From 0a2f31d4b39241a9fa471eff781147e8720caaa7 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Sun, 28 Feb 2021 17:44:29 +0200
Subject: [PATCH] Add web-based login interface

---
 mautrix_facebook/__main__.py                  |  10 +-
 mautrix_facebook/commands/auth.py             | 104 ++++++---
 mautrix_facebook/config.py                    |   1 +
 mautrix_facebook/example-config.yaml          |   2 +
 mautrix_facebook/web/public.py                |  80 +++++--
 .../web/static/lib/asn1hex-1.1.min.js         |   7 +
 .../web/static/lib/htm-3.0.4.min.js           |   1 +
 mautrix_facebook/web/static/lib/jsbn.min.js   |   9 +
 .../web/static/lib/milligram-1.4.1.min.css    |   8 +
 .../web/static/lib/normalize-8.0.1.min.css    |   2 +
 .../web/static/lib/preact-10.5.12.min.js      |   1 +
 mautrix_facebook/web/static/lib/rng.min.js    |   9 +
 mautrix_facebook/web/static/lib/rsa.min.js    |  12 ++
 mautrix_facebook/web/static/lib/spinner.css   |  80 +++++++
 mautrix_facebook/web/static/login.html        |  44 ++++
 mautrix_facebook/web/static/login/api.js      |  62 ++++++
 mautrix_facebook/web/static/login/app.js      | 200 ++++++++++++++++++
 mautrix_facebook/web/static/login/crypto.js   | 112 ++++++++++
 mautrix_facebook/web/static/login/index.css   |  10 +
 optional-requirements.txt                     |   3 +
 setup.py                                      |  10 +-
 21 files changed, 711 insertions(+), 56 deletions(-)
 create mode 100644 mautrix_facebook/web/static/lib/asn1hex-1.1.min.js
 create mode 100644 mautrix_facebook/web/static/lib/htm-3.0.4.min.js
 create mode 100644 mautrix_facebook/web/static/lib/jsbn.min.js
 create mode 100644 mautrix_facebook/web/static/lib/milligram-1.4.1.min.css
 create mode 100644 mautrix_facebook/web/static/lib/normalize-8.0.1.min.css
 create mode 100644 mautrix_facebook/web/static/lib/preact-10.5.12.min.js
 create mode 100644 mautrix_facebook/web/static/lib/rng.min.js
 create mode 100644 mautrix_facebook/web/static/lib/rsa.min.js
 create mode 100644 mautrix_facebook/web/static/lib/spinner.css
 create mode 100644 mautrix_facebook/web/static/login.html
 create mode 100644 mautrix_facebook/web/static/login/api.js
 create mode 100644 mautrix_facebook/web/static/login/app.js
 create mode 100644 mautrix_facebook/web/static/login/crypto.js
 create mode 100644 mautrix_facebook/web/static/login/index.css

diff --git a/mautrix_facebook/__main__.py b/mautrix_facebook/__main__.py
index 4d1e9c76..20f51d2d 100644
--- a/mautrix_facebook/__main__.py
+++ b/mautrix_facebook/__main__.py
@@ -13,6 +13,7 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
+from typing import Optional
 import asyncio
 import logging
 
@@ -46,7 +47,7 @@ class MessengerBridge(Bridge):
     db: Database
     config: Config
     matrix: MatrixHandler
-    public_website: PublicBridgeWebsite
+    public_website: Optional[PublicBridgeWebsite]
     state_store: PgBridgeStateStore
 
     periodic_reconnect_task: asyncio.Task
@@ -61,8 +62,11 @@ def prepare_db(self) -> None:
 
     def prepare_bridge(self) -> None:
         super().prepare_bridge()
-        self.public_website = PublicBridgeWebsite(self.config["appservice.public.shared_secret"])
-        self.az.app.add_subapp(self.config["appservice.public.prefix"], self.public_website.app)
+        if self.config["appservice.public.enabled"]:
+            self.public_website = PublicBridgeWebsite(self.config["appservice.public.shared_secret"])
+            self.az.app.add_subapp(self.config["appservice.public.prefix"], self.public_website.app)
+        else:
+            self.public_website = None
 
     def prepare_stop(self) -> None:
         self.periodic_reconnect_task.cancel()
diff --git a/mautrix_facebook/commands/auth.py b/mautrix_facebook/commands/auth.py
index 4fa58c63..1cb02367 100644
--- a/mautrix_facebook/commands/auth.py
+++ b/mautrix_facebook/commands/auth.py
@@ -14,11 +14,15 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 import asyncio
+import time
+
+from yarl import URL
 
 from mautrix.client import Client
 from mautrix.errors import MForbidden
 from mautrix.bridge.commands import HelpSection, command_handler
 from mautrix.bridge import custom_puppet as cpu
+from mautrix.util.signed_token import sign_token
 
 from maufbapi import AndroidState, AndroidAPI
 from maufbapi.http import TwoFactorRequired, OAuthException, IncorrectPassword
@@ -28,48 +32,60 @@
 
 SECTION_AUTH = HelpSection("Authentication", 10, "")
 
-
-async def check_approved_login(state: AndroidState, api: AndroidAPI, evt: CommandEvent) -> None:
-    while evt.sender.command_status and evt.sender.command_status["action"] == "Login":
-        await asyncio.sleep(5)
-        try:
-            was_approved = await api.check_approved_machine()
-        except Exception as e:
-            evt.log.exception("Error checking if login was approved from another device")
-            await evt.reply(f"Error checking if login was approved from another device: {e}")
-            break
-        if was_approved:
-            prev_cmd_status = evt.sender.command_status
-            evt.sender.command_status = None
-            try:
-                await api.login_approved()
-            except TwoFactorRequired:
-                await evt.reply("Login approved from another device, but Facebook decided that "
-                                "you need to enter the 2FA code anyway.")
-                evt.sender.command_status = prev_cmd_status
-                return
-            await evt.sender.on_logged_in(state)
-            await evt.reply("Login successfully approved from another device")
-            break
+web_unsupported = ("This instance of the Facebook bridge does not support "
+                   "the web-based login interface")
+alternative_web_login = ("Alternatively, you may use [the web-based login interface]({url}) "
+                         "to prevent the bridge and homeserver from seeing your password")
+forced_web_login = ("This instance of the Facebook bridge does not allow in-Matrix login. "
+                    "Please use [the web-based login interface]({url}).")
+send_password = "Please send your password here to log in"
+missing_email = "Please use `$cmdprefix+sp login <email>` to log in here"
 
 
-@command_handler(needs_auth=False, management_only=True,
-                 help_section=SECTION_AUTH, help_text="Log in to Facebook",
-                 help_args="<_email_> <_password_>")
+@command_handler(needs_auth=False, management_only=True, help_section=SECTION_AUTH,
+                 help_text="Log in to Facebook", help_args="[_email_]")
 async def login(evt: CommandEvent) -> None:
-    if len(evt.args) < 2:
-        await evt.reply("Usage: `$cmdprefix+sp login <email> <password>`")
+    if evt.sender.client:
+        await evt.reply("You're already logged in")
         return
 
-    email, password = evt.args[0], " ".join(evt.args[1:])
+    email = evt.args[0] if len(evt.args) > 0 else None
+
+    if email:
+        evt.sender.command_status = {
+            "action": "Login",
+            "room_id": evt.room_id,
+            "next": enter_password,
+            "email": evt.args[0],
+        }
+
+    if evt.bridge.public_website:
+        external_url = URL(evt.config["appservice.public.external"])
+        token = sign_token(evt.bridge.public_website.secret_key, {
+            "mxid": evt.sender.mxid,
+            "expiry": int(time.time()) + 30 * 60,
+        })
+        url = (external_url / "login.html").with_fragment(token)
+        if not evt.config["appservice.public.allow_matrix_login"]:
+            await evt.reply(forced_web_login.format(url=url))
+        elif email:
+            await evt.reply(f"{send_password}. {alternative_web_login.format(url=url)}.")
+        else:
+            await evt.reply(f"{missing_email}. {alternative_web_login.format(url=url)}.")
+    elif not email:
+        await evt.reply(f"{missing_email}. {web_unsupported}.")
+    else:
+        await evt.reply(f"{send_password}. {web_unsupported}.")
+
+
+async def enter_password(evt: CommandEvent) -> None:
     try:
         await evt.az.intent.redact(evt.room_id, evt.event_id)
     except MForbidden:
         pass
 
-    if evt.sender.client:
-        await evt.reply("You're already logged in")
-        return
+    email = evt.sender.command_status["email"]
+    password = evt.content.body
 
     state = AndroidState()
     state.generate(evt.sender.mxid)
@@ -101,6 +117,30 @@ async def login(evt: CommandEvent) -> None:
         await evt.reply(f"Failed to log in: {e}")
 
 
+async def check_approved_login(state: AndroidState, api: AndroidAPI, evt: CommandEvent) -> None:
+    while evt.sender.command_status and evt.sender.command_status["action"] == "Login":
+        await asyncio.sleep(5)
+        try:
+            was_approved = await api.check_approved_machine()
+        except Exception as e:
+            evt.log.exception("Error checking if login was approved from another device")
+            await evt.reply(f"Error checking if login was approved from another device: {e}")
+            break
+        if was_approved:
+            prev_cmd_status = evt.sender.command_status
+            evt.sender.command_status = None
+            try:
+                await api.login_approved()
+            except TwoFactorRequired:
+                await evt.reply("Login approved from another device, but Facebook decided that "
+                                "you need to enter the 2FA code anyway.")
+                evt.sender.command_status = prev_cmd_status
+                return
+            await evt.sender.on_logged_in(state)
+            await evt.reply("Login successfully approved from another device")
+            break
+
+
 async def enter_2fa_code(evt: CommandEvent) -> None:
     checker_task: asyncio.Task = evt.sender.command_status["checker_task"]
     checker_task.cancel()
diff --git a/mautrix_facebook/config.py b/mautrix_facebook/config.py
index f7be8b06..29c31caf 100644
--- a/mautrix_facebook/config.py
+++ b/mautrix_facebook/config.py
@@ -57,6 +57,7 @@ def do_update(self, helper: ConfigUpdateHelper) -> None:
             base["appservice.public.shared_secret"] = self._new_token()
         else:
             copy("appservice.public.shared_secret")
+        copy("appservice.public.allow_matrix_login")
 
         copy("metrics.enabled")
         copy("metrics.listen_port")
diff --git a/mautrix_facebook/example-config.yaml b/mautrix_facebook/example-config.yaml
index c3207509..33582e31 100644
--- a/mautrix_facebook/example-config.yaml
+++ b/mautrix_facebook/example-config.yaml
@@ -46,6 +46,8 @@ appservice:
         # If set to "generate", a random string will be generated on the next startup.
         # If null, integration manager access to the API will not be possible.
         shared_secret: generate
+        # Allow logging in within Matrix. If false, users can only log in using the web interface.
+        allow_matrix_login: true
 
     # The unique ID of this appservice.
     id: facebook
diff --git a/mautrix_facebook/web/public.py b/mautrix_facebook/web/public.py
index 6ac6e264..f56c9e06 100644
--- a/mautrix_facebook/web/public.py
+++ b/mautrix_facebook/web/public.py
@@ -21,6 +21,7 @@
 import json
 
 from aiohttp import web
+import pkg_resources
 
 from mautrix.types import UserID
 from mautrix.util.signed_token import verify_token
@@ -30,6 +31,10 @@
 from .. import user as u, puppet as pu
 
 
+class InvalidTokenError(Exception):
+    pass
+
+
 class PublicBridgeWebsite:
     log: logging.Logger = logging.getLogger("mau.web.public")
     app: web.Application
@@ -40,10 +45,11 @@ def __init__(self, shared_secret: str) -> None:
         self.app = web.Application()
         self.secret_key = "".join(random.choices(string.ascii_lowercase + string.digits, k=64))
         self.shared_secret = shared_secret
-        for path in ("whoami", "login", "login/2fa", "login/check_approved", "login/approved",
-                     "logout", "disconnect", "reconnect", "refresh"):
+        for path in ("whoami", "login", "login/prepare", "login/2fa", "login/check_approved",
+                     "login/approved", "logout", "disconnect", "reconnect", "refresh"):
             self.app.router.add_options(f"/api/{path}", self.login_options)
         self.app.router.add_get("/api/whoami", self.status)
+        self.app.router.add_post("/api/login/prepare", self.login_prepare)
         self.app.router.add_post("/api/login", self.login)
         self.app.router.add_post("/api/login/2fa", self.login_2fa)
         self.app.router.add_get("/api/login/check_approved", self.login_check_approved)
@@ -52,12 +58,16 @@ def __init__(self, shared_secret: str) -> None:
         self.app.router.add_post("/api/disconnect", self.disconnect)
         self.app.router.add_post("/api/reconnect", self.reconnect)
         self.app.router.add_post("/api/refresh", self.refresh)
+        self.app.router.add_static("/", pkg_resources.resource_filename("mautrix_facebook.web",
+                                                                        "static/"))
 
-    def verify_token(self, token: str) -> Optional[UserID]:
+    def verify_token(self, token: str) -> UserID:
         token = verify_token(self.secret_key, token)
-        if token and token.get("expiry", 0) > int(time.time()):
+        if token:
+            if token.get("expiry", 0) < int(time.time()):
+                raise InvalidTokenError("Access token has expired")
             return UserID(token.get("mxid"))
-        return None
+        raise InvalidTokenError("Access token is invalid")
 
     @property
     def _acao_headers(self) -> Dict[str, str]:
@@ -94,9 +104,12 @@ async def check_token(self, request: web.Request) -> Optional['u.User']:
                 raise web.HTTPBadRequest(text='{"error": "Missing user_id query param"}',
                                          headers=self._headers)
         else:
-            user_id = self.verify_token(token)
-            if not user_id:
-                raise web.HTTPForbidden(text='{"error": "Invalid token"}', headers=self._headers)
+            try:
+                user_id = self.verify_token(token)
+            except InvalidTokenError as e:
+                raise web.HTTPForbidden(text=json.dumps({"error": f"{e}, please request a new one"
+                                                                  " from the bridge bot"}),
+                                        headers=self._headers)
 
         user = await u.User.get_by_mxid(user_id)
         return user
@@ -122,6 +135,28 @@ async def status(self, request: web.Request) -> web.Response:
                                                           f"{user.state.device.name}")
         return web.json_response(data, headers=self._acao_headers)
 
+    async def login_prepare(self, request: web.Request) -> web.Response:
+        user = await self.check_token(request)
+        state = AndroidState()
+        state.generate(user.mxid)
+        api = AndroidAPI(state, log=user.log.getChild("login-api"))
+        user.command_status = {
+            "action": "Login",
+            "state": state,
+            "api": api,
+        }
+        try:
+            await api.mobile_config_sessionless()
+        except Exception as e:
+            self.log.exception("Failed to get mobile_config_sessionless to prepare login "
+                               f"for {user.mxid}")
+            return web.json_response({"error": str(e)}, headers=self._acao_headers)
+        return web.json_response({
+            "status": "login",
+            "password_encryption_key_id": state.session.password_encryption_key_id,
+            "password_encryption_pubkey": state.session.password_encryption_pubkey
+        }, headers=self._acao_headers)
+
     async def login(self, request: web.Request) -> web.Response:
         user = await self.check_token(request)
 
@@ -132,16 +167,33 @@ async def login(self, request: web.Request) -> web.Response:
 
         try:
             email = data["email"]
+        except KeyError:
+            raise web.HTTPBadRequest(text='{"error": "Missing email"}', headers=self._headers)
+        try:
             password = data["password"]
+            encrypted_password = None
         except KeyError:
-            raise web.HTTPBadRequest(text='{"error": "Missing keys"}', headers=self._headers)
+            try:
+                encrypted_password = data["encrypted_password"]
+                password = None
+            except KeyError:
+                raise web.HTTPBadRequest(text='{"error": "Missing password"}',
+                                         headers=self._headers)
 
-        state = AndroidState()
-        state.generate(user.mxid)
-        api = AndroidAPI(state, log=user.log.getChild("login-api"))
-        try:
+        if encrypted_password:
+            if not user.command_status or user.command_status["action"] != "Login":
+                raise web.HTTPBadRequest(text='{"error": "No login in progress"}',
+                                         headers=self._headers)
+            state: AndroidState = user.command_status["state"]
+            api: AndroidAPI = user.command_status["api"]
+        else:
+            state = AndroidState()
+            state.generate(user.mxid)
+            api = AndroidAPI(state, log=user.log.getChild("login-api"))
             await api.mobile_config_sessionless()
-            await api.login(email, password)
+
+        try:
+            await api.login(email, password=password, encrypted_password=encrypted_password)
             await user.on_logged_in(state)
             return web.json_response({"status": "logged-in"}, headers=self._acao_headers)
         except TwoFactorRequired as e:
diff --git a/mautrix_facebook/web/static/lib/asn1hex-1.1.min.js b/mautrix_facebook/web/static/lib/asn1hex-1.1.min.js
new file mode 100644
index 00000000..ced8b9ea
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/asn1hex-1.1.min.js
@@ -0,0 +1,7 @@
+// asn1hex-1.2.8.js (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+
+import BigInteger from "./jsbn.min.js"
+
+var ASN1HEX=new function(){};ASN1HEX.getLblen=function(t,n){if("8"!=t.substr(n+2,1))return 1;var r=parseInt(t.substr(n+3,1));return 0==r?-1:0<r&&r<10?r+1:-2},ASN1HEX.getL=function(t,n){var r=ASN1HEX.getLblen(t,n);return r<1?"":t.substr(n+2,2*r)},ASN1HEX.getVblen=function(t,n){var r;return""==(r=ASN1HEX.getL(t,n))?-1:("8"===r.substr(0,1)?new BigInteger(r.substr(2),16):new BigInteger(r,16)).intValue()},ASN1HEX.getVidx=function(t,n){var r=ASN1HEX.getLblen(t,n);return r<0?r:n+2*(r+1)},ASN1HEX.getV=function(t,n){var r=ASN1HEX.getVidx(t,n),e=ASN1HEX.getVblen(t,n);return t.substr(r,2*e)},ASN1HEX.getTLV=function(t,n){return t.substr(n,2)+ASN1HEX.getL(t,n)+ASN1HEX.getV(t,n)},ASN1HEX.getTLVblen=function(t,n){return 2+2*ASN1HEX.getLblen(t,n)+2*ASN1HEX.getVblen(t,n)},ASN1HEX.getNextSiblingIdx=function(t,n){return ASN1HEX.getVidx(t,n)+2*ASN1HEX.getVblen(t,n)},ASN1HEX.getChildIdx=function(t,n){var r,e,i,u=ASN1HEX,g=[];r=u.getVidx(t,n),e=2*u.getVblen(t,n),"03"==t.substr(n,2)&&(r+=2,e-=2),i=0;for(var s=r;i<=e;){var o=u.getTLVblen(t,s);if((i+=o)<=e&&g.push(s),s+=o,i>=e)break}return g},ASN1HEX.getNthChildIdx=function(t,n,r){return ASN1HEX.getChildIdx(t,n)[r]},ASN1HEX.getIdxbyList=function(t,n,r,e){var i,u,g=ASN1HEX;return 0==r.length?void 0!==e&&t.substr(n,2)!==e?-1:n:(i=r.shift())>=(u=g.getChildIdx(t,n)).length?-1:g.getIdxbyList(t,u[i],r,e)},ASN1HEX.getIdxbyListEx=function(t,n,r,e){var i,u,g=ASN1HEX;if(0==r.length)return void 0!==e&&t.substr(n,2)!==e?-1:n;i=r.shift(),u=g.getChildIdx(t,n);for(var s=0,o=0;o<u.length;o++){var a=t.substr(u[o],2);if("number"==typeof i&&!g.isContextTag(a)&&s==i||"string"==typeof i&&g.isContextTag(a,i))return g.getIdxbyListEx(t,u[o],r,e);g.isContextTag(a)||s++}return-1},ASN1HEX.getTLVbyList=function(t,n,r,e){var i=ASN1HEX,u=i.getIdxbyList(t,n,r,e);return-1==u?null:u>=t.length?null:i.getTLV(t,u)},ASN1HEX.getTLVbyListEx=function(t,n,r,e){var i=ASN1HEX,u=i.getIdxbyListEx(t,n,r,e);return-1==u?null:i.getTLV(t,u)},ASN1HEX.getVbyList=function(t,n,r,e,i){var u,g,s=ASN1HEX;return-1==(u=s.getIdxbyList(t,n,r,e))?null:u>=t.length?null:(g=s.getV(t,u),!0===i&&(g=g.substr(2)),g)},ASN1HEX.getVbyListEx=function(t,n,r,e,i){var u,g,s=ASN1HEX;return-1==(u=s.getIdxbyListEx(t,n,r,e))?null:(g=s.getV(t,u),"03"==t.substr(u,2)&&!1!==i&&(g=g.substr(2)),g)},ASN1HEX.getInt=function(t,n,r){null==r&&(r=-1);try{var e=t.substr(n,2);if("02"!=e&&"03"!=e)return r;var i=ASN1HEX.getV(t,n);return"02"==e?parseInt(i,16):bitstrtoint(i)}catch(t){return r}},ASN1HEX.getOID=function(t,n,r){null==r&&(r=null);try{if("06"!=t.substr(n,2))return r;var e=ASN1HEX.getV(t,n);return hextooid(e)}catch(t){return r}},ASN1HEX.getOIDName=function(t,n,r){null==r&&(r=null);try{var e=ASN1HEX.getOID(t,n,r);if(e==r)return r;var i=KJUR.asn1.x509.OID.oid2name(e);return""==i?e:i}catch(t){return r}},ASN1HEX.getString=function(t,n,r){null==r&&(r=null);try{var e=ASN1HEX.getV(t,n);return hextorstr(e)}catch(t){return r}},ASN1HEX.hextooidstr=function(t){var n=function(t,n){return t.length>=n?t:new Array(n-t.length+1).join("0")+t},r=[],e=t.substr(0,2),i=parseInt(e,16);r[0]=new String(Math.floor(i/40)),r[1]=new String(i%40);for(var u=t.substr(2),g=[],s=0;s<u.length/2;s++)g.push(parseInt(u.substr(2*s,2),16));var o=[],a="";for(s=0;s<g.length;s++)128&g[s]?a+=n((127&g[s]).toString(2),7):(a+=n((127&g[s]).toString(2),7),o.push(new String(parseInt(a,2))),a="");var l=r.join(".");return o.length>0&&(l=l+"."+o.join(".")),l},ASN1HEX.dump=function(t,n,r,e){var i=ASN1HEX,u=i.getV,g=i.dump,s=i.getChildIdx,o=t;t instanceof KJUR.asn1.ASN1Object&&(o=t.getEncodedHex());var a=function(t,n){return t.length<=2*n?t:t.substr(0,n)+"..(total "+t.length/2+"bytes).."+t.substr(t.length-n,n)};void 0===n&&(n={ommit_long_octet:32}),void 0===r&&(r=0),void 0===e&&(e="");var l,f=n.ommit_long_octet;if("01"==(l=o.substr(r,2)))return"00"==(E=u(o,r))?e+"BOOLEAN FALSE\n":e+"BOOLEAN TRUE\n";if("02"==l)return e+"INTEGER "+a(E=u(o,r),f)+"\n";if("03"==l){var E=u(o,r);if(i.isASN1HEX(E.substr(2))){var h=e+"BITSTRING, encapsulates\n";return h+=g(E.substr(2),n,0,e+"  ")}return e+"BITSTRING "+a(E,f)+"\n"}if("04"==l){E=u(o,r);if(i.isASN1HEX(E)){h=e+"OCTETSTRING, encapsulates\n";return h+=g(E,n,0,e+"  ")}return e+"OCTETSTRING "+a(E,f)+"\n"}if("05"==l)return e+"NULL\n";if("06"==l){var S=u(o,r),N=KJUR.asn1.ASN1Util.oidHexToInt(S),A=KJUR.asn1.x509.OID.oid2name(N),b=N.replace(/\./g," ");return""!=A?e+"ObjectIdentifier "+A+" ("+b+")\n":e+"ObjectIdentifier ("+b+")\n"}if("0a"==l)return e+"ENUMERATED "+parseInt(u(o,r))+"\n";if("0c"==l)return e+"UTF8String '"+hextoutf8(u(o,r))+"'\n";if("13"==l)return e+"PrintableString '"+hextoutf8(u(o,r))+"'\n";if("14"==l)return e+"TeletexString '"+hextoutf8(u(o,r))+"'\n";if("16"==l)return e+"IA5String '"+hextoutf8(u(o,r))+"'\n";if("17"==l)return e+"UTCTime "+hextoutf8(u(o,r))+"\n";if("18"==l)return e+"GeneralizedTime "+hextoutf8(u(o,r))+"\n";if("1a"==l)return e+"VisualString '"+hextoutf8(u(o,r))+"'\n";if("1e"==l)return e+"BMPString '"+hextoutf8(u(o,r))+"'\n";if("30"==l){if("3000"==o.substr(r,4))return e+"SEQUENCE {}\n";h=e+"SEQUENCE\n";var c=n;if((2==(v=s(o,r)).length||3==v.length)&&"06"==o.substr(v[0],2)&&"04"==o.substr(v[v.length-1],2)){A=i.oidname(u(o,v[0]));var x=JSON.parse(JSON.stringify(n));x.x509ExtName=A,c=x}for(var H=0;H<v.length;H++)h+=g(o,c,v[H],e+"  ");return h}if("31"==l){h=e+"SET\n";var v=s(o,r);for(H=0;H<v.length;H++)h+=g(o,n,v[H],e+"  ");return h}if(0!=(128&(l=parseInt(l,16)))){var d=31&l;if(0!=(32&l)){for(h=e+"["+d+"]\n",v=s(o,r),H=0;H<v.length;H++)h+=g(o,n,v[H],e+"  ");return h}E=u(o,r);if(ASN1HEX.isASN1HEX(E)){var h=e+"["+d+"]\n";return h+=g(E,n,0,e+"  ")}return"68747470"==E.substr(0,8)?E=hextoutf8(E):"subjectAltName"===n.x509ExtName&&2==d&&(E=hextoutf8(E)),h=e+"["+d+"] "+E+"\n"}return e+"UNKNOWN("+l+") "+u(o,r)+"\n"},ASN1HEX.isContextTag=function(t,n){var r,e;t=t.toLowerCase();try{r=parseInt(t,16)}catch(t){return-1}if(void 0===n)return 128==(192&r);try{return null!=n.match(/^\[[0-9]+\]$/)&&(!((e=parseInt(n.substr(1,n.length-1),10))>31)&&(128==(192&r)&&(31&r)==e))}catch(t){return!1}},ASN1HEX.isASN1HEX=function(t){var n=ASN1HEX;if(t.length%2==1)return!1;var r=n.getVblen(t,0),e=t.substr(0,2),i=n.getL(t,0);return t.length-e.length-i.length==2*r},ASN1HEX.checkStrictDER=function(t,n,r,e,i){var u=ASN1HEX;if(void 0===r){if("string"!=typeof t)throw new Error("not hex string");if(t=t.toLowerCase(),!KJUR.lang.String.isHex(t))throw new Error("not hex string");r=t.length,i=(e=t.length/2)<128?1:Math.ceil(e.toString(16))+1}if(u.getL(t,n).length>2*i)throw new Error("L of TLV too long: idx="+n);var g=u.getVblen(t,n);if(g>e)throw new Error("value of L too long than hex: idx="+n);var s=u.getTLV(t,n),o=s.length-2-u.getL(t,n).length;if(o!==2*g)throw new Error("V string length and L's value not the same:"+o+"/"+2*g);if(0===n&&t.length!=s.length)throw new Error("total length and TLV length unmatch:"+t.length+"!="+s.length);var a=t.substr(n,2);if("02"===a){var l=u.getVidx(t,n);if("00"==t.substr(l,2)&&t.charCodeAt(l+2)<56)throw new Error("not least zeros for DER INTEGER")}if(32&parseInt(a,16)){for(var f=u.getVblen(t,n),E=0,h=u.getChildIdx(t,n),S=0;S<h.length;S++){E+=u.getTLV(t,h[S]).length,u.checkStrictDER(t,h[S],r,e,i)}if(2*f!=E)throw new Error("sum of children's TLV length and L unmatch: "+2*f+"!="+E)}},ASN1HEX.oidname=function(t){var n=KJUR.asn1;KJUR.lang.String.isHex(t)&&(t=n.ASN1Util.oidHexToInt(t));var r=n.x509.OID.oid2name(t);return""===r&&(r=t),r};
+
+export default ASN1HEX
diff --git a/mautrix_facebook/web/static/lib/htm-3.0.4.min.js b/mautrix_facebook/web/static/lib/htm-3.0.4.min.js
new file mode 100644
index 00000000..4a6228f9
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/htm-3.0.4.min.js
@@ -0,0 +1 @@
+var n=function(t,s,r,e){var u;s[0]=0;for(var h=1;h<s.length;h++){var p=s[h++],a=s[h]?(s[0]|=p?1:2,r[s[h++]]):s[++h];3===p?e[0]=a:4===p?e[1]=Object.assign(e[1]||{},a):5===p?(e[1]=e[1]||{})[s[++h]]=a:6===p?e[1][s[++h]]+=a+"":p?(u=t.apply(a,n(t,a,r,["",null])),e.push(u),a[0]?s[0]|=2:(s[h-2]=0,s[h]=u)):e.push(a)}return e},t=new Map;export default function(s){var r=t.get(this);return r||(r=new Map,t.set(this,r)),(r=n(this,r.get(s)||(r.set(s,r=function(n){for(var t,s,r=1,e="",u="",h=[0],p=function(n){1===r&&(n||(e=e.replace(/^\s*\n\s*|\s*\n\s*$/g,"")))?h.push(0,n,e):3===r&&(n||e)?(h.push(3,n,e),r=2):2===r&&"..."===e&&n?h.push(4,n,0):2===r&&e&&!n?h.push(5,0,!0,e):r>=5&&((e||!n&&5===r)&&(h.push(r,0,e,s),r=6),n&&(h.push(r,n,0,s),r=6)),e=""},a=0;a<n.length;a++){a&&(1===r&&p(),p(a));for(var l=0;l<n[a].length;l++)t=n[a][l],1===r?"<"===t?(p(),h=[h],r=3):e+=t:4===r?"--"===e&&">"===t?(r=1,e=""):e=t+e[0]:u?t===u?u="":e+=t:'"'===t||"'"===t?u=t:">"===t?(p(),r=1):r&&("="===t?(r=5,s=e,e=""):"/"===t&&(r<5||">"===n[a][l+1])?(p(),3===r&&(h=h[0]),r=h,(h=h[0]).push(2,0,r),r=0):" "===t||"\t"===t||"\n"===t||"\r"===t?(p(),r=2):e+=t),3===r&&"!--"===e&&(r=4,h=h[0])}return p(),h}(s)),r),arguments,[])).length>1?r:r[0]}
diff --git a/mautrix_facebook/web/static/lib/jsbn.min.js b/mautrix_facebook/web/static/lib/jsbn.min.js
new file mode 100644
index 00000000..776f93cd
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/jsbn.min.js
@@ -0,0 +1,9 @@
+// From http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js
+// Also includes bnIntValue from http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn2.js
+
+// Copyright (c) 2005  Tom Wu
+// http://www-cs-students.stanford.edu/~tjw/jsbn/LICENSE
+
+var dbits,canary=0xdeadbeefcafe,j_lm=15715070==(16777215&canary);function BigInteger(t,i,r){null!=t&&("number"==typeof t?this.fromNumber(t,i,r):null==i&&"string"!=typeof t?this.fromString(t,256):this.fromString(t,i))}function nbi(){return new BigInteger(null)}function am1(t,i,r,o,n,e){for(;--e>=0;){var s=i*this[t++]+r[o]+n;n=Math.floor(s/67108864),r[o++]=67108863&s}return n}function am2(t,i,r,o,n,e){for(var s=32767&i,h=i>>15;--e>=0;){var p=32767&this[t],a=this[t++]>>15,f=h*p+a*s;n=((p=s*p+((32767&f)<<15)+r[o]+(1073741823&n))>>>30)+(f>>>15)+h*a+(n>>>30),r[o++]=1073741823&p}return n}function am3(t,i,r,o,n,e){for(var s=16383&i,h=i>>14;--e>=0;){var p=16383&this[t],a=this[t++]>>14,f=h*p+a*s;n=((p=s*p+((16383&f)<<14)+r[o]+n)>>28)+(f>>14)+h*a,r[o++]=268435455&p}return n}j_lm&&"Microsoft Internet Explorer"==navigator.appName?(BigInteger.prototype.am=am2,dbits=30):j_lm&&"Netscape"!=navigator.appName?(BigInteger.prototype.am=am1,dbits=26):(BigInteger.prototype.am=am3,dbits=28),BigInteger.prototype.DB=dbits,BigInteger.prototype.DM=(1<<dbits)-1,BigInteger.prototype.DV=1<<dbits;var BI_FP=52;BigInteger.prototype.FV=Math.pow(2,BI_FP),BigInteger.prototype.F1=BI_FP-dbits,BigInteger.prototype.F2=2*dbits-BI_FP;var rr,vv,BI_RM="0123456789abcdefghijklmnopqrstuvwxyz",BI_RC=new Array;for(rr="0".charCodeAt(0),vv=0;vv<=9;++vv)BI_RC[rr++]=vv;for(rr="a".charCodeAt(0),vv=10;vv<36;++vv)BI_RC[rr++]=vv;for(rr="A".charCodeAt(0),vv=10;vv<36;++vv)BI_RC[rr++]=vv;function int2char(t){return BI_RM.charAt(t)}function intAt(t,i){var r=BI_RC[t.charCodeAt(i)];return null==r?-1:r}function bnpCopyTo(t){for(var i=this.t-1;i>=0;--i)t[i]=this[i];t.t=this.t,t.s=this.s}function bnpFromInt(t){this.t=1,this.s=t<0?-1:0,t>0?this[0]=t:t<-1?this[0]=t+this.DV:this.t=0}function nbv(t){var i=nbi();return i.fromInt(t),i}function bnpFromString(t,i){var r;if(16==i)r=4;else if(8==i)r=3;else if(256==i)r=8;else if(2==i)r=1;else if(32==i)r=5;else{if(4!=i)return void this.fromRadix(t,i);r=2}this.t=0,this.s=0;for(var o=t.length,n=!1,e=0;--o>=0;){var s=8==r?255&t[o]:intAt(t,o);s<0?"-"==t.charAt(o)&&(n=!0):(n=!1,0==e?this[this.t++]=s:e+r>this.DB?(this[this.t-1]|=(s&(1<<this.DB-e)-1)<<e,this[this.t++]=s>>this.DB-e):this[this.t-1]|=s<<e,(e+=r)>=this.DB&&(e-=this.DB))}8==r&&0!=(128&t[0])&&(this.s=-1,e>0&&(this[this.t-1]|=(1<<this.DB-e)-1<<e)),this.clamp(),n&&BigInteger.ZERO.subTo(this,this)}function bnpClamp(){for(var t=this.s&this.DM;this.t>0&&this[this.t-1]==t;)--this.t}function bnToString(t){if(this.s<0)return"-"+this.negate().toString(t);var i;if(16==t)i=4;else if(8==t)i=3;else if(2==t)i=1;else if(32==t)i=5;else{if(4!=t)return this.toRadix(t);i=2}var r,o=(1<<i)-1,n=!1,e="",s=this.t,h=this.DB-s*this.DB%i;if(s-- >0)for(h<this.DB&&(r=this[s]>>h)>0&&(n=!0,e=int2char(r));s>=0;)h<i?(r=(this[s]&(1<<h)-1)<<i-h,r|=this[--s]>>(h+=this.DB-i)):(r=this[s]>>(h-=i)&o,h<=0&&(h+=this.DB,--s)),r>0&&(n=!0),n&&(e+=int2char(r));return n?e:"0"}function bnNegate(){var t=nbi();return BigInteger.ZERO.subTo(this,t),t}function bnAbs(){return this.s<0?this.negate():this}function bnCompareTo(t){var i=this.s-t.s;if(0!=i)return i;var r=this.t;if(0!=(i=r-t.t))return this.s<0?-i:i;for(;--r>=0;)if(0!=(i=this[r]-t[r]))return i;return 0}function nbits(t){var i,r=1;return 0!=(i=t>>>16)&&(t=i,r+=16),0!=(i=t>>8)&&(t=i,r+=8),0!=(i=t>>4)&&(t=i,r+=4),0!=(i=t>>2)&&(t=i,r+=2),0!=(i=t>>1)&&(t=i,r+=1),r}function bnBitLength(){return this.t<=0?0:this.DB*(this.t-1)+nbits(this[this.t-1]^this.s&this.DM)}function bnpDLShiftTo(t,i){var r;for(r=this.t-1;r>=0;--r)i[r+t]=this[r];for(r=t-1;r>=0;--r)i[r]=0;i.t=this.t+t,i.s=this.s}function bnpDRShiftTo(t,i){for(var r=t;r<this.t;++r)i[r-t]=this[r];i.t=Math.max(this.t-t,0),i.s=this.s}function bnpLShiftTo(t,i){var r,o=t%this.DB,n=this.DB-o,e=(1<<n)-1,s=Math.floor(t/this.DB),h=this.s<<o&this.DM;for(r=this.t-1;r>=0;--r)i[r+s+1]=this[r]>>n|h,h=(this[r]&e)<<o;for(r=s-1;r>=0;--r)i[r]=0;i[s]=h,i.t=this.t+s+1,i.s=this.s,i.clamp()}function bnpRShiftTo(t,i){i.s=this.s;var r=Math.floor(t/this.DB);if(r>=this.t)i.t=0;else{var o=t%this.DB,n=this.DB-o,e=(1<<o)-1;i[0]=this[r]>>o;for(var s=r+1;s<this.t;++s)i[s-r-1]|=(this[s]&e)<<n,i[s-r]=this[s]>>o;o>0&&(i[this.t-r-1]|=(this.s&e)<<n),i.t=this.t-r,i.clamp()}}function bnpSubTo(t,i){for(var r=0,o=0,n=Math.min(t.t,this.t);r<n;)o+=this[r]-t[r],i[r++]=o&this.DM,o>>=this.DB;if(t.t<this.t){for(o-=t.s;r<this.t;)o+=this[r],i[r++]=o&this.DM,o>>=this.DB;o+=this.s}else{for(o+=this.s;r<t.t;)o-=t[r],i[r++]=o&this.DM,o>>=this.DB;o-=t.s}i.s=o<0?-1:0,o<-1?i[r++]=this.DV+o:o>0&&(i[r++]=o),i.t=r,i.clamp()}function bnpMultiplyTo(t,i){var r=this.abs(),o=t.abs(),n=r.t;for(i.t=n+o.t;--n>=0;)i[n]=0;for(n=0;n<o.t;++n)i[n+r.t]=r.am(0,o[n],i,n,0,r.t);i.s=0,i.clamp(),this.s!=t.s&&BigInteger.ZERO.subTo(i,i)}function bnpSquareTo(t){for(var i=this.abs(),r=t.t=2*i.t;--r>=0;)t[r]=0;for(r=0;r<i.t-1;++r){var o=i.am(r,i[r],t,2*r,0,1);(t[r+i.t]+=i.am(r+1,2*i[r],t,2*r+1,o,i.t-r-1))>=i.DV&&(t[r+i.t]-=i.DV,t[r+i.t+1]=1)}t.t>0&&(t[t.t-1]+=i.am(r,i[r],t,2*r,0,1)),t.s=0,t.clamp()}function bnpDivRemTo(t,i,r){var o=t.abs();if(!(o.t<=0)){var n=this.abs();if(n.t<o.t)return null!=i&&i.fromInt(0),void(null!=r&&this.copyTo(r));null==r&&(r=nbi());var e=nbi(),s=this.s,h=t.s,p=this.DB-nbits(o[o.t-1]);p>0?(o.lShiftTo(p,e),n.lShiftTo(p,r)):(o.copyTo(e),n.copyTo(r));var a=e.t,f=e[a-1];if(0!=f){var u=f*(1<<this.F1)+(a>1?e[a-2]>>this.F2:0),g=this.FV/u,m=(1<<this.F1)/u,c=1<<this.F2,v=r.t,b=v-a,l=null==i?nbi():i;for(e.dlShiftTo(b,l),r.compareTo(l)>=0&&(r[r.t++]=1,r.subTo(l,r)),BigInteger.ONE.dlShiftTo(a,l),l.subTo(e,e);e.t<a;)e[e.t++]=0;for(;--b>=0;){var B=r[--v]==f?this.DM:Math.floor(r[v]*g+(r[v-1]+c)*m);if((r[v]+=e.am(0,B,r,b,0,a))<B)for(e.dlShiftTo(b,l),r.subTo(l,r);r[v]<--B;)r.subTo(l,r)}null!=i&&(r.drShiftTo(a,i),s!=h&&BigInteger.ZERO.subTo(i,i)),r.t=a,r.clamp(),p>0&&r.rShiftTo(p,r),s<0&&BigInteger.ZERO.subTo(r,r)}}}function bnMod(t){var i=nbi();return this.abs().divRemTo(t,null,i),this.s<0&&i.compareTo(BigInteger.ZERO)>0&&t.subTo(i,i),i}function Classic(t){this.m=t}function cConvert(t){return t.s<0||t.compareTo(this.m)>=0?t.mod(this.m):t}function cRevert(t){return t}function cReduce(t){t.divRemTo(this.m,null,t)}function cMulTo(t,i,r){t.multiplyTo(i,r),this.reduce(r)}function cSqrTo(t,i){t.squareTo(i),this.reduce(i)}function bnpInvDigit(){if(this.t<1)return 0;var t=this[0];if(0==(1&t))return 0;var i=3&t;return(i=(i=(i=(i=i*(2-(15&t)*i)&15)*(2-(255&t)*i)&255)*(2-((65535&t)*i&65535))&65535)*(2-t*i%this.DV)%this.DV)>0?this.DV-i:-i}function Montgomery(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<<t.DB-15)-1,this.mt2=2*t.t}function montConvert(t){var i=nbi();return t.abs().dlShiftTo(this.m.t,i),i.divRemTo(this.m,null,i),t.s<0&&i.compareTo(BigInteger.ZERO)>0&&this.m.subTo(i,i),i}function montRevert(t){var i=nbi();return t.copyTo(i),this.reduce(i),i}function montReduce(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var i=0;i<this.m.t;++i){var r=32767&t[i],o=r*this.mpl+((r*this.mph+(t[i]>>15)*this.mpl&this.um)<<15)&t.DM;for(t[r=i+this.m.t]+=this.m.am(0,o,t,i,0,this.m.t);t[r]>=t.DV;)t[r]-=t.DV,t[++r]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)}function montSqrTo(t,i){t.squareTo(i),this.reduce(i)}function montMulTo(t,i,r){t.multiplyTo(i,r),this.reduce(r)}function bnpIsEven(){return 0==(this.t>0?1&this[0]:this.s)}function bnpExp(t,i){if(t>4294967295||t<1)return BigInteger.ONE;var r=nbi(),o=nbi(),n=i.convert(this),e=nbits(t)-1;for(n.copyTo(r);--e>=0;)if(i.sqrTo(r,o),(t&1<<e)>0)i.mulTo(o,n,r);else{var s=r;r=o,o=s}return i.revert(r)}function bnModPowInt(t,i){var r;return r=t<256||i.isEven()?new Classic(i):new Montgomery(i),this.exp(t,r)}function bnIntValue(){if(this.s<0){if(1==this.t)return this[0]-this.DV;if(0==this.t)return-1}else{if(1==this.t)return this[0];if(0==this.t)return 0}return(this[1]&(1<<32-this.DB)-1)<<this.DB|this[0]}Classic.prototype.convert=cConvert,Classic.prototype.revert=cRevert,Classic.prototype.reduce=cReduce,Classic.prototype.mulTo=cMulTo,Classic.prototype.sqrTo=cSqrTo,Montgomery.prototype.convert=montConvert,Montgomery.prototype.revert=montRevert,Montgomery.prototype.reduce=montReduce,Montgomery.prototype.mulTo=montMulTo,Montgomery.prototype.sqrTo=montSqrTo,BigInteger.prototype.copyTo=bnpCopyTo,BigInteger.prototype.fromInt=bnpFromInt,BigInteger.prototype.fromString=bnpFromString,BigInteger.prototype.clamp=bnpClamp,BigInteger.prototype.dlShiftTo=bnpDLShiftTo,BigInteger.prototype.drShiftTo=bnpDRShiftTo,BigInteger.prototype.lShiftTo=bnpLShiftTo,BigInteger.prototype.rShiftTo=bnpRShiftTo,BigInteger.prototype.subTo=bnpSubTo,BigInteger.prototype.multiplyTo=bnpMultiplyTo,BigInteger.prototype.squareTo=bnpSquareTo,BigInteger.prototype.divRemTo=bnpDivRemTo,BigInteger.prototype.invDigit=bnpInvDigit,BigInteger.prototype.isEven=bnpIsEven,BigInteger.prototype.exp=bnpExp,BigInteger.prototype.toString=bnToString,BigInteger.prototype.negate=bnNegate,BigInteger.prototype.abs=bnAbs,BigInteger.prototype.compareTo=bnCompareTo,BigInteger.prototype.bitLength=bnBitLength,BigInteger.prototype.mod=bnMod,BigInteger.prototype.modPowInt=bnModPowInt,BigInteger.ZERO=nbv(0),BigInteger.ONE=nbv(1),BigInteger.prototype.intValue=bnIntValue;
+
+export default BigInteger;
diff --git a/mautrix_facebook/web/static/lib/milligram-1.4.1.min.css b/mautrix_facebook/web/static/lib/milligram-1.4.1.min.css
new file mode 100644
index 00000000..eddc8376
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/milligram-1.4.1.min.css
@@ -0,0 +1,8 @@
+/*!
+  * Milligram v1.4.1
+  * https://milligram.io
+  *
+  * Copyright (c) 2020 CJ Patoilo
+  * Licensed under the MIT license
+ */
+*,:after,:before{box-sizing:inherit}html{box-sizing:border-box;font-size:62.5%}body{color:#606c76;font-family:Roboto,'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:1.6em;font-weight:300;letter-spacing:.01em;line-height:1.6}blockquote{border-left:.3rem solid #d1d1d1;margin-left:0;margin-right:0;padding:1rem 1.5rem}blockquote :last-child{margin-bottom:0}.button,button,input[type=button],input[type=reset],input[type=submit]{background-color:#9b4dca;border:.1rem solid #9b4dca;border-radius:.4rem;color:#fff;cursor:pointer;display:inline-block;font-size:1.1rem;font-weight:700;height:3.8rem;letter-spacing:.1rem;line-height:3.8rem;padding:0 3rem;text-align:center;text-decoration:none;text-transform:uppercase;white-space:nowrap}.button:focus,.button:hover,button:focus,button:hover,input[type=button]:focus,input[type=button]:hover,input[type=reset]:focus,input[type=reset]:hover,input[type=submit]:focus,input[type=submit]:hover{background-color:#606c76;border-color:#606c76;color:#fff;outline:0}.button[disabled],button[disabled],input[type=button][disabled],input[type=reset][disabled],input[type=submit][disabled]{cursor:default;opacity:.5}.button[disabled]:focus,.button[disabled]:hover,button[disabled]:focus,button[disabled]:hover,input[type=button][disabled]:focus,input[type=button][disabled]:hover,input[type=reset][disabled]:focus,input[type=reset][disabled]:hover,input[type=submit][disabled]:focus,input[type=submit][disabled]:hover{background-color:#9b4dca;border-color:#9b4dca}.button.button-outline,button.button-outline,input[type=button].button-outline,input[type=reset].button-outline,input[type=submit].button-outline{background-color:transparent;color:#9b4dca}.button.button-outline:focus,.button.button-outline:hover,button.button-outline:focus,button.button-outline:hover,input[type=button].button-outline:focus,input[type=button].button-outline:hover,input[type=reset].button-outline:focus,input[type=reset].button-outline:hover,input[type=submit].button-outline:focus,input[type=submit].button-outline:hover{background-color:transparent;border-color:#606c76;color:#606c76}.button.button-outline[disabled]:focus,.button.button-outline[disabled]:hover,button.button-outline[disabled]:focus,button.button-outline[disabled]:hover,input[type=button].button-outline[disabled]:focus,input[type=button].button-outline[disabled]:hover,input[type=reset].button-outline[disabled]:focus,input[type=reset].button-outline[disabled]:hover,input[type=submit].button-outline[disabled]:focus,input[type=submit].button-outline[disabled]:hover{border-color:inherit;color:#9b4dca}.button.button-clear,button.button-clear,input[type=button].button-clear,input[type=reset].button-clear,input[type=submit].button-clear{background-color:transparent;border-color:transparent;color:#9b4dca}.button.button-clear:focus,.button.button-clear:hover,button.button-clear:focus,button.button-clear:hover,input[type=button].button-clear:focus,input[type=button].button-clear:hover,input[type=reset].button-clear:focus,input[type=reset].button-clear:hover,input[type=submit].button-clear:focus,input[type=submit].button-clear:hover{background-color:transparent;border-color:transparent;color:#606c76}.button.button-clear[disabled]:focus,.button.button-clear[disabled]:hover,button.button-clear[disabled]:focus,button.button-clear[disabled]:hover,input[type=button].button-clear[disabled]:focus,input[type=button].button-clear[disabled]:hover,input[type=reset].button-clear[disabled]:focus,input[type=reset].button-clear[disabled]:hover,input[type=submit].button-clear[disabled]:focus,input[type=submit].button-clear[disabled]:hover{color:#9b4dca}code{background:#f4f5f6;border-radius:.4rem;font-size:86%;margin:0 .2rem;padding:.2rem .5rem;white-space:nowrap}pre{background:#f4f5f6;border-left:.3rem solid #9b4dca;overflow-y:hidden}pre>code{border-radius:0;display:block;padding:1rem 1.5rem;white-space:pre}hr{border:0;border-top:.1rem solid #f4f5f6;margin:3rem 0}input:not([type]),input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=url],input[type=week],select,textarea{-webkit-appearance:none;background-color:transparent;border:.1rem solid #d1d1d1;border-radius:.4rem;box-shadow:none;box-sizing:inherit;height:3.8rem;padding:.6rem 1rem .7rem;width:100%}input:not([type]):focus,input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=url]:focus,input[type=week]:focus,select:focus,textarea:focus{border-color:#9b4dca;outline:0}select{background:url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 8" width="30"><path fill="%23d1d1d1" d="M0,0l6,8l6-8"/></svg>') center right no-repeat;padding-right:3rem}select:focus{background-image:url('data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 8" width="30"><path fill="%239b4dca" d="M0,0l6,8l6-8"/></svg>')}select[multiple]{background:0 0;height:auto}textarea{min-height:6.5rem}label,legend{display:block;font-size:1.6rem;font-weight:700;margin-bottom:.5rem}fieldset{border-width:0;padding:0}input[type=checkbox],input[type=radio]{display:inline}.label-inline{display:inline-block;font-weight:400;margin-left:.5rem}.container{margin:0 auto;max-width:112rem;padding:0 2rem;position:relative;width:100%}.row{display:flex;flex-direction:column;padding:0;width:100%}.row.row-no-padding{padding:0}.row.row-no-padding>.column{padding:0}.row.row-wrap{flex-wrap:wrap}.row.row-top{align-items:flex-start}.row.row-bottom{align-items:flex-end}.row.row-center{align-items:center}.row.row-stretch{align-items:stretch}.row.row-baseline{align-items:baseline}.row .column{display:block;flex:1 1 auto;margin-left:0;max-width:100%;width:100%}.row .column.column-offset-10{margin-left:10%}.row .column.column-offset-20{margin-left:20%}.row .column.column-offset-25{margin-left:25%}.row .column.column-offset-33,.row .column.column-offset-34{margin-left:33.3333%}.row .column.column-offset-40{margin-left:40%}.row .column.column-offset-50{margin-left:50%}.row .column.column-offset-60{margin-left:60%}.row .column.column-offset-66,.row .column.column-offset-67{margin-left:66.6666%}.row .column.column-offset-75{margin-left:75%}.row .column.column-offset-80{margin-left:80%}.row .column.column-offset-90{margin-left:90%}.row .column.column-10{flex:0 0 10%;max-width:10%}.row .column.column-20{flex:0 0 20%;max-width:20%}.row .column.column-25{flex:0 0 25%;max-width:25%}.row .column.column-33,.row .column.column-34{flex:0 0 33.3333%;max-width:33.3333%}.row .column.column-40{flex:0 0 40%;max-width:40%}.row .column.column-50{flex:0 0 50%;max-width:50%}.row .column.column-60{flex:0 0 60%;max-width:60%}.row .column.column-66,.row .column.column-67{flex:0 0 66.6666%;max-width:66.6666%}.row .column.column-75{flex:0 0 75%;max-width:75%}.row .column.column-80{flex:0 0 80%;max-width:80%}.row .column.column-90{flex:0 0 90%;max-width:90%}.row .column .column-top{align-self:flex-start}.row .column .column-bottom{align-self:flex-end}.row .column .column-center{align-self:center}@media (min-width:40rem){.row{flex-direction:row;margin-left:-1rem;width:calc(100% + 2rem)}.row .column{margin-bottom:inherit;padding:0 1rem}}a{color:#9b4dca;text-decoration:none}a:focus,a:hover{color:#606c76}dl,ol,ul{list-style:none;margin-top:0;padding-left:0}dl dl,dl ol,dl ul,ol dl,ol ol,ol ul,ul dl,ul ol,ul ul{font-size:90%;margin:1.5rem 0 1.5rem 3rem}ol{list-style:decimal inside}ul{list-style:circle inside}.button,button,dd,dt,li{margin-bottom:1rem}fieldset,input,select,textarea{margin-bottom:1.5rem}blockquote,dl,figure,form,ol,p,pre,table,ul{margin-bottom:2.5rem}table{border-spacing:0;display:block;overflow-x:auto;text-align:left;width:100%}td,th{border-bottom:.1rem solid #e1e1e1;padding:1.2rem 1.5rem}td:first-child,th:first-child{padding-left:0}td:last-child,th:last-child{padding-right:0}@media (min-width:40rem){table{display:table;overflow-x:initial}}b,strong{font-weight:700}p{margin-top:0}h1,h2,h3,h4,h5,h6{font-weight:300;letter-spacing:-.1rem;margin-bottom:2rem;margin-top:0}h1{font-size:4.6rem;line-height:1.2}h2{font-size:3.6rem;line-height:1.25}h3{font-size:2.8rem;line-height:1.3}h4{font-size:2.2rem;letter-spacing:-.08rem;line-height:1.35}h5{font-size:1.8rem;letter-spacing:-.05rem;line-height:1.5}h6{font-size:1.6rem;letter-spacing:0;line-height:1.4}img{max-width:100%}.clearfix:after{clear:both;content:' ';display:table}.float-left{float:left}.float-right{float:right}
diff --git a/mautrix_facebook/web/static/lib/normalize-8.0.1.min.css b/mautrix_facebook/web/static/lib/normalize-8.0.1.min.css
new file mode 100644
index 00000000..b52daa7b
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/normalize-8.0.1.min.css
@@ -0,0 +1,2 @@
+/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
+html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}template{display:none}[hidden]{display:none}
diff --git a/mautrix_facebook/web/static/lib/preact-10.5.12.min.js b/mautrix_facebook/web/static/lib/preact-10.5.12.min.js
new file mode 100644
index 00000000..b4ff7419
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/preact-10.5.12.min.js
@@ -0,0 +1 @@
+var n,l,u,i,t,r,o={},f=[],e=/acit|ex(?:s|g|n|p|$)|rph|grid|ows|mnc|ntw|ine[ch]|zoo|^ord|itera/i;function c(e,n){for(var t in n)e[t]=n[t];return e}function s(e){var n=e.parentNode;n&&n.removeChild(e)}function a(e,n,t){var _,l,o,r=arguments,u={};for(o in n)"key"==o?_=n[o]:"ref"==o?l=n[o]:u[o]=n[o];if(arguments.length>3)for(t=[t],o=3;o<arguments.length;o++)t.push(r[o]);if(null!=t&&(u.children=t),"function"==typeof e&&null!=e.defaultProps)for(o in e.defaultProps)void 0===u[o]&&(u[o]=e.defaultProps[o]);return v(e,u,_,l,null)}function v(e,t,_,l,o){var r={type:e,props:t,key:_,ref:l,__k:null,__:null,__b:0,__e:null,__d:void 0,__c:null,__h:null,constructor:void 0,__v:null==o?++n.__v:o};return null!=n.vnode&&n.vnode(r),r}function h(){return{current:null}}function y(e){return e.children}function p(e,n){this.props=e,this.context=n}function d(e,n){if(null==n)return e.__?d(e.__,e.__.__k.indexOf(e)+1):null;for(var t;n<e.__k.length;n++)if(null!=(t=e.__k[n])&&null!=t.__e)return t.__e;return"function"==typeof e.type?d(e):null}function _(e){var n,t;if(null!=(e=e.__)&&null!=e.__c){for(e.__e=e.__c.base=null,n=0;n<e.__k.length;n++)if(null!=(t=e.__k[n])&&null!=t.__e){e.__e=e.__c.base=t.__e;break}return _(e)}}function k(e){(!e.__d&&(e.__d=!0)&&u.push(e)&&!m.__r++||t!==n.debounceRendering)&&((t=n.debounceRendering)||i)(m)}function m(){for(var e;m.__r=u.length;)e=u.sort(function(e,n){return e.__v.__b-n.__v.__b}),u=[],e.some(function(e){var n,t,l,o,r,u;e.__d&&(r=(o=(n=e).__v).__e,(u=n.__P)&&(t=[],(l=c({},o)).__v=o.__v+1,T(u,o,l,n.__n,void 0!==u.ownerSVGElement,null!=o.__h?[r]:null,t,null==r?d(o):r,o.__h),j(t,o),o.__e!=r&&_(o)))})}function b(e,n,t,_,l,r,u,i,s,c){var p,a,h,m,k,b,C,P=_&&_.__k||f,S=P.length;for(t.__k=[],p=0;p<n.length;p++)if(null!=(m=t.__k[p]=null==(m=n[p])||"boolean"==typeof m?null:"string"==typeof m||"number"==typeof m?v(null,m,null,null,m):Array.isArray(m)?v(y,{children:m},null,null,null):m.__b>0?v(m.type,m.props,m.key,null,m.__v):m)){if(m.__=t,m.__b=t.__b+1,null===(h=P[p])||h&&m.key==h.key&&m.type===h.type)P[p]=void 0;else for(a=0;a<S;a++){if((h=P[a])&&m.key==h.key&&m.type===h.type){P[a]=void 0;break}h=null}T(e,m,h=h||o,l,r,u,i,s,c),k=m.__e,(a=m.ref)&&h.ref!=a&&(C||(C=[]),h.ref&&C.push(h.ref,null,m),C.push(a,m.__c||k,m)),null!=k?(null==b&&(b=k),"function"==typeof m.type&&null!=m.__k&&m.__k===h.__k?m.__d=s=g(m,s,e):s=x(e,m,h,P,k,s),c||"option"!==t.type?"function"==typeof t.type&&(t.__d=s):e.value=""):s&&h.__e==s&&s.parentNode!=e&&(s=d(h))}for(t.__e=b,p=S;p--;)null!=P[p]&&("function"==typeof t.type&&null!=P[p].__e&&P[p].__e==t.__d&&(t.__d=d(_,p+1)),L(P[p],P[p]));if(C)for(p=0;p<C.length;p++)I(C[p],C[++p],C[++p])}function g(e,n,t){var _,l;for(_=0;_<e.__k.length;_++)(l=e.__k[_])&&(l.__=e,n="function"==typeof l.type?g(l,n,t):x(t,l,l,e.__k,l.__e,n));return n}function w(e,n){return n=n||[],null==e||"boolean"==typeof e||(Array.isArray(e)?e.some(function(e){w(e,n)}):n.push(e)),n}function x(e,n,t,_,l,o){var r,u,i;if(void 0!==n.__d)r=n.__d,n.__d=void 0;else if(null==t||l!=o||null==l.parentNode)e:if(null==o||o.parentNode!==e)e.appendChild(l),r=null;else{for(u=o,i=0;(u=u.nextSibling)&&i<_.length;i+=2)if(u==l)break e;e.insertBefore(l,o),r=o}return void 0!==r?r:l.nextSibling}function A(e,n,t,_,l){var o;for(o in t)"children"===o||"key"===o||o in n||C(e,o,null,t[o],_);for(o in n)l&&"function"!=typeof n[o]||"children"===o||"key"===o||"value"===o||"checked"===o||t[o]===n[o]||C(e,o,n[o],t[o],_)}function P(n,t,_){"-"===t[0]?n.setProperty(t,_):n[t]=null==_?"":"number"!=typeof _||e.test(t)?_:_+"px"}function C(e,n,t,_,l){var o;e:if("style"===n)if("string"==typeof t)e.style.cssText=t;else{if("string"==typeof _&&(e.style.cssText=_=""),_)for(n in _)t&&n in t||P(e.style,n,"");if(t)for(n in t)_&&t[n]===_[n]||P(e.style,n,t[n])}else if("o"===n[0]&&"n"===n[1])o=n!==(n=n.replace(/Capture$/,"")),n=n.toLowerCase()in e?n.toLowerCase().slice(2):n.slice(2),e.l||(e.l={}),e.l[n+o]=t,t?_||e.addEventListener(n,o?H:$,o):e.removeEventListener(n,o?H:$,o);else if("dangerouslySetInnerHTML"!==n){if(l)n=n.replace(/xlink[H:h]/,"h").replace(/sName$/,"s");else if("href"!==n&&"list"!==n&&"form"!==n&&"download"!==n&&n in e)try{e[n]=null==t?"":t;break e}catch(e){}"function"==typeof t||(null!=t&&(!1!==t||"a"===n[0]&&"r"===n[1])?e.setAttribute(n,t):e.removeAttribute(n))}}function $(e){this.l[e.type+!1](n.event?n.event(e):e)}function H(e){this.l[e.type+!0](n.event?n.event(e):e)}function T(e,t,_,l,o,r,u,i,s){var f,a,d,h,v,m,k,g,C,x,P,S=t.type;if(void 0!==t.constructor)return null;null!=_.__h&&(s=_.__h,i=t.__e=_.__e,t.__h=null,r=[i]),(f=n.__b)&&f(t);try{e:if("function"==typeof S){if(g=t.props,C=(f=S.contextType)&&l[f.__c],x=f?C?C.props.value:f.__:l,_.__c?k=(a=t.__c=_.__c).__=a.__E:("prototype"in S&&S.prototype.render?t.__c=a=new S(g,x):(t.__c=a=new p(g,x),a.constructor=S,a.render=M),C&&C.sub(a),a.props=g,a.state||(a.state={}),a.context=x,a.__n=l,d=a.__d=!0,a.__h=[]),null==a.__s&&(a.__s=a.state),null!=S.getDerivedStateFromProps&&(a.__s==a.state&&(a.__s=c({},a.__s)),c(a.__s,S.getDerivedStateFromProps(g,a.__s))),h=a.props,v=a.state,d)null==S.getDerivedStateFromProps&&null!=a.componentWillMount&&a.componentWillMount(),null!=a.componentDidMount&&a.__h.push(a.componentDidMount);else{if(null==S.getDerivedStateFromProps&&g!==h&&null!=a.componentWillReceiveProps&&a.componentWillReceiveProps(g,x),!a.__e&&null!=a.shouldComponentUpdate&&!1===a.shouldComponentUpdate(g,a.__s,x)||t.__v===_.__v){a.props=g,a.state=a.__s,t.__v!==_.__v&&(a.__d=!1),a.__v=t,t.__e=_.__e,t.__k=_.__k,a.__h.length&&u.push(a);break e}null!=a.componentWillUpdate&&a.componentWillUpdate(g,a.__s,x),null!=a.componentDidUpdate&&a.__h.push(function(){a.componentDidUpdate(h,v,m)})}a.context=x,a.props=g,a.state=a.__s,(f=n.__r)&&f(t),a.__d=!1,a.__v=t,a.__P=e,f=a.render(a.props,a.state,a.context),a.state=a.__s,null!=a.getChildContext&&(l=c(c({},l),a.getChildContext())),d||null==a.getSnapshotBeforeUpdate||(m=a.getSnapshotBeforeUpdate(h,v)),P=null!=f&&f.type===y&&null==f.key?f.props.children:f,b(e,Array.isArray(P)?P:[P],t,_,l,o,r,u,i,s),a.base=t.__e,t.__h=null,a.__h.length&&u.push(a),k&&(a.__E=a.__=null),a.__e=!1}else null==r&&t.__v===_.__v?(t.__k=_.__k,t.__e=_.__e):t.__e=z(_.__e,t,_,l,o,r,u,s);(f=n.diffed)&&f(t)}catch(e){t.__v=null,(s||null!=r)&&(t.__e=i,t.__h=!!s,r[r.indexOf(i)]=null),n.__e(e,t,_)}}function j(e,t){n.__c&&n.__c(t,e),e.some(function(t){try{e=t.__h,t.__h=[],e.some(function(e){e.call(t)})}catch(e){n.__e(e,t.__v)}})}function z(e,n,t,_,l,r,u,i){var c,p,a,d,h=t.props,v=n.props,y=n.type,m=0;if("svg"===y&&(l=!0),null!=r)for(;m<r.length;m++)if((c=r[m])&&(c===e||(y?c.localName==y:3==c.nodeType))){e=c,r[m]=null;break}if(null==e){if(null===y)return document.createTextNode(v);e=l?document.createElementNS("http://www.w3.org/2000/svg",y):document.createElement(y,v.is&&v),r=null,i=!1}if(null===y)h===v||i&&e.data===v||(e.data=v);else{if(r=r&&f.slice.call(e.childNodes),p=(h=t.props||o).dangerouslySetInnerHTML,a=v.dangerouslySetInnerHTML,!i){if(null!=r)for(h={},d=0;d<e.attributes.length;d++)h[e.attributes[d].name]=e.attributes[d].value;(a||p)&&(a&&(p&&a.__html==p.__html||a.__html===e.innerHTML)||(e.innerHTML=a&&a.__html||""))}if(A(e,v,h,l,i),a)n.__k=[];else if(m=n.props.children,b(e,Array.isArray(m)?m:[m],n,t,_,l&&"foreignObject"!==y,r,u,e.firstChild,i),null!=r)for(m=r.length;m--;)null!=r[m]&&s(r[m]);i||("value"in v&&void 0!==(m=v.value)&&(m!==e.value||"progress"===y&&!m)&&C(e,"value",m,h.value,!1),"checked"in v&&void 0!==(m=v.checked)&&m!==e.checked&&C(e,"checked",m,h.checked,!1))}return e}function I(e,t,_){try{"function"==typeof e?e(t):e.current=t}catch(e){n.__e(e,_)}}function L(e,t,_){var l,o,r;if(n.unmount&&n.unmount(e),(l=e.ref)&&(l.current&&l.current!==e.__e||I(l,null,t)),_||"function"==typeof e.type||(_=null!=(o=e.__e)),e.__e=e.__d=void 0,null!=(l=e.__c)){if(l.componentWillUnmount)try{l.componentWillUnmount()}catch(e){n.__e(e,t)}l.base=l.__P=null}if(l=e.__k)for(r=0;r<l.length;r++)l[r]&&L(l[r],t,_);null!=o&&s(o)}function M(e,n,t){return this.constructor(e,t)}function N(e,t,_){var l,r,u;n.__&&n.__(e,t),r=(l="function"==typeof _)?null:_&&_.__k||t.__k,u=[],T(t,e=(!l&&_||t).__k=a(y,null,[e]),r||o,o,void 0!==t.ownerSVGElement,!l&&_?[_]:r?null:t.firstChild?f.slice.call(t.childNodes):null,u,!l&&_?_:r?r.__e:t.firstChild,l),j(u,e)}function O(e,n){N(e,n,O)}function S(e,n,t){var _,l,o,r=arguments,u=c({},e.props);for(o in n)"key"==o?_=n[o]:"ref"==o?l=n[o]:u[o]=n[o];if(arguments.length>3)for(t=[t],o=3;o<arguments.length;o++)t.push(r[o]);return null!=t&&(u.children=t),v(e.type,u,_||e.key,l||e.ref,null)}function q(e,n){var t={__c:n="__cC"+r++,__:e,Consumer:function(e,n){return e.children(n)},Provider:function(e){var t,_;return this.getChildContext||(t=[],(_={})[n]=this,this.getChildContext=function(){return _},this.shouldComponentUpdate=function(e){this.props.value!==e.value&&t.some(k)},this.sub=function(e){t.push(e);var n=e.componentWillUnmount;e.componentWillUnmount=function(){t.splice(t.indexOf(e),1),n&&n.call(e)}}),e.children}};return t.Provider.__=t.Consumer.contextType=t}n={__e:function(e,n){for(var t,_,l;n=n.__;)if((t=n.__c)&&!t.__)try{if((_=t.constructor)&&null!=_.getDerivedStateFromError&&(t.setState(_.getDerivedStateFromError(e)),l=t.__d),null!=t.componentDidCatch&&(t.componentDidCatch(e),l=t.__d),l)return t.__E=t}catch(n){e=n}throw e},__v:0},l=function(e){return null!=e&&void 0===e.constructor},p.prototype.setState=function(e,n){var t;t=null!=this.__s&&this.__s!==this.state?this.__s:this.__s=c({},this.state),"function"==typeof e&&(e=e(c({},t),this.props)),e&&c(t,e),null!=e&&this.__v&&(n&&this.__h.push(n),k(this))},p.prototype.forceUpdate=function(e){this.__v&&(this.__e=!0,e&&this.__h.push(e),k(this))},p.prototype.render=y,u=[],i="function"==typeof Promise?Promise.prototype.then.bind(Promise.resolve()):setTimeout,m.__r=0,r=0;export{N as render,O as hydrate,a as createElement,a as h,y as Fragment,h as createRef,l as isValidElement,p as Component,S as cloneElement,q as createContext,w as toChildArray,n as options};
diff --git a/mautrix_facebook/web/static/lib/rng.min.js b/mautrix_facebook/web/static/lib/rng.min.js
new file mode 100644
index 00000000..6cb39e93
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/rng.min.js
@@ -0,0 +1,9 @@
+// From http://www-cs-students.stanford.edu/~tjw/jsbn/rng.js
+// and http://www-cs-students.stanford.edu/~tjw/jsbn/prng4.js
+
+// Copyright (c) 2005  Tom Wu
+// http://www-cs-students.stanford.edu/~tjw/jsbn/LICENSE
+
+function Arcfour(){this.i=0,this.j=0,this.S=new Array}function ARC4init(t){var r,n,i;for(r=0;r<256;++r)this.S[r]=r;for(n=0,r=0;r<256;++r)n=n+this.S[r]+t[r%t.length]&255,i=this.S[r],this.S[r]=this.S[n],this.S[n]=i;this.i=0,this.j=0}function ARC4next(){var t;return this.i=this.i+1&255,this.j=this.j+this.S[this.i]&255,t=this.S[this.i],this.S[this.i]=this.S[this.j],this.S[this.j]=t,this.S[t+this.S[this.i]&255]}function prng_newstate(){return new Arcfour}Arcfour.prototype.init=ARC4init,Arcfour.prototype.next=ARC4next;var rng_state,rng_pool,rng_pptr,rng_psize=256;function rng_seed_int(t){rng_pool[rng_pptr++]^=255&t,rng_pool[rng_pptr++]^=t>>8&255,rng_pool[rng_pptr++]^=t>>16&255,rng_pool[rng_pptr++]^=t>>24&255,rng_pptr>=rng_psize&&(rng_pptr-=rng_psize)}function rng_seed_time(){rng_seed_int((new Date).getTime())}if(null==rng_pool){var t;if(rng_pool=new Array,rng_pptr=0,window.crypto&&window.crypto.getRandomValues){var ua=new Uint8Array(32);for(window.crypto.getRandomValues(ua),t=0;t<32;++t)rng_pool[rng_pptr++]=ua[t]}if("Netscape"==navigator.appName&&navigator.appVersion<"5"&&window.crypto){var z=window.crypto.random(32);for(t=0;t<z.length;++t)rng_pool[rng_pptr++]=255&z.charCodeAt(t)}for(;rng_pptr<rng_psize;)t=Math.floor(65536*Math.random()),rng_pool[rng_pptr++]=t>>>8,rng_pool[rng_pptr++]=255&t;rng_pptr=0,rng_seed_time()}function rng_get_byte(){if(null==rng_state){for(rng_seed_time(),(rng_state=prng_newstate()).init(rng_pool),rng_pptr=0;rng_pptr<rng_pool.length;++rng_pptr)rng_pool[rng_pptr]=0;rng_pptr=0}return rng_state.next()}function rng_get_bytes(t){var r;for(r=0;r<t.length;++r)t[r]=rng_get_byte()}function SecureRandom(){}SecureRandom.prototype.nextBytes=rng_get_bytes;
+
+export default SecureRandom
diff --git a/mautrix_facebook/web/static/lib/rsa.min.js b/mautrix_facebook/web/static/lib/rsa.min.js
new file mode 100644
index 00000000..90e11dcc
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/rsa.min.js
@@ -0,0 +1,12 @@
+// From http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.js
+// Modified to use Uint8Array instead of UTF-8 strings in pkcs1pad2.
+
+// Copyright (c) 2005  Tom Wu
+// http://www-cs-students.stanford.edu/~tjw/jsbn/LICENSE
+
+import BigInteger from "./jsbn.min.js"
+import SecureRandom from "./rng.min.js"
+
+function parseBigInt(n,t){return new BigInteger(n,t)}function linebrk(n,t){for(var e="",r=0;r+t<n.length;)e+=n.substring(r,r+t)+"\n",r+=t;return e+n.substring(r,n.length)}function byte2Hex(n){return n<16?"0"+n.toString(16):n.toString(16)}function pkcs1pad2(n,t){if(t<n.length+11)return alert("Message too long for RSA"),null;for(var e=new Array,r=n.length-1;r>=0&&t>0;)e[--t]=n[r--];e[--t]=0;for(var l=new SecureRandom,i=new Array;t>2;){for(i[0]=0;0==i[0];)l.nextBytes(i);e[--t]=i[0]}return e[--t]=2,e[--t]=0,new BigInteger(e)}function RSAKey(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function RSASetPublic(n,t){null!=n&&null!=t&&n.length>0&&t.length>0?(this.n=parseBigInt(n,16),this.e=parseInt(t,16)):alert("Invalid RSA public key")}function RSADoPublic(n){return n.modPowInt(this.e,this.n)}function RSAEncrypt(n){var t=pkcs1pad2(n,this.n.bitLength()+7>>3);if(null==t)return null;var e=this.doPublic(t);if(null==e)return null;var r=e.toString(16);return 0==(1&r.length)?r:"0"+r}RSAKey.prototype.doPublic=RSADoPublic,RSAKey.prototype.setPublic=RSASetPublic,RSAKey.prototype.encrypt=RSAEncrypt;
+
+export default RSAKey
diff --git a/mautrix_facebook/web/static/lib/spinner.css b/mautrix_facebook/web/static/lib/spinner.css
new file mode 100644
index 00000000..ca0e3356
--- /dev/null
+++ b/mautrix_facebook/web/static/lib/spinner.css
@@ -0,0 +1,80 @@
+.loader {
+  color: #9b4dca;
+  font-size: 90px;
+  text-indent: -9999em;
+  overflow: hidden;
+  width: 1em;
+  height: 1em;
+  border-radius: 50%;
+  margin: 72px auto;
+  position: relative;
+  -webkit-transform: translateZ(0);
+  -ms-transform: translateZ(0);
+  transform: translateZ(0);
+  -webkit-animation: load6 1.7s infinite ease, round 1.7s infinite ease;
+  animation: load6 1.7s infinite ease, round 1.7s infinite ease;
+}
+@-webkit-keyframes load6 {
+  0% {
+    box-shadow: 0 -0.83em 0 -0.4em, 0 -0.83em 0 -0.42em, 0 -0.83em 0 -0.44em, 0 -0.83em 0 -0.46em, 0 -0.83em 0 -0.477em;
+  }
+  5%,
+  95% {
+    box-shadow: 0 -0.83em 0 -0.4em, 0 -0.83em 0 -0.42em, 0 -0.83em 0 -0.44em, 0 -0.83em 0 -0.46em, 0 -0.83em 0 -0.477em;
+  }
+  10%,
+  59% {
+    box-shadow: 0 -0.83em 0 -0.4em, -0.087em -0.825em 0 -0.42em, -0.173em -0.812em 0 -0.44em, -0.256em -0.789em 0 -0.46em, -0.297em -0.775em 0 -0.477em;
+  }
+  20% {
+    box-shadow: 0 -0.83em 0 -0.4em, -0.338em -0.758em 0 -0.42em, -0.555em -0.617em 0 -0.44em, -0.671em -0.488em 0 -0.46em, -0.749em -0.34em 0 -0.477em;
+  }
+  38% {
+    box-shadow: 0 -0.83em 0 -0.4em, -0.377em -0.74em 0 -0.42em, -0.645em -0.522em 0 -0.44em, -0.775em -0.297em 0 -0.46em, -0.82em -0.09em 0 -0.477em;
+  }
+  100% {
+    box-shadow: 0 -0.83em 0 -0.4em, 0 -0.83em 0 -0.42em, 0 -0.83em 0 -0.44em, 0 -0.83em 0 -0.46em, 0 -0.83em 0 -0.477em;
+  }
+}
+@keyframes load6 {
+  0% {
+    box-shadow: 0 -0.83em 0 -0.4em, 0 -0.83em 0 -0.42em, 0 -0.83em 0 -0.44em, 0 -0.83em 0 -0.46em, 0 -0.83em 0 -0.477em;
+  }
+  5%,
+  95% {
+    box-shadow: 0 -0.83em 0 -0.4em, 0 -0.83em 0 -0.42em, 0 -0.83em 0 -0.44em, 0 -0.83em 0 -0.46em, 0 -0.83em 0 -0.477em;
+  }
+  10%,
+  59% {
+    box-shadow: 0 -0.83em 0 -0.4em, -0.087em -0.825em 0 -0.42em, -0.173em -0.812em 0 -0.44em, -0.256em -0.789em 0 -0.46em, -0.297em -0.775em 0 -0.477em;
+  }
+  20% {
+    box-shadow: 0 -0.83em 0 -0.4em, -0.338em -0.758em 0 -0.42em, -0.555em -0.617em 0 -0.44em, -0.671em -0.488em 0 -0.46em, -0.749em -0.34em 0 -0.477em;
+  }
+  38% {
+    box-shadow: 0 -0.83em 0 -0.4em, -0.377em -0.74em 0 -0.42em, -0.645em -0.522em 0 -0.44em, -0.775em -0.297em 0 -0.46em, -0.82em -0.09em 0 -0.477em;
+  }
+  100% {
+    box-shadow: 0 -0.83em 0 -0.4em, 0 -0.83em 0 -0.42em, 0 -0.83em 0 -0.44em, 0 -0.83em 0 -0.46em, 0 -0.83em 0 -0.477em;
+  }
+}
+@-webkit-keyframes round {
+  0% {
+    -webkit-transform: rotate(0deg);
+    transform: rotate(0deg);
+  }
+  100% {
+    -webkit-transform: rotate(360deg);
+    transform: rotate(360deg);
+  }
+}
+@keyframes round {
+  0% {
+    -webkit-transform: rotate(0deg);
+    transform: rotate(0deg);
+  }
+  100% {
+    -webkit-transform: rotate(360deg);
+    transform: rotate(360deg);
+  }
+}
diff --git a/mautrix_facebook/web/static/login.html b/mautrix_facebook/web/static/login.html
new file mode 100644
index 00000000..df5ddfb9
--- /dev/null
+++ b/mautrix_facebook/web/static/login.html
@@ -0,0 +1,44 @@
+<!--
+mautrix-facebook - A Matrix-Facebook Messenger puppeting bridge.
+Copyright (C) 2021 Tulir Asokan
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+-->
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+	<title>mautrix-facebook login</title>
+
+	<link rel="modulepreload" href="lib/jsbn.min.js"/>
+	<link rel="modulepreload" href="lib/rng.min.js"/>
+	<link rel="modulepreload" href="lib/rsa.min.js"/>
+	<link rel="modulepreload" href="lib/asn1hex-1.1.min.js"/>
+	<link rel="modulepreload" href="lib/preact-10.5.12.min.js"/>
+	<link rel="modulepreload" href="lib/htm-3.0.4.min.js"/>
+	<link rel="modulepreload" href="login/crypto.js"/>
+	<link rel="modulepreload" href="login/api.js"/>
+
+	<link rel="stylesheet" href="lib/normalize-8.0.1.min.css"/>
+	<link rel="stylesheet" href="lib/milligram-1.4.1.min.css"/>
+	<link rel="stylesheet" href="lib/spinner.css"/>
+	<link rel="stylesheet" href="login/index.css"/>
+	<script src="login/app.js" type="module"></script>
+	<script nomodule>document.body.innerText = "This login page requires modern JavaScript"</script>
+</head>
+<body>
+	<noscript>This login page requires JavaScript</noscript>
+</body>
+</html>
diff --git a/mautrix_facebook/web/static/login/api.js b/mautrix_facebook/web/static/login/api.js
new file mode 100644
index 00000000..875fb2e3
--- /dev/null
+++ b/mautrix_facebook/web/static/login/api.js
@@ -0,0 +1,62 @@
+// mautrix-facebook - A Matrix-Facebook Messenger puppeting bridge.
+// Copyright (C) 2021 Tulir Asokan
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+import encryptPassword from "./crypto.js"
+
+const apiToken = location.hash.slice(1)
+const headers = { Authorization: `Bearer ${apiToken}` }
+const jsonHeaders = { ...headers, "Content-Type": "application/json" }
+const fetchParams = { headers }
+
+export async function whoami() {
+	const resp = await fetch("api/whoami", fetchParams)
+	return await resp.json()
+}
+
+export async function prepareLogin() {
+	const resp = await fetch("api/login/prepare", { ...fetchParams, method: "POST" })
+	return await resp.json()
+}
+
+export async function login(pubkey, keyID, email, password) {
+	const resp = await fetch("api/login", {
+		method: "POST",
+		body: JSON.stringify({
+			email,
+			encrypted_password: await encryptPassword(pubkey, keyID, password),
+		}),
+		headers: jsonHeaders,
+	})
+	return await resp.json()
+}
+
+export async function login2FA(email, code) {
+	const resp = await fetch("api/login/2fa", {
+		method: "POST",
+		body: JSON.stringify({ email, code }),
+		headers: jsonHeaders,
+	})
+	return await resp.json()
+}
+
+export async function loginApproved() {
+	const resp = await fetch("api/login/approved", { method: "POST", headers })
+	return await resp.json()
+}
+
+export async function wasLoginApproved() {
+	const resp = await fetch("api/login/check_approved", fetchParams)
+	return (await resp.json()).approved
+}
diff --git a/mautrix_facebook/web/static/login/app.js b/mautrix_facebook/web/static/login/app.js
new file mode 100644
index 00000000..6e4565fd
--- /dev/null
+++ b/mautrix_facebook/web/static/login/app.js
@@ -0,0 +1,200 @@
+// mautrix-facebook - A Matrix-Facebook Messenger puppeting bridge.
+// Copyright (C) 2021 Tulir Asokan
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+import { h, Component, render } from "../lib/preact-10.5.12.min.js"
+import htm from "../lib/htm-3.0.4.min.js"
+import * as api from "./api.js"
+
+const html = htm.bind(h)
+
+class App extends Component {
+	constructor(props) {
+		super(props)
+		this.approveCheckInterval = null
+		this.state = {
+			loading: true,
+			submitting: false,
+			error: null,
+			mxid: null,
+			facebook: null,
+			status: "pre-login",
+			pubkey: null,
+			keyID: null,
+			email: "",
+			password: "",
+			twoFactorCode: "",
+			twoFactorInfo: {},
+		}
+	}
+
+	async componentDidMount() {
+		const { error, mxid, facebook } = await api.whoami()
+		if (error) {
+			this.setState({ error, loading: false })
+		} else {
+			this.setState({ mxid, facebook, loading: false })
+		}
+	}
+
+	checkLoginApproved = async () => {
+		if (!await api.wasLoginApproved()) {
+			return
+		}
+		clearInterval(this.approveCheckInterval)
+		this.approveCheckInterval = null
+		const resp = await api.loginApproved()
+		if (resp.status === "logged-in") {
+			this.setState({ status: resp.status })
+		}
+	}
+
+	submitNoDefault = evt => {
+		evt.preventDefault()
+		this.submit()
+	}
+
+	async submit() {
+		if (this.approveCheckInterval) {
+			clearInterval(this.approveCheckInterval)
+			this.approveCheckInterval = null
+		}
+		this.setState({ submitting: true })
+		let resp
+		switch (this.state.status) {
+		case "pre-login":
+			resp = await api.prepareLogin()
+			break
+		case "login":
+			resp = await api.login(this.state.pubkey, this.state.keyID,
+				this.state.email, this.state.password)
+			break
+		case "two-factor":
+			resp = await api.login2FA(this.state.email, this.state.twoFactorCode)
+			break
+		}
+		const stateUpdate = { submitting: false }
+		if (typeof resp.error === "string") {
+			stateUpdate.error = resp.error
+		} else {
+			stateUpdate.status = resp.status
+		}
+		if (resp.password_encryption_key_id) {
+			stateUpdate.pubkey = resp.password_encryption_pubkey
+			stateUpdate.keyID = resp.password_encryption_key_id
+		}
+		if (resp.status === "two-factor") {
+			this.approveCheckInterval = setInterval(this.checkLoginApproved, 5000)
+			stateUpdate.twoFactorInfo = resp.error
+		} else if (resp.status === "logged-in") {
+			api.whoami().then(({ facebook }) => this.setState({ facebook }))
+		}
+		this.setState(stateUpdate)
+	}
+
+	fieldChange = evt => {
+		this.setState({ [evt.target.id]: evt.target.value })
+	}
+
+	renderFields() {
+		switch (this.state.status) {
+		case "pre-login":
+			return null
+		case "login":
+			return html`
+				<label for="email">Email</label>
+				<input type="email" placeholder="user@example.com" id="email"
+					   value=${this.state.email} onChange=${this.fieldChange}/>
+				<label for="password">Password</label>
+				<input type="password" placeholder="correct horse battery staple" id="password"
+					   value=${this.state.password} onChange=${this.fieldChange}/>
+			`
+		case "two-factor":
+			return html`
+				<p>${this.state.twoFactorInfo.error_user_msg}</p>
+				<label for="email">Email</label>
+				<input type="email" placeholder="user@example.com" id="email" disabled
+					   value=${this.state.email} onChange=${this.fieldChange}/>
+				<label for="twoFactorCode">Two-factor authentication code</label>
+				<input type="number" placeholder="123456" id="twoFactorCode"
+					   value=${this.state.twoFactorCode} onChange=${this.fieldChange}/>
+			`
+		}
+	}
+
+	submitButtonText() {
+		switch (this.state.status) {
+		case "pre-login":
+			return "Start"
+		case "login":
+		case "two-factor":
+			return "Sign in"
+		}
+	}
+
+	renderContent() {
+		if (this.state.loading) {
+			return html`
+				<div class="loader">Loading...</div>
+			`
+		} else if (this.state.status === "logged-in") {
+			if (this.state.facebook) {
+				return html`
+					Successfully logged in as ${this.state.facebook.name}. The bridge will appear
+					as ${this.state.facebook.device_displayname} in Facebook security settings.
+				`
+			}
+			return html`
+				Successfully logged in
+			`
+		} else if (this.state.facebook) {
+			return html`
+				You're already logged in as ${this.state.facebook.name}. The bridge appears
+				as ${this.state.facebook.device_displayname} in Facebook security settings.
+			`
+		}
+		return html`
+			${this.state.error && html`
+				<div class="error button" disabled>${this.state.error}</div>
+			`}
+			<form onSubmit=${this.submitNoDefault}>
+				<fieldset>
+					<label for="mxid">Matrix user ID</label>
+					<input type="text" placeholder="@user:example.com" id="mxid"
+						   value=${this.state.mxid} disabled/>
+					${this.renderFields()}
+					<button type="submit" disabled=${this.state.submitting}>
+						${this.state.submitting
+							? "Loading..."
+							: this.submitButtonText()}
+					</button>
+				</fieldset>
+			</form>
+		`
+	}
+
+	render() {
+		return html`
+			<main>
+				<h1>mautrix-facebook login</h1>
+				${this.renderContent()}
+			</main>
+		`
+	}
+}
+
+
+render(html`
+	<${App}/>
+`, document.body)
diff --git a/mautrix_facebook/web/static/login/crypto.js b/mautrix_facebook/web/static/login/crypto.js
new file mode 100644
index 00000000..158ac7fe
--- /dev/null
+++ b/mautrix_facebook/web/static/login/crypto.js
@@ -0,0 +1,112 @@
+// mautrix-facebook - A Matrix-Facebook Messenger puppeting bridge.
+// Copyright (C) 2021 Tulir Asokan
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// We have to use this pure-js RSA implementation because SubtleCrypto dropped PKCS#1 v1.5 support.
+import RSAKey from "../lib/rsa.min.js"
+import ASN1HEX from "../lib/asn1hex-1.1.min.js"
+
+function pemToHex(pem) {
+	// Strip pem header
+	pem = pem.replace("-----BEGIN PUBLIC KEY-----", "")
+	pem = pem.replace("-----END PUBLIC KEY-----", "")
+
+	// Convert base64 to hex
+	const raw = atob(pem)
+	let result = ""
+	for (let i = 0; i < raw.length; i++) {
+		const hex = raw.charCodeAt(i).toString(16)
+		result += (hex.length === 2 ? hex : "0" + hex)
+	}
+	return result.toLowerCase()
+}
+
+function getKey(pem) {
+	const keyHex = pemToHex(pem)
+	if (ASN1HEX.isASN1HEX(keyHex) === false) {
+		throw new Error("key is not ASN.1 hex string")
+	} else if (ASN1HEX.getVbyList(keyHex, 0, [0, 0], "06") !== "2a864886f70d010101") {
+		throw new Error("not PKCS8 RSA key")
+	} else if (ASN1HEX.getTLVbyListEx(keyHex, 0, [0, 0]) !== "06092a864886f70d010101") {
+		throw new Error("not PKCS8 RSA public key")
+	}
+
+	const p5hex = ASN1HEX.getTLVbyListEx(keyHex, 0, [1, 0])
+	if (ASN1HEX.isASN1HEX(p5hex) === false) {
+		throw new Error("keyHex is not ASN.1 hex string")
+	}
+
+	const aIdx = ASN1HEX.getChildIdx(p5hex, 0)
+	if (aIdx.length !== 2 || p5hex.substr(aIdx[0], 2) !== "02" || p5hex.substr(aIdx[1], 2) !== "02") {
+		throw new Error("wrong hex for PKCS#5 public key")
+	}
+
+	const hN = ASN1HEX.getV(p5hex, aIdx[0])
+	const hE = ASN1HEX.getV(p5hex, aIdx[1])
+	const key = new RSAKey()
+	key.setPublic(hN, hE)
+	return key
+}
+
+// encryptPassword encrypts a login password using AES-256-GCM, then encrypts the AES key
+// for Facebook's RSA-2048 key using PKCS#1 v1.5 padding.
+//
+// See https://github.com/tulir/mautrix-facebook/blob/v0.2.0/maufbapi/http/login.py#L164-L192
+// for the Python implementation of the same encryption protocol.
+async function encryptPassword(pubkey, keyID, password) {
+	// Key and IV for AES encryption
+	const aesKey = await crypto.subtle.generateKey({
+		name: "AES-GCM",
+		length: 256,
+	}, true, ["encrypt", "decrypt"])
+	const aesIV = crypto.getRandomValues(new Uint8Array(12))
+	// Get the actual bytes of the AES key
+	const aesKeyBytes = await crypto.subtle.exportKey("raw", aesKey)
+
+	// Encrypt AES key with Facebook's RSA public key.
+	const rsaKey = getKey(pubkey)
+	const encryptedAESKeyHex = rsaKey.encrypt(new Uint8Array(aesKeyBytes))
+	const encryptedAESKey = new Uint8Array(encryptedAESKeyHex.match(/[0-9A-Fa-f]{2}/g).map(h => parseInt(h, 16)))
+
+	const encoder = new TextEncoder()
+	const time = Math.floor(Date.now() / 1000)
+	// Encrypt the password. The result includes the ciphertext and AES MAC auth tag.
+	const encryptedPasswordBuffer = await crypto.subtle.encrypt({
+		name: "AES-GCM",
+		iv: aesIV,
+		// Add the current time to the additional authenticated data (AAD) section
+		additionalData: encoder.encode(time.toString()),
+		tagLength: 128,
+	}, aesKey, encoder.encode(password))
+	// SubtleCrypto returns the auth tag and ciphertext in the wrong order,
+	// so we have to flip them around.
+	const authTag = new Uint8Array(encryptedPasswordBuffer.slice(-16))
+	const encryptedPassword = new Uint8Array(encryptedPasswordBuffer.slice(0, -16))
+
+	const payload = new Uint8Array(2 + aesIV.byteLength + 2 + encryptedAESKey.byteLength + authTag.byteLength + encryptedPassword.byteLength)
+	// 1 is presumably the version
+	payload[0] = 1
+	payload[1] = keyID
+	payload.set(aesIV, 2)
+	// Length of the encrypted AES key as a little-endian 16-bit int
+	payload[aesIV.byteLength + 2] = encryptedAESKey.byteLength & (1 << 8)
+	payload[aesIV.byteLength + 3] = encryptedAESKey.byteLength >> 8
+	payload.set(encryptedAESKey, 4 + aesIV.byteLength)
+	payload.set(authTag, 4 + aesIV.byteLength + encryptedAESKey.byteLength)
+	payload.set(encryptedPassword, 4 + aesIV.byteLength + encryptedAESKey.byteLength + authTag.byteLength)
+	return `#PWD_MSGR:1:${time}:${btoa(String.fromCharCode(...payload))}`
+}
+
+export default encryptPassword
diff --git a/mautrix_facebook/web/static/login/index.css b/mautrix_facebook/web/static/login/index.css
new file mode 100644
index 00000000..efef17d1
--- /dev/null
+++ b/mautrix_facebook/web/static/login/index.css
@@ -0,0 +1,10 @@
+.error {
+	background-color: darkred !important;
+	border-color: darkred !important;
+	opacity: 1 !important;
+}
+
+main {
+	max-width: 50rem;
+	margin: 2rem auto 0;
+}
diff --git a/optional-requirements.txt b/optional-requirements.txt
index c8e71c1c..3054544f 100644
--- a/optional-requirements.txt
+++ b/optional-requirements.txt
@@ -10,3 +10,6 @@ unpaddedbase64>=1,<2
 
 #/metrics
 prometheus_client>=0.6,<0.10
+
+#/weblogin
+setuptools
diff --git a/setup.py b/setup.py
index 810acc35..95df46ca 100644
--- a/setup.py
+++ b/setup.py
@@ -63,13 +63,9 @@
         "Programming Language :: Python :: 3.9",
     ],
     package_data={
-        "mautrix_facebook": [
-#            "web/static/*",
-            "example-config.yaml",
-        ],
-        "maufbapi.mqtt": [
-            "topics.json",
-        ],
+        "mautrix_facebook": ["example-config.yaml"],
+        "mautrix_facebook.web": ["static/*", "static/**/*"],
+        "maufbapi.mqtt": ["topics.json"],
     },
     data_files=[
         (".", ["alembic.ini", "mautrix_facebook/example-config.yaml"]),