feat: refactor deleting account (#676)

* fix(api-gateway): TYPES aliases * feat: refactor account deleting
2026-01-16 20:04:32 -05:00 · 2023-07-31 13:23:39 +02:00
parent d2b0fb144b
commit 0d5dcdd8ec
70 changed files with 684 additions and 342 deletions
--- a/packages/api-gateway/bin/server.ts
+++ b/packages/api-gateway/bin/server.ts
@@ -46,7 +46,7 @@ void container.load().then((container) => {

  server.setConfig((app) => {
    app.use((_request: Request, response: Response, next: NextFunction) => {
-      response.setHeader('X-API-Gateway-Version', container.get(TYPES.VERSION))
+      response.setHeader('X-API-Gateway-Version', container.get(TYPES.ApiGateway_VERSION))
      next()
    })
    app.use(
@@ -87,7 +87,7 @@ void container.load().then((container) => {
    )
  })

-  const logger: winston.Logger = container.get(TYPES.Logger)
+  const logger: winston.Logger = container.get(TYPES.ApiGateway_Logger)

  server.setErrorConfig((app) => {
    app.use((error: Record<string, unknown>, _request: Request, response: Response, _next: NextFunction) => {
--- a/packages/api-gateway/package.json
+++ b/packages/api-gateway/package.json
@@ -21,6 +21,7 @@
    "clean": "rm -fr dist",
    "build": "tsc --build",
    "lint": "eslint . --ext .ts",
+    "lint:fix": "eslint . --fix --ext .ts",
    "setup:env": "cp .env.sample .env",
    "start": "yarn node dist/bin/server.js",
    "upgrade:snjs": "yarn ncu -u '@standardnotes/*'"
--- a/packages/api-gateway/src/Bootstrap/Container.ts
+++ b/packages/api-gateway/src/Bootstrap/Container.ts
@@ -57,7 +57,7 @@ export class ContainerConfigLoader {
        defaultMeta: { service: 'api-gateway' },
      })
    }
-    container.bind<winston.Logger>(TYPES.Logger).toConstantValue(logger)
+    container.bind<winston.Logger>(TYPES.ApiGateway_Logger).toConstantValue(logger)

    if (!isConfiguredForInMemoryCache) {
      const redisUrl = env.get('REDIS_URL')
@@ -68,36 +68,39 @@ export class ContainerConfigLoader {
      } else {
        redis = new Redis(redisUrl)
      }
-      container.bind(TYPES.Redis).toConstantValue(redis)
+      container.bind(TYPES.ApiGateway_Redis).toConstantValue(redis)
    }

-    container.bind<AxiosInstance>(TYPES.HTTPClient).toConstantValue(axios.create())
+    container.bind<AxiosInstance>(TYPES.ApiGateway_HTTPClient).toConstantValue(axios.create())

    // env vars
-    container.bind(TYPES.SYNCING_SERVER_JS_URL).toConstantValue(env.get('SYNCING_SERVER_JS_URL', true))
-    container.bind(TYPES.AUTH_SERVER_URL).toConstantValue(env.get('AUTH_SERVER_URL', true))
-    container.bind(TYPES.REVISIONS_SERVER_URL).toConstantValue(env.get('REVISIONS_SERVER_URL', true))
-    container.bind(TYPES.EMAIL_SERVER_URL).toConstantValue(env.get('EMAIL_SERVER_URL', true))
-    container.bind(TYPES.PAYMENTS_SERVER_URL).toConstantValue(env.get('PAYMENTS_SERVER_URL', true))
-    container.bind(TYPES.FILES_SERVER_URL).toConstantValue(env.get('FILES_SERVER_URL', true))
-    container.bind(TYPES.WEB_SOCKET_SERVER_URL).toConstantValue(env.get('WEB_SOCKET_SERVER_URL', true))
-    container.bind(TYPES.AUTH_JWT_SECRET).toConstantValue(env.get('AUTH_JWT_SECRET'))
+    container.bind(TYPES.ApiGateway_SYNCING_SERVER_JS_URL).toConstantValue(env.get('SYNCING_SERVER_JS_URL', true))
+    container.bind(TYPES.ApiGateway_AUTH_SERVER_URL).toConstantValue(env.get('AUTH_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_REVISIONS_SERVER_URL).toConstantValue(env.get('REVISIONS_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_EMAIL_SERVER_URL).toConstantValue(env.get('EMAIL_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_PAYMENTS_SERVER_URL).toConstantValue(env.get('PAYMENTS_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_FILES_SERVER_URL).toConstantValue(env.get('FILES_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_WEB_SOCKET_SERVER_URL).toConstantValue(env.get('WEB_SOCKET_SERVER_URL', true))
+    container.bind(TYPES.ApiGateway_AUTH_JWT_SECRET).toConstantValue(env.get('AUTH_JWT_SECRET'))
    container
-      .bind(TYPES.HTTP_CALL_TIMEOUT)
+      .bind(TYPES.ApiGateway_HTTP_CALL_TIMEOUT)
      .toConstantValue(env.get('HTTP_CALL_TIMEOUT', true) ? +env.get('HTTP_CALL_TIMEOUT', true) : 60_000)
-    container.bind(TYPES.VERSION).toConstantValue(env.get('VERSION', true) ?? 'development')
-    container.bind(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL).toConstantValue(+env.get('CROSS_SERVICE_TOKEN_CACHE_TTL', true))
+    container.bind(TYPES.ApiGateway_VERSION).toConstantValue(env.get('VERSION', true) ?? 'development')
+    container
+      .bind(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL)
+      .toConstantValue(+env.get('CROSS_SERVICE_TOKEN_CACHE_TTL', true))
+    container.bind(TYPES.ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER).toConstantValue(isConfiguredForHomeServer)

    // Middleware
    container
-      .bind<RequiredCrossServiceTokenMiddleware>(TYPES.RequiredCrossServiceTokenMiddleware)
+      .bind<RequiredCrossServiceTokenMiddleware>(TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
      .to(RequiredCrossServiceTokenMiddleware)
    container
-      .bind<OptionalCrossServiceTokenMiddleware>(TYPES.OptionalCrossServiceTokenMiddleware)
+      .bind<OptionalCrossServiceTokenMiddleware>(TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
      .to(OptionalCrossServiceTokenMiddleware)
-    container.bind<WebSocketAuthMiddleware>(TYPES.WebSocketAuthMiddleware).to(WebSocketAuthMiddleware)
+    container.bind<WebSocketAuthMiddleware>(TYPES.ApiGateway_WebSocketAuthMiddleware).to(WebSocketAuthMiddleware)
    container
-      .bind<SubscriptionTokenAuthMiddleware>(TYPES.SubscriptionTokenAuthMiddleware)
+      .bind<SubscriptionTokenAuthMiddleware>(TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
      .to(SubscriptionTokenAuthMiddleware)

    // Services
@@ -106,24 +109,26 @@ export class ContainerConfigLoader {
        throw new Error('Service container is required when configured for home server')
      }
      container
-        .bind<ServiceProxyInterface>(TYPES.ServiceProxy)
+        .bind<ServiceProxyInterface>(TYPES.ApiGateway_ServiceProxy)
        .toConstantValue(
-          new DirectCallServiceProxy(configuration.serviceContainer, container.get(TYPES.FILES_SERVER_URL)),
+          new DirectCallServiceProxy(configuration.serviceContainer, container.get(TYPES.ApiGateway_FILES_SERVER_URL)),
        )
    } else {
-      container.bind<ServiceProxyInterface>(TYPES.ServiceProxy).to(HttpServiceProxy)
+      container.bind<ServiceProxyInterface>(TYPES.ApiGateway_ServiceProxy).to(HttpServiceProxy)
    }
-    container.bind<TimerInterface>(TYPES.Timer).toConstantValue(new Timer())
+    container.bind<TimerInterface>(TYPES.ApiGateway_Timer).toConstantValue(new Timer())

    if (isConfiguredForHomeServer) {
      container
-        .bind<CrossServiceTokenCacheInterface>(TYPES.CrossServiceTokenCache)
-        .toConstantValue(new InMemoryCrossServiceTokenCache(container.get(TYPES.Timer)))
+        .bind<CrossServiceTokenCacheInterface>(TYPES.ApiGateway_CrossServiceTokenCache)
+        .toConstantValue(new InMemoryCrossServiceTokenCache(container.get(TYPES.ApiGateway_Timer)))
    } else {
-      container.bind<CrossServiceTokenCacheInterface>(TYPES.CrossServiceTokenCache).to(RedisCrossServiceTokenCache)
+      container
+        .bind<CrossServiceTokenCacheInterface>(TYPES.ApiGateway_CrossServiceTokenCache)
+        .to(RedisCrossServiceTokenCache)
    }
    container
-      .bind<EndpointResolverInterface>(TYPES.EndpointResolver)
+      .bind<EndpointResolverInterface>(TYPES.ApiGateway_EndpointResolver)
      .toConstantValue(new EndpointResolver(isConfiguredForHomeServer))

    logger.debug('Configuration complete')
--- a/packages/api-gateway/src/Bootstrap/Types.ts
+++ b/packages/api-gateway/src/Bootstrap/Types.ts
@@ -1,29 +1,28 @@
 export const TYPES = {
-  Logger: Symbol.for('Logger'),
-  Redis: Symbol.for('Redis'),
-  HTTPClient: Symbol.for('HTTPClient'),
+  ApiGateway_Logger: Symbol.for('ApiGateway_Logger'),
+  ApiGateway_Redis: Symbol.for('ApiGateway_Redis'),
+  ApiGateway_HTTPClient: Symbol.for('ApiGateway_HTTPClient'),
  // env vars
-  SYNCING_SERVER_JS_URL: Symbol.for('SYNCING_SERVER_JS_URL'),
-  AUTH_SERVER_URL: Symbol.for('AUTH_SERVER_URL'),
-  PAYMENTS_SERVER_URL: Symbol.for('PAYMENTS_SERVER_URL'),
-  FILES_SERVER_URL: Symbol.for('FILES_SERVER_URL'),
-  REVISIONS_SERVER_URL: Symbol.for('REVISIONS_SERVER_URL'),
-  EMAIL_SERVER_URL: Symbol.for('EMAIL_SERVER_URL'),
-  WEB_SOCKET_SERVER_URL: Symbol.for('WEB_SOCKET_SERVER_URL'),
-  AUTH_JWT_SECRET: Symbol.for('AUTH_JWT_SECRET'),
-  HTTP_CALL_TIMEOUT: Symbol.for('HTTP_CALL_TIMEOUT'),
-  VERSION: Symbol.for('VERSION'),
-  CROSS_SERVICE_TOKEN_CACHE_TTL: Symbol.for('CROSS_SERVICE_TOKEN_CACHE_TTL'),
+  ApiGateway_SYNCING_SERVER_JS_URL: Symbol.for('ApiGateway_SYNCING_SERVER_JS_URL'),
+  ApiGateway_AUTH_SERVER_URL: Symbol.for('ApiGateway_AUTH_SERVER_URL'),
+  ApiGateway_PAYMENTS_SERVER_URL: Symbol.for('ApiGateway_PAYMENTS_SERVER_URL'),
+  ApiGateway_FILES_SERVER_URL: Symbol.for('ApiGateway_FILES_SERVER_URL'),
+  ApiGateway_REVISIONS_SERVER_URL: Symbol.for('ApiGateway_REVISIONS_SERVER_URL'),
+  ApiGateway_EMAIL_SERVER_URL: Symbol.for('ApiGateway_EMAIL_SERVER_URL'),
+  ApiGateway_WEB_SOCKET_SERVER_URL: Symbol.for('ApiGateway_WEB_SOCKET_SERVER_URL'),
+  ApiGateway_AUTH_JWT_SECRET: Symbol.for('ApiGateway_AUTH_JWT_SECRET'),
+  ApiGateway_HTTP_CALL_TIMEOUT: Symbol.for('ApiGateway_HTTP_CALL_TIMEOUT'),
+  ApiGateway_VERSION: Symbol.for('ApiGateway_VERSION'),
+  ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL: Symbol.for('ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL'),
+  ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER: Symbol.for('ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER'),
  // Middleware
-  RequiredCrossServiceTokenMiddleware: Symbol.for('RequiredCrossServiceTokenMiddleware'),
-  OptionalCrossServiceTokenMiddleware: Symbol.for('OptionalCrossServiceTokenMiddleware'),
-  WebSocketAuthMiddleware: Symbol.for('WebSocketAuthMiddleware'),
-  SubscriptionTokenAuthMiddleware: Symbol.for('SubscriptionTokenAuthMiddleware'),
+  ApiGateway_RequiredCrossServiceTokenMiddleware: Symbol.for('ApiGateway_RequiredCrossServiceTokenMiddleware'),
+  ApiGateway_OptionalCrossServiceTokenMiddleware: Symbol.for('ApiGateway_OptionalCrossServiceTokenMiddleware'),
+  ApiGateway_WebSocketAuthMiddleware: Symbol.for('ApiGateway_WebSocketAuthMiddleware'),
+  ApiGateway_SubscriptionTokenAuthMiddleware: Symbol.for('ApiGateway_SubscriptionTokenAuthMiddleware'),
  // Services
-  ServiceProxy: Symbol.for('ServiceProxy'),
-  CrossServiceTokenCache: Symbol.for('CrossServiceTokenCache'),
-  Timer: Symbol.for('Timer'),
-  EndpointResolver: Symbol.for('EndpointResolver'),
+  ApiGateway_ServiceProxy: Symbol.for('ApiGateway_ServiceProxy'),
+  ApiGateway_CrossServiceTokenCache: Symbol.for('ApiGateway_CrossServiceTokenCache'),
+  ApiGateway_Timer: Symbol.for('ApiGateway_Timer'),
+  ApiGateway_EndpointResolver: Symbol.for('ApiGateway_EndpointResolver'),
 }
-
-// export default TYPES
--- a/packages/api-gateway/src/Controller/LegacyController.ts
+++ b/packages/api-gateway/src/Controller/LegacyController.ts
@@ -9,7 +9,7 @@ export class LegacyController extends BaseHttpController {
  private AUTH_ROUTES: Map<string, string>
  private PARAMETRIZED_AUTH_ROUTES: Map<string, string>

-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()

    this.AUTH_ROUTES = new Map([
@@ -29,17 +29,17 @@ export class LegacyController extends BaseHttpController {
    ])
  }

-  @httpPost('/items/sync', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/items/sync', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async legacyItemsSync(request: Request, response: Response): Promise<void> {
    await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
  }

-  @httpGet('/items/:item_id/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/items/:item_id/revisions', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async legacyGetRevisions(request: Request, response: Response): Promise<void> {
    await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
  }

-  @httpGet('/items/:item_id/revisions/:id', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/items/:item_id/revisions/:id', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async legacyGetRevision(request: Request, response: Response): Promise<void> {
    await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
  }
--- a/packages/api-gateway/src/Controller/OptionalCrossServiceTokenMiddleware.ts
+++ b/packages/api-gateway/src/Controller/OptionalCrossServiceTokenMiddleware.ts
@@ -11,12 +11,12 @@ import { AuthMiddleware } from './AuthMiddleware'
@injectable()
 export class OptionalCrossServiceTokenMiddleware extends AuthMiddleware {
  constructor(
-    @inject(TYPES.ServiceProxy) serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.AUTH_JWT_SECRET) jwtSecret: string,
-    @inject(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
-    @inject(TYPES.CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
-    @inject(TYPES.Timer) timer: TimerInterface,
-    @inject(TYPES.Logger) logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) jwtSecret: string,
+    @inject(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
+    @inject(TYPES.ApiGateway_CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
+    @inject(TYPES.ApiGateway_Timer) timer: TimerInterface,
+    @inject(TYPES.ApiGateway_Logger) logger: Logger,
  ) {
    super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
  }
--- a/packages/api-gateway/src/Controller/RequiredCrossServiceTokenMiddleware.ts
+++ b/packages/api-gateway/src/Controller/RequiredCrossServiceTokenMiddleware.ts
@@ -11,12 +11,12 @@ import { AuthMiddleware } from './AuthMiddleware'
@injectable()
 export class RequiredCrossServiceTokenMiddleware extends AuthMiddleware {
  constructor(
-    @inject(TYPES.ServiceProxy) serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.AUTH_JWT_SECRET) jwtSecret: string,
-    @inject(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
-    @inject(TYPES.CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
-    @inject(TYPES.Timer) timer: TimerInterface,
-    @inject(TYPES.Logger) logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) jwtSecret: string,
+    @inject(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
+    @inject(TYPES.ApiGateway_CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
+    @inject(TYPES.ApiGateway_Timer) timer: TimerInterface,
+    @inject(TYPES.ApiGateway_Logger) logger: Logger,
  ) {
    super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
  }
--- a/packages/api-gateway/src/Controller/SubscriptionTokenAuthMiddleware.ts
+++ b/packages/api-gateway/src/Controller/SubscriptionTokenAuthMiddleware.ts
@@ -11,10 +11,10 @@ import { TokenAuthenticationMethod } from './TokenAuthenticationMethod'
@injectable()
 export class SubscriptionTokenAuthMiddleware extends BaseMiddleware {
  constructor(
-    @inject(TYPES.HTTPClient) private httpClient: AxiosInstance,
-    @inject(TYPES.AUTH_SERVER_URL) private authServerUrl: string,
-    @inject(TYPES.AUTH_JWT_SECRET) private jwtSecret: string,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_HTTPClient) private httpClient: AxiosInstance,
+    @inject(TYPES.ApiGateway_AUTH_SERVER_URL) private authServerUrl: string,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) private jwtSecret: string,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/WebSocketAuthMiddleware.ts
+++ b/packages/api-gateway/src/Controller/WebSocketAuthMiddleware.ts
@@ -12,10 +12,10 @@ import { TYPES } from '../Bootstrap/Types'
@injectable()
 export class WebSocketAuthMiddleware extends BaseMiddleware {
  constructor(
-    @inject(TYPES.HTTPClient) private httpClient: AxiosInstance,
-    @inject(TYPES.AUTH_SERVER_URL) private authServerUrl: string,
-    @inject(TYPES.AUTH_JWT_SECRET) private jwtSecret: string,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_HTTPClient) private httpClient: AxiosInstance,
+    @inject(TYPES.ApiGateway_AUTH_SERVER_URL) private authServerUrl: string,
+    @inject(TYPES.ApiGateway_AUTH_JWT_SECRET) private jwtSecret: string,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/v1/ActionsController.ts
+++ b/packages/api-gateway/src/Controller/v1/ActionsController.ts
@@ -8,8 +8,8 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1')
 export class ActionsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -24,7 +24,7 @@ export class ActionsController extends BaseHttpController {
    )
  }

-  @httpGet('/login-params', TYPES.OptionalCrossServiceTokenMiddleware)
+  @httpGet('/login-params', TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
  async loginParams(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
@@ -34,7 +34,7 @@ export class ActionsController extends BaseHttpController {
    )
  }

-  @httpPost('/logout', TYPES.OptionalCrossServiceTokenMiddleware)
+  @httpPost('/logout', TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
  async logout(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
@@ -54,7 +54,7 @@ export class ActionsController extends BaseHttpController {
    )
  }

-  @httpPost('/recovery/codes', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/recovery/codes', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async recoveryCodes(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v1/AuthenticatorsController.ts
+++ b/packages/api-gateway/src/Controller/v1/AuthenticatorsController.ts
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/authenticators')
 export class AuthenticatorsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpDelete('/:authenticatorId', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:authenticatorId', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async delete(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -29,7 +29,7 @@ export class AuthenticatorsController extends BaseHttpController {
    )
  }

-  @httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async list(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -39,7 +39,7 @@ export class AuthenticatorsController extends BaseHttpController {
    )
  }

-  @httpGet('/generate-registration-options', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/generate-registration-options', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async generateRegistrationOptions(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -59,7 +59,7 @@ export class AuthenticatorsController extends BaseHttpController {
    )
  }

-  @httpPost('/verify-registration', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/verify-registration', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async verifyRegistration(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v1/FilesController.ts
+++ b/packages/api-gateway/src/Controller/v1/FilesController.ts
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/files')
 export class FilesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpPost('/valet-tokens', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/valet-tokens', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createToken(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v1/InvoicesController.ts
+++ b/packages/api-gateway/src/Controller/v1/InvoicesController.ts
@@ -6,11 +6,11 @@ import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'

@controller('/v1')
 export class InvoicesController extends BaseHttpController {
-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()
  }

-  @httpPost('/invoices/send-latest', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/invoices/send-latest', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async sendLatestInvoice(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/send-invoice', request.body)
  }
--- a/packages/api-gateway/src/Controller/v1/ItemsController.ts
+++ b/packages/api-gateway/src/Controller/v1/ItemsController.ts
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/items', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/items', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class ItemsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/v1/MessagesController.ts
+++ b/packages/api-gateway/src/Controller/v1/MessagesController.ts
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/messages', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/messages', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class MessagesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/v1/OfflineController.ts
+++ b/packages/api-gateway/src/Controller/v1/OfflineController.ts
@@ -9,8 +9,8 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/offline')
 export class OfflineController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/v1/PaymentsController.ts
+++ b/packages/api-gateway/src/Controller/v1/PaymentsController.ts
@@ -6,7 +6,7 @@ import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'

@controller('/v1')
 export class PaymentsController extends BaseHttpController {
-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()
  }

@@ -40,12 +40,12 @@ export class PaymentsController extends BaseHttpController {
    await this.httpService.callPaymentsServer(request, response, 'api/extensions', request.body)
  }

-  @httpPost('/subscriptions/tiered', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/tiered', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async createTieredSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/tiered', request.body)
  }

-  @httpPost('/subscriptions/apple_iap_confirm', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/apple_iap_confirm', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async appleIAPConfirm(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/apple_iap_confirm', request.body)
  }
@@ -140,7 +140,7 @@ export class PaymentsController extends BaseHttpController {
    )
  }

-  @httpPost('/payments/stripe-setup-intent', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/payments/stripe-setup-intent', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async createStripeSetupIntent(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/stripe-setup-intent', request.body)
  }
--- a/packages/api-gateway/src/Controller/v1/RevisionsController.ts
+++ b/packages/api-gateway/src/Controller/v1/RevisionsController.ts
@@ -1,7 +1,7 @@
 import { BaseHttpController, controller, httpDelete, httpGet, results } from 'inversify-express-utils'
 import { TYPES } from '../../Bootstrap/Types'

-@controller('/v1/items/:item_id/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/items/:item_id/revisions', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class RevisionsController extends BaseHttpController {
  @httpGet('/')
  async getRevisions(): Promise<results.JsonResult> {
--- a/packages/api-gateway/src/Controller/v1/SessionsController.ts
+++ b/packages/api-gateway/src/Controller/v1/SessionsController.ts
@@ -8,13 +8,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/sessions')
 export class SessionsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getSessions(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -23,7 +23,7 @@ export class SessionsController extends BaseHttpController {
    )
  }

-  @httpDelete('/:uuid', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:uuid', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteSession(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -35,7 +35,7 @@ export class SessionsController extends BaseHttpController {
    )
  }

-  @httpDelete('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteSessions(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v1/SharedVaultInvitesController.ts
+++ b/packages/api-gateway/src/Controller/v1/SharedVaultInvitesController.ts
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/shared-vaults', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/shared-vaults', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class SharedVaultInvitesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/v1/SharedVaultUsersController.ts
+++ b/packages/api-gateway/src/Controller/v1/SharedVaultUsersController.ts
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/shared-vaults/:sharedVaultUuid/users', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/shared-vaults/:sharedVaultUuid/users', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class SharedVaultUsersController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/v1/SharedVaultsController.ts
+++ b/packages/api-gateway/src/Controller/v1/SharedVaultsController.ts
@@ -5,11 +5,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v1/shared-vaults', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v1/shared-vaults', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class SharedVaultsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Controller/v1/SubscriptionInvitesController.ts
+++ b/packages/api-gateway/src/Controller/v1/SubscriptionInvitesController.ts
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/subscription-invites')
 export class SubscriptionInvitesController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpPost('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async inviteToSubscriptionSharing(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -25,7 +25,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
    )
  }

-  @httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async listInvites(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -35,7 +35,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
    )
  }

-  @httpDelete('/:inviteUuid', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:inviteUuid', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async cancelSubscriptionSharing(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -48,7 +48,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
    )
  }

-  @httpPost('/:inviteUuid/accept', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/:inviteUuid/accept', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async acceptInvite(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v1/TokensController.ts
+++ b/packages/api-gateway/src/Controller/v1/TokensController.ts
@@ -9,13 +9,13 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/subscription-tokens')
 export class TokensController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }

-  @httpPost('/', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createToken(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v1/UsersController.ts
+++ b/packages/api-gateway/src/Controller/v1/UsersController.ts
@@ -20,9 +20,10 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/users')
 export class UsersController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER) private isConfiguredForHomeServer: boolean,
  ) {
    super()
  }
@@ -32,12 +33,12 @@ export class UsersController extends BaseHttpController {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/claim-account', request.body)
  }

-  @httpPost('/send-activation-code', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/send-activation-code', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async sendActivationCode(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/pro_users/send-activation-code', request.body)
  }

-  @httpPatch('/:userId', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPatch('/:userId', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async updateUser(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -47,7 +48,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpPut('/:userUuid/password', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPut('/:userUuid/password', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async changePassword(request: Request, response: Response): Promise<void> {
    this.logger.debug(
      '[DEPRECATED] use endpoint /v1/users/:userUuid/attributes/credentials instead of /v1/users/:userUuid/password',
@@ -65,7 +66,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpPut('/:userUuid/attributes/credentials', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPut('/:userUuid/attributes/credentials', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async changeCredentials(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -79,7 +80,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userId/params', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userId/params', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getKeyParams(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -88,12 +89,12 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @all('/:userId/mfa', TYPES.RequiredCrossServiceTokenMiddleware)
+  @all('/:userId/mfa', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async blockMFA(): Promise<results.StatusCodeResult> {
    return this.statusCode(401)
  }

-  @httpPost('/:userUuid/integrations/listed', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/:userUuid/integrations/listed', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createListedAccount(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -113,7 +114,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/settings', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/settings', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async listSettings(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -126,7 +127,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpPut('/:userUuid/settings', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPut('/:userUuid/settings', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async putSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -140,7 +141,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/settings/:settingName', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/settings/:settingName', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -154,7 +155,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpDelete('/:userUuid/settings/:settingName', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:userUuid/settings/:settingName', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -169,7 +170,10 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/subscription-settings/:subscriptionSettingName', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet(
+    '/:userUuid/subscription-settings/:subscriptionSettingName',
+    TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware,
+  )
  async getSubscriptionSetting(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -183,7 +187,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/features', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/features', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getFeatures(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -196,7 +200,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/:userUuid/subscription', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpGet('/:userUuid/subscription', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async getSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
@@ -209,7 +213,7 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpGet('/subscription', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscription', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getSubscriptionBySubscriptionToken(request: Request, response: Response): Promise<void> {
    if (response.locals.tokenAuthenticationMethod === TokenAuthenticationMethod.OfflineSubscriptionToken) {
      await this.httpService.callAuthServer(
@@ -232,12 +236,20 @@ export class UsersController extends BaseHttpController {
    )
  }

-  @httpDelete('/:userUuid', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpDelete('/:userUuid', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async deleteUser(request: Request, response: Response): Promise<void> {
-    await this.httpService.callPaymentsServer(request, response, 'api/account', request.body)
+    if (!this.isConfiguredForHomeServer) {
+      await this.httpService.callPaymentsServer(request, response, 'api/account', request.body, true)
+    }
+
+    await this.httpService.callAuthServer(
+      request,
+      response,
+      this.endpointResolver.resolveEndpointOrMethodIdentifier('DELETE', 'users/:userUuid', request.params.userUuid),
+    )
  }

-  @httpPost('/:userUuid/requests', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/:userUuid/requests', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async submitRequest(request: Request, response: Response): Promise<void> {
    await this.httpService.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v1/WebSocketsController.ts
+++ b/packages/api-gateway/src/Controller/v1/WebSocketsController.ts
@@ -10,14 +10,14 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v1/sockets')
 export class WebSocketsController extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {
    super()
  }

-  @httpPost('/tokens', TYPES.RequiredCrossServiceTokenMiddleware)
+  @httpPost('/tokens', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
  async createWebSocketConnectionToken(request: Request, response: Response): Promise<void> {
    await this.httpService.callWebSocketServer(
      request,
@@ -27,7 +27,7 @@ export class WebSocketsController extends BaseHttpController {
    )
  }

-  @httpPost('/connections', TYPES.WebSocketAuthMiddleware)
+  @httpPost('/connections', TYPES.ApiGateway_WebSocketAuthMiddleware)
  async createWebSocketConnection(request: Request, response: Response): Promise<void> {
    if (!request.headers.connectionid) {
      this.logger.error('Could not create a websocket connection. Missing connection id header.')
--- a/packages/api-gateway/src/Controller/v2/ActionsControllerV2.ts
+++ b/packages/api-gateway/src/Controller/v2/ActionsControllerV2.ts
@@ -9,8 +9,8 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
@controller('/v2')
 export class ActionsControllerV2 extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private serviceProxy: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
@@ -25,7 +25,7 @@ export class ActionsControllerV2 extends BaseHttpController {
    )
  }

-  @httpPost('/login-params', TYPES.OptionalCrossServiceTokenMiddleware)
+  @httpPost('/login-params', TYPES.ApiGateway_OptionalCrossServiceTokenMiddleware)
  async loginParams(request: Request, response: Response): Promise<void> {
    await this.serviceProxy.callAuthServer(
      request,
--- a/packages/api-gateway/src/Controller/v2/PaymentsControllerV2.ts
+++ b/packages/api-gateway/src/Controller/v2/PaymentsControllerV2.ts
@@ -6,7 +6,7 @@ import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'

@controller('/v2')
 export class PaymentsControllerV2 extends BaseHttpController {
-  constructor(@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface) {
+  constructor(@inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface) {
    super()
  }

@@ -15,22 +15,22 @@ export class PaymentsControllerV2 extends BaseHttpController {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/features', request.body)
  }

-  @httpGet('/subscriptions/tailored', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscriptions/tailored', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getTailoredSubscriptionsWithFeatures(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/features', request.body)
  }

-  @httpGet('/subscriptions/deltas', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscriptions/deltas', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getSubscriptionDeltasForChangingPlan(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/deltas', request.body)
  }

-  @httpPost('/subscriptions/deltas/apply', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/deltas/apply', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async applySubscriptionDelta(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(request, response, 'api/subscriptions/deltas/apply', request.body)
  }

-  @httpPost('/subscriptions/change-payment-method', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPost('/subscriptions/change-payment-method', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async changePaymentMethod(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
@@ -40,7 +40,7 @@ export class PaymentsControllerV2 extends BaseHttpController {
    )
  }

-  @httpGet('/subscriptions/:subscriptionId', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpGet('/subscriptions/:subscriptionId', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async getSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
@@ -50,7 +50,7 @@ export class PaymentsControllerV2 extends BaseHttpController {
    )
  }

-  @httpDelete('/subscriptions/:subscriptionId', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpDelete('/subscriptions/:subscriptionId', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async cancelSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
@@ -60,7 +60,7 @@ export class PaymentsControllerV2 extends BaseHttpController {
    )
  }

-  @httpPatch('/subscriptions/:subscriptionId', TYPES.SubscriptionTokenAuthMiddleware)
+  @httpPatch('/subscriptions/:subscriptionId', TYPES.ApiGateway_SubscriptionTokenAuthMiddleware)
  async updateSubscription(request: Request, response: Response): Promise<void> {
    await this.httpService.callPaymentsServer(
      request,
--- a/packages/api-gateway/src/Controller/v2/RevisionsControllerV2.ts
+++ b/packages/api-gateway/src/Controller/v2/RevisionsControllerV2.ts
@@ -6,11 +6,11 @@ import { TYPES } from '../../Bootstrap/Types'
 import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
 import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'

-@controller('/v2/items/:itemUuid/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
+@controller('/v2/items/:itemUuid/revisions', TYPES.ApiGateway_RequiredCrossServiceTokenMiddleware)
 export class RevisionsControllerV2 extends BaseHttpController {
  constructor(
-    @inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
-    @inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
+    @inject(TYPES.ApiGateway_ServiceProxy) private httpService: ServiceProxyInterface,
+    @inject(TYPES.ApiGateway_EndpointResolver) private endpointResolver: EndpointResolverInterface,
  ) {
    super()
  }
--- a/packages/api-gateway/src/Infra/Redis/RedisCrossServiceTokenCache.ts
+++ b/packages/api-gateway/src/Infra/Redis/RedisCrossServiceTokenCache.ts
@@ -9,7 +9,7 @@ export class RedisCrossServiceTokenCache implements CrossServiceTokenCacheInterf
  private readonly PREFIX = 'cst'
  private readonly USER_CST_PREFIX = 'user-cst'

-  constructor(@inject(TYPES.Redis) private redisClient: IORedis.Redis) {}
+  constructor(@inject(TYPES.ApiGateway_Redis) private redisClient: IORedis.Redis) {}

  async set(dto: {
    authorizationHeaderValue: string
--- a/packages/api-gateway/src/Service/Http/HttpServiceProxy.ts
+++ b/packages/api-gateway/src/Service/Http/HttpServiceProxy.ts
@@ -11,17 +11,17 @@ import { ServiceProxyInterface } from './ServiceProxyInterface'
@injectable()
 export class HttpServiceProxy implements ServiceProxyInterface {
  constructor(
-    @inject(TYPES.HTTPClient) private httpClient: AxiosInstance,
-    @inject(TYPES.AUTH_SERVER_URL) private authServerUrl: string,
-    @inject(TYPES.SYNCING_SERVER_JS_URL) private syncingServerJsUrl: string,
-    @inject(TYPES.PAYMENTS_SERVER_URL) private paymentsServerUrl: string,
-    @inject(TYPES.FILES_SERVER_URL) private filesServerUrl: string,
-    @inject(TYPES.WEB_SOCKET_SERVER_URL) private webSocketServerUrl: string,
-    @inject(TYPES.REVISIONS_SERVER_URL) private revisionsServerUrl: string,
-    @inject(TYPES.EMAIL_SERVER_URL) private emailServerUrl: string,
-    @inject(TYPES.HTTP_CALL_TIMEOUT) private httpCallTimeout: number,
-    @inject(TYPES.CrossServiceTokenCache) private crossServiceTokenCache: CrossServiceTokenCacheInterface,
-    @inject(TYPES.Logger) private logger: Logger,
+    @inject(TYPES.ApiGateway_HTTPClient) private httpClient: AxiosInstance,
+    @inject(TYPES.ApiGateway_AUTH_SERVER_URL) private authServerUrl: string,
+    @inject(TYPES.ApiGateway_SYNCING_SERVER_JS_URL) private syncingServerJsUrl: string,
+    @inject(TYPES.ApiGateway_PAYMENTS_SERVER_URL) private paymentsServerUrl: string,
+    @inject(TYPES.ApiGateway_FILES_SERVER_URL) private filesServerUrl: string,
+    @inject(TYPES.ApiGateway_WEB_SOCKET_SERVER_URL) private webSocketServerUrl: string,
+    @inject(TYPES.ApiGateway_REVISIONS_SERVER_URL) private revisionsServerUrl: string,
+    @inject(TYPES.ApiGateway_EMAIL_SERVER_URL) private emailServerUrl: string,
+    @inject(TYPES.ApiGateway_HTTP_CALL_TIMEOUT) private httpCallTimeout: number,
+    @inject(TYPES.ApiGateway_CrossServiceTokenCache) private crossServiceTokenCache: CrossServiceTokenCacheInterface,
+    @inject(TYPES.ApiGateway_Logger) private logger: Logger,
  ) {}

  async validateSession(
@@ -130,19 +130,29 @@ export class HttpServiceProxy implements ServiceProxyInterface {
    response: Response,
    endpointOrMethodIdentifier: string,
    payload?: Record<string, unknown> | string,
-  ): Promise<void> {
+    returnRawResponse?: boolean,
+  ): Promise<void | Response<unknown, Record<string, unknown>>> {
    if (!this.paymentsServerUrl) {
      this.logger.debug('Payments Server URL not defined. Skipped request to Payments API.')

      return
    }
-    await this.callServerWithLegacyFormat(
+
+    const requestDuplicate = Object.assign({}, request)
+    const responseDuplicate = Object.assign({}, response)
+
+    const rawResponse = await this.callServerWithLegacyFormat(
      this.paymentsServerUrl,
-      request,
-      response,
+      returnRawResponse ? requestDuplicate : request,
+      returnRawResponse ? responseDuplicate : response,
      endpointOrMethodIdentifier,
      payload,
+      returnRawResponse,
    )
+
+    if (returnRawResponse) {
+      return rawResponse
+    }
  }

  async callAuthServerWithLegacyFormat(
@@ -279,7 +289,8 @@ export class HttpServiceProxy implements ServiceProxyInterface {
    response: Response,
    endpointOrMethodIdentifier: string,
    payload?: Record<string, unknown> | string,
-  ): Promise<void> {
+    returnRawResponse?: boolean,
+  ): Promise<void | Response<unknown, Record<string, unknown>>> {
    const serviceResponse = await this.getServerResponse(
      serverUrl,
      request,
@@ -295,9 +306,21 @@ export class HttpServiceProxy implements ServiceProxyInterface {
    this.applyResponseHeaders(serviceResponse, response)

    if (serviceResponse.request._redirectable._redirectCount > 0) {
-      response.status(302).redirect(serviceResponse.request.res.responseUrl)
+      response.status(302)
+
+      if (returnRawResponse) {
+        return response
+      }
+
+      response.redirect(serviceResponse.request.res.responseUrl)
    } else {
-      response.status(serviceResponse.status).send(serviceResponse.data)
+      response.status(serviceResponse.status)
+
+      if (returnRawResponse) {
+        return response
+      }
+
+      response.send(serviceResponse.data)
    }
  }

--- a/packages/api-gateway/src/Service/Http/ServiceProxyInterface.ts
+++ b/packages/api-gateway/src/Service/Http/ServiceProxyInterface.ts
@@ -42,7 +42,8 @@ export interface ServiceProxyInterface {
    response: Response,
    endpointOrMethodIdentifier: string,
    payload?: Record<string, unknown> | string,
-  ): Promise<void>
+    returnRawResponse?: boolean,
+  ): Promise<void | Response<unknown, Record<string, unknown>>>
  callWebSocketServer(
    request: Request,
    response: Response,
--- a/packages/api-gateway/src/Service/Resolver/EndpointResolver.ts
+++ b/packages/api-gateway/src/Service/Resolver/EndpointResolver.ts
@@ -43,6 +43,7 @@ export class EndpointResolver implements EndpointResolverInterface {
    ['[PATCH]:users/:userId', 'auth.users.update'],
    ['[PUT]:users/:userUuid/attributes/credentials', 'auth.users.updateCredentials'],
    ['[PUT]:auth/params', 'auth.users.getKeyParams'],
+    ['[DELETE]:users/:userUuid', 'auth.users.delete'],
    ['[POST]:listed', 'auth.users.createListedAccount'],
    ['[POST]:auth', 'auth.users.register'],
    ['[GET]:users/:userUuid/settings', 'auth.users.getSettings'],
--- a/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.spec.ts
+++ b/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.spec.ts
@@ -30,7 +30,9 @@ describe('AuthenticationMethodResolver', () => {

    user = {} as jest.Mocked<User>

-    session = {} as jest.Mocked<Session>
+    session = {
+      userUuid: '00000000-0000-0000-0000-000000000000',
+    } as jest.Mocked<Session>

    revokedSession = {} as jest.Mocked<RevokedSession>

@@ -50,17 +52,23 @@ describe('AuthenticationMethodResolver', () => {
  })

  it('should resolve jwt authentication method', async () => {
-    sessionTokenDecoder.decodeToken = jest.fn().mockReturnValue({ user_uuid: '123' })
+    sessionTokenDecoder.decodeToken = jest.fn().mockReturnValue({ user_uuid: '00000000-0000-0000-0000-000000000000' })

    expect(await createResolver().resolve('test')).toEqual({
      claims: {
-        user_uuid: '123',
+        user_uuid: '00000000-0000-0000-0000-000000000000',
      },
      type: 'jwt',
      user,
    })
  })

+  it('should not resolve jwt authentication method with invalid user uuid', async () => {
+    sessionTokenDecoder.decodeToken = jest.fn().mockReturnValue({ user_uuid: 'invalid' })
+
+    expect(await createResolver().resolve('test')).toBeUndefined
+  })
+
  it('should resolve session authentication method', async () => {
    sessionService.getSessionFromToken = jest.fn().mockReturnValue(session)

@@ -71,6 +79,12 @@ describe('AuthenticationMethodResolver', () => {
    })
  })

+  it('should not resolve session authentication method with invalid user uuid on session', async () => {
+    sessionService.getSessionFromToken = jest.fn().mockReturnValue({ userUuid: 'invalid' })
+
+    expect(await createResolver().resolve('test')).toBeUndefined
+  })
+
  it('should resolve archvied session authentication method', async () => {
    sessionService.getRevokedSessionFromToken = jest.fn().mockReturnValue(revokedSession)

--- a/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.ts
+++ b/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.ts
@@ -6,6 +6,7 @@ import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
 import { AuthenticationMethod } from './AuthenticationMethod'
 import { AuthenticationMethodResolverInterface } from './AuthenticationMethodResolverInterface'
 import { Logger } from 'winston'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class AuthenticationMethodResolver implements AuthenticationMethodResolverInterface {
@@ -29,9 +30,15 @@ export class AuthenticationMethodResolver implements AuthenticationMethodResolve
    if (decodedToken) {
      this.logger.debug('Token decoded successfully. User found.')

+      const userUuidOrError = Uuid.create(decodedToken.user_uuid as string)
+      if (userUuidOrError.isFailed()) {
+        return undefined
+      }
+      const userUuid = userUuidOrError.getValue()
+
      return {
        type: 'jwt',
-        user: await this.userRepository.findOneByUuid(<string>decodedToken.user_uuid),
+        user: await this.userRepository.findOneByUuid(userUuid),
        claims: decodedToken,
      }
    }
@@ -40,9 +47,15 @@ export class AuthenticationMethodResolver implements AuthenticationMethodResolve
    if (session) {
      this.logger.debug('Token decoded successfully. Session found.')

+      const userUuidOrError = Uuid.create(session.userUuid)
+      if (userUuidOrError.isFailed()) {
+        return undefined
+      }
+      const userUuid = userUuidOrError.getValue()
+
      return {
        type: 'session_token',
-        user: await this.userRepository.findOneByUuid(session.userUuid),
+        user: await this.userRepository.findOneByUuid(userUuid),
        session: session,
      }
    }
--- a/packages/auth/src/Domain/Handler/AccountDeletionRequestedEventHandler.spec.ts
+++ b/packages/auth/src/Domain/Handler/AccountDeletionRequestedEventHandler.spec.ts
@@ -50,7 +50,7 @@ describe('AccountDeletionRequestedEventHandler', () => {

    ephemeralSession = {
      uuid: '2-3-4',
-      userUuid: '1-2-3',
+      userUuid: '00000000-0000-0000-0000-000000000000',
    } as jest.Mocked<EphemeralSession>

    ephemeralSessionRepository = {} as jest.Mocked<EphemeralSessionRepositoryInterface>
@@ -68,7 +68,7 @@ describe('AccountDeletionRequestedEventHandler', () => {
    event = {} as jest.Mocked<AccountDeletionRequestedEvent>
    event.createdAt = new Date(1)
    event.payload = {
-      userUuid: '1-2-3',
+      userUuid: '00000000-0000-0000-0000-000000000000',
      userCreatedAtTimestamp: 1,
      regularSubscriptionUuid: '2-3-4',
    }
@@ -84,6 +84,14 @@ describe('AccountDeletionRequestedEventHandler', () => {
    expect(userRepository.remove).toHaveBeenCalledWith(user)
  })

+  it('should not remove a user with invalid uuid', async () => {
+    event.payload.userUuid = 'invalid'
+
+    await createHandler().handle(event)
+
+    expect(userRepository.remove).not.toHaveBeenCalled()
+  })
+
  it('should not remove a user if one does not exist', async () => {
    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

@@ -100,6 +108,6 @@ describe('AccountDeletionRequestedEventHandler', () => {

    expect(sessionRepository.remove).toHaveBeenCalledWith(session)
    expect(revokedSessionRepository.remove).toHaveBeenCalledWith(revokedSession)
-    expect(ephemeralSessionRepository.deleteOne).toHaveBeenCalledWith('2-3-4', '1-2-3')
+    expect(ephemeralSessionRepository.deleteOne).toHaveBeenCalledWith('2-3-4', '00000000-0000-0000-0000-000000000000')
  })
 })
--- a/packages/auth/src/Domain/Handler/AccountDeletionRequestedEventHandler.ts
+++ b/packages/auth/src/Domain/Handler/AccountDeletionRequestedEventHandler.ts
@@ -6,6 +6,7 @@ import { EphemeralSessionRepositoryInterface } from '../Session/EphemeralSession
 import { RevokedSessionRepositoryInterface } from '../Session/RevokedSessionRepositoryInterface'
 import { SessionRepositoryInterface } from '../Session/SessionRepositoryInterface'
 import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class AccountDeletionRequestedEventHandler implements DomainEventHandlerInterface {
@@ -19,19 +20,27 @@ export class AccountDeletionRequestedEventHandler implements DomainEventHandlerI
  ) {}

  async handle(event: AccountDeletionRequestedEvent): Promise<void> {
-    const user = await this.userRepository.findOneByUuid(event.payload.userUuid)
-
-    if (user === null) {
+    const userUuidOrError = Uuid.create(event.payload.userUuid)
+    if (userUuidOrError.isFailed()) {
      this.logger.warn(`Could not find user with uuid: ${event.payload.userUuid}`)

      return
    }
+    const userUuid = userUuidOrError.getValue()

-    await this.removeSessions(event.payload.userUuid)
+    const user = await this.userRepository.findOneByUuid(userUuid)
+
+    if (user === null) {
+      this.logger.warn(`Could not find user with uuid: ${userUuid.value}`)
+
+      return
+    }
+
+    await this.removeSessions(userUuid.value)

    await this.userRepository.remove(user)

-    this.logger.info(`Finished account cleanup for user: ${event.payload.userUuid}`)
+    this.logger.info(`Finished account cleanup for user: ${userUuid.value}`)
  }

  private async removeSessions(userUuid: string): Promise<void> {
--- a/packages/auth/src/Domain/Handler/FileUploadedEventHandler.spec.ts
+++ b/packages/auth/src/Domain/Handler/FileUploadedEventHandler.spec.ts
@@ -33,7 +33,7 @@ describe('FileUploadedEventHandler', () => {
    userRepository.findOneByUuid = jest.fn().mockReturnValue(user)

    regularSubscription = {
-      uuid: '1-2-3',
+      uuid: '00000000-0000-0000-0000-000000000000',
      subscriptionType: UserSubscriptionType.Regular,
      user: Promise.resolve(user),
    } as jest.Mocked<UserSubscription>
@@ -56,9 +56,9 @@ describe('FileUploadedEventHandler', () => {
    event = {} as jest.Mocked<FileUploadedEvent>
    event.createdAt = new Date(1)
    event.payload = {
-      userUuid: '1-2-3',
+      userUuid: '00000000-0000-0000-0000-000000000000',
      fileByteSize: 123,
-      filePath: '1-2-3/2-3-4',
+      filePath: '00000000-0000-0000-0000-000000000000/2-3-4',
      fileName: '2-3-4',
    }

@@ -78,13 +78,21 @@ describe('FileUploadedEventHandler', () => {
      },
      user,
      userSubscription: {
-        uuid: '1-2-3',
+        uuid: '00000000-0000-0000-0000-000000000000',
        subscriptionType: 'regular',
        user: Promise.resolve(user),
      },
    })
  })

+  it('should not do anything if a user uuid is invalid', async () => {
+    event.payload.userUuid = 'invalid'
+
+    await createHandler().handle(event)
+
+    expect(subscriptionSettingService.createOrReplace).not.toHaveBeenCalled()
+  })
+
  it('should not do anything if a user is not found', async () => {
    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

@@ -121,7 +129,7 @@ describe('FileUploadedEventHandler', () => {
      },
      user,
      userSubscription: {
-        uuid: '1-2-3',
+        uuid: '00000000-0000-0000-0000-000000000000',
        subscriptionType: 'regular',
        user: Promise.resolve(user),
      },
@@ -147,7 +155,7 @@ describe('FileUploadedEventHandler', () => {
      },
      user,
      userSubscription: {
-        uuid: '1-2-3',
+        uuid: '00000000-0000-0000-0000-000000000000',
        subscriptionType: 'regular',
        user: Promise.resolve(user),
      },
--- a/packages/auth/src/Domain/Handler/FileUploadedEventHandler.ts
+++ b/packages/auth/src/Domain/Handler/FileUploadedEventHandler.ts
@@ -10,6 +10,7 @@ import { UserSubscription } from '../Subscription/UserSubscription'
 import { UserSubscriptionServiceInterface } from '../Subscription/UserSubscriptionServiceInterface'
 import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
 import { User } from '../User/User'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class FileUploadedEventHandler implements DomainEventHandlerInterface {
@@ -22,17 +23,25 @@ export class FileUploadedEventHandler implements DomainEventHandlerInterface {
  ) {}

  async handle(event: FileUploadedEvent): Promise<void> {
-    const user = await this.userRepository.findOneByUuid(event.payload.userUuid)
+    const userUuidOrError = Uuid.create(event.payload.userUuid)
+    if (userUuidOrError.isFailed()) {
+      this.logger.warn(userUuidOrError.getError())
+
+      return
+    }
+    const userUuid = userUuidOrError.getValue()
+
+    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
-      this.logger.warn(`Could not find user with uuid: ${event.payload.userUuid}`)
+      this.logger.warn(`Could not find user with uuid: ${userUuid.value}`)

      return
    }

    const { regularSubscription, sharedSubscription } =
-      await this.userSubscriptionService.findRegularSubscriptionForUserUuid(event.payload.userUuid)
+      await this.userSubscriptionService.findRegularSubscriptionForUserUuid(userUuid.value)
    if (regularSubscription === null) {
-      this.logger.warn(`Could not find regular user subscription for user with uuid: ${event.payload.userUuid}`)
+      this.logger.warn(`Could not find regular user subscription for user with uuid: ${userUuid.value}`)

      return
    }
--- a/packages/auth/src/Domain/Role/RoleService.spec.ts
+++ b/packages/auth/src/Domain/Role/RoleService.spec.ts
@@ -214,13 +214,25 @@ describe('RoleService', () => {
    })

    it('should indicate if a user has given permission', async () => {
-      const userHasPermission = await createService().userHasPermission('1-2-3', PermissionName.DailyEmailBackup)
+      const userHasPermission = await createService().userHasPermission(
+        '00000000-0000-0000-0000-000000000000',
+        PermissionName.DailyEmailBackup,
+      )

      expect(userHasPermission).toBeTruthy()
    })

+    it('should not indiciate if a user has permission if the user uuid is invalid', async () => {
+      const userHasPermission = await createService().userHasPermission('invalid', PermissionName.DailyEmailBackup)
+
+      expect(userHasPermission).toBeFalsy()
+    })
+
    it('should indicate if a user does not have a given permission', async () => {
-      const userHasPermission = await createService().userHasPermission('1-2-3', PermissionName.MarkdownProEditor)
+      const userHasPermission = await createService().userHasPermission(
+        '00000000-0000-0000-0000-000000000000',
+        PermissionName.MarkdownProEditor,
+      )

      expect(userHasPermission).toBeFalsy()
    })
@@ -228,7 +240,10 @@ describe('RoleService', () => {
    it('should indicate user does not have a permission if user could not be found', async () => {
      userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

-      const userHasPermission = await createService().userHasPermission('1-2-3', PermissionName.MarkdownProEditor)
+      const userHasPermission = await createService().userHasPermission(
+        '00000000-0000-0000-0000-000000000000',
+        PermissionName.MarkdownProEditor,
+      )

      expect(userHasPermission).toBeFalsy()
    })
--- a/packages/auth/src/Domain/Role/RoleService.ts
+++ b/packages/auth/src/Domain/Role/RoleService.ts
@@ -13,6 +13,7 @@ import { RoleToSubscriptionMapInterface } from './RoleToSubscriptionMapInterface
 import { OfflineUserSubscriptionRepositoryInterface } from '../Subscription/OfflineUserSubscriptionRepositoryInterface'
 import { Role } from './Role'
 import { OfflineUserSubscription } from '../Subscription/OfflineUserSubscription'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class RoleService implements RoleServiceInterface {
@@ -26,10 +27,16 @@ export class RoleService implements RoleServiceInterface {
    @inject(TYPES.Auth_Logger) private logger: Logger,
  ) {}

-  async userHasPermission(userUuid: string, permissionName: PermissionName): Promise<boolean> {
+  async userHasPermission(userUuidString: string, permissionName: PermissionName): Promise<boolean> {
+    const userUuidOrError = Uuid.create(userUuidString)
+    if (userUuidOrError.isFailed()) {
+      return false
+    }
+    const userUuid = userUuidOrError.getValue()
+
    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
-      this.logger.warn(`Could not find user with uuid ${userUuid} for permissions check`)
+      this.logger.warn(`Could not find user with uuid ${userUuid.value} for permissions check`)

      return false
    }
--- a/packages/auth/src/Domain/Setting/SettingDecrypter.spec.ts
+++ b/packages/auth/src/Domain/Setting/SettingDecrypter.spec.ts
@@ -32,7 +32,9 @@ describe('SettingDecrypter', () => {
      serverEncryptionVersion: EncryptionVersion.Default,
    } as jest.Mocked<Setting>

-    expect(await createDecrypter().decryptSettingValue(setting, '1-2-3')).toEqual('decrypted')
+    expect(await createDecrypter().decryptSettingValue(setting, '00000000-0000-0000-0000-000000000000')).toEqual(
+      'decrypted',
+    )
  })

  it('should return null if the setting value is null', async () => {
@@ -41,7 +43,7 @@ describe('SettingDecrypter', () => {
      serverEncryptionVersion: EncryptionVersion.Default,
    } as jest.Mocked<Setting>

-    expect(await createDecrypter().decryptSettingValue(setting, '1-2-3')).toBeNull()
+    expect(await createDecrypter().decryptSettingValue(setting, '00000000-0000-0000-0000-000000000000')).toBeNull()
  })

  it('should return unencrypted value if the setting value is unencrypted', async () => {
@@ -50,7 +52,7 @@ describe('SettingDecrypter', () => {
      serverEncryptionVersion: EncryptionVersion.Unencrypted,
    } as jest.Mocked<Setting>

-    expect(await createDecrypter().decryptSettingValue(setting, '1-2-3')).toEqual('test')
+    expect(await createDecrypter().decryptSettingValue(setting, '00000000-0000-0000-0000-000000000000')).toEqual('test')
  })

  it('should throw if the user could not be found', async () => {
@@ -62,7 +64,23 @@ describe('SettingDecrypter', () => {

    let caughtError = null
    try {
-      await createDecrypter().decryptSettingValue(setting, '1-2-3')
+      await createDecrypter().decryptSettingValue(setting, '00000000-0000-0000-0000-000000000000')
+    } catch (error) {
+      caughtError = error
+    }
+
+    expect(caughtError).not.toBeNull()
+  })
+
+  it('should throw if the user uuid is invalid', async () => {
+    const setting = {
+      value: 'encrypted',
+      serverEncryptionVersion: EncryptionVersion.Default,
+    } as jest.Mocked<Setting>
+
+    let caughtError = null
+    try {
+      await createDecrypter().decryptSettingValue(setting, 'invalid')
    } catch (error) {
      caughtError = error
    }
--- a/packages/auth/src/Domain/Setting/SettingDecrypter.ts
+++ b/packages/auth/src/Domain/Setting/SettingDecrypter.ts
@@ -6,6 +6,7 @@ import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
 import { Setting } from './Setting'
 import { SettingDecrypterInterface } from './SettingDecrypterInterface'
 import { SubscriptionSetting } from './SubscriptionSetting'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class SettingDecrypter implements SettingDecrypterInterface {
@@ -14,12 +15,18 @@ export class SettingDecrypter implements SettingDecrypterInterface {
    @inject(TYPES.Auth_Crypter) private crypter: CrypterInterface,
  ) {}

-  async decryptSettingValue(setting: Setting | SubscriptionSetting, userUuid: string): Promise<string | null> {
+  async decryptSettingValue(setting: Setting | SubscriptionSetting, userUuidString: string): Promise<string | null> {
    if (setting.value !== null && setting.serverEncryptionVersion === EncryptionVersion.Default) {
+      const userUuidOrError = Uuid.create(userUuidString)
+      if (userUuidOrError.isFailed()) {
+        throw new Error(userUuidOrError.getError())
+      }
+      const userUuid = userUuidOrError.getValue()
+
      const user = await this.userRepository.findOneByUuid(userUuid)

      if (user === null) {
-        throw new Error(`Could not find user with uuid: ${userUuid}`)
+        throw new Error(`Could not find user with uuid: ${userUuid.value}`)
      }

      return this.crypter.decryptForUser(setting.value, user)
--- a/packages/auth/src/Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken.spec.ts
+++ b/packages/auth/src/Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken.spec.ts
@@ -17,7 +17,7 @@ describe('AuthenticateSubscriptionToken', () => {

  beforeEach(() => {
    subscriptionTokenRepository = {} as jest.Mocked<SubscriptionTokenRepositoryInterface>
-    subscriptionTokenRepository.getUserUuidByToken = jest.fn().mockReturnValue('1-2-3')
+    subscriptionTokenRepository.getUserUuidByToken = jest.fn().mockReturnValue('00000000-0000-0000-0000-000000000000')

    user = {
      roles: Promise.resolve([{ name: RoleName.NAMES.CoreUser }]),
@@ -30,8 +30,6 @@ describe('AuthenticateSubscriptionToken', () => {
  it('should authenticate an subscription token', async () => {
    const response = await createUseCase().execute({ token: 'test' })

-    expect(userRepository.findOneByUuid).toHaveBeenCalledWith('1-2-3')
-
    expect(response.success).toBeTruthy()

    expect(response.user).toEqual(user)
--- a/packages/auth/src/Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken.ts
+++ b/packages/auth/src/Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken.ts
@@ -6,6 +6,7 @@ import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { UseCaseInterface } from '../UseCaseInterface'
 import { AuthenticateSubscriptionTokenDTO } from './AuthenticateSubscriptionTokenDTO'
 import { AuthenticateSubscriptionTokenResponse } from './AuthenticateSubscriptionTokenResponse'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class AuthenticateSubscriptionToken implements UseCaseInterface {
@@ -16,12 +17,14 @@ export class AuthenticateSubscriptionToken implements UseCaseInterface {
  ) {}

  async execute(dto: AuthenticateSubscriptionTokenDTO): Promise<AuthenticateSubscriptionTokenResponse> {
-    const userUuid = await this.subscriptionTokenRepository.getUserUuidByToken(dto.token)
-    if (userUuid === undefined) {
+    const userUuidString = await this.subscriptionTokenRepository.getUserUuidByToken(dto.token)
+    const userUuidOrError = Uuid.create(userUuidString as string)
+    if (userUuidOrError.isFailed()) {
      return {
        success: false,
      }
    }
+    const userUuid = userUuidOrError.getValue()

    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
--- a/packages/auth/src/Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken.spec.ts
+++ b/packages/auth/src/Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken.spec.ts
@@ -28,13 +28,15 @@ describe('CreateCrossServiceToken', () => {
    session = {} as jest.Mocked<Session>

    user = {
-      uuid: '1-2-3',
+      uuid: '00000000-0000-0000-0000-000000000000',
      email: 'test@test.te',
    } as jest.Mocked<User>
    user.roles = Promise.resolve([role])

    userProjector = {} as jest.Mocked<ProjectorInterface<User>>
-    userProjector.projectSimple = jest.fn().mockReturnValue({ uuid: '1-2-3', email: 'test@test.te' })
+    userProjector.projectSimple = jest
+      .fn()
+      .mockReturnValue({ uuid: '00000000-0000-0000-0000-000000000000', email: 'test@test.te' })

    roleProjector = {} as jest.Mocked<ProjectorInterface<Role>>
    roleProjector.projectSimple = jest.fn().mockReturnValue({ name: 'role1', uuid: '1-3-4' })
@@ -69,7 +71,7 @@ describe('CreateCrossServiceToken', () => {
        },
        user: {
          email: 'test@test.te',
-          uuid: '1-2-3',
+          uuid: '00000000-0000-0000-0000-000000000000',
        },
      },
      60,
@@ -91,7 +93,7 @@ describe('CreateCrossServiceToken', () => {
        ],
        user: {
          email: 'test@test.te',
-          uuid: '1-2-3',
+          uuid: '00000000-0000-0000-0000-000000000000',
        },
      },
      60,
@@ -100,7 +102,7 @@ describe('CreateCrossServiceToken', () => {

  it('should create a cross service token for user by user uuid', async () => {
    await createUseCase().execute({
-      userUuid: '1-2-3',
+      userUuid: '00000000-0000-0000-0000-000000000000',
    })

    expect(tokenEncoder.encodeExpirableToken).toHaveBeenCalledWith(
@@ -113,7 +115,7 @@ describe('CreateCrossServiceToken', () => {
        ],
        user: {
          email: 'test@test.te',
-          uuid: '1-2-3',
+          uuid: '00000000-0000-0000-0000-000000000000',
        },
      },
      60,
@@ -126,7 +128,20 @@ describe('CreateCrossServiceToken', () => {
    let caughtError = null
    try {
      await createUseCase().execute({
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
+      })
+    } catch (error) {
+      caughtError = error
+    }
+
+    expect(caughtError).not.toBeNull()
+  })
+
+  it('should throw an error if user uuid is invalid', async () => {
+    let caughtError = null
+    try {
+      await createUseCase().execute({
+        userUuid: 'invalid',
      })
    } catch (error) {
      caughtError = error
--- a/packages/auth/src/Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken.ts
+++ b/packages/auth/src/Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken.ts
@@ -11,6 +11,7 @@ import { UseCaseInterface } from '../UseCaseInterface'

 import { CreateCrossServiceTokenDTO } from './CreateCrossServiceTokenDTO'
 import { CreateCrossServiceTokenResponse } from './CreateCrossServiceTokenResponse'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class CreateCrossServiceToken implements UseCaseInterface {
@@ -26,7 +27,13 @@ export class CreateCrossServiceToken implements UseCaseInterface {
  async execute(dto: CreateCrossServiceTokenDTO): Promise<CreateCrossServiceTokenResponse> {
    let user: User | undefined | null = dto.user
    if (user === undefined && dto.userUuid !== undefined) {
-      user = await this.userRepository.findOneByUuid(dto.userUuid)
+      const userUuidOrError = Uuid.create(dto.userUuid)
+      if (userUuidOrError.isFailed()) {
+        throw new Error(userUuidOrError.getError())
+      }
+      const userUuid = userUuidOrError.getValue()
+
+      user = await this.userRepository.findOneByUuid(userUuid)
    }

    if (!user) {
--- a/packages/auth/src/Domain/UseCase/DeleteAccount/DeleteAccount.spec.ts
+++ b/packages/auth/src/Domain/UseCase/DeleteAccount/DeleteAccount.spec.ts
@@ -34,7 +34,7 @@ describe('DeleteAccount', () => {
    } as jest.Mocked<UserSubscription>

    userRepository = {} as jest.Mocked<UserRepositoryInterface>
-    userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValue(user)
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(user)

    userSubscriptionService = {} as jest.Mocked<UserSubscriptionServiceInterface>
    userSubscriptionService.findRegularSubscriptionForUserUuid = jest
@@ -58,7 +58,7 @@ describe('DeleteAccount', () => {
      .fn()
      .mockReturnValue({ regularSubscription: null, sharedSubscription: null })

-    expect(await createUseCase().execute({ email: 'test@test.te' })).toEqual({
+    expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
      message: 'Successfully deleted user',
      responseCode: 200,
      success: true,
@@ -77,7 +77,7 @@ describe('DeleteAccount', () => {
      .fn()
      .mockReturnValue({ regularSubscription, sharedSubscription: null })

-    expect(await createUseCase().execute({ email: 'test@test.te' })).toEqual({
+    expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
      message: 'Successfully deleted user',
      responseCode: 200,
      success: true,
@@ -92,9 +92,9 @@ describe('DeleteAccount', () => {
  })

  it('should not trigger account deletion if user is not found', async () => {
-    userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValue(null)
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

-    expect(await createUseCase().execute({ email: 'test@test.te' })).toEqual({
+    expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
      message: 'User not found',
      responseCode: 404,
      success: false,
@@ -104,9 +104,9 @@ describe('DeleteAccount', () => {
    expect(domainEventFactory.createAccountDeletionRequestedEvent).not.toHaveBeenCalled()
  })

-  it('should not trigger account deletion if username is invalid', async () => {
-    expect(await createUseCase().execute({ email: '' })).toEqual({
-      message: 'Username cannot be empty',
+  it('should not trigger account deletion if user uuid is invalid', async () => {
+    expect(await createUseCase().execute({ userUuid: '' })).toEqual({
+      message: 'Given value is not a valid uuid: ',
      responseCode: 400,
      success: false,
    })
--- a/packages/auth/src/Domain/UseCase/DeleteAccount/DeleteAccount.ts
+++ b/packages/auth/src/Domain/UseCase/DeleteAccount/DeleteAccount.ts
@@ -1,4 +1,4 @@
-import { Username } from '@standardnotes/domain-core'
+import { Uuid } from '@standardnotes/domain-core'
 import { DomainEventPublisherInterface } from '@standardnotes/domain-events'
 import { TimerInterface } from '@standardnotes/time'
 import { inject, injectable } from 'inversify'
@@ -23,17 +23,17 @@ export class DeleteAccount implements UseCaseInterface {
  ) {}

  async execute(dto: DeleteAccountDTO): Promise<DeleteAccountResponse> {
-    const usernameOrError = Username.create(dto.email)
-    if (usernameOrError.isFailed()) {
+    const uuidOrError = Uuid.create(dto.userUuid)
+    if (uuidOrError.isFailed()) {
      return {
        success: false,
        responseCode: 400,
-        message: usernameOrError.getError(),
+        message: uuidOrError.getError(),
      }
    }
-    const username = usernameOrError.getValue()
+    const uuid = uuidOrError.getValue()

-    const user = await this.userRepository.findOneByUsernameOrEmail(username)
+    const user = await this.userRepository.findOneByUuid(uuid)

    if (user === null) {
      return {
--- a/packages/auth/src/Domain/UseCase/DeleteAccount/DeleteAccountDTO.ts
+++ b/packages/auth/src/Domain/UseCase/DeleteAccount/DeleteAccountDTO.ts
@@ -1,3 +1,3 @@
 export type DeleteAccountDTO = {
-  email: string
+  userUuid: string
 }
--- a/packages/auth/src/Domain/UseCase/DeleteAuthenticator/DeleteAuthenticator.ts
+++ b/packages/auth/src/Domain/UseCase/DeleteAuthenticator/DeleteAuthenticator.ts
@@ -20,7 +20,7 @@ export class DeleteAuthenticator implements UseCaseInterface<string> {
    }
    const userUuid = userUuidOrError.getValue()

-    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
      return Result.fail('Could not delete authenticator: user not found.')
    }
--- a/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts
+++ b/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts
@@ -37,7 +37,7 @@ export class GenerateAuthenticatorRegistrationOptions
    }
    const username = usernameOrError.getValue()

-    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
      return Result.fail('Could not generate authenticator registration options: user not found.')
    }
--- a/packages/auth/src/Domain/UseCase/GenerateRecoveryCodes/GenerateRecoveryCodes.ts
+++ b/packages/auth/src/Domain/UseCase/GenerateRecoveryCodes/GenerateRecoveryCodes.ts
@@ -19,7 +19,7 @@ export class GenerateRecoveryCodes implements UseCaseInterface<string> {
    }
    const userUuid = userUuidOrError.getValue()

-    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
      return Result.fail('Could not generate recovery codes: user not found')
    }
--- a/packages/auth/src/Domain/UseCase/GetSettings/GetSettings.spec.ts
+++ b/packages/auth/src/Domain/UseCase/GetSettings/GetSettings.spec.ts
@@ -45,6 +45,10 @@ describe('GetSettings', () => {
    )

  beforeEach(() => {
+    user = {
+      uuid: '00000000-0000-0000-0000-000000000000',
+    } as jest.Mocked<User>
+
    setting = new Setting()
    setting.name = 'test'
    setting.updatedAt = 345
@@ -90,8 +94,6 @@ describe('GetSettings', () => {
    subscriptionSettingProjector = {} as jest.Mocked<SubscriptionSettingProjector>
    subscriptionSettingProjector.projectSimple = jest.fn().mockReturnValue({ foo: 'sub-bar' })

-    user = {} as jest.Mocked<User>
-
    userRepository = {} as jest.Mocked<UserRepositoryInterface>
    userRepository.findOneByUuid = jest.fn().mockReturnValue(user)

@@ -103,18 +105,27 @@ describe('GetSettings', () => {
    it('should fail if a user is not found', async () => {
      userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

-      expect(await createUseCase().execute({ userUuid: '1-2-3' })).toEqual({
+      expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
        success: false,
        error: {
-          message: 'User 1-2-3 not found.',
+          message: 'User 00000000-0000-0000-0000-000000000000 not found.',
+        },
+      })
+    })
+
+    it('should fail if a user uuid is invalid', async () => {
+      expect(await createUseCase().execute({ userUuid: 'invalid' })).toEqual({
+        success: false,
+        error: {
+          message: 'Given value is not a valid uuid: invalid',
        },
      })
    })

    it('should return all user settings except mfa', async () => {
-      expect(await createUseCase().execute({ userUuid: '1-2-3' })).toEqual({
+      expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
        success: true,
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
        settings: [{ foo: 'bar' }],
      })

@@ -131,9 +142,9 @@ describe('GetSettings', () => {
      } as jest.Mocked<Setting>
      settingRepository.findAllByUserUuid = jest.fn().mockReturnValue([setting])

-      expect(await createUseCase().execute({ userUuid: '1-2-3' })).toEqual({
+      expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
        success: true,
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
        settings: [{ foo: 'bar' }],
      })

@@ -147,10 +158,14 @@ describe('GetSettings', () => {

    it('should return all user settings of certain name', async () => {
      expect(
-        await createUseCase().execute({ userUuid: '1-2-3', settingName: 'test', allowSensitiveRetrieval: true }),
+        await createUseCase().execute({
+          userUuid: '00000000-0000-0000-0000-000000000000',
+          settingName: 'test',
+          allowSensitiveRetrieval: true,
+        }),
      ).toEqual({
        success: true,
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
        settings: [{ foo: 'bar' }],
      })

@@ -159,10 +174,14 @@ describe('GetSettings', () => {

    it('should return all user settings updated after', async () => {
      expect(
-        await createUseCase().execute({ userUuid: '1-2-3', allowSensitiveRetrieval: true, updatedAfter: 123 }),
+        await createUseCase().execute({
+          userUuid: '00000000-0000-0000-0000-000000000000',
+          allowSensitiveRetrieval: true,
+          updatedAfter: 123,
+        }),
      ).toEqual({
        success: true,
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
        settings: [{ foo: 'bar' }],
      })

@@ -170,9 +189,14 @@ describe('GetSettings', () => {
    })

    it('should return all sensitive user settings if explicit', async () => {
-      expect(await createUseCase().execute({ userUuid: '1-2-3', allowSensitiveRetrieval: true })).toEqual({
+      expect(
+        await createUseCase().execute({
+          userUuid: '00000000-0000-0000-0000-000000000000',
+          allowSensitiveRetrieval: true,
+        }),
+      ).toEqual({
        success: true,
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
        settings: [{ foo: 'bar' }, { foo: 'bar' }],
      })

@@ -190,9 +214,9 @@ describe('GetSettings', () => {
    })

    it('should return all user settings except mfa', async () => {
-      expect(await createUseCase().execute({ userUuid: '1-2-3' })).toEqual({
+      expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
        success: true,
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
        settings: [{ foo: 'bar' }, { foo: 'sub-bar' }],
      })

@@ -210,9 +234,9 @@ describe('GetSettings', () => {
    })

    it('should return all user settings except mfa', async () => {
-      expect(await createUseCase().execute({ userUuid: '1-2-3' })).toEqual({
+      expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
        success: true,
-        userUuid: '1-2-3',
+        userUuid: '00000000-0000-0000-0000-000000000000',
        settings: [{ foo: 'bar' }, { foo: 'sub-bar' }],
      })

--- a/packages/auth/src/Domain/UseCase/GetSettings/GetSettings.ts
+++ b/packages/auth/src/Domain/UseCase/GetSettings/GetSettings.ts
@@ -15,6 +15,7 @@ import { SubscriptionSetting } from '../../Setting/SubscriptionSetting'
 import { SimpleSetting } from '../../Setting/SimpleSetting'
 import { SimpleSubscriptionSetting } from '../../Setting/SimpleSubscriptionSetting'
 import { SubscriptionSettingProjector } from '../../../Projection/SubscriptionSettingProjector'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class GetSettings implements UseCaseInterface {
@@ -30,7 +31,16 @@ export class GetSettings implements UseCaseInterface {
  ) {}

  async execute(dto: GetSettingsDto): Promise<GetSettingsResponse> {
-    const { userUuid } = dto
+    const userUuidOrError = Uuid.create(dto.userUuid)
+    if (userUuidOrError.isFailed()) {
+      return {
+        success: false,
+        error: {
+          message: userUuidOrError.getError(),
+        },
+      }
+    }
+    const userUuid = userUuidOrError.getValue()

    const user = await this.userRepository.findOneByUuid(userUuid)

@@ -38,13 +48,13 @@ export class GetSettings implements UseCaseInterface {
      return {
        success: false,
        error: {
-          message: `User ${userUuid} not found.`,
+          message: `User ${userUuid.value} not found.`,
        },
      }
    }

    let settings: Array<Setting | SubscriptionSetting>
-    settings = await this.settingRepository.findAllByUserUuid(userUuid)
+    settings = await this.settingRepository.findAllByUserUuid(user.uuid)

    const { regularSubscription, sharedSubscription } =
      await this.userSubscriptionService.findRegularSubscriptionForUserUuid(user.uuid)
@@ -83,7 +93,7 @@ export class GetSettings implements UseCaseInterface {

    return {
      success: true,
-      userUuid,
+      userUuid: user.uuid,
      settings: simpleSettings,
    }
  }
--- a/packages/auth/src/Domain/UseCase/GetUserFeatures/GetUserFeatures.spec.ts
+++ b/packages/auth/src/Domain/UseCase/GetUserFeatures/GetUserFeatures.spec.ts
@@ -31,23 +31,36 @@ describe('GetUserFeatures', () => {
  it('should fail if a user is not found', async () => {
    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

-    expect(await createUseCase().execute({ userUuid: 'user-1-1-1', offline: false })).toEqual({
-      success: false,
-      error: {
-        message: 'User user-1-1-1 not found.',
+    expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000', offline: false })).toEqual(
+      {
+        success: false,
+        error: {
+          message: 'User 00000000-0000-0000-0000-000000000000 not found.',
+        },
      },
-    })
+    )
  })

  it('should return user features', async () => {
-    expect(await createUseCase().execute({ userUuid: 'user-1-1-1', offline: false })).toEqual({
-      success: true,
-      userUuid: 'user-1-1-1',
-      features: [
-        {
-          name: 'foobar',
-        },
-      ],
+    expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000', offline: false })).toEqual(
+      {
+        success: true,
+        userUuid: '00000000-0000-0000-0000-000000000000',
+        features: [
+          {
+            name: 'foobar',
+          },
+        ],
+      },
+    )
+  })
+
+  it('should fail if a user uuid is invalid', async () => {
+    expect(await createUseCase().execute({ userUuid: 'invalid', offline: false })).toEqual({
+      success: false,
+      error: {
+        message: 'Given value is not a valid uuid: invalid',
+      },
    })
  })

--- a/packages/auth/src/Domain/UseCase/GetUserFeatures/GetUserFeatures.ts
+++ b/packages/auth/src/Domain/UseCase/GetUserFeatures/GetUserFeatures.ts
@@ -5,6 +5,7 @@ import { GetUserFeaturesDto } from './GetUserFeaturesDto'
 import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { GetUserFeaturesResponse } from './GetUserFeaturesResponse'
 import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class GetUserFeatures implements UseCaseInterface {
@@ -24,13 +25,24 @@ export class GetUserFeatures implements UseCaseInterface {
      }
    }

-    const user = await this.userRepository.findOneByUuid(dto.userUuid)
+    const userUuidOrError = Uuid.create(dto.userUuid)
+    if (userUuidOrError.isFailed()) {
+      return {
+        success: false,
+        error: {
+          message: userUuidOrError.getError(),
+        },
+      }
+    }
+    const userUuid = userUuidOrError.getValue()
+
+    const user = await this.userRepository.findOneByUuid(userUuid)

    if (user === null) {
      return {
        success: false,
        error: {
-          message: `User ${dto.userUuid} not found.`,
+          message: `User ${userUuid.value} not found.`,
        },
      }
    }
@@ -39,7 +51,7 @@ export class GetUserFeatures implements UseCaseInterface {

    return {
      success: true,
-      userUuid: dto.userUuid,
+      userUuid: userUuid.value,
      features: userFeatures,
    }
  }
--- a/packages/auth/src/Domain/UseCase/GetUserKeyParams/GetUserKeyParams.spec.ts
+++ b/packages/auth/src/Domain/UseCase/GetUserKeyParams/GetUserKeyParams.spec.ts
@@ -61,7 +61,9 @@ describe('GetUserKeyParams', () => {
  })

  it('should get key params for an authenticated user - searching by uuid', async () => {
-    expect(await createUseCase().execute({ userUuid: '1-2-3', authenticated: true })).toEqual({
+    expect(
+      await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000', authenticated: true }),
+    ).toEqual({
      keyParams: {
        foo: 'bar',
      },
@@ -71,7 +73,9 @@ describe('GetUserKeyParams', () => {
  })

  it('should get key params for an unauthenticated user - searching by uuid', async () => {
-    expect(await createUseCase().execute({ userUuid: '1-2-3', authenticated: false })).toEqual({
+    expect(
+      await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000', authenticated: false }),
+    ).toEqual({
      keyParams: {
        foo: 'bar',
      },
@@ -81,7 +85,13 @@ describe('GetUserKeyParams', () => {
  })

  it("should get key params for an unauthenticated user and store it's code challenge", async () => {
-    expect(await createUseCase().execute({ userUuid: '1-2-3', authenticated: false, codeChallenge: 'test' })).toEqual({
+    expect(
+      await createUseCase().execute({
+        userUuid: '00000000-0000-0000-0000-000000000000',
+        authenticated: false,
+        codeChallenge: 'test',
+      }),
+    ).toEqual({
      keyParams: {
        foo: 'bar',
      },
@@ -107,7 +117,18 @@ describe('GetUserKeyParams', () => {

    let error = null
    try {
-      await createUseCase().execute({ userUuid: '1-2-3', authenticated: false })
+      await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000', authenticated: false })
+    } catch (e) {
+      error = e
+    }
+
+    expect(error).not.toBeNull()
+  })
+
+  it('should throw error for an invalid user uuid', async () => {
+    let error = null
+    try {
+      await createUseCase().execute({ userUuid: 'invalid', authenticated: false })
    } catch (e) {
      error = e
    }
--- a/packages/auth/src/Domain/UseCase/GetUserKeyParams/GetUserKeyParams.ts
+++ b/packages/auth/src/Domain/UseCase/GetUserKeyParams/GetUserKeyParams.ts
@@ -10,7 +10,7 @@ import { User } from '../../User/User'
 import { PKCERepositoryInterface } from '../../User/PKCERepositoryInterface'
 import { GetUserKeyParamsDTOV2Challenged } from './GetUserKeyParamsDTOV2Challenged'
 import { KeyParamsData } from '@standardnotes/responses'
-import { Username } from '@standardnotes/domain-core'
+import { Username, Uuid } from '@standardnotes/domain-core'

@injectable()
 export class GetUserKeyParams implements UseCaseInterface {
@@ -39,7 +39,13 @@ export class GetUserKeyParams implements UseCaseInterface {
        }
      }
    } else if (dto.userUuid) {
-      user = await this.userRepository.findOneByUuid(dto.userUuid)
+      const userUuidOrError = Uuid.create(dto.userUuid)
+      if (userUuidOrError.isFailed()) {
+        throw Error(userUuidOrError.getError())
+      }
+      const userUuid = userUuidOrError.getValue()
+
+      user = await this.userRepository.findOneByUuid(userUuid)
    }

    if (!user) {
--- a/packages/auth/src/Domain/UseCase/GetUserSubscription/GetUserSubscription.spec.ts
+++ b/packages/auth/src/Domain/UseCase/GetUserSubscription/GetUserSubscription.spec.ts
@@ -15,7 +15,10 @@ describe('GetUserSubscription', () => {
  const createUseCase = () => new GetUserSubscription(userRepository, userSubscriptionRepository)

  beforeEach(() => {
-    user = { uuid: 'user-1-1-1', email: 'user-1-1-1@example.com' } as jest.Mocked<User>
+    user = {
+      uuid: '00000000-0000-0000-0000-000000000000',
+      email: '00000000-0000-0000-0000-000000000000@example.com',
+    } as jest.Mocked<User>
    userRepository = {} as jest.Mocked<UserRepositoryInterface>
    userRepository.findOneByUuid = jest.fn().mockReturnValue(user)

@@ -29,18 +32,27 @@ describe('GetUserSubscription', () => {
  it('should fail if a user is not found', async () => {
    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)

-    expect(await createUseCase().execute({ userUuid: 'user-1-1-1' })).toEqual({
+    expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
      success: false,
      error: {
-        message: 'User user-1-1-1 not found.',
+        message: 'User 00000000-0000-0000-0000-000000000000 not found.',
+      },
+    })
+  })
+
+  it('should fail if a user uuid is invalid', async () => {
+    expect(await createUseCase().execute({ userUuid: 'invalid' })).toEqual({
+      success: false,
+      error: {
+        message: 'Given value is not a valid uuid: invalid',
      },
    })
  })

  it('should return user subscription', async () => {
-    expect(await createUseCase().execute({ userUuid: 'user-1-1-1' })).toEqual({
+    expect(await createUseCase().execute({ userUuid: '00000000-0000-0000-0000-000000000000' })).toEqual({
      success: true,
-      user: { uuid: 'user-1-1-1', email: 'user-1-1-1@example.com' },
+      user: { uuid: '00000000-0000-0000-0000-000000000000', email: '00000000-0000-0000-0000-000000000000@example.com' },
      subscription: {
        planName: SubscriptionName.ProPlan,
      },
--- a/packages/auth/src/Domain/UseCase/GetUserSubscription/GetUserSubscription.ts
+++ b/packages/auth/src/Domain/UseCase/GetUserSubscription/GetUserSubscription.ts
@@ -5,6 +5,7 @@ import { GetUserSubscriptionDto } from './GetUserSubscriptionDto'
 import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { GetUserSubscriptionResponse } from './GetUserSubscriptionResponse'
 import { UserSubscriptionRepositoryInterface } from '../../Subscription/UserSubscriptionRepositoryInterface'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class GetUserSubscription implements UseCaseInterface {
@@ -15,7 +16,16 @@ export class GetUserSubscription implements UseCaseInterface {
  ) {}

  async execute(dto: GetUserSubscriptionDto): Promise<GetUserSubscriptionResponse> {
-    const { userUuid } = dto
+    const userUuidOrError = Uuid.create(dto.userUuid)
+    if (userUuidOrError.isFailed()) {
+      return {
+        success: false,
+        error: {
+          message: userUuidOrError.getError(),
+        },
+      }
+    }
+    const userUuid = userUuidOrError.getValue()

    const user = await this.userRepository.findOneByUuid(userUuid)

@@ -23,12 +33,12 @@ export class GetUserSubscription implements UseCaseInterface {
      return {
        success: false,
        error: {
-          message: `User ${userUuid} not found.`,
+          message: `User ${userUuid.value} not found.`,
        },
      }
    }

-    const userSubscription = await this.userSubscriptionRepository.findOneByUserUuid(userUuid)
+    const userSubscription = await this.userSubscriptionRepository.findOneByUserUuid(userUuid.value)

    return {
      success: true,
--- a/packages/auth/src/Domain/UseCase/ListAuthenticators/ListAuthenticators.ts
+++ b/packages/auth/src/Domain/UseCase/ListAuthenticators/ListAuthenticators.ts
@@ -21,7 +21,7 @@ export class ListAuthenticators implements UseCaseInterface<Authenticator[]> {
    }
    const userUuid = userUuidOrError.getValue()

-    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
      return Result.fail('Could not list authenticators: user not found.')
    }
--- a/packages/auth/src/Domain/UseCase/UpdateSetting/UpdateSetting.spec.ts
+++ b/packages/auth/src/Domain/UseCase/UpdateSetting/UpdateSetting.spec.ts
@@ -62,7 +62,7 @@ describe('UpdateSetting', () => {
    settingProjector.projectSimple = jest.fn().mockReturnValue(settingProjection)

    regularSubscription = {
-      uuid: '1-2-3',
+      uuid: '00000000-0000-0000-0000-000000000000',
      subscriptionType: UserSubscriptionType.Regular,
      user: Promise.resolve(user),
    } as jest.Mocked<UserSubscription>
@@ -109,7 +109,7 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(settingService.createOrReplace).toHaveBeenCalledWith({
        props: {
@@ -138,19 +138,40 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(settingService.createOrReplace).not.toHaveBeenCalled()

      expect(response).toEqual({
        success: false,
        error: {
-          message: 'User 1-2-3 not found.',
+          message: 'User 00000000-0000-0000-0000-000000000000 not found.',
        },
        statusCode: 404,
      })
    })

+    it('should not create a setting if user uuid is invalid', async () => {
+      const props = {
+        name: SettingName.NAMES.ExtensionKey,
+        unencryptedValue: 'test-setting-value',
+        serverEncryptionVersion: EncryptionVersion.Unencrypted,
+        sensitive: false,
+      }
+
+      const response = await createUseCase().execute({ props, userUuid: 'invalid' })
+
+      expect(settingService.createOrReplace).not.toHaveBeenCalled()
+
+      expect(response).toEqual({
+        success: false,
+        error: {
+          message: 'Given value is not a valid uuid: invalid',
+        },
+        statusCode: 400,
+      })
+    })
+
    it('should not create a subscription setting', async () => {
      const props = {
        name: SettingName.NAMES.MuteSignInEmails,
@@ -159,14 +180,14 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(settingService.createOrReplace).not.toHaveBeenCalled()

      expect(response).toEqual({
        success: false,
        error: {
-          message: 'User 1-2-3 has no subscription to change a subscription setting.',
+          message: 'User 00000000-0000-0000-0000-000000000000 has no subscription to change a subscription setting.',
        },
        statusCode: 400,
      })
@@ -180,7 +201,7 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(settingService.createOrReplace).not.toHaveBeenCalled()

@@ -207,14 +228,14 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(settingService.createOrReplace).not.toHaveBeenCalled()

      expect(response).toEqual({
        success: false,
        error: {
-          message: 'User 1-2-3 is not permitted to change the setting.',
+          message: 'User 00000000-0000-0000-0000-000000000000 is not permitted to change the setting.',
        },
        statusCode: 401,
      })
@@ -230,14 +251,14 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(settingService.createOrReplace).not.toHaveBeenCalled()

      expect(response).toEqual({
        success: false,
        error: {
-          message: 'User 1-2-3 is not permitted to change the setting.',
+          message: 'User 00000000-0000-0000-0000-000000000000 is not permitted to change the setting.',
        },
        statusCode: 401,
      })
@@ -259,7 +280,7 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(subscriptionSettingService.createOrReplace).toHaveBeenCalledWith({
        props: {
@@ -295,7 +316,7 @@ describe('UpdateSetting', () => {
        sensitive: false,
      }

-      const response = await createUseCase().execute({ props, userUuid: '1-2-3' })
+      const response = await createUseCase().execute({ props, userUuid: '00000000-0000-0000-0000-000000000000' })

      expect(subscriptionSettingService.createOrReplace).toHaveBeenCalledWith({
        props: {
--- a/packages/auth/src/Domain/UseCase/UpdateSetting/UpdateSetting.ts
+++ b/packages/auth/src/Domain/UseCase/UpdateSetting/UpdateSetting.ts
@@ -16,6 +16,7 @@ import { SubscriptionSettingServiceInterface } from '../../Setting/SubscriptionS
 import { UserSubscriptionServiceInterface } from '../../Subscription/UserSubscriptionServiceInterface'
 import { CreateOrReplaceSubscriptionSettingResponse } from '../../Setting/CreateOrReplaceSubscriptionSettingResponse'
 import { SubscriptionSettingProjector } from '../../../Projection/SubscriptionSettingProjector'
+import { Uuid } from '@standardnotes/domain-core'

@injectable()
 export class UpdateSetting implements UseCaseInterface {
@@ -48,7 +49,17 @@ export class UpdateSetting implements UseCaseInterface {

    this.logger.debug('[%s] Updating setting: %O', dto.userUuid, dto)

-    const { userUuid, props } = dto
+    const userUuidOrError = Uuid.create(dto.userUuid)
+    if (userUuidOrError.isFailed()) {
+      return {
+        success: false,
+        error: {
+          message: userUuidOrError.getError(),
+        },
+        statusCode: 400,
+      }
+    }
+    const userUuid = userUuidOrError.getValue()

    const user = await this.userRepository.findOneByUuid(userUuid)

@@ -56,7 +67,7 @@ export class UpdateSetting implements UseCaseInterface {
      return {
        success: false,
        error: {
-          message: `User ${userUuid} not found.`,
+          message: `User ${userUuid.value} not found.`,
        },
        statusCode: 404,
      }
@@ -66,14 +77,14 @@ export class UpdateSetting implements UseCaseInterface {
      return {
        success: false,
        error: {
-          message: `User ${userUuid} is not permitted to change the setting.`,
+          message: `User ${userUuid.value} is not permitted to change the setting.`,
        },
        statusCode: 401,
      }
    }

-    props.serverEncryptionVersion = this.settingsAssociationService.getEncryptionVersionForSetting(settingName)
-    props.sensitive = this.settingsAssociationService.getSensitivityForSetting(settingName)
+    dto.props.serverEncryptionVersion = this.settingsAssociationService.getEncryptionVersionForSetting(settingName)
+    dto.props.sensitive = this.settingsAssociationService.getSensitivityForSetting(settingName)

    if (settingName.isASubscriptionSetting()) {
      const { regularSubscription, sharedSubscription } =
@@ -83,7 +94,7 @@ export class UpdateSetting implements UseCaseInterface {
        return {
          success: false,
          error: {
-            message: `User ${userUuid} has no subscription to change a subscription setting.`,
+            message: `User ${userUuid.value} has no subscription to change a subscription setting.`,
          },
          statusCode: 400,
        }
@@ -92,7 +103,7 @@ export class UpdateSetting implements UseCaseInterface {
      const response = await this.subscriptionSettingService.createOrReplace({
        userSubscription: subscription,
        user,
-        props,
+        props: dto.props,
      })

      return {
@@ -104,7 +115,7 @@ export class UpdateSetting implements UseCaseInterface {

    const response = await this.settingService.createOrReplace({
      user,
-      props,
+      props: dto.props,
    })

    return {
--- a/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts
+++ b/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts
@@ -27,7 +27,7 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
    }
    const userUuid = userUuidOrError.getValue()

-    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    const user = await this.userRepository.findOneByUuid(userUuid)
    if (user === null) {
      return Result.fail('Could not verify authenticator registration response: user not found.')
    }
--- a/packages/auth/src/Domain/User/UserRepositoryInterface.ts
+++ b/packages/auth/src/Domain/User/UserRepositoryInterface.ts
@@ -1,4 +1,4 @@
-import { Email, Username } from '@standardnotes/domain-core'
+import { Email, Username, Uuid } from '@standardnotes/domain-core'

 import { ReadStream } from 'fs'
 import { User } from './User'
@@ -6,7 +6,7 @@ import { User } from './User'
 export interface UserRepositoryInterface {
  streamAll(): Promise<ReadStream>
  streamTeam(memberEmail?: Email): Promise<ReadStream>
-  findOneByUuid(uuid: string): Promise<User | null>
+  findOneByUuid(uuid: Uuid): Promise<User | null>
  findOneByUsernameOrEmail(usernameOrEmail: Email | Username): Promise<User | null>
  save(user: User): Promise<User>
  remove(user: User): Promise<User>
--- a/packages/auth/src/Infra/InversifyExpressUtils/HomeServer/HomeServerUsersController.ts
+++ b/packages/auth/src/Infra/InversifyExpressUtils/HomeServer/HomeServerUsersController.ts
@@ -29,6 +29,7 @@ export class HomeServerUsersController extends BaseHttpController {
      this.controllerContainer.register('auth.users.getKeyParams', this.keyParams.bind(this))
      this.controllerContainer.register('auth.users.getSubscription', this.getSubscription.bind(this))
      this.controllerContainer.register('auth.users.updateCredentials', this.changeCredentials.bind(this))
+      this.controllerContainer.register('auth.users.delete', this.deleteAccount.bind(this))
    }
  }

@@ -102,9 +103,20 @@ export class HomeServerUsersController extends BaseHttpController {
    return this.json(result.keyParams)
  }

-  async deleteAccount(request: Request): Promise<results.JsonResult> {
+  async deleteAccount(request: Request, response: Response): Promise<results.JsonResult> {
+    if (request.params.userUuid !== response.locals.user.uuid) {
+      return this.json(
+        {
+          error: {
+            message: 'Operation not allowed.',
+          },
+        },
+        401,
+      )
+    }
+
    const result = await this.doDeleteAccount.execute({
-      email: request.params.email,
+      userUuid: request.params.userUuid,
    })

    return this.json({ message: result.message }, result.responseCode)
--- a/packages/auth/src/Infra/InversifyExpressUtils/InversifyExpressUsersController.spec.ts
+++ b/packages/auth/src/Infra/InversifyExpressUtils/InversifyExpressUsersController.spec.ts
@@ -170,17 +170,34 @@ describe('InversifyExpressUsersController', () => {
  })

  it('should delete user', async () => {
-    request.params.email = 'test@test.te'
+    request.params.userUuid = '1-2-3'
+    response.locals.user = {
+      uuid: '1-2-3',
+    }

-    const httpResponse = <results.JsonResult>await createController().deleteAccount(request)
+    const httpResponse = <results.JsonResult>await createController().deleteAccount(request, response)
    const result = await httpResponse.executeAsync()

-    expect(deleteAccount.execute).toHaveBeenCalledWith({ email: 'test@test.te' })
+    expect(deleteAccount.execute).toHaveBeenCalledWith({ userUuid: '1-2-3' })

    expect(result.statusCode).toEqual(200)
    expect(await result.content.readAsStringAsync()).toEqual('{"message":"A OK"}')
  })

+  it('should not delete user if user uuid is different than the one in the session', async () => {
+    request.params.userUuid = '1-2-3'
+    response.locals.user = {
+      uuid: '2-3-4',
+    }
+
+    const httpResponse = <results.JsonResult>await createController().deleteAccount(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(deleteAccount.execute).not.toHaveBeenCalled()
+
+    expect(result.statusCode).toEqual(401)
+  })
+
  it('should get user key params', async () => {
    request.query = {
      email: 'test@test.te',
--- a/packages/auth/src/Infra/InversifyExpressUtils/InversifyExpressUsersController.ts
+++ b/packages/auth/src/Infra/InversifyExpressUtils/InversifyExpressUsersController.ts
@@ -51,9 +51,9 @@ export class InversifyExpressUsersController extends HomeServerUsersController {
    return super.keyParams(request)
  }

-  @httpDelete('/:email')
-  override async deleteAccount(request: Request): Promise<results.JsonResult> {
-    return super.deleteAccount(request)
+  @httpDelete('/:userUuid')
+  override async deleteAccount(request: Request, response: Response): Promise<results.JsonResult> {
+    return super.deleteAccount(request, response)
  }

  @httpGet('/:userUuid/subscription', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
--- a/packages/auth/src/Infra/TypeORM/TypeORMUserRepository.ts
+++ b/packages/auth/src/Infra/TypeORM/TypeORMUserRepository.ts
@@ -1,4 +1,4 @@
-import { Email, Username } from '@standardnotes/domain-core'
+import { Email, Username, Uuid } from '@standardnotes/domain-core'
 import { ReadStream } from 'fs'
 import { inject, injectable } from 'inversify'
 import { Repository } from 'typeorm'
@@ -40,11 +40,11 @@ export class TypeORMUserRepository implements UserRepositoryInterface {
    return queryBuilder.stream()
  }

-  async findOneByUuid(uuid: string): Promise<User | null> {
+  async findOneByUuid(uuid: Uuid): Promise<User | null> {
    return this.ormRepository
      .createQueryBuilder('user')
-      .where('user.uuid = :uuid', { uuid })
-      .cache(`user_uuid_${uuid}`, 60000)
+      .where('user.uuid = :uuid', { uuid: uuid.value })
+      .cache(`user_uuid_${uuid.value}`, 60000)
      .getOne()
  }