Merge pull request #2255 from SkynetLabs/renovate/skynetlabs-webportal-health-check-1.x

chore(deps): update skynetlabs/webportal-health-check docker tag to v1
2022-10-07 · 2022-10-06 01:47:34 +02:00 · 2022-10-05 23:46:59 +00:00 · 2022-10-05 21:07:44 +02:00 · 2022-10-05 19:04:22 +00:00 · 2022-10-05 09:56:53 +02:00
569 changed files with 140 additions and 58155 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -0,0 +1 @@
 * @kwypchlo @meeh0w
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,50 +1,6 @@
 version: 2
 updates:
  - package-ecosystem: npm
    directory: "/packages/dashboard"
    schedule:
      interval: monthly
  - package-ecosystem: npm
    directory: "/packages/dnslink-api"
    schedule:
      interval: monthly
  - package-ecosystem: npm
    directory: "/packages/handshake-api"
    schedule:
      interval: monthly
  - package-ecosystem: npm
    directory: "/packages/health-check"
    schedule:
      interval: monthly
  - package-ecosystem: npm
    directory: "/packages/website"
    schedule:
      interval: monthly
  - package-ecosystem: docker
    directory: "/docker/nginx"
    schedule:
      interval: monthly
  - package-ecosystem: docker
    directory: "/docker/sia"
    schedule:
      interval: monthly
  - package-ecosystem: docker
    directory: "/packages/dashboard"
    schedule:
      interval: monthly
  - package-ecosystem: docker
    directory: "/packages/dnslink-api"
    schedule:
      interval: monthly
  - package-ecosystem: docker
    directory: "/packages/handshake-api"
    schedule:
      interval: monthly
  - package-ecosystem: docker
    directory: "/packages/health-check"
    schedule:
      interval: monthly
  - package-ecosystem: docker
    directory: "/packages/website"
    schedule:
      interval: monthly
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,71 +0,0 @@
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
 # ******** NOTE ********
 # We have attempted to detect the languages in your repository. Please check
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
 name: "CodeQL"
 on:
  push:
    branches: [ main ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ main ]
  schedule:
    - cron: '32 21 * * 0'
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [ 'javascript', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
        # Learn more:
        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
        # queries: ./path/to/local/query, your-org/your-repo/queries@main
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1
    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
    #    and modify them (or add more) to build your code if your project
    #    uses a compiled language
    #- run: |
    #   make bootstrap
    #   make release
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/deploy-dashboard-v2-storybook.yml
+++ b/.github/workflows/deploy-dashboard-v2-storybook.yml
@ -1,31 +0,0 @@
 name: Build Storybook - packages/dashboard-v2
 on:
  push:
    branches:
      - master
    paths:
      - "packages/dashboard-v2/**"
  pull_request:
    paths:
      - "packages/dashboard-v2/**"
 defaults:
  run:
    working-directory: packages/dashboard-v2
 jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn install
      - run: yarn build-storybook
      - name: "Deploy to Skynet"
        uses: skynetlabs/deploy-to-skynet-action@v2
        with:
          upload-dir: packages/dashboard-v2/storybook-build
          github-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/deploy-website.yml
+++ b/.github/workflows/deploy-website.yml
@ -1,54 +0,0 @@
 name: Deploy website to Skynet
 on:
  push:
    branches:
      - master
    paths:
      - "packages/website/**"
  pull_request:
    paths:
      - "packages/website/**"
 defaults:
  run:
    working-directory: packages/website
 env:
  PORTAL_DOMAIN: siasky.net
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 16.x
          cache: yarn
          cache-dependency-path: packages/website/yarn.lock
      - run: yarn
      - run: yarn build
      - name: "Integration tests"
        uses: cypress-io/github-action@v3
        env:
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          working-directory: packages/website
          install: false
          record: true
          start: yarn develop
          wait-on: http://localhost:8000
          wait-on-timeout: 120
          config: baseUrl=http://localhost:8000
      - name: "Deploy to Skynet"
        uses: skynetlabs/deploy-to-skynet-action@v2
        with:
          upload-dir: packages/website/public
          github-token: ${{ secrets.GITHUB_TOKEN }}
          registry-seed: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' && secrets.WEBSITE_REGISTRY_SEED || '' }}
--- a/.github/workflows/lint-dockerfiles.yml
+++ b/.github/workflows/lint-dockerfiles.yml
@ -1,29 +0,0 @@
 name: Dockerfile Lint
 on:
  push:
    branches:
      - master
  pull_request:
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        dockerfile:
          - docker/nginx/Dockerfile
          - docker/nginx/testing/Dockerfile
          - docker/sia/Dockerfile
          - packages/dashboard/Dockerfile
          - packages/dashboard-v2/Dockerfile
          - packages/dnslink-api/Dockerfile
          - packages/handshake-api/Dockerfile
          - packages/health-check/Dockerfile
          - packages/website/Dockerfile
    steps:
      - uses: actions/checkout@v3
      - uses: hadolint/hadolint-action@v2.0.0
        with:
          dockerfile: ${{ matrix.dockerfile }}
--- a/.github/workflows/lint-packages-dashboard-v2.yml
+++ b/.github/workflows/lint-packages-dashboard-v2.yml
@ -1,24 +0,0 @@
 name: Lint - packages/dashboard-v2
 on:
  pull_request:
    paths:
      - packages/dashboard-v2/**
 defaults:
  run:
    working-directory: packages/dashboard-v2
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check
      - run: yarn lint
--- a/.github/workflows/lint-packages-dashboard.yml
+++ b/.github/workflows/lint-packages-dashboard.yml
@ -1,24 +0,0 @@
 name: Lint - packages/dashboard
 on:
  pull_request:
    paths:
      - packages/dashboard/**
 defaults:
  run:
    working-directory: packages/dashboard
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
      - run: yarn next lint
--- a/.github/workflows/lint-packages-dnslink-api.yml
+++ b/.github/workflows/lint-packages-dnslink-api.yml
@ -1,23 +0,0 @@
 name: Lint - packages/dnslink-api
 on:
  pull_request:
    paths:
      - packages/dnslink-api/**
 defaults:
  run:
    working-directory: packages/dnslink-api
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/lint-packages-handshake-api.yml
+++ b/.github/workflows/lint-packages-handshake-api.yml
@ -1,23 +0,0 @@
 name: Lint - packages/handshake-api
 on:
  pull_request:
    paths:
      - packages/handshake-api/**
 defaults:
  run:
    working-directory: packages/handshake-api
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/lint-packages-health-check.yml
+++ b/.github/workflows/lint-packages-health-check.yml
@ -1,23 +0,0 @@
 name: Lint - packages/health-check
 on:
  pull_request:
    paths:
      - packages/health-check/**
 defaults:
  run:
    working-directory: packages/health-check
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/lint-packages-website.yml
+++ b/.github/workflows/lint-packages-website.yml
@ -1,23 +0,0 @@
 name: Lint - packages/website
 on:
  pull_request:
    paths:
      - packages/website/**
 defaults:
  run:
    working-directory: packages/website
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/nginx-lua-unit-tests.yml
+++ b/.github/workflows/nginx-lua-unit-tests.yml
@ -1,46 +0,0 @@
 # Install and run unit tests with busted
 # Docs: http://olivinelabs.com/busted/
 name: Nginx Lua Unit Tests
 on:
  push:
    branches:
      - master
    paths:
      - docker/nginx/libs/**
  pull_request:
    paths:
      - docker/nginx/libs/**
 jobs:
  test:
    runs-on: ubuntu-latest
    container: openresty/openresty:1.19.9.1-focal
    steps:
      - uses: actions/checkout@v3
      - name: Install Dependencies
        run: |
          luarocks install lua-resty-http
          luarocks install hasher
          luarocks install busted
          luarocks install luacov
          luarocks install luacheck
      - name: Lint Code With Luacheck
        run: luacheck docker/nginx/libs --std ngx_lua+busted
      - name: Run Tests With Busted
        # ran from root repo directory; produces luacov.stats.out file
        run: docker/nginx/testing/rbusted --lpath='docker/nginx/libs/?.lua;docker/nginx/libs/?/?.lua' --verbose --coverage --pattern=spec docker/nginx/libs
      - name: Generate Code Coverage Report With Luacov
        # requires config file in cwd; produces luacov.report.out file
        run: cp docker/nginx/testing/.luacov . && luacov && rm .luacov
      - uses: codecov/codecov-action@v3
        with:
          root_dir: ${GITHUB_WORKSPACE}
          files: ./luacov.report.out
          flags: nginx-lua
--- a/.github/workflows/test-packages-health-check.yml
+++ b/.github/workflows/test-packages-health-check.yml
@ -1,23 +0,0 @@
 name: Test - packages/health-check
 on:
  pull_request:
    paths:
      - packages/health-check/**
 defaults:
  run:
    working-directory: packages/health-check
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn jest
--- a/.gitignore
+++ b/.gitignore
@ -67,10 +67,6 @@ yarn-error.log
 # Yarn Integrity file
 .yarn-integrity
 # Cypress
 packages/website/cypress/screenshots
 packages/website/cypress/videos
 # Docker data
 docker/data
--- a/README.md
+++ b/README.md
@ -8,23 +8,6 @@ supports is located at https://portal-docs.skynetlabs.com/.
 Some scripts and setup documentation contained in this repository
 (`skynet-webportal`) may be outdated and generally should not be used.
 ## Web application
 Change current directory with `cd packages/website`.
 Use `yarn start` to start the development server.
 Use `yarn build` to compile the application to `/public` directory.
 You can use the below build parameters to customize your web application.
 - development example `GATSBY_API_URL=https://siasky.dev yarn start`
 - production example `GATSBY_API_URL=https://siasky.net yarn build`
 List of available parameters:
 - `GATSBY_API_URL`: override api url (defaults to location origin)
 ## License
 Skynet uses a custom [License](./LICENSE.md). The Skynet License is a source code license that allows you to use, modify
@ -33,19 +16,3 @@ and distribute the software, but you must preserve the payment mechanism in the
 For the purposes of complying with our code license, you can use the following Siacoin address:
 `fb6c9320bc7e01fbb9cd8d8c3caaa371386928793c736837832e634aaaa484650a3177d6714a`
 ## Running a Portal
 For those interested in running a Webportal, head over to our developer docs [here](https://portal-docs.skynetlabs.com/) to learn more.
 ## Contributing
 ### Testing Your Code
 Before pushing your code, you should verify that it will pass our online test suite.
 **Cypress Tests**
 Verify the Cypress test suite by doing the following:
 1. In one terminal screen run `GATSBY_API_URL=https://siasky.net website serve`
 1. In a second terminal screen run `yarn cypress run`
--- a/31
+++ b/31
@ -5,56 +5,59 @@
 # would use docker-compose with the only difference being that you don't need to specify compose files. For more
 # information you can run `./dc` or `./dc help`.
-if [ -f .env ]; then
+# get current working directory of this script and prefix all files with it to
-  OLD_IFS=$IFS
+# be able to call this script from anywhere and not only root directory of
-  IFS=$'\n'
+# skynet-webportal project
-  for x in $(grep -v '^#.*' .env); do export $x; done
+cwd="$(dirname -- "$0";)";
-  IFS=$OLD_IFS
+
 # get portal modules configuration from .env file (if defined more than once, the last one is used)
 if [[ -f "${cwd}/.env" ]]; then
  PORTAL_MODULES=$(grep -e "^PORTAL_MODULES=" ${cwd}/.env | tail -1 | sed "s/PORTAL_MODULES=//")
 fi
 # include base docker compose file
-COMPOSE_FILES="-f docker-compose.yml"
+COMPOSE_FILES="-f ${cwd}/docker-compose.yml"
 for i in $(seq 1 ${#PORTAL_MODULES}); do
  # accounts module - alias "a"
  if [[ ${PORTAL_MODULES:i-1:1} == "a" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.accounts.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.accounts.yml"
  fi
  # blocker module - alias "b"
  if [[ ${PORTAL_MODULES:i-1:1} == "b" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.blocker.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.blocker.yml"
  fi
  # jaeger module - alias "j"
  if [[ ${PORTAL_MODULES:i-1:1} == "j" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.jaeger.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.jaeger.yml"
  fi
  # malware-scanner module - alias "s"
  if [[ ${PORTAL_MODULES:i-1:1} == "s" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.blocker.yml -f docker-compose.mongodb.yml -f docker-compose.malware-scanner.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.blocker.yml -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.malware-scanner.yml"
  fi
  # mongodb module - alias "m"
  if [[ ${PORTAL_MODULES:i-1:1} == "m" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml"
  fi
  # abuse-scanner module - alias "u"
  if [[ ${PORTAL_MODULES:i-1:1} == "u" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.blocker.yml -f docker-compose.abuse-scanner.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.blocker.yml -f ${cwd}/docker-compose.abuse-scanner.yml"
  fi
  # pinner module - alias "p"
  if [[ ${PORTAL_MODULES:i-1:1} == "p" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.pinner.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.pinner.yml"
  fi
 done
 # override file if exists
 if [[ -f docker-compose.override.yml ]]; then
-  COMPOSE_FILES+=" -f docker-compose.override.yml"
+  COMPOSE_FILES+=" -f ${cwd}/docker-compose.override.yml"
 fi
 docker-compose $COMPOSE_FILES $@
--- a/docker-compose.abuse-scanner.yml
+++ b/docker-compose.abuse-scanner.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -10,7 +10,7 @@ services:
  abuse-scanner:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/abuse-scanner.git#main
-    image: skynetlabs/abuse-scanner:0.1.1
+    image: skynetlabs/abuse-scanner:0.4.0
    container_name: abuse-scanner
    restart: unless-stopped
    logging: *default-logging
@ -36,3 +36,6 @@ services:
    depends_on:
      - mongo
      - blocker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /tmp:/tmp
--- a/docker-compose.accounts.yml
+++ b/docker-compose.accounts.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -22,7 +22,7 @@ services:
  accounts:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/skynet-accounts.git#main
-    image: skynetlabs/skynet-accounts:1.1.0
+    image: skynetlabs/skynet-accounts:1.3.0
    container_name: accounts
    restart: unless-stopped
    logging: *default-logging
@ -57,48 +57,21 @@ services:
  dashboard:
    # uncomment "build" and comment out "image" to build from sources
    # build:
-    #   context: https://github.com/SkynetLabs/skynet-webportal.git#master
+    #   context: https://github.com/SkynetLabs/webportal-accounts-dashboard.git#main
-    #   dockerfile: ./packages/dashboard/Dockerfile
+    #   dockerfile: Dockerfile
-    image: skynetlabs/dashboard
+    image: skynetlabs/webportal-accounts-dashboard:2.1.1
    container_name: dashboard
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    environment:
      - NEXT_PUBLIC_PORTAL_DOMAIN=${PORTAL_DOMAIN}
      - NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}
    volumes:
-      - ./docker/data/dashboard/.next:/usr/app/.next
+      - ./docker/data/dashboard/.cache:/usr/app/.cache
      - ./docker/data/dashboard/public:/usr/app/public
    networks:
      shared:
        ipv4_address: 10.10.10.85
    expose:
-      - 3000
+      - 9000
    depends_on:
      - mongo
  # Do not build dashboard-v2 until we're ready to make a switch
  # ============================================================
  # dashboard-v2:
  #   build:
  #     context: ./packages/dashboard-v2
  #     dockerfile: Dockerfile
  #   container_name: dashboard-v2
  #   restart: unless-stopped
  #   logging: *default-logging
  #   env_file:
  #     - .env
  #   environment:
  #     - GATSBY_PORTAL_DOMAIN=${PORTAL_DOMAIN}
  #     - GATSBY_STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}
  #   volumes:
  #     - ./docker/data/dashboard-v2/.cache:/usr/app/.cache
  #     - ./docker/data/dashboard-v2/public:/usr/app/public
  #   networks:
  #     shared:
  #       ipv4_address: 10.10.10.86
  #   expose:
  #     - 9000
  #   depends_on:
  #     - mongo
--- a/docker-compose.blocker.yml
+++ b/docker-compose.blocker.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -15,7 +15,7 @@ services:
  blocker:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/blocker.git#main
-    image: skynetlabs/blocker:0.1.1
+    image: skynetlabs/blocker:0.1.2
    container_name: blocker
    restart: unless-stopped
    logging: *default-logging
--- a/docker-compose.jaeger.yml
+++ b/docker-compose.jaeger.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -21,7 +21,7 @@ services:
      - JAEGER_REPORTER_LOG_SPANS=false
  jaeger-agent:
-    image: jaegertracing/jaeger-agent:1.32.0
+    image: jaegertracing/jaeger-agent:1.38.1
    command:
      [
        "--reporter.grpc.host-port=jaeger-collector:14250",
@ -43,7 +43,7 @@ services:
      - jaeger-collector
  jaeger-collector:
-    image: jaegertracing/jaeger-collector:1.32.0
+    image: jaegertracing/jaeger-collector:1.38.1
    entrypoint: /wait_to_start.sh
    container_name: jaeger-collector
    restart: on-failure
@ -68,7 +68,7 @@ services:
      - elasticsearch
  jaeger-query:
-    image: jaegertracing/jaeger-query:1.32.0
+    image: jaegertracing/jaeger-query:1.38.1
    entrypoint: /wait_to_start.sh
    container_name: jaeger-query
    restart: on-failure
@ -93,7 +93,7 @@ services:
      - elasticsearch
  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.13.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.6
    container_name: elasticsearch
    restart: on-failure
    logging: *default-logging
--- a/docker-compose.malware-scanner.yml
+++ b/docker-compose.malware-scanner.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -17,10 +17,6 @@ services:
      - ./docker/clamav/clamd.conf:/etc/clamav/clamd.conf:ro
    expose:
      - 3310 # NEVER expose this outside of the local network!
    deploy:
      resources:
        limits:
          cpus: "${CLAMAV_CPU:-0.50}"
    networks:
      shared:
        ipv4_address: 10.10.10.100
--- a/docker-compose.mongodb.yml
+++ b/docker-compose.mongodb.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -14,7 +14,7 @@ services:
      - MONGODB_PASSWORD=${SKYNET_DB_PASS}
  mongo:
-    image: mongo:4.4.1
+    image: mongo:4.4.17
    command: --keyFile=/data/mgkey --replSet=${SKYNET_DB_REPLICASET:-skynet} --setParameter ShardingTaskExecutorPoolMinSize=10
    container_name: mongo
    restart: unless-stopped
--- a/docker-compose.pinner.yml
+++ b/docker-compose.pinner.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -10,12 +10,14 @@ services:
  pinner:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/pinner.git#main
-    image: skynetlabs/pinner:0.1.0
+    image: skynetlabs/pinner:0.7.8
    container_name: pinner
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    volumes:
      - ./docker/data/pinner/logs:/logs
    environment:
      - PINNER_LOG_LEVEL=${PINNER_LOG_LEVEL:-info}
    expose:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -15,17 +15,19 @@ networks:
 services:
  sia:
-    build:
+    # uncomment "build" and comment out "image" to build from sources
-      context: ./docker/sia
+    # build:
-      dockerfile: Dockerfile
+    #   context: https://github.com/SkynetLabs/docker-skyd.git#main
-      args:
+    #   dockerfile: scratch/Dockerfile
-        branch: portal-latest
+    #   args:
    #     branch: master
    image: skynetlabs/skyd:1.6.9
    command: --disable-api-security --api-addr :9980 --modules gctwra
    container_name: sia
    restart: unless-stopped
    stop_grace_period: 5m
    logging: *default-logging
    environment:
      - SIA_MODULES=gctwra
      - SKYD_DISK_CACHE_ENABLED=${SKYD_DISK_CACHE_ENABLED:-true}
      - SKYD_DISK_CACHE_SIZE=${SKYD_DISK_CACHE_SIZE:-53690000000} # 50GB
      - SKYD_DISK_CACHE_MIN_HITS=${SKYD_DISK_CACHE_MIN_HITS:-3}
@ -41,7 +43,24 @@ services:
      - 9980
  certbot:
-    image: certbot/dns-route53:v1.25.0
+    # replace this image with the image supporting your dns provider from
    # https://hub.docker.com/r/certbot/certbot and adjust CERTBOT_ARGS env variable
    # note: you will need to authenticate your dns request so consult the plugin docs
    # configuration https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins
    #
    # =================================================================================
    # example docker-compose.yml changes required for Cloudflare dns provider:
    #
    # image: certbot/dns-cloudflare
    # environment:
    #   - CERTBOT_ARGS=--dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini
    #
    # create ./docker/data/certbot/cloudflare.ini file with the following content:
    # dns_cloudflare_api_token = <api key generated at https://dash.cloudflare.com/profile/api-tokens>
    #
    # make sure that the file has 0400 permissions with:
    # chmod 0400 ./docker/data/certbot/cloudflare.ini
    image: certbot/dns-route53:v1.31.0
    entrypoint: sh /entrypoint.sh
    container_name: certbot
    restart: unless-stopped
@ -57,9 +76,9 @@ services:
  nginx:
    # uncomment "build" and comment out "image" to build from sources
    # build:
-    #   context: https://github.com/SkynetLabs/skynet-webportal.git#master
+    #   context: https://github.com/SkynetLabs/webportal-nginx.git#main
-    #   dockerfile: ./docker/nginx/Dockerfile
+    #   dockerfile: Dockerfile
-    image: skynetlabs/nginx
+    image: skynetlabs/webportal-nginx:1.0.0
    container_name: nginx
    restart: unless-stopped
    logging: *default-logging
@ -72,10 +91,6 @@ services:
      - ./docker/data/nginx/skynet:/data/nginx/skynet:ro
      - ./docker/data/sia/apipassword:/data/sia/apipassword:ro
      - ./docker/data/certbot:/etc/letsencrypt
      - ./docker/nginx/libs:/etc/nginx/libs
      - ./docker/nginx/conf.d:/etc/nginx/conf.d
      - ./docker/nginx/conf.d.templates:/etc/nginx/templates
      - ./docker/nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf
    networks:
      shared:
        ipv4_address: 10.10.10.30
@ -91,9 +106,9 @@ services:
  website:
    # uncomment "build" and comment out "image" to build from sources
    # build:
-    #   context: https://github.com/SkynetLabs/skynet-webportal.git#master
+    #   context: https://github.com/SkynetLabs/webportal-website.git#main
-    #   dockerfile: ./packages/website/Dockerfile
+    #   dockerfile: Dockerfile
-    image: skynetlabs/website
+    image: skynetlabs/webportal-website:0.2.3
    container_name: website
    restart: unless-stopped
    logging: *default-logging
@ -109,18 +124,11 @@ services:
      - 9000
  handshake:
-    image: skynetlabs/hsd:3.0.1
+    image: handshakeorg/hsd:4.0.2
-    command: --chain-migrate=2 --wallet-migrate=1
+    command: --chain-migrate=3 --no-wallet --no-auth --compact-tree-on-init --network=main --http-host=0.0.0.0
    container_name: handshake
    restart: unless-stopped
    logging: *default-logging
    environment:
      - HSD_LOG_CONSOLE=false
      - HSD_HTTP_HOST=0.0.0.0
      - HSD_NETWORK=main
      - HSD_PORT=12037
    env_file:
      - .env
    volumes:
      - ./docker/data/handshake/.hsd:/root/.hsd
    networks:
@ -132,9 +140,9 @@ services:
  handshake-api:
    # uncomment "build" and comment out "image" to build from sources
    # build:
-    #   context: https://github.com/SkynetLabs/skynet-webportal.git#master
+    #   context: https://github.com/SkynetLabs/webportal-handshake-api.git#main
-    #   dockerfile: ./packages/handshake-api/Dockerfile
+    #   dockerfile: Dockerfile
-    image: skynetlabs/handshake-api
+    image: skynetlabs/webportal-handshake-api:0.1.3
    container_name: handshake-api
    restart: unless-stopped
    logging: *default-logging
@ -156,9 +164,9 @@ services:
  dnslink-api:
    # uncomment "build" and comment out "image" to build from sources
    # build:
-    #   context: https://github.com/SkynetLabs/skynet-webportal.git#master
+    #   context: https://github.com/SkynetLabs/webportal-dnslink-api.git#main
-    #   dockerfile: ./packages/dnslink-api/Dockerfile
+    #   dockerfile: Dockerfile
-    image: skynetlabs/dnslink-api
+    image: skynetlabs/webportal-dnslink-api:0.2.1
    container_name: dnslink-api
    restart: unless-stopped
    logging: *default-logging
@ -171,9 +179,9 @@ services:
  health-check:
    # uncomment "build" and comment out "image" to build from sources
    # build:
-    #   context: https://github.com/SkynetLabs/skynet-webportal.git#master
+    #   context: https://github.com/SkynetLabs/webportal-health-check.git#main
-    #   dockerfile: ./packages/health-check/Dockerfile
+    #   dockerfile: Dockerfile
-    image: skynetlabs/health-check
+    image: skynetlabs/webportal-health-check:1.0.0
    container_name: health-check
    restart: unless-stopped
    logging: *default-logging
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@ -1,21 +0,0 @@
 FROM openresty/openresty:1.19.9.1-focal
 WORKDIR /
 RUN apt-get update && apt-get --no-install-recommends -y install bc=1.07.1-2build1 && \
    apt-get clean && rm -rf /var/lib/apt/lists/* && \
    luarocks install lua-resty-http && \
    luarocks install hasher
 # reload nginx every 6 hours (for reloading certificates)
 ENV NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS 6
 # copy entrypoint and entrypoint scripts
 COPY docker/nginx/docker-entrypoint.sh /
 COPY docker/nginx/docker-entrypoint.d /docker-entrypoint.d
 ENTRYPOINT ["/docker-entrypoint.sh"]
 STOPSIGNAL SIGQUIT
 CMD ["nginx", "-g", "daemon off;"]
--- a/docker/nginx/conf.d.templates/server.account.conf.template
+++ b/docker/nginx/conf.d.templates/server.account.conf.template
@ -1,44 +0,0 @@
 server {
 	server_name account.${PORTAL_DOMAIN}; # example: account.siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 }
 server {
 	server_name account.${PORTAL_DOMAIN}; # example: account.siasky.net
 	set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
 	set_by_lua_block $skynet_server_domain {
 		-- fall back to portal domain if server domain is not defined
 		if "${SERVER_DOMAIN}" == "" then
 			return "${PORTAL_DOMAIN}"
 		end
 		return "${SERVER_DOMAIN}"
 	}
 	include /etc/nginx/conf.d/server/server.account;
 }
 server {
 	server_name account.${SERVER_DOMAIN}; # example: account.eu-ger-1.siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
 server {
 	server_name account.${SERVER_DOMAIN}; # example: account.eu-ger-1.siasky.net
 	set_by_lua_block $skynet_portal_domain {
 		-- when accessing portal directly through server domain, portal domain should be set to server domain
 		-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
 		-- portal address and it should be server domain when accessing specific server by its domain address
 		return "${SERVER_DOMAIN}"
 	}
 	set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
 	include /etc/nginx/conf.d/server/server.account;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
--- a/docker/nginx/conf.d.templates/server.api.conf.template
+++ b/docker/nginx/conf.d.templates/server.api.conf.template
@ -1,44 +0,0 @@
 server {
 	server_name ${PORTAL_DOMAIN}; # example: siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 }
 server {
 	server_name ${PORTAL_DOMAIN}; # example: siasky.net
 	set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
 	set_by_lua_block $skynet_server_domain {
 		-- fall back to portal domain if server domain is not defined
 		if "${SERVER_DOMAIN}" == "" then
 			return "${PORTAL_DOMAIN}"
 		end
 		return "${SERVER_DOMAIN}"
 	}
 	include /etc/nginx/conf.d/server/server.api;
 }
 server {
 	server_name ${SERVER_DOMAIN}; # example: eu-ger-1.siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
 server {
 	server_name ${SERVER_DOMAIN}; # example: eu-ger-1.siasky.net
 	set_by_lua_block $skynet_portal_domain {
 		-- when accessing portal directly through server domain, portal domain should be set to server domain
 		-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
 		-- portal address and it should be server domain when accessing specific server by its domain address
 		return "${SERVER_DOMAIN}"
 	}
 	set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
 	include /etc/nginx/conf.d/server/server.api;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
--- a/docker/nginx/conf.d.templates/server.dnslink.conf.template
+++ b/docker/nginx/conf.d.templates/server.dnslink.conf.template
@ -1,25 +0,0 @@
 lua_shared_dict dnslink 10m;
 server {
    listen 80 default_server;
    include /etc/nginx/conf.d/server/server.dnslink;
 }
 server {
    listen 443 default_server;
    ssl_certificate     /etc/ssl/local-certificate.crt;
    ssl_certificate_key /etc/ssl/local-certificate.key;
    set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
    set_by_lua_block $skynet_server_domain {
        -- fall back to portal domain if server domain is not defined
        if "${SERVER_DOMAIN}" == "" then
            return "${PORTAL_DOMAIN}"
        end
        return "${SERVER_DOMAIN}"
    }
    include /etc/nginx/conf.d/server/server.dnslink;
 }
--- a/docker/nginx/conf.d.templates/server.hns.conf.template
+++ b/docker/nginx/conf.d.templates/server.hns.conf.template
@ -1,46 +0,0 @@
 server {
 	server_name *.hns.${PORTAL_DOMAIN}; # example: *.hns.siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 }
 server {
 	server_name *.hns.${PORTAL_DOMAIN}; # example: *.hns.siasky.net
 	set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
 	set_by_lua_block $skynet_server_domain {
 		-- fall back to portal domain if server domain is not defined
 		if "${SERVER_DOMAIN}" == "" then
 			return "${PORTAL_DOMAIN}"
 		end
 		return "${SERVER_DOMAIN}"
 	}
 	proxy_set_header Host ${PORTAL_DOMAIN};
 	include /etc/nginx/conf.d/server/server.hns;
 }
 server {
 	server_name *.hns.${SERVER_DOMAIN}; # example: *.hns.eu-ger-1.siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
 server {
 	server_name *.hns.${SERVER_DOMAIN}; # example: *.hns.eu-ger-1.siasky.net
 	set_by_lua_block $skynet_portal_domain {
 		-- when accessing portal directly through server domain, portal domain should be set to server domain
 		-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
 		-- portal address and it should be server domain when accessing specific server by its domain address
 		return "${SERVER_DOMAIN}"
 	}
 	set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
 	proxy_set_header Host ${SERVER_DOMAIN};
 	include /etc/nginx/conf.d/server/server.hns;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
--- a/docker/nginx/conf.d.templates/server.skylink.conf.template
+++ b/docker/nginx/conf.d.templates/server.skylink.conf.template
@ -1,44 +0,0 @@
 server {
 	server_name *.${PORTAL_DOMAIN}; # example: *.siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 }
 server {
 	server_name *.${PORTAL_DOMAIN}; # example: *.siasky.net
 	set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
 	set_by_lua_block $skynet_server_domain {
 		-- fall back to portal domain if server domain is not defined
 		if "${SERVER_DOMAIN}" == "" then
 			return "${PORTAL_DOMAIN}"
 		end
 		return "${SERVER_DOMAIN}"
 	}
 	include /etc/nginx/conf.d/server/server.skylink;
 }
 server {
 	server_name *.${SERVER_DOMAIN}; # example: *.eu-ger-1.siasky.net
 	include /etc/nginx/conf.d/server/server.http;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
 server {
 	server_name *.${SERVER_DOMAIN}; # example: *.eu-ger-1.siasky.net
 	set_by_lua_block $skynet_portal_domain {
 		-- when accessing portal directly through server domain, portal domain should be set to server domain
 		-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
 		-- portal address and it should be server domain when accessing specific server by its domain address
 		return "${SERVER_DOMAIN}"
 	}
 	set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
 	include /etc/nginx/conf.d/server/server.skylink;
 	set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
 }
--- a/docker/nginx/conf.d/dhparam.pem
+++ b/docker/nginx/conf.d/dhparam.pem
@ -1,8 +0,0 @@
 -----BEGIN DH PARAMETERS-----
 MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
 +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
 ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 -----END DH PARAMETERS-----
--- a/docker/nginx/conf.d/gzip.conf
+++ b/docker/nginx/conf.d/gzip.conf
@ -1,18 +0,0 @@
 # enables gzip compression	
 gzip on;
 # set the gzip compression level (1-9)	
 gzip_comp_level 6;
 # tells proxies to cache both gzipped and regular versions of a resource	
 gzip_vary on;
 # informs NGINX to not compress anything smaller than the defined size	
 gzip_min_length 256;
 # compress data even for clients that are connecting via proxies if a response header includes 	
 # the "expired", "no-cache", "no-store", "private", and "Authorization" parameters	
 gzip_proxied expired no-cache no-store private auth;
 # enables the types of files that can be compressed	
 gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
--- a/docker/nginx/conf.d/include/cors
+++ b/docker/nginx/conf.d/include/cors
@ -1,9 +0,0 @@
 if ($request_method = 'OPTIONS') {
    include /etc/nginx/conf.d/include/cors-headers;
    more_set_headers 'Access-Control-Max-Age: 1728000';
    more_set_headers 'Content-Type: text/plain; charset=utf-8';
    more_set_headers 'Content-Length: 0';
    return 204;
 }
 include /etc/nginx/conf.d/include/cors-headers;
--- a/docker/nginx/conf.d/include/cors-headers
+++ b/docker/nginx/conf.d/include/cors-headers
@ -1,5 +0,0 @@
 more_set_headers 'Access-Control-Allow-Origin: $http_origin';
 more_set_headers 'Access-Control-Allow-Credentials: true';
 more_set_headers 'Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS, PUT, PATCH, DELETE';
 more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,If-None-Match,Cache-Control,Content-Type,Range,X-HTTP-Method-Override,upload-offset,upload-metadata,upload-length,tus-version,tus-resumable,tus-extension,tus-max-size,upload-concat,location,Skynet-API-Key';
 more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range,ETag,Accept-Ranges,Skynet-File-Metadata,Skynet-Skylink,Skynet-Proof,Skynet-Portal-Api,Skynet-Server-Api,upload-offset,upload-metadata,upload-length,tus-version,tus-resumable,tus-extension,tus-max-size,upload-concat,location';
--- a/docker/nginx/conf.d/include/generate-siapath
+++ b/docker/nginx/conf.d/include/generate-siapath
@ -1,11 +0,0 @@
 # Extract 2 sets of 2 characters from $request_id and assign to $dir1, $dir2
 # respectfully. The rest of the $request_id is going to be assigned to $dir3.
 # We use those variables to automatically generate a unique path for the uploaded file.
 # This ensures that not all uploaded files end up in the same directory, which is something
 # that causes performance issues in the renter.
 # Example path result: /af/24/9bc5ec894920ccc45634dc9a8065
 if ($request_id ~* "(\w{2})(\w{2})(\w+)") {
    set $dir1 $1;
    set $dir2 $2;
    set $dir3 $3;
 }
--- a/docker/nginx/conf.d/include/init-optional-variables
+++ b/docker/nginx/conf.d/include/init-optional-variables
@ -1,15 +0,0 @@
 # optional variables initialisation - those variables are used in log_format
 # but are not set on every route so we need to initialise them with empty value
 # because otherwise logger with throw error
 # set only on hns routes
 set $hns_domain "";
 # set only if server has been access through SERVER_DOMAIN
 set $server_alias "";
 # expose skylink variable so we can use it in access log
 set $skylink "";
 # cached account limits (json string) - applies only if accounts are enabled
 set $account_limits "";
--- a/docker/nginx/conf.d/include/local-network-only
+++ b/docker/nginx/conf.d/include/local-network-only
@ -1,3 +0,0 @@
 allow 127.0.0.1/32;  # localhost
 allow 10.10.10.0/24; # docker network
 deny all;
--- a/docker/nginx/conf.d/include/location-hns
+++ b/docker/nginx/conf.d/include/location-hns
@ -1,94 +0,0 @@
 include /etc/nginx/conf.d/include/proxy-pass-internal;
 include /etc/nginx/conf.d/include/portal-access-check;
 # variable definititions - we need to define a variable to be able to access it in lua by ngx.var.something
 set $skylink ''; # placeholder for the raw 46 bit skylink
 # resolve handshake domain by requesting to /hnsres endpoint and assign correct values to $skylink and $rest
 rewrite_by_lua_block {
    local json = require('cjson')
    local httpc = require("resty.http").new()
    -- make a get request to /hnsres endpoint with the domain name from request_uri
    -- 10.10.10.50 points to handshake-api service (alias not available when using resty-http)
    local hnsres_res, hnsres_err = httpc:request_uri("http://10.10.10.50:3100/hnsres/" .. ngx.var.hns_domain)
    -- print error and exit with 500 or exit with response if status is not 200
    if hnsres_err or (hnsres_res and hnsres_res.status ~= ngx.HTTP_OK) then
        ngx.status = (hnsres_err and ngx.HTTP_INTERNAL_SERVER_ERROR) or hnsres_res.status
        ngx.header["content-type"] = "text/plain"
        ngx.say(hnsres_err or hnsres_res.body)
        return ngx.exit(ngx.status)
    end
    -- since /hnsres endpoint response is a json, we need to decode it before we access it
    -- example response: '{"skylink":"sia://XABvi7JtJbQSMAcDwnUnmp2FKDPjg8_tTTFP4BwMSxVdEg"}'
    local hnsres_json = json.decode(hnsres_res.body)
    -- define local variable containing rest of the skylink if provided
    local skylink_rest
    if hnsres_json.skylink then
        -- try to match the skylink with sia:// prefix
        skylink, skylink_rest = string.match(hnsres_json.skylink, "sia://([^/?]+)(.*)")
        -- in case the skylink did not match, assume that there is no sia:// prefix and try to match again
        if skylink == nil then
            skylink, skylink_rest = string.match(hnsres_json.skylink, "/?([^/?]+)(.*)")
        end
    elseif hnsres_json.registry then
        local publickey = hnsres_json.registry.publickey
        local datakey = hnsres_json.registry.datakey
        -- make a get request to /skynet/registry endpoint with the credentials from text record
        -- 10.10.10.10 points to sia service (alias not available when using resty-http)
        local registry_res, registry_err = httpc:request_uri("http://10.10.10.10:9980/skynet/registry?publickey=" .. publickey .. "&datakey=" .. datakey, {
            headers = { ["User-Agent"] = "Sia-Agent" }
        })
        -- print error and exit with 500 or exit with response if status is not 200
        if registry_err or (registry_res and registry_res.status ~= ngx.HTTP_OK) then
            ngx.status = (registry_err and ngx.HTTP_INTERNAL_SERVER_ERROR) or registry_res.status
            ngx.header["content-type"] = "text/plain"
            ngx.say(registry_err or registry_res.body)
            return ngx.exit(ngx.status)
        end
        -- since /skynet/registry endpoint response is a json, we need to decode it before we access it
        local registry_json = json.decode(registry_res.body)
        -- response will contain a hex encoded skylink, we need to decode it
        local data = (registry_json.data:gsub('..', function (cc)
            return string.char(tonumber(cc, 16))
        end))
        skylink = data
    end
    -- fail with a generic 404 if skylink has not been extracted from a valid /hnsres response for some reason
    if not skylink then
        return ngx.exit(ngx.HTTP_NOT_FOUND)
    end
    ngx.var.skylink = skylink
    if ngx.var.path == "/" and skylink_rest ~= nil and skylink_rest ~= "" and skylink_rest ~= "/" then
        ngx.var.path = skylink_rest
    end
 }
 # we proxy to another nginx location rather than directly to siad because we do not want to deal with caching here
 proxy_pass https://127.0.0.1/$skylink$path$is_args$args;
 # in case siad returns location header, we need to replace the skylink with the domain name
 header_filter_by_lua_block {
    ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
    ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
    if ngx.header.location then
        -- match location redirect part after the skylink
        local path = string.match(ngx.header.location, "[^/?]+(.*)");
        -- because siad will set the location header to ie. XABvi7JtJbQSMAcDwnUnmp2FKDPjg8_tTTFP4BwMSxVdEg/index.html
        -- we need to replace the skylink with the domain_name so we are not redirected to skylink
        ngx.header.location = ngx.var.hns_domain .. path
    end
 }
--- a/docker/nginx/conf.d/include/location-skylink
+++ b/docker/nginx/conf.d/include/location-skylink
@ -1,53 +0,0 @@
 include /etc/nginx/conf.d/include/cors;
 limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
 # ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones)
 # this is important because we want only one format in cache keys and logs
 set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) }
 # default download rate to unlimited
 set $limit_rate 0;
 access_by_lua_block {
    if require("skynet.account").accounts_enabled() then
        -- check if portal is in authenticated only mode
        if require("skynet.account").is_access_unauthorized() then
            return require("skynet.account").exit_access_unauthorized()
        end
        -- check if portal is in subscription only mode
        if require("skynet.account").is_access_forbidden() then
            return require("skynet.account").exit_access_forbidden()
        end
        -- get account limits of currently authenticated user
        local limits = require("skynet.account").get_account_limits()
        -- apply download speed limit
        ngx.var.limit_rate = limits.download
    end
 }
 limit_rate_after 512k;
 limit_rate $limit_rate;
 proxy_read_timeout 600;
 proxy_set_header User-Agent: Sia-Agent;
 proxy_pass http://sia:9980/skynet/skylink/$skylink$path$is_args$args;
 log_by_lua_block {
    local skynet_account = require("skynet.account")
    local skynet_modules = require("skynet.modules")
    local skynet_scanner = require("skynet.scanner")
    local skynet_tracker = require("skynet.tracker")
    if skynet_modules.is_enabled("a") then
        skynet_tracker.track_download(ngx.header["Skynet-Skylink"], ngx.status, skynet_account.get_auth_headers(), ngx.var.body_bytes_sent)
    end
    if skynet_modules.is_enabled("s") then
        skynet_scanner.scan_skylink(ngx.header["Skynet-Skylink"])
    end
 }
--- a/docker/nginx/conf.d/include/location-skynet-registry
+++ b/docker/nginx/conf.d/include/location-skynet-registry
@ -1,38 +0,0 @@
 include /etc/nginx/conf.d/include/cors;
 include /etc/nginx/conf.d/include/sia-auth;
 limit_req zone=registry_access_by_ip burst=600 nodelay;
 limit_req zone=registry_access_by_ip_throttled burst=200 nodelay;
 proxy_set_header User-Agent: Sia-Agent;
 proxy_read_timeout 600; # siad should timeout with 404 after 5 minutes
 proxy_pass http://sia:9980/skynet/registry;
 access_by_lua_block {
    if require("skynet.account").accounts_enabled() then
        -- check if portal is in authenticated only mode
        if require("skynet.account").is_access_unauthorized() then
            return require("skynet.account").exit_access_unauthorized()
        end
        -- check if portal is in subscription only mode
        if require("skynet.account").is_access_forbidden() then
            return require("skynet.account").exit_access_forbidden()
        end
        -- get account limits of currently authenticated user
        local limits = require("skynet.account").get_account_limits()
        -- apply registry rate limits (forced delay)
        if limits.registry > 0 then
            ngx.sleep(limits.registry / 1000)
        end
    end
 }
 log_by_lua_block {
    local skynet_account = require("skynet.account")
    local skynet_tracker = require("skynet.tracker")
    skynet_tracker.track_registry(ngx.status, skynet_account.get_auth_headers(), ngx.req.get_method())
 }
--- a/docker/nginx/conf.d/include/portal-access-check
+++ b/docker/nginx/conf.d/include/portal-access-check
@ -1,11 +0,0 @@
 access_by_lua_block {
    -- check portal access rules and exit if access is restricted
    if require("skynet.account").is_access_unauthorized() then
        return require("skynet.account").exit_access_unauthorized()
    end
    -- check if portal is in subscription only mode
    if require("skynet.account").is_access_forbidden() then
        return require("skynet.account").exit_access_forbidden()
    end
 }
--- a/docker/nginx/conf.d/include/proxy-pass-internal
+++ b/docker/nginx/conf.d/include/proxy-pass-internal
@ -1,10 +0,0 @@
 # ----------------------------------------------------------------
 # this file should be included on all locations that proxy_pass to
 # another nginx location - internal nginx traffic
 # ----------------------------------------------------------------
 # increase the timeout on internal nginx proxy_pass locations to a
 # value that is significantly higher than expected and let the end
 # location handle correct timeout
 proxy_read_timeout 30m;
 proxy_send_timeout 30m;
--- a/docker/nginx/conf.d/include/ratelimited
+++ b/docker/nginx/conf.d/include/ratelimited
@ -1,6 +0,0 @@
 # Add a list of IPs here that should be severely rate limited on upload.
 # Note that it is possible to add IP ranges as well as the full IP address.
 #
 # Examples:
 # 192.168.0.0/24 1;
 # 79.85.222.247 1;
--- a/docker/nginx/conf.d/include/sia-auth
+++ b/docker/nginx/conf.d/include/sia-auth
@ -1,4 +0,0 @@
 rewrite_by_lua_block {
    -- set basic authorization header with base64 encoded apipassword
    ngx.req.set_header("Authorization", require("skynet.utils").authorization_header())
 }
--- a/docker/nginx/conf.d/include/ssl-settings
+++ b/docker/nginx/conf.d/include/ssl-settings
@ -1,26 +0,0 @@
 # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&hsts=false&ocsp=false&guideline=5.6
 ssl_certificate /etc/letsencrypt/live/skynet-portal/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/skynet-portal/privkey.pem;
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
 ssl_session_tickets off;
 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
 ssl_dhparam /etc/nginx/conf.d/dhparam.pem;
 # intermediate configuration
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 ssl_prefer_server_ciphers off;
 # HSTS (ngx_http_headers_module is required) (63072000 seconds)
 add_header Strict-Transport-Security "max-age=63072000" always;
 # OCSP stapling
 ssl_stapling on;
 ssl_stapling_verify on;
 # verify chain of trust of OCSP response using Root CA and Intermediate certs
 ssl_trusted_certificate /etc/letsencrypt/live/skynet-portal/chain.pem;
--- a/docker/nginx/conf.d/server-override/example
+++ b/docker/nginx/conf.d/server-override/example
@ -1,7 +0,0 @@
 # Every file from within this directory will be included in the server block
 # of the nginx configuration, at the very end. See client.conf.
 #
 # Example:
 # location /blog {
 #     root /var/www/blog;
 # }
--- a/docker/nginx/conf.d/server/server.account
+++ b/docker/nginx/conf.d/server/server.account
@ -1,62 +0,0 @@
 listen 443 ssl http2;
 include /etc/nginx/conf.d/include/ssl-settings;
 include /etc/nginx/conf.d/include/init-optional-variables;
 # Uncomment to launch new Dashboard under /v2 path 
 # location /v2 {
 #   proxy_pass http://dashboard-v2:9000;
 # }
 location / {
    proxy_pass http://dashboard:3000;
 }
 location /health {
    proxy_pass http://accounts:3000;
 }
 location /stripe/webhook {
    proxy_pass http://accounts:3000;
 }
 location /api/stripe/billing {
    proxy_pass http://dashboard:3000;
 }
 location /api/stripe/checkout {
    proxy_pass http://dashboard:3000;
 }
 location /api {
    rewrite /api/(.*) /$1 break;
    proxy_pass http://accounts:3000;
 }
 location /api/register {
    include /etc/nginx/conf.d/include/cors;
    rewrite /api/(.*) /$1 break;
    proxy_pass http://accounts:3000;
 }
 location /api/user/pubkey/register {
    include /etc/nginx/conf.d/include/cors;
    rewrite /api/(.*) /$1 break;
    proxy_pass http://accounts:3000;
 }
 location /api/login {
    include /etc/nginx/conf.d/include/cors;
    rewrite /api/(.*) /$1 break;
    proxy_pass http://accounts:3000;
 }
 location /api/logout {
    include /etc/nginx/conf.d/include/cors;
    rewrite /api/(.*) /$1 break;
    proxy_pass http://accounts:3000;
 }
--- a/docker/nginx/conf.d/server/server.api
+++ b/docker/nginx/conf.d/server/server.api
@ -1,495 +0,0 @@
 listen 443 ssl http2;
 include /etc/nginx/conf.d/include/ssl-settings;
 include /etc/nginx/conf.d/include/init-optional-variables;
 # ddos protection: closing slow connections
 client_body_timeout 1h;
 client_header_timeout 1h;
 send_timeout 1h;
 proxy_connect_timeout 1h;
 proxy_read_timeout 1h;
 proxy_send_timeout 1h;
 # Increase the body buffer size, to ensure the internal POSTs can always
 # parse the full POST contents into memory.
 client_body_buffer_size 128k;
 client_max_body_size 128k;
 # legacy endpoint rewrite
 rewrite ^/portals /skynet/portals permanent;
 rewrite ^/stats /skynet/stats permanent;
 rewrite ^/skynet/blacklist /skynet/blocklist permanent;
 rewrite ^/docs(?:/(.*))?$ https://sdk.skynetlabs.com/$1 permanent;
 location / {
    include /etc/nginx/conf.d/include/cors;
    proxy_pass http://website:9000;
 }
 location /skynet/blocklist {
    include /etc/nginx/conf.d/include/cors;
    add_header X-Proxy-Cache $upstream_cache_status;
    proxy_cache skynet;
    proxy_cache_valid any 1m; # cache blocklist for 1 minute
    proxy_set_header User-Agent: Sia-Agent;
    proxy_pass http://sia:9980/skynet/blocklist;
 }
 location /skynet/portal/blocklist {
    include /etc/nginx/conf.d/include/cors;
    add_header X-Proxy-Cache $upstream_cache_status;
    proxy_cache skynet;
    proxy_cache_valid 200 204 15m; # cache portal blocklist for 15 minutes
    # 10.10.10.110 points to blocker service
    proxy_pass http://10.10.10.110:4000/blocklist;
 }
 location /skynet/portals {
    include /etc/nginx/conf.d/include/cors;
    add_header X-Proxy-Cache $upstream_cache_status;
    proxy_cache skynet;
    proxy_cache_valid any 1m; # cache portals for 1 minute
    proxy_set_header User-Agent: Sia-Agent;
    proxy_pass http://sia:9980/skynet/portals;
 }
 location /skynet/stats {
    include /etc/nginx/conf.d/include/cors;
    add_header X-Proxy-Cache $upstream_cache_status;
    proxy_cache skynet;
    proxy_cache_valid any 1m; # cache stats for 1 minute
    proxy_set_header User-Agent: Sia-Agent;
    proxy_read_timeout 5m; # extend the read timeout
    proxy_pass http://sia:9980/skynet/stats;
 }
 # Define path for server load endpoint
 location /serverload {
    # Define root directory in the nginx container to load file from
    root /usr/local/share;
    # including this because of peer pressure from the other routes
    include /etc/nginx/conf.d/include/cors;
    # tell nginx to expect json
    default_type 'application/json';
    # Allow for /serverload to load /serverload.json file
    try_files $uri $uri.json =404;
 }
 location /skynet/health {
    include /etc/nginx/conf.d/include/cors;
    add_header X-Proxy-Cache $upstream_cache_status;
    proxy_cache skynet;
    proxy_cache_key $request_uri; # use whole request uri (uri + args) as cache key
    proxy_cache_valid any 1m; # cache responses for 1 minute
    proxy_set_header User-Agent: Sia-Agent;
    proxy_read_timeout 5m; # extend the read timeout
    proxy_pass http://sia:9980;
 }
 location /health-check {
    include /etc/nginx/conf.d/include/cors;
    access_log off; # do not log traffic to health-check endpoint
    proxy_pass http://10.10.10.60:3100; # hardcoded ip because health-check waits for nginx
 }
 location /abuse {
    return 308 /0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no/;
 }
 location /abuse/report {
    include /etc/nginx/conf.d/include/cors;
    # 10.10.10.110 points to blocker service
    proxy_pass http://10.10.10.110:4000/powblock;
 }
 location /hns {
    include /etc/nginx/conf.d/include/cors;
    # match the request_uri and extract the hns domain and anything that is passed in the uri after it
    # example: /hns/something/foo/bar matches:
    # > hns_domain: something
    # > path: /foo/bar/
    set_by_lua_block $hns_domain { return string.match(ngx.var.uri, "/hns/([^/?]+)") }
    set_by_lua_block $path { return string.match(ngx.var.uri, "/hns/[^/?]+(.*)") }
    proxy_set_header Host $host;
    include /etc/nginx/conf.d/include/location-hns;
 }
 location /hnsres {
    include /etc/nginx/conf.d/include/cors;
    include /etc/nginx/conf.d/include/portal-access-check;
    proxy_pass http://handshake-api:3100;
 }
 location /skynet/registry {
    include /etc/nginx/conf.d/include/location-skynet-registry;
 }
 location /skynet/restore {
    include /etc/nginx/conf.d/include/cors;
    include /etc/nginx/conf.d/include/sia-auth;
    include /etc/nginx/conf.d/include/portal-access-check;
    client_max_body_size 5M;
    # increase request timeouts
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_request_buffering off; # stream uploaded files through the proxy as it comes in
    proxy_set_header Expect $http_expect;
    proxy_set_header User-Agent: Sia-Agent;
    # proxy this call to siad endpoint (make sure the ip is correct)
    proxy_pass http://sia:9980;
 }
 location /skynet/registry/subscription {
    include /etc/nginx/conf.d/include/cors;
    # default to unlimited bandwidth and no delay
    set $bandwidthlimit "0";
    set $notificationdelay "0";
    rewrite_by_lua_block {
        local skynet_account = require("skynet.account")
        if skynet_account.accounts_enabled() then
            -- check if portal is in authenticated only mode
            if skynet_account.is_access_unauthorized() then
                return skynet_account.exit_access_unauthorized()
            end
            -- check if portal is in subscription only mode
            if skynet_account.is_access_forbidden() then
                return skynet_account.exit_access_forbidden()
            end
            -- get account limits of currently authenticated user
            local limits = skynet_account.get_account_limits()
            -- apply bandwidth limit and notification delay
            ngx.var.bandwidthlimit = limits.download
            ngx.var.notificationdelay = limits.registry
        end
    }
    proxy_set_header User-Agent: Sia-Agent;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_pass http://sia:9980/skynet/registry/subscription?bandwidthlimit=$bandwidthlimit&notificationdelay=$notificationdelay;
 }
 location /skynet/skyfile {
    include /etc/nginx/conf.d/include/cors;
    include /etc/nginx/conf.d/include/sia-auth;
    include /etc/nginx/conf.d/include/generate-siapath;
    include /etc/nginx/conf.d/include/portal-access-check;
    limit_req zone=uploads_by_ip burst=10 nodelay;
    limit_req zone=uploads_by_ip_throttled;
    limit_conn upload_conn 5;
    limit_conn upload_conn_rl 1;
    client_max_body_size 5000M; # make sure to limit the size of upload to a sane value
    # increase request timeouts
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_request_buffering off; # stream uploaded files through the proxy as it comes in
    proxy_set_header Expect $http_expect;
    proxy_set_header User-Agent: Sia-Agent;
    # proxy this call to siad endpoint (make sure the ip is correct)
    proxy_pass http://sia:9980/skynet/skyfile/$dir1/$dir2/$dir3$is_args$args;
    log_by_lua_block {
        local skynet_account = require("skynet.account")
        local skynet_modules = require("skynet.modules")
        local skynet_scanner = require("skynet.scanner")
        local skynet_tracker = require("skynet.tracker")
        if skynet_modules.is_enabled("a") then
            skynet_tracker.track_upload(
                ngx.header["Skynet-Skylink"],
                ngx.status,
                skynet_account.get_auth_headers(),
                ngx.var.remote_addr
            )
        end
        if skynet_modules.is_enabled("s") then
            skynet_scanner.scan_skylink(ngx.header["Skynet-Skylink"])
        end
    }
 }
 # endpoint implementing resumable file uploads open protocol https://tus.io
 location /skynet/tus {
    include /etc/nginx/conf.d/include/cors-headers; # include cors headers but do not overwrite OPTIONS response
    limit_req zone=uploads_by_ip burst=10 nodelay;
    limit_req zone=uploads_by_ip_throttled;
    limit_conn upload_conn 5;
    limit_conn upload_conn_rl 1;
    # Do not limit body size in nginx, skyd will reject early on too large upload
    client_max_body_size 0;
    # Those timeouts need to be elevated since skyd can stall reading
    # data for a while when overloaded which would terminate connection
    client_body_timeout 1h;
    proxy_send_timeout  1h;
    # Add X-Forwarded-* headers
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    # rewrite proxy request to use correct host uri from env variable (required to return correct location header)
    proxy_redirect $scheme://$host $scheme://$skynet_server_domain;
    # proxy /skynet/tus requests to siad endpoint with all arguments
    proxy_pass http://sia:9980;
    access_by_lua_block {
        local skynet_account = require("skynet.account")
        if skynet_account.accounts_enabled() then
            -- check if portal is in authenticated only mode
            if skynet_account.is_access_unauthorized() then
                return skynet_account.exit_access_unauthorized()
            end
            -- check if portal is in subscription only mode
            if skynet_account.is_access_forbidden() then
                return skynet_account.exit_access_forbidden()
            end
            -- get account limits of currently authenticated user
            local limits = skynet_account.get_account_limits()
            -- apply upload size limits
            ngx.req.set_header("SkynetMaxUploadSize", limits.maxUploadSize)
        end
    }
    # extract skylink from base64 encoded upload metadata and assign to a proper header
    header_filter_by_lua_block {
        ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
        ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
        if ngx.header["Upload-Metadata"] then
            local encodedSkylink = string.match(ngx.header["Upload-Metadata"], "Skylink ([^,?]+)")
            if encodedSkylink then
                ngx.header["Skynet-Skylink"] = ngx.decode_base64(encodedSkylink)
            end
        end
    }
    log_by_lua_block {
        local skynet_account = require("skynet.account")
        local skynet_modules = require("skynet.modules")
        local skynet_scanner = require("skynet.scanner")
        local skynet_tracker = require("skynet.tracker")
        if skynet_modules.is_enabled("a") then
            skynet_tracker.track_upload(
                ngx.header["Skynet-Skylink"],
                ngx.status,
                skynet_account.get_auth_headers(),
                ngx.var.remote_addr
            )
        end
        if skynet_modules.is_enabled("s") then
            skynet_scanner.scan_skylink(ngx.header["Skynet-Skylink"])
        end
    }
 }
 location /skynet/pin {
    include /etc/nginx/conf.d/include/cors;
    include /etc/nginx/conf.d/include/sia-auth;
    include /etc/nginx/conf.d/include/generate-siapath;
    include /etc/nginx/conf.d/include/portal-access-check;
    limit_req zone=uploads_by_ip burst=10 nodelay;
    limit_req zone=uploads_by_ip_throttled;
    limit_conn upload_conn 5;
    limit_conn upload_conn_rl 1;
    proxy_set_header User-Agent: Sia-Agent;
    proxy_pass http://sia:9980$uri?siapath=$dir1/$dir2/$dir3&$args;
    log_by_lua_block {
        local skynet_account = require("skynet.account")
        local skynet_modules = require("skynet.modules")
        local skynet_scanner = require("skynet.scanner")
        local skynet_tracker = require("skynet.tracker")
        if skynet_modules.is_enabled("a") then
            skynet_tracker.track_upload(
                ngx.header["Skynet-Skylink"],
                ngx.status,
                skynet_account.get_auth_headers(),
                ngx.var.remote_addr
            )
        end
        if skynet_modules.is_enabled("s") then
            skynet_scanner.scan_skylink(ngx.header["Skynet-Skylink"])
        end
    }
 }
 location /skynet/metadata {
    include /etc/nginx/conf.d/include/cors;
    include /etc/nginx/conf.d/include/portal-access-check;
    header_filter_by_lua_block {
        ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
        ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
    }
    proxy_set_header User-Agent: Sia-Agent;
    proxy_pass http://sia:9980;
 }
 location /skynet/resolve {
    include /etc/nginx/conf.d/include/cors;
    include /etc/nginx/conf.d/include/portal-access-check;
    header_filter_by_lua_block {
        ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
        ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
    }
    proxy_set_header User-Agent: Sia-Agent;
    proxy_pass http://sia:9980;
 }
 location ~ "^/(([a-zA-Z0-9-_]{46}|[a-z0-9]{55})(/.*)?)$" {
    set $skylink $2;
    set $path $3;
    include /etc/nginx/conf.d/include/location-skylink;
 }
 location ~ "^/file/(([a-zA-Z0-9-_]{46}|[a-z0-9]{55})(/.*)?)$" {
    set $skylink $2;
    set $path $3;
    set $args attachment=true&$args;
    #set $is_args ?;
    include /etc/nginx/conf.d/include/location-skylink;
 }
 location /skynet/trustless/basesector {
    include /etc/nginx/conf.d/include/cors;
    limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
    # default download rate to unlimited
    set $limit_rate 0;
    access_by_lua_block {
        local skynet_account = require("skynet.account")
        if skynet_account.accounts_enabled() then
            -- check if portal is in authenticated only mode
            if skynet_account.is_access_unauthorized() then
                return skynet_account.exit_access_unauthorized()
            end
            -- check if portal is in subscription only mode
            if skynet_account.is_access_forbidden() then
                return skynet_account.exit_access_forbidden()
            end
            -- get account limits of currently authenticated user
            local limits = skynet_account.get_account_limits()
            -- apply download speed limit
            ngx.var.limit_rate = limits.download
        end
    }
    limit_rate_after 512k;
    limit_rate $limit_rate;
    proxy_set_header User-Agent: Sia-Agent;
    proxy_pass http://sia:9980;
    log_by_lua_block {
        local skynet_account = require("skynet.account")
        local skynet_modules = require("skynet.modules")
        local skynet_scanner = require("skynet.scanner")
        local skynet_tracker = require("skynet.tracker")
        if skynet_modules.is_enabled("a") then
            skynet_tracker.track_download(ngx.header["Skynet-Skylink"], ngx.status, skynet_account.get_auth_headers(), ngx.var.body_bytes_sent)
        end
        if skynet_modules.is_enabled("s") then
            skynet_scanner.scan_skylink(ngx.header["Skynet-Skylink"])
        end
    }
 }
 location /__internal/do/not/use/accounts {
    include /etc/nginx/conf.d/include/cors;
    charset utf-8;
    charset_types application/json;
    default_type application/json;
    content_by_lua_block {
        local json = require('cjson')
        local skynet_account = require("skynet.account")
        local accounts_enabled = skynet_account.accounts_enabled()
        local is_auth_required = skynet_account.is_auth_required()
        local is_subscription_required = skynet_account.is_subscription_required()
        local is_authenticated = skynet_account.is_authenticated()
        local has_subscription = skynet_account.has_subscription()
        ngx.say(json.encode{
            enabled = accounts_enabled,
            auth_required = is_auth_required,
            subscription_required = is_subscription_required,
            authenticated = is_authenticated,
            subscription = has_subscription,
        })
        return ngx.exit(ngx.HTTP_OK)
    }
 }
 include /etc/nginx/conf.d/server-override/*;
--- a/docker/nginx/conf.d/server/server.dnslink
+++ b/docker/nginx/conf.d/server/server.dnslink
@ -1,55 +0,0 @@
 include /etc/nginx/conf.d/include/init-optional-variables;
 location / {
    set $skylink "";
    set $path $uri;
    rewrite_by_lua_block {
        local cjson = require("cjson")
        local cache = ngx.shared.dnslink
        local cache_value = cache:get(ngx.var.host)
        if cache_value == nil then
            local httpc = require("resty.http").new()
            -- 10.10.10.55 points to dnslink-api service (alias not available when using resty-http)
            local res, err = httpc:request_uri("http://10.10.10.55:3100/dnslink/" .. ngx.var.host)
            if err or (res and res.status ~= ngx.HTTP_OK) then
                -- check whether we can fallback to regular skylink request
                local match_skylink = ngx.re.match(ngx.var.uri, "^/([a-zA-Z0-9-_]{46}|[a-z0-9]{55})(/.*)?")
                if match_skylink then
                    ngx.var.skylink = match_skylink[1]
                    ngx.var.path = match_skylink[2] or "/"
                else
                    ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status
                    ngx.header["content-type"] = "text/plain"
                    ngx.say(err or res.body)
                    ngx.exit(ngx.status)
                end
            else
                local resolved = cjson.decode(res.body)
                ngx.var.skylink = resolved.skylink
                if resolved.sponsor then
                    ngx.req.set_header("Skynet-Api-Key", resolved.sponsor)
                end
                local cache_ttl = 300 -- 5 minutes cache expire time
                cache:set(ngx.var.host, res.body, cache_ttl)
            end
        else
            local resolved = cjson.decode(cache_value)
            ngx.var.skylink = resolved.skylink
            if resolved.sponsor then
                ngx.req.set_header("Skynet-Api-Key", resolved.sponsor)
            end
        end
        ngx.var.skylink = require("skynet.skylink").parse(ngx.var.skylink)
    }
    include /etc/nginx/conf.d/include/location-skylink;
 }
--- a/docker/nginx/conf.d/server/server.hns
+++ b/docker/nginx/conf.d/server/server.hns
@ -1,11 +0,0 @@
 listen 443 ssl http2;
 include /etc/nginx/conf.d/include/ssl-settings;
 include /etc/nginx/conf.d/include/init-optional-variables;
 location / {
    set_by_lua_block $hns_domain { return string.match(ngx.var.host, "[^%.]+") }
    set $path $uri;
    include /etc/nginx/conf.d/include/location-hns;
 }
--- a/docker/nginx/conf.d/server/server.http
+++ b/docker/nginx/conf.d/server/server.http
@ -1,7 +0,0 @@
 listen 80;
 include /etc/nginx/conf.d/include/init-optional-variables;
 location / {
    return 301 https://$host$request_uri;
 }
--- a/docker/nginx/conf.d/server/server.skylink
+++ b/docker/nginx/conf.d/server/server.skylink
@ -1,16 +0,0 @@
 listen 443 ssl http2;
 include /etc/nginx/conf.d/include/ssl-settings;
 include /etc/nginx/conf.d/include/init-optional-variables;
 location / {
    set_by_lua_block $skylink { return string.match(ngx.var.host, "%w+") }
    set_by_lua_block $path {
        -- strip ngx.var.request_uri from query params - this is basically the same as ngx.var.uri but
        -- do not use ngx.var.uri because it will already be unescaped and we need to use escaped path
        -- examples: escaped uri "/b%20r56+7" and unescaped uri "/b r56 7"
        return string.gsub(ngx.var.request_uri, "?.*", "")
    }
    include /etc/nginx/conf.d/include/location-skylink;
 }
--- a/docker/nginx/docker-entrypoint.d/20-envsubst-on-templates.sh
+++ b/docker/nginx/docker-entrypoint.d/20-envsubst-on-templates.sh
@ -1,59 +0,0 @@
 #!/bin/sh
 # https://github.com/nginxinc/docker-nginx/blob/master/entrypoint/20-envsubst-on-templates.sh
 # https://github.com/nginxinc/docker-nginx/blob/master/LICENSE
 # Copyright (C) 2011-2016 Nginx, Inc.
 # All rights reserved.
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 set -e
 ME=$(basename $0)
 auto_envsubst() {
  local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}"
  local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}"
  local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}"
  local template defined_envs relative_path output_path subdir
  defined_envs=$(printf '${%s} ' $(env | cut -d= -f1))
  [ -d "$template_dir" ] || return 0
  if [ ! -w "$output_dir" ]; then
    echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable"
    return 0
  fi
  find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do
    relative_path="${template#$template_dir/}"
    output_path="$output_dir/${relative_path%$suffix}"
    subdir=$(dirname "$relative_path")
    # create a subdirectory where the template file exists
    mkdir -p "$output_dir/$subdir"
    echo >&3 "$ME: Running envsubst on $template to $output_path"
    envsubst "$defined_envs" < "$template" > "$output_path"
  done
 }
 auto_envsubst
 exit 0
--- a/docker/nginx/docker-entrypoint.d/40-reload-every-x-hours.sh
+++ b/docker/nginx/docker-entrypoint.d/40-reload-every-x-hours.sh
@ -1,20 +0,0 @@
 #!/bin/sh
 # source: https://github.com/nginxinc/docker-nginx/pull/509
 set -e
 ME=$(basename $0)
 [ "${NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS:-}" ] || exit 0
 if [ $(echo "$NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS > 0" | bc) = 0 ]; then
  echo >&3 "$ME: Error. Provide integer or floating point number greater that 0. See 'man sleep'." 
  exit 1
 fi
 start_background_reload() {
  echo >&3 "$ME: Reloading Nginx every $NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS hour(s)"
  while :; do sleep ${NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS}h; echo >&3 "$ME: Reloading Nginx ..." && nginx -s reload; done &
 }
 start_background_reload
--- a/docker/nginx/docker-entrypoint.d/50-generate-local-certificate.sh
+++ b/docker/nginx/docker-entrypoint.d/50-generate-local-certificate.sh
@ -1,18 +0,0 @@
 #!/bin/sh
 # Generate locally signed ssl certificate to be used on routes
 # that do not require certificate issued by trusted CA
 set -e
 ME=$(basename $0)
 generate_local_certificate() {
  echo >&3 "$ME: Generating locally signed ssl certificate"
  openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
    -subj '/CN=local-certificate' \
    -keyout /etc/ssl/local-certificate.key \
    -out /etc/ssl/local-certificate.crt
 }
 generate_local_certificate
--- a/docker/nginx/docker-entrypoint.sh
+++ b/docker/nginx/docker-entrypoint.sh
@ -1,78 +0,0 @@
 #!/bin/sh
 # vim:sw=4:ts=4:et
 # https://github.com/nginxinc/docker-nginx/blob/master/entrypoint/docker-entrypoint.sh
 # https://github.com/nginxinc/docker-nginx/blob/master/LICENSE
 # Copyright (C) 2011-2016 Nginx, Inc.
 # All rights reserved.
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 set -e
 if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
    exec 3>&1
 else
    exec 3>/dev/null
 fi
 # Really dirty backwards compatible workaround for single server portals:
 # =======================================================================
 # in the past we used to require single server portals not to include
 # server domain env variable because it messed up with caddy; we switched
 # to certbot and that is not the case any more but we also switched to
 # using built in envsubst instead of custom mustache script for nginx
 # templating and now when server domain is not defined, it messes up whole
 # nginx config and nginx will not start; this workaround assigns portal
 # domain as a server domain if server domain is not defined
 if [ -z "${SERVER_DOMAIN}" ]; then
    export SERVER_DOMAIN=${PORTAL_DOMAIN}
 fi
 if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then
    if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then
        echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration"
        echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/"
        find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do
            case "$f" in
                *.sh)
                    if [ -x "$f" ]; then
                        echo >&3 "$0: Launching $f";
                        "$f"
                    else
                        # warn on shell scripts without exec bit
                        echo >&3 "$0: Ignoring $f, not executable";
                    fi
                    ;;
                *) echo >&3 "$0: Ignoring $f";;
            esac
        done
        echo >&3 "$0: Configuration complete; ready for start up"
    else
        echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration"
    fi
 fi
 exec "$@"
--- a/docker/nginx/libs/basexx.lua
+++ b/docker/nginx/libs/basexx.lua
@ -1,301 +0,0 @@
 -- source: https://github.com/aiq/basexx
 -- license: MIT
 -- modified: exposed from_basexx and to_basexx generic functions
 --------------------------------------------------------------------------------
 -- util functions
 --------------------------------------------------------------------------------
 local function divide_string( str, max )
   local result = {}
   local start = 1
   for i = 1, #str do
      if i % max == 0 then
         table.insert( result, str:sub( start, i ) )
         start = i + 1
      elseif i == #str then
         table.insert( result, str:sub( start, i ) )
      end
   end
   return result
 end
 local function number_to_bit( num, length )
   local bits = {}
   while num > 0 do
      local rest = math.floor( math.fmod( num, 2 ) )
      table.insert( bits, rest )
      num = ( num - rest ) / 2
   end
   while #bits < length do
      table.insert( bits, "0" )
   end
   return string.reverse( table.concat( bits ) )
 end
 local function ignore_set( str, set )
   if set then
      str = str:gsub( "["..set.."]", "" )
   end
   return str
 end
 local function pure_from_bit( str )
   return ( str:gsub( '........', function ( cc )
               return string.char( tonumber( cc, 2 ) )
            end ) )
 end
 local function unexpected_char_error( str, pos )
   local c = string.sub( str, pos, pos )
   return string.format( "unexpected character at position %d: '%s'", pos, c )
 end
 --------------------------------------------------------------------------------
 local basexx = {}
 --------------------------------------------------------------------------------
 -- base2(bitfield) decode and encode function
 --------------------------------------------------------------------------------
 local bitMap = { o = "0", i = "1", l = "1" }
 function basexx.from_bit( str, ignore )
   str = ignore_set( str, ignore )
   str = string.lower( str )
   str = str:gsub( '[ilo]', function( c ) return bitMap[ c ] end )
   local pos = string.find( str, "[^01]" )
   if pos then return nil, unexpected_char_error( str, pos ) end
   return pure_from_bit( str )
 end
 function basexx.to_bit( str )
   return ( str:gsub( '.', function ( c )
               local byte = string.byte( c )
               local bits = {}
               for _ = 1,8 do
                  table.insert( bits, byte % 2 )
                  byte = math.floor( byte / 2 )
               end
               return table.concat( bits ):reverse()
            end ) )
 end
 --------------------------------------------------------------------------------
 -- base16(hex) decode and encode function
 --------------------------------------------------------------------------------
 function basexx.from_hex( str, ignore )
   str = ignore_set( str, ignore )
   local pos = string.find( str, "[^%x]" )
   if pos then return nil, unexpected_char_error( str, pos ) end
   return ( str:gsub( '..', function ( cc )
               return string.char( tonumber( cc, 16 ) )
            end ) )
 end
 function basexx.to_hex( str )
   return ( str:gsub( '.', function ( c )
               return string.format('%02X', string.byte( c ) )
            end ) )
 end
 --------------------------------------------------------------------------------
 -- generic function to decode and encode base32/base64
 --------------------------------------------------------------------------------
 function basexx.from_basexx( str, alphabet, bits )
   local result = {}
   for i = 1, #str do
      local c = string.sub( str, i, i )
      if c ~= '=' then
         local index = string.find( alphabet, c, 1, true )
         if not index then
            return nil, unexpected_char_error( str, i )
         end
         table.insert( result, number_to_bit( index - 1, bits ) )
      end
   end
   local value = table.concat( result )
   local pad = #value % 8
   return pure_from_bit( string.sub( value, 1, #value - pad ) )
 end
 function basexx.to_basexx( str, alphabet, bits, pad )
   local bitString = basexx.to_bit( str )
   local chunks = divide_string( bitString, bits )
   local result = {}
   for _,value in ipairs( chunks ) do
      if ( #value < bits ) then
         value = value .. string.rep( '0', bits - #value )
      end
      local pos = tonumber( value, 2 ) + 1
      table.insert( result, alphabet:sub( pos, pos ) )
   end
   table.insert( result, pad )
   return table.concat( result )
 end
 --------------------------------------------------------------------------------
 -- rfc 3548: http://www.rfc-editor.org/rfc/rfc3548.txt
 --------------------------------------------------------------------------------
 local base32Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"
 local base32PadMap = { "", "======", "====", "===", "=" }
 function basexx.from_base32( str, ignore )
   str = ignore_set( str, ignore )
   return basexx.from_basexx( string.upper( str ), base32Alphabet, 5 )
 end
 function basexx.to_base32( str )
   return basexx.to_basexx( str, base32Alphabet, 5, base32PadMap[ #str % 5 + 1 ] )
 end
 --------------------------------------------------------------------------------
 -- crockford: http://www.crockford.com/wrmg/base32.html
 --------------------------------------------------------------------------------
 local crockfordAlphabet = "0123456789ABCDEFGHJKMNPQRSTVWXYZ"
 local crockfordMap = { O = "0", I = "1", L = "1" }
 function basexx.from_crockford( str, ignore )
   str = ignore_set( str, ignore )
   str = string.upper( str )
   str = str:gsub( '[ILOU]', function( c ) return crockfordMap[ c ] end )
   return basexx.from_basexx( str, crockfordAlphabet, 5 )
 end
 function basexx.to_crockford( str )
   return basexx.to_basexx( str, crockfordAlphabet, 5, "" )
 end
 --------------------------------------------------------------------------------
 -- base64 decode and encode function
 --------------------------------------------------------------------------------
 local base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"..
                     "abcdefghijklmnopqrstuvwxyz"..
                     "0123456789+/"
 local base64PadMap = { "", "==", "=" }
 function basexx.from_base64( str, ignore )
   str = ignore_set( str, ignore )
   return basexx.from_basexx( str, base64Alphabet, 6 )
 end
 function basexx.to_base64( str )
   return basexx.to_basexx( str, base64Alphabet, 6, base64PadMap[ #str % 3 + 1 ] )
 end
 --------------------------------------------------------------------------------
 -- URL safe base64 decode and encode function
 --------------------------------------------------------------------------------
 local url64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"..
                     "abcdefghijklmnopqrstuvwxyz"..
                     "0123456789-_"
 function basexx.from_url64( str, ignore )
   str = ignore_set( str, ignore )
   return basexx.from_basexx( str, url64Alphabet, 6 )
 end
 function basexx.to_url64( str )
   return basexx.to_basexx( str, url64Alphabet, 6, "" )
 end
 --------------------------------------------------------------------------------
 --
 --------------------------------------------------------------------------------
 local function length_error( len, d )
   return string.format( "invalid length: %d - must be a multiple of %d", len, d )
 end
 local z85Decoder = { 0x00, 0x44, 0x00, 0x54, 0x53, 0x52, 0x48, 0x00,
                     0x4B, 0x4C, 0x46, 0x41, 0x00, 0x3F, 0x3E, 0x45,
                     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
                     0x08, 0x09, 0x40, 0x00, 0x49, 0x42, 0x4A, 0x47,
                     0x51, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
                     0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
                     0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
                     0x3B, 0x3C, 0x3D, 0x4D, 0x00, 0x4E, 0x43, 0x00,
                     0x00, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
                     0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
                     0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
                     0x21, 0x22, 0x23, 0x4F, 0x00, 0x50, 0x00, 0x00 }
 function basexx.from_z85( str, ignore )
   str = ignore_set( str, ignore )
   if ( #str % 5 ) ~= 0 then
      return nil, length_error( #str, 5 )
   end
   local result = {}
   local value = 0
   for i = 1, #str do
      local index = string.byte( str, i ) - 31
      if index < 1 or index >= #z85Decoder then
         return nil, unexpected_char_error( str, i )
      end
      value = ( value * 85 ) + z85Decoder[ index ]
      if ( i % 5 ) == 0 then
         local divisor = 256 * 256 * 256
         while divisor ~= 0 do
            local b = math.floor( value / divisor ) % 256
            table.insert( result, string.char( b ) )
            divisor = math.floor( divisor / 256 )
         end
         value = 0
      end
   end
   return table.concat( result )
 end
 local z85Encoder = "0123456789"..
                  "abcdefghijklmnopqrstuvwxyz"..
                  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"..
                  ".-:+=^!/*?&<>()[]{}@%$#"
 function basexx.to_z85( str )
   if ( #str % 4 ) ~= 0 then
      return nil, length_error( #str, 4 )
   end
   local result = {}
   local value = 0
   for i = 1, #str do
      local b = string.byte( str, i )
      value = ( value * 256 ) + b
      if ( i % 4 ) == 0 then
         local divisor = 85 * 85 * 85 * 85
         while divisor ~= 0 do
            local index = ( math.floor( value / divisor ) % 85 ) + 1
            table.insert( result, z85Encoder:sub( index, index ) )
            divisor = math.floor( divisor / 85 )
         end
         value = 0
      end
   end
   return table.concat( result )
 end
 --------------------------------------------------------------------------------
 return basexx
--- a/docker/nginx/libs/skynet/account.lua
+++ b/docker/nginx/libs/skynet/account.lua
@ -1,153 +0,0 @@
 local _M = {}
 -- constant tier ids
 local tier_id_anonymous = 0
 local tier_id_free = 1
 -- fallback - remember to keep those updated
 local anon_limits = {
    ["tierID"] = tier_id_anonymous,
    ["tierName"] = "anonymous",
    ["upload"] = 655360,
    ["download"] = 655360,
    ["maxUploadSize"] = 1073741824,
    ["registry"] = 250
 }
 -- get all non empty authentication headers from request, we want to return
 -- all of them and let accounts service deal with validation and prioritisation
 function _M.get_auth_headers()
    local utils = require("utils")
    local request_headers = ngx.req.get_headers()
    local headers = {}
    -- try to extract skynet-jwt cookie from cookie header
    local skynet_jwt_cookie = utils.extract_cookie(request_headers["Cookie"], "skynet[-]jwt")
    -- if skynet-jwt cookie is present, pass it as is
    if skynet_jwt_cookie then
        headers["Cookie"] = skynet_jwt_cookie
    end
    -- if authorization header is set, pass it as is
    if request_headers["Authorization"] then
        headers["Authorization"] = request_headers["Authorization"]
    end
    -- if skynet api key header is set, pass it as is
    if request_headers["Skynet-Api-Key"] then
        headers["Skynet-Api-Key"] = request_headers["Skynet-Api-Key"]
    end
    return headers
 end
 -- handle request exit when access to portal should be restricted to authenticated users only
 function _M.exit_access_unauthorized(message)
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.header["content-type"] = "text/plain"
    ngx.say(message or "Portal operator restricted access to authenticated users only")
    return ngx.exit(ngx.status)
 end
 -- handle request exit when access to portal should be restricted to subscription users only
 function _M.exit_access_forbidden(message)
    ngx.status = ngx.HTTP_FORBIDDEN
    ngx.header["content-type"] = "text/plain"
    ngx.say(message or "Portal operator restricted access to users with active subscription only")
    return ngx.exit(ngx.status)
 end
 function _M.accounts_enabled()
    local skynet_modules = require("skynet.modules")
    return skynet_modules.is_enabled("a")
 end
 function _M.get_account_limits()
    local cjson = require('cjson')
    local utils = require('utils')
    local auth_headers = _M.get_auth_headers()
    -- simple case of anonymous request - none of available auth headers exist
    if utils.is_table_empty(auth_headers) then
        return anon_limits
    end
    if ngx.var.account_limits == "" then
        local httpc = require("resty.http").new()
        local uri = "http://10.10.10.70:3000/user/limits"
        -- include skylink if it is available in the context of request
        -- todo: this should not rely on skylink variable to be defined
        if ngx.var.skylink ~= nil and ngx.var.skylink ~= "" then
            uri = uri .. "/" .. ngx.var.skylink
        end
        -- 10.10.10.70 points to accounts service (alias not available when using resty-http)
        local res, err = httpc:request_uri(uri .. "?unit=byte", {
            headers = auth_headers,
        })
        -- fail gracefully in case /user/limits failed
        if err or (res and res.status ~= ngx.HTTP_OK) then
            local error_response = err or ("[HTTP " .. res.status .. "] " .. res.body)
            ngx.log(ngx.ERR, "Failed accounts service request /user/limits?unit=byte: ", error_response)
            ngx.var.account_limits = cjson.encode(anon_limits)
        elseif res and res.status == ngx.HTTP_OK then
            ngx.var.account_limits = res.body
        end
    end
    return cjson.decode(ngx.var.account_limits)
 end
 -- detect whether current user is authenticated
 function _M.is_authenticated()
    if not _M.accounts_enabled() then return false end
    local limits = _M.get_account_limits()
    return limits.tierID > tier_id_anonymous
 end
 -- detect whether current user has active subscription
 function _M.has_subscription()
    local limits = _M.get_account_limits()
    return limits.tierID > tier_id_free
 end
 function _M.is_auth_required()
    -- authentication is required if mode is set to "authenticated"
    -- or "subscription" (require active subscription to a premium plan)
    return os.getenv("ACCOUNTS_LIMIT_ACCESS") == "authenticated" or _M.is_subscription_required()
 end
 function _M.is_subscription_required()
    return os.getenv("ACCOUNTS_LIMIT_ACCESS") == "subscription"
 end
 local is_access_always_allowed = function ()
    -- options requests do not attach cookies - should always be available
    -- requests should not be limited based on accounts if accounts are not enabled
    return ngx.req.get_method() == "OPTIONS" or not _M.accounts_enabled()
 end
 -- check whether access is restricted if portal requires authorization
 function _M.is_access_unauthorized()
    if is_access_always_allowed() then return false end
    -- check if authentication is required and request is not authenticated
    return _M.is_auth_required() and not _M.is_authenticated()
 end
 -- check whether user is authenticated but does not have access to given resources
 function _M.is_access_forbidden()
    if is_access_always_allowed() then return false end
    -- check if active subscription is required and request is from user without it
    return _M.is_subscription_required() and not _M.has_subscription()
 end
 return _M
--- a/docker/nginx/libs/skynet/modules.lua
+++ b/docker/nginx/libs/skynet/modules.lua
@ -1,23 +0,0 @@
 local _M = {}
 local utils = require("utils")
 function _M.is_enabled(module_abbr)
    if type(module_abbr) ~= "string" or module_abbr:len() ~= 1 then
        error("Module abbreviation '" .. tostring(module_abbr) .. "' should be exactly one character long string")
    end
    local enabled_modules = utils.getenv("PORTAL_MODULES")
    if not enabled_modules then
        return false
    end
    return enabled_modules:find(module_abbr) ~= nil
 end
 function _M.is_disabled(module_abbr)
    return not _M.is_enabled(module_abbr)
 end
 return _M
--- a/docker/nginx/libs/skynet/modules.spec.lua
+++ b/docker/nginx/libs/skynet/modules.spec.lua
@ -1,95 +0,0 @@
 -- luacheck: ignore os
 local skynet_modules = require("skynet.modules")
 describe("is_enabled", function()
   before_each(function()
      stub(os, "getenv")
   end)
   after_each(function()
      os.getenv:revert()
   end)
   it("should return false if PORTAL_MODULES are not defined", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns(nil)
      assert.is_false(skynet_modules.is_enabled("a"))
   end)
   it("should return false if PORTAL_MODULES are empty", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns("")
      assert.is_false(skynet_modules.is_enabled("a"))
   end)
   it("should return false if module is not enabled", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns("qwerty")
      assert.is_false(skynet_modules.is_enabled("a"))
   end)
   it("should return true if module is enabled", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns("asdfg")
      assert.is_true(skynet_modules.is_enabled("a"))
   end)
   it("should throw an error for empty module", function()
      assert.has_error(function()
         skynet_modules.is_enabled()
      end, "Module abbreviation 'nil' should be exactly one character long string")
   end)
   it("should throw an error for too long module", function()
      assert.has_error(function()
         skynet_modules.is_enabled("gandalf")
      end, "Module abbreviation 'gandalf' should be exactly one character long string")
   end)
 end)
 describe("is_disabled", function()
   before_each(function()
      stub(os, "getenv")
   end)
   after_each(function()
      os.getenv:revert()
   end)
   it("should return true if PORTAL_MODULES are not defined", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns(nil)
      assert.is_true(skynet_modules.is_disabled("a"))
   end)
   it("should return true if PORTAL_MODULES are empty", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns("")
      assert.is_true(skynet_modules.is_disabled("a"))
   end)
   it("should return true if module is not enabled", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns("qwerty")
      assert.is_true(skynet_modules.is_disabled("a"))
   end)
   it("should return false if module is enabled", function()
      os.getenv.on_call_with("PORTAL_MODULES").returns("asdfg")
      assert.is_false(skynet_modules.is_disabled("a"))
   end)
   it("should throw an error for empty module", function()
      assert.has_error(function()
         skynet_modules.is_disabled()
      end, "Module abbreviation 'nil' should be exactly one character long string")
   end)
   it("should throw an error for too long module", function()
      assert.has_error(function()
         skynet_modules.is_disabled("gandalf")
      end, "Module abbreviation 'gandalf' should be exactly one character long string")
   end)
 end)
--- a/docker/nginx/libs/skynet/scanner.lua
+++ b/docker/nginx/libs/skynet/scanner.lua
@ -1,26 +0,0 @@
 local _M = {}
 function _M.scan_skylink_timer(premature, skylink)
    if premature then return end
    local httpc = require("resty.http").new()
    -- 10.10.10.101 points to malware-scanner service (alias not available when using resty-http)
    local res, err = httpc:request_uri("http://10.10.10.101:4000/scan/" .. skylink, {
        method = "POST",
    })
    if err or (res and res.status ~= ngx.HTTP_OK) then
        local error_response = err or ("[HTTP " .. res.status .. "] " .. res.body)
        ngx.log(ngx.ERR, "Failed malware-scanner request /scan/" .. skylink .. ": ", error_response)
    end
 end
 function _M.scan_skylink(skylink)
    if not skylink then return end
    local ok, err = ngx.timer.at(0, _M.scan_skylink_timer, skylink)
    if not ok then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
 end
 return _M
--- a/docker/nginx/libs/skynet/scanner.spec.lua
+++ b/docker/nginx/libs/skynet/scanner.spec.lua
@ -1,119 +0,0 @@
 -- luacheck: ignore ngx
 local skynet_scanner = require("skynet.scanner")
 local skylink = "AQBG8n_sgEM_nlEp3G0w3vLjmdvSZ46ln8ZXHn-eObZNjA"
 describe("scan_skylink", function()
    before_each(function()
        stub(ngx.timer, "at")
    end)
    after_each(function()
        ngx.timer.at:revert()
    end)
    it("should schedule a timer when skylink is provided", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_scanner.scan_skylink(skylink)
        assert.stub(ngx.timer.at).was_called_with(0, skynet_scanner.scan_skylink_timer, skylink)
    end)
    it("should log an error if timer failed to create", function()
        stub(ngx, "log")
        ngx.timer.at.invokes(function() return false, "such a failure" end)
        skynet_scanner.scan_skylink(skylink)
        assert.stub(ngx.timer.at).was_called_with(0, skynet_scanner.scan_skylink_timer, skylink)
        assert.stub(ngx.log).was_called_with(ngx.ERR, "Failed to create timer: ", "such a failure")
        ngx.log:revert()
    end)
    it("should not schedule a timer if skylink is not provided", function()
        skynet_scanner.scan_skylink()
        assert.stub(ngx.timer.at).was_not_called()
    end)
 end)
 describe("scan_skylink_timer", function()
    before_each(function()
        stub(ngx, "log")
    end)
    after_each(function()
        local resty_http = require("resty.http")
        ngx.log:revert()
        resty_http.new:revert()
    end)
    it("should exit early on premature", function()
        local resty_http = require("resty.http")
        local request_uri = spy.new()
        local httpc = mock({ request_uri = request_uri })
        stub(resty_http, "new").returns(httpc)
        skynet_scanner.scan_skylink_timer(true, skylink)
        assert.stub(request_uri).was_not_called()
        assert.stub(ngx.log).was_not_called()
    end)
    it("should make a post request with skylink to scanner service", function()
        local resty_http = require("resty.http")
        local request_uri = spy.new(function()
            return { status = 200 } -- return 200 success
        end)
        local httpc = mock({ request_uri = request_uri })
        stub(resty_http, "new").returns(httpc)
        skynet_scanner.scan_skylink_timer(false, skylink)
        local uri = "http://10.10.10.101:4000/scan/" .. skylink
        assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST" })
        assert.stub(ngx.log).was_not_called()
    end)
    it("should log message on scanner request failure with response code", function()
        local resty_http = require("resty.http")
        local request_uri = spy.new(function()
            return { status = 404, body = "baz" } -- return 404 failure
        end)
        local httpc = mock({ request_uri = request_uri })
        stub(resty_http, "new").returns(httpc)
        skynet_scanner.scan_skylink_timer(false, skylink)
        local uri = "http://10.10.10.101:4000/scan/" .. skylink
        assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST" })
        assert.stub(ngx.log).was_called_with(
            ngx.ERR,
            "Failed malware-scanner request /scan/AQBG8n_sgEM_nlEp3G0w3vLjmdvSZ46ln8ZXHn-eObZNjA: ",
            "[HTTP 404] baz"
        )
    end)
    it("should log message on scanner request error", function()
        local resty_http = require("resty.http")
        local request_uri = spy.new(function()
            return nil, "foo != bar" -- return error
        end)
        local httpc = mock({ request_uri = request_uri })
        stub(resty_http, "new").returns(httpc)
        skynet_scanner.scan_skylink_timer(false, skylink)
        local uri = "http://10.10.10.101:4000/scan/" .. skylink
        assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST" })
        assert.stub(ngx.log).was_called_with(
            ngx.ERR,
            "Failed malware-scanner request /scan/AQBG8n_sgEM_nlEp3G0w3vLjmdvSZ46ln8ZXHn-eObZNjA: ",
            "foo != bar"
        )
    end)
 end)
--- a/docker/nginx/libs/skynet/skylink.lua
+++ b/docker/nginx/libs/skynet/skylink.lua
@ -1,40 +0,0 @@
 local _M = {}
 local basexx = require("basexx")
 local hasher = require("hasher")
 -- parse any skylink and return base64 version
 function _M.parse(skylink)
    if string.len(skylink) == 55 then
        local decoded = basexx.from_basexx(string.upper(skylink), "0123456789ABCDEFGHIJKLMNOPQRSTUV", 5)
        return basexx.to_url64(decoded)
    end
    return skylink
 end
 -- hash skylink into 32 bytes hash used in blocklist
 function _M.hash(skylink)
    -- ensure that the skylink is base64 encoded
    local base64Skylink = _M.parse(skylink)
    -- decode skylink from base64 encoding
    local rawSkylink = basexx.from_url64(base64Skylink)
    -- drop first two bytes and leave just merkle root
    local rawMerkleRoot = string.sub(rawSkylink, 3)
    -- parse with blake2b with key length of 32
    local blake2bHashed = hasher.blake2b(rawMerkleRoot, 32)
    -- hex encode the blake hash
    local hexHashed = basexx.to_hex(blake2bHashed)
    -- lowercase the hex encoded hash
    local lowerHexHashed = string.lower(hexHashed)
    return lowerHexHashed
 end
 return _M
--- a/docker/nginx/libs/skynet/skylink.spec.lua
+++ b/docker/nginx/libs/skynet/skylink.spec.lua
@ -1,23 +0,0 @@
 local skynet_skylink = require("skynet.skylink")
 describe("parse", function()
   local base32 = "0404dsjvti046fsua4ktor9grrpe76erq9jot9cvopbhsvsu76r4r30"
   local base64 = "AQBG8n_sgEM_nlEp3G0w3vLjmdvSZ46ln8ZXHn-eObZNjA"
   it("should return unchanged base64 skylink", function()
      assert.is.same(skynet_skylink.parse(base64), base64)
   end)
   it("should transform base32 skylink into base64", function()
      assert.is.same(skynet_skylink.parse(base32), base64)
   end)
 end)
 describe("hash", function()
   local base64 = "EADi4QZWt87sSDCSjVTcmyI5tE_YAsuC90BcCi_jEmG5NA"
   local hash = "6cfb9996ad74e5614bbb8e7228e72f1c1bc14dd9ce8a83b3ccabdb6d8d70f330"
   it("should hash skylink", function()
      assert.is.same(hash, skynet_skylink.hash(base64))
   end)
 end)
--- a/docker/nginx/libs/skynet/tracker.lua
+++ b/docker/nginx/libs/skynet/tracker.lua
@ -1,99 +0,0 @@
 local _M = {}
 local utils = require("utils")
 function _M.track_download_timer(premature, skylink, status, auth_headers, body_bytes_sent)
    if premature then return end
    local httpc = require("resty.http").new()
    local query = table.concat({ "status=" .. status, "bytes=" .. body_bytes_sent }, "&")
    -- 10.10.10.70 points to accounts service (alias not available when using resty-http)
    local res, err = httpc:request_uri("http://10.10.10.70:3000/track/download/" .. skylink .. "?" .. query, {
        method = "POST",
        headers = auth_headers,
    })
    if err or (res and res.status ~= 204) then
        local error_response = err or ("[HTTP " .. res.status .. "] " .. res.body)
        ngx.log(ngx.ERR, "Failed accounts service request /track/download/" .. skylink .. ": ", error_response)
    end
 end
 function _M.track_download(skylink, status_code, auth_headers, body_bytes_sent)
    local has_auth_headers = not utils.is_table_empty(auth_headers)
    local status_success = status_code >= 200 and status_code <= 299
    if skylink and status_success and has_auth_headers then
        local ok, err = ngx.timer.at(0, _M.track_download_timer, skylink, status_code, auth_headers, body_bytes_sent)
        if not ok then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
    end
 end
 function _M.track_upload_timer(premature, skylink, auth_headers, uploader_ip)
    if premature then return end
    local httpc = require("resty.http").new()
    -- set correct content type header and include auth headers
    local headers = {
        ["Content-Type"] = "application/x-www-form-urlencoded",
    }
    for key, value in pairs(auth_headers) do
        headers[key] = value
    end
    -- 10.10.10.70 points to accounts service (alias not available when using resty-http)
    local res, err = httpc:request_uri("http://10.10.10.70:3000/track/upload/" .. skylink, {
        method = "POST",
        headers = headers,
        body = "ip=" .. uploader_ip,
    })
    if err or (res and res.status ~= 204) then
        local error_response = err or ("[HTTP " .. res.status .. "] " .. res.body)
        ngx.log(ngx.ERR, "Failed accounts service request /track/upload/" .. skylink .. ": ", error_response)
    end
 end
 function _M.track_upload(skylink, status_code, auth_headers, uploader_ip)
    local status_success = status_code >= 200 and status_code <= 299
    if skylink and status_success then
        local ok, err = ngx.timer.at(0, _M.track_upload_timer, skylink, auth_headers, uploader_ip)
        if not ok then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
    end
 end
 function _M.track_registry_timer(premature, auth_headers, request_method)
    if premature then return end
    local httpc = require("resty.http").new()
    -- based on request method we assign a registry action string used
    -- in track endpoint namely "read" for GET and "write" for POST
    local registry_action = request_method == "GET" and "read" or "write"
    -- 10.10.10.70 points to accounts service (alias not available when using resty-http)
    local res, err = httpc:request_uri("http://10.10.10.70:3000/track/registry/" .. registry_action, {
        method = "POST",
        headers = auth_headers,
    })
    if err or (res and res.status ~= 204) then
        local error_response = err or ("[HTTP " .. res.status .. "] " .. res.body)
        ngx.log(ngx.ERR, "Failed accounts service request /track/registry/" .. registry_action .. ": ", error_response)
    end
 end
 function _M.track_registry(status_code, auth_headers, request_method)
    local has_auth_headers = not utils.is_table_empty(auth_headers)
    local tracked_status = status_code == 200 or status_code == 404
    if tracked_status and has_auth_headers then
        local ok, err = ngx.timer.at(0, _M.track_registry_timer, auth_headers, request_method)
        if not ok then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
    end
 end
 return _M
--- a/docker/nginx/libs/skynet/tracker.spec.lua
+++ b/docker/nginx/libs/skynet/tracker.spec.lua
@ -1,584 +0,0 @@
 -- luacheck: ignore ngx
 local skynet_tracker = require("skynet.tracker")
 local valid_skylink = "AQBG8n_sgEM_nlEp3G0w3vLjmdvSZ46ln8ZXHn-eObZNjA"
 local valid_status_code = 200
 local valid_auth_headers = { ["Skynet-Api-Key"] = "foo" }
 local valid_ip = "12.34.56.78"
 describe("track_download", function()
    local valid_body_bytes_sent = 12345
    before_each(function()
        stub(ngx.timer, "at")
    end)
    after_each(function()
        ngx.timer.at:revert()
    end)
    it("should schedule a timer when conditions are met", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_download(valid_skylink, valid_status_code, valid_auth_headers, valid_body_bytes_sent)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_download_timer,
            valid_skylink,
            valid_status_code,
            valid_auth_headers,
            valid_body_bytes_sent
        )
    end)
    it("should not schedule a timer if skylink is empty", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_download(nil, valid_status_code, valid_auth_headers, valid_body_bytes_sent)
        assert.stub(ngx.timer.at).was_not_called()
    end)
    it("should not schedule a timer if status code is not in 2XX range", function()
        ngx.timer.at.invokes(function() return true, nil end)
        -- couple of example of 4XX and 5XX codes
        skynet_tracker.track_download(valid_skylink, 401, valid_auth_headers, valid_body_bytes_sent)
        skynet_tracker.track_download(valid_skylink, 403, valid_auth_headers, valid_body_bytes_sent)
        skynet_tracker.track_download(valid_skylink, 490, valid_auth_headers, valid_body_bytes_sent)
        skynet_tracker.track_download(valid_skylink, 500, valid_auth_headers, valid_body_bytes_sent)
        skynet_tracker.track_download(valid_skylink, 502, valid_auth_headers, valid_body_bytes_sent)
        assert.stub(ngx.timer.at).was_not_called()
    end)
    it("should not schedule a timer if auth headers are empty", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_download(valid_skylink, valid_status_code, {}, valid_body_bytes_sent)
        assert.stub(ngx.timer.at).was_not_called()
    end)
    it("should log an error if timer failed to create", function()
        stub(ngx, "log")
        ngx.timer.at.invokes(function() return false, "such a failure" end)
        skynet_tracker.track_download(valid_skylink, valid_status_code, valid_auth_headers, valid_body_bytes_sent)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_download_timer,
            valid_skylink,
            valid_status_code,
            valid_auth_headers,
            valid_body_bytes_sent
        )
        assert.stub(ngx.log).was_called_with(ngx.ERR, "Failed to create timer: ", "such a failure")
        ngx.log:revert()
    end)
    describe("track_download_timer", function()
        before_each(function()
            stub(ngx, "log")
        end)
        after_each(function()
            local resty_http = require("resty.http")
            ngx.log:revert()
            resty_http.new:revert()
        end)
        it("should exit early on premature", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 200 } -- return 200 success
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_download_timer(
                true,
                valid_skylink,
                valid_status_code,
                valid_auth_headers,
                valid_body_bytes_sent
            )
            assert.stub(request_uri).was_not_called()
            assert.stub(ngx.log).was_not_called()
        end)
        it("should make a post request to tracker service", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 204 } -- return 204 success
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_download_timer(
                false,
                valid_skylink,
                valid_status_code,
                valid_auth_headers,
                valid_body_bytes_sent
            )
            local uri_params = "status=" .. valid_status_code .. "&bytes=" .. valid_body_bytes_sent
            local uri = "http://10.10.10.70:3000/track/download/" .. valid_skylink .. "?" .. uri_params
            assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST", headers = valid_auth_headers })
            assert.stub(ngx.log).was_not_called()
        end)
        it("should log message on tracker request failure with response code", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 404, body = "baz" } -- return 404 failure
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_download_timer(
                false,
                valid_skylink,
                valid_status_code,
                valid_auth_headers,
                valid_body_bytes_sent
            )
            local uri_params = "status=" .. valid_status_code .. "&bytes=" .. valid_body_bytes_sent
            local uri = "http://10.10.10.70:3000/track/download/" .. valid_skylink .. "?" .. uri_params
            assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST", headers = valid_auth_headers })
            assert.stub(ngx.log).was_called_with(
                ngx.ERR,
                "Failed accounts service request /track/download/" .. valid_skylink .. ": ",
                "[HTTP 404] baz"
            )
        end)
        it("should log message on tracker request error", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return nil, "foo != bar" -- return error
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_download_timer(
                false,
                valid_skylink,
                valid_status_code,
                valid_auth_headers,
                valid_body_bytes_sent
            )
            local uri_params = "status=" .. valid_status_code .. "&bytes=" .. valid_body_bytes_sent
            local uri = "http://10.10.10.70:3000/track/download/" .. valid_skylink .. "?" .. uri_params
            assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST", headers = valid_auth_headers })
            assert.stub(ngx.log).was_called_with(
                ngx.ERR,
                "Failed accounts service request /track/download/" .. valid_skylink .. ": ",
                "foo != bar"
            )
        end)
    end)
 end)
 describe("track_upload", function()
    before_each(function()
        stub(ngx.timer, "at")
    end)
    after_each(function()
        ngx.timer.at:revert()
    end)
    it("should schedule a timer when conditions are met", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_upload(valid_skylink, valid_status_code, valid_auth_headers, valid_ip)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_upload_timer,
            valid_skylink,
            valid_auth_headers,
            valid_ip
        )
    end)
    it("should not schedule a timer if skylink is empty", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_upload(nil, valid_status_code, valid_auth_headers, valid_ip)
        assert.stub(ngx.timer.at).was_not_called()
    end)
    it("should not schedule a timer if status code is not in 2XX range", function()
        ngx.timer.at.invokes(function() return true, nil end)
        -- couple of example of 4XX and 5XX codes
        skynet_tracker.track_upload(valid_skylink, 401, valid_auth_headers, valid_ip)
        skynet_tracker.track_upload(valid_skylink, 403, valid_auth_headers, valid_ip)
        skynet_tracker.track_upload(valid_skylink, 490, valid_auth_headers, valid_ip)
        skynet_tracker.track_upload(valid_skylink, 500, valid_auth_headers, valid_ip)
        skynet_tracker.track_upload(valid_skylink, 502, valid_auth_headers, valid_ip)
        assert.stub(ngx.timer.at).was_not_called()
    end)
    it("should schedule a timer if auth headers are empty", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_upload(valid_skylink, valid_status_code, {}, valid_ip)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_upload_timer,
            valid_skylink,
            {},
            valid_ip
        )
    end)
    it("should log an error if timer failed to create", function()
        stub(ngx, "log")
        ngx.timer.at.invokes(function() return false, "such a failure" end)
        skynet_tracker.track_upload(valid_skylink, valid_status_code, valid_auth_headers, valid_ip)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_upload_timer,
            valid_skylink,
            valid_auth_headers,
            valid_ip
        )
        assert.stub(ngx.log).was_called_with(ngx.ERR, "Failed to create timer: ", "such a failure")
        ngx.log:revert()
    end)
    describe("track_upload_timer", function()
        before_each(function()
            stub(ngx, "log")
        end)
        after_each(function()
            local resty_http = require("resty.http")
            ngx.log:revert()
            resty_http.new:revert()
        end)
        it("should exit early on premature", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 200 } -- return 200 success
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_upload_timer(
                true,
                valid_skylink,
                valid_auth_headers,
                valid_ip
            )
            assert.stub(request_uri).was_not_called()
            assert.stub(ngx.log).was_not_called()
        end)
        it("should make a post request to tracker service", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 204 } -- return 204 success
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_upload_timer(
                false,
                valid_skylink,
                valid_auth_headers,
                valid_ip
            )
            local uri = "http://10.10.10.70:3000/track/upload/" .. valid_skylink
            assert.stub(request_uri).was_called_with(httpc, uri, {
                method = "POST",
                headers = {
                    ["Content-Type"] = "application/x-www-form-urlencoded",
                    ["Skynet-Api-Key"] = "foo",
                },
                body = "ip=" .. valid_ip
            })
            assert.stub(ngx.log).was_not_called()
        end)
        it("should log message on tracker request failure with response code", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 404, body = "baz" } -- return 404 failure
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_upload_timer(
                false,
                valid_skylink,
                valid_auth_headers,
                valid_ip
            )
            local uri = "http://10.10.10.70:3000/track/upload/" .. valid_skylink
            assert.stub(request_uri).was_called_with(httpc, uri, {
                method = "POST",
                headers = {
                    ["Content-Type"] = "application/x-www-form-urlencoded",
                    ["Skynet-Api-Key"] = "foo",
                },
                body = "ip=" .. valid_ip
            })
            assert.stub(ngx.log).was_called_with(
                ngx.ERR,
                "Failed accounts service request /track/upload/" .. valid_skylink .. ": ",
                "[HTTP 404] baz"
            )
        end)
        it("should log message on tracker request error", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return nil, "foo != bar" -- return error
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_upload_timer(
                false,
                valid_skylink,
                valid_auth_headers,
                valid_ip
            )
            local uri = "http://10.10.10.70:3000/track/upload/" .. valid_skylink
            assert.stub(request_uri).was_called_with(httpc, uri, {
                method = "POST",
                headers = {
                    ["Content-Type"] = "application/x-www-form-urlencoded",
                    ["Skynet-Api-Key"] = "foo",
                },
                body = "ip=" .. valid_ip
            })
            assert.stub(ngx.log).was_called_with(
                ngx.ERR,
                "Failed accounts service request /track/upload/" .. valid_skylink .. ": ",
                "foo != bar"
            )
        end)
    end)
 end)
 describe("track_registry", function()
    local status_code_ok = 200
    local status_code_not_found = 404
    local request_method_write = "POST"
    local request_method_read = "GET"
    before_each(function()
        stub(ngx.timer, "at")
    end)
    after_each(function()
        ngx.timer.at:revert()
    end)
    it("should schedule a timer when status code was 200", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_registry(status_code_ok, valid_auth_headers, request_method_write)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_registry_timer,
            valid_auth_headers,
            request_method_write
        )
    end)
    it("should schedule a timer when status code was 404", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_registry(status_code_not_found, valid_auth_headers, request_method_write)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_registry_timer,
            valid_auth_headers,
            request_method_write
        )
    end)
    it("should not schedule a timer if status code is not in 200 or 404", function()
        ngx.timer.at.invokes(function() return true, nil end)
        -- couple of example of invalid 2XX, 4XX and 5XX codes
        skynet_tracker.track_registry(204, valid_auth_headers, request_method_write)
        skynet_tracker.track_registry(206, valid_auth_headers, request_method_write)
        skynet_tracker.track_registry(401, valid_auth_headers, request_method_write)
        skynet_tracker.track_registry(403, valid_auth_headers, request_method_write)
        skynet_tracker.track_registry(490, valid_auth_headers, request_method_write)
        skynet_tracker.track_registry(500, valid_auth_headers, request_method_write)
        skynet_tracker.track_registry(502, valid_auth_headers, request_method_write)
        assert.stub(ngx.timer.at).was_not_called()
    end)
    it("should not schedule a timer if auth headers are empty", function()
        ngx.timer.at.invokes(function() return true, nil end)
        skynet_tracker.track_registry(status_code_ok, {}, request_method_write)
        assert.stub(ngx.timer.at).was_not_called()
    end)
    it("should log an error if timer failed to create", function()
        stub(ngx, "log")
        ngx.timer.at.invokes(function() return false, "such a failure" end)
        skynet_tracker.track_registry(status_code_ok, valid_auth_headers, request_method_write)
        assert.stub(ngx.timer.at).was_called_with(
            0,
            skynet_tracker.track_registry_timer,
            valid_auth_headers,
            request_method_write
        )
        assert.stub(ngx.log).was_called_with(ngx.ERR, "Failed to create timer: ", "such a failure")
        ngx.log:revert()
    end)
    describe("track_registry_timer", function()
        before_each(function()
            stub(ngx, "log")
        end)
        after_each(function()
            local resty_http = require("resty.http")
            ngx.log:revert()
            resty_http.new:revert()
        end)
        it("should exit early on premature", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 200 } -- return 200 success
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_registry_timer(
                true,
                valid_auth_headers,
                request_method_write
            )
            assert.stub(request_uri).was_not_called()
            assert.stub(ngx.log).was_not_called()
        end)
        it("should make a post request to registry write tracker service", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 204 } -- return 204 success
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_registry_timer(
                false,
                valid_auth_headers,
                request_method_write
            )
            local uri = "http://10.10.10.70:3000/track/registry/write"
            assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST", headers = valid_auth_headers })
            assert.stub(ngx.log).was_not_called()
        end)
        it("should make a post request to registry read tracker service", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 204 } -- return 204 success
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_registry_timer(
                false,
                valid_auth_headers,
                request_method_read
            )
            local uri = "http://10.10.10.70:3000/track/registry/read"
            assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST", headers = valid_auth_headers })
            assert.stub(ngx.log).was_not_called()
        end)
        it("should log message on tracker request failure with response code", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return { status = 404, body = "baz" } -- return 404 failure
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_registry_timer(
                false,
                valid_auth_headers,
                request_method_write
            )
            local uri = "http://10.10.10.70:3000/track/registry/write"
            assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST", headers = valid_auth_headers })
            assert.stub(ngx.log).was_called_with(
                ngx.ERR,
                "Failed accounts service request /track/registry/write: ",
                "[HTTP 404] baz"
            )
        end)
        it("should log message on tracker request error", function()
            local resty_http = require("resty.http")
            local request_uri = spy.new(function()
                return nil, "foo != bar" -- return error
            end)
            local httpc = mock({ request_uri = request_uri })
            stub(resty_http, "new").returns(httpc)
            skynet_tracker.track_registry_timer(
                false,
                valid_auth_headers,
                request_method_write
            )
            local uri = "http://10.10.10.70:3000/track/registry/write"
            assert.stub(request_uri).was_called_with(httpc, uri, { method = "POST", headers = valid_auth_headers })
            assert.stub(ngx.log).was_called_with(
                ngx.ERR,
                "Failed accounts service request /track/registry/write: ",
                "foo != bar"
            )
        end)
    end)
 end)
--- a/docker/nginx/libs/skynet/utils.lua
+++ b/docker/nginx/libs/skynet/utils.lua
@ -1,30 +0,0 @@
 local _M = {}
 local ngx_base64 = require("ngx.base64")
 local utils = require("utils")
 function _M.authorization_header()
    -- read api password from env variable
    local apipassword = utils.getenv("SIA_API_PASSWORD")
    -- if api password is not available as env variable, read it from disk
    if not apipassword then
        -- open apipassword file for reading (b flag is required for some reason)
        -- (file /etc/.sia/apipassword has to be mounted from the host system)
        local apipassword_file = io.open("/data/sia/apipassword", "rb")
        -- make sure to throw a meaningful error if apipassword file does not exist
        if not apipassword_file then
            error("Error reading /data/sia/apipassword file")
        end
        -- read apipassword file contents and trim newline (important)
        apipassword = apipassword_file:read("*all"):gsub("%s+", "")
        -- make sure to close file after reading the password
        apipassword_file.close()
    end
    -- encode the user:password authorization string
    -- (in our case user is empty so it is just :password)
    local content = ngx_base64.encode_base64url(":" .. apipassword)
    -- set authorization header with proper base64 encoded string
    return "Basic " .. content
 end
 return _M
--- a/docker/nginx/libs/skynet/utils.spec.lua
+++ b/docker/nginx/libs/skynet/utils.spec.lua
@ -1,65 +0,0 @@
 -- luacheck: ignore io
 local utils = require('utils')
 local skynet_utils = require('skynet.utils')
 describe("authorization_header", function()
    local apipassword = "ddd0c1430fbf2708"
    local expected_header = "Basic OmRkZDBjMTQzMGZiZjI3MDg"
    it("reads SIA_API_PASSWORD from env variable and returns a header", function()
        -- stub getenv on SIA_API_PASSWORD
        stub(utils, "getenv")
        utils.getenv.on_call_with("SIA_API_PASSWORD").returns(apipassword)
        local header = skynet_utils.authorization_header()
        assert.is_equal(header, expected_header)
        -- revert stub to original function
        utils.getenv:revert()
    end)
    it("uses /data/sia/apipassword file if SIA_API_PASSWORD env var is missing", function()
        -- stub /data/sia/apipassword file
        stub(io, "open")
        io.open.on_call_with("/data/sia/apipassword", "rb").returns(mock({
            read = spy.new(function() return apipassword end),
            close = spy.new()
        }))
        local header = skynet_utils.authorization_header()
        assert.is_equal(header, expected_header)
        -- revert stub to original function
        io.open:revert()
    end)
    it("should choose env variable over file if both are available", function()
        -- stub getenv on SIA_API_PASSWORD
        stub(utils, "getenv")
        utils.getenv.on_call_with("SIA_API_PASSWORD").returns(apipassword)
        -- stub /data/sia/apipassword file
        stub(io, "open")
        io.open.on_call_with("/data/sia/apipassword", "rb").returns(mock({
            read = spy.new(function() return "foooooooooooooo" end),
            close = spy.new()
        }))
        local header = skynet_utils.authorization_header()
        assert.is_equal(header, "Basic OmRkZDBjMTQzMGZiZjI3MDg")
        -- revert stubs to original function
        utils.getenv:revert()
        io.open:revert()
    end)
    it("should error out if neither env variable is available nor file exists", function()
        assert.has_error(function()
            skynet_utils.authorization_header()
        end, "Error reading /data/sia/apipassword file")
    end)
 end)
--- a/docker/nginx/libs/utils.lua
+++ b/docker/nginx/libs/utils.lua
@ -1,83 +0,0 @@
 local _M = {}
 -- utility function for checking if table is empty
 function _M.is_table_empty(check)
    -- bind next to local variable to achieve ultimate efficiency
    -- https://stackoverflow.com/a/1252776
    local next = next
    return next(check) == nil
 end
 -- extract full cookie name and value by its name from cookie string
 -- note: name matcher argument is a pattern so you will need to escape
 -- any special characters, read more https://www.lua.org/pil/20.2.html
 function _M.extract_cookie(cookie_string, name_matcher)
    -- nil cookie string safeguard
    if cookie_string == nil then
        return nil
    end
    local start, stop = string.find(cookie_string, name_matcher .. "=[^;]+")
    if start then
        return string.sub(cookie_string, start, stop)
    end
    return nil
 end
 -- extract just the cookie value by its name from cookie string
 -- note: name matcher argument is a pattern so you will need to escape
 -- any special characters, read more https://www.lua.org/pil/20.2.html
 function _M.extract_cookie_value(cookie_string, name_matcher)
    local cookie = _M.extract_cookie(cookie_string, name_matcher)
    if cookie == nil then
        return nil
    end
    local value_start = string.find(cookie, "=") + 1
    return string.sub(cookie, value_start)
 end
 -- utility function that builds on os.getenv to get environment variable value
 -- * will always return nil for both unset and empty env vars
 -- * parse "boolean": "true" and "1" as true, "false" and "0" as false, throws for others
 -- * parse "integer": any numerical string gets converted, otherwise returns nil
 function _M.getenv(name, parse)
    local value = os.getenv(name)
    -- treat empty string value as nil to simplify comparisons
    if value == nil or value == "" then
        return nil
    end
    -- do not parse the value
    if parse == nil then
        return value
    end
    -- try to parse as boolean
    if parse == "boolean" then
        if string.lower(value) == "true" or value == "1" then
            return true
        end
        if string.lower(value) == "false" or value == "0" then
            return false
        end
        error("utils.getenv: Parsing value '" .. tostring(value) .. "' to boolean is not supported")
    end
    -- try to parse as integer
    if parse == "integer" then
        return tonumber(value)
    end
    error("utils.getenv: Parsing to '" .. parse .. "' is not supported")
 end
 return _M
--- a/docker/nginx/libs/utils.spec.lua
+++ b/docker/nginx/libs/utils.spec.lua
@ -1,215 +0,0 @@
 -- luacheck: ignore os
 local utils = require('utils')
 describe("is_table_empty", function()
    it("should return true for empty table", function()
        assert.is_true(utils.is_table_empty({}))
    end)
    it("should return false for not empty table", function()
        assert.is_false(utils.is_table_empty({ ["foo"] = "bar" }))
    end)
 end)
 describe("extract_cookie", function()
    local cookie_string = "aaa=bbb; skynet-jwt=MTY0NzUyr8jD-ytiWtspm0tGabKfooxeIDuWcXhJ3lnY0eEw==; xxx=yyy"
    it("should return nil if cookie string is nil", function()
        local cookie = utils.extract_cookie_value(nil, "aaa")
        assert.is_nil(cookie)
    end)
    it("should return nil if cookie name is not found", function()
        local cookie = utils.extract_cookie(cookie_string, "foo")
        assert.is_nil(cookie)
    end)
    it("should return cookie if cookie_string starts with that cookie name", function()
        local cookie = utils.extract_cookie(cookie_string, "aaa")
        assert.are.equals(cookie, "aaa=bbb")
    end)
    it("should return cookie if cookie_string ends with that cookie name", function()
        local cookie = utils.extract_cookie(cookie_string, "xxx")
        assert.are.equals(cookie, "xxx=yyy")
    end)
    it("should return cookie with custom matcher", function()
        local cookie = utils.extract_cookie(cookie_string, "skynet[-]jwt")
        assert.are.equals(cookie, "skynet-jwt=MTY0NzUyr8jD-ytiWtspm0tGabKfooxeIDuWcXhJ3lnY0eEw==")
    end)
 end)
 describe("extract_cookie_value", function()
    local cookie_string = "aaa=bbb; skynet-jwt=MTY0NzUyr8jD-ytiWtspm0tGabKfooxeIDuWcXhJ3lnY0eEw==; xxx=yyy"
    it("should return nil if cookie string is nil", function()
        local value = utils.extract_cookie_value(nil, "aaa")
        assert.is_nil(value)
    end)
    it("should return nil if cookie name is not found", function()
        local value = utils.extract_cookie_value(cookie_string, "foo")
        assert.is_nil(value)
    end)
    it("should return value if cookie_string starts with that cookie name", function()
        local value = utils.extract_cookie_value(cookie_string, "aaa")
        assert.are.equals(value, "bbb")
    end)
    it("should return cookie if cookie_string ends with that cookie name", function()
        local value = utils.extract_cookie_value(cookie_string, "xxx")
        assert.are.equals(value, "yyy")
    end)
    it("should return cookie with custom matcher", function()
        local value = utils.extract_cookie_value(cookie_string, "skynet[-]jwt")
        assert.are.equals(value, "MTY0NzUyr8jD-ytiWtspm0tGabKfooxeIDuWcXhJ3lnY0eEw==")
    end)
 end)
 describe("getenv", function()
    before_each(function()
        stub(os, "getenv")
    end)
    after_each(function()
        os.getenv:revert()
    end)
    it("should return nil for not existing env var", function()
        os.getenv.on_call_with("foo").returns(nil)
        assert.is_nil(utils.getenv("foo"))
    end)
    it("should return nil for env var that is an empty string", function()
        os.getenv.on_call_with("foo").returns("")
        assert.is_nil(utils.getenv("foo"))
    end)
    it("should return the value as is when it is non empty string", function()
        os.getenv.on_call_with("foo").returns("bar")
        assert.is_equal(utils.getenv("foo"), "bar")
    end)
    describe("parse", function()
        it("should throw on not supported parser", function()
            os.getenv.on_call_with("foo").returns("test")
            assert.has_error(function()
                utils.getenv("foo", "starwars")
            end, "utils.getenv: Parsing to 'starwars' is not supported")
        end)
        describe("as boolean", function()
            it("should return nil for not existing env var", function()
                os.getenv.on_call_with("foo").returns(nil)
                assert.is_nil(utils.getenv("foo", "boolean"))
            end)
            it("should return nil for env var that is an empty string", function()
                os.getenv.on_call_with("foo").returns("")
                assert.is_nil(utils.getenv("foo", "boolean"))
            end)
            it("should parse 'true' string as true", function()
                os.getenv.on_call_with("foo").returns("true")
                assert.is_true(utils.getenv("foo", "boolean"))
            end)
            it("should parse 'True' string as true", function()
                os.getenv.on_call_with("foo").returns("True")
                assert.is_true(utils.getenv("foo", "boolean"))
            end)
            it("should parse '1' string as true", function()
                os.getenv.on_call_with("foo").returns("1")
                assert.is_true(utils.getenv("foo", "boolean"))
            end)
            it("should parse 'false' string as false", function()
                os.getenv.on_call_with("foo").returns("false")
                assert.is_false(utils.getenv("foo", "boolean"))
            end)
            it("should parse 'False' string as false", function()
                os.getenv.on_call_with("foo").returns("False")
                assert.is_false(utils.getenv("foo", "boolean"))
            end)
            it("should parse '0' string as false", function()
                os.getenv.on_call_with("foo").returns("0")
                assert.is_false(utils.getenv("foo", "boolean"))
            end)
            it("should throw an error for not supported string", function()
                os.getenv.on_call_with("foo").returns("mandalorian")
                assert.has_error(function()
                    utils.getenv("foo", "boolean")
                end, "utils.getenv: Parsing value 'mandalorian' to boolean is not supported")
            end)
        end)
        describe("as integer", function()
            it("should return nil for not existing env var", function()
                os.getenv.on_call_with("foo").returns(nil)
                assert.is_nil(utils.getenv("foo", "integer"))
            end)
            it("should return nil for env var that is an empty string", function()
                os.getenv.on_call_with("foo").returns("")
                assert.is_nil(utils.getenv("foo", "integer"))
            end)
            it("should parse '0' string as 0", function()
                os.getenv.on_call_with("foo").returns("0")
                assert.equals(utils.getenv("foo", "integer"), 0)
            end)
            it("should parse '1' string as 1", function()
                os.getenv.on_call_with("foo").returns("1")
                assert.equals(utils.getenv("foo", "integer"), 1)
            end)
            it("should parse '-1' string as -1", function()
                os.getenv.on_call_with("foo").returns("-1")
                assert.equals(utils.getenv("foo", "integer"), -1)
            end)
            it("should return nil for non numerical string", function()
                os.getenv.on_call_with("foo").returns("test")
                assert.is_nil(utils.getenv("foo", "integer"))
            end)
        end)
    end)
 end)
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@ -1,125 +0,0 @@
 # nginx.conf  --  docker-openresty
 #
 # This file is installed to:
 #   `/usr/local/openresty/nginx/conf/nginx.conf`
 # and is the file loaded by nginx at startup,
 # unless the user specifies otherwise.
 #
 # It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
 # section and adds this directive:
 #     `include /etc/nginx/conf.d/*.conf;`
 #
 # The `docker-openresty` file `nginx.vh.default.conf` is copied to
 # `/etc/nginx/conf.d/default.conf`.  It contains the `server section
 # of the upstream `nginx.conf`.
 #
 # See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
 #
 user root;
 worker_processes auto;
 # Enables the use of JIT for regular expressions to speed-up their processing.
 pcre_jit on;
 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
 #error_log  logs/error.log  info;
 #pid        logs/nginx.pid;
 # declare env variables to use it in config
 env PORTAL_DOMAIN;
 env SERVER_DOMAIN;
 env PORTAL_MODULES;
 env ACCOUNTS_LIMIT_ACCESS;
 env SIA_API_PASSWORD;
 events {
    worker_connections 8192;
 }
 http {
    include       mime.types;
    default_type  application/octet-stream;
    lua_package_path "/etc/nginx/libs/?.lua;;";
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" $upstream_response_time '
        '$upstream_bytes_sent $upstream_bytes_received '
        '"$upstream_http_content_type" "$upstream_cache_status" '
        '"$server_alias" "$sent_http_skynet_skylink" '
        '$upstream_connect_time $upstream_header_time '
        '$request_time "$hns_domain" "$skylink" $upstream_http_skynet_cache_ratio';
    access_log  logs/access.log  main;
    # See Move default writable paths to a dedicated directory (#119)
    # https://github.com/openresty/docker-openresty/issues/119
    client_body_temp_path /var/run/openresty/nginx-client-body;
    proxy_temp_path       /var/run/openresty/nginx-proxy;
    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
    scgi_temp_path        /var/run/openresty/nginx-scgi;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    # globally enable http 1.1 on all proxied requests
    # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
    proxy_http_version 1.1;
    # proxy cache definition
    proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=skynet:10m max_size=50g min_free=100g inactive=48h use_temp_path=off;
    # this runs before forking out nginx worker processes
    init_by_lua_block { 
        require "cjson"
        require "resty.http"
        require "skynet.skylink"
        require "skynet.utils"
    }
    # include skynet-portal-api and skynet-server-api header on every request
    header_filter_by_lua_block {
        ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
        ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
    }
    # ratelimit specified IPs
    geo $limit {
        default 0;
        include /etc/nginx/conf.d/include/ratelimited;
    }
    map $limit $limit_key {
        0 "";
        1 $binary_remote_addr;
    }
    limit_req_zone $binary_remote_addr zone=uploads_by_ip:10m rate=10r/s;
    limit_req_zone $limit_key zone=uploads_by_ip_throttled:10m rate=10r/m;
    limit_req_zone $binary_remote_addr zone=registry_access_by_ip:10m rate=60r/m;
    limit_req_zone $limit_key zone=registry_access_by_ip_throttled:10m rate=20r/m;
    limit_conn_zone $binary_remote_addr zone=upload_conn:10m;
    limit_conn_zone $limit_key zone=upload_conn_rl:10m;
    limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
    limit_req_status 429;
    limit_conn_status 429;
    # Add X-Forwarded-* headers
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/conf.extra.d/*.conf;
 }
--- a/docker/nginx/testing/.luacov
+++ b/docker/nginx/testing/.luacov
@ -1,6 +0,0 @@
 exclude = { 
    "/usr/local/openresty", -- internal openresty libraries
    "rbusted", -- busted executable
    "basexx", -- external library https://github.com/aiq/basexx
 }
 includeuntestedfiles = true
--- a/docker/nginx/testing/Dockerfile
+++ b/docker/nginx/testing/Dockerfile
@ -1,11 +0,0 @@
 FROM openresty/openresty:1.19.9.1-focal
 WORKDIR /etc/nginx
 RUN luarocks install lua-resty-http && \
    luarocks install hasher && \
    luarocks install busted
 COPY rbusted /etc/nginx/
 CMD ["/etc/nginx/rbusted", "--verbose", "--pattern=spec", "/usr/local/openresty/site/lualib"]
--- a/docker/nginx/testing/README.md
+++ b/docker/nginx/testing/README.md
@ -1,3 +0,0 @@
 # Running tests locally
 `docker run -v $(pwd)/docker/nginx/libs:/usr/local/openresty/site/lualib --rm -it $(docker build -q docker/nginx/testing)`
--- a/docker/nginx/testing/rbusted
+++ b/docker/nginx/testing/rbusted
@ -1,8 +0,0 @@
 #!/usr/bin/env resty
 setmetatable(_G, nil)
 pcall(require, "luarocks.loader")
 -- Busted command-line runner
 require "busted.runner"({ standalone = false })
--- a/docker/sia/Dockerfile
+++ b/docker/sia/Dockerfile
@ -1,16 +0,0 @@
 FROM golang:1.16.7 AS sia-builder
 ENV GOOS linux
 ENV GOARCH amd64
 ARG branch=portal-latest
 RUN git clone https://gitlab.com/SkynetLabs/skyd.git Sia --single-branch --branch ${branch} && \
    make release --directory Sia
 FROM nebulouslabs/sia:1.5.6
 COPY --from=sia-builder /go/bin/ /usr/bin/
 RUN if [ -f "/usr/bin/skyd" ]; then mv /usr/bin/skyd /usr/bin/siad; fi && \
    if [ -f "/usr/bin/skyc" ]; then mv /usr/bin/skyc /usr/bin/siac; fi
--- a/packages/dashboard-v2/.eslintignore
+++ b/packages/dashboard-v2/.eslintignore
@ -1,4 +0,0 @@
 node_modules/
 .cache/
 public/
 storybook-build/
--- a/packages/dashboard-v2/.eslintrc.js
+++ b/packages/dashboard-v2/.eslintrc.js
@ -1,6 +0,0 @@
 module.exports = {
  globals: {
    __PATH_PREFIX__: true,
  },
  extends: ["react-app", "plugin:storybook/recommended"],
 };
--- a/packages/dashboard-v2/.gitignore
+++ b/packages/dashboard-v2/.gitignore
@ -1,4 +0,0 @@
 node_modules/
 .cache/
 public/
 storybook-build/
--- a/packages/dashboard-v2/.prettierignore
+++ b/packages/dashboard-v2/.prettierignore
@ -1,4 +0,0 @@
 node_modules/
 .cache/
 public/
 storybook-build/
--- a/packages/dashboard-v2/.prettierrc.json
+++ b/packages/dashboard-v2/.prettierrc.json
@ -1,3 +0,0 @@
 {
  "printWidth": 120
 }
--- a/packages/dashboard-v2/.storybook/main.js
+++ b/packages/dashboard-v2/.storybook/main.js
@ -1,19 +0,0 @@
 module.exports = {
  stories: ["../src/**/*.stories.@(js|jsx|ts|tsx)"],
  addons: [
    "@storybook/addon-links",
    "@storybook/addon-essentials",
    "storybook-addon-gatsby",
    {
      name: "@storybook/addon-postcss",
      options: {
        postcssLoaderOptions: {
          implementation: require("postcss"),
        },
      },
    },
  ],
  core: {
    builder: "webpack5",
  },
 };
--- a/packages/dashboard-v2/.storybook/preview.js
+++ b/packages/dashboard-v2/.storybook/preview.js
@ -1,20 +0,0 @@
 import "tailwindcss/tailwind.css";
 import "@fontsource/sora/300.css"; // light
 import "@fontsource/sora/400.css"; // normal
 import "@fontsource/sora/500.css"; // medium
 import "@fontsource/sora/600.css"; // semibold
 import "@fontsource/source-sans-pro/400.css"; // normal
 import "@fontsource/source-sans-pro/600.css"; // semibold
 import "../src/styles/global.css";
 export const parameters = {
  actions: { argTypesRegex: "^on[A-Z].*" },
  controls: {
    matchers: {
      color: /(background|color)$/i,
      date: /Date$/,
    },
  },
  layout: "fullscreen",
 };
--- a/packages/dashboard-v2/Dockerfile
+++ b/packages/dashboard-v2/Dockerfile
@ -1,18 +0,0 @@
 FROM node:16.14.2-alpine
 WORKDIR /usr/app
 COPY package.json \
     yarn.lock \
     ./
 RUN yarn --frozen-lockfile
 COPY static ./static
 COPY src ./src
 COPY gatsby*.js \
     postcss.config.js \
     tailwind.config.js \
     ./
 CMD ["sh", "-c", "yarn build && yarn serve --host 0.0.0.0 -p 9000"]
--- a/packages/dashboard-v2/README.md
+++ b/packages/dashboard-v2/README.md
@ -1,30 +0,0 @@
 # Skynet Account Dashboard
 Code behind [account.skynetpro.net](https://account.skynetpro.net/)
 ## Development
 This is a Gatsby application. To run it locally, all you need is:
 - `yarn install`
 - `yarn start`
 ## Accessing remote APIs
 To have a fully functioning local environment, you'll need to make the browser believe you're actually on the same domain as a working API (i.e. a remote dev or production server) -- otherwise the browser will block the session cookie.
 To do the trick, configure proper environment variables in the `.env.development` file.
 This file allows to easily control which domain name you want to use locally and which API you'd like to access.
 Example:
 ```env
 GATSBY_PORTAL_DOMAIN=skynetfree.net # Use skynetfree.net APIs
 GATSBY_HOST=local.skynetfree.net # Address of your local build
 ```
 > It's recommended to keep the 2LD the same, so any cookies dispatched by the API work without issues.
 With the file configured, run `yarn develop:secure` -- it will run `gatsby develop` with `--https -p=443` options.
 If you're on macOS, you may need to `sudo` the command to successfully bind to port `443` (https).
 Gatsby will automatically add a proper entry to your `/etc/hosts` file and clean it up when process exits.
--- a/packages/dashboard-v2/gatsby-browser.js
+++ b/packages/dashboard-v2/gatsby-browser.js
@ -1,32 +0,0 @@
 import * as React from "react";
 import { SWRConfig } from "swr";
 import { Elements } from "@stripe/react-stripe-js";
 import { loadStripe } from "@stripe/stripe-js";
 import "@fontsource/sora/300.css"; // light
 import "@fontsource/sora/400.css"; // normal
 import "@fontsource/sora/500.css"; // medium
 import "@fontsource/sora/600.css"; // semibold
 import "@fontsource/source-sans-pro/400.css"; // normal
 import "@fontsource/source-sans-pro/600.css"; // semibold
 import "./src/styles/global.css";
 import swrConfig from "./src/lib/swrConfig";
 import { MODAL_ROOT_ID } from "./src/components/Modal";
 import { PortalSettingsProvider } from "./src/contexts/portal-settings";
 const stripePromise = loadStripe(process.env.GATSBY_STRIPE_PUBLISHABLE_KEY);
 export function wrapPageElement({ element, props }) {
  const Layout = element.type.Layout ?? React.Fragment;
  return (
    <PortalSettingsProvider>
      <SWRConfig value={swrConfig}>
        <Elements stripe={stripePromise}>
          <Layout {...props}>
            {element}
            <div id={MODAL_ROOT_ID} />
          </Layout>
        </Elements>
      </SWRConfig>
    </PortalSettingsProvider>
  );
 }
--- a/packages/dashboard-v2/gatsby-config.js
+++ b/packages/dashboard-v2/gatsby-config.js
@ -1,57 +0,0 @@
 require("dotenv").config({
  path: `.env.${process.env.NODE_ENV}`,
 });
 const { createProxyMiddleware } = require("http-proxy-middleware");
 const { GATSBY_PORTAL_DOMAIN } = process.env;
 module.exports = {
  siteMetadata: {
    title: `Account Dashboard`,
    siteUrl: `https://account.${GATSBY_PORTAL_DOMAIN}`,
  },
  pathPrefix: "/v2",
  trailingSlash: "never",
  plugins: [
    "gatsby-plugin-image",
    "gatsby-plugin-provide-react",
    "gatsby-plugin-react-helmet",
    "gatsby-plugin-sharp",
    "gatsby-transformer-sharp",
    "gatsby-plugin-styled-components",
    "gatsby-plugin-postcss",
    {
      resolve: "gatsby-source-filesystem",
      options: {
        name: "images",
        path: "./static/images/",
      },
      __key: "images",
    },
  ],
  developMiddleware: (app) => {
    // Proxy Accounts service API requests:
    app.use(
      "/api/",
      createProxyMiddleware({
        target: `https://account.${GATSBY_PORTAL_DOMAIN}`,
        secure: false, // Do not reject self-signed certificates.
        changeOrigin: true,
      })
    );
    // Proxy /skynet requests (e.g. uploads)
    app.use(
      ["/skynet", "/__internal/"],
      createProxyMiddleware({
        target: `https://${GATSBY_PORTAL_DOMAIN}`,
        secure: false, // Do not reject self-signed certificates.
        changeOrigin: true,
        pathRewrite: {
          "^/skynet": "",
        },
      })
    );
  },
 };
--- a/packages/dashboard-v2/gatsby-ssr.js
+++ b/packages/dashboard-v2/gatsby-ssr.js
@ -1,32 +0,0 @@
 import * as React from "react";
 import { SWRConfig } from "swr";
 import { Elements } from "@stripe/react-stripe-js";
 import { loadStripe } from "@stripe/stripe-js";
 import "@fontsource/sora/300.css"; // light
 import "@fontsource/sora/400.css"; // normal
 import "@fontsource/sora/500.css"; // medium
 import "@fontsource/sora/600.css"; // semibold
 import "@fontsource/source-sans-pro/400.css"; // normal
 import "@fontsource/source-sans-pro/600.css"; // semibold
 import "./src/styles/global.css";
 import swrConfig from "./src/lib/swrConfig";
 import { MODAL_ROOT_ID } from "./src/components/Modal";
 import { PortalSettingsProvider } from "./src/contexts/portal-settings";
 const stripePromise = loadStripe(process.env.GATSBY_STRIPE_PUBLISHABLE_KEY);
 export function wrapPageElement({ element, props }) {
  const Layout = element.type.Layout ?? React.Fragment;
  return (
    <PortalSettingsProvider>
      <SWRConfig value={swrConfig}>
        <Elements stripe={stripePromise}>
          <Layout {...props}>
            {element}
            <div id={MODAL_ROOT_ID} />
          </Layout>
        </Elements>
      </SWRConfig>
    </PortalSettingsProvider>
  );
 }
--- a/packages/dashboard-v2/package.json
+++ b/packages/dashboard-v2/package.json
@ -1,84 +0,0 @@
 {
  "name": "accounts-dashboard",
  "version": "1.0.0",
  "private": true,
  "description": "Accounts Dashboard",
  "author": "Skynet Labs",
  "keywords": [
    "gatsby"
  ],
  "scripts": {
    "develop": "gatsby develop",
    "develop:secure": "dotenv -e .env.development -- gatsby develop --https -p=443",
    "start": "gatsby develop",
    "build": "gatsby build --prefix-paths",
    "serve": "gatsby serve --prefix-paths",
    "clean": "gatsby clean",
    "lint": "eslint .",
    "prettier": "prettier .",
    "storybook": "start-storybook -p 6006",
    "build-storybook": "build-storybook -o storybook-build"
  },
  "dependencies": {
    "@fontsource/sora": "^4.5.3",
    "@fontsource/source-sans-pro": "^4.5.3",
    "@stripe/react-stripe-js": "^1.7.1",
    "@stripe/stripe-js": "^1.27.0",
    "classnames": "^2.3.1",
    "copy-text-to-clipboard": "^3.0.1",
    "dayjs": "^1.10.8",
    "formik": "^2.2.9",
    "gatsby": "^4.6.2",
    "gatsby-plugin-postcss": "^5.7.0",
    "http-status-codes": "^2.2.0",
    "ky": "^0.30.0",
    "nanoid": "^3.3.1",
    "path-browserify": "^1.0.1",
    "postcss": "^8.4.6",
    "react": "^17.0.1",
    "react-dom": "^17.0.1",
    "react-dropzone": "^12.0.4",
    "react-helmet": "^6.1.0",
    "react-use": "^17.3.2",
    "skynet-js": "4.0.27-beta",
    "swr": "^1.2.2",
    "tailwindcss": "^3.0.23",
    "yup": "^0.32.11"
  },
  "devDependencies": {
    "@babel/core": "^7.17.4",
    "@storybook/addon-actions": "^6.4.19",
    "@storybook/addon-essentials": "^6.4.19",
    "@storybook/addon-interactions": "^6.4.19",
    "@storybook/addon-links": "^6.4.19",
    "@storybook/addon-postcss": "^2.0.0",
    "@storybook/builder-webpack5": "^6.4.19",
    "@storybook/manager-webpack5": "^6.4.19",
    "@storybook/react": "^6.4.19",
    "@storybook/testing-library": "^0.0.9",
    "autoprefixer": "^10.4.2",
    "babel-eslint": "^10.1.0",
    "babel-loader": "^8.2.3",
    "babel-plugin-preval": "^5.1.0",
    "babel-plugin-styled-components": "^2.0.2",
    "dotenv": "^16.0.0",
    "dotenv-cli": "^5.1.0",
    "eslint": "^8.9.0",
    "eslint-config-react-app": "^7.0.0",
    "eslint-plugin-storybook": "^0.5.6",
    "gatsby-plugin-alias-imports": "^1.0.5",
    "gatsby-plugin-image": "^2.6.0",
    "gatsby-plugin-preval": "^1.0.0",
    "gatsby-plugin-provide-react": "^1.0.2",
    "gatsby-plugin-react-helmet": "^5.6.0",
    "gatsby-plugin-sharp": "^4.6.0",
    "gatsby-plugin-styled-components": "^5.8.0",
    "gatsby-source-filesystem": "^4.6.0",
    "gatsby-transformer-sharp": "^4.6.0",
    "http-proxy-middleware": "^1.3.1",
    "prettier": "2.5.1",
    "react-is": "^17.0.2",
    "storybook-addon-gatsby": "^0.0.5",
    "styled-components": "^5.3.3"
  }
 }
--- a/packages/dashboard-v2/postcss.config.js
+++ b/packages/dashboard-v2/postcss.config.js
@ -1,3 +0,0 @@
 module.exports = {
  plugins: [require("tailwindcss/nesting"), require("tailwindcss"), require("autoprefixer")],
 };
--- a/packages/dashboard-v2/src/components/APIKeyList/APIKey.js
+++ b/packages/dashboard-v2/src/components/APIKeyList/APIKey.js
@ -1,157 +0,0 @@
 import dayjs from "dayjs";
 import cn from "classnames";
 import { useCallback, useState } from "react";
 import { Alert } from "../Alert";
 import { Button } from "../Button";
 import { AddSkylinkToSponsorKeyForm } from "../forms/AddSkylinkToSponsorKeyForm";
 import { CogIcon, TrashIcon } from "../Icons";
 import { Modal } from "../Modal";
 import { useAPIKeyEdit } from "./useAPIKeyEdit";
 import { useAPIKeyRemoval } from "./useAPIKeyRemoval";
 export const APIKey = ({ apiKey, onRemoved, onEdited, onRemovalError }) => {
  const { id, name, createdAt, skylinks } = apiKey;
  const isSponsorKey = apiKey.public === "true";
  const [error, setError] = useState(null);
  const onSkylinkListEdited = useCallback(() => {
    setError(null);
    onEdited();
  }, [onEdited]);
  const onSkylinkListEditFailure = (errorMessage) => setError(errorMessage);
  const {
    removalError,
    removalInitiated,
    prompt: promptRemoval,
    abort: abortRemoval,
    confirm: confirmRemoval,
  } = useAPIKeyRemoval({
    key: apiKey,
    onSuccess: onRemoved,
    onFailure: onRemovalError,
  });
  const {
    editInitiated,
    prompt: promptEdit,
    abort: abortEdit,
    addSkylink,
    removeSkylink,
  } = useAPIKeyEdit({
    key: apiKey,
    onSkylinkListUpdate: onSkylinkListEdited,
    onSkylinkListUpdateFailure: onSkylinkListEditFailure,
  });
  const closeEditModal = useCallback(() => {
    setError(null);
    abortEdit();
  }, [abortEdit]);
  const skylinksNumber = skylinks?.length ?? 0;
  const isNotConfigured = isSponsorKey && skylinksNumber === 0;
  const skylinksPhrasePrefix = skylinksNumber === 0 ? "No" : skylinksNumber;
  const skylinksPhrase = `${skylinksPhrasePrefix} ${skylinksNumber === 1 ? "skylink" : "skylinks"} sponsored`;
  return (
    <li
      className={cn(
        "grid grid-cols-2 sm:grid-cols-[1fr_repeat(2,_max-content)] py-3 px-4 gap-x-8 items-center bg-white odd:bg-palette-100/50"
      )}
    >
      <span className="col-span-2 sm:col-span-1 flex items-center">
        <span className="flex flex-col">
          <span className={cn("truncate", { "text-palette-300": !name })}>{name || "unnamed key"}</span>
          {isSponsorKey && (
            <button
              onClick={promptEdit}
              className={cn("text-xs hover:underline decoration-dotted", {
                "text-error": isNotConfigured,
                "text-palette-400": !isNotConfigured,
              })}
            >
              {skylinksPhrase}
            </button>
          )}
        </span>
      </span>
      <span className="col-span-2 my-4 border-t border-t-palette-200/50 sm:hidden" />
      <span className="text-palette-400">{dayjs(createdAt).format("MMM DD, YYYY")}</span>
      <span className="flex items-center justify-end">
        {isSponsorKey && (
          <button
            title="Add or remove skylinks"
            aria-label="Add or remove skylinks"
            className="p-1 transition-colors hover:text-primary"
            onClick={promptEdit}
          >
            <CogIcon size={22} />
          </button>
        )}
        <button
          title="Delete this API key"
          aria-label="Delete this API key"
          className="p-1 transition-colors hover:text-error"
          onClick={promptRemoval}
        >
          <TrashIcon size={16} />
        </button>
      </span>
      {removalInitiated && (
        <Modal onClose={abortRemoval} className="flex flex-col gap-4 text-center">
          <h4>Delete API key</h4>
          <div>
            <p>Are you sure you want to delete the following API key?</p>
            <p className="font-semibold">{name || id}</p>
          </div>
          {removalError && <Alert $variant="error">{removalError}</Alert>}
          <div className="flex gap-4 justify-center mt-4">
            <Button $primary onClick={abortRemoval}>
              Cancel
            </Button>
            <Button onClick={confirmRemoval}>Delete</Button>
          </div>
        </Modal>
      )}
      {editInitiated && (
        <Modal onClose={closeEditModal} className="flex flex-col gap-4 text-center sm:px-8 sm:py-6">
          <h4>Sponsored skylinks</h4>
          {skylinks?.length > 0 ? (
            <ul className="text-xs flex flex-col gap-2">
              {skylinks.map((skylink) => (
                <li key={skylink} className="grid grid-cols-[1fr_min-content] w-full gap-4 items-center">
                  <code className="whitespace-nowrap select-all truncate bg-palette-100 odd:bg-white p-1">
                    {skylink}
                  </code>
                  <button
                    className="p-1 transition-colors hover:text-error"
                    onClick={() => removeSkylink(skylink)}
                    aria-label="Remove skylink"
                  >
                    <TrashIcon size={16} />
                  </button>
                </li>
              ))}
            </ul>
          ) : (
            <Alert $variant="info">No skylinks here yet. You can add the first one below 🙃</Alert>
          )}
          <div className="flex flex-col gap-4">
            {error && <Alert $variant="error">{error}</Alert>}
            <AddSkylinkToSponsorKeyForm addSkylink={addSkylink} />
          </div>
          <div className="flex gap-4 justify-center mt-4">
            <Button onClick={closeEditModal}>Close</Button>
          </div>
        </Modal>
      )}
    </li>
  );
 };
--- a/packages/dashboard-v2/src/components/APIKeyList/APIKeyList.js
+++ b/packages/dashboard-v2/src/components/APIKeyList/APIKeyList.js
@ -1,14 +0,0 @@
 import { APIKey } from "./APIKey";
 export const APIKeyList = ({ keys, reloadKeys, title }) => {
  return (
    <>
      <h6 className="text-palette-300 mb-4">{title}</h6>
      <ul className="mt-4">
        {keys.map((key) => (
          <APIKey key={key.id} apiKey={key} onEdited={reloadKeys} onRemoved={reloadKeys} />
        ))}
      </ul>
    </>
  );
 };
--- a/packages/dashboard-v2/src/components/APIKeyList/index.js
+++ b/packages/dashboard-v2/src/components/APIKeyList/index.js
@ -1 +0,0 @@
 export * from "./APIKeyList";
--- a/packages/dashboard-v2/src/components/APIKeyList/useAPIKeyEdit.js
+++ b/packages/dashboard-v2/src/components/APIKeyList/useAPIKeyEdit.js
@ -1,43 +0,0 @@
 import { useCallback, useState } from "react";
 import accountsService from "../../services/accountsService";
 export const useAPIKeyEdit = ({ key, onSkylinkListUpdate, onSkylinkListUpdateFailure }) => {
  const [editInitiated, setEditInitiated] = useState(false);
  const prompt = () => setEditInitiated(true);
  const abort = () => setEditInitiated(false);
  const updateSkylinkList = useCallback(
    async (action, skylink) => {
      try {
        await accountsService.patch(`user/apikeys/${key.id}`, {
          json: {
            [action]: [skylink],
          },
        });
        onSkylinkListUpdate();
        return true;
      } catch (err) {
        if (err.response) {
          const { message } = await err.response.json();
          onSkylinkListUpdateFailure(message);
        } else {
          onSkylinkListUpdateFailure("Unknown error occured, please try again.");
        }
        return false;
      }
    },
    [onSkylinkListUpdate, onSkylinkListUpdateFailure, key]
  );
  const addSkylink = (skylink) => updateSkylinkList("add", skylink);
  const removeSkylink = (skylink) => updateSkylinkList("remove", skylink);
  return {
    editInitiated,
    prompt,
    abort,
    addSkylink,
    removeSkylink,
  };
 };
--- a/packages/dashboard-v2/src/components/APIKeyList/useAPIKeyRemoval.js
+++ b/packages/dashboard-v2/src/components/APIKeyList/useAPIKeyRemoval.js
@ -1,41 +0,0 @@
 import { useCallback, useState } from "react";
 import accountsService from "../../services/accountsService";
 export const useAPIKeyRemoval = ({ key, onSuccess }) => {
  const [removalInitiated, setRemovalInitiated] = useState(false);
  const [removalError, setRemovalError] = useState(null);
  const prompt = () => {
    setRemovalError(null);
    setRemovalInitiated(true);
  };
  const abort = () => setRemovalInitiated(false);
  const confirm = useCallback(async () => {
    setRemovalError(null);
    try {
      await accountsService.delete(`user/apikeys/${key.id}`);
      setRemovalInitiated(false);
      onSuccess();
    } catch (err) {
      let message = "There was an error processing your request. Please try again later.";
      if (err.response) {
        const response = await err.response.json();
        if (response.message) {
          message = response.message;
        }
      }
      setRemovalError(message);
    }
  }, [onSuccess, key]);
  return {
    removalInitiated,
    removalError,
    prompt,
    abort,
    confirm,
  };
 };
--- a/packages/dashboard-v2/src/components/Alert/Alert.js
+++ b/packages/dashboard-v2/src/components/Alert/Alert.js
@ -1,10 +0,0 @@
 import styled from "styled-components";
 import cn from "classnames";
 export const Alert = styled.div.attrs(({ $variant }) => ({
  className: cn("px-3 py-2 sm:px-6 sm:py-4 rounded border", {
    "bg-blue-100 border-blue-200 text-palette-400": $variant === "info",
    "bg-red-100 border-red-200 text-error": $variant === "error",
    "bg-green-100 border-green-200 text-palette-400": $variant === "success",
  }),
 }))``;
--- a/packages/dashboard-v2/src/components/Alert/index.js
+++ b/packages/dashboard-v2/src/components/Alert/index.js
@ -1 +0,0 @@
 export * from "./Alert";
--- a/packages/dashboard-v2/src/components/AvatarUploader/AvatarUploader.js
+++ b/packages/dashboard-v2/src/components/AvatarUploader/AvatarUploader.js
@ -1,36 +0,0 @@
 import { useEffect, useState } from "react";
 import { useUser } from "../../contexts/user";
 // import { SimpleUploadIcon } from "../Icons";
 import avatarPlaceholder from "../../../static/images/avatar-placeholder.svg";
 export const AvatarUploader = (props) => {
  const { user } = useUser();
  const [imageUrl, setImageUrl] = useState(avatarPlaceholder);
  useEffect(() => {
    setImageUrl(user.avatarUrl ?? avatarPlaceholder);
  }, [user]);
  return (
    <div {...props}>
      <div
        className={`flex justify-center items-center xl:w-[245px] xl:h-[245px] bg-contain bg-none xl:bg-[url(/images/avatar-bg.svg)]`}
      >
        <img src={imageUrl} className="w-[160px]" alt="" />
      </div>
      {/* TODO: uncomment when avatar uploads work
      <div className="flex justify-center">
        <button
          className="flex items-center gap-4 hover:underline decoration-1 decoration-dashed underline-offset-2 decoration-gray-400"
          type="button"
          onClick={console.info.bind(console)}
        >
          <SimpleUploadIcon size={20} className="shrink-0" /> Upload profile picture
        </button>
      </div>
      */}
    </div>
  );
 };
--- a/packages/dashboard-v2/src/components/AvatarUploader/index.js
+++ b/packages/dashboard-v2/src/components/AvatarUploader/index.js
@ -1 +0,0 @@
 export * from "./AvatarUploader";
--- a/Show More
+++ b/Show More
		`@ -1,3 +0,0 @@`
			`# Running tests locally`

			`docker run -v $(pwd)/docker/nginx/libs:/usr/local/openresty/site/lualib --rm -it $(docker build -q docker/nginx/testing)`