Merge pull request 'Surface Token Management to UX' (#457) from surface-tokens into master

Reviewed-on: #457
2022-09-07 16:39:53 +00:00 · 2022-09-07 16:39:53 +00:00 · 7fe7ba72c7
parent 15836ad7de f46c717ff9
commit 7fe7ba72c7
22 changed files with 216 additions and 99 deletions
--- a/app/app.go
+++ b/app/app.go
@ -11,7 +11,6 @@ import (
 	"cwtch.im/cwtch/storage"
 	"git.openprivacy.ca/openprivacy/connectivity"
 	"git.openprivacy.ca/openprivacy/log"
-	"io/ioutil"
 	"os"
 	path "path/filepath"
 	"strconv"
@ -140,7 +139,7 @@ func (app *application) LoadProfiles(password string) {
 	count := 0
 	migrating := false

-	files, err := ioutil.ReadDir(path.Join(app.directory, "profiles"))
+	files, err := os.ReadDir(path.Join(app.directory, "profiles"))
 	if err != nil {
 		log.Errorf("error: cannot read profiles directory: %v", err)
 		return
--- a/app/plugins/networkCheck.go
+++ b/app/plugins/networkCheck.go
@ -121,7 +121,6 @@ func (nc *networkCheck) selfTest() {
 	go nc.checkConnection(nc.onion)
 }

-//
 func (nc *networkCheck) checkConnection(onion string) {
 	prog, _ := nc.acn.GetBootstrapStatus()
 	if prog != 100 {
--- a/event/common.go
+++ b/event/common.go
@ -200,6 +200,8 @@ const (

 	StartingStorageMiragtion = Type("StartingStorageMigration")
 	DoneStorageMigration     = Type("DoneStorageMigration")
+
+	TokenManagerInfo = Type("TokenManagerInfo")
 )

 // Field defines common event attributes
@ -227,6 +229,7 @@ const (
 	ServerTokenY     = Field("ServerTokenY")
 	ServerTokenOnion = Field("ServerTokenOnion")
 	GroupInvite      = Field("GroupInvite")
+	ServerTokenCount = Field("ServerTokenCount")

 	ProfileName = Field("ProfileName")
 	Password    = Field("Password")
--- a/go.mod
+++ b/go.mod
@ -1,19 +1,31 @@
 module cwtch.im/cwtch

-go 1.14
+go 1.17

 require (
-	git.openprivacy.ca/cwtch.im/tapir v0.5.4
-	git.openprivacy.ca/openprivacy/connectivity v1.8.5
+	git.openprivacy.ca/cwtch.im/tapir v0.5.5
+	git.openprivacy.ca/openprivacy/connectivity v1.8.6
 	git.openprivacy.ca/openprivacy/log v1.0.3
-	github.com/gtank/ristretto255 v0.1.2
+	github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c
 	github.com/mutecomm/go-sqlcipher/v4 v4.4.2
-	github.com/onsi/ginkgo v1.16.5 // indirect
-	github.com/onsi/ginkgo/v2 v2.0.0-rc2
-	github.com/onsi/gomega v1.17.0
-	github.com/stretchr/testify v1.7.0 // indirect
-	golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee
-	golang.org/x/sys v0.0.0-20210510120138-977fb7262007 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
+	github.com/onsi/ginkgo/v2 v2.1.4
+	github.com/onsi/gomega v1.20.1
+	golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d
+)
+
+require (
+	filippo.io/edwards25519 v1.0.0 // indirect
+	git.openprivacy.ca/openprivacy/bine v0.0.4 // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/gtank/merlin v0.1.1 // indirect
+	github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b // indirect
+	github.com/onsi/ginkgo v1.16.5 // indirect
+	github.com/stretchr/testify v1.7.0 // indirect
+	go.etcd.io/bbolt v1.3.6 // indirect
+	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect
+	golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,7 +1,11 @@
 filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU=
 filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
+filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
+filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
 git.openprivacy.ca/cwtch.im/tapir v0.5.4 h1:CUcRVsM82Zx/pfcGqIviycavZcC50wXm67TiQ3mx6WY=
 git.openprivacy.ca/cwtch.im/tapir v0.5.4/go.mod h1:VJitTBzerc+WO53c5XY30P2JD2Nx9mgxuII1FBVwW8E=
+git.openprivacy.ca/cwtch.im/tapir v0.5.5 h1:km6UDrLYH/GCEn2s+S299/TiRHhxKCIAipYr9GbG3Hk=
+git.openprivacy.ca/cwtch.im/tapir v0.5.5/go.mod h1:bWWHrDYBtHvxMri59RwIB/w7Eg1aC0BrQ/ycKlnbB5k=
 git.openprivacy.ca/openprivacy/bine v0.0.4 h1:CO7EkGyz+jegZ4ap8g5NWRuDHA/56KKvGySR6OBPW+c=
 git.openprivacy.ca/openprivacy/bine v0.0.4/go.mod h1:13ZqhKyqakDsN/ZkQkIGNULsmLyqtXc46XBcnuXm/mU=
 git.openprivacy.ca/openprivacy/connectivity v1.8.3/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw=
@ -9,6 +13,8 @@ git.openprivacy.ca/openprivacy/connectivity v1.8.4 h1:fQIOtvtCtZpB1D2XvmSJUdb8aq
 git.openprivacy.ca/openprivacy/connectivity v1.8.4/go.mod h1:pG50Dq4IelxFGyF1y8dU5kXrnsDGEnobbEFZlB9COLM=
 git.openprivacy.ca/openprivacy/connectivity v1.8.5 h1:eAlpNyxMBVq/PK+5EkG3zpcCjRjxi6Sg+iVoamuX1co=
 git.openprivacy.ca/openprivacy/connectivity v1.8.5/go.mod h1:pG50Dq4IelxFGyF1y8dU5kXrnsDGEnobbEFZlB9COLM=
+git.openprivacy.ca/openprivacy/connectivity v1.8.6 h1:g74PyDGvpMZ3+K0dXy3mlTJh+e0rcwNk0XF8owzkmOA=
+git.openprivacy.ca/openprivacy/connectivity v1.8.6/go.mod h1:Hn1gpOx/bRZp5wvCtPQVJPXrfeUH0EGiG/Aoa0vjGLg=
 git.openprivacy.ca/openprivacy/log v1.0.2/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
 git.openprivacy.ca/openprivacy/log v1.0.3 h1:E/PMm4LY+Q9s3aDpfySfEDq/vYQontlvNj/scrPaga0=
 git.openprivacy.ca/openprivacy/log v1.0.3/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
@ -37,11 +43,15 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/gtank/merlin v0.1.1 h1:eQ90iG7K9pOhtereWsmyRJ6RAwcP4tHTDBHXNg+u5is=
 github.com/gtank/merlin v0.1.1/go.mod h1:T86dnYJhcGOh5BjZFCJWTDeTK7XW8uE+E21Cy/bIQ+s=
 github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc=
 github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o=
+github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c h1:gkfmnY4Rlt3VINCo4uKdpvngiibQyoENVj5Q88sxXhE=
+github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c/go.mod h1:tDPFhGdt3hJWqtKwx57i9baiB1Cj0yAg22VOPUqm5vY=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
@ -51,6 +61,8 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643 h1:hLDRPB66XQT/8+wG9WsDpiCvZf1yKO7sz7scAjSlBa0=
 github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643/go.mod h1:43+3pMjjKimDBf5Kr4ZFNGbLql1zKkbImw+fZbw3geM=
+github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b h1:QrHweqAtyJ9EwCaGHBu1fghwxIPiopAHV06JlXrMHjk=
+github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b/go.mod h1:xxLb2ip6sSUts3g1irPVHyk/DGslwQsNOo9I7smJfNU=
 github.com/mutecomm/go-sqlcipher/v4 v4.4.2 h1:eM10bFtI4UvibIsKr10/QT7Yfz+NADfjZYh0GKrXUNc=
 github.com/mutecomm/go-sqlcipher/v4 v4.4.2/go.mod h1:mF2UmIpBnzFeBdu/ypTDb/LdbS0nk0dfSN1WUsWTjMA=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
@ -63,10 +75,14 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.0.0-rc2 h1:2ukZwTHG/SAlJe4mm5xTdcUYH7IRvldIXhukE1pQBeY=
 github.com/onsi/ginkgo/v2 v2.0.0-rc2/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
+github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
+github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
+github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -78,11 +94,15 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.etcd.io/bbolt v1.3.4 h1:hi1bXHMVrlQh6WwxAy+qZCV/SYIlqo+Ushwdpa4tAKg=
 go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
+go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee h1:4yd7jl+vXjalO5ztz6Vc1VADv+S/80LGJmyl1ROJ2AI=
 golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d h1:3qF+Z8Hkrw9sOhrFHti9TlB1Hkac1x+DNRkv0XQiFjo=
+golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@ -93,6 +113,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -105,6 +127,7 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -112,11 +135,15 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 h1:UiNENfZ8gDvpiWw7IpOMQ27spWmThO1RwwdQVbJahJM=
+golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
@ -134,6 +161,7 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@ -148,3 +176,5 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/model/group.go
+++ b/model/group.go
@ -91,7 +91,7 @@ func (g *Group) Invite() (string, error) {
 	return serializedInvite, err
 }

-//EncryptMessage takes a message and encrypts the message under the group key.
+// EncryptMessage takes a message and encrypts the message under the group key.
 func (g *Group) EncryptMessage(message *groups.DecryptedGroupMessage) ([]byte, error) {
 	var nonce [24]byte
 	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
@ -210,11 +210,12 @@ func (g *Group) AttemptDecryption(ciphertext []byte, signature []byte) (bool, *g

 // VerifyGroupMessage confirms the authenticity of a message given an sender onion, message and signature.
 // The goal of this function is 2-fold:
-// 1. We confirm that the sender referenced in the group text is the actual sender of the message (or at least
+//  1. We confirm that the sender referenced in the group text is the actual sender of the message (or at least
 //     knows the senders private key)
-// 2. Secondly, we confirm that the sender sent the message to a particular group id on a specific server (it doesn't
-//      matter if we actually received this message from the server or from a hybrid protocol, all that matters is
-//      that the sender and receivers agree that this message was intended for the group
+//  2. Secondly, we confirm that the sender sent the message to a particular group id on a specific server (it doesn't
+//     matter if we actually received this message from the server or from a hybrid protocol, all that matters is
+//     that the sender and receivers agree that this message was intended for the group
+//
 // The 2nd point is important as it prevents an attack documented in the original Cwtch paper (and later at
 // https://docs.openprivacy.ca/cwtch-security-handbook/groups.html) in which a malicious profile sets up 2 groups
 // on two different servers with the same key and then forwards messages between them to convince the parties in
--- a/model/message.go
+++ b/model/message.go
@ -99,7 +99,7 @@ func (t *Timeline) SetMessages(messages []Message) {

 // GetMessagesByHash attempts to find messages that match the given
 // content hash in the timeline. If successful it returns a list of messages as well as their local index
-//, on failure it returns an error.
+// , on failure it returns an error.
 // We return a list of messages because content hashes are not guaranteed to be unique from a given Peer. This allows
 // us to do things like: ensure that reply-to and quotes reference the last seen message from the message they are quoted
 // in or detect duplicate messages from a peer.
--- a/peer/cwtch_peer.go
+++ b/peer/cwtch_peer.go
@ -13,8 +13,8 @@ import (
 	"git.openprivacy.ca/openprivacy/connectivity"
 	"git.openprivacy.ca/openprivacy/connectivity/tor"
 	"golang.org/x/crypto/ed25519"
-	"io/ioutil"
 	"math/bits"
+	"os"
 	path "path/filepath"
 	"runtime"
 	"strconv"
@ -40,7 +40,8 @@ var autoHandleableEvents = map[event.Type]bool{event.EncryptedGroupMessage: true
 	event.ManifestSizeReceived: true, event.ManifestReceived: true, event.FileDownloaded: true}

 // DefaultEventsToHandle specifies which events will be subscribed to
-//  when a peer has its Init() function called
+//
+//	when a peer has its Init() function called
 var DefaultEventsToHandle = []event.Type{
 	event.EncryptedGroupMessage,
 	event.NewMessageFromPeerEngine,
@ -108,7 +109,7 @@ func (cp *cwtchPeer) ChangePassword(password string, newpassword string, newpass
 	}
 	cps.Close()

-	salt, err := ioutil.ReadFile(path.Join(cp.storage.ProfileDirectory, saltFile))
+	salt, err := os.ReadFile(path.Join(cp.storage.ProfileDirectory, saltFile))
 	if err != nil {
 		return err
 	}
--- a/peer/storage.go
+++ b/peer/storage.go
@ -12,7 +12,6 @@ import (
 	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/crypto/sha3"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@ -56,12 +55,12 @@ func initV2Directory(directory, password string) ([32]byte, [128]byte, error) {
 		return [32]byte{}, [128]byte{}, err
 	}

-	if err = ioutil.WriteFile(path.Join(directory, versionFile), []byte(version), 0600); err != nil {
+	if err = os.WriteFile(path.Join(directory, versionFile), []byte(version), 0600); err != nil {
 		log.Errorf("Could not write version file: %v", err)
 		return [32]byte{}, [128]byte{}, err
 	}

-	if err = ioutil.WriteFile(path.Join(directory, saltFile), salt[:], 0600); err != nil {
+	if err = os.WriteFile(path.Join(directory, saltFile), salt[:], 0600); err != nil {
 		log.Errorf("Could not write salt file: %v", err)
 		return [32]byte{}, [128]byte{}, err
 	}
@ -70,7 +69,7 @@ func initV2Directory(directory, password string) ([32]byte, [128]byte, error) {
 }

 func openEncryptedDatabase(profileDirectory string, password string, createIfNotExists bool) (*sql.DB, error) {
-	salt, err := ioutil.ReadFile(path.Join(profileDirectory, saltFile))
+	salt, err := os.ReadFile(path.Join(profileDirectory, saltFile))
 	if err != nil {
 		return nil, err
 	}
--- a/protocol/connections/engine.go
+++ b/protocol/connections/engine.go
@ -61,6 +61,8 @@ type engine struct {
 	// file sharing subsystem is responsible for maintaining active shares and downloads
 	filesharingSubSystem files.FileSharingSubSystem

+	tokenManagers sync.Map // [tokenService][]TokenManager
+
 	shuttingDown bool
 }

@ -358,9 +360,9 @@ func (e *engine) peerWithTokenServer(onion string, tokenServerOnion string, toke
 	eid, epk := primitives.InitializeEphemeralIdentity()
 	connectionService.service.Init(e.acn, epk, &eid)

-	Y := ristretto255.NewElement()
+	Y := new(ristretto255.Element)
 	Y.UnmarshalText([]byte(tokenServerY))
-	connected, err := connectionService.service.Connect(onion, NewTokenBoardClient(e.acn, Y, tokenServerOnion, lastKnownSignature, e.receiveGroupMessage, e.serverAuthed, e.serverSynced, e.ignoreOnShutdown(e.serverDisconnected)))
+	connected, err := connectionService.service.Connect(onion, NewTokenBoardClient(e.acn, Y, tokenServerOnion, lastKnownSignature, e))
 	// If we are already connected...check if we are authed and issue an auth event
 	// (This allows the ui to be stateless)
 	if connected && err != nil {
--- a/protocol/connections/engine_token_handler.go
+++ b/protocol/connections/engine_token_handler.go
@ -0,0 +1,47 @@
+package connections
+
+import (
+	"cwtch.im/cwtch/event"
+	"cwtch.im/cwtch/protocol/groups"
+	"git.openprivacy.ca/cwtch.im/tapir/primitives/privacypass"
+	"strconv"
+)
+
+// Implement Token Service Handler for Engine
+
+// GroupMessageHandler receives a server and an encrypted group message
+func (e *engine) GroupMessageHandler(server string, gm *groups.EncryptedGroupMessage) {
+	e.receiveGroupMessage(server, gm)
+}
+
+// ServerAuthedHandler is notified when a server has successfully authed
+func (e *engine) ServerAuthedHandler(server string) {
+	e.serverAuthed(server)
+}
+
+// ServerSyncedHandler is notified when a server has successfully synced
+func (e *engine) ServerSyncedHandler(server string) {
+	e.serverSynced(server)
+}
+
+// ServerClosedHandler is notified when a server connection has closed, the result is ignored during shutdown...
+func (e *engine) ServerClosedHandler(server string) {
+	e.ignoreOnShutdown(e.serverDisconnected)(server)
+}
+
+// NewTokenHandler is notified after a successful token acquisition
+func (e *engine) NewTokenHandler(tokenService string, tokens []*privacypass.Token) {
+	tokenManagerPointer, _ := e.tokenManagers.LoadOrStore(tokenService, new(TokenManager))
+	tokenManager := tokenManagerPointer.(*TokenManager)
+	tokenManager.NewTokens(tokens)
+	e.eventManager.Publish(event.NewEvent(event.TokenManagerInfo, map[event.Field]string{event.ServerTokenOnion: tokenService, event.ServerTokenCount: strconv.Itoa(tokenManager.NumTokens())}))
+}
+
+// FetchToken is notified when a server requires a new token from the client
+func (e *engine) FetchToken(tokenService string) (*privacypass.Token, int, error) {
+	tokenManagerPointer, _ := e.tokenManagers.LoadOrStore(tokenService, new(TokenManager))
+	tokenManager := tokenManagerPointer.(*TokenManager)
+	token, numTokens, err := tokenManager.FetchToken()
+	e.eventManager.Publish(event.NewEvent(event.TokenManagerInfo, map[event.Field]string{event.ServerTokenOnion: tokenService, event.ServerTokenCount: strconv.Itoa(numTokens)}))
+	return token, numTokens, err
+}
--- a/protocol/connections/token_manager.go
+++ b/protocol/connections/token_manager.go
@ -0,0 +1,40 @@
+package connections
+
+import (
+	"errors"
+	"git.openprivacy.ca/cwtch.im/tapir/primitives/privacypass"
+	"sync"
+)
+
+// TokenManager maintains a list of tokens associated with a single TokenServer
+type TokenManager struct {
+	lock   sync.Mutex
+	tokens []*privacypass.Token
+}
+
+// NewTokens adds tokens to the internal list managed by this TokenManager
+func (tm *TokenManager) NewTokens(tokens []*privacypass.Token) {
+	tm.lock.Lock()
+	defer tm.lock.Unlock()
+	tm.tokens = append(tm.tokens, tokens...)
+}
+
+// NumTokens returns the current number of tokens
+func (tm *TokenManager) NumTokens() int {
+	tm.lock.Lock()
+	defer tm.lock.Unlock()
+	return len(tm.tokens)
+}
+
+// FetchToken removes a token from the internal list and returns it, along with a count of the remaining tokens.
+// Errors if no tokens available.
+func (tm *TokenManager) FetchToken() (*privacypass.Token, int, error) {
+	tm.lock.Lock()
+	defer tm.lock.Unlock()
+	if len(tm.tokens) == 0 {
+		return nil, 0, errors.New("no more tokens")
+	}
+	token := tm.tokens[0]
+	tm.tokens = tm.tokens[1:]
+	return token, len(tm.tokens), nil
+}
--- a/protocol/connections/tokenboardclientapp.go
+++ b/protocol/connections/tokenboardclientapp.go
@ -13,21 +13,28 @@ import (
 	"git.openprivacy.ca/openprivacy/log"
 	"github.com/gtank/ristretto255"
 	"reflect"
-	"sync"
 	"time"
 )

+// TokenBoardHandler encapsulates all the various handlers a client needs to interact with a token board
+// this includes handlers to receive new messages, as well as handlers to manage tokens.
+type TokenBoardHandler interface {
+	GroupMessageHandler(server string, gm *groups.EncryptedGroupMessage)
+	ServerAuthedHandler(server string)
+	ServerSyncedHandler(server string)
+	ServerClosedHandler(server string)
+	NewTokenHandler(tokenService string, tokens []*privacypass.Token)
+	FetchToken(tokenService string) (*privacypass.Token, int, error)
+}
+
 // NewTokenBoardClient generates a new Client for Token Board
-func NewTokenBoardClient(acn connectivity.ACN, Y *ristretto255.Element, tokenServiceOnion string, lastKnownSignature []byte, groupMessageHandler func(server string, gm *groups.EncryptedGroupMessage), serverAuthedHandler func(server string), serverSyncedHandler func(server string), serverClosedHandler func(server string)) tapir.Application {
+func NewTokenBoardClient(acn connectivity.ACN, Y *ristretto255.Element, tokenServiceOnion string, lastKnownSignature []byte, tokenBoardHandler TokenBoardHandler) tapir.Application {
 	tba := new(TokenBoardClient)
 	tba.acn = acn
 	tba.tokenService = privacypass.NewTokenServer()
 	tba.tokenService.Y = Y
 	tba.tokenServiceOnion = tokenServiceOnion
-	tba.receiveGroupMessageHandler = groupMessageHandler
-	tba.serverAuthedHandler = serverAuthedHandler
-	tba.serverSyncedHandler = serverSyncedHandler
-	tba.serverClosedHandler = serverClosedHandler
+	tba.tokenBoardHandler = tokenBoardHandler
 	tba.lastKnownSignature = lastKnownSignature
 	return tba
 }
@ -35,16 +42,12 @@ func NewTokenBoardClient(acn connectivity.ACN, Y *ristretto255.Element, tokenSer
 // TokenBoardClient defines a client for the TokenBoard server
 type TokenBoardClient struct {
 	applications.AuthApp
-	connection                 tapir.Connection
-	receiveGroupMessageHandler func(server string, gm *groups.EncryptedGroupMessage)
-	serverAuthedHandler        func(server string)
-	serverSyncedHandler        func(server string)
-	serverClosedHandler        func(server string)
+	connection        tapir.Connection
+	tokenBoardHandler TokenBoardHandler

 	// Token service handling
-	acn                connectivity.ACN
-	tokens             []*privacypass.Token
-	tokenLock          sync.Mutex
+	acn connectivity.ACN
+
 	tokenService       *privacypass.TokenServer
 	tokenServiceOnion  string
 	lastKnownSignature []byte
@ -53,10 +56,7 @@ type TokenBoardClient struct {
 // NewInstance Client a new TokenBoardApp
 func (ta *TokenBoardClient) NewInstance() tapir.Application {
 	tba := new(TokenBoardClient)
-	tba.serverAuthedHandler = ta.serverAuthedHandler
-	tba.serverSyncedHandler = ta.serverSyncedHandler
-	tba.serverClosedHandler = ta.serverClosedHandler
-	tba.receiveGroupMessageHandler = ta.receiveGroupMessageHandler
+	tba.tokenBoardHandler = ta.tokenBoardHandler
 	tba.acn = ta.acn
 	tba.tokenService = ta.tokenService
 	tba.tokenServiceOnion = ta.tokenServiceOnion
@ -69,7 +69,7 @@ func (ta *TokenBoardClient) Init(connection tapir.Connection) {
 	ta.AuthApp.Init(connection)
 	if connection.HasCapability(applications.AuthCapability) {
 		ta.connection = connection
-		ta.serverAuthedHandler(ta.connection.Hostname())
+		ta.tokenBoardHandler.ServerAuthedHandler(ta.connection.Hostname())
 		log.Debugf("Successfully Initialized Connection to %v", connection.Hostname())
 		go ta.Listen()
 		// Optimistically acquire many tokens for this server...
@ -88,7 +88,7 @@ func (ta *TokenBoardClient) Listen() {
 		data := ta.connection.Expect()
 		if len(data) == 0 {
 			log.Debugf("Server closed the connection...")
-			ta.serverClosedHandler(ta.connection.Hostname())
+			ta.tokenBoardHandler.ServerClosedHandler(ta.connection.Hostname())
 			return // connection is closed
 		}

@ -96,7 +96,7 @@ func (ta *TokenBoardClient) Listen() {
 		var message groups.Message
 		if err := json.Unmarshal(data, &message); err != nil {
 			log.Debugf("Server sent an unexpected message, closing the connection: %v", err)
-			ta.serverClosedHandler(ta.connection.Hostname())
+			ta.tokenBoardHandler.ServerClosedHandler(ta.connection.Hostname())
 			ta.connection.Close()
 			return
 		}
@ -104,10 +104,10 @@ func (ta *TokenBoardClient) Listen() {
 		switch message.MessageType {
 		case groups.NewMessageMessage:
 			if message.NewMessage != nil {
-				ta.receiveGroupMessageHandler(ta.connection.Hostname(), &message.NewMessage.EGM)
+				ta.tokenBoardHandler.GroupMessageHandler(ta.connection.Hostname(), &message.NewMessage.EGM)
 			} else {
 				log.Debugf("Server sent an unexpected NewMessage, closing the connection: %s", data)
-				ta.serverClosedHandler(ta.connection.Hostname())
+				ta.tokenBoardHandler.ServerClosedHandler(ta.connection.Hostname())
 				ta.connection.Close()
 				return
 			}
@ -121,23 +121,23 @@ func (ta *TokenBoardClient) Listen() {

 					if len(data) == 0 {
 						log.Debugf("Server sent an unexpected EncryptedGroupMessage, closing the connection")
-						ta.serverClosedHandler(ta.connection.Hostname())
+						ta.tokenBoardHandler.ServerClosedHandler(ta.connection.Hostname())
 						ta.connection.Close()
 						return
 					}

 					egm := &groups.EncryptedGroupMessage{}
 					if err := json.Unmarshal(data, egm); err == nil {
-						ta.receiveGroupMessageHandler(ta.connection.Hostname(), egm)
+						ta.tokenBoardHandler.GroupMessageHandler(ta.connection.Hostname(), egm)
 						ta.lastKnownSignature = egm.Signature
 					} else {
 						log.Debugf("Server sent an unexpected EncryptedGroupMessage, closing the connection: %v", err)
-						ta.serverClosedHandler(ta.connection.Hostname())
+						ta.tokenBoardHandler.ServerClosedHandler(ta.connection.Hostname())
 						ta.connection.Close()
 						return
 					}
 				}
-				ta.serverSyncedHandler(ta.connection.Hostname())
+				ta.tokenBoardHandler.ServerSyncedHandler(ta.connection.Hostname())
 				ta.connection.SetCapability(groups.CwtchServerSyncedCapability)
 			}
 		}
@ -195,12 +195,8 @@ func (ta *TokenBoardClient) MakePayment() error {
 		if err == nil {
 			powtapp, ok := conn.App().(*applications.TokenApplication)
 			if ok {
-				// Update tokens...we need a lock here to prevent SpendToken from modifying the tokens
-				// during this process..
 				log.Debugf("Updating Tokens")
-				ta.tokenLock.Lock()
-				ta.tokens = append(ta.tokens, powtapp.Tokens...)
-				ta.tokenLock.Unlock()
+				ta.tokenBoardHandler.NewTokenHandler(ta.tokenServiceOnion, powtapp.Tokens)
 				log.Debugf("Transcript: %v", powtapp.Transcript().OutputTranscriptToAudit())
 				conn.Close()
 				return nil
@ -221,14 +217,9 @@ func (ta *TokenBoardClient) MakePayment() error {

 // NextToken retrieves the next token
 func (ta *TokenBoardClient) NextToken(data []byte, hostname string) (privacypass.SpentToken, int, error) {
-	// Taken the first new token, we need a lock here because tokens can be appended by MakePayment
-	// which could result in weird behaviour...
-	ta.tokenLock.Lock()
-	defer ta.tokenLock.Unlock()
-	if len(ta.tokens) == 0 {
-		return privacypass.SpentToken{}, len(ta.tokens), errors.New("no more tokens")
+	token, numtokens, err := ta.tokenBoardHandler.FetchToken(ta.tokenServiceOnion)
+	if err != nil {
+		return privacypass.SpentToken{}, numtokens, err
 	}
-	token := ta.tokens[0]
-	ta.tokens = ta.tokens[1:]
-	return token.SpendToken(append(data, hostname...)), len(ta.tokens), nil
+	return token.SpendToken(append(data, hostname...)), numtokens, nil
 }
--- a/protocol/files/manifest.go
+++ b/protocol/files/manifest.go
@ -9,7 +9,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"sync"
 )
@ -122,7 +121,7 @@ func (m *Manifest) GetChunkBytes(id uint64) ([]byte, error) {

 // LoadManifest reads in a json serialized Manifest from a file
 func LoadManifest(filename string) (*Manifest, error) {
-	bytes, err := ioutil.ReadFile(filename)
+	bytes, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
@ -319,7 +318,7 @@ func (m *Manifest) Close() {

 // Save writes a JSON encoded byte array version of the manifest to path
 func (m *Manifest) Save(path string) error {
-	return ioutil.WriteFile(path, m.Serialize(), 0600)
+	return os.WriteFile(path, m.Serialize(), 0600)
 }

 // Serialize returns the manifest as a JSON encoded byte array
--- a/protocol/files/manifest_test.go
+++ b/protocol/files/manifest_test.go
@ -3,8 +3,8 @@ package files
 import (
 	"encoding/hex"
 	"encoding/json"
-	"io/ioutil"
 	"math"
+	"os"
 	"testing"
 )

@ -77,7 +77,7 @@ func TestManifestLarge(t *testing.T) {
 	t.Logf("%v %s", len(json), json)

 	// Pretend we downloaded the manifest
-	ioutil.WriteFile("testdata/cwtch.png.manifest", json, 0600)
+	os.WriteFile("testdata/cwtch.png.manifest", json, 0600)

 	// Load the manifest from a file
 	cwtchPngManifest, err := LoadManifest("testdata/cwtch.png.manifest")
--- a/storage/v1/file_enc.go
+++ b/storage/v1/file_enc.go
@ -8,7 +8,7 @@ import (
 	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/crypto/sha3"
 	"io"
-	"io/ioutil"
+	"os"
 	path "path/filepath"
 )

@ -35,7 +35,7 @@ func CreateKey(password string, salt []byte) [32]byte {
 	return dkr
 }

-//EncryptFileData encrypts the data with the supplied key
+// EncryptFileData encrypts the data with the supplied key
 func EncryptFileData(data []byte, key [32]byte) ([]byte, error) {
 	var nonce [24]byte

@ -48,7 +48,7 @@ func EncryptFileData(data []byte, key [32]byte) ([]byte, error) {
 	return encrypted, nil
 }

-//DecryptFile decrypts the passed ciphertext with the supplied key.
+// DecryptFile decrypts the passed ciphertext with the supplied key.
 func DecryptFile(ciphertext []byte, key [32]byte) ([]byte, error) {
 	var decryptNonce [24]byte
 	copy(decryptNonce[:], ciphertext[:24])
@ -61,7 +61,7 @@ func DecryptFile(ciphertext []byte, key [32]byte) ([]byte, error) {

 // ReadEncryptedFile reads data from an encrypted file in directory with key
 func ReadEncryptedFile(directory, filename string, key [32]byte) ([]byte, error) {
-	encryptedbytes, err := ioutil.ReadFile(path.Join(directory, filename))
+	encryptedbytes, err := os.ReadFile(path.Join(directory, filename))
 	if err == nil {
 		return DecryptFile(encryptedbytes, key)
 	}
--- a/storage/v1/file_store.go
+++ b/storage/v1/file_store.go
@ -2,7 +2,6 @@ package v1

 import (
 	"git.openprivacy.ca/openprivacy/log"
-	"io/ioutil"
 	"os"
 	"path"
 )
@ -38,7 +37,7 @@ func (fps *fileStore) Write(data []byte) error {
 		return err
 	}

-	err = ioutil.WriteFile(path.Join(fps.directory, fps.filename), encryptedbytes, 0600)
+	err = os.WriteFile(path.Join(fps.directory, fps.filename), encryptedbytes, 0600)
 	return err
 }

--- a/storage/v1/profile_store.go
+++ b/storage/v1/profile_store.go
@ -5,14 +5,14 @@ import (
 	"cwtch.im/cwtch/model"
 	"encoding/json"
 	"git.openprivacy.ca/openprivacy/log"
-	"io/ioutil"
+	"os"
 	"path"
 )

 const profileFilename = "profile"
 const saltFile = "SALT"

-//ProfileStoreV1 storage for profiles and message streams that uses in memory key and fs stored salt instead of in memory password
+// ProfileStoreV1 storage for profiles and message streams that uses in memory key and fs stored salt instead of in memory password
 type ProfileStoreV1 struct {
 	fs        FileStore
 	directory string
@ -24,7 +24,7 @@ type ProfileStoreV1 struct {
 // LoadProfileWriterStore loads a profile store from filestore listening for events and saving them
 // directory should be $appDir/profiles/$rand
 func LoadProfileWriterStore(directory, password string) (*ProfileStoreV1, error) {
-	salt, err := ioutil.ReadFile(path.Join(directory, saltFile))
+	salt, err := os.ReadFile(path.Join(directory, saltFile))
 	if err != nil {
 		return nil, err
 	}
--- a/storage/v1/stream_store.go
+++ b/storage/v1/stream_store.go
@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"git.openprivacy.ca/openprivacy/log"
-	"io/ioutil"
 	"math"
 	"os"
 	"path"
@ -93,7 +92,7 @@ func (ss *streamStore) updateFile() error {
 		return err
 	}

-	ioutil.WriteFile(path.Join(ss.storeDirectory, fmt.Sprintf("%s.%d", ss.filenameBase, 0)), encryptedMsgs, 0600)
+	os.WriteFile(path.Join(ss.storeDirectory, fmt.Sprintf("%s.%d", ss.filenameBase, 0)), encryptedMsgs, 0600)
 	return nil
 }

--- a/testing/cwtch_peer_server_integration_test.go
+++ b/testing/cwtch_peer_server_integration_test.go
@ -15,7 +15,6 @@ import (
 	"git.openprivacy.ca/openprivacy/connectivity/tor"
 	"git.openprivacy.ca/openprivacy/log"
 	_ "github.com/mutecomm/go-sqlcipher/v4"
-	"io/ioutil"
 	mrand "math/rand"
 	"os"
 	"os/user"
@ -80,7 +79,7 @@ func TestCwtchPeerIntegration(t *testing.T) {
 	}

 	torDataDir := ""
-	if torDataDir, err = ioutil.TempDir(dataDir, "data-dir-"); err != nil {
+	if torDataDir, err = os.MkdirTemp(dataDir, "data-dir-"); err != nil {
 		t.Fatalf("could not create data dir")
 	}

--- a/testing/encryptedstorage/encrypted_storage_integration_test.go
+++ b/testing/encryptedstorage/encrypted_storage_integration_test.go
@ -12,7 +12,6 @@ import (
 	"git.openprivacy.ca/openprivacy/connectivity/tor"
 	"git.openprivacy.ca/openprivacy/log"
 	_ "github.com/mutecomm/go-sqlcipher/v4"
-	"io/ioutil"
 	mrand "math/rand"
 	"os"
 	"path"
@ -42,7 +41,7 @@ func TestEncryptedStorage(t *testing.T) {
 	}

 	torDataDir := ""
-	if torDataDir, err = ioutil.TempDir(dataDir, "data-dir-"); err != nil {
+	if torDataDir, err = os.MkdirTemp(dataDir, "data-dir-"); err != nil {
 		t.Fatalf("could not create data dir")
 	}

--- a/testing/filesharing/file_sharing_integration_test.go
+++ b/testing/filesharing/file_sharing_integration_test.go
@ -2,13 +2,6 @@ package filesharing

 import (
 	"crypto/rand"
-	utils2 "cwtch.im/cwtch/utils"
-	"encoding/base64"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-
 	app2 "cwtch.im/cwtch/app"
 	"cwtch.im/cwtch/event"
 	"cwtch.im/cwtch/functionality/filesharing"
@ -18,6 +11,11 @@ import (
 	"cwtch.im/cwtch/peer"
 	"cwtch.im/cwtch/protocol/connections"
 	"cwtch.im/cwtch/protocol/files"
+	utils2 "cwtch.im/cwtch/utils"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
 	"git.openprivacy.ca/openprivacy/connectivity/tor"
 	"git.openprivacy.ca/openprivacy/log"

@ -77,7 +75,7 @@ func TestFileSharing(t *testing.T) {
 	}

 	torDataDir := ""
-	if torDataDir, err = ioutil.TempDir(dataDir, "data-dir-"); err != nil {
+	if torDataDir, err = os.MkdirTemp(dataDir, "data-dir-"); err != nil {
 		t.Fatalf("could not create data dir")
 	}