diff --git a/week-3/.editorconfig b/week-3/.editorconfig
new file mode 100644
index 0000000..6cee539
--- /dev/null
+++ b/week-3/.editorconfig
@@ -0,0 +1,10 @@
+# editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
diff --git a/week-3/.gitattributes b/week-3/.gitattributes
new file mode 100644
index 0000000..c664a90
--- /dev/null
+++ b/week-3/.gitattributes
@@ -0,0 +1,194 @@
+## GITATTRIBUTES FOR WEB PROJECTS
+#
+# These settings are for any web project.
+#
+# Details per file setting:
+# text These files should be normalized (i.e. convert CRLF to LF).
+# binary These files are binary and should be left untouched.
+#
+# Note that binary is a macro for -text -diff.
+######################################################################
+
+## AUTO-DETECT
+## Handle line endings automatically for files detected as
+## text and leave all files detected as binary untouched.
+## This will handle all files NOT defined below.
+* text=auto
+
+## SOURCE CODE
+*.bat text eol=crlf
+*.coffee text
+*.css text
+*.htm text
+*.html text
+*.inc text
+*.ini text
+*.js text
+*.json text
+*.jsx text
+*.less text
+*.od text
+*.onlydata text
+*.php text
+*.pl text
+*.py text
+*.rb text
+*.sass text
+*.scm text
+*.scss text
+*.sh text eol=lf
+*.sql text
+*.styl text
+*.tag text
+*.ts text
+*.tsx text
+*.xml text
+*.xhtml text
+
+## DOCKER
+*.dockerignore text
+Dockerfile text
+
+## DOCUMENTATION
+*.markdown text
+*.md text
+*.mdwn text
+*.mdown text
+*.mkd text
+*.mkdn text
+*.mdtxt text
+*.mdtext text
+*.txt text
+AUTHORS text
+CHANGELOG text
+CHANGES text
+CONTRIBUTING text
+COPYING text
+copyright text
+*COPYRIGHT* text
+INSTALL text
+license text
+LICENSE text
+NEWS text
+readme text
+*README* text
+TODO text
+
+## TEMPLATES
+*.dot text
+*.ejs text
+*.haml text
+*.handlebars text
+*.hbs text
+*.hbt text
+*.jade text
+*.latte text
+*.mustache text
+*.njk text
+*.phtml text
+*.tmpl text
+*.tpl text
+*.twig text
+
+## LINTERS
+.babelrc text
+.csslintrc text
+.eslintrc text
+.htmlhintrc text
+.jscsrc text
+.jshintrc text
+.jshintignore text
+.prettierrc text
+.stylelintrc text
+
+## CONFIGS
+*.bowerrc text
+*.cnf text
+*.conf text
+*.config text
+.browserslistrc text
+.editorconfig text
+.gitattributes text
+.gitconfig text
+.gitignore text
+.htaccess text
+*.npmignore text
+*.yaml text
+*.yml text
+browserslist text
+Makefile text
+makefile text
+
+## HEROKU
+Procfile text
+.slugignore text
+
+## GRAPHICS
+*.ai binary
+*.bmp binary
+*.eps binary
+*.gif binary
+*.ico binary
+*.jng binary
+*.jp2 binary
+*.jpg binary
+*.jpeg binary
+*.jpx binary
+*.jxr binary
+*.pdf binary
+*.png binary
+*.psb binary
+*.psd binary
+*.svg text
+*.svgz binary
+*.tif binary
+*.tiff binary
+*.wbmp binary
+*.webp binary
+
+## AUDIO
+*.kar binary
+*.m4a binary
+*.mid binary
+*.midi binary
+*.mp3 binary
+*.ogg binary
+*.ra binary
+
+## VIDEO
+*.3gpp binary
+*.3gp binary
+*.as binary
+*.asf binary
+*.asx binary
+*.fla binary
+*.flv binary
+*.m4v binary
+*.mng binary
+*.mov binary
+*.mp4 binary
+*.mpeg binary
+*.mpg binary
+*.ogv binary
+*.swc binary
+*.swf binary
+*.webm binary
+
+## ARCHIVES
+*.7z binary
+*.gz binary
+*.jar binary
+*.rar binary
+*.tar binary
+*.zip binary
+
+## FONTS
+*.ttf binary
+*.eot binary
+*.otf binary
+*.woff binary
+*.woff2 binary
+
+## EXECUTABLES
+*.exe binary
+*.pyc binary
diff --git a/week-3/.gitignore b/week-3/.gitignore
new file mode 100644
index 0000000..427305a
--- /dev/null
+++ b/week-3/.gitignore
@@ -0,0 +1,6 @@
+# Include your project-specific ignores in this file
+# Read about how to use .gitignore: https://help.github.com/articles/ignoring-files
+# Useful .gitignore templates: https://github.com/github/gitignore
+node_modules
+dist
+.cache
\ No newline at end of file
diff --git a/week-3/.htaccess b/week-3/.htaccess
new file mode 100644
index 0000000..12a2e0a
--- /dev/null
+++ b/week-3/.htaccess
@@ -0,0 +1,1225 @@
+# Apache Server Configs v4.0.0 | MIT License
+# https://github.com/h5bp/server-configs-apache
+
+# (!) Using `.htaccess` files slows down Apache, therefore, if you have
+# access to the main server configuration file (which is usually called
+# `httpd.conf`), you should add this logic there.
+#
+# https://httpd.apache.org/docs/current/howto/htaccess.html
+
+# ######################################################################
+# # CROSS-ORIGIN #
+# ######################################################################
+
+# ----------------------------------------------------------------------
+# | Cross-origin requests |
+# ----------------------------------------------------------------------
+
+# Allow cross-origin requests.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+# https://enable-cors.org/
+# https://www.w3.org/TR/cors/
+
+# (!) Do not use this without understanding the consequences.
+# This will permit access from any other website.
+# Instead of using this file, consider using a specific rule such as
+# allowing access based on (sub)domain:
+#
+# Header set Access-Control-Allow-Origin "subdomain.example.com"
+
+#
+# Header set Access-Control-Allow-Origin "*"
+#
+
+# ----------------------------------------------------------------------
+# | Cross-origin images |
+# ----------------------------------------------------------------------
+
+# Send the CORS header for images when browsers request it.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabled_image
+# https://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
+
+
+
+
+ SetEnvIf Origin ":" IS_CORS
+ Header set Access-Control-Allow-Origin "*" env=IS_CORS
+
+
+
+
+# ----------------------------------------------------------------------
+# | Cross-origin web fonts |
+# ----------------------------------------------------------------------
+
+# Allow cross-origin access to web fonts.
+#
+# https://developers.google.com/fonts/docs/troubleshooting
+
+
+
+ Header set Access-Control-Allow-Origin "*"
+
+
+
+# ----------------------------------------------------------------------
+# | Cross-origin resource timing |
+# ----------------------------------------------------------------------
+
+# Allow cross-origin access to the timing information for all resources.
+#
+# If a resource isn't served with a `Timing-Allow-Origin` header that would
+# allow its timing information to be shared with the document, some of the
+# attributes of the `PerformanceResourceTiming` object will be set to zero.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin
+# https://www.w3.org/TR/resource-timing/
+# https://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/
+
+#
+# Header set Timing-Allow-Origin: "*"
+#
+
+# ######################################################################
+# # ERRORS #
+# ######################################################################
+
+# ----------------------------------------------------------------------
+# | Custom error messages/pages |
+# ----------------------------------------------------------------------
+
+# Customize what Apache returns to the client in case of an error.
+#
+# https://httpd.apache.org/docs/current/mod/core.html#errordocument
+
+ErrorDocument 404 /404.html
+
+# ----------------------------------------------------------------------
+# | Error prevention |
+# ----------------------------------------------------------------------
+
+# Disable the pattern matching based on filenames.
+#
+# This setting prevents Apache from returning a 404 error as the result of a
+# rewrite when the directory with the same name does not exist.
+#
+# https://httpd.apache.org/docs/current/content-negotiation.html#multiviews
+
+Options -MultiViews
+
+# ######################################################################
+# # INTERNET EXPLORER #
+# ######################################################################
+
+# ----------------------------------------------------------------------
+# | Document modes |
+# ----------------------------------------------------------------------
+
+# Force Internet Explorer 8/9/10 to render pages in the highest mode
+# available in various cases when it may not.
+#
+# https://hsivonen.fi/doctype/#ie8
+#
+# (!) Starting with Internet Explorer 11, document modes are deprecated.
+# If your business still relies on older web apps and services that were
+# designed for older versions of Internet Explorer, you might want to
+# consider enabling `Enterprise Mode` throughout your company.
+#
+# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
+# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/
+# https://msdn.microsoft.com/en-us/library/ff955275.aspx
+
+
+ Header always set X-UA-Compatible "IE=edge" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
+
+
+# ######################################################################
+# # MEDIA TYPES AND CHARACTER ENCODINGS #
+# ######################################################################
+
+# ----------------------------------------------------------------------
+# | Media types |
+# ----------------------------------------------------------------------
+
+# Serve resources with the proper media types (f.k.a. MIME types).
+#
+# https://www.iana.org/assignments/media-types/media-types.xhtml
+# https://httpd.apache.org/docs/current/mod/mod_mime.html#addtype
+
+
+
+ # Data interchange
+
+ AddType application/atom+xml atom
+ AddType application/json json map topojson
+ AddType application/ld+json jsonld
+ AddType application/rss+xml rss
+ AddType application/geo+json geojson
+ AddType application/rdf+xml rdf
+ AddType application/xml xml
+
+
+ # JavaScript
+
+ # Servers should use text/javascript for JavaScript resources.
+ # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
+
+ AddType text/javascript js mjs
+
+
+ # Manifest files
+
+ AddType application/manifest+json webmanifest
+ AddType application/x-web-app-manifest+json webapp
+ AddType text/cache-manifest appcache
+
+
+ # Media files
+
+ AddType audio/mp4 f4a f4b m4a
+ AddType audio/ogg oga ogg opus
+ AddType image/bmp bmp
+ AddType image/svg+xml svg svgz
+ AddType image/webp webp
+ AddType video/mp4 f4v f4p m4v mp4
+ AddType video/ogg ogv
+ AddType video/webm webm
+ AddType video/x-flv flv
+
+ # Serving `.ico` image files with a different media type prevents
+ # Internet Explorer from displaying them as images:
+ # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
+
+ AddType image/x-icon cur ico
+
+
+ # WebAssembly
+
+ AddType application/wasm wasm
+
+
+ # Web fonts
+
+ AddType font/woff woff
+ AddType font/woff2 woff2
+ AddType application/vnd.ms-fontobject eot
+ AddType font/ttf ttf
+ AddType font/collection ttc
+ AddType font/otf otf
+
+
+ # Other
+
+ AddType application/octet-stream safariextz
+ AddType application/x-bb-appworld bbaw
+ AddType application/x-chrome-extension crx
+ AddType application/x-opera-extension oex
+ AddType application/x-xpinstall xpi
+ AddType text/calendar ics
+ AddType text/markdown markdown md
+ AddType text/vcard vcard vcf
+ AddType text/vnd.rim.location.xloc xloc
+ AddType text/vtt vtt
+ AddType text/x-component htc
+
+
+
+# ----------------------------------------------------------------------
+# | Character encodings |
+# ----------------------------------------------------------------------
+
+# Serve all resources labeled as `text/html` or `text/plain` with the media type
+# `charset` parameter set to `UTF-8`.
+#
+# https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset
+
+AddDefaultCharset utf-8
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Serve the following file types with the media type `charset` parameter set to
+# `UTF-8`.
+#
+# https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset
+
+
+ AddCharset utf-8 .appcache \
+ .bbaw \
+ .css \
+ .htc \
+ .ics \
+ .js \
+ .json \
+ .manifest \
+ .map \
+ .markdown \
+ .md \
+ .mjs \
+ .topojson \
+ .vtt \
+ .vcard \
+ .vcf \
+ .webmanifest \
+ .xloc
+
+
+# ######################################################################
+# # REWRITES #
+# ######################################################################
+
+# ----------------------------------------------------------------------
+# | Rewrite engine |
+# ----------------------------------------------------------------------
+
+# (1) Turn on the rewrite engine (this is necessary in order for the
+# `RewriteRule` directives to work).
+#
+# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#RewriteEngine
+#
+# (2) Enable the `FollowSymLinks` option if it isn't already.
+#
+# https://httpd.apache.org/docs/current/mod/core.html#options
+#
+# (3) If your web host doesn't allow the `FollowSymlinks` option, you need to
+# comment it out or remove it, and then uncomment the
+# `Options +SymLinksIfOwnerMatch` line (4), but be aware of the performance
+# impact.
+#
+# https://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks
+#
+# (4) Some cloud hosting services will require you set `RewriteBase`.
+#
+# https://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-modrewrite-not-working-on-my-site
+# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
+#
+# (5) Depending on how your server is set up, you may also need to use the
+# `RewriteOptions` directive to enable some options for the rewrite engine.
+#
+# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriteoptions
+
+
+
+ # (1)
+ RewriteEngine On
+
+ # (2)
+ Options +FollowSymlinks
+
+ # (3)
+ # Options +SymLinksIfOwnerMatch
+
+ # (4)
+ # RewriteBase /
+
+ # (5)
+ # RewriteOptions
+
+
+
+# ----------------------------------------------------------------------
+# | Forcing `https://` |
+# ----------------------------------------------------------------------
+
+# Redirect from the `http://` to the `https://` version of the URL.
+#
+# https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
+
+# (1) If you're using cPanel AutoSSL or the Let's Encrypt webroot method it
+# will fail to validate the certificate if validation requests are
+# redirected to HTTPS. Turn on the condition(s) you need.
+#
+# https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
+# https://tools.ietf.org/html/draft-ietf-acme-acme-12
+
+#
+# RewriteEngine On
+# RewriteCond %{HTTPS} !=on
+# # (1)
+# # RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+# # RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[\w-]+$
+# # RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
+# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+#
+
+# ----------------------------------------------------------------------
+# | Suppressing the `www.` at the beginning of URLs |
+# ----------------------------------------------------------------------
+
+# Rewrite www.example.com → example.com
+
+# The same content should never be available under two different URLs,
+# especially not with and without `www.` at the beginning.
+# This can cause SEO problems (duplicate content), and therefore, you should
+# choose one of the alternatives and redirect the other one.
+#
+# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME!
+
+# (1) Set %{ENV:PROTO} variable, to allow rewrites to redirect with the
+# appropriate schema automatically (http or https).
+#
+# (2) The rule assumes by default that both HTTP and HTTPS environments are
+# available for redirection.
+# If your SSL certificate could not handle one of the domains used during
+# redirection, you should turn the condition on.
+#
+# https://github.com/h5bp/server-configs-apache/issues/52
+
+
+
+ RewriteEngine On
+
+ # (1)
+ RewriteCond %{HTTPS} =on
+ RewriteRule ^ - [E=PROTO:https]
+ RewriteCond %{HTTPS} !=on
+ RewriteRule ^ - [E=PROTO:http]
+
+ # (2)
+ # RewriteCond %{HTTPS} !=on
+
+ RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
+ RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]
+
+
+
+# ----------------------------------------------------------------------
+# | Forcing the `www.` at the beginning of URLs |
+# ----------------------------------------------------------------------
+
+# Rewrite example.com → www.example.com
+
+# The same content should never be available under two different URLs,
+# especially not with and without `www.` at the beginning.
+# This can cause SEO problems (duplicate content), and therefore, you should
+# choose one of the alternatives and redirect the other one.
+#
+# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME!
+
+# (1) Set %{ENV:PROTO} variable, to allow rewrites to redirect with the
+# appropriate schema automatically (http or https).
+#
+# (2) The rule assumes by default that both HTTP and HTTPS environments are
+# available for redirection.
+# If your SSL certificate could not handle one of the domains used during
+# redirection, you should turn the condition on.
+#
+# https://github.com/h5bp/server-configs-apache/issues/52
+
+# Be aware that the following might not be a good idea if you use "real"
+# subdomains for certain parts of your website.
+
+#
+
+# RewriteEngine On
+
+# # (1)
+# RewriteCond %{HTTPS} =on
+# RewriteRule ^ - [E=PROTO:https]
+# RewriteCond %{HTTPS} !=on
+# RewriteRule ^ - [E=PROTO:http]
+
+# # (2)
+# # RewriteCond %{HTTPS} !=on
+
+# RewriteCond %{HTTP_HOST} !^www\. [NC]
+# RewriteCond %{SERVER_ADDR} !=127.0.0.1
+# RewriteCond %{SERVER_ADDR} !=::1
+# RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+#
+
+# ######################################################################
+# # SECURITY #
+# ######################################################################
+
+# ----------------------------------------------------------------------
+# | Frame Options |
+# ----------------------------------------------------------------------
+
+# Protect website against clickjacking.
+#
+# The example below sends the `X-Frame-Options` response header with the value
+# `DENY`, informing browsers not to display the content of the web page in any
+# frame.
+#
+# This might not be the best setting for everyone. You should read about the
+# other two possible values the `X-Frame-Options` header field can have:
+# `SAMEORIGIN` and `ALLOW-FROM`.
+# https://tools.ietf.org/html/rfc7034#section-2.1.
+#
+# Keep in mind that while you could send the `X-Frame-Options` header for all
+# of your website's pages, this has the potential downside that it forbids even
+# non-malicious framing of your content (e.g.: when users visit your website
+# using a Google Image Search results page).
+#
+# Nonetheless, you should ensure that you send the `X-Frame-Options` header for
+# all pages that allow a user to make a state-changing operation (e.g: pages
+# that contain one-click purchase links, checkout or bank-transfer confirmation
+# pages, pages that make permanent configuration changes, etc.).
+#
+# Sending the `X-Frame-Options` header can also protect your website against
+# more than just clickjacking attacks.
+# https://cure53.de/xfo-clickjacking.pdf.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+# https://tools.ietf.org/html/rfc7034
+# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
+# https://www.owasp.org/index.php/Clickjacking
+
+#
+# Header always set X-Frame-Options "DENY" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
+#
+
+# ----------------------------------------------------------------------
+# | Content Security Policy (CSP) |
+# ----------------------------------------------------------------------
+
+# Mitigate the risk of cross-site scripting and other content-injection
+# attacks.
+#
+# This can be done by setting a `Content Security Policy` which whitelists
+# trusted sources of content for your website.
+#
+# There is no policy that fits all websites, you will have to modify the
+# `Content-Security-Policy` directives in the example depending on your needs.
+#
+# The example policy below aims to:
+#
+# (1) Restrict all fetches by default to the origin of the current website by
+# setting the `default-src` directive to `'self'` - which acts as a
+# fallback to all "Fetch directives" (https://developer.mozilla.org/en-US/docs/Glossary/Fetch_directive).
+#
+# This is convenient as you do not have to specify all Fetch directives
+# that apply to your site, for example:
+# `connect-src 'self'; font-src 'self'; script-src 'self'; style-src 'self'`, etc.
+#
+# This restriction also means that you must explicitly define from which
+# site(s) your website is allowed to load resources from.
+#
+# (2) The `` element is not allowed on the website. This is to prevent
+# attackers from changing the locations of resources loaded from relative
+# URLs.
+#
+# If you want to use the `` element, then `base-uri 'self'` can be
+# used instead.
+#
+# (3) Form submissions are only allowed from the current website by setting:
+# `form-action 'self'`.
+#
+# (4) Prevents all websites (including your own) from embedding your webpages
+# within e.g. the `