commit 4255d95c686ab0e098076e43c9c1db2248833aa9
Author: Mike Johnston <mike@nervesocket.com>
Date:   Sat Feb 28 00:01:41 2026 -0500

    first commit

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..7556c5a
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+node_modules
+data
+.git
+.gitea
+*.md
+.env
diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..706c246
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,13 @@
+# Server
+PORT=3000
+NODE_ENV=production
+BASE_URL=https://loot-hunt.com
+
+# Session
+SESSION_SECRET=change-me-to-a-random-string
+
+# Database (SQLite file path)
+DB_PATH=./data/loot-hunt.db
+
+# Uploads directory
+UPLOADS_DIR=./data/uploads
diff --git a/.gitea/workflows/rebuild-prod.yaml b/.gitea/workflows/rebuild-prod.yaml
new file mode 100644
index 0000000..4121af7
--- /dev/null
+++ b/.gitea/workflows/rebuild-prod.yaml
@@ -0,0 +1,89 @@
+# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions
+name: Build Images and Deploy
+run-name: ${{ gitea.actor }} is building new PROD images and redeploying the existing stack 🚀
+on:
+  push:
+    # not working right now https://github.com/actions/runner/issues/2324
+    # paths-ignore:
+    #   - **.yml
+    branches:
+      - main
+
+env:
+  STACK_NAME: loot-hunt
+  DOT_ENV: ${{ secrets.PROD_ENV }}
+  PORTAINER_TOKEN: ${{ vars.PORTAINER_TOKEN }}
+  PORTAINER_API_URL: https://portainer.dev.nervesocket.com/api
+  ENDPOINT_NAME: "mini" #sometimes "primary"
+  IMAGE_TAG: "reg.dev.nervesocket.com/loot-hunt:latest"
+
+jobs:
+  Update-PROD-Stack:
+    runs-on: ubuntu-latest
+    steps:
+        # if: contains(github.event.pull_request.head.ref, 'init-stack')
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build and push PROD Docker image
+        run: |
+          echo $DOT_ENV | base64 -d > .env
+          docker buildx build --push -f Dockerfile -t $IMAGE_TAG .
+
+      - name: Get the endpoint ID
+      # Usually ID is 1, but you can get it from the API. Only skip this if you are VERY sure.
+        run: |
+          ENDPOINT_ID=$(curl -s -H "X-API-Key: $PORTAINER_TOKEN" "$PORTAINER_API_URL/endpoints" | jq -r ".[] | select(.Name==\"$ENDPOINT_NAME\") | .Id")
+          echo "ENDPOINT_ID=$ENDPOINT_ID" >> $GITHUB_ENV
+          echo "Got stack Endpoint ID: $ENDPOINT_ID"
+
+      - name: Fetch stack ID from Portainer
+        run: |
+          STACK_ID=$(curl -s -H "X-API-Key: $PORTAINER_TOKEN" "$PORTAINER_API_URL/stacks" | jq -r ".[] | select(.Name==\"$STACK_NAME\" and .EndpointId==$ENDPOINT_ID) | .Id")
+
+          echo "STACK_ID=$STACK_ID" >> $GITHUB_ENV
+          echo "Got stack ID: $STACK_ID matched with Endpoint ID: $ENDPOINT_ID"
+
+      - name: Fetch Stack
+        run: |
+          # Get the stack details (including env vars)
+          STACK_DETAILS=$(curl -s -H "X-API-Key: $PORTAINER_TOKEN" "$PORTAINER_API_URL/stacks/$STACK_ID")
+          
+          # Extract environment variables from the stack
+          echo "$STACK_DETAILS" | jq -r '.Env' > stack_env.json
+          
+          echo "Existing stack environment variables:"
+          cat stack_env.json
+
+      - name: Redeploy stack in Portainer
+        run: |
+          # Read stack file content
+          STACK_FILE_CONTENT=$(echo "$(<prod-compose.yml )")
+
+          # Read existing environment variables from the fetched stack
+          ENV_VARS=$(cat stack_env.json)
+
+          # Prepare JSON payload with environment variables
+          JSON_PAYLOAD=$(jq -n --arg stackFileContent "$STACK_FILE_CONTENT" --argjson pullImage true --argjson env "$ENV_VARS" \
+            '{stackFileContent: $stackFileContent, pullImage: $pullImage, env: $env}')
+
+          echo "About to push the following JSON payload:"
+          echo $JSON_PAYLOAD
+
+          # Update stack in Portainer (this redeploys it)
+          DEPLOY_RESPONSE=$(curl -X PUT "$PORTAINER_API_URL/stacks/$STACK_ID?endpointId=$ENDPOINT_ID" \
+            -H "X-API-Key: $PORTAINER_TOKEN" \
+            -H "Content-Type: application/json" \
+            --data "$JSON_PAYLOAD")
+
+          echo "Redeployed stack in Portainer. Response:"
+          echo $DEPLOY_RESPONSE
+
+      - name: Status check
+        run: |
+          echo "📋 This job's status is ${{ job.status }}. Make sure you delete the init file to avoid issues."
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..923ad39
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+node_modules/
+data/
+.env
+*.db
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a6f1ea1
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,15 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci --omit=dev
+
+COPY . .
+
+# Create data directory
+RUN mkdir -p /app/data/uploads
+
+EXPOSE 3000
+
+CMD ["node", "src/app.js"]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f77add8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,91 @@
+# Loot Hunt
+
+A digital alternate reality game — find and scan hidden QR codes in real life to earn points and climb the leaderboard.
+
+## How It Works
+
+1. **Organizers** create a "hunt" and generate printable QR code cards
+2. **Players** scan hidden QR codes to earn points — first find gets the most points
+3. **Leaderboards** track top players per hunt and globally
+
+### Point System
+
+| Scan Order | Points |
+|-----------|--------|
+| 1st scan  | 500    |
+| 2nd scan  | 250    |
+| 3rd scan  | 100    |
+| 4th+      | 50     |
+
+Players earn points only once per package. Re-scanning lets you update the package hint.
+
+## Tech Stack
+
+- **Node.js** + Express
+- **SQLite** via better-sqlite3
+- **EJS** templates
+- **PDFKit** + qrcode for printable QR sheets
+- **Docker** deployment via Portainer
+
+## Quick Start (Development)
+
+```bash
+cp .env.example .env
+npm install
+node src/setup-admin.js admin yourpassword
+npm run dev
+```
+
+Visit `http://localhost:3000`
+
+## Docker Deployment
+
+The project deploys via Gitea Actions → Docker build → Portainer stack update.
+
+```bash
+# Build locally
+docker build -t loot-hunt .
+
+# Run
+docker run -p 3000:3000 -v loot-data:/app/data \
+  -e SESSION_SECRET=your-secret \
+  -e BASE_URL=https://loot-hunt.com \
+  loot-hunt
+
+# Create admin user inside container
+docker exec -it loot-hunt node src/setup-admin.js admin yourpassword
+```
+
+## Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `PORT` | Server port | `3000` |
+| `NODE_ENV` | Environment | `production` |
+| `BASE_URL` | Public URL (for QR codes) | `http://localhost:3000` |
+| `SESSION_SECRET` | Session encryption key | (required) |
+| `DB_PATH` | SQLite database path | `./data/loot-hunt.db` |
+| `UPLOADS_DIR` | Image uploads directory | `./data/uploads` |
+| `TRUST_PROXY` | Trust reverse proxy headers | `false` |
+
+## Project Structure
+
+```
+src/
+├── app.js              # Express application entry point
+├── setup-admin.js      # CLI tool to create/promote admin users
+├── config/
+│   └── database.js     # SQLite initialization & schema
+├── middleware/
+│   └── auth.js         # Auth & admin middleware
+├── models/
+│   └── index.js        # All database operations
+├── routes/
+│   ├── auth.js         # Login/register/logout
+│   ├── admin.js        # Hunt management & PDF download
+│   ├── loot.js         # QR scan handling, image upload, hints
+│   └── hunts.js        # Public hunt profiles & leaderboards
+├── utils/
+│   └── pdf.js          # QR code PDF generation
+└── views/              # EJS templates
+```
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..55eb1dd
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,2001 @@
+{
+  "name": "loot-hunt",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "loot-hunt",
+      "version": "1.0.0",
+      "dependencies": {
+        "bcryptjs": "^2.4.3",
+        "ejs": "^3.1.10",
+        "express": "^4.21.1",
+        "express-session": "^1.18.1",
+        "multer": "^1.4.5-lts.1",
+        "pdfkit": "^0.16.0",
+        "qrcode": "^1.5.4",
+        "sql.js": "^1.11.0"
+      },
+      "devDependencies": {
+        "nodemon": "^3.1.7"
+      }
+    },
+    "node_modules/@swc/helpers": {
+      "version": "0.5.19",
+      "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.19.tgz",
+      "integrity": "sha512-QamiFeIK3txNjgUTNppE6MiG3p7TdninpZu0E0PbqVh1a9FNLT2FRhisaa4NcaX52XVhA5l7Pk58Ft7Sqi/2sA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.8.0"
+      }
+    },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/anymatch": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
+      "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/append-field": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz",
+      "integrity": "sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==",
+      "license": "MIT"
+    },
+    "node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==",
+      "license": "MIT"
+    },
+    "node_modules/async": {
+      "version": "3.2.6",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
+      "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==",
+      "license": "MIT"
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "license": "MIT"
+    },
+    "node_modules/base64-js": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/bcryptjs": {
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz",
+      "integrity": "sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==",
+      "license": "MIT"
+    },
+    "node_modules/binary-extensions": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
+      "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/body-parser": {
+      "version": "1.20.4",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
+      "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "content-type": "~1.0.5",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "~1.2.0",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "on-finished": "~2.4.1",
+        "qs": "~6.14.0",
+        "raw-body": "~2.5.3",
+        "type-is": "~1.6.18",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/brace-expansion": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/braces": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fill-range": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/brotli": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/brotli/-/brotli-1.3.3.tgz",
+      "integrity": "sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg==",
+      "license": "MIT",
+      "dependencies": {
+        "base64-js": "^1.1.2"
+      }
+    },
+    "node_modules/buffer-from": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
+      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
+      "license": "MIT"
+    },
+    "node_modules/busboy": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
+      "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==",
+      "dependencies": {
+        "streamsearch": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=10.16.0"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/camelcase": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/chokidar": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
+      "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
+      "engines": {
+        "node": ">= 8.10.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/cliui": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
+      "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==",
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "wrap-ansi": "^6.2.0"
+      }
+    },
+    "node_modules/clone": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/clone/-/clone-2.1.2.tgz",
+      "integrity": "sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.8"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "license": "MIT"
+    },
+    "node_modules/concat-stream": {
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz",
+      "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==",
+      "engines": [
+        "node >= 0.8"
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "buffer-from": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^2.2.2",
+        "typedarray": "^0.0.6"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "license": "MIT",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==",
+      "license": "MIT"
+    },
+    "node_modules/core-util-is": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
+      "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==",
+      "license": "MIT"
+    },
+    "node_modules/crypto-js": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz",
+      "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==",
+      "license": "MIT"
+    },
+    "node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/decamelize": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
+      "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
+      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/dfa": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz",
+      "integrity": "sha512-ED3jP8saaweFTjeGX8HQPjeC1YYyZs98jGNZx6IiBvxW7JG5v492kamAQB3m2wop07CvU/RQmzcKr6bgcC5D/Q==",
+      "license": "MIT"
+    },
+    "node_modules/dijkstrajs": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz",
+      "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==",
+      "license": "MIT"
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
+      "license": "MIT"
+    },
+    "node_modules/ejs": {
+      "version": "3.1.10",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz",
+      "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "jake": "^10.8.5"
+      },
+      "bin": {
+        "ejs": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "license": "MIT"
+    },
+    "node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
+      "license": "MIT"
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.22.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "~1.20.3",
+        "content-disposition": "~0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
+        "merge-descriptors": "1.0.3",
+        "methods": "~1.1.2",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "~0.1.12",
+        "proxy-addr": "~2.0.7",
+        "qs": "~6.14.0",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~2.0.1",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/express-session": {
+      "version": "1.19.0",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.19.0.tgz",
+      "integrity": "sha512-0csaMkGq+vaiZTmSMMGkfdCOabYv192VbytFypcvI0MANrp+4i/7yEkJ0sbAEhycQjntaKGzYfjfXQyVb7BHMA==",
+      "license": "MIT",
+      "dependencies": {
+        "cookie": "~0.7.2",
+        "cookie-signature": "~1.0.7",
+        "debug": "~2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.1.0",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "~5.2.1",
+        "uid-safe": "~2.1.5"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
+      "license": "MIT"
+    },
+    "node_modules/filelist": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.6.tgz",
+      "integrity": "sha512-5giy2PkLYY1cP39p17Ech+2xlpTRL9HLspOfEgm0L6CwBXBTgsK5ou0JtzYuepxkaQ/tvhCFIJ5uXo0OrM2DxA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "minimatch": "^5.0.1"
+      }
+    },
+    "node_modules/fill-range": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
+      "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "statuses": "~2.0.2",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/find-up": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+      "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+      "license": "MIT",
+      "dependencies": {
+        "locate-path": "^5.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/fontkit": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/fontkit/-/fontkit-2.0.4.tgz",
+      "integrity": "sha512-syetQadaUEDNdxdugga9CpEYVaQIxOwk7GlwZWWZ19//qW4zE5bknOKeMBDYAASwnpaSHKJITRLMF9m1fp3s6g==",
+      "license": "MIT",
+      "dependencies": {
+        "@swc/helpers": "^0.5.12",
+        "brotli": "^1.3.2",
+        "clone": "^2.1.2",
+        "dfa": "^1.2.0",
+        "fast-deep-equal": "^3.1.3",
+        "restructure": "^3.0.0",
+        "tiny-inflate": "^1.0.3",
+        "unicode-properties": "^1.4.0",
+        "unicode-trie": "^2.0.0"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "license": "ISC",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ignore-by-default": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/ignore-by-default/-/ignore-by-default-1.0.1.tgz",
+      "integrity": "sha512-Ius2VYcGNk7T90CppJqcIkS5ooHUZyIQK+ClZfMfMNFEF9VSE73Fq+906u/CWu92x4gzZMWOwfFYckPObzdEbA==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "license": "ISC"
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "binary-extensions": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/isarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+      "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==",
+      "license": "MIT"
+    },
+    "node_modules/jake": {
+      "version": "10.9.4",
+      "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.4.tgz",
+      "integrity": "sha512-wpHYzhxiVQL+IV05BLE2Xn34zW1S223hvjtqk0+gsPrwd/8JNLXJgZZM/iPFsYc1xyphF+6M6EvdE5E9MBGkDA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "async": "^3.2.6",
+        "filelist": "^1.0.4",
+        "picocolors": "^1.1.1"
+      },
+      "bin": {
+        "jake": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/jpeg-exif": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/jpeg-exif/-/jpeg-exif-1.1.4.tgz",
+      "integrity": "sha512-a+bKEcCjtuW5WTdgeXFzswSrdqi0jk4XlEtZlx5A94wCoBpFjfFTbo/Tra5SpNCl/YFZPvcV1dJc+TAYeg6ROQ==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "license": "MIT"
+    },
+    "node_modules/linebreak": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/linebreak/-/linebreak-1.1.0.tgz",
+      "integrity": "sha512-MHp03UImeVhB7XZtjd0E4n6+3xr5Dq/9xI/5FptGk5FrbDR3zagPa2DS6U8ks/3HjbKWG9Q1M2ufOzxV2qLYSQ==",
+      "license": "MIT",
+      "dependencies": {
+        "base64-js": "0.0.8",
+        "unicode-trie": "^2.0.0"
+      }
+    },
+    "node_modules/linebreak/node_modules/base64-js": {
+      "version": "0.0.8",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-0.0.8.tgz",
+      "integrity": "sha512-3XSA2cR/h/73EzlXXdU6YNycmYI7+kicTxks4eJg2g39biHR84slg2+des+p7iHYhbRg/udIS4TD53WabcOUkw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/locate-path": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+      "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+      "license": "MIT",
+      "dependencies": {
+        "p-locate": "^4.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "license": "MIT",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/minimatch": {
+      "version": "5.1.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+      "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/minimist": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/mkdirp": {
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
+      "license": "MIT",
+      "dependencies": {
+        "minimist": "^1.2.6"
+      },
+      "bin": {
+        "mkdirp": "bin/cmd.js"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
+      "license": "MIT"
+    },
+    "node_modules/multer": {
+      "version": "1.4.5-lts.2",
+      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz",
+      "integrity": "sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==",
+      "deprecated": "Multer 1.x is impacted by a number of vulnerabilities, which have been patched in 2.x. You should upgrade to the latest 2.x version.",
+      "license": "MIT",
+      "dependencies": {
+        "append-field": "^1.0.0",
+        "busboy": "^1.0.0",
+        "concat-stream": "^1.5.2",
+        "mkdirp": "^0.5.4",
+        "object-assign": "^4.1.1",
+        "type-is": "^1.6.4",
+        "xtend": "^4.0.0"
+      },
+      "engines": {
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/nodemon": {
+      "version": "3.1.14",
+      "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.14.tgz",
+      "integrity": "sha512-jakjZi93UtB3jHMWsXL68FXSAosbLfY0In5gtKq3niLSkrWznrVBzXFNOEMJUfc9+Ke7SHWoAZsiMkNP3vq6Jw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chokidar": "^3.5.2",
+        "debug": "^4",
+        "ignore-by-default": "^1.0.1",
+        "minimatch": "^10.2.1",
+        "pstree.remy": "^1.1.8",
+        "semver": "^7.5.3",
+        "simple-update-notifier": "^2.0.0",
+        "supports-color": "^5.5.0",
+        "touch": "^3.1.0",
+        "undefsafe": "^2.0.5"
+      },
+      "bin": {
+        "nodemon": "bin/nodemon.js"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/nodemon"
+      }
+    },
+    "node_modules/nodemon/node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/nodemon/node_modules/brace-expansion": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
+      "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/nodemon/node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/nodemon/node_modules/minimatch": {
+      "version": "10.2.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/nodemon/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "license": "MIT",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/on-headers": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz",
+      "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/p-limit": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
+      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
+      "license": "MIT",
+      "dependencies": {
+        "p-try": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/p-locate": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+      "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+      "license": "MIT",
+      "dependencies": {
+        "p-limit": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/p-try": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/pako": {
+      "version": "0.2.9",
+      "resolved": "https://registry.npmjs.org/pako/-/pako-0.2.9.tgz",
+      "integrity": "sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA==",
+      "license": "MIT"
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-exists": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==",
+      "license": "MIT"
+    },
+    "node_modules/pdfkit": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/pdfkit/-/pdfkit-0.16.0.tgz",
+      "integrity": "sha512-oXMxkIqXH4uTAtohWdYA41i/f6i2ReB78uhgizN8H4hJEpgR3/Xjy3iu2InNAuwCIabN3PVs8P1D6G4+W2NH0A==",
+      "license": "MIT",
+      "dependencies": {
+        "crypto-js": "^4.2.0",
+        "fontkit": "^2.0.4",
+        "jpeg-exif": "^1.1.4",
+        "linebreak": "^1.1.0",
+        "png-js": "^1.0.0"
+      }
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "license": "ISC"
+    },
+    "node_modules/picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/png-js": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/png-js/-/png-js-1.0.0.tgz",
+      "integrity": "sha512-k+YsbhpA9e+EFfKjTCH3VW6aoKlyNYI6NYdTfDL4CIvFnvsuO84ttonmZE7rc+v23SLTH8XX+5w/Ak9v0xGY4g=="
+    },
+    "node_modules/pngjs": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz",
+      "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/process-nextick-args": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
+      "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==",
+      "license": "MIT"
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "license": "MIT",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/pstree.remy": {
+      "version": "1.1.8",
+      "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz",
+      "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/qrcode": {
+      "version": "1.5.4",
+      "resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz",
+      "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==",
+      "license": "MIT",
+      "dependencies": {
+        "dijkstrajs": "^1.0.1",
+        "pngjs": "^5.0.0",
+        "yargs": "^15.3.1"
+      },
+      "bin": {
+        "qrcode": "bin/qrcode"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.5.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+      "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/readable-stream": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+      "license": "MIT",
+      "dependencies": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "node_modules/readable-stream/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
+      "license": "MIT"
+    },
+    "node_modules/readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "picomatch": "^2.2.1"
+      },
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/require-main-filename": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
+      "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==",
+      "license": "ISC"
+    },
+    "node_modules/restructure": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/restructure/-/restructure-3.0.2.tgz",
+      "integrity": "sha512-gSfoiOEA0VPE6Tukkrr7I0RBdE0s7H1eFCDBk05l1KIQT1UIKNc5JZy6jdyW6eYH3aR3g5b3PuL77rq0hvwtAw==",
+      "license": "MIT"
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "license": "MIT"
+    },
+    "node_modules/semver": {
+      "version": "7.7.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+      "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/send": {
+      "version": "0.19.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
+      "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.4.1",
+        "range-parser": "~1.2.1",
+        "statuses": "~2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/serve-static": {
+      "version": "1.16.3",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
+      "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
+      "license": "MIT",
+      "dependencies": {
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "~0.19.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/set-blocking": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
+      "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==",
+      "license": "ISC"
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
+      "license": "ISC"
+    },
+    "node_modules/side-channel": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-list": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
+      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/simple-update-notifier": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz",
+      "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/sql.js": {
+      "version": "1.14.0",
+      "resolved": "https://registry.npmjs.org/sql.js/-/sql.js-1.14.0.tgz",
+      "integrity": "sha512-NXYh+kFqLiYRCNAaHD0PcbjFgXyjuolEKLMk5vRt2DgPENtF1kkNzzMlg42dUk5wIsH8MhUzsRhaUxIisoSlZQ==",
+      "license": "MIT"
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/streamsearch": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz",
+      "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==",
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "license": "MIT",
+      "dependencies": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "node_modules/string_decoder/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
+      "license": "MIT"
+    },
+    "node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/tiny-inflate": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/tiny-inflate/-/tiny-inflate-1.0.3.tgz",
+      "integrity": "sha512-pkY1fj1cKHb2seWDy0B16HeWyczlJA9/WW3u3c4z/NiWDsO3DOU5D7nhTLE9CF0yXv/QZFY7sEJmj24dK+Rrqw==",
+      "license": "MIT"
+    },
+    "node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/touch": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/touch/-/touch-3.1.1.tgz",
+      "integrity": "sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "nodetouch": "bin/nodetouch.js"
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
+      "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
+      "license": "0BSD"
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "license": "MIT",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/typedarray": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
+      "integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==",
+      "license": "MIT"
+    },
+    "node_modules/uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "license": "MIT",
+      "dependencies": {
+        "random-bytes": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/undefsafe": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
+      "integrity": "sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/unicode-properties": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz",
+      "integrity": "sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg==",
+      "license": "MIT",
+      "dependencies": {
+        "base64-js": "^1.3.0",
+        "unicode-trie": "^2.0.0"
+      }
+    },
+    "node_modules/unicode-trie": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz",
+      "integrity": "sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ==",
+      "license": "MIT",
+      "dependencies": {
+        "pako": "^0.2.5",
+        "tiny-inflate": "^1.0.0"
+      }
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
+      "license": "MIT"
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/which-module": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz",
+      "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==",
+      "license": "ISC"
+    },
+    "node_modules/wrap-ansi": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/xtend": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
+      "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4"
+      }
+    },
+    "node_modules/y18n": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
+      "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==",
+      "license": "ISC"
+    },
+    "node_modules/yargs": {
+      "version": "15.4.1",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
+      "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==",
+      "license": "MIT",
+      "dependencies": {
+        "cliui": "^6.0.0",
+        "decamelize": "^1.2.0",
+        "find-up": "^4.1.0",
+        "get-caller-file": "^2.0.1",
+        "require-directory": "^2.1.1",
+        "require-main-filename": "^2.0.0",
+        "set-blocking": "^2.0.0",
+        "string-width": "^4.2.0",
+        "which-module": "^2.0.0",
+        "y18n": "^4.0.0",
+        "yargs-parser": "^18.1.2"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/yargs-parser": {
+      "version": "18.1.3",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz",
+      "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==",
+      "license": "ISC",
+      "dependencies": {
+        "camelcase": "^5.0.0",
+        "decamelize": "^1.2.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..cd9a4ff
--- /dev/null
+++ b/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "loot-hunt",
+  "version": "1.0.0",
+  "description": "Digital treasure hunt ARG - find and scan hidden QR codes to earn points",
+  "main": "src/app.js",
+  "scripts": {
+    "start": "node src/app.js",
+    "dev": "nodemon src/app.js"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "ejs": "^3.1.10",
+    "express": "^4.21.1",
+    "express-session": "^1.18.1",
+    "multer": "^1.4.5-lts.1",
+    "pdfkit": "^0.16.0",
+    "qrcode": "^1.5.4",
+    "sql.js": "^1.11.0"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.7"
+  }
+}
diff --git a/prod-compose.yml b/prod-compose.yml
new file mode 100644
index 0000000..e2b3888
--- /dev/null
+++ b/prod-compose.yml
@@ -0,0 +1,23 @@
+version: "3.8"
+
+services:
+  loot-hunt:
+    image: reg.dev.nervesocket.com/loot-hunt:latest
+    container_name: loot-hunt
+    restart: unless-stopped
+    ports:
+      - "${PORT:-3000}:3000"
+    environment:
+      - NODE_ENV=production
+      - PORT=3000
+      - BASE_URL=${BASE_URL}
+      - SESSION_SECRET=${SESSION_SECRET}
+      - DB_PATH=/app/data/loot-hunt.db
+      - UPLOADS_DIR=/app/data/uploads
+      - TRUST_PROXY=true
+    volumes:
+      - loot-hunt-data:/app/data
+
+volumes:
+  loot-hunt-data:
+    driver: local
diff --git a/public/css/style.css b/public/css/style.css
new file mode 100644
index 0000000..41fb0c5
--- /dev/null
+++ b/public/css/style.css
@@ -0,0 +1,517 @@
+:root {
+  --primary: #6c5ce7;
+  --primary-dark: #5a4bd1;
+  --accent: #fdcb6e;
+  --dark: #1a1a2e;
+  --darker: #16213e;
+  --light: #f8f9fa;
+  --success: #00b894;
+  --danger: #d63031;
+  --muted: #636e72;
+  --card-bg: #ffffff;
+  --body-bg: #f0f2f5;
+}
+
+* {
+  box-sizing: border-box;
+}
+
+body {
+  font-family: 'Segoe UI', system-ui, -apple-system, sans-serif;
+  background: var(--body-bg);
+  color: #2d3436;
+  margin: 0;
+  min-height: 100vh;
+  display: flex;
+  flex-direction: column;
+}
+
+/* ─── Navigation ──────────────────────────────────────── */
+.navbar {
+  background: var(--dark);
+  padding: 0 1.5rem;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  height: 60px;
+  box-shadow: 0 2px 8px rgba(0, 0, 0, 0.15);
+  position: sticky;
+  top: 0;
+  z-index: 100;
+}
+
+.navbar-brand {
+  color: var(--accent);
+  font-weight: 800;
+  font-size: 1.4rem;
+  text-decoration: none;
+  letter-spacing: -0.5px;
+}
+
+.navbar-brand:hover {
+  color: #fff;
+}
+
+.navbar-nav {
+  display: flex;
+  align-items: center;
+  gap: 0.25rem;
+  list-style: none;
+  margin: 0;
+  padding: 0;
+}
+
+.navbar-nav a {
+  color: #b2bec3;
+  text-decoration: none;
+  padding: 0.5rem 0.75rem;
+  border-radius: 6px;
+  font-size: 0.9rem;
+  transition: all 0.2s;
+}
+
+.navbar-nav a:hover,
+.navbar-nav a.active {
+  color: #fff;
+  background: rgba(255, 255, 255, 0.1);
+}
+
+/* ─── Layout ──────────────────────────────────────────── */
+.container {
+  max-width: 960px;
+  margin: 0 auto;
+  padding: 2rem 1.5rem;
+  flex: 1;
+}
+
+.container-narrow {
+  max-width: 520px;
+  margin: 0 auto;
+  padding: 2rem 1.5rem;
+  flex: 1;
+}
+
+/* ─── Cards ──────────────────────────────────────────── */
+.card {
+  background: var(--card-bg);
+  border-radius: 12px;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+  padding: 1.5rem;
+  margin-bottom: 1rem;
+}
+
+.card-header {
+  font-size: 1.25rem;
+  font-weight: 700;
+  margin-bottom: 1rem;
+  padding-bottom: 0.75rem;
+  border-bottom: 2px solid var(--body-bg);
+}
+
+/* ─── Buttons ─────────────────────────────────────────── */
+.btn {
+  display: inline-flex;
+  align-items: center;
+  gap: 0.5rem;
+  padding: 0.6rem 1.25rem;
+  border-radius: 8px;
+  border: none;
+  font-size: 0.9rem;
+  font-weight: 600;
+  cursor: pointer;
+  text-decoration: none;
+  transition: all 0.2s;
+}
+
+.btn-primary {
+  background: var(--primary);
+  color: #fff;
+}
+
+.btn-primary:hover {
+  background: var(--primary-dark);
+}
+
+.btn-success {
+  background: var(--success);
+  color: #fff;
+}
+
+.btn-success:hover {
+  background: #00a381;
+}
+
+.btn-outline {
+  background: transparent;
+  border: 2px solid var(--primary);
+  color: var(--primary);
+}
+
+.btn-outline:hover {
+  background: var(--primary);
+  color: #fff;
+}
+
+.btn-danger {
+  background: var(--danger);
+  color: #fff;
+}
+
+.btn-sm {
+  padding: 0.4rem 0.8rem;
+  font-size: 0.8rem;
+}
+
+/* ─── Forms ──────────────────────────────────────────── */
+.form-group {
+  margin-bottom: 1rem;
+}
+
+.form-group label {
+  display: block;
+  font-weight: 600;
+  margin-bottom: 0.3rem;
+  font-size: 0.9rem;
+  color: #555;
+}
+
+.form-control {
+  width: 100%;
+  padding: 0.6rem 0.8rem;
+  border: 2px solid #dfe6e9;
+  border-radius: 8px;
+  font-size: 0.95rem;
+  transition: border-color 0.2s;
+  font-family: inherit;
+}
+
+.form-control:focus {
+  outline: none;
+  border-color: var(--primary);
+}
+
+textarea.form-control {
+  resize: vertical;
+  min-height: 80px;
+}
+
+.form-hint {
+  font-size: 0.8rem;
+  color: var(--muted);
+  margin-top: 0.2rem;
+}
+
+/* ─── Alerts ──────────────────────────────────────────── */
+.alert {
+  padding: 0.8rem 1rem;
+  border-radius: 8px;
+  margin-bottom: 1rem;
+  font-size: 0.9rem;
+}
+
+.alert-danger {
+  background: #ffeaa7;
+  border: 1px solid #fdcb6e;
+  color: #6c5ce7;
+}
+
+.alert-danger.error {
+  background: #fab1a0;
+  border: 1px solid #e17055;
+  color: #2d3436;
+}
+
+.alert-success {
+  background: #dfe6e9;
+  border: 1px solid var(--success);
+  color: #00b894;
+}
+
+.alert-info {
+  background: #dfe6e9;
+  border: 1px solid #74b9ff;
+  color: #0984e3;
+}
+
+/* ─── Points Badge ────────────────────────────────────── */
+.points-badge {
+  display: inline-flex;
+  align-items: center;
+  gap: 0.25rem;
+  background: var(--accent);
+  color: var(--dark);
+  font-weight: 800;
+  padding: 0.4rem 0.8rem;
+  border-radius: 20px;
+  font-size: 1.1rem;
+}
+
+.points-badge.large {
+  font-size: 2rem;
+  padding: 0.5rem 1.5rem;
+}
+
+/* ─── Tables ──────────────────────────────────────────── */
+.table-wrapper {
+  overflow-x: auto;
+}
+
+table {
+  width: 100%;
+  border-collapse: collapse;
+}
+
+th, td {
+  text-align: left;
+  padding: 0.65rem 0.75rem;
+  border-bottom: 1px solid #eee;
+}
+
+th {
+  font-weight: 700;
+  font-size: 0.85rem;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+  color: var(--muted);
+}
+
+tr:hover {
+  background: rgba(108, 92, 231, 0.03);
+}
+
+.rank-cell {
+  font-weight: 800;
+  font-size: 1.1rem;
+  color: var(--primary);
+  width: 50px;
+}
+
+.rank-1 { color: #f1c40f; }
+.rank-2 { color: #95a5a6; }
+.rank-3 { color: #e17055; }
+
+/* ─── Package Grid ────────────────────────────────────── */
+.package-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(260px, 1fr));
+  gap: 1rem;
+}
+
+.package-card {
+  background: var(--card-bg);
+  border-radius: 10px;
+  padding: 1rem;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.06);
+  border: 2px solid transparent;
+  transition: all 0.2s;
+  text-decoration: none;
+  color: inherit;
+  display: block;
+}
+
+.package-card:hover {
+  border-color: var(--primary);
+  transform: translateY(-2px);
+  box-shadow: 0 4px 12px rgba(108, 92, 231, 0.15);
+}
+
+.package-card .card-num {
+  font-size: 1.5rem;
+  font-weight: 800;
+  color: var(--primary);
+}
+
+.package-card .code {
+  font-family: 'Courier New', monospace;
+  font-size: 1rem;
+  color: var(--muted);
+  letter-spacing: 1px;
+}
+
+.package-card .scan-info {
+  margin-top: 0.5rem;
+  font-size: 0.8rem;
+  color: var(--muted);
+}
+
+.package-card.scanned {
+  border-color: var(--success);
+  background: linear-gradient(135deg, #fff 0%, #f0fff4 100%);
+}
+
+.package-card.unscanned {
+  opacity: 0.7;
+}
+
+/* ─── Scan Result ─────────────────────────────────────── */
+.scan-result {
+  text-align: center;
+  padding: 2rem 0;
+}
+
+.scan-result h1 {
+  font-size: 2rem;
+  margin-bottom: 0.5rem;
+}
+
+.scan-result .emoji {
+  font-size: 4rem;
+  margin-bottom: 1rem;
+}
+
+/* ─── Package Profile ─────────────────────────────────── */
+.package-hero {
+  text-align: center;
+  padding: 2rem 0;
+}
+
+.package-hero .card-number {
+  font-size: 3rem;
+  font-weight: 800;
+  color: var(--primary);
+}
+
+.package-hero .hunt-name {
+  font-size: 1.2rem;
+  color: var(--muted);
+}
+
+.package-image {
+  max-width: 100%;
+  border-radius: 12px;
+  margin: 1rem 0;
+}
+
+/* ─── Stats Row ───────────────────────────────────────── */
+.stats-row {
+  display: flex;
+  gap: 1rem;
+  flex-wrap: wrap;
+  margin: 1rem 0;
+}
+
+.stat-box {
+  flex: 1;
+  min-width: 120px;
+  background: var(--card-bg);
+  border-radius: 10px;
+  padding: 1rem;
+  text-align: center;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.06);
+}
+
+.stat-box .value {
+  font-size: 1.8rem;
+  font-weight: 800;
+  color: var(--primary);
+}
+
+.stat-box .label {
+  font-size: 0.8rem;
+  color: var(--muted);
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+}
+
+/* ─── Hero Section ────────────────────────────────────── */
+.hero {
+  text-align: center;
+  padding: 3rem 1rem;
+}
+
+.hero h1 {
+  font-size: 2.5rem;
+  font-weight: 800;
+  color: var(--dark);
+  margin-bottom: 0.5rem;
+}
+
+.hero p {
+  font-size: 1.1rem;
+  color: var(--muted);
+  max-width: 500px;
+  margin: 0 auto 1.5rem;
+}
+
+/* ─── Hunt Cards List ─────────────────────────────────── */
+.hunt-card {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  background: var(--card-bg);
+  border-radius: 10px;
+  padding: 1rem 1.25rem;
+  margin-bottom: 0.75rem;
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.06);
+  text-decoration: none;
+  color: inherit;
+  transition: all 0.2s;
+}
+
+.hunt-card:hover {
+  transform: translateY(-1px);
+  box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
+}
+
+.hunt-card .hunt-info h3 {
+  margin: 0 0 0.2rem;
+  font-size: 1.1rem;
+}
+
+.hunt-card .hunt-info .meta {
+  font-size: 0.8rem;
+  color: var(--muted);
+}
+
+.hunt-card .badge {
+  background: var(--primary);
+  color: #fff;
+  padding: 0.3rem 0.7rem;
+  border-radius: 15px;
+  font-size: 0.8rem;
+  font-weight: 600;
+  white-space: nowrap;
+}
+
+.hunt-card .badge.expired {
+  background: var(--danger);
+}
+
+/* ─── Footer ──────────────────────────────────────────── */
+.footer {
+  text-align: center;
+  padding: 1.5rem;
+  color: var(--muted);
+  font-size: 0.8rem;
+  border-top: 1px solid #dfe6e9;
+  margin-top: auto;
+}
+
+/* ─── Responsive ──────────────────────────────────────── */
+@media (max-width: 600px) {
+  .navbar {
+    padding: 0 0.75rem;
+  }
+
+  .container {
+    padding: 1rem;
+  }
+
+  .hero h1 {
+    font-size: 1.8rem;
+  }
+
+  .stats-row {
+    flex-direction: column;
+  }
+
+  .package-grid {
+    grid-template-columns: 1fr;
+  }
+
+  .hunt-card {
+    flex-direction: column;
+    align-items: flex-start;
+    gap: 0.5rem;
+  }
+}
diff --git a/src/app.js b/src/app.js
new file mode 100644
index 0000000..ade0554
--- /dev/null
+++ b/src/app.js
@@ -0,0 +1,150 @@
+const express = require('express');
+const session = require('express-session');
+const path = require('path');
+const fs = require('fs');
+
+// Load .env if present
+try {
+  const envFile = fs.readFileSync(path.join(__dirname, '..', '.env'), 'utf8');
+  envFile.split('\n').forEach(line => {
+    const match = line.match(/^([^#=]+)=(.*)$/);
+    if (match) {
+      process.env[match[1].trim()] = match[2].trim();
+    }
+  });
+} catch (e) { /* .env file is optional */ }
+
+// Ensure data dirs exist
+const dataDir = path.dirname(process.env.DB_PATH || './data/loot-hunt.db');
+const uploadsDir = process.env.UPLOADS_DIR || './data/uploads';
+[dataDir, uploadsDir].forEach(dir => {
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+});
+
+// Initialize database (async — schema creation happens in background)
+const db = require('./config/database');
+
+const { loadUser } = require('./middleware/auth');
+
+// ─── SQLite Session Store ─────────────────────────────────
+class SQLiteSessionStore extends session.Store {
+  constructor() {
+    super();
+  }
+
+  get(sid, callback) {
+    try {
+      const row = db.prepare('SELECT sess FROM sessions WHERE sid = ? AND expired > datetime(\'now\')').get(sid);
+      if (row) {
+        callback(null, JSON.parse(row.sess));
+      } else {
+        callback(null, null);
+      }
+    } catch (err) { callback(err); }
+  }
+
+  set(sid, sess, callback) {
+    try {
+      const maxAge = sess.cookie && sess.cookie.maxAge ? sess.cookie.maxAge : 86400000;
+      const expiredDate = new Date(Date.now() + maxAge).toISOString();
+      const sessStr = JSON.stringify(sess);
+      // upsert
+      db.prepare('DELETE FROM sessions WHERE sid = ?').run(sid);
+      db.prepare('INSERT INTO sessions (sid, sess, expired) VALUES (?, ?, ?)').run(sid, sessStr, expiredDate);
+      callback(null);
+    } catch (err) { callback(err); }
+  }
+
+  destroy(sid, callback) {
+    try {
+      db.prepare('DELETE FROM sessions WHERE sid = ?').run(sid);
+      callback(null);
+    } catch (err) { callback(err); }
+  }
+
+  // Clean up expired sessions periodically
+  touch(sid, sess, callback) {
+    this.set(sid, sess, callback);
+  }
+}
+
+// ─── Start app once DB is ready ───────────────────────────
+async function start() {
+  await db.ready;
+
+  const app = express();
+  const PORT = process.env.PORT || 3000;
+
+  // View engine
+  app.set('view engine', 'ejs');
+  app.set('views', path.join(__dirname, 'views'));
+
+  // Body parsing
+  app.use(express.urlencoded({ extended: true }));
+  app.use(express.json());
+
+  // Static files
+  app.use(express.static(path.join(__dirname, '..', 'public')));
+  app.use('/uploads', express.static(path.resolve(uploadsDir)));
+
+  // Sessions
+  app.use(session({
+    store: new SQLiteSessionStore(),
+    secret: process.env.SESSION_SECRET || 'loot-hunt-dev-secret-change-me',
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+      maxAge: 30 * 24 * 60 * 60 * 1000, // 30 days
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production' && process.env.TRUST_PROXY === 'true'
+    }
+  }));
+
+  // Trust proxy if behind nginx
+  if (process.env.TRUST_PROXY === 'true') {
+    app.set('trust proxy', 1);
+  }
+
+  // Load current user into all views
+  app.use(loadUser);
+
+  // Flash-like messages via session
+  app.use((req, res, next) => {
+    res.locals.flash = req.session.flash || null;
+    delete req.session.flash;
+    next();
+  });
+
+  // Routes
+  app.use('/auth', require('./routes/auth'));
+  app.use('/admin', require('./routes/admin'));
+  app.use('/loot', require('./routes/loot'));
+  app.use('/', require('./routes/hunts'));
+
+  // Home page
+  app.get('/', (req, res) => {
+    const { Hunts } = require('./models');
+    const hunts = Hunts.getAll();
+    res.render('home', { title: 'Loot Hunt', hunts });
+  });
+
+  // 404 handler
+  app.use((req, res) => {
+    res.status(404).render('error', { title: 'Not Found', message: 'The page you are looking for does not exist.' });
+  });
+
+  // Error handler
+  app.use((err, req, res, next) => {
+    console.error(err.stack);
+    res.status(500).render('error', { title: 'Error', message: 'Something went wrong.' });
+  });
+
+  app.listen(PORT, '0.0.0.0', () => {
+    console.log(`🎯 Loot Hunt running on port ${PORT}`);
+  });
+}
+
+start().catch(err => {
+  console.error('Failed to start:', err);
+  process.exit(1);
+});
diff --git a/src/config/database.js b/src/config/database.js
new file mode 100644
index 0000000..2a46a43
--- /dev/null
+++ b/src/config/database.js
@@ -0,0 +1,219 @@
+const initSqlJs = require('sql.js');
+const path = require('path');
+const fs = require('fs');
+
+const dbPath = process.env.DB_PATH || './data/loot-hunt.db';
+const dbDir = path.dirname(dbPath);
+
+// Ensure data directory exists
+if (!fs.existsSync(dbDir)) {
+  fs.mkdirSync(dbDir, { recursive: true });
+}
+
+// ─── Compatibility wrapper ────────────────────────────────
+// Wraps sql.js to provide a better-sqlite3–compatible API so models
+// can call db.prepare(sql).get(...), .all(...), .run(...) seamlessly.
+
+let _db = null;       // raw sql.js Database instance
+let _saveTimer = null; // debounced persistence timer
+
+function save() {
+  if (!_db) return;
+  const data = _db.export();
+  fs.writeFileSync(dbPath, Buffer.from(data));
+}
+
+function scheduleSave() {
+  if (_saveTimer) return; // already scheduled
+  _saveTimer = setTimeout(() => {
+    _saveTimer = null;
+    save();
+  }, 250);
+}
+
+/** Convert sql.js result set to array of plain objects */
+function rowsToObjects(stmt) {
+  const cols = stmt.getColumnNames();
+  const rows = [];
+  while (stmt.step()) {
+    const values = stmt.get();
+    const obj = {};
+    for (let i = 0; i < cols.length; i++) {
+      obj[cols[i]] = values[i];
+    }
+    rows.push(obj);
+  }
+  stmt.free();
+  return rows;
+}
+
+/** The public API that models import */
+const db = {
+  /** Execute raw SQL (DDL, multi-statement) */
+  exec(sql) {
+    _db.run(sql);
+    scheduleSave();
+  },
+
+  /** Set a pragma */
+  pragma(str) {
+    _db.run(`PRAGMA ${str}`);
+  },
+
+  /** Prepare a statement — returns object with get/all/run */
+  prepare(sql) {
+    return {
+      /** Return first matching row as object, or undefined */
+      get(...params) {
+        const stmt = _db.prepare(sql);
+        if (params.length) stmt.bind(params);
+        const rows = rowsToObjects(stmt);
+        return rows[0] || undefined;
+      },
+
+      /** Return all matching rows as array of objects */
+      all(...params) {
+        const stmt = _db.prepare(sql);
+        if (params.length) stmt.bind(params);
+        return rowsToObjects(stmt);
+      },
+
+      /** Execute a write statement; returns { lastInsertRowid, changes } */
+      run(...params) {
+        const stmt = _db.prepare(sql);
+        if (params.length) stmt.bind(params);
+        stmt.step();
+        stmt.free();
+        const changes = _db.getRowsModified();
+        // sql.js uses last_insert_rowid() for the last rowid
+        const idResult = _db.exec('SELECT last_insert_rowid() as id');
+        const lastInsertRowid = idResult.length > 0 ? idResult[0].values[0][0] : 0;
+        scheduleSave();
+        return { lastInsertRowid, changes };
+      }
+    };
+  },
+
+  /** Wrap a function in a transaction */
+  transaction(fn) {
+    return (...args) => {
+      _db.run('BEGIN TRANSACTION');
+      try {
+        const result = fn(...args);
+        _db.run('COMMIT');
+        scheduleSave();
+        return result;
+      } catch (err) {
+        _db.run('ROLLBACK');
+        throw err;
+      }
+    };
+  },
+
+  /** Force an immediate save to disk */
+  forceSave() {
+    if (_saveTimer) { clearTimeout(_saveTimer); _saveTimer = null; }
+    save();
+  }
+};
+
+// ─── Initialisation (synchronous-style via top-level await alternative) ───
+// sql.js init is async, so we expose a ready promise that app.js awaits.
+
+let _readyResolve;
+const ready = new Promise(resolve => { _readyResolve = resolve; });
+
+(async () => {
+  const SQL = await initSqlJs();
+
+  // Load existing DB from disk or create new
+  if (fs.existsSync(dbPath)) {
+    const fileBuffer = fs.readFileSync(dbPath);
+    _db = new SQL.Database(fileBuffer);
+  } else {
+    _db = new SQL.Database();
+  }
+
+  // Enable foreign keys
+  _db.run('PRAGMA foreign_keys = ON');
+
+  // Initialize schema
+  _db.run(`
+    CREATE TABLE IF NOT EXISTS users (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      username TEXT UNIQUE NOT NULL COLLATE NOCASE,
+      password_hash TEXT NOT NULL,
+      is_admin INTEGER DEFAULT 0,
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    );
+
+    CREATE TABLE IF NOT EXISTS hunts (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      name TEXT NOT NULL,
+      short_name TEXT UNIQUE NOT NULL,
+      description TEXT,
+      package_count INTEGER NOT NULL,
+      expiry_date DATETIME,
+      created_by INTEGER NOT NULL,
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (created_by) REFERENCES users(id)
+    );
+
+    CREATE TABLE IF NOT EXISTS packages (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      hunt_id INTEGER NOT NULL,
+      card_number INTEGER NOT NULL,
+      unique_code TEXT NOT NULL,
+      first_scanned_by INTEGER,
+      first_scan_image TEXT,
+      last_scanned_by INTEGER,
+      last_scan_hint TEXT,
+      scan_count INTEGER DEFAULT 0,
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (hunt_id) REFERENCES hunts(id) ON DELETE CASCADE,
+      FOREIGN KEY (first_scanned_by) REFERENCES users(id),
+      FOREIGN KEY (last_scanned_by) REFERENCES users(id),
+      UNIQUE(hunt_id, card_number),
+      UNIQUE(hunt_id, unique_code)
+    );
+
+    CREATE TABLE IF NOT EXISTS packages_idx1 (id INTEGER);
+    DROP TABLE IF EXISTS packages_idx1;
+
+    CREATE TABLE IF NOT EXISTS scans (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      package_id INTEGER NOT NULL,
+      user_id INTEGER NOT NULL,
+      points_awarded INTEGER NOT NULL DEFAULT 0,
+      scanned_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (package_id) REFERENCES packages(id) ON DELETE CASCADE,
+      FOREIGN KEY (user_id) REFERENCES users(id)
+    );
+
+    CREATE TABLE IF NOT EXISTS sessions (
+      sid TEXT PRIMARY KEY,
+      sess TEXT NOT NULL,
+      expired DATETIME NOT NULL
+    );
+  `);
+
+  // Create indexes (sql.js doesn't support IF NOT EXISTS on indexes in all
+  // versions, so wrap in try/catch)
+  const indexes = [
+    'CREATE INDEX IF NOT EXISTS idx_packages_hunt ON packages(hunt_id)',
+    'CREATE INDEX IF NOT EXISTS idx_packages_code ON packages(unique_code)',
+    'CREATE INDEX IF NOT EXISTS idx_scans_package ON scans(package_id)',
+    'CREATE INDEX IF NOT EXISTS idx_scans_user ON scans(user_id)',
+    'CREATE INDEX IF NOT EXISTS idx_hunts_short_name ON hunts(short_name)',
+    'CREATE INDEX IF NOT EXISTS idx_sessions_expired ON sessions(expired)'
+  ];
+  for (const idx of indexes) {
+    try { _db.run(idx); } catch (e) { /* index may already exist */ }
+  }
+
+  save(); // persist initial schema
+  _readyResolve();
+})();
+
+db.ready = ready;
+module.exports = db;
diff --git a/src/middleware/auth.js b/src/middleware/auth.js
new file mode 100644
index 0000000..fd89338
--- /dev/null
+++ b/src/middleware/auth.js
@@ -0,0 +1,37 @@
+// Authentication middleware
+
+function requireAuth(req, res, next) {
+  if (req.session && req.session.userId) {
+    return next();
+  }
+  // Save the original URL so we can redirect back after login
+  req.session.returnTo = req.originalUrl;
+  res.redirect('/auth/login');
+}
+
+function requireAdmin(req, res, next) {
+  if (req.session && req.session.userId && req.session.isAdmin) {
+    return next();
+  }
+  if (req.session && req.session.userId) {
+    return res.status(403).render('error', { title: 'Forbidden', message: 'You do not have admin access.' });
+  }
+  req.session.returnTo = req.originalUrl;
+  res.redirect('/auth/login');
+}
+
+function loadUser(req, res, next) {
+  if (req.session && req.session.userId) {
+    res.locals.currentUser = {
+      id: req.session.userId,
+      username: req.session.username,
+      isAdmin: req.session.isAdmin
+    };
+  } else {
+    res.locals.currentUser = null;
+  }
+  res.locals.baseUrl = process.env.BASE_URL || `http://localhost:${process.env.PORT || 3000}`;
+  next();
+}
+
+module.exports = { requireAuth, requireAdmin, loadUser };
diff --git a/src/models/index.js b/src/models/index.js
new file mode 100644
index 0000000..7391e73
--- /dev/null
+++ b/src/models/index.js
@@ -0,0 +1,246 @@
+const db = require('../config/database');
+const bcrypt = require('bcryptjs');
+const crypto = require('crypto');
+
+// ─── Helpers ──────────────────────────────────────────────
+function generateCode(length = 5) {
+  const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789'; // no I/O/0/1 to avoid confusion
+  let code = '';
+  const bytes = crypto.randomBytes(length);
+  for (let i = 0; i < length; i++) {
+    code += chars[bytes[i] % chars.length];
+  }
+  return code;
+}
+
+function getPointsForScanNumber(scanNumber) {
+  if (scanNumber === 1) return 500;
+  if (scanNumber === 2) return 250;
+  if (scanNumber === 3) return 100;
+  return 50;
+}
+
+// ─── Users ────────────────────────────────────────────────
+const Users = {
+  create(username, password) {
+    const hash = bcrypt.hashSync(password, 12);
+    const stmt = db.prepare('INSERT INTO users (username, password_hash) VALUES (?, ?)');
+    const result = stmt.run(username, hash);
+    return result.lastInsertRowid;
+  },
+
+  findByUsername(username) {
+    return db.prepare('SELECT * FROM users WHERE username = ?').get(username);
+  },
+
+  findById(id) {
+    return db.prepare('SELECT id, username, is_admin, created_at FROM users WHERE id = ?').get(id);
+  },
+
+  verifyPassword(user, password) {
+    return bcrypt.compareSync(password, user.password_hash);
+  },
+
+  makeAdmin(userId) {
+    db.prepare('UPDATE users SET is_admin = 1 WHERE id = ?').run(userId);
+  },
+
+  getTotalPoints(userId) {
+    const row = db.prepare('SELECT COALESCE(SUM(points_awarded), 0) as total FROM scans WHERE user_id = ?').get(userId);
+    return row.total;
+  },
+
+  getProfile(userId) {
+    const user = this.findById(userId);
+    if (!user) return null;
+    const totalPoints = this.getTotalPoints(userId);
+    const scanCount = db.prepare('SELECT COUNT(*) as count FROM scans WHERE user_id = ? AND points_awarded > 0').get(userId).count;
+    return { ...user, totalPoints, scanCount };
+  }
+};
+
+// ─── Hunts ────────────────────────────────────────────────
+const Hunts = {
+  create(name, shortName, description, packageCount, expiryDate, createdBy) {
+    const stmt = db.prepare(
+      'INSERT INTO hunts (name, short_name, description, package_count, expiry_date, created_by) VALUES (?, ?, ?, ?, ?, ?)'
+    );
+    const result = stmt.run(name, shortName.toUpperCase(), description, packageCount, expiryDate || null, createdBy);
+    const huntId = result.lastInsertRowid;
+
+    // Generate packages
+    const insertPkg = db.prepare('INSERT INTO packages (hunt_id, card_number, unique_code) VALUES (?, ?, ?)');
+    const usedCodes = new Set();
+
+    const insertAll = db.transaction(() => {
+      for (let i = 1; i <= packageCount; i++) {
+        let code;
+        do {
+          code = generateCode(5);
+        } while (usedCodes.has(code));
+        usedCodes.add(code);
+        insertPkg.run(huntId, i, code);
+      }
+    });
+    insertAll();
+
+    return huntId;
+  },
+
+  findById(id) {
+    return db.prepare('SELECT * FROM hunts WHERE id = ?').get(id);
+  },
+
+  findByShortName(shortName) {
+    return db.prepare('SELECT * FROM hunts WHERE short_name = ? COLLATE NOCASE').get(shortName);
+  },
+
+  getAll() {
+    return db.prepare('SELECT h.*, u.username as creator_name FROM hunts h JOIN users u ON h.created_by = u.id ORDER BY h.created_at DESC').all();
+  },
+
+  getByCreator(userId) {
+    return db.prepare('SELECT * FROM hunts WHERE created_by = ? ORDER BY created_at DESC').all(userId);
+  },
+
+  isExpired(hunt) {
+    if (!hunt.expiry_date) return false;
+    return new Date(hunt.expiry_date) < new Date();
+  },
+
+  getLeaderboard(huntId) {
+    return db.prepare(`
+      SELECT u.id, u.username, SUM(s.points_awarded) as total_points, COUNT(s.id) as scans
+      FROM scans s
+      JOIN users u ON s.user_id = u.id
+      JOIN packages p ON s.package_id = p.id
+      WHERE p.hunt_id = ? AND s.points_awarded > 0
+      GROUP BY u.id
+      ORDER BY total_points DESC
+    `).all(huntId);
+  },
+
+  shortNameExists(shortName) {
+    const row = db.prepare('SELECT id FROM hunts WHERE short_name = ? COLLATE NOCASE').get(shortName);
+    return !!row;
+  }
+};
+
+// ─── Packages ─────────────────────────────────────────────
+const Packages = {
+  findById(id) {
+    return db.prepare('SELECT * FROM packages WHERE id = ?').get(id);
+  },
+
+  findByHuntAndCode(shortName, uniqueCode) {
+    return db.prepare(`
+      SELECT p.*, h.name as hunt_name, h.short_name as hunt_short_name, h.id as hunt_id, h.expiry_date
+      FROM packages p
+      JOIN hunts h ON p.hunt_id = h.id
+      WHERE h.short_name = ? COLLATE NOCASE AND p.unique_code = ? COLLATE NOCASE
+    `).get(shortName, uniqueCode);
+  },
+
+  getByHunt(huntId) {
+    return db.prepare(`
+      SELECT p.*,
+        u1.username as first_scanner_name,
+        u2.username as last_scanner_name
+      FROM packages p
+      LEFT JOIN users u1 ON p.first_scanned_by = u1.id
+      LEFT JOIN users u2 ON p.last_scanned_by = u2.id
+      WHERE p.hunt_id = ?
+      ORDER BY p.card_number ASC
+    `).all(huntId);
+  },
+
+  getProfile(packageId) {
+    return db.prepare(`
+      SELECT p.*,
+        h.name as hunt_name, h.short_name as hunt_short_name, h.id as hunt_id,
+        u1.username as first_scanner_name,
+        u2.username as last_scanner_name
+      FROM packages p
+      JOIN hunts h ON p.hunt_id = h.id
+      LEFT JOIN users u1 ON p.first_scanned_by = u1.id
+      LEFT JOIN users u2 ON p.last_scanned_by = u2.id
+      WHERE p.id = ?
+    `).get(packageId);
+  },
+
+  getScanHistory(packageId) {
+    return db.prepare(`
+      SELECT s.*, u.username
+      FROM scans s
+      JOIN users u ON s.user_id = u.id
+      WHERE s.package_id = ?
+      ORDER BY s.scanned_at ASC
+    `).all(packageId);
+  },
+
+  updateFirstScanImage(packageId, imagePath) {
+    db.prepare('UPDATE packages SET first_scan_image = ? WHERE id = ?').run(imagePath, packageId);
+  },
+
+  updateLastScanHint(packageId, userId, hint) {
+    db.prepare('UPDATE packages SET last_scanned_by = ?, last_scan_hint = ? WHERE id = ?').run(userId, hint, packageId);
+  }
+};
+
+// ─── Scans ────────────────────────────────────────────────
+const Scans = {
+  hasUserScanned(packageId, userId) {
+    const row = db.prepare('SELECT id FROM scans WHERE package_id = ? AND user_id = ? AND points_awarded > 0').get(packageId, userId);
+    return !!row;
+  },
+
+  recordScan(packageId, userId) {
+    const pkg = Packages.findById(packageId);
+    if (!pkg) return { error: 'Package not found' };
+
+    const alreadyScanned = this.hasUserScanned(packageId, userId);
+
+    if (alreadyScanned) {
+      // No points, but update last_scanned_by so they can edit the hint
+      db.prepare('UPDATE packages SET last_scanned_by = ? WHERE id = ?').run(userId, packageId);
+      // Record the scan with 0 points
+      db.prepare('INSERT INTO scans (package_id, user_id, points_awarded) VALUES (?, ?, 0)').run(packageId, userId);
+      return { points: 0, alreadyScanned: true, isFirst: false };
+    }
+
+    const scanNumber = pkg.scan_count + 1;
+    const points = getPointsForScanNumber(scanNumber);
+
+    const doScan = db.transaction(() => {
+      // Record the scan
+      db.prepare('INSERT INTO scans (package_id, user_id, points_awarded) VALUES (?, ?, ?)').run(packageId, userId, points);
+
+      // Update package
+      const isFirst = scanNumber === 1;
+      if (isFirst) {
+        db.prepare('UPDATE packages SET first_scanned_by = ?, last_scanned_by = ?, scan_count = ? WHERE id = ?')
+          .run(userId, userId, scanNumber, packageId);
+      } else {
+        db.prepare('UPDATE packages SET last_scanned_by = ?, scan_count = ? WHERE id = ?')
+          .run(userId, scanNumber, packageId);
+      }
+
+      return { points, alreadyScanned: false, isFirst, scanNumber };
+    });
+
+    return doScan();
+  },
+
+  getGlobalLeaderboard() {
+    return db.prepare(`
+      SELECT u.id, u.username, SUM(s.points_awarded) as total_points, COUNT(s.id) as scans
+      FROM scans s
+      JOIN users u ON s.user_id = u.id
+      WHERE s.points_awarded > 0
+      GROUP BY u.id
+      ORDER BY total_points DESC
+    `).all();
+  }
+};
+
+module.exports = { Users, Hunts, Packages, Scans, generateCode };
diff --git a/src/routes/admin.js b/src/routes/admin.js
new file mode 100644
index 0000000..24df95c
--- /dev/null
+++ b/src/routes/admin.js
@@ -0,0 +1,96 @@
+const express = require('express');
+const router = express.Router();
+const { requireAdmin } = require('../middleware/auth');
+const { Hunts, Packages } = require('../models');
+const { generateHuntPDF } = require('../utils/pdf');
+
+// All admin routes require admin access
+router.use(requireAdmin);
+
+// Admin dashboard
+router.get('/', (req, res) => {
+  const hunts = Hunts.getByCreator(req.session.userId);
+  res.render('admin/dashboard', { title: 'Admin Dashboard', hunts });
+});
+
+// Create hunt form
+router.get('/hunts/new', (req, res) => {
+  res.render('admin/create-hunt', { title: 'Create New Hunt', error: null });
+});
+
+// Create hunt
+router.post('/hunts', (req, res) => {
+  const { name, short_name, description, package_count, expiry_date } = req.body;
+
+  // Validation
+  if (!name || !short_name || !package_count) {
+    return res.render('admin/create-hunt', {
+      title: 'Create New Hunt',
+      error: 'Name, short name, and number of packages are required.'
+    });
+  }
+
+  const shortName = short_name.toUpperCase().replace(/[^A-Z0-9]/g, '');
+  if (shortName.length < 2 || shortName.length > 12) {
+    return res.render('admin/create-hunt', {
+      title: 'Create New Hunt',
+      error: 'Short name must be 2-12 uppercase alphanumeric characters.'
+    });
+  }
+
+  if (Hunts.shortNameExists(shortName)) {
+    return res.render('admin/create-hunt', {
+      title: 'Create New Hunt',
+      error: 'That short name is already taken.'
+    });
+  }
+
+  const count = parseInt(package_count, 10);
+  if (isNaN(count) || count < 1 || count > 10000) {
+    return res.render('admin/create-hunt', {
+      title: 'Create New Hunt',
+      error: 'Package count must be between 1 and 10,000.'
+    });
+  }
+
+  try {
+    const huntId = Hunts.create(name, shortName, description, count, expiry_date, req.session.userId);
+    res.redirect(`/admin/hunts/${huntId}`);
+  } catch (err) {
+    console.error('Hunt creation error:', err);
+    res.render('admin/create-hunt', {
+      title: 'Create New Hunt',
+      error: 'Failed to create hunt. Please try again.'
+    });
+  }
+});
+
+// Manage hunt
+router.get('/hunts/:id', (req, res) => {
+  const hunt = Hunts.findById(req.params.id);
+  if (!hunt) return res.status(404).render('error', { title: 'Not Found', message: 'Hunt not found.' });
+
+  const packages = Packages.getByHunt(hunt.id);
+  res.render('admin/manage-hunt', { title: `Manage: ${hunt.name}`, hunt, packages });
+});
+
+// Download PDF of QR codes
+router.get('/hunts/:id/pdf', async (req, res) => {
+  const hunt = Hunts.findById(req.params.id);
+  if (!hunt) return res.status(404).render('error', { title: 'Not Found', message: 'Hunt not found.' });
+
+  const packages = Packages.getByHunt(hunt.id);
+  const baseUrl = process.env.BASE_URL || `http://localhost:${process.env.PORT || 3000}`;
+
+  try {
+    res.setHeader('Content-Type', 'application/pdf');
+    res.setHeader('Content-Disposition', `attachment; filename="${hunt.short_name}-packages.pdf"`);
+
+    await generateHuntPDF(hunt, packages, baseUrl, res);
+  } catch (err) {
+    console.error('PDF generation error:', err);
+    res.status(500).render('error', { title: 'Error', message: 'Failed to generate PDF.' });
+  }
+});
+
+module.exports = router;
diff --git a/src/routes/auth.js b/src/routes/auth.js
new file mode 100644
index 0000000..8f3f328
--- /dev/null
+++ b/src/routes/auth.js
@@ -0,0 +1,82 @@
+const express = require('express');
+const router = express.Router();
+const { Users } = require('../models');
+
+router.get('/login', (req, res) => {
+  res.render('auth/login', { title: 'Login', error: null });
+});
+
+router.post('/login', (req, res) => {
+  const { username, password } = req.body;
+
+  if (!username || !password) {
+    return res.render('auth/login', { title: 'Login', error: 'Username and password are required.' });
+  }
+
+  const user = Users.findByUsername(username);
+  if (!user || !Users.verifyPassword(user, password)) {
+    return res.render('auth/login', { title: 'Login', error: 'Invalid username or password.' });
+  }
+
+  req.session.userId = user.id;
+  req.session.username = user.username;
+  req.session.isAdmin = !!user.is_admin;
+
+  const returnTo = req.session.returnTo || '/';
+  delete req.session.returnTo;
+  res.redirect(returnTo);
+});
+
+router.get('/register', (req, res) => {
+  res.render('auth/register', { title: 'Register', error: null });
+});
+
+router.post('/register', (req, res) => {
+  const { username, password, password_confirm } = req.body;
+
+  if (!username || !password) {
+    return res.render('auth/register', { title: 'Register', error: 'Username and password are required.' });
+  }
+
+  if (username.length < 3 || username.length > 24) {
+    return res.render('auth/register', { title: 'Register', error: 'Username must be 3-24 characters.' });
+  }
+
+  if (!/^[a-zA-Z0-9_-]+$/.test(username)) {
+    return res.render('auth/register', { title: 'Register', error: 'Username can only contain letters, numbers, hyphens and underscores.' });
+  }
+
+  if (password.length < 6) {
+    return res.render('auth/register', { title: 'Register', error: 'Password must be at least 6 characters.' });
+  }
+
+  if (password !== password_confirm) {
+    return res.render('auth/register', { title: 'Register', error: 'Passwords do not match.' });
+  }
+
+  if (Users.findByUsername(username)) {
+    return res.render('auth/register', { title: 'Register', error: 'Username is already taken.' });
+  }
+
+  try {
+    const userId = Users.create(username, password);
+    req.session.userId = userId;
+    req.session.username = username;
+    req.session.isAdmin = false;
+
+    const returnTo = req.session.returnTo || '/';
+    delete req.session.returnTo;
+    res.redirect(returnTo);
+  } catch (err) {
+    console.error('Registration error:', err);
+    res.render('auth/register', { title: 'Register', error: 'Registration failed. Try a different username.' });
+  }
+});
+
+router.get('/logout', (req, res) => {
+  req.session.destroy(() => {
+    res.redirect('/');
+  });
+});
+
+module.exports = router;
diff --git a/src/routes/hunts.js b/src/routes/hunts.js
new file mode 100644
index 0000000..5613ab0
--- /dev/null
+++ b/src/routes/hunts.js
@@ -0,0 +1,41 @@
+const express = require('express');
+const router = express.Router();
+const { Hunts, Packages, Scans } = require('../models');
+
+// ─── Hunt profile ─────────────────────────────────────────
+router.get('/hunt/:shortName', (req, res) => {
+  const hunt = Hunts.findByShortName(req.params.shortName);
+  if (!hunt) {
+    return res.status(404).render('error', { title: 'Not Found', message: 'Hunt not found.' });
+  }
+
+  const packages = Packages.getByHunt(hunt.id);
+  const isExpired = Hunts.isExpired(hunt);
+
+  res.render('hunt/profile', { title: hunt.name, hunt, packages, isExpired });
+});
+
+// ─── Hunt leaderboard ─────────────────────────────────────
+router.get('/hunt/:shortName/leaderboard', (req, res) => {
+  const hunt = Hunts.findByShortName(req.params.shortName);
+  if (!hunt) {
+    return res.status(404).render('error', { title: 'Not Found', message: 'Hunt not found.' });
+  }
+
+  const leaderboard = Hunts.getLeaderboard(hunt.id);
+  res.render('hunt/leaderboard', { title: `${hunt.name} - Leaderboard`, hunt, leaderboard });
+});
+
+// ─── Global leaderboard ──────────────────────────────────
+router.get('/leaderboard', (req, res) => {
+  const leaderboard = Scans.getGlobalLeaderboard();
+  res.render('leaderboard/global', { title: 'Global Leaderboard', leaderboard });
+});
+
+// ─── Browse all hunts ─────────────────────────────────────
+router.get('/hunts', (req, res) => {
+  const hunts = Hunts.getAll();
+  res.render('hunt/list', { title: 'All Hunts', hunts });
+});
+
+module.exports = router;
diff --git a/src/routes/loot.js b/src/routes/loot.js
new file mode 100644
index 0000000..a0fecd8
--- /dev/null
+++ b/src/routes/loot.js
@@ -0,0 +1,140 @@
+const express = require('express');
+const router = express.Router();
+const multer = require('multer');
+const path = require('path');
+const fs = require('fs');
+const { requireAuth } = require('../middleware/auth');
+const { Packages, Scans, Hunts } = require('../models');
+
+// Configure multer for image uploads
+const uploadsDir = process.env.UPLOADS_DIR || './data/uploads';
+if (!fs.existsSync(uploadsDir)) {
+  fs.mkdirSync(uploadsDir, { recursive: true });
+}
+
+const storage = multer.diskStorage({
+  destination: (req, file, cb) => cb(null, uploadsDir),
+  filename: (req, file, cb) => {
+    const ext = path.extname(file.originalname).toLowerCase();
+    const name = `pkg-${req.params.shortName}-${req.params.code}-${Date.now()}${ext}`;
+    cb(null, name);
+  }
+});
+
+const upload = multer({
+  storage,
+  limits: { fileSize: 5 * 1024 * 1024 }, // 5MB
+  fileFilter: (req, file, cb) => {
+    const allowed = ['.jpg', '.jpeg', '.png', '.gif', '.webp'];
+    const ext = path.extname(file.originalname).toLowerCase();
+    if (allowed.includes(ext)) {
+      cb(null, true);
+    } else {
+      cb(new Error('Only image files are allowed.'));
+    }
+  }
+});
+
+// ─── Scan a package (QR code landing page) ────────────────
+router.get('/:shortName/:code', (req, res) => {
+  const { shortName, code } = req.params;
+  const pkg = Packages.findByHuntAndCode(shortName, code);
+
+  if (!pkg) {
+    return res.status(404).render('error', { title: 'Not Found', message: 'This loot package was not found.' });
+  }
+
+  // Check if hunt is expired
+  if (pkg.expiry_date && new Date(pkg.expiry_date) < new Date()) {
+    return res.render('loot/expired', { title: 'Hunt Expired', pkg });
+  }
+
+  // If not logged in, save this URL and redirect to auth
+  if (!req.session.userId) {
+    req.session.returnTo = req.originalUrl;
+    return res.redirect('/auth/login');
+  }
+
+  // Perform the scan
+  const result = Scans.recordScan(pkg.id, req.session.userId);
+
+  // Reload package with full profile
+  const fullPkg = Packages.getProfile(pkg.id);
+  const scanHistory = Packages.getScanHistory(pkg.id);
+  const isFirstScanner = fullPkg.first_scanned_by === req.session.userId;
+  const isLastScanner = fullPkg.last_scanned_by === req.session.userId;
+
+  res.render('loot/scanned', {
+    title: `Package #${fullPkg.card_number} - ${fullPkg.hunt_name}`,
+    pkg: fullPkg,
+    scanResult: result,
+    scanHistory,
+    isFirstScanner,
+    isLastScanner
+  });
+});
+
+// ─── View package profile (non-scan view) ─────────────────
+router.get('/:shortName/:code/profile', (req, res) => {
+  const { shortName, code } = req.params;
+  const pkg = Packages.findByHuntAndCode(shortName, code);
+
+  if (!pkg) {
+    return res.status(404).render('error', { title: 'Not Found', message: 'This loot package was not found.' });
+  }
+
+  const fullPkg = Packages.getProfile(pkg.id);
+  const scanHistory = Packages.getScanHistory(pkg.id);
+  const isFirstScanner = req.session.userId && fullPkg.first_scanned_by === req.session.userId;
+  const isLastScanner = req.session.userId && fullPkg.last_scanned_by === req.session.userId;
+
+  res.render('loot/profile', {
+    title: `Package #${fullPkg.card_number} - ${fullPkg.hunt_name}`,
+    pkg: fullPkg,
+    scanHistory,
+    isFirstScanner,
+    isLastScanner
+  });
+});
+
+// ─── Upload first-scan image ──────────────────────────────
+router.post('/:shortName/:code/image', requireAuth, upload.single('image'), (req, res) => {
+  const { shortName, code } = req.params;
+  const pkg = Packages.findByHuntAndCode(shortName, code);
+
+  if (!pkg) {
+    return res.status(404).render('error', { title: 'Not Found', message: 'Package not found.' });
+  }
+
+  if (pkg.first_scanned_by !== req.session.userId) {
+    return res.status(403).render('error', { title: 'Forbidden', message: 'Only the first scanner can upload an image.' });
+  }
+
+  if (!req.file) {
+    return res.redirect(`/loot/${shortName}/${code}/profile`);
+  }
+
+  const imagePath = `/uploads/${req.file.filename}`;
+  Packages.updateFirstScanImage(pkg.id, imagePath);
+  res.redirect(`/loot/${shortName}/${code}/profile`);
+});
+
+// ─── Update hint/message ──────────────────────────────────
+router.post('/:shortName/:code/hint', requireAuth, (req, res) => {
+  const { shortName, code } = req.params;
+  const pkg = Packages.findByHuntAndCode(shortName, code);
+
+  if (!pkg) {
+    return res.status(404).render('error', { title: 'Not Found', message: 'Package not found.' });
+  }
+
+  if (pkg.last_scanned_by !== req.session.userId) {
+    return res.status(403).render('error', { title: 'Forbidden', message: 'Only the most recent scanner can update the hint.' });
+  }
+
+  const hint = (req.body.hint || '').trim().substring(0, 500);
+  Packages.updateLastScanHint(pkg.id, req.session.userId, hint);
+  res.redirect(`/loot/${shortName}/${code}/profile`);
+});
+
+module.exports = router;
diff --git a/src/setup-admin.js b/src/setup-admin.js
new file mode 100644
index 0000000..5045c50
--- /dev/null
+++ b/src/setup-admin.js
@@ -0,0 +1,55 @@
+/**
+ * Admin Setup Script
+ * 
+ * Run this to create the first admin user (or promote an existing one).
+ * Usage: node src/setup-admin.js <username> <password>
+ *        node src/setup-admin.js <username>  (promote existing user)
+ */
+
+// Load env
+const path = require('path');
+const fs = require('fs');
+try {
+  const envFile = fs.readFileSync(path.join(__dirname, '..', '.env'), 'utf8');
+  envFile.split('\n').forEach(line => {
+    const match = line.match(/^([^#=]+)=(.*)$/);
+    if (match) process.env[match[1].trim()] = match[2].trim();
+  });
+} catch (e) {}
+
+const db = require('./config/database');
+
+async function main() {
+  await db.ready;
+
+  const { Users } = require('./models');
+
+  const username = process.argv[2];
+  const password = process.argv[3];
+
+  if (!username) {
+    console.log('Usage:');
+    console.log('  Create new admin:    node src/setup-admin.js <username> <password>');
+    console.log('  Promote existing:    node src/setup-admin.js <username>');
+    process.exit(1);
+  }
+
+  const existing = Users.findByUsername(username);
+
+  if (existing) {
+    Users.makeAdmin(existing.id);
+    console.log(`✅ User "${username}" has been promoted to admin.`);
+  } else if (password) {
+    const userId = Users.create(username, password);
+    Users.makeAdmin(userId);
+    console.log(`✅ Admin user "${username}" created successfully (ID: ${userId}).`);
+  } else {
+    console.log(`❌ User "${username}" not found. Provide a password to create a new admin.`);
+    process.exit(1);
+  }
+
+  db.forceSave();
+  process.exit(0);
+}
+
+main().catch(err => { console.error(err); process.exit(1); });
diff --git a/src/utils/pdf.js b/src/utils/pdf.js
new file mode 100644
index 0000000..e8ad7b1
--- /dev/null
+++ b/src/utils/pdf.js
@@ -0,0 +1,80 @@
+const PDFDocument = require('pdfkit');
+const QRCode = require('qrcode');
+
+/**
+ * Generate a printable PDF with QR codes for all packages in a hunt.
+ * Layout: 3 cards per page, each card has QR on left and info on right.
+ */
+async function generateHuntPDF(hunt, packages, baseUrl, outputStream) {
+  const doc = new PDFDocument({
+    size: 'LETTER',
+    margins: { top: 36, bottom: 36, left: 36, right: 36 }
+  });
+
+  doc.pipe(outputStream);
+
+  const pageWidth = 612 - 72; // letter width minus margins
+  const cardHeight = 200;
+  const qrSize = 160;
+  const cardsPerPage = 3;
+
+  for (let i = 0; i < packages.length; i++) {
+    const pkg = packages[i];
+    const cardIndex = i % cardsPerPage;
+
+    if (i > 0 && cardIndex === 0) {
+      doc.addPage();
+    }
+
+    const yOffset = 36 + cardIndex * (cardHeight + 24);
+
+    // Draw card border
+    doc.save();
+    doc.roundedRect(36, yOffset, pageWidth, cardHeight, 8).stroke('#cccccc');
+    doc.restore();
+
+    // Generate QR code as data URL
+    const url = `${baseUrl}/loot/${hunt.short_name}/${pkg.unique_code}`;
+    const qrDataUrl = await QRCode.toDataURL(url, {
+      width: qrSize,
+      margin: 1,
+      errorCorrectionLevel: 'M'
+    });
+
+    // Convert data URL to buffer for PDFKit
+    const qrBuffer = Buffer.from(qrDataUrl.split(',')[1], 'base64');
+
+    // QR code on the left
+    const qrX = 48;
+    const qrY = yOffset + (cardHeight - qrSize) / 2;
+    doc.image(qrBuffer, qrX, qrY, { width: qrSize, height: qrSize });
+
+    // Info on the right
+    const textX = 48 + qrSize + 24;
+    const textY = yOffset + 20;
+
+    // Card number
+    doc.fontSize(28).font('Helvetica-Bold').fillColor('#1a1a1a');
+    doc.text(`#${pkg.card_number}`, textX, textY, { width: pageWidth - qrSize - 60 });
+
+    // Hunt short name
+    doc.fontSize(16).font('Helvetica').fillColor('#666666');
+    doc.text(hunt.short_name, textX, textY + 38, { width: pageWidth - qrSize - 60 });
+
+    // Unique code
+    doc.fontSize(22).font('Helvetica-Bold').fillColor('#333333');
+    doc.text(pkg.unique_code, textX, textY + 62, { width: pageWidth - qrSize - 60 });
+
+    // Dashed line separator
+    doc.fontSize(9).font('Helvetica').fillColor('#999999');
+    doc.text(url, textX, textY + 100, { width: pageWidth - qrSize - 60 });
+
+    // Hunt name at bottom of card
+    doc.fontSize(11).font('Helvetica').fillColor('#444444');
+    doc.text(hunt.name, textX, textY + 128, { width: pageWidth - qrSize - 60 });
+  }
+
+  doc.end();
+}
+
+module.exports = { generateHuntPDF };
diff --git a/src/views/admin/create-hunt.ejs b/src/views/admin/create-hunt.ejs
new file mode 100644
index 0000000..9c1a5c3
--- /dev/null
+++ b/src/views/admin/create-hunt.ejs
@@ -0,0 +1,48 @@
+<%- include('../partials/header') %>
+
+<div class="container-narrow" style="padding-top: 2rem;">
+  <h1 style="margin-bottom: 1.5rem;">Create New Hunt</h1>
+
+  <div class="card">
+    <% if (error) { %>
+      <div class="alert alert-danger error"><%= error %></div>
+    <% } %>
+
+    <form method="POST" action="/admin/hunts">
+      <div class="form-group">
+        <label for="name">Hunt Name</label>
+        <input type="text" id="name" name="name" class="form-control" required placeholder="e.g. Veld Music Festival 2026">
+      </div>
+
+      <div class="form-group">
+        <label for="short_name">Short Name (Code)</label>
+        <input type="text" id="short_name" name="short_name" class="form-control" required
+               maxlength="12" placeholder="e.g. VELD26" style="text-transform: uppercase; font-family: monospace; font-size: 1.1rem;">
+        <div class="form-hint">2-12 uppercase alphanumeric characters. Used in QR code URLs.</div>
+      </div>
+
+      <div class="form-group">
+        <label for="description">Description</label>
+        <textarea id="description" name="description" class="form-control" rows="3"
+                  placeholder="Describe this hunt for participants..."></textarea>
+      </div>
+
+      <div class="form-group">
+        <label for="package_count">Number of Hidden Packages</label>
+        <input type="number" id="package_count" name="package_count" class="form-control"
+               required min="1" max="10000" placeholder="e.g. 50">
+        <div class="form-hint">Each package gets a unique QR code and printable card.</div>
+      </div>
+
+      <div class="form-group">
+        <label for="expiry_date">Expiry Date (optional)</label>
+        <input type="datetime-local" id="expiry_date" name="expiry_date" class="form-control">
+        <div class="form-hint">Leave blank for no expiry.</div>
+      </div>
+
+      <button type="submit" class="btn btn-primary" style="width: 100%; justify-content: center;">Create Hunt</button>
+    </form>
+  </div>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/admin/dashboard.ejs b/src/views/admin/dashboard.ejs
new file mode 100644
index 0000000..8977b1a
--- /dev/null
+++ b/src/views/admin/dashboard.ejs
@@ -0,0 +1,29 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <div style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 1.5rem;">
+    <h1>Admin Dashboard</h1>
+    <a href="/admin/hunts/new" class="btn btn-primary">+ New Hunt</a>
+  </div>
+
+  <% if (hunts.length === 0) { %>
+    <div class="card" style="text-align: center; padding: 3rem;">
+      <p style="color: var(--muted); font-size: 1.1rem;">You haven't created any hunts yet.</p>
+      <a href="/admin/hunts/new" class="btn btn-primary" style="margin-top: 1rem;">Create Your First Hunt</a>
+    </div>
+  <% } else { %>
+    <% hunts.forEach(hunt => { %>
+      <a href="/admin/hunts/<%= hunt.id %>" class="hunt-card">
+        <div class="hunt-info">
+          <h3><%= hunt.name %></h3>
+          <span class="meta"><%= hunt.short_name %> &middot; <%= hunt.package_count %> packages
+            <% if (hunt.expiry_date) { %> &middot; Expires: <%= new Date(hunt.expiry_date).toLocaleDateString() %><% } %>
+          </span>
+        </div>
+        <span class="badge">Manage</span>
+      </a>
+    <% }) %>
+  <% } %>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/admin/manage-hunt.ejs b/src/views/admin/manage-hunt.ejs
new file mode 100644
index 0000000..6cecf7d
--- /dev/null
+++ b/src/views/admin/manage-hunt.ejs
@@ -0,0 +1,73 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <div style="display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 1rem; margin-bottom: 1.5rem;">
+    <div>
+      <h1 style="margin: 0;"><%= hunt.name %></h1>
+      <span style="color: var(--muted); font-family: monospace; font-size: 1rem;"><%= hunt.short_name %></span>
+    </div>
+    <div style="display: flex; gap: 0.5rem; flex-wrap: wrap;">
+      <a href="/admin/hunts/<%= hunt.id %>/pdf" class="btn btn-success">&#x1F4E5; Download PDF</a>
+      <a href="/hunt/<%= hunt.short_name %>" class="btn btn-outline">View Public Page</a>
+      <a href="/hunt/<%= hunt.short_name %>/leaderboard" class="btn btn-outline">Leaderboard</a>
+    </div>
+  </div>
+
+  <% if (hunt.description) { %>
+    <div class="card">
+      <p style="margin: 0; color: var(--muted);"><%= hunt.description %></p>
+    </div>
+  <% } %>
+
+  <div class="stats-row">
+    <div class="stat-box">
+      <div class="value"><%= hunt.package_count %></div>
+      <div class="label">Packages</div>
+    </div>
+    <div class="stat-box">
+      <div class="value"><%= packages.filter(p => p.scan_count > 0).length %></div>
+      <div class="label">Found</div>
+    </div>
+    <div class="stat-box">
+      <div class="value"><%= packages.reduce((sum, p) => sum + p.scan_count, 0) %></div>
+      <div class="label">Total Scans</div>
+    </div>
+    <div class="stat-box">
+      <div class="value"><%= hunt.expiry_date ? new Date(hunt.expiry_date).toLocaleDateString() : '&mdash;' %></div>
+      <div class="label">Expires</div>
+    </div>
+  </div>
+
+  <h2 style="margin-top: 1.5rem; margin-bottom: 1rem;">All Packages</h2>
+
+  <div class="table-wrapper">
+    <table>
+      <thead>
+        <tr>
+          <th>#</th>
+          <th>Code</th>
+          <th>Scans</th>
+          <th>First Scanner</th>
+          <th>Last Scanner</th>
+          <th>Link</th>
+        </tr>
+      </thead>
+      <tbody>
+        <% packages.forEach(pkg => { %>
+          <tr>
+            <td><strong><%= pkg.card_number %></strong></td>
+            <td style="font-family: monospace;"><%= pkg.unique_code %></td>
+            <td><%= pkg.scan_count %></td>
+            <td><%= pkg.first_scanner_name || '&mdash;' %></td>
+            <td><%= pkg.last_scanner_name || '&mdash;' %></td>
+            <td>
+              <a href="/loot/<%= hunt.short_name %>/<%= pkg.unique_code %>/profile" class="btn btn-sm btn-outline">View</a>
+            </td>
+          </tr>
+        <% }) %>
+      </tbody>
+    </table>
+  </div>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/auth/login.ejs b/src/views/auth/login.ejs
new file mode 100644
index 0000000..f4e8b6c
--- /dev/null
+++ b/src/views/auth/login.ejs
@@ -0,0 +1,31 @@
+<%- include('../partials/header') %>
+
+<div class="container-narrow" style="padding-top: 3rem;">
+  <div class="card">
+    <div class="card-header">Login</div>
+
+    <% if (error) { %>
+      <div class="alert alert-danger error"><%= error %></div>
+    <% } %>
+
+    <form method="POST" action="/auth/login">
+      <div class="form-group">
+        <label for="username">Username</label>
+        <input type="text" id="username" name="username" class="form-control" required autofocus autocomplete="username">
+      </div>
+
+      <div class="form-group">
+        <label for="password">Password</label>
+        <input type="password" id="password" name="password" class="form-control" required autocomplete="current-password">
+      </div>
+
+      <button type="submit" class="btn btn-primary" style="width: 100%; justify-content: center;">Login</button>
+    </form>
+
+    <p style="text-align: center; margin-top: 1rem; font-size: 0.9rem; color: var(--muted);">
+      Don't have an account? <a href="/auth/register">Register</a>
+    </p>
+  </div>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/auth/register.ejs b/src/views/auth/register.ejs
new file mode 100644
index 0000000..77b8ea4
--- /dev/null
+++ b/src/views/auth/register.ejs
@@ -0,0 +1,39 @@
+<%- include('../partials/header') %>
+
+<div class="container-narrow" style="padding-top: 3rem;">
+  <div class="card">
+    <div class="card-header">Register</div>
+
+    <% if (error) { %>
+      <div class="alert alert-danger error"><%= error %></div>
+    <% } %>
+
+    <form method="POST" action="/auth/register">
+      <div class="form-group">
+        <label for="username">Username</label>
+        <input type="text" id="username" name="username" class="form-control" required autofocus
+               minlength="3" maxlength="24" pattern="[a-zA-Z0-9_-]+" autocomplete="username">
+        <div class="form-hint">3-24 characters: letters, numbers, hyphens, underscores</div>
+      </div>
+
+      <div class="form-group">
+        <label for="password">Password</label>
+        <input type="password" id="password" name="password" class="form-control" required minlength="6" autocomplete="new-password">
+        <div class="form-hint">At least 6 characters</div>
+      </div>
+
+      <div class="form-group">
+        <label for="password_confirm">Confirm Password</label>
+        <input type="password" id="password_confirm" name="password_confirm" class="form-control" required minlength="6" autocomplete="new-password">
+      </div>
+
+      <button type="submit" class="btn btn-primary" style="width: 100%; justify-content: center;">Create Account</button>
+    </form>
+
+    <p style="text-align: center; margin-top: 1rem; font-size: 0.9rem; color: var(--muted);">
+      Already have an account? <a href="/auth/login">Login</a>
+    </p>
+  </div>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/error.ejs b/src/views/error.ejs
new file mode 100644
index 0000000..1db81f2
--- /dev/null
+++ b/src/views/error.ejs
@@ -0,0 +1,11 @@
+<%- include('partials/header') %>
+
+<div class="container" style="display: flex; align-items: center; justify-content: center; min-height: 60vh;">
+  <div class="card" style="text-align: center; max-width: 400px;">
+    <h1 style="font-size: 3rem; margin-bottom: 0.5rem;"><%= typeof title !== 'undefined' ? title : 'Error' %></h1>
+    <p style="color: var(--muted); margin-bottom: 1.5rem;"><%= typeof message !== 'undefined' ? message : 'Something went wrong.' %></p>
+    <a href="/" class="btn btn-primary">Go Home</a>
+  </div>
+</div>
+
+<%- include('partials/footer') %>
diff --git a/src/views/home.ejs b/src/views/home.ejs
new file mode 100644
index 0000000..7feab56
--- /dev/null
+++ b/src/views/home.ejs
@@ -0,0 +1,52 @@
+<%- include('partials/header') %>
+
+<div class="container">
+  <div class="hero">
+    <h1>Find. Scan. Conquer.</h1>
+    <p>Hunt for hidden QR codes in the real world, earn points, climb the leaderboard. Be the first to find a package for maximum points!</p>
+    <div style="display: flex; gap: 0.75rem; justify-content: center; flex-wrap: wrap;">
+      <a href="/hunts" class="btn btn-primary">Browse Hunts</a>
+      <a href="/leaderboard" class="btn btn-outline">Leaderboard</a>
+    </div>
+  </div>
+
+  <div style="margin-top: 1rem;">
+    <div class="stats-row">
+      <div class="stat-box">
+        <div class="value">500</div>
+        <div class="label">1st Find</div>
+      </div>
+      <div class="stat-box">
+        <div class="value">250</div>
+        <div class="label">2nd Find</div>
+      </div>
+      <div class="stat-box">
+        <div class="value">100</div>
+        <div class="label">3rd Find</div>
+      </div>
+      <div class="stat-box">
+        <div class="value">50</div>
+        <div class="label">4th+ Finds</div>
+      </div>
+    </div>
+  </div>
+
+  <% if (hunts && hunts.length > 0) { %>
+    <h2 style="margin-top: 2rem; margin-bottom: 1rem;">Active Hunts</h2>
+    <% hunts.forEach(hunt => { %>
+      <a href="/hunt/<%= hunt.short_name %>" class="hunt-card">
+        <div class="hunt-info">
+          <h3><%= hunt.name %></h3>
+          <span class="meta"><%= hunt.short_name %> &middot; <%= hunt.package_count %> packages &middot; by <%= hunt.creator_name %></span>
+        </div>
+        <% if (hunt.expiry_date && new Date(hunt.expiry_date) < new Date()) { %>
+          <span class="badge expired">Expired</span>
+        <% } else { %>
+          <span class="badge"><%= hunt.package_count %> packages</span>
+        <% } %>
+      </a>
+    <% }) %>
+  <% } %>
+</div>
+
+<%- include('partials/footer') %>
diff --git a/src/views/hunt/leaderboard.ejs b/src/views/hunt/leaderboard.ejs
new file mode 100644
index 0000000..0b0f47a
--- /dev/null
+++ b/src/views/hunt/leaderboard.ejs
@@ -0,0 +1,42 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <div style="margin-bottom: 1.5rem;">
+    <a href="/hunt/<%= hunt.short_name %>" style="color: var(--muted); text-decoration: none;">&larr; Back to <%= hunt.name %></a>
+  </div>
+
+  <h1><%= hunt.name %> &mdash; Leaderboard</h1>
+
+  <% if (leaderboard.length === 0) { %>
+    <div class="card" style="text-align: center; padding: 3rem;">
+      <p style="color: var(--muted);">No scans yet. Be the first to find a package!</p>
+    </div>
+  <% } else { %>
+    <div class="card">
+      <div class="table-wrapper">
+        <table>
+          <thead>
+            <tr>
+              <th>Rank</th>
+              <th>Player</th>
+              <th>Points</th>
+              <th>Scans</th>
+            </tr>
+          </thead>
+          <tbody>
+            <% leaderboard.forEach((entry, i) => { %>
+              <tr>
+                <td class="rank-cell rank-<%= i + 1 %>"><%= i + 1 %></td>
+                <td><strong><%= entry.username %></strong></td>
+                <td><span class="points-badge"><%= entry.total_points %></span></td>
+                <td><%= entry.scans %></td>
+              </tr>
+            <% }) %>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  <% } %>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/hunt/list.ejs b/src/views/hunt/list.ejs
new file mode 100644
index 0000000..b1e231f
--- /dev/null
+++ b/src/views/hunt/list.ejs
@@ -0,0 +1,31 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <h1 style="margin-bottom: 1.5rem;">All Hunts</h1>
+
+  <% if (hunts.length === 0) { %>
+    <div class="card" style="text-align: center; padding: 3rem;">
+      <p style="color: var(--muted);">No hunts have been created yet.</p>
+    </div>
+  <% } else { %>
+    <% hunts.forEach(hunt => { %>
+      <a href="/hunt/<%= hunt.short_name %>" class="hunt-card">
+        <div class="hunt-info">
+          <h3><%= hunt.name %></h3>
+          <span class="meta"><%= hunt.short_name %> &middot; <%= hunt.package_count %> packages &middot; by <%= hunt.creator_name %>
+            <% if (hunt.expiry_date) { %>
+              &middot; Expires: <%= new Date(hunt.expiry_date).toLocaleDateString() %>
+            <% } %>
+          </span>
+        </div>
+        <% if (hunt.expiry_date && new Date(hunt.expiry_date) < new Date()) { %>
+          <span class="badge expired">Expired</span>
+        <% } else { %>
+          <span class="badge"><%= hunt.package_count %> packages</span>
+        <% } %>
+      </a>
+    <% }) %>
+  <% } %>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/hunt/profile.ejs b/src/views/hunt/profile.ejs
new file mode 100644
index 0000000..19324d2
--- /dev/null
+++ b/src/views/hunt/profile.ejs
@@ -0,0 +1,65 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <div style="display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 1rem; margin-bottom: 1rem;">
+    <div>
+      <h1 style="margin: 0;"><%= hunt.name %></h1>
+      <span style="color: var(--muted); font-family: monospace;"><%= hunt.short_name %></span>
+    </div>
+    <div style="display: flex; gap: 0.5rem;">
+      <a href="/hunt/<%= hunt.short_name %>/leaderboard" class="btn btn-primary">Leaderboard</a>
+    </div>
+  </div>
+
+  <% if (hunt.description) { %>
+    <div class="card">
+      <p style="margin: 0;"><%= hunt.description %></p>
+    </div>
+  <% } %>
+
+  <% if (isExpired) { %>
+    <div class="alert alert-danger">This hunt has expired. Scanning is no longer available.</div>
+  <% } %>
+
+  <div class="stats-row">
+    <div class="stat-box">
+      <div class="value"><%= hunt.package_count %></div>
+      <div class="label">Packages</div>
+    </div>
+    <div class="stat-box">
+      <div class="value"><%= packages.filter(p => p.scan_count > 0).length %></div>
+      <div class="label">Found</div>
+    </div>
+    <div class="stat-box">
+      <div class="value"><%= packages.filter(p => p.scan_count === 0).length %></div>
+      <div class="label">Unfound</div>
+    </div>
+  </div>
+
+  <h2 style="margin-top: 1.5rem; margin-bottom: 1rem;">Packages</h2>
+
+  <div class="package-grid">
+    <% packages.forEach(pkg => { %>
+      <a href="/loot/<%= hunt.short_name %>/<%= pkg.unique_code %>/profile"
+         class="package-card <%= pkg.scan_count > 0 ? 'scanned' : 'unscanned' %>">
+        <div class="card-num">#<%= pkg.card_number %></div>
+        <div class="code"><%= pkg.unique_code %></div>
+        <div class="scan-info">
+          <% if (pkg.scan_count > 0) { %>
+            &#x2705; Found &middot; <%= pkg.scan_count %> scan<%= pkg.scan_count !== 1 ? 's' : '' %>
+            <% if (pkg.first_scanner_name) { %> &middot; First: <%= pkg.first_scanner_name %><% } %>
+          <% } else { %>
+            &#x1F50D; Not yet found
+          <% } %>
+        </div>
+        <% if (pkg.last_scan_hint) { %>
+          <div style="margin-top: 0.5rem; font-size: 0.85rem; font-style: italic; color: #555;">
+            "<%= pkg.last_scan_hint %>"
+          </div>
+        <% } %>
+      </a>
+    <% }) %>
+  </div>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/leaderboard/global.ejs b/src/views/leaderboard/global.ejs
new file mode 100644
index 0000000..0dc9d18
--- /dev/null
+++ b/src/views/leaderboard/global.ejs
@@ -0,0 +1,40 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <h1 style="margin-bottom: 1.5rem;">&#x1F3C6; Global Leaderboard</h1>
+
+  <% if (leaderboard.length === 0) { %>
+    <div class="card" style="text-align: center; padding: 3rem;">
+      <p style="color: var(--muted);">No scans recorded yet. Start hunting!</p>
+    </div>
+  <% } else { %>
+    <div class="card">
+      <div class="table-wrapper">
+        <table>
+          <thead>
+            <tr>
+              <th>Rank</th>
+              <th>Player</th>
+              <th>Points</th>
+              <th>Packages Found</th>
+            </tr>
+          </thead>
+          <tbody>
+            <% leaderboard.forEach((entry, i) => { %>
+              <tr>
+                <td class="rank-cell rank-<%= i + 1 %>">
+                  <% if (i === 0) { %>&#x1F947;<% } else if (i === 1) { %>&#x1F948;<% } else if (i === 2) { %>&#x1F949;<% } else { %><%= i + 1 %><% } %>
+                </td>
+                <td><strong><%= entry.username %></strong></td>
+                <td><span class="points-badge"><%= entry.total_points %></span></td>
+                <td><%= entry.scans %></td>
+              </tr>
+            <% }) %>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  <% } %>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/loot/expired.ejs b/src/views/loot/expired.ejs
new file mode 100644
index 0000000..d1371a7
--- /dev/null
+++ b/src/views/loot/expired.ejs
@@ -0,0 +1,13 @@
+<%- include('../partials/header') %>
+
+<div class="container" style="text-align: center; padding-top: 3rem;">
+  <div class="emoji" style="font-size: 4rem;">&#x23F0;</div>
+  <h1>Hunt Expired</h1>
+  <p style="color: var(--muted);">This hunt has ended. Scanning is no longer available.</p>
+  <p style="color: var(--muted);">
+    <strong><%= pkg.hunt_name %></strong> &middot; Package #<%= pkg.card_number %>
+  </p>
+  <a href="/hunt/<%= pkg.hunt_short_name %>" class="btn btn-outline" style="margin-top: 1rem;">View Hunt Results</a>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/loot/profile.ejs b/src/views/loot/profile.ejs
new file mode 100644
index 0000000..c5d383e
--- /dev/null
+++ b/src/views/loot/profile.ejs
@@ -0,0 +1,106 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <div style="margin-bottom: 1rem;">
+    <a href="/hunt/<%= pkg.hunt_short_name %>" style="color: var(--muted); text-decoration: none;">&larr; Back to <%= pkg.hunt_name %></a>
+  </div>
+
+  <div class="card">
+    <div class="package-hero">
+      <div class="card-number">#<%= pkg.card_number %></div>
+      <div class="hunt-name"><a href="/hunt/<%= pkg.hunt_short_name %>"><%= pkg.hunt_name %></a></div>
+      <div style="font-family: monospace; color: var(--muted); margin-top: 0.25rem;"><%= pkg.unique_code %></div>
+    </div>
+
+    <div class="stats-row">
+      <div class="stat-box">
+        <div class="value"><%= pkg.scan_count %></div>
+        <div class="label">Total Scans</div>
+      </div>
+      <div class="stat-box">
+        <div class="value"><%= pkg.first_scanner_name || '&mdash;' %></div>
+        <div class="label">First Finder</div>
+      </div>
+      <div class="stat-box">
+        <div class="value"><%= pkg.last_scanner_name || '&mdash;' %></div>
+        <div class="label">Most Recent</div>
+      </div>
+    </div>
+  </div>
+
+  <% if (pkg.first_scan_image) { %>
+    <div class="card">
+      <div class="card-header">&#x1F4F8; First Finder's Photo</div>
+      <img src="<%= pkg.first_scan_image %>" alt="Package photo" class="package-image">
+    </div>
+  <% } %>
+
+  <%/* First scanner can upload image */%>
+  <% if (isFirstScanner && !pkg.first_scan_image) { %>
+    <div class="card">
+      <div class="card-header">&#x1F4F8; Upload a Photo</div>
+      <p style="color: var(--muted); font-size: 0.9rem;">As the first finder, you can upload a photo for this package.</p>
+      <form method="POST" action="/loot/<%= pkg.hunt_short_name %>/<%= pkg.unique_code %>/image" enctype="multipart/form-data">
+        <div class="form-group">
+          <input type="file" name="image" accept="image/*" class="form-control" required>
+        </div>
+        <button type="submit" class="btn btn-primary">Upload Photo</button>
+      </form>
+    </div>
+  <% } %>
+
+  <div class="card">
+    <div class="card-header">&#x1F4AC; Package Hint</div>
+    <% if (pkg.last_scan_hint) { %>
+      <p style="font-style: italic; font-size: 1.05rem;">"<%= pkg.last_scan_hint %>"</p>
+      <p style="font-size: 0.8rem; color: var(--muted);">Left by <%= pkg.last_scanner_name %></p>
+    <% } else { %>
+      <p style="color: var(--muted);">No hint has been left yet.</p>
+    <% } %>
+
+    <% if (isLastScanner) { %>
+      <form method="POST" action="/loot/<%= pkg.hunt_short_name %>/<%= pkg.unique_code %>/hint" style="margin-top: 1rem;">
+        <div class="form-group">
+          <label>Update Hint/Message</label>
+          <textarea name="hint" class="form-control" rows="2" maxlength="500" placeholder="Leave a hint or message for the next finder..."><%= pkg.last_scan_hint || '' %></textarea>
+        </div>
+        <button type="submit" class="btn btn-primary btn-sm">Save Hint</button>
+      </form>
+    <% } %>
+  </div>
+
+  <% if (scanHistory.length > 0) { %>
+    <div class="card">
+      <div class="card-header">Scan History</div>
+      <div class="table-wrapper">
+        <table>
+          <thead>
+            <tr>
+              <th>#</th>
+              <th>Player</th>
+              <th>Points</th>
+              <th>Time</th>
+            </tr>
+          </thead>
+          <tbody>
+            <% scanHistory.forEach((scan, i) => { %>
+              <tr>
+                <td><%= i + 1 %></td>
+                <td><%= scan.username %></td>
+                <td><% if (scan.points_awarded > 0) { %><span class="points-badge">+<%= scan.points_awarded %></span><% } else { %><span style="color: var(--muted);">0</span><% } %></td>
+                <td style="font-size: 0.85rem; color: var(--muted);"><%= new Date(scan.scanned_at).toLocaleString() %></td>
+              </tr>
+            <% }) %>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  <% } %>
+
+  <div style="text-align: center; margin-top: 1rem;">
+    <a href="/hunt/<%= pkg.hunt_short_name %>" class="btn btn-outline">View All Packages</a>
+    <a href="/hunt/<%= pkg.hunt_short_name %>/leaderboard" class="btn btn-outline">Leaderboard</a>
+  </div>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/loot/scanned.ejs b/src/views/loot/scanned.ejs
new file mode 100644
index 0000000..4912549
--- /dev/null
+++ b/src/views/loot/scanned.ejs
@@ -0,0 +1,122 @@
+<%- include('../partials/header') %>
+
+<div class="container">
+  <div class="scan-result">
+    <% if (scanResult.alreadyScanned) { %>
+      <div class="emoji">&#x1F504;</div>
+      <h1>Already Scanned!</h1>
+      <p style="color: var(--muted);">You've already found this package. No additional points, but you're now the most recent scanner and can update the hint below.</p>
+    <% } else if (scanResult.isFirst) { %>
+      <div class="emoji">&#x1F31F;</div>
+      <h1>FIRST FIND!</h1>
+      <div class="points-badge large">+<%= scanResult.points %> pts</div>
+      <p style="color: var(--muted); margin-top: 0.5rem;">You're the first person to discover this package! You can upload an image below.</p>
+    <% } else { %>
+      <div class="emoji">&#x2705;</div>
+      <h1>Package Found!</h1>
+      <div class="points-badge large">+<%= scanResult.points %> pts</div>
+      <p style="color: var(--muted); margin-top: 0.5rem;">Scan #<%= scanResult.scanNumber %> &mdash; nice find!</p>
+    <% } %>
+  </div>
+
+  <div class="card">
+    <div class="package-hero">
+      <div class="card-number">#<%= pkg.card_number %></div>
+      <div class="hunt-name"><a href="/hunt/<%= pkg.hunt_short_name %>"><%= pkg.hunt_name %></a></div>
+      <div style="font-family: monospace; color: var(--muted); margin-top: 0.25rem;"><%= pkg.unique_code %></div>
+    </div>
+
+    <div class="stats-row">
+      <div class="stat-box">
+        <div class="value"><%= pkg.scan_count %></div>
+        <div class="label">Total Scans</div>
+      </div>
+      <div class="stat-box">
+        <div class="value"><%= pkg.first_scanner_name || '&mdash;' %></div>
+        <div class="label">First Finder</div>
+      </div>
+      <div class="stat-box">
+        <div class="value"><%= pkg.last_scanner_name || '&mdash;' %></div>
+        <div class="label">Most Recent</div>
+      </div>
+    </div>
+  </div>
+
+  <% if (pkg.first_scan_image) { %>
+    <div class="card">
+      <div class="card-header">First Finder's Photo</div>
+      <img src="<%= pkg.first_scan_image %>" alt="Package photo" class="package-image">
+    </div>
+  <% } %>
+
+  <%/* First scanner can upload image */%>
+  <% if (isFirstScanner && !pkg.first_scan_image) { %>
+    <div class="card">
+      <div class="card-header">&#x1F4F8; Upload a Photo</div>
+      <p style="color: var(--muted); font-size: 0.9rem;">As the first finder, you can upload a photo for this package.</p>
+      <form method="POST" action="/loot/<%= pkg.hunt_short_name %>/<%= pkg.unique_code %>/image" enctype="multipart/form-data">
+        <div class="form-group">
+          <input type="file" name="image" accept="image/*" class="form-control" required>
+        </div>
+        <button type="submit" class="btn btn-primary">Upload Photo</button>
+      </form>
+    </div>
+  <% } %>
+
+  <%/* Hint/message section */%>
+  <div class="card">
+    <div class="card-header">&#x1F4AC; Package Hint</div>
+    <% if (pkg.last_scan_hint) { %>
+      <p style="font-style: italic; font-size: 1.05rem;">"<%= pkg.last_scan_hint %>"</p>
+      <p style="font-size: 0.8rem; color: var(--muted);">Left by <%= pkg.last_scanner_name %></p>
+    <% } else { %>
+      <p style="color: var(--muted);">No hint has been left yet.</p>
+    <% } %>
+
+    <% if (isLastScanner) { %>
+      <form method="POST" action="/loot/<%= pkg.hunt_short_name %>/<%= pkg.unique_code %>/hint" style="margin-top: 1rem;">
+        <div class="form-group">
+          <label>Update Hint/Message</label>
+          <textarea name="hint" class="form-control" rows="2" maxlength="500" placeholder="Leave a hint or message for the next finder..."><%= pkg.last_scan_hint || '' %></textarea>
+        </div>
+        <button type="submit" class="btn btn-primary btn-sm">Save Hint</button>
+      </form>
+    <% } %>
+  </div>
+
+  <%/* Scan history */%>
+  <% if (scanHistory.length > 0) { %>
+    <div class="card">
+      <div class="card-header">Scan History</div>
+      <div class="table-wrapper">
+        <table>
+          <thead>
+            <tr>
+              <th>#</th>
+              <th>Player</th>
+              <th>Points</th>
+              <th>Time</th>
+            </tr>
+          </thead>
+          <tbody>
+            <% scanHistory.forEach((scan, i) => { %>
+              <tr>
+                <td><%= i + 1 %></td>
+                <td><%= scan.username %></td>
+                <td><% if (scan.points_awarded > 0) { %><span class="points-badge">+<%= scan.points_awarded %></span><% } else { %><span style="color: var(--muted);">0</span><% } %></td>
+                <td style="font-size: 0.85rem; color: var(--muted);"><%= new Date(scan.scanned_at).toLocaleString() %></td>
+              </tr>
+            <% }) %>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  <% } %>
+
+  <div style="text-align: center; margin-top: 1rem;">
+    <a href="/loot/<%= pkg.hunt_short_name %>/<%= pkg.unique_code %>/profile" class="btn btn-outline">View Package Profile</a>
+    <a href="/hunt/<%= pkg.hunt_short_name %>" class="btn btn-outline">Back to Hunt</a>
+  </div>
+</div>
+
+<%- include('../partials/footer') %>
diff --git a/src/views/partials/footer.ejs b/src/views/partials/footer.ejs
new file mode 100644
index 0000000..51217b4
--- /dev/null
+++ b/src/views/partials/footer.ejs
@@ -0,0 +1,5 @@
+  <footer class="footer">
+    &copy; <%= new Date().getFullYear() %> Loot Hunt &mdash; Find. Scan. Conquer.
+  </footer>
+</body>
+</html>
diff --git a/src/views/partials/header.ejs b/src/views/partials/header.ejs
new file mode 100644
index 0000000..702fd6e
--- /dev/null
+++ b/src/views/partials/header.ejs
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title><%= typeof title !== 'undefined' ? title + ' | Loot Hunt' : 'Loot Hunt' %></title>
+  <link rel="stylesheet" href="/css/style.css">
+</head>
+<body>
+  <nav class="navbar">
+    <a href="/" class="navbar-brand">&#x1F3AF; Loot Hunt</a>
+    <ul class="navbar-nav">
+      <li><a href="/hunts">Hunts</a></li>
+      <li><a href="/leaderboard">Leaderboard</a></li>
+      <% if (currentUser) { %>
+        <% if (currentUser.isAdmin) { %>
+          <li><a href="/admin">Admin</a></li>
+        <% } %>
+        <li><a href="/auth/logout">Logout (<%= currentUser.username %>)</a></li>
+      <% } else { %>
+        <li><a href="/auth/login">Login</a></li>
+        <li><a href="/auth/register">Register</a></li>
+      <% } %>
+    </ul>
+  </nav>
+  <% if (typeof flash !== 'undefined' && flash) { %>
+    <div class="container">
+      <div class="alert alert-<%= flash.type %>"><%= flash.message %></div>
+    </div>
+  <% } %>