diff --git a/README.md b/README.md
index 6d390a25b..07872c616 100644
--- a/README.md
+++ b/README.md
@@ -28,8 +28,7 @@ visit http://localhost:3000
 
 ## Run servers locally (Docker)
 ```bash
-docker compose build
-docker compose up
+./docker.sh
 ```
 
-visit http://localhost:8000 and http://localhost:3000
\ No newline at end of file
+visit http://localhost:8000 and http://localhost:3000
diff --git a/auth-service/Cargo.lock b/auth-service/Cargo.lock
index cd9bd4144..6471a7377 100644
--- a/auth-service/Cargo.lock
+++ b/auth-service/Cargo.lock
@@ -2,6 +2,41 @@
 # It is not intended for manual editing.
 version = 4
 
+[[package]]
+name = "allocator-api2"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
+
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "async-trait"
+version = "0.1.89"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "atoi"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f28d99ec8bfea296261ca1af174f24225171fea9664ba9003cbebee704810528"
+dependencies = [
+ "num-traits",
+]
+
 [[package]]
 name = "atomic-waker"
 version = "1.1.2"
@@ -12,16 +47,34 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 name = "auth-service"
 version = "0.1.0"
 dependencies = [
+ "async-trait",
  "axum",
+ "axum-extra",
+ "chrono",
+ "dotenvy",
+ "jsonwebtoken",
+ "lazy_static",
+ "rand 0.9.2",
+ "reqwest",
+ "serde",
+ "serde_json",
+ "sqlx",
  "tokio",
  "tower-http",
+ "uuid",
 ]
 
+[[package]]
+name = "autocfg"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
+
 [[package]]
 name = "axum"
-version = "0.8.6"
+version = "0.8.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a18ed336352031311f4e0b4dd2ff392d4fbb370777c9d18d7fc9d7359f73871"
+checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8"
 dependencies = [
  "axum-core",
  "bytes",
@@ -70,341 +123,2050 @@ dependencies = [
 ]
 
 [[package]]
-name = "bitflags"
-version = "2.10.0"
+name = "axum-extra"
+version = "0.12.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3"
+checksum = "fef252edff26ddba56bbcdf2ee3307b8129acb86f5749b68990c168a6fcc9c76"
+dependencies = [
+ "axum",
+ "axum-core",
+ "bytes",
+ "cookie",
+ "futures-core",
+ "futures-util",
+ "http",
+ "http-body",
+ "http-body-util",
+ "mime",
+ "pin-project-lite",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
 
 [[package]]
-name = "bytes"
-version = "1.10.1"
+name = "base16ct"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
 
 [[package]]
-name = "cfg-if"
-version = "1.0.4"
+name = "base64"
+version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
+checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 
 [[package]]
-name = "fnv"
-version = "1.0.7"
+name = "base64ct"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba"
 
 [[package]]
-name = "form_urlencoded"
-version = "1.2.2"
+name = "bitflags"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf"
+checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3"
 dependencies = [
- "percent-encoding",
+ "serde_core",
 ]
 
 [[package]]
-name = "futures-channel"
-version = "0.3.31"
+name = "block-buffer"
+version = "0.10.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
 dependencies = [
- "futures-core",
+ "generic-array",
 ]
 
 [[package]]
-name = "futures-core"
-version = "0.3.31"
+name = "bumpalo"
+version = "3.19.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
+checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510"
 
 [[package]]
-name = "futures-sink"
-version = "0.3.31"
+name = "byteorder"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
+checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
-name = "futures-task"
-version = "0.3.31"
+name = "bytes"
+version = "1.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
+checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
 
 [[package]]
-name = "futures-util"
-version = "0.3.31"
+name = "cc"
+version = "1.2.54"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
+checksum = "6354c81bbfd62d9cfa9cb3c773c2b7b2a3a482d569de977fd0e961f6e7c00583"
 dependencies = [
- "futures-core",
- "futures-task",
- "pin-project-lite",
- "pin-utils",
+ "find-msvc-tools",
+ "shlex",
 ]
 
 [[package]]
-name = "http"
-version = "1.3.1"
+name = "cfg-if"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4a85d31aea989eead29a3aaf9e1115a180df8282431156e533de47660892565"
-dependencies = [
- "bytes",
- "fnv",
- "itoa",
-]
+checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
 
 [[package]]
-name = "http-body"
-version = "1.0.1"
+name = "chrono"
+version = "0.4.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
+checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118"
 dependencies = [
- "bytes",
- "http",
+ "iana-time-zone",
+ "js-sys",
+ "num-traits",
+ "wasm-bindgen",
+ "windows-link",
 ]
 
 [[package]]
-name = "http-body-util"
-version = "0.1.3"
+name = "concurrent-queue"
+version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
+checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973"
 dependencies = [
- "bytes",
- "futures-core",
- "http",
- "http-body",
- "pin-project-lite",
+ "crossbeam-utils",
 ]
 
 [[package]]
-name = "http-range-header"
-version = "0.4.2"
+name = "const-oid"
+version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
 [[package]]
-name = "httparse"
-version = "1.10.1"
+name = "cookie"
+version = "0.18.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
+checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747"
+dependencies = [
+ "percent-encoding",
+ "time",
+ "version_check",
+]
 
 [[package]]
-name = "httpdate"
-version = "1.0.3"
+name = "cookie_store"
+version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
+checksum = "3fc4bff745c9b4c7fb1e97b25d13153da2bc7796260141df62378998d070207f"
+dependencies = [
+ "cookie",
+ "document-features",
+ "idna",
+ "log",
+ "publicsuffix",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "time",
+ "url",
+]
 
 [[package]]
-name = "hyper"
-version = "1.7.0"
+name = "core-foundation-sys"
+version = "0.8.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb3aa54a13a0dfe7fbe3a59e0c76093041720fdc77b110cc0fc260fafb4dc51e"
-dependencies = [
- "atomic-waker",
- "bytes",
- "futures-channel",
- "futures-core",
- "http",
- "http-body",
- "httparse",
- "httpdate",
- "itoa",
- "pin-project-lite",
- "pin-utils",
- "smallvec",
- "tokio",
-]
+checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
 
 [[package]]
-name = "hyper-util"
-version = "0.1.17"
+name = "cpufeatures"
+version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c6995591a8f1380fcb4ba966a252a4b29188d51d2b89e3a252f5305be65aea8"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
 dependencies = [
- "bytes",
- "futures-core",
- "http",
- "http-body",
- "hyper",
- "pin-project-lite",
- "tokio",
- "tower-service",
+ "libc",
 ]
 
 [[package]]
-name = "itoa"
-version = "1.0.15"
+name = "crc"
+version = "3.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
+checksum = "5eb8a2a1cd12ab0d987a5d5e825195d372001a4094a0376319d5a0ad71c1ba0d"
+dependencies = [
+ "crc-catalog",
+]
 
 [[package]]
-name = "libc"
-version = "0.2.177"
+name = "crc-catalog"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
+checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
 
 [[package]]
-name = "lock_api"
-version = "0.4.14"
+name = "crossbeam-queue"
+version = "0.3.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965"
+checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115"
 dependencies = [
- "scopeguard",
+ "crossbeam-utils",
 ]
 
 [[package]]
-name = "log"
-version = "0.4.28"
+name = "crossbeam-utils"
+version = "0.8.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
 
 [[package]]
-name = "matchit"
-version = "0.8.4"
+name = "crypto-bigint"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
+checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
+dependencies = [
+ "generic-array",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
 
 [[package]]
-name = "memchr"
-version = "2.7.6"
+name = "crypto-common"
+version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
 
 [[package]]
-name = "mime"
-version = "0.3.17"
+name = "curve25519-dalek"
+version = "4.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "digest",
+ "fiat-crypto",
+ "rustc_version",
+ "subtle",
+ "zeroize",
+]
 
 [[package]]
-name = "mime_guess"
-version = "2.0.5"
+name = "curve25519-dalek-derive"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
- "mime",
- "unicase",
+ "proc-macro2",
+ "quote",
+ "syn",
 ]
 
 [[package]]
-name = "mio"
-version = "1.1.0"
+name = "der"
+version = "0.7.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69d83b0086dc8ecf3ce9ae2874b2d1290252e2a30720bea58a5c6639b0092873"
+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
 dependencies = [
- "libc",
- "wasi",
- "windows-sys 0.61.2",
+ "const-oid",
+ "pem-rfc7468",
+ "zeroize",
 ]
 
 [[package]]
-name = "once_cell"
-version = "1.21.3"
+name = "deranged"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
+checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587"
+dependencies = [
+ "powerfmt",
+]
 
 [[package]]
-name = "parking_lot"
-version = "0.12.5"
+name = "digest"
+version = "0.10.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
- "lock_api",
- "parking_lot_core",
+ "block-buffer",
+ "const-oid",
+ "crypto-common",
+ "subtle",
 ]
 
 [[package]]
-name = "parking_lot_core"
-version = "0.9.12"
+name = "displaydoc"
+version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
+checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
- "cfg-if",
- "libc",
- "redox_syscall",
- "smallvec",
- "windows-link",
+ "proc-macro2",
+ "quote",
+ "syn",
 ]
 
 [[package]]
-name = "percent-encoding"
-version = "2.3.2"
+name = "document-features"
+version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
+checksum = "d4b8a88685455ed29a21542a33abd9cb6510b6b129abadabdcef0f4c55bc8f61"
+dependencies = [
+ "litrs",
+]
 
 [[package]]
-name = "pin-project-lite"
-version = "0.2.16"
+name = "dotenvy"
+version = "0.15.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
+checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
 
 [[package]]
-name = "pin-utils"
-version = "0.1.0"
+name = "ecdsa"
+version = "0.16.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
+checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
+dependencies = [
+ "der",
+ "digest",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+ "spki",
+]
 
 [[package]]
-name = "proc-macro2"
-version = "1.0.103"
+name = "ed25519"
+version = "2.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8"
+checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
 dependencies = [
- "unicode-ident",
+ "pkcs8",
+ "signature",
 ]
 
 [[package]]
-name = "quote"
-version = "1.0.41"
+name = "ed25519-dalek"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1"
+checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9"
 dependencies = [
- "proc-macro2",
+ "curve25519-dalek",
+ "ed25519",
+ "serde",
+ "sha2",
+ "subtle",
+ "zeroize",
 ]
 
 [[package]]
-name = "redox_syscall"
-version = "0.5.18"
+name = "either"
+version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
+checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
 dependencies = [
- "bitflags",
+ "serde",
 ]
 
 [[package]]
-name = "ryu"
-version = "1.0.20"
+name = "elliptic-curve"
+version = "0.13.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
+dependencies = [
+ "base16ct",
+ "crypto-bigint",
+ "digest",
+ "ff",
+ "generic-array",
+ "group",
+ "hkdf",
+ "pem-rfc7468",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "equivalent"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
+
+[[package]]
+name = "etcetera"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "136d1b5283a1ab77bd9257427ffd09d8667ced0570b6f938942bc7568ed5b943"
+dependencies = [
+ "cfg-if",
+ "home",
+ "windows-sys 0.48.0",
+]
+
+[[package]]
+name = "event-listener"
+version = "5.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e13b66accf52311f30a0db42147dadea9850cb48cd070028831ae5f5d4b856ab"
+dependencies = [
+ "concurrent-queue",
+ "parking",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "ff"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "fiat-crypto"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
+
+[[package]]
+name = "find-msvc-tools"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8591b0bcc8a98a64310a2fae1bb3e9b8564dd10e381e6e28010fde8e8e8568db"
+
+[[package]]
+name = "flume"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da0e4dd2a88388a1f4ccc7c9ce104604dab68d9f408dc34cd45823d5a9069095"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+ "spin",
+]
+
+[[package]]
+name = "fnv"
+version = "1.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+
+[[package]]
+name = "foldhash"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
+
+[[package]]
+name = "form_urlencoded"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf"
+dependencies = [
+ "percent-encoding",
+]
+
+[[package]]
+name = "futures-channel"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+]
+
+[[package]]
+name = "futures-core"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
+
+[[package]]
+name = "futures-executor"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
+dependencies = [
+ "futures-core",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-intrusive"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d930c203dd0b6ff06e0201a4a2fe9149b43c684fd4420555b26d21b1a02956f"
+dependencies = [
+ "futures-core",
+ "lock_api",
+ "parking_lot",
+]
+
+[[package]]
+name = "futures-io"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
+
+[[package]]
+name = "futures-sink"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
+
+[[package]]
+name = "futures-task"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
+
+[[package]]
+name = "futures-util"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
+dependencies = [
+ "futures-core",
+ "futures-io",
+ "futures-sink",
+ "futures-task",
+ "memchr",
+ "pin-project-lite",
+ "pin-utils",
+ "slab",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2"
+dependencies = [
+ "typenum",
+ "version_check",
+ "zeroize",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "r-efi",
+ "wasip2",
+]
+
+[[package]]
+name = "group"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
+dependencies = [
+ "ff",
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.15.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
+dependencies = [
+ "allocator-api2",
+ "equivalent",
+ "foldhash",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.16.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
+
+[[package]]
+name = "hashlink"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7382cf6263419f2d8df38c55d7da83da5c18aef87fc7a7fc1fb1e344edfe14c1"
+dependencies = [
+ "hashbrown 0.15.5",
+]
+
+[[package]]
+name = "heck"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
+
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
+name = "hkdf"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
+dependencies = [
+ "hmac",
+]
+
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest",
+]
+
+[[package]]
+name = "home"
+version = "0.5.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cc627f471c528ff0c4a49e1d5e60450c8f6461dd6d10ba9dcd3a61d3dff7728d"
+dependencies = [
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "http"
+version = "1.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f4a85d31aea989eead29a3aaf9e1115a180df8282431156e533de47660892565"
+dependencies = [
+ "bytes",
+ "fnv",
+ "itoa",
+]
+
+[[package]]
+name = "http-body"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
+dependencies = [
+ "bytes",
+ "http",
+]
+
+[[package]]
+name = "http-body-util"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
+dependencies = [
+ "bytes",
+ "futures-core",
+ "http",
+ "http-body",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "http-range-header"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c"
+
+[[package]]
+name = "httparse"
+version = "1.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
+
+[[package]]
+name = "httpdate"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
+
+[[package]]
+name = "hyper"
+version = "1.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eb3aa54a13a0dfe7fbe3a59e0c76093041720fdc77b110cc0fc260fafb4dc51e"
+dependencies = [
+ "atomic-waker",
+ "bytes",
+ "futures-channel",
+ "futures-core",
+ "http",
+ "http-body",
+ "httparse",
+ "httpdate",
+ "itoa",
+ "pin-project-lite",
+ "pin-utils",
+ "smallvec",
+ "tokio",
+ "want",
+]
+
+[[package]]
+name = "hyper-util"
+version = "0.1.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c6995591a8f1380fcb4ba966a252a4b29188d51d2b89e3a252f5305be65aea8"
+dependencies = [
+ "base64",
+ "bytes",
+ "futures-channel",
+ "futures-core",
+ "futures-util",
+ "http",
+ "http-body",
+ "hyper",
+ "ipnet",
+ "libc",
+ "percent-encoding",
+ "pin-project-lite",
+ "socket2",
+ "tokio",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "iana-time-zone"
+version = "0.1.64"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33e57f83510bb73707521ebaffa789ec8caf86f9657cad665b092b581d40e9fb"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "log",
+ "wasm-bindgen",
+ "windows-core",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "icu_collections"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c6b649701667bbe825c3b7e6388cb521c23d88644678e83c0c4d0a621a34b43"
+dependencies = [
+ "displaydoc",
+ "potential_utf",
+ "yoke",
+ "zerofrom",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locale_core"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "edba7861004dd3714265b4db54a3c390e880ab658fec5f7db895fae2046b5bb6"
+dependencies = [
+ "displaydoc",
+ "litemap",
+ "tinystr",
+ "writeable",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6c8828b67bf8908d82127b2054ea1b4427ff0230ee9141c54251934ab1b599"
+dependencies = [
+ "icu_collections",
+ "icu_normalizer_data",
+ "icu_properties",
+ "icu_provider",
+ "smallvec",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer_data"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a"
+
+[[package]]
+name = "icu_properties"
+version = "2.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec"
+dependencies = [
+ "icu_collections",
+ "icu_locale_core",
+ "icu_properties_data",
+ "icu_provider",
+ "zerotrie",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_properties_data"
+version = "2.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af"
+
+[[package]]
+name = "icu_provider"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85962cf0ce02e1e0a629cc34e7ca3e373ce20dda4c4d7294bbd0bf1fdb59e614"
+dependencies = [
+ "displaydoc",
+ "icu_locale_core",
+ "writeable",
+ "yoke",
+ "zerofrom",
+ "zerotrie",
+ "zerovec",
+]
+
+[[package]]
+name = "idna"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de"
+dependencies = [
+ "idna_adapter",
+ "smallvec",
+ "utf8_iter",
+]
+
+[[package]]
+name = "idna_adapter"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344"
+dependencies = [
+ "icu_normalizer",
+ "icu_properties",
+]
+
+[[package]]
+name = "indexmap"
+version = "2.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017"
+dependencies = [
+ "equivalent",
+ "hashbrown 0.16.1",
+]
+
+[[package]]
+name = "ipnet"
+version = "2.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130"
+
+[[package]]
+name = "iri-string"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a"
+dependencies = [
+ "memchr",
+ "serde",
+]
+
+[[package]]
+name = "itoa"
+version = "1.0.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
+
+[[package]]
+name = "js-sys"
+version = "0.3.85"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3"
+dependencies = [
+ "once_cell",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "jsonwebtoken"
+version = "10.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c76e1c7d7df3e34443b3621b459b066a7b79644f059fc8b2db7070c825fd417e"
+dependencies = [
+ "base64",
+ "ed25519-dalek",
+ "getrandom 0.2.17",
+ "hmac",
+ "js-sys",
+ "p256",
+ "p384",
+ "pem",
+ "rand 0.8.5",
+ "rsa",
+ "serde",
+ "serde_json",
+ "sha2",
+ "signature",
+ "simple_asn1",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+dependencies = [
+ "spin",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.177"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
+
+[[package]]
+name = "libm"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de"
+
+[[package]]
+name = "libredox"
+version = "0.1.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d0b95e02c851351f877147b7deea7b1afb1df71b63aa5f8270716e0c5720616"
+dependencies = [
+ "bitflags",
+ "libc",
+ "redox_syscall 0.7.0",
+]
+
+[[package]]
+name = "libsqlite3-sys"
+version = "0.30.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149"
+dependencies = [
+ "pkg-config",
+ "vcpkg",
+]
+
+[[package]]
+name = "litemap"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6373607a59f0be73a39b6fe456b8192fcc3585f602af20751600e974dd455e77"
+
+[[package]]
+name = "litrs"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11d3d7f243d5c5a8b9bb5d6dd2b1602c0cb0b9db1621bafc7ed66e35ff9fe092"
+
+[[package]]
+name = "lock_api"
+version = "0.4.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965"
+dependencies = [
+ "scopeguard",
+]
+
+[[package]]
+name = "log"
+version = "0.4.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+
+[[package]]
+name = "matchit"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
+
+[[package]]
+name = "md-5"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
+dependencies = [
+ "cfg-if",
+ "digest",
+]
+
+[[package]]
+name = "memchr"
+version = "2.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
+
+[[package]]
+name = "mime"
+version = "0.3.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
+
+[[package]]
+name = "mime_guess"
+version = "2.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e"
+dependencies = [
+ "mime",
+ "unicase",
+]
+
+[[package]]
+name = "mio"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69d83b0086dc8ecf3ce9ae2874b2d1290252e2a30720bea58a5c6639b0092873"
+dependencies = [
+ "libc",
+ "wasi",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "num-bigint"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
+dependencies = [
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-bigint-dig"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
+dependencies = [
+ "byteorder",
+ "lazy_static",
+ "libm",
+ "num-integer",
+ "num-iter",
+ "num-traits",
+ "rand 0.8.5",
+ "smallvec",
+ "zeroize",
+]
+
+[[package]]
+name = "num-conv"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+
+[[package]]
+name = "num-integer"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "num-iter"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
+dependencies = [
+ "autocfg",
+ "libm",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.21.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
+
+[[package]]
+name = "p256"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "primeorder",
+ "sha2",
+]
+
+[[package]]
+name = "p384"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "primeorder",
+ "sha2",
+]
+
+[[package]]
+name = "parking"
+version = "2.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba"
+
+[[package]]
+name = "parking_lot"
+version = "0.12.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall 0.5.18",
+ "smallvec",
+ "windows-link",
+]
+
+[[package]]
+name = "pem"
+version = "3.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d30c53c26bc5b31a98cd02d20f25a7c8567146caf63ed593a9d87b2775291be"
+dependencies = [
+ "base64",
+ "serde_core",
+]
+
+[[package]]
+name = "pem-rfc7468"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
+dependencies = [
+ "base64ct",
+]
+
+[[package]]
+name = "percent-encoding"
+version = "2.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
+
+[[package]]
+name = "pin-project-lite"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
+
+[[package]]
+name = "pin-utils"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
+
+[[package]]
+name = "pkcs1"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
+dependencies = [
+ "der",
+ "pkcs8",
+ "spki",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
+[[package]]
+name = "pkg-config"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
+
+[[package]]
+name = "potential_utf"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b73949432f5e2a09657003c25bca5e19a0e9c84f8058ca374f49e0ebe605af77"
+dependencies = [
+ "zerovec",
+]
+
+[[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
+dependencies = [
+ "zerocopy",
+]
+
+[[package]]
+name = "primeorder"
+version = "0.13.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
+dependencies = [
+ "elliptic-curve",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.103"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "psl-types"
+version = "2.0.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
+
+[[package]]
+name = "publicsuffix"
+version = "2.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f42ea446cab60335f76979ec15e12619a2165b5ae2c12166bef27d283a9fadf"
+dependencies = [
+ "idna",
+ "psl-types",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.41"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "r-efi"
+version = "5.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
+
+[[package]]
+name = "rand"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+dependencies = [
+ "libc",
+ "rand_chacha 0.3.1",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
+dependencies = [
+ "rand_chacha 0.9.0",
+ "rand_core 0.9.5",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.5",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.17",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c"
+dependencies = [
+ "getrandom 0.3.4",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.5.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49f3fe0889e69e2ae9e41f4d6c4c0181701d00e4697b356fb1f74173a5e0ee27"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "reqwest"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "04e9018c9d814e5f30cc16a0f03271aeab3571e609612d9fe78c1aa8d11c2f62"
+dependencies = [
+ "base64",
+ "bytes",
+ "cookie",
+ "cookie_store",
+ "futures-core",
+ "http",
+ "http-body",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "js-sys",
+ "log",
+ "percent-encoding",
+ "pin-project-lite",
+ "serde",
+ "serde_json",
+ "sync_wrapper",
+ "tokio",
+ "tower",
+ "tower-http",
+ "tower-service",
+ "url",
+ "wasm-bindgen",
+ "wasm-bindgen-futures",
+ "web-sys",
+]
+
+[[package]]
+name = "rfc6979"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
+dependencies = [
+ "hmac",
+ "subtle",
+]
+
+[[package]]
+name = "ring"
+version = "0.17.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom 0.2.17",
+ "libc",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "rsa"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b"
+dependencies = [
+ "const-oid",
+ "digest",
+ "num-bigint-dig",
+ "num-integer",
+ "num-traits",
+ "pkcs1",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "signature",
+ "spki",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "rustc_version"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
+dependencies = [
+ "semver",
+]
+
+[[package]]
+name = "rustls"
+version = "0.23.36"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b"
+dependencies = [
+ "once_cell",
+ "ring",
+ "rustls-pki-types",
+ "rustls-webpki",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-pki-types"
+version = "1.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd"
+dependencies = [
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.103.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53"
+dependencies = [
+ "ring",
+ "rustls-pki-types",
+ "untrusted",
+]
+
+[[package]]
+name = "rustversion"
+version = "1.0.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
+
+[[package]]
+name = "ryu"
+version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
 
 [[package]]
-name = "scopeguard"
-version = "1.2.0"
+name = "scopeguard"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+
+[[package]]
+name = "sec1"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
+dependencies = [
+ "base16ct",
+ "der",
+ "generic-array",
+ "pkcs8",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "semver"
+version = "1.0.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2"
+
+[[package]]
+name = "serde"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "serde_json"
+version = "1.0.145"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+dependencies = [
+ "itoa",
+ "memchr",
+ "ryu",
+ "serde",
+ "serde_core",
+]
+
+[[package]]
+name = "serde_path_to_error"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
+dependencies = [
+ "itoa",
+ "serde",
+ "serde_core",
+]
+
+[[package]]
+name = "serde_urlencoded"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
+dependencies = [
+ "form_urlencoded",
+ "itoa",
+ "ryu",
+ "serde",
+]
+
+[[package]]
+name = "sha1"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
+name = "signal-hook-registry"
+version = "1.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2a4719bff48cee6b39d12c020eeb490953ad2443b7055bd0b21fca26bd8c28b"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "simple_asn1"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "thiserror",
+ "time",
+]
+
+[[package]]
+name = "slab"
+version = "0.4.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589"
+
+[[package]]
+name = "smallvec"
+version = "1.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "socket2"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "17129e116933cf371d018bb80ae557e889637989d8638274fb25622827b03881"
+dependencies = [
+ "libc",
+ "windows-sys 0.60.2",
+]
+
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+dependencies = [
+ "lock_api",
+]
+
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
+[[package]]
+name = "sqlx"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fefb893899429669dcdd979aff487bd78f4064e5e7907e4269081e0ef7d97dc"
+dependencies = [
+ "sqlx-core",
+ "sqlx-macros",
+ "sqlx-mysql",
+ "sqlx-postgres",
+ "sqlx-sqlite",
+]
+
+[[package]]
+name = "sqlx-core"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee6798b1838b6a0f69c007c133b8df5866302197e404e8b6ee8ed3e3a5e68dc6"
+dependencies = [
+ "base64",
+ "bytes",
+ "crc",
+ "crossbeam-queue",
+ "either",
+ "event-listener",
+ "futures-core",
+ "futures-intrusive",
+ "futures-io",
+ "futures-util",
+ "hashbrown 0.15.5",
+ "hashlink",
+ "indexmap",
+ "log",
+ "memchr",
+ "once_cell",
+ "percent-encoding",
+ "rustls",
+ "serde",
+ "serde_json",
+ "sha2",
+ "smallvec",
+ "thiserror",
+ "tokio",
+ "tokio-stream",
+ "tracing",
+ "url",
+ "webpki-roots 0.26.11",
+]
+
+[[package]]
+name = "sqlx-macros"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2d452988ccaacfbf5e0bdbc348fb91d7c8af5bee192173ac3636b5fb6e6715d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "sqlx-core",
+ "sqlx-macros-core",
+ "syn",
+]
+
+[[package]]
+name = "sqlx-macros-core"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19a9c1841124ac5a61741f96e1d9e2ec77424bf323962dd894bdb93f37d5219b"
+dependencies = [
+ "dotenvy",
+ "either",
+ "heck",
+ "hex",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "serde",
+ "serde_json",
+ "sha2",
+ "sqlx-core",
+ "sqlx-mysql",
+ "sqlx-postgres",
+ "sqlx-sqlite",
+ "syn",
+ "tokio",
+ "url",
+]
+
+[[package]]
+name = "sqlx-mysql"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa003f0038df784eb8fecbbac13affe3da23b45194bd57dba231c8f48199c526"
+dependencies = [
+ "atoi",
+ "base64",
+ "bitflags",
+ "byteorder",
+ "bytes",
+ "crc",
+ "digest",
+ "dotenvy",
+ "either",
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-util",
+ "generic-array",
+ "hex",
+ "hkdf",
+ "hmac",
+ "itoa",
+ "log",
+ "md-5",
+ "memchr",
+ "once_cell",
+ "percent-encoding",
+ "rand 0.8.5",
+ "rsa",
+ "serde",
+ "sha1",
+ "sha2",
+ "smallvec",
+ "sqlx-core",
+ "stringprep",
+ "thiserror",
+ "tracing",
+ "whoami",
+]
+
+[[package]]
+name = "sqlx-postgres"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db58fcd5a53cf07c184b154801ff91347e4c30d17a3562a635ff028ad5deda46"
+dependencies = [
+ "atoi",
+ "base64",
+ "bitflags",
+ "byteorder",
+ "crc",
+ "dotenvy",
+ "etcetera",
+ "futures-channel",
+ "futures-core",
+ "futures-util",
+ "hex",
+ "hkdf",
+ "hmac",
+ "home",
+ "itoa",
+ "log",
+ "md-5",
+ "memchr",
+ "once_cell",
+ "rand 0.8.5",
+ "serde",
+ "serde_json",
+ "sha2",
+ "smallvec",
+ "sqlx-core",
+ "stringprep",
+ "thiserror",
+ "tracing",
+ "whoami",
+]
+
+[[package]]
+name = "sqlx-sqlite"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2d12fe70b2c1b4401038055f90f151b78208de1f9f89a7dbfd41587a10c3eea"
+dependencies = [
+ "atoi",
+ "flume",
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-intrusive",
+ "futures-util",
+ "libsqlite3-sys",
+ "log",
+ "percent-encoding",
+ "serde",
+ "serde_urlencoded",
+ "sqlx-core",
+ "thiserror",
+ "tracing",
+ "url",
+]
+
+[[package]]
+name = "stable_deref_trait"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"
+
+[[package]]
+name = "stringprep"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b4df3d392d81bd458a8a621b8bffbd2302a12ffe288a9d931670948749463b1"
+dependencies = [
+ "unicode-bidi",
+ "unicode-normalization",
+ "unicode-properties",
+]
+
+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
+[[package]]
+name = "syn"
+version = "2.0.108"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da58917d35242480a05c2897064da0a80589a2a0476c9a3f2fdc83b53502e917"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "sync_wrapper"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
+dependencies = [
+ "futures-core",
+]
+
+[[package]]
+name = "synstructure"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "thiserror"
+version = "2.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "2.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
 
 [[package]]
-name = "serde"
-version = "1.0.228"
+name = "time"
+version = "0.3.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d"
 dependencies = [
- "serde_core",
+ "deranged",
+ "itoa",
+ "num-conv",
+ "powerfmt",
+ "serde",
+ "time-core",
+ "time-macros",
 ]
 
 [[package]]
-name = "serde_core"
-version = "1.0.228"
+name = "time-core"
+version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b"
+
+[[package]]
+name = "time-macros"
+version = "0.2.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3"
 dependencies = [
- "serde_derive",
+ "num-conv",
+ "time-core",
 ]
 
 [[package]]
-name = "serde_derive"
-version = "1.0.228"
+name = "tinystr"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869"
+dependencies = [
+ "displaydoc",
+ "zerovec",
+]
+
+[[package]]
+name = "tinyvec"
+version = "1.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa5fdc3bce6191a1dbc8c02d5c8bffcf557bafa17c124c5264a458f1b0613fa"
+dependencies = [
+ "tinyvec_macros",
+]
+
+[[package]]
+name = "tinyvec_macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
+
+[[package]]
+name = "tokio"
+version = "1.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff360e02eab121e0bc37a2d3b4d4dc622e6eda3a8e5253d5435ecf5bd4c68408"
+dependencies = [
+ "bytes",
+ "libc",
+ "mio",
+ "parking_lot",
+ "pin-project-lite",
+ "signal-hook-registry",
+ "socket2",
+ "tokio-macros",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "tokio-macros"
+version = "2.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -412,221 +2174,411 @@ dependencies = [
 ]
 
 [[package]]
-name = "serde_json"
-version = "1.0.145"
+name = "tokio-stream"
+version = "0.1.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70"
 dependencies = [
- "itoa",
- "memchr",
- "ryu",
- "serde",
- "serde_core",
+ "futures-core",
+ "pin-project-lite",
+ "tokio",
 ]
 
 [[package]]
-name = "serde_path_to_error"
-version = "0.1.20"
+name = "tokio-util"
+version = "0.7.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
+checksum = "2efa149fe76073d6e8fd97ef4f4eca7b67f599660115591483572e406e165594"
 dependencies = [
- "itoa",
- "serde",
- "serde_core",
+ "bytes",
+ "futures-core",
+ "futures-sink",
+ "pin-project-lite",
+ "tokio",
 ]
 
 [[package]]
-name = "serde_urlencoded"
-version = "0.7.1"
+name = "tower"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
+checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9"
 dependencies = [
- "form_urlencoded",
- "itoa",
- "ryu",
- "serde",
+ "futures-core",
+ "futures-util",
+ "pin-project-lite",
+ "sync_wrapper",
+ "tokio",
+ "tower-layer",
+ "tower-service",
+ "tracing",
 ]
 
 [[package]]
-name = "signal-hook-registry"
-version = "1.4.6"
+name = "tower-http"
+version = "0.6.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2a4719bff48cee6b39d12c020eeb490953ad2443b7055bd0b21fca26bd8c28b"
+checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
 dependencies = [
- "libc",
+ "bitflags",
+ "bytes",
+ "futures-core",
+ "futures-util",
+ "http",
+ "http-body",
+ "http-body-util",
+ "http-range-header",
+ "httpdate",
+ "iri-string",
+ "mime",
+ "mime_guess",
+ "percent-encoding",
+ "pin-project-lite",
+ "tokio",
+ "tokio-util",
+ "tower",
+ "tower-layer",
+ "tower-service",
+ "tracing",
 ]
 
 [[package]]
-name = "smallvec"
-version = "1.15.1"
+name = "tower-layer"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
+checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
 
 [[package]]
-name = "socket2"
-version = "0.6.1"
+name = "tower-service"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17129e116933cf371d018bb80ae557e889637989d8638274fb25622827b03881"
+checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
+
+[[package]]
+name = "tracing"
+version = "0.1.41"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
 dependencies = [
- "libc",
- "windows-sys 0.60.2",
+ "log",
+ "pin-project-lite",
+ "tracing-attributes",
+ "tracing-core",
 ]
 
 [[package]]
-name = "syn"
-version = "2.0.108"
+name = "tracing-attributes"
+version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da58917d35242480a05c2897064da0a80589a2a0476c9a3f2fdc83b53502e917"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
  "proc-macro2",
  "quote",
- "unicode-ident",
+ "syn",
 ]
 
 [[package]]
-name = "sync_wrapper"
-version = "1.0.2"
+name = "tracing-core"
+version = "0.1.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
+checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
+dependencies = [
+ "once_cell",
+]
+
+[[package]]
+name = "try-lock"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
+
+[[package]]
+name = "typenum"
+version = "1.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"
+
+[[package]]
+name = "unicase"
+version = "2.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539"
+
+[[package]]
+name = "unicode-bidi"
+version = "0.3.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c1cb5db39152898a79168971543b1cb5020dff7fe43c8dc468b0885f5e29df5"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
+
+[[package]]
+name = "unicode-normalization"
+version = "0.1.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5fd4f6878c9cb28d874b009da9e8d183b5abc80117c40bbd187a1fde336be6e8"
+dependencies = [
+ "tinyvec",
+]
+
+[[package]]
+name = "unicode-properties"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7df058c713841ad818f1dc5d3fd88063241cc61f49f5fbea4b951e8cf5a8d71d"
+
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
+[[package]]
+name = "url"
+version = "2.5.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed"
+dependencies = [
+ "form_urlencoded",
+ "idna",
+ "percent-encoding",
+ "serde",
+]
+
+[[package]]
+name = "utf8_iter"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
+
+[[package]]
+name = "uuid"
+version = "1.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a"
+dependencies = [
+ "getrandom 0.3.4",
+ "serde_core",
+]
+
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
+[[package]]
+name = "want"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e"
+dependencies = [
+ "try-lock",
+]
+
+[[package]]
+name = "wasi"
+version = "0.11.1+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
+
+[[package]]
+name = "wasip2"
+version = "1.0.2+wasi-0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5"
+dependencies = [
+ "wit-bindgen",
+]
+
+[[package]]
+name = "wasite"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.108"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566"
+dependencies = [
+ "cfg-if",
+ "once_cell",
+ "rustversion",
+ "wasm-bindgen-macro",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-futures"
+version = "0.4.58"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f"
+dependencies = [
+ "cfg-if",
+ "futures-util",
+ "js-sys",
+ "once_cell",
+ "wasm-bindgen",
+ "web-sys",
+]
 
 [[package]]
-name = "tokio"
-version = "1.48.0"
+name = "wasm-bindgen-macro"
+version = "0.2.108"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff360e02eab121e0bc37a2d3b4d4dc622e6eda3a8e5253d5435ecf5bd4c68408"
+checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608"
 dependencies = [
- "bytes",
- "libc",
- "mio",
- "parking_lot",
- "pin-project-lite",
- "signal-hook-registry",
- "socket2",
- "tokio-macros",
- "windows-sys 0.61.2",
+ "quote",
+ "wasm-bindgen-macro-support",
 ]
 
 [[package]]
-name = "tokio-macros"
-version = "2.6.0"
+name = "wasm-bindgen-macro-support"
+version = "0.2.108"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5"
+checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55"
 dependencies = [
+ "bumpalo",
  "proc-macro2",
  "quote",
  "syn",
+ "wasm-bindgen-shared",
 ]
 
 [[package]]
-name = "tokio-util"
-version = "0.7.17"
+name = "wasm-bindgen-shared"
+version = "0.2.108"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2efa149fe76073d6e8fd97ef4f4eca7b67f599660115591483572e406e165594"
+checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12"
 dependencies = [
- "bytes",
- "futures-core",
- "futures-sink",
- "pin-project-lite",
- "tokio",
+ "unicode-ident",
 ]
 
 [[package]]
-name = "tower"
-version = "0.5.2"
+name = "web-sys"
+version = "0.3.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9"
+checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598"
 dependencies = [
- "futures-core",
- "futures-util",
- "pin-project-lite",
- "sync_wrapper",
- "tokio",
- "tower-layer",
- "tower-service",
- "tracing",
+ "js-sys",
+ "wasm-bindgen",
 ]
 
 [[package]]
-name = "tower-http"
-version = "0.6.6"
+name = "webpki-roots"
+version = "0.26.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
+checksum = "521bc38abb08001b01866da9f51eb7c5d647a19260e00054a8c7fd5f9e57f7a9"
 dependencies = [
- "bitflags",
- "bytes",
- "futures-core",
- "futures-util",
- "http",
- "http-body",
- "http-body-util",
- "http-range-header",
- "httpdate",
- "mime",
- "mime_guess",
- "percent-encoding",
- "pin-project-lite",
- "tokio",
- "tokio-util",
- "tower-layer",
- "tower-service",
- "tracing",
+ "webpki-roots 1.0.5",
 ]
 
 [[package]]
-name = "tower-layer"
-version = "0.3.3"
+name = "webpki-roots"
+version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
+checksum = "12bed680863276c63889429bfd6cab3b99943659923822de1c8a39c49e4d722c"
+dependencies = [
+ "rustls-pki-types",
+]
 
 [[package]]
-name = "tower-service"
-version = "0.3.3"
+name = "whoami"
+version = "1.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
+checksum = "5d4a4db5077702ca3015d3d02d74974948aba2ad9e12ab7df718ee64ccd7e97d"
+dependencies = [
+ "libredox",
+ "wasite",
+]
 
 [[package]]
-name = "tracing"
-version = "0.1.41"
+name = "windows-core"
+version = "0.62.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
+checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb"
 dependencies = [
- "log",
- "pin-project-lite",
- "tracing-core",
+ "windows-implement",
+ "windows-interface",
+ "windows-link",
+ "windows-result",
+ "windows-strings",
 ]
 
 [[package]]
-name = "tracing-core"
-version = "0.1.34"
+name = "windows-implement"
+version = "0.60.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
+checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
 dependencies = [
- "once_cell",
+ "proc-macro2",
+ "quote",
+ "syn",
 ]
 
 [[package]]
-name = "unicase"
-version = "2.8.1"
+name = "windows-interface"
+version = "0.59.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539"
+checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
 
 [[package]]
-name = "unicode-ident"
-version = "1.0.22"
+name = "windows-link"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
 
 [[package]]
-name = "wasi"
-version = "0.11.1+wasi-snapshot-preview1"
+name = "windows-result"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
+checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5"
+dependencies = [
+ "windows-link",
+]
 
 [[package]]
-name = "windows-link"
-version = "0.2.1"
+name = "windows-strings"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091"
+dependencies = [
+ "windows-link",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
+dependencies = [
+ "windows-targets 0.48.5",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
+dependencies = [
+ "windows-targets 0.52.6",
+]
 
 [[package]]
 name = "windows-sys"
@@ -634,7 +2586,7 @@ version = "0.60.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
 dependencies = [
- "windows-targets",
+ "windows-targets 0.53.5",
 ]
 
 [[package]]
@@ -646,6 +2598,37 @@ dependencies = [
  "windows-link",
 ]
 
+[[package]]
+name = "windows-targets"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
+dependencies = [
+ "windows_aarch64_gnullvm 0.48.5",
+ "windows_aarch64_msvc 0.48.5",
+ "windows_i686_gnu 0.48.5",
+ "windows_i686_msvc 0.48.5",
+ "windows_x86_64_gnu 0.48.5",
+ "windows_x86_64_gnullvm 0.48.5",
+ "windows_x86_64_msvc 0.48.5",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
+dependencies = [
+ "windows_aarch64_gnullvm 0.52.6",
+ "windows_aarch64_msvc 0.52.6",
+ "windows_i686_gnu 0.52.6",
+ "windows_i686_gnullvm 0.52.6",
+ "windows_i686_msvc 0.52.6",
+ "windows_x86_64_gnu 0.52.6",
+ "windows_x86_64_gnullvm 0.52.6",
+ "windows_x86_64_msvc 0.52.6",
+]
+
 [[package]]
 name = "windows-targets"
 version = "0.53.5"
@@ -653,60 +2636,265 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3"
 dependencies = [
  "windows-link",
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_gnullvm",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
+ "windows_aarch64_gnullvm 0.53.1",
+ "windows_aarch64_msvc 0.53.1",
+ "windows_i686_gnu 0.53.1",
+ "windows_i686_gnullvm 0.53.1",
+ "windows_i686_msvc 0.53.1",
+ "windows_x86_64_gnu 0.53.1",
+ "windows_x86_64_gnullvm 0.53.1",
+ "windows_x86_64_msvc 0.53.1",
 ]
 
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
+
 [[package]]
 name = "windows_aarch64_gnullvm"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53"
 
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
+
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006"
 
+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
+
 [[package]]
 name = "windows_i686_gnu"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3"
 
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
+
 [[package]]
 name = "windows_i686_gnullvm"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c"
 
+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
+
 [[package]]
 name = "windows_i686_msvc"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2"
 
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
+
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499"
 
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
+
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1"
 
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
+
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650"
+
+[[package]]
+name = "wit-bindgen"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
+
+[[package]]
+name = "writeable"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9"
+
+[[package]]
+name = "yoke"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72d6e5c6afb84d73944e5cedb052c4680d5657337201555f9f2a16b7406d4954"
+dependencies = [
+ "stable_deref_trait",
+ "yoke-derive",
+ "zerofrom",
+]
+
+[[package]]
+name = "yoke-derive"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "synstructure",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.33"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "668f5168d10b9ee831de31933dc111a459c97ec93225beb307aed970d1372dfd"
+dependencies = [
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.33"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c7962b26b0a8685668b671ee4b54d007a67d4eaf05fda79ac0ecf41e32270f1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zerofrom"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5"
+dependencies = [
+ "zerofrom-derive",
+]
+
+[[package]]
+name = "zerofrom-derive"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "synstructure",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
+
+[[package]]
+name = "zerotrie"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a59c17a5562d507e4b54960e8569ebee33bee890c70aa3fe7b97e85a9fd7851"
+dependencies = [
+ "displaydoc",
+ "yoke",
+ "zerofrom",
+]
+
+[[package]]
+name = "zerovec"
+version = "0.11.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002"
+dependencies = [
+ "yoke",
+ "zerofrom",
+ "zerovec-derive",
+]
+
+[[package]]
+name = "zerovec-derive"
+version = "0.11.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
diff --git a/auth-service/Cargo.toml b/auth-service/Cargo.toml
index dbf7bee78..0fa896bb1 100644
--- a/auth-service/Cargo.toml
+++ b/auth-service/Cargo.toml
@@ -7,5 +7,19 @@ edition = "2021"
 
 [dependencies]
 axum = "0.8.6"
+axum-extra = { version = "0.12.5", features = ["cookie"] }
+serde = { version = "1.0.228", features = ["derive"] }
+serde_json = "1.0.145"
+uuid = { version = "1.18.1", default-features = false, features = ["v4", "serde"] }
 tokio = { version = "1.48.0", features = ["full"] }
-tower-http = { version = "0.6.6", features = ["fs"] }
\ No newline at end of file
+tower-http = { version = "0.6.6", features = ["fs", "cors",] }
+async-trait = "0.1.89"
+jsonwebtoken = { version = "10.2.0", features = ["rust_crypto"] }
+chrono = "0.4.43"
+dotenvy = "0.15.7"
+lazy_static = "1.5.0"
+rand = "0.9.2"
+sqlx = { version = "0.8.6", features = [ "runtime-tokio-rustls", "postgres", "migrate"] }
+
+[dev-dependencies]
+reqwest = { version = "0.13.1", default-features = false, features = ["json", "cookies"] }
diff --git a/auth-service/build.rs b/auth-service/build.rs
new file mode 100644
index 000000000..d5068697c
--- /dev/null
+++ b/auth-service/build.rs
@@ -0,0 +1,5 @@
+// generated by `sqlx migrate build-script`
+fn main() {
+    // trigger recompilation when a new migration is added
+    println!("cargo:rerun-if-changed=migrations");
+}
diff --git a/auth-service/migrations/20260131231959_create_users_table.down.sql b/auth-service/migrations/20260131231959_create_users_table.down.sql
new file mode 100644
index 000000000..329be0477
--- /dev/null
+++ b/auth-service/migrations/20260131231959_create_users_table.down.sql
@@ -0,0 +1,2 @@
+-- Add down migration script here
+DROP TABLE IF EXISTS users;
\ No newline at end of file
diff --git a/auth-service/migrations/20260131231959_create_users_table.up.sql b/auth-service/migrations/20260131231959_create_users_table.up.sql
new file mode 100644
index 000000000..52ff3e247
--- /dev/null
+++ b/auth-service/migrations/20260131231959_create_users_table.up.sql
@@ -0,0 +1,6 @@
+-- Add up migration script here
+CREATE TABLE IF NOT EXISTS users(
+   email TEXT NOT NULL PRIMARY KEY,
+   password_hash TEXT NOT NULL,
+   requires_2fa BOOLEAN NOT NULL DEFAULT FALSE
+);
\ No newline at end of file
diff --git a/auth-service/src/app_state.rs b/auth-service/src/app_state.rs
new file mode 100644
index 000000000..c063e7e2f
--- /dev/null
+++ b/auth-service/src/app_state.rs
@@ -0,0 +1,114 @@
+use std::{ops::Deref, sync::Arc};
+use tokio::sync::Mutex;
+
+use crate::{services::{data_store::{BannedTokenStore, TwoFACodeStore, UserStore}, email_client::EmailClient, hashmap_two_fa_code_store::HashmapTwoFACodeStore, hashmap_user_store::HashmapUserStore, hashset_banned_token_store::HashsetBannedTokenStore, mock_email_client::MockEmailClient}};
+
+
+#[derive(Clone)]
+pub struct UserStoreType(pub Arc<Box<dyn UserStore>>);
+
+impl Deref for UserStoreType {
+    type Target = Arc<Box<dyn UserStore>>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl Default for UserStoreType {
+    fn default() -> Self {
+        let store: Box<dyn UserStore> = Box::new(HashmapUserStore::default());
+        Self(Arc::new(store))
+    }
+}
+
+
+#[derive(Clone)]
+pub struct BannedTokenStoreType(pub Arc<Box<dyn BannedTokenStore>>);
+
+impl Deref for BannedTokenStoreType {
+    type Target = Arc<Box< dyn BannedTokenStore>>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl Default for BannedTokenStoreType {
+    fn default() -> Self {
+        let store: Box<dyn BannedTokenStore> = Box::new(HashsetBannedTokenStore::default());
+        Self(Arc::new(store))
+    }
+}
+
+
+#[derive(Clone)]
+pub struct TwoFACodeStoreType(pub Arc<Mutex<Box<dyn TwoFACodeStore>>>);
+
+impl Deref for TwoFACodeStoreType {
+    type Target = Arc<Mutex<Box< dyn TwoFACodeStore>>>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl Default for TwoFACodeStoreType {
+    fn default() -> Self {
+        let store: Mutex<Box<dyn TwoFACodeStore>> = Mutex::new(Box::new(HashmapTwoFACodeStore::default()));
+        Self(Arc::new(store))
+    }
+}
+
+
+#[derive(Clone)]
+pub struct EmailClientType(pub Arc<Box<dyn EmailClient>>);
+
+impl Deref for EmailClientType {
+    type Target = Arc<Box< dyn EmailClient>>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl Default for EmailClientType {
+    fn default() -> Self {
+        let store: Box<dyn EmailClient> = Box::new(MockEmailClient::default());
+        Self(Arc::new(store))
+    }
+}
+
+
+
+#[derive(Clone)]
+pub struct AppState {
+    pub user_store: UserStoreType,
+    pub banned_token_store: BannedTokenStoreType,
+    pub two_fa_code_store: TwoFACodeStoreType,
+    pub email_client: EmailClientType,
+}
+
+impl AppState {
+    pub fn new(
+        user_store: UserStoreType,
+        banned_token_store: BannedTokenStoreType,
+        two_fa_code_store: TwoFACodeStoreType,
+        email_client: EmailClientType,
+    ) -> Self {
+        Self {
+            user_store,
+            banned_token_store,
+            two_fa_code_store,
+            email_client,
+        }
+    }
+
+    // // Optional ergonomic constructor (useful for DI/tests)
+    // pub fn with_store(store: impl UserStore + 'static) -> Self {
+    //     let store: Box<dyn UserStore> = Box::new(store);
+    //     Self {
+    //         user_store: UserStoreType(Arc::new(RwLock::new(store))),
+    //     }
+    // }
+}
diff --git a/auth-service/src/domain/email.rs b/auth-service/src/domain/email.rs
new file mode 100644
index 000000000..946b49e8d
--- /dev/null
+++ b/auth-service/src/domain/email.rs
@@ -0,0 +1,43 @@
+#[derive(Clone, Debug, PartialEq, Eq, Hash)]
+pub struct Email(String);
+
+impl Email {
+    pub fn new(s: &str) -> Self {
+        Self(s.to_string())
+    }
+
+    pub fn parse(s: String) -> Result<Email, String> {
+        if !s.is_empty() && s.contains('@') {
+            Ok(Email(s))
+        } else {
+            Err(format!("'{}' is not a valid email address.", s))
+        }
+    }
+}
+
+impl AsRef<str> for Email {
+    fn as_ref(&self) -> &str {
+        &self.0
+    }
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_email_parse() {
+        let email = Email::parse("test@example.com".to_string()).unwrap();
+        assert_eq!(email.as_ref(), "test@example.com");
+    }
+
+    #[test]
+    fn test_email_parse_invalid() {
+        let result = Email::parse("invalid-email".to_string());
+        assert!(result.is_err());
+
+        let result = Email::parse("".to_string());
+        assert!(result.is_err());
+    }
+}
diff --git a/auth-service/src/domain/error.rs b/auth-service/src/domain/error.rs
new file mode 100644
index 000000000..da97a90e1
--- /dev/null
+++ b/auth-service/src/domain/error.rs
@@ -0,0 +1,10 @@
+#[derive(Debug)]
+pub enum AuthAPIError {
+    MalformedRequest,
+    InvalidCredentials,
+    IncorrectCredentials,
+    UserAlreadyExists,
+    UnexpectedError,
+    MissingToken,
+    InvalidToken,
+}
diff --git a/auth-service/src/domain/mod.rs b/auth-service/src/domain/mod.rs
new file mode 100644
index 000000000..76ec1692f
--- /dev/null
+++ b/auth-service/src/domain/mod.rs
@@ -0,0 +1,4 @@
+pub mod user;
+pub mod error;
+pub mod email;
+pub mod password;
diff --git a/auth-service/src/domain/password.rs b/auth-service/src/domain/password.rs
new file mode 100644
index 000000000..79a023783
--- /dev/null
+++ b/auth-service/src/domain/password.rs
@@ -0,0 +1,36 @@
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct Password(String);
+
+impl Password {
+    pub fn parse(s: String) -> Result<Password, String> {
+        if s.len() < 8 {
+            Err("Password must be at least 8 characters long".to_string())
+        } else {
+            Ok(Password(s))
+        }
+    }
+}
+
+impl AsRef<str> for Password {
+    fn as_ref(&self) -> &str {
+        &self.0
+    }
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_password_parse() {
+        let password = Password::parse("strongpassword".to_string()).unwrap();
+        assert_eq!(password.as_ref(), "strongpassword");
+    }
+
+    #[test]
+    fn test_password_parse_invalid() {
+        let result = Password::parse("short".to_string());
+        assert!(result.is_err());
+    }
+}
diff --git a/auth-service/src/domain/user.rs b/auth-service/src/domain/user.rs
new file mode 100644
index 000000000..223ff50ba
--- /dev/null
+++ b/auth-service/src/domain/user.rs
@@ -0,0 +1,18 @@
+use crate::domain::{email::Email, password::Password};
+
+#[derive(Clone)]
+pub struct User {
+    pub requires_2fa: bool,
+    pub password: Password,
+    pub email: Email,
+}
+
+impl User {
+    pub fn new(email: Email, password: Password, requires_2fa: bool) -> Self {
+        Self {
+            email,
+            password,
+            requires_2fa,
+        }
+    }
+}
diff --git a/auth-service/src/lib.rs b/auth-service/src/lib.rs
new file mode 100644
index 000000000..f53b3842b
--- /dev/null
+++ b/auth-service/src/lib.rs
@@ -0,0 +1,94 @@
+use tokio::net::TcpListener;
+use axum::{Json, Router, http::{Method, StatusCode}, response::{IntoResponse, Response}, routing::post, serve::Serve};
+use tower_http::{cors::CorsLayer, services::{ServeDir, ServeFile}};
+use sqlx::{postgres::PgPoolOptions, PgPool};
+
+pub mod routes;
+pub mod domain;
+pub mod services;
+pub mod app_state;
+pub mod utils;
+
+use routes::*;
+use domain::{error::AuthAPIError};
+use app_state::AppState;
+
+
+type Result<T> = std::result::Result<T, Box<dyn std::error::Error + Send + Sync>>;
+
+
+#[derive(serde::Serialize, serde::Deserialize)]
+pub struct ErrorResponse {
+    pub error: String,
+}
+
+
+impl IntoResponse for AuthAPIError {
+    fn into_response(self) -> axum::response::Response {
+        let (status, error_message) = match self {
+            AuthAPIError::MalformedRequest => (StatusCode::UNPROCESSABLE_ENTITY, "Malformed request"),
+            AuthAPIError::InvalidCredentials => (StatusCode::BAD_REQUEST, "Invalid credentials"),
+            AuthAPIError::IncorrectCredentials => (StatusCode::UNAUTHORIZED, "Incorrect credentials"),
+            AuthAPIError::UserAlreadyExists => (StatusCode::CONFLICT, "User already exists"),
+            AuthAPIError::UnexpectedError => (StatusCode::INTERNAL_SERVER_ERROR, "Unexpected error"),
+            AuthAPIError::MissingToken => (StatusCode::BAD_REQUEST, "Missing token"),
+            AuthAPIError::InvalidToken => (StatusCode::UNAUTHORIZED, "Invalid token")
+        };
+
+        let body = Json(ErrorResponse {
+            error: error_message.to_string(),
+        });
+
+        (status, body).into_response()
+    }
+}
+
+
+pub struct Application {
+    server: Serve<TcpListener, Router, Router>,
+    pub address: String,
+}
+
+impl Application {
+    pub async fn build(app_state: AppState, address: &str) -> Result<Self> {
+        let allowed_origins = [
+            "http://localhost:8000".parse()?,
+        ];
+
+        let cors = CorsLayer::new()
+        .allow_methods([Method::GET, Method::POST])
+        .allow_credentials(true)
+        .allow_origin(allowed_origins);
+
+        let assets_dir = ServeDir::new("assets")
+        .not_found_service(ServeFile::new("assets/index.html"));
+
+        let router = Router::new()
+            .fallback_service(assets_dir)
+            .route("/signup", post(signup))
+            .route("/login", post(login))
+            .route("/verify-2fa", post(verify_2fa))
+            .route("/logout", post(logout))
+            .route("/verify-token", post(verify_token))
+            .with_state(app_state)
+            .layer(cors);
+        let listener = TcpListener::bind(address).await?; 
+        let address = listener.local_addr()?.to_string();
+        let server = axum::serve(listener, router);
+
+        Ok(Application { server, address })
+    }
+
+    pub async fn run(self) -> Result<()> {
+        println!("Listening on {}", self.address);
+        self.server.await?;
+        Ok(())
+    }
+}
+
+
+
+pub async fn get_postgres_pool(url: &str) -> std::result::Result<PgPool, sqlx::Error> {
+    // Create a new PostgreSQL connection pool
+    PgPoolOptions::new().max_connections(5).connect(url).await
+}
diff --git a/auth-service/src/main.rs b/auth-service/src/main.rs
index 1f243bd26..ae2baf2ef 100644
--- a/auth-service/src/main.rs
+++ b/auth-service/src/main.rs
@@ -1,23 +1,37 @@
-use axum::{response::Html, routing::get, serve, Router};
-use tower_http::services::ServeDir;
+use auth_service::{Application, app_state::{AppState, BannedTokenStoreType, EmailClientType, TwoFACodeStoreType, UserStoreType}, get_postgres_pool, services::email_client::EmailClient, utils::constants::{DATABASE_URL, prod}};
+use sqlx::PgPool;
+
 
 #[tokio::main]
 async fn main() {
-    let assets_dir = ServeDir::new("assets");
-    let app = Router::new()
-        .fallback_service(assets_dir)
-        .route("/hello", get(hello_handler));
-
-    // Here we are using ip 0.0.0.0 so the service is listening on all the configured network interfaces.
-    // This is needed for Docker to work, which we will add later on.
-    // See: https://stackoverflow.com/questions/39525820/docker-port-forwarding-not-working
-    let listener = tokio::net::TcpListener::bind("0.0.0.0:3000").await.unwrap();
-    println!("listening on {}", listener.local_addr().unwrap());
+    let pg_pool = configure_postgresql().await;
+    let user_store = UserStoreType::default();
+    let banned_token_store = BannedTokenStoreType::default();
+    let two_fa_code_store = TwoFACodeStoreType::default();
+    let email_client = EmailClientType::default();
+    let app_state = AppState::new(
+        user_store,
+        banned_token_store,
+        two_fa_code_store,
+        email_client,
+    ); // optionally, if builder pattern enabled: AppState::with_store(hashmap_store).build();
 
-    axum::serve(listener, app).await.unwrap();
+    let app = Application::build(app_state, prod::APP_ADDRESS).await.expect("Failed to build app");
+    app.run().await.expect("Failed to run app");
 }
 
-async fn hello_handler() -> Html<&'static str> {
-    // TODO: Update this to a custom message!
-    Html("<h1>Hello, World!</h1>")
+
+async fn configure_postgresql() -> PgPool {
+    // Create a new database connection pool
+    let pg_pool = get_postgres_pool(&DATABASE_URL)
+        .await
+        .expect("Failed to create Postgres connection pool!");
+
+    // Run database migrations against our test database! 
+    sqlx::migrate!()
+        .run(&pg_pool)
+        .await
+        .expect("Failed to run migrations");
+
+    pg_pool
 }
diff --git a/auth-service/src/routes/login.rs b/auth-service/src/routes/login.rs
new file mode 100644
index 000000000..3c34b8548
--- /dev/null
+++ b/auth-service/src/routes/login.rs
@@ -0,0 +1,125 @@
+use axum::{Json, extract::State, http::StatusCode, response::IntoResponse};
+use axum_extra::extract::cookie::CookieJar;
+use serde::{Deserialize, Serialize};
+use crate::{app_state::AppState, domain::{email::Email, error::AuthAPIError, password::Password}, services::data_store::{LoginAttemptId, TwoFACode}, utils::auth::generate_auth_cookie};
+
+
+pub async fn login(
+    State(_state): State<AppState>,
+    jar: CookieJar,
+    Json(request): Json<LoginRequest>,
+) -> Result<(CookieJar, impl IntoResponse), AuthAPIError> {
+    let email = request.email;
+    let password = request.password;
+
+    // early return AuthAPIError::InvalidCredentials if email is empty or does not contain "@" symbol or password is less than 8 characters long
+    let email = Email::parse(email).map_err(|_| AuthAPIError::InvalidCredentials)?;
+    let password = Password::parse(password).map_err(|_| AuthAPIError::InvalidCredentials)?;
+
+    // let user_store = &_state.user_store;
+    // match user_store.get_user(email.clone()).await {
+    //     Ok(user) => {
+    //         if user.password != password {
+    //             return Err(AuthAPIError::IncorrectCredentials);
+    //         }
+    //     }
+    //     Err(_) => {
+    //         return Err(AuthAPIError::IncorrectCredentials);
+    //     }
+    // }
+
+    // let auth_cookie = generate_auth_cookie(&email).map_err(|_| AuthAPIError::UnexpectedError)?;
+
+    // let updated_jar = jar.add(auth_cookie);
+
+    // return Ok((updated_jar, StatusCode::OK.into_response()));
+
+    // let user = &_state.user_store.get_user(email.clone()).await.map_err(|_| AuthAPIError::IncorrectCredentials)?;
+    let user_store = &_state.user_store;
+    let user = match user_store.get_user(email.clone()).await {
+        Ok(user) => {
+            if user.password != password {
+                return Err(AuthAPIError::IncorrectCredentials);
+            }
+            else { user }
+        }
+        Err(_) => {
+            return Err(AuthAPIError::IncorrectCredentials);
+        }
+    };
+
+    match user.requires_2fa {
+        // We are now passing `&user.email` and `&state` to `handle_2fa`
+        true => handle_2fa(&user.email, &_state, jar).await,
+        false => handle_no_2fa(&user.email, jar).await,
+    }
+}
+
+
+async fn handle_2fa(
+    email: &Email, // New!
+    state: &AppState, // New!
+    jar: CookieJar,
+) -> Result<(CookieJar, (StatusCode, Json<LoginResponse>)), AuthAPIError> {
+    // First, we must generate a new random login attempt ID and 2FA code
+    let login_attempt_id = LoginAttemptId::default();
+    let code = TwoFACode::default();
+
+    state.two_fa_code_store.lock().await.add_code(email.to_owned(), login_attempt_id.clone(), code.clone()).await.map_err(|_| AuthAPIError::UnexpectedError)?;
+
+    state.email_client.send_email(email, "2FA Access Token", &format!("{}", code.as_ref())).await.map_err(|_| AuthAPIError::UnexpectedError)?;
+
+    // Finally, we need to return the login attempt ID to the client
+    let response = Json(LoginResponse::TwoFactorAuth(TwoFactorAuthResponse {
+        message: "2FA required".to_owned(),
+        login_attempt_id: login_attempt_id.as_ref().to_string(), // Add the generated login attempt ID
+    }));
+
+    Ok((
+        jar,
+        (
+            StatusCode::PARTIAL_CONTENT,
+            response
+        )
+    ))
+}
+
+
+async fn handle_no_2fa(
+    email: &Email,
+    jar: CookieJar,
+) -> Result<(CookieJar, (StatusCode, Json<LoginResponse>)), AuthAPIError> {
+    let auth_cookie = generate_auth_cookie(&email).map_err(|_| AuthAPIError::UnexpectedError)?;
+
+    let updated_jar = jar.add(auth_cookie);
+    Ok((updated_jar, (StatusCode::OK, Json(LoginResponse::RegularAuth))))
+}
+
+
+#[derive(Deserialize)]
+pub struct LoginRequest {
+    email: String,
+    password: String,
+}
+
+
+// #[derive(Serialize, PartialEq, Debug, Deserialize)]
+// pub struct LoginResponse {
+//     pub message: String,
+// }
+
+
+#[derive(Debug, Serialize)]
+#[serde(untagged)]
+pub enum LoginResponse {
+    RegularAuth,
+    TwoFactorAuth(TwoFactorAuthResponse)
+}
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct TwoFactorAuthResponse {
+    pub message: String,
+    #[serde(rename = "loginAttemptId")]
+    pub login_attempt_id: String,
+}
diff --git a/auth-service/src/routes/logout.rs b/auth-service/src/routes/logout.rs
new file mode 100644
index 000000000..29aa0ad67
--- /dev/null
+++ b/auth-service/src/routes/logout.rs
@@ -0,0 +1,27 @@
+use axum::{extract::State, http::StatusCode, response::IntoResponse};
+use axum_extra::extract::CookieJar;
+
+use crate::{app_state::AppState, domain::error::AuthAPIError, utils::{auth::validate_token, constants::JWT_COOKIE_NAME}};
+
+
+pub async fn logout(
+    State(_state): State<AppState>,
+    jar: CookieJar,
+) -> Result<(CookieJar, impl IntoResponse), AuthAPIError> {
+    let cookie = jar.get(JWT_COOKIE_NAME).ok_or(AuthAPIError::MissingToken)?;
+
+    let token = cookie.value().to_owned();
+
+    validate_token(&token, _state.banned_token_store.clone()).await.map_err(|_| AuthAPIError::InvalidToken)?;
+
+    let jar = jar.remove(JWT_COOKIE_NAME);
+
+    _state.banned_token_store.store_token(&token).await.map_err(|e| {
+        match e {
+            crate::services::data_store::BannedTokenStoreError::TokenAlreadyBanned => AuthAPIError::InvalidToken,
+            crate::services::data_store::BannedTokenStoreError::UnexpectedError => AuthAPIError::UnexpectedError,
+        }
+    } )?;
+
+    Ok((jar, StatusCode::OK))
+}
diff --git a/auth-service/src/routes/mod.rs b/auth-service/src/routes/mod.rs
new file mode 100644
index 000000000..cf21ea2be
--- /dev/null
+++ b/auth-service/src/routes/mod.rs
@@ -0,0 +1,11 @@
+mod login;
+mod signup;
+mod verify_2fa;
+mod logout;
+mod verify_token;
+
+pub use login::*;
+pub use signup::*;
+pub use verify_2fa::*;
+pub use logout::*;
+pub use verify_token::*;
diff --git a/auth-service/src/routes/signup.rs b/auth-service/src/routes/signup.rs
new file mode 100644
index 000000000..9a5e67755
--- /dev/null
+++ b/auth-service/src/routes/signup.rs
@@ -0,0 +1,45 @@
+use axum::{Json, extract::State, http::StatusCode, response::IntoResponse};
+use serde::{Deserialize, Serialize};
+use crate::{app_state::AppState, domain::{email::Email, error::AuthAPIError, password::Password, user::User}};
+
+
+pub async fn signup(
+    State(_state): State<AppState>,
+    Json(request): Json<SignupRequest>,
+) -> Result<impl IntoResponse, AuthAPIError> {
+    let email = request.email;
+    let password = request.password;
+
+    // early return AuthAPIError::InvalidCredentials if email is empty or does not contain "@" symbol or password is less than 8 characters long
+    let email = Email::parse(email).map_err(|_| AuthAPIError::InvalidCredentials)?;
+    let password = Password::parse(password).map_err(|_| AuthAPIError::InvalidCredentials)?;
+
+    let user = User::new(email, password, request.requires_2fa);
+
+    let user_store = _state.user_store;
+    if user_store.get_user(user.email.clone()).await.is_ok() {
+        return Err(AuthAPIError::UserAlreadyExists);
+    }
+    user_store.add_user(user).await.map_err(|_| AuthAPIError::UnexpectedError)?;
+
+    let response = Json(SignupResponse {
+        message: "User created successfully!".to_string(),
+    });
+
+    Ok((StatusCode::CREATED, response))
+}
+
+
+#[derive(Deserialize)]
+pub struct SignupRequest {
+    email: String,
+    password: String,
+    #[serde(rename = "requires2FA")]
+    requires_2fa: bool,
+}
+
+
+#[derive(Serialize, PartialEq, Debug, Deserialize)]
+pub struct SignupResponse {
+    pub message: String,
+}
diff --git a/auth-service/src/routes/verify_2fa.rs b/auth-service/src/routes/verify_2fa.rs
new file mode 100644
index 000000000..fee21f7ce
--- /dev/null
+++ b/auth-service/src/routes/verify_2fa.rs
@@ -0,0 +1,52 @@
+use axum::{Json, extract::State, http::StatusCode};
+use axum_extra::extract::CookieJar;
+use serde::{Deserialize, Serialize};
+use crate::{app_state::AppState, domain::{email::Email, error::AuthAPIError}, services::data_store::{LoginAttemptId, TwoFACode}, utils::auth::generate_auth_cookie};
+
+
+pub async fn verify_2fa(
+    State(state): State<AppState>,
+    jar: CookieJar,
+    Json(request): Json<Verify2FARequest>,
+) -> Result<(CookieJar, (StatusCode, Json<Verify2FAResponse>)), AuthAPIError> {
+    let email = Email::parse(request.email).map_err(|_| AuthAPIError::InvalidCredentials)?;
+    let login_attempt_id =
+        LoginAttemptId::parse(request.login_attempt_id).map_err(|_| AuthAPIError::InvalidCredentials)?;
+    let two_fa_code =
+        TwoFACode::parse(request.two_fa_code).map_err(|_| AuthAPIError::InvalidCredentials)?;
+
+    // avoid moving out of state unless that's what you want
+    let two_fa_code_store = state.two_fa_code_store.clone();
+
+    let code_tuple = two_fa_code_store
+        .lock().await
+        .get_code(&email).await
+        .map_err(|_| AuthAPIError::IncorrectCredentials)?;
+
+    if code_tuple.0 != login_attempt_id || code_tuple.1 != two_fa_code {
+        return Err(AuthAPIError::IncorrectCredentials);
+    }
+
+    let auth_cookie = generate_auth_cookie(&email).map_err(|_| AuthAPIError::UnexpectedError)?;
+    let updated_jar = jar.add(auth_cookie);
+
+    let res = two_fa_code_store.lock().await.remove_code(&email).await.map_err(|_| AuthAPIError::UnexpectedError)?;
+
+    Ok((updated_jar, (StatusCode::OK, Json(Verify2FAResponse { message: "Ok".to_string() }))))
+}
+
+
+#[derive(Deserialize)]
+pub struct Verify2FARequest {
+    pub email: String,
+    #[serde(rename = "loginAttemptId")]
+    pub login_attempt_id: String,
+    #[serde(rename = "2FACode")]
+    pub two_fa_code: String,
+}
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct Verify2FAResponse {
+    pub message: String,
+}
diff --git a/auth-service/src/routes/verify_token.rs b/auth-service/src/routes/verify_token.rs
new file mode 100644
index 000000000..2117930d2
--- /dev/null
+++ b/auth-service/src/routes/verify_token.rs
@@ -0,0 +1,20 @@
+use axum::{Json, extract::State, http::StatusCode, response::IntoResponse};
+use serde::Deserialize;
+
+use crate::{app_state::AppState, domain::error::AuthAPIError, utils::auth::validate_token};
+
+
+pub async fn verify_token(
+    State(_state): State<AppState>,
+    Json(request): Json<VerifyTokenRequest>,
+) -> Result<impl IntoResponse, AuthAPIError> {
+    validate_token(&request.token, _state.banned_token_store.clone()).await.map_err(|_| AuthAPIError::InvalidToken)?;
+
+    Ok(StatusCode::OK.into_response())
+}
+
+
+#[derive(Deserialize)]
+pub struct VerifyTokenRequest {
+    token: String,
+}
diff --git a/auth-service/src/services/data_store.rs b/auth-service/src/services/data_store.rs
new file mode 100644
index 000000000..181c3feb6
--- /dev/null
+++ b/auth-service/src/services/data_store.rs
@@ -0,0 +1,111 @@
+use rand::Rng;
+use crate::domain::{email::Email, password::Password, user::User};
+
+
+#[derive(Debug, PartialEq,)]
+pub enum UserStoreError {
+    UserNotFound,
+    UserAlreadyExists,
+    InvalidCredentials,
+    UnexpectedError,
+}
+
+
+#[async_trait::async_trait]
+pub trait UserStore: Send + Sync {
+    async fn add_user(&self, user: User) -> Result<(), UserStoreError>;
+    async fn get_user(&self, email: Email) -> Result<User, UserStoreError>;
+    async fn validate_user(&self, email: Email, password: Password) -> Result<(), UserStoreError>;
+}
+
+
+#[derive(Debug, PartialEq)]
+pub enum BannedTokenStoreError {
+    TokenAlreadyBanned,
+    UnexpectedError,
+}
+
+
+#[async_trait::async_trait]
+pub trait BannedTokenStore: Send + Sync {
+    async fn store_token(&self, token: &str) -> Result<(), BannedTokenStoreError>;
+    async fn check_token(&self, token: &str) -> Result<bool, BannedTokenStoreError>;
+}
+
+
+#[async_trait::async_trait]
+pub trait TwoFACodeStore: Send + Sync {
+    async fn add_code(
+        &mut self,
+        email: Email,
+        login_attempt_id: LoginAttemptId,
+        code: TwoFACode,
+    ) -> Result<(), TwoFACodeStoreError>;
+    async fn remove_code(&mut self, email: &Email) -> Result<(), TwoFACodeStoreError>;
+    async fn get_code(
+        &self,
+        email: &Email,
+    ) -> Result<(LoginAttemptId, TwoFACode), TwoFACodeStoreError>;
+}
+
+
+#[derive(Debug, PartialEq)]
+pub enum TwoFACodeStoreError {
+    LoginAttemptIdNotFound,
+    UnexpectedError,
+}
+
+
+#[derive(Debug, Clone, PartialEq)]
+pub struct LoginAttemptId(String);
+
+impl LoginAttemptId {
+    pub fn parse(id: String) -> Result<Self, String> {
+        match uuid::Uuid::parse_str(&id) {
+            Ok(_) => Ok(LoginAttemptId(id)),
+            Err(e) => Err(e.to_string()),
+        }
+    }
+}
+
+impl Default for LoginAttemptId {
+    fn default() -> Self {
+        LoginAttemptId(uuid::Uuid::new_v4().to_string())
+    }
+}
+
+// TODO: Implement AsRef<str> for LoginAttemptId
+impl AsRef<str> for LoginAttemptId {
+    fn as_ref(&self) -> &str {
+        &self.0
+    }
+}
+
+
+#[derive(Clone, Debug, PartialEq)]
+pub struct TwoFACode(String);
+
+impl TwoFACode {
+    pub fn parse(code: String) -> Result<Self, String> {
+        if code.len() == 6 && code.chars().all(|c| c.is_ascii_digit()) {
+            Ok(Self(code))
+        } else {
+            Err("Invalid 2FA code".to_string())
+        }
+    }
+}
+
+impl Default for TwoFACode {
+    fn default() -> Self {
+        let mut rng = rand::rng();
+        let value: u32 = rng.random_range(0..1_000_000);
+        Self(format!("{:06}", value))
+    }
+}
+
+impl AsRef<str> for TwoFACode {
+    fn as_ref(&self) -> &str {
+        &self.0
+    }
+}
+
diff --git a/auth-service/src/services/email_client.rs b/auth-service/src/services/email_client.rs
new file mode 100644
index 000000000..ebd9c7468
--- /dev/null
+++ b/auth-service/src/services/email_client.rs
@@ -0,0 +1,13 @@
+use async_trait::async_trait;
+use crate::domain::email::Email;
+
+
+#[async_trait]
+pub trait EmailClient: Send + Sync {
+    async fn send_email(
+        &self,
+        recipient: &Email,
+        subject: &str,
+        content: &str,
+    ) -> Result<(), String>;
+}
diff --git a/auth-service/src/services/hashmap_two_fa_code_store.rs b/auth-service/src/services/hashmap_two_fa_code_store.rs
new file mode 100644
index 000000000..a77baf459
--- /dev/null
+++ b/auth-service/src/services/hashmap_two_fa_code_store.rs
@@ -0,0 +1,138 @@
+use std::collections::HashMap;
+use tokio::sync::RwLock;
+use crate::{domain::email::Email, services::data_store::{TwoFACodeStore, TwoFACodeStoreError}};
+use super::data_store::{LoginAttemptId, TwoFACode};
+
+
+#[derive(Default)]
+pub struct HashmapTwoFACodeStore {
+    codes: RwLock<HashMap<Email, (LoginAttemptId, TwoFACode)>>,
+}
+
+#[async_trait::async_trait]
+impl TwoFACodeStore for HashmapTwoFACodeStore {
+    async fn add_code(
+        &mut self,
+        email: Email,
+        login_attempt_id: LoginAttemptId,
+        code: TwoFACode,
+    ) -> Result<(), TwoFACodeStoreError> {
+        let mut guard  = self.codes.write().await;
+
+        if guard.contains_key(&email) {
+            return Err(TwoFACodeStoreError::UnexpectedError);
+        }
+        guard.insert(email, (login_attempt_id, code));
+
+        Ok(())
+    }
+
+    async fn remove_code(&mut self, email: &Email) -> Result<(), TwoFACodeStoreError> {
+        let mut guard  = self.codes.write().await;
+
+        guard.remove(email).ok_or(TwoFACodeStoreError::UnexpectedError)?;
+
+        Ok(())
+    }
+
+    async fn get_code(
+        &self,
+        email: &Email,
+    ) -> Result<(LoginAttemptId, TwoFACode), TwoFACodeStoreError> {
+        let guard  = self.codes.read().await;
+
+        let res = guard.get(email).cloned().ok_or(TwoFACodeStoreError::UnexpectedError)?;
+        Ok(res)
+    }
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::domain::email::Email;
+    use crate::services::data_store::TwoFACodeStoreError;
+
+
+    #[tokio::test]
+    async fn add_code_then_get_code_returns_inserted_values() {
+        let mut store = HashmapTwoFACodeStore::default();
+
+        let email = Email::parse("test@example.com".to_string()).unwrap();
+        let login_attempt_id = LoginAttemptId::default();
+        let code = TwoFACode::parse("123456".to_string()).unwrap();
+
+        store
+            .add_code(email.clone(), login_attempt_id.clone(), code.clone())
+            .await
+            .unwrap();
+
+        let (got_login_attempt_id, got_code) = store.get_code(&email).await.unwrap();
+        assert_eq!(got_login_attempt_id, login_attempt_id);
+        assert_eq!(got_code, code);
+    }
+
+    #[tokio::test]
+    async fn add_code_twice_for_same_email_returns_error() {
+        let mut store = HashmapTwoFACodeStore::default();
+
+        let email = Email::parse("test@example.com".to_string()).unwrap();
+        let login_attempt_id1 = LoginAttemptId::default();
+        let code1 = TwoFACode::parse("123456".to_string()).unwrap();
+
+        store
+            .add_code(email.clone(), login_attempt_id1, code1)
+            .await
+            .unwrap();
+
+        let login_attempt_id2 = LoginAttemptId::default();
+        let code2 = TwoFACode::parse("654321".to_string()).unwrap();
+
+        let err = store
+            .add_code(email.clone(), login_attempt_id2, code2)
+            .await
+            .unwrap_err();
+
+        assert_eq!(err, TwoFACodeStoreError::UnexpectedError);
+    }
+
+    #[tokio::test]
+    async fn remove_code_then_get_code_returns_error() {
+        let mut store = HashmapTwoFACodeStore::default();
+
+        let email = Email::parse("test@example.com".to_string()).unwrap();
+        let login_attempt_id = LoginAttemptId::default();
+        let code = TwoFACode::parse("123456".to_string()).unwrap();
+
+        store
+            .add_code(email.clone(), login_attempt_id, code)
+            .await
+            .unwrap();
+
+        store.remove_code(&email).await.unwrap();
+
+        let err = store.get_code(&email).await.unwrap_err();
+        assert_eq!(err, TwoFACodeStoreError::UnexpectedError);
+    }
+
+    #[tokio::test]
+    async fn remove_code_for_missing_email_returns_error() {
+        let mut store = HashmapTwoFACodeStore::default();
+
+        let email = Email::parse("missing@example.com".to_string()).unwrap();
+        let err = store.remove_code(&email).await.unwrap_err();
+
+        assert_eq!(err, TwoFACodeStoreError::UnexpectedError);
+    }
+
+    #[tokio::test]
+    async fn get_code_for_missing_email_returns_error() {
+        let store = HashmapTwoFACodeStore::default();
+
+        let email = Email::parse("missing@example.com".to_string()).unwrap();
+        let err = store.get_code(&email).await.unwrap_err();
+
+        assert_eq!(err, TwoFACodeStoreError::UnexpectedError);
+    }
+}
+
diff --git a/auth-service/src/services/hashmap_user_store.rs b/auth-service/src/services/hashmap_user_store.rs
new file mode 100644
index 000000000..7889aa4eb
--- /dev/null
+++ b/auth-service/src/services/hashmap_user_store.rs
@@ -0,0 +1,72 @@
+use std::collections::HashMap;
+use tokio::sync::RwLock;
+
+use crate::domain::{email::Email, password::Password, user::User};
+use super::data_store::{UserStore, UserStoreError};
+
+
+#[derive(Default)]
+pub struct HashmapUserStore {
+    users: RwLock<HashMap<String, User>>,
+}
+
+#[async_trait::async_trait]
+impl UserStore for HashmapUserStore {
+    async fn add_user(&self, user: User) -> Result<(), UserStoreError> {
+        let mut guard  = self.users.write().await;
+
+        if guard.contains_key(user.email.as_ref()) {
+            return Err(UserStoreError::UserAlreadyExists);
+        }
+        guard.insert(user.email.as_ref().to_string(), user);
+
+        Ok(())
+    }
+
+    async fn get_user(&self, email: Email) -> Result<User, UserStoreError> {
+        self.users.read().await.get(email.as_ref()).cloned().ok_or(UserStoreError::UserNotFound)
+    }
+
+    async fn validate_user(&self, email: Email, password: Password) -> Result<(), UserStoreError> {
+        let user = self.get_user(email).await?;
+        if user.password != password {
+            return Err(UserStoreError::InvalidCredentials);
+        }
+        Ok(())
+    }
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[tokio::test]
+    async fn test_add_user() {
+        let store = HashmapUserStore::default();
+        let email = Email::parse("test@example.com".to_string()).unwrap();
+        let password = Password::parse("password".to_string()).unwrap();
+        let user = User::new(email, password, true);
+        assert!(store.add_user(user).await.is_ok());
+    }
+
+    #[tokio::test]
+    async fn test_get_user() {
+        let store = HashmapUserStore::default();
+        let email = Email::parse("test@example.com".to_string()).unwrap();
+        let password = Password::parse("password".to_string()).unwrap();
+        let user = User::new(email.clone(), password, true);
+        store.add_user(user).await.unwrap();
+        assert!(store.get_user(email).await.is_ok());
+    }
+
+    #[tokio::test]
+    async fn test_validate_user() {
+        let store = HashmapUserStore::default();
+        let email = Email::parse("test@example.com".to_string()).unwrap();
+        let password = Password::parse("password".to_string()).unwrap();
+        let user = User::new(email.clone(), password.clone(), true);
+        store.add_user(user).await.unwrap();
+        assert!(store.validate_user(email, password).await.is_ok());
+    }
+}
diff --git a/auth-service/src/services/hashset_banned_token_store.rs b/auth-service/src/services/hashset_banned_token_store.rs
new file mode 100644
index 000000000..fe926e751
--- /dev/null
+++ b/auth-service/src/services/hashset_banned_token_store.rs
@@ -0,0 +1,64 @@
+use std::collections::HashSet;
+
+use tokio::sync::RwLock;
+
+use crate::services::data_store::{BannedTokenStore, BannedTokenStoreError};
+
+#[derive(Default)]
+pub struct HashsetBannedTokenStore {
+    tokens: RwLock<HashSet<String>>,
+}
+
+#[async_trait::async_trait]
+impl BannedTokenStore for HashsetBannedTokenStore {
+    async fn store_token(&self, token: &str) -> Result<(), super::data_store::BannedTokenStoreError> {
+        let mut guard = self.tokens.write().await;
+        if guard.contains(token) {
+            println!("Guard already contains token");
+            return Err(BannedTokenStoreError::TokenAlreadyBanned);
+        }
+        guard.insert(token.to_string());
+        Ok(())
+    }
+
+    async fn check_token(&self, token: &str) -> Result<bool, super::data_store::BannedTokenStoreError> {
+        let res = self.tokens.read().await.contains(token);
+        Ok(res)
+    }
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use tokio::task::{self, futures};
+
+    #[tokio::test]
+    async fn store_token_new_token_ok() {
+        let store = HashsetBannedTokenStore::default();
+
+        let res = store.store_token("abc").await;
+        assert_eq!(res, Ok(()));
+    }
+
+    #[tokio::test]
+    async fn store_token_same_token_twice_returns_token_already_banned() {
+        let store = HashsetBannedTokenStore::default();
+
+        assert_eq!(store.store_token("abc").await, Ok(()));
+        assert_eq!(
+            store.store_token("abc").await,
+            Err(BannedTokenStoreError::TokenAlreadyBanned)
+        );
+    }
+
+    #[tokio::test]
+    async fn check_token_false_before_store_true_after_store() {
+        let store = HashsetBannedTokenStore::default();
+
+        assert_eq!(store.check_token("abc").await, Ok(false));
+        assert_eq!(store.store_token("abc").await, Ok(()));
+        assert_eq!(store.check_token("abc").await, Ok(true));
+    }
+}
+
diff --git a/auth-service/src/services/mock_email_client.rs b/auth-service/src/services/mock_email_client.rs
new file mode 100644
index 000000000..349597137
--- /dev/null
+++ b/auth-service/src/services/mock_email_client.rs
@@ -0,0 +1,27 @@
+use crate::domain::{email::Email};
+use super::email_client::EmailClient;
+
+
+#[derive(Default)]
+pub struct MockEmailClient;
+
+
+#[async_trait::async_trait]
+impl EmailClient for MockEmailClient {
+    async fn send_email(
+        &self,
+        recipient: &Email,
+        subject: &str,
+        content: &str,
+    ) -> Result<(), String> {
+        // Our mock email client will simply log the recipient, subject, and content to standard output
+        println!(
+            "Sending email to {} with subject: {} and content: {}",
+            recipient.as_ref(),
+            subject,
+            content
+        );
+
+        Ok(())
+    }
+}
diff --git a/auth-service/src/services/mod.rs b/auth-service/src/services/mod.rs
new file mode 100644
index 000000000..4735bac8c
--- /dev/null
+++ b/auth-service/src/services/mod.rs
@@ -0,0 +1,6 @@
+pub mod data_store;
+pub mod hashmap_user_store;
+pub mod hashset_banned_token_store;
+pub mod hashmap_two_fa_code_store;
+pub mod email_client;
+pub mod mock_email_client;
diff --git a/auth-service/src/utils/auth.rs b/auth-service/src/utils/auth.rs
new file mode 100644
index 000000000..b97b7810a
--- /dev/null
+++ b/auth-service/src/utils/auth.rs
@@ -0,0 +1,159 @@
+use axum_extra::extract::cookie::{Cookie, SameSite};
+use chrono::Utc;
+use jsonwebtoken::{DecodingKey, EncodingKey, Validation, decode, encode, errors::Error};
+use serde::{Deserialize, Serialize};
+
+use crate::{app_state::BannedTokenStoreType, domain::{email::Email, error::AuthAPIError}};
+
+use super::constants::{JWT_COOKIE_NAME, JWT_SECRET};
+
+// // This is definitely NOT a good secret. We will update it soon!
+// const JWT_SECRET: &str = "secret";
+
+// Create cookie with a new JWT auth token
+pub fn generate_auth_cookie(email: &Email) -> Result<Cookie<'static>, GenerateTokenError> {
+    let token = generate_auth_token(email)?;
+    Ok(create_auth_cookie(token))
+}
+
+// Create cookie and set the value to the passed-in token string 
+fn create_auth_cookie(token: String) -> Cookie<'static> {
+    let cookie = Cookie::build((JWT_COOKIE_NAME, token))
+        .path("/") // apply cookie to all URLs on the server
+        .http_only(true) // prevent JavaScript from accessing the cookie
+        .same_site(SameSite::Lax) // send cookie with "same-site" requests, and with "cross-site" top-level navigations.
+        .build();
+
+    cookie
+}
+
+#[derive(Debug)]
+pub enum GenerateTokenError {
+    TokenError(jsonwebtoken::errors::Error),
+    UnexpectedError,
+}
+
+// This value determines how long the JWT auth token is valid for
+pub const TOKEN_TTL_SECONDS: i64 = 600; // 10 minutes
+
+// Create JWT auth token
+fn generate_auth_token(email: &Email) -> Result<String, GenerateTokenError> {
+    let delta = chrono::Duration::try_seconds(TOKEN_TTL_SECONDS)
+        .ok_or(GenerateTokenError::UnexpectedError)?;
+
+    // Create JWT expiration time
+    let exp = Utc::now()
+        .checked_add_signed(delta)
+        .ok_or(GenerateTokenError::UnexpectedError)?
+        .timestamp();
+
+    // Cast exp to a usize, which is what Claims expects
+    let exp: usize = exp
+        .try_into()
+        .map_err(|_| GenerateTokenError::UnexpectedError)?;
+
+    let sub = email.as_ref().to_owned();
+
+    let claims = Claims { sub, exp };
+
+    create_token(&claims).map_err(GenerateTokenError::TokenError)
+}
+
+// Check if JWT auth token is valid by decoding it using the JWT secret
+pub async fn validate_token(
+    token: &str,
+    banned_token_store: BannedTokenStoreType,
+) -> Result<Claims, AuthAPIError> {
+    let is_banned = banned_token_store
+        .check_token(token)
+        .await
+        .map_err(|_| AuthAPIError::InvalidToken)?;
+
+    if is_banned {
+        return Err(AuthAPIError::InvalidToken);
+    }
+
+    decode::<Claims>(
+        token,
+        &DecodingKey::from_secret(JWT_SECRET.as_bytes()),
+        &Validation::default(),
+    )
+    .map(|data| data.claims)
+    .map_err(|_| AuthAPIError::InvalidToken)
+}
+
+
+// Create JWT auth token by encoding claims using the JWT secret
+fn create_token(claims: &Claims) -> Result<String, jsonwebtoken::errors::Error> {
+    encode(
+        &jsonwebtoken::Header::default(),
+        &claims,
+        &EncodingKey::from_secret(JWT_SECRET.as_bytes()),
+    )
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct Claims {
+    pub sub: String,
+    pub exp: usize,
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::services::hashset_banned_token_store::HashsetBannedTokenStore;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn test_generate_auth_cookie() {
+        let email = Email::parse("test@example.com".to_owned()).unwrap();
+        let cookie = generate_auth_cookie(&email).unwrap();
+        assert_eq!(cookie.name(), JWT_COOKIE_NAME);
+        assert_eq!(cookie.value().split('.').count(), 3);
+        assert_eq!(cookie.path(), Some("/"));
+        assert_eq!(cookie.http_only(), Some(true));
+        assert_eq!(cookie.same_site(), Some(SameSite::Lax));
+    }
+
+    #[tokio::test]
+    async fn test_create_auth_cookie() {
+        let token = "test_token".to_owned();
+        let cookie = create_auth_cookie(token.clone());
+        assert_eq!(cookie.name(), JWT_COOKIE_NAME);
+        assert_eq!(cookie.value(), token);
+        assert_eq!(cookie.path(), Some("/"));
+        assert_eq!(cookie.http_only(), Some(true));
+        assert_eq!(cookie.same_site(), Some(SameSite::Lax));
+    }
+
+    #[tokio::test]
+    async fn test_generate_auth_token() {
+        let email = Email::parse("test@example.com".to_owned()).unwrap();
+        let result = generate_auth_token(&email).unwrap();
+        assert_eq!(result.split('.').count(), 3);
+    }
+
+    #[tokio::test]
+    async fn test_validate_token_with_valid_token() {
+        let banned_token_store = BannedTokenStoreType::default();
+        let email = Email::parse("test@example.com".to_owned()).unwrap();
+        let token = generate_auth_token(&email).unwrap();
+        let result = validate_token(&token, banned_token_store).await.unwrap();
+        assert_eq!(result.sub, "test@example.com");
+
+        let exp = Utc::now()
+            .checked_add_signed(chrono::Duration::try_minutes(9).expect("valid duration"))
+            .expect("valid timestamp")
+            .timestamp();
+
+        assert!(result.exp > exp as usize);
+    }
+
+    #[tokio::test]
+    async fn test_validate_token_with_invalid_token() {
+        let banned_token_store = BannedTokenStoreType::default();
+        let token = "invalid_token".to_owned();
+        let result = validate_token(&token, banned_token_store).await;
+        assert!(result.is_err());
+    }
+}
diff --git a/auth-service/src/utils/constants.rs b/auth-service/src/utils/constants.rs
new file mode 100644
index 000000000..5746846ab
--- /dev/null
+++ b/auth-service/src/utils/constants.rs
@@ -0,0 +1,44 @@
+use dotenvy::dotenv;
+use lazy_static::lazy_static;
+use std::env as std_env;
+
+
+pub mod prod {
+    pub const APP_ADDRESS: &str = "0.0.0.0:3000";
+}
+
+
+pub mod test {
+    pub const APP_ADDRESS: &str = "127.0.0.1:0";
+}
+
+
+// Define a lazily evaluated static. lazy_static is needed because std_env::var is not a const function.
+lazy_static! {
+    pub static ref JWT_SECRET: String = set_token();
+    pub static ref DATABASE_URL: String = set_db_url();
+}
+
+
+fn set_db_url() -> String {
+    dotenv().ok();
+    std_env::var(env::DATABASE_URL_ENV_VAR).expect("DATABASE_URL must be set.")
+}
+
+
+fn set_token() -> String {
+    dotenv().ok(); // Load environment variables
+    let secret = std_env::var(env::JWT_SECRET_ENV_VAR).expect("JWT_SECRET must be set.");
+    if secret.is_empty() {
+        panic!("JWT_SECRET must not be empty.");
+    }
+
+    secret
+}
+
+pub mod env {
+    pub const DATABASE_URL_ENV_VAR: &str = "DATABASE_URL";
+    pub const JWT_SECRET_ENV_VAR: &str = "JWT_SECRET";
+}
+
+pub const JWT_COOKIE_NAME: &str = "jwt";
diff --git a/auth-service/src/utils/mod.rs b/auth-service/src/utils/mod.rs
new file mode 100644
index 000000000..552b98718
--- /dev/null
+++ b/auth-service/src/utils/mod.rs
@@ -0,0 +1,2 @@
+pub mod constants;
+pub mod auth;
diff --git a/auth-service/tests/api/helpers.rs b/auth-service/tests/api/helpers.rs
new file mode 100644
index 000000000..6340884f0
--- /dev/null
+++ b/auth-service/tests/api/helpers.rs
@@ -0,0 +1,110 @@
+use std::sync::Arc;
+
+use auth_service::{Application, app_state::{AppState, BannedTokenStoreType, EmailClientType, TwoFACodeStoreType, UserStoreType}, utils::constants::test};
+use reqwest::{self, Client, cookie::Jar};
+
+
+pub struct TestApp {
+    pub address: String,
+    pub cookie_jar: Arc<Jar>,
+    pub client: reqwest::Client,
+    pub banned_token_store: BannedTokenStoreType,
+    pub two_fa_code_store: TwoFACodeStoreType,
+}
+
+impl TestApp {
+    pub async fn run() -> Self {
+        let user_store = UserStoreType::default();
+        let banned_token_store = BannedTokenStoreType::default();
+        let two_fa_code_store = TwoFACodeStoreType::default();
+        let email_client = EmailClientType::default();
+
+        let app_state = AppState::new(
+            user_store,
+            banned_token_store.clone(),
+            two_fa_code_store.clone(),
+            email_client,
+        );
+
+        let app = Application::build(app_state, test::APP_ADDRESS).await.expect("Failed to build application");
+        let address = format!("http://{}", app.address.clone());
+
+        #[allow(clippy::let_underscore_future)]
+        let _ = tokio::spawn(app.run());
+
+        let cookie_jar = Arc::new(Jar::default());
+        let http_client = Client::builder()
+        .cookie_provider(cookie_jar.clone())
+        .build()
+        .unwrap();
+
+        Self { address, cookie_jar, client: http_client, banned_token_store, two_fa_code_store }
+    }
+
+    pub async fn get_root(&self) -> reqwest::Response {
+        self.client
+            .get(format!("{}/", &self.address))
+            .send()
+            .await
+            .expect("Failed to execute request.")
+    }
+
+    pub async fn post_signup<Body>(&self, body: &Body) -> reqwest::Response 
+    where Body: serde::Serialize
+    {
+        self.client
+            .post(format!("{}/signup", &self.address))
+            .json(body)
+            .send()
+            .await
+            .expect("Failed to execute request.")
+    }
+
+    pub async fn post_login<Body>(&self, body: &Body) -> reqwest::Response 
+    where Body: serde::Serialize
+    {
+        self.client
+            .post(format!("{}/login", &self.address))
+            .json(body)
+            .send()
+            .await
+            .expect("Failed to execute request.")
+    }
+
+    pub async fn post_logout(&self,) -> reqwest::Response {
+        self.client
+            .post(format!("{}/logout", &self.address))
+            // token is in header in real use, but for testing we can skip it
+            .send()
+            .await
+            .expect("Failed to execute request.")
+    }
+
+    pub async fn post_verify_2fa<Body>(&self, body: &Body) -> reqwest::Response
+    where
+        Body: serde::Serialize,
+    {
+        self.client
+            .post(format!("{}/verify-2fa", &self.address))
+            .json(body)
+            .send()
+            .await
+            .expect("Failed to execute request.")
+    }
+
+    pub async fn post_verify_token<Body>(&self, body: &Body) -> reqwest::Response
+    where Body: serde::Serialize {
+        self.client
+            .post(format!("{}/verify-token", &self.address))
+            .json(body)
+            .send()
+            .await
+            .expect("Failed to execute request.")
+    }
+}
+
+
+pub fn get_random_email() -> String {
+    let uuid = uuid::Uuid::new_v4();
+    format!("{}@example.com", uuid)
+}
diff --git a/auth-service/tests/api/login.rs b/auth-service/tests/api/login.rs
new file mode 100644
index 000000000..11abca056
--- /dev/null
+++ b/auth-service/tests/api/login.rs
@@ -0,0 +1,174 @@
+use crate::helpers::TestApp;
+
+
+mod tests {
+    use auth_service::{domain::email::Email, routes::TwoFactorAuthResponse, utils::constants::JWT_COOKIE_NAME};
+
+    use crate::helpers::get_random_email;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn should_return_422_if_malformed_credentials() {
+        let app = TestApp::run().await;
+
+        let test_cases = vec![
+            serde_json::json!({
+                "mail": "user@example.com",
+                "password": "password123",
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "passgword": "password123",
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+            }),
+            serde_json::json!({
+                "password": "password123",
+            }),
+            serde_json::json!({}),
+        ];
+
+        for case in test_cases {
+            let response = app.post_login(&case).await;
+
+            assert_eq!(response.status().as_u16(), 422);
+        }
+    }
+
+    #[tokio::test]
+    async fn should_return_400_if_invalid_input() {
+        let app = TestApp::run().await;
+
+        let test_cases = vec![
+            serde_json::json!({
+                "email": "invalid-email",
+                "password": "password123",
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "password": "pass",
+            }),
+            serde_json::json!({
+                "email": "",
+                "password": "",
+            }),
+        ];
+
+        for case in test_cases {
+            let response = app.post_login(&case).await;
+
+            assert_eq!(response.status().as_u16(), 400);
+        }
+    }
+
+    #[tokio::test]
+    async fn should_return_401_if_incorrect_credentials() {
+        let app = TestApp::run().await;
+
+        // Create a user in the test database
+        let request_body = serde_json::json!({
+            "email": "user@example.com",
+            "password": "password123",
+            "requires2FA": false,
+        });
+
+        let response = app.post_signup(&request_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with incorrect password
+        let wrong_password_body = serde_json::json!({
+            "email": "user@example.com",
+            "password": "wrongpassword",
+        });
+
+        let response = app.post_login(&wrong_password_body).await;
+
+        assert_eq!(response.status().as_u16(), 401);
+
+        // Attempt to login with non-existent email
+        let non_existent_email_body = serde_json::json!({
+            "email": "foo@example.com",
+            "password": "password123",
+        });
+
+        let response = app.post_login(&non_existent_email_body).await;
+
+        assert_eq!(response.status().as_u16(), 401);
+    }
+
+    #[tokio::test]
+    async fn should_return_200_if_valid_credentials_and_2fa_disabled() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": false,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with valid credentials
+        let login_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let auth_cookie = response
+        .cookies()
+        .find(|c| c.name() == JWT_COOKIE_NAME)
+        .expect("no auth cookie found");
+    }
+
+    #[tokio::test]
+    async fn should_return_206_if_valid_credentials_and_2fa_enabled() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": true,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with valid credentials
+        let login_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "require_2fa": true,
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 206);
+
+        let json_body = response
+            .json::<TwoFactorAuthResponse>()
+            .await
+            .expect("Could not deserialize response body to TwoFactorAuthResponse");
+
+        assert_eq!(json_body.message, "2FA required".to_owned());
+
+        // TODO: assert that `json_body.login_attempt_id` is stored inside `app.two_fa_code_store`
+        let login_attempt_id = json_body.login_attempt_id;
+        assert_eq!(app.two_fa_code_store.lock().await.get_code(&Email::new(&email)).await.unwrap().0.as_ref(), login_attempt_id);
+    }
+}
diff --git a/auth-service/tests/api/logout.rs b/auth-service/tests/api/logout.rs
new file mode 100644
index 000000000..5563fcb3b
--- /dev/null
+++ b/auth-service/tests/api/logout.rs
@@ -0,0 +1,126 @@
+use crate::helpers::TestApp;
+
+
+mod tests {
+    use auth_service::utils::constants::JWT_COOKIE_NAME;
+    use axum_extra::extract::cookie;
+    use reqwest::Url;
+
+    use crate::helpers::get_random_email;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn should_return_400_if_jwt_cookie_missing() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": false,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        let response = app.post_logout().await;
+
+        assert_eq!(response.status().as_u16(), 400);
+    }
+
+    #[tokio::test]
+    async fn should_return_401_if_invalid_token() {
+        let app = TestApp::run().await;
+
+        app.cookie_jar.add_cookie_str(
+            &format!(
+                "{}=invalid; HttpOnly; SameSite=Lax; Secure; Path=/",
+                JWT_COOKIE_NAME,
+            ),
+            &Url::parse("http://127.0.0.1").expect("Failed to parse URL"),
+        );
+
+        let response = app.post_logout().await;
+
+        assert_eq!(response.status().as_u16(), 401);
+    }
+
+    #[tokio::test]
+    async fn should_return_200_if_valid_jwt_cookie() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": false,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with valid credentials
+        let login_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let auth_cookie = response
+        .cookies()
+        .find(|c| c.name() == JWT_COOKIE_NAME)
+        .expect("no auth cookie found");
+
+        let response = app.post_logout().await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        assert_eq!(app.banned_token_store.check_token(&auth_cookie.value()).await.unwrap(), true);
+    }
+
+    #[tokio::test]
+    async fn should_return_400_if_logout_called_twice_in_a_row() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": false,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with valid credentials
+        let login_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let response = app.post_logout().await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let response = app.post_logout().await;
+
+        assert_eq!(response.status().as_u16(), 400);
+    }
+}
diff --git a/auth-service/tests/api/main.rs b/auth-service/tests/api/main.rs
new file mode 100644
index 000000000..2c69f3b08
--- /dev/null
+++ b/auth-service/tests/api/main.rs
@@ -0,0 +1,7 @@
+mod helpers;
+mod root;
+mod login;
+mod logout;
+mod verify_2fa;
+mod verify_token;
+mod signup;
diff --git a/auth-service/tests/api/root.rs b/auth-service/tests/api/root.rs
new file mode 100644
index 000000000..7bd96e9cd
--- /dev/null
+++ b/auth-service/tests/api/root.rs
@@ -0,0 +1,14 @@
+use crate::helpers::TestApp;
+
+
+mod tests {
+    use super::*;
+
+    #[tokio::test]
+    async fn root_returns_auth_ui() {
+        let app = TestApp::run().await;
+        let response = app.get_root().await;
+        assert_eq!(response.status().as_u16(), 200);
+        assert_eq!(response.headers().get("content-Type").unwrap(), "text/html");
+    }
+}
diff --git a/auth-service/tests/api/signup.rs b/auth-service/tests/api/signup.rs
new file mode 100644
index 000000000..2cb9ba0c8
--- /dev/null
+++ b/auth-service/tests/api/signup.rs
@@ -0,0 +1,141 @@
+use crate::helpers::TestApp;
+
+
+mod tests {
+    use auth_service::{ErrorResponse, routes::SignupResponse};
+    use axum::Json;
+    use serde_json::json;
+
+    use crate::helpers::get_random_email;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn should_return_422_if_malformed_input() {
+        let app = TestApp::run().await;
+
+        let test_cases = [
+            json!({
+                "password": "password",
+                "requires2FA": true
+            } ),
+        ];
+
+        for body in test_cases {
+            let response = app.post_signup(&body).await;
+            assert_eq!(response.status().as_u16(), 422, "Failed for body: {}", body);
+        }
+    }
+
+    #[tokio::test]
+    async fn should_return_201_if_valid_input() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        let body = json!({
+            "email": email,
+            "password": "securepassword",
+            "requires2FA": true
+        });
+
+        let response = app.post_signup(&body).await;
+        assert_eq!(response.status().as_u16(), 201);
+
+        let expected_response = Json(SignupResponse {
+            message: "User created successfully!".to_owned(),
+        });
+
+        assert_eq!(
+            response
+            .json::<SignupResponse>()
+            .await
+            .expect("Could not deserialize response body to UserBody"),
+            expected_response.0
+        );
+    }
+
+    #[tokio::test]
+    async fn should_return_400_if_invalid_input() {
+        // the input is considered invalid if:
+        // - the email is empty or does not contain an "@" symbol
+        // - the password is less than 8 characters long
+
+        // create an array of invalid inputs, then iterate over them and assert that the response status is 400
+        let app = TestApp::run().await;
+        let test_cases = [
+            json!({
+                "email": "",
+                "password": "securepassword",
+                "requires2FA": true
+            }),
+            json!({
+                "email": "invalidemail.com",
+                "password": "securepassword",
+                "requires2FA": true
+            }),
+            json!({
+                "email": get_random_email(),
+                "password": "short",
+                "requires2FA": true
+            }),
+        ];
+
+        for body in test_cases {
+            let response = app.post_signup(&body).await;
+            assert_eq!(response.status().as_u16(), 400, "Failed for body: {}", body);
+
+            assert_eq!(
+                response
+                .json::<ErrorResponse>()
+                .await
+                .expect("Could not deserialize response body to Value")
+                .error,
+                "Invalid credentials".to_string(),
+            );
+        }
+   
+    }
+
+    #[tokio::test]
+    async fn should_return_409_if_email_already_exists() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        let body = json!({
+            "email": email,
+            "password": "securepassword",
+            "requires2FA": true
+        });
+
+        // first signup attempt should succeed
+        let response = app.post_signup(&body).await;
+        assert_eq!(response.status().as_u16(), 201);
+
+        let expected_response = Json(SignupResponse {
+            message: "User created successfully!".to_owned(),
+        });
+
+        assert_eq!(
+            response
+            .json::<SignupResponse>()
+            .await
+            .expect("Could not deserialize response body to UserBody"),
+            expected_response.0
+        );
+
+        // second signup attempt with the same email should fail
+        let response = app.post_signup(&body).await;
+        assert_eq!(response.status().as_u16(), 409);
+
+        assert_eq!(
+            response
+            .json::<ErrorResponse>()
+            .await
+            .expect("Could not deserialize response body to Value")
+            .error,
+            "User already exists".to_string(),
+        );
+    }
+}
\ No newline at end of file
diff --git a/auth-service/tests/api/verify_2fa.rs b/auth-service/tests/api/verify_2fa.rs
new file mode 100644
index 000000000..a73526406
--- /dev/null
+++ b/auth-service/tests/api/verify_2fa.rs
@@ -0,0 +1,297 @@
+use crate::helpers::TestApp;
+
+
+mod tests {
+    use auth_service::{domain::email::Email, routes::TwoFactorAuthResponse, services::data_store::LoginAttemptId, utils::constants::JWT_COOKIE_NAME};
+
+    use crate::helpers::get_random_email;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn should_return_422_if_malformed_input() {
+        let app = TestApp::run().await;
+
+        let test_cases = vec![
+            serde_json::json!({
+                "mail": "user@example.com",
+                "loginAttemptId": "string",
+                "2FACode": "string"
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "loghinAttemptId": "string",
+                "2FACode": "string"
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "loghinAttemptId": "string",
+                "2FAKCode": "string"
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "2FACode": "string"
+            }),
+            serde_json::json!({
+                "loginAttemptId": "string",
+                "2FACode": "string"
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "loginAttemptId": "string",
+            }),
+            serde_json::json!({}),
+        ];
+
+        for case in test_cases {
+            let response = app.post_verify_2fa(&case).await;
+
+            assert_eq!(response.status().as_u16(), 422);
+        }
+    }
+
+
+    #[tokio::test]
+    async fn should_return_400_if_invalid_input() {
+        let app = TestApp::run().await;
+
+        let test_cases = vec![
+            serde_json::json!({
+                "email": "userexample.com",
+                "loginAttemptId": "string",
+                "2FACode": "string"
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "loginAttemptId": "",
+                "2FACode": "string"
+            }),
+            serde_json::json!({
+                "email": "user@example.com",
+                "loginAttemptId": "string",
+                "2FACode": ""
+            }),
+        ];
+
+        for case in test_cases {
+            let response = app.post_verify_2fa(&case).await;
+
+            assert_eq!(response.status().as_u16(), 400);
+        }
+    }
+
+
+
+    #[tokio::test]
+    async fn should_return_401_if_incorrect_credentials() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": true,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with valid credentials
+        let login_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 206);
+
+        let (login_attempt_id, code) = app.two_fa_code_store.lock().await.get_code(&Email::new(&email)).await.unwrap();
+        let verify_2fa_body = serde_json::json!({
+            "email": email,
+            "loginAttemptId": LoginAttemptId::default().as_ref(),
+            "2FACode": code.as_ref(),
+        });
+
+        let response = app.post_verify_2fa(&verify_2fa_body).await;
+
+        assert_eq!(response.status().as_u16(), 401);
+    }
+
+
+    // #[tokio::test]
+    // async fn should_return_401_if_old_code() {
+    //     let app = TestApp::run().await;
+
+    //     let email = get_random_email();
+
+    //     let signup_body = serde_json::json!({
+    //         "email": email,
+    //         "password": "password123",
+    //         "requires2FA": true
+    //     });
+
+    //     let response = app.post_signup(&signup_body).await;
+
+    //     assert_eq!(response.status().as_u16(), 201);
+
+    //     // First login call
+
+    //     let login_body = serde_json::json!({
+    //         "email": email,
+    //         "password": "password123"
+    //     });
+
+    //     let response = app.post_login(&login_body).await;
+
+    //     assert_eq!(response.status().as_u16(), 206);
+
+    //     let response_body = response
+    //         .json::<TwoFactorAuthResponse>()
+    //         .await
+    //         .expect("Could not deserialize response body to TwoFactorAuthResponse");
+
+    //     assert_eq!(response_body.message, "2FA required".to_owned());
+    //     assert!(!response_body.login_attempt_id.is_empty());
+
+    //     let login_attempt_id = response_body.login_attempt_id;
+
+    //     let (login_attempt_id, code) = app.two_fa_code_store.lock().await.get_code(&Email::new(&email)).await.unwrap();
+
+    //     // Second login call
+
+    //     let response = app.post_login(&login_body).await;
+
+    //     assert_eq!(response.status().as_u16(), 206);
+
+    //     // 2FA attempt with old login_attempt_id and code
+
+    //     let request_body = serde_json::json!({
+    //         "email": email,
+    //         "loginAttemptId": login_attempt_id.as_ref(),
+    //         "2FACode": code.as_ref()
+    //     });
+
+    //     let response = app.post_verify_2fa(&request_body).await;
+
+    //     assert_eq!(response.status().as_u16(), 401);
+    // }
+
+    #[tokio::test]
+    async fn should_return_200_if_correct_code() {
+        let app = TestApp::run().await;
+
+        let random_email = get_random_email();
+
+        let signup_body = serde_json::json!({
+            "email": random_email,
+            "password": "password123",
+            "requires2FA": true
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        let login_body = serde_json::json!({
+            "email": random_email,
+            "password": "password123"
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 206);
+
+        let response_body = response
+            .json::<TwoFactorAuthResponse>()
+            .await
+            .expect("Could not deserialize response body to TwoFactorAuthResponse");
+
+        assert_eq!(response_body.message, "2FA required".to_owned());
+        assert!(!response_body.login_attempt_id.is_empty());
+
+        let login_attempt_id = response_body.login_attempt_id;
+
+        let (login_attempt_id, code) = app.two_fa_code_store.lock().await.get_code(&Email::new(&random_email)).await.unwrap();
+
+        let request_body = serde_json::json!({
+            "email": random_email,
+            "loginAttemptId": login_attempt_id.as_ref(),
+            "2FACode": code.as_ref()
+        });
+
+        let response = app.post_verify_2fa(&request_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let auth_cookie = response
+            .cookies()
+            .find(|cookie| cookie.name() == JWT_COOKIE_NAME)
+            .expect("No auth cookie found");
+
+        assert!(!auth_cookie.value().is_empty());
+    }
+
+
+    #[tokio::test]
+    async fn should_return_401_if_same_code_twice() {
+        let app = TestApp::run().await;
+
+        let random_email = get_random_email();
+
+        let signup_body = serde_json::json!({
+            "email": random_email,
+            "password": "password123",
+            "requires2FA": true
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        let login_body = serde_json::json!({
+            "email": random_email,
+            "password": "password123"
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 206);
+
+        let response_body = response
+            .json::<TwoFactorAuthResponse>()
+            .await
+            .expect("Could not deserialize response body to TwoFactorAuthResponse");
+
+        assert_eq!(response_body.message, "2FA required".to_owned());
+        assert!(!response_body.login_attempt_id.is_empty());
+
+        let login_attempt_id = response_body.login_attempt_id;
+
+        let (login_attempt_id, code) = app.two_fa_code_store.lock().await.get_code(&Email::new(&random_email)).await.unwrap();
+
+        let request_body = serde_json::json!({
+            "email": random_email,
+            "loginAttemptId": login_attempt_id.as_ref(),
+            "2FACode": code.as_ref()
+        });
+
+        let response = app.post_verify_2fa(&request_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let auth_cookie = response
+            .cookies()
+            .find(|cookie| cookie.name() == JWT_COOKIE_NAME)
+            .expect("No auth cookie found");
+
+        assert!(!auth_cookie.value().is_empty());
+
+        let response = app.post_verify_2fa(&request_body).await;
+
+        assert_eq!(response.status().as_u16(), 401);
+    }
+}
diff --git a/auth-service/tests/api/verify_token.rs b/auth-service/tests/api/verify_token.rs
new file mode 100644
index 000000000..c10ecbd2a
--- /dev/null
+++ b/auth-service/tests/api/verify_token.rs
@@ -0,0 +1,130 @@
+use crate::helpers::TestApp;
+
+
+mod tests {
+    use auth_service::utils::constants::JWT_COOKIE_NAME;
+    use reqwest::{Url, cookie::CookieStore};
+
+    use crate::helpers::get_random_email;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn should_return_422_if_malformed_input() {
+        let app = TestApp::run().await;
+
+        let test_cases = vec![
+            serde_json::json!({
+                "toghen": "mytoken",
+            }),
+            serde_json::json!({}),
+        ];
+
+        for case in test_cases {
+            let response = app.post_login(&case).await;
+
+            assert_eq!(response.status().as_u16(), 422);
+        }
+    }
+
+    #[tokio::test]
+    async fn should_return_200_if_valid_token() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": false,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with valid credentials
+        let login_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let auth_cookie = response
+        .cookies()
+        .find(|c| c.name() == JWT_COOKIE_NAME)
+        .expect("no auth cookie found");
+
+        let token = auth_cookie.value();
+
+        let verify_token_body = serde_json::json!({
+            "token": token
+        });
+
+        let response = app.post_verify_token(&verify_token_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+    }
+
+    #[tokio::test]
+    async fn should_return_401_if_invalid_token() {
+        let app = TestApp::run().await;
+
+        let verify_token_body = serde_json::json!({
+            "token": "invalid"
+        });
+
+        let response = app.post_verify_token(&verify_token_body).await;
+
+        assert_eq!(response.status().as_u16(), 401);
+    }
+
+    #[tokio::test]
+    async fn should_return_401_if_banned_token() {
+        let app = TestApp::run().await;
+
+        let email = get_random_email();
+
+        // Create a user in the test database
+        let signup_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+            "requires2FA": false,
+        });
+
+        let response = app.post_signup(&signup_body).await;
+
+        assert_eq!(response.status().as_u16(), 201);
+
+        // Attempt to login with valid credentials
+        let login_body = serde_json::json!({
+            "email": email,
+            "password": "password123",
+        });
+
+        let response = app.post_login(&login_body).await;
+
+        assert_eq!(response.status().as_u16(), 200);
+
+        let auth_cookie = response
+        .cookies()
+        .find(|c| c.name() == JWT_COOKIE_NAME)
+        .expect("no auth cookie found");
+
+        let token = auth_cookie.value();
+
+        app.banned_token_store.store_token(&token).await.unwrap();
+
+        let verify_token_body = serde_json::json!({
+            "token": token
+        });
+
+        let response = app.post_verify_token(&verify_token_body).await;
+
+        assert_eq!(response.status().as_u16(), 401);
+    }
+}
diff --git a/compose.yml b/compose.yml
index a54c69c4f..4a5017fd7 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,18 +1,38 @@
 services:
   app-service:
-    # TODO: change "letsgetrusty" to your Docker Hub username
-    image: letsgetrusty/app-service # specify name of image on Docker Hub
-    restart: "always" # automatically restart container when server crashes
-    environment: # set up environment variables
-      AUTH_SERVICE_IP: ${AUTH_SERVICE_IP:-localhost} # Use localhost as the default value
+    image: fedecomprido/app-service
+    restart: "always"
+    environment:
+      AUTH_SERVICE_IP: ${AUTH_SERVICE_IP:-localhost}
     ports:
-      - "8000:8000" # expose port 8000 so that applications outside the container can connect to it 
-    depends_on: # only run app-service after auth-service has started
+      - "8000:8000"
+    depends_on:
       auth-service:
         condition: service_started
   auth-service:
-    # TODO: change "letsgetrusty" to your Docker Hub username
-    image: letsgetrusty/auth-service
-    restart: "always" # automatically restart container when server crashes
+    image: fedecomprido/auth-service
+    restart: "always"
+    environment:
+      JWT_SECRET: ${JWT_SECRET}
+      # New!
+      DATABASE_URL: "postgres://postgres:${POSTGRES_PASSWORD}@db:5432"
     ports:
-      - "3000:3000" # expose port 3000 so that applications outside the container can connect to it 
\ No newline at end of file
+      - "3000:3000"
+    # New!
+    depends_on:
+      - db
+  # New!
+  db:
+    image: postgres:15.2-alpine
+    restart: always
+    environment:
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    ports:
+      - "5432:5432"
+    volumes:
+      - db:/var/lib/postgresql/data
+
+# New!
+volumes:
+  db:
+    driver: local
\ No newline at end of file
diff --git a/docker.sh b/docker.sh
new file mode 100755
index 000000000..4e7717bdb
--- /dev/null
+++ b/docker.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+ENV_FILE="./auth-service/.env"
+
+if ! [[ -f "$ENV_FILE" ]]; then
+  echo "Error: missing auth-service/.env file!"
+  exit 1
+fi
+
+while IFS= read -r line; do
+  if [[ -n "$line" ]] && [[ "$line" != "\#*" ]]; then
+    key=$(echo "$line" | cut -d "=" -f1)
+    value=$(echo "$line" | cut -d "=" -f2-)
+    export "$key=$value"
+  fi
+done < <(grep -v "^#" "$ENV_FILE")
+
+docker compose build
+docker compose up