17 files changed, 925 insertions, 6 deletions

diff --git a/README.md b/README.md
index b686fad..0c7bbd9 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,10 @@
 # ferdi-server
 Unofficial Franz server replacement for use with the Ferdi Client.
 
+## Why use a custom ferdi-server?
+A custom ferdi-server allows you to experience the full potential of the Ferdi client.
+
+
 ## Features
 - [x] User registration and login
 - [x] Service creation, download, listing and removing
diff --git a/app/Controllers/Http/DashboardController.js b/app/Controllers/Http/DashboardController.js
new file mode 100644
index 0000000..aa8127f
--- /dev/null
+++ b/app/Controllers/Http/DashboardController.js
@@ -0,0 +1,155 @@
+'use strict'
+
+const {
+  validateAll
+} = use('Validator');
+
+const crypto = require('crypto');
+
+class DashboardController {
+  async login({
+    request,
+    response,
+    auth,
+    session
+  }) {
+    const validation = await validateAll(request.all(), {
+      mail: 'required|email',
+      password: 'required',
+    });
+    if (validation.fails()) {
+      session.withErrors({
+        type: 'danger',
+        message: 'Invalid mail or password'
+      }).flashExcept(['password']);
+      return response.redirect('back');
+    }
+
+    let {
+      mail,
+      password
+    } = request.all()
+
+    const hashedPassword = crypto.createHash('sha256').update(password).digest('base64');
+
+    try {
+      await auth.authenticator('session').attempt(mail, hashedPassword)
+    } catch (error) {
+      session.flash({
+        type: 'danger',
+        message: 'Invalid mail or password'
+      })
+      return response.redirect('back');
+    }
+    return response.redirect('/user/account');
+  }
+
+  async account({
+    auth,
+    view
+  }) {
+    try {
+      await auth.check()
+    } catch (error) {
+      return response.redirect('/user/login');
+    }
+
+    return view.render('dashboard.account', {
+      username: auth.user.username,
+      email: auth.user.email
+    });
+  }
+
+  async edit({
+    auth,
+    request,
+    session,
+    view,
+    response
+  }) {
+    let validation = await validateAll(request.all(), {
+      username: 'required',
+      email: 'required'
+    });
+    if (validation.fails()) {
+      session.withErrors(validation.messages()).flashExcept(['password']);
+      return response.redirect('back');
+    }
+
+    // Check new username
+    if (request.input('username') !== auth.user.username) {
+      validation = await validateAll(request.all(), {
+        username: 'required|unique:users,username',
+        email: 'required'
+      });
+      if (validation.fails()) {
+        session.withErrors(validation.messages()).flashExcept(['password']);
+        return response.redirect('back');
+      }
+    } 
+
+    // Check new email
+    if (request.input('email') !== auth.user.email) {
+      validation = await validateAll(request.all(), {
+        username: 'required',
+        email: 'required|email|unique:users,email'
+      });
+      if (validation.fails()) {
+        session.withErrors(validation.messages()).flashExcept(['password']);
+        return response.redirect('back');
+      }
+    }
+
+    // Update user account
+    auth.user.username = request.input('username');
+    auth.user.email = request.input('email');
+    if (!!request.input('password')) {
+      const hashedPassword = crypto.createHash('sha256').update(request.input('password')).digest('base64');
+      auth.user.password = hashedPassword;
+    }
+    auth.user.save();
+
+    return view.render('dashboard.account', {
+      username: auth.user.username,
+      email: auth.user.email,
+      success: true
+    });
+  }
+
+  async data({
+    auth,
+    view
+  }) {
+    const general = auth.user;
+    const services = (await auth.user.services().fetch()).toJSON();
+    const workspaces = (await auth.user.workspaces().fetch()).toJSON();
+
+    return view.render('dashboard.data', {
+      username: general.username,
+      mail: general.email,
+      created: general.created_at,
+      updated: general.updated_at,
+      services,
+      workspaces,
+    });
+  }
+
+  logout({
+    auth,
+    response
+  }) {
+    auth.authenticator('session').logout();
+    return response.redirect('/user/login');
+  }
+
+  delete({
+    auth,
+    response
+  }) {
+    auth.user.delete();
+    auth.authenticator('session').logout();
+    return response.redirect('/user/login');
+  }
+}
+
+module.exports = DashboardController
diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js
index 2a75f6e..ced27bb 100644
--- a/app/Controllers/Http/UserController.js
+++ b/app/Controllers/Http/UserController.js
@@ -192,9 +192,9 @@ class UserController {
     
     if(Env.get('CONNECT_WITH_FRANZ') == 'false') {
       await User.create({
-        email: userInf.email,
+        email,
         password: hashedPassword,
-        username: userInf.firstname
+        username: 'Franz'
       });
 
       return response.send('Your account has been created but due to this server\'s configuration, we could not import your Franz account data.\n\nIf you are the server owner, please set CONNECT_WITH_FRANZ to true to enable account imports.')
@@ -231,13 +231,18 @@ class UserController {
     }
 
     // Get user information
-    let userInf;
+    let userInf = false;
     try {
       userInf = await franzRequest('me', 'GET', token)
+      console.log('A', userInf)
     } catch (e) {
       const errorMessage = 'Could not get your user info from Franz. Please check your credentials or try again later.\nError: ' + e;
       return response.status(401).send(errorMessage)
     }
+    if (!userInf) {
+      const errorMessage = 'Could not get your user info from Franz. Please check your credentials or try again later.\nError: ' + e;
+      return response.status(401).send(errorMessage)
+    }
 
     // Create user in DB
     let user;
diff --git a/app/Exceptions/Handler.js b/app/Exceptions/Handler.js
index 94d7246..efa2e0b 100644
--- a/app/Exceptions/Handler.js
+++ b/app/Exceptions/Handler.js
@@ -23,6 +23,8 @@ class ExceptionHandler extends BaseExceptionHandler {
   async handle (error, { request, response }) {
     if (error.name === 'ValidationException') {
       return response.status(400).send('Invalid arguments')
+    } else if (error.name === 'InvalidSessionException') {
+      return response.status(401).redirect('/user/login');
     }
 
     response.status(error.status).send(error.message)
diff --git a/config/session.js b/config/session.js
new file mode 100644
index 0000000..f49b9b7
--- /dev/null
+++ b/config/session.js
@@ -0,0 +1,99 @@
+'use strict'
+
+const Env = use('Env')
+
+module.exports = {
+  /*
+  |--------------------------------------------------------------------------
+  | Session Driver
+  |--------------------------------------------------------------------------
+  |
+  | The session driver to be used for storing session values. It can be
+  | cookie, file or redis.
+  |
+  | For `redis` driver, make sure to install and register `@adonisjs/redis`
+  |
+  */
+  driver: Env.get('SESSION_DRIVER', 'cookie'),
+
+  /*
+  |--------------------------------------------------------------------------
+  | Cookie Name
+  |--------------------------------------------------------------------------
+  |
+  | The name of the cookie to be used for saving session id. Session ids
+  | are signed and encrypted.
+  |
+  */
+  cookieName: 'adonis-session',
+
+  /*
+  |--------------------------------------------------------------------------
+  | Clear session when browser closes
+  |--------------------------------------------------------------------------
+  |
+  | If this value is true, the session cookie will be temporary and will be
+  | removed when browser closes.
+  |
+  */
+  clearWithBrowser: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Session age
+  |--------------------------------------------------------------------------
+  |
+  | This value is only used when `clearWithBrowser` is set to false. The
+  | age must be a valid https://npmjs.org/package/ms string or should
+  | be in milliseconds.
+  |
+  | Valid values are:
+  |  '2h', '10d', '5y', '2.5 hrs'
+  |
+  */
+  age: '2h',
+
+  /*
+  |--------------------------------------------------------------------------
+  | Cookie options
+  |--------------------------------------------------------------------------
+  |
+  | Cookie options defines the options to be used for setting up session
+  | cookie
+  |
+  */
+  cookie: {
+    httpOnly: true,
+    path: '/',
+    sameSite: false
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | Sessions location
+  |--------------------------------------------------------------------------
+  |
+  | If driver is set to file, we need to define the relative location from
+  | the temporary path or absolute url to any location.
+  |
+  */
+  file: {
+    location: 'sessions'
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | Redis config
+  |--------------------------------------------------------------------------
+  |
+  | The configuration for the redis driver.
+  |
+  */
+  redis: {
+    host: '127.0.0.1',
+    port: 6379,
+    password: null,
+    db: 0,
+    keyPrefix: ''
+  }
+}
diff --git a/config/shield.js b/config/shield.js
new file mode 100644
index 0000000..3d4526a
--- /dev/null
+++ b/config/shield.js
@@ -0,0 +1,145 @@
+'use strict'
+
+module.exports = {
+  /*
+  |--------------------------------------------------------------------------
+  | Content Security Policy
+  |--------------------------------------------------------------------------
+  |
+  | Content security policy filters out the origins not allowed to execute
+  | and load resources like scripts, styles and fonts. There are wide
+  | variety of options to choose from.
+  */
+  csp: {
+    /*
+    |--------------------------------------------------------------------------
+    | Directives
+    |--------------------------------------------------------------------------
+    |
+    | All directives are defined in camelCase and here is the list of
+    | available directives and their possible values.
+    |
+    | https://content-security-policy.com
+    |
+    | @example
+    | directives: {
+    |   defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
+    | }
+    |
+    */
+    directives: {
+    },
+    /*
+    |--------------------------------------------------------------------------
+    | Report only
+    |--------------------------------------------------------------------------
+    |
+    | Setting `reportOnly=true` will not block the scripts from running and
+    | instead report them to a URL.
+    |
+    */
+    reportOnly: false,
+    /*
+    |--------------------------------------------------------------------------
+    | Set all headers
+    |--------------------------------------------------------------------------
+    |
+    | Headers staring with `X` have been depreciated, since all major browsers
+    | supports the standard CSP header. So its better to disable deperciated
+    | headers, unless you want them to be set.
+    |
+    */
+    setAllHeaders: false,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Disable on android
+    |--------------------------------------------------------------------------
+    |
+    | Certain versions of android are buggy with CSP policy. So you can set
+    | this value to true, to disable it for Android versions with buggy
+    | behavior.
+    |
+    | Here is an issue reported on a different package, but helpful to read
+    | if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
+    |
+    */
+    disableAndroid: true
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | X-XSS-Protection
+  |--------------------------------------------------------------------------
+  |
+  | X-XSS Protection saves from applications from XSS attacks. It is adopted
+  | by IE and later followed by some other browsers.
+  |
+  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+  |
+  */
+  xss: {
+    enabled: true,
+    enableOnOldIE: false
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | Iframe Options
+  |--------------------------------------------------------------------------
+  |
+  | xframe defines whether or not your website can be embedded inside an
+  | iframe. Choose from one of the following options.
+  | @available options
+  | DENY, SAMEORIGIN, ALLOW-FROM http://example.com
+  |
+  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+  */
+  xframe: 'DENY',
+
+  /*
+  |--------------------------------------------------------------------------
+  | No Sniff
+  |--------------------------------------------------------------------------
+  |
+  | Browsers have a habit of sniffing content-type of a response. Which means
+  | files with .txt extension containing Javascript code will be executed as
+  | Javascript. You can disable this behavior by setting nosniff to false.
+  |
+  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+  |
+  */
+  nosniff: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | No Open
+  |--------------------------------------------------------------------------
+  |
+  | IE users can execute webpages in the context of your website, which is
+  | a serious security risk. Below option will manage this for you.
+  |
+  */
+  noopen: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | CSRF Protection
+  |--------------------------------------------------------------------------
+  |
+  | CSRF Protection adds another layer of security by making sure, actionable
+  | routes does have a valid token to execute an action.
+  |
+  */
+  csrf: {
+    enable: true,
+    methods: ['POST', 'PUT', 'DELETE'],
+    filterUris: [],
+    cookieOptions: {
+      httpOnly: false,
+      sameSite: true,
+      path: '/',
+      maxAge: 7200
+    }
+  }
+}
diff --git a/package-lock.json b/package-lock.json
index dfc1308..0a8707b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -299,6 +299,49 @@
         }
       }
     },
+    "@adonisjs/session": {
+      "version": "1.0.29",
+      "resolved": "https://registry.npmjs.org/@adonisjs/session/-/session-1.0.29.tgz",
+      "integrity": "sha512-dr8P/WUrt50uLZt5SZ8C1uhp4FXzGPh1dNUeS0Lur95ftzHri6S+suBXQ4DM+sNiZQn7iaVylYwsFqUlOkp8gQ==",
+      "requires": {
+        "@adonisjs/generic-exceptions": "^2.0.1",
+        "bson": "^1.1.0",
+        "debug": "^4.1.0",
+        "fs-extra": "^7.0.0",
+        "lodash": "^4.17.11",
+        "ms": "^2.1.1",
+        "type-of-is": "^3.5.1",
+        "uuid": "^3.3.2"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "ms": {
+          "version": "2.1.2",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+          "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
+        }
+      }
+    },
+    "@adonisjs/shield": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@adonisjs/shield/-/shield-1.0.8.tgz",
+      "integrity": "sha512-bFPuDIlChrp7ihbwjl8OVCw/b57pG0yn/1rrzFXP2XBpIUTbOFdQxzDlvydHxsyg90/pAup/4qtmdulywczg2g==",
+      "requires": {
+        "@adonisjs/generic-exceptions": "^2.0.1",
+        "csrf": "^3.0.6",
+        "node-cookie": "^2.1.1",
+        "node-csp": "^1.0.1",
+        "node-guard": "^1.0.0",
+        "uuid": "^3.3.2"
+      }
+    },
     "@adonisjs/validator": {
       "version": "5.0.6",
       "resolved": "https://registry.npmjs.org/@adonisjs/validator/-/validator-5.0.6.tgz",
@@ -836,6 +879,11 @@
         "to-regex": "^3.0.1"
       }
     },
+    "bson": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/bson/-/bson-1.1.1.tgz",
+      "integrity": "sha512-jCGVYLoYMHDkOsbwJZBCqwMHyH4c+wzgI9hG7Z6SZJRXWr+x58pdIbm2i9a/jFGCkRJqRUr8eoI7lDWa0hTkxg=="
+    },
     "btoa": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz",
@@ -1240,6 +1288,16 @@
         "which": "^1.2.9"
       }
     },
+    "csrf": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/csrf/-/csrf-3.1.0.tgz",
+      "integrity": "sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==",
+      "requires": {
+        "rndm": "1.2.0",
+        "tsscmp": "1.0.6",
+        "uid-safe": "2.1.5"
+      }
+    },
     "dashdash": {
       "version": "1.14.1",
       "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
@@ -2721,6 +2779,14 @@
         }
       }
     },
+    "node-csp": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/node-csp/-/node-csp-1.0.1.tgz",
+      "integrity": "sha1-MF6yN3yY2oQVq7sDcW76HU6wznI=",
+      "requires": {
+        "platform": "^1.3.1"
+      }
+    },
     "node-exceptions": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/node-exceptions/-/node-exceptions-3.0.0.tgz",
@@ -2731,6 +2797,11 @@
       "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz",
       "integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA=="
     },
+    "node-guard": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/node-guard/-/node-guard-1.0.0.tgz",
+      "integrity": "sha1-5FSb63kcOxyEJ1WlJztzvosICjQ="
+    },
     "node-pre-gyp": {
       "version": "0.11.0",
       "resolved": "https://registry.npmjs.org/node-pre-gyp/-/node-pre-gyp-0.11.0.tgz",
@@ -3093,6 +3164,11 @@
       "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
       "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g=="
     },
+    "platform": {
+      "version": "1.3.5",
+      "resolved": "https://registry.npmjs.org/platform/-/platform-1.3.5.tgz",
+      "integrity": "sha512-TuvHS8AOIZNAlE77WUDiR4rySV/VMptyMfcfeoMgs4P8apaZM3JrnbzBiixKUv+XR6i+BXrQh8WAnjaSPFO65Q=="
+    },
     "pluralize": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
@@ -3778,6 +3854,11 @@
         "glob": "^7.1.3"
       }
     },
+    "rndm": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/rndm/-/rndm-1.2.0.tgz",
+      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w="
+    },
     "safe-buffer": {
       "version": "5.2.0",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz",
@@ -4543,6 +4624,11 @@
       "resolved": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.3.0.tgz",
       "integrity": "sha512-XrHUvV5HpdLmIj4uVMxHggLbFSZYIn7HEWsqePZcI50pco+MPqJ50wMGY794X7AOOhxOBAjbkqfAbEe/QMp2Lw=="
     },
+    "tsscmp": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
+      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA=="
+    },
     "tunnel-agent": {
       "version": "0.6.0",
       "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
@@ -4565,6 +4651,11 @@
         "mime-types": "~2.1.24"
       }
     },
+    "type-of-is": {
+      "version": "3.5.1",
+      "resolved": "https://registry.npmjs.org/type-of-is/-/type-of-is-3.5.1.tgz",
+      "integrity": "sha1-7sL8ibgo2/mQDrZBbu4w9P4PzTE="
+    },
     "uid-safe": {
       "version": "2.1.5",
       "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
diff --git a/package.json b/package.json
index e63e7de..927c513 100644
--- a/package.json
+++ b/package.json
@@ -25,6 +25,8 @@
     "@adonisjs/framework": "^5.0.9",
     "@adonisjs/ignitor": "^2.0.8",
     "@adonisjs/lucid": "^6.1.3",
+    "@adonisjs/session": "^1.0.29",
+    "@adonisjs/shield": "^1.0.8",
     "@adonisjs/validator": "^5.0.6",
     "atob": "^2.1.2",
     "btoa": "^1.2.1",
diff --git a/public/css/main.css b/public/css/main.css
new file mode 100644
index 0000000..a1c5653
--- /dev/null
+++ b/public/css/main.css
@@ -0,0 +1,69 @@
+input {
+  margin-bottom: 1rem;
+  width: 100%;
+  padding: 0.5rem;
+}
+
+button, .button {
+  display: flex;
+  overflow: hidden;
+  padding: 12px 12px;
+  cursor: pointer;
+  width: 100%;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  -ms-user-select: none;
+  user-select: none;
+  transition: all 150ms linear;
+  text-align: center;
+  white-space: nowrap;
+  text-decoration: none !important;
+  text-transform: none;
+  text-transform: capitalize;
+  color: #fff !important;
+  border: 0 none;
+  border-radius: 4px;
+  font-size: 13px;
+  font-weight: 500;
+  line-height: 1.3;
+  -webkit-appearance: none;
+  -moz-appearance: none;
+  appearance: none;
+  justify-content: center;
+  align-items: center;
+  flex: 0 0 160px;
+  box-shadow: 2px 5px 10px #e4e4e4;
+  color: #FFFFFF;
+  background: #161616;
+}
+
+#dropzone {
+  width: 100%;
+  height: 30vh;
+  background-color: #ebebeb;
+
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  text-align: center;
+
+  cursor: pointer;
+}
+
+#dropzone p {
+  font-size: 0.85rem;
+}
+
+#files {
+  display: none;
+}
+
+.alert {
+  background-color: #e7a8a6;
+  padding: 0.8rem;
+  margin-bottom: 1rem;
+}
+
+td {
+  word-break: break-all;
+}
\ No newline at end of file
diff --git a/resources/views/dashboard/account.edge b/resources/views/dashboard/account.edge
new file mode 100644
index 0000000..0361fa4
--- /dev/null
+++ b/resources/views/dashboard/account.edge
@@ -0,0 +1,63 @@
+@layout('layouts.main')
+
+@section('content')
+<h2>Your Ferdi account</h2>
+@if(flashMessage('error'))
+    <div class="alert">
+        {{ flashMessage('error') }} 
+    </div>
+@endif
+@if(old('message'))
+    <div class="alert">
+        {{ old('message') }}
+    </div>
+@endif
+@if(flashMessage('notification'))
+    <div class="alert">
+        {{ flashMessage('notification.message') }}
+    </div>
+@endif
+@if(success === true)
+    <div class="alert" style="background-color:#28C76F;">
+        Sucessfully updated your user account
+    </div>
+@endif
+
+<form action="/user/account" method="POST">
+    {{ csrfField() }}
+    <div>
+        <label>Name</label>
+        <div>
+            <input type="text" value="{{ old('name', username) }}" placeholder="Name" name="username" required>
+        </div>
+    </div>
+    <div>
+        <label>E-Mail</label>
+        <div>
+            <input type="email" value="{{ old('email', email) }}" placeholder="E-Mail" name="email" required>
+        </div>
+    </div>
+    <div>
+        <label>Password</label>
+        <div>
+            <input type="password" placeholder="*********" name="password">
+        </div>
+    </div>
+    <div>
+        <button style="background-color:#28C76F;margin-bottom:1rem;">Change settings</button>
+    </div>
+</form>
+
+<div>
+    <a class="button" href="/user/delete" style="background-color:#F6416C;margin-bottom:1rem;">Delete my account</a>
+</div>
+<div>
+    <a class="button" href="/user/data" style="margin-bottom:1rem;">My account data</a>
+</div>
+<div>
+    <a class="button" href="/user/logout">Logout</a>
+</div>
+
+</div>
+
+@endsection
\ No newline at end of file
diff --git a/resources/views/dashboard/data.edge b/resources/views/dashboard/data.edge
new file mode 100644
index 0000000..1935229
--- /dev/null
+++ b/resources/views/dashboard/data.edge
@@ -0,0 +1,167 @@
+@layout('layouts.main')
+
+@section('content')
+<h2>Your Ferdi account data</h2>
+@if(flashMessage('error'))
+    <div class="alert">
+        {{ flashMessage('error') }} 
+    </div>
+@endif
+@if(old('message'))
+    <div class="alert">
+        {{ old('message') }}
+    </div>
+@endif
+
+<h4>General account data</h4>
+<table>
+    <tr>
+        <th>
+            Name
+        </th>
+        <th>
+            Value
+        </th>
+    </tr>
+    <tr>
+        <td>
+            E-Mail
+        </td>
+        <td>
+            {{ mail }}
+        </td>
+    </tr>
+    <tr>
+        <td>
+            Username
+        </td>
+        <td>
+            {{ username }}
+        </td>
+    </tr>
+    <tr>
+        <td>
+            Created account on
+        </td>
+        <td>
+            {{ created }}
+        </td>
+    </tr>
+    <tr>
+        <td>
+            Last account update on
+        </td>
+        <td>
+            {{ updated }}
+        </td>
+    </tr>
+</table>
+
+<h4>Your services</h4>
+<table>
+    <tr>
+        <th>
+            Service ID
+        </th>
+        <th>
+            Name
+        </th>
+        <th>
+            Recipe ID
+        </th>
+        <th>
+            Settings
+        </th>
+        <th>
+            Created
+        </th>
+        <th>
+            Last updated
+        </th>
+    </tr>
+
+    @each(service in services)
+      <tr>
+          <td>
+              {{ service.serviceId }}
+          </td>
+          <td>
+              {{ service.name }}
+          </td>
+          <td>
+              {{ service.recipeId }}
+          </td>
+          <td>
+              {{ service.settings }}
+          </td>
+          <td>
+              {{ service.created_at }}
+          </td>
+          <td>
+              {{ service.updated_at }}
+          </td>
+      </tr>
+    @endeach
+</table>
+
+
+<h4>Your workspaces</h4>
+<table>
+    <tr>
+        <th>
+            Service ID
+        </th>
+        <th>
+            Name
+        </th>
+        <th>
+            Order
+        </th>
+        <th>
+            Services
+        </th>
+        <th>
+            Data
+        </th>
+        <th>
+            Created
+        </th>
+        <th>
+            Last updated
+        </th>
+    </tr>
+
+    @each(workspace in workspaces)
+      <tr>
+          <td>
+              {{ workspace.workspaceId }}
+          </td>
+          <td>
+              {{ workspace.name }}
+          </td>
+          <td>
+              {{ workspace.order }}
+          </td>
+          <td>
+              {{ workspace.services }}
+          </td>
+          <td>
+              {{ workspace.data }}
+          </td>
+          <td>
+              {{ workspace.created_at }}
+          </td>
+          <td>
+              {{ workspace.updated_at }}
+          </td>
+      </tr>
+    @endeach
+</table>
+
+<div>
+    <a class="button" href="/user/account">Back to my account</a>
+</div>
+
+</div>
+
+@endsection
\ No newline at end of file
diff --git a/resources/views/dashboard/delete.edge b/resources/views/dashboard/delete.edge
new file mode 100644
index 0000000..d3fc0df
--- /dev/null
+++ b/resources/views/dashboard/delete.edge
@@ -0,0 +1,31 @@
+@layout('layouts.main')
+
+@section('content')
+<h2>Delete Ferdi account</h2>
+@if(flashMessage('error'))
+    <div class="alert">
+        {{ flashMessage('error') }} 
+    </div>
+@endif
+@if(old('message'))
+    <div class="alert">
+        {{ old('message') }}
+    </div>
+@endif
+
+<form action="/user/delete" method="POST">
+    <p>Are you sure, that you want to delete your Ferdi account?</p>
+    <p>This will <b>permanently</b> delete all your account settings, services and workspaces.</p>
+    <div>
+        {{ csrfField() }}
+        <button style="background-color:#F6416C;margin-bottom:1rem;">Yes, delete account</button>
+    </div>
+</form>
+
+<div>
+    <a class="button" href="/user/account" style="background-color:#28C76F;">Cancel</a>
+</div>
+
+</div>
+
+@endsection
\ No newline at end of file
diff --git a/resources/views/dashboard/login.edge b/resources/views/dashboard/login.edge
new file mode 100644
index 0000000..58e97ba
--- /dev/null
+++ b/resources/views/dashboard/login.edge
@@ -0,0 +1,42 @@
+@layout('layouts.main')
+
+@section('content')
+<h2>Login</h2>
+@if(flashMessage('error'))
+    <div class="alert">
+        {{ flashMessage('error') }} 
+    </div>
+@endif
+@if(old('message'))
+    <div class="alert">
+        {{ old('message') }}
+    </div>
+@endif
+<form action="/user/login" method="POST">
+    {{ csrfField() }}
+    <div>
+        <label>E-Mail</label>
+        <div>
+            <input type="email" value="{{ old('mail', '') }}" placeholder="E-Mail" name="mail">
+        </div>
+    </div>
+    <div>
+        <label>Password</label>
+        <div>
+            <input type="password" placeholder="*********" name="password">
+        </div>
+    </div>
+    <div>
+        <button>Login</button>
+        By logging in, you accept the <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy policy</a>.
+
+    </div>
+    <div>
+        <p>Not a member yet? Register in the Ferdi app or <a href="../import">import your Franz account</a>.</p>
+    </div>
+</form>
+<br />
+
+</div>
+
+@endsection
\ No newline at end of file
diff --git a/resources/views/layouts/main.edge b/resources/views/layouts/main.edge
new file mode 100644
index 0000000..b6cc8ca
--- /dev/null
+++ b/resources/views/layouts/main.edge
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="ie=edge">
+  <title>ferdi-server</title>
+
+  {{ style('css/vanilla') }}
+  {{ style('css/main') }}
+</head>
+
+<body>
+    @!section('content')
+</body>
+
+</html>
diff --git a/start/app.js b/start/app.js
index 0c32499..9cf2735 100644
--- a/start/app.js
+++ b/start/app.js
@@ -18,6 +18,9 @@ const providers = [
   '@adonisjs/lucid/providers/LucidProvider',
   '@adonisjs/drive/providers/DriveProvider',
   '@adonisjs/validator/providers/ValidatorProvider',
+  '@adonisjs/framework/providers/ViewProvider',
+  '@adonisjs/session/providers/SessionProvider',
+  '@adonisjs/shield/providers/ShieldProvider',
 ]
 
 /*
diff --git a/start/kernel.js b/start/kernel.js
index 3c2d26d..18fb5bf 100644
--- a/start/kernel.js
+++ b/start/kernel.js
@@ -15,7 +15,8 @@ const Server = use('Server')
 const globalMiddleware = [
   'Adonis/Middleware/BodyParser',
   'App/Middleware/ConvertEmptyStringsToNull',
-  'Adonis/Middleware/AuthInit'
+  'Adonis/Middleware/AuthInit',
+  'Adonis/Middleware/Session',
 ]
 
 /*
@@ -37,7 +38,8 @@ const globalMiddleware = [
 */
 const namedMiddleware = {
   auth: 'Adonis/Middleware/Auth',
-  guest: 'Adonis/Middleware/AllowGuestOnly'
+  guest: 'Adonis/Middleware/AllowGuestOnly',
+  shield: 'Adonis/Middleware/Shield',
 }
 
 /*
diff --git a/start/routes.js b/start/routes.js
index 52f26b9..364eff9 100644
--- a/start/routes.js
+++ b/start/routes.js
@@ -60,7 +60,26 @@ Route.group(() => {
   Route.get('announcements/:version', 'StaticController.announcement')
 }).prefix('v1')
 
-// Dashboard
+// User dashboard
+Route.group(() => {
+  // Auth
+  Route.get('login', ({view}) => {
+    return view.render('dashboard.login');
+  }).middleware('guest');
+  Route.post('login', 'DashboardController.login').middleware('guest')
+
+  // Dashboard
+  Route.get('account', 'DashboardController.account').middleware('auth:session')
+  Route.post('account', 'DashboardController.edit').middleware('auth:session')
+  Route.get('data', 'DashboardController.data').middleware('auth:session')
+  Route.get('delete', ({view}) => {
+    return view.render('dashboard.delete');
+  }).middleware('auth:session');
+  Route.post('delete', 'DashboardController.delete').middleware('auth:session')
+  Route.get('logout', 'DashboardController.logout').middleware('auth:session')
+}).prefix('user').middleware('shield')
+
+// Recipe creation
 Route.post('new', 'RecipeController.create')
 Route.get('new', ({ response }) => {
   if (Env.get('IS_CREATION_ENABLED') == 'false') {
@@ -69,6 +88,8 @@ Route.get('new', ({ response }) => {
     return response.redirect('/new.html')
   }
 })
+
+// Franz account import
 Route.post('import', 'UserController.import')
 Route.get('import', ({ response }) => response.redirect('/import.html'))