I'm starting to really grasp the volume of work ahead of me in regards to refactoring Atheos. There were a lot of people who worked on the OG Codiad over many years. The deeper I get into the core files, the more I see discrepencies, and a lot of duct tape honestly. I'm reaching a point where the only way forward is to completely move away from supporting older plugins. There are simpy put too many different ways to accomplish all of the things Atheos does built into it, and trying to unify all of them cohesievly means removing functions and namespaces that plugins use. The settings component is one I'm hitting now where to really simply if it's functions for future use, I have to nearly rewrite the entire thing, which means older plugins won't be able to have settings.
I've reached a point where only the most critical files remain untouched, and I actually made it though one of the larger ones. Sadly, I think it's already getting really close to having to fully cut ties with Codiad. What I mean is that I've rewrote so much of the code, that maintaining compatability with Codiad plugins is really starting to cause a huge headache.
I think the next release will be when I remove a ton of my compatabilty checks, but I also have an idea to create a compatability plugin to bridge the gap. However that's still a temporray solution. Codiad will eventually be incompatable with Atheos and that's coming pretty soon.
I've found myself roaming in the backend more and more recently, and honestly it worries me. While I am not an expert on PHP, Backends, or Security; I have spent hours reading about them, and have a fair amount of expeirence implementing them. Sadly, Atheos doesn't use JWTs, at least as far as I've been able to understand. Atheos also URIEncodes a ton of information and send it it plaintext to the server in the URL. Weirder still is that it does post things all the time as well, and stranger than that, it will plain text a path to the server, and, in handling the response, use the path the server replied with, but the server didn't do anything to the path. The client often times passes variables to the server for the server to pass them back to the client to be handled all within the exact same function. Talk about a bizarre waste of bandwidth.