7 files changed, 148 insertions, 22 deletions

diff --git a/src/app.html b/src/app.html
index b0b3788..77f0d9f 100644
--- a/src/app.html
+++ b/src/app.html
@@ -5,7 +5,10 @@
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     %sveltekit.head%
   </head>
-  <body data-sveltekit-preload-data="hover" class="cs">
+  <body
+    data-sveltekit-preload-data="hover"
+    class="cs min-h-screen flex justify-between flex-col"
+  >
     <div style="display: contents">%sveltekit.body%</div>
   </body>
 </html>
diff --git a/src/lib/vendor/lock.ts b/src/lib/vendor/lock.ts
index 43249cd..3f2b6b9 100644
--- a/src/lib/vendor/lock.ts
+++ b/src/lib/vendor/lock.ts
@@ -184,7 +184,7 @@ export class JoinedRWLock extends RWLockAbstract {
    * @param priority Priority passed to {@link RWLockImpl.acquireRead RWLock.acquireRead}
    * @param greedy If we should attempt to get the underlying locks whilst waiting on others. This gives us priority, but may make other operations take forever. `-1`=Never be greedy, `0`=Immediately be greedy, `>0`=Wait `greedyAfter` seconds before being greedy (leaks a Promise if timeout reached)
    */
-  public acquireRead(priority?: number): Promise<() => void> {
+  public acquireRead(priority?: number, greedyAfter = -1): Promise<() => void> {
     return this.acquireGeneric(
       (lock, priority) => lock.acquireRead(priority),
       priority,
diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte
index dc81706..61bd14e 100644
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@@ -10,22 +10,40 @@
   <link rel="icon" href={favicon} />
 </svelte:head>
 
-<nav class="header">
-  <h1 class="text-4xl">crunched</h1>
-  <p>
-    <a href="/">home</a> - {#if page.data.session}<a href="/vms">vms</a> -
-      <a
-        href="/login/undo?next={encodeURIComponent(
-          page.url.pathname + page.url.search
-        )}">logout</a
-      >{:else}<a
-        href="/login?scope=default&next={encodeURIComponent(
-          page.url.pathname + page.url.search
-        )}">login</a
-      >{/if}
+<div id="app">
+  <nav class="header">
+    <h1 class="text-4xl">crunched</h1>
+    <p>
+      <a href="/home">home</a> - {#if page.data.session}<a href="/vms">vms</a> -
+        <a
+          href="/login/undo?next={encodeURIComponent(
+            page.url.pathname + page.url.search
+          )}">logout</a
+        >{:else}<a
+          href="/login?scope=default&next={encodeURIComponent(
+            page.url.pathname + page.url.search
+          )}">login</a
+        >{/if}
+    </p>
+    <div class="my-2">
+      <hr />
+    </div>
+  </nav>
+  {@render children?.()}
+</div>
+
+<footer class="-mb-3 mt-3">
+  <p class="text-xs">
+    <span class="opacity-60 hover:opacity-100 transition-opacity">
+      Copyright (c) 2025 Neobot Verein.
+    </span><br />
+    <span class="opacity-60 hover:opacity-100 transition-opacity">
+      <a href="https://git.estrogen.zone/crunched.git/">Source Code</a>
+      <small>AGPL3</small>
+    </span>
+    <span class="opacity-60"> - </span>
+    <span class="opacity-60 hover:opacity-100 transition-opacity"
+      ><a href="/aup">Acceptable Use Policy</a></span
+    >
   </p>
-  <div class="my-2">
-    <hr />
-  </div>
-</nav>
-{@render children?.()}
+</footer>
diff --git a/src/routes/api/v1/fs.ts b/src/routes/api/v1/fs.ts
new file mode 100644
index 0000000..92714f3
--- /dev/null
+++ b/src/routes/api/v1/fs.ts
@@ -0,0 +1,20 @@
+import { LockSet } from '$lib/vendor/lock';
+import fs from 'node:fs/promises';
+import process from 'node:process';
+import path from 'node:path';
+
+const lockSet = new LockSet();
+const baseDataPath =
+  process.env.BASE_DATA_PATH ?? path.join(process.cwd(), 'data');
+const usersDir = path.join(baseDataPath, 'users');
+const disksDir = path.join(baseDataPath, 'disks');
+
+export const userExists = async (username: string) => {
+  const unlock = await lockSet.get(username).acquireRead();
+  try {
+    fs.open(path.join(baseDataPath, ''));
+  } catch (error) {
+    unlock();
+    throw error;
+  }
+};
diff --git a/src/routes/aup/+page.svelte b/src/routes/aup/+page.svelte
new file mode 100644
index 0000000..767ee2d
--- /dev/null
+++ b/src/routes/aup/+page.svelte
@@ -0,0 +1,83 @@
+<svelte:head>
+  <title>Crunched - Acceptable Use Policy</title>
+</svelte:head>
+
+<article>
+  <h1 class="text-3xl">Crunched - Acceptable Use Policy</h1>
+  <p>
+    The Neobot Verein does our best to provide rules limited to preserving our
+    morality, integrity, reliability and legality of our services.<br />
+    We kindly request you follow the following rules:
+  </p>
+  <ol class="pl-4 list-decimal">
+    <li>No pornography involving minors - real or fictional.</li>
+    <li>No crypto mining, please.</li>
+    <li>
+      No training LLMs. Only run them if their resource usage over time is
+      similar to any other server we'd see.
+    </li>
+    <li>
+      No hosting black-hat phishing sites or command and control (C&C) servers.
+      No launching (D)DoS attacks from our infrastructure. No outgoing spam.
+    </li>
+    <li>
+      No Tor Exit Nodes/Open Proxies/i2p Outproxies. Sorry, we don't want the
+      feds knocking on our door.
+    </li>
+    <li>Make an attempt to not have the server wide open for any attacker.</li>
+    <li>
+      Be reasonable with resource usage. We don't want to start needing to limit
+      network interfaces.
+    </li>
+    <li>
+      Try not to get <a
+        href="https://www.init7.net/de/kleingedrucktes/gtc-init7-2024.pdf"
+        target="_blank"
+        rel="noopener noreferrer">init7</a
+      >
+      to contact us about your use of our services.
+      <span class="opacity-70 text-sm">(Link goes to their ToS)</span>
+    </li>
+    <li>
+      Follow regional laws in Zurich, Switzerland - atleast in regards to the
+      contents hosted here.<br />
+      We dislike the feds knocking on our door just as much as anyone else.
+    </li>
+  </ol>
+  <p class="mt-2">
+    Tl;dr: Abide by the same general rules any other provider provides. Try not
+    to violate regional laws in Zurich, Switzerland.
+  </p>
+  <h2 class="text-2xl mt-4">Excessive Resource Use Policy</h2>
+  <p>
+    In case of excessive resource use, we will try to inform you prior to taking
+    action. However, if the resource use severely affects other users, or the
+    server's operations as a whole, we may take actions without prior notice.
+  </p>
+  <h2 class="text-2xl mt-4">UGC</h2>
+  <p>
+    If you allow user-generated content, you should really try to make sure you
+    moderate it so illegal material is removed before any complaints reach us.
+  </p>
+  <p class="mt-2">
+    If you clearly state that your site hosts user-generated content, law
+    enforcement and child-protection agencies will typically contact you first
+    rather than contacting us, so ensure you put easily-accessible contact
+    information.
+  </p>
+  <h2 class="text-2xl mt-4">Contact</h2>
+  <p>
+    As a user, due to the invite-only nature of this service, if you have
+    questions regarding the AUP, please just contact the creature that sent you
+    here. Only admins can generate invites, as of now.
+  </p>
+  <p class="mt-2">
+    Are you a law enforcement agency and need contact with us? Contact us at <br
+    /><span class="text-sm p-1 bg-black/10">law-enforcement</span>[at]<span
+      class="text-sm p-1 bg-black/10">neobot</span
+    >[dot]<span class="text-sm p-1 bg-black/10">systems</span><br />
+    Note that if you are requesting user data, unless you have a legally valid Durchsuchungsbefehl
+    (or similar) from the Staatsanwaltschaft, we are very likely to deny any requests
+    for data belonging to our users.
+  </p>
+</article>
diff --git a/src/routes/home/+page.svelte b/src/routes/home/+page.svelte
index 8fa9ddd..2fc52e6 100644
--- a/src/routes/home/+page.svelte
+++ b/src/routes/home/+page.svelte
@@ -23,7 +23,7 @@
       </div>
       <button
         onclick={() => {
-          alert(checkScope(session, ['vm-own-write'], true));
+          alert(checkScope(session, ['vm-own-rm'], true));
         }}>need scope</button
       >
       <!-- <div slot="submitButton" class="buttonPrimary">Sign out</div> -->
diff --git a/src/routes/login/+server.ts b/src/routes/login/+server.ts
index 7313f13..d206e7e 100644
--- a/src/routes/login/+server.ts
+++ b/src/routes/login/+server.ts
@@ -6,14 +6,16 @@ export const GET = async (event) => {
   let desiredScopes = event.url.searchParams.get('scope') ?? 'default';
   desiredScopes = desiredScopes
     .split(' ')
-    .flatMap((v) => (v === 'default' ? 'vm-own-read vm-own-write' : ''))
+    .flatMap((v) => (v === 'default' ? 'vm-own-read vm-own-write' : v))
     .join(' ');
   if (new URL(target, event.url.href).host !== event.url.host) target = '/';
   const existingScopes = (event.cookies.get('oid__scopes') ?? '').split(' ');
   const authed = await event.locals.auth();
   const missingScopes = !!desiredScopes
     .split(' ')
+    .filter((v) => v)
     .find((v) => !existingScopes.includes(v));
+
   if (
     // if we're not authenticated
     !authed ||