Sails basic setup

.editorconfig

@@ -0,0 +1,31 @@
+################################################
+#   ╔═╗╔╦╗╦╔╦╗╔═╗╦═╗┌─┐┌─┐┌┐┌┌─┐┬┌─┐
+#   ║╣  ║║║ ║ ║ ║╠╦╝│  │ ││││├┤ ││ ┬
+#  o╚═╝═╩╝╩ ╩ ╚═╝╩╚═└─┘└─┘┘└┘└  ┴└─┘
+#
+# > Formatting conventions for your Sails app.
+#
+# This file (`.editorconfig`) exists to help
+# maintain consistent formatting throughout the
+# files in your Sails app.
+#
+# For the sake of convention, the Sails team's
+# preferred settings are included here out of the
+# box.  You can also change this file to fit your
+# team's preferences (for example, if all of the
+# developers on your team have a strong preference
+# for tabs over spaces),
+#
+# To review what each of these options mean, see:
+# http://editorconfig.org/
+#
+################################################
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.eslintignore

@@ -0,0 +1,25 @@
+################################################
+#   ╔═╗╔═╗╦  ╦╔╗╔╔╦╗┬┌─┐┌┐┌┌─┐┬─┐┌─┐
+#   ║╣ ╚═╗║  ║║║║ ║ ││ ┬││││ │├┬┘├┤
+#  o╚═╝╚═╝╩═╝╩╝╚╝ ╩ ┴└─┘┘└┘└─┘┴└─└─┘
+#
+# > Glob patterns indicating files/directories
+# > to exclude when checking code quality with
+# > eslint.
+#
+# This file (`.eslintignore`) is only relevant
+# if you are using eslint.
+#
+# It exists to signify to eslint that certain
+# files and/or directories should be ignored for
+# the purposes of linting -- e.g. because they
+# are already minified, or external dependencies,
+# contain inline JavaScript within an HTML template,
+# etc.
+#
+# Modify/extend/prune to fit your needs!
+#
+################################################
+
+assets/dependencies/**/*.js
+views/**/*.ejs // (but see https://github.com/roadhump/SublimeLinter-eslint/issues/87)

.eslintrc

@@ -0,0 +1,87 @@
+{
+  //   ╔═╗╔═╗╦  ╦╔╗╔╔╦╗┬─┐┌─┐
+  //   ║╣ ╚═╗║  ║║║║ ║ ├┬┘│
+  //  o╚═╝╚═╝╩═╝╩╝╚╝ ╩ ┴└─└─┘
+  // A set of basic code conventions (similar to a .jshintrc file) designed to
+  // encourage quality and consistency across your Sails app's code base.
+  // These rules are checked against automatically any time you run `npm test`.
+  // 
+  // > An additional eslintrc override file is included in the `assets/` folder
+  // > right out of the box.  This is specifically to allow for variations in acceptable
+  // > global variables between front-end JavaScript code designed to run in the browser
+  // > vs. backend code designed to run in a Node.js/Sails process.
+  //
+  // > Note: If you're using mocha, you'll want to add an extra override file to your
+  // > `test/` folder so that eslint will tolerate mocha-specific globals like `before`
+  // > and `describe`.
+  // Designed for ESLint v4.
+  // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+  // For more information about any of the rules below, check out the relevant
+  // reference page on eslint.org.  For example, to get details on "no-sequences",
+  // you would visit `http://eslint.org/docs/rules/no-sequences`.  If you're unsure
+  // or could use some advice, come by https://sailsjs.com/support.
+  // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+  "env": {
+    "node": true
+  },
+
+  "parserOptions": {
+    "ecmaVersion": 8
+  },
+
+  "globals": {
+    // If "no-undef" is enabled below and your app uses globals, be sure to list all
+    // relevant globals below (including the globalIds of models, if appropriate):
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    "sails": true,
+    "_": true,
+    "async": true,
+    "Promise": true,
+    "User": true
+    // ...and any other backend globals (e.g. `"Organization": true`)
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+  },
+
+  "rules": {
+    "callback-return":              ["error", ["done", "proceed", "next", "onwards", "callback", "cb"]],
+    "camelcase":                    ["warn", {"properties":"always"}],
+    "comma-style":                  ["warn", "last"],
+    "curly":                        ["error"],
+    "eqeqeq":                       ["error", "always"],
+    "eol-last":                     ["warn"],
+    "handle-callback-err":          ["error"],
+    "indent":                       ["warn", 2, {
+      "SwitchCase": 1,
+      "MemberExpression": "off",
+      "FunctionDeclaration": {"body":1, "parameters":"off"},
+      "FunctionExpression": {"body":1, "parameters":"off"},
+      "CallExpression": {"arguments":"off"},
+      "ArrayExpression": 1,
+      "ObjectExpression": 1,
+      "ignoredNodes": ["ConditionalExpression"]
+    }],
+    "linebreak-style":              ["error", "unix"],
+    "no-dupe-keys":                 ["error"],
+    "no-duplicate-case":            ["error"],
+    "no-extra-semi":                ["warn"],
+    "no-labels":                    ["error"],
+    "no-mixed-spaces-and-tabs":     [2, "smart-tabs"],
+    "no-redeclare":                 ["warn"],
+    "no-return-assign":             ["error", "always"],
+    "no-sequences":                 ["error"],
+    "no-trailing-spaces":           ["warn"],
+    "no-undef":                     ["error"],
+    "no-unexpected-multiline":      ["warn"],
+    "no-unreachable":               ["warn"],
+    "no-unused-vars":               ["warn", {"caughtErrors":"all", "caughtErrorsIgnorePattern": "^unused($|[A-Z].*$)"}],
+    "no-use-before-define":         ["error", {"functions":false}],
+    "one-var":                      ["warn", "never"],
+    "prefer-arrow-callback":        ["warn", {"allowNamedFunctions":true}],
+    "quotes":                       ["warn", "single", {"avoidEscape":false, "allowTemplateLiterals":true}],
+    "semi":                         ["error", "always"],
+    "semi-spacing":                 ["warn", {"before":false, "after":true}],
+    "semi-style":                   ["warn", "last"]
+  }
+
+}

.gitignore

@@ -0,0 +1,132 @@
+################################################
+#   ┌─┐┬┌┬┐╦╔═╗╔╗╔╔═╗╦═╗╔═╗
+#   │ ┬│ │ ║║ ╦║║║║ ║╠╦╝║╣
+#  o└─┘┴ ┴ ╩╚═╝╝╚╝╚═╝╩╚═╚═╝
+#
+# > Files to exclude from your app's repo.
+#
+# This file (`.gitignore`) is only relevant if
+# you are using git.
+#
+# It exists to signify to git that certain files
+# and/or directories should be ignored for the
+# purposes of version control.
+#
+# This keeps tmp files and sensitive credentials
+# from being uploaded to  your repository.  And
+# it allows you to configure your app for your
+# machine without accidentally committing settings
+# which will smash the local settings of other
+# developers on your team.
+#
+# Some reasonable defaults are included below,
+# but, of course, you should modify/extend/prune
+# to fit your needs!
+#
+################################################
+
+
+################################################
+# Local Configuration
+#
+# Explicitly ignore files which contain:
+#
+# 1. Sensitive information you'd rather not push to
+#    your git repository.
+#    e.g., your personal API keys or passwords.
+#
+# 2. Developer-specific configuration
+#    Basically, anything that would be annoying
+#    to have to change every time you do a
+#    `git pull` on your laptop.
+#    e.g. your local development database, or
+#    the S3 bucket you're using for file uploads
+#    during development.
+#
+################################################
+
+config/local.js
+
+
+################################################
+# Dependencies
+#
+#
+# When releasing a production app, you _could_
+# hypothetically include your node_modules folder
+# in your git repo, but during development, it
+# is always best to exclude it, since different
+# developers may be working on different kernels,
+# where dependencies would need to be recompiled
+# anyway.
+#
+# Most of the time, the node_modules folder can
+# be excluded from your code repository, even
+# in production, thanks to features like the
+# package-lock.json file / NPM shrinkwrap.
+#
+# But no matter what, since this is a Sails app,
+# you should always push up the package-lock.json
+# or shrinkwrap file to your repository, to avoid
+# accidentally pulling in upgraded dependencies
+# and breaking your code.
+#
+# That said, if you are having trouble with
+# dependencies, (particularly when using
+# `npm link`) this can be pretty discouraging.
+# But rather than just adding the lockfile to
+# your .gitignore, try this first:
+# ```
+#     rm -rf node_modules
+#     rm package-lock.json
+#     npm install
+# ```
+#
+# [?] For more tips/advice, come by and say hi
+#     over at https://sailsjs.com/support
+#
+################################################
+
+node_modules
+
+
+################################################
+#
+# > Do you use bower?
+# > re: the bower_components dir, see this:
+# > http://addyosmani.com/blog/checking-in-front-end-dependencies/
+# > (credit Addy Osmani, @addyosmani)
+#
+################################################
+
+
+################################################
+# Temporary files generated by Sails/Waterline.
+################################################
+
+.tmp
+
+
+################################################
+# Miscellaneous
+#
+# Common files generated by text editors,
+# operating systems, file systems, dbs, etc.
+################################################
+
+*~
+*#
+.DS_STORE
+.netbeans
+nbproject
+.idea
+.node_history
+dump.rdb
+
+npm-debug.log
+lib-cov
+*.seed
+*.log
+*.out
+*.pid
+

.htmlhintrc

@@ -0,0 +1,27 @@
+{
+  "alt-require": true,
+  "attr-lowercase": ["viewBox"],
+  "attr-no-duplication": true,
+  "attr-unsafe-chars": true,
+  "attr-value-double-quotes": true,
+  "attr-value-not-empty": false,
+  "csslint": false,
+  "doctype-first": false,
+  "doctype-html5": true,
+  "head-script-disabled": false,
+  "href-abs-or-rel": false,
+  "id-class-ad-disabled": true,
+  "id-class-value": false,
+  "id-unique": true,
+  "inline-script-disabled": true,
+  "inline-style-disabled": false,
+  "jshint": false,
+  "space-tab-mixed-disabled": "space",
+  "spec-char-escape": false,
+  "src-not-empty": true,
+  "style-disabled": false,
+  "tag-pair": true,
+  "tag-self-close": false,
+  "tagname-lowercase": true,
+  "title-require": false
+}

.sailsrc

@@ -0,0 +1,9 @@
+{
+  "generators": {
+    "modules": {}
+  },
+  "_generatedWith": {
+    "sails": "1.0.0-45",
+    "sails-generate": "1.15.3"
+  }
+}

Gruntfile.js

@@ -0,0 +1,23 @@
+/**
+ * Gruntfile
+ *
+ * This Node script is executed when you run `grunt`-- and also when
+ * you run `sails lift` (provided the grunt hook is installed and
+ * hasn't been disabled).
+ *
+ * WARNING:
+ * Unless you know what you're doing, you shouldn't change this file.
+ * Check out the `tasks/` directory instead.
+ *
+ * For more information see:
+ *   https://sailsjs.com/anatomy/Gruntfile.js
+ */
+module.exports = function(grunt) {
+
+  var loadGruntTasks = require('sails-hook-grunt/accessible/load-grunt-tasks');
+
+  // Load Grunt task configurations (from `tasks/config/`) and Grunt
+  // task registrations (from `tasks/register/`).
+  loadGruntTasks(__dirname, grunt);
+
+};

api/controllers/account/logout.js

@@ -0,0 +1,52 @@
+module.exports = {
+
+
+  friendlyName: 'Logout',
+
+
+  description: 'Log out of this app.',
+
+
+  extendedDescription:
+`This action deletes the \`req.session.userId\` key from the session of the requesting user agent.
+Actual garbage collection of session data depends on this app's session store, and
+potentially also on the [TTL configuration](https://sailsjs.com/docs/reference/configuration/sails-config-session)
+you provided for it.
+
+Note that this action does not check to see whether or not the requesting user was
+actually logged in.  (If they weren't, then this action is just a no-op.)`,
+
+
+  exits: {
+
+    success: {
+      description: 'The requesting user agent has been successfully logged out.'
+    },
+
+    redirect: {
+      description: 'The requesting user agent looks to be a web browser.',
+      extendedDescription: 'After logging out from a web browser, the user is redirected away.',
+      responseType: 'redirect'
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // Clear the `userId` property from this session.
+    delete this.req.session.userId;
+
+    // Then finish up, sending an appropriate response.
+    // > Under the covers, this persists the now-logged-out session back
+    // > to the underlying session store.
+    if (!this.req.wantsJSON) {
+      throw {redirect: '/login'};
+    } else {
+      return exits.success();
+    }
+
+  }
+
+
+};

api/controllers/account/update-billing-card.js

@@ -0,0 +1,80 @@
+module.exports = {
+
+
+  friendlyName: 'Update billing card',
+
+
+  description: 'Update the credit card for the logged-in user.',
+
+
+  inputs: {
+
+    stripeToken: {
+      type: 'string',
+      example: 'tok_199k3qEXw14QdSnRwmsK99MH',
+      description: 'The single-use Stripe Checkout token identifier representing the user\'s payment source (i.e. credit card.)',
+      extendedDescription: 'Omit this (or use "") to remove this user\'s payment source.',
+      whereToGet: {
+        description: 'This Stripe.js token is provided to the front-end (client-side) code after completing a Stripe Checkout or Stripe Elements flow.'
+      }
+    },
+
+    billingCardLast4: {
+      type: 'string',
+      example: '4242',
+      description: 'Omit if removing card info.',
+      whereToGet: { description: 'Credit card info is provided by Stripe after completing the checkout flow.' }
+    },
+
+    billingCardBrand: {
+      type: 'string',
+      example: 'visa',
+      description: 'Omit if removing card info.',
+      whereToGet: { description: 'Credit card info is provided by Stripe after completing the checkout flow.' }
+    },
+
+    billingCardExpMonth: {
+      type: 'string',
+      example: '08',
+      description: 'Omit if removing card info.',
+      whereToGet: { description: 'Credit card info is provided by Stripe after completing the checkout flow.' }
+    },
+
+    billingCardExpYear: {
+      type: 'string',
+      example: '2023',
+      description: 'Omit if removing card info.',
+      whereToGet: { description: 'Credit card info is provided by Stripe after completing the checkout flow.' }
+    },
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // Add, update, or remove the default payment source for the logged-in user's
+    // customer entry in Stripe.
+    var stripeCustomerId = await sails.helpers.stripe.saveBillingInfo.with({
+      stripeCustomerId: this.req.me.stripeCustomerId,
+      token: inputs.stripeToken || '',
+    });
+
+    // Update (or clear) the card info we have stored for this user in our database.
+    // > Remember, never store complete card numbers-- only the last 4 digits + expiration!
+    // > Storing (or even receiving) complete, unencrypted card numbers would require PCI
+    // > compliance in the U.S.
+    await User.update({ id: this.req.me.id })
+    .set({
+      stripeCustomerId,
+      hasBillingCard: inputs.stripeToken ? true : false,
+      billingCardBrand: inputs.stripeToken ? inputs.billingCardBrand : '',
+      billingCardLast4: inputs.stripeToken ? inputs.billingCardLast4 : '',
+      billingCardExpMonth: inputs.stripeToken ? inputs.billingCardExpMonth : '',
+      billingCardExpYear: inputs.stripeToken ? inputs.billingCardExpYear : ''
+    });
+
+    return exits.success();
+  }
+
+
+};

api/controllers/account/update-password.js

@@ -0,0 +1,37 @@
+module.exports = {
+
+
+  friendlyName: 'Update password',
+
+
+  description: 'Update the password for the logged-in user.',
+
+
+  inputs: {
+
+    password: {
+      description: 'The new, unencrypted password.',
+      example: 'abc123v2',
+      required: true
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // Hash the new password.
+    var hashed = await sails.helpers.passwords.hashPassword(inputs.password);
+
+    // Update the record for the logged-in user.
+    await User.update({ id: this.req.me.id })
+    .set({
+      password: hashed
+    });
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/account/update-profile.js

@@ -0,0 +1,160 @@
+module.exports = {
+
+
+  friendlyName: 'Update profile',
+
+
+  description: 'Update the profile for the logged-in user.',
+
+
+  inputs: {
+
+    fullName: {
+      type: 'string'
+    },
+
+    emailAddress: {
+      type: 'string'
+    },
+
+  },
+
+
+  exits: {
+
+    emailAlreadyInUse: {
+      statusCode: 409,
+      description: 'The provided email address is already in use.',
+    },
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    var newEmailAddress = inputs.emailAddress;
+    if (newEmailAddress !== undefined) {
+      newEmailAddress = newEmailAddress.toLowerCase();
+    }
+
+    // Determine if this request wants to change the current user's email address,
+    // revert her pending email address change, modify her pending email address
+    // change, or if the email address won't be affected at all.
+    var desiredEffectReEmail;// ('changeImmediately', 'beginChange', 'cancelPendingChange', 'modifyPendingChange', or '')
+    if (
+      newEmailAddress === undefined ||
+      (this.req.me.emailStatus !== 'changeRequested' && newEmailAddress === this.req.me.emailAddress) ||
+      (this.req.me.emailStatus === 'changeRequested' && newEmailAddress === this.req.me.emailChangeCandidate)
+    ) {
+      desiredEffectReEmail = '';
+    } else if (this.req.me.emailStatus === 'changeRequested' && newEmailAddress === this.req.me.emailAddress) {
+      desiredEffectReEmail = 'cancelPendingChange';
+    } else if (this.req.me.emailStatus === 'changeRequested' && newEmailAddress !== this.req.me.emailAddress) {
+      desiredEffectReEmail = 'modifyPendingChange';
+    } else if (!sails.config.custom.verifyEmailAddresses || this.req.me.emailStatus === 'unconfirmed') {
+      desiredEffectReEmail = 'changeImmediately';
+    } else {
+      desiredEffectReEmail = 'beginChange';
+    }
+
+
+    // If the email address is changing, make sure it is not already being used.
+    if (_.contains(['beginChange', 'changeImmediately', 'modifyPendingChange'], desiredEffectReEmail)) {
+      let conflictingUser = await User.findOne({
+        or: [
+          { emailAddress: newEmailAddress },
+          { emailChangeCandidate: newEmailAddress }
+        ]
+      });
+      if (conflictingUser) {
+        throw 'emailAlreadyInUse';
+      }
+    }
+
+
+    // Start building the values to set in the db.
+    // (We always set the fullName if provided.)
+    var valuesToSet = {
+      fullName: inputs.fullName,
+    };
+
+    switch (desiredEffectReEmail) {
+
+      // Change now
+      case 'changeImmediately':
+        Object.assign(valuesToSet, {
+          emailAddress: newEmailAddress,
+          emailChangeCandidate: '',
+          emailProofToken: '',
+          emailProofTokenExpiresAt: 0,
+          emailStatus: this.req.me.emailStatus === 'unconfirmed' ? 'unconfirmed' : 'confirmed'
+        });
+        break;
+
+      // Begin new email change, or modify a pending email change
+      case 'beginChange':
+      case 'modifyPendingChange':
+        Object.assign(valuesToSet, {
+          emailChangeCandidate: newEmailAddress,
+          emailProofToken: await sails.helpers.strings.random('url-friendly'),
+          emailProofTokenExpiresAt: Date.now() + sails.config.custom.emailProofTokenTTL,
+          emailStatus: 'changeRequested'
+        });
+        break;
+
+      // Cancel pending email change
+      case 'cancelPendingChange':
+        Object.assign(valuesToSet, {
+          emailChangeCandidate: '',
+          emailProofToken: '',
+          emailProofTokenExpiresAt: 0,
+          emailStatus: 'confirmed'
+        });
+        break;
+
+      // Otherwise, do nothing re: email
+    }
+
+    // Save to the db
+    await User.update({id: this.req.me.id }).set(valuesToSet);
+
+    // If this is an immediate change, and billing features are enabled,
+    // then also update the billing email for this user's linked customer entry
+    // in the Stripe API to make sure they receive email receipts.
+    // > Note: If there was not already a Stripe customer entry for this user,
+    // > then one will be set up implicitly, so we'll need to persist it to our
+    // > database.  (This could happen if Stripe credentials were not configured
+    // > at the time this user was originally created.)
+    if(desiredEffectReEmail === 'changeImmediately' && sails.config.custom.enableBillingFeatures) {
+      let didNotAlreadyHaveCustomerId = (! this.req.me.stripeCustomerId);
+      let stripeCustomerId = await sails.helpers.stripe.saveBillingInfo.with({
+        stripeCustomerId: this.req.me.stripeCustomerId,
+        emailAddress: newEmailAddress
+      });
+      if (didNotAlreadyHaveCustomerId){
+        await User.update({ id: this.req.me.id }).set({
+          stripeCustomerId
+        });
+      }
+    }
+
+    // If an email address change was requested, and re-confirmation is required,
+    // send the "confirm account" email.
+    if (desiredEffectReEmail === 'beginChange' || desiredEffectReEmail === 'modifyPendingChange') {
+      await sails.helpers.sendTemplateEmail.with({
+        to: newEmailAddress,
+        subject: 'Your account has been updated',
+        template: 'email-verify-new-email',
+        templateData: {
+          fullName: inputs.fullName||this.req.me.fullName,
+          token: valuesToSet.emailProofToken
+        }
+      });
+    }
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/account/view-account-overview.js

@@ -0,0 +1,30 @@
+module.exports = {
+
+
+  friendlyName: 'View account overview',
+
+
+  description: 'Display "Account Overview" page.',
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/account/account-overview',
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // If billing features are enabled, include our configured Stripe.js
+    // public key in the view locals.  Otherwise, leave it as undefined.
+    return exits.success({
+      stripePublishableKey: sails.config.custom.enableBillingFeatures? sails.config.custom.stripePublishableKey : undefined,
+    });
+
+  }
+
+
+};

api/controllers/account/view-change-password.js

@@ -0,0 +1,26 @@
+module.exports = {
+
+
+  friendlyName: 'View change password',
+
+
+  description: 'Display "Change password" page.',
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/account/change-password'
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/account/view-edit-profile.js

@@ -0,0 +1,26 @@
+module.exports = {
+
+
+  friendlyName: 'View edit profile',
+
+
+  description: 'Display "Edit profile" page.',
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/account/edit-profile',
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/dashboard/view-welcome.js

@@ -0,0 +1,27 @@
+module.exports = {
+
+
+  friendlyName: 'View welcome page',
+
+
+  description: 'Display the dashboard "Welcome" page.',
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/dashboard/welcome',
+      description: 'Display the welcome page for authenticated users.'
+    },
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/deliver-contact-form-message.js

@@ -0,0 +1,81 @@
+module.exports = {
+
+
+  friendlyName: 'Deliver contact form message',
+
+
+  description: 'Deliver a contact form message to the appropriate internal channel(s).',
+
+
+  inputs: {
+
+    emailAddress: {
+      required: true,
+      type: 'string',
+      description: 'A return email address where we can respond.',
+      example: 'hermione@hogwarts.edu'
+    },
+
+    topic: {
+      required: true,
+      type: 'string',
+      description: 'The topic from the contact form.',
+      example: 'I want to buy stuff.'
+    },
+
+    fullName: {
+      required: true,
+      type: 'string',
+      description: 'The full name of the human sending this message.',
+      example: 'Hermione Granger'
+    },
+
+    message: {
+      required: true,
+      type: 'string',
+      description: 'The custom message, in plain text.'
+    }
+
+  },
+
+
+  exits: {
+
+    success: {
+      description: 'The message was sent successfully.'
+    }
+
+  },
+
+
+  fn: async function(inputs, exits) {
+
+    if (!sails.config.custom.internalEmailAddress) {
+      throw new Error(
+`Cannot deliver incoming message from contact form because there is no internal
+email address (\`sails.config.custom.internalEmailAddress\`) configured for this
+app.  To enable contact form emails, you'll need to add this missing setting to
+your custom config -- usually in \`config/custom.js\`, \`config/staging.js\`,
+\`config/production.js\`, or via system environment variables.`
+      );
+    }
+
+    await sails.helpers.sendTemplateEmail.with({
+      to: sails.config.custom.internalEmailAddress,
+      subject: 'New Contact Form Message',
+      template: 'internal/email-contact-form',
+      layout: false,
+      templateData: {
+        contactName: inputs.fullName,
+        contactEmail: inputs.emailAddress,
+        topic: inputs.topic,
+        message: inputs.message
+      }
+    });
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/entrance/confirm-email.js

@@ -0,0 +1,146 @@
+module.exports = {
+
+
+  friendlyName: 'Confirm email',
+
+
+  description:
+`Confirm a new user's email address, or an existing user's request for an email address change,
+then redirect to either a special landing page (for newly-signed up users), or the account page
+(for existing users who just changed their email address).`,
+
+
+  inputs: {
+
+    token: {
+      description: 'The confirmation token from the email.',
+      example: '4-32fad81jdaf$329'
+    }
+
+  },
+
+
+  exits: {
+
+    success: {
+      description: 'Email address confirmed and requesting user logged in.'
+    },
+
+    redirect: {
+      description: 'Email address confirmed and requesting user logged in.  Since this looks like a browser, redirecting...',
+      responseType: 'redirect'
+    },
+
+    invalidOrExpiredToken: {
+      responseType: 'expired',
+      description: 'The provided token is expired, invalid, or already used up.',
+    },
+
+    emailAddressNoLongerAvailable: {
+      statusCode: 409,
+      viewTemplatePath: '500',
+      description: 'The email address is no longer available.',
+      extendedDescription: 'This is an edge case that is not always anticipated by websites and APIs.  Since it is pretty rare, the 500 server error page is used as a simple catch-all.  If this becomes important in the future, this could easily be expanded into a custom error page or resolution flow.  But for context: this behavior of showing the 500 server error page mimics how popular apps like Slack behave under the same circumstances.',
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // If no token was provided, this is automatically invalid.
+    if (!inputs.token) {
+      throw 'invalidOrExpiredToken';
+    }
+
+    // Get the user with the matching email token.
+    var user = await User.findOne({ emailProofToken: inputs.token });
+
+    // If no such user exists, or their token is expired, bail.
+    if (!user || user.emailProofTokenExpiresAt <= Date.now()) {
+      throw 'invalidOrExpiredToken';
+    }
+
+    if (user.emailStatus === 'unconfirmed') {
+      //  ┌─┐┌─┐┌┐┌┌─┐┬┬─┐┌┬┐┬┌┐┌┌─┐  ╔═╗╦╦═╗╔═╗╔╦╗ ╔╦╗╦╔╦╗╔═╗  ╦ ╦╔═╗╔═╗╦═╗  ┌─┐┌┬┐┌─┐┬┬
+      //  │  │ ││││├┤ │├┬┘││││││││ ┬  ╠╣ ║╠╦╝╚═╗ ║───║ ║║║║║╣   ║ ║╚═╗║╣ ╠╦╝  ├┤ │││├─┤││
+      //  └─┘└─┘┘└┘└  ┴┴└─┴ ┴┴┘└┘└─┘  ╚  ╩╩╚═╚═╝ ╩   ╩ ╩╩ ╩╚═╝  ╚═╝╚═╝╚═╝╩╚═  └─┘┴ ┴┴ ┴┴┴─┘
+      // If this is a new user confirming their email for the first time,
+      // then just update the state of their user record in the database,
+      // store their user id in the session (just in case they aren't logged
+      // in already), and then redirect them to the "email confirmed" page.
+      await User.update({ id: user.id }).set({
+        emailStatus: 'confirmed',
+        emailProofToken: '',
+        emailProofTokenExpiresAt: 0
+      });
+      this.req.session.userId = user.id;
+
+      if (this.req.wantsJSON) {
+        return exits.success();
+      } else {
+        throw { redirect: '/email/confirmed' };
+      }
+
+    } else if (user.emailStatus === 'changeRequested') {
+      //  ┌─┐┌─┐┌┐┌┌─┐┬┬─┐┌┬┐┬┌┐┌┌─┐  ╔═╗╦ ╦╔═╗╔╗╔╔═╗╔═╗╔╦╗  ┌─┐┌┬┐┌─┐┬┬
+      //  │  │ ││││├┤ │├┬┘││││││││ ┬  ║  ╠═╣╠═╣║║║║ ╦║╣  ║║  ├┤ │││├─┤││
+      //  └─┘└─┘┘└┘└  ┴┴└─┴ ┴┴┘└┘└─┘  ╚═╝╩ ╩╩ ╩╝╚╝╚═╝╚═╝═╩╝  └─┘┴ ┴┴ ┴┴┴─┘
+      if (!user.emailChangeCandidate){
+        throw new Error(`Consistency violation: Could not update Stripe customer because this user record's emailChangeCandidate ("${user.emailChangeCandidate}") is missing.  (This should never happen.)`);
+      }
+
+      // Last line of defense: since email change candidates are not protected
+      // by a uniqueness constraint in the database, it's important that we make
+      // sure no one else managed to grab this email in the mean time since we
+      // last checked its availability. (This is a relatively rare edge case--
+      // see exit description.)
+      if (await User.count({ emailAddress: user.emailChangeCandidate }) > 0) {
+        throw 'emailAddressNoLongerAvailable';
+      }
+
+      // If billing features are enabled, also update the billing email for this
+      // user's linked customer entry in the Stripe API to make sure they receive
+      // email receipts.
+      // > Note: If there was not already a Stripe customer entry for this user,
+      // > then one will be set up implicitly, so we'll need to persist it to our
+      // > database.  (This could happen if Stripe credentials were not configured
+      // > at the time this user was originally created.)
+      if(sails.config.custom.enableBillingFeatures) {
+        let didNotAlreadyHaveCustomerId = (! user.stripeCustomerId);
+        let stripeCustomerId = await sails.helpers.stripe.saveBillingInfo.with({
+          stripeCustomerId: user.stripeCustomerId,
+          emailAddress: user.emailChangeCandidate
+        });
+        if (didNotAlreadyHaveCustomerId){
+          await User.update({ id: user.id }).set({
+            stripeCustomerId
+          });
+        }
+      }
+
+      // Finally update the user in the database, store their id in the session
+      // (just in case they aren't logged in already), then redirect them to
+      // their "my account" page so they can see their updated email address.
+      await User.update({ id: user.id }).set({
+        emailStatus: 'confirmed',
+        emailProofToken: '',
+        emailProofTokenExpiresAt: 0,
+        emailAddress: user.emailChangeCandidate,
+        emailChangeCandidate: '',
+      });
+      this.req.session.userId = user.id;
+      if (this.req.wantsJSON) {
+        return exits.success();
+      } else {
+        throw { redirect: '/account' };
+      }
+
+    } else {
+      throw new Error(`Consistency violation: User ${user.id} has an email proof token, but somehow also has an emailStatus of "${user.emailStatus}"!  (This should never happen.)`);
+    }
+
+  }
+
+
+};

api/controllers/entrance/login.js

@@ -0,0 +1,115 @@
+module.exports = {
+
+
+  friendlyName: 'Login',
+
+
+  description: 'Log in using the provided email and password combination.',
+
+
+  extendedDescription:
+`This action attempts to look up the user record in the database with the
+specified email address.  Then, if such a user exists, it uses
+bcrypt to compare the hashed password from the database with the provided
+password attempt.`,
+
+
+  inputs: {
+
+    emailAddress: {
+      description: 'The email to try in this attempt, e.g. "irl@example.com".',
+      type: 'string',
+      required: true
+    },
+
+    password: {
+      description: 'The unencrypted password to try in this attempt, e.g. "passwordlol".',
+      type: 'string',
+      required: true
+    },
+
+    rememberMe: {
+      description: 'Whether to extend the lifetime of the user\'s session.',
+      extendedDescription:
+`Note that this is NOT SUPPORTED when using virtual requests (e.g. sending
+requests over WebSockets instead of HTTP).`,
+      type: 'boolean'
+    }
+
+  },
+
+
+  exits: {
+
+    success: {
+      description: 'The requesting user agent has been successfully logged in.',
+      extendedDescription:
+`Under the covers, this stores the id of the logged-in user in the session
+as the \`userId\` key.  The next time this user agent sends a request, assuming
+it includes a cookie (like a web browser), Sails will automatically make this
+user id available as req.session.userId in the corresponding action.  (Also note
+that, thanks to the included "custom" hook, when a relevant request is received
+from a logged-in user, that user's entire record from the database will be fetched
+and exposed as \`req.me\`.)`
+    },
+
+    badCombo: {
+      description: `The provided email and password combination does not
+      match any user in the database.`,
+      responseType: 'unauthorized'
+      // ^This uses the custom `unauthorized` response located in `api/responses/unauthorized.js`.
+      // To customize the generic "unauthorized" response across this entire app, change that file
+      // (see http://sailsjs.com/anatomy/api/responses/unauthorized-js).
+      //
+      // To customize the response for _only this_ action, replace `responseType` with
+      // something else.  For example, you might set `statusCode: 498` and change the
+      // implementation below accordingly (see http://sailsjs.com/docs/concepts/controllers).
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // Look up by the email address.
+    // (note that we lowercase it to ensure the lookup is always case-insensitive,
+    // regardless of which database we're using)
+    var userRecord = await User.findOne({
+      emailAddress: inputs.emailAddress.toLowerCase(),
+    });
+
+    // If there was no matching user, respond thru the "badCombo" exit.
+    if(!userRecord) {
+      throw 'badCombo';
+    }
+
+    // If the password doesn't match, then also exit thru "badCombo".
+    await sails.helpers.passwords.checkPassword(inputs.password, userRecord.password)
+    .intercept('incorrect', 'badCombo');
+
+    // If "Remember Me" was enabled, then keep the session alive for
+    // a longer amount of time.  (This causes an updated "Set Cookie"
+    // response header to be sent as the result of this request -- thus
+    // we must be dealing with a traditional HTTP request in order for
+    // this to work.)
+    if (inputs.rememberMe) {
+      if (this.req.isSocket) {
+        sails.log.warn(
+          'Received `rememberMe: true` from a virtual request, but it was ignored\n'+
+          'because a browser\'s session cookie cannot be reset over sockets.\n'+
+          'Please use a traditional HTTP request instead.'
+        );
+      } else {
+        this.req.session.cookie.maxAge = sails.config.custom.rememberMeCookieMaxAge;
+      }
+    }//fi
+
+    // Modify the active session instance.
+    this.req.session.userId = userRecord.id;
+
+    // Send success response (this is where the session actually gets persisted)
+    return exits.success();
+
+  }
+
+};

api/controllers/entrance/send-password-recovery-email.js

@@ -0,0 +1,67 @@
+module.exports = {
+
+
+  friendlyName: 'Send password recovery email',
+
+
+  description: 'Send a password recovery notification to the user with the specified email address.',
+
+
+  inputs: {
+
+    emailAddress: {
+      description: 'The email address of the alleged user who wants to recover their password.',
+      example: 'rydahl@example.com',
+      type: 'string',
+      required: true
+    }
+
+  },
+
+
+  exits: {
+
+    success: {
+      description: 'The email address might have matched a user in the database.  (If so, a recovery email was sent.)'
+    },
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // Find the record for this user.
+    // (Even if no such user exists, pretend it worked to discourage sniffing.)
+    var userRecord = await User.findOne({ emailAddress: inputs.emailAddress });
+    if (!userRecord) {
+      return exits.success();
+    }//•
+
+    // Come up with a pseudorandom, probabilistically-unique token for use
+    // in our password recovery email.
+    var token = await sails.helpers.strings.random('url-friendly');
+
+    // Store the token on the user record
+    // (This allows us to look up the user when the link from the email is clicked.)
+    await User.update({ id: userRecord.id }).set({
+      passwordResetToken: token,
+      passwordResetTokenExpiresAt: Date.now() + sails.config.custom.passwordResetTokenTTL,
+    });
+
+    // Send recovery email
+    await sails.helpers.sendTemplateEmail.with({
+      to: inputs.emailAddress,
+      subject: 'Password reset instructions',
+      template: 'email-reset-password',
+      templateData: {
+        fullName: userRecord.fullName,
+        token: token
+      }
+    });
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/entrance/signup.js

@@ -0,0 +1,119 @@
+module.exports = {
+
+
+  friendlyName: 'Signup',
+
+
+  description: 'Sign up for a new user account.',
+
+
+  extendedDescription:
+`This creates a new user record in the database, signs in the requesting user agent
+by modifying its [session](https://sailsjs.com/documentation/concepts/sessions), and
+(if emailing with Mailgun is enabled) sends an account verification email.
+
+If a verification email is sent, the new user's account is put in an "unconfirmed" state
+until they confirm they are using a legitimate email address (by clicking the link in
+the account verification message.)`,
+
+
+  inputs: {
+
+    emailAddress: {
+      required: true,
+      type: 'string',
+      isEmail: true,
+      description: 'The email address for the new account, e.g. m@example.com.',
+      extendedDescription: 'Must be a valid email address.',
+    },
+
+    password: {
+      required: true,
+      type: 'string',
+      maxLength: 200,
+      example: 'passwordlol',
+      description: 'The unencrypted password to use for the new account.'
+    },
+
+    fullName:  {
+      required: true,
+      type: 'string',
+      example: 'Frida Kahlo de Rivera',
+      description: 'The user\'s full name.',
+    }
+
+  },
+
+
+  exits: {
+
+    invalid: {
+      responseType: 'badRequest',
+      description: 'The provided fullName, password and/or email address are invalid.',
+      extendedDescription: 'If this request was sent from a graphical user interface, the request '+
+      'parameters should have been validated/coerced _before_ they were sent.'
+    },
+
+    emailAlreadyInUse: {
+      statusCode: 409,
+      description: 'The provided email address is already in use.',
+    },
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    var newEmailAddress = inputs.emailAddress.toLowerCase();
+
+    // Build up data for the new user record and save it to the database.
+    // (Also use `fetch` to retrieve the new ID so that we can use it below.)
+    var newUserRecord = await User.create(Object.assign({
+      emailAddress: newEmailAddress,
+      password: await sails.helpers.passwords.hashPassword(inputs.password),
+      fullName: inputs.fullName,
+      tosAcceptedByIp: this.req.ip
+    }, sails.config.custom.verifyEmailAddresses? {
+      emailProofToken: await sails.helpers.strings.random('url-friendly'),
+      emailProofTokenExpiresAt: Date.now() + sails.config.custom.emailProofTokenTTL,
+      emailStatus: 'unconfirmed'
+    }:{}))
+    .intercept('E_UNIQUE', 'emailAlreadyInUse')
+    .intercept({name: 'UsageError'}, 'invalid')
+    .fetch();
+
+    // If billing feaures are enabled, save a new customer entry in the Stripe API.
+    // Then persist the Stripe customer id in the database.
+    if (sails.config.custom.enableBillingFeatures) {
+      let stripeCustomerId = await sails.helpers.stripe.saveBillingInfo.with({
+        emailAddress: newEmailAddress
+      });
+      await User.update(newUserRecord.id).set({
+        stripeCustomerId
+      });
+    }
+
+    // Store the user's new id in their session.
+    this.req.session.userId = newUserRecord.id;
+
+    if (sails.config.custom.verifyEmailAddresses) {
+      // Send "confirm account" email
+      await sails.helpers.sendTemplateEmail.with({
+        to: newEmailAddress,
+        subject: 'Please confirm your account',
+        template: 'email-verify-account',
+        templateData: {
+          fullName: inputs.fullName,
+          token: newUserRecord.emailProofToken
+        }
+      });
+    } else {
+      sails.log.info('Skipping new account email verification... (since `verifyEmailAddresses` is disabled)');
+    }
+
+    // Since everything went ok, send our 200 response.
+    return exits.success();
+
+  }
+
+};

api/controllers/entrance/update-password-and-login.js

@@ -0,0 +1,70 @@
+module.exports = {
+
+
+  friendlyName: 'Update password and login',
+
+
+  description: 'Finish the password recovery flow by setting the new password and '+
+  'logging in the requesting user, based on the authenticity of their token.',
+
+
+  inputs: {
+
+    password: {
+      description: 'The new, unencrypted password.',
+      example: 'abc123v2',
+      required: true
+    },
+
+    token: {
+      description: 'The password token that was generated by the `sendPasswordRecoveryEmail` endpoint.',
+      example: 'gwa8gs8hgw9h2g9hg29hgwh9asdgh9q34$$$$$asdgasdggds',
+      required: true
+    }
+
+  },
+
+
+  exits: {
+
+    invalidToken: {
+      description: 'The provided password token is invalid, expired, or has already been used.',
+      responseType: 'expired'
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    if(!inputs.token) {
+      throw 'invalidToken';
+    }
+
+    // Look up the user with this reset token.
+    var userRecord = await User.findOne({ passwordResetToken: inputs.token });
+
+    // If no such user exists, or their token is expired, bail.
+    if (!userRecord || userRecord.passwordResetTokenExpiresAt <= Date.now()) {
+      throw 'invalidToken';
+    }
+
+    // Hash the new password.
+    var hashed = await sails.helpers.passwords.hashPassword(inputs.password);
+
+    // Store the user's new password and clear their reset token so it can't be used again.
+    await User.update({ id: userRecord.id }).set({
+      password: hashed,
+      passwordResetToken: '',
+      passwordResetTokenExpiresAt: 0
+    });
+
+    // Log the user in.
+    this.req.session.userId = userRecord.id;
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/entrance/view-forgot-password.js

@@ -0,0 +1,36 @@
+module.exports = {
+
+
+  friendlyName: 'View forgot password',
+
+
+  description: 'Display "Forgot password" page.',
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/entrance/forgot-password',
+    },
+
+    redirect: {
+      description: 'The requesting user is already logged in.',
+      extendedDescription: 'Logged-in users should change their password in "Account settings."',
+      responseType: 'redirect',
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    if (this.req.me) {
+      throw {redirect: '/'};
+    }
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/entrance/view-login.js

@@ -0,0 +1,35 @@
+module.exports = {
+
+
+  friendlyName: 'View login',
+
+
+  description: 'Display "Login" page.',
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/entrance/login',
+    },
+
+    redirect: {
+      description: 'The requesting user is already logged in.',
+      responseType: 'redirect'
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    if (this.req.me) {
+      throw {redirect: '/'};
+    }
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/entrance/view-new-password.js

@@ -0,0 +1,57 @@
+module.exports = {
+
+
+  friendlyName: 'View new password',
+
+
+  description: 'Display "New password" page.',
+
+
+  inputs: {
+
+    token: {
+      description: 'The password reset token from the email.',
+      example: '4-32fad81jdaf$329'
+    }
+
+  },
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/entrance/new-password'
+    },
+
+    invalidOrExpiredToken: {
+      responseType: 'expired',
+      description: 'The provided token is expired, invalid, or has already been used.',
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    // If password reset token is missing, display an error page explaining that the link is bad.
+    if (!inputs.token) {
+      sails.log.warn('Attempting to view new password (recovery) page, but no reset password token included in request!  Displaying error page...');
+      throw 'invalidOrExpiredToken';
+    }//•
+
+    // Look up the user with this reset token.
+    var userRecord = await User.findOne({ passwordResetToken: inputs.token });
+    // If no such user exists, or their token is expired, display an error page explaining that the link is bad.
+    if (!userRecord || userRecord.passwordResetTokenExpiresAt <= Date.now()) {
+      throw 'invalidOrExpiredToken';
+    }
+
+    // Grab token and include it in view locals
+    return exits.success({
+      token: inputs.token
+    });
+
+  }
+
+
+};

api/controllers/entrance/view-signup.js

@@ -0,0 +1,35 @@
+module.exports = {
+
+
+  friendlyName: 'View signup',
+
+
+  description: 'Display "Signup" page.',
+
+
+  exits: {
+
+    success: {
+      viewTemplatePath: 'pages/entrance/signup',
+    },
+
+    redirect: {
+      description: 'The requesting user is already logged in.',
+      responseType: 'redirect'
+    }
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    if (this.req.me) {
+      throw {redirect: '/'};
+    }
+
+    return exits.success();
+
+  }
+
+
+};

api/controllers/view-homepage-or-redirect.js

@@ -0,0 +1,37 @@
+module.exports = {
+
+
+  friendlyName: 'View homepage or redirect',
+
+
+  description: 'Display or redirect to the appropriate homepage, depending on login status.',
+
+
+  exits: {
+
+    success: {
+      statusCode: 200,
+      description: 'Requesting user is a guest, so show the public landing page.',
+      viewTemplatePath: 'pages/homepage.ejs'
+    },
+
+    redirect: {
+      responseType: 'redirect',
+      description: 'Requesting user is logged in, so redirect to the internal welcome page.'
+    },
+
+  },
+
+
+  fn: async function (inputs, exits) {
+
+    if (this.req.me) {
+      throw {redirect:'/welcome'};
+    }
+
+    return exits.success();
+
+  }
+
+
+};

api/helpers/send-template-email.js

@@ -0,0 +1,213 @@
+module.exports = {
+
+
+  friendlyName: 'Send template email',
+
+
+  description: 'Send an email using a template.',
+
+
+  extendedDescription:
+`To ease testing and development, if the provided "to" email address ends in "@example.com",
+then the email message will be written to the terminal instead of actually being sent.
+(Thanks [@simonratner](https://github.com/simonratner)!)`,
+
+
+  inputs: {
+
+    template: {
+      description: 'The relative path to an EJS template within our `views/emails/` folder -- WITHOUT the file extension.',
+      extendedDescription:
+`Use strings like "foo" or "foo/bar", but NEVER "foo/bar.ejs".  For example, "marketing/welcome" would send an email
+using the "views/emails/marketing/welcome.ejs" template.`,
+      example: 'reset-password',
+      type: 'string',
+      required: true
+    },
+
+    templateData: {
+      description: 'A dictionary of data which will be accessible in the EJS template.',
+      extendedDescription:
+`Each key will be a local variable accessible in the template.  For instance, if you supply
+a dictionary with a \`friends\` key, and \`friends\` is an array like \`[{name:"Chandra"}, {name:"Mary"}]\`),
+then you will be able to access \`friends\` from the template:
+\`\`\`
+<ul><% for (friend of friends){ %>
+  <li><%= friend.name %></li><% }); %></ul>
+\`\`\`
+
+This is EJS, so use \`<%= %>\` to inject the HTML-escaped content of a variable,
+\`<%= %>\` to skip HTML-escaping and inject the data as-is, or \`<% %>\` to execute
+some JavaScript code such as an \`if\` statement or \`for\` loop.`,
+      type: {},
+      defaultsTo: {}
+    },
+
+    to: {
+      description: 'The email address of the primary recipient.',
+      extendedDescription:
+`If this is any address ending in "@example.com", then don't actually deliver the message.
+Instead, just log it to the console.`,
+      example: 'foo@bar.com',
+      required: true
+    },
+
+    subject: {
+      description: 'The subject of the email.',
+      example: 'Hello there.',
+      defaultsTo: ''
+    },
+
+    layout: {
+      description:
+      'Set to `false` to disable layouts altogether, or provide the path (relative '+
+      'from `views/layouts/`) to an override email layout.',
+      defaultsTo: 'layout-email',
+      custom: (layout)=>layout===false || _.isString(layout)
+    }
+
+  },
+
+
+  exits: {
+
+    success: {
+      outputFriendlyName: 'Email delivery report',
+      outputDescription: 'A dictionary of information about what went down.',
+      outputType: {
+        loggedInsteadOfSending: 'boolean'
+      }
+    }
+
+  },
+
+
+  fn: async function(inputs, exits) {
+
+    var path = require('path');
+    var url = require('url');
+    var util = require('util');
+
+
+    if (!_.startsWith(path.basename(inputs.template), 'email-')) {
+      sails.log.warn(
+        'The "template" that was passed in to `sendTemplateEmail()` does not begin with '+
+        '"email-" -- but by convention, all email template files in `views/emails/` should '+
+        'be namespaced in this way.  (This makes it easier to look up email templates by '+
+        'filename; e.g. when using CMD/CTRL+P in Sublime Text.)\n'+
+        'Continuing regardless...'
+      );
+    }
+
+    if (_.startsWith(inputs.template, 'views/') || _.startsWith(inputs.template, 'emails/')) {
+      throw new Error(
+        'The "template" that was passed in to `sendTemplateEmail()` was prefixed with\n'+
+        '`emails/` or `views/` -- but that part is supposed to be omitted.  Instead, please\n'+
+        'just specify the path to the desired email template relative from `views/emails/`.\n'+
+        'For example:\n'+
+        '  template: \'email-reset-password\'\n'+
+        'Or:\n'+
+        '  template: \'admin/email-contact-form\'\n'+
+        ' [?] If you\'re unsure or need advice, see https://sailsjs.com/support'
+      );
+    }//•
+
+    // Determine appropriate email layout and template to use.
+    var emailTemplatePath = path.join('emails/', inputs.template);
+    var layout;
+    if (inputs.layout) {
+      layout = path.relative(path.dirname(emailTemplatePath), path.resolve('layouts/', inputs.layout));
+    } else {
+      layout = false;
+    }
+
+    // Compile HTML template.
+    // > Note that we set the layout, provide access to core `url` package (for
+    // > building links and image srcs, etc.), and also provide access to core
+    // > `util` package (for dumping debug data in internal emails).
+    var htmlEmailContents = await sails.renderView(
+      emailTemplatePath,
+      Object.assign({layout, url, util }, inputs.templateData)
+    )
+    .intercept((err)=>{
+      err.message =
+      'Could not compile view template.\n'+
+      '(Usually, this means the provided data is invalid, or missing a piece.)\n'+
+      'Details:\n'+
+      err.message;
+      return err;
+    });
+
+    // Sometimes only log info to the console about the email that WOULD have been sent.
+    // Specifically, if the "To" email address is anything "@example.com".
+    //
+    // > This is used below when determining whether to actually send the email,
+    // > for convenience during development, but also for safety.  (For example,
+    // > a special-cased version of "user@example.com" is used by Trend Micro Mars
+    // > scanner to "check apks for malware".)
+    var isToAddressConsideredFake = Boolean(inputs.to.match(/@example\.com$/i));
+
+    // If that's the case, or if we're in the "test" environment, then log
+    // the email instead of sending it:
+    if (sails.config.environment === 'test' || isToAddressConsideredFake) {
+      sails.log(
+`Skipped sending email, either because the "To" email address ended in "@example.com"
+or because the current \`sails.config.environment\` is set to "test".
+
+But anyway, here is what WOULD have been sent:
+-=-=-=-=-=-=-=-=-=-=-=-=-= Email log =-=-=-=-=-=-=-=-=-=-=-=-=-
+To: ${inputs.to}
+Subject: ${inputs.subject}
+
+Body:
+${htmlEmailContents}
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-`);
+    } else {
+      // Otherwise, we'll check that all required Mailgun credentials are set up
+      // and, if so, continue to actually send the email.
+
+      if (!sails.config.custom.mailgunSecret || !sails.config.custom.mailgunDomain) {
+        throw new Error(`Cannot deliver email to "${inputs.to}" because:
+          `+(()=>{
+            let problems = [];
+            if (!sails.config.custom.mailgunSecret) {
+              problems.push(' • Mailgun secret is missing from this app\'s configuration (`sails.config.custom.mailgunSecret`)');
+            }
+            if (!sails.config.custom.mailgunDomain) {
+              problems.push(' • Mailgun domain is missing from this app\'s configuration (`sails.config.custom.mailgunDomain`)');
+            }
+            return problems.join('\n');
+          })()+`
+
+To resolve these configuration issues, add the missing config variables to
+\`config/custom.js\`-- or in staging/production, set them up as system
+environment vars.  (If you don\'t have a Mailgun domain or secret, you can
+sign up for free at https://mailgun.com to receive sandbox credentials.)
+
+> Note that, for convenience during development, there is another alternative:
+> In lieu of setting up real Mailgun credentials, you can "fake" email
+> delivery by using any email address that ends in "@example.com".  This will
+> write automated emails to your logs rather than actually sending them.
+> (To simulate clicking on a link from an email, just copy and paste the link
+> from the terminal output into your browser.)
+
+ [?] If you're unsure, visit https://sailsjs.com/support`
+        );
+      }
+
+      await sails.helpers.mailgun.sendHtmlEmail.with({
+        htmlMessage: htmlEmailContents,
+        to: inputs.to,
+        subject: inputs.subject,
+        testMode: false
+      });
+    }//fi
+
+    // All done!
+    return exits.success({
+      loggedInsteadOfSending: isToAddressConsideredFake
+    });
+
+  }
+
+};

api/hooks/custom/index.js

@@ -0,0 +1,244 @@
+/**
+ * custom hook
+ *
+ * @description :: A hook definition.  Extends Sails by adding shadow routes, implicit actions, and/or initialization logic.
+ * @docs        :: https://sailsjs.com/docs/concepts/extending-sails/hooks
+ */
+
+module.exports = function defineCustomHook(sails) {
+
+  return {
+
+    /**
+     * Runs when a Sails app loads/lifts.
+     *
+     * @param {Function} done
+     */
+    initialize: async function (done) {
+
+      sails.log.info('Initializing hook... (`api/hooks/custom`)');
+
+      // Check Stripe/Mailgun configuration (for billing and emails).
+      var IMPORTANT_STRIPE_CONFIG = ['stripeSecret', 'stripePublishableKey'];
+      var IMPORTANT_MAILGUN_CONFIG = ['mailgunSecret', 'mailgunDomain', 'internalEmailAddress'];
+      var isMissingStripeConfig = _.difference(IMPORTANT_STRIPE_CONFIG, Object.keys(sails.config.custom)).length > 0;
+      var isMissingMailgunConfig = _.difference(IMPORTANT_MAILGUN_CONFIG, Object.keys(sails.config.custom)).length > 0;
+
+      if (isMissingStripeConfig || isMissingMailgunConfig) {
+
+        let missingFeatureText = isMissingStripeConfig && isMissingMailgunConfig ? 'billing and email' : isMissingStripeConfig ? 'billing' : 'email';
+        let suffix = '';
+        if (_.contains(['silly'], sails.config.log.level)) {
+          suffix =
+`
+> Tip: To exclude sensitive credentials from source control, use:
+> • config/local.js (for local development)
+> • environment variables (for production)
+>
+> If you want to check them in to source control, use:
+> • config/custom.js  (for development)
+> • config/env/staging.js  (for staging)
+> • config/env/production.js  (for production)
+>
+> (See https://sailsjs.com/docs/concepts/configuration for help configuring Sails.)
+`;
+        }
+
+        let problems = [];
+        if (sails.config.custom.stripeSecret === undefined) {
+          problems.push('No `sails.config.custom.stripeSecret` was configured.');
+        }
+        if (sails.config.custom.stripePublishableKey === undefined) {
+          problems.push('No `sails.config.custom.stripePublishableKey` was configured.');
+        }
+        if (sails.config.custom.mailgunSecret === undefined) {
+          problems.push('No `sails.config.custom.mailgunSecret` was configured.');
+        }
+        if (sails.config.custom.mailgunDomain === undefined) {
+          problems.push('No `sails.config.custom.mailgunDomain` was configured.');
+        }
+        if (sails.config.custom.internalEmailAddress === undefined) {
+          problems.push('No `sails.config.custom.internalEmailAddress` was configured.');
+        }
+
+        sails.log.verbose(
+`Some optional settings have not been configured yet:
+---------------------------------------------------------------------
+${problems.join('\n')}
+
+Until this is addressed, this app's ${missingFeatureText} features
+will be disabled and/or hidden in the UI.
+
+ [?] If you're unsure or need advice, come by https://sailsjs.com/support
+---------------------------------------------------------------------${suffix}`);
+      }//fi
+
+      // Set an additional config keys based on whether Stripe config is available.
+      // This will determine whether or not to enable various billing features.
+      sails.config.custom.enableBillingFeatures = !isMissingStripeConfig;
+
+      // After "sails-hook-organics" finishes initializing, configure Stripe
+      // and Mailgun packs with any available credentials.
+      sails.after('hook:organics:loaded', ()=>{
+
+        sails.helpers.stripe.configure({
+          secret: sails.config.custom.stripeSecret
+        });
+
+        sails.helpers.mailgun.configure({
+          secret: sails.config.custom.mailgunSecret,
+          domain: sails.config.custom.mailgunDomain,
+          from: sails.config.custom.fromEmailAddress,
+          fromName: sails.config.custom.fromName,
+        });
+
+      });//_∏_
+
+      // ... Any other app-specific setup code that needs to run on lift,
+      // even in production, goes here ...
+
+      return done();
+
+    },
+
+
+    routes: {
+
+      /**
+       * Runs before every matching route.
+       *
+       * @param {Ref} req
+       * @param {Ref} res
+       * @param {Function} next
+       */
+      before: {
+        '/*': {
+          skipAssets: true,
+          fn: async function(req, res, next){
+
+            // First, if this is a GET request (and thus potentially a view),
+            // attach a couple of guaranteed locals.
+            if (req.method === 'GET') {
+
+              // The  `_environment` local lets us do a little workaround to make Vue.js
+              // run in "production mode" without unnecessarily involving complexities
+              // with webpack et al.)
+              if (res.locals._environment !== undefined) {
+                throw new Error('Cannot attach Sails environment as the view local `_environment`, because this view local already exists!  (Is it being attached somewhere else?)');
+              }
+              res.locals._environment = sails.config.environment;
+
+              // The `me` local is set explicitly to `undefined` here just to avoid having to
+              // do `typeof me !== 'undefined'` checks in our views/layouts/partials.
+              // > Note that, depending on the request, this may or may not be set to the
+              // > logged-in user record further below.
+              if (res.locals.me !== undefined) {
+                throw new Error('Cannot attach view local `me`, because this view local already exists!  (Is it being attached somewhere else?)');
+              }
+              res.locals.me = undefined;
+
+            }//fi
+
+
+            // No session? Proceed as usual.
+            // (e.g. request for a static asset)
+            if (!req.session) { return next(); }
+
+            // Not logged in? Proceed as usual.
+            if (!req.session.userId) { return next(); }
+
+            // Otherwise, look up the logged-in user.
+            var loggedInUser = await User.findOne({
+              id: req.session.userId
+            });
+
+            // If the logged-in user has gone missing, log a warning,
+            // wipe the user id from the requesting user agent's session,
+            // and then send the "unauthorized" response.
+            if (!loggedInUser) {
+              sails.log.warn('Somehow, the user record for the logged-in user (`'+req.session.userId+'`) has gone missing....');
+              delete req.session.userId;
+              return res.unauthorized();
+            }
+
+            // Add additional information for convenience when building top-level navigation.
+            // (i.e. whether to display "Dashboard", "My Account", etc.)
+            if (!loggedInUser.password || loggedInUser.emailStatus === 'unconfirmed') {
+              loggedInUser.dontDisplayAccountLinkInNav = true;
+            }
+
+            // Expose the user record as an extra property on the request object (`req.me`).
+            // > Note that we make sure `req.me` doesn't already exist first.
+            if (req.me !== undefined) {
+              throw new Error('Cannot attach logged-in user as `req.me` because this property already exists!  (Is it being attached somewhere else?)');
+            }
+            req.me = loggedInUser;
+
+            // If our "lastSeenAt" attribute for this user is at least a few seconds old, then set it
+            // to the current timestamp.
+            //
+            // (Note: As an optimization, this is run behind the scenes to avoid adding needless latency.)
+            var MS_TO_BUFFER = 60*1000;
+            var now = Date.now();
+            if (loggedInUser.lastSeenAt < now - MS_TO_BUFFER) {
+              User.update({id: loggedInUser.id})
+              .set({ lastSeenAt: now })
+              .exec((err)=>{
+                if (err) {
+                  sails.log.error('Background task failed: Could not update user (`'+loggedInUser.id+'`) with a new `lastSeenAt` timestamp.  Error details: '+err.stack);
+                  return;
+                }//•
+                sails.log.verbose('Updated the `lastSeenAt` timestamp for user `'+loggedInUser.id+'`.');
+                // Nothing else to do here.
+              });//_∏_  (Meanwhile...)
+            }//fi
+
+
+            // If this is a GET request, then also expose an extra view local (`<%= me %>`).
+            // > Note that we make sure a local named `me` doesn't already exist first.
+            // > Also note that we strip off any properties that correspond with protected attributes.
+            if (req.method === 'GET') {
+              if (res.locals.me !== undefined) {
+                throw new Error('Cannot attach logged-in user as the view local `me`, because this view local already exists!  (Is it being attached somewhere else?)');
+              }
+
+              // Exclude any fields corresponding with attributes that have `protect: true`.
+              var sanitizedUser = _.extend({}, loggedInUser);
+              for (let attrName in User.attributes) {
+                if (User.attributes[attrName].protect) {
+                  delete sanitizedUser[attrName];
+                }
+              }//∞
+
+              // If there is still a "password" in sanitized user data, then delete it just to be safe.
+              // (But also log a warning so this isn't hopelessly confusing.)
+              if (sanitizedUser.password) {
+                sails.log.warn('The logged in user record has a `password` property, but it was still there after pruning off all properties that match `protect: true` attributes in the User model.  So, just to be safe, removing the `password` property anyway...');
+                delete sanitizedUser.password;
+              }//fi
+
+              res.locals.me = sanitizedUser;
+
+              // Include information on the locals as to whether billing features
+              // are enabled for this app, and whether email verification is required.
+              res.locals.isBillingEnabled = sails.config.custom.enableBillingFeatures;
+              res.locals.isEmailVerificationRequired = sails.config.custom.verifyEmailAddresses;
+
+            }//fi
+
+            // Prevent the browser from caching logged-in users' pages.
+            // (including w/ the Chrome back button)
+            // > • https://mixmax.com/blog/chrome-back-button-cache-no-store
+            // > • https://madhatted.com/2013/6/16/you-do-not-understand-browser-history
+            res.setHeader('Cache-Control', 'no-cache, no-store');
+
+            return next();
+          }
+        }
+      }
+    }
+
+
+  };
+
+};

api/models/User.js

@@ -0,0 +1,170 @@
+/**
+ * User.js
+ *
+ * A user who can log in to this application.
+ */
+
+module.exports = {
+
+  attributes: {
+
+    //  ╔═╗╦═╗╦╔╦╗╦╔╦╗╦╦  ╦╔═╗╔═╗
+    //  ╠═╝╠╦╝║║║║║ ║ ║╚╗╔╝║╣ ╚═╗
+    //  ╩  ╩╚═╩╩ ╩╩ ╩ ╩ ╚╝ ╚═╝╚═╝
+
+    emailAddress: {
+      type: 'string',
+      required: true,
+      unique: true,
+      isEmail: true,
+      maxLength: 200,
+      example: 'carol.reyna@microsoft.com'
+    },
+
+    password: {
+      type: 'string',
+      required: true,
+      description: 'Securely hashed representation of the user\'s login password.',
+      protect: true,
+      example: '2$28a8eabna301089103-13948134nad'
+    },
+
+    fullName: {
+      type: 'string',
+      required: true,
+      description: 'Full representation of the user\'s name',
+      maxLength: 120,
+      example: 'Lisa Microwave van der Jenny'
+    },
+
+    isSuperAdmin: {
+      type: 'boolean',
+      description: 'Whether this user is a "super admin" with extra permissions, etc.',
+      extendedDescription:
+`Super admins might have extra permissions, see a different default home page when they log in,
+or even have a completely different feature set from normal users.  In this app, the \`isSuperAdmin\`
+flag is just here as a simple way to represent two different kinds of users.  Usually, it's a good idea
+to keep the data model as simple as possible, only adding attributes when you actually need them for
+features being built right now.
+
+For example, a "super admin" user for a small to medium-sized e-commerce website might be able to
+change prices, deactivate seasonal categories, add new offerings, and view live orders as they come in.
+On the other hand, for an e-commerce website like Walmart.com that has undergone years of development
+by a large team, those administrative features might be split across a few different roles.
+
+So, while this \`isSuperAdmin\` demarcation might not be the right approach forever, it's a good place to start.`
+    },
+
+    passwordResetToken: {
+      type: 'string',
+      description: 'A unique token used to verify the user\'s identity when recovering a password.  Expires after 1 use, or after a set amount of time has elapsed.'
+    },
+
+    passwordResetTokenExpiresAt: {
+      type: 'number',
+      description: 'A JS timestamp (epoch ms) representing the moment when this user\'s `passwordResetToken` will expire (or 0 if the user currently has no such token).',
+      example: 1502844074211
+    },
+
+    stripeCustomerId: {
+      type: 'string',
+      protect: true,
+      description: 'The id of the customer entry in Stripe associated with this user (or empty string if this user is not linked to a Stripe customer -- e.g. if billing features are not enabled).',
+      extendedDescription:
+`Just because this value is set doesn't necessarily mean that this user has a billing card.
+It just means they have a customer entry in Stripe, which might or might not have a billing card.`
+    },
+
+    hasBillingCard: {
+      type: 'boolean',
+      description: 'Whether this user has a default billing card hooked up as their payment method.',
+      extendedDescription:
+`More specifically, this indcates whether this user record's linked customer entry in Stripe has
+a default payment source (i.e. credit card).  Note that a user have a \`stripeCustomerId\`
+without necessarily having a billing card.`
+    },
+
+    billingCardBrand: {
+      type: 'string',
+      example: 'Visa',
+      description: 'The brand of this user\'s default billing card (or empty string if no billing card is set up).',
+      extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
+    },
+
+    billingCardLast4: {
+      type: 'string',
+      example: '4242',
+      description: 'The last four digits of the card number for this user\'s default billing card (or empty string if no billing card is set up).',
+      extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
+    },
+
+    billingCardExpMonth: {
+      type: 'string',
+      example: '08',
+      description: 'The two-digit expiration month from this user\'s default billing card, formatted as MM (or empty string if no billing card is set up).',
+      extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
+    },
+
+    billingCardExpYear: {
+      type: 'string',
+      example: '2023',
+      description: 'The four-digit expiration year from this user\'s default billing card, formatted as YYYY (or empty string if no credit card is set up).',
+      extendedDescription: 'To ensure PCI compliance, this data comes from Stripe, where it reflects the user\'s default payment source.'
+    },
+
+    emailProofToken: {
+      type: 'string',
+      description: 'A pseudorandom, probabilistically-unique token for use in our account verification emails.'
+    },
+
+    emailProofTokenExpiresAt: {
+      type: 'number',
+      description: 'A JS timestamp (epoch ms) representing the moment when this user\'s `emailProofToken` will expire (or 0 if the user currently has no such token).',
+      example: 1502844074211
+    },
+
+    emailStatus: {
+      type: 'string',
+      isIn: ['unconfirmed', 'changeRequested', 'confirmed'],
+      defaultsTo: 'confirmed',
+      description: 'The confirmation status of the user\'s email address.',
+      extendedDescription:
+`Users might be created as "unconfirmed" (e.g. normal signup) or as "confirmed" (e.g. hard-coded
+admin users).  When the email verification feature is enabled, new users created via the
+signup form have \`emailStatus: 'unconfirmed'\` until they click the link in the confirmation email.
+Similarly, when an existing user changes their email address, they switch to the "changeRequested"
+email status until they click the link in the confirmation email.`
+    },
+
+    emailChangeCandidate: {
+      type: 'string',
+      description: 'The (still-unconfirmed) email address that this user wants to change to.'
+    },
+
+    tosAcceptedByIp: {
+      type: 'string',
+      description: 'The IP (ipv4) address of the request that accepted the terms of service.',
+      extendedDescription: 'Useful for certain types of businesses and regulatory requirements (KYC, etc.)',
+      moreInfoUrl: 'https://en.wikipedia.org/wiki/Know_your_customer'
+    },
+
+    lastSeenAt: {
+      type: 'number',
+      description: 'A JS timestamp (epoch ms) representing the moment at which this user most recently interacted with the backend while logged in (or 0 if they have not interacted with the backend at all yet).',
+      example: 1502844074211
+    },
+
+    //  ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗
+    //  ║╣ ║║║╠╩╗║╣  ║║╚═╗
+    //  ╚═╝╩ ╩╚═╝╚═╝═╩╝╚═╝
+    // n/a
+
+    //  ╔═╗╔═╗╔═╗╔═╗╔═╗╦╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+    //  ╠═╣╚═╗╚═╗║ ║║  ║╠═╣ ║ ║║ ║║║║╚═╗
+    //  ╩ ╩╚═╝╚═╝╚═╝╚═╝╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
+    // n/a
+
+  },
+
+
+};

api/policies/is-logged-in.js

@@ -0,0 +1,26 @@
+/**
+ * is-logged-in
+ *
+ * A simple policy that allows any request from an authenticated user.
+ *
+ * For more about how to use policies, see:
+ *   https://sailsjs.com/config/policies
+ *   https://sailsjs.com/docs/concepts/policies
+ *   https://sailsjs.com/docs/concepts/policies/access-control-and-permissions
+ */
+module.exports = async function (req, res, proceed) {
+
+  // If `req.me` is set, then we know that this request originated
+  // from a logged-in user.  So we can safely proceed to the next policy--
+  // or, if this is the last policy, the relevant action.
+  // > For more about where `req.me` comes from, check out this app's
+  // > custom hook (`api/hooks/custom/index.js`).
+  if (req.me) {
+    return proceed();
+  }
+
+  //--•
+  // Otherwise, this request did not come from a logged-in user.
+  return res.unauthorized();
+
+};

api/policies/is-super-admin.js

@@ -0,0 +1,28 @@
+/**
+ * is-super-admin
+ *
+ * A simple policy that blocks requests from non-super-admins.
+ *
+ * For more about how to use policies, see:
+ *   https://sailsjs.com/config/policies
+ *   https://sailsjs.com/docs/concepts/policies
+ *   https://sailsjs.com/docs/concepts/policies/access-control-and-permissions
+ */
+module.exports = async function (req, res, proceed) {
+
+  // First, check whether the request comes from a logged-in user.
+  // > For more about where `req.me` comes from, check out this app's
+  // > custom hook (`api/hooks/custom/index.js`).
+  if (!req.me) {
+    return res.unauthorized();
+  }//•
+
+  // Then check that this user is a "super admin".
+  if (!req.me.isSuperAdmin) {
+    return res.forbidden();
+  }//•
+
+  // IWMIH, we've got ourselves a "super admin".
+  return proceed();
+
+};

api/responses/expired.js

@@ -0,0 +1,37 @@
+/**
+ * expired.js
+ *
+ * A custom response that content-negotiates the current request to either:
+ *  • serve an HTML error page about the specified token being invalid or expired
+ *  • or send back 498 (Token Expired/Invalid) with no response body.
+ *
+ * Example usage:
+ * ```
+ *     return res.expired();
+ * ```
+ *
+ * Or with actions2:
+ * ```
+ *     exits: {
+ *       badToken: {
+ *         description: 'Provided token was expired, invalid, or already used up.',
+ *         responseType: 'expired'
+ *       }
+ *     }
+ * ```
+ */
+module.exports = function expired() {
+
+  var req = this.req;
+  var res = this.res;
+
+  sails.log.verbose('Ran custom response: res.expired()');
+
+  if (req.wantsJSON) {
+    return res.status(498).send('Token Expired/Invalid');
+  }
+  else {
+    return res.status(498).view('498');
+  }
+
+};

api/responses/unauthorized.js

@@ -0,0 +1,43 @@
+/**
+ * unauthorized.js
+ *
+ * A custom response that content-negotiates the current request to either:
+ *  • log out the current user and redirect them to the login page
+ *  • or send back 401 (Unauthorized) with no response body.
+ *
+ * Example usage:
+ * ```
+ *     return res.unauthorized();
+ * ```
+ *
+ * Or with actions2:
+ * ```
+ *     exits: {
+ *       badCombo: {
+ *         description: 'That email address and password combination is not recognized.',
+ *         responseType: 'unauthorized'
+ *       }
+ *     }
+ * ```
+ */
+module.exports = function unauthorized() {
+
+  var req = this.req;
+  var res = this.res;
+
+  sails.log.verbose('Ran custom response: res.unauthorized()');
+
+  if (req.wantsJSON) {
+    return res.sendStatus(401);
+  }
+  // Or log them out (if necessary) and then redirect to the login page.
+  else {
+
+    if (req.session.userId) {
+      delete req.session.userId;
+    }
+
+    return res.redirect('/login');
+  }
+
+};

app.js

@@ -0,0 +1,54 @@
+/**
+ * app.js
+ *
+ * Use `app.js` to run your app without `sails lift`.
+ * To start the server, run: `node app.js`.
+ *
+ * This is handy in situations where the sails CLI is not relevant or useful,
+ * such as when you deploy to a server, or a PaaS like Heroku.
+ *
+ * For example:
+ *   => `node app.js`
+ *   => `npm start`
+ *   => `forever start app.js`
+ *   => `node debug app.js`
+ *
+ * The same command-line arguments and env vars are supported, e.g.:
+ * `NODE_ENV=production node app.js --port=80 --verbose`
+ *
+ * For more information see:
+ *   https://sailsjs.com/anatomy/app.js
+ */
+
+
+// Ensure we're in the project directory, so cwd-relative paths work as expected
+// no matter where we actually lift from.
+// > Note: This is not required in order to lift, but it is a convenient default.
+process.chdir(__dirname);
+
+
+
+// Attempt to import `sails` dependency, as well as `rc` (for loading `.sailsrc` files).
+var sails;
+var rc;
+try {
+  sails = require('sails');
+  rc = require('sails/accessible/rc');
+} catch (err) {
+  console.error('Encountered an error when attempting to require(\'sails\'):');
+  console.error(err.stack);
+  console.error('--');
+  console.error('To run an app using `node app.js`, you need to have Sails installed');
+  console.error('locally (`./node_modules/sails`).  To do that, just make sure you\'re');
+  console.error('in the same directory as your app and run `npm install`.');
+  console.error();
+  console.error('If Sails is installed globally (i.e. `npm install -g sails`) you can');
+  console.error('also run this app with `sails lift`.  Running with `sails lift` will');
+  console.error('not run this file (`app.js`), but it will do exactly the same thing.');
+  console.error('(It even uses your app directory\'s local Sails install, if possible.)');
+  return;
+}//-•
+
+
+// Start server
+sails.lift(rc('sails'));

assets/.eslintrc

@@ -0,0 +1,61 @@
+{
+  //   ╔═╗╔═╗╦  ╦╔╗╔╔╦╗┬─┐┌─┐  ┌─┐┬  ┬┌─┐┬─┐┬─┐┬┌┬┐┌─┐
+  //   ║╣ ╚═╗║  ║║║║ ║ ├┬┘│    │ │└┐┌┘├┤ ├┬┘├┬┘│ ││├┤
+  //  o╚═╝╚═╝╩═╝╩╝╚╝ ╩ ┴└─└─┘  └─┘ └┘ └─┘┴└─┴└─┴─┴┘└─┘
+  //  ┌─  ┌─┐┌─┐┬─┐  ┌┐ ┬─┐┌─┐┬ ┬┌─┐┌─┐┬─┐   ┬┌─┐  ┌─┐┌─┐┌─┐┌─┐┌┬┐┌─┐  ─┐
+  //  │   ├┤ │ │├┬┘  ├┴┐├┬┘│ ││││└─┐├┤ ├┬┘   │└─┐  ├─┤└─┐└─┐├┤  │ └─┐   │
+  //  └─  └  └─┘┴└─  └─┘┴└─└─┘└┴┘└─┘└─┘┴└─  └┘└─┘  ┴ ┴└─┘└─┘└─┘ ┴ └─┘  ─┘
+  // > An .eslintrc configuration override for use in the `assets/` directory.
+  //
+  // This extends the top-level .eslintrc file, primarily to change the set of
+  // supported globals, as well as any other relevant settings.  (Since JavaScript
+  // code in the `assets/` folder is intended for the browser habitat, a different
+  // set of globals is supported.  For example, instead of Node.js/Sails globals
+  // like `sails` and `process`, you have access to browser globals like `window`.)
+  //
+  // (See .eslintrc in the root directory of this Sails app for more context.)
+  // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+  "extends": [
+    "../.eslintrc"
+  ],
+
+  "env": {
+    "browser": true,
+    "node": false
+  },
+
+  "parserOptions": {
+    "ecmaVersion": 8
+    //^ If you are not using a transpiler like Babel, change this to `5`.
+  },
+
+  "globals": {
+
+    // Allow any window globals you're relying on here; e.g.
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    "SAILS_LOCALS": true,
+    "io": true,
+    "Cloud": true,
+    "parasails": true,
+    "$": true,
+    "_": true,
+    "StripeCheckout": true,
+    "Stripe": true,
+    "Vue": true,
+    "VueRouter": true,
+    // "moment": true,
+    // "bowser": true
+    // ...etc.
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+    // Make sure backend globals aren't indadvertently tolerated in our client-side JS:
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    "sails": false,
+    "async": false,
+    "User": false
+    // ...and any other backend globals (e.g. `"Organization": false`)
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+  }
+
+}

assets/dependencies/bootstrap-4/bootstrap-reboot.css

@@ -0,0 +1,330 @@
+html {
+  box-sizing: border-box;
+  font-family: sans-serif;
+  line-height: 1.15;
+  -webkit-text-size-adjust: 100%;
+  -ms-text-size-adjust: 100%;
+  -ms-overflow-style: scrollbar;
+  -webkit-tap-highlight-color: transparent;
+}
+
+*,
+*::before,
+*::after {
+  box-sizing: inherit;
+}
+
+@-ms-viewport {
+  width: device-width;
+}
+
+article, aside, dialog, figcaption, figure, footer, header, hgroup, main, nav, section {
+  display: block;
+}
+
+body {
+  margin: 0;
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+  font-size: 1rem;
+  font-weight: normal;
+  line-height: 1.5;
+  color: #212529;
+  background-color: #fff;
+}
+
+[tabindex="-1"]:focus {
+  outline: none !important;
+}
+
+hr {
+  box-sizing: content-box;
+  height: 0;
+  overflow: visible;
+}
+
+h1, h2, h3, h4, h5, h6 {
+  margin-top: 0;
+  margin-bottom: .5rem;
+}
+
+p {
+  margin-top: 0;
+  margin-bottom: 1rem;
+}
+
+abbr[title],
+abbr[data-original-title] {
+  text-decoration: underline;
+  -webkit-text-decoration: underline dotted;
+          text-decoration: underline dotted;
+  cursor: help;
+  border-bottom: 0;
+}
+
+address {
+  margin-bottom: 1rem;
+  font-style: normal;
+  line-height: inherit;
+}
+
+ol,
+ul,
+dl {
+  margin-top: 0;
+  margin-bottom: 1rem;
+}
+
+ol ol,
+ul ul,
+ol ul,
+ul ol {
+  margin-bottom: 0;
+}
+
+dt {
+  font-weight: bold;
+}
+
+dd {
+  margin-bottom: .5rem;
+  margin-left: 0;
+}
+
+blockquote {
+  margin: 0 0 1rem;
+}
+
+dfn {
+  font-style: italic;
+}
+
+b,
+strong {
+  font-weight: bolder;
+}
+
+small {
+  font-size: 80%;
+}
+
+sub,
+sup {
+  position: relative;
+  font-size: 75%;
+  line-height: 0;
+  vertical-align: baseline;
+}
+
+sub {
+  bottom: -.25em;
+}
+
+sup {
+  top: -.5em;
+}
+
+a {
+  color: #007bff;
+  text-decoration: none;
+  background-color: transparent;
+  -webkit-text-decoration-skip: objects;
+}
+
+a:hover {
+  color: #0056b3;
+  text-decoration: underline;
+}
+
+a:not([href]):not([tabindex]) {
+  color: inherit;
+  text-decoration: none;
+}
+
+a:not([href]):not([tabindex]):focus, a:not([href]):not([tabindex]):hover {
+  color: inherit;
+  text-decoration: none;
+}
+
+a:not([href]):not([tabindex]):focus {
+  outline: 0;
+}
+
+pre,
+code,
+kbd,
+samp {
+  font-family: monospace, monospace;
+  font-size: 1em;
+}
+
+pre {
+  margin-top: 0;
+  margin-bottom: 1rem;
+  overflow: auto;
+}
+
+figure {
+  margin: 0 0 1rem;
+}
+
+img {
+  vertical-align: middle;
+  border-style: none;
+}
+
+svg:not(:root) {
+  overflow: hidden;
+}
+
+a,
+area,
+button,
+[role="button"],
+input,
+label,
+select,
+summary,
+textarea {
+  -ms-touch-action: manipulation;
+      touch-action: manipulation;
+}
+
+table {
+  border-collapse: collapse;
+}
+
+caption {
+  padding-top: 0.75rem;
+  padding-bottom: 0.75rem;
+  color: #868e96;
+  text-align: left;
+  caption-side: bottom;
+}
+
+th {
+  text-align: left;
+}
+
+label {
+  display: inline-block;
+  margin-bottom: .5rem;
+}
+
+button:focus {
+  outline: 1px dotted;
+  outline: 5px auto -webkit-focus-ring-color;
+}
+
+input,
+button,
+select,
+optgroup,
+textarea {
+  margin: 0;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: inherit;
+}
+
+button,
+input {
+  overflow: visible;
+}
+
+button,
+select {
+  text-transform: none;
+}
+
+button,
+html [type="button"],
+[type="reset"],
+[type="submit"] {
+  -webkit-appearance: button;
+}
+
+button::-moz-focus-inner,
+[type="button"]::-moz-focus-inner,
+[type="reset"]::-moz-focus-inner,
+[type="submit"]::-moz-focus-inner {
+  padding: 0;
+  border-style: none;
+}
+
+input[type="radio"],
+input[type="checkbox"] {
+  box-sizing: border-box;
+  padding: 0;
+}
+
+input[type="date"],
+input[type="time"],
+input[type="datetime-local"],
+input[type="month"] {
+  -webkit-appearance: listbox;
+}
+
+textarea {
+  overflow: auto;
+  resize: vertical;
+}
+
+fieldset {
+  min-width: 0;
+  padding: 0;
+  margin: 0;
+  border: 0;
+}
+
+legend {
+  display: block;
+  width: 100%;
+  max-width: 100%;
+  padding: 0;
+  margin-bottom: .5rem;
+  font-size: 1.5rem;
+  line-height: inherit;
+  color: inherit;
+  white-space: normal;
+}
+
+progress {
+  vertical-align: baseline;
+}
+
+[type="number"]::-webkit-inner-spin-button,
+[type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+[type="search"] {
+  outline-offset: -2px;
+  -webkit-appearance: none;
+}
+
+[type="search"]::-webkit-search-cancel-button,
+[type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+::-webkit-file-upload-button {
+  font: inherit;
+  -webkit-appearance: button;
+}
+
+output {
+  display: inline-block;
+}
+
+summary {
+  display: list-item;
+}
+
+template {
+  display: none;
+}
+
+[hidden] {
+  display: none !important;
+}
+/*# sourceMappingURL=bootstrap-reboot.css.map */

assets/dependencies/parasails.js

@@ -0,0 +1,626 @@
+/**
+ * parasails.js
+ * (lightweight structures for apps with more than one page)
+ *
+ * v0.5.0
+ *
+ * Copyright 2017, Mike McNeil (@mikermcneil)
+ * MIT License
+ * https://www.npmjs.com/package/parasails
+ * https://sailsjs.com/support
+ *
+ * > Parasails is a tiny (but opinionated) and pipeline-agnostic wrapper
+ * > around Vue.js, jQuery, and Lodash.
+ */
+(function(global, factory){
+  var Vue;
+  var _;
+  var VueRouter;
+  var $;
+
+  //˙°˚°·.
+  //‡CJS  ˚°˚°·˛
+  if (typeof exports === 'object' && typeof module !== 'undefined') {
+    var _require = require;// eslint-disable-line no-undef
+    var _module = module;// eslint-disable-line no-undef
+    // required deps:
+    Vue = _require('vue');
+    _ = _require('lodash');
+    // optional deps:
+    try { VueRouter = _require('vue-router'); } catch (e) { if (e.code === 'MODULE_NOT_FOUND') {/* ok */} else { throw e; } }
+    try { $ = _require('jquery'); } catch (e) { if (e.code === 'MODULE_NOT_FOUND') {/* ok */} else { throw e; } }
+    // export:
+    _module.exports = factory(Vue, _, VueRouter, $);
+  }
+  //˙°˚°·
+  //‡AMD ˚¸
+  else if(typeof define === 'function' && define.amd) {// eslint-disable-line no-undef
+    // Register as an anonymous module.
+    define([], function () {// eslint-disable-line no-undef
+      // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+      // FUTURE: maybe use optional dep. loading here instead?
+      // e.g.  `function('vue', 'lodash', 'vue-router', 'jquery')`
+      // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+      // required deps:
+      if (!global.Vue) { throw new Error('`Vue` global does not exist on the page yet. (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure the Vue.js library is getting brought in before `parasails`.)'); }
+      Vue = global.Vue;
+      if (!global._) { throw new Error('`_` global does not exist on the page yet. (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure the Lodash library is getting brought in before `parasails`.)'); }
+      _ = global._;
+      // optional deps:
+      VueRouter = global.VueRouter || undefined;
+      $ = global.$ || global.jQuery || undefined;
+
+      // So... there's not really a huge point to supporting AMD here--
+      // except that if you're using it in your project, it makes this
+      // module fit nicely with the others you're using.  And if you
+      // really hate globals, I guess there's that.
+      // ¯\_(ツ)_/¯
+      return factory(Vue, _, VueRouter, $);
+    });//ƒ
+  }
+  //˙°˚˙°·
+  //‡NUDE ˚°·˛
+  else {
+    // required deps:
+    if (!global.Vue) { throw new Error('`Vue` global does not exist on the page yet. (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure the Vue.js library is getting brought in before `parasails`.)'); }
+    Vue = global.Vue;
+    if (!global._) { throw new Error('`_` global does not exist on the page yet. (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure the Lodash library is getting brought in before `parasails`.)'); }
+    _ = global._;
+    // optional deps:
+    VueRouter = global.VueRouter || undefined;
+    $ = global.$ || global.jQuery || undefined;
+    // export:
+    if (global.parasails) { throw new Error('Conflicting global (`parasails`) already exists!'); }
+    global.parasails = factory(Vue, _, VueRouter, $);
+  }
+})(this, function (Vue, _, VueRouter, $){
+
+
+  //  ██████╗ ██████╗ ██╗██╗   ██╗ █████╗ ████████╗███████╗
+  //  ██╔══██╗██╔══██╗██║██║   ██║██╔══██╗╚══██╔══╝██╔════╝
+  //  ██████╔╝██████╔╝██║██║   ██║███████║   ██║   █████╗
+  //  ██╔═══╝ ██╔══██╗██║╚██╗ ██╔╝██╔══██║   ██║   ██╔══╝
+  //  ██║     ██║  ██║██║ ╚████╔╝ ██║  ██║   ██║   ███████╗
+  //  ╚═╝     ╚═╝  ╚═╝╚═╝  ╚═══╝  ╚═╝  ╚═╝   ╚═╝   ╚══════╝
+  //
+  //  ███████╗████████╗ █████╗ ████████╗███████╗
+  //  ██╔════╝╚══██╔══╝██╔══██╗╚══██╔══╝██╔════╝
+  //  ███████╗   ██║   ███████║   ██║   █████╗
+  //  ╚════██║   ██║   ██╔══██║   ██║   ██╔══╝
+  //  ███████║   ██║   ██║  ██║   ██║   ███████╗
+  //  ╚══════╝   ╚═╝   ╚═╝  ╚═╝   ╚═╝   ╚══════╝
+  //
+
+  /**
+   * Module state
+   */
+
+  // Keep track of whether or not a page script has already been loaded in the DOM.
+  var didAlreadyLoadPageScript;
+
+  // The variable we'll be exporting.
+  var parasails;
+
+
+  //  ██████╗ ██████╗ ██╗██╗   ██╗ █████╗ ████████╗███████╗
+  //  ██╔══██╗██╔══██╗██║██║   ██║██╔══██╗╚══██╔══╝██╔════╝
+  //  ██████╔╝██████╔╝██║██║   ██║███████║   ██║   █████╗
+  //  ██╔═══╝ ██╔══██╗██║╚██╗ ██╔╝██╔══██║   ██║   ██╔══╝
+  //  ██║     ██║  ██║██║ ╚████╔╝ ██║  ██║   ██║   ███████╗
+  //  ╚═╝     ╚═╝  ╚═╝╚═╝  ╚═══╝  ╚═╝  ╚═╝   ╚═╝   ╚══════╝
+  //
+  //  ██╗   ██╗████████╗██╗██╗     ███████╗
+  //  ██║   ██║╚══██╔══╝██║██║     ██╔════╝
+  //  ██║   ██║   ██║   ██║██║     ███████╗
+  //  ██║   ██║   ██║   ██║██║     ╚════██║
+  //  ╚██████╔╝   ██║   ██║███████╗███████║
+  //   ╚═════╝    ╚═╝   ╚═╝╚══════╝╚══════╝
+  //
+
+  /**
+   * Module utilities (private)
+   */
+
+  function _ensureGlobalCache(){
+    parasails._cache = parasails._cache || {};
+  }
+
+  function _exportOnGlobalCache(moduleName, moduleDefinition){
+    _ensureGlobalCache();
+    if (parasails._cache[moduleName]) { throw new Error('Something else (e.g. a utility or constant) has already been registered under that name (`'+moduleName+'`)'); }
+    parasails._cache[moduleName] = moduleDefinition;
+  }
+
+  function _exposeJQueryPoweredMethods(def, currentModuleEntityNoun){
+    if (!currentModuleEntityNoun) { throw new Error('Consistency violation: Bad internal usage. '); }
+    if (def.methods && def.methods.$get) { throw new Error('This '+currentModuleEntityNoun+' contains `methods` with a `$get` key, but you\'re not allowed to override that'); }
+    if (def.methods && def.methods.$find) { throw new Error('This '+currentModuleEntityNoun+' contains `methods` with a `$find` key, but you\'re not allowed to override that'); }
+    if (def.methods && def.methods.$focus) { throw new Error('This '+currentModuleEntityNoun+' contains `methods` with a `$focus` key, but you\'re not allowed to override that'); }
+    def.methods = def.methods || {};
+    if ($) {
+      def.methods.$get = function (){ return $(this.$el); };
+      def.methods.$find = function (subSelector){ return $(this.$el).find(subSelector); };
+      def.methods.$focus = function (subSelector){
+        // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+        // FUTURE: If the current Vue thing hasn't mounted yet, throw an error.
+        // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+        var $fieldToAutoFocus = $(this.$el).find(subSelector);
+        if ($fieldToAutoFocus.length === 0) { throw new Error('Could not autofocus-- no such element exists within this '+currentModuleEntityNoun+'.'); }
+        if ($fieldToAutoFocus.length > 1) { throw new Error('Could not autofocus `'+subSelector+'`-- too many elements matched!'); }
+        $fieldToAutoFocus.focus();
+      };
+    }
+    else {
+      def.methods.$get = function (){ throw new Error('Cannot use .$get() method because, at the time when this '+currentModuleEntityNoun+' was registered, jQuery (`$`) did not exist on the page yet.  (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure jQuery is getting brought in before `parasails`.)'); };
+      def.methods.$find = function (){ throw new Error('Cannot use .$find() method because, at the time when this '+currentModuleEntityNoun+' was registered, jQuery (`$`) did not exist on the page yet.  (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure jQuery is getting brought in before `parasails`.)'); };
+      def.methods.$focus = function (){ throw new Error('Cannot use .$focus() method because, at the time when this '+currentModuleEntityNoun+' was registered, jQuery (`$`) did not exist on the page yet.  (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure jQuery is getting brought in before `parasails`.)'); };
+    }
+  }
+
+  function _wrapMethodsAndVerifyNoArrowFunctions(def){
+    def.methods = def.methods || {};
+    _.each(_.keys(def.methods), function (methodName) {
+      if (!_.isFunction(def.methods[methodName])) {
+        throw new Error('Unexpected definition for Vue method `'+methodName+'`.  Expecting a function, but got "'+def.methods[methodName]+'"');
+      }
+
+      var isArrowFunction;
+      try {
+        var asString = def.methods[methodName].toString();
+        isArrowFunction = asString.match(/^\s*\(\s*/) || asString.match(/^\s*async\s*\(\s*/);
+      } catch (err) {
+        console.warn('Consistency violation: Encountered unexpected error when attempting to verify that Vue method `'+methodName+'` is not an arrow function.  (What browser is this?!)  Anyway, error details:', err);
+      }
+
+      if (isArrowFunction) {
+        throw new Error('Unexpected definition for Vue method `'+methodName+'`.  Vue methods cannot be specified as arrow functions, because then you wouldn\'t have access to `this` (i.e. the Vue vm instance).  Please use a function like `function(){…}` instead.');
+      }
+
+      // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+      // FUTURE:
+      // Inject a wrapper function in order to provide more advanced / cleaner error handling.
+      // (especially for AsyncFunctions)
+      // ```
+      // var _originalMethod = def.methods[methodName];
+      // def.methods[methodName] = function(){
+      //
+      //   var rawResult;
+      //   var originalCtx = this;
+      //   (function(proceed){
+      //     if (_originalMethod.constructor.name === 'AsyncFunction') {
+      //       rawResult = _originalMethod.apply(originalCtx, arguments);
+      //       // The result of an AsyncFunction is always a promise:
+      //       rawResult.catch(function(err) {
+      //         proceed(err);
+      //       });//_∏_
+      //       rawResult.then(function(actualResult){
+      //         return proceed(undefined, actualResult);
+      //       });
+      //     }
+      //     else {
+      //       try {
+      //         rawResult = _originalMethod.apply(originalCtx, arguments);
+      //       } catch (err) { return proceed(err); }
+      //       return proceed(undefined, rawResult);
+      //     }
+      //   })(function(err, actualResult){//eslint-disable-line no-unused-vars
+      //     if (err) {
+      //       // FUTURE: perform more advanced error handling here
+      //       throw err;
+      //     }
+      //
+      //     // Otherwise do nothing.
+      //
+      //   });//_∏_  (†)
+      //
+      //   // For compatibility, return the raw result.
+      //   return rawResult;
+      //
+      // };//ƒ
+      // ```
+      // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+    });//∞
+  }
+
+
+  //  ███████╗██╗  ██╗██████╗  ██████╗ ██████╗ ████████╗███████╗
+  //  ██╔════╝╚██╗██╔╝██╔══██╗██╔═══██╗██╔══██╗╚══██╔══╝██╔════╝
+  //  █████╗   ╚███╔╝ ██████╔╝██║   ██║██████╔╝   ██║   ███████╗
+  //  ██╔══╝   ██╔██╗ ██╔═══╝ ██║   ██║██╔══██╗   ██║   ╚════██║
+  //  ███████╗██╔╝ ██╗██║     ╚██████╔╝██║  ██║   ██║   ███████║
+  //  ╚══════╝╚═╝  ╚═╝╚═╝      ╚═════╝ ╚═╝  ╚═╝   ╚═╝   ╚══════╝
+  //
+
+  /**
+   * Module exports
+   */
+
+  parasails = {};
+
+
+  /**
+   * registerUtility()
+   *
+   * Build a callable utility function, then attach it to the global namespace
+   * so that it can be accessed later via `.require()`.
+   *
+   * @param {String} utilityName
+   * @param {Function} def
+   */
+
+  parasails.registerUtility = function(utilityName, def){
+
+    // Usage
+    if (!utilityName) { throw new Error('1st argument (utility name) is required'); }
+    if (!def) { throw new Error('2nd argument (utility function definition) is required'); }
+    if (!_.isFunction(def)) { throw new Error('2nd argument (utility function definition) should be a function'); }
+
+    // Build callable utility
+    // > FUTURE: also support machine defs?
+    var callableUtility = def;
+    callableUtility.name = utilityName;
+
+    // Attach to global cache
+    _exportOnGlobalCache(utilityName, callableUtility);
+
+  };
+
+
+  /**
+   * registerConstant()
+   *
+   * Attach a constant to the global namespace so that it can be accessed
+   * later via `.require()`.
+   *
+   * @param {String} constantName
+   * @param {Ref} value
+   */
+
+  parasails.registerConstant = function(constantName, value){
+
+    // Usage
+    if (!constantName) { throw new Error('1st argument (constant name) is required'); }
+    if (value === undefined) { throw new Error('2nd argument (the constant value) is required'); }
+
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    // FUTURE: deep-freeze constant, if supported
+    // (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze)
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+    // Attach to global cache
+    _exportOnGlobalCache(constantName, value);
+
+  };
+
+
+
+  /**
+   * registerComponent()
+   *
+   * Define a Vue component.
+   *
+   * @param {String} componentName
+   * @param {Dictionary} def
+   *
+   * @returns {Ref}  [new vue component for this page]
+   */
+
+  parasails.registerComponent = function(componentName, def){
+
+    // Expose extra methods on component def, if jQuery is available.
+    _exposeJQueryPoweredMethods(def, 'component');
+
+    // Make sure none of the specified Vue methods are defined with any naughty arrow functions.
+    _wrapMethodsAndVerifyNoArrowFunctions(def);
+
+    Vue.component(componentName, def);
+
+  };
+
+
+  /**
+   * require()
+   *
+   * Require a utility function or constant from the global namespace.
+   *
+   * @param {String} moduleName
+   * @returns {Ref}  [e.g. the callable utility function, or the value of the constant]
+   * @throws {Error} if no such module has been registered
+   */
+
+  parasails.require = function(moduleName) {
+
+    // Usage
+    if (!moduleName) { throw new Error('1st argument (module name -- i.e. the name of a utility or constant) is required'); }
+
+    // Fetch from global cache
+    _ensureGlobalCache();
+    if (parasails._cache[moduleName] === undefined) {
+      var err = new Error('No utility or constant is registered under that name (`'+moduleName+'`)');
+      err.name = 'RequireError';
+      err.code = 'MODULE_NOT_FOUND';
+      throw err;
+    }
+    return parasails._cache[moduleName];
+
+  };
+
+
+  /**
+   * registerPage()
+   *
+   * Define a page script, if applicable for the current contents of the DOM.
+   *
+   * @param {String} pageName
+   * @param {Dictionary} def
+   *
+   * @returns {Ref}  [new vue app thing for this page]
+   */
+
+  parasails.registerPage = function(pageName, def){
+
+    // Usage
+    if (!pageName) { throw new Error('1st argument (page name) is required'); }
+    if (!def) { throw new Error('2nd argument (page script definition) is required'); }
+
+    // Only actually build+load this page script if it is relevant for the current contents of the DOM.
+    if (!document.getElementById(pageName)) { return; }//eslint-disable-line no-undef
+
+    // Spinlock
+    if (didAlreadyLoadPageScript) { throw new Error('Cannot load page script (`'+pageName+') because a page script has already been loaded on this page.'); }
+    didAlreadyLoadPageScript = true;
+
+    // Automatically set `el`
+    if (def.el) { throw new Error('Page script definition contains `el`, but you\'re not allowed to override that'); }
+    def.el = '#'+pageName;
+
+    // Expose extra methods, if jQuery is available.
+    _exposeJQueryPoweredMethods(def, 'page script');
+
+    // Make sure none of the specified Vue methods are defined with any naughty arrow functions.
+    _wrapMethodsAndVerifyNoArrowFunctions(def);
+
+    // Automatically attach `pageName` to `data`, for convenience.
+    if (def.data && def.data.pageName) { throw new Error('Page script definition contains `data` with a `pageName` key, but you\'re not allowed to override that'); }
+    def.data = _.extend({
+      pageName: pageName
+    }, def.data||{});
+
+    // Attach `goto` method, for convenience.
+    if (def.methods && def.methods.goto) { throw new Error('Page script definition contains `methods` with a `goto` key-- but you\'re not allowed to override that'); }
+    def.methods = def.methods || {};
+    if (VueRouter) {
+      def.methods.goto = function (rootRelativeUrlOrOpts){
+        return this.$router.push(rootRelativeUrlOrOpts);
+      };
+    }
+    else {
+      def.methods.goto = function (){ throw new Error('Cannot use .goto() method because, at the time when this page script was registered, VueRouter did not exist on the page yet. (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure VueRouter is getting brought in before `parasails`.)'); };
+    }
+
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    // FUTURE: Make sure we didn't type "beforeMounted" or "beforeDestroyed" because those aren't real things
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+    // If virtualPages was specified, check usage and then...
+    if (def.virtualPages && def.router) { throw new Error('Cannot specify both `virtualPages` AND an actual Vue `router`!  Use one or the other.'); }
+    if (def.router && !VueRouter) { throw new Error('Cannot use `router`, because that depends on the Vue Router.  But `VueRouter` does not exist on the page yet.  (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure the VueRouter plugin is getting brought in before `parasails`.)'); }
+    if (!def.virtualPages && def.html5HistoryMode !== undefined) { throw new Error('Cannot specify `html5HistoryMode` without also specifying `virtualPages`!'); }
+    if (!def.virtualPages && def.beforeEach !== undefined) { throw new Error('Cannot specify `beforeEach` without also specifying `virtualPages`!'); }
+    if ((def.beforeNavigate || def.afterNavigate) && def.virtualPages !== true) { throw new Error('Cannot specify `beforeNavigate` or `afterNavigate` unless you set `virtualPages: true`!'); }
+    if (def.virtualPages) {
+      if (!VueRouter) { throw new Error('Cannot use `virtualPages`, because it depends on the Vue Router.  But `VueRouter` does not exist on the page yet.  (If you\'re using Sails, please check dependency loading order in pipeline.js and make sure the VueRouter plugin is getting brought in before `parasails`.)'); }
+
+      // Now we'll replace `virtualPages` in our def with the thing that VueRouter actually expects:
+
+      // If `virtualPages: true` was specified, then use reasonable defaults:
+      //
+      // > Note: This assumes that, somewhere within the parent page's template, there is:
+      // > ```
+      // > <router-view></router-view>
+      // > ```
+      if (def.virtualPages === true) {
+        if (def.beforeEach !== undefined) { throw new Error('Cannot specify `virtualPages: true` AND `beforeEach` at the same time!'); }
+        if (!def.virtualPagesRegExp && def.html5HistoryMode === 'history') { throw new Error('If `html5HistoryMode: \'history\'` is specified, then virtualPagesRegExp must also be specified!'); }
+        if (def.virtualPagesRegExp && !_.isRegExp(def.virtualPagesRegExp)) { throw new Error('Invalid `virtualPagesRegExp`: If specified, this must be a regular expression -- e.g. `/^\/manage\/access\/?([^\/]+)?/`'); }
+
+        // Check for <router-view> element
+        // (to provide a better error msg if it was omitted)
+        var customBeforeMountLC;
+        if (def.beforeMount) {
+          customBeforeMountLC = def.beforeMount;
+        }//fi
+        def.beforeMount = function(){
+
+          // Inject additional code to check for <router-view> element:
+          // console.log('this.$find(\'router-view\').length', this.$find('router-view').length);
+          if (this.$find('router-view').length === 0) {
+            throw new Error(
+              'Cannot mount this page with `virtualPages: true` because no '+
+              '<router-view> element exists in this page\'s HTML.\n'+
+              'Please be sure the HTML includes:\n'+
+              '\n'+
+              '```\n'+
+              '<router-view></router-view>\n'+
+              '```\n'
+            );
+          }//•
+
+          // Then call the original, custom "beforeMount" function, if there was one.
+          if (customBeforeMountLC) {
+            customBeforeMountLC.apply(this, []);
+          }
+        };//ƒ
+
+        if (def.methods._navigate) {
+          throw new Error('Could not use `virtualPages: true`, because a conflicting `_navigate` method is defined.  Please remove it, or do something else.');
+        }
+
+        // Set up local variables to refer to things in `def`, since it will be changing below.
+        var pathMatchingRegExp;
+        if (def.html5HistoryMode === 'history') {
+          pathMatchingRegExp = def.virtualPagesRegExp;
+        } else {
+          pathMatchingRegExp = /.*/;
+        }
+
+        var beforeNavigate = def.beforeNavigate;
+        var afterNavigate = def.afterNavigate;
+
+        // Now modify the definition's methods and remove all relevant top-level props understood
+        // by parasails (but not by Vue.js) to avoid creating any weird additional dependence on
+        // parasails features beyond the expected usage.
+
+        def.methods = _.extend(def.methods||{}, {
+          _navigate: function(virtualPageSlug){
+
+            if (beforeNavigate) {
+              var doCancelNavigate = beforeNavigate.apply(this, [ virtualPageSlug ]);
+              if (doCancelNavigate === false) {
+                return;
+              }//•
+            }
+
+            this.virtualPageSlug = virtualPageSlug;
+
+            // console.log('navigate!  Got:', arguments);
+            // console.log('Navigated. (Set `this.virtualPageSlug=\''+virtualPageSlug+'\'`)');
+
+            if (afterNavigate) {
+              afterNavigate.apply(this, [ virtualPageSlug ]);
+            }
+
+          }
+        });
+
+        def = _.extend({
+          router: new VueRouter({
+            mode: def.html5HistoryMode || 'hash',
+            routes: [
+              {
+                path: '*',
+                component: (function(){
+                  var vueComponentDef = {
+                    render: function(){},
+                    beforeRouteUpdate: function (to,from,next){
+                      // this.$emit('navigate', to.path); <<old way
+                      var path = to.path;
+                      var matches = path.match(pathMatchingRegExp);
+                      if (!matches) { throw new Error('Could not match current URL path (`'+path+'`) as a virtual page.  Please check the `virtualPagesRegExp` -- e.g. `/^\/foo\/bar\/?([^\/]+)?/`'); }
+                      // console.log('this.$parent', this.$parent);
+                      this.$parent._navigate(matches[1]||'');
+                      // this.$emit('navigate', {
+                      //   rawPath: path,
+                      //   virtualPageSlug: matches[1]||''
+                      // });
+                      return next();
+                    },
+                    mounted: function(){
+                      // this.$emit('navigate', this.$route.path); <<old way
+                      var path = this.$route.path;
+                      var matches = path.match(pathMatchingRegExp);
+                      if (!matches) { throw new Error('Could not match current URL path (`'+path+'`) as a virtual page.  Please check the `virtualPagesRegExp` -- e.g. `/^\/foo\/bar\/?([^\/]+)?/`'); }
+                      this.$parent._navigate(matches[1]||'');
+                      // this.$emit('navigate', {
+                      //   rawPath: path,
+                      //   virtualPageSlug: matches[1]||''
+                      // });
+                    }
+                  };
+                  // Expose extra methods on virtual page script, if jQuery is available.
+                  _exposeJQueryPoweredMethods(vueComponentDef, 'virtual page');
+
+                  // Make sure none of the specified Vue methods are defined with any naughty arrow functions.
+                  _wrapMethodsAndVerifyNoArrowFunctions(vueComponentDef);
+
+                  return vueComponentDef;
+                })()
+              }
+            ],
+          })
+        }, _.omit(def, ['virtualPages', 'virtualPagesRegExp', 'html5HistoryMode', 'beforeNavigate', 'afterNavigate']));
+      }
+      // Otherwise, if a dictionary of `virtualPages` was specified, use those client-side
+      // routes to configure VueRouter.
+      // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+      // FUTURE: Re-evaluate this.  This usage will probably change!
+      // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+      else if (_.isObject(def.virtualPages) && !_.isArray(def.virtualPages) && !_.isFunction(def.virtualPages)) {
+        if (def.virtualPagesRegExp) { throw new Error('Cannot use `virtualPagesRegExp` with current `virtualPages` setting.  To use the regexp, you must use `virtualPages: true`.'); }
+
+        def = _.extend(
+          {
+            // Pass in `router`
+            router: (function(){
+              var newRouter = new VueRouter({
+
+                // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+                // FUTURE: Consider binding popstate handler in order to intercept
+                // back/fwd button navigation / typing in the URL bar that would send
+                // the user to another URL under the same domain.  This would provide
+                // a slightly better user experience for certain cases.
+                // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+                mode: def.html5HistoryMode || 'hash',
+
+                routes: _.reduce(def.virtualPages, function(memo, vueComponentDef, urlPattern) {
+
+                  // Expose extra methods on virtual page script, if jQuery is available.
+                  _exposeJQueryPoweredMethods(vueComponentDef, 'virtual page');
+
+                  // Make sure none of the specified Vue methods are defined with any naughty arrow functions.
+                  _wrapMethodsAndVerifyNoArrowFunctions(vueComponentDef);
+
+                  // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+                  // FUTURE: If urlPattern contains a url pattern variable (e.g. `:id`)
+                  // or wildcard "splat" (e.g. `*`), then log a warning reminding whoever
+                  // did it to be careful because of this:
+                  // https://router.vuejs.org/en/essentials/dynamic-matching.html#reacting-to-params-changes
+                  //
+                  // In other words, going between `/foo/3` and `/foo/4` doesn't work as expected.
+                  // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+                  memo.push({
+                    path: urlPattern,
+                    component: vueComponentDef
+                  });
+
+                  return memo;
+                }, [])
+              });
+
+              if (def.beforeEach) {
+                newRouter.beforeEach(def.beforeEach);
+              }//fi
+
+              return newRouter;
+            })(),
+
+
+          },
+          _.omit(def, ['virtualPages', 'html5HistoryMode', 'beforeEach'])
+        );
+      }
+      else {
+        throw new Error('Cannot use `virtualPages` because the specified value doesn\'t match any recognized meaning.  Please specify either `true` (for the default handling) or a dictionary of client-side routing rules.');
+      }
+
+
+    }//fi
+
+    // Construct Vue instance for this page script.
+    var vm = new Vue(def);
+
+    return vm;
+
+  };//ƒ
+
+
+
+
+  return parasails;
+
+});//…)

assets/js/components/ajax-button.component.js

@@ -0,0 +1,67 @@
+/**
+ * <ajax-button>
+ * -----------------------------------------------------------------------------
+ * A button with a built-in loading spinner.
+ *
+ * @type {Component}
+ * -----------------------------------------------------------------------------
+ */
+
+parasails.registerComponent('ajaxButton', {
+
+  //  ╔═╗╦═╗╔═╗╔═╗╔═╗
+  //  ╠═╝╠╦╝║ ║╠═╝╚═╗
+  //  ╩  ╩╚═╚═╝╩  ╚═╝
+  props: [
+    'syncing'
+  ],
+
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: function (){
+    return {
+
+    };
+  },
+
+  //  ╦ ╦╔╦╗╔╦╗╦
+  //  ╠═╣ ║ ║║║║
+  //  ╩ ╩ ╩ ╩ ╩╩═╝
+  template: `
+  <button type="submit" class="btn ajax-button" :class="[syncing ? 'syncing' : '']">
+    <span class="button-text" v-if="!syncing"><slot name="default">Submit</slot></span>
+    <span class="button-loader clearfix" v-if="syncing">
+      <slot name="syncing-state">
+        <div class="loading-dot dot1"></div>
+        <div class="loading-dot dot2"></div>
+        <div class="loading-dot dot3"></div>
+        <div class="loading-dot dot4"></div>
+      </slot>
+    </span>
+  </button>
+  `,
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+
+  },
+
+  mounted: function (){
+
+  },
+
+  beforeDestroy: function() {
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+  }
+
+});

assets/js/components/ajax-form.component.js

@@ -0,0 +1,127 @@
+/**
+ * <ajax-form>
+ * -----------------------------------------------------------------------------
+ * A form that talks to the backend using AJAX.
+ *
+ * @type {Component}
+ *
+ * @event submitted          [emitted after the server responds with a 2xx status code]
+ * -----------------------------------------------------------------------------
+ */
+
+parasails.registerComponent('ajaxForm', {
+
+  //  ╔═╗╦═╗╔═╗╔═╗╔═╗
+  //  ╠═╝╠╦╝║ ║╠═╝╚═╗
+  //  ╩  ╩╚═╚═╝╩  ╚═╝
+  // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+  // Note:
+  // Some of these props rely on the `.sync` modifier re-introduced in Vue 2.3.x.
+  // For more info, see: https://vuejs.org/v2/guide/components.html#sync-Modifier
+  //
+  // Specifically, these special props are:
+  // • syncing
+  // • cloudError
+  // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+  props: [
+    'syncing',// « 2-way bound (.sync)
+    'action',
+    'handleParsing',
+    'cloudError'// « 2-way bound (.sync)
+  ],
+
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: function (){
+    return {
+    };
+  },
+
+  //  ╦ ╦╔╦╗╔╦╗╦
+  //  ╠═╣ ║ ║║║║
+  //  ╩ ╩ ╩ ╩ ╩╩═╝
+  template: `
+  <form class="ajax-form" @submit.prevent="submit()">
+    <slot name="default"></slot>
+  </form>
+  `,
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+
+  },
+
+  mounted: function (){
+
+  },
+
+  beforeDestroy: function() {
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    submit: async function () {
+      if (!this.action || !_.isString(this.action) || !_.isFunction(Cloud[_.camelCase(this.action)])) {
+        throw new Error('Missing or invalid `action` in <ajax-form>.  `action` should be the name of a method on the `Cloud` global.  For example: `action="login"` would make this form communicate using `Cloud.login()`, which corresponds to the "login" action on the server.');
+      }
+      else if (!_.isFunction(Cloud[this.action])) {
+        throw new Error('Unrecognized `action` in <ajax-form>.  Did you mean to type `action="'+_.camelCase(this.action)+'"`?  (<ajax-form> expects `action` to be provided in camlCase format.  In other words, to reference the action at "api/controllers/foo/bar/do-something", use `action="doSomething"`.)');
+      }
+
+      if (!_.isFunction(this.handleParsing)) {
+        throw new Error('Missing or invalid `handle-parsing` in <ajax-form>.  For example: `:handle-parsing="handleParsingSomeForm"`.  This function should return a dictionary (plain JavaScript object like `{}`) of parsed form data, ready to be sent in a request to the server.');
+      }
+
+      // Prevent double-posting.
+      if (this.syncing) {
+        return;
+      }
+
+      // Clear the userland "cloudError" prop.
+      this.$emit('update:cloudError', '');
+
+      // Run the provided "handle-parsing" logic.
+      // > This should clear out any pre-existing error messages, perform any additional
+      // > client-side form validation checks, and do any necessary data transformations
+      // > to munge the form data into the format expected by the server.
+      var argins = this.handleParsing();
+
+      // If argins came back undefined, then avast.
+      // (This means that parsing the form failed.)
+      if (argins === undefined) {
+        return;
+      } else if (!_.isObject(argins) || _.isArray(argins) || _.isFunction(argins)) {
+        throw new Error('Invalid data returned from custom form parsing logic.  (Should return a dictionary of argins, like `{}`.)');
+      }
+
+      // Set syncing state to `true` on userland "syncing" prop.
+      this.$emit('update:syncing', true);
+
+      var didResponseIndicateFailure;
+      var result = await Cloud[this.action].with(argins)
+      .tolerate((err)=>{
+        // When a cloud error occurs, tolerate it, but set the userland "cloudError" prop accordingly.
+        this.$emit('update:cloudError', err.exit || 'error');
+        didResponseIndicateFailure = true;
+      });
+
+      // Set syncing state to `false` on userland "syncing" prop.
+      this.$emit('update:syncing', false);
+
+      // If the server says we were successful, then emit the "submitted" event.
+      if (!didResponseIndicateFailure) {
+        this.$emit('submitted', result);
+      }
+
+    },
+
+  }
+
+});

assets/js/components/modal.component.js

@@ -0,0 +1,126 @@
+/**
+ * <modal>
+ * -----------------------------------------------------------------------------
+ * A modal dialog pop-up.
+ *
+ * @type {Component}
+ *
+ * @event close   [emitted when the closing process begins]
+ * @event opened  [emitted when the opening process is completely done]
+ * -----------------------------------------------------------------------------
+ */
+
+parasails.registerComponent('modal', {
+
+  //  ╔═╗╦═╗╔═╗╔═╗╔═╗
+  //  ╠═╝╠╦╝║ ║╠═╝╚═╗
+  //  ╩  ╩╚═╚═╝╩  ╚═╝
+  props: [
+    'large'
+  ],
+
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: function (){
+    return {
+      // Spinlock used for preventing trying to close the bootstrap modal more than once.
+      // (in practice it doesn't seem to hurt anything if it tries to close more than once,
+      // but still.... better safe than sorry!)
+      _bsModalIsAnimatingOut: false
+    };
+  },
+
+  //  ╦ ╦╔╦╗╔╦╗╦
+  //  ╠═╣ ║ ║║║║
+  //  ╩ ╩ ╩ ╩ ╩╩═╝
+  template: `
+  <transition name="modal" v-on:leave="leave" v-bind:css="false">
+    <div class="modal fade clog-modal" tabindex="-1" role="dialog">
+      <div class="petticoat"></div>
+      <div class="modal-dialog custom-width" :class="large ? 'modal-lg' : ''" role="document">
+        <div class="modal-content">
+          <slot></slot>
+        </div><!-- /.modal-content -->
+      </div><!-- /.modal-dialog -->
+    </div><!-- /.modal -->
+  </transition>
+  `,
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  mounted: function (){
+
+    // Immediately call out to the Bootstrap modal and tell it to show itself.
+    $(this.$el).modal({
+      // Set the modal backdrop to the 'static' option, which means it doesn't close the modal
+      // when clicked.
+      backdrop: 'static',
+      show: true
+    });
+
+    // Attach listener for underlying custom modal closing event,
+    // and when that happens, have Vue emit a custom "close" event.
+    // (Note: This isn't just for convenience-- it's crucial that
+    // the parent logic can use this event to update its scope.)
+    $(this.$el).on('hide.bs.modal', ()=>{
+      this._bsModalIsAnimatingOut = true;
+      this.$emit('close');
+    });//ƒ
+
+    // Attach listener for underlying custom modal "opened" event,
+    // and when that happens, have Vue emit our own custom "opened" event.
+    // This is so we know when the entry animation has completed, allows
+    // us to do cool things like auto-focus the first input in a form modal.
+    $(this.$el).on('shown.bs.modal', ()=>{
+      this.$emit('opened');
+      $(this.$el).off('shown.bs.modal');
+    });//ƒ
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    leave: function (el, done) {
+
+      // If this shutting down was spawned by the bootstrap modal's built-in logic,
+      // then we'll have already begun animating the modal shut.  So we check our
+      // spinlock to make sure.  If it turns out that we HAVEN'T started that process
+      // yet, then we go ahead and start it now.
+      if (!this._bsModalIsAnimatingOut) {
+        $(this.$el).modal('hide');
+      }//fi
+
+      // When the bootstrap modal finishes animating into nothingness, unbind all
+      // the DOM events used by bootstrap, and then call `done()`, which passes
+      // control back to Vue and lets it finish the job (i.e. afterLeave).
+      //
+      // > Note that the other lifecycle events like `destroyed` were actually
+      // > already fired at this point.
+      // >
+      // > Also note that, since we're potentially long past the `destroyed` point
+      // > of the lifecycle here, we can't call `.$emit()` anymore either.  So,
+      // > for example, we wouldn't be able to emit a "fullyClosed" event --
+      // > because by the time it'd be appropriate to emit the Vue event, our
+      // > context for triggering it (i.e. the relevant instance of this component)
+      // > will no longer be capable of emitting custom Vue events (because by then,
+      // > it is no longer "reactive").
+      // >
+      // > For more info, see:
+      // > https://github.com/vuejs/vue-router/issues/1302#issuecomment-291207073
+      $(this.$el).on('hidden.bs.modal', ()=>{
+        $(this.$el).off('hide.bs.modal');
+        $(this.$el).off('hidden.bs.modal');
+        $(this.$el).off('shown.bs.modal');
+        done();
+      });//_∏_
+
+    },
+
+  }
+
+});

assets/js/pages/498.page.js

@@ -0,0 +1,26 @@
+parasails.registerPage('[id="498"]', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function(){
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+  }
+});

assets/js/pages/account/account-overview.page.js

@@ -0,0 +1,119 @@
+parasails.registerPage('account-overview', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    me: { /* ... */ },
+
+    isBillingEnabled: false,
+
+    hasBillingCard: false,
+
+    // Syncing/loading states for this page.
+    syncingUpdateCard: false,
+    syncingRemoveCard: false,
+
+    // Form data
+    formData: { /* … */ },
+
+    // Server error state for the form
+    cloudError: '',
+
+    // For the Stripe checkout window
+    checkoutHandler: undefined,
+
+    // For the confirmation modal:
+    removeCardModalVisible: false,
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function (){
+    _.extend(this, window.SAILS_LOCALS);
+
+    this.isBillingEnabled = !!this.stripePublishableKey;
+
+    // Determine whether there is billing info for this user.
+    this.hasBillingCard = (
+      this.me.billingCardBrand &&
+      this.me.billingCardLast4 &&
+      this.me.billingCardExpMonth &&
+      this.me.billingCardExpYear
+    );
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    clickStripeCheckoutButton: async function() {
+
+      // Import utilities.
+      var openStripeCheckout = parasails.require('openStripeCheckout');
+
+      // Prevent double-posting if it's still loading.
+      if(this.syncingUpdateCard) { return; }
+
+      // Clear out error states.
+      this.cloudError = false;
+
+      // Open Stripe Checkout.
+      var billingCardInfo = await openStripeCheckout(this.stripePublishableKey, this.me.emailAddress);
+      if (!billingCardInfo) {
+        // (if the user canceled the dialog, avast)
+        return;
+      }
+
+      // Now that payment info has been successfully added, update the billing
+      // info for this user in our backend.
+      this.syncingUpdateCard = true;
+      await Cloud.updateBillingCard.with(billingCardInfo)
+      .tolerate(()=>{
+        this.cloudError = true;
+      });
+      this.syncingUpdateCard = false;
+
+      // Upon success, update billing info in the UI.
+      if (!this.cloudError) {
+        Object.assign(this.me, _.pick(billingCardInfo, ['billingCardLast4', 'billingCardBrand', 'billingCardExpMonth', 'billingCardExpYear']));
+        this.hasBillingCard = true;
+      }
+    },
+
+    clickRemoveCardButton: function() {
+      this.removeCardModalVisible = true;
+    },
+
+    closeRemoveCardModal: function() {
+      this.removeCardModalVisible = false;
+      this.cloudError = false;
+    },
+
+    submittedRemoveCardForm: function() {
+
+      // Update billing info on success.
+      this.me.billingCardLast4 = undefined;
+      this.me.billingCardBrand = undefined;
+      this.me.billingCardExpMonth = undefined;
+      this.me.billingCardExpYear = undefined;
+      this.hasBillingCard = false;
+
+      // Close the modal and clear it out.
+      this.closeRemoveCardModal();
+
+    },
+
+    handleParsingRemoveCardForm: function() {
+      return {
+        // Set to empty string to indicate the default payment source
+        // for this customer is being completely removed.
+        stripeToken: ''
+      };
+    },
+
+  }
+});

assets/js/pages/account/change-password.page.js

@@ -0,0 +1,77 @@
+parasails.registerPage('change-password', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    // Main syncing/loading state for this page.
+    syncing: false,
+
+    // Form data
+    formData: { /* … */ },
+
+    // For tracking client-side validation errors in our form.
+    // > Has property set to `true` for each invalid property in `formData`.
+    formErrors: { /* … */ },
+
+    // Server error state for the form
+    cloudError: '',
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach raw data exposed by the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function() {
+    this.$focus('[autofocus]');
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    handleParsingForm: function() {
+
+      // Clear out any pre-existing error messages.
+      this.formErrors = {};
+
+      var argins = { password: this.formData.password };
+
+      // Validate password:
+      if(!argins.password) {
+        this.formErrors.password = true;
+      }
+
+      // Validate password confirmation:
+      if(argins.password && argins.password !== this.formData.confirmPassword) {
+        this.formErrors.confirmPassword = true;
+      }
+
+      // If there were any issues, they've already now been communicated to the user,
+      // so simply return undefined.  (This signifies that the submission should be
+      // cancelled.)
+      if (Object.keys(this.formErrors).length > 0) {
+        return;
+      }
+
+      return argins;
+    },
+
+
+    submittedForm: function() {
+
+      // Redirect to the logged-in dashboard on success.
+      // > (Note that we re-enable the syncing state here.  This is on purpose--
+      // > to make sure the spinner stays there until the page navigation finishes.)
+      this.syncing = true;
+      window.location = '/account';
+
+    },
+
+  }
+});

assets/js/pages/account/edit-profile.page.js

@@ -0,0 +1,77 @@
+parasails.registerPage('edit-profile', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    // Main syncing/loading state for this page.
+    syncing: false,
+
+    // Form data
+    formData: { /* … */ },
+
+    // For tracking client-side validation errors in our form.
+    // > Has property set to `true` for each invalid property in `formData`.
+    formErrors: { /* … */ },
+
+    // Server error state for the form
+    cloudError: '',
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach raw data exposed by the server.
+    _.extend(this, SAILS_LOCALS);
+
+    // Set the form data.
+    this.formData.fullName = this.me.fullName;
+    this.formData.emailAddress = this.me.emailChangeCandidate ? this.me.emailChangeCandidate : this.me.emailAddress;
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    submittedForm: function() {
+
+      // Redirect to the account page on success.
+      // > (Note that we re-enable the syncing state here.  This is on purpose--
+      // > to make sure the spinner stays there until the page navigation finishes.)
+      this.syncing = true;
+      window.location = '/account';
+
+    },
+
+    handleParsingForm: function() {
+
+      // Clear out any pre-existing error messages.
+      this.formErrors = {};
+
+      var argins = this.formData;
+
+      // Validate name:
+      if(!argins.fullName) {
+        this.formErrors.password = true;
+      }
+
+      // Validate email:
+      if(!argins.emailAddress) {
+        this.formErrors.emailAddress = true;
+      }
+
+      // If there were any issues, they've already now been communicated to the user,
+      // so simply return undefined.  (This signifies that the submission should be
+      // cancelled.)
+      if (Object.keys(this.formErrors).length > 0) {
+        return;
+      }
+
+      return argins;
+    },
+
+  }
+});

assets/js/pages/contact.page.js

@@ -0,0 +1,84 @@
+parasails.registerPage('contact', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    // Main syncing/loading state for this page.
+    syncing: false,
+
+    // Form data
+    formData: { /* … */ },
+
+    // For tracking client-side validation errors in our form.
+    // > Has property set to `true` for each invalid property in `formData`.
+    formErrors: { /* … */ },
+
+    // Server error state for the form
+    cloudError: '',
+
+    // Success state when form has been submitted
+    cloudSuccess: false,
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  mounted: function() {
+
+    this.$focus('[autofocus]');
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    handleParsingForm: function() {
+
+      // Clear out any pre-existing error messages.
+      this.formErrors = {};
+
+      var argins = this.formData;
+
+      // Validate email:
+      if(!argins.emailAddress) {
+        this.formErrors.emailAddress = true;
+      }
+
+      // Validate name:
+      if(!argins.fullName) {
+        this.formErrors.fullName = true;
+      }
+
+      // Validate topic:
+      if(!argins.topic) {
+        this.formErrors.topic = true;
+      }
+
+      // Validate message:
+      if(!argins.message) {
+        this.formErrors.message = true;
+      }
+
+      // If there were any issues, they've already now been communicated to the user,
+      // so simply return undefined.  (This signifies that the submission should be
+      // cancelled.)
+      if (Object.keys(this.formErrors).length > 0) {
+        return;
+      }
+
+      return argins;
+    },
+
+    submittedForm: function() {
+
+      // Show the success message.
+      this.cloudSuccess = true;
+
+    },
+
+  }
+});

assets/js/pages/dashboard/welcome.page.js

@@ -0,0 +1,23 @@
+parasails.registerPage('welcome', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+    //…
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+    //…
+  }
+});

assets/js/pages/entrance/confirmed-email.page.js

@@ -0,0 +1,26 @@
+parasails.registerPage('confirmed-email', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function(){
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+  }
+});

assets/js/pages/entrance/forgot-password.page.js

@@ -0,0 +1,69 @@
+parasails.registerPage('forgot-password', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    // Main syncing/loading state for this page.
+    syncing: false,
+
+    // Form data
+    formData: { /* … */ },
+
+    // For tracking client-side validation errors in our form.
+    // > Has property set to `true` for each invalid property in `formData`.
+    formErrors: { /* … */ },
+
+    // Server error state for the form
+    cloudError: '',
+
+    // Success state when form has been submitted
+    cloudSuccess: false,
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function() {
+    this.$focus('[autofocus]');
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    handleParsingForm: function() {
+
+      // Clear out any pre-existing error messages.
+      this.formErrors = {};
+
+      var argins = this.formData;
+
+      // Validate email:
+      if(!argins.emailAddress) {
+        this.formErrors.emailAddress = true;
+      }
+
+      // If there were any issues, they've already now been communicated to the user,
+      // so simply return undefined.  (This signifies that the submission should be
+      // cancelled.)
+      if (Object.keys(this.formErrors).length > 0) {
+        return;
+      }
+
+      return argins;
+    },
+
+    submittedForm: function() {
+      // If it worked, show the success message.
+      this.cloudSuccess = true;
+    },
+
+  }
+});

assets/js/pages/entrance/login.page.js

@@ -0,0 +1,83 @@
+parasails.registerPage('login', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    // Main syncing/loading state for this page.
+    syncing: false,
+
+    // Form data
+    formData: { /* … */ },
+
+    // For tracking client-side validation errors in our form.
+    // > Has property set to `true` for each invalid property in `formData`.
+    formErrors: { /* … */ },
+
+    // Server error state for the form
+    cloudError: '',
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function() {
+    this.$focus('[autofocus]');
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    // Note:
+    // To see what this would look like as a completely custom form, without relying on as many
+    // built-in features of the <ajax-form> component, see:
+    // https://github.com/sailshq/caviar/commit/512eb41c347f9bcdebc2d1bca8b15d8a0acd80f1
+    // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+    submittedForm: function() {
+
+      // Redirect to the logged-in dashboard on success.
+      // > (Note that we re-enable the syncing state here.  This is on purpose--
+      // > to make sure the spinner stays there until the page navigation finishes.)
+      this.syncing = true;
+      window.location = '/';
+
+    },
+
+    handleParsingForm: function() {
+
+      // Clear out any pre-existing error messages.
+      this.formErrors = {};
+
+      var argins = this.formData;
+
+      // Validate email:
+      if(!argins.emailAddress) {
+        this.formErrors.emailAddress = true;
+      }
+
+      // Validate password:
+      if(!argins.password) {
+        this.formErrors.password = true;
+      }
+
+      // If there were any issues, they've already now been communicated to the user,
+      // so simply return undefined.  (This signifies that the submission should be
+      // cancelled.)
+      if (Object.keys(this.formErrors).length > 0) {
+        return;
+      }
+
+      return argins;
+    },
+
+  }
+});

assets/js/pages/entrance/new-password.page.js

@@ -0,0 +1,78 @@
+parasails.registerPage('new-password', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    // Main syncing/loading state for this page.
+    syncing: false,
+
+    // Form data
+    formData: { /* … */ },
+
+    // For tracking client-side validation errors in our form.
+    // > Has property set to `true` for each invalid property in `formData`.
+    formErrors: { /* … */ },
+
+    // Server error state for the form
+    cloudError: '',
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function() {
+    this.$focus('[autofocus]');
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    handleParsingForm: function() {
+
+      // Clear out any pre-existing error messages.
+      this.formErrors = {};
+
+      var argins = _.extend({
+        token: this.token
+      }, this.formData);
+
+      // Validate password:
+      if(!argins.password) {
+        this.formErrors.password = true;
+      }
+
+      // Validate password confirmation:
+      if(argins.password && argins.password !== argins.confirmPassword) {
+        this.formErrors.confirmPassword = true;
+      }
+
+      // If there were any issues, they've already now been communicated to the user,
+      // so simply return undefined.  (This signifies that the submission should be
+      // cancelled.)
+      if (Object.keys(this.formErrors).length > 0) {
+        return;
+      }
+
+      return argins;
+    },
+
+    submittedForm: function() {
+
+      // Redirect to the logged-in dashboard on success.
+      // > (Note that we re-enable the syncing state here.  This is on purpose--
+      // > to make sure the spinner stays there until the page navigation finishes.)
+      this.syncing = true;
+      window.location = '/';
+
+    },
+
+  }
+});

assets/js/pages/entrance/signup.page.js

@@ -0,0 +1,100 @@
+parasails.registerPage('signup', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    // Form data
+    formData: { /* … */ },
+
+    // For tracking client-side validation errors in our form.
+    // > Has property set to `true` for each invalid property in `formData`.
+    formErrors: { /* … */ },
+
+    // Syncing / loading state
+    syncing: false,
+
+    // Server error state
+    cloudError: '',
+
+    // Success state when form has been submitted
+    cloudSuccess: false,
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function() {
+    this.$focus('[autofocus]');
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    submittedForm: function() {
+
+      if(this.isEmailVerificationRequired) {
+        // If email confirmation is enabled, show the success message.
+        this.cloudSuccess = true;
+      }
+      else {
+        // Otherwise, redirect to the logged-in dashboard.
+        // > (Note that we re-enable the syncing state here.  This is on purpose--
+        // > to make sure the spinner stays there until the page navigation finishes.)
+        this.syncing = true;
+        window.location = '/';
+      }
+    },
+
+    handleParsingForm: function() {
+
+      // Clear out any pre-existing error messages.
+      this.formErrors = {};
+
+      var argins = this.formData;
+
+      // Validate full name:
+      if(!argins.fullName) {
+        this.formErrors.fullName = true;
+      }
+
+      // Validate email:
+      var isValidEmailAddress = parasails.require('isValidEmailAddress');
+      if(!argins.emailAddress || !isValidEmailAddress(argins.emailAddress)) {
+        this.formErrors.emailAddress = true;
+      }
+
+      // Validate password:
+      if(!argins.password) {
+        this.formErrors.password = true;
+      }
+
+      // Validate password confirmation:
+      if(argins.password && argins.password !== argins.confirmPassword) {
+        this.formErrors.confirmPassword = true;
+      }
+
+      // Validate ToS agreement:
+      if(!argins.agreed) {
+        this.formErrors.agreed = true;
+      }
+
+      // If there were any issues, they've already now been communicated to the user,
+      // so simply return undefined.  (This signifies that the submission should be
+      // cancelled.)
+      if (Object.keys(this.formErrors).length > 0) {
+        return;
+      }
+
+      return argins;
+    }
+
+  }
+});

assets/js/pages/faq.page.js

@@ -0,0 +1,26 @@
+parasails.registerPage('faq', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function(){
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+  }
+});

assets/js/pages/homepage.page.js

@@ -0,0 +1,46 @@
+parasails.registerPage('homepage', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+    heroHeightSet: false,
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function(){
+    this._setHeroHeight();
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+    // Private methods not tied to a particular DOM event are prefixed with _
+    _setHeroHeight: function() {
+      var $hero = this.$find('[full-page-hero]');
+      var headerHeight = $('#page-header').outerHeight();
+      var heightToSet = $(window).height();
+      heightToSet = Math.max(heightToSet, 600);
+      heightToSet = Math.min(heightToSet, 1000);
+      $hero.css('min-height', heightToSet - headerHeight+'px');
+      this.heroHeightSet = true;
+    },
+
+    clickHeroButton: function() {
+      // Scroll to the 'get started' section:
+      $('html, body').animate({
+        scrollTop: this.$find('[role="scroll-destination"]').offset().top
+      }, 500);
+    }
+
+  }
+});

assets/js/pages/legal/privacy.page.js

@@ -0,0 +1,26 @@
+parasails.registerPage('privacy', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function(){
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+  }
+});

assets/js/pages/legal/terms.page.js

@@ -0,0 +1,26 @@
+parasails.registerPage('terms', {
+  //  ╦╔╗╔╦╔╦╗╦╔═╗╦    ╔═╗╔╦╗╔═╗╔╦╗╔═╗
+  //  ║║║║║ ║ ║╠═╣║    ╚═╗ ║ ╠═╣ ║ ║╣
+  //  ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝  ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
+  data: {
+
+  },
+
+  //  ╦  ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦  ╔═╗
+  //  ║  ║╠╣ ║╣ ║  ╚╦╝║  ║  ║╣
+  //  ╩═╝╩╚  ╚═╝╚═╝ ╩ ╚═╝╩═╝╚═╝
+  beforeMount: function() {
+    // Attach any initial data from the server.
+    _.extend(this, SAILS_LOCALS);
+  },
+  mounted: function(){
+
+  },
+
+  //  ╦╔╗╔╔╦╗╔═╗╦═╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
+  //  ║║║║ ║ ║╣ ╠╦╝╠═╣║   ║ ║║ ║║║║╚═╗
+  //  ╩╝╚╝ ╩ ╚═╝╩╚═╩ ╩╚═╝ ╩ ╩╚═╝╝╚╝╚═╝
+  methods: {
+
+  }
+});

assets/js/utilities/is-valid-email-address.js

@@ -0,0 +1,107 @@
+/**
+ * isValidEmailAddress()
+ *
+ * Determine whether a string is a valid email address.
+ *
+ * This checks that:
+ *
+ * • The string starts with an alphanumeric
+ * • The string contains an @ symbol
+ * • The character preceding the @ symbol is an alphanumeric
+ * • Has a string of alphanumeric characters following the @ symbol
+ * • Has a '.' after those alphanumeric characters
+ * • Has alphanumeric characters after the '.'
+ *   (More '.' characters are allowed, e.g. for '.co.uk', but must start and end with alphanumerics.)
+ *
+ * -----------------------------------------------------------------
+ * @param {Ref} supposedEmailAddress
+ * -----------------------------------------------------------------
+ * @returns {Boolean}
+ *
+ */
+
+parasails.registerUtility('isValidEmailAddress', function isValidEmailAddress(supposedEmailAddress) {
+
+  if(!_.isString(supposedEmailAddress)) {
+    return false;
+  }
+
+  // Lowercase the string.
+  supposedEmailAddress = supposedEmailAddress.toLowerCase();
+
+  // Create a couple handy regular expressions for use below.
+  // To validate whether a string starts with an alphanumeric character:
+  var doesntStartWithAlphanumericRX = new RegExp(/^[^a-z0-9]/);
+  // To validate whether a string ends with an alphanumeric character:
+  var doesntEndWithAlphanumericRX = new RegExp(/[^a-z0-9]$/);
+
+  // If the provided string doesn't start and end with an alphanumeric,
+  // it has room for improvement as far as being an email address goes.
+  if(supposedEmailAddress.match(doesntStartWithAlphanumericRX) || supposedEmailAddress.match(doesntEndWithAlphanumericRX)) {
+    return false;
+  }
+
+  // Otherwise, the beginning and end are valid.
+
+
+  // An email must contain an '@' symbol, so grab the chunks of the string on either side of that.
+  var chunksOnEitherSideOfAtSymbol = supposedEmailAddress.split('@');
+
+  // If there are not EXACTLY two chunks, that means the string has either no '@' symbols, or more than one.
+  // In either case, the string fails validation because only one '@' is allowed.
+  if(chunksOnEitherSideOfAtSymbol.length !== 2) {
+    return false;
+  }
+
+  // Otherwise, it passes the '@' check.
+
+
+  // Now, let's validate the first chunk (aka the part before the '@').
+  // If it doesn't start and end with an alphanumeric, this isn't a valid email.
+  if(chunksOnEitherSideOfAtSymbol[0].match(doesntStartWithAlphanumericRX) || chunksOnEitherSideOfAtSymbol[0].match(doesntEndWithAlphanumericRX)) {
+    return false;
+  }
+  // Otherwise, make sure it doesn't contain any naughty special characters
+  // (i.e. anything that isn't '.', '-', '_', or '+').
+  var notAllowedInFirstPartOfEmailRX = new RegExp(/[^a-z0-9\.\-\_\+]/);
+  if(chunksOnEitherSideOfAtSymbol[0].match(notAllowedInFirstPartOfEmailRX)) {
+    return false;
+  }
+
+  // Otherwise, the first chunk is 100% valid.
+
+  // Now, we'll validate the chunk after the '@'.
+  // If it doesn't start and end with an alphanumeric, this isn't a valid email.
+  if(chunksOnEitherSideOfAtSymbol[1].match(doesntStartWithAlphanumericRX) || chunksOnEitherSideOfAtSymbol[1].match(doesntEndWithAlphanumericRX)) {
+    return false;
+  }
+  // Otherwise, validate that the chunk has an appropriate number of '.' characters.
+  var chunksOnEitherSideOfPeriods = chunksOnEitherSideOfAtSymbol[1].split('.');
+  // If there is one chunk, the '.' is missing, so the string isn't a valid email.
+  if(chunksOnEitherSideOfPeriods.length === 1) {
+    return false;
+  }
+  // We'll let there be more than one chunk, because of tlds with multiple dots like '.co.uk',
+  // but if there are more than 3 dots (aka if there are 4+ chunks), we'll say this isn't legit.
+  if(chunksOnEitherSideOfPeriods.length >= 4) {
+    return false;
+  }
+
+  // Otherwise, we have a reasonable number of dots, so we'll evaluate the strings in between them.
+  _.each(chunksOnEitherSideOfPeriods, (chunk)=>{
+    // Validate that the characters at the beginning and end of this individual chunk are alphanumeric.
+    if(chunk.match(doesntStartWithAlphanumericRX) || chunk.match(doesntEndWithAlphanumericRX)) {
+      return false;
+    }
+    // Validate that the chunk does not contain any naughty characters.
+    var notAllowedInChunksThatNeighborDotsRX = new RegExp(/[^a-z0-9\-]/);
+    if(chunk.match(notAllowedInChunksThatNeighborDotsRX)) {
+      return false;
+    }
+  });
+
+  // Otherwise we've made it past all the checks. Overall, this string can really battle with the best of them.
+  // Its best quality is its emaily-ness. Its stats are the best I've ever seen! No doubt about it!
+  return true;
+
+});

assets/js/utilities/open-stripe-checkout.js

@@ -0,0 +1,87 @@
+/**
+ * openStripeCheckout()
+ *
+ * Open the Stripe Checkout modal dialog and resolve when it is closed.
+ *
+ * -----------------------------------------------------------------
+ * @param {String} stripePublishableKey
+ * @param {String} billingEmailAddress
+ * -----------------------------------------------------------------
+ * @returns {Dictionary?}  (or undefined if the form was cancelled)
+ *          e.g.
+ *          {
+ *            stripeToken: '…',
+ *            billingCardLast4: '…',
+ *            billingCardBrand: '…',
+ *            billingCardExpMonth: '…',
+ *            billingCardExpYear: '…'
+ *          }
+ */
+
+parasails.registerUtility('openStripeCheckout', async function openStripeCheckout(stripePublishableKey, billingEmailAddress) {
+
+  // Cache (& use cached) "checkout handler" globally on the page so that we
+  // don't end up configuring it more than once (i.e. so Stripe.js doesn't
+  // complain).
+  var CACHE_KEY = '_cachedStripeCheckoutHandler';
+  if (!window[CACHE_KEY]) {
+    window[CACHE_KEY] = StripeCheckout.configure({
+      key: stripePublishableKey,
+    });
+  }
+  var checkoutHandler = window[CACHE_KEY];
+
+  // Track whether the "token" callback was triggered.
+  // (If it has NOT at the time the "closed" callback is triggered, then we
+  // know the checkout form was cancelled.)
+  var hasTriggeredTokenCallback;
+
+  // Build a Promise & send it back as our "thenable" (AsyncFunction's return value).
+  // (this is necessary b/c we're wrapping an api that isn't `await`-compatible)
+  return new Promise((resolve, reject)=>{
+    try {
+      // Open Stripe checkout.
+      // (https://stripe.com/docs/checkout#integration-custom)
+      checkoutHandler.open({
+        name: 'NEW_APP_NAME',
+        description: 'Link your credit card.',
+        panelLabel: 'Save card',
+        email: billingEmailAddress,
+        locale: 'auto',
+        zipCode: false,
+        allowRememberMe: false,
+        closed: ()=>{
+          // If the Checkout dialog was cancelled, resolve undefined.
+          if (!hasTriggeredTokenCallback) {
+            resolve();
+          }
+        },
+        token: (stripeData)=>{
+
+          // After payment info has been successfully added, and a token
+          // was obtained...
+          hasTriggeredTokenCallback = true;
+
+          // Normalize token and billing card info from Stripe and resolve
+          // with that.
+          let stripeToken = stripeData.id;
+          let billingCardLast4 = stripeData.card.last4;
+          let billingCardBrand = stripeData.card.brand;
+          let billingCardExpMonth = String(stripeData.card.exp_month);
+          let billingCardExpYear = String(stripeData.card.exp_year);
+
+          resolve({
+            stripeToken,
+            billingCardLast4,
+            billingCardBrand,
+            billingCardExpMonth,
+            billingCardExpYear
+          });
+        }//Œ
+      });//_∏_
+    } catch (err) {
+      reject(err);
+    }
+  });//_∏_
+
+});

assets/robots.txt

@@ -0,0 +1,9 @@
+# The robots.txt file is used to control how search engines index your live URLs.
+# See https://sailsjs.com/anatomy/assets/robots-txt for more information.
+
+
+
+# If you want to discourage search engines from indexing this site, uncomment
+# the "User-Agent" and "Disallow" settings on the next two lines:
+# User-Agent: *
+# Disallow: /

assets/styles/importer.less

@@ -0,0 +1,35 @@
+/**
+ * importer.less
+ *
+ * By default, new Sails projects are configured to compile this file
+ * from LESS to CSS.  Unlike CSS files, LESS files are not compiled and
+ * included automatically unless they are imported below.
+ *
+ * For more information see:
+ *   https://sailsjs.com/anatomy/assets/styles/importer-less
+ */
+
+// Overall styleguide
+@import 'styleguide/index.less';
+
+// Overall layout
+@import 'layout.less';
+
+// Per-page styles
+@import 'pages/homepage.less';
+@import 'pages/welcome.less';
+@import 'pages/entrance/signup.less';
+@import 'pages/entrance/confirmed-email.less';
+@import 'pages/entrance/login.less';
+@import 'pages/entrance/forgot-password.less';
+@import 'pages/entrance/new-password.less';
+@import 'pages/account/account-overview.less';
+@import 'pages/account/change-password.less';
+@import 'pages/account/edit-profile.less';
+@import 'pages/legal/terms.less';
+@import 'pages/legal/privacy.less';
+@import 'pages/faq.less';
+@import 'pages/contact.less';
+@import 'pages/404.less';
+@import 'pages/500.less';
+@import 'pages/498.less';

assets/styles/layout.less

@@ -0,0 +1,77 @@
+@footer-height: 40px;
+@container-md-max-width: 1100px;
+
+[v-cloak] { display: none }
+
+html, body {
+  height: 100%;
+  margin: 0;
+}
+
+#page-wrap {
+  height: 100%;
+  height: auto!important;
+  min-height: 100%;
+  position: relative;
+  padding-bottom: @footer-height;
+
+  header {
+    a {
+      cursor: pointer;
+    }
+    .dropdown-menu.account-menu {
+      left: auto;
+      right: 0px;
+    }
+  }
+
+  // App-wide styles for our ajax buttons
+  .ajax-button {
+    .ajax-button();
+  }
+}
+
+#page-footer {
+  border-top: 1px solid rgba(0, 0, 0, 0.1);
+  height: @footer-height;
+  width: 100%;
+  position: absolute;
+  left: 0px;
+  bottom: 0px;
+  .xs-only {
+    display: none;
+  }
+}
+
+@media (max-width: 800px) {
+  #page-wrap {
+    padding-bottom: 75px;
+    #page-footer {
+      height: 75px;
+      .copy, .nav {
+        width: 100%;
+        display: block;
+        text-align: center;
+        .nav-item {
+          display: inline-block;
+          a {
+            display: inline-block;
+          }
+        }
+      }
+    }
+  }
+}
+
+@media (max-width: 450px) {
+  #page-wrap {
+    padding-bottom: 85px;
+    #page-footer {
+      height: 85px;
+      .xs-only {
+        display: block;
+      }
+    }
+  }
+}
+

assets/styles/pages/404.less

@@ -0,0 +1,21 @@
+[id="404"] {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .container {
+    .container-md();
+  }
+
+  .mobile-spacer {
+    display: none;
+  }
+
+  @media (max-width: 540px) {
+    br {
+      display: none;
+    }
+    .mobile-spacer {
+      display: inline;
+    }
+  }
+}

assets/styles/pages/498.less

@@ -0,0 +1,21 @@
+[id="498"] {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .container {
+    .container-md();
+  }
+
+  .mobile-spacer {
+    display: none;
+  }
+
+  @media (max-width: 540px) {
+    br {
+      display: none;
+    }
+    .mobile-spacer {
+      display: inline;
+    }
+  }
+}

assets/styles/pages/500.less

@@ -0,0 +1,21 @@
+[id="500"] {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .container {
+    .container-md();
+  }
+
+  .mobile-spacer {
+    display: none;
+  }
+
+  @media (max-width: 540px) {
+    br {
+      display: none;
+    }
+    .mobile-spacer {
+      display: inline;
+    }
+  }
+}

assets/styles/pages/account/account-overview.less

@@ -0,0 +1,17 @@
+#account-overview {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .account-settings-button {
+    width: 150px;
+  }
+
+  .remove-button {
+    color: @brand;
+    text-decoration: underline;
+    cursor: pointer;
+    &:hover {
+      color: @text-normal;
+    }
+  }
+}

assets/styles/pages/account/change-password.less

@@ -0,0 +1,4 @@
+#change-password {
+  padding-top: 75px;
+  padding-bottom: 75px;
+}

assets/styles/pages/account/edit-profile.less

@@ -0,0 +1,4 @@
+#edit-profile {
+  padding-top: 75px;
+  padding-bottom: 75px;
+}

assets/styles/pages/contact.less

@@ -0,0 +1,16 @@
+#contact {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .contact-form {
+    .container-md();
+    textarea {
+      height: 100px;
+    }
+  }
+
+  .success-message {
+    .container-sm();
+    text-align: center;
+  }
+}

assets/styles/pages/entrance/confirmed-email.less

@@ -0,0 +1,9 @@
+#confirmed-email {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .confirmation-message {
+    .container-sm();
+    text-align: center;
+  }
+}

assets/styles/pages/entrance/forgot-password.less

@@ -0,0 +1,14 @@
+#forgot-password {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .forgot-form {
+    .container-sm();
+  }
+
+  .success-message {
+    .container-sm();
+    text-align: center;
+  }
+
+}

assets/styles/pages/entrance/login.less

@@ -0,0 +1,8 @@
+#login {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .login-form-container {
+    .container-sm();
+  }
+}

assets/styles/pages/entrance/new-password.less

@@ -0,0 +1,8 @@
+#new-password {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .new-password-form {
+    .container-sm();
+  }
+}

assets/styles/pages/entrance/signup.less

@@ -0,0 +1,13 @@
+#signup {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  .signup-form {
+    .container-sm();
+  }
+
+  .success-message {
+    .container-sm();
+    text-align: center;
+  }
+}

assets/styles/pages/faq.less

@@ -0,0 +1,10 @@
+#faq {
+  padding-top: 75px;
+  padding-bottom: 75px;
+
+  @media (max-width: 500px) {
+    code {
+      word-break: break-all;
+    }
+  }
+}

assets/styles/pages/homepage.less

@@ -0,0 +1,162 @@
+#homepage {
+  a:not(.btn) {
+    color: @brand;
+    border-bottom: 1px solid @text-normal;
+    &:hover {
+      text-decoration: none;
+      color: @text-normal;
+    }
+  }
+
+  .hero {
+    padding-top: 100px;
+    padding-bottom: 25px;
+    color: @brand;
+    position: relative;
+    .hero-image {
+      width: 220px;
+      height: 170px;
+      margin-left: auto;
+      margin-right: auto;
+      position: relative;
+      img {
+        position: absolute;
+      }
+      .sky {
+        width: 170px;
+        left: 25px;
+        top: 25px;
+      }
+      .cloud {
+        .fly-fade();
+        width: 80px;
+        &.cloud-1 {
+          top: 55px;
+          left: -40px;
+          opacity: 0;
+          .animation-delay(3.5s);
+        }
+        &.cloud-2 {
+          top: 45px;
+          left: -40px;
+          opacity: 0;
+        }
+      }
+      .ship {
+        .skid();
+        width: 160px;
+        bottom: 50px;
+        left: 18px;
+      }
+      .water {
+        width: 170px;
+        bottom: 40px;
+        left: 25px;
+      }
+    }
+    h1 {
+      padding-bottom: 50px;
+    }
+    .more-info-text {
+      .bob();
+      cursor: pointer;
+      margin-top: 75px;
+      position: absolute;
+      width: 100%;
+      bottom: 25px;
+      left: 0px;
+      .text {
+        font-size: 16px;
+        text-transform: uppercase;
+        letter-spacing: 2px;
+        font-weight: 700;
+      }
+      .icon {
+        font-size: 20px;
+      }
+    }
+  }
+
+  .about-wrapper {
+    background-color: #eef5f9b8;
+    .about {
+      padding-top: 75px;
+      padding-bottom: 50px;
+      p {
+        max-width: 800px;
+        margin-left: auto;
+        margin-right: auto;
+      }
+    }
+    .features {
+      padding-top: 25px;
+      padding-bottom: 100px;
+      .feature {
+        .icon {
+          background-color: @brand;
+          color: @accent-white;
+          width: 75px;
+          height: 75px;
+          margin-left: auto;
+          margin-right: auto;
+          margin-bottom: 25px;
+          border-radius: 50%;
+          font-size: 35px;
+          line-height: 75px;
+          text-align: center;
+        }
+      }
+    }
+  }
+
+
+  .setup {
+    padding-top: 75px;
+    .step {
+      margin-top: 75px;
+      margin-bottom: 75px;
+      padding-left: 240px;
+      position: relative;
+      .step-image {
+        position: absolute;
+        left: 0px;
+        top: 0px;
+        width: 140px;
+        img {
+          width: 100%;
+        }
+      }
+    }
+  }
+
+  .pep-talk {
+    padding-top: 50px;
+    padding-bottom: 100px;
+    p {
+      max-width: 800px;
+      margin-left: auto;
+      margin-right: auto;
+    }
+    a {
+      border-bottom: none;
+    }
+  }
+
+  &.uninitialized {
+    height: 100%;
+    .hero, .about, .features, .setup, .pep-talk {
+      opacity: 0;
+    }
+  }
+
+  @media (max-width: 991px) {
+    .setup {
+      .step {
+        padding-left: 0px;
+        .step-image {
+          display: none;
+        }
+      }
+    }
+  }
+}

assets/styles/pages/legal/privacy.less

@@ -0,0 +1,4 @@
+#privacy{
+  padding-top: 75px;
+  padding-bottom: 75px;
+}

assets/styles/pages/legal/terms.less

@@ -0,0 +1,4 @@
+#terms{
+  padding-top: 75px;
+  padding-bottom: 75px;
+}

assets/styles/pages/welcome.less

@@ -0,0 +1,4 @@
+#welcome {
+  padding-top: 75px;
+  padding-bottom: 75px;
+}

assets/styles/styleguide/animations.less

@@ -0,0 +1,235 @@
+.animation-delay(@delay) {
+  -moz-animation-delay: @delay;
+  -webkit-animation-delay: @delay;
+  -ms-animation-delay: @delay;
+  -o-animation-delay: @delay;
+  animation-delay: @delay;
+}
+
+.animation-name(@name) {
+  -moz-animation-name: @name;
+  -webkit-animation-name: @name;
+  -ms-animation-name: @name;
+  -o-animation-name: @name;
+  animation-name: @name;
+}
+
+.animation-duration(@duration) {
+  -moz-animation-duration: @duration;
+  -webkit-animation-duration: @duration;
+  -ms-animation-duration: @duration;
+  -o-animation-duration: @duration;
+  animation-duration: @duration;
+}
+
+.animation-iteration-count(@iteration-count) {
+  -moz-animation-iteration-count: @iteration-count;
+  -webkit-animation-iteration-count: @iteration-count;
+  -ms-animation-iteration-count: @iteration-count;
+  -o-animation-iteration-count: @iteration-count;
+  animation-iteration-count: @iteration-count;
+}
+
+.animation-direction(@direction) {
+  -moz-animation-direction: @direction;
+  -webkit-animation-direction: @direction;
+  -ms-animation-direction: @direction;
+  -o-animation-direction: @direction;
+  animation-direction: @direction;
+}
+
+.animation-timing-function(@timingFunction) {
+  -moz-animation-timing-function: @timingFunction;
+  -webkit-animation-timing-function: @timingFunction;
+  -ms-animation-timing-function: @timingFunction;
+   -o-animation-timing-function: @timingFunction;
+  animation-timing-function: @timingFunction;
+}
+
+.transition (@transition) {
+  -webkit-transition: @transition;
+  -moz-transition   : @transition;
+  -ms-transition    : @transition;
+  -o-transition     : @transition;
+}
+
+.translate (@x, @y:0) {
+  -webkit-transform: translate(@x, @y);
+  -moz-transform   : translate(@x, @y);
+  -ms-transform    : translate(@x, @y);
+  -o-transform     : translate(@x, @y);
+  transform        : translate(@x, @y);
+}
+
+//Animations
+.fade-in() {
+  .animation-name(fade-in);
+  @-webkit-keyframes fade-in {
+    0%    {opacity: 0;}
+    100%  {opacity: 1;}
+  }
+  @-moz-keyframes fade-in {
+    0%    {opacity: 0;}
+    100%  {opacity: 1;}
+  }
+  @-o-keyframes fade-in {
+    0%    {opacity: 0;}
+    100%  {opacity: 1;}
+  }
+  @keyframes fade-in {
+    0%    {opacity: 0;}
+    100%  {opacity: 1;}
+  }
+}
+
+.loader(@dot-color: @accent-white){
+  display: inline-block;
+  margin: auto;
+  .loading-dot {
+    border-radius: 50%;
+    background-color: @dot-color;
+    float: left;
+    opacity: 0;
+    width: 16px;
+    height: 16px;
+    margin: 5px;
+    .fade-in();
+    .animation-duration(1s);
+    .animation-iteration-count(infinite);
+    .animation-direction(linear);
+    &.dot1 {
+      .animation-delay(0.25s);
+    }
+    &.dot2 {
+      .animation-delay(0.5s);
+    }
+    &.dot3 {
+      .animation-delay(0.75s);
+    }
+    &.dot4 {
+      .animation-delay(1s);
+    }
+  }
+}
+
+.skid() {
+  .animation-name(skid);
+  .animation-duration(2.5s);
+  .animation-iteration-count(infinite);
+  .animation-timing-function(linear);
+  @-webkit-keyframes skid {
+    0%   {-webkit-transform: translate(0px, 0px);}
+    10%  {-webkit-transform: translate(-1px, -1px);}
+    20%  {-webkit-transform: translate(-2px, -2px);}
+    30%  {-webkit-transform: translate(-3px, -2px);}
+    40%  {-webkit-transform: translate(-4px, -1px);}
+    50%  {-webkit-transform: translate(-5px, 0px);}
+    60%  {-webkit-transform: translate(-4px, 1px);}
+    70%  {-webkit-transform: translate(-3px, 2px);}
+    80%  {-webkit-transform: translate(-2px, 2px);}
+    90%  {-webkit-transform: translate(-1px, 1px);}
+    100% {-webkit-transform: translate(0, 0px);}
+  }
+  @-moz-keyframes skid {
+    0%   {-moz-transform: translate(0px, 0px);}
+    10%  {-moz-transform: translate(-1px, -1px);}
+    20%  {-moz-transform: translate(-2px, -2px);}
+    30%  {-moz-transform: translate(-3px, -2px);}
+    40%  {-moz-transform: translate(-4px, -1px);}
+    50%  {-moz-transform: translate(-5px, 0px);}
+    60%  {-moz-transform: translate(-4px, 1px);}
+    70%  {-moz-transform: translate(-3px, 2px);}
+    80%  {-moz-transform: translate(-2px, 2px);}
+    90%  {-moz-transform: translate(-1px, 1px);}
+    100% {-moz-transform: translate(0, 0px);}
+  }
+  @-o-keyframes skid {
+    0%   {-o-transform: translate(0px, 0px);}
+    10%  {-o-transform: translate(-1px, -1px);}
+    20%  {-o-transform: translate(-2px, -2px);}
+    30%  {-o-transform: translate(-3px, -2px);}
+    40%  {-o-transform: translate(-4px, -1px);}
+    50%  {-o-transform: translate(-5px, 0px);}
+    60%  {-o-transform: translate(-4px, 1px);}
+    70%  {-o-transform: translate(-3px, 2px);}
+    80%  {-o-transform: translate(-2px, 2px);}
+    90%  {-o-transform: translate(-1px, 1px);}
+    100% {-o-transform: translate(0, 0px);}
+  }
+  @keyframes skid {
+    0%   {transform: translate(0px, 0px);}
+    10%  {transform: translate(-1px, -1px);}
+    20%  {transform: translate(-2px, -2px);}
+    30%  {transform: translate(-3px, -2px);}
+    40%  {transform: translate(-4px, -1px);}
+    50%  {transform: translate(-5px, 0px);}
+    60%  {transform: translate(-4px, 1px);}
+    70%  {transform: translate(-3px, 2px);}
+    80%  {transform: translate(-2px, 2px);}
+    90%  {transform: translate(-1px, 1px);}
+    100% {transform: translate(0, 0px);}
+  }
+ }
+
+ .fly-fade() {
+  .animation-name(flyfade);
+  .animation-duration(7s);
+  .animation-iteration-count(infinite);
+  .animation-timing-function(linear);
+  @-webkit-keyframes flyfade {
+    0%   {-webkit-transform: translate(0px, 0px); opacity: 0;}
+    25%  { opacity: 1;}
+    50%  {-webkit-transform: translate(110px, 0px);}
+    75%  { opacity: 1;}
+    100% {-webkit-transform: translate(220px, 0); opacity: 0;}
+  }
+  @-moz-keyframes flyfade {
+    0%   {-moz-transform: translate(0, 0px); opacity: 0;}
+    25%  { opacity: 1;}
+    50%  {-moz-transform: translate(110px, 0px); opacity: 1;}
+    75%  { opacity: 1;}
+    100% {-moz-transform: translate(220px, 0); opacity: 0;}
+  }
+  @-o-keyframes flyfade {
+    0%   {-o-transform: translate(0, 0px); opacity: 0;}
+    25%  { opacity: 1;}
+    50%  {-o-transform: translate(110px, 0px); opacity: 1;}
+    75%  { opacity: 1;}
+    100% {-o-transform: translate(220px, 0); opacity: 0;}
+  }
+  @keyframes flyfade {
+    0%   {transform: translate(0, 0px); opacity: 0;}
+    25%  { opacity: 1;}
+    50%  {transform: translate(110px, 0px); opacity: 1;}
+    75%  { opacity: 1;}
+    100% {transform: translate(220px, 0); opacity: 0;}
+  }
+ }
+
+.bob() {
+  .animation-name(bob);
+  .animation-duration(3.2s);
+  .animation-iteration-count(infinite);
+  .animation-timing-function(ease-in-out);
+  @-webkit-keyframes bob {
+    0%   {-webkit-transform: translate(0px);}
+    50%  {-webkit-transform: translatey(-7px);}
+    100% {-webkit-transform: translatey(0px);}
+  }
+  @-moz-keyframes bob {
+    0%   {-moz-transform: translatey(0px);}
+    50%  {-moz-transform: translatey(-7px);}
+    100% {-moz-transform: translatey(0px);}
+  }
+  @-o-keyframes bob {
+    0%   {-o-transform: translatey(0px);}
+    50%  {-o-transform: translatey(-7px);}
+    100% {-o-transform: translatey(0px);}
+  }
+  @keyframes bob {
+    0%   {transform: translatey(0px);}
+    50%  {transform: translatey(-7px);}
+    100% {transform: translatey(0px);}
+  }
+ }
+

assets/styles/styleguide/buttons.less

@@ -0,0 +1,35 @@
+.btn-reset() {
+  border-top: none;
+  border-bottom: none;
+  border-left: none;
+  border-right: none;
+  background: transparent;
+  font-family: inherit;
+  cursor: pointer;
+  &:focus {
+    border-image: none;
+    outline: none;
+  }
+}
+
+
+.ajax-button() {
+  .button-loader, .button-loading {
+    .loader();
+    display: none;
+    .loading-dot {
+      width: 7px;
+      height: 7px;
+      margin: 0px 3px;
+      display: inline;
+    }
+  }
+  &.syncing {
+    .button-loader, .button-loading {
+      display: inline-block;
+    }
+    .button-text {
+      display: none;
+    }
+  }
+}

assets/styles/styleguide/colors.less

@@ -0,0 +1,17 @@
+/**
+ * Color Variables
+ */
+
+@brand: #14acc2;
+
+@error: #B53A03;
+
+
+@text-normal: #000;
+@text-muted: lighten(@text-normal, 60%);
+
+@bg-lt-gray: #f1f1f1;
+@border-lt-gray: darken(@bg-lt-gray, 5%);
+@accent-lt-gray: darken(#fff, 5%);
+@accent-md-gray: darken(#fff, 25%);
+@accent-white: #fff;