Merge pull request #1394 from Stirling-Tools/disableConfigUpdater

Disable config updater

.github/FUNDING.yml

@@ -10,4 +10,4 @@ liberapay: # Replace with a single Liberapay username
 issuehunt: # Replace with a single IssueHunt username
 otechie: # Replace with a single Otechie username
 lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
-custom: ['https://paypal.me/froodleplex?country.x=GB&locale.x=en_GB'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
+custom: ['https://www.paypal.com/donate/?hosted_button_id=MN7JPG5G6G3JL'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/workflows/build.yml

@@ -3,14 +3,8 @@ name: "Build repo"
 on:
   push:
     branches: ["main"]
-    paths-ignore:
-      - ".github/**"
-      - "**/*.md"
   pull_request:
     branches: ["main"]
-    paths-ignore:
-      - ".github/**"
-      - "**/*.md"
 
 jobs:
   build:
@@ -36,7 +30,7 @@ jobs:
 
       - uses: gradle/actions/setup-gradle@v3
         with:
-          gradle-version: 7.6
+          gradle-version: 8.7
 
       - name: Build with Gradle
         run: ./gradlew build --no-build-cache

.github/workflows/push-docker.yml

@@ -24,7 +24,7 @@ jobs:
 
       - uses: gradle/actions/setup-gradle@v3
         with:
-          gradle-version: 7.6
+          gradle-version: 8.7
 
       - name: Run Gradle Command
         run: ./gradlew clean build
@@ -110,3 +110,31 @@ jobs:
           labels: ${{ steps.meta2.outputs.labels }}
           build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
           platforms: linux/amd64,linux/arm64/v8
+
+
+      - name: Generate tags fat
+        id: meta3
+        uses: docker/metadata-action@v5
+        if: github.ref != 'refs/heads/main'
+        with:
+          images: |
+            ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
+            ghcr.io/${{ steps.repoowner.outputs.lowercase }}/s-pdf
+          tags: |
+            type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }}
+            type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }}
+
+      - name: Build and push main Dockerfile fat
+        uses: docker/build-push-action@v5
+        if: github.ref != 'refs/heads/main'
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          file: ./Dockerfile-fat
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.meta3.outputs.tags }}
+          labels: ${{ steps.meta3.outputs.labels }}
+          build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }}
+          platforms: linux/amd64,linux/arm64/v8

.github/workflows/releaseArtifacts.yml

@@ -29,7 +29,7 @@ jobs:
 
       - uses: gradle/actions/setup-gradle@v3
         with:
-          gradle-version: 7.6
+          gradle-version: 8.7
 
       - name: Generate jar (With Security=${{ matrix.enable_security }})
         run: ./gradlew clean createExe

.github/workflows/sync_files.yml

@@ -7,6 +7,7 @@ on:
     paths:
       - "build.gradle"
       - "src/main/resources/messages_*.properties"
+      - "scripts/translation_status.toml"
 
 permissions:
   contents: write
@@ -58,6 +59,8 @@ jobs:
         uses: actions/setup-python@v5.1.0
         with:
           python-version: "3.x"
+      - name: Install dependencies
+        run: pip install tomlkit
       - name: Sync README
         run: python scripts/counter_translation.py
       - name: Set up git config

.github/workflows/test.yml

@@ -32,6 +32,15 @@ jobs:
           sudo curl -SL "https://github.com/docker/compose/releases/download/v2.26.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
           # sudo chmod +x /usr/local/bin/docker-compose
 
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.7"
+          
+      - name: Pip requirements
+        run: |
+           pip install -r ./cucumber/requirements.txt
+              
       - name: Run Docker Compose Tests
         run: |
           chmod +x ./test.sh

.gitignore

@@ -124,4 +124,7 @@ watchedFolders/
 
 # Ignore Mac DS_Store files
 .DS_Store
-**/.DS_Store
+**/.DS_Store
+
+#cucumber
+/cucumber/reports/**

CONTRIBUTING.md

@@ -27,6 +27,10 @@ Please make sure your Pull Request adheres to the following guidelines:
 
 If you would like to add or modify a translation, please see [How to add new languages to Stirling-PDF](HowToAddNewLanguage.md). Also, please create a Pull Request so others can use it!
 
+## Docs
+
+Documentation for Stirling-PDF is handled in a separate repository. Please see [Docs repository](https://github.com/Stirling-Tools/Stirling-Tools.github.io) or use "edit this page"-button at the bottom of each page at [https://stirlingtools.com/docs/](https://stirlingtools.com/docs/).
+
 ## Fixing Bugs or Adding a New Feature
 
 First, make sure you've read the section [Pull Requests](#pull-requests).

Dockerfile

@@ -1,44 +1,42 @@
 # Main stage
-FROM alpine:20240329
+FROM alpine:3.20.0
 
 # Copy necessary files
 COPY scripts /scripts
 COPY pipeline /pipeline
-COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto
-COPY src/main/resources/static/fonts/*.otf /usr/share/fonts/opentype/noto
+COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
+#COPY src/main/resources/static/fonts/*.otf /usr/share/fonts/opentype/noto/
 COPY build/libs/*.jar app.jar
 
 ARG VERSION_TAG
 
-
 # Set Environment Variables
 ENV DOCKER_ENABLE_SECURITY=false \
     VERSION_TAG=$VERSION_TAG \
     JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \
-	HOME=/home/stirlingpdfuser \
-	PUID=1000 \
+    HOME=/home/stirlingpdfuser \
+    PUID=1000 \
     PGID=1000 \
     UMASK=022
 
-
 # JDK for app
 RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
     echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
     echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \
-    apk update && \
+    apk upgrade --no-cache -a && \
     apk add --no-cache \
         ca-certificates \
         tzdata \
         tini \
-        openssl \
-openssl-dev \
         bash \
         curl \
-        openjdk17-jre \
-        su-exec \
         shadow \
+        su-exec \
+        openssl \
+        openssl-dev \
+        openjdk21-jre \
 # Doc conversion
-        libreoffice@testing \
+        libreoffice \
 # pdftohtml
         poppler-utils \
 # OCR MY PDF (unpaper for descew and other advanced featues)
@@ -60,10 +58,9 @@ openssl-dev \
     addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
     chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
     chown stirlingpdfuser:stirlingpdfgroup /app.jar && \
-    tesseract --list-langs && \
-    rm -rf /var/cache/apk/*
+    tesseract --list-langs
 
-EXPOSE 8080
+EXPOSE 8080/tcp
 
 # Set user and run command
 ENTRYPOINT ["tini", "--", "/scripts/init.sh"]

Dockerfile-fat

@@ -0,0 +1,84 @@
+# Build the application
+FROM gradle:7.6-jdk17 AS build
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the entire project to the working directory
+COPY . .
+
+# Build the application with DOCKER_ENABLE_SECURITY=false
+RUN DOCKER_ENABLE_SECURITY=true \
+./gradlew clean build 
+
+# Main stage
+FROM alpine:3.20.0
+
+# Copy necessary files
+COPY scripts /scripts
+COPY pipeline /pipeline
+COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
+COPY --from=build /app/build/libs/*.jar app.jar
+
+ARG VERSION_TAG
+
+# Set Environment Variables
+ENV DOCKER_ENABLE_SECURITY=false \
+    VERSION_TAG=$VERSION_TAG \
+    JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \
+    HOME=/home/stirlingpdfuser \
+    PUID=1000 \
+    PGID=1000 \
+    UMASK=022 \
+    FAT_DOCKER=true \
+    INSTALL_BOOK_AND_ADVANCED_HTML_OPS=true
+    
+
+# JDK for app
+RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
+    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
+    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \
+    apk upgrade --no-cache -a && \
+    apk add --no-cache \
+        ca-certificates \
+        tzdata \
+        tini \
+        bash \
+        curl \
+        calibre@testing \
+        shadow \
+        su-exec \
+        openssl \
+        openssl-dev \
+        openjdk21-jre \
+# Doc conversion
+        libreoffice \
+# pdftohtml
+        poppler-utils \
+# OCR MY PDF (unpaper for descew and other advanced featues)
+        ocrmypdf \
+        tesseract-ocr-data-eng \
+        font-terminus font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra \
+# CV
+        py3-opencv \
+# python3/pip
+        python3 && \
+    wget https://bootstrap.pypa.io/get-pip.py -qO - | python3 - --break-system-packages --no-cache-dir --upgrade && \
+# uno unoconv and HTML
+    pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint && \
+    mv /usr/share/tessdata /usr/share/tessdata-original && \
+    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
+    fc-cache -f -v && \
+    chmod +x /scripts/* && \
+    chmod +x /scripts/init.sh && \
+# User permissions
+    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
+    chown stirlingpdfuser:stirlingpdfgroup /app.jar && \
+    tesseract --list-langs
+
+EXPOSE 8080/tcp
+
+# Set user and run command
+ENTRYPOINT ["tini", "--", "/scripts/init.sh"]
+CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]

Dockerfile-ultra-lite

@@ -1,5 +1,5 @@
 # use alpine
-FROM alpine:3.19.1
+FROM alpine:3.20.0
 
 ARG VERSION_TAG
 
@@ -8,7 +8,7 @@ ENV DOCKER_ENABLE_SECURITY=false \
     HOME=/home/stirlingpdfuser \
     VERSION_TAG=$VERSION_TAG \
     JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \
-	PUID=1000 \
+    PUID=1000 \
     PGID=1000 \
     UMASK=022
 
@@ -18,24 +18,23 @@ COPY scripts/init-without-ocr.sh /scripts/init-without-ocr.sh
 COPY pipeline /pipeline
 COPY build/libs/*.jar app.jar
 
-
 # Set up necessary directories and permissions
-
-RUN mkdir /configs /logs /customFiles && \
-    chmod +x /scripts/*.sh && \
+RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
+    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
+    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \
+    apk upgrade --no-cache -a && \
     apk add --no-cache \
         ca-certificates \
         tzdata \
         tini \
         bash \
         curl \
-        su-exec \
         shadow \
-        openjdk17-jre && \
-    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
-    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
-    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \
+        su-exec \
+        openjdk21-jre && \
     # User permissions
+    mkdir /configs /logs /customFiles && \
+    chmod +x /scripts/*.sh && \
     addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
     chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts  /configs /customFiles /pipeline && \
     chown stirlingpdfuser:stirlingpdfgroup /app.jar    
@@ -43,9 +42,8 @@ RUN mkdir /configs /logs /customFiles && \
 # Set environment variables
 ENV ENDPOINTS_GROUPS_TO_REMOVE=CLI
 
-EXPOSE 8080
-
-ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"]
+EXPOSE 8080/tcp
 
 # Run the application
+ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"]
 CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]

Endpoint-groups.md

@@ -1,46 +1,47 @@
-| Operation           | PageOps | Convert | Security | Other | CLI  | Python | OpenCV | LibreOffice | OCRmyPDF | Java     | Javascript |
-|---------------------|---------|---------|----------|-------|------|--------|--------|-------------|----------|----------|------------|
-| adjust-contrast     |    ✔️    |         |          |       |      |        |        |             |          |           |    ✔️      |
-| auto-split-pdf      |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| crop                |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| extract-page        |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| merge-pdfs          |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| multi-page-layout   |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| pdf-organizer       |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |    ✔️       |
-| pdf-to-single-page  |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| remove-pages        |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| rotate-pdf          |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| scale-pages         |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| split-pdfs          |    ✔️    |         |          |       |      |        |        |             |          |    ✔️     |            |
-| file-to-pdf         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| img-to-pdf          |         |    ✔️    |          |       |      |        |        |             |          |    ✔️     |            |
-| pdf-to-html         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-img          |         |    ✔️    |          |       |      |        |        |             |          |    ✔️     |            |
-| pdf-to-pdfa         |         |    ✔️    |          |       |  ✔️   |        |        |             |    ✔️     |          |            |
-| pdf-to-markdown     |         |    ✔️    |          |       |      |        |        |             |            |    ✔️      |            |
-| pdf-to-presentation |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-text         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-word         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| pdf-to-xml          |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| xlsx-to-pdf         |         |    ✔️    |          |       |  ✔️   |        |        |     ✔️       |          |          |            |
-| add-password        |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| add-watermark       |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| cert-sign           |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| change-permissions  |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| remove-password     |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| sanitize-pdf        |         |         |    ✔️     |       |      |        |        |             |          |    ✔️     |            |
-| add-image           |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| add-page-numbers    |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| auto-rename         |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| change-metadata     |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| compare             |         |         |          |  ✔️    |      |        |        |             |          |          |    ✔️       |
-| compress-pdf        |         |         |          |  ✔️    |  ✔️   |        |        |             |    ✔️     |          |            |
-| extract-image-scans |         |         |          |  ✔️    |  ✔️   |   ✔️    |   ✔️    |             |          |          |            |
-| extract-images      |         |         |          |  ✔️    |      |        |        |             |          |    ✔️     |            |
-| flatten             |         |         |          |  ✔️    |      |        |        |             |          |          |      ✔️      |
-| get-info-on-pdf     |         |         |          |  ✔️    |      |        |        |             |          |    ✔️      |            |
-| ocr-pdf             |         |         |          |  ✔️    |  ✔️   |        |        |             |    ✔️     |          |            |
-| remove-blanks       |         |         |          |  ✔️    |  ✔️   |   ✔️    |   ✔️    |             |          |          |            |
-| repair              |         |         |          |  ✔️    |  ✔️   |        |        |     ✔️       |          |          |            |
-| show-javascript     |         |         |          |  ✔️    |      |        |        |             |          |          |    ✔️       |
-| sign                |         |         |          |  ✔️    |      |        |        |             |          |          |    ✔️       |
+| Operation           | PageOps | Convert | Security | Other | CLI | Python | OpenCV | LibreOffice | OCRmyPDF | Java | Javascript |
+| ------------------- | ------- | ------- | -------- | ----- | --- | ------ | ------ | ----------- | -------- | ---- | ---------- |
+| adjust-contrast     | ✔️       |         |          |       |     |        |        |             |          |      | ✔️          |
+| auto-split-pdf      | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| crop                | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| extract-page        | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| merge-pdfs          | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| multi-page-layout   | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| pdf-organizer       | ✔️       |         |          |       |     |        |        |             |          | ✔️    | ✔️          |
+| pdf-to-single-page  | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| remove-pages        | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| rotate-pdf          | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| scale-pages         | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| split-pdfs          | ✔️       |         |          |       |     |        |        |             |          | ✔️    |            |
+| file-to-pdf         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| img-to-pdf          |         | ✔️       |          |       |     |        |        |             |          | ✔️    |            |
+| pdf-to-html         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-img          |         | ✔️       |          |       |     |        |        |             |          | ✔️    |            |
+| pdf-to-pdfa         |         | ✔️       |          |       | ✔️   |        |        |             | ✔️        |      |            |
+| pdf-to-markdown     |         | ✔️       |          |       |     |        |        |             |          | ✔️    |            |
+| pdf-to-presentation |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-text         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-word         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| pdf-to-xml          |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| xlsx-to-pdf         |         | ✔️       |          |       | ✔️   |        |        | ✔️           |          |      |            |
+| add-password        |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| add-watermark       |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| cert-sign           |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| remove-cert-sign    |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| change-permissions  |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| remove-password     |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| sanitize-pdf        |         |         | ✔️        |       |     |        |        |             |          | ✔️    |            |
+| add-image           |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| add-page-numbers    |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| auto-rename         |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| change-metadata     |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| compare             |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |
+| compress-pdf        |         |         |          | ✔️     | ✔️   |        |        |             | ✔️        |      |            |
+| extract-image-scans |         |         |          | ✔️     | ✔️   | ✔️      | ✔️      |             |          |      |            |
+| extract-images      |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| flatten             |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |
+| get-info-on-pdf     |         |         |          | ✔️     |     |        |        |             |          | ✔️    |            |
+| ocr-pdf             |         |         |          | ✔️     | ✔️   |        |        |             | ✔️        |      |            |
+| remove-blanks       |         |         |          | ✔️     | ✔️   | ✔️      | ✔️      |             |          |      |            |
+| repair              |         |         |          | ✔️     | ✔️   |        |        | ✔️           |          |      |            |
+| show-javascript     |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |
+| sign                |         |         |          | ✔️     |     |        |        |             |          |      | ✔️          |

HowToAddNewLanguage.md

@@ -34,5 +34,18 @@ Then simply translate all property entries within that file and make a PR into m
 
 If you do not have a java IDE i am happy to verify the changes worked once you raise PR (but won't be able to verify the translations themselves)
 
+## Handling Untranslatable Strings
 
+Sometimes, certain strings in the properties file may not require translation because they are the same in the target language or are universal (like names of protocols, certain terminologies, etc.). To ensure accurate statistics for language progress, these strings should be added to the `ignore_translation.toml` file located in the `scripts` directory. This will exclude them from the translation progress calculations.
 
+For example, if the English string error=Error does not need translation in Polish, add it to the ignore_translation.toml under the Polish section:
+
+```toml
+[pl_PL]
+ignore = [
+    "language.direction",  # Existing entries
+    "error"                # Add new entries here
+]
+```
+
+Make sure to place the entry under the correct language section. This helps maintain the accuracy of translation progress statistics and ensures that the translation tool or scripts do not misinterpret the completion rate.

LocalRunGuide.md

@@ -14,7 +14,7 @@ You could theoretically use a Distrobox/Toolbox, if your Distribution has old or
 
 Install the following software, if not already installed:
 
-- Java 17 or later
+- Java 17 or later (21 recommended)
 
 - Gradle 7.0 or later (included within repo so not needed on server)
 
@@ -42,17 +42,25 @@ For Debian-based systems, you can use the following command:
 
 ```bash
 sudo apt-get update
-sudo apt-get install -y git  automake  autoconf  libtool  libleptonica-dev  pkg-config zlib1g-dev make g++ openjdk-17-jdk python3 python3-pip
+sudo apt-get install -y git  automake  autoconf  libtool  libleptonica-dev  pkg-config zlib1g-dev make g++ openjdk-21-jdk python3 python3-pip
 ```
 
 For Fedora-based systems use this command:
 
 ```bash
-sudo dnf install -y git automake autoconf libtool leptonica-devel pkg-config zlib-devel make gcc-c++ java-17-openjdk python3 python3-pip
+sudo dnf install -y git automake autoconf libtool leptonica-devel pkg-config zlib-devel make gcc-c++ java-21-openjdk python3 python3-pip
+```
+
+For non-root users with Nix Package Manager, use the following command:
+```bash
+nix-channel --update
+nix-env -iA nixpkgs.jdk21 nixpkgs.git nixpkgs.python38 nixpkgs.gnumake nixpkgs.libgcc nixpkgs.automake nixpkgs.autoconf nixpkgs.libtool nixpkgs.pkg-config nixpkgs.zlib nixpkgs.leptonica
 ```
 
 ### Step 2: Clone and Build jbig2enc (Only required for certain OCR functionality)
 
+For Debian and Fedora, you can build it from source using the following commands:
+
 ```bash
 mkdir ~/.git
 cd ~/.git &&\
@@ -64,6 +72,11 @@ make &&\
 sudo make install
 ```
 
+For Nix, you will face `Leptonica not detected`. Bypass this by installing it directly using the following command:
+```bash
+nix-env -iA nixpkgs.jbig2enc
+```
+
 ### Step 3: Install Additional Software
 Next we need to install LibreOffice for conversions, ocrmypdf for OCR, and opencv for pattern recognition functionality.
 
@@ -105,6 +118,13 @@ sudo dnf install -y libreoffice-writer libreoffice-calc libreoffice-impress unpa
 pip3 install uno opencv-python-headless unoconv pngquant WeasyPrint
 ```
 
+For Nix:
+
+```bash
+nix-env -iA nixpkgs.unpaper nixpkgs.libreoffice nixpkgs.ocrmypdf nixpkgs.poppler_utils
+pip3 install uno opencv-python-headless unoconv pngquant WeasyPrint
+```
+
 ### Step 4: Clone and Build Stirling-PDF
 
 ```bash
@@ -115,13 +135,12 @@ chmod +x ./gradlew &&\
 ./gradlew build
 ```
 
-
 ### Step 5: Move jar to desired location
 
 After the build process, a `.jar` file will be generated in the `build/libs` directory.
 You can move this file to a desired location, for example, `/opt/Stirling-PDF/`.
 You must also move the Script folder within the Stirling-PDF repo that you have downloaded to this directory.
-This folder is required for the python scripts using OpenCV
+This folder is required for the python scripts using OpenCV.
 
 ```bash
 sudo mkdir /opt/Stirling-PDF &&\
@@ -129,19 +148,25 @@ sudo mv ./build/libs/Stirling-PDF-*.jar /opt/Stirling-PDF/ &&\
 sudo mv scripts /opt/Stirling-PDF/ &&\
 echo "Scripts installed."
 ```
+
+For non-root users, you can just keep the jar in the main directory of Stirling-PDF using the following command:
+```bash
+mv ./build/libs/Stirling-PDF-*.jar ./Stirling-PDF-*.jar
+```
+
 ### Step 6: Other files
 #### OCR
 If you plan to use the OCR (Optical Character Recognition) functionality, you might need to install language packs for Tesseract if running non-english scanning.
 
 ##### Installing Language Packs
-Easiest is to use the langpacks provided by your repositories. Skip the other steps
+Easiest is to use the langpacks provided by your repositories. Skip the other steps.
 
 Manual:
 
 1. Download the desired language pack(s) by selecting the `.traineddata` file(s) for the language(s) you need.
 2. Place the `.traineddata` files in the Tesseract tessdata directory: `/usr/share/tessdata`
-3.
-Please view  [OCRmyPDF install guide](https://ocrmypdf.readthedocs.io/en/latest/installation.html) for more info.
+3. Please view  [OCRmyPDF install guide](https://ocrmypdf.readthedocs.io/en/latest/installation.html) for more info.
+
 **IMPORTANT:** DO NOT REMOVE EXISTING `eng.traineddata`, IT'S REQUIRED.
 
 Debian based systems, install languages with this command:
@@ -171,14 +196,38 @@ dnf search -C tesseract-langpack-
 rpm -qa | grep tesseract-langpack | sed 's/tesseract-langpack-//g'
 ```
 
+Nix:
+
+```bash
+nix-env -iA nixpkgs.tesseract
+```
+
+**Note:** Nix Package Manager pre-installs almost all the language packs when tesseract is installed.
+
 ### Step 7: Run Stirling-PDF
 
+Those who have pushed to the root directory, run the following commands:
+
 ```bash
 ./gradlew bootRun
 or
 java -jar /opt/Stirling-PDF/Stirling-PDF-*.jar
 ```
 
+Since libreoffice, soffice, and conversion tools have their dbus_tmp_dir set as `dbus_tmp_dir="/run/user/$(id -u)/libreoffice-dbus"`, you might get the following error when using their endpoints:
+```
+[Thread-7] INFO  s.s.SPDF.utils.ProcessExecutor - mkdir: cannot create directory ‘/run/user/1501’: Permission denied
+```
+To resolve this, before starting the Stirling-PDF, you have to set the environment variable to a directory you have write access to by using the following commands:
+
+```bash
+mkdir temp
+export DBUS_SESSION_BUS_ADDRESS="unix:path=./temp"
+./gradlew bootRun
+or
+java -jar ./Stirling-PDF-*.jar
+```
+
 ### Step 8: Adding a Desktop icon
 
 This will add a modified Appstarter to your Appmenu.
@@ -202,7 +251,19 @@ EOF
 
 Note: Currently the app will run in the background until manually closed.
 
-### Optional: Run Stirling-PDF as a service
+### Optional: Changing the host and port of the application:
+
+To override the default configuration, you can add the following to `/.git/Stirling-PDF/configs/custom_settings.yml` file:
+
+```bash
+server:
+  host: 0.0.0.0
+  port: 3000
+```
+
+**Note:** This file is created after the first application launch. To have it before that, you can create the directory and add the file yourself.
+
+### Optional: Run Stirling-PDF as a service (requires root).
 
 First create a .env file, where you can store environment variables:
 ```
@@ -239,6 +300,7 @@ WantedBy=multi-user.target
 ```
 
 Notify systemd that it has to rebuild its internal service database (you have to run this command every time you make a change in the service file):
+
 ```
 sudo systemctl daemon-reload
 ```

README.md

@@ -5,12 +5,12 @@
 [![Discord](https://img.shields.io/discord/1068636748814483718?label=Discord)](https://discord.gg/Cn8pWhQRxZ)
 [![Docker Image Version (tag latest semver)](https://img.shields.io/docker/v/frooodle/s-pdf/latest)](https://github.com/Stirling-Tools/Stirling-PDF/)
 [![GitHub Repo stars](https://img.shields.io/github/stars/stirling-tools/stirling-pdf?style=social)](https://github.com/Stirling-Tools/stirling-pdf)
-[![Paypal Donate](https://img.shields.io/badge/Paypal%20Donate-yellow?style=flat&logo=paypal)](https://www.paypal.com/paypalme/froodleplex)
+[![Paypal Donate](https://img.shields.io/badge/Paypal%20Donate-yellow?style=flat&logo=paypal)](https://www.paypal.com/donate/?hosted_button_id=MN7JPG5G6G3JL)
 [![Github Sponsor](https://img.shields.io/badge/Github%20Sponsor-yellow?style=flat&logo=github)](https://github.com/sponsors/Frooodle)
 
 [![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg)](https://cloud.digitalocean.com/apps/new?repo=https://github.com/Stirling-Tools/Stirling-PDF/tree/digitalOcean&refcode=c3210994b1af)
 
-This is a robust, locally hosted web-based PDF manipulation tool using Docker. It enables you to carry out various operations on PDF files, including splitting, merging, converting, reorganizing, adding images, rotating, compressing, and more. Originally developed entirely by ChatGPT, this locally hosted web application has evolved to encompass a comprehensive set of features, addressing all your PDF requirements.
+This is a robust, locally hosted web-based PDF manipulation tool using Docker. It enables you to carry out various operations on PDF files, including splitting, merging, converting, reorganizing, adding images, rotating, compressing, and more. This locally hosted web application has evolved to encompass a comprehensive set of features, addressing all your PDF requirements.
 
 Stirling PDF does not initiate any outbound calls for record-keeping or tracking purposes.
 
@@ -159,37 +159,41 @@ Please view https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToUseOCR
 
 ## Supported Languages
 
-Stirling PDF currently supports 27!
+Stirling PDF currently supports 32!
 
 | Language                                    | Progress                               |
 | ------------------------------------------- | -------------------------------------- |
 | English (English) (en_GB)                   | ![100%](https://geps.dev/progress/100) |
 | English (US) (en_US)                        | ![100%](https://geps.dev/progress/100) |
-| Arabic (العربية) (ar_AR)                    | ![58%](https://geps.dev/progress/58)   |
-| German (Deutsch) (de_DE)                    | ![98%](https://geps.dev/progress/98)   |
+| Arabic (العربية) (ar_AR)                    | ![40%](https://geps.dev/progress/40)   |
+| German (Deutsch) (de_DE)                    | ![99%](https://geps.dev/progress/99)   |
 | French (Français) (fr_FR)                   | ![93%](https://geps.dev/progress/93)   |
-| Spanish (Español) (es_ES)                   | ![99%](https://geps.dev/progress/99)   |
-| Simplified Chinese (简体中文) (zh_CN)       | ![98%](https://geps.dev/progress/98)   |
-| Traditional Chinese (繁體中文) (zh_TW)      | ![98%](https://geps.dev/progress/98)   |
-| Catalan (Català) (ca_CA)                    | ![64%](https://geps.dev/progress/64)   |
+| Spanish (Español) (es_ES)                   | ![95%](https://geps.dev/progress/95)   |
+| Simplified Chinese (简体中文) (zh_CN)       | ![95%](https://geps.dev/progress/95)   |
+| Traditional Chinese (繁體中文) (zh_TW)      | ![94%](https://geps.dev/progress/94)   |
+| Catalan (Català) (ca_CA)                    | ![49%](https://geps.dev/progress/49)   |
 | Italian (Italiano) (it_IT)                  | ![98%](https://geps.dev/progress/98)   |
-| Swedish (Svenska) (sv_SE)                   | ![58%](https://geps.dev/progress/58)   |
-| Polish (Polski) (pl_PL)                     | ![59%](https://geps.dev/progress/59)   |
-| Romanian (Română) (ro_RO)                   | ![57%](https://geps.dev/progress/57)   |
-| Korean (한국어) (ko_KR)                     | ![93%](https://geps.dev/progress/93)   |
-| Portuguese Brazilian (Português) (pt_BR)    | ![73%](https://geps.dev/progress/73)   |
-| Russian (Русский) (ru_RU)                   | ![93%](https://geps.dev/progress/93)   |
-| Basque (Euskara) (eu_ES)                    | ![75%](https://geps.dev/progress/75)   |
-| Japanese (日本語) (ja_JP)                   | ![93%](https://geps.dev/progress/93)   |
-| Dutch (Nederlands) (nl_NL)                  | ![91%](https://geps.dev/progress/91)   |
-| Greek (Ελληνικά) (el_GR)                    | ![92%](https://geps.dev/progress/92)   |
-| Turkish (Türkçe) (tr_TR)                    | ![99%](https://geps.dev/progress/99)   |
-| Indonesia (Bahasa Indonesia) (id_ID)        | ![87%](https://geps.dev/progress/87)   |
-| Hindi (हिंदी) (hi_IN)                          | ![87%](https://geps.dev/progress/87)   |
-| Hungarian (Magyar) (hu_HU)                  | ![86%](https://geps.dev/progress/86)   |
-| Bulgarian (Български) (bg_BG)               | ![82%](https://geps.dev/progress/82)   |
-| Sebian Latin alphabet (Srpski) (sr_LATN_RS) | ![88%](https://geps.dev/progress/88)   |
-| Ukrainian (Українська) (uk_UA)              | ![93%](https://geps.dev/progress/93)   |
+| Swedish (Svenska) (sv_SE)                   | ![40%](https://geps.dev/progress/40)   |
+| Polish (Polski) (pl_PL)                     | ![42%](https://geps.dev/progress/42)   |
+| Romanian (Română) (ro_RO)                   | ![39%](https://geps.dev/progress/39)   |
+| Korean (한국어) (ko_KR)                     | ![87%](https://geps.dev/progress/87)   |
+| Portuguese Brazilian (Português) (pt_BR)    | ![61%](https://geps.dev/progress/61)   |
+| Russian (Русский) (ru_RU)                   | ![87%](https://geps.dev/progress/87)   |
+| Basque (Euskara) (eu_ES)                    | ![63%](https://geps.dev/progress/63)   |
+| Japanese (日本語) (ja_JP)                   | ![87%](https://geps.dev/progress/87)   |
+| Dutch (Nederlands) (nl_NL)                  | ![85%](https://geps.dev/progress/85)   |
+| Greek (Ελληνικά) (el_GR)                    | ![85%](https://geps.dev/progress/85)   |
+| Turkish (Türkçe) (tr_TR)                    | ![97%](https://geps.dev/progress/97)   |
+| Indonesia (Bahasa Indonesia) (id_ID)        | ![78%](https://geps.dev/progress/78)   |
+| Hindi (हिंदी) (hi_IN)                          | ![79%](https://geps.dev/progress/79)   |
+| Hungarian (Magyar) (hu_HU)                  | ![78%](https://geps.dev/progress/78)   |
+| Bulgarian (Български) (bg_BG)               | ![98%](https://geps.dev/progress/98)   |
+| Sebian Latin alphabet (Srpski) (sr_LATN_RS) | ![80%](https://geps.dev/progress/80)   |
+| Ukrainian (Українська) (uk_UA)              | ![86%](https://geps.dev/progress/86)   |
+| Slovakian (Slovensky) (sk_SK)               | ![95%](https://geps.dev/progress/95)   |
+| Czech (Česky) (cs_CZ)                       | ![94%](https://geps.dev/progress/94)   |
+| Croatian (Hrvatski) (hr_HR)                 | ![98%](https://geps.dev/progress/98)   |
+| Norwegian (Norsk) (no_NB)                   | ![98%](https://geps.dev/progress/98)   |
 
 ## Contributing (creating issues, translations, fixing bugs, etc.)
 
@@ -201,7 +205,7 @@ Stirling PDF allows easy customization of the app.
 Includes things like
 
 - Custom application name
-- Custom slogans, icons, images, and even custom HTML (via file overrides)
+- Custom slogans, icons, HTML, images CSS etc (via file overrides) 
 
 There are two options for this, either using the generated settings file ``settings.yml``
 This file is located in the ``/configs`` directory and follows standard YAML formatting
@@ -211,38 +215,72 @@ For example in the settings.yml you have
 
 ```yaml
 system:
-  defaultLocale: 'en-US'
+  enableLogin: 'true'
 ```
 
-To have this via an environment variable you would have ``SYSTEM_DEFAULTLOCALE``
+To have this via an environment variable you would have ``SYSTEM_ENABLELOGIN``
 
 The Current list of settings is
 
 ```yaml
 security:
   enableLogin: false # set to 'true' to enable login
-  csrfDisabled: true
+  csrfDisabled: true # Set to 'true' to disable CSRF protection (not recommended for production)
+  loginAttemptCount: 5 # lock user account after 5 tries
+  loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
+#  initialLogin:
+#    username: "admin" # Initial username for the first login
+#    password: "stirling" # Initial password for the first login
+#  oauth2:
+#    enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
+#    issuer: "" # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) end-point
+#    clientId: "" # Client ID from your provider
+#    clientSecret: "" # Client Secret from your provider
+#    autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
+#    useAsUsername: "email" # Default is 'email'; custom fields can be used as the username
+#    scopes: "openid, profile, email" # Specify the scopes for which the application will request permissions
+#    provider: "google" # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
+#    client:
+#      google:
+#        clientId: "" # Client ID for Google OAuth2
+#        clientSecret: "" # Client Secret for Google OAuth2
+#        scopes: "https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile" # Scopes for Google OAuth2
+#        useAsUsername: "email" # Field to use as the username for Google OAuth2
+#      github:
+#        clientId: "" # Client ID for GitHub OAuth2
+#        clientSecret: "" # Client Secret for GitHub OAuth2
+#        scopes: "read:user" # Scope for GitHub OAuth2
+#        useAsUsername: "login" # Field to use as the username for GitHub OAuth2
+#      keycloak:
+#        issuer: "http://192.168.0.123:8888/realms/stirling-pdf" # URL of the Keycloak realm's OpenID Connect Discovery endpoint
+#        clientId: "stirling-pdf" # Client ID for Keycloak OAuth2
+#        clientSecret: "" # Client Secret for Keycloak OAuth2
+#        scopes: "openid, profile, email" # Scopes for Keycloak OAuth2
+#        useAsUsername: "email" # Field to use as the username for Keycloak OAuth2
 
 system:
   defaultLocale: 'en-US' # Set the default language (e.g. 'de-DE', 'fr-FR', etc)
   googlevisibility: false # 'true' to allow Google visibility (via robots.txt), 'false' to disallow
-  customStaticFilePath: '/customFiles/static/' # Directory path for custom static files
+  enableAlphaFunctionality: false # Set to enable functionality which might need more testing before it fully goes live (This feature might make no changes)
   showUpdate: true # see when a new update is available
   showUpdateOnlyAdmin: false # Only admins can see when a new update is available, depending on showUpdate it must be set to 'true'
+  customHTMLFiles: false # enable to have files placed in /customFiles/templates override the existing template html files
 
-#ui:
-#  appName: exampleAppName # Application's visible name
-#  homeDescription: I am a description # Short description or tagline shown on homepage.
-#  appNameNavbar: navbarName # Name displayed on the navigation bar
+ui:
+  appName: null # Application's visible name
+  homeDescription: null # Short description or tagline shown on homepage.
+  appNameNavbar: null # Name displayed on the navigation bar
 
 endpoints:
   toRemove: [] # List endpoints to disable (e.g. ['img-to-pdf', 'remove-pages'])
   groupsToRemove: [] # List groups to disable (e.g. ['LibreOffice'])
 
 metrics:
-  enabled: true # 'true' to enable Info APIs endpoints (view http://localhost:8080/swagger-ui/index.html#/API to learn more), 'false' to disable
+  enabled: true # 'true' to enable Info APIs (`/api/*`) endpoints, 'false' to disable
 ```
 
+There is an additional config file ``/configs/custom_settings.yml`` were users familiar with java and spring application.properties can input their own settings on-top of Stirling-PDFs existing ones
+
 ### Extra notes
 
 - Endpoints. Currently, the endpoints ENDPOINTS_TO_REMOVE and GROUPS_TO_REMOVE can include comma separate lists of endpoints and groups to disable as example ENDPOINTS_TO_REMOVE=img-to-pdf,remove-pages would disable both image-to-pdf and remove pages, GROUPS_TO_REMOVE=LibreOffice Would disable all things that use LibreOffice. You can see a list of all endpoints and groups [here](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Endpoint-groups.md)
@@ -268,7 +306,7 @@ For those wanting to use Stirling-PDFs backend API to link with their own custom
 ### Prerequisites:
 
 - User must have the folder ./configs volumed within docker so that it is retained during updates.
-- Docker uses must download the security jar version by setting ``DOCKER_ENABLE_SECURITY`` to ``true`` in environment variables.
+- Docker users must download the security jar version by setting ``DOCKER_ENABLE_SECURITY`` to ``true`` in environment variables.
 - Then either enable login via the settings.yml file or via setting ``SECURITY_ENABLE_LOGIN`` to ``true``
 - Now the initial user will be generated with username ``admin`` and password ``stirling``. On login you will be forced to change the password to a new one. You can also use the environment variables ``SECURITY_INITIALLOGIN_USERNAME`` and  ``SECURITY_INITIALLOGIN_PASSWORD`` to set your own straight away (Recommended to remove them after user creation).
 

Version-groups.md

@@ -1,52 +1,53 @@
-| Technology     | Ultra-Lite | Full |
-|----------------|:----------:|:----:|
-| Java           |     ✔️      |  ✔️  |
-| JavaScript     |     ✔️      |  ✔️  |
-| Libre          |            |  ✔️  |
-| Python         |            |  ✔️  |
-| OpenCV         |            |  ✔️  |
-| OCRmyPDF       |            |  ✔️  |
+| Technology | Ultra-Lite | Full  |
+| ---------- | :--------: | :---: |
+| Java       |     ✔️      |   ✔️   |
+| JavaScript |     ✔️      |   ✔️   |
+| Libre      |            |   ✔️   |
+| Python     |            |   ✔️   |
+| OpenCV     |            |   ✔️   |
+| OCRmyPDF   |            |   ✔️   |
 
-Operation                | Ultra-Lite | Full
--------------------------|------------|-----
-add-page-numbers         |     ✔️      |  ✔️
-add-password             |     ✔️      |  ✔️
-add-image                |     ✔️      |  ✔️
-add-watermark            |     ✔️      |  ✔️
-adjust-contrast          |     ✔️      |  ✔️
-auto-split-pdf           |     ✔️      |  ✔️
-auto-redact              |     ✔️      |  ✔️
-auto-rename              |     ✔️      |  ✔️
-cert-sign                |     ✔️      |  ✔️
-crop                     |     ✔️      |  ✔️
-change-metadata          |     ✔️      |  ✔️
-change-permissions       |     ✔️      |  ✔️
-compare                  |     ✔️      |  ✔️
-extract-page             |     ✔️      |  ✔️
-extract-images           |     ✔️      |  ✔️
-flatten                  |     ✔️      |  ✔️
-get-info-on-pdf          |     ✔️      |  ✔️
-img-to-pdf               |     ✔️      |  ✔️
-markdown-to-pdf          |     ✔️      |  ✔️
-merge-pdfs               |     ✔️      |  ✔️
-multi-page-layout        |     ✔️      |  ✔️
-overlay-pdf              |     ✔️      |  ✔️
-pdf-organizer            |     ✔️      |  ✔️
-pdf-to-csv               |     ✔️      |  ✔️
-pdf-to-img               |     ✔️      |  ✔️
-pdf-to-single-page       |     ✔️      |  ✔️
-remove-pages             |     ✔️      |  ✔️
-remove-password          |     ✔️      |  ✔️
-rotate-pdf               |     ✔️      |  ✔️
-sanitize-pdf             |     ✔️      |  ✔️
-scale-pages              |     ✔️      |  ✔️
-sign                     |     ✔️      |  ✔️
-show-javascript          |     ✔️      |  ✔️
-split-by-size-or-count   |     ✔️      |  ✔️
-split-pdf-by-sections    |     ✔️      |  ✔️
-split-pdfs               |     ✔️      |  ✔️
-compress-pdf             |            |  ✔️
-extract-image-scans      |            |  ✔️
-ocr-pdf                  |            |  ✔️
-pdf-to-pdfa              |            |  ✔️
-remove-blanks            |            |  ✔️
+| Operation              | Ultra-Lite | Full |
+| ---------------------- | ---------- | ---- |
+| add-page-numbers       | ✔️          | ✔️    |
+| add-password           | ✔️          | ✔️    |
+| add-image              | ✔️          | ✔️    |
+| add-watermark          | ✔️          | ✔️    |
+| adjust-contrast        | ✔️          | ✔️    |
+| auto-split-pdf         | ✔️          | ✔️    |
+| auto-redact            | ✔️          | ✔️    |
+| auto-rename            | ✔️          | ✔️    |
+| cert-sign              | ✔️          | ✔️    |
+| remove-cert-sign       | ✔️          | ✔️    |
+| crop                   | ✔️          | ✔️    |
+| change-metadata        | ✔️          | ✔️    |
+| change-permissions     | ✔️          | ✔️    |
+| compare                | ✔️          | ✔️    |
+| extract-page           | ✔️          | ✔️    |
+| extract-images         | ✔️          | ✔️    |
+| flatten                | ✔️          | ✔️    |
+| get-info-on-pdf        | ✔️          | ✔️    |
+| img-to-pdf             | ✔️          | ✔️    |
+| markdown-to-pdf        | ✔️          | ✔️    |
+| merge-pdfs             | ✔️          | ✔️    |
+| multi-page-layout      | ✔️          | ✔️    |
+| overlay-pdf            | ✔️          | ✔️    |
+| pdf-organizer          | ✔️          | ✔️    |
+| pdf-to-csv             | ✔️          | ✔️    |
+| pdf-to-img             | ✔️          | ✔️    |
+| pdf-to-single-page     | ✔️          | ✔️    |
+| remove-pages           | ✔️          | ✔️    |
+| remove-password        | ✔️          | ✔️    |
+| rotate-pdf             | ✔️          | ✔️    |
+| sanitize-pdf           | ✔️          | ✔️    |
+| scale-pages            | ✔️          | ✔️    |
+| sign                   | ✔️          | ✔️    |
+| show-javascript        | ✔️          | ✔️    |
+| split-by-size-or-count | ✔️          | ✔️    |
+| split-pdf-by-sections  | ✔️          | ✔️    |
+| split-pdfs             | ✔️          | ✔️    |
+| compress-pdf           |            | ✔️    |
+| extract-image-scans    |            | ✔️    |
+| ocr-pdf                |            | ✔️    |
+| pdf-to-pdfa            |            | ✔️    |
+| remove-blanks          |            | ✔️    |

build.gradle

@@ -12,14 +12,15 @@ plugins {
 import com.github.jk1.license.render.*
 
 group = 'stirling.software'
-version = '0.23.0'
+version = '0.25.2'
+
+//17 is lowest but we support and recommend 21
 sourceCompatibility = '17'
 
 repositories {
     mavenCentral()
 }
 
-
 licenseReport {
     renderers = [new JsonReportRenderer()]
 }
@@ -54,8 +55,8 @@ launch4j {
   headerType="console"
   jarTask = tasks.bootJar
 
-  errTitle="Encountered error, Do you have Java 17?"
-  downloadUrl="https://download.oracle.com/java/17/latest/jdk-17_windows-x64_bin.exe"
+  errTitle="Encountered error, Do you have Java 21?"
+  downloadUrl="https://download.oracle.com/java/21/latest/jdk-21_windows-x64_bin.exe"
   variables=["BROWSER_OPEN=true", "ENDPOINTS_GROUPS_TO_REMOVE=CLI"]
   jreMinVersion="17"
 
@@ -64,8 +65,8 @@ launch4j {
 
   messagesStartupError="An error occurred while starting Stirling-PDF"
   //messagesJreNotFoundError="This application requires a Java Runtime Environment, Please download Java 17."
-  messagesJreVersionError="You are running the wrong version of Java, Please download Java 17."
-  messagesLauncherError="Java is corrupted. Please uninstall and then install  Java 17."
+  messagesJreVersionError="You are running the wrong version of Java, Please download Java 21."
+  messagesLauncherError="Java is corrupted. Please uninstall and then install  Java 21."
   messagesInstanceAlreadyExists="Stirling-PDF is already running."
 }
 
@@ -92,13 +93,20 @@ dependencies {
     implementation("io.github.pixee:java-security-toolkit:1.1.3")
 
     implementation 'org.yaml:snakeyaml:2.2'
-    implementation 'org.springframework.boot:spring-boot-starter-web:3.2.4'
+    
+    // Exclude Tomcat and include Jetty
+    implementation('org.springframework.boot:spring-boot-starter-web:3.2.4') {
+        exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
+    }
+    implementation 'org.springframework.boot:spring-boot-starter-jetty:3.2.4'
+    
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.4'
 
     if (System.getenv('DOCKER_ENABLE_SECURITY') != 'false') {
         implementation 'org.springframework.boot:spring-boot-starter-security:3.2.4'
         implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE'
         implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.4"
+        implementation 'org.springframework.boot:spring-boot-starter-oauth2-client:3.2.4'
 
         //2.2.x requires rebuild of DB file.. need migration path
         implementation "com.h2database:h2:2.1.214"
@@ -163,14 +171,14 @@ dependencies {
     annotationProcessor 'org.projectlombok:lombok:1.18.32'
 }
 
-tasks.withType(JavaCompile) {
+tasks.withType(JavaCompile).configureEach {
     dependsOn 'spotlessApply'
 }
 compileJava {
     options.compilerArgs << '-parameters'
 }
 
-task writeVersion {
+tasks.register('writeVersion') {
     def propsFile = file('src/main/resources/version.properties')
     def props = new Properties()
     props.setProperty('version', version)
@@ -187,8 +195,6 @@ swaggerhubUpload {
     oas '3.0.0'  // The version of the OpenAPI Specification you're using
 }
 
-
-
 jar {
     enabled = false
     manifest {
@@ -202,6 +208,6 @@ tasks.named('test') {
     useJUnitPlatform()
 }
 
-task printVersion {
-  println project.version
+tasks.register('printVersion') {
+    println project.version
 }

chart/stirling-pdf/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.23.0
+appVersion: 0.25.2
 description: locally hosted web application that allows you to perform various operations
   on PDF files
 home: https://github.com/Stirling-Tools/Stirling-PDF

cucumber/exampleFiles/example.rtf

@@ -0,0 +1,158 @@
+{\rtf1\ansi\ansicpg1252\uc0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deff0\adeff0{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f2\fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}}{\colortbl;\red0\green0\blue0;\red67\green67\blue67;
+\red102\green102\blue102;}{\stylesheet{\s0\snext0\sqformat\spriority0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1 Normal;}{\s1\sbasedon0\snext0\styrsid15694742
+\sqformat\spriority0\keep\keepn\fi0\sb400\sa120\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai0\af2\afs40\ltrch\b0\i0\fs40\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1 heading 1;}{\s2\sbasedon0\snext0\styrsid15694742
+\sqformat\spriority0\keep\keepn\fi0\sb360\sa120\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai0\af2\afs32\ltrch\b0\i0\fs32\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1 heading 2;}{\s3\sbasedon0\snext0\styrsid15694742
+\sqformat\spriority0\keep\keepn\fi0\sb320\sa80\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai0\af2\afs28\ltrch\b0\i0\fs28\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf2 heading 3;}{\s4\sbasedon0\snext0\styrsid15694742
+\sqformat\spriority0\keep\keepn\fi0\sb280\sa80\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai0\af2\afs24\ltrch\b0\i0\fs24\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf3 heading 4;}{\s5\sbasedon0\snext0\styrsid15694742
+\sqformat\spriority0\keep\keepn\fi0\sb240\sa80\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf3 heading 5;}{\s6\sbasedon0\snext0\styrsid15694742
+\sqformat\spriority0\keep\keepn\fi0\sb240\sa80\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai\af2\afs22\ltrch\b0\i\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf3 heading 6;}{\*\cs10\additive\ssemihidden\spriority0 Default Paragraph Font;
+}{\*\ts11\tsrowd\snext11\ssemihidden\spriority0\aspalpha\aspnum\adjustright\ltrpar\li0\lin0\ri0\rin0\ql\faauto\tsvertalt\tsbrdrl\tsbrdrr\tsbrdrt\tsbrdrb\tsbrdrdgr\tsbrdrdgl\tsbrdrh\tsbrdrv\trpaddl108\trpaddfl3\trwWidthB0\trftsWidthB3\trpaddt0\trpaddft3\trpaddb0
+\trpaddfb3\trpaddr108\trpaddfr3 Normal Table;}{\s15\sbasedon0\snext15\styrsid15694742\sqformat\spriority0\keep\keepn\fi0\sb0\sa60\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai0\af2\afs52\ltrch\b0\i0\fs52\loch\af2
+\dbch\af2\hich\f2\strike0\ulnone\cf1 Title;}{\s16\sbasedon0\snext16\styrsid15694742\sqformat\spriority0\keep\keepn\fi0\sb0\sa320\aspalpha\aspnum\adjustright\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl240\slmult1\rtlch\ab0\ai0\af2\afs30\ltrch\b0\i0\fs30
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf3 Subtitle;}}{\*\rsidtbl\rsid10976062\rsid13249109}{\*\generator Aspose.Words for Java 23.4.0;}{\info\version1\edmins0\nofpages1\nofwords0\nofchars0\nofcharsws0}\paperw12240\paperh15840\margl1440\margr1440\margt1440\margb1440\gutter0{
+\mmathPr\mbrkBin0\mbrkBinSub0\mdefJc1\mdispDef1\minterSp0\mintLim0\mintraSp0\mlMargin0\mmathFont0\mnaryLim1\mpostSp0\mpreSp0\mrMargin0\msmallFrac0\mwrapIndent1440\mwrapRight0}\deflang1033\deflangfe2052\adeflang1025\jexpand\showxmlerrors1\validatexml1{
+\*\wgrffmtfilter 013f}\viewkind1\viewscale100\fet0\ftnbj\aenddoc\ftnrstcont\aftnrstcont\ftnnar\aftnnrlc\widowctrl\nospaceforul\nolnhtadjtbl\alntblind\lyttblrtgr\dntblnsbdb\noxlattoyen\wrppunct\nobrkwrptbl\expshrtn\snaptogridincell\asianbrkrule\htmautsp\noultrlspc
+\useltbaln\splytwnine\ftnlytwnine\lytcalctblwd\allowfieldendsel\lnbrkrule\nouicompat\nofeaturethrottle1\utinl\formshade\nojkernpunct\dghspace180\dgvspace180\dghorigin1800\dgvorigin1440\dghshow1\dgvshow1\dgmargin\pgbrdrhead\pgbrdrfoot\rsidroot10976062\sectd\sectlinegrid360\pgwsxn12240\pghsxn15840\marglsxn1440\margrsxn1440\margtsxn1440\margbsxn1440\guttersxn0\headery720\footery720\colsx720\ltrsect\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar
+\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\alang1025\afs22\ltrch\b0\i0\fs22\lang1033\langnp1033\langfe1033\langfenp1033\loch\af2\dbch\af2
+\hich\f2\strike0\ulnone\cf1 A}{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar
+\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\alang1025\afs22\ltrch\b0\i0\fs22\lang1033\langnp1033\langfe1033\langfenp1033\loch\af2
+\dbch\af2\hich\f2\strike0\ulnone\cf1 B}{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar
+\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard
+\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0
+\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0
+\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0
+\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0
+\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2
+\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw
+\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}
+\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22
+\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}\pard\plain\itap0\s0\ilvl0\fi0\sb0\sa0\aspalpha\aspnum\adjustright\brdrt\brdrl\brdrb
+\brdrr\brdrbtw\brdrbar\widctlpar\ltrpar\li0\lin0\ri0\rin0\ql\faauto\sl276\slmult1\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1{\rtlch\ab0\ai0\af2\alang1025\afs22\ltrch\b0\i0\fs22\lang1033\langnp1033\langfe1033\langfenp1033
+\loch\af2\dbch\af2\hich\f2\strike0\ulnone\cf1 C}{\rtlch\ab0\ai0\af2\afs22\ltrch\b0\i0\fs22\loch\af2\dbch\af2\hich\f2\insrsid10976062\strike0\ulnone\cf1\par}{
+\*\latentstyles\lsdstimax267\lsdlockeddef0\lsdsemihiddendef0\lsdunhideuseddef0\lsdqformatdef0\lsdprioritydef0{\lsdlockedexcept\lsdqformat1 Normal;\lsdqformat1 heading 1;\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 2;\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 3;
+\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 4;\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 5;\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 6;\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 7;\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 8;
+\lsdsemihidden1\lsdunhideused1\lsdqformat1 heading 9;\lsdsemihidden1\lsdunhideused1\lsdqformat1 caption;\lsdqformat1 Title;\lsdqformat1 Subtitle;\lsdqformat1 Strong;\lsdqformat1 Emphasis;\lsdsemihidden1\lsdpriority99 Placeholder Text;\lsdqformat1\lsdpriority1 No Spacing;
+\lsdpriority60 Light Shading;\lsdpriority61 Light List;\lsdpriority62 Light Grid;\lsdpriority63 Medium Shading 1;\lsdpriority64 Medium Shading 2;\lsdpriority65 Medium List 1;\lsdpriority66 Medium List 2;\lsdpriority67 Medium Grid 1;\lsdpriority68 Medium Grid 2;
+\lsdpriority69 Medium Grid 3;\lsdpriority70 Dark List;\lsdpriority71 Colorful Shading;\lsdpriority72 Colorful List;\lsdpriority73 Colorful Grid;\lsdpriority60 Light Shading Accent 1;\lsdpriority61 Light List Accent 1;\lsdpriority62 Light Grid Accent 1;\lsdpriority63 Medium Shading 1 Accent 1;
+\lsdpriority64 Medium Shading 2 Accent 1;\lsdpriority65 Medium List 1 Accent 1;\lsdsemihidden1\lsdpriority99 Revision;\lsdqformat1\lsdpriority34 List Paragraph;\lsdqformat1\lsdpriority29 Quote;\lsdqformat1\lsdpriority30 Intense Quote;\lsdpriority66 Medium List 2 Accent 1;
+\lsdpriority67 Medium Grid 1 Accent 1;\lsdpriority68 Medium Grid 2 Accent 1;\lsdpriority69 Medium Grid 3 Accent 1;\lsdpriority70 Dark List Accent 1;\lsdpriority71 Colorful Shading Accent 1;\lsdpriority72 Colorful List Accent 1;\lsdpriority73 Colorful Grid Accent 1;
+\lsdpriority60 Light Shading Accent 2;\lsdpriority61 Light List Accent 2;\lsdpriority62 Light Grid Accent 2;\lsdpriority63 Medium Shading 1 Accent 2;\lsdpriority64 Medium Shading 2 Accent 2;\lsdpriority65 Medium List 1 Accent 2;\lsdpriority66 Medium List 2 Accent 2;
+\lsdpriority67 Medium Grid 1 Accent 2;\lsdpriority68 Medium Grid 2 Accent 2;\lsdpriority69 Medium Grid 3 Accent 2;\lsdpriority70 Dark List Accent 2;\lsdpriority71 Colorful Shading Accent 2;\lsdpriority72 Colorful List Accent 2;\lsdpriority73 Colorful Grid Accent 2;
+\lsdpriority60 Light Shading Accent 3;\lsdpriority61 Light List Accent 3;\lsdpriority62 Light Grid Accent 3;\lsdpriority63 Medium Shading 1 Accent 3;\lsdpriority64 Medium Shading 2 Accent 3;\lsdpriority65 Medium List 1 Accent 3;\lsdpriority66 Medium List 2 Accent 3;
+\lsdpriority67 Medium Grid 1 Accent 3;\lsdpriority68 Medium Grid 2 Accent 3;\lsdpriority69 Medium Grid 3 Accent 3;\lsdpriority70 Dark List Accent 3;\lsdpriority71 Colorful Shading Accent 3;\lsdpriority72 Colorful List Accent 3;\lsdpriority73 Colorful Grid Accent 3;
+\lsdpriority60 Light Shading Accent 4;\lsdpriority61 Light List Accent 4;\lsdpriority62 Light Grid Accent 4;\lsdpriority63 Medium Shading 1 Accent 4;\lsdpriority64 Medium Shading 2 Accent 4;\lsdpriority65 Medium List 1 Accent 4;\lsdpriority66 Medium List 2 Accent 4;
+\lsdpriority67 Medium Grid 1 Accent 4;\lsdpriority68 Medium Grid 2 Accent 4;\lsdpriority69 Medium Grid 3 Accent 4;\lsdpriority70 Dark List Accent 4;\lsdpriority71 Colorful Shading Accent 4;\lsdpriority72 Colorful List Accent 4;\lsdpriority73 Colorful Grid Accent 4;
+\lsdpriority60 Light Shading Accent 5;\lsdpriority61 Light List Accent 5;\lsdpriority62 Light Grid Accent 5;\lsdpriority63 Medium Shading 1 Accent 5;\lsdpriority64 Medium Shading 2 Accent 5;\lsdpriority65 Medium List 1 Accent 5;\lsdpriority66 Medium List 2 Accent 5;
+\lsdpriority67 Medium Grid 1 Accent 5;\lsdpriority68 Medium Grid 2 Accent 5;\lsdpriority69 Medium Grid 3 Accent 5;\lsdpriority70 Dark List Accent 5;\lsdpriority71 Colorful Shading Accent 5;\lsdpriority72 Colorful List Accent 5;\lsdpriority73 Colorful Grid Accent 5;
+\lsdpriority60 Light Shading Accent 6;\lsdpriority61 Light List Accent 6;\lsdpriority62 Light Grid Accent 6;\lsdpriority63 Medium Shading 1 Accent 6;\lsdpriority64 Medium Shading 2 Accent 6;\lsdpriority65 Medium List 1 Accent 6;\lsdpriority66 Medium List 2 Accent 6;
+\lsdpriority67 Medium Grid 1 Accent 6;\lsdpriority68 Medium Grid 2 Accent 6;\lsdpriority69 Medium Grid 3 Accent 6;\lsdpriority70 Dark List Accent 6;\lsdpriority71 Colorful Shading Accent 6;\lsdpriority72 Colorful List Accent 6;\lsdpriority73 Colorful Grid Accent 6;
+\lsdqformat1\lsdpriority19 Subtle Emphasis;\lsdqformat1\lsdpriority21 Intense Emphasis;\lsdqformat1\lsdpriority31 Subtle Reference;\lsdqformat1\lsdpriority32 Intense Reference;\lsdqformat1\lsdpriority33 Book Title;\lsdsemihidden1\lsdunhideused1\lsdpriority37 Bibliography;
+\lsdsemihidden1\lsdunhideused1\lsdqformat1\lsdpriority39 TOC Heading;}}}

cucumber/features/environment.py

@@ -0,0 +1,16 @@
+import os
+
+def before_all(context):
+    context.endpoint = None
+    context.request_data = None
+    context.files = {}
+    context.response = None
+
+def after_scenario(context, scenario):
+    if hasattr(context, 'files'):
+        for file in context.files.values():
+            file.close()
+    if os.path.exists('response_file'):
+        os.remove('response_file')
+    if hasattr(context, 'file_name') and os.path.exists(context.file_name):
+        os.remove(context.file_name)

cucumber/features/examples.feature

@@ -0,0 +1,130 @@
+@example
+Feature: API Validation
+
+  @positive @password
+  Scenario: Remove password 
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages
+    And the pdf is encrypted with password "password123"
+    And the request data includes
+      | parameter | value       |
+      | password  | password123 |
+    When I send the API request to the endpoint "/api/v1/security/remove-password"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 0
+    And the response PDF is not passworded
+	And the response status code should be 200
+
+  @negative @password
+  Scenario: Remove password wrong password
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages
+    And the pdf is encrypted with password "password123"
+    And the request data includes
+      | parameter | value       |
+      | password  | wrongPassword |
+    When I send the API request to the endpoint "/api/v1/security/remove-password"
+    Then the response status code should be 500
+    And the response should contain error message "Internal Server Error"
+
+  @positive @info
+  Scenario: Get info
+    Given I generate a PDF file as "fileInput"
+    When I send the API request to the endpoint "/api/v1/security/get-info-on-pdf"
+    Then the response content type should be "application/json"
+    And the response file should have size greater than 100
+	And the response status code should be 200
+
+  @positive @password
+  Scenario: Add password
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages
+    And the request data includes
+      | parameter | value       |
+      | password  | password123 |
+    When I send the API request to the endpoint "/api/v1/security/add-password"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 100
+    And the response PDF is passworded
+	And the response status code should be 200
+	
+  @positive @password
+  Scenario: Add password with other params 
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages
+    And the request data includes
+      | parameter      | value       |
+      | ownerPassword  | ownerPass   |
+      | password       | password123 |
+      | keyLength      | 256         |
+      | canPrint       | true        |
+      | canModify      | false       |
+    When I send the API request to the endpoint "/api/v1/security/add-password"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 100
+    And the response PDF is passworded
+	And the response status code should be 200
+	
+  @positive @watermark
+  Scenario: Add watermark
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages
+    And the request data includes
+      | parameter     | value            |
+      | watermarkType | text             |
+      | watermarkText | Sample Watermark |
+      | fontSize      | 30               |
+      | rotation      | 45               |
+      | opacity       | 0.5              |
+      | widthSpacer   | 50               |
+      | heightSpacer  | 50               |
+    When I send the API request to the endpoint "/api/v1/security/add-watermark"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 100
+	And the response status code should be 200
+
+  @positive
+  Scenario: Remove blank pages
+    Given I generate a PDF file as "fileInput"
+	And the pdf contains 3 blank pages
+    And the request data includes
+      | parameter    | value       |
+      | threshold    | 90          |
+      | whitePercent | 99.9        |
+    When I send the API request to the endpoint "/api/v1/misc/remove-blanks"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 0
+    And the response PDF should contain 0 pages
+	And the response status code should be 200
+
+  @positive @flatten
+  Scenario: Flatten PDF
+    Given I generate a PDF file as "fileInput"
+    And the request data includes
+      | parameter         | value   |
+      | flattenOnlyForms  | false    |
+    When I send the API request to the endpoint "/api/v1/misc/flatten"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 0
+	And the response status code should be 200
+	
+  @positive @metadata
+  Scenario: Update metadata
+    Given I generate a PDF file as "fileInput"
+    And the request data includes
+      | parameter        | value             |
+      | author           | John Doe          |
+      | title            | Sample Title      |
+      | subject          | Sample Subject    |
+      | keywords         | sample, test      |
+      | producer         | Test Producer     |
+    When I send the API request to the endpoint "/api/v1/misc/update-metadata"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 0
+    And the response PDF metadata should include "Author" as "John Doe"
+	And the response PDF metadata should include "Keywords" as "sample, test"
+	And the response PDF metadata should include "Subject" as "Sample Subject"
+	And the response PDF metadata should include "Title" as "Sample Title"
+	And the response status code should be 200
+
+  

cucumber/features/external.feature

@@ -0,0 +1,228 @@
+Feature: API Validation
+
+
+  @libre @positive
+  Scenario: Repair PDF
+    Given I generate a PDF file as "fileInput"
+    When I send the API request to the endpoint "/api/v1/misc/repair"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 0
+	And the response status code should be 200
+	
+
+  @ocr @positive
+  Scenario: Process PDF with OCR
+    Given I generate a PDF file as "fileInput"
+    And the request data includes
+      | parameter        | value       |
+      | languages        | eng         |
+      | sidecar          | false        |
+      | deskew           | true        |
+      | clean            | true        |
+      | cleanFinal       | true        |
+      | ocrType          | Normal      |
+      | ocrRenderType    | hocr        |
+      | removeImagesAfter| false       |
+    When I send the API request to the endpoint "/api/v1/misc/ocr-pdf"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 0
+	And the response status code should be 200
+
+
+  @ocr @positive
+  Scenario: Extract Image Scans
+    Given I generate a PDF file as "fileInput"
+	And the pdf contains 3 images on 2 pages
+    And the request data includes
+      | parameter        | value       |
+      | angleThreshold        | 5         |
+      | tolerance          | 20        |
+      | minArea           | 8000        |
+      | minContourArea            | 500        |
+      | borderSize       | 1        |
+    When I send the API request to the endpoint "/api/v1/misc/extract-image-scans"
+    Then the response content type should be "application/octet-stream"
+	And the response file should have extension ".zip"
+	And the response ZIP should contain 2 files
+    And the response file should have size greater than 0
+	And the response status code should be 200
+	
+	
+	
+  @ocr @negative
+  Scenario: Process PDF with text and OCR with type normal 
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages with random text
+    And the request data includes
+      | parameter        | value       |
+      | languages        | eng         |
+      | sidecar          | false        |
+      | deskew           | true        |
+      | clean            | true        |
+      | cleanFinal       | true        |
+      | ocrType          | Normal      |
+      | ocrRenderType    | hocr        |
+      | removeImagesAfter| false       |
+    When I send the API request to the endpoint "/api/v1/misc/ocr-pdf"
+	Then the response status code should be 500
+	
+  @ocr @positive
+  Scenario: Process PDF with OCR
+    Given I generate a PDF file as "fileInput"
+    And the request data includes
+      | parameter        | value       |
+      | languages        | eng         |
+      | sidecar          | false        |
+      | deskew           | true        |
+      | clean            | true        |
+      | cleanFinal       | true        |
+      | ocrType          | Force      |
+      | ocrRenderType    | hocr        |
+      | removeImagesAfter| false       |
+    When I send the API request to the endpoint "/api/v1/misc/ocr-pdf"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 0
+	And the response status code should be 200
+	
+  @ocr @positive
+  Scenario: Process PDF with OCR with sidecar
+    Given I generate a PDF file as "fileInput"
+    And the request data includes
+      | parameter        | value       |
+      | languages        | eng         |
+      | sidecar          | true        |
+      | deskew           | true        |
+      | clean            | true        |
+      | cleanFinal       | true        |
+      | ocrType          | Force      |
+      | ocrRenderType    | hocr        |
+      | removeImagesAfter| false       |
+    When I send the API request to the endpoint "/api/v1/misc/ocr-pdf"
+    Then the response content type should be "application/octet-stream"
+	And the response file should have extension ".zip"
+	And the response ZIP should contain 2 files
+    And the response file should have size greater than 0
+	And the response status code should be 200
+
+
+  @libre @positive
+  Scenario Outline: Convert PDF to various word formats
+  Given I generate a PDF file as "fileInput"
+  And the pdf contains 3 pages with random text
+  And the request data includes
+    | parameter    | value       |
+    | outputFormat | <format>    |
+  When I send the API request to the endpoint "/api/v1/convert/pdf/word"
+  Then the response status code should be 200
+  And the response file should have size greater than 100
+  And the response file should have extension "<extension>"
+
+  Examples:
+    | format | extension |
+    | docx   | .docx     |
+    | odt    | .odt      |
+    | doc    | .doc      |
+
+  @ocr
+  Scenario: PDFA
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages with random text
+	And the request data includes
+      | parameter        | value     |
+      | outputFormat     | pdfa       |
+    When I send the API request to the endpoint "/api/v1/convert/pdf/pdfa"
+	Then the response status code should be 200
+    And the response file should have extension ".pdf"
+    And the response file should have size greater than 100
+	
+  @ocr
+  Scenario: PDFA1
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages with random text
+	And the request data includes
+      | parameter        | value     |
+      | outputFormat     | pdfa-1       |
+    When I send the API request to the endpoint "/api/v1/convert/pdf/pdfa"
+	Then the response status code should be 200
+    And the response file should have extension ".pdf"
+    And the response file should have size greater than 100
+	
+  @compress @ghostscript @positive
+  Scenario: Compress
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages with random text
+	And the request data includes
+      | parameter        | value     |
+      | optimizeLevel     | 4       |
+    When I send the API request to the endpoint "/api/v1/misc/compress-pdf"
+	Then the response status code should be 200
+    And the response file should have extension ".pdf"
+    And the response file should have size greater than 100
+	
+  @compress @ghostscript @positive
+  Scenario: Compress
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages with random text
+	And the request data includes
+      | parameter        | value     |
+      | optimizeLevel     | 1       |
+	  | expectedOutputSize | 5KB |
+    When I send the API request to the endpoint "/api/v1/misc/compress-pdf"
+	Then the response status code should be 200
+    And the response file should have extension ".pdf"
+    And the response file should have size greater than 100
+	
+	
+  @compress @ghostscript @positive
+  Scenario: Compress
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 3 pages with random text
+	And the request data includes
+      | parameter        | value     |
+      | optimizeLevel     | 1       |
+	  | expectedOutputSize | 5KB |
+    When I send the API request to the endpoint "/api/v1/misc/compress-pdf"
+	Then the response status code should be 200
+    And the response file should have extension ".pdf"
+    And the response file should have size greater than 100	
+	
+  @libre @positive
+  Scenario Outline: Convert PDF to various types
+  Given I generate a PDF file as "fileInput"
+  And the pdf contains 3 pages with random text
+  And the request data includes
+    | parameter    | value       |
+    | outputFormat | <format>    |
+  When I send the API request to the endpoint "/api/v1/convert/pdf/<type>"
+  Then the response status code should be 200
+  And the response file should have size greater than 100
+  And the response file should have extension "<extension>"
+
+  Examples:
+   | type | format | extension |
+   |  text   | rtf   | .rtf     |
+   |  text   | txt    | .txt      |
+   |  presentation   | ppt   | .ppt     |
+   |  presentation   | pptx    | .pptx      |
+   |  presentation   | odp   | .odp     |
+   |  html   | html    | .zip      |
+
+	
+  @libre @positive @topdf
+  Scenario Outline: Convert PDF to various types
+  Given I use an example file at "exampleFiles/example<extension>" as parameter "fileInput"
+  When I send the API request to the endpoint "/api/v1/convert/file/pdf"
+  Then the response status code should be 200
+  And the response file should have size greater than 100
+  And the response file should have extension ".pdf"
+
+  Examples:
+   | extension | 
+   |   .docx  |
+   |  .odp   |
+   |  .odt   | 
+   |  .pptx   | 
+   |  .rtf   | 
+
+
+		

cucumber/features/general.feature

@@ -0,0 +1,96 @@
+@general
+Feature: API Validation
+
+	
+  @split-pdf-by-sections @positive
+  Scenario Outline: split-pdf-by-sections with different parameters
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 2 pages
+    And the request data includes
+      | parameter           | value       |
+      | horizontalDivisions | <horizontalDivisions> |
+      | verticalDivisions   | <verticalDivisions> |
+      | merge               | true |
+    When I send the API request to the endpoint "/api/v1/general/split-pdf-by-sections"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 200
+    And the response status code should be 200
+    And the response PDF should contain <page_count> pages
+
+  Examples:
+    | horizontalDivisions | verticalDivisions | page_count |
+    | 0                   | 1                 | 4          |
+    | 1                   | 1                 | 8          |
+    | 1                   | 2                 | 12          |
+    | 2                   | 2                 | 18          |
+
+  @split-pdf-by-sections @positive
+  Scenario Outline: split-pdf-by-sections with different parameters
+    Given I generate a PDF file as "fileInput"
+    And the pdf contains 2 pages
+    And the request data includes
+      | parameter           | value       |
+      | horizontalDivisions | <horizontalDivisions> |
+      | verticalDivisions   | <verticalDivisions> |
+      | merge               | true |
+    When I send the API request to the endpoint "/api/v1/general/split-pdf-by-sections"
+    Then the response content type should be "application/pdf"
+    And the response file should have size greater than 200
+    And the response status code should be 200
+    And the response PDF should contain <page_count> pages
+
+  Examples:
+    | horizontalDivisions | verticalDivisions | page_count |
+    | 0                   | 1                 | 4          |
+    | 1                   | 1                 | 8          |
+    | 1                   | 2                 | 12          |
+    | 2                   | 2                 | 18          |
+
+
+
+  @split-pdf-by-pages @positive
+  Scenario Outline: split-pdf-by-pages with different parameters
+  Given I generate a PDF file as "fileInput"
+  And the pdf contains 20 pages
+  And the request data includes
+    | parameter     | value         |
+    | fileInput     | fileInput     |
+    | pageNumbers   | <pageNumbers> |
+  When I send the API request to the endpoint "/api/v1/general/split-pages"
+  Then the response content type should be "application/octet-stream"
+  And the response status code should be 200
+  And the response file should have size greater than 200
+  And the response ZIP should contain <file_count> files
+
+  Examples:
+    | pageNumbers | file_count |
+    | 1,3,5-9     | 8          |
+    | all         | 20         |
+    | 2n+1        | 11         |
+    | 3n          | 7          |
+
+
+
+  @split-pdf-by-size-or-count @positive
+  Scenario Outline: split-pdf-by-size-or-count with different parameters
+  Given I generate a PDF file as "fileInput"
+  And the pdf contains 20 pages
+  And the request data includes
+    | parameter  | value          |
+    | fileInput  | fileInput      |
+    | splitType  | <splitType>    |
+    | splitValue | <splitValue>   |
+  When I send the API request to the endpoint "/api/v1/general/split-by-size-or-count"
+  Then the response content type should be "application/octet-stream"
+  And the response status code should be 200
+  And the response file should have size greater than 200
+  And the response ZIP file should contain <doc_count> documents each having <pages_per_doc> pages
+
+  Examples:
+    | splitType | splitValue | doc_count | pages_per_doc |
+    | 1         | 5          | 4         | 5             |
+    | 2         | 2          | 2         | 10            |
+    | 2         | 4          | 4         | 5             |
+    | 1         | 10         | 2         | 10            |
+
+

cucumber/features/steps/step_definitions.py

@@ -0,0 +1,307 @@
+import os
+import requests
+from behave import given, when, then
+from PyPDF2 import PdfWriter, PdfReader
+import io
+import random
+import string
+from reportlab.lib.pagesizes import letter
+from reportlab.pdfgen import canvas
+import mimetypes
+import requests
+import zipfile
+import shutil
+
+#########
+# GIVEN #
+#########
+
+@given('I generate a PDF file as "{fileInput}"')
+def step_generate_pdf(context, fileInput):
+    context.param_name = fileInput
+    context.file_name = "genericNonCustomisableName.pdf"
+    writer = PdfWriter()
+    writer.add_blank_page(width=72, height=72)  # Single blank page
+    with open(context.file_name, 'wb') as f:
+        writer.write(f)
+    if not hasattr(context, 'files'):
+        context.files = {}
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+
+@given('I use an example file at "{filePath}" as parameter "{fileInput}"')
+def step_use_example_file(context, filePath, fileInput):
+    context.param_name = fileInput
+    context.file_name = filePath.split('/')[-1]
+    if not hasattr(context, 'files'):
+        context.files = {}
+    
+    # Ensure the file exists before opening
+    try:
+        example_file = open(filePath, 'rb')
+        context.files[context.param_name] = example_file
+    except FileNotFoundError:
+        raise FileNotFoundError(f"The example file '{filePath}' does not exist.")
+
+        
+
+@given('the pdf contains {page_count:d} pages')
+def step_pdf_contains_pages(context, page_count):
+    writer = PdfWriter()
+    for i in range(page_count):
+        writer.add_blank_page(width=72, height=72)
+    with open(context.file_name, 'wb') as f:
+        writer.write(f)
+    context.files[context.param_name].close()
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+# Duplicate for now...
+@given('the pdf contains {page_count:d} blank pages')
+def step_pdf_contains_blank_pages(context, page_count):
+    writer = PdfWriter()
+    for i in range(page_count):
+        writer.add_blank_page(width=72, height=72)
+    with open(context.file_name, 'wb') as f:
+        writer.write(f)
+    context.files[context.param_name].close()
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+
+
+def create_black_box_image(file_name, size):
+    can = canvas.Canvas(file_name, pagesize=size)
+    width, height = size
+    can.setFillColorRGB(0, 0, 0)
+    can.rect(0, 0, width, height, fill=1)
+    can.showPage()
+    can.save()
+
+def create_pdf_with_black_boxes(file_name, image_count, page_count):
+    page_width, page_height = letter
+    box_size = 72  # 1 inch by 1 inch black box
+    boxes_per_page = image_count // page_count + (1 if image_count % page_count != 0 else 0)
+    
+    writer = PdfWriter()
+    box_counter = 0
+    
+    for page in range(page_count):
+        packet = io.BytesIO()
+        can = canvas.Canvas(packet, pagesize=letter)
+        
+        for i in range(boxes_per_page):
+            if box_counter >= image_count:
+                break
+            x = (i % (page_width // box_size)) * box_size
+            y = page_height - ((i // (page_width // box_size) + 1) * box_size)
+            can.setFillColorRGB(0, 0, 0)
+            can.rect(x, y, box_size, box_size, fill=1)
+            box_counter += 1
+            
+        can.showPage()
+        can.save()
+        packet.seek(0)
+        new_pdf = PdfReader(packet)
+        writer.add_page(new_pdf.pages[0])
+    
+    with open(file_name, 'wb') as f:
+        writer.write(f)
+
+@given('the pdf contains {image_count:d} images on {page_count:d} pages')
+def step_pdf_contains_images(context, image_count, page_count):
+    if not hasattr(context, 'param_name'):
+        context.param_name = "default"
+    context.file_name = "genericNonCustomisableName.pdf"
+    create_pdf_with_black_boxes(context.file_name, image_count, page_count)
+    if not hasattr(context, 'files'):
+        context.files = {}
+    if context.param_name in context.files:
+        context.files[context.param_name].close()
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+    
+@given('the pdf contains {page_count:d} pages with random text')
+def step_pdf_contains_pages_with_random_text(context, page_count):
+    buffer = io.BytesIO()
+    c = canvas.Canvas(buffer, pagesize=letter)
+    width, height = letter
+    
+    for _ in range(page_count):
+        text = ''.join(random.choices(string.ascii_letters + string.digits, k=100))
+        c.drawString(100, height - 100, text)
+        c.showPage()
+        
+    c.save()
+    
+    with open(context.file_name, 'wb') as f:
+        f.write(buffer.getvalue())
+        
+    context.files[context.param_name].close()
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+@given('the pdf pages all contain the text "{text}"')
+def step_pdf_pages_contain_text(context, text):
+    buffer = io.BytesIO()
+    c = canvas.Canvas(buffer, pagesize=letter)
+    width, height = letter
+    
+    for _ in range(len(PdfReader(context.file_name).pages)):
+        c.drawString(100, height - 100, text)
+        c.showPage()
+        
+    c.save()
+    
+    with open(context.file_name, 'wb') as f:
+        f.write(buffer.getvalue())
+        
+    context.files[context.param_name].close()
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+@given('the pdf is encrypted with password "{password}"')
+def step_encrypt_pdf(context, password):
+    writer = PdfWriter()
+    reader = PdfReader(context.file_name)
+    for i in range(len(reader.pages)):
+        writer.add_page(reader.pages[i])
+    writer.encrypt(password)
+    with open(context.file_name, 'wb') as f:
+        writer.write(f)
+    context.files[context.param_name].close()
+    context.files[context.param_name] = open(context.file_name, 'rb')
+
+@given('the request data is')
+def step_request_data(context):
+    context.request_data = eval(context.text)
+
+@given('the request data includes')
+def step_request_data_table(context):
+    context.request_data = {row['parameter']: row['value'] for row in context.table}
+
+@given('save the generated PDF file as "{filename}" for debugging')
+def save_generated_pdf(context, filename):
+    with open(filename, 'wb') as f:
+        f.write(context.files[context.param_name].read())
+    print(f"Saved generated PDF content to {filename}")
+
+########
+# WHEN #
+########
+
+@when('I send the API request to the endpoint "{endpoint}"')
+def step_send_api_request(context, endpoint):
+    url = f"http://localhost:8080{endpoint}"
+    files = context.files if hasattr(context, 'files') else {}
+
+    if not hasattr(context, 'request_data') or context.request_data is None:
+        context.request_data = {}
+
+    form_data = []
+    for key, value in context.request_data.items():
+        form_data.append((key, (None, value)))
+
+    for key, file in files.items():
+        mime_type, _ = mimetypes.guess_type(file.name)
+        mime_type = mime_type or 'application/octet-stream'
+        print(f"form_data {file.name} with {mime_type}")
+        form_data.append((key, (file.name, file, mime_type)))
+
+    response = requests.post(url, files=form_data)
+    context.response = response
+
+########
+# THEN #
+########
+
+@then('the response content type should be "{content_type}"')
+def step_check_response_content_type(context, content_type):
+    actual_content_type = context.response.headers.get('Content-Type', '')
+    assert actual_content_type.startswith(content_type), f"Expected {content_type} but got {actual_content_type}. Response content: {context.response.content}"
+
+@then('the response file should have size greater than {size:d}')
+def step_check_response_file_size(context, size):
+    response_file = io.BytesIO(context.response.content)
+    assert len(response_file.getvalue()) > size
+
+@then('the response PDF is not passworded')
+def step_check_response_pdf_not_passworded(context):
+    response_file = io.BytesIO(context.response.content)
+    reader = PdfReader(response_file)
+    assert not reader.is_encrypted
+
+@then('the response PDF is passworded')
+def step_check_response_pdf_passworded(context):
+    response_file = io.BytesIO(context.response.content)
+    try:
+        reader = PdfReader(response_file)
+        assert reader.is_encrypted
+    except PdfReadError as e:
+        raise AssertionError(f"Failed to read PDF: {str(e)}. Response content: {context.response.content}")
+    except Exception as e:
+        raise AssertionError(f"An error occurred: {str(e)}. Response content: {context.response.content}")
+
+@then('the response status code should be {status_code:d}')
+def step_check_response_status_code(context, status_code):
+    assert context.response.status_code == status_code, f"Expected status code {status_code} but got {context.response.status_code}"
+
+@then('the response should contain error message "{message}"')
+def step_check_response_error_message(context, message):
+    response_json = context.response.json()
+    assert response_json.get('error') == message, f"Expected error message '{message}' but got '{response_json.get('error')}'"
+
+@then('the response PDF should contain {page_count:d} pages')
+def step_check_response_pdf_page_count(context, page_count):
+    response_file = io.BytesIO(context.response.content)
+    reader = PdfReader(response_file)
+    assert len(reader.pages) == page_count, f"Expected {page_count} pages but got {len(reader.pages)} pages"
+
+@then('the response PDF metadata should include "{metadata_key}" as "{metadata_value}"')
+def step_check_response_pdf_metadata(context, metadata_key, metadata_value):
+    response_file = io.BytesIO(context.response.content)
+    reader = PdfReader(response_file)
+    metadata = reader.metadata
+    assert metadata.get("/" + metadata_key) == metadata_value, f"Expected {metadata_key} to be '{metadata_value}' but got '{metadata.get(metadata_key)}'"
+
+@then('the response file should have extension "{extension}"')
+def step_check_response_file_extension(context, extension):
+    content_disposition = context.response.headers.get('Content-Disposition', '')
+    filename = ""
+    if content_disposition:
+        parts = content_disposition.split(';')
+        for part in parts:
+            if part.strip().startswith('filename'):
+                filename = part.split('=')[1].strip().strip('"')
+                break
+    assert filename.endswith(extension), f"Expected file extension {extension} but got {filename}. Response content: {context.response.content}"
+
+@then('save the response file as "{filename}" for debugging')
+def step_save_response_file(context, filename):
+    with open(filename, 'wb') as f:
+        f.write(context.response.content)
+    print(f"Saved response content to {filename}")
+
+
+@then('the response PDF should contain {page_count:d} pages')
+def step_check_response_pdf_page_count(context, page_count):
+    response_file = io.BytesIO(context.response.content)
+    reader = PdfReader(io.BytesIO(response_file.getvalue()))
+    actual_page_count = len(reader.pages)
+    assert actual_page_count == page_count, f"Expected {page_count} pages but got {actual_page_count} pages"
+
+@then('the response ZIP should contain {file_count:d} files')
+def step_check_response_zip_file_count(context, file_count):
+    response_file = io.BytesIO(context.response.content)
+    with zipfile.ZipFile(io.BytesIO(response_file.getvalue())) as zip_file:
+      actual_file_count = len(zip_file.namelist())
+    assert actual_file_count == file_count, f"Expected {file_count} files but got {actual_file_count} files"
+
+@then('the response ZIP file should contain {doc_count:d} documents each having {pages_per_doc:d} pages')
+def step_check_response_zip_doc_page_count(context, doc_count, pages_per_doc):
+    response_file = io.BytesIO(context.response.content)
+    with zipfile.ZipFile(io.BytesIO(response_file.getvalue())) as zip_file:
+        actual_doc_count = len(zip_file.namelist())
+        assert actual_doc_count == doc_count, f"Expected {doc_count} documents but got {actual_doc_count} documents"
+        
+        for file_name in zip_file.namelist():
+            with zip_file.open(file_name) as pdf_file:
+                reader = PdfReader(pdf_file)
+                actual_pages_per_doc = len(reader.pages)
+                assert actual_pages_per_doc == pages_per_doc, f"Expected {pages_per_doc} pages per document but got {actual_pages_per_doc} pages in document {file_name}"

cucumber/requirements.txt

@@ -0,0 +1,5 @@
+behave
+requests
+PyPDF2
+reportlab
+PyCryptodome

exampleYmlFiles/docker-compose-latest-fat-security.yml

@@ -0,0 +1,34 @@
+version: '3.3'
+services:
+  stirling-pdf:
+    container_name: Stirling-PDF-Security-Fat
+    image: frooodle/s-pdf:latest-fat
+    deploy:
+      resources:
+        limits:
+          memory: 4G
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP' && curl -fL http://localhost:8080/ | grep -q 'Please sign in'"]
+      interval: 5s
+      timeout: 10s
+      retries: 16
+    ports:
+      - 8080:8080
+    volumes:
+      - /stirling/latest/data:/usr/share/tessdata:rw
+      - /stirling/latest/config:/configs:rw
+      - /stirling/latest/logs:/logs:rw
+    environment:
+      DOCKER_ENABLE_SECURITY: "true"
+      SECURITY_ENABLELOGIN: "true"
+      PUID: 1002
+      PGID: 1002
+      UMASK: "022"
+      SYSTEM_DEFAULTLOCALE: en-US
+      UI_APPNAME: Stirling-PDF
+      UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest-fat with Security
+      UI_APPNAMENAVBAR: Stirling-PDF Latest-fat
+      SYSTEM_MAXFILESIZE: "100"
+      METRICS_ENABLED: "true"
+      SYSTEM_GOOGLEVISIBILITY: "true"
+    restart: on-failure:5

exampleYmlFiles/docker-compose-latest-security-with-sso.yml

@@ -0,0 +1,42 @@
+version: '3.3'
+services:
+  stirling-pdf:
+    container_name: Stirling-PDF-Security
+    image: frooodle/s-pdf:latest
+    deploy:
+      resources:
+        limits:
+          memory: 4G
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP' && curl -fL http://localhost:8080/ | grep -q 'Please sign in'"]
+      interval: 5s
+      timeout: 10s
+      retries: 16
+    ports:
+      - "8080:8080"
+    volumes:
+      - /stirling/latest/data:/usr/share/tessdata:rw
+      - /stirling/latest/config:/configs:rw
+      - /stirling/latest/logs:/logs:rw
+    environment:
+      DOCKER_ENABLE_SECURITY: "true"
+      SECURITY_ENABLELOGIN: "true"
+      SECURITY_OAUTH2_ENABLED: "true"
+      SECURITY_OAUTH2_AUTOCREATEUSER: "true" # This is set to true to allow auto-creation of non-existing users in Stirling-PDF
+      SECURITY_OAUTH2_ISSUER: "https://accounts.google.com"  # Change with any other provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) end-point
+      SECURITY_OAUTH2_CLIENTID: "<YOUR CLIENT ID>.apps.googleusercontent.com" # Client ID from your provider
+      SECURITY_OAUTH2_CLIENTSECRET: "<YOUR CLIENT SECRET>"  # Client Secret from your provider
+      SECURITY_OAUTH2_SCOPES: "openid,profile,email" # Expected OAuth2 Scope
+      SECURITY_OAUTH2_USEASUSERNAME: "email" # Default is 'email'; custom fields can be used as the username
+      SECURITY_OAUTH2_PROVIDER: "google" # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
+      PUID: 1002
+      PGID: 1002
+      UMASK: "022"
+      SYSTEM_DEFAULTLOCALE: en-US
+      UI_APPNAME: Stirling-PDF
+      UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest with Security
+      UI_APPNAMENAVBAR: Stirling-PDF Latest
+      SYSTEM_MAXFILESIZE: "100"
+      METRICS_ENABLED: "true"
+      SYSTEM_GOOGLEVISIBILITY: "true"
+    restart: on-failure:5

exampleYmlFiles/docker-compose-latest-security.yml

@@ -13,7 +13,7 @@ services:
       timeout: 10s
       retries: 16
     ports:
-      - 8080:8080
+      - "8080:8080"
     volumes:
       - /stirling/latest/data:/usr/share/tessdata:rw
       - /stirling/latest/config:/configs:rw

exampleYmlFiles/docker-compose-latest-ultra-lite-security.yml

@@ -13,7 +13,7 @@ services:
       timeout: 10s
       retries: 16
     ports:
-      - 8080:8080
+      - "8080:8080"
     volumes:
       - /stirling/latest/data:/usr/share/tessdata:rw
       - /stirling/latest/config:/configs:rw

exampleYmlFiles/docker-compose-latest-ultra-lite.yml

@@ -13,7 +13,7 @@ services:
       timeout: 10s
       retries: 16
     ports:
-      - 8080:8080
+      - "8080:8080"
     volumes:
       - /stirling/latest/config:/configs:rw
       - /stirling/latest/logs:/logs:rw

exampleYmlFiles/docker-compose-latest.yml

@@ -13,7 +13,7 @@ services:
       timeout: 10s
       retries: 16
     ports:
-      - 8080:8080
+      - "8080:8080"
     volumes:
       - /stirling/latest/data:/usr/share/tessdata:rw
       - /stirling/latest/config:/configs:rw

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

scripts/counter_translation.py

@@ -10,49 +10,77 @@ Author: Ludy87
 Example:
     To use this script, simply run it from command line:
         $ python counter_translation.py
-"""
-import os
+"""  # noqa: D205
+
 import glob
+import os
 import re
-from typing import List, Tuple
+
+import tomlkit
+import tomlkit.toml_file
 
 
-def write_readme(progress_list: List[Tuple[str, int]]) -> None:
-    """
-    Updates the progress status in the README.md file based
+def convert_to_multiline(data: tomlkit.TOMLDocument) -> tomlkit.TOMLDocument:
+    """Converts 'ignore' and 'missing' arrays to multiline arrays and sorts the first-level keys of the TOML document.
+    Enhances readability and consistency in the TOML file by ensuring arrays contain unique and sorted entries.
+
+    Parameters:
+        data (tomlkit.TOMLDocument): The original TOML document containing the data.
+
+    Returns:
+        tomlkit.TOMLDocument: A new TOML document with sorted keys and properly formatted arrays.
+    """  # noqa: D205
+    sorted_data = tomlkit.document()
+    for key in sorted(data.keys()):
+        value = data[key]
+        if isinstance(value, dict):
+            new_table = tomlkit.table()
+            for subkey in ("ignore", "missing"):
+                if subkey in value:
+                    # Convert the list to a set to remove duplicates, sort it, and convert to multiline for readability
+                    unique_sorted_array = sorted(set(value[subkey]))
+                    array = tomlkit.array()
+                    array.multiline(True)
+                    for item in unique_sorted_array:
+                        array.append(item)
+                    new_table[subkey] = array
+            sorted_data[key] = new_table
+        else:
+            # Add other types of data unchanged
+            sorted_data[key] = value
+    return sorted_data
+
+
+def write_readme(progress_list: list[tuple[str, int]]) -> None:
+    """Updates the progress status in the README.md file based
     on the provided progress list.
 
     Parameters:
-        progress_list (List[Tuple[str, int]]): A list of tuples containing
+        progress_list (list[tuple[str, int]]): A list of tuples containing
         language and progress percentage.
 
     Returns:
         None
-    """
-    with open("README.md", "r", encoding="utf-8") as file:
-        content = file.read()
+    """  # noqa: D205
+    with open("README.md", encoding="utf-8") as file:
+        content = file.readlines()
 
-    lines = content.split("\n")
-    for i, line in enumerate(lines[2:], start=2):
+    for i, line in enumerate(content[2:], start=2):
         for progress in progress_list:
             language, value = progress
             if language in line:
-                match = re.search(r"\!\[(\d+(\.\d+)?)%\]\(.*\)", line)
-                if match:
-                    lines[i] = line.replace(
+                if match := re.search(r"\!\[(\d+(\.\d+)?)%\]\(.*\)", line):
+                    content[i] = line.replace(
                         match.group(0),
                         f"![{value}%](https://geps.dev/progress/{value})",
                     )
 
-    new_content = "\n".join(lines)
-
     with open("README.md", "w", encoding="utf-8") as file:
-        file.write(new_content)
+        file.writelines(content)
 
 
-def compare_files(default_file_path, files_directory) -> List[Tuple[str, int]]:
-    """
-    Compares the default properties file with other
+def compare_files(default_file_path, file_paths, translation_status_file) -> list[tuple[str, int]]:
+    """Compares the default properties file with other
     properties files in the directory.
 
     Parameters:
@@ -60,20 +88,22 @@ def compare_files(default_file_path, files_directory) -> List[Tuple[str, int]]:
         files_directory (str): The directory containing other properties files.
 
     Returns:
-        List[Tuple[str, int]]: A list of tuples containing
+        list[tuple[str, int]]: A list of tuples containing
         language and progress percentage.
-    """
-    file_paths = glob.glob(os.path.join(files_directory, "messages_*.properties"))
-    num_lines = sum(1 for _ in open(default_file_path, encoding="utf-8"))
+    """  # noqa: D205
+    num_lines = sum(
+        1 for line in open(default_file_path, encoding="utf-8") if line.strip() and not line.strip().startswith("#")
+    )
 
     result_list = []
+    sort_translation_status: tomlkit.TOMLDocument
+
+    # read toml
+    with open(translation_status_file, encoding="utf-8") as f:
+        sort_translation_status = tomlkit.parse(f.read())
 
     for file_path in file_paths:
-        language = (
-            os.path.basename(file_path)
-            .split("messages_", 1)[1]
-            .split(".properties", 1)[0]
-        )
+        language = os.path.basename(file_path).split("messages_", 1)[1].split(".properties", 1)[0]
 
         fails = 0
         if "en_GB" in language or "en_US" in language:
@@ -81,9 +111,21 @@ def compare_files(default_file_path, files_directory) -> List[Tuple[str, int]]:
             result_list.append(("en_US", 100))
             continue
 
-        with open(default_file_path, "r", encoding="utf-8") as default_file, open(
-            file_path, "r", encoding="utf-8"
-        ) as file:
+        if language not in sort_translation_status:
+            sort_translation_status[language] = tomlkit.table()
+
+        if (
+            "ignore" not in sort_translation_status[language]
+            or len(sort_translation_status[language].get("ignore", [])) < 1
+        ):
+            sort_translation_status[language]["ignore"] = tomlkit.array(["language.direction"])
+
+        # if "missing" not in sort_translation_status[language]:
+        #     sort_translation_status[language]["missing"] = tomlkit.array()
+        # elif "language.direction" in sort_translation_status[language]["missing"]:
+        #     sort_translation_status[language]["missing"].remove("language.direction")
+
+        with open(default_file_path, encoding="utf-8") as default_file, open(file_path, encoding="utf-8") as file:
             for _ in range(5):
                 next(default_file)
                 try:
@@ -91,24 +133,47 @@ def compare_files(default_file_path, files_directory) -> List[Tuple[str, int]]:
                 except StopIteration:
                     fails = num_lines
 
-            for _, (line_default, line_file) in enumerate(
-                zip(default_file, file), start=6
-            ):
+            for line_num, (line_default, line_file) in enumerate(zip(default_file, file), start=6):
                 try:
+                    # Ignoring empty lines and lines start with #
+                    if line_default.strip() == "" or line_default.startswith("#"):
+                        continue
+
+                    default_key, default_value = line_default.split("=", 1)
+                    file_key, file_value = line_file.split("=", 1)
                     if (
-                        line_default.split("=", 1)[1].strip()
-                        == line_file.split("=", 1)[1].strip()
+                        default_value.strip() == file_value.strip()
+                        and default_key.strip() not in sort_translation_status[language]["ignore"]
                     ):
+                        print(f"{language}: Line {line_num} is missing the translation.")
+                        # if default_key.strip() not in sort_translation_status[language]["missing"]:
+                        #     missing_array = tomlkit.array()
+                        #     missing_array.append(default_key.strip())
+                        #     missing_array.multiline(True)
+                        #     sort_translation_status[language]["missing"].extend(missing_array)
                         fails += 1
+                    # elif default_key.strip() in sort_translation_status[language]["ignore"]:
+                    #     if default_key.strip() in sort_translation_status[language]["missing"]:
+                    #         sort_translation_status[language]["missing"].remove(default_key.strip())
+                    if default_value.strip() != file_value.strip():
+                        # if default_key.strip() in sort_translation_status[language]["missing"]:
+                        #     sort_translation_status[language]["missing"].remove(default_key.strip())
+                        if default_key.strip() in sort_translation_status[language]["ignore"]:
+                            sort_translation_status[language]["ignore"].remove(default_key.strip())
+
                 except IndexError:
                     pass
 
+        print(f"{language}: {fails} out of {num_lines} lines are not translated.")
         result_list.append(
             (
                 language,
                 int((num_lines - fails) * 100 / num_lines),
             )
         )
+    translation_status = convert_to_multiline(sort_translation_status)
+    with open(translation_status_file, "w", encoding="utf-8") as file:
+        file.write(tomlkit.dumps(translation_status))
 
     unique_data = list(set(result_list))
     unique_data.sort(key=lambda x: x[1], reverse=True)
@@ -118,5 +183,10 @@ def compare_files(default_file_path, files_directory) -> List[Tuple[str, int]]:
 
 if __name__ == "__main__":
     directory = os.path.join(os.getcwd(), "src", "main", "resources")
+    messages_file_paths = glob.glob(os.path.join(directory, "messages_*.properties"))
     reference_file = os.path.join(directory, "messages_en_GB.properties")
-    write_readme(compare_files(reference_file, directory))
+
+    scripts_directory = os.path.join(os.getcwd(), "scripts")
+    translation_state_file = os.path.join(scripts_directory, "translation_status.toml")
+
+    write_readme(compare_files(reference_file, messages_file_paths, translation_state_file))

scripts/init-without-ocr.sh

@@ -11,14 +11,16 @@ if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -
 fi
 umask "$UMASK" || true
 
-if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then
+if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" && "$FAT_DOCKER" != "true" ]]; then
   apk add --no-cache calibre@testing
 fi
 
-/scripts/download-security-jar.sh
+if [[ "$FAT_DOCKER" != "true" ]]; then
+  /scripts/download-security-jar.sh	
+fi
 
 if [[ -n "$LANGS" ]]; then
-	/scripts/installFonts.sh $LANGS
+  /scripts/installFonts.sh $LANGS
 fi
 
 echo "Setting permissions and ownership for necessary directories..."

scripts/translation_status.toml

@@ -0,0 +1,182 @@
+[ar_AR]
+ignore = [
+    'language.direction',
+]
+
+[bg_BG]
+ignore = [
+    'language.direction',
+]
+
+[ca_CA]
+ignore = [
+    'language.direction',
+]
+
+[cs_CZ]
+ignore = [
+    'info',
+    'language.direction',
+    'pipeline.header',
+    'text',
+]
+
+[de_DE]
+ignore = [
+    'AddStampRequest.alphabet',
+    'AddStampRequest.position',
+    'PDFToBook.selectText.1',
+    'PDFToText.tags',
+    'addPageNumbers.selectText.3',
+    'alphabet',
+    'certSign.name',
+    'language.direction',
+    'licenses.version',
+    'pipeline.title',
+    'pipelineOptions.pipelineHeader',
+    'sponsor',
+    'text',
+    'watermark.type.1',
+]
+
+[el_GR]
+ignore = [
+    'language.direction',
+]
+
+[es_ES]
+ignore = [
+    'adminUserSettings.roles',
+    'color',
+    'language.direction',
+    'no',
+    'showJS.tags',
+]
+
+[eu_ES]
+ignore = [
+    'language.direction',
+]
+
+[fr_FR]
+ignore = [
+    'language.direction',
+]
+
+[hi_IN]
+ignore = [
+    'language.direction',
+]
+
+[hr_HR]
+ignore = [
+    'font',
+    'home.pipeline.title',
+    'info',
+    'language.direction',
+    'pdfOrganiser.tags',
+    'showJS.tags',
+]
+
+[hu_HU]
+ignore = [
+    'language.direction',
+]
+
+[id_ID]
+ignore = [
+    'language.direction',
+]
+
+[it_IT]
+ignore = [
+    'font',
+    'language.direction',
+    'no',
+    'password',
+    'pipeline.title',
+    'pipelineOptions.pipelineHeader',
+    'removePassword.selectText.2',
+    'showJS.tags',
+    'sponsor',
+]
+
+[ja_JP]
+ignore = [
+    'language.direction',
+]
+
+[ko_KR]
+ignore = [
+    'language.direction',
+]
+
+[nl_NL]
+ignore = [
+    'language.direction',
+]
+
+[no_NB]
+ignore = [
+    'language.direction',
+]
+
+[pl_PL]
+ignore = [
+    'language.direction',
+]
+
+[pt_BR]
+ignore = [
+    'language.direction',
+]
+
+[pt_PT]
+ignore = [
+    'language.direction',
+]
+
+[ro_RO]
+ignore = [
+    'language.direction',
+]
+
+[ru_RU]
+ignore = [
+    'language.direction',
+]
+
+[sk_SK]
+ignore = [
+    'language.direction',
+]
+
+[sr_LATN_RS]
+ignore = [
+    'language.direction',
+]
+
+[sv_SE]
+ignore = [
+    'language.direction',
+]
+
+[tr_TR]
+ignore = [
+    'language.direction',
+]
+
+[uk_UA]
+ignore = [
+    'language.direction',
+]
+
+[zh_CN]
+ignore = [
+    'language.direction',
+]
+
+[zh_TW]
+ignore = [
+    'language.direction',
+]

src/main/java/stirling/software/SPDF/LibreOfficeListener.java

@@ -6,11 +6,15 @@ import java.net.Socket;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import io.github.pixee.security.SystemCommand;
 
 public class LibreOfficeListener {
 
-    private static final long ACTIVITY_TIMEOUT = 20 * 60 * 1000; // 20 minutes
+    private static final Logger logger = LoggerFactory.getLogger(LibreOfficeListener.class);
+    private static final long ACTIVITY_TIMEOUT = 20L * 60 * 1000; // 20 minutes
 
     private static final LibreOfficeListener INSTANCE = new LibreOfficeListener();
     private static final int LISTENER_PORT = 2002;
@@ -27,14 +31,12 @@ public class LibreOfficeListener {
     private LibreOfficeListener() {}
 
     private boolean isListenerRunning() {
-        try {
-            System.out.println("waiting for listener to start");
-            Socket socket = new Socket();
+        System.out.println("waiting for listener to start");
+        try (Socket socket = new Socket()) {
             socket.connect(
                     new InetSocketAddress("localhost", 2002), 1000); // Timeout after 1 second
-            socket.close();
             return true;
-        } catch (IOException e) {
+        } catch (Exception e) {
             return false;
         }
     }
@@ -63,6 +65,7 @@ public class LibreOfficeListener {
                         try {
                             Thread.sleep(5000); // Check for inactivity every 5 seconds
                         } catch (InterruptedException e) {
+                            Thread.currentThread().interrupt();
                             break;
                         }
                     }
@@ -80,8 +83,8 @@ public class LibreOfficeListener {
             try {
                 Thread.sleep(1000);
             } catch (InterruptedException e) {
-                // TODO Auto-generated catch block
-                e.printStackTrace();
+                Thread.currentThread().interrupt();
+                logger.error("exception", e);
             } // Check every 1 second
         }
     }

src/main/java/stirling/software/SPDF/SPdfApplication.java

@@ -5,6 +5,8 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -65,14 +67,36 @@ public class SPdfApplication {
 
         SpringApplication app = new SpringApplication(SPdfApplication.class);
         app.addInitializers(new ConfigInitializer());
+        Map<String, String> propertyFiles = new HashMap<>();
+
+        // stirling pdf settings file
         if (Files.exists(Paths.get("configs/settings.yml"))) {
-            app.setDefaultProperties(
-                    Collections.singletonMap(
-                            "spring.config.additional-location", "file:configs/settings.yml"));
+            propertyFiles.put("spring.config.additional-location", "file:configs/settings.yml");
         } else {
             logger.warn(
                     "External configuration file 'configs/settings.yml' does not exist. Using default configuration and environment configuration instead.");
         }
+
+        // custom javs settings file
+        if (Files.exists(Paths.get("configs/custom_settings.yml"))) {
+            String existing = propertyFiles.getOrDefault("spring.config.additional-location", "");
+            if (!existing.isEmpty()) {
+                existing += ",";
+            }
+            propertyFiles.put(
+                    "spring.config.additional-location",
+                    existing + "file:configs/custom_settings.yml");
+        } else {
+            logger.warn("Custom configuration file 'configs/custom_settings.yml' does not exist.");
+        }
+
+        if (!propertyFiles.isEmpty()) {
+            app.setDefaultProperties(
+                    Collections.singletonMap(
+                            "spring.config.additional-location",
+                            propertyFiles.get("spring.config.additional-location")));
+        }
+
         app.run(args);
 
         try {

src/main/java/stirling/software/SPDF/config/AppConfig.java

@@ -2,23 +2,45 @@ package stirling.software.SPDF.config;
 
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Properties;
+import java.util.function.Predicate;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.thymeleaf.spring6.SpringTemplateEngine;
 
 import stirling.software.SPDF.model.ApplicationProperties;
 
 @Configuration
+@Lazy
 public class AppConfig {
 
+    private static final Logger logger = LoggerFactory.getLogger(AppConfig.class);
+
     @Autowired ApplicationProperties applicationProperties;
 
+    @Bean
+    @ConditionalOnProperty(
+            name = "system.customHTMLFiles",
+            havingValue = "true",
+            matchIfMissing = false)
+    public SpringTemplateEngine templateEngine(ResourceLoader resourceLoader) {
+        SpringTemplateEngine templateEngine = new SpringTemplateEngine();
+        templateEngine.addTemplateResolver(new FileFallbackTemplateResolver(resourceLoader));
+        return templateEngine;
+    }
+
     @Bean(name = "loginEnabled")
     public boolean loginEnabled() {
         return applicationProperties.getSecurity().getEnableLogin();
@@ -38,7 +60,7 @@ public class AppConfig {
             props.load(resource.getInputStream());
             return props.getProperty("version");
         } catch (IOException e) {
-            e.printStackTrace();
+            logger.error("exception", e);
         }
         return "0.0.0";
     }
@@ -92,4 +114,26 @@ public class AppConfig {
     public boolean missingActivSecurity() {
         return false;
     }
+
+    @Bean(name = "watchedFoldersDir")
+    public String watchedFoldersDir() {
+        return "./pipeline/watchedFolders/";
+    }
+
+    @Bean(name = "finishedFoldersDir")
+    public String finishedFoldersDir() {
+        return "./pipeline/finishedFolders/";
+    }
+
+    @Bean(name = "directoryFilter")
+    public Predicate<Path> processPDFOnlyFilter() {
+        return path -> {
+            if (Files.isDirectory(path)) {
+                return !path.toString().contains("processing");
+            } else {
+                String fileName = path.getFileName().toString();
+                return fileName.endsWith(".pdf");
+            }
+        };
+    }
 }

src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java

@@ -15,7 +15,14 @@ public class CleanUrlInterceptor implements HandlerInterceptor {
 
     private static final List<String> ALLOWED_PARAMS =
             Arrays.asList(
-                    "lang", "endpoint", "endpoints", "logout", "error", "file", "messageType");
+                    "lang",
+                    "endpoint",
+                    "endpoints",
+                    "logout",
+                    "error",
+                    "erroroauth",
+                    "file",
+                    "messageType");
 
     @Override
     public boolean preHandle(

src/main/java/stirling/software/SPDF/config/ConfigInitializer.java

@@ -1,20 +1,13 @@
 package stirling.software.SPDF.config;
 
-import java.io.BufferedReader;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
+import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.ArrayList;
 import java.util.List;
-import java.util.Optional;
-import java.util.Set;
-import java.util.function.Function;
-import java.util.stream.Collectors;
 
 import org.springframework.context.ApplicationContextInitializer;
 import org.springframework.context.ConfigurableApplicationContext;
@@ -26,12 +19,12 @@ public class ConfigInitializer
     public void initialize(ConfigurableApplicationContext applicationContext) {
         try {
             ensureConfigExists();
-        } catch (IOException e) {
+        } catch (Exception e) {
             throw new RuntimeException("Failed to initialize application configuration", e);
         }
     }
 
-    public void ensureConfigExists() throws IOException {
+    public void ensureConfigExists() throws IOException, URISyntaxException {
         // Define the path to the external config directory
         Path destPath = Paths.get("configs", "settings.yml");
 
@@ -51,170 +44,95 @@ public class ConfigInitializer
                 }
             }
         } else {
-            // If user file exists, we need to merge it with the template from the classpath
-            List<String> templateLines;
-            try (InputStream in =
-                    getClass().getClassLoader().getResourceAsStream("settings.yml.template")) {
-                templateLines =
-                        new BufferedReader(new InputStreamReader(in, StandardCharsets.UTF_8))
-                                .lines()
-                                .collect(Collectors.toList());
-            }
+            //            Path templatePath =
+            //                    Paths.get(
+            //                            getClass()
+            //                                    .getClassLoader()
+            //                                    .getResource("settings.yml.template")
+            //                                    .toURI());
+            //            Path userPath = Paths.get("configs", "settings.yml");
+            //
+            //            List<String> templateLines = Files.readAllLines(templatePath);
+            //            List<String> userLines =
+            //                    Files.exists(userPath) ? Files.readAllLines(userPath) : new
+            // ArrayList<>();
+            //
+            //            List<String> resultLines = new ArrayList<>();
+            //            int position = 0;
+            //            for (String templateLine : templateLines) {
+            //                // Check if the line is a comment
+            //                if (templateLine.trim().startsWith("#")) {
+            //                    String entry = templateLine.trim().substring(1).trim();
+            //                    if (!entry.isEmpty()) {
+            //                        // Check if this comment has been uncommented in userLines
+            //                        String key = entry.split(":")[0].trim();
+            //                        addLine(resultLines, userLines, templateLine, key, position);
+            //                    } else {
+            //                        resultLines.add(templateLine);
+            //                    }
+            //                }
+            //                // Check if the line is a key-value pair
+            //                else if (templateLine.contains(":")) {
+            //                    String key = templateLine.split(":")[0].trim();
+            //                    addLine(resultLines, userLines, templateLine, key, position);
+            //                }
+            //                // Handle empty lines
+            //                else if (templateLine.trim().length() == 0) {
+            //                    resultLines.add("");
+            //                }
+            //                position++;
+            //            }
+            //
+            //            // Write the result to the user settings file
+            //            Files.write(userPath, resultLines);
+        }
 
-            mergeYamlFiles(templateLines, destPath, destPath);
+        Path customSettingsPath = Paths.get("configs", "custom_settings.yml");
+        if (!Files.exists(customSettingsPath)) {
+            Files.createFile(customSettingsPath);
         }
     }
 
-    public void mergeYamlFiles(List<String> templateLines, Path userFilePath, Path outputPath)
-            throws IOException {
-        List<String> userLines = Files.readAllLines(userFilePath);
-        List<String> mergedLines = new ArrayList<>();
-        boolean insideAutoGenerated = false;
-        boolean beforeFirstKey = true;
-
-        Function<String, Boolean> isCommented = line -> line.trim().startsWith("#");
-        Function<String, String> extractKey =
-                line -> {
-                    String[] parts = line.split(":");
-                    return parts.length > 0 ? parts[0].trim().replace("#", "").trim() : "";
-                };
-
-        Function<String, Integer> getIndentationLevel =
-                line -> {
-                    int count = 0;
-                    for (char ch : line.toCharArray()) {
-                        if (ch == ' ') count++;
-                        else break;
-                    }
-                    return count;
-                };
-
-        Set<String> userKeys = userLines.stream().map(extractKey).collect(Collectors.toSet());
-
-        for (String line : templateLines) {
-            String key = extractKey.apply(line);
-
-            if ("AutomaticallyGenerated:".equalsIgnoreCase(line.trim())) {
-                insideAutoGenerated = true;
-                mergedLines.add(line);
-                continue;
-            } else if (insideAutoGenerated && line.trim().isEmpty()) {
-                insideAutoGenerated = false;
-                mergedLines.add(line);
-                continue;
-            }
-
-            if (beforeFirstKey && (isCommented.apply(line) || line.trim().isEmpty())) {
-                // Handle top comments and empty lines before the first key.
-                mergedLines.add(line);
-                continue;
-            }
-
-            if (!key.isEmpty()) beforeFirstKey = false;
-
-            if (userKeys.contains(key)) {
-                // If user has any version (commented or uncommented) of this key, skip the
-                // template line
-                Optional<String> userValue =
-                        userLines.stream()
-                                .filter(
-                                        l ->
-                                                extractKey.apply(l).equalsIgnoreCase(key)
-                                                        && !isCommented.apply(l))
-                                .findFirst();
-                if (userValue.isPresent()) mergedLines.add(userValue.get());
-                continue;
-            }
-
-            if (isCommented.apply(line) || line.trim().isEmpty() || !userKeys.contains(key)) {
-                mergedLines.add(
-                        line); // If line is commented, empty or key not present in user's file,
-                // retain the
-                // template line
-                continue;
-            }
-        }
-
-        // Add any additional uncommented user lines that are not present in the
-        // template
-        for (String userLine : userLines) {
-            String userKey = extractKey.apply(userLine);
-            boolean isPresentInTemplate =
-                    templateLines.stream()
-                            .map(extractKey)
-                            .anyMatch(templateKey -> templateKey.equalsIgnoreCase(userKey));
-            if (!isPresentInTemplate && !isCommented.apply(userLine)) {
-                if (!childOfTemplateEntry(
-                        isCommented,
-                        extractKey,
-                        getIndentationLevel,
-                        userLines,
-                        userLine,
-                        templateLines)) {
-                    // check if userLine is a child of a entry within templateLines or not, if child
-                    // of parent in templateLines then dont add to mergedLines, if anything else
-                    // then add
-                    mergedLines.add(userLine);
-                }
-            }
-        }
-
-        Files.write(outputPath, mergedLines, StandardCharsets.UTF_8);
-    }
-
-    // New method to check if a userLine is a child of an entry in templateLines
-    boolean childOfTemplateEntry(
-            Function<String, Boolean> isCommented,
-            Function<String, String> extractKey,
-            Function<String, Integer> getIndentationLevel,
+    // TODO check parent value instead of just indent lines for duplicate keys (like enabled etc)
+    private static void addLine(
+            List<String> resultLines,
             List<String> userLines,
-            String userLine,
-            List<String> templateLines) {
-        String userKey = extractKey.apply(userLine).trim();
-        int userIndentation = getIndentationLevel.apply(userLine);
-
-        // Start by assuming the line is not a child of an entry in templateLines
-        boolean isChild = false;
-
-        // Iterate backwards through userLines from the current line to find any parent
-        for (int i = userLines.indexOf(userLine) - 1; i >= 0; i--) {
-            String potentialParentLine = userLines.get(i);
-            int parentIndentation = getIndentationLevel.apply(potentialParentLine);
-
-            // Check if we've reached a potential parent based on indentation
-            if (parentIndentation < userIndentation) {
-                String parentKey = extractKey.apply(potentialParentLine).trim();
-
-                // Now, check if this potential parent or any of its parents exist in templateLines
-                boolean parentExistsInTemplate =
-                        templateLines.stream()
-                                .filter(line -> !isCommented.apply(line)) // Skip commented lines
-                                .anyMatch(
-                                        templateLine -> {
-                                            String templateKey =
-                                                    extractKey.apply(templateLine).trim();
-                                            return parentKey.equalsIgnoreCase(templateKey);
-                                        });
-
-                if (!parentExistsInTemplate) {
-                    // If the parent does not exist in template, check the next level parent
-                    userIndentation =
-                            parentIndentation; // Update userIndentation to the parent's indentation
-                    // for next iteration
-                    if (parentIndentation == 0) {
-                        // If we've reached the top-level parent and it's not in template, the
-                        // original line is considered not a child
-                        isChild = false;
-                        break;
-                    }
-                } else {
-                    // If any parent exists in template, the original line is considered a child
-                    isChild = true;
+            String templateLine,
+            String key,
+            int position) {
+        boolean added = false;
+        int templateIndentationLevel = getIndentationLevel(templateLine);
+        int pos = 0;
+        for (String settingsLine : userLines) {
+            if (settingsLine.trim().startsWith(key + ":") && position == pos) {
+                int settingsIndentationLevel = getIndentationLevel(settingsLine);
+                // Check if it is correct settingsLine and has the same parent as templateLine
+                if (settingsIndentationLevel == templateIndentationLevel) {
+                    resultLines.add(settingsLine);
+                    added = true;
                     break;
                 }
             }
+            pos++;
         }
+        if (!added) {
+            resultLines.add(templateLine);
+        }
+    }
 
-        return isChild; // Return true if the line is not a child of any entry in templateLines
+    private static int getIndentationLevel(String line) {
+        int indentationLevel = 0;
+        String trimmedLine = line.trim();
+        if (trimmedLine.startsWith("#")) {
+            line = trimmedLine.substring(1);
+        }
+        for (char c : line.toCharArray()) {
+            if (c == ' ') {
+                indentationLevel++;
+            } else {
+                break;
+            }
+        }
+        return indentationLevel;
     }
 }

src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java

@@ -116,6 +116,7 @@ public class EndpointConfiguration {
         addEndpointToGroup("Security", "change-permissions");
         addEndpointToGroup("Security", "add-watermark");
         addEndpointToGroup("Security", "cert-sign");
+        addEndpointToGroup("Security", "remove-cert-sign");
         addEndpointToGroup("Security", "sanitize-pdf");
         addEndpointToGroup("Security", "auto-redact");
 
@@ -200,6 +201,7 @@ public class EndpointConfiguration {
         addEndpointToGroup("Java", "extract-images");
         addEndpointToGroup("Java", "change-metadata");
         addEndpointToGroup("Java", "cert-sign");
+        addEndpointToGroup("Java", "remove-cert-sign");
         addEndpointToGroup("Java", "multi-page-layout");
         addEndpointToGroup("Java", "scale-pages");
         addEndpointToGroup("Java", "add-page-numbers");

src/main/java/stirling/software/SPDF/config/FileFallbackTemplateResolver.java

@@ -0,0 +1,54 @@
+package stirling.software.SPDF.config;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map;
+
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.thymeleaf.IEngineConfiguration;
+import org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver;
+import org.thymeleaf.templateresource.FileTemplateResource;
+import org.thymeleaf.templateresource.ITemplateResource;
+
+import stirling.software.SPDF.model.InputStreamTemplateResource;
+
+public class FileFallbackTemplateResolver extends AbstractConfigurableTemplateResolver {
+
+    private final ResourceLoader resourceLoader;
+
+    public FileFallbackTemplateResolver(ResourceLoader resourceLoader) {
+        super();
+        this.resourceLoader = resourceLoader;
+        setSuffix(".html");
+    }
+
+    // Note this does not work in local IDE, Prod jar only.
+    @Override
+    protected ITemplateResource computeTemplateResource(
+            IEngineConfiguration configuration,
+            String ownerTemplate,
+            String template,
+            String resourceName,
+            String characterEncoding,
+            Map<String, Object> templateResolutionAttributes) {
+        Resource resource =
+                resourceLoader.getResource("file:./customFiles/templates/" + resourceName);
+        try {
+            if (resource.exists() && resource.isReadable()) {
+                return new FileTemplateResource(resource.getFile().getPath(), characterEncoding);
+            }
+        } catch (IOException e) {
+
+        }
+
+        InputStream inputStream =
+                Thread.currentThread()
+                        .getContextClassLoader()
+                        .getResourceAsStream("templates/" + resourceName);
+        if (inputStream != null) {
+            return new InputStreamTemplateResource(inputStream, "UTF-8");
+        }
+        return null;
+    }
+}

src/main/java/stirling/software/SPDF/config/MetricsFilter.java

@@ -36,7 +36,6 @@ public class MetricsFilter extends OncePerRequestFilter {
                 || uri.startsWith("/v1/api-docs")
                 || uri.endsWith("robots.txt")
                 || uri.startsWith("/images")
-                || uri.startsWith("/images")
                 || uri.endsWith(".png")
                 || uri.endsWith(".ico")
                 || uri.endsWith(".css")

src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java

@@ -3,27 +3,31 @@ package stirling.software.SPDF.config.security;
 import java.io.IOException;
 import java.util.Optional;
 
-import org.springframework.beans.factory.annotation.Autowired;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-import org.springframework.stereotype.Component;
 
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import stirling.software.SPDF.model.User;
 
-@Component
 public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
 
-    @Autowired private final LoginAttemptService loginAttemptService;
+    private LoginAttemptService loginAttemptService;
 
-    @Autowired private final UserService userService; // Inject the UserService
+    private UserService userService;
+
+    private static final Logger logger =
+            LoggerFactory.getLogger(CustomAuthenticationFailureHandler.class);
 
     public CustomAuthenticationFailureHandler(
-            LoginAttemptService loginAttemptService, UserService userService) {
+            final LoginAttemptService loginAttemptService, UserService userService) {
         this.loginAttemptService = loginAttemptService;
         this.userService = userService;
     }
@@ -34,29 +38,41 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
             HttpServletResponse response,
             AuthenticationException exception)
             throws IOException, ServletException {
+
         String ip = request.getRemoteAddr();
-        logger.error("Failed login attempt from IP: " + ip);
+        logger.error("Failed login attempt from IP: {}", ip);
+
+        if (exception.getClass().isAssignableFrom(InternalAuthenticationServiceException.class)
+                || "Password must not be null".equalsIgnoreCase(exception.getMessage())) {
+            response.sendRedirect("/login?error=oauth2AuthenticationError");
+            return;
+        }
 
         String username = request.getParameter("username");
-        if (!isDemoUser(username)) {
-            if (loginAttemptService.loginAttemptCheck(username)) {
-                setDefaultFailureUrl("/login?error=locked");
+        Optional<User> optUser = userService.findByUsernameIgnoreCase(username);
 
-            } else {
-                if (exception.getClass().isAssignableFrom(LockedException.class)) {
-                    setDefaultFailureUrl("/login?error=locked");
-                }
+        if (username != null && optUser.isPresent() && !isDemoUser(optUser)) {
+            logger.info(
+                    "Remaining attempts for user {}: {}",
+                    optUser.get().getUsername(),
+                    loginAttemptService.getRemainingAttempts(username));
+            loginAttemptService.loginFailed(username);
+            if (loginAttemptService.isBlocked(username)
+                    || exception.getClass().isAssignableFrom(LockedException.class)) {
+                response.sendRedirect("/login?error=locked");
+                return;
             }
         }
-        if (exception.getClass().isAssignableFrom(BadCredentialsException.class)) {
-            setDefaultFailureUrl("/login?error=badcredentials");
+        if (exception.getClass().isAssignableFrom(BadCredentialsException.class)
+                || exception.getClass().isAssignableFrom(UsernameNotFoundException.class)) {
+            response.sendRedirect("/login?error=badcredentials");
+            return;
         }
 
         super.onAuthenticationFailure(request, response, exception);
     }
 
-    private boolean isDemoUser(String username) {
-        Optional<User> user = userService.findByUsernameIgnoreCase(username);
+    private boolean isDemoUser(Optional<User> user) {
         return user.isPresent()
                 && user.get().getAuthorities().stream()
                         .anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));

src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java

@@ -2,11 +2,9 @@ package stirling.software.SPDF.config.security;
 
 import java.io.IOException;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.savedrequest.SavedRequest;
-import org.springframework.stereotype.Component;
 
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -14,25 +12,30 @@ import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
 import stirling.software.SPDF.utils.RequestUriUtils;
 
-@Component
 public class CustomAuthenticationSuccessHandler
         extends SavedRequestAwareAuthenticationSuccessHandler {
 
-    @Autowired private LoginAttemptService loginAttemptService;
+    private LoginAttemptService loginAttemptService;
+
+    public CustomAuthenticationSuccessHandler(LoginAttemptService loginAttemptService) {
+        this.loginAttemptService = loginAttemptService;
+    }
 
     @Override
     public void onAuthenticationSuccess(
             HttpServletRequest request, HttpServletResponse response, Authentication authentication)
             throws ServletException, IOException {
-        String username = request.getParameter("username");
-        loginAttemptService.loginSucceeded(username);
+
+        String userName = request.getParameter("username");
+        loginAttemptService.loginSucceeded(userName);
 
         // Get the saved request
         HttpSession session = request.getSession(false);
         SavedRequest savedRequest =
-                session != null
+                (session != null)
                         ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
                         : null;
+
         if (savedRequest != null
                 && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
             // Redirect to the original destination

src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java

@@ -0,0 +1,33 @@
+package stirling.software.SPDF.config.security;
+
+import java.io.IOException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+
+public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
+
+    @Autowired SessionRegistry sessionRegistry;
+
+    @Override
+    public void onLogoutSuccess(
+            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException {
+        HttpSession session = request.getSession(false);
+        if (session != null) {
+            String sessionId = session.getId();
+            sessionRegistry.removeSessionInformation(sessionId);
+            session.invalidate();
+            logger.debug("Session invalidated: " + sessionId);
+        }
+
+        response.sendRedirect(request.getContextPath() + "/login?logout=true");
+    }
+}

src/main/java/stirling/software/SPDF/config/security/CustomUserDetailsService.java

@@ -39,6 +39,10 @@ public class CustomUserDetailsService implements UserDetailsService {
                     "Your account has been locked due to too many failed login attempts.");
         }
 
+        if (!user.hasPassword()) {
+            throw new IllegalArgumentException("Password must not be null");
+        }
+
         return new org.springframework.security.core.userdetails.User(
                 user.getUsername(),
                 user.getPassword(),

src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java

@@ -7,6 +7,8 @@ import java.nio.file.Paths;
 import java.util.List;
 import java.util.UUID;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -19,40 +21,67 @@ public class InitialSecuritySetup {
 
     @Autowired private UserService userService;
 
-    @Autowired ApplicationProperties applicationProperties;
+    @Autowired private ApplicationProperties applicationProperties;
+
+    private static final Logger logger = LoggerFactory.getLogger(InitialSecuritySetup.class);
 
     @PostConstruct
     public void init() {
         if (!userService.hasUsers()) {
-
-            String initialUsername =
-                    applicationProperties.getSecurity().getInitialLogin().getUsername();
-            String initialPassword =
-                    applicationProperties.getSecurity().getInitialLogin().getPassword();
-            if (initialUsername != null && initialPassword != null) {
-                userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId());
-            } else {
-                initialUsername = "admin";
-                initialPassword = "stirling";
-                userService.saveUser(
-                        initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);
-            }
+            initializeAdminUser();
         }
+        initializeInternalApiUser();
+    }
+
+    @PostConstruct
+    public void initSecretKey() throws IOException {
+        String secretKey = applicationProperties.getAutomaticallyGenerated().getKey();
+        if (!isValidUUID(secretKey)) {
+            secretKey = UUID.randomUUID().toString(); // Generating a random UUID as the secret key
+            saveKeyToConfig(secretKey);
+        }
+    }
+
+    private void initializeAdminUser() {
+        String initialUsername =
+                applicationProperties.getSecurity().getInitialLogin().getUsername();
+        String initialPassword =
+                applicationProperties.getSecurity().getInitialLogin().getPassword();
+
+        if (initialUsername != null
+                && !initialUsername.isEmpty()
+                && initialPassword != null
+                && !initialPassword.isEmpty()
+                && !userService.findByUsernameIgnoreCase(initialUsername).isPresent()) {
+            try {
+                userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId());
+                logger.info("Admin user created: " + initialUsername);
+            } catch (IllegalArgumentException e) {
+                logger.error("Failed to initialize security setup", e);
+                System.exit(1);
+            }
+        } else {
+            createDefaultAdminUser();
+        }
+    }
+
+    private void createDefaultAdminUser() {
+        String defaultUsername = "admin";
+        String defaultPassword = "stirling";
+        if (!userService.findByUsernameIgnoreCase(defaultUsername).isPresent()) {
+            userService.saveUser(defaultUsername, defaultPassword, Role.ADMIN.getRoleId(), true);
+            logger.info("Default admin user created: " + defaultUsername);
+        }
+    }
+
+    private void initializeInternalApiUser() {
         if (!userService.usernameExistsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {
             userService.saveUser(
                     Role.INTERNAL_API_USER.getRoleId(),
                     UUID.randomUUID().toString(),
                     Role.INTERNAL_API_USER.getRoleId());
             userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());
-        }
-    }
-
-    @PostConstruct
-    public void initSecretKey() throws IOException {
-        String secretKey = applicationProperties.getAutomaticallyGenerated().getKey();
-        if (secretKey == null || secretKey.isEmpty()) {
-            secretKey = UUID.randomUUID().toString(); // Generating a random UUID as the secret key
-            saveKeyToConfig(secretKey);
+            logger.info("Internal API user created: " + Role.INTERNAL_API_USER.getRoleId());
         }
     }
 
@@ -85,4 +114,16 @@ public class InitialSecuritySetup {
         // Write back to the file
         Files.write(path, lines);
     }
+
+    private boolean isValidUUID(String uuid) {
+        if (uuid == null) {
+            return false;
+        }
+        try {
+            UUID.fromString(uuid);
+            return true;
+        } catch (IllegalArgumentException e) {
+            return false;
+        }
+    }
 }

src/main/java/stirling/software/SPDF/config/security/LoginAttemptService.java

@@ -3,6 +3,8 @@ package stirling.software.SPDF.config.security;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -15,44 +17,61 @@ public class LoginAttemptService {
 
     @Autowired ApplicationProperties applicationProperties;
 
-    private int MAX_ATTEMPTS;
+    private static final Logger logger = LoggerFactory.getLogger(LoginAttemptService.class);
+
+    private int MAX_ATTEMPT;
     private long ATTEMPT_INCREMENT_TIME;
+    private ConcurrentHashMap<String, AttemptCounter> attemptsCache;
 
     @PostConstruct
     public void init() {
-        MAX_ATTEMPTS = applicationProperties.getSecurity().getLoginAttemptCount();
+        MAX_ATTEMPT = applicationProperties.getSecurity().getLoginAttemptCount();
         ATTEMPT_INCREMENT_TIME =
                 TimeUnit.MINUTES.toMillis(
                         applicationProperties.getSecurity().getLoginResetTimeMinutes());
+        attemptsCache = new ConcurrentHashMap<>();
     }
 
-    private final ConcurrentHashMap<String, AttemptCounter> attemptsCache =
-            new ConcurrentHashMap<>();
-
     public void loginSucceeded(String key) {
-        attemptsCache.remove(key);
+        if (key == null || key.trim().isEmpty()) {
+            return;
+        }
+        attemptsCache.remove(key.toLowerCase());
     }
 
-    public boolean loginAttemptCheck(String key) {
-        attemptsCache.compute(
-                key,
-                (k, attemptCounter) -> {
-                    if (attemptCounter == null
-                            || attemptCounter.shouldReset(ATTEMPT_INCREMENT_TIME)) {
-                        return new AttemptCounter();
-                    } else {
-                        attemptCounter.increment();
-                        return attemptCounter;
-                    }
-                });
-        return attemptsCache.get(key).getAttemptCount() >= MAX_ATTEMPTS;
+    public void loginFailed(String key) {
+        if (key == null || key.trim().isEmpty()) return;
+
+        AttemptCounter attemptCounter = attemptsCache.get(key.toLowerCase());
+        if (attemptCounter == null) {
+            attemptCounter = new AttemptCounter();
+            attemptsCache.put(key.toLowerCase(), attemptCounter);
+        } else {
+            if (attemptCounter.shouldReset(ATTEMPT_INCREMENT_TIME)) {
+                attemptCounter.reset();
+            }
+            attemptCounter.increment();
+        }
     }
 
     public boolean isBlocked(String key) {
-        AttemptCounter attemptCounter = attemptsCache.get(key);
-        if (attemptCounter != null) {
-            return attemptCounter.getAttemptCount() >= MAX_ATTEMPTS;
+        if (key == null || key.trim().isEmpty()) return false;
+        AttemptCounter attemptCounter = attemptsCache.get(key.toLowerCase());
+        if (attemptCounter == null) {
+            return false;
         }
-        return false;
+
+        return attemptCounter.getAttemptCount() >= MAX_ATTEMPT;
+    }
+
+    public int getRemainingAttempts(String key) {
+        if (key == null || key.trim().isEmpty()) return MAX_ATTEMPT;
+
+        AttemptCounter attemptCounter = attemptsCache.get(key.toLowerCase());
+        if (attemptCounter == null) {
+            return MAX_ATTEMPT;
+        }
+
+        return MAX_ATTEMPT - attemptCounter.getAttemptCount();
     }
 }

src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java

@@ -1,7 +1,12 @@
 package stirling.software.SPDF.config.security;
 
+import java.util.*;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Lazy;
@@ -10,18 +15,35 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.ClientRegistrations;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.security.web.savedrequest.NullRequestCache;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
-import jakarta.servlet.http.HttpSession;
+import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationFailureHandler;
+import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationSuccessHandler;
+import stirling.software.SPDF.config.security.oauth2.CustomOAuth2LogoutSuccessHandler;
+import stirling.software.SPDF.config.security.oauth2.CustomOAuth2UserService;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.GithubProvider;
+import stirling.software.SPDF.model.ApplicationProperties.GoogleProvider;
+import stirling.software.SPDF.model.ApplicationProperties.KeycloakProvider;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
+import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.repository.JPATokenRepositoryImpl;
 
 @Configuration
@@ -29,7 +51,9 @@ import stirling.software.SPDF.repository.JPATokenRepositoryImpl;
 @EnableMethodSecurity
 public class SecurityConfiguration {
 
-    @Autowired private UserDetailsService userDetailsService;
+    @Autowired private CustomUserDetailsService userDetailsService;
+
+    private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
 
     @Bean
     public PasswordEncoder passwordEncoder() {
@@ -42,6 +66,8 @@ public class SecurityConfiguration {
     @Qualifier("loginEnabled")
     public boolean loginEnabledValue;
 
+    @Autowired ApplicationProperties applicationProperties;
+
     @Autowired private UserAuthenticationFilter userAuthenticationFilter;
 
     @Autowired private LoginAttemptService loginAttemptService;
@@ -76,7 +102,8 @@ public class SecurityConfiguration {
                                     formLogin
                                             .loginPage("/login")
                                             .successHandler(
-                                                    new CustomAuthenticationSuccessHandler())
+                                                    new CustomAuthenticationSuccessHandler(
+                                                            loginAttemptService))
                                             .defaultSuccessUrl("/")
                                             .failureHandler(
                                                     new CustomAuthenticationFailureHandler(
@@ -87,20 +114,9 @@ public class SecurityConfiguration {
                             logout ->
                                     logout.logoutRequestMatcher(
                                                     new AntPathRequestMatcher("/logout"))
-                                            .logoutSuccessUrl("/login?logout=true")
+                                            .logoutSuccessHandler(new CustomLogoutSuccessHandler())
                                             .invalidateHttpSession(true) // Invalidate session
-                                            .deleteCookies("JSESSIONID", "remember-me")
-                                            .addLogoutHandler(
-                                                    (request, response, authentication) -> {
-                                                        HttpSession session =
-                                                                request.getSession(false);
-                                                        if (session != null) {
-                                                            String sessionId = session.getId();
-                                                            sessionRegistry()
-                                                                    .removeSessionInformation(
-                                                                            sessionId);
-                                                        }
-                                                    }))
+                                            .deleteCookies("JSESSIONID", "remember-me"))
                     .rememberMe(
                             rememberMeConfigurer ->
                                     rememberMeConfigurer // Use the configurator directly
@@ -124,6 +140,7 @@ public class SecurityConfiguration {
                                                                         : uri;
 
                                                         return trimmedUri.startsWith("/login")
+                                                                || trimmedUri.startsWith("/oauth")
                                                                 || trimmedUri.endsWith(".svg")
                                                                 || trimmedUri.startsWith(
                                                                         "/register")
@@ -131,6 +148,7 @@ public class SecurityConfiguration {
                                                                 || trimmedUri.startsWith("/images/")
                                                                 || trimmedUri.startsWith("/public/")
                                                                 || trimmedUri.startsWith("/css/")
+                                                                || trimmedUri.startsWith("/fonts/")
                                                                 || trimmedUri.startsWith("/js/")
                                                                 || trimmedUri.startsWith(
                                                                         "/api/v1/info/status");
@@ -138,8 +156,46 @@ public class SecurityConfiguration {
                                             .permitAll()
                                             .anyRequest()
                                             .authenticated())
-                    .userDetailsService(userDetailsService)
                     .authenticationProvider(authenticationProvider());
+
+            // Handle OAUTH2 Logins
+            if (applicationProperties.getSecurity().getOAUTH2() != null
+                    && applicationProperties.getSecurity().getOAUTH2().getEnabled()) {
+
+                http.oauth2Login(
+                                oauth2 ->
+                                        oauth2.loginPage("/oauth2")
+                                                /*
+                                                This Custom handler is used to check if the OAUTH2 user trying to log in, already exists in the database.
+                                                If user exists, login proceeds as usual. If user does not exist, then it is autocreated but only if 'OAUTH2AutoCreateUser'
+                                                is set as true, else login fails with an error message advising the same.
+                                                 */
+                                                .successHandler(
+                                                        new CustomOAuth2AuthenticationSuccessHandler(
+                                                                loginAttemptService,
+                                                                applicationProperties,
+                                                                userService))
+                                                .failureHandler(
+                                                        new CustomOAuth2AuthenticationFailureHandler())
+                                                // Add existing Authorities from the database
+                                                .userInfoEndpoint(
+                                                        userInfoEndpoint ->
+                                                                userInfoEndpoint
+                                                                        .oidcUserService(
+                                                                                new CustomOAuth2UserService(
+                                                                                        applicationProperties,
+                                                                                        userService,
+                                                                                        loginAttemptService))
+                                                                        .userAuthoritiesMapper(
+                                                                                userAuthoritiesMapper())))
+                        .logout(
+                                logout ->
+                                        logout.logoutSuccessHandler(
+                                                        new CustomOAuth2LogoutSuccessHandler(
+                                                                this.applicationProperties,
+                                                                sessionRegistry()))
+                                                .invalidateHttpSession(true));
+            }
         } else {
             http.csrf(csrf -> csrf.disable())
                     .authorizeHttpRequests(authz -> authz.anyRequest().permitAll());
@@ -148,6 +204,178 @@ public class SecurityConfiguration {
         return http.build();
     }
 
+    // Client Registration Repository for OAUTH2 OIDC Login
+    @Bean
+    @ConditionalOnProperty(
+            value = "security.oauth2.enabled",
+            havingValue = "true",
+            matchIfMissing = false)
+    public ClientRegistrationRepository clientRegistrationRepository() {
+        List<ClientRegistration> registrations = new ArrayList<>();
+
+        githubClientRegistration().ifPresent(registrations::add);
+        oidcClientRegistration().ifPresent(registrations::add);
+        googleClientRegistration().ifPresent(registrations::add);
+        keycloakClientRegistration().ifPresent(registrations::add);
+
+        if (registrations.isEmpty()) {
+            logger.error("At least one OAuth2 provider must be configured");
+            System.exit(1);
+        }
+
+        return new InMemoryClientRegistrationRepository(registrations);
+    }
+
+    private Optional<ClientRegistration> googleClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOAUTH2();
+        if (oauth == null || !oauth.getEnabled()) {
+            return Optional.empty();
+        }
+        Client client = oauth.getClient();
+        if (client == null) {
+            return Optional.empty();
+        }
+        GoogleProvider google = client.getGoogle();
+        return google != null && google.isSettingsValid()
+                ? Optional.of(
+                        ClientRegistration.withRegistrationId(google.getName())
+                                .clientId(google.getClientId())
+                                .clientSecret(google.getClientSecret())
+                                .scope(google.getScopes())
+                                .authorizationUri(google.getAuthorizationuri())
+                                .tokenUri(google.getTokenuri())
+                                .userInfoUri(google.getUserinfouri())
+                                .userNameAttributeName(google.getUseAsUsername())
+                                .clientName(google.getClientName())
+                                .redirectUri("{baseUrl}/login/oauth2/code/" + google.getName())
+                                .authorizationGrantType(
+                                        org.springframework.security.oauth2.core
+                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
+                                .build())
+                : Optional.empty();
+    }
+
+    private Optional<ClientRegistration> keycloakClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOAUTH2();
+        if (oauth == null || !oauth.getEnabled()) {
+            return Optional.empty();
+        }
+        Client client = oauth.getClient();
+        if (client == null) {
+            return Optional.empty();
+        }
+        KeycloakProvider keycloak = client.getKeycloak();
+
+        return keycloak != null && keycloak.isSettingsValid()
+                ? Optional.of(
+                        ClientRegistrations.fromIssuerLocation(keycloak.getIssuer())
+                                .registrationId(keycloak.getName())
+                                .clientId(keycloak.getClientId())
+                                .clientSecret(keycloak.getClientSecret())
+                                .scope(keycloak.getScopes())
+                                .userNameAttributeName(keycloak.getUseAsUsername())
+                                .clientName(keycloak.getClientName())
+                                .build())
+                : Optional.empty();
+    }
+
+    private Optional<ClientRegistration> githubClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOAUTH2();
+        if (oauth == null || !oauth.getEnabled()) {
+            return Optional.empty();
+        }
+        Client client = oauth.getClient();
+        if (client == null) {
+            return Optional.empty();
+        }
+        GithubProvider github = client.getGithub();
+        return github != null && github.isSettingsValid()
+                ? Optional.of(
+                        ClientRegistration.withRegistrationId(github.getName())
+                                .clientId(github.getClientId())
+                                .clientSecret(github.getClientSecret())
+                                .scope(github.getScopes())
+                                .authorizationUri(github.getAuthorizationuri())
+                                .tokenUri(github.getTokenuri())
+                                .userInfoUri(github.getUserinfouri())
+                                .userNameAttributeName(github.getUseAsUsername())
+                                .clientName(github.getClientName())
+                                .redirectUri("{baseUrl}/login/oauth2/code/" + github.getName())
+                                .authorizationGrantType(
+                                        org.springframework.security.oauth2.core
+                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
+                                .build())
+                : Optional.empty();
+    }
+
+    private Optional<ClientRegistration> oidcClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOAUTH2();
+        if (oauth == null
+                || oauth.getIssuer() == null
+                || oauth.getIssuer().isEmpty()
+                || oauth.getClientId() == null
+                || oauth.getClientId().isEmpty()
+                || oauth.getClientSecret() == null
+                || oauth.getClientSecret().isEmpty()
+                || oauth.getScopes() == null
+                || oauth.getScopes().isEmpty()
+                || oauth.getUseAsUsername() == null
+                || oauth.getUseAsUsername().isEmpty()) {
+            return Optional.empty();
+        }
+        return Optional.of(
+                ClientRegistrations.fromIssuerLocation(oauth.getIssuer())
+                        .registrationId("oidc")
+                        .clientId(oauth.getClientId())
+                        .clientSecret(oauth.getClientSecret())
+                        .scope(oauth.getScopes())
+                        .userNameAttributeName(oauth.getUseAsUsername())
+                        .clientName("OIDC")
+                        .build());
+    }
+
+    /*
+    This following function is to grant Authorities to the OAUTH2 user from the values stored in the database.
+    This is required for the internal; 'hasRole()' function to give out the correct role.
+     */
+    @Bean
+    @ConditionalOnProperty(
+            value = "security.oauth2.enabled",
+            havingValue = "true",
+            matchIfMissing = false)
+    GrantedAuthoritiesMapper userAuthoritiesMapper() {
+        return (authorities) -> {
+            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+
+            authorities.forEach(
+                    authority -> {
+                        // Add existing OAUTH2 Authorities
+                        mappedAuthorities.add(new SimpleGrantedAuthority(authority.getAuthority()));
+
+                        // Add Authorities from database for existing user, if user is present.
+                        if (authority instanceof OAuth2UserAuthority oauth2Auth) {
+                            String useAsUsername =
+                                    applicationProperties
+                                            .getSecurity()
+                                            .getOAUTH2()
+                                            .getUseAsUsername();
+                            Optional<User> userOpt =
+                                    userService.findByUsernameIgnoreCase(
+                                            (String) oauth2Auth.getAttributes().get(useAsUsername));
+                            if (userOpt.isPresent()) {
+                                User user = userOpt.get();
+                                if (user != null) {
+                                    mappedAuthorities.add(
+                                            new SimpleGrantedAuthority(
+                                                    userService.findRole(user).getAuthority()));
+                                }
+                            }
+                        }
+                    });
+            return mappedAuthorities;
+        };
+    }
+
     @Bean
     public IPRateLimitingFilter rateLimitingFilter() {
         int maxRequestsPerIp = 1000000; // Example limit TODO add config level

src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java

@@ -101,6 +101,7 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
             contextPath + "/images/",
             contextPath + "/public/",
             contextPath + "/css/",
+            contextPath + "/fonts/",
             contextPath + "/js/",
             contextPath + "/pdfjs/",
             contextPath + "/api/v1/info/status",

src/main/java/stirling/software/SPDF/config/security/UserBasedRateLimitingFilter.java

@@ -20,6 +20,7 @@ import io.github.bucket4j.Bandwidth;
 import io.github.bucket4j.Bucket;
 import io.github.bucket4j.ConsumptionProbe;
 import io.github.bucket4j.Refill;
+import io.github.pixee.security.Newlines;
 
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -125,12 +126,16 @@ public class UserBasedRateLimitingFilter extends OncePerRequestFilter {
         ConsumptionProbe probe = userBucket.tryConsumeAndReturnRemaining(1);
 
         if (probe.isConsumed()) {
-            response.setHeader("X-Rate-Limit-Remaining", Long.toString(probe.getRemainingTokens()));
+            response.setHeader(
+                    "X-Rate-Limit-Remaining",
+                    Newlines.stripAll(Long.toString(probe.getRemainingTokens())));
             filterChain.doFilter(request, response);
         } else {
             long waitForRefill = probe.getNanosToWaitForRefill() / 1_000_000_000;
             response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
-            response.setHeader("X-Rate-Limit-Retry-After-Seconds", String.valueOf(waitForRefill));
+            response.setHeader(
+                    "X-Rate-Limit-Retry-After-Seconds",
+                    Newlines.stripAll(String.valueOf(waitForRefill)));
             response.getWriter().write("Rate limit exceeded for POST requests.");
         }
     }

src/main/java/stirling/software/SPDF/config/security/UserService.java

@@ -8,6 +8,8 @@ import java.util.UUID;
 import java.util.stream.Collectors;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.MessageSource;
+import org.springframework.context.i18n.LocaleContextHolder;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -18,9 +20,11 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import stirling.software.SPDF.controller.api.pipeline.UserServiceInterface;
+import stirling.software.SPDF.model.AuthenticationType;
 import stirling.software.SPDF.model.Authority;
 import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
+import stirling.software.SPDF.repository.AuthorityRepository;
 import stirling.software.SPDF.repository.UserRepository;
 
 @Service
@@ -28,8 +32,28 @@ public class UserService implements UserServiceInterface {
 
     @Autowired private UserRepository userRepository;
 
+    @Autowired private AuthorityRepository authorityRepository;
+
     @Autowired private PasswordEncoder passwordEncoder;
 
+    @Autowired private MessageSource messageSource;
+
+    // Handle OAUTH2 login and user auto creation.
+    public boolean processOAuth2PostLogin(String username, boolean autoCreateUser) {
+        if (!isUsernameValid(username)) {
+            return false;
+        }
+        Optional<User> existingUser = userRepository.findByUsernameIgnoreCase(username);
+        if (existingUser.isPresent()) {
+            return true;
+        }
+        if (autoCreateUser) {
+            saveUser(username, AuthenticationType.OAUTH2);
+            return true;
+        }
+        return false;
+    }
+
     public Authentication getAuthentication(String apiKey) {
         User user = getUserByApiKey(apiKey);
         if (user == null) {
@@ -90,9 +114,8 @@ public class UserService implements UserServiceInterface {
     }
 
     public UserDetails loadUserByApiKey(String apiKey) {
-        User userOptional = userRepository.findByApiKey(apiKey);
-        if (userOptional != null) {
-            User user = userOptional;
+        User user = userRepository.findByApiKey(apiKey);
+        if (user != null) {
             // Convert your User entity to a UserDetails object with authorities
             return new org.springframework.security.core.userdetails.User(
                     user.getUsername(),
@@ -104,35 +127,53 @@ public class UserService implements UserServiceInterface {
 
     public boolean validateApiKeyForUser(String username, String apiKey) {
         Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
-        return userOpt.isPresent() && userOpt.get().getApiKey().equals(apiKey);
+        return userOpt.isPresent() && apiKey.equals(userOpt.get().getApiKey());
     }
 
-    public void saveUser(String username, String password) {
+    public void saveUser(String username, AuthenticationType authenticationType)
+            throws IllegalArgumentException {
+        if (!isUsernameValid(username)) {
+            throw new IllegalArgumentException(getInvalidUsernameMessage());
+        }
+        User user = new User();
+        user.setUsername(username);
+        user.setEnabled(true);
+        user.setFirstLogin(false);
+        user.addAuthority(new Authority(Role.USER.getRoleId(), user));
+        user.setAuthenticationType(authenticationType);
+        userRepository.save(user);
+    }
+
+    public void saveUser(String username, String password) throws IllegalArgumentException {
+        if (!isUsernameValid(username)) {
+            throw new IllegalArgumentException(getInvalidUsernameMessage());
+        }
         User user = new User();
         user.setUsername(username);
         user.setPassword(passwordEncoder.encode(password));
         user.setEnabled(true);
+        user.setAuthenticationType(AuthenticationType.WEB);
         userRepository.save(user);
     }
 
-    public void saveUser(String username, String password, String role, boolean firstLogin) {
+    public void saveUser(String username, String password, String role, boolean firstLogin)
+            throws IllegalArgumentException {
+        if (!isUsernameValid(username)) {
+            throw new IllegalArgumentException(getInvalidUsernameMessage());
+        }
         User user = new User();
         user.setUsername(username);
         user.setPassword(passwordEncoder.encode(password));
         user.addAuthority(new Authority(role, user));
         user.setEnabled(true);
+        user.setAuthenticationType(AuthenticationType.WEB);
         user.setFirstLogin(firstLogin);
         userRepository.save(user);
     }
 
-    public void saveUser(String username, String password, String role) {
-        User user = new User();
-        user.setUsername(username);
-        user.setPassword(passwordEncoder.encode(password));
-        user.addAuthority(new Authority(role, user));
-        user.setEnabled(true);
-        user.setFirstLogin(false);
-        userRepository.save(user);
+    public void saveUser(String username, String password, String role)
+            throws IllegalArgumentException {
+        saveUser(username, password, role, false);
     }
 
     public void deleteUser(String username) {
@@ -156,7 +197,13 @@ public class UserService implements UserServiceInterface {
     }
 
     public boolean hasUsers() {
-        return userRepository.count() > 0;
+        long userCount = userRepository.count();
+        if (userRepository
+                .findByUsernameIgnoreCase(Role.INTERNAL_API_USER.getRoleId())
+                .isPresent()) {
+            userCount -= 1;
+        }
+        return userCount > 0;
     }
 
     public void updateUserSettings(String username, Map<String, String> updates) {
@@ -166,7 +213,7 @@ public class UserService implements UserServiceInterface {
             Map<String, String> settingsMap = user.getSettings();
 
             if (settingsMap == null) {
-                settingsMap = new HashMap<String, String>();
+                settingsMap = new HashMap<>();
             }
             settingsMap.clear();
             settingsMap.putAll(updates);
@@ -184,7 +231,14 @@ public class UserService implements UserServiceInterface {
         return userRepository.findByUsernameIgnoreCase(username);
     }
 
-    public void changeUsername(User user, String newUsername) {
+    public Authority findRole(User user) {
+        return authorityRepository.findByUserId(user.getId());
+    }
+
+    public void changeUsername(User user, String newUsername) throws IllegalArgumentException {
+        if (!isUsernameValid(newUsername)) {
+            throw new IllegalArgumentException(getInvalidUsernameMessage());
+        }
         user.setUsername(newUsername);
         userRepository.save(user);
     }
@@ -199,11 +253,41 @@ public class UserService implements UserServiceInterface {
         userRepository.save(user);
     }
 
+    public void changeRole(User user, String newRole) {
+        Authority userAuthority = this.findRole(user);
+        userAuthority.setAuthority(newRole);
+        authorityRepository.save(userAuthority);
+    }
+
     public boolean isPasswordCorrect(User user, String currentPassword) {
         return passwordEncoder.matches(currentPassword, user.getPassword());
     }
 
     public boolean isUsernameValid(String username) {
-        return username.matches("[a-zA-Z0-9]+");
+        // Checks whether the simple username is formatted correctly
+        boolean isValidSimpleUsername =
+                username.matches("^[a-zA-Z0-9][a-zA-Z0-9@._+-]*[a-zA-Z0-9]$");
+        // Checks whether the email address is formatted correctly
+        boolean isValidEmail =
+                username.matches(
+                        "^(?=.{1,64}@)[A-Za-z0-9]+(\\.[A-Za-z0-9_+.-]+)*@[^-][A-Za-z0-9-]+(\\.[A-Za-z0-9-]+)*(\\.[A-Za-z]{2,})$");
+        return isValidSimpleUsername || isValidEmail;
+    }
+
+    private String getInvalidUsernameMessage() {
+        return messageSource.getMessage(
+                "invalidUsernameMessage", null, LocaleContextHolder.getLocale());
+    }
+
+    public boolean hasPassword(String username) {
+        Optional<User> user = userRepository.findByUsernameIgnoreCase(username);
+        return user.isPresent() && user.get().hasPassword();
+    }
+
+    public boolean isAuthenticationTypeByUsername(
+            String username, AuthenticationType authenticationType) {
+        Optional<User> user = userRepository.findByUsernameIgnoreCase(username);
+        return user.isPresent()
+                && authenticationType.name().equalsIgnoreCase(user.get().getAuthenticationType());
     }
 }

src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationFailureHandler.java

@@ -0,0 +1,50 @@
+package stirling.software.SPDF.config.security.oauth2;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2Error;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+public class CustomOAuth2AuthenticationFailureHandler
+        extends SimpleUrlAuthenticationFailureHandler {
+
+    private static final Logger logger =
+            LoggerFactory.getLogger(CustomOAuth2AuthenticationFailureHandler.class);
+
+    @Override
+    public void onAuthenticationFailure(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            AuthenticationException exception)
+            throws IOException, ServletException {
+        if (exception instanceof OAuth2AuthenticationException) {
+            OAuth2Error error = ((OAuth2AuthenticationException) exception).getError();
+
+            String errorCode = error.getErrorCode();
+
+            if (error.getErrorCode().equals("Password must not be null")) {
+                errorCode = "userAlreadyExistsWeb";
+            }
+            logger.error("OAuth2 Authentication error: " + errorCode);
+            getRedirectStrategy()
+                    .sendRedirect(request, response, "/logout?erroroauth=" + errorCode);
+            return;
+        } else if (exception instanceof LockedException) {
+            logger.error("Account locked: ", exception);
+            getRedirectStrategy().sendRedirect(request, response, "/logout?error=locked");
+            return;
+        } else {
+            logger.error("Unhandled authentication exception", exception);
+            super.onAuthenticationFailure(request, response, exception);
+        }
+    }
+}

src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java

@@ -0,0 +1,93 @@
+package stirling.software.SPDF.config.security.oauth2;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.savedrequest.SavedRequest;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import stirling.software.SPDF.config.security.LoginAttemptService;
+import stirling.software.SPDF.config.security.UserService;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.AuthenticationType;
+import stirling.software.SPDF.utils.RequestUriUtils;
+
+public class CustomOAuth2AuthenticationSuccessHandler
+        extends SavedRequestAwareAuthenticationSuccessHandler {
+
+    private LoginAttemptService loginAttemptService;
+
+    private static final Logger logger =
+            LoggerFactory.getLogger(CustomOAuth2AuthenticationSuccessHandler.class);
+
+    private ApplicationProperties applicationProperties;
+    private UserService userService;
+
+    public CustomOAuth2AuthenticationSuccessHandler(
+            final LoginAttemptService loginAttemptService,
+            ApplicationProperties applicationProperties,
+            UserService userService) {
+        this.applicationProperties = applicationProperties;
+        this.userService = userService;
+        this.loginAttemptService = loginAttemptService;
+    }
+
+    @Override
+    public void onAuthenticationSuccess(
+            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws ServletException, IOException {
+
+        // Get the saved request
+        HttpSession session = request.getSession(false);
+        SavedRequest savedRequest =
+                (session != null)
+                        ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
+                        : null;
+
+        if (savedRequest != null
+                && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
+            // Redirect to the original destination
+            super.onAuthenticationSuccess(request, response, authentication);
+        } else {
+            OAuth2User oauthUser = (OAuth2User) authentication.getPrincipal();
+            OAUTH2 oAuth = applicationProperties.getSecurity().getOAUTH2();
+
+            String username = oauthUser.getName();
+
+            if (loginAttemptService.isBlocked(username)) {
+                if (session != null) {
+                    session.removeAttribute("SPRING_SECURITY_SAVED_REQUEST");
+                }
+                throw new LockedException(
+                        "Your account has been locked due to too many failed login attempts.");
+            }
+            if (userService.usernameExistsIgnoreCase(username)
+                    && userService.hasPassword(username)
+                    && !userService.isAuthenticationTypeByUsername(
+                            username, AuthenticationType.OAUTH2)
+                    && oAuth.getAutoCreateUser()) {
+                response.sendRedirect(
+                        request.getContextPath() + "/logout?oauth2AuthenticationErrorWeb=true");
+                return;
+            } else {
+                try {
+                    userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser());
+                    response.sendRedirect("/");
+                    return;
+                } catch (IllegalArgumentException e) {
+                    response.sendRedirect("/logout?invalidUsername=true");
+                    return;
+                }
+            }
+        }
+    }
+}

src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2LogoutSuccessHandler.java

@@ -0,0 +1,122 @@
+package stirling.software.SPDF.config.security.oauth2;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.Provider;
+import stirling.software.SPDF.utils.UrlUtils;
+
+public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
+
+    private static final Logger logger =
+            LoggerFactory.getLogger(CustomOAuth2LogoutSuccessHandler.class);
+
+    private final SessionRegistry sessionRegistry;
+    private final ApplicationProperties applicationProperties;
+
+    public CustomOAuth2LogoutSuccessHandler(
+            ApplicationProperties applicationProperties, SessionRegistry sessionRegistry) {
+        this.sessionRegistry = sessionRegistry;
+        this.applicationProperties = applicationProperties;
+    }
+
+    @Override
+    public void onLogoutSuccess(
+            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException {
+        String param = "logout=true";
+        String registrationId = null;
+        String issuer = null;
+        String clientId = null;
+
+        OAUTH2 oauth = applicationProperties.getSecurity().getOAUTH2();
+
+        if (authentication instanceof OAuth2AuthenticationToken) {
+            OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
+            registrationId = oauthToken.getAuthorizedClientRegistrationId();
+
+            try {
+                Provider provider = oauth.getClient().get(registrationId);
+                issuer = provider.getIssuer();
+                clientId = provider.getClientId();
+            } catch (Exception e) {
+                logger.error("exception", e);
+            }
+
+        } else {
+            registrationId = oauth.getProvider() != null ? oauth.getProvider() : "";
+            issuer = oauth.getIssuer();
+            clientId = oauth.getClientId();
+        }
+        String errorMessage = "";
+        if (request.getParameter("oauth2AuthenticationErrorWeb") != null) {
+            param = "erroroauth=oauth2AuthenticationErrorWeb";
+        } else if ((errorMessage = request.getParameter("error")) != null) {
+            param = "error=" + sanitizeInput(errorMessage);
+        } else if ((errorMessage = request.getParameter("erroroauth")) != null) {
+            param = "erroroauth=" + sanitizeInput(errorMessage);
+        } else if (request.getParameter("oauth2AutoCreateDisabled") != null) {
+            param = "error=oauth2AutoCreateDisabled";
+        }
+
+        String redirect_url = UrlUtils.getOrigin(request) + "/login?" + param;
+
+        HttpSession session = request.getSession(false);
+        if (session != null) {
+            String sessionId = session.getId();
+            sessionRegistry.removeSessionInformation(sessionId);
+            session.invalidate();
+            logger.info("Session invalidated: " + sessionId);
+        }
+
+        switch (registrationId.toLowerCase()) {
+            case "keycloak":
+                // Add Keycloak specific logout URL if needed
+                String logoutUrl =
+                        issuer
+                                + "/protocol/openid-connect/logout"
+                                + "?client_id="
+                                + clientId
+                                + "&post_logout_redirect_uri="
+                                + response.encodeRedirectURL(redirect_url);
+                logger.info("Redirecting to Keycloak logout URL: " + logoutUrl);
+                response.sendRedirect(logoutUrl);
+                break;
+            case "github":
+                // Add GitHub specific logout URL if needed
+                String githubLogoutUrl = "https://github.com/logout";
+                logger.info("Redirecting to GitHub logout URL: " + githubLogoutUrl);
+                response.sendRedirect(githubLogoutUrl);
+                break;
+            case "google":
+                // Add Google specific logout URL if needed
+                // String googleLogoutUrl =
+                // "https://accounts.google.com/Logout?continue=https://appengine.google.com/_ah/logout?continue="
+                //                 + response.encodeRedirectURL(redirect_url);
+                // logger.info("Redirecting to Google logout URL: " + googleLogoutUrl);
+                // response.sendRedirect(googleLogoutUrl);
+                // break;
+            default:
+                String redirectUrl = request.getContextPath() + "/login?" + param;
+                logger.info("Redirecting to default logout URL: " + redirectUrl);
+                response.sendRedirect(redirectUrl);
+                break;
+        }
+    }
+
+    private String sanitizeInput(String input) {
+        return input.replaceAll("[^a-zA-Z0-9 ]", "");
+    }
+}

src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2UserService.java

@@ -0,0 +1,92 @@
+package stirling.software.SPDF.config.security.oauth2;
+
+import java.util.Optional;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
+import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2Error;
+import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+
+import stirling.software.SPDF.config.security.LoginAttemptService;
+import stirling.software.SPDF.config.security.UserService;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
+import stirling.software.SPDF.model.User;
+
+public class CustomOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
+
+    private final OidcUserService delegate = new OidcUserService();
+
+    private UserService userService;
+
+    private LoginAttemptService loginAttemptService;
+
+    private ApplicationProperties applicationProperties;
+
+    private static final Logger logger = LoggerFactory.getLogger(CustomOAuth2UserService.class);
+
+    public CustomOAuth2UserService(
+            ApplicationProperties applicationProperties,
+            UserService userService,
+            LoginAttemptService loginAttemptService) {
+        this.applicationProperties = applicationProperties;
+        this.userService = userService;
+        this.loginAttemptService = loginAttemptService;
+    }
+
+    @Override
+    public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
+        OAUTH2 oauth2 = applicationProperties.getSecurity().getOAUTH2();
+        String usernameAttribute = oauth2.getUseAsUsername();
+        if (usernameAttribute == null || usernameAttribute.trim().isEmpty()) {
+            Client client = oauth2.getClient();
+            if (client != null && client.getKeycloak() != null) {
+                usernameAttribute = client.getKeycloak().getUseAsUsername();
+            } else {
+                usernameAttribute = "email";
+            }
+        }
+
+        try {
+            OidcUser user = delegate.loadUser(userRequest);
+            String username = user.getUserInfo().getClaimAsString(usernameAttribute);
+
+            // Check if the username claim is null or empty
+            if (username == null || username.trim().isEmpty()) {
+                throw new IllegalArgumentException(
+                        "Claim '" + usernameAttribute + "' cannot be null or empty");
+            }
+
+            Optional<User> duser = userService.findByUsernameIgnoreCase(username);
+            if (duser.isPresent()) {
+                if (loginAttemptService.isBlocked(username)) {
+                    throw new LockedException(
+                            "Your account has been locked due to too many failed login attempts.");
+                }
+                if (userService.hasPassword(username)) {
+                    throw new IllegalArgumentException("Password must not be null");
+                }
+            }
+
+            // Return a new OidcUser with adjusted attributes
+            return new DefaultOidcUser(
+                    user.getAuthorities(),
+                    userRequest.getIdToken(),
+                    user.getUserInfo(),
+                    usernameAttribute);
+        } catch (IllegalArgumentException e) {
+            logger.error("Error loading OIDC user: {}", e.getMessage());
+            throw new OAuth2AuthenticationException(new OAuth2Error(e.getMessage()), e);
+        } catch (Exception e) {
+            logger.error("Unexpected error loading OIDC user", e);
+            throw new OAuth2AuthenticationException("Unexpected error during authentication");
+        }
+    }
+}

src/main/java/stirling/software/SPDF/controller/api/MergeController.java

@@ -135,7 +135,9 @@ public class MergeController {
             throw ex;
         } finally {
             for (File file : filesToDelete) {
-                file.delete();
+                if (file != null) {
+                    Files.deleteIfExists(file.toPath());
+                }
             }
         }
     }

src/main/java/stirling/software/SPDF/controller/api/PdfOverlayController.java

@@ -87,12 +87,12 @@ public class PdfOverlayController {
         } finally {
             for (File overlayPdfFile : overlayPdfFiles) {
                 if (overlayPdfFile != null) {
-                    overlayPdfFile.delete();
+                    Files.deleteIfExists(overlayPdfFile.toPath());
                 }
             }
             for (File tempFile : tempFiles) { // Delete temporary files
                 if (tempFile != null) {
-                    tempFile.delete();
+                    Files.deleteIfExists(tempFile.toPath());
                 }
             }
         }

src/main/java/stirling/software/SPDF/controller/api/SplitPDFController.java

@@ -121,7 +121,7 @@ public class SplitPDFController {
 
         logger.info("Successfully created zip file with split documents: {}", zipFile.toString());
         byte[] data = Files.readAllBytes(zipFile);
-        Files.delete(zipFile);
+        Files.deleteIfExists(zipFile);
 
         // return the Resource in the response
         return WebResponseUtils.bytesToWebResponse(

src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySectionsController.java

@@ -18,6 +18,8 @@ import org.apache.pdfbox.pdmodel.PDPageContentStream.AppendMode;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.apache.pdfbox.pdmodel.graphics.form.PDFormXObject;
 import org.apache.pdfbox.util.Matrix;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -38,6 +40,9 @@ import stirling.software.SPDF.utils.WebResponseUtils;
 @Tag(name = "General", description = "General APIs")
 public class SplitPdfBySectionsController {
 
+    private static final Logger logger =
+            LoggerFactory.getLogger(SplitPdfBySectionsController.class);
+
     @PostMapping(value = "/split-pdf-by-sections", consumes = "multipart/form-data")
     @Operation(
             summary = "Split PDF pages into smaller sections",
@@ -63,10 +68,7 @@ public class SplitPdfBySectionsController {
             MergeController mergeController = new MergeController();
             ByteArrayOutputStream baos = new ByteArrayOutputStream();
             mergeController.mergeDocuments(splitDocuments).save(baos);
-            return WebResponseUtils.bytesToWebResponse(
-                    baos.toByteArray(),
-                    filename + "_split.pdf",
-                    MediaType.APPLICATION_OCTET_STREAM);
+            return WebResponseUtils.bytesToWebResponse(baos.toByteArray(), filename + "_split.pdf");
         }
         for (PDDocument doc : splitDocuments) {
             ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -95,10 +97,10 @@ public class SplitPdfBySectionsController {
                 if (sectionNum == horiz * verti) pageNum++;
             }
         } catch (Exception e) {
-            e.printStackTrace();
+            logger.error("exception", e);
         } finally {
             data = Files.readAllBytes(zipFile);
-            Files.delete(zipFile);
+            Files.deleteIfExists(zipFile);
         }
 
         return WebResponseUtils.bytesToWebResponse(

src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySizeController.java

@@ -10,6 +10,8 @@ import java.util.zip.ZipOutputStream;
 import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -31,6 +33,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
 @Tag(name = "General", description = "General APIs")
 public class SplitPdfBySizeController {
 
+    private static final Logger logger = LoggerFactory.getLogger(SplitPdfBySizeController.class);
+
     @PostMapping(value = "/split-by-size-or-count", consumes = "multipart/form-data")
     @Operation(
             summary = "Auto split PDF pages into separate documents based on size or count",
@@ -66,7 +70,7 @@ public class SplitPdfBySizeController {
             }
 
         } catch (Exception e) {
-            e.printStackTrace();
+            logger.error("exception", e);
         } finally {
             data = Files.readAllBytes(zipFile);
             Files.deleteIfExists(zipFile);

src/main/java/stirling/software/SPDF/controller/api/UserController.java

@@ -47,8 +47,11 @@ public class UserController {
             model.addAttribute("error", "Username already exists");
             return "register";
         }
-
-        userService.saveUser(requestModel.getUsername(), requestModel.getPassword());
+        try {
+            userService.saveUser(requestModel.getUsername(), requestModel.getPassword());
+        } catch (IllegalArgumentException e) {
+            return "redirect:/login?messageType=invalidUsername";
+        }
         return "redirect:/login?registered=true";
     }
 
@@ -63,42 +66,46 @@ public class UserController {
             RedirectAttributes redirectAttributes) {
 
         if (!userService.isUsernameValid(newUsername)) {
-            return new RedirectView("/account?messageType=invalidUsername");
+            return new RedirectView("/account?messageType=invalidUsername", true);
         }
 
         if (principal == null) {
-            return new RedirectView("/account?messageType=notAuthenticated");
+            return new RedirectView("/account?messageType=notAuthenticated", true);
         }
 
         // The username MUST be unique when renaming
         Optional<User> userOpt = userService.findByUsername(principal.getName());
 
         if (userOpt == null || userOpt.isEmpty()) {
-            return new RedirectView("/account?messageType=userNotFound");
+            return new RedirectView("/account?messageType=userNotFound", true);
         }
 
         User user = userOpt.get();
 
         if (user.getUsername().equals(newUsername)) {
-            return new RedirectView("/account?messageType=usernameExists");
+            return new RedirectView("/account?messageType=usernameExists", true);
         }
 
         if (!userService.isPasswordCorrect(user, currentPassword)) {
-            return new RedirectView("/account?messageType=incorrectPassword");
+            return new RedirectView("/account?messageType=incorrectPassword", true);
         }
 
         if (!user.getUsername().equals(newUsername) && userService.usernameExists(newUsername)) {
-            return new RedirectView("/account?messageType=usernameExists");
+            return new RedirectView("/account?messageType=usernameExists", true);
         }
 
         if (newUsername != null && newUsername.length() > 0) {
-            userService.changeUsername(user, newUsername);
+            try {
+                userService.changeUsername(user, newUsername);
+            } catch (IllegalArgumentException e) {
+                return new RedirectView("/account?messageType=invalidUsername", true);
+            }
         }
 
         // Logout using Spring's utility
         new SecurityContextLogoutHandler().logout(request, response, null);
 
-        return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED);
+        return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED, true);
     }
 
     @PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
@@ -111,19 +118,19 @@ public class UserController {
             HttpServletResponse response,
             RedirectAttributes redirectAttributes) {
         if (principal == null) {
-            return new RedirectView("/change-creds?messageType=notAuthenticated");
+            return new RedirectView("/change-creds?messageType=notAuthenticated", true);
         }
 
         Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
 
         if (userOpt == null || userOpt.isEmpty()) {
-            return new RedirectView("/change-creds?messageType=userNotFound");
+            return new RedirectView("/change-creds?messageType=userNotFound", true);
         }
 
         User user = userOpt.get();
 
         if (!userService.isPasswordCorrect(user, currentPassword)) {
-            return new RedirectView("/change-creds?messageType=incorrectPassword");
+            return new RedirectView("/change-creds?messageType=incorrectPassword", true);
         }
 
         userService.changePassword(user, newPassword);
@@ -131,7 +138,7 @@ public class UserController {
         // Logout using Spring's utility
         new SecurityContextLogoutHandler().logout(request, response, null);
 
-        return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED);
+        return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED, true);
     }
 
     @PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
@@ -144,19 +151,19 @@ public class UserController {
             HttpServletResponse response,
             RedirectAttributes redirectAttributes) {
         if (principal == null) {
-            return new RedirectView("/account?messageType=notAuthenticated");
+            return new RedirectView("/account?messageType=notAuthenticated", true);
         }
 
         Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
 
         if (userOpt == null || userOpt.isEmpty()) {
-            return new RedirectView("/account?messageType=userNotFound");
+            return new RedirectView("/account?messageType=userNotFound", true);
         }
 
         User user = userOpt.get();
 
         if (!userService.isPasswordCorrect(user, currentPassword)) {
-            return new RedirectView("/account?messageType=incorrectPassword");
+            return new RedirectView("/account?messageType=incorrectPassword", true);
         }
 
         userService.changePassword(user, newPassword);
@@ -164,7 +171,7 @@ public class UserController {
         // Logout using Spring's utility
         new SecurityContextLogoutHandler().logout(request, response, null);
 
-        return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED);
+        return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED, true);
     }
 
     @PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
@@ -197,7 +204,7 @@ public class UserController {
                     boolean forceChange) {
 
         if (!userService.isUsernameValid(username)) {
-            return new RedirectView("/addUsers?messageType=invalidUsername");
+            return new RedirectView("/addUsers?messageType=invalidUsername", true);
         }
 
         Optional<User> userOpt = userService.findByUsernameIgnoreCase(username);
@@ -205,26 +212,67 @@ public class UserController {
         if (userOpt.isPresent()) {
             User user = userOpt.get();
             if (user != null && user.getUsername().equalsIgnoreCase(username)) {
-                return new RedirectView("/addUsers?messageType=usernameExists");
+                return new RedirectView("/addUsers?messageType=usernameExists", true);
             }
         }
         if (userService.usernameExistsIgnoreCase(username)) {
-            return new RedirectView("/addUsers?messageType=usernameExists");
+            return new RedirectView("/addUsers?messageType=usernameExists", true);
         }
         try {
             // Validate the role
             Role roleEnum = Role.fromString(role);
             if (roleEnum == Role.INTERNAL_API_USER) {
                 // If the role is INTERNAL_API_USER, reject the request
-                return new RedirectView("/addUsers?messageType=invalidRole");
+                return new RedirectView("/addUsers?messageType=invalidRole", true);
             }
         } catch (IllegalArgumentException e) {
             // If the role ID is not valid, redirect with an error message
-            return new RedirectView("/addUsers?messageType=invalidRole");
+            return new RedirectView("/addUsers?messageType=invalidRole", true);
         }
 
         userService.saveUser(username, password, role, forceChange);
-        return new RedirectView("/addUsers"); // Redirect to account page after adding the user
+        return new RedirectView(
+                "/addUsers", true); // Redirect to account page after adding the user
+    }
+
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    @PostMapping("/admin/changeRole")
+    public RedirectView changeRole(
+            @RequestParam(name = "username") String username,
+            @RequestParam(name = "role") String role,
+            Authentication authentication) {
+
+        Optional<User> userOpt = userService.findByUsernameIgnoreCase(username);
+
+        if (!userOpt.isPresent()) {
+            return new RedirectView("/addUsers?messageType=userNotFound", true);
+        }
+        if (!userService.usernameExistsIgnoreCase(username)) {
+            return new RedirectView("/addUsers?messageType=userNotFound", true);
+        }
+        // Get the currently authenticated username
+        String currentUsername = authentication.getName();
+
+        // Check if the provided username matches the current session's username
+        if (currentUsername.equalsIgnoreCase(username)) {
+            return new RedirectView("/addUsers?messageType=downgradeCurrentUser", true);
+        }
+        try {
+            // Validate the role
+            Role roleEnum = Role.fromString(role);
+            if (roleEnum == Role.INTERNAL_API_USER) {
+                // If the role is INTERNAL_API_USER, reject the request
+                return new RedirectView("/addUsers?messageType=invalidRole", true);
+            }
+        } catch (IllegalArgumentException e) {
+            // If the role ID is not valid, redirect with an error message
+            return new RedirectView("/addUsers?messageType=invalidRole", true);
+        }
+        User user = userOpt.get();
+
+        userService.changeRole(user, role);
+        return new RedirectView(
+                "/addUsers", true); // Redirect to account page after adding the user
     }
 
     @PreAuthorize("hasRole('ROLE_ADMIN')")
@@ -233,7 +281,7 @@ public class UserController {
             @PathVariable(name = "username") String username, Authentication authentication) {
 
         if (!userService.usernameExistsIgnoreCase(username)) {
-            return new RedirectView("/addUsers?messageType=deleteUsernameExists");
+            return new RedirectView("/addUsers?messageType=deleteUsernameExists", true);
         }
 
         // Get the currently authenticated username
@@ -241,11 +289,11 @@ public class UserController {
 
         // Check if the provided username matches the current session's username
         if (currentUsername.equalsIgnoreCase(username)) {
-            return new RedirectView("/addUsers?messageType=deleteCurrentUser");
+            return new RedirectView("/addUsers?messageType=deleteCurrentUser", true);
         }
         invalidateUserSessions(username);
         userService.deleteUser(username);
-        return new RedirectView("/addUsers");
+        return new RedirectView("/addUsers", true);
     }
 
     @Autowired private SessionRegistry sessionRegistry;

src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java

@@ -6,10 +6,6 @@ import java.net.URLConnection;
 import org.apache.pdfbox.rendering.ImageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.core.io.ByteArrayResource;
-import org.springframework.core.io.Resource;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -39,8 +35,8 @@ public class ConvertImgPDFController {
             summary = "Convert PDF to image(s)",
             description =
                     "This endpoint converts a PDF file to image(s) with the specified image format, color type, and DPI. Users can choose to get a single image or multiple images.  Input:PDF Output:Image Type:SI-Conditional")
-    public ResponseEntity<Resource> convertToImage(@ModelAttribute ConvertToImageRequest request)
-            throws IOException {
+    public ResponseEntity<byte[]> convertToImage(@ModelAttribute ConvertToImageRequest request)
+            throws NumberFormatException, Exception {
         MultipartFile file = request.getFileInput();
         String imageFormat = request.getImageFormat();
         String singleOrMultiple = request.getSingleOrMultiple();
@@ -60,38 +56,27 @@ public class ConvertImgPDFController {
         String filename =
                 Filenames.toSimpleFileName(file.getOriginalFilename())
                         .replaceFirst("[.][^.]+$", "");
-        try {
-            result =
-                    PdfUtils.convertFromPdf(
-                            pdfBytes,
-                            imageFormat.toUpperCase(),
-                            colorTypeResult,
-                            singleImage,
-                            Integer.valueOf(dpi),
-                            filename);
-        } catch (IOException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (Exception e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
+
+        result =
+                PdfUtils.convertFromPdf(
+                        pdfBytes,
+                        imageFormat.toUpperCase(),
+                        colorTypeResult,
+                        singleImage,
+                        Integer.valueOf(dpi),
+                        filename);
+
+        if (result == null || result.length == 0) {
+            logger.error("resultant bytes for {} is null, error converting ", filename);
         }
         if (singleImage) {
-            HttpHeaders headers = new HttpHeaders();
-            headers.setContentType(MediaType.parseMediaType(getMediaType(imageFormat)));
-            ResponseEntity<Resource> response =
-                    new ResponseEntity<>(new ByteArrayResource(result), headers, HttpStatus.OK);
-            return response;
+            String docName = filename + "." + imageFormat;
+            MediaType mediaType = MediaType.parseMediaType(getMediaType(imageFormat));
+            return WebResponseUtils.bytesToWebResponse(result, docName, mediaType);
         } else {
-            ByteArrayResource resource = new ByteArrayResource(result);
-            // return the Resource in the response
-            return ResponseEntity.ok()
-                    .header(
-                            HttpHeaders.CONTENT_DISPOSITION,
-                            "attachment; filename=" + filename + "_convertedToImages.zip")
-                    .contentType(MediaType.APPLICATION_OCTET_STREAM)
-                    .contentLength(resource.contentLength())
-                    .body(resource);
+            String zipFilename = filename + "_convertedToImages.zip";
+            return WebResponseUtils.bytesToWebResponse(
+                    result, zipFilename, MediaType.APPLICATION_OCTET_STREAM);
         }
     }
 

src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java

@@ -3,7 +3,6 @@ package stirling.software.SPDF.controller.api.converters;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -41,34 +40,35 @@ public class ConvertOfficeController {
         // Save the uploaded file to a temporary location
         Path tempInputFile =
                 Files.createTempFile("input_", "." + FilenameUtils.getExtension(originalFilename));
-        Files.copy(inputFile.getInputStream(), tempInputFile, StandardCopyOption.REPLACE_EXISTING);
+        inputFile.transferTo(tempInputFile);
 
         // Prepare the output file path
         Path tempOutputFile = Files.createTempFile("output_", ".pdf");
 
-        // Run the LibreOffice command
-        List<String> command =
-                new ArrayList<>(
-                        Arrays.asList(
-                                "unoconv",
-                                "-vvv",
-                                "-f",
-                                "pdf",
-                                "-o",
-                                tempOutputFile.toString(),
-                                tempInputFile.toString()));
-        ProcessExecutorResult returnCode =
-                ProcessExecutor.getInstance(ProcessExecutor.Processes.LIBRE_OFFICE)
-                        .runCommandWithOutputHandling(command);
+        try {
+            // Run the LibreOffice command
+            List<String> command =
+                    new ArrayList<>(
+                            Arrays.asList(
+                                    "unoconv",
+                                    "-vvv",
+                                    "-f",
+                                    "pdf",
+                                    "-o",
+                                    tempOutputFile.toString(),
+                                    tempInputFile.toString()));
+            ProcessExecutorResult returnCode =
+                    ProcessExecutor.getInstance(ProcessExecutor.Processes.LIBRE_OFFICE)
+                            .runCommandWithOutputHandling(command);
 
-        // Read the converted PDF file
-        byte[] pdfBytes = Files.readAllBytes(tempOutputFile);
-
-        // Clean up the temporary files
-        Files.delete(tempInputFile);
-        Files.delete(tempOutputFile);
-
-        return pdfBytes;
+            // Read the converted PDF file
+            byte[] pdfBytes = Files.readAllBytes(tempOutputFile);
+            return pdfBytes;
+        } finally {
+            // Clean up the temporary files
+            if (tempInputFile != null) Files.deleteIfExists(tempInputFile);
+            Files.deleteIfExists(tempOutputFile);
+        }
     }
 
     private boolean isValidFileExtension(String fileExtension) {

src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToPDFA.java

@@ -1,10 +1,22 @@
 package stirling.software.SPDF.controller.api.converters;
 
+import java.io.ByteArrayOutputStream;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.stream.Collectors;
 
+import org.apache.pdfbox.Loader;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
+import org.apache.pdfbox.pdmodel.interactive.form.PDAcroForm;
+import org.apache.pdfbox.pdmodel.interactive.form.PDField;
+import org.apache.pdfbox.pdmodel.interactive.form.PDSignatureField;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -26,6 +38,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
 @Tag(name = "Convert", description = "Convert APIs")
 public class ConvertPDFToPDFA {
 
+    private static final Logger logger = LoggerFactory.getLogger(ConvertPDFToPDFA.class);
+
     @PostMapping(consumes = "multipart/form-data", value = "/pdf/pdfa")
     @Operation(
             summary = "Convert a PDF to a PDF/A",
@@ -36,9 +50,39 @@ public class ConvertPDFToPDFA {
         MultipartFile inputFile = request.getFileInput();
         String outputFormat = request.getOutputFormat();
 
-        // Save the uploaded file to a temporary location
+        // Convert MultipartFile to byte[]
+        byte[] pdfBytes = inputFile.getBytes();
+
+        // Load the PDF document
+        PDDocument document = Loader.loadPDF(pdfBytes);
+
+        // Get the document catalog
+        PDDocumentCatalog catalog = document.getDocumentCatalog();
+
+        // Get the AcroForm
+        PDAcroForm acroForm = catalog.getAcroForm();
+        if (acroForm != null) {
+            // Remove signature fields safely
+            List<PDField> fieldsToRemove =
+                    acroForm.getFields().stream()
+                            .filter(field -> field instanceof PDSignatureField)
+                            .collect(Collectors.toList());
+
+            if (!fieldsToRemove.isEmpty()) {
+                acroForm.flatten(fieldsToRemove, false);
+
+                ByteArrayOutputStream baos = new ByteArrayOutputStream();
+                document.save(baos);
+                pdfBytes = baos.toByteArray();
+            }
+        }
+        document.close();
+
+        // Save the uploaded (and possibly modified) file to a temporary location
         Path tempInputFile = Files.createTempFile("input_", ".pdf");
-        inputFile.transferTo(tempInputFile.toFile());
+        try (OutputStream outputStream = new FileOutputStream(tempInputFile.toFile())) {
+            outputStream.write(pdfBytes);
+        }
 
         // Prepare the output file path
         Path tempOutputFile = Files.createTempFile("output_", ".pdf");
@@ -58,17 +102,17 @@ public class ConvertPDFToPDFA {
                         .runCommandWithOutputHandling(command);
 
         // Read the optimized PDF file
-        byte[] pdfBytes = Files.readAllBytes(tempOutputFile);
+        byte[] optimizedPdfBytes = Files.readAllBytes(tempOutputFile);
 
         // Clean up the temporary files
-        Files.delete(tempInputFile);
-        Files.delete(tempOutputFile);
+        Files.deleteIfExists(tempInputFile);
+        Files.deleteIfExists(tempOutputFile);
 
         // Return the optimized PDF as a response
         String outputFilename =
                 Filenames.toSimpleFileName(inputFile.getOriginalFilename())
                                 .replaceFirst("[.][^.]+$", "")
                         + "_PDFA.pdf";
-        return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename);
+        return WebResponseUtils.bytesToWebResponse(optimizedPdfBytes, outputFilename);
     }
 }

src/main/java/stirling/software/SPDF/controller/api/converters/ConvertWebsiteToPDF.java

@@ -59,7 +59,7 @@ public class ConvertWebsiteToPDF {
             pdfBytes = Files.readAllBytes(tempOutputFile);
         } finally {
             // Clean up the temporary files
-            Files.delete(tempOutputFile);
+            Files.deleteIfExists(tempOutputFile);
         }
         // Convert URL to a safe filename
         String outputFilename = convertURLToFileName(URL);

src/main/java/stirling/software/SPDF/controller/api/misc/AutoSplitPdfController.java

@@ -15,6 +15,8 @@ import java.util.zip.ZipOutputStream;
 import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.rendering.PDFRenderer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -43,6 +45,7 @@ import stirling.software.SPDF.utils.WebResponseUtils;
 @Tag(name = "Misc", description = "Miscellaneous APIs")
 public class AutoSplitPdfController {
 
+    private static final Logger logger = LoggerFactory.getLogger(AutoSplitPdfController.class);
     private static final String QR_CONTENT = "https://github.com/Stirling-Tools/Stirling-PDF";
     private static final String QR_CONTENT_OLD = "https://github.com/Frooodle/Stirling-PDF";
 
@@ -115,10 +118,10 @@ public class AutoSplitPdfController {
                 zipOut.closeEntry();
             }
         } catch (Exception e) {
-            e.printStackTrace();
+            logger.error("exception", e);
         } finally {
             data = Files.readAllBytes(zipFile);
-            Files.delete(zipFile);
+            Files.deleteIfExists(zipFile);
         }
 
         return WebResponseUtils.bytesToWebResponse(

src/main/java/stirling/software/SPDF/controller/api/misc/BlankPageController.java

@@ -67,7 +67,7 @@ public class BlankPageController {
                 String pageText = textStripper.getText(document);
                 boolean hasText = !pageText.trim().isEmpty();
 
-                Boolean blank = false;
+                Boolean blank = true;
                 if (hasText) {
                     logger.info("page " + pageIndex + " has text, not blank");
                     blank = false;
@@ -106,7 +106,7 @@ public class BlankPageController {
                                     .replaceFirst("[.][^.]+$", "")
                             + "_blanksRemoved.pdf");
         } catch (IOException e) {
-            e.printStackTrace();
+            logger.error("exception", e);
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
         } finally {
             if (document != null) document.close();

src/main/java/stirling/software/SPDF/controller/api/misc/CompressController.java

@@ -136,10 +136,10 @@ public class CompressController {
                     // Increase optimization level for next iteration
                     optimizeLevel++;
                     if (autoMode && optimizeLevel > 4) {
-                        System.out.println("Skipping level 5 due to bad results in auto mode");
+                        logger.info("Skipping level 5 due to bad results in auto mode");
                         sizeMet = true;
                     } else {
-                        System.out.println(
+                        logger.info(
                                 "Increasing ghostscript optimisation level to " + optimizeLevel);
                     }
                 }
@@ -230,10 +230,10 @@ public class CompressController {
                             if (currentSize > expectedOutputSize) {
                                 // Log the current file size and scaleFactor
 
-                                System.out.println(
+                                logger.info(
                                         "Current file size: "
                                                 + FileUtils.byteCountToDisplaySize(currentSize));
-                                System.out.println("Current scale factor: " + scaleFactor);
+                                logger.info("Current scale factor: " + scaleFactor);
 
                                 // The file is still too large, reduce scaleFactor and try again
                                 scaleFactor *= 0.9f; // reduce scaleFactor by 10%
@@ -256,7 +256,6 @@ public class CompressController {
                     }
                 }
             }
-
             // Read the optimized PDF file
             pdfBytes = Files.readAllBytes(tempOutputFile);
 
@@ -269,17 +268,18 @@ public class CompressController {
                 // Read the original file again
                 pdfBytes = Files.readAllBytes(tempInputFile);
             }
+            // Return the optimized PDF as a response
+            String outputFilename =
+                    Filenames.toSimpleFileName(inputFile.getOriginalFilename())
+                                    .replaceFirst("[.][^.]+$", "")
+                            + "_Optimized.pdf";
+            return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename);
+
         } finally {
             // Clean up the temporary files
-            Files.delete(tempInputFile);
-            Files.delete(tempOutputFile);
+            // deleted by multipart file handler deu to transferTo?
+            // Files.deleteIfExists(tempInputFile);
+            Files.deleteIfExists(tempOutputFile);
         }
-
-        // Return the optimized PDF as a response
-        String outputFilename =
-                Filenames.toSimpleFileName(inputFile.getOriginalFilename())
-                                .replaceFirst("[.][^.]+$", "")
-                        + "_Optimized.pdf";
-        return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename);
     }
 }

src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImageScansController.java

@@ -5,7 +5,6 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -103,10 +102,7 @@ public class ExtractImageScansController {
                 }
             } else {
                 tempInputFile = Files.createTempFile("input_", "." + extension);
-                Files.copy(
-                        form.getFileInput().getInputStream(),
-                        tempInputFile,
-                        StandardCopyOption.REPLACE_EXISTING);
+                form.getFileInput().transferTo(tempInputFile);
                 // Add input file path to images list
                 images.add(tempInputFile.toString());
             }
@@ -176,11 +172,15 @@ public class ExtractImageScansController {
                 byte[] zipBytes = Files.readAllBytes(tempZipFile);
 
                 // Clean up the temporary zip file
-                Files.delete(tempZipFile);
+                Files.deleteIfExists(tempZipFile);
 
                 return WebResponseUtils.bytesToWebResponse(
                         zipBytes, outputZipFilename, MediaType.APPLICATION_OCTET_STREAM);
+            }
+            if (processedImageBytes.size() == 0) {
+                throw new IllegalArgumentException("No images detected");
             } else {
+
                 // Return the processed image as a response
                 byte[] imageBytes = processedImageBytes.get(0);
                 return WebResponseUtils.bytesToWebResponse(
@@ -201,7 +201,7 @@ public class ExtractImageScansController {
 
             if (tempZipFile != null && Files.exists(tempZipFile)) {
                 try {
-                    Files.delete(tempZipFile);
+                    Files.deleteIfExists(tempZipFile);
                 } catch (IOException e) {
                     logger.error("Failed to delete temporary zip file: " + tempZipFile, e);
                 }

src/main/java/stirling/software/SPDF/controller/api/misc/FakeScanControllerWIP.java

@@ -1,10 +1,14 @@
 package stirling.software.SPDF.controller.api.misc;
 
 import java.awt.AlphaComposite;
+import java.awt.BasicStroke;
 import java.awt.Color;
 import java.awt.GradientPaint;
 import java.awt.Graphics2D;
+import java.awt.RenderingHints;
 import java.awt.geom.AffineTransform;
+import java.awt.geom.Ellipse2D;
+import java.awt.geom.Path2D;
 import java.awt.image.AffineTransformOp;
 import java.awt.image.BufferedImage;
 import java.awt.image.BufferedImageOp;
@@ -33,6 +37,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 
 import io.github.pixee.security.Filenames;
+import io.swagger.v3.oas.annotations.Hidden;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
@@ -47,12 +52,13 @@ public class FakeScanControllerWIP {
 
     private static final Logger logger = LoggerFactory.getLogger(FakeScanControllerWIP.class);
 
-    //TODO
-    //@PostMapping(consumes = "multipart/form-data", value = "/fake-scan")
-    //@Operation(
-    //        summary = "Repair a PDF file",
-    //        description =
-    //                "This endpoint repairs a given PDF file by running Ghostscript command. The PDF is first saved to a temporary location, repaired, read back, and then returned as a response.")
+    // TODO finish
+    @PostMapping(consumes = "multipart/form-data", value = "/fake-scan")
+    @Hidden
+    @Operation(
+            summary = "Repair a PDF file",
+            description =
+                    "This endpoint repairs a given PDF file by running Ghostscript command. The PDF is first saved to a temporary location, repaired, read back, and then returned as a response.")
     public ResponseEntity<byte[]> fakeScan(@ModelAttribute PDFFile request) throws IOException {
         MultipartFile inputFile = request.getFileInput();
 
@@ -91,20 +97,21 @@ public class FakeScanControllerWIP {
     public BufferedImage processImage(BufferedImage image) {
         // Rotation
 
-        image = rotate(image);
-        // image = softenEdges(image, 5);
-        image = applyGaussianBlur(image, 0.5);
-        addGaussianNoise(image, 0.25);
-        image = linearStretch(image);
+        image = softenEdges(image, 50);
+        image = rotate(image, 1);
 
+        image = applyGaussianBlur(image, 0.5);
+        addGaussianNoise(image, 0.5);
+        image = linearStretch(image);
+        addDustAndHairs(image, 3);
         return image;
     }
 
-    private BufferedImage rotate(BufferedImage image) {
+    private BufferedImage rotate(BufferedImage image, double rotation) {
 
-        double rotationRequired = Math.toRadians(1.0);
-        double locationX = image.getWidth() / 2;
-        double locationY = image.getHeight() / 2;
+        double rotationRequired = Math.toRadians(rotation);
+        double locationX = (double) image.getWidth() / 2;
+        double locationY = (double) image.getHeight() / 2;
         AffineTransform tx =
                 AffineTransform.getRotateInstance(rotationRequired, locationX, locationY);
         AffineTransformOp op = new AffineTransformOp(tx, AffineTransformOp.TYPE_BICUBIC);
@@ -120,8 +127,8 @@ public class FakeScanControllerWIP {
 
         for (int i = -radius; i <= radius; i++) {
             for (int j = -radius; j <= radius; j++) {
-                double xDistance = i * i;
-                double yDistance = j * j;
+                double xDistance = (double) i * i;
+                double yDistance = (double) j * j;
                 double g = Math.exp(-(xDistance + yDistance) / (2 * sigma * sigma));
                 data[(i + radius) * size + j + radius] = (float) g;
                 sum += g;
@@ -130,7 +137,7 @@ public class FakeScanControllerWIP {
 
         // Normalize the kernel
         for (int i = 0; i < data.length; i++) {
-            data[i] /= sum;
+            if (sum != 0) data[i] /= sum;
         }
 
         Kernel kernel = new Kernel(size, size, data);
@@ -144,39 +151,106 @@ public class FakeScanControllerWIP {
         BufferedImage output = new BufferedImage(width, height, BufferedImage.TYPE_INT_ARGB);
 
         Graphics2D g2 = output.createGraphics();
+        g2.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);
+        g2.setRenderingHint(RenderingHints.KEY_RENDERING, RenderingHints.VALUE_RENDER_QUALITY);
+        g2.setRenderingHint(
+                RenderingHints.KEY_INTERPOLATION, RenderingHints.VALUE_INTERPOLATION_BICUBIC);
+
         g2.drawImage(image, 0, 0, null);
         g2.setComposite(AlphaComposite.DstIn);
-        g2.setPaint(
-                new GradientPaint(
-                        0, 0, new Color(0, 0, 0, 1f), 0, featherRadius, new Color(0, 0, 0, 0f)));
-        g2.fillRect(0, 0, width, featherRadius); // top edge
+
+        // Top edge
         g2.setPaint(
                 new GradientPaint(
                         0,
-                        height - featherRadius,
+                        0,
+                        new Color(0, 0, 0, 1f),
+                        0,
+                        featherRadius * 2f,
+                        new Color(0, 0, 0, 0f)));
+        g2.fillRect(0, 0, width, featherRadius);
+
+        // Bottom edge
+        g2.setPaint(
+                new GradientPaint(
+                        0,
+                        height - featherRadius * 2f,
                         new Color(0, 0, 0, 0f),
                         0,
                         height,
                         new Color(0, 0, 0, 1f)));
-        g2.fillRect(0, height - featherRadius, width, featherRadius); // bottom edge
+        g2.fillRect(0, height - featherRadius, width, featherRadius);
+
+        // Left edge
         g2.setPaint(
                 new GradientPaint(
-                        0, 0, new Color(0, 0, 0, 1f), featherRadius, 0, new Color(0, 0, 0, 0f)));
-        g2.fillRect(0, 0, featherRadius, height); // left edge
+                        0,
+                        0,
+                        new Color(0, 0, 0, 1f),
+                        featherRadius * 2f,
+                        0,
+                        new Color(0, 0, 0, 0f)));
+        g2.fillRect(0, 0, featherRadius, height);
+
+        // Right edge
         g2.setPaint(
                 new GradientPaint(
-                        width - featherRadius,
+                        width - featherRadius * 2f,
                         0,
                         new Color(0, 0, 0, 0f),
                         width,
                         0,
                         new Color(0, 0, 0, 1f)));
-        g2.fillRect(width - featherRadius, 0, featherRadius, height); // right edge
+        g2.fillRect(width - featherRadius, 0, featherRadius, height);
+
         g2.dispose();
 
         return output;
     }
 
+    private void addDustAndHairs(BufferedImage image, float intensity) {
+        int width = image.getWidth();
+        int height = image.getHeight();
+        Graphics2D g2d = image.createGraphics();
+        Random random = new SecureRandom();
+
+        // Set rendering hints for better quality
+        g2d.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);
+
+        // Calculate the number of artifacts based on intensity
+        int numSpots = (int) (intensity * 10);
+        int numHairs = (int) (intensity * 20);
+
+        // Add spots with more variable sizes
+        g2d.setColor(new Color(100, 100, 100, 50)); // Semi-transparent gray
+        for (int i = 0; i < numSpots; i++) {
+            int x = random.nextInt(width);
+            int y = random.nextInt(height);
+            int ovalSize = 1 + random.nextInt(3); // Base size + variable component
+            if (random.nextFloat() > 0.9) {
+                // 10% chance to get a larger spot
+                ovalSize += random.nextInt(3);
+            }
+            g2d.fill(new Ellipse2D.Double(x, y, ovalSize, ovalSize));
+        }
+
+        // Add hairs
+        g2d.setStroke(new BasicStroke(0.5f)); // Thin stroke for hairs
+        g2d.setColor(new Color(80, 80, 80, 40)); // Slightly lighter and more transparent
+        for (int i = 0; i < numHairs; i++) {
+            int x1 = random.nextInt(width);
+            int y1 = random.nextInt(height);
+            int x2 = x1 + random.nextInt(20) - 10; // Random length and direction
+            int y2 = y1 + random.nextInt(20) - 10;
+            Path2D.Double hair = new Path2D.Double();
+            hair.moveTo(x1, y1);
+            hair.curveTo(x1, y1, (double) (x1 + x2) / 2, (double) (y1 + y2) / 2, x2, y2);
+            g2d.draw(hair);
+        }
+
+        g2d.dispose();
+    }
+
     private void addGaussianNoise(BufferedImage image, double strength) {
         Random rand = new SecureRandom();
         int width = image.getWidth();

src/main/java/stirling/software/SPDF/controller/api/misc/FlattenController.java

@@ -0,0 +1,88 @@
+package stirling.software.SPDF.controller.api.misc;
+
+import java.awt.image.BufferedImage;
+import java.io.IOException;
+
+import org.apache.pdfbox.Loader;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.apache.pdfbox.pdmodel.PDPageContentStream;
+import org.apache.pdfbox.pdmodel.graphics.image.JPEGFactory;
+import org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject;
+import org.apache.pdfbox.pdmodel.interactive.form.PDAcroForm;
+import org.apache.pdfbox.rendering.ImageType;
+import org.apache.pdfbox.rendering.PDFRenderer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.MultipartFile;
+
+import io.github.pixee.security.Filenames;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import stirling.software.SPDF.model.PdfMetadata;
+import stirling.software.SPDF.model.api.misc.FlattenRequest;
+import stirling.software.SPDF.utils.PdfUtils;
+import stirling.software.SPDF.utils.WebResponseUtils;
+
+@RestController
+@RequestMapping("/api/v1/misc")
+@Tag(name = "Misc", description = "Miscellaneous APIs")
+public class FlattenController {
+
+    private static final Logger logger = LoggerFactory.getLogger(FlattenController.class);
+
+    @PostMapping(consumes = "multipart/form-data", value = "/flatten")
+    @Operation(
+            summary = "Flatten PDF form fields or full page",
+            description =
+                    "Flattening just PDF form fields or converting each page to images to make text unselectable. Input: PDF, Output: PDF. Type: SISO")
+    public ResponseEntity<byte[]> flatten(@ModelAttribute FlattenRequest request) throws Exception {
+        MultipartFile file = request.getFileInput();
+
+        PDDocument document = Loader.loadPDF(file.getBytes());
+        PdfMetadata metadata = PdfUtils.extractMetadataFromPdf(document);
+        Boolean flattenOnlyForms = request.getFlattenOnlyForms();
+
+        if (Boolean.TRUE.equals(flattenOnlyForms)) {
+            PDAcroForm acroForm = document.getDocumentCatalog().getAcroForm();
+            if (acroForm != null) {
+                acroForm.flatten();
+            }
+            return WebResponseUtils.pdfDocToWebResponse(
+                    document, Filenames.toSimpleFileName(file.getOriginalFilename()));
+        } else {
+            // flatten whole page aka convert each page to image and readd it (making text
+            // unselectable)
+            PDFRenderer pdfRenderer = new PDFRenderer(document);
+            PDDocument newDocument = new PDDocument();
+            int numPages = document.getNumberOfPages();
+            for (int i = 0; i < numPages; i++) {
+                try {
+                    BufferedImage image = pdfRenderer.renderImageWithDPI(i, 300, ImageType.RGB);
+                    PDPage page = new PDPage();
+                    page.setMediaBox(document.getPage(i).getMediaBox());
+                    newDocument.addPage(page);
+                    try (PDPageContentStream contentStream =
+                            new PDPageContentStream(newDocument, page)) {
+                        PDImageXObject pdImage = JPEGFactory.createFromImage(newDocument, image);
+                        float pageWidth = page.getMediaBox().getWidth();
+                        float pageHeight = page.getMediaBox().getHeight();
+
+                        contentStream.drawImage(pdImage, 0, 0, pageWidth, pageHeight);
+                    }
+                } catch (IOException e) {
+                    logger.error("exception", e);
+                }
+            }
+            PdfUtils.setMetadataToPdf(newDocument, metadata);
+            return WebResponseUtils.pdfDocToWebResponse(
+                    newDocument, Filenames.toSimpleFileName(file.getOriginalFilename()));
+        }
+    }
+}

src/main/java/stirling/software/SPDF/controller/api/misc/MetadataController.java

@@ -11,6 +11,8 @@ import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.cos.COSName;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDDocumentInformation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -30,6 +32,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
 @Tag(name = "Misc", description = "Miscellaneous APIs")
 public class MetadataController {
 
+    private static final Logger logger = LoggerFactory.getLogger(MetadataController.class);
+
     private String checkUndefined(String entry) {
         // Check if the string is "undefined"
         if ("undefined".equals(entry)) {
@@ -136,7 +140,7 @@ public class MetadataController {
                 creationDateCal.setTime(
                         new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse(creationDate));
             } catch (ParseException e) {
-                e.printStackTrace();
+                logger.error("exception", e);
             }
             info.setCreationDate(creationDateCal);
         } else {
@@ -148,7 +152,7 @@ public class MetadataController {
                 modificationDateCal.setTime(
                         new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse(modificationDate));
             } catch (ParseException e) {
-                e.printStackTrace();
+                logger.error("exception", e);
             }
             info.setModificationDate(modificationDateCal);
         } else {

src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java

@@ -5,7 +5,6 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -91,139 +90,145 @@ public class OCRController {
         }
         // Save the uploaded file to a temporary location
         Path tempInputFile = Files.createTempFile("input_", ".pdf");
-        Files.copy(inputFile.getInputStream(), tempInputFile, StandardCopyOption.REPLACE_EXISTING);
-
-        // Prepare the output file path
         Path tempOutputFile = Files.createTempFile("output_", ".pdf");
-
-        // Prepare the output file path
         Path sidecarTextPath = null;
 
-        // Run OCR Command
-        String languageOption = String.join("+", selectedLanguages);
+        try {
+            inputFile.transferTo(tempInputFile.toFile());
 
-        List<String> command =
-                new ArrayList<>(
-                        Arrays.asList(
-                                "ocrmypdf",
-                                "--verbose",
-                                "2",
-                                "--output-type",
-                                "pdf",
-                                "--pdf-renderer",
-                                ocrRenderType));
+            // Run OCR Command
+            String languageOption = String.join("+", selectedLanguages);
 
-        if (sidecar != null && sidecar) {
-            sidecarTextPath = Files.createTempFile("sidecar", ".txt");
-            command.add("--sidecar");
-            command.add(sidecarTextPath.toString());
-        }
-
-        if (deskew != null && deskew) {
-            command.add("--deskew");
-        }
-        if (clean != null && clean) {
-            command.add("--clean");
-        }
-        if (cleanFinal != null && cleanFinal) {
-            command.add("--clean-final");
-        }
-        if (ocrType != null && !"".equals(ocrType)) {
-            if ("skip-text".equals(ocrType)) {
-                command.add("--skip-text");
-            } else if ("force-ocr".equals(ocrType)) {
-                command.add("--force-ocr");
-            } else if ("Normal".equals(ocrType)) {
+            List<String> command =
+                    new ArrayList<>(
+                            Arrays.asList(
+                                    "ocrmypdf",
+                                    "--verbose",
+                                    "2",
+                                    "--output-type",
+                                    "pdf",
+                                    "--pdf-renderer",
+                                    ocrRenderType));
 
+            if (sidecar != null && sidecar) {
+                sidecarTextPath = Files.createTempFile("sidecar", ".txt");
+                command.add("--sidecar");
+                command.add(sidecarTextPath.toString());
             }
-        }
 
-        command.addAll(
-                Arrays.asList(
-                        "--language",
-                        languageOption,
-                        tempInputFile.toString(),
-                        tempOutputFile.toString()));
+            if (deskew != null && deskew) {
+                command.add("--deskew");
+            }
+            if (clean != null && clean) {
+                command.add("--clean");
+            }
+            if (cleanFinal != null && cleanFinal) {
+                command.add("--clean-final");
+            }
+            if (ocrType != null && !"".equals(ocrType)) {
+                if ("skip-text".equals(ocrType)) {
+                    command.add("--skip-text");
+                } else if ("force-ocr".equals(ocrType)) {
+                    command.add("--force-ocr");
+                } else if ("Normal".equals(ocrType)) {
 
-        // Run CLI command
-        ProcessExecutorResult result =
-                ProcessExecutor.getInstance(ProcessExecutor.Processes.OCR_MY_PDF)
-                        .runCommandWithOutputHandling(command);
-        if (result.getRc() != 0
-                && result.getMessages().contains("multiprocessing/synchronize.py")
-                && result.getMessages().contains("OSError: [Errno 38] Function not implemented")) {
-            command.add("--jobs");
-            command.add("1");
-            result =
+                }
+            }
+
+            command.addAll(
+                    Arrays.asList(
+                            "--language",
+                            languageOption,
+                            tempInputFile.toString(),
+                            tempOutputFile.toString()));
+
+            // Run CLI command
+            ProcessExecutorResult result =
                     ProcessExecutor.getInstance(ProcessExecutor.Processes.OCR_MY_PDF)
                             .runCommandWithOutputHandling(command);
-        }
-
-        // Remove images from the OCR processed PDF if the flag is set to true
-        if (removeImagesAfter != null && removeImagesAfter) {
-            Path tempPdfWithoutImages = Files.createTempFile("output_", "_no_images.pdf");
-
-            List<String> gsCommand =
-                    Arrays.asList(
-                            "gs",
-                            "-sDEVICE=pdfwrite",
-                            "-dFILTERIMAGE",
-                            "-o",
-                            tempPdfWithoutImages.toString(),
-                            tempOutputFile.toString());
-
-            ProcessExecutor.getInstance(ProcessExecutor.Processes.GHOSTSCRIPT)
-                    .runCommandWithOutputHandling(gsCommand);
-            tempOutputFile = tempPdfWithoutImages;
-        }
-        // Read the OCR processed PDF file
-        byte[] pdfBytes = Files.readAllBytes(tempOutputFile);
-        // Clean up the temporary files
-        Files.delete(tempInputFile);
-
-        // Return the OCR processed PDF as a response
-        String outputFilename =
-                Filenames.toSimpleFileName(inputFile.getOriginalFilename())
-                                .replaceFirst("[.][^.]+$", "")
-                        + "_OCR.pdf";
-
-        if (sidecar != null && sidecar) {
-            // Create a zip file containing both the PDF and the text file
-            String outputZipFilename =
-                    Filenames.toSimpleFileName(inputFile.getOriginalFilename())
-                                    .replaceFirst("[.][^.]+$", "")
-                            + "_OCR.zip";
-            Path tempZipFile = Files.createTempFile("output_", ".zip");
-
-            try (ZipOutputStream zipOut =
-                    new ZipOutputStream(new FileOutputStream(tempZipFile.toFile()))) {
-                // Add PDF file to the zip
-                ZipEntry pdfEntry = new ZipEntry(outputFilename);
-                zipOut.putNextEntry(pdfEntry);
-                Files.copy(tempOutputFile, zipOut);
-                zipOut.closeEntry();
-
-                // Add text file to the zip
-                ZipEntry txtEntry = new ZipEntry(outputFilename.replace(".pdf", ".txt"));
-                zipOut.putNextEntry(txtEntry);
-                Files.copy(sidecarTextPath, zipOut);
-                zipOut.closeEntry();
+            if (result.getRc() != 0
+                    && result.getMessages().contains("multiprocessing/synchronize.py")
+                    && result.getMessages()
+                            .contains("OSError: [Errno 38] Function not implemented")) {
+                command.add("--jobs");
+                command.add("1");
+                result =
+                        ProcessExecutor.getInstance(ProcessExecutor.Processes.OCR_MY_PDF)
+                                .runCommandWithOutputHandling(command);
             }
 
-            byte[] zipBytes = Files.readAllBytes(tempZipFile);
+            // Remove images from the OCR processed PDF if the flag is set to true
+            if (removeImagesAfter != null && removeImagesAfter) {
+                Path tempPdfWithoutImages = Files.createTempFile("output_", "_no_images.pdf");
 
-            // Clean up the temporary zip file
-            Files.delete(tempZipFile);
-            Files.delete(tempOutputFile);
-            Files.delete(sidecarTextPath);
+                List<String> gsCommand =
+                        Arrays.asList(
+                                "gs",
+                                "-sDEVICE=pdfwrite",
+                                "-dFILTERIMAGE",
+                                "-o",
+                                tempPdfWithoutImages.toString(),
+                                tempOutputFile.toString());
+
+                ProcessExecutor.getInstance(ProcessExecutor.Processes.GHOSTSCRIPT)
+                        .runCommandWithOutputHandling(gsCommand);
+                tempOutputFile = tempPdfWithoutImages;
+            }
+            // Read the OCR processed PDF file
+            byte[] pdfBytes = Files.readAllBytes(tempOutputFile);
 
-            // Return the zip file containing both the PDF and the text file
-            return WebResponseUtils.bytesToWebResponse(
-                    zipBytes, outputZipFilename, MediaType.APPLICATION_OCTET_STREAM);
-        } else {
             // Return the OCR processed PDF as a response
-            Files.delete(tempOutputFile);
-            return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename);
+            String outputFilename =
+                    Filenames.toSimpleFileName(inputFile.getOriginalFilename())
+                                    .replaceFirst("[.][^.]+$", "")
+                            + "_OCR.pdf";
+
+            if (sidecar != null && sidecar) {
+                // Create a zip file containing both the PDF and the text file
+                String outputZipFilename =
+                        Filenames.toSimpleFileName(inputFile.getOriginalFilename())
+                                        .replaceFirst("[.][^.]+$", "")
+                                + "_OCR.zip";
+                Path tempZipFile = Files.createTempFile("output_", ".zip");
+
+                try (ZipOutputStream zipOut =
+                        new ZipOutputStream(new FileOutputStream(tempZipFile.toFile()))) {
+                    // Add PDF file to the zip
+                    ZipEntry pdfEntry = new ZipEntry(outputFilename);
+                    zipOut.putNextEntry(pdfEntry);
+                    Files.copy(tempOutputFile, zipOut);
+                    zipOut.closeEntry();
+
+                    // Add text file to the zip
+                    ZipEntry txtEntry = new ZipEntry(outputFilename.replace(".pdf", ".txt"));
+                    zipOut.putNextEntry(txtEntry);
+                    Files.copy(sidecarTextPath, zipOut);
+                    zipOut.closeEntry();
+                }
+
+                byte[] zipBytes = Files.readAllBytes(tempZipFile);
+
+                // Clean up the temporary zip file
+                Files.deleteIfExists(tempZipFile);
+                Files.deleteIfExists(tempOutputFile);
+                Files.deleteIfExists(sidecarTextPath);
+
+                // Return the zip file containing both the PDF and the text file
+                return WebResponseUtils.bytesToWebResponse(
+                        zipBytes, outputZipFilename, MediaType.APPLICATION_OCTET_STREAM);
+            } else {
+                // Return the OCR processed PDF as a response
+                Files.deleteIfExists(tempOutputFile);
+                return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename);
+            }
+        } finally {
+            // Clean up the temporary files
+            Files.deleteIfExists(tempOutputFile);
+            // Comment out as transferTo makes multipart handle cleanup
+            // Files.deleteIfExists(tempInputFile);
+            if (sidecarTextPath != null) {
+                Files.deleteIfExists(sidecarTextPath);
+            }
         }
     }
 }

src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java

@@ -20,12 +20,10 @@ import org.apache.pdfbox.printing.PDFPageable;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 
-import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import stirling.software.SPDF.model.api.misc.PrintFileRequest;
@@ -35,12 +33,13 @@ import stirling.software.SPDF.model.api.misc.PrintFileRequest;
 @Tag(name = "Misc", description = "Miscellaneous APIs")
 public class PrintFileController {
 
-	//TODO
-    //@PostMapping(value = "/print-file", consumes = "multipart/form-data")
-    //@Operation(
+    // TODO
+    // @PostMapping(value = "/print-file", consumes = "multipart/form-data")
+    // @Operation(
     //        summary = "Prints PDF/Image file to a set printer",
     //        description =
-    //                "Input of PDF or Image along with a printer name/URL/IP to match against to send it to (Fire and forget) Input:Any Output:N/A Type:SISO")
+    //                "Input of PDF or Image along with a printer name/URL/IP to match against to
+    // send it to (Fire and forget) Input:Any Output:N/A Type:SISO")
     public ResponseEntity<String> printFile(@ModelAttribute PrintFileRequest request)
             throws IOException {
         MultipartFile file = request.getFileInput();

src/main/java/stirling/software/SPDF/controller/api/misc/RepairController.java

@@ -41,34 +41,35 @@ public class RepairController {
         MultipartFile inputFile = request.getFileInput();
         // Save the uploaded file to a temporary location
         Path tempInputFile = Files.createTempFile("input_", ".pdf");
-        inputFile.transferTo(tempInputFile.toFile());
-
-        // Prepare the output file path
         Path tempOutputFile = Files.createTempFile("output_", ".pdf");
+        byte[] pdfBytes = null;
+        inputFile.transferTo(tempInputFile.toFile());
+        try {
 
-        List<String> command = new ArrayList<>();
-        command.add("gs");
-        command.add("-o");
-        command.add(tempOutputFile.toString());
-        command.add("-sDEVICE=pdfwrite");
-        command.add(tempInputFile.toString());
+            List<String> command = new ArrayList<>();
+            command.add("gs");
+            command.add("-o");
+            command.add(tempOutputFile.toString());
+            command.add("-sDEVICE=pdfwrite");
+            command.add(tempInputFile.toString());
 
-        ProcessExecutorResult returnCode =
-                ProcessExecutor.getInstance(ProcessExecutor.Processes.GHOSTSCRIPT)
-                        .runCommandWithOutputHandling(command);
+            ProcessExecutorResult returnCode =
+                    ProcessExecutor.getInstance(ProcessExecutor.Processes.GHOSTSCRIPT)
+                            .runCommandWithOutputHandling(command);
 
-        // Read the optimized PDF file
-        byte[] pdfBytes = Files.readAllBytes(tempOutputFile);
+            // Read the optimized PDF file
+            pdfBytes = Files.readAllBytes(tempOutputFile);
 
-        // Clean up the temporary files
-        Files.delete(tempInputFile);
-        Files.delete(tempOutputFile);
-
-        // Return the optimized PDF as a response
-        String outputFilename =
-                Filenames.toSimpleFileName(inputFile.getOriginalFilename())
-                                .replaceFirst("[.][^.]+$", "")
-                        + "_repaired.pdf";
-        return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename);
+            // Return the optimized PDF as a response
+            String outputFilename =
+                    Filenames.toSimpleFileName(inputFile.getOriginalFilename())
+                                    .replaceFirst("[.][^.]+$", "")
+                            + "_repaired.pdf";
+            return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename);
+        } finally {
+            // Clean up the temporary files
+            Files.deleteIfExists(tempInputFile);
+            Files.deleteIfExists(tempOutputFile);
+        }
     }
 }

src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java

@@ -185,10 +185,12 @@ public class StampController {
             try (InputStream is = classPathResource.getInputStream();
                     FileOutputStream os = new FileOutputStream(tempFile)) {
                 IOUtils.copy(is, os);
+                font = PDType0Font.load(document, tempFile);
+            } finally {
+                if (tempFile != null) {
+                    Files.deleteIfExists(tempFile.toPath());
+                }
             }
-
-            font = PDType0Font.load(document, tempFile);
-            tempFile.deleteOnExit();
         }
 
         contentStream.setFont(font, fontSize);

src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineDirectoryProcessor.java

@@ -19,6 +19,7 @@ import java.util.stream.Stream;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.core.io.ByteArrayResource;
 import org.springframework.core.io.Resource;
 import org.springframework.scheduling.annotation.Scheduled;
@@ -28,6 +29,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 
 import stirling.software.SPDF.model.PipelineConfig;
 import stirling.software.SPDF.model.PipelineOperation;
+import stirling.software.SPDF.utils.FileMonitor;
 
 @Service
 public class PipelineDirectoryProcessor {
@@ -35,11 +37,18 @@ public class PipelineDirectoryProcessor {
     private static final Logger logger = LoggerFactory.getLogger(PipelineDirectoryProcessor.class);
     @Autowired private ObjectMapper objectMapper;
     @Autowired private ApiDocService apiDocService;
-
-    final String watchedFoldersDir = "./pipeline/watchedFolders/";
-    final String finishedFoldersDir = "./pipeline/finishedFolders/";
-
     @Autowired PipelineProcessor processor;
+    @Autowired FileMonitor fileMonitor;
+
+    final String watchedFoldersDir;
+    final String finishedFoldersDir;
+
+    public PipelineDirectoryProcessor(
+            @Qualifier("watchedFoldersDir") String watchedFoldersDir,
+            @Qualifier("finishedFoldersDir") String finishedFoldersDir) {
+        this.watchedFoldersDir = watchedFoldersDir;
+        this.finishedFoldersDir = finishedFoldersDir;
+    }
 
     @Scheduled(fixedRate = 60000)
     public void scanFolders() {
@@ -130,7 +139,11 @@ public class PipelineDirectoryProcessor {
             throws IOException {
         try (Stream<Path> paths = Files.list(dir)) {
             if ("automated".equals(operation.getParameters().get("fileInput"))) {
-                return paths.filter(path -> !Files.isDirectory(path) && !path.equals(jsonFile))
+                return paths.filter(
+                                path ->
+                                        !Files.isDirectory(path)
+                                                && !path.equals(jsonFile)
+                                                && fileMonitor.isFileReadyForProcessing(path))
                         .map(Path::toFile)
                         .toArray(File[]::new);
             } else {

src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java

@@ -148,7 +148,7 @@ public class CertSignController {
             doc.addSignature(signature, instance);
             doc.saveIncremental(output);
         } catch (Exception e) {
-            e.printStackTrace();
+            logger.error("exception", e);
         }
     }
 

src/main/java/stirling/software/SPDF/controller/api/security/GetInfoOnPDF.java

@@ -56,6 +56,8 @@ import org.apache.xmpbox.XMPMetadata;
 import org.apache.xmpbox.xml.DomXmpParser;
 import org.apache.xmpbox.xml.XmpParsingException;
 import org.apache.xmpbox.xml.XmpSerializer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -79,6 +81,8 @@ import stirling.software.SPDF.utils.WebResponseUtils;
 @Tag(name = "Security", description = "Security APIs")
 public class GetInfoOnPDF {
 
+    private static final Logger logger = LoggerFactory.getLogger(GetInfoOnPDF.class);
+
     static ObjectMapper objectMapper = new ObjectMapper();
 
     @PostMapping(consumes = "multipart/form-data", value = "/get-info-on-pdf")
@@ -220,7 +224,7 @@ public class GetInfoOnPDF {
                             javascriptArray.add(jsNode);
                         }
                     } catch (IOException e) {
-                        e.printStackTrace();
+                        logger.error("exception", e);
                     }
                 }
             }
@@ -253,7 +257,7 @@ public class GetInfoOnPDF {
                 }
             } catch (Exception e) {
                 // TODO Auto-generated catch block
-                e.printStackTrace();
+                logger.error("exception", e);
             }
 
             boolean isPdfACompliant = checkForStandard(pdfBoxDoc, "PDF/A");
@@ -305,7 +309,7 @@ public class GetInfoOnPDF {
                     new XmpSerializer().serialize(xmpMeta, os, true);
                     xmpString = new String(os.toByteArray(), StandardCharsets.UTF_8);
                 } catch (XmpParsingException | IOException e) {
-                    e.printStackTrace();
+                    logger.error("exception", e);
                 }
             }
 
@@ -593,7 +597,7 @@ public class GetInfoOnPDF {
                     MediaType.APPLICATION_JSON);
 
         } catch (Exception e) {
-            e.printStackTrace();
+            logger.error("exception", e);
         }
         return null;
     }
@@ -691,7 +695,7 @@ public class GetInfoOnPDF {
                 Exception
                         e) { // Catching general exception for brevity, ideally you'd catch specific
             // exceptions.
-            e.printStackTrace();
+            logger.error("exception", e);
         }
 
         return false;

src/main/java/stirling/software/SPDF/controller/api/security/RemoveCertSignController.java

@@ -0,0 +1,81 @@
+package stirling.software.SPDF.controller.api.security;
+
+import java.io.ByteArrayOutputStream;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.apache.pdfbox.Loader;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
+import org.apache.pdfbox.pdmodel.interactive.form.PDAcroForm;
+import org.apache.pdfbox.pdmodel.interactive.form.PDField;
+import org.apache.pdfbox.pdmodel.interactive.form.PDSignatureField;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.MultipartFile;
+
+import io.github.pixee.security.Filenames;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import stirling.software.SPDF.model.api.PDFFile;
+import stirling.software.SPDF.utils.WebResponseUtils;
+
+@RestController
+@RequestMapping("/api/v1/security")
+@Tag(name = "Security", description = "Security APIs")
+public class RemoveCertSignController {
+
+    private static final Logger logger = LoggerFactory.getLogger(RemoveCertSignController.class);
+
+    @PostMapping(consumes = "multipart/form-data", value = "/remove-cert-sign")
+    @Operation(
+            summary = "Remove digital signature from PDF",
+            description =
+                    "This endpoint accepts a PDF file and returns the PDF file without the digital signature. Input: PDF, Output: PDF")
+    public ResponseEntity<byte[]> removeCertSignPDF(@ModelAttribute PDFFile request)
+            throws Exception {
+        MultipartFile pdf = request.getFileInput();
+
+        // Convert MultipartFile to byte[]
+        byte[] pdfBytes = pdf.getBytes();
+
+        // Create a ByteArrayOutputStream to hold the resulting PDF
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+        // Load the PDF document
+        PDDocument document = Loader.loadPDF(pdfBytes);
+
+        // Get the document catalog
+        PDDocumentCatalog catalog = document.getDocumentCatalog();
+
+        // Get the AcroForm
+        PDAcroForm acroForm = catalog.getAcroForm();
+        if (acroForm != null) {
+            // Remove signature fields safely
+            List<PDField> fieldsToRemove =
+                    acroForm.getFields().stream()
+                            .filter(field -> field instanceof PDSignatureField)
+                            .collect(Collectors.toList());
+
+            if (!fieldsToRemove.isEmpty()) {
+                acroForm.flatten(fieldsToRemove, false);
+            }
+        }
+
+        // Save the modified document to the ByteArrayOutputStream
+        document.save(baos);
+        document.close();
+
+        // Return the modified PDF as a response
+        return WebResponseUtils.boasToWebResponse(
+                baos,
+                Filenames.toSimpleFileName(pdf.getOriginalFilename()).replaceFirst("[.][^.]+$", "")
+                        + "_unsigned.pdf");
+    }
+}

src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java

@@ -150,10 +150,10 @@ public class WatermarkController {
             try (InputStream is = classPathResource.getInputStream();
                     FileOutputStream os = new FileOutputStream(tempFile)) {
                 IOUtils.copy(is, os);
+                font = PDType0Font.load(document, tempFile);
+            } finally {
+                if (tempFile != null) Files.deleteIfExists(tempFile.toPath());
             }
-
-            font = PDType0Font.load(document, tempFile);
-            tempFile.deleteOnExit();
         }
 
         contentStream.setFont(font, fontSize);

src/main/java/stirling/software/SPDF/controller/api/strippers/PDFTableStripper.java

@@ -117,7 +117,6 @@ public class PDFTableStripper extends PDFTextStripper {
     /**
      * Instantiate a new PDFTableStripper object.
      *
-     * @param document
      * @throws IOException If there is an error loading the properties.
      */
     public PDFTableStripper() throws IOException {

src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java

@@ -1,14 +1,18 @@
 package stirling.software.SPDF.controller.web;
 
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -19,6 +23,12 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import jakarta.servlet.http.HttpServletRequest;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.GithubProvider;
+import stirling.software.SPDF.model.ApplicationProperties.GoogleProvider;
+import stirling.software.SPDF.model.ApplicationProperties.KeycloakProvider;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
 import stirling.software.SPDF.model.Authority;
 import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
@@ -28,17 +38,108 @@ import stirling.software.SPDF.repository.UserRepository;
 @Tag(name = "Account Security", description = "Account Security APIs")
 public class AccountWebController {
 
+    @Autowired ApplicationProperties applicationProperties;
+    private static final Logger logger = LoggerFactory.getLogger(AccountWebController.class);
+
     @GetMapping("/login")
     public String login(HttpServletRequest request, Model model, Authentication authentication) {
         if (authentication != null && authentication.isAuthenticated()) {
             return "redirect:/";
         }
 
+        Map<String, String> providerList = new HashMap<>();
+
+        OAUTH2 oauth = applicationProperties.getSecurity().getOAUTH2();
+        if (oauth != null) {
+            if (oauth.isSettingsValid()) {
+                providerList.put("oidc", oauth.getProvider());
+            }
+            Client client = oauth.getClient();
+            if (client != null) {
+                GoogleProvider google = client.getGoogle();
+                if (google.isSettingsValid()) {
+                    providerList.put(google.getName(), google.getClientName());
+                }
+
+                GithubProvider github = client.getGithub();
+                if (github.isSettingsValid()) {
+                    providerList.put(github.getName(), github.getClientName());
+                }
+
+                KeycloakProvider keycloak = client.getKeycloak();
+                if (keycloak.isSettingsValid()) {
+                    providerList.put(keycloak.getName(), keycloak.getClientName());
+                }
+            }
+        }
+        model.addAttribute("providerlist", providerList);
+
+        model.addAttribute(
+                "oAuth2Enabled", applicationProperties.getSecurity().getOAUTH2().getEnabled());
+
         model.addAttribute("currentPage", "login");
 
-        if (request.getParameter("error") != null) {
+        String error = request.getParameter("error");
+        if (error != null) {
 
-            model.addAttribute("error", request.getParameter("error"));
+            switch (error) {
+                case "badcredentials":
+                    error = "login.invalid";
+                    break;
+                case "locked":
+                    error = "login.locked";
+                    break;
+                case "oauth2AuthenticationError":
+                    error = "userAlreadyExistsOAuthMessage";
+                    break;
+                default:
+                    break;
+            }
+
+            model.addAttribute("error", error);
+        }
+        String erroroauth = request.getParameter("erroroauth");
+        if (erroroauth != null) {
+
+            switch (erroroauth) {
+                case "oauth2AutoCreateDisabled":
+                    erroroauth = "login.oauth2AutoCreateDisabled";
+                    break;
+                case "invalidUsername":
+                    erroroauth = "login.invalid";
+                    break;
+                case "userAlreadyExistsWeb":
+                    erroroauth = "userAlreadyExistsWebMessage";
+                    break;
+                case "oauth2AuthenticationErrorWeb":
+                    erroroauth = "login.oauth2InvalidUserType";
+                    break;
+                case "invalid_token_response":
+                    erroroauth = "login.oauth2InvalidTokenResponse";
+                    break;
+                case "authorization_request_not_found":
+                    erroroauth = "login.oauth2RequestNotFound";
+                    break;
+                case "access_denied":
+                    erroroauth = "login.oauth2AccessDenied";
+                    break;
+                case "invalid_user_info_response":
+                    erroroauth = "login.oauth2InvalidUserInfoResponse";
+                    break;
+                case "invalid_request":
+                    erroroauth = "login.oauth2invalidRequest";
+                    break;
+                case "invalid_id_token":
+                    erroroauth = "login.oauth2InvalidIdToken";
+                default:
+                    break;
+            }
+
+            model.addAttribute("erroroauth", erroroauth);
+        }
+        if (request.getParameter("messageType") != null) {
+
+            model.addAttribute("messageType", "changedCredsMessage");
         }
         if (request.getParameter("logout") != null) {
 
@@ -53,7 +154,8 @@ public class AccountWebController {
 
     @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/addUsers")
-    public String showAddUserForm(Model model, Authentication authentication) {
+    public String showAddUserForm(
+            HttpServletRequest request, Model model, Authentication authentication) {
         List<User> allUsers = userRepository.findAll();
         Iterator<User> iterator = allUsers.iterator();
         Map<String, String> roleDetails = Role.getAllRoleDetails();
@@ -71,6 +173,52 @@ public class AccountWebController {
             }
         }
 
+        String messageType = request.getParameter("messageType");
+
+        String deleteMessage = null;
+        if (messageType != null) {
+            switch (messageType) {
+                case "deleteCurrentUser":
+                    deleteMessage = "deleteCurrentUserMessage";
+                    break;
+                case "deleteUsernameExists":
+                    deleteMessage = "deleteUsernameExistsMessage";
+                    break;
+                default:
+                    break;
+            }
+            model.addAttribute("deleteMessage", deleteMessage);
+
+            String addMessage = null;
+            switch (messageType) {
+                case "usernameExists":
+                    addMessage = "usernameExistsMessage";
+                    break;
+                case "invalidUsername":
+                    addMessage = "invalidUsernameMessage";
+                    break;
+                default:
+                    break;
+            }
+            model.addAttribute("addMessage", addMessage);
+        }
+
+        String changeMessage = null;
+        if (messageType != null) {
+            switch (messageType) {
+                case "userNotFound":
+                    changeMessage = "userNotFoundMessage";
+                    break;
+                case "downgradeCurrentUser":
+                    changeMessage = "downgradeCurrentUserMessage";
+                    break;
+
+                default:
+                    break;
+            }
+            model.addAttribute("changeMessage", changeMessage);
+        }
+
         model.addAttribute("users", allUsers);
         model.addAttribute("currentUsername", authentication.getName());
         model.addAttribute("roleDetails", roleDetails);
@@ -85,21 +233,36 @@ public class AccountWebController {
         }
         if (authentication != null && authentication.isAuthenticated()) {
             Object principal = authentication.getPrincipal();
+            String username = null;
 
             if (principal instanceof UserDetails) {
                 // Cast the principal object to UserDetails
                 UserDetails userDetails = (UserDetails) principal;
 
                 // Retrieve username and other attributes
-                String username = userDetails.getUsername();
+                username = userDetails.getUsername();
 
+                // Add oAuth2 Login attributes to the model
+                model.addAttribute("oAuth2Login", false);
+            }
+            if (principal instanceof OAuth2User) {
+                // Cast the principal object to OAuth2User
+                OAuth2User userDetails = (OAuth2User) principal;
+
+                // Retrieve username and other attributes
+                username =
+                        userDetails.getAttribute(
+                                applicationProperties.getSecurity().getOAUTH2().getUseAsUsername());
+                // Add oAuth2 Login attributes to the model
+                model.addAttribute("oAuth2Login", true);
+            }
+            if (username != null) {
                 // Fetch user details from the database
                 Optional<User> user =
                         userRepository.findByUsernameIgnoreCase(
                                 username); // Assuming findByUsername method exists
                 if (!user.isPresent()) {
-                    // Handle error appropriately
-                    return "redirect:/error"; // Example redirection in case of error
+                    return "redirect:/error";
                 }
 
                 // Convert settings map to JSON string
@@ -109,8 +272,32 @@ public class AccountWebController {
                     settingsJson = objectMapper.writeValueAsString(user.get().getSettings());
                 } catch (JsonProcessingException e) {
                     // Handle JSON conversion error
-                    e.printStackTrace();
-                    return "redirect:/error"; // Example redirection in case of error
+                    logger.error("exception", e);
+                    return "redirect:/error";
+                }
+
+                String messageType = request.getParameter("messageType");
+                if (messageType != null) {
+                    switch (messageType) {
+                        case "notAuthenticated":
+                            messageType = "notAuthenticatedMessage";
+                            break;
+                        case "userNotFound":
+                            messageType = "userNotFoundMessage";
+                            break;
+                        case "incorrectPassword":
+                            messageType = "incorrectPasswordMessage";
+                            break;
+                        case "usernameExists":
+                            messageType = "usernameExistsMessage";
+                            break;
+                        case "invalidUsername":
+                            messageType = "invalidUsernameMessage";
+                            break;
+                        default:
+                            break;
+                    }
+                    model.addAttribute("messageType", messageType);
                 }
 
                 // Add attributes to the model
@@ -151,6 +338,28 @@ public class AccountWebController {
                     // Handle error appropriately
                     return "redirect:/error"; // Example redirection in case of error
                 }
+
+                String messageType = request.getParameter("messageType");
+                if (messageType != null) {
+                    switch (messageType) {
+                        case "notAuthenticated":
+                            messageType = "notAuthenticatedMessage";
+                            break;
+                        case "userNotFound":
+                            messageType = "userNotFoundMessage";
+                            break;
+                        case "incorrectPassword":
+                            messageType = "incorrectPasswordMessage";
+                            break;
+                        case "usernameExists":
+                            messageType = "usernameExistsMessage";
+                            break;
+                        default:
+                            break;
+                    }
+                    model.addAttribute("messageType", messageType);
+                }
+
                 // Add attributes to the model
                 model.addAttribute("username", username);
             }

src/main/java/stirling/software/SPDF/controller/web/GeneralWebController.java

@@ -15,6 +15,8 @@ import java.util.Objects;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
@@ -33,6 +35,8 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 @Tag(name = "General", description = "General APIs")
 public class GeneralWebController {
 
+    private static final Logger logger = LoggerFactory.getLogger(GeneralWebController.class);
+
     @GetMapping("/pipeline")
     @Hidden
     public String pipelineForm(Model model) {
@@ -74,7 +78,7 @@ public class GeneralWebController {
                 }
 
             } catch (IOException e) {
-                e.printStackTrace();
+                logger.error("exception", e);
             }
         }
         if (pipelineConfigsWithNames.size() == 0) {

src/main/java/stirling/software/SPDF/controller/web/HomeWebController.java

@@ -6,6 +6,8 @@ import java.nio.charset.StandardCharsets;
 import java.util.List;
 import java.util.Map;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
@@ -26,6 +28,8 @@ import stirling.software.SPDF.model.Dependency;
 @Controller
 public class HomeWebController {
 
+    private static final Logger logger = LoggerFactory.getLogger(HomeWebController.class);
+
     @GetMapping("/about")
     @Hidden
     public String gameForm(Model model) {
@@ -46,7 +50,7 @@ public class HomeWebController {
                     mapper.readValue(json, new TypeReference<Map<String, List<Dependency>>>() {});
             model.addAttribute("dependencies", data.get("dependencies"));
         } catch (IOException e) {
-            e.printStackTrace();
+            logger.error("exception", e);
         }
         return "licenses";
     }

src/main/java/stirling/software/SPDF/controller/web/SecurityWebController.java

@@ -53,6 +53,13 @@ public class SecurityWebController {
         return "security/cert-sign";
     }
 
+    @GetMapping("/remove-cert-sign")
+    @Hidden
+    public String certUnSignForm(Model model) {
+        model.addAttribute("currentPage", "remove-cert-sign");
+        return "security/remove-cert-sign";
+    }
+
     @GetMapping("/sanitize-pdf")
     @Hidden
     public String sanitizeForm(Model model) {

src/main/java/stirling/software/SPDF/model/ApplicationProperties.java

@@ -1,7 +1,13 @@
 package stirling.software.SPDF.model;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.List;
+import java.util.stream.Collectors;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
@@ -19,6 +25,7 @@ public class ApplicationProperties {
     private Metrics metrics;
     private AutomaticallyGenerated automaticallyGenerated;
     private AutoPipeline autoPipeline;
+    private static final Logger logger = LoggerFactory.getLogger(ApplicationProperties.class);
 
     public AutoPipeline getAutoPipeline() {
         return autoPipeline != null ? autoPipeline : new AutoPipeline();
@@ -118,6 +125,7 @@ public class ApplicationProperties {
         private Boolean enableLogin;
         private Boolean csrfDisabled;
         private InitialLogin initialLogin;
+        private OAUTH2 oauth2;
         private int loginAttemptCount;
         private long loginResetTimeMinutes;
 
@@ -145,6 +153,14 @@ public class ApplicationProperties {
             this.initialLogin = initialLogin;
         }
 
+        public OAUTH2 getOAUTH2() {
+            return oauth2 != null ? oauth2 : new OAUTH2();
+        }
+
+        public void setOAUTH2(OAUTH2 oauth2) {
+            this.oauth2 = oauth2;
+        }
+
         public Boolean getEnableLogin() {
             return enableLogin;
         }
@@ -165,15 +181,16 @@ public class ApplicationProperties {
         public String toString() {
             return "Security [enableLogin="
                     + enableLogin
+                    + ", oauth2="
+                    + oauth2
                     + ", initialLogin="
                     + initialLogin
-                    + ",  csrfDisabled="
+                    + ", csrfDisabled="
                     + csrfDisabled
                     + "]";
         }
 
         public static class InitialLogin {
-
             private String username;
             private String password;
 
@@ -202,16 +219,511 @@ public class ApplicationProperties {
                         + "]";
             }
         }
+
+        public static class OAUTH2 {
+            private Boolean enabled = false;
+            private String issuer;
+            private String clientId;
+            private String clientSecret;
+            private Boolean autoCreateUser = false;
+            private String useAsUsername;
+            private Collection<String> scopes = new ArrayList<>();
+            private String provider;
+            private Client client = new Client();
+
+            public Boolean getEnabled() {
+                return enabled;
+            }
+
+            public void setEnabled(Boolean enabled) {
+                this.enabled = enabled;
+            }
+
+            public String getIssuer() {
+                return issuer;
+            }
+
+            public void setIssuer(String issuer) {
+                this.issuer = issuer;
+            }
+
+            public String getClientId() {
+                return clientId;
+            }
+
+            public void setClientId(String clientId) {
+                this.clientId = clientId;
+            }
+
+            public String getClientSecret() {
+                return clientSecret;
+            }
+
+            public void setClientSecret(String clientSecret) {
+                this.clientSecret = clientSecret;
+            }
+
+            public Boolean getAutoCreateUser() {
+                return autoCreateUser;
+            }
+
+            public void setAutoCreateUser(Boolean autoCreateUser) {
+                this.autoCreateUser = autoCreateUser;
+            }
+
+            public String getUseAsUsername() {
+                return useAsUsername;
+            }
+
+            public void setUseAsUsername(String useAsUsername) {
+                this.useAsUsername = useAsUsername;
+            }
+
+            public String getProvider() {
+                return provider;
+            }
+
+            public void setProvider(String provider) {
+                this.provider = provider;
+            }
+
+            public Collection<String> getScopes() {
+                return scopes;
+            }
+
+            public void setScopes(String scopes) {
+                List<String> scopesList =
+                        Arrays.stream(scopes.split(","))
+                                .map(String::trim)
+                                .collect(Collectors.toList());
+                this.scopes.addAll(scopesList);
+            }
+
+            public Client getClient() {
+                return client;
+            }
+
+            public void setClient(Client client) {
+                this.client = client;
+            }
+
+            protected boolean isValid(String value, String name) {
+                if (value != null && !value.trim().isEmpty()) {
+                    return true;
+                }
+                return false;
+            }
+
+            protected boolean isValid(Collection<String> value, String name) {
+                if (value != null && !value.isEmpty()) {
+                    return true;
+                }
+                return false;
+            }
+
+            public boolean isSettingsValid() {
+                return isValid(this.getIssuer(), "issuer")
+                        && isValid(this.getClientId(), "clientId")
+                        && isValid(this.getClientSecret(), "clientSecret")
+                        && isValid(this.getScopes(), "scopes")
+                        && isValid(this.getUseAsUsername(), "useAsUsername");
+            }
+
+            @Override
+            public String toString() {
+                return "OAUTH2 [enabled="
+                        + enabled
+                        + ", issuer="
+                        + issuer
+                        + ", clientId="
+                        + clientId
+                        + ", clientSecret="
+                        + (clientSecret != null && !clientSecret.isEmpty() ? "MASKED" : "NULL")
+                        + ", autoCreateUser="
+                        + autoCreateUser
+                        + ", useAsUsername="
+                        + useAsUsername
+                        + ", provider="
+                        + provider
+                        + ", scopes="
+                        + scopes
+                        + "]";
+            }
+
+            public static class Client {
+                private GoogleProvider google = new GoogleProvider();
+                private GithubProvider github = new GithubProvider();
+                private KeycloakProvider keycloak = new KeycloakProvider();
+
+                public Provider get(String registrationId) throws Exception {
+                    switch (registrationId.toLowerCase()) {
+                        case "google":
+                            return getGoogle();
+                        case "github":
+                            return getGithub();
+                        case "keycloak":
+                            return getKeycloak();
+                        default:
+                            break;
+                    }
+                    throw new Exception("Provider not supported, use custom setting.");
+                }
+
+                public GoogleProvider getGoogle() {
+                    return google;
+                }
+
+                public void setGoogle(GoogleProvider google) {
+                    this.google = google;
+                }
+
+                public GithubProvider getGithub() {
+                    return github;
+                }
+
+                public void setGithub(GithubProvider github) {
+                    this.github = github;
+                }
+
+                public KeycloakProvider getKeycloak() {
+                    return keycloak;
+                }
+
+                public void setKeycloak(KeycloakProvider keycloak) {
+                    this.keycloak = keycloak;
+                }
+
+                @Override
+                public String toString() {
+                    return "Client [google="
+                            + google
+                            + ", github="
+                            + github
+                            + ", keycloak="
+                            + keycloak
+                            + "]";
+                }
+            }
+        }
+    }
+
+    public static class GoogleProvider extends Provider {
+
+        private static final String authorizationUri =
+                "https://accounts.google.com/o/oauth2/v2/auth";
+        private static final String tokenUri = "https://www.googleapis.com/oauth2/v4/token";
+        private static final String userInfoUri =
+                "https://www.googleapis.com/oauth2/v3/userinfo?alt=json";
+
+        public String getAuthorizationuri() {
+            return authorizationUri;
+        }
+
+        public String getTokenuri() {
+            return tokenUri;
+        }
+
+        public String getUserinfouri() {
+            return userInfoUri;
+        }
+
+        private String clientId;
+        private String clientSecret;
+        private Collection<String> scopes = new ArrayList<>();
+        private String useAsUsername = "email";
+
+        @Override
+        public String getClientId() {
+            return this.clientId;
+        }
+
+        @Override
+        public void setClientId(String clientId) {
+            this.clientId = clientId;
+        }
+
+        @Override
+        public String getClientSecret() {
+            return this.clientSecret;
+        }
+
+        @Override
+        public void setClientSecret(String clientSecret) {
+            this.clientSecret = clientSecret;
+        }
+
+        @Override
+        public Collection<String> getScopes() {
+            if (scopes == null || scopes.isEmpty()) {
+                scopes = new ArrayList<>();
+                scopes.add("https://www.googleapis.com/auth/userinfo.email");
+                scopes.add("https://www.googleapis.com/auth/userinfo.profile");
+            }
+            return scopes;
+        }
+
+        @Override
+        public void setScopes(String scopes) {
+            this.scopes =
+                    Arrays.stream(scopes.split(",")).map(String::trim).collect(Collectors.toList());
+        }
+
+        @Override
+        public String getUseAsUsername() {
+            return this.useAsUsername;
+        }
+
+        @Override
+        public void setUseAsUsername(String useAsUsername) {
+            this.useAsUsername = useAsUsername;
+        }
+
+        @Override
+        public String toString() {
+            return "Google [clientId="
+                    + clientId
+                    + ", clientSecret="
+                    + (clientSecret != null && !clientSecret.isEmpty() ? "MASKED" : "NULL")
+                    + ", scopes="
+                    + scopes
+                    + ", useAsUsername="
+                    + useAsUsername
+                    + "]";
+        }
+
+        @Override
+        public String getName() {
+            return "google";
+        }
+
+        @Override
+        public String getClientName() {
+            return "Google";
+        }
+
+        public boolean isSettingsValid() {
+            return super.isValid(this.getClientId(), "clientId")
+                    && super.isValid(this.getClientSecret(), "clientSecret")
+                    && super.isValid(this.getScopes(), "scopes")
+                    && isValid(this.getUseAsUsername(), "useAsUsername");
+        }
+    }
+
+    public static class GithubProvider extends Provider {
+        private static final String authorizationUri = "https://github.com/login/oauth/authorize";
+        private static final String tokenUri = "https://github.com/login/oauth/access_token";
+        private static final String userInfoUri = "https://api.github.com/user";
+
+        public String getAuthorizationuri() {
+            return authorizationUri;
+        }
+
+        public String getTokenuri() {
+            return tokenUri;
+        }
+
+        public String getUserinfouri() {
+            return userInfoUri;
+        }
+
+        private String clientId;
+        private String clientSecret;
+        private Collection<String> scopes = new ArrayList<>();
+        private String useAsUsername = "login";
+
+        @Override
+        public String getIssuer() {
+            return new String();
+        }
+
+        @Override
+        public void setIssuer(String issuer) {}
+
+        @Override
+        public String getClientId() {
+            return this.clientId;
+        }
+
+        @Override
+        public void setClientId(String clientId) {
+            this.clientId = clientId;
+        }
+
+        @Override
+        public String getClientSecret() {
+            return this.clientSecret;
+        }
+
+        @Override
+        public void setClientSecret(String clientSecret) {
+            this.clientSecret = clientSecret;
+        }
+
+        public Collection<String> getScopes() {
+            if (scopes == null || scopes.isEmpty()) {
+                scopes = new ArrayList<>();
+                scopes.add("read:user");
+            }
+            return scopes;
+        }
+
+        @Override
+        public void setScopes(String scopes) {
+            this.scopes =
+                    Arrays.stream(scopes.split(",")).map(String::trim).collect(Collectors.toList());
+        }
+
+        @Override
+        public String getUseAsUsername() {
+            return this.useAsUsername;
+        }
+
+        @Override
+        public void setUseAsUsername(String useAsUsername) {
+            this.useAsUsername = useAsUsername;
+        }
+
+        @Override
+        public String toString() {
+            return "GitHub [clientId="
+                    + clientId
+                    + ", clientSecret="
+                    + (clientSecret != null && !clientSecret.isEmpty() ? "MASKED" : "NULL")
+                    + ", scopes="
+                    + scopes
+                    + ", useAsUsername="
+                    + useAsUsername
+                    + "]";
+        }
+
+        @Override
+        public String getName() {
+            return "github";
+        }
+
+        @Override
+        public String getClientName() {
+            return "GitHub";
+        }
+
+        public boolean isSettingsValid() {
+            return super.isValid(this.getClientId(), "clientId")
+                    && super.isValid(this.getClientSecret(), "clientSecret")
+                    && super.isValid(this.getScopes(), "scopes")
+                    && isValid(this.getUseAsUsername(), "useAsUsername");
+        }
+    }
+
+    public static class KeycloakProvider extends Provider {
+        private String issuer;
+        private String clientId;
+        private String clientSecret;
+        private Collection<String> scopes = new ArrayList<>();
+        private String useAsUsername = "email";
+
+        @Override
+        public String getIssuer() {
+            return this.issuer;
+        }
+
+        @Override
+        public void setIssuer(String issuer) {
+            this.issuer = issuer;
+        }
+
+        @Override
+        public String getClientId() {
+            return this.clientId;
+        }
+
+        @Override
+        public void setClientId(String clientId) {
+            this.clientId = clientId;
+        }
+
+        @Override
+        public String getClientSecret() {
+            return this.clientSecret;
+        }
+
+        @Override
+        public void setClientSecret(String clientSecret) {
+            this.clientSecret = clientSecret;
+        }
+
+        @Override
+        public Collection<String> getScopes() {
+            if (scopes == null || scopes.isEmpty()) {
+                scopes = new ArrayList<>();
+                scopes.add("profile");
+                scopes.add("email");
+            }
+            return scopes;
+        }
+
+        public void setScopes(String scopes) {
+            this.scopes =
+                    Arrays.stream(scopes.split(",")).map(String::trim).collect(Collectors.toList());
+        }
+
+        @Override
+        public String getUseAsUsername() {
+            return this.useAsUsername;
+        }
+
+        @Override
+        public void setUseAsUsername(String useAsUsername) {
+            this.useAsUsername = useAsUsername;
+        }
+
+        @Override
+        public String toString() {
+            return "Keycloak [issuer="
+                    + issuer
+                    + ", clientId="
+                    + clientId
+                    + ", clientSecret="
+                    + (clientSecret != null && !clientSecret.isEmpty() ? "MASKED" : "NULL")
+                    + ", scopes="
+                    + scopes
+                    + ", useAsUsername="
+                    + useAsUsername
+                    + "]";
+        }
+
+        @Override
+        public String getName() {
+            return "keycloak";
+        }
+
+        @Override
+        public String getClientName() {
+            return "Keycloak";
+        }
+
+        public boolean isSettingsValid() {
+            return isValid(this.getIssuer(), "issuer")
+                    && isValid(this.getClientId(), "clientId")
+                    && isValid(this.getClientSecret(), "clientSecret")
+                    && isValid(this.getScopes(), "scopes")
+                    && isValid(this.getUseAsUsername(), "useAsUsername");
+        }
     }
 
     public static class System {
         private String defaultLocale;
         private Boolean googlevisibility;
-        private String rootURIPath;
-        private String customStaticFilePath;
-        private Integer maxFileSize;
         private boolean showUpdate;
         private Boolean showUpdateOnlyAdmin;
+        private boolean customHTMLFiles;
+
+        public boolean isCustomHTMLFiles() {
+            return customHTMLFiles;
+        }
+
+        public void setCustomHTMLFiles(boolean customHTMLFiles) {
+            this.customHTMLFiles = customHTMLFiles;
+        }
 
         public boolean getShowUpdateOnlyAdmin() {
             return showUpdateOnlyAdmin;
@@ -255,42 +767,12 @@ public class ApplicationProperties {
             this.googlevisibility = googlevisibility;
         }
 
-        public String getRootURIPath() {
-            return rootURIPath;
-        }
-
-        public void setRootURIPath(String rootURIPath) {
-            this.rootURIPath = rootURIPath;
-        }
-
-        public String getCustomStaticFilePath() {
-            return customStaticFilePath;
-        }
-
-        public void setCustomStaticFilePath(String customStaticFilePath) {
-            this.customStaticFilePath = customStaticFilePath;
-        }
-
-        public Integer getMaxFileSize() {
-            return maxFileSize;
-        }
-
-        public void setMaxFileSize(Integer maxFileSize) {
-            this.maxFileSize = maxFileSize;
-        }
-
         @Override
         public String toString() {
             return "System [defaultLocale="
                     + defaultLocale
                     + ", googlevisibility="
                     + googlevisibility
-                    + ", rootURIPath="
-                    + rootURIPath
-                    + ", customStaticFilePath="
-                    + customStaticFilePath
-                    + ", maxFileSize="
-                    + maxFileSize
                     + ", enableAlphaFunctionality="
                     + enableAlphaFunctionality
                     + ", showUpdate="

src/main/java/stirling/software/SPDF/model/AttemptCounter.java

@@ -5,7 +5,7 @@ public class AttemptCounter {
     private long lastAttemptTime;
 
     public AttemptCounter() {
-        this.attemptCount = 1;
+        this.attemptCount = 0;
         this.lastAttemptTime = System.currentTimeMillis();
     }
 
@@ -18,11 +18,16 @@ public class AttemptCounter {
         return attemptCount;
     }
 
-    public long getlastAttemptTime() {
+    public long getLastAttemptTime() {
         return lastAttemptTime;
     }
 
-    public boolean shouldReset(long ATTEMPT_INCREMENT_TIME) {
-        return System.currentTimeMillis() - lastAttemptTime > ATTEMPT_INCREMENT_TIME;
+    public boolean shouldReset(long attemptIncrementTime) {
+        return System.currentTimeMillis() - lastAttemptTime > attemptIncrementTime;
+    }
+
+    public void reset() {
+        this.attemptCount = 0;
+        this.lastAttemptTime = System.currentTimeMillis();
     }
 }

src/main/java/stirling/software/SPDF/model/AuthenticationType.java

@@ -0,0 +1,6 @@
+package stirling.software.SPDF.model;
+
+public enum AuthenticationType {
+    WEB,
+    OAUTH2
+}

src/main/java/stirling/software/SPDF/model/InputStreamTemplateResource.java

@@ -0,0 +1,45 @@
+package stirling.software.SPDF.model;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+
+import org.thymeleaf.templateresource.ITemplateResource;
+
+public class InputStreamTemplateResource implements ITemplateResource {
+    private InputStream inputStream;
+    private String characterEncoding;
+
+    public InputStreamTemplateResource(InputStream inputStream, String characterEncoding) {
+        this.inputStream = inputStream;
+        this.characterEncoding = characterEncoding;
+    }
+
+    @Override
+    public Reader reader() throws IOException {
+        return new InputStreamReader(inputStream, characterEncoding);
+    }
+
+    @Override
+    public ITemplateResource relative(String relativeLocation) {
+        // Implement logic for relative resources, if needed
+        throw new UnsupportedOperationException("Relative resources not supported");
+    }
+
+    @Override
+    public String getDescription() {
+        return "InputStream resource [Stream]";
+    }
+
+    @Override
+    public String getBaseName() {
+        return "streamResource";
+    }
+
+    @Override
+    public boolean exists() {
+        // TODO Auto-generated method stub
+        return false;
+    }
+}

src/main/java/stirling/software/SPDF/model/Provider.java

@@ -0,0 +1,92 @@
+package stirling.software.SPDF.model;
+
+import java.util.Collection;
+
+public class Provider implements ProviderInterface {
+    private String name;
+    private String clientName;
+
+    public String getName() {
+        return name;
+    }
+
+    public String getClientName() {
+        return clientName;
+    }
+
+    protected boolean isValid(String value, String name) {
+        if (value != null && !value.trim().isEmpty()) {
+            return true;
+        }
+        return false;
+        // throw new IllegalArgumentException(getName() + ": " + name + " is required!");
+    }
+
+    protected boolean isValid(Collection<String> value, String name) {
+        if (value != null && !value.isEmpty()) {
+            return true;
+        }
+        return false;
+        // throw new IllegalArgumentException(getName() + ": " + name + " is required!");
+    }
+
+    @Override
+    public Collection<String> getScopes() {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'getScope'");
+    }
+
+    @Override
+    public void setScopes(String scopes) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'setScope'");
+    }
+
+    @Override
+    public String getUseAsUsername() {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'getUseAsUsername'");
+    }
+
+    @Override
+    public void setUseAsUsername(String useAsUsername) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'setUseAsUsername'");
+    }
+
+    @Override
+    public String getIssuer() {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'getIssuer'");
+    }
+
+    @Override
+    public void setIssuer(String issuer) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'setIssuer'");
+    }
+
+    @Override
+    public String getClientSecret() {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'getClientSecret'");
+    }
+
+    @Override
+    public void setClientSecret(String clientSecret) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'setClientSecret'");
+    }
+
+    @Override
+    public String getClientId() {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'getClientId'");
+    }
+
+    @Override
+    public void setClientId(String clientId) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'setClientId'");
+    }
+}

src/main/java/stirling/software/SPDF/model/ProviderInterface.java

@@ -0,0 +1,26 @@
+package stirling.software.SPDF.model;
+
+import java.util.Collection;
+
+public interface ProviderInterface {
+
+    public Collection<String> getScopes();
+
+    public void setScopes(String scopes);
+
+    public String getUseAsUsername();
+
+    public void setUseAsUsername(String useAsUsername);
+
+    public String getIssuer();
+
+    public void setIssuer(String issuer);
+
+    public String getClientSecret();
+
+    public void setClientSecret(String clientSecret);
+
+    public String getClientId();
+
+    public void setClientId(String clientId);
+}

src/main/java/stirling/software/SPDF/model/User.java

@@ -47,6 +47,9 @@ public class User {
     @Column(name = "roleName")
     private String roleName;
 
+    @Column(name = "authenticationtype")
+    private String authenticationType;
+
     @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL, mappedBy = "user")
     private Set<Authority> authorities = new HashSet<>();
 
@@ -116,6 +119,14 @@ public class User {
         this.enabled = enabled;
     }
 
+    public void setAuthenticationType(AuthenticationType authenticationType) {
+        this.authenticationType = authenticationType.toString().toLowerCase();
+    }
+
+    public String getAuthenticationType() {
+        return authenticationType;
+    }
+
     public Set<Authority> getAuthorities() {
         return authorities;
     }
@@ -137,4 +148,8 @@ public class User {
                 .map(Authority::getAuthority)
                 .collect(Collectors.joining(", "));
     }
+
+    public boolean hasPassword() {
+        return this.password != null && !this.password.isEmpty();
+    }
 }