chore: redirect to instance url

chore: upgrader to 0.5.1
chore: update shortcut card style
2025-07-06 13:12:36 +00:00 · 2023-12-24 09:50:10 +08:00 · 2023-12-24 09:17:53 +08:00 · 2023-12-24 09:17:41 +08:00 · 2023-12-24 01:05:15 +08:00 · 2023-12-24 00:32:29 +08:00
337 changed files with 47347 additions and 7122 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1 @@
+*/*/node_modules
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -5,7 +5,7 @@ body:
  - type: markdown
    attributes:
      value: |
-        Thanks for taking the time to suggest an idea for Shortify!
+        Thanks for taking the time to suggest an idea for Slash!
  - type: textarea
    attributes:
      label: Is your feature request related to a problem?
--- a/.github/workflows/backend-tests.yml
+++ b/.github/workflows/backend-tests.yml
@ -0,0 +1,44 @@
+name: Backend Test
+
+on:
+  push:
+    branches:
+      - main
+      - "release/v*.*.*"
+  pull_request:
+    branches: [main]
+
+jobs:
+  go-static-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.21
+          check-latest: true
+          cache: true
+      - name: Verify go.mod is tidy
+        run: |
+          go mod tidy
+          git diff --exit-code
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.54.1
+          args: --verbose --timeout=3m
+          skip-cache: true
+
+  go-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.21
+          check-latest: true
+          cache: true
+      - name: Run all tests
+        run: go test -v ./... | tee test.log; exit ${PIPESTATUS[0]}
+      - name: Pretty print tests running time
+        run: grep --color=never -e '--- PASS:' -e '--- FAIL:' test.log | sed 's/[:()]//g' | awk '{print $2,$3,$4}' | sort -t' ' -nk3 -r | awk '{sum += $3; print $1,$2,$3,sum"s"}'
--- a/.github/workflows/build-and-push-release-image.yml
+++ b/.github/workflows/build-and-push-release-image.yml
@ -24,7 +24,7 @@ jobs:
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
-          username: stevenlgtm
+          username: yourselfhosted
          password: ${{ secrets.DOCKER_TOKEN }}

      - name: Set up Docker Buildx
@ -41,4 +41,4 @@ jobs:
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
-          tags: stevenlgtm/shortify:latest, stevenlgtm/shortify:${{ env.VERSION }}
+          tags: yourselfhosted/slash:latest, yourselfhosted/slash:${{ env.VERSION }}
--- a/.github/workflows/build-and-push-test-image.yml
+++ b/.github/workflows/build-and-push-test-image.yml
@ -16,7 +16,7 @@ jobs:
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
-          username: stevenlgtm
+          username: yourselfhosted
          password: ${{ secrets.DOCKER_TOKEN }}

      - name: Set up Docker Buildx
@ -34,4 +34,4 @@ jobs:
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
-          tags: stevenlgtm/shortify:test
+          tags: yourselfhosted/slash:test
--- a/.github/workflows/extension-test.yml
+++ b/.github/workflows/extension-test.yml
@ -0,0 +1,52 @@
+name: Extension Test
+
+on:
+  push:
+    branches:
+      - main
+      - "release/v*.*.*"
+  pull_request:
+    branches: [main]
+    paths:
+      - "frontend/extension/**"
+
+jobs:
+  eslint-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: pnpm/action-setup@v2.2.4
+        with:
+          version: 8
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "18"
+          cache: pnpm
+          cache-dependency-path: "frontend/extension/pnpm-lock.yaml"
+      - run: pnpm install
+        working-directory: frontend/extension
+      - run: pnpm type-gen
+        working-directory: frontend/extension
+      - name: Run eslint check
+        run: pnpm lint
+        working-directory: frontend/extension
+
+  extension-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: pnpm/action-setup@v2.2.4
+        with:
+          version: 8
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "18"
+          cache: pnpm
+          cache-dependency-path: "frontend/extension/pnpm-lock.yaml"
+      - run: pnpm install
+        working-directory: frontend/extension
+      - run: pnpm type-gen
+        working-directory: frontend/extension
+      - name: Run extension build
+        run: pnpm build
+        working-directory: frontend/extension
--- a/.github/workflows/frontend-test.yml
+++ b/.github/workflows/frontend-test.yml
@ -0,0 +1,52 @@
+name: Frontend Test
+
+on:
+  push:
+    branches:
+      - main
+      - "release/v*.*.*"
+  pull_request:
+    branches: [main]
+    paths:
+      - "frontend/web/**"
+
+jobs:
+  eslint-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: pnpm/action-setup@v2.2.4
+        with:
+          version: 8
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "18"
+          cache: pnpm
+          cache-dependency-path: "frontend/web/pnpm-lock.yaml"
+      - run: pnpm install
+        working-directory: frontend/web
+      - run: pnpm type-gen
+        working-directory: frontend/web
+      - name: Run eslint check
+        run: pnpm lint
+        working-directory: frontend/web
+
+  frontend-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: pnpm/action-setup@v2.2.4
+        with:
+          version: 8
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "18"
+          cache: pnpm
+          cache-dependency-path: "frontend/web/pnpm-lock.yaml"
+      - run: pnpm install
+        working-directory: frontend/web
+      - run: pnpm type-gen
+        working-directory: frontend/web
+      - name: Run frontend build
+        run: pnpm build
+        working-directory: frontend/web
--- a/.github/workflows/proto-linter.yml
+++ b/.github/workflows/proto-linter.yml
@ -0,0 +1,34 @@
+name: Proto linter
+
+on:
+  push:
+    branches:
+      - main
+      - "release/v*.*.*"
+  pull_request:
+    branches:
+      - main
+      - "release/*.*.*"
+    paths:
+      - "proto/**"
+
+jobs:
+  lint-protos:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup buf
+        uses: bufbuild/buf-setup-action@v1
+      - name: buf lint
+        uses: bufbuild/buf-lint-action@v1
+        with:
+          input: "proto"
+      - name: buf format
+        run: |
+          if [[ $(buf format -d) ]]; then
+            echo "Run 'buf format -w'"
+            exit 1
+          fi
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -1,80 +0,0 @@
-name: Test
-
-on:
-  push:
-    branches:
-      - main
-      - "release/v*.*.*"
-  pull_request:
-    branches: [main]
-
-jobs:
-  go-static-checks:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.19
-          check-latest: true
-          cache: true
-      - name: Verify go.mod is tidy
-        run: |
-          go mod tidy
-          git diff --exit-code
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          args: -v
-          skip-cache: true
-
-  eslint-checks:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: pnpm/action-setup@v2.2.4
-        with:
-          version: 8
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: "18"
-          cache: pnpm
-          cache-dependency-path: "web/pnpm-lock.yaml"
-      - run: pnpm install
-        working-directory: web
-      - name: Run eslint check
-        run: pnpm lint
-        working-directory: web
-
-  frontend-build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: pnpm/action-setup@v2.2.4
-        with:
-          version: 8
-      - uses: actions/setup-node@v3
-        with:
-          node-version: "18"
-          cache: pnpm
-          cache-dependency-path: "web/pnpm-lock.yaml"
-      - run: pnpm install
-        working-directory: web
-      - name: Run frontend build
-        run: pnpm build
-        working-directory: web
-
-  go-tests:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.19
-          check-latest: true
-          cache: true
-      - name: Run all tests
-        run: go test -v ./... | tee test.log; exit ${PIPESTATUS[0]}
-      - name: Pretty print tests running time
-        run: grep --color=never -e '--- PASS:' -e '--- FAIL:' test.log | sed 's/[:()]//g' | awk '{print $2,$3,$4}' | sort -t' ' -nk3 -r | awk '{sum += $3; print $1,$2,$3,sum"s"}'
--- a/.gitignore
+++ b/.gitignore
@ -4,12 +4,9 @@
 # temp folder
 tmp

-# Frontend asset
-web/dist
-
 # build folder
 build

 .DS_Store

-extension
+node_modules
--- a/.golangci.yaml
+++ b/.golangci.yaml
@ -1,5 +1,6 @@
 linters:
  enable:
+    - errcheck
    - goimports
    - revive
    - govet
@ -10,17 +11,30 @@ linters:
    - rowserrcheck
    - nilerr
    - godot
+    - forbidigo
+    - mirror
+    - bodyclose

 issues:
+  include:
+    # https://golangci-lint.run/usage/configuration/#command-line-options
  exclude:
    - Rollback
+    - logger.Sync
+    - pgInstance.Stop
    - fmt.Printf
-    - fmt.Print
+    - Enter(.*)_(.*)
+    - Exit(.*)_(.*)

 linters-settings:
+  goimports:
+    # Put imports beginning with prefix after 3rd-party packages.
+    local-prefixes: github.com/yourselfhosted/slash
  revive:
+    # Default to run all linters so that new rules in the future could automatically be added to the static check.
    enable-all-rules: true
    rules:
+      # The following rules are too strict and make coding harder. We do not enable them for now.
      - name: file-header
        disabled: true
      - name: line-length-limit
@ -51,14 +65,26 @@ linters-settings:
        disabled: true
      - name: early-return
        disabled: true
+      - name: use-any
+        disabled: true
+      - name: var-naming
+        disabled: true
+      - name: exported
+        arguments:
+          - "disableStutteringCheck"
  gocritic:
    disabled-checks:
      - ifElseChain
  govet:
    settings:
-      printf:
-        funcs:
+      printf: # The name of the analyzer, run `go tool vet help` to see the list of all analyzers
+        funcs: # Run `go tool vet help printf` to see the full configuration of `printf`.
          - common.Errorf
+    enable-all: true
+    disable:
+      - fieldalignment
+      - shadow
  forbidigo:
    forbid:
      - 'fmt\.Errorf(# Please use errors\.Wrap\|Wrapf\|Errorf instead)?'
+      - 'ioutil\.ReadDir(# Please use os\.ReadDir)?'
--- a/30
+++ b/30
@ -1,34 +1,40 @@
 # Build frontend dist.
-FROM node:18.12.1-alpine3.16 AS frontend
+FROM node:18-alpine AS frontend
 WORKDIR /frontend-build

-COPY ./web/package.json ./web/pnpm-lock.yaml ./
+COPY . .

-RUN corepack enable && pnpm i --frozen-lockfile
+WORKDIR /frontend-build/frontend/web

-COPY ./web/ .
+RUN corepack enable && pnpm i --frozen-lockfile && pnpm type-gen

 RUN pnpm build

 # Build backend exec file.
-FROM golang:1.19.3-alpine3.16 AS backend
+FROM golang:1.21-alpine AS backend
 WORKDIR /backend-build

 COPY . .
-COPY --from=frontend /frontend-build/dist ./server/dist

-RUN go build -o shortify ./cmd/shortify/main.go
+RUN CGO_ENABLED=0 go build -o slash ./bin/slash/main.go

 # Make workspace with above generated files.
-FROM alpine:3.16 AS monolithic
-WORKDIR /usr/local/shortify
+FROM alpine:latest AS monolithic
+WORKDIR /usr/local/slash

 RUN apk add --no-cache tzdata
 ENV TZ="UTC"

-COPY --from=backend /backend-build/shortify /usr/local/shortify/
+COPY --from=frontend /frontend-build/frontend/web/dist /usr/local/slash/dist
+COPY --from=backend /backend-build/slash /usr/local/slash/
+
+EXPOSE 5231

 # Directory to store the data, which can be referenced as the mounting point.
-RUN mkdir -p /var/opt/shortify
+RUN mkdir -p /var/opt/slash
+VOLUME /var/opt/slash

-ENTRYPOINT ["./shortify", "--mode", "prod", "--port", "5231"]
+ENV SLASH_MODE="prod"
+ENV SLASH_PORT="5231"
+
+ENTRYPOINT ["./slash"]
--- a/145
+++ b/145
@ -1,5 +1,5 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007

 Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
@ -7,17 +7,15 @@

                            Preamble

-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.

  The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
+our General Public Licenses are intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
+software for all its users.

  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@ -26,44 +24,34 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.

-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.

-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.

-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.

-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.

  The precise terms and conditions for copying, distribution and
 modification follow.
@ -72,7 +60,7 @@ modification follow.

  0. Definitions.

-  "This License" refers to version 3 of the GNU General Public License.
+  "This License" refers to version 3 of the GNU Affero General Public License.

  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@ -549,35 +537,45 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.

-  13. Use with the GNU Affero General Public License.
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.

  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
+under version 3 of the GNU General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.

  14. Revised Versions of this License.

  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.

  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
+Program specifies that a certain numbered version of the GNU Affero General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
+GNU Affero General Public License, you may choose any version ever published
 by the Free Software Foundation.

  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
+versions of the GNU Affero General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.

@ -631,40 +629,33 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.

+    <Slash>
+    Copyright (C) <2023>  <Steven>
+
    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
+    GNU Affero General Public License for more details.

-    You should have received a copy of the GNU General Public License
+    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.

 Also add information on how to contact you by electronic and paper mail.

-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.

  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
+For more information on this, and how to apply and follow the GNU AGPL, see
 <https://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.
--- a/README.md
+++ b/README.md
@ -1,17 +1,57 @@
-# Shortify
+# Slash

-<img align="right" src="./resources/logo.png" height="64px" alt="logo">
+<img align="right" src="./docs/assets/logo.png" height="64px" alt="logo">

-**Shortify** is a bookmarking and short link service that allows you to save and share links easily. It lets you store and categorize links, generate short URLs for easy sharing, search and filter your saved links, and access them from any device. It simplifies link organization, management, and collaboration, making it effortless to navigate and share web resources.
+**Slash** is an open source, self-hosted bookmarks and link sharing platform. It allows you to organize your links with tags, and share them with custom shortened URLs. Slash also supports team sharing of link libraries for easy collaboration.

-Let's Simplify, Share, and Save your links with **Shortify**.
+🧩 Browser extension(v1.0.0) now available! - [Chrome Web Store](https://chrome.google.com/webstore/detail/slash/ebaiehmkammnacjadffpicipfckgeobg), [Firefox Add-on](https://addons.mozilla.org/firefox/addon/your-slash/)
+
+Getting started with Slash's [Shortcuts](https://github.com/yourselfhosted/slash/blob/main/docs/getting-started/shortcuts.md) and [Collections](https://github.com/yourselfhosted/slash/blob/main/docs/getting-started/collections.md).
+
+<a href="https://demo.slash.yourselfhosted.com">Live Demo</a> • <a href="https://discord.gg/QZqUuUAhDV">Discord</a>
+
+<p>
+  <a href="https://hub.docker.com/r/yourselfhosted/slash"><img alt="Docker pull" src="https://img.shields.io/docker/pulls/yourselfhosted/slash.svg"/></a>
+  <a href="https://github.com/yourselfhosted/slash/stargazers"><img alt="GitHub stars" src="https://img.shields.io/github/stars/yourselfhosted/slash?logo=github"/></a>
+</p>
+
+![demo](./docs/assets/demo.png)
+
+## Background
+
+In today's workplace, essential information is often scattered across the cloud in the form of links. We understand the frustration of endlessly searching through emails, messages, and websites just to find the right link. Links are notorious for being unwieldy, complex, and easily lost in the shuffle. Remembering and sharing them can be a challenge.
+
+That's why we developed Slash, a solution that transforms these links into easily accessible, discoverable, and shareable shortcuts(e.g., `s/shortcut`). Say goodbye to link chaos and welcome the organizational ease of Slash into your daily online workflow.
+
+## Features
+
+- Create customizable `s/` short links for any URL.
+- Share short links public or only with your teammates.
+- View analytics on link traffic and sources.
+- Easy access to your shortcuts with browser extension.
+- Share your shortcuts with Collection to anyone, on any browser.
+- Open source self-hosted solution.

 ## Deploy with Docker in seconds

 ```bash
-docker run -d --name shortify -p 5231:5231 -v ~/.shortify/:/var/opt/shortify stevenlgtm/shortify:latest
+docker run -d --name slash -p 5231:5231 -v ~/.slash/:/var/opt/slash yourselfhosted/slash:latest
 ```

-## Demo
+Learn more in [Self-hosting Slash with Docker](https://github.com/yourselfhosted/slash/blob/main/docs/install.md).

-![demo](./resources/demo.gif)
+## Browser Extension
+
+Slash provides a browser extension to help you use your shortcuts in the search bar to go to the corresponding URL.
+
+![browser-extension-example](./docs/assets/browser-extension-example.png)
+
+Learn more in [The Browser Extension of Slash](https://github.com/yourselfhosted/slash/blob/main/docs/install-browser-extension.md).
+
+### Chromium based browsers
+
+For Chromium based browsers(Chrome, Edge, Arc, ...), you can install the extension from the [Chrome Web Store](https://chrome.google.com/webstore/detail/slash/ebaiehmkammnacjadffpicipfckgeobg).
+
+### Firefox
+
+For Firefox, you can install the extension from the [Firefox Add-ons](https://addons.mozilla.org/firefox/addon/your-slash/).
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@ -0,0 +1,64 @@
+package auth
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/golang-jwt/jwt/v4"
+)
+
+const (
+	// issuer is the issuer of the jwt token.
+	Issuer = "slash"
+	// Signing key section. For now, this is only used for signing, not for verifying since we only
+	// have 1 version. But it will be used to maintain backward compatibility if we change the signing mechanism.
+	KeyID = "v1"
+	// AccessTokenAudienceName is the audience name of the access token.
+	AccessTokenAudienceName = "user.access-token"
+	AccessTokenDuration     = 7 * 24 * time.Hour
+
+	// CookieExpDuration expires slightly earlier than the jwt expiration. Client would be logged out if the user
+	// cookie expires, thus the client would always logout first before attempting to make a request with the expired jwt.
+	CookieExpDuration = AccessTokenDuration - 1*time.Minute
+	// AccessTokenCookieName is the cookie name of access token.
+	AccessTokenCookieName = "slash.access-token"
+)
+
+type ClaimsMessage struct {
+	Name string `json:"name"`
+	jwt.RegisteredClaims
+}
+
+// GenerateAccessToken generates an access token.
+// username is the email of the user.
+func GenerateAccessToken(username string, userID int32, expirationTime time.Time, secret []byte) (string, error) {
+	return generateToken(username, userID, AccessTokenAudienceName, expirationTime, secret)
+}
+
+// generateToken generates a jwt token.
+func generateToken(username string, userID int32, audience string, expirationTime time.Time, secret []byte) (string, error) {
+	registeredClaims := jwt.RegisteredClaims{
+		Issuer:   Issuer,
+		Audience: jwt.ClaimStrings{audience},
+		IssuedAt: jwt.NewNumericDate(time.Now()),
+		Subject:  fmt.Sprint(userID),
+	}
+	if !expirationTime.IsZero() {
+		registeredClaims.ExpiresAt = jwt.NewNumericDate(expirationTime)
+	}
+
+	// Declare the token with the HS256 algorithm used for signing, and the claims.
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, &ClaimsMessage{
+		Name:             username,
+		RegisteredClaims: registeredClaims,
+	})
+	token.Header["kid"] = KeyID
+
+	// Create the JWT string.
+	tokenString, err := token.SignedString(secret)
+	if err != nil {
+		return "", err
+	}
+
+	return tokenString, nil
+}
--- a/api/v1/README.md
+++ b/api/v1/README.md
@ -0,0 +1 @@
+> The v1 API has been deprecated. Please use the v2 API instead.
--- a/api/v1/activity.go
+++ b/api/v1/activity.go
@ -1,11 +1,11 @@
 package v1

 type ActivityShorcutCreatePayload struct {
-	ShortcutID int `json:"shortcutId"`
+	ShortcutID int32 `json:"shortcutId"`
 }

 type ActivityShorcutViewPayload struct {
-	ShortcutID int    `json:"shortcutId"`
+	ShortcutID int32  `json:"shortcutId"`
 	IP         string `json:"ip"`
 	Referer    string `json:"referer"`
 	UserAgent  string `json:"userAgent"`
--- a/api/v1/analytics.go
+++ b/api/v1/analytics.go
@ -0,0 +1,131 @@
+package v1
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/labstack/echo/v4"
+	"github.com/mssola/useragent"
+	"golang.org/x/exp/slices"
+
+	"github.com/yourselfhosted/slash/internal/util"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/store"
+)
+
+type ReferenceInfo struct {
+	Name  string `json:"name"`
+	Count int    `json:"count"`
+}
+
+type DeviceInfo struct {
+	Name  string `json:"name"`
+	Count int    `json:"count"`
+}
+
+type BrowserInfo struct {
+	Name  string `json:"name"`
+	Count int    `json:"count"`
+}
+
+type AnalysisData struct {
+	ReferenceData []ReferenceInfo `json:"referenceData"`
+	DeviceData    []DeviceInfo    `json:"deviceData"`
+	BrowserData   []BrowserInfo   `json:"browserData"`
+}
+
+func (s *APIV1Service) registerAnalyticsRoutes(g *echo.Group) {
+	g.GET("/shortcut/:shortcutId/analytics", func(c echo.Context) error {
+		ctx := c.Request().Context()
+		shortcutID, err := util.ConvertStringToInt32(c.Param("shortcutId"))
+		if err != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("shortcut id is not a number: %s", c.Param("shortcutId"))).SetInternal(err)
+		}
+		activities, err := s.Store.ListActivities(ctx, &store.FindActivity{
+			Type:              store.ActivityShortcutView,
+			PayloadShortcutID: &shortcutID,
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to get activities, err: %s", err)).SetInternal(err)
+		}
+
+		referenceMap := make(map[string]int)
+		deviceMap := make(map[string]int)
+		browserMap := make(map[string]int)
+		for _, activity := range activities {
+			payload := &ActivityShorcutViewPayload{}
+			if err := json.Unmarshal([]byte(activity.Payload), payload); err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to unmarshal payload, err: %s", err)).SetInternal(err)
+			}
+
+			if _, ok := referenceMap[payload.Referer]; !ok {
+				referenceMap[payload.Referer] = 0
+			}
+			referenceMap[payload.Referer]++
+
+			ua := useragent.New(payload.UserAgent)
+			deviceName := ua.OSInfo().Name
+			browserName, _ := ua.Browser()
+
+			if _, ok := deviceMap[deviceName]; !ok {
+				deviceMap[deviceName] = 0
+			}
+			deviceMap[deviceName]++
+
+			if _, ok := browserMap[browserName]; !ok {
+				browserMap[browserName] = 0
+			}
+			browserMap[browserName]++
+		}
+
+		metric.Enqueue("shortcut analytics")
+		return c.JSON(http.StatusOK, &AnalysisData{
+			ReferenceData: mapToReferenceInfoSlice(referenceMap),
+			DeviceData:    mapToDeviceInfoSlice(deviceMap),
+			BrowserData:   mapToBrowserInfoSlice(browserMap),
+		})
+	})
+}
+
+func mapToReferenceInfoSlice(m map[string]int) []ReferenceInfo {
+	referenceInfoSlice := make([]ReferenceInfo, 0)
+	for key, value := range m {
+		referenceInfoSlice = append(referenceInfoSlice, ReferenceInfo{
+			Name:  key,
+			Count: value,
+		})
+	}
+	slices.SortFunc(referenceInfoSlice, func(i, j ReferenceInfo) int {
+		return i.Count - j.Count
+	})
+	return referenceInfoSlice
+}
+
+func mapToDeviceInfoSlice(m map[string]int) []DeviceInfo {
+	deviceInfoSlice := make([]DeviceInfo, 0)
+	for key, value := range m {
+		deviceInfoSlice = append(deviceInfoSlice, DeviceInfo{
+			Name:  key,
+			Count: value,
+		})
+	}
+	slices.SortFunc(deviceInfoSlice, func(i, j DeviceInfo) int {
+		return i.Count - j.Count
+	})
+	return deviceInfoSlice
+}
+
+func mapToBrowserInfoSlice(m map[string]int) []BrowserInfo {
+	browserInfoSlice := make([]BrowserInfo, 0)
+	for key, value := range m {
+		browserInfoSlice = append(browserInfoSlice, BrowserInfo{
+			Name:  key,
+			Count: value,
+		})
+	}
+	slices.SortFunc(browserInfoSlice, func(i, j BrowserInfo) int {
+		return i.Count - j.Count
+	})
+	return browserInfoSlice
+}
--- a/api/v1/auth.go
+++ b/api/v1/auth.go
@ -1,15 +1,21 @@
 package v1

 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
-
-	"github.com/boojack/shortify/server/auth"
-	"github.com/boojack/shortify/store"
+	"time"

 	"github.com/labstack/echo/v4"
+	"github.com/pkg/errors"
 	"golang.org/x/crypto/bcrypt"
+
+	"github.com/yourselfhosted/slash/api/auth"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/server/service/license"
+	"github.com/yourselfhosted/slash/store"
 )

 type SignInRequest struct {
@ -48,24 +54,42 @@ func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
 			return echo.NewHTTPError(http.StatusUnauthorized, "unmatched email and password")
 		}

-		if err := auth.GenerateTokensAndSetCookies(c, user, secret); err != nil {
+		accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(secret))
+		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
 		}
+		if err := s.UpsertAccessTokenToStore(ctx, user, accessToken); err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert access token, err: %s", err)).SetInternal(err)
+		}
+
+		cookieExp := time.Now().Add(auth.CookieExpDuration)
+		setTokenCookie(c, auth.AccessTokenCookieName, accessToken, cookieExp)
+		metric.Enqueue("user sign in")
 		return c.JSON(http.StatusOK, convertUserFromStore(user))
 	})

 	g.POST("/auth/signup", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		disallowSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
-			Key: store.WorkspaceDisallowSignUp,
+		enableSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
+			Key: storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP,
 		})
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to get workspace setting, err: %s", err)).SetInternal(err)
 		}
-		if disallowSignUpSetting != nil && disallowSignUpSetting.Value == "true" {
+		if enableSignUpSetting != nil && !enableSignUpSetting.GetEnableSignup() {
 			return echo.NewHTTPError(http.StatusForbidden, "sign up has been disabled")
 		}

+		if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
+			userList, err := s.Store.ListUsers(ctx, &store.FindUser{})
+			if err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to list users").SetInternal(err)
+			}
+			if len(userList) >= 5 {
+				return echo.NewHTTPError(http.StatusBadRequest, "Maximum number of users reached")
+			}
+		}
+
 		signup := &SignUpRequest{}
 		if err := json.NewDecoder(c.Request().Body).Decode(signup); err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("malformatted signup request, err: %s", err)).SetInternal(err)
@ -97,16 +121,91 @@ func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to create user, err: %s", err)).SetInternal(err)
 		}

-		if err := auth.GenerateTokensAndSetCookies(c, user, secret); err != nil {
+		accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(secret))
+		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
 		}
+		if err := s.UpsertAccessTokenToStore(ctx, user, accessToken); err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert access token, err: %s", err)).SetInternal(err)
+		}

+		cookieExp := time.Now().Add(auth.CookieExpDuration)
+		setTokenCookie(c, auth.AccessTokenCookieName, accessToken, cookieExp)
+		metric.Enqueue("user sign up")
 		return c.JSON(http.StatusOK, convertUserFromStore(user))
 	})

 	g.POST("/auth/logout", func(c echo.Context) error {
-		auth.RemoveTokensAndCookies(c)
+		ctx := c.Request().Context()
+		RemoveTokensAndCookies(c)
+		accessToken := findAccessToken(c)
+		userID, _ := getUserIDFromAccessToken(accessToken, secret)
+		userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
+		// Auto remove the current access token from the user access tokens.
+		if err == nil && len(userAccessTokens) != 0 {
+			accessTokens := []*storepb.AccessTokensUserSetting_AccessToken{}
+			for _, userAccessToken := range userAccessTokens {
+				if accessToken != userAccessToken.AccessToken {
+					accessTokens = append(accessTokens, userAccessToken)
+				}
+			}
+
+			if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
+				UserId: userID,
+				Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
+				Value: &storepb.UserSetting_AccessTokens{
+					AccessTokens: &storepb.AccessTokensUserSetting{
+						AccessTokens: accessTokens,
+					},
+				},
+			}); err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert user setting, err: %s", err)).SetInternal(err)
+			}
+		}
 		c.Response().WriteHeader(http.StatusOK)
 		return nil
 	})
 }
+
+func (s *APIV1Service) UpsertAccessTokenToStore(ctx context.Context, user *store.User, accessToken string) error {
+	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
+	if err != nil {
+		return errors.Wrap(err, "failed to get user access tokens")
+	}
+	userAccessToken := storepb.AccessTokensUserSetting_AccessToken{
+		AccessToken: accessToken,
+		Description: "Account sign in",
+	}
+	userAccessTokens = append(userAccessTokens, &userAccessToken)
+	if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
+		UserId: user.ID,
+		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
+		Value: &storepb.UserSetting_AccessTokens{
+			AccessTokens: &storepb.AccessTokensUserSetting{
+				AccessTokens: userAccessTokens,
+			},
+		},
+	}); err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert user setting, err: %s", err)).SetInternal(err)
+	}
+	return nil
+}
+
+// RemoveTokensAndCookies removes the jwt token from the cookies.
+func RemoveTokensAndCookies(c echo.Context) {
+	cookieExp := time.Now().Add(-1 * time.Hour)
+	setTokenCookie(c, auth.AccessTokenCookieName, "", cookieExp)
+}
+
+// setTokenCookie sets the token to the cookie.
+func setTokenCookie(c echo.Context, name, token string, expiration time.Time) {
+	cookie := new(http.Cookie)
+	cookie.Name = name
+	cookie.Value = token
+	cookie.Expires = expiration
+	cookie.Path = "/"
+	// Http-only helps mitigate the risk of client side script accessing the protected cookie.
+	cookie.HttpOnly = true
+	cookie.SameSite = http.SameSiteStrictMode
+	c.SetCookie(cookie)
+}
--- a/api/v1/jwt.go
+++ b/api/v1/jwt.go
@ -3,36 +3,24 @@ package v1
 import (
 	"fmt"
 	"net/http"
-	"strconv"
 	"strings"
-	"time"

-	"github.com/boojack/shortify/internal/util"
-	"github.com/boojack/shortify/server/auth"
-	"github.com/boojack/shortify/store"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/pkg/errors"
+
+	"github.com/yourselfhosted/slash/api/auth"
+	"github.com/yourselfhosted/slash/internal/util"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/store"
 )

 const (
-	// Context section
 	// The key name used to store user id in the context
 	// user id is extracted from the jwt token subject field.
 	userIDContextKey = "user-id"
 )

-func getUserIDContextKey() string {
-	return userIDContextKey
-}
-
-// Claims creates a struct that will be encoded to a JWT.
-// We add jwt.RegisteredClaims as an embedded type, to provide fields such as name.
-type Claims struct {
-	Name string `json:"name"`
-	jwt.RegisteredClaims
-}
-
 func extractTokenFromHeader(c echo.Context) (string, error) {
 	authHeader := c.Request().Header.Get("Authorization")
 	if authHeader == "" {
@ -48,86 +36,54 @@ func extractTokenFromHeader(c echo.Context) (string, error) {
 }

 func findAccessToken(c echo.Context) string {
-	accessToken := ""
-	cookie, _ := c.Cookie(auth.AccessTokenCookieName)
-	if cookie != nil {
-		accessToken = cookie.Value
-	}
+	// Check the HTTP request header first.
+	accessToken, _ := extractTokenFromHeader(c)
 	if accessToken == "" {
-		accessToken, _ = extractTokenFromHeader(c)
+		// Check the cookie.
+		cookie, _ := c.Cookie(auth.AccessTokenCookieName)
+		if cookie != nil {
+			accessToken = cookie.Value
+		}
 	}
-
 	return accessToken
 }

-func audienceContains(audience jwt.ClaimStrings, token string) bool {
-	for _, v := range audience {
-		if v == token {
-			return true
-		}
-	}
-	return false
-}
-
 // JWTMiddleware validates the access token.
-// If the access token is about to expire or has expired and the request has a valid refresh token, it
-// will try to generate new access token and refresh token.
-func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) echo.HandlerFunc {
+func JWTMiddleware(s *APIV1Service, next echo.HandlerFunc, secret string) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		path := c.Path()
+		ctx := c.Request().Context()
+		path := c.Request().URL.Path
 		method := c.Request().Method

-		if defaultAuthSkipper(c) {
+		// Pass auth and profile endpoints.
+		if util.HasPrefixes(path, "/api/v1/auth", "/api/v1/workspace/profile") {
 			return next(c)
 		}

-		token := findAccessToken(c)
-		if token == "" {
+		accessToken := findAccessToken(c)
+		if accessToken == "" {
 			// When the request is not authenticated, we allow the user to access the shortcut endpoints for those public shortcuts.
-			if util.HasPrefixes(path, "/api/v1/workspace/profile", "/s/*") && method == http.MethodGet {
+			if util.HasPrefixes(path, "/s/", "/api/v1/user/") && method == http.MethodGet {
 				return next(c)
 			}
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")
 		}

-		claims := &Claims{}
-		accessToken, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
-			if t.Method.Alg() != jwt.SigningMethodHS256.Name {
-				return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
-			}
-			if kid, ok := t.Header["kid"].(string); ok {
-				if kid == "v1" {
-					return []byte(secret), nil
-				}
-			}
-			return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
-		})
-		if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) {
-			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Invalid access token, audience mismatch, got %q, expected %q.", claims.Audience, auth.AccessTokenAudienceName))
-		}
-		generateToken := time.Until(claims.ExpiresAt.Time) < auth.RefreshThresholdDuration
+		userID, err := getUserIDFromAccessToken(accessToken, secret)
 		if err != nil {
-			var ve *jwt.ValidationError
-			if errors.As(err, &ve) {
-				// If expiration error is the only error, we will clear the err
-				// and generate new access token and refresh token
-				if ve.Errors == jwt.ValidationErrorExpired {
-					generateToken = true
-				}
-			} else {
-				return echo.NewHTTPError(http.StatusUnauthorized, errors.Wrap(err, "Invalid or expired access token"))
-			}
+			return echo.NewHTTPError(http.StatusUnauthorized, "Invalid or expired access token")
 		}

-		// We either have a valid access token or we will attempt to generate new access token and refresh token
-		ctx := c.Request().Context()
-		userID, err := strconv.Atoi(claims.Subject)
+		accessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
 		if err != nil {
-			return echo.NewHTTPError(http.StatusUnauthorized, "Malformed ID in the token.")
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get user access tokens.").WithInternal(err)
+		}
+		if !validateAccessToken(accessToken, accessTokens) {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Invalid access token.")
 		}

 		// Even if there is no error, we still need to make sure the user still exists.
-		user, err := server.Store.GetUser(ctx, &store.FindUser{
+		user, err := s.Store.GetUser(ctx, &store.FindUser{
 			ID: &userID,
 		})
 		if err != nil {
@ -137,66 +93,41 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Failed to find user ID: %d", userID))
 		}

-		if generateToken {
-			generateTokenFunc := func() error {
-				rc, err := c.Cookie(auth.RefreshTokenCookieName)
-				if err != nil {
-					return echo.NewHTTPError(http.StatusUnauthorized, "Failed to generate access token. Missing refresh token.")
-				}
-
-				// Parses token and checks if it's valid.
-				refreshTokenClaims := &Claims{}
-				refreshToken, err := jwt.ParseWithClaims(rc.Value, refreshTokenClaims, func(t *jwt.Token) (any, error) {
-					if t.Method.Alg() != jwt.SigningMethodHS256.Name {
-						return nil, errors.Errorf("unexpected refresh token signing method=%v, expected %v", t.Header["alg"], jwt.SigningMethodHS256)
-					}
-
-					if kid, ok := t.Header["kid"].(string); ok {
-						if kid == "v1" {
-							return []byte(secret), nil
-						}
-					}
-					return nil, errors.Errorf("unexpected refresh token kid=%v", t.Header["kid"])
-				})
-				if err != nil {
-					if err == jwt.ErrSignatureInvalid {
-						return echo.NewHTTPError(http.StatusUnauthorized, "Failed to generate access token. Invalid refresh token signature.")
-					}
-					return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Server error to refresh expired token. User Id %d", userID)).SetInternal(err)
-				}
-
-				if !audienceContains(refreshTokenClaims.Audience, auth.RefreshTokenAudienceName) {
-					return echo.NewHTTPError(http.StatusUnauthorized,
-						fmt.Sprintf("Invalid refresh token, audience mismatch, got %q, expected %q. you may send request to the wrong environment",
-							refreshTokenClaims.Audience,
-							auth.RefreshTokenAudienceName,
-						))
-				}
-
-				// If we have a valid refresh token, we will generate new access token and refresh token
-				if refreshToken != nil && refreshToken.Valid {
-					if err := auth.GenerateTokensAndSetCookies(c, user, secret); err != nil {
-						return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Server error to refresh expired token. User Id %d", userID)).SetInternal(err)
-					}
-				}
-
-				return nil
-			}
-
-			// It may happen that we still have a valid access token, but we encounter issue when trying to generate new token
-			// In such case, we won't return the error.
-			if err := generateTokenFunc(); err != nil && !accessToken.Valid {
-				return err
-			}
-		}
-
 		// Stores userID into context.
-		c.Set(getUserIDContextKey(), userID)
+		c.Set(userIDContextKey, userID)
 		return next(c)
 	}
 }

-func defaultAuthSkipper(c echo.Context) bool {
-	path := c.Path()
-	return util.HasPrefixes(path, "/api/v1/auth")
+func getUserIDFromAccessToken(accessToken, secret string) (int32, error) {
+	claims := &auth.ClaimsMessage{}
+	_, err := jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
+		if t.Method.Alg() != jwt.SigningMethodHS256.Name {
+			return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
+		}
+		if kid, ok := t.Header["kid"].(string); ok {
+			if kid == "v1" {
+				return []byte(secret), nil
+			}
+		}
+		return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
+	})
+	if err != nil {
+		return 0, errors.Wrap(err, "Invalid or expired access token")
+	}
+	// We either have a valid access token or we will attempt to generate new access token.
+	userID, err := util.ConvertStringToInt32(claims.Subject)
+	if err != nil {
+		return 0, errors.Wrap(err, "Malformed ID in the token")
+	}
+	return userID, nil
+}
+
+func validateAccessToken(accessTokenString string, userAccessTokens []*storepb.AccessTokensUserSetting_AccessToken) bool {
+	for _, userAccessToken := range userAccessTokens {
+		if accessTokenString == userAccessToken.AccessToken {
+			return true
+		}
+	}
+	return false
 }
--- a/api/v1/redirector.go
+++ b/api/v1/redirector.go
@ -1,79 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/url"
-
-	"github.com/boojack/shortify/store"
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-)
-
-func (s *APIV1Service) registerRedirectorRoutes(g *echo.Group) {
-	g.GET("/*", func(c echo.Context) error {
-		ctx := c.Request().Context()
-		if len(c.ParamValues()) == 0 {
-			return echo.NewHTTPError(http.StatusBadRequest, "invalid shortcut name")
-		}
-
-		shortcutName := c.ParamValues()[0]
-		shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
-			Name: &shortcutName,
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to get shortcut, err: %s", err)).SetInternal(err)
-		}
-		if shortcut == nil {
-			return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("not found shortcut with name: %s", shortcutName))
-		}
-		if shortcut.Visibility != store.VisibilityPublic {
-			userID, ok := c.Get(getUserIDContextKey()).(int)
-			if !ok {
-				return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-			}
-			if shortcut.Visibility == store.VisibilityPrivate && shortcut.CreatorID != userID {
-				return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-			}
-		}
-
-		if err := s.createShortcutViewActivity(c, shortcut); err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to create activity, err: %s", err)).SetInternal(err)
-		}
-
-		if isValidURLString(shortcut.Link) {
-			return c.Redirect(http.StatusSeeOther, shortcut.Link)
-		}
-		return c.String(http.StatusOK, shortcut.Link)
-	})
-}
-
-func (s *APIV1Service) createShortcutViewActivity(c echo.Context, shortcut *store.Shortcut) error {
-	payload := &ActivityShorcutViewPayload{
-		ShortcutID: shortcut.ID,
-		IP:         c.RealIP(),
-		Referer:    c.Request().Referer(),
-		UserAgent:  c.Request().UserAgent(),
-	}
-	payloadStr, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "Failed to marshal activity payload")
-	}
-	activity := &store.Activity{
-		CreatorID: BotID,
-		Type:      store.ActivityShortcutView,
-		Level:     store.ActivityInfo,
-		Payload:   string(payloadStr),
-	}
-	_, err = s.Store.CreateActivity(c.Request().Context(), activity)
-	if err != nil {
-		return errors.Wrap(err, "Failed to create activity")
-	}
-	return nil
-}
-
-func isValidURLString(s string) bool {
-	_, err := url.ParseRequestURI(s)
-	return err == nil
-}
--- a/api/v1/redirector_test.go
+++ b/api/v1/redirector_test.go
@ -1,33 +0,0 @@
-package v1
-
-import "testing"
-
-func TestIsValidURLString(t *testing.T) {
-	tests := []struct {
-		link     string
-		expected bool
-	}{
-		{
-			link:     "https://google.com",
-			expected: true,
-		},
-		{
-			link:     "http://google.com",
-			expected: true,
-		},
-		{
-			link:     "google.com",
-			expected: false,
-		},
-		{
-			link:     "mailto:email@example.com",
-			expected: true,
-		},
-	}
-
-	for _, test := range tests {
-		if isValidURLString(test.link) != test.expected {
-			t.Errorf("isValidURLString(%s) = %v, expected %v", test.link, !test.expected, test.expected)
-		}
-	}
-}
--- a/api/v1/shortcut.go
+++ b/api/v1/shortcut.go
@ -5,13 +5,15 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"strconv"
 	"strings"

-	"github.com/boojack/shortify/store"
+	"github.com/labstack/echo/v4"
 	"github.com/pkg/errors"

-	"github.com/labstack/echo/v4"
+	"github.com/yourselfhosted/slash/internal/util"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/store"
 )

 // Visibility is the type of a shortcut visibility.
@ -30,46 +32,58 @@ func (v Visibility) String() string {
 	return string(v)
 }

+type OpenGraphMetadata struct {
+	Title       string `json:"title"`
+	Description string `json:"description"`
+	Image       string `json:"image"`
+}
+
 type Shortcut struct {
-	ID int `json:"id"`
+	ID int32 `json:"id"`

 	// Standard fields
-	CreatorID int       `json:"creatorId"`
+	CreatorID int32     `json:"creatorId"`
 	Creator   *User     `json:"creator"`
 	CreatedTs int64     `json:"createdTs"`
 	UpdatedTs int64     `json:"updatedTs"`
 	RowStatus RowStatus `json:"rowStatus"`

 	// Domain specific fields
-	Name        string     `json:"name"`
-	Link        string     `json:"link"`
-	Description string     `json:"description"`
-	Visibility  Visibility `json:"visibility"`
-	Tags        []string   `json:"tags"`
-	View        int        `json:"view"`
+	Name              string             `json:"name"`
+	Link              string             `json:"link"`
+	Title             string             `json:"title"`
+	Description       string             `json:"description"`
+	Visibility        Visibility         `json:"visibility"`
+	Tags              []string           `json:"tags"`
+	View              int                `json:"view"`
+	OpenGraphMetadata *OpenGraphMetadata `json:"openGraphMetadata"`
 }

 type CreateShortcutRequest struct {
-	Name        string     `json:"name"`
-	Link        string     `json:"link"`
-	Description string     `json:"description"`
-	Visibility  Visibility `json:"visibility"`
-	Tags        []string   `json:"tags"`
+	Name              string             `json:"name"`
+	Link              string             `json:"link"`
+	Title             string             `json:"title"`
+	Description       string             `json:"description"`
+	Visibility        Visibility         `json:"visibility"`
+	Tags              []string           `json:"tags"`
+	OpenGraphMetadata *OpenGraphMetadata `json:"openGraphMetadata"`
 }

 type PatchShortcutRequest struct {
-	RowStatus   *RowStatus  `json:"rowStatus"`
-	Name        *string     `json:"name"`
-	Link        *string     `json:"link"`
-	Description *string     `json:"description"`
-	Visibility  *Visibility `json:"visibility"`
-	Tags        []string    `json:"tags"`
+	RowStatus         *RowStatus         `json:"rowStatus"`
+	Name              *string            `json:"name"`
+	Link              *string            `json:"link"`
+	Title             *string            `json:"title"`
+	Description       *string            `json:"description"`
+	Visibility        *Visibility        `json:"visibility"`
+	Tags              []string           `json:"tags"`
+	OpenGraphMetadata *OpenGraphMetadata `json:"openGraphMetadata"`
 }

 func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 	g.POST("/shortcut", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		userID, ok := c.Get(getUserIDContextKey()).(int)
+		userID, ok := c.Get(userIDContextKey).(int32)
 		if !ok {
 			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
 		}
@ -78,14 +92,27 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("malformatted post shortcut request, err: %s", err)).SetInternal(err)
 		}

-		shortcut, err := s.Store.CreateShortcut(ctx, &store.Shortcut{
-			CreatorID:   userID,
-			Name:        strings.ToLower(create.Name),
+		shortcut := &storepb.Shortcut{
+			CreatorId:   userID,
+			Name:        create.Name,
 			Link:        create.Link,
+			Title:       create.Title,
 			Description: create.Description,
-			Visibility:  convertVisibilityToStore(create.Visibility),
-			Tag:         strings.Join(create.Tags, " "),
-		})
+			Visibility:  convertVisibilityToStorepb(create.Visibility),
+			Tags:        create.Tags,
+			OgMetadata:  &storepb.OpenGraphMetadata{},
+		}
+		if create.Name == "" {
+			return echo.NewHTTPError(http.StatusBadRequest, "name is required")
+		}
+		if create.OpenGraphMetadata != nil {
+			shortcut.OgMetadata = &storepb.OpenGraphMetadata{
+				Title:       create.OpenGraphMetadata.Title,
+				Description: create.OpenGraphMetadata.Description,
+				Image:       create.OpenGraphMetadata.Image,
+			}
+		}
+		shortcut, err := s.Store.CreateShortcut(ctx, shortcut)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to create shortcut, err: %s", err)).SetInternal(err)
 		}
@ -94,20 +121,21 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to create shortcut activity, err: %s", err)).SetInternal(err)
 		}

-		shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStore(shortcut))
+		shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStorepb(shortcut))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to compose shortcut, err: %s", err)).SetInternal(err)
 		}
+		metric.Enqueue("shortcut create")
 		return c.JSON(http.StatusOK, shortcutMessage)
 	})

 	g.PATCH("/shortcut/:shortcutId", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		shortcutID, err := strconv.Atoi(c.Param("shortcutId"))
+		shortcutID, err := util.ConvertStringToInt32(c.Param("shortcutId"))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("shortcut ID is not a number: %s", c.Param("shortcutId"))).SetInternal(err)
 		}
-		userID, ok := c.Get(getUserIDContextKey()).(int)
+		userID, ok := c.Get(userIDContextKey).(int32)
 		if !ok {
 			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
 		}
@ -127,7 +155,7 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 		if shortcut == nil {
 			return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("not found shortcut with id: %d", shortcutID))
 		}
-		if shortcut.CreatorID != userID && currentUser.Role != store.RoleAdmin {
+		if shortcut.CreatorId != userID && currentUser.Role != store.RoleAdmin {
 			return echo.NewHTTPError(http.StatusForbidden, "unauthorized to update shortcut")
 		}

@ -135,15 +163,12 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 		if err := json.NewDecoder(c.Request().Body).Decode(patch); err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("failed to decode patch shortcut request, err: %s", err)).SetInternal(err)
 		}
-		if patch.Name != nil {
-			name := strings.ToLower(*patch.Name)
-			patch.Name = &name
-		}

 		shortcutUpdate := &store.UpdateShortcut{
 			ID:          shortcutID,
 			Name:        patch.Name,
 			Link:        patch.Link,
+			Title:       patch.Title,
 			Description: patch.Description,
 		}
 		if patch.RowStatus != nil {
@ -156,12 +181,19 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 			tag := strings.Join(patch.Tags, " ")
 			shortcutUpdate.Tag = &tag
 		}
+		if patch.OpenGraphMetadata != nil {
+			shortcutUpdate.OpenGraphMetadata = &storepb.OpenGraphMetadata{
+				Title:       patch.OpenGraphMetadata.Title,
+				Description: patch.OpenGraphMetadata.Description,
+				Image:       patch.OpenGraphMetadata.Image,
+			}
+		}
 		shortcut, err = s.Store.UpdateShortcut(ctx, shortcutUpdate)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to patch shortcut, err: %s", err)).SetInternal(err)
 		}

-		shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStore(shortcut))
+		shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStorepb(shortcut))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to compose shortcut, err: %s", err)).SetInternal(err)
 		}
@ -170,24 +202,17 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {

 	g.GET("/shortcut", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		userID, ok := c.Get(getUserIDContextKey()).(int)
+		userID, ok := c.Get(userIDContextKey).(int32)
 		if !ok {
 			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
 		}

 		find := &store.FindShortcut{}
-		if creatorIDStr := c.QueryParam("creatorId"); creatorIDStr != "" {
-			creatorID, err := strconv.Atoi(creatorIDStr)
-			if err != nil {
-				return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("unwanted creator id string: %s", creatorIDStr))
-			}
-			find.CreatorID = &creatorID
-		}
 		if tag := c.QueryParam("tag"); tag != "" {
 			find.Tag = &tag
 		}

-		list := []*store.Shortcut{}
+		list := []*storepb.Shortcut{}
 		find.VisibilityList = []store.Visibility{store.VisibilityWorkspace, store.VisibilityPublic}
 		visibleShortcutList, err := s.Store.ListShortcuts(ctx, find)
 		if err != nil {
@ -205,7 +230,7 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {

 		shortcutMessageList := []*Shortcut{}
 		for _, shortcut := range list {
-			shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStore(shortcut))
+			shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStorepb(shortcut))
 			if err != nil {
 				return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to compose shortcut, err: %s", err)).SetInternal(err)
 			}
@ -216,7 +241,7 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {

 	g.GET("/shortcut/:id", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		shortcutID, err := strconv.Atoi(c.Param("id"))
+		shortcutID, err := util.ConvertStringToInt32(c.Param("id"))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("shortcut id is not a number: %s", c.Param("id"))).SetInternal(err)
 		}
@ -231,7 +256,7 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("not found shortcut with id: %d", shortcutID))
 		}

-		shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStore(shortcut))
+		shortcutMessage, err := s.composeShortcut(ctx, convertShortcutFromStorepb(shortcut))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to compose shortcut, err: %s", err)).SetInternal(err)
 		}
@ -240,11 +265,11 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {

 	g.DELETE("/shortcut/:id", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		shortcutID, err := strconv.Atoi(c.Param("id"))
+		shortcutID, err := util.ConvertStringToInt32(c.Param("id"))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("shortcut id is not a number: %s", c.Param("id"))).SetInternal(err)
 		}
-		userID, ok := c.Get(getUserIDContextKey()).(int)
+		userID, ok := c.Get(userIDContextKey).(int32)
 		if !ok {
 			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
 		}
@ -264,41 +289,18 @@ func (s *APIV1Service) registerShortcutRoutes(g *echo.Group) {
 		if shortcut == nil {
 			return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("not found shortcut with id: %d", shortcutID))
 		}
-		if shortcut.CreatorID != userID && currentUser.Role != store.RoleAdmin {
+		if shortcut.CreatorId != userID && currentUser.Role != store.RoleAdmin {
 			return echo.NewHTTPError(http.StatusForbidden, "Unauthorized to delete shortcut")
 		}

-		if err := s.Store.DeleteShortcut(ctx, &store.DeleteShortcut{
-			ID: shortcutID,
-		}); err != nil {
+		err = s.Store.DeleteShortcut(ctx, &store.DeleteShortcut{ID: shortcutID})
+		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to delete shortcut, err: %s", err)).SetInternal(err)
 		}
-
 		return c.JSON(http.StatusOK, true)
 	})
 }

-func (s *APIV1Service) createShortcutCreateActivity(ctx context.Context, shortcut *store.Shortcut) error {
-	payload := &ActivityShorcutCreatePayload{
-		ShortcutID: shortcut.ID,
-	}
-	payloadStr, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "Failed to marshal activity payload")
-	}
-	activity := &store.Activity{
-		CreatorID: shortcut.CreatorID,
-		Type:      store.ActivityShortcutCreate,
-		Level:     store.ActivityInfo,
-		Payload:   string(payloadStr),
-	}
-	_, err = s.Store.CreateActivity(ctx, activity)
-	if err != nil {
-		return errors.Wrap(err, "Failed to create activity")
-	}
-	return nil
-}
-
 func (s *APIV1Service) composeShortcut(ctx context.Context, shortcut *Shortcut) (*Shortcut, error) {
 	if shortcut == nil {
 		return nil, nil
@ -310,12 +312,15 @@ func (s *APIV1Service) composeShortcut(ctx context.Context, shortcut *Shortcut)
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to get creator")
 	}
+	if user == nil {
+		return nil, errors.New("Creator not found")
+	}
 	shortcut.Creator = convertUserFromStore(user)

 	activityList, err := s.Store.ListActivities(ctx, &store.FindActivity{
-		Type:  store.ActivityShortcutView,
-		Level: store.ActivityInfo,
-		Where: []string{fmt.Sprintf("json_extract(payload, '$.shortcutId') = %d", shortcut.ID)},
+		Type:              store.ActivityShortcutView,
+		Level:             store.ActivityInfo,
+		PayloadShortcutID: &shortcut.ID,
 	})
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to list activities")
@ -325,35 +330,57 @@ func (s *APIV1Service) composeShortcut(ctx context.Context, shortcut *Shortcut)
 	return shortcut, nil
 }

-func convertVisibilityToStore(visibility Visibility) store.Visibility {
-	switch visibility {
-	case VisibilityPrivate:
-		return store.VisibilityPrivate
-	case VisibilityWorkspace:
-		return store.VisibilityWorkspace
-	case VisibilityPublic:
-		return store.VisibilityPublic
-	default:
-		return store.VisibilityPrivate
-	}
-}
-
-func convertShortcutFromStore(shortcut *store.Shortcut) *Shortcut {
-	tags := []string{}
-	if shortcut.Tag != "" {
-		tags = append(tags, strings.Split(shortcut.Tag, " ")...)
-	}
-
+func convertShortcutFromStorepb(shortcut *storepb.Shortcut) *Shortcut {
 	return &Shortcut{
-		ID:          shortcut.ID,
+		ID:          shortcut.Id,
 		CreatedTs:   shortcut.CreatedTs,
 		UpdatedTs:   shortcut.UpdatedTs,
-		CreatorID:   shortcut.CreatorID,
+		CreatorID:   shortcut.CreatorId,
+		RowStatus:   RowStatus(shortcut.RowStatus.String()),
 		Name:        shortcut.Name,
 		Link:        shortcut.Link,
+		Title:       shortcut.Title,
 		Description: shortcut.Description,
-		Visibility:  Visibility(shortcut.Visibility),
-		RowStatus:   RowStatus(shortcut.RowStatus),
-		Tags:        tags,
+		Visibility:  Visibility(shortcut.Visibility.String()),
+		Tags:        shortcut.Tags,
+		OpenGraphMetadata: &OpenGraphMetadata{
+			Title:       shortcut.OgMetadata.Title,
+			Description: shortcut.OgMetadata.Description,
+			Image:       shortcut.OgMetadata.Image,
+		},
 	}
 }
+
+func convertVisibilityToStorepb(visibility Visibility) storepb.Visibility {
+	switch visibility {
+	case VisibilityPublic:
+		return storepb.Visibility_PUBLIC
+	case VisibilityWorkspace:
+		return storepb.Visibility_WORKSPACE
+	case VisibilityPrivate:
+		return storepb.Visibility_PRIVATE
+	default:
+		return storepb.Visibility_PUBLIC
+	}
+}
+
+func (s *APIV1Service) createShortcutCreateActivity(ctx context.Context, shortcut *storepb.Shortcut) error {
+	payload := &ActivityShorcutCreatePayload{
+		ShortcutID: shortcut.Id,
+	}
+	payloadStr, err := json.Marshal(payload)
+	if err != nil {
+		return errors.Wrap(err, "Failed to marshal activity payload")
+	}
+	activity := &store.Activity{
+		CreatorID: shortcut.CreatorId,
+		Type:      store.ActivityShortcutCreate,
+		Level:     store.ActivityInfo,
+		Payload:   string(payloadStr),
+	}
+	_, err = s.Store.CreateActivity(ctx, activity)
+	if err != nil {
+		return errors.Wrap(err, "Failed to create activity")
+	}
+	return nil
+}
--- a/api/v1/url_util.go
+++ b/api/v1/url_util.go
@ -1,30 +0,0 @@
-package v1
-
-import (
-	"fmt"
-	"net/http"
-
-	"github.com/labstack/echo/v4"
-	"go.deanishe.net/favicon"
-)
-
-func (*APIV1Service) registerURLUtilRoutes(g *echo.Group) {
-	g.GET("/url/favicon", func(c echo.Context) error {
-		url := c.QueryParam("url")
-		icons, err := favicon.Find(url)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("failed to find favicon, err: %s", err))
-		}
-
-		availableIcons := []*favicon.Icon{}
-		for _, icon := range icons {
-			if icon.Width == icon.Height {
-				availableIcons = append(availableIcons, icon)
-			}
-		}
-		if len(availableIcons) == 0 {
-			return echo.NewHTTPError(http.StatusNotFound, "no favicon found")
-		}
-		return c.JSON(http.StatusOK, availableIcons[0].URL)
-	})
-}
--- a/api/v1/user.go
+++ b/api/v1/user.go
@ -5,12 +5,15 @@ import (
 	"fmt"
 	"net/http"
 	"net/mail"
-	"strconv"
-
-	"github.com/boojack/shortify/store"

 	"github.com/labstack/echo/v4"
+	"github.com/pkg/errors"
 	"golang.org/x/crypto/bcrypt"
+
+	"github.com/yourselfhosted/slash/internal/util"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/server/service/license"
+	"github.com/yourselfhosted/slash/store"
 )

 const (
@ -39,7 +42,7 @@ func (r Role) String() string {
 }

 type User struct {
-	ID int `json:"id"`
+	ID int32 `json:"id"`

 	// Standard fields
 	CreatedTs int64     `json:"createdTs"`
@ -56,18 +59,18 @@ type CreateUserRequest struct {
 	Email    string `json:"email"`
 	Nickname string `json:"nickname"`
 	Password string `json:"password"`
-	Role     Role   `json:"-"`
+	Role     Role   `json:"role"`
 }

 func (create CreateUserRequest) Validate() error {
 	if create.Email != "" && !validateEmail(create.Email) {
-		return fmt.Errorf("invalid email format")
+		return errors.New("invalid email format")
 	}
 	if create.Nickname != "" && len(create.Nickname) < 3 {
-		return fmt.Errorf("nickname is too short, minimum length is 3")
+		return errors.New("nickname is too short, minimum length is 3")
 	}
 	if len(create.Password) < 3 {
-		return fmt.Errorf("password is too short, minimum length is 3")
+		return errors.New("password is too short, minimum length is 3")
 	}

 	return nil
@ -78,13 +81,67 @@ type PatchUserRequest struct {
 	Email     *string    `json:"email"`
 	Nickname  *string    `json:"nickname"`
 	Password  *string    `json:"password"`
-}
-
-type UserDelete struct {
-	ID int
+	Role      *Role      `json:"role"`
 }

 func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
+	g.POST("/user", func(c echo.Context) error {
+		ctx := c.Request().Context()
+		userID, ok := c.Get(userIDContextKey).(int32)
+		if !ok {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
+		}
+		currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+			ID: &userID,
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by id").SetInternal(err)
+		}
+		if currentUser == nil {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
+		}
+		if currentUser.Role != store.RoleAdmin {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized to create user")
+		}
+
+		if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
+			userList, err := s.Store.ListUsers(ctx, &store.FindUser{})
+			if err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to list users").SetInternal(err)
+			}
+			if len(userList) >= 5 {
+				return echo.NewHTTPError(http.StatusBadRequest, "Maximum number of users reached")
+			}
+		}
+
+		userCreate := &CreateUserRequest{}
+		if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post user request").SetInternal(err)
+		}
+		if err := userCreate.Validate(); err != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, "Invalid user create format").SetInternal(err)
+		}
+
+		passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost)
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
+		}
+
+		user, err := s.Store.CreateUser(ctx, &store.User{
+			Role:         store.Role(userCreate.Role),
+			Email:        userCreate.Email,
+			Nickname:     userCreate.Nickname,
+			PasswordHash: string(passwordHash),
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
+		}
+
+		userMessage := convertUserFromStore(user)
+		metric.Enqueue("user create")
+		return c.JSON(http.StatusOK, userMessage)
+	})
+
 	g.GET("/user", func(c echo.Context) error {
 		ctx := c.Request().Context()
 		list, err := s.Store.ListUsers(ctx, &store.FindUser{})
@ -102,7 +159,7 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
 	// GET /api/user/me is used to check if the user is logged in.
 	g.GET("/user/me", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		userID, ok := c.Get(getUserIDContextKey()).(int)
+		userID, ok := c.Get(userIDContextKey).(int32)
 		if !ok {
 			return echo.NewHTTPError(http.StatusUnauthorized, "missing auth session")
 		}
@ -119,7 +176,7 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {

 	g.GET("/user/:id", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		userID, err := strconv.Atoi(c.Param("id"))
+		userID, err := util.ConvertStringToInt32(c.Param("id"))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("user id is not a number: %s", c.Param("id"))).SetInternal(err)
 		}
@ -131,20 +188,34 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user, err: %s", err)).SetInternal(err)
 		}

-		return c.JSON(http.StatusOK, convertUserFromStore(user))
+		userMessage := convertUserFromStore(user)
+		userID, ok := c.Get(userIDContextKey).(int32)
+		if !ok {
+			userMessage.Email = ""
+		}
+		return c.JSON(http.StatusOK, userMessage)
 	})

 	g.PATCH("/user/:id", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		userID, err := strconv.Atoi(c.Param("id"))
+		userID, err := util.ConvertStringToInt32(c.Param("id"))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("user id is not a number: %s", c.Param("id"))).SetInternal(err)
 		}
-		currentUserID, ok := c.Get(getUserIDContextKey()).(int)
+		currentUserID, ok := c.Get(userIDContextKey).(int32)
 		if !ok {
 			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
 		}
-		if currentUserID != userID {
+		currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+			ID: &currentUserID,
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "failed to find current user").SetInternal(err)
+		}
+		if currentUser == nil {
+			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
+		}
+		if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
 			return echo.NewHTTPError(http.StatusForbidden, "access forbidden for current session user").SetInternal(err)
 		}

@ -154,13 +225,12 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
 		}

 		updateUser := &store.UpdateUser{
-			ID: currentUserID,
+			ID: userID,
 		}
 		if userPatch.Email != nil {
 			if !validateEmail(*userPatch.Email) {
 				return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("invalid email format: %s", *userPatch.Email))
 			}
-
 			updateUser.Email = userPatch.Email
 		}
 		if userPatch.Nickname != nil {
@ -175,6 +245,24 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
 			passwordHashStr := string(passwordHash)
 			updateUser.PasswordHash = &passwordHashStr
 		}
+		if userPatch.RowStatus != nil {
+			rowStatus := store.RowStatus(*userPatch.RowStatus)
+			updateUser.RowStatus = &rowStatus
+		}
+		if userPatch.Role != nil {
+			adminRole := store.RoleAdmin
+			adminUsers, err := s.Store.ListUsers(ctx, &store.FindUser{
+				Role: &adminRole,
+			})
+			if err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to list admin users, err: %s", err)).SetInternal(err)
+			}
+			if len(adminUsers) == 1 && adminUsers[0].ID == userID && *userPatch.Role != RoleAdmin {
+				return echo.NewHTTPError(http.StatusBadRequest, "cannot remove admin role from the last admin user")
+			}
+			role := store.Role(*userPatch.Role)
+			updateUser.Role = &role
+		}

 		user, err := s.Store.UpdateUser(ctx, updateUser)
 		if err != nil {
@ -186,7 +274,7 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {

 	g.DELETE("/user/:id", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		currentUserID, ok := c.Get(getUserIDContextKey()).(int)
+		currentUserID, ok := c.Get(userIDContextKey).(int32)
 		if !ok {
 			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
 		}
@ -203,10 +291,22 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusForbidden, "access forbidden for current session user").SetInternal(err)
 		}

-		userID, err := strconv.Atoi(c.Param("id"))
+		userID, err := util.ConvertStringToInt32(c.Param("id"))
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("user id is not a number: %s", c.Param("id"))).SetInternal(err)
 		}
+		user, err := s.Store.GetUser(ctx, &store.FindUser{
+			ID: &userID,
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user, err: %s", err)).SetInternal(err)
+		}
+		if user == nil {
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("user not found with ID: %d", userID)).SetInternal(err)
+		}
+		if user.Role == store.RoleAdmin {
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("cannot delete admin user with ID: %d", userID)).SetInternal(err)
+		}

 		if err := s.Store.DeleteUser(ctx, &store.DeleteUser{
 			ID: userID,
--- a/api/v1/user_setting.go
+++ b/api/v1/user_setting.go
@ -2,7 +2,8 @@ package v1

 import (
 	"encoding/json"
-	"fmt"
+
+	"github.com/pkg/errors"
 )

 type UserSettingKey string
@ -13,11 +14,8 @@ const (
 )

 // String returns the string format of UserSettingKey type.
-func (key UserSettingKey) String() string {
-	if key == UserSettingLocaleKey {
-		return "locale"
-	}
-	return ""
+func (k UserSettingKey) String() string {
+	return string(k)
 }

 var (
@ -27,7 +25,7 @@ var (
 type UserSetting struct {
 	UserID int
 	Key    UserSettingKey `json:"key"`
-	// Value is a JSON string with basic value
+	// Value is a JSON string with basic value.
 	Value string `json:"value"`
 }

@ -42,7 +40,7 @@ func (upsert UserSettingUpsert) Validate() error {
 		localeValue := "en"
 		err := json.Unmarshal([]byte(upsert.Value), &localeValue)
 		if err != nil {
-			return fmt.Errorf("failed to unmarshal user setting locale value")
+			return errors.New("failed to unmarshal user setting locale value")
 		}

 		invalid := true
@ -53,10 +51,10 @@ func (upsert UserSettingUpsert) Validate() error {
 			}
 		}
 		if invalid {
-			return fmt.Errorf("invalid user setting locale value")
+			return errors.New("invalid user setting locale value")
 		}
 	} else {
-		return fmt.Errorf("invalid user setting key")
+		return errors.New("invalid user setting key")
 	}

 	return nil
--- a/api/v1/v1.go
+++ b/api/v1/v1.go
@ -1,21 +1,24 @@
 package v1

 import (
-	"github.com/boojack/shortify/server/profile"
-	"github.com/boojack/shortify/store"
-
 	"github.com/labstack/echo/v4"
+
+	"github.com/yourselfhosted/slash/server/profile"
+	"github.com/yourselfhosted/slash/server/service/license"
+	"github.com/yourselfhosted/slash/store"
 )

 type APIV1Service struct {
-	Profile *profile.Profile
-	Store   *store.Store
+	Profile        *profile.Profile
+	Store          *store.Store
+	LicenseService *license.LicenseService
 }

-func NewAPIV1Service(profile *profile.Profile, store *store.Store) *APIV1Service {
+func NewAPIV1Service(profile *profile.Profile, store *store.Store, licenseService *license.LicenseService) *APIV1Service {
 	return &APIV1Service{
-		Profile: profile,
-		Store:   store,
+		Profile:        profile,
+		Store:          store,
+		LicenseService: licenseService,
 	}
 }

@ -24,15 +27,9 @@ func (s *APIV1Service) Start(apiGroup *echo.Group, secret string) {
 	apiV1Group.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
 		return JWTMiddleware(s, next, secret)
 	})
-	s.registerURLUtilRoutes(apiV1Group)
 	s.registerWorkspaceRoutes(apiV1Group)
 	s.registerAuthRoutes(apiV1Group, secret)
 	s.registerUserRoutes(apiV1Group)
 	s.registerShortcutRoutes(apiV1Group)
-
-	redirectorGroup := apiGroup.Group("/s")
-	redirectorGroup.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
-		return JWTMiddleware(s, next, secret)
-	})
-	s.registerRedirectorRoutes(redirectorGroup)
+	s.registerAnalyticsRoutes(apiV1Group)
 }
--- a/api/v1/workspace.go
+++ b/api/v1/workspace.go
@ -1,39 +1,16 @@
 package v1

 import (
-	"encoding/json"
 	"fmt"
 	"net/http"

-	"github.com/boojack/shortify/server/profile"
-	"github.com/boojack/shortify/store"
 	"github.com/labstack/echo/v4"
+
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/server/profile"
+	"github.com/yourselfhosted/slash/store"
 )

-type WorkspaceSetting struct {
-	Key   string `json:"key"`
-	Value string `json:"value"`
-}
-
-type WorkspaceSettingUpsert struct {
-	Key   string `json:"key"`
-	Value string `json:"value"`
-}
-
-func (upsert WorkspaceSettingUpsert) Validate() error {
-	if upsert.Key == store.WorkspaceDisallowSignUp.String() {
-		value := false
-		err := json.Unmarshal([]byte(upsert.Value), &value)
-		if err != nil {
-			return fmt.Errorf("failed to unmarshal workspace setting disallow signup value")
-		}
-	} else {
-		return fmt.Errorf("invalid workspace setting key")
-	}
-
-	return nil
-}
-
 type WorkspaceProfile struct {
 	Profile        *profile.Profile `json:"profile"`
 	DisallowSignUp bool             `json:"disallowSignUp"`
@ -47,87 +24,16 @@ func (s *APIV1Service) registerWorkspaceRoutes(g *echo.Group) {
 			DisallowSignUp: false,
 		}

-		disallowSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
-			Key: store.WorkspaceDisallowSignUp,
+		enableSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
+			Key: storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP,
 		})
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to find workspace setting, err: %s", err)).SetInternal(err)
 		}
-		if disallowSignUpSetting != nil {
-			workspaceProfile.DisallowSignUp = disallowSignUpSetting.Value == "true"
+		if enableSignUpSetting != nil {
+			workspaceProfile.DisallowSignUp = !enableSignUpSetting.GetEnableSignup()
 		}

 		return c.JSON(http.StatusOK, workspaceProfile)
 	})
-
-	g.POST("/workspace/setting", func(c echo.Context) error {
-		ctx := c.Request().Context()
-		userID, ok := c.Get(getUserIDContextKey()).(int)
-		if !ok {
-			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
-		}
-
-		user, err := s.Store.GetUser(ctx, &store.FindUser{
-			ID: &userID,
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to find user, err: %s", err)).SetInternal(err)
-		}
-		if user == nil || user.Role != store.RoleAdmin {
-			return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-		}
-
-		upsert := &WorkspaceSettingUpsert{}
-		if err := json.NewDecoder(c.Request().Body).Decode(upsert); err != nil {
-			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("failed to decode request body, err: %s", err)).SetInternal(err)
-		}
-		if err := upsert.Validate(); err != nil {
-			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("invalid request body, err: %s", err)).SetInternal(err)
-		}
-
-		workspaceSetting, err := s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
-			Key:   store.WorkspaceSettingKey(upsert.Key),
-			Value: upsert.Value,
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert workspace setting, err: %s", err)).SetInternal(err)
-		}
-		return c.JSON(http.StatusOK, convertWorkspaceSettingFromStore(workspaceSetting))
-	})
-
-	g.GET("/workspace/setting", func(c echo.Context) error {
-		ctx := c.Request().Context()
-		userID, ok := c.Get(getUserIDContextKey()).(int)
-		if !ok {
-			return echo.NewHTTPError(http.StatusUnauthorized, "missing user in session")
-		}
-
-		user, err := s.Store.GetUser(ctx, &store.FindUser{
-			ID: &userID,
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to find user, err: %s", err)).SetInternal(err)
-		}
-		if user == nil || user.Role != store.RoleAdmin {
-			return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-		}
-
-		list, err := s.Store.ListWorkspaceSettings(ctx, &store.FindWorkspaceSetting{})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to list workspace settings, err: %s", err)).SetInternal(err)
-		}
-
-		workspaceSettingList := []*WorkspaceSetting{}
-		for _, workspaceSetting := range list {
-			workspaceSettingList = append(workspaceSettingList, convertWorkspaceSettingFromStore(workspaceSetting))
-		}
-		return c.JSON(http.StatusOK, workspaceSettingList)
-	})
-}
-
-func convertWorkspaceSettingFromStore(workspaceSetting *store.WorkspaceSetting) *WorkspaceSetting {
-	return &WorkspaceSetting{
-		Key:   workspaceSetting.Key.String(),
-		Value: workspaceSetting.Value,
-	}
 }
--- a/api/v2/acl.go
+++ b/api/v2/acl.go
@ -0,0 +1,174 @@
+package v2
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	"github.com/golang-jwt/jwt/v4"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+
+	"github.com/yourselfhosted/slash/api/auth"
+	"github.com/yourselfhosted/slash/internal/util"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/store"
+)
+
+// ContextKey is the key type of context value.
+type ContextKey int
+
+const (
+	// The key name used to store user id in the context
+	// user id is extracted from the jwt token subject field.
+	userIDContextKey ContextKey = iota
+)
+
+// GRPCAuthInterceptor is the auth interceptor for gRPC server.
+type GRPCAuthInterceptor struct {
+	Store  *store.Store
+	secret string
+}
+
+// NewGRPCAuthInterceptor returns a new API auth interceptor.
+func NewGRPCAuthInterceptor(store *store.Store, secret string) *GRPCAuthInterceptor {
+	return &GRPCAuthInterceptor{
+		Store:  store,
+		secret: secret,
+	}
+}
+
+// AuthenticationInterceptor is the unary interceptor for gRPC API.
+func (in *GRPCAuthInterceptor) AuthenticationInterceptor(ctx context.Context, request any, serverInfo *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return nil, status.Errorf(codes.Unauthenticated, "failed to parse metadata from incoming context")
+	}
+	accessToken, err := getTokenFromMetadata(md)
+	if err != nil {
+		return nil, status.Errorf(codes.Unauthenticated, "failed to get access token from metadata: %v", err)
+	}
+
+	userID, err := in.authenticate(ctx, accessToken)
+	if err != nil {
+		if isUnauthorizeAllowedMethod(serverInfo.FullMethod) {
+			return handler(ctx, request)
+		}
+		return nil, err
+	}
+	user, err := in.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get user")
+	}
+	if user == nil {
+		return nil, status.Errorf(codes.Unauthenticated, "user ID %q not exists in the access token", userID)
+	}
+	if isOnlyForAdminAllowedMethod(serverInfo.FullMethod) && user.Role != store.RoleAdmin {
+		return nil, status.Errorf(codes.PermissionDenied, "user ID %q is not admin", userID)
+	}
+
+	// Stores userID into context.
+	childCtx := context.WithValue(ctx, userIDContextKey, userID)
+	return handler(childCtx, request)
+}
+
+func (in *GRPCAuthInterceptor) authenticate(ctx context.Context, accessToken string) (int32, error) {
+	if accessToken == "" {
+		return 0, status.Errorf(codes.Unauthenticated, "access token not found")
+	}
+	claims := &auth.ClaimsMessage{}
+	_, err := jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
+		if t.Method.Alg() != jwt.SigningMethodHS256.Name {
+			return nil, status.Errorf(codes.Unauthenticated, "unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
+		}
+		if kid, ok := t.Header["kid"].(string); ok {
+			if kid == "v1" {
+				return []byte(in.secret), nil
+			}
+		}
+		return nil, status.Errorf(codes.Unauthenticated, "unexpected access token kid=%v", t.Header["kid"])
+	})
+	if err != nil {
+		return 0, status.Errorf(codes.Unauthenticated, "Invalid or expired access token")
+	}
+	if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) {
+		return 0, status.Errorf(codes.Unauthenticated,
+			"invalid access token, audience mismatch, got %q, expected %q. you may send request to the wrong environment",
+			claims.Audience,
+			auth.AccessTokenAudienceName,
+		)
+	}
+
+	userID, err := util.ConvertStringToInt32(claims.Subject)
+	if err != nil {
+		return 0, status.Errorf(codes.Unauthenticated, "malformed ID %q in the access token", claims.Subject)
+	}
+	user, err := in.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return 0, status.Errorf(codes.Unauthenticated, "failed to find user ID %q in the access token", userID)
+	}
+	if user == nil {
+		return 0, status.Errorf(codes.Unauthenticated, "user ID %q not exists in the access token", userID)
+	}
+	if user.RowStatus == store.Archived {
+		return 0, status.Errorf(codes.Unauthenticated, "user ID %q has been deactivated by administrators", userID)
+	}
+
+	accessTokens, err := in.Store.GetUserAccessTokens(ctx, user.ID)
+	if err != nil {
+		return 0, errors.Wrapf(err, "failed to get user access tokens")
+	}
+	if !validateAccessToken(accessToken, accessTokens) {
+		return 0, status.Errorf(codes.Unauthenticated, "invalid access token")
+	}
+
+	return userID, nil
+}
+
+func getTokenFromMetadata(md metadata.MD) (string, error) {
+	// Try to get the token from the authorization header first.
+	authorizationHeaders := md.Get("Authorization")
+	if len(authorizationHeaders) > 0 {
+		authHeaderParts := strings.Fields(authorizationHeaders[0])
+		if len(authHeaderParts) != 2 || strings.ToLower(authHeaderParts[0]) != "bearer" {
+			return "", errors.Errorf("authorization header format must be Bearer {token}")
+		}
+		return authHeaderParts[1], nil
+	}
+	// Try to get the token from the cookie header.
+	var accessToken string
+	for _, t := range append(md.Get("grpcgateway-cookie"), md.Get("cookie")...) {
+		header := http.Header{}
+		header.Add("Cookie", t)
+		request := http.Request{Header: header}
+		if v, _ := request.Cookie(auth.AccessTokenCookieName); v != nil {
+			accessToken = v.Value
+		}
+	}
+	return accessToken, nil
+}
+
+func audienceContains(audience jwt.ClaimStrings, token string) bool {
+	for _, v := range audience {
+		if v == token {
+			return true
+		}
+	}
+	return false
+}
+
+func validateAccessToken(accessTokenString string, userAccessTokens []*storepb.AccessTokensUserSetting_AccessToken) bool {
+	for _, userAccessToken := range userAccessTokens {
+		if accessTokenString == userAccessToken.AccessToken {
+			return true
+		}
+	}
+	return false
+}
--- a/api/v2/acl_config.go
+++ b/api/v2/acl_config.go
@ -0,0 +1,34 @@
+package v2
+
+import "strings"
+
+var allowedMethodsWhenUnauthorized = map[string]bool{
+	"/slash.api.v2.WorkspaceService/GetWorkspaceProfile":  true,
+	"/slash.api.v2.WorkspaceService/GetWorkspaceSetting":  true,
+	"/slash.api.v2.AuthService/SignIn":                    true,
+	"/slash.api.v2.AuthService/SignUp":                    true,
+	"/slash.api.v2.AuthService/SignOut":                   true,
+	"/memos.api.v2.AuthService/GetAuthStatus":             true,
+	"/slash.api.v2.ShortcutService/GetShortcutByName":     true,
+	"/slash.api.v2.CollectionService/GetCollectionByName": true,
+}
+
+// isUnauthorizeAllowedMethod returns true if the method is allowed to be called when the user is not authorized.
+func isUnauthorizeAllowedMethod(methodName string) bool {
+	if strings.HasPrefix(methodName, "/grpc.reflection") {
+		return true
+	}
+	return allowedMethodsWhenUnauthorized[methodName]
+}
+
+var allowedMethodsOnlyForAdmin = map[string]bool{
+	"/slash.api.v2.UserService/CreateUser":                  true,
+	"/slash.api.v2.UserService/DeleteUser":                  true,
+	"/slash.api.v2.WorkspaceService/UpdateWorkspaceSetting": true,
+	"/slash.api.v2.SubscriptionService/UpdateSubscription":  true,
+}
+
+// isOnlyForAdminAllowedMethod returns true if the method is allowed to be called only by admin.
+func isOnlyForAdminAllowedMethod(methodName string) bool {
+	return allowedMethodsOnlyForAdmin[methodName]
+}
--- a/api/v2/auth_service.go
+++ b/api/v2/auth_service.go
@ -0,0 +1,149 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"golang.org/x/crypto/bcrypt"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+
+	"github.com/yourselfhosted/slash/api/auth"
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/server/service/license"
+	"github.com/yourselfhosted/slash/store"
+)
+
+func (s *APIV2Service) GetAuthStatus(ctx context.Context, _ *apiv2pb.GetAuthStatusRequest) (*apiv2pb.GetAuthStatusResponse, error) {
+	user, err := getCurrentUser(ctx, s.Store)
+	if err != nil {
+		return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
+	}
+	if user == nil {
+		return nil, status.Errorf(codes.Unauthenticated, "user not found")
+	}
+	return &apiv2pb.GetAuthStatusResponse{
+		User: convertUserFromStore(user),
+	}, nil
+}
+
+func (s *APIV2Service) SignIn(ctx context.Context, request *apiv2pb.SignInRequest) (*apiv2pb.SignInResponse, error) {
+	user, err := s.Store.GetUser(ctx, &store.FindUser{
+		Email: &request.Email,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to find user by email %s", request.Email))
+	}
+	if user == nil {
+		return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("user not found with email %s", request.Email))
+	} else if user.RowStatus == store.Archived {
+		return nil, status.Errorf(codes.PermissionDenied, fmt.Sprintf("user has been archived with email %s", request.Email))
+	}
+
+	// Compare the stored hashed password, with the hashed version of the password that was received.
+	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(request.Password)); err != nil {
+		return nil, status.Errorf(codes.InvalidArgument, "unmatched email and password")
+	}
+
+	accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(s.Secret))
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to generate tokens, err: %s", err))
+	}
+	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, "user login"); err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to upsert access token to store, err: %s", err))
+	}
+
+	if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
+		"Set-Cookie": fmt.Sprintf("%s=%s; Path=/; Expires=%s; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName, accessToken, time.Now().Add(auth.AccessTokenDuration).Format(time.RFC1123)),
+	})); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
+	}
+
+	metric.Enqueue("user sign in")
+	return &apiv2pb.SignInResponse{
+		User: convertUserFromStore(user),
+	}, nil
+}
+
+func (s *APIV2Service) SignUp(ctx context.Context, request *apiv2pb.SignUpRequest) (*apiv2pb.SignUpResponse, error) {
+	enableSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
+		Key: storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to get workspace setting, err: %s", err))
+	}
+	if enableSignUpSetting != nil && !enableSignUpSetting.GetEnableSignup() {
+		return nil, status.Errorf(codes.PermissionDenied, "sign up is not allowed")
+	}
+
+	if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
+		userList, err := s.Store.ListUsers(ctx, &store.FindUser{})
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to list users, err: %s", err))
+		}
+		if len(userList) >= 5 {
+			return nil, status.Errorf(codes.InvalidArgument, "maximum number of users reached")
+		}
+	}
+
+	passwordHash, err := bcrypt.GenerateFromPassword([]byte(request.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to generate password hash, err: %s", err))
+	}
+
+	create := &store.User{
+		Email:        request.Email,
+		Nickname:     request.Nickname,
+		PasswordHash: string(passwordHash),
+	}
+	existingUsers, err := s.Store.ListUsers(ctx, &store.FindUser{})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to list users, err: %s", err))
+	}
+	// The first user to sign up is an admin by default.
+	if len(existingUsers) == 0 {
+		create.Role = store.RoleAdmin
+	} else {
+		create.Role = store.RoleUser
+	}
+
+	user, err := s.Store.CreateUser(ctx, create)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to create user, err: %s", err))
+	}
+
+	accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(s.Secret))
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to generate tokens, err: %s", err))
+	}
+	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, "user login"); err != nil {
+		return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to upsert access token to store, err: %s", err))
+	}
+
+	if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
+		"Set-Cookie": fmt.Sprintf("%s=%s; Path=/; Expires=%s; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName, accessToken, time.Now().Add(auth.AccessTokenDuration).Format(time.RFC1123)),
+	})); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
+	}
+
+	metric.Enqueue("user sign up")
+	return &apiv2pb.SignUpResponse{
+		User: convertUserFromStore(user),
+	}, nil
+}
+
+func (*APIV2Service) SignOut(ctx context.Context, _ *apiv2pb.SignOutRequest) (*apiv2pb.SignOutResponse, error) {
+	// Set the cookie header to expire access token.
+	if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
+		"Set-Cookie": fmt.Sprintf("%s=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName),
+	})); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
+	}
+
+	return &apiv2pb.SignOutResponse{}, nil
+}
--- a/api/v2/collection_service.go
+++ b/api/v2/collection_service.go
@ -0,0 +1,236 @@
+package v2
+
+import (
+	"context"
+	"time"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/server/service/license"
+	"github.com/yourselfhosted/slash/store"
+)
+
+func (s *APIV2Service) ListCollections(ctx context.Context, _ *apiv2pb.ListCollectionsRequest) (*apiv2pb.ListCollectionsResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	collections, err := s.Store.ListCollections(ctx, &store.FindCollection{
+		CreatorID: &userID,
+		VisibilityList: []store.Visibility{
+			store.VisibilityPrivate,
+		},
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get collection list, err: %v", err)
+	}
+
+	sharedCollections, err := s.Store.ListCollections(ctx, &store.FindCollection{
+		VisibilityList: []store.Visibility{
+			store.VisibilityWorkspace,
+			store.VisibilityPublic,
+		},
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get collection list, err: %v", err)
+	}
+	collections = append(collections, sharedCollections...)
+
+	convertedCollections := []*apiv2pb.Collection{}
+	for _, collection := range collections {
+		convertedCollections = append(convertedCollections, convertCollectionFromStore(collection))
+	}
+
+	response := &apiv2pb.ListCollectionsResponse{
+		Collections: convertedCollections,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) GetCollection(ctx context.Context, request *apiv2pb.GetCollectionRequest) (*apiv2pb.GetCollectionResponse, error) {
+	collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
+	}
+	if collection == nil {
+		return nil, status.Errorf(codes.NotFound, "collection not found")
+	}
+
+	userID := ctx.Value(userIDContextKey).(int32)
+	if collection.Visibility == storepb.Visibility_PRIVATE && collection.CreatorId != userID {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+	response := &apiv2pb.GetCollectionResponse{
+		Collection: convertCollectionFromStore(collection),
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) GetCollectionByName(ctx context.Context, request *apiv2pb.GetCollectionByNameRequest) (*apiv2pb.GetCollectionByNameResponse, error) {
+	collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
+		Name: &request.Name,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
+	}
+	if collection == nil {
+		return nil, status.Errorf(codes.NotFound, "collection not found")
+	}
+
+	userID, ok := ctx.Value(userIDContextKey).(int32)
+	if ok {
+		if collection.Visibility == storepb.Visibility_PRIVATE && collection.CreatorId != userID {
+			return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+		}
+	} else {
+		if collection.Visibility != storepb.Visibility_PUBLIC {
+			return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+		}
+	}
+	response := &apiv2pb.GetCollectionByNameResponse{
+		Collection: convertCollectionFromStore(collection),
+	}
+	metric.Enqueue("collection view")
+	return response, nil
+}
+
+func (s *APIV2Service) CreateCollection(ctx context.Context, request *apiv2pb.CreateCollectionRequest) (*apiv2pb.CreateCollectionResponse, error) {
+	if request.Collection.Name == "" || request.Collection.Title == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "name and title are required")
+	}
+
+	if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
+		collections, err := s.Store.ListCollections(ctx, &store.FindCollection{
+			VisibilityList: []store.Visibility{store.VisibilityWorkspace, store.VisibilityPublic},
+		})
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "failed to get collection list, err: %v", err)
+		}
+		if len(collections) >= 5 {
+			return nil, status.Errorf(codes.PermissionDenied, "Maximum number of collections reached")
+		}
+	}
+
+	userID := ctx.Value(userIDContextKey).(int32)
+	collection := &storepb.Collection{
+		CreatorId:   userID,
+		Name:        request.Collection.Name,
+		Title:       request.Collection.Title,
+		Description: request.Collection.Description,
+		ShortcutIds: request.Collection.ShortcutIds,
+		Visibility:  storepb.Visibility(request.Collection.Visibility),
+	}
+	collection, err := s.Store.CreateCollection(ctx, collection)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to create collection, err: %v", err)
+	}
+
+	response := &apiv2pb.CreateCollectionResponse{
+		Collection: convertCollectionFromStore(collection),
+	}
+	metric.Enqueue("collection create")
+	return response, nil
+}
+
+func (s *APIV2Service) UpdateCollection(ctx context.Context, request *apiv2pb.UpdateCollectionRequest) (*apiv2pb.UpdateCollectionResponse, error) {
+	if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "updateMask is required")
+	}
+
+	userID := ctx.Value(userIDContextKey).(int32)
+	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
+	}
+	collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
+		ID: &request.Collection.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
+	}
+	if collection == nil {
+		return nil, status.Errorf(codes.NotFound, "collection not found")
+	}
+	if collection.CreatorId != userID && currentUser.Role != store.RoleAdmin {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	update := &store.UpdateCollection{
+		ID: collection.Id,
+	}
+	for _, path := range request.UpdateMask.Paths {
+		switch path {
+		case "name":
+			update.Name = &request.Collection.Name
+		case "title":
+			update.Title = &request.Collection.Title
+		case "description":
+			update.Description = &request.Collection.Description
+		case "shortcut_ids":
+			update.ShortcutIDs = request.Collection.ShortcutIds
+		case "visibility":
+			visibility := store.Visibility(request.Collection.Visibility.String())
+			update.Visibility = &visibility
+		}
+	}
+	collection, err = s.Store.UpdateCollection(ctx, update)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to update collection, err: %v", err)
+	}
+
+	response := &apiv2pb.UpdateCollectionResponse{
+		Collection: convertCollectionFromStore(collection),
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) DeleteCollection(ctx context.Context, request *apiv2pb.DeleteCollectionRequest) (*apiv2pb.DeleteCollectionResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
+	}
+	collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
+	}
+	if collection == nil {
+		return nil, status.Errorf(codes.NotFound, "collection not found")
+	}
+	if collection.CreatorId != userID && currentUser.Role != store.RoleAdmin {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	err = s.Store.DeleteCollection(ctx, &store.DeleteCollection{
+		ID: collection.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to delete collection, err: %v", err)
+	}
+	response := &apiv2pb.DeleteCollectionResponse{}
+	return response, nil
+}
+
+func convertCollectionFromStore(collection *storepb.Collection) *apiv2pb.Collection {
+	return &apiv2pb.Collection{
+		Id:          collection.Id,
+		CreatorId:   collection.CreatorId,
+		CreatedTime: timestamppb.New(time.Unix(collection.CreatedTs, 0)),
+		UpdatedTime: timestamppb.New(time.Unix(collection.UpdatedTs, 0)),
+		Name:        collection.Name,
+		Title:       collection.Title,
+		Description: collection.Description,
+		ShortcutIds: collection.ShortcutIds,
+		Visibility:  apiv2pb.Visibility(collection.Visibility),
+	}
+}
--- a/api/v2/common.go
+++ b/api/v2/common.go
@ -0,0 +1,33 @@
+package v2
+
+import (
+	"context"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	"github.com/yourselfhosted/slash/store"
+)
+
+func convertRowStatusFromStore(rowStatus store.RowStatus) apiv2pb.RowStatus {
+	switch rowStatus {
+	case store.Normal:
+		return apiv2pb.RowStatus_NORMAL
+	case store.Archived:
+		return apiv2pb.RowStatus_ARCHIVED
+	default:
+		return apiv2pb.RowStatus_ROW_STATUS_UNSPECIFIED
+	}
+}
+
+func getCurrentUser(ctx context.Context, s *store.Store) (*store.User, error) {
+	userID, ok := ctx.Value(userIDContextKey).(int32)
+	if !ok {
+		return nil, nil
+	}
+	user, err := s.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return user, nil
+}
--- a/api/v2/memo_service.go
+++ b/api/v2/memo_service.go
@ -0,0 +1,187 @@
+package v2
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/store"
+)
+
+func (s *APIV2Service) ListMemos(ctx context.Context, _ *apiv2pb.ListMemosRequest) (*apiv2pb.ListMemosResponse, error) {
+	find := &store.FindMemo{}
+	memos, err := s.Store.ListMemos(ctx, find)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to fetch memo list, err: %v", err)
+	}
+
+	composedMemos := []*apiv2pb.Memo{}
+	for _, memo := range memos {
+		composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
+		}
+		composedMemos = append(composedMemos, composedMemo)
+	}
+
+	response := &apiv2pb.ListMemosResponse{
+		Memos: composedMemos,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) GetMemo(ctx context.Context, request *apiv2pb.GetMemoRequest) (*apiv2pb.GetMemoResponse, error) {
+	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get memo by ID: %v", err)
+	}
+	if memo == nil {
+		return nil, status.Errorf(codes.NotFound, "memo not found")
+	}
+
+	composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
+	}
+	response := &apiv2pb.GetMemoResponse{
+		Memo: composedMemo,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) CreateMemo(ctx context.Context, request *apiv2pb.CreateMemoRequest) (*apiv2pb.CreateMemoResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	memo := &storepb.Memo{
+		CreatorId:  userID,
+		Name:       request.Memo.Name,
+		Title:      request.Memo.Title,
+		Content:    request.Memo.Content,
+		Tags:       request.Memo.Tags,
+		Visibility: storepb.Visibility(request.Memo.Visibility),
+	}
+	memo, err := s.Store.CreateMemo(ctx, memo)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to create memo, err: %v", err)
+	}
+
+	composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
+	}
+	response := &apiv2pb.CreateMemoResponse{
+		Memo: composedMemo,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) UpdateMemo(ctx context.Context, request *apiv2pb.UpdateMemoRequest) (*apiv2pb.UpdateMemoResponse, error) {
+	if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "updateMask is required")
+	}
+
+	userID := ctx.Value(userIDContextKey).(int32)
+	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
+	}
+	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
+		ID: &request.Memo.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get memo by ID: %v", err)
+	}
+	if memo == nil {
+		return nil, status.Errorf(codes.NotFound, "memo not found")
+	}
+	if memo.CreatorId != userID && currentUser.Role != store.RoleAdmin {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	update := &store.UpdateMemo{
+		ID: memo.Id,
+	}
+	for _, path := range request.UpdateMask.Paths {
+		switch path {
+		case "name":
+			update.Name = &request.Memo.Name
+		case "title":
+			update.Title = &request.Memo.Title
+		case "content":
+			update.Content = &request.Memo.Content
+		case "tags":
+			tag := strings.Join(request.Memo.Tags, " ")
+			update.Tag = &tag
+		case "visibility":
+			visibility := store.Visibility(request.Memo.Visibility.String())
+			update.Visibility = &visibility
+		}
+	}
+	memo, err = s.Store.UpdateMemo(ctx, update)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to update memo, err: %v", err)
+	}
+
+	composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
+	}
+	response := &apiv2pb.UpdateMemoResponse{
+		Memo: composedMemo,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) DeleteMemo(ctx context.Context, request *apiv2pb.DeleteMemoRequest) (*apiv2pb.DeleteMemoResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
+	}
+	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get memo by ID: %v", err)
+	}
+	if memo == nil {
+		return nil, status.Errorf(codes.NotFound, "memo not found")
+	}
+	if memo.CreatorId != userID && currentUser.Role != store.RoleAdmin {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	err = s.Store.DeleteMemo(ctx, &store.DeleteMemo{
+		ID: memo.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to delete memo, err: %v", err)
+	}
+	response := &apiv2pb.DeleteMemoResponse{}
+	return response, nil
+}
+
+func (*APIV2Service) convertMemoFromStorepb(_ context.Context, memo *storepb.Memo) (*apiv2pb.Memo, error) {
+	return &apiv2pb.Memo{
+		Id:          memo.Id,
+		CreatedTime: timestamppb.New(time.Unix(memo.CreatedTs, 0)),
+		UpdatedTime: timestamppb.New(time.Unix(memo.UpdatedTs, 0)),
+		CreatorId:   memo.CreatorId,
+		Name:        memo.Name,
+		Title:       memo.Title,
+		Content:     memo.Content,
+		Tags:        memo.Tags,
+		Visibility:  apiv2pb.Visibility(memo.Visibility),
+	}, nil
+}
--- a/api/v2/shortcut_service.go
+++ b/api/v2/shortcut_service.go
@ -0,0 +1,419 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/mssola/useragent"
+	"github.com/pkg/errors"
+	"golang.org/x/exp/slices"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/peer"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/store"
+)
+
+func (s *APIV2Service) ListShortcuts(ctx context.Context, _ *apiv2pb.ListShortcutsRequest) (*apiv2pb.ListShortcutsResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	find := &store.FindShortcut{}
+	find.VisibilityList = []store.Visibility{store.VisibilityWorkspace, store.VisibilityPublic}
+	visibleShortcutList, err := s.Store.ListShortcuts(ctx, find)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to fetch visible shortcut list, err: %v", err)
+	}
+
+	find.VisibilityList = []store.Visibility{store.VisibilityPrivate}
+	find.CreatorID = &userID
+	shortcutList, err := s.Store.ListShortcuts(ctx, find)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to fetch private shortcut list, err: %v", err)
+	}
+
+	shortcutList = append(shortcutList, visibleShortcutList...)
+	shortcuts := []*apiv2pb.Shortcut{}
+	for _, shortcut := range shortcutList {
+		composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
+		}
+		shortcuts = append(shortcuts, composedShortcut)
+	}
+
+	response := &apiv2pb.ListShortcutsResponse{
+		Shortcuts: shortcuts,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) GetShortcut(ctx context.Context, request *apiv2pb.GetShortcutRequest) (*apiv2pb.GetShortcutResponse, error) {
+	shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
+	}
+	if shortcut == nil {
+		return nil, status.Errorf(codes.NotFound, "shortcut not found")
+	}
+
+	userID, ok := ctx.Value(userIDContextKey).(int32)
+	if ok {
+		if shortcut.Visibility == storepb.Visibility_PRIVATE && shortcut.CreatorId != userID {
+			return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+		}
+	} else {
+		if shortcut.Visibility != storepb.Visibility_PUBLIC {
+			return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+		}
+	}
+
+	composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
+	}
+	response := &apiv2pb.GetShortcutResponse{
+		Shortcut: composedShortcut,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) GetShortcutByName(ctx context.Context, request *apiv2pb.GetShortcutByNameRequest) (*apiv2pb.GetShortcutByNameResponse, error) {
+	shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
+		Name: &request.Name,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get shortcut by name: %v", err)
+	}
+	if shortcut == nil {
+		return nil, status.Errorf(codes.NotFound, "shortcut not found")
+	}
+
+	userID, ok := ctx.Value(userIDContextKey).(int32)
+	if ok {
+		if shortcut.Visibility == storepb.Visibility_PRIVATE && shortcut.CreatorId != userID {
+			return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+		}
+	} else {
+		if shortcut.Visibility != storepb.Visibility_PUBLIC {
+			return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+		}
+	}
+
+	// Create shortcut view activity.
+	if err := s.createShortcutViewActivity(ctx, shortcut); err != nil {
+		fmt.Printf("failed to create activity, err: %v", err)
+	}
+
+	composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
+	}
+	response := &apiv2pb.GetShortcutByNameResponse{
+		Shortcut: composedShortcut,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) CreateShortcut(ctx context.Context, request *apiv2pb.CreateShortcutRequest) (*apiv2pb.CreateShortcutResponse, error) {
+	if request.Shortcut.Name == "" || request.Shortcut.Link == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "name and link are required")
+	}
+
+	userID := ctx.Value(userIDContextKey).(int32)
+	shortcut := &storepb.Shortcut{
+		CreatorId:   userID,
+		Name:        request.Shortcut.Name,
+		Link:        request.Shortcut.Link,
+		Title:       request.Shortcut.Title,
+		Tags:        request.Shortcut.Tags,
+		Description: request.Shortcut.Description,
+		Visibility:  storepb.Visibility(request.Shortcut.Visibility),
+		OgMetadata:  &storepb.OpenGraphMetadata{},
+	}
+	if request.Shortcut.OgMetadata != nil {
+		shortcut.OgMetadata = &storepb.OpenGraphMetadata{
+			Title:       request.Shortcut.OgMetadata.Title,
+			Description: request.Shortcut.OgMetadata.Description,
+			Image:       request.Shortcut.OgMetadata.Image,
+		}
+	}
+	shortcut, err := s.Store.CreateShortcut(ctx, shortcut)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to create shortcut, err: %v", err)
+	}
+	if err := s.createShortcutCreateActivity(ctx, shortcut); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to create activity, err: %v", err)
+	}
+
+	composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
+	}
+	response := &apiv2pb.CreateShortcutResponse{
+		Shortcut: composedShortcut,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) UpdateShortcut(ctx context.Context, request *apiv2pb.UpdateShortcutRequest) (*apiv2pb.UpdateShortcutResponse, error) {
+	if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "updateMask is required")
+	}
+
+	userID := ctx.Value(userIDContextKey).(int32)
+	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
+	}
+	shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
+		ID: &request.Shortcut.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
+	}
+	if shortcut == nil {
+		return nil, status.Errorf(codes.NotFound, "shortcut not found")
+	}
+	if shortcut.CreatorId != userID && currentUser.Role != store.RoleAdmin {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	update := &store.UpdateShortcut{
+		ID: shortcut.Id,
+	}
+	for _, path := range request.UpdateMask.Paths {
+		switch path {
+		case "name":
+			update.Name = &request.Shortcut.Name
+		case "link":
+			update.Link = &request.Shortcut.Link
+		case "title":
+			update.Title = &request.Shortcut.Title
+		case "description":
+			update.Description = &request.Shortcut.Description
+		case "tags":
+			tag := strings.Join(request.Shortcut.Tags, " ")
+			update.Tag = &tag
+		case "visibility":
+			visibility := store.Visibility(request.Shortcut.Visibility.String())
+			update.Visibility = &visibility
+		case "og_metadata":
+			if request.Shortcut.OgMetadata != nil {
+				update.OpenGraphMetadata = &storepb.OpenGraphMetadata{
+					Title:       request.Shortcut.OgMetadata.Title,
+					Description: request.Shortcut.OgMetadata.Description,
+					Image:       request.Shortcut.OgMetadata.Image,
+				}
+			}
+		}
+	}
+	shortcut, err = s.Store.UpdateShortcut(ctx, update)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to update shortcut, err: %v", err)
+	}
+
+	composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
+	}
+	response := &apiv2pb.UpdateShortcutResponse{
+		Shortcut: composedShortcut,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) DeleteShortcut(ctx context.Context, request *apiv2pb.DeleteShortcutRequest) (*apiv2pb.DeleteShortcutResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
+	}
+	shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
+	}
+	if shortcut == nil {
+		return nil, status.Errorf(codes.NotFound, "shortcut not found")
+	}
+	if shortcut.CreatorId != userID && currentUser.Role != store.RoleAdmin {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	err = s.Store.DeleteShortcut(ctx, &store.DeleteShortcut{
+		ID: shortcut.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to delete shortcut, err: %v", err)
+	}
+	response := &apiv2pb.DeleteShortcutResponse{}
+	return response, nil
+}
+
+func (s *APIV2Service) GetShortcutAnalytics(ctx context.Context, request *apiv2pb.GetShortcutAnalyticsRequest) (*apiv2pb.GetShortcutAnalyticsResponse, error) {
+	shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
+	}
+	if shortcut == nil {
+		return nil, status.Errorf(codes.NotFound, "shortcut not found")
+	}
+
+	activities, err := s.Store.ListActivities(ctx, &store.FindActivity{
+		Type:              store.ActivityShortcutView,
+		PayloadShortcutID: &shortcut.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get activities, err: %v", err)
+	}
+
+	referenceMap := make(map[string]int32)
+	deviceMap := make(map[string]int32)
+	browserMap := make(map[string]int32)
+	for _, activity := range activities {
+		payload := &storepb.ActivityShorcutViewPayload{}
+		if err := protojson.Unmarshal([]byte(activity.Payload), payload); err != nil {
+			return nil, status.Error(codes.Internal, fmt.Sprintf("failed to unmarshal payload, err: %v", err))
+		}
+
+		if _, ok := referenceMap[payload.Referer]; !ok {
+			referenceMap[payload.Referer] = 0
+		}
+		referenceMap[payload.Referer]++
+
+		ua := useragent.New(payload.UserAgent)
+		deviceName := ua.OSInfo().Name
+		browserName, _ := ua.Browser()
+
+		if _, ok := deviceMap[deviceName]; !ok {
+			deviceMap[deviceName] = 0
+		}
+		deviceMap[deviceName]++
+
+		if _, ok := browserMap[browserName]; !ok {
+			browserMap[browserName] = 0
+		}
+		browserMap[browserName]++
+	}
+
+	metric.Enqueue("shortcut analytics")
+	response := &apiv2pb.GetShortcutAnalyticsResponse{
+		References: mapToAnalyticsSlice(referenceMap),
+		Devices:    mapToAnalyticsSlice(deviceMap),
+		Browsers:   mapToAnalyticsSlice(browserMap),
+	}
+	return response, nil
+}
+
+func mapToAnalyticsSlice(m map[string]int32) []*apiv2pb.GetShortcutAnalyticsResponse_AnalyticsItem {
+	analyticsSlice := make([]*apiv2pb.GetShortcutAnalyticsResponse_AnalyticsItem, 0)
+	for key, value := range m {
+		analyticsSlice = append(analyticsSlice, &apiv2pb.GetShortcutAnalyticsResponse_AnalyticsItem{
+			Name:  key,
+			Count: value,
+		})
+	}
+	slices.SortFunc(analyticsSlice, func(i, j *apiv2pb.GetShortcutAnalyticsResponse_AnalyticsItem) int {
+		return int(i.Count - j.Count)
+	})
+	return analyticsSlice
+}
+
+func (s *APIV2Service) createShortcutViewActivity(ctx context.Context, shortcut *storepb.Shortcut) error {
+	p, _ := peer.FromContext(ctx)
+	headers, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return errors.New("Failed to get metadata from context")
+	}
+	payload := &storepb.ActivityShorcutViewPayload{
+		ShortcutId: shortcut.Id,
+		Ip:         p.Addr.String(),
+		Referer:    headers.Get("referer")[0],
+		UserAgent:  headers.Get("user-agent")[0],
+	}
+	payloadStr, err := protojson.Marshal(payload)
+	if err != nil {
+		return errors.Wrap(err, "Failed to marshal activity payload")
+	}
+	activity := &store.Activity{
+		CreatorID: BotID,
+		Type:      store.ActivityShortcutView,
+		Level:     store.ActivityInfo,
+		Payload:   string(payloadStr),
+	}
+	_, err = s.Store.CreateActivity(ctx, activity)
+	if err != nil {
+		return errors.Wrap(err, "Failed to create activity")
+	}
+	return nil
+}
+
+func (s *APIV2Service) createShortcutCreateActivity(ctx context.Context, shortcut *storepb.Shortcut) error {
+	payload := &storepb.ActivityShorcutCreatePayload{
+		ShortcutId: shortcut.Id,
+	}
+	payloadStr, err := protojson.Marshal(payload)
+	if err != nil {
+		return errors.Wrap(err, "Failed to marshal activity payload")
+	}
+	activity := &store.Activity{
+		CreatorID: shortcut.CreatorId,
+		Type:      store.ActivityShortcutCreate,
+		Level:     store.ActivityInfo,
+		Payload:   string(payloadStr),
+	}
+	_, err = s.Store.CreateActivity(ctx, activity)
+	if err != nil {
+		return errors.Wrap(err, "Failed to create activity")
+	}
+	return nil
+}
+
+func (s *APIV2Service) convertShortcutFromStorepb(ctx context.Context, shortcut *storepb.Shortcut) (*apiv2pb.Shortcut, error) {
+	composedShortcut := &apiv2pb.Shortcut{
+		Id:          shortcut.Id,
+		CreatorId:   shortcut.CreatorId,
+		CreatedTime: timestamppb.New(time.Unix(shortcut.CreatedTs, 0)),
+		UpdatedTime: timestamppb.New(time.Unix(shortcut.UpdatedTs, 0)),
+		RowStatus:   apiv2pb.RowStatus(shortcut.RowStatus),
+		Name:        shortcut.Name,
+		Link:        shortcut.Link,
+		Title:       shortcut.Title,
+		Tags:        shortcut.Tags,
+		Description: shortcut.Description,
+		Visibility:  apiv2pb.Visibility(shortcut.Visibility),
+		OgMetadata: &apiv2pb.OpenGraphMetadata{
+			Title:       shortcut.OgMetadata.Title,
+			Description: shortcut.OgMetadata.Description,
+			Image:       shortcut.OgMetadata.Image,
+		},
+	}
+
+	activityList, err := s.Store.ListActivities(ctx, &store.FindActivity{
+		Type:              store.ActivityShortcutView,
+		Level:             store.ActivityInfo,
+		PayloadShortcutID: &composedShortcut.Id,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "Failed to list activities")
+	}
+	composedShortcut.ViewCount = int32(len(activityList))
+
+	return composedShortcut, nil
+}
--- a/api/v2/subscription_service.go
+++ b/api/v2/subscription_service.go
@ -0,0 +1,30 @@
+package v2
+
+import (
+	"context"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+)
+
+func (s *APIV2Service) GetSubscription(ctx context.Context, _ *apiv2pb.GetSubscriptionRequest) (*apiv2pb.GetSubscriptionResponse, error) {
+	subscription, err := s.LicenseService.LoadSubscription(ctx)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to load subscription: %v", err)
+	}
+	return &apiv2pb.GetSubscriptionResponse{
+		Subscription: subscription,
+	}, nil
+}
+
+func (s *APIV2Service) UpdateSubscription(ctx context.Context, request *apiv2pb.UpdateSubscriptionRequest) (*apiv2pb.UpdateSubscriptionResponse, error) {
+	subscription, err := s.LicenseService.UpdateSubscription(ctx, request.LicenseKey)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to load subscription: %v", err)
+	}
+	return &apiv2pb.UpdateSubscriptionResponse{
+		Subscription: subscription,
+	}, nil
+}
--- a/api/v2/user_service.go
+++ b/api/v2/user_service.go
@ -0,0 +1,324 @@
+package v2
+
+import (
+	"context"
+	"time"
+
+	"github.com/golang-jwt/jwt/v4"
+	"github.com/pkg/errors"
+	"golang.org/x/crypto/bcrypt"
+	"golang.org/x/exp/slices"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/yourselfhosted/slash/api/auth"
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/server/service/license"
+	"github.com/yourselfhosted/slash/store"
+)
+
+const (
+	// BotID is the id of bot.
+	BotID = 0
+)
+
+func (s *APIV2Service) ListUsers(ctx context.Context, _ *apiv2pb.ListUsersRequest) (*apiv2pb.ListUsersResponse, error) {
+	users, err := s.Store.ListUsers(ctx, &store.FindUser{})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to list users: %v", err)
+	}
+
+	userMessages := []*apiv2pb.User{}
+	for _, user := range users {
+		userMessages = append(userMessages, convertUserFromStore(user))
+	}
+	response := &apiv2pb.ListUsersResponse{
+		Users: userMessages,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) GetUser(ctx context.Context, request *apiv2pb.GetUserRequest) (*apiv2pb.GetUserResponse, error) {
+	user, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to find user: %v", err)
+	}
+	if user == nil {
+		return nil, status.Errorf(codes.NotFound, "user not found")
+	}
+
+	userMessage := convertUserFromStore(user)
+	response := &apiv2pb.GetUserResponse{
+		User: userMessage,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) CreateUser(ctx context.Context, request *apiv2pb.CreateUserRequest) (*apiv2pb.CreateUserResponse, error) {
+	passwordHash, err := bcrypt.GenerateFromPassword([]byte(request.User.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to hash password: %v", err)
+	}
+
+	if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
+		userList, err := s.Store.ListUsers(ctx, &store.FindUser{})
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "failed to list users: %v", err)
+		}
+		if len(userList) >= 5 {
+			return nil, status.Errorf(codes.ResourceExhausted, "maximum number of users reached")
+		}
+	}
+
+	user, err := s.Store.CreateUser(ctx, &store.User{
+		Email:        request.User.Email,
+		Nickname:     request.User.Nickname,
+		Role:         store.RoleUser,
+		PasswordHash: string(passwordHash),
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to create user: %v", err)
+	}
+	response := &apiv2pb.CreateUserResponse{
+		User: convertUserFromStore(user),
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) UpdateUser(ctx context.Context, request *apiv2pb.UpdateUserRequest) (*apiv2pb.UpdateUserResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	if userID != request.User.Id {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+	if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "UpdateMask is empty")
+	}
+
+	userUpdate := &store.UpdateUser{
+		ID: request.User.Id,
+	}
+	for _, path := range request.UpdateMask.Paths {
+		if path == "email" {
+			userUpdate.Email = &request.User.Email
+		} else if path == "nickname" {
+			userUpdate.Nickname = &request.User.Nickname
+		}
+	}
+	user, err := s.Store.UpdateUser(ctx, userUpdate)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to update user: %v", err)
+	}
+	return &apiv2pb.UpdateUserResponse{
+		User: convertUserFromStore(user),
+	}, nil
+}
+
+func (s *APIV2Service) DeleteUser(ctx context.Context, request *apiv2pb.DeleteUserRequest) (*apiv2pb.DeleteUserResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	if userID == request.Id {
+		return nil, status.Errorf(codes.InvalidArgument, "cannot delete yourself")
+	}
+
+	err := s.Store.DeleteUser(ctx, &store.DeleteUser{
+		ID: request.Id,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to delete user: %v", err)
+	}
+	response := &apiv2pb.DeleteUserResponse{}
+	return response, nil
+}
+
+func (s *APIV2Service) ListUserAccessTokens(ctx context.Context, request *apiv2pb.ListUserAccessTokensRequest) (*apiv2pb.ListUserAccessTokensResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	if userID != request.Id {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
+	}
+
+	accessTokens := []*apiv2pb.UserAccessToken{}
+	for _, userAccessToken := range userAccessTokens {
+		claims := &auth.ClaimsMessage{}
+		_, err := jwt.ParseWithClaims(userAccessToken.AccessToken, claims, func(t *jwt.Token) (any, error) {
+			if t.Method.Alg() != jwt.SigningMethodHS256.Name {
+				return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
+			}
+			if kid, ok := t.Header["kid"].(string); ok {
+				if kid == "v1" {
+					return []byte(s.Secret), nil
+				}
+			}
+			return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
+		})
+		if err != nil {
+			// If the access token is invalid or expired, just ignore it.
+			continue
+		}
+
+		userAccessToken := &apiv2pb.UserAccessToken{
+			AccessToken: userAccessToken.AccessToken,
+			Description: userAccessToken.Description,
+			IssuedAt:    timestamppb.New(claims.IssuedAt.Time),
+		}
+		if claims.ExpiresAt != nil {
+			userAccessToken.ExpiresAt = timestamppb.New(claims.ExpiresAt.Time)
+		}
+		accessTokens = append(accessTokens, userAccessToken)
+	}
+
+	// Sort by issued time in descending order.
+	slices.SortFunc(accessTokens, func(i, j *apiv2pb.UserAccessToken) int {
+		return int(i.IssuedAt.Seconds - j.IssuedAt.Seconds)
+	})
+	response := &apiv2pb.ListUserAccessTokensResponse{
+		AccessTokens: accessTokens,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) CreateUserAccessToken(ctx context.Context, request *apiv2pb.CreateUserAccessTokenRequest) (*apiv2pb.CreateUserAccessTokenResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	if userID != request.Id {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	user, err := s.Store.GetUser(ctx, &store.FindUser{
+		ID: &userID,
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
+	}
+	if user == nil {
+		return nil, status.Errorf(codes.NotFound, "user not found")
+	}
+
+	expiresAt := time.Time{}
+	if request.ExpiresAt != nil {
+		expiresAt = request.ExpiresAt.AsTime()
+	}
+	accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, expiresAt, []byte(s.Secret))
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
+	}
+
+	claims := &auth.ClaimsMessage{}
+	_, err = jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
+		if t.Method.Alg() != jwt.SigningMethodHS256.Name {
+			return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
+		}
+		if kid, ok := t.Header["kid"].(string); ok {
+			if kid == "v1" {
+				return []byte(s.Secret), nil
+			}
+		}
+		return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
+	})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to parse access token: %v", err)
+	}
+
+	// Upsert the access token to user setting store.
+	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, request.Description); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err)
+	}
+
+	userAccessToken := &apiv2pb.UserAccessToken{
+		AccessToken: accessToken,
+		Description: request.Description,
+		IssuedAt:    timestamppb.New(claims.IssuedAt.Time),
+	}
+	if claims.ExpiresAt != nil {
+		userAccessToken.ExpiresAt = timestamppb.New(claims.ExpiresAt.Time)
+	}
+	response := &apiv2pb.CreateUserAccessTokenResponse{
+		AccessToken: userAccessToken,
+	}
+	return response, nil
+}
+
+func (s *APIV2Service) DeleteUserAccessToken(ctx context.Context, request *apiv2pb.DeleteUserAccessTokenRequest) (*apiv2pb.DeleteUserAccessTokenResponse, error) {
+	userID := ctx.Value(userIDContextKey).(int32)
+	if userID != request.Id {
+		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
+	}
+
+	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
+	}
+	updatedUserAccessTokens := []*storepb.AccessTokensUserSetting_AccessToken{}
+	for _, userAccessToken := range userAccessTokens {
+		if userAccessToken.AccessToken == request.AccessToken {
+			continue
+		}
+		updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken)
+	}
+	if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
+		UserId: userID,
+		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
+		Value: &storepb.UserSetting_AccessTokens{
+			AccessTokens: &storepb.AccessTokensUserSetting{
+				AccessTokens: updatedUserAccessTokens,
+			},
+		},
+	}); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to upsert user setting: %v", err)
+	}
+
+	return &apiv2pb.DeleteUserAccessTokenResponse{}, nil
+}
+
+func (s *APIV2Service) UpsertAccessTokenToStore(ctx context.Context, user *store.User, accessToken, description string) error {
+	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
+	if err != nil {
+		return errors.Wrap(err, "failed to get user access tokens")
+	}
+	userAccessToken := storepb.AccessTokensUserSetting_AccessToken{
+		AccessToken: accessToken,
+		Description: description,
+	}
+	userAccessTokens = append(userAccessTokens, &userAccessToken)
+	if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
+		UserId: user.ID,
+		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
+		Value: &storepb.UserSetting_AccessTokens{
+			AccessTokens: &storepb.AccessTokensUserSetting{
+				AccessTokens: userAccessTokens,
+			},
+		},
+	}); err != nil {
+		return errors.Wrap(err, "failed to upsert user setting")
+	}
+	return nil
+}
+
+func convertUserFromStore(user *store.User) *apiv2pb.User {
+	return &apiv2pb.User{
+		Id:          int32(user.ID),
+		RowStatus:   convertRowStatusFromStore(user.RowStatus),
+		CreatedTime: timestamppb.New(time.Unix(user.CreatedTs, 0)),
+		UpdatedTime: timestamppb.New(time.Unix(user.UpdatedTs, 0)),
+		Role:        convertUserRoleFromStore(user.Role),
+		Email:       user.Email,
+		Nickname:    user.Nickname,
+	}
+}
+
+func convertUserRoleFromStore(role store.Role) apiv2pb.Role {
+	switch role {
+	case store.RoleAdmin:
+		return apiv2pb.Role_ADMIN
+	case store.RoleUser:
+		return apiv2pb.Role_USER
+	default:
+		return apiv2pb.Role_ROLE_UNSPECIFIED
+	}
+}
--- a/api/v2/user_setting_service.go
+++ b/api/v2/user_setting_service.go
@ -0,0 +1,135 @@
+package v2
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/store"
+)
+
+func (s *APIV2Service) GetUserSetting(ctx context.Context, request *apiv2pb.GetUserSettingRequest) (*apiv2pb.GetUserSettingResponse, error) {
+	userSetting, err := getUserSetting(ctx, s.Store, request.Id)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get user setting: %v", err)
+	}
+	return &apiv2pb.GetUserSettingResponse{
+		UserSetting: userSetting,
+	}, nil
+}
+
+func (s *APIV2Service) UpdateUserSetting(ctx context.Context, request *apiv2pb.UpdateUserSettingRequest) (*apiv2pb.UpdateUserSettingResponse, error) {
+	if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "update mask is empty")
+	}
+
+	userID := ctx.Value(userIDContextKey).(int32)
+	for _, path := range request.UpdateMask.Paths {
+		if path == "locale" {
+			if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
+				UserId: userID,
+				Key:    storepb.UserSettingKey_USER_SETTING_LOCALE,
+				Value: &storepb.UserSetting_Locale{
+					Locale: convertUserSettingLocaleToStore(request.UserSetting.Locale),
+				},
+			}); err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to update user setting: %v", err)
+			}
+		} else if path == "color_theme" {
+			if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
+				UserId: userID,
+				Key:    storepb.UserSettingKey_USER_SETTING_COLOR_THEME,
+				Value: &storepb.UserSetting_ColorTheme{
+					ColorTheme: convertUserSettingColorThemeToStore(request.UserSetting.ColorTheme),
+				},
+			}); err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to update user setting: %v", err)
+			}
+		} else {
+			return nil, status.Errorf(codes.InvalidArgument, "invalid path: %s", path)
+		}
+	}
+
+	userSetting, err := getUserSetting(ctx, s.Store, request.Id)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get user setting: %v", err)
+	}
+	return &apiv2pb.UpdateUserSettingResponse{
+		UserSetting: userSetting,
+	}, nil
+}
+
+func getUserSetting(ctx context.Context, s *store.Store, userID int32) (*apiv2pb.UserSetting, error) {
+	userSettings, err := s.ListUserSettings(ctx, &store.FindUserSetting{
+		UserID: &userID,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to find user setting")
+	}
+
+	userSetting := &apiv2pb.UserSetting{
+		Id:         userID,
+		Locale:     apiv2pb.UserSetting_LOCALE_EN,
+		ColorTheme: apiv2pb.UserSetting_COLOR_THEME_SYSTEM,
+	}
+	for _, setting := range userSettings {
+		if setting.Key == storepb.UserSettingKey_USER_SETTING_LOCALE {
+			userSetting.Locale = convertUserSettingLocaleFromStore(setting.GetLocale())
+		} else if setting.Key == storepb.UserSettingKey_USER_SETTING_COLOR_THEME {
+			userSetting.ColorTheme = convertUserSettingColorThemeFromStore(setting.GetColorTheme())
+		}
+	}
+	return userSetting, nil
+}
+
+func convertUserSettingLocaleToStore(locale apiv2pb.UserSetting_Locale) storepb.LocaleUserSetting {
+	switch locale {
+	case apiv2pb.UserSetting_LOCALE_EN:
+		return storepb.LocaleUserSetting_LOCALE_USER_SETTING_EN
+	case apiv2pb.UserSetting_LOCALE_ZH:
+		return storepb.LocaleUserSetting_LOCALE_USER_SETTING_ZH
+	default:
+		return storepb.LocaleUserSetting_LOCALE_USER_SETTING_UNSPECIFIED
+	}
+}
+
+func convertUserSettingLocaleFromStore(locale storepb.LocaleUserSetting) apiv2pb.UserSetting_Locale {
+	switch locale {
+	case storepb.LocaleUserSetting_LOCALE_USER_SETTING_EN:
+		return apiv2pb.UserSetting_LOCALE_EN
+	case storepb.LocaleUserSetting_LOCALE_USER_SETTING_ZH:
+		return apiv2pb.UserSetting_LOCALE_ZH
+	default:
+		return apiv2pb.UserSetting_LOCALE_UNSPECIFIED
+	}
+}
+
+func convertUserSettingColorThemeToStore(colorTheme apiv2pb.UserSetting_ColorTheme) storepb.ColorThemeUserSetting {
+	switch colorTheme {
+	case apiv2pb.UserSetting_COLOR_THEME_SYSTEM:
+		return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_SYSTEM
+	case apiv2pb.UserSetting_COLOR_THEME_LIGHT:
+		return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_LIGHT
+	case apiv2pb.UserSetting_COLOR_THEME_DARK:
+		return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_DARK
+	default:
+		return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_UNSPECIFIED
+	}
+}
+
+func convertUserSettingColorThemeFromStore(colorTheme storepb.ColorThemeUserSetting) apiv2pb.UserSetting_ColorTheme {
+	switch colorTheme {
+	case storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_SYSTEM:
+		return apiv2pb.UserSetting_COLOR_THEME_SYSTEM
+	case storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_LIGHT:
+		return apiv2pb.UserSetting_COLOR_THEME_LIGHT
+	case storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_DARK:
+		return apiv2pb.UserSetting_COLOR_THEME_DARK
+	default:
+		return apiv2pb.UserSetting_COLOR_THEME_UNSPECIFIED
+	}
+}
--- a/api/v2/v2.go
+++ b/api/v2/v2.go
@ -0,0 +1,123 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/improbable-eng/grpc-web/go/grpcweb"
+	"github.com/labstack/echo/v4"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/reflection"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	"github.com/yourselfhosted/slash/server/profile"
+	"github.com/yourselfhosted/slash/server/service/license"
+	"github.com/yourselfhosted/slash/store"
+)
+
+type APIV2Service struct {
+	apiv2pb.UnimplementedWorkspaceServiceServer
+	apiv2pb.UnimplementedSubscriptionServiceServer
+	apiv2pb.UnimplementedAuthServiceServer
+	apiv2pb.UnimplementedUserServiceServer
+	apiv2pb.UnimplementedUserSettingServiceServer
+	apiv2pb.UnimplementedShortcutServiceServer
+	apiv2pb.UnimplementedCollectionServiceServer
+	apiv2pb.UnimplementedMemoServiceServer
+
+	Secret         string
+	Profile        *profile.Profile
+	Store          *store.Store
+	LicenseService *license.LicenseService
+
+	grpcServer     *grpc.Server
+	grpcServerPort int
+}
+
+func NewAPIV2Service(secret string, profile *profile.Profile, store *store.Store, licenseService *license.LicenseService, grpcServerPort int) *APIV2Service {
+	authProvider := NewGRPCAuthInterceptor(store, secret)
+	grpcServer := grpc.NewServer(
+		grpc.ChainUnaryInterceptor(
+			authProvider.AuthenticationInterceptor,
+		),
+	)
+	apiV2Service := &APIV2Service{
+		Secret:         secret,
+		Profile:        profile,
+		Store:          store,
+		LicenseService: licenseService,
+		grpcServer:     grpcServer,
+		grpcServerPort: grpcServerPort,
+	}
+
+	apiv2pb.RegisterSubscriptionServiceServer(grpcServer, apiV2Service)
+	apiv2pb.RegisterWorkspaceServiceServer(grpcServer, apiV2Service)
+	apiv2pb.RegisterAuthServiceServer(grpcServer, apiV2Service)
+	apiv2pb.RegisterUserServiceServer(grpcServer, apiV2Service)
+	apiv2pb.RegisterUserSettingServiceServer(grpcServer, apiV2Service)
+	apiv2pb.RegisterShortcutServiceServer(grpcServer, apiV2Service)
+	apiv2pb.RegisterCollectionServiceServer(grpcServer, apiV2Service)
+	apiv2pb.RegisterMemoServiceServer(grpcServer, apiV2Service)
+	reflection.Register(grpcServer)
+
+	return apiV2Service
+}
+
+func (s *APIV2Service) GetGRPCServer() *grpc.Server {
+	return s.grpcServer
+}
+
+// RegisterGateway registers the gRPC-Gateway with the given Echo instance.
+func (s *APIV2Service) RegisterGateway(ctx context.Context, e *echo.Echo) error {
+	// Create a client connection to the gRPC Server we just started.
+	// This is where the gRPC-Gateway proxies the requests.
+	conn, err := grpc.DialContext(
+		ctx,
+		fmt.Sprintf(":%d", s.grpcServerPort),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+	)
+	if err != nil {
+		return err
+	}
+
+	gwMux := runtime.NewServeMux()
+	if err := apiv2pb.RegisterSubscriptionServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	if err := apiv2pb.RegisterWorkspaceServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	if err := apiv2pb.RegisterAuthServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	if err := apiv2pb.RegisterUserServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	if err := apiv2pb.RegisterUserSettingServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	if err := apiv2pb.RegisterShortcutServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	if err := apiv2pb.RegisterCollectionServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	if err := apiv2pb.RegisterMemoServiceHandler(context.Background(), gwMux, conn); err != nil {
+		return err
+	}
+	e.Any("/api/v2/*", echo.WrapHandler(gwMux))
+
+	// GRPC web proxy.
+	options := []grpcweb.Option{
+		grpcweb.WithCorsForRegisteredEndpointsOnly(false),
+		grpcweb.WithOriginFunc(func(origin string) bool {
+			return true
+		}),
+	}
+	wrappedGrpc := grpcweb.WrapServer(s.grpcServer, options...)
+	e.Any("/slash.api.v2.*", echo.WrapHandler(wrappedGrpc))
+
+	return nil
+}
--- a/api/v2/workspace_service.go
+++ b/api/v2/workspace_service.go
@ -0,0 +1,146 @@
+package v2
+
+import (
+	"context"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	apiv2pb "github.com/yourselfhosted/slash/proto/gen/api/v2"
+	storepb "github.com/yourselfhosted/slash/proto/gen/store"
+	"github.com/yourselfhosted/slash/store"
+)
+
+func (s *APIV2Service) GetWorkspaceProfile(ctx context.Context, _ *apiv2pb.GetWorkspaceProfileRequest) (*apiv2pb.GetWorkspaceProfileResponse, error) {
+	profile := &apiv2pb.WorkspaceProfile{
+		Mode:    s.Profile.Mode,
+		Version: s.Profile.Version,
+		Plan:    apiv2pb.PlanType_FREE,
+	}
+
+	// Load subscription plan from license service.
+	subscription, err := s.LicenseService.GetSubscription(ctx)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get subscription: %v", err)
+	}
+	profile.Plan = subscription.Plan
+
+	workspaceSetting, err := s.GetWorkspaceSetting(ctx, &apiv2pb.GetWorkspaceSettingRequest{})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get workspace setting: %v", err)
+	}
+	if workspaceSetting != nil {
+		setting := workspaceSetting.GetSetting()
+		profile.EnableSignup = setting.GetEnableSignup()
+		profile.CustomStyle = setting.GetCustomStyle()
+		profile.CustomScript = setting.GetCustomScript()
+	}
+	return &apiv2pb.GetWorkspaceProfileResponse{
+		Profile: profile,
+	}, nil
+}
+
+func (s *APIV2Service) GetWorkspaceSetting(ctx context.Context, _ *apiv2pb.GetWorkspaceSettingRequest) (*apiv2pb.GetWorkspaceSettingResponse, error) {
+	isAdmin := false
+	userID, ok := ctx.Value(userIDContextKey).(int32)
+	if ok {
+		user, err := s.Store.GetUser(ctx, &store.FindUser{ID: &userID})
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
+		}
+		if user.Role == store.RoleAdmin {
+			isAdmin = true
+		}
+	}
+	workspaceSettings, err := s.Store.ListWorkspaceSettings(ctx, &store.FindWorkspaceSetting{})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to list workspace settings: %v", err)
+	}
+	workspaceSetting := &apiv2pb.WorkspaceSetting{
+		EnableSignup: true,
+	}
+	for _, v := range workspaceSettings {
+		if v.Key == storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP {
+			workspaceSetting.EnableSignup = v.GetEnableSignup()
+		} else if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_INSTANCE_URL {
+			workspaceSetting.InstanceUrl = v.GetInstanceUrl()
+		} else if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_STYLE {
+			workspaceSetting.CustomStyle = v.GetCustomStyle()
+		} else if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_SCRIPT {
+			workspaceSetting.CustomScript = v.GetCustomScript()
+		} else if isAdmin {
+			// For some settings, only admin can get the value.
+			if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_LICENSE_KEY {
+				workspaceSetting.LicenseKey = v.GetLicenseKey()
+			}
+		}
+	}
+	return &apiv2pb.GetWorkspaceSettingResponse{
+		Setting: workspaceSetting,
+	}, nil
+}
+
+func (s *APIV2Service) UpdateWorkspaceSetting(ctx context.Context, request *apiv2pb.UpdateWorkspaceSettingRequest) (*apiv2pb.UpdateWorkspaceSettingResponse, error) {
+	if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
+		return nil, status.Errorf(codes.InvalidArgument, "update mask is empty")
+	}
+
+	for _, path := range request.UpdateMask.Paths {
+		if path == "license_key" {
+			if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
+				Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_LICENSE_KEY,
+				Value: &storepb.WorkspaceSetting_LicenseKey{
+					LicenseKey: request.Setting.LicenseKey,
+				},
+			}); err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
+			}
+		} else if path == "enable_signup" {
+			if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
+				Key: storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP,
+				Value: &storepb.WorkspaceSetting_EnableSignup{
+					EnableSignup: request.Setting.EnableSignup,
+				},
+			}); err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
+			}
+		} else if path == "instance_url" {
+			if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
+				Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_INSTANCE_URL,
+				Value: &storepb.WorkspaceSetting_InstanceUrl{
+					InstanceUrl: request.Setting.InstanceUrl,
+				},
+			}); err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
+			}
+		} else if path == "custom_style" {
+			if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
+				Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_STYLE,
+				Value: &storepb.WorkspaceSetting_CustomStyle{
+					CustomStyle: request.Setting.CustomStyle,
+				},
+			}); err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
+			}
+		} else if path == "custom_script" {
+			if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
+				Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_SCRIPT,
+				Value: &storepb.WorkspaceSetting_CustomScript{
+					CustomScript: request.Setting.CustomScript,
+				},
+			}); err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
+			}
+		} else {
+			return nil, status.Errorf(codes.InvalidArgument, "invalid path: %s", path)
+		}
+	}
+
+	getWorkspaceSettingResponse, err := s.GetWorkspaceSetting(ctx, &apiv2pb.GetWorkspaceSettingRequest{})
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to get workspace setting: %v", err)
+	}
+	return &apiv2pb.UpdateWorkspaceSettingResponse{
+		Setting: getWorkspaceSettingResponse.Setting,
+	}, nil
+}
--- a/bin/slash/main.go
+++ b/bin/slash/main.go
@ -0,0 +1,164 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	_ "modernc.org/sqlite"
+
+	"github.com/yourselfhosted/slash/internal/log"
+	"github.com/yourselfhosted/slash/server"
+	"github.com/yourselfhosted/slash/server/metric"
+	"github.com/yourselfhosted/slash/server/profile"
+	"github.com/yourselfhosted/slash/store"
+	"github.com/yourselfhosted/slash/store/db"
+)
+
+const (
+	greetingBanner = `Welcome to Slash!`
+)
+
+var (
+	serverProfile *profile.Profile
+	mode          string
+	port          int
+	data          string
+	driver        string
+	dsn           string
+
+	rootCmd = &cobra.Command{
+		Use:   "slash",
+		Short: `An open source, self-hosted bookmarks and link sharing platform.`,
+		Run: func(_cmd *cobra.Command, _args []string) {
+			ctx, cancel := context.WithCancel(context.Background())
+			dbDriver, err := db.NewDBDriver(serverProfile)
+			if err != nil {
+				cancel()
+				log.Error("failed to create db driver", zap.Error(err))
+				return
+			}
+			if err := dbDriver.Migrate(ctx); err != nil {
+				cancel()
+				log.Error("failed to migrate db", zap.Error(err))
+				return
+			}
+
+			storeInstance := store.New(dbDriver, serverProfile)
+			s, err := server.NewServer(ctx, serverProfile, storeInstance)
+			if err != nil {
+				cancel()
+				log.Error("failed to create server", zap.Error(err))
+				return
+			}
+
+			// nolint
+			metric.NewMetricClient(s.Secret, *serverProfile)
+
+			c := make(chan os.Signal, 1)
+			// Trigger graceful shutdown on SIGINT or SIGTERM.
+			// The default signal sent by the `kill` command is SIGTERM,
+			// which is taken as the graceful shutdown signal for many systems, eg., Kubernetes, Gunicorn.
+			signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+			go func() {
+				sig := <-c
+				log.Info(fmt.Sprintf("%s received.\n", sig.String()))
+				s.Shutdown(ctx)
+				cancel()
+			}()
+
+			printGreetings()
+
+			if err := s.Start(ctx); err != nil {
+				if err != http.ErrServerClosed {
+					log.Error("failed to start server", zap.Error(err))
+					cancel()
+				}
+			}
+
+			// Wait for CTRL-C.
+			<-ctx.Done()
+		},
+	}
+)
+
+func Execute() error {
+	defer log.Sync()
+	return rootCmd.Execute()
+}
+
+func init() {
+	cobra.OnInitialize(initConfig)
+
+	rootCmd.PersistentFlags().StringVarP(&mode, "mode", "m", "demo", `mode of server, can be "prod" or "dev" or "demo"`)
+	rootCmd.PersistentFlags().IntVarP(&port, "port", "p", 8082, "port of server")
+	rootCmd.PersistentFlags().StringVarP(&data, "data", "d", "", "data directory")
+	rootCmd.PersistentFlags().StringVarP(&driver, "driver", "", "", "database driver")
+	rootCmd.PersistentFlags().StringVarP(&dsn, "dsn", "", "", "database source name(aka. DSN)")
+
+	err := viper.BindPFlag("mode", rootCmd.PersistentFlags().Lookup("mode"))
+	if err != nil {
+		panic(err)
+	}
+	err = viper.BindPFlag("port", rootCmd.PersistentFlags().Lookup("port"))
+	if err != nil {
+		panic(err)
+	}
+	err = viper.BindPFlag("data", rootCmd.PersistentFlags().Lookup("data"))
+	if err != nil {
+		panic(err)
+	}
+	err = viper.BindPFlag("driver", rootCmd.PersistentFlags().Lookup("driver"))
+	if err != nil {
+		panic(err)
+	}
+	err = viper.BindPFlag("dsn", rootCmd.PersistentFlags().Lookup("dsn"))
+	if err != nil {
+		panic(err)
+	}
+
+	viper.SetDefault("mode", "demo")
+	viper.SetDefault("port", 8082)
+	viper.SetDefault("driver", "sqlite")
+	viper.SetEnvPrefix("slash")
+}
+
+func initConfig() {
+	viper.AutomaticEnv()
+	var err error
+	serverProfile, err = profile.GetProfile()
+	if err != nil {
+		log.Error("failed to get profile", zap.Error(err))
+		return
+	}
+
+	println("---")
+	println("Server profile")
+	println("dsn:", serverProfile.DSN)
+	println("port:", serverProfile.Port)
+	println("mode:", serverProfile.Mode)
+	println("version:", serverProfile.Version)
+	println("---")
+}
+
+func printGreetings() {
+	println(greetingBanner)
+	fmt.Printf("Version %s has been started on port %d\n", serverProfile.Version, serverProfile.Port)
+	println("---")
+	println("See more in:")
+	fmt.Printf("👉GitHub: %s\n", "https://github.com/yourselfhosted/slash")
+	println("---")
+}
+
+func main() {
+	err := Execute()
+	if err != nil {
+		panic(err)
+	}
+}
--- a/cmd/shortify/main.go
+++ b/cmd/shortify/main.go
@ -1,137 +0,0 @@
-package main
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"os"
-	"os/signal"
-	"syscall"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-	_ "modernc.org/sqlite"
-
-	"github.com/boojack/shortify/server"
-	_profile "github.com/boojack/shortify/server/profile"
-	"github.com/boojack/shortify/store"
-	"github.com/boojack/shortify/store/db"
-)
-
-const (
-	greetingBanner = `
-███████╗██╗  ██╗ ██████╗ ██████╗ ████████╗██╗███████╗██╗   ██╗
-██╔════╝██║  ██║██╔═══██╗██╔══██╗╚══██╔══╝██║██╔════╝╚██╗ ██╔╝
-███████╗███████║██║   ██║██████╔╝   ██║   ██║█████╗   ╚████╔╝ 
-╚════██║██╔══██║██║   ██║██╔══██╗   ██║   ██║██╔══╝    ╚██╔╝  
-███████║██║  ██║╚██████╔╝██║  ██║   ██║   ██║██║        ██║   
-╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚═╝  ╚═╝   ╚═╝   ╚═╝╚═╝        ╚═╝   
-`
-)
-
-var (
-	profile *_profile.Profile
-	mode    string
-	port    int
-	data    string
-
-	rootCmd = &cobra.Command{
-		Use:   "shortify",
-		Short: "",
-		Run: func(_cmd *cobra.Command, _args []string) {
-			ctx, cancel := context.WithCancel(context.Background())
-			db := db.NewDB(profile)
-			if err := db.Open(ctx); err != nil {
-				cancel()
-				fmt.Printf("failed to open db, error: %+v\n", err)
-				return
-			}
-
-			storeInstance := store.New(db.DBInstance, profile)
-			s, err := server.NewServer(ctx, profile, storeInstance)
-			if err != nil {
-				cancel()
-				fmt.Printf("failed to create server, error: %+v\n", err)
-				return
-			}
-
-			c := make(chan os.Signal, 1)
-			// Trigger graceful shutdown on SIGINT or SIGTERM.
-			// The default signal sent by the `kill` command is SIGTERM,
-			// which is taken as the graceful shutdown signal for many systems, eg., Kubernetes, Gunicorn.
-			signal.Notify(c, os.Interrupt, syscall.SIGTERM)
-			go func() {
-				sig := <-c
-				fmt.Printf("%s received.\n", sig.String())
-				s.Shutdown(ctx)
-				cancel()
-			}()
-
-			println(greetingBanner)
-			fmt.Printf("Version %s has started at :%d\n", profile.Version, profile.Port)
-			if err := s.Start(ctx); err != nil {
-				if err != http.ErrServerClosed {
-					fmt.Printf("failed to start server, error: %+v\n", err)
-					cancel()
-				}
-			}
-
-			// Wait for CTRL-C.
-			<-ctx.Done()
-		},
-	}
-)
-
-func Execute() error {
-	return rootCmd.Execute()
-}
-
-func init() {
-	cobra.OnInitialize(initConfig)
-
-	rootCmd.PersistentFlags().StringVarP(&mode, "mode", "m", "dev", `mode of server, can be "prod" or "dev"`)
-	rootCmd.PersistentFlags().IntVarP(&port, "port", "p", 8082, "port of server")
-	rootCmd.PersistentFlags().StringVarP(&data, "data", "d", "", "data directory")
-
-	err := viper.BindPFlag("mode", rootCmd.PersistentFlags().Lookup("mode"))
-	if err != nil {
-		panic(err)
-	}
-	err = viper.BindPFlag("port", rootCmd.PersistentFlags().Lookup("port"))
-	if err != nil {
-		panic(err)
-	}
-	err = viper.BindPFlag("data", rootCmd.PersistentFlags().Lookup("data"))
-	if err != nil {
-		panic(err)
-	}
-
-	viper.SetDefault("mode", "dev")
-	viper.SetDefault("port", 8082)
-	viper.SetEnvPrefix("shortify")
-}
-
-func initConfig() {
-	viper.AutomaticEnv()
-	var err error
-	profile, err = _profile.GetProfile()
-	if err != nil {
-		fmt.Printf("failed to get profile, error: %+v\n", err)
-		return
-	}
-
-	println("---")
-	println("Server profile")
-	println("dsn:", profile.DSN)
-	println("port:", profile.Port)
-	println("mode:", profile.Mode)
-	println("version:", profile.Version)
-	println("---")
-}
-
-func main() {
-	err := Execute()
-	if err != nil {
-		panic(err)
-	}
-}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,13 @@
+version: '3'
+services:
+  slash:
+    image: yourselfhosted/slash:latest
+    container_name: slash
+    ports:
+      - 5231:5231
+    volumes:
+      - slash:/var/opt/slash
+    restart: unless-stopped
+
+volumes:
+  slash:
--- a/docs/assets/browser-extension-example.png
+++ b/docs/assets/browser-extension-example.png
--- a/docs/assets/demo.png
+++ b/docs/assets/demo.png
--- a/docs/assets/extension-usage/copy-access-token.png
+++ b/docs/assets/extension-usage/copy-access-token.png
--- a/docs/assets/extension-usage/create-access-token.png
+++ b/docs/assets/extension-usage/create-access-token.png
--- a/docs/assets/extension-usage/extension-screenshot.png
+++ b/docs/assets/extension-usage/extension-screenshot.png
--- a/docs/assets/extension-usage/extension-setting-button.png
+++ b/docs/assets/extension-usage/extension-setting-button.png
--- a/docs/assets/extension-usage/extension-setting-page.png
+++ b/docs/assets/extension-usage/extension-setting-page.png
--- a/docs/assets/extension-usage/shortcut-url.png
+++ b/docs/assets/extension-usage/shortcut-url.png
--- a/docs/assets/logo.png
+++ b/docs/assets/logo.png
--- a/docs/getting-started/collections.md
+++ b/docs/getting-started/collections.md
@ -0,0 +1,43 @@
+# Slash Collections
+
+**Slash Collections** introduces a feature to help you better organize and manage related Shortcuts.
+
+## What is a Collection?
+
+A Collection is like a virtual folder where you can group and organize your related Shortcuts. It acts as a container that holds Shortcuts together for a specific purpose or theme. Let's break down the key attributes:
+
+- **Name:** Your chosen label for the Collection. This becomes a crucial part of the URL, enabling direct and quick access to the Collection. For example, if your Collection is named "work-projects", the direct access link would be `c/work-projects`. This user-defined name significantly enhances the accessibility and recognition of your Collections.
+- **Title:** A brief title summarizing the Collection's content.
+- **Description:** A short description explaining what the Collection is about.
+- **Shortcuts:** The Shortcuts included in the Collection.
+- **Visibility:** Settings to control who can access the Collection.
+
+## What Problems Does It Solve?
+
+Slash Collections tackle the challenge of efficiently managing and organizing related Shortcuts. By grouping Shortcuts into Collections, you can create a more structured and accessible workflow. This makes it easier to find, access, and share information based on specific themes or projects.
+
+## How to Use Collections
+
+### Creating a Collection
+
+1. **Define the Collection:** Give your Collection a meaningful name and a descriptive title.
+2. **Add Details:** Provide a brief description of the content within the Collection.
+3. **Add Shortcuts:** Include relevant Shortcuts by selecting them from your existing list.
+4. **Set Visibility:** Choose who should have access to the Collection.
+5. **Save:** Once saved, your Collection is ready to use.
+
+### Accessing Collections
+
+Access a Collection directly by using the assigned name. For example, if your Collection is named "work-projects", the direct access link would be `{YOUR_DOMAIN}/c/work-projects`.
+
+### Updating and Managing Collections
+
+Modify Collection details, such as name, title, or included Shortcuts, to keep your organization streamlined and relevant.
+
+### Sharing Collections
+
+Share Collections by providing the assigned name to collaborators for easy access to grouped Shortcuts.
+
+## Conclusion
+
+Slash Collections offer a user-friendly and organized way to group, manage, and share related Shortcuts. By utilizing the defined Collection attributes, users can seamlessly categorize and access information, promoting collaboration and improving overall productivity.
--- a/docs/getting-started/shortcuts.md
+++ b/docs/getting-started/shortcuts.md
@ -0,0 +1,47 @@
+# Slash Shortcuts
+
+**Slash Shortcuts** is a handy tool designed to make handling and sharing links in your digital workspace a breeze.
+
+## What is a Shortcut?
+
+A Shortcut is a simplified version of a link with essential details, making it easy to remember, organize, and share. Let's break down the key elements:
+
+- **Name:** Your chosen label for the Shortcut. This becomes a crucial part of the URL, enabling direct and quick access to the Shortcut. For example, if your Shortcut is named "meet-john", the direct access link would be `s/meet-john`. This user-defined name significantly enhances the accessibility and recognition of your Shortcuts.
+- **Link:** The original web link you want to streamline.
+- **Title:** A quick overview of what's behind the link.
+- **Tags:** Custom labels for easy sorting.
+- **Description:** A short summary of the content.
+- **Visibility:** Controls who can access the Shortcut.
+
+## How to Use Shortcuts
+
+### Creating a Shortcut
+
+1. **Define the Link:** Paste the original link you want to simplify.
+2. **Add Details:** Give it a name, tags, and a brief description for better organization.
+3. **Set Visibility:** Choose who should be able to access the Shortcut.
+4. **Save:** Once saved, your Shortcut is ready to go.
+
+### Accessing Shortcuts
+
+#### Direct Access
+
+Effortlessly access your Shortcut's content directly by using the assigned name as part of the Slash Shortcuts format.
+
+For example, if your Shortcut is named "meet-john", the direct access link would be `{YOUR_DOMAIN}/s/meet-john`. Simply enter this user-friendly shortcut into your browser to reach the associated content with ease.
+
+#### Browser Extension Access
+
+Install the Slash Shortcuts browser extension for even quicker access. Once installed, simply type `s/meet-john` into your browser's address bar, and the extension will seamlessly redirect you to the corresponding page.
+
+### Updating and Managing Shortcuts
+
+Adjust attributes like name and tags to update a Shortcut. Keep your Shortcuts organized based on categories and visibility settings.
+
+### Sharing Shortcuts
+
+Share Shortcuts by providing the assigned name to collaborators for easy access.
+
+## Conclusion
+
+Shortcuts provide a simple way to manage, organize, and share links within your digital workspace. By using the defined Shortcut attributes, users can easily create, access, and share information, promoting collaboration and boosting productivity.
--- a/docs/install-browser-extension.md
+++ b/docs/install-browser-extension.md
@ -0,0 +1,45 @@
+# The Browser Extension of Slash
+
+Slash provides a browser extension to help you use your shortcuts in the search bar to go to the corresponding URL.
+
+## How to use
+
+### Install the extension
+
+For Chromuim based browsers, you can install the extension from the [Chrome Web Store](https://chrome.google.com/webstore/detail/slash/ebaiehmkammnacjadffpicipfckgeobg).
+
+For Firefox, you can install the extension from the [Firefox Add-ons](https://addons.mozilla.org/en-US/firefox/addon/your-slash/).
+
+### Generate an access token
+
+1. Go to your Slash instance and sign in with your account.
+
+2. Go to the settings page and click on the "Create" button to create an access token.
+
+   ![](./assets/extension-usage/create-access-token.png)
+
+3. Copy the access token and save it somewhere safe.
+
+   ![](./assets/extension-usage/copy-access-token.png)
+
+### Configure the extension
+
+1. Click on the extension icon and click on the "Settings" button.
+
+   ![](./assets/extension-usage/extension-setting-button.png)
+
+2. Enter your Slash's domain and paste the access token you generated in the previous step.
+
+   ![](./assets/extension-usage/extension-setting-page.png)
+
+3. Click on the "Save" button to save the settings.
+
+4. Click on the extension icon again, you will see a list of your shortcuts.
+
+   ![](./assets/extension-usage/extension-screenshot.png)
+
+### Use your shortcuts in the search bar
+
+You can use your shortcuts in the search bar of your browser. For example, if you have a shortcut named `gh` for [GitHub](https://github.com), you can type `s/gh` in the search bar and press `Enter` to go to [GitHub](https://github.com).
+
+![](./assets/extension-usage/shortcut-url.png)
--- a/docs/install.md
+++ b/docs/install.md
@ -0,0 +1,59 @@
+# Self-hosting Slash with Docker
+
+Slash is designed for self-hosting through Docker. No Docker expertise is required to launch your own instance. Just basic understanding of command line and networking.
+
+## Requirements
+
+The only requirement is a server with Docker installed.
+
+## Docker Run
+
+To deploy Slash using docker run, just one command is needed:
+
+```bash
+docker run -d --name slash --publish 5231:5231 --volume ~/.slash/:/var/opt/slash yourselfhosted/slash:latest
+```
+
+This will start Slash in the background and expose it on port `5231`. Data is stored in `~/.slash/`. You can customize the port and data directory.
+
+### Upgrade
+
+To upgrade Slash to latest version, stop and remove the old container first:
+
+```bash
+docker stop slash && docker rm slash
+```
+
+It's recommended but optional to backup database:
+
+```bash
+cp -r ~/.slash/slash_prod.db ~/.slash/slash_prod.db.bak
+```
+
+Then pull the latest image:
+
+```bash
+docker pull yourselfhosted/slash:latest
+```
+
+Finally, restart Slash by following the steps in [Docker Run](#docker-run).
+
+## Docker Compose Run
+
+Assume that docker compose is deployed in the `/opt/slash` directory.
+
+```bash
+mkdir -p /opt/slash && cd /opt/slash
+curl -#LO https://github.com/yourselfhosted/slash/raw/main/docker-compose.yml
+docker compose up -d
+```
+
+This will start Slash in the background and expose it on port `5231`. Data is stored in Docker Volume `slash_slash`. You can customize the port and backup your volume.
+
+### Upgrade
+
+```bash
+cd /opt/slash
+docker compose pull
+docker compose up -d
+```
--- a/frontend/extension/.eslintrc.json
+++ b/frontend/extension/.eslintrc.json
--- a/frontend/extension/.gitignore
+++ b/frontend/extension/.gitignore
@ -0,0 +1,40 @@
+
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+#cache
+.turbo
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# local env files
+.env*
+
+out/
+build/
+dist/
+
+.plasmo
+
+# bpp - http://bpp.browser.market/
+keys.json
+
+# typescript
+.tsbuildinfo
+
+src/types/proto
--- a/frontend/extension/.prettierrc.js
+++ b/frontend/extension/.prettierrc.js
@ -0,0 +1,8 @@
+module.exports = {
+  printWidth: 140,
+  useTabs: false,
+  semi: true,
+  singleQuote: false,
+  plugins: [require.resolve("@trivago/prettier-plugin-sort-imports")],
+  importOrder: ["<BUILTIN_MODULES>", "<THIRD_PARTY_MODULES>", "^@/((?!css).+)", "^[./]", "^[../]", "^(.+).css"],
+};
--- a/frontend/extension/README.md
+++ b/frontend/extension/README.md
@ -0,0 +1 @@
+# Slash Browser Extension
--- a/frontend/extension/assets/icon.png
+++ b/frontend/extension/assets/icon.png
--- a/frontend/extension/package.json
+++ b/frontend/extension/package.json
@ -0,0 +1,61 @@
+{
+  "name": "slash-extension",
+  "displayName": "Slash",
+  "version": "1.0.3",
+  "description": "An open source, self-hosted bookmarks and link sharing platform. Save and share your links very easily.",
+  "scripts": {
+    "dev": "plasmo dev",
+    "build": "plasmo build",
+    "package": "plasmo package",
+    "lint": "eslint --ext .js,.ts,.tsx, src",
+    "lint-fix": "eslint --ext .js,.ts,.tsx, src --fix",
+    "type-gen": "cd ../../proto && buf generate"
+  },
+  "dependencies": {
+    "@emotion/react": "^11.11.1",
+    "@emotion/styled": "^11.11.0",
+    "@mui/joy": "5.0.0-beta.19",
+    "@plasmohq/storage": "^1.9.0",
+    "axios": "^1.6.2",
+    "classnames": "^2.3.2",
+    "lodash-es": "^4.17.21",
+    "lucide-react": "^0.264.0",
+    "plasmo": "^0.83.1",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0",
+    "react-hot-toast": "^2.4.1",
+    "zustand": "^4.4.7"
+  },
+  "devDependencies": {
+    "@bufbuild/buf": "^1.28.1",
+    "@trivago/prettier-plugin-sort-imports": "^4.3.0",
+    "@types/chrome": "^0.0.241",
+    "@types/lodash-es": "^4.17.12",
+    "@types/node": "^20.10.5",
+    "@types/react": "^18.2.45",
+    "@types/react-dom": "^18.2.18",
+    "@typescript-eslint/eslint-plugin": "^6.15.0",
+    "@typescript-eslint/parser": "^6.15.0",
+    "autoprefixer": "^10.4.16",
+    "eslint": "^8.56.0",
+    "eslint-config-prettier": "^8.10.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-plugin-react": "^7.33.2",
+    "long": "^5.2.3",
+    "postcss": "^8.4.32",
+    "prettier": "^2.8.8",
+    "protobufjs": "^7.2.5",
+    "tailwindcss": "^3.4.0",
+    "typescript": "^5.3.3"
+  },
+  "manifest": {
+    "permissions": [
+      "activeTab",
+      "storage",
+      "webRequest"
+    ],
+    "host_permissions": [
+      "*://*/*"
+    ]
+  }
+}
--- a/frontend/extension/pnpm-lock.yaml
+++ b/frontend/extension/pnpm-lock.yaml
--- a/frontend/extension/postcss.config.js
+++ b/frontend/extension/postcss.config.js
@ -0,0 +1,10 @@
+/* eslint-disable no-undef */
+/**
+ * @type {import('postcss').ProcessOptions}
+ */
+module.exports = {
+  plugins: {
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+};
--- a/frontend/extension/src/background.ts
+++ b/frontend/extension/src/background.ts
@ -0,0 +1,53 @@
+import { Storage } from "@plasmohq/storage";
+
+const storage = new Storage();
+const urlRegex = /https?:\/\/s\/(.+)/;
+
+chrome.webRequest.onBeforeRequest.addListener(
+  (param) => {
+    (async () => {
+      if (!param.url) {
+        return;
+      }
+
+      const shortcutName = getShortcutNameFromUrl(param.url);
+      if (shortcutName) {
+        const instanceUrl = (await storage.getItem<string>("domain")) || "";
+        return chrome.tabs.update({ url: `${instanceUrl}/s/${shortcutName}` });
+      }
+    })();
+  },
+  { urls: ["*://s/*", "*://*/search*"] }
+);
+
+const getShortcutNameFromUrl = (urlString: string) => {
+  const matchResult = urlRegex.exec(urlString);
+  if (matchResult === null) {
+    return getShortcutNameFromSearchUrl(urlString);
+  }
+  return matchResult[1];
+};
+
+const getShortcutNameFromSearchUrl = (urlString: string) => {
+  const url = new URL(urlString);
+  if ((url.hostname === "www.google.com" || url.hostname === "www.bing.com") && url.pathname === "/search") {
+    const params = new URLSearchParams(url.search);
+    const shortcutName = params.get("q");
+    if (typeof shortcutName === "string" && shortcutName.startsWith("s/")) {
+      return shortcutName.slice(2);
+    }
+  } else if (url.hostname === "www.baidu.com" && url.pathname === "/s") {
+    const params = new URLSearchParams(url.search);
+    const shortcutName = params.get("wd");
+    if (typeof shortcutName === "string" && shortcutName.startsWith("s/")) {
+      return shortcutName.slice(2);
+    }
+  } else if (url.hostname === "duckduckgo.com" && url.pathname === "/") {
+    const params = new URLSearchParams(url.search);
+    const shortcutName = params.get("q");
+    if (typeof shortcutName === "string" && shortcutName.startsWith("s/")) {
+      return shortcutName.slice(2);
+    }
+  }
+  return "";
+};
--- a/frontend/extension/src/components/CreateShortcutButton.tsx
+++ b/frontend/extension/src/components/CreateShortcutButton.tsx
@ -0,0 +1,153 @@
+import { Button, IconButton, Input, Modal, ModalDialog } from "@mui/joy";
+import { useStorage } from "@plasmohq/storage/hook";
+import { useEffect, useState } from "react";
+import { toast } from "react-hot-toast";
+import useShortcutStore from "@/store/shortcut";
+import { Visibility } from "@/types/proto/api/v2/common";
+import { Shortcut } from "@/types/proto/api/v2/shortcut_service";
+import Icon from "./Icon";
+
+interface State {
+  name: string;
+  title: string;
+  link: string;
+}
+
+const CreateShortcutButton = () => {
+  const [instanceUrl] = useStorage("domain");
+  const [accessToken] = useStorage("access_token");
+  const shortcutStore = useShortcutStore();
+  const [state, setState] = useState<State>({
+    name: "",
+    title: "",
+    link: "",
+  });
+  const [isLoading, setIsLoading] = useState(false);
+  const [showModal, setShowModal] = useState(false);
+
+  useEffect(() => {
+    if (showModal) {
+      document.body.style.height = "384px";
+    } else {
+      document.body.style.height = "auto";
+    }
+  }, [showModal]);
+
+  const handleCreateShortcutButtonClick = async () => {
+    chrome.tabs.query({ active: true, currentWindow: true }, async (tabs) => {
+      if (tabs.length === 0) {
+        toast.error("No active tab found");
+        return;
+      }
+      const tab = tabs[0];
+      setState((state) => ({
+        ...state,
+        name: "",
+        title: tab.title || "",
+        link: tab.url || "",
+      }));
+      setShowModal(true);
+    });
+  };
+
+  const handleNameInputChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    setState((state) => ({
+      ...state,
+      name: e.target.value,
+    }));
+  };
+
+  const handleTitleInputChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    setState((state) => ({
+      ...state,
+      title: e.target.value,
+    }));
+  };
+
+  const handleLinkInputChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    setState((state) => ({
+      ...state,
+      link: e.target.value,
+    }));
+  };
+
+  const handleSaveBtnClick = async () => {
+    if (isLoading) {
+      return;
+    }
+    if (!state.name) {
+      toast.error("Name is required");
+      return;
+    }
+
+    setIsLoading(true);
+    try {
+      await shortcutStore.createShortcut(
+        instanceUrl,
+        accessToken,
+        Shortcut.fromPartial({
+          name: state.name,
+          title: state.title,
+          link: state.link,
+          visibility: Visibility.PUBLIC,
+        })
+      );
+      toast.success("Shortcut created successfully");
+      setShowModal(false);
+    } catch (error: any) {
+      console.error(error);
+      toast.error(error.details);
+    }
+    setIsLoading(false);
+  };
+
+  return (
+    <>
+      <IconButton color="primary" variant="solid" size="sm" onClick={() => handleCreateShortcutButtonClick()}>
+        <Icon.Plus className="w-5 h-auto" />
+      </IconButton>
+
+      <Modal container={() => document.body} open={showModal} onClose={() => setShowModal(false)}>
+        <ModalDialog className="w-3/4">
+          <div className="w-full flex flex-row justify-between items-center mb-2">
+            <span className="text-base font-medium">Create Shortcut</span>
+            <Button size="sm" variant="plain" onClick={() => setShowModal(false)}>
+              <Icon.X className="w-5 h-auto text-gray-600" />
+            </Button>
+          </div>
+          <div className="overflow-x-hidden w-full flex flex-col justify-start items-center">
+            <div className="w-full flex flex-row justify-start items-center mb-2">
+              <span className="block w-12 mr-2 shrink-0">Name</span>
+              <Input className="grow" type="text" placeholder="Unique shortcut name" value={state.name} onChange={handleNameInputChange} />
+            </div>
+            <div className="w-full flex flex-row justify-start items-center mb-2">
+              <span className="block w-12 mr-2 shrink-0">Title</span>
+              <Input className="grow" type="text" placeholder="Shortcut title" value={state.title} onChange={handleTitleInputChange} />
+            </div>
+            <div className="w-full flex flex-row justify-start items-center mb-2">
+              <span className="block w-12 mr-2 shrink-0">Link</span>
+              <Input
+                className="grow"
+                type="text"
+                placeholder="e.g., https://github.com/yourselfhosted/slash"
+                value={state.link}
+                onChange={handleLinkInputChange}
+              />
+            </div>
+
+            <div className="w-full flex flex-row justify-end items-center mt-2 space-x-2">
+              <Button color="neutral" variant="plain" onClick={() => setShowModal(false)}>
+                Cancel
+              </Button>
+              <Button color="primary" disabled={isLoading} loading={isLoading} onClick={handleSaveBtnClick}>
+                Save
+              </Button>
+            </div>
+          </div>
+        </ModalDialog>
+      </Modal>
+    </>
+  );
+};
+
+export default CreateShortcutButton;
--- a/frontend/extension/src/components/Icon.ts
+++ b/frontend/extension/src/components/Icon.ts
--- a/frontend/extension/src/components/Logo.tsx
+++ b/frontend/extension/src/components/Logo.tsx
@ -0,0 +1,12 @@
+import classNames from "classnames";
+import LogoBase64 from "data-base64:../..//assets/icon.png";
+
+interface Props {
+  className?: string;
+}
+
+const Logo = ({ className }: Props) => {
+  return <img className={classNames("rounded-full", className)} src={LogoBase64} alt="" />;
+};
+
+export default Logo;
--- a/frontend/extension/src/components/PullShortcutsButton.tsx
+++ b/frontend/extension/src/components/PullShortcutsButton.tsx
@ -0,0 +1,37 @@
+import { IconButton } from "@mui/joy";
+import { useStorage } from "@plasmohq/storage/hook";
+import { useEffect } from "react";
+import { toast } from "react-hot-toast";
+import useShortcutStore from "@/store/shortcut";
+import Icon from "./Icon";
+
+const PullShortcutsButton = () => {
+  const [instanceUrl] = useStorage("domain");
+  const [accessToken] = useStorage("access_token");
+  const shortcutStore = useShortcutStore();
+
+  useEffect(() => {
+    if (instanceUrl && accessToken) {
+      handlePullShortcuts(true);
+    }
+  }, [instanceUrl, accessToken]);
+
+  const handlePullShortcuts = async (silence = false) => {
+    try {
+      await shortcutStore.fetchShortcutList(instanceUrl, accessToken);
+      if (!silence) {
+        toast.success("Shortcuts pulled");
+      }
+    } catch (error) {
+      toast.error("Failed to pull shortcuts, error: " + error.message);
+    }
+  };
+
+  return (
+    <IconButton color="neutral" variant="plain" size="sm" onClick={() => handlePullShortcuts()}>
+      <Icon.RefreshCcw className="w-4 h-auto" />
+    </IconButton>
+  );
+};
+
+export default PullShortcutsButton;
--- a/frontend/extension/src/components/ShortcutView.tsx
+++ b/frontend/extension/src/components/ShortcutView.tsx
@ -0,0 +1,66 @@
+import { useStorage } from "@plasmohq/storage/hook";
+import classNames from "classnames";
+import { getFaviconWithGoogleS2 } from "@/helpers/utils";
+import type { Shortcut } from "@/types/proto/api/v2/shortcut_service";
+import Icon from "./Icon";
+
+interface Props {
+  shortcut: Shortcut;
+}
+
+const ShortcutView = (props: Props) => {
+  const { shortcut } = props;
+  const [domain] = useStorage<string>("domain", "");
+  const favicon = getFaviconWithGoogleS2(shortcut.link);
+
+  const handleShortcutLinkClick = () => {
+    const shortcutLink = `${domain}/s/${shortcut.name}`;
+    chrome.tabs.create({ url: shortcutLink });
+  };
+
+  return (
+    <>
+      <div
+        className={classNames(
+          "group w-full px-3 py-2 flex flex-col justify-start items-start border rounded-lg hover:bg-gray-100 hover:shadow dark:border-zinc-800 dark:hover:bg-zinc-800"
+        )}
+      >
+        <div className="w-full flex flex-row justify-start items-center">
+          <span className={classNames("w-5 h-5 flex justify-center items-center overflow-clip shrink-0")}>
+            {favicon ? (
+              <img className="w-full h-auto rounded" src={favicon} decoding="async" loading="lazy" />
+            ) : (
+              <Icon.CircleSlash className="w-full h-auto text-gray-400" />
+            )}
+          </span>
+          <div className="ml-1 w-[calc(100%-20px)] flex flex-col justify-start items-start">
+            <div className="w-full flex flex-row justify-start items-center">
+              <button
+                className={classNames(
+                  "max-w-full flex flex-row px-1 mr-1 justify-start items-center cursor-pointer rounded-md hover:underline"
+                )}
+                onClick={handleShortcutLinkClick}
+              >
+                <div className="truncate">
+                  <span className="dark:text-gray-400">{shortcut.title}</span>
+                  {shortcut.title ? (
+                    <span className="text-gray-500">({shortcut.name})</span>
+                  ) : (
+                    <>
+                      <span className="truncate dark:text-gray-400">{shortcut.name}</span>
+                    </>
+                  )}
+                </div>
+                <span className="hidden group-hover:block ml-1 cursor-pointer shrink-0">
+                  <Icon.ExternalLink className="w-4 h-auto text-gray-600" />
+                </span>
+              </button>
+            </div>
+          </div>
+        </div>
+      </div>
+    </>
+  );
+};
+
+export default ShortcutView;
--- a/frontend/extension/src/components/ShortcutsContainer.tsx
+++ b/frontend/extension/src/components/ShortcutsContainer.tsx
@ -0,0 +1,26 @@
+import classNames from "classnames";
+import useShortcutStore from "@/store/shortcut";
+import Icon from "./Icon";
+import ShortcutView from "./ShortcutView";
+
+const ShortcutsContainer = () => {
+  const shortcuts = useShortcutStore().getShortcutList();
+
+  return (
+    <div>
+      <div className="w-full flex flex-row justify-start items-center mb-4">
+        <a className="bg-blue-100 dark:bg-blue-500 dark:opacity-70 py-2 px-3 rounded-full border dark:border-blue-600 flex flex-row justify-start items-center cursor-pointer shadow">
+          <Icon.AlertCircle className="w-4 h-auto" />
+          <span className="mx-1 text-sm">Please make sure you have signed in your instance.</span>
+        </a>
+      </div>
+      <div className={classNames("w-full grid grid-cols-2 gap-2")}>
+        {shortcuts.map((shortcut) => {
+          return <ShortcutView key={shortcut.id} shortcut={shortcut} />;
+        })}
+      </div>
+    </div>
+  );
+};
+
+export default ShortcutsContainer;
--- a/frontend/extension/src/helpers/utils.ts
+++ b/frontend/extension/src/helpers/utils.ts
@ -0,0 +1,14 @@
+import { isNull, isUndefined } from "lodash-es";
+
+export const isNullorUndefined = (value: any) => {
+  return isNull(value) || isUndefined(value);
+};
+
+export const getFaviconWithGoogleS2 = (url: string) => {
+  try {
+    const urlObject = new URL(url);
+    return `https://www.google.com/s2/favicons?sz=128&domain=${urlObject.hostname}`;
+  } catch (error) {
+    return undefined;
+  }
+};
--- a/frontend/extension/src/hooks/useColorTheme.ts
+++ b/frontend/extension/src/hooks/useColorTheme.ts
@ -0,0 +1,43 @@
+import { useColorScheme } from "@mui/joy";
+import { useEffect } from "react";
+
+const useColorTheme = () => {
+  const { mode: colorTheme, setMode: setColorTheme } = useColorScheme();
+
+  useEffect(() => {
+    const root = document.documentElement;
+    if (colorTheme === "light") {
+      root.classList.remove("dark");
+    } else if (colorTheme === "dark") {
+      root.classList.add("dark");
+    } else {
+      const darkMediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
+      if (darkMediaQuery.matches) {
+        root.classList.add("dark");
+      } else {
+        root.classList.remove("dark");
+      }
+
+      const handleColorSchemeChange = (e: MediaQueryListEvent) => {
+        if (e.matches) {
+          root.classList.add("dark");
+        } else {
+          root.classList.remove("dark");
+        }
+      };
+      try {
+        darkMediaQuery.addEventListener("change", handleColorSchemeChange);
+      } catch (error) {
+        console.error("failed to initial color scheme listener", error);
+      }
+
+      return () => {
+        darkMediaQuery.removeEventListener("change", handleColorSchemeChange);
+      };
+    }
+  }, [colorTheme]);
+
+  return { colorTheme, setColorTheme };
+};
+
+export default useColorTheme;
--- a/frontend/extension/src/options.tsx
+++ b/frontend/extension/src/options.tsx
@ -0,0 +1,180 @@
+import { Button, CssVarsProvider, Divider, Input, Select, Option } from "@mui/joy";
+import { useStorage } from "@plasmohq/storage/hook";
+import { useEffect, useState } from "react";
+import { Toaster, toast } from "react-hot-toast";
+import Icon from "./components/Icon";
+import Logo from "./components/Logo";
+import PullShortcutsButton from "./components/PullShortcutsButton";
+import ShortcutsContainer from "./components/ShortcutsContainer";
+import useColorTheme from "./hooks/useColorTheme";
+import useShortcutStore from "./store/shortcut";
+import "./style.css";
+
+interface SettingState {
+  domain: string;
+  accessToken: string;
+}
+
+const colorThemeOptions = [
+  {
+    value: "system",
+    label: "System",
+  },
+  {
+    value: "light",
+    label: "Light",
+  },
+  {
+    value: "dark",
+    label: "Dark",
+  },
+];
+
+const IndexOptions = () => {
+  const { colorTheme, setColorTheme } = useColorTheme();
+  const [domain, setDomain] = useStorage<string>("domain", (v) => (v ? v : ""));
+  const [accessToken, setAccessToken] = useStorage<string>("access_token", (v) => (v ? v : ""));
+  const [settingState, setSettingState] = useState<SettingState>({
+    domain,
+    accessToken,
+  });
+  const shortcutStore = useShortcutStore();
+  const shortcuts = shortcutStore.getShortcutList();
+  const isInitialized = domain && accessToken;
+
+  useEffect(() => {
+    setSettingState({
+      domain,
+      accessToken,
+    });
+  }, [domain, accessToken]);
+
+  const setPartialSettingState = (partialSettingState: Partial<SettingState>) => {
+    setSettingState((prevState) => ({
+      ...prevState,
+      ...partialSettingState,
+    }));
+  };
+
+  const handleSaveSetting = () => {
+    setDomain(settingState.domain);
+    setAccessToken(settingState.accessToken);
+    toast.success("Setting saved");
+  };
+
+  const handleSelectColorTheme = async (colorTheme: string) => {
+    setColorTheme(colorTheme as any);
+  };
+
+  return (
+    <div className="w-full px-4">
+      <div className="w-full flex flex-row justify-center items-center">
+        <a
+          className="bg-yellow-100 dark:bg-yellow-500 dark:opacity-70 mt-12 py-2 px-3 rounded-full border dark:border-yellow-600 flex flex-row justify-start items-center cursor-pointer shadow hover:underline hover:text-blue-600"
+          href="https://github.com/yourselfhosted/slash#browser-extension"
+          target="_blank"
+        >
+          <Icon.HelpCircle className="w-4 h-auto" />
+          <span className="mx-1 text-sm">Need help? Check out the docs</span>
+          <Icon.ExternalLink className="w-4 h-auto" />
+        </a>
+      </div>
+
+      <div className="w-full max-w-lg mx-auto flex flex-col justify-start items-start py-12">
+        <h2 className="flex flex-row justify-start items-center mb-6 text-2xl dark:text-gray-400">
+          <Logo className="w-10 h-auto mr-2" />
+          <span>Slash</span>
+          <span className="mx-2 text-gray-400">/</span>
+          <span>Setting</span>
+        </h2>
+
+        <div className="w-full flex flex-col justify-start items-start">
+          <div className="w-full flex flex-col justify-start items-start mb-4">
+            <div className="mb-2 text-base w-full flex flex-row justify-between items-center">
+              <span className="dark:text-gray-400">Instance URL</span>
+              {domain !== "" && (
+                <a
+                  className="text-sm flex flex-row justify-start items-center underline text-blue-600 hover:opacity-80"
+                  href={domain}
+                  target="_blank"
+                >
+                  <span className="mr-1">Go to my Slash</span>
+                  <Icon.ExternalLink className="w-4 h-auto" />
+                </a>
+              )}
+            </div>
+            <div className="relative w-full">
+              <Input
+                className="w-full"
+                type="text"
+                placeholder="The url of your Slash instance. e.g., https://slash.example.com"
+                value={settingState.domain}
+                onChange={(e) => setPartialSettingState({ domain: e.target.value })}
+              />
+            </div>
+          </div>
+
+          <div className="w-full flex flex-col justify-start items-start">
+            <span className="mb-2 text-base dark:text-gray-400">Access Token</span>
+            <div className="relative w-full">
+              <Input
+                className="w-full"
+                type="text"
+                placeholder="An available access token of your account."
+                value={settingState.accessToken}
+                onChange={(e) => setPartialSettingState({ accessToken: e.target.value })}
+              />
+            </div>
+          </div>
+
+          <div className="w-full mt-6 flex flex-row justify-end">
+            <Button onClick={handleSaveSetting}>Save</Button>
+          </div>
+
+          <Divider className="!my-6" />
+
+          <p className="text-base font-semibold leading-6 text-gray-900 dark:text-gray-500">Preference</p>
+
+          <div className="w-full flex flex-row justify-between items-center">
+            <div className="flex flex-row justify-start items-center gap-x-1">
+              <span className="dark:text-gray-400">Color Theme</span>
+            </div>
+            <Select defaultValue={colorTheme} onChange={(_, value) => handleSelectColorTheme(value)}>
+              {colorThemeOptions.map((option) => {
+                return (
+                  <Option key={option.value} value={option.value}>
+                    {option.label}
+                  </Option>
+                );
+              })}
+            </Select>
+          </div>
+        </div>
+
+        {isInitialized && (
+          <>
+            <Divider className="!my-6" />
+
+            <h2 className="flex flex-row justify-start items-center mb-4">
+              <span className="text-lg dark:text-gray-400">Shortcuts</span>
+              <span className="text-gray-500 mr-1">({shortcuts.length})</span>
+              <PullShortcutsButton />
+            </h2>
+            <ShortcutsContainer />
+          </>
+        )}
+      </div>
+    </div>
+  );
+};
+
+const Options = () => {
+  return (
+    <CssVarsProvider>
+      <IndexOptions />
+      <Toaster position="top-center" />
+    </CssVarsProvider>
+  );
+};
+
+export default Options;
--- a/frontend/extension/src/popup.tsx
+++ b/frontend/extension/src/popup.tsx
@ -0,0 +1,127 @@
+import { Button, CssVarsProvider, Divider, IconButton } from "@mui/joy";
+import { useStorage } from "@plasmohq/storage/hook";
+import { useEffect } from "react";
+import { Toaster } from "react-hot-toast";
+import CreateShortcutButton from "@/components/CreateShortcutButton";
+import Icon from "@/components/Icon";
+import Logo from "@/components/Logo";
+import PullShortcutsButton from "@/components/PullShortcutsButton";
+import ShortcutsContainer from "@/components/ShortcutsContainer";
+import useColorTheme from "./hooks/useColorTheme";
+import useShortcutStore from "./store/shortcut";
+import "./style.css";
+
+const IndexPopup = () => {
+  useColorTheme();
+  const [instanceUrl] = useStorage<string>("domain", "");
+  const [accessToken] = useStorage<string>("access_token", "");
+  const shortcutStore = useShortcutStore();
+  const shortcuts = shortcutStore.getShortcutList();
+  const isInitialized = instanceUrl && accessToken;
+
+  useEffect(() => {
+    if (!isInitialized) {
+      return;
+    }
+
+    shortcutStore.fetchShortcutList(instanceUrl, accessToken);
+  }, [isInitialized]);
+
+  const handleSettingButtonClick = () => {
+    chrome.runtime.openOptionsPage();
+  };
+
+  const handleRefreshButtonClick = () => {
+    chrome.runtime.reload();
+    chrome.browserAction.setPopup({ popup: "" });
+  };
+
+  return (
+    <div className="w-full min-w-[512px] px-4 pt-4">
+      <div className="w-full flex flex-row justify-between items-center">
+        <div className="flex flex-row justify-start items-center dark:text-gray-400">
+          <Logo className="w-6 h-auto mr-1" />
+          <span className="">Slash</span>
+          {isInitialized && (
+            <>
+              <span className="mx-1 text-gray-400">/</span>
+              <span>Shortcuts</span>
+              <span className="text-gray-500 mr-0.5">({shortcuts.length})</span>
+              <PullShortcutsButton />
+            </>
+          )}
+        </div>
+        <div>{isInitialized && <CreateShortcutButton />}</div>
+      </div>
+
+      <div className="w-full mt-4">
+        {isInitialized ? (
+          <>
+            {shortcuts.length !== 0 ? (
+              <ShortcutsContainer />
+            ) : (
+              <div className="w-full flex flex-col justify-center items-center">
+                <p>No shortcut found.</p>
+              </div>
+            )}
+
+            <Divider className="!mt-4 !mb-2 opacity-40" />
+
+            <div className="w-full flex flex-row justify-between items-center mb-2">
+              <div className="flex flex-row justify-start items-center">
+                <IconButton size="sm" variant="plain" color="neutral" onClick={handleSettingButtonClick}>
+                  <Icon.Settings className="w-5 h-auto text-gray-500 dark:text-gray-400" />
+                </IconButton>
+                <IconButton
+                  size="sm"
+                  variant="plain"
+                  color="neutral"
+                  component="a"
+                  href="https://github.com/yourselfhosted/slash"
+                  target="_blank"
+                >
+                  <Icon.Github className="w-5 h-auto text-gray-500 dark:text-gray-400" />
+                </IconButton>
+              </div>
+              <div className="flex flex-row justify-end items-center">
+                <a
+                  className="text-sm flex flex-row justify-start items-center underline text-blue-600 hover:opacity-80"
+                  href={instanceUrl}
+                  target="_blank"
+                >
+                  <span className="mr-1">Go to my Slash</span>
+                  <Icon.ExternalLink className="w-4 h-auto" />
+                </a>
+              </div>
+            </div>
+          </>
+        ) : (
+          <div className="w-full flex flex-col justify-start items-center">
+            <Icon.Cookie strokeWidth={1} className="w-20 h-auto mb-4 text-gray-400" />
+            <p className="dark:text-gray-400">Please set your instance URL and access token first.</p>
+            <div className="w-full flex flex-row justify-center items-center py-4">
+              <Button size="sm" color="primary" onClick={handleSettingButtonClick}>
+                <Icon.Settings className="w-5 h-auto mr-1" /> Go to Setting
+              </Button>
+              <span className="mx-2 dark:text-gray-400">Or</span>
+              <Button size="sm" variant="outlined" color="neutral" onClick={handleRefreshButtonClick}>
+                <Icon.RefreshCcw className="w-5 h-auto mr-1" /> Refresh
+              </Button>
+            </div>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+};
+
+const Popup = () => {
+  return (
+    <CssVarsProvider>
+      <IndexPopup />
+      <Toaster position="top-center" />
+    </CssVarsProvider>
+  );
+};
+
+export default Popup;
--- a/frontend/extension/src/store/shortcut.ts
+++ b/frontend/extension/src/store/shortcut.ts
@ -0,0 +1,55 @@
+import axios from "axios";
+import { create } from "zustand";
+import { combine } from "zustand/middleware";
+import { CreateShortcutResponse, ListShortcutsResponse, Shortcut } from "@/types/proto/api/v2/shortcut_service";
+
+interface State {
+  shortcutMapById: Record<number, Shortcut>;
+}
+
+const getDefaultState = (): State => {
+  return {
+    shortcutMapById: {},
+  };
+};
+
+const useShortcutStore = create(
+  combine(getDefaultState(), (set, get) => ({
+    fetchShortcutList: async (instanceUrl: string, accessToken: string) => {
+      const {
+        data: { shortcuts },
+      } = await axios.get<ListShortcutsResponse>(`${instanceUrl}/api/v2/shortcuts`, {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+        },
+      });
+      const shortcutMap = get().shortcutMapById;
+      shortcuts.forEach((shortcut) => {
+        shortcutMap[shortcut.id] = shortcut;
+      });
+      set({ shortcutMapById: shortcutMap });
+      return shortcuts;
+    },
+    getShortcutList: () => {
+      return Object.values(get().shortcutMapById);
+    },
+    createShortcut: async (instanceUrl: string, accessToken: string, create: Shortcut) => {
+      const {
+        data: { shortcut },
+      } = await axios.post<CreateShortcutResponse>(`${instanceUrl}/api/v2/shortcuts`, create, {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+        },
+      });
+      if (!shortcut) {
+        throw new Error(`Failed to create shortcut`);
+      }
+      const shortcutMap = get().shortcutMapById;
+      shortcutMap[shortcut.id] = shortcut;
+      set({ shortcutMapById: shortcutMap });
+      return shortcut;
+    },
+  }))
+);
+
+export default useShortcutStore;
--- a/frontend/extension/src/style.css
+++ b/frontend/extension/src/style.css
@ -5,8 +5,21 @@
 body,
 html,
 #root {
-  @apply text-base w-full h-full;
+  @apply text-base dark:bg-zinc-900;
  font-family: -apple-system, BlinkMacSystemFont, "PingFang SC", "Noto Sans", "Noto Sans CJK SC", "Microsoft YaHei UI", "Microsoft YaHei",
    "WenQuanYi Micro Hei", sans-serif, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol",
    "Noto Color Emoji";
 }
+
+@layer utilities {
+  /* Hide scrollbar for Chrome, Safari and Opera */
+  .no-scrollbar::-webkit-scrollbar {
+    display: none;
+  }
+
+  /* Hide scrollbar for IE, Edge and Firefox */
+  .no-scrollbar {
+    -ms-overflow-style: none; /* IE and Edge */
+    scrollbar-width: none; /* Firefox */
+  }
+}
--- a/frontend/extension/tailwind.config.js
+++ b/frontend/extension/tailwind.config.js
@ -0,0 +1,8 @@
+/* eslint-disable no-undef */
+/** @type {import('tailwindcss').Config} */
+module.exports = {
+  mode: "jit",
+  darkMode: "class",
+  content: ["./**/*.tsx"],
+  plugins: [],
+};
--- a/frontend/extension/tsconfig.json
+++ b/frontend/extension/tsconfig.json
@ -0,0 +1,20 @@
+{
+  "extends": "plasmo/templates/tsconfig.base",
+  "exclude": [
+    "node_modules"
+  ],
+  "include": [
+    ".plasmo/index.d.ts",
+    "./**/*.ts",
+    "./**/*.tsx",
+    "../types"
+  ],
+  "compilerOptions": {
+    "paths": {
+      "@/*": [
+        "./src/*"
+      ],
+    },
+    "baseUrl": "."
+  }
+}
--- a/frontend/locales/README.md
+++ b/frontend/locales/README.md
@ -0,0 +1,3 @@
+# Translation files
+
+This directory contains the translation files for the frontend including web and browser extension.
--- a/frontend/locales/en.json
+++ b/frontend/locales/en.json
@ -0,0 +1,82 @@
+{
+  "common": {
+    "about": "About",
+    "loading": "Loading",
+    "cancel": "Cancel",
+    "save": "Save",
+    "create": "Create",
+    "download": "Download",
+    "edit": "Edit",
+    "delete": "Delete",
+    "language": "Language",
+    "search": "Search",
+    "email": "Email",
+    "password": "Password",
+    "account": "Account"
+  },
+  "auth": {
+    "sign-in": "Sign in",
+    "sign-up": "Sign up",
+    "sign-out": "Sign out",
+    "create-your-account": "Create your account"
+  },
+  "analytics": {
+    "self": "Analytics",
+    "top-sources": "Top sources",
+    "source": "Source",
+    "visitors": "Visitors",
+    "devices": "Devices",
+    "browser": "Browser",
+    "browsers": "Browsers",
+    "operating-system": "Operating System"
+  },
+  "shortcut": {
+    "visits": "{{count}} visits",
+    "visibility": {
+      "private": {
+        "self": "Private",
+        "description": "Only you can access"
+      },
+      "workspace": {
+        "self": "Workspace",
+        "description": "Workspace members can access"
+      },
+      "public": {
+        "self": "Public",
+        "description": "Visible to everyone on the internet"
+      }
+    }
+  },
+  "filter": {
+    "all": "All",
+    "mine": "Mine",
+    "compact-mode": "Compact mode",
+    "order-by": "Order by",
+    "direction": "Direction"
+  },
+  "user": {
+    "self": "User",
+    "nickname": "Nickname",
+    "email": "Email",
+    "role": "Role",
+    "profile": "Profile",
+    "action": {
+      "add-user": "Add user"
+    }
+  },
+  "settings": {
+    "self": "Setting",
+    "preference": {
+      "self": "Preference",
+      "color-theme": "Color theme"
+    },
+    "workspace": {
+      "self": "Workspace settings",
+      "custom-style": "Custom style",
+      "enable-user-signup": {
+        "self": "Enable user signup",
+        "description": "Once enabled, other users can signup."
+      }
+    }
+  }
+}
--- a/frontend/locales/zh.json
+++ b/frontend/locales/zh.json
@ -0,0 +1,82 @@
+{
+  "common": {
+    "about": "关于",
+    "loading": "加载中",
+    "cancel": "取消",
+    "save": "保存",
+    "create": "创建",
+    "download": "下载",
+    "edit": "编辑",
+    "delete": "删除",
+    "language": "语言",
+    "search": "搜索",
+    "email": "邮箱",
+    "password": "密码",
+    "account": "账号"
+  },
+  "auth": {
+    "sign-in": "登录",
+    "sign-up": "注册",
+    "sign-out": "退出登录",
+    "create-your-account": "创建账号"
+  },
+  "analytics": {
+    "self": "分析",
+    "top-sources": "热门来源",
+    "source": "来源",
+    "visitors": "访客数",
+    "devices": "设备",
+    "browser": "浏览器",
+    "browsers": "浏览器",
+    "operating-system": "操作系统"
+  },
+  "shortcut": {
+    "visits": "{{count}} 次访问",
+    "visibility": {
+      "private": {
+        "self": "私有的",
+        "description": "仅您可以访问"
+      },
+      "workspace": {
+        "self": "工作区",
+        "description": "工作区成员可以访问"
+      },
+      "public": {
+        "self": "公开的",
+        "description": "对任何人可见"
+      }
+    }
+  },
+  "filter": {
+    "all": "所有",
+    "mine": "我的",
+    "compact-mode": "紧凑模式",
+    "order-by": "排序方式",
+    "direction": "方向"
+  },
+  "user": {
+    "self": "用户",
+    "nickname": "昵称",
+    "email": "邮箱",
+    "role": "角色",
+    "profile": "账号",
+    "action": {
+      "add-user": "添加用户"
+    }
+  },
+  "settings": {
+    "self": "设置",
+    "preference": {
+      "self": "偏好设置",
+      "color-theme": "主题"
+    },
+    "workspace": {
+      "self": "系统设置",
+      "custom-style": "自定义样式",
+      "enable-user-signup": {
+        "self": "启用用户注册",
+        "description": "允许其他用户注册新账号"
+      }
+    }
+  }
+}
--- a/frontend/web/.eslintrc.json
+++ b/frontend/web/.eslintrc.json
@ -0,0 +1,33 @@
+{
+  "env": {
+    "browser": true,
+    "es2021": true
+  },
+  "extends": ["eslint:recommended", "plugin:react/recommended", "plugin:@typescript-eslint/recommended", "plugin:prettier/recommended"],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaFeatures": {
+      "jsx": true
+    },
+    "ecmaVersion": "latest",
+    "sourceType": "module"
+  },
+  "plugins": ["react", "@typescript-eslint", "prettier"],
+  "ignorePatterns": ["node_modules", "dist", "public"],
+  "rules": {
+    "prettier/prettier": [
+      "error",
+      {
+        "endOfLine": "auto"
+      }
+    ],
+    "@typescript-eslint/no-explicit-any": ["off"],
+    "react/react-in-jsx-scope": "off",
+    "react/jsx-no-target-blank": "off"
+  },
+  "settings": {
+    "react": {
+      "version": "detect"
+    }
+  }
+}
--- a/frontend/web/.gitignore
+++ b/frontend/web/.gitignore
@ -3,3 +3,4 @@ node_modules
 dist
 dist-ssr
 *.local
+src/types/proto
--- a/frontend/web/.prettierrc.js
+++ b/frontend/web/.prettierrc.js
@ -0,0 +1,8 @@
+module.exports = {
+  printWidth: 140,
+  useTabs: false,
+  semi: true,
+  singleQuote: false,
+  plugins: [require.resolve("@trivago/prettier-plugin-sort-imports")],
+  importOrder: ["<BUILTIN_MODULES>", "<THIRD_PARTY_MODULES>", "^@/((?!less).+)", "^[./]", "^(.+).less"],
+};
--- a/frontend/web/.vscode/setting.json
+++ b/frontend/web/.vscode/setting.json
--- a/frontend/web/README.md
+++ b/frontend/web/README.md
@ -0,0 +1 @@
+# Slash
--- a/frontend/web/index.html
+++ b/frontend/web/index.html
@ -5,7 +5,8 @@
    <link rel="icon" href="/logo.png" type="image/*" />
    <meta name="theme-color" content="#FFFFFF" />
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
-    <title>Shortify</title>
+    <title>Slash</title>
+    <!-- slash.metadata -->
  </head>
  <body>
    <div id="root"></div>
--- a/frontend/web/package.json
+++ b/frontend/web/package.json
@ -0,0 +1,57 @@
+{
+  "name": "slash",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc && vite build",
+    "serve": "vite preview",
+    "lint": "eslint --ext .js,.ts,.tsx, src",
+    "lint-fix": "eslint --ext .js,.ts,.tsx, src --fix",
+    "type-gen": "cd ../../proto && buf generate"
+  },
+  "dependencies": {
+    "@emotion/react": "^11.11.1",
+    "@emotion/styled": "^11.11.0",
+    "@mui/joy": "5.0.0-beta.19",
+    "@reduxjs/toolkit": "^1.9.7",
+    "classnames": "^2.3.2",
+    "copy-to-clipboard": "^3.3.3",
+    "dayjs": "^1.11.10",
+    "i18next": "^23.7.11",
+    "lodash-es": "^4.17.21",
+    "lucide-react": "^0.292.0",
+    "nice-grpc-web": "^3.3.2",
+    "qrcode.react": "^3.1.0",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0",
+    "react-hot-toast": "^2.4.1",
+    "react-i18next": "^13.5.0",
+    "react-router-dom": "^6.21.1",
+    "react-use": "^17.4.2",
+    "tailwindcss": "^3.4.0",
+    "zustand": "^4.4.7"
+  },
+  "devDependencies": {
+    "@bufbuild/buf": "^1.28.1",
+    "@trivago/prettier-plugin-sort-imports": "^4.3.0",
+    "@types/lodash-es": "^4.17.12",
+    "@types/react": "^18.2.45",
+    "@types/react-dom": "^18.2.18",
+    "@typescript-eslint/eslint-plugin": "^6.15.0",
+    "@typescript-eslint/parser": "^6.15.0",
+    "@vitejs/plugin-react-swc": "^3.5.0",
+    "autoprefixer": "^10.4.16",
+    "eslint": "^8.56.0",
+    "eslint-config-prettier": "^8.10.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-plugin-react": "^7.33.2",
+    "long": "^5.2.3",
+    "postcss": "^8.4.32",
+    "prettier": "2.6.2",
+    "protobufjs": "^7.2.5",
+    "typescript": "^5.3.3",
+    "vite": "^5.0.10"
+  },
+  "resolutions": {
+    "csstype": "3.1.2"
+  }
+}
--- a/frontend/web/pnpm-lock.yaml
+++ b/frontend/web/pnpm-lock.yaml
--- a/frontend/web/postcss.config.js
+++ b/frontend/web/postcss.config.js
--- a/frontend/web/public/logo.png
+++ b/frontend/web/public/logo.png
--- a/frontend/web/src/App.tsx
+++ b/frontend/web/src/App.tsx
@ -0,0 +1,75 @@
+import { useColorScheme } from "@mui/joy";
+import { useEffect, useState } from "react";
+import { Outlet } from "react-router-dom";
+import DemoBanner from "./components/DemoBanner";
+import useUserStore from "./stores/v1/user";
+import useWorkspaceStore from "./stores/v1/workspace";
+
+function App() {
+  const { mode: colorScheme } = useColorScheme();
+  const userStore = useUserStore();
+  const workspaceStore = useWorkspaceStore();
+  const [loading, setLoading] = useState(true);
+
+  useEffect(() => {
+    (async () => {
+      try {
+        await Promise.all([workspaceStore.fetchWorkspaceProfile(), workspaceStore.fetchWorkspaceSetting(), userStore.fetchCurrentUser()]);
+      } catch (error) {
+        // Do nothing.
+      }
+      setLoading(false);
+    })();
+  }, []);
+
+  useEffect(() => {
+    const styleEl = document.createElement("style");
+    styleEl.innerHTML = workspaceStore.setting.customStyle;
+    styleEl.setAttribute("type", "text/css");
+    document.body.insertAdjacentElement("beforeend", styleEl);
+  }, [workspaceStore.setting.customStyle]);
+
+  useEffect(() => {
+    const root = document.documentElement;
+    if (colorScheme === "light") {
+      root.classList.remove("dark");
+    } else if (colorScheme === "dark") {
+      root.classList.add("dark");
+    } else {
+      const darkMediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
+      if (darkMediaQuery.matches) {
+        root.classList.add("dark");
+      } else {
+        root.classList.remove("dark");
+      }
+
+      const handleColorSchemeChange = (e: MediaQueryListEvent) => {
+        if (e.matches) {
+          root.classList.add("dark");
+        } else {
+          root.classList.remove("dark");
+        }
+      };
+      try {
+        darkMediaQuery.addEventListener("change", handleColorSchemeChange);
+      } catch (error) {
+        console.error("failed to initial color scheme listener", error);
+      }
+
+      return () => {
+        darkMediaQuery.removeEventListener("change", handleColorSchemeChange);
+      };
+    }
+  }, [colorScheme]);
+
+  return !loading ? (
+    <>
+      <DemoBanner />
+      <Outlet />
+    </>
+  ) : (
+    <></>
+  );
+}
+
+export default App;
--- a/frontend/web/src/components/AboutDialog.tsx
+++ b/frontend/web/src/components/AboutDialog.tsx
@ -1,4 +1,5 @@
 import { Button, Link, Modal, ModalDialog } from "@mui/joy";
+import { useTranslation } from "react-i18next";
 import Icon from "./Icon";

 interface Props {
@ -7,24 +8,24 @@ interface Props {

 const AboutDialog: React.FC<Props> = (props: Props) => {
  const { onClose } = props;
+  const { t } = useTranslation();

  return (
    <Modal open={true}>
      <ModalDialog>
        <div className="w-full flex flex-row justify-between items-center">
-          <span className="text-lg font-medium">About</span>
+          <span className="text-lg font-medium">{t("common.about")}</span>
          <Button variant="plain" onClick={onClose}>
            <Icon.X className="w-5 h-auto text-gray-600" />
          </Button>
        </div>
        <div className="max-w-full w-80 sm:w-96">
          <p>
-            <span className="font-medium">Shortify</span> is a bookmarking and short link service that allows you to save and share links
-            easily.
+            <span className="font-medium">Slash</span>: An open source, self-hosted bookmarks and link sharing platform.
          </p>
          <div className="mt-1">
-            <span className="mr-2">See more in:</span>
-            <Link variant="plain" href="https://github.com/boojack/shortify">
+            <span className="mr-2">See more in</span>
+            <Link variant="plain" href="https://github.com/yourselfhosted/slash" target="_blank">
              GitHub
            </Link>
          </div>
--- a/frontend/web/src/components/Alert.tsx
+++ b/frontend/web/src/components/Alert.tsx
@ -45,7 +45,7 @@ const Alert: React.FC<Props> = (props: Props) => {
  return (
    <Modal open={true}>
      <ModalDialog>
-        <div className="flex flex-row justify-between items-center w-80 mb-4">
+        <div className="flex flex-row justify-between items-center w-80">
          <span className="text-lg font-medium">{title}</span>
          <Button variant="plain" onClick={handleCloseBtnClick}>
            <Icon.X className="w-5 h-auto text-gray-600" />
@ -54,7 +54,7 @@ const Alert: React.FC<Props> = (props: Props) => {
        <div className="w-80">
          <p className="content-text mb-4">{content}</p>
          <div className="w-full flex flex-row justify-end items-center space-x-2">
-            <Button variant="plain" onClick={handleCloseBtnClick}>
+            <Button variant="plain" color="neutral" onClick={handleCloseBtnClick}>
              {closeBtnText}
            </Button>
            <Button color={style} onClick={handleConfirmBtnClick}>
--- a/frontend/web/src/components/AnalyticsView.tsx
+++ b/frontend/web/src/components/AnalyticsView.tsx
@ -0,0 +1,150 @@
+import classNames from "classnames";
+import { useEffect, useState } from "react";
+import { useTranslation } from "react-i18next";
+import { shortcutServiceClient } from "@/grpcweb";
+import { GetShortcutAnalyticsResponse } from "@/types/proto/api/v2/shortcut_service";
+import Icon from "./Icon";
+
+interface Props {
+  shortcutId: number;
+  className?: string;
+}
+
+const AnalyticsView: React.FC<Props> = (props: Props) => {
+  const { shortcutId, className } = props;
+  const { t } = useTranslation();
+  const [analytics, setAnalytics] = useState<GetShortcutAnalyticsResponse | null>(null);
+  const [selectedDeviceTab, setSelectedDeviceTab] = useState<"os" | "browser">("browser");
+
+  useEffect(() => {
+    shortcutServiceClient.getShortcutAnalytics({ id: shortcutId }).then((response) => {
+      setAnalytics(response);
+    });
+  }, []);
+
+  return (
+    <div className={classNames("w-full", className)}>
+      {analytics ? (
+        <>
+          <div className="w-full">
+            <p className="w-full h-8 px-2 dark:text-gray-500">{t("analytics.top-sources")}</p>
+            <div className="w-full mt-1 overflow-hidden shadow ring-1 ring-black ring-opacity-5 rounded-lg dark:ring-zinc-800">
+              <div className="w-full divide-y divide-gray-300 dark:divide-zinc-700">
+                <div className="w-full flex flex-row justify-between items-center">
+                  <span className="py-2 px-2 text-left font-semibold text-sm text-gray-500">{t("analytics.source")}</span>
+                  <span className="py-2 pr-2 text-right font-semibold text-sm text-gray-500">{t("analytics.visitors")}</span>
+                </div>
+                <div className="w-full divide-y divide-gray-200 dark:divide-zinc-800">
+                  {analytics.references.length === 0 && (
+                    <div className="w-full flex flex-row justify-center items-center py-6 text-gray-400">
+                      <Icon.PackageOpen className="w-6 h-auto" />
+                      <p className="ml-2">No data found.</p>
+                    </div>
+                  )}
+                  {analytics.references.map((reference) => (
+                    <div key={reference.name} className="w-full flex flex-row justify-between items-center">
+                      <span className="whitespace-nowrap py-2 px-2 text-sm truncate text-gray-900 dark:text-gray-500">
+                        {reference.name ? (
+                          <a className="hover:underline hover:text-blue-600" href={reference.name} target="_blank">
+                            {reference.name}
+                          </a>
+                        ) : (
+                          "Direct"
+                        )}
+                      </span>
+                      <span className="whitespace-nowrap py-2 pr-2 text-sm text-gray-500 text-right shrink-0">{reference.count}</span>
+                    </div>
+                  ))}
+                </div>
+              </div>
+            </div>
+          </div>
+
+          <div className="w-full">
+            <div className="w-full h-8 px-2 flex flex-row justify-between items-center">
+              <span className="dark:text-gray-500">{t("analytics.devices")}</span>
+              <div>
+                <button
+                  className={`whitespace-nowrap border-b-2 px-1 text-sm font-medium ${
+                    selectedDeviceTab === "browser"
+                      ? "border-blue-600 text-blue-600"
+                      : "border-transparent text-gray-500 hover:border-gray-300 hover:text-gray-700 dark:hover:border-zinc-700"
+                  }`}
+                  onClick={() => setSelectedDeviceTab("browser")}
+                >
+                  {t("analytics.browser")}
+                </button>
+                <span className="text-gray-200 font-mono mx-1 dark:text-gray-500">/</span>
+                <button
+                  className={`whitespace-nowrap border-b-2 px-1 text-sm font-medium ${
+                    selectedDeviceTab === "os"
+                      ? "border-blue-600 text-blue-600"
+                      : "border-transparent text-gray-500 hover:border-gray-300 hover:text-gray-700 dark:hover:border-zinc-700"
+                  }`}
+                  onClick={() => setSelectedDeviceTab("os")}
+                >
+                  OS
+                </button>
+              </div>
+            </div>
+
+            <div className="w-full mt-1 overflow-hidden shadow ring-1 ring-black ring-opacity-5 rounded-lg dark:ring-zinc-800">
+              {selectedDeviceTab === "browser" ? (
+                <div className="w-full divide-y divide-gray-300 dark:divide-zinc-700">
+                  <div className="w-full flex flex-row justify-between items-center">
+                    <span className="py-2 px-2 text-left text-sm font-semibold text-gray-500">{t("analytics.browsers")}</span>
+                    <span className="py-2 pr-2 text-right text-sm font-semibold text-gray-500">{t("analytics.visitors")}</span>
+                  </div>
+                  <div className="w-full divide-y divide-gray-200 dark:divide-zinc-800">
+                    {analytics.browsers.length === 0 && (
+                      <div className="w-full flex flex-row justify-center items-center py-6 text-gray-400">
+                        <Icon.PackageOpen className="w-6 h-auto" />
+                        <p className="ml-2">No data found.</p>
+                      </div>
+                    )}
+                    {analytics.browsers.map((reference) => (
+                      <div key={reference.name} className="w-full flex flex-row justify-between items-center">
+                        <span className="whitespace-nowrap py-2 px-2 text-sm text-gray-900 truncate dark:text-gray-500">
+                          {reference.name || "Unknown"}
+                        </span>
+                        <span className="whitespace-nowrap py-2 pr-2 text-sm text-gray-500 text-right shrink-0">{reference.count}</span>
+                      </div>
+                    ))}
+                  </div>
+                </div>
+              ) : (
+                <div className="w-full divide-y divide-gray-300">
+                  <div className="w-full flex flex-row justify-between items-center">
+                    <span className="py-2 px-2 text-left text-sm font-semibold text-gray-500">{t("analytics.operating-system")}</span>
+                    <span className="py-2 pr-2 text-right text-sm font-semibold text-gray-500">{t("analytics.visitors")}</span>
+                  </div>
+                  <div className="w-full divide-y divide-gray-200">
+                    {analytics.devices.length === 0 && (
+                      <div className="w-full flex flex-row justify-center items-center py-6 text-gray-400">
+                        <Icon.PackageOpen className="w-6 h-auto" />
+                        <p className="ml-2">No data found.</p>
+                      </div>
+                    )}
+                    {analytics.devices.map((device) => (
+                      <div key={device.name} className="w-full flex flex-row justify-between items-center">
+                        <span className="whitespace-nowrap py-2 px-2 text-sm text-gray-900 truncate">{device.name || "Unknown"}</span>
+                        <span className="whitespace-nowrap py-2 pr-2 text-sm text-gray-500 text-right shrink-0">{device.count}</span>
+                      </div>
+                    ))}
+                  </div>
+                </div>
+              )}
+            </div>
+          </div>
+        </>
+      ) : (
+        <div className="py-12 w-full flex flex-row justify-center items-center opacity-80">
+          <Icon.Loader className="mr-2 w-5 h-auto animate-spin" />
+          {t("common.loading")}
+        </div>
+      )}
+    </div>
+  );
+};
+
+export default AnalyticsView;
--- a/frontend/web/src/components/BetaBadge.tsx
+++ b/frontend/web/src/components/BetaBadge.tsx
@ -0,0 +1,9 @@
+const BetaBadge = () => {
+  return (
+    <div className="text-xs border px-1 text-gray-500 bg-gray-100 rounded-full dark:bg-zinc-800 dark:border-zinc-700">
+      <span>Beta</span>
+    </div>
+  );
+};
+
+export default BetaBadge;
--- a/frontend/web/src/components/ChangePasswordDialog.tsx
+++ b/frontend/web/src/components/ChangePasswordDialog.tsx
@ -1,8 +1,9 @@
 import { Button, Input, Modal, ModalDialog } from "@mui/joy";
 import { useState } from "react";
 import { toast } from "react-hot-toast";
+import { useTranslation } from "react-i18next";
 import useLoading from "../hooks/useLoading";
-import { userService } from "../services";
+import useUserStore from "../stores/v1/user";
 import Icon from "./Icon";

 interface Props {
@ -11,6 +12,8 @@ interface Props {

 const ChangePasswordDialog: React.FC<Props> = (props: Props) => {
  const { onClose } = props;
+  const { t } = useTranslation();
+  const userStore = useUserStore();
  const [newPassword, setNewPassword] = useState("");
  const [newPasswordAgain, setNewPasswordAgain] = useState("");
  const requestState = useLoading(false);
@ -43,16 +46,15 @@ const ChangePasswordDialog: React.FC<Props> = (props: Props) => {

    requestState.setLoading();
    try {
-      const user = userService.getState().user as User;
-      await userService.patchUser({
-        id: user.id,
+      userStore.patchUser({
+        id: userStore.getCurrentUser().id,
        password: newPassword,
      });
      onClose();
      toast("Password changed");
    } catch (error: any) {
      console.error(error);
-      toast.error(error.response.data.message);
+      toast.error(error.details);
    }
    requestState.setFinish();
  };
@ -60,7 +62,7 @@ const ChangePasswordDialog: React.FC<Props> = (props: Props) => {
  return (
    <Modal open={true}>
      <ModalDialog>
-        <div className="flex flex-row justify-between items-center w-80 mb-4">
+        <div className="flex flex-row justify-between items-center w-80">
          <span className="text-lg font-medium">Change Password</span>
          <Button variant="plain" onClick={handleCloseBtnClick}>
            <Icon.X className="w-5 h-auto text-gray-600" />
@ -77,10 +79,10 @@ const ChangePasswordDialog: React.FC<Props> = (props: Props) => {
          </div>
          <div className="w-full flex flex-row justify-end items-center space-x-2">
            <Button variant="plain" disabled={requestState.isLoading} onClick={handleCloseBtnClick}>
-              Cancel
+              {t("common.cancel")}
            </Button>
            <Button color="primary" disabled={requestState.isLoading} loading={requestState.isLoading} onClick={handleSaveBtnClick}>
-              Save
+              {t("common.save")}
            </Button>
          </div>
        </div>
--- a/frontend/web/src/components/CollectionView.tsx
+++ b/frontend/web/src/components/CollectionView.tsx
@ -0,0 +1,135 @@
+import classNames from "classnames";
+import copy from "copy-to-clipboard";
+import { useState } from "react";
+import toast from "react-hot-toast";
+import { useTranslation } from "react-i18next";
+import { Link } from "react-router-dom";
+import { absolutifyLink } from "@/helpers/utils";
+import useNavigateTo from "@/hooks/useNavigateTo";
+import useResponsiveWidth from "@/hooks/useResponsiveWidth";
+import useCollectionStore from "@/stores/v1/collection";
+import useShortcutStore from "@/stores/v1/shortcut";
+import useUserStore from "@/stores/v1/user";
+import { Collection } from "@/types/proto/api/v2/collection_service";
+import { Shortcut } from "@/types/proto/api/v2/shortcut_service";
+import { showCommonDialog } from "./Alert";
+import CreateCollectionDialog from "./CreateCollectionDrawer";
+import Icon from "./Icon";
+import ShortcutView from "./ShortcutView";
+import Dropdown from "./common/Dropdown";
+
+interface Props {
+  collection: Collection;
+}
+
+const CollectionView = (props: Props) => {
+  const { collection } = props;
+  const { t } = useTranslation();
+  const { sm } = useResponsiveWidth();
+  const navigateTo = useNavigateTo();
+  const userStore = useUserStore();
+  const currentUser = userStore.getCurrentUser();
+  const collectionStore = useCollectionStore();
+  const shortcutList = useShortcutStore().getShortcutList();
+  const [showEditDialog, setShowEditDialog] = useState<boolean>(false);
+  const shortcuts = collection.shortcutIds
+    .map((shortcutId) => shortcutList.find((shortcut) => shortcut?.id === shortcutId))
+    .filter(Boolean) as any as Shortcut[];
+  const showAdminActions = currentUser.id === collection.creatorId;
+
+  const handleCopyCollectionLink = () => {
+    copy(absolutifyLink(`/c/${collection.name}`));
+    toast.success("Collection link copied to clipboard.");
+  };
+
+  const handleDeleteCollectionButtonClick = () => {
+    showCommonDialog({
+      title: "Delete Collection",
+      content: `Are you sure to delete collection \`${collection.name}\`? You cannot undo this action.`,
+      style: "danger",
+      onConfirm: async () => {
+        await collectionStore.deleteCollection(collection.id);
+      },
+    });
+  };
+
+  const handleShortcutClick = (shortcut: Shortcut) => {
+    navigateTo(`/shortcut/${shortcut.id}`);
+  };
+
+  return (
+    <>
+      <div className={classNames("w-full flex flex-col justify-start items-start border rounded-lg hover:shadow dark:border-zinc-800")}>
+        <div className="bg-gray-100 dark:bg-zinc-800 px-3 py-2 w-full flex flex-row justify-between items-center rounded-t-lg">
+          <div className="w-auto flex flex-col justify-start items-start mr-2">
+            <div className="w-full truncate">
+              <Link className="leading-6 font-medium dark:text-gray-400" to={`/c/${collection.name}`} unstable_viewTransition>
+                {collection.title}
+              </Link>
+              <span className="ml-1 leading-6 text-gray-500 dark:text-gray-400" onClick={handleCopyCollectionLink}>
+                (c/{collection.name})
+              </span>
+            </div>
+            <p className="text-sm text-gray-500">{collection.description}</p>
+          </div>
+          <div className="flex flex-row justify-end items-center shrink-0 gap-2">
+            <Link className="w-full text-gray-400 cursor-pointer hover:text-gray-500" to={`/c/${collection.name}`} target="_blank">
+              <Icon.Share className="w-4 h-auto" />
+            </Link>
+            {showAdminActions && (
+              <Dropdown
+                trigger={
+                  <button className="flex flex-row justify-center items-center rounded text-gray-400 cursor-pointer hover:text-gray-500">
+                    <Icon.MoreVertical className="w-4 h-auto" />
+                  </button>
+                }
+                actionsClassName="!w-28 text-sm"
+                actions={
+                  <>
+                    <button
+                      className="w-full px-2 flex flex-row justify-start items-center text-left dark:text-gray-400 leading-8 cursor-pointer rounded hover:bg-gray-100 dark:hover:bg-zinc-800 disabled:cursor-not-allowed disabled:bg-gray-100 disabled:opacity-60"
+                      onClick={() => setShowEditDialog(true)}
+                    >
+                      <Icon.Edit className="w-4 h-auto mr-2" /> {t("common.edit")}
+                    </button>
+                    <button
+                      className="w-full px-2 flex flex-row justify-start items-center text-left text-red-600 dark:text-gray-400 leading-8 cursor-pointer rounded hover:bg-gray-100 dark:hover:bg-zinc-800 disabled:cursor-not-allowed disabled:bg-gray-100 disabled:opacity-60"
+                      onClick={() => {
+                        handleDeleteCollectionButtonClick();
+                      }}
+                    >
+                      <Icon.Trash className="w-4 h-auto mr-2" /> {t("common.delete")}
+                    </button>
+                  </>
+                }
+              ></Dropdown>
+            )}
+          </div>
+        </div>
+        <div className="w-full p-3 flex flex-row justify-start items-start flex-wrap gap-3">
+          {shortcuts.map((shortcut) => {
+            return (
+              <ShortcutView
+                key={shortcut.id}
+                className="!w-auto"
+                shortcut={shortcut}
+                alwaysShowLink={!sm}
+                onClick={() => handleShortcutClick(shortcut)}
+              />
+            );
+          })}
+        </div>
+      </div>
+
+      {showEditDialog && (
+        <CreateCollectionDialog
+          collectionId={collection.id}
+          onClose={() => setShowEditDialog(false)}
+          onConfirm={() => setShowEditDialog(false)}
+        />
+      )}
+    </>
+  );
+};
+
+export default CollectionView;
--- a/frontend/web/src/components/CreateAccessTokenDialog.tsx
+++ b/frontend/web/src/components/CreateAccessTokenDialog.tsx
@ -0,0 +1,137 @@
+import { Button, Input, Modal, ModalDialog, Radio, RadioGroup } from "@mui/joy";
+import { useState } from "react";
+import { toast } from "react-hot-toast";
+import { useTranslation } from "react-i18next";
+import { userServiceClient } from "@/grpcweb";
+import useLoading from "../hooks/useLoading";
+import useUserStore from "../stores/v1/user";
+import Icon from "./Icon";
+
+interface Props {
+  onClose: () => void;
+  onConfirm?: () => void;
+}
+
+const expirationOptions = [
+  {
+    label: "8 hours",
+    value: 3600 * 8,
+  },
+  {
+    label: "1 month",
+    value: 3600 * 24 * 30,
+  },
+  {
+    label: "Never",
+    value: 0,
+  },
+];
+
+interface State {
+  description: string;
+  expiration: number;
+}
+
+const CreateAccessTokenDialog: React.FC<Props> = (props: Props) => {
+  const { onClose, onConfirm } = props;
+  const { t } = useTranslation();
+  const currentUser = useUserStore().getCurrentUser();
+  const [state, setState] = useState({
+    description: "",
+    expiration: 3600 * 8,
+  });
+  const requestState = useLoading(false);
+
+  const setPartialState = (partialState: Partial<State>) => {
+    setState({
+      ...state,
+      ...partialState,
+    });
+  };
+
+  const handleDescriptionInputChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    setPartialState({
+      description: e.target.value,
+    });
+  };
+
+  const handleRoleInputChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    setPartialState({
+      expiration: Number(e.target.value),
+    });
+  };
+
+  const handleSaveBtnClick = async () => {
+    if (!state.description) {
+      toast.error("Description is required");
+      return;
+    }
+
+    try {
+      await userServiceClient.createUserAccessToken({
+        id: currentUser.id,
+        description: state.description,
+        expiresAt: state.expiration ? new Date(Date.now() + state.expiration * 1000) : undefined,
+      });
+
+      if (onConfirm) {
+        onConfirm();
+      }
+      onClose();
+    } catch (error: any) {
+      console.error(error);
+      toast.error(error.details);
+    }
+  };
+
+  return (
+    <Modal open={true}>
+      <ModalDialog>
+        <div className="flex flex-row justify-between items-center w-80">
+          <span className="text-lg font-medium">Create Access Token</span>
+          <Button variant="plain" onClick={onClose}>
+            <Icon.X className="w-5 h-auto text-gray-600" />
+          </Button>
+        </div>
+        <div>
+          <div className="w-full flex flex-col justify-start items-start mb-3">
+            <span className="mb-2">
+              Description <span className="text-red-600">*</span>
+            </span>
+            <div className="relative w-full">
+              <Input
+                className="w-full"
+                type="text"
+                placeholder="Some description"
+                value={state.description}
+                onChange={handleDescriptionInputChange}
+              />
+            </div>
+          </div>
+          <div className="w-full flex flex-col justify-start items-start mb-3">
+            <span className="mb-2">
+              Expiration <span className="text-red-600">*</span>
+            </span>
+            <div className="w-full flex flex-row justify-start items-center text-base">
+              <RadioGroup orientation="horizontal" value={state.expiration} onChange={handleRoleInputChange}>
+                {expirationOptions.map((option) => (
+                  <Radio key={option.value} value={option.value} checked={state.expiration === option.value} label={option.label} />
+                ))}
+              </RadioGroup>
+            </div>
+          </div>
+          <div className="w-full flex flex-row justify-end items-center mt-4 space-x-2">
+            <Button color="neutral" variant="plain" disabled={requestState.isLoading} loading={requestState.isLoading} onClick={onClose}>
+              {t("common.cancel")}
+            </Button>
+            <Button color="primary" disabled={requestState.isLoading} loading={requestState.isLoading} onClick={handleSaveBtnClick}>
+              {t("common.create")}
+            </Button>
+          </div>
+        </div>
+      </ModalDialog>
+    </Modal>
+  );
+};
+
+export default CreateAccessTokenDialog;
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`> The v1 API has been deprecated. Please use the v2 API instead.`