wip

🐛 Fix some synchronization problems
Merge remote-tracking branch 'origin/staging' into develop
2026-01-04 04:18:51 -05:00 · 2023-01-23 16:53:54 +01:00 · 2023-01-23 16:50:27 +01:00 · 2023-01-23 11:06:05 +01:00 · 2023-01-23 11:05:28 +01:00 · 2023-01-23 10:35:55 +01:00
408 changed files with 15183 additions and 11186 deletions
--- a/.clj-kondo/config.edn
+++ b/.clj-kondo/config.edn
@@ -45,6 +45,15 @@
  :redundant-do
  {:level :off}

+  :earmuffed-var-not-dynamic
+  {:level :off}
+
+  :dynamic-var-not-earmuffed
+  {:level :off}
+
+  :used-underscored-binding
+  {:level :warning}
+
  :unused-binding
  {:exclude-destructured-as true
   :exclude-destructured-keys-in-fn-args false
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,14 +1,28 @@
 # CHANGELOG

-## :rocket: Next (1.17)
+## :rocket: Next

 ### :boom: Breaking changes & Deprecations
+
+### :sparkles: New features
+
+### :bug: Bugs fixed
+
+### :arrow_up: Deps updates
+
+### :heart: Community contributions by (Thank you!)
+
+
+## 1.17.0
+
 ### :sparkles: New features

 - Adds layout flex functionality for boards
 - Better overlays interactions on boards inside boards [Taiga #4386](https://tree.taiga.io/project/penpot/us/4386)
 - Show board miniature in manual overlay setting [Taiga #4475](https://tree.taiga.io/project/penpot/issue/4475)
 - Handoff visual improvements [Taiga #3124](https://tree.taiga.io/project/penpot/us/3124)
+- Dynamic alignment only in sight [Github 1971](https://github.com/penpot/penpot/issues/1971)
+- Add some accessibility to shortcut panel [Taiga #4713](https://tree.taiga.io/project/penpot/issue/4713)

 ### :bug: Bugs fixed

@@ -19,11 +33,43 @@
 - Fix twitter support account link [Taiga #4279](https://tree.taiga.io/project/penpot/issue/4279)
 - Fix lang autodetect issue [Taiga #4277](https://tree.taiga.io/project/penpot/issue/4277)
 - Fix adding an extra page on import [Taiga #4543](https://tree.taiga.io/project/penpot/task/4543)
+- Fix unable to select text at assets inputs in firefox [Taiga #4572](https://tree.taiga.io/project/penpot/issue/4572)
+- Fix component sync when converting to path [Taiga #3642](https://tree.taiga.io/project/penpot/issue/3642)
+- Fix style for team invite in deutsch [Taiga #4614](https://tree.taiga.io/project/penpot/issue/4614)
+- Fix problem with text edition in Safari [Taiga #4046](https://tree.taiga.io/project/penpot/issue/4046)
+- Fix show outline with rounded corners on rects [Taiga #4053](https://tree.taiga.io/project/penpot/issue/4053)
+- Fix wrong interaction between comments and panning modes [Taiga #4297](https://tree.taiga.io/project/penpot/issue/4297)
+- Fix bad element positioning on interaction with fixed scroll [Github #2660](https://github.com/penpot/penpot/issues/2660)
+- Fix display type of component library not persistent [Taiga #4512](https://tree.taiga.io/project/penpot/issue/4512)
+- Fix problem when moving texts with keyboard [#2690](https://github.com/penpot/penpot/issues/2690)
+- Fix problem when drawing boxes won't detect mouse-up [Taiga #4618](https://tree.taiga.io/project/penpot/issue/4618)
+- Fix missing loading icon on shared libraries [Taiga #4148](https://tree.taiga.io/project/penpot/issue/4148)
+- Fix selection stroke missing in properties of multiple texts [Taiga #4048](https://tree.taiga.io/project/penpot/issue/4048)
+- Fix missing create component menu for frames [Github #2670](https://github.com/penpot/penpot/issues/2670)
+- Fix "currentColor" is not converted when importing SVG [Github 2276](https://github.com/penpot/penpot/issues/2276)
+- Fix incorrect color in properties of multiple bool shapes [Taiga #4355](https://tree.taiga.io/project/penpot/issue/4355)
+- Fix pressing the enter key gives you an internal error [Github 2675](https://github.com/penpot/penpot/issues/2675) [Github 2577](https://github.com/penpot/penpot/issues/2577)
+- Fix confirm group name with enter doesn't work in assets modal [Taiga #4506](https://tree.taiga.io/project/penpot/issue/4506)
+- Fix group/ungroup shapes inside a component [Taiga #4052](https://tree.taiga.io/project/penpot/issue/4052)
+- Fix wrong update of text in components [Taiga #4646](https://tree.taiga.io/project/penpot/issue/4646)
+- Fix problem with SVG imports with style [#2605](https://github.com/penpot/penpot/issues/2605)
+- Fix ghost shapes after sync groups in components [Taiga #4649](https://tree.taiga.io/project/penpot/issue/4649)
+- Fix layer orders messed up on move, group, reparent and undo [Github #2672](https://github.com/penpot/penpot/issues/2672)
+- Fix max height in library dialog [Github #2335](https://github.com/penpot/penpot/issues/2335)
+- Fix undo ungroup (shift+g) scrambles positions [Taiga #4674](https://tree.taiga.io/project/penpot/issue/4674)
+- Fix justified text is stretched [Github #2539](https://github.com/penpot/penpot/issues/2539)
+- Fix mousewheel on viewer inspector [Taiga #4221](https://tree.taiga.io/project/penpot/issue/4221)
+- Fix path edition activated on boards [Taiga #4105](https://tree.taiga.io/project/penpot/issue/4105)
+- Fix hidden layers inside groups become visible after the group visibility is changed[Taiga #4710](https://tree.taiga.io/project/penpot/issue/4710)
+- Fix format of HSLA color on viewer [Taiga #4393](https://tree.taiga.io/project/penpot/issue/4393)
+- Fix some typos [Taiga #4724](https://tree.taiga.io/project/penpot/issue/4724)

-### :arrow_up: Deps updates
-### :heart: Community contributions by (Thank you!)
 ## 1.16.2-beta

+### :bug: Bugs fixed
+
+- Fix strage cursor behaviour after clicking viewport with text pool [Github #2447](https://github.com/penpot/penpot/issues/2447)
+
 ## 1.16.1-beta

 ### :bug: Bugs fixed
@@ -91,7 +137,6 @@
 - Fix grid not syncing immediately in multiuser [Taiga #4339](https://tree.taiga.io/project/penpot/issue/4339)
 - Fix custom font upload fails silently for unsupported formats [Taiga #4279](https://tree.taiga.io/project/penpot/issue/4280)

-### :arrow_up: Deps updates
 ### :heart: Community contributions by (Thank you!)

 - To @andrewzhurov for many code contributions on this release.
--- a/backend/deps.edn
+++ b/backend/deps.edn
@@ -1,12 +1,12 @@
 {:deps
 {penpot/common {:local/root "../common"}
  org.clojure/clojure {:mvn/version "1.11.1"}
-  org.clojure/core.async {:mvn/version "1.5.648"}
+  org.clojure/core.async {:mvn/version "1.6.673"}

  ;; Logging
-  org.zeromq/jeromq {:mvn/version "0.5.2"}
+  org.zeromq/jeromq {:mvn/version "0.5.3"}

-  com.github.luben/zstd-jni {:mvn/version "1.5.2-4"}
+  com.github.luben/zstd-jni {:mvn/version "1.5.2-5"}
  org.clojure/data.fressian {:mvn/version "1.0.0"}

  io.prometheus/simpleclient {:mvn/version "0.16.0"}
@@ -18,7 +18,7 @@

  io.prometheus/simpleclient_httpserver {:mvn/version "0.16.0"}

-  io.lettuce/lettuce-core {:mvn/version "6.2.1.RELEASE"}
+  io.lettuce/lettuce-core {:mvn/version "6.2.2.RELEASE"}
  java-http-clj/java-http-clj {:mvn/version "0.4.3"}

  funcool/yetti
@@ -27,9 +27,9 @@
   :git/url "https://github.com/funcool/yetti.git"
   :exclusions [org.slf4j/slf4j-api]}

-  com.github.seancorfield/next.jdbc {:mvn/version "1.3.834"}
+  com.github.seancorfield/next.jdbc {:mvn/version "1.3.847"}
  metosin/reitit-core {:mvn/version "0.5.18"}
-  org.postgresql/postgresql {:mvn/version "42.5.0"}
+  org.postgresql/postgresql {:mvn/version "42.5.1"}
  com.zaxxer/HikariCP {:mvn/version "5.0.1"}

  io.whitfin/siphash {:mvn/version "2.0.0"}
@@ -37,9 +37,9 @@
  buddy/buddy-hashers {:mvn/version "1.8.158"}
  buddy/buddy-sign {:mvn/version "3.4.333"}

-  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.1"}
+  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.2"}

-  org.jsoup/jsoup {:mvn/version "1.15.1"}
+  org.jsoup/jsoup {:mvn/version "1.15.3"}
  org.im4java/im4java
  {:git/tag "1.4.0-penpot-2"
   :git/sha "e2b3e16"
@@ -51,11 +51,12 @@
  integrant/integrant {:mvn/version "0.8.0"}

  dawran6/emoji {:mvn/version "0.1.5"}
-  markdown-clj/markdown-clj {:mvn/version "1.11.3"}
+  markdown-clj/markdown-clj {:mvn/version "1.11.4"}

  ;; Pretty Print specs
  pretty-spec/pretty-spec {:mvn/version "0.1.4"}
-  software.amazon.awssdk/s3 {:mvn/version "2.17.278"}}
+  software.amazon.awssdk/s3 {:mvn/version "2.19.8"}
+  }

 :paths ["src" "resources" "target/classes"]
 :aliases
@@ -69,8 +70,10 @@
    mockery/mockery {:mvn/version "RELEASE"}}
   :extra-paths ["test" "dev"]}

+
  :build
-  {:extra-deps {io.github.clojure/tools.build {:git/tag "v0.8.3" :git/sha "0d20256"}}
+  {:extra-deps
+   {io.github.clojure/tools.build {:git/tag "v0.9.0" :git/sha "8c93e0c"}}
   :ns-default build}

  :test
--- a/backend/resources/app/templates/api-doc-entry.tmpl
+++ b/backend/resources/app/templates/api-doc-entry.tmpl
@@ -6,14 +6,21 @@
    <div class="tags">
      {% if item.deprecated %}
        <span class="tag">
-          <span>Deprecated:</span>
-          <span>since v{{item.deprecated}}</span>,
+          <span>DEPRECATED</span>
+        </span>
+      {% endif %}
+
+      {% if item.auth %}
+        <span class="tag">
+          <span>AUTH</span>
+        </span>
+      {% endif %}
+      
+      {% if item.webhook %}
+        <span class="tag">
+          <span>WEBHOOK</span>
        </span>
      {% endif %}
-      <span class="tag">
-        <span>Auth:</span>
-        <span>{% if item.auth %}YES{% else %}NO{% endif %}</span>
-      </span>
    </div>
  </div>
  <div class="rpc-row-detail hidden">
--- a/backend/resources/rlimit.edn
+++ b/backend/resources/rlimit.edn
@@ -3,8 +3,8 @@
 {:default
 [[:default :window "200000/h"]]

- #{:query/teams}
+ #{:command/get-teams}
 [[:burst :bucket "5/1/5s"]]

- #{:query/profile}
- [[:burst :bucket "100/60/1m"]]}
+ #{:command/get-profile}
+ [[:burst :bucket "60/60/1m"]]}
--- a/backend/scripts/build
+++ b/backend/scripts/build
@@ -13,9 +13,9 @@ cp ../CHANGES.md target/classes/changelog.md;
 clojure -T:build jar;
 mv target/penpot.jar target/dist/penpot.jar
 cp scripts/run.template.sh target/dist/run.sh;
-cp scripts/manage.template.sh target/dist/manage.sh;
+cp scripts/manage.py target/dist/manage.py
 chmod +x target/dist/run.sh;
-chmod +x target/dist/manage.sh;
+chmod +x target/dist/manage.py

 # Prefetch
 bb ./scripts/prefetch-templates.clj resources/app/onboarding.edn builtin-templates/
--- a/backend/scripts/manage.py
+++ b/backend/scripts/manage.py
@@ -0,0 +1,167 @@
+#!/usr/bin/env python3
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Copyright (c) KALEIDOS INC
+
+import argparse
+import json
+import socket
+import sys
+
+from getpass import getpass
+from urllib.parse import urlparse
+
+PREPL_URI = "tcp://localhost:6063"
+
+def get_prepl_conninfo():
+    uri_data = urlparse(PREPL_URI)
+    if uri_data.scheme != "tcp":
+        raise RuntimeException(f"invalid PREPL_URI: {PREPL_URI}")
+
+    if not isinstance(uri_data.netloc, str):
+        raise RuntimeException(f"invalid PREPL_URI: {PREPL_URI}")
+
+    host, port = uri_data.netloc.split(":", 2)
+
+    if port is None:
+        port = 6063
+
+    if isinstance(port, str):
+        port = int(port)
+
+    return host, port
+
+def send_eval(expr):
+    host, port = get_prepl_conninfo()
+
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.connect((host, port))
+        s.send(expr.encode("utf-8"))
+        s.send(b":repl/quit\n\n")
+
+        with s.makefile() as f:
+            result = json.load(f)
+            tag = result.get("tag", None)
+            if tag != "ret":
+                raise RuntimeException("unexpected response from PREPL")
+            return result.get("val", None), result.get("exception", None)
+
+def encode(val):
+    return json.dumps(json.dumps(val))
+
+def print_error(res):
+    for error in res["via"]:
+        print("ERR:", error["message"])
+        break
+
+def run_cmd(params):
+    expr = "(app.srepl.ext/run-json-cmd {})".format(encode(params))
+    res, failed = send_eval(expr)
+    if failed:
+        print_error(res)
+        sys.exit(-1)
+
+    return res
+
+def create_profile(fullname, email, password):
+    params = {
+        "cmd": "create-profile",
+        "params": {
+            "fullname": fullname,
+            "email": email,
+            "password": password
+        }
+    }
+
+    res = run_cmd(params)
+    print(f"Created: {res['email']} / {res['id']}")
+
+def update_profile(email, fullname, password, is_active):
+    params = {
+        "cmd": "update-profile",
+        "params": {
+            "email": email,
+            "fullname": fullname,
+            "password": password,
+            "is_active": is_active
+        }
+    }
+
+    res = run_cmd(params)
+    if res is True:
+        print(f"Updated")
+    else:
+        print(f"No profile found with email {email}")
+
+def derive_password(password):
+    params = {
+        "cmd": "derive-password",
+        "params": {
+            "password": password,
+        }
+    }
+
+    res = run_cmd(params)
+    print(f"Derived password: \"{res}\"")
+
+available_commands = [
+    "create-profile",
+    "update-profile",
+    "derive-password"
+]
+
+parser = argparse.ArgumentParser(
+    description=(
+        "Penpot Command Line Interface (CLI)"
+    )
+)
+
+parser.add_argument("-V", "--version", action="version", version="Penpot CLI %%develop%%")
+parser.add_argument("action", action="store", choices=available_commands)
+parser.add_argument("-n", "--fullname", help="Fullname", action="store")
+parser.add_argument("-e", "--email", help="Email", action="store")
+parser.add_argument("-p", "--password", help="Password", action="store")
+parser.add_argument("-c", "--connect", help="Connect to PREPL", action="store", default="tcp://localhost:6063")
+
+args = parser.parse_args()
+
+PREPL_URI = args.connect
+
+if args.action == "create-profile":
+    email = args.email
+    password = args.password
+    fullname = args.fullname
+
+    if email is None:
+        email = input("Email: ")
+
+    if fullname is None:
+        fullname = input("Fullname: ")
+
+    if password is None:
+        password = getpass("Password: ")
+
+    create_profile(fullname, email, password)
+
+elif args.action == "update-profile":
+    email = args.email
+    password = args.password
+
+    if email is None:
+        email = input("Email: ")
+
+    if password is None:
+        password = getpass("Password: ")
+
+    update_profile(email, None, password, None)
+
+elif args.action == "derive-password":
+    password = args.password
+
+    if password is None:
+        password = getpass("Password: ")
+
+    derive_password(password)
--- a/backend/scripts/manage.template.sh
+++ b/backend/scripts/manage.template.sh
@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-set +e
-JAVA_CMD=$(type -p java)
-
-set -e
-if [[ ! -n "$JAVA_CMD" ]]; then
-  if [[ -n "$JAVA_HOME" ]] && [[ -x "$JAVA_HOME/bin/java" ]]; then
-    JAVA_CMD="$JAVA_HOME/bin/java"
-  else
-    >&2 echo "Couldn't find 'java'. Please set JAVA_HOME."
-    exit 1
-  fi
-fi
-
-if [ -f ./environ ]; then
-   source ./environ
-fi
-
-exec $JAVA_CMD $JVM_OPTS -jar penpot.jar -m app.cli.manage "$@"
--- a/backend/scripts/repl
+++ b/backend/scripts/repl
@@ -2,7 +2,21 @@

 export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
-export PENPOT_FLAGS="$PENPOT_FLAGS enable-backend-asserts enable-audit-log enable-transit-readable-response enable-demo-users disable-secure-session-cookies enable-smtp"
+export PENPOT_FLAGS="\
+       $PENPOT_FLAGS \
+       enable-backend-asserts \
+       enable-audit-log \
+       enable-transit-readable-response \
+       enable-demo-users \
+       disable-secure-session-cookies \
+       enable-smtp \
+       enable-prepl-server \
+       enable-urepl-server \
+       enable-rpc-climit \
+       enable-rpc-rlimit \
+       enable-soft-rpc-rlimit \
+       enable-webhooks \
+       enable-access-tokens";

 # export PENPOT_DATABASE_URI="postgresql://172.17.0.1:5432/penpot"
 # export PENPOT_DATABASE_USERNAME="penpot"
@@ -31,11 +45,12 @@ export PENPOT_STORAGE_ASSETS_S3_BUCKET=penpot
 export OPTIONS="
       -A:jmx-remote -A:dev \
       -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
-       -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
-       -J-XX:+UseG1GC \
-       -J-XX:-OmitStackTraceInFastThrow \
-       -J-Xms50m -J-Xmx1024m \
       -J-Djdk.attach.allowAttachSelf \
+       -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
+       -J-Xms50m \
+       -J-Xmx1024m \
+       -J-XX:+UseZGC \
+       -J-XX:-OmitStackTraceInFastThrow \
       -J-XX:+UnlockDiagnosticVMOptions \
       -J-XX:+DebugNonSafepoints";

--- a/backend/scripts/start-dev
+++ b/backend/scripts/start-dev
@@ -2,7 +2,7 @@

 export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
-export PENPOT_FLAGS="$PENPOT_FLAGS enable-backend-asserts enable-audit-log enable-transit-readable-response enable-demo-users disable-secure-session-cookies enable-smtp"
+export PENPOT_FLAGS="$PENPOT_FLAGS enable-backend-asserts enable-audit-log enable-transit-readable-response enable-demo-users disable-secure-session-cookies enable-smtp enable-webhooks"

 set -ex

--- a/backend/src/app/auth.clj
+++ b/backend/src/app/auth.clj
@@ -0,0 +1,26 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.auth
+  (:require
+   [buddy.hashers :as hashers]))
+
+(defn derive-password
+  [password]
+  (hashers/derive password
+                  {:alg :argon2id
+                   :memory 16384
+                   :iterations 20
+                   :parallelism 2}))
+
+(defn verify-password
+  [attempt password]
+  (try
+    (hashers/verify attempt password)
+    (catch Throwable _
+      {:update false
+       :valid false})))
+
--- a/backend/src/app/auth/ldap.clj
+++ b/backend/src/app/auth/ldap.clj
@@ -41,15 +41,18 @@
  (reduce-kv clojure.string/replace s replacements))

 (defn- search-user
-  [{:keys [conn attrs base-dn] :as cfg} email]
-  (let [query   (replace-several (:query cfg) ":username" email)
+  [{:keys [::conn base-dn] :as cfg} email]
+  (let [query  (replace-several (:query cfg) ":username" email)
+        attrs  [(:attrs-username cfg)
+                (:attrs-email cfg)
+                (:attrs-fullname cfg)]
        params  {:filter query
                 :sizelimit 1
                 :attributes attrs}]
    (first (ldap/search conn base-dn params))))

 (defn- retrieve-user
-  [{:keys [conn] :as cfg} {:keys [email password]}]
+  [{:keys [::conn] :as cfg} {:keys [email password]}]
  (when-let [{:keys [dn] :as user} (search-user cfg email)]
    (when (ldap/bind? conn dn password)
      {:fullname (get user (-> cfg :attrs-fullname keyword))
@@ -66,7 +69,7 @@
 (defn authenticate
  [cfg params]
  (with-open [conn (connect cfg)]
-    (when-let [user (-> (assoc cfg :conn conn)
+    (when-let [user (-> (assoc cfg ::conn conn)
                        (retrieve-user params))]
      (when-not (s/valid? ::info-data user)
        (let [explain (s/explain-str ::info-data user)]
@@ -100,17 +103,6 @@
                 :host (:host cfg) :port (:port cfg) :cause cause)
        nil))))

-(defn- prepare-attributes
-  [cfg]
-  (assoc cfg :attrs [(:attrs-username cfg)
-                     (:attrs-email cfg)
-                     (:attrs-fullname cfg)]))
-
-(defmethod ig/init-key ::provider
-  [_ cfg]
-  (when (:enabled? cfg)
-    (some-> cfg try-connectivity prepare-attributes)))
-
 (s/def ::enabled? ::us/boolean)
 (s/def ::host ::cf/ldap-host)
 (s/def ::port ::cf/ldap-port)
@@ -124,8 +116,7 @@
 (s/def ::attrs-fullname ::cf/ldap-attrs-fullname)
 (s/def ::attrs-username ::cf/ldap-attrs-username)

-(defmethod ig/pre-init-spec ::provider
-  [_]
+(s/def ::provider-params
  (s/keys :opt-un [::host ::port
                   ::ssl ::tls
                   ::enabled?
@@ -135,3 +126,14 @@
                   ::attrs-email
                   ::attrs-username
                   ::attrs-fullname]))
+(s/def ::provider
+  (s/nilable ::provider-params))
+
+(defmethod ig/pre-init-spec ::provider
+  [_]
+  (s/spec ::provider))
+
+(defmethod ig/init-key ::provider
+  [_ cfg]
+  (when (:enabled? cfg)
+    (try-connectivity cfg)))
--- a/backend/src/app/auth/oidc.clj
+++ b/backend/src/app/auth/oidc.clj
@@ -21,7 +21,7 @@
   [app.http.session :as session]
   [app.loggers.audit :as audit]
   [app.main :as-alias main]
-   [app.rpc.queries.profile :as profile]
+   [app.rpc.commands.profile :as profile]
   [app.tokens :as tokens]
   [app.util.json :as json]
   [app.util.time :as dt]
@@ -349,7 +349,7 @@
                   ::fullname
                   ::props]))

-(defn retrieve-info
+(defn get-info
  [{:keys [provider] :as cfg} {:keys [params] :as request}]
  (letfn [(validate-oidc [info]
            ;; If the provider is OIDC, we can proceed to check
@@ -396,14 +396,12 @@
          (p/then' validate-oidc)
          (p/then' (partial post-process state))))))

-(defn- retrieve-profile
+(defn- get-profile
  [{:keys [::db/pool ::wrk/executor] :as cfg} info]
  (px/with-dispatch executor
    (with-open [conn (db/open pool)]
      (some->> (:email info)
-               (profile/retrieve-profile-data-by-email conn)
-               (profile/populate-additional-data conn)
-               (profile/decode-profile-row)))))
+               (profile/get-profile-by-email conn)))))

 (defn- redirect-response
  [uri]
@@ -417,9 +415,9 @@
    (redirect-response uri)))

 (defn- generate-redirect
-  [{:keys [::session/session] :as cfg} request info profile]
+  [cfg request info profile]
  (if profile
-    (let [sxf    (session/create-fn session (:id profile))
+    (let [sxf    (session/create-fn cfg (:id profile))
          token  (or (:invitation-token info)
                     (tokens/generate (::main/props cfg)
                                      {:iss :auth
@@ -436,7 +434,7 @@

      (when-let [collector (::audit/collector cfg)]
        (audit/submit! collector {:type "command"
-                                  :name "login"
+                                  :name "login-with-password"
                                  :profile-id (:id profile)
                                  :ip-addr (audit/parse-client-ip request)
                                  :props (audit/profile->props profile)}))
@@ -471,8 +469,8 @@
 (defn- callback-handler
  [cfg request]
  (letfn [(process-request []
-            (p/let [info    (retrieve-info cfg request)
-                    profile (retrieve-profile cfg info)]
+            (p/let [info    (get-info cfg request)
+                    profile (get-profile cfg info)]
              (generate-redirect cfg request info profile)))

          (handle-error [cause]
@@ -524,23 +522,24 @@

 (s/def ::providers (s/map-of ::us/keyword (s/nilable ::provider)))

+(s/def ::routes vector?)
+
 (defmethod ig/pre-init-spec ::routes
  [_]
-  (s/keys :req [::http/client
+  (s/keys :req [::session/manager
+                ::http/client
                ::wrk/executor
                ::main/props
                ::db/pool
-                ::providers
-                ::session/session]))
+                ::providers]))

 (defmethod ig/init-key ::routes
-  [_ {:keys [::wrk/executor ::session/session] :as cfg}]
+  [_ {:keys [::wrk/executor] :as cfg}]
  (let [cfg (update cfg :provider d/without-nils)]
-    ["" {:middleware [[(:middleware session)]
+    ["" {:middleware [[session/authz cfg]
                      [hmw/with-dispatch executor]
                      [hmw/with-config cfg]
-                      [provider-lookup]
-                      ]}
+                      [provider-lookup]]}
     ["/auth/oauth"
      ["/:provider"
       {:handler auth-handler
@@ -548,4 +547,3 @@
      ["/:provider/callback"
       {:handler callback-handler
        :allowed-methods #{:get}}]]]))
-
--- a/backend/src/app/cli/manage.clj
+++ b/backend/src/app/cli/manage.clj
@@ -10,9 +10,8 @@
   [app.common.logging :as l]
   [app.db :as db]
   [app.main :as main]
-   [app.rpc.commands.auth :as cmd.auth]
-   [app.rpc.mutations.profile :as profile]
-   [app.rpc.queries.profile :refer [retrieve-profile-data-by-email]]
+   [app.rpc.commands.auth :as auth]
+   [app.rpc.commands.profile :as profile]
   [clojure.string :as str]
   [clojure.tools.cli :refer [parse-opts]]
   [integrant.core :as ig])
@@ -55,16 +54,17 @@
                                         :type :password}))]
    (try
      (db/with-atomic [conn (:app.db/pool system)]
-        (->> (cmd.auth/create-profile conn
-                                     {:fullname fullname
-                                      :email email
-                                      :password password
-                                      :is-active true
-                                      :is-demo false})
-             (cmd.auth/create-profile-relations conn)))
+        (->> (auth/create-profile! conn
+                                  {:fullname fullname
+                                   :email email
+                                   :password password
+                                   :is-active true
+                                   :is-demo false})
+             (auth/create-profile-rels! conn)))

      (when (pos? (:verbosity options))
        (println "User created successfully."))
+
      (System/exit 0)

      (catch Exception _e
@@ -79,7 +79,7 @@
      (db/with-atomic [conn (:app.db/pool system)]
        (let [email    (or (:email options)
                           (read-from-console {:label "Email:"}))
-              profile  (retrieve-profile-data-by-email conn email)]
+              profile  (profile/get-profile-by-email conn email)]
          (when-not profile
            (when (pos? (:verbosity options))
              (println "Profile does not exists."))
--- a/backend/src/app/config.clj
+++ b/backend/src/app/config.clj
@@ -61,11 +61,9 @@

   :public-uri "http://localhost:3449"
   :host "localhost"
-   :tenant "main"
+   :tenant "default"

   :redis-uri "redis://redis/0"
-   :srepl-host "127.0.0.1"
-   :srepl-port 6062

   :assets-storage-backend :assets-fs
   :storage-assets-fs-directory "assets"
@@ -102,7 +100,7 @@
 (s/def ::audit-log-archive-uri ::us/string)
 (s/def ::audit-log-http-handler-concurrency ::us/integer)

-(s/def ::admins ::us/set-of-strings)
+(s/def ::admins ::us/set-of-valid-emails)
 (s/def ::file-change-snapshot-every ::us/integer)
 (s/def ::file-change-snapshot-timeout ::dt/duration)

@@ -127,6 +125,17 @@
 (s/def ::database-min-pool-size ::us/integer)
 (s/def ::database-max-pool-size ::us/integer)

+(s/def ::quotes-teams-per-profile ::us/integer)
+(s/def ::quotes-access-tokens-per-profile ::us/integer)
+(s/def ::quotes-projects-per-team ::us/integer)
+(s/def ::quotes-invitations-per-team ::us/integer)
+(s/def ::quotes-profiles-per-team ::us/integer)
+(s/def ::quotes-files-per-project ::us/integer)
+(s/def ::quotes-files-per-team ::us/integer)
+(s/def ::quotes-font-variants-per-team ::us/integer)
+(s/def ::quotes-comment-threads-per-file ::us/integer)
+(s/def ::quotes-comments-per-file ::us/integer)
+
 (s/def ::default-blob-version ::us/integer)
 (s/def ::error-report-webhook ::us/string)
 (s/def ::user-feedback-destination ::us/string)
@@ -186,18 +195,15 @@
 (s/def ::smtp-ssl ::us/boolean)
 (s/def ::smtp-tls ::us/boolean)
 (s/def ::smtp-username (s/nilable ::us/string))
-(s/def ::srepl-host ::us/string)
-(s/def ::srepl-port ::us/integer)
+(s/def ::urepl-host ::us/string)
+(s/def ::urepl-port ::us/integer)
+(s/def ::prepl-host ::us/string)
+(s/def ::prepl-port ::us/integer)
 (s/def ::assets-storage-backend ::us/keyword)
-(s/def ::fdata-storage-backend ::us/keyword)
 (s/def ::storage-assets-fs-directory ::us/string)
 (s/def ::storage-assets-s3-bucket ::us/string)
 (s/def ::storage-assets-s3-region ::us/keyword)
 (s/def ::storage-assets-s3-endpoint ::us/string)
-(s/def ::storage-fdata-s3-bucket ::us/string)
-(s/def ::storage-fdata-s3-region ::us/keyword)
-(s/def ::storage-fdata-s3-prefix ::us/string)
-(s/def ::storage-fdata-s3-endpoint ::us/string)
 (s/def ::telemetry-uri ::us/string)
 (s/def ::telemetry-with-taiga ::us/boolean)
 (s/def ::tenant ::us/string)
@@ -274,6 +280,18 @@
                   ::profile-complaint-max-age
                   ::profile-complaint-threshold
                   ::public-uri
+
+                   ::quotes-teams-per-profile
+                   ::quotes-access-tokens-per-profile
+                   ::quotes-projects-per-team
+                   ::quotes-invitations-per-team
+                   ::quotes-profiles-per-team
+                   ::quotes-files-per-project
+                   ::quotes-files-per-team
+                   ::quotes-font-variants-per-team
+                   ::quotes-comment-threads-per-file
+                   ::quotes-comments-per-file
+
                   ::redis-uri
                   ::registration-domain-whitelist
                   ::rpc-rlimit-config
@@ -292,19 +310,16 @@
                   ::smtp-tls
                   ::smtp-username

-                   ::srepl-host
-                   ::srepl-port
+                   ::urepl-host
+                   ::urepl-port
+                   ::prepl-host
+                   ::prepl-port

                   ::assets-storage-backend
                   ::storage-assets-fs-directory
                   ::storage-assets-s3-bucket
                   ::storage-assets-s3-region
                   ::storage-assets-s3-endpoint
-                   ::fdata-storage-backend
-                   ::storage-fdata-s3-bucket
-                   ::storage-fdata-s3-region
-                   ::storage-fdata-s3-prefix
-                   ::storage-fdata-s3-endpoint
                   ::telemetry-enabled
                   ::telemetry-uri
                   ::telemetry-referer
--- a/backend/src/app/db.clj
+++ b/backend/src/app/db.clj
@@ -167,6 +167,7 @@
  (instance? javax.sql.DataSource v))

 (s/def ::pool pool?)
+(s/def ::conn-or-pool some?)

 (defn closed?
  [pool]
@@ -232,44 +233,46 @@
  [pool]
  (jdbc/get-connection pool))

+(def ^:private default-opts
+  {:builder-fn sql/as-kebab-maps})
+
 (defn exec!
  ([ds sv]
-   (exec! ds sv {}))
+   (jdbc/execute! ds sv default-opts))
  ([ds sv opts]
-   (jdbc/execute! ds sv (assoc opts :builder-fn sql/as-kebab-maps))))
+   (jdbc/execute! ds sv (merge default-opts opts))))

 (defn exec-one!
-  ([ds sv] (exec-one! ds sv {}))
+  ([ds sv]
+   (jdbc/execute-one! ds sv default-opts))
  ([ds sv opts]
-   (jdbc/execute-one! ds sv (assoc opts :builder-fn sql/as-kebab-maps))))
+   (jdbc/execute-one! ds sv
+                      (-> (merge default-opts opts)
+                          (assoc :return-keys (::return-keys? opts false))))))

 (defn insert!
-  ([ds table params] (insert! ds table params nil))
-  ([ds table params opts]
-   (exec-one! ds
-              (sql/insert table params opts)
-              (merge {:return-keys true} opts))))
+  [ds table params & {:as opts}]
+  (exec-one! ds
+             (sql/insert table params opts)
+             (merge {::return-keys? true} opts)))

 (defn insert-multi!
-  ([ds table cols rows] (insert-multi! ds table cols rows nil))
-  ([ds table cols rows opts]
-   (exec! ds
-          (sql/insert-multi table cols rows opts)
-          (merge {:return-keys true} opts))))
+  [ds table cols rows & {:as opts}]
+  (exec! ds
+         (sql/insert-multi table cols rows opts)
+         (merge {::return-keys? true} opts)))

 (defn update!
-  ([ds table params where] (update! ds table params where nil))
-  ([ds table params where opts]
-   (exec-one! ds
-              (sql/update table params where opts)
-              (merge {:return-keys true} opts))))
+  [ds table params where & {:as opts}]
+  (exec-one! ds
+             (sql/update table params where opts)
+             (merge {::return-keys? true} opts)))

 (defn delete!
-  ([ds table params] (delete! ds table params nil))
-  ([ds table params opts]
-   (exec-one! ds
-              (sql/delete table params opts)
-              (assoc opts :return-keys true))))
+  [ds table params & {:as opts}]
+  (exec-one! ds
+             (sql/delete table params opts)
+             (merge {::return-keys? true} opts)))

 (defn is-row-deleted?
  [{:keys [deleted-at]}]
@@ -278,56 +281,34 @@
          (inst-ms (dt/now)))))

 (defn get*
-  "Internal function for retrieve a single row from database that
-  matches a simple filters."
-  ([ds table params]
-   (get* ds table params nil))
-  ([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
-   (let [rows (exec! ds (sql/select table params opts))
-         rows (cond->> rows
-                check-deleted?
-                (remove is-row-deleted?))]
-     (first rows))))
+  "Retrieve a single row from database that matches a simple filters. Do
+  not raises exceptions."
+  [ds table params & {:as opts}]
+  (let [rows (exec! ds (sql/select table params opts))
+        rows (cond->> rows
+               (::remove-deleted? opts true)
+               (remove is-row-deleted?))]
+    (first rows)))

 (defn get
-  ([ds table params]
-   (get ds table params nil))
-  ([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
-   (let [row (get* ds table params opts)]
-     (when (and (not row) check-deleted?)
-       (ex/raise :type :not-found
-                 :code :object-not-found
-                 :table table
-                 :hint "database object not found"))
-     row)))
-
-(defn get-by-params
-  "DEPRECATED"
-  ([ds table params]
-   (get-by-params ds table params nil))
-  ([ds table params {:keys [check-not-found] :or {check-not-found true} :as opts}]
-   (let [row (get* ds table params (assoc opts :check-deleted? check-not-found))]
-     (when (and (not row) check-not-found)
-       (ex/raise :type :not-found
-                 :code :object-not-found
-                 :table table
-                 :hint "database object not found"))
-     row)))
+  "Retrieve a single row from database that matches a simple
+  filters. Raises :not-found exception if no object is found."
+  [ds table params & {:as opts}]
+  (let [row (get* ds table params opts)]
+    (when (and (not row) (::check-deleted? opts true))
+      (ex/raise :type :not-found
+                :code :object-not-found
+                :table table
+                :hint "database object not found"))
+    row))

 (defn get-by-id
-  ([ds table id]
-   (get ds table {:id id} nil))
-  ([ds table id opts]
-   (let [opts (cond-> opts
-                (contains? opts :check-not-found)
-                (assoc :check-deleted? (:check-not-found opts)))]
-     (get ds table {:id id} opts))))
+  [ds table id & {:as opts}]
+  (get ds table {:id id} opts))

 (defn query
-  ([ds table params]
-   (query ds table params nil))
-  ([ds table params opts]
-   (exec! ds (sql/select table params opts))))
+  [ds table params & {:as opts}]
+  (exec! ds (sql/select table params opts)))

 (defn pgobject?
  ([v]
--- a/backend/src/app/db/sql.clj
+++ b/backend/src/app/db/sql.clj
@@ -7,6 +7,7 @@
 (ns app.db.sql
  (:refer-clojure :exclude [update])
  (:require
+   [app.db :as-alias db]
   [clojure.string :as str]
   [next.jdbc.optional :as jdbc-opt]
   [next.jdbc.sql.builder :as sql]))
@@ -43,8 +44,10 @@
  ([table where-params opts]
   (let [opts (merge default-opts opts)
         opts (cond-> opts
-                (:for-update opts)    (assoc :suffix "FOR UPDATE")
-                (:for-key-share opts) (assoc :suffix "FOR KEY SHARE"))]
+                (::db/for-update? opts) (assoc :suffix "FOR UPDATE")
+                (::db/for-share? opts)  (assoc :suffix "FOR KEY SHARE")
+                (:for-update opts)      (assoc :suffix "FOR UPDATE")
+                (:for-key-share opts)   (assoc :suffix "FOR KEY SHARE"))]
     (sql/for-query table where-params opts))))

 (defn update
--- a/backend/src/app/emails.clj
+++ b/backend/src/app/emails.clj
@@ -257,15 +257,17 @@
  "Schedule an already defined email to be sent using asynchronously
  using worker task."
  [{:keys [::conn ::factory] :as context}]
-  (us/verify fn? factory)
  (us/verify some? conn)
-  (let [email (factory context)]
-    (wrk/submit! (assoc email
-                        ::wrk/task :sendmail
-                        ::wrk/delay 0
-                        ::wrk/max-retries 4
-                        ::wrk/priority 200
-                        ::wrk/conn conn))))
+  (let [email (if factory
+                (factory context)
+                (dissoc context ::conn))]
+    (wrk/submit! (merge
+                  {::wrk/task :sendmail
+                   ::wrk/delay 0
+                   ::wrk/max-retries 4
+                   ::wrk/priority 200
+                   ::wrk/conn conn}
+                  email))))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; SENDMAIL FN / TASK HANDLER
--- a/backend/src/app/http.clj
+++ b/backend/src/app/http.clj
@@ -6,13 +6,22 @@

 (ns app.http
  (:require
+   [app.auth.oidc :as-alias oidc]
   [app.common.data :as d]
   [app.common.logging :as l]
   [app.common.transit :as t]
+   [app.db :as-alias db]
+   [app.http.access-token :as actoken]
+   [app.http.assets :as-alias assets]
+   [app.http.awsns :as-alias awsns]
+   [app.http.debug :as-alias debug]
   [app.http.errors :as errors]
   [app.http.middleware :as mw]
   [app.http.session :as session]
+   [app.http.websocket :as-alias ws]
   [app.metrics :as mtx]
+   [app.rpc :as-alias rpc]
+   [app.rpc.doc :as-alias rpc.doc]
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]
@@ -64,7 +73,6 @@
                 :http/max-body-size (:max-body-size cfg)
                 :http/max-multipart-body-size (:max-multipart-body-size cfg)
                 :xnio/io-threads (:io-threads cfg)
-                 :xnio/worker-threads (:worker-threads cfg)
                 :xnio/dispatch (:executor cfg)
                 :ring/async true}

@@ -91,9 +99,7 @@
              (let [params  (:path-params match)
                    result  (:result match)
                    handler (or (:handler result) not-found-handler)
-                    request (-> request
-                                (assoc :path-params params)
-                                (update :params merge params))]
+                    request (assoc request :path-params params)]
                (handler request respond raise))
              (not-found-handler request respond raise)))

@@ -115,64 +121,41 @@
 ;; HTTP ROUTER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(s/def ::assets map?)
-(s/def ::awsns-handler fn?)
-(s/def ::debug-routes (s/nilable vector?))
-(s/def ::doc-routes (s/nilable vector?))
-(s/def ::feedback fn?)
-(s/def ::oauth map?)
-(s/def ::oidc-routes (s/nilable vector?))
-(s/def ::rpc-routes (s/nilable vector?))
-(s/def ::session ::session/session)
-(s/def ::storage map?)
-(s/def ::ws fn?)
-
 (defmethod ig/pre-init-spec ::router [_]
-  (s/keys :req-un [::mtx/metrics
-                   ::ws
-                   ::storage
-                   ::assets
-                   ::session
-                   ::feedback
-                   ::awsns-handler
-                   ::debug-routes
-                   ::oidc-routes
-                   ::rpc-routes
-                   ::doc-routes]))
+  (s/keys :req [::session/manager
+                ::actoken/manager
+                ::ws/routes
+                ::rpc/routes
+                ::rpc.doc/routes
+                ::oidc/routes
+                ::assets/routes
+                ::debug/routes
+                ::db/pool
+                ::mtx/routes
+                ::awsns/routes]))

 (defmethod ig/init-key ::router
-  [_ {:keys [ws session metrics assets feedback] :as cfg}]
+  [_ cfg]
  (rr/router
   [["" {:middleware [[mw/server-timing]
                      [mw/format-response]
                      [mw/params]
                      [mw/parse-request]
-                      [session/middleware-1 session]
+                      [session/soft-auth cfg]
+                      [actoken/soft-auth cfg]
                      [mw/errors errors/handle]
                      [mw/restrict-methods]]}

-     ["/metrics" {:handler (::mtx/handler metrics)
-                  :allowed-methods #{:get}}]
-
-     ["/assets" {:middleware [[session/middleware-2 session]]}
-      ["/by-id/:id" {:handler (:objects-handler assets)}]
-      ["/by-file-media-id/:id" {:handler (:file-objects-handler assets)}]
-      ["/by-file-media-id/:id/thumbnail" {:handler (:file-thumbnails-handler assets)}]]
-
-     (:debug-routes cfg)
+     (::mtx/routes cfg)
+     (::assets/routes cfg)
+     (::debug/routes cfg)

     ["/webhooks"
-      ["/sns" {:handler (:awsns-handler cfg)
-               :allowed-methods #{:post}}]]
+      (::awsns/routes cfg)]

-     ["/ws/notifications" {:middleware [[session/middleware-2 session]]
-                           :handler ws
-                           :allowed-methods #{:get}}]
+     (::ws/routes cfg)

-     ["/api" {:middleware [[mw/cors]
-                           [session/middleware-2 session]]}
-      ["/feedback" {:handler feedback
-                    :allowed-methods #{:post}}]
-      (:doc-routes cfg)
-      (:oidc-routes cfg)
-      (:rpc-routes cfg)]]]))
+     ["/api" {:middleware [[mw/cors]]}
+      (::oidc/routes cfg)
+      (::rpc.doc/routes cfg)
+      (::rpc/routes cfg)]]]))
--- a/backend/src/app/http/access_token.clj
+++ b/backend/src/app/http/access_token.clj
@@ -0,0 +1,96 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.http.access-token
+  (:require
+   [app.common.logging :as l]
+   [app.common.spec :as us]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.main :as-alias main]
+   [app.tokens :as tokens]
+   [app.worker :as-alias wrk]
+   [clojure.spec.alpha :as s]
+   [integrant.core :as ig]
+   [promesa.core :as p]
+   [promesa.exec :as px]
+   [yetti.request :as yrq]))
+
+
+(s/def ::manager
+  (s/keys :req [::db/pool ::wrk/executor ::main/props]))
+
+(defmethod ig/pre-init-spec ::manager [_] ::manager)
+(defmethod ig/init-key ::manager [_ cfg] cfg)
+(defmethod ig/halt-key! ::manager [_ _])
+
+(def header-re #"^Token\s+(.*)")
+
+(defn- get-token
+  [request]
+  (some->> (yrq/get-header request "authorization")
+           (re-matches header-re)
+           (second)))
+
+(defn- decode-token
+  [props token]
+  (when token
+    (tokens/verify props {:token token :iss "access-token"})))
+
+(defn- get-token-perms
+  [pool token-id]
+  (when-not (db/read-only? pool)
+    (when-let [token (db/get* pool :access-token {:id token-id} {:columns [:perms]})]
+      (some-> (:perms token)
+              (db/decode-pgarray #{})))))
+
+(defn- wrap-soft-auth
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)
+
+  (let [{:keys [::wrk/executor ::main/props]} manager]
+    (fn [request respond raise]
+      (let [token (get-token request)]
+        (->> (px/submit! executor (partial decode-token props token))
+             (p/fnly (fn [claims cause]
+                       (when cause
+                         (l/trace :hint "exception on decoding malformed token" :cause cause))
+                       (let [request (cond-> request
+                                       (map? claims)
+                                       (assoc ::id (:tid claims)))]
+                         (handler request respond raise)))))))))
+
+(defn- wrap-authz
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)
+  (let [{:keys [::wrk/executor ::db/pool]} manager]
+    (fn [request respond raise]
+      (if-let [token-id (::id request)]
+        (->> (px/submit! executor (partial get-token-perms pool token-id))
+             (p/fnly (fn [perms cause]
+                       (cond
+                         (some? cause)
+                         (raise cause)
+
+                         (nil? perms)
+                         (handler request respond raise)
+
+                         :else
+                         (let [request (assoc request ::perms perms)]
+                           (handler request respond raise))))))
+        (handler request respond raise)))))
+
+(def soft-auth
+  {:name ::soft-auth
+   :compile (fn [& _]
+              (when (contains? cf/flags :access-tokens)
+                wrap-soft-auth))})
+
+(def authz
+  {:name ::authz
+   :compile (fn [& _]
+              (when (contains? cf/flags :access-tokens)
+                wrap-authz))})
--- a/backend/src/app/http/assets.clj
+++ b/backend/src/app/http/assets.clj
@@ -115,7 +115,10 @@
 (s/def ::cache-max-age ::dt/duration)
 (s/def ::signature-max-age ::dt/duration)

-(defmethod ig/pre-init-spec ::handlers [_]
+(s/def ::routes vector?)
+
+;; FIXME: namespace qualified params
+(defmethod ig/pre-init-spec ::routes [_]
  (s/keys :req-un [::storage
                   ::wrk/executor
                   ::mtx/metrics
@@ -123,9 +126,9 @@
                   ::cache-max-age
                   ::signature-max-age]))

-(defmethod ig/init-key ::handlers
+(defmethod ig/init-key ::routes
  [_ cfg]
-  {:objects-handler (partial objects-handler cfg)
-   :file-objects-handler (partial file-objects-handler cfg)
-   :file-thumbnails-handler (partial file-thumbnails-handler cfg)})
-
+  ["/assets"
+   ["/by-id/:id" {:handler (partial objects-handler cfg)}]
+   ["/by-file-media-id/:id" {:handler (partial file-objects-handler cfg)}]
+   ["/by-file-media-id/:id/thumbnail" {:handler (partial file-thumbnails-handler cfg)}]])
--- a/backend/src/app/http/awsns.clj
+++ b/backend/src/app/http/awsns.clj
@@ -28,18 +28,20 @@
 (declare parse-notification)
 (declare process-report)

-(defmethod ig/pre-init-spec ::handler [_]
+(defmethod ig/pre-init-spec ::routes [_]
  (s/keys :req [::http/client
                ::main/props
                ::db/pool
                ::wrk/executor]))

-(defmethod ig/init-key ::handler
+(defmethod ig/init-key ::routes
  [_ {:keys [::wrk/executor] :as cfg}]
-  (fn [request respond _]
-    (let [data (-> request yrq/body slurp)]
-      (px/run! executor #(handle-request cfg data)))
-    (respond (yrs/response 200))))
+  (letfn [(handler [request respond _]
+            (let [data (-> request yrq/body slurp)]
+              (px/run! executor #(handle-request cfg data)))
+            (respond (yrs/response 200)))]
+    ["/sns" {:handler handler
+             :allowed-methods #{:post}}]))

 (defn handle-request
  [cfg data]
@@ -105,8 +107,7 @@
  [cfg headers]
  (let [tdata (get headers "x-penpot-data")]
    (when-not (str/empty? tdata)
-      (let [sprops (::main/props cfg)
-            result (tokens/verify sprops {:token tdata :iss :profile-identity})]
+      (let [result (tokens/verify (::main/props cfg) {:token tdata :iss :profile-identity})]
        (:profile-id result)))))

 (defn- parse-notification
--- a/backend/src/app/http/client.clj
+++ b/backend/src/app/http/client.clj
@@ -11,7 +11,8 @@
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]
-   [java-http-clj.core :as http])
+   [java-http-clj.core :as http]
+   [promesa.core :as p])
  (:import
   java.net.http.HttpClient))

@@ -34,7 +35,10 @@
   (us/assert! ::client client)
   (if sync?
     (http/send req {:client client :as response-type})
-     (http/send-async req {:client client :as response-type}))))
+     (try
+       (http/send-async req {:client client :as response-type})
+       (catch Throwable cause
+         (p/rejected cause))))))

 (defn req!
  "A convencience toplevel function for gradual migration to a new API
--- a/backend/src/app/http/debug.clj
+++ b/backend/src/app/http/debug.clj
@@ -16,8 +16,8 @@
   [app.http.middleware :as mw]
   [app.http.session :as session]
   [app.rpc.commands.binfile :as binf]
-   [app.rpc.commands.files.create :refer [create-file]]
-   [app.rpc.queries.profile :as profile]
+   [app.rpc.commands.files-create :refer [create-file]]
+   [app.rpc.commands.profile :as profile]
   [app.util.blob :as blob]
   [app.util.template :as tmpl]
   [app.util.time :as dt]
@@ -39,9 +39,9 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn authorized?
-  [pool {:keys [profile-id]}]
+  [pool {:keys [::session/profile-id]}]
  (or (= "devenv" (cf/get :host))
-      (let [profile (ex/ignoring (profile/retrieve-profile-data pool profile-id))
+      (let [profile (ex/ignoring (profile/get-profile pool profile-id))
            admins  (or (cf/get :admins) #{})]
        (contains? admins (:email profile)))))

@@ -61,7 +61,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn index-handler
-  [{:keys [pool]} request]
+  [{:keys [::db/pool]} request]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -81,7 +81,7 @@
  "select revn, changes, data from file_change where file_id=? and revn = ?")

 (defn- retrieve-file-data
-  [{:keys [pool]} {:keys [params profile-id] :as request}]
+  [{:keys [::db/pool]} {:keys [params ::session/profile-id] :as request}]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -107,8 +107,9 @@
        (prepare-download-response data filename)

        (contains? params :clone)
-        (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
-              data       (some-> data blob/decode)]
+        (let [profile    (profile/get-profile pool profile-id)
+              project-id (:default-project-id profile)
+              data       (blob/decode data)]
          (create-file pool {:id (uuid/next)
                             :name (str "Cloned file: " filename)
                             :project-id project-id
@@ -117,7 +118,7 @@
          (yrs/response 201 "OK CREATED"))

        :else
-        (prepare-response (some-> data blob/decode))))))
+        (prepare-response (blob/decode data))))))

 (defn- is-file-exists?
  [pool id]
@@ -125,8 +126,9 @@
    (-> (db/exec-one! pool [sql id]) :exists)))

 (defn- upload-file-data
-  [{:keys [pool]} {:keys [profile-id params] :as request}]
-  (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
+  [{:keys [::db/pool]} {:keys [::session/profile-id params] :as request}]
+  (let [profile    (profile/get-profile pool profile-id)
+        project-id (:default-project-id profile)
        data       (some-> params :file :path io/read-as-bytes blob/decode)]

    (if (and data project-id)
@@ -162,7 +164,7 @@
              :code :method-not-found)))

 (defn file-changes-handler
-  [{:keys [pool]} {:keys [params] :as request}]
+  [{:keys [::db/pool]} {:keys [params] :as request}]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -202,7 +204,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn error-handler
-  [{:keys [pool]} request]
+  [{:keys [::db/pool]} request]
  (letfn [(parse-id [request]
            (let [id (get-in request [:path-params :id])
                  id (parse-uuid id)]
@@ -251,7 +253,7 @@
    LIMIT 100")

 (defn error-list-handler
-  [{:keys [pool]} request]
+  [{:keys [::db/pool]} request]
  (when-not (authorized? pool request)
    (ex/raise :type :authentication
              :code :only-admins-allowed))
@@ -268,7 +270,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn export-handler
-  [{:keys [pool] :as cfg} {:keys [params profile-id] :as request}]
+  [{:keys [::db/pool] :as cfg} {:keys [params ::session/profile-id] :as request}]

  (let [file-ids (->> (:file-ids params)
                      (remove empty?)
@@ -287,7 +289,8 @@
                   (assoc ::binf/include-libraries? libs?)
                   (binf/export-to-tmpfile!))]
      (if clone?
-        (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)]
+        (let [profile    (profile/get-profile pool profile-id)
+              project-id (:default-project-id profile)]
          (binf/import!
           (assoc cfg
                  ::binf/input path
@@ -309,15 +312,16 @@


 (defn import-handler
-  [{:keys [pool] :as cfg} {:keys [params profile-id] :as request}]
+  [{:keys [::db/pool] :as cfg} {:keys [params ::session/profile-id] :as request}]
  (when-not (contains? params :file)
    (ex/raise :type :validation
              :code :missing-upload-file
              :hint "missing upload file"))

-  (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
+  (let [profile    (profile/get-profile pool profile-id)
+        project-id (:default-project-id profile)
        overwrite? (contains? params :overwrite)
-        migrate? (contains? params :migrate)
+        migrate?   (contains? params :migrate)
        ignore-index-errors? (contains? params :ignore-index-errors)]

    (when-not project-id
@@ -345,15 +349,14 @@

 (defn health-handler
  "Mainly a task that performs a health check."
-  [{:keys [pool]} _]
-  (db/with-atomic [conn pool]
-    (try
-      (db/exec-one! conn ["select count(*) as count from server_prop;"])
-      (yrs/response 200 "OK")
-      (catch Throwable cause
-        (l/warn :hint "unable to execute query on health handler"
-                :cause cause)
-        (yrs/response 503 "KO")))))
+  [{:keys [::db/pool]} _]
+  (try
+    (db/exec-one! pool ["select count(*) as count from server_prop;"])
+    (yrs/response 200 "OK")
+    (catch Throwable cause
+      (l/warn :hint "unable to execute query on health handler"
+              :cause cause)
+      (yrs/response 503 "KO"))))

 (defn changelog-handler
  [_ _]
@@ -381,16 +384,17 @@
           (raise (ex/error :type :authentication
                            :code :only-admins-allowed))))))})

-
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req-un [::db/pool ::wrk/executor ::session/session]))
+  (s/keys :req [::db/pool
+                ::wrk/executor
+                ::session/manager]))

 (defmethod ig/init-key ::routes
-  [_ {:keys [session pool executor] :as cfg}]
+  [_ {:keys [::db/pool ::wrk/executor] :as cfg}]
  [["/readyz" {:middleware [[mw/with-dispatch executor]
                            [mw/with-config cfg]]
               :handler health-handler}]
-   ["/dbg" {:middleware [[session/middleware-2 session]
+   ["/dbg" {:middleware [[session/authz cfg]
                         [with-authorization pool]
                         [mw/with-dispatch executor]
                         [mw/with-config cfg]]}
--- a/backend/src/app/http/errors.clj
+++ b/backend/src/app/http/errors.clj
@@ -11,6 +11,8 @@
   [app.common.exceptions :as ex]
   [app.common.logging :as l]
   [app.http :as-alias http]
+   [app.http.access-token :as-alias actoken]
+   [app.http.session :as-alias session]
   [clojure.spec.alpha :as s]
   [cuerdas.core :as str]
   [yetti.request :as yrq]
@@ -26,7 +28,9 @@

 (defn get-context
  [request]
-  (let [claims (:session-token-claims request)]
+  (let [claims (-> {}
+                   (into (::session/token-claims request))
+                   (into (::actoken/token-claims request)))]
    (merge
     *context*
     {:path          (:path request)
@@ -49,6 +53,10 @@
  [err _]
  (yrs/response 401 (ex-data err)))

+(defmethod handle-exception :authorization
+  [err _]
+  (yrs/response 403 (ex-data err)))
+
 (defmethod handle-exception :restriction
  [err _]
  (yrs/response 400 (ex-data err)))
--- a/backend/src/app/http/feedback.clj
+++ b/backend/src/app/http/feedback.clj
@@ -1,80 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.http.feedback
-  "A general purpose feedback module."
-  (:require
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.emails :as eml]
-   [app.rpc.queries.profile :as profile]
-   [app.worker :as wrk]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs]))
-
-(declare ^:private send-feedback)
-(declare ^:private handler)
-
-(defmethod ig/pre-init-spec ::handler [_]
-  (s/keys :req-un [::db/pool ::wrk/executor]))
-
-(defmethod ig/init-key ::handler
-  [_ {:keys [executor] :as cfg}]
-  (let [enabled? (contains? cf/flags :user-feedback)]
-    (if enabled?
-      (fn [request respond raise]
-        (-> (px/submit! executor #(handler cfg request))
-            (p/then' respond)
-            (p/catch raise)))
-      (fn [_ _ raise]
-        (raise (ex/error :type :validation
-                         :code :feedback-disabled
-                         :hint "feedback module is disabled"))))))
-
-(defn- handler
-  [{:keys [pool] :as cfg} {:keys [profile-id] :as request}]
-  (let [ftoken (cf/get :feedback-token ::no-token)
-        token  (yrq/get-header request "x-feedback-token")
-        params (d/merge (:params request)
-                        (:body-params request))]
-    (cond
-      (uuid? profile-id)
-      (let [profile (profile/retrieve-profile-data pool profile-id)
-            params  (assoc params :from (:email profile))]
-        (send-feedback pool profile params))
-
-      (= token ftoken)
-      (send-feedback cfg nil params))
-
-    (yrs/response 204)))
-
-(s/def ::content ::us/string)
-(s/def ::from    ::us/email)
-(s/def ::subject ::us/string)
-(s/def ::feedback
-  (s/keys :req-un [::from ::subject ::content]))
-
-(defn- send-feedback
-  [pool profile params]
-  (let [params      (us/conform ::feedback params)
-        destination (cf/get :feedback-destination)]
-    (eml/send! {::eml/conn pool
-                ::eml/factory eml/feedback
-                :from     destination
-                :to       destination
-                :profile  profile
-                :reply-to (:from params)
-                :email    (:from params)
-                :subject  (:subject params)
-                :content  (:content params)})
-    nil))
--- a/backend/src/app/http/middleware.clj
+++ b/backend/src/app/http/middleware.clj
@@ -78,13 +78,12 @@
              (raise cause)))]

    (fn [request respond raise]
-      (when-let [request (try
-                           (process-request request)
-                           (catch RuntimeException cause
-                             (handle-error raise (or (.getCause cause) cause)))
-                           (catch Throwable cause
-                             (handle-error raise cause)))]
-        (handler request respond raise)))))
+      (let [request (ex/try! (process-request request))]
+        (if (ex/exception? request)
+          (if (instance? RuntimeException request)
+            (handle-error raise (or (ex/cause request) request))
+            (handle-error raise request))
+          (handler request respond raise))))))

 (def parse-request
  {:name ::parse-request
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@@ -9,13 +9,17 @@
  (:require
   [app.common.data :as d]
   [app.common.logging :as l]
+   [app.common.spec :as us]
   [app.config :as cf]
   [app.db :as db]
   [app.db.sql :as sql]
+   [app.http.session.tasks :as-alias tasks]
+   [app.main :as-alias main]
   [app.tokens :as tokens]
   [app.util.time :as dt]
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]
   [integrant.core :as ig]
   [promesa.core :as p]
   [promesa.exec :as px]
@@ -44,55 +48,55 @@

 (defprotocol ISessionManager
  (read [_ key])
-  (decode [_ key])
  (write! [_ key data])
  (update! [_ data])
  (delete! [_ key]))

-(s/def ::session #(satisfies? ISessionManager %))
+(s/def ::manager #(satisfies? ISessionManager %))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; STORAGE IMPL
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

+(s/def ::session-params
+  (s/keys :req-un [::user-agent
+                   ::profile-id
+                   ::created-at]))
+
 (defn- prepare-session-params
-  [sprops data]
-  (let [profile-id (:profile-id data)
-        user-agent (:user-agent data)
-        created-at (or (:created-at data) (dt/now))
-        token      (tokens/generate sprops {:iss "authentication"
-                                            :iat created-at
-                                            :uid profile-id})]
-    {:user-agent user-agent
-     :profile-id profile-id
-     :created-at created-at
-     :updated-at created-at
-     :id token}))
+  [key params]
+  (us/assert! ::us/not-empty-string key)
+  (us/assert! ::session-params params)
+
+  {:user-agent (:user-agent params)
+   :profile-id (:profile-id params)
+   :created-at (:created-at params)
+   :updated-at (:created-at params)
+   :id key})

 (defn- database-manager
-  [{:keys [pool sprops executor]}]
+  [{:keys [::db/pool ::wrk/executor ::main/props]}]
+  ^{::wrk/executor executor
+    ::db/pool pool
+    ::main/props props}
  (reify ISessionManager
    (read [_ token]
      (px/with-dispatch executor
        (db/exec-one! pool (sql/select :http-session {:id token}))))

-    (decode [_ token]
+    (write! [_ key params]
      (px/with-dispatch executor
-        (tokens/verify sprops {:token token :iss "authentication"})))
-
-    (write! [_ _ data]
-      (px/with-dispatch executor
-        (let [params (prepare-session-params sprops data)]
+        (let [params (prepare-session-params key params)]
          (db/insert! pool :http-session params)
          params)))

-    (update! [_ data]
+    (update! [_ params]
      (let [updated-at (dt/now)]
        (px/with-dispatch executor
          (db/update! pool :http-session
                      {:updated-at updated-at}
-                      {:id (:id data)})
-          (assoc data :updated-at updated-at))))
+                      {:id (:id params)})
+          (assoc params :updated-at updated-at))))

    (delete! [_ token]
      (px/with-dispatch executor
@@ -100,39 +104,37 @@
        nil))))

 (defn inmemory-manager
-  [{:keys [sprops executor]}]
+  [{:keys [::db/pool ::wrk/executor ::main/props]}]
  (let [cache (atom {})]
+    ^{::main/props props
+      ::wrk/executor executor
+      ::db/pool pool}
    (reify ISessionManager
      (read [_ token]
        (p/do (get @cache token)))

-      (decode [_ token]
-        (px/with-dispatch executor
-          (tokens/verify sprops {:token token :iss "authentication"})))
-
-      (write! [_ _ data]
+      (write! [_ key params]
        (p/do
-          (let [{:keys [token] :as params} (prepare-session-params sprops data)]
-            (swap! cache assoc token params)
+          (let [params (prepare-session-params key params)]
+            (swap! cache assoc key params)
            params)))

-      (update! [_ data]
+      (update! [_ params]
        (p/do
          (let [updated-at (dt/now)]
-            (swap! cache update (:id data) assoc :updated-at updated-at)
-            (assoc data :updated-at updated-at))))
+            (swap! cache update (:id params) assoc :updated-at updated-at)
+            (assoc params :updated-at updated-at))))

      (delete! [_ token]
        (p/do
          (swap! cache dissoc token)
          nil)))))

-(s/def ::sprops map?)
 (defmethod ig/pre-init-spec ::manager [_]
-  (s/keys :req-un [::db/pool ::wrk/executor ::sprops]))
+  (s/keys :req [::db/pool ::wrk/executor ::main/props]))

 (defmethod ig/init-key ::manager
-  [_ {:keys [pool] :as cfg}]
+  [_ {:keys [::db/pool] :as cfg}]
  (if (db/read-only? pool)
    (inmemory-manager cfg)
    (database-manager cfg)))
@@ -144,25 +146,34 @@
 ;; MANAGER IMPL
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(declare assign-auth-token-cookie)
-(declare assign-authenticated-cookie)
-(declare clear-auth-token-cookie)
-(declare clear-authenticated-cookie)
+(declare ^:private assign-auth-token-cookie)
+(declare ^:private assign-authenticated-cookie)
+(declare ^:private clear-auth-token-cookie)
+(declare ^:private clear-authenticated-cookie)
+(declare ^:private gen-token)

 (defn create-fn
-  [manager profile-id]
-  (fn [request response]
-    (let [uagent  (yrq/get-header request "user-agent")
-          params  {:profile-id profile-id
-                   :user-agent uagent}]
-      (-> (write! manager nil params)
-          (p/then (fn [session]
-                    (l/trace :hint "create" :profile-id profile-id)
-                    (-> response
-                        (assign-auth-token-cookie session)
-                        (assign-authenticated-cookie session))))))))
+  [{:keys [::manager]} profile-id]
+  (us/assert! ::manager manager)
+  (us/assert! ::us/uuid profile-id)
+
+  (let [props (-> manager meta ::main/props)]
+    (fn [request response]
+      (let [uagent (yrq/get-header request "user-agent")
+            params {:profile-id profile-id
+                    :user-agent uagent
+                    :created-at (dt/now)}
+            token  (gen-token props params)]
+
+        (->> (write! manager token params)
+             (p/fmap (fn [session]
+                       (l/trace :hint "create" :profile-id profile-id)
+                       (-> response
+                           (assign-auth-token-cookie session)
+                           (assign-authenticated-cookie session)))))))))
 (defn delete-fn
-  [manager]
+  [{:keys [::manager]}]
+  (us/assert! ::manager manager)
  (letfn [(delete [{:keys [profile-id] :as request}]
            (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
                  cookie  (yrq/get-cookie request cname)]
@@ -177,67 +188,92 @@
            (clear-auth-token-cookie)
            (clear-authenticated-cookie))))))

-(def middleware-1
-  (letfn [(wrap-handler [manager handler request respond raise]
-            (try
-              (let [claims  (some->> (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-                                     (yrq/get-cookie request)
-                                     (decode manager))
-                    request (cond-> request
-                              (some? claims)
-                              (assoc :session-token-claims claims))]
-                (handler request respond raise))
-              (catch Throwable _
-                (handler request respond raise))))]
+(defn- gen-token
+  [props {:keys [profile-id created-at]}]
+  (tokens/generate props {:iss "authentication"
+                          :iat created-at
+                          :uid profile-id}))
+(defn- decode-token
+  [props token]
+  (when token
+    (tokens/verify props {:token token :iss "authentication"})))

-    {:name :session-1
-     :compile (fn [& _]
-                (fn [handler manager]
-                  (partial wrap-handler manager handler)))}))
+(defn- get-token
+  [request]
+  (let [cname  (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
+        cookie (some-> (yrq/get-cookie request cname) :value)]
+    (when-not (str/empty? cookie)
+      cookie)))

-(def middleware-2
-  (letfn [(wrap-handler [manager handler request respond raise]
-            (-> (retrieve-session manager request)
-                (p/finally (fn [session cause]
-                             (cond
-                               (some? cause)
-                               (raise cause)
+(defn- get-session
+  [manager token]
+  (some->> token (read manager)))

-                               (nil? session)
-                               (handler request respond raise)
+(defn- renew-session?
+  [{:keys [updated-at] :as session}]
+  (and (dt/instant? updated-at)
+       (let [elapsed (dt/diff updated-at (dt/now))]
+         (neg? (compare default-renewal-max-age elapsed)))))

-                               :else
-                               (let [request (-> request
-                                                 (assoc :profile-id (:profile-id session))
-                                                 (assoc :session-id (:id session)))
-                                     respond (cond-> respond
-                                               (renew-session? session)
-                                               (wrap-respond manager session))]
-                                 (handler request respond raise)))))))
+(defn- wrap-reneval
+  [respond manager session]
+  (fn [response]
+    (p/let [session (update! manager session)]
+      (-> response
+          (assign-auth-token-cookie session)
+          (assign-authenticated-cookie session)
+          (respond)))))

-          (retrieve-session [manager request]
-            (let [cname  (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-                  cookie (yrq/get-cookie request cname)]
-              (some->> (:value cookie) (read manager))))
+(defn- wrap-soft-auth
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)

-          (renew-session? [{:keys [updated-at] :as session}]
-            (and (dt/instant? updated-at)
-                 (let [elapsed (dt/diff updated-at (dt/now))]
-                   (neg? (compare default-renewal-max-age elapsed)))))
+  (let [{:keys [::wrk/executor ::main/props]} (meta manager)]
+    (fn [request respond raise]
+      (let [token (get-token request)]
+        (->> (px/submit! executor (partial decode-token props token))
+             (p/fnly (fn [claims cause]
+                       (when cause
+                         (l/trace :hint "exception on decoding malformed token" :cause cause))

-          ;; Wrap respond with session renewal code
-          (wrap-respond [respond manager session]
-            (fn [response]
-              (p/let [session (update! manager session)]
-                (-> response
-                    (assign-auth-token-cookie session)
-                    (assign-authenticated-cookie session)
-                    (respond)))))]
+                       (let [request (cond-> request
+                                       (map? claims)
+                                       (-> (assoc ::token-claims claims)
+                                           (assoc ::token token)))]
+                         (handler request respond raise)))))))))

-    {:name :session-2
-     :compile (fn [& _]
-                (fn [handler manager]
-                  (partial wrap-handler manager handler)))}))
+(defn- wrap-authz
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)
+  (fn [request respond raise]
+    (if-let [token (::token request)]
+      (->> (get-session manager token)
+           (p/fnly (fn [session cause]
+                     (cond
+                       (some? cause)
+                       (raise cause)
+
+                       (nil? session)
+                       (handler request respond raise)
+
+                       :else
+                       (let [request (-> request
+                                         (assoc ::profile-id (:profile-id session))
+                                         (assoc ::id (:id session)))
+                             respond (cond-> respond
+                                       (renew-session? session)
+                                       (wrap-reneval manager session))]
+                         (handler request respond raise))))))
+
+      (handler request respond raise))))
+
+(def soft-auth
+  {:name ::soft-auth
+   :compile (constantly wrap-soft-auth)})
+
+(def authz
+  {:name ::authz
+   :compile (constantly wrap-authz)})

 ;; --- IMPL

@@ -299,21 +335,26 @@
 ;; TASK: SESSION GC
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(declare sql:delete-expired)
+(s/def ::tasks/max-age ::dt/duration)

-(s/def ::max-age ::dt/duration)
+(defmethod ig/pre-init-spec ::tasks/gc [_]
+  (s/keys :req [::db/pool]
+          :opt [::tasks/max-age]))

-(defmethod ig/pre-init-spec ::gc-task [_]
-  (s/keys :req-un [::db/pool]
-          :opt-un [::max-age]))
-
-(defmethod ig/prep-key ::gc-task
+(defmethod ig/prep-key ::tasks/gc
  [_ cfg]
-  (merge {:max-age default-cookie-max-age}
-         (d/without-nils cfg)))
+  (let [max-age (cf/get :auth-token-cookie-max-age default-cookie-max-age)]
+    (merge {::tasks/max-age max-age} (d/without-nils cfg))))

-(defmethod ig/init-key ::gc-task
-  [_ {:keys [pool max-age] :as cfg}]
+(def ^:private
+  sql:delete-expired
+  "delete from http_session
+    where updated_at < now() - ?::interval
+       or (updated_at is null and
+           created_at < now() - ?::interval)")
+
+(defmethod ig/init-key ::tasks/gc
+  [_ {:keys [::db/pool ::tasks/max-age] :as cfg}]
  (l/debug :hint "initializing session gc task" :max-age max-age)
  (fn [_]
    (db/with-atomic [conn pool]
@@ -325,9 +366,3 @@
                 :deleted result)
        result))))

-(def ^:private
-  sql:delete-expired
-  "delete from http_session
-    where updated_at < now() - ?::interval
-       or (updated_at is null and
-           created_at < now() - ?::interval)")
--- a/backend/src/app/http/websocket.clj
+++ b/backend/src/app/http/websocket.clj
@@ -12,6 +12,7 @@
   [app.common.pprint :as pp]
   [app.common.spec :as us]
   [app.db :as db]
+   [app.http.session :as session]
   [app.metrics :as mtx]
   [app.msgbus :as mbus]
   [app.util.time :as dt]
@@ -34,7 +35,7 @@
 (def state (atom {}))

 (defn- on-connect
-  [{:keys [metrics]} wsp]
+  [{:keys [::mtx/metrics]} wsp]
  (let [created-at (dt/now)]
    (swap! state assoc (::ws/id @wsp) wsp)
    (mtx/run! metrics
@@ -48,7 +49,7 @@
                :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0)))))

 (defn- on-rcv-message
-  [{:keys [metrics]} _ message]
+  [{:keys [::mtx/metrics]} _ message]
  (mtx/run! metrics
            :id :websocket-messages-total
            :labels recv-labels
@@ -56,7 +57,7 @@
  message)

 (defn- on-snd-message
-  [{:keys [metrics]} _ message]
+  [{:keys [::mtx/metrics]} _ message]
  (mtx/run! metrics
            :id :websocket-messages-total
            :labels send-labels
@@ -95,7 +96,6 @@
     :user-agent       (::ws/user-agent @wsp)
     :ip-addr          (::ws/remote-addr @wsp)
     :last-activity-at (::ws/last-activity-at @wsp)
-     :http-session-id  (::ws/http-session-id @wsp)
     :subscribed-file  (-> wsp deref ::file-subscription :file-id)
     :subscribed-team  (-> wsp deref ::team-subscription :team-id)}))

@@ -120,7 +120,7 @@
 (defmethod handle-message :connect
  [cfg wsp _]

-  (let [msgbus     (:msgbus cfg)
+  (let [msgbus     (::mbus/msgbus cfg)
        conn-id    (::ws/id @wsp)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
@@ -139,7 +139,7 @@

 (defmethod handle-message :disconnect
  [cfg wsp _]
-  (let [msgbus     (:msgbus cfg)
+  (let [msgbus     (::mbus/msgbus cfg)
        conn-id    (::ws/id @wsp)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
@@ -173,7 +173,7 @@

 (defmethod handle-message :subscribe-team
  [cfg wsp {:keys [team-id] :as params}]
-  (let [msgbus     (:msgbus cfg)
+  (let [msgbus     (::mbus/msgbus cfg)
        conn-id    (::ws/id @wsp)
        session-id (::session-id @wsp)
        output-ch  (::ws/output-ch @wsp)
@@ -205,7 +205,7 @@

 (defmethod handle-message :subscribe-file
  [cfg wsp {:keys [file-id] :as params}]
-  (let [msgbus     (:msgbus cfg)
+  (let [msgbus     (::mbus/msgbus cfg)
        conn-id    (::ws/id @wsp)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
@@ -258,7 +258,7 @@

 (defmethod handle-message :unsubscribe-file
  [cfg wsp {:keys [file-id] :as params}]
-  (let [msgbus     (:msgbus cfg)
+  (let [msgbus     (::mbus/msgbus cfg)
        conn-id    (::ws/id @wsp)
        session-id (::session-id @wsp)
        profile-id (::profile-id @wsp)
@@ -288,7 +288,7 @@

 (defmethod handle-message :pointer-update
  [cfg wsp {:keys [file-id] :as message}]
-  (let [msgbus     (:msgbus cfg)
+  (let [msgbus     (::mbus/msgbus cfg)
        profile-id (::profile-id @wsp)
        session-id (::session-id @wsp)
        subs       (::file-subscription @wsp)
@@ -313,39 +313,47 @@
 ;; HTTP HANDLER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(s/def ::msgbus ::mbus/msgbus)
 (s/def ::session-id ::us/uuid)
-
 (s/def ::handler-params
  (s/keys :req-un [::session-id]))

-(defmethod ig/pre-init-spec ::handler [_]
-  (s/keys :req-un [::msgbus ::db/pool ::mtx/metrics]))
+(defn- http-handler
+  [cfg {:keys [params ::session/profile-id] :as request} respond raise]
+  (let [{:keys [session-id]} (us/conform ::handler-params params)]
+    (cond
+      (not profile-id)
+      (raise (ex/error :type :authentication
+                       :hint "Authentication required."))

-(defmethod ig/init-key ::handler
+      (not (yws/upgrade-request? request))
+      (raise (ex/error :type :validation
+                       :code :websocket-request-expected
+                       :hint "this endpoint only accepts websocket connections"))
+
+      :else
+      (do
+        (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
+
+        (->> (ws/handler
+              ::ws/on-rcv-message (partial on-rcv-message cfg)
+              ::ws/on-snd-message (partial on-snd-message cfg)
+              ::ws/on-connect (partial on-connect cfg)
+              ::ws/handler (partial handle-message cfg)
+              ::profile-id profile-id
+              ::session-id session-id)
+             (yws/upgrade request)
+             (respond))))))
+
+(defmethod ig/pre-init-spec ::routes [_]
+  (s/keys :req [::mbus/msgbus
+                ::mtx/metrics
+                ::db/pool
+                ::session/manager]))
+
+(s/def ::routes vector?)
+
+(defmethod ig/init-key ::routes
  [_ cfg]
-  (fn [{:keys [profile-id params] :as req} respond raise]
-    (let [{:keys [session-id]} (us/conform ::handler-params params)]
-      (cond
-        (not profile-id)
-        (raise (ex/error :type :authentication
-                         :hint "Authentication required."))
-
-        (not (yws/upgrade-request? req))
-        (raise (ex/error :type :validation
-                         :code :websocket-request-expected
-                         :hint "this endpoint only accepts websocket connections"))
-
-        :else
-        (do
-          (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
-
-          (->> (ws/handler
-                ::ws/on-rcv-message (partial on-rcv-message cfg)
-                ::ws/on-snd-message (partial on-snd-message cfg)
-                ::ws/on-connect (partial on-connect cfg)
-                ::ws/handler (partial handle-message cfg)
-                ::profile-id profile-id
-                ::session-id session-id)
-               (yws/upgrade req)
-               (respond)))))))
+  ["/ws/notifications" {:middleware [[session/authz cfg]]
+                        :handler (partial http-handler cfg)
+                        :allowed-methods #{:get}}])
--- a/backend/src/app/loggers/audit.clj
+++ b/backend/src/app/loggers/audit.clj
@@ -8,6 +8,7 @@
  "Services related to the user activity (audit log)."
  (:require
   [app.common.data :as d]
+   [app.common.data.macros :as dm]
   [app.common.exceptions :as ex]
   [app.common.logging :as l]
   [app.common.spec :as us]
@@ -20,7 +21,9 @@
   [app.loggers.webhooks :as-alias webhooks]
   [app.main :as-alias main]
   [app.metrics :as mtx]
+   [app.rpc :as-alias rpc]
   [app.tokens :as tokens]
+   [app.util.retry :as rtry]
   [app.util.time :as dt]
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
@@ -147,35 +150,48 @@
                :name (:name event)
                :type (:type event)
                :profile-id (:profile-id event)
-                :tracked-at (dt/now)
                :ip-addr (:ip-addr event)
                :props (:props event)}]

    (when (contains? cf/flags :audit-log)
-      (db/insert! pool :audit-log
-                  (-> params
-                      (update :props db/tjson)
-                      (update :ip-addr db/inet)
-                      (assoc :source "backend"))))
+      ;; NOTE: this operation may cause primary key conflicts on inserts
+      ;; because of the timestamp precission (two concurrent requests), in
+      ;; this case we just retry the operation.
+      (rtry/with-retry {::rtry/when rtry/conflict-exception?
+                        ::rtry/max-retries 6
+                        ::rtry/label "persist-audit-log"}
+        (let [now (dt/now)]
+          (db/insert! pool :audit-log
+                      (-> params
+                          (update :props db/tjson)
+                          (update :ip-addr db/inet)
+                          (assoc :created-at now)
+                          (assoc :tracked-at now)
+                          (assoc :source "backend"))))))

    (when (and (contains? cf/flags :webhooks)
               (::webhooks/event? event))
      (let [batch-key     (::webhooks/batch-key event)
-            batch-timeout (::webhooks/batch-timeout event)]
+            batch-timeout (::webhooks/batch-timeout event)
+            label         (dm/str "rpc:" (:name params))
+            label         (cond
+                            (ifn? batch-key)    (dm/str label ":" (batch-key (::rpc/params event)))
+                            (string? batch-key) (dm/str label ":" batch-key)
+                            :else               label)
+            dedupe?       (boolean (and batch-key batch-timeout))]
+
        (wrk/submit! ::wrk/conn pool
                     ::wrk/task :process-webhook-event
                     ::wrk/queue :webhooks
                     ::wrk/max-retries 0
                     ::wrk/delay (or batch-timeout 0)
-                     ::wrk/label (cond
-                                   (fn? batch-key)        (batch-key (:props event))
-                                   (keyword? batch-key)   (name batch-key)
-                                   (string? batch-key)    batch-key
-                                   :else                  "default")
-                     ::wrk/dedupe true
-                     ::webhooks/event (-> params
-                                          (dissoc :ip-addr)
-                                          (dissoc :type)))))))
+                     ::wrk/dedupe dedupe?
+                     ::wrk/label label
+
+                     ::webhooks/event
+                     (-> params
+                         (dissoc :ip-addr)
+                         (dissoc :type)))))))

 (defn submit!
  "Submit audit event to the collector."
--- a/backend/src/app/loggers/database.clj
+++ b/backend/src/app/loggers/database.clj
@@ -11,12 +11,12 @@
   [app.common.uuid :as uuid]
   [app.config :as cf]
   [app.db :as db]
-   [app.util.async :as aa]
-   [app.worker :as wrk]
+   [app.loggers.zmq :as lzmq]
   [clojure.core.async :as a]
   [clojure.spec.alpha :as s]
   [cuerdas.core :as str]
-   [integrant.core :as ig]))
+   [integrant.core :as ig]
+   [promesa.exec :as px]))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Error Listener
@@ -27,7 +27,7 @@
 (defonce enabled (atom true))

 (defn- persist-on-database!
-  [{:keys [pool] :as cfg} {:keys [id] :as event}]
+  [{:keys [::db/pool] :as cfg} {:keys [id] :as event}]
  (when-not (db/read-only? pool)
    (db/insert! pool :server-error-report {:id id :content (db/tjson event)})))

@@ -53,41 +53,49 @@
      (assoc :version (:full cf/version))
      (update :id #(or % (uuid/next)))))

-(defn handle-event
-  [{:keys [executor] :as cfg} event]
-  (aa/with-thread executor
-    (try
-      (let [event (parse-event event)
-            uri   (cf/get :public-uri)]
+(defn- handle-event
+  [cfg event]
+  (try
+    (let [event (parse-event event)
+          uri   (cf/get :public-uri)]

-        (l/debug :hint "registering error on database" :id (:id event)
-                 :uri (str uri "/dbg/error/" (:id event)))
+      (l/debug :hint "registering error on database" :id (:id event)
+               :uri (str uri "/dbg/error/" (:id event)))

-        (persist-on-database! cfg event))
-      (catch Exception cause
-        (l/warn :hint "unexpected exception on database error logger" :cause cause)))))
+      (persist-on-database! cfg event))
+    (catch Throwable cause
+      (l/warn :hint "unexpected exception on database error logger" :cause cause))))

-(defmethod ig/pre-init-spec ::reporter [_]
-  (s/keys :req-un [::wrk/executor ::db/pool ::receiver]))
-
-(defn error-event?
+(defn- error-event?
  [event]
  (= "error" (:logger/level event)))

+(defmethod ig/pre-init-spec ::reporter [_]
+  (s/keys :req [::db/pool ::lzmq/receiver]))
+
 (defmethod ig/init-key ::reporter
-  [_ {:keys [receiver] :as cfg}]
-  (l/info :msg "initializing database error persistence")
-  (let [output (a/chan (a/sliding-buffer 5) (filter error-event?))]
-    (receiver :sub output)
-    (a/go-loop []
-      (let [msg (a/<! output)]
-        (if (nil? msg)
-          (l/info :msg "stopping error reporting loop")
-          (do
-            (a/<! (handle-event cfg msg))
-            (recur)))))
-    output))
+  [_ {:keys [::lzmq/receiver] :as cfg}]
+  (px/thread
+    {:name "penpot/database-reporter"}
+    (l/info :hint "initializing database error persistence")
+
+    (let [input (a/chan (a/sliding-buffer 5)
+                        (filter error-event?))]
+      (try
+        (lzmq/sub! receiver input)
+        (loop []
+          (when-let [msg (a/<!! input)]
+            (handle-event cfg msg))
+          (recur))
+
+        (catch InterruptedException _
+          (l/debug :hint "reporter interrupted"))
+        (catch Throwable cause
+          (l/error :hint "unexpected error" :cause cause))
+        (finally
+          (a/close! input)
+          (l/info :hint "reporter terminated"))))))

 (defmethod ig/halt-key! ::reporter
-  [_ output]
-  (a/close! output))
+  [_ thread]
+  (some-> thread px/interrupt!))
--- a/backend/src/app/loggers/mattermost.clj
+++ b/backend/src/app/loggers/mattermost.clj
@@ -38,13 +38,13 @@

 (defn handle-event
  [cfg event]
-  (try
-    (let [event (ldb/parse-event event)]
-      (when @enabled
-        (send-mattermost-notification! cfg event)))
-    (catch Throwable cause
-      (l/warn :hint "unhandled error"
-              :cause cause))))
+  (when @enabled
+    (try
+      (let [event (ldb/parse-event event)]
+        (send-mattermost-notification! cfg event))
+      (catch Throwable cause
+        (l/warn :hint "unhandled error"
+                :cause cause)))))

 (defmethod ig/pre-init-spec ::reporter [_]
  (s/keys :req [::http/client
--- a/backend/src/app/loggers/webhooks.clj
+++ b/backend/src/app/loggers/webhooks.clj
@@ -8,6 +8,7 @@
  "A mattermost integration for error reporting."
  (:require
   [app.common.data :as d]
+   [app.common.data.macros :as dm]
   [app.common.logging :as l]
   [app.common.transit :as t]
   [app.common.uri :as uri]
@@ -21,15 +22,24 @@
   [cuerdas.core :as str]
   [integrant.core :as ig]))

+;; --- HELPERS
+
+(defn key-fn
+  [k & keys]
+  (fn [params]
+    (reduce #(dm/str %1 ":" (get params %2))
+            (dm/str (get params k))
+            keys)))
+
 ;; --- PROC

 (defn- lookup-webhooks-by-team
  [pool team-id]
-  (db/exec! pool ["select * from webhook where team_id=? and is_active=true" team-id]))
+  (db/exec! pool ["select w.* from webhook as w where team_id=? and is_active=true" team-id]))

 (defn- lookup-webhooks-by-project
  [pool project-id]
-  (let [sql [(str "select * from webhook as w"
+  (let [sql [(str "select w.* from webhook as w"
                  "  join project as p on (p.team_id = w.team_id)"
                  " where p.id = ? and w.is_active = true")
             project-id]]
@@ -37,7 +47,7 @@

 (defn- lookup-webhooks-by-file
  [pool file-id]
-  (let [sql [(str "select * from webhook as w"
+  (let [sql [(str "select w.* from webhook as w"
                  "  join project as p on (p.team_id = w.team_id)"
                  "  join file as f on (f.project_id = p.id)"
                  " where f.id = ? and w.is_active = true")
@@ -62,7 +72,6 @@
               :name (:name event))

      (when-let [items (lookup-webhooks cfg event)]
-        ;; (app.common.pprint/pprint items)
        (l/trace :hint "webhooks found for event" :total (count items))

        (db/with-atomic [conn pool]
@@ -102,7 +111,7 @@
                              " where id=?")
                         err
                         (:id whook)]
-                    res (db/exec-one! pool sql {:return-keys true})]
+                    res (db/exec-one! pool sql {::db/return-keys? true})]
                (when (>= (:error-count res) max-errors)
                  (db/update! pool :webhook {:is-active false} {:id (:id whook)})))

@@ -169,6 +178,9 @@
    (instance? java.net.ConnectException cause)
    "connection-error"

+    (instance? java.lang.IllegalArgumentException cause)
+    "invalid-uri"
+
    (instance? java.net.http.HttpConnectTimeoutException cause)
    "timeout"
    ))
--- a/backend/src/app/main.clj
+++ b/backend/src/app/main.clj
@@ -6,20 +6,31 @@

 (ns app.main
  (:require
+   [app.auth.ldap :as-alias ldap]
   [app.auth.oidc :as-alias oidc]
   [app.auth.oidc.providers :as-alias oidc.providers]
   [app.common.logging :as l]
   [app.config :as cf]
   [app.db :as-alias db]
+   [app.http.access-token :as-alias actoken]
+   [app.http.assets :as-alias http.assets]
+   [app.http.awsns :as http.awsns]
   [app.http.client :as-alias http.client]
-   [app.http.session :as-alias http.session]
+   [app.http.debug :as-alias http.debug]
+   [app.http.session :as-alias session]
+   [app.http.session.tasks :as-alias session.tasks]
+   [app.http.websocket :as http.ws]
   [app.loggers.audit :as-alias audit]
   [app.loggers.audit.tasks :as-alias audit.tasks]
   [app.loggers.webhooks :as-alias webhooks]
   [app.loggers.zmq :as-alias lzmq]
   [app.metrics :as-alias mtx]
   [app.metrics.definition :as-alias mdef]
+   [app.msgbus :as-alias mbus]
   [app.redis :as-alias rds]
+   [app.rpc :as-alias rpc]
+   [app.rpc.doc :as-alias rpc.doc]
+   [app.srepl :as-alias srepl]
   [app.storage :as-alias sto]
   [app.util.time :as dt]
   [app.worker :as-alias wrk]
@@ -179,6 +190,9 @@
   ::mtx/metrics
   {:default default-metrics}

+   ::mtx/routes
+   {::mtx/metrics (ig/ref ::mtx/metrics)}
+
   :app.migrations/all
   {:main (ig/ref :app.migrations/migrations)}

@@ -186,7 +200,7 @@
   {::rds/uri     (cf/get :redis-uri)
    ::mtx/metrics (ig/ref ::mtx/metrics)}

-   :app.msgbus/msgbus
+   ::mbus/msgbus
   {:backend   (cf/get :msgbus-backend :redis)
    :executor  (ig/ref ::wrk/executor)
    :redis     (ig/ref ::rds/redis)}
@@ -206,16 +220,20 @@
   ::http.client/client
   {::wrk/executor (ig/ref ::wrk/executor)}

-   :app.http.session/manager
-   {:pool     (ig/ref ::db/pool)
-    :sprops   (ig/ref :app.setup/props)
-    :executor (ig/ref ::wrk/executor)}
+   ::session/manager
+   {::db/pool      (ig/ref ::db/pool)
+    ::wrk/executor (ig/ref ::wrk/executor)
+    ::props        (ig/ref :app.setup/props)}

-   :app.http.session/gc-task
-   {:pool        (ig/ref ::db/pool)
-    :max-age     (cf/get :auth-token-cookie-max-age)}
+   ::actoken/manager
+   {::db/pool      (ig/ref ::db/pool)
+    ::wrk/executor (ig/ref ::wrk/executor)
+    ::props        (ig/ref :app.setup/props)}

-   :app.http.awsns/handler
+   ::session.tasks/gc
+   {::db/pool (ig/ref ::db/pool)}
+
+   ::http.awsns/routes
   {::props              (ig/ref :app.setup/props)
    ::db/pool            (ig/ref ::db/pool)
    ::http.client/client (ig/ref ::http.client/client)
@@ -231,7 +249,7 @@
    :max-body-size           (cf/get :http-server-max-body-size)
    :max-multipart-body-size (cf/get :http-server-max-multipart-body-size)}

-   :app.auth.ldap/provider
+   ::ldap/provider
   {:host           (cf/get :ldap-host)
    :port           (cf/get :ldap-port)
    :ssl            (cf/get :ldap-ssl)
@@ -258,46 +276,44 @@
   {::http.client/client (ig/ref ::http.client/client)}

   ::oidc/routes
-   {::http.client/client   (ig/ref ::http.client/client)
-    ::db/pool              (ig/ref ::db/pool)
-    ::props                (ig/ref :app.setup/props)
-    ::wrk/executor         (ig/ref ::wrk/executor)
-    ::oidc/providers       {:google (ig/ref ::oidc.providers/google)
-                            :github (ig/ref ::oidc.providers/github)
-                            :gitlab (ig/ref ::oidc.providers/gitlab)
-                            :oidc   (ig/ref ::oidc.providers/generic)}
-    ::audit/collector      (ig/ref ::audit/collector)
-    ::http.session/session (ig/ref :app.http.session/manager)}
+   {::http.client/client (ig/ref ::http.client/client)
+    ::db/pool            (ig/ref ::db/pool)
+    ::props              (ig/ref :app.setup/props)
+    ::wrk/executor       (ig/ref ::wrk/executor)
+    ::oidc/providers     {:google (ig/ref ::oidc.providers/google)
+                          :github (ig/ref ::oidc.providers/github)
+                          :gitlab (ig/ref ::oidc.providers/gitlab)
+                          :oidc   (ig/ref ::oidc.providers/generic)}
+    ::audit/collector    (ig/ref ::audit/collector)
+    ::session/manager    (ig/ref ::session/manager)}

-
-   ;; TODO: revisit the dependencies of this service, looks they are too much unused of them
   :app.http/router
-   {:assets        (ig/ref :app.http.assets/handlers)
-    :feedback      (ig/ref :app.http.feedback/handler)
-    :session       (ig/ref :app.http.session/manager)
-    :awsns-handler (ig/ref :app.http.awsns/handler)
-    :debug-routes  (ig/ref :app.http.debug/routes)
-    :oidc-routes   (ig/ref ::oidc/routes)
-    :ws            (ig/ref :app.http.websocket/handler)
-    :metrics       (ig/ref ::mtx/metrics)
-    :public-uri    (cf/get :public-uri)
-    :storage       (ig/ref ::sto/storage)
-    :rpc-routes    (ig/ref :app.rpc/routes)
-    :doc-routes    (ig/ref :app.rpc.doc/routes)
-    :executor      (ig/ref ::wrk/executor)}
+   {::session/manager    (ig/ref ::session/manager)
+    ::actoken/manager    (ig/ref ::actoken/manager)
+    ::wrk/executor       (ig/ref ::wrk/executor)
+    ::db/pool            (ig/ref ::db/pool)
+    ::rpc/routes         (ig/ref ::rpc/routes)
+    ::rpc.doc/routes     (ig/ref ::rpc.doc/routes)
+    ::props              (ig/ref :app.setup/props)
+    ::mtx/routes         (ig/ref ::mtx/routes)
+    ::oidc/routes        (ig/ref ::oidc/routes)
+    ::http.debug/routes  (ig/ref ::http.debug/routes)
+    ::http.assets/routes (ig/ref ::http.assets/routes)
+    ::http.ws/routes     (ig/ref ::http.ws/routes)
+    ::http.awsns/routes  (ig/ref ::http.awsns/routes)}

   :app.http.debug/routes
-   {:pool     (ig/ref ::db/pool)
-    :executor (ig/ref ::wrk/executor)
-    :storage  (ig/ref ::sto/storage)
-    :session  (ig/ref :app.http.session/manager)}
+   {::db/pool         (ig/ref ::db/pool)
+    ::wrk/executor    (ig/ref ::wrk/executor)
+    ::session/manager (ig/ref ::session/manager)}

-   :app.http.websocket/handler
-   {:pool     (ig/ref ::db/pool)
-    :metrics  (ig/ref ::mtx/metrics)
-    :msgbus   (ig/ref :app.msgbus/msgbus)}
+   :app.http.websocket/routes
+   {::db/pool         (ig/ref ::db/pool)
+    ::mtx/metrics     (ig/ref ::mtx/metrics)
+    ::mbus/msgbus     (ig/ref :app.msgbus/msgbus)
+    ::session/manager (ig/ref ::session/manager)}

-   :app.http.assets/handlers
+   :app.http.assets/routes
   {:metrics           (ig/ref ::mtx/metrics)
    :assets-path       (cf/get :assets-path)
    :storage           (ig/ref ::sto/storage)
@@ -305,37 +321,32 @@
    :cache-max-age     (dt/duration {:hours 24})
    :signature-max-age (dt/duration {:hours 24 :minutes 5})}

-   :app.http.feedback/handler
-   {:pool     (ig/ref ::db/pool)
-    :executor (ig/ref ::wrk/executor)}
-
   :app.rpc/climit
-   {:metrics  (ig/ref ::mtx/metrics)
-    :executor (ig/ref ::wrk/executor)}
+   {::mtx/metrics  (ig/ref ::mtx/metrics)
+    ::wrk/executor (ig/ref ::wrk/executor)}

   :app.rpc/rlimit
-   {:executor  (ig/ref ::wrk/executor)
-    :scheduled-executor (ig/ref ::wrk/scheduled-executor)}
+   {::wrk/executor           (ig/ref ::wrk/executor)
+    ::wrk/scheduled-executor (ig/ref ::wrk/scheduled-executor)}

   :app.rpc/methods
   {::audit/collector    (ig/ref ::audit/collector)
    ::http.client/client (ig/ref ::http.client/client)
    ::db/pool            (ig/ref ::db/pool)
    ::wrk/executor       (ig/ref ::wrk/executor)
+    ::session/manager    (ig/ref ::session/manager)
+    ::ldap/provider      (ig/ref ::ldap/provider)
+    ::sto/storage        (ig/ref ::sto/storage)
+    ::mtx/metrics        (ig/ref ::mtx/metrics)
+    ::mbus/msgbus        (ig/ref ::mbus/msgbus)
+    ::rds/redis          (ig/ref ::rds/redis)
+
+    ::rpc/climit         (ig/ref ::rpc/climit)
+    ::rpc/rlimit         (ig/ref ::rpc/rlimit)
+
+    ::props              (ig/ref :app.setup/props)

    :pool                (ig/ref ::db/pool)
-    :session             (ig/ref :app.http.session/manager)
-    :sprops              (ig/ref :app.setup/props)
-    :metrics             (ig/ref ::mtx/metrics)
-    :storage             (ig/ref ::sto/storage)
-    :msgbus              (ig/ref :app.msgbus/msgbus)
-    :public-uri          (cf/get :public-uri)
-    :redis               (ig/ref ::rds/redis)
-    :ldap                (ig/ref :app.auth.ldap/provider)
-    :http-client         (ig/ref ::http.client/client)
-    :climit              (ig/ref :app.rpc/climit)
-    :rlimit              (ig/ref :app.rpc/rlimit)
-    :executor            (ig/ref ::wrk/executor)
    :templates           (ig/ref :app.setup/builtin-templates)
    }

@@ -343,7 +354,12 @@
   {:methods (ig/ref :app.rpc/methods)}

   :app.rpc/routes
-   {:methods (ig/ref :app.rpc/methods)}
+   {::rpc/methods     (ig/ref :app.rpc/methods)
+    ::db/pool         (ig/ref ::db/pool)
+    ::wrk/executor    (ig/ref ::wrk/executor)
+    ::session/manager (ig/ref ::session/manager)
+    ::actoken/manager (ig/ref ::actoken/manager)
+    ::props           (ig/ref :app.setup/props)}

   ::wrk/registry
   {:metrics (ig/ref ::mtx/metrics)
@@ -356,7 +372,7 @@
     :storage-gc-touched (ig/ref ::sto/gc-touched-task)
     :tasks-gc           (ig/ref :app.tasks.tasks-gc/handler)
     :telemetry          (ig/ref :app.tasks.telemetry/handler)
-     :session-gc         (ig/ref :app.http.session/gc-task)
+     :session-gc         (ig/ref ::session.tasks/gc)
     :audit-log-archive  (ig/ref ::audit.tasks/archive)
     :audit-log-gc       (ig/ref ::audit.tasks/gc)

@@ -385,8 +401,8 @@
    :max-age cf/deletion-delay}

   :app.tasks.objects-gc/handler
-   {:pool    (ig/ref ::db/pool)
-    :storage (ig/ref ::sto/storage)}
+   {::db/pool     (ig/ref ::db/pool)
+    ::sto/storage (ig/ref ::sto/storage)}

   :app.tasks.file-gc/handler
   {:pool (ig/ref ::db/pool)}
@@ -399,9 +415,13 @@
    ::http.client/client (ig/ref ::http.client/client)
    ::props              (ig/ref :app.setup/props)}

-   :app.srepl/server
-   {:port (cf/get :srepl-port)
-    :host (cf/get :srepl-host)}
+   [::srepl/urepl ::srepl/server]
+   {:port (cf/get :urepl-port 6062)
+    :host (cf/get :urepl-host "localhost")}
+
+   [::srepl/prepl ::srepl/server]
+   {:port (cf/get :prepl-port 6063)
+    :host (cf/get :prepl-host "localhost")}

   :app.setup/builtin-templates
   {::http.client/client (ig/ref ::http.client/client)}
@@ -443,9 +463,8 @@
    ::http.client/client (ig/ref ::http.client/client)}

   :app.loggers.database/reporter
-   {:receiver (ig/ref :app.loggers.zmq/receiver)
-    :pool     (ig/ref ::db/pool)
-    :executor (ig/ref ::wrk/executor)}
+   {::lzmq/receiver (ig/ref :app.loggers.zmq/receiver)
+    ::db/pool       (ig/ref ::db/pool)}

   ::sto/storage
   {:pool     (ig/ref ::db/pool)
--- a/backend/src/app/metrics.clj
+++ b/backend/src/app/metrics.clj
@@ -87,6 +87,7 @@
     ::definitions definitions
     ::registry registry}))

+
 (defn- handler
  [registry _ respond _]
  (let [samples  (.metricFamilySamples ^CollectorRegistry registry)
@@ -95,6 +96,18 @@
    (respond {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
              :body (.toString writer)})))

+
+
+(s/def ::routes vector?)
+(defmethod ig/pre-init-spec ::routes [_]
+  (s/keys :req [::metrics]))
+
+(defmethod ig/init-key ::routes
+  [_ {:keys [::metrics]}]
+  (let [registry (::registry metrics)]
+    ["/metrics" {:handler (partial handler registry)
+                 :allowed-methods #{:get}}]))
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Implementation
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -132,7 +145,7 @@

 (defmethod run-collector! :counter
  [{:keys [::mdef/instance]} {:keys [inc labels] :or {inc 1 labels default-empty-labels}}]
-  (let [instance (.labels instance (if (is-array? labels) labels (into-array String labels)))]
+  (let [instance (.labels ^Counter instance (if (is-array? labels) labels (into-array String labels)))]
    (.inc ^Counter$Child instance (double inc))))

 (defmethod run-collector! :gauge
--- a/backend/src/app/migrations.clj
+++ b/backend/src/app/migrations.clj
@@ -271,7 +271,44 @@

   {:name "0087-mod-task-table"
    :fn (mg/resource "app/migrations/sql/0087-mod-task-table.sql")}
-   ])
+
+   {:name "0088-mod-team-profile-rel-table"
+    :fn (mg/resource "app/migrations/sql/0088-mod-team-profile-rel-table.sql")}
+
+   {:name "0089-mod-project-profile-rel-table"
+    :fn (mg/resource "app/migrations/sql/0089-mod-project-profile-rel-table.sql")}
+
+   {:name "0090-mod-http-session-table"
+    :fn (mg/resource "app/migrations/sql/0090-mod-http-session-table.sql")}
+
+   {:name "0091-mod-team-project-profile-rel-table"
+    :fn (mg/resource "app/migrations/sql/0091-mod-team-project-profile-rel-table.sql")}
+
+   {:name "0092-mod-team-invitation-table"
+    :fn (mg/resource "app/migrations/sql/0092-mod-team-invitation-table.sql")}
+
+   {:name "0093-del-file-share-tokens-table"
+    :fn (mg/resource "app/migrations/sql/0093-del-file-share-tokens-table.sql")}
+
+   {:name "0094-del-profile-attr-table"
+    :fn (mg/resource "app/migrations/sql/0094-del-profile-attr-table.sql")}
+
+   {:name "0095-del-storage-data-table"
+    :fn (mg/resource "app/migrations/sql/0095-del-storage-data-table.sql")}
+
+   {:name "0096-del-storage-pending-table"
+    :fn (mg/resource "app/migrations/sql/0096-del-storage-pending-table.sql")}
+
+   {:name "0098-add-quotes-table"
+    :fn (mg/resource "app/migrations/sql/0098-add-quotes-table.sql")}
+
+   {:name "0099-add-access-token-table"
+    :fn (mg/resource "app/migrations/sql/0099-add-access-token-table.sql")}
+
+   {:name "0100-mod-profile-indexes"
+    :fn (mg/resource "app/migrations/sql/0100-mod-profile-indexes.sql")}
+
+  ])


 (defmethod ig/init-key ::migrations [_ _] migrations)
--- a/backend/src/app/migrations/sql/0088-mod-team-profile-rel-table.sql
+++ b/backend/src/app/migrations/sql/0088-mod-team-profile-rel-table.sql
@@ -0,0 +1,3 @@
+ALTER TABLE team_profile_rel DROP CONSTRAINT team_profile_rel_pkey;
+ALTER TABLE team_profile_rel ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE team_profile_rel ADD CONSTRAINT team_profile_rel_unique UNIQUE (team_id, profile_id);
--- a/backend/src/app/migrations/sql/0089-mod-project-profile-rel-table.sql
+++ b/backend/src/app/migrations/sql/0089-mod-project-profile-rel-table.sql
@@ -0,0 +1,3 @@
+ALTER TABLE project_profile_rel DROP CONSTRAINT project_profile_rel_pkey;
+ALTER TABLE project_profile_rel ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE project_profile_rel ADD CONSTRAINT project_profile_rel_unique UNIQUE (project_id, profile_id);
--- a/backend/src/app/migrations/sql/0090-mod-http-session-table.sql
+++ b/backend/src/app/migrations/sql/0090-mod-http-session-table.sql
@@ -0,0 +1,2 @@
+ALTER TABLE http_session DROP CONSTRAINT http_session_pkey;
+ALTER TABLE http_session ADD CONSTRAINT http_session_pkey PRIMARY KEY (id);
--- a/backend/src/app/migrations/sql/0091-mod-team-project-profile-rel-table.sql
+++ b/backend/src/app/migrations/sql/0091-mod-team-project-profile-rel-table.sql
@@ -0,0 +1,3 @@
+ALTER TABLE team_project_profile_rel DROP CONSTRAINT team_project_profile_rel_pkey;
+ALTER TABLE team_project_profile_rel ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE team_project_profile_rel ADD CONSTRAINT team_project_profile_rel_unique UNIQUE (team_id, project_id, profile_id);
--- a/backend/src/app/migrations/sql/0092-mod-team-invitation-table.sql
+++ b/backend/src/app/migrations/sql/0092-mod-team-invitation-table.sql
@@ -0,0 +1,3 @@
+ALTER TABLE team_invitation DROP CONSTRAINT team_invitation_pkey;
+ALTER TABLE team_invitation ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE team_invitation ADD CONSTRAINT team_invitation_unique UNIQUE (team_id, email_to);
--- a/backend/src/app/migrations/sql/0093-del-file-share-tokens-table.sql
+++ b/backend/src/app/migrations/sql/0093-del-file-share-tokens-table.sql
@@ -0,0 +1 @@
+DROP TABLE file_share_token;
--- a/backend/src/app/migrations/sql/0094-del-profile-attr-table.sql
+++ b/backend/src/app/migrations/sql/0094-del-profile-attr-table.sql
@@ -0,0 +1 @@
+DROP TABLE profile_attr;
--- a/backend/src/app/migrations/sql/0095-del-storage-data-table.sql
+++ b/backend/src/app/migrations/sql/0095-del-storage-data-table.sql
@@ -0,0 +1 @@
+DROP TABLE storage_data;
--- a/backend/src/app/migrations/sql/0096-del-storage-pending-table.sql
+++ b/backend/src/app/migrations/sql/0096-del-storage-pending-table.sql
@@ -0,0 +1 @@
+DROP TABLE storage_pending;
--- a/backend/src/app/migrations/sql/0098-add-quotes-table.sql
+++ b/backend/src/app/migrations/sql/0098-add-quotes-table.sql
@@ -0,0 +1,82 @@
+CREATE TABLE usage_quote (
+  id uuid NOT NULL DEFAULT uuid_generate_v4() PRIMARY KEY,
+  target text NOT NULL,
+  quote bigint NOT NULL,
+
+  profile_id uuid NULL REFERENCES profile(id) ON DELETE CASCADE DEFERRABLE,
+  project_id uuid NULL REFERENCES project(id) ON DELETE CASCADE DEFERRABLE,
+  team_id uuid NULL REFERENCES team(id) ON DELETE CASCADE DEFERRABLE,
+  file_id uuid NULL REFERENCES file(id) ON DELETE CASCADE DEFERRABLE
+);
+
+ALTER TABLE usage_quote
+  ALTER COLUMN target SET STORAGE external;
+
+CREATE INDEX usage_quote__profile_id__idx ON usage_quote(profile_id, target);
+CREATE INDEX usage_quote__project_id__idx ON usage_quote(project_id, target);
+CREATE INDEX usage_quote__team_id__idx ON usage_quote(team_id, target);
+
+-- DROP TABLE IF EXISTS usage_quote_test;
+-- CREATE TABLE usage_quote_test (
+--   id bigserial NOT NULL PRIMARY KEY,
+--   target text NOT NULL,
+--   quote bigint NOT NULL,
+
+--   profile_id bigint NULL,
+--   team_id bigint NULL,
+--   project_id bigint NULL,
+--   file_id bigint NULL
+-- );
+
+-- ALTER TABLE usage_quote_test
+--   ALTER COLUMN target SET STORAGE external;
+
+-- CREATE INDEX usage_quote_test__profile_id__idx ON usage_quote_test(profile_id, target);
+-- CREATE INDEX usage_quote_test__project_id__idx ON usage_quote_test(project_id, target);
+-- CREATE INDEX usage_quote_test__team_id__idx ON usage_quote_test(team_id, target);
+-- -- CREATE INDEX usage_quote_test__target__idx ON usage_quote_test(target);
+
+-- DELETE FROM usage_quote_test;
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 50*RANDOM(), 2000*RANDOM(), null, null
+--   FROM generate_series(1, 5000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 200*RANDOM(), 300*RANDOM(), 300*RANDOM(), null
+--   FROM generate_series(1, 1000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 100*RANDOM(), 300*RANDOM(), null, 300*RANDOM()
+--   FROM generate_series(1, 1000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 100*RANDOM(), 300*RANDOM(), 300*RANDOM(), 300*RANDOM()
+--   FROM generate_series(1, 1000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 30*RANDOM(), null, 2000*RANDOM(), null
+--   FROM generate_series(1, 5000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 10*RANDOM(), null, null, 2000*RANDOM()
+--   FROM generate_series(1, 5000);
+
+-- VACUUM ANALYZE usage_quote_test;
+
+-- select * from usage_quote_test
+--  where target = 'files-per-project'
+--    and profile_id = 1
+--    and team_id is null
+--    and project_id is null;
+
+-- select * from usage_quote_test
+--  where target = 'files-per-project'
+--    and ((team_id = 1 and (profile_id = 1 or profile_id is null)) or
+--         (profile_id = 1 and team_id is null and project_id is null));
+
+-- select * from usage_quote_test
+--  where target = 'files-per-project'
+--    and ((project_id = 1 and (profile_id = 1 or profile_id is null)) or
+--         (team_id = 1 and (profile_id = 1 or profile_id is null)) or
+--         (profile_id = 1 and team_id is null and project_id is null));
--- a/backend/src/app/migrations/sql/0099-add-access-token-table.sql
+++ b/backend/src/app/migrations/sql/0099-add-access-token-table.sql
@@ -0,0 +1,19 @@
+DROP TABLE IF EXISTS access_token;
+CREATE TABLE access_token (
+  id uuid NOT NULL DEFAULT uuid_generate_v4() PRIMARY KEY,
+  profile_id uuid NOT NULL REFERENCES profile(id) ON DELETE CASCADE DEFERRABLE,
+
+  created_at timestamptz NOT NULL DEFAULT now(),
+  updated_at timestamptz NOT NULL DEFAULT now(),
+
+  name text NOT NULL,
+  token text NOT NULL,
+  perms text[] NULL
+);
+
+ALTER TABLE access_token
+  ALTER COLUMN name SET STORAGE external,
+  ALTER COLUMN token SET STORAGE external,
+  ALTER COLUMN perms SET STORAGE external;
+
+CREATE INDEX access_token__profile_id__idx ON access_token(profile_id);
--- a/backend/src/app/migrations/sql/0100-mod-profile-indexes.sql
+++ b/backend/src/app/migrations/sql/0100-mod-profile-indexes.sql
@@ -0,0 +1,31 @@
+ALTER TABLE profile
+  ADD COLUMN default_project_id uuid NULL REFERENCES project(id) ON DELETE SET NULL DEFERRABLE,
+  ADD COLUMN default_team_id uuid NULL REFERENCES team(id) ON DELETE SET NULL DEFERRABLE;
+
+CREATE INDEX profile__default_project__idx ON profile(default_project_id);
+CREATE INDEX profile__default_team__idx ON profile(default_team_id);
+
+with profiles as (
+  select p.id,
+         tpr.team_id as default_team_id,
+         ppr.project_id as default_project_id
+    from profile as p
+    join team_profile_rel as tpr
+      on (tpr.profile_id = p.id and
+          tpr.is_owner is true)
+    join project_profile_rel as ppr
+      on (ppr.profile_id = p.id and
+          ppr.is_owner is true)
+    join project as pj
+      on (pj.id = ppr.project_id)
+    join team as tm
+      on (tm.id = tpr.team_id)
+   where pj.is_default is true
+     and tm.is_default is true
+     and pj.team_id = tm.id
+)
+update profile
+   set default_team_id = p.default_team_id,
+       default_project_id = p.default_project_id
+  from profiles as p
+ where profile.id = p.id;
--- a/backend/src/app/redis.clj
+++ b/backend/src/app/redis.clj
@@ -193,6 +193,7 @@

 (defn get-or-connect
  [{:keys [::cache] :as state} key options]
+  (us/assert! ::redis state)
  (-> state
      (assoc ::connection
             (or (get @cache key)
@@ -205,7 +206,6 @@

 (defn add-listener!
  [{:keys [::connection] :as conn} listener]
-  (us/assert! ::connection-holder conn)
  (us/assert! ::pubsub-connection connection)
  (us/assert! ::pubsub-listener listener)
  (.addListener ^StatefulRedisPubSubConnection @connection
@@ -213,10 +213,9 @@
  conn)

 (defn publish!
-  [{:keys [::connection] :as conn} topic message]
+  [{:keys [::connection]} topic message]
  (us/assert! ::us/string topic)
  (us/assert! ::us/bytes message)
-  (us/assert! ::connection-holder conn)
  (us/assert! ::default-connection connection)

  (let [pcomm (.async ^StatefulRedisConnection @connection)]
@@ -224,8 +223,7 @@

 (defn subscribe!
  "Blocking operation, intended to be used on a thread/agent thread."
-  [{:keys [::connection] :as conn} & topics]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} & topics]
  (us/assert! ::pubsub-connection connection)
  (try
    (let [topics (into-array String (map str topics))
@@ -236,8 +234,7 @@

 (defn unsubscribe!
  "Blocking operation, intended to be used on a thread/agent thread."
-  [{:keys [::connection] :as conn} & topics]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} & topics]
  (us/assert! ::pubsub-connection connection)
  (try
    (let [topics (into-array String (map str topics))
@@ -247,8 +244,8 @@
      (throw (InterruptedException. (ex-message cause))))))

 (defn rpush!
-  [{:keys [::connection] :as conn} key payload]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} key payload]
+  (us/assert! ::default-connection connection)
  (us/assert! (or (and (vector? payload)
                       (every? bytes? payload))
                  (bytes? payload)))
@@ -270,8 +267,8 @@
      (throw (InterruptedException. (ex-message cause))))))

 (defn blpop!
-  [{:keys [::connection] :as conn} timeout & keys]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} timeout & keys]
+  (us/assert! ::default-connection connection)
  (try
    (let [keys    (into-array Object (map str keys))
          cmd     (.sync ^StatefulRedisConnection @connection)
@@ -286,8 +283,7 @@
      (throw (InterruptedException. (ex-message cause))))))

 (defn open?
-  [{:keys [::connection] :as conn}]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]}]
  (us/assert! ::pubsub-connection connection)
  (.isOpen ^StatefulConnection @connection))

@@ -335,7 +331,7 @@
 (defn eval!
  [{:keys [::mtx/metrics ::connection] :as state} script]
  (us/assert! ::redis state)
-  (us/assert! ::connection-holder state)
+  (us/assert! ::default-connection connection)
  (us/assert! ::rscript/script script)

  (let [cmd   (.async ^StatefulRedisConnection @connection)
--- a/backend/src/app/rpc.clj
+++ b/backend/src/app/rpc.clj
@@ -6,17 +6,21 @@

 (ns app.rpc
  (:require
+   [app.auth.ldap :as-alias ldap]
   [app.common.data :as d]
   [app.common.exceptions :as ex]
   [app.common.logging :as l]
   [app.common.spec :as us]
   [app.common.uuid :as uuid]
+   [app.config :as cf]
   [app.db :as db]
   [app.http :as-alias http]
+   [app.http.access-token :as-alias actoken]
   [app.http.client :as-alias http.client]
-   [app.http.session :as-alias http.session]
+   [app.http.session :as-alias session]
   [app.loggers.audit :as audit]
   [app.loggers.webhooks :as-alias webhooks]
+   [app.main :as-alias main]
   [app.metrics :as mtx]
   [app.msgbus :as-alias mbus]
   [app.rpc.climit :as climit]
@@ -26,7 +30,7 @@
   [app.rpc.rlimit :as rlimit]
   [app.storage :as-alias sto]
   [app.util.services :as sv]
-   [app.util.time :as ts]
+   [app.util.time :as dt]
   [app.worker :as-alias wrk]
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]
@@ -35,6 +39,8 @@
   [yetti.request :as yrq]
   [yetti.response :as yrs]))

+(s/def ::profile-id ::us/uuid)
+
 (defn- default-handler
  [_]
  (p/rejected (ex/error :type :not-found)))
@@ -68,77 +74,125 @@
 (defn- rpc-query-handler
  "Ring handler that dispatches query requests and convert between
  internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
-  (let [type   (keyword (:type params))
-        data   (into {::http/request request} params)
-        data   (if profile-id
-                 (assoc data :profile-id profile-id ::session-id session-id)
-                 (dissoc data :profile-id))
-        method (get methods type default-handler)]
+  [methods {:keys [params path-params] :as request} respond raise]
+  (let [type       (keyword (:type path-params))
+        profile-id (or (::session/profile-id request)
+                       (::actoken/profile-id request))

-    (-> (method data)
-        (p/then (partial handle-response request))
-        (p/then respond)
-        (p/catch (fn [cause]
-                   (let [context {:profile-id profile-id}]
-                     (raise (ex/wrap-with-context cause context))))))))
+        data       (-> params
+                       (assoc ::request-at (dt/now))
+                       (assoc ::http/request request))
+        data       (if profile-id
+                     (-> data
+                         (assoc :profile-id profile-id)
+                         (assoc ::profile-id profile-id))
+                     (dissoc data :profile-id ::profile-id))
+        method     (get methods type default-handler)]
+
+    (->> (method data)
+         (p/mcat (partial handle-response request))
+         (p/fnly (fn [response cause]
+                   (if cause
+                     (raise (ex/wrap-with-context cause {:profile-id profile-id}))
+                     (respond response)))))))

 (defn- rpc-mutation-handler
  "Ring handler that dispatches mutation requests and convert between
  internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
-  (let [type   (keyword (:type params))
-        data   (into {::http/request request} params)
-        data   (if profile-id
-                 (assoc data :profile-id profile-id ::session-id session-id)
-                 (dissoc data :profile-id))
+  [methods {:keys [params path-params] :as request} respond raise]
+  (let [type       (keyword (:type path-params))
+        profile-id (or (::session/profile-id request)
+                       (::actoken/profile-id request))
+        data       (-> params
+                       (assoc ::request-at (dt/now))
+                       (assoc ::http/request request))
+        data       (if profile-id
+                     (-> data
+                         (assoc :profile-id profile-id)
+                         (assoc ::profile-id profile-id))
+                     (dissoc data :profile-id))
+        method     (get methods type default-handler)]

-        method (get methods type default-handler)]
-    (-> (method data)
-        (p/then (partial handle-response request))
-        (p/then respond)
-        (p/catch (fn [cause]
-                   (let [context {:profile-id profile-id}]
-                     (raise (ex/wrap-with-context cause context))))))))
+    (->> (method data)
+         (p/mcat (partial handle-response request))
+         (p/fnly (fn [response cause]
+                   (if cause
+                     (raise (ex/wrap-with-context cause {:profile-id profile-id}))
+                     (respond response)))))))

 (defn- rpc-command-handler
  "Ring handler that dispatches cmd requests and convert between
  internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
-  (let [cmd    (keyword (:command params))
-        etag   (yrq/get-header request "if-none-match")
-        data   (into {::http/request request ::cond/key etag} params)
-        data   (if profile-id
-                 (assoc data :profile-id profile-id ::session-id session-id)
-                 (dissoc data :profile-id))
+  [methods {:keys [params path-params] :as request} respond raise]
+  (let [type       (keyword (:type path-params))
+        etag       (yrq/get-header request "if-none-match")
+        profile-id (or (::session/profile-id request)
+                       (::actoken/profile-id request))
+
+        data       (-> params
+                       (assoc ::request-at (dt/now))
+                       (assoc ::session/id (::session/id request))
+                       (assoc ::http/request request)
+                       (assoc ::cond/key etag)
+                       (cond-> (uuid? profile-id)
+                         (assoc ::profile-id profile-id)))
+
+        method    (get methods type default-handler)]

-        method (get methods cmd default-handler)]
    (binding [cond/*enabled* true]
-      (-> (method data)
-          (p/then (partial handle-response request))
-          (p/then respond)
-          (p/catch (fn [cause]
-                     (let [context {:profile-id profile-id}]
-                       (raise (ex/wrap-with-context cause context)))))))))
+      (->> (method data)
+           (p/mcat (partial handle-response request))
+           (p/fnly (fn [response cause]
+                     (if cause
+                       (raise (ex/wrap-with-context cause {:profile-id profile-id}))
+                       (respond response))))))))

 (defn- wrap-metrics
  "Wrap service method with metrics measurement."
  [{:keys [metrics ::metrics-id]} f mdata]
  (let [labels (into-array String [(::sv/name mdata)])]
    (fn [cfg params]
-      (let [tp (ts/tpoint)]
-        (p/finally
-          (f cfg params)
-          (fn [_ _]
-            (mtx/run! metrics
-                      :id metrics-id
-                      :val (inst-ms (tp))
-                      :labels labels)))))))
+      (let [tp (dt/tpoint)]
+        (->> (f cfg params)
+             (p/fnly (fn [_ _]
+                       (mtx/run! metrics
+                                 :id metrics-id
+                                 :val (inst-ms (tp))
+                                 :labels labels))))))))
+
+
+(defn- wrap-authentication
+  [_ f {:keys [::auth] :as mdata}]
+  (fn [cfg params]
+    (let [profile-id (::profile-id params)]
+      (if (and auth (not (uuid? profile-id)))
+        (p/rejected
+         (ex/error :type :authentication
+                   :code :authentication-required
+                   :hint "authentication required for this endpoint"))
+        (f cfg params)))))
+
+(defn- wrap-access-token
+  "Wraps service method with access token validation."
+  [_ f {:keys [::sv/name] :as mdata}]
+  (if (contains? cf/flags :access-tokens)
+    (fn [cfg params]
+      (let [request (::http/request params)]
+        (if (contains? request ::actoken/id)
+          (let [perms (::actoken/perms request #{})]
+            (if (contains? perms name)
+              (f cfg params)
+              (p/rejected
+               (ex/error :type :authorization
+                         :code :operation-not-allowed
+                         :allowed perms))))
+          (f cfg params))))
+    f))

 (defn- wrap-dispatch
  "Wraps service method into async flow, with the ability to dispatching
  it to a preconfigured executor service."
-  [{:keys [executor] :as cfg} f mdata]
+  [{:keys [::wrk/executor] :as cfg} f mdata]
  (with-meta
    (fn [cfg params]
      (->> (px/submit! executor (px/wrap-bindings #(f cfg params)))
@@ -152,17 +206,21 @@
    (letfn [(handle-audit [params result]
              (let [resultm    (meta result)
                    request    (::http/request params)
+
                    profile-id (or (::audit/profile-id resultm)
                                   (:profile-id result)
-                                   (:profile-id params)
+                                   (if (= (::type cfg) "command")
+                                     (::profile-id params)
+                                     (:profile-id params))
                                   uuid/zero)

-                    props      (or (::audit/replace-props resultm)
-                                   (-> params
-                                       (d/without-qualified)
-                                       (merge (::audit/props resultm))
-                                       (dissoc :profile-id)
-                                       (dissoc :type)))
+                    props      (-> (or (::audit/replace-props resultm)
+                                       (-> params
+                                           (merge (::audit/props resultm))
+                                           (dissoc :profile-id)
+                                           (dissoc :type)))
+                                   (d/without-qualified)
+                                   (d/without-nils))

                    event      {:type (or (::audit/type resultm)
                                          (::type cfg))
@@ -171,6 +229,12 @@
                                :profile-id profile-id
                                :ip-addr (some-> request audit/parse-client-ip)
                                :props props
+
+                                ;; NOTE: for batch-key lookup we need the params as-is
+                                ;; because the rpc api does not need to know the
+                                ;; audit/webhook specific object layout.
+                                ::params (dissoc params ::http/request)
+
                                ::webhooks/batch-key
                                (or (::webhooks/batch-key mdata)
                                    (::webhooks/batch-key resultm))
@@ -196,34 +260,34 @@
        f))
    f))

+(defn- wrap-spec-conform
+  [_ f mdata]
+  (let [spec (or (::sv/spec mdata) (s/spec any?))]
+    (fn [cfg params]
+      (let [params (ex/try! (us/conform spec params))]
+        (if (ex/exception? params)
+          (p/rejected params)
+          (f cfg params))))))
+
+(defn- wrap-all
+  [cfg f mdata]
+  (as-> f $
+    (wrap-dispatch cfg $ mdata)
+    (wrap-metrics cfg $ mdata)
+    (cond/wrap cfg $ mdata)
+    (retry/wrap-retry cfg $ mdata)
+    (climit/wrap cfg $ mdata)
+    (rlimit/wrap cfg $ mdata)
+    (wrap-audit cfg $ mdata)
+    (wrap-spec-conform cfg $ mdata)
+    (wrap-authentication cfg $ mdata)
+    (wrap-access-token cfg $ mdata)))
+
 (defn- wrap
  [cfg f mdata]
-  (let [f     (as-> f $
-                (wrap-dispatch cfg $ mdata)
-                (cond/wrap cfg $ mdata)
-                (retry/wrap-retry cfg $ mdata)
-                (wrap-metrics cfg $ mdata)
-                (climit/wrap cfg $ mdata)
-                (rlimit/wrap cfg $ mdata)
-                (wrap-audit cfg $ mdata))
-
-        spec  (or (::sv/spec mdata) (s/spec any?))
-        auth? (:auth mdata true)]
-
-    (l/debug :hint "register method" :name (::sv/name mdata))
-    (with-meta
-      (fn [{:keys [::request] :as params}]
-        ;; Raise authentication error when rpc method requires auth but
-        ;; no profile-id is found in the request.
-
-        (p/do!
-         (if (and auth? (not (uuid? (:profile-id params))))
-           (ex/raise :type :authentication
-                     :code :authentication-required
-                     :hint "authentication required for this endpoint")
-           (let [params (us/conform spec (dissoc params ::request))]
-             (f cfg (assoc params ::request request))))))
-      mdata)))
+  (l/debug :hint "register method" :name (::sv/name mdata))
+  (let [f (wrap-all cfg f mdata)]
+    (with-meta #(f cfg %) mdata)))

 (defn- process-method
  [cfg vfn]
@@ -234,76 +298,70 @@
 (defn- resolve-query-methods
  [cfg]
  (let [cfg (assoc cfg ::type "query" ::metrics-id :rpc-query-timing)]
-    (->> (sv/scan-ns 'app.rpc.queries.projects
-                     'app.rpc.queries.files
-                     'app.rpc.queries.teams
-                     'app.rpc.queries.comments
-                     'app.rpc.queries.profile
-                     'app.rpc.queries.viewer
-                     'app.rpc.queries.fonts)
+    (->> (sv/scan-ns
+          'app.rpc.queries.projects
+          'app.rpc.queries.profile
+          'app.rpc.queries.viewer
+          'app.rpc.queries.fonts)
         (map (partial process-method cfg))
         (into {}))))

 (defn- resolve-mutation-methods
  [cfg]
  (let [cfg (assoc cfg ::type "mutation" ::metrics-id :rpc-mutation-timing)]
-    (->> (sv/scan-ns 'app.rpc.mutations.media
-                     'app.rpc.mutations.profile
-                     'app.rpc.mutations.files
-                     'app.rpc.mutations.comments
-                     'app.rpc.mutations.projects
-                     'app.rpc.mutations.teams
-                     'app.rpc.mutations.management
-                     'app.rpc.mutations.fonts
-                     'app.rpc.mutations.share-link
-                     'app.rpc.mutations.verify-token)
+    (->> (sv/scan-ns
+          'app.rpc.mutations.media
+          'app.rpc.mutations.profile
+          'app.rpc.mutations.projects
+          'app.rpc.mutations.fonts
+          'app.rpc.mutations.share-link)
         (map (partial process-method cfg))
         (into {}))))

 (defn- resolve-command-methods
  [cfg]
  (let [cfg (assoc cfg ::type "command" ::metrics-id :rpc-command-timing)]
-    (->> (sv/scan-ns 'app.rpc.commands.binfile
-                     'app.rpc.commands.comments
-                     'app.rpc.commands.management
-                     'app.rpc.commands.verify-token
-                     'app.rpc.commands.search
-                     'app.rpc.commands.auth
-                     'app.rpc.commands.ldap
-                     'app.rpc.commands.demo
-                     'app.rpc.commands.webhooks
-                     'app.rpc.commands.audit
-                     'app.rpc.commands.files
-                     'app.rpc.commands.files.update
-                     'app.rpc.commands.files.create
-                     'app.rpc.commands.files.temp)
+    (->> (sv/scan-ns
+          'app.rpc.commands.access-token
+          'app.rpc.commands.audit
+          'app.rpc.commands.auth
+          'app.rpc.commands.feedback
+          'app.rpc.commands.fonts
+          'app.rpc.commands.binfile
+          'app.rpc.commands.comments
+          'app.rpc.commands.demo
+          'app.rpc.commands.files
+          'app.rpc.commands.files-create
+          'app.rpc.commands.files-share
+          'app.rpc.commands.files-temp
+          'app.rpc.commands.files-update
+          'app.rpc.commands.ldap
+          'app.rpc.commands.management
+          'app.rpc.commands.media
+          'app.rpc.commands.profile
+          'app.rpc.commands.projects
+          'app.rpc.commands.search
+          'app.rpc.commands.teams
+          'app.rpc.commands.verify-token
+          'app.rpc.commands.viewer
+          'app.rpc.commands.webhooks)
         (map (partial process-method cfg))
         (into {}))))

-(s/def ::ldap (s/nilable map?))
-(s/def ::msgbus ::mbus/msgbus)
-(s/def ::climit (s/nilable ::climit/climit))
-(s/def ::rlimit (s/nilable ::rlimit/rlimit))
-
-(s/def ::public-uri ::us/not-empty-string)
-(s/def ::sprops map?)
-
 (defmethod ig/pre-init-spec ::methods [_]
  (s/keys :req [::audit/collector
+                ::session/manager
                ::http.client/client
                ::db/pool
+                ::mbus/msgbus
+                ::ldap/provider
+                ::sto/storage
+                ::mtx/metrics
+                ::main/props
                ::wrk/executor]
-          :req-un [::sto/storage
-                   ::http.session/session
-                   ::sprops
-                   ::public-uri
-                   ::msgbus
-                   ::rlimit
-                   ::climit
-                   ::wrk/executor
-                   ::mtx/metrics
-                   ::db/pool
-                   ::ldap]))
+          :opt [::climit
+                ::rlimit]
+          :req-un [::db/pool]))

 (defmethod ig/init-key ::methods
  [_ cfg]
@@ -325,13 +383,21 @@
                   ::queries
                   ::commands]))

+(s/def ::routes vector?)
+
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req-un [::methods]))
+  (s/keys :req [::methods
+                ::db/pool
+                ::main/props
+                ::wrk/executor
+                ::session/manager
+                ::actoken/manager]))

 (defmethod ig/init-key ::routes
-  [_ {:keys [methods] :as cfg}]
-  [["/rpc"
-    ["/command/:command" {:handler (partial rpc-command-handler (:commands methods))}]
+  [_ {:keys [::methods] :as cfg}]
+  [["/rpc" {:middleware [[session/authz cfg]
+                         [actoken/authz cfg]]}
+    ["/command/:type" {:handler (partial rpc-command-handler (:commands methods))}]
    ["/query/:type" {:handler (partial rpc-query-handler (:queries methods))}]
    ["/mutation/:type" {:handler (partial rpc-mutation-handler (:mutations methods))
                        :allowed-methods #{:post}}]]])
--- a/backend/src/app/rpc/climit.clj
+++ b/backend/src/app/rpc/climit.clj
@@ -46,7 +46,7 @@
                   (p/rejected
                    (ex/error :type :internal
                              :code :concurrency-limit-reached
-                              :queue (-> limiter meta :bkey name)
+                              :queue (-> limiter meta ::bkey name)
                              :cause cause))

                   (some? cause)
@@ -56,7 +56,7 @@
                   (p/resolved result))))))

 (defn- create-limiter
-  [{:keys [executor metrics concurrency queue-size bkey skey]}]
+  [{:keys [::wrk/executor ::mtx/metrics ::bkey ::skey concurrency queue-size]}]
  (let [labels   (into-array String [(name bkey)])
        on-queue (fn [instance]
                   (l/trace :hint "enqueued"
@@ -100,10 +100,10 @@
                  :on-run on-run}]

    (-> (pxb/create options)
-        (vary-meta assoc :bkey bkey :skey skey))))
+        (vary-meta assoc ::bkey bkey ::skey skey))))

 (defn- create-cache
-  [{:keys [executor] :as params} config]
+  [{:keys [::wrk/executor] :as params} config]
  (let [listener (reify RemovalListener
                   (onRemoval [_ key _val cause]
                     (l/trace :hint "cache: remove" :key key :reason (str cause))))
@@ -113,8 +113,8 @@
                     (let [[bkey skey] key]
                       (when-let [config (get config bkey)]
                         (-> (merge params config)
-                             (assoc :bkey bkey)
-                             (assoc :skey skey)
+                             (assoc ::bkey bkey)
+                             (assoc ::skey skey)
                             (create-limiter))))))]

  (.. (Caffeine/newBuilder)
@@ -134,14 +134,16 @@

 (defmethod ig/prep-key ::rpc/climit
  [_ cfg]
-  (merge {:path (cf/get :rpc-climit-config)}
+  (merge {::path (cf/get :rpc-climit-config)}
         (d/without-nils cfg)))

+(s/def ::path ::fs/path)
+
 (defmethod ig/pre-init-spec ::rpc/climit [_]
-  (s/keys :req-un [::wrk/executor ::mtx/metrics ::fs/path]))
+  (s/keys :req [::wrk/executor ::mtx/metrics ::path]))

 (defmethod ig/init-key ::rpc/climit
-  [_ {:keys [path] :as params}]
+  [_ {:keys [::path] :as params}]
  (when (contains? cf/flags :rpc-climit)
    (if-let [config (some->> path slurp edn/read-string)]
      (do
@@ -163,7 +165,8 @@
      (l/warn :hint "unable to load configuration" :config (str path)))))


-(s/def ::climit #(satisfies? IConcurrencyManager %))
+(s/def ::rpc/climit
+  (s/nilable #(satisfies? IConcurrencyManager %)))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; PUBLIC API
@@ -176,7 +179,7 @@
     (p/wrap (do ~@body))))

 (defn wrap
-  [{:keys [climit]} f {:keys [::queue ::key-fn] :as mdata}]
+  [{:keys [::rpc/climit]} f {:keys [::queue ::key-fn] :as mdata}]
  (if (and (some? climit)
           (some? queue))
    (if-let [config (get @climit queue)]
@@ -192,7 +195,6 @@
            (let [key [queue (key-fn params)]
                  lim (get climit key)]
              (invoke! lim (partial f cfg params))))
-
          (let [lim (get climit queue)]
            (fn [cfg params]
              (invoke! lim (partial f cfg params))))))
--- a/backend/src/app/rpc/commands/access_token.clj
+++ b/backend/src/app/rpc/commands/access_token.clj
@@ -0,0 +1,87 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.access-token
+  (:require
+   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
+   [app.db :as db]
+   [app.main :as-alias main]
+   [app.rpc :as-alias rpc]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.quotes :as quotes]
+   [app.tokens :as tokens]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [clojure.spec.alpha :as s]))
+
+(defn- decode-row
+  [{:keys [perms] :as row}]
+  (cond-> row
+    (db/pgarray? perms "text")
+    (assoc :perms (db/decode-pgarray perms #{}))))
+
+(defn- create-access-token
+  [{:keys [::conn ::main/props]} profile-id name perms]
+  (let [created-at (dt/now)
+        token-id   (uuid/next)
+        token      (tokens/generate props {:iss "access-token"
+                                           :tid token-id
+                                           :iat created-at})]
+    (db/insert! conn :access-token
+                {:id token-id
+                 :name name
+                 :token token
+                 :profile-id profile-id
+                 :created-at created-at
+                 :updated-at created-at
+                 :perms (db/create-array conn "text" perms)})))
+
+(defn repl-create-access-token
+  [{:keys [::db/pool] :as system} profile-id name perms]
+  (db/with-atomic [conn pool]
+    (let [props (:app.setup/props system)]
+      (create-access-token {::conn conn ::main/props props}
+                           profile-id
+                           name
+                           perms))))
+
+(s/def ::name ::us/not-empty-string)
+(s/def ::perms ::us/set-of-strings)
+
+(s/def ::create-access-token
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::name ::perms]))
+
+(sv/defmethod ::create-access-token
+  {::doc/added "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id name perms]}]
+  (db/with-atomic [conn pool]
+    (let [cfg (assoc cfg ::conn conn)]
+      (quotes/check-quote! conn
+                           {::quotes/id ::quotes/access-tokens-per-profile
+                            ::quotes/profile-id profile-id})
+      (-> (create-access-token cfg profile-id name perms)
+          (decode-row)))))
+
+(s/def ::delete-access-token
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::us/id]))
+
+(sv/defmethod ::delete-access-token
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id id]}]
+  (db/delete! pool :access-token {:id id :profile-id profile-id})
+  nil)
+
+(s/def ::get-access-tokens
+  (s/keys :req [::rpc/profile-id]))
+
+(sv/defmethod ::get-access-tokens
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id]}]
+  (->> (db/query pool :access-token {:profile-id profile-id})
+       (mapv decode-row)))
--- a/backend/src/app/rpc/commands/audit.clj
+++ b/backend/src/app/rpc/commands/audit.clj
@@ -15,6 +15,7 @@
   [app.db :as db]
   [app.http :as-alias http]
   [app.loggers.audit :as audit]
+   [app.rpc :as-alias rpc]
   [app.rpc.climit :as-alias climit]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
@@ -41,7 +42,7 @@
   :profile-id :ip-addr :props :context])

 (defn- handle-events
-  [{:keys [::db/pool]} {:keys [profile-id events ::http/request] :as params}]
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id events ::http/request]}]
  (let [ip-addr (audit/parse-client-ip request)
        xform   (comp
                 (map #(assoc % :profile-id profile-id))
@@ -53,7 +54,6 @@
    (when (seq events)
      (db/insert-multi! pool :audit-log event-columns events))))

-(s/def ::profile-id ::us/uuid)
 (s/def ::name ::us/string)
 (s/def ::type ::us/string)
 (s/def ::props (s/map-of ::us/keyword any?))
@@ -67,11 +67,12 @@
 (s/def ::events (s/every ::event))

 (s/def ::push-audit-events
-  (s/keys :req-un [::events ::profile-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::events]))

 (sv/defmethod ::push-audit-events
  {::climit/queue :push-audit-events
-   ::climit/key-fn :profile-id
+   ::climit/key-fn ::rpc/profile-id
   ::audit/skip true
   ::doc/added "1.17"}
  [{:keys [::db/pool ::wrk/executor] :as cfg} params]
--- a/backend/src/app/rpc/commands/auth.clj
+++ b/backend/src/app/rpc/commands/auth.clj
@@ -6,6 +6,7 @@

 (ns app.rpc.commands.auth
  (:require
+   [app.auth :as auth]
   [app.common.data :as d]
   [app.common.exceptions :as ex]
   [app.common.spec :as us]
@@ -15,15 +16,16 @@
   [app.emails :as eml]
   [app.http.session :as session]
   [app.loggers.audit :as audit]
+   [app.main :as-alias main]
+   [app.rpc :as-alias rpc]
   [app.rpc.climit :as climit]
+   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
-   [app.rpc.mutations.teams :as teams]
-   [app.rpc.queries.profile :as profile]
   [app.tokens :as tokens]
   [app.util.services :as sv]
   [app.util.time :as dt]
-   [buddy.hashers :as hashers]
   [clojure.spec.alpha :as s]
   [cuerdas.core :as str]))

@@ -31,7 +33,6 @@
 (s/def ::fullname ::us/not-empty-string)
 (s/def ::lang ::us/string)
 (s/def ::path ::us/string)
-(s/def ::profile-id ::us/uuid)
 (s/def ::password ::us/not-empty-string)
 (s/def ::old-password ::us/not-empty-string)
 (s/def ::theme ::us/string)
@@ -40,22 +41,6 @@

 ;; ---- HELPERS

-(defn derive-password
-  [password]
-  (hashers/derive password
-                  {:alg :argon2id
-                   :memory 16384
-                   :iterations 20
-                   :parallelism 2}))
-
-(defn verify-password
-  [attempt password]
-  (try
-    (hashers/verify attempt password)
-    (catch Exception _e
-      {:update false
-       :valid false})))
-
 (defn email-domain-in-whitelist?
  "Returns true if email's domain is in the given whitelist or if
  given whitelist is an empty string."
@@ -67,26 +52,13 @@
                            (str/split #"@" 2))]
      (contains? domains candidate))))

-(def ^:private sql:profile-existence
-  "select exists (select * from profile
-                   where email = ?
-                     and deleted_at is null) as val")
-
-(defn check-profile-existence!
-  [conn {:keys [email] :as params}]
-  (let [email  (str/lower email)
-        result (db/exec-one! conn [sql:profile-existence email])]
-    (when (:val result)
-      (ex/raise :type :validation
-                :code :email-already-exists))
-    params))
-
 ;; ---- COMMAND: login with password

 (defn login-with-password
-  [{:keys [pool session sprops] :as cfg} {:keys [email password] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [email password] :as params}]

-  (when-not (contains? cf/flags :login)
+  (when-not (or (contains? cf/flags :login)
+                (contains? cf/flags :login-with-password))
    (ex/raise :type :restriction
              :code :login-disabled
              :hint "login is disabled in this instance"))
@@ -96,7 +68,7 @@
              (ex/raise :type :validation
                        :code :account-without-password
                        :hint "the current account does not have password"))
-            (:valid (verify-password password (:password profile))))
+            (:valid (auth/verify-password password (:password profile))))

          (validate-profile [profile]
            (when-not profile
@@ -119,24 +91,23 @@
            profile)]

    (db/with-atomic [conn pool]
-      (let [profile    (->> (profile/retrieve-profile-data-by-email conn email)
+      (let [profile    (->> (profile/get-profile-by-email conn email)
                            (validate-profile)
-                            (profile/strip-private-attrs)
-                            (profile/populate-additional-data conn)
-                            (profile/decode-profile-row))
+                            (profile/decode-row)
+                            (profile/strip-private-attrs))

            invitation (when-let [token (:invitation-token params)]
-                         (tokens/verify sprops {:token token :iss :team-invitation}))
+                         (tokens/verify (::main/props cfg) {:token token :iss :team-invitation}))

            ;; If invitation member-id does not matches the profile-id, we just proceed to ignore the
            ;; invitation because invitations matches exactly; and user can't login with other email and
            ;; accept invitation with other email
            response   (if (and (some? invitation) (= (:id profile) (:member-id invitation)))
                         {:invitation-token (:invitation-token params)}
-                         profile)]
-
+                         (assoc profile :is-admin (let [admins (cf/get :admins)]
+                                                    (contains? admins (:email profile)))))]
        (-> response
-            (rph/with-transform (session/create-fn session (:id profile)))
+            (rph/with-transform (session/create-fn cfg (:id profile)))
            (rph/with-meta {::audit/props (audit/profile->props profile)
                            ::audit/profile-id (:id profile)}))))))

@@ -146,7 +117,7 @@

 (sv/defmethod ::login-with-password
  "Performs authentication using penpot password."
-  {:auth false
+  {::rpc/auth false
   ::climit/queue :auth
   ::doc/added "1.15"}
  [cfg params]
@@ -155,25 +126,25 @@
 ;; ---- COMMAND: Logout

 (s/def ::logout
-  (s/keys :opt-un [::profile-id]))
+  (s/keys :opt [::rpc/profile-id]))

 (sv/defmethod ::logout
  "Clears the authentication cookie and logout the current session."
-  {:auth false
+  {::rpc/auth false
   ::doc/added "1.15"}
-  [{:keys [session] :as cfg} _]
-  (rph/with-transform {} (session/delete-fn session)))
+  [cfg _]
+  (rph/with-transform {} (session/delete-fn cfg)))

 ;; ---- COMMAND: Recover Profile

 (defn recover-profile
-  [{:keys [pool sprops] :as cfg} {:keys [token password]}]
+  [{:keys [::db/pool] :as cfg} {:keys [token password]}]
  (letfn [(validate-token [token]
-            (let [tdata (tokens/verify sprops {:token token :iss :password-recovery})]
+            (let [tdata (tokens/verify (::main/props cfg) {:token token :iss :password-recovery})]
              (:profile-id tdata)))

          (update-password [conn profile-id]
-            (let [pwd (derive-password password)]
+            (let [pwd (auth/derive-password password)]
              (db/update! conn :profile {:password pwd} {:id profile-id})))]

    (db/with-atomic [conn pool]
@@ -186,7 +157,7 @@
  (s/keys :req-un [::token ::password]))

 (sv/defmethod ::recover-profile
-  {:auth false
+  {::rpc/auth false
   ::climit/queue :auth
   ::doc/added "1.15"}
  [cfg params]
@@ -195,13 +166,13 @@
 ;; ---- COMMAND: Prepare Register

 (defn validate-register-attempt!
-  [{:keys [pool sprops]} params]
+  [{:keys [::db/pool] :as cfg} params]

  (when-not (contains? cf/flags :registration)
    (if-not (contains? params :invitation-token)
      (ex/raise :type :restriction
                :code :registration-disabled)
-      (let [invitation (tokens/verify sprops {:token (:invitation-token params) :iss :team-invitation})]
+      (let [invitation (tokens/verify (::main/props cfg) {:token (:invitation-token params) :iss :team-invitation})]
        (when-not (= (:email params) (:member-email invitation))
          (ex/raise :type :restriction
                    :code :email-does-not-match-invitation
@@ -235,11 +206,11 @@
    (pos? (compare elapsed register-retry-threshold))))

 (defn prepare-register
-  [{:keys [pool sprops] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} params]

  (validate-register-attempt! cfg params)

-  (let [profile (when-let [profile (profile/retrieve-profile-data-by-email pool (:email params))]
+  (let [profile (when-let [profile (profile/get-profile-by-email pool (:email params))]
                  (cond
                    (:is-blocked profile)
                    (ex/raise :type :restriction
@@ -264,7 +235,7 @@

        params (d/without-nils params)

-        token  (tokens/generate sprops params)]
+        token  (tokens/generate (::main/props cfg) params)]
    (with-meta {:token token}
      {::audit/profile-id uuid/zero})))

@@ -273,17 +244,18 @@
          :opt-un [::invitation-token]))

 (sv/defmethod ::prepare-register-profile
-  {:auth false
+  {::rpc/auth false
   ::doc/added "1.15"}
  [cfg params]
  (prepare-register cfg params))

 ;; ---- COMMAND: Register Profile

-(defn create-profile
+(defn create-profile!
  "Create the profile entry on the database with limited set of input
  attrs (all the other attrs are filled with default values)."
-  [conn params]
+  [conn {:keys [email] :as params}]
+  (us/assert! ::us/email email)
  (let [id        (or (:id params) (uuid/next))
        props     (-> (audit/extract-utm-params params)
                      (merge (:props params))
@@ -293,7 +265,7 @@
                      (db/tjson))

        password  (if-let [password (:password params)]
-                    (derive-password password)
+                    (auth/derive-password password)
                    "!")

        locale    (:locale params)
@@ -304,7 +276,7 @@
        is-demo   (:is-demo params false)
        is-muted  (:is-muted params false)
        is-active (:is-active params false)
-        email     (str/lower (:email params))
+        email     (str/lower email)

        params    {:id id
                   :fullname (:fullname params)
@@ -319,35 +291,38 @@
                   :is-demo is-demo}]
    (try
      (-> (db/insert! conn :profile params)
-          (profile/decode-profile-row))
+          (profile/decode-row))
      (catch org.postgresql.util.PSQLException e
        (let [state (.getSQLState e)]
          (if (not= state "23505")
            (throw e)
            (ex/raise :type :validation
                      :code :email-already-exists
+                      :hint "email already exists"
                      :cause e)))))))

-(defn create-profile-relations
-  [conn profile]
-  (let [team (teams/create-team conn {:profile-id (:id profile)
+(defn create-profile-rels!
+  [conn {:keys [id] :as profile}]
+  (let [team (teams/create-team conn {:profile-id id
                                      :name "Default"
                                      :is-default true})]
-    (-> profile
-        (profile/strip-private-attrs)
-        (assoc :default-team-id (:id team))
-        (assoc :default-project-id (:default-project-id team)))))
+    (-> (db/update! conn :profile
+                    {:default-team-id (:id team)
+                     :default-project-id  (:default-project-id team)}
+                    {:id id})
+        (profile/decode-row))))
+

 (defn send-email-verification!
-  [conn sprops profile]
-  (let [vtoken (tokens/generate sprops
+  [conn props profile]
+  (let [vtoken (tokens/generate props
                                {:iss :verify-email
                                 :exp (dt/in-future "72h")
                                 :profile-id (:id profile)
                                 :email (:email profile)})
        ;; NOTE: this token is mainly used for possible complains
        ;; identification on the sns webhook
-        ptoken (tokens/generate sprops
+        ptoken (tokens/generate props
                                {:iss :profile-identity
                                 :profile-id (:id profile)
                                 :exp (dt/in-future {:days 30})})]
@@ -360,24 +335,20 @@
                :extra-data ptoken})))

 (defn register-profile
-  [{:keys [conn sprops session] :as cfg} {:keys [token] :as params}]
-  (let [claims     (tokens/verify sprops {:token token :iss :prepared-register})
+  [{:keys [conn] :as cfg} {:keys [token] :as params}]
+  (let [claims     (tokens/verify (::main/props cfg) {:token token :iss :prepared-register})
        params     (merge params claims)

        is-active  (or (:is-active params)
-                       (not (contains? cf/flags :email-verification))
-
-                       ;; DEPRECATED: v1.15
-                       (contains? cf/flags :insecure-register))
+                       (not (contains? cf/flags :email-verification)))

        profile    (if-let [profile-id (:profile-id claims)]
-                     (profile/retrieve-profile conn profile-id)
-                     (->> (assoc params :is-active is-active)
-                          (create-profile conn)
-                          (create-profile-relations conn)
-                          (profile/decode-profile-row)))
+                     (profile/get-profile conn profile-id)
+                     (->> (create-profile! conn (assoc params :is-active is-active))
+                          (create-profile-rels! conn)))
+
        invitation (when-let [token (:invitation-token params)]
-                     (tokens/verify sprops {:token token :iss :team-invitation}))]
+                     (tokens/verify (::main/props cfg) {:token token :iss :team-invitation}))]

    ;; If profile is filled in claims, means it tries to register
    ;; again, so we proceed to update the modified-at attr
@@ -399,10 +370,10 @@
      ;; email.
      (and (some? invitation) (= (:email profile) (:member-email invitation)))
      (let [claims (assoc invitation :member-id  (:id profile))
-            token  (tokens/generate sprops claims)
+            token  (tokens/generate (::main/props cfg) claims)
            resp   {:invitation-token token}]
        (-> resp
-            (rph/with-transform (session/create-fn session (:id profile)))
+            (rph/with-transform (session/create-fn cfg (:id profile)))
            (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                            ::audit/profile-id (:id profile)})))

@@ -411,7 +382,7 @@
      ;; we need to mark this session as logged.
      (not= "penpot" (:auth-backend profile))
      (-> (profile/strip-private-attrs profile)
-          (rph/with-transform (session/create-fn session (:id profile)))
+          (rph/with-transform (session/create-fn cfg (:id profile)))
          (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                          ::audit/profile-id (:id profile)}))

@@ -419,14 +390,14 @@
      ;; to sign in the user directly, without email verification.
      (true? is-active)
      (-> (profile/strip-private-attrs profile)
-          (rph/with-transform (session/create-fn session (:id profile)))
+          (rph/with-transform (session/create-fn cfg (:id profile)))
          (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                          ::audit/profile-id (:id profile)}))

      ;; In all other cases, send a verification email.
      :else
      (do
-        (send-email-verification! conn sprops profile)
+        (send-email-verification! conn (::main/props cfg) profile)
        (rph/with-meta profile
          {::audit/replace-props (audit/profile->props profile)
           ::audit/profile-id (:id profile)})))))
@@ -435,10 +406,10 @@
  (s/keys :req-un [::token ::fullname]))

 (sv/defmethod ::register-profile
-  {:auth false
+  {::rpc/auth false
   ::climit/queue :auth
   ::doc/added "1.15"}
-  [{:keys [pool] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} params]
  (db/with-atomic [conn pool]
    (-> (assoc cfg :conn conn)
        (register-profile params))))
@@ -446,22 +417,22 @@
 ;; ---- COMMAND: Request Profile Recovery

 (defn request-profile-recovery
-  [{:keys [pool sprops] :as cfg} {:keys [email] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [email] :as params}]
  (letfn [(create-recovery-token [{:keys [id] :as profile}]
-            (let [token (tokens/generate sprops
+            (let [token (tokens/generate (::main/props cfg)
                                         {:iss :password-recovery
                                          :exp (dt/in-future "15m")
                                          :profile-id id})]
              (assoc profile :token token)))

          (send-email-notification [conn profile]
-            (let [ptoken (tokens/generate sprops
+            (let [ptoken (tokens/generate (::main/props cfg)
                                          {:iss :profile-identity
                                           :profile-id (:id profile)
                                           :exp (dt/in-future {:days 30})})]
              (eml/send! {::eml/conn conn
                          ::eml/factory eml/password-recovery
-                          :public-uri (:public-uri cfg)
+                          :public-uri (cf/get :public-uri)
                          :to (:email profile)
                          :token (:token profile)
                          :name (:fullname profile)
@@ -469,7 +440,7 @@
              nil))]

    (db/with-atomic [conn pool]
-      (when-let [profile (profile/retrieve-profile-data-by-email conn email)]
+      (when-let [profile (profile/get-profile-by-email conn email)]
        (when-not (eml/allow-send-emails? conn profile)
          (ex/raise :type :validation
                    :code :profile-is-muted
@@ -493,7 +464,7 @@
  (s/keys :req-un [::email]))

 (sv/defmethod ::request-profile-recovery
-  {:auth false
+  {::rpc/auth false
   ::doc/added "1.15"}
  [cfg params]
  (request-profile-recovery cfg params))
--- a/backend/src/app/rpc/commands/binfile.clj
+++ b/backend/src/app/rpc/commands/binfile.clj
@@ -9,21 +9,27 @@
  (:require
   [app.common.data :as d]
   [app.common.exceptions :as ex]
+   [app.common.files.features :as ffeat]
   [app.common.logging :as l]
   [app.common.pages.migrations :as pmg]
   [app.common.spec :as us]
   [app.common.uuid :as uuid]
   [app.config :as cf]
   [app.db :as db]
+   [app.loggers.audit :as-alias audit]
+   [app.loggers.webhooks :as-alias webhooks]
   [app.media :as media]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.files :as files]
+   [app.rpc.commands.projects :as projects]
   [app.rpc.doc :as-alias doc]
-   [app.rpc.queries.projects :as projects]
+   [app.rpc.helpers :as rph]
   [app.storage :as sto]
   [app.storage.tmp :as tmp]
   [app.tasks.file-gc]
   [app.util.blob :as blob]
   [app.util.fressian :as fres]
+   [app.util.objects-map :as omap]
   [app.util.pointer-map :as pmap]
   [app.util.services :as sv]
   [app.util.time :as dt]
@@ -290,7 +296,7 @@

 (defn- retrieve-file
  [pool file-id]
-  (with-open [conn (db/open pool)]
+  (with-open [^AutoCloseable conn (db/open pool)]
    (binding [pmap/*load-fn* (partial files/load-pointer conn file-id)]
      (some-> (db/get* conn :file {:id file-id})
              (files/decode-row)
@@ -432,9 +438,8 @@
 (s/def ::embed-assets? (s/nilable ::us/boolean))

 (s/def ::write-export-options
-  (s/keys :req-un [::db/pool ::sto/storage]
-          :req    [::output ::file-ids]
-          :opt    [::include-libraries? ::embed-assets?]))
+  (s/keys :req [::db/pool ::sto/storage ::output ::file-ids]
+          :opt [::include-libraries? ::embed-assets?]))

 (defn write-export!
  "Do the exportation of a specified file in custom penpot binary
@@ -471,7 +476,7 @@
              [:v1/metadata :v1/files :v1/rels :v1/sobjects])))))

 (defmethod write-section :v1/metadata
-  [{:keys [pool ::output ::file-ids ::include-libraries?]}]
+  [{:keys [::db/pool ::output ::file-ids ::include-libraries?]}]
  (let [libs  (when include-libraries?
                (retrieve-libraries pool file-ids))
        files (into file-ids libs)]
@@ -479,7 +484,7 @@
    (vswap! *state* assoc :files files)))

 (defmethod write-section :v1/files
-  [{:keys [pool ::output ::embed-assets?]}]
+  [{:keys [::db/pool ::output ::embed-assets?]}]

  ;; Initialize SIDS with empty vector
  (vswap! *state* assoc :sids [])
@@ -503,7 +508,7 @@
      (vswap! *state* update :sids into storage-object-id-xf media))))

 (defmethod write-section :v1/rels
-  [{:keys [pool  ::output ::include-libraries?]}]
+  [{:keys [::db/pool ::output ::include-libraries?]}]
  (let [rels  (when include-libraries?
                (retrieve-library-relations pool (-> *state* deref :files)))]
    (l/debug :hint "found rels" :total (count rels) ::l/async false)
@@ -551,9 +556,8 @@
 (s/def ::ignore-index-errors? (s/nilable ::us/boolean))

 (s/def ::read-import-options
-  (s/keys :req-un [::db/pool ::sto/storage]
-          :req    [::project-id ::input]
-          :opt    [::overwrite? ::migrate? ::ignore-index-errors?]))
+  (s/keys :req [::db/pool ::sto/storage ::project-id ::input]
+          :opt [::overwrite? ::migrate? ::ignore-index-errors?]))

 (defn read-import!
  "Do the importation of the specified resource in penpot custom binary
@@ -576,7 +580,7 @@
    (read-import (assoc options ::version version ::timestamp timestamp))))

 (defmethod read-import :v1
-  [{:keys [pool ::input] :as options}]
+  [{:keys [::db/pool ::input] :as options}]
  (with-open [input (zstd-input-stream input)]
    (with-open [input (io/data-input-stream input)]
      (db/with-atomic [conn pool]
@@ -605,12 +609,23 @@
    (vswap! *state* update :index update-index files)
    (vswap! *state* assoc :version version :files files)))

+(defn- postprocess-file
+  [data]
+  (let [omap-wrap ffeat/*wrap-with-objects-map-fn*
+        pmap-wrap ffeat/*wrap-with-pointer-map-fn*]
+    (-> data
+        (update :pages-index update-vals #(update % :objects omap-wrap))
+        (update :pages-index update-vals pmap-wrap)
+        (update :components update-vals #(update % :objects omap-wrap))
+        (update :components pmap-wrap))))
+
 (defmethod read-section :v1/files
  [{:keys [conn ::input ::migrate? ::project-id ::timestamp ::overwrite?]}]
  (doseq [expected-file-id (-> *state* deref :files)]
-    (let [file    (read-obj! input)
-          media'  (read-obj! input)
-          file-id (:id file)]
+    (let [file     (read-obj! input)
+          media'   (read-obj! input)
+          file-id  (:id file)
+          features files/default-features]

      (when (not= file-id expected-file-id)
        (ex/raise :type :validation
@@ -625,33 +640,42 @@
      (l/debug :hint "update media references" ::l/async false)
      (vswap! *state* update :media into (map #(update % :id lookup-index)) media')

-      (l/debug :hint "processing file" :file-id file-id ::l/async false)
+      (l/debug :hint "processing file" :file-id file-id ::features features ::l/async false)

-      (let [file-id' (lookup-index file-id)
-            data     (-> (:data file)
-                         (assoc :id file-id')
-                         (cond-> migrate? (pmg/migrate-data))
-                         (update :pages-index relink-shapes)
-                         (update :components relink-shapes)
-                         (update :media relink-media))
+      (binding [ffeat/*current* features
+                ffeat/*wrap-with-objects-map-fn* (if (features "storage/objects-map") omap/wrap identity)
+                ffeat/*wrap-with-pointer-map-fn* (if (features "storage/pointer-map") pmap/wrap identity)
+                pmap/*tracked* (atom {})]

-            params  {:id file-id'
-                     :project-id project-id
-                     :name (:name file)
-                     :revn (:revn file)
-                     :is-shared (:is-shared file)
-                     :data (blob/encode data)
-                     :created-at timestamp
-                     :modified-at timestamp}]
+        (let [file-id' (lookup-index file-id)
+              data     (-> (:data file)
+                           (assoc :id file-id')
+                           (cond-> migrate? (pmg/migrate-data))
+                           (update :pages-index relink-shapes)
+                           (update :components relink-shapes)
+                           (update :media relink-media)
+                           (postprocess-file))

-        (l/debug :hint "create file" :id file-id' ::l/async false)
+              params  {:id file-id'
+                       :project-id project-id
+                       :features (db/create-array conn "text" features)
+                       :name (:name file)
+                       :revn (:revn file)
+                       :is-shared (:is-shared file)
+                       :data (blob/encode data)
+                       :created-at timestamp
+                       :modified-at timestamp}]

-        (if overwrite?
-          (create-or-update-file conn params)
-          (db/insert! conn :file params))
+          (l/debug :hint "create file" :id file-id' ::l/async false)

-        (when overwrite?
-          (db/delete! conn :file-thumbnail {:file-id file-id'}))))))
+          (if overwrite?
+            (create-or-update-file conn params)
+            (db/insert! conn :file params))
+
+          (files/persist-pointers! conn file-id')
+
+          (when overwrite?
+            (db/delete! conn :file-thumbnail {:file-id file-id'})))))))

 (defmethod read-section :v1/rels
  [{:keys [conn ::input ::timestamp]}]
@@ -669,7 +693,7 @@
        (db/insert! conn :file-library-rel rel)))))

 (defmethod read-section :v1/sobjects
-  [{:keys [storage conn ::input ::overwrite?]}]
+  [{:keys [::sto/storage conn ::input ::overwrite?]}]
  (let [storage (media/configure-assets-storage storage)
        ids     (read-obj! input)]

@@ -840,10 +864,10 @@
 (defn import!
  [{:keys [::input] :as cfg}]
  (let [id (uuid/next)
-        ts (dt/now)
+        tp (dt/tpoint)
        cs (volatile! nil)]
+    (l/info :hint "import: started" :import-id id)
    (try
-      (l/info :hint "start importation" :import-id id)
      (binding [*position* (atom 0)]
        (with-open [^AutoCloseable input (io/input-stream input)]
          (read-import! (assoc cfg ::input input))))
@@ -853,25 +877,28 @@
        (throw cause))

      (finally
-        (l/info :hint "importation finished" :import-id id
-                :elapsed (str (inst-ms (dt/diff ts (dt/now))) "ms")
+        (l/info :hint "import: terminated"
+                :import-id id
+                :elapsed (dt/format-duration (tp))
                :error? (some? @cs)
-                :cause @cs)))))
+                :cause @cs
+                )))))

 ;; --- Command: export-binfile

 (s/def ::file-id ::us/uuid)
-(s/def ::profile-id ::us/uuid)
 (s/def ::include-libraries? ::us/boolean)
 (s/def ::embed-assets? ::us/boolean)

 (s/def ::export-binfile
-  (s/keys :req-un [::profile-id ::file-id ::include-libraries? ::embed-assets?]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::include-libraries? ::embed-assets?]))

 (sv/defmethod ::export-binfile
  "Export a penpot file in a binary format."
-  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id include-libraries? embed-assets?] :as params}]
+  {::doc/added "1.15"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id include-libraries? embed-assets?] :as params}]
  (files/check-read-permissions! pool profile-id file-id)
  (let [body (reify yrs/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
@@ -886,15 +913,19 @@

 (s/def ::file ::media/upload)
 (s/def ::import-binfile
-  (s/keys :req-un [::profile-id ::project-id ::file]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::project-id ::file]))

 (sv/defmethod ::import-binfile
  "Import a penpot file in a binary format."
-  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id file] :as params}]
+  {::doc/added "1.15"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id file] :as params}]
  (db/with-atomic [conn pool]
    (projects/check-read-permissions! conn profile-id project-id)
-    (import! (assoc cfg
-                    ::input (:path file)
-                    ::project-id project-id
-                    ::ignore-index-errors? true))))
+    (let [ids (import! (assoc cfg
+                              ::input (:path file)
+                              ::project-id project-id
+                              ::ignore-index-errors? true))]
+      (rph/with-meta ids
+        {::audit/props {:file nil :file-ids ids}}))))
--- a/backend/src/app/rpc/commands/comments.clj
+++ b/backend/src/app/rpc/commands/comments.clj
@@ -6,23 +6,26 @@

 (ns app.rpc.commands.comments
  (:require
+   [app.common.data.macros :as dm]
   [app.common.exceptions :as ex]
   [app.common.geom.point :as gpt]
   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
   [app.db :as db]
+   [app.loggers.audit :as-alias audit]
   [app.loggers.webhooks :as-alias webhooks]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.files :as files]
+   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
-   [app.rpc.queries.teams :as teams]
-   [app.rpc.retry :as retry]
-   [app.util.blob :as blob]
+   [app.rpc.quotes :as quotes]
+   [app.util.pointer-map :as pmap]
+   [app.util.retry :as rtry]
   [app.util.services :as sv]
   [app.util.time :as dt]
   [clojure.spec.alpha :as s]))

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; QUERY COMMANDS
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; --- GENERAL PURPOSE INTERNAL HELPERS

 (defn decode-row
  [{:keys [participants position] :as row}]
@@ -30,24 +33,77 @@
    (db/pgpoint? position) (assoc :position (db/decode-pgpoint position))
    (db/pgobject? participants) (assoc :participants (db/decode-transit-pgobject participants))))

+(def sql:get-file
+  "select f.id, f.modified_at, f.revn, f.features,
+          f.project_id, p.team_id, f.data
+     from file as f
+     join project as p on (p.id = f.project_id)
+    where f.id = ?
+      and f.deleted_at is null")
+
+(defn- get-file
+  "A specialized version of get-file for comments module."
+  [conn file-id page-id]
+  (binding [pmap/*load-fn* (partial files/load-pointer conn file-id)]
+    (if-let [{:keys [data] :as file} (some-> (db/exec-one! conn [sql:get-file file-id]) (files/decode-row))]
+      (-> file
+          (assoc :page-name (dm/get-in data [:pages-index page-id :name]))
+          (assoc :page-id page-id))
+      (ex/raise :type :not-found
+                :code :object-not-found
+                :hint "file not found"))))
+
+(defn- get-comment-thread
+  [conn thread-id & {:as opts}]
+  (-> (db/get-by-id conn :comment-thread thread-id opts)
+      (decode-row)))
+
+(defn- get-comment
+  [conn comment-id & {:keys [for-update?]}]
+  (db/get-by-id conn :comment comment-id {:for-update for-update?}))
+
+(defn- get-next-seqn
+  [conn file-id]
+  (let [sql "select (f.comment_thread_seqn + 1) as next_seqn from file as f where f.id = ?"
+        res (db/exec-one! conn [sql file-id])]
+    (:next-seqn res)))
+
+(def sql:upsert-comment-thread-status
+  "insert into comment_thread_status (thread_id, profile_id, modified_at)
+   values (?, ?, ?)
+       on conflict (thread_id, profile_id)
+       do update set modified_at = ?
+   returning modified_at;")
+
+(defn upsert-comment-thread-status!
+  ([conn profile-id thread-id]
+   (upsert-comment-thread-status! conn profile-id thread-id (dt/now)))
+  ([conn profile-id thread-id mod-at]
+   (db/exec-one! conn [sql:upsert-comment-thread-status thread-id profile-id mod-at mod-at])))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUERY COMMANDS
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
 ;; --- COMMAND: Get Comment Threads

-(declare retrieve-comment-threads)
+(declare ^:private get-comment-threads)

 (s/def ::team-id ::us/uuid)
 (s/def ::file-id ::us/uuid)
 (s/def ::share-id (s/nilable ::us/uuid))

 (s/def ::get-comment-threads
-  (s/and (s/keys :req-un [::profile-id]
+  (s/and (s/keys :req [::rpc/profile-id]
                 :opt-un [::file-id ::share-id ::team-id])
         #(or (:file-id %) (:team-id %))))

 (sv/defmethod ::get-comment-threads
  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id share-id] :as params}]
  (with-open [conn (db/open pool)]
-    (retrieve-comment-threads conn params)))
+    (files/check-comment-permissions! conn profile-id file-id share-id)
+    (get-comment-threads conn profile-id file-id)))

 (def sql:comment-threads
  "select distinct on (ct.id)
@@ -71,25 +127,26 @@
    where ct.file_id = ?
   window w as (partition by c.thread_id order by c.created_at asc)")

-(defn retrieve-comment-threads
-  [conn {:keys [profile-id file-id share-id]}]
-  (files/check-comment-permissions! conn profile-id file-id share-id)
+(defn- get-comment-threads
+  [conn profile-id file-id]
  (->> (db/exec! conn [sql:comment-threads profile-id file-id])
       (into [] (map decode-row))))

 ;; --- COMMAND: Get Unread Comment Threads

-(declare retrieve-unread-comment-threads)
+(declare ^:private get-unread-comment-threads)

 (s/def ::team-id ::us/uuid)
 (s/def ::get-unread-comment-threads
-  (s/keys :req-un [::profile-id ::team-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))

 (sv/defmethod ::get-unread-comment-threads
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id] :as params}]
+  {::doc/added "1.15"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
  (with-open [conn (db/open pool)]
    (teams/check-read-permissions! conn profile-id team-id)
-    (retrieve-unread-comment-threads conn params)))
+    (get-unread-comment-threads conn profile-id team-id)))

 (def sql:comment-threads-by-team
  "select distinct on (ct.id)
@@ -118,22 +175,22 @@
  (str "with threads as (" sql:comment-threads-by-team ")"
       "select * from threads where count_unread_comments > 0"))

-(defn retrieve-unread-comment-threads
-  [conn {:keys [profile-id team-id]}]
+(defn- get-unread-comment-threads
+  [conn profile-id team-id]
  (->> (db/exec! conn [sql:unread-comment-threads-by-team profile-id team-id])
       (into [] (map decode-row))))


 ;; --- COMMAND: Get Single Comment Thread

-(s/def ::id ::us/uuid)
-(s/def ::share-id (s/nilable ::us/uuid))
 (s/def ::get-comment-thread
-  (s/keys :req-un [::profile-id ::file-id ::id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::us/id]
          :opt-un [::share-id]))

 (sv/defmethod ::get-comment-thread
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id id share-id] :as params}]
+  {::doc/added "1.15"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id id share-id] :as params}]
  (with-open [conn (db/open pool)]
    (files/check-comment-permissions! conn profile-id file-id share-id)
    (let [sql (str "with threads as (" sql:comment-threads ")"
@@ -141,37 +198,30 @@
      (-> (db/exec-one! conn [sql profile-id file-id id])
          (decode-row)))))

-(defn get-comment-thread
-  [conn {:keys [profile-id file-id id] :as params}]
-  (let [sql (str "with threads as (" sql:comment-threads ")"
-                 "select * from threads where id = ?")]
-    (-> (db/exec-one! conn [sql profile-id file-id id])
-        (decode-row))))
-
 ;; --- COMMAND: Retrieve Comments

-(declare get-comments)
+(declare ^:private get-comments)

-(s/def ::file-id ::us/uuid)
-(s/def ::share-id (s/nilable ::us/uuid))
 (s/def ::thread-id ::us/uuid)
 (s/def ::get-comments
-  (s/keys :req-un [::profile-id ::thread-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::thread-id]
          :opt-un [::share-id]))

 (sv/defmethod ::get-comments
-  [{:keys [pool] :as cfg} {:keys [profile-id thread-id share-id] :as params}]
+  {::doc/added "1.15"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id thread-id share-id] :as params}]
  (with-open [conn (db/open pool)]
-    (let [thread (db/get-by-id conn :comment-thread thread-id)]
-      (files/check-comment-permissions! conn profile-id (:file-id thread) share-id))
-    (get-comments conn thread-id)))
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn thread-id)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)
+      (get-comments conn thread-id))))

 (def sql:comments
  "select c.* from comment as c
    where c.thread_id = ?
    order by c.created_at asc")

-(defn get-comments
+(defn- get-comments
  [conn thread-id]
  (->> (db/query conn :comment
                 {:thread-id thread-id}
@@ -180,25 +230,6 @@

 ;; --- COMMAND: Get file comments users

-(declare get-file-comments-users)
-
-(s/def ::file-id ::us/uuid)
-(s/def ::share-id (s/nilable ::us/uuid))
-
-(s/def ::get-profiles-for-file-comments
-  (s/keys :req-un [::profile-id ::file-id]
-          :opt-un [::share-id]))
-
-(sv/defmethod ::get-profiles-for-file-comments
-  "Retrieves a list of profiles with limited set of properties of all
-  participants on comment threads of the file."
-  {::doc/added "1.15"
-   ::doc/changes ["1.15" "Imported from queries and renamed."]}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id share-id]}]
-  (with-open [conn (db/open pool)]
-    (files/check-comment-permissions! conn profile-id file-id share-id)
-    (get-file-comments-users conn file-id profile-id)))
-
 ;; All the profiles that had comment the file, plus the current
 ;; profile.

@@ -221,87 +252,113 @@
  [conn file-id profile-id]
  (db/exec! conn [sql:file-comment-users file-id profile-id]))

+(s/def ::get-profiles-for-file-comments
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id]
+          :opt-un [::share-id]))
+
+(sv/defmethod ::get-profiles-for-file-comments
+  "Retrieves a list of profiles with limited set of properties of all
+  participants on comment threads of the file."
+  {::doc/added "1.15"
+   ::doc/changes ["1.15" "Imported from queries and renamed."]}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id share-id]}]
+  (with-open [conn (db/open pool)]
+    (files/check-comment-permissions! conn profile-id file-id share-id)
+    (get-file-comments-users conn file-id profile-id)))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; MUTATION COMMANDS
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

+(declare ^:private create-comment-thread)
+
 ;; --- COMMAND: Create Comment Thread

-(declare upsert-comment-thread-status!)
-(declare create-comment-thread)
-(declare retrieve-page-name)
-
 (s/def ::page-id ::us/uuid)
-(s/def ::file-id ::us/uuid)
-(s/def ::share-id (s/nilable ::us/uuid))
-(s/def ::profile-id ::us/uuid)
 (s/def ::position ::gpt/point)
 (s/def ::content ::us/string)
 (s/def ::frame-id ::us/uuid)

 (s/def ::create-comment-thread
-  (s/keys :req-un [::profile-id ::file-id ::position ::content ::page-id ::frame-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::position ::content ::page-id ::frame-id]
          :opt-un [::share-id]))

 (sv/defmethod ::create-comment-thread
-  {::retry/max-retries 3
-   ::retry/matches retry/conflict-db-insert?
-   ::doc/added "1.15"
+  {::doc/added "1.15"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id share-id] :as params}]
+  [{:keys [::db/pool] :as cfg}
+   {:keys [::rpc/profile-id ::rpc/request-at file-id page-id share-id position content frame-id]}]
+
  (db/with-atomic [conn pool]
-    (files/check-comment-permissions! conn profile-id file-id share-id)
-    (create-comment-thread conn params)))
+    (let [{:keys [team-id project-id page-name] :as file} (get-file conn file-id page-id)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)

-(defn- retrieve-next-seqn
-  [conn file-id]
-  (let [sql "select (f.comment_thread_seqn + 1) as next_seqn from file as f where f.id = ?"
-        res (db/exec-one! conn [sql file-id])]
-    (:next-seqn res)))
+      (run! (partial quotes/check-quote! conn)
+            (list {::quotes/id ::quotes/comment-threads-per-file
+                   ::quotes/profile-id profile-id
+                   ::quotes/team-id team-id
+                   ::quotes/project-id project-id
+                   ::quotes/file-id file-id}
+                  {::quotes/id ::quotes/comments-per-file
+                   ::quotes/profile-id profile-id
+                   ::quotes/team-id team-id
+                   ::quotes/project-id project-id
+                   ::quotes/file-id file-id}))

-(defn create-comment-thread
-  [conn {:keys [profile-id file-id page-id position content frame-id] :as params}]
-  (let [seqn    (retrieve-next-seqn conn file-id)
-        now     (dt/now)
-        pname   (retrieve-page-name conn params)
-        thread  (db/insert! conn :comment-thread
-                           {:file-id file-id
-                            :owner-id profile-id
-                            :participants (db/tjson #{profile-id})
-                            :page-name pname
-                            :page-id page-id
-                            :created-at now
-                            :modified-at now
-                            :seqn seqn
-                            :position (db/pgpoint position)
-                            :frame-id frame-id})]
+      (rtry/with-retry {::rtry/when rtry/conflict-exception?
+                        ::rtry/max-retries 3
+                        ::rtry/label "create-comment-thread"}
+        (create-comment-thread conn
+                               {:created-at request-at
+                                :profile-id profile-id
+                                :file-id file-id
+                                :page-id page-id
+                                :page-name page-name
+                                :position position
+                                :content content
+                                :frame-id frame-id})))))


-    ;; Create a comment entry
-    (db/insert! conn :comment
-                {:thread-id (:id thread)
-                 :owner-id profile-id
-                 :created-at now
-                 :modified-at now
-                 :content content})
+(defn- create-comment-thread
+  [conn {:keys [profile-id file-id page-id page-name created-at position content frame-id]}]
+  (let [;; NOTE: we take the next seq number from a separate query because the whole
+        ;; operation can be retried on conflict, and in this case the new seq shold be
+        ;; retrieved from the database.
+        seqn      (get-next-seqn conn file-id)
+        thread-id (uuid/next)
+        thread    (db/insert! conn :comment-thread
+                              {:id thread-id
+                               :file-id file-id
+                               :owner-id profile-id
+                               :participants (db/tjson #{profile-id})
+                               :page-name page-name
+                               :page-id page-id
+                               :created-at created-at
+                               :modified-at created-at
+                               :seqn seqn
+                               :position (db/pgpoint position)
+                               :frame-id frame-id})
+        comment   (db/insert! conn :comment
+                              {:id (uuid/next)
+                               :thread-id thread-id
+                               :owner-id profile-id
+                               :created-at created-at
+                               :modified-at created-at
+                               :content content})]

    ;; Make the current thread as read.
-    (upsert-comment-thread-status! conn profile-id (:id thread))
+    (upsert-comment-thread-status! conn profile-id thread-id created-at)

    ;; Optimistic update of current seq number on file.
    (db/update! conn :file
                {:comment-thread-seqn seqn}
                {:id file-id})

-    (select-keys thread [:id :file-id :page-id])))
-
-(defn- retrieve-page-name
-  [conn {:keys [file-id page-id]}]
-  (let [{:keys [data]} (db/get-by-id conn :file file-id)
-        data           (blob/decode data)]
-    (get-in data [:pages-index page-id :name])))
-
+    (-> thread
+        (select-keys [:id :file-id :page-id])
+        (assoc :comment-id (:id comment)))))

 ;; --- COMMAND: Update Comment Thread Status

@@ -309,49 +366,33 @@
 (s/def ::share-id (s/nilable ::us/uuid))

 (s/def ::update-comment-thread-status
-  (s/keys :req-un [::profile-id ::id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]
          :opt-un [::share-id]))

 (sv/defmethod ::update-comment-thread-status
  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id share-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [cthr (db/get-by-id conn :comment-thread id {:for-update true})]
-      (when-not cthr
-        (ex/raise :type :not-found))
-
-      (files/check-comment-permissions! conn profile-id (:file-id cthr) share-id)
-      (upsert-comment-thread-status! conn profile-id (:id cthr)))))
-
-(def sql:upsert-comment-thread-status
-  "insert into comment_thread_status (thread_id, profile_id)
-   values (?, ?)
-       on conflict (thread_id, profile_id)
-       do update set modified_at = clock_timestamp()
-   returning modified_at;")
-
-(defn upsert-comment-thread-status!
-  [conn profile-id thread-id]
-  (db/exec-one! conn [sql:upsert-comment-thread-status thread-id profile-id]))
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)
+      (upsert-comment-thread-status! conn profile-id id))))


 ;; --- COMMAND: Update Comment Thread

 (s/def ::is-resolved ::us/boolean)
 (s/def ::update-comment-thread
-  (s/keys :req-un [::profile-id ::id ::is-resolved]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id ::is-resolved]
          :opt-un [::share-id]))

 (sv/defmethod ::update-comment-thread
  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id is-resolved share-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id is-resolved share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [thread (db/get-by-id conn :comment-thread id {:for-update true})]
-      (when-not thread
-        (ex/raise :type :not-found))
-
-      (files/check-comment-permissions! conn profile-id (:file-id thread) share-id)
-
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)
      (db/update! conn :comment-thread
                  {:is-resolved is-resolved}
                  {:id id})
@@ -360,158 +401,149 @@

 ;; --- COMMAND: Add Comment

+(declare get-comment-thread)
 (declare create-comment)

 (s/def ::create-comment
-  (s/keys :req-un [::profile-id ::thread-id ::content]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::thread-id ::content]
          :opt-un [::share-id]))

 (sv/defmethod ::create-comment
  {::doc/added "1.15"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at thread-id share-id content] :as params}]
  (db/with-atomic [conn pool]
-    (create-comment conn params)))
+    (let [{:keys [file-id page-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)
+          {:keys [team-id project-id page-name] :as file} (get-file conn file-id page-id)]

-(defn create-comment
-  [conn {:keys [profile-id thread-id content share-id] :as params}]
-  (let [thread (-> (db/get-by-id conn :comment-thread thread-id {:for-update true})
-                   (decode-row))
-        pname  (retrieve-page-name conn thread)]
+      (files/check-comment-permissions! conn profile-id (:id file) share-id)
+      (quotes/check-quote! conn
+                           {::quotes/id ::quotes/comments-per-file
+                            ::quotes/profile-id profile-id
+                            ::quotes/team-id team-id
+                            ::quotes/project-id project-id
+                            ::quotes/file-id (:id file)})

-    ;; Standard Checks
-    (when-not thread (ex/raise :type :not-found))
+      ;; Update the page-name cached attribute on comment thread table.
+      (when (not= page-name (:page-name thread))
+        (db/update! conn :comment-thread
+                    {:page-name page-name}
+                    {:id thread-id}))

-    ;; Permission Checks
-    (files/check-comment-permissions! conn profile-id (:file-id thread) share-id)
+      (let [comment (db/insert! conn :comment
+                                {:id (uuid/next)
+                                 :created-at request-at
+                                 :modified-at request-at
+                                 :thread-id thread-id
+                                 :owner-id profile-id
+                                 :content content})
+            props    {:file-id file-id
+                      :share-id nil}]

-    ;; Update the page-name cachedattribute on comment thread table.
-    (when (not= pname (:page-name thread))
-      (db/update! conn :comment-thread
-                  {:page-name pname}
-                  {:id thread-id}))
+        ;; Update thread modified-at attribute and assoc the current
+        ;; profile to the participant set.
+        (db/update! conn :comment-thread
+                    {:modified-at request-at
+                     :participants (-> (:participants thread #{})
+                                       (conj profile-id)
+                                       (db/tjson))}
+                    {:id thread-id})

-    ;; NOTE: is important that all timestamptz related fields are
-    ;; created or updated on the database level for avoid clock
-    ;; inconsistencies (some user sees something read that is not
-    ;; read, etc...)
-    (let [ppants  (:participants thread #{})
-          comment (db/insert! conn :comment
-                              {:thread-id thread-id
-                               :owner-id profile-id
-                               :content content})]
+        ;; Update the current profile status in relation to the
+        ;; current thread.
+        (upsert-comment-thread-status! conn profile-id thread-id request-at)

-      ;; NOTE: this is done in SQL instead of using db/update!
-      ;; helper because currently the helper does not allow pass raw
-      ;; function call parameters to the underlying prepared
-      ;; statement; in a future when we fix/improve it, this can be
-      ;; changed to use the helper.
-
-      ;; Update thread modified-at attribute and assoc the current
-      ;; profile to the participant set.
-      (let [ppants (conj ppants profile-id)
-            sql    "update comment_thread
-                         set modified_at = clock_timestamp(),
-                             participants = ?
-                       where id = ?"]
-        (db/exec-one! conn [sql (db/tjson ppants) thread-id]))
-
-      ;; Update the current profile status in relation to the
-      ;; current thread.
-      (upsert-comment-thread-status! conn profile-id thread-id)
-
-      ;; Return the created comment object.
-      comment)))
+        (vary-meta comment assoc ::audit/props props)))))

 ;; --- COMMAND: Update Comment

-(declare update-comment)
-
 (s/def ::update-comment
-  (s/keys :req-un [::profile-id ::id ::content]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id ::content]
          :opt-un [::share-id]))

 (sv/defmethod ::update-comment
  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at id share-id content] :as params}]
  (db/with-atomic [conn pool]
-    (update-comment conn params)))
+    (let [{:keys [thread-id] :as comment} (get-comment conn id ::db/for-update? true)
+          {:keys [file-id page-id owner-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)]

-(defn update-comment
-  [conn {:keys [profile-id id content share-id] :as params}]
-  (let [comment (db/get-by-id conn :comment id {:for-update true})
-        _       (when-not comment (ex/raise :type :not-found))
-        thread  (db/get-by-id conn :comment-thread (:thread-id comment) {:for-update true})
-        _       (when-not thread (ex/raise :type :not-found))
-        pname   (retrieve-page-name conn thread)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)

-    (files/check-comment-permissions! conn profile-id (:file-id thread) share-id)
+      ;; Don't allow edit comments to not owners
+      (when-not (= owner-id profile-id)
+        (ex/raise :type :validation
+                  :code :not-allowed))

-    ;; Don't allow edit comments to not owners
-    (when-not (= (:owner-id thread) profile-id)
-      (ex/raise :type :validation
-                :code :not-allowed))
-
-    (db/update! conn :comment
-                {:content content
-                 :modified-at (dt/now)}
-                {:id (:id comment)})
-
-    (db/update! conn :comment-thread
-                {:modified-at (dt/now)
-                 :page-name pname}
-                {:id (:id thread)})
-    nil))
+      (let [{:keys [page-name] :as file} (get-file conn file-id page-id)]
+        (db/update! conn :comment
+                    {:content content
+                     :modified-at request-at}
+                    {:id id})

+        (db/update! conn :comment-thread
+                    {:modified-at request-at
+                     :page-name page-name}
+                    {:id thread-id})
+        nil))))

 ;; --- COMMAND: Delete Comment Thread

 (s/def ::delete-comment-thread
-  (s/keys :req-un [::profile-id ::id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]
+          :opt-un [::share-id]))

 (sv/defmethod ::delete-comment-thread
  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [thread (db/get-by-id conn :comment-thread id {:for-update true})]
-      (when-not (= (:owner-id thread) profile-id)
+    (let [{:keys [owner-id file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)
+      (when-not (= owner-id profile-id)
        (ex/raise :type :validation
                  :code :not-allowed))
+
      (db/delete! conn :comment-thread {:id id})
      nil)))

-
 ;; --- COMMAND: Delete comment

 (s/def ::delete-comment
-  (s/keys :req-un [::profile-id ::id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]
+          :opt-un [::share-id]))

 (sv/defmethod ::delete-comment
-  {::doc/added "1.15"
-   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [profile-id id] :as params}]
+  {::doc/added "1.15"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [comment (db/get-by-id conn :comment id {:for-update true})]
-      (when-not (= (:owner-id comment) profile-id)
+    (let [{:keys [owner-id thread-id] :as comment} (get-comment conn id ::db/for-update? true)
+          {:keys [file-id] :as thread} (get-comment-thread conn thread-id)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)
+      (when-not (= owner-id profile-id)
        (ex/raise :type :validation
                  :code :not-allowed))
-
      (db/delete! conn :comment {:id id}))))

+
 ;; --- COMMAND: Update comment thread position

 (s/def ::update-comment-thread-position
-  (s/keys :req-un [::profile-id ::id ::position ::frame-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id ::position ::frame-id]
          :opt-un [::share-id]))

 (sv/defmethod ::update-comment-thread-position
  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id position frame-id share-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id position frame-id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [thread (db/get-by-id conn :comment-thread id {:for-update true})]
-      (files/check-comment-permissions! conn profile-id (:file-id thread) share-id)
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)
      (db/update! conn :comment-thread
-                  {:modified-at (dt/now)
+                  {:modified-at (::rpc/request-at params)
                   :position (db/pgpoint position)
                   :frame-id frame-id}
                  {:id (:id thread)})
@@ -520,17 +552,18 @@
 ;; --- COMMAND: Update comment frame

 (s/def ::update-comment-thread-frame
-  (s/keys :req-un [::profile-id ::id ::frame-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id ::frame-id]
          :opt-un [::share-id]))

 (sv/defmethod ::update-comment-thread-frame
  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id frame-id share-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id frame-id share-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [thread (db/get-by-id conn :comment-thread id {:for-update true})]
-      (files/check-comment-permissions! conn profile-id (:file-id thread) share-id)
+    (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
+      (files/check-comment-permissions! conn profile-id file-id share-id)
      (db/update! conn :comment-thread
-                  {:modified-at (dt/now)
+                  {:modified-at (::rpc/request-at params)
                   :frame-id frame-id}
-                  {:id (:id thread)})
+                  {:id id})
      nil)))
--- a/backend/src/app/rpc/commands/demo.clj
+++ b/backend/src/app/rpc/commands/demo.clj
@@ -8,11 +8,11 @@
  "A demo specific mutations."
  (:require
   [app.common.exceptions :as ex]
-   [app.common.uuid :as uuid]
   [app.config :as cf]
   [app.db :as db]
   [app.loggers.audit :as audit]
-   [app.rpc.commands.auth :as cmd.auth]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.auth :as auth]
   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
   [app.util.time :as dt]
@@ -26,35 +26,34 @@
  "A command that is responsible of creating a demo purpose
  profile. It only works if the `demo-users` flag is enabled in the
  configuration."
-  {:auth false
+  {::rpc/auth false
   ::doc/added "1.15"
   ::doc/changes ["1.15" "This method is migrated from mutations to commands."]}
-  [{:keys [pool] :as cfg} _]
-  (let [id       (uuid/next)
-        sem      (System/currentTimeMillis)
+  [{:keys [::db/pool] :as cfg} _]
+
+  (when-not (contains? cf/flags :demo-users)
+    (ex/raise :type :validation
+              :code :demo-users-not-allowed
+              :hint "Demo users are disabled by config."))
+
+  (let [sem      (System/currentTimeMillis)
        email    (str "demo-" sem ".demo@example.com")
        fullname (str "Demo User " sem)
+
        password (-> (bn/random-bytes 16)
                     (bc/bytes->b64u)
                     (bc/bytes->str))
-        params   {:id id
-                  :email email
+
+        params   {:email email
                  :fullname fullname
                  :is-active true
                  :deleted-at (dt/in-future cf/deletion-delay)
                  :password password
-                  :props {}
-                  }]
-
-    (when-not (contains? cf/flags :demo-users)
-      (ex/raise :type :validation
-                :code :demo-users-not-allowed
-                :hint "Demo users are disabled by config."))
+                  :props {}}]

    (db/with-atomic [conn pool]
-      (->> (cmd.auth/create-profile conn params)
-           (cmd.auth/create-profile-relations conn))
-
-      (with-meta {:email email
-                  :password password}
-        {::audit/profile-id id}))))
+      (let [profile (->> (auth/create-profile! conn params)
+                         (auth/create-profile-rels! conn))]
+        (with-meta {:email email
+                    :password password}
+          {::audit/profile-id (:id profile)})))))
--- a/backend/src/app/rpc/commands/feedback.clj
+++ b/backend/src/app/rpc/commands/feedback.clj
@@ -0,0 +1,56 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.feedback
+  "A general purpose feedback module."
+  (:require
+   [app.common.exceptions :as ex]
+   [app.common.spec :as us]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.emails :as eml]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.profile :as profile]
+   [app.rpc.doc :as-alias doc]
+   [app.util.services :as sv]
+   [clojure.spec.alpha :as s]))
+
+(declare ^:private send-feedback!)
+
+(s/def ::content ::us/string)
+(s/def ::from    ::us/email)
+(s/def ::subject ::us/string)
+
+(s/def ::send-user-feedback
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::subject
+                   ::content]))
+
+(sv/defmethod ::send-user-feedback
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id] :as params}]
+  (when-not (contains? cf/flags :user-feedback)
+    (ex/raise :type :restriction
+              :code :feedback-disabled
+              :hint "feedback not enabled"))
+
+  (let [profile (profile/get-profile pool profile-id)]
+    (send-feedback! pool profile params)
+    nil))
+
+(defn- send-feedback!
+  [pool profile params]
+  (let [dest (cf/get :feedback-destination)]
+    (eml/send! {::eml/conn pool
+                ::eml/factory eml/feedback
+                :from     dest
+                :to       dest
+                :profile  profile
+                :reply-to (:email profile)
+                :email    (:email profile)
+                :subject  (:subject params)
+                :content  (:content params)})
+    nil))
--- a/backend/src/app/rpc/commands/files.clj
+++ b/backend/src/app/rpc/commands/files.clj
@@ -15,17 +15,19 @@
   [app.common.spec :as us]
   [app.common.types.file :as ctf]
   [app.common.types.shape-tree :as ctt]
+   [app.config :as cf]
   [app.db :as db]
   [app.db.sql :as sql]
+   [app.loggers.audit :as-alias audit]
   [app.loggers.webhooks :as-alias webhooks]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.files.thumbnails :as-alias thumbs]
+   [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
   [app.rpc.cond :as-alias cond]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
   [app.rpc.permissions :as perms]
-   [app.rpc.queries.projects :as projects]
-   [app.rpc.queries.share-link :refer [retrieve-share-link]]
-   [app.rpc.queries.teams :as teams]
   [app.util.blob :as blob]
   [app.util.pointer-map :as pmap]
   [app.util.services :as sv]
@@ -41,7 +43,13 @@
    "storage/pointer-map"
    "components/v2"})

-(def default-features #{})
+(def default-features
+  (cond-> #{}
+    (contains? cf/flags :fdata-storage-pointer-map)
+    (conj "storage/pointer-map")
+
+    (contains? cf/flags :fdata-storage-objects-map)
+    (conj "storage/objects-map")))

 ;; --- SPECS

@@ -51,7 +59,6 @@
 (s/def ::id ::us/uuid)
 (s/def ::is-shared ::us/boolean)
 (s/def ::name ::us/string)
-(s/def ::profile-id ::us/uuid)
 (s/def ::project-id ::us/uuid)
 (s/def ::search-term ::us/string)
 (s/def ::team-id ::us/uuid)
@@ -120,7 +127,9 @@

  ([conn profile-id file-id share-id]
   (let [perms  (get-permissions conn profile-id file-id)
-         ldata  (retrieve-share-link conn file-id share-id)]
+         ldata  (some-> (db/get* conn :share-link {:id share-id :file-id file-id})
+                        (dissoc :flags)
+                        (update :pages db/decode-pgarray #{}))]

     ;; NOTE: in a future when share-link becomes more powerful and
     ;; will allow us specify which parts of the app is available, we
@@ -150,11 +159,14 @@
 (def check-read-permissions!
  (perms/make-check-fn has-read-permissions?))

-;; A user has comment permissions if she has read permissions, or comment permissions
+;; A user has comment permissions if she has read permissions, or
+;; explicit comment permissions through the share-id
+
 (defn check-comment-permissions!
  [conn profile-id file-id share-id]
-  (let [can-read (has-read-permissions? conn profile-id file-id)
-        can-comment  (has-comment-permissions? conn profile-id file-id share-id)]
+  (let [perms       (get-permissions conn profile-id file-id share-id)
+        can-read    (has-read-permissions? perms)
+        can-comment (has-comment-permissions? perms)]
    (when-not (or can-read can-comment)
      (ex/raise :type :not-found
                :code :object-not-found
@@ -185,7 +197,7 @@
  (let [row (db/get conn :file-data-fragment
                    {:id id :file-id file-id}
                    {:columns [:content]
-                     :check-deleted? false})]
+                     ::db/check-deleted? false})]
    (blob/decode (:content row))))

 (defn persist-pointers!
@@ -240,7 +252,6 @@
  [conn id client-features]
  ;; here we check if client requested features are supported
  (check-features-compatibility! client-features)
-
  (binding [pmap/*load-fn* (partial load-pointer conn id)]
    (-> (db/get-by-id conn :file id)
        (decode-row)
@@ -248,7 +259,7 @@
        (handle-file-features client-features))))

 (defn get-minimal-file
-  [{:keys [pool] :as cfg} id]
+  [{:keys [::db/pool] :as cfg} id]
  (db/get pool :file {:id id} {:columns [:id :modified-at :revn]}))

 (defn get-file-etag
@@ -256,7 +267,8 @@
  (str (dt/format-instant modified-at :iso) "-" revn))

 (s/def ::get-file
-  (s/keys :req-un [::profile-id ::id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]
          :opt-un [::features]))

 (sv/defmethod ::get-file
@@ -264,7 +276,7 @@
  {::doc/added "1.17"
   ::cond/get-object #(get-minimal-file %1 (:id %2))
   ::cond/key-fn get-file-etag}
-  [{:keys [pool] :as cfg} {:keys [profile-id id features] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id features]}]
  (with-open [conn (db/open pool)]
    (let [perms (get-permissions conn profile-id id)]
      (check-read-permissions! perms)
@@ -285,13 +297,14 @@

 (s/def ::get-file-fragment
  (s/keys :req-un [::file-id ::fragment-id]
-          :opt-un [::share-id ::profile-id]))
+          :opt [::rpc/profile-id]
+          :opt-un [::share-id]))

 (sv/defmethod ::get-file-fragment
  "Retrieve a file by its ID. Only authenticated users."
  {::doc/added "1.17"
-   :auth false}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id fragment-id share-id] :as params}]
+   ::rpc/:auth false}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id fragment-id share-id] }]
  (with-open [conn (db/open pool)]
    (let [perms (get-permissions conn profile-id file-id share-id)]
      (check-read-permissions! perms)
@@ -319,7 +332,7 @@
          (d/index-by :object-id :data)))))

 (s/def ::get-file-object-thumbnails
-  (s/keys :req-un [::profile-id ::file-id]))
+  (s/keys :req [::rpc/profile-id] :req-un [::file-id]))

 (sv/defmethod ::get-file-object-thumbnails
  "Retrieve a file object thumbnails."
@@ -327,7 +340,7 @@
   ::cond/get-object #(get-minimal-file %1 (:file-id %2))
   ::cond/reuse-key? true
   ::cond/key-fn get-file-etag}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-object-thumbnails conn file-id)))
@@ -349,7 +362,7 @@
    order by f.modified_at desc")

 (s/def ::get-project-files
-  (s/keys :req-un [::profile-id ::project-id]))
+  (s/keys :req [::rpc/profile-id] :req-un [::project-id]))

 (defn get-project-files
  [conn project-id]
@@ -358,7 +371,7 @@
 (sv/defmethod ::get-project-files
  "Get all files for the specified project."
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id]}]
  (with-open [conn (db/open pool)]
    (projects/check-read-permissions! conn profile-id project-id)
    (get-project-files conn project-id)))
@@ -369,18 +382,18 @@
 (declare get-has-file-libraries)

 (s/def ::file-id ::us/uuid)
-(s/def ::profile-id ::us/uuid)

 (s/def ::has-file-libraries
-  (s/keys :req-un [::profile-id ::file-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id]))

 (sv/defmethod ::has-file-libraries
  "Checks if the file has libraries. Returns a boolean"
  {::doc/added "1.15.1"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! pool profile-id file-id)
-    (get-has-file-libraries conn params)))
+    (get-has-file-libraries conn file-id)))

 (def ^:private sql:has-file-libraries
  "SELECT COUNT(*) > 0 AS has_libraries
@@ -391,7 +404,7 @@
           fl.deleted_at > now())")

 (defn- get-has-file-libraries
-  [conn {:keys [file-id]}]
+  [conn file-id]
  (let [row (db/exec-one! conn [sql:has-file-libraries file-id])]
    (:has-libraries row)))

@@ -425,7 +438,8 @@
 (s/def ::object-id ::us/uuid)
 (s/def ::get-page
  (s/and
-   (s/keys :req-un [::profile-id ::file-id]
+   (s/keys :req [::rpc/profile-id]
+           :req-un [::file-id]
           :opt-un [::page-id ::object-id ::features])
   (fn [obj]
     (if (contains? obj :object-id)
@@ -443,7 +457,7 @@

  Mainly used for rendering purposes."
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-page conn params)))
@@ -469,37 +483,36 @@
    order by f.modified_at desc")

 (defn get-team-shared-files
-  [conn {:keys [team-id] :as params}]
-  (let [assets-sample
-        (fn [assets limit]
-          (let [sorted-assets (->> (vals assets)
-                                   (sort-by #(str/lower (:name %))))]
+  [conn team-id]
+  (letfn [(assets-sample [assets limit]
+            (let [sorted-assets (->> (vals assets)
+                                     (sort-by #(str/lower (:name %))))]
+              {:count (count sorted-assets)
+               :sample (into [] (take limit sorted-assets))}))

-            {:count (count sorted-assets)
-             :sample (into [] (take limit sorted-assets))}))
+          (library-summary [{:keys [id data] :as file}]
+            (binding [pmap/*load-fn* (partial load-pointer conn id)]
+              {:components (assets-sample (:components data) 4)
+               :colors (assets-sample (:colors data) 3)
+               :typographies (assets-sample (:typographies data) 3)}))]

-        library-summary
-        (fn [data]
-          {:components (assets-sample (:components data) 4)
-           :colors (assets-sample (:colors data) 3)
-           :typographies (assets-sample (:typographies data) 3)})
-
-        xform (comp
-               (map decode-row)
-               (map #(assoc % :library-summary (library-summary (:data %))))
-               (map #(dissoc % :data)))]
-
-    (into #{} xform (db/exec! conn [sql:team-shared-files team-id]))))
+    (->> (db/exec! conn [sql:team-shared-files team-id])
+         (into #{} (comp
+                    (map decode-row)
+                    (map #(assoc % :library-summary (library-summary %)))
+                    (map #(dissoc % :data)))))))

 (s/def ::get-team-shared-files
-  (s/keys :req-un [::profile-id ::team-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))

 (sv/defmethod ::get-team-shared-files
  "Get all file (libraries) for the specified team."
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
  (with-open [conn (db/open pool)]
-    (get-team-shared-files conn params)))
+    (teams/check-read-permissions! conn profile-id team-id)
+    (get-team-shared-files conn team-id)))


 ;; --- COMMAND QUERY: get-file-libraries
@@ -533,21 +546,24 @@
  [conn file-id client-features]
  (check-features-compatibility! client-features)
  (->> (db/exec! conn [sql:file-libraries file-id])
-       (mapv (fn [{:keys [id] :as row}]
-               (binding [pmap/*load-fn* (partial load-pointer conn id)]
-                 (-> (decode-row row)
-                     (assoc :is-indirect false)
-                     (update :data dissoc :pages-index)
-                     (handle-file-features client-features)))))))
+       (map decode-row)
+       (map #(assoc % :is-indirect false))
+       (map (fn [{:keys [id] :as row}]
+              (binding [pmap/*load-fn* (partial load-pointer conn id)]
+                (-> row
+                    (update :data dissoc :pages-index)
+                    (handle-file-features client-features)))))
+       (vec)))

 (s/def ::get-file-libraries
-  (s/keys :req-un [::profile-id ::file-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id]
          :opt-un [::features]))

 (sv/defmethod ::get-file-libraries
  "Get libraries used by the specified file."
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id features] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id features]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-file-libraries conn file-id features)))
@@ -568,17 +584,16 @@
  (db/exec! conn [sql:library-using-files file-id]))

 (s/def ::get-library-file-references
-  (s/keys :req-un [::profile-id ::file-id]))
+  (s/keys :req [::rpc/profile-id] :req-un [::file-id]))

 (sv/defmethod ::get-library-file-references
  "Returns all the file references that use specified file (library) id."
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (get-library-file-references conn file-id)))

-
 ;; --- COMMAND QUERY: get-team-recent-files

 (def sql:team-recent-files
@@ -606,11 +621,12 @@
  (db/exec! conn [sql:team-recent-files team-id]))

 (s/def ::get-team-recent-files
-  (s/keys :req-un [::profile-id ::team-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))

 (sv/defmethod ::get-team-recent-files
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
  (with-open [conn (db/open pool)]
    (teams/check-read-permissions! conn profile-id team-id)
    (get-team-recent-files conn team-id)))
@@ -638,12 +654,13 @@
 (s/def ::revn ::us/integer)

 (s/def ::get-file-thumbnail
-  (s/keys :req-un [::profile-id ::file-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id]
          :opt-un [::revn]))

 (sv/defmethod ::get-file-thumbnail
  {::doc/added "1.17"}
-  [{:keys [pool]} {:keys [profile-id file-id revn]}]
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id file-id revn]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
    (-> (get-file-thumbnail conn file-id revn)
@@ -705,46 +722,52 @@

                objects)))]

-    (let [frame     (get-thumbnail-frame data)
-          frame-id  (:id frame)
-          page-id   (or (:page-id frame)
-                        (-> data :pages first))
+    (binding [pmap/*load-fn* (partial load-pointer conn id)]
+      (let [frame     (get-thumbnail-frame data)
+            frame-id  (:id frame)
+            page-id   (or (:page-id frame)
+                          (-> data :pages first))

-          page      (dm/get-in data [:pages-index page-id])
-          frame-ids (if (some? frame) (list frame-id) (map :id (ctt/get-frames (:objects page))))
+            page      (dm/get-in data [:pages-index page-id])
+            page      (cond-> page (pmap/pointer-map? page) deref)
+            frame-ids (if (some? frame) (list frame-id) (map :id (ctt/get-frames (:objects page))))

-          obj-ids   (map #(str page-id %) frame-ids)
-          thumbs    (get-object-thumbnails conn id obj-ids)]
+            obj-ids   (map #(str page-id %) frame-ids)
+            thumbs    (get-object-thumbnails conn id obj-ids)]

-      (cond-> page
-        ;; If we have frame, we need to specify it on the page level
-        ;; and remove the all other unrelated objects.
-        (some? frame-id)
-        (-> (assoc :thumbnail-frame-id frame-id)
-            (update :objects filter-objects frame-id))
+        (cond-> page
+          ;; If we have frame, we need to specify it on the page level
+          ;; and remove the all other unrelated objects.
+          (some? frame-id)
+          (-> (assoc :thumbnail-frame-id frame-id)
+              (update :objects filter-objects frame-id))

-        ;; Assoc the available thumbnails and prune not visible shapes
-        ;; for avoid transfer unnecessary data.
-        :always
-        (update :objects assoc-thumbnails page-id thumbs)))))
+          ;; Assoc the available thumbnails and prune not visible shapes
+          ;; for avoid transfer unnecessary data.
+          :always
+          (update :objects assoc-thumbnails page-id thumbs))))))

 (s/def ::get-file-data-for-thumbnail
-  (s/keys :req-un [::profile-id ::file-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id]
          :opt-un [::features]))

 (sv/defmethod ::get-file-data-for-thumbnail
  "Retrieves the data for generate the thumbnail of the file. Used
  mainly for render thumbnails on dashboard."
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id features] :as props}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id features] :as props}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id file-id)
-    (let [file (get-file conn file-id features)]
+    ;; NOTE: we force here the "storage/pointer-map" feature, because
+    ;; it used internally only and is independent if user supports it
+    ;; or not.
+    (let [feat (into #{"storage/pointer-map"} features)
+          file (get-file conn file-id feat)]
      {:file-id file-id
       :revn (:revn file)
       :page (get-file-data-for-thumbnail conn file)})))

-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; MUTATION COMMANDS
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -752,24 +775,28 @@
 ;; --- MUTATION COMMAND: rename-file

 (defn rename-file
-  [conn {:keys [id name] :as params}]
-  (-> (db/update! conn :file
-                  {:name name
-                   :modified-at (dt/now)}
-                  {:id id})
-      (select-keys [:id :name :created-at :modified-at])))
+  [conn {:keys [id name]}]
+  (db/update! conn :file
+              {:name name
+               :modified-at (dt/now)}
+              {:id id}))

 (s/def ::rename-file
-  (s/keys :req-un [::profile-id ::name ::id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::name ::id]))

 (sv/defmethod ::rename-file
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id id)
-    (rename-file conn params)))
-
+    (let [file (rename-file conn params)]
+      (rph/with-meta
+        (select-keys file [:id :name :created-at :modified-at])
+        {::audit/props {:project-id (:project-id file)
+                        :created-at (:created-at file)
+                        :modified-at (:modified-at file)}}))))

 ;; --- MUTATION COMMAND: set-file-shared

@@ -779,10 +806,9 @@

 (defn set-file-shared
  [conn {:keys [id is-shared] :as params}]
-  (-> (db/update! conn :file
-                  {:is-shared is-shared}
-                  {:id id})
-      (select-keys [:id :name :is-shared])))
+  (db/update! conn :file
+              {:is-shared is-shared}
+              {:id id}))

 (defn absorb-library
  "Find all files using a shared library, and absorb all library assets
@@ -793,7 +819,7 @@
      (let [ldata (-> library decode-row pmg/migrate-file :data)]
        (->> (db/query conn :file-library-rel {:library-file-id id})
             (map :file-id)
-             (keep #(db/get-by-id conn :file % {:check-deleted? false}))
+             (keep #(db/get-by-id conn :file % ::db/check-deleted? false))
             (map decode-row)
             (map pmg/migrate-file)
             (run! (fn [{:keys [id data revn] :as file}]
@@ -805,19 +831,25 @@
                                   {:id id})))))))))

 (s/def ::set-file-shared
-  (s/keys :req-un [::profile-id ::id ::is-shared]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id ::is-shared]))

 (sv/defmethod ::set-file-shared
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [id profile-id is-shared] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id is-shared] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id id)
    (when-not is-shared
      (absorb-library conn params)
      (unlink-files conn params))
-    (set-file-shared conn params)))

+    (let [file (set-file-shared conn params)]
+      (rph/with-meta
+        (select-keys file [:id :name :is-shared])
+        {::audit/props {:name (:name file)
+                        :project-id (:project-id file)
+                        :is-shared (:is-shared file)}}))))

 ;; --- MUTATION COMMAND: delete-file

@@ -825,20 +857,26 @@
  [conn {:keys [id] :as params}]
  (db/update! conn :file
              {:deleted-at (dt/now)}
-              {:id id})
-  nil)
+              {:id id}))

 (s/def ::delete-file
-  (s/keys :req-un [::id ::profile-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]))

 (sv/defmethod ::delete-file
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id id)
    (absorb-library conn params)
-    (mark-file-deleted conn params)))
+    (let [file (mark-file-deleted conn params)]
+
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:project-id (:project-id file)
+                        :name (:name file)
+                        :created-at (:created-at file)
+                        :modified-at (:modified-at file)}}))))

 ;; --- MUTATION COMMAND: link-file-to-library

@@ -852,12 +890,13 @@
  (db/exec-one! conn [sql:link-file-to-library file-id library-id]))

 (s/def ::link-file-to-library
-  (s/keys :req-un [::profile-id ::file-id ::library-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::library-id]))

 (sv/defmethod ::link-file-to-library
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id library-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id library-id] :as params}]
  (when (= file-id library-id)
    (ex/raise :type :validation
              :code :invalid-library
@@ -870,18 +909,19 @@
 ;; --- MUTATION COMMAND: unlink-file-from-library

 (defn unlink-file-from-library
-  [conn {:keys [file-id library-id] :as params}]
+  [conn {:keys [file-id library-id]}]
  (db/delete! conn :file-library-rel
              {:file-id file-id
               :library-file-id library-id}))

 (s/def ::unlink-file-from-library
-  (s/keys :req-un [::profile-id ::file-id ::library-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::library-id]))

 (sv/defmethod ::unlink-file-from-library
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (unlink-file-from-library conn params)))
@@ -897,14 +937,15 @@
               :library-file-id library-id}))

 (s/def ::update-file-library-sync-status
-  (s/keys :req-un [::profile-id ::file-id ::library-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::library-id]))

 ;; TODO: improve naming

 (sv/defmethod ::update-file-library-sync-status
  "Update the synchronization statos of a file->library link"
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (update-sync conn params)))
@@ -919,16 +960,18 @@
              {:id file-id}))

 (s/def ::ignore-file-library-sync-status
-  (s/keys :req-un [::profile-id ::file-id ::date]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::date]))

 ;; TODO: improve naming
 (sv/defmethod ::ignore-file-library-sync-status
  "Ignore updates in linked files"
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
-    (ignore-sync conn params)))
+    (->  (ignore-sync conn params)
+         (update :features db/decode-pgarray #{}))))


 ;; --- MUTATION COMMAND: upsert-file-object-thumbnail
@@ -948,11 +991,13 @@
 (s/def ::data (s/nilable ::us/string))
 (s/def ::thumbs/object-id ::us/string)
 (s/def ::upsert-file-object-thumbnail
-  (s/keys :req-un [::profile-id ::file-id ::thumbs/object-id ::data]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::thumbs/object-id]
+          :opt-un [::data]))

 (sv/defmethod ::upsert-file-object-thumbnail
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (upsert-file-object-thumbnail! conn params)
@@ -975,13 +1020,14 @@
 (s/def ::revn ::us/integer)
 (s/def ::props map?)
 (s/def ::upsert-file-thumbnail
-  (s/keys :req-un [::profile-id ::file-id ::revn ::data ::props]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::revn ::data ::props]))

 (sv/defmethod ::upsert-file-thumbnail
  "Creates or updates the file thumbnail. Mainly used for paint the
  grid thumbnails."
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (check-edition-permissions! conn profile-id file-id)
    (upsert-file-thumbnail conn params)
--- a/backend/src/app/rpc/commands/files_create.clj
+++ b/backend/src/app/rpc/commands/files_create.clj
@@ -4,7 +4,7 @@
 ;;
 ;; Copyright (c) KALEIDOS INC

-(ns app.rpc.commands.files.create
+(ns app.rpc.commands.files-create
  (:require
   [app.common.data :as d]
   [app.common.files.features :as ffeat]
@@ -13,10 +13,12 @@
   [app.db :as db]
   [app.loggers.audit :as-alias audit]
   [app.loggers.webhooks :as-alias webhooks]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.files :as files]
+   [app.rpc.commands.projects :as projects]
   [app.rpc.doc :as-alias doc]
   [app.rpc.permissions :as perms]
-   [app.rpc.queries.projects :as proj]
+   [app.rpc.quotes :as quotes]
   [app.util.blob :as blob]
   [app.util.objects-map :as omap]
   [app.util.pointer-map :as pmap]
@@ -68,8 +70,8 @@
    (files/decode-row file)))

 (s/def ::create-file
-  (s/keys :req-un [::files/profile-id
-                   ::files/name
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::files/name
                   ::files/project-id]
          :opt-un [::files/id
                   ::files/is-shared
@@ -78,10 +80,17 @@
 (sv/defmethod ::create-file
  {::doc/added "1.17"
   ::webhooks/event? true}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
  (db/with-atomic [conn pool]
-    (proj/check-edition-permissions! conn profile-id project-id)
-    (let [team-id (files/get-team-id conn project-id)]
+    (projects/check-edition-permissions! conn profile-id project-id)
+    (let [team-id (files/get-team-id conn project-id)
+          params  (assoc params :profile-id profile-id)]
+
+      (run! (partial quotes/check-quote! conn)
+            (list {::quotes/id ::quotes/files-per-project
+                   ::quotes/team-id team-id
+                   ::quotes/profile-id profile-id
+                   ::quotes/project-id project-id}))
+
      (-> (create-file conn params)
          (vary-meta assoc ::audit/props {:team-id team-id})))))
-
--- a/backend/src/app/rpc/commands/files_share.clj
+++ b/backend/src/app/rpc/commands/files_share.clj
@@ -0,0 +1,71 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.files-share
+  "Share link related rpc mutation methods."
+  (:require
+   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
+   [app.db :as db]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.files :as files]
+   [app.rpc.doc :as-alias doc]
+   [app.util.services :as sv]
+   [clojure.spec.alpha :as s]))
+
+;; --- Helpers & Specs
+
+(s/def ::file-id ::us/uuid)
+(s/def ::who-comment ::us/string)
+(s/def ::who-inspect ::us/string)
+(s/def ::pages (s/every ::us/uuid :kind set?))
+
+;; --- MUTATION: Create Share Link
+
+(declare create-share-link)
+
+(s/def ::create-share-link
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::who-comment ::who-inspect ::pages]))
+
+(sv/defmethod ::create-share-link
+  "Creates a share-link object.
+
+  Share links are resources that allows external users access to specific
+  pages of a file with specific permissions (who-comment and who-inspect)."
+  {::doc/added "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (files/check-edition-permissions! conn profile-id file-id)
+    (create-share-link conn (assoc params :profile-id profile-id))))
+
+(defn create-share-link
+  [conn {:keys [profile-id file-id pages who-comment who-inspect]}]
+  (let [pages (db/create-array conn "uuid" pages)
+        slink (db/insert! conn :share-link
+                          {:id (uuid/next)
+                           :file-id file-id
+                           :who-comment who-comment
+                           :who-inspect who-inspect
+                           :pages pages
+                           :owner-id profile-id})]
+
+    (update slink :pages db/decode-pgarray #{})))
+
+;; --- MUTATION: Delete Share Link
+
+(s/def ::delete-share-link
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::us/id]))
+
+(sv/defmethod ::delete-share-link
+  {::doc/added "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  (db/with-atomic [conn pool]
+    (let [slink (db/get-by-id conn :share-link id)]
+      (files/check-edition-permissions! conn profile-id (:file-id slink))
+      (db/delete! conn :share-link {:id id})
+      nil)))
--- a/backend/src/app/rpc/commands/files_temp.clj
+++ b/backend/src/app/rpc/commands/files_temp.clj
@@ -4,18 +4,19 @@
 ;;
 ;; Copyright (c) KALEIDOS INC

-(ns app.rpc.commands.files.temp
+(ns app.rpc.commands.files-temp
  (:require
   [app.common.exceptions :as ex]
   [app.common.pages :as cp]
   [app.common.spec :as us]
   [app.common.uuid :as uuid]
   [app.db :as db]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.files :as files]
-   [app.rpc.commands.files.create :as files.create]
-   [app.rpc.commands.files.update :as files.update]
+   [app.rpc.commands.files-create :refer [create-file]]
+   [app.rpc.commands.files-update :as-alias files.update]
+   [app.rpc.commands.projects :as projects]
   [app.rpc.doc :as-alias doc]
-   [app.rpc.queries.projects :as proj]
   [app.util.blob :as blob]
   [app.util.services :as sv]
   [app.util.time :as dt]
@@ -26,8 +27,8 @@
 (s/def ::create-page ::us/boolean)

 (s/def ::create-temp-file
-  (s/keys :req-un [::files/profile-id
-                   ::files/name
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::files/name
                   ::files/project-id]
          :opt-un [::files/id
                   ::files/is-shared
@@ -36,10 +37,10 @@

 (sv/defmethod ::create-temp-file
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
  (db/with-atomic [conn pool]
-    (proj/check-edition-permissions! conn profile-id project-id)
-    (files.create/create-file conn (assoc params :deleted-at (dt/in-future {:days 1})))))
+    (projects/check-edition-permissions! conn profile-id project-id)
+    (create-file conn (assoc params :profile-id profile-id :deleted-at (dt/in-future {:days 1})))))

 ;; --- MUTATION COMMAND: update-temp-file

@@ -56,16 +57,17 @@
               :changes (blob/encode changes)}))

 (s/def ::update-temp-file
-  (s/keys :req-un [::files.update/changes
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::files.update/changes
                   ::files.update/revn
                   ::files.update/session-id
                   ::files/id]))

 (sv/defmethod ::update-temp-file
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (update-temp-file conn params)
+    (update-temp-file conn (assoc params :profile-id profile-id))
    nil))

 ;; --- MUTATION COMMAND: persist-temp-file
@@ -95,12 +97,12 @@
    nil))

 (s/def ::persist-temp-file
-  (s/keys :req-un [::files/id
-                   ::files/profile-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::files/id]))

 (sv/defmethod ::persist-temp-file
  {::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id id)
    (persist-temp-file conn params)))
--- a/backend/src/app/rpc/commands/files_update.clj
+++ b/backend/src/app/rpc/commands/files_update.clj
@@ -4,7 +4,7 @@
 ;;
 ;; Copyright (c) KALEIDOS INC

-(ns app.rpc.commands.files.update
+(ns app.rpc.commands.files-update
  (:require
   [app.common.exceptions :as ex]
   [app.common.files.features :as ffeat]
@@ -17,9 +17,10 @@
   [app.config :as cf]
   [app.db :as db]
   [app.loggers.audit :as audit]
-   [app.loggers.webhooks :as-alias webhooks]
+   [app.loggers.webhooks :as webhooks]
   [app.metrics :as mtx]
   [app.msgbus :as mbus]
+   [app.rpc :as-alias rpc]
   [app.rpc.climit :as-alias climit]
   [app.rpc.commands.files :as files]
   [app.rpc.doc :as-alias doc]
@@ -52,7 +53,8 @@
 (s/def ::revn ::us/integer)
 (s/def ::update-file
  (s/and
-   (s/keys :req-un [::files/id ::files/profile-id ::session-id ::revn]
+   (s/keys :req [::rpc/profile-id]
+           :req-un [::files/id ::session-id ::revn]
           :opt-un [::changes ::changes-with-metadata ::features])
   (fn [o]
     (or (contains? o :changes)
@@ -123,30 +125,27 @@
 ;; set is different than the persisted one, update it on the
 ;; database.

-(defn webhook-batch-keyfn
-  [props]
-  (str "rpc:update-file:" (:id props)))
-
 (sv/defmethod ::update-file
  {::climit/queue :update-file
   ::climit/key-fn :id
   ::webhooks/event? true
-   ::webhooks/batch-timeout (dt/duration "2s")
-   ::webhooks/batch-key webhook-batch-keyfn
+   ::webhooks/batch-timeout (dt/duration "2m")
+   ::webhooks/batch-key (webhooks/key-fn ::rpc/profile-id :id)
   ::doc/added "1.17"}
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id id)
    (db/xact-lock! conn id)

    (let [cfg    (assoc cfg :conn conn)
+          params (assoc params :profile-id profile-id)
          tpoint (dt/tpoint)]
      (-> (update-file cfg params)
          (rph/with-defer #(let [elapsed (tpoint)]
                             (l/trace :hint "update-file" :time (dt/format-duration elapsed))))))))

 (defn update-file
-  [{:keys [conn metrics] :as cfg} {:keys [id profile-id changes changes-with-metadata] :as params}]
+  [{:keys [conn ::mtx/metrics] :as cfg} {:keys [profile-id id changes changes-with-metadata] :as params}]
  (let [file     (get-file conn id)
        features (->> (concat (:features file)
                              (:features params))
@@ -169,7 +168,18 @@
                        (->> changes-with-metadata (mapcat :changes) vec)
                        (vec changes))

-            params    (assoc params :file file :changes changes)]
+            params    (-> params
+                          (assoc :file file)
+                          (assoc :changes changes)
+                          (assoc ::created-at (dt/now)))]
+
+        (when (> (:revn params)
+                 (:revn file))
+          (ex/raise :type :validation
+                    :code :revn-conflict
+                    :hint "The incoming revision number is greater that stored version."
+                    :context {:incoming-revn (:revn params)
+                              :stored-revn (:revn file)}))

        (mtx/run! metrics {:id :update-file-changes :inc (count changes)})

@@ -181,24 +191,15 @@

        (-> (update-fn cfg params)
            (vary-meta assoc ::audit/replace-props
-                       {:id (:id file)
-                        :name (:name file)
-                        :features (:features file)
+                       {:id         (:id file)
+                        :name       (:name file)
+                        :features   (:features file)
                        :project-id (:project-id file)
                        :team-id    (:team-id file)}))))))

 (defn- update-file*
-  [{:keys [conn] :as cfg} {:keys [file changes session-id profile-id] :as params}]
-  (when (> (:revn params)
-           (:revn file))
-    (ex/raise :type :validation
-              :code :revn-conflict
-              :hint "The incoming revision number is greater that stored version."
-              :context {:incoming-revn (:revn params)
-                        :stored-revn (:revn file)}))
-
-  (let [ts   (dt/now)
-        file (-> file
+  [{:keys [conn] :as cfg} {:keys [profile-id file changes session-id ::created-at] :as params}]
+  (let [file (-> file
                 (update :revn inc)
                 (update :data (fn [data]
                                 (cond-> data
@@ -218,7 +219,7 @@
                {:id (uuid/next)
                 :session-id session-id
                 :profile-id profile-id
-                 :created-at ts
+                 :created-at created-at
                 :file-id (:id file)
                 :revn (:revn file)
                 :features (db/create-array conn "text" (:features file))
@@ -230,12 +231,12 @@
                {:revn (:revn file)
                 :data (:data file)
                 :data-backend nil
-                 :modified-at ts
+                 :modified-at created-at
                 :has-media-trimmed false}
                {:id (:id file)})

    (db/update! conn :project
-                {:modified-at ts}
+                {:modified-at created-at}
                {:id (:project-id file)})

    (let [params (assoc params :file file)]
@@ -266,18 +267,15 @@
    order by s.created_at asc")

 (defn- get-lagged-changes
-  [conn params]
-  (->> (db/exec! conn [sql:lagged-changes (:id params) (:revn params)])
-       (into [] (comp (map files/decode-row)
-                      (map (fn [row]
-                             (cond-> row
-                               (= (:revn row) (:revn (:file params)))
-                               (assoc :changes []))))))))
+  [conn {:keys [id revn] :as params}]
+  (->> (db/exec! conn [sql:lagged-changes id revn])
+       (map files/decode-row)
+       (vec)))

 (defn- send-notifications!
  [{:keys [conn] :as cfg} {:keys [file changes session-id] :as params}]
  (let [lchanges (filter library-change? changes)
-        msgbus   (:msgbus cfg)]
+        msgbus   (::mbus/msgbus cfg)]

    ;; Asynchronously publish message to the msgbus
    (mbus/pub! msgbus
--- a/backend/src/app/rpc/commands/fonts.clj
+++ b/backend/src/app/rpc/commands/fonts.clj
@@ -0,0 +1,237 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.fonts
+  (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
+   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
+   [app.db :as db]
+   [app.loggers.audit :as-alias audit]
+   [app.loggers.webhooks :as-alias webhooks]
+   [app.media :as media]
+   [app.rpc :as-alias rpc]
+   [app.rpc.climit :as-alias climit]
+   [app.rpc.commands.files :as files]
+   [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.helpers :as rph]
+   [app.rpc.quotes :as quotes]
+   [app.storage :as sto]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [app.worker :as-alias wrk]
+   [clojure.spec.alpha :as s]
+   [promesa.core :as p]
+   [promesa.exec :as px]))
+
+(def valid-weight #{100 200 300 400 500 600 700 800 900 950})
+(def valid-style #{"normal" "italic"})
+
+(s/def ::data (s/map-of ::us/string any?))
+(s/def ::file-id ::us/uuid)
+(s/def ::font-id ::us/uuid)
+(s/def ::id ::us/uuid)
+(s/def ::name ::us/not-empty-string)
+(s/def ::project-id ::us/uuid)
+(s/def ::style valid-style)
+(s/def ::team-id ::us/uuid)
+(s/def ::team-id ::us/uuid)
+(s/def ::weight valid-weight)
+
+;; --- QUERY: Get font variants
+
+(s/def ::get-font-variants
+  (s/and
+   (s/keys :req [::rpc/profile-id]
+           :opt-un [::team-id
+                    ::file-id
+                    ::project-id])
+   (fn [o]
+     (or (contains? o :team-id)
+         (contains? o :file-id)
+         (contains? o :project-id)))))
+
+(sv/defmethod ::get-font-variants
+  {::doc/added "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id file-id project-id] :as params}]
+  (with-open [conn (db/open pool)]
+    (cond
+      (uuid? team-id)
+      (do
+        (teams/check-read-permissions! conn profile-id team-id)
+        (db/query conn :team-font-variant
+                  {:team-id team-id
+                   :deleted-at nil}))
+
+      (uuid? project-id)
+      (let [project (db/get-by-id conn :project project-id {:columns [:id :team-id]})]
+        (projects/check-read-permissions! conn profile-id project-id)
+        (db/query conn :team-font-variant
+                  {:team-id (:team-id project)
+                   :deleted-at nil}))
+
+      (uuid? file-id)
+      (let [file    (db/get-by-id conn :file file-id {:columns [:id :project-id]})
+            project (db/get-by-id conn :project (:project-id file) {:columns [:id :team-id]})]
+        (files/check-read-permissions! conn profile-id file-id)
+        (db/query conn :team-font-variant
+                  {:team-id (:team-id project)
+                   :deleted-at nil})))))
+
+
+(declare create-font-variant)
+
+(s/def ::create-font-variant
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id
+                   ::data
+                   ::font-id
+                   ::font-family
+                   ::font-weight
+                   ::font-style]))
+
+(sv/defmethod ::create-font-variant
+  {::doc/added "1.18"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (teams/check-edition-permissions! pool profile-id team-id)
+    (quotes/check-quote! pool {::quotes/id ::quotes/font-variants-per-team
+                               ::quotes/profile-id profile-id
+                               ::quotes/team-id team-id})
+    (create-font-variant cfg (assoc params :profile-id profile-id))))
+
+(defn create-font-variant
+  [{:keys [::sto/storage ::db/pool ::wrk/executor ::rpc/climit]} {:keys [data] :as params}]
+  (letfn [(generate-fonts [data]
+            (climit/with-dispatch (:process-font climit)
+              (media/run {:cmd :generate-fonts :input data})))
+
+          ;; Function responsible of calculating cryptographyc hash of
+          ;; the provided data.
+          (calculate-hash [data]
+            (px/with-dispatch executor
+              (sto/calculate-hash data)))
+
+          (validate-data [data]
+            (when (and (not (contains? data "font/otf"))
+                       (not (contains? data "font/ttf"))
+                       (not (contains? data "font/woff"))
+                       (not (contains? data "font/woff2")))
+              (ex/raise :type :validation
+                        :code :invalid-font-upload))
+            data)
+
+          (persist-font-object [data mtype]
+            (when-let [resource (get data mtype)]
+              (p/let [hash    (calculate-hash resource)
+                      content (-> (sto/content resource)
+                                  (sto/wrap-with-hash hash))]
+                (sto/put-object! storage {::sto/content content
+                                          ::sto/touched-at (dt/now)
+                                          ::sto/deduplicate? true
+                                          :content-type mtype
+                                          :bucket "team-font-variant"}))))
+
+          (persist-fonts [data]
+            (p/let [otf   (persist-font-object data "font/otf")
+                    ttf   (persist-font-object data "font/ttf")
+                    woff1 (persist-font-object data "font/woff")
+                    woff2 (persist-font-object data "font/woff2")]
+
+              (d/without-nils
+               {:otf otf
+                :ttf ttf
+                :woff1 woff1
+                :woff2 woff2})))
+
+          (insert-into-db [{:keys [woff1 woff2 otf ttf]}]
+            (db/insert! pool :team-font-variant
+                        {:id (uuid/next)
+                         :team-id (:team-id params)
+                         :font-id (:font-id params)
+                         :font-family (:font-family params)
+                         :font-weight (:font-weight params)
+                         :font-style (:font-style params)
+                         :woff1-file-id (:id woff1)
+                         :woff2-file-id (:id woff2)
+                         :otf-file-id (:id otf)
+                         :ttf-file-id (:id ttf)}))
+          ]
+
+    (->> (generate-fonts data)
+         (p/fmap validate-data)
+         (p/mcat executor persist-fonts)
+         (p/fmap executor insert-into-db)
+         (p/fmap (fn [result]
+                   (let [params (update params :data (comp vec keys))]
+                     (rph/with-meta result {::audit/replace-props params})))))))
+
+;; --- UPDATE FONT FAMILY
+
+(s/def ::update-font
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::id ::name]))
+
+(sv/defmethod ::update-font
+  {::doc/added "1.18"
+   ::webhooks/event? true}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id id name]}]
+  (db/with-atomic [conn pool]
+    (teams/check-edition-permissions! conn profile-id team-id)
+    (rph/with-meta
+      (db/update! conn :team-font-variant
+                  {:font-family name}
+                  {:font-id id
+                   :team-id team-id})
+      {::audit/replace-props {:id id
+                              :name name
+                              :team-id team-id
+                              :profile-id profile-id}})))
+
+;; --- DELETE FONT
+
+(s/def ::delete-font
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::id]))
+
+(sv/defmethod ::delete-font
+  {::doc/added "1.18"
+   ::webhooks/event? true}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id id team-id]}]
+  (db/with-atomic [conn pool]
+    (teams/check-edition-permissions! conn profile-id team-id)
+    (let [font (db/update! conn :team-font-variant
+                           {:deleted-at (dt/now)}
+                           {:font-id id :team-id team-id})]
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:id id
+                        :team-id team-id
+                        :name (:font-family font)
+                        :profile-id profile-id}}))))
+
+;; --- DELETE FONT VARIANT
+
+(s/def ::delete-font-variant
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::id]))
+
+(sv/defmethod ::delete-font-variant
+  {::doc/added "1.18"
+   ::webhooks/event? true}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id id team-id]}]
+  (db/with-atomic [conn pool]
+    (teams/check-edition-permissions! conn profile-id team-id)
+    (let [variant (db/update! conn :team-font-variant
+                              {:deleted-at (dt/now)}
+                              {:id id :team-id team-id})]
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:font-family (:font-family variant)
+                        :font-id (:font-id variant)}}))))
+
--- a/backend/src/app/rpc/commands/ldap.clj
+++ b/backend/src/app/rpc/commands/ldap.clj
@@ -12,10 +12,13 @@
   [app.db :as db]
   [app.http.session :as session]
   [app.loggers.audit :as-alias audit]
-   [app.rpc.commands.auth :as cmd.auth]
+   [app.main :as-alias main]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.auth :as auth]
+   [app.rpc.commands.profile :as profile]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
-   [app.rpc.queries.profile :as profile]
+   [app.tokens :as tokens]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

@@ -34,15 +37,15 @@
 (sv/defmethod ::login-with-ldap
  "Performs the authentication using LDAP backend. Only works if LDAP
  is properly configured and enabled with `login-with-ldap` flag."
-  {:auth false
+  {::rpc/auth false
   ::doc/added "1.15"}
-  [{:keys [session tokens ldap] :as cfg} params]
-  (when-not ldap
+  [{:keys [::main/props ::ldap/provider] :as cfg} params]
+  (when-not provider
    (ex/raise :type :restriction
              :code :ldap-not-initialized
              :hide "ldap auth provider is not initialized"))

-  (let [info (ldap/authenticate ldap params)]
+  (let [info (ldap/authenticate provider params)]
    (when-not info
      (ex/raise :type :validation
                :code :wrong-credentials))
@@ -58,31 +61,29 @@
        ;; user comes from team-invitation process; in this case,
        ;; regenerate token and send back to the user a new invitation
        ;; token (and mark current session as logged).
-        (let [claims (tokens :verify {:token token :iss :team-invitation})
+        (let [claims (tokens/verify props {:token token :iss :team-invitation})
              claims (assoc claims
                            :member-id  (:id profile)
                            :member-email (:email profile))
-              token  (tokens :generate claims)]
-
+              token  (tokens/generate props claims)]
          (-> {:invitation-token token}
-              (rph/with-transform (session/create-fn session (:id profile)))
+              (rph/with-transform (session/create-fn cfg (:id profile)))
              (rph/with-meta {::audit/props (:props profile)
                              ::audit/profile-id (:id profile)})))

        (-> profile
-            (rph/with-transform (session/create-fn session (:id profile)))
+            (rph/with-transform (session/create-fn cfg (:id profile)))
            (rph/with-meta {::audit/props (:props profile)
                            ::audit/profile-id (:id profile)}))))))

 (defn- login-or-register
-  [{:keys [pool] :as cfg} info]
+  [{:keys [::db/pool] :as cfg} info]
  (db/with-atomic [conn pool]
    (or (some->> (:email info)
-                 (profile/retrieve-profile-data-by-email conn)
-                 (profile/populate-additional-data conn)
-                 (profile/decode-profile-row))
+                 (profile/get-profile-by-email conn)
+                 (profile/decode-row))
        (->> (assoc info :is-active true :is-demo false)
-             (cmd.auth/create-profile conn)
-             (cmd.auth/create-profile-relations conn)
+             (auth/create-profile! conn)
+             (auth/create-profile-rels! conn)
             (profile/strip-private-attrs)))))

--- a/backend/src/app/rpc/commands/management.clj
+++ b/backend/src/app/rpc/commands/management.clj
@@ -13,12 +13,13 @@
   [app.common.spec :as us]
   [app.common.uuid :as uuid]
   [app.db :as db]
+   [app.loggers.webhooks :as-alias webhooks]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.binfile :as binfile]
   [app.rpc.commands.files :as files]
+   [app.rpc.commands.projects :as proj]
+   [app.rpc.commands.teams :as teams :refer [create-project-role create-project]]
   [app.rpc.doc :as-alias doc]
-   [app.rpc.mutations.projects :refer [create-project-role create-project]]
-   [app.rpc.queries.projects :as proj]
-   [app.rpc.queries.teams :as teams]
   [app.util.blob :as blob]
   [app.util.pointer-map :as pmap]
   [app.util.services :as sv]
@@ -31,22 +32,23 @@
 (declare duplicate-file)

 (s/def ::id ::us/uuid)
-(s/def ::profile-id ::us/uuid)
 (s/def ::project-id ::us/uuid)
 (s/def ::file-id ::us/uuid)
 (s/def ::team-id ::us/uuid)
 (s/def ::name ::us/string)

 (s/def ::duplicate-file
-  (s/keys :req-un [::profile-id ::file-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id]
          :opt-un [::name]))

 (sv/defmethod ::duplicate-file
  "Duplicate a single file in the same team."
-  {::doc/added "1.16"}
-  [{:keys [pool] :as cfg} params]
+  {::doc/added "1.16"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (duplicate-file conn params)))
+    (duplicate-file conn (assoc params :profile-id profile-id))))

 (defn- remap-id
  [item index key]
@@ -134,7 +136,7 @@
      and so.deleted_at is null")

 (defn duplicate-file*
-  [conn {:keys [profile-id file index project-id name flibs fmeds]} {:keys [reset-shared-flag] :as opts}]
+  [conn {:keys [profile-id file index project-id name flibs fmeds]} {:keys [reset-shared-flag]}]
  (let [flibs    (or flibs (db/exec! conn [sql:retrieve-used-libraries (:id file)]))
        fmeds    (or fmeds (db/exec! conn [sql:retrieve-used-media-objects (:id file)]))

@@ -211,15 +213,17 @@
 (declare duplicate-project)

 (s/def ::duplicate-project
-  (s/keys :req-un [::profile-id ::project-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::project-id]
          :opt-un [::name]))

 (sv/defmethod ::duplicate-project
  "Duplicate an entire project with all the files"
-  {::doc/added "1.16"}
-  [{:keys [pool] :as cfg} params]
+  {::doc/added "1.16"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} params]
  (db/with-atomic [conn pool]
-    (duplicate-project conn params)))
+    (duplicate-project conn (assoc params :profile-id (::rpc/profile-id params)))))

 (defn duplicate-project
  [conn {:keys [profile-id project-id name] :as params}]
@@ -247,9 +251,7 @@
    ;; create the duplicated project and assign the current profile as
    ;; a project owner
    (create-project conn project)
-    (create-project-role conn {:project-id (:id project)
-                               :profile-id profile-id
-                               :role :owner})
+    (create-project-role conn profile-id (:id project) :owner)

    ;; duplicate all files
    (let [index  (reduce #(assoc %1 (:id %2) (uuid/next)) {} files)
@@ -320,15 +322,16 @@

 (s/def ::ids (s/every ::us/uuid :kind set?))
 (s/def ::move-files
-  (s/keys :req-un [::profile-id ::ids ::project-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::ids ::project-id]))

 (sv/defmethod ::move-files
  "Move a set of files from one project to other."
-  {::doc/added "1.16"}
-  [{:keys [pool] :as cfg} params]
+  {::doc/added "1.16"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (move-files conn params)))
-
+    (move-files conn (assoc params :profile-id profile-id))))

 ;; --- COMMAND: Move project

@@ -359,14 +362,16 @@


 (s/def ::move-project
-  (s/keys :req-un [::profile-id ::team-id ::project-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::project-id]))

 (sv/defmethod ::move-project
  "Move projects between teams."
-  {::doc/added "1.16"}
-  [{:keys [pool] :as cfg} params]
+  {::doc/added "1.16"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (move-project conn params)))
+    (move-project conn (assoc params :profile-id profile-id))))

 ;; --- COMMAND: Clone Template

@@ -374,15 +379,17 @@

 (s/def ::template-id ::us/not-empty-string)
 (s/def ::clone-template
-  (s/keys :req-un [::profile-id ::project-id ::template-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::project-id ::template-id]))

 (sv/defmethod ::clone-template
  "Clone into the specified project the template by its id."
-  {::doc/added "1.16"}
-  [{:keys [pool] :as cfg} params]
+  {::doc/added "1.16"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
  (db/with-atomic [conn pool]
    (-> (assoc cfg :conn conn)
-        (clone-template params))))
+        (clone-template (assoc params :profile-id profile-id)))))

 (defn- clone-template
  [{:keys [conn templates] :as cfg} {:keys [profile-id template-id project-id]}]
--- a/backend/src/app/rpc/commands/media.clj
+++ b/backend/src/app/rpc/commands/media.clj
@@ -0,0 +1,275 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.media
+  (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
+   [app.common.media :as cm]
+   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.http.client :as http]
+   [app.media :as media]
+   [app.rpc :as-alias rpc]
+   [app.rpc.climit :as climit]
+   [app.rpc.commands.files :as files]
+   [app.rpc.doc :as-alias doc]
+   [app.storage :as sto]
+   [app.storage.tmp :as tmp]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [app.worker :as-alias wrk]
+   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]
+   [datoteka.io :as io]
+   [promesa.core :as p]
+   [promesa.exec :as px]))
+
+(def default-max-file-size
+  (* 1024 1024 10)) ; 10 MiB
+
+(def thumbnail-options
+  {:width 100
+   :height 100
+   :quality 85
+   :format :jpeg})
+
+(s/def ::id ::us/uuid)
+(s/def ::name ::us/string)
+(s/def ::file-id ::us/uuid)
+(s/def ::team-id ::us/uuid)
+
+(defn validate-content-size!
+  [content]
+  (when (> (:size content) (cf/get :media-max-file-size default-max-file-size))
+    (ex/raise :type :restriction
+              :code :media-max-file-size-reached
+              :hint (str/ffmt "the uploaded file size % is greater than the maximum %"
+                              (:size content)
+                              default-max-file-size))))
+
+;; --- Create File Media object (upload)
+
+(declare create-file-media-object)
+
+(s/def ::content ::media/upload)
+(s/def ::is-local ::us/boolean)
+
+(s/def ::upload-file-media-object
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::is-local ::name ::content]
+          :opt-un [::id]))
+
+(sv/defmethod ::upload-file-media-object
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id content] :as params}]
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (files/check-edition-permissions! pool profile-id file-id)
+    (media/validate-media-type! content)
+    (validate-content-size! content)
+
+    (create-file-media-object cfg params)))
+
+(defn- big-enough-for-thumbnail?
+  "Checks if the provided image info is big enough for
+  create a separate thumbnail storage object."
+  [info]
+  (or (> (:width info) (:width thumbnail-options))
+      (> (:height info) (:height thumbnail-options))))
+
+(defn- svg-image?
+  [info]
+  (= (:mtype info) "image/svg+xml"))
+
+;; NOTE: we use the `on conflict do update` instead of `do nothing`
+;; because postgresql does not returns anything if no update is
+;; performed, the `do update` does the trick.
+
+(def sql:create-file-media-object
+  "insert into file_media_object (id, file_id, is_local, name, media_id, thumbnail_id, width, height, mtype)
+   values (?, ?, ?, ?, ?, ?, ?, ?, ?)
+       on conflict (id) do update set created_at=file_media_object.created_at
+       returning *")
+
+;; NOTE: the following function executes without a transaction, this
+;; means that if something fails in the middle of this function, it
+;; will probably leave leaked/unreferenced objects in the database and
+;; probably in the storage layer. For handle possible object leakage,
+;; we create all media objects marked as touched, this ensures that if
+;; something fails, all leaked (already created storage objects) will
+;; be eventually marked as deleted by the touched-gc task.
+;;
+;; The touched-gc task, performs periodic analysis of all touched
+;; storage objects and check references of it. This is the reason why
+;; `reference` metadata exists: it indicates the name of the table
+;; witch holds the reference to storage object (it some kind of
+;; inverse, soft referential integrity).
+
+(defn create-file-media-object
+  [{:keys [::sto/storage ::db/pool climit ::wrk/executor]}
+   {:keys [id file-id is-local name content]}]
+  (letfn [;; Function responsible to retrieve the file information, as
+          ;; it is synchronous operation it should be wrapped into
+          ;; with-dispatch macro.
+          (get-info [content]
+            (climit/with-dispatch (:process-image climit)
+              (media/run {:cmd :info :input content})))
+
+          ;; Function responsible of calculating cryptographyc hash of
+          ;; the provided data.
+          (calculate-hash [data]
+            (px/with-dispatch executor
+              (sto/calculate-hash data)))
+
+          ;; Function responsible of generating thumnail. As it is synchronous
+          ;; opetation, it should be wrapped into with-dispatch macro
+          (generate-thumbnail [info]
+            (climit/with-dispatch (:process-image climit)
+              (media/run (assoc thumbnail-options
+                                :cmd :generic-thumbnail
+                                :input info))))
+
+          (create-thumbnail [info]
+            (when (and (not (svg-image? info))
+                       (big-enough-for-thumbnail? info))
+              (p/let [thumb   (generate-thumbnail info)
+                      hash    (calculate-hash (:data thumb))
+                      content (-> (sto/content (:data thumb) (:size thumb))
+                                  (sto/wrap-with-hash hash))]
+                (sto/put-object! storage
+                                 {::sto/content content
+                                  ::sto/deduplicate? true
+                                  ::sto/touched-at (dt/now)
+                                  :content-type (:mtype thumb)
+                                  :bucket "file-media-object"}))))
+
+          (create-image [info]
+            (p/let [data    (:path info)
+                    hash    (calculate-hash data)
+                    content (-> (sto/content data)
+                                (sto/wrap-with-hash hash))]
+              (sto/put-object! storage
+                               {::sto/content content
+                                ::sto/deduplicate? true
+                                ::sto/touched-at (dt/now)
+                                :content-type (:mtype info)
+                                :bucket "file-media-object"})))
+
+          (insert-into-database [info image thumb]
+            (px/with-dispatch executor
+              (db/exec-one! pool [sql:create-file-media-object
+                                  (or id (uuid/next))
+                                  file-id is-local name
+                                  (:id image)
+                                  (:id thumb)
+                                  (:width info)
+                                  (:height info)
+                                  (:mtype info)])))]
+
+    (p/let [info  (get-info content)
+            thumb (create-thumbnail info)
+            image (create-image info)]
+      (insert-into-database info image thumb))))
+
+;; --- Create File Media Object (from URL)
+
+(declare ^:private create-file-media-object-from-url)
+
+(s/def ::create-file-media-object-from-url
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::is-local ::url]
+          :opt-un [::id ::name]))
+
+(sv/defmethod ::create-file-media-object-from-url
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (files/check-edition-permissions! pool profile-id file-id)
+    (create-file-media-object-from-url cfg params)))
+
+(defn- create-file-media-object-from-url
+  [cfg {:keys [url name] :as params}]
+  (letfn [(parse-and-validate-size [headers]
+            (let [size     (some-> (get headers "content-length") d/parse-integer)
+                  mtype    (get headers "content-type")
+                  format   (cm/mtype->format mtype)
+                  max-size (cf/get :media-max-file-size default-max-file-size)]
+
+              (when-not size
+                (ex/raise :type :validation
+                          :code :unknown-size
+                          :hint "seems like the url points to resource with unknown size"))
+
+              (when (> size max-size)
+                (ex/raise :type :validation
+                          :code :file-too-large
+                          :hint (str/ffmt "the file size % is greater than the maximum %"
+                                          size
+                                          default-max-file-size)))
+
+              (when (nil? format)
+                (ex/raise :type :validation
+                          :code :media-type-not-allowed
+                          :hint "seems like the url points to an invalid media object"))
+
+              {:size size
+               :mtype mtype
+               :format format}))
+
+          (download-media [uri]
+            (-> (http/req! cfg {:method :get :uri uri} {:response-type :input-stream})
+                (p/then process-response)))
+
+          (process-response [{:keys [body headers] :as response}]
+            (let [{:keys [size mtype]} (parse-and-validate-size headers)
+                  path                 (tmp/tempfile :prefix "penpot.media.download.")
+                  written              (io/write-to-file! body path :size size)]
+
+              (when (not= written size)
+                (ex/raise :type :internal
+                          :code :mismatch-write-size
+                          :hint "unexpected state: unable to write to file"))
+
+              {:filename "tempfile"
+               :size size
+               :path path
+               :mtype mtype}))]
+
+    (p/let [content (download-media url)]
+      (->> (merge params {:content content :name (or name (:filename content))})
+           (create-file-media-object cfg)))))
+
+;; --- Clone File Media object (Upload and create from url)
+
+(declare clone-file-media-object)
+
+(s/def ::clone-file-media-object
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::is-local ::id]))
+
+(sv/defmethod ::clone-file-media-object
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (files/check-edition-permissions! conn profile-id file-id)
+    (-> (assoc cfg :conn conn)
+        (clone-file-media-object params))))
+
+(defn clone-file-media-object
+  [{:keys [conn]} {:keys [id file-id is-local]}]
+  (let [mobj (db/get-by-id conn :file-media-object id)]
+    (db/insert! conn :file-media-object
+                {:id (uuid/next)
+                 :file-id file-id
+                 :is-local is-local
+                 :name (:name mobj)
+                 :media-id (:media-id mobj)
+                 :thumbnail-id (:thumbnail-id mobj)
+                 :width  (:width mobj)
+                 :height (:height mobj)
+                 :mtype  (:mtype mobj)})))
--- a/backend/src/app/rpc/commands/profile.clj
+++ b/backend/src/app/rpc/commands/profile.clj
@@ -0,0 +1,424 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.profile
+  (:require
+   [app.auth :as auth]
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
+   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.emails :as eml]
+   [app.http.session :as session]
+   [app.loggers.audit :as audit]
+   [app.main :as-alias main]
+   [app.media :as media]
+   [app.rpc :as-alias rpc]
+   [app.rpc.climit :as climit]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.helpers :as rph]
+   [app.storage :as sto]
+   [app.tokens :as tokens]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [app.worker :as-alias wrk]
+   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]
+   [promesa.core :as p]
+   [promesa.exec :as px]))
+
+(declare decode-row)
+(declare get-profile)
+(declare strip-private-attrs)
+(declare filter-props)
+(declare check-profile-existence!)
+
+;; --- QUERY: Get profile (own)
+
+(s/def ::get-profile
+  (s/keys :opt [::rpc/profile-id]))
+
+(sv/defmethod ::get-profile
+  {::rpc/auth false
+   ::doc/added "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id]}]
+  ;; We need to return the anonymous profile object in two cases, when
+  ;; no profile-id is in session, and when db call raises not found. In all other
+  ;; cases we need to reraise the exception.
+  (try
+    (-> (get-profile pool profile-id)
+        (strip-private-attrs)
+        (update :props filter-props))
+    (catch Throwable _
+      {:id uuid/zero :fullname "Anonymous User"})))
+
+(defn get-profile
+  "Get profile by id. Throws not-found exception if no profile found."
+  [conn id & {:as attrs}]
+  (-> (db/get-by-id conn :profile id attrs)
+      (decode-row)))
+
+
+;; --- MUTATION: Update Profile (own)
+
+(s/def ::email ::us/email)
+(s/def ::fullname ::us/not-empty-string)
+(s/def ::lang ::us/string)
+(s/def ::theme ::us/string)
+
+(s/def ::update-profile
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::fullname]
+          :opt-un [::lang ::theme]))
+
+(sv/defmethod ::update-profile
+  {::doc/added "1.0"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id fullname lang theme] :as params}]
+  (db/with-atomic [conn pool]
+    ;; NOTE: we need to retrieve the profile independently if we use
+    ;; it or not for explicit locking and avoid concurrent updates of
+    ;; the same row/object.
+    (let [profile (-> (db/get-by-id conn :profile profile-id ::db/for-update? true)
+                      (decode-row))
+
+          ;; Update the profile map with direct params
+          profile (-> profile
+                      (assoc :fullname fullname)
+                      (assoc :lang lang)
+                      (assoc :theme theme))
+          ]
+
+      (db/update! conn :profile
+                  {:fullname fullname
+                   :lang lang
+                   :theme theme
+                   :props (db/tjson (:props profile))}
+                  {:id profile-id})
+
+      (-> profile
+          (strip-private-attrs)
+          (d/without-nils)
+          (rph/with-meta {::audit/props (audit/profile->props profile)})))))
+
+
+;; --- MUTATION: Update Password
+
+(declare validate-password!)
+(declare update-profile-password!)
+(declare invalidate-profile-session!)
+
+(s/def ::password ::us/not-empty-string)
+(s/def ::old-password ::us/not-empty-string)
+
+(s/def ::update-profile-password
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::password ::old-password]))
+
+(sv/defmethod ::update-profile-password
+  {::climit/queue :auth}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id password] :as params}]
+  (db/with-atomic [conn pool]
+    (let [profile    (validate-password! conn (assoc params :profile-id profile-id))
+          session-id (::session/id params)]
+
+      (when (= (str/lower (:email profile))
+               (str/lower (:password params)))
+        (ex/raise :type :validation
+                  :code :email-as-password
+                  :hint "you can't use your email as password"))
+
+      (update-profile-password! conn (assoc profile :password password))
+      (invalidate-profile-session! conn profile-id session-id)
+      nil)))
+
+(defn- invalidate-profile-session!
+  "Removes all sessions except the current one."
+  [conn profile-id session-id]
+  (let [sql "delete from http_session where profile_id = ? and id != ?"]
+    (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id]))))
+
+(defn- validate-password!
+  [conn {:keys [profile-id old-password] :as params}]
+  (let [profile (db/get-by-id conn :profile profile-id ::db/for-update? true)]
+    (when-not (:valid (auth/verify-password old-password (:password profile)))
+      (ex/raise :type :validation
+                :code :old-password-not-match))
+    profile))
+
+(defn update-profile-password!
+  [conn {:keys [id password] :as profile}]
+  (db/update! conn :profile
+              {:password (auth/derive-password password)}
+              {:id id}))
+
+;; --- MUTATION: Update Photo
+
+(declare upload-photo)
+(declare update-profile-photo)
+
+(s/def ::file ::media/upload)
+(s/def ::update-profile-photo
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file]))
+
+(sv/defmethod ::update-profile-photo
+  [cfg {:keys [::rpc/profile-id file] :as params}]
+  ;; Validate incoming mime type
+  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (update-profile-photo cfg (assoc params :profile-id profile-id))))
+
+;; TODO: reimplement it without p/let
+
+(defn update-profile-photo
+  [{:keys [::db/pool ::sto/storage ::wrk/executor] :as cfg} {:keys [profile-id file] :as params}]
+  (letfn [(on-uploaded [photo]
+            (let [profile (db/get-by-id pool :profile profile-id ::db/for-update? true)]
+
+              ;; Schedule deletion of old photo
+              (when-let [id (:photo-id profile)]
+                (sto/touch-object! storage id))
+
+              ;; Save new photo
+              (db/update! pool :profile
+                          {:photo-id (:id photo)}
+                          {:id profile-id})
+
+              (-> (rph/wrap)
+                  (rph/with-meta {::audit/replace-props
+                                  {:file-name (:filename file)
+                                   :file-size (:size file)
+                                   :file-path (str (:path file))
+                                   :file-mtype (:mtype file)}}))))]
+    (->> (upload-photo cfg params)
+         (p/fmap executor on-uploaded))))
+
+(defn upload-photo
+  [{:keys [::sto/storage ::wrk/executor climit] :as cfg} {:keys [file]}]
+  (letfn [(get-info [content]
+            (climit/with-dispatch (:process-image climit)
+              (media/run {:cmd :info :input content})))
+
+          (generate-thumbnail [info]
+            (climit/with-dispatch (:process-image climit)
+              (media/run {:cmd :profile-thumbnail
+                          :format :jpeg
+                          :quality 85
+                          :width 256
+                          :height 256
+                          :input info})))
+
+          ;; Function responsible of calculating cryptographyc hash of
+          ;; the provided data.
+          (calculate-hash [data]
+            (px/with-dispatch executor
+              (sto/calculate-hash data)))]
+
+    (p/let [info    (get-info file)
+            thumb   (generate-thumbnail info)
+            hash    (calculate-hash (:data thumb))
+            content (-> (sto/content (:data thumb) (:size thumb))
+                        (sto/wrap-with-hash hash))]
+      (sto/put-object! storage {::sto/content content
+                                ::sto/deduplicate? true
+                                :bucket "profile"
+                                :content-type (:mtype thumb)}))))
+
+
+;; --- MUTATION: Request Email Change
+
+(declare ^:private request-email-change!)
+(declare ^:private change-email-immediately!)
+
+(s/def ::request-email-change
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::email]))
+
+(sv/defmethod ::request-email-change
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id email] :as params}]
+  (db/with-atomic [conn pool]
+    (let [profile (db/get-by-id conn :profile profile-id)
+          cfg     (assoc cfg ::conn conn)
+          params  (assoc params
+                         :profile profile
+                         :email (str/lower email))]
+      (if (contains? cf/flags :smtp)
+        (request-email-change! cfg params)
+        (change-email-immediately! cfg params)))))
+
+(defn- change-email-immediately!
+  [{:keys [::conn]} {:keys [profile email] :as params}]
+  (when (not= email (:email profile))
+    (check-profile-existence! conn params))
+
+  (db/update! conn :profile
+              {:email email}
+              {:id (:id profile)})
+
+  {:changed true})
+
+(defn- request-email-change!
+  [{:keys [::conn] :as cfg} {:keys [profile email] :as params}]
+  (let [token   (tokens/generate (::main/props cfg)
+                                 {:iss :change-email
+                                  :exp (dt/in-future "15m")
+                                  :profile-id (:id profile)
+                                  :email email})
+        ptoken  (tokens/generate (::main/props cfg)
+                                 {:iss :profile-identity
+                                  :profile-id (:id profile)
+                                  :exp (dt/in-future {:days 30})})]
+
+    (when (not= email (:email profile))
+      (check-profile-existence! conn params))
+
+    (when-not (eml/allow-send-emails? conn profile)
+      (ex/raise :type :validation
+                :code :profile-is-muted
+                :hint "looks like the profile has reported repeatedly as spam or has permanent bounces."))
+
+    (when (eml/has-bounce-reports? conn email)
+      (ex/raise :type :validation
+                :code :email-has-permanent-bounces
+                :hint "looks like the email you invite has been repeatedly reported as spam or permanent bounce"))
+
+    (eml/send! {::eml/conn conn
+                ::eml/factory eml/change-email
+                :public-uri (cf/get :public-uri)
+                :to (:email profile)
+                :name (:fullname profile)
+                :pending-email email
+                :token token
+                :extra-data ptoken})
+    nil))
+
+
+;; --- MUTATION: Update Profile Props
+
+(s/def ::props map?)
+(s/def ::update-profile-props
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::props]))
+
+(sv/defmethod ::update-profile-props
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id props]}]
+  (db/with-atomic [conn pool]
+    (let [profile (get-profile conn profile-id ::db/for-update? true)
+          props   (reduce-kv (fn [props k v]
+                               ;; We don't accept namespaced keys
+                               (if (simple-ident? k)
+                                 (if (nil? v)
+                                   (dissoc props k)
+                                   (assoc props k v))
+                                 props))
+                             (:props profile)
+                             props)]
+
+      (db/update! conn :profile
+                  {:props (db/tjson props)}
+                  {:id profile-id})
+
+      (filter-props props))))
+
+
+;; --- MUTATION: Delete Profile
+
+(declare ^:private get-owned-teams-with-participants)
+
+(s/def ::delete-profile
+  (s/keys :req [::rpc/profile-id]))
+
+(sv/defmethod ::delete-profile
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (let [teams      (get-owned-teams-with-participants conn profile-id)
+          deleted-at (dt/now)]
+
+      ;; If we found owned teams with participants, we don't allow
+      ;; delete profile until the user properly transfer ownership or
+      ;; explicitly removes all participants from the team
+      (when (some pos? (map :participants teams))
+        (ex/raise :type :validation
+                  :code :owner-teams-with-people
+                  :hint "The user need to transfer ownership of owned teams."
+                  :context {:teams (mapv :id teams)}))
+
+      (doseq [{:keys [id]} teams]
+        (db/update! conn :team
+                    {:deleted-at deleted-at}
+                    {:id id}))
+
+      (db/update! conn :profile
+                  {:deleted-at deleted-at}
+                  {:id profile-id})
+
+      (rph/with-transform {} (session/delete-fn cfg)))))
+
+
+;; --- HELPERS
+
+(def sql:owned-teams
+  "with owner_teams as (
+      select tpr.team_id as id
+        from team_profile_rel as tpr
+       where tpr.is_owner is true
+         and tpr.profile_id = ?
+   )
+   select tpr.team_id as id,
+          count(tpr.profile_id) - 1 as participants
+     from team_profile_rel as tpr
+    where tpr.team_id in (select id from owner_teams)
+      and tpr.profile_id != ?
+    group by 1")
+
+(defn- get-owned-teams-with-participants
+  [conn profile-id]
+  (db/exec! conn [sql:owned-teams profile-id profile-id]))
+
+(def ^:private sql:profile-existence
+  "select exists (select * from profile
+                   where email = ?
+                     and deleted_at is null) as val")
+
+(defn check-profile-existence!
+  [conn {:keys [email] :as params}]
+  (let [email  (str/lower email)
+        result (db/exec-one! conn [sql:profile-existence email])]
+    (when (:val result)
+      (ex/raise :type :validation
+                :code :email-already-exists))
+    params))
+
+(def ^:private sql:profile-by-email
+  "select p.* from profile as p
+    where p.email = ?
+      and (p.deleted_at is null or
+           p.deleted_at > now())")
+
+(defn get-profile-by-email
+  "Returns a profile looked up by email or `nil` if not match found."
+  [conn email]
+  (->> (db/exec! conn [sql:profile-by-email (str/lower email)])
+       (map decode-row)
+       (first)))
+
+(defn strip-private-attrs
+  "Only selects a publicly visible profile attrs."
+  [row]
+  (dissoc row :password :deleted-at))
+
+(defn filter-props
+  "Removes all namespace qualified props from `props` attr."
+  [props]
+  (into {} (filter (fn [[k _]] (simple-ident? k))) props))
+
+(defn decode-row
+  [{:keys [props] :as row}]
+  (cond-> row
+    (db/pgobject? props "jsonb")
+    (assoc :props (db/decode-transit-pgobject props))))
--- a/backend/src/app/rpc/commands/projects.clj
+++ b/backend/src/app/rpc/commands/projects.clj
@@ -0,0 +1,268 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.projects
+  (:require
+   [app.common.spec :as us]
+   [app.db :as db]
+   [app.loggers.audit :as-alias audit]
+   [app.loggers.webhooks :as webhooks]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.teams :as teams]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.helpers :as rph]
+   [app.rpc.permissions :as perms]
+   [app.rpc.quotes :as quotes]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [clojure.spec.alpha :as s]))
+
+(s/def ::id ::us/uuid)
+(s/def ::name ::us/string)
+
+;; --- Check Project Permissions
+
+(def ^:private sql:project-permissions
+  "select tpr.is_owner,
+          tpr.is_admin,
+          tpr.can_edit
+     from team_profile_rel as tpr
+    inner join project as p on (p.team_id = tpr.team_id)
+    where p.id = ?
+      and tpr.profile_id = ?
+   union all
+   select ppr.is_owner,
+          ppr.is_admin,
+          ppr.can_edit
+     from project_profile_rel as ppr
+    where ppr.project_id = ?
+      and ppr.profile_id = ?")
+
+(defn- get-permissions
+  [conn profile-id project-id]
+  (let [rows     (db/exec! conn [sql:project-permissions
+                                 project-id profile-id
+                                 project-id profile-id])
+        is-owner (boolean (some :is-owner rows))
+        is-admin (boolean (some :is-admin rows))
+        can-edit (boolean (some :can-edit rows))]
+     (when (seq rows)
+       {:is-owner is-owner
+        :is-admin (or is-owner is-admin)
+        :can-edit (or is-owner is-admin can-edit)
+        :can-read true})))
+
+(def has-edit-permissions?
+  (perms/make-edition-predicate-fn get-permissions))
+
+(def has-read-permissions?
+  (perms/make-read-predicate-fn get-permissions))
+
+(def check-edition-permissions!
+  (perms/make-check-fn has-edit-permissions?))
+
+(def check-read-permissions!
+  (perms/make-check-fn has-read-permissions?))
+
+;; --- QUERY: Get projects
+
+(declare get-projects)
+
+(s/def ::team-id ::us/uuid)
+(s/def ::get-projects
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))
+
+(sv/defmethod ::get-projects
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (teams/check-read-permissions! conn profile-id team-id)
+    (get-projects conn profile-id team-id)))
+
+(def sql:projects
+  "select p.*,
+          coalesce(tpp.is_pinned, false) as is_pinned,
+          (select count(*) from file as f
+            where f.project_id = p.id
+              and deleted_at is null) as count
+     from project as p
+    inner join team as t on (t.id = p.team_id)
+     left join team_project_profile_rel as tpp
+            on (tpp.project_id = p.id and
+                tpp.team_id = p.team_id and
+                tpp.profile_id = ?)
+    where p.team_id = ?
+      and p.deleted_at is null
+      and t.deleted_at is null
+    order by p.modified_at desc")
+
+(defn get-projects
+  [conn profile-id team-id]
+  (db/exec! conn [sql:projects profile-id team-id]))
+
+;; --- QUERY: Get all projects
+
+(declare get-all-projects)
+
+(s/def ::get-all-projects
+  (s/keys :req [::rpc/profile-id]))
+
+(sv/defmethod ::get-all-projects
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id]}]
+  (with-open [conn (db/open pool)]
+    (get-all-projects conn profile-id)))
+
+(def sql:all-projects
+  "select p1.*, t.name as team_name, t.is_default as is_default_team
+     from project as p1
+    inner join team as t on (t.id = p1.team_id)
+    where t.id in (select team_id
+                     from team_profile_rel as tpr
+                    where tpr.profile_id = ?
+                      and (tpr.can_edit = true or
+                           tpr.is_owner = true or
+                           tpr.is_admin = true))
+      and t.deleted_at is null
+      and p1.deleted_at is null
+   union
+   select p2.*, t.name as team_name, t.is_default as is_default_team
+     from project as p2
+    inner join team as t on (t.id = p2.team_id)
+    where p2.id in (select project_id
+                     from project_profile_rel as ppr
+                    where ppr.profile_id = ?
+                      and (ppr.can_edit = true or
+                           ppr.is_owner = true or
+                           ppr.is_admin = true))
+      and t.deleted_at is null
+      and p2.deleted_at is null
+    order by team_name, name;")
+
+(defn get-all-projects
+  [conn profile-id]
+  (db/exec! conn [sql:all-projects profile-id profile-id]))
+
+
+;; --- QUERY: Get project
+
+(s/def ::get-project
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]))
+
+(sv/defmethod ::get-project
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id id]}]
+  (with-open [conn (db/open pool)]
+    (let [project (db/get-by-id conn :project id)]
+      (check-read-permissions! conn profile-id id)
+      project)))
+
+
+
+;; --- MUTATION: Create Project
+
+(s/def ::create-project
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::name]
+          :opt-un [::id]))
+
+(sv/defmethod ::create-project
+  {::doc/added "1.18"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
+  (db/with-atomic [conn pool]
+    (teams/check-edition-permissions! conn profile-id team-id)
+    (quotes/check-quote! conn {::quotes/id ::quotes/projects-per-team
+                               ::quotes/profile-id profile-id
+                               ::quotes/team-id team-id})
+
+    (let [params  (assoc params :profile-id profile-id)
+          project (teams/create-project conn params)]
+      (teams/create-project-role conn profile-id (:id project) :owner)
+      (db/insert! conn :team-project-profile-rel
+                  {:project-id (:id project)
+                   :profile-id profile-id
+                   :team-id team-id
+                   :is-pinned true})
+      (assoc project :is-pinned true))))
+
+
+;; --- MUTATION: Toggle Project Pin
+
+(def ^:private
+  sql:update-project-pin
+  "insert into team_project_profile_rel (team_id, project_id, profile_id, is_pinned)
+   values (?, ?, ?, ?)
+       on conflict (team_id, project_id, profile_id)
+       do update set is_pinned=?")
+
+(s/def ::is-pinned ::us/boolean)
+(s/def ::project-id ::us/uuid)
+(s/def ::update-project-pin
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id ::team-id ::is-pinned]))
+
+(sv/defmethod ::update-project-pin
+  {::doc/added "1.18"
+   ::webhooks/batch-timeout (dt/duration "5s")
+   ::webhooks/batch-key (webhooks/key-fn ::rpc/profile-id :id)
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id team-id is-pinned] :as params}]
+  (db/with-atomic [conn pool]
+    (check-edition-permissions! conn profile-id id)
+    (db/exec-one! conn [sql:update-project-pin team-id id profile-id is-pinned is-pinned])
+    nil))
+
+;; --- MUTATION: Rename Project
+
+(declare rename-project)
+
+(s/def ::rename-project
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::name ::id]))
+
+(sv/defmethod ::rename-project
+  {::doc/added "1.18"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id name] :as params}]
+  (db/with-atomic [conn pool]
+    (check-edition-permissions! conn profile-id id)
+    (let [project (db/get-by-id conn :project id ::db/for-update? true)]
+      (db/update! conn :project
+                  {:name name}
+                  {:id id})
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:team-id (:team-id project)
+                        :prev-name (:name project)}}))))
+
+;; --- MUTATION: Delete Project
+
+(s/def ::delete-project
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]))
+
+;; TODO: right now, we just don't allow delete default projects, in a
+;; future we need to ensure raise a correct exception signaling that
+;; this is not allowed.
+
+(sv/defmethod ::delete-project
+  {::doc/added "1.18"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  (db/with-atomic [conn pool]
+    (check-edition-permissions! conn profile-id id)
+    (let [project (db/update! conn :project
+                              {:deleted-at (dt/now)}
+                              {:id id :is-default false})]
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:team-id (:team-id project)
+                        :name (:name project)
+                        :created-at (:created-at project)
+                        :modified-at (:modified-at project)}}))))
+
+
--- a/backend/src/app/rpc/commands/search.clj
+++ b/backend/src/app/rpc/commands/search.clj
@@ -8,6 +8,7 @@
  (:require
   [app.common.spec :as us]
   [app.db :as db]
+   [app.rpc :as-alias rpc]
   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))
@@ -47,22 +48,21 @@
    order by f.created_at asc")

 (defn search-files
-  [conn {:keys [profile-id team-id search-term] :as params}]
+  [conn profile-id team-id search-term]
  (db/exec! conn [sql:search-files
                  profile-id team-id
                  profile-id team-id
                  search-term]))

-(s/def ::profile-id ::us/uuid)
 (s/def ::team-id ::us/uuid)
 (s/def ::search-files ::us/string)

 (s/def ::search-files
-  (s/keys :req-un [::profile-id ::team-id]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]
          :opt-un [::search-term]))

 (sv/defmethod ::search-files
  {::doc/added "1.17"}
-  [{:keys [pool]} {:keys [search-term] :as params}]
-  (when search-term
-    (search-files pool params)))
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id search-term]}]
+  (some->> search-term (search-files pool profile-id team-id)))
--- a/backend/src/app/rpc/commands/teams.clj
+++ b/backend/src/app/rpc/commands/teams.clj
@@ -0,0 +1,860 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.teams
+  (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
+   [app.common.logging :as l]
+   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.emails :as eml]
+   [app.loggers.audit :as audit]
+   [app.main :as-alias main]
+   [app.media :as media]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.profile :as profile]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.helpers :as rph]
+   [app.rpc.permissions :as perms]
+   [app.rpc.quotes :as quotes]
+   [app.storage :as sto]
+   [app.tokens :as tokens]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [app.worker :as-alias wrk]
+   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]
+   [promesa.core :as p]
+   [promesa.exec :as px]))
+
+;; --- Helpers & Specs
+
+(s/def ::id ::us/uuid)
+(s/def ::name ::us/string)
+(s/def ::file-id ::us/uuid)
+(s/def ::team-id ::us/uuid)
+
+(def ^:private sql:team-permissions
+  "select tpr.is_owner,
+          tpr.is_admin,
+          tpr.can_edit
+     from team_profile_rel as tpr
+     join team as t on (t.id = tpr.team_id)
+    where tpr.profile_id = ?
+      and tpr.team_id = ?
+      and t.deleted_at is null")
+
+(defn get-permissions
+  [conn profile-id team-id]
+  (let [rows     (db/exec! conn [sql:team-permissions profile-id team-id])
+        is-owner (boolean (some :is-owner rows))
+        is-admin (boolean (some :is-admin rows))
+        can-edit (boolean (some :can-edit rows))]
+     (when (seq rows)
+       {:is-owner is-owner
+        :is-admin (or is-owner is-admin)
+        :can-edit (or is-owner is-admin can-edit)
+        :can-read true})))
+
+(def has-edit-permissions?
+  (perms/make-edition-predicate-fn get-permissions))
+
+(def has-read-permissions?
+  (perms/make-read-predicate-fn get-permissions))
+
+(def check-edition-permissions!
+  (perms/make-check-fn has-edit-permissions?))
+
+(def check-read-permissions!
+  (perms/make-check-fn has-read-permissions?))
+
+;; --- Query: Teams
+
+(declare retrieve-teams)
+
+(s/def ::get-teams
+  (s/keys :req [::rpc/profile-id]))
+
+(sv/defmethod ::get-teams
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  (with-open [conn (db/open pool)]
+    (retrieve-teams conn profile-id)))
+
+(def sql:teams
+  "select t.*,
+          tp.is_owner,
+          tp.is_admin,
+          tp.can_edit,
+          (t.id = ?) as is_default
+     from team_profile_rel as tp
+     join team as t on (t.id = tp.team_id)
+    where t.deleted_at is null
+      and tp.profile_id = ?
+    order by tp.created_at asc")
+
+(defn process-permissions
+  [team]
+  (let [is-owner    (:is-owner team)
+        is-admin    (:is-admin team)
+        can-edit    (:can-edit team)
+        permissions {:type :membership
+                     :is-owner is-owner
+                     :is-admin (or is-owner is-admin)
+                     :can-edit (or is-owner is-admin can-edit)}]
+    (-> team
+        (dissoc :is-owner :is-admin :can-edit)
+        (assoc :permissions permissions))))
+
+(defn retrieve-teams
+  [conn profile-id]
+  (let [profile (profile/get-profile conn profile-id)]
+    (->> (db/exec! conn [sql:teams (:default-team-id profile) profile-id])
+         (mapv process-permissions))))
+
+;; --- Query: Team (by ID)
+
+(declare retrieve-team)
+
+(s/def ::get-team
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]))
+
+(sv/defmethod ::get-team
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id]}]
+  (with-open [conn (db/open pool)]
+    (retrieve-team conn profile-id id)))
+
+(defn retrieve-team
+  [conn profile-id team-id]
+  (let [profile (profile/get-profile conn profile-id)
+        sql     (str "WITH teams AS (" sql:teams ") SELECT * FROM teams WHERE id=?")
+        result  (db/exec-one! conn [sql (:default-team-id profile) profile-id team-id])]
+
+    (when-not result
+      (ex/raise :type :not-found
+                :code :team-does-not-exist))
+
+    (process-permissions result)))
+
+;; --- Query: Team Members
+
+(def sql:team-members
+  "select tp.*,
+          p.id,
+          p.email,
+          p.fullname as name,
+          p.fullname as fullname,
+          p.photo_id,
+          p.is_active
+     from team_profile_rel as tp
+     join profile as p on (p.id = tp.profile_id)
+    where tp.team_id = ?")
+
+(defn retrieve-team-members
+  [conn team-id]
+  (db/exec! conn [sql:team-members team-id]))
+
+(s/def ::team-id ::us/uuid)
+(s/def ::get-team-members
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))
+
+(sv/defmethod ::get-team-members
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (check-read-permissions! conn profile-id team-id)
+    (retrieve-team-members conn team-id)))
+
+
+;; --- Query: Team Users
+
+(declare retrieve-users)
+(declare retrieve-team-for-file)
+
+(s/def ::get-team-users
+  (s/and (s/keys :req [::rpc/profile-id]
+                 :opt-un [::team-id ::file-id])
+         #(or (:team-id %) (:file-id %))))
+
+(sv/defmethod ::get-team-users
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id file-id]}]
+  (with-open [conn (db/open pool)]
+    (if team-id
+      (do
+        (check-read-permissions! conn profile-id team-id)
+        (retrieve-users conn team-id))
+      (let [{team-id :id} (retrieve-team-for-file conn file-id)]
+        (check-read-permissions! conn profile-id team-id)
+        (retrieve-users conn team-id)))))
+
+;; This is a similar query to team members but can contain more data
+;; because some user can be explicitly added to project or file (not
+;; implemented in UI)
+
+(def sql:team-users
+  "select pf.id, pf.fullname, pf.photo_id
+     from profile as pf
+    inner join team_profile_rel as tpr on (tpr.profile_id = pf.id)
+    where tpr.team_id = ?
+    union
+   select pf.id, pf.fullname, pf.photo_id
+     from profile as pf
+    inner join project_profile_rel as ppr on (ppr.profile_id = pf.id)
+    inner join project as p on (ppr.project_id = p.id)
+    where p.team_id = ?
+   union
+   select pf.id, pf.fullname, pf.photo_id
+     from profile as pf
+    inner join file_profile_rel as fpr on (fpr.profile_id = pf.id)
+    inner join file as f on (fpr.file_id = f.id)
+    inner join project as p on (f.project_id = p.id)
+    where p.team_id = ?")
+
+(def sql:team-by-file
+  "select p.team_id as id
+     from project as p
+     join file as f on (p.id = f.project_id)
+    where f.id = ?")
+
+(defn retrieve-users
+  [conn team-id]
+  (db/exec! conn [sql:team-users team-id team-id team-id]))
+
+(defn retrieve-team-for-file
+  [conn file-id]
+  (->> [sql:team-by-file file-id]
+       (db/exec-one! conn)))
+
+;; --- Query: Team Stats
+
+(declare retrieve-team-stats)
+
+(s/def ::get-team-stats
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))
+
+(sv/defmethod ::get-team-stats
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (check-read-permissions! conn profile-id team-id)
+    (retrieve-team-stats conn team-id)))
+
+(def sql:team-stats
+  "select (select count(*) from project where team_id = ?) as projects,
+          (select count(*) from file as f join project as p on (p.id = f.project_id) where p.team_id = ?) as files")
+
+(defn retrieve-team-stats
+  [conn team-id]
+  (db/exec-one! conn [sql:team-stats team-id team-id]))
+
+
+;; --- Query: Team invitations
+
+(s/def ::get-team-invitations
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))
+
+(def sql:team-invitations
+  "select email_to as email, role, (valid_until < now()) as expired
+   from team_invitation where team_id = ? order by valid_until desc, created_at desc")
+
+(defn get-team-invitations
+  [conn team-id]
+  (->> (db/exec! conn [sql:team-invitations team-id])
+       (mapv #(update % :role keyword))))
+
+(sv/defmethod ::get-team-invitations
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
+  (with-open [conn (db/open pool)]
+    (check-read-permissions! conn profile-id team-id)
+    (get-team-invitations conn team-id)))
+
+;; --- Mutation: Create Team
+
+(declare create-team)
+(declare create-project)
+(declare create-project-role)
+(declare ^:private create-team*)
+(declare ^:private create-team-role)
+(declare ^:private create-team-default-project)
+
+(s/def ::create-team
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::name]
+          :opt-un [::id]))
+
+(sv/defmethod ::create-team
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (quotes/check-quote! conn {::quotes/id ::quotes/teams-per-profile
+                               ::quotes/profile-id profile-id})
+
+    (create-team conn (assoc params :profile-id profile-id))))
+
+(defn create-team
+  "This is a complete team creation process, it creates the team
+  object and all related objects (default role and default project)."
+  [conn params]
+  (let [team    (create-team* conn params)
+        params  (assoc params
+                       :team-id (:id team)
+                       :role :owner)
+        project (create-team-default-project conn params)]
+    (create-team-role conn params)
+    (assoc team :default-project-id (:id project))))
+
+(defn- create-team*
+  [conn {:keys [id name is-default] :as params}]
+  (let [id         (or id (uuid/next))
+        is-default (if (boolean? is-default) is-default false)]
+    (db/insert! conn :team
+                {:id id
+                 :name name
+                 :is-default is-default})))
+
+(defn- create-team-role
+  [conn {:keys [profile-id team-id role] :as params}]
+  (let [params {:team-id team-id
+                :profile-id profile-id}]
+    (->> (perms/assign-role-flags params role)
+         (db/insert! conn :team-profile-rel))))
+
+(defn- create-team-default-project
+  [conn {:keys [profile-id team-id] :as params}]
+  (let [project {:id (uuid/next)
+                 :team-id team-id
+                 :name "Drafts"
+                 :is-default true}
+        project (create-project conn project)]
+    (create-project-role conn profile-id (:id project) :owner)
+    project))
+
+;; NOTE: we have project creation here because there are cyclic
+;; dependency between teams and projects namespaces, and the project
+;; creation happens in both sides, on team creation and on simple
+;; project creation, so it make sense to have this functions in this
+;; namespace too.
+
+(defn create-project
+  [conn {:keys [id team-id name is-default] :as params}]
+  (let [id         (or id (uuid/next))
+        is-default (if (boolean? is-default) is-default false)]
+    (db/insert! conn :project
+                {:id id
+                 :name name
+                 :team-id team-id
+                 :is-default is-default})))
+
+(defn create-project-role
+  [conn profile-id project-id role]
+  (let [params {:project-id project-id
+                :profile-id profile-id}]
+    (->> (perms/assign-role-flags params role)
+         (db/insert! conn :project-profile-rel))))
+
+;; --- Mutation: Update Team
+
+(s/def ::update-team
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::name ::id]))
+
+(sv/defmethod ::update-team
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id name] :as params}]
+  (db/with-atomic [conn pool]
+    (check-edition-permissions! conn profile-id id)
+    (db/update! conn :team
+                {:name name}
+                {:id id})
+    nil))
+
+
+;; --- Mutation: Leave Team
+
+(declare role->params)
+
+(defn leave-team
+  [conn {:keys [profile-id id reassign-to]}]
+  (let [perms   (get-permissions conn profile-id id)
+        members (retrieve-team-members conn id)]
+
+    (cond
+      ;; we can only proceed if there are more members in the team
+      ;; besides the current profile
+      (<= (count members) 1)
+      (ex/raise :type :validation
+                :code :no-enough-members-for-leave
+                :context {:members (count members)})
+
+      ;; if the `reassign-to` is filled and has a different value
+      ;; than the current profile-id, we proceed to reassing the
+      ;; owner role to profile identified by the `reassign-to`.
+      (and reassign-to (not= reassign-to profile-id))
+      (let [member (d/seek #(= reassign-to (:id %)) members)]
+        (when-not member
+          (ex/raise :type :not-found :code :member-does-not-exist))
+
+        ;; unasign owner role to current profile
+        (db/update! conn :team-profile-rel
+                    {:is-owner false}
+                    {:team-id id
+                     :profile-id profile-id})
+
+        ;; assign owner role to new profile
+        (db/update! conn :team-profile-rel
+                    (role->params :owner)
+                    {:team-id id :profile-id reassign-to}))
+
+      ;; and finally, if all other conditions does not match and the
+      ;; current profile is owner, we dont allow it because there
+      ;; must always be an owner.
+      (:is-owner perms)
+      (ex/raise :type :validation
+                :code :owner-cant-leave-team
+                :hint "releasing owner before leave"))
+
+    (db/delete! conn :team-profile-rel
+                {:profile-id profile-id
+                 :team-id id})
+
+    nil))
+
+(s/def ::reassign-to ::us/uuid)
+(s/def ::leave-team
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]
+          :opt-un [::reassign-to]))
+
+(sv/defmethod ::leave-team
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (leave-team conn (assoc params :profile-id profile-id))))
+
+;; --- Mutation: Delete Team
+
+(s/def ::delete-team
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]))
+
+;; TODO: right now just don't allow delete default team, in future it
+;; should raise a specific exception for signal that this action is
+;; not allowed.
+
+(sv/defmethod ::delete-team
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms (get-permissions conn profile-id id)]
+      (when-not (:is-owner perms)
+        (ex/raise :type :validation
+                  :code :only-owner-can-delete-team))
+
+      (db/update! conn :team
+                  {:deleted-at (dt/now)}
+                  {:id id :is-default false})
+      nil)))
+
+
+;; --- Mutation: Team Update Role
+
+(s/def ::team-id ::us/uuid)
+(s/def ::member-id ::us/uuid)
+;; Temporarily disabled viewer role
+;; https://tree.taiga.io/project/uxboxproject/issue/1083
+;; (s/def ::role #{:owner :admin :editor :viewer})
+(s/def ::role #{:owner :admin :editor})
+
+(defn role->params
+  [role]
+  (case role
+    :admin  {:is-owner false :is-admin true :can-edit true}
+    :editor {:is-owner false :is-admin false :can-edit true}
+    :owner  {:is-owner true  :is-admin true :can-edit true}
+    :viewer {:is-owner false :is-admin false :can-edit false}))
+
+(defn update-team-member-role
+  [conn {:keys [profile-id team-id member-id role] :as params}]
+  ;; We retrieve all team members instead of query the
+  ;; database for a single member. This is just for
+  ;; convenience, if this becomes a bottleneck or problematic,
+  ;; we will change it to more efficient fetch mechanisms.
+  (let [perms   (get-permissions conn profile-id team-id)
+        members (retrieve-team-members conn team-id)
+        member  (d/seek #(= member-id (:id %)) members)
+
+        is-owner? (:is-owner perms)
+        is-admin? (:is-admin perms)]
+
+    ;; If no member is found, just 404
+    (when-not member
+      (ex/raise :type :not-found
+                :code :member-does-not-exist))
+
+    ;; First check if we have permissions to change roles
+    (when-not (or is-owner? is-admin?)
+      (ex/raise :type :validation
+                :code :insufficient-permissions))
+
+    ;; Don't allow change role of owner member
+    (when (:is-owner member)
+      (ex/raise :type :validation
+                :code :cant-change-role-to-owner))
+
+    ;; Don't allow promote to owner to admin users.
+    (when (and (not is-owner?) (= role :owner))
+      (ex/raise :type :validation
+                :code :cant-promote-to-owner))
+
+    (let [params (role->params role)]
+      ;; Only allow single owner on team
+      (when (= role :owner)
+        (db/update! conn :team-profile-rel
+                    {:is-owner false}
+                    {:team-id team-id
+                     :profile-id profile-id}))
+
+      (db/update! conn :team-profile-rel
+                  params
+                  {:team-id team-id
+                   :profile-id member-id})
+      nil)))
+
+(s/def ::update-team-member-role
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::member-id ::role]))
+
+(sv/defmethod ::update-team-member-role
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
+  (db/with-atomic [conn pool]
+    (update-team-member-role conn (assoc params :profile-id profile-id))))
+
+
+;; --- Mutation: Delete Team Member
+
+(s/def ::delete-team-member
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::member-id]))
+
+(sv/defmethod ::delete-team-member
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id member-id] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms (get-permissions conn profile-id team-id)]
+      (when-not (or (:is-owner perms)
+                    (:is-admin perms))
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+
+      (when (= member-id profile-id)
+        (ex/raise :type :validation
+                  :code :cant-remove-yourself))
+
+      (db/delete! conn :team-profile-rel {:profile-id member-id
+                                          :team-id team-id})
+
+      nil)))
+
+;; --- Mutation: Update Team Photo
+
+(declare upload-photo)
+(declare ^:private update-team-photo)
+
+(s/def ::file ::media/upload)
+(s/def ::update-team-photo
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::file]))
+
+(sv/defmethod ::update-team-photo
+  {::doc/added "1.17"}
+  [cfg {:keys [::rpc/profile-id file] :as params}]
+  ;; Validate incoming mime type
+  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (update-team-photo cfg (assoc params :profile-id profile-id))))
+
+(defn update-team-photo
+  [{:keys [::db/pool ::sto/storage ::wrk/executor] :as cfg} {:keys [profile-id team-id] :as params}]
+  (p/let [team  (px/with-dispatch executor
+                  (retrieve-team pool profile-id team-id))
+          photo (profile/upload-photo cfg params)]
+
+    ;; Mark object as touched for make it ellegible for tentative
+    ;; garbage collection.
+    (when-let [id (:photo-id team)]
+      (sto/touch-object! storage id))
+
+    ;; Save new photo
+    (db/update! pool :team
+                {:photo-id (:id photo)}
+                {:id team-id})
+
+    (assoc team :photo-id (:id photo))))
+
+
+;; --- Mutation: Create Team Invitation
+
+(def sql:upsert-team-invitation
+  "insert into team_invitation(team_id, email_to, role, valid_until)
+   values (?, ?, ?, ?)
+       on conflict(team_id, email_to) do
+          update set role = ?, updated_at = now();")
+
+(defn- create-invitation-token
+  [cfg {:keys [profile-id valid-until team-id member-id member-email role]}]
+  (tokens/generate (::main/props cfg)
+                   {:iss :team-invitation
+                    :exp valid-until
+                    :profile-id profile-id
+                    :role role
+                    :team-id team-id
+                    :member-email member-email
+                    :member-id member-id}))
+
+(defn- create-profile-identity-token
+  [cfg profile]
+  (tokens/generate (::main/props cfg)
+                   {:iss :profile-identity
+                    :profile-id (:id profile)
+                    :exp (dt/in-future {:days 30})}))
+
+(defn- create-invitation
+  [{:keys [::conn] :as cfg} {:keys [team profile role email] :as params}]
+  (let [member (profile/get-profile-by-email conn email)
+        expire (dt/in-future "168h") ;; 7 days
+        itoken (create-invitation-token cfg {:profile-id (:id profile)
+                                             :valid-until expire
+                                             :team-id (:id team)
+                                             :member-email (or (:email member) email)
+                                             :member-id (:id member)
+                                             :role role})
+        ptoken (create-profile-identity-token cfg profile)]
+
+    (when (and member (not (eml/allow-send-emails? conn member)))
+      (ex/raise :type :validation
+                :code :member-is-muted
+                :email email
+                :hint "the profile has reported repeatedly as spam or has bounces"))
+
+    ;; Secondly check if the invited member email is part of the global spam/bounce report.
+    (when (eml/has-bounce-reports? conn email)
+      (ex/raise :type :validation
+                :code :email-has-permanent-bounces
+                :email email
+                :hint "the email you invite has been repeatedly reported as spam or bounce"))
+
+    (when (contains? cf/flags :log-invitation-tokens)
+      (l/trace :hint "invitation token" :token itoken))
+
+    ;; When we have email verification disabled and invitation user is
+    ;; already present in the database, we proceed to add it to the
+    ;; team as-is, without email roundtrip.
+
+    ;; TODO: if member does not exists and email verification is
+    ;; disabled, we should proceed to create the profile (?)
+    (if (and (not (contains? cf/flags :email-verification))
+             (some? member))
+      (let [params (merge {:team-id (:id team)
+                           :profile-id (:id member)}
+                          (role->params role))]
+
+        ;; Insert the invited member to the team
+        (db/insert! conn :team-profile-rel params {:on-conflict-do-nothing true})
+
+        ;; If profile is not yet verified, mark it as verified because
+        ;; accepting an invitation link serves as verification.
+        (when-not (:is-active member)
+          (db/update! conn :profile
+                      {:is-active true}
+                      {:id (:id member)})))
+      (do
+        (db/exec-one! conn [sql:upsert-team-invitation
+                            (:id team) (str/lower email) (name role) expire (name role)])
+        (eml/send! {::eml/conn conn
+                    ::eml/factory eml/invite-to-team
+                    :public-uri (cf/get :public-uri)
+                    :to email
+                    :invited-by (:fullname profile)
+                    :team (:name team)
+                    :token itoken
+                    :extra-data ptoken})))
+
+    itoken))
+
+(s/def ::email ::us/email)
+(s/def ::emails ::us/set-of-valid-emails)
+(s/def ::create-team-invitations
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::role]
+          :opt-un [::email ::emails]))
+
+(sv/defmethod ::create-team-invitations
+  "A rpc call that allow to send a single or multiple invitations to
+  join the team."
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email emails role] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms    (get-permissions conn profile-id team-id)
+          profile  (db/get-by-id conn :profile profile-id)
+          team     (db/get-by-id conn :team team-id)
+          emails   (cond-> (or emails #{}) (string? email) (conj email))]
+
+
+      (run! (partial quotes/check-quote! conn)
+            (list {::quotes/id ::quotes/invitations-per-team
+                   ::quotes/profile-id profile-id
+                   ::quotes/team-id (:id team)
+                   ::quotes/incr (count emails)}
+                  {::quotes/id ::quotes/profiles-per-team
+                   ::quotes/profile-id profile-id
+                   ::quotes/team-id (:id team)
+                   ::quotes/incr (count emails)}))
+
+      (when-not (:is-admin perms)
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+
+      ;; First check if the current profile is allowed to send emails.
+      (when-not (eml/allow-send-emails? conn profile)
+        (ex/raise :type :validation
+                  :code :profile-is-muted
+                  :hint "looks like the profile has reported repeatedly as spam or has permanent bounces"))
+
+      (let [cfg         (assoc cfg ::conn conn)
+            invitations (->> emails
+                             (map (fn [email]
+                                    {:email (str/lower email)
+                                     :team team
+                                     :profile profile
+                                     :role role}))
+                             (map (partial create-invitation cfg)))]
+        (with-meta (vec invitations)
+          {::audit/props {:invitations (count invitations)}})))))
+
+
+;; --- Mutation: Create Team & Invite Members
+
+(s/def ::emails ::us/set-of-valid-emails)
+(s/def ::create-team-with-invitations
+  (s/merge ::create-team
+           (s/keys :req-un [::emails ::role])))
+
+(sv/defmethod ::create-team-with-invitations
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id emails role] :as params}]
+  (db/with-atomic [conn pool]
+    (let [team     (create-team conn params)
+          profile  (db/get-by-id conn :profile profile-id)
+          cfg      (assoc cfg ::conn conn)]
+
+      ;; Create invitations for all provided emails.
+      (->> emails
+           (map (fn [email]
+                  {:team team
+                   :profile profile
+                   :email (str/lower email)
+                   :role role}))
+           (run! (partial create-invitation cfg)))
+
+      (run! (partial quotes/check-quote! conn)
+            (list {::quotes/id ::quotes/teams-per-profile
+                   ::quotes/profile-id profile-id}
+                  {::quotes/id ::quotes/invitations-per-team
+                   ::quotes/profile-id profile-id
+                   ::quotes/team-id (:id team)
+                   ::quotes/incr (count emails)}
+                  {::quotes/id ::quotes/profiles-per-team
+                   ::quotes/profile-id profile-id
+                   ::quotes/team-id (:id team)
+                   ::quotes/incr (count emails)}))
+
+      (-> team
+          (vary-meta assoc ::audit/props {:invitations (count emails)})
+          (rph/with-defer
+            #(when-let [collector (::audit/collector cfg)]
+               (audit/submit! collector
+                              {:type "command"
+                               :name "create-team-invitations"
+                               :profile-id profile-id
+                               :props {:emails emails
+                                       :role role
+                                       :profile-id profile-id
+                                       :invitations (count emails)}})))))))
+
+;; --- Query: get-team-invitation-token
+
+(s/def ::get-team-invitation-token
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::email]))
+
+(sv/defmethod ::get-team-invitation-token
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email] :as params}]
+  (check-read-permissions! pool profile-id team-id)
+  (let [invit (-> (db/get pool :team-invitation
+                          {:team-id team-id
+                           :email-to (str/lower email)})
+                  (update :role keyword))
+        member (profile/get-profile-by-email pool (:email invit))
+        token  (create-invitation-token cfg {:team-id (:team-id invit)
+                                             :profile-id profile-id
+                                             :valid-until (:valid-until invit)
+                                             :role (:role invit)
+                                             :member-id (:id member)
+                                             :member-email (or (:email member) (:email-to invit))})]
+    {:token token}))
+
+;; --- Mutation: Update invitation role
+
+(s/def ::update-team-invitation-role
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::email ::role]))
+
+(sv/defmethod ::update-team-invitation-role
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email role] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms    (get-permissions conn profile-id team-id)]
+
+      (when-not (:is-admin perms)
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+
+      (db/update! conn :team-invitation
+                  {:role (name role) :updated-at (dt/now)}
+                  {:team-id team-id :email-to (str/lower email)})
+      nil)))
+
+;; --- Mutation: Delete invitation
+
+(s/def ::delete-team-invitation
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::email]))
+
+(sv/defmethod ::delete-team-invitation
+  {::doc/added "1.17"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email] :as params}]
+  (db/with-atomic [conn pool]
+    (let [perms (get-permissions conn profile-id team-id)]
+
+      (when-not (:is-admin perms)
+        (ex/raise :type :validation
+                  :code :insufficient-permissions))
+
+      (db/delete! conn :team-invitation
+                {:team-id team-id :email-to (str/lower email)})
+      nil)))
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@@ -11,10 +11,13 @@
   [app.db :as db]
   [app.http.session :as session]
   [app.loggers.audit :as audit]
+   [app.main :as-alias main]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
-   [app.rpc.mutations.teams :as teams]
-   [app.rpc.queries.profile :as profile]
+   [app.rpc.quotes :as quotes]
   [app.tokens :as tokens]
   [app.tokens.spec.team-invitation :as-alias spec.team-invitation]
   [app.util.services :as sv]
@@ -27,20 +30,20 @@

 (s/def ::verify-token
  (s/keys :req-un [::token]
-          :opt-un [::profile-id]))
+          :opt [::rpc/profile-id]))

 (sv/defmethod ::verify-token
-  {:auth false
+  {::rpc/auth false
   ::doc/added "1.15"}
-  [{:keys [pool sprops] :as cfg} {:keys [token] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [token] :as params}]
  (db/with-atomic [conn pool]
-    (let [claims (tokens/verify sprops {:token token})
+    (let [claims (tokens/verify (::main/props cfg) {:token token})
          cfg    (assoc cfg :conn conn)]
      (process-token cfg params claims))))

 (defmethod process-token :change-email
  [{:keys [conn] :as cfg} _params {:keys [profile-id email] :as claims}]
-  (when (profile/retrieve-profile-data-by-email conn email)
+  (when (profile/get-profile-by-email conn email)
    (ex/raise :type :validation
              :code :email-already-exists))

@@ -54,8 +57,8 @@
     ::audit/profile-id profile-id}))

 (defmethod process-token :verify-email
-  [{:keys [conn session] :as cfg} _ {:keys [profile-id] :as claims}]
-  (let [profile (profile/retrieve-profile conn profile-id)
+  [{:keys [conn] :as cfg} _ {:keys [profile-id] :as claims}]
+  (let [profile (profile/get-profile conn profile-id)
        claims  (assoc claims :profile profile)]

    (when-not (:is-active profile)
@@ -69,14 +72,14 @@
                  {:id (:id profile)}))

    (-> claims
-        (rph/with-transform (session/create-fn session profile-id))
+        (rph/with-transform (session/create-fn cfg profile-id))
        (rph/with-meta {::audit/name "verify-profile-email"
                        ::audit/props (audit/profile->props profile)
                        ::audit/profile-id (:id profile)}))))

 (defmethod process-token :auth
  [{:keys [conn] :as cfg} _params {:keys [profile-id] :as claims}]
-  (let [profile (profile/retrieve-profile conn profile-id)]
+  (let [profile (profile/get-profile conn profile-id)]
    (assoc claims :profile profile)))

 ;; --- Team Invitation
@@ -95,6 +98,11 @@
      (ex/raise :type :restriction
                :code :profile-blocked))

+    (quotes/check-quote! conn
+                         {::quotes/id ::quotes/profiles-per-team
+                          ::quotes/profile-id (:id member)
+                          ::quotes/team-id team-id})
+
    ;; Insert the invited member to the team
    (db/insert! conn :team-profile-rel params {:on-conflict-do-nothing true})

@@ -126,10 +134,11 @@
          :opt-un [::spec.team-invitation/member-id]))

 (defmethod process-token :team-invitation
-  [{:keys [conn session] :as cfg} {:keys [profile-id token]}
+  [{:keys [conn] :as cfg}
+   {:keys [::rpc/profile-id token]}
   {:keys [member-id team-id member-email] :as claims}]

-  (us/assert ::team-invitation-claims claims)
+  (us/verify! ::team-invitation-claims claims)

  (let [invitation (db/get* conn :team-invitation
                            {:team-id team-id :email-to member-email})
@@ -171,7 +180,7 @@
                               {:columns [:id :email]})]
        (let [profile (accept-invitation cfg claims invitation member)]
          (-> (assoc claims :state :created)
-              (rph/with-transform (session/create-fn session (:id profile)))
+              (rph/with-transform (session/create-fn cfg (:id profile)))
              (rph/with-meta {::audit/name "accept-team-invitation"
                              ::audit/props (merge
                                             (audit/profile->props profile)
--- a/backend/src/app/rpc/commands/viewer.clj
+++ b/backend/src/app/rpc/commands/viewer.clj
@@ -8,15 +8,15 @@
  (:require
   [app.common.exceptions :as ex]
   [app.db :as db]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.comments :as comments]
   [app.rpc.commands.files :as files]
   [app.rpc.cond :as-alias cond]
   [app.rpc.doc :as-alias doc]
-   [app.rpc.queries.share-link :as slnk]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

-;; --- Query: View Only Bundle
+;; --- QUERY: View Only Bundle

 (defn- get-project
  [conn id]
@@ -30,7 +30,8 @@
        users   (comments/get-file-comments-users conn file-id profile-id)

        links   (->> (db/query conn :share-link {:file-id file-id})
-                     (mapv slnk/decode-share-link-row))
+                     (mapv (fn [row]
+                             (update row :pages db/decode-pgarray #{}))))

        fonts   (db/query conn :team-font-variant
                          {:team-id (:team-id project)
@@ -73,16 +74,16 @@

 (s/def ::get-view-only-bundle
  (s/keys :req-un [::files/file-id]
-          :opt-un [::files/profile-id
-                   ::files/share-id
-                   ::files/features]))
+          :opt-un [::files/share-id
+                   ::files/features]
+          :opt [::rpc/profile-id]))

 (sv/defmethod ::get-view-only-bundle
-  {:auth false
+  {::rpc/auth false
   ::cond/get-object #(files/get-minimal-file %1 (:file-id %2))
   ::cond/key-fn files/get-file-etag
   ::cond/reuse-key? true
   ::doc/added "1.17"}
-  [{:keys [pool]} params]
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id] :as params}]
  (with-open [conn (db/open pool)]
-    (get-view-only-bundle conn params)))
+    (get-view-only-bundle conn (assoc params :profile-id profile-id))))
--- a/backend/src/app/rpc/commands/webhooks.clj
+++ b/backend/src/app/rpc/commands/webhooks.clj
@@ -12,8 +12,9 @@
   [app.db :as db]
   [app.http.client :as http]
   [app.loggers.webhooks :as webhooks]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.teams :refer [check-edition-permissions! check-read-permissions!]]
   [app.rpc.doc :as-alias doc]
-   [app.rpc.queries.teams :refer [check-edition-permissions! check-read-permissions!]]
   [app.util.services :as sv]
   [app.util.time :as dt]
   [app.worker :as-alias wrk]
@@ -23,17 +24,16 @@

 ;; --- Mutation: Create Webhook

-(s/def ::profile-id ::us/uuid)
 (s/def ::team-id ::us/uuid)
 (s/def ::uri ::us/not-empty-string)
 (s/def ::is-active ::us/boolean)
 (s/def ::mtype
  #{"application/json"
-    "application/x-www-form-urlencoded"
    "application/transit+json"})

 (s/def ::create-webhook
-  (s/keys :req-un [::profile-id ::team-id ::uri ::mtype]
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id ::uri ::mtype]
          :opt-un [::is-active]))

 ;; NOTE: for now the quote is hardcoded but this need to be solved in
@@ -74,7 +74,8 @@
    (when (>= total max-hooks-for-team)
      (ex/raise :type :restriction
                :code :webhooks-quote-reached
-                :hint (str/ffmt "can't create more than % webhooks per team" max-hooks-for-team)))))
+                :hint (str/ffmt "can't create more than % webhooks per team"
+                                max-hooks-for-team)))))

 (defn- insert-webhook!
  [{:keys [::db/pool]} {:keys [team-id uri mtype is-active] :as params}]
@@ -97,10 +98,10 @@

 (sv/defmethod ::create-webhook
  {::doc/added "1.17"}
-  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [profile-id team-id] :as params}]
+  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
  (check-edition-permissions! pool profile-id team-id)
-  (->> (validate-quotes! cfg params)
-       (p/fmap executor (fn [_] (validate-webhook! cfg nil params)))
+  (validate-quotes! cfg params)
+  (->> (validate-webhook! cfg nil params)
       (p/fmap executor (fn [_] (insert-webhook! cfg params)))))

 (s/def ::update-webhook
@@ -108,18 +109,19 @@

 (sv/defmethod ::update-webhook
  {::doc/added "1.17"}
-  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [id profile-id] :as params}]
+  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [::rpc/profile-id id] :as params}]
  (let [whook (db/get pool :webhook {:id id})]
    (check-edition-permissions! pool profile-id (:team-id whook))
    (->> (validate-webhook! cfg whook params)
         (p/fmap executor (fn [_] (update-webhook! cfg whook params))))))

 (s/def ::delete-webhook
-  (s/keys :req-un [::profile-id ::id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::id]))

 (sv/defmethod ::delete-webhook
  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [profile-id id]}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id]}]
  (db/with-atomic [conn pool]
    (let [whook (db/get conn :webhook {:id id})]
      (check-edition-permissions! conn profile-id (:team-id whook))
@@ -130,14 +132,15 @@

 (s/def ::team-id ::us/uuid)
 (s/def ::get-webhooks
-  (s/keys :req-un [::profile-id ::team-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::team-id]))

 (def sql:get-webhooks
  "select id, uri, mtype, is_active, error_code, error_count
   from webhook where team_id = ? order by uri")

 (sv/defmethod ::get-webhooks
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
  (with-open [conn (db/open pool)]
    (check-read-permissions! conn profile-id team-id)
    (db/exec! conn [sql:get-webhooks team-id])))
--- a/backend/src/app/rpc/doc.clj
+++ b/backend/src/app/rpc/doc.clj
@@ -9,6 +9,7 @@
  (:require
   [app.common.data :as d]
   [app.config :as cf]
+   [app.loggers.webhooks :as-alias webhooks]
   [app.rpc :as-alias rpc]
   [app.util.services :as sv]
   [app.util.template :as tmpl]
@@ -35,6 +36,7 @@
               :name (d/name name)
               :module (-> (:ns mdata) (str/split ".") last)
               :auth (:auth mdata true)
+               :webhook (::webhooks/event? mdata false)
               :docs (::sv/docstring mdata)
               :deprecated (::deprecated mdata)
               :added (::added mdata)
@@ -51,6 +53,7 @@
     (->> (:queries methods)
          (map (partial gen-doc :query))
          (sort-by (juxt :module :name)))
+
     :mutation-methods
     (->> (:mutations methods)
          (map (partial gen-doc :query))
@@ -67,6 +70,8 @@
      (respond (yrs/response 404)))))


+(s/def ::routes vector?)
+
 (defmethod ig/pre-init-spec ::routes [_]
  (s/keys :req-un [::rpc/methods]))

--- a/backend/src/app/rpc/mutations/comments.clj
+++ b/backend/src/app/rpc/mutations/comments.clj
@@ -1,123 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.mutations.comments
-  (:require
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.db :as db]
-   [app.rpc.commands.comments :as cmd.comments]
-   [app.rpc.commands.files :as cmd.files]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.retry :as retry]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-;; --- Mutation: Create Comment Thread
-
-(s/def ::create-comment-thread ::cmd.comments/create-comment-thread)
-
-(sv/defmethod ::create-comment-thread
-  {::retry/max-retries 3
-   ::retry/matches retry/conflict-db-insert?
-   ::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id share-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-comment-permissions! conn profile-id file-id share-id)
-    (cmd.comments/create-comment-thread conn params)))
-
-;; --- Mutation: Update Comment Thread Status
-
-(s/def ::id ::us/uuid)
-(s/def ::share-id (s/nilable ::us/uuid))
-
-(s/def ::update-comment-thread-status ::cmd.comments/update-comment-thread-status)
-
-(sv/defmethod ::update-comment-thread-status
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id share-id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [cthr (db/get-by-id conn :comment-thread id {:for-update true})]
-      (when-not cthr (ex/raise :type :not-found))
-      (cmd.files/check-comment-permissions! conn profile-id (:file-id cthr) share-id)
-      (cmd.comments/upsert-comment-thread-status! conn profile-id (:id cthr)))))
-
-
-;; --- Mutation: Update Comment Thread
-
-(s/def ::update-comment-thread ::cmd.comments/update-comment-thread)
-
-(sv/defmethod ::update-comment-thread
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id is-resolved share-id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [thread (db/get-by-id conn :comment-thread id {:for-update true})]
-      (when-not thread
-        (ex/raise :type :not-found))
-
-      (cmd.files/check-comment-permissions! conn profile-id (:file-id thread) share-id)
-      (db/update! conn :comment-thread
-                  {:is-resolved is-resolved}
-                  {:id id})
-      nil)))
-
-
-;; --- Mutation: Add Comment
-
-(s/def ::add-comment ::cmd.comments/create-comment)
-
-(sv/defmethod ::add-comment
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (cmd.comments/create-comment conn params)))
-
-
-;; --- Mutation: Update Comment
-
-(s/def ::update-comment ::cmd.comments/update-comment)
-
-(sv/defmethod ::update-comment
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (cmd.comments/update-comment conn params)))
-
-
-;; --- Mutation: Delete Comment Thread
-
-(s/def ::delete-comment-thread ::cmd.comments/delete-comment-thread)
-
-(sv/defmethod ::delete-comment-thread
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [thread (db/get-by-id conn :comment-thread id {:for-update true})]
-      (when-not (= (:owner-id thread) profile-id)
-        (ex/raise :type :validation :code :not-allowed))
-      (db/delete! conn :comment-thread {:id id})
-      nil)))
-
-
-;; --- Mutation: Delete comment
-
-(s/def ::delete-comment ::cmd.comments/delete-comment)
-
-(sv/defmethod ::delete-comment
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [comment (db/get-by-id conn :comment id {:for-update true})]
-      (when-not (= (:owner-id comment) profile-id)
-        (ex/raise :type :validation :code :not-allowed))
-      (db/delete! conn :comment {:id id}))))
--- a/backend/src/app/rpc/mutations/files.clj
+++ b/backend/src/app/rpc/mutations/files.clj
@@ -1,236 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.mutations.files
-  (:require
-   [app.common.exceptions :as ex]
-   [app.common.logging :as l]
-   [app.common.spec :as us]
-   [app.db :as db]
-   [app.loggers.audit :as audit]
-   [app.rpc.climit :as-alias climit]
-   [app.rpc.commands.files :as cmd.files]
-   [app.rpc.commands.files.create :as cmd.files.create]
-   [app.rpc.commands.files.temp :as cmd.files.temp]
-   [app.rpc.commands.files.update :as cmd.files.update]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.helpers :as rph]
-   [app.rpc.queries.projects :as proj]
-   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]))
-
-;; --- Mutation: Create File
-
-(s/def ::create-file ::cmd.files.create/create-file)
-
-(sv/defmethod ::create-file
-  {::doc/added "1.0"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id features components-v2] :as params}]
-  (db/with-atomic [conn pool]
-    (proj/check-edition-permissions! conn profile-id project-id)
-    (let [team-id  (cmd.files/get-team-id conn project-id)
-          features (cond-> (or features #{})
-                     ;; BACKWARD COMPATIBILITY with the components-v2 param
-                     components-v2 (conj "components/v2"))
-          params   (assoc params :features features)]
-      (-> (cmd.files.create/create-file conn params)
-          (vary-meta assoc ::audit/props {:team-id team-id})))))
-
-
-;; --- Mutation: Rename File
-
-(s/def ::rename-file ::cmd.files/rename-file)
-
-(sv/defmethod ::rename-file
-  {::doc/added "1.0"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id id)
-    (cmd.files/rename-file conn params)))
-
-
-;; --- Mutation: Set File shared
-
-(s/def ::set-file-shared ::cmd.files/set-file-shared)
-
-(sv/defmethod ::set-file-shared
-  {::doc/added "1.2"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [id profile-id is-shared] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id id)
-    (when-not is-shared
-      (cmd.files/absorb-library conn params)
-      (cmd.files/unlink-files conn params))
-    (cmd.files/set-file-shared conn params)))
-
-;; --- Mutation: Delete File
-
-(s/def ::delete-file ::cmd.files/delete-file)
-
-(sv/defmethod ::delete-file
-  {::doc/added "1.0"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id id)
-    (cmd.files/absorb-library conn params)
-    (cmd.files/mark-file-deleted conn params)))
-
-;; --- Mutation: Link file to library
-
-(s/def ::link-file-to-library ::cmd.files/link-file-to-library)
-
-(sv/defmethod ::link-file-to-library
-  {::doc/added "1.3"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id library-id] :as params}]
-  (when (= file-id library-id)
-    (ex/raise :type :validation
-              :code :invalid-library
-              :hint "A file cannot be linked to itself"))
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id file-id)
-    (cmd.files/check-edition-permissions! conn profile-id library-id)
-    (cmd.files/link-file-to-library conn params)))
-
-;; --- Mutation: Unlink file from library
-
-(s/def ::unlink-file-from-library ::cmd.files/unlink-file-from-library)
-
-(sv/defmethod ::unlink-file-from-library
-  {::doc/added "1.3"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id file-id)
-    (cmd.files/unlink-file-from-library conn params)))
-
-
-;; --- Mutation: Update synchronization status of a link
-
-(s/def ::update-sync ::cmd.files/update-file-library-sync-status)
-
-(sv/defmethod ::update-sync
-  {::doc/added "1.10"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id file-id)
-    (cmd.files/update-sync conn params)))
-
-
-;; --- Mutation: Ignore updates in linked files
-
-(declare ignore-sync)
-
-(s/def ::ignore-sync ::cmd.files/ignore-file-library-sync-status)
-
-(sv/defmethod ::ignore-sync
-  {::doc/added "1.10"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id file-id)
-    (cmd.files/ignore-sync conn params)))
-
-
-;; --- MUTATION: update-file
-
-(s/def ::components-v2 ::us/boolean)
-(s/def ::update-file
-  (s/and ::cmd.files.update/update-file
-         (s/keys :opt-un [::components-v2])))
-
-(sv/defmethod ::update-file
-  {::climit/queue :update-file
-   ::climit/key-fn :id
-   ::doc/added "1.0"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [id profile-id features components-v2] :as params}]
-  (db/with-atomic [conn pool]
-    (db/xact-lock! conn id)
-    (cmd.files/check-edition-permissions! conn profile-id id)
-
-    (let [;; BACKWARD COMPATIBILITY with the components-v2 parameter
-          features  (cond-> (or features #{})
-                      components-v2 (conj "components/v2"))
-          tpoint    (dt/tpoint)
-          params    (assoc params :features features)
-          cfg       (assoc cfg :conn conn)]
-
-      (-> (cmd.files.update/update-file cfg params)
-          (rph/with-defer #(let [elapsed (tpoint)]
-                             (l/trace :hint "update-file" :time (dt/format-duration elapsed))))))))
-
-;; --- Mutation: upsert object thumbnail
-
-(s/def ::upsert-file-object-thumbnail ::cmd.files/upsert-file-object-thumbnail)
-
-(sv/defmethod ::upsert-file-object-thumbnail
-  {::doc/added "1.13"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id file-id)
-    (cmd.files/upsert-file-object-thumbnail! conn params)
-    nil))
-
-
-;; --- Mutation: upsert file thumbnail
-
-(s/def ::upsert-file-thumbnail ::cmd.files/upsert-file-thumbnail)
-
-(sv/defmethod ::upsert-file-thumbnail
-  "Creates or updates the file thumbnail. Mainly used for paint the
-  grid thumbnails."
-  {::doc/added "1.13"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id file-id)
-    (cmd.files/upsert-file-thumbnail conn params)
-    nil))
-
-
-;; --- MUTATION COMMAND: create-temp-file
-
-(s/def ::create-temp-file ::cmd.files.temp/create-temp-file)
-
-(sv/defmethod ::create-temp-file
-  {::doc/added "1.7"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id] :as params}]
-  (db/with-atomic [conn pool]
-    (proj/check-edition-permissions! conn profile-id project-id)
-    (cmd.files.create/create-file conn (assoc params :deleted-at (dt/in-future {:days 1})))))
-
-;; --- MUTATION COMMAND: update-temp-file
-
-(s/def ::update-temp-file ::cmd.files.temp/update-temp-file)
-
-(sv/defmethod ::update-temp-file
-  {::doc/added "1.7"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (cmd.files.temp/update-temp-file conn params)
-    nil))
-
-;; --- MUTATION COMMAND: persist-temp-file
-
-(s/def ::persist-temp-file ::cmd.files.temp/persist-temp-file)
-
-(sv/defmethod ::persist-temp-file
-  {::doc/added "1.7"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (cmd.files/check-edition-permissions! conn profile-id id)
-    (cmd.files.temp/persist-temp-file conn params)))
--- a/backend/src/app/rpc/mutations/fonts.clj
+++ b/backend/src/app/rpc/mutations/fonts.clj
@@ -6,24 +6,20 @@

 (ns app.rpc.mutations.fonts
  (:require
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.loggers.audit :as-alias audit]
   [app.loggers.webhooks :as-alias webhooks]
   [app.media :as media]
-   [app.rpc.climit :as-alias climit]
+   [app.rpc.commands.fonts :as fonts]
+   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
-   [app.rpc.queries.teams :as teams]
+   [app.rpc.quotes :as quotes]
   [app.storage :as sto]
   [app.util.services :as sv]
   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [clojure.spec.alpha :as s]))

 (declare create-font-variant)

@@ -43,79 +39,19 @@
  (s/keys :req-un [::profile-id ::team-id ::data
                   ::font-id ::font-family ::font-weight ::font-style]))

+(declare create-font-variant)
+
 (sv/defmethod ::create-font-variant
  {::doc/added "1.3"
+   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [team-id profile-id] :as params}]
-  (let [cfg (update cfg :storage media/configure-assets-storage)]
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
    (teams/check-edition-permissions! pool profile-id team-id)
-    (create-font-variant cfg params)))
-
-(defn create-font-variant
-  [{:keys [storage pool executor climit] :as cfg} {:keys [data] :as params}]
-  (letfn [(generate-fonts [data]
-            (climit/with-dispatch (:process-font climit)
-              (media/run {:cmd :generate-fonts :input data})))
-
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))
-
-          (validate-data [data]
-            (when (and (not (contains? data "font/otf"))
-                       (not (contains? data "font/ttf"))
-                       (not (contains? data "font/woff"))
-                       (not (contains? data "font/woff2")))
-              (ex/raise :type :validation
-                        :code :invalid-font-upload))
-            data)
-
-          (persist-font-object [data mtype]
-            (when-let [resource (get data mtype)]
-              (p/let [hash    (calculate-hash resource)
-                      content (-> (sto/content resource)
-                                  (sto/wrap-with-hash hash))]
-                (sto/put-object! storage {::sto/content content
-                                          ::sto/touched-at (dt/now)
-                                          ::sto/deduplicate? true
-                                          :content-type mtype
-                                          :bucket "team-font-variant"}))))
-
-          (persist-fonts [data]
-            (p/let [otf   (persist-font-object data "font/otf")
-                    ttf   (persist-font-object data "font/ttf")
-                    woff1 (persist-font-object data "font/woff")
-                    woff2 (persist-font-object data "font/woff2")]
-
-              (d/without-nils
-               {:otf otf
-                :ttf ttf
-                :woff1 woff1
-                :woff2 woff2})))
-
-          (insert-into-db [{:keys [woff1 woff2 otf ttf]}]
-            (db/insert! pool :team-font-variant
-                        {:id (uuid/next)
-                         :team-id (:team-id params)
-                         :font-id (:font-id params)
-                         :font-family (:font-family params)
-                         :font-weight (:font-weight params)
-                         :font-style (:font-style params)
-                         :woff1-file-id (:id woff1)
-                         :woff2-file-id (:id woff2)
-                         :otf-file-id (:id otf)
-                         :ttf-file-id (:id ttf)}))
-          ]
-
-    (->> (generate-fonts data)
-         (p/map validate-data)
-         (p/mcat executor persist-fonts)
-         (p/map executor insert-into-db)
-         (p/map (fn [result]
-                  (let [params (update params :data (comp vec keys))]
-                    (rph/with-meta result {::audit/replace-props params})))))))
+    (quotes/check-quote! pool {::quotes/id ::quotes/font-variants-per-team
+                               ::quotes/profile-id profile-id
+                               ::quotes/team-id team-id})
+    (fonts/create-font-variant cfg params)))

 ;; --- UPDATE FONT FAMILY

@@ -124,14 +60,20 @@

 (sv/defmethod ::update-font
  {::doc/added "1.3"
+   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [team-id profile-id id name] :as params}]
  (db/with-atomic [conn pool]
    (teams/check-edition-permissions! conn profile-id team-id)
-    (db/update! conn :team-font-variant
-                {:font-family name}
-                {:font-id id
-                 :team-id team-id})))
+    (rph/with-meta
+      (db/update! conn :team-font-variant
+                  {:font-family name}
+                  {:font-id id
+                   :team-id team-id})
+      {::audit/replace-props {:id id
+                              :name name
+                              :team-id team-id
+                              :profile-id profile-id}})))

 ;; --- DELETE FONT

@@ -140,14 +82,19 @@

 (sv/defmethod ::delete-font
  {::doc/added "1.3"
+   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id team-id profile-id] :as params}]
  (db/with-atomic [conn pool]
    (teams/check-edition-permissions! conn profile-id team-id)
-    (db/update! conn :team-font-variant
-                {:deleted-at (dt/now)}
-                {:font-id id :team-id team-id})
-    nil))
+    (let [font (db/update! conn :team-font-variant
+                           {:deleted-at (dt/now)}
+                           {:font-id id :team-id team-id})]
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:id id
+                        :team-id team-id
+                        :name (:font-family font)
+                        :profile-id profile-id}}))))

 ;; --- DELETE FONT VARIANT

@@ -156,12 +103,14 @@

 (sv/defmethod ::delete-font-variant
  {::doc/added "1.3"
+   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id team-id profile-id] :as params}]
  (db/with-atomic [conn pool]
    (teams/check-edition-permissions! conn profile-id team-id)
-
-    (db/update! conn :team-font-variant
-                {:deleted-at (dt/now)}
-                {:id id :team-id team-id})
-    nil))
+    (let [variant (db/update! conn :team-font-variant
+                              {:deleted-at (dt/now)}
+                              {:id id :team-id team-id})]
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:font-family (:font-family variant)
+                        :font-id (:font-id variant)}}))))
--- a/backend/src/app/rpc/mutations/management.clj
+++ b/backend/src/app/rpc/mutations/management.clj
@@ -1,58 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.mutations.management
-  "Move & Duplicate RPC methods for files and projects."
-  (:require
-   [app.db :as db]
-   [app.rpc.commands.management :as cmd.mgm]
-   [app.rpc.doc :as-alias doc]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-;; --- MUTATION: Duplicate File
-
-(s/def ::duplicate-file ::cmd.mgm/duplicate-file)
-
-(sv/defmethod ::duplicate-file
-  {::doc/added "1.2"
-   ::doc/deprecated "1.16"}
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (cmd.mgm/duplicate-file conn params)))
-
-;; --- MUTATION: Duplicate Project
-
-(s/def ::duplicate-project ::cmd.mgm/duplicate-project)
-
-(sv/defmethod ::duplicate-project
-  {::doc/added "1.2"
-   ::doc/deprecated "1.16"}
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (cmd.mgm/duplicate-project conn params)))
-
-;; --- MUTATION: Move file
-
-(s/def ::move-files ::cmd.mgm/move-files)
-
-(sv/defmethod ::move-files
-  {::doc/added "1.2"
-   ::doc/deprecated "1.16"}
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (cmd.mgm/move-files conn params)))
-
-;; --- MUTATION: Move project
-
-(s/def ::move-project ::cmd.mgm/move-project)
-
-(sv/defmethod ::move-project
-  {::doc/added "1.2"
-   ::doc/deprecated "1.16"}
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (cmd.mgm/move-project conn params)))
--- a/backend/src/app/rpc/mutations/media.clj
+++ b/backend/src/app/rpc/mutations/media.clj
@@ -6,280 +6,50 @@

 (ns app.rpc.mutations.media
  (:require
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
-   [app.common.media :as cm]
-   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
-   [app.config :as cf]
   [app.db :as db]
-   [app.http.client :as http]
   [app.media :as media]
-   [app.rpc.climit :as climit]
-   [app.rpc.queries.teams :as teams]
-   [app.storage :as sto]
-   [app.storage.tmp :as tmp]
+   [app.rpc.commands.files :as files]
+   [app.rpc.commands.media :as cmd.media]
+   [app.rpc.doc :as-alias doc]
+   [app.storage :as-alias sto]
   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [datoteka.io :as io]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
-
-(def default-max-file-size (* 1024 1024 10)) ; 10 MiB
-
-(def thumbnail-options
-  {:width 100
-   :height 100
-   :quality 85
-   :format :jpeg})
-
-(s/def ::id ::us/uuid)
-(s/def ::name ::us/string)
-(s/def ::profile-id ::us/uuid)
-(s/def ::file-id ::us/uuid)
-(s/def ::team-id ::us/uuid)
+   [clojure.spec.alpha :as s]))

 ;; --- Create File Media object (upload)

-(declare create-file-media-object)
-(declare select-file)
-
-(s/def ::content ::media/upload)
-(s/def ::is-local ::us/boolean)
-
-(s/def ::upload-file-media-object
-  (s/keys :req-un [::profile-id ::file-id ::is-local ::name ::content]
-          :opt-un [::id]))
+(s/def ::upload-file-media-object ::cmd.media/upload-file-media-object)

 (sv/defmethod ::upload-file-media-object
+  {::doc/added "1.2"
+   ::doc/deprecated "1.18"}
  [{:keys [pool] :as cfg} {:keys [profile-id file-id content] :as params}]
-  (let [file (select-file pool file-id)
-        cfg  (update cfg :storage media/configure-assets-storage)]
-
-    (teams/check-edition-permissions! pool profile-id (:team-id file))
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (files/check-edition-permissions! pool profile-id file-id)
    (media/validate-media-type! content)
-
-    (when (> (:size content) (cf/get :media-max-file-size default-max-file-size))
-      (ex/raise :type :restriction
-                :code :media-max-file-size-reached
-                :hint (str/ffmt "the uploaded file size % is greater than the maximum %"
-                                (:size content)
-                                default-max-file-size)))
-
-    (create-file-media-object cfg params)))
-
-(defn- big-enough-for-thumbnail?
-  "Checks if the provided image info is big enough for
-  create a separate thumbnail storage object."
-  [info]
-  (or (> (:width info) (:width thumbnail-options))
-      (> (:height info) (:height thumbnail-options))))
-
-(defn- svg-image?
-  [info]
-  (= (:mtype info) "image/svg+xml"))
-
-;; NOTE: we use the `on conflict do update` instead of `do nothing`
-;; because postgresql does not returns anything if no update is
-;; performed, the `do update` does the trick.
-
-(def sql:create-file-media-object
-  "insert into file_media_object (id, file_id, is_local, name, media_id, thumbnail_id, width, height, mtype)
-   values (?, ?, ?, ?, ?, ?, ?, ?, ?)
-       on conflict (id) do update set created_at=file_media_object.created_at
-       returning *")
-
-;; NOTE: the following function executes without a transaction, this
-;; means that if something fails in the middle of this function, it
-;; will probably leave leaked/unreferenced objects in the database and
-;; probably in the storage layer. For handle possible object leakage,
-;; we create all media objects marked as touched, this ensures that if
-;; something fails, all leaked (already created storage objects) will
-;; be eventually marked as deleted by the touched-gc task.
-;;
-;; The touched-gc task, performs periodic analysis of all touched
-;; storage objects and check references of it. This is the reason why
-;; `reference` metadata exists: it indicates the name of the table
-;; witch holds the reference to storage object (it some kind of
-;; inverse, soft referential integrity).
-
-(defn create-file-media-object
-  [{:keys [storage pool climit executor] :as cfg}
-   {:keys [id file-id is-local name content] :as params}]
-  (letfn [;; Function responsible to retrieve the file information, as
-          ;; it is synchronous operation it should be wrapped into
-          ;; with-dispatch macro.
-          (get-info [content]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :info :input content})))
-
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))
-
-          ;; Function responsible of generating thumnail. As it is synchronous
-          ;; opetation, it should be wrapped into with-dispatch macro
-          (generate-thumbnail [info]
-            (climit/with-dispatch (:process-image climit)
-              (media/run (assoc thumbnail-options
-                                :cmd :generic-thumbnail
-                                :input info))))
-
-          (create-thumbnail [info]
-            (when (and (not (svg-image? info))
-                       (big-enough-for-thumbnail? info))
-              (p/let [thumb   (generate-thumbnail info)
-                      hash    (calculate-hash (:data thumb))
-                      content (-> (sto/content (:data thumb) (:size thumb))
-                                  (sto/wrap-with-hash hash))]
-                (sto/put-object! storage
-                                 {::sto/content content
-                                  ::sto/deduplicate? true
-                                  ::sto/touched-at (dt/now)
-                                  :content-type (:mtype thumb)
-                                  :bucket "file-media-object"}))))
-
-          (create-image [info]
-            (p/let [data    (:path info)
-                    hash    (calculate-hash data)
-                    content (-> (sto/content data)
-                                (sto/wrap-with-hash hash))]
-              (sto/put-object! storage
-                               {::sto/content content
-                                ::sto/deduplicate? true
-                                ::sto/touched-at (dt/now)
-                                :content-type (:mtype info)
-                                :bucket "file-media-object"})))
-
-          (insert-into-database [info image thumb]
-            (px/with-dispatch executor
-              (db/exec-one! pool [sql:create-file-media-object
-                                  (or id (uuid/next))
-                                  file-id is-local name
-                                  (:id image)
-                                  (:id thumb)
-                                  (:width info)
-                                  (:height info)
-                                  (:mtype info)])))]
-
-    (p/let [info  (get-info content)
-            thumb (create-thumbnail info)
-            image (create-image info)]
-      (insert-into-database info image thumb))))
+    (cmd.media/validate-content-size! content)
+    (cmd.media/create-file-media-object cfg params)))

 ;; --- Create File Media Object (from URL)

-(declare ^:private create-file-media-object-from-url)
-
-(s/def ::create-file-media-object-from-url
-  (s/keys :req-un [::profile-id ::file-id ::is-local ::url]
-          :opt-un [::id ::name]))
+(s/def ::create-file-media-object-from-url ::cmd.media/create-file-media-object-from-url)

 (sv/defmethod ::create-file-media-object-from-url
+  {::doc/added "1.3"
+   ::doc/deprecated "1.18"}
  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (let [file (select-file pool file-id)
-        cfg  (update cfg :storage media/configure-assets-storage)]
-    (teams/check-edition-permissions! pool profile-id (:team-id file))
-    (create-file-media-object-from-url cfg params)))
-
-(defn- create-file-media-object-from-url
-  [cfg {:keys [url name] :as params}]
-  (letfn [(parse-and-validate-size [headers]
-            (let [size     (some-> (get headers "content-length") d/parse-integer)
-                  mtype    (get headers "content-type")
-                  format   (cm/mtype->format mtype)
-                  max-size (cf/get :media-max-file-size default-max-file-size)]
-
-              (when-not size
-                (ex/raise :type :validation
-                          :code :unknown-size
-                          :hint "seems like the url points to resource with unknown size"))
-
-              (when (> size max-size)
-                (ex/raise :type :validation
-                          :code :file-too-large
-                          :hint (str/ffmt "the file size % is greater than the maximum %"
-                                          size
-                                          default-max-file-size)))
-
-              (when (nil? format)
-                (ex/raise :type :validation
-                          :code :media-type-not-allowed
-                          :hint "seems like the url points to an invalid media object"))
-
-              {:size size
-               :mtype mtype
-               :format format}))
-
-          (download-media [uri]
-            (-> (http/req! cfg {:method :get :uri uri} {:response-type :input-stream})
-                (p/then process-response)))
-
-          (process-response [{:keys [body headers] :as response}]
-            (let [{:keys [size mtype]} (parse-and-validate-size headers)
-                  path                 (tmp/tempfile :prefix "penpot.media.download.")
-                  written              (io/write-to-file! body path :size size)]
-
-              (when (not= written size)
-                (ex/raise :type :internal
-                          :code :mismatch-write-size
-                          :hint "unexpected state: unable to write to file"))
-
-              {:filename "tempfile"
-               :size size
-               :path path
-               :mtype mtype}))]
-
-    (p/let [content (download-media url)]
-      (->> (merge params {:content content :name (or name (:filename content))})
-           (create-file-media-object cfg)))))
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (files/check-edition-permissions! pool profile-id file-id)
+    (#'cmd.media/create-file-media-object-from-url cfg params)))

 ;; --- Clone File Media object (Upload and create from url)

-(declare clone-file-media-object)
-
-(s/def ::clone-file-media-object
-  (s/keys :req-un [::profile-id ::file-id ::is-local ::id]))
+(s/def ::clone-file-media-object ::cmd.media/clone-file-media-object)

 (sv/defmethod ::clone-file-media-object
+  {::doc/added "1.2"
+   ::doc/deprecated "1.18"}
  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [file (select-file conn file-id)]
-      (teams/check-edition-permissions! conn profile-id (:team-id file))
-      (-> (assoc cfg :conn conn)
-          (clone-file-media-object params)))))
-
-(defn clone-file-media-object
-  [{:keys [conn] :as cfg} {:keys [id file-id is-local]}]
-  (let [mobj (db/get-by-id conn :file-media-object id)]
-    (db/insert! conn :file-media-object
-                {:id (uuid/next)
-                 :file-id file-id
-                 :is-local is-local
-                 :name (:name mobj)
-                 :media-id (:media-id mobj)
-                 :thumbnail-id (:thumbnail-id mobj)
-                 :width  (:width mobj)
-                 :height (:height mobj)
-                 :mtype  (:mtype mobj)})))
-
-;; --- HELPERS
-
-(def ^:private
-  sql:select-file
-  "select file.*,
-          project.team_id as team_id
-     from file
-    inner join project on (project.id = file.project_id)
-    where file.id = ?")
-
-(defn- select-file
-  [conn id]
-  (let [row (db/exec-one! conn [sql:select-file id])]
-    (when-not row
-      (ex/raise :type :not-found))
-    row))
+    (files/check-edition-permissions! conn profile-id file-id)
+    (-> (assoc cfg :conn conn)
+        (cmd.media/clone-file-media-object params))))
--- a/backend/src/app/rpc/mutations/profile.clj
+++ b/backend/src/app/rpc/mutations/profile.clj
@@ -11,25 +11,18 @@
   [app.common.spec :as us]
   [app.config :as cf]
   [app.db :as db]
-   [app.emails :as eml]
   [app.http.session :as session]
   [app.loggers.audit :as audit]
   [app.media :as media]
-   [app.rpc :as-alias rpc]
   [app.rpc.climit :as-alias climit]
-   [app.rpc.commands.auth :as cmd.auth]
+   [app.rpc.commands.profile :as profile]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
-   [app.rpc.mutations.teams :as teams]
-   [app.rpc.queries.profile :as profile]
   [app.storage :as sto]
-   [app.tokens :as tokens]
   [app.util.services :as sv]
   [app.util.time :as dt]
   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [cuerdas.core :as str]))

 ;; --- Helpers & Specs

@@ -49,14 +42,15 @@
          :opt-un [::lang ::theme]))

 (sv/defmethod ::update-profile
-  {::doc/added "1.0"}
-  [{:keys [pool] :as cfg} {:keys [profile-id fullname lang theme] :as params}]
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id fullname lang theme] :as params}]
  (db/with-atomic [conn pool]
    ;; NOTE: we need to retrieve the profile independently if we use
    ;; it or not for explicit locking and avoid concurrent updates of
    ;; the same row/object.
-    (let [profile (-> (db/get-by-id conn :profile profile-id {:for-update true})
-                      (profile/decode-profile-row))
+    (let [profile (-> (db/get-by-id conn :profile profile-id ::db/for-update? true)
+                      (profile/decode-row))

          ;; Update the profile map with direct params
          profile (-> profile
@@ -73,161 +67,68 @@
                  {:id profile-id})

      (-> profile
-          profile/strip-private-attrs
-          d/without-nils
+          (profile/strip-private-attrs)
+          (d/without-nils)
          (rph/with-meta {::audit/props (audit/profile->props profile)})))))


 ;; --- MUTATION: Update Password

-(declare validate-password!)
-(declare update-profile-password!)
-(declare invalidate-profile-session!)
-
 (s/def ::update-profile-password
  (s/keys :req-un [::profile-id ::password ::old-password]))

 (sv/defmethod ::update-profile-password
-  {::climit/queue :auth}
-  [{:keys [pool] :as cfg} {:keys [password] :as params}]
+  {::climit/queue :auth
+   ::doc/added "1.0"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [password] :as params}]
  (db/with-atomic [conn pool]
-    (let [profile    (validate-password! conn params)
-          session-id (::rpc/session-id params)]
+    (let [profile    (#'profile/validate-password! conn params)
+          session-id (::session/id params)]
      (when (= (str/lower (:email profile))
               (str/lower (:password params)))
        (ex/raise :type :validation
                  :code :email-as-password
                  :hint "you can't use your email as password"))
-      (update-profile-password! conn (assoc profile :password password))
-      (invalidate-profile-session! conn (:id profile) session-id)
+      (profile/update-profile-password! conn (assoc profile :password password))
+      (#'profile/invalidate-profile-session! conn (:id profile) session-id)
      nil)))

-(defn- invalidate-profile-session!
-  "Removes all sessions except the current one."
-  [conn profile-id session-id]
-  (let [sql "delete from http_session where profile_id = ? and id != ?"]
-    (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id]))))
-
-(defn- validate-password!
-  [conn {:keys [profile-id old-password] :as params}]
-  (let [profile (db/get-by-id conn :profile profile-id)]
-    (when-not (:valid (cmd.auth/verify-password old-password (:password profile)))
-      (ex/raise :type :validation
-                :code :old-password-not-match))
-    profile))
-
-(defn update-profile-password!
-  [conn {:keys [id password] :as profile}]
-  (db/update! conn :profile
-              {:password (cmd.auth/derive-password password)}
-              {:id id}))

 ;; --- MUTATION: Update Photo

-(declare update-profile-photo)
-
 (s/def ::file ::media/upload)
 (s/def ::update-profile-photo
  (s/keys :req-un [::profile-id ::file]))

 (sv/defmethod ::update-profile-photo
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
  [cfg {:keys [file] :as params}]
  ;; Validate incoming mime type
  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
-  (let [cfg (update cfg :storage media/configure-assets-storage)]
-    (update-profile-photo cfg params)))
-
-(defn update-profile-photo
-  [{:keys [pool storage executor] :as cfg} {:keys [profile-id file] :as params}]
-  (p/let [profile (px/with-dispatch executor
-                    (db/get-by-id pool :profile profile-id))
-          photo   (teams/upload-photo cfg params)]
-
-    ;; Schedule deletion of old photo
-    (when-let [id (:photo-id profile)]
-      (sto/touch-object! storage id))
-
-    ;; Save new photo
-    (db/update! pool :profile
-                {:photo-id (:id photo)}
-                {:id profile-id})
-
-    (-> (rph/wrap)
-        (rph/with-meta {::audit/replace-props
-                        {:file-name (:filename file)
-                         :file-size (:size file)
-                         :file-path (str (:path file))
-                         :file-mtype (:mtype file)}}))))
+  (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
+    (profile/update-profile-photo cfg params)))

 ;; --- MUTATION: Request Email Change

-(declare request-email-change)
-(declare change-email-immediately)
-
 (s/def ::request-email-change
  (s/keys :req-un [::email]))

 (sv/defmethod ::request-email-change
-  [{:keys [pool] :as cfg} {:keys [profile-id email] :as params}]
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id email] :as params}]
  (db/with-atomic [conn pool]
    (let [profile (db/get-by-id conn :profile profile-id)
-          cfg     (assoc cfg :conn conn)
+          cfg     (assoc cfg ::profile/conn conn)
          params  (assoc params
                         :profile profile
                         :email (str/lower email))]
+
      (if (contains? cf/flags :smtp)
-        (request-email-change cfg params)
-        (change-email-immediately cfg params)))))
-
-(defn- change-email-immediately
-  [{:keys [conn]} {:keys [profile email] :as params}]
-  (when (not= email (:email profile))
-    (cmd.auth/check-profile-existence! conn params))
-  (db/update! conn :profile
-              {:email email}
-              {:id (:id profile)})
-  {:changed true})
-
-(defn- request-email-change
-  [{:keys [conn sprops] :as cfg} {:keys [profile email] :as params}]
-  (let [token   (tokens/generate sprops
-                                 {:iss :change-email
-                                  :exp (dt/in-future "15m")
-                                  :profile-id (:id profile)
-                                  :email email})
-        ptoken  (tokens/generate sprops
-                                 {:iss :profile-identity
-                                  :profile-id (:id profile)
-                                  :exp (dt/in-future {:days 30})})]
-
-    (when (not= email (:email profile))
-      (cmd.auth/check-profile-existence! conn params))
-
-    (when-not (eml/allow-send-emails? conn profile)
-      (ex/raise :type :validation
-                :code :profile-is-muted
-                :hint "looks like the profile has reported repeatedly as spam or has permanent bounces."))
-
-    (when (eml/has-bounce-reports? conn email)
-      (ex/raise :type :validation
-                :code :email-has-permanent-bounces
-                :hint "looks like the email you invite has been repeatedly reported as spam or permanent bounce"))
-
-    (eml/send! {::eml/conn conn
-                ::eml/factory eml/change-email
-                :public-uri (:public-uri cfg)
-                :to (:email profile)
-                :name (:fullname profile)
-                :pending-email email
-                :token token
-                :extra-data ptoken})
-    nil))
-
-
-(defn select-profile-for-update
-  [conn id]
-  (db/get-by-id conn :profile id {:for-update true}))
-
+        (#'profile/request-email-change! cfg params)
+        (#'profile/change-email-immediately! cfg params)))))

 ;; --- MUTATION: Update Profile Props

@@ -236,9 +137,11 @@
  (s/keys :req-un [::profile-id ::props]))

 (sv/defmethod ::update-profile-props
-  [{:keys [pool] :as cfg} {:keys [profile-id props]}]
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id props]}]
  (db/with-atomic [conn pool]
-    (let [profile (profile/retrieve-profile-data conn profile-id)
+    (let [profile (profile/get-profile conn profile-id ::db/for-update? true)
          props   (reduce-kv (fn [props k v]
                               ;; We don't accept namespaced keys
                               (if (simple-ident? k)
@@ -253,22 +156,20 @@
                  {:props (db/tjson props)}
                  {:id profile-id})

-      (profile/filter-profile-props props))))
+      (profile/filter-props props))))


 ;; --- MUTATION: Delete Profile

-(declare get-owned-teams-with-participants)
-(declare check-can-delete-profile!)
-(declare mark-profile-as-deleted!)
-
 (s/def ::delete-profile
  (s/keys :req-un [::profile-id]))

 (sv/defmethod ::delete-profile
-  [{:keys [pool session] :as cfg} {:keys [profile-id] :as params}]
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (let [teams      (get-owned-teams-with-participants conn profile-id)
+    (let [teams      (#'profile/get-owned-teams-with-participants conn profile-id)
          deleted-at (dt/now)]

      ;; If we found owned teams with participants, we don't allow
@@ -289,22 +190,4 @@
                  {:deleted-at deleted-at}
                  {:id profile-id})

-      (rph/with-transform {} (session/delete-fn session)))))
-
-(def sql:owned-teams
-  "with owner_teams as (
-      select tpr.team_id as id
-        from team_profile_rel as tpr
-       where tpr.is_owner is true
-         and tpr.profile_id = ?
-   )
-   select tpr.team_id as id,
-          count(tpr.profile_id) - 1 as participants
-     from team_profile_rel as tpr
-    where tpr.team_id in (select id from owner_teams)
-      and tpr.profile_id != ?
-    group by 1")
-
-(defn- get-owned-teams-with-participants
-  [conn profile-id]
-  (db/exec! conn [sql:owned-teams profile-id profile-id]))
+      (rph/with-transform {} (session/delete-fn cfg)))))
--- a/backend/src/app/rpc/mutations/projects.clj
+++ b/backend/src/app/rpc/mutations/projects.clj
@@ -7,15 +7,14 @@
 (ns app.rpc.mutations.projects
  (:require
   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.loggers.audit :as-alias audit]
   [app.loggers.webhooks :as-alias webhooks]
+   [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
   [app.rpc.doc :as-alias doc]
   [app.rpc.helpers :as rph]
-   [app.rpc.permissions :as perms]
-   [app.rpc.queries.projects :as proj]
-   [app.rpc.queries.teams :as teams]
+   [app.rpc.quotes :as quotes]
   [app.util.services :as sv]
   [app.util.time :as dt]
   [clojure.spec.alpha :as s]))
@@ -28,10 +27,6 @@

 ;; --- Mutation: Create Project

-(declare create-project)
-(declare create-project-role)
-(declare create-team-project-profile)
-
 (s/def ::team-id ::us/uuid)
 (s/def ::create-project
  (s/keys :req-un [::profile-id ::team-id ::name]
@@ -39,45 +34,26 @@

 (sv/defmethod ::create-project
  {::doc/added "1.0"
+   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [profile-id team-id] :as params}]
  (db/with-atomic [conn pool]
    (teams/check-edition-permissions! conn profile-id team-id)
-    (let [project (create-project conn params)
-          params  (assoc params
-                         :project-id (:id project)
-                         :role :owner)]
-      (create-project-role conn params)
-      (create-team-project-profile conn params)
+    (quotes/check-quote! conn {::quotes/id ::quotes/projects-per-team
+                               ::quotes/profile-id profile-id
+                               ::quotes/team-id team-id})
+
+    (let [project (teams/create-project conn params)]
+      (teams/create-project-role conn profile-id (:id project) :owner)
+
+      (db/insert! conn :team-project-profile-rel
+                  {:project-id (:id project)
+                   :profile-id profile-id
+                   :team-id team-id
+                   :is-pinned true})
+
      (assoc project :is-pinned true))))

-(defn create-project
-  [conn {:keys [id team-id name is-default] :as params}]
-  (let [id         (or id (uuid/next))
-        is-default (if (boolean? is-default) is-default false)]
-    (db/insert! conn :project
-                {:id id
-                 :name name
-                 :team-id team-id
-                 :is-default is-default})))
-
-(defn create-project-role
-  [conn {:keys [project-id profile-id role]}]
-  (let [params {:project-id project-id
-                :profile-id profile-id}]
-    (->> (perms/assign-role-flags params role)
-         (db/insert! conn :project-profile-rel))))
-
-;; TODO: pending to be refactored
-(defn create-team-project-profile
-  [conn {:keys [team-id project-id profile-id] :as params}]
-  (db/insert! conn :team-project-profile-rel
-              {:project-id project-id
-               :profile-id profile-id
-               :team-id team-id
-               :is-pinned true}))
-
-
 ;; --- Mutation: Toggle Project Pin

 (def ^:private
@@ -94,13 +70,17 @@
  (s/keys :req-un [::profile-id ::id ::team-id ::is-pinned]))

 (sv/defmethod ::update-project-pin
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"
+   ::webhooks/batch-timeout (dt/duration "5s")
+   ::webhooks/batch-key :id
+   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id profile-id team-id is-pinned] :as params}]
  (db/with-atomic [conn pool]
-    (proj/check-edition-permissions! conn profile-id id)
+    (projects/check-edition-permissions! conn profile-id id)
    (db/exec-one! conn [sql:update-project-pin team-id id profile-id is-pinned is-pinned])
    nil))

-
 ;; --- Mutation: Rename Project

 (declare rename-project)
@@ -109,13 +89,20 @@
  (s/keys :req-un [::profile-id ::name ::id]))

 (sv/defmethod ::rename-project
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"
+   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id profile-id name] :as params}]
  (db/with-atomic [conn pool]
-    (proj/check-edition-permissions! conn profile-id id)
-    (db/update! conn :project
-                {:name name}
-                {:id id})
-    nil))
+    (projects/check-edition-permissions! conn profile-id id)
+    (let [project (db/get-by-id conn :project id)]
+      (db/update! conn :project
+                  {:name name}
+                  {:id id})
+
+      (rph/with-meta (rph/wrap)
+        {::audit/props {:team-id (:team-id project)
+                        :prev-name (:name project)}}))))

 ;; --- Mutation: Delete Project

@@ -128,12 +115,16 @@

 (sv/defmethod ::delete-project
  {::doc/added "1.0"
+   ::doc/deprecated "1.18"
   ::webhooks/event? true}
  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
  (db/with-atomic [conn pool]
-    (proj/check-edition-permissions! conn profile-id id)
+    (projects/check-edition-permissions! conn profile-id id)
    (let [project (db/update! conn :project
                              {:deleted-at (dt/now)}
                              {:id id :is-default false})]
      (rph/with-meta (rph/wrap)
-        {::audit/props {:team-id (:team-id project)}}))))
+        {::audit/props {:team-id (:team-id project)
+                        :name (:name project)
+                        :created-at (:created-at project)
+                        :modified-at (:modified-at project)}}))))
--- a/backend/src/app/rpc/mutations/share_link.clj
+++ b/backend/src/app/rpc/mutations/share_link.clj
@@ -11,6 +11,7 @@
   [app.common.uuid :as uuid]
   [app.db :as db]
   [app.rpc.commands.files :as files]
+   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

@@ -35,8 +36,9 @@

  Share links are resources that allows external users access to specific
  pages of a file with specific permissions (who-comment and who-inspect)."
-
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  {::doc/added "1.5"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id file-id] :as params}]
  (db/with-atomic [conn pool]
    (files/check-edition-permissions! conn profile-id file-id)
    (create-share-link conn params)))
@@ -51,18 +53,17 @@
                           :who-inspect who-inspect
                           :pages pages
                           :owner-id profile-id})]
-    (-> slink
-        (update :pages db/decode-pgarray #{}))))
+    (update slink :pages db/decode-pgarray #{})))

 ;; --- Mutation: Delete Share Link

-(declare delete-share-link)
-
 (s/def ::delete-share-link
  (s/keys :req-un [::profile-id ::id]))

 (sv/defmethod ::delete-share-link
-  [{:keys [pool] :as cfg} {:keys [profile-id id] :as params}]
+  {::doc/added "1.5"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id id] :as params}]
  (db/with-atomic [conn pool]
    (let [slink (db/get-by-id conn :share-link id)]
      (files/check-edition-permissions! conn profile-id (:file-id slink))
--- a/backend/src/app/rpc/mutations/teams.clj
+++ b/backend/src/app/rpc/mutations/teams.clj
@@ -1,537 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.mutations.teams
-  (:require
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
-   [app.common.logging :as l]
-   [app.common.spec :as us]
-   [app.common.uuid :as uuid]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.emails :as eml]
-   [app.loggers.audit :as audit]
-   [app.media :as media]
-   [app.rpc.climit :as climit]
-   [app.rpc.helpers :as rph]
-   [app.rpc.mutations.projects :as projects]
-   [app.rpc.permissions :as perms]
-   [app.rpc.queries.profile :as profile]
-   [app.rpc.queries.teams :as teams]
-   [app.storage :as sto]
-   [app.tokens :as tokens]
-   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
-
-;; --- Helpers & Specs
-
-(s/def ::id ::us/uuid)
-(s/def ::name ::us/string)
-(s/def ::profile-id ::us/uuid)
-
-;; --- Mutation: Create Team
-
-(declare create-team)
-(declare create-team-entry)
-(declare create-team-role)
-(declare create-team-default-project)
-
-(s/def ::create-team
-  (s/keys :req-un [::profile-id ::name]
-          :opt-un [::id]))
-
-(sv/defmethod ::create-team
-  [{:keys [pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (create-team conn params)))
-
-(defn create-team
-  "This is a complete team creation process, it creates the team
-  object and all related objects (default role and default project)."
-  [conn params]
-  (let [team    (create-team-entry conn params)
-        params  (assoc params
-                       :team-id (:id team)
-                       :role :owner)
-        project (create-team-default-project conn params)]
-    (create-team-role conn params)
-    (assoc team :default-project-id (:id project))))
-
-(defn- create-team-entry
-  [conn {:keys [id name is-default] :as params}]
-  (let [id         (or id (uuid/next))
-        is-default (if (boolean? is-default) is-default false)]
-    (db/insert! conn :team
-                {:id id
-                 :name name
-                 :is-default is-default})))
-
-(defn- create-team-role
-  [conn {:keys [team-id profile-id role] :as params}]
-  (let [params {:team-id team-id
-                :profile-id profile-id}]
-    (->> (perms/assign-role-flags params role)
-         (db/insert! conn :team-profile-rel))))
-
-(defn- create-team-default-project
-  [conn {:keys [team-id profile-id] :as params}]
-  (let [project {:id (uuid/next)
-                 :team-id team-id
-                 :name "Drafts"
-                 :is-default true}
-        project (projects/create-project conn project)]
-    (projects/create-project-role conn {:project-id (:id project)
-                                        :profile-id profile-id
-                                        :role :owner})
-    project))
-
-;; --- Mutation: Update Team
-
-(s/def ::update-team
-  (s/keys :req-un [::profile-id ::name ::id]))
-
-(sv/defmethod ::update-team
-  [{:keys [pool] :as cfg} {:keys [id name profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (teams/check-edition-permissions! conn profile-id id)
-    (db/update! conn :team
-                {:name name}
-                {:id id})
-    nil))
-
-
-;; --- Mutation: Leave Team
-
-(declare role->params)
-
-(s/def ::reassign-to ::us/uuid)
-(s/def ::leave-team
-  (s/keys :req-un [::profile-id ::id]
-          :opt-un [::reassign-to]))
-
-(sv/defmethod ::leave-team
-  [{:keys [pool] :as cfg} {:keys [id profile-id reassign-to]}]
-  (db/with-atomic [conn pool]
-    (let [perms   (teams/get-permissions conn profile-id id)
-          members (teams/retrieve-team-members conn id)]
-
-      (cond
-        ;; we can only proceed if there are more members in the team
-        ;; besides the current profile
-        (<= (count members) 1)
-        (ex/raise :type :validation
-                  :code :no-enough-members-for-leave
-                  :context {:members (count members)})
-
-        ;; if the `reassign-to` is filled and has a different value
-        ;; than the current profile-id, we proceed to reassing the
-        ;; owner role to profile identified by the `reassign-to`.
-        (and reassign-to (not= reassign-to profile-id))
-        (let [member (d/seek #(= reassign-to (:id %)) members)]
-          (when-not member
-            (ex/raise :type :not-found :code :member-does-not-exist))
-
-          ;; unasign owner role to current profile
-          (db/update! conn :team-profile-rel
-                      {:is-owner false}
-                      {:team-id id
-                       :profile-id profile-id})
-
-          ;; assign owner role to new profile
-          (db/update! conn :team-profile-rel
-                      (role->params :owner)
-                      {:team-id id :profile-id reassign-to}))
-
-        ;; and finally, if all other conditions does not match and the
-        ;; current profile is owner, we dont allow it because there
-        ;; must always be an owner.
-        (:is-owner perms)
-        (ex/raise :type :validation
-                  :code :owner-cant-leave-team
-                  :hint "releasing owner before leave"))
-
-      (db/delete! conn :team-profile-rel
-                  {:profile-id profile-id
-                   :team-id id})
-
-      nil)))
-
-;; --- Mutation: Delete Team
-
-(s/def ::delete-team
-  (s/keys :req-un [::profile-id ::id]))
-
-;; TODO: right now just don't allow delete default team, in future it
-;; should raise a specific exception for signal that this action is
-;; not allowed.
-
-(sv/defmethod ::delete-team
-  [{:keys [pool] :as cfg} {:keys [id profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [perms (teams/get-permissions conn profile-id id)]
-      (when-not (:is-owner perms)
-        (ex/raise :type :validation
-                  :code :only-owner-can-delete-team))
-
-      (db/update! conn :team
-                  {:deleted-at (dt/now)}
-                  {:id id :is-default false})
-      nil)))
-
-
-;; --- Mutation: Team Update Role
-
-(declare retrieve-team-member)
-
-(s/def ::team-id ::us/uuid)
-(s/def ::member-id ::us/uuid)
-;; Temporarily disabled viewer role
-;; https://tree.taiga.io/project/uxboxproject/issue/1083
-;; (s/def ::role #{:owner :admin :editor :viewer})
-(s/def ::role #{:owner :admin :editor})
-
-(s/def ::update-team-member-role
-  (s/keys :req-un [::profile-id ::team-id ::member-id ::role]))
-
-(sv/defmethod ::update-team-member-role
-  [{:keys [pool] :as cfg} {:keys [team-id profile-id member-id role] :as params}]
-  (db/with-atomic [conn pool]
-    (let [perms (teams/get-permissions conn profile-id team-id)
-          ;; We retrieve all team members instead of query the
-          ;; database for a single member. This is just for
-          ;; convenience, if this becomes a bottleneck or problematic,
-          ;; we will change it to more efficient fetch mechanisms.
-          members (teams/retrieve-team-members conn team-id)
-          member  (d/seek #(= member-id (:id %)) members)
-
-          is-owner? (:is-owner perms)
-          is-admin? (:is-admin perms)]
-
-      ;; If no member is found, just 404
-      (when-not member
-        (ex/raise :type :not-found
-                  :code :member-does-not-exist))
-
-      ;; First check if we have permissions to change roles
-      (when-not (or is-owner? is-admin?)
-        (ex/raise :type :validation
-                  :code :insufficient-permissions))
-
-      ;; Don't allow change role of owner member
-      (when (:is-owner member)
-        (ex/raise :type :validation
-                  :code :cant-change-role-to-owner))
-
-      ;; Don't allow promote to owner to admin users.
-      (when (and (not is-owner?) (= role :owner))
-        (ex/raise :type :validation
-                  :code :cant-promote-to-owner))
-
-      (let [params (role->params role)]
-        ;; Only allow single owner on team
-        (when (= role :owner)
-          (db/update! conn :team-profile-rel
-                      {:is-owner false}
-                      {:team-id team-id
-                       :profile-id profile-id}))
-
-        (db/update! conn :team-profile-rel
-                    params
-                    {:team-id team-id
-                     :profile-id member-id})
-        nil))))
-
-(defn role->params
-  [role]
-  (case role
-    :admin  {:is-owner false :is-admin true :can-edit true}
-    :editor {:is-owner false :is-admin false :can-edit true}
-    :owner  {:is-owner true  :is-admin true :can-edit true}
-    :viewer {:is-owner false :is-admin false :can-edit false}))
-
-
-;; --- Mutation: Delete Team Member
-
-(s/def ::delete-team-member
-  (s/keys :req-un [::profile-id ::team-id ::member-id]))
-
-(sv/defmethod ::delete-team-member
-  [{:keys [pool] :as cfg} {:keys [team-id profile-id member-id] :as params}]
-  (db/with-atomic [conn pool]
-    (let [perms (teams/get-permissions conn profile-id team-id)]
-      (when-not (or (:is-owner perms)
-                    (:is-admin perms))
-        (ex/raise :type :validation
-                  :code :insufficient-permissions))
-
-      (when (= member-id profile-id)
-        (ex/raise :type :validation
-                  :code :cant-remove-yourself))
-
-      (db/delete! conn :team-profile-rel {:profile-id member-id
-                                          :team-id team-id})
-
-      nil)))
-
-;; --- Mutation: Update Team Photo
-
-(declare ^:private upload-photo)
-(declare ^:private update-team-photo)
-
-(s/def ::file ::media/upload)
-(s/def ::update-team-photo
-  (s/keys :req-un [::profile-id ::team-id ::file]))
-
-(sv/defmethod ::update-team-photo
-  [cfg {:keys [file] :as params}]
-  ;; Validate incoming mime type
-  (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
-  (let [cfg (update cfg :storage media/configure-assets-storage)]
-    (update-team-photo cfg params)))
-
-(defn update-team-photo
-  [{:keys [pool storage executor] :as cfg} {:keys [profile-id team-id] :as params}]
-  (p/let [team  (px/with-dispatch executor
-                  (teams/retrieve-team pool profile-id team-id))
-          photo (upload-photo cfg params)]
-
-    ;; Mark object as touched for make it ellegible for tentative
-    ;; garbage collection.
-    (when-let [id (:photo-id team)]
-      (sto/touch-object! storage id))
-
-    ;; Save new photo
-    (db/update! pool :team
-                {:photo-id (:id photo)}
-                {:id team-id})
-
-    (assoc team :photo-id (:id photo))))
-
-(defn upload-photo
-  [{:keys [storage executor climit] :as cfg} {:keys [file]}]
-  (letfn [(get-info [content]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :info :input content})))
-
-          (generate-thumbnail [info]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :profile-thumbnail
-                          :format :jpeg
-                          :quality 85
-                          :width 256
-                          :height 256
-                          :input info})))
-
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))]
-
-    (p/let [info    (get-info file)
-            thumb   (generate-thumbnail info)
-            hash    (calculate-hash (:data thumb))
-            content (-> (sto/content (:data thumb) (:size thumb))
-                        (sto/wrap-with-hash hash))]
-      (sto/put-object! storage {::sto/content content
-                                ::sto/deduplicate? true
-                                :bucket "profile"
-                                :content-type (:mtype thumb)}))))
-
-;; --- Mutation: Invite Member
-
-(declare create-team-invitation)
-
-(s/def ::email ::us/email)
-(s/def ::emails ::us/set-of-valid-emails)
-(s/def ::invite-team-member
-  (s/keys :req-un [::profile-id ::team-id ::role]
-          :opt-un [::email ::emails]))
-
-(sv/defmethod ::invite-team-member
-  "A rpc call that allow to send a single or multiple invitations to
-  join the team."
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id email emails role] :as params}]
-  (db/with-atomic [conn pool]
-    (let [perms    (teams/get-permissions conn profile-id team-id)
-          profile  (db/get-by-id conn :profile profile-id)
-          team     (db/get-by-id conn :team team-id)
-          emails   (cond-> (or emails #{}) (string? email) (conj email))]
-
-      (when-not (:is-admin perms)
-        (ex/raise :type :validation
-                  :code :insufficient-permissions))
-
-      ;; First check if the current profile is allowed to send emails.
-      (when-not (eml/allow-send-emails? conn profile)
-        (ex/raise :type :validation
-                  :code :profile-is-muted
-                  :hint "looks like the profile has reported repeatedly as spam or has permanent bounces"))
-
-      (let [invitations (->> emails
-                             (map (fn [email]
-                                    (assoc cfg
-                                           :email email
-                                           :conn conn
-                                           :team team
-                                           :profile profile
-                                           :role role)))
-                             (map create-team-invitation))]
-        (with-meta (vec invitations)
-          {::audit/props {:invitations (count invitations)}})))))
-
-(def sql:upsert-team-invitation
-  "insert into team_invitation(team_id, email_to, role, valid_until)
-   values (?, ?, ?, ?)
-       on conflict(team_id, email_to) do
-          update set role = ?, valid_until = ?, updated_at = now();")
-
-(defn- create-team-invitation
-  [{:keys [conn sprops team profile role email] :as cfg}]
-  (let [member    (profile/retrieve-profile-data-by-email conn email)
-        token-exp (dt/in-future "168h") ;; 7 days
-        email     (str/lower email)
-        itoken    (tokens/generate sprops
-                                   {:iss :team-invitation
-                                    :exp token-exp
-                                    :profile-id (:id profile)
-                                    :role role
-                                    :team-id (:id team)
-                                    :member-email (:email member email)
-                                    :member-id (:id member)})
-        ptoken    (tokens/generate sprops
-                                   {:iss :profile-identity
-                                    :profile-id (:id profile)
-                                    :exp (dt/in-future {:days 30})})]
-
-    (when (and member (not (eml/allow-send-emails? conn member)))
-      (ex/raise :type :validation
-                :code :member-is-muted
-                :email email
-                :hint "the profile has reported repeatedly as spam or has bounces"))
-
-    ;; Secondly check if the invited member email is part of the global spam/bounce report.
-    (when (eml/has-bounce-reports? conn email)
-      (ex/raise :type :validation
-                :code :email-has-permanent-bounces
-                :email email
-                :hint "the email you invite has been repeatedly reported as spam or bounce"))
-
-    (when (contains? cf/flags :log-invitation-tokens)
-      (l/trace :hint "invitation token" :token itoken))
-
-    ;; When we have email verification disabled and invitation user is
-    ;; already present in the database, we proceed to add it to the
-    ;; team as-is, without email roundtrip.
-
-    ;; TODO: if member does not exists and email verification is
-    ;; disabled, we should proceed to create the profile (?)
-    (if (and (not (contains? cf/flags :email-verification))
-             (some? member))
-      (let [params (merge {:team-id (:id team)
-                           :profile-id (:id member)}
-                          (role->params role))]
-
-        ;; Insert the invited member to the team
-        (db/insert! conn :team-profile-rel params {:on-conflict-do-nothing true})
-
-        ;; If profile is not yet verified, mark it as verified because
-        ;; accepting an invitation link serves as verification.
-        (when-not (:is-active member)
-          (db/update! conn :profile
-                      {:is-active true}
-                      {:id (:id member)})))
-      (do
-        (db/exec-one! conn [sql:upsert-team-invitation
-                            (:id team) (str/lower email) (name role)
-                            token-exp (name role) token-exp])
-        (eml/send! {::eml/conn conn
-                    ::eml/factory eml/invite-to-team
-                    :public-uri (:public-uri cfg)
-                    :to email
-                    :invited-by (:fullname profile)
-                    :team (:name team)
-                    :token itoken
-                    :extra-data ptoken})))
-
-    itoken))
-
-;; --- Mutation: Create Team & Invite Members
-
-(s/def ::emails ::us/set-of-valid-emails)
-(s/def ::create-team-and-invite-members
-  (s/and ::create-team (s/keys :req-un [::emails ::role])))
-
-(sv/defmethod ::create-team-and-invite-members
-  [{:keys [pool] :as cfg} {:keys [profile-id emails role] :as params}]
-  (db/with-atomic [conn pool]
-    (let [team     (create-team conn params)
-          profile  (db/get-by-id conn :profile profile-id)]
-
-      ;; Create invitations for all provided emails.
-      (doseq [email emails]
-        (create-team-invitation
-         (assoc cfg
-                :conn conn
-                :team team
-                :profile profile
-                :email email
-                :role role)))
-
-      (-> team
-          (vary-meta assoc ::audit/props {:invitations (count emails)})
-          (rph/with-defer
-            #(when-let [collector (::audit/collector cfg)]
-               (audit/submit! collector
-                              {:type "mutation"
-                               :name "invite-team-member"
-                               :profile-id profile-id
-                               :props {:emails emails
-                                       :role role
-                                       :profile-id profile-id
-                                       :invitations (count emails)}})))))))
-
-;; --- Mutation: Update invitation role
-
-(s/def ::update-team-invitation-role
-  (s/keys :req-un [::profile-id ::team-id ::email ::role]))
-
-(sv/defmethod ::update-team-invitation-role
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id email role] :as params}]
-  (db/with-atomic [conn pool]
-    (let [perms    (teams/get-permissions conn profile-id team-id)]
-
-      (when-not (:is-admin perms)
-        (ex/raise :type :validation
-                  :code :insufficient-permissions))
-
-      (db/update! conn :team-invitation
-                  {:role (name role) :updated-at (dt/now)}
-                  {:team-id team-id :email-to (str/lower email)})
-      nil)))
-
-;; --- Mutation: Delete invitation
-
-(s/def ::delete-team-invitation
-  (s/keys :req-un [::profile-id ::team-id ::email]))
-
-(sv/defmethod ::delete-team-invitation
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id email] :as params}]
-  (db/with-atomic [conn pool]
-    (let [perms    (teams/get-permissions conn profile-id team-id)]
-
-      (when-not (:is-admin perms)
-        (ex/raise :type :validation
-                  :code :insufficient-permissions))
-
-      (db/delete! conn :team-invitation
-                {:team-id team-id :email-to (str/lower email)})
-      nil)))
--- a/backend/src/app/rpc/mutations/verify_token.clj
+++ b/backend/src/app/rpc/mutations/verify_token.clj
@@ -1,28 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.mutations.verify-token
-  (:require
-   [app.db :as db]
-   [app.rpc.commands.verify-token :refer [process-token]]
-   [app.rpc.doc :as-alias doc]
-   [app.tokens :as tokens]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-(s/def ::verify-token
-  (s/keys :req-un [::token]
-          :opt-un [::profile-id]))
-
-(sv/defmethod ::verify-token
-  {:auth false
-   ::doc/added "1.1"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool sprops] :as cfg} {:keys [token] :as params}]
-  (db/with-atomic [conn pool]
-    (let [claims (tokens/verify sprops {:token token})
-          cfg    (assoc cfg :conn conn)]
-      (process-token cfg params claims))))
--- a/backend/src/app/rpc/queries/comments.clj
+++ b/backend/src/app/rpc/queries/comments.clj
@@ -1,82 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.queries.comments
-  (:require
-   [app.db :as db]
-   [app.rpc.commands.comments :as cmd.comments]
-   [app.rpc.commands.files :as cmd.files]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.queries.teams :as teams]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-(defn decode-row
-  [{:keys [participants position] :as row}]
-  (cond-> row
-    (db/pgpoint? position) (assoc :position (db/decode-pgpoint position))
-    (db/pgobject? participants) (assoc :participants (db/decode-transit-pgobject participants))))
-
-;; --- QUERY: Comment Threads
-
-(s/def ::comment-threads ::cmd.comments/get-comment-threads)
-
-(sv/defmethod ::comment-threads
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} params]
-  (with-open [conn (db/open pool)]
-    (cmd.comments/retrieve-comment-threads conn params)))
-
-;; --- QUERY: Unread Comment Threads
-
-(s/def ::unread-comment-threads ::cmd.comments/get-unread-comment-threads)
-
-(sv/defmethod ::unread-comment-threads
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (teams/check-read-permissions! conn profile-id team-id)
-    (cmd.comments/retrieve-unread-comment-threads conn params)))
-
-;; --- QUERY: Single Comment Thread
-
-(s/def ::comment-thread ::cmd.comments/get-comment-thread)
-
-(sv/defmethod ::comment-thread
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id share-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (cmd.files/check-comment-permissions! conn profile-id file-id share-id)
-    (cmd.comments/get-comment-thread conn params)))
-
-;; --- QUERY: Comments
-
-(s/def ::comments ::cmd.comments/get-comments)
-
-(sv/defmethod ::comments
-  {::doc/added "1.0"
-   ::doc/deprecated "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id thread-id share-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (let [thread (db/get-by-id conn :comment-thread thread-id)]
-      (cmd.files/check-comment-permissions! conn profile-id (:file-id thread) share-id))
-    (cmd.comments/get-comments conn thread-id)))
-
-
-;; --- QUERY: Get file comments users
-
-(s/def ::file-comments-users ::cmd.comments/get-profiles-for-file-comments)
-
-(sv/defmethod ::file-comments-users
-  {::doc/deprecated "1.15"
-   ::doc/added "1.13"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id share-id]}]
-  (with-open [conn (db/open pool)]
-    (cmd.files/check-comment-permissions! conn profile-id file-id share-id)
-    (cmd.comments/get-file-comments-users conn file-id profile-id)))
--- a/backend/src/app/rpc/queries/files.clj
+++ b/backend/src/app/rpc/queries/files.clj
@@ -1,184 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.queries.files
-  (:require
-   [app.common.spec :as us]
-   [app.db :as db]
-   [app.rpc.commands.files :as cmd.files]
-   [app.rpc.commands.search :as cmd.search]
-   [app.rpc.doc :as-alias doc]
-   [app.rpc.helpers :as rph]
-   [app.rpc.queries.projects :as projects]
-   [app.rpc.queries.teams :as teams]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-;; --- Query: Project Files
-
-(s/def ::project-files ::cmd.files/get-project-files)
-
-(sv/defmethod ::project-files
-  {::doc/added "1.1"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (projects/check-read-permissions! conn profile-id project-id)
-    (cmd.files/get-project-files conn project-id)))
-
-;; --- Query: File (By ID)
-
-(s/def ::components-v2 ::us/boolean)
-(s/def ::file
-  (s/and ::cmd.files/get-file
-         (s/keys :opt-un [::components-v2])))
-
-(defn get-file
-  [conn id features]
-  (let [file   (cmd.files/get-file conn id features)
-        thumbs (cmd.files/get-object-thumbnails conn id)]
-    (assoc file :thumbnails thumbs)))
-
-(sv/defmethod ::file
-  "Retrieve a file by its ID. Only authenticated users."
-  {::doc/added "1.0"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id id features components-v2] :as params}]
-  (with-open [conn (db/open pool)]
-    (let [perms    (cmd.files/get-permissions pool profile-id id)
-          ;; BACKWARD COMPATIBILTY with the components-v2 parameter
-          features (cond-> (or features #{})
-                     components-v2 (conj "components/v2"))]
-
-      (cmd.files/check-read-permissions! perms)
-      (-> (get-file conn id features)
-          (assoc :permissions perms)))))
-
-;; --- QUERY: page
-
-(s/def ::page
-  (s/and ::cmd.files/get-page
-         (s/keys :opt-un [::components-v2])))
-
-(sv/defmethod ::page
-  "Retrieves the page data from file and returns it. If no page-id is
-  specified, the first page will be returned. If object-id is
-  specified, only that object and its children will be returned in the
-  page objects data structure.
-
-  If you specify the object-id, the page-id parameter becomes
-  mandatory.
-
-  Mainly used for rendering purposes."
-  {::doc/added "1.5"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id features components-v2] :as params}]
-  (with-open [conn (db/open pool)]
-    (cmd.files/check-read-permissions! conn profile-id file-id)
-    (let [;; BACKWARD COMPATIBILTY with the components-v2 parameter
-          features (cond-> (or features #{})
-                     components-v2 (conj "components/v2"))
-          params   (assoc params :features features)]
-
-      (cmd.files/get-page conn params))))
-
-;; --- QUERY: file-data-for-thumbnail
-
-(s/def ::file-data-for-thumbnail
-  (s/and ::cmd.files/get-file-data-for-thumbnail
-         (s/keys :opt-un [::components-v2])))
-
-(sv/defmethod ::file-data-for-thumbnail
-  "Retrieves the data for generate the thumbnail of the file. Used
-  mainly for render thumbnails on dashboard."
-  {::doc/added "1.11"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id features components-v2] :as props}]
-  (with-open [conn (db/open pool)]
-    (cmd.files/check-read-permissions! conn profile-id file-id)
-    (let [;; BACKWARD COMPATIBILTY with the components-v2 parameter
-          features (cond-> (or features #{})
-                     components-v2 (conj "components/v2"))
-          file     (cmd.files/get-file conn file-id features)]
-      {:file-id file-id
-       :revn (:revn file)
-       :page (cmd.files/get-file-data-for-thumbnail conn file)})))
-
-;; --- Query: Shared Library Files
-
-(s/def ::team-shared-files ::cmd.files/get-team-shared-files)
-
-(sv/defmethod ::team-shared-files
-  {::doc/added "1.3"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (teams/check-read-permissions! conn profile-id team-id)
-    (cmd.files/get-team-shared-files conn params)))
-
-
-;; --- Query: File Libraries used by a File
-
-(s/def ::file-libraries ::cmd.files/get-file-libraries)
-
-(sv/defmethod ::file-libraries
-  {::doc/added "1.3"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id features] :as params}]
-  (with-open [conn (db/open pool)]
-    (cmd.files/check-read-permissions! conn profile-id file-id)
-    (cmd.files/get-file-libraries conn file-id features)))
-
-
-;; --- Query: Files that use this File library
-
-(s/def ::library-using-files ::cmd.files/get-library-file-references)
-
-(sv/defmethod ::library-using-files
-  {::doc/added "1.13"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (cmd.files/check-read-permissions! conn profile-id file-id)
-    (cmd.files/get-library-file-references conn file-id)))
-
-;; --- QUERY: team-recent-files
-
-(s/def ::team-recent-files ::cmd.files/get-team-recent-files)
-
-(sv/defmethod ::team-recent-files
-  {::doc/added "1.0"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
-  (with-open [conn (db/open pool)]
-    (teams/check-read-permissions! conn profile-id team-id)
-    (cmd.files/get-team-recent-files conn team-id)))
-
-
-;; --- QUERY: get file thumbnail
-
-(s/def ::file-thumbnail ::cmd.files/get-file-thumbnail)
-
-(sv/defmethod ::file-thumbnail
-  {::doc/added "1.13"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool]} {:keys [profile-id file-id revn]}]
-  (with-open [conn (db/open pool)]
-    (cmd.files/check-read-permissions! conn profile-id file-id)
-    (-> (cmd.files/get-file-thumbnail conn file-id revn)
-        (rph/with-http-cache cmd.files/long-cache-duration))))
-
-
-;; --- QUERY: search files
-
-(s/def ::search-files ::cmd.search/search-files)
-
-(sv/defmethod ::search-files
-  {::doc/added "1.0"
-   ::doc/deprecated "1.17"}
-  [{:keys [pool]} {:keys [search-term] :as params}]
-  (when search-term
-    (cmd.search/search-files pool params)))
--- a/backend/src/app/rpc/queries/fonts.clj
+++ b/backend/src/app/rpc/queries/fonts.clj
@@ -9,30 +9,15 @@
   [app.common.spec :as us]
   [app.db :as db]
   [app.rpc.commands.files :as files]
-   [app.rpc.queries.projects :as projects]
-   [app.rpc.queries.teams :as teams]
+   [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
+   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

-;; --- Query: Team Font Variants
-
-;; TODO: deprecated, should be removed on 1.7.x
-
-(s/def ::team-id ::us/uuid)
-(s/def ::profile-id ::us/uuid)
-(s/def ::team-font-variants
-  (s/keys :req-un [::profile-id ::team-id]))
-
-(sv/defmethod ::team-font-variants
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (teams/check-read-permissions! conn profile-id team-id)
-    (db/query conn :team-font-variant
-              {:team-id team-id
-               :deleted-at nil})))
-
 ;; --- Query: Font Variants

+(s/def ::team-id ::us/uuid)
 (s/def ::file-id ::us/uuid)
 (s/def ::project-id ::us/uuid)
 (s/def ::font-variants
@@ -47,6 +32,7 @@
         (contains? o :project-id)))))

 (sv/defmethod ::font-variants
+  {::doc/added "1.7"}
  [{:keys [pool] :as cfg} {:keys [profile-id team-id file-id project-id] :as params}]
  (with-open [conn (db/open pool)]
    (cond
--- a/backend/src/app/rpc/queries/profile.clj
+++ b/backend/src/app/rpc/queries/profile.clj
@@ -6,111 +6,27 @@

 (ns app.rpc.queries.profile
  (:require
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
   [app.common.uuid :as uuid]
   [app.db :as db]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.profile :as profile]
+   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]))
+   [clojure.spec.alpha :as s]))

-;; --- Helpers & Specs
-
-(declare strip-private-attrs)
-
-(s/def ::email ::us/email)
-(s/def ::fullname ::us/string)
-(s/def ::old-password ::us/string)
-(s/def ::password ::us/string)
-(s/def ::path ::us/string)
-(s/def ::user ::us/uuid)
-(s/def ::profile-id ::us/uuid)
-(s/def ::theme ::us/string)
-
-;; --- Query: Profile (own)
-
-(declare retrieve-profile)
-(declare retrieve-additional-data)
-
-(s/def ::profile
-  (s/keys :opt-un [::profile-id]))
+(s/def ::profile ::profile/get-profile)

 (sv/defmethod ::profile
-  {:auth false}
-  [{:keys [pool] :as cfg} {:keys [profile-id] :as params}]
+  {::rpc/auth false
+   ::doc/added "1.0"
+   ::doc/deprecated "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [profile-id]}]
  ;; We need to return the anonymous profile object in two cases, when
  ;; no profile-id is in session, and when db call raises not found. In all other
  ;; cases we need to reraise the exception.
-  (or (ex/try*
-       #(some->> profile-id (retrieve-profile pool))
-       #(when (not= :not-found (:type (ex-data %))) (throw %)))
-      {:id uuid/zero
-       :fullname "Anonymous User"}))
-
-(def ^:private sql:default-profile-team
-  "select t.id, name
-     from team as t
-    inner join team_profile_rel as tp on (tp.team_id = t.id)
-    where tp.profile_id = ?
-      and tp.is_owner is true
-      and t.is_default is true")
-
-(def ^:private sql:default-profile-project
-  "select p.id, name
-     from project as p
-    inner join project_profile_rel as tp on (tp.project_id = p.id)
-    where tp.profile_id = ?
-      and tp.is_owner is true
-      and p.is_default is true
-      and p.team_id = ?")
-
-(defn retrieve-additional-data
-  [conn id]
-  (let [team    (db/exec-one! conn [sql:default-profile-team id])
-        project (db/exec-one! conn [sql:default-profile-project id (:id team)])]
-    {:default-team-id (:id team)
-     :default-project-id (:id project)}))
-
-(defn populate-additional-data
-  [conn profile]
-  (merge profile (retrieve-additional-data conn (:id profile))))
-
-(defn filter-profile-props
-  [props]
-  (into {} (filter (fn [[k _]] (simple-ident? k))) props))
-
-(defn decode-profile-row
-  [{:keys [props] :as row}]
-  (cond-> row
-    (db/pgobject? props "jsonb")
-    (assoc :props (db/decode-transit-pgobject props))))
-
-(defn retrieve-profile-data
-  [conn id]
-  (-> (db/get-by-id conn :profile id)
-      (decode-profile-row)))
-
-(defn retrieve-profile
-  [conn id]
-  (let [profile (->> (retrieve-profile-data conn id)
-                     (strip-private-attrs)
-                     (populate-additional-data conn))]
-    (update profile :props filter-profile-props)))
-
-(def ^:private sql:profile-by-email
-  "select p.* from profile as p
-    where p.email = ?
-      and (p.deleted_at is null or
-           p.deleted_at > now())")
-
-(defn retrieve-profile-data-by-email
-  [conn email]
-  (ex/ignoring
-   (db/exec-one! conn [sql:profile-by-email (str/lower email)])))
-
-;; --- Attrs Helpers
-
-(defn strip-private-attrs
-  "Only selects a publicly visible profile attrs."
-  [row]
-  (dissoc row :password :deleted-at))
+  (try
+    (-> (profile/get-profile pool profile-id)
+        (profile/strip-private-attrs)
+        (update :props profile/filter-props))
+    (catch Throwable _
+      {:id uuid/zero :fullname "Anonymous User"})))
--- a/backend/src/app/rpc/queries/projects.clj
+++ b/backend/src/app/rpc/queries/projects.clj
@@ -8,135 +8,39 @@
  (:require
   [app.common.spec :as us]
   [app.db :as db]
-   [app.rpc.permissions :as perms]
-   [app.rpc.queries.teams :as teams]
+   [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
+   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
   [clojure.spec.alpha :as s]))

-;; --- Check Project Permissions
-
-(def ^:private sql:project-permissions
-  "select tpr.is_owner,
-          tpr.is_admin,
-          tpr.can_edit
-     from team_profile_rel as tpr
-    inner join project as p on (p.team_id = tpr.team_id)
-    where p.id = ?
-      and tpr.profile_id = ?
-   union all
-   select ppr.is_owner,
-          ppr.is_admin,
-          ppr.can_edit
-     from project_profile_rel as ppr
-    where ppr.project_id = ?
-      and ppr.profile_id = ?")
-
-(defn- get-permissions
-  [conn profile-id project-id]
-  (let [rows     (db/exec! conn [sql:project-permissions
-                                 project-id profile-id
-                                 project-id profile-id])
-        is-owner (boolean (some :is-owner rows))
-        is-admin (boolean (some :is-admin rows))
-        can-edit (boolean (some :can-edit rows))]
-     (when (seq rows)
-       {:is-owner is-owner
-        :is-admin (or is-owner is-admin)
-        :can-edit (or is-owner is-admin can-edit)
-        :can-read true})))
-
-(def has-edit-permissions?
-  (perms/make-edition-predicate-fn get-permissions))
-
-(def has-read-permissions?
-  (perms/make-read-predicate-fn get-permissions))
-
-(def check-edition-permissions!
-  (perms/make-check-fn has-edit-permissions?))
-
-(def check-read-permissions!
-  (perms/make-check-fn has-read-permissions?))
-
 ;; --- Query: Projects

-(declare retrieve-projects)
-
 (s/def ::team-id ::us/uuid)
 (s/def ::profile-id ::us/uuid)
 (s/def ::projects
  (s/keys :req-un [::profile-id ::team-id]))

 (sv/defmethod ::projects
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
  [{:keys [pool]} {:keys [profile-id team-id]}]
  (with-open [conn (db/open pool)]
    (teams/check-read-permissions! conn profile-id team-id)
-    (retrieve-projects conn profile-id team-id)))
-
-(def sql:projects
-  "select p.*,
-          coalesce(tpp.is_pinned, false) as is_pinned,
-          (select count(*) from file as f
-            where f.project_id = p.id
-              and deleted_at is null) as count
-     from project as p
-    inner join team as t on (t.id = p.team_id)
-     left join team_project_profile_rel as tpp
-            on (tpp.project_id = p.id and
-                tpp.team_id = p.team_id and
-                tpp.profile_id = ?)
-    where p.team_id = ?
-      and p.deleted_at is null
-      and t.deleted_at is null
-    order by p.modified_at desc")
-
-(defn retrieve-projects
-  [conn profile-id team-id]
-  (db/exec! conn [sql:projects profile-id team-id]))
-
+    (projects/get-projects conn profile-id team-id)))

 ;; --- Query: All projects

-(declare retrieve-all-projects)
-
 (s/def ::profile-id ::us/uuid)
 (s/def ::all-projects
  (s/keys :req-un [::profile-id]))

 (sv/defmethod ::all-projects
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
  [{:keys [pool]} {:keys [profile-id]}]
  (with-open [conn (db/open pool)]
-    (retrieve-all-projects conn profile-id)))
-
-(def sql:all-projects
-  "select p1.*, t.name as team_name, t.is_default as is_default_team
-     from project as p1
-    inner join team as t on (t.id = p1.team_id)
-    where t.id in (select team_id
-                     from team_profile_rel as tpr
-                    where tpr.profile_id = ?
-                      and (tpr.can_edit = true or
-                           tpr.is_owner = true or
-                           tpr.is_admin = true))
-      and t.deleted_at is null
-      and p1.deleted_at is null
-   union
-   select p2.*, t.name as team_name, t.is_default as is_default_team
-     from project as p2
-    inner join team as t on (t.id = p2.team_id)
-    where p2.id in (select project_id
-                     from project_profile_rel as ppr
-                    where ppr.profile_id = ?
-                      and (ppr.can_edit = true or
-                           ppr.is_owner = true or
-                           ppr.is_admin = true))
-      and t.deleted_at is null
-      and p2.deleted_at is null
-    order by team_name, name;")
-
-(defn retrieve-all-projects
-  [conn profile-id]
-  (db/exec! conn [sql:all-projects profile-id profile-id]))
-
+    (projects/get-all-projects conn profile-id)))

 ;; --- Query: Project

@@ -145,9 +49,11 @@
  (s/keys :req-un [::profile-id ::id]))

 (sv/defmethod ::project
+  {::doc/added "1.0"
+   ::doc/deprecated "1.18"}
  [{:keys [pool]} {:keys [profile-id id]}]
  (with-open [conn (db/open pool)]
    (let [project (db/get-by-id conn :project id)]
-      (check-read-permissions! conn profile-id id)
+      (projects/check-read-permissions! conn profile-id id)
      project)))

--- a/backend/src/app/rpc/queries/share_link.clj
+++ b/backend/src/app/rpc/queries/share_link.clj
@@ -1,23 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.queries.share-link
-  (:require
-   [app.db :as db]))
-
-(defn decode-share-link-row
-  [row]
-  (-> row
-      (dissoc :flags)
-      (update :pages db/decode-pgarray #{})))
-
-(defn retrieve-share-link
-  [conn file-id share-id]
-  (some-> (db/get-by-params conn :share-link
-                            {:id share-id :file-id file-id}
-                            {:check-not-found false})
-          (decode-share-link-row)))
-
--- a/backend/src/app/rpc/queries/teams.clj
+++ b/backend/src/app/rpc/queries/teams.clj
@@ -1,249 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.rpc.queries.teams
-  (:require
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.db :as db]
-   [app.rpc.permissions :as perms]
-   [app.rpc.queries.profile :as profile]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
-
-;; --- Team Edition Permissions
-
-(def ^:private sql:team-permissions
-  "select tpr.is_owner,
-          tpr.is_admin,
-          tpr.can_edit
-     from team_profile_rel as tpr
-     join team as t on (t.id = tpr.team_id)
-    where tpr.profile_id = ?
-      and tpr.team_id = ?
-      and t.deleted_at is null")
-
-(defn get-permissions
-  [conn profile-id team-id]
-  (let [rows     (db/exec! conn [sql:team-permissions profile-id team-id])
-        is-owner (boolean (some :is-owner rows))
-        is-admin (boolean (some :is-admin rows))
-        can-edit (boolean (some :can-edit rows))]
-     (when (seq rows)
-       {:is-owner is-owner
-        :is-admin (or is-owner is-admin)
-        :can-edit (or is-owner is-admin can-edit)
-        :can-read true})))
-
-(def has-edit-permissions?
-  (perms/make-edition-predicate-fn get-permissions))
-
-(def has-read-permissions?
-  (perms/make-read-predicate-fn get-permissions))
-
-(def check-edition-permissions!
-  (perms/make-check-fn has-edit-permissions?))
-
-(def check-read-permissions!
-  (perms/make-check-fn has-read-permissions?))
-
-;; --- Query: Teams
-
-(declare retrieve-teams)
-
-(s/def ::profile-id ::us/uuid)
-(s/def ::teams
-  (s/keys :req-un [::profile-id]))
-
-(sv/defmethod ::teams
-  [{:keys [pool] :as cfg} {:keys [profile-id]}]
-  (with-open [conn (db/open pool)]
-    (retrieve-teams conn profile-id)))
-
-(def sql:teams
-  "select t.*,
-          tp.is_owner,
-          tp.is_admin,
-          tp.can_edit,
-          (t.id = ?) as is_default
-     from team_profile_rel as tp
-     join team as t on (t.id = tp.team_id)
-    where t.deleted_at is null
-      and tp.profile_id = ?
-    order by tp.created_at asc")
-
-(defn process-permissions
-  [team]
-  (let [is-owner    (:is-owner team)
-        is-admin    (:is-admin team)
-        can-edit    (:can-edit team)
-        permissions {:type :membership
-                     :is-owner is-owner
-                     :is-admin (or is-owner is-admin)
-                     :can-edit (or is-owner is-admin can-edit)}]
-    (-> team
-        (dissoc :is-owner :is-admin :can-edit)
-        (assoc :permissions permissions))))
-
-(defn retrieve-teams
-  [conn profile-id]
-  (let [defaults (profile/retrieve-additional-data conn profile-id)]
-    (->> (db/exec! conn [sql:teams (:default-team-id defaults) profile-id])
-         (mapv process-permissions))))
-
-;; --- Query: Team (by ID)
-
-(declare retrieve-team)
-
-(s/def ::id ::us/uuid)
-(s/def ::team
-  (s/keys :req-un [::profile-id ::id]))
-
-(sv/defmethod ::team
-  [{:keys [pool] :as cfg} {:keys [profile-id id]}]
-  (with-open [conn (db/open pool)]
-    (retrieve-team conn profile-id id)))
-
-(defn retrieve-team
-  [conn profile-id team-id]
-  (let [defaults (profile/retrieve-additional-data conn profile-id)
-        sql      (str "WITH teams AS (" sql:teams ") SELECT * FROM teams WHERE id=?")
-        result   (db/exec-one! conn [sql (:default-team-id defaults) profile-id team-id])]
-    (when-not result
-      (ex/raise :type :not-found
-                :code :team-does-not-exist))
-    (process-permissions result)))
-
-
-;; --- Query: Team Members
-
-(declare retrieve-team-members)
-
-(s/def ::team-id ::us/uuid)
-(s/def ::team-members
-  (s/keys :req-un [::profile-id ::team-id]))
-
-(sv/defmethod ::team-members
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
-  (with-open [conn (db/open pool)]
-    (check-read-permissions! conn profile-id team-id)
-    (retrieve-team-members conn team-id)))
-
-(def sql:team-members
-  "select tp.*,
-          p.id,
-          p.email,
-          p.fullname as name,
-          p.fullname as fullname,
-          p.photo_id,
-          p.is_active
-     from team_profile_rel as tp
-     join profile as p on (p.id = tp.profile_id)
-    where tp.team_id = ?")
-
-(defn retrieve-team-members
-  [conn team-id]
-  (db/exec! conn [sql:team-members team-id]))
-
-
-;; --- Query: Team Users
-
-(declare retrieve-users)
-(declare retrieve-team-for-file)
-
-(s/def ::file-id ::us/uuid)
-(s/def ::team-users
-  (s/and (s/keys :req-un [::profile-id]
-                 :opt-un [::team-id ::file-id])
-         #(or (:team-id %) (:file-id %))))
-
-(sv/defmethod ::team-users
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id file-id]}]
-  (with-open [conn (db/open pool)]
-    (if team-id
-      (do
-        (check-read-permissions! conn profile-id team-id)
-        (retrieve-users conn team-id))
-      (let [{team-id :id} (retrieve-team-for-file conn file-id)]
-        (check-read-permissions! conn profile-id team-id)
-        (retrieve-users conn team-id)))))
-
-;; This is a similar query to team members but can contain more data
-;; because some user can be explicitly added to project or file (not
-;; implemented in UI)
-
-(def sql:team-users
-  "select pf.id, pf.fullname, pf.photo_id
-     from profile as pf
-    inner join team_profile_rel as tpr on (tpr.profile_id = pf.id)
-    where tpr.team_id = ?
-    union
-   select pf.id, pf.fullname, pf.photo_id
-     from profile as pf
-    inner join project_profile_rel as ppr on (ppr.profile_id = pf.id)
-    inner join project as p on (ppr.project_id = p.id)
-    where p.team_id = ?
-   union
-   select pf.id, pf.fullname, pf.photo_id
-     from profile as pf
-    inner join file_profile_rel as fpr on (fpr.profile_id = pf.id)
-    inner join file as f on (fpr.file_id = f.id)
-    inner join project as p on (f.project_id = p.id)
-    where p.team_id = ?")
-
-(def sql:team-by-file
-  "select p.team_id as id
-     from project as p
-     join file as f on (p.id = f.project_id)
-    where f.id = ?")
-
-(defn retrieve-users
-  [conn team-id]
-  (db/exec! conn [sql:team-users team-id team-id team-id]))
-
-(defn retrieve-team-for-file
-  [conn file-id]
-  (->> [sql:team-by-file file-id]
-       (db/exec-one! conn)))
-
-;; --- Query: Team Stats
-
-(declare retrieve-team-stats)
-
-(s/def ::team-stats
-  (s/keys :req-un [::profile-id ::team-id]))
-
-(sv/defmethod ::team-stats
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
-  (with-open [conn (db/open pool)]
-    (check-read-permissions! conn profile-id team-id)
-    (retrieve-team-stats conn team-id)))
-
-(def sql:team-stats
-  "select (select count(*) from project where team_id = ?) as projects,
-          (select count(*) from file as f join project as p on (p.id = f.project_id) where p.team_id = ?) as files")
-
-(defn retrieve-team-stats
-  [conn team-id]
-  (db/exec-one! conn [sql:team-stats team-id team-id]))
-
-
-;; --- Query: Team invitations
-
-(s/def ::team-id ::us/uuid)
-(s/def ::team-invitations
-  (s/keys :req-un [::profile-id ::team-id]))
-
-(def sql:team-invitations
-  "select email_to as email, role, (valid_until < now()) as expired 
-   from team_invitation where team_id = ? order by valid_until desc")
-
-(sv/defmethod ::team-invitations
-  [{:keys [pool] :as cfg} {:keys [profile-id team-id]}]
-  (with-open [conn (db/open pool)]
-    (check-read-permissions! conn profile-id team-id)
-    (->> (db/exec! conn [sql:team-invitations team-id])
-         (mapv #(update % :role keyword)))))
--- a/backend/src/app/rpc/queries/viewer.clj
+++ b/backend/src/app/rpc/queries/viewer.clj
@@ -8,6 +8,7 @@
  (:require
   [app.common.spec :as us]
   [app.db :as db]
+   [app.rpc :as-alias rpc]
   [app.rpc.commands.viewer :as viewer]
   [app.rpc.doc :as-alias doc]
   [app.util.services :as sv]
@@ -19,9 +20,9 @@
         (s/keys :opt-un [::components-v2])))

 (sv/defmethod ::view-only-bundle
-  {:auth false
+  {::rpc/auth false
   ::doc/added "1.3"
-   ::doc/deprecated "1.17"}
+   ::doc/deprecated "1.18"}
  [{:keys [pool] :as cfg} {:keys [features components-v2] :as params}]
  (with-open [conn (db/open pool)]
    (let [;; BACKWARD COMPATIBILTY with the components-v2 parameter
--- a/backend/src/app/rpc/quotes.clj
+++ b/backend/src/app/rpc/quotes.clj
@@ -0,0 +1,360 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.quotes
+  "Penpot resource usage quotes."
+  (:require
+   [app.common.exceptions :as ex]
+   [app.common.logging :as l]
+   [app.common.spec :as us]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.util.time :as dt]
+   [app.worker :as wrk]
+   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]))
+
+(defmulti check-quote ::id)
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; PUBLIC API
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(s/def ::conn ::db/conn-or-pool)
+(s/def ::file-id ::us/uuid)
+(s/def ::team-id ::us/uuid)
+(s/def ::project-id ::us/uuid)
+(s/def ::profile-id ::us/uuid)
+(s/def ::incr (s/and int? pos?))
+(s/def ::target ::us/string)
+
+(s/def ::quote
+  (s/keys :req [::id ::profile-id]
+          :opt [::conn
+                ::team-id
+                ::project-id
+                ::file-id
+                ::incr]))
+
+(def ^:private enabled (volatile! true))
+
+(defn enable!
+  "Enable quotes checking at runtime (from server REPL)."
+  []
+  (vswap! enabled (constantly true)))
+
+(defn disable!
+  "Disable quotes checking at runtime (from server REPL)."
+  []
+  (vswap! enabled (constantly false)))
+
+(defn check-quote!
+  [conn quote]
+  (us/assert! ::db/conn-or-pool conn)
+  (us/assert! ::quote quote)
+  (when (contains? cf/flags :quotes)
+    (when @enabled
+      (check-quote (assoc quote ::conn conn ::target (name (::id quote)))))))
+
+(defn- send-notification!
+  [{:keys [::conn] :as params}]
+  (l/warn :hint "max quote reached"
+          :target (::target params)
+          :profile-id (some-> params ::profile-id str)
+          :team-id (some-> params ::team-id str)
+          :project-id (some-> params ::project-id str)
+          :file-id (some-> params ::file-id str)
+          :quote (::quote params)
+          :total (::total params)
+          :incr  (::inc params 1))
+
+  (when-let [admins (seq (cf/get :admins))]
+    (let [subject (str/istr "[quotes:notification]: max quote reached ~(::target params)")
+          content (str/istr "- Param: profile-id '~(::profile-id params)}'\n"
+                            "- Param: team-id '~(::team-id params)'\n"
+                            "- Param: project-id '~(::project-id params)'\n"
+                            "- Param: file-id '~(::file-id params)'\n"
+                            "- Quote ID: '~(::target params)'\n"
+                            "- Max: ~(::quote params)\n"
+                            "- Total: ~(::total params) (INCR ~(::incr params 1))\n")]
+      (wrk/submit! {::wrk/task :sendmail
+                    ::wrk/delay (dt/duration "30s")
+                    ::wrk/max-retries 4
+                    ::wrk/priority 200
+                    ::wrk/conn conn
+                    ::wrk/dedupe true
+                    ::wrk/label "quotes-notification"
+                    :to (vec admins)
+                    :subject subject
+                    :body [{:type "text/plain"
+                            :content content}]}))))
+
+(defn- generic-check!
+  [{:keys [::conn ::incr ::quote-sql ::count-sql ::default ::target] :or {incr 1} :as params}]
+  (let [quote (->> (db/exec! conn quote-sql)
+                   (map :quote)
+                   (reduce max (- Integer/MAX_VALUE)))
+        quote (if (pos? quote) quote default)
+        total (->> (db/exec! conn count-sql) first :total)]
+
+    (when (> (+ total incr) quote)
+      (if (contains? cf/flags :soft-quotes)
+        (send-notification! (assoc params ::quote quote ::total total))
+        (ex/raise :type :restriction
+                  :code :max-quote-reached
+                  :target target
+                  :quote quote
+                  :count total)))))
+
+(def ^:private sql:get-quotes-1
+  "select id, quote from usage_quote
+    where target = ?
+      and profile_id = ?
+      and team_id is null
+      and project_id is null
+      and file_id is null;")
+
+(def ^:private sql:get-quotes-2
+  "select id, quote from usage_quote
+    where target = ?
+      and ((team_id = ? and (profile_id = ? or profile_id is null)) or
+           (profile_id = ? and team_id is null and project_id is null and file_id is null));")
+
+(def ^:private sql:get-quotes-3
+  "select id, quote from usage_quote
+    where target = ?
+      and ((project_id = ? and (profile_id = ? or profile_id is null)) or
+           (team_id = ? and (profile_id = ? or profile_id is null)) or
+           (profile_id = ? and team_id is null and project_id is null and file_id is null));")
+
+(def ^:private sql:get-quotes-4
+  "select id, quote from usage_quote
+    where target = ?
+      and ((file_id = ? and (profile_id = ? or profile_id is null)) or
+           (project_id = ? and (profile_id = ? or profile_id is null)) or
+           (team_id = ? and (profile_id = ? or profile_id is null)) or
+           (profile_id = ? and team_id is null and project_id is null and file_id is null));")
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: TEAMS-PER-PROFILE
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-teams-per-profile
+  "select count(*) as total
+     from team_profile_rel
+    where profile_id = ?")
+
+(s/def ::profile-id ::us/uuid)
+(s/def ::teams-per-profile
+  (s/keys :req [::profile-id ::target]))
+
+(defmethod check-quote ::teams-per-profile
+  [{:keys [::profile-id ::target] :as quote}]
+  (us/assert! ::teams-per-profile quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-teams-per-profile Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-1 target profile-id])
+      (assoc ::count-sql [sql:get-teams-per-profile profile-id])
+      (generic-check!)))
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: ACCESS-TOKENS-PER-PROFILE
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-access-tokens-per-profile
+  "select count(*) as total
+     from access_token
+    where profile_id = ?")
+
+(s/def ::access-tokens-per-profile
+  (s/keys :req [::profile-id ::target]))
+
+(defmethod check-quote ::access-tokens-per-profile
+  [{:keys [::profile-id ::target] :as quote}]
+  (us/assert! ::access-tokens-per-profile quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-access-tokens-per-profile Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-1 target profile-id])
+      (assoc ::count-sql [sql:get-access-tokens-per-profile profile-id])
+      (generic-check!)))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: PROJECTS-PER-TEAM
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-projects-per-team
+  "select count(*) as total
+     from project as p
+    where p.team_id = ?
+      and p.deleted_at is null")
+
+(s/def ::team-id ::us/uuid)
+(s/def ::projects-per-team
+  (s/keys :req [::profile-id ::team-id ::target]))
+
+(defmethod check-quote ::projects-per-team
+  [{:keys [::profile-id ::team-id ::target] :as quote}]
+  (-> quote
+      (assoc ::default (cf/get :quotes-projects-per-team Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-2 target team-id profile-id profile-id])
+      (assoc ::count-sql [sql:get-projects-per-team team-id])
+      (generic-check!)))
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: FONT-VARIANTS-PER-TEAM
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-font-variants-per-team
+  "select count(*) as total
+     from team_font_variant as v
+     where v.team_id = ?")
+
+(s/def ::font-variants-per-team
+  (s/keys :req [::profile-id ::team-id ::target]))
+
+(defmethod check-quote ::font-variants-per-team
+  [{:keys [::profile-id ::team-id ::target] :as quote}]
+  (us/assert! ::font-variants-per-team quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-font-variants-per-team Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-2 target team-id profile-id profile-id])
+      (assoc ::count-sql [sql:get-font-variants-per-team team-id])
+      (generic-check!)))
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: INVITATIONS-PER-TEAM
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-invitations-per-team
+  "select count(*) as total
+     from team_invitation
+    where team_id = ?")
+
+(s/def ::invitations-per-team
+  (s/keys :req [::profile-id ::team-id ::target]))
+
+(defmethod check-quote ::invitations-per-team
+  [{:keys [::profile-id ::team-id ::target] :as quote}]
+  (us/assert! ::invitations-per-team quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-invitations-per-team Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-2 target team-id profile-id profile-id])
+      (assoc ::count-sql [sql:get-invitations-per-team team-id])
+      (generic-check!)))
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: PROFILES-PER-TEAM
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-profiles-per-team
+  "select (select count(*)
+             from team_profile_rel
+            where team_id = ?) +
+          (select count(*)
+             from team_invitation
+            where team_id = ?
+              and valid_until > now()) as total;")
+
+;; NOTE: the total number of profiles is determined by the number of
+;; effective members plus ongoing valid invitations.
+
+(s/def ::profiles-per-team
+  (s/keys :req [::profile-id ::team-id ::target]))
+
+(defmethod check-quote ::profiles-per-team
+  [{:keys [::profile-id ::team-id ::target] :as quote}]
+  (us/assert! ::profiles-per-team quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-profiles-per-team Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-2 target team-id profile-id profile-id])
+      (assoc ::count-sql [sql:get-profiles-per-team team-id team-id])
+      (generic-check!)))
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: FILES-PER-PROJECT
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-files-per-project
+  "select count(*) as total
+     from file as f
+    where f.project_id = ?
+      and f.deleted_at is null")
+
+(s/def ::project-id ::us/uuid)
+(s/def ::files-per-project
+  (s/keys :req [::profile-id ::project-id ::team-id ::target]))
+
+(defmethod check-quote ::files-per-project
+  [{:keys [::profile-id ::project-id ::team-id ::target] :as quote}]
+  (us/assert! ::files-per-project quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-files-per-project Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-3 target project-id profile-id team-id profile-id profile-id])
+      (assoc ::count-sql [sql:get-files-per-project project-id])
+      (generic-check!)))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: COMMENT-THREADS-PER-FILE
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-comment-threads-per-file
+  "select count(*) as total
+     from comment_thread as ct
+    where ct.file_id = ?")
+
+(s/def ::comment-threads-per-file
+  (s/keys :req [::profile-id ::project-id ::team-id ::target]))
+
+(defmethod check-quote ::comment-threads-per-file
+  [{:keys [::profile-id ::file-id ::team-id ::project-id ::target] :as quote}]
+  (us/assert! ::files-per-project quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-comment-threads-per-file Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-4 target file-id profile-id project-id
+                          profile-id team-id profile-id profile-id])
+      (assoc ::count-sql [sql:get-comment-threads-per-file file-id])
+      (generic-check!)))
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: COMMENTS-PER-FILE
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:get-comments-per-file
+  "select count(*) as total
+     from comment as c
+     join comment_thread as ct on (ct.id = c.thread_id)
+    where ct.file_id = ?")
+
+(s/def ::comments-per-file
+  (s/keys :req [::profile-id ::project-id ::team-id ::target]))
+
+(defmethod check-quote ::comments-per-file
+  [{:keys [::profile-id ::file-id ::team-id ::project-id ::target] :as quote}]
+  (us/assert! ::files-per-project quote)
+  (-> quote
+      (assoc ::default (cf/get :quotes-comments-per-file Integer/MAX_VALUE))
+      (assoc ::quote-sql [sql:get-quotes-4 target file-id profile-id project-id
+                          profile-id team-id profile-id profile-id])
+      (assoc ::count-sql [sql:get-comments-per-file file-id])
+      (generic-check!)))
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; QUOTE: DEFAULT
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defmethod check-quote :default
+  [{:keys [::id]}]
+  (ex/raise :type :internal
+            :code :quote-not-defined
+            :quote id
+            :hint "backend using a quote identifier not defined"))
--- a/backend/src/app/rpc/retry.clj
+++ b/backend/src/app/rpc/retry.clj
@@ -5,23 +5,23 @@
 ;; Copyright (c) KALEIDOS INC

 (ns app.rpc.retry
-  "A fault tolerance helpers. Allow retry some operations that we know
-  we can retry."
+  "A fault tolerance RPC middleware. Allow retry some operations that we
+  know we can retry."
  (:require
   [app.common.logging :as l]
+   [app.util.retry :refer [conflict-exception?]]
   [app.util.services :as sv]
   [promesa.core :as p]))

 (defn conflict-db-insert?
  "Check if exception matches a insertion conflict on postgresql."
  [e]
-  (and (instance? org.postgresql.util.PSQLException e)
-       (= "23505" (.getSQLState e))))
+  (conflict-exception? e))
+
+(def always-false (constantly false))

 (defn wrap-retry
-  [_ f {:keys [::matches ::sv/name]
-        :or {matches (constantly false)}
-        :as mdata}]
+  [_ f {:keys [::matches ::sv/name] :or {matches always-false} :as mdata}]

  (when (::enabled mdata)
    (l/debug :hint "wrapping retry" :name name))
@@ -29,8 +29,8 @@
  (if-let [max-retries (::max-retries mdata)]
    (fn [cfg params]
      (letfn [(run [retry]
-                (-> (f cfg params)
-                    (p/catch (partial handle-error retry))))
+                (->> (f cfg params)
+                     (p/merr (partial handle-error retry))))

              (handle-error [retry cause]
                (if (matches cause)
@@ -40,6 +40,6 @@
                      (run current-retry)
                      (throw cause)))
                  (throw cause)))]
-        (run 0)))
+        (run 1)))
    f))

--- a/backend/src/app/rpc/rlimit.clj
+++ b/backend/src/app/rpc/rlimit.clj
@@ -52,7 +52,7 @@
   [app.config :as cf]
   [app.http :as-alias http]
   [app.loggers.audit :refer [parse-client-ip]]
-   [app.redis :as redis]
+   [app.redis :as rds]
   [app.redis.script :as-alias rscript]
   [app.rpc :as-alias rpc]
   [app.rpc.rlimit.result :as-alias lresult]
@@ -71,7 +71,7 @@
  (dt/duration 400))

 (def ^:private default-options
-  {:codec redis/string-codec
+  {:codec rds/string-codec
   :timeout default-timeout})

 (def ^:private bucket-rate-limit-script
@@ -141,23 +141,23 @@
  (let [script (-> bucket-rate-limit-script
                   (assoc ::rscript/keys [(str key "." service "." user-id)])
                   (assoc ::rscript/vals (conj params (dt/->seconds now))))]
-    (-> (redis/eval! redis script)
-        (p/then (fn [result]
-                  (let [allowed?  (boolean (nth result 0))
-                        remaining (nth result 1)
-                        reset     (* (/ (inst-ms interval) rate)
-                                     (- capacity remaining))]
-                    (l/trace :hint "limit processed"
-                             :service service
-                             :limit (name (::name limit))
-                             :strategy (name (::strategy limit))
-                             :opts (::opts limit)
+    (->> (rds/eval! redis script)
+         (p/fmap (fn [result]
+                   (let [allowed?  (boolean (nth result 0))
+                         remaining (nth result 1)
+                         reset     (* (/ (inst-ms interval) rate)
+                                      (- capacity remaining))]
+                     (l/trace :hint "limit processed"
+                              :service service
+                              :limit (name (::name limit))
+                              :strategy (name (::strategy limit))
+                              :opts (::opts limit)
                             :allowed? allowed?
                             :remaining remaining)
-                    (-> limit
-                        (assoc ::lresult/allowed? allowed?)
-                        (assoc ::lresult/reset (dt/plus now reset))
-                        (assoc ::lresult/remaining remaining))))))))
+                     (-> limit
+                         (assoc ::lresult/allowed? allowed?)
+                         (assoc ::lresult/reset (dt/plus now reset))
+                         (assoc ::lresult/remaining remaining))))))))

 (defmethod process-limit :window
  [redis user-id now {:keys [::nreq ::unit ::key ::service] :as limit}]
@@ -166,94 +166,113 @@
        script (-> window-rate-limit-script
                   (assoc ::rscript/keys [(str key "." service "." user-id "." (dt/format-instant ts))])
                   (assoc ::rscript/vals [nreq (dt/->seconds ttl)]))]
-    (-> (redis/eval! redis script)
-        (p/then (fn [result]
-                  (let [allowed?  (boolean (nth result 0))
-                        remaining (nth result 1)]
-                    (l/trace :hint "limit processed"
-                             :service service
-                             :limit (name (::name limit))
-                             :strategy (name (::strategy limit))
-                             :opts (::opts limit)
-                             :allowed? allowed?
+    (->> (rds/eval! redis script)
+         (p/fmap (fn [result]
+                   (let [allowed?  (boolean (nth result 0))
+                         remaining (nth result 1)]
+                     (l/trace :hint "limit processed"
+                              :service service
+                              :limit (name (::name limit))
+                              :strategy (name (::strategy limit))
+                              :opts (::opts limit)
+                              :allowed? allowed?
                             :remaining remaining)
-                    (-> limit
-                        (assoc ::lresult/allowed? allowed?)
-                        (assoc ::lresult/remaining remaining)
-                        (assoc ::lresult/reset (dt/plus ts {unit 1})))))))))
+                     (-> limit
+                         (assoc ::lresult/allowed? allowed?)
+                         (assoc ::lresult/remaining remaining)
+                         (assoc ::lresult/reset (dt/plus ts {unit 1})))))))))

-(defn- process-limits
+(defn- process-limits!
  [redis user-id limits now]
-  (-> (p/all (map (partial process-limit redis user-id now) limits))
-      (p/then (fn [results]
-                (let [remaining (->> results
-                                     (d/index-by ::name ::lresult/remaining)
-                                     (uri/map->query-string))
-                      reset     (->> results
-                                     (d/index-by ::name (comp dt/->seconds ::lresult/reset))
-                                     (uri/map->query-string))
-                      rejected  (->> results
-                                     (filter (complement ::lresult/allowed?))
-                                     (first))]
+  (->> (p/all (map (partial process-limit redis user-id now) limits))
+       (p/fmap (fn [results]
+                 (let [remaining (->> results
+                                      (d/index-by ::name ::lresult/remaining)
+                                      (uri/map->query-string))
+                       reset     (->> results
+                                      (d/index-by ::name (comp dt/->seconds ::lresult/reset))
+                                      (uri/map->query-string))
+                       rejected  (->> results
+                                      (filter (complement ::lresult/allowed?))
+                                      (first))]

-                  (when rejected
-                    (l/warn :hint "rejected rate limit"
-                            :user-id (str user-id)
-                            :limit-service (-> rejected ::service name)
-                            :limit-name (-> rejected ::name name)
-                            :limit-strategy (-> rejected ::strategy name)))
+                   (when rejected
+                     (l/warn :hint "rejected rate limit"
+                             :user-id (str user-id)
+                             :limit-service (-> rejected ::service name)
+                             :limit-name (-> rejected ::name name)
+                             :limit-strategy (-> rejected ::strategy name)))

-                  {:enabled? true
-                   :allowed? (not (some? rejected))
-                   :headers  {"x-rate-limit-remaining" remaining
-                              "x-rate-limit-reset" reset}})))))
+                   {:enabled? true
+                    :allowed? (not (some? rejected))
+                    :headers  {"x-rate-limit-remaining" remaining
+                               "x-rate-limit-reset" reset}})))))

 (defn- handle-response
  [f cfg params result]
  (if (:enabled? result)
    (let [headers (:headers result)]
-      (when-not (:allowed? result)
-        (ex/raise :type :rate-limit
-                  :code :request-blocked
-                  :hint "rate limit reached"
-                  ::http/headers headers))
-      (-> (f cfg params)
-          (p/then (fn [response]
-                    (vary-meta response update ::http/headers merge headers)))))
+      (if (:allowed? result)
+        (->> (f cfg params)
+             (p/fmap (fn [response]
+                       (vary-meta response update ::http/headers merge headers))))
+        (p/rejected
+         (ex/error :type :rate-limit
+                   :code :request-blocked
+                   :hint "rate limit reached"
+                   ::http/headers headers))))
    (f cfg params)))

+(defn- get-limits
+  [state skey sname]
+  (some->> (or (get-in @state [::limits skey])
+               (get-in @state [::limits :default]))
+           (map #(assoc % ::service sname))
+           (seq)))
+
+(defn- get-uid
+  [{:keys [::http/request] :as params}]
+  (or (::rpc/profile-id params)
+      (some-> request parse-client-ip)
+      uuid/zero))
+
 (defn wrap
-  [{:keys [rlimit redis] :as cfg} f mdata]
+  [{:keys [::rpc/rlimit ::rds/redis] :as cfg} f mdata]
+  (us/assert! ::rpc/rlimit rlimit)
+  (us/assert! ::rds/redis redis)
+
  (if rlimit
    (let [skey  (keyword (::rpc/type cfg) (->> mdata ::sv/spec name))
          sname (str (::rpc/type cfg) "." (->> mdata ::sv/spec name))]
-      (fn [cfg {:keys [::http/request] :as params}]
-        (let [uid (or (:profile-id params)
-                      (some-> request parse-client-ip)
-                      uuid/zero)

-              rsp (when (and uid @enabled?)
-                    (when-let [limits (or (get-in @rlimit [::limits skey])
-                                          (get-in @rlimit [::limits :default]))]
-                      (let [redis  (redis/get-or-connect redis ::rlimit default-options)
-                            limits (map #(assoc % ::service sname) limits)
-                            resp   (-> (process-limits redis uid limits (dt/now))
-                                       (p/catch (fn [cause]
-                                                  ;; If we have an error on processing the rate-limit we just skip
-                                                  ;; it for do not cause service interruption because of redis
-                                                  ;; downtime or similar situation.
-                                                  (l/error :hint "error on processing rate-limit" :cause cause)
-                                                  {:enabled? false})))]
+      (fn [cfg params]
+        (if @enabled?
+          (try
+            (let [uid (get-uid params)
+                  rsp (when-let [limits (get-limits rlimit skey sname)]
+                        (let [redis (rds/get-or-connect redis ::rpc/rlimit default-options)
+                              rsp   (->> (process-limits! redis uid limits (dt/now))
+                                         (p/merr (fn [cause]
+                                                   ;; If we have an error on processing the rate-limit we just skip
+                                                   ;; it for do not cause service interruption because of redis
+                                                   ;; downtime or similar situation.
+                                                   (l/error :hint "error on processing rate-limit" :cause cause)
+                                                   (p/resolved {:enabled? false}))))]

-                        ;; If soft rate are enabled, we process the rate-limit but return unprotected
-                        ;; response.
-                        (if (contains? cf/flags :soft-rpc-rlimit)
-                          (p/resolved {:enabled? false})
-                          resp))))
+                          ;; If soft rate are enabled, we process the rate-limit but return unprotected
+                          ;; response.
+                          (if (contains? cf/flags :soft-rpc-rlimit)
+                            {:enabled? false}
+                            rsp)))]

-              rsp (or rsp (p/resolved {:enabled? false}))]
+              (->> (p/promise rsp)
+                   (p/fmap #(or % {:enabled? false}))
+                   (p/mcat #(handle-response f cfg params %))))

-          (p/then rsp (partial handle-response f cfg params)))))
+            (catch Throwable cause
+              (p/rejected cause)))
+
+          (f cfg params))))
    f))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -289,8 +308,9 @@
         (s/keys :req [::nreq
                       ::unit]))))

-(s/def ::rlimit
-  #(instance? clojure.lang.Agent %))
+(s/def ::rpc/rlimit
+  (s/nilable
+   #(instance? clojure.lang.Agent %)))

 (s/def ::config
  (s/map-of (s/or :kw keyword? :set set?)
@@ -332,7 +352,7 @@
         ::limits limits}))))

 (defn- refresh-config
-  [{:keys [state path executor scheduled-executor] :as params}]
+  [{:keys [::state ::path ::wrk/executor ::wrk/scheduled-executor] :as cfg}]
  (letfn [(update-config [{:keys [::updated-at] :as state}]
            (let [updated-at' (fs/last-modified-time path)]
              (merge state
@@ -349,7 +369,7 @@
          (schedule-next [state]
            (px/schedule! scheduled-executor
                          (inst-ms (::refresh state))
-                          (partial refresh-config params))
+                          (partial refresh-config cfg))
            state)]

    (send-via executor state update-config)
@@ -371,10 +391,11 @@
    (and (fs/exists? path) (fs/regular-file? path) path)))

 (defmethod ig/pre-init-spec :app.rpc/rlimit [_]
-  (s/keys :req-un [::wrk/executor ::wrk/scheduled-executor]))
+  (s/keys :req [::wrk/executor
+                ::wrk/scheduled-executor]))

 (defmethod ig/init-key ::rpc/rlimit
-  [_ {:keys [executor] :as params}]
+  [_ {:keys [::wrk/executor] :as cfg}]
  (when (contains? cf/flags :rpc-rlimit)
    (let [state (agent {})]
      (set-error-handler! state on-refresh-error)
@@ -387,6 +408,6 @@
        (send-via executor state (constantly {::refresh (dt/duration "5s")}))

        ;; Force a refresh
-        (refresh-config (assoc params :path path :state state)))
+        (refresh-config (assoc cfg ::path path ::state state)))

      state)))
--- a/backend/src/app/setup.clj
+++ b/backend/src/app/setup.clj
@@ -68,5 +68,5 @@
    (let [secret (or key (generate-random-key))]
      (-> (retrieve-all conn)
          (assoc :secret-key secret)
-          (assoc :tokens-key (keys/derive secret :salt "tokens" :size 32))
+          (assoc :tokens-key (keys/derive secret :salt "tokens"))
          (update :instance-id handle-instance-id conn (db/read-only? pool))))))
--- a/backend/src/app/setup/keys.clj
+++ b/backend/src/app/setup/keys.clj
@@ -13,7 +13,7 @@

 (defn derive
  "Derive a key from secret-key"
-  [secret-key & {:keys [salt size]}]
+  [secret-key & {:keys [salt size] :or {size 32}}]
  (us/assert! ::us/not-empty-string secret-key)
  (let [engine (bk/engine {:key secret-key
                           :salt salt
--- a/backend/src/app/srepl.clj
+++ b/backend/src/app/srepl.clj
@@ -9,7 +9,11 @@
  (:require
   [app.common.logging :as l]
   [app.common.spec :as us]
+   [app.config :as cf]
+   [app.srepl.ext]
   [app.srepl.main]
+   [app.util.json :as json]
+   [app.util.locks :as locks]
   [clojure.core.server :as ccs]
   [clojure.main :as cm]
   [clojure.spec.alpha :as s]
@@ -20,39 +24,59 @@
  (ccs/repl-init)
  (in-ns 'app.srepl.main))

-(defn repl
+(defn user-repl
  []
  (cm/repl
   :init repl-init
   :read ccs/repl-read))

+(defn json-repl
+  []
+  (let [out  *out*
+        lock (locks/create)]
+    (ccs/prepl *in*
+               (fn [m]
+                 (binding [*out* out, *flush-on-newline* true, *print-readably* true]
+                   (locks/locking lock
+                     (println (json/encode-str m))))))))
+
 ;; --- State initialization

-(s/def ::name ::us/not-empty-string)
-(s/def ::port int?)
+(s/def ::port ::us/integer)
 (s/def ::host ::us/not-empty-string)
+(s/def ::flag #{:urepl-server :prepl-server})
+(s/def ::type #{::prepl ::urepl})
+(s/def ::key (s/tuple ::type ::us/keyword))

 (defmethod ig/pre-init-spec ::server
  [_]
-  (s/keys :opt-un [::port ::host ::name]))
+  (s/keys :req [::flag]
+          :req-un [::port ::host]))

 (defmethod ig/prep-key ::server
-  [_ cfg]
-  (merge {:name "main"} cfg))
+  [[type _] cfg]
+  (assoc cfg ::flag (keyword (str (name type) "-server"))))

 (defmethod ig/init-key ::server
-  [_ {:keys [port host name] :as cfg}]
-  (when (and port host name)
-    (l/info :msg "initializing server repl" :port port :host host :name name)
-    (ccs/start-server {:address host
-                       :port port
-                       :name name
-                       :accept 'app.srepl/repl})
-    cfg))
+  [[type _] {:keys [::flag port host] :as cfg}]
+  (when (contains? cf/flags flag)
+    (let [accept (case type
+                   ::prepl 'app.srepl/json-repl
+                   ::urepl 'app.srepl/user-repl)
+          params {:address host
+                  :port port
+                  :name (name type)
+                  :accept accept}]
+
+      (l/info :msg "initializing repl server"
+              :name (name type)
+              :port port
+              :host host)
+
+      (ccs/start-server params)
+
+      params)))

 (defmethod ig/halt-key! ::server
-  [_ cfg]
-  (when cfg
-    (ccs/stop-server (:name cfg))))
-
-
+  [_ params]
+  (some-> params :name ccs/stop-server))
--- a/backend/src/app/srepl/ext.clj
+++ b/backend/src/app/srepl/ext.clj
@@ -0,0 +1,77 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.srepl.ext
+  "PREPL API for external usage (CLI or ADMIN)"
+  (:require
+   [app.auth :as auth]
+   [app.common.exceptions :as ex]
+   [app.common.uuid :as uuid]
+   [app.db :as db]
+   [app.rpc.commands.auth :as cmd.auth]
+   [app.util.json :as json]
+   [cuerdas.core :as str]))
+
+(defn- get-current-system
+  []
+  (or (deref (requiring-resolve 'app.main/system))
+      (deref (requiring-resolve 'user/system))))
+
+(defmulti ^:private run-json-cmd* ::cmd)
+
+(defn run-json-cmd
+  "Entry point with external tools integrations that uses PREPL
+  interface for interacting with running penpot backend."
+  [data]
+  (let [data (json/decode data)
+        params (merge {::cmd (keyword (:cmd data "default"))}
+                      (:params data))]
+    (run-json-cmd* params)))
+
+(defmethod run-json-cmd* :create-profile
+  [{:keys [fullname email password is-active]
+    :or {is-active true}}]
+  (when-let [system (get-current-system)]
+    (db/with-atomic [conn (:app.db/pool system)]
+      (let [params  {:id (uuid/next)
+                     :email email
+                     :fullname fullname
+                     :is-active is-active
+                     :password password
+                     :props {}}]
+        (->> (cmd.auth/create-profile! conn params)
+             (cmd.auth/create-profile-rels! conn))))))
+
+(defmethod run-json-cmd* :update-profile
+  [{:keys [fullname email password is-active]}]
+  (when-let [system (get-current-system)]
+    (db/with-atomic [conn (:app.db/pool system)]
+      (let [params (cond-> {}
+                     (some? fullname)
+                     (assoc :fullname fullname)
+
+                     (some? password)
+                     (assoc :password (auth/derive-password password))
+
+                     (some? is-active)
+                     (assoc :is-active is-active))]
+        (when (seq params)
+          (let [res (db/update! conn :profile
+                                params
+                                {:email email
+                                 :deleted-at nil}
+                                {:return-keys false})]
+            (pos? (:next.jdbc/update-count res))))))))
+
+(defmethod run-json-cmd* :derive-password
+  [{:keys [password]}]
+  (auth/derive-password password))
+
+(defmethod run-json-cmd* :default
+  [{:keys [::cmd]}]
+  (ex/raise :type :internal
+            :code :not-implemented
+            :hint (str/ffmt "command '%' not implemented" (name cmd))))
--- a/Show More
+++ b/Show More