Prepare web-server repository for monorepo

This change prepares the web-server Git repository for the monorepo residing at
https://github.com/atlarge-research.com/opendc. To accomodate for this, we
move all files into a web-server subdirectory.

112 files changed, 4240 insertions, 0 deletions

diff --git a/web-server/.gitignore b/web-server/.gitignore
new file mode 100644
index 00000000..fef0da65
--- /dev/null
+++ b/web-server/.gitignore
@@ -0,0 +1,15 @@
+.DS_Store
+*.pyc
+*.pyo
+venv
+venv*
+dist
+build
+*.egg
+*.egg-info
+_mailinglist
+.tox
+.cache/
+.idea/
+config.json
+test.json
diff --git a/web-server/.gitlab-ci.yml b/web-server/.gitlab-ci.yml
new file mode 100644
index 00000000..c8c07a56
--- /dev/null
+++ b/web-server/.gitlab-ci.yml
@@ -0,0 +1,27 @@
+image: "python:3.8"
+
+variables:
+  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+
+cache:
+  paths:
+    - .cache/pip
+
+stages:
+  - static-analysis
+  - test
+
+static-analysis:
+  stage: static-analysis
+  allow_failure: true
+  script:
+    - python --version
+    - pip install -r requirements.txt
+    - pylint opendc
+
+test:
+  stage: test
+  script:
+    - python --version
+    - pip install -r requirements.txt
+    - pytest opendc
diff --git a/web-server/.pylintrc b/web-server/.pylintrc
new file mode 100644
index 00000000..c7855f0e
--- /dev/null
+++ b/web-server/.pylintrc
@@ -0,0 +1,519 @@
+[MASTER]
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code.
+extension-pkg-whitelist=
+
+# Specify a score threshold to be exceeded before program exits with error.
+fail-under=10
+
+# Add files or directories to the blacklist. They should be base names, not
+# paths.
+ignore=CVS
+
+# Add files or directories matching the regex patterns to the blacklist. The
+# regex matches against base names, not paths.
+ignore-patterns=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
+# number of processors available to use.
+jobs=1
+
+# Control the amount of potential inferred values when inferring a single
+# object. This can help the performance when dealing with large functions or
+# complex, nested conditions.
+limit-inference-results=100
+
+# List of plugins (as comma separated values of python module names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# When enabled, pylint would attempt to guess common misconfiguration and emit
+# user-friendly hints instead of false-positive error messages.
+suggestion-mode=yes
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
+confidence=
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once). You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use "--disable=all --enable=classes
+# --disable=W".
+disable=duplicate-code,
+        missing-module-docstring,
+        invalid-name
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=c-extension-no-member
+
+
+[REPORTS]
+
+# Python expression which should return a score less than or equal to 10. You
+# have access to the variables 'error', 'warning', 'refactor', and 'convention'
+# which contain the number of messages in each category, as well as 'statement'
+# which is the total number of statements analyzed. This score is used by the
+# global evaluation report (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details.
+#msg-template=
+
+# Set the output format. Available formats are text, parseable, colorized, json
+# and msvs (visual studio). You can also give a reporter class, e.g.
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages.
+reports=no
+
+# Activate the evaluation score.
+score=yes
+
+
+[REFACTORING]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+# Complete name of functions that never returns. When checking for
+# inconsistent-return-statements if a never returning function is called then
+# it will be considered as an explicit return statement and no message will be
+# printed.
+never-returning-functions=sys.exit
+
+
+[LOGGING]
+
+# The type of string formatting that logging methods do. `old` means using %
+# formatting, `new` is for `{}` formatting.
+logging-format-style=old
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format.
+logging-modules=logging
+
+
+[SPELLING]
+
+# Limits count of emitted suggestions for spelling mistakes.
+max-spelling-suggestions=4
+
+# Spelling dictionary name. Available dictionaries: none. To make it work,
+# install the python-enchant package.
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains the private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to the private dictionary (see the
+# --spelling-private-dict-file option) instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,
+      XXX,
+      TODO
+
+# Regular expression of note tags to take in consideration.
+#notes-rgx=
+
+
+[TYPECHECK]
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# Tells whether to warn about missing members when the owner of the attribute
+# is inferred to be None.
+ignore-none=yes
+
+# This flag controls whether pylint should warn about no-member and similar
+# checks whenever an opaque object is returned when inferring. The inference
+# can return multiple potential results while evaluating a Python object, but
+# some branches might not be evaluated, which results in partial inference. In
+# that case, it might be useful to still emit no-member and other checks for
+# the rest of the inferred objects.
+ignore-on-opaque-inference=yes
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=optparse.Values,thread._local,_thread._local
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis). It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=
+
+# Show a hint with possible names when a member name was not found. The aspect
+# of finding the hint is based on edit distance.
+missing-member-hint=yes
+
+# The minimum edit distance a name should have in order to be considered a
+# similar match for a missing member name.
+missing-member-hint-distance=1
+
+# The total number of similar names that should be taken in consideration when
+# showing a hint for a missing member.
+missing-member-max-choices=1
+
+# List of decorators that change the signature of a decorated function.
+signature-mutators=
+
+
+[VARIABLES]
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid defining new builtins when possible.
+additional-builtins=
+
+# Tells whether unused global variables should be treated as a violation.
+allow-global-unused-variables=yes
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,
+          _cb
+
+# A regular expression matching the name of dummy variables (i.e. expected to
+# not be used).
+dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore.
+ignored-argument-names=_.*|^ignored_|^unused_
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
+
+
+[FORMAT]
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )?<?https?://\S+>?$
+
+# Number of spaces of indent required inside a hanging or continued line.
+indent-after-paren=4
+
+# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
+# tab).
+indent-string='    '
+
+# Maximum number of characters on a single line.
+max-line-length=120
+
+# Maximum number of lines in a module.
+max-module-lines=1000
+
+# List of optional constructs for which whitespace checking is disabled. `dict-
+# separator` is used to allow tabulation in dicts, etc.: {1  : 1,\n222: 2}.
+# `trailing-comma` allows a space between comma and closing bracket: (a, ).
+# `empty-line` allows space-only lines.
+no-space-check=trailing-comma,
+               dict-separator
+
+# Allow the body of a class to be on the same line as the declaration if body
+# contains single statement.
+single-line-class-stmt=no
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+
+[SIMILARITIES]
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+
+[BASIC]
+
+# Naming style matching correct argument names.
+argument-naming-style=snake_case
+
+# Regular expression matching correct argument names. Overrides argument-
+# naming-style.
+#argument-rgx=
+
+# Naming style matching correct attribute names.
+attr-naming-style=snake_case
+
+# Regular expression matching correct attribute names. Overrides attr-naming-
+# style.
+#attr-rgx=
+
+# Bad variable names which should always be refused, separated by a comma.
+bad-names=foo,
+          bar,
+          baz,
+          toto,
+          tutu,
+          tata
+
+# Bad variable names regexes, separated by a comma. If names match any regex,
+# they will always be refused
+bad-names-rgxs=
+
+# Naming style matching correct class attribute names.
+class-attribute-naming-style=any
+
+# Regular expression matching correct class attribute names. Overrides class-
+# attribute-naming-style.
+#class-attribute-rgx=
+
+# Naming style matching correct class names.
+class-naming-style=PascalCase
+
+# Regular expression matching correct class names. Overrides class-naming-
+# style.
+#class-rgx=
+
+# Naming style matching correct constant names.
+const-naming-style=UPPER_CASE
+
+# Regular expression matching correct constant names. Overrides const-naming-
+# style.
+#const-rgx=
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=-1
+
+# Naming style matching correct function names.
+function-naming-style=snake_case
+
+# Regular expression matching correct function names. Overrides function-
+# naming-style.
+#function-rgx=
+
+# Good variable names which should always be accepted, separated by a comma.
+good-names=i,
+           j,
+           k,
+           ex,
+           Run,
+           _
+
+# Good variable names regexes, separated by a comma. If names match any regex,
+# they will always be accepted
+good-names-rgxs=
+
+# Include a hint for the correct naming format with invalid-name.
+include-naming-hint=no
+
+# Naming style matching correct inline iteration names.
+inlinevar-naming-style=any
+
+# Regular expression matching correct inline iteration names. Overrides
+# inlinevar-naming-style.
+#inlinevar-rgx=
+
+# Naming style matching correct method names.
+method-naming-style=snake_case
+
+# Regular expression matching correct method names. Overrides method-naming-
+# style.
+#method-rgx=
+
+# Naming style matching correct module names.
+module-naming-style=snake_case
+
+# Regular expression matching correct module names. Overrides module-naming-
+# style.
+#module-rgx=
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+# These decorators are taken in consideration only for invalid-name.
+property-classes=abc.abstractproperty
+
+# Naming style matching correct variable names.
+variable-naming-style=snake_case
+
+# Regular expression matching correct variable names. Overrides variable-
+# naming-style.
+#variable-rgx=
+
+
+[STRING]
+
+# This flag controls whether inconsistent-quotes generates a warning when the
+# character used as a quote delimiter is used inconsistently within a module.
+check-quote-consistency=no
+
+# This flag controls whether the implicit-str-concat should generate a warning
+# on implicit string concatenation in sequences defined over several lines.
+check-str-concat-over-line-jumps=no
+
+
+[IMPORTS]
+
+# List of modules that can be imported at any level, not just the top level
+# one.
+allow-any-import-level=
+
+# Allow wildcard imports from modules that define __all__.
+allow-wildcard-with-all=no
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+# Deprecated modules which should not be used, separated by a comma.
+deprecated-modules=optparse,tkinter.tix
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled).
+ext-import-graph=
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled).
+import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled).
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant
+
+# Couples of modules and preferred modules, separated by a comma.
+preferred-modules=
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,
+                      __new__,
+                      setUp,
+                      __post_init__
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,
+                  _fields,
+                  _replace,
+                  _source,
+                  _make
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=cls
+
+
+[DESIGN]
+
+# Maximum number of arguments for function / method.
+max-args=5
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=7
+
+# Maximum number of boolean expressions in an if statement (see R0916).
+max-bool-expr=5
+
+# Maximum number of branch for function / method body.
+max-branches=12
+
+# Maximum number of locals for function / method body.
+max-locals=15
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of return / yield for function / method body.
+max-returns=6
+
+# Maximum number of statements in function / method body.
+max-statements=50
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "BaseException, Exception".
+overgeneral-exceptions=BaseException,
+                       Exception
diff --git a/web-server/.style.yapf b/web-server/.style.yapf
new file mode 100644
index 00000000..f5c26c57
--- /dev/null
+++ b/web-server/.style.yapf
@@ -0,0 +1,3 @@
+[style]
+based_on_style = pep8
+column_limit=120
diff --git a/web-server/LICENSE.md b/web-server/LICENSE.md
new file mode 100644
index 00000000..57288ae2
--- /dev/null
+++ b/web-server/LICENSE.md
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 atlarge-research
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/web-server/OpenDC.postman_collection.json b/web-server/OpenDC.postman_collection.json
new file mode 100644
index 00000000..c34dc310
--- /dev/null
+++ b/web-server/OpenDC.postman_collection.json
@@ -0,0 +1,61 @@
+{
+  "variables": [],
+  "info": {
+    "name": "OpenDC",
+    "_postman_id": "e8b68f59-29cb-71d0-6237-b22932c40f9c",
+    "description": "Sample requests for developing the OpenDC API",
+    "schema": "https://schema.getpostman.com/json/collection/v2.0.0/collection.json"
+  },
+  "item": [
+    {
+      "name": "Create New Simulation",
+      "request": {
+        "url": "localhost:8081/api/v1/simulations",
+        "method": "POST",
+        "header": [
+          {
+            "key": "Content-Type",
+            "value": "application/json",
+            "description": ""
+          },
+          {
+            "key": "auth-token",
+            "value": "PUT YOUR AUTH TOKEN HERE",
+            "description": ""
+          }
+        ],
+        "body": {
+          "mode": "raw",
+          "raw": "{\r\n  \"simulation\": {\r\n    \"name\": \"Simulation Name\"\r\n  }\r\n}"
+        },
+        "description": ""
+      },
+      "response": []
+    },
+    {
+      "name": "Create New User",
+      "request": {
+        "url": "localhost:8081/api/v1/users",
+        "method": "POST",
+        "header": [
+          {
+            "key": "Content-Type",
+            "value": "application/json",
+            "description": ""
+          },
+          {
+            "key": "auth-token",
+            "value": "PUT YOUR AUTH TOKEN HERE",
+            "description": ""
+          }
+        ],
+        "body": {
+          "mode": "raw",
+          "raw": "{\r\n  \"user\": {\r\n    \"email\": \"email@example.com\"\r\n  }\r\n}"
+        },
+        "description": ""
+      },
+      "response": []
+    }
+  ]
+}
\ No newline at end of file
diff --git a/web-server/README.md b/web-server/README.md
new file mode 100644
index 00000000..04146f59
--- /dev/null
+++ b/web-server/README.md
@@ -0,0 +1,130 @@
+<h1 align="center">
+  <img src="images/logo.png" width="100" alt="OpenDC">
+  <br>
+  OpenDC Web Server
+</h1>
+<p align="center">
+Collaborative Datacenter Simulation and Exploration for Everybody
+</p>
+
+The OpenDC web server is the bridge between OpenDC's frontend and database. It is built with Flask/SocketIO in Python and implements the OpenAPI-compliant [OpenDC API specification](https://github.com/atlarge-research/opendc/blob/master/opendc-api-spec.json).
+
+This document explains a high-level view of the web server architecture ([jump](#architecture)), and describes how to set up the web server for local development ([jump](#setup-for-local-development)).
+
+## Architecture
+
+The following diagram shows a high-level view of the architecture of the OpenDC web server. Squared-off colored boxes indicate packages (colors become more saturated as packages are nested); rounded-off boxes indicate individual components; dotted lines indicate control flow; and solid lines indicate data flow.
+
+![OpenDC Web Server Component Diagram](https://raw.githubusercontent.com/atlarge-research/opendc-web-server/master/images/opendc-web-server-component-diagram.png)
+
+The OpenDC API is implemented by the `Main Server Loop`, which is the only component in the base package.
+
+### Util Package
+
+The `Util` package handles several miscellaneous tasks:
+
+* `REST`: Parses SockerIO messages into `Request` objects, and calls the appropriate `API` endpoint to get a `Response` object to return to the `Main Server Loop`.
+* `Param Checker`: Recursively checks whether required `Request` parameters are present and correctly typed.
+* `Exceptions`: Holds definitions for exceptions used throughout the web server.
+* `Database API`: Wraps SQLite functionality used by `Models` to read themselves from/ write themselves into the database.
+
+### API Package
+
+The `API` package contains the logic for the HTTP methods in each API endpoint. Packages are structured to mirror the API: the code for the endpoint `GET simulations/authorizations`, for example, would be located at the `Endpoint` inside the `authorizations` package, inside the `simulations` package (so at `api/simulations/authorizations/endpoint.py`).
+
+An `Endpoint` contains methods for each HTTP method it supports, which takes a request as input (such as `def GET(request):`). Typically, such a method checks whether the parameters were passed correctly (using the `Param Checker`); fetches some model from the database; checks whether the data exists and is accessible by the user who made the request; possibly modifies this data and writes it back to the database; and returns a JSON representation of the model.
+
+The `REST` component dynamically imports the appropriate method from the appropriate `Endpoint`, according to request it receives, and executes it.
+
+### Models Package
+
+The `Models` package contains the logic for mapping Python objects to their database representations. This involves an abstract `model` which has methods to `read`, `insert`, `update` and `delete` objects. Extensions of `model`, such as a `User` or `Simulation`, specify some metadata such as their tabular representation in the database and how they map to a JSON object, which the code in `model` uses in the database interaction methods.
+
+`Endpoint`s import these `Models` and use them to execute requests.
+
+## Setup for Local Development
+
+The following steps will guide you through setting up the OpenDC web server locally for development. To test individual endpoints, edit `static/index.html`. This guide was tested and developed on Windows 10.
+
+### Local Setup
+
+#### Install requirements
+
+Make sure you have Python 2.7 installed (if not, get it [here](https://www.python.org/)), as well as pip (if not, get it [here](https://pip.pypa.io/en/stable/installing/)). Then run the following to install the requirements.
+
+```bash
+python setup.py install
+```
+
+The web server also requires MariaDB >= 10.1. Instructions to install MariaDB can be found [here](https://mariadb.com/kb/en/mariadb/getting-installing-and-upgrading-mariadb/). The Docker image can be found [here](https://hub.docker.com/_/mariadb/). 
+
+#### Get the code
+
+Clone both this repository and the main OpenDC repository, from the same base directory.
+
+```bash
+git clone https://github.com/atlarge-research/opendc-web-server.git
+git clone https://github.com/atlarge-research/opendc.git
+```
+
+#### Set up the database
+
+The database can be rebuilt by using the `schema.sql` file from main opendc repository. 
+
+#### Configure OpenDC
+
+Create a file `config.json` in `opendc-web-server`, containing:
+
+```json
+{
+	"ROOT_DIR": "BASE_DIRECTORY",
+	"OAUTH_CLIENT_ID": "OAUTH_CLIENT_ID",
+	"FLASK_SECRET": "FLASK_SECRET",
+	"MYSQL_DATABASE": "opendc",
+	"MYSQL_USER": "opendc",
+	"MYSQL_PASSWORD": "opendcpassword",
+	"MYSQL_HOST": "127.0.0.1",
+	"MYSQL_PORT": 3306
+}
+```
+
+Make the following replacements:
+* Replace `BASE_DIRECTORY` with the base directory in which you cloned `opendc` and `opendc-web-server`.
+* Replace `OAUTH_CLIENT_ID` with your OAuth client ID (see the [OpenDC README](https://github.com/atlarge-research/opendc#preamble)).
+* Replace `FLASK_SECRET`, come up with some string.
+* Replace the `MYSQL_*` variables with the correct settings for accessing the MariaDB database that was just created. 
+
+In `opendc-web-server/static/index.html`, add your own `OAUTH_CLIENT_ID` in `content=` on line `2`.
+
+#### Set up Postman and OpenDC account
+
+To easily make HTTP requests to the web server, we recommend Postman (get it [here](https://www.getpostman.com/)).
+
+Once Postman is installed and set up, `Import` the OpenDC requests collection (`OpenDC.postman_collection.json`). In the `Collections` tab, expand `OpenDC` and click `Create New User`. This should open the request in the `Builder` pane.
+
+Navigate to `http://localhost:8081/my-auth-token` and copy the authentication token on this page to your clipboard. In the Postman `Builder` pane, navigate to the `Headers (2)` tab, and paste the authentication token as value for the `auth-token` header. (This token expires every hour - refresh the auth token page to get a new token.) 
+
+(Optional: navigate to the `Body` tab and change the email address to the gmail address you used to get an authentication token.)
+
+Click `Send` in Postman to send your request and see the server's response. If it's a `200`, your account is set up!
+
+### Local Development
+
+Run the server.
+
+```bash
+cd opendc-web-server
+python main.py config.json
+```
+
+To try a different query, use the Postman `Builder` to edit the method, path, body, query parameters, etc. `Create New Simulation` is provided as an additional example.
+
+When editing the web server code, restart the server (`CTRL` + `c` followed by `python main.py config.json` in the console running the server) to see the result of your changes.
+
+#### Code Style
+
+To format all files, run `format.sh` in this directory.
+
+#### Testing
+
+Run `pytest` in this directory to run all tests.
diff --git a/web-server/conftest.py b/web-server/conftest.py
new file mode 100644
index 00000000..05172b04
--- /dev/null
+++ b/web-server/conftest.py
@@ -0,0 +1,12 @@
+import pytest
+
+from main import FLASK_CORE_APP
+
+
+@pytest.fixture
+def client():
+    """Returns a Flask API client to interact with."""
+    FLASK_CORE_APP.config['TESTING'] = True
+
+    with FLASK_CORE_APP.test_client() as client:
+        yield client
diff --git a/web-server/format.sh b/web-server/format.sh
new file mode 100644
index 00000000..18cba452
--- /dev/null
+++ b/web-server/format.sh
@@ -0,0 +1 @@
+yapf **/*.py -i
diff --git a/web-server/images/logo.png b/web-server/images/logo.png
new file mode 100644
index 00000000..d743038b
--- /dev/null
+++ b/web-server/images/logo.png
diff --git a/web-server/images/opendc-web-server-component-diagram.png b/web-server/images/opendc-web-server-component-diagram.png
new file mode 100644
index 00000000..91b26006
--- /dev/null
+++ b/web-server/images/opendc-web-server-component-diagram.png
diff --git a/web-server/main.py b/web-server/main.py
new file mode 100644
index 00000000..cd9394d5
--- /dev/null
+++ b/web-server/main.py
@@ -0,0 +1,186 @@
+import flask_socketio
+import json
+import os
+import sys
+import traceback
+import urllib.request
+from flask import Flask, request, send_from_directory, jsonify
+from flask_compress import Compress
+from oauth2client import client, crypt
+from flask_cors import CORS
+
+from opendc.models_old.user import User
+from opendc.util import rest, path_parser, database
+from opendc.util.exceptions import AuthorizationTokenError, RequestInitializationError
+
+TEST_MODE = "OPENDC_FLASK_TESTING" in os.environ
+
+if TEST_MODE:
+    STATIC_ROOT = os.curdir
+else:
+    database.DB.initialize_database(user=os.environ['OPENDC_DB_USERNAME'],
+                                    password=os.environ['OPENDC_DB_PASSWORD'],
+                                    database=os.environ['OPENDC_DB'],
+                                    host='localhost')
+    STATIC_ROOT = os.path.join(os.environ['OPENDC_ROOT_DIR'], 'opendc-frontend', 'build')
+
+FLASK_CORE_APP = Flask(__name__, static_url_path='', static_folder=STATIC_ROOT)
+FLASK_CORE_APP.config['SECRET_KEY'] = os.environ['OPENDC_FLASK_SECRET']
+if 'localhost' in os.environ['OPENDC_SERVER_BASE_URL']:
+    CORS(FLASK_CORE_APP)
+
+compress = Compress()
+compress.init_app(FLASK_CORE_APP)
+
+if 'OPENDC_SERVER_BASE_URL' in os.environ or 'localhost' in os.environ['OPENDC_SERVER_BASE_URL']:
+    SOCKET_IO_CORE = flask_socketio.SocketIO(FLASK_CORE_APP, cors_allowed_origins="*")
+else:
+    SOCKET_IO_CORE = flask_socketio.SocketIO(FLASK_CORE_APP)
+
+
+@FLASK_CORE_APP.errorhandler(404)
+def page_not_found(e):
+    return send_from_directory(STATIC_ROOT, 'index.html')
+
+
+@FLASK_CORE_APP.route('/tokensignin', methods=['POST'])
+def sign_in():
+    """Authenticate a user with Google sign in"""
+
+    try:
+        token = request.form['idtoken']
+    except KeyError:
+        return 'No idtoken provided', 401
+
+    try:
+        idinfo = client.verify_id_token(token, os.environ['OPENDC_OAUTH_CLIENT_ID'])
+
+        if idinfo['aud'] != os.environ['OPENDC_OAUTH_CLIENT_ID']:
+            raise crypt.AppIdentityError('Unrecognized client.')
+
+        if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
+            raise crypt.AppIdentityError('Wrong issuer.')
+    except ValueError:
+        url = "https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={}".format(token)
+        req = urllib.request.Request(url)
+        response = urllib.request.urlopen(url=req, timeout=30)
+        res = response.read()
+        idinfo = json.loads(res)
+    except crypt.AppIdentityError as e:
+        return 'Did not successfully authenticate'
+
+    user = User.from_google_id(idinfo['sub'])
+
+    data = {'isNewUser': not user.exists()}
+
+    if user.exists():
+        data['userId'] = user.id
+
+    return jsonify(**data)
+
+
+@FLASK_CORE_APP.route('/api/<string:version>/<path:endpoint_path>', methods=['GET', 'POST', 'PUT', 'DELETE'])
+def api_call(version, endpoint_path):
+    """Call an API endpoint directly over HTTP."""
+
+    # Get path and parameters
+    (path, path_parameters) = path_parser.parse(version, endpoint_path)
+
+    query_parameters = request.args.to_dict()
+    for param in query_parameters:
+        try:
+            query_parameters[param] = int(query_parameters[param])
+        except:
+            pass
+
+    try:
+        body_parameters = json.loads(request.get_data())
+    except:
+        body_parameters = {}
+
+    # Create and call request
+    (req, response) = _process_message({
+        'id': 0,
+        'method': request.method,
+        'parameters': {
+            'body': body_parameters,
+            'path': path_parameters,
+            'query': query_parameters
+        },
+        'path': path,
+        'token': request.headers.get('auth-token')
+    })
+
+    print(
+        f'HTTP:\t{req.method} to `/{req.path}` resulted in {response.status["code"]}: {response.status["description"]}')
+    sys.stdout.flush()
+
+    flask_response = jsonify(json.loads(response.to_JSON()))
+    flask_response.status_code = response.status['code']
+    return flask_response
+
+
+@FLASK_CORE_APP.route('/my-auth-token')
+def serve_web_server_test():
+    """Serve the web server test."""
+    return send_from_directory(STATIC_ROOT, 'index.html')
+
+
+@FLASK_CORE_APP.route('/')
+@FLASK_CORE_APP.route('/simulations')
+@FLASK_CORE_APP.route('/simulations/<path:simulation_id>')
+@FLASK_CORE_APP.route('/simulations/<path:simulation_id>/experiments')
+@FLASK_CORE_APP.route('/simulations/<path:simulation_id>/experiments/<path:experiment_id>')
+@FLASK_CORE_APP.route('/profile')
+def serve_index(simulation_id=None, experiment_id=None):
+    return send_from_directory(STATIC_ROOT, 'index.html')
+
+
+@SOCKET_IO_CORE.on('request')
+def receive_message(message):
+    """"Receive a SocketIO request"""
+    (req, res) = _process_message(message)
+
+    print(f'Socket:\t{req.method} to `/{req.path}` resulted in {res.status["code"]}: {res.status["description"]}')
+    sys.stdout.flush()
+
+    flask_socketio.emit('res', res.to_JSON(), json=True)
+
+
+def _process_message(message):
+    """Process a request message and return the response."""
+
+    try:
+        req = rest.Request(message)
+        res = req.process()
+
+        return req, res
+
+    except AuthorizationTokenError:
+        res = rest.Response(401, 'Authorization error')
+        res.id = message['id']
+
+    except RequestInitializationError as e:
+        res = rest.Response(400, str(e))
+        res.id = message['id']
+
+        if not 'method' in message:
+            message['method'] = 'UNSPECIFIED'
+        if not 'path' in message:
+            message['path'] = 'UNSPECIFIED'
+
+    except Exception:
+        res = rest.Response(500, 'Internal server error')
+        if 'id' in message:
+            res.id = message['id']
+        traceback.print_exc()
+
+    req = rest.Request()
+    req.method = message['method']
+    req.path = message['path']
+
+    return req, res
+
+
+if __name__ == '__main__':
+    SOCKET_IO_CORE.run(FLASK_CORE_APP, host='0.0.0.0', port=8081)
diff --git a/web-server/opendc/__init__.py b/web-server/opendc/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/__init__.py
diff --git a/web-server/opendc/api/__init__.py b/web-server/opendc/api/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/__init__.py
diff --git a/web-server/opendc/api/v2/__init__.py b/web-server/opendc/api/v2/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/__init__.py b/web-server/opendc/api/v2/experiments/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/endpoint.py b/web-server/opendc/api/v2/experiments/experimentId/endpoint.py
new file mode 100644
index 00000000..bc2b139e
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/endpoint.py
@@ -0,0 +1,113 @@
+from opendc.models_old.experiment import Experiment
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Experiment."""
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to view this Experiment
+
+    if not experiment.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from retrieving {}.'.format(experiment))
+
+    # Return this Experiment
+
+    experiment.read()
+
+    return Response(200, 'Successfully retrieved {}.'.format(experiment), experiment.to_JSON())
+
+
+def PUT(request):
+    """Update this Experiment's Path, Trace, Scheduler, and/or name."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path={'experimentId': 'int'},
+            body={'experiment': {
+                'pathId': 'int',
+                'traceId': 'int',
+                'schedulerName': 'string',
+                'name': 'string'
+            }})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to edit this Experiment
+
+    if not experiment.google_id_has_at_least(request.google_id, 'EDIT'):
+        return Response(403, 'Forbidden from updating {}.'.format(experiment))
+
+    # Update this Experiment
+
+    experiment.path_id = request.params_body['experiment']['pathId']
+    experiment.trace_id = request.params_body['experiment']['traceId']
+    experiment.scheduler_name = request.params_body['experiment']['schedulerName']
+    experiment.name = request.params_body['experiment']['name']
+
+    try:
+        experiment.update()
+
+    except exceptions.ForeignKeyError:
+        return Response(400, 'Foreign key error.')
+
+    # Return this Experiment
+
+    return Response(200, 'Successfully updated {}.'.format(experiment), experiment.to_JSON())
+
+
+def DELETE(request):
+    """Delete this Experiment."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment and make sure it exists
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to delete this Experiment
+
+    if not experiment.google_id_has_at_least(request.google_id, 'EDIT'):
+        return Response(403, 'Forbidden from deleting {}.'.format(experiment))
+
+    # Delete and return this Experiment
+
+    experiment.delete()
+
+    return Response(200, 'Successfully deleted {}.'.format(experiment), experiment.to_JSON())
diff --git a/web-server/opendc/api/v2/experiments/experimentId/last-simulated-tick/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/last-simulated-tick/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/last-simulated-tick/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/last-simulated-tick/endpoint.py b/web-server/opendc/api/v2/experiments/experimentId/last-simulated-tick/endpoint.py
new file mode 100644
index 00000000..3309502c
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/last-simulated-tick/endpoint.py
@@ -0,0 +1,32 @@
+from opendc.models_old.experiment import Experiment
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Experiment's last simulated tick."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to view this Experiment's last simulated tick
+
+    if not experiment.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from viewing last simulated tick for {}.'.format(experiment))
+
+    return Response(200, 'Successfully retrieved last simulated tick for {}.'.format(experiment),
+                    {'lastSimulatedTick': experiment.last_simulated_tick})
diff --git a/web-server/opendc/api/v2/experiments/experimentId/machine-states/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/machine-states/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/machine-states/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/machine-states/endpoint.py b/web-server/opendc/api/v2/experiments/experimentId/machine-states/endpoint.py
new file mode 100644
index 00000000..c7dcad9a
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/machine-states/endpoint.py
@@ -0,0 +1,42 @@
+from opendc.models_old.experiment import Experiment
+from opendc.models_old.machine_state import MachineState
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Experiment's Machine States."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to view this Experiment's Machine States
+
+    if not experiment.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from viewing Machine States for {}.'.format(experiment))
+
+    # Get and return the Machine States
+
+    if 'tick' in request.params_query:
+        machine_states = MachineState.from_experiment_id_and_tick(request.params_path['experimentId'],
+                                                                  request.params_query['tick'])
+
+    else:
+        machine_states = MachineState.from_experiment_id(request.params_path['experimentId'])
+
+    return Response(200, 'Successfully retrieved Machine States for {}.'.format(experiment),
+                    [x.to_JSON() for x in machine_states])
diff --git a/web-server/opendc/api/v2/experiments/experimentId/rack-states/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/rack-states/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/rack-states/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/rack-states/endpoint.py b/web-server/opendc/api/v2/experiments/experimentId/rack-states/endpoint.py
new file mode 100644
index 00000000..f3acf56a
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/rack-states/endpoint.py
@@ -0,0 +1,42 @@
+from opendc.models_old.experiment import Experiment
+from opendc.models_old.rack_state import RackState
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Experiment's Tack States."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to view this Experiment's Rack States
+
+    if not experiment.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from viewing Rack States for {}.'.format(experiment))
+
+    # Get and return the Rack States
+
+    if 'tick' in request.params_query:
+        rack_states = RackState.from_experiment_id_and_tick(request.params_path['experimentId'],
+                                                            request.params_query['tick'])
+
+    else:
+        rack_states = RackState.from_experiment_id(request.params_path['experimentId'])
+
+    return Response(200, 'Successfully retrieved Rack States for {}.'.format(experiment),
+                    [x.to_JSON() for x in rack_states])
diff --git a/web-server/opendc/api/v2/experiments/experimentId/room-states/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/room-states/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/room-states/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/room-states/endpoint.py b/web-server/opendc/api/v2/experiments/experimentId/room-states/endpoint.py
new file mode 100644
index 00000000..db3f8b14
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/room-states/endpoint.py
@@ -0,0 +1,42 @@
+from opendc.models_old.experiment import Experiment
+from opendc.models_old.room_state import RoomState
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Experiment's Room States."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to view this Experiment's Room States
+
+    if not experiment.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from viewing Room States for {}.'.format(experiment))
+
+    # Get and return the Room States
+
+    if 'tick' in request.params_query:
+        room_states = RoomState.from_experiment_id_and_tick(request.params_path['experimentId'],
+                                                            request.params_query['tick'])
+
+    else:
+        room_states = RoomState.from_experiment_id(request.params_path['experimentId'])
+
+    return Response(200, 'Successfully retrieved Room States for {}.'.format(experiment),
+                    [x.to_JSON() for x in room_states])
diff --git a/web-server/opendc/api/v2/experiments/experimentId/statistics/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/statistics/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/statistics/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/statistics/task-durations/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/statistics/task-durations/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/statistics/task-durations/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/statistics/task-durations/endpoint.py b/web-server/opendc/api/v2/experiments/experimentId/statistics/task-durations/endpoint.py
new file mode 100644
index 00000000..498db239
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/statistics/task-durations/endpoint.py
@@ -0,0 +1,37 @@
+from opendc.models_old.experiment import Experiment
+from opendc.models_old.task_duration import TaskDuration
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Experiment's Task Durations."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to view this Experiment's Task Durations
+
+    if not experiment.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from viewing Task Durations for {}.'.format(experiment))
+
+    # Get and return the Task Durations
+
+    task_durations = TaskDuration.from_experiment_id(request.params_path['experimentId'])
+
+    return Response(200, 'Successfully retrieved Task Durations for {}.'.format(experiment),
+                    [x.to_JSON() for x in task_durations])
diff --git a/web-server/opendc/api/v2/experiments/experimentId/task-states/__init__.py b/web-server/opendc/api/v2/experiments/experimentId/task-states/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/task-states/__init__.py
diff --git a/web-server/opendc/api/v2/experiments/experimentId/task-states/endpoint.py b/web-server/opendc/api/v2/experiments/experimentId/task-states/endpoint.py
new file mode 100644
index 00000000..c0ae47fc
--- /dev/null
+++ b/web-server/opendc/api/v2/experiments/experimentId/task-states/endpoint.py
@@ -0,0 +1,42 @@
+from opendc.models_old.experiment import Experiment
+from opendc.models_old.task_state import TaskState
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Experiment's Task States."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'experimentId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Experiment from the database
+
+    experiment = Experiment.from_primary_key((request.params_path['experimentId'], ))
+
+    # Make sure this Experiment exists
+
+    if not experiment.exists():
+        return Response(404, '{} not found.'.format(experiment))
+
+    # Make sure this user is authorized to view Task States for this Experiment
+
+    if not experiment.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from viewing Task States for {}.'.format(experiment))
+
+    # Get and return the Task States
+
+    if 'tick' in request.params_query:
+        task_states = TaskState.from_experiment_id_and_tick(request.params_path['experimentId'],
+                                                            request.params_query['tick'])
+
+    else:
+        task_states = TaskState.query('experiment_id', request.params_path['experimentId'])
+
+    return Response(200, 'Successfully retrieved Task States for {}.'.format(experiment),
+                    [x.to_JSON() for x in task_states])
diff --git a/web-server/opendc/api/v2/paths.json b/web-server/opendc/api/v2/paths.json
new file mode 100644
index 00000000..ce054a8c
--- /dev/null
+++ b/web-server/opendc/api/v2/paths.json
@@ -0,0 +1,19 @@
+[
+  "/users",
+  "/users/{userId}",
+  "/simulations",
+  "/simulations/{simulationId}",
+  "/simulations/{simulationId}/authorizations",
+  "/simulations/{simulationId}/topologies",
+  "/experiments/{experimentId}/last-simulated-tick",
+  "/experiments/{experimentId}/machine-states",
+  "/experiments/{experimentId}/rack-states",
+  "/experiments/{experimentId}/room-states",
+  "/experiments/{experimentId}/task-states",
+  "/topologies/{topologyId}",
+  "/simulations/{simulationId}/experiments",
+  "/experiments/{experimentId}",
+  "/schedulers",
+  "/traces",
+  "/traces/{traceId}"
+]
diff --git a/web-server/opendc/api/v2/schedulers/__init__.py b/web-server/opendc/api/v2/schedulers/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/schedulers/__init__.py
diff --git a/web-server/opendc/api/v2/schedulers/endpoint.py b/web-server/opendc/api/v2/schedulers/endpoint.py
new file mode 100644
index 00000000..0bbc3322
--- /dev/null
+++ b/web-server/opendc/api/v2/schedulers/endpoint.py
@@ -0,0 +1,10 @@
+from opendc.util.rest import Response
+
+
+SCHEDULERS = ['DEFAULT']
+
+
+def GET(_):
+    """Get all available Schedulers."""
+
+    return Response(200, 'Successfully retrieved Schedulers.', [{'name': name} for name in SCHEDULERS])
diff --git a/web-server/opendc/api/v2/schedulers/test_endpoint.py b/web-server/opendc/api/v2/schedulers/test_endpoint.py
new file mode 100644
index 00000000..a0bd8758
--- /dev/null
+++ b/web-server/opendc/api/v2/schedulers/test_endpoint.py
@@ -0,0 +1,2 @@
+def test_get_schedulers(client):
+    assert '200' in client.get('/api/v2/schedulers').status
diff --git a/web-server/opendc/api/v2/simulations/__init__.py b/web-server/opendc/api/v2/simulations/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/__init__.py
diff --git a/web-server/opendc/api/v2/simulations/endpoint.py b/web-server/opendc/api/v2/simulations/endpoint.py
new file mode 100644
index 00000000..232df2ff
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/endpoint.py
@@ -0,0 +1,30 @@
+from datetime import datetime
+
+from opendc.models.simulation import Simulation
+from opendc.models.topology import Topology
+from opendc.models.user import User
+from opendc.util import exceptions
+from opendc.util.database import Database
+from opendc.util.rest import Response
+
+
+def POST(request):
+    """Create a new simulation, and return that new simulation."""
+
+    request.check_required_parameters(body={'simulation': {'name': 'string'}})
+
+    topology = Topology({'name': 'Default topology'})
+    topology.insert()
+
+    simulation = Simulation({'simulation': request.params_body['simulation']})
+    simulation.set_property('datetimeCreated', Database.datetime_to_string(datetime.now()))
+    simulation.set_property('datetimeLastEdited', Database.datetime_to_string(datetime.now()))
+    simulation.set_property('topologyIds', [topology.obj['_id']])
+    simulation.set_property('experimentIds', [])
+    simulation.insert()
+
+    user = User.from_google_id(request.google_id)
+    user.obj['authorizations'].append({'simulationId': simulation.obj['_id'], 'authorizationLevel': 'OWN'})
+    user.update()
+
+    return Response(200, 'Successfully created simulation.', simulation.obj)
diff --git a/web-server/opendc/api/v2/simulations/simulationId/__init__.py b/web-server/opendc/api/v2/simulations/simulationId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/__init__.py
diff --git a/web-server/opendc/api/v2/simulations/simulationId/authorizations/__init__.py b/web-server/opendc/api/v2/simulations/simulationId/authorizations/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/authorizations/__init__.py
diff --git a/web-server/opendc/api/v2/simulations/simulationId/authorizations/endpoint.py b/web-server/opendc/api/v2/simulations/simulationId/authorizations/endpoint.py
new file mode 100644
index 00000000..df2b5cfd
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/authorizations/endpoint.py
@@ -0,0 +1,37 @@
+from opendc.models_old.authorization import Authorization
+from opendc.models_old.simulation import Simulation
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Find all authorizations for a Simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'simulationId': 'string'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate a Simulation and make sure it exists
+
+    simulation = Simulation.from_primary_key((request.params_path['simulationId'], ))
+
+    if not simulation.exists():
+        return Response(404, '{} not found.'.format(simulation))
+
+    # Make sure this User is allowed to view this Simulation's Authorizations
+
+    if not simulation.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from retrieving Authorizations for {}.'.format(simulation))
+
+    # Get the Authorizations
+
+    authorizations = Authorization.query('simulation_id', request.params_path['simulationId'])
+
+    # Return the Authorizations
+
+    return Response(200, 'Successfully retrieved Authorizations for {}.'.format(simulation),
+                    [x.to_JSON() for x in authorizations])
diff --git a/web-server/opendc/api/v2/simulations/simulationId/authorizations/userId/__init__.py b/web-server/opendc/api/v2/simulations/simulationId/authorizations/userId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/authorizations/userId/__init__.py
diff --git a/web-server/opendc/api/v2/simulations/simulationId/authorizations/userId/endpoint.py b/web-server/opendc/api/v2/simulations/simulationId/authorizations/userId/endpoint.py
new file mode 100644
index 00000000..121530db
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/authorizations/userId/endpoint.py
@@ -0,0 +1,178 @@
+from opendc.models_old.authorization import Authorization
+from opendc.models_old.simulation import Simulation
+from opendc.models_old.user import User
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def DELETE(request):
+    """Delete a user's authorization level over a simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'simulationId': 'string', 'userId': 'string'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Authorization
+
+    authorization = Authorization.from_primary_key((request.params_path['userId'], request.params_path['simulationId']))
+
+    # Make sure this Authorization exists in the database
+
+    if not authorization.exists():
+        return Response(404, '{} not found.'.format(authorization))
+
+    # Make sure this User is allowed to delete this Authorization
+
+    if not authorization.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from deleting {}.'.format(authorization))
+
+    # Delete this Authorization
+
+    authorization.delete()
+
+    return Response(200, 'Successfully deleted {}.'.format(authorization), authorization.to_JSON())
+
+
+def GET(request):
+    """Get this User's Authorization over this Simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'simulationId': 'string', 'userId': 'string'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Authorization
+
+    authorization = Authorization.from_primary_key((request.params_path['userId'], request.params_path['simulationId']))
+
+    # Make sure this Authorization exists in the database
+
+    if not authorization.exists():
+        return Response(404, '{} not found.'.format(authorization))
+
+    # Read this Authorization from the database
+
+    authorization.read()
+
+    # Return this Authorization
+
+    return Response(200, 'Successfully retrieved {}'.format(authorization), authorization.to_JSON())
+
+
+def POST(request):
+    """Add an authorization for a user's access to a simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={
+            'userId': 'string',
+            'simulationId': 'string'
+        },
+                                          body={'authorization': {
+                                              'authorizationLevel': 'string'
+                                          }})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate an Authorization
+
+    authorization = Authorization.from_JSON({
+        'userId':
+        request.params_path['userId'],
+        'simulationId':
+        request.params_path['simulationId'],
+        'authorizationLevel':
+        request.params_body['authorization']['authorizationLevel']
+    })
+
+    # Make sure the Simulation and User exist
+
+    user = User.from_primary_key((authorization.user_id, ))
+    if not user.exists():
+        return Response(404, '{} not found.'.format(user))
+
+    simulation = Simulation.from_primary_key((authorization.simulation_id, ))
+    if not simulation.exists():
+        return Response(404, '{} not found.'.format(simulation))
+
+    # Make sure this User is allowed to add this Authorization
+
+    if not simulation.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from creating {}.'.format(authorization))
+
+    # Make sure this Authorization does not already exist
+
+    if authorization.exists():
+        return Response(409, '{} already exists.'.format(authorization))
+
+    # Try to insert this Authorization into the database
+
+    try:
+        authorization.insert()
+
+    except exceptions.ForeignKeyError:
+        return Response(400, 'Invalid authorizationLevel')
+
+    # Return this Authorization
+
+    return Response(200, 'Successfully added {}'.format(authorization), authorization.to_JSON())
+
+
+def PUT(request):
+    """Change a user's authorization level over a simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={
+            'simulationId': 'string',
+            'userId': 'string'
+        },
+                                          body={'authorization': {
+                                              'authorizationLevel': 'string'
+                                          }})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate and Authorization
+
+    authorization = Authorization.from_JSON({
+        'userId':
+        request.params_path['userId'],
+        'simulationId':
+        request.params_path['simulationId'],
+        'authorizationLevel':
+        request.params_body['authorization']['authorizationLevel']
+    })
+
+    # Make sure this Authorization exists
+
+    if not authorization.exists():
+        return Response(404, '{} not found.'.format(authorization))
+
+    # Make sure this User is allowed to edit this Authorization
+
+    if not authorization.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from updating {}.'.format(authorization))
+
+    # Try to update this Authorization
+
+    try:
+        authorization.update()
+
+    except exceptions.ForeignKeyError as e:
+        return Response(400, 'Invalid authorization level.')
+
+    # Return this Authorization
+
+    return Response(200, 'Successfully updated {}.'.format(authorization), authorization.to_JSON())
diff --git a/web-server/opendc/api/v2/simulations/simulationId/endpoint.py b/web-server/opendc/api/v2/simulations/simulationId/endpoint.py
new file mode 100644
index 00000000..282e3291
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/endpoint.py
@@ -0,0 +1,57 @@
+from datetime import datetime
+
+from opendc.models.simulation import Simulation
+from opendc.models.topology import Topology
+from opendc.util.database import Database
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Simulation."""
+
+    request.check_required_parameters(path={'simulationId': 'string'})
+
+    simulation = Simulation.from_id(request.params_path['simulationId'])
+
+    simulation.check_exists()
+    simulation.check_user_access(request.google_id, False)
+
+    return Response(200, 'Successfully retrieved simulation', simulation.obj)
+
+
+def PUT(request):
+    """Update a simulation's name."""
+
+    request.check_required_parameters(body={'simulation': {'name': 'name'}}, path={'simulationId': 'string'})
+
+    simulation = Simulation.from_id(request.params_path['simulationId'])
+
+    simulation.check_exists()
+    simulation.check_user_access(request.google_id, True)
+
+    simulation.set_property('name', request.params_body['simulation']['name'])
+    simulation.set_property('datetime_last_edited', Database.datetime_to_string(datetime.now()))
+    simulation.update()
+
+    return Response(200, 'Successfully updated simulation.', simulation.obj)
+
+
+def DELETE(request):
+    """Delete this Simulation."""
+
+    request.check_required_parameters(path={'simulationId': 'string'})
+
+    simulation = Simulation.from_id(request.params_path['simulationId'])
+
+    simulation.check_exists()
+    simulation.check_user_access(request.google_id, True)
+
+    for topology_id in simulation.obj['topologyIds']:
+        topology = Topology.from_id(topology_id)
+        topology.delete()
+
+    # TODO remove all experiments
+
+    simulation.delete()
+
+    return Response(200, f'Successfully deleted simulation.', simulation.obj)
diff --git a/web-server/opendc/api/v2/simulations/simulationId/experiments/__init__.py b/web-server/opendc/api/v2/simulations/simulationId/experiments/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/experiments/__init__.py
diff --git a/web-server/opendc/api/v2/simulations/simulationId/experiments/endpoint.py b/web-server/opendc/api/v2/simulations/simulationId/experiments/endpoint.py
new file mode 100644
index 00000000..9df84838
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/experiments/endpoint.py
@@ -0,0 +1,97 @@
+from opendc.models_old.experiment import Experiment
+from opendc.models_old.simulation import Simulation
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Simulation's Experiments."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'simulationId': 'string'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate a Simulation from the database
+
+    simulation = Simulation.from_primary_key((request.params_path['simulationId'], ))
+
+    # Make sure this Simulation exists
+
+    if not simulation.exists():
+        return Response(404, '{} not found.'.format(simulation))
+
+    # Make sure this user is authorized to view this Simulation's Experiments
+
+    if not simulation.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Reponse(403, 'Forbidden from viewing Experiments for {}.'.format(simulation))
+
+    # Get and return the Experiments
+
+    experiments = Experiment.query('simulation_id', request.params_path['simulationId'])
+
+    return Response(200, 'Successfully retrieved Experiments for {}.'.format(simulation),
+                    [x.to_JSON() for x in experiments])
+
+
+def POST(request):
+    """Add a new Experiment for this Simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'simulationId': 'string'},
+                                          body={
+                                              'experiment': {
+                                                  'simulationId': 'string',
+                                                  'pathId': 'int',
+                                                  'traceId': 'int',
+                                                  'schedulerName': 'string',
+                                                  'name': 'string'
+                                              }
+                                          })
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Make sure the passed object's simulation id matches the path simulation id
+
+    if request.params_path['simulationId'] != request.params_body['experiment']['simulationId']:
+        return Response(403, 'ID mismatch.')
+
+    # Instantiate a Simulation from the database
+
+    simulation = Simulation.from_primary_key((request.params_path['simulationId'], ))
+
+    # Make sure this Simulation exists
+
+    if not simulation.exists():
+        return Response(404, '{} not found.'.format(simulation))
+
+    # Make sure this user is authorized to edit this Simulation's Experiments
+
+    if not simulation.google_id_has_at_least(request.google_id, 'EDIT'):
+        return Response(403, 'Forbidden from adding an experiment to {}.'.format(simulation))
+
+    # Instantiate an Experiment
+
+    experiment = Experiment.from_JSON(request.params_body['experiment'])
+    experiment.state = 'QUEUED'
+    experiment.last_simulated_tick = 0
+
+    # Try to insert this Experiment
+
+    try:
+        experiment.insert()
+
+    except exceptions.ForeignKeyError as e:
+        return Response(400, 'Foreign key constraint not met.' + e)
+
+    # Return this Experiment
+
+    experiment.read()
+
+    return Response(200, 'Successfully added {}.'.format(experiment), experiment.to_JSON())
diff --git a/web-server/opendc/api/v2/simulations/simulationId/test_endpoint.py b/web-server/opendc/api/v2/simulations/simulationId/test_endpoint.py
new file mode 100644
index 00000000..a0586aab
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/test_endpoint.py
@@ -0,0 +1,97 @@
+from opendc.util.database import DB
+
+
+def test_get_simulation_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.get('/api/v2/simulations/1').status
+
+
+def test_get_simulation_no_authorizations(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'authorizations': []})
+    res = client.get('/api/v2/simulations/1')
+    assert '403' in res.status
+
+
+def test_get_simulation_not_authorized(client, mocker):
+    mocker.patch.object(DB,
+                        'fetch_one',
+                        return_value={
+                            '_id': '1',
+                            'authorizations': [{
+                                'simulationId': '2',
+                                'authorizationLevel': 'OWN'
+                            }]
+                        })
+    res = client.get('/api/v2/simulations/1')
+    assert '403' in res.status
+
+
+def test_get_simulation(client, mocker):
+    mocker.patch.object(DB,
+                        'fetch_one',
+                        return_value={
+                            '_id': '1',
+                            'authorizations': [{
+                                'simulationId': '1',
+                                'authorizationLevel': 'EDIT'
+                            }]
+                        })
+    res = client.get('/api/v2/simulations/1')
+    assert '200' in res.status
+
+
+def test_update_simulation_missing_parameter(client):
+    assert '400' in client.put('/api/v2/simulations/1').status
+
+
+def test_update_simulation_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.put('/api/v2/simulations/1', json={'simulation': {'name': 'S'}}).status
+
+
+def test_update_simulation_not_authorized(client, mocker):
+    mocker.patch.object(DB,
+                        'fetch_one',
+                        return_value={
+                            '_id': '1',
+                            'authorizations': [{
+                                'simulationId': '1',
+                                'authorizationLevel': 'VIEW'
+                            }]
+                        })
+    mocker.patch.object(DB, 'update', return_value={})
+    assert '403' in client.put('/api/v2/simulations/1', json={'simulation': {'name': 'S'}}).status
+
+
+def test_update_simulation(client, mocker):
+    mocker.patch.object(DB,
+                        'fetch_one',
+                        return_value={
+                            '_id': '1',
+                            'authorizations': [{
+                                'simulationId': '1',
+                                'authorizationLevel': 'OWN'
+                            }]
+                        })
+    mocker.patch.object(DB, 'update', return_value={})
+
+    res = client.put('/api/v2/simulations/1', json={'simulation': {'name': 'S'}})
+    assert '200' in res.status
+
+
+def test_delete_simulation_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.delete('/api/v2/simulations/1').status
+
+
+def test_delete_simulation_different_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'googleId': 'other_test', 'authorizations': [{'simulationId': '1', 'authorizationLevel': 'VIEW'}], 'topologyIds': []})
+    mocker.patch.object(DB, 'delete_one', return_value=None)
+    assert '403' in client.delete('/api/v2/simulations/1').status
+
+
+def test_delete_simulation(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'googleId': 'test', 'authorizations': [{'simulationId': '1', 'authorizationLevel': 'OWN'}], 'topologyIds': []})
+    mocker.patch.object(DB, 'delete_one', return_value={'googleId': 'test'})
+    res = client.delete('/api/v2/simulations/1')
+    assert '200' in res.status
diff --git a/web-server/opendc/api/v2/simulations/simulationId/topologies/__init__.py b/web-server/opendc/api/v2/simulations/simulationId/topologies/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/topologies/__init__.py
diff --git a/web-server/opendc/api/v2/simulations/simulationId/topologies/endpoint.py b/web-server/opendc/api/v2/simulations/simulationId/topologies/endpoint.py
new file mode 100644
index 00000000..ab7b7006
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/topologies/endpoint.py
@@ -0,0 +1,29 @@
+from datetime import datetime
+
+from opendc.models.simulation import Simulation
+from opendc.models.topology import Topology
+from opendc.util import exceptions
+from opendc.util.rest import Response
+from opendc.util.database import Database
+
+
+def POST(request):
+    """Add a new Topology to the specified simulation and return it"""
+
+    request.check_required_parameters(path={'simulationId': 'string'}, body={'topology': {'name': 'string'}})
+
+    simulation = Simulation.from_id(request.params_path['simulationId'])
+
+    simulation.check_exists()
+    simulation.check_user_access(request.google_id, True)
+
+    topology = Topology({'name': request.params_body['topology']['name']})
+    topology.set_property('datetimeCreated', Database.datetime_to_string(datetime.now()))
+    topology.set_property('datetimeLastEdited', Database.datetime_to_string(datetime.now()))
+    topology.insert()
+
+    simulation.obj['topologyIds'].append(topology.obj['_id'])
+    simulation.set_property('datetimeLastEdited', Database.datetime_to_string(datetime.now()))
+    simulation.update()
+
+    return Response(200, 'Successfully inserted topology.', topology.obj)
diff --git a/web-server/opendc/api/v2/simulations/simulationId/topologies/test_endpoint.py b/web-server/opendc/api/v2/simulations/simulationId/topologies/test_endpoint.py
new file mode 100644
index 00000000..10b5e3c9
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/simulationId/topologies/test_endpoint.py
@@ -0,0 +1,26 @@
+from opendc.util.database import DB
+
+
+def test_add_topology_missing_parameter(client):
+    assert '400' in client.post('/api/v2/simulations/1/topologies/').status
+
+
+def test_add_topology(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'authorizations': [{'simulationId': '1', 'authorizationLevel': 'OWN'}], 'topologyIds': []})
+    mocker.patch.object(DB,
+                        'insert',
+                        return_value={
+                            '_id': '1',
+                            'datetimeCreated': '000',
+                            'datetimeEdit': '000',
+                            'topologyIds': []
+                        })
+    mocker.patch.object(DB, 'update', return_value={})
+    res = client.post('/api/v2/simulations/1/topologies/', json={'topology': {'name': 'test simulation'}})
+    assert 'datetimeCreated' in res.json['content']
+    assert 'datetimeEdit' in res.json['content']
+    assert 'topologyIds' in res.json['content']
+    assert '200' in res.status
+
+def test_add_topology_no_authorizations(client, mocker):
+    pass
\ No newline at end of file
diff --git a/web-server/opendc/api/v2/simulations/test_endpoint.py b/web-server/opendc/api/v2/simulations/test_endpoint.py
new file mode 100644
index 00000000..d23df74a
--- /dev/null
+++ b/web-server/opendc/api/v2/simulations/test_endpoint.py
@@ -0,0 +1,23 @@
+from opendc.util.database import DB
+
+
+def test_add_simulation_missing_parameter(client):
+    assert '400' in client.post('/api/v2/simulations').status
+
+
+def test_add_simulation(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'authorizations': []})
+    mocker.patch.object(DB,
+                        'insert',
+                        return_value={
+                            '_id': '1',
+                            'datetimeCreated': '000',
+                            'datetimeEdit': '000',
+                            'topologyIds': []
+                        })
+    mocker.patch.object(DB, 'update', return_value={})
+    res = client.post('/api/v2/simulations', json={'simulation': {'name': 'test simulation'}})
+    assert 'datetimeCreated' in res.json['content']
+    assert 'datetimeEdit' in res.json['content']
+    assert 'topologyIds' in res.json['content']
+    assert '200' in res.status
diff --git a/web-server/opendc/api/v2/topologies/__init__.py b/web-server/opendc/api/v2/topologies/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/topologies/__init__.py
diff --git a/web-server/opendc/api/v2/topologies/topologyId/__init__.py b/web-server/opendc/api/v2/topologies/topologyId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/topologies/topologyId/__init__.py
diff --git a/web-server/opendc/api/v2/topologies/topologyId/endpoint.py b/web-server/opendc/api/v2/topologies/topologyId/endpoint.py
new file mode 100644
index 00000000..6c6ab9c2
--- /dev/null
+++ b/web-server/opendc/api/v2/topologies/topologyId/endpoint.py
@@ -0,0 +1,16 @@
+from opendc.models.topology import Topology
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Topology."""
+
+    request.check_required_parameters(path={'topologyId': 'int'})
+
+    topology = Topology.from_id(request.params_path['topologyId'])
+
+    topology.check_exists()
+    topology.check_user_access(request.google_id, False)
+
+    return Response(200, 'Successfully retrieved topology.', topology.obj)
diff --git a/web-server/opendc/api/v2/topologies/topologyId/rooms/__init__.py b/web-server/opendc/api/v2/topologies/topologyId/rooms/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/topologies/topologyId/rooms/__init__.py
diff --git a/web-server/opendc/api/v2/topologies/topologyId/rooms/endpoint.py b/web-server/opendc/api/v2/topologies/topologyId/rooms/endpoint.py
new file mode 100644
index 00000000..96ee7028
--- /dev/null
+++ b/web-server/opendc/api/v2/topologies/topologyId/rooms/endpoint.py
@@ -0,0 +1,93 @@
+from opendc.models_old.datacenter import Datacenter
+from opendc.models_old.room import Room
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Datacenter's Rooms."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'datacenterId': 'int'})
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate a Datacenter from the database
+
+    datacenter = Datacenter.from_primary_key((request.params_path['datacenterId'], ))
+
+    # Make sure this Datacenter exists
+
+    if not datacenter.exists():
+        return Response(404, '{} not found.'.format(datacenter))
+
+    # Make sure this user is authorized to view this Datacenter's Rooms
+
+    if not datacenter.google_id_has_at_least(request.google_id, 'VIEW'):
+        return Response(403, 'Forbidden from viewing Rooms for {}.'.format(datacenter))
+
+    # Get and return the Rooms
+
+    rooms = Room.query('datacenter_id', datacenter.id)
+
+    return Response(200, 'Successfully retrieved Rooms for {}.'.format(datacenter), [x.to_JSON() for x in rooms])
+
+
+def POST(request):
+    """Add a Room."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'datacenterId': 'int'},
+                                          body={'room': {
+                                              'id': 'int',
+                                              'datacenterId': 'int',
+                                              'roomType': 'string'
+                                          }})
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Make sure the passed object's datacenter id matches the path datacenter id
+
+    if request.params_path['datacenterId'] != request.params_body['room']['datacenterId']:
+        return Response(400, 'ID mismatch.')
+
+    # Instantiate a Datacenter from the database
+
+    datacenter = Datacenter.from_primary_key((request.params_path['datacenterId'], ))
+
+    # Make sure this Datacenter exists
+
+    if not datacenter.exists():
+        return Response(404, '{} not found.'.format(datacenter))
+
+    # Make sure this user is authorized to edit this Datacenter's Rooms
+
+    if not datacenter.google_id_has_at_least(request.google_id, 'EDIT'):
+        return Response(403, 'Forbidden from adding a Room to {}.'.format(datacenter))
+
+    # Add a name if not provided
+
+    if 'name' not in request.params_body['room']:
+        room_count = len(Room.query('datacenter_id', datacenter.id))
+        request.params_body['room']['name'] = 'Room {}'.format(room_count)
+
+    # Instantiate a Room
+
+    room = Room.from_JSON(request.params_body['room'])
+
+    # Try to insert this Room
+
+    try:
+        room.insert()
+    except:
+        return Response(400, 'Invalid `roomType` or existing `name`.')
+
+    # Return this Room
+
+    room.read()
+
+    return Response(200, 'Successfully added {}.'.format(room), room.to_JSON())
diff --git a/web-server/opendc/api/v2/topologies/topologyId/test_endpoint.py b/web-server/opendc/api/v2/topologies/topologyId/test_endpoint.py
new file mode 100644
index 00000000..e54052aa
--- /dev/null
+++ b/web-server/opendc/api/v2/topologies/topologyId/test_endpoint.py
@@ -0,0 +1,46 @@
+from opendc.util.database import DB
+
+'''
+GET /topologies/{topologyId}
+'''
+
+def test_get_topology(client, mocker):
+	mocker.patch.object(DB, 'fetch_one', return_value={
+                            '_id': '1',
+                            'authorizations': [{
+                                'topologyId': '1',
+                                'authorizationLevel': 'EDIT'
+                            }]
+                        })
+	res = client.get('/api/v2/topologies/1')
+	assert '200' in res.status
+
+def test_get_topology_non_existing(client, mocker):
+	mocker.patch.object(DB, 'fetch_one', return_value=None)
+	assert '404' in client.get('/api/v2/topologies/1').status
+
+def test_get_topology_not_authorized(client, mocker):
+	mocker.patch.object(DB, 'fetch_one', return_value={
+                            '_id': '1',
+                            'authorizations': [{
+                                'topologyId': '2',
+                                'authorizationLevel': 'OWN'
+                            }]
+                        })
+	res = client.get('/api/v2/topologies/1')
+	assert '403' in res.status
+
+def test_get_topology_no_authorizations(client, mocker):
+	mocker.patch.object(DB, 'fetch_one', return_value={'authorizations': []})
+	res = client.get('/api/v2/topologies/1')
+	assert '403' in res.status
+
+
+'''
+PUT /topologies/{topologyId}
+'''
+
+
+'''
+DELETE /topologies/{topologyId}
+'''
\ No newline at end of file
diff --git a/web-server/opendc/api/v2/traces/__init__.py b/web-server/opendc/api/v2/traces/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/traces/__init__.py
diff --git a/web-server/opendc/api/v2/traces/endpoint.py b/web-server/opendc/api/v2/traces/endpoint.py
new file mode 100644
index 00000000..58cc6153
--- /dev/null
+++ b/web-server/opendc/api/v2/traces/endpoint.py
@@ -0,0 +1,14 @@
+from opendc.models_old.trace import Trace
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get all available Traces."""
+
+    # Get the Traces
+
+    traces = Trace.query()
+
+    # Return the Traces
+
+    return Response(200, 'Successfully retrieved Traces', [x.to_JSON() for x in traces])
diff --git a/web-server/opendc/api/v2/traces/traceId/__init__.py b/web-server/opendc/api/v2/traces/traceId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/traces/traceId/__init__.py
diff --git a/web-server/opendc/api/v2/traces/traceId/endpoint.py b/web-server/opendc/api/v2/traces/traceId/endpoint.py
new file mode 100644
index 00000000..f6442a31
--- /dev/null
+++ b/web-server/opendc/api/v2/traces/traceId/endpoint.py
@@ -0,0 +1,26 @@
+from opendc.models_old.trace import Trace
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this Trace."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(path={'traceId': 'int'})
+
+    except exceptions.ParameterError as e:
+        return Response(400, str(e))
+
+    # Instantiate a Trace and make sure it exists
+
+    trace = Trace.from_primary_key((request.params_path['traceId'], ))
+
+    if not trace.exists():
+        return Response(404, '{} not found.'.format(trace))
+
+    # Return this Trace
+
+    return Response(200, 'Successfully retrieved {}.'.format(trace), trace.to_JSON())
diff --git a/web-server/opendc/api/v2/users/__init__.py b/web-server/opendc/api/v2/users/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/users/__init__.py
diff --git a/web-server/opendc/api/v2/users/endpoint.py b/web-server/opendc/api/v2/users/endpoint.py
new file mode 100644
index 00000000..c6041756
--- /dev/null
+++ b/web-server/opendc/api/v2/users/endpoint.py
@@ -0,0 +1,31 @@
+from opendc.models.user import User
+from opendc.util import exceptions
+from opendc.util.database import DB
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Search for a User using their email address."""
+
+    request.check_required_parameters(query={'email': 'string'})
+
+    user = User.from_email(request.params_query['email'])
+
+    user.check_exists()
+
+    return Response(200, f'Successfully retrieved user.', user.obj)
+
+
+def POST(request):
+    """Add a new User."""
+
+    request.check_required_parameters(body={'user': {'email': 'string'}})
+
+    user = User(request.params_body['user'])
+    user.set_property('googleId', request.google_id)
+    user.set_property('authorizations', [])
+
+    user.check_already_exists()
+
+    user.insert()
+    return Response(200, f'Successfully created user.', user.obj)
diff --git a/web-server/opendc/api/v2/users/test_endpoint.py b/web-server/opendc/api/v2/users/test_endpoint.py
new file mode 100644
index 00000000..d60429b3
--- /dev/null
+++ b/web-server/opendc/api/v2/users/test_endpoint.py
@@ -0,0 +1,34 @@
+from opendc.util.database import DB
+
+
+def test_get_user_by_email_missing_parameter(client):
+    assert '400' in client.get('/api/v2/users').status
+
+
+def test_get_user_by_email_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.get('/api/v2/users?email=test@test.com').status
+
+
+def test_get_user_by_email(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'email': 'test@test.com'})
+    res = client.get('/api/v2/users?email=test@test.com')
+    assert 'email' in res.json['content']
+    assert '200' in res.status
+
+
+def test_add_user_missing_parameter(client):
+    assert '400' in client.post('/api/v2/users').status
+
+
+def test_add_user_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'email': 'test@test.com'})
+    assert '409' in client.post('/api/v2/users', json={'user': {'email': 'test@test.com'}}).status
+
+
+def test_add_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    mocker.patch.object(DB, 'insert', return_value={'email': 'test@test.com'})
+    res = client.post('/api/v2/users', json={'user': {'email': 'test@test.com'}})
+    assert 'email' in res.json['content']
+    assert '200' in res.status
diff --git a/web-server/opendc/api/v2/users/userId/__init__.py b/web-server/opendc/api/v2/users/userId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/api/v2/users/userId/__init__.py
diff --git a/web-server/opendc/api/v2/users/userId/endpoint.py b/web-server/opendc/api/v2/users/userId/endpoint.py
new file mode 100644
index 00000000..e68a2bb3
--- /dev/null
+++ b/web-server/opendc/api/v2/users/userId/endpoint.py
@@ -0,0 +1,52 @@
+from opendc.models.user import User
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this User."""
+
+    request.check_required_parameters(path={'userId': 'string'})
+
+    user = User.from_id(request.params_path['userId'])
+
+    user.check_exists()
+
+    return Response(200, f'Successfully retrieved user.', user.obj)
+
+
+def PUT(request):
+    """Update this User's given name and/or family name."""
+
+    request.check_required_parameters(body={'user': {
+        'givenName': 'string',
+        'familyName': 'string'
+    }},
+                                      path={'userId': 'string'})
+
+    user = User.from_id(request.params_path['userId'])
+
+    user.check_exists()
+    user.check_correct_user(request.google_id)
+
+    user.set_property('givenName', request.params_body['user']['givenName'])
+    user.set_property('familyName', request.params_body['user']['familyName'])
+
+    user.update()
+
+    return Response(200, f'Successfully updated user.', user.obj)
+
+
+def DELETE(request):
+    """Delete this User."""
+
+    request.check_required_parameters(path={'userId': 'string'})
+
+    user = User.from_id(request.params_path['userId'])
+
+    user.check_exists()
+    user.check_correct_user(request.google_id)
+
+    user.delete()
+
+    return Response(200, f'Successfully deleted user.', user.obj)
diff --git a/web-server/opendc/api/v2/users/userId/test_endpoint.py b/web-server/opendc/api/v2/users/userId/test_endpoint.py
new file mode 100644
index 00000000..0d590129
--- /dev/null
+++ b/web-server/opendc/api/v2/users/userId/test_endpoint.py
@@ -0,0 +1,53 @@
+from opendc.util.database import DB
+
+
+def test_get_user_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.get('/api/v2/users/1').status
+
+
+def test_get_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'email': 'test@test.com'})
+    res = client.get('/api/v2/users/1')
+    assert 'email' in res.json['content']
+    assert '200' in res.status
+
+
+def test_update_user_missing_parameter(client):
+    assert '400' in client.put('/api/v2/users/1').status
+
+
+def test_update_user_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.put('/api/v2/users/1', json={'user': {'givenName': 'A', 'familyName': 'B'}}).status
+
+
+def test_update_user_different_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'googleId': 'other_test'})
+    assert '403' in client.put('/api/v2/users/1', json={'user': {'givenName': 'A', 'familyName': 'B'}}).status
+
+
+def test_update_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'googleId': 'test'})
+    mocker.patch.object(DB, 'update', return_value={'givenName': 'A', 'familyName': 'B'})
+    res = client.put('/api/v2/users/1', json={'user': {'givenName': 'A', 'familyName': 'B'}})
+    assert 'givenName' in res.json['content']
+    assert '200' in res.status
+
+
+def test_delete_user_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.delete('/api/v2/users/1').status
+
+
+def test_delete_user_different_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'googleId': 'other_test'})
+    assert '403' in client.delete('/api/v2/users/1').status
+
+
+def test_delete_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'googleId': 'test'})
+    mocker.patch.object(DB, 'delete_one', return_value={'googleId': 'test'})
+    res = client.delete('/api/v2/users/1')
+    assert 'googleId' in res.json['content']
+    assert '200' in res.status
diff --git a/web-server/opendc/models/__init__.py b/web-server/opendc/models/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/models/__init__.py
diff --git a/web-server/opendc/models/model.py b/web-server/opendc/models/model.py
new file mode 100644
index 00000000..2505ae61
--- /dev/null
+++ b/web-server/opendc/models/model.py
@@ -0,0 +1,30 @@
+from opendc.util.database import DB
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Model:
+    collection_name = '<specified in subclasses>'
+
+    @classmethod
+    def from_id(cls, _id):
+        return cls(DB.fetch_one({'_id': _id}, Model.collection_name))
+
+    def __init__(self, obj):
+        self.obj = obj
+
+    def check_exists(self):
+        if self.obj is None:
+            raise ClientError(Response(404, 'Not found.'))
+
+    def set_property(self, key, value):
+        self.obj[key] = value
+
+    def insert(self):
+        self.obj = DB.insert(self.obj, self.collection_name)
+
+    def update(self):
+        self.obj = DB.update(self.obj['_id'], self.obj, self.collection_name)
+
+    def delete(self):
+        self.obj = DB.delete_one({'_id': self.obj['_id']}, self.collection_name)
diff --git a/web-server/opendc/models/simulation.py b/web-server/opendc/models/simulation.py
new file mode 100644
index 00000000..5cd3d49e
--- /dev/null
+++ b/web-server/opendc/models/simulation.py
@@ -0,0 +1,15 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Simulation(Model):
+    collection_name = 'simulations'
+
+    def check_user_access(self, google_id, edit_access):
+        user = User.from_google_id(google_id)
+        authorizations = list(
+            filter(lambda x: str(x['simulationId']) == str(self.obj['_id']), user.obj['authorizations']))
+        if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+            raise ClientError(Response(403, "Forbidden from retrieving simulation."))
diff --git a/web-server/opendc/models/topology.py b/web-server/opendc/models/topology.py
new file mode 100644
index 00000000..6dde3e2a
--- /dev/null
+++ b/web-server/opendc/models/topology.py
@@ -0,0 +1,15 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Topology(Model):
+    collection_name = 'topologies'
+
+    def check_user_access(self, google_id, edit_access):
+        user = User.from_google_id(google_id)
+        authorizations = list(
+            filter(lambda x: str(x['topologyId']) == str(self.obj['_id']), user.obj['authorizations']))
+        if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+            raise ClientError(Response(403, "Forbidden from retrieving topology."))
diff --git a/web-server/opendc/models/trace.py b/web-server/opendc/models/trace.py
new file mode 100644
index 00000000..916db073
--- /dev/null
+++ b/web-server/opendc/models/trace.py
@@ -0,0 +1,8 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Trace(Model):
+    collection_name = 'traces'
diff --git a/web-server/opendc/models/user.py b/web-server/opendc/models/user.py
new file mode 100644
index 00000000..cd314457
--- /dev/null
+++ b/web-server/opendc/models/user.py
@@ -0,0 +1,26 @@
+from opendc.models.model import Model
+from opendc.util.database import DB
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class User(Model):
+    collection_name = 'users'
+
+    @classmethod
+    def from_email(cls, email):
+        return User(DB.fetch_one({'email': email}, User.collection_name))
+
+    @classmethod
+    def from_google_id(cls, google_id):
+        return User(DB.fetch_one({'googleId': google_id}, User.collection_name))
+
+    def check_correct_user(self, request_google_id):
+        if request_google_id is not None and self.obj['googleId'] != request_google_id:
+            raise ClientError(Response(403, f'Forbidden from editing user with ID {self.obj["_id"]}.'))
+
+    def check_already_exists(self):
+        existing_user = DB.fetch_one({'googleId': self.obj['googleId']}, self.collection_name)
+
+        if existing_user is not None:
+            raise ClientError(Response(409, 'User already exists.'))
diff --git a/web-server/opendc/models_old/__init__.py b/web-server/opendc/models_old/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/models_old/__init__.py
diff --git a/web-server/opendc/models_old/allowed_object.py b/web-server/opendc/models_old/allowed_object.py
new file mode 100644
index 00000000..bcadf025
--- /dev/null
+++ b/web-server/opendc/models_old/allowed_object.py
@@ -0,0 +1,22 @@
+from opendc.models_old.model import Model
+
+
+class AllowedObject(Model):
+    JSON_TO_PYTHON_DICT = {'AllowedObject': {'roomType': 'room_type', 'objectType': 'object_type'}}
+
+    COLLECTION_NAME = 'allowed_objects'
+    COLUMNS = ['room_type', 'object_type']
+    COLUMNS_PRIMARY_KEY = ['room_type', 'object_type']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this AllowedObject."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
+
+    def to_JSON(self):
+        """Return a JSON representation of this AllowedObject."""
+
+        return self.object_type
diff --git a/web-server/opendc/models_old/authorization.py b/web-server/opendc/models_old/authorization.py
new file mode 100644
index 00000000..43d784e9
--- /dev/null
+++ b/web-server/opendc/models_old/authorization.py
@@ -0,0 +1,45 @@
+from opendc.models_old.model import Model
+from opendc.models_old.user import User
+
+
+class Authorization(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Authorization': {
+            'userId': 'user_id',
+            'simulationId': 'simulation_id',
+            'authorizationLevel': 'authorization_level'
+        }
+    }
+
+    COLLECTION_NAME = 'authorizations'
+    COLUMNS = ['user_id', 'simulation_id', 'authorization_level']
+    COLUMNS_PRIMARY_KEY = ['user_id', 'simulation_id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this Authorization."""
+
+        authorization = Authorization.from_primary_key((User.from_google_id(google_id).id, self.simulation_id))
+
+        if authorization is None:
+            return False
+
+        return authorization.has_at_least(authorization_level)
+
+    def has_at_least(self, required_level):
+        """Return True if this Authorization has at least the required level."""
+
+        if not self.exists():
+            return False
+
+        authorization_levels = ['VIEW', 'EDIT', 'OWN']
+
+        try:
+            index_actual = authorization_levels.index(self.authorization_level)
+            index_required = authorization_levels.index(required_level)
+        except:
+            return False
+
+        if index_actual >= index_required:
+            return True
+        else:
+            return False
diff --git a/web-server/opendc/models_old/cpu.py b/web-server/opendc/models_old/cpu.py
new file mode 100644
index 00000000..0f50ce1c
--- /dev/null
+++ b/web-server/opendc/models_old/cpu.py
@@ -0,0 +1,34 @@
+from opendc.models_old.model import Model
+
+
+class CPU(Model):
+    JSON_TO_PYTHON_DICT = {
+        'CPU': {
+            'id': 'id',
+            'manufacturer': 'manufacturer',
+            'family': 'family',
+            'generation': 'generation',
+            'model': 'model',
+            'clockRateMhz': 'clock_rate_mhz',
+            'numberOfCores': 'number_of_cores',
+            'energyConsumptionW': 'energy_consumption_w',
+            'failureModelId': 'failure_model_id'
+        }
+    }
+
+    COLLECTION_NAME = 'cpus'
+
+    COLUMNS = [
+        'id', 'manufacturer', 'family', 'generation', 'model', 'clock_rate_mhz', 'number_of_cores',
+        'energy_consumption_w', 'failure_model_id'
+    ]
+
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this CPU."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/datacenter.py b/web-server/opendc/models_old/datacenter.py
new file mode 100644
index 00000000..b1ed2eee
--- /dev/null
+++ b/web-server/opendc/models_old/datacenter.py
@@ -0,0 +1,27 @@
+from opendc.models_old.model import Model
+from opendc.models_old.section import Section
+
+
+class Datacenter(Model):
+    JSON_TO_PYTHON_DICT = {'datacenter': {'id': 'id', 'starred': 'starred', 'simulationId': 'simulation_id'}}
+
+    PATH = '/v1/simulations/{simulationId}/datacenters'
+
+    COLLECTION_NAME = 'datacenters'
+    COLUMNS = ['id', 'simulation_id', 'starred']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Datacenter."""
+
+        # Get a Section that contains this Datacenter. It doesn't matter which one, since all Sections that have this
+        # Datacenter belong to the same Simulation, so the User's Authorization is the same for each one.
+
+        try:
+            section = Section.query('datacenter_id', self.id)[0]
+        except:
+            return False
+
+        # Check the Section's Authorization
+
+        return section.google_id_has_at_least(google_id, authorization_level)
diff --git a/web-server/opendc/models_old/experiment.py b/web-server/opendc/models_old/experiment.py
new file mode 100644
index 00000000..64b99212
--- /dev/null
+++ b/web-server/opendc/models_old/experiment.py
@@ -0,0 +1,36 @@
+from opendc.models_old.model import Model
+from opendc.models_old.simulation import Simulation
+from opendc.util import exceptions
+
+
+class Experiment(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Experiment': {
+            'id': 'id',
+            'simulationId': 'simulation_id',
+            'pathId': 'path_id',
+            'traceId': 'trace_id',
+            'schedulerName': 'scheduler_name',
+            'name': 'name',
+            'state': 'state',
+            'lastSimulatedTick': 'last_simulated_tick'
+        }
+    }
+
+    COLLECTION_NAME = 'experiments'
+    COLUMNS = ['id', 'simulation_id', 'path_id', 'trace_id', 'scheduler_name', 'name', 'state', 'last_simulated_tick']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Experiment."""
+
+        # Get the Simulation
+
+        try:
+            simulation = Simulation.from_primary_key((self.simulation_id, ))
+        except exceptions.RowNotFoundError:
+            return False
+
+        # Check the Simulation's Authorization
+
+        return simulation.google_id_has_at_least(google_id, authorization_level)
diff --git a/web-server/opendc/models_old/failure_model.py b/web-server/opendc/models_old/failure_model.py
new file mode 100644
index 00000000..d1a8c1cc
--- /dev/null
+++ b/web-server/opendc/models_old/failure_model.py
@@ -0,0 +1,17 @@
+from opendc.models_old.model import Model
+
+
+class FailureModel(Model):
+    JSON_TO_PYTHON_DICT = {'FailureModel': {'id': 'id', 'name': 'name', 'rate': 'rate'}}
+
+    COLLECTION_NAME = 'failure_models'
+    COLUMNS = ['id', 'name', 'rate']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this FailureModel."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/gpu.py b/web-server/opendc/models_old/gpu.py
new file mode 100644
index 00000000..31b3b6b1
--- /dev/null
+++ b/web-server/opendc/models_old/gpu.py
@@ -0,0 +1,34 @@
+from opendc.models_old.model import Model
+
+
+class GPU(Model):
+    JSON_TO_PYTHON_DICT = {
+        'GPU': {
+            'id': 'id',
+            'manufacturer': 'manufacturer',
+            'family': 'family',
+            'generation': 'generation',
+            'model': 'model',
+            'clockRateMhz': 'clock_rate_mhz',
+            'numberOfCores': 'number_of_cores',
+            'energyConsumptionW': 'energy_consumption_w',
+            'failureModelId': 'failure_model_id'
+        }
+    }
+
+    COLLECTION_NAME = 'gpus'
+
+    COLUMNS = [
+        'id', 'manufacturer', 'family', 'generation', 'model', 'clock_rate_mhz', 'number_of_cores',
+        'energy_consumption_w', 'failure_model_id'
+    ]
+
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this GPU."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/job.py b/web-server/opendc/models_old/job.py
new file mode 100644
index 00000000..9cb7cd7e
--- /dev/null
+++ b/web-server/opendc/models_old/job.py
@@ -0,0 +1,14 @@
+from opendc.models_old.model import Model
+
+
+class Job(Model):
+    JSON_TO_PYTHON_DICT = {'Job': {'id': 'id', 'name': 'name'}}
+
+    COLLECTION_NAME = 'jobs'
+    COLUMNS = ['id', 'name']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Job."""
+
+        return authorization_level not in ['EDIT', 'OWN']
diff --git a/web-server/opendc/models_old/machine.py b/web-server/opendc/models_old/machine.py
new file mode 100644
index 00000000..8e5ccb44
--- /dev/null
+++ b/web-server/opendc/models_old/machine.py
@@ -0,0 +1,122 @@
+import copy
+
+from opendc.models_old.model import Model
+from opendc.models_old.rack import Rack
+from opendc.util import database, exceptions
+
+
+class Machine(Model):
+    JSON_TO_PYTHON_DICT = {
+        'machine': {
+            'id': 'id',
+            'rackId': 'rack_id',
+            'position': 'position',
+            'tags': 'tags',
+            'cpuIds': 'cpu_ids',
+            'gpuIds': 'gpu_ids',
+            'memoryIds': 'memory_ids',
+            'storageIds': 'storage_ids',
+            'topologyId': 'topology_id'
+        }
+    }
+
+    PATH = '/v1/tiles/{tileId}/rack/machines'
+
+    COLLECTION_NAME = 'machines'
+    COLUMNS = ['id', 'rack_id', 'position', 'topology_id']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    device_table_to_attribute = {
+        'cpus': 'cpu_ids',
+        'gpus': 'gpu_ids',
+        'memories': 'memory_ids',
+        'storages': 'storage_ids'
+    }
+
+    def _update_devices(self, before_insert):
+        """Update this Machine's devices in the database."""
+
+        for device_table in self.device_table_to_attribute.keys():
+
+            # First, delete current machine-device links
+
+            statement = 'DELETE FROM machine_{} WHERE machine_id = %s'.format(device_table)
+            database.execute(statement, (before_insert.id, ))
+
+            # Then, add current ones
+
+            for device_id in getattr(before_insert, before_insert.device_table_to_attribute[device_table]):
+                statement = 'INSERT INTO machine_{} (machine_id, {}) VALUES (%s, %s)'.format(
+                    device_table, before_insert.device_table_to_attribute[device_table][:-1])
+
+                database.execute(statement, (before_insert.id, device_id))
+
+    @classmethod
+    def from_tile_id_and_rack_position(cls, tile_id, position):
+        """Get a Rack from the ID of the tile its Rack is on, and its position in the Rack."""
+
+        try:
+            rack = Rack.from_tile_id(tile_id)
+        except:
+            return cls(id=-1)
+
+        try:
+            statement = 'SELECT id FROM machines WHERE rack_id = %s AND position = %s'
+            machine_id = database.fetch_one(statement, (rack.id, position))[0]
+        except:
+            return cls(id=-1)
+
+        return cls.from_primary_key((machine_id, ))
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Machine."""
+
+        # Get the Rack
+
+        try:
+            rack = Rack.from_primary_key((self.rack_id, ))
+        except exceptions.RowNotFoundError:
+            return False
+
+        # Check the Rack's Authorization
+
+        return rack.google_id_has_at_least(google_id, authorization_level)
+
+    def insert(self):
+        """Insert this Machine by also updating its devices."""
+
+        before_insert = copy.deepcopy(self)
+
+        super(Machine, self).insert()
+
+        before_insert.id = self.id
+        self._update_devices(before_insert)
+
+    def read(self):
+        """Read this Machine by also getting its CPU, GPU, Memory and Storage IDs."""
+
+        super(Machine, self).read()
+
+        for device_table in self.device_table_to_attribute.keys():
+
+            statement = 'SELECT * FROM machine_{} WHERE machine_id = %s'.format(device_table)
+            results = database.fetch_all(statement, (self.id, ))
+
+            device_ids = []
+
+            for row in results:
+                device_ids.append(row[2])
+
+            setattr(self, self.device_table_to_attribute[device_table], device_ids)
+
+        setattr(self, 'tags', [])
+
+    def update(self):
+        """Update this Machine by also updating its devices."""
+
+        before_update = copy.deepcopy(self)
+
+        super(Machine, self).update()
+
+        before_update.id = self.id
+        self._update_devices(before_update)
diff --git a/web-server/opendc/models_old/machine_state.py b/web-server/opendc/models_old/machine_state.py
new file mode 100644
index 00000000..0e9f7dad
--- /dev/null
+++ b/web-server/opendc/models_old/machine_state.py
@@ -0,0 +1,71 @@
+from opendc.models_old.model import Model
+from opendc.util import database
+
+
+class MachineState(Model):
+    JSON_TO_PYTHON_DICT = {
+        'MachineState': {
+            'machineId': 'machine_id',
+            'temperatureC': 'temperature_c',
+            'inUseMemoryMb': 'in_use_memory_mb',
+            'loadFraction': 'load_fraction',
+            'tick': 'tick'
+        }
+    }
+
+    COLLECTION_NAME = 'machine_states'
+    COLUMNS = ['id', 'machine_id', 'experiment_id', 'tick', 'temperature_c', 'in_use_memory_mb', 'load_fraction']
+
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    @classmethod
+    def _from_database_row(cls, row):
+        """Instantiate a MachineState from a database row (including tick from the TaskState)."""
+
+        return cls(machine_id=row[1], temperature_c=row[4], in_use_memory_mb=row[5], load_fraction=row[6], tick=row[3])
+
+    @classmethod
+    def from_experiment_id(cls, experiment_id):
+        """Query MachineStates by their Experiment id."""
+
+        machine_states = []
+
+        statement = 'SELECT * FROM machine_states WHERE experiment_id = %s'
+        results = database.fetch_all(statement, (experiment_id, ))
+
+        for row in results:
+            machine_states.append(cls._from_database_row(row))
+
+        return machine_states
+
+    @classmethod
+    def from_experiment_id_and_tick(cls, experiment_id, tick):
+        """Query MachineStates by their Experiment id and tick."""
+
+        machine_states = []
+
+        statement = 'SELECT * FROM machine_states WHERE experiment_id = %s AND machine_states.tick = %s'
+        results = database.fetch_all(statement, (experiment_id, tick))
+
+        for row in results:
+            machine_states.append(cls._from_database_row(row))
+
+        return machine_states
+
+    def read(self):
+        """Read this MachineState by also getting its tick."""
+
+        super(MachineState, self).read()
+
+        statement = 'SELECT tick FROM task_states WHERE id = %s'
+        result = database.fetch_one(statement, (self.task_state_id, ))
+
+        self.tick = result[0]
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this MachineState."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/memory.py b/web-server/opendc/models_old/memory.py
new file mode 100644
index 00000000..8edf8f5d
--- /dev/null
+++ b/web-server/opendc/models_old/memory.py
@@ -0,0 +1,34 @@
+from opendc.models_old.model import Model
+
+
+class Memory(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Memory': {
+            'id': 'id',
+            'manufacturer': 'manufacturer',
+            'family': 'family',
+            'generation': 'generation',
+            'model': 'model',
+            'speedMbPerS': 'speed_mb_per_s',
+            'sizeMb': 'size_mb',
+            'energyConsumptionW': 'energy_consumption_w',
+            'failureModelId': 'failure_model_id'
+        }
+    }
+
+    COLLECTION_NAME = 'memories'
+
+    COLUMNS = [
+        'id', 'manufacturer', 'family', 'generation', 'model', 'speed_mb_per_s', 'size_mb', 'energy_consumption_w',
+        'failure_model_id'
+    ]
+
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this Memory."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/model.py b/web-server/opendc/models_old/model.py
new file mode 100644
index 00000000..73eabd26
--- /dev/null
+++ b/web-server/opendc/models_old/model.py
@@ -0,0 +1,303 @@
+from opendc.util import database, exceptions
+
+
+class Model(object):
+    # MUST OVERRIDE IN DERIVED CLASS
+
+    JSON_TO_PYTHON_DICT = {'Model': {'jsonParameterName': 'python_parameter_name'}}
+
+    PATH = ''
+    PATH_PARAMETERS = {}
+
+    COLLECTION_NAME = ''
+    COLUMNS = []
+    COLUMNS_PRIMARY_KEY = []
+
+    # INITIALIZATION
+
+    def __init__(self, **kwargs):
+        """Initialize a model from its keyword arguments."""
+
+        for name, value in kwargs.items():
+            setattr(self, name, value)
+
+    def __repr__(self):
+        """Return a string representation of this object."""
+
+        identifiers = []
+
+        for attribute in self.COLUMNS_PRIMARY_KEY:
+            identifiers.append('{} = {}'.format(attribute, getattr(self, attribute)))
+
+        return '{} ({})'.format(self.COLLECTION_NAME[:-1].title().replace('_', ''), '; '.join(identifiers))
+
+    # JSON CONVERSION METHODS
+
+    @classmethod
+    def from_JSON(cls, json_object):
+        """Initialize a Model from its JSON object representation."""
+
+        parameters = {}
+        parameter_map = cls.JSON_TO_PYTHON_DICT.values()[0]
+
+        for json_name in parameter_map:
+
+            python_name = parameter_map[json_name]
+
+            if json_name in json_object:
+                parameters[python_name] = json_object.get(json_name)
+
+            else:
+                parameters[python_name] = None
+
+        return cls(**parameters)
+
+    def to_JSON(self):
+        """Return a JSON-serializable object representation of this Model."""
+
+        parameters = {}
+        parameter_map = self.JSON_TO_PYTHON_DICT.values()[0]
+
+        for json_name in parameter_map:
+
+            python_name = parameter_map[json_name]
+
+            if hasattr(self, python_name):
+                parameters[json_name] = getattr(self, python_name)
+
+            else:
+                parameters[json_name] = None
+
+        return parameters
+
+    # API CALL GENERATION
+
+    def generate_api_call(self, path_parameters, token):
+        """Return a message that can be executed by a Request to recreate this object."""
+
+        return {
+            'id': 0,
+            'path': self.PATH,
+            'method': 'POST',
+            'parameters': {
+                'body': {
+                    self.JSON_TO_PYTHON_DICT.keys()[0]: self.to_JSON()
+                },
+                'path': path_parameters,
+                'query': {}
+            },
+            'token': token
+        }
+
+    # SQL STATEMENT GENERATION METHODS
+
+    @classmethod
+    def _generate_insert_columns_string(cls):
+        """Generate a SQLite insertion columns string for this Model"""
+
+        return ', '.join(cls.COLUMNS)
+
+    @classmethod
+    def _generate_insert_placeholders_string(cls):
+        """Generate a SQLite insertion placeholders string for this Model."""
+
+        return ', '.join(['%s'] * len(cls.COLUMNS))
+
+    @classmethod
+    def _generate_primary_key_string(cls):
+        """Generate the SQLite primary key string for this Model."""
+
+        return ' AND '.join(['{} = %s'.format(x) for x in cls.COLUMNS_PRIMARY_KEY])
+
+    @classmethod
+    def _generate_update_columns_string(cls):
+        """Generate a SQLite updatable columns string for this Model."""
+
+        return ', '.join(['{} = %s'.format(x) for x in cls.COLUMNS if x not in cls.COLUMNS_PRIMARY_KEY])
+
+    # SQL TUPLE GENERATION METHODS
+
+    def _generate_insert_columns_tuple(self):
+        """Generate the tuple of insertion column values for this object."""
+
+        value_list = []
+
+        for column in self.COLUMNS:
+            value_list.append(getattr(self, column, None))
+
+        return tuple(value_list)
+
+    def _generate_primary_key_tuple(self):
+        """Generate the tuple of primary key values for this object."""
+
+        primary_key_list = []
+
+        for column in self.COLUMNS_PRIMARY_KEY:
+            primary_key_list.append(getattr(self, column, None))
+
+        return tuple(primary_key_list)
+
+    def _generate_update_columns_tuple(self):
+        """Generate the tuple of updatable column values for this object."""
+
+        value_list = []
+
+        for column in [x for x in self.COLUMNS if x not in self.COLUMNS_PRIMARY_KEY]:
+            value_list.append(getattr(self, column, None))
+
+        return tuple(value_list)
+
+    # DATABASE HELPER METHODS
+
+    @classmethod
+    def _from_database(cls, statement, values):
+        """Initialize a Model by fetching it from the database."""
+
+        parameters = {}
+        model_from_database = database.fetch_one(statement, values)
+
+        if model_from_database is None:
+            return None
+
+        for i in range(len(cls.COLUMNS)):
+            parameters[cls.COLUMNS[i]] = model_from_database[i]
+
+        return cls(**parameters)
+
+    # PUBLIC DATABASE INTERACTION METHODS
+
+    @classmethod
+    def from_primary_key(cls, primary_key_tuple):
+        """Initialize a Model by fetching it by its primary key tuple.
+        
+        If the primary key does not exist in the database, return a stub.
+        """
+
+        query = 'SELECT * FROM {} WHERE {}'.format(cls.COLLECTION_NAME, cls._generate_primary_key_string())
+
+        # Return an instantiation of the Model with values from the row if it exists
+
+        model = cls._from_database(query, primary_key_tuple)
+        if model is not None:
+            return model
+
+        # Return a stub instantiation of the Model with just the primary key if it does not
+
+        parameters = {}
+        for i, column in enumerate(cls.COLUMNS_PRIMARY_KEY):
+            parameters[column] = primary_key_tuple[i]
+
+        return cls(**parameters)
+
+    @classmethod
+    def query(cls, column_name=None, value=None):
+        """Return all instances of the Model in the database where column_name = value."""
+
+        if column_name is not None and value is not None:
+            statement = 'SELECT * FROM {} WHERE {} = %s'.format(cls.COLLECTION_NAME, column_name)
+            database_models = database.fetch_all(statement, (value, ))
+
+        else:
+            statement = 'SELECT * FROM {}'.format(cls.COLLECTION_NAME)
+            database_models = database.fetch_all(statement)
+
+        models = []
+
+        for database_model in database_models:
+
+            parameters = {}
+            for i, parameter in enumerate(cls.COLUMNS):
+                parameters[parameter] = database_model[i]
+
+            models.append(cls(**parameters))
+
+        return models
+
+    def delete(self):
+        """Delete this Model from the database."""
+
+        self.read()
+
+        statement = 'DELETE FROM {} WHERE {}'.format(self.COLLECTION_NAME, self._generate_primary_key_string())
+
+        values = self._generate_primary_key_tuple()
+
+        database.execute(statement, values)
+
+    def exists(self, column=None):
+        """Return True if this Model exists in the database.
+        
+        Check the primary key by default, or a column if one is specified.
+        """
+
+        query = """
+            SELECT EXISTS (
+                SELECT 1 FROM {}
+                WHERE {}
+                LIMIT 1
+            )
+        """
+
+        if column is None:
+            query = query.format(self.COLLECTION_NAME, self._generate_primary_key_string())
+            values = self._generate_primary_key_tuple()
+
+        else:
+            query = query.format(self.COLLECTION_NAME, '{} = %s'.format(column))
+            values = (getattr(self, column), )
+
+        return database.fetch_one(query, values)[0] == 1
+
+    def insert(self):
+        """Insert this Model into the database."""
+
+        if hasattr(self, 'id'):
+            self.id = None
+
+        self.insert_with_id()
+
+    def insert_with_id(self, is_auto_generated=True):
+        """Insert this Model into the database without removing its id."""
+
+        statement = 'INSERT INTO {} ({}) VALUES ({})'.format(self.COLLECTION_NAME,
+                                                             self._generate_insert_columns_string(),
+                                                             self._generate_insert_placeholders_string())
+
+        values = self._generate_insert_columns_tuple()
+
+        try:
+            last_row_id = database.execute(statement, values)
+        except Exception as e:
+            print(e)
+            raise exceptions.ForeignKeyError(e)
+
+        if 'id' in self.COLUMNS_PRIMARY_KEY:
+            if is_auto_generated:
+                setattr(self, 'id', last_row_id)
+            self.read()
+
+    def read(self):
+        """Read this Model's non-primary key attributes from the database."""
+
+        if not self.exists():
+            raise exceptions.RowNotFoundError(self.COLLECTION_NAME)
+
+        database_model = self.from_primary_key(self._generate_primary_key_tuple())
+
+        for attribute in self.COLUMNS:
+            setattr(self, attribute, getattr(database_model, attribute))
+
+        return self
+
+    def update(self):
+        """Update this Model's non-primary key attributes in the database."""
+
+        statement = 'UPDATE {} SET {} WHERE {}'.format(self.COLLECTION_NAME, self._generate_update_columns_string(),
+                                                       self._generate_primary_key_string())
+
+        values = self._generate_update_columns_tuple() + self._generate_primary_key_tuple()
+
+        try:
+            database.execute(statement, values)
+        except Exception as e:
+            raise exceptions.ForeignKeyError(e)
diff --git a/web-server/opendc/models_old/object.py b/web-server/opendc/models_old/object.py
new file mode 100644
index 00000000..8f2e308b
--- /dev/null
+++ b/web-server/opendc/models_old/object.py
@@ -0,0 +1,14 @@
+from opendc.models_old.model import Model
+
+
+class Object(Model):
+    JSON_TO_PYTHON_DICT = {'Object': {'id': 'id', 'type': 'type'}}
+
+    COLLECTION_NAME = 'objects'
+    COLUMNS = ['id', 'type']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Tile."""
+
+        return True
diff --git a/web-server/opendc/models_old/path.py b/web-server/opendc/models_old/path.py
new file mode 100644
index 00000000..4d07b2d5
--- /dev/null
+++ b/web-server/opendc/models_old/path.py
@@ -0,0 +1,35 @@
+from opendc.models_old.authorization import Authorization
+from opendc.models_old.model import Model
+from opendc.models_old.user import User
+from opendc.util import exceptions
+
+
+class Path(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Path': {
+            'id': 'id',
+            'simulationId': 'simulation_id',
+            'name': 'name',
+            'datetimeCreated': 'datetime_created'
+        }
+    }
+
+    COLLECTION_NAME = 'paths'
+    COLUMNS = ['id', 'simulation_id', 'name', 'datetime_created']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Path."""
+
+        # Get the User id
+
+        try:
+            user_id = User.from_google_id(google_id).read().id
+        except exceptions.RowNotFoundError:
+            return False
+
+        # Check the Authorization
+
+        authorization = Authorization.from_primary_key((user_id, self.simulation_id))
+
+        return authorization.has_at_least(authorization_level)
diff --git a/web-server/opendc/models_old/queued_experiment.py b/web-server/opendc/models_old/queued_experiment.py
new file mode 100644
index 00000000..b474dc31
--- /dev/null
+++ b/web-server/opendc/models_old/queued_experiment.py
@@ -0,0 +1,9 @@
+from opendc.models_old.model import Model
+
+
+class QueuedExperiment(Model):
+    JSON_TO_PYTHON_DICT = {'QueuedExperiment': {'experimentId': 'experiment_id'}}
+
+    COLLECTION_NAME = 'queued_experiments'
+    COLUMNS = ['experiment_id']
+    COLUMNS_PRIMARY_KEY = ['experiment_id']
diff --git a/web-server/opendc/models_old/rack.py b/web-server/opendc/models_old/rack.py
new file mode 100644
index 00000000..dc08eb6a
--- /dev/null
+++ b/web-server/opendc/models_old/rack.py
@@ -0,0 +1,61 @@
+from opendc.models_old.model import Model
+from opendc.models_old.object import Object
+from opendc.models_old.tile import Tile
+
+
+class Rack(Model):
+    JSON_TO_PYTHON_DICT = {
+        'rack': {
+            'id': 'id',
+            'name': 'name',
+            'capacity': 'capacity',
+            'powerCapacityW': 'power_capacity_w',
+            'topologyId': 'topology_id'
+        }
+    }
+
+    PATH = '/v1/tiles/{tileId}/rack'
+
+    COLLECTION_NAME = 'racks'
+    COLUMNS = ['id', 'name', 'capacity', 'power_capacity_w', 'topology_id']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    @classmethod
+    def from_tile_id(cls, tile_id):
+        """Get a Rack from the ID of the Tile it's on."""
+
+        tile = Tile.from_primary_key((tile_id, ))
+
+        if not tile.exists():
+            return Rack(id=-1)
+
+        return cls.from_primary_key((tile.object_id, ))
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Rack."""
+
+        # Get the Tile
+
+        try:
+            tile = Tile.query('object_id', self.id)[0]
+        except:
+            return False
+
+        # Check the Tile's Authorization
+
+        return tile.google_id_has_at_least(google_id, authorization_level)
+
+    def insert(self):
+        """Insert a Rack by first inserting an object."""
+
+        obj = Object(type='RACK')
+        obj.insert()
+
+        self.id = obj.id
+        self.insert_with_id(is_auto_generated=False)
+
+    def delete(self):
+        """Delete a Rack by deleting its associated object."""
+
+        obj = Object.from_primary_key((self.id, ))
+        obj.delete()
diff --git a/web-server/opendc/models_old/rack_state.py b/web-server/opendc/models_old/rack_state.py
new file mode 100644
index 00000000..12e0f931
--- /dev/null
+++ b/web-server/opendc/models_old/rack_state.py
@@ -0,0 +1,63 @@
+from opendc.models_old.model import Model
+from opendc.util import database
+
+
+class RackState(Model):
+    JSON_TO_PYTHON_DICT = {'RackState': {'rackId': 'rack_id', 'loadFraction': 'load_fraction', 'tick': 'tick'}}
+
+    @classmethod
+    def _from_database_row(cls, row):
+        """Instantiate a RackState from a database row."""
+
+        return cls(rack_id=row[0], load_fraction=row[1], tick=row[2])
+
+    @classmethod
+    def from_experiment_id(cls, experiment_id):
+        """Query RackStates by their Experiment id."""
+
+        rack_states = []
+
+        statement = '''
+            SELECT racks.id, avg(machine_states.load_fraction), machine_states.tick
+            FROM racks
+                JOIN machines ON racks.id = machines.rack_id
+                JOIN machine_states ON machines.id = machine_states.machine_id
+            WHERE machine_states.experiment_id = %s
+            GROUP BY machine_states.tick, racks.id
+        '''
+        results = database.fetch_all(statement, (experiment_id, ))
+
+        for row in results:
+            rack_states.append(cls._from_database_row(row))
+
+        return rack_states
+
+    @classmethod
+    def from_experiment_id_and_tick(cls, experiment_id, tick):
+        """Query RackStates by their Experiment id."""
+
+        rack_states = []
+
+        statement = '''
+            SELECT racks.id, avg(machine_states.load_fraction), machine_states.tick
+            FROM racks
+                JOIN machines ON racks.id = machines.rack_id
+                JOIN machine_states ON machines.id = machine_states.machine_id
+            WHERE machine_states.experiment_id = %s
+                AND machine_states.tick = %s
+            GROUP BY machine_states.tick, racks.id
+        '''
+        results = database.fetch_all(statement, (experiment_id, tick))
+
+        for row in results:
+            rack_states.append(cls._from_database_row(row))
+
+        return rack_states
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this RackState."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/room.py b/web-server/opendc/models_old/room.py
new file mode 100644
index 00000000..e0eb7c2f
--- /dev/null
+++ b/web-server/opendc/models_old/room.py
@@ -0,0 +1,35 @@
+from opendc.models_old.datacenter import Datacenter
+from opendc.models_old.model import Model
+from opendc.util import exceptions
+
+
+class Room(Model):
+    JSON_TO_PYTHON_DICT = {
+        'room': {
+            'id': 'id',
+            'datacenterId': 'datacenter_id',
+            'name': 'name',
+            'roomType': 'type',
+            'topologyId': 'topology_id'
+        }
+    }
+
+    PATH = '/v1/datacenters/{datacenterId}/rooms'
+
+    COLLECTION_NAME = 'rooms'
+    COLUMNS = ['id', 'name', 'datacenter_id', 'type', 'topology_id']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Room."""
+
+        # Get the Datacenter
+
+        try:
+            datacenter = Datacenter.from_primary_key((self.datacenter_id, ))
+        except exceptions.RowNotFoundError:
+            return False
+
+        # Check the Datacenter's Authorization
+
+        return datacenter.google_id_has_at_least(google_id, authorization_level)
diff --git a/web-server/opendc/models_old/room_state.py b/web-server/opendc/models_old/room_state.py
new file mode 100644
index 00000000..c6635649
--- /dev/null
+++ b/web-server/opendc/models_old/room_state.py
@@ -0,0 +1,71 @@
+from opendc.models_old.model import Model
+from opendc.util import database
+
+
+class RoomState(Model):
+    JSON_TO_PYTHON_DICT = {'RoomState': {'roomId': 'room_id', 'loadFraction': 'load_fraction', 'tick': 'tick'}}
+
+    @classmethod
+    def _from_database_row(cls, row):
+        """Instantiate a RoomState from a database row."""
+
+        return cls(room_id=row[0], load_fraction=row[1], tick=row[2])
+
+    @classmethod
+    def from_experiment_id(cls, experiment_id):
+        """Query RoomStates by their Experiment id."""
+
+        room_states = []
+
+        statement = '''
+            SELECT rooms.id, avg(machine_states.load_fraction), machine_states.tick
+            FROM rooms
+                JOIN tiles ON rooms.id = tiles.room_id
+                JOIN objects ON tiles.object_id = objects.id
+                JOIN racks ON objects.id = racks.id
+                JOIN machines ON racks.id = machines.rack_id
+                JOIN machine_states ON machines.id = machine_states.machine_id
+            WHERE objects.type = "RACK"
+                AND machine_states.experiment_id = %s
+            GROUP BY machine_states.tick, rooms.id
+        '''
+        results = database.fetch_all(statement, (experiment_id, ))
+
+        for row in results:
+            room_states.append(cls._from_database_row(row))
+
+        return room_states
+
+    @classmethod
+    def from_experiment_id_and_tick(cls, experiment_id, tick):
+        """Query RoomStates by their Experiment id."""
+
+        room_states = []
+
+        statement = '''
+            SELECT rooms.id, avg(machine_states.load_fraction), machine_states.tick
+            FROM rooms
+                JOIN tiles ON rooms.id = tiles.room_id
+                JOIN objects ON tiles.object_id = objects.id
+                JOIN racks ON objects.id = racks.id
+                JOIN machines ON racks.id = machines.rack_id
+                JOIN machine_states ON machines.id = machine_states.machine_id
+            WHERE objects.type = "RACK"
+                AND machine_states.experiment_id = %s
+                AND machine_states.tick = %s
+            GROUP BY rooms.id
+        '''
+        results = database.fetch_all(statement, (experiment_id, tick))
+
+        for row in results:
+            room_states.append(cls._from_database_row(row))
+
+        return room_states
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this RackState."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/room_type.py b/web-server/opendc/models_old/room_type.py
new file mode 100644
index 00000000..755572f8
--- /dev/null
+++ b/web-server/opendc/models_old/room_type.py
@@ -0,0 +1,17 @@
+from opendc.models_old.model import Model
+
+
+class RoomType(Model):
+    JSON_TO_PYTHON_DICT = {'RoomType': {'name': 'name'}}
+
+    COLLECTION_NAME = 'room_types'
+    COLUMNS = ['name']
+    COLUMNS_PRIMARY_KEY = ['name']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this RoomType."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/scheduler.py b/web-server/opendc/models_old/scheduler.py
new file mode 100644
index 00000000..b9939321
--- /dev/null
+++ b/web-server/opendc/models_old/scheduler.py
@@ -0,0 +1,14 @@
+from opendc.models_old.model import Model
+
+
+class Scheduler(Model):
+    JSON_TO_PYTHON_DICT = {'Scheduler': {'name': 'name'}}
+
+    COLLECTION_NAME = 'schedulers'
+    COLUMNS = ['name']
+    COLUMNS_PRIMARY_KEY = ['name']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Scheduler."""
+
+        return authorization_level not in ['EDIT', 'OWN']
diff --git a/web-server/opendc/models_old/section.py b/web-server/opendc/models_old/section.py
new file mode 100644
index 00000000..0df4967c
--- /dev/null
+++ b/web-server/opendc/models_old/section.py
@@ -0,0 +1,32 @@
+from opendc.models_old.model import Model
+from opendc.models_old.path import Path
+from opendc.util import exceptions
+
+
+class Section(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Section': {
+            'id': 'id',
+            'pathId': 'path_id',
+            'datacenterId': 'datacenter_id',
+            'startTick': 'start_tick'
+        }
+    }
+
+    COLLECTION_NAME = 'sections'
+    COLUMNS = ['id', 'path_id', 'datacenter_id', 'start_tick']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Section."""
+
+        # Get the Path
+
+        try:
+            path = Path.from_primary_key((self.path_id, ))
+        except exceptions.RowNotFoundError:
+            return False
+
+        # Check the Path's Authorization
+
+        return path.google_id_has_at_least(google_id, authorization_level)
diff --git a/web-server/opendc/models_old/simulation.py b/web-server/opendc/models_old/simulation.py
new file mode 100644
index 00000000..9c1820a3
--- /dev/null
+++ b/web-server/opendc/models_old/simulation.py
@@ -0,0 +1,39 @@
+from opendc.models_old.authorization import Authorization
+from opendc.models_old.model import Model
+from opendc.models_old.user import User
+from opendc.util import exceptions
+
+
+class Simulation(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Simulation': {
+            'id': 'id',
+            'name': 'name',
+            'datetimeCreated': 'datetime_created',
+            'datetimeLastEdited': 'datetime_last_edited'
+        }
+    }
+
+    COLLECTION_NAME = 'simulations'
+    COLUMNS = ['id', 'datetime_created', 'datetime_last_edited', 'name']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Simulation."""
+
+        # Get the User id
+
+        try:
+            user_id = User.from_google_id(google_id).read().id
+        except exceptions.RowNotFoundError:
+            return False
+
+        # Get the Simulation id
+
+        simulation_id = self.id
+
+        # Check the Authorization
+
+        authorization = Authorization.from_primary_key((user_id, simulation_id))
+
+        return authorization.has_at_least(authorization_level)
diff --git a/web-server/opendc/models_old/storage.py b/web-server/opendc/models_old/storage.py
new file mode 100644
index 00000000..9f0f9215
--- /dev/null
+++ b/web-server/opendc/models_old/storage.py
@@ -0,0 +1,34 @@
+from opendc.models_old.model import Model
+
+
+class Storage(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Storage': {
+            'id': 'id',
+            'manufacturer': 'manufacturer',
+            'family': 'family',
+            'generation': 'generation',
+            'model': 'model',
+            'speedMbPerS': 'speed_mb_per_s',
+            'sizeMb': 'size_mb',
+            'energyConsumptionW': 'energy_consumption_w',
+            'failureModelId': 'failure_model_id'
+        }
+    }
+
+    COLLECTION_NAME = 'storages'
+
+    COLUMNS = [
+        'id', 'manufacturer', 'family', 'generation', 'model', 'speed_mb_per_s', 'size_mb', 'energy_consumption_w',
+        'failure_model_id'
+    ]
+
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this Storage."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/task.py b/web-server/opendc/models_old/task.py
new file mode 100644
index 00000000..e6f99014
--- /dev/null
+++ b/web-server/opendc/models_old/task.py
@@ -0,0 +1,22 @@
+from opendc.models_old.model import Model
+
+
+class Task(Model):
+    JSON_TO_PYTHON_DICT = {
+        'Task': {
+            'id': 'id',
+            'startTick': 'start_tick',
+            'totalFlopCount': 'total_flop_count',
+            'coreCount': 'core_count',
+            'jobId': 'job_id',
+        }
+    }
+
+    COLLECTION_NAME = 'tasks'
+    COLUMNS = ['id', 'start_tick', 'total_flop_count', 'job_id', 'core_count']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Task."""
+
+        return authorization_level not in ['EDIT', 'OWN']
diff --git a/web-server/opendc/models_old/task_duration.py b/web-server/opendc/models_old/task_duration.py
new file mode 100644
index 00000000..5058e8de
--- /dev/null
+++ b/web-server/opendc/models_old/task_duration.py
@@ -0,0 +1,39 @@
+from opendc.models_old.model import Model
+from opendc.util import database
+
+
+class TaskDuration(Model):
+    JSON_TO_PYTHON_DICT = {'TaskDuration': {'taskId': 'task_id', 'duration': 'duration'}}
+
+    @classmethod
+    def _from_database_row(cls, row):
+        """Instantiate a RoomState from a database row."""
+
+        return cls(task_id=row[0], duration=row[1])
+
+    @classmethod
+    def from_experiment_id(cls, experiment_id):
+        """Query RoomStates by their Experiment id."""
+
+        room_states = []
+
+        statement = '''
+            SELECT task_id, MAX(tick) - MIN(tick) as duration FROM task_states
+            WHERE experiment_id = %s
+            GROUP BY task_id
+        '''
+
+        results = database.fetch_all(statement, (experiment_id, ))
+
+        for row in results:
+            room_states.append(cls._from_database_row(row))
+
+        return room_states
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this TaskDuration."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/task_state.py b/web-server/opendc/models_old/task_state.py
new file mode 100644
index 00000000..cc3fdd89
--- /dev/null
+++ b/web-server/opendc/models_old/task_state.py
@@ -0,0 +1,42 @@
+from opendc.models_old.model import Model
+from opendc.util import database
+
+
+class TaskState(Model):
+    JSON_TO_PYTHON_DICT = {
+        'TaskState': {
+            'id': 'id',
+            'taskId': 'task_id',
+            'experimentId': 'experiment_id',
+            'tick': 'tick',
+            'flopsLeft': 'flops_left',
+            'coresUsed': 'cores_used'
+        }
+    }
+
+    COLLECTION_NAME = 'task_states'
+
+    COLUMNS = ['id', 'task_id', 'experiment_id', 'tick', 'flops_left', 'cores_used']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    @classmethod
+    def from_experiment_id_and_tick(cls, experiment_id, tick):
+        """Query Task States by their Experiment id and tick."""
+
+        task_states = []
+
+        statement = 'SELECT * FROM task_states WHERE experiment_id = %s AND tick = %s'
+        results = database.fetch_all(statement, (experiment_id, tick))
+
+        for row in results:
+            task_states.append(cls(id=row[0], task_id=row[1], experiment_id=row[2], tick=row[3], flops_left=row[4]))
+
+        return task_states
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this TaskState."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return False
+
+        return True
diff --git a/web-server/opendc/models_old/tile.py b/web-server/opendc/models_old/tile.py
new file mode 100644
index 00000000..e46b29a6
--- /dev/null
+++ b/web-server/opendc/models_old/tile.py
@@ -0,0 +1,47 @@
+from opendc.models_old.model import Model
+from opendc.models_old.object import Object
+from opendc.models_old.room import Room
+from opendc.util import exceptions
+
+
+class Tile(Model):
+    JSON_TO_PYTHON_DICT = {
+        'tile': {
+            'id': 'id',
+            'roomId': 'room_id',
+            'objectId': 'object_id',
+            'objectType': 'object_type',
+            'positionX': 'position_x',
+            'positionY': 'position_y',
+            'topologyId': 'topology_id'
+        }
+    }
+
+    PATH = '/v1/rooms/{roomId}/tiles'
+
+    COLLECTION_NAME = 'tiles'
+    COLUMNS = ['id', 'position_x', 'position_y', 'room_id', 'object_id', 'topology_id']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Tile."""
+
+        # Get the Room
+
+        try:
+            room = Room.from_primary_key((self.room_id, ))
+        except exceptions.RowNotFoundError:
+            return False
+
+        # Check the Room's Authorization
+
+        return room.google_id_has_at_least(google_id, authorization_level)
+
+    def read(self):
+        """Read this Tile by also getting its associated object type."""
+
+        super(Tile, self).read()
+
+        if self.object_id is not None:
+            obj = Object.from_primary_key((self.object_id, ))
+            self.object_type = obj.type
diff --git a/web-server/opendc/models_old/trace.py b/web-server/opendc/models_old/trace.py
new file mode 100644
index 00000000..58abe058
--- /dev/null
+++ b/web-server/opendc/models_old/trace.py
@@ -0,0 +1,14 @@
+from opendc.models_old.model import Model
+
+
+class Trace(Model):
+    JSON_TO_PYTHON_DICT = {'Trace': {'id': 'id', 'name': 'name'}}
+
+    COLLECTION_NAME = 'traces'
+    COLUMNS = ['id', 'name']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the user has at least the given auth level over this Trace."""
+
+        return authorization_level not in ['EDIT', 'OWN']
diff --git a/web-server/opendc/models_old/user.py b/web-server/opendc/models_old/user.py
new file mode 100644
index 00000000..657d5019
--- /dev/null
+++ b/web-server/opendc/models_old/user.py
@@ -0,0 +1,47 @@
+from opendc.models_old.model import Model
+
+
+class User(Model):
+    JSON_TO_PYTHON_DICT = {
+        'User': {
+            'id': 'id',
+            'googleId': 'google_id',
+            'email': 'email',
+            'givenName': 'given_name',
+            'familyName': 'family_name'
+        }
+    }
+
+    COLLECTION_NAME = 'users'
+    COLUMNS = ['id', 'google_id', 'email', 'given_name', 'family_name']
+    COLUMNS_PRIMARY_KEY = ['id']
+
+    @classmethod
+    def from_google_id(cls, google_id):
+        """Initialize a User by fetching them by their google id."""
+
+        user = cls._from_database('SELECT * FROM users WHERE google_id = %s', (google_id, ))
+
+        if user is not None:
+            return user
+
+        return User()
+
+    @classmethod
+    def from_email(cls, email):
+        """Initialize a User by fetching them by their email."""
+
+        user = cls._from_database('SELECT * FROM users WHERE email = %s', (email, ))
+
+        if user is not None:
+            return user
+
+        return User()
+
+    def google_id_has_at_least(self, google_id, authorization_level):
+        """Return True if the User has at least the given auth level over this User."""
+
+        if authorization_level in ['EDIT', 'OWN']:
+            return google_id == self.google_id
+
+        return True
diff --git a/web-server/opendc/util/__init__.py b/web-server/opendc/util/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/web-server/opendc/util/__init__.py
diff --git a/web-server/opendc/util/database.py b/web-server/opendc/util/database.py
new file mode 100644
index 00000000..50bc93a8
--- /dev/null
+++ b/web-server/opendc/util/database.py
@@ -0,0 +1,93 @@
+import json
+import urllib.parse
+from datetime import datetime
+
+from bson.json_util import dumps
+from pymongo import MongoClient
+
+DATETIME_STRING_FORMAT = '%Y-%m-%dT%H:%M:%S'
+CONNECTION_POOL = None
+
+
+class Database:
+    def __init__(self):
+        self.opendc_db = None
+
+    def init_database(self, user, password, database, host):
+        user = urllib.parse.quote_plus(user)  # TODO: replace this with environment variable
+        password = urllib.parse.quote_plus(password)  # TODO: same as above
+        database = urllib.parse.quote_plus(database)
+        host = urllib.parse.quote_plus(host)
+
+        client = MongoClient('mongodb://%s:%s@%s/default_db?authSource=%s' % (user, password, host, database))
+        self.opendc_db = client.opendc
+
+    def fetch_one(self, query, collection):
+        """Uses existing mongo connection to return a single (the first) document in a collection matching the given
+        query as a JSON object.
+
+        The query needs to be in json format, i.e.: `{'name': prefab_name}`.
+        """
+        bson = getattr(self.opendc_db, collection).find_one(query)
+
+        return self.convert_bson_to_json(bson)
+
+    def fetch_all(self, query, collection):
+        """Uses existing mongo connection to return all documents matching a given query, as a list of JSON objects.
+
+        The query needs to be in json format, i.e.: `{'name': prefab_name}`.
+        """
+        results = []
+        cursor = getattr(self.opendc_db, collection).find(query)
+        for doc in cursor:
+            results.append(self.convert_bson_to_json(doc))
+        return results
+
+    def insert(self, obj, collection):
+        """Updates an existing object."""
+        bson = getattr(self.opendc_db, collection).insert(obj)
+
+        return self.convert_bson_to_json(bson)
+
+    def update(self, _id, obj, collection):
+        """Updates an existing object."""
+        bson = getattr(self.opendc_db, collection).update({'_id': _id}, obj)
+
+        return self.convert_bson_to_json(bson)
+
+    def delete_one(self, query, collection):
+        """Deletes one object matching the given query.
+
+        The query needs to be in json format, i.e.: `{'name': prefab_name}`.
+        """
+        bson = getattr(self.opendc_db, collection).delete_one(query)
+
+        return self.convert_bson_to_json(bson)
+
+    def delete_all(self, query, collection):
+        """Deletes all objects matching the given query.
+
+        The query needs to be in json format, i.e.: `{'name': prefab_name}`.
+        """
+        bson = getattr(self.opendc_db, collection).delete_many(query)
+
+        return self.convert_bson_to_json(bson)
+
+    @staticmethod
+    def convert_bson_to_json(bson):
+        """Converts a BSON representation to JSON and returns the JSON representation."""
+        json_string = dumps(bson)
+        return json.loads(json_string)
+
+    @staticmethod
+    def datetime_to_string(datetime_to_convert):
+        """Return a database-compatible string representation of the given datetime object."""
+        return datetime_to_convert.strftime(DATETIME_STRING_FORMAT)
+
+    @staticmethod
+    def string_to_datetime(string_to_convert):
+        """Return a datetime corresponding to the given string representation."""
+        return datetime.strptime(string_to_convert, DATETIME_STRING_FORMAT)
+
+
+DB = Database()
diff --git a/web-server/opendc/util/exceptions.py b/web-server/opendc/util/exceptions.py
new file mode 100644
index 00000000..2563c419
--- /dev/null
+++ b/web-server/opendc/util/exceptions.py
@@ -0,0 +1,65 @@
+class RequestInitializationError(Exception):
+    """Raised when a Request cannot successfully be initialized"""
+
+
+class UnimplementedEndpointError(RequestInitializationError):
+    """Raised when a Request path does not point to a module."""
+
+
+class MissingRequestParameterError(RequestInitializationError):
+    """Raised when a Request does not contain one or more required parameters."""
+
+
+class UnsupportedMethodError(RequestInitializationError):
+    """Raised when a Request does not use a supported REST method.
+    
+    The method must be in all-caps, supported by REST, and implemented by the module.
+    """
+
+
+class AuthorizationTokenError(RequestInitializationError):
+    """Raised when an authorization token is not correctly verified."""
+
+
+class ForeignKeyError(Exception):
+    """Raised when a foreign key constraint is not met."""
+
+
+class RowNotFoundError(Exception):
+    """Raised when a database row is not found."""
+    def __init__(self, table_name):
+        super(RowNotFoundError, self).__init__('Row in `{}` table not found.'.format(table_name))
+
+        self.table_name = table_name
+
+
+class ParameterError(Exception):
+    """Raised when a parameter is either missing or incorrectly typed."""
+
+
+class IncorrectParameterError(ParameterError):
+    """Raised when a parameter is of the wrong type."""
+    def __init__(self, parameter_name, parameter_location):
+        super(IncorrectParameterError,
+              self).__init__('Incorrectly typed `{}` {} parameter.'.format(parameter_name, parameter_location))
+
+        self.parameter_name = parameter_name
+        self.parameter_location = parameter_location
+
+
+class MissingParameterError(ParameterError):
+    """Raised when a parameter is missing."""
+    def __init__(self, parameter_name, parameter_location):
+        super(MissingParameterError,
+              self).__init__('Missing required `{}` {} parameter.'.format(parameter_name, parameter_location))
+
+        self.parameter_name = parameter_name
+        self.parameter_location = parameter_location
+
+
+class ClientError(Exception):
+    """Raised when a 4xx response is to be returned."""
+
+    def __init__(self, response):
+        super(ClientError, self).__init__(str(response))
+        self.response = response
diff --git a/web-server/opendc/util/parameter_checker.py b/web-server/opendc/util/parameter_checker.py
new file mode 100644
index 00000000..f55e780e
--- /dev/null
+++ b/web-server/opendc/util/parameter_checker.py
@@ -0,0 +1,78 @@
+from opendc.util import database, exceptions
+
+
+def _missing_parameter(params_required, params_actual, parent=''):
+    """Recursively search for the first missing parameter."""
+
+    for param_name in params_required:
+
+        if param_name not in params_actual:
+            return '{}.{}'.format(parent, param_name)
+
+        param_required = params_required.get(param_name)
+        param_actual = params_actual.get(param_name)
+
+        if isinstance(param_required, dict):
+
+            param_missing = _missing_parameter(param_required, param_actual, param_name)
+
+            if param_missing is not None:
+                return '{}.{}'.format(parent, param_missing)
+
+    return None
+
+
+def _incorrect_parameter(params_required, params_actual, parent=''):
+    """Recursively make sure each parameter is of the correct type."""
+
+    for param_name in params_required:
+
+        param_required = params_required.get(param_name)
+        param_actual = params_actual.get(param_name)
+
+        if isinstance(param_required, dict):
+
+            param_incorrect = _incorrect_parameter(param_required, param_actual, param_name)
+
+            if param_incorrect is not None:
+                return '{}.{}'.format(parent, param_incorrect)
+
+        else:
+
+            if param_required == 'datetime':
+                try:
+                    database.string_to_datetime(param_actual)
+                except:
+                    return '{}.{}'.format(parent, param_name)
+
+            if param_required == 'int' and not isinstance(param_actual, int):
+                return '{}.{}'.format(parent, param_name)
+
+            if param_required == 'string' and not isinstance(param_actual, str) and not isinstance(param_actual, int):
+                return '{}.{}'.format(parent, param_name)
+
+            if param_required.startswith('list') and not isinstance(param_actual, list):
+                return '{}.{}'.format(parent, param_name)
+
+
+def _format_parameter(parameter):
+    """Format the output of a parameter check."""
+
+    parts = parameter.split('.')
+    inner = ['["{}"]'.format(x) for x in parts[2:]]
+    return parts[1] + ''.join(inner)
+
+
+def check(request, **kwargs):
+    """Return True if all required parameters are there."""
+
+    for location, params_required in kwargs.items():
+        params_actual = getattr(request, 'params_{}'.format(location))
+
+        missing_parameter = _missing_parameter(params_required, params_actual)
+        if missing_parameter is not None:
+            raise exceptions.MissingParameterError(_format_parameter(missing_parameter), location)
+
+        incorrect_parameter = _incorrect_parameter(params_required, params_actual)
+        if incorrect_parameter is not None:
+            raise exceptions.IncorrectParameterError(_format_parameter(incorrect_parameter), location)
diff --git a/web-server/opendc/util/path_parser.py b/web-server/opendc/util/path_parser.py
new file mode 100644
index 00000000..a8bbdeba
--- /dev/null
+++ b/web-server/opendc/util/path_parser.py
@@ -0,0 +1,39 @@
+import json
+import os
+
+
+def parse(version, endpoint_path):
+    """Map an HTTP endpoint path to an API path"""
+
+    # Get possible paths
+    with open(os.path.join(os.path.dirname(__file__), '..', 'api', '{}', 'paths.json').format(version)) as paths_file:
+        paths = json.load(paths_file)
+
+    # Find API path that matches endpoint_path
+    endpoint_path_parts = endpoint_path.strip('/').split('/')
+    paths_parts = [x.strip('/').split('/') for x in paths if len(x.strip('/').split('/')) == len(endpoint_path_parts)]
+    path = None
+
+    for path_parts in paths_parts:
+        found = True
+        for (endpoint_part, part) in zip(endpoint_path_parts, path_parts):
+            if not part.startswith('{') and endpoint_part != part:
+                found = False
+                break
+        if found:
+            path = path_parts
+
+    if path is None:
+        return None
+
+    # Extract path parameters
+    parameters = {}
+
+    for (name, value) in zip(path, endpoint_path_parts):
+        if name.startswith('{'):
+            try:
+                parameters[name.strip('{}')] = int(value)
+            except:
+                parameters[name.strip('{}')] = value
+
+    return '{}/{}'.format(version, '/'.join(path)), parameters
diff --git a/web-server/opendc/util/rest.py b/web-server/opendc/util/rest.py
new file mode 100644
index 00000000..dc5478de
--- /dev/null
+++ b/web-server/opendc/util/rest.py
@@ -0,0 +1,141 @@
+import importlib
+import json
+import os
+import sys
+
+from oauth2client import client, crypt
+
+from opendc.util import exceptions, parameter_checker
+from opendc.util.exceptions import ClientError
+
+
+class Request(object):
+    """WebSocket message to REST request mapping."""
+    def __init__(self, message=None):
+        """"Initialize a Request from a socket message."""
+
+        # Get the Request parameters from the message
+
+        if message is None:
+            return
+
+        try:
+            self.message = message
+
+            self.id = message['id']
+
+            self.path = message['path']
+            self.method = message['method']
+
+            self.params_body = message['parameters']['body']
+            self.params_path = message['parameters']['path']
+            self.params_query = message['parameters']['query']
+
+            self.token = message['token']
+
+        except KeyError as exception:
+            raise exceptions.MissingRequestParameterError(exception)
+
+        # Parse the path and import the appropriate module
+
+        try:
+            self.path = message['path'].strip('/')
+
+            module_base = 'opendc.api.{}.endpoint'
+            module_path = self.path.replace('{', '').replace('}', '').replace('/', '.')
+
+            self.module = importlib.import_module(module_base.format(module_path))
+        except ImportError as e:
+            print(e)
+            raise exceptions.UnimplementedEndpointError('Unimplemented endpoint: {}.'.format(self.path))
+
+        # Check the method
+
+        if self.method not in ['POST', 'GET', 'PUT', 'PATCH', 'DELETE']:
+            raise exceptions.UnsupportedMethodError('Non-rest method: {}'.format(self.method))
+
+        if not hasattr(self.module, self.method):
+            raise exceptions.UnsupportedMethodError('Unimplemented method at endpoint {}: {}'.format(
+                self.path, self.method))
+
+        # Verify the user
+
+        if "OPENDC_FLASK_TESTING" in os.environ:
+            self.google_id = 'test'
+            return
+
+        try:
+            self.google_id = self._verify_token(self.token)
+        except crypt.AppIdentityError as e:
+            raise exceptions.AuthorizationTokenError(e)
+
+    def check_required_parameters(self, **kwargs):
+        """Raise an error if a parameter is missing or of the wrong type."""
+
+        try:
+            parameter_checker.check(self, **kwargs)
+        except exceptions.ParameterError as e:
+            raise ClientError(Response(400, str(e)))
+
+    def process(self):
+        """Process the Request and return a Response."""
+
+        method = getattr(self.module, self.method)
+
+        try:
+            response = method(self)
+        except ClientError as e:
+            e.response.id = self.id
+            return e.response
+
+        response.id = self.id
+
+        return response
+
+    def to_JSON(self):
+        """Return a JSON representation of this Request"""
+
+        self.message['id'] = 0
+        self.message['token'] = None
+
+        return json.dumps(self.message)
+
+    @staticmethod
+    def _verify_token(token):
+        """Return the ID of the signed-in user.
+
+        Or throw an Exception if the token is invalid.
+        """
+
+        try:
+            id_info = client.verify_id_token(token, os.environ['OPENDC_OAUTH_CLIENT_ID'])
+        except Exception as e:
+            print(e)
+            raise crypt.AppIdentityError('Exception caught trying to verify ID token: {}'.format(e))
+
+        if id_info['aud'] != os.environ['OPENDC_OAUTH_CLIENT_ID']:
+            raise crypt.AppIdentityError('Unrecognized client.')
+
+        if id_info['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
+            raise crypt.AppIdentityError('Wrong issuer.')
+
+        return id_info['sub']
+
+
+class Response(object):
+    """Response to websocket mapping"""
+    def __init__(self, status_code, status_description, content=None):
+        """Initialize a new Response."""
+
+        self.status = {'code': status_code, 'description': status_description}
+        self.content = content
+
+    def to_JSON(self):
+        """"Return a JSON representation of this Response"""
+
+        data = {'id': self.id, 'status': self.status}
+
+        if self.content is not None:
+            data['content'] = self.content
+
+        return json.dumps(data)
diff --git a/web-server/pytest.ini b/web-server/pytest.ini
new file mode 100644
index 00000000..775a8ff4
--- /dev/null
+++ b/web-server/pytest.ini
@@ -0,0 +1,5 @@
+[pytest]
+env =
+    OPENDC_FLASK_TESTING=True
+    OPENDC_FLASK_SECRET=Secret
+    OPENDC_SERVER_BASE_URL=localhost
diff --git a/web-server/requirements.txt b/web-server/requirements.txt
new file mode 100644
index 00000000..b95d3145
--- /dev/null
+++ b/web-server/requirements.txt
@@ -0,0 +1,14 @@
+flask==1.0.2
+flask-socketio==3.0.2
+oauth2client==4.1.3
+eventlet==0.24.1
+flask-compress==1.4.0
+flask-cors==3.0.8
+pyasn1-modules==0.2.2
+six==1.15.0
+pymongo==3.10.1
+yapf==0.30.0
+pytest==5.4.3
+pytest-mock==3.1.1
+pytest-env==0.6.2
+pylint==2.5.3
diff --git a/web-server/static/index.html b/web-server/static/index.html
new file mode 100644
index 00000000..ac78cbfb
--- /dev/null
+++ b/web-server/static/index.html
@@ -0,0 +1,22 @@
+<script src="https://apis.google.com/js/platform.js" async defer></script>
+<meta name="google-signin-client_id" content="561588943542-fq7065hk47qdf3lfsc50ebll4spi6u76.apps.googleusercontent.com">
+<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/socket.io/1.3.6/socket.io.min.js"></script>
+<script>
+    function onSignIn(googleUser) {
+        document.getElementById('token').innerText = googleUser.getAuthResponse().id_token;
+    }
+</script>
+<script>
+    function signOut() {
+        var auth2 = gapi.auth2.getAuthInstance();
+        auth2.signOut().then(function () {
+            console.log('User signed out.');
+        });
+    }
+</script>
+
+<div class="g-signin2" data-onsuccess="onSignIn"></div>
+<a href="#" onclick="signOut();">Sign out</a>
+
+<p>Your auth token:</p>
+<p id="token" style="word-wrap:break-word;">Loading...</p>
\ No newline at end of file