Refactor server code (#407)

2025-07-09 01:18:04 +02:00 · 2025-01-20 01:57:39 +01:00
parent 4c5a7bda63
commit f935ee1a7e
69 changed files with 4357 additions and 3337 deletions
--- a/internal/web/handlers/admin/actions.go
+++ b/internal/web/handlers/admin/actions.go
@ -0,0 +1,42 @@
+package admin
+
+import (
+	"github.com/thomiceli/opengist/internal/actions"
+	"github.com/thomiceli/opengist/internal/web/context"
+)
+
+func AdminSyncReposFromFS(ctx *context.Context) error {
+	ctx.AddFlash(ctx.Tr("flash.admin.sync-fs"), "success")
+	go actions.Run(actions.SyncReposFromFS)
+	return ctx.RedirectTo("/admin-panel")
+}
+
+func AdminSyncReposFromDB(ctx *context.Context) error {
+	ctx.AddFlash(ctx.Tr("flash.admin.sync-db"), "success")
+	go actions.Run(actions.SyncReposFromDB)
+	return ctx.RedirectTo("/admin-panel")
+}
+
+func AdminGcRepos(ctx *context.Context) error {
+	ctx.AddFlash(ctx.Tr("flash.admin.git-gc"), "success")
+	go actions.Run(actions.GitGcRepos)
+	return ctx.RedirectTo("/admin-panel")
+}
+
+func AdminSyncGistPreviews(ctx *context.Context) error {
+	ctx.AddFlash(ctx.Tr("flash.admin.sync-previews"), "success")
+	go actions.Run(actions.SyncGistPreviews)
+	return ctx.RedirectTo("/admin-panel")
+}
+
+func AdminResetHooks(ctx *context.Context) error {
+	ctx.AddFlash(ctx.Tr("flash.admin.reset-hooks"), "success")
+	go actions.Run(actions.ResetHooks)
+	return ctx.RedirectTo("/admin-panel")
+}
+
+func AdminIndexGists(ctx *context.Context) error {
+	ctx.AddFlash(ctx.Tr("flash.admin.index-gists"), "success")
+	go actions.Run(actions.IndexGists)
+	return ctx.RedirectTo("/admin-panel")
+}
--- a/internal/web/handlers/admin/admin.go
+++ b/internal/web/handlers/admin/admin.go
@ -0,0 +1,203 @@
+package admin
+
+import (
+	"github.com/thomiceli/opengist/internal/actions"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/git"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"github.com/thomiceli/opengist/internal/web/handlers"
+	"runtime"
+	"strconv"
+	"time"
+)
+
+func AdminIndex(ctx *context.Context) error {
+	ctx.SetData("htmlTitle", ctx.TrH("admin.admin_panel"))
+	ctx.SetData("adminHeaderPage", "index")
+
+	ctx.SetData("opengistVersion", config.OpengistVersion)
+	ctx.SetData("goVersion", runtime.Version())
+	gitVersion, err := git.GetGitVersion()
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get git version", err)
+	}
+	ctx.SetData("gitVersion", gitVersion)
+
+	countUsers, err := db.CountAll(&db.User{})
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot count users", err)
+	}
+	ctx.SetData("countUsers", countUsers)
+
+	countGists, err := db.CountAll(&db.Gist{})
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot count gists", err)
+	}
+	ctx.SetData("countGists", countGists)
+
+	countKeys, err := db.CountAll(&db.SSHKey{})
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot count SSH keys", err)
+	}
+	ctx.SetData("countKeys", countKeys)
+
+	ctx.SetData("syncReposFromFS", actions.IsRunning(actions.SyncReposFromFS))
+	ctx.SetData("syncReposFromDB", actions.IsRunning(actions.SyncReposFromDB))
+	ctx.SetData("gitGcRepos", actions.IsRunning(actions.GitGcRepos))
+	ctx.SetData("syncGistPreviews", actions.IsRunning(actions.SyncGistPreviews))
+	ctx.SetData("resetHooks", actions.IsRunning(actions.ResetHooks))
+	ctx.SetData("indexGists", actions.IsRunning(actions.IndexGists))
+	return ctx.Html("admin_index.html")
+}
+
+func AdminUsers(ctx *context.Context) error {
+	ctx.SetData("htmlTitle", ctx.TrH("admin.users")+" - "+ctx.TrH("admin.admin_panel"))
+	ctx.SetData("adminHeaderPage", "users")
+	ctx.SetData("loadStartTime", time.Now())
+
+	pageInt := handlers.GetPage(ctx)
+
+	var data []*db.User
+	var err error
+	if data, err = db.GetAllUsers(pageInt - 1); err != nil {
+		return ctx.ErrorRes(500, "Cannot get users", err)
+	}
+
+	if err = handlers.Paginate(ctx, data, pageInt, 10, "data", "admin-panel/users", 1); err != nil {
+		return ctx.ErrorRes(404, ctx.Tr("error.page-not-found"), nil)
+	}
+
+	return ctx.Html("admin_users.html")
+}
+
+func AdminGists(ctx *context.Context) error {
+	ctx.SetData("htmlTitle", ctx.TrH("admin.gists")+" - "+ctx.TrH("admin.admin_panel"))
+	ctx.SetData("adminHeaderPage", "gists")
+	pageInt := handlers.GetPage(ctx)
+
+	var data []*db.Gist
+	var err error
+	if data, err = db.GetAllGists(pageInt - 1); err != nil {
+		return ctx.ErrorRes(500, "Cannot get gists", err)
+	}
+
+	if err = handlers.Paginate(ctx, data, pageInt, 10, "data", "admin-panel/gists", 1); err != nil {
+		return ctx.ErrorRes(404, ctx.Tr("error.page-not-found"), nil)
+	}
+
+	return ctx.Html("admin_gists.html")
+}
+
+func AdminUserDelete(ctx *context.Context) error {
+	userId, _ := strconv.ParseUint(ctx.Param("user"), 10, 64)
+	user, err := db.GetUserById(uint(userId))
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot retrieve user", err)
+	}
+
+	if err := user.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete this user", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.admin.user-deleted"), "success")
+	return ctx.RedirectTo("/admin-panel/users")
+}
+
+func AdminGistDelete(ctx *context.Context) error {
+	gist, err := db.GetGistByID(ctx.Param("gist"))
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot retrieve gist", err)
+	}
+
+	if err = gist.DeleteRepository(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete the repository", err)
+	}
+
+	if err = gist.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete this gist", err)
+	}
+
+	gist.RemoveFromIndex()
+
+	ctx.AddFlash(ctx.Tr("flash.admin.gist-deleted"), "success")
+	return ctx.RedirectTo("/admin-panel/gists")
+}
+
+func AdminConfig(ctx *context.Context) error {
+	ctx.SetData("htmlTitle", ctx.TrH("admin.configuration")+" - "+ctx.TrH("admin.admin_panel"))
+	ctx.SetData("adminHeaderPage", "config")
+
+	ctx.SetData("dbtype", db.DatabaseInfo.Type.String())
+	ctx.SetData("dbname", db.DatabaseInfo.Database)
+
+	return ctx.Html("admin_config.html")
+}
+
+func AdminSetConfig(ctx *context.Context) error {
+	key := ctx.FormValue("key")
+	value := ctx.FormValue("value")
+
+	if err := db.UpdateSetting(key, value); err != nil {
+		return ctx.ErrorRes(500, "Cannot set setting", err)
+	}
+
+	return ctx.JSON(200, map[string]interface{}{
+		"success": true,
+	})
+}
+
+func AdminInvitations(ctx *context.Context) error {
+	ctx.SetData("htmlTitle", ctx.TrH("admin.invitations")+" - "+ctx.TrH("admin.admin_panel"))
+	ctx.SetData("adminHeaderPage", "invitations")
+
+	var invitations []*db.Invitation
+	var err error
+	if invitations, err = db.GetAllInvitations(); err != nil {
+		return ctx.ErrorRes(500, "Cannot get invites", err)
+	}
+
+	ctx.SetData("invitations", invitations)
+	return ctx.Html("admin_invitations.html")
+}
+
+func AdminInvitationsCreate(ctx *context.Context) error {
+	code := ctx.FormValue("code")
+	nbMax, err := strconv.ParseUint(ctx.FormValue("nbMax"), 10, 64)
+	if err != nil {
+		nbMax = 10
+	}
+
+	expiresAtUnix, err := strconv.ParseInt(ctx.FormValue("expiredAtUnix"), 10, 64)
+	if err != nil {
+		expiresAtUnix = time.Now().Unix() + 604800 // 1 week
+	}
+
+	invitation := &db.Invitation{
+		Code:      code,
+		ExpiresAt: expiresAtUnix,
+		NbMax:     uint(nbMax),
+	}
+
+	if err := invitation.Create(); err != nil {
+		return ctx.ErrorRes(500, "Cannot create invitation", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.admin.invitation-created"), "success")
+	return ctx.RedirectTo("/admin-panel/invitations")
+}
+
+func AdminInvitationsDelete(ctx *context.Context) error {
+	id, _ := strconv.ParseUint(ctx.Param("id"), 10, 64)
+	invitation, err := db.GetInvitationByID(uint(id))
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot retrieve invitation", err)
+	}
+
+	if err := invitation.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete this invitation", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.admin.invitation-deleted"), "success")
+	return ctx.RedirectTo("/admin-panel/invitations")
+}
--- a/internal/web/handlers/auth.go
+++ b/internal/web/handlers/auth.go
@ -0,0 +1,17 @@
+package handlers
+
+import (
+	"github.com/thomiceli/opengist/internal/web/context"
+)
+
+type ContextAuthInfo struct {
+	Context *context.Context
+}
+
+func (auth ContextAuthInfo) RequireLogin() (bool, error) {
+	return auth.Context.GetData("RequireLogin") == true, nil
+}
+
+func (auth ContextAuthInfo) AllowGistsWithoutLogin() (bool, error) {
+	return auth.Context.GetData("AllowGistsWithoutLogin") == true, nil
+}
--- a/internal/web/handlers/auth/mfa.go
+++ b/internal/web/handlers/auth/mfa.go
@ -0,0 +1,22 @@
+package auth
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+)
+
+func Mfa(ctx *context.Context) error {
+	var err error
+
+	user := db.User{ID: ctx.GetSession().Values["mfaID"].(uint)}
+
+	var hasWebauthn, hasTotp bool
+	if hasWebauthn, hasTotp, err = user.HasMFA(); err != nil {
+		return ctx.ErrorRes(500, "Cannot check for user MFA", err)
+	}
+
+	ctx.SetData("hasWebauthn", hasWebauthn)
+	ctx.SetData("hasTotp", hasTotp)
+
+	return ctx.Html("mfa.html")
+}
--- a/internal/web/handlers/auth/oauth.go
+++ b/internal/web/handlers/auth/oauth.go
@ -0,0 +1,166 @@
+package auth
+
+import (
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/auth/oauth"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
+	"gorm.io/gorm"
+	"strings"
+)
+
+func Oauth(ctx *context.Context) error {
+	providerStr := ctx.Param("provider")
+
+	httpProtocol := "http"
+	if ctx.Request().TLS != nil || ctx.Request().Header.Get("X-Forwarded-Proto") == "https" {
+		httpProtocol = "https"
+	}
+
+	forwarded_hdr := ctx.Request().Header.Get("Forwarded")
+	if forwarded_hdr != "" {
+		fields := strings.Split(forwarded_hdr, ";")
+		fwd := make(map[string]string)
+		for _, v := range fields {
+			p := strings.Split(v, "=")
+			fwd[p[0]] = p[1]
+		}
+		val, ok := fwd["proto"]
+		if ok && val == "https" {
+			httpProtocol = "https"
+		}
+	}
+
+	var opengistUrl string
+	if config.C.ExternalUrl != "" {
+		opengistUrl = config.C.ExternalUrl
+	} else {
+		opengistUrl = httpProtocol + "://" + ctx.Request().Host
+	}
+
+	provider, err := oauth.DefineProvider(providerStr, opengistUrl)
+	if err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.oauth-unsupported"), nil)
+	}
+
+	if err = provider.RegisterProvider(); err != nil {
+		return ctx.ErrorRes(500, "Cannot create provider", err)
+	}
+
+	provider.BeginAuthHandler(ctx)
+	return nil
+}
+
+func OauthCallback(ctx *context.Context) error {
+	provider, err := oauth.CompleteUserAuth(ctx)
+	if err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.complete-oauth-login", err.Error()), err)
+	}
+
+	currUser := ctx.User
+	// if user is logged in, link account to user and update its avatar URL
+	if currUser != nil {
+		provider.UpdateUserDB(currUser)
+
+		if err = currUser.Update(); err != nil {
+			return ctx.ErrorRes(500, "Cannot update user "+cases.Title(language.English).String(provider.GetProvider())+" id", err)
+		}
+
+		ctx.AddFlash(ctx.Tr("flash.auth.account-linked-oauth", cases.Title(language.English).String(provider.GetProvider())), "success")
+		return ctx.RedirectTo("/settings")
+	}
+
+	user := provider.GetProviderUser()
+	userDB, err := db.GetUserByProvider(user.UserID, provider.GetProvider())
+	// if user is not in database, create it
+	if err != nil {
+		if ctx.GetData("DisableSignup") == true {
+			return ctx.ErrorRes(403, ctx.Tr("error.signup-disabled"), nil)
+		}
+
+		if !errors.Is(err, gorm.ErrRecordNotFound) {
+			return ctx.ErrorRes(500, "Cannot get user", err)
+		}
+
+		if user.NickName == "" {
+			user.NickName = strings.Split(user.Email, "@")[0]
+		}
+
+		userDB = &db.User{
+			Username: user.NickName,
+			Email:    user.Email,
+			MD5Hash:  fmt.Sprintf("%x", md5.Sum([]byte(strings.ToLower(strings.TrimSpace(user.Email))))),
+		}
+
+		// set provider id and avatar URL
+		provider.UpdateUserDB(userDB)
+
+		if err = userDB.Create(); err != nil {
+			if db.IsUniqueConstraintViolation(err) {
+				ctx.AddFlash(ctx.Tr("flash.auth.username-exists"), "error")
+				return ctx.RedirectTo("/login")
+			}
+
+			return ctx.ErrorRes(500, "Cannot create user", err)
+		}
+
+		if userDB.ID == 1 {
+			if err = userDB.SetAdmin(); err != nil {
+				return ctx.ErrorRes(500, "Cannot set user admin", err)
+			}
+		}
+
+		keys, err := provider.GetProviderUserSSHKeys()
+		if err != nil {
+			ctx.AddFlash(ctx.Tr("flash.auth.user-sshkeys-not-retrievable"), "error")
+			log.Error().Err(err).Msg("Could not get user keys")
+		} else {
+			for _, key := range keys {
+				sshKey := db.SSHKey{
+					Title:   "Added from " + user.Provider,
+					Content: key,
+					User:    *userDB,
+				}
+
+				if err = sshKey.Create(); err != nil {
+					ctx.AddFlash(ctx.Tr("flash.auth.user-sshkeys-not-created"), "error")
+					log.Error().Err(err).Msg("Could not create ssh key")
+				}
+			}
+		}
+	}
+
+	sess := ctx.GetSession()
+	sess.Values["user"] = userDB.ID
+	ctx.SaveSession(sess)
+	ctx.DeleteCsrfCookie()
+
+	return ctx.RedirectTo("/")
+}
+
+func OauthUnlink(ctx *context.Context) error {
+	providerStr := ctx.Param("provider")
+	provider, err := oauth.DefineProvider(ctx.Param("provider"), "")
+	if err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.oauth-unsupported"), nil)
+	}
+
+	currUser := ctx.User
+
+	if provider.UserHasProvider(currUser) {
+		if err := currUser.DeleteProviderID(providerStr); err != nil {
+			return ctx.ErrorRes(500, "Cannot unlink account from "+cases.Title(language.English).String(providerStr), err)
+		}
+
+		ctx.AddFlash(ctx.Tr("flash.auth.account-unlinked-oauth", cases.Title(language.English).String(providerStr)), "success")
+		return ctx.RedirectTo("/settings")
+	}
+
+	return ctx.RedirectTo("/settings")
+}
--- a/internal/web/handlers/auth/password.go
+++ b/internal/web/handlers/auth/password.go
@ -0,0 +1,170 @@
+package auth
+
+import (
+	"errors"
+	"github.com/rs/zerolog/log"
+	passwordpkg "github.com/thomiceli/opengist/internal/auth/password"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/i18n"
+	"github.com/thomiceli/opengist/internal/validator"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"gorm.io/gorm"
+)
+
+func Register(ctx *context.Context) error {
+	disableSignup := ctx.GetData("DisableSignup")
+	disableForm := ctx.GetData("DisableLoginForm")
+
+	code := ctx.QueryParam("code")
+	if code != "" {
+		if invitation, err := db.GetInvitationByCode(code); err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+			return ctx.ErrorRes(500, "Cannot check for invitation code", err)
+		} else if invitation != nil && invitation.IsUsable() {
+			disableSignup = false
+		}
+	}
+
+	ctx.SetData("title", ctx.TrH("auth.new-account"))
+	ctx.SetData("htmlTitle", ctx.TrH("auth.new-account"))
+	ctx.SetData("disableForm", disableForm)
+	ctx.SetData("disableSignup", disableSignup)
+	ctx.SetData("isLoginPage", false)
+	return ctx.Html("auth_form.html")
+}
+
+func ProcessRegister(ctx *context.Context) error {
+	disableSignup := ctx.GetData("DisableSignup")
+
+	code := ctx.QueryParam("code")
+	invitation, err := db.GetInvitationByCode(code)
+	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		return ctx.ErrorRes(500, "Cannot check for invitation code", err)
+	} else if invitation.ID != 0 && invitation.IsUsable() {
+		disableSignup = false
+	}
+
+	if disableSignup == true {
+		return ctx.ErrorRes(403, ctx.Tr("error.signup-disabled"), nil)
+	}
+
+	if ctx.GetData("DisableLoginForm") == true {
+		return ctx.ErrorRes(403, ctx.Tr("error.signup-disabled-form"), nil)
+	}
+
+	ctx.SetData("title", ctx.TrH("auth.new-account"))
+	ctx.SetData("htmlTitle", ctx.TrH("auth.new-account"))
+
+	sess := ctx.GetSession()
+
+	dto := new(db.UserDTO)
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+
+	if err := ctx.Validate(dto); err != nil {
+		ctx.AddFlash(validator.ValidationMessages(&err, ctx.GetData("locale").(*i18n.Locale)), "error")
+		return ctx.Html("auth_form.html")
+	}
+
+	if exists, err := db.UserExists(dto.Username); err != nil || exists {
+		ctx.AddFlash(ctx.Tr("flash.auth.username-exists"), "error")
+		return ctx.Html("auth_form.html")
+	}
+
+	user := dto.ToUser()
+
+	password, err := passwordpkg.HashPassword(user.Password)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot hash password", err)
+	}
+	user.Password = password
+
+	if err = user.Create(); err != nil {
+		return ctx.ErrorRes(500, "Cannot create user", err)
+	}
+
+	if user.ID == 1 {
+		if err = user.SetAdmin(); err != nil {
+			return ctx.ErrorRes(500, "Cannot set user admin", err)
+		}
+	}
+
+	if invitation.ID != 0 {
+		if err := invitation.Use(); err != nil {
+			return ctx.ErrorRes(500, "Cannot use invitation", err)
+		}
+	}
+
+	sess.Values["user"] = user.ID
+	ctx.SaveSession(sess)
+
+	return ctx.RedirectTo("/")
+}
+
+func Login(ctx *context.Context) error {
+	ctx.SetData("title", ctx.TrH("auth.login"))
+	ctx.SetData("htmlTitle", ctx.TrH("auth.login"))
+	ctx.SetData("disableForm", ctx.GetData("DisableLoginForm"))
+	ctx.SetData("isLoginPage", true)
+	return ctx.Html("auth_form.html")
+}
+
+func ProcessLogin(ctx *context.Context) error {
+	if ctx.GetData("DisableLoginForm") == true {
+		return ctx.ErrorRes(403, ctx.Tr("error.login-disabled-form"), nil)
+	}
+
+	var err error
+	sess := ctx.GetSession()
+
+	dto := &db.UserDTO{}
+	if err = ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+	password := dto.Password
+
+	var user *db.User
+
+	if user, err = db.GetUserByUsername(dto.Username); err != nil {
+		if !errors.Is(err, gorm.ErrRecordNotFound) {
+			return ctx.ErrorRes(500, "Cannot get user", err)
+		}
+		log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
+		ctx.AddFlash(ctx.Tr("flash.auth.invalid-credentials"), "error")
+		return ctx.RedirectTo("/login")
+	}
+
+	if ok, err := passwordpkg.VerifyPassword(password, user.Password); !ok {
+		if err != nil {
+			return ctx.ErrorRes(500, "Cannot check for password", err)
+		}
+		log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
+		ctx.AddFlash(ctx.Tr("flash.auth.invalid-credentials"), "error")
+		return ctx.RedirectTo("/login")
+	}
+
+	// handle MFA
+	var hasWebauthn, hasTotp bool
+	if hasWebauthn, hasTotp, err = user.HasMFA(); err != nil {
+		return ctx.ErrorRes(500, "Cannot check for user MFA", err)
+	}
+	if hasWebauthn || hasTotp {
+		sess.Values["mfaID"] = user.ID
+		sess.Options.MaxAge = 5 * 60 // 5 minutes
+		ctx.SaveSession(sess)
+		return ctx.RedirectTo("/mfa")
+	}
+
+	sess.Values["user"] = user.ID
+	sess.Options.MaxAge = 60 * 60 * 24 * 365 // 1 year
+	ctx.SaveSession(sess)
+	ctx.DeleteCsrfCookie()
+
+	return ctx.RedirectTo("/")
+}
+
+func Logout(ctx *context.Context) error {
+	ctx.DeleteSession()
+	ctx.DeleteCsrfCookie()
+	return ctx.RedirectTo("/all")
+}
--- a/internal/web/handlers/auth/totp.go
+++ b/internal/web/handlers/auth/totp.go
@ -0,0 +1,177 @@
+package auth
+
+import (
+	"github.com/thomiceli/opengist/internal/auth/totp"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"net/url"
+)
+
+func BeginTotp(ctx *context.Context) error {
+	user := ctx.User
+
+	if _, hasTotp, err := user.HasMFA(); err != nil {
+		return ctx.ErrorRes(500, "Cannot check for user MFA", err)
+	} else if hasTotp {
+		ctx.AddFlash(ctx.Tr("auth.totp.already-enabled"), "error")
+		return ctx.RedirectTo("/settings")
+	}
+
+	ogUrl, err := url.Parse(ctx.GetData("baseHttpUrl").(string))
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot parse base URL", err)
+	}
+
+	sess := ctx.GetSession()
+	generatedSecret, _ := sess.Values["generatedSecret"].([]byte)
+
+	totpSecret, qrcode, err, generatedSecret := totp.GenerateQRCode(ctx.User.Username, ogUrl.Hostname(), generatedSecret)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot generate TOTP QR code", err)
+	}
+	sess.Values["totpSecret"] = totpSecret
+	sess.Values["generatedSecret"] = generatedSecret
+	ctx.SaveSession(sess)
+
+	ctx.SetData("totpSecret", totpSecret)
+	ctx.SetData("totpQrcode", qrcode)
+
+	return ctx.Html("totp.html")
+
+}
+
+func FinishTotp(ctx *context.Context) error {
+	user := ctx.User
+
+	if _, hasTotp, err := user.HasMFA(); err != nil {
+		return ctx.ErrorRes(500, "Cannot check for user MFA", err)
+	} else if hasTotp {
+		ctx.AddFlash(ctx.Tr("auth.totp.already-enabled"), "error")
+		return ctx.RedirectTo("/settings")
+	}
+
+	dto := &db.TOTPDTO{}
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+
+	if err := ctx.Validate(dto); err != nil {
+		ctx.AddFlash("Invalid secret", "error")
+		return ctx.RedirectTo("/settings/totp/generate")
+	}
+
+	sess := ctx.GetSession()
+	secret, ok := sess.Values["totpSecret"].(string)
+	if !ok {
+		return ctx.ErrorRes(500, "Cannot get TOTP secret from session", nil)
+	}
+
+	if !totp.Validate(dto.Code, secret) {
+		ctx.AddFlash(ctx.Tr("auth.totp.invalid-code"), "error")
+
+		return ctx.RedirectTo("/settings/totp/generate")
+	}
+
+	userTotp := &db.TOTP{
+		UserID: ctx.User.ID,
+	}
+	if err := userTotp.StoreSecret(secret); err != nil {
+		return ctx.ErrorRes(500, "Cannot store TOTP secret", err)
+	}
+
+	if err := userTotp.Create(); err != nil {
+		return ctx.ErrorRes(500, "Cannot create TOTP", err)
+	}
+
+	ctx.AddFlash("TOTP successfully enabled", "success")
+	codes, err := userTotp.GenerateRecoveryCodes()
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot generate recovery codes", err)
+	}
+
+	delete(sess.Values, "totpSecret")
+	delete(sess.Values, "generatedSecret")
+	ctx.SaveSession(sess)
+
+	ctx.SetData("recoveryCodes", codes)
+	return ctx.Html("totp.html")
+}
+
+func AssertTotp(ctx *context.Context) error {
+	var err error
+	dto := &db.TOTPDTO{}
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+
+	if err := ctx.Validate(dto); err != nil {
+		ctx.AddFlash(ctx.Tr("auth.totp.invalid-code"), "error")
+		return ctx.RedirectTo("/mfa")
+	}
+
+	sess := ctx.GetSession()
+	userId := sess.Values["mfaID"].(uint)
+	var userTotp *db.TOTP
+	if userTotp, err = db.GetTOTPByUserID(userId); err != nil {
+		return ctx.ErrorRes(500, "Cannot get TOTP by UID", err)
+	}
+
+	redirectUrl := "/"
+
+	var validCode, validRecoveryCode bool
+	if validCode, err = userTotp.ValidateCode(dto.Code); err != nil {
+		return ctx.ErrorRes(500, "Cannot validate TOTP code", err)
+	}
+	if !validCode {
+		validRecoveryCode, err = userTotp.ValidateRecoveryCode(dto.Code)
+		if err != nil {
+			return ctx.ErrorRes(500, "Cannot validate TOTP code", err)
+		}
+
+		if !validRecoveryCode {
+			ctx.AddFlash(ctx.Tr("auth.totp.invalid-code"), "error")
+			return ctx.RedirectTo("/mfa")
+		}
+
+		ctx.AddFlash(ctx.Tr("auth.totp.code-used", dto.Code), "warning")
+		redirectUrl = "/settings"
+	}
+
+	sess.Values["user"] = userId
+	sess.Options.MaxAge = 60 * 60 * 24 * 365 // 1 year
+	delete(sess.Values, "mfaID")
+	ctx.SaveSession(sess)
+
+	return ctx.RedirectTo(redirectUrl)
+}
+
+func DisableTotp(ctx *context.Context) error {
+	user := ctx.User
+	userTotp, err := db.GetTOTPByUserID(user.ID)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get TOTP by UID", err)
+	}
+
+	if err = userTotp.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete TOTP", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("auth.totp.disabled"), "success")
+	return ctx.RedirectTo("/settings")
+}
+
+func RegenerateTotpRecoveryCodes(ctx *context.Context) error {
+	user := ctx.User
+	userTotp, err := db.GetTOTPByUserID(user.ID)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get TOTP by UID", err)
+	}
+
+	codes, err := userTotp.GenerateRecoveryCodes()
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot generate recovery codes", err)
+	}
+
+	ctx.SetData("recoveryCodes", codes)
+	return ctx.Html("totp.html")
+}
--- a/internal/web/handlers/auth/webauthn.go
+++ b/internal/web/handlers/auth/webauthn.go
@ -0,0 +1,151 @@
+package auth
+
+import (
+	"bytes"
+	gojson "encoding/json"
+	"github.com/thomiceli/opengist/internal/auth/webauthn"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"io"
+)
+
+func BeginWebAuthnBinding(ctx *context.Context) error {
+	credsCreation, jsonWaSession, err := webauthn.BeginBinding(ctx.User)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot begin WebAuthn registration", err)
+	}
+
+	sess := ctx.GetSession()
+	sess.Values["webauthn_registration_session"] = jsonWaSession
+	sess.Options.MaxAge = 5 * 60 // 5 minutes
+	ctx.SaveSession(sess)
+
+	return ctx.JSON(200, credsCreation)
+}
+
+func FinishWebAuthnBinding(ctx *context.Context) error {
+	sess := ctx.GetSession()
+	jsonWaSession, ok := sess.Values["webauthn_registration_session"].([]byte)
+	if !ok {
+		return ctx.ErrorRes(401, "Cannot get WebAuthn registration session", nil)
+	}
+
+	user := ctx.User
+
+	// extract passkey name from request
+	body, err := io.ReadAll(ctx.Request().Body)
+	if err != nil {
+		return ctx.ErrorRes(400, "Failed to read request body", err)
+	}
+	ctx.Request().Body.Close()
+	ctx.Request().Body = io.NopCloser(bytes.NewBuffer(body))
+
+	dto := new(db.CrendentialDTO)
+	_ = gojson.Unmarshal(body, &dto)
+
+	if err = ctx.Validate(dto); err != nil {
+		return ctx.ErrorRes(400, "Invalid request", err)
+	}
+	passkeyName := dto.PasskeyName
+	if passkeyName == "" {
+		passkeyName = "WebAuthn"
+	}
+
+	waCredential, err := webauthn.FinishBinding(user, jsonWaSession, ctx.Request())
+	if err != nil {
+		return ctx.ErrorRes(403, "Failed binding attempt for passkey", err)
+	}
+
+	if _, err = db.CreateFromCrendential(user.ID, passkeyName, waCredential); err != nil {
+		return ctx.ErrorRes(500, "Cannot create WebAuthn credential on database", err)
+	}
+
+	delete(sess.Values, "webauthn_registration_session")
+	ctx.SaveSession(sess)
+
+	ctx.AddFlash(ctx.Tr("flash.auth.passkey-registred", passkeyName), "success")
+	return ctx.Json([]string{"OK"})
+}
+
+func BeginWebAuthnLogin(ctx *context.Context) error {
+	credsCreation, jsonWaSession, err := webauthn.BeginDiscoverableLogin()
+	if err != nil {
+		return ctx.ErrorRes(401, "Cannot begin WebAuthn login", err)
+	}
+
+	sess := ctx.GetSession()
+	sess.Values["webauthn_login_session"] = jsonWaSession
+	sess.Options.MaxAge = 5 * 60 // 5 minutes
+	ctx.SaveSession(sess)
+
+	return ctx.Json(credsCreation)
+}
+
+func FinishWebAuthnLogin(ctx *context.Context) error {
+	sess := ctx.GetSession()
+	sessionData, ok := sess.Values["webauthn_login_session"].([]byte)
+	if !ok {
+		return ctx.ErrorRes(401, "Cannot get WebAuthn login session", nil)
+	}
+
+	userID, err := webauthn.FinishDiscoverableLogin(sessionData, ctx.Request())
+	if err != nil {
+		return ctx.ErrorRes(403, "Failed authentication attempt for passkey", err)
+	}
+
+	sess.Values["user"] = userID
+	sess.Options.MaxAge = 60 * 60 * 24 * 365 // 1 year
+
+	delete(sess.Values, "webauthn_login_session")
+	ctx.SaveSession(sess)
+
+	return ctx.Json([]string{"OK"})
+}
+
+func BeginWebAuthnAssertion(ctx *context.Context) error {
+	sess := ctx.GetSession()
+
+	ogUser, err := db.GetUserById(sess.Values["mfaID"].(uint))
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get user", err)
+	}
+
+	credsCreation, jsonWaSession, err := webauthn.BeginLogin(ogUser)
+	if err != nil {
+		return ctx.ErrorRes(401, "Cannot begin WebAuthn login", err)
+	}
+
+	sess.Values["webauthn_assertion_session"] = jsonWaSession
+	sess.Options.MaxAge = 5 * 60 // 5 minutes
+	ctx.SaveSession(sess)
+
+	return ctx.Json(credsCreation)
+}
+
+func FinishWebAuthnAssertion(ctx *context.Context) error {
+	sess := ctx.GetSession()
+	sessionData, ok := sess.Values["webauthn_assertion_session"].([]byte)
+	if !ok {
+		return ctx.ErrorRes(401, "Cannot get WebAuthn assertion session", nil)
+	}
+
+	userId := sess.Values["mfaID"].(uint)
+
+	ogUser, err := db.GetUserById(userId)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get user", err)
+	}
+
+	if err = webauthn.FinishLogin(ogUser, sessionData, ctx.Request()); err != nil {
+		return ctx.ErrorRes(403, "Failed authentication attempt for passkey", err)
+	}
+
+	sess.Values["user"] = userId
+	sess.Options.MaxAge = 60 * 60 * 24 * 365 // 1 year
+
+	delete(sess.Values, "webauthn_assertion_session")
+	delete(sess.Values, "mfaID")
+	ctx.SaveSession(sess)
+
+	return ctx.Json([]string{"OK"})
+}
--- a/internal/web/handlers/gist/all.go
+++ b/internal/web/handlers/gist/all.go
@ -0,0 +1,209 @@
+package gist
+
+import (
+	"errors"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/index"
+	"github.com/thomiceli/opengist/internal/render"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"github.com/thomiceli/opengist/internal/web/handlers"
+	"gorm.io/gorm"
+	"html/template"
+	"regexp"
+	"strings"
+)
+
+func AllGists(ctx *context.Context) error {
+	var err error
+	var urlPage string
+
+	fromUserStr := ctx.Param("user")
+	userLogged := ctx.User
+	pageInt := handlers.GetPage(ctx)
+
+	sort := "created"
+	sortText := ctx.TrH("gist.list.sort-by-created")
+	order := "desc"
+	orderText := ctx.TrH("gist.list.order-by-desc")
+
+	if ctx.QueryParam("sort") == "updated" {
+		sort = "updated"
+		sortText = ctx.TrH("gist.list.sort-by-updated")
+	}
+
+	if ctx.QueryParam("order") == "asc" {
+		order = "asc"
+		orderText = ctx.TrH("gist.list.order-by-asc")
+	}
+
+	ctx.SetData("sort", sortText)
+	ctx.SetData("order", orderText)
+
+	var gists []*db.Gist
+	var currentUserId uint
+	if userLogged != nil {
+		currentUserId = userLogged.ID
+	} else {
+		currentUserId = 0
+	}
+
+	if fromUserStr == "" {
+		urlctx := ctx.Request().URL.Path
+		if strings.HasSuffix(urlctx, "search") {
+			ctx.SetData("htmlTitle", ctx.TrH("gist.list.search-results"))
+			ctx.SetData("mode", "search")
+			ctx.SetData("searchQuery", ctx.QueryParam("q"))
+			ctx.SetData("searchQueryUrl", template.URL("&q="+ctx.QueryParam("q")))
+			urlPage = "search"
+			gists, err = db.GetAllGistsFromSearch(currentUserId, ctx.QueryParam("q"), pageInt-1, sort, order)
+		} else if strings.HasSuffix(urlctx, "all") {
+			ctx.SetData("htmlTitle", ctx.TrH("gist.list.all"))
+			ctx.SetData("mode", "all")
+			urlPage = "all"
+			gists, err = db.GetAllGistsForCurrentUser(currentUserId, pageInt-1, sort, order)
+		}
+	} else {
+		liked := false
+		forked := false
+
+		liked, err = regexp.MatchString(`/[^/]*/liked`, ctx.Request().URL.Path)
+		if err != nil {
+			return ctx.ErrorRes(500, "Error matching regexp", err)
+		}
+
+		forked, err = regexp.MatchString(`/[^/]*/forked`, ctx.Request().URL.Path)
+		if err != nil {
+			return ctx.ErrorRes(500, "Error matching regexp", err)
+		}
+
+		var fromUser *db.User
+
+		fromUser, err = db.GetUserByUsername(fromUserStr)
+		if err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				return ctx.NotFound("User not found")
+			}
+			return ctx.ErrorRes(500, "Error fetching user", err)
+		}
+		ctx.SetData("fromUser", fromUser)
+
+		if countFromUser, err := db.CountAllGistsFromUser(fromUser.ID, currentUserId); err != nil {
+			return ctx.ErrorRes(500, "Error counting gists", err)
+		} else {
+			ctx.SetData("countFromUser", countFromUser)
+		}
+
+		if countLiked, err := db.CountAllGistsLikedByUser(fromUser.ID, currentUserId); err != nil {
+			return ctx.ErrorRes(500, "Error counting liked gists", err)
+		} else {
+			ctx.SetData("countLiked", countLiked)
+		}
+
+		if countForked, err := db.CountAllGistsForkedByUser(fromUser.ID, currentUserId); err != nil {
+			return ctx.ErrorRes(500, "Error counting forked gists", err)
+		} else {
+			ctx.SetData("countForked", countForked)
+		}
+
+		if liked {
+			urlPage = fromUserStr + "/liked"
+			ctx.SetData("htmlTitle", ctx.TrH("gist.list.all-liked-by", fromUserStr))
+			ctx.SetData("mode", "liked")
+			gists, err = db.GetAllGistsLikedByUser(fromUser.ID, currentUserId, pageInt-1, sort, order)
+		} else if forked {
+			urlPage = fromUserStr + "/forked"
+			ctx.SetData("htmlTitle", ctx.TrH("gist.list.all-forked-by", fromUserStr))
+			ctx.SetData("mode", "forked")
+			gists, err = db.GetAllGistsForkedByUser(fromUser.ID, currentUserId, pageInt-1, sort, order)
+		} else {
+			urlPage = fromUserStr
+			ctx.SetData("htmlTitle", ctx.TrH("gist.list.all-from", fromUserStr))
+			ctx.SetData("mode", "fromUser")
+			gists, err = db.GetAllGistsFromUser(fromUser.ID, currentUserId, pageInt-1, sort, order)
+		}
+	}
+
+	renderedGists := make([]*render.RenderedGist, 0, len(gists))
+	for _, gist := range gists {
+		rendered, err := render.HighlightGistPreview(gist)
+		if err != nil {
+			log.Error().Err(err).Msg("Error rendering gist preview for " + gist.Identifier() + " - " + gist.PreviewFilename)
+		}
+		renderedGists = append(renderedGists, &rendered)
+	}
+
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching gists", err)
+	}
+
+	if err = handlers.Paginate(ctx, renderedGists, pageInt, 10, "gists", fromUserStr, 2, "&sort="+sort+"&order="+order); err != nil {
+		return ctx.ErrorRes(404, ctx.Tr("error.page-not-found"), nil)
+	}
+
+	ctx.SetData("urlPage", urlPage)
+	return ctx.Html("all.html")
+}
+
+func Search(ctx *context.Context) error {
+	var err error
+
+	content, meta := handlers.ParseSearchQueryStr(ctx.QueryParam("q"))
+	pageInt := handlers.GetPage(ctx)
+
+	var currentUserId uint
+	userLogged := ctx.User
+	if userLogged != nil {
+		currentUserId = userLogged.ID
+	} else {
+		currentUserId = 0
+	}
+
+	var visibleGistsIds []uint
+	visibleGistsIds, err = db.GetAllGistsVisibleByUser(currentUserId)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching gists", err)
+	}
+
+	gistsIds, nbHits, langs, err := index.SearchGists(content, index.SearchGistMetadata{
+		Username:  meta["user"],
+		Title:     meta["title"],
+		Filename:  meta["filename"],
+		Extension: meta["extension"],
+		Language:  meta["language"],
+	}, visibleGistsIds, pageInt)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error searching gists", err)
+	}
+
+	gists, err := db.GetAllGistsByIds(gistsIds)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching gists", err)
+	}
+
+	renderedGists := make([]*render.RenderedGist, 0, len(gists))
+	for _, gist := range gists {
+		rendered, err := render.HighlightGistPreview(gist)
+		if err != nil {
+			log.Error().Err(err).Msg("Error rendering gist preview for " + gist.Identifier() + " - " + gist.PreviewFilename)
+		}
+		renderedGists = append(renderedGists, &rendered)
+	}
+
+	if pageInt > 1 && len(renderedGists) != 0 {
+		ctx.SetData("prevPage", pageInt-1)
+	}
+	if 10*pageInt < int(nbHits) {
+		ctx.SetData("nextPage", pageInt+1)
+	}
+	ctx.SetData("prevLabel", ctx.TrH("pagination.previous"))
+	ctx.SetData("nextLabel", ctx.TrH("pagination.next"))
+	ctx.SetData("urlPage", "search")
+	ctx.SetData("urlParams", template.URL("&q="+ctx.QueryParam("q")))
+	ctx.SetData("htmlTitle", ctx.TrH("gist.list.search-results"))
+	ctx.SetData("nbHits", nbHits)
+	ctx.SetData("gists", renderedGists)
+	ctx.SetData("langs", langs)
+	ctx.SetData("searchQuery", ctx.QueryParam("q"))
+	return ctx.Html("search.html")
+}
--- a/internal/web/handlers/gist/create.go
+++ b/internal/web/handlers/gist/create.go
@ -0,0 +1,141 @@
+package gist
+
+import (
+	"github.com/google/uuid"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/i18n"
+	"github.com/thomiceli/opengist/internal/validator"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+func Create(ctx *context.Context) error {
+	ctx.SetData("htmlTitle", ctx.TrH("gist.new.create-a-new-gist"))
+	return ctx.Html("create.html")
+}
+
+func ProcessCreate(ctx *context.Context) error {
+	isCreate := false
+	if ctx.Request().URL.Path == "/" {
+		isCreate = true
+	}
+
+	err := ctx.Request().ParseForm()
+	if err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.bad-request"), err)
+	}
+
+	dto := new(db.GistDTO)
+	var gist *db.Gist
+
+	if isCreate {
+		ctx.SetData("htmlTitle", ctx.TrH("gist.new.create-a-new-gist"))
+	} else {
+		gist = ctx.GetData("gist").(*db.Gist)
+		ctx.SetData("htmlTitle", ctx.TrH("gist.edit.edit-gist", gist.Title))
+	}
+
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+
+	dto.Files = make([]db.FileDTO, 0)
+	fileCounter := 0
+	for i := 0; i < len(ctx.Request().PostForm["content"]); i++ {
+		name := ctx.Request().PostForm["name"][i]
+		content := ctx.Request().PostForm["content"][i]
+
+		if name == "" {
+			fileCounter += 1
+			name = "gistfile" + strconv.Itoa(fileCounter) + ".txt"
+		}
+
+		escapedValue, err := url.QueryUnescape(content)
+		if err != nil {
+			return ctx.ErrorRes(400, ctx.Tr("error.invalid-character-unescaped"), err)
+		}
+
+		dto.Files = append(dto.Files, db.FileDTO{
+			Filename: strings.Trim(name, " "),
+			Content:  escapedValue,
+		})
+	}
+
+	err = ctx.Validate(dto)
+	if err != nil {
+		ctx.AddFlash(validator.ValidationMessages(&err, ctx.GetData("locale").(*i18n.Locale)), "error")
+		if isCreate {
+			return ctx.Html("create.html")
+		} else {
+			files, err := gist.Files("HEAD", false)
+			if err != nil {
+				return ctx.ErrorRes(500, "Error fetching files", err)
+			}
+			ctx.SetData("files", files)
+			return ctx.Html("edit.html")
+		}
+	}
+
+	if isCreate {
+		gist = dto.ToGist()
+	} else {
+		gist = dto.ToExistingGist(gist)
+	}
+
+	user := ctx.User
+	gist.NbFiles = len(dto.Files)
+
+	if isCreate {
+		uuidGist, err := uuid.NewRandom()
+		if err != nil {
+			return ctx.ErrorRes(500, "Error creating an UUID", err)
+		}
+		gist.Uuid = strings.Replace(uuidGist.String(), "-", "", -1)
+
+		gist.UserID = user.ID
+		gist.User = *user
+	}
+
+	if gist.Title == "" {
+		if ctx.Request().PostForm["name"][0] == "" {
+			gist.Title = "gist:" + gist.Uuid
+		} else {
+			gist.Title = ctx.Request().PostForm["name"][0]
+		}
+	}
+
+	if len(dto.Files) > 0 {
+		split := strings.Split(dto.Files[0].Content, "\n")
+		if len(split) > 10 {
+			gist.Preview = strings.Join(split[:10], "\n")
+		} else {
+			gist.Preview = dto.Files[0].Content
+		}
+
+		gist.PreviewFilename = dto.Files[0].Filename
+	}
+
+	if err = gist.InitRepository(); err != nil {
+		return ctx.ErrorRes(500, "Error creating the repository", err)
+	}
+
+	if err = gist.AddAndCommitFiles(&dto.Files); err != nil {
+		return ctx.ErrorRes(500, "Error adding and committing files", err)
+	}
+
+	if isCreate {
+		if err = gist.Create(); err != nil {
+			return ctx.ErrorRes(500, "Error creating the gist", err)
+		}
+	} else {
+		if err = gist.Update(); err != nil {
+			return ctx.ErrorRes(500, "Error updating the gist", err)
+		}
+	}
+
+	gist.AddInIndex()
+
+	return ctx.RedirectTo("/" + user.Username + "/" + gist.Identifier())
+}
--- a/internal/web/handlers/gist/delete.go
+++ b/internal/web/handlers/gist/delete.go
@ -0,0 +1,18 @@
+package gist
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+)
+
+func DeleteGist(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+
+	if err := gist.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Error deleting this gist", err)
+	}
+	gist.RemoveFromIndex()
+
+	ctx.AddFlash(ctx.Tr("flash.gist.deleted"), "success")
+	return ctx.RedirectTo("/")
+}
--- a/internal/web/handlers/gist/download.go
+++ b/internal/web/handlers/gist/download.go
@ -0,0 +1,90 @@
+package gist
+
+import (
+	"archive/zip"
+	"bytes"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"strconv"
+)
+
+func RawFile(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	file, err := gist.File(ctx.Param("revision"), ctx.Param("file"), false)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error getting file content", err)
+	}
+
+	if file == nil {
+		return ctx.NotFound("File not found")
+	}
+
+	return ctx.PlainText(200, file.Content)
+}
+
+func DownloadFile(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	file, err := gist.File(ctx.Param("revision"), ctx.Param("file"), false)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error getting file content", err)
+	}
+
+	if file == nil {
+		return ctx.NotFound("File not found")
+	}
+
+	ctx.Response().Header().Set("Content-Type", "text/plain")
+	ctx.Response().Header().Set("Content-Disposition", "attachment; filename="+file.Filename)
+	ctx.Response().Header().Set("Content-Length", strconv.Itoa(len(file.Content)))
+	_, err = ctx.Response().Write([]byte(file.Content))
+	if err != nil {
+		return ctx.ErrorRes(500, "Error downloading the file", err)
+	}
+
+	return nil
+}
+
+func DownloadZip(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	revision := ctx.Param("revision")
+
+	files, err := gist.Files(revision, false)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching files from repository", err)
+	}
+	if len(files) == 0 {
+		return ctx.NotFound("No files found in this revision")
+	}
+
+	zipFile := new(bytes.Buffer)
+
+	zipWriter := zip.NewWriter(zipFile)
+
+	for _, file := range files {
+		fh := &zip.FileHeader{
+			Name:   file.Filename,
+			Method: zip.Deflate,
+		}
+		f, err := zipWriter.CreateHeader(fh)
+		if err != nil {
+			return ctx.ErrorRes(500, "Error adding a file the to the zip archive", err)
+		}
+		_, err = f.Write([]byte(file.Content))
+		if err != nil {
+			return ctx.ErrorRes(500, "Error adding file content the to the zip archive", err)
+		}
+	}
+	err = zipWriter.Close()
+	if err != nil {
+		return ctx.ErrorRes(500, "Error closing the zip archive", err)
+	}
+
+	ctx.Response().Header().Set("Content-Type", "application/zip")
+	ctx.Response().Header().Set("Content-Disposition", "attachment; filename="+gist.Identifier()+".zip")
+	ctx.Response().Header().Set("Content-Length", strconv.Itoa(len(zipFile.Bytes())))
+	_, err = ctx.Response().Write(zipFile.Bytes())
+	if err != nil {
+		return ctx.ErrorRes(500, "Error writing the zip archive", err)
+	}
+	return nil
+}
--- a/internal/web/handlers/gist/edit.go
+++ b/internal/web/handlers/gist/edit.go
@ -0,0 +1,75 @@
+package gist
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/render"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"strconv"
+)
+
+func Edit(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+
+	files, err := gist.Files("HEAD", false)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching files from repository", err)
+	}
+
+	ctx.SetData("files", files)
+	ctx.SetData("htmlTitle", ctx.TrH("gist.edit.edit-gist", gist.Title))
+
+	return ctx.Html("edit.html")
+}
+
+func Checkbox(ctx *context.Context) error {
+	filename := ctx.FormValue("file")
+	checkboxNb := ctx.FormValue("checkbox")
+
+	i, err := strconv.Atoi(checkboxNb)
+	if err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.invalid-number"), nil)
+	}
+
+	gist := ctx.GetData("gist").(*db.Gist)
+	file, err := gist.File("HEAD", filename, false)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error getting file content", err)
+	} else if file == nil {
+		return ctx.NotFound("File not found")
+	}
+
+	markdown, err := render.Checkbox(file.Content, i)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error checking checkbox", err)
+	}
+
+	if err = gist.AddAndCommitFile(&db.FileDTO{
+		Filename: filename,
+		Content:  markdown,
+	}); err != nil {
+		return ctx.ErrorRes(500, "Error adding and committing files", err)
+	}
+
+	if err = gist.UpdatePreviewAndCount(true); err != nil {
+		return ctx.ErrorRes(500, "Error updating the gist", err)
+	}
+
+	return ctx.PlainText(200, "ok")
+}
+
+func EditVisibility(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+
+	dto := new(db.VisibilityDTO)
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+
+	gist.Private = dto.Private
+	if err := gist.UpdateNoTimestamps(); err != nil {
+		return ctx.ErrorRes(500, "Error updating this gist", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.gist.visibility-changed"), "success")
+	return ctx.RedirectTo("/" + gist.User.Username + "/" + gist.Identifier())
+}
--- a/internal/web/handlers/gist/fork.go
+++ b/internal/web/handlers/gist/fork.go
@ -0,0 +1,86 @@
+package gist
+
+import (
+	"errors"
+	"github.com/google/uuid"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"github.com/thomiceli/opengist/internal/web/handlers"
+	"gorm.io/gorm"
+	"strings"
+)
+
+func Fork(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	currentUser := ctx.User
+
+	alreadyForked, err := gist.GetForkParent(currentUser)
+	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		return ctx.ErrorRes(500, "Error checking if gist is already forked", err)
+	}
+
+	if gist.User.ID == currentUser.ID {
+		ctx.AddFlash(ctx.Tr("flash.gist.fork-own-gist"), "error")
+		return ctx.RedirectTo("/" + gist.User.Username + "/" + gist.Identifier())
+	}
+
+	if alreadyForked.ID != 0 {
+		return ctx.RedirectTo("/" + alreadyForked.User.Username + "/" + alreadyForked.Identifier())
+	}
+
+	uuidGist, err := uuid.NewRandom()
+	if err != nil {
+		return ctx.ErrorRes(500, "Error creating an UUID", err)
+	}
+
+	newGist := &db.Gist{
+		Uuid:            strings.Replace(uuidGist.String(), "-", "", -1),
+		Title:           gist.Title,
+		Preview:         gist.Preview,
+		PreviewFilename: gist.PreviewFilename,
+		Description:     gist.Description,
+		Private:         gist.Private,
+		UserID:          currentUser.ID,
+		ForkedID:        gist.ID,
+		NbFiles:         gist.NbFiles,
+	}
+
+	if err = newGist.CreateForked(); err != nil {
+		return ctx.ErrorRes(500, "Error forking the gist in database", err)
+	}
+
+	if err = gist.ForkClone(currentUser.Username, newGist.Uuid); err != nil {
+		return ctx.ErrorRes(500, "Error cloning the repository while forking", err)
+	}
+	if err = gist.IncrementForkCount(); err != nil {
+		return ctx.ErrorRes(500, "Error incrementing the fork count", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.gist.forked"), "success")
+
+	return ctx.RedirectTo("/" + currentUser.Username + "/" + newGist.Identifier())
+}
+
+func Forks(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	pageInt := handlers.GetPage(ctx)
+
+	currentUser := ctx.User
+	var fromUserID uint = 0
+	if currentUser != nil {
+		fromUserID = currentUser.ID
+	}
+
+	forks, err := gist.GetForks(fromUserID, pageInt-1)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error getting users who liked this gist", err)
+	}
+
+	if err = handlers.Paginate(ctx, forks, pageInt, 30, "forks", gist.User.Username+"/"+gist.Identifier()+"/forks", 2); err != nil {
+		return ctx.ErrorRes(404, ctx.Tr("error.page-not-found"), nil)
+	}
+
+	ctx.SetData("htmlTitle", ctx.TrH("gist.forks.for", gist.Title))
+	ctx.SetData("revision", "HEAD")
+	return ctx.Html("forks.html")
+}
--- a/internal/web/handlers/gist/gist.go
+++ b/internal/web/handlers/gist/gist.go
@ -0,0 +1,157 @@
+package gist
+
+import (
+	"bufio"
+	"bytes"
+	gojson "encoding/json"
+	"fmt"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/git"
+	"github.com/thomiceli/opengist/internal/render"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"net/url"
+	"time"
+)
+
+func GistIndex(ctx *context.Context) error {
+	if ctx.GetData("gistpage") == "js" {
+		return GistJs(ctx)
+	} else if ctx.GetData("gistpage") == "json" {
+		return GistJson(ctx)
+	}
+
+	gist := ctx.GetData("gist").(*db.Gist)
+	revision := ctx.Param("revision")
+
+	if revision == "" {
+		revision = "HEAD"
+	}
+
+	files, err := gist.Files(revision, true)
+	if _, ok := err.(*git.RevisionNotFoundError); ok {
+		return ctx.NotFound("Revision not found")
+	} else if err != nil {
+		return ctx.ErrorRes(500, "Error fetching files", err)
+	}
+
+	renderedFiles := render.HighlightFiles(files)
+
+	ctx.SetData("page", "code")
+	ctx.SetData("commit", revision)
+	ctx.SetData("files", renderedFiles)
+	ctx.SetData("revision", revision)
+	ctx.SetData("htmlTitle", gist.Title)
+	return ctx.Html("gist.html")
+}
+
+func GistJson(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	files, err := gist.Files("HEAD", true)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching files", err)
+	}
+
+	renderedFiles := render.HighlightFiles(files)
+	ctx.SetData("files", renderedFiles)
+
+	htmlbuf := bytes.Buffer{}
+	w := bufio.NewWriter(&htmlbuf)
+	if err = ctx.Echo().Renderer.Render(w, "gist_embed.html", ctx.DataMap(), ctx); err != nil {
+		return err
+	}
+	_ = w.Flush()
+
+	jsUrl, err := url.JoinPath(ctx.GetData("baseHttpUrl").(string), gist.User.Username, gist.Identifier()+".js")
+	if err != nil {
+		return ctx.ErrorRes(500, "Error joining js url", err)
+	}
+
+	cssUrl, err := url.JoinPath(ctx.GetData("baseHttpUrl").(string), context.ManifestEntries["embed.css"].File)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error joining css url", err)
+	}
+
+	return ctx.JSON(200, map[string]interface{}{
+		"owner":       gist.User.Username,
+		"id":          gist.Identifier(),
+		"uuid":        gist.Uuid,
+		"title":       gist.Title,
+		"description": gist.Description,
+		"created_at":  time.Unix(gist.CreatedAt, 0).Format(time.RFC3339),
+		"visibility":  gist.VisibilityStr(),
+		"files":       renderedFiles,
+		"embed": map[string]string{
+			"html":    htmlbuf.String(),
+			"css":     cssUrl,
+			"js":      jsUrl,
+			"js_dark": jsUrl + "?dark",
+		},
+	})
+}
+
+func GistJs(ctx *context.Context) error {
+	if _, exists := ctx.QueryParams()["dark"]; exists {
+		ctx.SetData("dark", "dark")
+	}
+
+	gist := ctx.GetData("gist").(*db.Gist)
+	files, err := gist.Files("HEAD", true)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching files", err)
+	}
+
+	renderedFiles := render.HighlightFiles(files)
+	ctx.SetData("files", renderedFiles)
+
+	htmlbuf := bytes.Buffer{}
+	w := bufio.NewWriter(&htmlbuf)
+	if err = ctx.Echo().Renderer.Render(w, "gist_embed.html", ctx.DataMap(), ctx); err != nil {
+		return err
+	}
+	_ = w.Flush()
+
+	cssUrl, err := url.JoinPath(ctx.GetData("baseHttpUrl").(string), context.ManifestEntries["embed.css"].File)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error joining css url", err)
+	}
+
+	js, err := escapeJavaScriptContent(htmlbuf.String(), cssUrl)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error escaping JavaScript content", err)
+	}
+	ctx.Response().Header().Set("Content-Type", "application/javascript")
+	return ctx.PlainText(200, js)
+}
+
+func Preview(ctx *context.Context) error {
+	content := ctx.FormValue("content")
+
+	previewStr, err := render.MarkdownString(content)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error rendering markdown", err)
+	}
+
+	return ctx.PlainText(200, previewStr)
+}
+
+func escapeJavaScriptContent(htmlContent, cssUrl string) (string, error) {
+	jsonContent, err := gojson.Marshal(htmlContent)
+	if err != nil {
+		return "", fmt.Errorf("failed to encode content: %w", err)
+	}
+
+	jsonCssUrl, err := gojson.Marshal(cssUrl)
+	if err != nil {
+		return "", fmt.Errorf("failed to encode CSS URL: %w", err)
+	}
+
+	js := fmt.Sprintf(`
+        document.write('<link rel="stylesheet" href=%s>');
+        document.write(%s);
+    `,
+		string(jsonCssUrl),
+		string(jsonContent),
+	)
+
+	return js, nil
+}
--- a/internal/web/handlers/gist/like.go
+++ b/internal/web/handlers/gist/like.go
@ -0,0 +1,52 @@
+package gist
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"github.com/thomiceli/opengist/internal/web/handlers"
+)
+
+func Like(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	currentUser := ctx.User
+
+	hasLiked, err := currentUser.HasLiked(gist)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error checking if user has liked a gist", err)
+	}
+
+	if hasLiked {
+		err = gist.RemoveUserLike(ctx.User)
+	} else {
+		err = gist.AppendUserLike(ctx.User)
+	}
+
+	if err != nil {
+		return ctx.ErrorRes(500, "Error liking/dislking this gist", err)
+	}
+
+	redirectTo := "/" + gist.User.Username + "/" + gist.Identifier()
+	if r := ctx.QueryParam("redirecturl"); r != "" {
+		redirectTo = r
+	}
+	return ctx.RedirectTo(redirectTo)
+}
+
+func Likes(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+
+	pageInt := handlers.GetPage(ctx)
+
+	likers, err := gist.GetUsersLikes(pageInt - 1)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error getting users who liked this gist", err)
+	}
+
+	if err = handlers.Paginate(ctx, likers, pageInt, 30, "likers", gist.User.Username+"/"+gist.Identifier()+"/likes", 1); err != nil {
+		return ctx.ErrorRes(404, ctx.Tr("error.page-not-found"), nil)
+	}
+
+	ctx.SetData("htmlTitle", ctx.TrH("gist.likes.for", gist.Title))
+	ctx.SetData("revision", "HEAD")
+	return ctx.Html("likes.html")
+}
--- a/internal/web/handlers/gist/revisions.go
+++ b/internal/web/handlers/gist/revisions.go
@ -0,0 +1,45 @@
+package gist
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"github.com/thomiceli/opengist/internal/web/handlers"
+	"strings"
+)
+
+func Revisions(ctx *context.Context) error {
+	gist := ctx.GetData("gist").(*db.Gist)
+	userName := gist.User.Username
+	gistName := gist.Identifier()
+
+	pageInt := handlers.GetPage(ctx)
+
+	commits, err := gist.Log((pageInt - 1) * 10)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching commits log", err)
+	}
+
+	if err := handlers.Paginate(ctx, commits, pageInt, 10, "commits", userName+"/"+gistName+"/revisions", 2); err != nil {
+		return ctx.ErrorRes(404, ctx.Tr("error.page-not-found"), nil)
+	}
+
+	emailsSet := map[string]struct{}{}
+	for _, commit := range commits {
+		if commit.AuthorEmail == "" {
+			continue
+		}
+		emailsSet[strings.ToLower(commit.AuthorEmail)] = struct{}{}
+	}
+
+	emailsUsers, err := db.GetUsersFromEmails(emailsSet)
+	if err != nil {
+		return ctx.ErrorRes(500, "Error fetching users emails", err)
+	}
+
+	ctx.SetData("page", "revisions")
+	ctx.SetData("revision", "HEAD")
+	ctx.SetData("emails", emailsUsers)
+	ctx.SetData("htmlTitle", ctx.TrH("gist.revision-of", gist.Title))
+
+	return ctx.Html("revisions.html")
+}
--- a/internal/web/handlers/git/http.go
+++ b/internal/web/handlers/git/http.go
@ -0,0 +1,337 @@
+package git
+
+import (
+	"bytes"
+	"compress/gzip"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"github.com/thomiceli/opengist/internal/auth/password"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"github.com/thomiceli/opengist/internal/web/handlers"
+	"net/http"
+	"os"
+	"os/exec"
+	"path"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/auth"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/git"
+	"github.com/thomiceli/opengist/internal/memdb"
+	"gorm.io/gorm"
+)
+
+var routes = []struct {
+	gitUrl  string
+	method  string
+	handler func(ctx *context.Context) error
+}{
+	{"(.*?)/git-upload-pack$", "POST", uploadPack},
+	{"(.*?)/git-receive-pack$", "POST", receivePack},
+	{"(.*?)/info/refs$", "GET", infoRefs},
+	{"(.*?)/HEAD$", "GET", textFile},
+	{"(.*?)/objects/info/alternates$", "GET", textFile},
+	{"(.*?)/objects/info/http-alternates$", "GET", textFile},
+	{"(.*?)/objects/info/packs$", "GET", infoPacks},
+	{"(.*?)/objects/info/[^/]*$", "GET", textFile},
+	{"(.*?)/objects/[0-9a-f]{2}/[0-9a-f]{38}$", "GET", looseObject},
+	{"(.*?)/objects/pack/pack-[0-9a-f]{40}\\.pack$", "GET", packFile},
+	{"(.*?)/objects/pack/pack-[0-9a-f]{40}\\.idx$", "GET", idxFile},
+}
+
+func GitHttp(ctx *context.Context) error {
+	for _, route := range routes {
+		matched, _ := regexp.MatchString(route.gitUrl, ctx.Request().URL.Path)
+		if ctx.Request().Method == route.method && matched {
+			if !strings.HasPrefix(ctx.Request().Header.Get("User-Agent"), "git/") {
+				continue
+			}
+
+			gist := ctx.GetData("gist").(*db.Gist)
+
+			isInit := strings.HasPrefix(ctx.Request().URL.Path, "/init/info/refs")
+			isInitReceive := strings.HasPrefix(ctx.Request().URL.Path, "/init/git-receive-pack")
+			isInfoRefs := strings.HasSuffix(route.gitUrl, "/info/refs$")
+			isPull := ctx.QueryParam("service") == "git-upload-pack" ||
+				strings.HasSuffix(ctx.Request().URL.Path, "git-upload-pack") ||
+				ctx.Request().Method == "GET" && !isInfoRefs
+
+			repositoryPath := git.RepositoryPath(gist.User.Username, gist.Uuid)
+			if _, err := os.Stat(repositoryPath); os.IsNotExist(err) {
+				if err != nil {
+					log.Info().Err(err).Msg("Repository directory does not exist")
+					return ctx.ErrorRes(404, "Repository directory does not exist", err)
+				}
+			}
+
+			ctx.SetData("repositoryPath", repositoryPath)
+
+			allow, err := auth.ShouldAllowUnauthenticatedGistAccess(handlers.ContextAuthInfo{Context: ctx}, true)
+			if err != nil {
+				log.Fatal().Err(err).Msg("Cannot check if unauthenticated access is allowed")
+			}
+
+			// Shows basic auth if :
+			// - user wants to push the gist
+			// - user wants to clone/pull a private gist
+			// - gist is not found (obfuscation)
+			// - admin setting to require login is set to true
+			if isPull && gist.Private != db.PrivateVisibility && gist.ID != 0 && allow {
+				return route.handler(ctx)
+			}
+
+			authHeader := ctx.Request().Header.Get("Authorization")
+			if authHeader == "" {
+				return basicAuth(ctx)
+			}
+
+			authFields := strings.Fields(authHeader)
+			if len(authFields) != 2 || authFields[0] != "Basic" {
+				return basicAuth(ctx)
+			}
+
+			authUsername, authPassword, err := basicAuthDecode(authFields[1])
+			if err != nil {
+				return basicAuth(ctx)
+			}
+
+			if !isInit && !isInitReceive {
+				if gist.ID == 0 {
+					return ctx.PlainText(404, "Check your credentials or make sure you have access to the Gist")
+				}
+
+				var userToCheckPermissions *db.User
+				if gist.Private != db.PrivateVisibility && isPull {
+					userToCheckPermissions, _ = db.GetUserByUsername(authUsername)
+				} else {
+					userToCheckPermissions = &gist.User
+				}
+
+				if ok, err := password.VerifyPassword(authPassword, userToCheckPermissions.Password); !ok {
+					if err != nil {
+						return ctx.ErrorRes(500, "Cannot verify password", err)
+					}
+					log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
+					return ctx.PlainText(404, "Check your credentials or make sure you have access to the Gist")
+				}
+			} else {
+				var user *db.User
+				if user, err = db.GetUserByUsername(authUsername); err != nil {
+					if !errors.Is(err, gorm.ErrRecordNotFound) {
+						return ctx.ErrorRes(500, "Cannot get user", err)
+					}
+					log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
+					return ctx.ErrorRes(401, "Invalid credentials", nil)
+				}
+
+				if ok, err := password.VerifyPassword(authPassword, user.Password); !ok {
+					if err != nil {
+						return ctx.ErrorRes(500, "Cannot check for password", err)
+					}
+					log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
+					return ctx.ErrorRes(401, "Invalid credentials", nil)
+				}
+
+				if isInit {
+					gist = new(db.Gist)
+					gist.UserID = user.ID
+					gist.User = *user
+					uuidGist, err := uuid.NewRandom()
+					if err != nil {
+						return ctx.ErrorRes(500, "Error creating an UUID", err)
+					}
+					gist.Uuid = strings.Replace(uuidGist.String(), "-", "", -1)
+					gist.Title = "gist:" + gist.Uuid
+
+					if err = gist.InitRepository(); err != nil {
+						return ctx.ErrorRes(500, "Cannot init repository in the file system", err)
+					}
+
+					if err = gist.Create(); err != nil {
+						return ctx.ErrorRes(500, "Cannot init repository in database", err)
+					}
+
+					if err := memdb.InsertGistInit(user.ID, gist); err != nil {
+						return ctx.ErrorRes(500, "Cannot save the URL for the new Gist", err)
+					}
+
+					ctx.SetData("gist", gist)
+				} else {
+					gistFromMemdb, err := memdb.GetGistInitAndDelete(user.ID)
+					if err != nil {
+						return ctx.ErrorRes(500, "Cannot get the gist link from the in memory database", err)
+					}
+
+					gist := gistFromMemdb.Gist
+					ctx.SetData("gist", gist)
+					ctx.SetData("repositoryPath", git.RepositoryPath(gist.User.Username, gist.Uuid))
+				}
+			}
+
+			return route.handler(ctx)
+		}
+	}
+	return ctx.NotFound("Gist not found")
+}
+
+func uploadPack(ctx *context.Context) error {
+	return pack(ctx, "upload-pack")
+}
+
+func receivePack(ctx *context.Context) error {
+	return pack(ctx, "receive-pack")
+}
+
+func pack(ctx *context.Context, serviceType string) error {
+	noCacheHeaders(ctx)
+	defer ctx.Request().Body.Close()
+
+	if ctx.Request().Header.Get("Content-Type") != "application/x-git-"+serviceType+"-request" {
+		return ctx.ErrorRes(401, "Git client unsupported", nil)
+	}
+	ctx.Response().Header().Set("Content-Type", "application/x-git-"+serviceType+"-result")
+
+	var err error
+	reqBody := ctx.Request().Body
+
+	if ctx.Request().Header.Get("Content-Encoding") == "gzip" {
+		reqBody, err = gzip.NewReader(reqBody)
+		if err != nil {
+			return ctx.ErrorRes(500, "Cannot create gzip reader", err)
+		}
+	}
+
+	repositoryPath := ctx.GetData("repositoryPath").(string)
+	gist := ctx.GetData("gist").(*db.Gist)
+
+	var stderr bytes.Buffer
+	cmd := exec.Command("git", serviceType, "--stateless-rpc", repositoryPath)
+	cmd.Dir = repositoryPath
+	cmd.Stdin = reqBody
+	cmd.Stdout = ctx.Response().Writer
+	cmd.Stderr = &stderr
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "OPENGIST_REPOSITORY_URL_INTERNAL="+git.RepositoryUrl(ctx, gist.User.Username, gist.Identifier()))
+	cmd.Env = append(cmd.Env, "OPENGIST_REPOSITORY_ID="+strconv.Itoa(int(gist.ID)))
+
+	if err = cmd.Run(); err != nil {
+		return ctx.ErrorRes(500, "Cannot run git "+serviceType+" ; "+stderr.String(), err)
+	}
+
+	return nil
+}
+
+func infoRefs(ctx *context.Context) error {
+	noCacheHeaders(ctx)
+	var service string
+
+	gist := ctx.GetData("gist").(*db.Gist)
+
+	serviceType := ctx.QueryParam("service")
+	if strings.HasPrefix(serviceType, "git-") {
+		service = strings.TrimPrefix(serviceType, "git-")
+	}
+
+	if service != "upload-pack" && service != "receive-pack" {
+		if err := gist.UpdateServerInfo(); err != nil {
+			return ctx.ErrorRes(500, "Cannot update server info", err)
+		}
+		return sendFile(ctx, "text/plain; charset=utf-8")
+	}
+
+	refs, err := gist.RPC(service)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot run git "+service, err)
+	}
+
+	ctx.Response().Header().Set("Content-Type", "application/x-git-"+service+"-advertisement")
+	ctx.Response().WriteHeader(200)
+	_, _ = ctx.Response().Write(packetWrite("# service=git-" + service + "\n"))
+	_, _ = ctx.Response().Write([]byte("0000"))
+	_, _ = ctx.Response().Write(refs)
+
+	return nil
+}
+
+func textFile(ctx *context.Context) error {
+	noCacheHeaders(ctx)
+	return sendFile(ctx, "text/plain")
+}
+
+func infoPacks(ctx *context.Context) error {
+	cacheHeadersForever(ctx)
+	return sendFile(ctx, "text/plain; charset=utf-8")
+}
+
+func looseObject(ctx *context.Context) error {
+	cacheHeadersForever(ctx)
+	return sendFile(ctx, "application/x-git-loose-object")
+}
+
+func packFile(ctx *context.Context) error {
+	cacheHeadersForever(ctx)
+	return sendFile(ctx, "application/x-git-packed-objects")
+}
+
+func idxFile(ctx *context.Context) error {
+	cacheHeadersForever(ctx)
+	return sendFile(ctx, "application/x-git-packed-objects-toc")
+}
+
+func noCacheHeaders(ctx *context.Context) {
+	ctx.Response().Header().Set("Expires", "Thu, 01 Jan 1970 00:00:00 UTC")
+	ctx.Response().Header().Set("Pragma", "no-cache")
+	ctx.Response().Header().Set("Cache-Control", "no-cache, max-age=0, must-revalidate")
+}
+
+func cacheHeadersForever(ctx *context.Context) {
+	now := time.Now().Unix()
+	expires := now + 31536000
+	ctx.Response().Header().Set("Date", fmt.Sprintf("%d", now))
+	ctx.Response().Header().Set("Expires", fmt.Sprintf("%d", expires))
+	ctx.Response().Header().Set("Cache-Control", "public, max-age=31536000")
+}
+
+func basicAuth(ctx *context.Context) error {
+	ctx.Response().Header().Set("WWW-Authenticate", `Basic realm="."`)
+	return ctx.PlainText(401, "Requires authentication")
+}
+
+func basicAuthDecode(encoded string) (string, string, error) {
+	s, err := base64.StdEncoding.DecodeString(encoded)
+	if err != nil {
+		return "", "", err
+	}
+
+	auth := strings.SplitN(string(s), ":", 2)
+	return auth[0], auth[1], nil
+}
+
+func sendFile(ctx *context.Context, contentType string) error {
+	gitFile := "/" + strings.Join(strings.Split(ctx.Request().URL.Path, "/")[3:], "/")
+	gitFile = path.Join(ctx.GetData("repositoryPath").(string), gitFile)
+	fi, err := os.Stat(gitFile)
+	if os.IsNotExist(err) {
+		return ctx.ErrorRes(404, "File not found", nil)
+	}
+	ctx.Response().Header().Set("Content-Type", contentType)
+	ctx.Response().Header().Set("Content-Length", fmt.Sprintf("%d", fi.Size()))
+	ctx.Response().Header().Set("Last-Modified", fi.ModTime().Format(http.TimeFormat))
+	return ctx.File(gitFile)
+}
+
+func packetWrite(str string) []byte {
+	s := strconv.FormatInt(int64(len(str)+4), 16)
+
+	if len(s)%4 != 0 {
+		s = strings.Repeat("0", 4-len(s)%4) + s
+	}
+
+	return []byte(s + str)
+}
--- a/internal/web/handlers/health/healthcheck.go
+++ b/internal/web/handlers/health/healthcheck.go
@ -0,0 +1,25 @@
+package health
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"time"
+)
+
+func Healthcheck(ctx *context.Context) error {
+	// Check database connection
+	dbOk := "ok"
+	httpStatus := 200
+
+	err := db.Ping()
+	if err != nil {
+		dbOk = "ko"
+		httpStatus = 503
+	}
+
+	return ctx.JSON(httpStatus, map[string]interface{}{
+		"opengist": "ok",
+		"database": dbOk,
+		"time":     time.Now().Format(time.RFC3339),
+	})
+}
--- a/internal/web/handlers/health/metrics.go
+++ b/internal/web/handlers/health/metrics.go
@ -0,0 +1,9 @@
+package health
+
+import "github.com/thomiceli/opengist/internal/web/context"
+
+// Metrics is a dummy handler to satisfy the /metrics endpoint (for Prometheus, Openmetrics, etc.)
+// until we have a proper metrics endpoint
+func Metrics(ctx *context.Context) error {
+	return ctx.String(200, "")
+}
--- a/internal/web/handlers/settings/account.go
+++ b/internal/web/handlers/settings/account.go
@ -0,0 +1,88 @@
+package settings
+
+import (
+	"crypto/md5"
+	"fmt"
+	"github.com/thomiceli/opengist/internal/config"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/git"
+	"github.com/thomiceli/opengist/internal/i18n"
+	"github.com/thomiceli/opengist/internal/validator"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func EmailProcess(ctx *context.Context) error {
+	user := ctx.User
+	email := ctx.FormValue("email")
+	var hash string
+
+	if email == "" {
+		// generate random md5 string
+		hash = fmt.Sprintf("%x", md5.Sum([]byte(time.Now().String())))
+	} else {
+		hash = fmt.Sprintf("%x", md5.Sum([]byte(strings.ToLower(strings.TrimSpace(email)))))
+	}
+
+	user.Email = strings.ToLower(email)
+	user.MD5Hash = hash
+
+	if err := user.Update(); err != nil {
+		return ctx.ErrorRes(500, "Cannot update email", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.user.email-updated"), "success")
+	return ctx.RedirectTo("/settings")
+}
+
+func AccountDeleteProcess(ctx *context.Context) error {
+	user := ctx.User
+
+	if err := user.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete this user", err)
+	}
+
+	return ctx.RedirectTo("/all")
+}
+
+func UsernameProcess(ctx *context.Context) error {
+	user := ctx.User
+
+	dto := new(db.UserDTO)
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+	dto.Password = user.Password
+
+	if err := ctx.Validate(dto); err != nil {
+		ctx.AddFlash(validator.ValidationMessages(&err, ctx.GetData("locale").(*i18n.Locale)), "error")
+		return ctx.RedirectTo("/settings")
+	}
+
+	if exists, err := db.UserExists(dto.Username); err != nil || exists {
+		ctx.AddFlash(ctx.Tr("flash.auth.username-exists"), "error")
+		return ctx.RedirectTo("/settings")
+	}
+
+	sourceDir := filepath.Join(config.GetHomeDir(), git.ReposDirectory, strings.ToLower(user.Username))
+	destinationDir := filepath.Join(config.GetHomeDir(), git.ReposDirectory, strings.ToLower(dto.Username))
+
+	if _, err := os.Stat(sourceDir); !os.IsNotExist(err) {
+		err := os.Rename(sourceDir, destinationDir)
+		if err != nil {
+			return ctx.ErrorRes(500, "Cannot rename user directory", err)
+		}
+	}
+
+	user.Username = dto.Username
+
+	if err := user.Update(); err != nil {
+		return ctx.ErrorRes(500, "Cannot update username", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.user.username-updated"), "success")
+	return ctx.RedirectTo("/settings")
+}
--- a/internal/web/handlers/settings/auth.go
+++ b/internal/web/handlers/settings/auth.go
@ -0,0 +1,58 @@
+package settings
+
+import (
+	passwordpkg "github.com/thomiceli/opengist/internal/auth/password"
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/i18n"
+	"github.com/thomiceli/opengist/internal/validator"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"strconv"
+)
+
+func PasskeyDelete(ctx *context.Context) error {
+	user := ctx.User
+	keyId, err := strconv.Atoi(ctx.Param("id"))
+	if err != nil {
+		return ctx.RedirectTo("/settings")
+	}
+
+	passkey, err := db.GetCredentialByIDDB(uint(keyId))
+	if err != nil || passkey.UserID != user.ID {
+		return ctx.RedirectTo("/settings")
+	}
+
+	if err := passkey.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete passkey", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.auth.passkey-deleted"), "success")
+	return ctx.RedirectTo("/settings")
+}
+
+func PasswordProcess(ctx *context.Context) error {
+	user := ctx.User
+
+	dto := new(db.UserDTO)
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+	dto.Username = user.Username
+
+	if err := ctx.Validate(dto); err != nil {
+		ctx.AddFlash(validator.ValidationMessages(&err, ctx.GetData("locale").(*i18n.Locale)), "error")
+		return ctx.Html("settings.html")
+	}
+
+	password, err := passwordpkg.HashPassword(dto.Password)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot hash password", err)
+	}
+	user.Password = password
+
+	if err = user.Update(); err != nil {
+		return ctx.ErrorRes(500, "Cannot update password", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.user.password-updated"), "success")
+	return ctx.RedirectTo("/settings")
+}
--- a/internal/web/handlers/settings/settings.go
+++ b/internal/web/handlers/settings/settings.go
@ -0,0 +1,34 @@
+package settings
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/web/context"
+)
+
+func UserSettings(ctx *context.Context) error {
+	user := ctx.User
+
+	keys, err := db.GetSSHKeysByUserID(user.ID)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get SSH keys", err)
+	}
+
+	passkeys, err := db.GetAllCredentialsForUser(user.ID)
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get WebAuthn credentials", err)
+	}
+
+	_, hasTotp, err := user.HasMFA()
+	if err != nil {
+		return ctx.ErrorRes(500, "Cannot get MFA status", err)
+	}
+
+	ctx.SetData("email", user.Email)
+	ctx.SetData("sshKeys", keys)
+	ctx.SetData("passkeys", passkeys)
+	ctx.SetData("hasTotp", hasTotp)
+	ctx.SetData("hasPassword", user.Password != "")
+	ctx.SetData("disableForm", ctx.GetData("DisableLoginForm"))
+	ctx.SetData("htmlTitle", ctx.TrH("settings"))
+	return ctx.Html("settings.html")
+}
--- a/internal/web/handlers/settings/sshkey.go
+++ b/internal/web/handlers/settings/sshkey.go
@ -0,0 +1,71 @@
+package settings
+
+import (
+	"github.com/thomiceli/opengist/internal/db"
+	"github.com/thomiceli/opengist/internal/i18n"
+	"github.com/thomiceli/opengist/internal/validator"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"golang.org/x/crypto/ssh"
+	"strconv"
+	"strings"
+)
+
+func SshKeysProcess(ctx *context.Context) error {
+	user := ctx.User
+
+	dto := new(db.SSHKeyDTO)
+	if err := ctx.Bind(dto); err != nil {
+		return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
+	}
+
+	if err := ctx.Validate(dto); err != nil {
+		ctx.AddFlash(validator.ValidationMessages(&err, ctx.GetData("locale").(*i18n.Locale)), "error")
+		return ctx.RedirectTo("/settings")
+	}
+	key := dto.ToSSHKey()
+
+	key.UserID = user.ID
+
+	pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key.Content))
+	if err != nil {
+		ctx.AddFlash(ctx.Tr("flash.user.invalid-ssh-key"), "error")
+		return ctx.RedirectTo("/settings")
+	}
+	key.Content = strings.TrimSpace(string(ssh.MarshalAuthorizedKey(pubKey)))
+
+	if exists, err := db.SSHKeyDoesExists(key.Content); exists {
+		if err != nil {
+			return ctx.ErrorRes(500, "Cannot check if SSH key exists", err)
+		}
+		ctx.AddFlash(ctx.Tr("settings.ssh-key-exists"), "error")
+		return ctx.RedirectTo("/settings")
+	}
+
+	if err := key.Create(); err != nil {
+		return ctx.ErrorRes(500, "Cannot add SSH key", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.user.ssh-key-added"), "success")
+	return ctx.RedirectTo("/settings")
+}
+
+func SshKeysDelete(ctx *context.Context) error {
+	user := ctx.User
+	keyId, err := strconv.Atoi(ctx.Param("id"))
+	if err != nil {
+		return ctx.RedirectTo("/settings")
+	}
+
+	key, err := db.GetSSHKeyByID(uint(keyId))
+
+	if err != nil || key.UserID != user.ID {
+		return ctx.RedirectTo("/settings")
+	}
+
+	if err := key.Delete(); err != nil {
+		return ctx.ErrorRes(500, "Cannot delete SSH key", err)
+	}
+
+	ctx.AddFlash(ctx.Tr("flash.user.ssh-key-deleted"), "success")
+	return ctx.RedirectTo("/settings")
+}
--- a/internal/web/handlers/util.go
+++ b/internal/web/handlers/util.go
@ -0,0 +1,79 @@
+package handlers
+
+import (
+	"errors"
+	"github.com/thomiceli/opengist/internal/web/context"
+	"html/template"
+	"strconv"
+	"strings"
+)
+
+func GetPage(ctx *context.Context) int {
+	page := ctx.QueryParam("page")
+	if page == "" {
+		page = "1"
+	}
+	pageInt, err := strconv.Atoi(page)
+	if err != nil {
+		pageInt = 1
+	}
+	ctx.SetData("currPage", pageInt)
+
+	return pageInt
+}
+
+func Paginate[T any](ctx *context.Context, data []*T, pageInt int, perPage int, templateDataName string, urlPage string, labels int, urlParams ...string) error {
+	lenData := len(data)
+	if lenData == 0 && pageInt != 1 {
+		return errors.New("page not found")
+	}
+
+	if lenData > perPage {
+		if lenData > 1 {
+			data = data[:lenData-1]
+		}
+		ctx.SetData("nextPage", pageInt+1)
+	}
+	if pageInt > 1 {
+		ctx.SetData("prevPage", pageInt-1)
+	}
+
+	if len(urlParams) > 0 {
+		ctx.SetData("urlParams", template.URL(urlParams[0]))
+	}
+
+	switch labels {
+	case 1:
+		ctx.SetData("prevLabel", ctx.TrH("pagination.previous"))
+		ctx.SetData("nextLabel", ctx.TrH("pagination.next"))
+	case 2:
+		ctx.SetData("prevLabel", ctx.TrH("pagination.newer"))
+		ctx.SetData("nextLabel", ctx.TrH("pagination.older"))
+	}
+
+	ctx.SetData("urlPage", urlPage)
+	ctx.SetData(templateDataName, data)
+	return nil
+}
+
+func ParseSearchQueryStr(query string) (string, map[string]string) {
+	words := strings.Fields(query)
+	metadata := make(map[string]string)
+	var contentBuilder strings.Builder
+
+	for _, word := range words {
+		if strings.Contains(word, ":") {
+			keyValue := strings.SplitN(word, ":", 2)
+			if len(keyValue) == 2 {
+				key := keyValue[0]
+				value := keyValue[1]
+				metadata[key] = value
+			}
+		} else {
+			contentBuilder.WriteString(word + " ")
+		}
+	}
+
+	content := strings.TrimSpace(contentBuilder.String())
+	return content, metadata
+}