From 45abac7a2dfbcd2745d720bfbdec524a2f08fe25 Mon Sep 17 00:00:00 2001
From: luk3yx <luk3yx@users.noreply.github.com>
Date: Tue, 21 Apr 2020 22:24:16 +1200
Subject: [PATCH] Initial commit.

---
 .gitignore                      |   4 +
 HTTPS API.md                    | 238 ++++++++++++
 LICENSE.md                      | 660 ++++++++++++++++++++++++++++++++
 README.md                       |  46 +++
 TODO.md                         |  13 +
 config.yaml                     |  52 +++
 lurkcoin/api/admin-pages.go     | 653 +++++++++++++++++++++++++++++++
 lurkcoin/api/config.go          | 148 +++++++
 lurkcoin/api/https-core.go      | 174 +++++++++
 lurkcoin/api/v2-placeholder.go  |  32 ++
 lurkcoin/api/v2.go              | 325 ++++++++++++++++
 lurkcoin/api/v3.go              | 222 +++++++++++
 lurkcoin/currency.go            | 256 +++++++++++++
 lurkcoin/databases/bbolt.go     | 157 ++++++++
 lurkcoin/databases/plaintext.go | 165 ++++++++
 lurkcoin/databases/register.go  | 125 ++++++
 lurkcoin/db-helpers.go          | 329 ++++++++++++++++
 lurkcoin/errorcodes.go          |  58 +++
 lurkcoin/misc.go                | 228 +++++++++++
 lurkcoin/payments.go            | 104 +++++
 lurkcoin/servers.go             | 440 +++++++++++++++++++++
 lurkcoin/transactions.go        | 105 +++++
 main.go                         |  39 ++
 src                             |   1 +
 24 files changed, 4574 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 HTTPS API.md
 create mode 100644 LICENSE.md
 create mode 100644 README.md
 create mode 100644 TODO.md
 create mode 100644 config.yaml
 create mode 100644 lurkcoin/api/admin-pages.go
 create mode 100644 lurkcoin/api/config.go
 create mode 100644 lurkcoin/api/https-core.go
 create mode 100644 lurkcoin/api/v2-placeholder.go
 create mode 100644 lurkcoin/api/v2.go
 create mode 100644 lurkcoin/api/v3.go
 create mode 100644 lurkcoin/currency.go
 create mode 100644 lurkcoin/databases/bbolt.go
 create mode 100644 lurkcoin/databases/plaintext.go
 create mode 100644 lurkcoin/databases/register.go
 create mode 100644 lurkcoin/db-helpers.go
 create mode 100644 lurkcoin/errorcodes.go
 create mode 100644 lurkcoin/misc.go
 create mode 100644 lurkcoin/payments.go
 create mode 100644 lurkcoin/servers.go
 create mode 100644 lurkcoin/transactions.go
 create mode 100644 main.go
 create mode 120000 src

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d1f05b0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+lurkcoin.db
+db.json*
+.mypy_cache
+go
diff --git a/HTTPS API.md b/HTTPS API.md
new file mode 100644
index 0000000..b479b9c
--- /dev/null
+++ b/HTTPS API.md	
@@ -0,0 +1,238 @@
+# lurkcoinV3 API documentation
+
+**This document is a work in progress and is subject to change!**
+
+lurkcoin provides an API for servers and other integrations.
+
+In version 3 of the API, JSON is recommended for requests and used for all
+responses. If you cannot decode JSON, you should probably use the legacy
+[lurkcoinV2 API](https://gist.github.com/luk3yx/8028cedb3bfb282d9ba3f2d1c7871231).
+There are currently no plans to remove the older API.
+
+All API endpoints require an `Authorization` header with the
+[`Basic`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme)
+authentication scheme. If the username somehow happens to contain colons (`:`),
+these can be replaced with underscores (`_`).
+
+*With Python's requests library, you can simply add
+`auth=('username', 'token')` as a keyword argument.*
+
+# Response format
+
+All responses will be a JSON object containing a `success` boolean. If lurkcoin
+encounters errors processing your request, this will be false and an error code
+will be added to the response. Otherwise, the response data (if any) will be in
+the `result` key.
+
+### Examples
+
+```json
+{
+    "success": true,
+    "result": 1234.56
+}
+```
+
+```json
+{
+    "success": false,
+    "error": "ERR_CANNOTAFFORD",
+    "message": "You cannot afford to do that!"
+}
+```
+
+### Globally raised errors
+
+The following errors may be raised on any API endpoint:
+ - `ERR_INVALIDLOGIN` when either `username` or `token` is invalid.
+ - `ERR_INVALIDREQUEST` when required parameters are missing or are an invalid
+    type.
+ - `ERR_INTERNALERROR` when something really nasty happens.
+
+# API endpoints
+
+These endpoints are shared between both lurkcoinV3-core and the suggested bank
+API. Any API parameter marked with "servers only" can only be used with
+lurkcoinV3-core.
+
+## GET `/v3/summary`
+
+Returns an "account summary".
+
+This endpoint returns a JSON-formatted object with the following items:
+ - `uid`: An internal UID for the user, this is probably the username with
+    only the following characters: `[A-Za-z0-9_]+`.
+ - `name`: The username for the user. This is used in [transaction objects].
+ - `bal`: A number with the user's current balance.
+ - `balance`: The balance formatted as a string (if `bal` is `1.23`,
+    `balance` will be `¤1.23` or similar).
+ - `history`: A list with the 10 most recent [transaction objects].
+ - `interest_rate`: The current interest rate.
+ - `target_balance` *(servers only)*: The server's target balance. This will be
+    `0` if the server's local currency is equal to lurkcoin.
+
+## POST `/v3/pay`
+
+Sends a payment to a user. This will return the transaction object (see
+`/v3/history`) on success. This can optionally be used to generate transaction
+IDs for local transactions.
+
+Parameters:
+ - `source` *(servers only)*: The user who is sending the transaction.
+ - `target`: The target user to pay.
+ - `target_server`: The server to pay the user on. If this is a bank, empty
+    strings should be treated as the current bank.
+ - `amount`: The amount to pay the user.
+ - `local_currency` *(servers only)*: If `true`, lurkcoin will calculate the
+    local server's exchange rate before processing the transaction.
+
+Errors raised:
+ - `ERR_SERVERNOTFOUND` when `target_server` doesn't exist.
+ - `ERR_INVALIDAMOUNT` when the amount is invalid
+ - `ERR_CANNOTPAYNOTHING` when the amount (after exchange rate calculations)
+    is ¤0.00.
+ - `ERR_CANNOTAFFORD` when your balance is lower than the amount sent (in
+    lurkcoins).
+
+## GET `/v3/balance`
+
+Returns your account balance as a number.
+
+## GET `/v3/history`
+
+Returns a list of [transaction objects].
+
+## POST `/v3/exchange_rates`
+
+Gets the exchange rate for the specified server. Will return a number.
+
+Parameters:
+ - `source` *(optional)*: The server the money is hypothetically coming from.
+ - `target` *(optional)*: The server the money is hypothetically going to.
+ - `amount`: The amount of money being transferred.
+
+Errors raised:
+ - `ERR_SOURCESERVERNOTFOUND` when `source` doesn't exist.
+ - `ERR_TARGETSERVERNOTFOUND` when `target` doesn't exist.
+ - `ERR_INVALIDAMOUNT` when `amount` is invalid.
+
+## GET `/v3/pending_transactions`
+
+Returns a JSON-formatted list of unprocessed [transaction objects]. Note that
+the order of this list is not guaranteed to be the same between API calls.
+
+## POST `/v3/acknowledge_transactions`
+
+Marks transactions as processed. Invalid or already processed transaction IDs
+will be silently ignored.
+
+**Please cache processed transaction IDs until this request has succeeded to
+stop transactions being applied twice.**
+
+Parameters:
+ - `transactions`: A list of transaction IDs that have been processed.
+
+## POST `/v3/reject_transactions`
+
+Marks transactions as rejected, for example when one was sent to a non-existent
+user. Invalid or already processed transaction IDs will be silently ignored.
+
+*If a transaction gets marked as rejected, the target user (if any) must not
+receive the transaction as the transaction may be reverted.*
+
+Parameters:
+ - `transactions`: A list of transaction IDs that have been rejected.
+
+## GET `/v3/target_balance`
+
+Gets the target balance. This will be `0` if the server's currency is equal to
+lurkcoin.
+
+## PUT `/v3/target_balance`
+
+Sets the server's current balance.
+
+Target balances are used with calculating exchange rates, if the server's
+balance is lower than this target balance the currency will be less valuable
+than lurkcoin.
+
+**Please do not set ridiculously high/low target balances without a good reason
+for doing so.** This API endpoint may have a maximum/minimum target balance
+added in the future.
+
+Set the target balance to `0` if the server's currency should have a 1:1
+exchange rate with lurkcoin (or if the server's local currency *is* lurkcoin).
+
+Parameters:
+ - `target_balance`: The new target balance.
+
+Errors raised:
+ - `ERR_INVALIDAMOUNT`: Invalid target balance.
+
+## GET `/v3/webhook_url`
+
+Gets the server's webhook URL, or `null` if webhooks are not enabled. Every
+time a transaction gets sent to the server a POST request will be sent to this
+URL similar to the below example.
+
+```
+POST /lurkcoin HTTP/1.1
+User-Agent: lurkcoin/3.0
+Content-Length: 14
+Content-Type: application/json
+
+{"version": 0}
+```
+
+The request does not contain transaction information because there is currently
+no reliable way to validate that the request has indeed originated from
+lurkcoin.
+
+# Alternate API endpoints
+
+All `GET`-based endpoints also accept `POST`.
+
+## POST `/v3/set_target_balance`
+
+Equivalent to sending a PUT to `/v3/target_balance`. Can be used if you can't
+or don't want to send `PUT` requests.
+
+# Transaction objects
+
+[transaction objects]: #transaction-objects
+
+Transaction objects are defined as follows:
+
+```js
+{
+    // The transaction ID
+    "id": "T5E1816DE-9ACB0442",
+
+    // The user who sent this transaction and the server they are on.
+    "source": "sourceuser",
+    "source_server": "sourceserver",
+
+    // The user who has received this transaction and their server.
+    "target": "targetuser",
+    "target_server": "targetserver",
+
+    // The amount sent in lurkcoins.
+    "amount": 851.80,
+
+    // The amount in the sending server's local currency.
+    "sent_amount": 123.45,
+
+    // The amount in the receiving server's local currency.
+    "received_amount": 1650.52
+
+    // The time the transaction was sent in seconds since the UNIX epoch.
+    "time": 1578637022,
+
+    // If this is false, the transaction will not be reverted if it gets
+    // rejected by the receiving server.
+    "revertable": true,
+}
+```
+
+Extra items must be ignored by the client as these may be used in the future
+to add more features.
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..cba6f6a
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,660 @@
+### GNU AFFERO GENERAL PUBLIC LICENSE
+
+Version 3, 19 November 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc.
+<https://fsf.org/>
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+### Preamble
+
+The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains
+free software for all its users.
+
+When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing
+under this license.
+
+The precise terms and conditions for copying, distribution and
+modification follow.
+
+### TERMS AND CONDITIONS
+
+#### 0. Definitions.
+
+"This License" refers to version 3 of the GNU Affero General Public
+License.
+
+"Copyright" also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+
+"The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of
+an exact copy. The resulting work is called a "modified version" of
+the earlier work or a work "based on" the earlier work.
+
+A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user
+through a computer network, with no transfer of a copy, is not
+conveying.
+
+An interactive user interface displays "Appropriate Legal Notices" to
+the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+#### 1. Source Code.
+
+The "source code" for a work means the preferred form of the work for
+making modifications to it. "Object code" means any non-source form of
+a work.
+
+A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+The Corresponding Source need not include anything that users can
+regenerate automatically from other parts of the Corresponding Source.
+
+The Corresponding Source for a work in source code form is that same
+work.
+
+#### 2. Basic Permissions.
+
+All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+You may make, run and propagate covered works that you do not convey,
+without conditions so long as your license otherwise remains in force.
+You may convey covered works to others for the sole purpose of having
+them make modifications exclusively for you, or provide you with
+facilities for running those works, provided that you comply with the
+terms of this License in conveying all material for which you do not
+control copyright. Those thus making or running the covered works for
+you must do so exclusively on your behalf, under your direction and
+control, on terms that prohibit them from making any copies of your
+copyrighted material outside their relationship with you.
+
+Conveying under any other circumstances is permitted solely under the
+conditions stated below. Sublicensing is not allowed; section 10 makes
+it unnecessary.
+
+#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such
+circumvention is effected by exercising rights under this License with
+respect to the covered work, and you disclaim any intention to limit
+operation or modification of the work as a means of enforcing, against
+the work's users, your or third parties' legal rights to forbid
+circumvention of technological measures.
+
+#### 4. Conveying Verbatim Copies.
+
+You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+#### 5. Conveying Modified Source Versions.
+
+You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these
+conditions:
+
+-   a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+-   b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under
+    section 7. This requirement modifies the requirement in section 4
+    to "keep intact all notices".
+-   c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy. This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged. This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+-   d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+#### 6. Conveying Non-Source Forms.
+
+You may convey a covered work in object code form under the terms of
+sections 4 and 5, provided that you also convey the machine-readable
+Corresponding Source under the terms of this License, in one of these
+ways:
+
+-   a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+-   b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the Corresponding
+    Source from a network server at no charge.
+-   c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source. This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+-   d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge. You need not require recipients to copy the
+    Corresponding Source along with the object code. If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source. Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+-   e) Convey the object code using peer-to-peer transmission,
+    provided you inform other peers where the object code and
+    Corresponding Source of the work are being offered to the general
+    public at no charge under subsection 6d.
+
+A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal,
+family, or household purposes, or (2) anything designed or sold for
+incorporation into a dwelling. In determining whether a product is a
+consumer product, doubtful cases shall be resolved in favor of
+coverage. For a particular product received by a particular user,
+"normally used" refers to a typical or common use of that class of
+product, regardless of the status of the particular user or of the way
+in which the particular user actually uses, or expects or is expected
+to use, the product. A product is a consumer product regardless of
+whether the product has substantial commercial, industrial or
+non-consumer uses, unless such uses represent the only significant
+mode of use of the product.
+
+"Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to
+install and execute modified versions of a covered work in that User
+Product from a modified version of its Corresponding Source. The
+information must suffice to ensure that the continued functioning of
+the modified object code is in no case prevented or interfered with
+solely because modification has been made.
+
+If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or
+updates for a work that has been modified or installed by the
+recipient, or for the User Product in which it has been modified or
+installed. Access to a network may be denied when the modification
+itself materially and adversely affects the operation of the network
+or violates the rules and protocols for communication across the
+network.
+
+Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+#### 7. Additional Terms.
+
+"Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders
+of that material) supplement the terms of this License with terms:
+
+-   a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+-   b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+-   c) Prohibiting misrepresentation of the origin of that material,
+    or requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+-   d) Limiting the use for publicity purposes of names of licensors
+    or authors of the material; or
+-   e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+-   f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions
+    of it) with contractual assumptions of liability to the recipient,
+    for any liability that these contractual assumptions directly
+    impose on those licensors and authors.
+
+All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions; the
+above requirements apply either way.
+
+#### 8. Termination.
+
+You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+#### 9. Acceptance Not Required for Having Copies.
+
+You are not required to accept this License in order to receive or run
+a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+#### 10. Automatic Licensing of Downstream Recipients.
+
+Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+#### 11. Patents.
+
+A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+A contributor's "essential patent claims" are all patent claims owned
+or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+A patent license is "discriminatory" if it does not include within the
+scope of its coverage, prohibits the exercise of, or is conditioned on
+the non-exercise of one or more of the rights that are specifically
+granted under this License. You may not convey a covered work if you
+are a party to an arrangement with a third party that is in the
+business of distributing software, under which you make payment to the
+third party based on the extent of your activity of conveying the
+work, and under which the third party grants, to any of the parties
+who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by
+you (or copies made from those copies), or (b) primarily for and in
+connection with specific products or compilations that contain the
+covered work, unless you entered into that arrangement, or that patent
+license was granted, prior to 28 March 2007.
+
+Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+#### 12. No Surrender of Others' Freedom.
+
+If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under
+this License and any other pertinent obligations, then as a
+consequence you may not convey it at all. For example, if you agree to
+terms that obligate you to collect a royalty for further conveying
+from those to whom you convey the Program, the only way you could
+satisfy both those terms and this License would be to refrain entirely
+from conveying the Program.
+
+#### 13. Remote Network Interaction; Use with the GNU General Public License.
+
+Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your
+version supports such interaction) an opportunity to receive the
+Corresponding Source of your version by providing access to the
+Corresponding Source from a network server at no charge, through some
+standard or customary means of facilitating copying of software. This
+Corresponding Source shall include the Corresponding Source for any
+work covered by version 3 of the GNU General Public License that is
+incorporated pursuant to the following paragraph.
+
+Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+#### 14. Revised Versions of this License.
+
+The Free Software Foundation may publish revised and/or new versions
+of the GNU Affero General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever
+published by the Free Software Foundation.
+
+If the Program specifies that a proxy can decide which future versions
+of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+#### 15. Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
+WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
+DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+
+#### 16. Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
+CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
+ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
+NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
+LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
+TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+#### 17. Interpretation of Sections 15 and 16.
+
+If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+END OF TERMS AND CONDITIONS
+
+### How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+To do so, attach the following notices to the program. It is safest to
+attach them to the start of each source file to most effectively state
+the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+        <one line to give the program's name and a brief idea of what it does.>
+        Copyright (C) <year>  <name of author>
+
+        This program is free software: you can redistribute it and/or modify
+        it under the terms of the GNU Affero General Public License as
+        published by the Free Software Foundation, either version 3 of the
+        License, or (at your option) any later version.
+
+        This program is distributed in the hope that it will be useful,
+        but WITHOUT ANY WARRANTY; without even the implied warranty of
+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+        GNU Affero General Public License for more details.
+
+        You should have received a copy of the GNU Affero General Public License
+        along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper
+mail.
+
+If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for
+the specific requirements.
+
+You should also get your employer (if you work as a programmer) or
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. For more information on this, and how to apply and follow
+the GNU AGPL, see <https://www.gnu.org/licenses/>.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..fbcae7f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,46 @@
+# lurkcoin
+
+This is the core code of the next major release of
+[lurkcoin](https://forum.minetest.net/viewtopic.php?f=9&t=22768). This is
+currently WIP and there will probably be bugs.
+
+## Dependencies
+
+ - [Go](https://golang.org) 1.10+, Go 1.14 or later recommended.
+ - [bbolt](https://github.com/etcd-io/bbolt)
+    - `go get https://github.com/etcd-io/bbolt`
+ - [httprouter](https://github.com/julienschmidt/httprouter)
+    - `go get https://github.com/julienschmidt/httprouter`
+ - [yaml](https://gopkg.in/yaml.v2)
+    - `go get https://gopkg.in/yaml.v2`
+
+## Configuration
+
+See config.yaml for a list of configuration options.
+
+## Compilation flags
+
+The following compilation flags are supported:
+
+ - `lurkcoin.disablebbolt`: Disables the bbolt database. If this flag is used,
+    bbolt does not need to be installed.
+ - `lurkcoin.disableplaintextdb`: Disables the plaintext database.
+ - `lurkcoin.disablev2api`: Disables version 2 of the API. This can also be
+    done at runtime in config.yaml.
+
+## License
+
+Copyright © 2020 by luk3yx
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
diff --git a/TODO.md b/TODO.md
new file mode 100644
index 0000000..de81aae
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,13 @@
+# TODO
+
+ - Fix exchange rate calculations.
+ - Make the limits on the size of V2 requests more strict.
+ - Allow a client-provided identifier in `/v3/pay` to prevent double-ups.
+ - Rate limit failed login attempts (on both API endpoints and the admin pages).
+ - Add `/v3/regenerate_token`. To ensure atomicity, lurkcoin will accept both
+    tokens until the new token is used.
+ - Don't use big.Float when converting Currency objects from strings.
+ - Don't escape HTML tags in the returned JSON (possibly).
+ - Add a way to request account creation and webhook URLs.
+ - Add PBKDF2 for admin pages password hashes.
+ - Federation.
diff --git a/config.yaml b/config.yaml
new file mode 100644
index 0000000..536c5a4
--- /dev/null
+++ b/config.yaml
@@ -0,0 +1,52 @@
+# Example lurkcoin configuration file.
+
+# The name of this lurkcoin instance. This should not be "lurkcoin" to avoid
+# conflicts.
+name: Test
+
+# The address port to bind on.
+# address: "[::]"
+port: 5000
+
+# TLS (optional).
+tls:
+    enable: false
+    cert_file: /path/to/cert.pem
+    key_file: /path/to/key.pem
+
+# The database to use.
+database:
+    # bbolt (recommended)
+    # type: bbolt
+    # location: lurkcoin.db
+
+    # Plaintext
+    type: plaintext
+    location: db.json
+
+# Admin pages (accessible at /admin)
+admin_pages:
+    enable: true
+    users:
+        test:
+            password_hash: dccc9b5e6a27bb343a5b859d5bc0b867a8e191161634d8387f6d633580f4f9732219d33076ae709bab765fc8b097b35b52dc5eba1d29f502fc2b2b823736c887
+            password_salt: <salt>
+            hash_algorithm: sha512
+
+            # Allow the creation of servers and the editing of their balances.
+            allow_editing: true
+
+            # Allows database backups to be downloaded. This also requires
+            # allow_editing to be enabled.
+            allow_database_download: true
+
+# A logfile to redirect standard output to.
+# logfile: /tmp/logfile
+
+# URL redirects. Please don't make redirects that conflict with lurkcoin's
+# admin pages or APIs.
+redirects:
+    /: /admin
+
+# The minimum API version to enable.
+# min_api_version: 2
diff --git a/lurkcoin/api/admin-pages.go b/lurkcoin/api/admin-pages.go
new file mode 100644
index 0000000..7e1bce3
--- /dev/null
+++ b/lurkcoin/api/admin-pages.go
@@ -0,0 +1,653 @@
+//
+// lurkcoin admin pages
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package api
+
+import (
+	"crypto/sha512"
+	"encoding/hex"
+	"github.com/julienschmidt/httprouter"
+	"html/template"
+	"io"
+	"log"
+	"lurkcoin"
+	"net/http"
+	"regexp"
+	"strings"
+)
+
+const adminPagesHeader = `<!DOCTYPE html>
+<html>
+<head>
+	<title>lurkcoin admin pages</title>
+	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/skeleton/2.0.4/skeleton.min.css" />
+	<link rel="stylesheet" href="https://www.xeroxirc.net/style.css" />
+	<style>
+	.button, button, input[type=button], input[type=reset], input[type=submit] {
+		height: 32px;
+		padding: 0 15px;
+		line-height: 32px;
+		margin-right: 0.5rem;
+	}
+	.button:not(.button-primary), button:not(.button-primary), input[type=button]:not(.button-primary), input[type=reset]:not(.button-primary), input[type=submit]:not(.button-primary) {
+		border-color: transparent;
+	}
+	.button.button-primary, button.button-primary, input[type="button"].button-primary, input[type="reset"].button-primary, input[type="submit"].button-primary {
+		background-color: #007FA9;
+		border-color: #007FA9;
+	}
+	.button.button-primary:focus, .button.button-primary:hover, button.button-primary:focus, button.button-primary:hover, input[type="button"].button-primary:focus, input[type="button"].button-primary:hover, input[type="reset"].button-primary:focus, input[type="reset"].button-primary:hover, input[type="submit"].button-primary:focus, input[type="submit"].button-primary:hover {
+		background-color: #006F99;
+		border-color: #006F99;
+	}
+	</style>
+	<meta name="viewport" content="width=device-width" />
+</head>
+<body>
+<main style="padding: 1.5em;">`
+
+const adminPagesFooter = `</main></body></html>`
+
+const serverListTemplate = adminPagesHeader + `
+<h2>Server list</h2>
+<i>Total: {{len .Summaries}} server(s).</i>
+<table>
+	<thead>
+		<tr>
+			<th>Name</th>
+			<th>Balance</th>
+			<th>Target balance</th>
+			<th>Pending transactions</th>
+			<th>...</th>
+		</tr>
+	</thead>
+	<tbody>
+		{{range $summary := .Summaries}}
+			<tr>
+				<td>{{$summary.Name}}</td>
+				<td>{{$summary.Balance}}</td>
+				<td>{{$summary.TargetBalance}}</td>
+				<td>{{$summary.PendingTransactionCount}}</td>
+				<td><a href="/admin/edit/{{$summary.UID}}">Edit</a></td>
+			</tr>
+		{{end}}
+	</tbody>
+</table>
+
+{{if .AllowEditing}}
+	<noscript>
+		<h4>JavaScript is required to edit database entries.</h4>
+	</noscript>
+
+	<button id="new-server" class="button-primary">New server</button>
+	{{if .AllowDatabaseDownload}}
+		<a href="/admin/backup" class="button">Download database backup</a>
+	{{end}}
+
+	<style>
+		html {
+			scroll-behavior: smooth;
+		}
+		#new-server {
+			display: none;
+			transition: ease-in-out 250ms;
+		}
+		#create-server {
+			padding-top: 2em;
+			display: none;
+			transform: scaleY(0);
+			transform-origin: top center;
+			max-height: 0;
+		}
+		#username-field {
+			width: 100%;
+		}
+	</style>
+
+	<form autocomplete="off" method="post" action="/admin/create-server"
+			id="create-server">
+		<h3>Create new server</h3>
+		<input type="hidden" name="csrfToken" value={{.CSRFToken}} />
+		<div style="display: inline-block;">
+			Username<br/>
+			<input type="text" name="username" minlength="3" maxlength="32"
+				required="required" id="username-field" /><br/>
+			<input type="submit" name="submit" class="button-primary"
+				value="Create" />
+			<button type="button" onclick="hideForm()">Cancel</button>
+		</div>
+	</form>
+
+	<script>
+		"use strict";
+		let btn = document.getElementById("new-server");
+		let form = document.getElementById("create-server");
+		btn.style.display = "inline";
+		btn.addEventListener("click", () => {
+			form.style.display = "block";
+			form.style.transition = "ease-in-out 250ms transform";
+			window.setTimeout(() => {
+				form.style.transform = "scaleY(1)";
+				form.style.maxHeight = form.scrollHeight.toString() + "px";
+				btn.style.opacity = "0.5";
+				btn.style.pointerEvents = "none";
+				window.location.hash = "#create-server";
+			}, 25);
+			btn.blur();
+		});
+		function hideForm() {
+			form.style.transition = "ease-in-out 250ms";
+			form.style.transform = "scaleY(0)";
+			form.style.maxHeight = "0";
+			btn.style.opacity = "1";
+			btn.style.pointerEvents = "";
+		}
+	</script>
+{{else}}
+	<i>You may not edit the database.</i>
+{{end}}
+` + adminPagesFooter
+
+const currencyInput = `type="text" pattern="¤?[0-9,_]+(\.[0-9,_]+)?"`
+const infoTemplate = adminPagesHeader + `
+<style>
+#form-inner input, #message {
+	transition: ease-in-out 200ms;
+	text-overflow: ellipsis;
+}
+#form-inner input[disabled="disabled"] {
+	border-color: transparent;
+	background: none;
+	color: inherit;
+}
+{{if .AllowEditing}}
+	#edit-btn, #edit-btn ~ .button {
+		display: none;
+	}
+{{end}}
+</style>
+
+<a href="/admin">Go back</a>
+<h3>Server: {{.Server.Name}}</h3>
+{{if .Message}}
+	<h5 id="message" style="white-space: pre-line;">{{.Message}}</h5>
+{{end}}
+<h4>Basic information</h4>
+<form autocomplete="off" method="post" action="{{.Server.UID}}">
+	{{if .AllowEditing}}
+		<input type="hidden" name="csrfToken" value="{{.CSRFToken}}" />
+		<input type="hidden" name="oldBalance"
+			value="{{.Server.GetBalance.RawString}}" />
+		<input type="hidden" name="oldTargetBalance"
+			value="{{.Server.GetTargetBalance.RawString}}" />
+		<input type="hidden" name="oldWebhookURL"
+			value="{{.Server.WebhookURL}}" />
+	{{end}}
+	<p id="form-inner">
+		Balance<br/>
+		<input ` + currencyInput + ` name="balance"
+			value="{{.Server.GetBalance}}" disabled="disabled" />
+		<br/>
+		Target balance
+		<br/>
+		<input ` + currencyInput + ` name="targetBalance"
+			value="{{.Server.GetTargetBalance}}" disabled="disabled" />
+		<br/>
+		Webhook URL<br/>
+		<input type="url" value="{{.Server.WebhookURL}}" placeholder="(none)"
+		 	disabled="disabled" name="webhookURL" />
+
+		{{if .AllowEditing}}
+			<br/>
+			<button type="button" id="edit-btn"
+				class="button-primary">Edit</button>
+			<script>
+				document.getElementById("edit-btn").style.display = "inline";
+			</script>
+			<input type="submit" value="Save" class="button button-primary"
+				disabled="disabled" />
+			<a href="{{.Server.UID}}" class="button">Cancel</a>
+		{{end}}
+	</p>
+</form>
+
+{{if .AllowEditing}}
+	<script>
+		let p = document.getElementById("form-inner");
+		let btn = document.getElementById("edit-btn");
+		btn.addEventListener("click", () => {
+			let msg = document.getElementById("message");
+			if (msg) {
+				msg.style.fontSize = "0";
+				msg.style.margin = "0";
+				msg.style.padding = "0";
+			}
+			p.removeChild(btn);
+			for (let elem of p.children) {
+				if (elem.tagName.toLowerCase() === "input")
+					elem.removeAttribute("disabled");
+			}
+		});
+		window.history.replaceState(null, null, "/admin/edit/{{.Server.UID}}");
+	</script>
+{{end}}
+
+<h4>History</h4>
+<table>
+	<thead>
+		<tr>
+			<th>ID</th>
+			<th>Source</th>
+			<th>Source server</th>
+			<th>Target</th>
+			<th>Target server</th>
+			<th>Sent amount</th>
+			<th>Amount</th>
+			<th>Received amount</th>
+			<th>Time</th>
+			<th>Revertable</th>
+		</tr>
+	</thead>
+	<tbody>
+		{{range $transaction := .Server.GetHistory}}
+			<tr>
+				<td>{{$transaction.ID}}</td>
+				<td>{{$transaction.Source}}</td>
+				<td>{{$transaction.SourceServer}}</td>
+				<td>{{$transaction.Target}}</td>
+				<td>{{$transaction.TargetServer}}</td>
+				<td>{{$transaction.SentAmount.RawString}}</td>
+				<td>{{$transaction.Amount}}</td>
+				<td>{{$transaction.ReceivedAmount.RawString}}</td>
+				<td>{{$transaction.GetTime}}</td>
+				<td>{{$transaction.Revertable | YesNo}}</td>
+			</tr>
+		{{end}}
+	</tbody>
+</table>
+` + adminPagesFooter
+
+type adminPagesSummary struct {
+	UID                     string
+	Name                    string
+	Balance                 lurkcoin.Currency
+	TargetBalance           lurkcoin.Currency
+	PendingTransactionCount int
+}
+
+func parseNumbers(n1, n2 string) (lurkcoin.Currency, lurkcoin.Currency, bool) {
+	n1 = strings.Replace(n1, ",", "", -1)
+	n2 = strings.Replace(n2, ",", "", -1)
+
+	var res1, res2 lurkcoin.Currency
+	var err error
+	res1, err = lurkcoin.ParseCurrency(n1)
+	if err != nil {
+		return c0, c0, false
+	}
+	res2, err = lurkcoin.ParseCurrency(n2)
+	if err != nil {
+		return c0, c0, false
+	}
+	return res1, res2, true
+}
+
+type AdminLoginDetails map[string]struct {
+	PasswordHash          string `yaml:"password_hash"`
+	HashAlgorithm         string `yaml:"hash_algorithm"`
+	PasswordSalt          string `yaml:"password_salt"`
+	AllowEditing          bool   `yaml:"allow_editing"`
+	AllowDatabaseDownload bool   `yaml:"allow_database_download"`
+}
+
+// TODO: Provide a more secure hashing function.
+func (self AdminLoginDetails) Validate(username, password string) bool {
+	account, exists := self[username]
+	if !exists {
+		return false
+	}
+
+	password += account.PasswordSalt
+	switch account.HashAlgorithm {
+	case "sha512", "":
+		rawHash := sha512.Sum512([]byte(password))
+		return lurkcoin.ConstantTimeCompare(
+			hex.EncodeToString(rawHash[:]),
+			account.PasswordHash,
+		)
+	default:
+		return false
+	}
+}
+
+type csrfTokenManager map[string]string
+
+// Generate one CSRF token per user
+// TODO: Expiry
+func (self csrfTokenManager) Get(username string) string {
+	token, ok := self[username]
+	if !ok {
+		token = lurkcoin.GenerateToken()
+		self[username] = token
+	}
+	return token
+}
+
+func addAdminPages(router *httprouter.Router, db lurkcoin.Database,
+	loginDetails AdminLoginDetails) {
+	// TODO: Regenerate this often
+	csrfTokens := make(csrfTokenManager)
+
+	re, _ := regexp.Compile(`\s+`)
+	var summaryTmpl, infoTmpl *template.Template
+	var err error
+	summaryTmpl, err = template.New("summary").Parse(
+		re.ReplaceAllLiteralString(serverListTemplate, " "),
+	)
+	if err != nil {
+		panic(err)
+	}
+	infoTmpl, err = template.New("info").Funcs(template.FuncMap{
+		"YesNo": func(boolean bool) string {
+			if boolean {
+				return "Yes"
+			} else {
+				return "No"
+			}
+		},
+	}).Parse(re.ReplaceAllLiteralString(infoTemplate, " "))
+	if err != nil {
+		panic(err)
+	}
+
+	accessDeniedPage := re.ReplaceAllLiteralString(
+		adminPagesHeader+
+			`<h1>`+
+			`Sorry, you do not have access to this resource at `+
+			`this time.`+
+			`</h1>`+
+			adminPagesFooter,
+		" ",
+	)
+	authenticate := func(w http.ResponseWriter, r *http.Request) (string, bool) {
+		w.Header().Set("Cache-Control", "no-store")
+		username, password, ok := r.BasicAuth()
+		if ok && loginDetails.Validate(username, password) {
+			return username, true
+		}
+		w.Header().Set(
+			"WWW-Authenticate",
+			`Basic realm="lurkcoin admin pages", charset="UTF-8"`,
+		)
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.WriteHeader(401)
+		io.WriteString(w, accessDeniedPage)
+		return "", false
+	}
+	authenticateWithCSRF := func(w http.ResponseWriter, r *http.Request) (string, bool) {
+		username, ok := authenticate(w, r)
+		if !ok {
+			return username, ok
+		}
+		if !loginDetails[username].AllowEditing {
+			w.Header().Set("Content-Type", "text/html; charset=utf-8")
+			w.WriteHeader(401)
+			io.WriteString(w, accessDeniedPage)
+			return username, false
+		}
+		r.ParseForm()
+		t, ok := csrfTokens[username]
+		if !ok || !lurkcoin.ConstantTimeCompare(r.Form.Get("csrfToken"), t) {
+			w.WriteHeader(500)
+			io.WriteString(w, "Please try again.")
+			return username, false
+		}
+		return username, true
+	}
+
+	router.GET("/admin", func(w http.ResponseWriter, r *http.Request,
+		_ httprouter.Params) {
+		username, ok := authenticate(w, r)
+		if !ok {
+			return
+		}
+
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.WriteHeader(http.StatusOK)
+
+		var summaries []*adminPagesSummary
+		var totalPendingTransactions int
+
+		lurkcoin.ForEach(db, func(server *lurkcoin.Server) error {
+			pendingTransactionCount := len(server.GetPendingTransactions())
+			totalPendingTransactions += pendingTransactionCount
+			summaries = append(summaries, &adminPagesSummary{
+				server.UID,
+				server.Name,
+				server.GetBalance(),
+				server.GetTargetBalance(),
+				pendingTransactionCount,
+			})
+			return nil
+		}, false)
+
+		var data struct {
+			Summaries             []*adminPagesSummary
+			AllowEditing          bool
+			AllowDatabaseDownload bool
+			CSRFToken             string
+		}
+		data.Summaries = summaries
+		d := loginDetails[username]
+		data.AllowEditing = d.AllowEditing
+		data.AllowDatabaseDownload = d.AllowDatabaseDownload
+		if d.AllowEditing {
+			data.CSRFToken = csrfTokens.Get(username)
+		}
+
+		err := summaryTmpl.Execute(w, data)
+		if err != nil {
+			panic(err)
+		}
+	})
+
+	serverInfo := func(w http.ResponseWriter, r *http.Request,
+		serverName, username, msg string) {
+		servers, ok, _ := db.GetServers([]string{serverName})
+		if !ok {
+			w.WriteHeader(404)
+			return
+		}
+		server := servers[0]
+		defer db.FreeServers([]*lurkcoin.Server{server}, false)
+
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.WriteHeader(http.StatusOK)
+
+		var data struct {
+			Server       *lurkcoin.Server
+			CSRFToken    string
+			Message      string
+			AllowEditing bool
+		}
+		data.Server = server
+		data.CSRFToken = csrfTokens.Get(username)
+		data.Message = msg
+		data.AllowEditing = loginDetails[username].AllowEditing
+		err := infoTmpl.Execute(w, data)
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	router.GET("/admin/edit/:server", func(w http.ResponseWriter,
+		r *http.Request, params httprouter.Params) {
+		username, ok := authenticate(w, r)
+		if !ok {
+			return
+		}
+		serverInfo(w, r, params.ByName("server"), username, "")
+	})
+
+	router.POST("/admin/edit/:server", func(w http.ResponseWriter,
+		r *http.Request, params httprouter.Params) {
+		adminUser, authenticated := authenticateWithCSRF(w, r)
+		if !authenticated {
+			return
+		}
+
+		// Get the server
+		tr := lurkcoin.BeginDbTransaction(db)
+		defer tr.Abort()
+		servers, ok, _ := tr.GetServers(params.ByName("server"))
+		if !ok {
+			w.WriteHeader(404)
+			return
+		}
+		server := servers[0]
+
+		var msgs []string
+
+		// Update the balance
+		// This preserves any transactions after the initial page load.
+		balance, oldBalance, ok := parseNumbers(
+			r.Form.Get("balance"),
+			r.Form.Get("oldBalance"),
+		)
+		if !ok {
+			msgs = append(msgs, "Invalid balance specified!")
+		} else if !balance.Eq(oldBalance) {
+			if !server.ChangeBal(balance.Sub(oldBalance)) {
+				server.ChangeBal(server.GetBalance())
+			}
+			msgs = append(msgs, "Balance updated!")
+			log.Printf(
+				"[Admin] User %#v changes balance of server %#v to %s",
+				adminUser,
+				server.Name,
+				server.GetBalance(),
+			)
+		}
+
+		// Update the target balance
+		targetBalance, oldTargetBalance, ok := parseNumbers(
+			r.Form.Get("targetBalance"),
+			r.Form.Get("oldTargetBalance"),
+		)
+		if !ok {
+			msgs = append(msgs, "Invalid target balance specified!")
+		} else if !targetBalance.Eq(oldTargetBalance) {
+			server.SetTargetBalance(targetBalance)
+			msgs = append(msgs, "Target balance updated!")
+			log.Printf(
+				"[Admin] User %#v changes target balance of server %#v to %s",
+				adminUser,
+				server.Name,
+				targetBalance,
+			)
+		}
+
+		// Update the webhook URL
+		webhookURL := r.Form.Get("webhookURL")
+		if webhookURL != r.Form.Get("oldWebhookURL") {
+			ok := server.SetWebhookURL(webhookURL)
+			if ok {
+				msgs = append(msgs, "Webhook URL updated!")
+			} else {
+				msgs = append(msgs, "Invalid webhook URL!")
+			}
+			log.Printf(
+				"[Admin] User %#v changes webhook URL of server %#v to %#v",
+				adminUser,
+				server.Name,
+				server.WebhookURL,
+			)
+		}
+
+		// Finish the transaction
+		uid := server.UID
+		tr.Finish()
+
+		serverInfo(w, r, uid, adminUser, strings.Join(msgs, "\n"))
+	})
+
+	router.POST("/admin/create-server", func(w http.ResponseWriter,
+		r *http.Request, params httprouter.Params) {
+		adminUser, authenticated := authenticateWithCSRF(w, r)
+		if !authenticated {
+			return
+		}
+		serverName := strings.TrimSpace(r.Form.Get("username"))
+		var msg string
+		if len(serverName) < 3 || len(serverName) > 32 {
+			msg = "The server name must be between 3 and 32 characters."
+		} else {
+			tr := lurkcoin.BeginDbTransaction(db)
+			defer tr.Abort()
+			server, ok := tr.CreateServer(serverName)
+			if ok {
+				log.Printf(
+					"[Admin] User %#v created server %#v",
+					adminUser,
+					server.Name,
+				)
+				msg = "Token: " + server.Encode().Token
+				tr.Finish()
+				serverInfo(w, r, serverName, adminUser, msg)
+				return
+			}
+			msg = "The specified server already exists!"
+		}
+
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.WriteHeader(500)
+		io.WriteString(w, adminPagesHeader+
+			`<h2>An error has occurred!</h2>`+
+			`<h5>`+msg+`</h5>`+
+			`<i>You can hurry back to the previous page, or learn to like `+
+			` this error and then eventually grow old and die.</i>`+
+			`<br/><br/>`+
+			`<a class="button button-primary" href="/admin">Go back</a>`+
+			adminPagesFooter)
+	})
+
+	router.GET("/admin/backup", func(w http.ResponseWriter,
+		r *http.Request, params httprouter.Params) {
+		username, ok := authenticate(w, r)
+		if !ok {
+			return
+		}
+		d := loginDetails[username]
+		if !d.AllowEditing || !d.AllowDatabaseDownload {
+			w.Header().Set("Content-Type", "text/html; charset=utf-8")
+			w.WriteHeader(401)
+			io.WriteString(w, accessDeniedPage)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+		w.Header().Set(
+			"Content-Disposition",
+			`attachment; filename="lurkcoin backup.json"`,
+		)
+		w.WriteHeader(http.StatusOK)
+		err := lurkcoin.BackupDatabase(db, w)
+		if err != nil {
+			panic(err)
+		}
+	})
+}
diff --git a/lurkcoin/api/config.go b/lurkcoin/api/config.go
new file mode 100644
index 0000000..5579516
--- /dev/null
+++ b/lurkcoin/api/config.go
@@ -0,0 +1,148 @@
+//
+// lurkcoin configuration
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package api
+
+import (
+	"fmt"
+	"gopkg.in/yaml.v2"
+	"log"
+	"lurkcoin"
+	"lurkcoin/databases"
+	"net/http"
+	"os"
+	"strings"
+)
+
+type Config struct {
+	// The name of this service (for example "lurkcoin"). This is also used as
+	// the default server name for the v2 API.
+	Name string `yaml:"name"`
+
+	// The address to bind to (optional) and port.
+	Address string `yaml:"address"`
+	Port    uint16 `yaml:"port"`
+
+	// An optional logfile
+	Logfile string `yaml:"logfile"`
+
+	Database struct {
+		Type     string            `yaml:"type"`
+		Location string            `yaml:"location"`
+		Options  map[string]string `yaml:"options"`
+	} `yaml:"database"`
+
+	// TLS
+	TLS struct {
+		Enable   bool   `yaml:"enable"`
+		CertFile string `yaml:"cert_file"`
+		KeyFile  string `yaml:"key_file"`
+	} `yaml:"tls"`
+
+	// Admin pages
+	AdminPages struct {
+		Enable bool              `yaml:"enable"`
+		Users  AdminLoginDetails `yaml:"users"`
+	} `yaml:"admin_pages"`
+
+	// HTTP redirects
+	Redirects map[string]string `yaml:"redirects"`
+
+	// The minimum HTTPS API version to support.
+	MinAPIVersion uint8 `yaml:"min_api_version"`
+}
+
+func LoadConfig(filename string) (*Config, error) {
+	f, err := os.OpenFile(filename, os.O_RDONLY, 0)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	var config Config
+	decoder := yaml.NewDecoder(f)
+	decoder.SetStrict(true)
+	err = decoder.Decode(&config)
+	if err != nil {
+		return nil, err
+	}
+
+	if config.Name == "lurkcoin" {
+		log.Println("Warning: The selected server name already exists!")
+	}
+	return &config, nil
+}
+
+func OpenDatabase(config *Config) (lurkcoin.Database, error) {
+	return databases.OpenDatabase(
+		config.Database.Type,
+		config.Database.Location,
+		config.Database.Options,
+	)
+}
+
+func StartServer(config *Config) {
+	lurkcoin.SeedPRNG()
+	lurkcoin.PrintASCIIArt()
+	log.Printf("Supported database types: %s",
+		strings.Join(databases.GetSupportedDatabaseTypes(), ", "))
+	db, err := OpenDatabase(config)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	router := MakeHTTPRouter(db, config)
+
+	address := fmt.Sprintf("%s:%d", config.Address, config.Port)
+	urlAddress := address
+	if config.Address == "" {
+		urlAddress = "[::]" + urlAddress
+	}
+	if config.TLS.Enable {
+		log.Printf("Starting server on https://%s/", urlAddress)
+	} else {
+		log.Printf("Starting server on http://%s/", urlAddress)
+	}
+
+	if config.Logfile != "" {
+		f, err := os.OpenFile(
+			config.Logfile,
+			os.O_WRONLY|os.O_APPEND|os.O_CREATE,
+			0600,
+		)
+		if err != nil {
+			log.Fatal(err)
+		}
+		defer f.Close()
+		log.Printf("Using logfile %#v.", config.Logfile)
+		log.SetOutput(f)
+	}
+
+	server := &http.Server{Addr: address, Handler: router}
+
+	// My laptop doesn't work nicely with Keep-Alive.
+	server.SetKeepAlivesEnabled(false)
+
+	if config.TLS.Enable {
+		err = server.ListenAndServeTLS(config.TLS.CertFile, config.TLS.KeyFile)
+	} else {
+		err = server.ListenAndServe()
+	}
+
+	log.Fatal(err)
+}
diff --git a/lurkcoin/api/https-core.go b/lurkcoin/api/https-core.go
new file mode 100644
index 0000000..cc66702
--- /dev/null
+++ b/lurkcoin/api/https-core.go
@@ -0,0 +1,174 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/julienschmidt/httprouter"
+	"io"
+	"lurkcoin"
+	"net/http"
+	"strings"
+)
+
+var c0 = lurkcoin.CurrencyFromInt64(0)
+
+// A HTTP server wrapper
+type HTTPRequest struct {
+	Server        *lurkcoin.Server
+	Database      lurkcoin.Database
+	DbTransaction *lurkcoin.DatabaseTransaction
+	Request       *http.Request
+	Params        httprouter.Params
+}
+
+func MakeHTTPRequest(db lurkcoin.Database, request *http.Request, params httprouter.Params) *HTTPRequest {
+	return &HTTPRequest{nil, db, nil, request, params}
+}
+
+type HTTPHandler func(*HTTPRequest) (interface{}, error)
+
+// Unmarshals JSON sent in the HTTP request into v.
+func (self *HTTPRequest) Unmarshal(v interface{}) error {
+	// Ensure the Content-Type header is correct.
+	contentType := self.Request.Header.Get("Content-Type")
+	if i := strings.IndexByte(contentType, ';'); i >= 0 {
+		contentType = contentType[:i]
+	}
+	if contentType != "" && contentType != "application/json" &&
+		!(strings.HasPrefix(contentType, "application/") &&
+			strings.HasSuffix(contentType, "+json")) {
+		return errors.New("ERR_INVALIDREQUEST")
+	}
+
+	length := self.Request.ContentLength
+
+	// Default to the maximum length plus one.
+	if length < 0 {
+		length = 4097
+	} else if length > 4096 {
+		return errors.New("ERR_PAYLOADTOOLARGE")
+	}
+
+	raw := make([]byte, length)
+	actual_length, _ := self.Request.Body.Read(raw)
+
+	if actual_length < 3 {
+		return errors.New("ERR_INVALIDREQUEST")
+	} else if actual_length > 4096 {
+		return errors.New("ERR_PAYLOADTOOLARGE")
+	}
+
+	json_err := json.Unmarshal(raw[:actual_length], v)
+	if json_err != nil {
+		return errors.New("ERR_INVALIDREQUEST")
+	}
+	return nil
+}
+
+func (self *HTTPRequest) AbortTransaction() {
+	if self.DbTransaction != nil {
+		self.DbTransaction.Abort()
+		self.DbTransaction = nil
+	}
+}
+
+func (self *HTTPRequest) FinishTransaction() {
+	if self.DbTransaction != nil {
+		self.DbTransaction.Finish()
+		self.DbTransaction = nil
+	}
+}
+
+func authenticateRequest(r *http.Request, db lurkcoin.Database, otherServers ...string) (bool, *lurkcoin.DatabaseTransaction, *lurkcoin.Server) {
+	// Get the username and token
+	username, token, ok := r.BasicAuth()
+	if !ok {
+		return false, nil, nil
+	}
+
+	return lurkcoin.AuthenticateRequest(db, username, token, otherServers)
+}
+
+func (self *HTTPRequest) Authenticate(otherServers ...string) error {
+	// Get the username and token
+	username, token, ok := self.Request.BasicAuth()
+	if !ok {
+		return errors.New("ERR_INVALIDREQUEST")
+	}
+
+	authed, tr, server := lurkcoin.AuthenticateRequest(
+		self.Database,
+		username,
+		token,
+		otherServers,
+	)
+
+	if !authed {
+		return errors.New("ERR_INVALIDLOGIN")
+	}
+
+	self.Server = server
+	self.DbTransaction = tr
+	return nil
+}
+
+func securityTxt(w http.ResponseWriter, r *http.Request,
+	_ httprouter.Params) {
+	io.WriteString(w, "# lurkcoin version: "+lurkcoin.VERSION+"\n")
+	io.WriteString(w, "# Source: "+lurkcoin.SOURCE_URL+"\n")
+	io.WriteString(w, "Contact: "+lurkcoin.REPORT_SECURITY+"\n")
+}
+
+func makeRedirect(router *httprouter.Router, source, target string) {
+	f := func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		http.Redirect(w, r, target, http.StatusFound)
+	}
+	router.GET(source, f)
+}
+
+func MakeHTTPRouter(db lurkcoin.Database, config *Config) *httprouter.Router {
+	router := httprouter.New()
+	router.GET("/.well-known/security.txt", securityTxt)
+
+	// Add custom redirects
+	for source, target := range config.Redirects {
+		makeRedirect(router, source, target)
+	}
+
+	// Don't give up (or let down) bots
+	if _, exists := config.Redirects["/wp-login.php"]; !exists {
+		makeRedirect(router, "/wp-login.php",
+			"https://www.youtube.com/watch?v=dQw4w9WgXcQ")
+	}
+
+	if config.AdminPages.Enable && config.AdminPages.Users != nil {
+		addAdminPages(router, db, config.AdminPages.Users)
+	}
+	if config.MinAPIVersion > 3 {
+		return router
+	}
+	addV3API(router, db)
+	if config.MinAPIVersion > 2 {
+		return router
+	}
+	addV2API(router, db, config.Name)
+	return router
+}
diff --git a/lurkcoin/api/v2-placeholder.go b/lurkcoin/api/v2-placeholder.go
new file mode 100644
index 0000000..c30a58e
--- /dev/null
+++ b/lurkcoin/api/v2-placeholder.go
@@ -0,0 +1,32 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+// +build lurkcoin.disablev2api
+
+package api
+
+import (
+	"github.com/julienschmidt/httprouter"
+	"log"
+	"lurkcoin"
+)
+
+func addV2API(_ *httprouter.Router, _ lurkcoin.Database, _ string) {
+	log.Print("lurkcoinV2 API enabled at runtime but disabled " +
+		"during compilation.")
+}
diff --git a/lurkcoin/api/v2.go b/lurkcoin/api/v2.go
new file mode 100644
index 0000000..12f3cb3
--- /dev/null
+++ b/lurkcoin/api/v2.go
@@ -0,0 +1,325 @@
+//
+// lurkcoin HTTPS API (version 2)
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+// API documentation:
+// https://gist.github.com/luk3yx/8028cedb3bfb282d9ba3f2d1c7871231
+
+// +build !lurkcoin.disablev2api
+
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/julienschmidt/httprouter"
+	"lurkcoin"
+	"math/big"
+	"net/http"
+	"strconv"
+	"strings"
+)
+
+type v2Form interface {
+	Get(string) string
+}
+
+type v2MapForm struct {
+	form map[string]json.Number
+}
+
+func (self *v2MapForm) Get(key string) string {
+	res, ok := self.form[key]
+	if ok {
+		return string(res)
+	} else {
+		return ""
+	}
+}
+
+var c1 = lurkcoin.CurrencyFromInt64(1)
+var f0 = big.NewFloat(0)
+var f500k = big.NewFloat(500000)
+
+func v2GetQuery(r *http.Request) v2Form {
+	err := r.ParseForm()
+	if err == nil && len(r.Form) > 0 {
+		return r.Form
+	}
+
+	// Because json.Number extends string it can be used for strings.
+	form := make(map[string]json.Number)
+	(&HTTPRequest{Request: r}).Unmarshal(&form)
+	return &v2MapForm{form}
+}
+
+func (self *HTTPRequest) AuthenticateV2(query v2Form, otherServers ...string) error {
+	// Get the username and token
+	username := query.Get("name")
+	token := query.Get("token")
+
+	authed, tr, server := lurkcoin.AuthenticateRequest(
+		self.Database,
+		username,
+		token,
+		otherServers,
+	)
+
+	if !authed {
+		return errors.New("ERR_INVALIDLOGIN")
+	}
+
+	self.Server = server
+	self.DbTransaction = tr
+	return nil
+}
+
+type v2HTTPHandler func(*HTTPRequest, v2Form) (interface{}, error)
+
+func v2WrapHTTPHandler(db lurkcoin.Database, autoLogin bool,
+	handlerFunc v2HTTPHandler) httprouter.Handle {
+	return func(w http.ResponseWriter, r *http.Request,
+		params httprouter.Params) {
+		req := MakeHTTPRequest(db, r, params)
+		defer req.AbortTransaction()
+		query := v2GetQuery(r)
+
+		var result interface{}
+		var err error
+		if !autoLogin || req.AuthenticateV2(query) == nil {
+			result, err = handlerFunc(req, query)
+		} else {
+			err = errors.New("ERR_INVALIDLOGIN")
+		}
+
+		var res []byte
+		if err == nil {
+			req.FinishTransaction()
+			if s, ok := result.(string); ok {
+				res = []byte(s)
+			} else {
+				var enc_err error
+				res, enc_err = json.Marshal(result)
+				if enc_err == nil {
+					w.Header().Set("Content-Type",
+						"application/json; charset=utf-8")
+				} else {
+					res = []byte("ERROR: Internal error!")
+				}
+			}
+			w.WriteHeader(http.StatusOK)
+		} else {
+			req.AbortTransaction()
+			var c int
+			var msg string
+			_, msg, c = lurkcoin.LookupError(err.Error())
+			res = []byte("ERROR: " + msg)
+			if c != 401 && query.Get("force_200") == "200" {
+				c = 200
+			}
+			w.WriteHeader(c)
+		}
+
+		w.Write(res)
+	}
+}
+
+func v2Post(router *httprouter.Router, db lurkcoin.Database, url string,
+	autoLogin bool, f v2HTTPHandler) {
+	url = "/v2/" + url
+	f2 := v2WrapHTTPHandler(db, autoLogin, f)
+	router.GET(url, f2)
+	router.POST(url, f2)
+}
+
+func v2IsYes(s string) bool {
+	switch strings.ToLower(s) {
+	case "true", "yes", "y", "1":
+		return true
+	default:
+		return false
+	}
+}
+
+func addV2API(router *httprouter.Router, db lurkcoin.Database,
+	lurkcoinName string) {
+
+	v2Post(router, db, "summary", true,
+		func(r *HTTPRequest, _ v2Form) (interface{}, error) {
+			summary := r.Server.GetSummary()
+			return map[string]interface{}{
+				"uid":           summary.UID,
+				"bal":           summary.Bal,
+				"balance":       summary.Balance,
+				"history":       lurkcoin.GetV2History(summary, false),
+				"server":        true,
+				"interest_rate": summary.InterestRate,
+			}, nil
+		})
+
+	v2Post(router, db, "pay", false,
+		func(r *HTTPRequest, f v2Form) (interface{}, error) {
+			amount, err := lurkcoin.ParseCurrency(f.Get("amount"))
+			if err != nil {
+				return nil, err
+			}
+
+			targetServerName := f.Get("server")
+			if targetServerName == "" {
+				targetServerName = lurkcoinName
+			}
+			err = r.AuthenticateV2(f, targetServerName)
+			if err != nil {
+				return nil, err
+			}
+
+			target := f.Get("target")
+			targetServer, ok := r.DbTransaction.GetCachedServer(targetServerName)
+			if !ok {
+				return nil, errors.New("ERR_SERVERNOTFOUND")
+			}
+
+			_, err = r.Server.Pay("", target, targetServer,
+				amount, v2IsYes(f.Get("local_currency")), true)
+			if err != nil {
+				return nil, err
+			}
+			return "Transaction sent!", nil
+		})
+
+	v2Post(router, db, "bal", true,
+		func(r *HTTPRequest, _ v2Form) (interface{}, error) {
+			return r.Server.GetBalance(), nil
+		})
+
+	v2Post(router, db, "history", true,
+		func(r *HTTPRequest, f v2Form) (interface{}, error) {
+			history := lurkcoin.GetV2History(r.Server.GetSummary(), false)
+			if f.Get("json") == "" {
+				return strings.Join(history, "\n"), nil
+			} else {
+				return history, nil
+			}
+		})
+
+	v2Post(router, db, "exchange_rates", false,
+		func(r *HTTPRequest, f v2Form) (interface{}, error) {
+			amount, err := lurkcoin.ParseCurrency(f.Get("amount"))
+			if err != nil {
+				return nil, err
+			}
+
+			return lurkcoin.GetExchangeRate(r.Database, f.Get("from"),
+				f.Get("to"), amount)
+		})
+
+	// A near duplicate of the above endpoint.
+	// This doesn't check for authentication
+	v2Post(router, db, "get_exchange_rate", false,
+		func(r *HTTPRequest, f v2Form) (interface{}, error) {
+			amount, err := lurkcoin.ParseCurrency(f.Get("amount"))
+			if err != nil {
+				return nil, err
+			}
+
+			return lurkcoin.GetExchangeRate(r.Database, f.Get("name"),
+				f.Get("to"), amount)
+		})
+
+	//
+	v2Post(router, db, "get_transactions", true,
+		func(r *HTTPRequest, f v2Form) (interface{}, error) {
+			transactions := r.Server.GetPendingTransactions()
+			if f.Get("simple") != "" {
+				if len(transactions) == 0 {
+					_, exc := r.Server.GetExchangeRate(c1, false)
+					return exc, nil
+				}
+				s := func(n string) string {
+					return strings.Replace(n, "|", "/", -1)
+				}
+				transaction := transactions[0]
+				// To support fragile clients (such as versions of the lurkcoin
+				// mod that use the /v2 API), "¤" is replaced with "_".
+				return fmt.Sprintf("%d|%s|%s|%s",
+					transaction.GetLegacyID(),
+					s(strings.Replace(transaction.Target, "¤", "_", -1)),
+					transaction.ReceivedAmount.RawString(),
+					s(transaction.String()),
+				), nil
+			}
+			res := make([][4]interface{}, len(transactions))
+			for i, transaction := range transactions {
+				res[i] = [4]interface{}{
+					transaction.GetLegacyID(),
+					strings.Replace(transaction.Target, "¤", "_", -1),
+					transaction.ReceivedAmount,
+					transaction.String(),
+				}
+			}
+			if v2IsYes(f.Get("as_object")) {
+				_, exc := r.Server.GetExchangeRate(c1, false)
+				return map[string]interface{}{
+					"exchange_rate": json.RawMessage(exc.String()),
+					"transactions":  res,
+				}, nil
+			} else {
+				return res, nil
+			}
+		})
+
+	// lurkcoinV2 silently ignored invalid "amount" values.
+	v2Post(router, db, "remove_transactions", true,
+		func(r *HTTPRequest, f v2Form) (interface{}, error) {
+			amount, err := strconv.Atoi(f.Get("amount"))
+			if err != nil || amount < 1 {
+				amount = 1
+			}
+			r.Server.RemoveFirstPendingTransactions(amount)
+			return "Done!", nil
+		})
+
+	// Exchange rate multipliers don't exist in lurkcoinV3, however something
+	// similar can be approximated with target balances.
+	v2Post(router, db, "get_exchange_multiplier", true,
+		func(r *HTTPRequest, _ v2Form) (interface{}, error) {
+			// Fixed exchange rates didn't exist in lurkcoinV2.
+			targetBalance := r.Server.GetTargetBalance()
+			if targetBalance.IsZero() {
+				return 1, nil
+			}
+			multiplier := new(big.Float).Quo(targetBalance.Float(),
+				f500k)
+			return json.RawMessage(multiplier.String()), nil
+		})
+
+	v2Post(router, db, "set_exchange_multiplier", true,
+		func(r *HTTPRequest, f v2Form) (interface{}, error) {
+			multiplier, ok := new(big.Float).SetString(f.Get("multiplier"))
+			if !ok || multiplier.Cmp(f0) != 1 {
+				return nil, errors.New("ERR_INVALIDAMOUNT")
+			}
+			targetBalanceF := new(big.Float).Mul(multiplier, f500k)
+			targetBalance := lurkcoin.CurrencyFromFloat(targetBalanceF)
+			ok = r.Server.SetTargetBalance(targetBalance)
+			if !ok {
+				return nil, errors.New("ERR_INVALIDAMOUNT")
+			}
+			return "Exchange rate multiplier updated!", nil
+		})
+}
diff --git a/lurkcoin/api/v3.go b/lurkcoin/api/v3.go
new file mode 100644
index 0000000..db8f218
--- /dev/null
+++ b/lurkcoin/api/v3.go
@@ -0,0 +1,222 @@
+//
+// lurkcoin HTTPS API (version 3)
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+// API documentation:
+// https://gist.github.com/luk3yx/7a07f8b307c9afbcf94cf47d7f41d9cb
+
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/julienschmidt/httprouter"
+	"lurkcoin"
+	"net/http"
+	"strings"
+)
+
+func v3WrapHTTPHandler(db lurkcoin.Database, autoLogin bool,
+	handlerFunc HTTPHandler) httprouter.Handle {
+	return func(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
+		req := MakeHTTPRequest(db, r, params)
+		defer req.AbortTransaction()
+
+		var result interface{}
+		var err error
+		if !autoLogin || req.Authenticate() == nil {
+			result, err = handlerFunc(req)
+		} else {
+			err = errors.New("ERR_INVALIDLOGIN")
+		}
+
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+		res := make(map[string]interface{})
+		if err == nil {
+			req.FinishTransaction()
+			res["success"] = true
+			res["result"] = result
+			w.WriteHeader(http.StatusOK)
+		} else {
+			req.AbortTransaction()
+			var c int
+			res["success"] = false
+			res["error"], res["message"], c = lurkcoin.LookupError(err.Error())
+			w.WriteHeader(c)
+		}
+
+		// TODO: Possibly write JSON directly to the ResponseWriter.
+		raw, enc_err := json.Marshal(res)
+		if enc_err != nil {
+			raw = []byte(`{"success":false,"error":"ERR_INTERNALERROR","message":"Internal error!"}`)
+		}
+		w.Write(raw)
+	}
+}
+
+func v3Get(router *httprouter.Router, db lurkcoin.Database, url string,
+	requireLogin bool, f HTTPHandler) {
+	f2 := v3WrapHTTPHandler(db, requireLogin, f)
+	url = "/v3/" + url
+	router.GET(url, f2)
+	router.POST(url, f2)
+}
+
+func v3Post(router *httprouter.Router, db lurkcoin.Database, url string,
+	requireLogin bool, f HTTPHandler) {
+	router.POST("/v3/"+url, v3WrapHTTPHandler(db, requireLogin, f))
+}
+
+func v3Put(router *httprouter.Router, db lurkcoin.Database, url string,
+	requireLogin bool, f HTTPHandler) {
+	f2 := v3WrapHTTPHandler(db, requireLogin, f)
+	router.PUT("/v3/"+url, f2)
+	router.POST("/v3/set_"+url, f2)
+}
+
+func addV3API(router *httprouter.Router, db lurkcoin.Database) {
+	v3Get(router, db, "summary", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			return r.Server.GetSummary(), nil
+		})
+
+	v3Post(router, db, "pay", false,
+		func(r *HTTPRequest) (transaction interface{}, err error) {
+			var p struct {
+				Source        string            `json:"source"`
+				Target        string            `json:"target"`
+				TargetServer  string            `json:"target_server"`
+				Amount        lurkcoin.Currency `json:"amount"`
+				LocalCurrency bool              `json:"local_currency"`
+			}
+			err = r.Unmarshal(&p)
+			if err != nil {
+				return
+			}
+			err = r.Authenticate(p.TargetServer)
+			if err != nil {
+				return
+			}
+			if p.Amount.IsNil() {
+				err = errors.New("ERR_INVALIDAMOUNT")
+				return
+			}
+			targetServer, ok := r.DbTransaction.GetCachedServer(p.TargetServer)
+			if !ok {
+				err = errors.New("ERR_SERVERNOTFOUND")
+				return
+			}
+			transaction, err = r.Server.Pay(p.Source, p.Target, targetServer,
+				p.Amount, p.LocalCurrency, true)
+			return
+		})
+
+	v3Get(router, db, "balance", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			return r.Server.GetBalance(), nil
+		})
+
+	v3Get(router, db, "history", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			return r.Server.GetHistory(), nil
+		})
+
+	v3Post(router, db, "exchange_rates", false,
+		func(r *HTTPRequest) (interface{}, error) {
+			var p struct {
+				Source string `json:"source"`
+				Target string `json:"target"`
+				Amount lurkcoin.Currency
+			}
+			r.Unmarshal(&p)
+			if p.Amount.IsNil() {
+				return nil, errors.New("ERR_INVALIDAMOUNT")
+			}
+			return lurkcoin.GetExchangeRate(r.Database, p.Source, p.Target,
+				p.Amount)
+		})
+
+	v3Get(router, db, "pending_transactions", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			return r.Server.GetPendingTransactions(), nil
+		})
+
+	type transactionList struct {
+		TransactionIDs []string `json:"transactions"`
+	}
+	v3Post(router, db, "acknowledge_transactions", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			var p transactionList
+			r.Unmarshal(&p)
+			for _, id := range p.TransactionIDs {
+				r.Server.RemovePendingTransaction(id)
+			}
+			return nil, nil
+		})
+
+	v3Post(router, db, "reject_transactions", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			var p transactionList
+			r.Unmarshal(&p)
+			for _, id := range p.TransactionIDs {
+				r.Server.RejectPendingTransaction(id, r.DbTransaction)
+			}
+			return nil, nil
+		})
+
+	v3Get(router, db, "target_balance", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			return r.Server.GetTargetBalance(), nil
+		})
+
+	v3Put(router, db, "target_balance", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			var p struct {
+				TargetBalance lurkcoin.Currency `json:"target_balance"`
+			}
+			err := r.Unmarshal(&p)
+			if err != nil {
+				return nil, errors.New("ERR_INVALIDREQUEST")
+			}
+			if p.TargetBalance.IsNil() {
+				return nil, errors.New("ERR_INVALIDAMOUNT")
+			}
+			ok := r.Server.SetTargetBalance(p.TargetBalance)
+			if !ok {
+				return nil, errors.New("ERR_INVALIDAMOUNT")
+			}
+			return nil, nil
+		})
+
+	v3Get(router, db, "webhook_url", true,
+		func(r *HTTPRequest) (interface{}, error) {
+			if r.Server.WebhookURL == "" {
+				return nil, nil
+			}
+			return r.Server.WebhookURL, nil
+		})
+
+	v3Get(router, db, "version", false,
+		func(r *HTTPRequest) (interface{}, error) {
+			return map[string]interface{}{
+				"version":   lurkcoin.VERSION,
+				"copyright": strings.Split(lurkcoin.COPYRIGHT, "\n"),
+				"license":   "AGPLv3",
+				"source":    lurkcoin.SOURCE_URL,
+			}, nil
+		})
+}
diff --git a/lurkcoin/currency.go b/lurkcoin/currency.go
new file mode 100644
index 0000000..d36dee8
--- /dev/null
+++ b/lurkcoin/currency.go
@@ -0,0 +1,256 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package lurkcoin
+
+import (
+	"errors"
+	"math/big"
+	"strings"
+)
+
+// Create a custom Currency type that stores read-only currency values.
+type Currency struct {
+	raw *big.Int
+}
+
+var i0 = big.NewInt(0)
+var i10 = big.NewInt(10)
+var i100 = big.NewInt(100)
+
+// A method to convert currency to a string.
+func (self Currency) RawString() string {
+	// This should probably be improved.
+	whole := new(big.Int)
+	frac := new(big.Int)
+
+	var res string
+	if self.raw.Cmp(i0) >= 0 {
+		whole.DivMod(self.raw, i100, frac)
+		res = whole.String()
+	} else {
+		whole.DivMod(new(big.Int).Abs(self.raw), i100, frac)
+		res = "-" + whole.String()
+	}
+
+	res += "."
+	if frac.Cmp(i10) < 0 {
+		res += "0"
+	} else if frac.Cmp(i100) >= 0 {
+		panic("Unreachable code (big.Int DivMod did something it shouldn't).")
+	}
+	return res + frac.String()
+}
+
+// Returns the currency as a human-readable string.
+func (self Currency) String() string {
+	raw := self.RawString()
+	var builder strings.Builder
+
+	// Add the leading ¤.
+	s := 0
+	if raw[0] == '-' {
+		s = 1
+		builder.WriteByte('-')
+	}
+	builder.WriteString(SYMBOL)
+
+	// Insert a comma when required
+	// 123456.78 → 123,456.78
+	l := len(raw) - 3
+	for i := s; i < len(raw); i++ {
+		if l > i && i > s && (l-i)%3 == 0 {
+			builder.WriteByte(',')
+		}
+		builder.WriteByte(raw[i])
+	}
+
+	// Return the result
+	return builder.String()
+}
+
+// Returns the currency as a human-readable string. Positive numbers are
+// prefixed with +.
+func (self Currency) DeltaString() string {
+	s := self.String()
+	if self.GtZero() {
+		return "+" + s
+	}
+	return s
+}
+
+// Addition/division
+func (self Currency) Add(num Currency) Currency {
+	raw := new(big.Int)
+	raw.Add(self.raw, num.raw)
+	return Currency{raw}
+}
+
+func (self Currency) Sub(num Currency) Currency {
+	raw := new(big.Int)
+	raw.Sub(self.raw, num.raw)
+	return Currency{raw}
+}
+
+func (self Currency) Div(num Currency) *big.Float {
+	return new(big.Float).Quo(self.Float(), num.Float())
+}
+
+func (self Currency) Neg() Currency {
+	return Currency{new(big.Int).Sub(i0, self.raw)}
+}
+
+// Comparisons
+func (self Currency) Cmp(num Currency) int {
+	return self.raw.Cmp(num.raw)
+}
+
+func (self Currency) Eq(num Currency) bool {
+	return self.Cmp(num) == 0
+}
+
+func (self Currency) Gt(num Currency) bool {
+	return self.Cmp(num) == 1
+}
+
+func (self Currency) Lt(num Currency) bool {
+	return self.Cmp(num) == -1
+}
+
+func (self Currency) LtZero() bool {
+	return self.raw.Cmp(i0) == -1
+}
+
+func (self Currency) IsZero() bool {
+	return self.raw.Cmp(i0) == 0
+}
+
+func (self Currency) GtZero() bool {
+	return self.raw.Cmp(i0) == 1
+}
+
+func (self Currency) IsNil() bool {
+	return self.raw == nil
+}
+
+// Conversions
+var f100 *big.Float = big.NewFloat(100)
+
+func (self Currency) Float() *big.Float {
+	raw := new(big.Float).SetInt(self.raw)
+	return new(big.Float).Quo(raw, f100)
+}
+
+func (self Currency) Int() *big.Int {
+	return new(big.Int).Set(self.raw)
+}
+
+// JSON
+func (self Currency) MarshalJSON() ([]byte, error) {
+	res := []byte(self.RawString())
+	// Remove a single trailing zero (if any). If all trailing zeroes were
+	// removed, Python would interpret the value as an integer instead.
+	if res[len(res)-1] == '0' {
+		res = res[:len(res)-1]
+	}
+	return res, nil
+}
+
+func (self *Currency) setString(data string) bool {
+	if self.raw != nil {
+		return false
+	}
+
+	if strings.HasPrefix(data, SYMBOL) {
+		data = data[2:]
+	}
+
+	f, success := new(big.Float).SetString(data)
+	if success {
+		res := new(big.Int)
+		new(big.Float).Mul(f, f100).Int(res)
+		self.raw = res
+	}
+	return success
+}
+
+func (self *Currency) UnmarshalJSON(data []byte) error {
+	// Accept quoted values
+	var s string
+	if data[0] == '"' && data[len(data)-1] == '"' {
+		s = string(data[1 : len(data)-1])
+	} else {
+		s = string(data)
+	}
+	if self.setString(s) {
+		return nil
+	} else {
+		return errors.New("Invalid currency value.")
+	}
+}
+
+func (self *Currency) GobEncode() ([]byte, error) {
+	return self.raw.GobEncode()
+}
+
+func (self *Currency) GobDecode(data []byte) error {
+	if self.raw != nil {
+		return errors.New("GobDecode() on already initialised Currency.")
+	}
+	self.raw = new(big.Int)
+	return self.raw.GobDecode(data)
+}
+
+// Create new currency values
+func CurrencyFromFloat(num *big.Float) Currency {
+	f := new(big.Float)
+	f.Mul(num, f100)
+	raw := new(big.Int)
+	f.Int(raw)
+	return Currency{raw}
+}
+
+func CurrencyFromInt(num *big.Int) Currency {
+	return Currency{new(big.Int).Set(num)}
+}
+
+func CurrencyFromInt64(num int64) Currency {
+	return Currency{new(big.Int).SetInt64(num * 100)}
+}
+
+func CurrencyFromFloat64(num float64) Currency {
+	return CurrencyFromFloat(new(big.Float).SetFloat64(num))
+}
+
+func CurrencyFromString(num string) Currency {
+	var res Currency
+	if res.setString(strings.Replace(num, "_", "", -1)) {
+		return res
+	} else {
+		return Currency{i0}
+	}
+}
+
+func ParseCurrency(num string) (Currency, error) {
+	var res Currency
+	if res.setString(strings.Replace(num, "_", "", -1)) {
+		return res, nil
+	} else {
+		return Currency{i0}, errors.New("ERR_INVALIDAMOUNT")
+	}
+}
diff --git a/lurkcoin/databases/bbolt.go b/lurkcoin/databases/bbolt.go
new file mode 100644
index 0000000..74c627f
--- /dev/null
+++ b/lurkcoin/databases/bbolt.go
@@ -0,0 +1,157 @@
+//
+// lurkcoin database using bbolt: https://github.com/etcd-io/bbolt.
+// This is the recommended database format for lurkcoin.
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+// +build !lurkcoin.disablebbolt,!wasm lurkcoin.enablebbolt
+
+package databases
+
+import (
+	"bytes"
+	"encoding/gob"
+	"errors"
+	"lurkcoin"
+
+	bolt "github.com/etcd-io/bbolt"
+)
+
+type boltDatabase struct {
+	db     *bolt.DB
+	dblock genericDbLock
+}
+
+func (self *boltDatabase) GetServers(names []string) ([]*lurkcoin.Server, bool, string) {
+	// Acquire locks
+	names = self.dblock.Lock(names)
+
+	// Unlock if there is an error
+	ok := false
+	defer func() {
+		if !ok {
+			self.dblock.UnlockIDs(names)
+		}
+	}()
+
+	res := make([]*lurkcoin.Server, len(names))
+	var serverName string
+	err := self.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte("lurkcoin"))
+		if bucket == nil {
+			if len(names) > 0 {
+				serverName = names[0]
+			}
+			return errors.New("Bucket does not exist")
+		}
+
+		for i, name := range names {
+			raw := bucket.Get([]byte(name))
+			if len(raw) == 0 {
+				serverName = name
+				return errors.New("ERR_SERVERNOTFOUND")
+			}
+			decoder := gob.NewDecoder(bytes.NewBuffer(raw))
+			var encodedServer lurkcoin.EncodedServer
+			if err := decoder.Decode(&encodedServer); err != nil {
+				return err
+			}
+			res[i] = encodedServer.Decode()
+		}
+
+		return nil
+	})
+
+	if err == nil {
+		ok = true
+		return res, true, serverName
+	} else {
+		return nil, false, serverName
+	}
+}
+
+func (self *boltDatabase) FreeServers(servers []*lurkcoin.Server, save bool) {
+	defer self.dblock.Unlock(servers)
+	if !save {
+		return
+	}
+	err := self.db.Update(func(tx *bolt.Tx) error {
+		bucket, err := tx.CreateBucketIfNotExists([]byte("lurkcoin"))
+		if err != nil {
+			return err
+		}
+		for _, server := range servers {
+			if !server.IsModified() {
+				continue
+			}
+			var buf bytes.Buffer
+			encoder := gob.NewEncoder(&buf)
+			encoder.Encode(server.Encode())
+			bucket.Put([]byte(server.UID), buf.Bytes())
+		}
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+}
+
+// Creates a server. The server is not saved until FreeServer() is called.
+func (self *boltDatabase) CreateServer(name string) (*lurkcoin.Server, bool) {
+	ids := self.dblock.Lock([]string{name})
+
+	err := self.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte("lurkcoin"))
+		if bucket != nil && len(bucket.Get([]byte(ids[0]))) != 0 {
+			return errors.New("")
+		}
+		return nil
+	})
+	if err != nil {
+		self.dblock.UnlockIDs(ids)
+		return nil, false
+	}
+
+	server := lurkcoin.NewServer(name)
+	return server, true
+}
+
+func (self *boltDatabase) ListServers() (res []string) {
+	self.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte("lurkcoin"))
+		if bucket == nil {
+			return nil
+		}
+		return bucket.ForEach(func(k, v []byte) error {
+			res = append(res, string(k))
+			return nil
+		})
+	})
+	return
+}
+
+func BoltDatabase(file string, _ map[string]string) (lurkcoin.Database, error) {
+	db, err := bolt.Open(file, 0600, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &boltDatabase{db, newGenericDbLock()}, nil
+}
+
+func init() {
+	RegisterDatabaseType("bolt", BoltDatabase)
+	RegisterDatabaseType("bbolt", BoltDatabase)
+}
diff --git a/lurkcoin/databases/plaintext.go b/lurkcoin/databases/plaintext.go
new file mode 100644
index 0000000..0801e6d
--- /dev/null
+++ b/lurkcoin/databases/plaintext.go
@@ -0,0 +1,165 @@
+//
+// lurkcoin plaintext database
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+// +build !lurkcoin.disableplaintextdb
+
+package databases
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"lurkcoin"
+	"os"
+	"path"
+	"sync"
+)
+
+type plaintextDatabase struct {
+	db       map[string]*lurkcoin.EncodedServer
+	location string
+	dblock   genericDbLock
+	lock     *sync.RWMutex
+}
+
+func (self *plaintextDatabase) GetServers(names []string) ([]*lurkcoin.Server, bool, string) {
+	// Acquire locks
+	names = self.dblock.Lock(names)
+
+	// Unlock if there is an error
+	ok := false
+	defer func() {
+		if !ok {
+			self.dblock.UnlockIDs(names)
+		}
+	}()
+
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+
+	servers := make([]*lurkcoin.Server, 0, len(names))
+	for _, name := range names {
+		encodedServer, exists := self.db[name]
+		if !exists {
+			return nil, false, name
+		}
+		servers = append(servers, encodedServer.Decode())
+	}
+
+	ok = true
+	return servers, ok, ""
+}
+
+func (self *plaintextDatabase) FreeServers(servers []*lurkcoin.Server, save bool) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	self.dblock.Unlock(servers)
+
+	if !save {
+		return
+	}
+
+	modified := false
+	for _, server := range servers {
+		if server.IsModified() {
+			modified = true
+			encodedServer := server.Encode()
+			self.db[server.UID] = &encodedServer
+		}
+	}
+
+	if !modified {
+		return
+	}
+
+	f, err := ioutil.TempFile(path.Dir(self.location), ".tmp")
+	if err != nil {
+		panic(err)
+	}
+	fn := f.Name()
+	defer func() {
+		if fn != "" {
+			f.Close()
+			os.Remove(fn)
+		}
+	}()
+
+	encodedServers := make([]*lurkcoin.EncodedServer, 0, len(self.db))
+	for _, encodedServer := range self.db {
+		encodedServers = append(encodedServers, encodedServer)
+	}
+	encoder := json.NewEncoder(f)
+	err = encoder.Encode(encodedServers)
+	if err != nil {
+		panic(err)
+	}
+
+	f.Close()
+	err = os.Rename(fn, self.location)
+	if err != nil {
+		panic(err)
+	}
+	fn = ""
+}
+
+func (self *plaintextDatabase) CreateServer(name string) (*lurkcoin.Server, bool) {
+	ids := self.dblock.Lock([]string{name})
+	id := ids[0]
+
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	_, exists := self.db[id]
+	if exists {
+		self.dblock.UnlockIDs(ids)
+		return nil, false
+	}
+
+	return lurkcoin.NewServer(name), true
+}
+
+func (self *plaintextDatabase) ListServers() []string {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	res := make([]string, len(self.db))
+	i := 0
+	for k := range self.db {
+		res[i] = k
+		i++
+	}
+	return res
+}
+
+func PlaintextDatabase(location string, _ map[string]string) (lurkcoin.Database, error) {
+	db := &plaintextDatabase{
+		make(map[string]*lurkcoin.EncodedServer),
+		location,
+		newGenericDbLock(),
+		new(sync.RWMutex),
+	}
+	f, err := os.OpenFile(location, os.O_RDONLY, 0)
+	if err == nil {
+		err = lurkcoin.RestoreDatabase(db, f)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return db, nil
+}
+
+func init() {
+	RegisterDatabaseType("plaintext", PlaintextDatabase)
+}
diff --git a/lurkcoin/databases/register.go b/lurkcoin/databases/register.go
new file mode 100644
index 0000000..43eaeb0
--- /dev/null
+++ b/lurkcoin/databases/register.go
@@ -0,0 +1,125 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package databases
+
+import (
+	"fmt"
+	"lurkcoin"
+	"sort"
+	"strings"
+	"sync"
+)
+
+type databaseFactory func(location string, options map[string]string) (lurkcoin.Database, error)
+
+var databaseTypes = make(map[string]databaseFactory)
+
+// Registers a new database type.
+// WARNING: This function is not goroutine-safe and should probably only be
+// called from init().
+func RegisterDatabaseType(name string, f databaseFactory) {
+	databaseTypes[strings.ToLower(name)] = f
+}
+
+// Opens a database. The options parameter can be nil.
+func OpenDatabase(dbType, location string, options map[string]string) (lurkcoin.Database, error) {
+	f, exists := databaseTypes[strings.ToLower(dbType)]
+	if exists {
+		return f(location, options)
+	}
+	return nil, fmt.Errorf("Unknown database type: %v.", dbType)
+}
+
+func GetSupportedDatabaseTypes() []string {
+	res := make([]string, 0, len(databaseTypes))
+	for dbType := range databaseTypes {
+		res = append(res, dbType)
+	}
+	sort.Strings(res)
+	return res
+}
+
+// Generic database lock
+type genericDbLock struct {
+	lock  *sync.Mutex
+	locks map[string]*sync.Mutex
+}
+
+// Locks servers and returns a list of homogenised server names.
+// It would probably be more efficient to just use one larger lock.
+func (self *genericDbLock) Lock(names []string) []string {
+	ids := make([]string, len(names))
+	for i, name := range names {
+		ids[i] = lurkcoin.HomogeniseUsername(name)
+	}
+
+	// Ensure none of the servers are locked.
+	self.lock.Lock()
+	ok := false
+	for !ok {
+		ok = true
+		for _, name := range ids {
+			cachedServerLock, exists := self.locks[name]
+			if !exists {
+				continue
+			}
+
+			ok = false
+			self.lock.Unlock()
+			cachedServerLock.Lock()
+			cachedServerLock.Unlock()
+			self.lock.Lock()
+			break
+		}
+	}
+
+	defer self.lock.Unlock()
+
+	// Create locks so the above code does not have to make use of polling.
+	for _, name := range ids {
+		var lock sync.Mutex
+		lock.Lock()
+		self.locks[name] = &lock
+	}
+
+	return ids
+}
+
+// Unlocks
+func (self *genericDbLock) UnlockIDs(ids []string) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	for _, id := range ids {
+		self.locks[id].Unlock()
+		delete(self.locks, id)
+	}
+}
+
+func (self *genericDbLock) Unlock(servers []*lurkcoin.Server) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	for _, server := range servers {
+		self.locks[server.UID].Unlock()
+		delete(self.locks, server.UID)
+	}
+}
+
+func newGenericDbLock() genericDbLock {
+	return genericDbLock{new(sync.Mutex), make(map[string]*sync.Mutex)}
+}
diff --git a/lurkcoin/db-helpers.go b/lurkcoin/db-helpers.go
new file mode 100644
index 0000000..87a9ba3
--- /dev/null
+++ b/lurkcoin/db-helpers.go
@@ -0,0 +1,329 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package lurkcoin
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"sort"
+	"sync"
+)
+
+type Database interface {
+	// GetServers(serverNames) (servers, ok, badServer)
+	// This must atomically get all servers specified, and if one fails free
+	// the previous ones and return nil, false, <failed server UID>.
+	// NOTE THAT THIS WILL DEADLOCK IF DUPLICATE SERVERs ARE PROVIDED! Use
+	// a DatabaseTransaction object to mitigate this issue.
+	GetServers([]string) ([]*Server, bool, string)
+
+	// FreeServers(servers, saveChanges)
+	// This must atomically free all servers in servers, and if saveChanges is
+	// true write any changes to the database.
+	FreeServers([]*Server, bool)
+
+	CreateServer(string) (*Server, bool)
+	ListServers() []string
+}
+
+// An atomic database transaction.
+type DatabaseTransaction struct {
+	db      Database
+	lock    *sync.Mutex
+	servers map[string]*Server
+}
+
+// Attempt to use the cache to get servers. Not goroutine-safe.
+func (self *DatabaseTransaction) getFromCache(names []string) ([]*Server, bool, string) {
+	servers := make([]*Server, len(names))
+	for i, name := range names {
+		server, exists := self.servers[name]
+		if !exists {
+			return nil, false, ""
+		}
+		servers[i] = server
+	}
+
+	return servers, true, ""
+}
+
+// Get a server. The server will be freed once Finish() or Abort() is called.
+func (self *DatabaseTransaction) GetServers(names ...string) ([]*Server, bool, string) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+
+	// Ensure that this is the first GetServers() call.
+	if self.servers != nil {
+		// If GetServers() has been called previously, attempt to use cache.
+		servers, ok, badServer := self.getFromCache(names)
+		if !ok {
+			panic("Multiple calls to GetServers() on DatabaseTransaction.")
+		}
+		return servers, ok, badServer
+	}
+	self.servers = make(map[string]*Server)
+
+	// Deduplicate the list
+	deduplicated := false
+	rawNames := names
+	if len(names) > 1 {
+		// Search for duplicates
+		known := make(map[string]bool, len(names))
+		i := 0
+		for _, name := range names {
+			name = HomogeniseUsername(name)
+			if known[name] {
+				deduplicated = true
+				continue
+			}
+			names[i] = name
+			known[name] = true
+			i++
+		}
+
+		names = names[:i]
+	}
+
+	// Otherwise call GetServer
+	servers, ok, badServer := self.db.GetServers(names)
+	if ok {
+		for _, server := range servers {
+			self.servers[server.UID] = server
+		}
+	}
+
+	// If the list has been deduplicated, call getFromCache().
+	if deduplicated && ok {
+		return self.getFromCache(rawNames)
+	}
+
+	return servers, ok, badServer
+}
+
+func (self *DatabaseTransaction) GetOneServer(name string) (server *Server, ok bool) {
+	var servers []*Server
+	servers, ok, _ = self.GetServers(name)
+	if ok {
+		server = servers[0]
+	}
+	return
+}
+
+// Get a server already in the cache
+func (self *DatabaseTransaction) GetCachedServer(name string) (server *Server, ok bool) {
+	name = HomogeniseUsername(name)
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	server, ok = self.servers[name]
+	return
+}
+
+// Creates a server. This may or may not be able to be reverted with Abort().
+func (self *DatabaseTransaction) CreateServer(name string) (*Server, bool) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+
+	if self.servers == nil {
+		self.servers = make(map[string]*Server)
+	}
+
+	name, _ = PasteuriseUsername(name)
+	server, ok := self.db.CreateServer(name)
+	if ok {
+		self.servers[HomogeniseUsername(name)] = server
+	}
+	return server, ok
+}
+
+// Gets a server or creates one if it doesn't exist.
+func (self *DatabaseTransaction) GetOrCreateServer(name string) (*Server, bool) {
+	servers, ok, _ := self.GetServers(name)
+	if !ok {
+		return self.CreateServer(name)
+	}
+	return servers[0], ok
+}
+
+// Calls the underlying database's ListServers().
+func (self *DatabaseTransaction) ListServers() []string {
+	return self.db.ListServers()
+}
+
+// Iterate over the database. Server objects are freed after f() returns.
+func (self *DatabaseTransaction) ForEach(f func(*Server) error, saveChanges bool) error {
+	serverNames := self.ListServers()
+	sort.Strings(serverNames)
+
+	// Abort if f() panics.
+	defer self.Abort()
+
+	for _, name := range serverNames {
+		server, ok := self.GetOneServer(name)
+
+		// If the server has been deleted in the meantime, ignore it.
+		if !ok {
+			continue
+		}
+
+		// If f(server) returns an error then stop iterating.
+		err := f(server)
+		if err != nil {
+			return err
+		}
+
+		// Unlock the server (this is the same as calling Finish/Abort).
+		self.free(saveChanges)
+	}
+	return nil
+}
+
+func ForEach(db Database, f func(*Server) error, saveChanges bool) error {
+	return BeginDbTransaction(db).ForEach(f, saveChanges)
+}
+
+func (self *DatabaseTransaction) free(save bool) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+
+	if self.servers == nil {
+		return
+	}
+
+	servers := make([]*Server, 0, len(self.servers))
+	for _, server := range self.servers {
+		servers = append(servers, server)
+	}
+	self.db.FreeServers(servers, save)
+
+	self.servers = nil
+}
+
+// Commits the changes made to the database.
+func (self *DatabaseTransaction) Finish() {
+	self.free(true)
+}
+
+// Aborts the transaction and discards any changes made. This is a no-op if
+// Finish() or Abort() have already been called.
+func (self *DatabaseTransaction) Abort() {
+	self.free(false)
+}
+
+func (self *DatabaseTransaction) GetRawDatabase() Database {
+	return self.db
+}
+
+// Creates a new DatabaseTransaction object for a database.
+func BeginDbTransaction(db Database) *DatabaseTransaction {
+	var mutex sync.Mutex
+	return &DatabaseTransaction{db, &mutex, nil}
+}
+
+func AuthenticateRequest(db Database, username, token string,
+	otherServers []string) (bool, *DatabaseTransaction, *Server) {
+	// Begin a database transaction.
+	tr := BeginDbTransaction(db)
+
+	// Calling tr.GetServers(username, otherServers...) doesn't work
+	serverNames := make([]string, len(otherServers)+1)
+	serverNames[0] = username
+	copy(serverNames[1:], otherServers)
+
+	// Attempt to authenticate the request.
+	servers, exists, badServer := tr.GetServers(serverNames...)
+
+	// Get servers before any non-existent server.
+	if !exists {
+		for i, serverName := range serverNames {
+			if badServer == HomogeniseUsername(serverName) {
+				serverNames = serverNames[:i]
+				break
+			}
+		}
+		if len(serverNames) > 0 {
+			tr.Abort()
+			servers, exists, _ = tr.GetServers(serverNames...)
+		}
+	}
+
+	// Check the token.
+	if exists && servers[0].CheckToken(token) {
+		return true, tr, servers[0]
+	}
+
+	// If the authentication failed, abort the transaction and return.
+	tr.Abort()
+	return false, nil, nil
+}
+
+// Backup a database.
+func BackupDatabase(db Database, writer io.Writer) error {
+	tr := BeginDbTransaction(db)
+	defer tr.Abort()
+
+	// Make a list of encoded servers. This uses pointers to reduce copying.
+	var encodedServers []*EncodedServer
+	tr.ForEach(func(server *Server) error {
+		encodedServer := server.Encode()
+		encodedServers = append(encodedServers, &encodedServer)
+		return nil
+	}, false)
+
+	// Nothing was changed, abort the transaction.
+	tr.Abort()
+
+	// Save the encoded servers with JSON.
+	encoder := json.NewEncoder(writer)
+	return encoder.Encode(encodedServers)
+}
+
+// Restore a database. This is not atomic and may result in a partially
+// restored database.
+// TODO: Delete servers that exist in the database but do not exist in the
+// backup.
+func RestoreDatabase(db Database, reader io.Reader) error {
+	var encodedServers []EncodedServer
+	decoder := json.NewDecoder(reader)
+	err := decoder.Decode(&encodedServers)
+	if err != nil {
+		return err
+	}
+	if decoder.More() {
+		return errors.New("Extra JSON value")
+	}
+
+	tr := BeginDbTransaction(db)
+	defer tr.Abort()
+
+	for _, encodedServer := range encodedServers {
+		server, ok := tr.GetOrCreateServer(encodedServer.Name)
+		if !ok {
+			return errors.New("Could not create server.")
+		}
+
+		// Overwrite the server
+		*server = *encodedServer.Decode()
+		server.SetModified()
+
+		// Save
+		tr.Finish()
+	}
+	return nil
+}
diff --git a/lurkcoin/errorcodes.go b/lurkcoin/errorcodes.go
new file mode 100644
index 0000000..c78df47
--- /dev/null
+++ b/lurkcoin/errorcodes.go
@@ -0,0 +1,58 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package lurkcoin
+
+// Error codes
+var errorCodes = map[string]string{
+	"ERR_INVALIDLOGIN":   `Invalid login!`,
+	"ERR_INVALIDREQUEST": `Invalid request.`,
+	"ERR_PAYLOADTOOLARGE": `Request body too large. You may send a maximum ` +
+		`of 4096 bytes.`,
+
+	"ERR_SERVERNOTFOUND":   `Server not found!`,
+	"ERR_INVALIDAMOUNT":    `Invalid number!`,
+	"ERR_CANNOTPAYNOTHING": `You cannot pay someone ` + SYMBOL + `0.00!`,
+	"ERR_CANNOTAFFORD":     `You cannot afford to do that!`,
+
+	`ERR_SOURCEUSERNAMETOOLONG`: `The source username is too long!`,
+	`ERR_USERNAMETOOLONG`:       `The target username is too long!`,
+
+	// It might be possible to reword these descriptions without breaking things
+	"ERR_SOURCESERVERNOTFOUND": `The "from" server does not exist!`,
+	"ERR_TARGETSERVERNOTFOUND": `The "to" server does not exist!`,
+	"ERR_TRANSACTIONLIMIT":     `The amount you specified exceeds the max spend!`,
+}
+
+func LookupError(code string) (string, string, int) {
+	msg, exists := errorCodes[code]
+	if exists {
+		var httpCode int
+		switch code {
+		case "ERR_INVALIDLOGIN":
+			httpCode = 401
+		case "ERR_PAYLOADTOOLARGE":
+			httpCode = 413
+		default:
+			httpCode = 400
+		}
+		return code, msg, httpCode
+	} else {
+		return "ERR_INTERNALERROR", "Internal error!", 500
+	}
+}
diff --git a/lurkcoin/misc.go b/lurkcoin/misc.go
new file mode 100644
index 0000000..74f5a2b
--- /dev/null
+++ b/lurkcoin/misc.go
@@ -0,0 +1,228 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package lurkcoin
+
+import (
+	crypto_rand "crypto/rand"
+	"crypto/subtle"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"log"
+	"math"
+	"math/big"
+	"math/rand"
+	"net/url"
+	"regexp"
+	"strings"
+	"unicode"
+)
+
+// Changing the symbol will break the legacy database (not compiled by default)
+const SYMBOL = "¤"
+const VERSION = "3.0.0 alpha 0"
+
+// Note that public source code is required by the AGPL
+const SOURCE_URL = "https://github.com/luk3yx/lurkcoin"
+const REPORT_SECURITY = "https://gitlab.com/luk3yx/lurkcoin/-/issues/new"
+
+// Copyrights should be separated by newlines
+const COPYRIGHT = "Copyright © 2020 by luk3yx"
+
+func PrintASCIIArt() {
+	log.Print(`/\___/\    _            _             _`)
+	log.Print(`\  _  /   | |_   _ _ __| | _____ ___ (_)_ __`)
+	log.Print(`| (_) |   | | | | | '__| |/ / __/ _ \| | '_ \`)
+	log.Print(`/ ___ \   | | |_| | |  |   < (_| (_) | | | | |`)
+	log.Print(`\/   \/   |_|\__,_|_|  |_|\_\___\___/|_|_| |_|`)
+	log.Print()
+	log.Printf("Version %s", VERSION)
+}
+
+var c0 Currency = CurrencyFromInt64(0)
+var invalid_uid = regexp.MustCompile(`[^a-z0-9\_]`)
+
+func HomogeniseUsername(username string) string {
+	username = strings.ToLower(username)
+	username = strings.Replace(username, " ", "", -1)
+	return invalid_uid.ReplaceAllLiteralString(username, "_")
+}
+
+// Remove control characters and leading+trailing whitespace from a username.
+// HomogeniseUsername(PasteuriseUsername(username)) should always equal
+// HomogeniseUsername(username).
+func PasteuriseUsername(username string) (res string, runeCount int) {
+	res = strings.Map(func(r rune) rune {
+		runeCount += 1
+		if unicode.IsGraphic(r) {
+			return r
+		}
+		return '�'
+	}, strings.Trim(username, " "))
+	return
+}
+
+// Gets a random uint64 with crypto/rand, casts it to an int64 and feeds it to
+// rand.Seed().
+func SeedPRNG() {
+	max := new(big.Int).SetUint64(math.MaxUint64)
+	res, err := crypto_rand.Int(crypto_rand.Reader, max)
+	if err != nil {
+		panic(err)
+	}
+	rand.Seed(int64(res.Uint64()))
+}
+
+// Generate a secure random API token. This will probably be around 171
+// characters long.
+func GenerateToken() string {
+	// Get 128 random bytes (1024 bits).
+	raw := make([]byte, 128)
+	_, err := crypto_rand.Read(raw)
+	if err != nil {
+		panic(err)
+	}
+
+	// Encode it with base64.RawURLEncoding
+	var builder strings.Builder
+	encoder := base64.NewEncoder(base64.RawURLEncoding, &builder)
+	encoder.Write(raw)
+	encoder.Close()
+
+	// Return the string
+	return builder.String()
+}
+
+// Validate a webhook URL, returns the actual URL that should be used and a
+// boolean indicating success.
+func ValidateWebhookURL(rawURL string) (string, bool) {
+	u, err := url.Parse(rawURL)
+	if err != nil || (u.Scheme != "http" && u.Scheme != "https") {
+		return "", false
+	}
+	path := u.Path
+
+	// Paths always end in /lurkcoin currently.
+	if !strings.HasSuffix(path, "/lurkcoin") {
+		if !strings.HasSuffix(path, "/") {
+			path += "/"
+		}
+		path += "lurkcoin"
+	}
+
+	// Create a new URL object without extra parameters.
+	safeURL := &url.URL{Scheme: u.Scheme, Host: u.Host, Path: path}
+	return safeURL.String(), true
+}
+
+// Get an exchange rate between two servers
+func GetExchangeRate(db Database, source, target string, amount Currency) (Currency, error) {
+	tr := BeginDbTransaction(db)
+	defer tr.Abort()
+
+	source = HomogeniseUsername(source)
+	target = HomogeniseUsername(target)
+	if source == target {
+		return amount, nil
+	}
+
+	if source != "" {
+		sourceServer, ok := tr.GetOneServer(source)
+		if !ok {
+			return c0, errors.New("ERR_SOURCESERVERNOTFOUND")
+		}
+		amount, _ = sourceServer.GetExchangeRate(amount, true)
+
+		// Abort the transaction now to get the target server
+		tr.Abort()
+	}
+	if target != "" {
+		targetServer, ok := tr.GetOneServer(target)
+		if !ok {
+			return c0, errors.New("ERR_TARGETSERVERNOTFOUND")
+		}
+		amount, _ = targetServer.GetExchangeRate(amount, false)
+	}
+	return amount, nil
+}
+
+// A Python-ish repr()
+func repr(raw string) string {
+	res := fmt.Sprintf("%q", raw)
+	if strings.Count(res, `"`) == 2 && !strings.Contains(res, "'") {
+		return "'" + res[1:len(res)-1] + "'"
+	}
+	return res
+}
+
+// A helper used by both lurkcoin/api and lurkcoin/databases.
+func GetV2History(summary Summary, appendID bool) (h []string) {
+	balance := summary.Bal
+	// This intentionally adds transactions the server sends to itself twice.
+	for _, transaction := range summary.History {
+		var suffix string
+		if appendID {
+			suffix = " [" + transaction.ID + "]"
+		}
+		if transaction.TargetServer == summary.Name {
+			amount_s := transaction.Amount.DeltaString()
+			if transaction.SourceServer == "" && transaction.Target == "" {
+				h = append(h, fmt.Sprintf("%s: %s - %s%s", balance.String(),
+					amount_s, transaction.Source, suffix))
+			} else {
+				h = append(h, fmt.Sprintf(
+					"%s: %s - Transaction from %s to %s.%s",
+					balance.String(),
+					amount_s,
+					repr(transaction.SourceServer),
+					repr(transaction.Target),
+					suffix,
+				))
+			}
+
+			// Addition and subtraction are swapped because most recent
+			// transactions are first and we start with the current balance.
+			balance = balance.Sub(transaction.Amount)
+		}
+		if transaction.SourceServer == summary.Name {
+			amount_s := transaction.Amount.Neg().DeltaString()
+			h = append(h, fmt.Sprintf("%s: %s - Transaction to %s on %s.%s",
+				balance.String(), amount_s, repr(transaction.Target),
+				repr(transaction.TargetServer), suffix))
+			balance = balance.Add(transaction.Amount)
+		}
+	}
+	if len(h) < 10 {
+		h = append(h, c0.String()+": Account created")
+	}
+	return
+}
+
+// Returns true if a == b in a constant time. Note that this will however leak
+// string lengths.
+func ConstantTimeCompare(a string, b string) bool {
+	first := []byte(a)
+	second := []byte(b)
+	// Comparing the length isn't strictly necessary in Go 1.4+, however is
+	// done anyway.
+	if len(first) != len(second) {
+		return false
+	}
+	return subtle.ConstantTimeCompare(first, second) != 0
+}
diff --git a/lurkcoin/payments.go b/lurkcoin/payments.go
new file mode 100644
index 0000000..ee74920
--- /dev/null
+++ b/lurkcoin/payments.go
@@ -0,0 +1,104 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package lurkcoin
+
+import (
+	"errors"
+	"log"
+)
+
+// The transaction limit, currently 1e+11 so clients that parse JSON numbers as
+// 64-bit floats won't run into issues.
+var transactionLimit Currency = CurrencyFromInt64(100000000000)
+
+// Sends a payment.
+func (sourceServer *Server) Pay(source, target string,
+	targetServer *Server, sentAmount Currency, localCurrency bool,
+	revertable bool) (*Transaction, error) {
+
+	// Ensure the source and target usernames aren't too long.
+	var length int
+	source, length = PasteuriseUsername(source)
+	if length > 48 {
+		return nil, errors.New("ERR_SOURCEUSERNAMETOOLONG")
+	}
+	target, length = PasteuriseUsername(target)
+	if length > 48 {
+		return nil, errors.New("ERR_USERNAMETOOLONG")
+	}
+
+	// Get the amount being sent in lurkcoins
+	var amount Currency
+	if localCurrency {
+		amount, _ = sourceServer.GetExchangeRate(sentAmount, true)
+	} else {
+		amount = sentAmount
+	}
+
+	// No stealing
+	if !sentAmount.GtZero() || !amount.GtZero() {
+		return nil, errors.New("ERR_INVALIDAMOUNT")
+	}
+
+	if sentAmount.Gt(transactionLimit) || amount.Gt(transactionLimit) {
+		return nil, errors.New("ERR_TRANSACTIONLIMIT")
+	}
+
+	// Remove the amount
+	success := sourceServer.ChangeBal(amount.Neg())
+	if !success {
+		return nil, errors.New("ERR_CANNOTAFFORD")
+	}
+
+	receivedAmount, _ := targetServer.GetExchangeRate(amount, false)
+
+	if !receivedAmount.GtZero() {
+		return nil, errors.New("ERR_CANNOTPAYNOTHING")
+	}
+
+	if receivedAmount.Gt(transactionLimit) {
+		return nil, errors.New("ERR_TRANSACTIONLIMIT")
+	}
+
+	success = targetServer.ChangeBal(amount)
+
+	// This should always be true
+	if !success {
+		// Revert the previous balance change before returning
+		sourceServer.ChangeBal(amount)
+		return nil, errors.New("ERR_INTERNALERROR")
+	}
+
+	transaction := MakeTransaction(source, sourceServer.Name, target,
+		targetServer.Name, amount, sentAmount, receivedAmount)
+	if revertable {
+		transaction.Revertable = true
+	}
+
+	// Add the transaction to the history
+	if sourceServer != targetServer {
+		sourceServer.AddToHistory(transaction)
+	}
+	targetServer.AddToHistory(transaction)
+
+	// Log the transaction
+	log.Print(transaction)
+
+	return &transaction, nil
+}
diff --git a/lurkcoin/servers.go b/lurkcoin/servers.go
new file mode 100644
index 0000000..bc7e511
--- /dev/null
+++ b/lurkcoin/servers.go
@@ -0,0 +1,440 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package lurkcoin
+
+import (
+	"math/big"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+)
+
+// Most mutable fields in Server are private to prevent race conditions.
+// Note that pendingTransactions has to be ordered to retain lurkcoinV2
+// compatibility. If compatibiltiy is ever dropped, it could possibly become a
+// map[string]Transaction to improve the efficiency of delete operations.
+type Server struct {
+	UID                 string
+	Name                string
+	balance             Currency
+	targetBalance       Currency
+	history             []Transaction
+	pendingTransactions []Transaction
+	token               string
+	WebhookURL          string
+	lock                *sync.RWMutex
+	modified            bool
+}
+
+type ServerCollection interface {
+	GetServer(name string) *Server
+}
+
+var MaxTargetBalance = CurrencyFromInt64(500000000)
+
+func (self *Server) GetBalance() Currency {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+	return self.balance
+}
+
+func (self *Server) GetTargetBalance() Currency {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+	return self.targetBalance
+}
+
+// Changes the user's balance, returns false if the user does not have enough
+// money. This is an atomic operation, changing the balance manually is not
+// recommended.
+func (self *Server) ChangeBal(num Currency) bool {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	new_balance := self.balance.Add(num)
+	if new_balance.LtZero() {
+		return false
+	}
+	self.balance = new_balance
+	self.modified = true
+	return true
+}
+
+// Gets the server's history. The slice returned can be modified, however the
+// transaction objects should not be.
+func (self *Server) GetHistory() []Transaction {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+	res := make([]Transaction, len(self.history))
+	copy(res, self.history)
+	return res
+}
+
+var webhookClient = &http.Client{Timeout: time.Second * 5}
+
+func (self *Server) AddToHistory(transaction Transaction) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	self.modified = true
+
+	// Prepend transaction to self.history
+	// https://stackoverflow.com/a/53737602
+	if len(self.history) < 10 {
+		// Only increase the length of the slice if it is shorter than 10
+		// elements long, meaning the transaction history cannot be longer
+		// than 10 elements.
+		self.history = append(self.history, Transaction{})
+	}
+	copy(self.history[1:], self.history)
+	self.history[0] = transaction
+
+	if self.Name != transaction.TargetServer || transaction.Target == "" {
+		return
+	}
+
+	// Add to pending transactions.
+	self.pendingTransactions = append(self.pendingTransactions, transaction)
+
+	// Validate the webhook URL (if any).
+	if self.WebhookURL == "" {
+		return
+	}
+
+	// Send a request to the webhook (in a separate goroutine so it doesn't
+	// block anything).
+	go func(webhookURL string) {
+		url, ok := ValidateWebhookURL(webhookURL)
+		if !ok {
+			return
+		}
+		reader := strings.NewReader(`{"version": 0}`)
+		req, err := http.NewRequest("POST", url, reader)
+		if err != nil {
+			return
+		}
+		req.Header.Set("Content-Type", "application/json")
+		req.Header.Set("User-Agent", "lurkcoin/3.0")
+		res, err := webhookClient.Do(req)
+		if err == nil {
+			res.Body.Close()
+		}
+	}(self.WebhookURL)
+}
+
+// Get a list of pending transactions, similar to GetHistory().
+func (self *Server) GetPendingTransactions() []Transaction {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+	res := make([]Transaction, len(self.pendingTransactions))
+	copy(res, self.pendingTransactions)
+	return res
+}
+
+// Returns true if the server has pending transactions.
+func (self *Server) HasPendingTransactions() bool {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+	return len(self.pendingTransactions) > 0
+}
+
+func (self *Server) removeAndReturnPendingTransaction(id string) *Transaction {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	for i, transaction := range self.pendingTransactions {
+		if transaction.ID == id {
+			// Although Currency objects are not themselves pointers, they
+			// contain a pointer to a big.Int object.
+			l := len(self.pendingTransactions) - 1
+			if i < l {
+				copy(self.pendingTransactions[i:],
+					self.pendingTransactions[i+1:])
+			}
+			self.pendingTransactions[l] = Transaction{}
+			self.pendingTransactions = self.pendingTransactions[:l]
+			self.modified = true
+			return &transaction
+		}
+	}
+	return nil
+}
+
+// Remove a pending transaction given its ID.
+func (self *Server) RemovePendingTransaction(id string) {
+	self.removeAndReturnPendingTransaction(id)
+}
+
+// Reject (and possibly revert) a pending transaction.
+func (self *Server) RejectPendingTransaction(id string,
+	tr *DatabaseTransaction) {
+	if tr == nil {
+		panic("nil *DatabaseTransaction passed to RejectPendingTransaction().")
+	}
+
+	// Get the transaction and ensure
+	transaction := self.removeAndReturnPendingTransaction(id)
+	if transaction == nil || !transaction.Revertable {
+		return
+	}
+
+	// Defer to a goroutine to prevent deadlocks
+	// TODO: Do this in the current goroutine
+	db := tr.GetRawDatabase()
+	currentUID := self.UID
+	go func() {
+		// Get the current server (the existing object is now invalid) and the
+		// source server.
+		tr := BeginDbTransaction(db)
+		defer tr.Abort()
+
+		servers, ok, _ := tr.GetServers(currentUID, transaction.SourceServer)
+		if !ok {
+			return
+		}
+
+		// To try and prevent exploits, the received amount is used and exchange
+		// rates are re-calculated.
+		// Note that the source and target get flipped here.
+		servers[0].Pay(transaction.Target, transaction.Source, servers[1],
+			transaction.ReceivedAmount, true, false)
+		tr.Finish()
+	}()
+}
+
+// Remove the first <amount> pending transactions.
+// This is here to support lurkcoinV2 and probably shouldn't be used outside of
+// that.
+func (self *Server) RemoveFirstPendingTransactions(amount int) {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+
+	if amount < 1 {
+		return
+	}
+
+	self.modified = true
+	l := len(self.pendingTransactions)
+	copy(self.pendingTransactions, self.pendingTransactions[amount:])
+	for i := l - amount; i < l; i++ {
+		self.pendingTransactions[i] = Transaction{}
+	}
+	self.pendingTransactions = self.pendingTransactions[:l-amount]
+}
+
+// Sets the target balance.
+func (self *Server) SetTargetBalance(targetBalance Currency) bool {
+	if targetBalance.LtZero() || targetBalance.Gt(MaxTargetBalance) {
+		return false
+	}
+
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	self.modified = true
+	self.targetBalance = targetBalance
+	return true
+}
+
+// Validates and sets a webhook URL.
+func (self *Server) SetWebhookURL(webhookURL string) (ok bool) {
+	var safeURL string
+	if webhookURL == "" {
+		// Allow clearing the webhook URL
+		safeURL, ok = "", true
+	} else {
+		// This calls ValidateWebhookURL() so that the URL does not change if
+		// the rules are relaxed in the future.
+		safeURL, ok = ValidateWebhookURL(webhookURL)
+	}
+
+	if !ok {
+		return
+	}
+
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	self.modified = true
+	self.WebhookURL = safeURL
+	return
+}
+
+// Gets the exchange rate.
+// GetExchangeRate(<lurkcoins>, false) → <local currency>
+// GetExchangeRate(<local currency>, true) → <lurkcoins>
+var f2 = big.NewFloat(2)
+
+// Exchange rate calculations are horrible at the moment, however they work
+// (at least I think they work).
+func (self *Server) GetExchangeRate(amount Currency, toLurkcoin bool) (Currency,
+	*big.Float) {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+
+	// Do nothing if the amount is 0 or fixed exchange rates are enabled.
+	if amount.IsZero() || self.targetBalance.IsZero() {
+		return amount, big.NewFloat(1)
+	}
+
+	// bal = max(self.balance, 0.01)
+	bal := self.balance
+	if !bal.GtZero() {
+		bal = CurrencyFromString("0.01")
+	}
+
+	// base_exchange = self.TargetBal / bal
+	base_exchange := self.targetBalance.Div(bal)
+
+	// To lurkcoin: adj_bal = bal - amount / base_exchange
+	// From lurkcoin: adj_bal = bal + amount
+	var adj_bal Currency
+	if toLurkcoin {
+		adj_bal = bal.Sub(CurrencyFromFloat(new(big.Float).Quo(amount.Float(),
+			base_exchange)))
+	} else {
+		adj_bal = bal.Add(amount)
+	}
+
+	// Calculate the "pre-emptive" exchange rate and average the two.
+	preemptive := new(big.Float).Add(base_exchange,
+		self.targetBalance.Div(adj_bal))
+	exchange := new(big.Float).Quo(preemptive, f2)
+
+	// Multiply (or divide) the exchange rate and the amount
+	res := new(big.Float)
+	if toLurkcoin {
+		res.Quo(amount.Float(), exchange)
+	} else {
+		res.Mul(amount.Float(), exchange)
+	}
+	return CurrencyFromFloat(res), exchange
+}
+
+// "Encoded" servers that have all their values public
+type EncodedServer struct {
+	// A version number for breaking changes, because of the way gob works this
+	// can be upgraded to a uint16/uint32 at a later time.
+	Version uint8 `json:"version"`
+
+	// The server name (not passed through HomogeniseUsername)
+	Name string `json:"name"`
+
+	// The balance in integer form where 1234 is ¤12.34.
+	Balance *big.Int `json:"balance"`
+
+	// The target balance in the same format as the above balance.
+	TargetBalance *big.Int `json:"target_balance"`
+
+	// Other values
+	History             []Transaction `json:"history"`
+	PendingTransactions []Transaction `json:"pending_transactions"`
+	Token               string        `json:"token"`
+	WebhookURL          string        `json:"webhook_url"`
+}
+
+func (self *Server) IsModified() bool {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+	return self.modified
+}
+
+func (self *Server) SetModified() {
+	self.lock.Lock()
+	defer self.lock.Unlock()
+	self.modified = true
+}
+
+func (self *Server) Encode() EncodedServer {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+
+	history := make([]Transaction, len(self.history))
+	copy(history, self.history)
+	pendingTransactions := make([]Transaction, len(self.pendingTransactions))
+	copy(pendingTransactions, self.pendingTransactions)
+	return EncodedServer{0, self.Name, self.balance.Int(),
+		self.targetBalance.Int(), history, pendingTransactions, self.token,
+		self.WebhookURL}
+}
+
+func (self *EncodedServer) Decode() *Server {
+	if self.Version > 0 {
+		panic("Unrecognised EncodedServer version!")
+	}
+	if self.Balance == nil || self.TargetBalance == nil {
+		panic("Invalid EncodedServer passed to EncodedServer.Decode()!")
+	}
+
+	// Convert Balance and TargetBalance to Currency.
+	balance := CurrencyFromInt(self.Balance)
+	targetBalance := CurrencyFromInt(self.TargetBalance)
+
+	// Copy History and PendingTransactions.
+	history := make([]Transaction, len(self.History))
+	copy(history, self.History)
+	pendingTransactions := make([]Transaction, len(self.PendingTransactions))
+	copy(pendingTransactions, self.PendingTransactions)
+
+	return &Server{HomogeniseUsername(self.Name), self.Name, balance,
+		targetBalance, history, pendingTransactions, self.Token,
+		self.WebhookURL, new(sync.RWMutex), false}
+}
+
+// Summaries
+type Summary struct {
+	UID           string        `json:"uid"`
+	Name          string        `json:"name"`
+	Bal           Currency      `json:"bal"`
+	Balance       string        `json:"balance"`
+	History       []Transaction `json:"history"`
+	InterestRate  float64       `json:"interest_rate"`
+	TargetBalance Currency      `json:"target_balance"`
+}
+
+func (self *Server) GetSummary() Summary {
+	self.lock.RLock()
+	defer self.lock.RUnlock()
+	return Summary{self.UID, self.Name, self.balance, self.balance.String(),
+		self.GetHistory(), 0, self.targetBalance}
+}
+
+// Check an API token.
+// WARNING: This may leak the length of the stored token, however that is
+// probably already deducible by inspecting GenerateToken().
+func (self *Server) CheckToken(token string) bool {
+	if self.token == "" {
+		return false
+	}
+
+	return ConstantTimeCompare(self.token, token)
+}
+
+// Make a new server
+// The default target balance is currently ¤500,000.
+const DefaultTargetBalance int64 = 500000
+
+func NewServer(name string) *Server {
+	var server EncodedServer
+	server.Version = 0
+	server.Name = name
+	server.Balance = new(big.Int).SetInt64(0)
+	server.TargetBalance = new(big.Int).SetInt64(DefaultTargetBalance * 100)
+	server.Token = GenerateToken()
+
+	res := server.Decode()
+	res.SetModified()
+	return res
+}
diff --git a/lurkcoin/transactions.go b/lurkcoin/transactions.go
new file mode 100644
index 0000000..eb7ef3c
--- /dev/null
+++ b/lurkcoin/transactions.go
@@ -0,0 +1,105 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package lurkcoin
+
+import (
+	"fmt"
+	"math/big"
+	"math/rand"
+	"sync"
+	"time"
+)
+
+type Transaction struct {
+	ID             string   `json:"id"`
+	Source         string   `json:"source"`
+	SourceServer   string   `json:"source_server"`
+	Target         string   `json:"target"`
+	TargetServer   string   `json:"target_server"`
+	Amount         Currency `json:"amount"`
+	SentAmount     Currency `json:"sent_amount"`
+	ReceivedAmount Currency `json:"received_amount"`
+	Time           int64    `json:"time"`
+
+	// If true lurkcoin will attempt to revert the transaction if it is
+	// rejected. The transaction can still be rejected if this is false.
+	Revertable bool `json:"revertable"`
+}
+
+func (self Transaction) String() string {
+	return fmt.Sprintf("[%s] %s (sent %s, received %s) - Transaction from %q"+
+		" on %q to %q on %q.", self.ID, self.Amount,
+		self.SentAmount.RawString(), self.ReceivedAmount.RawString(),
+		self.Source, self.SourceServer, self.Target, self.TargetServer)
+}
+
+// Get a time.Time object from the transaction's Time attribute.
+func (self Transaction) GetTime() time.Time {
+	return time.Unix(self.Time, 0)
+}
+
+// Get the legacy ID
+var max_legacy_id *big.Int = big.NewInt(9999999)
+
+func (self *Transaction) GetLegacyID() int32 {
+	raw := new(big.Int)
+	raw.Mod(new(big.Int).SetBytes([]byte(self.ID)), max_legacy_id)
+
+	// Because 10,000,000 (max_legacy_id + 1) can fit into int64/int32,
+	// overflows are not an issue here.
+	return int32(raw.Int64()) + 1
+}
+
+// Generate transaction IDs
+var mutex = new(sync.Mutex)
+var lastTime int64 = -1
+var previouslyGenerated map[uint32]bool
+
+func GenerateTransactionID() (string, int64) {
+	mutex.Lock()
+	defer mutex.Unlock()
+
+	// Ensure too many transaction IDs haven't been generated.
+	if len(previouslyGenerated) > 1048576 {
+		// Uh-oh (more than 1 million transactions in a single second)
+		time.Sleep(1 * time.Second)
+	}
+
+	t := time.Now().Unix()
+	if t > lastTime {
+		previouslyGenerated = make(map[uint32]bool)
+	}
+
+	var id uint32
+	var exists bool = true
+	for exists {
+		id = rand.Uint32()
+		_, exists = previouslyGenerated[id]
+	}
+	previouslyGenerated[id] = true
+
+	return fmt.Sprintf("T%X-%08X", t, id), t
+}
+
+func MakeTransaction(source, sourceServer, target, targetServer string,
+	amount, sentAmount, receivedAmount Currency) Transaction {
+	id, time := GenerateTransactionID()
+	return Transaction{id, source, sourceServer, target, targetServer, amount,
+		sentAmount, receivedAmount, time, false}
+}
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..3b2ffc9
--- /dev/null
+++ b/main.go
@@ -0,0 +1,39 @@
+//
+// lurkcoin
+// Copyright © 2020 by luk3yx
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+package main
+
+import (
+	"fmt"
+	"log"
+	"lurkcoin/api"
+	"os"
+)
+
+func main() {
+	if len(os.Args) != 2 {
+		fmt.Println("This command takes exactly one argument.")
+		os.Exit(1)
+	}
+
+	config, err := api.LoadConfig(os.Args[1])
+	if err != nil {
+		log.Fatal(err)
+	}
+	api.StartServer(config)
+}
diff --git a/src b/src
new file mode 120000
index 0000000..945c9b4
--- /dev/null
+++ b/src
@@ -0,0 +1 @@
+.
\ No newline at end of file