-  (let [team (teams/create-team conn {:profile-id id
+(defn create-profile-relations
+  [conn profile]
+  (let [team (teams/create-team conn {:profile-id (:id profile)
                                      :name "Default"
                                      :is-default true})]
-    (-> (db/update! conn :profile
-                    {:default-team-id (:id team)
-                     :default-project-id  (:default-project-id team)}
-                    {:id id})
-        (profile/decode-row))))
-
+    (-> profile
+        (profile/strip-private-attrs)
+        (assoc :default-team-id (:id team))
+        (assoc :default-project-id (:default-project-id team)))))

 (defn send-email-verification!
  [conn props profile]
@@ -335,18 +348,22 @@
                :extra-data ptoken})))

 (defn register-profile
-  [{:keys [conn] :as cfg} {:keys [token] :as params}]
+  [{:keys [::db/conn session] :as cfg} {:keys [token] :as params}]
  (let [claims     (tokens/verify (::main/props cfg) {:token token :iss :prepared-register})
        params     (merge params claims)

        is-active  (or (:is-active params)
-                       (not (contains? cf/flags :email-verification)))
+                       (not (contains? cf/flags :email-verification))
+
+                       ;; DEPRECATED: v1.15
+                       (contains? cf/flags :insecure-register))

        profile    (if-let [profile-id (:profile-id claims)]
-                     (profile/get-profile conn profile-id)
-                     (->> (create-profile! conn (assoc params :is-active is-active))
-                          (create-profile-rels! conn)))
-
+                     (profile/retrieve-profile conn profile-id)
+                     (->> (assoc params :is-active is-active)
+                          (create-profile conn)
+                          (create-profile-relations conn)
+                          (profile/decode-profile-row)))
        invitation (when-let [token (:invitation-token params)]
                     (tokens/verify (::main/props cfg) {:token token :iss :team-invitation}))]

@@ -355,11 +372,10 @@
    ;; accordingly.
    (when-let [id (:profile-id claims)]
      (db/update! conn :profile {:modified-at (dt/now)} {:id id})
-      (when-let [collector (::audit/collector cfg)]
-        (audit/submit! collector
-                       {:type "fact"
-                        :name "register-profile-retry"
-                        :profile-id id})))
+      (audit/submit! cfg
+                     {:type "fact"
+                      :name "register-profile-retry"
+                      :profile-id id}))

    (cond
      ;; If invitation token comes in params, this is because the
@@ -373,7 +389,7 @@
            token  (tokens/generate (::main/props cfg) claims)
            resp   {:invitation-token token}]
        (-> resp
-            (rph/with-transform (session/create-fn cfg (:id profile)))
+            (rph/with-transform (session/create-fn session (:id profile)))
            (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                            ::audit/profile-id (:id profile)})))

@@ -382,7 +398,7 @@
      ;; we need to mark this session as logged.
      (not= "penpot" (:auth-backend profile))
      (-> (profile/strip-private-attrs profile)
-          (rph/with-transform (session/create-fn cfg (:id profile)))
+          (rph/with-transform (session/create-fn session (:id profile)))
          (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                          ::audit/profile-id (:id profile)}))

@@ -390,7 +406,7 @@
      ;; to sign in the user directly, without email verification.
      (true? is-active)
      (-> (profile/strip-private-attrs profile)
-          (rph/with-transform (session/create-fn cfg (:id profile)))
+          (rph/with-transform (session/create-fn session (:id profile)))
          (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                          ::audit/profile-id (:id profile)}))

@@ -411,7 +427,7 @@
   ::doc/added "1.15"}
  [{:keys [::db/pool] :as cfg} params]
  (db/with-atomic [conn pool]
-    (-> (assoc cfg :conn conn)
+    (-> (assoc cfg ::db/conn conn)
        (register-profile params))))

 ;; ---- COMMAND: Request Profile Recovery
@@ -432,7 +448,7 @@
                                           :exp (dt/in-future {:days 30})})]
              (eml/send! {::eml/conn conn
                          ::eml/factory eml/password-recovery
-                          :public-uri (cf/get :public-uri)
+                          :public-uri (:public-uri cfg)
                          :to (:email profile)
                          :token (:token profile)
                          :name (:fullname profile)
@@ -440,7 +456,7 @@
              nil))]

    (db/with-atomic [conn pool]
-      (when-let [profile (profile/get-profile-by-email conn email)]
+      (when-let [profile (profile/retrieve-profile-data-by-email conn email)]
        (when-not (eml/allow-send-emails? conn profile)
          (ex/raise :type :validation
                    :code :profile-is-muted
--- a/backend/src/app/rpc/commands/binfile.clj
+++ b/backend/src/app/rpc/commands/binfile.clj
@@ -21,9 +21,9 @@
   [app.media :as media]
   [app.rpc :as-alias rpc]
   [app.rpc.commands.files :as files]
-   [app.rpc.commands.projects :as projects]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
+   [app.rpc.queries.projects :as projects]
   [app.storage :as sto]
   [app.storage.tmp :as tmp]
   [app.tasks.file-gc]
@@ -438,8 +438,9 @@
 (s/def ::embed-assets? (s/nilable ::us/boolean))

 (s/def ::write-export-options
-  (s/keys :req [::db/pool ::sto/storage ::output ::file-ids]
-          :opt [::include-libraries? ::embed-assets?]))
+  (s/keys :req-un [::db/pool ::sto/storage]
+          :req    [::output ::file-ids]
+          :opt    [::include-libraries? ::embed-assets?]))

 (defn write-export!
  "Do the exportation of a specified file in custom penpot binary
@@ -476,7 +477,7 @@
              [:v1/metadata :v1/files :v1/rels :v1/sobjects])))))

 (defmethod write-section :v1/metadata
-  [{:keys [::db/pool ::output ::file-ids ::include-libraries?]}]
+  [{:keys [pool ::output ::file-ids ::include-libraries?]}]
  (let [libs  (when include-libraries?
                (retrieve-libraries pool file-ids))
        files (into file-ids libs)]
@@ -484,7 +485,7 @@
    (vswap! *state* assoc :files files)))

 (defmethod write-section :v1/files
-  [{:keys [::db/pool ::output ::embed-assets?]}]
+  [{:keys [pool ::output ::embed-assets?]}]

  ;; Initialize SIDS with empty vector
  (vswap! *state* assoc :sids [])
@@ -508,7 +509,7 @@
      (vswap! *state* update :sids into storage-object-id-xf media))))

 (defmethod write-section :v1/rels
-  [{:keys [::db/pool ::output ::include-libraries?]}]
+  [{:keys [pool  ::output ::include-libraries?]}]
  (let [rels  (when include-libraries?
                (retrieve-library-relations pool (-> *state* deref :files)))]
    (l/debug :hint "found rels" :total (count rels) ::l/async false)
@@ -556,8 +557,9 @@
 (s/def ::ignore-index-errors? (s/nilable ::us/boolean))

 (s/def ::read-import-options
-  (s/keys :req [::db/pool ::sto/storage ::project-id ::input]
-          :opt [::overwrite? ::migrate? ::ignore-index-errors?]))
+  (s/keys :req-un [::db/pool ::sto/storage]
+          :req    [::project-id ::input]
+          :opt    [::overwrite? ::migrate? ::ignore-index-errors?]))

 (defn read-import!
  "Do the importation of the specified resource in penpot custom binary
@@ -580,7 +582,7 @@
    (read-import (assoc options ::version version ::timestamp timestamp))))

 (defmethod read-import :v1
-  [{:keys [::db/pool ::input] :as options}]
+  [{:keys [pool ::input] :as options}]
  (with-open [input (zstd-input-stream input)]
    (with-open [input (io/data-input-stream input)]
      (db/with-atomic [conn pool]
@@ -693,7 +695,7 @@
        (db/insert! conn :file-library-rel rel)))))

 (defmethod read-section :v1/sobjects
-  [{:keys [::sto/storage conn ::input ::overwrite?]}]
+  [{:keys [storage conn ::input ::overwrite?]}]
  (let [storage (media/configure-assets-storage storage)
        ids     (read-obj! input)]

@@ -891,14 +893,13 @@
 (s/def ::embed-assets? ::us/boolean)

 (s/def ::export-binfile
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::file-id ::include-libraries? ::embed-assets?]))
+  (s/keys :req [::rpc/profile-id] :req-un [::file-id ::include-libraries? ::embed-assets?]))

 (sv/defmethod ::export-binfile
  "Export a penpot file in a binary format."
  {::doc/added "1.15"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id include-libraries? embed-assets?] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id include-libraries? embed-assets?] :as params}]
  (files/check-read-permissions! pool profile-id file-id)
  (let [body (reify yrs/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
@@ -913,14 +914,13 @@

 (s/def ::file ::media/upload)
 (s/def ::import-binfile
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::project-id ::file]))
+  (s/keys :req [::rpc/profile-id] :req-un [::project-id ::file]))

 (sv/defmethod ::import-binfile
  "Import a penpot file in a binary format."
  {::doc/added "1.15"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id file] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id project-id file] :as params}]
  (db/with-atomic [conn pool]
    (projects/check-read-permissions! conn profile-id project-id)
    (let [ids (import! (assoc cfg
--- a/backend/src/app/rpc/commands/comments.clj
+++ b/backend/src/app/rpc/commands/comments.clj
@@ -54,8 +54,8 @@
                :hint "file not found"))))

 (defn- get-comment-thread
-  [conn thread-id & {:as opts}]
-  (-> (db/get-by-id conn :comment-thread thread-id opts)
+  [conn thread-id & {:keys [for-update?]}]
+  (-> (db/get-by-id conn :comment-thread thread-id {:for-update for-update?})
      (decode-row)))

 (defn- get-comment
@@ -100,7 +100,7 @@

 (sv/defmethod ::get-comment-threads
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id share-id] :as params}]
  (with-open [conn (db/open pool)]
    (files/check-comment-permissions! conn profile-id file-id share-id)
    (get-comment-threads conn profile-id file-id)))
@@ -143,7 +143,7 @@

 (sv/defmethod ::get-unread-comment-threads
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
  (with-open [conn (db/open pool)]
    (teams/check-read-permissions! conn profile-id team-id)
    (get-unread-comment-threads conn profile-id team-id)))
@@ -190,7 +190,7 @@

 (sv/defmethod ::get-comment-thread
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id id share-id] :as params}]
  (with-open [conn (db/open pool)]
    (files/check-comment-permissions! conn profile-id file-id share-id)
    (let [sql (str "with threads as (" sql:comment-threads ")"
@@ -210,7 +210,7 @@

 (sv/defmethod ::get-comments
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id thread-id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id thread-id share-id] :as params}]
  (with-open [conn (db/open pool)]
    (let [{:keys [file-id] :as thread} (get-comment-thread conn thread-id)]
      (files/check-comment-permissions! conn profile-id file-id share-id)
@@ -262,7 +262,7 @@
  participants on comment threads of the file."
  {::doc/added "1.15"
   ::doc/changes ["1.15" "Imported from queries and renamed."]}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id share-id]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id share-id]}]
  (with-open [conn (db/open pool)]
    (files/check-comment-permissions! conn profile-id file-id share-id)
    (get-file-comments-users conn file-id profile-id)))
@@ -372,9 +372,9 @@

 (sv/defmethod ::update-comment-thread-status
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id :for-update? true)]
      (files/check-comment-permissions! conn profile-id file-id share-id)
      (upsert-comment-thread-status! conn profile-id id))))

@@ -389,9 +389,9 @@

 (sv/defmethod ::update-comment-thread
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id is-resolved share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id is-resolved share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id :for-update? true)]
      (files/check-comment-permissions! conn profile-id file-id share-id)
      (db/update! conn :comment-thread
                  {:is-resolved is-resolved}
@@ -412,9 +412,9 @@
 (sv/defmethod ::create-comment
  {::doc/added "1.15"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at thread-id share-id content] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at thread-id share-id content] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [file-id page-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)
+    (let [{:keys [file-id page-id] :as thread} (get-comment-thread conn thread-id :for-update? true)
          {:keys [team-id project-id page-name] :as file} (get-file conn file-id page-id)]

      (files/check-comment-permissions! conn profile-id (:id file) share-id)
@@ -465,10 +465,10 @@

 (sv/defmethod ::update-comment
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at id share-id content] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at id share-id content] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [thread-id] :as comment} (get-comment conn id ::db/for-update? true)
-          {:keys [file-id page-id owner-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)]
+    (let [{:keys [thread-id] :as comment} (get-comment conn id :for-update? true)
+          {:keys [file-id page-id owner-id] :as thread} (get-comment-thread conn thread-id :for-update? true)]

      (files/check-comment-permissions! conn profile-id file-id share-id)

@@ -498,9 +498,9 @@

 (sv/defmethod ::delete-comment-thread
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [owner-id file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+    (let [{:keys [owner-id file-id] :as thread} (get-comment-thread conn id :for-update? true)]
      (files/check-comment-permissions! conn profile-id file-id share-id)
      (when-not (= owner-id profile-id)
        (ex/raise :type :validation
@@ -518,9 +518,9 @@

 (sv/defmethod ::delete-comment
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [owner-id thread-id] :as comment} (get-comment conn id ::db/for-update? true)
+    (let [{:keys [owner-id thread-id] :as comment} (get-comment conn id :for-update? true)
          {:keys [file-id] :as thread} (get-comment-thread conn thread-id)]
      (files/check-comment-permissions! conn profile-id file-id share-id)
      (when-not (= owner-id profile-id)
@@ -538,9 +538,9 @@

 (sv/defmethod ::update-comment-thread-position
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id position frame-id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id position frame-id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id :for-update? true)]
      (files/check-comment-permissions! conn profile-id file-id share-id)
      (db/update! conn :comment-thread
                  {:modified-at (::rpc/request-at params)
@@ -558,9 +558,9 @@

 (sv/defmethod ::update-comment-thread-frame
  {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id frame-id share-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id frame-id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id :for-update? true)]
      (files/check-comment-permissions! conn profile-id file-id share-id)
      (db/update! conn :comment-thread
                  {:modified-at (::rpc/request-at params)
--- a/backend/src/app/rpc/commands/demo.clj
+++ b/backend/src/app/rpc/commands/demo.clj
@@ -8,11 +8,12 @@
  "A demo specific mutations."
  (:require
   [app.common.exceptions :as ex]
+   [app.common.uuid :as uuid]
   [app.config :as cf]
   [app.db :as db]
   [app.loggers.audit :as audit]
   [app.rpc :as-alias rpc]
-   [app.rpc.commands.auth :as auth]
+   [app.rpc.commands.auth :as cmd.auth]
   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
   [app.util.time :as dt]
@@ -29,31 +30,32 @@
  {::rpc/auth false
   ::doc/added "1.15"
   ::doc/changes ["1.15" "This method is migrated from mutations to commands."]}
-  [{:keys [::db/pool] :as cfg} _]
-
-  (when-not (contains? cf/flags :demo-users)
-    (ex/raise :type :validation
-              :code :demo-users-not-allowed
-              :hint "Demo users are disabled by config."))
-
-  (let [sem      (System/currentTimeMillis)
+  [{:keys [pool] :as cfg} _]
+  (let [id       (uuid/next)
+        sem      (System/currentTimeMillis)
        email    (str "demo-" sem ".demo@example.com")
        fullname (str "Demo User " sem)
-
        password (-> (bn/random-bytes 16)
                     (bc/bytes->b64u)
                     (bc/bytes->str))
-
-        params   {:email email
+        params   {:id id
+                  :email email
                  :fullname fullname
                  :is-active true
                  :deleted-at (dt/in-future cf/deletion-delay)
                  :password password
-                  :props {}}]
+                  :props {}
+                  }]
+
+    (when-not (contains? cf/flags :demo-users)
+      (ex/raise :type :validation
+                :code :demo-users-not-allowed
+                :hint "Demo users are disabled by config."))

    (db/with-atomic [conn pool]
-      (let [profile (->> (auth/create-profile! conn params)
-                         (auth/create-profile-rels! conn))]
-        (with-meta {:email email
-                    :password password}
-          {::audit/profile-id (:id profile)})))))
+      (->> (cmd.auth/create-profile conn params)
+           (cmd.auth/create-profile-relations conn))
+
+      (with-meta {:email email
+                  :password password}
+        {::audit/profile-id id}))))
--- a/backend/src/app/rpc/commands/feedback.clj
+++ b/backend/src/app/rpc/commands/feedback.clj
@@ -1,56 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.commands.feedback
-  "A general purpose feedback module."
-  (:require
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.emails :as eml]
-   [app.rpc :as-alias rpc]
-   [app.rpc.commands.profile :as profile]
-   [app.rpc.doc :as-alias doc]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-(declare ^:private send-feedback!)
-
-(s/def ::content ::us/string)
-(s/def ::from    ::us/email)
-(s/def ::subject ::us/string)
-
-(s/def ::send-user-feedback
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::subject
-                   ::content]))
-
-(sv/defmethod ::send-user-feedback
-  {::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id] :as params}]
-  (when-not (contains? cf/flags :user-feedback)
-    (ex/raise :type :restriction
-              :code :feedback-disabled
-              :hint "feedback not enabled"))
-
-  (let [profile (profile/get-profile pool profile-id)]
-    (send-feedback! pool profile params)
-    nil))
-
-(defn- send-feedback!
-  [pool profile params]
-  (let [dest (cf/get :feedback-destination)]
-    (eml/send! {::eml/conn pool
-                ::eml/factory eml/feedback
-                :from     dest
-                :to       dest
-                :profile  profile
-                :reply-to (:email profile)
-                :email    (:email profile)
-                :subject  (:subject params)
-                :content  (:content params)})
-    nil))
--- a/backend/src/app/rpc/commands/files.clj
+++ b/backend/src/app/rpc/commands/files.clj
@@ -22,12 +22,13 @@
   [app.loggers.webhooks :as-alias webhooks]
   [app.rpc :as-alias rpc]
   [app.rpc.commands.files.thumbnails :as-alias thumbs]
-   [app.rpc.commands.projects :as projects]
   [app.rpc.commands.teams :as teams]
   [app.rpc.cond :as-alias cond]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
   [app.rpc.permissions :as perms]
+   [app.rpc.queries.projects :as projects]
+   [app.rpc.queries.share-link :refer [retrieve-share-link]]
   [app.util.blob :as blob]
   [app.util.pointer-map :as pmap]
   [app.util.services :as sv]
@@ -127,9 +128,7 @@

  ([conn profile-id file-id share-id]
   (let [perms  (get-permissions conn profile-id file-id)
-         ldata  (some-> (db/get* conn :share-link {:id share-id :file-id file-id})
-                        (dissoc :flags)
-                        (update :pages db/decode-pgarray #{}))]
+         ldata  (retrieve-share-link conn file-id share-id)]

     ;; NOTE: in a future when share-link becomes more powerful and
     ;; will allow us specify which parts of the app is available, we
@@ -197,7 +196,7 @@
  (let [row (db/get conn :file-data-fragment
                    {:id id :file-id file-id}
                    {:columns [:content]
-                     ::db/check-deleted? false})]
+                     :check-deleted? false})]
    (blob/decode (:content row))))

 (defn persist-pointers!
@@ -259,7 +258,7 @@
        (handle-file-features client-features))))

 (defn get-minimal-file
-  [{:keys [::db/pool] :as cfg} id]
+  [{:keys [pool] :as cfg} id]
  (db/get pool :file {:id id} {:columns [:id :modified-at :revn]}))

 (defn get-file-etag
@@ -276,7 +275,7 @@
  {::doc/added "1.17"
   ::cond/get-object #(get-minimal-file %1 (:id %2))
   ::cond/key-fn get-file-etag}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id features]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id features]}]
  (with-open [conn (db/open pool)]
    (let [perms (get-permissions conn profile-id id)]
      (check-read-permissions! perms)
@@ -304,7 +303,7 @@
  "Retrieve a file by its ID. Only authenticated users."
  {::doc/added "1.17"
   ::rpc/:auth false}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id fragment-id share-id] }]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id fragment-id share-id] }]
  (with-open [conn (db/open pool)]
    (let [perms (get-permissions conn profile-id file-id share-id)]
      (check-read-permissions! perms)
@@ -340,7 +339,7 @@
   ::cond/get-object #(get-minimal-file %1 (:file-id %2))
   ::cond/reuse-key? true
   ::cond/key-fn get-file-etag}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-object-thumbnails conn file-id)))
@@ -371,7 +370,7 @@
 (sv/defmethod ::get-project-files
  "Get all files for the specified project."
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id project-id]}]
  (with-open [conn (db/open pool)]
    (projects/check-read-permissions! conn profile-id project-id)
    (get-project-files conn project-id)))
@@ -390,7 +389,7 @@
 (sv/defmethod ::has-file-libraries
  "Checks if the file has libraries. Returns a boolean"
  {::doc/added "1.15.1"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! pool profile-id file-id)
    (get-has-file-libraries conn file-id)))
@@ -457,7 +456,7 @@

  Mainly used for rendering purposes."
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-page conn params)))
@@ -493,6 +492,7 @@
          (library-summary [{:keys [id data] :as file}]
            (binding [pmap/*load-fn* (partial load-pointer conn id)]
              {:components (assets-sample (:components data) 4)
+               :media (assets-sample (:media data) 3)
               :colors (assets-sample (:colors data) 3)
               :typographies (assets-sample (:typographies data) 3)}))]

@@ -509,7 +509,7 @@
 (sv/defmethod ::get-team-shared-files
  "Get all file (libraries) for the specified team."
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
  (with-open [conn (db/open pool)]
    (teams/check-read-permissions! conn profile-id team-id)
    (get-team-shared-files conn team-id)))
@@ -563,7 +563,7 @@
 (sv/defmethod ::get-file-libraries
  "Get libraries used by the specified file."
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id features]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id features]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-file-libraries conn file-id features)))
@@ -589,7 +589,7 @@
 (sv/defmethod ::get-library-file-references
  "Returns all the file references that use specified file (library) id."
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-library-file-references conn file-id)))
@@ -626,7 +626,7 @@

 (sv/defmethod ::get-team-recent-files
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
  (with-open [conn (db/open pool)]
    (teams/check-read-permissions! conn profile-id team-id)
    (get-team-recent-files conn team-id)))
@@ -660,7 +660,7 @@

 (sv/defmethod ::get-file-thumbnail
  {::doc/added "1.17"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id file-id revn]}]
+  [{:keys [pool]} {:keys [::rpc/profile-id file-id revn]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (-> (get-file-thumbnail conn file-id revn)
@@ -756,7 +756,7 @@
  "Retrieves the data for generate the thumbnail of the file. Used
  mainly for render thumbnails on dashboard."
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id features] :as props}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id features] :as props}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    ;; NOTE: we force here the "storage/pointer-map" feature, because
@@ -788,7 +788,7 @@
 (sv/defmethod ::rename-file
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id id)
    (let [file (rename-file conn params)]
@@ -819,7 +819,7 @@
      (let [ldata (-> library decode-row pmg/migrate-file :data)]
        (->> (db/query conn :file-library-rel {:library-file-id id})
             (map :file-id)
-             (keep #(db/get-by-id conn :file % ::db/check-deleted? false))
+             (keep #(db/get-by-id conn :file % {:check-deleted? false}))
             (map decode-row)
             (map pmg/migrate-file)
             (run! (fn [{:keys [id data revn] :as file}]
@@ -837,7 +837,7 @@
 (sv/defmethod ::set-file-shared
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id is-shared] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id is-shared] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id id)
    (when-not is-shared
@@ -866,7 +866,7 @@
 (sv/defmethod ::delete-file
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id id)
    (absorb-library conn params)
@@ -896,7 +896,7 @@
 (sv/defmethod ::link-file-to-library
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id library-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id library-id] :as params}]
  (when (= file-id library-id)
    (ex/raise :type :validation
              :code :invalid-library
@@ -921,7 +921,7 @@
 (sv/defmethod ::unlink-file-from-library
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (unlink-file-from-library conn params)))
@@ -945,7 +945,7 @@
 (sv/defmethod ::update-file-library-sync-status
  "Update the synchronization statos of a file->library link"
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (update-sync conn params)))
@@ -967,7 +967,7 @@
 (sv/defmethod ::ignore-file-library-sync-status
  "Ignore updates in linked files"
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (->  (ignore-sync conn params)
@@ -996,8 +996,9 @@
          :opt-un [::data]))

 (sv/defmethod ::upsert-file-object-thumbnail
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  {::doc/added "1.17"
+   ::audit/skip true}
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (upsert-file-object-thumbnail! conn params)
@@ -1026,8 +1027,9 @@
 (sv/defmethod ::upsert-file-thumbnail
  "Creates or updates the file thumbnail. Mainly used for paint the
  grid thumbnails."
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  {::doc/added "1.17"
+   ::audit/skip true}
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (upsert-file-thumbnail conn params)
--- a/backend/src/app/rpc/commands/files/create.clj
+++ b/backend/src/app/rpc/commands/files/create.clj
@@ -4,7 +4,7 @@
 ;;
 ;; Copyright (c) KALEIDOS INC

-(ns app.rpc.commands.files-create
+(ns app.rpc.commands.files.create
  (:require
   [app.common.data :as d]
   [app.common.files.features :as ffeat]
@@ -15,9 +15,9 @@
   [app.loggers.webhooks :as-alias webhooks]
   [app.rpc :as-alias rpc]
   [app.rpc.commands.files :as files]
-   [app.rpc.commands.projects :as projects]
   [app.rpc.doc :as-alias doc]
   [app.rpc.permissions :as perms]
+   [app.rpc.queries.projects :as proj]
   [app.rpc.quotes :as quotes]
   [app.util.blob :as blob]
   [app.util.objects-map :as omap]
@@ -80,9 +80,9 @@
 (sv/defmethod ::create-file
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
  (db/with-atomic [conn pool]
-    (projects/check-edition-permissions! conn profile-id project-id)
+    (proj/check-edition-permissions! conn profile-id project-id)
    (let [team-id (files/get-team-id conn project-id)
          params  (assoc params :profile-id profile-id)]

--- a/backend/src/app/rpc/commands/files/temp.clj
+++ b/backend/src/app/rpc/commands/files/temp.clj
@@ -4,7 +4,7 @@
 ;;
 ;; Copyright (c) KALEIDOS INC

-(ns app.rpc.commands.files-temp
+(ns app.rpc.commands.files.temp
  (:require
   [app.common.exceptions :as ex]
   [app.common.pages :as cp]
@@ -13,10 +13,10 @@
   [app.db :as db]
   [app.rpc :as-alias rpc]
   [app.rpc.commands.files :as files]
-   [app.rpc.commands.files-create :refer [create-file]]
-   [app.rpc.commands.files-update :as-alias files.update]
-   [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.files.create :as files.create]
+   [app.rpc.commands.files.update :as files.update]
   [app.rpc.doc :as-alias doc]
+   [app.rpc.queries.projects :as proj]
   [app.util.blob :as blob]
   [app.util.services :as sv]
   [app.util.time :as dt]
@@ -37,15 +37,15 @@

 (sv/defmethod ::create-temp-file
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
  (db/with-atomic [conn pool]
-    (projects/check-edition-permissions! conn profile-id project-id)
-    (create-file conn (assoc params :profile-id profile-id :deleted-at (dt/in-future {:days 1})))))
+    (proj/check-edition-permissions! conn profile-id project-id)
+    (files.create/create-file conn (assoc params :profile-id profile-id :deleted-at (dt/in-future {:days 1})))))

 ;; --- MUTATION COMMAND: update-temp-file

 (defn update-temp-file
-  [conn {:keys [profile-id session-id id revn changes] :as params}]
+  [conn {:keys [::rpc/profile-id session-id id revn changes] :as params}]
  (db/insert! conn :file-change
              {:id (uuid/next)
               :session-id session-id
@@ -57,17 +57,16 @@
               :changes (blob/encode changes)}))

 (s/def ::update-temp-file
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::files.update/changes
+  (s/keys :req-un [::files.update/changes
                   ::files.update/revn
                   ::files.update/session-id
                   ::files/id]))

 (sv/defmethod ::update-temp-file
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool] :as cfg} params]
  (db/with-atomic [conn pool]
-    (update-temp-file conn (assoc params :profile-id profile-id))
+    (update-temp-file conn params)
    nil))

 ;; --- MUTATION COMMAND: persist-temp-file
@@ -102,7 +101,7 @@

 (sv/defmethod ::persist-temp-file
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id id)
    (persist-temp-file conn params)))
--- a/backend/src/app/rpc/commands/files/update.clj
+++ b/backend/src/app/rpc/commands/files/update.clj
@@ -4,7 +4,7 @@
 ;;
 ;; Copyright (c) KALEIDOS INC

-(ns app.rpc.commands.files-update
+(ns app.rpc.commands.files.update
  (:require
   [app.common.exceptions :as ex]
   [app.common.files.features :as ffeat]
@@ -132,7 +132,7 @@
   ::webhooks/batch-timeout (dt/duration "2m")
   ::webhooks/batch-key (webhooks/key-fn ::rpc/profile-id :id)
   ::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id id)
    (db/xact-lock! conn id)
@@ -145,7 +145,7 @@
                             (l/trace :hint "update-file" :time (dt/format-duration elapsed))))))))

 (defn update-file
-  [{:keys [conn ::mtx/metrics] :as cfg} {:keys [profile-id id changes changes-with-metadata] :as params}]
+  [{:keys [conn metrics] :as cfg} {:keys [profile-id id changes changes-with-metadata] :as params}]
  (let [file     (get-file conn id)
        features (->> (concat (:features file)
                              (:features params))
@@ -275,7 +275,7 @@
 (defn- send-notifications!
  [{:keys [conn] :as cfg} {:keys [file changes session-id] :as params}]
  (let [lchanges (filter library-change? changes)
-        msgbus   (::mbus/msgbus cfg)]
+        msgbus   (:msgbus cfg)]

    ;; Asynchronously publish message to the msgbus
    (mbus/pub! msgbus
--- a/backend/src/app/rpc/commands/files_share.clj
+++ b/backend/src/app/rpc/commands/files_share.clj
@@ -1,71 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.commands.files-share
-  "Share link related rpc mutation methods."
-  (:require
-   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
-   [app.db :as db]
-   [app.rpc :as-alias rpc]
-   [app.rpc.commands.files :as files]
-   [app.rpc.doc :as-alias doc]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-;; --- Helpers & Specs
-
-(s/def ::file-id ::us/uuid)
-(s/def ::who-comment ::us/string)
-(s/def ::who-inspect ::us/string)
-(s/def ::pages (s/every ::us/uuid :kind set?))
-
-;; --- MUTATION: Create Share Link
-
-(declare create-share-link)
-
-(s/def ::create-share-link
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::file-id ::who-comment ::who-inspect ::pages]))
-
-(sv/defmethod ::create-share-link
-  "Creates a share-link object.
-
-  Share links are resources that allows external users access to specific
-  pages of a file with specific permissions (who-comment and who-inspect)."
-  {::doc/added "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
-  (db/with-atomic [conn pool]
-    (files/check-edition-permissions! conn profile-id file-id)
-    (create-share-link conn (assoc params :profile-id profile-id))))
-
-(defn create-share-link
-  [conn {:keys [profile-id file-id pages who-comment who-inspect]}]
-  (let [pages (db/create-array conn "uuid" pages)
-        slink (db/insert! conn :share-link
-                          {:id (uuid/next)
-                           :file-id file-id
-                           :who-comment who-comment
-                           :who-inspect who-inspect
-                           :pages pages
-                           :owner-id profile-id})]
-
-    (update slink :pages db/decode-pgarray #{})))
-
-;; --- MUTATION: Delete Share Link
-
-(s/def ::delete-share-link
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::us/id]))
-
-(sv/defmethod ::delete-share-link
-  {::doc/added "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [slink (db/get-by-id conn :share-link id)]
-      (files/check-edition-permissions! conn profile-id (:file-id slink))
-      (db/delete! conn :share-link {:id id})
-      nil)))
--- a/backend/src/app/rpc/commands/fonts.clj
+++ b/backend/src/app/rpc/commands/fonts.clj
@@ -1,237 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.commands.fonts
-  (:require
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
-   [app.db :as db]
-   [app.loggers.audit :as-alias audit]
-   [app.loggers.webhooks :as-alias webhooks]
-   [app.media :as media]
-   [app.rpc :as-alias rpc]
-   [app.rpc.climit :as-alias climit]
-   [app.rpc.commands.files :as files]
-   [app.rpc.commands.projects :as projects]
-   [app.rpc.commands.teams :as teams]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.helpers :as rph]
-   [app.rpc.quotes :as quotes]
-   [app.storage :as sto]
-   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [app.worker :as-alias wrk]
-   [clojure.spec.alpha :as s]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
-
-(def valid-weight #{100 200 300 400 500 600 700 800 900 950})
-(def valid-style #{"normal" "italic"})
-
-(s/def ::data (s/map-of ::us/string any?))
-(s/def ::file-id ::us/uuid)
-(s/def ::font-id ::us/uuid)
-(s/def ::id ::us/uuid)
-(s/def ::name ::us/not-empty-string)
-(s/def ::project-id ::us/uuid)
-(s/def ::style valid-style)
-(s/def ::team-id ::us/uuid)
-(s/def ::team-id ::us/uuid)
-(s/def ::weight valid-weight)
-
-;; --- QUERY: Get font variants
-
-(s/def ::get-font-variants
-  (s/and
-   (s/keys :req [::rpc/profile-id]
-           :opt-un [::team-id
-                    ::file-id
-                    ::project-id])
-   (fn [o]
-     (or (contains? o :team-id)
-         (contains? o :file-id)
-         (contains? o :project-id)))))
-
-(sv/defmethod ::get-font-variants
-  {::doc/added "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id file-id project-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (cond
-      (uuid? team-id)
-      (do
-        (teams/check-read-permissions! conn profile-id team-id)
-        (db/query conn :team-font-variant
-                  {:team-id team-id
-                   :deleted-at nil}))
-
-      (uuid? project-id)
-      (let [project (db/get-by-id conn :project project-id {:columns [:id :team-id]})]
-        (projects/check-read-permissions! conn profile-id project-id)
-        (db/query conn :team-font-variant
-                  {:team-id (:team-id project)
-                   :deleted-at nil}))
-
-      (uuid? file-id)
-      (let [file    (db/get-by-id conn :file file-id {:columns [:id :project-id]})
-            project (db/get-by-id conn :project (:project-id file) {:columns [:id :team-id]})]
-        (files/check-read-permissions! conn profile-id file-id)
-        (db/query conn :team-font-variant
-                  {:team-id (:team-id project)
-                   :deleted-at nil})))))
-
-
-(declare create-font-variant)
-
-(s/def ::create-font-variant
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id
-                   ::data
-                   ::font-id
-                   ::font-family
-                   ::font-weight
-                   ::font-style]))
-
-(sv/defmethod ::create-font-variant
-  {::doc/added "1.18"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
-    (teams/check-edition-permissions! pool profile-id team-id)
-    (quotes/check-quote! pool {::quotes/id ::quotes/font-variants-per-team
-                               ::quotes/profile-id profile-id
-                               ::quotes/team-id team-id})
-    (create-font-variant cfg (assoc params :profile-id profile-id))))
-
-(defn create-font-variant
-  [{:keys [::sto/storage ::db/pool ::wrk/executor ::rpc/climit]} {:keys [data] :as params}]
-  (letfn [(generate-fonts [data]
-            (climit/with-dispatch (:process-font climit)
-              (media/run {:cmd :generate-fonts :input data})))
-
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))
-
-          (validate-data [data]
-            (when (and (not (contains? data "font/otf"))
-                       (not (contains? data "font/ttf"))
-                       (not (contains? data "font/woff"))
-                       (not (contains? data "font/woff2")))
-              (ex/raise :type :validation
-                        :code :invalid-font-upload))
-            data)
-
-          (persist-font-object [data mtype]
-            (when-let [resource (get data mtype)]
-              (p/let [hash    (calculate-hash resource)
-                      content (-> (sto/content resource)
-                                  (sto/wrap-with-hash hash))]
-                (sto/put-object! storage {::sto/content content
-                                          ::sto/touched-at (dt/now)
-                                          ::sto/deduplicate? true
-                                          :content-type mtype
-                                          :bucket "team-font-variant"}))))
-
-          (persist-fonts [data]
-            (p/let [otf   (persist-font-object data "font/otf")
-                    ttf   (persist-font-object data "font/ttf")
-                    woff1 (persist-font-object data "font/woff")
-                    woff2 (persist-font-object data "font/woff2")]
-
-              (d/without-nils
-               {:otf otf
-                :ttf ttf
-                :woff1 woff1
-                :woff2 woff2})))
-
-          (insert-into-db [{:keys [woff1 woff2 otf ttf]}]
-            (db/insert! pool :team-font-variant
-                        {:id (uuid/next)
-                         :team-id (:team-id params)
-                         :font-id (:font-id params)
-                         :font-family (:font-family params)
-                         :font-weight (:font-weight params)
-                         :font-style (:font-style params)
-                         :woff1-file-id (:id woff1)
-                         :woff2-file-id (:id woff2)
-                         :otf-file-id (:id otf)
-                         :ttf-file-id (:id ttf)}))
-          ]
-
-    (->> (generate-fonts data)
-         (p/fmap validate-data)
-         (p/mcat executor persist-fonts)
-         (p/fmap executor insert-into-db)
-         (p/fmap (fn [result]
-                   (let [params (update params :data (comp vec keys))]
-                     (rph/with-meta result {::audit/replace-props params})))))))
-
-;; --- UPDATE FONT FAMILY
-
-(s/def ::update-font
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id ::id ::name]))
-
-(sv/defmethod ::update-font
-  {::doc/added "1.18"
-   ::webhooks/event? true}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id id name]}]
-  (db/with-atomic [conn pool]
-    (teams/check-edition-permissions! conn profile-id team-id)
-    (rph/with-meta
-      (db/update! conn :team-font-variant
-                  {:font-family name}
-                  {:font-id id
-                   :team-id team-id})
-      {::audit/replace-props {:id id
-                              :name name
-                              :team-id team-id
-                              :profile-id profile-id}})))
-
-;; --- DELETE FONT
-
-(s/def ::delete-font
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id ::id]))
-
-(sv/defmethod ::delete-font
-  {::doc/added "1.18"
-   ::webhooks/event? true}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id id team-id]}]
-  (db/with-atomic [conn pool]
-    (teams/check-edition-permissions! conn profile-id team-id)
-    (let [font (db/update! conn :team-font-variant
-                           {:deleted-at (dt/now)}
-                           {:font-id id :team-id team-id})]
-      (rph/with-meta (rph/wrap)
-        {::audit/props {:id id
-                        :team-id team-id
-                        :name (:font-family font)
-                        :profile-id profile-id}}))))
-
-;; --- DELETE FONT VARIANT
-
-(s/def ::delete-font-variant
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id ::id]))
-
-(sv/defmethod ::delete-font-variant
-  {::doc/added "1.18"
-   ::webhooks/event? true}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id id team-id]}]
-  (db/with-atomic [conn pool]
-    (teams/check-edition-permissions! conn profile-id team-id)
-    (let [variant (db/update! conn :team-font-variant
-                              {:deleted-at (dt/now)}
-                              {:id id :team-id team-id})]
-      (rph/with-meta (rph/wrap)
-        {::audit/props {:font-family (:font-family variant)
-                        :font-id (:font-id variant)}}))))
-
--- a/backend/src/app/rpc/commands/ldap.clj
+++ b/backend/src/app/rpc/commands/ldap.clj
@@ -14,10 +14,10 @@
   [app.loggers.audit :as-alias audit]
   [app.main :as-alias main]
   [app.rpc :as-alias rpc]
-   [app.rpc.commands.auth :as auth]
-   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.auth :as cmd.auth]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
+   [app.rpc.queries.profile :as profile]
   [app.tokens :as tokens]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))
@@ -39,7 +39,7 @@
  is properly configured and enabled with `login-with-ldap` flag."
  {::rpc/auth false
   ::doc/added "1.15"}
-  [{:keys [::main/props ::ldap/provider] :as cfg} params]
+  [{:keys [::main/props ::ldap/provider session] :as cfg} params]
  (when-not provider
    (ex/raise :type :restriction
              :code :ldap-not-initialized
@@ -67,23 +67,24 @@
                            :member-email (:email profile))
              token  (tokens/generate props claims)]
          (-> {:invitation-token token}
-              (rph/with-transform (session/create-fn cfg (:id profile)))
+              (rph/with-transform (session/create-fn session (:id profile)))
              (rph/with-meta {::audit/props (:props profile)
                              ::audit/profile-id (:id profile)})))

        (-> profile
-            (rph/with-transform (session/create-fn cfg (:id profile)))
+            (rph/with-transform (session/create-fn session (:id profile)))
            (rph/with-meta {::audit/props (:props profile)
                            ::audit/profile-id (:id profile)}))))))

 (defn- login-or-register
-  [{:keys [::db/pool] :as cfg} info]
+  [{:keys [pool] :as cfg} info]
  (db/with-atomic [conn pool]
    (or (some->> (:email info)
-                 (profile/get-profile-by-email conn)
-                 (profile/decode-row))
+                 (profile/retrieve-profile-data-by-email conn)
+                 (profile/populate-additional-data conn)
+                 (profile/decode-profile-row))
        (->> (assoc info :is-active true :is-demo false)
-             (auth/create-profile! conn)
-             (auth/create-profile-rels! conn)
+             (cmd.auth/create-profile conn)
+             (cmd.auth/create-profile-relations conn)
             (profile/strip-private-attrs)))))

--- a/backend/src/app/rpc/commands/management.clj
+++ b/backend/src/app/rpc/commands/management.clj
@@ -17,9 +17,9 @@
   [app.rpc :as-alias rpc]
   [app.rpc.commands.binfile :as binfile]
   [app.rpc.commands.files :as files]
-   [app.rpc.commands.projects :as proj]
   [app.rpc.commands.teams :as teams :refer [create-project-role create-project]]
   [app.rpc.doc :as-alias doc]
+   [app.rpc.queries.projects :as proj]
   [app.util.blob :as blob]
   [app.util.pointer-map :as pmap]
   [app.util.services :as sv]
@@ -46,7 +46,7 @@
  "Duplicate a single file in the same team."
  {::doc/added "1.16"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
    (duplicate-file conn (assoc params :profile-id profile-id))))

@@ -221,7 +221,7 @@
  "Duplicate an entire project with all the files"
  {::doc/added "1.16"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} params]
+  [{:keys [pool] :as cfg} params]
  (db/with-atomic [conn pool]
    (duplicate-project conn (assoc params :profile-id (::rpc/profile-id params)))))

@@ -329,7 +329,7 @@
  "Move a set of files from one project to other."
  {::doc/added "1.16"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
    (move-files conn (assoc params :profile-id profile-id))))

@@ -369,7 +369,7 @@
  "Move projects between teams."
  {::doc/added "1.16"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
    (move-project conn (assoc params :profile-id profile-id))))

@@ -386,7 +386,7 @@
  "Clone into the specified project the template by its id."
  {::doc/added "1.16"
   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
    (-> (assoc cfg :conn conn)
        (clone-template (assoc params :profile-id profile-id)))))
--- a/backend/src/app/rpc/commands/media.clj
+++ b/backend/src/app/rpc/commands/media.clj
@@ -23,7 +23,6 @@
   [app.storage.tmp :as tmp]
   [app.util.services :as sv]
   [app.util.time :as dt]
-   [app.worker :as-alias wrk]
   [clojure.spec.alpha :as s]
   [cuerdas.core :as str]
   [datoteka.io :as io]
@@ -67,8 +66,8 @@

 (sv/defmethod ::upload-file-media-object
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id content] :as params}]
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id content] :as params}]
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
    (files/check-edition-permissions! pool profile-id file-id)
    (media/validate-media-type! content)
    (validate-content-size! content)
@@ -111,7 +110,7 @@
 ;; inverse, soft referential integrity).

 (defn create-file-media-object
-  [{:keys [::sto/storage ::db/pool climit ::wrk/executor]}
+  [{:keys [storage pool climit executor]}
   {:keys [id file-id is-local name content]}]
  (letfn [;; Function responsible to retrieve the file information, as
          ;; it is synchronous operation it should be wrapped into
@@ -187,8 +186,8 @@

 (sv/defmethod ::create-file-media-object-from-url
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
    (files/check-edition-permissions! pool profile-id file-id)
    (create-file-media-object-from-url cfg params)))

@@ -254,7 +253,7 @@

 (sv/defmethod ::clone-file-media-object
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id file-id)
    (-> (assoc cfg :conn conn)
--- a/backend/src/app/rpc/commands/profile.clj
+++ b/backend/src/app/rpc/commands/profile.clj
@@ -1,424 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.commands.profile
-  (:require
-   [app.auth :as auth]
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.emails :as eml]
-   [app.http.session :as session]
-   [app.loggers.audit :as audit]
-   [app.main :as-alias main]
-   [app.media :as media]
-   [app.rpc :as-alias rpc]
-   [app.rpc.climit :as climit]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.helpers :as rph]
-   [app.storage :as sto]
-   [app.tokens :as tokens]
-   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [app.worker :as-alias wrk]
-   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
-
-(declare decode-row)
-(declare get-profile)
-(declare strip-private-attrs)
-(declare filter-props)
-(declare check-profile-existence!)
-
-;; --- QUERY: Get profile (own)
-
-(s/def ::get-profile
-  (s/keys :opt [::rpc/profile-id]))
-
-(sv/defmethod ::get-profile
-  {::rpc/auth false
-   ::doc/added "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id]}]
-  ;; We need to return the anonymous profile object in two cases, when
-  ;; no profile-id is in session, and when db call raises not found. In all other
-  ;; cases we need to reraise the exception.
-  (try
-    (-> (get-profile pool profile-id)
-        (strip-private-attrs)
-        (update :props filter-props))
-    (catch Throwable _
-      {:id uuid/zero :fullname "Anonymous User"})))
-
-(defn get-profile
-  "Get profile by id. Throws not-found exception if no profile found."
-  [conn id & {:as attrs}]
-  (-> (db/get-by-id conn :profile id attrs)
-      (decode-row)))
-
-
-;; --- MUTATION: Update Profile (own)
-
-(s/def ::email ::us/email)
-(s/def ::fullname ::us/not-empty-string)
-(s/def ::lang ::us/string)
-(s/def ::theme ::us/string)
-
-(s/def ::update-profile
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::fullname]
-          :opt-un [::lang ::theme]))
-
-(sv/defmethod ::update-profile
-  {::doc/added "1.0"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id fullname lang theme] :as params}]
-  (db/with-atomic [conn pool]
-    ;; NOTE: we need to retrieve the profile independently if we use
-    ;; it or not for explicit locking and avoid concurrent updates of
-    ;; the same row/object.
-    (let [profile (-> (db/get-by-id conn :profile profile-id ::db/for-update? true)
-                      (decode-row))
-
-          ;; Update the profile map with direct params
-          profile (-> profile
-                      (assoc :fullname fullname)
-                      (assoc :lang lang)
-                      (assoc :theme theme))
-          ]
-
-      (db/update! conn :profile
-                  {:fullname fullname
-                   :lang lang
-                   :theme theme
-                   :props (db/tjson (:props profile))}
-                  {:id profile-id})
-
-      (-> profile
-          (strip-private-attrs)
-          (d/without-nils)
-          (rph/with-meta {::audit/props (audit/profile->props profile)})))))
-
-
-;; --- MUTATION: Update Password
-
-(declare validate-password!)
-(declare update-profile-password!)
-(declare invalidate-profile-session!)
-
-(s/def ::password ::us/not-empty-string)
-(s/def ::old-password ::us/not-empty-string)
-
-(s/def ::update-profile-password
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::password ::old-password]))
-
-(sv/defmethod ::update-profile-password
-  {::climit/queue :auth}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id password] :as params}]
-  (db/with-atomic [conn pool]
-    (let [profile    (validate-password! conn (assoc params :profile-id profile-id))
-          session-id (::session/id params)]
-
-      (when (= (str/lower (:email profile))
-               (str/lower (:password params)))
-        (ex/raise :type :validation
-                  :code :email-as-password
-                  :hint "you can't use your email as password"))
-
-      (update-profile-password! conn (assoc profile :password password))
-      (invalidate-profile-session! conn profile-id session-id)
-      nil)))
-
-(defn- invalidate-profile-session!
-  "Removes all sessions except the current one."
-  [conn profile-id session-id]
-  (let [sql "delete from http_session where profile_id = ? and id != ?"]
-    (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id]))))
-
-(defn- validate-password!
-  [conn {:keys [profile-id old-password] :as params}]
-  (let [profile (db/get-by-id conn :profile profile-id ::db/for-update? true)]
-    (when-not (:valid (auth/verify-password old-password (:password profile)))
-      (ex/raise :type :validation
-                :code :old-password-not-match))
-    profile))
-
-(defn update-profile-password!
-  [conn {:keys [id password] :as profile}]
-  (db/update! conn :profile
-              {:password (auth/derive-password password)}
-              {:id id}))
-
-;; --- MUTATION: Update Photo
-
-(declare upload-photo)
-(declare update-profile-photo)
-
-(s/def ::file ::media/upload)
-(s/def ::update-profile-photo
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::file]))
-
-(sv/defmethod ::update-profile-photo
-  [cfg {:keys [::rpc/profile-id file] :as params}]
-  ;; Validate incoming mime type
-  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
-    (update-profile-photo cfg (assoc params :profile-id profile-id))))
-
-;; TODO: reimplement it without p/let
-
-(defn update-profile-photo
-  [{:keys [::db/pool ::sto/storage ::wrk/executor] :as cfg} {:keys [profile-id file] :as params}]
-  (letfn [(on-uploaded [photo]
-            (let [profile (db/get-by-id pool :profile profile-id ::db/for-update? true)]
-
-              ;; Schedule deletion of old photo
-              (when-let [id (:photo-id profile)]
-                (sto/touch-object! storage id))
-
-              ;; Save new photo
-              (db/update! pool :profile
-                          {:photo-id (:id photo)}
-                          {:id profile-id})
-
-              (-> (rph/wrap)
-                  (rph/with-meta {::audit/replace-props
-                                  {:file-name (:filename file)
-                                   :file-size (:size file)
-                                   :file-path (str (:path file))
-                                   :file-mtype (:mtype file)}}))))]
-    (->> (upload-photo cfg params)
-         (p/fmap executor on-uploaded))))
-
-(defn upload-photo
-  [{:keys [::sto/storage ::wrk/executor climit] :as cfg} {:keys [file]}]
-  (letfn [(get-info [content]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :info :input content})))
-
-          (generate-thumbnail [info]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :profile-thumbnail
-                          :format :jpeg
-                          :quality 85
-                          :width 256
-                          :height 256
-                          :input info})))
-
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))]
-
-    (p/let [info    (get-info file)
-            thumb   (generate-thumbnail info)
-            hash    (calculate-hash (:data thumb))
-            content (-> (sto/content (:data thumb) (:size thumb))
-                        (sto/wrap-with-hash hash))]
-      (sto/put-object! storage {::sto/content content
-                                ::sto/deduplicate? true
-                                :bucket "profile"
-                                :content-type (:mtype thumb)}))))
-
-
-;; --- MUTATION: Request Email Change
-
-(declare ^:private request-email-change!)
-(declare ^:private change-email-immediately!)
-
-(s/def ::request-email-change
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::email]))
-
-(sv/defmethod ::request-email-change
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id email] :as params}]
-  (db/with-atomic [conn pool]
-    (let [profile (db/get-by-id conn :profile profile-id)
-          cfg     (assoc cfg ::conn conn)
-          params  (assoc params
-                         :profile profile
-                         :email (str/lower email))]
-      (if (contains? cf/flags :smtp)
-        (request-email-change! cfg params)
-        (change-email-immediately! cfg params)))))
-
-(defn- change-email-immediately!
-  [{:keys [::conn]} {:keys [profile email] :as params}]
-  (when (not= email (:email profile))
-    (check-profile-existence! conn params))
-
-  (db/update! conn :profile
-              {:email email}
-              {:id (:id profile)})
-
-  {:changed true})
-
-(defn- request-email-change!
-  [{:keys [::conn] :as cfg} {:keys [profile email] :as params}]
-  (let [token   (tokens/generate (::main/props cfg)
-                                 {:iss :change-email
-                                  :exp (dt/in-future "15m")
-                                  :profile-id (:id profile)
-                                  :email email})
-        ptoken  (tokens/generate (::main/props cfg)
-                                 {:iss :profile-identity
-                                  :profile-id (:id profile)
-                                  :exp (dt/in-future {:days 30})})]
-
-    (when (not= email (:email profile))
-      (check-profile-existence! conn params))
-
-    (when-not (eml/allow-send-emails? conn profile)
-      (ex/raise :type :validation
-                :code :profile-is-muted
-                :hint "looks like the profile has reported repeatedly as spam or has permanent bounces."))
-
-    (when (eml/has-bounce-reports? conn email)
-      (ex/raise :type :validation
-                :code :email-has-permanent-bounces
-                :hint "looks like the email you invite has been repeatedly reported as spam or permanent bounce"))
-
-    (eml/send! {::eml/conn conn
-                ::eml/factory eml/change-email
-                :public-uri (cf/get :public-uri)
-                :to (:email profile)
-                :name (:fullname profile)
-                :pending-email email
-                :token token
-                :extra-data ptoken})
-    nil))
-
-
-;; --- MUTATION: Update Profile Props
-
-(s/def ::props map?)
-(s/def ::update-profile-props
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::props]))
-
-(sv/defmethod ::update-profile-props
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id props]}]
-  (db/with-atomic [conn pool]
-    (let [profile (get-profile conn profile-id ::db/for-update? true)
-          props   (reduce-kv (fn [props k v]
-                               ;; We don't accept namespaced keys
-                               (if (simple-ident? k)
-                                 (if (nil? v)
-                                   (dissoc props k)
-                                   (assoc props k v))
-                                 props))
-                             (:props profile)
-                             props)]
-
-      (db/update! conn :profile
-                  {:props (db/tjson props)}
-                  {:id profile-id})
-
-      (filter-props props))))
-
-
-;; --- MUTATION: Delete Profile
-
-(declare ^:private get-owned-teams-with-participants)
-
-(s/def ::delete-profile
-  (s/keys :req [::rpc/profile-id]))
-
-(sv/defmethod ::delete-profile
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [teams      (get-owned-teams-with-participants conn profile-id)
-          deleted-at (dt/now)]
-
-      ;; If we found owned teams with participants, we don't allow
-      ;; delete profile until the user properly transfer ownership or
-      ;; explicitly removes all participants from the team
-      (when (some pos? (map :participants teams))
-        (ex/raise :type :validation
-                  :code :owner-teams-with-people
-                  :hint "The user need to transfer ownership of owned teams."
-                  :context {:teams (mapv :id teams)}))
-
-      (doseq [{:keys [id]} teams]
-        (db/update! conn :team
-                    {:deleted-at deleted-at}
-                    {:id id}))
-
-      (db/update! conn :profile
-                  {:deleted-at deleted-at}
-                  {:id profile-id})
-
-      (rph/with-transform {} (session/delete-fn cfg)))))
-
-
-;; --- HELPERS
-
-(def sql:owned-teams
-  "with owner_teams as (
-      select tpr.team_id as id
-        from team_profile_rel as tpr
-       where tpr.is_owner is true
-         and tpr.profile_id = ?
-   )
-   select tpr.team_id as id,
-          count(tpr.profile_id) - 1 as participants
-     from team_profile_rel as tpr
-    where tpr.team_id in (select id from owner_teams)
-      and tpr.profile_id != ?
-    group by 1")
-
-(defn- get-owned-teams-with-participants
-  [conn profile-id]
-  (db/exec! conn [sql:owned-teams profile-id profile-id]))
-
-(def ^:private sql:profile-existence
-  "select exists (select * from profile
-                   where email = ?
-                     and deleted_at is null) as val")
-
-(defn check-profile-existence!
-  [conn {:keys [email] :as params}]
-  (let [email  (str/lower email)
-        result (db/exec-one! conn [sql:profile-existence email])]
-    (when (:val result)
-      (ex/raise :type :validation
-                :code :email-already-exists))
-    params))
-
-(def ^:private sql:profile-by-email
-  "select p.* from profile as p
-    where p.email = ?
-      and (p.deleted_at is null or
-           p.deleted_at > now())")
-
-(defn get-profile-by-email
-  "Returns a profile looked up by email or `nil` if not match found."
-  [conn email]
-  (->> (db/exec! conn [sql:profile-by-email (str/lower email)])
-       (map decode-row)
-       (first)))
-
-(defn strip-private-attrs
-  "Only selects a publicly visible profile attrs."
-  [row]
-  (dissoc row :password :deleted-at))
-
-(defn filter-props
-  "Removes all namespace qualified props from `props` attr."
-  [props]
-  (into {} (filter (fn [[k _]] (simple-ident? k))) props))
-
-(defn decode-row
-  [{:keys [props] :as row}]
-  (cond-> row
-    (db/pgobject? props "jsonb")
-    (assoc :props (db/decode-transit-pgobject props))))
--- a/backend/src/app/rpc/commands/projects.clj
+++ b/backend/src/app/rpc/commands/projects.clj
@@ -1,268 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.commands.projects
-  (:require
-   [app.common.spec :as us]
-   [app.db :as db]
-   [app.loggers.audit :as-alias audit]
-   [app.loggers.webhooks :as webhooks]
-   [app.rpc :as-alias rpc]
-   [app.rpc.commands.teams :as teams]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.helpers :as rph]
-   [app.rpc.permissions :as perms]
-   [app.rpc.quotes :as quotes]
-   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]))
-
-(s/def ::id ::us/uuid)
-(s/def ::name ::us/string)
-
-;; --- Check Project Permissions
-
-(def ^:private sql:project-permissions
-  "select tpr.is_owner,
-          tpr.is_admin,
-          tpr.can_edit
-     from team_profile_rel as tpr
-    inner join project as p on (p.team_id = tpr.team_id)
-    where p.id = ?
-      and tpr.profile_id = ?
-   union all
-   select ppr.is_owner,
-          ppr.is_admin,
-          ppr.can_edit
-     from project_profile_rel as ppr
-    where ppr.project_id = ?
-      and ppr.profile_id = ?")
-
-(defn- get-permissions
-  [conn profile-id project-id]
-  (let [rows     (db/exec! conn [sql:project-permissions
-                                 project-id profile-id
-                                 project-id profile-id])
-        is-owner (boolean (some :is-owner rows))
-        is-admin (boolean (some :is-admin rows))
-        can-edit (boolean (some :can-edit rows))]
-     (when (seq rows)
-       {:is-owner is-owner
-        :is-admin (or is-owner is-admin)
-        :can-edit (or is-owner is-admin can-edit)
-        :can-read true})))
-
-(def has-edit-permissions?
-  (perms/make-edition-predicate-fn get-permissions))
-
-(def has-read-permissions?
-  (perms/make-read-predicate-fn get-permissions))
-
-(def check-edition-permissions!
-  (perms/make-check-fn has-edit-permissions?))
-
-(def check-read-permissions!
-  (perms/make-check-fn has-read-permissions?))
-
-;; --- QUERY: Get projects
-
-(declare get-projects)
-
-(s/def ::team-id ::us/uuid)
-(s/def ::get-projects
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id]))
-
-(sv/defmethod ::get-projects
-  {::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id]}]
-  (with-open [conn (db/open pool)]
-    (teams/check-read-permissions! conn profile-id team-id)
-    (get-projects conn profile-id team-id)))
-
-(def sql:projects
-  "select p.*,
-          coalesce(tpp.is_pinned, false) as is_pinned,
-          (select count(*) from file as f
-            where f.project_id = p.id
-              and deleted_at is null) as count
-     from project as p
-    inner join team as t on (t.id = p.team_id)
-     left join team_project_profile_rel as tpp
-            on (tpp.project_id = p.id and
-                tpp.team_id = p.team_id and
-                tpp.profile_id = ?)
-    where p.team_id = ?
-      and p.deleted_at is null
-      and t.deleted_at is null
-    order by p.modified_at desc")
-
-(defn get-projects
-  [conn profile-id team-id]
-  (db/exec! conn [sql:projects profile-id team-id]))
-
-;; --- QUERY: Get all projects
-
-(declare get-all-projects)
-
-(s/def ::get-all-projects
-  (s/keys :req [::rpc/profile-id]))
-
-(sv/defmethod ::get-all-projects
-  {::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id]}]
-  (with-open [conn (db/open pool)]
-    (get-all-projects conn profile-id)))
-
-(def sql:all-projects
-  "select p1.*, t.name as team_name, t.is_default as is_default_team
-     from project as p1
-    inner join team as t on (t.id = p1.team_id)
-    where t.id in (select team_id
-                     from team_profile_rel as tpr
-                    where tpr.profile_id = ?
-                      and (tpr.can_edit = true or
-                           tpr.is_owner = true or
-                           tpr.is_admin = true))
-      and t.deleted_at is null
-      and p1.deleted_at is null
-   union
-   select p2.*, t.name as team_name, t.is_default as is_default_team
-     from project as p2
-    inner join team as t on (t.id = p2.team_id)
-    where p2.id in (select project_id
-                     from project_profile_rel as ppr
-                    where ppr.profile_id = ?
-                      and (ppr.can_edit = true or
-                           ppr.is_owner = true or
-                           ppr.is_admin = true))
-      and t.deleted_at is null
-      and p2.deleted_at is null
-    order by team_name, name;")
-
-(defn get-all-projects
-  [conn profile-id]
-  (db/exec! conn [sql:all-projects profile-id profile-id]))
-
-
-;; --- QUERY: Get project
-
-(s/def ::get-project
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::id]))
-
-(sv/defmethod ::get-project
-  {::doc/added "1.18"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id id]}]
-  (with-open [conn (db/open pool)]
-    (let [project (db/get-by-id conn :project id)]
-      (check-read-permissions! conn profile-id id)
-      project)))
-
-
-
-;; --- MUTATION: Create Project
-
-(s/def ::create-project
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id ::name]
-          :opt-un [::id]))
-
-(sv/defmethod ::create-project
-  {::doc/added "1.18"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
-  (db/with-atomic [conn pool]
-    (teams/check-edition-permissions! conn profile-id team-id)
-    (quotes/check-quote! conn {::quotes/id ::quotes/projects-per-team
-                               ::quotes/profile-id profile-id
-                               ::quotes/team-id team-id})
-
-    (let [params  (assoc params :profile-id profile-id)
-          project (teams/create-project conn params)]
-      (teams/create-project-role conn profile-id (:id project) :owner)
-      (db/insert! conn :team-project-profile-rel
-                  {:project-id (:id project)
-                   :profile-id profile-id
-                   :team-id team-id
-                   :is-pinned true})
-      (assoc project :is-pinned true))))
-
-
-;; --- MUTATION: Toggle Project Pin
-
-(def ^:private
-  sql:update-project-pin
-  "insert into team_project_profile_rel (team_id, project_id, profile_id, is_pinned)
-   values (?, ?, ?, ?)
-       on conflict (team_id, project_id, profile_id)
-       do update set is_pinned=?")
-
-(s/def ::is-pinned ::us/boolean)
-(s/def ::project-id ::us/uuid)
-(s/def ::update-project-pin
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::id ::team-id ::is-pinned]))
-
-(sv/defmethod ::update-project-pin
-  {::doc/added "1.18"
-   ::webhooks/batch-timeout (dt/duration "5s")
-   ::webhooks/batch-key (webhooks/key-fn ::rpc/profile-id :id)
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id team-id is-pinned] :as params}]
-  (db/with-atomic [conn pool]
-    (check-edition-permissions! conn profile-id id)
-    (db/exec-one! conn [sql:update-project-pin team-id id profile-id is-pinned is-pinned])
-    nil))
-
-;; --- MUTATION: Rename Project
-
-(declare rename-project)
-
-(s/def ::rename-project
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::name ::id]))
-
-(sv/defmethod ::rename-project
-  {::doc/added "1.18"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id name] :as params}]
-  (db/with-atomic [conn pool]
-    (check-edition-permissions! conn profile-id id)
-    (let [project (db/get-by-id conn :project id ::db/for-update? true)]
-      (db/update! conn :project
-                  {:name name}
-                  {:id id})
-      (rph/with-meta (rph/wrap)
-        {::audit/props {:team-id (:team-id project)
-                        :prev-name (:name project)}}))))
-
-;; --- MUTATION: Delete Project
-
-(s/def ::delete-project
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::id]))
-
-;; TODO: right now, we just don't allow delete default projects, in a
-;; future we need to ensure raise a correct exception signaling that
-;; this is not allowed.
-
-(sv/defmethod ::delete-project
-  {::doc/added "1.18"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
-  (db/with-atomic [conn pool]
-    (check-edition-permissions! conn profile-id id)
-    (let [project (db/update! conn :project
-                              {:deleted-at (dt/now)}
-                              {:id id :is-default false})]
-      (rph/with-meta (rph/wrap)
-        {::audit/props {:team-id (:team-id project)
-                        :name (:name project)
-                        :created-at (:created-at project)
-                        :modified-at (:modified-at project)}}))))
-
-
--- a/backend/src/app/rpc/commands/search.clj
+++ b/backend/src/app/rpc/commands/search.clj
@@ -64,5 +64,5 @@

 (sv/defmethod ::search-files
  {::doc/added "1.17"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id search-term]}]
+  [{:keys [pool]} {:keys [::rpc/profile-id team-id search-term]}]
  (some->> search-term (search-files pool profile-id team-id)))
--- a/backend/src/app/rpc/commands/teams.clj
+++ b/backend/src/app/rpc/commands/teams.clj
@@ -18,16 +18,16 @@
   [app.main :as-alias main]
   [app.media :as media]
   [app.rpc :as-alias rpc]
-   [app.rpc.commands.profile :as profile]
+   [app.rpc.climit :as climit]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
   [app.rpc.permissions :as perms]
+   [app.rpc.queries.profile :as profile]
   [app.rpc.quotes :as quotes]
   [app.storage :as sto]
   [app.tokens :as tokens]
   [app.util.services :as sv]
   [app.util.time :as dt]
-   [app.worker :as-alias wrk]
   [clojure.spec.alpha :as s]
   [cuerdas.core :as str]
   [promesa.core :as p]
@@ -83,7 +83,7 @@

 (sv/defmethod ::get-teams
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (with-open [conn (db/open pool)]
    (retrieve-teams conn profile-id)))

@@ -114,8 +114,8 @@

 (defn retrieve-teams
  [conn profile-id]
-  (let [profile (profile/get-profile conn profile-id)]
-    (->> (db/exec! conn [sql:teams (:default-team-id profile) profile-id])
+  (let [defaults (profile/retrieve-additional-data conn profile-id)]
+    (->> (db/exec! conn [sql:teams (:default-team-id defaults) profile-id])
         (mapv process-permissions))))

 ;; --- Query: Team (by ID)
@@ -128,22 +128,21 @@

 (sv/defmethod ::get-team
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id]}]
  (with-open [conn (db/open pool)]
    (retrieve-team conn profile-id id)))

 (defn retrieve-team
  [conn profile-id team-id]
-  (let [profile (profile/get-profile conn profile-id)
-        sql     (str "WITH teams AS (" sql:teams ") SELECT * FROM teams WHERE id=?")
-        result  (db/exec-one! conn [sql (:default-team-id profile) profile-id team-id])]
-
+  (let [defaults (profile/retrieve-additional-data conn profile-id)
+        sql      (str "WITH teams AS (" sql:teams ") SELECT * FROM teams WHERE id=?")
+        result   (db/exec-one! conn [sql (:default-team-id defaults) profile-id team-id])]
    (when-not result
      (ex/raise :type :not-found
                :code :team-does-not-exist))
-
    (process-permissions result)))

+
 ;; --- Query: Team Members

 (def sql:team-members
@@ -440,7 +439,7 @@

 (sv/defmethod ::leave-team
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
    (leave-team conn (assoc params :profile-id profile-id))))

@@ -456,7 +455,7 @@

 (sv/defmethod ::delete-team
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (let [perms (get-permissions conn profile-id id)]
      (when-not (:is-owner perms)
@@ -474,7 +473,7 @@
 (s/def ::team-id ::us/uuid)
 (s/def ::member-id ::us/uuid)
 ;; Temporarily disabled viewer role
-;; https://tree.taiga.io/project/uxboxproject/issue/1083
+;; https://tree.taiga.io/project/penpot/issue/1083
 ;; (s/def ::role #{:owner :admin :editor :viewer})
 (s/def ::role #{:owner :admin :editor})

@@ -552,7 +551,7 @@

 (sv/defmethod ::delete-team-member
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id member-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id member-id] :as params}]
  (db/with-atomic [conn pool]
    (let [perms (get-permissions conn profile-id team-id)]
      (when-not (or (:is-owner perms)
@@ -571,7 +570,7 @@

 ;; --- Mutation: Update Team Photo

-(declare upload-photo)
+(declare ^:private upload-photo)
 (declare ^:private update-team-photo)

 (s/def ::file ::media/upload)
@@ -584,14 +583,14 @@
  [cfg {:keys [::rpc/profile-id file] :as params}]
  ;; Validate incoming mime type
  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
    (update-team-photo cfg (assoc params :profile-id profile-id))))

 (defn update-team-photo
-  [{:keys [::db/pool ::sto/storage ::wrk/executor] :as cfg} {:keys [profile-id team-id] :as params}]
+  [{:keys [pool storage executor] :as cfg} {:keys [profile-id team-id] :as params}]
  (p/let [team  (px/with-dispatch executor
                  (retrieve-team pool profile-id team-id))
-          photo (profile/upload-photo cfg params)]
+          photo (upload-photo cfg params)]

    ;; Mark object as touched for make it ellegible for tentative
    ;; garbage collection.
@@ -605,14 +604,45 @@

    (assoc team :photo-id (:id photo))))

+(defn upload-photo
+  [{:keys [storage executor climit] :as cfg} {:keys [file]}]
+  (letfn [(get-info [content]
+            (climit/with-dispatch (:process-image climit)
+              (media/run {:cmd :info :input content})))
+
+          (generate-thumbnail [info]
+            (climit/with-dispatch (:process-image climit)
+              (media/run {:cmd :profile-thumbnail
+                          :format :jpeg
+                          :quality 85
+                          :width 256
+                          :height 256
+                          :input info})))
+
+          ;; Function responsible of calculating cryptographyc hash of
+          ;; the provided data.
+          (calculate-hash [data]
+            (px/with-dispatch executor
+              (sto/calculate-hash data)))]
+
+    (p/let [info    (get-info file)
+            thumb   (generate-thumbnail info)
+            hash    (calculate-hash (:data thumb))
+            content (-> (sto/content (:data thumb) (:size thumb))
+                        (sto/wrap-with-hash hash))]
+      (sto/put-object! storage {::sto/content content
+                                ::sto/deduplicate? true
+                                :bucket "profile"
+                                :content-type (:mtype thumb)}))))

 ;; --- Mutation: Create Team Invitation

 (def sql:upsert-team-invitation
-  "insert into team_invitation(team_id, email_to, role, valid_until)
-   values (?, ?, ?, ?)
+  "insert into team_invitation(id, team_id, email_to, role, valid_until)
+   values (?, ?, ?, ?, ?)
       on conflict(team_id, email_to) do
-          update set role = ?, updated_at = now();")
+          update set role = ?, valid_until = ?, updated_at = now()
+   returning *")

 (defn- create-invitation-token
  [cfg {:keys [profile-id valid-until team-id member-id member-email role]}]
@@ -633,16 +663,8 @@
                    :exp (dt/in-future {:days 30})}))

 (defn- create-invitation
-  [{:keys [::conn] :as cfg} {:keys [team profile role email] :as params}]
-  (let [member (profile/get-profile-by-email conn email)
-        expire (dt/in-future "168h") ;; 7 days
-        itoken (create-invitation-token cfg {:profile-id (:id profile)
-                                             :valid-until expire
-                                             :team-id (:id team)
-                                             :member-email (or (:email member) email)
-                                             :member-id (:id member)
-                                             :role role})
-        ptoken (create-profile-identity-token cfg profile)]
+  [{:keys [::db/conn] :as cfg} {:keys [team profile role email] :as params}]
+  (let [member (profile/retrieve-profile-data-by-email conn email)]

    (when (and member (not (eml/allow-send-emails? conn member)))
      (ex/raise :type :validation
@@ -657,9 +679,6 @@
                :email email
                :hint "the email you invite has been repeatedly reported as spam or bounce"))

-    (when (contains? cf/flags :log-invitation-tokens)
-      (l/trace :hint "invitation token" :token itoken))
-
    ;; When we have email verification disabled and invitation user is
    ;; already present in the database, we proceed to add it to the
    ;; team as-is, without email roundtrip.
@@ -680,10 +699,38 @@
        (when-not (:is-active member)
          (db/update! conn :profile
                      {:is-active true}
-                      {:id (:id member)})))
-      (do
-        (db/exec-one! conn [sql:upsert-team-invitation
-                            (:id team) (str/lower email) (name role) expire (name role)])
+                      {:id (:id member)}))
+
+        nil)
+      (let [id         (uuid/next)
+            expire     (dt/in-future "168h") ;; 7 days
+            invitation (db/exec-one! conn [sql:upsert-team-invitation id
+                                           (:id team) (str/lower email)
+                                           (name role) expire
+                                           (name role) expire])
+            updated?   (not= id (:id invitation))
+            tprops     {:profile-id (:id profile)
+                        :invitation-id (:id invitation)
+                        :valid-until expire
+                        :team-id (:id team)
+                        :member-email (:email-to invitation)
+                        :member-id (:id member)
+                        :role role}
+            itoken     (create-invitation-token cfg tprops)
+            ptoken     (create-profile-identity-token cfg profile)]
+
+        (when (contains? cf/flags :log-invitation-tokens)
+          (l/info :hint "invitation token" :token itoken))
+
+        (audit/submit! cfg
+                       {:type "action"
+                        :name (if updated?
+                                "update-team-invitation"
+                                "create-team-invitation")
+                        :profile-id (:id profile)
+                        :props (-> (dissoc tprops :profile-id)
+                                   (d/without-nils))})
+
        (eml/send! {::eml/conn conn
                    ::eml/factory eml/invite-to-team
                    :public-uri (cf/get :public-uri)
@@ -691,9 +738,9 @@
                    :invited-by (:fullname profile)
                    :team (:name team)
                    :token itoken
-                    :extra-data ptoken})))
+                    :extra-data ptoken})

-    itoken))
+        itoken))))

 (s/def ::email ::us/email)
 (s/def ::emails ::us/set-of-valid-emails)
@@ -706,7 +753,7 @@
  "A rpc call that allow to send a single or multiple invitations to
  join the team."
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email emails role] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id email emails role] :as params}]
  (db/with-atomic [conn pool]
    (let [perms    (get-permissions conn profile-id team-id)
          profile  (db/get-by-id conn :profile profile-id)
@@ -734,14 +781,14 @@
                  :code :profile-is-muted
                  :hint "looks like the profile has reported repeatedly as spam or has permanent bounces"))

-      (let [cfg         (assoc cfg ::conn conn)
+      (let [cfg         (assoc cfg ::db/conn conn)
            invitations (->> emails
                             (map (fn [email]
                                    {:email (str/lower email)
                                     :team team
                                     :profile profile
                                     :role role}))
-                             (map (partial create-invitation cfg)))]
+                             (keep (partial create-invitation cfg)))]
        (with-meta (vec invitations)
          {::audit/props {:invitations (count invitations)}})))))

@@ -755,11 +802,12 @@

 (sv/defmethod ::create-team-with-invitations
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id emails role] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id emails role] :as params}]
  (db/with-atomic [conn pool]
-    (let [team     (create-team conn params)
+    (let [params   (assoc params :profile-id profile-id)
+          team     (create-team conn params)
          profile  (db/get-by-id conn :profile profile-id)
-          cfg      (assoc cfg ::conn conn)]
+          cfg      (assoc cfg ::db/conn conn)]

      ;; Create invitations for all provided emails.
      (->> emails
@@ -782,18 +830,16 @@
                   ::quotes/team-id (:id team)
                   ::quotes/incr (count emails)}))

-      (-> team
-          (vary-meta assoc ::audit/props {:invitations (count emails)})
-          (rph/with-defer
-            #(when-let [collector (::audit/collector cfg)]
-               (audit/submit! collector
-                              {:type "command"
-                               :name "create-team-invitations"
-                               :profile-id profile-id
-                               :props {:emails emails
-                                       :role role
-                                       :profile-id profile-id
-                                       :invitations (count emails)}})))))))
+      (audit/submit! cfg
+                     {:type "command"
+                      :name "create-team-invitations"
+                      :profile-id profile-id
+                      :props {:emails emails
+                              :role role
+                              :profile-id profile-id
+                              :invitations (count emails)}})
+
+      (vary-meta team assoc ::audit/props {:invitations (count emails)}))))

 ;; --- Query: get-team-invitation-token

@@ -809,7 +855,7 @@
                          {:team-id team-id
                           :email-to (str/lower email)})
                  (update :role keyword))
-        member (profile/get-profile-by-email pool (:email invit))
+        member (profile/retrieve-profile-data-by-email pool (:email-to invit))
        token  (create-invitation-token cfg {:team-id (:team-id invit)
                                             :profile-id profile-id
                                             :valid-until (:valid-until invit)
@@ -826,7 +872,7 @@

 (sv/defmethod ::update-team-invitation-role
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email role] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id email role] :as params}]
  (db/with-atomic [conn pool]
    (let [perms    (get-permissions conn profile-id team-id)]

@@ -847,7 +893,7 @@

 (sv/defmethod ::delete-team-invitation
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email] :as params}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id email] :as params}]
  (db/with-atomic [conn pool]
    (let [perms (get-permissions conn profile-id team-id)]

@@ -855,6 +901,7 @@
        (ex/raise :type :validation
                  :code :insufficient-permissions))

-      (db/delete! conn :team-invitation
-                {:team-id team-id :email-to (str/lower email)})
-      nil)))
+      (let [invitation (db/delete! conn :team-invitation
+                                   {:team-id team-id
+                                    :email-to (str/lower email)})]
+        (rph/wrap nil {::audit/props {:invitation-id (:id invitation)}})))))
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@@ -11,12 +11,11 @@
   [app.db :as db]
   [app.http.session :as session]
   [app.loggers.audit :as audit]
-   [app.main :as-alias main]
   [app.rpc :as-alias rpc]
-   [app.rpc.commands.profile :as profile]
   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
+   [app.rpc.queries.profile :as profile]
   [app.rpc.quotes :as quotes]
   [app.tokens :as tokens]
   [app.tokens.spec.team-invitation :as-alias spec.team-invitation]
@@ -35,15 +34,15 @@
 (sv/defmethod ::verify-token
  {::rpc/auth false
   ::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [token] :as params}]
+  [{:keys [pool sprops] :as cfg} {:keys [token] :as params}]
  (db/with-atomic [conn pool]
-    (let [claims (tokens/verify (::main/props cfg) {:token token})
+    (let [claims (tokens/verify sprops {:token token})
          cfg    (assoc cfg :conn conn)]
      (process-token cfg params claims))))

 (defmethod process-token :change-email
  [{:keys [conn] :as cfg} _params {:keys [profile-id email] :as claims}]
-  (when (profile/get-profile-by-email conn email)
+  (when (profile/retrieve-profile-data-by-email conn email)
    (ex/raise :type :validation
              :code :email-already-exists))

@@ -57,8 +56,8 @@
     ::audit/profile-id profile-id}))

 (defmethod process-token :verify-email
-  [{:keys [conn] :as cfg} _ {:keys [profile-id] :as claims}]
-  (let [profile (profile/get-profile conn profile-id)
+  [{:keys [conn session] :as cfg} _ {:keys [profile-id] :as claims}]
+  (let [profile (profile/retrieve-profile conn profile-id)
        claims  (assoc claims :profile profile)]

    (when-not (:is-active profile)
@@ -72,14 +71,14 @@
                  {:id (:id profile)}))

    (-> claims
-        (rph/with-transform (session/create-fn cfg profile-id))
+        (rph/with-transform (session/create-fn session profile-id))
        (rph/with-meta {::audit/name "verify-profile-email"
                        ::audit/props (audit/profile->props profile)
                        ::audit/profile-id (:id profile)}))))

 (defmethod process-token :auth
  [{:keys [conn] :as cfg} _params {:keys [profile-id] :as claims}]
-  (let [profile (profile/get-profile conn profile-id)]
+  (let [profile (profile/retrieve-profile conn profile-id)]
    (assoc claims :profile profile)))

 ;; --- Team Invitation
@@ -153,45 +152,30 @@
    (if (some? profile)
      (if (or (= member-id profile-id)
              (= member-email (:email profile)))
-        ;; if we have logged-in user and it matches the invitation we
-        ;; proceed with accepting the invitation and joining the
-        ;; current profile to the invited team.
+
+        ;; if we have logged-in user and it matches the invitation we proceed
+        ;; with accepting the invitation and joining the current profile to the
+        ;; invited team.
        (let [profile (accept-invitation cfg claims invitation profile)]
          (-> (assoc claims :state :created)
              (rph/with-meta {::audit/name "accept-team-invitation"
-                              ::audit/props (merge
-                                             (audit/profile->props profile)
-                                             {:team-id (:team-id claims)
-                                              :role (:role claims)})
-                              ::audit/profile-id profile-id})))
+                              ::audit/profile-id (:id profile)
+                              ::audit/props {:team-id (:team-id claims)
+                                             :role (:role claims)
+                                             :invitation-id (:id invitation)}})))

        (ex/raise :type :validation
                  :code :invalid-token
                  :hint "logged-in user does not matches the invitation"))

-      ;; If we have not logged-in user, we try find the invited
-      ;; profile by member-id or member-email props of the invitation
-      ;; token; If profile is found, we accept the invitation and
-      ;; leave the user logged-in.
-      (if-let [member (db/get* conn :profile
-                               (if member-id
-                                 {:id member-id}
-                                 {:email member-email})
-                               {:columns [:id :email]})]
-        (let [profile (accept-invitation cfg claims invitation member)]
-          (-> (assoc claims :state :created)
-              (rph/with-transform (session/create-fn cfg (:id profile)))
-              (rph/with-meta {::audit/name "accept-team-invitation"
-                              ::audit/props (merge
-                                             (audit/profile->props profile)
-                                             {:team-id (:team-id claims)
-                                              :role (:role claims)})
-                              ::audit/profile-id member-id})))
+      ;; If we have not logged-in user, and invitation comes with member-id we
+      ;; redirect user to login, if no memeber-id is present in the invitation
+      ;; token, we redirect user the the register page.

-        {:invitation-token token
-         :iss :team-invitation
-         :redirect-to :auth-register
-         :state :pending}))))
+      {:invitation-token token
+       :iss :team-invitation
+       :redirect-to (if member-id :auth-login :auth-register)
+       :state :pending})))

 ;; --- Default

--- a/backend/src/app/rpc/commands/viewer.clj
+++ b/backend/src/app/rpc/commands/viewer.clj
@@ -13,10 +13,11 @@
   [app.rpc.commands.files :as files]
   [app.rpc.cond :as-alias cond]
   [app.rpc.doc :as-alias doc]
+   [app.rpc.queries.share-link :as slnk]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

-;; --- QUERY: View Only Bundle
+;; --- Query: View Only Bundle

 (defn- get-project
  [conn id]
@@ -30,8 +31,7 @@
        users   (comments/get-file-comments-users conn file-id profile-id)

        links   (->> (db/query conn :share-link {:file-id file-id})
-                     (mapv (fn [row]
-                             (update row :pages db/decode-pgarray #{}))))
+                     (mapv slnk/decode-share-link-row))

        fonts   (db/query conn :team-font-variant
                          {:team-id (:team-id project)
@@ -84,6 +84,6 @@
   ::cond/key-fn files/get-file-etag
   ::cond/reuse-key? true
   ::doc/added "1.17"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id] :as params}]
+  [{:keys [pool]} {:keys [::rpc/profile-id] :as params}]
  (with-open [conn (db/open pool)]
    (get-view-only-bundle conn (assoc params :profile-id profile-id))))
--- a/backend/src/app/rpc/commands/webhooks.clj
+++ b/backend/src/app/rpc/commands/webhooks.clj
@@ -8,6 +8,7 @@
  (:require
   [app.common.exceptions :as ex]
   [app.common.spec :as us]
+   [app.common.uri :as u]
   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.http.client :as http]
@@ -22,10 +23,15 @@
   [cuerdas.core :as str]
   [promesa.core :as p]))

+(defn decode-row
+  [{:keys [uri] :as row}]
+  (cond-> row
+    (string? uri) (assoc :uri (u/uri uri))))
+
 ;; --- Mutation: Create Webhook

 (s/def ::team-id ::us/uuid)
-(s/def ::uri ::us/not-empty-string)
+(s/def ::uri ::us/uri)
 (s/def ::is-active ::us/boolean)
 (s/def ::mtype
  #{"application/json"
@@ -59,7 +65,7 @@

    (if (not= (:uri whook) (:uri params))
      (->> (http/req! cfg {:method :head
-                           :uri (:uri params)
+                           :uri (str (:uri params))
                           :timeout (dt/duration "3s")})
           (p/hmap (fn [response exception]
                     (if exception
@@ -79,22 +85,24 @@

 (defn- insert-webhook!
  [{:keys [::db/pool]} {:keys [team-id uri mtype is-active] :as params}]
-  (db/insert! pool :webhook
-              {:id (uuid/next)
-               :team-id team-id
-               :uri uri
-               :is-active is-active
-               :mtype mtype}))
+  (-> (db/insert! pool :webhook
+                  {:id (uuid/next)
+                   :team-id team-id
+                   :uri (str uri)
+                   :is-active is-active
+                   :mtype mtype})
+      (decode-row)))

 (defn- update-webhook!
  [{:keys [::db/pool] :as cfg} {:keys [id] :as wook} {:keys [uri mtype is-active] :as params}]
-  (db/update! pool :webhook
-              {:uri uri
-               :is-active is-active
-               :mtype mtype
-               :error-code nil
-               :error-count 0}
-              {:id id}))
+  (-> (db/update! pool :webhook
+                  {:uri (str uri)
+                   :is-active is-active
+                   :mtype mtype
+                   :error-code nil
+                   :error-count 0}
+                  {:id id})
+      (decode-row)))

 (sv/defmethod ::create-webhook
  {::doc/added "1.17"}
@@ -110,7 +118,7 @@
 (sv/defmethod ::update-webhook
  {::doc/added "1.17"}
  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [::rpc/profile-id id] :as params}]
-  (let [whook (db/get pool :webhook {:id id})]
+  (let [whook (-> (db/get pool :webhook {:id id}) (decode-row))]
    (check-edition-permissions! pool profile-id (:team-id whook))
    (->> (validate-webhook! cfg whook params)
         (p/fmap executor (fn [_] (update-webhook! cfg whook params))))))
@@ -123,7 +131,7 @@
  {::doc/added "1.17"}
  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id]}]
  (db/with-atomic [conn pool]
-    (let [whook (db/get conn :webhook {:id id})]
+    (let [whook (-> (db/get conn :webhook {:id id}) decode-row)]
      (check-edition-permissions! conn profile-id (:team-id whook))
      (db/delete! conn :webhook {:id id})
      nil)))
@@ -140,7 +148,8 @@
   from webhook where team_id = ? order by uri")

 (sv/defmethod ::get-webhooks
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
+  [{:keys [pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id team-id)
-    (db/exec! conn [sql:get-webhooks team-id])))
+    (->> (db/exec! conn [sql:get-webhooks team-id])
+         (mapv decode-row))))
--- a/backend/src/app/rpc/doc.clj
+++ b/backend/src/app/rpc/doc.clj
@@ -70,8 +70,6 @@
      (respond (yrs/response 404)))))


-(s/def ::routes vector?)
-
 (defmethod ig/pre-init-spec ::routes [_]
  (s/keys :req-un [::rpc/methods]))

--- a/backend/src/app/rpc/mutations/files.clj
+++ b/backend/src/app/rpc/mutations/files.clj
@@ -0,0 +1,239 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.mutations.files
+  (:require
+   [app.common.exceptions :as ex]
+   [app.common.logging :as l]
+   [app.common.spec :as us]
+   [app.db :as db]
+   [app.loggers.audit :as-alias audit]
+   [app.rpc.climit :as-alias climit]
+   [app.rpc.commands.files :as cmd.files]
+   [app.rpc.commands.files.create :as cmd.files.create]
+   [app.rpc.commands.files.temp :as cmd.files.temp]
+   [app.rpc.commands.files.update :as cmd.files.update]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.helpers :as rph]
+   [app.rpc.queries.projects :as proj]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [clojure.spec.alpha :as s]))
+
+;; --- Mutation: Create File
+
+(s/def ::create-file ::cmd.files.create/create-file)
+
+(sv/defmethod ::create-file
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id project-id features components-v2] :as params}]
+  (db/with-atomic [conn pool]
+    (proj/check-edition-permissions! conn profile-id project-id)
+    (let [team-id  (cmd.files/get-team-id conn project-id)
+          features (cond-> (or features #{})
+                     ;; BACKWARD COMPATIBILITY with the components-v2 param
+                     components-v2 (conj "components/v2"))
+          params   (assoc params :features features)]
+      (-> (cmd.files.create/create-file conn params)
+          (vary-meta assoc ::audit/props {:team-id team-id})))))
+
+
+;; --- Mutation: Rename File
+
+(s/def ::rename-file ::cmd.files/rename-file)
+
+(sv/defmethod ::rename-file
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id id)
+    (cmd.files/rename-file conn params)))
+
+
+;; --- Mutation: Set File shared
+
+(s/def ::set-file-shared ::cmd.files/set-file-shared)
+
+(sv/defmethod ::set-file-shared
+  {::doc/added "1.2"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [id profile-id is-shared] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id id)
+    (when-not is-shared
+      (cmd.files/absorb-library conn params)
+      (cmd.files/unlink-files conn params))
+    (cmd.files/set-file-shared conn params)))
+
+;; --- Mutation: Delete File
+
+(s/def ::delete-file ::cmd.files/delete-file)
+
+(sv/defmethod ::delete-file
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id id)
+    (cmd.files/absorb-library conn params)
+    (cmd.files/mark-file-deleted conn params)
+    nil))
+
+;; --- Mutation: Link file to library
+
+(s/def ::link-file-to-library ::cmd.files/link-file-to-library)
+
+(sv/defmethod ::link-file-to-library
+  {::doc/added "1.3"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id library-id] :as params}]
+  (when (= file-id library-id)
+    (ex/raise :type :validation
+              :code :invalid-library
+              :hint "A file cannot be linked to itself"))
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id file-id)
+    (cmd.files/check-edition-permissions! conn profile-id library-id)
+    (cmd.files/link-file-to-library conn params)))
+
+;; --- Mutation: Unlink file from library
+
+(s/def ::unlink-file-from-library ::cmd.files/unlink-file-from-library)
+
+(sv/defmethod ::unlink-file-from-library
+  {::doc/added "1.3"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id file-id)
+    (cmd.files/unlink-file-from-library conn params)))
+
+
+;; --- Mutation: Update synchronization status of a link
+
+(s/def ::update-sync ::cmd.files/update-file-library-sync-status)
+
+(sv/defmethod ::update-sync
+  {::doc/added "1.10"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id file-id)
+    (cmd.files/update-sync conn params)))
+
+
+;; --- Mutation: Ignore updates in linked files
+
+(declare ignore-sync)
+
+(s/def ::ignore-sync ::cmd.files/ignore-file-library-sync-status)
+
+(sv/defmethod ::ignore-sync
+  {::doc/added "1.10"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id file-id)
+    (cmd.files/ignore-sync conn params)))
+
+
+;; --- MUTATION: update-file
+
+(s/def ::components-v2 ::us/boolean)
+(s/def ::update-file
+  (s/and ::cmd.files.update/update-file
+         (s/keys :opt-un [::components-v2])))
+
+(sv/defmethod ::update-file
+  {::climit/queue :update-file
+   ::climit/key-fn :id
+   ::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [id profile-id features components-v2] :as params}]
+  (db/with-atomic [conn pool]
+    (db/xact-lock! conn id)
+    (cmd.files/check-edition-permissions! conn profile-id id)
+
+    (let [;; BACKWARD COMPATIBILITY with the components-v2 parameter
+          features  (cond-> (or features #{})
+                      components-v2 (conj "components/v2"))
+          tpoint    (dt/tpoint)
+          params    (assoc params :features features)
+          cfg       (assoc cfg :conn conn)]
+
+      (-> (cmd.files.update/update-file cfg params)
+          (rph/with-defer #(let [elapsed (tpoint)]
+                             (l/trace :hint "update-file" :time (dt/format-duration elapsed))))))))
+
+;; --- Mutation: upsert object thumbnail
+
+(s/def ::upsert-file-object-thumbnail ::cmd.files/upsert-file-object-thumbnail)
+
+(sv/defmethod ::upsert-file-object-thumbnail
+  {::doc/added "1.13"
+   ::doc/deprecated "1.17"
+   ::audit/skip true}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id file-id)
+    (cmd.files/upsert-file-object-thumbnail! conn params)
+    nil))
+
+
+;; --- Mutation: upsert file thumbnail
+
+(s/def ::upsert-file-thumbnail ::cmd.files/upsert-file-thumbnail)
+
+(sv/defmethod ::upsert-file-thumbnail
+  "Creates or updates the file thumbnail. Mainly used for paint the
+  grid thumbnails."
+  {::doc/added "1.13"
+   ::doc/deprecated "1.17"
+   ::audit/skip true}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id file-id)
+    (cmd.files/upsert-file-thumbnail conn params)
+    nil))
+
+
+;; --- MUTATION COMMAND: create-temp-file
+
+(s/def ::create-temp-file ::cmd.files.temp/create-temp-file)
+
+(sv/defmethod ::create-temp-file
+  {::doc/added "1.7"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id project-id] :as params}]
+  (db/with-atomic [conn pool]
+    (proj/check-edition-permissions! conn profile-id project-id)
+    (cmd.files.create/create-file conn (assoc params :deleted-at (dt/in-future {:days 1})))))
+
+;; --- MUTATION COMMAND: update-temp-file
+
+(s/def ::update-temp-file ::cmd.files.temp/update-temp-file)
+
+(sv/defmethod ::update-temp-file
+  {::doc/added "1.7"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} params]
+  (db/with-atomic [conn pool]
+    (cmd.files.temp/update-temp-file conn params)
+    nil))
+
+;; --- MUTATION COMMAND: persist-temp-file
+
+(s/def ::persist-temp-file ::cmd.files.temp/persist-temp-file)
+
+(sv/defmethod ::persist-temp-file
+  {::doc/added "1.7"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.files/check-edition-permissions! conn profile-id id)
+    (cmd.files.temp/persist-temp-file conn params)))
--- a/backend/src/app/rpc/mutations/fonts.clj
+++ b/backend/src/app/rpc/mutations/fonts.clj
@@ -6,12 +6,15 @@

 (ns app.rpc.mutations.fonts
  (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.loggers.audit :as-alias audit]
   [app.loggers.webhooks :as-alias webhooks]
   [app.media :as media]
-   [app.rpc.commands.fonts :as fonts]
+   [app.rpc.climit :as-alias climit]
   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
@@ -19,7 +22,9 @@
   [app.storage :as sto]
   [app.util.services :as sv]
   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]))
+   [clojure.spec.alpha :as s]
+   [promesa.core :as p]
+   [promesa.exec :as px]))

 (declare create-font-variant)

@@ -39,19 +44,82 @@
  (s/keys :req-un [::profile-id ::team-id ::data
                   ::font-id ::font-family ::font-weight ::font-style]))

-(declare create-font-variant)
-
 (sv/defmethod ::create-font-variant
  {::doc/added "1.3"
-   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [team-id profile-id] :as params}]
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
    (teams/check-edition-permissions! pool profile-id team-id)
    (quotes/check-quote! pool {::quotes/id ::quotes/font-variants-per-team
                               ::quotes/profile-id profile-id
                               ::quotes/team-id team-id})
-    (fonts/create-font-variant cfg params)))
+    (create-font-variant cfg params)))
+
+(defn create-font-variant
+  [{:keys [storage pool executor climit] :as cfg} {:keys [data] :as params}]
+  (letfn [(generate-fonts [data]
+            (climit/with-dispatch (:process-font climit)
+              (media/run {:cmd :generate-fonts :input data})))
+
+          ;; Function responsible of calculating cryptographyc hash of
+          ;; the provided data.
+          (calculate-hash [data]
+            (px/with-dispatch executor
+              (sto/calculate-hash data)))
+
+          (validate-data [data]
+            (when (and (not (contains? data "font/otf"))
+                       (not (contains? data "font/ttf"))
+                       (not (contains? data "font/woff"))
+                       (not (contains? data "font/woff2")))
+              (ex/raise :type :validation
+                        :code :invalid-font-upload))
+            data)
+
+          (persist-font-object [data mtype]
+            (when-let [resource (get data mtype)]
+              (p/let [hash    (calculate-hash resource)
+                      content (-> (sto/content resource)
+                                  (sto/wrap-with-hash hash))]
+                (sto/put-object! storage {::sto/content content
+                                          ::sto/touched-at (dt/now)
+                                          ::sto/deduplicate? true
+                                          :content-type mtype
+                                          :bucket "team-font-variant"}))))
+
+          (persist-fonts [data]
+            (p/let [otf   (persist-font-object data "font/otf")
+                    ttf   (persist-font-object data "font/ttf")
+                    woff1 (persist-font-object data "font/woff")
+                    woff2 (persist-font-object data "font/woff2")]
+
+              (d/without-nils
+               {:otf otf
+                :ttf ttf
+                :woff1 woff1
+                :woff2 woff2})))
+
+          (insert-into-db [{:keys [woff1 woff2 otf ttf]}]
+            (db/insert! pool :team-font-variant
+                        {:id (uuid/next)
+                         :team-id (:team-id params)
+                         :font-id (:font-id params)
+                         :font-family (:font-family params)
+                         :font-weight (:font-weight params)
+                         :font-style (:font-style params)
+                         :woff1-file-id (:id woff1)
+                         :woff2-file-id (:id woff2)
+                         :otf-file-id (:id otf)
+                         :ttf-file-id (:id ttf)}))
+          ]
+
+    (->> (generate-fonts data)
+         (p/fmap validate-data)
+         (p/mcat executor persist-fonts)
+         (p/fmap executor insert-into-db)
+         (p/fmap (fn [result]
+                   (let [params (update params :data (comp vec keys))]
+                     (rph/with-meta result {::audit/replace-props params})))))))

 ;; --- UPDATE FONT FAMILY

@@ -60,7 +128,6 @@

 (sv/defmethod ::update-font
  {::doc/added "1.3"
-   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [team-id profile-id id name] :as params}]
  (db/with-atomic [conn pool]
@@ -82,7 +149,6 @@

 (sv/defmethod ::delete-font
  {::doc/added "1.3"
-   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id team-id profile-id] :as params}]
  (db/with-atomic [conn pool]
@@ -103,7 +169,6 @@

 (sv/defmethod ::delete-font-variant
  {::doc/added "1.3"
-   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id team-id profile-id] :as params}]
  (db/with-atomic [conn pool]
--- a/backend/src/app/rpc/mutations/media.clj
+++ b/backend/src/app/rpc/mutations/media.clj
@@ -11,7 +11,6 @@
   [app.rpc.commands.files :as files]
   [app.rpc.commands.media :as cmd.media]
   [app.rpc.doc :as-alias doc]
-   [app.storage :as-alias sto]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

@@ -21,9 +20,9 @@

 (sv/defmethod ::upload-file-media-object
  {::doc/added "1.2"
-   ::doc/deprecated "1.18"}
+   ::doc/deprecated "1.17"}
  [{:keys [pool] :as cfg} {:keys [profile-id file-id content] :as params}]
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
    (files/check-edition-permissions! pool profile-id file-id)
    (media/validate-media-type! content)
    (cmd.media/validate-content-size! content)
@@ -35,9 +34,9 @@

 (sv/defmethod ::create-file-media-object-from-url
  {::doc/added "1.3"
-   ::doc/deprecated "1.18"}
+   ::doc/deprecated "1.17"}
  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
    (files/check-edition-permissions! pool profile-id file-id)
    (#'cmd.media/create-file-media-object-from-url cfg params)))

@@ -47,7 +46,7 @@

 (sv/defmethod ::clone-file-media-object
  {::doc/added "1.2"
-   ::doc/deprecated "1.18"}
+   ::doc/deprecated "1.17"}
  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id file-id)
--- a/backend/src/app/rpc/mutations/profile.clj
+++ b/backend/src/app/rpc/mutations/profile.clj
@@ -6,23 +6,31 @@

 (ns app.rpc.mutations.profile
  (:require
+   [app.auth :as auth]
   [app.common.data :as d]
   [app.common.exceptions :as ex]
   [app.common.spec :as us]
   [app.config :as cf]
   [app.db :as db]
+   [app.emails :as eml]
   [app.http.session :as session]
   [app.loggers.audit :as audit]
   [app.media :as media]
+   [app.rpc :as-alias rpc]
   [app.rpc.climit :as-alias climit]
-   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.auth :as cmd.auth]
+   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
+   [app.rpc.queries.profile :as profile]
   [app.storage :as sto]
+   [app.tokens :as tokens]
   [app.util.services :as sv]
   [app.util.time :as dt]
   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]))
+   [cuerdas.core :as str]
+   [promesa.core :as p]
+   [promesa.exec :as px]))

 ;; --- Helpers & Specs

@@ -42,15 +50,14 @@
          :opt-un [::lang ::theme]))

 (sv/defmethod ::update-profile
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id fullname lang theme] :as params}]
+  {::doc/added "1.0"}
+  [{:keys [pool] :as cfg} {:keys [profile-id fullname lang theme] :as params}]
  (db/with-atomic [conn pool]
    ;; NOTE: we need to retrieve the profile independently if we use
    ;; it or not for explicit locking and avoid concurrent updates of
    ;; the same row/object.
-    (let [profile (-> (db/get-by-id conn :profile profile-id ::db/for-update? true)
-                      (profile/decode-row))
+    (let [profile (-> (db/get-by-id conn :profile profile-id {:for-update true})
+                      (profile/decode-profile-row))

          ;; Update the profile map with direct params
          profile (-> profile
@@ -67,68 +74,161 @@
                  {:id profile-id})

      (-> profile
-          (profile/strip-private-attrs)
-          (d/without-nils)
+          profile/strip-private-attrs
+          d/without-nils
          (rph/with-meta {::audit/props (audit/profile->props profile)})))))


 ;; --- MUTATION: Update Password

+(declare validate-password!)
+(declare update-profile-password!)
+(declare invalidate-profile-session!)
+
 (s/def ::update-profile-password
  (s/keys :req-un [::profile-id ::password ::old-password]))

 (sv/defmethod ::update-profile-password
-  {::climit/queue :auth
-   ::doc/added "1.0"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [password] :as params}]
+  {::climit/queue :auth}
+  [{:keys [pool] :as cfg} {:keys [password] :as params}]
  (db/with-atomic [conn pool]
-    (let [profile    (#'profile/validate-password! conn params)
-          session-id (::session/id params)]
+    (let [profile    (validate-password! conn params)
+          session-id (::rpc/session-id params)]
      (when (= (str/lower (:email profile))
               (str/lower (:password params)))
        (ex/raise :type :validation
                  :code :email-as-password
                  :hint "you can't use your email as password"))
-      (profile/update-profile-password! conn (assoc profile :password password))
-      (#'profile/invalidate-profile-session! conn (:id profile) session-id)
+      (update-profile-password! conn (assoc profile :password password))
+      (invalidate-profile-session! conn (:id profile) session-id)
      nil)))

+(defn- invalidate-profile-session!
+  "Removes all sessions except the current one."
+  [conn profile-id session-id]
+  (let [sql "delete from http_session where profile_id = ? and id != ?"]
+    (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id]))))
+
+(defn- validate-password!
+  [conn {:keys [profile-id old-password] :as params}]
+  (let [profile (db/get-by-id conn :profile profile-id)]
+    (when-not (:valid (auth/verify-password old-password (:password profile)))
+      (ex/raise :type :validation
+                :code :old-password-not-match))
+    profile))
+
+(defn update-profile-password!
+  [conn {:keys [id password] :as profile}]
+  (db/update! conn :profile
+              {:password (auth/derive-password password)}
+              {:id id}))

 ;; --- MUTATION: Update Photo

+(declare update-profile-photo)
+
 (s/def ::file ::media/upload)
 (s/def ::update-profile-photo
  (s/keys :req-un [::profile-id ::file]))

 (sv/defmethod ::update-profile-photo
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
  [cfg {:keys [file] :as params}]
  ;; Validate incoming mime type
  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
-  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
-    (profile/update-profile-photo cfg params)))
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
+    (update-profile-photo cfg params)))
+
+(defn update-profile-photo
+  [{:keys [pool storage executor] :as cfg} {:keys [profile-id file] :as params}]
+  (p/let [profile (px/with-dispatch executor
+                    (db/get-by-id pool :profile profile-id))
+          photo   (teams/upload-photo cfg params)]
+
+    ;; Schedule deletion of old photo
+    (when-let [id (:photo-id profile)]
+      (sto/touch-object! storage id))
+
+    ;; Save new photo
+    (db/update! pool :profile
+                {:photo-id (:id photo)}
+                {:id profile-id})
+
+    (-> (rph/wrap)
+        (rph/with-meta {::audit/replace-props
+                        {:file-name (:filename file)
+                         :file-size (:size file)
+                         :file-path (str (:path file))
+                         :file-mtype (:mtype file)}}))))

 ;; --- MUTATION: Request Email Change

+(declare request-email-change)
+(declare change-email-immediately)
+
 (s/def ::request-email-change
  (s/keys :req-un [::email]))

 (sv/defmethod ::request-email-change
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id email] :as params}]
+  [{:keys [pool] :as cfg} {:keys [profile-id email] :as params}]
  (db/with-atomic [conn pool]
    (let [profile (db/get-by-id conn :profile profile-id)
-          cfg     (assoc cfg ::profile/conn conn)
+          cfg     (assoc cfg :conn conn)
          params  (assoc params
                         :profile profile
                         :email (str/lower email))]
-
      (if (contains? cf/flags :smtp)
-        (#'profile/request-email-change! cfg params)
-        (#'profile/change-email-immediately! cfg params)))))
+        (request-email-change cfg params)
+        (change-email-immediately cfg params)))))
+
+(defn- change-email-immediately
+  [{:keys [conn]} {:keys [profile email] :as params}]
+  (when (not= email (:email profile))
+    (cmd.auth/check-profile-existence! conn params))
+  (db/update! conn :profile
+              {:email email}
+              {:id (:id profile)})
+  {:changed true})
+
+(defn- request-email-change
+  [{:keys [conn sprops] :as cfg} {:keys [profile email] :as params}]
+  (let [token   (tokens/generate sprops
+                                 {:iss :change-email
+                                  :exp (dt/in-future "15m")
+                                  :profile-id (:id profile)
+                                  :email email})
+        ptoken  (tokens/generate sprops
+                                 {:iss :profile-identity
+                                  :profile-id (:id profile)
+                                  :exp (dt/in-future {:days 30})})]
+
+    (when (not= email (:email profile))
+      (cmd.auth/check-profile-existence! conn params))
+
+    (when-not (eml/allow-send-emails? conn profile)
+      (ex/raise :type :validation
+                :code :profile-is-muted
+                :hint "looks like the profile has reported repeatedly as spam or has permanent bounces."))
+
+    (when (eml/has-bounce-reports? conn email)
+      (ex/raise :type :validation
+                :code :email-has-permanent-bounces
+                :hint "looks like the email you invite has been repeatedly reported as spam or permanent bounce"))
+
+    (eml/send! {::eml/conn conn
+                ::eml/factory eml/change-email
+                :public-uri (:public-uri cfg)
+                :to (:email profile)
+                :name (:fullname profile)
+                :pending-email email
+                :token token
+                :extra-data ptoken})
+    nil))
+
+
+(defn select-profile-for-update
+  [conn id]
+  (db/get-by-id conn :profile id {:for-update true}))
+

 ;; --- MUTATION: Update Profile Props

@@ -137,11 +237,9 @@
  (s/keys :req-un [::profile-id ::props]))

 (sv/defmethod ::update-profile-props
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id props]}]
+  [{:keys [pool] :as cfg} {:keys [profile-id props]}]
  (db/with-atomic [conn pool]
-    (let [profile (profile/get-profile conn profile-id ::db/for-update? true)
+    (let [profile (profile/retrieve-profile-data conn profile-id)
          props   (reduce-kv (fn [props k v]
                               ;; We don't accept namespaced keys
                               (if (simple-ident? k)
@@ -156,20 +254,22 @@
                  {:props (db/tjson props)}
                  {:id profile-id})

-      (profile/filter-props props))))
+      (profile/filter-profile-props props))))


 ;; --- MUTATION: Delete Profile

+(declare get-owned-teams-with-participants)
+(declare check-can-delete-profile!)
+(declare mark-profile-as-deleted!)
+
 (s/def ::delete-profile
  (s/keys :req-un [::profile-id]))

 (sv/defmethod ::delete-profile
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id] :as params}]
+  [{:keys [pool session] :as cfg} {:keys [profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [teams      (#'profile/get-owned-teams-with-participants conn profile-id)
+    (let [teams      (get-owned-teams-with-participants conn profile-id)
          deleted-at (dt/now)]

      ;; If we found owned teams with participants, we don't allow
@@ -190,4 +290,22 @@
                  {:deleted-at deleted-at}
                  {:id profile-id})

-      (rph/with-transform {} (session/delete-fn cfg)))))
+      (rph/with-transform {} (session/delete-fn session)))))
+
+(def sql:owned-teams
+  "with owner_teams as (
+      select tpr.team_id as id
+        from team_profile_rel as tpr
+       where tpr.is_owner is true
+         and tpr.profile_id = ?
+   )
+   select tpr.team_id as id,
+          count(tpr.profile_id) - 1 as participants
+     from team_profile_rel as tpr
+    where tpr.team_id in (select id from owner_teams)
+      and tpr.profile_id != ?
+    group by 1")
+
+(defn- get-owned-teams-with-participants
+  [conn profile-id]
+  (db/exec! conn [sql:owned-teams profile-id profile-id]))
--- a/backend/src/app/rpc/mutations/projects.clj
+++ b/backend/src/app/rpc/mutations/projects.clj
@@ -10,10 +10,10 @@
   [app.db :as db]
   [app.loggers.audit :as-alias audit]
   [app.loggers.webhooks :as-alias webhooks]
-   [app.rpc.commands.projects :as projects]
   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
+   [app.rpc.queries.projects :as proj]
   [app.rpc.quotes :as quotes]
   [app.util.services :as sv]
   [app.util.time :as dt]
@@ -34,7 +34,6 @@

 (sv/defmethod ::create-project
  {::doc/added "1.0"
-   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [profile-id team-id] :as params}]
  (db/with-atomic [conn pool]
@@ -71,13 +70,12 @@

 (sv/defmethod ::update-project-pin
  {::doc/added "1.0"
-   ::doc/deprecated "1.18"
   ::webhooks/batch-timeout (dt/duration "5s")
   ::webhooks/batch-key :id
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id profile-id team-id is-pinned] :as params}]
  (db/with-atomic [conn pool]
-    (projects/check-edition-permissions! conn profile-id id)
+    (proj/check-edition-permissions! conn profile-id id)
    (db/exec-one! conn [sql:update-project-pin team-id id profile-id is-pinned is-pinned])
    nil))

@@ -90,11 +88,10 @@

 (sv/defmethod ::rename-project
  {::doc/added "1.0"
-   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id profile-id name] :as params}]
  (db/with-atomic [conn pool]
-    (projects/check-edition-permissions! conn profile-id id)
+    (proj/check-edition-permissions! conn profile-id id)
    (let [project (db/get-by-id conn :project id)]
      (db/update! conn :project
                  {:name name}
@@ -115,11 +112,10 @@

 (sv/defmethod ::delete-project
  {::doc/added "1.0"
-   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (projects/check-edition-permissions! conn profile-id id)
+    (proj/check-edition-permissions! conn profile-id id)
    (let [project (db/update! conn :project
                              {:deleted-at (dt/now)}
                              {:id id :is-default false})]
--- a/backend/src/app/rpc/mutations/share_link.clj
+++ b/backend/src/app/rpc/mutations/share_link.clj
@@ -11,7 +11,6 @@
   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.rpc.commands.files :as files]
-   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

@@ -36,9 +35,8 @@

  Share links are resources that allows external users access to specific
  pages of a file with specific permissions (who-comment and who-inspect)."
-  {::doc/added "1.5"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id file-id] :as params}]
+
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id file-id)
    (create-share-link conn params)))
@@ -53,17 +51,18 @@
                           :who-inspect who-inspect
                           :pages pages
                           :owner-id profile-id})]
-    (update slink :pages db/decode-pgarray #{})))
+    (-> slink
+        (update :pages db/decode-pgarray #{}))))

 ;; --- Mutation: Delete Share Link

+(declare delete-share-link)
+
 (s/def ::delete-share-link
  (s/keys :req-un [::profile-id ::id]))

 (sv/defmethod ::delete-share-link
-  {::doc/added "1.5"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (let [slink (db/get-by-id conn :share-link id)]
      (files/check-edition-permissions! conn profile-id (:file-id slink))
--- a/backend/src/app/rpc/mutations/teams.clj
+++ b/backend/src/app/rpc/mutations/teams.clj
@@ -0,0 +1,240 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.mutations.teams
+  (:require
+   [app.common.exceptions :as ex]
+   [app.common.spec :as us]
+   [app.db :as db]
+   [app.emails :as eml]
+   [app.loggers.audit :as audit]
+   [app.media :as media]
+   [app.rpc.commands.teams :as cmd.teams]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.helpers :as rph]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]))
+
+;; --- Helpers & Specs
+
+(s/def ::id ::us/uuid)
+(s/def ::name ::us/string)
+(s/def ::profile-id ::us/uuid)
+
+;; --- Mutation: Create Team
+
+(s/def ::create-team ::cmd.teams/create-team)
+
+(sv/defmethod ::create-team
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} params]
+  (db/with-atomic [conn pool]
+    (cmd.teams/create-team conn params)))
+
+;; --- Mutation: Update Team
+
+(s/def ::update-team ::cmd.teams/update-team)
+
+(sv/defmethod ::update-team
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [id name profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (cmd.teams/check-edition-permissions! conn profile-id id)
+    (db/update! conn :team
+                {:name name}
+                {:id id})
+    nil))
+
+;; --- Mutation: Leave Team
+
+(s/def ::leave-team ::cmd.teams/leave-team)
+
+(sv/defmethod ::leave-team
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} params]
+  (db/with-atomic [conn pool]
+    (cmd.teams/leave-team conn params)))
+
+;; --- Mutation: Delete Team
+
+(s/def ::delete-team ::cmd.teams/delete-team)
+
+(sv/defmethod ::delete-team
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [id profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms (cmd.teams/get-permissions conn profile-id id)]
+      (when-not (:is-owner perms)
+        (ex/raise :type :validation
+                  :code :only-owner-can-delete-team))
+      (db/update! conn :team
+                  {:deleted-at (dt/now)}
+                  {:id id :is-default false})
+      nil)))
+
+
+;; --- Mutation: Team Update Role
+
+(s/def ::update-team-member-role ::cmd.teams/update-team-member-role)
+
+(sv/defmethod ::update-team-member-role
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} params]
+  (db/with-atomic [conn pool]
+    (cmd.teams/update-team-member-role conn params)))
+
+;; --- Mutation: Delete Team Member
+
+(s/def ::delete-team-member ::cmd.teams/delete-team-member)
+
+(sv/defmethod ::delete-team-member
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [team-id profile-id member-id] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms (cmd.teams/get-permissions conn profile-id team-id)]
+      (when-not (or (:is-owner perms)
+                    (:is-admin perms))
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+      (when (= member-id profile-id)
+        (ex/raise :type :validation
+                  :code :cant-remove-yourself))
+
+      (db/delete! conn :team-profile-rel {:profile-id member-id
+                                          :team-id team-id})
+
+      nil)))
+
+;; --- Mutation: Update Team Photo
+
+(s/def ::update-team-photo ::cmd.teams/update-team-photo)
+
+(sv/defmethod ::update-team-photo
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [cfg {:keys [file] :as params}]
+  ;; Validate incoming mime type
+  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
+  (let [cfg (update cfg :storage media/configure-assets-storage)]
+    (cmd.teams/update-team-photo cfg params)))
+
+;; --- Mutation: Invite Member
+
+(s/def ::invite-team-member ::cmd.teams/create-team-invitations)
+
+(sv/defmethod ::invite-team-member
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id team-id email emails role] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms    (cmd.teams/get-permissions conn profile-id team-id)
+          profile  (db/get-by-id conn :profile profile-id)
+          team     (db/get-by-id conn :team team-id)
+          emails   (cond-> (or emails #{}) (string? email) (conj email))]
+
+      (when-not (:is-admin perms)
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+
+      ;; First check if the current profile is allowed to send emails.
+      (when-not (eml/allow-send-emails? conn profile)
+        (ex/raise :type :validation
+                  :code :profile-is-muted
+                  :hint "looks like the profile has reported repeatedly as spam or has permanent bounces"))
+
+      (let [cfg         (assoc cfg ::cmd.teams/conn conn)
+            invitations (->> emails
+                             (map (fn [email]
+                                    {:email (str/lower email)
+                                     :team team
+                                     :profile profile
+                                     :role role}))
+                             (map (partial #'cmd.teams/create-invitation cfg)))]
+        (with-meta (vec invitations)
+          {::audit/props {:invitations (count invitations)}})))))
+
+;; --- Mutation: Create Team & Invite Members
+
+(s/def ::create-team-and-invite-members ::cmd.teams/create-team-with-invitations)
+
+(sv/defmethod ::create-team-and-invite-members
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id emails role] :as params}]
+  (db/with-atomic [conn pool]
+    (let [team     (cmd.teams/create-team conn params)
+          profile  (db/get-by-id conn :profile profile-id)
+          cfg      (assoc cfg ::cmd.teams/conn conn)]
+
+      ;; Create invitations for all provided emails.
+      (->> emails
+           (map (fn [email]
+                  {:team team
+                   :profile profile
+                   :email (str/lower email)
+                   :role role}))
+           (run! (partial #'cmd.teams/create-invitation cfg)))
+
+      (-> team
+          (vary-meta assoc ::audit/props {:invitations (count emails)})
+          (rph/with-defer
+            #(when-let [collector (::audit/collector cfg)]
+               (audit/submit! collector
+                              {:type "mutation"
+                               :name "invite-team-member"
+                               :profile-id profile-id
+                               :props {:emails emails
+                                       :role role
+                                       :profile-id profile-id
+                                       :invitations (count emails)}})))))))
+
+;; --- Mutation: Update invitation role
+
+(s/def ::update-team-invitation-role
+  (s/keys :req-un [::profile-id ::team-id ::email ::role]))
+
+(sv/defmethod ::update-team-invitation-role
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id team-id email role] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms (cmd.teams/get-permissions conn profile-id team-id)]
+
+      (when-not (:is-admin perms)
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+
+      (db/update! conn :team-invitation
+                  {:role (name role) :updated-at (dt/now)}
+                  {:team-id team-id :email-to (str/lower email)})
+      nil)))
+
+;; --- Mutation: Delete invitation
+
+(s/def ::delete-team-invitation ::cmd.teams/delete-team-invitation)
+
+(sv/defmethod ::delete-team-invitation
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id team-id email] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms (cmd.teams/get-permissions conn profile-id team-id)]
+
+      (when-not (:is-admin perms)
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+
+      (db/delete! conn :team-invitation
+                {:team-id team-id :email-to (str/lower email)})
+      nil)))
--- a/backend/src/app/rpc/queries/files.clj
+++ b/backend/src/app/rpc/queries/files.clj
@@ -0,0 +1,183 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.queries.files
+  (:require
+   [app.common.spec :as us]
+   [app.db :as db]
+   [app.rpc.commands.files :as files]
+   [app.rpc.commands.search :as search]
+   [app.rpc.commands.teams :as teams]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.helpers :as rph]
+   [app.rpc.queries.projects :as projects]
+   [app.util.services :as sv]
+   [clojure.spec.alpha :as s]))
+
+;; --- Query: Project Files
+
+(s/def ::project-files ::files/get-project-files)
+
+(sv/defmethod ::project-files
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id project-id] :as params}]
+  (with-open [conn (db/open pool)]
+    (projects/check-read-permissions! conn profile-id project-id)
+    (files/get-project-files conn project-id)))
+
+;; --- Query: File (By ID)
+
+(s/def ::components-v2 ::us/boolean)
+(s/def ::file
+  (s/and ::files/get-file
+         (s/keys :opt-un [::components-v2])))
+
+(defn get-file
+  [conn id features]
+  (let [file   (files/get-file conn id features)
+        thumbs (files/get-object-thumbnails conn id)]
+    (assoc file :thumbnails thumbs)))
+
+(sv/defmethod ::file
+  "Retrieve a file by its ID. Only authenticated users."
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id id features components-v2] :as params}]
+  (with-open [conn (db/open pool)]
+    (let [perms    (files/get-permissions pool profile-id id)
+          ;; BACKWARD COMPATIBILTY with the components-v2 parameter
+          features (cond-> (or features #{})
+                     components-v2 (conj "components/v2"))]
+
+      (files/check-read-permissions! perms)
+      (-> (get-file conn id features)
+          (assoc :permissions perms)))))
+
+;; --- QUERY: page
+
+(s/def ::page
+  (s/and ::files/get-page
+         (s/keys :opt-un [::components-v2])))
+
+(sv/defmethod ::page
+  "Retrieves the page data from file and returns it. If no page-id is
+  specified, the first page will be returned. If object-id is
+  specified, only that object and its children will be returned in the
+  page objects data structure.
+
+  If you specify the object-id, the page-id parameter becomes
+  mandatory.
+
+  Mainly used for rendering purposes."
+  {::doc/added "1.5"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id features components-v2] :as params}]
+  (with-open [conn (db/open pool)]
+    (files/check-read-permissions! conn profile-id file-id)
+    (let [;; BACKWARD COMPATIBILTY with the components-v2 parameter
+          features (cond-> (or features #{})
+                     components-v2 (conj "components/v2"))
+          params   (assoc params :features features)]
+
+      (files/get-page conn params))))
+
+;; --- QUERY: file-data-for-thumbnail
+
+(s/def ::file-data-for-thumbnail
+  (s/and ::files/get-file-data-for-thumbnail
+         (s/keys :opt-un [::components-v2])))
+
+(sv/defmethod ::file-data-for-thumbnail
+  "Retrieves the data for generate the thumbnail of the file. Used
+  mainly for render thumbnails on dashboard."
+  {::doc/added "1.11"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id features components-v2] :as props}]
+  (with-open [conn (db/open pool)]
+    (files/check-read-permissions! conn profile-id file-id)
+    (let [;; BACKWARD COMPATIBILTY with the components-v2 parameter
+          features (cond-> (or features #{})
+                     components-v2 (conj "components/v2"))
+          file     (files/get-file conn file-id features)]
+      {:file-id file-id
+       :revn (:revn file)
+       :page (files/get-file-data-for-thumbnail conn file)})))
+
+;; --- Query: Shared Library Files
+
+(s/def ::team-shared-files ::files/get-team-shared-files)
+
+(sv/defmethod ::team-shared-files
+  {::doc/added "1.3"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id team-id] :as params}]
+  (with-open [conn (db/open pool)]
+    (teams/check-read-permissions! conn profile-id team-id)
+    (files/get-team-shared-files conn params)))
+
+
+;; --- Query: File Libraries used by a File
+
+(s/def ::file-libraries ::files/get-file-libraries)
+
+(sv/defmethod ::file-libraries
+  {::doc/added "1.3"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id features] :as params}]
+  (with-open [conn (db/open pool)]
+    (files/check-read-permissions! conn profile-id file-id)
+    (files/get-file-libraries conn file-id features)))
+
+
+;; --- Query: Files that use this File library
+
+(s/def ::library-using-files ::files/get-library-file-references)
+
+(sv/defmethod ::library-using-files
+  {::doc/added "1.13"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  (with-open [conn (db/open pool)]
+    (files/check-read-permissions! conn profile-id file-id)
+    (files/get-library-file-references conn file-id)))
+
+;; --- QUERY: team-recent-files
+
+(s/def ::team-recent-files ::files/get-team-recent-files)
+
+(sv/defmethod ::team-recent-files
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (teams/check-read-permissions! conn profile-id team-id)
+    (files/get-team-recent-files conn team-id)))
+
+
+;; --- QUERY: get file thumbnail
+
+(s/def ::file-thumbnail ::files/get-file-thumbnail)
+
+(sv/defmethod ::file-thumbnail
+  {::doc/added "1.13"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool]} {:keys [profile-id file-id revn]}]
+  (with-open [conn (db/open pool)]
+    (files/check-read-permissions! conn profile-id file-id)
+    (-> (files/get-file-thumbnail conn file-id revn)
+        (rph/with-http-cache files/long-cache-duration))))
+
+
+;; --- QUERY: search files
+
+(s/def ::search-files ::search/search-files)
+
+(sv/defmethod ::search-files
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool]} {:keys [profile-id team-id search-term]}]
+  (some->> search-term (search/search-files pool profile-id team-id)))
--- a/backend/src/app/rpc/queries/fonts.clj
+++ b/backend/src/app/rpc/queries/fonts.clj
@@ -9,9 +9,9 @@
   [app.common.spec :as us]
   [app.db :as db]
   [app.rpc.commands.files :as files]
-   [app.rpc.commands.projects :as projects]
   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
+   [app.rpc.queries.projects :as projects]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

--- a/backend/src/app/rpc/queries/profile.clj
+++ b/backend/src/app/rpc/queries/profile.clj
@@ -6,27 +6,112 @@

 (ns app.rpc.queries.profile
  (:require
+   [app.common.exceptions :as ex]
+   [app.common.spec :as us]
   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.rpc :as-alias rpc]
-   [app.rpc.commands.profile :as profile]
-   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
+   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]))

-(s/def ::profile ::profile/get-profile)
+;; --- Helpers & Specs
+
+(declare strip-private-attrs)
+
+(s/def ::email ::us/email)
+(s/def ::fullname ::us/string)
+(s/def ::old-password ::us/string)
+(s/def ::password ::us/string)
+(s/def ::path ::us/string)
+(s/def ::user ::us/uuid)
+(s/def ::profile-id ::us/uuid)
+(s/def ::theme ::us/string)
+
+;; --- Query: Profile (own)
+
+(declare retrieve-profile)
+(declare retrieve-additional-data)
+
+(s/def ::profile
+  (s/keys :opt-un [::profile-id]))

 (sv/defmethod ::profile
-  {::rpc/auth false
-   ::doc/added "1.0"
-   ::doc/deprecated "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id]}]
+  {::rpc/auth false}
+  [{:keys [pool] :as cfg} {:keys [profile-id] :as params}]
  ;; We need to return the anonymous profile object in two cases, when
  ;; no profile-id is in session, and when db call raises not found. In all other
  ;; cases we need to reraise the exception.
-  (try
-    (-> (profile/get-profile pool profile-id)
-        (profile/strip-private-attrs)
-        (update :props profile/filter-props))
-    (catch Throwable _
-      {:id uuid/zero :fullname "Anonymous User"})))
+  (or (ex/try*
+       #(some->> profile-id (retrieve-profile pool))
+       #(when (not= :not-found (:type (ex-data %))) (throw %)))
+      {:id uuid/zero
+       :fullname "Anonymous User"}))
+
+(def ^:private sql:default-profile-team
+  "select t.id, name
+     from team as t
+    inner join team_profile_rel as tp on (tp.team_id = t.id)
+    where tp.profile_id = ?
+      and tp.is_owner is true
+      and t.is_default is true")
+
+(def ^:private sql:default-profile-project
+  "select p.id, name
+     from project as p
+    inner join project_profile_rel as tp on (tp.project_id = p.id)
+    where tp.profile_id = ?
+      and tp.is_owner is true
+      and p.is_default is true
+      and p.team_id = ?")
+
+(defn retrieve-additional-data
+  [conn id]
+  (let [team    (db/exec-one! conn [sql:default-profile-team id])
+        project (db/exec-one! conn [sql:default-profile-project id (:id team)])]
+    {:default-team-id (:id team)
+     :default-project-id (:id project)}))
+
+(defn populate-additional-data
+  [conn profile]
+  (merge profile (retrieve-additional-data conn (:id profile))))
+
+(defn filter-profile-props
+  [props]
+  (into {} (filter (fn [[k _]] (simple-ident? k))) props))
+
+(defn decode-profile-row
+  [{:keys [props] :as row}]
+  (cond-> row
+    (db/pgobject? props "jsonb")
+    (assoc :props (db/decode-transit-pgobject props))))
+
+(defn retrieve-profile-data
+  [conn id]
+  (-> (db/get-by-id conn :profile id)
+      (decode-profile-row)))
+
+(defn retrieve-profile
+  [conn id]
+  (let [profile (->> (retrieve-profile-data conn id)
+                     (strip-private-attrs)
+                     (populate-additional-data conn))]
+    (update profile :props filter-profile-props)))
+
+(def ^:private sql:profile-by-email
+  "select p.* from profile as p
+    where p.email = ?
+      and (p.deleted_at is null or
+           p.deleted_at > now())")
+
+(defn retrieve-profile-data-by-email
+  [conn email]
+  (ex/ignoring
+   (db/exec-one! conn [sql:profile-by-email (str/lower email)])))
+
+;; --- Attrs Helpers
+
+(defn strip-private-attrs
+  "Only selects a publicly visible profile attrs."
+  [row]
+  (dissoc row :password :deleted-at))
--- a/backend/src/app/rpc/queries/projects.clj
+++ b/backend/src/app/rpc/queries/projects.clj
@@ -8,39 +8,135 @@
  (:require
   [app.common.spec :as us]
   [app.db :as db]
-   [app.rpc.commands.projects :as projects]
   [app.rpc.commands.teams :as teams]
-   [app.rpc.doc :as-alias doc]
+   [app.rpc.permissions :as perms]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

+;; --- Check Project Permissions
+
+(def ^:private sql:project-permissions
+  "select tpr.is_owner,
+          tpr.is_admin,
+          tpr.can_edit
+     from team_profile_rel as tpr
+    inner join project as p on (p.team_id = tpr.team_id)
+    where p.id = ?
+      and tpr.profile_id = ?
+   union all
+   select ppr.is_owner,
+          ppr.is_admin,
+          ppr.can_edit
+     from project_profile_rel as ppr
+    where ppr.project_id = ?
+      and ppr.profile_id = ?")
+
+(defn- get-permissions
+  [conn profile-id project-id]
+  (let [rows     (db/exec! conn [sql:project-permissions
+                                 project-id profile-id
+                                 project-id profile-id])
+        is-owner (boolean (some :is-owner rows))
+        is-admin (boolean (some :is-admin rows))
+        can-edit (boolean (some :can-edit rows))]
+     (when (seq rows)
+       {:is-owner is-owner
+        :is-admin (or is-owner is-admin)
+        :can-edit (or is-owner is-admin can-edit)
+        :can-read true})))
+
+(def has-edit-permissions?
+  (perms/make-edition-predicate-fn get-permissions))
+
+(def has-read-permissions?
+  (perms/make-read-predicate-fn get-permissions))
+
+(def check-edition-permissions!
+  (perms/make-check-fn has-edit-permissions?))
+
+(def check-read-permissions!
+  (perms/make-check-fn has-read-permissions?))
+
 ;; --- Query: Projects

+(declare retrieve-projects)
+
 (s/def ::team-id ::us/uuid)
 (s/def ::profile-id ::us/uuid)
 (s/def ::projects
  (s/keys :req-un [::profile-id ::team-id]))

 (sv/defmethod ::projects
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
  [{:keys [pool]} {:keys [profile-id team-id]}]
  (with-open [conn (db/open pool)]
    (teams/check-read-permissions! conn profile-id team-id)
-    (projects/get-projects conn profile-id team-id)))
+    (retrieve-projects conn profile-id team-id)))
+
+(def sql:projects
+  "select p.*,
+          coalesce(tpp.is_pinned, false) as is_pinned,
+          (select count(*) from file as f
+            where f.project_id = p.id
+              and deleted_at is null) as count
+     from project as p
+    inner join team as t on (t.id = p.team_id)
+     left join team_project_profile_rel as tpp
+            on (tpp.project_id = p.id and
+                tpp.team_id = p.team_id and
+                tpp.profile_id = ?)
+    where p.team_id = ?
+      and p.deleted_at is null
+      and t.deleted_at is null
+    order by p.modified_at desc")
+
+(defn retrieve-projects
+  [conn profile-id team-id]
+  (db/exec! conn [sql:projects profile-id team-id]))
+

 ;; --- Query: All projects

+(declare retrieve-all-projects)
+
 (s/def ::profile-id ::us/uuid)
 (s/def ::all-projects
  (s/keys :req-un [::profile-id]))

 (sv/defmethod ::all-projects
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
  [{:keys [pool]} {:keys [profile-id]}]
  (with-open [conn (db/open pool)]
-    (projects/get-all-projects conn profile-id)))
+    (retrieve-all-projects conn profile-id)))
+
+(def sql:all-projects
+  "select p1.*, t.name as team_name, t.is_default as is_default_team
+     from project as p1
+    inner join team as t on (t.id = p1.team_id)
+    where t.id in (select team_id
+                     from team_profile_rel as tpr
+                    where tpr.profile_id = ?
+                      and (tpr.can_edit = true or
+                           tpr.is_owner = true or
+                           tpr.is_admin = true))
+      and t.deleted_at is null
+      and p1.deleted_at is null
+   union
+   select p2.*, t.name as team_name, t.is_default as is_default_team
+     from project as p2
+    inner join team as t on (t.id = p2.team_id)
+    where p2.id in (select project_id
+                     from project_profile_rel as ppr
+                    where ppr.profile_id = ?
+                      and (ppr.can_edit = true or
+                           ppr.is_owner = true or
+                           ppr.is_admin = true))
+      and t.deleted_at is null
+      and p2.deleted_at is null
+    order by team_name, name;")
+
+(defn retrieve-all-projects
+  [conn profile-id]
+  (db/exec! conn [sql:all-projects profile-id profile-id]))
+

 ;; --- Query: Project

@@ -49,11 +145,9 @@
  (s/keys :req-un [::profile-id ::id]))

 (sv/defmethod ::project
-  {::doc/added "1.0"
-   ::doc/deprecated "1.18"}
  [{:keys [pool]} {:keys [profile-id id]}]
  (with-open [conn (db/open pool)]
    (let [project (db/get-by-id conn :project id)]
-      (projects/check-read-permissions! conn profile-id id)
+      (check-read-permissions! conn profile-id id)
      project)))

--- a/backend/src/app/rpc/queries/share_link.clj
+++ b/backend/src/app/rpc/queries/share_link.clj
@@ -0,0 +1,23 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.queries.share-link
+  (:require
+   [app.db :as db]))
+
+(defn decode-share-link-row
+  [row]
+  (-> row
+      (dissoc :flags)
+      (update :pages db/decode-pgarray #{})))
+
+(defn retrieve-share-link
+  [conn file-id share-id]
+  (some-> (db/get-by-params conn :share-link
+                            {:id share-id :file-id file-id}
+                            {:check-not-found false})
+          (decode-share-link-row)))
+
--- a/backend/src/app/rpc/queries/teams.clj
+++ b/backend/src/app/rpc/queries/teams.clj
@@ -0,0 +1,87 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.queries.teams
+  (:require
+   [app.db :as db]
+   [app.rpc.commands.teams :as cmd.teams]
+   [app.rpc.doc :as-alias doc]
+   [app.util.services :as sv]
+   [clojure.spec.alpha :as s]))
+
+;; --- Query: Teams
+
+(s/def ::teams ::cmd.teams/get-teams)
+
+(sv/defmethod ::teams
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id]}]
+  (with-open [conn (db/open pool)]
+    (cmd.teams/retrieve-teams conn profile-id)))
+
+;; --- Query: Team (by ID)
+
+(s/def ::team ::cmd.teams/get-team)
+
+(sv/defmethod ::team
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id id]}]
+  (with-open [conn (db/open pool)]
+    (cmd.teams/retrieve-team conn profile-id id)))
+
+;; --- Query: Team Members
+
+(s/def ::team-members ::cmd.teams/get-team-members)
+
+(sv/defmethod ::team-members
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (cmd.teams/check-read-permissions! conn profile-id team-id)
+    (cmd.teams/retrieve-team-members conn team-id)))
+
+;; --- Query: Team Users
+(s/def ::team-users ::cmd.teams/get-team-users)
+
+(sv/defmethod ::team-users
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id team-id file-id]}]
+  (with-open [conn (db/open pool)]
+    (if team-id
+      (do
+        (cmd.teams/check-read-permissions! conn profile-id team-id)
+        (cmd.teams/retrieve-users conn team-id))
+      (let [{team-id :id} (cmd.teams/retrieve-team-for-file conn file-id)]
+        (cmd.teams/check-read-permissions! conn profile-id team-id)
+        (cmd.teams/retrieve-users conn team-id)))))
+
+;; --- Query: Team Stats
+
+(s/def ::team-stats ::cmd.teams/get-team-stats)
+
+(sv/defmethod ::team-stats
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (cmd.teams/check-read-permissions! conn profile-id team-id)
+    (cmd.teams/retrieve-team-stats conn team-id)))
+
+;; --- Query: Team invitations
+
+(s/def ::team-invitations ::cmd.teams/get-team-invitations)
+
+(sv/defmethod ::team-invitations
+  {::doc/added "1.0"
+   ::doc/deprecated "1.17"}
+  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (cmd.teams/check-read-permissions! conn profile-id team-id)
+    (cmd.teams/get-team-invitations conn team-id)))
--- a/backend/src/app/rpc/queries/viewer.clj
+++ b/backend/src/app/rpc/queries/viewer.clj
@@ -22,7 +22,7 @@
 (sv/defmethod ::view-only-bundle
  {::rpc/auth false
   ::doc/added "1.3"
-   ::doc/deprecated "1.18"}
+   ::doc/deprecated "1.17"}
  [{:keys [pool] :as cfg} {:keys [features components-v2] :as params}]
  (with-open [conn (db/open pool)]
    (let [;; BACKWARD COMPATIBILTY with the components-v2 parameter
--- a/backend/src/app/rpc/quotes.clj
+++ b/backend/src/app/rpc/quotes.clj
@@ -160,28 +160,6 @@
      (assoc ::count-sql [sql:get-teams-per-profile profile-id])
      (generic-check!)))

-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; QUOTE: ACCESS-TOKENS-PER-PROFILE
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(def ^:private sql:get-access-tokens-per-profile
-  "select count(*) as total
-     from access_token
-    where profile_id = ?")
-
-(s/def ::access-tokens-per-profile
-  (s/keys :req [::profile-id ::target]))
-
-(defmethod check-quote ::access-tokens-per-profile
-  [{:keys [::profile-id ::target] :as quote}]
-  (us/assert! ::access-tokens-per-profile quote)
-  (-> quote
-      (assoc ::default (cf/get :quotes-access-tokens-per-profile Integer/MAX_VALUE))
-      (assoc ::quote-sql [sql:get-quotes-1 target profile-id])
-      (assoc ::count-sql [sql:get-access-tokens-per-profile profile-id])
-      (generic-check!)))
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; QUOTE: PROJECTS-PER-TEAM
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -301,6 +279,7 @@
      (assoc ::count-sql [sql:get-files-per-project project-id])
      (generic-check!)))

+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; QUOTE: COMMENT-THREADS-PER-FILE
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/backend/src/app/rpc/rlimit.clj
+++ b/backend/src/app/rpc/rlimit.clj
@@ -52,7 +52,7 @@
   [app.config :as cf]
   [app.http :as-alias http]
   [app.loggers.audit :refer [parse-client-ip]]
-   [app.redis :as rds]
+   [app.redis :as redis]
   [app.redis.script :as-alias rscript]
   [app.rpc :as-alias rpc]
   [app.rpc.rlimit.result :as-alias lresult]
@@ -71,7 +71,7 @@
  (dt/duration 400))

 (def ^:private default-options
-  {:codec rds/string-codec
+  {:codec redis/string-codec
   :timeout default-timeout})

 (def ^:private bucket-rate-limit-script
@@ -141,23 +141,23 @@
  (let [script (-> bucket-rate-limit-script
                   (assoc ::rscript/keys [(str key "." service "." user-id)])
                   (assoc ::rscript/vals (conj params (dt/->seconds now))))]
-    (->> (rds/eval! redis script)
-         (p/fmap (fn [result]
-                   (let [allowed?  (boolean (nth result 0))
-                         remaining (nth result 1)
-                         reset     (* (/ (inst-ms interval) rate)
-                                      (- capacity remaining))]
-                     (l/trace :hint "limit processed"
-                              :service service
-                              :limit (name (::name limit))
-                              :strategy (name (::strategy limit))
-                              :opts (::opts limit)
+    (-> (redis/eval! redis script)
+        (p/then (fn [result]
+                  (let [allowed?  (boolean (nth result 0))
+                        remaining (nth result 1)
+                        reset     (* (/ (inst-ms interval) rate)
+                                     (- capacity remaining))]
+                    (l/trace :hint "limit processed"
+                             :service service
+                             :limit (name (::name limit))
+                             :strategy (name (::strategy limit))
+                             :opts (::opts limit)
                             :allowed? allowed?
                             :remaining remaining)
-                     (-> limit
-                         (assoc ::lresult/allowed? allowed?)
-                         (assoc ::lresult/reset (dt/plus now reset))
-                         (assoc ::lresult/remaining remaining))))))))
+                    (-> limit
+                        (assoc ::lresult/allowed? allowed?)
+                        (assoc ::lresult/reset (dt/plus now reset))
+                        (assoc ::lresult/remaining remaining))))))))

 (defmethod process-limit :window
  [redis user-id now {:keys [::nreq ::unit ::key ::service] :as limit}]
@@ -166,21 +166,21 @@
        script (-> window-rate-limit-script
                   (assoc ::rscript/keys [(str key "." service "." user-id "." (dt/format-instant ts))])
                   (assoc ::rscript/vals [nreq (dt/->seconds ttl)]))]
-    (->> (rds/eval! redis script)
-         (p/fmap (fn [result]
-                   (let [allowed?  (boolean (nth result 0))
-                         remaining (nth result 1)]
-                     (l/trace :hint "limit processed"
-                              :service service
-                              :limit (name (::name limit))
-                              :strategy (name (::strategy limit))
-                              :opts (::opts limit)
-                              :allowed? allowed?
+    (-> (redis/eval! redis script)
+        (p/then (fn [result]
+                  (let [allowed?  (boolean (nth result 0))
+                        remaining (nth result 1)]
+                    (l/trace :hint "limit processed"
+                             :service service
+                             :limit (name (::name limit))
+                             :strategy (name (::strategy limit))
+                             :opts (::opts limit)
+                             :allowed? allowed?
                             :remaining remaining)
-                     (-> limit
-                         (assoc ::lresult/allowed? allowed?)
-                         (assoc ::lresult/remaining remaining)
-                         (assoc ::lresult/reset (dt/plus ts {unit 1})))))))))
+                    (-> limit
+                        (assoc ::lresult/allowed? allowed?)
+                        (assoc ::lresult/remaining remaining)
+                        (assoc ::lresult/reset (dt/plus ts {unit 1})))))))))

 (defn- process-limits!
  [redis user-id limits now]
@@ -237,10 +237,7 @@
      uuid/zero))

 (defn wrap
-  [{:keys [::rpc/rlimit ::rds/redis] :as cfg} f mdata]
-  (us/assert! ::rpc/rlimit rlimit)
-  (us/assert! ::rds/redis redis)
-
+  [{:keys [rlimit redis] :as cfg} f mdata]
  (if rlimit
    (let [skey  (keyword (::rpc/type cfg) (->> mdata ::sv/spec name))
          sname (str (::rpc/type cfg) "." (->> mdata ::sv/spec name))]
@@ -250,7 +247,7 @@
          (try
            (let [uid (get-uid params)
                  rsp (when-let [limits (get-limits rlimit skey sname)]
-                        (let [redis (rds/get-or-connect redis ::rpc/rlimit default-options)
+                        (let [redis (redis/get-or-connect redis ::rpc/rlimit default-options)
                              rsp   (->> (process-limits! redis uid limits (dt/now))
                                         (p/merr (fn [cause]
                                                   ;; If we have an error on processing the rate-limit we just skip
@@ -308,9 +305,8 @@
         (s/keys :req [::nreq
                       ::unit]))))

-(s/def ::rpc/rlimit
-  (s/nilable
-   #(instance? clojure.lang.Agent %)))
+(s/def ::rlimit
+  #(instance? clojure.lang.Agent %))

 (s/def ::config
  (s/map-of (s/or :kw keyword? :set set?)
@@ -352,7 +348,7 @@
         ::limits limits}))))

 (defn- refresh-config
-  [{:keys [::state ::path ::wrk/executor ::wrk/scheduled-executor] :as cfg}]
+  [{:keys [state path executor scheduled-executor] :as params}]
  (letfn [(update-config [{:keys [::updated-at] :as state}]
            (let [updated-at' (fs/last-modified-time path)]
              (merge state
@@ -369,7 +365,7 @@
          (schedule-next [state]
            (px/schedule! scheduled-executor
                          (inst-ms (::refresh state))
-                          (partial refresh-config cfg))
+                          (partial refresh-config params))
            state)]

    (send-via executor state update-config)
@@ -391,11 +387,10 @@
    (and (fs/exists? path) (fs/regular-file? path) path)))

 (defmethod ig/pre-init-spec :app.rpc/rlimit [_]
-  (s/keys :req [::wrk/executor
-                ::wrk/scheduled-executor]))
+  (s/keys :req-un [::wrk/executor ::wrk/scheduled-executor]))

 (defmethod ig/init-key ::rpc/rlimit
-  [_ {:keys [::wrk/executor] :as cfg}]
+  [_ {:keys [executor] :as params}]
  (when (contains? cf/flags :rpc-rlimit)
    (let [state (agent {})]
      (set-error-handler! state on-refresh-error)
@@ -408,6 +403,6 @@
        (send-via executor state (constantly {::refresh (dt/duration "5s")}))

        ;; Force a refresh
-        (refresh-config (assoc cfg ::path path ::state state)))
+        (refresh-config (assoc params :path path :state state)))

      state)))
--- a/backend/src/app/srepl/ext.clj
+++ b/backend/src/app/srepl/ext.clj
@@ -42,8 +42,8 @@
                     :is-active is-active
                     :password password
                     :props {}}]
-        (->> (cmd.auth/create-profile! conn params)
-             (cmd.auth/create-profile-rels! conn))))))
+        (->> (cmd.auth/create-profile conn params)
+             (cmd.auth/create-profile-relations conn))))))

 (defmethod run-json-cmd* :update-profile
  [{:keys [fullname email password is-active]}]
--- a/backend/src/app/srepl/fixes.clj
+++ b/backend/src/app/srepl/fixes.clj
@@ -41,3 +41,35 @@
  ([file state]
   (repair-orphaned-shapes (:data file))
   (update state :total (fnil inc 0))))
+
+(defn rename-layout-attrs
+  ([file]
+   (let [found? (volatile! false)]
+     (letfn [(update-shape
+               [shape]
+               (when (or (= (:layout-flex-dir shape) :reverse-row)
+                         (= (:layout-flex-dir shape) :reverse-column)
+                         (= (:layout-wrap-type shape) :no-wrap))
+                 (vreset! found? true))
+               (cond-> shape
+                 (= (:layout-flex-dir shape) :reverse-row)
+                 (assoc :layout-flex-dir :row-reverse)
+                 (= (:layout-flex-dir shape) :reverse-column)
+                 (assoc :layout-flex-dir :column-reverse)
+                 (= (:layout-wrap-type shape) :no-wrap)
+                 (assoc :layout-wrap-type :nowrap)))
+
+             (update-page
+               [page]
+               (h/update-shapes page update-shape))]
+
+       (let [new-file (update file :data h/update-pages update-page)]
+         (when @found?
+           (l/info :hint "Found attrs to rename in file"
+                   :id (:id file)
+                   :name (:name file)))
+         new-file))))
+
+   ([file state]
+    (rename-layout-attrs file)
+    (update state :total (fnil inc 0))))
--- a/backend/src/app/srepl/helpers.clj
+++ b/backend/src/app/srepl/helpers.clj
@@ -70,7 +70,7 @@
  [system & {:keys [update-fn id save? migrate? inc-revn?]
             :or {save? false migrate? true inc-revn? true}}]
  (db/with-atomic [conn (:app.db/pool system)]
-    (let [file (-> (db/get-by-id conn :file id {::db/for-update? true})
+    (let [file (-> (db/get-by-id conn :file id {:for-update true})
                   (update :features db/decode-pgarray #{}))]
      (binding [*conn* conn
                pmap/*tracked* (atom {})
--- a/backend/src/app/srepl/main.clj
+++ b/backend/src/app/srepl/main.clj
@@ -12,8 +12,8 @@
   [app.common.pprint :as p]
   [app.common.spec :as us]
   [app.db :as db]
-   [app.rpc.commands.auth :as auth]
-   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.auth :as cmd.auth]
+   [app.rpc.queries.profile :as profile]
   [app.srepl.fixes :as f]
   [app.srepl.helpers :as h]
   [app.util.blob :as blob]
@@ -71,9 +71,9 @@

  (let [sprops  (:app.setup/props system)
        pool    (:app.db/pool system)
-        profile (profile/get-profile-by-email pool email)]
+        profile (profile/retrieve-profile-data-by-email pool email)]

-    (auth/send-email-verification! pool sprops profile)
+    (cmd.auth/send-email-verification! pool sprops profile)
    :email-sent))

 (defn mark-profile-as-active!
@@ -81,9 +81,10 @@
  associated with the profile-id."
  [system email]
  (db/with-atomic [conn (:app.db/pool system)]
-    (when-let [profile (db/get* conn :profile
-                                {:email (str/lower email)}
-                                {:columns [:id :email]})]
+    (when-let [profile (db/get-by-params conn :profile
+                                         {:email (str/lower email)}
+                                         {:columns [:id :email]
+                                          :check-not-found false})]
      (when-not (:is-blocked profile)
        (db/update! conn :profile {:is-active true} {:id (:id profile)})
        :activated))))
@@ -93,9 +94,10 @@
  associated with the profile-id."
  [system email]
  (db/with-atomic [conn (:app.db/pool system)]
-    (when-let [profile (db/get* conn :profile
-                                {:email (str/lower email)}
-                                {:columns [:id :email]})]
+    (when-let [profile (db/get-by-params conn :profile
+                                         {:email (str/lower email)}
+                                         {:columns [:id :email]
+                                          :check-not-found false})]
      (when-not (:is-blocked profile)
        (db/update! conn :profile {:is-blocked true} {:id (:id profile)})
        (db/delete! conn :http-session {:profile-id (:id profile)})
--- a/backend/src/app/storage.clj
+++ b/backend/src/app/storage.clj
@@ -188,7 +188,7 @@
          res (db/update! (or conn pool) :storage-object
                          {:touched-at (dt/now)}
                          {:id id}
-                          {::db/return-keys? false})]
+                          {:return-keys false})]
      (pos? (:next.jdbc/update-count res)))))

 (defn get-object-data
@@ -247,7 +247,7 @@
          res (db/update! (or conn pool) :storage-object
                          {:deleted-at (dt/now)}
                          {:id id}
-                          {::db/return-keys? false})]
+                          {:return-keys false})]
      (pos? (:next.jdbc/update-count res)))))

 (dm/export impl/resolve-backend)
--- a/backend/src/app/util/retry.clj
+++ b/backend/src/app/util/retry.clj
@@ -29,6 +29,6 @@
                         (throw cause#))))]
       (if (= ::retry result#)
         (do
-           (l/warn :hint "retrying operation" :label ~label :retry tnum#)
+           (l/warn :hint "retrying operation" :label ~label)
           (recur (inc tnum#)))
         result#))))
--- a/backend/src/app/util/websocket.clj
+++ b/backend/src/app/util/websocket.clj
@@ -60,7 +60,7 @@
  (assert (fn? on-snd-message) "'on-snd-message' should be a function")
  (assert (fn? on-connect) "'on-connect' should be a function")

-  (fn [{:keys [::yws/channel] :as request}]
+  (fn [{:keys [::yws/channel session-id] :as request}]
    (let [input-ch   (a/chan input-buff-size)
          output-ch  (a/chan output-buff-size)
          hbeat-ch   (a/chan (a/sliding-buffer 6))
@@ -81,6 +81,7 @@
                                 ::stop-ch stop-ch
                                 ::channel channel
                                 ::remote-addr ip-addr
+                                 ::http-session-id session-id
                                 ::user-agent uagent})
                         (atom))

--- a/backend/src/app/worker.clj
+++ b/backend/src/app/worker.clj
@@ -45,7 +45,7 @@

 (defmethod ig/init-key ::executor
  [skey {:keys [::parallelism]}]
-  (let [prefix  (if (vector? skey) (-> skey first name keyword) "default")
+  (let [prefix  (if (vector? skey) (-> skey first name keyword) :default)
        tname   (str "penpot/" prefix "/%s")
        factory (px/forkjoin-thread-factory :name tname)]
    (px/forkjoin-executor
--- a/backend/test/backend_tests/bounce_handling_test.clj
+++ b/backend/test/backend_tests/bounce_handling_test.clj
@@ -6,12 +6,12 @@

 (ns backend-tests.bounce-handling-test
  (:require
+   [backend-tests.helpers :as th]
   [app.db :as db]
   [app.emails :as emails]
   [app.http.awsns :as awsns]
   [app.tokens :as tokens]
   [app.util.time :as dt]
-   [backend-tests.helpers :as th]
   [clojure.pprint :refer [pprint]]
   [clojure.test :as t]
   [mockery.core :refer [with-mocks]]))
--- a/backend/test/backend_tests/helpers.clj
+++ b/backend/test/backend_tests/helpers.clj
@@ -8,7 +8,6 @@
  (:require
   [app.auth]
   [app.common.data :as d]
-   [app.common.exceptions :as ex]
   [app.common.flags :as flags]
   [app.common.pages :as cp]
   [app.common.pprint :as pp]
@@ -17,15 +16,13 @@
   [app.config :as cf]
   [app.db :as db]
   [app.main :as main]
-   [app.media :as-alias mtx]
   [app.media]
   [app.migrations]
-   [app.msgbus :as-alias mbus]
   [app.rpc :as-alias rpc]
   [app.rpc.commands.auth :as cmd.auth]
   [app.rpc.commands.files :as files]
-   [app.rpc.commands.files-create :as files.create]
-   [app.rpc.commands.files-update :as files.update]
+   [app.rpc.commands.files.create :as files.create]
+   [app.rpc.commands.files.update :as files.update]
   [app.rpc.commands.teams :as teams]
   [app.rpc.helpers :as rph]
   [app.rpc.mutations.profile :as profile]
@@ -67,50 +64,52 @@

 (defn state-init
  [next]
-  (with-redefs [app.config/flags (flags/parse flags/default default-flags)
-                app.config/config config
-                app.loggers.audit/submit! (constantly nil)
-                app.auth/derive-password identity
-                app.auth/verify-password (fn [a b] {:valid (= a b)})]
-
-    (let [templates [{:id "test"
-                      :name "test"
-                      :file-uri "test"
-                      :thumbnail-uri "test"
-                      :path (-> "backend_tests/test_files/template.penpot" io/resource fs/path)}]
-          system (-> (merge main/system-config main/worker-config)
-                     (assoc-in [:app.redis/redis :app.redis/uri] (:redis-uri config))
-                     (assoc-in [:app.db/pool :uri] (:database-uri config))
-                     (assoc-in [:app.db/pool :username] (:database-username config))
-                     (assoc-in [:app.db/pool :password] (:database-password config))
-                     (assoc-in [:app.rpc/methods :templates] templates)
-                     (dissoc :app.srepl/server
-                             :app.http/server
-                             :app.http/router
-                             :app.auth.oidc/google-provider
-                             :app.auth.oidc/gitlab-provider
-                             :app.auth.oidc/github-provider
-                             :app.auth.oidc/generic-provider
-                             :app.setup/builtin-templates
-                             :app.auth.oidc/routes
-                             :app.worker/executors-monitor
-                             :app.http.oauth/handler
-                             :app.notifications/handler
-                             :app.loggers.mattermost/reporter
-                             :app.loggers.loki/reporter
-                             :app.loggers.database/reporter
-                             :app.loggers.zmq/receiver
-                             :app.worker/cron
-                             :app.worker/worker))
-          _      (ig/load-namespaces system)
-          system (-> (ig/prep system)
-                     (ig/init))]
-      (try
-        (binding [*system* system
-                  *pool*   (:app.db/pool system)]
-          (next))
-        (finally
-          (ig/halt! system))))))
+  (let [templates [{:id "test"
+                    :name "test"
+                    :file-uri "test"
+                    :thumbnail-uri "test"
+                    :path (-> "backend_tests/test_files/template.penpot" io/resource fs/path)}]
+        system (-> (merge main/system-config main/worker-config)
+                   (assoc-in [:app.redis/redis :app.redis/uri] (:redis-uri config))
+                   (assoc-in [:app.db/pool :uri] (:database-uri config))
+                   (assoc-in [:app.db/pool :username] (:database-username config))
+                   (assoc-in [:app.db/pool :password] (:database-password config))
+                   (assoc-in [:app.rpc/methods :templates] templates)
+                   (dissoc :app.srepl/server
+                           :app.http/server
+                           :app.http/router
+                           :app.http.awsns/handler
+                           :app.http.session/updater
+                           :app.auth.oidc/google-provider
+                           :app.auth.oidc/gitlab-provider
+                           :app.auth.oidc/github-provider
+                           :app.auth.oidc/generic-provider
+                           :app.setup/builtin-templates
+                           :app.auth.oidc/routes
+                           :app.worker/executors-monitor
+                           :app.http.oauth/handler
+                           :app.notifications/handler
+                           :app.loggers.sentry/reporter
+                           :app.loggers.mattermost/reporter
+                           :app.loggers.loki/reporter
+                           :app.loggers.database/reporter
+                           :app.loggers.zmq/receiver
+                           :app.worker/cron
+                           :app.worker/worker))
+        _      (ig/load-namespaces system)
+        system (-> (ig/prep system)
+                   (ig/init))]
+    (try
+      (binding [*system* system
+                *pool*   (:app.db/pool system)]
+        (with-redefs [app.config/flags (flags/parse flags/default default-flags (:flags config))
+                      app.config/config config
+                      app.loggers.audit/submit! (constantly nil)
+                      app.auth/derive-password identity
+                      app.auth/verify-password (fn [a b] {:valid (= a b)})]
+          (next)))
+      (finally
+        (ig/halt! system)))))

 (defn database-reset
  [next]
@@ -164,8 +163,8 @@
                       params)]
     (with-open [conn (db/open pool)]
       (->> params
-            (cmd.auth/create-profile! conn)
-            (cmd.auth/create-profile-rels! conn))))))
+            (cmd.auth/create-profile conn)
+            (cmd.auth/create-profile-relations conn))))))

 (defn create-project*
  ([i params] (create-project* *pool* i params))
@@ -275,10 +274,12 @@
  ([pool {:keys [file-id changes session-id profile-id revn]
          :or {session-id (uuid/next) revn 0}}]
   (with-open [conn (db/open pool)]
-     (let [features #{"components/v2"}
-           cfg      (-> (select-keys *system* [::mbus/msgbus ::mtx/metrics])
-                        (assoc :conn conn))]
-       (files.update/update-file cfg
+     (let [msgbus    (:app.msgbus/msgbus *system*)
+           metrics   (:app.metrics/metrics *system*)
+           features  #{"components/v2"}]
+       (files.update/update-file {:conn conn
+                                  :msgbus msgbus
+                                  :metrics metrics}
                                 {:id file-id
                                  :revn revn
                                  :features features
@@ -321,11 +322,6 @@
 (defn command!
  [{:keys [::type] :as data}]
  (let [method-fn (get-in *system* [:app.rpc/methods :commands type])]
-    (when-not method-fn
-      (ex/raise :type :assertion
-                :code :rpc-method-not-found
-                :hint (str/ffmt "rpc method '%' not found" (name type))))
-
    ;; (app.common.pprint/pprint (:app.rpc/methods *system*))
    (try-on! (method-fn (-> data
                            (dissoc ::type)
--- a/backend/test/backend_tests/rpc_access_tokens_test.clj
+++ b/backend/test/backend_tests/rpc_access_tokens_test.clj
@@ -1,76 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns backend-tests.rpc-access-tokens-test
-  (:require
-   [app.common.uuid :as uuid]
-   [app.db :as db]
-   [app.http :as http]
-   [app.storage :as sto]
-   [app.rpc :as-alias rpc]
-   [backend-tests.helpers :as th]
-   [clojure.test :as t]
-   [mockery.core :refer [with-mocks]]))
-
-(t/use-fixtures :once th/state-init)
-(t/use-fixtures :each th/database-reset)
-
-(t/deftest access-tokens-crud
-  (let [prof    (th/create-profile* 1 {:is-active true})
-        team-id (:default-team-id prof)
-        proj-id (:default-project-id prof)
-        atoken  (atom nil)]
-
-    (t/testing "create access token"
-      (let [params {::th/type :create-access-token
-                    ::rpc/profile-id (:id prof)
-                    :name "token 1"
-                    :perms ["get-profile"]}
-            out    (th/command! params)]
-        ;; (th/print-result! out)
-        (t/is (nil? (:error out)))
-
-        (let [result (:result out)]
-          (reset! atoken result)
-          (t/is (contains? result :id))
-          (t/is (contains? result :created-at))
-          (t/is (contains? result :updated-at))
-          (t/is (contains? result :token))
-          (t/is (contains? result :perms)))))
-
-    (t/testing "get access token"
-      (let [params {::th/type :get-access-tokens
-                    ::rpc/profile-id (:id prof)}
-            out    (th/command! params)]
-        ;; (th/print-result! out)
-        (t/is (nil? (:error out)))
-        (let [[result :as results] (:result out)]
-          (t/is (= 1 (count results)))
-          (t/is (contains? result :id))
-          (t/is (contains? result :created-at))
-          (t/is (contains? result :updated-at))
-          (t/is (contains? result :token))
-          (t/is (contains? result :perms))
-          (t/is (= @atoken result)))))
-
-    (t/testing "delete access token"
-      (let [params {::th/type :delete-access-token
-                    ::rpc/profile-id (:id prof)
-                    :id (:id @atoken)}
-            out    (th/command! params)]
-        ;; (th/print-result! out)
-        (t/is (nil? (:error out)))
-        (t/is (nil? (:result out)))))
-
-    (t/testing "get access token after delete"
-      (let [params {::th/type :get-access-tokens
-                    ::rpc/profile-id (:id prof)}
-            out    (th/command! params)]
-        ;; (th/print-result! out)
-        (t/is (nil? (:error out)))
-        (let [results (:result out)]
-          (t/is (= 0 (count results))))))
-    ))
--- a/backend/test/backend_tests/rpc_comment_test.clj
+++ b/backend/test/backend_tests/rpc_comment_test.clj
@@ -154,7 +154,7 @@
          (t/is (th/success? out))
          (let [[thread :as result] (:result out)]
            (t/is (= 1 (count result)))
-            (t/is (= "Page-1" (:page-name thread)))
+            (t/is (= "Page 1" (:page-name thread)))
            (t/is (= "hello world" (:content thread)))
            (t/is (= 2 (:count-comments thread)))
            (t/is (true? (:is-resolved thread))))))
--- a/backend/test/backend_tests/rpc_file_test.clj
+++ b/backend/test/backend_tests/rpc_file_test.clj
@@ -652,9 +652,7 @@
      ;; check that the unknown frame thumbnail is deleted
      (let [res (th/db-exec! ["select * from file_object_thumbnail"])]
        (t/is (= 1 (count res)))
-        (t/is (= "new-data" (get-in res [0 :data])))))
-
-    ))
+        (t/is (= "new-data" (get-in res [0 :data])))))))


 (t/deftest file-thumbnail-ops
--- a/backend/test/backend_tests/rpc_font_test.clj
+++ b/backend/test/backend_tests/rpc_font_test.clj
@@ -9,7 +9,6 @@
   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.http :as http]
-   [app.rpc :as-alias rpc]
   [app.storage :as sto]
   [backend-tests.helpers :as th]
   [clojure.test :as t]
@@ -32,14 +31,14 @@
                      io/read-as-bytes)

          params  {::th/type :create-font-variant
-                   ::rpc/profile-id (:id prof)
+                   :profile-id (:id prof)
                   :team-id team-id
                   :font-id font-id
                   :font-family "somefont"
                   :font-weight 400
                   :font-style "normal"
                   :data {"font/ttf" ttfdata}}
-          out     (th/command! params)]
+          out     (th/mutation! params)]

      (t/is (= 1 (:call-count @mock)))

@@ -69,14 +68,14 @@
                    io/read-as-bytes)

        params  {::th/type :create-font-variant
-                 ::rpc/profile-id (:id prof)
+                 :profile-id (:id prof)
                 :team-id team-id
                 :font-id font-id
                 :font-family "somefont"
                 :font-weight 400
                 :font-style "normal"
                 :data {"font/woff" data}}
-        out     (th/command! params)]
+        out     (th/mutation! params)]

    ;; (th/print-result! out)
    (t/is (nil? (:error out)))
@@ -92,3 +91,8 @@
        :font-family
        :font-weight
        :font-style))))
+
+
+
+
+
--- a/backend/test/backend_tests/rpc_profile_test.clj
+++ b/backend/test/backend_tests/rpc_profile_test.clj
@@ -6,14 +6,14 @@

 (ns backend-tests.rpc-profile-test
  (:require
+   [backend-tests.helpers :as th]
   [app.common.uuid :as uuid]
   [app.config :as cf]
   [app.db :as db]
-   [app.rpc :as-alias rpc]
   [app.rpc.commands.auth :as cauth]
+   [app.rpc.mutations.profile :as profile]
   [app.tokens :as tokens]
   [app.util.time :as dt]
-   [backend-tests.helpers :as th]
   [clojure.java.io :as io]
   [clojure.test :as t]
   [cuerdas.core :as str]
@@ -67,9 +67,9 @@
 (t/deftest profile-query-and-manipulation
  (let [profile (th/create-profile* 1)]
    (t/testing "query profile"
-      (let [data {::th/type :get-profile
-                  ::rpc/profile-id (:id profile)}
-            out  (th/command! data)]
+      (let [data {::th/type :profile
+                  :profile-id (:id profile)}
+            out  (th/query! data)]

        ;; (th/print-result! out)
        (t/is (nil? (:error out)))
@@ -82,20 +82,20 @@
    (t/testing "update profile"
      (let [data (assoc profile
                        ::th/type :update-profile
-                        ::rpc/profile-id (:id profile)
+                        :profile-id (:id profile)
                        :fullname "Full Name"
                        :lang "en"
                        :theme "dark")
-            out  (th/command! data)]
+            out  (th/mutation! data)]

        ;; (th/print-result! out)
        (t/is (nil? (:error out)))
        (t/is (map? (:result out)))))

    (t/testing "query profile after update"
-      (let [data {::th/type :get-profile
-                  ::rpc/profile-id (:id profile)}
-            out  (th/command! data)]
+      (let [data {::th/type :profile
+                  :profile-id (:id profile)}
+            out  (th/query! data)]

        #_(th/print-result! out)
        (t/is (nil? (:error out)))
@@ -107,12 +107,12 @@

    (t/testing "update photo"
      (let [data {::th/type :update-profile-photo
-                  ::rpc/profile-id (:id profile)
+                  :profile-id (:id profile)
                  :file {:filename "sample.jpg"
                         :size 123123
                         :path (th/tempfile "backend_tests/test_files/sample.jpg")
                         :mtype "image/jpeg"}}
-            out  (th/command! data)]
+            out  (th/mutation! data)]

        ;; (th/print-result! out)
        (t/is (nil? (:error out)))))
@@ -131,15 +131,15 @@

    ;; Request profile to be deleted
    (let [params {::th/type :delete-profile
-                  ::rpc/profile-id (:id prof)}
-          out    (th/command! params)]
+                  :profile-id (:id prof)}
+          out    (th/mutation! params)]
      (t/is (nil? (:error out))))

    ;; query files after profile soft deletion
-    (let [params {::th/type :get-project-files
-                  ::rpc/profile-id (:id prof)
-                  :project-id (:default-project-id prof)}
-          out    (th/command! params)]
+    (let [params {::th/type :project-files
+                  :project-id (:default-project-id prof)
+                  :profile-id (:id prof)}
+          out    (th/query! params)]
      ;; (th/print-result! out)
      (t/is (nil? (:error out)))
      (t/is (= 1 (count (:result out)))))
@@ -150,13 +150,13 @@

    (let [row (th/db-get :team
                         {:id (:default-team-id prof)}
-                         {::db/remove-deleted? false})]
+                         {:check-deleted? false})]
      (t/is (dt/instant? (:deleted-at row))))

    ;; query profile after delete
-    (let [params {::th/type :get-profile
-                  ::rpc/profile-id (:id prof)}
-          out    (th/command! params)]
+    (let [params {::th/type :profile
+                  :profile-id (:id prof)}
+          out    (th/query! params)]
      ;; (th/print-result! out)
      (let [result (:result out)]
        (t/is (= uuid/zero (:id result)))))))
@@ -174,7 +174,7 @@
  (let [data  {::th/type :prepare-register-profile
               :email "user@example.com"
               :password "foobar"}
-        out   (th/command! data)
+        out   (th/mutation! data)
        token (get-in out [:result :token])]
    (t/is (string? token))

@@ -183,7 +183,7 @@
    (let [data  {::th/type :register-profile
                 :fullname "foobar"
                 :accept-terms-and-privacy true}
-          out   (th/command! data)]
+          out   (th/mutation! data)]
      (let [error (:error out)]
        (t/is (th/ex-info? error))
        (t/is (th/ex-of-type? error :validation))
@@ -195,7 +195,7 @@
                 :fullname "foobar"
                 :accept-terms-and-privacy true
                 :accept-newsletter-subscription true}]
-      (let [{:keys [result error]} (th/command! data)]
+      (let [{:keys [result error]} (th/mutation! data)]
        (t/is (nil? error))))
    ))

@@ -413,11 +413,11 @@
    (let [profile (th/create-profile* 1)
          pool    (:app.db/pool th/*system*)
          data    {::th/type :request-email-change
-                   ::rpc/profile-id (:id profile)
+                   :profile-id (:id profile)
                   :email "user1@example.com"}]

      ;; without complaints
-      (let [out (th/command! data)]
+      (let [out (th/mutation! data)]
        ;; (th/print-result! out)
        (t/is (nil? (:result out)))
        (let [mock @mock]
@@ -426,14 +426,14 @@

      ;; with complaints
      (th/create-global-complaint-for pool {:type :complaint :email (:email data)})
-      (let [out (th/command! data)]
+      (let [out (th/mutation! data)]
        ;; (th/print-result! out)
        (t/is (nil? (:result out)))
        (t/is (= 2 (:call-count @mock))))

      ;; with bounces
      (th/create-global-complaint-for pool {:type :bounce :email (:email data)})
-      (let [out   (th/command! data)
+      (let [out   (th/mutation! data)
            error (:error out)]
        ;; (th/print-result! out)
        (t/is (th/ex-info? error))
@@ -448,9 +448,9 @@
      (let [profile (th/create-profile* 1)
            pool    (:app.db/pool th/*system*)
            data    {::th/type :request-email-change
-                     ::rpc/profile-id (:id profile)
+                     :profile-id (:id profile)
                     :email "user1@example.com"}
-            out     (th/command! data)]
+            out     (th/mutation! data)]

        ;; (th/print-result! out)
        (t/is (false? (:called? @mock)))
@@ -467,7 +467,7 @@

      ;; with invalid email
      (let [data (assoc data :email "foo@bar.com")
-            out  (th/command! data)]
+            out  (th/mutation! data)]
        (t/is (nil? (:result out)))
        (t/is (= 0 (:call-count @mock))))

@@ -512,10 +512,10 @@
 (t/deftest update-profile-password
  (let [profile (th/create-profile* 1)
        data  {::th/type :update-profile-password
-               ::rpc/profile-id (:id profile)
+               :profile-id (:id profile)
               :old-password "123123"
               :password "foobarfoobar"}
-        out   (th/command! data)]
+        out   (th/mutation! data)]
    (t/is (nil? (:error out)))
    (t/is (nil? (:result out)))
  ))
@@ -524,10 +524,10 @@
 (t/deftest update-profile-password-bad-old-password
  (let [profile (th/create-profile* 1)
        data  {::th/type :update-profile-password
-               ::rpc/profile-id (:id profile)
+               :profile-id (:id profile)
               :old-password "badpassword"
               :password "foobarfoobar"}
-        {:keys [result error] :as out} (th/command! data)]
+        {:keys [result error] :as out} (th/mutation! data)]
    (t/is (th/ex-info? error))
    (t/is (th/ex-of-type? error :validation))
    (t/is (th/ex-of-code? error :old-password-not-match))))
@@ -536,10 +536,10 @@
 (t/deftest update-profile-password-email-as-password
  (let [profile (th/create-profile* 1)
        data  {::th/type :update-profile-password
-               ::rpc/profile-id (:id profile)
+               :profile-id (:id profile)
               :old-password "123123"
               :password "profile1.test@nodomain.com"}
-        {:keys [result error] :as out} (th/command! data)]
+        {:keys [result error] :as out} (th/mutation! data)]
    (t/is (th/ex-info? error))
    (t/is (th/ex-of-type? error :validation))
    (t/is (th/ex-of-code? error :email-as-password))))
--- a/backend/test/backend_tests/rpc_project_test.clj
+++ b/backend/test/backend_tests/rpc_project_test.clj
@@ -9,7 +9,6 @@
   [backend-tests.helpers :as th]
   [app.common.uuid :as uuid]
   [app.db :as db]
-   [app.rpc :as-alias rpc]
   [app.http :as http]
   [app.util.time :as dt]
   [clojure.test :as t]))
@@ -215,10 +214,10 @@
      (t/is (= 0 (:processed result))))

    ;; query the list of files of a after soft deletion
-    (let [data {::th/type :get-project-files
-                ::rpc/profile-id (:id profile1)
-                :project-id (:id project)}
-          out  (th/command! data)]
+    (let [data {::th/type :project-files
+                :project-id (:id project)
+                :profile-id (:id profile1)}
+          out  (th/query! data)]
      ;; (th/print-result! out)
      (t/is (nil? (:error out)))
      (let [result (:result out)]
@@ -229,10 +228,10 @@
      (t/is (= 1 (:processed result))))

    ;; query the list of files of a after hard deletion
-    (let [data {::th/type :get-project-files
-                ::rpc/profile-id (:id profile1)
-                :project-id (:id project)}
-          out  (th/command! data)]
+    (let [data {::th/type :project-files
+                :project-id (:id project)
+                :profile-id (:id profile1)}
+          out  (th/query! data)]
      ;; (th/print-result! out)
      (let [error (:error out)
            error-data (ex-data error)]
--- a/backend/test/backend_tests/rpc_team_test.clj
+++ b/backend/test/backend_tests/rpc_team_test.clj
@@ -166,6 +166,7 @@
 (t/deftest accept-invitation-tokens
  (let [profile1 (th/create-profile* 1 {:is-active true})
        profile2 (th/create-profile* 2 {:is-active true})
+        profile3 (th/create-profile* 3 {:is-active true})

        team     (th/create-team* 1 {:profile-id (:id profile1)})

@@ -181,25 +182,29 @@
                                  :member-email (:email profile2)
                                  :member-id (:id profile2)})]

-      ;; --- Verify token as anonymous user
+      (t/testing "Verify token as anonymous user"
+        (db/insert! pool :team-invitation
+                    {:team-id (:id team)
+                     :email-to (:email profile2)
+                     :role "editor"
+                     :valid-until (dt/in-future "48h")})

-      (db/insert! pool :team-invitation
-                  {:team-id (:id team)
-                   :email-to (:email profile2)
-                   :role "editor"
-                   :valid-until (dt/in-future "48h")})
+        (let [data {::th/type :verify-token :token token}
+              out  (th/command! data)]
+          ;; (th/print-result! out)
+          (t/is (th/success? out))

-      (let [data {::th/type :verify-token :token token}
-            out  (th/command! data)]
-        ;; (th/print-result! out)
-        (t/is (th/success? out))
-        (let [result (:result out)]
-          (t/is (= :created (:state result)))
-          (t/is (= (:email profile2) (:member-email result)))
-          (t/is (= (:id profile2) (:member-id result))))
+          (let [result (:result out)]
+            (t/is (contains? result :invitation-token))
+            (t/is (contains? result :iss))
+            (t/is (contains? result :redirect-to))
+            (t/is (contains? result :state))

-        (let [rows (db/query pool :team-profile-rel {:team-id (:id team)})]
-          (t/is (= 2 (count rows)))))
+            (t/is (= :pending (:state result)))
+            (t/is (= :auth-login (:redirect-to result))))
+
+          (let [rows (db/query pool :team-profile-rel {:team-id (:id team)})]
+            (t/is (= 1 (count rows))))))

      ;; Clean members
      (db/delete! pool :team-profile-rel
@@ -207,46 +212,37 @@
                   :profile-id (:id profile2)})


-      ;; --- Verify token as logged-in user
+      (t/testing "Verify token as logged-in user"
+        (let [data {::th/type :verify-token
+                    ::rpc/profile-id (:id profile2)
+                    :token token}
+              out  (th/command! data)]
+          ;; (th/print-result! out)
+          (t/is (th/success? out))
+          (let [result (:result out)]
+            (t/is (= :created (:state result)))
+            (t/is (= (:email profile2) (:member-email result)))
+            (t/is (= (:id profile2) (:member-id result))))

-      (db/insert! pool :team-invitation
-                  {:team-id (:id team)
-                   :email-to (:email profile2)
-                   :role "editor"
-                   :valid-until (dt/in-future "48h")})
+          (let [rows (db/query pool :team-profile-rel {:team-id (:id team)})]
+            (t/is (= 2 (count rows))))))

-      (let [data {::th/type :verify-token
-                  ::rpc/profile-id (:id profile2)
-                  :token token}
-            out  (th/command! data)]
-        ;; (th/print-result! out)
-        (t/is (th/success? out))
-        (let [result (:result out)]
-          (t/is (= :created (:state result)))
-          (t/is (= (:email profile2) (:member-email result)))
-          (t/is (= (:id profile2) (:member-id result))))
+      (t/testing "Verify token as logged-in wrong user"
+        (db/insert! pool :team-invitation
+                    {:team-id (:id team)
+                     :email-to (:email profile3)
+                     :role "editor"
+                     :valid-until (dt/in-future "48h")})

-        (let [rows (db/query pool :team-profile-rel {:team-id (:id team)})]
-          (t/is (= 2 (count rows)))))
-
-
-      ;; --- Verify token as logged-in wrong user
-
-      (db/insert! pool :team-invitation
-                  {:team-id (:id team)
-                   :email-to (:email profile2)
-                   :role "editor"
-                   :valid-until (dt/in-future "48h")})
-
-      (let [data {::th/type :verify-token
-                  ::rpc/profile-id (:id profile1)
-                  :token token}
-            out  (th/command! data)]
-        ;; (th/print-result! out)
-        (t/is (not (th/success? out)))
-        (let [edata (-> out :error ex-data)]
-          (t/is (= :validation (:type edata)))
-          (t/is (= :invalid-token (:code edata)))))
+        (let [data {::th/type :verify-token
+                    ::rpc/profile-id (:id profile1)
+                    :token token}
+              out  (th/command! data)]
+          ;; (th/print-result! out)
+          (t/is (not (th/success? out)))
+          (let [edata (-> out :error ex-data)]
+            (t/is (= :validation (:type edata)))
+            (t/is (= :invalid-token (:code edata))))))

      )))

--- a/backend/test/backend_tests/rpc_webhooks_test.clj
+++ b/backend/test/backend_tests/rpc_webhooks_test.clj
@@ -6,11 +6,12 @@

 (ns backend-tests.rpc-webhooks-test
  (:require
+   [app.common.uri :as u]
   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.http :as http]
-   [app.storage :as sto]
   [app.rpc :as-alias rpc]
+   [app.storage :as sto]
   [backend-tests.helpers :as th]
   [clojure.test :as t]
   [mockery.core :refer [with-mocks]]))
@@ -31,7 +32,7 @@
        (let [params {::th/type :create-webhook
                      ::rpc/profile-id (:id prof)
                      :team-id team-id
-                      :uri "http://example.com"
+                      :uri (u/uri "http://example.com")
                      :mtype "application/json"}
              out    (th/command! params)]

--- a/common/src/app/common/data.cljc
+++ b/common/src/app/common/data.cljc
@@ -203,19 +203,22 @@
  ([coll value]
   (sequence (replace-by-id value) coll)))

-(defn without-nils
-  "Given a map, return a map removing key-value
-  pairs when value is `nil`."
-  [data]
-  (into {} (remove (comp nil? second)) data))
-
 (defn vec-without-nils
  [coll]
  (into [] (remove nil?) coll))

+(defn without-nils
+  "Given a map, return a map removing key-value
+  pairs when value is `nil`."
+  ([] (remove (comp nil? val)))
+  ([data]
+   (into {} (without-nils) data)))
+
 (defn without-qualified
-  [data]
-  (into {} (remove (comp qualified-keyword? first)) data))
+  ([]
+   (remove (comp qualified-keyword? key)))
+  ([data]
+   (into {} (without-qualified) data)))

 (defn without-keys
  "Return a map without the keys provided
--- a/common/src/app/common/file_builder.cljc
+++ b/common/src/app/common/file_builder.cljc
@@ -200,7 +200,7 @@

  (assert (nil? (:current-component-id file)))
  (let [page-id (or (:id data) (uuid/next))
-        page (-> (ctp/make-empty-page page-id "Page-1")
+        page (-> (ctp/make-empty-page page-id "Page 1")
                 (d/deep-merge data))]
    (-> file
        (commit-change
--- a/Show More
+++ b/Show More