57 changed files with 1193 additions and 1439 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
 data/
-.fsdb*
+.fsdb
 public/files/*
 .vscode/*
--- a/README.md
+++ b/README.md
@ -7,7 +7,7 @@ Bringing the BBS back.
 These are in no particular order. Pull requests updating this section welcome for
 feature discussions.
- [X] the core is a stream of events
+- [X] should everything be an event in a topic?
 - [X] get a first-pass podman/docker setup up
 - [X] sign up
 - [X] check for logged in user session
@ -21,14 +21,14 @@ feature discussions.
 	- [X] logout button
 	- [ ] profile editing
 	- [X] avatar uploads
- [X] chat channels
+- [X] chat topics
 	- [X] chat messages
 	- [ ] membership and presence
-		- [ ] add memberships to channels
+		- [ ] add memberships to topics
 			- [ ] join to get notifications
 			- [ ] join for additional permissions
-			- [ ] filters for allowing joining a channel based on criteria on the user?
+			- [ ] filters for allowing joining a topic based on criteria on the user?
-			- [ ] display channel members somehwere
+			- [ ] display topic members somehwere
 		- [ ] emit presence events on join/leave
 		- [ ] display user presence
 	- [ ] chat message actions
@ -88,7 +88,7 @@ feature discussions.
 	- [ ] if web notifications are enabled, emit on events
 	- [ ] ability to mute
 		- [ ] users
-		- [ ] channels
+		- [ ] topics
 		- [ ] tags (#tags?)
 - [ ] admin panel
 	- [ ] add invite code generation
--- a/deno.json
+++ b/deno.json
@ -32,7 +32,7 @@
 		}
 	},
 	"imports": {
-		"@andyburke/fsdb": "jsr:@andyburke/fsdb@^1.2.4",
+		"@andyburke/fsdb": "jsr:@andyburke/fsdb@^1.1.0",
 		"@andyburke/lurid": "jsr:@andyburke/lurid@^0.2.0",
 		"@andyburke/serverus": "jsr:@andyburke/serverus@^0.13.0",
 		"@da/bcrypt": "jsr:@da/bcrypt@^1.0.1",
--- a/deno.lock
+++ b/deno.lock
@ -1,7 +1,7 @@
 {
  "version": "5",
  "specifiers": {
-    "jsr:@andyburke/fsdb@^1.2.4": "1.2.4",
+    "jsr:@andyburke/fsdb@^1.1.0": "1.1.0",
    "jsr:@andyburke/lurid@0.2": "0.2.0",
    "jsr:@andyburke/serverus@0.13": "0.13.0",
    "jsr:@da/bcrypt@*": "1.0.1",
@ -31,8 +31,8 @@
    "npm:@types/node@*": "22.15.15"
  },
  "jsr": {
-    "@andyburke/fsdb@1.2.4": {
+    "@andyburke/fsdb@1.1.0": {
-      "integrity": "3437078a5627d4c72d677e41c20293a47d58a3af19eda72869a12acb011064d2",
+      "integrity": "ad2d062672137ca96df19df032b51f1c7aa3133c973a0b86eb8eaab3b4c2d47b",
      "dependencies": [
        "jsr:@std/cli@^1.0.20",
        "jsr:@std/fs@^1.0.18",
@ -133,7 +133,7 @@
  },
  "workspace": {
    "dependencies": [
-      "jsr:@andyburke/fsdb@^1.2.4",
+      "jsr:@andyburke/fsdb@^1.1.0",
      "jsr:@andyburke/lurid@0.2",
      "jsr:@andyburke/serverus@0.13",
      "jsr:@da/bcrypt@^1.0.1",
--- a/models/channel.ts
+++ b/models/channel.ts
@ -1,91 +0,0 @@
 import { by_character, by_lurid } from '@andyburke/fsdb/organizers';
 import { FSDB_COLLECTION } from '@andyburke/fsdb';
 import { FSDB_INDEXER_SYMLINKS } from '@andyburke/fsdb/indexers';
 /**
 * @typedef {object} CHANNEL_EVENT_PERMISSIONS
 * @property {string[]}	read						a list of user_ids with read permission for the channel events
 * @property {string[]} write						a list of user_ids with write permission for the channel events
 */
 /**
 * @typedef {object} CHANNEL_PERMISSIONS
 * @property {string[]}	read						a list of user_ids with read permission for the channel
 * @property {string[]} write						a list of user_ids with write permission for the channel
 * @property {CHANNEL_EVENT_PERMISSIONS} events
 */
 /**
 * @typedef {object} CHANNEL_TIMESTAMPS
 * @property {string}	created						when the channel was created
 * @property {string}	updated						the last time the channel was updated
 * @property {string}	[archived]					an option time the channel was archived
 */
 /**
 * CHANNEL
 *
 * @property {string} id						- lurid (stable)
 * @property {string} name						- channel name (max 64 characters, unique, unstable)
 * @property {string} creator_id				- user id of the channel creator
 * @property {CHANNEL_PERMISSIONS} permissions	- permissions setup for the channel
 * @property {string} [icon]					- optional url for channel icon
 * @property {string} [topic]					- optional topic for the channel
 * @property {string} [rules]					- optional channel rules (Markdown/text)
 * @property {string[]} [tags]					- optional tags for the channel
 * @property {Record<string,any>} [meta]		- optional metadata about the channel
 * @property {CHANNEL_TIMESTAMPS} timestamps	- timestamps
 */
 export type CHANNEL = {
 	id: string;
 	name: string;
 	creator_id: string;
 	permissions: {
 		read: string[];
 		write: string[];
 		events: {
 			read: string[];
 			write: string[];
 		};
 	};
 	icon?: string;
 	topic?: string;
 	rules?: string;
 	tags?: string[];
 	meta?: Record<string, any>;
 	timestamps: {
 		created: string;
 		updated: string;
 		archived: string | undefined;
 	};
 };
 export const CHANNELS = new FSDB_COLLECTION<CHANNEL>({
 	name: 'channels',
 	id_field: 'id',
 	organize: by_lurid,
 	indexers: {
 		creator_id: new FSDB_INDEXER_SYMLINKS<CHANNEL>({
 			name: 'creator_id',
 			field: 'creator_id',
 			to_many: true,
 			organize: by_lurid
 		}),
 		name: new FSDB_INDEXER_SYMLINKS<CHANNEL>({
 			name: 'name',
 			get_values_to_index: (channel) => [channel.name.toLowerCase()],
 			organize: by_character
 		}),
 		tags: new FSDB_INDEXER_SYMLINKS<CHANNEL>({
 			name: 'tags',
 			get_values_to_index: (channel): string[] => {
 				return (channel.tags ?? []).map((tag) => tag.toLowerCase());
 			},
 			to_many: true,
 			organize: by_character
 		})
 	}
 });
--- a/models/event.ts
+++ b/models/event.ts
@ -1,4 +1,4 @@
-import { by_lurid } from '@andyburke/fsdb/organizers';
+import { by_character, by_lurid } from '@andyburke/fsdb/organizers';
 import { FSDB_COLLECTION } from '@andyburke/fsdb';
 import { FSDB_INDEXER_SYMLINKS } from '@andyburke/fsdb/indexers';
 import { EMOJIS } from '../public/js/emojis/en.ts';
@ -16,9 +16,7 @@ import { EMOJIS } from '../public/js/emojis/en.ts';
 * @property {string} creator_id			- id of the source user
 * @property {string} type					- event type
 * @property {string} [parent_id]			- optional parent event id
- * @property {string} [channel]				- optional channel
+ * @property {string[]} [tags]				- optional event tags
 * @property {string} [topic]				- optional topic
 * @property {string[]} [tags]				- optional tags
 * @property {Record<string,any>} [data]	- optional data payload of the event
 * @property {TIMESTAMPS} timestamps		- timestamps that will be set by the server
 */
@ -27,8 +25,6 @@ export type EVENT = {
 	creator_id: string;
 	type: string;
 	parent_id?: string;
 	channel?: string;
 	topic?: string;
 	tags?: string[];
 	data?: Record<string, any>;
 	timestamps: {
@ -37,6 +33,11 @@ export type EVENT = {
 	};
 };
 type TOPIC_EVENT_CACHE_ENTRY = {
 	collection: FSDB_COLLECTION<EVENT>;
 	eviction_timeout: number;
 };
 // TODO: separate out these different validators somewhere?
 export function VALIDATE_EVENT(event: EVENT) {
 	const errors: any[] = [];
@ -110,8 +111,6 @@ export function VALIDATE_EVENT(event: EVENT) {
 				});
 			}
 			break;
 		case 'presence':
 			break;
 		case 'reaction':
 			if (typeof event.parent_id !== 'string') {
 				errors.push({
@ -149,21 +148,18 @@ export function VALIDATE_EVENT(event: EVENT) {
 	return errors.length ? errors : undefined;
 }
-const EVENT_ID_EXTRACTOR = /^(?<event_type>.*):(?<event_id>.*)$/;
+const TOPIC_EVENT_ID_MATCHER = /^(?<event_type>.*):(?<event_id>.*)$/;
-function smart_event_id_organizer(id: string) {
+const TOPIC_EVENTS: Record<string, TOPIC_EVENT_CACHE_ENTRY> = {};
-	const [event_type, event_id] = id.split(':', 2);
+export function get_events_collection_for_topic(topic_id: string): FSDB_COLLECTION<EVENT> {
-	const event_dirs = by_lurid(event_id).slice(0, -1);
+	TOPIC_EVENTS[topic_id] = TOPIC_EVENTS[topic_id] ?? {
-	return [event_type, ...event_dirs, `${id}.json`];
+		collection: new FSDB_COLLECTION<EVENT>({
-}
+			name: `topics/${topic_id.slice(0, 14)}/${topic_id.slice(0, 34)}/${topic_id}/events`,
 export const EVENTS = new FSDB_COLLECTION<EVENT>({
 	name: `events`,
 			id_field: 'id',
 			organize: (id) => {
-		EVENT_ID_EXTRACTOR.lastIndex = 0;
+				TOPIC_EVENT_ID_MATCHER.lastIndex = 0;
-		const groups: Record<string, string> | undefined = EVENT_ID_EXTRACTOR.exec(id ?? '')?.groups;
+				const groups: Record<string, string> | undefined = TOPIC_EVENT_ID_MATCHER.exec(id ?? '')?.groups;
 				if (!groups) {
 					throw new Error('Could not parse event id: ' + id);
@ -177,7 +173,7 @@ export const EVENTS = new FSDB_COLLECTION<EVENT>({
 					event_id.slice(0, 14),
 					event_id.slice(0, 34),
 					event_id,
-			`${id}.json`
+					`${event_id}.json` /* TODO: this should be ${id}.json - need to write a converter */
 				];
 			},
 			indexers: {
@ -192,23 +188,7 @@ export const EVENTS = new FSDB_COLLECTION<EVENT>({
 					name: 'parent_id',
 					field: 'parent_id',
 					to_many: true,
-			organize: smart_event_id_organizer
+					organize: by_lurid
 		}),
 		channel: new FSDB_INDEXER_SYMLINKS<EVENT>({
 			name: 'channel',
 			field: 'channel',
 			to_many: true,
 			organize: (channel: string) => [channel],
 			organize_id: smart_event_id_organizer
 		}),
 		topic: new FSDB_INDEXER_SYMLINKS<EVENT>({
 			name: 'topic',
 			field: 'topic',
 			to_many: true,
 			organize: (topic: string) => [topic],
 			organize_id: smart_event_id_organizer
 				}),
 				tags: new FSDB_INDEXER_SYMLINKS<EVENT>({
@ -217,8 +197,29 @@ export const EVENTS = new FSDB_COLLECTION<EVENT>({
 						return (event.tags ?? []).map((tag: string) => tag.toLowerCase());
 					},
 					to_many: true,
-			organize: (tag: string) => tag.length > 3 ? [tag.substring(0, 3), tag] : [tag],
+					organize: by_character
 			organize_id: smart_event_id_organizer
 				})
 			}
-});
+		}),
 		eviction_timeout: 0
 	};
 	if (TOPIC_EVENTS[topic_id].eviction_timeout) {
 		clearTimeout(TOPIC_EVENTS[topic_id].eviction_timeout);
 	}
 	TOPIC_EVENTS[topic_id].eviction_timeout = setTimeout(() => {
 		delete TOPIC_EVENTS[topic_id];
 	}, 60_000 * 5);
 	return TOPIC_EVENTS[topic_id].collection;
 }
 export function clear_topic_events_cache() {
 	for (const [topic_id, cached] of Object.entries(TOPIC_EVENTS)) {
 		if (cached.eviction_timeout) {
 			clearTimeout(cached.eviction_timeout);
 		}
 		delete TOPIC_EVENTS[topic_id];
 	}
 }
--- a/models/topic.ts
+++ b/models/topic.ts
@ -0,0 +1,87 @@
 import { by_character, by_lurid } from '@andyburke/fsdb/organizers';
 import { FSDB_COLLECTION } from '@andyburke/fsdb';
 import { FSDB_INDEXER_SYMLINKS } from '@andyburke/fsdb/indexers';
 /**
 * @typedef {object} TOPIC_PERMISSIONS
 * @property {string[]}	read			a list of user_ids with read permission for the topic
 * @property {string[]} write			a list of user_ids with write permission for the topic
 * @property {string[]} read_events		a list of user_ids with read_events permission for this topic
 * @property {string[]} write_events	a list of user_ids with write_events permission for this topic
 */
 /**
 * TOPIC
 *
 * @property {string} id						- lurid (stable)
 * @property {string} name						- channel name (max 64 characters, unique, unstable)
 * @property {string} creator_id				- user id of the topic creator
 * @property {TOPIC_PERMISSIONS} permissions		- permissions setup for the topic
 * @property {string} [icon_url]				- optional url for topic icon
 * @property {string} [topic]					- optional topic for the topic
 * @property {string} [rules]					- optional topic rules (Markdown/text)
 * @property {string[]} [tags]					- optional tags for the topic
 * @property {Record<string,any>} [meta]		- optional metadata about the topic
 * @property {Record<string,string>} [emojis]	- optional emojis table, eg: { 'rofl': 🤣, 'blap': 'https://somewhere.someplace/image.jpg' }
 */
 export type TOPIC = {
 	id: string;
 	name: string;
 	creator_id: string;
 	permissions: {
 		read: string[];
 		write: string[];
 		read_events: string[];
 		write_events: string[];
 	};
 	icon_url?: string;
 	topic?: string;
 	rules?: string;
 	tags?: string[];
 	meta?: Record<string, any>;
 	emojis?: Record<string, string>; // either: string: emoji eg: { 'rofl: 🤣, ... } or { 'rofl': 🤣, 'blap': 'https://somewhere.someplace/image.jpg' }
 	timestamps: {
 		created: string;
 		updated: string;
 		archived: string | undefined;
 	};
 };
 export const TOPICS = new FSDB_COLLECTION<TOPIC>({
 	name: 'topics',
 	id_field: 'id',
 	organize: by_lurid,
 	indexers: {
 		creator_id: new FSDB_INDEXER_SYMLINKS<TOPIC>({
 			name: 'creator_id',
 			field: 'creator_id',
 			to_many: true,
 			organize: by_lurid
 		}),
 		name: new FSDB_INDEXER_SYMLINKS<TOPIC>({
 			name: 'name',
 			get_values_to_index: (topic) => [topic.name.toLowerCase()],
 			organize: by_character
 		}),
 		tags: new FSDB_INDEXER_SYMLINKS<TOPIC>({
 			name: 'tags',
 			get_values_to_index: (topic): string[] => {
 				return (topic.tags ?? []).map((tag) => tag.toLowerCase());
 			},
 			to_many: true,
 			organize: by_character
 		}),
 		topic: new FSDB_INDEXER_SYMLINKS<TOPIC>({
 			name: 'topic',
 			get_values_to_index: (topic): string[] => {
 				return (topic.topic ?? '').split(/\W/);
 			},
 			to_many: true,
 			organize: by_character
 		})
 	}
 });
--- a/models/watch.ts
+++ b/models/watch.ts
@ -2,30 +2,32 @@ import { FSDB_COLLECTION } from '@andyburke/fsdb';
 import { by_lurid } from '@andyburke/fsdb/organizers';
 import { FSDB_INDEXER_SYMLINKS } from '@andyburke/fsdb/indexers';
 /**
 * @typedef {object} WATCH_TYPE_INFO
 * @property {boolean}	ignored					if true, this type should NOT produce any indications or notifications
 * @property {string}	last_id_seen			the last event id the user has seen for this event type
 * @property {string}	last_id_notified		the last event id the user was notified about for this type
 */
 export type WATCH_TYPE_INFO = {
 	ignored: boolean;
 	last_id_seen: string;
 	last_id_notified: string;
 };
 /**
 * @typedef {object} WATCH_TIMESTAMPS
 * @property {string}	created			the created date of the watch
 * @property {string}	updated			the last updated date, usually coinciding with the last seen id being changed
 */
 export type WATCH_TIMESTAMPS = {
 	created: string;
 	updated: string;
 };
 /**
 * WATCH
 *
 * @property {string} id						- lurid (stable)
 * @property {string} creator_id				- user id of the watch creator
- * @property {string} [type]					- a filter for event type
+ * @property {string} topic_id					- the topic_id being watched
- * @property {string} [parent_id]				- a filter for event parent_id
+ * @property {[WATCH_TYPE_INFO]} types			- information for types being watched within this topic
 * @property {string} [channel]					- a filter for event channel
 * @property {string} [topic]					- a filter for event topic
 * @property {string[]} [tags]					- a filter for event tags
 * @property {Record<string,any>} [data]		- a filter on event data, each leaf should be a RegExp
 * @property {string} last_id_seen				- the last id the user has seen for this watch
 * @property {string} [last_id_notified]		- the last id the user was notified about for this watch
 * @property {Record<string,any>} [meta]		- optional metadata about the watch
 * @property {WATCH_TIMESTAMPS} timestamps		- timestamps for the watch
 */
@ -33,16 +35,13 @@ export type WATCH_TIMESTAMPS = {
 export type WATCH = {
 	id: string;
 	creator_id: string;
-	type?: string;
+	topic_id: string;
-	parent_id?: string;
+	types: [WATCH_TYPE_INFO];
 	channel?: string;
 	topic?: string;
 	tags?: string[];
 	data?: Record<string, any>;
 	last_id_seen: string;
 	last_id_notified?: string;
 	meta?: Record<string, any>;
-	timestamps: WATCH_TIMESTAMPS;
+	timestamps: {
 		created: string;
 		updated: string;
 	};
 };
 export const WATCHES = new FSDB_COLLECTION<WATCH>({
@ -57,44 +56,11 @@ export const WATCHES = new FSDB_COLLECTION<WATCH>({
 			organize: by_lurid
 		}),
-		type: new FSDB_INDEXER_SYMLINKS<WATCH>({
+		topic_id: new FSDB_INDEXER_SYMLINKS<WATCH>({
-			name: 'type',
+			name: 'topic_id',
-			field: 'type',
+			field: 'topic_id',
 			to_many: true,
-			organize: (type: string) => [type],
+			organize: by_lurid
 			organize_id: by_lurid
 		}),
 		parent_id: new FSDB_INDEXER_SYMLINKS<WATCH>({
 			name: 'parent_id',
 			field: 'parent_id',
 			to_many: true,
 			organize: by_lurid,
 			organize_id: by_lurid
 		}),
 		channel: new FSDB_INDEXER_SYMLINKS<WATCH>({
 			name: 'channel',
 			field: 'channel',
 			to_many: true,
 			organize: (channel: string) => channel.length > 3 ? [channel.substring(0, 3), channel] : [channel],
 			organize_id: by_lurid
 		}),
 		topic: new FSDB_INDEXER_SYMLINKS<WATCH>({
 			name: 'topic',
 			field: 'topic',
 			to_many: true,
 			organize: (topic: string) => topic.length > 3 ? [topic.substring(0, 3), topic] : [topic],
 			organize_id: by_lurid
 		}),
 		tags: new FSDB_INDEXER_SYMLINKS<WATCH>({
 			name: 'tags',
 			field: 'tags',
 			to_many: true,
 			organize: (tag: string) => tag.length > 3 ? [tag.substring(0, 3), tag] : [tag],
 			organize_id: by_lurid
 		})
 	}
 });
--- a/public/api/channels/:channel_id/README.md
+++ b/public/api/channels/:channel_id/README.md
@ -1,23 +0,0 @@
 # /api/channels/:channel_id
 Interact with a specific channel.
 ## GET /api/channels/:channel_id
 Get the channel specified by `:channel_id`.
 ## PUT /api/channels/:channel_id
 Update the channels specified by `:channel_id`.
 Eg:
 ```
 {
 	name?: string;
 }
 ```
 ## DELETE /api/channels/:channel_id
 Delete the channel specified by `:channel_id`.
--- a/public/api/channels/:channel_id/events/:event_id/index.ts
+++ b/public/api/channels/:channel_id/events/:event_id/index.ts
@ -1,40 +0,0 @@
 import { EVENT, EVENTS } from '../../../../../../models/event.ts';
 import { CHANNEL, CHANNELS } from '../../../../../../models/channel.ts';
 import * as CANNED_RESPONSES from '../../../../../../utils/canned_responses.ts';
 import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../../utils/prechecks.ts';
 export const PRECHECKS: PRECHECK_TABLE = {};
 // GET /api/channels/:channel_id/events/:id - Get an event
 PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
 	const channel_id: string = meta.params?.channel_id?.toLowerCase().trim() ?? '';
 	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
 	const channel: CHANNEL | null = channel_id.length === 49 ? await CHANNELS.get(channel_id) : null;
 	if (!channel) {
 		return CANNED_RESPONSES.not_found();
 	}
 	meta.channel = channel;
 	const channel_is_public = channel.permissions.read.length === 0;
 	const user_has_read_for_channel = channel_is_public || channel.permissions.read.includes(meta.user.id);
 	const channel_has_public_events = user_has_read_for_channel && (channel.permissions.events.read.length === 0);
 	const user_has_read_events_for_channel = user_has_read_for_channel &&
 		(channel_has_public_events || channel.permissions.events.read.includes(meta.user.id));
 	if (!user_has_read_events_for_channel) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
 export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
 	const event: EVENT | null = await EVENTS.get(meta.params.event_id);
 	if (!event) {
 		return CANNED_RESPONSES.not_found();
 	}
 	return Response.json(event, {
 		status: 200
 	});
 }
--- a/public/api/channels/:channel_id/events/index.ts
+++ b/public/api/channels/:channel_id/events/index.ts
@ -1,134 +0,0 @@
 import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../utils/prechecks.ts';
 import { CHANNEL, CHANNELS } from '../../../../../models/channel.ts';
 import * as CANNED_RESPONSES from '../../../../../utils/canned_responses.ts';
 import { EVENT, EVENTS } from '../../../../../models/event.ts';
 import { FSDB_SEARCH_OPTIONS, WALK_ENTRY } from '@andyburke/fsdb';
 export const PRECHECKS: PRECHECK_TABLE = {};
 // GET /api/channels/:channel_id/events - get channel events
 // query parameters:
 //   partial_id: the partial id subset you would like to match (remember, lurids are lexigraphically sorted)
 PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
 	const channel_id: string = meta.params?.channel_id?.toLowerCase().trim() ?? '';
 	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
 	const channel: CHANNEL | null = channel_id.length === 49 ? await CHANNELS.get(channel_id) : null;
 	if (!channel) {
 		return CANNED_RESPONSES.not_found();
 	}
 	meta.channel = channel;
 	const channel_is_public: boolean = meta.channel.permissions.read.length === 0;
 	const user_has_read_for_channel = channel_is_public || meta.channel.permissions.read.includes(meta.user.id);
 	if (!user_has_read_for_channel) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
 export async function GET(request: Request, meta: Record<string, any>): Promise<Response> {
 	const sorts = EVENTS.sorts;
 	const sort_name: string = meta.query.sort ?? 'newest';
 	const key = sort_name as keyof typeof sorts;
 	const sort: any = sorts[key];
 	if (!sort) {
 		return Response.json({
 			error: {
 				message: 'You must specify a sort: newest, oldest, latest, stalest',
 				cause: 'invalid_sort'
 			}
 		}, {
 			status: 400
 		});
 	}
 	const options: FSDB_SEARCH_OPTIONS<EVENT> = {
 		...(meta.query ?? {}),
 		limit: Math.min(parseInt(meta.query?.limit ?? '10', 10), 1_000),
 		offset: Math.max(parseInt(meta.query?.offset ?? '0', 10), 0),
 		sort,
 		filter: (entry: WALK_ENTRY<EVENT>) => {
 			const {
 				event_type,
 				event_id
 			} = /^.*\/(?<event_type>.*?):(?<event_id>[A-Za-z-]+)\.json$/.exec(entry.path)?.groups ?? {};
 			if (meta.query.after_id && event_id <= meta.query.after_id) {
 				return false;
 			}
 			if (meta.query.before_id && event_id >= meta.query.before_id) {
 				return false;
 			}
 			if (meta.query.type && !meta.query.type.split(',').includes(event_type)) {
 				return false;
 			}
 			return true;
 		}
 	};
 	const headers = {
 		'Cache-Control': 'no-cache, must-revalidate'
 	};
 	const results = (await EVENTS.find({
 		channel: meta.channel.id
 	}, options))
 		.map((entry: WALK_ENTRY<EVENT>) => entry.load())
 		.sort((lhs_item: EVENT, rhs_item: EVENT) => rhs_item.timestamps.created.localeCompare(lhs_item.timestamps.created));
 	// long-polling support
 	if (results.length === 0 && meta.query.wait) {
 		return new Promise((resolve, reject) => {
 			function on_create(create_event: any) {
 				if (create_event.item.channel !== meta.channel.id) {
 					return;
 				}
 				if (meta.query.type && !meta.query.type.split(',').includes(create_event.item.type)) {
 					return;
 				}
 				results.push(create_event.item);
 				clearTimeout(timeout);
 				EVENTS.off('create', on_create);
 				return resolve(Response.json(results, {
 					status: 200,
 					headers
 				}));
 			}
 			const timeout = setTimeout(() => {
 				EVENTS.off('create', on_create);
 				return resolve(Response.json(results, {
 					status: 200,
 					headers
 				}));
 			}, 60_000); // 60 seconds
 			EVENTS.on('create', on_create);
 			request.signal.addEventListener('abort', () => {
 				EVENTS.off('create', on_create);
 				clearTimeout(timeout);
 				reject(new Error('request aborted'));
 			});
 			Deno.addSignalListener('SIGINT', () => {
 				EVENTS.off('create', on_create);
 				clearTimeout(timeout);
 				return resolve(Response.json(results, {
 					status: 200,
 					headers
 				}));
 			});
 		});
 	}
 	return Response.json(results, {
 		status: 200,
 		headers
 	});
 }
--- a/public/api/channels/README.md
+++ b/public/api/channels/README.md
@ -1,28 +0,0 @@
 # /api/channels
 Interact with channels.
 ## POST /api/channels
 Create a new channel.
 ```
 export type CHANNEL = {
 	id: string; // unique id for this channel
 	name: string; // the name of the channel (max 128 characters)
 	icon?: string; // optional url for a channel icon
 	topic?: string; // optional channel topic
 	tags?: string[]; // optional tags for the channel
 	meta?: Record<string, any>; // optional metadata
 	limits: {
 		users: number;
 		user_messages_per_minute: number;
 	};
 	creator_id: string; // user_id of the topic creator
 	emojis: Record<string, string>; // either: string: emoji eg: { 'rofl: 🤣, ... } or { 'rofl': 🤣, 'blap': 'https://somewhere.someplace/image.jpg' }
 };
 ```
 ## GET /api/channels
 Get channels.
--- a/public/api/events/:event_id/README.md
+++ b/public/api/events/:event_id/README.md
@ -1,7 +0,0 @@
 ## PUT /api/events/:event_id
 Update an event.
 ## DELETE /api/events/:event_id
 Delete an event.
--- a/public/api/events/:event_id/index.ts
+++ b/public/api/events/:event_id/index.ts
@ -1,159 +0,0 @@
 import { CHANNEL, CHANNELS } from '../../../../models/channel.ts';
 import { EVENT, EVENTS } from '../../../../models/event.ts';
 import parse_body from '../../../../utils/bodyparser.ts';
 import * as CANNED_RESPONSES from '../../../../utils/canned_responses.ts';
 import { get_session, get_user, PRECHECK_TABLE, require_user, user_has_write_permission_for_event } from '../../../../utils/prechecks.ts';
 export const PRECHECKS: PRECHECK_TABLE = {};
 // GET /api/events/:id - Get an event
 PRECHECKS.GET = [get_session, get_user, require_user];
 export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
 	const event: EVENT | null = await EVENTS.get(meta.params.event_id);
 	if (!event) {
 		return CANNED_RESPONSES.not_found();
 	}
 	return Response.json(event, {
 		status: 200
 	});
 }
 // PUT /api/events/:event_id - Update event
 PRECHECKS.PUT = [
 	get_session,
 	get_user,
 	require_user,
 	(_req: Request, _meta: Record<string, any>): Response | undefined => {
 		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
 			return CANNED_RESPONSES.append_only_events();
 		}
 	},
 	(_req: Request, meta: Record<string, any>): Response | undefined => {
 		if (!meta.user.permissions.some((permission: string) => permission.indexOf('events.write') === 0)) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 	}
 ];
 export async function PUT(req: Request, meta: Record<string, any>): Promise<Response> {
 	const now = new Date().toISOString();
 	try {
 		const event: EVENT | null = await EVENTS.get(meta.params.event_id);
 		if (!event) {
 			return CANNED_RESPONSES.not_found();
 		}
 		if (event.creator_id !== meta.user.id) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 		const body = await parse_body(req);
 		const updated: EVENT = {
 			...event,
 			...body,
 			id: event.id,
 			creator_id: event.creator_id,
 			channel: event.channel,
 			timestamps: {
 				created: event.timestamps.created,
 				updated: now
 			}
 		};
 		if (updated.channel) {
 			const channel: CHANNEL | null = await CHANNELS.get(updated.channel);
 			if (!channel) {
 				return Response.json({
 					errors: [{
 						cause: 'missing_channel',
 						message: 'No such channel exists.'
 					}]
 				}, {
 					status: 400
 				});
 			}
 			const user_can_write_events_to_channel = channel.permissions.events.write.length === 0 ? true : channel.permissions.events.write.includes(meta.user.id);
 			if (!user_can_write_events_to_channel) {
 				return CANNED_RESPONSES.permission_denied();
 			}
 		}
 		if (!user_has_write_permission_for_event(meta.user, updated)) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 		await EVENTS.update(updated);
 		return Response.json(updated, {
 			status: 200
 		});
 	} catch (err) {
 		return Response.json({
 			error: {
 				message: (err as Error)?.message ?? 'Unknown error due to invalid data.',
 				cause: (err as Error)?.cause ?? 'invalid_data'
 			}
 		}, {
 			status: 400
 		});
 	}
 }
 // DELETE /api/events/:event_id - Delete event
 PRECHECKS.DELETE = [
 	get_session,
 	get_user,
 	require_user,
 	(_req: Request, _meta: Record<string, any>): Response | undefined => {
 		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
 			return CANNED_RESPONSES.append_only_events();
 		}
 	},
 	(_req: Request, meta: Record<string, any>): Response | undefined => {
 		if (!meta.user.permissions.some((permission: string) => permission.indexOf('events.write') === 0)) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 	}
 ];
 export async function DELETE(_req: Request, meta: Record<string, any>): Promise<Response> {
 	const event: EVENT | null = await EVENTS.get(meta.params.event_id);
 	if (!event) {
 		return CANNED_RESPONSES.not_found();
 	}
 	if (event.channel) {
 		const channel: CHANNEL | null = await CHANNELS.get(event.channel);
 		if (!channel) {
 			return Response.json({
 				errors: [{
 					cause: 'missing_channel',
 					message: 'No such channel exists.'
 				}]
 			}, {
 				status: 400
 			});
 		}
 		const user_can_write_events_to_channel = channel.permissions.events.write.length === 0 ? true : channel.permissions.events.write.includes(meta.user.id);
 		if (!user_can_write_events_to_channel) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 	}
 	if (!user_has_write_permission_for_event(meta.user, event)) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 	await EVENTS.delete(event);
 	return Response.json({
 		deleted: true
 	}, {
 		status: 200
 	});
 }
--- a/public/api/events/README.md
+++ b/public/api/events/README.md
@ -1,11 +0,0 @@
 # /api/events
 Interact with events.
 ## GET /api/events
 Get events.
 ## POST /api/events
 Create an event.
--- a/public/api/topics/:topic_id/README.md
+++ b/public/api/topics/:topic_id/README.md
@ -0,0 +1,23 @@
 # /api/topics/:topic_id
 Interact with a specific topic.
 ## GET /api/topics/:topic_id
 Get the topic specified by `:topic_id`.
 ## PUT /api/topics/:topic_id
 Update the topics specified by `:topic_id`.
 Eg:
 ```
 {
 	name?: string;
 }
 ```
 ## DELETE /api/topics/:topic_id
 Delete the topic specified by `:topic_id`.
--- a/public/api/topics/:topic_id/events/:event_id/README.md
+++ b/public/api/topics/:topic_id/events/:event_id/README.md
--- a/public/api/topics/:topic_id/events/:event_id/index.ts
+++ b/public/api/topics/:topic_id/events/:event_id/index.ts
@ -0,0 +1,166 @@
 import { FSDB_COLLECTION } from '@andyburke/fsdb';
 import { EVENT, get_events_collection_for_topic } from '../../../../../../models/event.ts';
 import { TOPIC, TOPICS } from '../../../../../../models/topic.ts';
 import parse_body from '../../../../../../utils/bodyparser.ts';
 import * as CANNED_RESPONSES from '../../../../../../utils/canned_responses.ts';
 import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../../utils/prechecks.ts';
 export const PRECHECKS: PRECHECK_TABLE = {};
 // GET /api/topics/:topic_id/events/:id - Get an event
 PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
 	const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
 	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
 	const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
 	if (!topic) {
 		return CANNED_RESPONSES.not_found();
 	}
 	meta.topic = topic;
 	const topic_is_public = topic.permissions.read.length === 0;
 	const user_has_read_for_topic = topic_is_public || topic.permissions.read.includes(meta.user.id);
 	const topic_has_public_events = user_has_read_for_topic && (topic.permissions.read_events.length === 0);
 	const user_has_read_events_for_topic = user_has_read_for_topic &&
 		(topic_has_public_events || topic.permissions.read_events.includes(meta.user.id));
 	if (!user_has_read_events_for_topic) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
 export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
 	const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_topic(meta.topic.id);
 	const event: EVENT | null = await events.get(meta.params.event_id);
 	if (!event) {
 		return CANNED_RESPONSES.not_found();
 	}
 	return Response.json(event, {
 		status: 200
 	});
 }
 // PUT /api/topics/:topic_id/events/:event_id - Update event
 PRECHECKS.PUT = [
 	get_session,
 	get_user,
 	require_user,
 	(_req: Request, _meta: Record<string, any>): Response | undefined => {
 		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
 			return CANNED_RESPONSES.append_only_events();
 		}
 	},
 	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
 		const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
 		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
 		const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
 		if (!topic) {
 			return CANNED_RESPONSES.not_found();
 		}
 		meta.topic = topic;
 		const topic_is_public: boolean = meta.topic.permissions.read.length === 0;
 		const user_has_read_for_topic = topic_is_public || meta.topic.permissions.read.includes(meta.user.id);
 		const topic_events_are_publicly_writable = meta.topic.permissions.write_events.length === 0;
 		const user_has_write_events_for_topic = user_has_read_for_topic &&
 			(topic_events_are_publicly_writable || meta.topic.permissions.write_events.includes(meta.user.id));
 		if (!user_has_write_events_for_topic) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 	}
 ];
 export async function PUT(req: Request, meta: Record<string, any>): Promise<Response> {
 	const now = new Date().toISOString();
 	try {
 		const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_topic(meta.topic.id);
 		const event: EVENT | null = await events.get(meta.params.event_id);
 		if (!event) {
 			return CANNED_RESPONSES.not_found();
 		}
 		if (event.creator_id !== meta.user.id) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 		const body = await parse_body(req);
 		const updated = {
 			...event,
 			...body,
 			id: event.id,
 			creator_id: event.creator_id,
 			timestamps: {
 				created: event.timestamps.created,
 				updated: now
 			}
 		};
 		await events.update(updated);
 		return Response.json(updated, {
 			status: 200
 		});
 	} catch (err) {
 		return Response.json({
 			error: {
 				message: (err as Error)?.message ?? 'Unknown error due to invalid data.',
 				cause: (err as Error)?.cause ?? 'invalid_data'
 			}
 		}, {
 			status: 400
 		});
 	}
 }
 // DELETE /api/topics/:topic_id/events/:event_id - Delete event
 PRECHECKS.DELETE = [
 	get_session,
 	get_user,
 	require_user,
 	(_req: Request, _meta: Record<string, any>): Response | undefined => {
 		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
 			return CANNED_RESPONSES.append_only_events();
 		}
 	},
 	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
 		const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
 		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
 		const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
 		if (!topic) {
 			return CANNED_RESPONSES.not_found();
 		}
 		meta.topic = topic;
 		const topic_is_public: boolean = meta.topic.permissions.read.length === 0;
 		const user_has_read_for_topic = topic_is_public || meta.topic.permissions.read.includes(meta.user.id);
 		const topic_events_are_publicly_writable = meta.topic.permissions.write_events.length === 0;
 		const user_has_write_events_for_topic = user_has_read_for_topic &&
 			(topic_events_are_publicly_writable || meta.topic.permissions.write_events.includes(meta.user.id));
 		if (!user_has_write_events_for_topic) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 	}
 ];
 export async function DELETE(_req: Request, meta: Record<string, any>): Promise<Response> {
 	const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_topic(meta.topic.id);
 	const event: EVENT | null = await events.get(meta.params.event_id);
 	if (!event) {
 		return CANNED_RESPONSES.not_found();
 	}
 	await events.delete(event);
 	return Response.json({
 		deleted: true
 	}, {
 		status: 200
 	});
 }
--- a/public/api/topics/:topic_id/events/README.md
+++ b/public/api/topics/:topic_id/events/README.md
@ -0,0 +1,15 @@
 # /api/topics/:topic_id/events
 Interact with a events for a topic.
 ## GET /api/topics/:topic_id/events
 Get events for the given topic.
 ## PUT /api/topics/:topic_id/events/:event_id
 Update an event.
 ## DELETE /api/topics/:topic_id/events/:event_id
 Delete an event.
--- a/public/api/topics/:topic_id/events/index.ts
+++ b/public/api/topics/:topic_id/events/index.ts
@ -1,21 +1,42 @@
 import lurid from '@andyburke/lurid';
-import { get_session, get_user, PRECHECK_TABLE, require_user, user_has_write_permission_for_event } from '../../../utils/prechecks.ts';
+import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../utils/prechecks.ts';
-import * as CANNED_RESPONSES from '../../../utils/canned_responses.ts';
+import { TOPIC, TOPICS } from '../../../../../models/topic.ts';
-import { EVENT, EVENTS, VALIDATE_EVENT } from '../../../models/event.ts';
+import * as CANNED_RESPONSES from '../../../../../utils/canned_responses.ts';
-import parse_body from '../../../utils/bodyparser.ts';
+import { EVENT, get_events_collection_for_topic, VALIDATE_EVENT } from '../../../../../models/event.ts';
-import { FSDB_SEARCH_OPTIONS, WALK_ENTRY } from '@andyburke/fsdb';
+import parse_body from '../../../../../utils/bodyparser.ts';
-import { WATCH, WATCHES } from '../../../models/watch.ts';
+import { FSDB_COLLECTION, FSDB_SEARCH_OPTIONS, WALK_ENTRY } from '@andyburke/fsdb';
-import { flatten } from '../../../utils/object_helpers.ts';
+import { WATCH, WATCHES } from '../../../../../models/watch.ts';
 import { CHANNEL, CHANNELS } from '../../../models/channel.ts';
 export const PRECHECKS: PRECHECK_TABLE = {};
-// GET /api/events - get events
+// GET /api/topics/:topic_id/events - get topic events
 // query parameters:
 //   partial_id: the partial id subset you would like to match (remember, lurids are lexigraphically sorted)
-PRECHECKS.GET = [get_session, get_user, require_user];
+PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
 	const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
 	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
 	const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
 	if (!topic) {
 		return CANNED_RESPONSES.not_found();
 	}
 	meta.topic = topic;
 	const topic_is_public: boolean = meta.topic.permissions.read.length === 0;
 	const user_has_read_for_topic = topic_is_public || meta.topic.permissions.read.includes(meta.user.id);
 	const topic_events_are_public = meta.topic.permissions.read_events.length === 0;
 	const user_has_read_events_for_topic = user_has_read_for_topic &&
 		(topic_events_are_public || meta.topic.permissions.read_events.includes(meta.user.id));
 	if (!user_has_read_events_for_topic) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
 export async function GET(request: Request, meta: Record<string, any>): Promise<Response> {
-	const sorts = EVENTS.sorts;
+	const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_topic(meta.topic.id);
 	const sorts = events.sorts;
 	const sort_name: string = meta.query.sort ?? 'newest';
 	const key = sort_name as keyof typeof sorts;
 	const sort: any = sorts[key];
@ -32,7 +53,7 @@ export async function GET(request: Request, meta: Record<string, any>): Promise<
 	const options: FSDB_SEARCH_OPTIONS<EVENT> = {
 		...(meta.query ?? {}),
-		limit: Math.min(parseInt(meta.query?.limit ?? '100', 10), 1_000),
+		limit: Math.min(parseInt(meta.query?.limit ?? '10', 10), 1_000),
 		offset: Math.max(parseInt(meta.query?.offset ?? '0', 10), 0),
 		sort,
 		filter: (entry: WALK_ENTRY<EVENT>) => {
@ -61,9 +82,8 @@ export async function GET(request: Request, meta: Record<string, any>): Promise<
 		'Cache-Control': 'no-cache, must-revalidate'
 	};
-	const results = (await EVENTS.all(options))
+	const results = (await events.all(options))
 		.map((entry: WALK_ENTRY<EVENT>) => entry.load())
 		.filter((event) => typeof event.channel === 'undefined') // channel events must be queried via the channel's api
 		.sort((lhs_item: EVENT, rhs_item: EVENT) => rhs_item.timestamps.created.localeCompare(lhs_item.timestamps.created));
 	// long-polling support
@ -76,7 +96,7 @@ export async function GET(request: Request, meta: Record<string, any>): Promise<
 				results.push(create_event.item);
 				clearTimeout(timeout);
-				EVENTS.off('create', on_create);
+				events.off('create', on_create);
 				return resolve(Response.json(results, {
 					status: 200,
@ -85,20 +105,20 @@ export async function GET(request: Request, meta: Record<string, any>): Promise<
 			}
 			const timeout = setTimeout(() => {
-				EVENTS.off('create', on_create);
+				events.off('create', on_create);
 				return resolve(Response.json(results, {
 					status: 200,
 					headers
 				}));
 			}, 60_000); // 60 seconds
-			EVENTS.on('create', on_create);
+			events.on('create', on_create);
 			request.signal.addEventListener('abort', () => {
-				EVENTS.off('create', on_create);
+				events.off('create', on_create);
 				clearTimeout(timeout);
 				reject(new Error('request aborted'));
 			});
 			Deno.addSignalListener('SIGINT', () => {
-				EVENTS.off('create', on_create);
+				events.off('create', on_create);
 				clearTimeout(timeout);
 				return resolve(Response.json(results, {
 					status: 200,
@ -114,78 +134,52 @@ export async function GET(request: Request, meta: Record<string, any>): Promise<
 	});
 }
-async function update_watches(event: EVENT) {
+async function update_watches(topic: TOPIC, event: EVENT) {
 	const limit = 100;
 	let more_to_process;
 	let offset = 0;
 	do {
-		const watches: WATCH[] = (await WATCHES.all({
+		const watches: WATCH[] = (await WATCHES.find({
 			topic_id: topic.id
 		}, {
 			limit,
 			offset
 		})).map((entry) => entry.load());
-		for (const watch of watches) {
+		// TODO: look at the watch .types[] and send notifications
 			if (typeof watch.type === 'string' && event.type !== watch.type) {
 				continue;
 			}
 			if (typeof watch.parent_id === 'string' && event.parent_id !== watch.parent_id) {
 				continue;
 			}
 			if (typeof watch.channel === 'string' && event.channel !== watch.channel) {
 				continue;
 			}
 			if (typeof watch.topic === 'string' && event.topic !== watch.topic) {
 				continue;
 			}
 			if (typeof watch.tags !== 'undefined' && !watch.tags.every((tag) => event.tags?.includes(tag))) {
 				continue;
 			}
 			if (typeof watch.data !== 'undefined') {
 				const event_data = flatten(event.data ?? {});
 				for (const [key, value] of Object.entries(flatten(watch.data))) {
 					const matcher = new RegExp(value);
 					if (!matcher.test(event_data[key])) {
 						continue;
 					}
 				}
 			}
 			if (event.id < watch.last_id_seen) {
 				continue;
 			}
 			watch.last_id_seen = event.id;
 			// TODO: send a notification
 			console.dir({
 				notification: {
 					watch,
 					event
 				}
 			});
 		}
 		offset += watches.length;
 		more_to_process = watches.length === limit;
 	} while (more_to_process);
 }
-// POST /api/events - Create an event
+// POST /api/topics/:topic_id/events - Create an event
-PRECHECKS.POST = [get_session, get_user, require_user, (_req: Request, meta: Record<string, any>): Response | undefined => {
+PRECHECKS.POST = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
-	const user_can_create_events = meta.user.permissions.some((permission: string) => permission.indexOf('events.create') === 0);
+	const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
-	if (!user_can_create_events) {
+	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
 	const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
 	if (!topic) {
 		return CANNED_RESPONSES.not_found();
 	}
 	meta.topic = topic;
 	const topic_is_public: boolean = meta.topic.permissions.read.length === 0;
 	const user_has_read_for_topic = topic_is_public || meta.topic.permissions.read.includes(meta.user.id);
 	const topic_events_are_publicly_writable = meta.topic.permissions.write_events.length === 0;
 	const user_has_write_events_for_topic = user_has_read_for_topic &&
 		(topic_events_are_publicly_writable || meta.topic.permissions.write_events.includes(meta.user.id));
 	if (!user_has_write_events_for_topic) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
 export async function POST(req: Request, meta: Record<string, any>): Promise<Response> {
 	try {
 		const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_topic(meta.topic.id);
 		const now = new Date().toISOString();
 		const body = await parse_body(req);
@ -210,33 +204,11 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 			});
 		}
-		if (!user_has_write_permission_for_event(meta.user, event)) {
+		console.dir({
-			return CANNED_RESPONSES.permission_denied();
+			event
 		}
 		if (event.channel) {
 			const channel: CHANNEL | null = await CHANNELS.get(event.channel);
 			if (!channel) {
 				return Response.json({
 					errors: [{
 						cause: 'missing_channel',
 						message: 'No such channel exists.'
 					}]
 				}, {
 					status: 400
 		});
 			}
-			const user_can_write_events_to_channel = channel.permissions.events.write.length === 0 ? true : channel.permissions.events.write.includes(meta.user.id);
+		await events.create(event);
 			if (!user_can_write_events_to_channel) {
 				return CANNED_RESPONSES.permission_denied();
 			}
 		}
 		await EVENTS.create(event);
 		update_watches(event);
 		return Response.json(event, {
 			status: 201
--- a/public/api/channels/:channel_id/index.ts
+++ b/public/api/channels/:channel_id/index.ts
@ -1,50 +1,50 @@
 import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../utils/prechecks.ts';
 import parse_body from '../../../../utils/bodyparser.ts';
 import * as CANNED_RESPONSES from '../../../../utils/canned_responses.ts';
-import { CHANNEL, CHANNELS } from '../../../../models/channel.ts';
+import { TOPIC, TOPICS } from '../../../../models/topic.ts';
 export const PRECHECKS: PRECHECK_TABLE = {};
-// GET /api/channels/:id - Get a channel
+// GET /api/topics/:id - Get a topic
 PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
-	const channel_id: string = meta.params?.channel_id?.toLowerCase().trim() ?? '';
+	const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
 	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
-	const channel: CHANNEL | null = channel_id.length === 49 ? await CHANNELS.get(channel_id) : null;
+	const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
-	if (!channel) {
+	if (!topic) {
 		return CANNED_RESPONSES.not_found();
 	}
-	meta.channel = channel;
+	meta.topic = topic;
-	const channel_is_public = channel.permissions.read.length === 0;
+	const topic_is_public = topic.permissions.read.length === 0;
-	const user_has_read_for_channel = channel_is_public || channel.permissions.read.includes(meta.user.id);
+	const user_has_read_for_topic = topic_is_public || topic.permissions.read.includes(meta.user.id);
-	if (!user_has_read_for_channel) {
+	if (!user_has_read_for_topic) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
 export function GET(_req: Request, meta: Record<string, any>): Response {
-	return Response.json(meta.channel, {
+	return Response.json(meta.topic, {
 		status: 200
 	});
 }
-// PUT /api/channels/:id - Update channel
+// PUT /api/topics/:id - Update topic
 PRECHECKS.PUT = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
-	const channel_id: string = meta.params?.channel_id?.toLowerCase().trim() ?? '';
+	const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
 	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
-	const channel: CHANNEL | null = channel_id.length === 49 ? await CHANNELS.get(channel_id) : null;
+	const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
-	if (!channel) {
+	if (!topic) {
 		return CANNED_RESPONSES.not_found();
 	}
-	meta.channel = channel;
+	meta.topic = topic;
-	const user_has_write_for_channel = channel.permissions.write.includes(meta.user.id);
+	const user_has_write_for_topic = topic.permissions.write.includes(meta.user.id);
-	if (!user_has_write_for_channel) {
+	if (!user_has_write_for_topic) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
@ -54,16 +54,16 @@ export async function PUT(req: Request, meta: Record<string, any>): Promise<Resp
 	try {
 		const body = await parse_body(req);
 		const updated = {
-			...meta.channel,
+			...meta.topic,
 			...body,
-			id: meta.channel.id,
+			id: meta.topic.id,
 			timestamps: {
-				created: meta.channel.timestamps.created,
+				created: meta.topic.timestamps.created,
 				updated: now
 			}
 		};
-		await CHANNELS.update(updated);
+		await TOPICS.update(updated);
 		return Response.json(updated, {
 			status: 200
 		});
@ -79,31 +79,31 @@ export async function PUT(req: Request, meta: Record<string, any>): Promise<Resp
 	}
 }
-// DELETE /api/channels/:id - Delete channel
+// DELETE /api/topics/:id - Delete topic
 PRECHECKS.DELETE = [
 	get_session,
 	get_user,
 	require_user,
 	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
-		const channel_id: string = meta.params?.channel_id?.toLowerCase().trim() ?? '';
+		const topic_id: string = meta.params?.topic_id?.toLowerCase().trim() ?? '';
 		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
-		const channel: CHANNEL | null = channel_id.length === 49 ? await CHANNELS.get(channel_id) : null;
+		const topic: TOPIC | null = topic_id.length === 49 ? await TOPICS.get(topic_id) : null;
-		if (!channel) {
+		if (!topic) {
 			return CANNED_RESPONSES.not_found();
 		}
-		meta.channel = channel;
+		meta.topic = topic;
-		const user_has_write_for_channel = channel.permissions.write.includes(meta.user.id);
+		const user_has_write_for_topic = topic.permissions.write.includes(meta.user.id);
-		if (!user_has_write_for_channel) {
+		if (!user_has_write_for_topic) {
 			return CANNED_RESPONSES.permission_denied();
 		}
 	}
 ];
 export async function DELETE(_req: Request, meta: Record<string, any>): Promise<Response> {
-	await CHANNELS.delete(meta.channel);
+	await TOPICS.delete(meta.topic);
 	return Response.json({
 		deleted: true
--- a/public/api/topics/README.md
+++ b/public/api/topics/README.md
@ -0,0 +1,28 @@
 # /api/topics
 Interact with topics.
 ## POST /api/topics
 Create a new topic.
 ```
 export type TOPIC = {
 	id: string; // unique id for this topic
 	name: string; // the name of the topic (max 128 characters)
 	icon_url?: string; // optional url for a topic icon
 	topic?: string; // optional topic topic
 	tags: string[]; // a list of tags for the topic
 	meta: Record<string, any>;
 	limits: {
 		users: number;
 		user_messages_per_minute: number;
 	};
 	creator_id: string; // user_id of the topic creator
 	emojis: Record<string, string>; // either: string: emoji eg: { 'rofl: 🤣, ... } or { 'rofl': 🤣, 'blap': 'https://somewhere.someplace/image.jpg' }
 };
 ```
 ## GET /api/topics
 Get topics.
--- a/public/api/channels/index.ts
+++ b/public/api/channels/index.ts
@ -3,34 +3,40 @@ import parse_body from '../../../utils/bodyparser.ts';
 import { get_session, get_user, require_user } from '../../../utils/prechecks.ts';
 import * as CANNED_RESPONSES from '../../../utils/canned_responses.ts';
 import { PRECHECK_TABLE } from '../../../utils/prechecks.ts';
-import { CHANNEL, CHANNELS } from '../../../models/channel.ts';
+import { TOPIC, TOPICS } from '../../../models/topic.ts';
 import { WALK_ENTRY } from '@andyburke/fsdb';
 export const PRECHECKS: PRECHECK_TABLE = {};
-// GET /api/channels - get channels
+// GET /api/topics - get topics
 PRECHECKS.GET = [get_session, get_user, require_user, (_req: Request, meta: Record<string, any>): Response | undefined => {
-	const can_read_channels = meta.user.permissions.includes('channels.read');
+	const can_read_topics = meta.user.permissions.includes('topics.read');
-	if (!can_read_channels) {
+	if (!can_read_topics) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
 export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
 	const limit = Math.min(parseInt(meta.query.limit ?? '100'), 100);
-	const channels = (await CHANNELS.all({
+	const topics = (await TOPICS.all({
-		limit
+		limit,
-	})).map((channel_entry) => channel_entry.load());
+		filter: (entry: WALK_ENTRY<TOPIC>) => {
 			// we push our event collections into the topics, and fsdb
 			// doesn't yet filter that out in its all() logic
 			return entry.path.indexOf('/events/') === -1;
 		}
 	})).map((topic_entry) => topic_entry.load());
-	return Response.json(channels, {
+	return Response.json(topics, {
 		status: 200
 	});
 }
-// POST /api/channels - Create a channel
+// POST /api/topics - Create a topic
 PRECHECKS.POST = [get_session, get_user, require_user, (_req: Request, meta: Record<string, any>): Response | undefined => {
-	const can_create_channels = meta.user.permissions.includes('channels.create');
+	const can_create_topics = meta.user.permissions.includes('topics.create');
-	if (!can_create_channels) {
+	if (!can_create_topics) {
 		return CANNED_RESPONSES.permission_denied();
 	}
 }];
@ -43,8 +49,8 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 		if (typeof body.name !== 'string' || body.name.length === 0) {
 			return Response.json({
 				error: {
-					cause: 'missing_channel_name',
+					cause: 'missing_topic_name',
-					message: 'You must specify a unique name for a channel.'
+					message: 'You must specify a unique name for a topic.'
 				}
 			}, {
 				status: 400
@ -54,8 +60,8 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 		if (body.name.length > 64) {
 			return Response.json({
 				error: {
-					cause: 'invalid_channel_name',
+					cause: 'invalid_topic_name',
-					message: 'channel names must be 64 characters or fewer.'
+					message: 'topic names must be 64 characters or fewer.'
 				}
 			}, {
 				status: 400
@ -64,31 +70,29 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 		const normalized_name = body.name.toLowerCase();
-		const existing_channel = (await CHANNELS.find({
+		const existing_topic = (await TOPICS.find({
 			name: normalized_name
 		})).shift();
-		if (existing_channel) {
+		if (existing_topic) {
 			return Response.json({
 				error: {
-					cause: 'channel_name_conflict',
+					cause: 'topic_name_conflict',
-					message: 'There is already a channel with this name.'
+					message: 'There is already a topic with this name.'
 				}
 			}, {
 				status: 400
 			});
 		}
-		const channel: CHANNEL = {
+		const topic: TOPIC = {
 			...body,
 			id: lurid(),
 			creator_id: meta.user.id,
 			permissions: {
 				read: (body.permissions?.read ?? []),
 				write: (body.permissions?.write ?? [meta.user.id]),
-				events: {
+				read_events: (body.permissions?.read_events ?? []),
-					read: (body.permissions?.events?.read ?? []),
+				write_events: (body.permissions?.write_events ?? [])
 					write: (body.permissions?.events?.write ?? [])
 				}
 			},
 			timestamps: {
 				created: now,
@ -97,9 +101,9 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 			}
 		};
-		await CHANNELS.create(channel);
+		await TOPICS.create(topic);
-		return Response.json(channel, {
+		return Response.json(topic, {
 			status: 201
 		});
 	} catch (error) {
--- a/public/api/users/:user_id/watches/:watch_id/index.ts
+++ b/public/api/users/:user_id/watches/:watch_id/index.ts
@ -5,7 +5,7 @@ import parse_body from '../../../../../../utils/bodyparser.ts';
 export const PRECHECKS: PRECHECK_TABLE = {};
-// PUT /api/users/:user_id/watches/:watch_id - Update watch
+// PUT /api/users/:user_id/watches/:watch_id - Update topic
 PRECHECKS.PUT = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
 	const watch_id: string = meta.params?.watch_id?.toLowerCase().trim() ?? '';
@ -69,7 +69,7 @@ PRECHECKS.DELETE = [
 			return CANNED_RESPONSES.not_found();
 		}
-		meta.watch = watch;
+		meta.topic = watch;
 		const user_owns_watch = watch.creator_id === meta.user.id;
 		if (!user_owns_watch) {
--- a/public/api/users/:user_id/watches/index.ts
+++ b/public/api/users/:user_id/watches/index.ts
@ -4,7 +4,7 @@ import * as CANNED_RESPONSES from '../../../../../utils/canned_responses.ts';
 import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../utils/prechecks.ts';
 import parse_body from '../../../../../utils/bodyparser.ts';
 import lurid from '@andyburke/lurid';
-import { CHANNELS } from '../../../../../models/channel.ts';
+import { TOPICS } from '../../../../../models/topic.ts';
 export const PRECHECKS: PRECHECK_TABLE = {};
@ -99,18 +99,34 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 			}
 		};
-		if (watch.channel) {
+		const topic = await TOPICS.get(watch.topic_id);
-			const channel = await CHANNELS.get(watch.channel);
+		if (!topic) {
 			if (!channel) {
 			return Response.json({
 				errors: [{
-						cause: 'invalid_channel_id',
+					cause: 'invalid_topic_id',
-						message: 'Could not find a channel with id: ' + watch.channel
+					message: 'Could not find a topic with id: ' + watch.topic_id
 				}]
 			}, {
 				status: 400
 			});
 		}
 		const existing_watch: WATCH | undefined = (await WATCHES.find({
 			creator_id: meta.user.id,
 			topic_id: topic.id
 		}, {
 			limit: 1
 		})).shift()?.load();
 		if (existing_watch) {
 			return Response.json({
 				errors: [{
 					cause: 'existing_watch',
 					message: 'You already have a watch for this topic.'
 				}]
 			}, {
 				status: 400
 			});
 		}
 		await WATCHES.create(watch);
--- a/public/api/users/index.ts
+++ b/public/api/users/index.ts
@ -10,34 +10,27 @@ import * as CANNED_RESPONSES from '../../../utils/canned_responses.ts';
 import * as bcrypt from '@da/bcrypt';
 import { INVITE_CODE, INVITE_CODES } from '../../../models/invites.ts';
 // TODO: figure out a better solution for doling out permissions
 const DEFAULT_USER_PERMISSIONS: string[] = [
 	'channels.read',
 	'events.create.blurb',
 	'events.create.chat',
 	'events.create.essay',
 	'events.create.post',
 	'events.create.presence',
 	'events.read.blurb',
 	'events.read.chat',
 	'events.read.essay',
 	'events.read.post',
 	'events.read.presence',
 	'events.write.blurb',
 	'events.write.chat',
 	'events.write.essay',
 	'events.write.post',
 	'events.write.presence',
 	'files.write.own',
 	'invites.create',
 	'invites.read.own',
 	'self.read',
 	'self.write',
 	'signups.read.own',
 	'topics.read',
 	'topics.blurbs.create',
 	'topics.blurbs.read',
 	'topics.blurbs.write',
 	'topics.chat.write',
 	'topics.chat.read',
 	'topics.essays.create',
 	'topics.essays.read',
 	'topics.essays.write',
 	'topics.posts.create',
 	'topics.posts.write',
 	'topics.posts.read',
 	'users.read',
 	'watches.create.own',
 	'watches.read.own',
@ -47,15 +40,9 @@ const DEFAULT_USER_PERMISSIONS: string[] = [
 // TODO: figure out a better solution for doling out permissions
 const DEFAULT_SUPERUSER_PERMISSIONS: string[] = [
   ...DEFAULT_USER_PERMISSIONS,
-	'channels.create',
+	 'topics.create',
-	'channels.delete',
+	 'topics.delete',
-	'channels.write',
+	 'topics.write',
 	'files.write.all',
 	'invites.read.all',
 	'signups.read.all',
 	'users.write',
 	'watches.read.all',
 	'watches.write.all'
 ];
 export const PRECHECKS: PRECHECK_TABLE = {};
@ -161,7 +148,7 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 			await INVITE_CODES.create(root_invite_code);
 		}
-		const secret_code = root_invite_code_secret ?? submitted_invite_code; // if it's the first user, use the autogen code, ignore anything they submit
+		const secret_code = submitted_invite_code ?? root_invite_code_secret;
 		if (typeof secret_code !== 'string' || secret_code.length < 3) {
 			return Response.json({
 				error: {
--- a/public/base.css
+++ b/public/base.css
@ -16,7 +16,7 @@
 	--border-highlight: hsl(from var(--base-color) h 50% 75%);
 	--icon-scale: 1;
-	--border-radius: 4px;
+	--border-radius: 12px;
 }
@media (prefers-color-scheme: light) {
@ -362,21 +362,21 @@ button.primary {
 body[data-perms*="self.read"] [data-requires-permission="self.read"],
 body[data-perms*="self.write"] [data-requires-permission="self.write"],
-body[data-perms*="channels.create"] [data-requires-permission="channels.create"],
+body[data-perms*="topics.create"] [data-requires-permission="topics.create"],
-body[data-perms*="channels.read"] [data-requires-permission="channels.read"],
+body[data-perms*="topics.read"] [data-requires-permission="topics.read"],
-body[data-perms*="channels.write"] [data-requires-permission="channels.write"],
+body[data-perms*="topics.write"] [data-requires-permission="topics.write"],
-body[data-perms*="events.create.blurb"] [data-requires-permission="events.create.blurb"],
+body[data-perms*="topics.blurbs.create"] [data-requires-permission="topics.blurbs.create"],
-body[data-perms*="events.read.blurb"] [data-requires-permission="events.read.blurb"],
+body[data-perms*="topics.blurbs.read"] [data-requires-permission="topics.blurbs.read"],
-body[data-perms*="events.write.blurb"] [data-requires-permission="events.write.blurb"],
+body[data-perms*="topics.blurbs.write"] [data-requires-permission="topics.blurbs.write"],
-body[data-perms*="events.create.chat"] [data-requires-permission="events.create.chat"],
+body[data-perms*="topics.chat.create"] [data-requires-permission="topics.chat.create"],
-body[data-perms*="events.read.chat"] [data-requires-permission="events.read.chat"],
+body[data-perms*="topics.chat.read"] [data-requires-permission="topics.chat.read"],
-body[data-perms*="events.write.chat"] [data-requires-permission="events.write.chat"],
+body[data-perms*="topics.chat.write"] [data-requires-permission="topics.chat.write"],
-body[data-perms*="events.create.essay"] [data-requires-permission="events.create.essay"],
+body[data-perms*="topics.essays.create"] [data-requires-permission="topics.essays.create"],
-body[data-perms*="events.read.essay"] [data-requires-permission="events.read.essay"],
+body[data-perms*="topics.essays.read"] [data-requires-permission="topics.essays.read"],
-body[data-perms*="events.write.essay"] [data-requires-permission="events.write.essay"],
+body[data-perms*="topics.essays.write"] [data-requires-permission="topics.essays.write"],
-body[data-perms*="events.create.post"] [data-requires-permission="events.create.post"],
+body[data-perms*="topics.posts.create"] [data-requires-permission="topics.posts.create"],
-body[data-perms*="events.read.post"] [data-requires-permission="events.read.post"],
+body[data-perms*="topics.posts.read"] [data-requires-permission="topics.posts.read"],
-body[data-perms*="events.write.post"] [data-requires-permission="events.write.post"],
+body[data-perms*="topics.posts.write"] [data-requires-permission="topics.posts.write"],
 body[data-perms*="users.read"] [data-requires-permission="users.read"],
 body[data-perms*="users.write"] [data-requires-permission="users.write"],
 body[data-perms*="files.write.own"] [data-requires-permission="files.write.own"] {
--- a/public/js/app.js
+++ b/public/js/app.js
@ -1,8 +1,7 @@
-const HASH_EXTRACTOR = /^\#\/(?<view>\w+)(?:\/channel\/(?<channel_id>[A-Za-z\-]+)\/?)?/gm;
+const HASH_EXTRACTOR = /^\#\/topic\/(?<topic_id>[A-Za-z\-]+)\/?(?<view>\w+)?/gm;
-const UPDATE_CHANNELS_FREQUENCY = 60_000;
+const UPDATE_TOPICS_FREQUENCY = 60_000;
 const APP = {
 	user: undefined,
 	user_servers: [],
 	user_watches: [],
@ -52,52 +51,63 @@ const APP = {
 	extract_url_hash_info: async function () {
 		HASH_EXTRACTOR.lastIndex = 0; // ugh, need this to have this work on multiple exec calls
 		const {
-			groups: { view, channel_id },
+			groups: { topic_id, view },
 		} = HASH_EXTRACTOR.exec(window.location.hash ?? "") ?? {
 			groups: {},
 		};
 		console.dir({
 			url: window.location.href,
 			hash: window.location.hash,
 			topic_id,
 			view,
 		});
 		if (!document.body.dataset.topic || document.body.dataset.topic !== topic_id) {
 			const previous = document.body.dataset.topic;
 			console.dir({
 				topic_changed: {
 					detail: {
 						previous,
 						topic_id,
 					},
 				},
 			});
 			document.body.dataset.topic = topic_id;
 			this._emit( 'topic_changed', {
 				previous,
 				topic_id
 			});
 			if (!topic_id) {
 				const first_topic_id = this.TOPICS.TOPIC_LIST[0]?.id;
 				if (first_topic_id) {
 					window.location.hash = `/topic/${first_topic_id}/chat`; // TODO: allow a different default than chat
 				}
 			}
 		}
 		if (!document.body.dataset.view || document.body.dataset.view !== view) {
-			const previous = typeof document.body.dataset.view === 'string' ? document.body.dataset.view : undefined;
+			const previous = document.body.dataset.view;
 			if ( view ) {
 			document.body.dataset.view = view;
-			}
+
-			else {
+			console.dir({
-				delete document.body.dataset.view;
+				view_changed: {
-			}
+					detail: {
 						previous,
 						view,
 					},
 				},
 			});
 			this._emit( 'view_changed', {
 				previous,
 				view
 			});
 		}
 		if (!document.body.dataset.channel || document.body.dataset.channel !== channel_id) {
 			const previous = typeof document.body.dataset.channel === 'string' ? document.body.dataset.channel : undefined;
 			if ( channel_id ) {
 				document.body.dataset.channel = channel_id;
 			}
 			else {
 				delete document.body.dataset.channel;
 			}
 			const target_channel_id = channel_id ?? this.CHANNELS.CHANNEL_LIST[0]?.id;
 			// TODO: allow a different default than chat
 			const hash_target = `/${ view ? view : 'chat' }` + ( target_channel_id ? `/channel/${ target_channel_id }` : '' );
 			if ( window.location.hash?.slice( 1 ) !== hash_target ) {
 				if ( previous !== target_channel_id ) {
 					this._emit( 'channel_changed', {
 						previous,
 						channel_id: target_channel_id
 					});
 				}
 				window.location.hash = hash_target;
 			}
 		}
 	},
 	load: async function() {
@ -132,20 +142,19 @@ const APP = {
 		}
 		window.addEventListener("locationchange", this.extract_url_hash_info.bind( this ));
-		window.addEventListener("locationchange", this.CHANNELS.update );
+		window.addEventListener("locationchange", this.TOPICS.update );
 		this.check_if_logged_in();
 		this.extract_url_hash_info();
 		this._emit( 'load', this );
 	},
-	update_user: async function( user ) {
+	update_user: async function( updated_user ) {
-		this.user = user;
+		const user = this.user = updated_user;
 		document.body.dataset.user = JSON.stringify(user);
 		document.body.dataset.perms = user.permissions.join(":");
-		this.CHANNELS.update();
+		this.TOPICS.update();
 		this.user_servers = [];
 		try {
@ -214,57 +223,56 @@ const APP = {
 		},
 	},
-	CHANNELS: {
+	TOPICS: {
-		_last_channel_update: undefined,
+		_last_topic_update: undefined,
-		_update_channels_timeout: undefined,
+		_update_topics_timeout: undefined,
-		CHANNEL_LIST: [],
+		TOPIC_LIST: [],
-		update: async ( force = false ) => {
+		update: async () => {
 			const now = new Date();
-			const time_since_last_update = now - (APP.CHANNELS._last_channel_update ?? 0);
+			const time_since_last_update = now - (APP.TOPICS._last_topic_update ?? 0);
-			const sufficient_time_has_passed_since_last_update = time_since_last_update > UPDATE_CHANNELS_FREQUENCY / 2;
+			if (time_since_last_update < UPDATE_TOPICS_FREQUENCY / 2) {
 			if ( !force && !sufficient_time_has_passed_since_last_update ) {
 				return;
 			}
-			if (APP.CHANNELS._update_channels_timeout) {
+			if (APP.TOPICS._update_topics_timeout) {
-				clearTimeout(APP.CHANNELS._update_channels_timeout);
+				clearTimeout(APP.TOPICS._update_topics_timeout);
-				APP.CHANNELS._update_channels_timeout = undefined;
+				APP.TOPICS._update_topics_timeout = undefined;
 			}
 			try {
-				const channels_response = await api.fetch("/api/channels");
+				const topics_response = await api.fetch("/api/topics");
-				if (channels_response.ok) {
+				if (topics_response.ok) {
-					const new_channels = await channels_response.json();
+					const new_topics = await topics_response.json();
 					const has_differences =
-						APP.CHANNELS.CHANNEL_LIST.length !== new_channels.length ||
+						APP.TOPICS.TOPIC_LIST.length !== new_topics.length ||
-						new_channels.some((channel, index) => {
+						new_topics.some((topic, index) => {
 							return (
-								APP.CHANNELS.CHANNEL_LIST[index]?.id !== channel.id ||
+								APP.TOPICS.TOPIC_LIST[index]?.id !== topic.id ||
-								APP.CHANNELS.CHANNEL_LIST[index]?.name !== channel.name
+								APP.TOPICS.TOPIC_LIST[index]?.name !== topic.name
 							);
 						});
 					if (has_differences) {
-						APP.CHANNELS.CHANNEL_LIST = [...new_channels];
+						APP.TOPICS.TOPIC_LIST = [...new_topics];
-						APP._emit( 'channels_updated', {
+						APP._emit( 'topics_updated', {
-							channels: APP.CHANNELS.CHANNEL_LIST
+							topics: APP.TOPICS.TOPIC_LIST
 						});
 					}
-					APP.CHANNELS._last_channel_update = now;
+					APP.TOPICS._last_topic_update = now;
 				}
 			} catch (error) {
 				console.error(error);
 			}
-			APP.CHANNELS._update_channels_timeout = setTimeout(
+			APP.TOPICS._update_topics_timeout = setTimeout(
-				APP.CHANNELS.update,
+				APP.TOPICS.update,
-				UPDATE_CHANNELS_FREQUENCY,
+				UPDATE_TOPICS_FREQUENCY,
 			);
-			// now that we have channels, make sure our url is all good
+			// now that we have topics, make sure our url is all good
 			APP.extract_url_hash_info();
 		},
 	},
--- a/public/js/reactions.js
+++ b/public/js/reactions.js
@ -139,7 +139,6 @@ document.addEventListener("DOMContentLoaded", () => {
 <div class="icon close" onclick="clear_reactions_popup()"></div>
 <form
 		id="reactions-selection-form"
 		action="/api/events"
 		data-smart="true"
 		method="POST"
 		on_reply="async (event) => { clear_reactions_popup(); await document.querySelectorAll( '[data-feed]' ).forEach((feed) => feed.__render(event)); }"
@ -168,12 +167,6 @@ document.addEventListener("DOMContentLoaded", () => {
 			generator="() => { return APP.user?.id; }"
 		/>
 		<input
 			type="hidden"
 			name="channel"
 			generator="() => { return document.body.dataset.channel; }"
 		/>
 		<input
 			type="hidden"
 			name="timestamps.created"
@ -205,6 +198,12 @@ document.addEventListener("DOMContentLoaded", () => {
 	document.body.appendChild(reactions_popup);
 	reactions_popup_form = document.getElementById("reactions-selection-form");
 	APP.on("topic_changed", ({ topic_id }) => {
 		const reaction_topic_id = topic_id ?? document.body.dataset.topic;
 		reactions_popup_form.action = reaction_topic_id
 			? `/api/topics/${reaction_topic_id}/events`
 			: "";
 	});
 	reactions_popup_search_input = document.getElementById("reactions-search-input");
 	reactions_popup_parent_id_input = reactions_popup_form.querySelector('[name="parent_id"]');
--- a/public/sidebar/sidebar.html
+++ b/public/sidebar/sidebar.html
@ -1,4 +1,38 @@
 <script>
 	APP.on("topics_updated", ({ topics }) => {
 		const topic_list = document.getElementById("topic-list");
 		topic_list.innerHTML = "";
 		for (const topic of topics.sort((lhs, rhs) => lhs.name.localeCompare(rhs.name))) {
 			topic_list.insertAdjacentHTML(
 				"beforeend",
 				`<li id="topic-selector-${topic.id}" class="topic" data-topic-selector-for="${topic.id}"><a href="#/topic/${topic.id}/chat">${topic.name}</a></li>`,
 			);
 		}
 	});
 	function update_topic_indicators(event) {
 		document
 			.querySelectorAll("[data-topic-selector-for]")
 			.forEach((element) => element.classList.remove("active"));
 		const new_topic_id = event?.detail?.topic_id ?? document.body.dataset.topic;
 		if (new_topic_id) {
 			document
 				.querySelectorAll(`[data-topic-selector-for="${new_topic_id}"]`)
 				.forEach((element) => element.classList.add("active"));
 		}
 		for ( const watch of APP.user_watches ) {
 			// find the topic indicator for this watch
 			// if there is new stuff - TODO implement a HEAD for getting latest event id?
 			// 	add a class of 'new-content'
 		}
 	}
 	APP.on("topics_updated", update_topic_indicators);
 	APP.on("topic_changed", update_topic_indicators);
 	APP.on("user_logged_in", update_topic_indicators);
 	function clear_invite_popup() {
 		document.body.querySelectorAll(".invitepopover").forEach((element) => element.remove());
 	}
@ -72,6 +106,50 @@
 				<button onclick="( () => document.querySelectorAll( '.invitepopover' ).forEach( (element) => element.remove() ) )()">Done</button>
 			</div>`;
 	}
 	document.addEventListener(
 		"contextmenu",
 		(event) => {
 			if (!event.target?.closest("#sidebar")) {
 				return;
 			}
 			const topic_selector = event.target.closest("li.topic");
 			if (!topic_selector) {
 				return;
 			}
 			event.preventDefault();
 			const context_menu = document.getElementById("sidebar-context-menu");
 			context_menu.dataset.prepare = true;
 			const position = get_best_coords_for_popup({
 				target_element: topic_selector,
 				popup: {
 					width: context_menu.getBoundingClientRect().width,
 					height: context_menu.getBoundingClientRect().height,
 				},
 				offset: {
 					x: 4,
 					y: 4,
 				},
 			});
 			context_menu.style.left = position.x + "px";
 			context_menu.style.top = position.y + "px";
 			context_menu.dataset.show = true;
 		},
 		false,
 	);
 	document.addEventListener("click", (event) => {
 		if (!event.target?.closest("#sidebar-context-menu")) {
 			const context_menu = document.getElementById("sidebar-context-menu");
 			delete context_menu.dataset.show;
 			delete context_menu.dataset.prepare;
 		}
 	});
 </script>
 <style type="text/css">
@ -206,6 +284,46 @@
 		line-height: 2rem;
 	}
 	#sidebar #topic-creation-container {
 		margin-top: 0.5rem;
 	}
 	#sidebar #topic-creation-container #toggle-topic-creation-form-button {
 		transform: scale(0.8);
 	}
 	#sidebar .topic-list {
 		list-style-type: none;
 		margin-left: 1rem;
 	}
 	#sidebar .topic-list > li.topic a:before {
 		position: absolute;
 		left: -1.75rem;
 		top: 0;
 		font-weight: bold;
 		font-size: x-large;
 		content: "#";
 		color: var(--text);
 	}
 	#sidebar .topic-list > li.topic a {
 		position: relative;
 		display: block;
 		width: 100%;
 		min-height: 1.5rem;
 		line-height: 1.5rem;
 		font-weight: bold;
 		font-size: large;
 		margin-left: 1.75rem;
 		text-decoration: none;
 		margin-bottom: 0.75rem;
 	}
 	#sidebar .topic-list > li.topic.active a {
 		color: var(--accent);
 	}
 	.invitepopover {
 		position: fixed;
 		z-index: 1000;
@ -379,7 +497,7 @@
 		<template id="server-list-entry-template">
 			<div class="server-list-entry">
 				<a href="${ server.url }">
-					<img class="server-icon" src="${ server.icon ?? ( server.url + '/favicon.ico' ) }" alt="${ server.name ?? server.url } icon" style="${ server.icon_background ? `--icon-background: ${ server.icon_background };` : '' }" loading="lazy" />
+					<img class="server-icon" src="${ server.icon ?? ( server.url + '/favicon.ico' ) }" alt="${ server.name ?? server.url } icon" style="${ server.icon_background ? `--icon-background: ${ server.icon_background };` : '' }" />
 					<div class="server-name">${ server.name ?? server.url }</div>
 				</a>
 			</div>
@ -642,7 +760,68 @@
 			<button class="primary">Log Out</button>
 		</form>
-		<div id="sidebar-dynamic-container">
+		<div class="topics-container">
 			<div style="margin-bottom: 1rem">
 				<span class="title">topics</span>
 			</div>
 			<ul id="topic-list" class="topic-list"></ul>
 			<div id="topic-creation-container" data-requires-permission="topics.create">
 				<button
 					id="toggle-topic-creation-form-button"
 					onclick="((event) => {
 						event.preventDefault();
 					 	const topic_create_form = document.getElementById( 'topic-create' );
 						topic_create_form.style[ 'height' ] = topic_create_form.style[ 'height' ] === '5rem' ? '0' : '5rem';
 					})(event)"
 				>
 					<div class="icon plus"></div>
 				</button>
 				<form
 					id="topic-create"
 					data-smart="true"
 					action="/api/topics"
 					method="POST"
 					style="
 						margin-top: 1rem;
 						width: 100%;
 						overflow: hidden;
 						height: 0;
 						overflow: hidden;
 						transition: all 0.5s;
 					"
 				>
 					<input
 						id="new-topic-name-input"
 						type="text"
 						name="name"
 						value=""
 						placeholder="new topic"
 					/>
 					<input type="submit" hidden />
 					<script>
 						{
 							const form = document.currentScript.closest("form");
 							const topic_create_form = document.getElementById("topic-create");
 							const new_topic_name_input =
 								document.getElementById("new-topic-name-input");
 							form.on_reply = (new_topic) => {
 								const topic_list = document.getElementById("topic-list");
 								topic_list.insertAdjacentHTML(
 									"beforeend",
 									`<li id="topic-selector-${new_topic.id}" class="topic"><a href="#/topic/${new_topic.id}">${new_topic.name}</a></li>`,
 								);
 								new_topic_name_input.value = "";
 								window.location.hash = `/topic/${new_topic.id}/chat`;
 								topic_create_form.style["height"] = "0";
 							};
 						}
 					</script>
 				</form>
 			</div>
 		</div>
 	</div>
 </div>
--- a/public/signup_login_wall.html
+++ b/public/signup_login_wall.html
@ -105,7 +105,12 @@
 								const form = document.currentScript.closest("form");
 								form.on_reply = (response) => {
 									const user = response.user;
-									APP.login( user );
+									document.body.dataset.user = JSON.stringify(user);
 									document.body.dataset.perms = user.permissions.join(":");
 									document.dispatchEvent(
 										new CustomEvent("user_logged_in", { detail: { user } }),
 									);
 								};
 							}
 						</script>
--- a/public/tabs/blurbs/blurbs.html
+++ b/public/tabs/blurbs/blurbs.html
@ -148,8 +148,8 @@
 			<div
 				id="blurbs-list"
 				data-feed
-				data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'events.read.blurb' ) !== -1"
+				data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'topics.blurbs.read' ) !== -1"
-				data-source="/api/events?type=blurb,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
+				data-source="/api/topics/${ document.body.dataset.topic }/events?type=blurb,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
 				data-longpolling="true"
 				data-reverse="true"
 				data-insert="prepend"
@ -159,6 +159,7 @@
 				{
 					const feed = document.currentScript.closest("[data-feed]");
 					APP.on("topic_changed", () => { feed.__reset && feed.__reset(); });
 					APP.on("user_logged_in", () => { feed.__reset && feed.__reset(); });
 					feed.__target_element = (item) => {
@ -209,12 +210,12 @@
 						data-blurb_id="${context.blurb.id}"
 						data-temp_id="${context.blurb.meta?.temp_id ?? ""}">
 						<div class="media-preview-container">
-							${context.blurb.data?.media?.length ? context.blurb.data.media.map(function(url) { return url ? `<img src='${url}' loading="lazy"/>` : ''; }).join('\n') : ''}
+							${context.blurb.data?.media?.length ? context.blurb.data.media.map(function(url) { return `<img src='${url}' />`; }).join('\n') : ''}
 						</div>
 						<div class="info-container">
 							<div class="avatar-container inline">
-								<img src="${context.creator.meta?.avatar ?? '/images/default_avatar.gif'}" alt="user avatar" loading="lazy" />
+								<img src="${context.creator.meta?.avatar ?? '/images/default_avatar.gif'}" alt="user avatar" />
 							</div>
 							<div class="username-container">
 								<span class="username">${context.creator.username}</span>
--- a/public/tabs/blurbs/new_blurb.html
+++ b/public/tabs/blurbs/new_blurb.html
@ -25,7 +25,7 @@
 		display: inline-block;
 	}
 </style>
-<div class="new-blurb-container" data-requires-permission="events.create.blurb">
+<div class="new-blurb-container" data-requires-permission="topics.blurbs.create">
 	<label>
 		<input type="checkbox" collapse-toggle />
 		<i class="icon plus" style="display: inline-block; margin-right: 0.5rem"></i>
@ -33,7 +33,6 @@
 	</label>
 	<form
 		data-smart="true"
 		action="/api/events"
 		method="POST"
 		class="blurb-creation-form collapsible"
 		style="
@ -41,6 +40,7 @@
 			width: 100%;
 			transition: all 0.5s;
 		"
 		url="/api/topics/${ document.body.dataset.topic }/events"
 		on_reply="async (event) => { await document.getElementById( 'blurbs-list' ).__render(event); document.getElementById(event.id)?.classList.remove('sending'); }"
 		on_parsed="async (event) => { await document.getElementById( 'blurbs-list' ).__render(event); document.getElementById(event.id)?.classList.add('sending'); }"
 	>
--- a/public/tabs/calendar/README.md
+++ b/public/tabs/calendar/README.md
@ -1,3 +1,3 @@
 # Calendar
-The calendar should help people coordinate events.
+The calendar should help people coordinate events around a topic.
--- a/public/tabs/chat/channel_sidebar.html
+++ b/public/tabs/chat/channel_sidebar.html
@ -1,187 +0,0 @@
 <script>
 	APP.on("channels_updated", ({ channels }) => {
 		const channel_list = document.getElementById("channel-list");
 		channel_list.innerHTML = "";
 		for (const channel of channels.sort((lhs, rhs) => lhs.name.localeCompare(rhs.name))) {
 			channel_list.insertAdjacentHTML(
 				"beforeend",
 				`<li id="channel-selector-${channel.id}" class="channel" data-channel-selector-for="${channel.id}"><a href="#/channel/${channel.id}/chat">${channel.name}</a></li>`,
 			);
 		}
 	});
 	function update_channel_indicators(event) {
 		document
 			.querySelectorAll("[data-channel-selector-for]")
 			.forEach((element) => element.classList.remove("active"));
 		const new_channel_id = event?.detail?.channel_id ?? document.body.dataset.channel;
 		if (new_channel_id) {
 			document
 				.querySelectorAll(`[data-channel-selector-for="${new_channel_id}"]`)
 				.forEach((element) => element.classList.add("active"));
 		}
 		for ( const watch of APP.user_watches ) {
 			// find the channel indicator for this watch
 			// if there is new stuff - TODO implement a HEAD for getting latest event id?
 			// 	add a class of 'new-content'
 		}
 	}
 	APP.on("channels_updated", update_channel_indicators);
 	APP.on("channel_changed", update_channel_indicators);
 	APP.on("user_logged_in", update_channel_indicators);
 	document.addEventListener(
 		"contextmenu",
 		(event) => {
 			if (!event.target?.closest("#sidebar")) {
 				return;
 			}
 			const channel_selector = event.target.closest("li.channel");
 			if (!channel_selector) {
 				return;
 			}
 			event.preventDefault();
 			const context_menu = document.getElementById("sidebar-context-menu");
 			context_menu.dataset.prepare = true;
 			const position = get_best_coords_for_popup({
 				target_element: channel_selector,
 				popup: {
 					width: context_menu.getBoundingClientRect().width,
 					height: context_menu.getBoundingClientRect().height,
 				},
 				offset: {
 					x: 4,
 					y: 4,
 				},
 			});
 			context_menu.style.left = position.x + "px";
 			context_menu.style.top = position.y + "px";
 			context_menu.dataset.show = true;
 		},
 		false,
 	);
 	document.addEventListener("click", (event) => {
 		if (!event.target?.closest("#sidebar-context-menu")) {
 			const context_menu = document.getElementById("sidebar-context-menu");
 			delete context_menu.dataset.show;
 			delete context_menu.dataset.prepare;
 		}
 	});
 	APP.on( 'view_changed', ( {view} ) => {
 		if ( !view === 'chat' ) {
 			return;
 		}
 		const sidebar_dynamic_container = document.getElementById( 'sidebar-dynamic-container');
 		if ( !sidebar_dynamic_container ) {
 			console.error( 'could not get #sidebar-dynamic-container' );
 			return;
 		}
 		const template = document.getElementById( 'channel-list-template');
 		sidebar_dynamic_container.innerHTML = template.innerHTML.trim();
 		APP.CHANNELS.update();
 	});
 </script>
 <style>
 	#channel-list-container #channel-creation-container {
 		margin-top: 0.5rem;
 	}
 	#channel-list-container #channel-creation-container #toggle-channel-creation-form-button {
 		transform: scale(0.8);
 	}
 	#channel-list-container .channel-list {
 		list-style-type: none;
 		margin-left: 1rem;
 	}
 	#channel-list-container .channel-list > li.channel a:before {
 		position: absolute;
 		left: -1.75rem;
 		top: 0;
 		font-weight: bold;
 		font-size: x-large;
 		content: "#";
 		color: var(--text);
 	}
 	#channel-list-container .channel-list > li.channel a {
 		position: relative;
 		display: block;
 		width: 100%;
 		min-height: 1.5rem;
 		line-height: 1.5rem;
 		font-weight: bold;
 		font-size: large;
 		margin-left: 1.75rem;
 		text-decoration: none;
 		margin-bottom: 0.75rem;
 	}
 	#channel-list-container .channel-list > li.channel.active a {
 		color: var(--accent);
 	}
 </style>
 <template id="channel-list-template">
 	<div id="channel-list-container">
 		<div style="margin-bottom: 1rem">
 			<span class="title">channels</span>
 		</div>
 		<ul id="channel-list" class="channel-list"></ul>
 		<div id="channel-creation-container" data-requires-permission="channels.create">
 			<button
 				id="toggle-channel-creation-form-button"
 				onclick="((event) => {
 					event.preventDefault();
 				 	const channel_create_form = document.getElementById( 'channel-create' );
 						channel_create_form.style[ 'height' ] = channel_create_form.style[ 'height' ] === '5rem' ? '0' : '5rem';
 				})(event)"
 			>
 				<div class="icon plus"></div>
 			</button>
 			<form
 				id="channel-create"
 				data-smart="true"
 				action="/api/channels"
 				method="POST"
 				style="
 					margin-top: 1rem;
 					width: 100%;
 					overflow: hidden;
 					height: 0;
 					overflow: hidden;
 					transition: all 0.5s;
 				"
 				on_reply="(new_channel) => {
 					APP.CHANNELS.update(true);
 					document.getElementById('new-channel-name-input').value = '';
 					document.getElementById('channel-create').style['height'] = '0';
 					window.location.hash = `/chat/channel/${new_channel.id}`;
 				}"
 			>
 				<input
 					id="new-channel-name-input"
 					type="text"
 					name="name"
 					value=""
 					placeholder="new channel"
 				/>
 				<input type="submit" hidden />
 			</form>
 		</div>
 	</div>
 </template>
--- a/public/tabs/chat/chat.html
+++ b/public/tabs/chat/chat.html
@ -21,8 +21,8 @@
 			<div
 				id="chat-content"
 				data-feed
-				data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'events.read.chat' ) !== -1 && document.body.dataset.channel"
+				data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'topics.chat.read' ) !== -1"
-				data-source="/api/channels/${ document.body.dataset.channel }/events?type=chat,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
+				data-source="/api/topics/${ document.body.dataset.topic }/events?type=chat,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
 				data-longpolling="true"
 				data-reverse="true"
 				data-insert="append"
@ -32,7 +32,7 @@
 					{
 						const feed = document.currentScript.closest("[data-feed]");
-						APP.on("channel_changed", () => {	feed.__reset && feed.__reset(); });
+						APP.on("topic_changed", () => {	feed.__reset && feed.__reset(); });
 						APP.on("user_logged_in", () => { feed.__reset && feed.__reset(); });
 						const time_tick_tock_timeout = 60_000;
@ -109,7 +109,6 @@
 								<img
 									src="${context.creator.meta?.avatar ?? '/images/default_avatar.gif'}"
 									alt="user avatar"
 									loading="lazy"
 								/>
 							</div>
 							<div class="username-container">
@ -148,8 +147,7 @@
 				<form
 					id="chat-entry"
 					data-smart="true"
-					action="/api/events"
+					data-requires-permission="topics.chat.write"
 					data-requires-permission="events.write.chat"
 					method="POST"
 					class="post-creation-form collapsible"
 					style="
@ -160,6 +158,15 @@
 					on_reply="async (event) => { await document.getElementById( 'chat-content' ).__render(event); document.getElementById(event.id)?.classList.remove('sending'); }"
 					on_parsed="async (event) => { await document.getElementById( 'chat-content' ).__render(event); document.getElementById(event.id)?.classList.add('sending'); }"
 				>
 					<script>
 						{
 							const form = document.currentScript.closest("form");
 							APP.on(	"topic_changed", ({ topic_id }) => {
 								form.action = topic_id ? `/api/topics/${topic_id}/events` : "";
 							});
 						}
 					</script>
 					<input type="hidden" name="type" value="chat" />
 					<input
@ -181,12 +188,6 @@
 						generator="() => { return APP.user?.id; }"
 					/>
 					<input
 						type="hidden"
 						name="channel"
 						generator="() => { return document.body.dataset.channel; }"
 					/>
 					<input
 						type="hidden"
 						name="timestamps.created"
@ -232,4 +233,3 @@
 		</div>
 	</div>
 </div>
 <!-- #include file="./channel_sidebar.html" -->
--- a/public/tabs/essays/essays.html
+++ b/public/tabs/essays/essays.html
@ -115,8 +115,8 @@
 			<div
 				id="essays-list"
 				data-feed
-				data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'events.read.essay' ) !== -1"
+				data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'topics.essays.read' ) !== -1"
-				data-source="/api/events?type=essay,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
+				data-source="/api/topics/${ document.body.dataset.topic }/events?type=essay,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
 				data-longpolling="true"
 				data-reverse="true"
 				data-insert="prepend"
@ -126,6 +126,7 @@
 					{
 						const feed = document.currentScript.closest("[data-feed]");
 						APP.on("topic_changed", () => { feed.__reset && feed.__reset(); });
 						APP.on("user_logged_in", () => { feed.__reset && feed.__reset(); });
 						feed.__target_element = (item) => {
@ -170,7 +171,6 @@
 							${context.essay.data?.media?.length ?
 							context.essay.data.media.map(function(url) { return `<img
 								src="${url}"
 								loading="lazy"
 							/>` }).join('\n') : ''}
 						</div>
@ -179,7 +179,6 @@
 								<img
 									src="${context.creator.meta?.avatar ?? '/images/default_avatar.gif'}"
 									alt="user avatar"
 									loading="lazy"
 								/>
 							</div>
 							<div class="username-container">
--- a/public/tabs/essays/new_essay.html
+++ b/public/tabs/essays/new_essay.html
@ -22,7 +22,7 @@
 		display: inline-block;
 	}
 </style>
-<div class="new-essay-container" data-requires-permission="events.create.essay">
+<div class="new-essay-container" data-requires-permission="topics.essays.create">
 	<label>
 		<input type="checkbox" collapse-toggle />
 		<i class="icon plus" style="display: inline-block; margin-right: 0.5rem"></i>
@ -31,8 +31,8 @@
 	<form
 		data-smart="true"
 		method="POST"
 		action="/api/events"
 		class="essay-creation-form collapsible"
 		url="/api/topics/${ document.body.dataset.topic }/events"
 		style="
 			margin-top: 1rem
 			width: 100%;
--- a/public/tabs/forum/forum.html
+++ b/public/tabs/forum/forum.html
@ -145,8 +145,8 @@
 		<div
 			id="posts-list"
 			data-feed
-			data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'events.read.post' ) !== -1"
+			data-precheck="!!document.body.dataset.user && document.body.dataset.user.indexOf( 'topics.essays.read' ) !== -1"
-			data-source="/api/events?type=post,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
+			data-source="/api/topics/${ document.body.dataset.topic }/events?type=post,reaction&limit=100&sort=newest&wait=true&after_id=${ feed.__newest_id ?? 'able-able-able-able-able-able-able-able-able-able' }"
 			data-longpolling="true"
 			data-reverse="true"
 			data-insert="prepend"
@ -156,6 +156,7 @@
 				{
 					const feed = document.currentScript.closest("[data-feed]");
 					APP.on("topic_changed", () => { feed.__reset && feed.__reset(); });
 					APP.on("user_logged_in", () => { feed.__reset && feed.__reset(); });
 					feed.__target_element = (item) => {
@ -208,7 +209,6 @@
 					<div class="media-preview-container">
 						<img
 							src="/images/placeholders/${String((context.post_datetime.ms % 9) + 1).padStart(2, '0')}.svg"
 							loading="lazy"
 						/>
 					</div>
@ -217,7 +217,6 @@
 							<img
 								src="${context.creator.meta?.avatar ?? '/images/default_avatar.gif'}"
 								alt="user avatar"
 								loading="lazy"
 							/>
 						</div>
 						<div class="username-container">
--- a/public/tabs/forum/new_post.html
+++ b/public/tabs/forum/new_post.html
@ -6,15 +6,15 @@
 	</label>
 	<form
 		data-smart="true"
-		data-requires-permission="events.create.post"
+		data-requires-permission="topics.posts.create"
 		method="POST"
 		action="/api/events"
 		class="post-creation-form collapsible"
 		style="
 			margin-top: 1rem
 			width: 100%;
 			transition: all 0.5s;
 		"
 		url="/api/topics/${ document.body.dataset.topic }/events"
 		on_reply="async (event) => { await document.getElementById( 'posts-list' ).__render(event); document.getElementById(event.id)?.classList.remove('sending'); }"
 		on_parsed="async (event) => { await document.getElementById( 'posts-list' ).__render(event); document.getElementById(event.id)?.classList.add('sending'); }"
 	>
--- a/public/tabs/resources/README.md
+++ b/public/tabs/resources/README.md
@ -1,3 +1,3 @@
 # Resources
-Resources should be a wiki for organizing community knowledge.
+Resources should be a wiki for organizing community knowledge on a topic.
--- a/public/tabs/tabs.html
+++ b/public/tabs/tabs.html
@ -14,7 +14,7 @@
 				const tab_selector = event.target;
 				const view = tab_selector.dataset.view;
 				if (view) {
-					window.location.hash = `/${view}${ document.body.dataset.channel ? `/channel/${ document.body.dataset.channel }` : '' }`;
+					window.location.hash = `/topic/${document.body.dataset.topic}/${view}`;
 				}
 			});
 		}
--- a/tests/01_create_user.test.ts
+++ b/tests/01_create_user.test.ts
@ -3,6 +3,7 @@ import * as asserts from '@std/assert';
 import { USER } from '../models/user.ts';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, random_username } from './helpers.ts';
 import { encodeBase64 } from '@std/encoding';
 import { generateTotp } from '../utils/totp.ts';
 Deno.test({
 	name: 'API - USERS - Create',
@ -38,7 +39,7 @@ Deno.test({
 			asserts.assert(info.session);
 			asserts.assert(info.headers);
-			const user: USER = info.user;
+			const user = info.user;
 			asserts.assertEquals(user.username, username);
--- a/tests/02_update_user.test.ts
+++ b/tests/02_update_user.test.ts
@ -2,6 +2,9 @@ import { api, API_CLIENT } from '../utils/api.ts';
 import * as asserts from '@std/assert';
 import { USER } from '../models/user.ts';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, random_username } from './helpers.ts';
 import { Cookie, getSetCookies } from '@std/http/cookie';
 import { encodeBase64 } from '@std/encoding';
 import { generateTotp } from '../utils/totp.ts';
 Deno.test({
 	name: 'API - USERS - Update',
--- a/tests/03_login.test.ts
+++ b/tests/03_login.test.ts
@ -44,7 +44,7 @@ Deno.test({
 				}
 			});
-			const _authed_user: USER | undefined = auth_response.user;
+			const authed_user: USER | undefined = auth_response.user;
 			const authed_session: Record<string, any> | undefined = auth_response.session;
 			cookies.push({
--- a/tests/04_create_channel.test.ts
+++ b/tests/04_create_channel.test.ts
@ -1,103 +0,0 @@
 import { api, API_CLIENT } from '../utils/api.ts';
 import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { generateTotp } from '../utils/totp.ts';
 Deno.test({
 	name: 'API - CHANNELS - Create',
 	permissions: {
 		env: true,
 		read: true,
 		write: true,
 		net: true
 	},
 	fn: async () => {
 		let test_server_info: EPHEMERAL_SERVER | null = null;
 		try {
 			test_server_info = await get_ephemeral_listen_server();
 			const client: API_CLIENT = api({
 				prefix: '/api',
 				hostname: test_server_info.hostname,
 				port: test_server_info.port
 			});
 			const root_user_info = await get_new_user(client);
 			try {
 				const root_user_channel = await client.fetch('/channels', {
 					method: 'POST',
 					headers: {
 						'x-session_id': root_user_info.session.id,
 						'x-totp': await generateTotp(root_user_info.session.secret)
 					},
 					json: {
 						name: 'this is the root user channel'
 					}
 				});
 				asserts.assert(root_user_channel);
 			} catch (error) {
 				const reason: string = (error as Error).cause as string ?? (error as Error).toString();
 				asserts.fail(reason);
 			}
 			const regular_user_info = await get_new_user(client, {}, root_user_info);
 			try {
 				const _permission_denied_channel = await client.fetch('/channels', {
 					method: 'POST',
 					headers: {
 						'x-session_id': regular_user_info.session.id,
 						'x-totp': await generateTotp(regular_user_info.session.secret)
 					},
 					json: {
 						name: 'this should not be allowed'
 					}
 				});
 				asserts.fail('allowed creation of a channel without channel creation permissions');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'permission_denied');
 			}
 			await set_user_permissions(client, regular_user_info.user, regular_user_info.session, [...regular_user_info.user.permissions, 'channels.create']);
 			try {
 				const _too_long_name_channel = await client.fetch('/channels', {
 					method: 'POST',
 					headers: {
 						'x-session_id': regular_user_info.session.id,
 						'x-totp': await generateTotp(regular_user_info.session.secret)
 					},
 					json: {
 						name: 'X'.repeat(1024)
 					}
 				});
 				asserts.fail('allowed creation of a channel with an excessively long name');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'invalid_channel_name');
 			}
 			const new_channel = await client.fetch('/channels', {
 				method: 'POST',
 				headers: {
 					'x-session_id': regular_user_info.session.id,
 					'x-totp': await generateTotp(regular_user_info.session.secret)
 				},
 				json: {
 					name: 'test channel'
 				}
 			});
 			asserts.assert(new_channel);
 			await delete_user(client, regular_user_info);
 			await delete_user(client, root_user_info);
 		} finally {
 			if (test_server_info) {
 				await test_server_info?.server?.stop();
 			}
 		}
 	}
 });
--- a/tests/04_create_topic.test.ts
+++ b/tests/04_create_topic.test.ts
@ -0,0 +1,84 @@
 import { api, API_CLIENT } from '../utils/api.ts';
 import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { generateTotp } from '../utils/totp.ts';
 import { clear_topic_events_cache } from '../models/event.ts';
 Deno.test({
 	name: 'API - TOPICS - Create',
 	permissions: {
 		env: true,
 		read: true,
 		write: true,
 		net: true
 	},
 	fn: async () => {
 		let test_server_info: EPHEMERAL_SERVER | null = null;
 		try {
 			test_server_info = await get_ephemeral_listen_server();
 			const client: API_CLIENT = api({
 				prefix: '/api',
 				hostname: test_server_info.hostname,
 				port: test_server_info.port
 			});
 			const info = await get_new_user(client);
 			try {
 				const _permission_denied_topic = await client.fetch('/topics', {
 					method: 'POST',
 					headers: {
 						'x-session_id': info.session.id,
 						'x-totp': await generateTotp(info.session.secret)
 					},
 					json: {
 						name: 'this should not be allowed'
 					}
 				});
 				asserts.fail('allowed creation of a topic without topic creation permissions');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'permission_denied');
 			}
 			await set_user_permissions(client, info.user, info.session, [...info.user.permissions, 'topics.create']);
 			try {
 				const _too_long_name_topic = await client.fetch('/topics', {
 					method: 'POST',
 					headers: {
 						'x-session_id': info.session.id,
 						'x-totp': await generateTotp(info.session.secret)
 					},
 					json: {
 						name: 'X'.repeat(1024)
 					}
 				});
 				asserts.fail('allowed creation of a topic with an excessively long name');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'invalid_topic_name');
 			}
 			const new_topic = await client.fetch('/topics', {
 				method: 'POST',
 				headers: {
 					'x-session_id': info.session.id,
 					'x-totp': await generateTotp(info.session.secret)
 				},
 				json: {
 					name: 'test topic'
 				}
 			});
 			asserts.assert(new_topic);
 			await delete_user(client, info);
 		} finally {
 			clear_topic_events_cache();
 			if (test_server_info) {
 				await test_server_info?.server?.stop();
 			}
 		}
 	}
 });
--- a/tests/05_update_channel.test.ts
+++ b/tests/05_update_channel.test.ts
@ -2,9 +2,10 @@ import { api, API_CLIENT } from '../utils/api.ts';
 import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { generateTotp } from '../utils/totp.ts';
 import { clear_topic_events_cache } from '../models/event.ts';
 Deno.test({
-	name: 'API - CHANNELS - Update',
+	name: 'API - TOPICS - Update',
 	permissions: {
 		env: true,
 		read: true,
@ -23,25 +24,25 @@ Deno.test({
 			const info = await get_new_user(client);
-			await set_user_permissions(client, info.user, info.session, [...info.user.permissions, 'channels.create']);
+			await set_user_permissions(client, info.user, info.session, [...info.user.permissions, 'topics.create']);
-			const new_channel = await client.fetch('/channels', {
+			const new_topic = await client.fetch('/topics', {
 				method: 'POST',
 				headers: {
 					'x-session_id': info.session.id,
 					'x-totp': await generateTotp(info.session.secret)
 				},
 				json: {
-					name: 'test update channel'
+					name: 'test update topic'
 				}
 			});
-			asserts.assert(new_channel);
+			asserts.assert(new_topic);
 			const other_user_info = await get_new_user(client, {}, info);
 			try {
-				const _permission_denied_channel = await client.fetch(`/channels/${new_channel.id}`, {
+				const _permission_denied_topic = await client.fetch(`/topics/${new_topic.id}`, {
 					method: 'PUT',
 					headers: {
 						'x-session_id': other_user_info.session.id,
@ -52,48 +53,49 @@ Deno.test({
 					}
 				});
-				asserts.fail('allowed updating a channel owned by someone else');
+				asserts.fail('allowed updating a topic owned by someone else');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'permission_denied');
 			}
-			const updated_by_owner_channel = await client.fetch(`/channels/${new_channel.id}`, {
+			const updated_by_owner_topic = await client.fetch(`/topics/${new_topic.id}`, {
 				method: 'PUT',
 				headers: {
 					'x-session_id': info.session.id,
 					'x-totp': await generateTotp(info.session.secret)
 				},
 				json: {
-					channel: 'this is a new channel',
+					topic: 'this is a new topic',
 					permissions: {
-						...new_channel.permissions,
+						...new_topic.permissions,
-						write: [...new_channel.permissions.write, other_user_info.user.id]
+						write: [...new_topic.permissions.write, other_user_info.user.id]
 					}
 				}
 			});
-			asserts.assert(updated_by_owner_channel);
+			asserts.assert(updated_by_owner_topic);
-			asserts.assertEquals(updated_by_owner_channel.channel, 'this is a new channel');
+			asserts.assertEquals(updated_by_owner_topic.topic, 'this is a new topic');
-			asserts.assertEquals(updated_by_owner_channel.permissions.write, [info.user.id, other_user_info.user.id]);
+			asserts.assertEquals(updated_by_owner_topic.permissions.write, [info.user.id, other_user_info.user.id]);
-			const updated_by_other_user_channel = await client.fetch(`/channels/${new_channel.id}`, {
+			const updated_by_other_user_topic = await client.fetch(`/topics/${new_topic.id}`, {
 				method: 'PUT',
 				headers: {
 					'x-session_id': other_user_info.session.id,
 					'x-totp': await generateTotp(other_user_info.session.secret)
 				},
 				json: {
-					channel: 'this is a newer channel'
+					topic: 'this is a newer topic'
 				}
 			});
-			asserts.assert(updated_by_other_user_channel);
+			asserts.assert(updated_by_other_user_topic);
-			asserts.assertEquals(updated_by_other_user_channel.channel, 'this is a newer channel');
+			asserts.assertEquals(updated_by_other_user_topic.topic, 'this is a newer topic');
-			asserts.assertEquals(updated_by_other_user_channel.permissions.write, [info.user.id, other_user_info.user.id]);
+			asserts.assertEquals(updated_by_other_user_topic.permissions.write, [info.user.id, other_user_info.user.id]);
 			await delete_user(client, other_user_info);
 			await delete_user(client, info);
 		} finally {
 			clear_topic_events_cache();
 			if (test_server_info) {
 				await test_server_info?.server?.stop();
 			}
--- a/tests/06_delete_channel.test.ts
+++ b/tests/06_delete_channel.test.ts
@ -2,9 +2,10 @@ import { api, API_CLIENT } from '../utils/api.ts';
 import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { generateTotp } from '../utils/totp.ts';
 import { clear_topic_events_cache } from '../models/event.ts';
 Deno.test({
-	name: 'API - CHANNELS - Delete',
+	name: 'API - TOPICS - Delete',
 	permissions: {
 		env: true,
 		read: true,
@ -23,22 +24,22 @@ Deno.test({
 			const info = await get_new_user(client);
-			await set_user_permissions(client, info.user, info.session, [...info.user.permissions, 'channels.create']);
+			await set_user_permissions(client, info.user, info.session, [...info.user.permissions, 'topics.create']);
-			const new_channel = await client.fetch('/channels', {
+			const new_topic = await client.fetch('/topics', {
 				method: 'POST',
 				headers: {
 					'x-session_id': info.session.id,
 					'x-totp': await generateTotp(info.session.secret)
 				},
 				json: {
-					name: 'test delete channel'
+					name: 'test delete topic'
 				}
 			});
-			asserts.assert(new_channel);
+			asserts.assert(new_topic);
-			const deleted_channel = await client.fetch(`/channels/${new_channel.id}`, {
+			const deleted_topic = await client.fetch(`/topics/${new_topic.id}`, {
 				method: 'DELETE',
 				headers: {
 					'x-session_id': info.session.id,
@ -46,10 +47,11 @@ Deno.test({
 				}
 			});
-			asserts.assert(deleted_channel);
+			asserts.assert(deleted_topic);
 			await delete_user(client, info);
 		} finally {
 			clear_topic_events_cache();
 			if (test_server_info) {
 				await test_server_info?.server?.stop();
 			}
--- a/tests/07_create_channel_events.test.ts
+++ b/tests/07_create_channel_events.test.ts
@ -2,9 +2,10 @@ import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { api, API_CLIENT } from '../utils/api.ts';
 import { generateTotp } from '../utils/totp.ts';
 import { clear_topic_events_cache } from '../models/event.ts';
 Deno.test({
-	name: 'API - CHANNELS - EVENTS - Create',
+	name: 'API - TOPICS - EVENTS - Create',
 	permissions: {
 		env: true,
 		read: true,
@ -23,27 +24,25 @@ Deno.test({
 			const owner_info = await get_new_user(client);
-			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'channels.create']);
+			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'topics.create']);
-			const channel = await client.fetch('/channels', {
+			const topic = await client.fetch('/topics', {
 				method: 'POST',
 				headers: {
 					'x-session_id': owner_info.session.id,
 					'x-totp': await generateTotp(owner_info.session.secret)
 				},
 				json: {
-					name: 'test events channel',
+					name: 'test events topic',
 					permissions: {
-						events: {
+						write_events: [owner_info.user.id]
 							write: [owner_info.user.id]
 						}
 					}
 				}
 			});
-			asserts.assert(channel);
+			asserts.assert(topic);
-			const event_from_owner = await client.fetch(`/events`, {
+			const event_from_owner = await client.fetch(`/topics/${topic.id}/events`, {
 				method: 'POST',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -51,7 +50,6 @@ Deno.test({
 				},
 				json: {
 					type: 'test',
 					channel: channel.id,
 					data: {
 						foo: 'bar'
 					}
@ -63,7 +61,7 @@ Deno.test({
 			const other_user_info = await get_new_user(client, {}, owner_info);
 			try {
-				const _permission_denied_channel = await client.fetch(`/events`, {
+				const _permission_denied_topic = await client.fetch(`/topics/${topic.id}/events`, {
 					method: 'POST',
 					headers: {
 						'x-session_id': other_user_info.session.id,
@ -71,20 +69,19 @@ Deno.test({
 					},
 					json: {
 						type: 'test',
 						channel: channel.id,
 						data: {
 							other_user: true
 						}
 					}
 				});
-				asserts.fail('allowed adding an event to a channel without permission');
+				asserts.fail('allowed adding an event to a topic without permission');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'permission_denied');
 			}
-			// make the channel public write
+			// make the topic public write
-			const updated_by_owner_channel = await client.fetch(`/channels/${channel.id}`, {
+			const updated_by_owner_topic = await client.fetch(`/topics/${topic.id}`, {
 				method: 'PUT',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -92,18 +89,16 @@ Deno.test({
 				},
 				json: {
 					permissions: {
-						...channel.permissions,
+						...topic.permissions,
-						events: {
+						write_events: []
 							write: []
 						}
 					}
 				}
 			});
-			asserts.assert(updated_by_owner_channel);
+			asserts.assert(updated_by_owner_topic);
-			asserts.assertEquals(updated_by_owner_channel.permissions.events.write, []);
+			asserts.assertEquals(updated_by_owner_topic.permissions.write_events, []);
-			const event_from_other_user = await client.fetch(`/events`, {
+			const event_from_other_user = await client.fetch(`/topics/${topic.id}/events`, {
 				method: 'POST',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -111,7 +106,6 @@ Deno.test({
 				},
 				json: {
 					type: 'test',
 					channel: channel.id,
 					data: {
 						other_user: true
 					}
@ -123,6 +117,7 @@ Deno.test({
 			await delete_user(client, other_user_info);
 			await delete_user(client, owner_info);
 		} finally {
 			clear_topic_events_cache();
 			if (test_server_info) {
 				await test_server_info?.server?.stop();
 			}
--- a/tests/08_get_channel_events.test.ts
+++ b/tests/08_get_channel_events.test.ts
@ -2,9 +2,10 @@ import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { api, API_CLIENT } from '../utils/api.ts';
 import { generateTotp } from '../utils/totp.ts';
 import { clear_topic_events_cache } from '../models/event.ts';
 Deno.test({
-	name: 'API - CHANNELS - EVENTS - Get',
+	name: 'API - TOPICS - EVENTS - Get',
 	permissions: {
 		env: true,
 		read: true,
@ -28,25 +29,25 @@ Deno.test({
 			const owner_info = await get_new_user(client);
-			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'channels.create']);
+			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'topics.create']);
-			const channel = await client.fetch('/channels', {
+			const topic = await client.fetch('/topics', {
 				method: 'POST',
 				headers: {
 					'x-session_id': owner_info.session.id,
 					'x-totp': await generateTotp(owner_info.session.secret)
 				},
 				json: {
-					name: 'test get events channel'
+					name: 'test get events topic'
 				}
 			});
-			asserts.assert(channel);
+			asserts.assert(topic);
 			const NUM_INITIAL_EVENTS = 5;
 			const events_initial_batch: any[] = [];
 			for (let i = 0; i < NUM_INITIAL_EVENTS; ++i) {
-				const event = await client.fetch(`/events`, {
+				const event = await client.fetch(`/topics/${topic.id}/events`, {
 					method: 'POST',
 					headers: {
 						'x-session_id': owner_info.session.id,
@ -54,7 +55,6 @@ Deno.test({
 					},
 					json: {
 						type: 'test',
 						channel: channel.id,
 						data: {
 							i
 						}
@ -69,7 +69,7 @@ Deno.test({
 			const other_user_info = await get_new_user(client, {}, owner_info);
-			const events_from_server = await client.fetch(`/channels/${channel.id}/events`, {
+			const events_from_server = await client.fetch(`/topics/${topic.id}/events`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -82,7 +82,7 @@ Deno.test({
 			const newest_event = events_from_server[0];
 			asserts.assert(newest_event);
-			const long_poll_request_promise = client.fetch(`/channels/${channel.id}/events?wait=true&after_id=${newest_event.id.split(':', 2)[1]}`, {
+			const long_poll_request_promise = client.fetch(`/topics/${topic.id}/events?wait=true&after_id=${newest_event.id}`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -92,7 +92,7 @@ Deno.test({
 			const wait_and_then_create_an_event = new Promise((resolve) => {
 				setTimeout(async () => {
-					await client.fetch(`/events`, {
+					await client.fetch(`/topics/${topic.id}/events`, {
 						method: 'POST',
 						headers: {
 							'x-session_id': owner_info.session.id,
@ -100,7 +100,6 @@ Deno.test({
 						},
 						json: {
 							type: 'test',
 							channel: channel.id,
 							data: {
 								i: 12345
 							}
@ -121,6 +120,7 @@ Deno.test({
 			await delete_user(client, other_user_info);
 			await delete_user(client, owner_info);
 		} finally {
 			clear_topic_events_cache();
 			if (test_server_info) {
 				await test_server_info.server.stop();
 			}
--- a/tests/09_update_channel_events.test.ts
+++ b/tests/09_update_channel_events.test.ts
@ -2,9 +2,10 @@ import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { api, API_CLIENT } from '../utils/api.ts';
 import { generateTotp } from '../utils/totp.ts';
 import { clear_topic_events_cache } from '../models/event.ts';
 Deno.test({
-	name: 'API - CHANNELS - EVENTS - Update',
+	name: 'API - TOPICS - EVENTS - Update',
 	permissions: {
 		env: true,
 		read: true,
@ -23,22 +24,22 @@ Deno.test({
 			const owner_info = await get_new_user(client);
-			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'channels.create']);
+			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'topics.create']);
-			const channel = await client.fetch('/channels', {
+			const topic = await client.fetch('/topics', {
 				method: 'POST',
 				headers: {
 					'x-session_id': owner_info.session.id,
 					'x-totp': await generateTotp(owner_info.session.secret)
 				},
 				json: {
-					name: 'test update events channel'
+					name: 'test update events topic'
 				}
 			});
-			asserts.assert(channel);
+			asserts.assert(topic);
-			const event_from_owner = await client.fetch(`/events`, {
+			const event_from_owner = await client.fetch(`/topics/${topic.id}/events`, {
 				method: 'POST',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -46,7 +47,6 @@ Deno.test({
 				},
 				json: {
 					type: 'test',
 					channel: channel.id,
 					data: {
 						foo: 'bar'
 					}
@ -55,7 +55,7 @@ Deno.test({
 			asserts.assert(event_from_owner);
-			const fetched_event_from_owner = await client.fetch(`/channels/${channel.id}/events/${event_from_owner.id}`, {
+			const fetched_event_from_owner = await client.fetch(`/topics/${topic.id}/events/${event_from_owner.id}`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -65,23 +65,25 @@ Deno.test({
 			asserts.assertEquals(fetched_event_from_owner, event_from_owner);
-			const updated_event_from_owner = await client.fetch(`/events/${event_from_owner.id}`, {
+			const updated_event_from_owner = await client.fetch(`/topics/${topic.id}/events/${event_from_owner.id}`, {
 				method: 'PUT',
 				headers: {
 					'x-session_id': owner_info.session.id,
 					'x-totp': await generateTotp(owner_info.session.secret)
 				},
 				json: {
-					meta: {
+					type: 'other',
 					data: {
 						foo: 'baz'
 					}
 				}
 			});
 			asserts.assertNotEquals(updated_event_from_owner, event_from_owner);
-			asserts.assertEquals(updated_event_from_owner.meta?.foo, 'baz');
+			asserts.assertEquals(updated_event_from_owner.type, 'other');
 			asserts.assertEquals(updated_event_from_owner.data.foo, 'baz');
-			const fetched_updated_event_from_owner = await client.fetch(`/channels/${channel.id}/events/${event_from_owner.id}`, {
+			const fetched_updated_event_from_owner = await client.fetch(`/topics/${topic.id}/events/${event_from_owner.id}`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -95,7 +97,7 @@ Deno.test({
 			const other_user_info = await get_new_user(client, {}, owner_info);
-			const event_from_other_user = await client.fetch(`/events`, {
+			const event_from_other_user = await client.fetch(`/topics/${topic.id}/events`, {
 				method: 'POST',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -103,7 +105,6 @@ Deno.test({
 				},
 				json: {
 					type: 'test',
 					channel: channel.id,
 					data: {
 						other_user: true
 					}
@ -112,7 +113,7 @@ Deno.test({
 			asserts.assert(event_from_other_user);
-			const fetched_event_from_other_user = await client.fetch(`/channels/${channel.id}/events/${event_from_other_user.id}`, {
+			const fetched_event_from_other_user = await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -122,13 +123,14 @@ Deno.test({
 			asserts.assertEquals(fetched_event_from_other_user, event_from_other_user);
-			const updated_event_from_other_user = await client.fetch(`/events/${event_from_other_user.id}`, {
+			const updated_event_from_other_user = await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 				method: 'PUT',
 				headers: {
 					'x-session_id': other_user_info.session.id,
 					'x-totp': await generateTotp(other_user_info.session.secret)
 				},
 				json: {
 					type: 'other',
 					data: {
 						other_user: 'bloop'
 					}
@ -136,9 +138,10 @@ Deno.test({
 			});
 			asserts.assertNotEquals(updated_event_from_other_user, event_from_other_user);
 			asserts.assertEquals(updated_event_from_other_user.type, 'other');
 			asserts.assertEquals(updated_event_from_other_user.data.other_user, 'bloop');
-			const fetched_updated_event_from_other_user = await client.fetch(`/channels/${channel.id}/events/${event_from_other_user.id}`, {
+			const fetched_updated_event_from_other_user = await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -150,7 +153,7 @@ Deno.test({
 			asserts.assertNotEquals(fetched_updated_event_from_other_user, fetched_event_from_other_user);
 			asserts.assertEquals(fetched_updated_event_from_other_user, updated_event_from_other_user);
-			const updated_by_owner_channel = await client.fetch(`/channels/${channel.id}`, {
+			const updated_by_owner_topic = await client.fetch(`/topics/${topic.id}`, {
 				method: 'PUT',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -158,38 +161,33 @@ Deno.test({
 				},
 				json: {
 					permissions: {
-						...channel.permissions,
+						...topic.permissions,
-						events: {
+						write_events: [owner_info.user.id]
 							read: [],
 							write: [owner_info.user.id]
 						}
 					}
 				}
 			});
-			asserts.assertEquals(updated_by_owner_channel.permissions.events.write, [owner_info.user.id]);
+			asserts.assertEquals(updated_by_owner_topic.permissions.write_events, [owner_info.user.id]);
 			try {
-				await client.fetch(`/events/${event_from_other_user.id}`, {
+				await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 					method: 'PUT',
 					headers: {
 						'x-session_id': other_user_info.session.id,
 						'x-totp': await generateTotp(other_user_info.session.secret)
 					},
 					json: {
-						data: {
+						type: 'new'
 							other_user: 'glop'
 						}
 					}
 				});
-				asserts.fail('allowed updating an event in a channel with a events.write allowed only by owner');
+				asserts.fail('allowed updating an event in a topic with a write_events allowed only by owner');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'permission_denied');
 			}
 			try {
-				await client.fetch(`/events/${event_from_other_user.id}`, {
+				await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 					method: 'DELETE',
 					headers: {
 						'x-session_id': other_user_info.session.id,
@ -197,12 +195,12 @@ Deno.test({
 					}
 				});
-				asserts.fail('allowed deleting an event in a channel with a events.write allowed only by owner');
+				asserts.fail('allowed deleting an event in a topic with a write_events allowed only by owner');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'permission_denied');
 			}
-			const publicly_writable_channel = await client.fetch(`/channels/${channel.id}`, {
+			const publicly_writable_topic = await client.fetch(`/topics/${topic.id}`, {
 				method: 'PUT',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -210,18 +208,15 @@ Deno.test({
 				},
 				json: {
 					permissions: {
-						...channel.permissions,
+						...topic.permissions,
-						events: {
+						write_events: []
 							read: [],
 							write: []
 						}
 					}
 				}
 			});
-			asserts.assertEquals(publicly_writable_channel.permissions.events.write, []);
+			asserts.assertEquals(publicly_writable_topic.permissions.write_events, []);
-			const delete_other_user_event_response = await client.fetch(`/events/${event_from_other_user.id}`, {
+			const delete_other_user_event_response = await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 				method: 'DELETE',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -231,7 +226,7 @@ Deno.test({
 			asserts.assertEquals(delete_other_user_event_response.deleted, true);
-			const delete_owner_event_response = await client.fetch(`/events/${event_from_owner.id}`, {
+			const delete_owner_event_response = await client.fetch(`/topics/${topic.id}/events/${event_from_owner.id}`, {
 				method: 'DELETE',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -244,6 +239,7 @@ Deno.test({
 			await delete_user(client, other_user_info);
 			await delete_user(client, owner_info);
 		} finally {
 			clear_topic_events_cache();
 			if (test_server_info) {
 				await test_server_info?.server?.stop();
 			}
--- a/tests/10_update_channel_events_when_append_only.test.ts
+++ b/tests/10_update_channel_events_when_append_only.test.ts
@ -2,9 +2,10 @@ import * as asserts from '@std/assert';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
 import { api, API_CLIENT } from '../utils/api.ts';
 import { generateTotp } from '../utils/totp.ts';
 import { clear_topic_events_cache } from '../models/event.ts';
 Deno.test({
-	name: 'API - CHANNELS - EVENTS - Update (APPEND_ONLY_EVENTS)',
+	name: 'API - TOPICS - EVENTS - Update (APPEND_ONLY_EVENTS)',
 	permissions: {
 		env: true,
 		read: true,
@ -26,22 +27,22 @@ Deno.test({
 			const owner_info = await get_new_user(client);
-			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'channels.create']);
+			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'topics.create']);
-			const channel = await client.fetch('/channels', {
+			const topic = await client.fetch('/topics', {
 				method: 'POST',
 				headers: {
 					'x-session_id': owner_info.session.id,
 					'x-totp': await generateTotp(owner_info.session.secret)
 				},
 				json: {
-					name: 'test update events channel in append only mode'
+					name: 'test update events topic in append only mode'
 				}
 			});
-			asserts.assert(channel);
+			asserts.assert(topic);
-			const event_from_owner = await client.fetch(`/events`, {
+			const event_from_owner = await client.fetch(`/topics/${topic.id}/events`, {
 				method: 'POST',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -49,7 +50,6 @@ Deno.test({
 				},
 				json: {
 					type: 'test',
 					channel: channel.id,
 					data: {
 						foo: 'bar'
 					}
@ -58,7 +58,7 @@ Deno.test({
 			asserts.assert(event_from_owner);
-			const fetched_event_from_owner = await client.fetch(`/channels/${channel.id}/events/${event_from_owner.id}`, {
+			const fetched_event_from_owner = await client.fetch(`/topics/${topic.id}/events/${event_from_owner.id}`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': owner_info.session.id,
@ -69,26 +69,24 @@ Deno.test({
 			asserts.assertEquals(fetched_event_from_owner, event_from_owner);
 			try {
-				await client.fetch(`/events/${event_from_owner.id}`, {
+				await client.fetch(`/topics/${topic.id}/events/${event_from_owner.id}`, {
 					method: 'PUT',
 					headers: {
 						'x-session_id': owner_info.session.id,
 						'x-totp': await generateTotp(owner_info.session.secret)
 					},
 					json: {
-						meta: {
+						type: 'new'
 							foo: 'bar'
 						}
 					}
 				});
-				asserts.fail('allowed updating an event in a channel with APPEND_ONLY_EVENTS on');
+				asserts.fail('allowed updating an event in a topic with APPEND_ONLY_EVENTS on');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'append_only_events');
 			}
 			try {
-				await client.fetch(`/events/${event_from_owner.id}`, {
+				await client.fetch(`/topics/${topic.id}/events/${event_from_owner.id}`, {
 					method: 'DELETE',
 					headers: {
 						'x-session_id': owner_info.session.id,
@ -96,14 +94,14 @@ Deno.test({
 					}
 				});
-				asserts.fail('allowed deleting an event in a channel with APPEND_ONLY_EVENTS on');
+				asserts.fail('allowed deleting an event in a topic with APPEND_ONLY_EVENTS on');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'append_only_events');
 			}
 			const other_user_info = await get_new_user(client, {}, owner_info);
-			const event_from_other_user = await client.fetch(`/events`, {
+			const event_from_other_user = await client.fetch(`/topics/${topic.id}/events`, {
 				method: 'POST',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -111,7 +109,6 @@ Deno.test({
 				},
 				json: {
 					type: 'test',
 					channel: channel.id,
 					data: {
 						other_user: true
 					}
@ -120,7 +117,7 @@ Deno.test({
 			asserts.assert(event_from_other_user);
-			const fetched_event_from_other_user = await client.fetch(`/channels/${channel.id}/events/${event_from_other_user.id}`, {
+			const fetched_event_from_other_user = await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 				method: 'GET',
 				headers: {
 					'x-session_id': other_user_info.session.id,
@ -131,26 +128,24 @@ Deno.test({
 			asserts.assertEquals(fetched_event_from_other_user, event_from_other_user);
 			try {
-				await client.fetch(`/events/${event_from_other_user.id}`, {
+				await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 					method: 'PUT',
 					headers: {
 						'x-session_id': other_user_info.session.id,
 						'x-totp': await generateTotp(other_user_info.session.secret)
 					},
 					json: {
-						meta: {
+						type: 'new'
 							foo: 'bar'
 						}
 					}
 				});
-				asserts.fail('allowed updating an event in a channel with APPEND_ONLY_EVENTS on');
+				asserts.fail('allowed updating an event in a topic with APPEND_ONLY_EVENTS on');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'append_only_events');
 			}
 			try {
-				await client.fetch(`/events/${event_from_other_user.id}`, {
+				await client.fetch(`/topics/${topic.id}/events/${event_from_other_user.id}`, {
 					method: 'DELETE',
 					headers: {
 						'x-session_id': other_user_info.session.id,
@ -158,7 +153,7 @@ Deno.test({
 					}
 				});
-				asserts.fail('allowed deleting an event in a channel with APPEND_ONLY_EVENTS on');
+				asserts.fail('allowed deleting an event in a topic with APPEND_ONLY_EVENTS on');
 			} catch (error) {
 				asserts.assertEquals((error as Error).cause, 'append_only_events');
 			}
@ -168,6 +163,7 @@ Deno.test({
 		} finally {
 			Deno.env.delete('APPEND_ONLY_EVENTS');
 			clear_topic_events_cache();
 			if (test_server_info) {
 				await test_server_info?.server?.stop();
 			}
--- a/tests/11_file_uploads.test.ts
+++ b/tests/11_file_uploads.test.ts
@ -1,7 +1,8 @@
 import { api, API_CLIENT } from '../utils/api.ts';
 import * as asserts from '@std/assert';
 import { USER } from '../models/user.ts';
 import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, random_username, set_user_permissions } from './helpers.ts';
-import { Cookie } from '@std/http/cookie';
+import { Cookie, getSetCookies } from '@std/http/cookie';
 import { generateTotp } from '../utils/totp.ts';
 import * as fs from '@std/fs';
 import * as path from '@std/path';
@ -135,11 +136,55 @@ Deno.test({
 				port: test_server_info.port
 			});
-			const root_user_info = await get_new_user(client);
+			const username = random_username();
-			asserts.assert(root_user_info);
+			const password = 'password';
-			const regular_user_info = await get_new_user(client, {}, root_user_info);
+			const user_creation_response: Record<string, any> = await client.fetch('/users', {
-			asserts.assert(regular_user_info);
+				method: 'POST',
 				json: {
 					username,
 					password
 				}
 			});
 			asserts.assert(user_creation_response?.user);
 			asserts.assert(user_creation_response?.session);
 			let cookies: Cookie[] = [];
 			const auth_response: any = await client.fetch('/auth', {
 				method: 'POST',
 				json: {
 					username,
 					password: 'password'
 				},
 				done: (response) => {
 					cookies = getSetCookies(response.headers);
 				}
 			});
 			const user: USER | undefined = auth_response.user;
 			asserts.assert(user);
 			asserts.assert(user.id);
 			const session: Record<string, any> | undefined = auth_response.session;
 			asserts.assert(session);
 			cookies.push({
 				name: 'totp',
 				value: await generateTotp(session?.secret ?? ''),
 				maxAge: 30,
 				expires: Date.now() + 30_000,
 				path: '/'
 			});
 			const headers_for_upload_request = new Headers();
 			for (const cookie of cookies) {
 				headers_for_upload_request.append(`x-${cookie.name}`, cookie.value);
 			}
 			headers_for_upload_request.append(
 				'cookie',
 				cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ')
 			);
 			const upload_body = new FormData();
 			upload_body.append(
@ -151,10 +196,7 @@ Deno.test({
 				`http://${test_server_info.hostname}:${test_server_info.port}/files/test_uploading_to_root_dir.txt`,
 				{
 					method: 'PUT',
-					headers: {
+					headers: headers_for_upload_request,
 						'x-session_id': regular_user_info.session.id,
 						'x-totp': await generateTotp(regular_user_info.session.secret)
 					},
 					body: upload_body
 				}
 			);
@ -162,16 +204,13 @@ Deno.test({
 			asserts.assert(!disallowed_upload_response.ok);
 			await disallowed_upload_response.text();
-			await set_user_permissions(client, regular_user_info.user, regular_user_info.session, [...regular_user_info.user.permissions, 'files.write.all']);
+			await set_user_permissions(client, user, session, [...user.permissions, 'files.write.all']);
 			const allowed_upload_response = await fetch(
 				`http://${test_server_info.hostname}:${test_server_info.port}/files/test_uploading_to_root_dir.txt`,
 				{
 					method: 'PUT',
-					headers: {
+					headers: headers_for_upload_request,
 						'x-session_id': regular_user_info.session.id,
 						'x-totp': await generateTotp(regular_user_info.session.secret)
 					},
 					body: upload_body
 				}
 			);
--- a/utils/object_helpers.ts
+++ b/utils/object_helpers.ts
@ -1,30 +0,0 @@
 export function flatten(obj: Record<string, any>, path?: string, result?: Record<string, any>) {
 	result = result ?? {};
 	for (const [key, value] of Object.entries(obj)) {
 		if (typeof value === 'object') {
 			flatten(value, (path ?? '') + key + '.', result);
 		} else {
 			result[(path ?? '') + key] = value;
 		}
 	}
 	return result;
 }
 export function expand(obj: Record<string, any>) {
 	const result: Record<string, any> = {};
 	for (const [key, value] of Object.entries(obj)) {
 		const elements = key.split('.');
 		let current = result;
 		for (const element of elements.slice(0, elements.length - 1)) {
 			current[element] = current[element] ?? {};
 			current = current[element];
 		}
 		current[elements[elements.length - 1]] = value;
 	}
 	return result;
 }
--- a/utils/prechecks.ts
+++ b/utils/prechecks.ts
@ -1,9 +1,8 @@
 import { getCookies } from '@std/http/cookie';
 import { SESSIONS } from '../models/session.ts';
 import { verifyTotp } from './totp.ts';
-import { USER, USERS } from '../models/user.ts';
+import { USERS } from '../models/user.ts';
 import * as CANNED_RESPONSES from './canned_responses.ts';
 import { EVENT } from '../models/event.ts';
 export type PRECHECK = (req: Request, meta: Record<string, any>) => Promise<Response | undefined> | Response | undefined;
 export type PRECHECK_TABLE = Record<string, PRECHECK[]>;
@ -42,7 +41,3 @@ export function require_user(
 		return CANNED_RESPONSES.permission_denied();
 	}
 }
 export function user_has_write_permission_for_event(user: USER, event: EVENT) {
 	return user.permissions.includes('events.create.' + event.type) || (Deno.env.get('DENO_ENV') === 'test' && event.type === 'test');
 }
--- a/utils/totp.ts
+++ b/utils/totp.ts
@ -7,10 +7,9 @@ import { decodeBase32 } from '@std/encoding';
 *
 * @ignore
 */
-export function counterToBuffer(counter: number): ArrayBuffer {
+export function counterToBuffer(counter: number): DataView {
-	const buffer = new ArrayBuffer(8);
+	const buffer = new DataView(new ArrayBuffer(8));
-	const view = new DataView(buffer);
+	buffer.setBigUint64(0, BigInt(counter), false);
 	view.setBigUint64(0, BigInt(counter), false);
 	return buffer;
 }
@ -24,7 +23,7 @@ export async function generateHmacSha1(
 ): Promise<Uint8Array> {
 	const importedKey = await crypto.subtle.importKey(
 		'raw',
-		new Uint8Array(key),
+		key,
 		{ name: 'HMAC', hash: 'SHA-1' },
 		false,
 		['sign']
`@ -1,3 +1,3 @@`
	`# Calendar`	`# Calendar`

	`The calendar should help people coordinate events.`	`The calendar should help people coordinate events around a topic.`
`@ -1,3 +1,3 @@`
	`# Resources`	`# Resources`

	`Resources should be a wiki for organizing community knowledge.`	`Resources should be a wiki for organizing community knowledge on a topic.`