From 5a595ab9f38d19ff6a8c72f43149fb56fddf6b94 Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Thu, 28 Aug 2025 11:49:53 -0400
Subject: [PATCH 01/10] replace testify with should

---
 database/database_test.go |   8 +-
 database/project_test.go  |  15 ++-
 go.mod                    |   7 +-
 go.sum                    |   2 +
 projects_test.go          | 105 +++++++++++----------
 reports_test.go           |  44 ++++-----
 user_test.go              | 192 +++++++++++++++++++-------------------
 7 files changed, 184 insertions(+), 189 deletions(-)

diff --git a/database/database_test.go b/database/database_test.go
index 800dfdb..a90bfe4 100644
--- a/database/database_test.go
+++ b/database/database_test.go
@@ -4,15 +4,15 @@ import (
 	"os"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/Kairum-Labs/should"
 )
 
 func TestMain(m *testing.M) {
-	//main.setLogging()
+	// main.setLogging()
 	os.Setenv("DB_FILE", "test.db") //nolint:errcheck
 	_ = InitializeDatabase()
 	defer Close()
-	//main.checkDefaultUser()
+	// main.checkDefaultUser()
 	os.Exit(m.Run())
 }
 
@@ -23,6 +23,6 @@ func TestCloseDB(t *testing.T) {
 	t.Run("closed", func(t *testing.T) {
 		Close()
 		err := InitializeDatabase()
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 	})
 }
diff --git a/database/project_test.go b/database/project_test.go
index 39ac04a..5cff0a5 100644
--- a/database/project_test.go
+++ b/database/project_test.go
@@ -4,9 +4,9 @@ import (
 	"testing"
 	"time"
 
+	"github.com/Kairum-Labs/should"
 	"github.com/devilcove/timetraced/models"
 	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestSaveProject(t *testing.T) {
@@ -16,7 +16,7 @@ func TestSaveProject(t *testing.T) {
 		Active: true,
 	}
 	err := SaveProject(&p)
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 }
 
 func TestGetProject(t *testing.T) {
@@ -26,16 +26,15 @@ func TestGetProject(t *testing.T) {
 		Active:  true,
 		Updated: time.Now(),
 	})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	t.Run("exists", func(t *testing.T) {
 		project, err := GetProject("test")
-		assert.Nil(t, err)
-		assert.Equal(t, "test", project.Name)
+		should.BeNil(t, err)
+		should.BeEqual(t, project.Name, "test")
 	})
 	t.Run("missing", func(t *testing.T) {
 		project, err := GetProject("test2")
-		assert.NotNil(t, err)
-		assert.Equal(t, models.Project{}, project)
+		should.NotBeNil(t, err)
+		should.BeEqual(t, project, models.Project{})
 	})
-
 }
diff --git a/go.mod b/go.mod
index 10c55f0..5c2d057 100644
--- a/go.mod
+++ b/go.mod
@@ -2,14 +2,12 @@ module github.com/devilcove/timetraced
 
 go 1.23.0
 
-toolchain go1.24.1
-
 require (
+	github.com/Kairum-Labs/should v0.1.0
 	github.com/gin-contrib/sessions v1.0.4
 	github.com/gin-gonic/gin v1.10.1
 	github.com/google/uuid v1.6.0
 	github.com/joho/godotenv v1.5.1
-	github.com/stretchr/testify v1.11.0
 	go.etcd.io/bbolt v1.4.3
 	golang.org/x/crypto v0.41.0
 )
@@ -20,7 +18,6 @@ require (
 	github.com/bytedance/sonic v1.13.2 // indirect
 	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/cloudwego/base64x v0.1.5 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/gin-contrib/sse v1.0.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
@@ -38,7 +35,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/testify v1.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	golang.org/x/arch v0.16.0 // indirect
diff --git a/go.sum b/go.sum
index b5c96c2..9a5ac74 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,5 @@
+github.com/Kairum-Labs/should v0.1.0 h1:7CpOfhWX7yIwMbUwUdCmtKC/UJaNt2YyKbFn8dvMrdk=
+github.com/Kairum-Labs/should v0.1.0/go.mod h1:vP/ASEjUAKoWy/M7uIrAXq69p7/IUWOpEe5R+q/+K34=
 github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
 github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
diff --git a/projects_test.go b/projects_test.go
index c26ccc0..a4edf02 100644
--- a/projects_test.go
+++ b/projects_test.go
@@ -9,186 +9,185 @@ import (
 	"testing"
 	"time"
 
+	"github.com/Kairum-Labs/should"
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
 	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestAddProject(t *testing.T) {
 	deleteAllProjects()
 	err := createTestUser(models.User{Username: "admin", Password: "password", IsAdmin: true})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 
 	t.Run("new project", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		project := models.Project{
 			Name: "test",
 		}
 		payload, err := json.Marshal(&project)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		t.Log(string(payload))
 		req, err := http.NewRequest(http.MethodPost, "/projects", bytes.NewBuffer(payload))
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req.AddCookie(cookie)
 		req.Header.Set("Content-Type", "application/json")
 		b, err := io.ReadAll(req.Body)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		t.Log(string(b))
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		t.Log(string(body))
-		assert.Contains(t, string(body), "")
+		should.ContainSubstring(t, string(body), "")
 	})
 
 	t.Run("invalid data", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodPost, "/projects", nil)
 		req.AddCookie(cookie)
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "could not decode request")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "could not decode request")
 	})
 
 	t.Run("invalid data2", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		payload, err := json.Marshal(models.Project{
 			Name: "test name",
 		})
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req, _ := http.NewRequest(http.MethodPost, "/projects", bytes.NewBuffer(payload))
 		req.AddCookie(cookie)
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "invalid project name")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "invalid project name")
 	})
 
 	t.Run("project exists", func(t *testing.T) {
 		createTestProjects()
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		payload, err := json.Marshal(models.Project{
 			Name: "test",
 		})
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req, _ := http.NewRequest(http.MethodPost, "/projects", bytes.NewBuffer(payload))
 		req.AddCookie(cookie)
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "project exists")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "project exists")
 	})
-
 }
 
 func TestGetProjects(t *testing.T) {
 	deleteAllProjects()
 	createTestProjects()
 	err := createTestUser(models.User{Username: "test", Password: "test", IsAdmin: false})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 
 	t.Run("existing project", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "test", Password: "test"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodGet, "/projects/test", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		msg := models.Project{}
 		err = json.Unmarshal(body, &msg)
-		assert.Nil(t, err)
-		assert.Equal(t, "test", msg.Name)
+		should.BeNil(t, err)
+		should.BeEqual(t, msg.Name, "test")
 	})
 
 	t.Run("wrong project", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodGet, "/projects/missing", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "could not retrieve project no such project")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "could not retrieve project no such project")
 	})
 
 	t.Run("get all", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodGet, "/projects", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		msg := []models.Project{}
 		err = json.Unmarshal(body, &msg)
-		assert.Nil(t, err)
-		assert.Equal(t, 5, len(msg))
+		should.BeNil(t, err)
+		should.BeEqual(t, len(msg), 5)
 	})
 	t.Run("get all when empty", func(t *testing.T) {
 		deleteAllProjects()
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodGet, "/projects", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		msg := []models.StatusResponse{}
 		err = json.Unmarshal(body, &msg)
-		assert.Nil(t, err)
-		assert.Equal(t, 0, len(msg))
+		should.BeNil(t, err)
+		should.BeEqual(t, len(msg), 0)
 	})
 }
 
 func TestGetStatus(t *testing.T) {
 	createTestRecords()
 	err := createTestUser(models.User{Username: "test", Password: "test", IsAdmin: false})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	cookie := testLogin(models.User{Username: "test", Password: "test"})
-	assert.NotNil(t, cookie)
+	should.NotBeNil(t, cookie)
 
 	w := httptest.NewRecorder()
 	req, _ := http.NewRequest(http.MethodGet, "/projects/status", nil)
 	req.AddCookie(cookie)
 	router.ServeHTTP(w, req)
-	assert.Equal(t, http.StatusOK, w.Code)
+	should.BeEqual(t, w.Code, http.StatusOK)
 	body, err := io.ReadAll(w.Result().Body)
-	assert.Nil(t, err)
-	assert.Contains(t, string(body), "<b>Current Project: </b>")
+	should.BeNil(t, err)
+	should.ContainSubstring(t, string(body), "<b>Current Project: </b>")
 }
 
 func TestStartStopProject(t *testing.T) {
@@ -196,16 +195,16 @@ func TestStartStopProject(t *testing.T) {
 	createTestProjects()
 	t.Run("non-existent Project", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodPost, "/projects/junk/start", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusInternalServerError, w.Code)
+		should.BeEqual(t, w.Code, http.StatusInternalServerError)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "no such project")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "no such project")
 	})
 }
 
diff --git a/reports_test.go b/reports_test.go
index 77dd843..a6a3f4f 100644
--- a/reports_test.go
+++ b/reports_test.go
@@ -6,35 +6,34 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 	"time"
 
+	"github.com/Kairum-Labs/should"
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
 	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestGetReport(t *testing.T) {
 	deleteAllUsers()
 	deleteAllRecords()
 	err := createTestUser(models.User{Username: "test", Password: "testing"})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	cookie := testLogin(models.User{Username: "test", Password: "testing"})
-	assert.NotNil(t, cookie)
+	should.NotBeNil(t, cookie)
 	t.Run("no request", func(t *testing.T) {
-
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodPost, "/reports", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
-		assert.Contains(t, string(body), "could not decode request")
+		should.BeNil(t, err)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
+		should.ContainSubstring(t, string(body), "could not decode request")
 	})
 	t.Run("no records", func(t *testing.T) {
-
 		w := httptest.NewRecorder()
 		request := models.ReportRequest{
 			Start:   time.Now().Add(-24 * time.Hour).Format("2006-01-02"),
@@ -42,20 +41,22 @@ func TestGetReport(t *testing.T) {
 			Project: "nilProject",
 		}
 		payload, err := json.Marshal(&request)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req, _ := http.NewRequest(http.MethodPost, "/reports", bytes.NewBuffer(payload))
 		req.AddCookie(cookie)
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Equal(t, http.StatusOK, w.Code)
-		assert.NotContains(t, string(body), "<tr>")
+		should.BeNil(t, err)
+		should.BeEqual(t, w.Code, http.StatusOK)
+		// should.NotContainSubstring(t, string(body), "<tr>")
+		if strings.Contains(string(body), "<tr>") {
+			t.Fail()
+		}
 	})
 
 	t.Run("one user/one project", func(t *testing.T) {
 		createTestRecords()
-
 		w := httptest.NewRecorder()
 		data := models.ReportRequest{
 			Start:   time.Now().Add(-24 * time.Hour).Format("2006-01-02"),
@@ -63,15 +64,15 @@ func TestGetReport(t *testing.T) {
 			Project: "timetrace",
 		}
 		payload, err := json.Marshal(data)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req, _ := http.NewRequest(http.MethodPost, "/reports", bytes.NewBuffer(payload))
 		req.AddCookie(cookie)
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
 		body, _ := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Equal(t, http.StatusOK, w.Code)
-		assert.Contains(t, string(body), "<h2>Project timetrace")
+		should.BeNil(t, err)
+		should.BeEqual(t, w.Code, http.StatusOK)
+		should.ContainSubstring(t, string(body), "<h2>Project timetrace")
 	})
 
 	t.Run("all records", func(t *testing.T) {
@@ -85,17 +86,16 @@ func TestGetReport(t *testing.T) {
 			Project: "",
 		}
 		payload, err := json.Marshal(data)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req, _ := http.NewRequest(http.MethodPost, "/reports", bytes.NewBuffer(payload))
 		req.Header.Set("Content-Type", "application/json")
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Equal(t, http.StatusOK, w.Code)
-		assert.Contains(t, string(body), "<button hx-get=\"/records")
+		should.BeNil(t, err)
+		should.BeEqual(t, w.Code, http.StatusOK)
+		should.ContainSubstring(t, string(body), "<button hx-get=\"/records")
 	})
-
 }
 
 func createTestRecords() {
diff --git a/user_test.go b/user_test.go
index 9f671ef..3c61a10 100644
--- a/user_test.go
+++ b/user_test.go
@@ -9,10 +9,10 @@ import (
 	"os"
 	"testing"
 
+	"github.com/Kairum-Labs/should"
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
 	"github.com/gin-gonic/gin"
-	"github.com/stretchr/testify/assert"
 )
 
 var (
@@ -33,45 +33,45 @@ func TestMain(m *testing.M) {
 
 func TestDisplayLogin(t *testing.T) {
 	req, err := http.NewRequest(http.MethodGet, "/", nil)
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	router.ServeHTTP(w, req)
-	assert.Equal(t, http.StatusOK, w.Code)
+	should.BeEqual(t, w.Code, http.StatusOK)
 }
 
 func TestRegister(t *testing.T) {
 	req, err := http.NewRequest(http.MethodGet, "/register", nil)
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	router.ServeHTTP(w, req)
-	assert.Equal(t, http.StatusOK, w.Code)
+	should.BeEqual(t, w.Code, http.StatusOK)
 	t.Run("existing", func(t *testing.T) {
 		err := createTestUser(models.User{Username: "tester", Password: "testing"})
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		w := httptest.NewRecorder()
 		user := models.User{Username: "tester", Password: "testing"}
 		payload, err := json.Marshal(&user)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req, err := http.NewRequest(http.MethodPost, "/register", bytes.NewBuffer(payload))
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "user exists")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "user exists")
 	})
 	t.Run("new", func(t *testing.T) {
 		w := httptest.NewRecorder()
 		user := models.User{Username: "tester3", Password: ""}
 		payload, err := json.Marshal(&user)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req, err := http.NewRequest(http.MethodPost, "/register", bytes.NewBuffer(payload))
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "password cannot be blank")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "password cannot be blank")
 	})
 }
 
@@ -87,14 +87,14 @@ func TestAdminLogin(t *testing.T) {
 	req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(body))
 	req.Header.Set("Content-Type", "application/json")
 	router.ServeHTTP(w, req)
-	assert.Equal(t, http.StatusOK, w.Code)
-	assert.NotNil(t, w.Result().Cookies())
+	should.BeEqual(t, w.Code, http.StatusOK)
+	should.NotBeNil(t, w.Result().Cookies())
 }
 
 func TestNonAdminLogin(t *testing.T) {
 	deleteAllUsers()
 	err := createTestUser(models.User{Username: "tester", Password: "testing", IsAdmin: false})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	w := httptest.NewRecorder()
 	data := models.User{
 		Username: "tester",
@@ -104,10 +104,10 @@ func TestNonAdminLogin(t *testing.T) {
 	req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(body))
 	router.ServeHTTP(w, req)
 	response, err := io.ReadAll(w.Result().Body)
-	assert.Nil(t, err)
-	assert.Contains(t, string(response), "invalid user")
-	assert.Equal(t, http.StatusBadRequest, w.Code)
-	assert.NotNil(t, w.Result().Cookies())
+	should.BeNil(t, err)
+	should.ContainSubstring(t, string(response), "invalid user")
+	should.BeEqual(t, w.Code, http.StatusBadRequest)
+	should.NotBeNil(t, w.Result().Cookies())
 }
 
 func TestBadLogin(t *testing.T) {
@@ -123,18 +123,18 @@ func TestBadLogin(t *testing.T) {
 		body, _ := json.Marshal(data)
 		req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(body))
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
-		assert.Equal(t, []*http.Cookie{}, w.Result().Cookies())
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
+		should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
 		response, err := io.ReadAll(w.Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(response), "invalid user")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(response), "invalid user")
 	})
 	t.Run("invalid data", func(t *testing.T) {
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodPost, "/login", nil)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
-		assert.Equal(t, []*http.Cookie{}, w.Result().Cookies())
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
+		should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
 	})
 	t.Run("invalid user", func(t *testing.T) {
 		w := httptest.NewRecorder()
@@ -142,11 +142,10 @@ func TestBadLogin(t *testing.T) {
 		payload, _ := json.Marshal(data)
 		req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(payload))
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
-		assert.Equal(t, []*http.Cookie{}, w.Result().Cookies())
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
+		should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
 		body, _ := io.ReadAll(w.Result().Body)
-		assert.Contains(t, string(body), "invalid user")
-
+		should.ContainSubstring(t, string(body), "invalid user")
 	})
 }
 
@@ -154,8 +153,8 @@ func TestLogout(t *testing.T) {
 	w := httptest.NewRecorder()
 	req, _ := http.NewRequest(http.MethodGet, "/logout", nil)
 	router.ServeHTTP(w, req)
-	assert.Equal(t, http.StatusOK, w.Code)
-	assert.Equal(t, []*http.Cookie{}, w.Result().Cookies())
+	should.BeEqual(t, w.Code, http.StatusOK)
+	should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
 }
 
 func TestGetAllUsers(t *testing.T) {
@@ -163,126 +162,127 @@ func TestGetAllUsers(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
 		w := httptest.NewRecorder()
 		req, err := http.NewRequest(http.MethodGet, "/users", nil)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 		body, err := io.ReadAll(w.Result().Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "<td>Admin</td>")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "<td>Admin</td>")
 	})
 }
 
 func TestDeleteUser(t *testing.T) {
 	deleteAllUsers()
 	err := createTestUser(models.User{Username: "tester", Password: "testing", IsAdmin: false})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	err = createTestUser(models.User{Username: "tester2", Password: "testing", IsAdmin: false})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	t.Run("non-admin delete", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodDelete, "/users/tester2", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusUnauthorized, w.Code)
+		should.BeEqual(t, w.Code, http.StatusUnauthorized)
 		body, err := io.ReadAll(w.Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(body), "not authorized to delete this user")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "not authorized to delete this user")
 	})
 	t.Run("admin delete", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodDelete, "/users/tester", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusNoContent, w.Code)
+		should.BeEqual(t, w.Code, http.StatusNoContent)
 	})
 	t.Run("delete non-existent user", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodDelete, "/users/tester", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		response, err := io.ReadAll(w.Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(response), "user does not exist")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(response), "user does not exist")
 	})
 }
+
 func TestEditUser(t *testing.T) {
 	deleteAllUsers()
 	err := createTestUser(models.User{Username: "tester", Password: "testing", IsAdmin: false})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 	err = createTestUser(models.User{Username: "tester2", Password: "testing", IsAdmin: false})
-	assert.Nil(t, err)
+	should.BeNil(t, err)
 
 	t.Run("adminGetUser", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		req, err := http.NewRequest(http.MethodGet, "/users/tester", nil)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 	})
 
 	t.Run("GetSelf", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		req, err := http.NewRequest(http.MethodGet, "/users/tester", nil)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 	})
 
 	t.Run("GetOther", func(t *testing.T) {
 		w := httptest.NewRecorder()
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		req, err := http.NewRequest(http.MethodGet, "/users/tester2", nil)
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		response, err := io.ReadAll(w.Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(response), "non-admin cannot edit other users")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(response), "non-admin cannot edit other users")
 	})
 
 	t.Run("edit other user by non-admin", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
 		body, _ := json.Marshal(models.User{Username: "tester2", Password: "newPassword"})
 		req, _ := http.NewRequest(http.MethodPost, "/users/tester2", bytes.NewBuffer(body))
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusUnauthorized, w.Code)
+		should.BeEqual(t, w.Code, http.StatusUnauthorized)
 		response, err := io.ReadAll(w.Body)
-		assert.Nil(t, err)
-		assert.Contains(t, string(response), "not authorized to edit this user")
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(response), "not authorized to edit this user")
 	})
 	t.Run("edit user by admin", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
 		body, _ := json.Marshal(models.User{Username: "tester2", Password: "newPassword"})
 		req, _ := http.NewRequest(http.MethodPost, "/users/tester2", bytes.NewBuffer(body))
 		req.Header.Set("Content-Type", "application/json")
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 		cookie = testLogin(models.User{Username: "tester2", Password: "newPassword"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 	})
 	t.Run("edit user by self", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		body, _ := json.Marshal(models.User{Username: "tester", Password: "newPassword"})
@@ -290,51 +290,51 @@ func TestEditUser(t *testing.T) {
 		req.Header.Set("Content-Type", "application/json")
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusOK, w.Code)
+		should.BeEqual(t, w.Code, http.StatusOK)
 		cookie = testLogin(models.User{Username: "tester", Password: "newPassword"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 	})
 	t.Run("incomplete data", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		req, _ := http.NewRequest(http.MethodPost, "/users/tester", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, _ := io.ReadAll(w.Result().Body)
-		assert.Contains(t, string(body), "could not decode request into json")
+		should.ContainSubstring(t, string(body), "could not decode request into json")
 	})
 	t.Run("user does not exist", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		payload, _ := json.Marshal(models.User{Username: "nosuchuser", Password: "newPassword"})
 		req, _ := http.NewRequest(http.MethodPost, "/users/nosuchuser", bytes.NewBuffer(payload))
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, _ := io.ReadAll(w.Result().Body)
-		assert.Contains(t, string(body), "user does not exist")
+		should.ContainSubstring(t, string(body), "user does not exist")
 	})
-
 }
+
 func TestAddUser(t *testing.T) {
 	deleteAllUsers()
 	t.Run("add user by admin", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		body, _ := json.Marshal(models.User{Username: "new", Password: "newPassword"})
 		req, _ := http.NewRequest(http.MethodPost, "/users", bytes.NewBuffer(body))
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		if assert.Equal(t, http.StatusNoContent, w.Code) {
+		if w.Code == http.StatusNoContent {
 			cookie = testLogin(models.User{Username: "new", Password: "newPassword"})
-			assert.NotNil(t, cookie)
+			should.NotBeNil(t, cookie)
 		} else {
 			body, _ := io.ReadAll(w.Result().Body)
 			t.Log(w.Code, string(body))
@@ -342,52 +342,50 @@ func TestAddUser(t *testing.T) {
 	})
 	t.Run("add user by non-admin", func(t *testing.T) {
 		err := createTestUser(models.User{Username: "tester", Password: "newPassword"})
-		assert.Nil(t, err)
+		should.BeNil(t, err)
 		cookie := testLogin(models.User{Username: "tester", Password: "newPassword"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		body, _ := json.Marshal(models.User{Username: "new", Password: "newPassword"})
 		req, _ := http.NewRequest(http.MethodPost, "/users", bytes.NewBuffer(body))
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusUnauthorized, w.Code)
+		should.BeEqual(t, w.Code, http.StatusUnauthorized)
 		body, _ = io.ReadAll(w.Body)
-		assert.Contains(t, string(body), "only admins can create new users")
+		should.ContainSubstring(t, string(body), "only admins can create new users")
 	})
 
 	t.Run("empty password", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
 		body, _ := json.Marshal(models.User{Username: "emptypass", Password: ""})
 		req, _ := http.NewRequest(http.MethodPost, "/users", bytes.NewBuffer(body))
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, _ = io.ReadAll(w.Result().Body)
-		assert.Contains(t, string(body), "username or password cannot be blank")
+		should.ContainSubstring(t, string(body), "username or password cannot be blank")
 	})
 
 	t.Run("incomplete data", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		assert.NotNil(t, cookie)
+		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
-		//body, _ := json.Marshal(struct{ InvaildData string }{InvaildData: "emptypass"})
+		// body, _ := json.Marshal(struct{ InvaildData string }{InvaildData: "emptypass"})
 		req, _ := http.NewRequest(http.MethodPost, "/users", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, _ := io.ReadAll(w.Result().Body)
-		assert.Contains(t, string(body), "could not decode request into json")
+		should.ContainSubstring(t, string(body), "could not decode request into json")
 	})
-
 }
 
 func testLogin(data models.User) *http.Cookie {
-
 	w := httptest.NewRecorder()
 	body, _ := json.Marshal(data)
 	req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(body))

From 9b71c7b443f1963f100dc162f536143ddbd0e873 Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Thu, 28 Aug 2025 18:01:03 -0400
Subject: [PATCH 02/10] lint changes

---
 .golangci.yml             | 51 +++++++++++++++++++++++++++++++++++++++
 database/database.go      | 29 +++++++++-------------
 database/database_test.go |  2 +-
 database/doc.go           |  6 +++++
 database/project.go       | 15 ++++++++----
 database/record.go        | 35 +++++++++++++++++----------
 database/user.go          | 14 +++++++----
 main.go                   | 20 ++++++++-------
 models/config.go          |  7 +++---
 models/doc.go             |  6 +++++
 models/errors.go          |  2 ++
 models/page.go            |  8 +++++-
 models/project.go         |  6 +++++
 models/record.go          | 16 +++++++++---
 models/reports.go         | 10 +++++---
 models/user.go            |  5 ++--
 projects.go               | 14 +++++------
 records.go                |  6 ++---
 reports.go                |  5 ++--
 router.go                 |  7 +++---
 user_test.go              |  2 +-
 users.go                  |  2 +-
 22 files changed, 185 insertions(+), 83 deletions(-)
 create mode 100644 .golangci.yml
 create mode 100644 database/doc.go
 create mode 100644 models/doc.go

diff --git a/.golangci.yml b/.golangci.yml
new file mode 100644
index 0000000..5b6697f
--- /dev/null
+++ b/.golangci.yml
@@ -0,0 +1,51 @@
+version: "2"
+run:
+  timeout: 5m
+linters:
+  default: all
+  disable:
+    - depguard
+    - err113
+    - exhaustruct
+    - forbidigo
+    - forcetypeassert
+    - gochecknoglobals
+    - gochecknoinits
+    - mnd
+    - musttag
+    - nlreturn
+    - noctx
+    - noinlineerr
+    - paralleltest
+    - testpackage
+    - wrapcheck
+    - wsl
+    - wsl_v5
+  settings:
+    gosmopolitan:
+      allow-time-local: true
+    varnamelen:
+      max-distance: 15
+      ignore-decls:
+        - c *gin.Context
+        - db *bbolt.DB
+        - w *httptest.ResponseRecorder
+  exclusions:
+    generated: lax
+    paths:
+      - _test\.go
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
diff --git a/database/database.go b/database/database.go
index 221fc86..e25cfb9 100644
--- a/database/database.go
+++ b/database/database.go
@@ -9,40 +9,33 @@ import (
 )
 
 const (
-	// table names
-	USERS_TABLE_NAME   = "users"
-	PROJECT_TABLE_NAME = "projects"
-	RECORDS_TABLE_NAME = "records"
-	// sql verbs
-	INIT_DB      = "init"
-	CREATE_TABLE = "createtable"
-	INSERT       = "insert"
-	DELETE       = "delete"
-	DELETE_ALL   = "deleteall"
-	FETCH        = "fetch"
-	CLOSE_DB     = "close"
-	// errors
-	NO_RECORDS = "no results found"
+	// table names.
+	userTableName    = "users"
+	projectTableName = "projects"
+	recordsTableName = "records"
 )
 
 var (
+	// ErrNoResults is returned when a db record does not exist in db.
 	ErrNoResults = errors.New("no results found")
 	db           *bbolt.DB
 )
 
+// InitializeDatabase opens (creates if it does not exist) the db and creates any non-exitent tables.
 func InitializeDatabase() error {
 	var err error
 	file := os.Getenv("DB_FILE")
 	if file == "" {
 		file = "time.db"
 	}
-	db, err = bbolt.Open(file, 0666, &bbolt.Options{Timeout: 1 * time.Second})
+	db, err = bbolt.Open(file, 0o666, &bbolt.Options{Timeout: 1 * time.Second})
 	if err != nil {
 		return err
 	}
 	return createTables()
 }
 
+// Close closes the db file.
 func Close() {
 	if err := db.Close(); err != nil {
 		panic(err)
@@ -50,13 +43,13 @@ func Close() {
 }
 
 func createTables() error {
-	if err := createTable(USERS_TABLE_NAME); err != nil {
+	if err := createTable(userTableName); err != nil {
 		return err
 	}
-	if err := createTable(PROJECT_TABLE_NAME); err != nil {
+	if err := createTable(projectTableName); err != nil {
 		return err
 	}
-	if err := createTable(RECORDS_TABLE_NAME); err != nil {
+	if err := createTable(recordsTableName); err != nil {
 		return err
 	}
 	return nil
diff --git a/database/database_test.go b/database/database_test.go
index a90bfe4..9216dca 100644
--- a/database/database_test.go
+++ b/database/database_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestMain(m *testing.M) {
 	// main.setLogging()
-	os.Setenv("DB_FILE", "test.db") //nolint:errcheck
+	os.Setenv("DB_FILE", "test.db") //nolint:errcheck,gosec
 	_ = InitializeDatabase()
 	defer Close()
 	// main.checkDefaultUser()
diff --git a/database/doc.go b/database/doc.go
new file mode 100644
index 0000000..01c1d86
--- /dev/null
+++ b/database/doc.go
@@ -0,0 +1,6 @@
+// Package database manages persistent storage for timetraced using bbolt.
+// It initializes and closes the database, and provides functions to create,
+// retrieve, update, and delete projects, users, and records. The package
+// also includes queries for common application needs such as active projects,
+// daily records, and report generation.
+package database
diff --git a/database/project.go b/database/project.go
index f671753..96ed1d4 100644
--- a/database/project.go
+++ b/database/project.go
@@ -8,21 +8,23 @@ import (
 	"go.etcd.io/bbolt"
 )
 
+// SaveProject saves a project to db.
 func SaveProject(p *models.Project) error {
 	value, err := json.Marshal(p)
 	if err != nil {
 		return err
 	}
 	return db.Update(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(PROJECT_TABLE_NAME))
+		b := tx.Bucket([]byte(projectTableName))
 		return b.Put([]byte(p.Name), value)
 	})
 }
 
+// GetProject retrives a project from db.
 func GetProject(name string) (models.Project, error) {
 	project := models.Project{}
 	if err := db.View(func(tx *bbolt.Tx) error {
-		v := tx.Bucket([]byte(PROJECT_TABLE_NAME)).Get([]byte(name))
+		v := tx.Bucket([]byte(projectTableName)).Get([]byte(name))
 		if v == nil {
 			return errors.New("no such project")
 		}
@@ -36,12 +38,13 @@ func GetProject(name string) (models.Project, error) {
 	return project, nil
 }
 
+// GetAllProjects retrieves all projects from db.
 func GetAllProjects() ([]models.Project, error) {
 	var projects []models.Project
 	var project models.Project
 	if err := db.View(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(PROJECT_TABLE_NAME))
-		_ = b.ForEach(func(k, v []byte) error {
+		b := tx.Bucket([]byte(projectTableName))
+		_ = b.ForEach(func(_, v []byte) error {
 			if err := json.Unmarshal(v, &project); err != nil {
 				return err
 			}
@@ -55,15 +58,17 @@ func GetAllProjects() ([]models.Project, error) {
 	return projects, nil
 }
 
+// DeleteProject deletes a project from the db.
 func DeleteProject(name string) error {
 	if err := db.Update(func(tx *bbolt.Tx) error {
-		return tx.Bucket([]byte(PROJECT_TABLE_NAME)).Delete([]byte(name))
+		return tx.Bucket([]byte(projectTableName)).Delete([]byte(name))
 	}); err != nil {
 		return err
 	}
 	return nil
 }
 
+// GetActiveProject retrieves the project for which time is aatively being recorded.
 func GetActiveProject(u string) *models.Project {
 	records, err := GetTodaysRecords()
 	if err != nil {
diff --git a/database/record.go b/database/record.go
index 3705bfd..b35239b 100644
--- a/database/record.go
+++ b/database/record.go
@@ -10,21 +10,23 @@ import (
 	"go.etcd.io/bbolt"
 )
 
+// SaveRecord saves a record to the db.
 func SaveRecord(r *models.Record) error {
 	value, err := json.Marshal(r)
 	if err != nil {
 		return err
 	}
 	return db.Update(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(RECORDS_TABLE_NAME))
+		b := tx.Bucket([]byte(recordsTableName))
 		return b.Put([]byte(r.ID.String()), value)
 	})
 }
 
+// GetRecord retrives a record form db.
 func GetRecord(id uuid.UUID) (models.Record, error) {
 	record := models.Record{}
 	if err := db.View(func(tx *bbolt.Tx) error {
-		v := tx.Bucket([]byte(RECORDS_TABLE_NAME)).Get([]byte(id.String()))
+		v := tx.Bucket([]byte(recordsTableName)).Get([]byte(id.String()))
 		if v == nil {
 			return errors.New("no such record")
 		}
@@ -38,12 +40,13 @@ func GetRecord(id uuid.UUID) (models.Record, error) {
 	return record, nil
 }
 
+// GetAllRecords returns all records from db.
 func GetAllRecords() ([]models.Record, error) {
 	var records []models.Record
 	var record models.Record
 	if err := db.View(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(RECORDS_TABLE_NAME))
-		_ = b.ForEach(func(k, v []byte) error {
+		b := tx.Bucket([]byte(recordsTableName))
+		_ = b.ForEach(func(_, v []byte) error {
 			if err := json.Unmarshal(v, &record); err != nil {
 				return err
 			}
@@ -57,12 +60,13 @@ func GetAllRecords() ([]models.Record, error) {
 	return records, nil
 }
 
+// GetAllRecordsForUser returns all records created by user from db.
 func GetAllRecordsForUser(u string) ([]models.Record, error) {
 	var records []models.Record
 	var record models.Record
 	if err := db.View(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(RECORDS_TABLE_NAME))
-		_ = b.ForEach(func(k, v []byte) error {
+		b := tx.Bucket([]byte(recordsTableName))
+		_ = b.ForEach(func(_, v []byte) error {
 			if err := json.Unmarshal(v, &record); err != nil {
 				return err
 			}
@@ -78,22 +82,24 @@ func GetAllRecordsForUser(u string) ([]models.Record, error) {
 	return records, nil
 }
 
+// DeleteRecord deletes a record from db.
 func DeleteRecord(id uuid.UUID) error {
 	if err := db.Update(func(tx *bbolt.Tx) error {
-		return tx.Bucket([]byte(RECORDS_TABLE_NAME)).Delete([]byte(id.String()))
+		return tx.Bucket([]byte(recordsTableName)).Delete([]byte(id.String()))
 	}); err != nil {
 		return err
 	}
 	return nil
 }
 
+// GetTodaysRecords returns records created on this day.
 func GetTodaysRecords() ([]models.Record, error) {
 	records := []models.Record{}
 	record := models.Record{}
 	today := truncateToStart(time.Now())
 	if err := db.View(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(RECORDS_TABLE_NAME))
-		_ = b.ForEach(func(k, v []byte) error {
+		b := tx.Bucket([]byte(recordsTableName))
+		_ = b.ForEach(func(_, v []byte) error {
 			if err := json.Unmarshal(v, &record); err != nil {
 				return err
 			}
@@ -109,6 +115,7 @@ func GetTodaysRecords() ([]models.Record, error) {
 	return records, nil
 }
 
+// GetTodaysRecordsForUser return records created on this day by specified user.
 func GetTodaysRecordsForUser(user string) ([]models.Record, error) {
 	if user == "" {
 		return []models.Record{}, nil
@@ -117,8 +124,8 @@ func GetTodaysRecordsForUser(user string) ([]models.Record, error) {
 	record := models.Record{}
 	today := truncateToStart(time.Now())
 	if err := db.View(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(RECORDS_TABLE_NAME))
-		_ = b.ForEach(func(k, v []byte) error {
+		b := tx.Bucket([]byte(recordsTableName))
+		_ = b.ForEach(func(_, v []byte) error {
 			if err := json.Unmarshal(v, &record); err != nil {
 				return err
 			}
@@ -134,14 +141,15 @@ func GetTodaysRecordsForUser(user string) ([]models.Record, error) {
 	return records, nil
 }
 
+// GetReportRecords returns record matching the request.
 func GetReportRecords(req models.DatabaseReportRequest) ([]models.Record, error) {
 	records := []models.Record{}
 	record := models.Record{}
 	start := truncateToStart(req.Start)
 	end := truncateToEnd(req.End)
 	if err := db.View(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(RECORDS_TABLE_NAME))
-		_ = b.ForEach(func(k, v []byte) error {
+		b := tx.Bucket([]byte(recordsTableName))
+		_ = b.ForEach(func(_, v []byte) error {
 			if err := json.Unmarshal(v, &record); err != nil {
 				return err
 			}
@@ -166,6 +174,7 @@ func GetReportRecords(req models.DatabaseReportRequest) ([]models.Record, error)
 func truncateToStart(t time.Time) time.Time {
 	return time.Date(t.Year(), t.Month(), t.Day(), 0, 0, 0, 0, t.Location())
 }
+
 func truncateToEnd(t time.Time) time.Time {
 	return time.Date(t.Year(), t.Month(), t.Day(), 23, 59, 59, 0, t.Location())
 }
diff --git a/database/user.go b/database/user.go
index 760a8b4..d8809fe 100644
--- a/database/user.go
+++ b/database/user.go
@@ -8,21 +8,23 @@ import (
 	"go.etcd.io/bbolt"
 )
 
+// SaveUser saves/updates user in db.
 func SaveUser(u *models.User) error {
 	value, err := json.Marshal(u)
 	if err != nil {
 		return err
 	}
 	return db.Update(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(USERS_TABLE_NAME))
+		b := tx.Bucket([]byte(userTableName))
 		return b.Put([]byte(u.Username), value)
 	})
 }
 
+// GetUser retrieves the named user from db.
 func GetUser(name string) (models.User, error) {
 	user := models.User{}
 	if err := db.View(func(tx *bbolt.Tx) error {
-		v := tx.Bucket([]byte(USERS_TABLE_NAME)).Get([]byte(name))
+		v := tx.Bucket([]byte(userTableName)).Get([]byte(name))
 		if v == nil {
 			return errors.New("no such user")
 		}
@@ -36,15 +38,16 @@ func GetUser(name string) (models.User, error) {
 	return user, nil
 }
 
+// GetAllUsers retrieves all users from db.
 func GetAllUsers() ([]models.User, error) {
 	var users []models.User
 	var user models.User
 	if err := db.View(func(tx *bbolt.Tx) error {
-		b := tx.Bucket([]byte(USERS_TABLE_NAME))
+		b := tx.Bucket([]byte(userTableName))
 		if b == nil {
 			return errors.New("no users")
 		}
-		_ = b.ForEach(func(k, v []byte) error {
+		_ = b.ForEach(func(_, v []byte) error {
 			if err := json.Unmarshal(v, &user); err != nil {
 				return err
 			}
@@ -58,9 +61,10 @@ func GetAllUsers() ([]models.User, error) {
 	return users, nil
 }
 
+// DeleteUser deletes a user from db.
 func DeleteUser(name string) error {
 	if err := db.Update(func(tx *bbolt.Tx) error {
-		return tx.Bucket([]byte(USERS_TABLE_NAME)).Delete([]byte(name))
+		return tx.Bucket([]byte(userTableName)).Delete([]byte(name))
 	}); err != nil {
 		return err
 	}
diff --git a/main.go b/main.go
index 4a23c46..90e2ca0 100644
--- a/main.go
+++ b/main.go
@@ -23,11 +23,10 @@ package main
 
 import (
 	"log"
+	"log/slog"
 	"os"
 	"path/filepath"
 
-	"log/slog"
-
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
 	"github.com/joho/godotenv"
@@ -49,7 +48,7 @@ func main() {
 	checkDefaultUser()
 	users, err := database.GetAllUsers()
 	if err != nil {
-		log.Fatal("get users", err)
+		log.Fatal("get users", err) //nolint:gocritic
 	}
 	for _, user := range users {
 		project := database.GetActiveProject(user.Username)
@@ -60,15 +59,15 @@ func main() {
 		}
 	}
 	router := setupRouter()
-	//router.Use(sloggin.New(logger))
+	// router.Use(sloggin.New(logger))
 	if err := router.Run(":" + port); err != nil {
 		log.Fatal(err)
 	}
 }
 
-func setLogging() *slog.Logger {
+func setLogging() {
 	logLevel := &slog.LevelVar{}
-	replace := func(groups []string, a slog.Attr) slog.Attr {
+	replace := func(_ []string, a slog.Attr) slog.Attr {
 		if a.Key == slog.SourceKey {
 			source, ok := a.Value.Any().(*slog.Source)
 			if ok {
@@ -78,11 +77,14 @@ func setLogging() *slog.Logger {
 		}
 		return a
 	}
-	logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{AddSource: true, ReplaceAttr: replace, Level: logLevel}))
-	//logger := slog.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{AddSource: true, Level: logLevel}))
+	logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
+		AddSource:   true,
+		ReplaceAttr: replace,
+		Level:       logLevel,
+	}))
+	// logger := slog.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{AddSource: true, Level: logLevel}))
 	slog.SetDefault(logger)
 	if os.Getenv("DEBUG") == "true" {
 		logLevel.Set(slog.LevelDebug)
 	}
-	return logger
 }
diff --git a/models/config.go b/models/config.go
index ed12d1e..9a6fbf8 100644
--- a/models/config.go
+++ b/models/config.go
@@ -1,7 +1,8 @@
 package models
 
+// Config represents the user selectable UI options.
 type Config struct {
-	Theme   string `json:"theme" form:"theme"`
-	Font    string `json:"font" form:"font"`
-	Refresh int    `json:"refresh" form:"refresh"`
+	Theme   string `form:"theme"   json:"theme"`
+	Font    string `form:"font"    json:"font"`
+	Refresh int    `form:"refresh" json:"refresh"`
 }
diff --git a/models/doc.go b/models/doc.go
new file mode 100644
index 0000000..5342c73
--- /dev/null
+++ b/models/doc.go
@@ -0,0 +1,6 @@
+// Package models defines the core data structures used throughout timetraced.
+// It includes types representing users, projects, and records, along with
+// supporting types such as report requests. These structs form the shared
+// domain model for persistence, business logic, and presentation layers,
+// and are serialized for storage and communication between packages.
+package models
diff --git a/models/errors.go b/models/errors.go
index ec5f560..7ca4ac3 100644
--- a/models/errors.go
+++ b/models/errors.go
@@ -7,11 +7,13 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
+// ErrorMessage represents an error message to be return to UI.
 type ErrorMessage struct {
 	Status  string
 	Message string
 }
 
+// Process returns an error message to UI.
 func (e *ErrorMessage) Process(c *gin.Context) {
 	slog.Error(e.Message, "status", e.Status)
 	c.HTML(http.StatusOK, "error", e)
diff --git a/models/page.go b/models/page.go
index 2ecc2b5..42578d2 100644
--- a/models/page.go
+++ b/models/page.go
@@ -6,6 +6,7 @@ import (
 	"time"
 )
 
+// Page represents the data to for display to user.
 type Page struct {
 	NeedsLogin  bool
 	Version     string
@@ -18,7 +19,6 @@ type Page struct {
 	DefaultDate string
 }
 
-// var page Page
 var pages map[string]Page
 
 func initialize() Page {
@@ -30,6 +30,7 @@ func initialize() Page {
 		DefaultDate: time.Now().Local().Format("2006-01-02"),
 	}
 }
+
 func init() {
 	pages = make(map[string]Page)
 }
@@ -46,10 +47,12 @@ func version() string {
 	return version
 }
 
+// GetPage returns default page data.
 func GetPage() Page {
 	return initialize()
 }
 
+// GetUserPage returns current page for a user.
 func GetUserPage(u string) Page {
 	if u == "" {
 		return initialize()
@@ -62,6 +65,7 @@ func GetUserPage(u string) Page {
 	return pages[u]
 }
 
+// SetTheme sets the page theme for a user.
 func SetTheme(user, theme string) {
 	page, ok := pages[user]
 	if !ok {
@@ -71,6 +75,7 @@ func SetTheme(user, theme string) {
 	pages[user] = page
 }
 
+// SetFont sets the page font for a user.
 func SetFont(user, font string) {
 	page, ok := pages[user]
 	if !ok {
@@ -80,6 +85,7 @@ func SetFont(user, font string) {
 	pages[user] = page
 }
 
+// SetRefresh sets the refresh rate for a user.
 func SetRefresh(user string, refresh int) {
 	page, ok := pages[user]
 	if !ok {
diff --git a/models/project.go b/models/project.go
index 20f9956..008352c 100644
--- a/models/project.go
+++ b/models/project.go
@@ -11,6 +11,7 @@ var (
 	trackedProject map[string]string
 )
 
+// Project represents a project.
 type Project struct {
 	ID      uuid.UUID
 	Name    string
@@ -18,6 +19,7 @@ type Project struct {
 	Updated time.Time
 }
 
+// StartRequest is a request to start recording time for a given project.
 type StartRequest struct {
 	Project string
 }
@@ -27,6 +29,7 @@ func init() {
 	trackedProject = make(map[string]string)
 }
 
+// IsTrackingActive checks if tracking has been activated for given user.
 func IsTrackingActive(u string) bool {
 	if active, ok := trackingActive[u]; ok {
 		return active
@@ -34,16 +37,19 @@ func IsTrackingActive(u string) bool {
 	return false
 }
 
+// TrackingActive activates tracking for given user and project.
 func TrackingActive(u string, p Project) {
 	trackingActive[u] = true
 	trackedProject[u] = p.Name
 }
 
+// TrackingInactive deactivates tracking for given user.
 func TrackingInactive(u string) {
 	trackingActive[u] = false
 	trackedProject[u] = ""
 }
 
+// Tracked returns the poject being tracked for user.
 func Tracked(u string) string {
 	if project, ok := trackedProject[u]; ok {
 		return project
diff --git a/models/record.go b/models/record.go
index 6c8ae9f..74fd214 100644
--- a/models/record.go
+++ b/models/record.go
@@ -7,6 +7,7 @@ import (
 	"github.com/google/uuid"
 )
 
+// Record represents a time record.
 type Record struct {
 	ID      uuid.UUID
 	Project string
@@ -15,6 +16,7 @@ type Record struct {
 	End     time.Time
 }
 
+// EditRecord represents a time record for editing in UI.
 type EditRecord struct {
 	ID        string
 	Start     string
@@ -23,34 +25,39 @@ type EditRecord struct {
 	EndTime   string
 }
 
-type Durations map[string]string
+// type Durations map[string]string
 
+// Duration reprents the time spend on a project.
 type Duration struct {
 	Project string
 	Elapsed string
 }
 
+// Duration returns the elapsed time from a time record.
 func (r *Record) Duration() time.Duration {
 	return r.End.Sub(r.Start)
 }
 
+// FmtDuration returns a human readable representation of a duration
+// in hours:minute and decimal hours format.
 func FmtDuration(d time.Duration) string {
 	d = d.Round(time.Minute)
 	h := d / time.Hour
-	d -= h * time.Hour
+	d -= h * time.Hour //nolint:durationcheck
 	m := d / time.Minute
 	dm := int(m) / 6
 	if m%6 != 0 {
-		dm += 1
+		dm++
 	}
 	dh := h
 	if dm == 10 {
-		dh += 1
+		dh++
 		dm = 0
 	}
 	return fmt.Sprintf("%02d:%02d (%2d.%d Hours)", h, m, dh, dm)
 }
 
+// StatusResponse provides a status for display.
 type StatusResponse struct {
 	Current      string
 	Elapsed      string
@@ -59,6 +66,7 @@ type StatusResponse struct {
 	Durations    []Duration
 }
 
+// Status represents the time recorded today.
 type Status struct {
 	Current    string
 	Elapsed    time.Duration
diff --git a/models/reports.go b/models/reports.go
index 590f308..2ad1440 100644
--- a/models/reports.go
+++ b/models/reports.go
@@ -6,24 +6,28 @@ import (
 	"github.com/google/uuid"
 )
 
+// Report represents the time spent on a project.  It is a response to a ReportRequest.
 type Report struct {
 	Project string
 	Total   string
 	Items   []ReportRecord
 }
 
+// ReportRecord represents and individual report record.
 type ReportRecord struct {
 	ID    uuid.UUID
 	Start time.Time
 	End   time.Time
 }
 
+// ReportRequest contains data to initiate a report.
 type ReportRequest struct {
-	Start   string `json:"start" form:"start"`
-	End     string `json:"end" form:"end"`
-	Project string `json:"project" form:"project"`
+	Start   string `form:"start"   json:"start"`
+	End     string `form:"end"     json:"end"`
+	Project string `form:"project" json:"project"`
 }
 
+// DatabaseReportRequest represents a ReportRequest formatted for db queries.
 type DatabaseReportRequest struct {
 	Start   time.Time
 	End     time.Time
diff --git a/models/user.go b/models/user.go
index ce65c31..0ada887 100644
--- a/models/user.go
+++ b/models/user.go
@@ -4,9 +4,10 @@ import (
 	"time"
 )
 
+// User represents a user.
 type User struct {
-	Username string `json:"username" form:"username"`
-	Password string `json:"password" form:"password"`
+	Username string `form:"username" json:"username"`
+	Password string `form:"password" json:"password"`
 	IsAdmin  bool
 	Updated  time.Time
 }
diff --git a/projects.go b/projects.go
index 8fc92ee..7e34aec 100644
--- a/projects.go
+++ b/projects.go
@@ -70,8 +70,8 @@ func getProject(c *gin.Context) {
 func start(c *gin.Context) {
 	session := sessions.Default(c)
 	user := session.Get("user").(string)
-	p := c.Param("name")
-	project, err := database.GetProject(p)
+	proj := c.Param("name")
+	project, err := database.GetProject(proj)
 	if err != nil {
 		processError(c, http.StatusInternalServerError, "error reading project "+err.Error())
 		return
@@ -88,7 +88,7 @@ func start(c *gin.Context) {
 	}
 	record := models.Record{
 		ID:      uuid.New(),
-		Project: p,
+		Project: proj,
 		User:    user,
 		Start:   time.Now(),
 	}
@@ -101,8 +101,8 @@ func start(c *gin.Context) {
 	displayMain(c)
 }
 
-func stopE(u string) error {
-	records, err := database.GetAllRecordsForUser(u)
+func stopE(user string) error {
+	records, err := database.GetAllRecordsForUser(user)
 	if err != nil {
 		return fmt.Errorf("failed to retrieve records %w", err)
 	}
@@ -114,8 +114,8 @@ func stopE(u string) error {
 			}
 		}
 	}
-	slog.Info("tracking stopped", "project", models.Tracked(u))
-	models.TrackingInactive(u)
+	slog.Info("tracking stopped", "project", models.Tracked(user))
+	models.TrackingInactive(user)
 	return nil
 }
 
diff --git a/records.go b/records.go
index b5b9e26..e3eaad5 100644
--- a/records.go
+++ b/records.go
@@ -24,10 +24,10 @@ func getStatus(user string) (models.StatusResponse, error) {
 			record.End = time.Now()
 			status.Elapsed = record.Duration()
 		}
-		durations[record.Project] = durations[record.Project] + record.End.Sub(record.Start)
-		status.DailyTotal = status.DailyTotal + record.Duration()
+		durations[record.Project] += record.End.Sub(record.Start)
+		status.DailyTotal += record.Duration()
 		if record.Project == status.Current {
-			status.Total = status.Total + record.Duration()
+			status.Total += record.Duration()
 		}
 	}
 	response.Current = status.Current
diff --git a/reports.go b/reports.go
index 71ee060..3acb346 100644
--- a/reports.go
+++ b/reports.go
@@ -12,7 +12,7 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-func getReport(c *gin.Context) {
+func getReport(c *gin.Context) { //nolint:cyclop,funlen
 	var err error
 	projectsToQuery := []string{}
 	session := sessions.Default(c)
@@ -65,7 +65,7 @@ func getReport(c *gin.Context) {
 		var total time.Duration
 		for _, d := range data {
 			recordTotal := d.End.Sub(d.Start)
-			total = total + recordTotal
+			total += recordTotal
 			reportRecord.End = d.End
 			reportRecord.Start = d.Start
 			reportRecord.ID = d.ID
@@ -79,7 +79,6 @@ func getReport(c *gin.Context) {
 		}
 	}
 	c.HTML(http.StatusOK, "results", displayRecords)
-
 }
 
 func report(c *gin.Context) {
diff --git a/router.go b/router.go
index e7df193..142c9d1 100644
--- a/router.go
+++ b/router.go
@@ -18,11 +18,10 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-//go:embed: images/favicon.ico
+//go:embed images/favicon.ico
 var icon embed.FS
 
-func setupRouter() *gin.Engine {
-	//gin.SetMode(gin.ReleaseMode)
+func setupRouter() *gin.Engine { //nolint:funlen
 	secret, ok := os.LookupEnv("SESSION_SECRET")
 	if !ok {
 		secret = "secret"
@@ -34,7 +33,7 @@ func setupRouter() *gin.Engine {
 	router.Static("images", "./images")
 	router.Static("assets", "./assets")
 	router.StaticFS("/favicon.ico", http.FS(icon))
-	//router.SetHTMLTemplate(template.Must(template.New("").Parse("html/*")))
+	// router.SetHTMLTemplate(template.Must(template.New("").Parse("html/*")))
 	_ = router.SetTrustedProxies(nil)
 	router.Use(gin.Recovery(), session)
 	users := router.Group("/users", auth)
diff --git a/user_test.go b/user_test.go
index 3c61a10..e183e3e 100644
--- a/user_test.go
+++ b/user_test.go
@@ -22,7 +22,7 @@ var (
 
 func TestMain(m *testing.M) {
 	setLogging()
-	os.Setenv("DB_FILE", "test.db") //nolint:errcheck
+	os.Setenv("DB_FILE", "test.db") //nolint:errcheck,gosec
 	_ = database.InitializeDatabase()
 	defer database.Close()
 	checkDefaultUser()
diff --git a/users.go b/users.go
index e4617da..e9b1ef0 100644
--- a/users.go
+++ b/users.go
@@ -88,7 +88,7 @@ func logout(c *gin.Context) {
 		}
 	}
 	slog.Info("logout", "user", session.Get("user"))
-	//delete cookie
+	// delete cookie
 	session.Clear()
 	_ = session.Save()
 	c.HTML(http.StatusOK, "login", "")

From 132d036b1fa65134c5874acf2c8f9cdf887ac75d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 15:10:54 +0000
Subject: [PATCH 03/10] Bump actions/setup-go from 5 to 6

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/integrationtest.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/integrationtest.yml b/.github/workflows/integrationtest.yml
index 13e0023..f7bb753 100644
--- a/.github/workflows/integrationtest.yml
+++ b/.github/workflows/integrationtest.yml
@@ -16,7 +16,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: ./go.mod
       - name: Build
@@ -30,7 +30,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: ./go.mod
       - name: run tests
@@ -44,7 +44,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
       - name: setup go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: ./go.mod
       - name:  lint

From 6e467d2a1bf31c5216da37de093013dcaaabeabf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 15:49:24 +0000
Subject: [PATCH 04/10] Bump golang.org/x/crypto from 0.41.0 to 0.42.0 in the
 all-deps group

Bumps the all-deps group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.41.0 to 0.42.0
- [Commits](https://github.com/golang/crypto/compare/v0.41.0...v0.42.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 5c2d057..0d6b557 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/devilcove/timetraced
 
-go 1.23.0
+go 1.24.0
 
 require (
 	github.com/Kairum-Labs/should v0.1.0
@@ -9,7 +9,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/joho/godotenv v1.5.1
 	go.etcd.io/bbolt v1.4.3
-	golang.org/x/crypto v0.41.0
+	golang.org/x/crypto v0.42.0
 )
 
 require github.com/google/go-cmp v0.5.9 // indirect
@@ -39,9 +39,9 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	golang.org/x/arch v0.16.0 // indirect
-	golang.org/x/net v0.42.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 9a5ac74..ecb84d9 100644
--- a/go.sum
+++ b/go.sum
@@ -95,17 +95,17 @@ go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
 go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
 golang.org/x/arch v0.16.0 h1:foMtLTdyOmIniqWCHjY6+JxuC54XP1fDwx4N0ASyW+U=
 golang.org/x/arch v0.16.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
 google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
 google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

From 2ea1cfb70fa3e6cdc45fdd03aee82dc7d814b626 Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Thu, 11 Sep 2025 11:11:05 -0400
Subject: [PATCH 05/10] logging changes

---
 config.go    |  2 +-
 go.mod       |  4 ++--
 go.sum       |  4 ++--
 main.go      | 46 ++++++++++------------------------------------
 user_test.go |  4 +++-
 5 files changed, 18 insertions(+), 42 deletions(-)

diff --git a/config.go b/config.go
index f689fda..5b87111 100644
--- a/config.go
+++ b/config.go
@@ -9,7 +9,7 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-func config(c *gin.Context) {
+func configOld(c *gin.Context) {
 	page := models.GetPage()
 	c.HTML(http.StatusOK, "config", page)
 }
diff --git a/go.mod b/go.mod
index 0d6b557..9c8453d 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,8 @@ require (
 	github.com/gin-contrib/sessions v1.0.4
 	github.com/gin-gonic/gin v1.10.1
 	github.com/google/uuid v1.6.0
-	github.com/joho/godotenv v1.5.1
+	github.com/gorilla/sessions v1.4.0
+	github.com/mattkasun/tools v0.2.1
 	go.etcd.io/bbolt v1.4.3
 	golang.org/x/crypto v0.42.0
 )
@@ -26,7 +27,6 @@ require (
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
diff --git a/go.sum b/go.sum
index ecb84d9..9cf69d7 100644
--- a/go.sum
+++ b/go.sum
@@ -43,8 +43,6 @@ github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kX
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
 github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
-github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
-github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -60,6 +58,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mattkasun/tools v0.2.1 h1:J/d7p4E1jpb6ZIUta2UlT+uWAudxNNhwplJCY88BX9o=
+github.com/mattkasun/tools v0.2.1/go.mod h1:H1mWrZ9c9YFT8Da4rirsswQ/QShi7kX3AxkdJZHnmcM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
diff --git a/main.go b/main.go
index 90e2ca0..2cc8a04 100644
--- a/main.go
+++ b/main.go
@@ -22,33 +22,31 @@ limitations under the License.
 package main
 
 import (
-	"log"
-	"log/slog"
 	"os"
-	"path/filepath"
+	"time"
 
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/joho/godotenv"
+	"github.com/mattkasun/tools/logging"
 )
 
 func main() {
-	setLogging()
-	if err := godotenv.Load(); err != nil {
-		slog.Error("read environment", "error", err)
-	}
+	logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
 	port, ok := os.LookupEnv("PORT")
 	if !ok {
 		port = "8080"
 	}
+
 	if err := database.InitializeDatabase(); err != nil {
-		log.Fatal(err)
+		logger.Error("database init", "err", err)
+		os.Exit(1)
 	}
 	defer database.Close()
 	checkDefaultUser()
 	users, err := database.GetAllUsers()
 	if err != nil {
-		log.Fatal("get users", err) //nolint:gocritic
+		logger.Error("get users", "err", err)
+		os.Exit(1) //nolint:gocritic
 	}
 	for _, user := range users {
 		project := database.GetActiveProject(user.Username)
@@ -59,32 +57,8 @@ func main() {
 		}
 	}
 	router := setupRouter()
-	// router.Use(sloggin.New(logger))
 	if err := router.Run(":" + port); err != nil {
-		log.Fatal(err)
-	}
-}
-
-func setLogging() {
-	logLevel := &slog.LevelVar{}
-	replace := func(_ []string, a slog.Attr) slog.Attr {
-		if a.Key == slog.SourceKey {
-			source, ok := a.Value.Any().(*slog.Source)
-			if ok {
-				source.File = filepath.Base(source.File)
-				source.Function = filepath.Base(source.Function)
-			}
-		}
-		return a
-	}
-	logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
-		AddSource:   true,
-		ReplaceAttr: replace,
-		Level:       logLevel,
-	}))
-	// logger := slog.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{AddSource: true, Level: logLevel}))
-	slog.SetDefault(logger)
-	if os.Getenv("DEBUG") == "true" {
-		logLevel.Set(slog.LevelDebug)
+		logger.Error("run router", "err", err)
+		os.Exit(1)
 	}
 }
diff --git a/user_test.go b/user_test.go
index e183e3e..e266f3e 100644
--- a/user_test.go
+++ b/user_test.go
@@ -8,11 +8,13 @@ import (
 	"net/http/httptest"
 	"os"
 	"testing"
+	"time"
 
 	"github.com/Kairum-Labs/should"
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
 	"github.com/gin-gonic/gin"
+	"github.com/mattkasun/tools/logging"
 )
 
 var (
@@ -21,7 +23,7 @@ var (
 )
 
 func TestMain(m *testing.M) {
-	setLogging()
+	logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
 	os.Setenv("DB_FILE", "test.db") //nolint:errcheck,gosec
 	_ = database.InitializeDatabase()
 	defer database.Close()

From 3024050e412793483552937c1440fdf0973bd70f Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Mon, 15 Dec 2025 12:23:18 -0500
Subject: [PATCH 06/10] replace gonic-gin/gin with devlicove/mux

---
 config.go               |  33 +++--
 go.mod                  |  32 +----
 go.sum                  |  91 +------------
 html/about.html         |   7 +-
 html/configuration.html |   2 +-
 html/content.html       |   5 +-
 html/footer.html        |   2 +-
 html/login.html         |  27 ++--
 html/navbar.html        |  27 ++--
 html/register.html      |  29 +++--
 html/report.html        |   5 +-
 html/user.html          |  18 ++-
 main.go                 |   8 +-
 middleware.go           |  60 +++++++++
 models/errors.go        |  21 ---
 models/page.go          |   6 +-
 models/user.go          |   5 +
 page.go                 |  49 ++++---
 projects.go             |  92 ++++++-------
 projects_test.go        |   2 +-
 records.go              |  38 +++---
 reports.go              |  47 ++++---
 router.go               | 151 ++++++++++++----------
 user_test.go            |   8 +-
 users.go                | 279 +++++++++++++++++++++-------------------
 25 files changed, 513 insertions(+), 531 deletions(-)
 create mode 100644 middleware.go
 delete mode 100644 models/errors.go

diff --git a/config.go b/config.go
index 5b87111..ed957f3 100644
--- a/config.go
+++ b/config.go
@@ -1,28 +1,37 @@
 package main
 
 import (
-	"log"
 	"net/http"
+	"strconv"
 
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
 )
 
-func configOld(c *gin.Context) {
+func configOld(w http.ResponseWriter, r *http.Request) {
 	page := models.GetPage()
-	c.HTML(http.StatusOK, "config", page)
+	templates.ExecuteTemplate(w, "config", page)
 }
 
-func setConfig(c *gin.Context) {
-	session := sessions.Default(c)
-	user := session.Get("user").(string)
-	config := models.Config{}
-	if err := c.Bind(&config); err != nil {
-		log.Println("failed to read config", err)
+func setConfig(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	user := session.User
+	if err := r.ParseForm(); err != nil {
+		processError(w, http.StatusBadRequest, "invalid data")
+		return
+	}
+	refresh, err := strconv.Atoi(r.FormValue("refresh"))
+	if err != nil {
+		refresh = 5
+	}
+	config := models.Config{
+		Theme:   r.FormValue("theme"),
+		Font:    r.FormValue("font"),
+		Refresh: refresh,
 	}
 	models.SetTheme(user, config.Theme)
 	models.SetFont(user, config.Font)
 	models.SetRefresh(user, config.Refresh)
-	displayMain(c)
+	page := models.GetUserPage(user)
+	w.Header().Set("HX-Refresh", "true")
+	templates.ExecuteTemplate(w, "layout", page)
 }
diff --git a/go.mod b/go.mod
index 9c8453d..fc0c9a4 100644
--- a/go.mod
+++ b/go.mod
@@ -4,8 +4,7 @@ go 1.24.0
 
 require (
 	github.com/Kairum-Labs/should v0.1.0
-	github.com/gin-contrib/sessions v1.0.4
-	github.com/gin-gonic/gin v1.10.1
+	github.com/devilcove/mux v0.2.0
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/sessions v1.4.0
 	github.com/mattkasun/tools v0.2.1
@@ -13,36 +12,9 @@ require (
 	golang.org/x/crypto v0.42.0
 )
 
-require github.com/google/go-cmp v0.5.9 // indirect
-
 require (
-	github.com/bytedance/sonic v1.13.2 // indirect
-	github.com/bytedance/sonic/loader v0.2.4 // indirect
-	github.com/cloudwego/base64x v0.1.5 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
-	github.com/gin-contrib/sse v1.0.0 // indirect
-	github.com/go-playground/locales v0.14.1 // indirect
-	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.26.0 // indirect
-	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
-	github.com/kr/pretty v0.3.1 // indirect
-	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/stretchr/testify v1.11.0 // indirect
-	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
-	golang.org/x/arch v0.16.0 // indirect
-	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sync v0.17.0 // indirect
 	golang.org/x/sys v0.36.0 // indirect
-	golang.org/x/text v0.29.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 9cf69d7..a1d3637 100644
--- a/go.sum
+++ b/go.sum
@@ -1,117 +1,30 @@
 github.com/Kairum-Labs/should v0.1.0 h1:7CpOfhWX7yIwMbUwUdCmtKC/UJaNt2YyKbFn8dvMrdk=
 github.com/Kairum-Labs/should v0.1.0/go.mod h1:vP/ASEjUAKoWy/M7uIrAXq69p7/IUWOpEe5R+q/+K34=
-github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
-github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
-github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
-github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
-github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
-github.com/gin-contrib/sessions v1.0.4 h1:ha6CNdpYiTOK/hTp05miJLbpTSNfOnFg5Jm2kbcqy8U=
-github.com/gin-contrib/sessions v1.0.4/go.mod h1:ccmkrb2z6iU2osiAHZG3x3J4suJK+OU27oqzlWOqQgs=
-github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
-github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
-github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
-github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
-github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
-github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
-github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
-github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
-github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k=
-github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
-github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
-github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/devilcove/mux v0.2.0 h1:U9bKQs0HhGJqIFUmH84nPt5pz67QJtmVtwT2f3RKgsk=
+github.com/devilcove/mux v0.2.0/go.mod h1:Q4ysJcjpLwW7rLNTOYSlYVst5OmwFh1uZxJSCPQ34U4=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
-github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
 github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
-github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
-github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
-github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/mattkasun/tools v0.2.1 h1:J/d7p4E1jpb6ZIUta2UlT+uWAudxNNhwplJCY88BX9o=
 github.com/mattkasun/tools v0.2.1/go.mod h1:H1mWrZ9c9YFT8Da4rirsswQ/QShi7kX3AxkdJZHnmcM=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
-github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8=
 github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
-github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
-github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
 go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
-golang.org/x/arch v0.16.0 h1:foMtLTdyOmIniqWCHjY6+JxuC54XP1fDwx4N0ASyW+U=
-golang.org/x/arch v0.16.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
 golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
 golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
diff --git a/html/about.html b/html/about.html
index ace0dab..72a9eb5 100644
--- a/html/about.html
+++ b/html/about.html
@@ -6,8 +6,8 @@
             <h2>TimeTrace</h2>
             <small>Version {{ .Version }}</small>
             <h3>&copy; 2023-2024 Matthew R. Kasun</h3>
-            <small>built with <a href="https://github.com/gin-gonic/" target="_blank">gin</a> <a href="https://go.etcd.io/bbolt" target="_blank">bbolt</a>
-                 and <a href="https://htmx.org" target="_blank">htmx</a></small><br><br>
+            <small>built with <a href="https://go.etcd.io/bbolt" target="_blank">bbolt</a>
+                and <a href="https://htmx.org" target="_blank">htmx</a></small><br><br>
             <a href="mailto://mkasun@nusak.ca?subject=trimetraced" target="_blank">
                 <i class="fa fa-paper-plane w3-small"></i>
                 mkasun@nusak.ca</a><br>
@@ -15,7 +15,8 @@ <h3>&copy; 2023-2024 Matthew R. Kasun</h3>
                 <i class="fab fa-github"></i>
                 repo</a>
             <br><br>
-            <button type="submit" class="w3-button w3-block w3-padding" onclick="document.getElementById('About').style.display='none'">Close</button>
+            <button type="submit" class="w3-button w3-block w3-padding"
+                onclick="document.getElementById('About').style.display='none'">Close</button>
         </div>
     </div>
 </div>
diff --git a/html/configuration.html b/html/configuration.html
index 3e52c81..6128c1c 100644
--- a/html/configuration.html
+++ b/html/configuration.html
@@ -3,7 +3,7 @@
     <div class="w3-third"><br></div>
     <div class="w3-third">
         <h1>Configuration</h1>
-        <form hx-post="/config" hx-target="#main">
+        <form hx-post="/config/" hx-target="#main">
             <p><label>Theme</label>
                 <select name="theme">
                     <option>indigo</option>
diff --git a/html/content.html b/html/content.html
index 6846218..a897a6c 100644
--- a/html/content.html
+++ b/html/content.html
@@ -3,7 +3,8 @@
 {{if (eq .NeedsLogin true)}}
 {{template "login" .}}
 {{ else }}
-<div class="w3-container w3-center w3-padding-64" id="content" hx-get="/projects/status" hx-trigger="every {{.Refresh}}m">
+<div class="w3-container w3-center w3-padding-64" id="content" hx-get="/projects/status"
+    hx-trigger="every {{.Refresh}}m">
     <div class="w3-row">
         <div class="w3-third"><br></div>
         <div class="w3-third">
@@ -22,7 +23,7 @@
                 </tr>
             </table>
             {{ if .Tracking }}
-            <form hx-post="projects/stop" hx-target="#main">
+            <form hx-post="projects/stop/" hx-target="#main">
                 <button class="w3-button" type="submit"><i class="fa fa-stopwatch"></i> Stop</button>
             </form>
             {{end}}
diff --git a/html/footer.html b/html/footer.html
index 26fe092..0362327 100644
--- a/html/footer.html
+++ b/html/footer.html
@@ -1,6 +1,6 @@
 {{define "footer"}}
 <footer class="w3-center">
     &copy; 2023 Matthew R Kasun
-    <a hx-get="/logout" hx-target="#content" class="w3-circle w3-small w3-theme-d1">Logout</a>
+    <a href="/logout/" class="w3-circle w3-small w3-theme-d1">Logout</a>
 </footer>
 {{end}}
\ No newline at end of file
diff --git a/html/login.html b/html/login.html
index c36512c..0b9f8d2 100644
--- a/html/login.html
+++ b/html/login.html
@@ -1,18 +1,17 @@
 {{define "login"}}
 <div id="content">
-        <div class="w3-container w3-center w3-theme-dark">
-            <h1>Timetrace Login</h1>
-            <!-- <form action="/login" method="post"> -->
-            <form hx-post="/login" hx-target="#content" hx-target-error="#error">
-                <label for="username">Username</label><br>
-                <input type="text" placeholder="enter username" name="username" required><br>
-                <label for="pass">Password</label><br>
-                <input type="password" placeholder="enter password" name="password" required><br>
-                <button type="submit">Login</button>
-            </form>
-            <div class="w3-container w3-padding-32">
-                <a hx-get="/register" hx-target="#content">Don't have an Account? Register</a>
-            </div>
-        </div>
+    <div class="w3-container w3-center w3-theme-dark">
+        <h1>Timetrace Login</h1>
+        <!-- <form action="/login" method="post"> -->
+        <form hx-post="/login" hx-target="#content" hx-target-error="#error">
+            <label for="username">Username</label><br>
+            <input type="text" placeholder="enter username" name="username" required><br>
+            <label for="pass">Password</label><br>
+            <input type="password" placeholder="enter password" name="password" required><br>
+            <p></p>
+            <button type="submit">Login</button>
+        </form>
+    </div>
+</div>
 </div>
 {{end}}
\ No newline at end of file
diff --git a/html/navbar.html b/html/navbar.html
index ca72e7e..cb857cd 100644
--- a/html/navbar.html
+++ b/html/navbar.html
@@ -11,17 +11,14 @@
                 <summary><i class="fa fa-home w3-xxxlarge"></i>Projects</summary>
                 <hr>
                 {{range .Projects }}
-                <button type="button" class="w3-button" 
-                    hx-post="/projects/{{.}}/start"
-                    hx-target="#main">{{.}}
+                <button type="button" class="w3-button" hx-post="/projects/start/{{.}}" hx-target="#main">{{.}}
                 </button><br>
                 {{end}}
                 <hr>
-                <form hx-get="/projects/add" hx-target="#content">
-                <button type="submit" class="w3-button"
-                    >New Project</button><br>
+                <form hx-get="/projects/add/" hx-target="#content">
+                    <button type="submit" class="w3-button">New Project</button><br>
                 </form>
-                <a href="/logout" class="w3-bar-item w3-button">Logout</a>
+                <a href="/logout/" class="w3-bar-item w3-button">Logout</a>
             </details>
         </div>
         <button type="button" class="w3-bar-item w3-button" hx-get="/reports" hx-target="#content">
@@ -49,11 +46,11 @@
                 <a href="/logout" class="w3-bar-item w3-button">Logout</a>
             </div>
         </div>
-        <button type="button" class="w3-bar-item w3-button" hx-get="/reports" hx-target="#content">
+        <button type="button" class="w3-bar-item w3-button" hx-get="/reports/" hx-target="#content">
             REPORTS</button>
-        <button type="button" class="w3-bar-item w3-button" hx-get="/configuration" hx-target="#content">
+        <button type="button" class="w3-bar-item w3-button" hx-get="/configuration/" hx-target="#content">
             CONFIGURATION</button>
-        <button type="button" class="w3-bar-item w3-button" hx-get="/users" hx-target="#content">
+        <button type="button" class="w3-bar-item w3-button" hx-get="/users/" hx-target="#content">
             USERS</button>
         <button type="button" class="w3-bar-item w3-button"
             onclick="document.getElementById('About').style.display='block'">
@@ -67,11 +64,13 @@
 <div id="addProject">
     <div class="w3-container w3-center w3-theme">
         <h1>Add New Project</h1>
-        <form hx-post="/projects" hx-target="#content" hx-target-error="#error">
+        <form hx-post="/projects/" hx-target="#content" hx-target-error="#error">
             <label for="Name">New Project</label><br>
-            <input type="text" placeholder="new project name" name="Name" required><br>
-            <p><button class="w3-button w3-theme-dark w3-padding large" type="button" hx-get="/" hx-target="#content">Cancel</button>
-            <button class="w3-button w3-theme-dark w3-padding large" type="submit">Submit</button></p>
+            <input type="text" placeholder="new project name" name="name" required><br>
+            <p><button class="w3-button w3-theme-dark w3-padding large" type="button" hx-get="/"
+                    hx-target="#content">Cancel</button>
+                <button class="w3-button w3-theme-dark w3-padding large" type="submit">Submit</button>
+            </p>
         </form>
     </div>
 </div>
diff --git a/html/register.html b/html/register.html
index 1541e7a..5a39843 100644
--- a/html/register.html
+++ b/html/register.html
@@ -1,17 +1,20 @@
 {{define "register"}}
-<div id="register" >
-        <div class="w3-container w3-center w3-theme-dark">
-            <h1>Timetrace Registration</h1>
-            <form hx-post="/register" hx-target="#content" hx-target-error="#error">
-                <label for="username">Username</label><br>
-                <input type="text" placeholder="enter username" name="username" required><br>
-                <label for="pass">Password</label><br>
-                <input type="password" placeholder="enter password" name="password" required><br>
-                <button type="submit">Register</button>
-            </form>
-            <div class="w3-container w3-padding-32">
-                <a hx-get="/login" hx-target="#content">Already have an Account? Login</a>
-            </div>
+<div id="register">
+    <div class="w3-container w3-center w3-theme-dark">
+        <h1>Timetrace Add User</h1>
+        <form hx-post="/users/register/" hx-target="#content" hx-target-error="#error">
+            <label for="username">Username</label><br>
+            <input type="text" placeholder="enter username" name="username" required><br>
+            <label for="pass">Password</label><br>
+            <input type="password" placeholder="enter password" name="password" required><br>
+            <label for="admin">IsAdmin</label><br>
+            <input type="checkbox" name="admin"><br>
+            <p></p>
+            <button type="submit">Add</button>
+        </form>
+        <div class="w3-container w3-padding-32">
+            <a hx-get="/" hx-target="#content">Cancel</a>
         </div>
+    </div>
 </div>
 {{end}}
\ No newline at end of file
diff --git a/html/report.html b/html/report.html
index 6cb484d..d65cbcd 100644
--- a/html/report.html
+++ b/html/report.html
@@ -3,7 +3,7 @@
     <div class="w3-third"><br></div>
     <div class="w3-third">
         <h1>Reports</h1>
-        <form class="w3-container" hx-post="/reports" hx-target="#content">
+        <form class="w3-container" hx-post="/reports/" hx-target="#content">
             <p><label>Start Date</label></p>
             <p><input type="date" name="start" value="{{.DefaultDate}}" required></p>
             <p><label>End Date</label></p>
@@ -38,7 +38,8 @@ <h2>Project {{.Project}}</h2>
         {{end}}
         <h2>{{.Total}}</h2>
         {{end}}
-        <button class="w3-button w3-theme-dark w3-padding large" hx-get="/" hx-target="#main" type="button">Close</button>
+        <button class="w3-button w3-theme-dark w3-padding large" hx-get="/" hx-target="#main"
+            type="button">Close</button>
     </div>
 </div>
 {{end}}
diff --git a/html/user.html b/html/user.html
index f9756da..c3a77e8 100644
--- a/html/user.html
+++ b/html/user.html
@@ -16,10 +16,14 @@ <h1>Users</h1>
                 <td>{{.Username}}</td>
                 <td>{{.IsAdmin}}</td>
                 <td><i class="fa fa-edit" hx-get="/users/{{.Username}}" hx-target="#content"></i></td>
-                <td><i class="fa fa-user-slash"></i></td>
+                <td><i class="fa fa-user-slash" hx-delete="/users/{{.Username}}" hx-target="#content"
+                        onsubmit="return confirm('delete user')"></i></td>
             </tr>
             {{end}}
         </table>
+        <div class="w3-center">
+            <p></p>New User &nbsp; <i class="fa fa-user" hx-get="/users/register/" hx-target="#content"></i></p>
+        </div>
     </div>
 </div>
 {{end}}
@@ -29,18 +33,24 @@ <h1>Users</h1>
     <div class="w3-third"><br></div>
     <div class="w3-third">
         <h1>Edit User</h1>
-        <h2>{{.Username}}</h2>
+        <h2>{{.Username}} {{.IsAdmin}}</h2>
         <form name="editUser" hx-post="/users/{{.Username}}" hx-target="#content" onsubmit="return valPass()">
             <label for="password">New Password: </label>
-            <input type="password" placeholder="new password" name="Password" required><br>
+            <input type="password" placeholder="new password" name="password" required><br>
             <label for="verify">Verify Password: </label>
             <input type="password" placeholder="new password" name="verify" required><br><br>
+            {{ if .AsAdmin }}
+            <label for="admin">Admin</label>
+            <input type="checkbox" name="admin" {{ if .IsAdmin}} checked {{end}}><br><br>
+            <button type="button" hx-get="/users/" hx-target="#content">Cancel</button>
+            {{else}}
             <button type="button" hx-get="/" hx-target="#main">Cancel</button>
+            {{end }}
             <button type="submit">Submit</button>
         </form>
         <script>
             function valPass() {
-                var x = document.forms["editUser"]["Password"].value;
+                var x = document.forms["editUser"]["password"].value;
                 var y = document.forms["editUser"]["verify"].value;
                 console.log(x, y)
                 if (x != y) {
diff --git a/main.go b/main.go
index 2cc8a04..dbb0d7f 100644
--- a/main.go
+++ b/main.go
@@ -32,6 +32,7 @@ import (
 
 func main() {
 	logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
+	//logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime), logging.Level(slog.LevelDebug))
 	port, ok := os.LookupEnv("PORT")
 	if !ok {
 		port = "8080"
@@ -56,9 +57,6 @@ func main() {
 			models.TrackingInactive(user.Username)
 		}
 	}
-	router := setupRouter()
-	if err := router.Run(":" + port); err != nil {
-		logger.Error("run router", "err", err)
-		os.Exit(1)
-	}
+	router := setupRouter(logger.Logger)
+	router.Run(":" + port)
 }
diff --git a/middleware.go b/middleware.go
new file mode 100644
index 0000000..ffbf023
--- /dev/null
+++ b/middleware.go
@@ -0,0 +1,60 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/gorilla/sessions"
+)
+
+// Session represents a user session.
+type Session struct {
+	User     string
+	LoggedIn bool
+	Admin    bool
+	Session  *sessions.Session
+}
+
+func auth(next http.Handler) http.Handler {
+	logger.Debug("auth")
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		session := sessionData(r)
+		if session == nil {
+			logger.Error("nil session data")
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+		if !session.LoggedIn {
+			logger.Error("not logged in")
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+		if err := session.Session.Save(r, w); err != nil {
+			logger.Error("save session", "error", err)
+		}
+		next.ServeHTTP(w, r)
+	})
+}
+
+func sessionData(r *http.Request) *Session {
+	sess := &Session{}
+	session, err := store.Get(r, "devilcove-time")
+	if err != nil {
+		logger.Error("session err", "error", err)
+		return nil
+	}
+	user := session.Values["user"]
+	loggedIn := session.Values["loggedIn"]
+	admin := session.Values["admin"]
+	if x, ok := loggedIn.(bool); ok {
+		sess.LoggedIn = x
+	}
+	if u, ok := user.(string); ok {
+		sess.User = u
+	}
+	if a, ok := admin.(bool); ok {
+		sess.Admin = a
+	}
+	sess.Session = session
+	logger.Debug("session", "data", sess)
+	return sess
+}
diff --git a/models/errors.go b/models/errors.go
deleted file mode 100644
index 7ca4ac3..0000000
--- a/models/errors.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package models
-
-import (
-	"log/slog"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-)
-
-// ErrorMessage represents an error message to be return to UI.
-type ErrorMessage struct {
-	Status  string
-	Message string
-}
-
-// Process returns an error message to UI.
-func (e *ErrorMessage) Process(c *gin.Context) {
-	slog.Error(e.Message, "status", e.Status)
-	c.HTML(http.StatusOK, "error", e)
-	c.Abort()
-}
diff --git a/models/page.go b/models/page.go
index 42578d2..0a462ba 100644
--- a/models/page.go
+++ b/models/page.go
@@ -1,7 +1,7 @@
 package models
 
 import (
-	"log"
+	"log/slog"
 	"runtime/debug"
 	"time"
 )
@@ -60,7 +60,7 @@ func GetUserPage(u string) Page {
 	if page, ok := pages[u]; ok {
 		return page
 	}
-	log.Println("user page not set, using default")
+	slog.Info("user page not set, using default")
 	pages[u] = initialize()
 	return pages[u]
 }
@@ -75,7 +75,7 @@ func SetTheme(user, theme string) {
 	pages[user] = page
 }
 
-// SetFont sets the page font for a user.
+// SetFont sets the page font for a useruser page.
 func SetFont(user, font string) {
 	page, ok := pages[user]
 	if !ok {
diff --git a/models/user.go b/models/user.go
index 0ada887..d863b31 100644
--- a/models/user.go
+++ b/models/user.go
@@ -11,3 +11,8 @@ type User struct {
 	IsAdmin  bool
 	Updated  time.Time
 }
+
+type Editor struct {
+	User
+	AsAdmin bool
+}
diff --git a/page.go b/page.go
index 87d01cc..25d9312 100644
--- a/page.go
+++ b/page.go
@@ -8,38 +8,37 @@ import (
 
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
 )
 
-func displayMain(c *gin.Context) {
-	var page models.Page
-	session := sessions.Default(c)
-	user := session.Get("user")
-	loggedIn := session.Get("loggedin")
-	slog.Debug("displaying status for", "user", user, "loggedIn", loggedIn)
-	if user == nil {
-		page = populatePage("")
-	} else {
-		page = populatePage(user.(string))
-	}
-	if loggedIn == nil {
-		page.NeedsLogin = true
+func displayMain(w http.ResponseWriter, r *http.Request) {
+	page := models.GetPage()
+	//session := sessions.Default(c)
+	session := sessionData(r)
+	page.NeedsLogin = true
+	if session != nil {
+		logger.Debug("displaying status for", "user", session.User, "loggedIn", session.LoggedIn)
+		page = populatePage(session.User)
+		//http.Redirect(w, r, "/login", http.StatusSeeOther)
+		if !session.LoggedIn {
+			page.NeedsLogin = true
+		}
 	}
-	slog.Debug("displaystatus", "page", page.NeedsLogin, "refresh", page.Refresh)
-	c.HTML(http.StatusOK, "layout", page)
+	logger.Debug("displaystatus", "page", page.NeedsLogin, "refresh", page.Refresh, "theme", page.Theme)
+	templates.ExecuteTemplate(w, "layout", page)
+	//renderTemplate(w, http.StatusOK, "layout", page)
+	//c.HTML(http.StatusOK, "layout", page)
 }
 
-func displayStatus(c *gin.Context) {
-	session := sessions.Default(c)
-	user := session.Get("user")
-	loggedIn := session.Get("loggedin")
-	if user == nil || loggedIn == nil {
-		displayMain(c)
+func displayStatus(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	user := session.User
+	loggedIn := session.LoggedIn
+	if user == "" || !loggedIn {
+		displayMain(w, r)
 		return
 	}
-	page := populatePage(user.(string))
-	c.HTML(http.StatusOK, "content", page)
+	page := populatePage(user)
+	templates.ExecuteTemplate(w, "content", page)
 }
 
 func populatePage(user string) models.Page {
diff --git a/projects.go b/projects.go
index 7e34aec..3b0c101 100644
--- a/projects.go
+++ b/projects.go
@@ -9,80 +9,84 @@ import (
 
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 )
 
-func getProjects(c *gin.Context) {
-	projects, err := database.GetAllProjects()
-	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
-		return
-	}
-	c.JSON(http.StatusOK, projects)
-}
+// func getProjects(w http.ResponseWriter, r *http.Request) {
+// 	projects, err := database.GetAllProjects()
+// 	if err != nil {
+// 		processError(w, http.StatusInternalServerError, err.Error())
+// 		return
+// 	}
+// 	c.JSON(http.StatusOK, projects)
+// }
 
-func displayProjectForm(c *gin.Context) {
-	c.HTML(http.StatusOK, "addProject", "")
+func displayProjectForm(w http.ResponseWriter, r *http.Request) {
+	templates.ExecuteTemplate(w, "addProject", nil)
 }
 
-func addProject(c *gin.Context) {
-	var project models.Project
-	if err := c.Bind(&project); err != nil {
-		processError(c, http.StatusBadRequest, "could not decode request into json "+err.Error())
-		return
+func addProject(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		processError(w, http.StatusBadRequest, "invalid data sent")
+	}
+	project := models.Project{
+		Name: r.FormValue("name"),
 	}
 	if regexp.MustCompile(`\s+`).MatchString(project.Name) || project.Name == "" {
-		processError(c, http.StatusBadRequest, "invalid project name")
+		processError(w, http.StatusBadRequest, "invalid project name")
 		return
 	}
 	existing, err := database.GetProject(project.Name)
 	if err != nil && err.Error() != "no such project" {
 		slog.Error("add project", "error", err)
-		processError(c, http.StatusInternalServerError, "database error")
+		processError(w, http.StatusInternalServerError, "database error")
 		return
 	}
 	if existing.Name == project.Name {
-		processError(c, http.StatusBadRequest, "project exists")
+		processError(w, http.StatusBadRequest, "project exists")
 		return
 	}
 	project.ID = uuid.New()
 	project.Active = true
 	project.Updated = time.Now()
 	if err := database.SaveProject(&project); err != nil {
-		processError(c, http.StatusInternalServerError, "error saving project "+err.Error())
+		processError(w, http.StatusInternalServerError, "error saving project "+err.Error())
 		return
 	}
-	displayStatus(c)
+	displayMain(w, r)
 }
 
-func getProject(c *gin.Context) {
-	p := c.Param("name")
-	project, err := database.GetProject(p)
-	if err != nil {
-		processError(c, http.StatusBadRequest, "could not retrieve project "+err.Error())
+// func getProject(w http.ResponseWriter, r *http.Request) {
+// 	p := r.PathValue("name")
+// 	project, err := database.GetProject(p)
+// 	if err != nil {
+// 		processError(w, http.StatusBadRequest, "could not retrieve project "+err.Error())
+// 		return
+// 	}
+
+// 	c.JSON(http.StatusOK, project)
+// }
+
+func start(w http.ResponseWriter, r *http.Request) {
+	proj := r.PathValue("name")
+	session := sessionData(r)
+	if session == nil {
+		displayMain(w, r)
 		return
 	}
-	c.JSON(http.StatusOK, project)
-}
-
-func start(c *gin.Context) {
-	session := sessions.Default(c)
-	user := session.Get("user").(string)
-	proj := c.Param("name")
+	user := session.User
 	project, err := database.GetProject(proj)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, "error reading project "+err.Error())
+		processError(w, http.StatusInternalServerError, "error reading project "+err.Error())
 		return
 	}
 	if !project.Active {
-		processError(c, http.StatusBadRequest, "project is not active")
+		processError(w, http.StatusBadRequest, "project is not active")
 		return
 	}
 	if models.IsTrackingActive(user) {
 		if err := stopE(user); err != nil {
-			processError(c, http.StatusInternalServerError, err.Error())
+			processError(w, http.StatusInternalServerError, err.Error())
 			return
 		}
 	}
@@ -93,12 +97,12 @@ func start(c *gin.Context) {
 		Start:   time.Now(),
 	}
 	if err := database.SaveRecord(&record); err != nil {
-		processError(c, http.StatusInternalServerError, "failed to save record "+err.Error())
+		processError(w, http.StatusInternalServerError, "failed to save record "+err.Error())
 		return
 	}
 	models.TrackingActive(user, project)
 	slog.Info("tracking started", "project", project.Name)
-	displayMain(c)
+	displayMain(w, r)
 }
 
 func stopE(user string) error {
@@ -119,12 +123,12 @@ func stopE(user string) error {
 	return nil
 }
 
-func stop(c *gin.Context) {
-	session := sessions.Default(c)
-	user := session.Get("user").(string)
+func stop(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	user := session.User
 	if err := stopE(user); err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	displayMain(c)
+	displayMain(w, r)
 }
diff --git a/projects_test.go b/projects_test.go
index a4edf02..85299cf 100644
--- a/projects_test.go
+++ b/projects_test.go
@@ -198,7 +198,7 @@ func TestStartStopProject(t *testing.T) {
 		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodPost, "/projects/junk/start", nil)
+		req, _ := http.NewRequest(http.MethodPost, "/projects/start/junk", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusInternalServerError)
diff --git a/records.go b/records.go
index e3eaad5..4d08581 100644
--- a/records.go
+++ b/records.go
@@ -6,7 +6,6 @@ import (
 
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 )
 
@@ -45,45 +44,50 @@ func getStatus(user string) (models.StatusResponse, error) {
 	return response, nil
 }
 
-func getRecord(c *gin.Context) {
-	id, err := uuid.Parse(c.Param("id"))
+func getRecord(w http.ResponseWriter, r *http.Request) {
+	id, err := uuid.Parse(r.PathValue("id"))
 	if err != nil {
-		processError(c, http.StatusBadRequest, err.Error())
+		processError(w, http.StatusBadRequest, err.Error())
 		return
 	}
 	record, err := database.GetRecord(id)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	c.HTML(http.StatusOK, "editRecord", record)
+	templates.ExecuteTemplate(w, "editRecord", record)
 }
 
-func editRecord(c *gin.Context) {
-	var err error
-	edit := models.EditRecord{}
-	if err := c.Bind(&edit); err != nil {
-		processError(c, http.StatusBadRequest, err.Error())
-		return
+func editRecord(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		processError(w, http.StatusBadRequest, "invalid data")
+	}
+
+	edit := models.EditRecord{
+		ID:        r.PathValue("id"),
+		Start:     r.FormValue("Start"),
+		StartTime: r.FormValue("StartTime"),
+		End:       r.FormValue("End"),
+		EndTime:   r.FormValue("EndTime"),
 	}
 	record, err := database.GetRecord(uuid.MustParse(edit.ID))
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
 	record.End, err = time.Parse("2006-01-0215:04", edit.End+edit.EndTime)
 	if err != nil {
-		processError(c, http.StatusBadRequest, err.Error())
+		processError(w, http.StatusBadRequest, err.Error())
 		return
 	}
 	record.Start, err = time.Parse("2006-01-0215:04", edit.Start+edit.StartTime)
 	if err != nil {
-		processError(c, http.StatusBadRequest, err.Error())
+		processError(w, http.StatusBadRequest, err.Error())
 		return
 	}
 	if err := database.SaveRecord(&record); err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	displayStatus(c)
+	displayStatus(w, r)
 }
diff --git a/reports.go b/reports.go
index 3acb346..7c772d6 100644
--- a/reports.go
+++ b/reports.go
@@ -1,48 +1,43 @@
 package main
 
 import (
-	"io"
 	"log/slog"
 	"net/http"
 	"time"
 
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
 )
 
-func getReport(c *gin.Context) { //nolint:cyclop,funlen
+func getReport(w http.ResponseWriter, r *http.Request) { //nolint:cyclop,funlen
+	if err := r.ParseForm(); err != nil {
+		processError(w, http.StatusBadRequest, "invalid data")
+	}
 	var err error
 	projectsToQuery := []string{}
-	session := sessions.Default(c)
+	session := sessionData(r)
 	dbRequest := models.DatabaseReportRequest{
-		User: session.Get("user").(string),
+		User: session.User,
 	}
-	reportRequest := models.ReportRequest{}
-	if err := c.Bind(&reportRequest); err != nil {
-		slog.Error("unable to bind", "error", err)
-		processError(c, http.StatusBadRequest, "could not decode request")
-		if c.Request.Body != nil {
-			body, _ := io.ReadAll(c.Request.Body)
-			slog.Info(string(body))
-		}
-		return
+	reportRequest := models.ReportRequest{
+		Start:   r.FormValue("start"),
+		End:     r.FormValue("end"),
+		Project: r.FormValue("project"),
 	}
 	dbRequest.Start, err = time.Parse("2006-01-02", reportRequest.Start)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
 	dbRequest.End, err = time.Parse("2006-01-02", reportRequest.End)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
 	if reportRequest.Project == "" {
 		allProjects, err := database.GetAllProjects()
 		if err != nil {
-			processError(c, http.StatusInternalServerError, err.Error())
+			processError(w, http.StatusInternalServerError, err.Error())
 			return
 		}
 		for _, project := range allProjects {
@@ -59,7 +54,7 @@ func getReport(c *gin.Context) { //nolint:cyclop,funlen
 		dbRequest.Project = project
 		data, err := database.GetReportRecords(dbRequest)
 		if err != nil {
-			processError(c, http.StatusInternalServerError, err.Error())
+			processError(w, http.StatusInternalServerError, err.Error())
 			return
 		}
 		var total time.Duration
@@ -78,12 +73,16 @@ func getReport(c *gin.Context) { //nolint:cyclop,funlen
 			displayRecords = append(displayRecords, displayRecord)
 		}
 	}
-	c.HTML(http.StatusOK, "results", displayRecords)
+	templates.ExecuteTemplate(w, "results", displayRecords)
 }
 
-func report(c *gin.Context) {
-	session := sessions.Default(c)
-	user := session.Get("user").(string)
+func report(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	if session == nil {
+		processError(w, http.StatusBadRequest, "invalid data")
+		return
+	}
+	user := session.User
 	page := populatePage(user)
 	projects, err := database.GetAllProjects()
 	if err != nil {
@@ -93,5 +92,5 @@ func report(c *gin.Context) {
 			page.Projects = append(page.Projects, project.Name)
 		}
 	}
-	c.HTML(http.StatusOK, "report", page)
+	templates.ExecuteTemplate(w, "report", page)
 }
diff --git a/router.go b/router.go
index 142c9d1..2390a1a 100644
--- a/router.go
+++ b/router.go
@@ -1,8 +1,10 @@
 package main
 
 import (
+	"crypto/rand"
 	"embed"
 	"fmt"
+	"html/template"
 	"log"
 	"log/slog"
 	"net/http"
@@ -11,93 +13,91 @@ import (
 	"runtime"
 	"time"
 
+	"github.com/devilcove/mux"
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/cookie"
-	"github.com/gin-gonic/gin"
+	"github.com/gorilla/sessions"
+)
+
+const (
+	sessionBytes = 32
+	cookieAge    = 300
+)
+
+var (
+	store     *sessions.CookieStore
+	templates *template.Template
+	logger    *slog.Logger
 )
 
 //go:embed images/favicon.ico
 var icon embed.FS
 
-func setupRouter() *gin.Engine { //nolint:funlen
-	secret, ok := os.LookupEnv("SESSION_SECRET")
-	if !ok {
-		secret = "secret"
-	}
-	store := cookie.NewStore([]byte(secret))
-	session := sessions.Sessions("time", store)
-	router := gin.Default()
-	router.LoadHTMLGlob("html/*.html")
-	router.Static("images", "./images")
-	router.Static("assets", "./assets")
-	router.StaticFS("/favicon.ico", http.FS(icon))
+func setupRouter(l *slog.Logger) *mux.Router { //nolint:funlen
+	store = sessions.NewCookieStore(randBytes(sessionBytes))
+	store.MaxAge(cookieAge)
+	store.Options.HttpOnly = true
+	store.Options.SameSite = http.SameSiteStrictMode
+
+	router := mux.NewRouter(l, mux.Logger)
+	logger = l
+
+	// router.LoadHTMLGlob("html/*.html")
+	router.Static("/images/", "./images")
+	router.Static("/assets/", "./assets")
+	router.ServeFile("/favicon.ico", "images/favicon.ico")
+	templates = template.Must(template.ParseGlob("html/*"))
+	// templates.Lookup("about").Execute(os.Stdout, nil)
 	// router.SetHTMLTemplate(template.Must(template.New("").Parse("html/*")))
-	_ = router.SetTrustedProxies(nil)
-	router.Use(gin.Recovery(), session)
+	// _ = router.SetTrustedProxies(nil)
+	// router.Use(gin.Recovery(), session)
 	users := router.Group("/users", auth)
-	{
-		users.GET("", getUsers)
-		users.GET("current", getUser)
-		users.POST("", addUser)
-		users.POST(":name", editUser)
-		users.DELETE(":name", deleteUser)
-		users.GET(":name", getUser)
-	}
-	router.GET("/login", displayLogin)
-	router.POST("/login", login)
-	router.GET("/logout", logout)
-	router.GET("/register", register)
-	router.GET("/", displayMain)
-	router.POST("/register", regUser)
+	users.Get("/{$}", getUsers)
+	users.Get("/register/", register)
+	users.Post("/register/", registerUser)
+	//users.Get("current", getUser)
+	// 	users.Post("", addUser)
+	users.Post("/{name}", editUser)
+	users.Delete("/{name}", deleteUser)
+	users.Get("/{name}", getUser)
+	// }
+	// router.Get("/login", displayLogin)
+	router.Post("/login", login)
+	router.Get("/logout/", logout)
+	router.Get("/{$}", displayMain)
+	// router.Post("/register", regUser)
 	projects := router.Group("/projects", auth)
-	{
-		projects.GET("", getProjects)
-		projects.GET("/add", displayProjectForm)
-		projects.POST("", addProject)
-		projects.GET("/:name", getProject)
-		projects.POST("/:name/start", start)
-		projects.POST("/stop", stop)
-		projects.GET("/status", displayStatus)
-	}
+	//projects.Get("/{$}", getProjects)
+	projects.Get("/add/", displayProjectForm)
+	projects.Post("/{$}", addProject)
+	// 	projects.Get("/:name", getProject)
+	projects.Post("/stop/", stop)
+	projects.Post("/start/{name}", start)
+	// 	projects.Get("/status", displayStatus)
+	// }
 	reports := router.Group("/reports", auth)
-	{
-		reports.GET("", report)
-		reports.POST("", getReport)
-	}
+	// {
+	reports.Get("/{$}", report)
+	reports.Post("/{$}", getReport)
+	// }
 	records := router.Group("records", auth)
-	{
-		records.GET("/:id", getRecord)
-		records.POST("/:id", editRecord)
-	}
+	// {
+	records.Get("/{id}", getRecord)
+	records.Post("/{id}", editRecord)
+	// }
 	configuration := router.Group("/config", auth)
-	{
-		configuration.GET("/", config)
-		configuration.POST("/", setConfig)
-	}
+	// {
+	configuration.Get("/{$}", configOld)
+	configuration.Post("/{$}", setConfig)
+	// }
 	return router
 }
 
-func processError(c *gin.Context, status int, message string) {
+func processError(w http.ResponseWriter, status int, message string) {
 	pc, fn, line, _ := runtime.Caller(1)
 	source := fmt.Sprintf("%s[%s:%d]", runtime.FuncForPC(pc).Name(), filepath.Base(fn), line)
 	slog.Error(message, "status", status, "source", source)
-	c.HTML(status, "error", message)
-	c.Abort()
-}
-
-func auth(c *gin.Context) {
-	session := sessions.Default(c)
-	loggedIn := session.Get("loggedin")
-	if loggedIn == nil {
-		slog.Info("not logged in display login page")
-		page := models.GetPage()
-		page.NeedsLogin = true
-		c.HTML(http.StatusOK, "login", page)
-		c.Abort()
-		return
-	}
+	http.Error(w, message, status)
 }
 
 func checkDefaultUser() {
@@ -107,8 +107,8 @@ func checkDefaultUser() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	if len(users) > 1 {
-		slog.Debug("user exists")
+	if len(users) > 0 {
+		slog.Debug("user exists", "user", users[0].Username)
 		return
 	}
 	if user == "" {
@@ -127,5 +127,14 @@ func checkDefaultUser() {
 		IsAdmin:  true,
 		Updated:  time.Now(),
 	})
-	slog.Info("default user created")
+	slog.Info("default user created", "user", user)
+}
+
+func randBytes(l int) []byte {
+	bytes := make([]byte, l)
+	_, err := rand.Read(bytes)
+	if err != nil {
+		panic(err)
+	}
+	return bytes
 }
diff --git a/user_test.go b/user_test.go
index e266f3e..0cb5efe 100644
--- a/user_test.go
+++ b/user_test.go
@@ -11,24 +11,24 @@ import (
 	"time"
 
 	"github.com/Kairum-Labs/should"
+	"github.com/devilcove/mux"
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-gonic/gin"
 	"github.com/mattkasun/tools/logging"
 )
 
 var (
-	router *gin.Engine
+	router *mux.Router
 	w      *httptest.ResponseRecorder
 )
 
 func TestMain(m *testing.M) {
-	logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
+	log := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
 	os.Setenv("DB_FILE", "test.db") //nolint:errcheck,gosec
 	_ = database.InitializeDatabase()
 	defer database.Close()
 	checkDefaultUser()
-	router = setupRouter()
+	router = setupRouter(log.Logger)
 	w = httptest.NewRecorder()
 	os.Exit(m.Run())
 }
diff --git a/users.go b/users.go
index e9b1ef0..5c6208e 100644
--- a/users.go
+++ b/users.go
@@ -1,47 +1,45 @@
 package main
 
 import (
-	"fmt"
 	"log/slog"
 	"net/http"
 	"time"
 
 	"github.com/devilcove/timetraced/database"
 	"github.com/devilcove/timetraced/models"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
+	"github.com/gorilla/sessions"
 	"golang.org/x/crypto/bcrypt"
 )
 
 const SessionAge = 60 * 60 * 8 // 8 hours in seconds
 
-func displayLogin(c *gin.Context) {
-	page := populatePage("")
-	page.NeedsLogin = true
-	c.HTML(http.StatusOK, "login", page)
-}
+// func displayLogin(w http.ResponseWriter, r *http.Request) {
+// 	page := populatePage("")
+// 	page.NeedsLogin = true
+// 	c.HTML(http.StatusOK, "login", page)
+// }
 
-func login(c *gin.Context) {
-	session := sessions.Default(c)
+func login(w http.ResponseWriter, r *http.Request) {
 	var user models.User
-	if err := c.Bind(&user); err != nil {
-		processError(c, http.StatusBadRequest, "invalid user")
-		slog.Error("bind err", "error", err)
+	if err := r.ParseForm(); err != nil {
+		processError(w, http.StatusBadRequest, "invalid user form")
 		return
 	}
-	slog.Debug("login by", "user", user)
+	user.Username = r.FormValue("username")
+	user.Password = r.FormValue("password")
 	if !validateUser(&user) {
-		session.Clear()
-		_ = session.Save()
-		processError(c, http.StatusBadRequest, "invalid user")
-		slog.Warn("validation error", "user", user.Username)
+		processError(w, http.StatusBadRequest, "invalid user")
+		logger.Debug("validation error", "user", user.Username, "pass", user.Password)
 		return
 	}
-	session.Set("loggedin", true)
-	session.Set("user", user.Username)
-	session.Set("admin", user.IsAdmin)
-	session.Options(sessions.Options{MaxAge: SessionAge, Secure: false, SameSite: http.SameSiteLaxMode})
-	_ = session.Save()
+	session := sessions.NewSession(store, "devilcove-time")
+	session.Values["user"] = user.Username
+	session.Values["loggedIn"] = true
+	session.Values["admin"] = user.IsAdmin
+	session.Options = &sessions.Options{MaxAge: SessionAge, Secure: false, SameSite: http.SameSiteLaxMode}
+	if err := session.Save(r, w); err != nil {
+		logger.Error("session save", "error", err)
+	}
 	user.Password = ""
 	slog.Debug("login", "user", user.Username)
 	page := populatePage(user.Username)
@@ -54,20 +52,21 @@ func login(c *gin.Context) {
 			page.Projects = append(page.Projects, project.Name)
 		}
 	}
-	c.HTML(http.StatusOK, "content", page)
+	templates.ExecuteTemplate(w, "content", page)
 }
 
 func validateUser(visitor *models.User) bool {
 	user, err := database.GetUser(visitor.Username)
 	if err != nil {
-		slog.Error("no such user", "user", visitor.Username, "error", err)
+		logger.Error("no such user", "user", visitor.Username, "error", err)
 		return false
 	}
-	fmt.Println(visitor.Username, user.Username)
+	// fmt.Println(visitor.Username, user.Username)
 	if visitor.Username == user.Username && checkPassword(visitor, &user) {
 		visitor.IsAdmin = user.IsAdmin
 		return true
 	}
+	logger.Error("validation failed")
 	return false
 }
 
@@ -79,158 +78,166 @@ func checkPassword(plain, hash *models.User) bool {
 	return err == nil
 }
 
-func logout(c *gin.Context) {
-	session := sessions.Default(c)
-	user := session.Get("user")
-	if user != nil {
-		if err := stopE(user.(string)); err != nil {
-			slog.Error("failed to stop tracking for user on logout", "error", err)
+func logout(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	if session != nil {
+		if err := stopE(session.User); err != nil {
+			logger.Error("failed to stop tracking for user on logout", "error", err)
 		}
+		session.Session.Options.MaxAge = -1
+		session.Session.Save(r, w)
 	}
-	slog.Info("logout", "user", session.Get("user"))
-	// delete cookie
-	session.Clear()
-	_ = session.Save()
-	c.HTML(http.StatusOK, "login", "")
+	http.Redirect(w, r, "/", http.StatusFound)
 }
 
-func register(c *gin.Context) {
+func register(w http.ResponseWriter, r *http.Request) {
 	page := models.GetPage()
-	c.HTML(http.StatusOK, "register", page)
+	templates.ExecuteTemplate(w, "register", page)
 }
 
-func regUser(c *gin.Context) {
+func registerUser(w http.ResponseWriter, r *http.Request) {
 	var user models.User
-	var err error
-	if err := c.Bind(&user); err != nil {
-		processError(c, http.StatusBadRequest, err.Error())
+	if err := r.ParseForm(); err != nil {
+		processError(w, http.StatusBadRequest, "invalid user")
 		return
 	}
+	user.Username = r.FormValue("username")
+	user.Password = r.FormValue("password")
 	if _, err := database.GetUser(user.Username); err == nil {
-		processError(c, http.StatusBadRequest, "user exists")
+		processError(w, http.StatusBadRequest, "user exists")
 		return
 	}
 	if user.Password == "" {
-		processError(c, http.StatusBadRequest, "password cannot be blank")
+		processError(w, http.StatusBadRequest, "password cannot be blank")
 		return
 	}
+	var err error
 	user.Password, err = hashPassword(user.Password)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
 	if err := database.SaveUser(&user); err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
 	slog.Info("new user added", "user", user.Username)
-	displayStatus(c)
+	http.Redirect(w, r, "/users/", http.StatusFound)
 }
 
-func addUser(c *gin.Context) {
-	var user models.User
-	var err error
-	session := sessions.Default(c)
-	admin := session.Get("admin")
-	if !admin.(bool) {
-		processError(c, http.StatusUnauthorized, "only admins can create new users")
-		return
-	}
-	if err := c.BindJSON(&user); err != nil {
-		processError(c, http.StatusBadRequest, "could not decode request into json")
-		return
-	}
-	if _, err := database.GetUser(user.Username); err == nil {
-		processError(c, http.StatusBadRequest, "user exists")
-		return
-	}
-	if user.Username == "" || user.Password == "" {
-		processError(c, http.StatusBadRequest, "username or password cannot be blank")
-		return
-	}
-	user.Password, err = hashPassword(user.Password)
-	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
-		return
-	}
-	if err := database.SaveUser(&user); err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+// func addUser(c *gin.Context) {
+// 	var user models.User
+// 	var err error
+// 	session := sessions.Default(c)
+// 	admin := session.Get("admin")
+// 	if !admin.(bool) {
+// 		processError(w, http.StatusUnauthorized, "only admins can create new users")
+// 		return
+// 	}
+// 	if err := c.BindJSON(&user); err != nil {
+// 		processError(w, http.StatusBadRequest, "could not decode request into json")
+// 		return
+// 	}
+// 	if _, err := database.GetUser(user.Username); err == nil {
+// 		processError(w, http.StatusBadRequest, "user exists")
+// 		return
+// 	}
+// 	if user.Username == "" || user.Password == "" {
+// 		processError(w, http.StatusBadRequest, "username or password cannot be blank")
+// 		return
+// 	}
+// 	user.Password, err = hashPassword(user.Password)
+// 	if err != nil {
+// 		processError(w, http.StatusInternalServerError, err.Error())
+// 		return
+// 	}
+// 	if err := database.SaveUser(&user); err != nil {
+// 		processError(w, http.StatusInternalServerError, err.Error())
+// 		return
+// 	}
+// 	slog.Info("new user added", "user", user.Username)
+// 	c.JSON(http.StatusNoContent, nil)
+// }
+
+func editUser(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	if session == nil {
+		displayMain(w, r)
 		return
 	}
-	slog.Info("new user added", "user", user.Username)
-	c.JSON(http.StatusNoContent, nil)
-}
-
-func editUser(c *gin.Context) {
-	var user struct {
-		Password string
-		Verify   string
+	user := models.User{
+		Username: r.PathValue("name"),
+		Password: r.FormValue("password"),
 	}
-	var err error
-	username := c.Param("name")
-	session := sessions.Default(c)
-	admin := session.Get("admin")
-	visitor := session.Get("user").(string)
-	if err := c.Bind(&user); err != nil {
-		processError(c, http.StatusBadRequest, "could not decode request into json")
-		return
+	if r.FormValue("admin") != "" {
+		user.IsAdmin = true
 	}
-	if username != visitor && !admin.(bool) {
-		processError(c, http.StatusUnauthorized, "you are not authorized to edit this user")
+	logger.Debug("edit user", "new", user)
+	visitor := session.User
+	if user.Username != visitor && !session.Admin {
+		processError(w, http.StatusUnauthorized, "you are not authorized to edit this user")
 		return
 	}
-	updatedUser, err := database.GetUser(username)
+	updatedUser, err := database.GetUser(user.Username)
 	if err != nil {
-		processError(c, http.StatusBadRequest, "user does not exist")
+		processError(w, http.StatusBadRequest, "user does not exist"+user.Username)
 		return
 	}
 	updatedUser.Password, err = hashPassword(user.Password)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	if !admin.(bool) {
+	updatedUser.IsAdmin = user.IsAdmin
+	if !session.Admin {
 		updatedUser.IsAdmin = false
 	}
 	updatedUser.Updated = time.Now()
+	logger.Debug("updating user", "old", user, "new", updatedUser)
 	if err := database.SaveUser(&updatedUser); err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	slog.Info("user updated", "user", updatedUser.Username)
-	displayStatus(c)
+	logger.Info("user updated", "user", updatedUser.Username)
+	http.Redirect(w, r, "/users/", http.StatusFound)
 }
 
-func deleteUser(c *gin.Context) {
-	session := sessions.Default(c)
-	admin := session.Get("admin")
-	user := c.Param("name")
-	if !admin.(bool) {
-		processError(c, http.StatusUnauthorized, "you are not authorized to delete this user")
+func deleteUser(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	if session == nil {
+		displayMain(w, r)
+		return
+	}
+	user := r.PathValue("name")
+	if !session.Admin {
+		processError(w, http.StatusUnauthorized, "you are not authorized to delete this user")
 		return
 	}
 	if _, err := database.GetUser(user); err != nil {
-		processError(c, http.StatusBadRequest, "user does not exist")
+		processError(w, http.StatusBadRequest, "user does not exist")
 		return
 	}
 	if err := database.DeleteUser(user); err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	slog.Info("deleted", "user", user)
-	c.JSON(http.StatusNoContent, nil)
+	logger.Info("deleted", "user", user)
+	getUsers(w, r)
 }
 
-func getUsers(c *gin.Context) {
-	session := sessions.Default(c)
-	admin := session.Get("admin").(bool)
-	if !admin {
-		getCurrentUser(c)
+func getUsers(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	if session == nil {
+		processError(w, http.StatusBadRequest, "no session")
+		return
+	}
+	if !session.Admin {
+		getCurrentUser(w, r)
 		return
 	}
 	users, err := database.GetAllUsers()
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
 	returnedUser := []models.User{}
@@ -238,33 +245,43 @@ func getUsers(c *gin.Context) {
 		user.Password = ""
 		returnedUser = append(returnedUser, user)
 	}
-	c.HTML(http.StatusOK, "user", returnedUser)
+	logger.Info("getusers", "users", returnedUser, "session", session)
+	templates.ExecuteTemplate(w, "user", returnedUser)
+	// c.HTML(http.StatusOK, "user", returnedUser)
 }
 
-func getUser(c *gin.Context) {
-	session := sessions.Default(c)
-	editUser := c.Param("name")
-	if !session.Get("admin").(bool) && editUser != session.Get("user").(string) {
-		processError(c, http.StatusBadRequest, "non-admin cannot edit other users")
+func getUser(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	if session == nil {
+		processError(w, http.StatusBadRequest, "no session")
+		return
+	}
+	editUser := r.PathValue("name")
+	if !session.Admin && editUser != session.User {
+		processError(w, http.StatusBadRequest, "non-admin cannot edit other users")
 		return
 	}
 	user, err := database.GetUser(editUser)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	c.HTML(http.StatusOK, "editUser", user)
+	editor := models.Editor{User: user, AsAdmin: session.Admin}
+	templates.ExecuteTemplate(w, "editUser", editor)
 }
 
-func getCurrentUser(c *gin.Context) {
-	session := sessions.Default(c)
-	visitor := session.Get("user").(string)
-	user, err := database.GetUser(visitor)
+func getCurrentUser(w http.ResponseWriter, r *http.Request) {
+	session := sessionData(r)
+	if session == nil {
+		processError(w, http.StatusBadRequest, "session data")
+	}
+	user, err := database.GetUser(session.User)
 	if err != nil {
-		processError(c, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	c.HTML(http.StatusOK, "editUser", user)
+	editor := models.Editor{User: user, AsAdmin: session.Admin}
+	templates.ExecuteTemplate(w, "editUser", editor)
 }
 
 func hashPassword(password string) (string, error) {

From fb51e06e6ac4db350e7a528ee3c096e77e883ae8 Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Mon, 15 Dec 2025 12:40:29 -0500
Subject: [PATCH 07/10] linting

---
 .golangci.yml  | 12 ++++++++----
 config.go      |  8 ++++----
 main.go        |  2 +-
 models/user.go |  2 ++
 page.go        | 18 +++++++++++-------
 projects.go    |  4 ++--
 records.go     |  2 +-
 reports.go     |  4 ++--
 router.go      | 39 ++++++++++++---------------------------
 users.go       | 21 +++++++++++++--------
 10 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index 5b6697f..737fb35 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -11,6 +11,7 @@ linters:
     - forcetypeassert
     - gochecknoglobals
     - gochecknoinits
+    - lll
     - mnd
     - musttag
     - nlreturn
@@ -27,9 +28,10 @@ linters:
     varnamelen:
       max-distance: 15
       ignore-decls:
-        - c *gin.Context
         - db *bbolt.DB
         - w *httptest.ResponseRecorder
+        - w http.ResponseWriter
+        - r *http.Request
   exclusions:
     generated: lax
     paths:
@@ -39,13 +41,15 @@ linters:
       - examples$
 formatters:
   enable:
-    - gci
-    - gofmt
     - gofumpt
-    - goimports
+    - golines
   exclusions:
     generated: lax
     paths:
       - third_party$
       - builtin$
       - examples$
+issues:
+  max-same-issues: 0
+  max-issues-per-linter: 0
+  unique-by-line: false
diff --git a/config.go b/config.go
index ed957f3..28212b8 100644
--- a/config.go
+++ b/config.go
@@ -7,9 +7,9 @@ import (
 	"github.com/devilcove/timetraced/models"
 )
 
-func configOld(w http.ResponseWriter, r *http.Request) {
+func configOld(w http.ResponseWriter, _ *http.Request) {
 	page := models.GetPage()
-	templates.ExecuteTemplate(w, "config", page)
+	_ = templates.ExecuteTemplate(w, "config", page)
 }
 
 func setConfig(w http.ResponseWriter, r *http.Request) {
@@ -32,6 +32,6 @@ func setConfig(w http.ResponseWriter, r *http.Request) {
 	models.SetFont(user, config.Font)
 	models.SetRefresh(user, config.Refresh)
 	page := models.GetUserPage(user)
-	w.Header().Set("HX-Refresh", "true")
-	templates.ExecuteTemplate(w, "layout", page)
+	w.Header().Set("Hx-Refresh", "true")
+	_ = templates.ExecuteTemplate(w, "layout", page)
 }
diff --git a/main.go b/main.go
index dbb0d7f..91344fb 100644
--- a/main.go
+++ b/main.go
@@ -32,7 +32,7 @@ import (
 
 func main() {
 	logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
-	//logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime), logging.Level(slog.LevelDebug))
+	// logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime), logging.Level(slog.LevelDebug))
 	port, ok := os.LookupEnv("PORT")
 	if !ok {
 		port = "8080"
diff --git a/models/user.go b/models/user.go
index d863b31..3503359 100644
--- a/models/user.go
+++ b/models/user.go
@@ -12,7 +12,9 @@ type User struct {
 	Updated  time.Time
 }
 
+// Editor represents the an editor of a user.
 type Editor struct {
 	User
+
 	AsAdmin bool
 }
diff --git a/page.go b/page.go
index 25d9312..a597a2a 100644
--- a/page.go
+++ b/page.go
@@ -12,21 +12,25 @@ import (
 
 func displayMain(w http.ResponseWriter, r *http.Request) {
 	page := models.GetPage()
-	//session := sessions.Default(c)
 	session := sessionData(r)
 	page.NeedsLogin = true
 	if session != nil {
 		logger.Debug("displaying status for", "user", session.User, "loggedIn", session.LoggedIn)
 		page = populatePage(session.User)
-		//http.Redirect(w, r, "/login", http.StatusSeeOther)
 		if !session.LoggedIn {
 			page.NeedsLogin = true
 		}
 	}
-	logger.Debug("displaystatus", "page", page.NeedsLogin, "refresh", page.Refresh, "theme", page.Theme)
-	templates.ExecuteTemplate(w, "layout", page)
-	//renderTemplate(w, http.StatusOK, "layout", page)
-	//c.HTML(http.StatusOK, "layout", page)
+	logger.Debug(
+		"displaystatus",
+		"page",
+		page.NeedsLogin,
+		"refresh",
+		page.Refresh,
+		"theme",
+		page.Theme,
+	)
+	_ = templates.ExecuteTemplate(w, "layout", page)
 }
 
 func displayStatus(w http.ResponseWriter, r *http.Request) {
@@ -38,7 +42,7 @@ func displayStatus(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	page := populatePage(user)
-	templates.ExecuteTemplate(w, "content", page)
+	_ = templates.ExecuteTemplate(w, "content", page)
 }
 
 func populatePage(user string) models.Page {
diff --git a/projects.go b/projects.go
index 3b0c101..93eb2f0 100644
--- a/projects.go
+++ b/projects.go
@@ -21,8 +21,8 @@ import (
 // 	c.JSON(http.StatusOK, projects)
 // }
 
-func displayProjectForm(w http.ResponseWriter, r *http.Request) {
-	templates.ExecuteTemplate(w, "addProject", nil)
+func displayProjectForm(w http.ResponseWriter, _ *http.Request) {
+	_ = templates.ExecuteTemplate(w, "addProject", nil)
 }
 
 func addProject(w http.ResponseWriter, r *http.Request) {
diff --git a/records.go b/records.go
index 4d08581..573be8e 100644
--- a/records.go
+++ b/records.go
@@ -55,7 +55,7 @@ func getRecord(w http.ResponseWriter, r *http.Request) {
 		processError(w, http.StatusInternalServerError, err.Error())
 		return
 	}
-	templates.ExecuteTemplate(w, "editRecord", record)
+	_ = templates.ExecuteTemplate(w, "editRecord", record)
 }
 
 func editRecord(w http.ResponseWriter, r *http.Request) {
diff --git a/reports.go b/reports.go
index 7c772d6..e664722 100644
--- a/reports.go
+++ b/reports.go
@@ -73,7 +73,7 @@ func getReport(w http.ResponseWriter, r *http.Request) { //nolint:cyclop,funlen
 			displayRecords = append(displayRecords, displayRecord)
 		}
 	}
-	templates.ExecuteTemplate(w, "results", displayRecords)
+	_ = templates.ExecuteTemplate(w, "results", displayRecords)
 }
 
 func report(w http.ResponseWriter, r *http.Request) {
@@ -92,5 +92,5 @@ func report(w http.ResponseWriter, r *http.Request) {
 			page.Projects = append(page.Projects, project.Name)
 		}
 	}
-	templates.ExecuteTemplate(w, "report", page)
+	_ = templates.ExecuteTemplate(w, "report", page)
 }
diff --git a/router.go b/router.go
index 2390a1a..dc64b78 100644
--- a/router.go
+++ b/router.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"crypto/rand"
-	"embed"
 	"fmt"
 	"html/template"
 	"log"
@@ -30,10 +29,10 @@ var (
 	logger    *slog.Logger
 )
 
-//go:embed images/favicon.ico
-var icon embed.FS
+// //go:embed images/favicon.ico
+// var icon embed.FS
 
-func setupRouter(l *slog.Logger) *mux.Router { //nolint:funlen
+func setupRouter(l *slog.Logger) *mux.Router {
 	store = sessions.NewCookieStore(randBytes(sessionBytes))
 	store.MaxAge(cookieAge)
 	store.Options.HttpOnly = true
@@ -42,54 +41,40 @@ func setupRouter(l *slog.Logger) *mux.Router { //nolint:funlen
 	router := mux.NewRouter(l, mux.Logger)
 	logger = l
 
-	// router.LoadHTMLGlob("html/*.html")
 	router.Static("/images/", "./images")
 	router.Static("/assets/", "./assets")
 	router.ServeFile("/favicon.ico", "images/favicon.ico")
 	templates = template.Must(template.ParseGlob("html/*"))
-	// templates.Lookup("about").Execute(os.Stdout, nil)
-	// router.SetHTMLTemplate(template.Must(template.New("").Parse("html/*")))
-	// _ = router.SetTrustedProxies(nil)
-	// router.Use(gin.Recovery(), session)
+
+	router.Post("/login", login)
+	router.Get("/logout/", logout)
+	router.Get("/{$}", displayMain)
+
 	users := router.Group("/users", auth)
 	users.Get("/{$}", getUsers)
 	users.Get("/register/", register)
 	users.Post("/register/", registerUser)
-	//users.Get("current", getUser)
-	// 	users.Post("", addUser)
 	users.Post("/{name}", editUser)
 	users.Delete("/{name}", deleteUser)
 	users.Get("/{name}", getUser)
-	// }
-	// router.Get("/login", displayLogin)
-	router.Post("/login", login)
-	router.Get("/logout/", logout)
-	router.Get("/{$}", displayMain)
-	// router.Post("/register", regUser)
+
 	projects := router.Group("/projects", auth)
-	//projects.Get("/{$}", getProjects)
 	projects.Get("/add/", displayProjectForm)
 	projects.Post("/{$}", addProject)
-	// 	projects.Get("/:name", getProject)
 	projects.Post("/stop/", stop)
 	projects.Post("/start/{name}", start)
-	// 	projects.Get("/status", displayStatus)
-	// }
+
 	reports := router.Group("/reports", auth)
-	// {
 	reports.Get("/{$}", report)
 	reports.Post("/{$}", getReport)
-	// }
+
 	records := router.Group("records", auth)
-	// {
 	records.Get("/{id}", getRecord)
 	records.Post("/{id}", editRecord)
-	// }
+
 	configuration := router.Group("/config", auth)
-	// {
 	configuration.Get("/{$}", configOld)
 	configuration.Post("/{$}", setConfig)
-	// }
 	return router
 }
 
diff --git a/users.go b/users.go
index 5c6208e..676c327 100644
--- a/users.go
+++ b/users.go
@@ -36,7 +36,11 @@ func login(w http.ResponseWriter, r *http.Request) {
 	session.Values["user"] = user.Username
 	session.Values["loggedIn"] = true
 	session.Values["admin"] = user.IsAdmin
-	session.Options = &sessions.Options{MaxAge: SessionAge, Secure: false, SameSite: http.SameSiteLaxMode}
+	session.Options = &sessions.Options{
+		MaxAge:   SessionAge,
+		Secure:   false,
+		SameSite: http.SameSiteLaxMode,
+	}
 	if err := session.Save(r, w); err != nil {
 		logger.Error("session save", "error", err)
 	}
@@ -52,7 +56,7 @@ func login(w http.ResponseWriter, r *http.Request) {
 			page.Projects = append(page.Projects, project.Name)
 		}
 	}
-	templates.ExecuteTemplate(w, "content", page)
+	_ = templates.ExecuteTemplate(w, "content", page)
 }
 
 func validateUser(visitor *models.User) bool {
@@ -85,14 +89,14 @@ func logout(w http.ResponseWriter, r *http.Request) {
 			logger.Error("failed to stop tracking for user on logout", "error", err)
 		}
 		session.Session.Options.MaxAge = -1
-		session.Session.Save(r, w)
+		_ = session.Session.Save(r, w)
 	}
 	http.Redirect(w, r, "/", http.StatusFound)
 }
 
-func register(w http.ResponseWriter, r *http.Request) {
+func register(w http.ResponseWriter, _ *http.Request) {
 	page := models.GetPage()
-	templates.ExecuteTemplate(w, "register", page)
+	_ = templates.ExecuteTemplate(w, "register", page)
 }
 
 func registerUser(w http.ResponseWriter, r *http.Request) {
@@ -246,7 +250,7 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
 		returnedUser = append(returnedUser, user)
 	}
 	logger.Info("getusers", "users", returnedUser, "session", session)
-	templates.ExecuteTemplate(w, "user", returnedUser)
+	_ = templates.ExecuteTemplate(w, "user", returnedUser)
 	// c.HTML(http.StatusOK, "user", returnedUser)
 }
 
@@ -267,13 +271,14 @@ func getUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	editor := models.Editor{User: user, AsAdmin: session.Admin}
-	templates.ExecuteTemplate(w, "editUser", editor)
+	_ = templates.ExecuteTemplate(w, "editUser", editor)
 }
 
 func getCurrentUser(w http.ResponseWriter, r *http.Request) {
 	session := sessionData(r)
 	if session == nil {
 		processError(w, http.StatusBadRequest, "session data")
+		return
 	}
 	user, err := database.GetUser(session.User)
 	if err != nil {
@@ -281,7 +286,7 @@ func getCurrentUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	editor := models.Editor{User: user, AsAdmin: session.Admin}
-	templates.ExecuteTemplate(w, "editUser", editor)
+	_ = templates.ExecuteTemplate(w, "editUser", editor)
 }
 
 func hashPassword(password string) (string, error) {

From 4140c8680cbd2b5c490b728c19ed7388be21a71b Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Mon, 15 Dec 2025 18:46:45 -0500
Subject: [PATCH 08/10] update database tests

config tests

middleware tests

router tests

cleanup navbar routing

update tests

records tests

tweak reports test

remove unused funcs

models tests
---
 config_test.go           |  41 ++++++
 database/project_test.go |  39 +++++
 database/records_test.go | 133 +++++++++++++++++
 database/user_test.go    | 106 ++++++++++++++
 html/navbar.html         |  10 +-
 main.go                  |   5 +-
 middleware.go            |   7 +-
 middleware_test.go       |  27 ++++
 models/page_test.go      |  99 +++++++++++++
 projects.go              |  23 +--
 projects_test.go         | 198 +++++++++----------------
 records_test.go          | 136 +++++++++++++++++
 reports.go               |   2 +-
 reports_test.go          |  77 +++++-----
 router.go                |  18 ++-
 router_test.go           |  25 ++++
 user_test.go             | 307 +++++++++++++++++----------------------
 users.go                 |  50 ++-----
 18 files changed, 884 insertions(+), 419 deletions(-)
 create mode 100644 config_test.go
 create mode 100644 database/user_test.go
 create mode 100644 middleware_test.go
 create mode 100644 models/page_test.go
 create mode 100644 records_test.go
 create mode 100644 router_test.go

diff --git a/config_test.go b/config_test.go
new file mode 100644
index 0000000..6b1fd94
--- /dev/null
+++ b/config_test.go
@@ -0,0 +1,41 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/Kairum-Labs/should"
+)
+
+func TestConfig(t *testing.T) {
+	createAdmin()
+	c := adminLogin()
+	if c == nil {
+		t.FailNow()
+	}
+	t.Run("get", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/config/", nil)
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+	})
+	t.Run("update", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		body := bodyParams("theme", "red", "font", "tangerine", "refesh", "10")
+		r := httptest.NewRequest(http.MethodPost, "/config/", body)
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+	})
+	t.Run("invalid refresh", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		body := bodyParams("theme", "red", "font", "tangerine", "refesh", "junk")
+		r := httptest.NewRequest(http.MethodPost, "/config/", body)
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+
+	})
+}
diff --git a/database/project_test.go b/database/project_test.go
index 5cff0a5..81c2051 100644
--- a/database/project_test.go
+++ b/database/project_test.go
@@ -38,3 +38,42 @@ func TestGetProject(t *testing.T) {
 		should.BeEqual(t, project, models.Project{})
 	})
 }
+
+func TestGetAllProjects(t *testing.T) {
+	projects, err := GetAllProjects()
+	t.Log(projects, err)
+	should.BeNil(t, err)
+	should.NotBeEmpty(t, projects)
+}
+
+func TestDeleteProject(t *testing.T) {
+	err := SaveProject(&models.Project{
+		ID:      uuid.New(),
+		Name:    "toBeDeleted",
+		Active:  true,
+		Updated: time.Now(),
+	})
+	should.BeNil(t, err)
+	err = DeleteProject("tobeDeleted")
+	should.BeNil(t, err)
+}
+
+func TestGetActiveProject(t *testing.T) {
+	err := SaveProject(&models.Project{
+		ID:      uuid.New(),
+		Name:    "one",
+		Active:  true,
+		Updated: time.Now(),
+	})
+	should.BeNil(t, err)
+	should.BeNil(t, deleteAllRecords())
+	should.BeNil(t, createTestRecords())
+	t.Run("ok", func(t *testing.T) {
+		project := GetActiveProject("testUser")
+		should.BeEqual(t, project.Name, "one")
+	})
+	t.Run("none", func(t *testing.T) {
+		project := GetActiveProject("user1")
+		should.BeNil(t, project)
+	})
+}
diff --git a/database/records_test.go b/database/records_test.go
index 4eaaa92..27e1ee0 100644
--- a/database/records_test.go
+++ b/database/records_test.go
@@ -3,6 +3,10 @@ package database
 import (
 	"testing"
 	"time"
+
+	"github.com/Kairum-Labs/should"
+	"github.com/devilcove/timetraced/models"
+	"github.com/google/uuid"
 )
 
 func Test_truncateToStart(t *testing.T) {
@@ -56,3 +60,132 @@ func Test_truncateToEnd(t *testing.T) {
 		})
 	}
 }
+
+func TestSaveRecord(t *testing.T) {
+	should.BeNil(t, deleteAllRecords())
+	err := SaveRecord(&models.Record{
+		ID:      uuid.New(),
+		Project: "one",
+		User:    "testUser",
+		Start:   time.Now().Add(time.Hour * -1),
+		End:     time.Now(),
+	})
+	should.BeNil(t, err)
+}
+
+func TestGetRecord(t *testing.T) {
+	should.BeNil(t, deleteAllRecords())
+	should.BeNil(t, createTestRecords())
+	records, err := GetAllRecords()
+	should.BeNil(t, err)
+	should.BeEqual(t, len(records), 3)
+	record, err := GetRecord(records[0].ID)
+	should.BeNil(t, err)
+	should.BeEqual(t, record.User, records[0].User)
+	//t.Log(record)
+}
+
+func TestGetTodaysRecords(t *testing.T) {
+	should.BeNil(t, deleteAllRecords())
+	should.BeNil(t, createTestRecords())
+	t.Run("all", func(t *testing.T) {
+		records, err := GetTodaysRecords()
+		should.BeNil(t, err)
+		should.BeEqual(t, len(records), 3)
+	})
+	t.Run("forUser", func(t *testing.T) {
+		records, err := GetTodaysRecordsForUser("testUser")
+		should.BeNil(t, err)
+		should.BeEqual(t, len(records), 2)
+	})
+}
+
+func TestGetReportRecords(t *testing.T) {
+	should.BeNil(t, deleteAllRecords())
+	should.BeNil(t, createTestRecords())
+	t.Run("today", func(t *testing.T) {
+		records, err := GetReportRecords(models.DatabaseReportRequest{
+			Start:   time.Now(),
+			End:     time.Now(),
+			Project: "one",
+			User:    "testUser",
+		})
+		should.BeNil(t, err)
+		should.BeEqual(t, len(records), 2)
+	})
+	t.Run("yesterday", func(t *testing.T) {
+		records, err := GetReportRecords(models.DatabaseReportRequest{
+			Start:   time.Now().Add(time.Hour * -24 * 7),
+			End:     time.Now().Add(time.Hour * -24),
+			Project: "one",
+			User:    "testUser",
+		})
+		should.BeNil(t, err)
+		should.BeEqual(t, len(records), 0)
+	})
+}
+
+func TestDeleteRecords(t *testing.T) {
+	should.BeNil(t, deleteAllRecords())
+	should.BeNil(t, createTestRecords())
+	records, err := GetAllRecords()
+	should.BeNil(t, err)
+	err = DeleteRecord(records[0].ID)
+	should.BeNil(t, err)
+	remainder, err := GetAllRecords()
+	should.BeNil(t, err)
+	should.BeLessThan(t, len(remainder), len(records))
+}
+
+func TestGetAllRecordsForUser(t *testing.T) {
+	should.BeNil(t, deleteAllRecords())
+	should.BeNil(t, createTestRecords())
+	records, err := GetAllRecordsForUser("testUser")
+	should.BeNil(t, err)
+	should.BeEqual(t, len(records), 2)
+}
+
+func createTestRecords() error {
+	records := []models.Record{
+		{
+			ID:      uuid.New(),
+			Project: "one",
+			User:    "testUser",
+			Start:   time.Now().Add(time.Hour * -1),
+			//End:     time.Now(),
+		},
+		{
+			ID:      uuid.New(),
+			Project: "one",
+			User:    "testUser",
+			Start:   time.Now().Add(time.Hour * -2),
+			End:     time.Now().Add(time.Hour * -1),
+		},
+		{
+			ID:      uuid.New(),
+			Project: "two",
+			User:    "user1",
+			Start:   time.Now().Add(time.Hour * -2),
+			End:     time.Now().Add(time.Hour * -1),
+		},
+	}
+	for _, record := range records {
+		if err := SaveRecord(&record); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func deleteAllRecords() error {
+	records, err := GetAllRecords()
+	if err != nil {
+		return err
+	}
+	for _, record := range records {
+		if err := DeleteRecord(record.ID); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/database/user_test.go b/database/user_test.go
new file mode 100644
index 0000000..bf81cca
--- /dev/null
+++ b/database/user_test.go
@@ -0,0 +1,106 @@
+package database
+
+import (
+	"testing"
+
+	"github.com/Kairum-Labs/should"
+	"github.com/devilcove/timetraced/models"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func TestSaveUser(t *testing.T) {
+	err := SaveUser(&models.User{
+		Username: "testUser",
+		Password: "don't care",
+	})
+	should.BeNil(t, err)
+	should.BeNil(t, deleteAllUsers())
+}
+
+func TestDeleteUser(t *testing.T) {
+	err := createTestUser(models.User{
+		Username: "testUser",
+		Password: "don't care",
+	})
+	should.BeNil(t, err)
+	err = DeleteUser("testUser")
+	should.BeNil(t, err)
+	err = DeleteUser("testUser") // deleting a non-exitent entry does not return error
+	should.BeNil(t, err)
+}
+
+func TestGetUsers(t *testing.T) {
+	should.BeNil(t, deleteAllUsers())
+	t.Run("no users", func(t *testing.T) {
+		user, err := GetUser("testUser")
+		should.NotBeNil(t, err)
+		should.BeEqual(t, user, models.User{})
+	})
+	t.Run("one user", func(t *testing.T) {
+		should.BeNil(t, createTestUser(models.User{
+			Username: "testUser",
+		}))
+		user, err := GetUser("testUser")
+		should.BeNil(t, err)
+		should.BeEqual(t, user.Username, "testUser")
+	})
+	t.Run("multiple users", func(t *testing.T) {
+		should.BeNil(t, createTestUser(models.User{
+			Username: "user2",
+		}))
+		user, err := GetUser("testUser")
+		should.BeNil(t, err)
+		should.BeEqual(t, user.Username, "testUser")
+	})
+}
+
+func TestGetAllUsers(t *testing.T) {
+	should.BeNil(t, deleteAllUsers())
+	t.Run("no users", func(t *testing.T) {
+		users, err := GetAllUsers()
+		should.BeNil(t, err)
+		should.BeEmpty(t, users)
+	})
+	t.Run("one user", func(t *testing.T) {
+		should.BeNil(t, createTestUser(models.User{
+			Username: "testUser",
+		}))
+		users, err := GetAllUsers()
+		should.BeNil(t, err)
+		should.BeEqual(t, len(users), 1)
+	})
+	t.Run("multiple users", func(t *testing.T) {
+		should.BeNil(t, createTestUser(models.User{
+			Username: "user2",
+		}))
+		users, err := GetAllUsers()
+		should.BeNil(t, err)
+		should.BeGreaterThan(t, len(users), 1)
+	})
+}
+
+func createTestUser(user models.User) error {
+	user.Password, _ = hashPassword(user.Password)
+	if err := SaveUser(&user); err != nil {
+		return err
+	}
+	return nil
+}
+
+func hashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 4)
+	return string(bytes), err
+}
+
+func deleteAllUsers() error {
+	users, err := GetAllUsers()
+	if err != nil {
+		return nil
+	}
+	for _, user := range users {
+		if err := DeleteUser(user.Username); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/html/navbar.html b/html/navbar.html
index cb857cd..95ff251 100644
--- a/html/navbar.html
+++ b/html/navbar.html
@@ -21,13 +21,13 @@
                 <a href="/logout/" class="w3-bar-item w3-button">Logout</a>
             </details>
         </div>
-        <button type="button" class="w3-bar-item w3-button" hx-get="/reports" hx-target="#content">
+        <button type="button" class="w3-bar-item w3-button" hx-get="/reports/" hx-target="#content">
             <i class="fa fa-file-alt w3-xxxlarge"></i>
             REPORTS</button>
-        <button type="button" class="w3-bar-item w3-button" hx-get="/users" hx-target="#content">
+        <button type="button" class="w3-bar-item w3-button" hx-get="/users/" hx-target="#content">
             <i class="fa fa-user w3-xxxlarge"></i>
             USERS</button>
-        <button type="button" class="w3-bar-item w3-button" hx-get="/config" hx-target="#content">
+        <button type="button" class="w3-bar-item w3-button" hx-get="/config/" hx-target="#content">
             <i class="fa fa-cog w3-xxxlarge"></i>
             SETTINGS</button>
         <button type="button" class="w3-bar-item w3-button"
@@ -64,11 +64,11 @@
 <div id="addProject">
     <div class="w3-container w3-center w3-theme">
         <h1>Add New Project</h1>
-        <form hx-post="/projects/" hx-target="#content" hx-target-error="#error">
+        <form hx-post="/projects/" hx-target="#main" hx-target-error="#error">
             <label for="Name">New Project</label><br>
             <input type="text" placeholder="new project name" name="name" required><br>
             <p><button class="w3-button w3-theme-dark w3-padding large" type="button" hx-get="/"
-                    hx-target="#content">Cancel</button>
+                    hx-target="#main">Cancel</button>
                 <button class="w3-button w3-theme-dark w3-padding large" type="submit">Submit</button>
             </p>
         </form>
diff --git a/main.go b/main.go
index 91344fb..43d6beb 100644
--- a/main.go
+++ b/main.go
@@ -22,6 +22,7 @@ limitations under the License.
 package main
 
 import (
+	"log/slog"
 	"os"
 	"time"
 
@@ -31,8 +32,8 @@ import (
 )
 
 func main() {
-	logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
-	// logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime), logging.Level(slog.LevelDebug))
+	// logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
+	logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime), logging.Level(slog.LevelDebug))
 	port, ok := os.LookupEnv("PORT")
 	if !ok {
 		port = "8080"
diff --git a/middleware.go b/middleware.go
index ffbf023..28c5ca0 100644
--- a/middleware.go
+++ b/middleware.go
@@ -15,17 +15,17 @@ type Session struct {
 }
 
 func auth(next http.Handler) http.Handler {
-	logger.Debug("auth")
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		session := sessionData(r)
 		if session == nil {
 			logger.Error("nil session data")
-			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			http.Redirect(w, r, "/login/", http.StatusSeeOther)
 			return
 		}
+		logger.Debug("auth", "session", session)
 		if !session.LoggedIn {
 			logger.Error("not logged in")
-			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			http.Redirect(w, r, "/login/", http.StatusSeeOther)
 			return
 		}
 		if err := session.Session.Save(r, w); err != nil {
@@ -55,6 +55,5 @@ func sessionData(r *http.Request) *Session {
 		sess.Admin = a
 	}
 	sess.Session = session
-	logger.Debug("session", "data", sess)
 	return sess
 }
diff --git a/middleware_test.go b/middleware_test.go
new file mode 100644
index 0000000..17acb6e
--- /dev/null
+++ b/middleware_test.go
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/Kairum-Labs/should"
+)
+
+func TestAuth(t *testing.T) {
+	t.Run("unauthorized", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/users/", nil)
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusSeeOther)
+		should.BeEqual(t, w.Result().Header.Get("Location"), "/login/")
+	})
+	t.Run("authorized", func(t *testing.T) {
+		createAdmin()
+		r := httptest.NewRequest(http.MethodGet, "/users/", nil)
+		r.AddCookie(adminLogin())
+		w := httptest.NewRecorder()
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+	})
+}
diff --git a/models/page_test.go b/models/page_test.go
new file mode 100644
index 0000000..742a431
--- /dev/null
+++ b/models/page_test.go
@@ -0,0 +1,99 @@
+package models
+
+import (
+	"testing"
+	"time"
+
+	"github.com/Kairum-Labs/should"
+)
+
+func TestGetPage(t *testing.T) {
+	page := GetPage()
+	should.BeEqual(t, page.Theme, "indigo")
+	should.BeEqual(t, page.Font, "Roboto")
+	should.BeEqual(t, page.Refresh, 5)
+}
+
+func TestGetUserPage(t *testing.T) {
+	t.Run("existing", func(t *testing.T) {
+		page := GetUserPage("tester")
+		page2 := GetUserPage("tester")
+		should.BeEqual(t, page, page2)
+	})
+	t.Run("empty", func(t *testing.T) {
+		page := GetUserPage("")
+		should.BeEqual(t, page.Theme, "indigo")
+	})
+}
+
+func TestSetTheme(t *testing.T) {
+	t.Run("existing", func(t *testing.T) {
+		page := GetUserPage("tester")
+		SetTheme("tester", "red")
+		page2 := GetUserPage("tester")
+		should.NotBeEqual(t, page, page2)
+		should.BeEqual(t, page2.Theme, "red")
+	})
+	t.Run("new", func(t *testing.T) {
+		SetTheme("tester2", "pink")
+		page := GetUserPage("tester2")
+		should.BeEqual(t, page.Theme, "pink")
+	})
+}
+
+func TestSetFont(t *testing.T) {
+	t.Run("existing", func(t *testing.T) {
+		page := GetUserPage("tester")
+		SetFont("tester", "tangerine")
+		page2 := GetUserPage("tester")
+		should.NotBeEqual(t, page, page2)
+		should.BeEqual(t, page2.Font, "tangerine")
+	})
+	t.Run("new", func(t *testing.T) {
+		SetFont("tester3", "tangerine")
+		page := GetUserPage("tester3")
+		should.BeEqual(t, page.Font, "tangerine")
+	})
+}
+
+func TestSetRefresh(t *testing.T) {
+	t.Run("existing", func(t *testing.T) {
+		page := GetUserPage("tester")
+		SetRefresh("tester", 10)
+		page2 := GetUserPage("tester")
+		should.NotBeEqual(t, page, page2)
+		should.BeEqual(t, page2.Refresh, 10)
+	})
+	t.Run("new", func(t *testing.T) {
+		SetRefresh("tester4", 12)
+		page := GetUserPage("tester4")
+		should.BeEqual(t, page.Refresh, 12)
+	})
+}
+
+func TestTracking(t *testing.T) {
+	tracking := IsTrackingActive("tester")
+	should.BeFalse(t, tracking)
+	project := Tracked("tester")
+	should.BeEqual(t, project, "")
+	TrackingActive("tester", Project{Name: "project"})
+	tracking = IsTrackingActive("tester")
+	should.BeTrue(t, tracking)
+	project = Tracked("tester")
+	should.BeEqual(t, project, "project")
+	TrackingInactive("tester")
+	tracking = IsTrackingActive("tester")
+	should.BeFalse(t, tracking)
+}
+
+func TestRecords(t *testing.T) {
+	s := FmtDuration(time.Minute * 57)
+	should.BeEqual(t, s, "00:57 ( 1.0 Hours)")
+	record := Record{
+		End:   time.Now(),
+		Start: time.Now().Add(time.Hour * -1),
+	}
+	expected := record.End.Sub(record.Start)
+	dur := record.Duration()
+	should.BeEqual(t, dur, expected)
+}
diff --git a/projects.go b/projects.go
index 93eb2f0..f7a3a57 100644
--- a/projects.go
+++ b/projects.go
@@ -12,15 +12,6 @@ import (
 	"github.com/google/uuid"
 )
 
-// func getProjects(w http.ResponseWriter, r *http.Request) {
-// 	projects, err := database.GetAllProjects()
-// 	if err != nil {
-// 		processError(w, http.StatusInternalServerError, err.Error())
-// 		return
-// 	}
-// 	c.JSON(http.StatusOK, projects)
-// }
-
 func displayProjectForm(w http.ResponseWriter, _ *http.Request) {
 	_ = templates.ExecuteTemplate(w, "addProject", nil)
 }
@@ -38,7 +29,6 @@ func addProject(w http.ResponseWriter, r *http.Request) {
 	}
 	existing, err := database.GetProject(project.Name)
 	if err != nil && err.Error() != "no such project" {
-		slog.Error("add project", "error", err)
 		processError(w, http.StatusInternalServerError, "database error")
 		return
 	}
@@ -56,17 +46,6 @@ func addProject(w http.ResponseWriter, r *http.Request) {
 	displayMain(w, r)
 }
 
-// func getProject(w http.ResponseWriter, r *http.Request) {
-// 	p := r.PathValue("name")
-// 	project, err := database.GetProject(p)
-// 	if err != nil {
-// 		processError(w, http.StatusBadRequest, "could not retrieve project "+err.Error())
-// 		return
-// 	}
-
-// 	c.JSON(http.StatusOK, project)
-// }
-
 func start(w http.ResponseWriter, r *http.Request) {
 	proj := r.PathValue("name")
 	session := sessionData(r)
@@ -77,7 +56,7 @@ func start(w http.ResponseWriter, r *http.Request) {
 	user := session.User
 	project, err := database.GetProject(proj)
 	if err != nil {
-		processError(w, http.StatusInternalServerError, "error reading project "+err.Error())
+		processError(w, http.StatusBadRequest, "error reading project "+err.Error())
 		return
 	}
 	if !project.Active {
diff --git a/projects_test.go b/projects_test.go
index 85299cf..4149a17 100644
--- a/projects_test.go
+++ b/projects_test.go
@@ -17,61 +17,51 @@ import (
 
 func TestAddProject(t *testing.T) {
 	deleteAllProjects()
-	err := createTestUser(models.User{Username: "admin", Password: "password", IsAdmin: true})
-	should.BeNil(t, err)
-
-	t.Run("new project", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
+	createAdmin()
 
+	t.Run("displayForm", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		project := models.Project{
-			Name: "test",
-		}
-		payload, err := json.Marshal(&project)
-		should.BeNil(t, err)
-		t.Log(string(payload))
-		req, err := http.NewRequest(http.MethodPost, "/projects", bytes.NewBuffer(payload))
-		should.BeNil(t, err)
-		req.AddCookie(cookie)
-		req.Header.Set("Content-Type", "application/json")
-		b, err := io.ReadAll(req.Body)
+		r := httptest.NewRequest(http.MethodGet, "/projects/add/", nil)
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
-		t.Log(string(b))
+		should.ContainSubstring(t, string(body), "Add New Project")
+	})
+	t.Run("new", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		payload := bodyParams("name", "test")
+		req := httptest.NewRequest(http.MethodPost, "/projects/", payload)
+		req.AddCookie(adminLogin())
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusBadRequest)
-		body, err := io.ReadAll(w.Result().Body)
+		should.BeEqual(t, w.Code, http.StatusOK)
+		projects, err := database.GetAllProjects()
 		should.BeNil(t, err)
-		t.Log(string(body))
-		should.ContainSubstring(t, string(body), "")
+		should.BeEqual(t, len(projects), 1)
 	})
 
-	t.Run("invalid data", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
+	t.Run("empty", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodPost, "/projects", nil)
-		req.AddCookie(cookie)
-		req.Header.Set("Content-Type", "application/json")
+		req := httptest.NewRequest(http.MethodPost, "/projects/", nil)
+		req.AddCookie(adminLogin())
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
-		should.ContainSubstring(t, string(body), "could not decode request")
+		should.ContainSubstring(t, string(body), "invalid project name")
 	})
 
-	t.Run("invalid data2", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
+	t.Run("invalidData", func(t *testing.T) {
 		w := httptest.NewRecorder()
 		payload, err := json.Marshal(models.Project{
 			Name: "test name",
 		})
 		should.BeNil(t, err)
-		req, _ := http.NewRequest(http.MethodPost, "/projects", bytes.NewBuffer(payload))
-		req.AddCookie(cookie)
+		req, _ := http.NewRequest(http.MethodPost, "/projects/", bytes.NewBuffer(payload))
+		req.AddCookie(adminLogin())
 		req.Header.Set("Content-Type", "application/json")
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
@@ -80,19 +70,13 @@ func TestAddProject(t *testing.T) {
 		should.ContainSubstring(t, string(body), "invalid project name")
 	})
 
-	t.Run("project exists", func(t *testing.T) {
+	t.Run("exists", func(t *testing.T) {
 		createTestProjects()
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
 		w := httptest.NewRecorder()
-		payload, err := json.Marshal(models.Project{
-			Name: "test",
-		})
-		should.BeNil(t, err)
-		req, _ := http.NewRequest(http.MethodPost, "/projects", bytes.NewBuffer(payload))
-		req.AddCookie(cookie)
-		req.Header.Set("Content-Type", "application/json")
+		payload := bodyParams("name", "test")
+		req := httptest.NewRequest(http.MethodPost, "/projects/", payload)
+		req.AddCookie(adminLogin())
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
@@ -101,110 +85,72 @@ func TestAddProject(t *testing.T) {
 	})
 }
 
-func TestGetProjects(t *testing.T) {
+func TestStartStopProject(t *testing.T) {
+	deleteAllRecords()
 	deleteAllProjects()
 	createTestProjects()
-	err := createTestUser(models.User{Username: "test", Password: "test", IsAdmin: false})
-	should.BeNil(t, err)
-
-	t.Run("existing project", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "test", Password: "test"})
-		should.NotBeNil(t, cookie)
-
+	deleteAllUsers()
+	createAdmin()
+	t.Run("non-existent", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodGet, "/projects/test", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodPost, "/projects/start/junk", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusOK)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
-		msg := models.Project{}
-		err = json.Unmarshal(body, &msg)
-		should.BeNil(t, err)
-		should.BeEqual(t, msg.Name, "test")
+		should.ContainSubstring(t, string(body), "no such project")
 	})
-
-	t.Run("wrong project", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
+	t.Run("inactive", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodGet, "/projects/missing", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodPost, "/projects/start/inactive", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
-		should.ContainSubstring(t, string(body), "could not retrieve project no such project")
+		should.ContainSubstring(t, string(body), "project is not active")
 	})
-
-	t.Run("get all", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
+	t.Run("active", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodGet, "/projects", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodPost, "/projects/start/test", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusOK)
-		body, err := io.ReadAll(w.Result().Body)
+		records, err := database.GetAllRecords()
 		should.BeNil(t, err)
-		msg := []models.Project{}
-		err = json.Unmarshal(body, &msg)
-		should.BeNil(t, err)
-		should.BeEqual(t, len(msg), 5)
+		should.BeEqual(t, len(records), 1)
+		should.BeEqual(t, records[0].End.IsZero(), true)
 	})
-	t.Run("get all when empty", func(t *testing.T) {
-		deleteAllProjects()
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
+	t.Run("startdifferent", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodGet, "/projects", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodPost, "/projects/start/test2", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusOK)
-		body, err := io.ReadAll(w.Result().Body)
-		should.BeNil(t, err)
-		msg := []models.StatusResponse{}
-		err = json.Unmarshal(body, &msg)
-		should.BeNil(t, err)
-		should.BeEqual(t, len(msg), 0)
+		records, err := database.GetAllRecords()
+		should.BeNil(t, err)
+		should.BeEqual(t, len(records), 2)
+		for _, record := range records {
+			if record.Project == "test" {
+				should.BeEqual(t, record.End.IsZero(), false)
+			}
+			if record.Project == "test2" {
+				should.BeEqual(t, record.End.IsZero(), true)
+			}
+		}
 	})
-}
-
-func TestGetStatus(t *testing.T) {
-	createTestRecords()
-	err := createTestUser(models.User{Username: "test", Password: "test", IsAdmin: false})
-	should.BeNil(t, err)
-	cookie := testLogin(models.User{Username: "test", Password: "test"})
-	should.NotBeNil(t, cookie)
-
-	w := httptest.NewRecorder()
-	req, _ := http.NewRequest(http.MethodGet, "/projects/status", nil)
-	req.AddCookie(cookie)
-	router.ServeHTTP(w, req)
-	should.BeEqual(t, w.Code, http.StatusOK)
-	body, err := io.ReadAll(w.Result().Body)
-	should.BeNil(t, err)
-	should.ContainSubstring(t, string(body), "<b>Current Project: </b>")
-}
-
-func TestStartStopProject(t *testing.T) {
-	deleteAllProjects()
-	createTestProjects()
-	t.Run("non-existent Project", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
+	t.Run("stop", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodPost, "/projects/start/junk", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodPost, "/projects/stop/", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusInternalServerError)
-		body, err := io.ReadAll(w.Result().Body)
+		should.BeEqual(t, w.Code, http.StatusOK)
+		records, err := database.GetAllRecords()
 		should.BeNil(t, err)
-		should.ContainSubstring(t, string(body), "no such project")
+		should.BeEqual(t, len(records), 2)
+		should.BeEqual(t, records[0].End.IsZero(), false)
+		should.BeEqual(t, records[1].End.IsZero(), false)
 	})
 }
 
diff --git a/records_test.go b/records_test.go
new file mode 100644
index 0000000..b37aa47
--- /dev/null
+++ b/records_test.go
@@ -0,0 +1,136 @@
+package main
+
+import (
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/Kairum-Labs/should"
+	"github.com/devilcove/timetraced/database"
+)
+
+func TestRecords(t *testing.T) {
+	deleteAllRecords()
+	createTestRecords()
+	deleteAllUsers()
+	createAdmin()
+	records, err := database.GetAllRecords()
+	should.BeNil(t, err)
+	ID := records[0].ID.String()
+	url := "/records/" + ID
+	t.Run("get", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, url, nil)
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+		body, err := io.ReadAll(w.Result().Body)
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "Edit Record")
+	})
+	t.Run("invalidID", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/records/notUUID", nil)
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusBadRequest)
+		body, err := io.ReadAll(w.Result().Body)
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "invalid UUID")
+
+	})
+	t.Run("edit", func(t *testing.T) {
+		start := time.Now().Add(time.Hour - 1)
+		end := time.Now()
+		w := httptest.NewRecorder()
+		payload := bodyParams(
+			"ID", ID,
+			"Start", start.Format(time.DateOnly),
+			"StartTime", formatTimeOnly(start),
+			"End", end.Format(time.DateOnly),
+			"EndTime", formatTimeOnly(end),
+		)
+		r := httptest.NewRequest(http.MethodPost, url, payload)
+		r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+		record, err := database.GetRecord(records[0].ID)
+		t.Log("record", record.Start, "start", start)
+		should.BeNil(t, err)
+		should.BeEqual(t, record.Start.Format(time.DateOnly), start.Format(time.DateOnly))
+		should.BeEqual(t, record.End.Format(time.DateOnly), end.Format(time.DateOnly))
+	})
+	t.Run("editBadID", func(t *testing.T) {
+		start := time.Now().Add(time.Hour - 1)
+		end := time.Now()
+		w := httptest.NewRecorder()
+		payload := bodyParams(
+			"ID", "notUUID",
+			"Start", start.Format(time.DateOnly),
+			"StartTime", formatTimeOnly(start),
+			"End", end.Format(time.DateOnly),
+			"EndTime", formatTimeOnly(end),
+		)
+		r := httptest.NewRequest(http.MethodPost, "/records/notUUID", payload)
+		r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		r.AddCookie(adminLogin())
+		//router.ServeHTTP(w, r)
+		should.Panic(t, func() {
+			router.ServeHTTP(w, r)
+		})
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+	})
+
+	t.Run("badStartTime", func(t *testing.T) {
+		start := time.Now().Add(time.Hour - 1)
+		end := time.Now()
+		w := httptest.NewRecorder()
+		payload := bodyParams(
+			"ID", ID,
+			"Start", start.Format(time.DateOnly),
+			"StartTime", start.Format(time.TimeOnly),
+			"End", end.Format(time.DateOnly),
+			"EndTime", formatTimeOnly(end),
+		)
+		r := httptest.NewRequest(http.MethodPost, url, payload)
+		r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusBadRequest)
+		body, err := io.ReadAll(w.Result().Body)
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "parsing time")
+	})
+
+	t.Run("badEndTime", func(t *testing.T) {
+		start := time.Now().Add(time.Hour - 1)
+		end := time.Now()
+		w := httptest.NewRecorder()
+		payload := bodyParams(
+			"ID", ID,
+			"Start", start.Format(time.DateOnly),
+			"StartTime", formatTimeOnly(start),
+			"End", end.Format(time.DateOnly),
+			"EndTime", end.Format(time.TimeOnly),
+		)
+		r := httptest.NewRequest(http.MethodPost, url, payload)
+		r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusBadRequest)
+		body, err := io.ReadAll(w.Result().Body)
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "parsing time")
+	})
+
+}
+
+func formatTimeOnly(t time.Time) string {
+	s := t.Format(time.TimeOnly)
+	index := strings.LastIndex(s, ":")
+	return s[:index]
+}
diff --git a/reports.go b/reports.go
index e664722..646570b 100644
--- a/reports.go
+++ b/reports.go
@@ -26,7 +26,7 @@ func getReport(w http.ResponseWriter, r *http.Request) { //nolint:cyclop,funlen
 	}
 	dbRequest.Start, err = time.Parse("2006-01-02", reportRequest.Start)
 	if err != nil {
-		processError(w, http.StatusInternalServerError, err.Error())
+		processError(w, http.StatusBadRequest, err.Error())
 		return
 	}
 	dbRequest.End, err = time.Parse("2006-01-02", reportRequest.End)
diff --git a/reports_test.go b/reports_test.go
index a6a3f4f..2a1d3b8 100644
--- a/reports_test.go
+++ b/reports_test.go
@@ -1,8 +1,6 @@
 package main
 
 import (
-	"bytes"
-	"encoding/json"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -19,32 +17,42 @@ import (
 func TestGetReport(t *testing.T) {
 	deleteAllUsers()
 	deleteAllRecords()
+	createAdmin()
 	err := createTestUser(models.User{Username: "test", Password: "testing"})
 	should.BeNil(t, err)
 	cookie := testLogin(models.User{Username: "test", Password: "testing"})
 	should.NotBeNil(t, cookie)
+
+	t.Run("get", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/reports/", nil)
+		r.AddCookie(adminLogin())
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+		body, err := io.ReadAll(w.Result().Body)
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "Reports")
+	})
 	t.Run("no request", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodPost, "/reports", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodPost, "/reports/", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
-		should.ContainSubstring(t, string(body), "could not decode request")
+		should.ContainSubstring(t, string(body), "parsing time")
 	})
 	t.Run("no records", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		request := models.ReportRequest{
-			Start:   time.Now().Add(-24 * time.Hour).Format("2006-01-02"),
-			End:     time.Now().Format("2006-01-02"),
-			Project: "nilProject",
-		}
-		payload, err := json.Marshal(&request)
-		should.BeNil(t, err)
-		req, _ := http.NewRequest(http.MethodPost, "/reports", bytes.NewBuffer(payload))
-		req.AddCookie(cookie)
-		req.Header.Set("Content-Type", "application/json")
+		payload := bodyParams(
+			"start", time.Now().Add(-24*time.Hour).Format("2006-01-02"),
+			"end", time.Now().Format("2006-01-02"),
+			"project", "nilProject",
+		)
+		req := httptest.NewRequest(http.MethodPost, "/reports/", payload)
+		req.AddCookie(adminLogin())
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		router.ServeHTTP(w, req)
 		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
@@ -55,46 +63,41 @@ func TestGetReport(t *testing.T) {
 		}
 	})
 
-	t.Run("one user/one project", func(t *testing.T) {
+	t.Run("nilproject", func(t *testing.T) {
 		createTestRecords()
 		w := httptest.NewRecorder()
-		data := models.ReportRequest{
-			Start:   time.Now().Add(-24 * time.Hour).Format("2006-01-02"),
-			End:     time.Now().Format("2006-01-02"),
-			Project: "timetrace",
-		}
-		payload, err := json.Marshal(data)
-		should.BeNil(t, err)
-		req, _ := http.NewRequest(http.MethodPost, "/reports", bytes.NewBuffer(payload))
+		payload := bodyParams(
+			"start", time.Now().Add(-24*time.Hour).Format("2006-01-02"),
+			"end", time.Now().Format("2006-01-02"),
+			"project", "nilProject",
+		)
+		req := httptest.NewRequest(http.MethodPost, "/reports/", payload)
 		req.AddCookie(cookie)
-		req.Header.Set("Content-Type", "application/json")
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		router.ServeHTTP(w, req)
 		body, _ := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
 		should.BeEqual(t, w.Code, http.StatusOK)
-		should.ContainSubstring(t, string(body), "<h2>Project timetrace")
+		should.ContainSubstring(t, string(body), "<h1>TimeTrace Report")
 	})
 
-	t.Run("all records", func(t *testing.T) {
+	t.Run("allRecords", func(t *testing.T) {
 		createTestRecords()
 		createTestProjects()
 
 		w := httptest.NewRecorder()
-		data := models.ReportRequest{
-			Start:   time.Now().Add(-72 * time.Hour).Format("2006-01-02"),
-			End:     time.Now().Format("2006-01-02"),
-			Project: "",
-		}
-		payload, err := json.Marshal(data)
-		should.BeNil(t, err)
-		req, _ := http.NewRequest(http.MethodPost, "/reports", bytes.NewBuffer(payload))
-		req.Header.Set("Content-Type", "application/json")
+		payload := bodyParams(
+			"start", time.Now().Add(-24*time.Hour*14).Format("2006-01-02"),
+			"end", time.Now().Format("2006-01-02"),
+		)
+		req := httptest.NewRequest(http.MethodPost, "/reports/", payload)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
 		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
 		should.BeEqual(t, w.Code, http.StatusOK)
-		should.ContainSubstring(t, string(body), "<button hx-get=\"/records")
+		should.ContainSubstring(t, string(body), "TimeTrace Report")
 	})
 }
 
diff --git a/router.go b/router.go
index dc64b78..68ab000 100644
--- a/router.go
+++ b/router.go
@@ -1,15 +1,13 @@
 package main
 
 import (
+	"bytes"
 	"crypto/rand"
-	"fmt"
 	"html/template"
 	"log"
 	"log/slog"
 	"net/http"
 	"os"
-	"path/filepath"
-	"runtime"
 	"time"
 
 	"github.com/devilcove/mux"
@@ -68,7 +66,7 @@ func setupRouter(l *slog.Logger) *mux.Router {
 	reports.Get("/{$}", report)
 	reports.Post("/{$}", getReport)
 
-	records := router.Group("records", auth)
+	records := router.Group("/records", auth)
 	records.Get("/{id}", getRecord)
 	records.Post("/{id}", editRecord)
 
@@ -79,9 +77,13 @@ func setupRouter(l *slog.Logger) *mux.Router {
 }
 
 func processError(w http.ResponseWriter, status int, message string) {
-	pc, fn, line, _ := runtime.Caller(1)
-	source := fmt.Sprintf("%s[%s:%d]", runtime.FuncForPC(pc).Name(), filepath.Base(fn), line)
-	slog.Error(message, "status", status, "source", source)
+	buf := bytes.Buffer{}
+	l := log.New(&buf, "ERROR: ", log.Lshortfile)
+	l.Output(2, message)
+	logger.Error(buf.String())
+	//pc, fn, line, _ := runtime.Caller(1)
+	//source := fmt.Sprintf("%s[%s:%d]", runtime.FuncForPC(pc).Name(), filepath.Base(fn), line)
+	//logger.Error(message, "status", status, "source", source)
 	http.Error(w, message, status)
 }
 
@@ -112,7 +114,7 @@ func checkDefaultUser() {
 		IsAdmin:  true,
 		Updated:  time.Now(),
 	})
-	slog.Info("default user created", "user", user)
+	logger.Info("default user created", "user", user, "env user", os.Getenv("USER"), "env pass", os.Getenv("PASS"))
 }
 
 func randBytes(l int) []byte {
diff --git a/router_test.go b/router_test.go
new file mode 100644
index 0000000..7f9c21d
--- /dev/null
+++ b/router_test.go
@@ -0,0 +1,25 @@
+package main
+
+import (
+	"testing"
+
+	"github.com/Kairum-Labs/should"
+	"github.com/devilcove/timetraced/database"
+)
+
+func TestDefaultUser(t *testing.T) {
+	deleteAllUsers()
+	users, err := database.GetAllUsers()
+	should.BeNil(t, err)
+	//should.BeEqual(t, len(users), 0)
+	checkDefaultUser()
+	users, err = database.GetAllUsers()
+	should.BeNil(t, err)
+	should.BeEqual(t, len(users), 1)
+	should.BeEqual(t, users[0].Username, "admin")
+	checkDefaultUser() // run second time
+	users, err = database.GetAllUsers()
+	should.BeNil(t, err)
+	should.BeEqual(t, len(users), 1)
+	should.BeEqual(t, users[0].Username, "admin")
+}
diff --git a/user_test.go b/user_test.go
index 0cb5efe..ea81381 100644
--- a/user_test.go
+++ b/user_test.go
@@ -6,7 +6,9 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"os"
+	"strings"
 	"testing"
 	"time"
 
@@ -24,10 +26,12 @@ var (
 
 func TestMain(m *testing.M) {
 	log := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
+	os.Setenv("USER", "")
+	os.Setenv("PASS", "")
 	os.Setenv("DB_FILE", "test.db") //nolint:errcheck,gosec
 	_ = database.InitializeDatabase()
 	defer database.Close()
-	checkDefaultUser()
+	//checkDefaultUser()
 	router = setupRouter(log.Logger)
 	w = httptest.NewRecorder()
 	os.Exit(m.Run())
@@ -40,54 +44,83 @@ func TestDisplayLogin(t *testing.T) {
 	should.BeEqual(t, w.Code, http.StatusOK)
 }
 
+func TestGetAllUsers(t *testing.T) {
+	deleteAllUsers()
+	createAdmin()
+	createTestUser(models.User{Username: "test", Password: "pass"})
+	t.Run("admin", func(t *testing.T) {
+		req := httptest.NewRequest(http.MethodGet, "/users/", nil)
+		req.AddCookie(adminLogin())
+		router.ServeHTTP(w, req)
+		should.BeEqual(t, w.Code, http.StatusOK)
+		body, err := io.ReadAll(w.Result().Body)
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "<h1>Users</h1>")
+	})
+	t.Run("normalUser", func(t *testing.T) {
+		r := httptest.NewRequest(http.MethodGet, "/users/", nil)
+		r.AddCookie(testLogin(models.User{Username: "test", Password: "pass"}))
+		w := httptest.NewRecorder()
+		router.ServeHTTP(w, r)
+		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
+		body, err := io.ReadAll(w.Result().Body)
+		should.BeNil(t, err)
+		should.ContainSubstring(t, string(body), "function valPass")
+	})
+}
+
 func TestRegister(t *testing.T) {
-	req, err := http.NewRequest(http.MethodGet, "/register", nil)
-	should.BeNil(t, err)
+	deleteAllUsers()
+	createAdmin()
+	req := httptest.NewRequest(http.MethodGet, "/users/register/", nil)
+	req.AddCookie(adminLogin())
+	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
 	should.BeEqual(t, w.Code, http.StatusOK)
 	t.Run("existing", func(t *testing.T) {
 		err := createTestUser(models.User{Username: "tester", Password: "testing"})
 		should.BeNil(t, err)
 		w := httptest.NewRecorder()
-		user := models.User{Username: "tester", Password: "testing"}
-		payload, err := json.Marshal(&user)
-		should.BeNil(t, err)
-		req, err := http.NewRequest(http.MethodPost, "/register", bytes.NewBuffer(payload))
+		body := bodyParams("username", "tester", "password", "testing")
+		req := httptest.NewRequest(http.MethodPost, "/users/register/", body)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.AddCookie(adminLogin())
+		router.ServeHTTP(w, req)
+		should.BeEqual(t, w.Code, http.StatusBadRequest)
+		b, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
-		req.Header.Set("Content-Type", "application/json")
+		should.ContainSubstring(t, string(b), "user exists")
+	})
+	t.Run("blankPass", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		body := bodyParams("username", "tester3", "password", "")
+		req := httptest.NewRequest(http.MethodPost, "/users/register/", body)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
-		body, err := io.ReadAll(w.Result().Body)
+		b, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
-		should.ContainSubstring(t, string(body), "user exists")
+		should.ContainSubstring(t, string(b), "password cannot be blank")
 	})
 	t.Run("new", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		user := models.User{Username: "tester3", Password: ""}
-		payload, err := json.Marshal(&user)
-		should.BeNil(t, err)
-		req, err := http.NewRequest(http.MethodPost, "/register", bytes.NewBuffer(payload))
-		should.BeNil(t, err)
-		req.Header.Set("Content-Type", "application/json")
+		body := bodyParams("username", "tester3", "password", "pass")
+		req := httptest.NewRequest(http.MethodPost, "/users/register/", body)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusBadRequest)
-		body, err := io.ReadAll(w.Result().Body)
+		should.BeEqual(t, w.Code, http.StatusFound)
+		users, err := database.GetAllUsers()
 		should.BeNil(t, err)
-		should.ContainSubstring(t, string(body), "password cannot be blank")
+		should.BeEqual(t, len(users), 3)
 	})
 }
 
 func TestAdminLogin(t *testing.T) {
-	data := struct {
-		Username string
-		Password string
-	}{
-		Username: "admin",
-		Password: "password",
-	}
-	body, _ := json.Marshal(data)
-	req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(body))
-	req.Header.Set("Content-Type", "application/json")
+	body := bodyParams("username", "admin", "password", "password")
+	req := httptest.NewRequest(http.MethodPost, "/login", body)
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	router.ServeHTTP(w, req)
 	should.BeEqual(t, w.Code, http.StatusOK)
 	should.NotBeNil(t, w.Result().Cookies())
@@ -115,15 +148,9 @@ func TestNonAdminLogin(t *testing.T) {
 func TestBadLogin(t *testing.T) {
 	t.Run("bad pass", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		data := struct {
-			Username string
-			Password string
-		}{
-			Username: "admin",
-			Password: "helloworld",
-		}
-		body, _ := json.Marshal(data)
-		req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(body))
+		payload := bodyParams("username", "admin", "password", "wrong")
+		req := httptest.NewRequest(http.MethodPost, "/login", payload)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
@@ -133,16 +160,15 @@ func TestBadLogin(t *testing.T) {
 	})
 	t.Run("invalid data", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodPost, "/login", nil)
+		req := httptest.NewRequest(http.MethodPost, "/login", nil)
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
 	})
 	t.Run("invalid user", func(t *testing.T) {
 		w := httptest.NewRecorder()
-		data := models.User{Username: "nosuchuser", Password: "testing"}
-		payload, _ := json.Marshal(data)
-		req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(payload))
+		payload := bodyParams("username", "nosuchuser", "passowd", "testing")
+		req := httptest.NewRequest(http.MethodPost, "/login", payload)
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
@@ -153,29 +179,15 @@ func TestBadLogin(t *testing.T) {
 
 func TestLogout(t *testing.T) {
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest(http.MethodGet, "/logout", nil)
+	req, _ := http.NewRequest(http.MethodGet, "/logout/", nil)
 	router.ServeHTTP(w, req)
-	should.BeEqual(t, w.Code, http.StatusOK)
-	should.BeEqual(t, w.Result().Cookies(), []*http.Cookie{})
-}
-
-func TestGetAllUsers(t *testing.T) {
-	t.Run("admin", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		w := httptest.NewRecorder()
-		req, err := http.NewRequest(http.MethodGet, "/users", nil)
-		should.BeNil(t, err)
-		req.AddCookie(cookie)
-		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusOK)
-		body, err := io.ReadAll(w.Result().Body)
-		should.BeNil(t, err)
-		should.ContainSubstring(t, string(body), "<td>Admin</td>")
-	})
+	should.BeEqual(t, w.Code, http.StatusFound)
+	should.BeEqual(t, w.Result().Cookies()[0].MaxAge, -1)
 }
 
 func TestDeleteUser(t *testing.T) {
 	deleteAllUsers()
+	createAdmin()
 	err := createTestUser(models.User{Username: "tester", Password: "testing", IsAdmin: false})
 	should.BeNil(t, err)
 	err = createTestUser(models.User{Username: "tester2", Password: "testing", IsAdmin: false})
@@ -184,7 +196,7 @@ func TestDeleteUser(t *testing.T) {
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
 		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodDelete, "/users/tester2", nil)
+		req := httptest.NewRequest(http.MethodDelete, "/users/tester2", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusUnauthorized)
@@ -193,20 +205,16 @@ func TestDeleteUser(t *testing.T) {
 		should.ContainSubstring(t, string(body), "not authorized to delete this user")
 	})
 	t.Run("admin delete", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodDelete, "/users/tester", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodDelete, "/users/tester", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusNoContent)
+		should.BeEqual(t, w.Code, http.StatusOK)
 	})
 	t.Run("delete non-existent user", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodDelete, "/users/tester", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodDelete, "/users/tester3", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		response, err := io.ReadAll(w.Body)
@@ -221,13 +229,12 @@ func TestEditUser(t *testing.T) {
 	should.BeNil(t, err)
 	err = createTestUser(models.User{Username: "tester2", Password: "testing", IsAdmin: false})
 	should.BeNil(t, err)
+	createAdmin()
 
 	t.Run("adminGetUser", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-		req, err := http.NewRequest(http.MethodGet, "/users/tester", nil)
+		req := httptest.NewRequest(http.MethodGet, "/users/tester", nil)
 		should.BeNil(t, err)
-		req.AddCookie(cookie)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusOK)
 	})
@@ -235,7 +242,7 @@ func TestEditUser(t *testing.T) {
 	t.Run("GetSelf", func(t *testing.T) {
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
 		should.NotBeNil(t, cookie)
-		req, err := http.NewRequest(http.MethodGet, "/users/tester", nil)
+		req := httptest.NewRequest(http.MethodGet, "/users/tester", nil)
 		should.BeNil(t, err)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
@@ -246,8 +253,7 @@ func TestEditUser(t *testing.T) {
 		w := httptest.NewRecorder()
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
 		should.NotBeNil(t, cookie)
-		req, err := http.NewRequest(http.MethodGet, "/users/tester2", nil)
-		should.BeNil(t, err)
+		req := httptest.NewRequest(http.MethodGet, "/users/tester2", nil)
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
@@ -260,9 +266,10 @@ func TestEditUser(t *testing.T) {
 		cookie := testLogin(models.User{Username: "tester", Password: "testing"})
 		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
-		body, _ := json.Marshal(models.User{Username: "tester2", Password: "newPassword"})
-		req, _ := http.NewRequest(http.MethodPost, "/users/tester2", bytes.NewBuffer(body))
+		body := bodyParams("password", "newPassword")
+		req := httptest.NewRequest(http.MethodPost, "/users/tester2", body)
 		req.AddCookie(cookie)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusUnauthorized)
 		response, err := io.ReadAll(w.Body)
@@ -270,16 +277,14 @@ func TestEditUser(t *testing.T) {
 		should.ContainSubstring(t, string(response), "not authorized to edit this user")
 	})
 	t.Run("edit user by admin", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
 		w := httptest.NewRecorder()
-		body, _ := json.Marshal(models.User{Username: "tester2", Password: "newPassword"})
-		req, _ := http.NewRequest(http.MethodPost, "/users/tester2", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
-		req.AddCookie(cookie)
+		body := bodyParams("username", "tester2", "password", "newPassword", "admin", "on")
+		req := httptest.NewRequest(http.MethodPost, "/users/tester2", body)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusOK)
-		cookie = testLogin(models.User{Username: "tester2", Password: "newPassword"})
+		should.BeEqual(t, w.Code, http.StatusFound)
+		cookie := testLogin(models.User{Username: "tester2", Password: "newPassword"})
 		should.NotBeNil(t, cookie)
 	})
 	t.Run("edit user by self", func(t *testing.T) {
@@ -287,35 +292,30 @@ func TestEditUser(t *testing.T) {
 		should.NotBeNil(t, cookie)
 
 		w := httptest.NewRecorder()
-		body, _ := json.Marshal(models.User{Username: "tester", Password: "newPassword"})
-		req, _ := http.NewRequest(http.MethodPost, "/users/tester", bytes.NewBuffer(body))
-		req.Header.Set("Content-Type", "application/json")
+		body := bodyParams("password", "newPassword")
+		req := httptest.NewRequest(http.MethodPost, "/users/tester", body)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		req.AddCookie(cookie)
 		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusOK)
+		should.BeEqual(t, w.Code, http.StatusFound)
 		cookie = testLogin(models.User{Username: "tester", Password: "newPassword"})
 		should.NotBeNil(t, cookie)
 	})
 	t.Run("incomplete data", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
 		w := httptest.NewRecorder()
-		req, _ := http.NewRequest(http.MethodPost, "/users/tester", nil)
-		req.AddCookie(cookie)
+		req := httptest.NewRequest(http.MethodPost, "/users/tester", nil)
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, _ := io.ReadAll(w.Result().Body)
-		should.ContainSubstring(t, string(body), "could not decode request into json")
+		should.ContainSubstring(t, string(body), "password cannot be blank")
 	})
 	t.Run("user does not exist", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
 		w := httptest.NewRecorder()
-		payload, _ := json.Marshal(models.User{Username: "nosuchuser", Password: "newPassword"})
-		req, _ := http.NewRequest(http.MethodPost, "/users/nosuchuser", bytes.NewBuffer(payload))
-		req.AddCookie(cookie)
+		payload := bodyParams("password", "newPassword")
+		req := httptest.NewRequest(http.MethodPost, "/users/nosuchuser", payload)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.AddCookie(adminLogin())
 		router.ServeHTTP(w, req)
 		should.BeEqual(t, w.Code, http.StatusBadRequest)
 		body, _ := io.ReadAll(w.Result().Body)
@@ -323,78 +323,14 @@ func TestEditUser(t *testing.T) {
 	})
 }
 
-func TestAddUser(t *testing.T) {
-	deleteAllUsers()
-	t.Run("add user by admin", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
-		w := httptest.NewRecorder()
-		body, _ := json.Marshal(models.User{Username: "new", Password: "newPassword"})
-		req, _ := http.NewRequest(http.MethodPost, "/users", bytes.NewBuffer(body))
-		req.AddCookie(cookie)
-		router.ServeHTTP(w, req)
-		if w.Code == http.StatusNoContent {
-			cookie = testLogin(models.User{Username: "new", Password: "newPassword"})
-			should.NotBeNil(t, cookie)
-		} else {
-			body, _ := io.ReadAll(w.Result().Body)
-			t.Log(w.Code, string(body))
-		}
-	})
-	t.Run("add user by non-admin", func(t *testing.T) {
-		err := createTestUser(models.User{Username: "tester", Password: "newPassword"})
-		should.BeNil(t, err)
-		cookie := testLogin(models.User{Username: "tester", Password: "newPassword"})
-		should.NotBeNil(t, cookie)
-
-		w := httptest.NewRecorder()
-		body, _ := json.Marshal(models.User{Username: "new", Password: "newPassword"})
-		req, _ := http.NewRequest(http.MethodPost, "/users", bytes.NewBuffer(body))
-		req.AddCookie(cookie)
-		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusUnauthorized)
-		body, _ = io.ReadAll(w.Body)
-		should.ContainSubstring(t, string(body), "only admins can create new users")
-	})
-
-	t.Run("empty password", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
-		w := httptest.NewRecorder()
-		body, _ := json.Marshal(models.User{Username: "emptypass", Password: ""})
-		req, _ := http.NewRequest(http.MethodPost, "/users", bytes.NewBuffer(body))
-		req.AddCookie(cookie)
-		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusBadRequest)
-		body, _ = io.ReadAll(w.Result().Body)
-		should.ContainSubstring(t, string(body), "username or password cannot be blank")
-	})
-
-	t.Run("incomplete data", func(t *testing.T) {
-		cookie := testLogin(models.User{Username: "admin", Password: "password"})
-		should.NotBeNil(t, cookie)
-
-		w := httptest.NewRecorder()
-		// body, _ := json.Marshal(struct{ InvaildData string }{InvaildData: "emptypass"})
-		req, _ := http.NewRequest(http.MethodPost, "/users", nil)
-		req.AddCookie(cookie)
-		router.ServeHTTP(w, req)
-		should.BeEqual(t, w.Code, http.StatusBadRequest)
-		body, _ := io.ReadAll(w.Result().Body)
-		should.ContainSubstring(t, string(body), "could not decode request into json")
-	})
-}
-
 func testLogin(data models.User) *http.Cookie {
 	w := httptest.NewRecorder()
-	body, _ := json.Marshal(data)
-	req, _ := http.NewRequest(http.MethodPost, "/login", bytes.NewBuffer(body))
-	req.Header.Set("Content-Type", "application/json")
+	body := bodyParams("username", data.Username, "password", data.Password)
+	req := httptest.NewRequest(http.MethodPost, "/login", body)
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	router.ServeHTTP(w, req)
 	for _, cookie := range w.Result().Cookies() {
-		if cookie.Name == "time" {
+		if cookie.Name == "devilcove-time" {
 			return cookie
 		}
 	}
@@ -412,8 +348,33 @@ func createTestUser(user models.User) error {
 func deleteAllUsers() {
 	users, _ := database.GetAllUsers()
 	for _, user := range users {
-		if user.Username != "admin" {
-			_ = database.DeleteUser(user.Username)
+		_ = database.DeleteUser(user.Username)
+	}
+}
+
+func createAdmin() {
+	createTestUser(models.User{Username: "admin", Password: "password", IsAdmin: true})
+}
+
+func bodyParams(params ...string) io.Reader {
+	body := url.Values{}
+	for i := 0; i < len(params)-1; i = i + 2 {
+		body.Set(params[i], params[i+1])
+	}
+	return strings.NewReader(body.Encode())
+}
+
+func adminLogin() *http.Cookie {
+	w := httptest.NewRecorder()
+	body := bodyParams("username", "admin", "password", "password")
+	r := httptest.NewRequest(http.MethodPost, "/login", body)
+	r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	router.ServeHTTP(w, r)
+	cookies := w.Result().Cookies()
+	for _, cookie := range cookies {
+		if cookie.Name == "devilcove-time" {
+			return cookie
 		}
 	}
+	return nil
 }
diff --git a/users.go b/users.go
index 676c327..de12592 100644
--- a/users.go
+++ b/users.go
@@ -13,12 +13,6 @@ import (
 
 const SessionAge = 60 * 60 * 8 // 8 hours in seconds
 
-// func displayLogin(w http.ResponseWriter, r *http.Request) {
-// 	page := populatePage("")
-// 	page.NeedsLogin = true
-// 	c.HTML(http.StatusOK, "login", page)
-// }
-
 func login(w http.ResponseWriter, r *http.Request) {
 	var user models.User
 	if err := r.ParseForm(); err != nil {
@@ -28,8 +22,8 @@ func login(w http.ResponseWriter, r *http.Request) {
 	user.Username = r.FormValue("username")
 	user.Password = r.FormValue("password")
 	if !validateUser(&user) {
-		processError(w, http.StatusBadRequest, "invalid user")
 		logger.Debug("validation error", "user", user.Username, "pass", user.Password)
+		processError(w, http.StatusBadRequest, "invalid user")
 		return
 	}
 	session := sessions.NewSession(store, "devilcove-time")
@@ -129,50 +123,24 @@ func registerUser(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, "/users/", http.StatusFound)
 }
 
-// func addUser(c *gin.Context) {
-// 	var user models.User
-// 	var err error
-// 	session := sessions.Default(c)
-// 	admin := session.Get("admin")
-// 	if !admin.(bool) {
-// 		processError(w, http.StatusUnauthorized, "only admins can create new users")
-// 		return
-// 	}
-// 	if err := c.BindJSON(&user); err != nil {
-// 		processError(w, http.StatusBadRequest, "could not decode request into json")
-// 		return
-// 	}
-// 	if _, err := database.GetUser(user.Username); err == nil {
-// 		processError(w, http.StatusBadRequest, "user exists")
-// 		return
-// 	}
-// 	if user.Username == "" || user.Password == "" {
-// 		processError(w, http.StatusBadRequest, "username or password cannot be blank")
-// 		return
-// 	}
-// 	user.Password, err = hashPassword(user.Password)
-// 	if err != nil {
-// 		processError(w, http.StatusInternalServerError, err.Error())
-// 		return
-// 	}
-// 	if err := database.SaveUser(&user); err != nil {
-// 		processError(w, http.StatusInternalServerError, err.Error())
-// 		return
-// 	}
-// 	slog.Info("new user added", "user", user.Username)
-// 	c.JSON(http.StatusNoContent, nil)
-// }
-
 func editUser(w http.ResponseWriter, r *http.Request) {
 	session := sessionData(r)
 	if session == nil {
 		displayMain(w, r)
 		return
 	}
+	if err := r.ParseForm(); err != nil {
+		processError(w, http.StatusBadRequest, "invalid data")
+		return
+	}
 	user := models.User{
 		Username: r.PathValue("name"),
 		Password: r.FormValue("password"),
 	}
+	if user.Password == "" {
+		processError(w, http.StatusBadRequest, "password cannot be blank")
+		return
+	}
 	if r.FormValue("admin") != "" {
 		user.IsAdmin = true
 	}

From 6fd4fe547db9f2dce43f8f8128814ad3b0dff243 Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Thu, 18 Dec 2025 19:20:58 -0500
Subject: [PATCH 09/10] linting

---
 .golangci.yml            |  5 ++---
 config_test.go           |  1 -
 database/records_test.go |  3 +--
 main.go                  |  4 +---
 records_test.go          |  3 ---
 reports.go               |  2 +-
 router.go                | 15 ++++++++++-----
 router_test.go           |  1 -
 user_test.go             |  1 -
 9 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index 737fb35..fc901e2 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -7,11 +7,8 @@ linters:
     - depguard
     - err113
     - exhaustruct
-    - forbidigo
-    - forcetypeassert
     - gochecknoglobals
     - gochecknoinits
-    - lll
     - mnd
     - musttag
     - nlreturn
@@ -23,6 +20,8 @@ linters:
     - wsl
     - wsl_v5
   settings:
+    cyclop:
+      max-complexity: 11
     gosmopolitan:
       allow-time-local: true
     varnamelen:
diff --git a/config_test.go b/config_test.go
index 6b1fd94..e049962 100644
--- a/config_test.go
+++ b/config_test.go
@@ -36,6 +36,5 @@ func TestConfig(t *testing.T) {
 		r.AddCookie(adminLogin())
 		router.ServeHTTP(w, r)
 		should.BeEqual(t, w.Result().StatusCode, http.StatusOK)
-
 	})
 }
diff --git a/database/records_test.go b/database/records_test.go
index 27e1ee0..766abbd 100644
--- a/database/records_test.go
+++ b/database/records_test.go
@@ -82,7 +82,6 @@ func TestGetRecord(t *testing.T) {
 	record, err := GetRecord(records[0].ID)
 	should.BeNil(t, err)
 	should.BeEqual(t, record.User, records[0].User)
-	//t.Log(record)
 }
 
 func TestGetTodaysRecords(t *testing.T) {
@@ -152,7 +151,7 @@ func createTestRecords() error {
 			Project: "one",
 			User:    "testUser",
 			Start:   time.Now().Add(time.Hour * -1),
-			//End:     time.Now(),
+			// End:     time.Now(),
 		},
 		{
 			ID:      uuid.New(),
diff --git a/main.go b/main.go
index 43d6beb..eac3420 100644
--- a/main.go
+++ b/main.go
@@ -22,7 +22,6 @@ limitations under the License.
 package main
 
 import (
-	"log/slog"
 	"os"
 	"time"
 
@@ -32,8 +31,7 @@ import (
 )
 
 func main() {
-	// logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
-	logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime), logging.Level(slog.LevelDebug))
+	logger := logging.TextLogger(logging.TruncateSource(), logging.TimeFormat(time.DateTime))
 	port, ok := os.LookupEnv("PORT")
 	if !ok {
 		port = "8080"
diff --git a/records_test.go b/records_test.go
index b37aa47..93dd87e 100644
--- a/records_test.go
+++ b/records_test.go
@@ -40,7 +40,6 @@ func TestRecords(t *testing.T) {
 		body, err := io.ReadAll(w.Result().Body)
 		should.BeNil(t, err)
 		should.ContainSubstring(t, string(body), "invalid UUID")
-
 	})
 	t.Run("edit", func(t *testing.T) {
 		start := time.Now().Add(time.Hour - 1)
@@ -78,7 +77,6 @@ func TestRecords(t *testing.T) {
 		r := httptest.NewRequest(http.MethodPost, "/records/notUUID", payload)
 		r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		r.AddCookie(adminLogin())
-		//router.ServeHTTP(w, r)
 		should.Panic(t, func() {
 			router.ServeHTTP(w, r)
 		})
@@ -126,7 +124,6 @@ func TestRecords(t *testing.T) {
 		should.BeNil(t, err)
 		should.ContainSubstring(t, string(body), "parsing time")
 	})
-
 }
 
 func formatTimeOnly(t time.Time) string {
diff --git a/reports.go b/reports.go
index 646570b..79b3f6a 100644
--- a/reports.go
+++ b/reports.go
@@ -9,7 +9,7 @@ import (
 	"github.com/devilcove/timetraced/models"
 )
 
-func getReport(w http.ResponseWriter, r *http.Request) { //nolint:cyclop,funlen
+func getReport(w http.ResponseWriter, r *http.Request) { //nolint:funlen
 	if err := r.ParseForm(); err != nil {
 		processError(w, http.StatusBadRequest, "invalid data")
 	}
diff --git a/router.go b/router.go
index 68ab000..e9f7331 100644
--- a/router.go
+++ b/router.go
@@ -79,11 +79,8 @@ func setupRouter(l *slog.Logger) *mux.Router {
 func processError(w http.ResponseWriter, status int, message string) {
 	buf := bytes.Buffer{}
 	l := log.New(&buf, "ERROR: ", log.Lshortfile)
-	l.Output(2, message)
+	_ = l.Output(2, message)
 	logger.Error(buf.String())
-	//pc, fn, line, _ := runtime.Caller(1)
-	//source := fmt.Sprintf("%s[%s:%d]", runtime.FuncForPC(pc).Name(), filepath.Base(fn), line)
-	//logger.Error(message, "status", status, "source", source)
 	http.Error(w, message, status)
 }
 
@@ -114,7 +111,15 @@ func checkDefaultUser() {
 		IsAdmin:  true,
 		Updated:  time.Now(),
 	})
-	logger.Info("default user created", "user", user, "env user", os.Getenv("USER"), "env pass", os.Getenv("PASS"))
+	logger.Info(
+		"default user created",
+		"user",
+		user,
+		"env user",
+		os.Getenv("USER"),
+		"env pass",
+		os.Getenv("PASS"),
+	)
 }
 
 func randBytes(l int) []byte {
diff --git a/router_test.go b/router_test.go
index 7f9c21d..e49aef9 100644
--- a/router_test.go
+++ b/router_test.go
@@ -11,7 +11,6 @@ func TestDefaultUser(t *testing.T) {
 	deleteAllUsers()
 	users, err := database.GetAllUsers()
 	should.BeNil(t, err)
-	//should.BeEqual(t, len(users), 0)
 	checkDefaultUser()
 	users, err = database.GetAllUsers()
 	should.BeNil(t, err)
diff --git a/user_test.go b/user_test.go
index ea81381..0fcee34 100644
--- a/user_test.go
+++ b/user_test.go
@@ -31,7 +31,6 @@ func TestMain(m *testing.M) {
 	os.Setenv("DB_FILE", "test.db") //nolint:errcheck,gosec
 	_ = database.InitializeDatabase()
 	defer database.Close()
-	//checkDefaultUser()
 	router = setupRouter(log.Logger)
 	w = httptest.NewRecorder()
 	os.Exit(m.Run())

From b630f16b3a3d26ba06e67f4274760d39e6c4bba5 Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Fri, 19 Dec 2025 09:08:34 -0500
Subject: [PATCH 10/10] linting

---
 .golangci.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.golangci.yml b/.golangci.yml
index fc901e2..116ab2d 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -51,4 +51,3 @@ formatters:
 issues:
   max-same-issues: 0
   max-issues-per-linter: 0
-  unique-by-line: false