From 0231efcd7a777f3789ff51105c147a51a21696b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20P=C3=A9rez?= <jpl@jesusperez.pro>
Date: Wed, 19 Jul 2023 04:00:41 +0100
Subject: [PATCH] chore: add src slq and Cargo

---
 Cargo.toml                     |   78 ++
 sql/check.sql                  |    9 +
 sql/users.sql                  |   27 +
 sql/view.sql                   |    3 +
 src/defs.rs                    |   62 ++
 src/defs/_config.rs            |  415 ++++++++
 src/defs/app_connect_info.rs   |   18 +
 src/defs/appdbs.rs             |   82 ++
 src/defs/authz.rs              |   67 ++
 src/defs/cli.rs                |   95 ++
 src/defs/config.rs             |  383 +++++++
 src/defs/filestore.rs          |  368 +++++++
 src/defs/from_file.rs          |   76 ++
 src/defs/local.rs              |   43 +
 src/defs/mailer.rs             |  152 +++
 src/defs/req_handler.rs        |  294 ++++++
 src/defs/req_headermap.rs      |  192 ++++
 src/defs/req_settings.rs       |   35 +
 src/defs/session.rs            |  403 ++++++++
 src/defs/totp_algorithm.rs     |   37 +
 src/defs/totp_mode.rs          |   37 +
 src/defs/tracedata.rs          |  290 ++++++
 src/handlers.rs                |   15 +
 src/handlers/admin_handlers.rs |  742 ++++++++++++++
 src/handlers/other_handlers.rs |  224 +++++
 src/handlers/pages_handlers.rs |  109 ++
 src/handlers/users_handlers.rs | 1718 ++++++++++++++++++++++++++++++++
 src/login_password.rs          |   75 ++
 src/main.rs                    |  546 ++++++++++
 src/tera_tpls.rs               |   26 +
 src/tools.rs                   |   58 ++
 src/users.rs                   |   17 +
 src/users/NO/user_id.rs        |  263 +++++
 src/users/NO/usernotifydata.rs |   67 ++
 src/users/entries.rs           |  111 +++
 src/users/user.rs              |  631 ++++++++++++
 src/users/user_action.rs       |   58 ++
 src/users/user_role.rs         |   60 ++
 src/users/userdata.rs          |   96 ++
 src/users/userstatus.rs        |  222 +++++
 src/users/userstore.rs         |   35 +
 41 files changed, 8239 insertions(+)
 create mode 100644 Cargo.toml
 create mode 100644 sql/check.sql
 create mode 100644 sql/users.sql
 create mode 100644 sql/view.sql
 create mode 100644 src/defs.rs
 create mode 100644 src/defs/_config.rs
 create mode 100644 src/defs/app_connect_info.rs
 create mode 100644 src/defs/appdbs.rs
 create mode 100644 src/defs/authz.rs
 create mode 100644 src/defs/cli.rs
 create mode 100644 src/defs/config.rs
 create mode 100644 src/defs/filestore.rs
 create mode 100644 src/defs/from_file.rs
 create mode 100644 src/defs/local.rs
 create mode 100644 src/defs/mailer.rs
 create mode 100644 src/defs/req_handler.rs
 create mode 100644 src/defs/req_headermap.rs
 create mode 100644 src/defs/req_settings.rs
 create mode 100644 src/defs/session.rs
 create mode 100644 src/defs/totp_algorithm.rs
 create mode 100644 src/defs/totp_mode.rs
 create mode 100644 src/defs/tracedata.rs
 create mode 100644 src/handlers.rs
 create mode 100644 src/handlers/admin_handlers.rs
 create mode 100644 src/handlers/other_handlers.rs
 create mode 100644 src/handlers/pages_handlers.rs
 create mode 100644 src/handlers/users_handlers.rs
 create mode 100644 src/login_password.rs
 create mode 100644 src/main.rs
 create mode 100644 src/tera_tpls.rs
 create mode 100644 src/tools.rs
 create mode 100644 src/users.rs
 create mode 100644 src/users/NO/user_id.rs
 create mode 100644 src/users/NO/usernotifydata.rs
 create mode 100644 src/users/entries.rs
 create mode 100644 src/users/user.rs
 create mode 100644 src/users/user_action.rs
 create mode 100644 src/users/user_role.rs
 create mode 100644 src/users/userdata.rs
 create mode 100644 src/users/userstatus.rs
 create mode 100644 src/users/userstore.rs

diff --git a/Cargo.toml b/Cargo.toml
new file mode 100644
index 0000000..a958217
--- /dev/null
+++ b/Cargo.toml
@@ -0,0 +1,78 @@
+[package]
+name = "docserver"
+version = "0.1.0"
+edition = "2021"
+#publish = false
+publish = true
+
+[registry]
+default = "inrepo"
+
+#[package.metadata.docs.rs]
+#all-features = true
+#rustdoc-args = ["--html-in-header", "rusdoc/header.html"]
+
+[dependencies]
+log = { version = "0.4.19", features = ["max_level_trace","release_max_level_trace"], package = "log" }
+axum = { git = "https://github.com/tokio-rs/axum.git", branch = "main" }
+axum-server = { version = "0.5.1", features = ["tls-rustls"] }
+tokio = { version = "1.29.1", features = ["full"] }
+tower = { version = "0.4.13", features = ["util", "filter"] }
+tower-http = { version = "0.4.1", features = ["fs", "cors", "trace", "add-extension", "auth", "compression-full"] }
+tower-cookies = "0.9"
+tracing = "0.1.37"
+tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
+
+casbin = { version = "2.0.9", features = ["cached","explain","logging"], optional = true}
+pasetoken-lib= {path = "./libs/pasetoken", package = "pasetoken-lib" }
+pasetors = { version = "0.6.7" }
+
+serde = { version = "1.0.171", features = ["derive"] }
+serde_derive = "1.0.171"
+serde_json = "1.0.103"
+toml = "0.7.6"
+
+clap = { version = "4.3.16", features = ["derive"] }
+git-version = "0.3.5"
+once_cell = "1.18.0"
+
+hyper = { version = "0.14.27", features = ["full"] }
+tera = "1.19.0"
+html-minifier = "4.0.0"
+urlencoding = "2.1.2"
+password-hash = { version = "0.5", features = ["alloc", "rand_core"] }
+rand_core = { version = "0.6", features = ["getrandom"] }
+argon2 = { version = "0.5",  default-features = false, features = ["alloc", "simple"]}
+rand_chacha = "0.3.1"
+async-trait = "0.1.71"
+async-session = "3.0.0"
+async-sqlx-session = { version = "0.4.0", features = ["sqlite"] }
+
+forwarded-header-value = "0.1.1"
+lettre = { version = "0.10.4", features = ["smtp-transport", "tokio1", "tokio1-native-tls", "builder"] }
+
+chrono = "0.4.26"
+uuid = { version = "1.4.1", features = ["v4", "serde"] }
+rand = "0.8.5"
+walkdir = "2.3.3"
+binascii = "0.1.4"
+anyhow = "1.0.72"
+
+totp-rs = { version = "5.0.2", features = ["qr","otpauth"] }
+base32  = "0.4.0"
+zxcvbn = "2.2.2"
+
+futures= "0.3.28"
+sqlx = { version = "0.6.3", features = ["all-types", "all-databases","runtime-tokio-native-tls"] }
+#sqlx = { version = "0.7.1", features = ["all-databases","runtime-tokio-native-tls"] }
+
+[dev-dependencies]
+async-std = { version = "1.12.0", features = ["default","attributes"] }
+
+# [target.'cfg(target_arch = "wasm32")'.dependencies]
+# getrandom = { version = "0.2", features = ["js"] }
+
+[features]
+default = ["casbin"]
+#default = ["authstore"]
+authstore = []
diff --git a/sql/check.sql b/sql/check.sql
new file mode 100644
index 0000000..71f6dfb
--- /dev/null
+++ b/sql/check.sql
@@ -0,0 +1,9 @@
+SELECT EXISTS (
+    SELECT 
+        name
+    FROM 
+        sqlite_schema 
+    WHERE 
+        type='table' AND 
+        name='users'
+    );
diff --git a/sql/users.sql b/sql/users.sql
new file mode 100644
index 0000000..dbf30e1
--- /dev/null
+++ b/sql/users.sql
@@ -0,0 +1,27 @@
+DROP TABLE users;
+CREATE TABLE IF NOT EXISTS users
+(
+    id          INTEGER PRIMARY KEY NOT NULL,
+    name        TEXT                NOT NULL,
+    fullname    TEXT                NOT NULL,
+    email       TEXT                NOT NULL,
+    description TEXT                NOT NULL,
+    password    TEXT                NOT NULL,
+    otp_enabled BOOLEAN             FALSE,
+    otp_verified BOOLEAN            FALSE,
+    otp_base32  TEXT                NOT NULL,
+    otp_auth_url TEXT               NOT NULL,
+    otp_defs    TEXT                NOT NULL,
+    roles       TEXT                NOT NULL,
+    created     TEXT                NOT NULL,
+    lastaccess  TEXT                NOT NULL,
+    status      TEXT                NOT NULL,
+    items       TEXT                NOT NULL,
+    isadmin     BOOLEAN             FALSE
+);
+CREATE UNIQUE INDEX idx_users_email
+ON users (email);
+
+CREATE UNIQUE INDEX idx_users_fullname
+ON users (name);
+
diff --git a/sql/view.sql b/sql/view.sql
new file mode 100644
index 0000000..c332330
--- /dev/null
+++ b/sql/view.sql
@@ -0,0 +1,3 @@
+.tables
+PRAGMA table_info(users);
+
diff --git a/src/defs.rs b/src/defs.rs
new file mode 100644
index 0000000..6f3aa55
--- /dev/null
+++ b/src/defs.rs
@@ -0,0 +1,62 @@
+mod config;
+mod cli;
+mod from_file;
+mod filestore;
+mod session;
+#[cfg(feature = "authstore")]
+mod authz;
+mod appdbs;
+mod req_headermap;
+mod req_handler;
+mod tracedata;
+mod local;
+mod mailer;
+mod totp_mode;
+mod totp_algorithm;
+mod app_connect_info;
+
+pub(crate) use appdbs::AppDBs;
+pub(crate) use session::{
+    SessionStoreDB,
+    AuthState,
+    Random,
+};
+pub(crate) use from_file::{
+    FromFile, 
+    load_from_file,
+    DictFromFile,
+    load_dict_from_file,
+};
+pub(crate) use filestore::FileStore;
+#[cfg(feature = "authstore")]
+pub(crate) use authz::AuthStore;
+pub(crate) use config::{ServPath,Config};
+pub(crate) use cli::parse_args;
+pub(crate) use req_handler::ReqHandler;
+pub(crate) use req_headermap::ReqHeaderMap;
+pub(crate) use tracedata::{TraceData,TraceContent, TraceLogContent};
+pub(crate) use local::Local;
+pub(crate) use mailer::MailMessage;
+
+pub(crate) use totp_algorithm::{TotpAlgorithm,deserialize_totp_algorithm};
+pub(crate) use totp_mode::{TotpMode, deserialize_totp_mode};
+
+pub(crate) use app_connect_info::AppConnectInfo;
+
+pub const TOKEN_KEY_VALUE: &str = "tii-cl";
+pub const TOKEN_AUTH_VALUE: &str = "tii-cl-token";
+pub const CLAIM_UID: &str = "uid";
+pub const CLAIM_AUTH: &str = "auth";
+pub const CLAIM_APP_KEY: &str = "app_key";
+pub const USER_DATA: &str = "user_data";
+pub const BEARER: &str = "Bearer"; 
+pub const USER_AGENT: &str = "user-agent"; 
+pub const FILE_SCHEME: &str = "file:///"; 
+pub const SESSION_ID: &str = "sid"; 
+pub const ACCEPT_LANGUAGE: &str = "accept-language"; 
+pub const X_INTERNAL: &str = "x-internal"; 
+pub const X_REAL_IP: &str = "x-real-ip";
+pub const X_FORWARDED_FOR: &str = "x-forwarded-for";
+pub const AUTHORIZATION: &str = "authorization"; 
+pub const REFERER: &str = "referer"; 
+pub const SID_TRACE_FILE: &str = "sid_trace.json";
diff --git a/src/defs/_config.rs b/src/defs/_config.rs
new file mode 100644
index 0000000..86d5c54
--- /dev/null
+++ b/src/defs/_config.rs
@@ -0,0 +1,415 @@
+use std::collections::HashMap;
+use serde::{Serialize, Deserialize};
+//use serde_json::value::{to_value, Value};
+use log::error;
+use std::io::{Error, ErrorKind, Result};
+
+use pasetoken_lib::ConfigPaSeToken;
+use pasetors::footer::Footer;
+
+use crate::{
+    CFG_FILE_EXTENSION,
+    FILE_SCHEME,
+    defs::{
+        Local, TotpAlgorithm, TotpMode,
+        deserialize_totp_algorithm,
+        deserialize_totp_mode,
+        FromFile,
+        load_dict_from_file,
+        VecFromFile,
+        load_vec_from_file,
+    },
+}; 
+
+use std::path::Path;
+
+pub type WebSubMenuItems = Vec<SubMenuItem>;
+
+// use crate::tools::generate_uuid;
+
+// fn default_config_empty() -> String {
+//   "".to_string()
+// }
+// fn default_config_items() -> HashMap<String,String> {
+//   HashMap::new()
+// }
+fn default_config_resource() -> String {
+  "/".to_string()
+}
+fn default_config_array_resource() -> Vec<String> {
+  Vec::new()
+}
+fn default_config_serv_paths()-> Vec<ServPath> {
+  Vec::new()
+}
+fn default_config_dflt_lang() -> String {
+  "en".to_string()
+}
+// fn default_server_uid() -> String {
+//     generate_uuid(String::from("abcdef0123456789"))
+// }
+fn default_config_org() -> String {
+  "".to_string()
+}
+fn default_config_empty() -> String {
+  "".to_string()
+}
+fn default_config_locales() -> HashMap<String,Local> {
+  HashMap::new()
+}
+fn default_config_tpls() -> HashMap<String,String> {
+  HashMap::new()
+}
+fn default_is_restricted() -> bool {
+  false
+}
+fn default_config_use_mail() -> bool {
+  false
+}
+fn default_config_use_token() -> bool {
+   false
+}
+fn default_config_invite_expire() -> u64 {
+  300
+}
+fn default_config_web_menu_items() -> Vec<WebMenuItem> {
+    Vec::new()
+}
+fn default_web_menu_item_roles() -> Vec<String> {
+    Vec::new()
+}
+fn default_auth_roles() -> Vec<String> {
+    Vec::new()
+}
+fn default_sub_menu_items() -> Vec<SubMenuItem> {
+    Vec::new()
+}
+fn default_config_totp_digits() -> usize {
+    6
+}
+fn default_config_totp_algorithm() -> TotpAlgorithm {
+    TotpAlgorithm::default()
+}
+fn default_config_totp_mode() -> TotpMode {
+    TotpMode::default()
+}
+fn default_config_password_score() -> u8 {
+    0
+}
+fn default_config_trace_level() -> u8 {
+   1 
+}
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct SubMenuItem {
+        #[serde(default = "default_config_empty")]
+    pub typ: String,
+        #[serde(default = "default_config_empty")]
+    pub srctyp: String,
+        #[serde(default = "default_config_empty")]
+    pub text: String,
+        #[serde(default = "default_config_empty")]
+    pub url: String,
+        #[serde(default = "default_web_menu_item_roles")]
+    pub roles: Vec<String>,
+}
+
+
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct WebMenuItem {
+        #[serde(default = "default_config_resource")]
+    pub root_path: String,
+        #[serde(default = "default_config_empty")]
+    pub typ: String,
+        #[serde(default = "default_config_empty")]
+    pub srctyp: String,
+        #[serde(default = "default_config_empty")]
+    pub text: String,
+        #[serde(default = "default_config_empty")]
+    pub url: String,
+        #[serde(default = "default_web_menu_item_roles")]
+    pub roles: Vec<String>,
+        #[serde(default = "default_sub_menu_items")]
+    pub items: Vec<SubMenuItem>,
+}
+impl VecFromFile for WebMenuItem {
+    fn fix_root_path<WebMenuItem>(&mut self, _root_path:  String ) { 
+    }
+}
+// impl WebMenuItem {
+//     pub fn load_items(path_items: String) -> Vec<WebMenuItem> { 
+//         if !path_items.is_empty() {
+//             load_vec_from_file(&path_items.to_owned(), "web_menu.items").unwrap_or_else(|e|{
+//                 print!("Error loading sid_settings from {}: {}",&path_items,e);
+//                 error!("Error loading sid_settings from {}: {}",&path_items,e);
+//                 Vec::new()
+//             })
+//         } else {
+//             Vec::new()
+//         }
+//     }
+//}
+
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct UiConfig {
+        #[serde(default = "default_config_empty")]
+    pub css_link: String,
+        #[serde(default = "default_config_empty")]
+    pub js_link: String,
+        #[serde(default = "default_config_empty")]
+    pub other_css_link: String,
+        #[serde(default = "default_config_empty")]
+    pub other_js_link: String,
+        #[serde(default = "default_config_empty")]
+    pub main_js_link: String,
+        #[serde(default = "default_config_empty")]
+    pub utils_js_link: String,
+        #[serde(default = "default_config_web_menu_items")]
+    pub web_menu_items: Vec<WebMenuItem>,
+} 
+
+/// ServPath collects dir path to server as static content
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct ServPath {
+        #[serde(default = "default_config_empty")]
+    pub src_path: String,
+        #[serde(default = "default_config_empty")]
+    pub url_path: String,
+        #[serde(default = "default_config_empty")]
+    pub not_found: String,
+        #[serde(default = "default_config_empty")]
+    pub not_auth: String,
+        #[serde(default = "default_is_restricted")]
+    pub is_restricted: bool,
+        #[serde(default = "default_config_empty")]
+    pub redirect_to: String,
+}
+/// Config collects config values.
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct Config {
+    pub hostport: String,
+    pub bind: String,
+    pub port: u16,
+    pub protocol: String,
+        #[serde(default = "default_config_org")]
+    pub org: String,
+    pub name: String,
+    pub verbose: u8,
+    pub prefix: String,
+    pub resources_path: String,
+    pub cert_file: String,
+    pub key_file: String,
+    //pub certs_store_path: String,
+    //pub cert_file_sufix: String,
+        #[serde(default = "default_config_array_resource")]
+    pub allow_origin: Vec<String>,
+        #[serde(default = "default_config_array_resource")]
+    pub langs: Vec<String>,
+        #[serde(default = "default_config_dflt_lang")]
+    pub dflt_lang: String,
+        #[serde(default = "default_config_empty")]
+    pub path_locales_config: String,
+        #[serde(default = "default_config_locales")]
+    pub locales: HashMap<String,Local>,
+
+    // Some paths 
+        #[serde(default = "default_config_resource")]
+    pub root_path: String,
+        #[serde(default = "default_config_resource")]
+    pub defaults_path: String,
+        #[serde(default = "default_config_serv_paths")]
+    pub serv_paths: Vec<ServPath>,
+        #[serde(default = "default_config_resource")]
+    pub docs_index: String,
+
+        #[serde(default = "default_config_resource")]
+    pub templates_path: String,
+        #[serde(default = "default_config_resource")]
+    pub html_url: String,
+        #[serde(default = "default_config_resource")]
+    pub assets_url: String,
+
+        #[serde(default = "default_config_resource")]
+    pub users_store_uri: String,
+        #[serde(default = "default_config_empty")]
+    pub user_store_access: String,
+        #[serde(default = "default_auth_roles")]
+    pub auth_roles: Vec<String>,
+        #[serde(default = "default_config_empty")]
+    pub trace_store_uri: String,
+        #[serde(default = "default_config_trace_level")]
+    pub trace_level: u8,
+
+        #[serde(default = "default_config_empty")]
+    pub signup_mode: String,
+        #[serde(default = "default_config_invite_expire")]
+    pub invite_expire: u64,
+        #[serde(default = "default_config_use_token")]
+    pub use_token: bool,
+        #[serde(default = "default_config_totp_digits")]
+    pub totp_digits: usize,
+        #[serde(default = "default_config_totp_mode", deserialize_with = "deserialize_totp_mode")]
+    pub totp_mode: TotpMode,
+        #[serde(default = "default_config_totp_algorithm", deserialize_with = "deserialize_totp_algorithm")]
+    pub totp_algorithm: TotpAlgorithm,
+
+        #[serde(default = "default_config_password_score")]
+    pub password_score: u8,
+        #[serde(default = "default_config_empty")]
+    pub admin_fields: String,
+        #[serde(default = "default_config_empty")]
+    pub mail_from: String,
+        #[serde(default = "default_config_empty")]
+    pub mail_reply_to: String,
+
+        #[serde(default = "default_config_use_mail")]
+    pub use_mail: bool,
+        #[serde(default = "default_config_empty")]
+    pub smtp: String,
+        #[serde(default = "default_config_empty")]
+    pub smtp_auth: String,
+
+//    #[cfg(feature = "authstore")]
+        #[serde(default = "default_config_resource")]
+    pub authz_store_uri: String,
+//    #[cfg(feature = "casbin")]
+        #[serde(default = "default_config_empty")]
+    pub authz_model_path: String,
+//    #[cfg(feature = "casbin")]
+        #[serde(default = "default_config_empty")]
+    pub authz_policy_path: String,
+        #[serde(default = "default_config_empty")]
+
+    pub session_store_uri: String,
+        #[serde(default = "default_config_empty")]
+    pub session_store_file: String,
+    pub session_expire: u64,
+
+    pub paseto: ConfigPaSeToken,
+
+    pub ui: UiConfig,
+        #[serde(default = "default_config_tpls")]
+    pub tpls: HashMap<String,String>,
+
+        #[serde(default = "default_config_resource")]
+    pub path_menu_items: String,
+        #[serde(default = "default_config_resource")]
+    pub path_serv_paths: String,
+}
+
+// impl FromFile for Config {
+//     fn fix_root_path<Config>(&mut self, root_path:  String ) { 
+//         if root_path != self.root_path {
+//             self.root_path = root_path.to_owned();
+//         }
+//         if self.root_path.is_empty() || ! Path::new(&self.root_path).exists() {
+//             return;
+//         }
+//     }
+// }
+impl Config {
+    fn fix_item_path(&mut self, item: String ) -> String { 
+        if !item.is_empty() && ! Path::new(&item).exists() {
+            format!("{}/{}",&self.root_path,&item)
+        } else {
+            item
+        }
+    }
+    pub fn load_items(&mut self) { 
+        // self.fix_root_path::<Config>(self.root_path.to_owned());
+        if !self.path_menu_items.is_empty() {
+            self.path_menu_items = self.fix_item_path(self.path_menu_items.to_owned());
+            self.ui.web_menu_items = load_vec_from_file(&self.path_menu_items.to_owned(), "menu_items").unwrap_or_else(|e|{
+                error!("Error loading menu_items from {}: {}",&self.path_menu_items,e);
+                Vec::new()
+            });
+        }
+        if !self.path_locales_config.is_empty() {
+            self.path_locales_config = self.fix_item_path(self.path_locales_config.to_owned());
+            self.locales = load_dict_from_file(&self.path_locales_config.to_owned(), "locales").unwrap_or_else(|e|{
+                error!("Error loading locales from {}: {}",&self.path_locales_config,e);
+                HashMap::new()
+            });
+        }
+        if self.users_store_uri.starts_with(FILE_SCHEME) {
+            self.users_store_uri = format!("{}{}",
+                FILE_SCHEME, self.fix_item_path(self.users_store_uri.replace(FILE_SCHEME,"")));
+        } 
+        if self.session_store_uri.starts_with(FILE_SCHEME) {
+            self.session_store_uri = format!("{}{}",
+                FILE_SCHEME, self.fix_item_path(self.session_store_uri.replace(FILE_SCHEME,"")));
+        }
+        if self.trace_store_uri.starts_with(FILE_SCHEME) {
+            self.trace_store_uri = format!("{}{}",
+                FILE_SCHEME, self.fix_item_path(self.trace_store_uri.replace(FILE_SCHEME,"")));
+        } 
+        self.cert_file = self.fix_item_path(self.cert_file.to_owned());
+        self.key_file = self.fix_item_path(self.key_file.to_owned());
+        self.templates_path = self.fix_item_path(self.templates_path.to_owned());
+        self.defaults_path = self.fix_item_path(self.defaults_path.to_owned());
+
+        #[cfg(feature = "authstore")]
+        if self.authz_store_uri.starts_with(FILE_SCHEME) {
+            self.authz_store_uri = format!("{}{}", 
+                FILE_SCHEME, self.fix_item_path(self.authz_store_uri.replace(FILE_SCHEME,"")));
+        }
+        #[cfg(feature = "casbin")]
+        {
+            self.authz_model_path = self.fix_item_path(self.authz_model_path.to_owned());
+            self.authz_policy_path = self.fix_item_path(self.authz_policy_path.to_owned());
+        }
+        self.paseto.public_path = self.fix_item_path(self.paseto.public_path.to_owned());
+        self.paseto.secret_path = self.fix_item_path(self.paseto.secret_path.to_owned());
+        // Loading paseto 
+        (self.paseto.public_data, self.paseto.secret_data) = self.paseto.load_data();
+        self.paseto.footer = ConfigPaSeToken::make_footer(
+            self.paseto.map_footer.to_owned()
+        ).unwrap_or(Footer::new());
+    }
+    #[allow(dead_code)] 
+    pub fn to_json(&self) -> String {
+        serde_json::to_string(self).unwrap_or_else(|e|{
+            println!("Error to convert Config to json: {}",e);
+            String::from("")
+        })
+    }
+    // #[allow(dead_code)] 
+    // pub fn st_html_path(&self) -> &'static str  {
+    //     Box::leak(self.html_path.to_owned().into_boxed_str())
+    // }
+    #[allow(dead_code)] 
+    pub fn full_html_url(&self, url: &str) -> String {
+        format!("{}://{}:{}/{}",
+            &self.protocol,&self.bind,&self.port,
+            url
+        )
+    }
+    pub fn load_from_file<'a>(file_cfg: &str, name: &str) -> Result<Self> { 
+        let item_cfg: Self;
+        let file_path: String;
+        if file_cfg.contains(CFG_FILE_EXTENSION) {
+            file_path = file_cfg.to_string();
+        } else { 
+            file_path = format!("{}{}",file_cfg.to_string(),CFG_FILE_EXTENSION);
+        }
+        let config_content:  &'a str;
+        match std::fs::read_to_string(&file_path) {
+            Ok(cfgcontent) => config_content = Box::leak(cfgcontent.into_boxed_str()),
+            Err(e) => 
+                return Err(Error::new(
+                    ErrorKind::InvalidInput,
+                    format!("Error read {}: {}",&file_path,e)
+                )),
+        };
+        // match toml::from_str::<T>(&config_content) {
+        match toml::from_str::<Self>(&config_content) {
+            Ok(cfg) => item_cfg = cfg, 
+            Err(e) => return Err(Error::new(
+                ErrorKind::InvalidInput,
+                format!("Error loading config {}: {}",&file_path,e)
+            )),
+        };
+        log::info!("Loaded {} config from: {}", &name, &file_path);
+        Ok(item_cfg)
+    } 
+
+}
\ No newline at end of file
diff --git a/src/defs/app_connect_info.rs b/src/defs/app_connect_info.rs
new file mode 100644
index 0000000..61d52c7
--- /dev/null
+++ b/src/defs/app_connect_info.rs
@@ -0,0 +1,18 @@
+use std::net::SocketAddr;
+use hyper::server::conn::AddrStream;
+use axum::extract::connect_info::Connected;
+
+#[derive(Clone, Debug)]
+pub struct AppConnectInfo {
+   pub remote_addr: SocketAddr, 
+   pub local_addr: SocketAddr, 
+}
+
+impl Connected<&AddrStream> for AppConnectInfo {
+    fn connect_info(target: &AddrStream) -> Self {
+        AppConnectInfo {
+            remote_addr: target.remote_addr(),
+            local_addr: target.local_addr(),
+        }
+    }
+}
diff --git a/src/defs/appdbs.rs b/src/defs/appdbs.rs
new file mode 100644
index 0000000..e2b1116
--- /dev/null
+++ b/src/defs/appdbs.rs
@@ -0,0 +1,82 @@
+
+use tera::{Tera,Context};
+use tokio::sync::RwLock;
+
+#[cfg(feature = "casbin")]
+use casbin::{CoreApi,Enforcer};
+#[cfg(feature = "casbin")]
+use std::{
+    path::Path,
+    sync::Arc,
+};
+
+use crate::defs::{
+    Config,
+    SessionStoreDB,
+};
+
+#[cfg(feature = "authstore")]
+use crate::defs::AuthStore;
+
+use crate::users::UserStore;
+
+#[cfg(feature = "authstore")]
+#[derive(Clone)]
+pub struct AppDBs {
+    pub config: Config,
+    pub auth_store: AuthStore,
+    pub sessions_store_db: SessionStoreDB,
+    pub user_store: UserStore,
+    pub tera: Tera,
+    pub context: Context,
+}
+#[cfg(feature = "authstore")]
+impl AppDBs {
+    pub fn new(config: &Config, store: SessionStoreDB, user_store: UserStore, tera: Tera, context: Context) -> Self {
+        Self {
+            config: config.to_owned(),
+            auth_store: AuthStore::new(&config.authz_store_uri),
+            sessions_store_db: store,
+            user_store,
+            tera,
+            context,
+        }
+    } 
+}
+#[cfg(feature = "casbin")]
+#[derive(Clone)]
+pub struct AppDBs {
+    pub config: Config,
+    pub enforcer: Arc<RwLock<Enforcer>>,
+    pub sessions_store_db: SessionStoreDB,
+    pub user_store: UserStore,
+    pub tera: Tera,
+    pub context: Context,
+}
+#[cfg(feature = "casbin")]
+impl AppDBs {
+    pub fn new(config: &Config, store: SessionStoreDB, user_store: UserStore, enforcer: Arc<RwLock<Enforcer>>, tera: Tera, context: Context) -> Self {
+        Self {
+            config: config.to_owned(),
+            enforcer,
+            sessions_store_db: store,
+            user_store,
+            tera,
+            context,
+        }
+    } 
+    pub async fn create_enforcer(model_path: &'static str, policy_path: &'static str) -> Arc<RwLock<Enforcer>> {
+        if ! Path::new(&model_path).exists() {
+            panic!("model path: {} not exists",&model_path);
+        }
+        if ! Path::new(&policy_path).exists() {
+            panic!("policy path: {} not exists",&policy_path);
+        }
+        let e = Enforcer::new(model_path, policy_path)
+            .await
+            .expect("can read casbin model and policy files");
+        Arc::new(RwLock::new(e))
+    }
+}
+
+
diff --git a/src/defs/authz.rs b/src/defs/authz.rs
new file mode 100644
index 0000000..c8677cf
--- /dev/null
+++ b/src/defs/authz.rs
@@ -0,0 +1,67 @@
+use std::{
+   fs,
+   collections::HashMap,
+};
+use serde::{Deserialize,Serialize};
+
+use crate::defs::{
+  UserRole,
+  user_role::deserialize_user_role,
+};
+
+use log::{info,error};
+
+use crate::FILE_SCHEME;
+
+#[derive(Deserialize,Serialize,Clone,Debug,Default)]
+pub struct Authz {
+  pub user_id: String,
+  pub name: String,
+  pub passwd: String,
+  pub init: String,
+  pub last: String,
+  pub change: bool,
+    #[serde(deserialize_with = "deserialize_user_role")]
+  pub role: UserRole,
+}
+
+// pub type AuthzMap = Arc<RwLock<HashMap<String,Authz>>>;
+#[derive(Clone,Debug)]
+pub struct AuthStore {
+  pub authz: HashMap<String,Authz>,
+  // pub authz: AuthzMap,
+} 
+impl AuthStore {
+  pub fn new(authz_store_uri: &str) -> Self {
+    Self {
+      authz: AuthStore::create_authz_map(authz_store_uri),
+//      authz: Arc::new(RwLock::new(AuthStore::create_authz_map(config))),
+    }
+  }
+  pub fn load_authz_from_fs(target: &str) -> HashMap<String, Authz> {
+    let data_content = fs::read_to_string(target).unwrap_or_else(|_|String::from(""));
+    if ! data_content.contains("role") {
+      println!("Error no 'role' in authz from store: {}", &target);
+      return HashMap::new()
+    } 
+    let authz: HashMap<String, Authz> = toml::from_str(&data_content).unwrap_or_else(|e| {
+        println!("Error loading authz from store: {} error: {}", &target,e);
+        HashMap::new()
+    });
+    authz
+  }
+
+  pub fn create_authz_map(authz_store_uri: &str) -> HashMap<String, Authz> {
+    let mut authz = HashMap::new();
+    if authz_store_uri.starts_with(FILE_SCHEME) {
+        let authz_store = authz_store_uri.replace(FILE_SCHEME, "");
+        authz = AuthStore::load_authz_from_fs(&authz_store);
+        if !authz.is_empty() { 
+          info!("Authz loaded successfully ({})", &authz.len());
+        }
+    } else {
+        error!("Store not set for authz store: {}", authz_store_uri);
+    }
+    authz
+  }
+}
diff --git a/src/defs/cli.rs b/src/defs/cli.rs
new file mode 100644
index 0000000..8337d6a
--- /dev/null
+++ b/src/defs/cli.rs
@@ -0,0 +1,95 @@
+
+use clap::Parser;
+
+use pasetoken_lib::pasetoken::ConfigPaSeToken;
+//use pasetors::footer::Footer;
+
+use crate::{PKG_NAME,PKG_VERSION};
+
+use crate::tools::generate_uuid;
+
+// Use `clap` to parse command line options with `derive` mode 
+#[derive(Parser, Debug)]
+pub struct Cli {
+
+    /// * Configuration TOML file-path to run `WebServer` REQUIRED
+    #[clap(short = 'c', long = "config", value_parser, display_order=1)]
+    pub config_path: Option<String>,
+
+    /// Generate id key for identification
+    #[clap(short = 'i', long = "id",  action, display_order=2)]
+    pub create_id: bool,
+
+    /// Path to generate PaSeTo public and secret keys to use for tokens
+    #[clap(short = 'p', long = "pasetoken", value_parser, display_order=3)]
+    pub pasetokeys_path: Option<String>,
+
+    /// Settings-toml-file to Generate PaSeTo Token (-o to filepath)
+    #[clap(short = 't', long = "token", value_parser, display_order=4)]
+    pub make_token: Option<String>,
+
+    /// Output path to save generated token with `make_token` (-t)
+    #[clap(short = 'o', long = "output", value_parser, display_order=5)]
+    pub output_path: Option<String>,
+
+    /// Show version 
+    #[clap(short = 'v', long = "version", action, display_order=6)]
+    pub version: bool,
+}
+
+
+/// Runs some options from command line like: genererate id, PaSeTo keys, Token. 
+/// Set TOML config-path to load web-server settings 
+pub fn parse_args() -> String {
+    let args = Cli::parse();
+    if let Some(pasetokeys_path) = args.pasetokeys_path {
+        match pasetoken_lib::generate_keys(&pasetokeys_path,false) {
+            Ok(_) => println!("PaSeTo keys generated to: {}", &pasetokeys_path),
+            Err(e) => eprint!("Error generating keys: {}",e),
+        };
+        std::process::exit(0);
+    }
+    let output_path = if let Some(out_path) = args.output_path {
+        out_path
+    } else {
+        String::from("")
+    };
+    if let Some(def_path) = args.make_token {
+        match ConfigPaSeToken::token_from_file_defs(&def_path, &output_path) {
+            Ok(token) => {
+                if output_path.is_empty() {
+                    println!("{}",&token)
+                } else {
+                    println!("Token from defs {} generated to {}",&def_path,&output_path)
+                }
+            },
+            Err(e) => {
+                if output_path.is_empty() {
+                    eprintln!("Error generating token from file defs {} error: {}",
+                        &def_path, e
+                    )
+                } else {
+                    eprintln!("Error generating token from file defs {} to {} error: {}",
+                        &def_path, &output_path, e
+                    )
+                }
+            },
+        }; 
+        std::process::exit(0);
+    }
+    if args.create_id {
+        println!("{}",generate_uuid(String::from("abcdef0123456789")));
+        std::process::exit(0);
+    }
+    if args.version {
+        println!("{} version: {}",PKG_NAME,PKG_VERSION);
+        std::process::exit(0);
+    }
+
+    let config_path = args.config_path.unwrap_or(String::from(""));
+    if config_path.is_empty() {
+        eprintln!("No config-file found");
+        std::process::exit(2);
+    } 
+    config_path
+}
diff --git a/src/defs/config.rs b/src/defs/config.rs
new file mode 100644
index 0000000..fbf7009
--- /dev/null
+++ b/src/defs/config.rs
@@ -0,0 +1,383 @@
+use std::collections::HashMap;
+use serde::{Serialize, Deserialize};
+//use serde_json::value::{to_value, Value};
+use log::error;
+use pasetoken_lib::ConfigPaSeToken;
+use pasetors::footer::Footer;
+
+use crate::{
+    FILE_SCHEME,
+    defs::{
+        Local, TotpAlgorithm, TotpMode,
+        deserialize_totp_algorithm,
+        deserialize_totp_mode,
+        FromFile,
+        load_from_file,
+        load_dict_from_file,
+    },
+}; 
+
+use std::path::Path;
+
+// use crate::tools::generate_uuid;
+// fn default_server_uid() -> String {
+//     generate_uuid(String::from("abcdef0123456789"))
+// }
+
+fn default_config_resource() -> String {
+  "/".to_string()
+}
+fn default_config_array_resource() -> Vec<String> {
+  Vec::new()
+}
+fn default_config_serv_paths()-> Vec<ServPath> {
+  Vec::new()
+}
+fn default_config_dflt_lang() -> String {
+  "en".to_string()
+}
+fn default_config_org() -> String {
+  "".to_string()
+}
+fn default_config_empty() -> String {
+  "".to_string()
+}
+fn default_config_locales() -> HashMap<String,Local> {
+  HashMap::new()
+}
+fn default_config_tpls() -> HashMap<String,String> {
+  HashMap::new()
+}
+fn default_is_restricted() -> bool {
+  false
+}
+fn default_config_use_mail() -> bool {
+  false
+}
+fn default_config_use_token() -> bool {
+   false
+}
+fn default_config_invite_expire() -> u64 {
+  300
+}
+fn default_config_web_menu_items() -> Vec<WebMenuItem> {
+    Vec::new()
+}
+fn default_web_menu_item_roles() -> Vec<String> {
+    Vec::new()
+}
+fn default_auth_roles() -> Vec<String> {
+    Vec::new()
+}
+fn default_sub_menu_items() -> Vec<SubMenuItem> {
+    Vec::new()
+}
+fn default_config_totp_digits() -> usize {
+    6
+}
+fn default_config_totp_algorithm() -> TotpAlgorithm {
+    TotpAlgorithm::default()
+}
+fn default_config_totp_mode() -> TotpMode {
+    TotpMode::default()
+}
+fn default_config_password_score() -> u8 {
+    0
+}
+fn default_config_trace_level() -> u8 {
+   1 
+}
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct SubMenuItem {
+        #[serde(default = "default_config_empty")]
+    pub typ: String,
+        #[serde(default = "default_config_empty")]
+    pub srctyp: String,
+        #[serde(default = "default_config_empty")]
+    pub text: String,
+        #[serde(default = "default_config_empty")]
+    pub url: String,
+        #[serde(default = "default_web_menu_item_roles")]
+    pub roles: Vec<String>,
+}
+
+
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct WebMenuItem {
+        #[serde(default = "default_config_resource")]
+    pub root_path: String,
+        #[serde(default = "default_config_empty")]
+    pub typ: String,
+        #[serde(default = "default_config_empty")]
+    pub srctyp: String,
+        #[serde(default = "default_config_empty")]
+    pub text: String,
+        #[serde(default = "default_config_empty")]
+    pub url: String,
+        #[serde(default = "default_web_menu_item_roles")]
+    pub roles: Vec<String>,
+        #[serde(default = "default_sub_menu_items")]
+    pub items: Vec<SubMenuItem>,
+}
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct DataMenuItems {
+        #[serde(default = "default_config_web_menu_items")]
+    pub web_menu_items: Vec<WebMenuItem>,
+}
+impl FromFile for DataMenuItems {
+    fn fix_root_path<DataMenuItems>(&mut self, _root_path:  String ) { 
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct UiConfig {
+        #[serde(default = "default_config_empty")]
+    pub css_link: String,
+        #[serde(default = "default_config_empty")]
+    pub js_link: String,
+        #[serde(default = "default_config_empty")]
+    pub other_css_link: String,
+        #[serde(default = "default_config_empty")]
+    pub other_js_link: String,
+        #[serde(default = "default_config_empty")]
+    pub main_js_link: String,
+        #[serde(default = "default_config_empty")]
+    pub utils_js_link: String,
+        #[serde(default = "default_config_web_menu_items")]
+    pub web_menu_items: Vec<WebMenuItem>,
+} 
+
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct DataServPath {
+       #[serde(default = "default_config_serv_paths")]
+    pub serv_paths: Vec<ServPath>,
+}
+impl FromFile for DataServPath {
+    fn fix_root_path<DataServPath>(&mut self, _root_path:  String ) { 
+    }
+}
+/// ServPath collects dir path to server as static content
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct ServPath {
+        #[serde(default = "default_config_empty")]
+    pub src_path: String,
+        #[serde(default = "default_config_empty")]
+    pub url_path: String,
+        #[serde(default = "default_config_empty")]
+    pub not_found: String,
+        #[serde(default = "default_config_empty")]
+    pub not_auth: String,
+        #[serde(default = "default_is_restricted")]
+    pub is_restricted: bool,
+        #[serde(default = "default_config_empty")]
+    pub redirect_to: String,
+}
+/// Config collects config values.
+#[derive(Debug, Clone, Serialize, Deserialize,Default)]
+pub struct Config {
+    pub hostport: String,
+    pub bind: String,
+    pub port: u16,
+    pub protocol: String,
+        #[serde(default = "default_config_org")]
+    pub org: String,
+    pub name: String,
+    pub verbose: u8,
+    pub prefix: String,
+    pub resources_path: String,
+    pub cert_file: String,
+    pub key_file: String,
+    //pub certs_store_path: String,
+    //pub cert_file_sufix: String,
+        #[serde(default = "default_config_array_resource")]
+    pub allow_origin: Vec<String>,
+        #[serde(default = "default_config_array_resource")]
+    pub langs: Vec<String>,
+        #[serde(default = "default_config_dflt_lang")]
+    pub dflt_lang: String,
+        #[serde(default = "default_config_empty")]
+    pub path_locales_config: String,
+        #[serde(default = "default_config_locales")]
+    pub locales: HashMap<String,Local>,
+
+    // Some paths 
+        #[serde(default = "default_config_resource")]
+    pub root_path: String,
+        #[serde(default = "default_config_resource")]
+    pub defaults_path: String,
+        #[serde(default = "default_config_serv_paths")]
+    pub serv_paths: Vec<ServPath>,
+        #[serde(default = "default_config_resource")]
+    pub docs_index: String,
+
+        #[serde(default = "default_config_resource")]
+    pub templates_path: String,
+        #[serde(default = "default_config_resource")]
+    pub html_url: String,
+        #[serde(default = "default_config_resource")]
+    pub assets_url: String,
+
+        #[serde(default = "default_config_resource")]
+    pub users_store_uri: String,
+        #[serde(default = "default_config_empty")]
+    pub user_store_access: String,
+        #[serde(default = "default_auth_roles")]
+    pub auth_roles: Vec<String>,
+        #[serde(default = "default_config_empty")]
+    pub trace_store_uri: String,
+        #[serde(default = "default_config_trace_level")]
+    pub trace_level: u8,
+
+        #[serde(default = "default_config_empty")]
+    pub signup_mode: String,
+        #[serde(default = "default_config_invite_expire")]
+    pub invite_expire: u64,
+        #[serde(default = "default_config_use_token")]
+    pub use_token: bool,
+        #[serde(default = "default_config_totp_digits")]
+    pub totp_digits: usize,
+        #[serde(default = "default_config_totp_mode", deserialize_with = "deserialize_totp_mode")]
+    pub totp_mode: TotpMode,
+        #[serde(default = "default_config_totp_algorithm", deserialize_with = "deserialize_totp_algorithm")]
+    pub totp_algorithm: TotpAlgorithm,
+
+        #[serde(default = "default_config_password_score")]
+    pub password_score: u8,
+        #[serde(default = "default_config_empty")]
+    pub admin_fields: String,
+        #[serde(default = "default_config_empty")]
+    pub mail_from: String,
+        #[serde(default = "default_config_empty")]
+    pub mail_reply_to: String,
+
+        #[serde(default = "default_config_use_mail")]
+    pub use_mail: bool,
+        #[serde(default = "default_config_empty")]
+    pub smtp: String,
+        #[serde(default = "default_config_empty")]
+    pub smtp_auth: String,
+
+//    #[cfg(feature = "authstore")]
+        #[serde(default = "default_config_resource")]
+    pub authz_store_uri: String,
+//    #[cfg(feature = "casbin")]
+        #[serde(default = "default_config_empty")]
+    pub authz_model_path: String,
+//    #[cfg(feature = "casbin")]
+        #[serde(default = "default_config_empty")]
+    pub authz_policy_path: String,
+        #[serde(default = "default_config_empty")]
+
+    pub session_store_uri: String,
+        #[serde(default = "default_config_empty")]
+    pub session_store_file: String,
+    pub session_expire: u64,
+
+    pub paseto: ConfigPaSeToken,
+
+    pub ui: UiConfig,
+        #[serde(default = "default_config_tpls")]
+    pub tpls: HashMap<String,String>,
+
+        #[serde(default = "default_config_resource")]
+    pub path_menu_items: String,
+        #[serde(default = "default_config_resource")]
+    pub path_serv_paths: String,
+}
+
+impl FromFile for Config {
+    fn fix_root_path<Config>(&mut self, root_path:  String ) { 
+        if root_path != self.root_path {
+            self.root_path = root_path.to_owned();
+        }
+        if self.root_path.is_empty() || ! Path::new(&self.root_path).exists() {
+            return;
+        }
+    }
+}
+impl Config {
+     fn fix_item_path(&mut self, item: String ) -> String {
+        if !item.is_empty() && ! Path::new(&item).exists() {
+            format!("{}/{}",&self.root_path,&item)
+        } else {
+            item
+        }
+    }
+    pub fn load_items(&mut self) { 
+        self.fix_root_path::<Config>(self.root_path.to_owned());
+        if !self.path_menu_items.is_empty() {
+            self.path_menu_items = self.fix_item_path(self.path_menu_items.to_owned());
+            let data_menu_items = load_from_file(&self.path_menu_items.to_owned(), "menu_items").unwrap_or_else(|e|{
+                error!("Error loading menu_items from {}: {}",&self.path_menu_items,e);
+                DataMenuItems::default()
+            });
+            self.ui.web_menu_items = data_menu_items.web_menu_items; 
+        }
+        if !self.path_serv_paths.is_empty() {
+            self.path_serv_paths = self.fix_item_path(self.path_serv_paths.to_owned());
+            let data_serv_paths = load_from_file(&self.path_serv_paths.to_owned(), "serv_paths").unwrap_or_else(|e|{
+                error!("Error loading serv_paths from {}: {}",&self.path_serv_paths,e);
+                DataServPath::default()
+            });
+            self.serv_paths = data_serv_paths.serv_paths;
+        }
+        if !self.path_locales_config.is_empty() {
+            self.path_locales_config = self.fix_item_path(self.path_locales_config.to_owned());
+            self.locales = load_dict_from_file(&self.path_locales_config.to_owned(), "locales").unwrap_or_else(|e|{
+                error!("Error loading locales from {}: {}",&self.path_locales_config,e);
+                HashMap::new()
+            });
+        }
+        if self.users_store_uri.starts_with(FILE_SCHEME) {
+            self.users_store_uri = format!("{}{}",
+                FILE_SCHEME, self.fix_item_path(self.users_store_uri.replace(FILE_SCHEME,"")));
+        } 
+        if self.session_store_uri.starts_with(FILE_SCHEME) {
+            self.session_store_uri = format!("{}{}",
+                FILE_SCHEME, self.fix_item_path(self.session_store_uri.replace(FILE_SCHEME,"")));
+        }
+        if self.trace_store_uri.starts_with(FILE_SCHEME) {
+            self.trace_store_uri = format!("{}{}",
+                FILE_SCHEME, self.fix_item_path(self.trace_store_uri.replace(FILE_SCHEME,"")));
+        } 
+        self.cert_file = self.fix_item_path(self.cert_file.to_owned());
+        self.key_file = self.fix_item_path(self.key_file.to_owned());
+        self.templates_path = self.fix_item_path(self.templates_path.to_owned());
+        self.defaults_path = self.fix_item_path(self.defaults_path.to_owned());
+
+        #[cfg(feature = "authstore")]
+        if self.authz_store_uri.starts_with(FILE_SCHEME) {
+            self.authz_store_uri = format!("{}{}", 
+                FILE_SCHEME, self.fix_item_path(self.authz_store_uri.replace(FILE_SCHEME,"")));
+        }
+        #[cfg(feature = "casbin")]
+        {
+            self.authz_model_path = self.fix_item_path(self.authz_model_path.to_owned());
+            self.authz_policy_path = self.fix_item_path(self.authz_policy_path.to_owned());
+        }
+        self.paseto.public_path = self.fix_item_path(self.paseto.public_path.to_owned());
+        self.paseto.secret_path = self.fix_item_path(self.paseto.secret_path.to_owned());
+        (self.paseto.public_data, self.paseto.secret_data) = self.paseto.load_data();
+        self.paseto.footer = ConfigPaSeToken::make_footer(
+            self.paseto.map_footer.to_owned()
+        ).unwrap_or(Footer::new());
+    }
+    #[allow(dead_code)] 
+    pub fn to_json(&self) -> String {
+        serde_json::to_string(self).unwrap_or_else(|e|{
+            println!("Error to convert Config to json: {}",e);
+            String::from("")
+        })
+    }
+    // #[allow(dead_code)] 
+    // pub fn st_html_path(&self) -> &'static str  {
+    //     Box::leak(self.html_path.to_owned().into_boxed_str())
+    // }
+    #[allow(dead_code)] 
+    pub fn full_html_url(&self, url: &str) -> String {
+        format!("{}://{}:{}/{}",
+            &self.protocol,&self.bind,&self.port,
+            url
+        )
+    }
+}
\ No newline at end of file
diff --git a/src/defs/filestore.rs b/src/defs/filestore.rs
new file mode 100644
index 0000000..011e337
--- /dev/null
+++ b/src/defs/filestore.rs
@@ -0,0 +1,368 @@
+
+use async_session::{Result, Session, SessionStore};
+use anyhow::anyhow;
+use async_trait::async_trait;
+use std::{
+    fs,
+    path::Path,
+};
+use walkdir::{DirEntry, WalkDir};
+use binascii::bin2hex;
+
+#[allow(unused)]
+fn is_hidden(entry: &DirEntry) -> bool {
+    entry.file_name()
+        .to_str()
+        .map(|s| s.starts_with("."))
+        .unwrap_or(false)
+}
+#[derive(Debug, Clone)]
+pub struct FileStore {
+    pub sess_path: String,
+    pub ses_file: String,
+}
+#[async_trait]
+impl SessionStore for FileStore {
+    async fn load_session(&self, cookie_value: String) -> Result<Option<Session>> {
+        let id = Session::id_from_cookie_value(&cookie_value)?;
+        log::trace!("loading session by id `{}`", &id);
+        //dbg!("loading session by id `{}`", &id);
+        self.load_session_file(&id).await
+    }
+    async fn store_session(&self, session: Session) -> Result<Option<String>> {
+        log::trace!("storing session by id `{}`", session.id());
+        let id_filename = match self.get_path(session.id()) {
+            Ok(res) => res,
+            Err(e) => {
+                return Err(e);
+            }
+        };
+        // let mut out_buffer = [0u8; 100];
+        // let id_filename = if let Ok(res) = bin2hex(session.id().as_bytes(),&mut out_buffer) {
+        //    std::str::from_utf8(res)?.to_owned()
+        // } else {
+        //    return Ok(None);
+        // };
+        let sess_id_path = format!("{}/{}", self.sess_path, &id_filename);
+        if ! Path::new(&sess_id_path).exists() {
+            fs::create_dir(&sess_id_path)?;
+        }
+        let content_session = serde_json::to_string(&session)?;
+        fs::write(&format!("{}/{}",&sess_id_path, self.ses_file), content_session)?;
+        //session.reset_data_changed(); // do not need is it is serialized in file write 
+        Ok(session.into_cookie_value())
+    }
+    async fn destroy_session(&self, session: Session) -> Result {
+        log::trace!("destroying session by id `{}`", session.id());
+        match self.get_path(session.id()) {
+            Ok(res) => match self.get_session_id_path(&res) {
+                Ok(session_id_path) => Ok(fs::remove_file(&session_id_path)?),
+                Err(e) => Err(e),
+            },
+            Err(e) => Err(e) 
+        }
+        // let mut out_buffer = [0u8; 100];
+        // if let Ok(res) = bin2hex(session.id().as_bytes(),&mut out_buffer) {
+        //     let id_filename = std::str::from_utf8(res)?.to_owned();
+        //     Ok(fs::remove_file(
+        //         &format!("{}/{}/{}",self.sess_path, &id_filename, self.ses_file)
+        //     )?)
+        // } else {
+        //     Ok(())
+        // }
+    }
+    async fn clear_store(&self) -> Result {
+        log::trace!("clearing memory store");
+        let sess_path = format!("{}", self.sess_path);
+        fs::remove_dir_all(&sess_path)?;
+        fs::create_dir(&sess_path)?;
+        Ok(())
+    }
+}
+impl FileStore {
+    /// Create a new instance of FilesStore
+    pub fn check_paths(&self) -> Result {
+        if ! Path::new(&self.sess_path).exists() {
+            fs::create_dir(&self.sess_path)?;
+        }
+        Ok(())
+    }
+    pub fn get_path(&self,id: &str) -> Result<String> {
+        let mut out_buffer = [0u8; 100];
+        match bin2hex(&id.as_bytes(),&mut out_buffer) {
+            Ok(res) => Ok(std::str::from_utf8(res)?.to_owned()),
+            Err(e) => {
+                Err(anyhow!("Filename path {} not generated: {:?}", &id, &e))
+            }
+        } 
+    }
+    pub fn get_session_id_path(&self,id_filename: &str) -> Result<String> {
+        let session_id_path = format!("{}/{}/{}",self.sess_path, id_filename, &self.ses_file);
+        if ! Path::new(&session_id_path).exists() {
+           Err(anyhow!("Filename path {} not found: {}", id_filename, &session_id_path ))
+        } else {
+            Ok(session_id_path)
+        }
+    }
+    /// As session Id from `async_session` comes in base64 it will be not valid for OS filename 
+    /// `bin2hex` pass id to hex as bytes and from there to string or viceversa
+    pub async fn load_session_file(&self, id: &str) -> Result<Option<Session>> {
+        let session_id_path = match self.get_path(id) {
+            Ok(res) => match self.get_session_id_path(&res) {
+                Ok(path) => path,
+                Err(e) => return Err(e),
+            },
+            Err(e) => {
+                return Err(e);
+            }
+        };
+        // let mut out_buffer = [0u8; 100];
+        // let id_filename = if let Ok(res) = bin2hex(&id.as_bytes(),&mut out_buffer) {
+        //    std::str::from_utf8(res)?.to_owned()
+        // } else {
+        //    return Ok(None);
+        // };
+        // let session_id_path = format!("{}/{}/{}",self.sess_path, &id_filename, &self.ses_file);
+        // dbg!(&session_id_path);
+        if ! Path::new(&session_id_path).exists() {
+            dbg!("No path: {}", &session_id_path);
+            // let sess_id_path = format!("{}/{}", self.sess_path, &id_filename);
+            // if ! Path::new(&sess_id_path).exists() {
+            //     fs::create_dir(&sess_id_path)?;
+            // }
+            // create
+        }
+        if let Ok(session_content) = fs::read_to_string(&session_id_path) {
+            // match serde_json::from_str::<serde_json::Value>(&session_content) {
+            match serde_json::from_str::<Session>(&session_content) {
+                Ok(session) => {
+                    Ok(session.validate())
+                },
+                Err(e) => { 
+                    dbg!("Error loading session content from {}: {}",&session_id_path, e);
+                    //log::error!("Error loading session content from {}: {}",&session_id_path, e);
+                    Ok(None)
+                }
+            }
+        } else {
+            Ok(None)
+        }
+    }
+    #[allow(dead_code)]
+    pub async fn cleanup(&self) -> Result {
+        log::trace!("cleaning up file store...");
+        let mut count: usize = 0;
+        let sess_path = format!("{}", self.sess_path);
+        let walker = WalkDir::new(&sess_path).into_iter();
+        for entry in walker.filter_entry(|e| !is_hidden(e)) {
+            match entry {
+                Ok(dir_entry) => {
+                    // println!("{}", &dir_entry.path().display());
+                    if ! Path::new(&dir_entry.path()).is_dir() {
+                        continue;
+                    }
+                    let session_file = format!("{}/{}",&dir_entry.path().display(), &self.ses_file);
+                    let id_path = format!("{}",&dir_entry.path().display());
+                    let id = id_path.replace(&sess_path,"");
+                    if let Some(session) = self.load_session_file(&id).await.unwrap_or_default() {
+                        if session.is_expired() {
+                            let _ = fs::remove_file(&session_file);
+                            log::trace!("found {} expired session",&id_path);
+                            count +=1;
+                        }
+                    }
+                },
+                Err(e) =>  println!("Error on {}: {}", &sess_path, e)
+            }
+        }
+        log::trace!("found {} expired session {} cleaned",&sess_path, count);
+        Ok(())
+    }
+    #[allow(dead_code)]
+    pub async fn count(&self) -> usize {
+        let mut count: usize = 0;
+        let sess_path = format!("{}", self.sess_path);
+        let walker = WalkDir::new(&sess_path).into_iter();
+        for entry in walker.filter_entry(|e| !is_hidden(e)) {
+            match entry {
+                Ok(dir_entry) => {
+                    // println!("{}", &dir_entry.path().display());
+                    if ! Path::new(&dir_entry.path()).is_dir() {
+                        continue;
+                    }
+                    let session_file = format!("{}/{}",&dir_entry.path().display(), &self.ses_file);
+                    if Path::new(&session_file).exists() {
+                        count +=1;
+                    }
+                },
+                Err(e) =>  println!("Error on {}: {}", &sess_path, e)
+            }
+        }
+        count
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use async_std::task;
+    use std::time::Duration;
+    const TEST_SESS_FILESTORE: &str = "/tmp/test_sess_filestore";
+    const TEST_IDS_FILESTORE: &str = "/tmp/test_ids_filestore";
+
+    #[async_std::test]
+    async fn creating_a_new_session_with_no_expiry() -> Result {
+        let sess_path_store = format!("{}_0", TEST_SESS_FILESTORE);
+        let ids_path_store = format!("{}_0", TEST_IDS_FILESTORE);
+        let _ = fs::remove_dir_all(&sess_path_store);
+        let _ = fs::remove_dir_all(&ids_path_store);
+        let store = FileStore {
+            sess_path: sess_path_store.to_owned(),
+            ses_file: String::from("session"),
+        };
+        store.check_paths()?;
+        let mut session = Session::new();
+        session.insert("key", "Hello")?;
+        let cloned = session.clone();
+        let cookie_value = store.store_session(session).await?.unwrap();
+        assert!(true);
+        let loaded_session = store.load_session(cookie_value).await?.unwrap();
+        assert_eq!(cloned.id(), loaded_session.id());
+        assert_eq!("Hello", &loaded_session.get::<String>("key").unwrap());
+        assert!(!loaded_session.is_expired());
+        assert!(loaded_session.validate().is_some());
+        let _ = fs::remove_dir_all(&sess_path_store);
+        let _ = fs::remove_dir_all(&ids_path_store);
+        Ok(())
+    }
+    #[async_std::test]
+    async fn updating_a_session() -> Result {
+        let sess_path_store = format!("{}_1", TEST_SESS_FILESTORE);
+        let _ = fs::remove_dir_all(&sess_path_store);
+        let store = FileStore {
+            sess_path: sess_path_store.to_owned(),
+            ses_file: String::from("session"),
+        };
+        store.check_paths()?;
+
+        let mut session = Session::new();
+
+        session.insert("key", "value")?;
+        let cookie_value = store.store_session(session).await?.unwrap();
+
+        let mut session = store.load_session(cookie_value.clone()).await?.unwrap();
+        session.insert("key", "other value")?;
+
+        assert_eq!(store.store_session(session).await?, None);
+        let session = store.load_session(cookie_value).await?.unwrap();
+        assert_eq!(&session.get::<String>("key").unwrap(), "other value");
+        fs::remove_dir_all(&sess_path_store)?;
+        Ok(())
+    }
+
+    #[async_std::test]
+    async fn updating_a_session_extending_expiry() -> Result {
+        let sess_path_store = format!("{}_2", TEST_SESS_FILESTORE);
+        let _ = fs::remove_dir_all(&sess_path_store);
+        let store = FileStore {
+            sess_path: sess_path_store.to_owned(),
+            ses_file: String::from("session"),
+        };
+        store.check_paths()?;
+
+        let mut session = Session::new();
+        session.expire_in(Duration::from_secs(1));
+        let original_expires = session.expiry().unwrap().clone();
+        let cookie_value = store.store_session(session).await?.unwrap();
+
+        let mut session = store.load_session(cookie_value.clone()).await?.unwrap();
+
+        assert_eq!(session.expiry().unwrap(), &original_expires);
+        session.expire_in(Duration::from_secs(3));
+        let new_expires = session.expiry().unwrap().clone();
+        assert_eq!(None, store.store_session(session).await?);
+
+        let session = store.load_session(cookie_value.clone()).await?.unwrap();
+        assert_eq!(session.expiry().unwrap(), &new_expires);
+
+        task::sleep(Duration::from_secs(3)).await;
+        assert_eq!(None, store.load_session(cookie_value).await?);
+        fs::remove_dir_all(&sess_path_store)?;
+        Ok(())
+    }
+
+    #[async_std::test]
+    async fn creating_a_new_session_with_expiry() -> Result {
+        let sess_path_store = format!("{}_3", TEST_SESS_FILESTORE);
+        let _ = fs::remove_dir_all(&sess_path_store);
+        let store = FileStore {
+            sess_path: sess_path_store.to_owned(),
+            ses_file: String::from("session"),
+        };
+        store.check_paths()?;
+
+        let mut session = Session::new();
+        session.expire_in(Duration::from_secs(3));
+        session.insert("key", "value")?;
+        let cloned = session.clone();
+
+        let cookie_value = store.store_session(session).await?.unwrap();
+
+        let loaded_session = store.load_session(cookie_value.clone()).await?.unwrap();
+        assert_eq!(cloned.id(), loaded_session.id());
+        assert_eq!("value", &*loaded_session.get::<String>("key").unwrap());
+
+        assert!(!loaded_session.is_expired());
+
+        task::sleep(Duration::from_secs(3)).await;
+        assert_eq!(None, store.load_session(cookie_value).await?);
+        fs::remove_dir_all(&sess_path_store)?;
+        Ok(())
+    }
+
+    #[async_std::test]
+    async fn destroying_a_single_session() -> Result {
+        let sess_path_store = format!("{}_4", TEST_SESS_FILESTORE);
+        let _ = fs::remove_dir_all(&sess_path_store);
+        let store = FileStore {
+            sess_path: sess_path_store.to_owned(),
+            ses_file: String::from("session"),
+        };
+        store.check_paths()?;
+
+        for _ in 0..3i8 {
+            store.store_session(Session::new()).await?;
+        }
+        let cookie = store.store_session(Session::new()).await?.unwrap();
+        assert_eq!(4, store.count().await);
+        let session = store.load_session(cookie.clone()).await?.unwrap();
+        store.destroy_session(session.clone()).await?;
+        assert!(store.load_session(cookie).await.is_err());
+        assert_eq!(3, store.count().await);
+
+        // attempting to destroy the session again IS an ERROR, file should be deleted before
+        assert!(store.destroy_session(session).await.is_err());
+        fs::remove_dir_all(&sess_path_store)?;
+        Ok(())
+    }
+
+    #[async_std::test]
+    async fn clearing_the_whole_store() -> Result {
+        let sess_path_store = format!("{}_5", TEST_SESS_FILESTORE);
+        let _ = fs::remove_dir_all(&sess_path_store);
+        let store = FileStore {
+            sess_path: sess_path_store.to_owned(),
+            ses_file: String::from("session"),
+        };
+        store.check_paths()?;
+
+        for _ in 0..3i8 {
+            store.store_session(Session::new()).await?;
+        }
+        assert_eq!(3, store.count().await);
+        store.clear_store().await.unwrap();
+        assert_eq!(0, store.count().await);
+        fs::remove_dir_all(&sess_path_store)?;
+        Ok(())
+    }
+}
\ No newline at end of file
diff --git a/src/defs/from_file.rs b/src/defs/from_file.rs
new file mode 100644
index 0000000..6b83f71
--- /dev/null
+++ b/src/defs/from_file.rs
@@ -0,0 +1,76 @@
+use std::io::{Error, ErrorKind, Result};
+use std::collections::HashMap;
+use serde::de::DeserializeOwned;
+
+use log::info;
+
+pub const CFG_FILE_EXTENSION: &str  = ".toml";
+
+pub trait AppDef {
+    fn app_def<T>(&mut self, root_path:  String ); //  -> T;
+}
+pub trait FromFile {
+    fn fix_root_path<T>(&mut self, root_path:  String ); //  -> T;
+}
+pub fn load_from_file<'a, T:  FromFile + DeserializeOwned>(file_cfg: &str, name: &str) -> Result<T> {
+    let item_cfg: T;
+    let file_path: String;
+    if file_cfg.contains(CFG_FILE_EXTENSION) {
+        file_path = file_cfg.to_string();
+    } else { 
+        file_path = format!("{}{}",file_cfg.to_string(),CFG_FILE_EXTENSION);
+    }
+    let config_content:  &'a str;
+    match std::fs::read_to_string(&file_path) {
+        Ok(cfgcontent) => config_content = Box::leak(cfgcontent.into_boxed_str()),
+        Err(e) => 
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                format!("Error read {}: {}",&file_path,e)
+            )),
+    };
+    match toml::from_str::<T>(&config_content) {
+        Ok(cfg) => item_cfg = cfg, 
+        Err(e) => return Err(Error::new(
+            ErrorKind::InvalidInput,
+            format!("Error loading config {}: {}",&file_path,e)
+        )),
+    };
+    info!("Loaded {} config from: {}", &name, &file_path);
+    Ok(item_cfg)
+} 
+
+pub trait DictFromFile {
+    fn fix_root_path<T>(&mut self, root_path:  String ); //  -> T;
+}
+pub fn load_dict_from_file<'a, T: DictFromFile + DeserializeOwned>(file_cfg: &str, name: &str) -> Result<HashMap<String,T>> { 
+    let item_cfg: HashMap<String,T>;
+    let file_path: String;
+    if file_cfg.contains(CFG_FILE_EXTENSION) {
+        file_path = file_cfg.to_string();
+    } else { 
+        file_path = format!("{}{}",file_cfg.to_string(),CFG_FILE_EXTENSION);
+    }
+    let config_content:  &'a str;
+    match std::fs::read_to_string(&file_path) {
+        Ok(cfgcontent) => config_content = Box::leak(cfgcontent.into_boxed_str()),
+        Err(e) => 
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                format!("Error read {}: {}",&file_path,e)
+            )),
+    };
+    match toml::from_str::<HashMap<String,T>>(&config_content) {
+        Ok(cfg) => {
+            item_cfg = cfg
+        }, 
+        Err(e) => {
+            return Err(Error::new(
+               ErrorKind::InvalidInput,
+               format!("Error loading {} {}: {}",name,&file_path,e)
+            ))
+        },
+    };
+    info!("Loaded {} config from: {}", name, &file_path);
+    Ok(item_cfg)
+} 
\ No newline at end of file
diff --git a/src/defs/local.rs b/src/defs/local.rs
new file mode 100644
index 0000000..9d92cde
--- /dev/null
+++ b/src/defs/local.rs
@@ -0,0 +1,43 @@
+use std::collections::HashMap;
+use serde::{Serialize, Deserialize};
+
+use crate::defs::DictFromFile;
+
+#[derive(Debug, Clone, Serialize, Deserialize ,Default)]
+pub struct Local {
+    pub id: String,
+    pub itms: HashMap<String,String>
+}
+impl DictFromFile for Local {
+    fn fix_root_path<Local>(&mut self, _root_path:  String ) { 
+    }
+}
+
+impl Local {
+    pub fn new(id: String, itms: HashMap<String,String>) -> Self {
+        Self {
+            id,
+            itms
+        }
+    }
+    #[allow(dead_code)]
+    pub fn itm(&self, key: &str, dflt: &str) -> String {
+        match self.itms.get(key) {
+            Some(val) => format!("{}",val),
+            None => if dflt.is_empty() {
+                format!("{}",key)
+            } else {
+                format!("{}",dflt)
+            }
+        }
+    }
+    pub fn get_lang(locales: &HashMap<String, Local>, key: &str, dflt: &str) -> Local {
+        match  locales.get(key) {
+            Some(val) => val.to_owned(),
+            None =>  match locales.get(dflt) {
+                Some(val) => val.to_owned(),
+                None => Local::new(String::from(""),HashMap::new()),
+            }
+        }
+    }
+}
diff --git a/src/defs/mailer.rs b/src/defs/mailer.rs
new file mode 100644
index 0000000..d17b752
--- /dev/null
+++ b/src/defs/mailer.rs
@@ -0,0 +1,152 @@
+use lettre::{
+    transport::smtp::authentication::Credentials,
+    AsyncSmtpTransport,
+    AsyncTransport, 
+    Tokio1Executor,
+//    Address,
+    message::{
+       Mailbox,
+       header::ContentType,
+       MultiPart,
+       SinglePart,
+    },
+    Message,
+};
+
+use crate::defs::AppDBs;
+use pasetoken_lib::ConfigPaSeToken;
+use serde_json::json;
+
+#[derive(Clone,Debug)]
+pub struct MailMessage {
+    pub from: Mailbox,
+    pub to: Mailbox,
+    pub reply_to: Mailbox,
+}
+    
+impl MailMessage {
+     pub fn new(from: &str, to: &str, reply: &str) -> anyhow::Result<Self>  {
+        let reply_to = if reply.is_empty() {
+           to
+        } else {
+            reply
+        };
+        Ok(
+            Self { 
+                from: from.parse()?,
+                to: to.parse()?,
+                reply_to: reply_to.parse()?,
+            }
+        )
+    }
+    pub fn check(app_dbs: &AppDBs) -> String {
+        if app_dbs.config.smtp.is_empty() {
+            String::from("Error: no mail server")
+        } else if app_dbs.config.mail_from.is_empty() {
+            String::from("Error: no mail from address")
+        } else {
+            String::from("")
+        }
+    }
+    #[allow(dead_code)]
+    pub async fn send_message(&self, subject: &str, body: &str, app_dbs: &AppDBs) -> std::io::Result<()> {
+        match  Message::builder()
+            .from(self.from.to_owned())
+            .reply_to(self.reply_to.to_owned())
+            .to(self.to.to_owned())
+            .subject(subject)
+            .header(ContentType::TEXT_PLAIN)
+            .body(body.to_owned())
+        {
+            Ok(message) => self.mail_message(message, app_dbs).await,
+            Err(e) => 
+                return Err(std::io::Error::new(
+                    std::io::ErrorKind::NotFound,
+                    format!("ERROR: Invalid mail: {}",e)
+                ))
+        }
+    }
+    pub async fn send_html_message(&self, subject: &str, body: &str, html_body: &str, app_dbs: &AppDBs) -> std::io::Result<()> {
+        match  Message::builder()
+            .from(self.from.to_owned())
+            .reply_to(self.reply_to.to_owned())
+            .to(self.to.to_owned())
+            .subject(subject)
+            .multipart(
+            MultiPart::alternative() // This is composed of two parts.
+                .singlepart(
+                    SinglePart::builder()
+                        .header(ContentType::TEXT_PLAIN)
+                        .body(body.to_owned()),
+                )
+                .singlepart(
+                    SinglePart::builder()
+                        .header(ContentType::TEXT_HTML)
+                        .body(html_body.to_owned()),
+                ),
+            )
+        {
+            Ok(message) => self.mail_message(message, app_dbs).await,
+            Err(e) => 
+                return Err(std::io::Error::new(
+                    std::io::ErrorKind::NotFound,
+                    format!("ERROR: Invalid mail: {}",e)
+                ))
+        }
+    }
+    pub async fn mail_message(&self, message: Message, app_dbs: &AppDBs) -> std::io::Result<()> {
+        let mail_cred = crate::defs::MailMessage::get_credentials(&app_dbs.config.smtp_auth, &app_dbs.config.paseto);
+        if ! mail_cred.contains("|") {
+            return Err(std::io::Error::new(
+                std::io::ErrorKind::NotFound,
+                format!("ERROR: Invalid mail credentials")
+            )); 
+        }
+        let auth_data: Vec<String> = mail_cred.split("|").map(|s| s.to_string()).collect();
+        if auth_data.len() < 2 {
+            return Err(std::io::Error::new(
+                std::io::ErrorKind::NotFound,
+                format!("ERROR: Invalid mail credentials")
+            ));
+        }
+        let creds = Credentials::new(auth_data[0].to_owned(), auth_data[1].to_owned());
+        // Open a remote connection to gmail
+        let mailer: AsyncSmtpTransport<Tokio1Executor> =
+            AsyncSmtpTransport::<Tokio1Executor>::relay(&app_dbs.config.smtp)
+                .unwrap()
+                .credentials(creds)
+                .build();
+
+        // Send the email
+        match mailer.send(message).await {
+            Ok(_) => Ok(()),
+            Err(e) => Err(std::io::Error::new(
+                std::io::ErrorKind::NotConnected,
+                format!("ERROR: Could not send email: {e:?}")
+            ))
+        }
+    }
+    pub fn get_credentials(token: &str, paseto_config: &ConfigPaSeToken) -> String {
+        match paseto_config.pasetoken() {
+            Ok(paseto) => {
+                match paseto.trusted(token, false) {
+                    Ok(trusted_token) => {
+                        if let Some(claims) = trusted_token.payload_claims() {
+                            claims.get_claim("smtp_auth").unwrap_or(&json!("")).to_string().replace("\"","")
+                        } else {
+                            String::from("")
+                        }
+                    },
+                    Err(e) => {
+                        println!("Token not trusted: {}",e);
+                        String::from("")
+                    },
+                }
+            },
+            Err(e) => {
+                println!("Error collecting notify data: {}",e);
+                String::from("")
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/defs/req_handler.rs b/src/defs/req_handler.rs
new file mode 100644
index 0000000..49e98f3
--- /dev/null
+++ b/src/defs/req_handler.rs
@@ -0,0 +1,294 @@
+use axum::http::{header::{HeaderValue},uri::Uri};
+use html_minifier::HTMLMinifier;
+use std::{
+    error::Error,
+    collections::HashMap,
+    str,
+    io::{ErrorKind, Result},
+};
+use tera::Context;
+use totp_rs::{Algorithm, TOTP, Secret};
+use rand::Rng;
+
+use crate::{
+    defs::{
+        AppDBs,
+        ReqHeaderMap,
+        Local,
+        TraceData,
+        TraceContent,
+        TraceLogContent,
+        AuthState,
+        Random,
+        TOKEN_AUTH_VALUE,
+        TOKEN_KEY_VALUE,
+    },
+    users::{
+        UserRole,
+        User,
+    },
+};
+
+use super::{CLAIM_UID, CLAIM_AUTH, CLAIM_APP_KEY};
+
+pub struct ReqHandler<'a> {
+    pub req_header: ReqHeaderMap,
+    pub app_dbs: &'a AppDBs,
+    pub lang: Local,
+    pub uri:  &'a Uri,
+    pub auth_state: AuthState,
+    pub random: &'a Random,
+    pub req_name: String,
+    pub context: Context,
+}
+
+impl<'a> ReqHandler<'a> {
+    pub fn new(req_header: ReqHeaderMap, app_dbs: &'a AppDBs, uri: &'a Uri, auth_state: &'a AuthState, random: &'a Random, req_name: &str) -> Self {
+        let curr_lang = req_header.lang(&app_dbs.config);
+        let lang = Local::get_lang(&app_dbs.config.locales,&curr_lang, &app_dbs.config.dflt_lang);
+        let mut context = app_dbs.context.to_owned();
+        context.insert("site_name",&app_dbs.config.name);
+        context.insert("site_org", &app_dbs.config.org);
+        context.insert("lang", &lang.itms);
+        context.insert("req_name", &req_name);
+        context.insert("main_url", &format!("{}://{}",&app_dbs.config.protocol, &app_dbs.config.hostport));
+        context.insert("html_url", &app_dbs.config.html_url);
+        context.insert("assets_url", &app_dbs.config.assets_url);
+        context.insert("req_path", uri.path());
+        context.insert("css_link", &app_dbs.config.ui.css_link);
+        context.insert("js_link", &app_dbs.config.ui.js_link);
+        context.insert("other_css_link", &app_dbs.config.ui.other_css_link);
+        context.insert("other_js_link", &app_dbs.config.ui.other_js_link);
+        context.insert("main_js_link", &app_dbs.config.ui.main_js_link);
+        context.insert("utils_js_link", &app_dbs.config.ui.utils_js_link);
+        context.insert("web_menu_items", &app_dbs.config.ui.web_menu_items);
+        context.insert("usr_roles", &auth_state.user_roles());
+        let user_items = User::hash_items(&auth_state.user_items());
+        context.insert("usr_items", &user_items);
+        context.insert("usr_name", &auth_state.user_name());
+        if auth_state.is_admin() {
+            context.insert("isadmin", "TRUE");
+        }
+        context.insert("usr_email", &auth_state.user_email());
+        context.insert("session_expire", &app_dbs.config.session_expire);
+        context.insert("update_session_item", &format!("{}://{}/update_item",
+            &app_dbs.config.protocol, &app_dbs.config.hostport));
+        let user_id = auth_state.id();
+        let sid = if user_id.is_empty() || user_id == "No ID" {
+            String::from("") 
+        } else {
+            user_id.replace("-", "").to_owned()
+        };
+        context.insert("session_id",&sid);
+        context.insert("signup_mode",&app_dbs.config.signup_mode);
+        ReqHandler { 
+            req_header,
+            app_dbs,
+            lang,
+            uri,
+            auth_state: auth_state.to_owned(),
+            random,
+            req_name: req_name.to_owned(),
+            context,
+        }
+    }
+    pub fn prepare_response(&mut self) {
+        // self.req_header.header.contains_key(axum::http::header::CONTENT_TYPE)
+        if self.req_header.is_browser() || self.req_header.is_wget() {
+           self.req_header.header.append(axum::http::header::CONTENT_TYPE,
+                HeaderValue::try_from("text/html; charset=utf-8")
+                .expect("URI isn't a valid header value")
+            );
+        }
+    }
+   pub fn render_template(&mut self,template_file: &str, dflt_content: &str) -> String {    
+        self.context.insert("page", &template_file.replace(".j2","").replace("html/", "").as_str());
+        if template_file.contains("md") || template_file.contains("sample") || template_file.contains("code") {
+           self.context.insert("with_code", "true");
+        }
+        match self.app_dbs.tera.render(&template_file, &self.context) {
+            Ok(s) => {
+                if self.req_header.is_browser() {
+                    let mut html_minifier = HTMLMinifier::new();
+                    match html_minifier.digest(s.as_str()) {
+                        Ok(_) => { 
+                            let Ok(result) = str::from_utf8(html_minifier.get_html()) else { return s };
+                            // let result = str::from_utf8(html_minifier.get_html()).unwrap_or(s);
+                            result.to_owned()
+                        },
+                        Err(e) => {
+                            println!("Error minifier: {}",e);
+                            s
+                        },
+                    }
+                } else {
+                   s
+                }
+            },
+            Err(e) => {
+                println!("Error: {}", &e);
+                let mut cause = e.source();
+                while let Some(e) = cause {
+                    println!("Reason: {}", e);
+                    cause = e.source();
+                }
+                dflt_content.to_owned()
+            }
+        }
+    }
+    #[allow(dead_code)]
+    pub fn bad_request(&mut self,msg: &str) -> String {
+        if let Some(tpl) = self.app_dbs.config.tpls.get("notfound") {
+            self.render_template(tpl, msg)
+        } else {
+            msg.to_owned()
+        }
+    }
+    #[allow(dead_code)]
+    pub fn auth_role(&self) -> UserRole {
+        #[cfg(feature = "authstore")]
+        if let Some(authz) =  self.app_dbs.auth_store.authz.get(&self.notify_data.auth) {
+            println!("aut: {}, name: {}, role: {}",&self.notify_data.auth, &authz.name,&authz.role);
+            authz.role.to_owned()
+        } else {
+            UserRole::Anonymous
+        }
+        #[cfg(feature = "casbin")]
+        UserRole::Anonymous
+    }
+    #[allow(dead_code)]
+    pub fn get_lang(&self, key: &str) -> Local {
+       Local::get_lang(&self.app_dbs.config.locales, key, &self.app_dbs.config.dflt_lang)
+    }
+    pub fn new_token(&self) -> String {
+        if self.app_dbs.config.use_token {
+            let data_claim = HashMap::from([
+                (String::from(CLAIM_UID), self.auth_state.user_id()),
+                (String::from(CLAIM_AUTH), TOKEN_AUTH_VALUE.to_owned()),
+                (String::from(CLAIM_APP_KEY), TOKEN_KEY_VALUE.to_owned()),
+            ]);
+            let expire = false;
+            self.app_dbs.config.paseto.generate_token("", &data_claim, expire).unwrap_or_else(|e|{
+                eprintln!("Error generating token: {}", e);
+                String::from("")
+            })
+        } else {
+            let mut u128_pool = [0u8; 16];
+            match self.random.lock() {
+                Ok(mut r) => r.fill(&mut u128_pool),
+                Err(e) => println!("Error random: {}",e),
+            }
+            u128::from_le_bytes(u128_pool).to_string()
+        }
+    }
+    pub fn otp_make(&self, code: &str, defs: &str) -> Result<TOTP>  {
+        let secret = match Secret::Encoded(code.to_owned()).to_bytes() {
+            Ok(scrt) => scrt,
+            Err(e) => 
+                return Err(std::io::Error::new(
+                ErrorKind::NotFound,
+                format!("ERROR: Invalid Secret {}",&e)
+                ))
+        };
+        let (digits, str_algorithm) = if defs.is_empty() {
+            (   self.app_dbs.config.totp_digits,
+                format!("{}",self.app_dbs.config.totp_algorithm)
+            )
+        } else {
+            let arr_defs = defs.split(",").collect::<Vec<&str>>();
+            if arr_defs.len() > 1 {
+                (   arr_defs[0].parse().unwrap_or(self.app_dbs.config.totp_digits),
+                    arr_defs[1].to_owned()
+                )
+            } else {
+                (   self.app_dbs.config.totp_digits,
+                    format!("{}",self.app_dbs.config.totp_algorithm)
+                )
+            }
+        };
+        let algorithm = match str_algorithm.to_uppercase().as_str() {
+            "SHA1" => Algorithm::SHA1,
+            "SHA256" => Algorithm::SHA256,
+            "SHA512" => Algorithm::SHA512,
+            _ => Algorithm::SHA1,
+        };
+        let totp = match TOTP::new(
+            algorithm,
+            digits,
+            1,
+            30,
+            secret,
+            Some(format!("{}",self.app_dbs.config.name)),
+            format!("{}",self.app_dbs.config.org)
+        ) {
+            Ok(totp) => totp,
+            Err(e) =>
+                return Err(std::io::Error::new(
+                ErrorKind::NotFound,
+                format!("ERROR: Invalid Topt {}",&e)
+                ))
+        };
+        Ok(totp)
+    }
+    pub fn otp_generate(&self) -> Result<TOTP> {
+        let mut rng = rand::thread_rng();
+        let data_byte: [u8; 21] = rng.gen();
+        let base32_string = base32::encode(base32::Alphabet::RFC4648 { padding: false }, &data_byte);
+        match self.otp_make(&base32_string, "") {
+            Ok(totp) => Ok(totp),
+            Err(e) =>
+                Err(std::io::Error::new(
+                ErrorKind::NotFound,
+                format!("ERROR: Invalid TOTP {}",&e)
+                ))
+        }
+    }
+    pub fn otp_check(&self, code: &str, token: &str, defs: &str) -> Result<bool> {
+        let totp = match self.otp_make(code, defs) {
+            Ok(totp) => totp,
+            Err(e) =>
+                return Err(std::io::Error::new(
+                ErrorKind::NotFound,
+                format!("ERROR: Invalid TOTP {}",&e)
+                ))
+        };
+        match totp.check_current(&token) {
+            Ok(result) => Ok(result),
+            Err(e) => 
+                return Err(std::io::Error::new(
+                ErrorKind::NotFound,
+                format!("ERROR: check {}",&e)
+                ))
+        }
+    } 
+    pub fn trace_req(&self, info: String) -> Result<()> {
+        let timestamp = chrono::Utc::now().timestamp().to_string();
+        let user_id = self.auth_state.user_id(); 
+        let trace_content = TraceContent{
+            when: timestamp.to_owned(),
+            sid:  self.auth_state.id(),
+            origin: self.uri.path().to_owned(),
+            trigger: String::from("req_handler"),
+            id: user_id.to_owned(),
+            info: info.to_owned(),
+            context: self.req_name.to_owned(),
+            role: self.auth_state.user_roles(),
+            req: self.req_header.req_info(),
+        };
+        let trace_data = TraceData{
+            user_id,
+            timestamp,
+            contents: vec![trace_content]
+        };
+        trace_data.save(&self.app_dbs.config, false)
+    }
+    pub fn logs(&self, userid: &str, human: bool, reverse: bool) -> Vec<TraceLogContent> {
+        let timestamp = chrono::Utc::now().timestamp().to_string();
+        let trace_data = TraceData{
+            user_id: format!("{}",userid),
+            timestamp,
+            contents: Vec::new()
+        };
+        trace_data.load(&self.app_dbs.config, human, reverse)
+    }
+}
\ No newline at end of file
diff --git a/src/defs/req_headermap.rs b/src/defs/req_headermap.rs
new file mode 100644
index 0000000..a9f4136
--- /dev/null
+++ b/src/defs/req_headermap.rs
@@ -0,0 +1,192 @@
+
+use std::{
+    net::IpAddr,
+    collections::HashMap,
+};
+use axum::http::{header::FORWARDED, HeaderMap};
+use forwarded_header_value::{ForwardedHeaderValue, Identifier};
+
+use crate::defs::{
+    Config,
+    AppConnectInfo,
+    AUTHORIZATION,
+    REFERER,
+    BEARER,
+    USER_AGENT,
+    ACCEPT_LANGUAGE,
+    X_FORWARDED_FOR,
+    X_REAL_IP,
+    X_INTERNAL,
+};
+
+
+pub struct ReqHeaderMap {
+    pub header: HeaderMap,
+    pub req_path: Vec<String>,    
+    pub app_connect_info: AppConnectInfo,
+}
+
+impl ReqHeaderMap {
+    pub fn new(header: HeaderMap, request_path: &str, app_connect_info: &AppConnectInfo) -> Self {
+        let req_path = 
+            Self::req_end_path(request_path)
+            .split(",").map(|s| s.to_string())
+            .collect();
+        ReqHeaderMap {
+            header,
+            req_path,
+            app_connect_info: app_connect_info.to_owned(),
+        }
+    }
+    pub fn req_end_path(req_path: &str) -> String {
+        let arr_req_path: Vec<String> = req_path.split("/").map(|s| s.to_string()).collect();
+        format!("{}",arr_req_path[arr_req_path.len()-1])
+    } 
+    
+    pub fn auth(&self) -> String {
+        if let Some(auth) = self.header.get(AUTHORIZATION) {
+            format!("{}",auth.to_str().unwrap_or("").replace(&format!("{} ", BEARER),""))
+        } else { 
+            String::from("")
+        }
+    }
+    pub fn referer(&self) -> String {
+        if let Some(referer) = self.header.get(REFERER) {
+            format!("{}",referer.to_str().unwrap_or(""))
+        } else { 
+            String::from("")
+        }
+    }
+    pub fn internal(&self) -> String {
+        if let Some(internal) = self.header.get(X_INTERNAL) {
+            format!("{}",internal.to_str().unwrap_or(""))
+        } else { 
+            String::from("")
+        }
+    }
+    pub fn is_browser(&self) -> bool {
+        if let Some(user_agent) = self.header.get(USER_AGENT) {
+            let agent = user_agent.to_str().unwrap_or(""); 
+            if agent.contains("Mozilla") { 
+                true
+            } else if agent.contains("WebKit") {
+                true
+            } else if agent.contains("Chrome") {
+                true
+            } else {
+                false
+            }
+        } else { 
+            false
+        } 
+    }
+    #[allow(dead_code)]
+    pub fn is_curl(&self) -> bool {
+        if let Some(user_agent) = self.header.get(USER_AGENT) {
+            let agent = user_agent.to_str().unwrap_or(""); 
+            if agent.contains("curl") { 
+                true
+            } else {
+                false
+            }
+        } else { 
+            false
+        } 
+    }
+    pub fn is_wget(&self) -> bool {
+        if let Some(user_agent) = self.header.get(USER_AGENT) {
+            let agent = user_agent.to_str().unwrap_or("").to_lowercase(); 
+            if agent.contains("wget") { 
+                true
+            } else {
+                false
+            }
+        } else { 
+            false
+        } 
+    }
+    #[allow(dead_code)]
+    pub fn response_user_agent_html(&self) -> bool {
+        if let Some(user_agent) = self.header.get(USER_AGENT) {
+            let agent = user_agent.to_str().unwrap_or("").to_lowercase(); 
+            agent.contains("curl") || agent.contains("wget") 
+        } else {
+            false
+        }
+    }
+    pub fn agent(&self) -> String {
+        if let Some(user_agent) = self.header.get(USER_AGENT) {
+            user_agent.to_str().unwrap_or("").to_owned()
+        } else {
+            String::from("")
+        }
+    }
+    pub fn lang(&self, config: &Config) -> String {
+        if let Some(langs) = self.header.get(ACCEPT_LANGUAGE) {
+            let langs_data = langs.to_str().unwrap_or("");
+            if langs_data.is_empty() {
+                format!("{}",config.dflt_lang)
+            } else {
+                let arr_langs: Vec<String> = langs_data.split(",").map(|s| s.to_string()).collect();
+                let arr_lang: Vec<String> = arr_langs[0].split("-").map(|s| s.to_string()).collect();
+                format!("{}",arr_lang[0])
+            }
+        } else {
+            format!("{}",config.dflt_lang)
+        }
+    }
+    /// Tries to parse the `x-real-ip` header
+    fn maybe_x_forwarded_for(&self) -> Option<IpAddr> {
+        self.header
+            .get(X_FORWARDED_FOR)
+            .and_then(|hv| hv.to_str().ok())
+            .and_then(|s| s.split(',').find_map(|s| s.trim().parse::<IpAddr>().ok()))
+    }
+
+    /// Tries to parse the `x-real-ip` header
+    fn maybe_x_real_ip(&self) -> Option<IpAddr> {
+        self.header
+            .get(X_REAL_IP)
+            .and_then(|hv| hv.to_str().ok())
+            .and_then(|s| s.parse::<IpAddr>().ok())
+    }
+
+    /// Tries to parse `forwarded` headers
+    fn maybe_forwarded(&self) -> Option<IpAddr> {
+        self.header
+            .get_all(FORWARDED).iter().find_map(|hv| {
+                hv.to_str()
+                    .ok()
+                    .and_then(|s| ForwardedHeaderValue::from_forwarded(s).ok())
+                    .and_then(|f| {
+                        f.iter()
+                            .filter_map(|fs| fs.forwarded_for.as_ref())
+                            .find_map(|ff| match ff {
+                                Identifier::SocketAddr(a) => Some(a.ip()),
+                                Identifier::IpAddr(ip) => Some(*ip),
+                                _ => None,
+                            })
+                    })
+        })
+    }
+    pub fn ip(&self) -> String {
+        if let Some(ip) = self.maybe_x_real_ip()
+            .or_else(||self.maybe_x_forwarded_for())
+            .or_else(|| self.maybe_forwarded())
+            .or_else(|| None )
+        {
+            format!("{}",ip)
+        } else {
+            format!("{}", self.app_connect_info.remote_addr)
+        }
+    }
+    pub fn req_info(&self) -> HashMap<String,String> {
+        let mut req_data: HashMap<String,String> = HashMap::new();
+        req_data.insert(String::from("agent"), self.agent());
+        req_data.insert(String::from("ip"), self.ip());
+        req_data.insert(String::from("auth"), self.auth());
+        req_data.insert(String::from("ref"), self.referer());
+        req_data.insert(String::from("int"), self.internal());
+        req_data
+    }
+}    
\ No newline at end of file
diff --git a/src/defs/req_settings.rs b/src/defs/req_settings.rs
new file mode 100644
index 0000000..408d3ea
--- /dev/null
+++ b/src/defs/req_settings.rs
@@ -0,0 +1,35 @@
+use serde::{Serialize, Deserialize, Deserializer};
+use std::collections::HashMap;
+
+fn default_config_resource() -> String {
+    String::from("")
+}
+fn default_sitewith() -> Vec<String> {
+    Vec::new()
+}
+fn default_config_tpls() -> HashMap<String,String> {
+  HashMap::new()
+}
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct ReqSettings {
+    pub name: String,
+    pub author: String,
+    pub fullname: String,
+    pub desc: String,
+       #[serde(default = "default_config_resource")]
+    pub url: String,
+       #[serde(default = "default_config_resource")]
+    pub trace_url: String,
+       #[serde(default = "default_config_resource")]
+    pub title: String,
+       #[serde(default = "default_config_resource")]
+    pub subtitle: String,
+       #[serde(default = "default_config_resource")] 
+    pub pagetitle: String,
+        #[serde(default = "default_config_tpls")]
+    pub tpls: HashMap<String,String>,
+      #[serde(default = "default_config_resource")]
+    pub sid: String,
+       #[serde(default = "default_sitewith")]
+    pub sitewith: Vec<String>,
+}
\ No newline at end of file
diff --git a/src/defs/session.rs b/src/defs/session.rs
new file mode 100644
index 0000000..34565af
--- /dev/null
+++ b/src/defs/session.rs
@@ -0,0 +1,403 @@
+//use async_trait::async_trait;
+use async_session::{Session, SessionStore,MemoryStore};
+use async_sqlx_session::SqliteSessionStore;
+
+// use axum::{
+//     http::{
+//         StatusCode,
+//         request::Parts,
+//     },
+//     extract::FromRequestParts,
+// };
+// use tower_cookies::Cookies;
+use std::sync::{Arc,Mutex};
+use rand_chacha::ChaCha8Rng;
+pub type Random = Arc<Mutex<ChaCha8Rng>>;
+
+use crate::{
+//    SESSION_COOKIE_NAME,
+    defs::{
+        FileStore,
+        AppDBs,
+        SESSION_ID,
+        USER_DATA,
+    },
+    users::{
+        User,
+        UserStatus,
+    },
+};
+
+#[derive(Clone)]
+pub enum SessionStoreDB {
+    Files(FileStore),
+    SqlLite(SqliteSessionStore),
+    Memory(MemoryStore),
+    None,
+}
+/// In `SessionStoreDB` creation match the corresponding store to return it as item argument 
+impl SessionStoreDB {
+    pub fn connect_file_store(store: FileStore) -> Self{
+        SessionStoreDB::Files(store)
+    }
+    pub fn connect_memory_store() -> Self{
+        SessionStoreDB::Memory(MemoryStore::new())
+    } 
+    pub fn connect_sqlite_store(store: SqliteSessionStore) -> Self{
+        SessionStoreDB::SqlLite(store)
+    } 
+    pub async fn store_session_data(id: &str, user_data: &str, expire: u64, app_dbs: &AppDBs) -> String {
+        // dbg!("user_data: {}",&user_data);
+        let mut session = Session::new();
+        if ! id.is_empty() {
+            session.insert(SESSION_ID, id).unwrap_or_else(|e|{
+                println!("Error insert session {}",e);
+            });
+        }
+        if ! user_data.is_empty() {
+            session.insert(USER_DATA, user_data).unwrap_or_else(|e|{
+                println!("Error insert session {}",e);
+            });
+        }
+        if expire > 0 {
+            session.expire_in(std::time::Duration::from_secs(expire));
+        } else if app_dbs.config.session_expire > 0 {
+            session.expire_in(std::time::Duration::from_secs(app_dbs.config.session_expire));
+        }
+        //session.into_cookie_value().unwrap_or_default()
+        match app_dbs.sessions_store_db.to_owned() {
+            SessionStoreDB::Files(store) => {
+                store.store_session(session).await.unwrap_or_else(|e|{
+                    println!("Error store session {}",e);
+                    None
+                }).unwrap_or_default()
+            },
+            SessionStoreDB::SqlLite(store) => {
+               store.store_session(session).await.unwrap_or_else(|e|{
+                    println!("Error store session {}",e);
+                    None
+                }).unwrap_or_default() 
+            },
+            SessionStoreDB::Memory(store) => {
+                store.store_session(session).await.unwrap_or_else(|e|{
+                    println!("Error store session {}",e);
+                    None
+                }).unwrap_or_default()
+            },
+            SessionStoreDB::None => {
+                String::from("")
+            },
+        }
+    }
+    pub async fn update_session_data(session: Session, app_dbs: &AppDBs) -> String {
+        //session.into_cookie_value().unwrap_or_default()
+        let cur_session = session.clone();
+        match app_dbs.sessions_store_db.to_owned() {
+            SessionStoreDB::Files(store) => {
+                store.store_session(session).await.unwrap_or_else(|e|{
+                    println!("Error store session {}",e);
+                    None
+                }).unwrap_or_default()
+            },
+            SessionStoreDB::SqlLite(store) => {
+                let _ = store.destroy_session(session).await;
+                store.store_session(cur_session).await.unwrap_or_else(|e|{
+                    println!("Error store session {}",e);
+                    None
+                }).unwrap_or_default() 
+            },
+            SessionStoreDB::Memory(store) => {
+                store.store_session(session).await.unwrap_or_else(|e|{
+                    println!("Error store session {}",e);
+                    None
+                }).unwrap_or_default()
+            },
+            SessionStoreDB::None => {
+                String::from("")
+            },
+        }
+    }
+    pub async fn cleanup_data(app_dbs: &AppDBs) {
+        //session.into_cookie_value().unwrap_or_default()
+        match app_dbs.sessions_store_db.to_owned() {
+            SessionStoreDB::Files(store) => {
+                let _ = store.cleanup().await;
+            },
+            SessionStoreDB::SqlLite(store) => {
+                let _ = store.cleanup().await;
+            },
+            SessionStoreDB::Memory(store) => {
+                let _ = store.cleanup().await;
+            },
+            SessionStoreDB::None => {
+            },
+        }
+    }
+}
+
+#[derive(Clone, Default, Debug)]
+pub struct AuthState{
+    pub session: Option<Session>,
+    pub user: Option<User>, 
+}
+impl AuthState {
+    // pub fn new(session: Session, user: User) -> Self {
+    //     let sid = session.get("sid").unwrap_or_default();
+    //     let user_store = &app_dbs.user_store;
+    //     let user = User::select("id", sid, user_store).await.unwrap_or_default();
+    //     //let user = User::from_id(sid, app_dbs);
+    //     Self {
+    //         session,
+    //         user
+    //     }
+    // }
+    // pub fn sid(&self) -> String {
+    //     if let Some(session) = &self.session {
+    //         session.get("sid").unwrap_or_default()
+    //     } else {
+    //         String::from("")
+    //     }
+    // }
+    pub fn id(&self) -> String {
+        if let Some(session) = &self.session {
+            session.id().to_owned()
+        } else {
+            String::from("")
+        }
+    }
+    #[allow(dead_code)]
+    pub fn ses_expired(&self) -> bool {
+        if let Some(session) = &self.session {
+            session.is_expired()
+        } else {
+            true
+        }
+    }
+    pub fn ses_destroyed(&self) -> bool {
+        if let Some(session) = &self.session {
+            session.is_destroyed()
+        } else {
+            true
+        }
+    }
+    pub fn destroy(&self) -> bool {
+        if let Some(mut session) = self.session.to_owned() {
+            session.destroy();
+            self.ses_destroyed()
+        } else {
+            true
+        }
+    }
+    #[allow(dead_code)]
+    pub fn ses_validate(&self) -> bool {
+        if let Some(session) = &self.session {
+            session.clone().validate().is_some()
+        } else {
+            false
+        }
+    }
+    pub fn user_data(&self) -> Vec<String> {
+        if let Some(session) = &self.session {
+            let user_data: String = session.get(USER_DATA).unwrap_or_default();
+            user_data.split("|").map(|s| s.to_string()).collect()
+        } else {
+            Vec::new()
+        }
+    }
+    pub fn user_id(&self) -> String {
+        let user_data = self.user_data();
+        if user_data.len() > 0 && user_data[0] != "0" {
+            user_data[0].to_owned()
+        } else {
+            String::from("")
+        }
+    }
+    pub fn user_name(&self) -> String {
+        let user_data = self.user_data();
+        if user_data.len() > 1 && user_data[1] != "" {
+            user_data[1].to_owned()
+        } else {
+            String::from("")
+        }
+    }
+    pub fn user_email(&self) -> String {
+        let user_data = self.user_data();
+        if user_data.len() > 2 && user_data[2] != "" {
+            user_data[2].to_owned()
+        } else {
+            String::from("")
+        }
+    }
+    pub fn user_roles(&self) -> String {
+        let user_data = self.user_data();
+        if user_data.len() > 3 && user_data[3] != "" {
+            user_data[3].to_owned()
+        } else {
+            String::from("")
+        }
+    } 
+    pub fn user_items(&self) -> String {
+        let user_data = self.user_data();
+        if user_data.len() > 4 && user_data[4] != "" {
+            user_data[4].to_owned()
+        } else {
+            String::from("")
+        }
+    } 
+    pub fn is_admin(&self) -> bool {
+        let user_data = self.user_data();
+        if user_data.len() > 5 && user_data[5] != "" {
+            user_data[5] == "true"  || user_data[5] == "1"
+        } else {
+            false
+        }
+    } 
+    #[allow(dead_code)]
+    pub fn user_status(&self) -> UserStatus {
+        let user_data = self.user_data();
+        if user_data.len() > 6 && user_data[6] != "" {
+            UserStatus::from_str(&user_data[6])
+        } else {
+            UserStatus::Unknown
+        }
+    } 
+    pub fn has_auth_role(&self, auth_roles: &Vec<String>) -> bool {
+        let roles = self.user_roles();
+        for role in auth_roles.to_owned() {
+            if roles.contains(&role) {
+                return true;
+            }
+        }
+        return false;
+    }
+    pub async fn expire_in(&mut self, expire_secs: u64, app_dbs: &AppDBs ) -> Self {
+        if let Some(mut session) = self.session.to_owned() {
+            session.expire_in(std::time::Duration::from_secs(expire_secs));
+            let _ = SessionStoreDB::update_session_data(session.to_owned(),&app_dbs).await;
+            Self {
+                session: Some(session),
+                user: self.user.to_owned(),
+            }
+        } else {
+            self.to_owned()
+        }
+    } 
+    #[allow(dead_code)]
+    pub async fn from_data(&self, app_dbs: &AppDBs) -> Self {
+        let user_id = self.user_id();
+        let user = if !user_id.is_empty() {
+            // dbg!(&user_id);
+            match User::select("id", &user_id, false, &app_dbs.user_store).await {
+                Ok(user) => Some(user),
+                Err(e) => {
+                    println!("Error user {}: {:#}",&user_id,e);
+                    None
+                }
+            }
+        } else {
+            None
+        };
+        // dbg!(&user);
+        Self {
+            session: self.session.to_owned(),
+            user,
+        }
+    }
+    pub async fn from_cookie(session_cookie: String, app_dbs: &AppDBs) -> Self {
+        let result_session = match app_dbs.sessions_store_db.to_owned() {
+            SessionStoreDB::Files(store) => 
+                store
+                    .load_session(session_cookie)
+                    .await
+            ,
+            SessionStoreDB::SqlLite(store) =>
+                store
+                    .load_session(session_cookie)
+                    .await
+            ,
+            SessionStoreDB::Memory(store) => 
+                store
+                    .load_session(session_cookie.to_string())
+                    .await
+            ,
+            SessionStoreDB::None => {
+                dbg!("No store");
+                return AuthState::default();
+            },
+        };
+        // dbg!(&result_session);
+        match result_session {
+            Ok(op_session) => if let Some(session) = op_session {
+                if let Some(sid) = session.get::<String>("sid") {
+                    // dbg!(
+                    //     "UserDataFromSession: session decoded success, user_data={}",
+                    //     &session
+                    // );
+                    let user_store = &app_dbs.user_store;
+                    let user = User::select("id", &sid, false, user_store).await.unwrap_or_default();
+                    return AuthState {
+                        session: Some(session),
+                        user: Some(user)
+                    };
+                } else {
+                    println!("No `sid` found in session");
+                }
+            },
+            Err(e) => {
+                println!("Error session {}", e);
+            }
+        }  
+        AuthState::default()
+    }
+}
+
+/*
+#[async_trait]
+impl<S> FromRequestParts<S> for AuthState
+where
+    S: Send + Sync,
+{
+    type Rejection = (StatusCode, &'static str);
+
+    async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {
+        // let h = parts.headers.to_owned();
+        // dbg!(&h);
+/*
+        if let Some(app_dbs) = parts.extensions.get::<Arc<AppDBs>>()  {
+            if let Some(cookies) = parts.extensions.get::<Cookies>()  {
+                if let Some(s_cookie) = cookies.get(SESSION_COOKIE_NAME) {
+                    let session_cookie = s_cookie.to_string().replace(&format!("{}=",SESSION_COOKIE_NAME),"");
+                    println!("From request parts cookie: {}",session_cookie);
+                    // continue to decode the session cookie
+                    // return Ok(
+                    //     AuthState::from_cookie(session_cookie, app_dbs).await
+                    // );           
+                } 
+            }
+        }
+        */
+        Ok(AuthState::default())
+        // Err((
+        //     StatusCode::INTERNAL_SERVER_ERROR,
+        //     "No `user_data` found in session",
+        // ))
+        // let cookie = Option::<Cookie>::g(parts, state);
+        // let cookie = Cookies::get(parts, state);
+        // if let Some(_user_agent) = parts.headers.get(USER_AGENT) {
+        //     Ok(AuthState(None))
+        // } else {
+        //     Err((StatusCode::BAD_REQUEST, "`User-Agent` header is missing"))
+        // }
+//         let cookie = Option::<TypedHeader<Cookie>>::from_request_parts(req, state)
+        //let cookies = Cookies::from(pa, state).await?;
+
+//         let info: String = cookies
+//             .get(SESSION_COOKIE_NAME)
+// //            .and_then(|c| c.value().parse().ok())
+//             .unwrap_or_default()
+//             ;
+//         dbg!(&info);
+//         //cookies.add(Cookie::new(COOKIE_NAME, visited.to_string()));
+     }
+}
+*/
\ No newline at end of file
diff --git a/src/defs/totp_algorithm.rs b/src/defs/totp_algorithm.rs
new file mode 100644
index 0000000..22f0379
--- /dev/null
+++ b/src/defs/totp_algorithm.rs
@@ -0,0 +1,37 @@
+use serde::{Deserialize,Serialize,Deserializer};
+
+#[derive(Eq, PartialEq, Clone, Serialize, Debug, Deserialize)]
+pub enum TotpAlgorithm {
+  Sha1,
+  Sha256,
+  Sha512,
+}
+impl Default for TotpAlgorithm {
+    fn default() -> Self {
+       TotpAlgorithm::Sha1
+    }
+}
+impl std::fmt::Display for TotpAlgorithm {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            TotpAlgorithm::Sha1 => write!(f,"sha1"),
+            TotpAlgorithm::Sha256 => write!(f,"sha256"),
+            TotpAlgorithm::Sha512 => write!(f,"sha512"),
+        }
+    }
+}
+impl TotpAlgorithm {
+    pub fn from_str(value: &str) -> TotpAlgorithm {
+        match value {
+            "sha1" |  "SHA1" => TotpAlgorithm::Sha1,
+            "sha512" |  "SHA512" => TotpAlgorithm::Sha512,
+            "sha256" |  "SHA256" => TotpAlgorithm::Sha256,
+            _ => TotpAlgorithm::default(),
+        }
+    }
+}
+pub fn deserialize_totp_algorithm<'de, D>(deserializer: D) -> Result<TotpAlgorithm, D::Error>
+where D: Deserializer<'de> {
+    let buf = String::deserialize(deserializer)?;
+    Ok(TotpAlgorithm::from_str(&buf))
+}
diff --git a/src/defs/totp_mode.rs b/src/defs/totp_mode.rs
new file mode 100644
index 0000000..fc40ec1
--- /dev/null
+++ b/src/defs/totp_mode.rs
@@ -0,0 +1,37 @@
+use serde::{Deserialize,Serialize,Deserializer};
+
+#[derive(Eq, PartialEq, Clone, Serialize, Debug, Deserialize)]
+pub enum TotpMode {
+  Mandatory,
+  Optional,
+  No,
+}
+impl Default for TotpMode {
+    fn default() -> Self {
+       TotpMode::No
+    }
+}
+impl std::fmt::Display for TotpMode {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            TotpMode::Mandatory => write!(f,"mandatory"),
+            TotpMode::Optional => write!(f,"optional"),
+            TotpMode::No => write!(f,"no"),
+        }
+    }
+}
+impl TotpMode {
+    pub fn from_str(value: &str) -> TotpMode {
+        match value {
+            "mandatory" | "Mandaltory" | "required" | "Required"  => TotpMode::Mandatory,
+            "optional" |  "Optional" => TotpMode::Optional,
+            "no" |  "No" => TotpMode::No,
+            _ => TotpMode::default(),
+        }
+    }
+}
+pub fn deserialize_totp_mode<'de, D>(deserializer: D) -> Result<TotpMode, D::Error>
+where D: Deserializer<'de> {
+    let buf = String::deserialize(deserializer)?;
+    Ok(TotpMode::from_str(&buf))
+}
diff --git a/src/defs/tracedata.rs b/src/defs/tracedata.rs
new file mode 100644
index 0000000..0bcfa43
--- /dev/null
+++ b/src/defs/tracedata.rs
@@ -0,0 +1,290 @@
+use serde::{Deserialize,Serialize};
+use std::{
+    io::Write,
+    // sync::Arc,
+    fmt::Debug,
+    fs::{self,File},
+    path::{Path, PathBuf},
+    io::{Error, ErrorKind, BufRead, BufReader},
+    collections::HashMap,
+};
+use log::error;
+use crate::{ 
+    defs::{
+        FILE_SCHEME,
+        SID_TRACE_FILE,
+        Config, 
+    },
+    tools::str_date_from_timestamp,
+};
+
+fn default_empty() -> String {
+  "/".to_string()
+}
+fn default_tracedata_items() -> Vec<TraceContent> {
+  Vec::new()
+}
+fn default_tracecontent() -> TraceContent {
+  TraceContent::default()
+}
+fn default_tracecontent_req() -> HashMap<String,String> {
+  HashMap::new()
+}
+
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct RequestData {
+    #[serde(default = "default_empty")]
+    pub agent: String,
+}
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct TraceContent {
+    #[serde(default = "default_empty")]
+    pub when: String,
+    #[serde(default = "default_empty")]
+    pub sid: String,
+    #[serde(default = "default_empty")]
+    pub origin: String,
+    #[serde(default = "default_empty")]
+    pub trigger: String,
+    #[serde(default = "default_empty")]
+    pub id: String,
+    #[serde(default = "default_empty")]
+    pub info: String,
+    #[serde(default = "default_empty")]
+    pub context: String,
+    #[serde(default = "default_empty")]
+    pub role: String,
+    #[serde(default = "default_tracecontent_req")]
+    pub req: HashMap<String,String>,
+}
+impl TraceContent {
+    pub fn to_json(&self) -> String {
+        serde_json::to_string(self).unwrap_or_else(|e|{
+            println!("Error to convert TraceContent to json: {}",e);
+            String::from("")
+        })
+    }
+}
+
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct TraceLogContent {
+    #[serde(default = "default_empty")]
+    pub line_id: String,
+    #[serde(default = "default_tracecontent")]
+    pub content: TraceContent,
+}
+
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct TraceData {
+    #[serde(default = "default_empty")]
+    pub user_id: String, 
+    #[serde(default = "default_empty")]
+    pub timestamp: String, 
+    #[serde(default = "default_tracedata_items")]
+    pub contents: Vec<TraceContent>,
+}
+impl TraceData {
+    fn id_path(&self, file: &str, config: &Config) -> String {
+        if self.user_id.is_empty() {
+            format!("{}/{}",
+                config.trace_store_uri.replace(FILE_SCHEME, ""),
+                file)
+        } else {
+            format!("{}/{}/{}",
+                config.trace_store_uri.replace(FILE_SCHEME, ""),
+                self.user_id,file)
+        }
+    }
+    fn write_data(&self, file_path: &str, data: &str, overwrite: bool, verbose: u8 ) -> std::io::Result<()> {
+        let check_path = |path: &Path| -> std::io::Result<()> {
+            if ! Path::new(&path).exists() {
+                if let Err(e) = std::fs::create_dir(&path) {
+                    return Err(Error::new( ErrorKind::InvalidInput,
+                        format!("Error create path {}: {}",&path.display(), e)
+                    ));
+                }
+            }
+            Ok(())
+        };
+        if file_path.is_empty() || data.is_empty() {
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                format!("Error save {}",&file_path)
+            ));
+        }
+        if ! Path::new(&file_path).exists() {
+            let path = PathBuf::from(&file_path);
+            if let Some(dir_path) =  path.parent() {
+                if ! Path::new(&dir_path).exists() {
+                    if let Some(parent_dir_path) = dir_path.parent() { 
+                        if ! Path::new(&parent_dir_path).exists() {
+                            let res = check_path(&parent_dir_path);
+                            if res.is_err() { return res; }
+                        }
+                    }
+                    let res = check_path(&dir_path);
+                    if res.is_err() { return res; }
+                }
+            }
+        }
+        if overwrite || ! Path::new(&file_path).exists() {
+            fs::write(&file_path, data)?;
+            if verbose > 2  { println!("Overwrite: {}",&file_path); }
+        } else {
+            let sid_settings_file = fs::OpenOptions::new()
+                .write(true)
+                .append(true) // This is needed to append to file
+                .open(&file_path);
+            if let Ok(mut file) = sid_settings_file {
+                file.write_all(data.as_bytes())?;
+            }
+            if verbose > 2 { println!("write: {}",&file_path); }
+        }
+        Ok(())
+    }
+    pub fn contents_to_json(&self) -> Vec<String> {
+        self.contents.clone().into_iter().map(|item| item.to_json()).collect()
+    }
+    pub fn save(&self, config: &Config, overwrite: bool) -> std::io::Result<()> {
+        let file_trace_path = self.id_path(&format!("{}",SID_TRACE_FILE), config);
+        let contents = self.contents_to_json();
+        let mut result = Ok(());
+        let cnt_lines = contents.len();
+        let lines = if cnt_lines > 0 {
+            cnt_lines - 1
+        } else {
+            cnt_lines
+        };
+        let mut write_overwrite = overwrite;
+        for (idx, line) in contents.iter().enumerate() {
+            let prfx = if idx == 0 && Path::new(&file_trace_path).exists() {
+              ",\n"
+            } else {
+              ""
+            };
+            let sfx = if idx == lines {
+                ""
+            } else {
+                ",\n"
+            };
+           result = self.write_data(
+                &file_trace_path, 
+                format!("{}{}{}",&prfx,&line,&sfx).as_str(),
+                write_overwrite,
+                config.verbose
+            );
+            let _ = result.as_ref().unwrap_or_else(|e|{
+                println!("Error save trace contets: {} line {}",&e, &idx);
+                &()
+            });
+            if write_overwrite { write_overwrite = false}
+            if result.is_err() { break; }
+        }
+        result
+    }
+    
+    pub fn get_reader(self, config: &Config) -> std::io::Result<BufReader<File>> { 
+        let file_path = self.id_path(&format!("{}",SID_TRACE_FILE), config);
+        if ! Path::new(&file_path).exists() {
+            error!("Error file path not exist: {}",&file_path);
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                format!("Error file path not exist: {}",file_path)
+            ));
+        }
+        let file = File::open(&file_path)?;
+        let reader = BufReader::new(file);
+        Ok(reader)
+    }
+    pub fn load(&self, config: &Config, human: bool, reverse: bool) -> Vec<TraceLogContent> {
+        let mut log: Vec<TraceLogContent> = Vec::new();
+        match self.clone().get_reader(config) {
+            Ok(reader) => {
+                let mut line_pos = 0;
+                for line in reader.lines() {
+                    line_pos +=1;
+                    let line = match line {
+                        Ok(res) => if res.ends_with(",") {
+                            res[0..res.len() - 1].to_owned()
+                        } else {
+                            res
+                        },
+                        Err(_) => continue,
+                    };
+                    if ! line.is_empty() {
+                        let mut log_line: TraceContent = serde_json::from_str(&line).unwrap_or_else(|e| {
+                            println!("Error parse load line {}: {}", &line_pos,e);
+                            TraceContent::default()
+                        });
+                        if ! log_line.when.is_empty() { 
+                            let line_id = log_line.when.to_owned();
+                            if human { 
+                                log_line.when =  str_date_from_timestamp(&log_line.when);
+                            }
+                            log.push(TraceLogContent { line_id, content: log_line }) 
+                        }
+                    }
+                } 
+            },
+            Err(e) =>  {
+                error!("Error on load log: {}",e);
+            }
+        }
+        if reverse { log.reverse(); }
+        log
+    }
+    pub fn clean(&self, config: &Config, line_id: &str) -> std::io::Result<()> {
+        let file_path = self.id_path(&format!("{}",SID_TRACE_FILE), config);
+        if ! Path::new(&file_path).exists() {
+            error!("Error file path not exist: {}",&file_path);
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                format!("Error file path not exist: {}",file_path)
+            ));
+        }
+        if  line_id == "ALL" {
+            std::fs::remove_file(&file_path)
+        } else {
+            let mut log: Vec<TraceContent> = Vec::new();
+            match self.clone().get_reader(config) {
+                Ok(reader) => {
+                    let mut line_pos = 0;
+                    for line in reader.lines() {
+                        line_pos +=1;
+                        let line = match line {
+                            Ok(res) => if res.ends_with(",") {
+                                res[0..res.len() - 1].to_owned()
+                            } else {
+                                res
+                            },
+                            Err(_) => continue,
+                        };
+                        if ! line.is_empty() {
+                            let log_line: TraceContent = serde_json::from_str(&line).unwrap_or_else(|e| {
+                                println!("Error parse load line {}: {}", &line_pos,e);
+                                TraceContent::default()
+                            });
+                            if ! log_line.when.is_empty() && log_line.when != line_id {
+                                log.push(log_line) 
+                            }
+                        }
+                    } 
+                },
+                Err(e) =>  {
+                    error!("Error on load log: {}",e);
+                }
+            }
+            if log.len() == 0 { return std::fs::remove_file(&file_path) }
+            let trace_data = TraceData { 
+                user_id: self.user_id.to_owned(),
+                timestamp: String::from(""),
+                contents: log
+            };
+            trace_data.save(config, true).unwrap_or_else(|e|{
+                println!("Error save filter {} to path {}: {}",line_id, &file_path,&e);
+                error!("Error save filter {} to path {}: {}",&line_id, &file_path,e);
+            });
+            Ok(())
+        }
+    }
+}
diff --git a/src/handlers.rs b/src/handlers.rs
new file mode 100644
index 0000000..bba8cf0
--- /dev/null
+++ b/src/handlers.rs
@@ -0,0 +1,15 @@
+mod users_handlers;
+mod other_handlers;
+mod pages_handlers;
+mod admin_handlers;
+
+pub(crate) use users_handlers::users_router_handlers;
+pub(crate) use admin_handlers::admin_router_handlers;
+pub(crate) use pages_handlers::pages_router_handlers;
+
+pub(crate) use other_handlers::{
+    rewrite_request_uri,
+    add_session_cookie,
+    get_auth_state,
+    handle_404,
+};
\ No newline at end of file
diff --git a/src/handlers/admin_handlers.rs b/src/handlers/admin_handlers.rs
new file mode 100644
index 0000000..2aa8327
--- /dev/null
+++ b/src/handlers/admin_handlers.rs
@@ -0,0 +1,742 @@
+use std::sync::Arc;
+use axum::{
+    http::{
+        StatusCode,
+        Uri,
+        header::HeaderMap,
+    },
+    Json,
+    routing::{get,post},
+    Extension,
+    extract::ConnectInfo,
+    response::{IntoResponse,Response,Redirect},
+    Router,
+};
+use tower_cookies::Cookies;
+
+use crate::{
+    route,
+    defs::{
+        AppDBs,
+        Random,
+        ReqHandler,
+        ReqHeaderMap,
+        AppConnectInfo, TraceData,
+    },
+    users::{
+        User,
+        UserItem,
+        UserStatus,
+    },
+    handlers::{
+        add_session_cookie,
+        get_auth_state,
+    },
+};
+pub fn admin_router_handlers() -> Router {
+    async fn users_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "users_handler"
+        );
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let usrs = match User::list(&app_dbs.user_store, true, false, "").await {
+            Ok(data) => data,
+            Err(e) => {
+                let _ = req_handler.trace_req(format!("Error list users: {}",e));
+                println!("Error list users: {}",e);
+                Vec::new()
+            },
+        };
+        req_handler.context.insert("usrs", &usrs);
+        req_handler.context.insert("total_usrs", &usrs.len());
+        req_handler.context.insert("with_menu", "1");
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("users") {
+            req_handler.render_template(&tpl,"Users")
+        } else {
+            String::from("Users")
+        };
+        let _ = req_handler.trace_req(format!("Render users list"));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+     async fn user_get_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_get_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error"
+           ).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        res_headers.append(axum::http::header::CONTENT_TYPE,"application/json; charset=utf-8".parse().unwrap());
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        let mut user_sel = User::select(&user_item.name, &user_item.value, true,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            // User not exists
+            let _ = req_handler.trace_req(format!("User '{}' = {}' not found",&user_item.name, &user_item.value));
+            return (
+                StatusCode::BAD_REQUEST,
+                res_headers,
+                "Error"
+            ).into_response();
+        }
+        user_sel.password = String::from("");
+        user_sel.otp_base32 = String::from("");
+        let result = serde_json::to_string(&user_sel).unwrap_or_else(|e|{
+            let msg = format!("Error to convert user items to json: {}",e);
+            println!("{}", &msg);
+            let _ = req_handler.trace_req(msg);
+            String::from("")
+        });
+        let _ = req_handler.trace_req(format!("User: {} get data", &user_sel.id));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn user_save_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(new_user): Json<User>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_save_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error"
+           ).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        res_headers.append(axum::http::header::CONTENT_TYPE,"text/plain; charset=utf-8".parse().unwrap());
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        if !auth_state.is_admin() {
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        let mut user_sel = User::select("id", &format!("{}",&new_user.id), false,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            // User not exists
+            return (
+                StatusCode::BAD_REQUEST,
+                res_headers,
+                "Error"
+            ).into_response();
+        }
+        user_sel.from_user(new_user);
+        let user_data = user_sel.session_data();
+        if user_sel.update(&app_dbs.user_store).await.is_err() {
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let session_token = req_handler.new_token();
+        let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+        if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+        let result = String::from("Ok");
+        (
+            res_headers,
+            result 
+        ).into_response()
+    }
+     async fn user_delete_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_delete_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error"
+           ).into_response();
+        }
+        // let req_handler = ReqHandler::new(
+        let mut res_headers = HeaderMap::new();
+        res_headers.append(axum::http::header::CONTENT_TYPE,"application/json; charset=utf-8".parse().unwrap());
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        let user_sel = User::select(&user_item.name, &user_item.value, true,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+             let _ = req_handler.trace_req(format!("User '{}' not found",&user_id));
+            // User not exists
+            return (
+                StatusCode::BAD_REQUEST,
+                res_headers,
+                "Error"
+            ).into_response();
+        }
+        let result = match User::delete(user_sel.id,&app_dbs.user_store).await {
+            Ok(val) => if val {
+                let _ = req_handler.trace_req(format!("User '{}' delete",&user_id));
+                format!("Ok")
+            } else {
+                let _ = req_handler.trace_req(format!("Error delete user '{}'" ,&user_id));
+                format!("Error user not deleted")
+            },
+            Err(e) => {
+                let _ = req_handler.trace_req(format!("Delte user '{}' Error: {}",&user_id,e));
+                println!("Error delete user: {}", e);
+                format!("Error on delete user")
+            }
+        };
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn user_as_admin_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_as_admin_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+               StatusCode::UNAUTHORIZED,
+               req_handler.req_header.header,
+               "Error"
+           ).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        res_headers.append(axum::http::header::CONTENT_TYPE,"application/json; charset=utf-8".parse().unwrap());
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        let mut user_sel = User::select(&user_item.name, &user_item.value, true,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("User '{}' = '{}' not found",&user_item.name, &user_item.value));
+            // User not exists
+            return (
+                StatusCode::BAD_REQUEST,
+                res_headers,
+                "Error"
+            ).into_response();
+        }
+        let result = if user_sel.isadmin {
+            let _ = req_handler.trace_req(format!("User '{}' already admin",&user_id));
+            format!("User already admin")
+        } else {
+            user_sel.isadmin = true;
+            let user_data = user_sel.session_data();
+            match user_sel.update(&app_dbs.user_store).await {
+                Ok(_) => {
+                    let _ = req_handler.trace_req(format!("User '{}' updated",&user_id));
+                    let session_token = req_handler.new_token();
+                    let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+                    if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+                    String::from("Ok")
+                },
+                Err(e) => {
+                    let _ = req_handler.trace_req(format!("User '{}' update error: {}",&user_id,e));
+                    return (
+                        StatusCode::BAD_REQUEST,
+                        req_handler.req_header.header,
+                        "Error"
+                    ).into_response()
+                }
+            }
+
+        };
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn user_disable_totp_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_disable_totp_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error"
+           ).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        res_headers.append(axum::http::header::CONTENT_TYPE,"application/json; charset=utf-8".parse().unwrap());
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        let mut user_sel = User::select(&user_item.name, &user_item.value, true,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            // User not exists
+            let _ = req_handler.trace_req(format!("User '{}' = '{}' not found",&user_item.name, &user_item.value));
+            return (
+                StatusCode::BAD_REQUEST,
+                res_headers,
+                "Error"
+            ).into_response();
+        }
+        let result = if user_sel.otp_enabled && !user_sel.otp_base32.is_empty() {
+            user_sel.disable_totp();
+            let user_data = user_sel.session_data();
+            match user_sel.update(&app_dbs.user_store).await {
+                Ok(_) => {
+                    let session_token = req_handler.new_token();
+                    let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+                    if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+                    String::from("Ok")
+                },
+                Err(e) => {
+                    let _ = req_handler.trace_req(format!("User '{}' = '{}' TOTP update error: {}",&user_item.name,&user_item.value,e)); 
+                    return (
+                        StatusCode::BAD_REQUEST,
+                        req_handler.req_header.header,
+                        "Error"
+                    ).into_response();
+                }
+            }
+        } else {
+            let _ = req_handler.trace_req(format!("User '{}' TOTP no enabled",&user_sel.id)); 
+            format!("User does not have TOTP enabled")
+        };
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn user_passwd_reset_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_passwd_reset_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error"
+           ).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        res_headers.append(axum::http::header::CONTENT_TYPE,"application/json; charset=utf-8".parse().unwrap());
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        let mut user_sel = User::select(&user_item.name, &user_item.value, true,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            // User not exists
+            let _ = req_handler.trace_req(format!("User '{}' = '{}' not found",&user_item.name, &user_item.value));
+            return (
+                StatusCode::BAD_REQUEST,
+                res_headers,
+                "Error"
+            ).into_response();
+        }
+        if user_sel.status != UserStatus::Active {
+            let _ = req_handler.trace_req(format!("User '{}' is not '{}' state",&user_item.value, UserStatus::Active));
+            (
+                StatusCode::BAD_REQUEST,
+                res_headers,
+                "Error User not active !!"
+            ).into_response()
+        } else {
+            user_sel.status = UserStatus::Pending;
+            // TODO send email notification and redirect in login to completed pending task
+            let user_data = user_sel.session_data();
+            match user_sel.update(&app_dbs.user_store).await {
+                Ok(_) => {
+                    let session_token = req_handler.new_token();
+                    let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+                    if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+                    let result = String::from("Ok");
+                    (
+                      res_headers,
+                      result.to_owned()
+                    ).into_response()
+                },
+                Err(e) => {
+                    let _ = req_handler.trace_req(format!("User '{}' update error: {}",&user_item.value, e));
+                    (
+                       StatusCode::BAD_REQUEST,
+                       req_handler.req_header.header,
+                       "Error"
+                    ).into_response()
+                }
+            }
+        }
+    }
+    async fn logs_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "log_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        let logs = req_handler.logs("", true, true);
+        let usr = User::default();
+        req_handler.context.insert("user",&usr);
+        req_handler.context.insert("logs", &logs);
+        req_handler.context.insert("total_logs", &logs.len());
+        req_handler.context.insert("with_menu", "1");
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("logs") {
+            req_handler.render_template(&tpl,"Logs")
+        } else {
+            String::from("Logs")
+        };
+        // Turn off logging this here !!!
+        // let _ = req_handler.trace_req(format!("Render logs"));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn log_id_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        axum::extract::Path(userid): axum::extract::Path<String>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "log_id_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let user_sel = User::select("id", &userid, true,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            // User not exists
+            let _ = req_handler.trace_req(format!("User 'id' = '{}' not found",&userid));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        let logs = req_handler.logs(&userid, true, true);
+        req_handler.context.insert("user", &user_sel);
+        req_handler.context.insert("logs", &logs);
+        req_handler.context.insert("total_logs", &logs.len());
+        req_handler.context.insert("with_menu", "1");
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("logs") {
+            req_handler.render_template(&tpl,"Logs")
+        } else {
+            String::from("Logs")
+        };
+        // Turn off logging this here !!!
+        // let _ = req_handler.trace_req(format!("Render logs id: {}", &userid));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn log_delete_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "log_delete_handler"
+        ); 
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+               StatusCode::UNAUTHORIZED,
+               req_handler.req_header.header,
+               "Error"
+           ).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        res_headers.append(axum::http::header::CONTENT_TYPE,"application/json; charset=utf-8".parse().unwrap());
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        if !auth_state.is_admin() {
+            let _ = req_handler.trace_req(format!("User: {} is not admin",auth_state.user_id()));
+            return (
+                StatusCode::UNAUTHORIZED,
+                res_headers,
+                "Error"
+           ).into_response();
+        }
+        let trace_data = TraceData { user_id: user_item.name.to_owned(), timestamp: String::from(""), contents: Vec::new() };
+        match trace_data.clean(&app_dbs.config, &user_item.value) {
+            Ok(_) => {
+                // Turn off logging this here !!!
+                // let _ = req_handler.trace_req(format!("Log '{}' = '{}' deleted",&user_item.name, &user_item.value));
+                (
+                    res_headers,
+                    "OK".to_owned()
+                ).into_response()
+            },
+            Err(e) => {
+                let msg = format!("Log '{}' = '{}' not deleted",&user_item.name, &user_item.value);
+                let _ = req_handler.trace_req(format!("{}", &msg));
+                println!("Error {}: {}", &msg,e);
+                (
+                   StatusCode::BAD_REQUEST,
+                        res_headers,
+                        "Error"
+                ).into_response()
+            }
+        }
+    }
+    route("/users", get(users_handler))
+        .route("/userget", post(user_get_handler))
+        .route("/usersave", post(user_save_handler))
+        .route("/userdelete", post(user_delete_handler))
+        .route("/userdisabletotp", post(user_disable_totp_handler))
+        .route("/userasadmin", post(user_as_admin_handler))
+        .route("/passwdreset", post(user_passwd_reset_handler))
+        .route("/logs", get(logs_handler))
+        .route("/log/:id", get(log_id_handler))
+        .route("/logdelete", post(log_delete_handler))
+}
\ No newline at end of file
diff --git a/src/handlers/other_handlers.rs b/src/handlers/other_handlers.rs
new file mode 100644
index 0000000..5b7f177
--- /dev/null
+++ b/src/handlers/other_handlers.rs
@@ -0,0 +1,224 @@
+use std::sync::Arc;
+use casbin::CoreApi;
+use axum::{
+    extract::{Request,ConnectInfo},
+    http::{
+        StatusCode,
+    },
+    Extension,
+    response::{IntoResponse,Response,Redirect},
+    middleware::Next, 
+};
+use tower_cookies::{Cookie, Cookies};
+
+use crate::{
+    USER_AGENT,
+    SESSION_COOKIE_NAME,
+    defs::{
+        AppDBs,
+        ServPath,
+        AuthState,
+        SessionStoreDB,
+        TraceData,
+        TraceContent,
+        ReqHeaderMap,
+        AppConnectInfo,
+    },
+};
+
+/* // OLD get_cookie from Request 
+pub fn get_cookie(req: &Request) -> Option<u128> {
+    req
+        .headers()
+        .get_all("Cookie")
+        .iter()
+        .filter_map(|cookie| {
+            cookie
+                .to_str()
+                .ok()
+                .and_then(|cookie| cookie.parse::<Cookie>().ok())
+        })
+        .find_map(|cookie| {
+            (cookie.name() == SESSION_COOKIE_NAME).then(move || cookie.value().to_owned())
+        })
+        .and_then(|cookie_value| cookie_value.parse::<u128>().ok())
+}
+*/
+
+pub async fn add_session_cookie(make: bool, cookies: &Cookies, session_token: &str, user_data: &str, expire: u64, app_dbs: &AppDBs, cookie_path: &str) -> String {
+    if make {
+        cookies.remove(Cookie::new(SESSION_COOKIE_NAME, ""));
+    }
+    let result_store = SessionStoreDB::store_session_data(&session_token,&user_data, expire, &app_dbs).await;
+    if result_store.is_empty() {
+        eprintln!("Unable to store session {}", &app_dbs.config.session_store_uri);
+    } else {
+        let cookie = Cookie::build(SESSION_COOKIE_NAME, result_store.to_owned())
+        //  .domain(domain)
+            .path(format!("{}",cookie_path))
+            .secure(true)
+            .http_only(true)
+            .finish();
+        if make {
+            cookies.add(cookie);
+        }
+    }
+    result_store
+}
+pub async fn get_auth_state(update: bool, cookies: &Cookies, app_dbs: &AppDBs) -> AuthState {
+    if let Some(s_cookie) = cookies.get(SESSION_COOKIE_NAME) {
+        let session_cookie = s_cookie.to_string().replace(&format!("{}=",SESSION_COOKIE_NAME),"");
+        let mut auth_state = AuthState::from_cookie(session_cookie.to_string(), app_dbs).await;
+        if update {
+            let _ = auth_state.expire_in(app_dbs.config.session_expire, &app_dbs).await;
+        }
+        auth_state
+    } else {
+        // eprintln!("get_auth_state: No SESSION COOKIE found ");
+        AuthState::default()
+    }
+}
+pub fn trace_req(uri_path: &str, user_id: String, sid: String, info: String, context: String, role: String, req_header: ReqHeaderMap, app_dbs: &AppDBs) -> std::io::Result<()> {
+    let timestamp = chrono::Utc::now().timestamp().to_string();
+    let trace_content = TraceContent{
+        when: timestamp.to_owned(),
+        sid,
+        origin: uri_path.to_owned(),
+        trigger: String::from("req_handler"),
+        id: user_id.to_owned(),
+        info: info.to_owned(),
+        context,
+        role,
+        req: req_header.req_info(),
+    };
+    let trace_data = TraceData{
+        user_id,
+        timestamp,
+        contents: vec![trace_content]
+    };
+    trace_data.save(&app_dbs.config,false)
+}
+
+pub async fn rewrite_request_uri(
+    Extension(app_dbs): Extension<Arc<AppDBs>>,
+    Extension(cookies): Extension<Cookies>,
+    ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    req: Request, next: Next,
+) -> Result<impl IntoResponse, Response> {
+    // TODO Trace acccess to log or user session file !!!
+    let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+    let uri_path = req.uri().path().to_owned();
+    if uri_path == "/" {
+        return Ok(next.run(req).await);
+    }
+    // For long path is better than:
+    // let arr_root_path: Vec<String> = uri_path.split("/").map(|s| s.to_string()).collect();
+    // let root_path = arr_root_path[1].to_owned();
+    let mut root_path = String::from("/");
+    for it in uri_path.split("/") {
+        if ! it.is_empty() {  
+            root_path = format!("/{}",it.to_owned());
+            break;
+        }
+    }
+    let serv_paths: Vec<ServPath> = app_dbs.config.serv_paths.clone().into_iter().filter(
+        |it| it.is_restricted && it.url_path == root_path
+    ).collect();
+    // Only on First one
+    if serv_paths.len() > 0 {
+        let serv_path = serv_paths[0].to_owned();
+        let name = auth_state.user_name();
+        if name.is_empty() {
+            let uri_path = req.uri().path().to_string();
+            if uri_path.ends_with(".html") {
+                eprintln!("rewrite_request_uri: No user found in session for {}", &uri_path);
+                let new_uri = format!("{}?o={}",&serv_path.not_auth.as_str(),req.uri().path().to_string());
+                let _ = trace_req(&uri_path, auth_state.user_id(),auth_state.id(),
+                    format!("user no name found in session"), String::from("rewrite_request_uri"),
+                    auth_state.user_roles(),
+                    ReqHeaderMap::new(req.headers().to_owned(), &uri_path, &app_connect_info),
+                    &app_dbs);
+                return Err(
+                    Redirect::temporary( &new_uri).into_response()
+                );
+            } else {
+                return Ok(next.run(req).await);
+            } 
+        }
+        let arr_roles: Vec<String> = auth_state.user_roles().split(",").map(|s| s.replace(" ", "").to_string()).collect();
+        let req_method = req.method().to_string();
+        let target_path = serv_path.url_path.to_owned();
+        let enforcer = app_dbs.enforcer.clone();
+        for role in arr_roles {
+            let mut lock = enforcer.write().await;
+            let result = lock.enforce_mut(
+                vec![role.to_owned(),target_path.to_owned(), req_method.to_owned()]
+            ).unwrap_or_else(|e|{
+                println!("Error enforce: {}",e);
+                false
+            });
+            drop(lock); 
+            if result { 
+                if uri_path.ends_with(".html") || app_dbs.config.trace_level > 1  {
+                    let _ = trace_req(&uri_path,auth_state.user_id(),auth_state.id(),
+                    format!("user in session with role {}",role),
+                    String::from("rewrite_request_uri"),
+                    auth_state.user_roles(),
+                    ReqHeaderMap::new(req.headers().to_owned(), &uri_path, &app_connect_info),
+                    &app_dbs);
+                }
+                return Ok(next.run(req).await); 
+            }
+        }
+        // try with email
+        let mut lock = enforcer.write().await;
+        let result = lock.enforce_mut(
+           vec![
+                name,
+                target_path.to_owned(),
+                req_method.to_owned()
+            ]
+        ).unwrap_or_else(|e|{
+            println!("Error enforce: {}",e);
+            false
+        });
+        drop(lock); 
+        if result { return Ok(next.run(req).await); }
+        let new_uri = format!("{}",serv_path.not_auth);
+        let agent = if let Some(user_agent) = req.headers().get(USER_AGENT) {
+           user_agent.to_str().unwrap_or("").to_owned()
+        } else {
+            String::from("")
+        };
+        if uri_path.ends_with(".html") || app_dbs.config.trace_level > 1  {
+            let _ = trace_req(&uri_path,auth_state.user_id(),auth_state.id(),
+                format!("user found in session"),
+                String::from("rewrite_request_uri"),
+                auth_state.user_roles(),
+                ReqHeaderMap::new(req.headers().to_owned(), &uri_path, &app_connect_info),
+                &app_dbs);
+        }
+        if agent.contains("curl") {
+            return Ok(
+                format!("Got to {}",&new_uri).into_response()
+            );
+        } else {
+            return Err(
+                Redirect::temporary(&new_uri).into_response()
+            );
+        }
+    } 
+    if uri_path.ends_with(".html") || app_dbs.config.trace_level > 1  {
+        let _ = trace_req(&uri_path,auth_state.user_id(),auth_state.id(),
+        format!("user in session"),
+        String::from("rewrite_request_uri"),
+        auth_state.user_roles(),
+        ReqHeaderMap::new(req.headers().to_owned(), &uri_path, &app_connect_info),
+        &app_dbs);
+    }
+    Ok(next.run(req).await)
+}
+pub async fn handle_404(_req: Request) -> (StatusCode, &'static str) {
+    (StatusCode::NOT_FOUND, "Not found")
+}
+
diff --git a/src/handlers/pages_handlers.rs b/src/handlers/pages_handlers.rs
new file mode 100644
index 0000000..e816df9
--- /dev/null
+++ b/src/handlers/pages_handlers.rs
@@ -0,0 +1,109 @@
+use std::sync::Arc;
+use axum::{
+    //extract::{self,Request,Query},
+    http::{
+//        StatusCode,
+        Uri,
+        header::HeaderMap,// HeaderValue},
+    },
+//    Json,
+    routing::get,
+    Extension,
+    extract::ConnectInfo,
+    response::{IntoResponse,Response},
+//    http::Request, handler::HandlerWithoutStateExt, http::StatusCode, routing::get, Router,    
+    Router,
+};
+use tower_cookies::Cookies;
+
+use crate::{
+    route,
+    defs::{
+        AppDBs,
+        Random,
+        ReqHandler,
+        ReqHeaderMap,
+        AppConnectInfo,
+    },
+    handlers::get_auth_state,
+};
+
+pub fn pages_router_handlers() -> Router {
+    async fn page_handler(
+        //req: Request,
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        axum::extract::Path(name): axum::extract::Path<String>,
+        //auth_state: AuthState,
+    ) -> Response {
+        // if let Some(cookie_value) = get_cookie(&req) {
+        //     println!("cookie_value: {}",&cookie_value.to_string());
+        //     // TODO check value 
+        // }
+        //let  has_cookie: bool;
+        // dbg!(&auth_state.session);
+        // if auth_state.user.is_none() {
+        //     eprintln!("No user found in session");
+        // }
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        //    has_cookie=true;
+            // TODO check value 
+            // let sid: String = format!("{}",&auth_state.sid());
+            // println!("auth_sid: {}",&sid);
+            // println!("id: {}",&auth_state.id());
+            // println!("is_expired: {}",&auth_state.ses_expired());
+            // println!("is_destroyed: {}",&auth_state.ses_destroyed());
+            // println!("validate: {}",&auth_state.ses_validate());
+            // let _u = &auth_state.user;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "page_handler"
+        );
+        // if let Some(a) = auth_state {
+        //     println!("Auth State from root");
+        // }
+        // let uri_path = format!("{}",&uri.path().to_string());
+        // dbg!("uri: {}",&uri_path);
+        req_handler.prepare_response();
+        req_handler.context.insert("with_menu", "1");
+        let tpl_name = if name.contains(".html") {
+            name.replace(".html","")
+        } else {
+            name
+        };
+        let result = req_handler.render_template(&format!("pages/{}.html.j2",&tpl_name), &tpl_name);
+        // if !has_cookie {
+        //     let mut u128_pool = [0u8; 16];
+        //     match random.lock() {
+        //         Ok(mut r) => r.fill_bytes(&mut u128_pool),
+        //         Err(e) => println!("Error random: {}",e),
+        //     }
+        //     let session_token = u128::from_le_bytes(u128_pool).to_string();
+        //     let user_data = format!("{}|{}","jesus" ,"admin,dev");
+        //     let result_store = SessionStoreDB::store_session_data(&session_token,&user_data,&app_dbs).await;
+        //     println!("Rest store: {}",&result_store);
+        //     let cookie = Cookie::build(SESSION_COOKIE_NAME, session_token.to_owned())
+        //     //  .domain(domain)
+        //         .path("/")
+        //         .secure(true)
+        //         .http_only(true)
+        //         .finish();
+        //     cookies.remove(Cookie::new(SESSION_COOKIE_NAME, ""));
+        //     cookies.add(cookie);
+        // }
+        (
+            req_handler.req_header.header,
+            result.to_owned()
+        ).into_response()
+    //     "Hello, World!"
+    }
+    route("/page/:name", get(page_handler))
+}
\ No newline at end of file
diff --git a/src/handlers/users_handlers.rs b/src/handlers/users_handlers.rs
new file mode 100644
index 0000000..75f14d7
--- /dev/null
+++ b/src/handlers/users_handlers.rs
@@ -0,0 +1,1718 @@
+use std::sync::Arc;
+use urlencoding::{encode,decode};
+// use tokio::sync::RwLock;
+use axum::{
+    //extract::{self,Request,Query},
+    http::{
+        StatusCode,
+        Uri,
+        header::HeaderMap,// HeaderValue},
+    },
+    Json,
+    routing::{get,post},
+    Extension,
+    extract::ConnectInfo,
+    response::{IntoResponse,Response,Redirect},
+//    http::Request, handler::HandlerWithoutStateExt, http::StatusCode, routing::get, Router,    
+    Router,
+};
+use tower_cookies::{Cookie, Cookies};
+
+use crate::{
+    SESSION_COOKIE_NAME,
+    DEFAULT_ROLES,
+    route,
+    defs::{
+        AppDBs,
+        AuthState,
+        SessionStoreDB,
+        ReqHandler,
+        ReqHeaderMap,
+        MailMessage,
+//        TotpAlgorithm,
+        TotpMode,
+        Random,
+        AppConnectInfo,
+        // UserNotifyData,
+        // TOKEN_AUTH_VALUE,
+        // TOKEN_KEY_VALUE,
+    },
+    users::{
+        User,
+        // UserStore,
+//        UserId,
+        UserData,
+        UserLogin,
+        UserItem,
+        UserStatus,
+        UserInvitation,
+    },
+    login_password::{generate_hash,verify_password},
+    handlers::{
+        add_session_cookie,
+        get_auth_state,
+    },
+};
+pub fn users_router_handlers() -> Router {
+    async fn main_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(random): Extension<Random>,
+        Extension(cookies): Extension<Cookies>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        // if let Some(cookie_value) = get_cookie(&req) {
+        //     println!("cookie_value: {}",&cookie_value.to_string());
+        //     // TODO check value 
+        // }
+        //let  has_cookie: bool;
+        // dbg!(&auth_state.session);
+        // if auth_state.user.is_none() {
+        //     eprintln!("No user found in session");
+        // }
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        //    has_cookie=true;
+            // TODO check value 
+            // let sid: String = format!("{}",&auth_state.sid());
+            // println!("auth_sid: {}",&sid);
+            // println!("id: {}",&auth_state.id());
+            // println!("is_expired: {}",&auth_state.ses_expired());
+            // println!("is_destroyed: {}",&auth_state.ses_destroyed());
+            // println!("validate: {}",&auth_state.ses_validate());
+            // let _u = &auth_state.user;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "main_handler"
+        );
+        // if let Some(a) = auth_state {
+        //     println!("Auth State from root");
+        // }
+        // let uri_path = format!("{}",&uri.path().to_string());
+        // dbg!("uri: {}",&uri_path);
+        req_handler.prepare_response();
+        req_handler.context.insert("with_menu", "1");
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("main") {
+            req_handler.render_template(&tpl,"main")
+        } else {
+            String::from("main")
+        };
+        let _ = req_handler.trace_req(String::from("main request"));
+        // if !has_cookie {
+        //     let mut u128_pool = [0u8; 16];
+        //     match random.lock() {
+        //         Ok(mut r) => r.fill_bytes(&mut u128_pool),
+        //         Err(e) => println!("Error random: {}",e),
+        //     }
+        //     let session_token = u128::from_le_bytes(u128_pool).to_string();
+        //     let user_data = format!("{}|{}","jesus" ,"admin,dev");
+        //     let result_store = SessionStoreDB::store_session_data(&session_token,&user_data,&app_dbs).await;
+        //     println!("Rest store: {}",&result_store);
+        //     let cookie = Cookie::build(SESSION_COOKIE_NAME, session_token.to_owned())
+        //     //  .domain(domain)
+        //         .path("/")
+        //         .secure(true)
+        //         .http_only(true)
+        //         .finish();
+        //     cookies.remove(Cookie::new(SESSION_COOKIE_NAME, ""));
+        //     cookies.add(cookie);
+        // }
+        (
+            req_handler.req_header.header,
+            result.to_owned()
+        ).into_response()
+    }
+    // async fn auto_handler(
+    //     //req: Request,
+    //     header: HeaderMap,
+    //     uri: Uri,
+    //     Extension(app_dbs): Extension<Arc<AppDBs>>,
+    //     Extension(random): Extension<Random>,
+    //     Extension(cookies): Extension<Cookies>,
+    //     // _auth_state: AuthState,
+    // ) -> Response {
+    //     // if let Some(cookie_value) = get_cookie(&req) {
+    //     //     println!("cookie_value: {}",&cookie_value.to_string());
+    //     //     // TODO check value 
+    //     // }
+    //     let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+    //     let has_cookie: bool;
+    //     if let Some(cookie_value) = cookies.get(SESSION_COOKIE_NAME) {
+    //         println!("cookie_value: {}",&cookie_value.to_string());
+    //         //has_cookie=true;
+    //         has_cookie=false;
+    //         // TODO check value 
+    //     } else {
+    //         has_cookie=false;
+    //     }
+    //     // if let Some(a) = auth_state {
+    //     //     println!("Auth State from root");
+    //     // }
+    //     let uri_path = format!("{}",&uri.path().to_string());
+    //     let file =  "hello.html";
+    //     let result = app_dbs.tera.render(&file, &app_dbs.context).unwrap_or_else(|e|{
+    //         println!("Error render {}: {}",&file,e);
+    //         String::from("")
+    //     });
+    //     /*
+    //     if !has_cookie {
+    //         let mut u128_pool = [0u8; 16];
+    //         match random.lock() {
+    //             Ok(mut r) => r.fill_bytes(&mut u128_pool),
+    //             Err(e) => println!("Error random: {}",e),
+    //         }
+    //         let session_token = u128::from_le_bytes(u128_pool).to_string();
+    //         let user_data = format!("{}|{}","jesus" ,"admin,dev");
+    //         let result_store = SessionStoreDB::store_session_data(&session_token,&user_data,&app_dbs).await;
+    //         println!("Rest store: {}",&result_store);
+    //         let cookie = Cookie::build(SESSION_COOKIE_NAME, result_store)
+    //         //  .domain(domain)
+    //             .path("/")
+    //             .secure(true)
+    //             .http_only(true)
+    //             .finish();
+    //         cookies.remove(Cookie::new(SESSION_COOKIE_NAME, ""));
+    //         cookies.add(cookie);
+    //     }
+    //    */
+    //     dbg!("uri: {}",&uri_path);
+    //     (
+    //         header,
+    //         result.to_owned()
+    //     ).into_response()
+    // //     "Hello, World!"
+    // }
+
+    async fn signup_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "signup_handler"
+        );
+        if !auth_state.is_admin() {
+           let total_users = User::count(&app_dbs.user_store).await.unwrap_or_else(|e|{ 
+                println!("Count error: {}",e);
+                0
+            });
+            if ! app_dbs.config.signup_mode.contains("open") && total_users != 0 {
+                let msg = format!("Config signup mode not open: {}", app_dbs.config.signup_mode);
+                println!("{}",&msg);
+                let _ = req_handler.trace_req(msg);
+                return Redirect::temporary( &format!("/")).into_response();
+            }
+            let total_users = User::count(&app_dbs.user_store).await.unwrap_or_else(|e|{ 
+                println!("Count error: {}",e);
+                -1
+            });
+            // Fake to insert firt time admin user ...
+            if total_users < 1  {
+                let isadmin=true;
+                req_handler.context.insert("isadmin", &isadmin);
+            }
+        }
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        req_handler.context.insert("password_score", &app_dbs.config.password_score);
+        req_handler.context.insert("totp_mode", &format!("{}",&app_dbs.config.totp_mode));
+        // req_handler.context.insert("with_menu", "1");
+        if app_dbs.config.totp_mode != TotpMode::No {
+            match req_handler.otp_generate() {
+                Ok(totp) => {
+                    req_handler.context.insert("otp_code", &totp.get_secret_base32());
+                    req_handler.context.insert("otp_url", &totp.get_url());
+                    req_handler.context.insert("otp_qr", &totp.get_qr().unwrap_or_default());
+                    req_handler.context.insert("totp_digits", &app_dbs.config.totp_digits);
+                    req_handler.context.insert("totp_algorithm",&format!("{}",&app_dbs.config.totp_algorithm));
+                },
+                Err(e) => {
+                    println!("Error TOTP generartor: {}",e);
+                }
+            }
+        }
+        req_handler.context.insert("admin_fields", &app_dbs.config.admin_fields);
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("signup") {
+            req_handler.render_template(&tpl,"signup")
+        } else {
+            String::from("signup")
+        };
+        let _ = req_handler.trace_req(format!("Signup request"));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    
+    async fn post_signup_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(random): Extension<Random>,
+        Extension(cookies): Extension<Cookies>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_data): Json<UserData>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "post_signup_handler"
+        );
+        if user_data.name.is_empty() {
+            let _ = req_handler.trace_req(format!("No name found"));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        if user_data.password.is_empty() {
+            let _ = req_handler.trace_req(format!("user '{}' no password found",&user_data.name));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let passwd_score = User::password_score(&user_data.password);
+        if passwd_score < app_dbs.config.password_score {
+            let _ = req_handler.trace_req(format!("User '{}' password '{}' score: {} under {}"
+                ,&user_data.name,&user_data.password, passwd_score,app_dbs.config.password_score)
+            );
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let new_hash = generate_hash(&user_data.password);
+        // println!("password: {}", &new_hash);
+        // // if  user_data.password.is_empty() {
+        // //     return Err(error_page(&SignupError::MissingDetails));
+        // // }
+        // match verify_password(&user_data.password, &new_hash) {
+        //     Ok(_) => { 
+        //         println!("Is valid!");
+        //     },
+        //     Err(e) => {
+        //         println!("NOT valid {}",e);
+        //         //return Err(error_page(&SignupError::PasswordsDoNotMatch))
+        //     }
+        // }
+        let otp_enabled: bool;
+        let otp_verified: bool;
+        let otp_base32: String;
+        let otp_auth_url: String;
+        let otp_defs: String;
+        if app_dbs.config.totp_mode != TotpMode::No && !user_data.otp_auth.is_empty() {
+            match req_handler.otp_check(&user_data.otp_code,&user_data.otp_auth, "") {
+                Ok(val) => {
+                    if val {
+                        otp_enabled = true;
+                    } else {
+                        let _ = req_handler.trace_req(format!("User '{}' not valid TOTP code",&user_data.name));
+                        // otp_enabled = false;
+                        return (
+                            StatusCode::UNAUTHORIZED,
+                            req_handler.req_header.header,
+                            "Error"
+                        ).into_response();
+                    }
+                },
+                Err(e) => {
+                    println!("TOTP check: {}", e);
+                    let _ = req_handler.trace_req(format!("User '{}' TOTP check error: {}",&user_data.name,e));
+                    return (
+                        StatusCode::UNAUTHORIZED,
+                        req_handler.req_header.header,
+                        "Error"
+                    ).into_response();
+                }
+            } 
+        } else {
+            otp_enabled = false;
+        }
+        if otp_enabled  {
+            otp_verified= true;
+            otp_base32 = user_data.otp_code.to_owned();
+            otp_auth_url = user_data.otp_url.to_owned();
+            otp_defs = format!("{},{}",
+                &app_dbs.config.totp_digits,
+                format!("{}",&app_dbs.config.totp_algorithm),
+            );
+        } else {
+            otp_verified = false;
+            otp_base32 = String::from("");
+            otp_auth_url = String::from("");
+            otp_defs = String::from("");
+        }
+        let roles = if ! user_data.roles.is_empty() {
+            user_data.roles.to_owned()
+        } else {
+            DEFAULT_ROLES.to_owned()
+        };
+        let isadmin = if user_data.id == "A" {
+            true
+        } else { 
+            false
+        };
+        let mut new_items = user_data.items.to_owned();
+        new_items.remove("invite_key");
+        new_items.remove("invite_id");
+        let user = User{
+            id: 0,
+            name: user_data.name.to_owned(),
+            fullname: user_data.name.to_owned(),
+            email:   user_data.email.to_owned(),
+            description: user_data.description.to_owned(),
+            password: new_hash,
+            otp_enabled,
+            otp_verified,
+            otp_base32,
+            otp_auth_url,
+            otp_defs,
+            created: chrono::Utc::now().timestamp().to_string(),
+            lastaccess: String::from(""),
+            status: UserStatus::Created,
+            items: User::json_items(new_items),
+            isadmin,
+            roles,
+        };
+        let usr_sel = User::select("name", &user_data.name, false, &app_dbs.user_store).await.unwrap_or_default();
+        if usr_sel.name == user_data.name {
+            // User already exists
+            let _ = req_handler.trace_req(format!("User 'name' = '{}' already exists",&user_data.name));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let str_user_data =  match user.add(&app_dbs.user_store).await {
+            Ok(id) => {
+                println!("user {} created -> {}", &user_data.name, id);
+                format!("{}|{}|{}",id, &user_data.name, &user_data.roles)
+            },
+            Err(e) => {
+                let _ = req_handler.trace_req(format!("User '{}' create error: {}",&user_data.name,e));
+                println!("user {} error -> {:#}", &user_data.name, e);
+                return (
+                    StatusCode::NOT_FOUND,
+                    req_handler.req_header.header,
+                    "Error"
+                ).into_response();
+            }
+        };
+        let session_token = req_handler.new_token();
+        println!("session: {}", &session_token.to_string());
+        let session_cookie = add_session_cookie(true,&cookies, &session_token, &str_user_data, 0, &app_dbs, "/").await;
+        let _ = req_handler.trace_req(format!("User '{}' created",&user_data.name));
+        if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie); }
+        (
+            req_handler.req_header.header,
+            "Ok"
+         ).into_response()
+    }
+    async fn login_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        SessionStoreDB::cleanup_data(&app_dbs).await;
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "login_handler"
+        );
+        let total_users = User::count(&app_dbs.user_store).await.unwrap_or_else(|e|{ 
+           let _ = req_handler.trace_req( format!("Users count error: {}",e));
+            println!("Count error: {}",e);
+            -1
+        });
+        if total_users < 1 {
+           let _ = req_handler.trace_req(String::from("No users found"));
+          return Redirect::temporary( &format!("/signup")).into_response();
+        }
+
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        // req_handler.context.insert("with_menu", "1");
+        req_handler.context.insert("use_mail", &app_dbs.config.use_mail);
+        req_handler.context.insert("totp_mode", &format!("{}",&app_dbs.config.totp_mode));
+        if app_dbs.config.totp_mode != TotpMode::No {
+            req_handler.context.insert("with_totp", "1");
+            req_handler.context.insert("totp_digits", &app_dbs.config.totp_digits);
+        }
+        let _ = req_handler.trace_req(String::from("login request"));
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("login") {
+            req_handler.render_template(&tpl,"login")
+        } else {
+            String::from("login")
+        };
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn post_login_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_login): Json<UserLogin>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "post_login_handler"
+        );
+        if user_login.name.is_empty() || user_login.password.is_empty() {
+            let _ = req_handler.trace_req(String::from("Empty name or password"));
+        //     return Err(error_page(&SignupError::MissingDetails));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let field = if user_login.name.contains("@") {
+            "email"
+        } else {
+            "name"
+        };
+        let mut user_sel = User::select(&field, &user_login.name, false, &app_dbs.user_store).await.unwrap_or_else(|e|{
+            println!("Error select: {}", e);
+            User::default()
+        });
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("No name '{}' found",&user_login.name));
+            // User not exists
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error data"
+            ).into_response();
+        }
+        if user_sel.status != UserStatus::Active && user_sel.status != UserStatus::Created {
+            let _ = req_handler.trace_req(format!("user '{}' in not valid status: {}",&user_login.name, &user_sel.status));
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error status"
+            ).into_response();
+        }
+        if verify_password(&user_login.password, &user_sel.password).is_err() {
+            let _ = req_handler.trace_req(format!("user '{}' not valid password: {}",&user_login.name, &user_sel.password));
+            println!("password NOT valid");
+            // TODO
+            //return Err(error_page(&SignupError::PasswordsDoNotMatch))
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error data"
+            ).into_response();
+        }
+        let result=format!("{}:{}","OK",&user_sel.otp_verified);
+        if app_dbs.config.totp_mode != TotpMode::No {
+            if user_login.otp_auth.is_empty() 
+                && (app_dbs.config.totp_mode == TotpMode::Mandatory || user_sel.otp_enabled)
+            {
+                let _ = req_handler.trace_req(format!("user '{}' not valid Totp: {}",&user_login.name, &user_sel.otp_enabled));
+                return (
+                    req_handler.req_header.header,
+                    result 
+                ).into_response();
+            } else if user_sel.otp_enabled && user_sel.otp_verified 
+                && !user_sel.otp_base32.is_empty() && !user_sel.otp_defs.is_empty() 
+            {
+                match req_handler.otp_check(&user_sel.otp_base32,&user_login.otp_auth, &user_sel.otp_defs) {
+                    Ok(val) => {
+                        if !val {
+                            let _ = req_handler.trace_req(format!("user '{}' not valid TOTP code",&user_login.name));
+                            return (
+                                StatusCode::UNAUTHORIZED,
+                                req_handler.req_header.header,
+                                "Error"
+                            ).into_response();
+                        }
+                    },
+                    Err(e) => {
+                        let _ = req_handler.trace_req(format!("user '{}' TOTP check error: {}",&user_login.name,e));
+                        println!("TOTP check: {}", e);
+                        return (
+                            StatusCode::UNAUTHORIZED,
+                            req_handler.req_header.header,
+                            "Error"
+                        ).into_response();
+                    }
+                } 
+            } 
+        }
+        user_sel.lastaccess = chrono::Utc::now().timestamp().to_string();
+        if user_sel.status != UserStatus::Active { user_sel.status = UserStatus::Active }
+        let user_data = user_sel.session_data();
+        match user_sel.update(&app_dbs.user_store).await {
+            Ok(_) => {
+                let session_token = req_handler.new_token();
+                let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+                if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+                let new_auth_state = AuthState::from_cookie(session_cookie.to_string(), &app_dbs).await;
+                req_handler = ReqHandler::new(
+                    req_handler.req_header,
+                    &app_dbs,
+                    &uri,
+                    &new_auth_state,
+                    &random,
+                    "post_login_handler"
+                );
+                let _ = req_handler.trace_req(format!("user '{}', new token: '{}', cookie: '{}' ",&user_login.name, &session_token, &session_cookie));
+                (
+                    req_handler.req_header.header,
+                    result 
+                ).into_response()
+            },
+            Err(e) => {
+                let _ = req_handler.trace_req(format!("user '{}' update error: {}",&user_login.name,e));
+                (
+                    StatusCode::BAD_REQUEST,
+                    req_handler.req_header.header,
+                    "Error"
+                ).into_response()
+            }
+        }
+    }
+
+    async fn logout_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "logout_handler"
+        );
+        let id = auth_state.id();
+        let res = auth_state.destroy(); 
+        cookies.remove(Cookie::new(SESSION_COOKIE_NAME, ""));
+        if app_dbs.config.verbose > 1 { println!("Session: {} destroyed: {}",&id, &res); }
+        let _ = req_handler.trace_req(format!("Session '{}' logout",&id));
+        let auth_state = AuthState::default();
+        req_handler = ReqHandler::new(
+            req_handler.req_header,
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "logout_handler"
+        );
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        // these is to use user_items like color_theme 
+        // let user_items = User::hash_items(&auth_state.user_items());
+        // req_handler.context.insert("usr_items", &user_items);
+        req_handler.context.insert("with_menu", "1");
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("logout") {
+            req_handler.render_template(&tpl,"logout")
+        } else {
+            String::from("logout")
+        };
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn check_item_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "logout_handler"
+        );
+        let result = if user_item.name == "password" {
+            let _ = req_handler.trace_req(format!("Password estimate"));
+            User::estimate_password(&user_item.value)
+        } else  {
+            let user_sel = User::select(&user_item.name, &user_item.value, false,&app_dbs.user_store).await.unwrap_or_default();
+            if !user_sel.name.is_empty() {
+                let _ = req_handler.trace_req(format!("User '{}' = '{}' not found",&user_item.name,&user_item.value));
+                // User not exists
+                return (
+                    StatusCode::BAD_REQUEST,
+                    req_handler.req_header.header,
+                    "Error"
+                ).into_response();
+            }
+            String::from("OK")
+        };
+        (
+            req_handler.req_header.header,
+            result.to_owned()
+        ).into_response()
+    }
+    // async fn edit_user_handler(
+    //     header: HeaderMap,
+    //     uri: Uri,
+    //     Extension(app_dbs): Extension<Arc<AppDBs>>,
+    //     Extension(cookies): Extension<Cookies>,
+    //     //_auth_state: AuthState,
+    // ) -> Response {
+    //     let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+    //     let mut req_handler = ReqHandler::new(
+    //         ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string())),
+    //         &app_dbs,
+    //         &uri,
+    //         &auth_state,
+    //         "root_handler"
+    //     ); 
+    //     let uri_path = format!("{}",&uri.path().to_string());
+    //     let file =  "hello.html";
+    //     let result = app_dbs.tera.render(&file, &app_dbs.context).unwrap_or_else(|e|{
+    //         println!("Error render {}: {}",&file,e);
+    //         String::from("")
+    //     });
+    //     req_handler.context.insert("with_menu", "1");
+    //     dbg!("uri: {}",&uri_path);
+    //     // let mut new_header = header.to_owned();
+    //     //new_header.append("Set-Cookie", "session_token=_; Max-Age=0".parse().unwrap());
+    //     // cookies.remove(Cookie::new(SESSION_COOKIE_NAME, ""));
+    //     (
+    //         req_handler.req_header.header,
+    //         result.to_owned()
+    //     ).into_response()
+    // //     "Hello, World!"
+    // }
+    async fn user_settings_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        if auth_state.session.is_none() {
+           return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_settings_handler"
+        ); 
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("user not id found"));
+            // User not exists
+            return Redirect::temporary( &format!("/")).into_response();
+        }
+        let user_sel = User::select("id", &user_id, true, &app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("Edit user id '{}' not found ",&user_id));
+            // User not exists
+            return Redirect::temporary( &format!("/")).into_response();
+        }
+        req_handler.context.insert("with_menu", "1");
+        req_handler.context.insert("user", &user_sel);
+        req_handler.context.insert("admin_fields", &app_dbs.config.admin_fields);
+        req_handler.context.insert("totp_mode", &format!("{}",&app_dbs.config.totp_mode));
+        // let user_items = User::hash_items(&user_sel.items);
+        // req_handler.context.insert("usr_items", &user_items);
+        req_handler.context.insert("no_edit", "true");
+        req_handler.context.insert("edit_target", "main");
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("user_settings") {
+            req_handler.render_template(&tpl,"user setting")
+        } else {
+            String::from("user settings")
+        };
+        let _ = req_handler.trace_req(format!("User '{}' settings",&user_sel.id));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+  async fn user_settings_edit_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        axum::extract::Path(data): axum::extract::Path<String>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        if auth_state.session.is_none() {
+           return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "user_settings_edit_handler"
+        ); 
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        if data != "main" && data != "password" && data != "totp" {
+            let _ = req_handler.trace_req(format!("Edit user not data section '{}' ",&data));
+            return Redirect::temporary( &format!("/")).into_response();
+        }
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            // User not exists
+            let _ = req_handler.trace_req(format!("Edit user not id "));
+            return Redirect::temporary( &format!("/")).into_response();
+        }
+        let user_sel = User::select("id", &user_id, true, &app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("Edit user id '{}' not found ",&user_id));
+            // User not exists
+            return Redirect::temporary( &format!("/")).into_response();
+        }
+        req_handler.context.insert("with_menu", "1");
+        req_handler.context.insert("user", &user_sel);
+        req_handler.context.insert("edit_target", &data);
+        req_handler.context.insert("admin_fields", &app_dbs.config.admin_fields);
+        req_handler.context.insert("totp_mode", &format!("{}",&app_dbs.config.totp_mode));
+        if data == "totp" && app_dbs.config.totp_mode != TotpMode::No {
+            if !user_sel.otp_base32.is_empty() {
+                match req_handler.otp_make(&user_sel.otp_base32, &user_sel.otp_defs) {
+                    Ok(totp) => {
+                        req_handler.context.insert("otp_code", &user_sel.otp_base32);
+                        req_handler.context.insert("otp_url", &user_sel.otp_auth_url);
+                        req_handler.context.insert("otp_qr", &totp.get_qr().unwrap_or_default());
+                    },
+                    Err(e) => {
+                        println!("User settings error totp: {}",e);
+                    }
+                }
+            } else {
+                match req_handler.otp_generate() {
+                    Ok(totp) => {
+                        req_handler.context.insert("otp_code", &totp.get_secret_base32());
+                        req_handler.context.insert("otp_url", &totp.get_url());
+                        req_handler.context.insert("otp_qr", &totp.get_qr().unwrap_or_default());
+                    },
+                    Err(e) => {
+                        println!("Error TOTP generartor: {}",e);
+                    }
+                }
+            }
+            req_handler.context.insert("totp_digits", &app_dbs.config.totp_digits);
+            req_handler.context.insert("totp_algorithm",&format!("{}",&app_dbs.config.totp_algorithm));
+        }
+        let _ = req_handler.trace_req(format!("Edit user '{}' settings",&user_id));
+        // req_handler.context.insert("no_edit", "true");
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("user_settings") {
+            req_handler.render_template(&tpl,"user setting")
+        } else {
+            String::from("user settings")
+        };
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn post_user_settings_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_data): Json<UserData>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "post_user_settings_handler"
+        );
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found for user '{}'",&user_data.id));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let mut user_sel = User::select("id", &user_id, false,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("User '{}' not found",&user_id));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        if !user_data.password.is_empty() {
+            let passwd_score = User::password_score(&user_data.password);
+            if passwd_score < app_dbs.config.password_score {
+                let _ = req_handler.trace_req(format!("User '{}' password '{}' score: {} under {}"
+                    ,&user_id,&user_data.password, passwd_score,app_dbs.config.password_score
+                ));
+                return (
+                    StatusCode::UNAUTHORIZED,
+                    req_handler.req_header.header,
+                    "Error"
+                ).into_response();
+            }
+            user_sel.password = generate_hash(&user_data.password);
+        }
+
+        let otp_enabled: bool;
+        if app_dbs.config.totp_mode != TotpMode::No && !user_data.otp_auth.is_empty() {
+            match req_handler.otp_check(&user_data.otp_code,&user_data.otp_auth, "") {
+                Ok(val) => {
+                    if val {
+                        otp_enabled = true;
+                    } else {
+                        // otp_enabled = fasle;
+                        let _ = req_handler.trace_req(format!("User '{}' not valid TOTP code",&user_id));
+                        return (
+                            StatusCode::UNAUTHORIZED,
+                            req_handler.req_header.header,
+                            "Error"
+                        ).into_response();
+                    }
+                },
+                Err(e) => {
+                    println!("TOTP check: {}", e);
+                    let _ = req_handler.trace_req(format!("User '{}' TOTP check error: {}",&user_id,e));
+                    return (
+                        StatusCode::UNAUTHORIZED,
+                        req_handler.req_header.header,
+                        "Error"
+                    ).into_response();
+                }
+            } 
+        } else {
+            otp_enabled = false;
+        }
+        if otp_enabled  {
+            user_sel.otp_enabled= true;
+            user_sel.otp_verified= true;
+            user_sel.otp_base32 = user_data.otp_code.to_owned();
+            user_sel.otp_auth_url = user_data.otp_url.to_owned();
+            user_sel.otp_defs = format!("{},{}",
+                &app_dbs.config.totp_digits,
+                format!("{}",&app_dbs.config.totp_algorithm),
+            );
+        } else {
+            user_sel.otp_enabled= false;
+            user_sel.otp_verified = false;
+            user_sel.otp_base32 = String::from("");
+            user_sel.otp_auth_url = String::from("");
+            user_sel.otp_defs = String::from("");
+        }
+        user_sel.from_data(user_data);
+        let user_data = user_sel.session_data();
+        match user_sel.update(&app_dbs.user_store).await {
+            Ok(_) => {
+                let session_token = auth_state.id();
+                let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+                if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+                let _ = req_handler.trace_req(format!("User '{}' updated",&user_id));
+                let result =String::from("OK");
+                (
+                    req_handler.req_header.header,
+                    result.to_owned()
+                ).into_response()
+            },
+            Err(e) => {
+                let _ = req_handler.trace_req(format!("User '{}' update error: {}",&user_id,e));
+                (
+                    StatusCode::BAD_REQUEST,
+                    req_handler.req_header.header,
+                    "Error"
+                ).into_response()
+            }
+        }
+    }
+    async fn post_reset_password_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "post_reset_password_handler"
+        );
+        if ! app_dbs.config.use_mail {
+            let _ = req_handler.trace_req(format!("Mail disabled in config, user '{}' password can not be reset",&user_item.name));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error no service"
+            ).into_response();
+        }
+        if user_item.name.is_empty() {
+            let _ = req_handler.trace_req(format!("No user name"));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let field = if user_item.name.contains("@") {
+            "email"
+        } else {
+            "name"
+        };
+        let mut user_sel = User::select(&field, &user_item.name, false, &app_dbs.user_store).await.unwrap_or_else(|e|{
+            println!("Error select: {}", e);
+            User::default()
+        });
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("User '{}' = '{}' not found",&field,&user_item.name));
+            // User not exists
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error data"
+            ).into_response();
+        }
+        if user_sel.status != UserStatus::Active && user_sel.status != UserStatus::Created {
+            let _ = req_handler.trace_req(format!("user '{}' in not valid status: {}",&user_item.name, &user_sel.status));
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error status"
+            ).into_response();
+        }
+        if app_dbs.config.totp_mode != TotpMode::No {
+            if user_sel.otp_base32.is_empty() 
+                && (app_dbs.config.totp_mode == TotpMode::Mandatory || user_sel.otp_enabled)
+            {
+                let _ = req_handler.trace_req(format!("user '{}' not valid Totp: {}",&user_sel.name, &user_sel.otp_enabled));
+                return (
+                    StatusCode::UNAUTHORIZED,
+                    req_handler.req_header.header,
+                   "Error data"
+                ).into_response();
+            } else if user_sel.otp_enabled && user_sel.otp_verified 
+                && !user_sel.otp_base32.is_empty() && !user_sel.otp_defs.is_empty() 
+            {
+                match req_handler.otp_check(&user_sel.otp_base32,&user_item.value, &user_sel.otp_defs) {
+                    Ok(val) => {
+                        if !val {
+                            let _ = req_handler.trace_req(format!("User '{}' not valid TOTP code",&user_item.name));
+                            return (
+                                StatusCode::UNAUTHORIZED,
+                                req_handler.req_header.header,
+                                "Error"
+                            ).into_response();
+                        }
+                    },
+                    Err(e) => {
+                        println!("TOTP check: {}", e);
+                        let _ = req_handler.trace_req(format!("User '{}' TOTP check error: {}",&user_item.name,e));
+                        return (
+                            StatusCode::UNAUTHORIZED,
+                            req_handler.req_header.header,
+                            "Error"
+                        ).into_response();
+                    }
+                } 
+            } 
+        } 
+        let session_token = req_handler.new_token();
+        user_sel.status = UserStatus::Pending;
+        let user_data = user_sel.session_data();
+        let session_cookie = add_session_cookie(false,&cookies, &session_token, &user_data, app_dbs.config.session_expire, &app_dbs, "invitation").await;
+        let session_encoded_key = encode(session_cookie.as_str());
+        let body=format!("This is a user password reset request for docserver service");
+        let subject = format!("DocServer password reset");
+        let reset_url= format!(
+            "{}://{}/reset",
+            &app_dbs.config.protocol,
+            &app_dbs.config.hostport,
+        );
+        let reset_expiration = format!("{} minutes",(&app_dbs.config.session_expire/60));
+        req_handler.context.insert("reset_url", &reset_url);
+        req_handler.context.insert("reset_expiration", &reset_expiration);
+        req_handler.context.insert("email_body",&body);
+        req_handler.context.insert("reset_key",&session_encoded_key);
+        req_handler.context.insert("email_subject",&subject);
+        let mail_content= if let Some(tpl) = app_dbs.config.tpls.get("reset_password_mail_txt") {
+            req_handler.render_template(tpl, "reset password")
+        } else {
+            format!("{}\n{}\n{}/{}\n",&subject,&body,&reset_url,&session_cookie)
+        };
+        let mail_html_content = if let Some(tpl) = app_dbs.config.tpls.get("reset_password_mail_html") {
+            req_handler.render_template(tpl, "invite")
+        } else {
+            format!("{}\n{}\n{}/{}\n",&subject,&body,&reset_url,&session_cookie)
+        }; 
+        let mail_check = MailMessage::check(&app_dbs);
+        if ! mail_check.is_empty() {
+            let _ = req_handler.trace_req(format!("Mail service check error: {}",&mail_check));
+            (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error service"
+            ).into_response()
+        } else {
+            match MailMessage::new(
+                &app_dbs.config.mail_from,
+                &user_sel.email,
+            &app_dbs.config.mail_reply_to,
+            ) {
+                Ok(mail_message) => {
+                    match mail_message.send_html_message(
+                        &subject,
+                        &mail_content,
+                        &mail_html_content,
+                        &app_dbs
+                    ).await {
+                        Ok(_) => {
+                            let _ = req_handler.trace_req(format!("Mail sent to: '{}' reset url: {} cookie: {}",
+                                &user_sel.name, &reset_url,&session_cookie
+                            ));
+                            (
+                                StatusCode::OK,
+                                format!("Mail sent to {}",&user_sel.name)
+                            ).into_response()
+                        },
+                        Err(e) => { 
+                            let _ = req_handler.trace_req(format!("Mail message send to: '{}' Error: {} ",&user_sel.name,e));
+                            println!("Error mail message send: {}",e);
+                            (
+                                StatusCode::INTERNAL_SERVER_ERROR,
+                                req_handler.req_header.header,
+                                "Error service"
+                            ).into_response()
+                        }
+                    }
+                },
+                Err(e) => {
+                    let _ = req_handler.trace_req(format!("Mail message send to: '{}' Creation error: {} ",&user_sel.name,e));
+                    println!("Error mail message creation: {}",e);
+                    (
+                        StatusCode::BAD_REQUEST,
+                        req_handler.req_header.header,
+                        "Error service"
+                    ).into_response()
+                }
+            }
+        }
+        //let result=format!("{}","OK");
+        // if ! auth_state.has_auth_role(&app_dbs.config.auth_roles) {
+        //    return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        // //    return (
+        // //         StatusCode::UNAUTHORIZED,
+        // //         header,
+        // //         "Error authorization"
+        // //     ).into_response(); 
+        // }
+        // (
+        //     //status,
+        //     req_handler.req_header.header,
+        //     result,
+        // ).into_response()
+    }
+    async fn reset_password_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        // Query(req_params): Query<ReqParams>,
+        axum::extract::Path(data): axum::extract::Path<String>,
+    ) -> Response {
+        // dbg!(&user_item);
+        let session_cookie = decode(&data).unwrap_or_default().to_string();
+        let auth_state = AuthState::from_cookie(session_cookie.to_owned(), &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "reset_password_handler"
+        ); 
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let user_sel = User::select("id", &user_id, false, &app_dbs.user_store).await.unwrap_or_else(|e|{
+            println!("Error select: {}", e);
+            User::default()
+        });
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("User 'id' = '{}' not found",&user_id));
+            // User not exists
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error data"
+            ).into_response();
+        }
+        if user_sel.status != UserStatus::Active {
+            let _ = req_handler.trace_req(format!("user '{}' in not valid status: {}",&user_id, &user_sel.status));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error status" 
+            ).into_response();
+        }
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        req_handler.context.insert("with_menu", "1");
+        req_handler.context.insert("user", &user_sel);
+        req_handler.context.insert("edit_target", "password");
+        req_handler.context.insert("edit_reset", "password");
+        req_handler.context.remove("web_menu_items");
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("user_settings") {
+            req_handler.render_template(&tpl,"user setting")
+        } else {
+            String::from("user settings")
+        };
+        let user_data = user_sel.session_data();
+        let session_token = req_handler.new_token();
+        let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+        if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+        let _ = req_handler.trace_req(format!("user '{}' reset password",&user_id));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn post_user_password_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_data): Json<UserData>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "post_reset_password_handler"
+        );
+        if user_data.password.is_empty() {
+            let _ = req_handler.trace_req(format!("No passwordfound"));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        if auth_state.session.is_none() {
+            let _ = req_handler.trace_req(format!("No session found for user '{}'",&user_data.id));
+            return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        }
+        let user_id = auth_state.user_id();
+        if user_id.is_empty() {
+            let _ = req_handler.trace_req(format!("No user found"));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let mut user_sel = User::select("id", &user_id, false,&app_dbs.user_store).await.unwrap_or_default();
+        if user_sel.name.is_empty() {
+            let _ = req_handler.trace_req(format!("User '{}' not found",&user_id));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        let passwd_score = User::password_score(&user_data.password);
+        if passwd_score < app_dbs.config.password_score {
+            let _ = req_handler.trace_req(format!("User '{}' password '{}' score: {} under {}"
+                ,&user_id,&user_data.password, passwd_score,app_dbs.config.password_score)
+            );
+            return (
+                StatusCode::UNAUTHORIZED,
+                req_handler.req_header.header,
+                "Error"
+            ).into_response();
+        }
+        user_sel.password = generate_hash(&user_data.password);
+        let user_data = user_sel.session_data();
+        match user_sel.update(&app_dbs.user_store).await {
+            Ok(_) => {
+                let session_token = auth_state.id();
+                let session_cookie = add_session_cookie(true,&cookies, &session_token, &user_data, 0, &app_dbs, "/").await;
+                if app_dbs.config.verbose > 1 { println!("session cookie: {}", &session_cookie) };
+                let _ = req_handler.trace_req(format!("user '{}' reset password OK",&user_id));
+                let result =String::from("OK");
+                (
+                    req_handler.req_header.header,
+                    result.to_owned()
+                ).into_response()
+            },
+            Err(e) => {
+                let _ = req_handler.trace_req(format!("Error user '{}' reset password: {}",&user_id,e));
+                (
+                    StatusCode::BAD_REQUEST,
+                    req_handler.req_header.header,
+                    "Error"
+                ).into_response()
+            },
+        }
+    }
+    async fn invite_signup_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        axum::extract::Path(data): axum::extract::Path<String>,
+        // auth_state: AuthState,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "invite_signup_handler"
+        );
+        if ! app_dbs.config.signup_mode.contains("invitation") {
+            let msg = format!("Config signup mode not invitation: {}",
+               app_dbs.config.signup_mode
+            );
+            println!("{}", &msg);
+            let _ = req_handler.trace_req(msg);
+            return Redirect::temporary( &format!("/")).into_response();
+        }
+        // println!("root_handler: {}",&session_cookie);
+        let session_cookie = decode(&data).unwrap_or_default().to_string();
+        let auth_state = AuthState::from_cookie(session_cookie.to_owned(), &app_dbs).await;
+        if auth_state.session.is_none() {
+            // TODO make it prettier 
+            let _ = req_handler.trace_req(format!("No session found"));
+            return (
+                StatusCode::NOT_FOUND,
+                req_handler.req_header.header,
+                "No valid invitation found" 
+            ).into_response();
+        }
+        //let user_data = auth_state.user_data();
+        let mut usr = User::default();
+        usr.roles = auth_state.user_roles();
+        usr.email = auth_state.user_email();
+        let usr_id = auth_state.user_id();
+        let invite_id = if usr_id == "0" {
+            usr_id
+        } else {
+          usr.email.to_owned()
+        };
+        // let _uri_path = format!("{}",&uri.path().to_string());
+        // let file =  "hello.html";
+        // let result = app_dbs.tera.render(&file, &app_dbs.context).unwrap_or_else(|e|{
+        //     println!("Error render {}: {}",&file,e);
+        //     String::from("")
+        // });
+    
+        let mut res_headers = HeaderMap::new();
+        if req_handler.req_header.is_browser() {
+            res_headers.append(axum::http::header::CONTENT_TYPE,"text/html; charset=utf-8".parse().unwrap());
+        }
+        req_handler.context.insert("user", &usr);
+        req_handler.context.insert("isadmin", "");
+        req_handler.context.insert("totp_mode", &format!("{}",&app_dbs.config.totp_mode));
+        req_handler.context.insert("invite_key", &data);
+        req_handler.context.insert("invite_id", &invite_id);
+        req_handler.context.insert("admin_fields", &app_dbs.config.admin_fields);
+        let result = if let Some(tpl) = app_dbs.config.tpls.get("signup") {
+            req_handler.render_template(&tpl,"signup")
+        } else {
+            String::from("signup")
+        };
+        let _ = req_handler.trace_req(format!("Invite to '{}' data: {}",&invite_id, &data));
+        (
+            res_headers,
+            result.to_owned()
+        ).into_response()
+    }
+    async fn post_invite_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_invite): Json<UserInvitation>,
+    ) -> Response {
+        //dbg!(&user_item);
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "post_invite_handler"
+        );
+        if ! app_dbs.config.signup_mode.contains("invitation") {
+            let msg = format!("Config signup mode not invitation: {}",
+               app_dbs.config.signup_mode
+            );
+            println!("{}", &msg);
+            let _ = req_handler.trace_req(msg);
+           return Redirect::temporary( &format!("/")).into_response();
+        }
+        if ! auth_state.has_auth_role(&app_dbs.config.auth_roles) {
+           let _ = req_handler.trace_req(format!("User '{}' not have role 'dev'",&auth_state.user_id()));
+           return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        //    return (
+        //         StatusCode::UNAUTHORIZED,
+        //         header,
+        //         "Error authorization"
+        //     ).into_response(); 
+        }
+        if ! user_invite.email.contains("@") {
+            let _ = req_handler.trace_req(format!("Invite email '{}' not contains '@'",&user_invite.email));
+            return (
+                StatusCode::BAD_REQUEST,
+                req_handler.req_header.header,
+                "Error invitation data"
+            ).into_response(); 
+        }
+        let session_token = req_handler.new_token();
+        let mut usr = User::default();
+        usr.email = user_invite.email.to_owned();
+        usr.roles = user_invite.roles.to_owned();
+        usr.isadmin = user_invite.isadmin;
+        usr.status = UserStatus::Pending;
+        let user_data = usr.session_data();
+        let session_cookie = add_session_cookie(false,&cookies, &session_token, &user_data, user_invite.expire, &app_dbs, "invitation").await;
+        let session_encoded_key = encode(session_cookie.as_str());
+        let body=format!("This is an invitation to docserver service");
+        let subject = format!("DocServer Invitation");
+        let signup_url= format!(
+            "{}://{}/signup",
+            &app_dbs.config.protocol,
+            &app_dbs.config.hostport,
+        );
+        let invite_expiration = format!("{} minutes",
+            (&app_dbs.config.session_expire/60)
+        );
+        req_handler.context.insert("signup_url", &signup_url);
+        req_handler.context.insert("invite_expiration", &invite_expiration);
+        req_handler.context.insert("email_body",&body);
+        req_handler.context.insert("invite_key",&session_encoded_key);
+        req_handler.context.insert("email_subject",&subject);
+        let (status, result) = if app_dbs.config.use_mail && user_invite.send_email {
+            let mail_content= if let Some(tpl) = app_dbs.config.tpls.get("invite_mail_txt") {
+                req_handler.render_template(tpl, "invite")
+            } else {
+                format!("{}\n{}\n{}/signup/{}\n",&subject,&body,&signup_url,&session_cookie)
+            };
+            let mail_html_content = if let Some(tpl) = app_dbs.config.tpls.get("invite_mail_html") {
+                req_handler.render_template(tpl, "invite")
+            } else {
+                format!("{}\n{}\n{}/signup/{}\n",&subject,&body,&signup_url,&session_cookie)
+            }; 
+            let mail_check = MailMessage::check(&app_dbs);
+            if ! mail_check.is_empty() {
+                (
+                   StatusCode::BAD_REQUEST,
+                    mail_check
+                )
+            } else {
+                //"jesus.perezlorenzo@gmail.com",
+                // "jesus@librecloud.online",
+                match MailMessage::new(
+                    &app_dbs.config.mail_from,
+                    &user_invite.email,
+                &app_dbs.config.mail_reply_to,
+                ) {
+                    Ok(mail_message) => {
+                        //match mail_message.send_message(
+                        match mail_message.send_html_message(
+                            &subject,
+                            &mail_content,
+                            &mail_html_content,
+                            &app_dbs
+                        ).await {
+                            Ok(_) => {
+                                let _ = req_handler.trace_req(format!(
+                                    "Invitation mail sent to: '{}' reset url: {} roles: {}, isadmin: {}, expiration: {} cookie: {}",
+                                    &user_invite.email, &invite_expiration,  user_invite.roles, user_invite.isadmin, &signup_url,&session_cookie
+                                ));
+                                (StatusCode::OK, format!("Mail sent to {}",&user_invite.email))
+                            },
+                            Err(e) => { 
+                                println!("Invitation to: {} Error mail message send: {}",&user_invite.email, e);
+                                (
+                                    StatusCode::INTERNAL_SERVER_ERROR,
+                                    String::from("Error")
+                                )
+                            }
+                        }
+                    },
+                    Err(e) => {
+                        println!("Invitation to: {} Error mail message creation: {}",&user_invite.email, e);
+                        (
+                            StatusCode::BAD_REQUEST,
+                            String::from("Error")
+                        )
+                    }
+                }
+            }
+        } else {
+            let _ = req_handler.trace_req(format!(
+                "Created invitation: '{}' reset url: {} roles: {}, isadmin: {}, expiration: {} cookie: {}",
+                &user_invite.email, &invite_expiration,  user_invite.roles, user_invite.isadmin, &signup_url,&session_cookie
+            ));
+            (StatusCode::OK, format!("No mail sent to {}",&user_invite.email))
+        };
+        req_handler.prepare_response();
+        req_handler.context.insert("email_result",&result);
+        let response = if let Some(tpl) = app_dbs.config.tpls.get("invite_output") {
+            req_handler.render_template(tpl, "invite")
+        } else {
+            format!("{}\n{}\n{}/signup/{}\n",&subject,&body,&signup_url,&session_cookie)
+        };
+        (
+            status,
+            req_handler.req_header.header,
+            response,
+        ).into_response()
+    }
+    async fn invite_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+    ) -> Response {
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let mut req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "invite_handler"
+        );
+        if ! app_dbs.config.signup_mode.contains("invitation") {
+            let msg = format!("Config signup mode not invitation: {}",
+               app_dbs.config.signup_mode
+            );
+            println!("{}",&msg);
+            let _ = req_handler.trace_req(msg);
+           return Redirect::temporary( &format!("/")).into_response();
+        }
+        if ! auth_state.has_auth_role(&app_dbs.config.auth_roles) {
+           let _ = req_handler.trace_req(format!("User '{}' not have role 'dev'",&auth_state.user_id()));
+           return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        //    return (
+        //         StatusCode::UNAUTHORIZED,
+        //         header,
+        //         "Error authorization"
+        //     ).into_response(); 
+        }
+        
+        let title = format!("DocServer Invitation");
+        let invite_url= format!(
+            "{}://{}/invite",
+            &app_dbs.config.protocol,
+            &app_dbs.config.hostport,
+        );
+        let invite_expire = format!("{} minutes",
+            (&app_dbs.config.invite_expire/60)
+        );
+        req_handler.context.insert("target_url", &invite_url);
+        req_handler.context.insert("invite_expire", &invite_expire);
+        if app_dbs.config.use_mail {
+            req_handler.context.insert("use_mail", &app_dbs.config.use_mail);
+        }
+        req_handler.prepare_response();
+        req_handler.context.insert("with_menu", "1");
+        let response = if let Some(tpl) = app_dbs.config.tpls.get("invite_create") {
+            req_handler.render_template(tpl, "invite create")
+        } else {
+            format!("{} invite",&title)
+        };
+        let _ = req_handler.trace_req(format!(
+            "Invitation: url: {}, expiration: {}",
+            &invite_url, &invite_expire,
+        ));
+        (
+            req_handler.req_header.header,
+            response,
+        ).into_response()
+        // let uri_path = format!("{}",&uri.path().to_string());
+        // let file =  "hello.html";
+        // let result = app_dbs.tera.render(&file, &app_dbs.context).unwrap_or_else(|e|{
+        //     println!("Error render {}: {}",&file,e);
+        //     String::from("")
+        // });
+        //dbg!("uri: {}",&uri_path);
+        // let mut new_header = header.to_owned();
+        //new_header.append("Set-Cookie", "session_token=_; Max-Age=0".parse().unwrap());
+        // cookies.remove(Cookie::new(SESSION_COOKIE_NAME, ""));
+        // (
+        //     header,
+        //     result.to_owned()
+        // ).into_response()
+    //     "Hello, World!"
+    }
+    async fn update_user_item_handler(
+        header: HeaderMap,
+        uri: Uri,
+        Extension(app_dbs): Extension<Arc<AppDBs>>,
+        Extension(cookies): Extension<Cookies>,
+        Extension(random): Extension<Random>,
+        ConnectInfo(app_connect_info): ConnectInfo<AppConnectInfo>,
+        Json(user_item): Json<UserItem>,
+        //_auth_state: AuthState,
+        //axum::extract::Path(data): axum::extract::Path<String>,
+    ) -> Response {
+        dbg!(&user_item);
+        let auth_state = get_auth_state(true, &cookies, &app_dbs).await;
+        let req_handler = ReqHandler::new(
+            ReqHeaderMap::new(header, &format!("{}",&uri.path().to_string()), &app_connect_info),
+            &app_dbs,
+            &uri,
+            &auth_state,
+            &random,
+            "update_user_item_handler"
+        );
+        if ! auth_state.has_auth_role(&app_dbs.config.auth_roles) {
+            let _ = req_handler.trace_req(format!("User '{}' not have role 'dev'",&auth_state.user_id()));
+           return Redirect::temporary( &format!("/login?o={}",uri.path().to_string())).into_response();
+        //    return (
+        //         StatusCode::UNAUTHORIZED,
+        //         header,
+        //         "Error authorization"
+        //     ).into_response(); 
+        }
+        let result="";
+        (
+            //status,
+            req_handler.req_header.header,
+            result,
+        ).into_response()
+    }
+    route("/", get(main_handler))
+    //   .route("/auto", get(auto_handler))
+
+        .route("/login", get(login_handler))
+        .route("/login", post(post_login_handler))
+
+        .route("/signup", get(signup_handler))
+        .route("/signup", post(post_signup_handler))
+        .route("/signup/:data", get(invite_signup_handler))
+
+        .route("/logout", get(logout_handler)) 
+
+        .route("/check", post(check_item_handler)) 
+
+        .route("/invite", get(invite_handler)) 
+        .route("/invite", post(post_invite_handler)) 
+
+        .route("/reset/:data", get(reset_password_handler)) 
+        .route("/reset", post(post_reset_password_handler)) 
+        .route("/resetup", post(post_user_password_handler)) 
+
+        .route("/settings", get(user_settings_handler)) 
+        .route("/settings/:item", get(user_settings_edit_handler)) 
+//         .route("/update", post(update_user_handler)) 
+        .route("/settings", post(post_user_settings_handler)) 
+        .route("/update_item", post(update_user_item_handler))
+}
diff --git a/src/login_password.rs b/src/login_password.rs
new file mode 100644
index 0000000..5d97327
--- /dev/null
+++ b/src/login_password.rs
@@ -0,0 +1,75 @@
+// #![no_std]
+// #![doc = include_str!("../README.md")]
+// #![doc(
+//     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg",
+//     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg"
+// )]
+// #![warn(
+//     clippy::checked_conversions,
+//     clippy::integer_arithmetic,
+//     clippy::panic,
+//     clippy::panic_in_result_fn,
+//     clippy::unwrap_used,
+//     missing_docs,
+//     rust_2018_idioms,
+//     unused_lifetimes,
+//     unused_qualifications
+// )]
+
+extern crate alloc;
+#[cfg(feature = "std")]
+extern crate std;
+
+use alloc::string::{String, ToString};
+use core::fmt;
+use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
+use rand_core::OsRng;
+
+// #[cfg(not(any(feature = "argon2", feature = "pbkdf2", feature = "scrypt")))]
+// compile_error!(
+//     "please enable at least one password hash crate feature, e.g. argon2, pbkdf2, scrypt"
+// );
+
+use argon2::Argon2;
+
+/// Opaque error type.
+#[derive(Clone, Copy, Debug)]
+pub struct VerifyError;
+
+impl fmt::Display for VerifyError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("password verification error")
+    }
+}
+
+// #[cfg(feature = "std")]
+// #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
+// impl std::error::Error for VerifyError {}
+
+/// Generate a password hash for the given password.
+pub fn generate_hash(password: impl AsRef<[u8]>) -> String {
+    let salt = SaltString::generate(OsRng);
+    generate_phc_hash(password.as_ref(), &salt)
+        .map(|hash| hash.to_string())
+        .expect("password hashing error")
+}
+
+/// Generate a PHC hash using the preferred algorithm.
+#[allow(unreachable_code)]
+fn generate_phc_hash<'a>(
+    password: &[u8],
+    salt: &'a SaltString,
+) -> password_hash::Result<PasswordHash<'a>> {
+    return Argon2::default().hash_password(password, salt);
+}
+
+/// Verify the provided password against the provided password hash.
+pub fn verify_password(password: impl AsRef<[u8]>, hash: &str) -> Result<(), VerifyError> {
+    let hash = PasswordHash::new(hash).map_err(|_| VerifyError)?;
+    let algs: &[&dyn PasswordVerifier] = &[
+        &Argon2::default(),
+    ];
+    hash.verify_password(algs, password)
+        .map_err(|_| VerifyError)
+}
+
diff --git a/src/main.rs b/src/main.rs
new file mode 100644
index 0000000..bb528d7
--- /dev/null
+++ b/src/main.rs
@@ -0,0 +1,546 @@
+
+//! Run 
+//! ```not_rust
+//! cargo run -p example-static-file-server
+//! ```
+
+// use axum_auth::AuthBasic;
+
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![doc(html_logo_url = "../images/docserver.svg")]
+#[doc = include_str!("../README.md")]
+// #![doc(html_no_source)]
+
+// TODO tasks https://docs.rs/async-sqlx-session/latest/async_sqlx_session/struct.SqliteSessionStore.html
+
+use rand_core::{SeedableRng,OsRng, RngCore};
+use rand_chacha::ChaCha8Rng;
+
+use axum::{
+    extract::Host,
+    handler::HandlerWithoutStateExt,
+    routing::MethodRouter,
+    http::{
+        StatusCode,
+        Uri,
+        header::HeaderValue,
+        Method,
+    },
+    BoxError,
+    Extension,
+    response::Redirect,
+//    http::Request, handler::HandlerWithoutStateExt, http::StatusCode, routing::get, Router,    
+    Router,
+};
+use tower::ServiceBuilder;
+use axum_server::tls_rustls::RustlsConfig;
+use std::{
+    net::SocketAddr, 
+    path::PathBuf,
+    sync::{Arc, Mutex},
+    path::Path, 
+};
+// use std::net::SocketAddr;
+// use tower::ServiceExt;
+use tower_http::{
+    services::{ServeDir,ServeFile},
+    trace::TraceLayer,
+    cors::CorsLayer,
+};
+use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
+use once_cell::sync::Lazy;
+// use once_cell::sync::{Lazy,OnceCell};
+// use async_session::{Session, SessionStore, MemoryStore};
+
+use tera::Context;
+use async_sqlx_session::SqliteSessionStore;
+use sqlx::AnyPool;
+
+mod tera_tpls;
+mod defs;
+mod users;
+mod login_password;
+mod handlers;
+mod tools;
+
+use defs::{
+    AppDBs,
+    SessionStoreDB,
+    FileStore,
+    Config,
+    load_from_file,
+    parse_args,
+    AppConnectInfo,
+};
+use users::UserStore;
+
+use tera_tpls::init_tera;
+use tower_cookies::CookieManagerLayer;
+use handlers::{
+    handle_404,
+    rewrite_request_uri,
+    admin_router_handlers,
+    users_router_handlers,
+    pages_router_handlers,
+};
+use crate::tools::get_socket_addr;
+
+pub const USER_AGENT: &str = "user-agent";
+pub const SESSION_COOKIE_NAME: &str = "doc_session";
+pub const CFG_FILE_EXTENSION: &str  = ".toml";
+pub const FILE_SCHEME: &str = "file:///"; 
+
+pub const PKG_NAME: &str = env!("CARGO_PKG_NAME");
+// static WEBSERVER: AtomicUsize = AtomicUsize::new(0);
+pub const PKG_VERSION: &str = env!("CARGO_PKG_VERSION");
+// const PKG_VERSION: Option&<&'static str> = option_env!("CARGO_PKG_VERSION");
+// const PKG_DESCRIPTION: &str = env!("CARGO_PKG_DESCRIPTION");
+// const COOKIE_NAME: &str = "lc_authz";
+// const COOKIE_SEP: &str = ":tk:";
+const GIT_VERSION: &str = ""; //git_version::git_version!();
+static GIT_VERSION_NAME: Lazy<String> = Lazy::new(|| {
+    format!("v{} [build: {}]",PKG_VERSION,GIT_VERSION)
+});
+static PKG_FULLNAME: Lazy<String> = Lazy::new(|| {
+    format!("{}: TII CL Rust",PKG_NAME)
+});
+
+pub const USERS_TABLENAME: &str = "users";
+pub const USERS_FILESTORE: &str = "users";
+pub const DEFAULT_ROLES: &str = "user";
+
+
+#[derive(Clone, Copy)]
+struct Ports {
+    http: u16,
+    https: u16,
+}
+
+pub fn route(path: &str, method_router: MethodRouter) -> Router {
+    Router::new().route(path, method_router)
+}
+
+#[tokio::main]
+async fn main() {
+    let config_path = parse_args();
+    if config_path.is_empty() {
+        eprintln!("No config-file found");
+        std::process::exit(2)
+    }
+    //	pretty_env_logger::init();
+    let config = {
+        let mut server_cfg: Config = load_from_file(&config_path, "server-config").unwrap_or_else(|e|{
+            eprintln!("Settings error: {}",e);
+            std::process::exit(2)
+        });
+        server_cfg.load_items();
+        //config.fix_root_path::<ServerConfig>(String::new());
+        server_cfg
+    };
+    if config.verbose > 1 { dbg!("{:?}",&config); }
+    tracing_subscriber::registry()
+        .with(
+            tracing_subscriber::EnvFilter::try_from_default_env()
+                .unwrap_or_else(|_| "example_static_file_server=debug,tower_http=debug".into()),
+        )
+        .with(tracing_subscriber::fmt::layer())
+        .init();
+
+    // you can convert handler function to service
+
+    // let store = FileStore {
+    //     sess_path: "store".to_owned(),
+    //     ses_file: "data".to_owned(),
+    //     // sess_path: sessions_config.session_store_uri.replace(FILE_SCHEME,"").to_owned(),
+    //     // ses_file: sessions_config.session_store_file.to_owned(),
+    // };
+    // let session_store = SessionStoreDB::connect_file_store(store);
+    // let session_store = SessionStoreDB::connect_memory_store();
+    let session_store = if config.session_store_uri.starts_with(FILE_SCHEME) {
+        let store = FileStore {
+            sess_path: config.session_store_uri.replace(FILE_SCHEME,"").to_owned(),
+            ses_file: config.session_store_file.to_owned(),
+        };
+        if let Err(e) = store.check_paths() {
+            eprintln!("Error creation File Store: {}",e);
+            std::process::exit(2)
+        }
+        SessionStoreDB::connect_file_store(store)
+    } else if config.session_store_uri.starts_with("sqlite:") {
+        let store = SqliteSessionStore::new(&config.session_store_uri).await.unwrap_or_else(|e|{
+            eprintln!("Error session database {}: {}",
+                config.session_store_uri,e
+            );
+            std::process::exit(2)
+        });
+        let _ = store.migrate().await;
+        let _ = store.cleanup().await;
+        SessionStoreDB::connect_sqlite_store(store)
+    } else if config.session_store_uri.starts_with("memory") {
+        SessionStoreDB::connect_memory_store()
+    } else {
+        SessionStoreDB::None
+    }; 
+    let user_store = if config.users_store_uri.starts_with(FILE_SCHEME) {
+        let users_store_uri = config.users_store_uri.replace(FILE_SCHEME,"").to_owned();
+        if ! Path::new(&users_store_uri).exists() {
+            if let Err(e) = std::fs::File::create(Path::new(&users_store_uri)) {
+                eprintln!("Error creation Users store {}: {}",
+                    &users_store_uri,e);
+                std::process::exit(2)
+            }
+        }
+        UserStore::File(users_store_uri)
+    // } else if config.users_store_uri.starts_with("sqlite:") {
+    } else if config.users_store_uri.contains("sql") {
+        //let m = Migrator::new(Path::new("./migrations")).await?;
+        //}
+        let pool = AnyPool::connect(&config.users_store_uri).await.unwrap_or_else(|e|{
+            eprintln!("Error pool database {}: {}",
+                config.users_store_uri,e
+            );
+            std::process::exit(2)
+        });
+        // let pool = SqlitePool::connect(&config.users_store_uri).await.unwrap_or_else(|e|{
+        //     eprintln!("Error pool database {}: {}",
+        //         config.users_store_uri,e
+        //     );
+        //     std::process::exit(2)
+        // });
+        UserStore::Sql(pool)
+    } else {
+        eprintln!("User store {}: Not defined",&config.users_store_uri);
+        std::process::exit(2)
+    };
+    #[cfg(feature = "casbin")]
+    let enforcer = if !config.authz_model_path.is_empty() && ! config.authz_policy_path.is_empty() {
+        AppDBs::create_enforcer(
+        Box::leak(config.authz_model_path.to_owned().into_boxed_str()),
+        Box::leak(config.authz_policy_path.to_owned().into_boxed_str())
+        ).await
+    } else {
+        eprintln!("Error auth enforcer {} + {}",
+            config.authz_model_path, config.authz_policy_path
+        );
+        std::process::exit(2);
+    };
+
+    let ports = Ports {
+        http: 7878,
+        https: 8800,
+    };
+    // optional: spawn a second server to redirect http requests to this server
+    if config.protocol.contains("http") {
+        tokio::spawn(redirect_http_to_https(ports));
+    }
+
+    let mut origins: Vec<HeaderValue> = Vec::new();
+    for itm in config.allow_origin.to_owned() {
+        match HeaderValue::from_str(itm.as_str()) {
+            Ok(val) => origins.push(val),
+            Err(e) =>  println!("error {} with {} header for allow_origin",e,itm),
+        }
+    }	
+
+    let mut context = Context::new();
+    context.insert("server_name","DOC Server");
+    context.insert("pkg_name",&PKG_NAME);
+    context.insert("pkg_version",&PKG_VERSION);
+    context.insert("git_version",&GIT_VERSION);
+    context.insert("git_version_name",GIT_VERSION_NAME.as_str());
+    context.insert("pkg_fullname",PKG_FULLNAME.as_str());
+
+    // let app = Router::new().route("/", get(handler));
+    #[cfg(feature = "authstore")]
+    let app_dbs = Arc::new(
+        AppDBs::new(&config, session_store, user_store,
+            init_tera(&config.templates_path), context
+        )
+    );
+    #[cfg(feature = "casbin")]
+    let app_dbs = Arc::new(
+        AppDBs::new(&config, session_store, user_store, enforcer,
+            init_tera(&config.templates_path), context
+        )
+    );
+    let middleware = 
+        axum::middleware::from_fn_with_state(app_dbs.clone(),rewrite_request_uri);
+    // apply the layer around the whole `Router`
+    // this way the middleware will run before `Router` receives the request
+
+    let mut web_router = Router::new();
+
+    // Parse serv_paths to add static paths as service 
+    for item in &config.serv_paths {
+        // Try to check src_path ...
+        let src_path: String;
+        if Path::new(&item.src_path).exists() {
+            src_path = format!("{}",item.src_path); 
+        } else {
+            src_path = if item.src_path.starts_with("/") {
+                format!("{}",item.src_path)
+            } else {
+                format!("{}/{}",&config.root_path,item.src_path)
+            };
+            if ! Path::new(&src_path).exists() {
+                eprintln!("File path {}: not found", &src_path);
+                continue;
+            } 
+        }    
+        // Add ServeDir with not_found page ...
+        if item.not_found.is_empty() {
+            web_router = web_router.nest_service(
+                &item.url_path,
+                ServeDir::new(&src_path).not_found_service(handle_404.into_service())
+            );
+            println!("Added path {} => {}", &src_path,&item.url_path);
+        } else {
+            web_router = web_router.nest_service(
+                &item.url_path,
+                ServeDir::new(&src_path).not_found_service(ServeFile::new(&item.not_found))
+            );
+            println!("Added path {} => {} ({})", &src_path,&item.url_path,&item.not_found);
+        }
+    }
+    let mut key = [0u8; 16];
+    let mut os_rng = OsRng{};
+    os_rng.fill_bytes(&mut key);
+    let random = ChaCha8Rng::seed_from_u64(OsRng.next_u64());
+
+    web_router = web_router
+        .merge(users_router_handlers())
+        .merge(admin_router_handlers())
+        .merge(pages_router_handlers())
+        .layer(ServiceBuilder::new().layer(middleware))
+        .layer(CookieManagerLayer::new())
+        .layer(Extension(app_dbs))
+        .layer(Extension(Arc::new(Mutex::new(random))))
+        .fallback_service(handle_404.into_service())
+        ;
+
+    // if !config.html_path.is_empty() && !config.html_url.is_empty() {
+    //     MAIN_URL.set(config.server.html_url.to_owned()).unwrap_or_default();
+    //     println!("SpaRoutert local path {} to {}",&config.server.html_path,&config.server.html_url);
+    //     web_router = web_router.merge(
+    //     )
+    //     .fallback(fallback);
+    // }
+
+    if config.verbose > 2 { dbg!("{:?}",&origins); }
+    if config.allow_origin.len() > 0 {
+         web_router = web_router.layer(CorsLayer::new()
+            .allow_origin(origins)
+            .allow_methods(vec![Method::GET, Method::POST])
+            .allow_headers(tower_http::cors::Any)
+        );
+    }
+    let addr = get_socket_addr(&config.bind,config.port);
+    tracing::debug!("listening on {}", addr);
+    println!("listening on {}", addr);
+    if config.protocol.as_str() == "http" {
+    // let app_with_middleware = middleware.layer(app);
+    // run https server
+        //let addr = SocketAddr::from(([127, 0, 0, 1], ports.http));
+        //tracing::debug!("listening on {}", addr);
+        let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
+        axum::serve(listener, web_router.layer(TraceLayer::new_for_http())
+            .into_make_service_with_connect_info::<SocketAddr>()
+           )
+          .await
+          .unwrap();
+    } else {
+        // configure certificate and private key used by https
+        // let tls_config = RustlsConfig::from_pem_file(
+        //     PathBuf::from(env!("CARGO_MANIFEST_DIR"))
+        //         .join("self_signed_certs")
+        //         .join("cert.pem"),
+        //     PathBuf::from(env!("CARGO_MANIFEST_DIR"))
+        //         .join("self_signed_certs")
+        //         .join("key.pem"),
+        // )
+        let tls_config = RustlsConfig::from_pem_file(
+            PathBuf::from(&config.cert_file),
+            PathBuf::from(&config.key_file)
+        )
+        .await
+        .unwrap_or_else(|e|{
+            eprintln!("Error TLS config: {}",e);
+            std::process::exit(2)
+        });
+        //let addr = SocketAddr::from(([127, 0, 0, 1], ports.https));
+        //tracing::debug!("listening on {}", addr);
+        //let app_with_middleware = middleware.layer(app);
+        // apply the layer around the whole `Router`middleware.layer(app);
+//           .serve(web_router.into_make_service())
+        axum_server::bind_rustls(addr, tls_config)
+          .serve(
+            // web_router.layer(TraceLayer::new_for_http())
+            web_router
+            .into_make_service_with_connect_info::<AppConnectInfo>()
+        )
+        .await
+        .unwrap();
+    }
+/*
+    // let port = 3002;
+
+    // tokio::join!(
+    //     serve(using_serve_dir(), 3001),
+    //     serve(using_serve_dir_with_assets_fallback(), 3002),
+    //     serve(using_serve_dir_only_from_root_via_fallback(), 3003),
+    //     serve(using_serve_dir_with_handler_as_service(), 3004),
+    //     serve(two_serve_dirs(), 3005),
+    //     serve(calling_serve_dir_from_a_handler(), 3006),
+    // );
+
+    //let addr = SocketAddr::from(([127, 0, 0, 1], port));
+    let addr = SocketAddr::from(([192,168,1,4], port));
+    let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
+    tracing::debug!("listening on {}", listener.local_addr().unwrap());
+
+        // let _ = axum::Server::bind(&addr)
+        //     .serve(
+        //         // router.layer(TraceLayer::new_for_http())
+        //         //router.into_make_service_with_connect_info::<SocketAddr>()
+        //         router.into_make_service()
+        //     )
+        //     .await
+        //     .expect("server failed");
+ 
+    // axum_server::bind(addr)
+    //     .serve(router.into_make_service())
+    //     .await
+    //     .unwrap();
+     axum::serve(listener, router.layer(TraceLayer::new_for_http()))
+         .await
+        .unwrap();
+    // let _ = axum::Server::bind(&addr)
+    //     .serve(
+    //             app.layer(TraceLayer::new_for_http()).into_make_service()
+    //            //    web_router.into_make_service_with_connect_info::<SocketAddr>()
+    //             // web_router.into_make_service()
+    //     )
+    //     .await
+    //     .unwrap();
+*/
+}
+
+async fn redirect_http_to_https(ports: Ports) {
+    fn make_https(host: String, uri: Uri, ports: Ports) -> Result<Uri, BoxError> {
+        let mut parts = uri.into_parts();
+
+        parts.scheme = Some(axum::http::uri::Scheme::HTTPS);
+
+        if parts.path_and_query.is_none() {
+            parts.path_and_query = Some("/".parse().unwrap());
+        }
+
+        let https_host = host.replace(&ports.http.to_string(), &ports.https.to_string());
+        parts.authority = Some(https_host.parse()?);
+
+        Ok(Uri::from_parts(parts)?)
+    }
+
+    let redirect = move |Host(host): Host, uri: Uri| async move {
+        match make_https(host, uri, ports) {
+            Ok(uri) => Ok(Redirect::permanent(&uri.to_string())),
+            Err(error) => {
+                tracing::warn!(%error, "failed to convert URI to HTTPS");
+                Err(StatusCode::BAD_REQUEST)
+            }
+        }
+    };
+
+    let addr = SocketAddr::from(([127, 0, 0, 1], ports.http));
+    let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
+    tracing::debug!("listening on {}", listener.local_addr().unwrap());
+    axum::serve(listener, redirect.into_make_service_with_connect_info::<SocketAddr>())
+        .await
+        .unwrap();
+}
+
+/*
+fn using_serve_dir() -> Router {
+    // serve the file in the "assets" directory under `/assets`
+    Router::new().nest_service("/assets", ServeDir::new("assets"))
+}
+
+fn using_serve_dir_with_assets_fallback() -> Router {
+    // `ServeDir` allows setting a fallback if an asset is not found
+    // so with this `GET /assets/doesnt-exist.jpg` will return `index.html`
+    // rather than a 404
+    let serve_dir = ServeDir::new("assets").not_found_service(ServeFile::new("assets/index.html"));
+
+    Router::new()
+        .route("/foo", get(|| async { "Hi from /foo" }))
+        .nest_service("/assets", serve_dir.clone())
+        .fallback_service(serve_dir)
+}
+
+fn using_serve_dir_only_from_root_via_fallback() -> Router {
+    // you can also serve the assets directly from the root (not nested under `/assets`)
+    // by only setting a `ServeDir` as the fallback
+    let serve_dir = ServeDir::new("assets").not_found_service(ServeFile::new("assets/index.html"));
+
+    Router::new()
+        .route("/foo", get(|| async { "Hi from /foo" }))
+        .fallback_service(serve_dir)
+}
+
+fn using_serve_dir_with_handler_as_service() -> Router {
+    async fn handle_404() -> (StatusCode, &'static str) {
+        (StatusCode::NOT_FOUND, "Not found")
+    }
+
+    // you can convert handler function to service
+    let service = handle_404.into_service();
+
+    let serve_dir = ServeDir::new("assets").not_found_service(service);
+
+    Router::new()
+        .route("/foo", get(|| async { "Hi from /foo" }))
+        .fallback_service(serve_dir)
+}
+
+fn two_serve_dirs() -> Router {
+    // you can also have two `ServeDir`s nested at different paths
+    let serve_dir_from_assets = ServeDir::new("assets");
+    let serve_dir_from_dist = ServeDir::new("dist");
+
+    Router::new()
+        .nest_service("/assets", serve_dir_from_assets)
+        .nest_service("/dist", serve_dir_from_dist)
+}
+
+#[allow(clippy::let_and_return)]
+fn calling_serve_dir_from_a_handler() -> Router {
+    // via `tower::Service::call`, or more conveniently `tower::ServiceExt::oneshot` you can
+    // call `ServeDir` yourself from a handler
+    Router::new().nest_service(
+        "/foo",
+        get(|request: Request<_>| async {
+            let service = ServeDir::new("assets");
+            let result = service.oneshot(request).await;
+            result
+        }),
+    )
+}
+
+async fn serve(app: Router, port: u16) {
+    let addr = SocketAddr::from(([127, 0, 0, 1], port));
+    let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
+    tracing::debug!("listening on {}", listener.local_addr().unwrap());
+    axum::serve(listener, app.layer(TraceLayer::new_for_http()))
+        .await
+        .unwrap();
+    // let _ = axum::Server::bind(&addr)
+    //     .serve(
+    //             app.layer(TraceLayer::new_for_http()).into_make_service()
+    //            //    web_router.into_make_service_with_connect_info::<SocketAddr>()
+    //             // web_router.into_make_service()
+    //     )
+    //     .await
+    //     .unwrap();
+}
+*/
+
diff --git a/src/tera_tpls.rs b/src/tera_tpls.rs
new file mode 100644
index 0000000..4ca6b7d
--- /dev/null
+++ b/src/tera_tpls.rs
@@ -0,0 +1,26 @@
+use std::collections::HashMap;
+use tera::{Tera, try_get_value};
+use serde_json::value::{to_value, Value};
+
+pub fn do_nothing_filter(value: &Value, _: &HashMap<String, Value>) -> tera::Result<Value> {
+    let s = try_get_value!("do_nothing_filter", "value", String, value);
+    Ok(to_value(&s).unwrap())
+}
+
+pub fn init_tera(path: &str) -> Tera {
+    let tpl_path = format!("{}/**/*",&path);
+    let mut tera = match Tera::new(&tpl_path) {
+        Ok(t) => { 
+            println!("Templates loaded from: {}",&tpl_path);
+            log::info!("Templates loaded from: {}",&tpl_path);
+            t
+        },
+        Err(e) => {
+            println!("Tempates from {} parsing error(s): {}",&tpl_path, e);
+            ::std::process::exit(1);
+        }
+    };
+    tera.autoescape_on(vec![]);
+    tera.register_filter("do_nothing", do_nothing_filter);
+    tera
+}
\ No newline at end of file
diff --git a/src/tools.rs b/src/tools.rs
new file mode 100644
index 0000000..feb5dae
--- /dev/null
+++ b/src/tools.rs
@@ -0,0 +1,58 @@
+use std::net::{IpAddr, Ipv4Addr, SocketAddr, ToSocketAddrs};
+use chrono::{DateTime,Utc,NaiveDateTime};
+//use std::time::{UNIX_EPOCH, Duration};
+
+pub fn get_socket_addr(bind: &str, port: u16) -> SocketAddr {
+  let url = format!("{}:{}",&bind,&port);
+  match url.to_socket_addrs() {
+    Ok(addrs_op) => if let Some(addr) = addrs_op.to_owned().next() {
+         addr 
+       } else {
+         SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), port.to_owned())
+       }
+    Err(e) => { 
+       eprintln!("Evironment load error: {} {}", e, url);
+       SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), port.to_owned())
+    }
+  }
+}
+pub fn generate_uuid(alphabet: String) -> String {
+    if alphabet.is_empty() {
+        return String::from("");
+    }
+    let mut code = String::new();
+    for _ in 0..32 {
+        // 16 is the length of the above Hex alphabet
+        let number = rand::random::<f32>() * (16 as f32);
+        let number = number.round() as usize;
+        if let Some(character) = alphabet.chars().nth(number) {
+            code.push(character)
+        }
+    }
+    code.insert(20, '-');
+    code.insert(16, '-');
+    code.insert(12, '-');
+    code.insert(8, '-');
+
+    code
+}
+#[allow(dead_code)]
+pub fn path_timestamp(filepath: &str) -> u32 {
+    let arr_path = filepath.split("-").collect::<Vec<&str>>();
+    if let Some(timestamp)  = arr_path.last() {
+        timestamp.split(".").collect::<Vec<&str>>()[0].parse().unwrap_or_default()
+    } else { 
+        0
+    }
+}
+
+pub fn str_date_from_timestamp(timestamp: &str) -> String {
+  if timestamp.is_empty() { return String::from(""); }
+  let val: i64 = timestamp.parse().unwrap_or_default();
+  let dt = NaiveDateTime::from_timestamp_opt(val, 0).unwrap_or_default();
+  let datetime = DateTime::<Utc>::from_utc(dt, Utc);
+  //  let val = u64::try_from(timestamp.to_owned()).unwrap_or_default();
+  //  let str_timestamp = UNIX_EPOCH + Duration::from_millis(val);
+  //  let datetime = DateTime::<Utc>::from(str_timestamp);
+   datetime.format("%Y-%m-%d %H:%M:%S").to_string()
+}
diff --git a/src/users.rs b/src/users.rs
new file mode 100644
index 0000000..8709547
--- /dev/null
+++ b/src/users.rs
@@ -0,0 +1,17 @@
+mod entries;
+mod userdata;
+mod user;
+mod userstore;
+mod userstatus;
+mod user_role;
+
+pub(crate) use user::User;
+pub(crate) use userstore::UserStore;
+pub(crate) use userstatus::UserStatus;
+pub(crate) use userdata::{
+    UserData,
+    UserLogin,
+    UserItem,
+    UserInvitation,
+};
+pub(crate) use user_role::UserRole;
diff --git a/src/users/NO/user_id.rs b/src/users/NO/user_id.rs
new file mode 100644
index 0000000..bfbb9aa
--- /dev/null
+++ b/src/users/NO/user_id.rs
@@ -0,0 +1,263 @@
+use std::{
+    io::Write,
+    // sync::Arc,
+    fmt::Debug,
+    fs,
+    path::{Path, PathBuf},
+    io::{Error, ErrorKind},
+    
+};
+use log::error;
+// use async_session::{MemoryStore, Session, SessionStore};
+use serde::{Deserialize, Serialize};
+//use tiitls_utils::logs::file;
+use uuid::Uuid;
+use crate::defs::{
+    FILE_SCHEME,
+    SID_SETTINGS_FILE,
+    SID_REQUESTS_FILE,
+    SID_TRACE_FILE,
+//    SID_UI_FILE,
+//    UI_SETTINGS_FILE,
+//    SidSettings,
+    Config as SessionsConfig, 
+    TraceData,
+    UserAction,
+};
+
+#[derive(Serialize, Deserialize, Debug, Clone, Copy)]
+pub struct UserId(Uuid);
+
+impl UserId {
+    #[allow(dead_code)]
+    pub fn new() -> Self {
+        Self(Uuid::new_v4())
+    }
+    pub fn from(data: &str) -> Option<Self> {
+        match Uuid::parse_str(data) {
+            Ok(uuid) => Some(Self(uuid)),
+            Err(_) => None,
+        }
+    }
+}
+
+impl std::fmt::Display for UserId {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.0)
+    }
+}
+impl UserId {
+
+    /// Log user actions to config.user_store_access|reqs_store_file/user_id/config.user_store_access path
+    /// Add a line with timestamp 
+    /// It also get ReqHeaderMap to add more data ?
+    #[allow(dead_code)]
+    pub fn log_user_id_action(&self, action: UserAction, sessions_config: &SessionsConfig) -> std::io::Result<()> {
+        let id_path = format!("{}/{}",
+            sessions_config.users_store_uri.replace(FILE_SCHEME, ""),
+            self);
+        if ! Path::new(&id_path).exists() {
+            fs::create_dir(&id_path)?;
+        }
+        let now = chrono::Utc::now().timestamp().to_string();
+        let (log_data, file_path) = match action {
+            UserAction::Access => (
+               format!("{}\n",now),
+               format!("{}/{}",&id_path,sessions_config.user_store_access)
+            ),
+            UserAction::Log(info) => (
+               format!("notity:{}:{}\n",now,info),
+               format!("{}/{}",&id_path,sessions_config.user_store_access)
+            ),
+            UserAction::Request(info) => (
+               format!("req:{}:{}\n",now,info),
+               format!("{}/{}",&id_path,sessions_config.user_store_access)
+            ),
+            UserAction::View(info) => (
+               format!("view:{}:{}\n",now,info),
+               format!("{}/{}",&id_path,sessions_config.user_store_access)
+            ),
+            UserAction::List(info) => (
+               format!("list:{}:{}\n",now,info),
+               format!("{}/{}",&id_path,sessions_config.user_store_access)
+            ),
+            UserAction::Profile(info) => (
+               format!("profile:{}:{}\n",now,info),
+               format!("{}/{}",&id_path,sessions_config.user_store_access)
+            ),
+            UserAction::Other => (
+               format!("other:{}::\n",now),
+               format!("{}/{}",&id_path,sessions_config.user_store_access)
+            ),
+        };
+        self.write_data(&file_path, &log_data, false)
+        // if ! Path::new(&file_path).exists() {
+        //     fs::write(&file_path, log_data)?;
+        // } else  {
+        //     let access_id_file = fs::OpenOptions::new()
+        //         .write(true)
+        //         .append(true) // This is needed to append to file
+        //         .open(&file_path);
+        //     if let Ok(mut file) = access_id_file {
+        //         let _ = file.write_all(log_data.as_bytes())?;
+        //     }
+        // }
+        // Ok(())
+    }
+    fn id_path(&self, file: &str, sessions_config: &SessionsConfig) -> String {
+        format!("{}/{}/{}",
+          sessions_config.users_store_uri.replace(FILE_SCHEME, ""),
+          self,file)
+    }
+    #[allow(dead_code)]
+    fn write_data(&self, file_path: &str, data: &str, overwrite: bool) -> std::io::Result<()> {
+        let check_path = |path: &Path| -> std::io::Result<()> {
+            if ! Path::new(&path).exists() {
+                if let Err(e) = std::fs::create_dir(&path) {
+                    return Err(Error::new( ErrorKind::InvalidInput,
+                        format!("Error create path {}: {}",&path.display(), e)
+                    ));
+                    // std::process::exit(2)
+                }
+            }
+            Ok(())
+        };
+        if file_path.is_empty() || data.is_empty() {
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                format!("Error save {}",&file_path)
+            ));
+        }
+        if ! Path::new(&file_path).exists() {
+            let path = PathBuf::from(&file_path);
+            if let Some(dir_path) =  path.parent() {
+                if ! Path::new(&dir_path).exists() {
+                    if let Some(parent_dir_path) = dir_path.parent() { 
+                        if ! Path::new(&parent_dir_path).exists() {
+                            let res = check_path(&parent_dir_path);
+                            if res.is_err() { return res; }
+                        }
+                    }
+                    let res = check_path(&dir_path);
+                    if res.is_err() { return res; }
+                }
+            }
+        }
+        if overwrite || ! Path::new(&file_path).exists() {
+            fs::write(&file_path, data)?;
+            println!("Overwrite: {}",&file_path);
+        } else {
+            let sid_settings_file = fs::OpenOptions::new()
+                .write(true)
+                .append(true) // This is needed to append to file
+                .open(&file_path);
+            if let Ok(mut file) = sid_settings_file {
+                file.write_all(data.as_bytes())?;
+            }
+            println!("write: {}",&file_path);
+        }
+        Ok(())
+    }
+    
+    #[allow(dead_code)]
+    pub fn sid_settings_path(&self, sessions_config: &SessionsConfig) -> String {
+       self.id_path(SID_SETTINGS_FILE, sessions_config)
+    }
+    #[allow(dead_code)]
+    pub fn sid_settings_content(&self, sessions_config: &SessionsConfig) -> String {
+        let file_path = self.sid_settings_path(sessions_config);
+        if ! Path::new(&file_path).exists() {
+            String::from("")
+        } else {
+            match std::fs::read_to_string(&file_path) {
+                Ok(content) => content,
+                Err(e) => {
+                    error!("Error read {}: {}",&file_path,e);
+                    String::from("")
+                }
+            }
+        }
+    }
+    // pub fn sid_settings(&self, sessions_config: &SessionsConfig) -> SidSettings {
+    //     let file_path = self.id_path(SID_SETTINGS_FILE, sessions_config);
+    //     if Path::new(&file_path).exists() {
+    //         match std::fs::read_to_string(&file_path) {
+    //             Ok(content) => sessions_config.sid_settings.from_json(&content,&file_path),
+    //             Err(e) => {
+    //                 error!("Error read {}: {}",&file_path,e);
+    //                 sessions_config.sid_settings.to_owned()
+    //             }
+    //         }
+    //     } else {
+    //         //dbg!(&sessions_config.sid_settings);
+    //         sessions_config.sid_settings.to_owned()
+    //     }
+    // }
+    // pub fn save_sid_settings(&self, sid_settings: SidSettings, sessions_config: &SessionsConfig) -> std::io::Result<()> {
+    //     let file_path = self.id_path(SID_SETTINGS_FILE, sessions_config);
+    //     let data = sid_settings.to_json();
+    //     self.write_data(&file_path, &data, true)
+    // }
+    #[allow(dead_code)]
+    pub fn save_trace_data(&self, trace_data: TraceData, sessions_config: &SessionsConfig) -> std::io::Result<()> {
+        // let file_curenv_path = self.id_path(&format!("{}/{}",trace_data.server,SID_CURENV_FILE), sessions_config);
+        // let res_curenv = self.write_data(&file_curenv_path, &trace_data.curenv, true);
+        // let _ = res_curenv.as_ref().unwrap_or_else(|e|{
+        //     println!("Error save trace curenv: {}",&e);
+        //     &()
+        // });
+        // if res_curenv.is_err() {
+        //     return res_curenv;
+        // }
+        // if trace_data.ui.len() > 0 {
+        //     let file_ui_path = self.id_path(&format!("{}/{}",trace_data.server,SID_UI_FILE), sessions_config);
+        //     let res_ui = self.write_data(&file_ui_path, &trace_data.ui, true); 
+        //     let _ = res_ui.as_ref().unwrap_or_else(|e|{
+        //         println!("Error save trace ui: {}",&e);
+        //         &()
+        //     });
+        //     if res_ui.is_err() { return res_ui; }
+        // }
+        let file_trace_path = self.id_path(&format!("{}/{}",trace_data.server,SID_TRACE_FILE), sessions_config);
+        let contents = trace_data.contents_to_json();
+        let mut result = Ok(());
+        let lines = contents.len() - 1;
+        for (idx, line) in contents.iter().enumerate() {
+            let prfx = if idx == 0 && Path::new(&file_trace_path).exists() {
+              ",\n"
+            } else {
+              ""
+            };
+            let sfx = if idx == lines {
+                ""
+            } else {
+                ",\n"
+            };
+           result = self.write_data(
+                &file_trace_path, 
+                format!("{}{}{}",&prfx,&line,&sfx).as_str(),
+                false
+            );
+            let _ = result.as_ref().unwrap_or_else(|e|{
+                println!("Error save trace contets: {} line {}",&e, &idx);
+                &()
+            });
+            if result.is_err() {
+                break;
+            }
+        }
+        result
+    }
+    #[allow(dead_code)]
+    pub fn save_sid_request(&self, data: &str, sessions_config: &SessionsConfig) -> std::io::Result<()> {
+        let file_path = self.id_path(SID_REQUESTS_FILE, sessions_config);
+        println!("---- {}",&file_path);
+        self.write_data(&file_path, &data, false)
+    }
+    #[allow(dead_code)]
+    pub fn read_sid_requests(&self, sessions_config: &SessionsConfig) -> Result<Vec<String>, Box<dyn std::error::Error>> {
+        let file_path = self.id_path(SID_REQUESTS_FILE, sessions_config);
+        let data = fs::read_to_string(file_path)?;
+        Ok(data.split("\n").map(|s| s.to_string()).collect())
+    }
+}
\ No newline at end of file
diff --git a/src/users/NO/usernotifydata.rs b/src/users/NO/usernotifydata.rs
new file mode 100644
index 0000000..7cd15d7
--- /dev/null
+++ b/src/users/NO/usernotifydata.rs
@@ -0,0 +1,67 @@
+use std::collections::HashMap;
+use serde_json::json;
+
+use crate::defs::Config;
+use pasetoken_lib::ConfigPaSeToken;
+
+use crate::defs::{
+    CLAIM_UID,
+    CLAIM_AUTH,
+    CLAIM_APP_KEY,
+};
+
+#[derive(Debug, Default)]
+pub struct UserNotifyData {
+    pub key: String,
+    pub id: String,
+    pub auth: String,
+}
+
+impl UserNotifyData {
+    pub fn data_claim(&self,_config: &Config) -> HashMap<String,String> { 
+        HashMap::from([
+            (String::from(CLAIM_UID), self.id.to_owned()),
+            (String::from(CLAIM_AUTH), self.auth.to_owned()),
+            (String::from(CLAIM_APP_KEY), self.key.to_owned()),
+        ])
+    }
+    pub fn token(&self, server_config: &Config, paseto_config: &ConfigPaSeToken, expire: bool) -> String {
+        paseto_config.generate_token("", &self.data_claim(server_config), expire).unwrap_or_else(|e|{
+            eprintln!("Error generating token: {}", e);
+            String::from("")
+        })
+    }
+    pub fn from_token(token: &str,paseto_config: &ConfigPaSeToken) -> (String,Self) {
+        match paseto_config.pasetoken() {
+            Ok(paseto) => {
+                match paseto.trusted(token, false) {
+                    Ok(trusted_token) => {
+                        // dbg!(&trusted_token.payload_claims());
+                        if let Some(claims) = trusted_token.payload_claims() {
+                            // dbg!(&claims);
+                            let uid = claims.get_claim(CLAIM_UID).unwrap_or(&json!("")).to_string().replace("\"","");
+                            (
+                                uid.to_owned(),
+                                Self {
+                                    key: claims.get_claim(CLAIM_APP_KEY).unwrap_or(&json!("")).to_string().replace("\"",""),
+                                    id: uid,
+                                    auth: claims.get_claim(CLAIM_AUTH).unwrap_or(&json!("")).to_string().replace("\"",""),
+                                }
+                            )
+                        } else {
+                            (String::from(""), Self::default())
+                        }
+                    },
+                    Err(e) => {
+                        println!("Token not trusted: {}",e);
+                        (String::from(""), Self::default())
+                    },
+                }
+            },
+            Err(e) => {
+                println!("Error collecting notify data: {}",e);
+                (String::from(""), Self::default())
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/users/entries.rs b/src/users/entries.rs
new file mode 100644
index 0000000..ad16222
--- /dev/null
+++ b/src/users/entries.rs
@@ -0,0 +1,111 @@
+/// Generic `Iterator` over implementor's of
+/// [`Entry`](trait.Entry.html)'s.
+///
+/// # Examples
+///
+/// #### Iterate over /etc/passwd printing usernames
+///
+/// ```
+/// use std::path::Path;
+/// use pgs_files::passwd::PasswdEntry;
+/// use pgs_files::Entries;
+///
+/// for entry in Entries::<PasswdEntry>::new(&Path::new("/etc/passwd")) {
+///     println!("{}", entry.name);
+/// }
+/// ```
+
+use std::{
+    io::{BufRead,BufReader,Write},
+    fs::{OpenOptions,File},
+    path::Path,
+    marker::PhantomData,
+    num::ParseIntError,
+};
+
+pub struct Entries<T> {
+    path: String,
+    cursor: BufReader<File>,
+    marker: PhantomData<T>,
+}
+
+impl<T> Entries<T> {
+    pub fn new(file_path: &str) -> Entries<T> {
+        let file = Path::new(&file_path);
+        if ! file.exists()  {
+            File::create(file).unwrap_or_else(|e|{
+               eprintln!("Error file: {}",e);
+               std::process::exit(2)
+            });
+        }
+        let reader = BufReader::new(File::open(file).ok().unwrap());
+        Entries {
+            path: file_path.to_owned(),
+            cursor: reader,
+            marker: PhantomData,
+        }
+    }
+    pub fn append(&self, entry: String) -> anyhow::Result<()> {
+        let file = Path::new(&self.path);
+        if ! file.exists()  {
+            std::fs::write(file,format!("{}\n",entry).as_bytes())?;
+        } else {
+            let target_file = OpenOptions::new()
+                .write(true)
+                .append(true) // This is needed to append to file
+                .open(&file);
+            if let Ok(mut file) = target_file {
+                file.write_all( format!("{}\n",entry).as_bytes())?;
+            }
+        }
+        Ok(())
+    }
+    pub fn write(&self, entries: &Vec<String>) -> anyhow::Result<()> {
+        let file = Path::new(&self.path);
+        std::fs::write(file,format!("{}\n",entries.clone().join("\n")).as_bytes())?;
+        // let target_file = OpenOptions::new()
+        //     .write(true)
+        //     .open(&file);
+        // if let Ok(mut file) = target_file {
+        //     file.write_all(entries.clone().join("\n").as_bytes())?;
+        // }
+        Ok(())
+    }
+}
+
+
+impl<T: Entry> Iterator for Entries<T> {
+
+    type Item = T;
+
+    fn next(&mut self) -> Option<T> {
+        let mut line = String::new();
+        loop {
+            // We might need to make multiple loops to drain off
+            // comment lines. Start with an empty string per loop.
+            line.clear();
+            match self.cursor.read_line(&mut line){
+                Ok(0) => return None,
+                Ok(_) => (),
+                _     => return None,
+            }
+
+            if line.starts_with("#") {
+                continue;
+            }
+
+            match T::from_line(&line) {
+                Ok(entry) => return Some(entry),
+                // Parse Error. Just ignore this entry.
+                _         => (),
+            }
+        }
+    }
+
+}
+
+/// A Trait to represent an entry of data from an
+/// /etc/{`passwd`,`group`,`shadow`} file.
+pub trait Entry: Sized {
+    fn from_line(line: &str) -> anyhow::Result<Self, ParseIntError>;
+}
\ No newline at end of file
diff --git a/src/users/user.rs b/src/users/user.rs
new file mode 100644
index 0000000..776c5b9
--- /dev/null
+++ b/src/users/user.rs
@@ -0,0 +1,631 @@
+use serde::{Deserialize,Serialize}; 
+use sqlx::Row;
+use futures::TryStreamExt;
+use anyhow::{anyhow,Context, Result};
+use std::{
+    fmt,
+    collections::HashMap,
+};
+// use std::{
+//     // sync::Arc,
+//     fmt::Debug,
+//     // io::Write,
+//     // fs,
+//     // path::{Path, PathBuf},
+//     // io::{Error, ErrorKind},
+//     collections::HashMap,
+// };
+// use async_session::{MemoryStore, Session, SessionStore};
+//use tiitls_utils::logs::file;
+// use uuid::Uuid;
+//    SID_UI_FILE,
+//    UI_SETTINGS_FILE,
+//    SidSettings,
+//    Config as SessionsConfig, 
+use std::num::ParseIntError;
+use crate::{
+    users::{
+        entries::{Entries,Entry},
+        UserData,
+        UserStore,
+        UserStatus,
+    },
+    USERS_TABLENAME,
+    tools::str_date_from_timestamp,
+};
+
+const DISPLAY_SEPARATOR: &str = "=";
+
+fn default_user_status() -> UserStatus {
+  UserStatus::default()
+}
+
+#[derive(Debug, Clone, PartialEq, PartialOrd, Serialize, Deserialize,Default)]
+pub struct User {
+    pub id: i64,
+    pub name:     String,
+    pub fullname: String,
+    pub email:    String,
+    pub description: String,
+    pub password: String,
+    pub otp_enabled: bool,
+    pub otp_verified: bool,
+    pub otp_base32: String,
+    pub otp_auth_url: String,
+    pub otp_defs: String,
+    pub roles: String,
+    pub created:  String,
+    pub lastaccess: String,
+    #[serde(default = "default_user_status")]
+    pub status: UserStatus,
+    pub items: String,
+    pub isadmin: bool,
+}
+
+impl fmt::Display for User {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        // Write strictly the first element into the supplied output
+        // stream: `f`. Returns `fmt::Result` which indicates whether the
+        // operation succeeded or failed. Note that `write!` uses syntax which
+        // is very similar to `println!`.
+        let sep = DISPLAY_SEPARATOR;
+        let content = format!(
+            "ID{} {}
+Name{} {} 
+FullName{} {}
+Description{} {}
+Email{} {}
+Password{} {}
+otp_enabled{} {}
+otp_verified{} {}
+otp_base32{} {}
+otp_auth_url{} {}
+otp_defs{} {}
+Roles{} {}
+Created{} {}
+Last access{} {}
+Status{} {}
+Items{} {}
+IsAdmin{} {}",
+            sep, self.id,
+            sep, self.name, sep, self.fullname,
+            sep, self.description,
+            sep, self.email,
+            sep, self.password,
+            sep, self.otp_enabled,
+            sep, self.otp_verified,
+            sep, self.otp_base32,
+            sep, self.otp_auth_url,
+            sep, self.otp_defs,
+            sep, self.roles,
+            sep, self.created, sep, self.lastaccess,
+            sep, self.status,
+            sep, self.items,
+            sep, self.isadmin
+        );
+        write!(f, "{}", content)
+    }
+}
+
+impl Entry for User {
+    fn from_line(line: &str) -> Result<User, ParseIntError> {
+        let parts: Vec<&str> = line.split(":").map(|part| part.trim()).collect();
+        Ok(User {
+            id: parts[0].to_string().parse::<i64>().unwrap_or_default(),
+            name: parts[1].to_string(),
+            fullname: parts[2].to_string(),
+            description: parts[3].to_string(),
+            email: parts[4].to_string(),
+            password: parts[5].to_string(),
+            otp_enabled: if parts[6] == "TRUE" { true } else { false},
+            otp_verified: if parts[7] == "TRUE" { true } else { false},
+            otp_base32: parts[8].to_string(),
+            otp_auth_url: parts[9].to_string(),
+            otp_defs: parts[10].to_string(),
+            roles: parts[11].to_string(),
+            created: parts[12].to_string(),
+            lastaccess: parts[13].to_string(),
+            status: UserStatus::from_str(&parts[14].to_string()),
+            items: parts[15].to_string(),
+            isadmin: if parts[16] == "TRUE" { true } else { false},
+        })
+    }
+}
+impl User {
+    pub async fn add(self, store: &UserStore) -> Result<i64> {
+
+        match store {
+            UserStore::Sql(pool) => {
+                let query_result = sqlx::query(
+                    format!("INSERT INTO {} ( 
+                    name, fullname, email, description, password, otp_enabled, otp_verified,
+                    otp_base32,
+                    otp_auth_url,
+                    otp_defs,
+                    roles, created, lastaccess, status, items, isadmin
+                    ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", USERS_TABLENAME).as_str()
+                )
+                .bind(self.name)
+                .bind(self.fullname)
+                .bind(self.email)
+                .bind(self.description)
+                .bind(self.password)
+                .bind(self.otp_enabled)
+                .bind(self.otp_verified)
+                .bind(self.otp_base32)
+                .bind(self.otp_auth_url)
+                .bind(self.otp_defs)
+                .bind(self.roles)
+                .bind(self.created)
+                .bind(self.lastaccess)
+                .bind(format!("{}",self.status))
+                .bind(self.items)
+                .bind(self.isadmin)
+                .execute(pool).await?;
+                Ok(query_result.last_insert_id().unwrap_or_default())
+            },
+            UserStore::File(file_path) => {
+                // use itertools::Itertools;
+                // let entries: Vec<String> = concat(vec![
+                //     Entries::new(Path::new(&file_path)).map(|user: User|{ 
+                //         user.line_format()
+                //     }).collect(),
+                //     vec![ self.line_format()]
+                // ]);
+                // Entries::<User>::write(Path::new(&file_path), &entries); 
+                let all: Vec<User> = Entries::new(&file_path).collect();
+                let id = if all.len() > 0 {
+                    all[all.len()-1].id + 1
+                } else {
+                    1
+                };
+                let mut new_user = self.to_owned();
+                new_user.id = id;
+                let entries: Entries<User> = Entries::new(&file_path);
+                match entries.append(new_user.line_format()) {
+                    Ok(_) => Ok(id),
+                    Err(e) => {
+                        println!("Error add item to file: {}",e);
+                        Err(anyhow!("No data added")).context("User add")
+                    }
+                }
+            },
+        }
+    }
+    pub async fn select(field: &str, value: &str, human: bool, store: &UserStore) -> Result<Self> {
+        match store {
+            UserStore::Sql(pool) => {
+                let query_str =  format!("SELECT * FROM {} WHERE {} = ? ", USERS_TABLENAME, field);
+                let mut stream = sqlx::query(
+                    &query_str
+                )
+                .bind(value)
+                //.map(|row: PgRow| {
+                //    map the row into a user-defined domain type
+                //})
+                .fetch(pool);
+                if let Some(row) = stream.try_next().await? {
+                    let str_status: String = row.try_get("status")?;
+                    let status = UserStatus::from_str(&str_status);
+                    let created = if human {
+                        let created: String = row.try_get("created")?;
+                        str_date_from_timestamp(&created)
+                    } else {
+                        row.try_get("created")?
+                    };
+                    let lastaccess = if human {
+                        let lastaccess: String = row.try_get("lastaccess")?;
+                        str_date_from_timestamp(&lastaccess)
+                    } else {
+                        row.try_get("lastaccess")?
+                    };
+                    Ok(Self{
+                        id: row.try_get("id")?,
+                        name: row.try_get("name")?,
+                        fullname: row.try_get("fullname")?,
+                        email: row.try_get("email")?,
+                        description: row.try_get("description")?,
+                        password: row.try_get("password")?,
+                        otp_enabled: row.try_get("otp_enabled")?,
+                        otp_verified: row.try_get("otp_verified")?,
+                        otp_base32: row.try_get("otp_base32")?,
+                        otp_auth_url: row.try_get("otp_auth_url")?,
+                        otp_defs: row.try_get("otp_defs")?,
+                        roles: row.try_get("roles")?,
+                        created,
+                        lastaccess,
+                        status,
+                        items: row.try_get("items")?,
+                        isadmin: row.try_get("isadmin")?,
+                    })
+                } else {
+                    Err(anyhow!("No data found")).context("User select")
+                }
+            },
+            UserStore::File(file_path) => {
+                if let Some(user) = 
+                    Entries::<User>::new(&file_path).find(|it| 
+                        match field {
+                            "id" => it.id == value.parse::<i64>().unwrap_or_default(),
+                            "name" => it.name == value,
+                            "fullname" => it.fullname == value,
+                            "email" => it.email == value,
+                            "description" => it.description == value,
+                            "otp_base32" => it.otp_base32 == value,
+                            "roles" => it.roles == value,
+                            "items" => it.items == value,
+                            "isadmin" => match value { 
+                                "TRUE" => it.isadmin,
+                                _ => !it.isadmin,
+                            },
+                            _ => false,
+                        }
+                    )
+                {
+                    Ok(user)
+                } else {
+                    Err(anyhow!("No data found")).context("User select")
+                }
+            },
+        }
+    }
+
+    pub async fn delete(id: i64, store: &UserStore) -> Result<bool> {
+        match store {
+            UserStore::Sql(pool) => {
+                let query_str = format!("DELETE FROM {} WHERE id = ?", USERS_TABLENAME);
+                let query_result = sqlx::query(
+                        &query_str
+                    ) 
+                    .bind(id)
+                    .execute(pool).await?;
+                 Ok(query_result.rows_affected() > 0)
+            },
+            UserStore::File(file_path) => {
+                let new_entries: Vec<String> = 
+                    Entries::<User>::new(&file_path).filter(|it| it.id != id).map(|user|
+                       user.line_format() 
+                    ).collect();
+                let entries = Entries::<User>::new(&file_path);
+                match entries.write(&new_entries) {
+                    Ok(_) => Ok(true),
+                    Err(e) => {
+                        println!("Error data delete '{}': {}", id, e);
+                        Err(anyhow!("No data delete").context("User delete"))
+                    }
+                }
+            },
+        }
+    }
+    pub async fn update(self, store: &UserStore) -> anyhow::Result<bool> {
+        match store {
+            UserStore::Sql(pool) => {
+                let query_str = format!("UPDATE {} SET name = ?, fullname = ?, 
+                    email = ?, description = ?, password = ?,
+                    otp_enabled = ?, otp_verified = ?,
+                    otp_base32 = ?, otp_auth_url = ?,
+                    otp_defs = ?,
+                    roles = ?,
+                    created = ?, lastaccess = ?,
+                    status = ?,
+                    items = ?,
+                    isadmin = ? 
+                 WHERE id = ? ",
+                    USERS_TABLENAME
+                );
+                let query_result = sqlx::query(
+                        &query_str
+                    ) 
+                    .bind(self.name)
+                    .bind(self.fullname)
+                    .bind(self.email)
+                    .bind(self.description)
+                    .bind(self.password)
+                    .bind(self.otp_enabled)
+                    .bind(self.otp_verified)
+                    .bind(self.otp_base32)
+                    .bind(self.otp_auth_url)
+                    .bind(self.otp_defs)
+                    .bind(self.roles)
+                    .bind(self.created)
+                    .bind(self.lastaccess)
+                    .bind(format!("{}",self.status))
+                    .bind(self.items)
+                    .bind(self.isadmin)
+                    .bind(self.id)
+                    .execute(pool).await?;
+                 Ok(query_result.rows_affected() > 0)
+            },
+            UserStore::File(file_path) => {
+                let new_entries: Vec<String> = Entries::new(&file_path).map(|user: User|{ 
+                    if user.id == self.id {
+                        self.to_owned().line_format()
+                    } else {
+                        user.line_format()
+                    }
+                }).collect();
+                let entries = Entries::<User>::new(&file_path);
+                match entries.write(&new_entries) {
+                    Ok(_) => Ok(true),
+                    Err(e) => {
+                        println!("Error data update '{}': {}", self.id, e);
+                        Err(anyhow!("No data updated").context("User update"))
+                    }
+                }
+            },
+        }
+    }
+    pub fn show(&self, sep: &str) {
+        let content = if sep.is_empty() {
+            format!( "{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}\n{}",
+                self.id,
+                self.name, self.fullname,
+                self.description,
+                self.email,
+                self.password,
+                self.otp_enabled,
+                self.otp_verified,
+                self.otp_base32,
+                self.otp_auth_url,
+                self.otp_defs,
+                self.roles,
+                self.created,
+                self.lastaccess,
+                self.status,
+                self.items,
+                self.isadmin
+            )
+        } else {
+            format!("{}",&self).replace(DISPLAY_SEPARATOR, sep)
+        };
+        println!("{}\n_____________________________",content);
+    }
+    pub async fn list(store: &UserStore, human: bool, show: bool, sep: &str) -> anyhow::Result<Vec<User>> {
+        let mut usrs: Vec<User> = Vec::new();
+        match store {
+            UserStore::Sql(pool) => {
+                let query_str =  format!("SELECT * FROM {}", USERS_TABLENAME);
+                let mut stream = sqlx::query(
+                    &query_str
+                )
+                //.map(|row: PgRow| {
+                //  map the row into a user-defined domain type
+                //})
+                .fetch(pool);
+                while let Some(row) = stream.try_next().await? {
+                    let str_status: String = row.try_get("status")?;
+                    let status = UserStatus::from_str(&str_status);
+                    let created = if human {
+                        let created: String = row.try_get("created")?;
+                        str_date_from_timestamp(&created)
+                    } else {
+                        row.try_get("created")?
+                    };
+                    let lastaccess = if human {
+                        let lastaccess: String = row.try_get("lastaccess")?;
+                        str_date_from_timestamp(&lastaccess)
+                    } else {
+                        row.try_get("lastaccess")?
+                    };
+                    let user = Self{
+                        id: row.try_get("id")?,
+                        name: row.try_get("name")?,
+                        fullname: row.try_get("fullname")?,
+                        email: row.try_get("email")?,
+                        description: row.try_get("description")?,
+                        password: row.try_get("password")?,
+                        otp_enabled: row.try_get("otp_enabled")?,
+                        otp_verified: row.try_get("otp_verified")?,
+                        otp_base32: row.try_get("otp_base32")?,
+                        otp_auth_url: row.try_get("otp_auth_url")?,
+                        otp_defs: row.try_get("otp_defs")?,
+                        roles: row.try_get("roles")?,
+                        created,
+                        lastaccess,
+                        status,
+                        items: row.try_get("items")?,
+                        isadmin: row.try_get("isadmin")?,
+                    };
+                    if show { user.show(sep); }
+                    usrs.push(user);
+                }
+                Ok(usrs)
+            },
+            UserStore::File(file_path) => {
+                let all: Vec<User> = Entries::new(&file_path).collect();
+                if show {
+                    for user in all.to_owned() { if show { user.show(sep); } }
+                }
+                Ok(all)
+            },
+            // UserStore::None => Err(anyhow!("No store set")).context("Users list"),
+        }
+    }       
+    pub async fn count(store: &UserStore) -> anyhow::Result<i64> {
+        match store {
+            UserStore::Sql(pool) => {
+
+                let query_str =  format!("SELECT count(*) as total FROM {}", USERS_TABLENAME);
+                let row = sqlx::query(
+                    &query_str
+                )
+                .fetch_one(pool).await?;
+
+                let total: i64 = row.try_get("total")?;
+                Ok(total)
+            },
+            UserStore::File(file_path) => {
+                let all: Vec<User> = Entries::new(&file_path).collect();
+                Ok(all.len() as i64)
+            },
+        }
+    }
+    fn line_format(self) -> String {
+        format!( "{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}:{}",
+            self.id,
+            self.name, self.fullname,
+            self.description,
+            self.email,
+            self.password,
+            self.otp_enabled,
+            self.otp_verified,
+            self.otp_base32,
+            self.otp_auth_url,
+            self.otp_defs,
+            self.roles,
+            self.created, self.lastaccess,
+            self.status,
+            self.items,
+            self.isadmin
+        )
+    }
+    pub fn hash_items(items: &str) -> HashMap<String,String> {
+        if items.is_empty() {
+            HashMap::new()
+        } else {
+            serde_json::from_str(items).unwrap_or_else(|e|{
+                println!("Error to convert user items to json: {}",e);
+                HashMap::new()
+            })
+        }
+    }
+    pub fn items(&self) -> HashMap<String,String> {
+        Self::hash_items(&self.items)
+    }
+    pub fn json_items(items: HashMap<String,String>) -> String {
+        serde_json::to_string(&items).unwrap_or_else(|e|{
+            println!("Error to convert user items to string: {}",e);
+            String::from("")
+        })
+    }
+    pub fn from_data(&mut self, user_data: UserData) {
+        if !user_data.name.is_empty() {
+            self.name = user_data.name.to_owned();
+        }
+        if !user_data.fullname.is_empty() {
+            self.fullname = user_data.fullname.to_owned();
+        }
+        if !user_data.description.is_empty() {
+            self.description = user_data.description.to_owned();
+        }
+        if !user_data.email.is_empty() {
+            self.email = user_data.email.to_owned();
+        }
+        if !user_data.otp_code.is_empty() {
+            self.otp_base32 = user_data.otp_code.to_owned();
+        }
+        if !user_data.otp_url.is_empty() {
+            self.otp_auth_url = user_data.otp_url.to_owned();
+        }
+        if !user_data.roles.is_empty() {
+            self.roles = user_data.roles.to_owned();
+        }
+        if !user_data.items.is_empty() {
+            let mut items_hash = self.items();
+            for (key,val) in user_data.items {
+                items_hash.insert(key,val);
+            }
+            self.items = Self::json_items(items_hash);
+        }
+    }
+    pub fn disable_totp(&mut self) {
+        self.otp_base32 = String::from("");
+        self.otp_auth_url = String::from("");
+        self.otp_defs = String::from("");
+        self.otp_verified =  false;
+        self.otp_enabled =  false;
+    }
+    pub fn from_user(&mut self, new_user: User) {
+        if !new_user.name.is_empty() {
+            self.name = new_user.name.to_owned();
+        }
+        if !new_user.fullname.is_empty() {
+            self.fullname = new_user.fullname.to_owned();
+        }
+        if !new_user.description.is_empty() {
+            self.description = new_user.description.to_owned();
+        }
+        if !new_user.email.is_empty() {
+            self.email = new_user.email.to_owned();
+        }
+        if !new_user.password.is_empty() {
+            self.password = new_user.password.to_owned();
+        }
+        if new_user.otp_enabled  {
+            self.disable_totp();
+        } else {
+            if !new_user.otp_base32.is_empty() {
+                self.otp_base32 = new_user.otp_base32.to_owned();
+            }
+            if !new_user.otp_auth_url.is_empty() {
+                self.otp_auth_url = new_user.otp_auth_url.to_owned();
+            }
+            if !new_user.otp_defs.is_empty() {
+                self.otp_defs = new_user.otp_defs.to_owned();
+            }
+            self.otp_verified =  new_user.otp_verified;
+        }
+        if !new_user.roles.is_empty() {
+            self.roles = new_user.roles.to_owned();
+        }
+        if !new_user.items.is_empty() {
+            self.items = new_user.items.to_owned();
+        }
+        if new_user.status != self.status {
+            self.status = new_user.status.to_owned();
+        }
+    }
+    pub fn session_data(&self) -> String {
+        format!("{}|{}|{}|{}|{}|{}|{}",
+            &self.id,
+            &self.name,
+            &self.email,
+            &self.roles,
+            &self.items,
+            &self.isadmin,
+            &self.status
+        )
+    }
+    pub fn estimate_password(word: &str) -> String  {
+         match zxcvbn::zxcvbn(word, &[]) {
+            Ok(estimate) => {
+                if let Some(feedback) = estimate.feedback() {
+                    let arr_suggestions: Vec<String> = feedback.suggestions().iter().map(|s| format!("{}",s)).collect();
+                    let suggestions = arr_suggestions.join("\n");
+                    if let Some(warning) = feedback.warning() {
+                        let warning = format!("{}", warning);
+                        format!("{}|{}|{}",estimate.score(),suggestions,warning)
+                    } else {
+                        format!("{}|{}|",estimate.score(),suggestions)
+                    }
+                } else {
+                    format!("{}||",estimate.score())
+                }
+            },
+            Err(e) => {
+                println!("Error password strength estimator: {}", e);
+                String::from("-1|||")
+            }
+        }
+    }
+    pub fn password_score(word: &str) -> u8 {
+         match zxcvbn::zxcvbn(word, &[]) {
+            Ok(estimate) => {
+                estimate.score()
+            },
+            Err(e) => {
+                println!("Error password strength estimator: {}", e);
+                0
+            }
+        }
+    }
+    #[allow(dead_code)]
+    pub fn has_auth_role(&self, auth_roles: Vec<String>) -> bool {
+        for role in auth_roles {
+            if self.roles.contains(&role) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
\ No newline at end of file
diff --git a/src/users/user_action.rs b/src/users/user_action.rs
new file mode 100644
index 0000000..cb13e44
--- /dev/null
+++ b/src/users/user_action.rs
@@ -0,0 +1,58 @@
+
+// use serde::{Deserialize, Serialize};
+
+#[derive(Clone)]
+pub enum UserAction {
+    Access,
+    Log(String),
+    Request(String),
+    View(String),
+    List(String),
+    Profile(String),
+    Other,
+}
+impl Default for UserAction {
+    fn default() -> Self {
+        UserAction::Other
+    }
+}
+impl std::fmt::Display for UserAction {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+           UserAction::Access => write!(f,"access"),
+           UserAction::Log(info) =>write!(f,"log: {}", info),
+           UserAction::Request(info) =>write!(f,"request: {}", info),
+           UserAction::View(info) => write!(f,"view: {}", info),
+           UserAction::List(info) => write!(f,"list: {}", info),
+           UserAction::Profile( info) => write!(f,"profile: {}", info),
+           UserAction::Other => write!(f,"other"),
+        }
+    }
+}
+impl UserAction {
+    #[allow(dead_code)]
+    pub fn from_str(value: &str, info: String) -> UserAction {
+        match value {
+            "access" | "Access" => UserAction::Access,
+            "log" | "Log" => UserAction::Log(info),
+            "request" | "Request" => UserAction::Request(info),
+            "view" | "View" => UserAction::View(info),
+            "list" | "List" => UserAction::List(info),
+            "profile" | "Profile " => UserAction::Profile(info),
+            "other" | "Other " => UserAction::Other,
+            _ => UserAction::default(),
+        }
+    }
+    #[allow(dead_code)]
+    pub fn info(&self) -> String {
+        match self {
+            UserAction::Access => String::from(""),
+            UserAction::Log(info) => info.to_owned(),
+            UserAction::Request(info) => info.to_owned(),
+            UserAction::View(info) => info.to_owned(),
+            UserAction::List(info) => info.to_owned(),
+            UserAction::Profile(info) => info.to_owned(),
+            UserAction::Other => String::from(""),
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/users/user_role.rs b/src/users/user_role.rs
new file mode 100644
index 0000000..d897da2
--- /dev/null
+++ b/src/users/user_role.rs
@@ -0,0 +1,60 @@
+use serde::{Deserialize,Serialize,Deserializer};
+
+// #[derive(Error, Debug)]
+// pub enum AuthError {
+//     #[error("error")]
+//     SomeError(),
+//     #[error("no authorization header found")]
+//     NoAuthHeaderFoundError,
+//     #[error("wrong authorization header format")]
+//     InvalidAuthHeaderFormatError,
+//     #[error("no user found for this token")]
+//     InvalidTokenError,
+//     #[error("error during authorization")]
+//     AuthorizationError,
+//     #[error("user is not unauthorized")]
+//     UnauthorizedError,
+//     #[error("no user found with this name")]
+//     UserNotFoundError,
+// }
+
+#[derive(Eq, PartialEq, Clone, Serialize, Debug, Deserialize)]
+pub enum UserRole {
+  SuperUser,
+  Developer,
+  User,
+  Anonymous,
+}
+impl Default for UserRole {
+    fn default() -> Self {
+       UserRole::Anonymous
+    }
+}
+impl std::fmt::Display for UserRole {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            UserRole::SuperUser => write!(f,"superuser"),
+            UserRole::Developer => write!(f,"developer"),
+            UserRole::User => write!(f,"user"),
+            UserRole::Anonymous => write!(f,"anonymous"),
+        }
+    }
+}
+impl UserRole {
+    #[allow(dead_code)]
+    pub fn from_str(value: &str) -> UserRole {
+        match value {
+            "superuser" | "SuperUser" | "superUser" | "admin"  => UserRole::SuperUser,
+            "developer" |  "Developer" => UserRole::Developer,
+            "user" | "User" => UserRole::User,
+            "anonymous" | "Anonymous" => UserRole::Anonymous,
+            _ => UserRole::default(),
+        }
+    }
+}
+#[allow(dead_code)]
+pub fn deserialize_user_role<'de, D>(deserializer: D) -> Result<UserRole, D::Error>
+where D: Deserializer<'de> {
+    let buf = String::deserialize(deserializer)?;
+    Ok(UserRole::from_str(&buf))
+}
diff --git a/src/users/userdata.rs b/src/users/userdata.rs
new file mode 100644
index 0000000..0632684
--- /dev/null
+++ b/src/users/userdata.rs
@@ -0,0 +1,96 @@
+use std::collections::HashMap;
+use serde::{Deserialize,Serialize};
+
+// use crate::defs::AppDBs;
+
+fn default_empty() -> String {
+  "".to_string()
+}
+fn default_items() -> HashMap<String,String> {
+  HashMap::new()
+}
+fn default_expire() -> u64 {
+   300
+}
+fn default_send_email() -> bool {
+  false  
+}
+fn default_isadmin() -> bool {
+  false  
+}
+fn default_otp_empty() -> String {
+  String::from("")
+}
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct UserData {
+    #[serde(default = "default_empty")]
+    pub id: String, 
+    #[serde(default = "default_empty")]
+    pub name: String, 
+    #[serde(default = "default_empty")]
+    pub fullname: String, 
+    #[serde(default = "default_empty")]
+    pub description: String, 
+    #[serde(default = "default_empty")]
+    pub email: String, 
+    #[serde(default = "default_empty")]
+    pub password: String, 
+    #[serde(default = "default_otp_empty")]
+    pub otp_code: String,
+    #[serde(default = "default_otp_empty")]
+    pub otp_url: String,
+    #[serde(default = "default_otp_empty")]
+    pub otp_auth: String,
+    #[serde(default = "default_empty")]
+    pub roles: String, 
+    #[serde(default = "default_items")]
+    pub items: HashMap<String,String>,
+}
+// impl UserData {
+//     pub fn from_id(id: String, _app_dbs: &AppDBs) -> Self {
+//       Self { 
+//           id,
+//           name: String::from(""),
+//           fullname: String::from(""),
+//           description: String::from(""),
+//           email: String::from(""),
+//           password: String::from(""),
+//           roles: String::from(""),
+//           items: Vec::new()
+//       }
+//     }
+// //     pub fn contents_to_json(&self) -> Vec<String> {
+// //         self.items.clone().into_iter().map(|item| item.to_json()).collect()
+// //     }
+//}
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct UserLogin {
+    #[serde(default = "default_empty")]
+    pub name: String, 
+    #[serde(default = "default_empty")]
+    pub password: String, 
+    #[serde(default = "default_empty")]
+    pub otp_auth: String, 
+}
+
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct UserItem {
+    #[serde(default = "default_empty")]
+    pub name: String, 
+    #[serde(default = "default_empty")]
+    pub value: String, 
+}
+
+#[derive(Default,Deserialize,Serialize,Debug,Clone)]
+pub struct UserInvitation {
+    #[serde(default = "default_empty")]
+    pub email: String, 
+    #[serde(default = "default_empty")]
+    pub roles: String, 
+    #[serde(default = "default_expire")]
+    pub expire: u64, 
+    #[serde(default = "default_send_email")]
+    pub send_email: bool,
+    #[serde(default = "default_isadmin")]
+    pub isadmin: bool,
+}
diff --git a/src/users/userstatus.rs b/src/users/userstatus.rs
new file mode 100644
index 0000000..9541e0b
--- /dev/null
+++ b/src/users/userstatus.rs
@@ -0,0 +1,222 @@
+use serde::{Deserialize,Serialize,Deserializer};
+//use sqlx::{sqlite::SqlitePool, Row, Sqlite};
+// use sqlx::{
+//     FromRow,
+//     decode::Decode,
+//     any::{AnyRow, AnyValueRef},
+//     database::{
+//         Database,
+//         HasValueRef,
+//     },
+//     Row,
+// //    Error, 
+// };
+// use std::error::Error;
+// use std::str::FromStr;
+
+//use super::User;
+
+// #[derive(sqlx::FromRow)][derive(sqlx::Type)]
+//#[derive(sqlx::Type)]
+//#[sqlx(type_name = "userstatus_type")]
+// #[derive(sqlx::FromRow)]
+//#[sqlx(display_fromstr)]
+#[derive(Debug, Clone, PartialEq, PartialOrd, Serialize, Deserialize)]
+pub enum UserStatus {
+    Created,
+    Active,
+    Pending,
+    Lock,
+    Unknown,
+}
+impl UserStatus {
+    #[allow(dead_code)]
+    pub fn from_str(status: &str) -> Self {
+        match status {
+            "created"|"Created" => UserStatus::Created,
+            "active"|"Active" => UserStatus::Active,
+            "pending"|"Pending" => UserStatus::Pending,
+            "lock"|"Lock" => UserStatus::Lock,
+            _ => UserStatus::Unknown,
+        }
+    }
+}
+impl std::fmt::Display for UserStatus {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            UserStatus::Created => write!(f,"Created"),
+            UserStatus::Active => write!(f,"Active"),
+            UserStatus::Pending => write!(f,"Pending"),
+            UserStatus::Lock => write!(f,"Lock"),
+            UserStatus::Unknown => write!(f,"Unknown"),
+        }
+    }
+}
+
+impl Default for UserStatus {
+    fn default() -> Self {
+       UserStatus::Unknown
+    }
+}
+#[allow(dead_code)]
+pub fn deserialize_user_status<'de, D>(deserializer: D) -> Result<UserStatus, D::Error>
+where D: Deserializer<'de> {
+    let buf = String::deserialize(deserializer)?;
+    Ok(UserStatus::from_str(&buf))
+}
+// impl sqlx::Type<sqlx::Any> for UserStatus {
+//     fn type_info() -> sqlx::any::AnyTypeInfo {
+//         //let res: sqlx::any::AnyTypeInfo = String::type_info();
+// let res = <str as sqlx::Type<sqlx::Any>>::type_info();
+//        //  let res = sqlx::any::AnyTypeInfo::default(); //  String::type_info();
+//         res 
+//         // String::type_info()
+//     }
+
+//     // fn compatible(ty: &<sqlx::Any>::AnyTypeInfo) -> bool {
+//     //     *ty == Self::type_info()
+//     // }
+// }
+/* 
+impl sqlx::Type<sqlx::Sqlite> for UserStatus {
+    fn type_info() -> sqlx::sqlite::SqliteTypeInfo {
+        let t = String::type_info();
+        t
+    }
+}
+impl sqlx::Type<sqlx::Mssql> for UserStatus {
+    fn type_info() -> sqlx::mssql::MssqlTypeInfo {
+        String::type_info()
+    }
+}
+impl sqlx::Type<sqlx::MySql> for UserStatus {
+    fn type_info() -> sqlx::mysql::MySqlTypeInfo {
+        String::type_info()
+    }
+}
+impl sqlx::Type<sqlx::Postgres> for UserStatus {
+    fn type_info() -> sqlx::postgres::PgTypeInfo {
+        String::type_info()
+    }
+}
+
+impl<'q> sqlx::Encode<'q, sqlx::Any> for UserStatus {
+    fn encode_by_ref(
+        &self,
+        args: &mut sqlx::any::AnyArgumentBuffer<'q>,
+    ) -> sqlx::encode::IsNull {
+        self.encode_by_ref(args)
+    }
+}
+*/
+
+
+/*
+impl<'r> sqlx::Decode<'r, sqlx::Any> for UserStatus {
+    fn decode(
+       //  value: <DB as HasValueRef<'r>>::AnyValueRef,
+        value: sqlx::any::AnyValueRef<'r>,
+    ) -> Result<Self, sqlx::error::BoxDynError> {
+        //let string = value.     try_decode()?;
+        //let string = <&str as Decode<AnyValueRef>>::decode(value)?;
+        let v = value.to_owned();
+        let string = value.parse()?;
+        let value = UserStatus::from_str(&string);
+        Ok(value)
+    }
+}
+
+
+impl<'r, DB: Database> Decode<'r, DB> for UserStatus
+where
+    // we want to delegate some of the work to string decoding so let's make sure strings
+    // are supported by the database
+    &'r str: Decode<'r, DB>
+{
+    fn decode(
+        value: <DB as HasValueRef<'r>>::ValueRef,
+    ) -> Result<UserStatus, Box<dyn Error + 'static + Send + Sync>> {
+        // the interface of ValueRef is largely unstable at the moment
+        // so this is not directly implementable
+        // however, you can delegate to a type that matches the format of the type you want
+        // to decode (such as a UTF-8 string)
+        let val = <&str as Decode<DB>>::decode(value)?;
+        // now you can parse this into your type (assuming there is a `FromStr`)
+        //Ok(value.parse()?)
+        Ok(UserStatus::from_str(&val))
+    }
+}
+*/
+
+/* 
+impl<'r> Decode<'r, sqlx::Any> for UserStatus {
+    fn decode(
+        value: sqlx::any::AnyValueRef<'r>,
+    ) -> Result<Self, sqlx::error::BoxDynError> {
+        //let mut decoder = <dyn sqlx::any::AnyDecode>::new(value)?;
+        //let string = decoder.try_decode::<String>()?;
+        //let username = decoder.try_decode::<String>()?;
+        //let photo = decoder.try_decode::<Option<String>>()?;
+        let string = <&str as Decode<sqlx::Any>>::decode(value)?;
+        let value = UserStatus::from_str(&string);
+        Ok(value)
+    }
+}
+impl<'r> Decode<'r, sqlx::Sqlite> for UserStatus {
+    fn decode(
+        value: sqlx::sqlite::SqliteValueRef<'r>,
+    ) -> Result<Self, sqlx::error::BoxDynError> {
+        let string = <&str as Decode<sqlx::Sqlite>>::decode(value)?;
+        let value = UserStatus::from_str(string);
+        Ok(value)
+    }
+}
+// impl<'r> Decode<'r, sqlx::Mssql> for UserStatus {
+//     fn decode(
+//         value: sqlx::mssql::MssqlValueRef<'r>,
+//     ) -> Result<UserStatus, Box<dyn Error + 'static + Send + Sync>> { 
+//     //) -> Result<Self, sqlx::error::BoxDynError> {
+//         let string = <&str as Decode<sqlx::Mssql>>::decode(value)?;
+//         let value = UserStatus::from_str(string);
+//         Ok(value)
+//     }
+// }
+impl<'r> Decode<'r, sqlx::MySql> for UserStatus {
+    fn decode(
+        value: sqlx::mysql::MySqlValueRef<'r>,
+    ) -> Result<Self, sqlx::error::BoxDynError> {
+        let string = <&str as Decode<sqlx::MySql>>::decode(value)?;
+        let value = UserStatus::from_str(string);
+        Ok(value)
+    }
+}
+impl<'r> Decode<'r, sqlx::Postgres> for UserStatus {
+    fn decode(
+        value: sqlx::postgres::PgValueRef<'r>,
+    ) -> Result<Self, sqlx::error::BoxDynError> {
+        //let mut decoder = sqlx::postgres::types::PgRecordDecoder::new(value)?;
+        ////let username = decoder.try_decode::<String>()?;
+        //let string = decoder.try_decode::<String>()?;
+        let string = <&str as Decode<sqlx::Postgres>>::decode(value)?;
+        let value = UserStatus::from_str(string);
+        Ok(value)
+    }
+}
+
+impl FromRow<'_, AnyRow> for UserStatus {
+    fn from_row(row: &AnyRow) -> sqlx::Result<Self> {
+        let v: String = row.try_get("status")?;
+        Ok(
+           UserStatus::from_str(&v)
+        )
+    }
+}
+impl FromStr for UserStatus {
+    type Err = ();
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(UserStatus::from_str(s))
+    }
+}
+
+*/
\ No newline at end of file
diff --git a/src/users/userstore.rs b/src/users/userstore.rs
new file mode 100644
index 0000000..e09cc90
--- /dev/null
+++ b/src/users/userstore.rs
@@ -0,0 +1,35 @@
+use sqlx::AnyPool;
+use std::env;
+
+use crate::USERS_FILESTORE;
+
+#[derive(Clone)]
+pub enum UserStore {
+    File(String),
+    Sql(AnyPool),
+   // SqlLite(SqlitePool),
+    // None
+}
+impl UserStore {
+    #[allow(dead_code)]
+    pub async fn from_str(store: &str) -> Self {
+        match store {
+            "fs"|"file"|"FS"|"FILE" => {
+                println!("From File: {}",USERS_FILESTORE);
+                UserStore::File(String::from(USERS_FILESTORE))
+            }
+            "db"|"DB"|_ => {
+                let db_url = env::var("DATABASE_URL").unwrap_or_else(|e|{
+                    eprintln!("Error env DATABASE_URL: {}",e);
+                    std::process::exit(2)
+                });
+                let pool = AnyPool::connect(&db_url).await.unwrap_or_else(|e|{
+                    eprintln!("Error pool DATABASE_URL: {}",e);
+                    std::process::exit(2)
+                });
+                println!("From DB: {}",&db_url);
+                UserStore::Sql(pool)
+            },
+        }
+    }
+}