diff --git a/pkg/auth/flow.go b/pkg/auth/flow.go
index 7502a72..70163c9 100644
--- a/pkg/auth/flow.go
+++ b/pkg/auth/flow.go
@@ -141,6 +141,18 @@ func (f *Flow) progress(c echo.Context) error {
 	return nil
 }
 
+func (a *Authenticator) LoginFlowDeleteHandler(c echo.Context) error {
+	flowID := c.Param("flow_id")
+
+	if flowID == "" {
+		return c.String(http.StatusBadRequest, "empty flow ID")
+	}
+
+	delete(a.Flows, FlowID(flowID))
+
+	return c.String(http.StatusOK, "deleted")
+}
+
 func (a *Authenticator) LoginFlowHandler(c echo.Context) error {
 	if c.Request().Method == http.MethodPost && strings.HasPrefix(c.Request().Header.Get(echo.HeaderContentType), "text/plain") {
 		// hack around the content-type, Context.JSON refuses to work otherwise
diff --git a/pkg/server/server.go b/pkg/server/server.go
index e79f083..fe7b266 100644
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -3,64 +3,48 @@ package server
 import (
 	"io/fs"
 	"log"
-	"net/http"
 	"sync"
 
 	"github.com/labstack/echo/v4"
 
 	"dynatron.me/x/blasphem/pkg/auth"
-	"dynatron.me/x/blasphem/pkg/bus"
+	"dynatron.me/x/blasphem/pkg/blas"
 	"dynatron.me/x/blasphem/pkg/config"
 	"dynatron.me/x/blasphem/pkg/frontend"
 )
 
 type Server struct {
+	*blas.Blas
 	*echo.Echo
-	*bus.Bus
 	auth.Authenticator
 	rootFS fs.FS
 	wg     sync.WaitGroup
-	cfg    *config.Config
 }
 
-type StatusWriter struct {
-	http.ResponseWriter
-	status int
-}
+func (s *Server) installRoutes() {
+	s.GET("/", echo.WrapHandler(frontend.FSHandler))
+	s.GET("/api/websocket", s.wsHandler)
+	s.GET("/auth/authorize", s.AuthorizeHandler)
+	s.GET("/auth/providers", s.ProvidersHandler)
 
-func (w *StatusWriter) WriteHeader(status int) {
-	w.status = status
-	w.ResponseWriter.WriteHeader(status)
-}
-
-func logHandler(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		rw := &StatusWriter{ResponseWriter: w}
-		h.ServeHTTP(rw, r)
-		logRequest(rw.status, r)
-	})
-}
-
-func logRequest(status int, r *http.Request) {
-	log.Println(r.Method, status, r.URL.Path)
+	s.POST("/auth/login_flow", s.LoginFlowHandler)
+	s.POST("/auth/login_flow/:flow_id", s.LoginFlowHandler)
+	s.DELETE("/auth/login_flow/:flow_id", s.LoginFlowDeleteHandler)
 }
 
 func New(cfg *config.Config) (s *Server, err error) {
+	b := blas.New(cfg)
+
 	s = &Server{
+		Blas: b,
 		Echo: echo.New(),
-		cfg:  cfg,
 	}
 	s.InitAuth()
 
 	s.Echo.Debug = true
 	s.Echo.HideBanner = true
 
-	s.GET("/", echo.WrapHandler(frontend.FSHandler))
-	s.GET("/api/websocket", s.wsHandler)
-	s.GET("/auth/authorize", s.AuthorizeHandler)
-	s.GET("/auth/providers", s.ProvidersHandler)
-	s.POST("/auth/login_flow", s.LoginFlowHandler)
-	s.POST("/auth/login_flow/:flow_id", s.LoginFlowHandler)
+	s.installRoutes()
 
 	return s, nil
 }
@@ -68,7 +52,7 @@ func New(cfg *config.Config) (s *Server, err error) {
 func (s *Server) Go() error {
 	s.wg.Add(1)
 	go func() {
-		err := s.Start(s.cfg.Server.Bind)
+		err := s.Start(s.Config.Server.Bind)
 		if err != nil {
 			log.Fatal(err)
 		}