diff --git a/db/db.go b/db/db.go
index 63bbeba..4cd815a 100644
--- a/db/db.go
+++ b/db/db.go
@@ -31,7 +31,7 @@ func (d *DB) Close() error {
 	return d.boltDB.Close()
 }
 
-func (d *DB) reset() error {
+func (d *DB) Reset() error {
 	if err := d.Close(); err != nil {
 		return err
 	}
diff --git a/db/db_test.go b/db/db_test.go
index 3b26337..04dbf8d 100644
--- a/db/db_test.go
+++ b/db/db_test.go
@@ -1,8 +1,6 @@
 package db
 
 import (
-	"fmt"
-	"math/rand"
 	"testing"
 	"time"
 
@@ -10,15 +8,10 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func newTestDB() (*DB, error) {
-	testDbName := fmt.Sprintf(".test.%d.boltdb", rand.Int())
-	return NewDB(testDbName, true)
-}
-
 func TestNewPaste(t *testing.T) {
-	db, err := newTestDB()
+	db, err := NewTestDB()
 	assert.NoError(t, err)
-	defer db.reset()
+	defer db.Reset()
 
 	paste, err := db.NewPaste("test paste", time.Now().Add(time.Hour))
 	assert.NoError(t, err)
@@ -32,9 +25,9 @@ func TestNewPaste(t *testing.T) {
 }
 
 func TestGet(t *testing.T) {
-	db, err := newTestDB()
+	db, err := NewTestDB()
 	assert.NoError(t, err)
-	defer db.reset()
+	defer db.Reset()
 
 	expirationTime := time.Now().Add(time.Hour)
 	paste, err := db.NewPaste("test paste", expirationTime)
@@ -68,9 +61,9 @@ func TestGet(t *testing.T) {
 }
 
 func TestDelete(t *testing.T) {
-	db, err := newTestDB()
+	db, err := NewTestDB()
 	assert.NoError(t, err)
-	defer db.reset()
+	defer db.Reset()
 
 	paste, err := db.NewPaste("test paste", time.Now().Add(time.Hour))
 	assert.NoError(t, err)
@@ -83,9 +76,9 @@ func TestDelete(t *testing.T) {
 }
 
 func TestDecrypt(t *testing.T) {
-	db, err := newTestDB()
+	db, err := NewTestDB()
 	assert.NoError(t, err)
-	defer db.reset()
+	defer db.Reset()
 
 	t.Run("decrypt paste", func(t *testing.T) {
 		paste, err := db.NewPaste("test paste", time.Now().Add(time.Hour))
@@ -124,9 +117,9 @@ func TestDecrypt(t *testing.T) {
 }
 
 func TestDeleteExpired(t *testing.T) {
-	db, err := newTestDB()
+	db, err := NewTestDB()
 	assert.NoError(t, err)
-	defer db.reset()
+	defer db.Reset()
 
 	_, err = db.NewPaste("test paste", time.Now().Add(time.Hour))
 	assert.NoError(t, err)
diff --git a/db/utils.go b/db/utils.go
index 36c6d53..fb18b51 100644
--- a/db/utils.go
+++ b/db/utils.go
@@ -1,7 +1,9 @@
 package db
 
 import (
+	"fmt"
 	"log/slog"
+	"math/rand"
 	"os"
 	"time"
 
@@ -35,3 +37,8 @@ func removeDB(path string) {
 
 	slog.Info("db_removed", "path", path)
 }
+
+func NewTestDB() (*DB, error) {
+	testDbName := fmt.Sprintf(".test.%d.boltdb", rand.Int())
+	return NewDB(testDbName, true)
+}
diff --git a/go.mod b/go.mod
index a67623f..f7fe2a9 100644
--- a/go.mod
+++ b/go.mod
@@ -8,12 +8,15 @@ require (
 )
 
 require (
+	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
 require (
+	github.com/PuerkitoBio/goquery v1.9.2
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/sys v0.19.0 // indirect
 )
diff --git a/go.sum b/go.sum
index cff2b38..85f743e 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,9 @@
+github.com/PuerkitoBio/goquery v1.9.2 h1:4/wZksC3KgkQw7SQgkKotmKljk0M6V8TUvA8Wb4yPeE=
+github.com/PuerkitoBio/goquery v1.9.2/go.mod h1:GHPCaP0ODyyxqcNoFGYlAprUFH81NuRPd0GX3Zu2Mvk=
 github.com/a-h/templ v0.2.707 h1:T1Gkd2ugbRglZ9rYw/VBchWOSZVKmetDbBkm4YubM7U=
 github.com/a-h/templ v0.2.707/go.mod h1:5cqsugkq9IerRNucNsI4DEamdHPsoGMQy99DzydLhM8=
+github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
+github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
 github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -10,8 +14,44 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/web/handlers_test.go b/web/handlers_test.go
new file mode 100644
index 0000000..6a8ccb3
--- /dev/null
+++ b/web/handlers_test.go
@@ -0,0 +1,228 @@
+package web
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/PuerkitoBio/goquery"
+	"github.com/stretchr/testify/assert"
+	"github.com/v1k45/pastepass/config"
+	"github.com/v1k45/pastepass/db"
+)
+
+func TestHandlerIndex(t *testing.T) {
+	h := NewHandler(nil)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest("GET", "/", nil)
+
+	h.Index(w, r)
+	assert.Equal(t, http.StatusOK, w.Code)
+
+	doc, err := goquery.NewDocumentFromReader(w.Body)
+	assert.NoError(t, err)
+
+	title := doc.Find("title").Text()
+	assert.Contains(t, title, config.AppName)
+
+	// has a form
+	form := doc.Find("form")
+	assert.Equal(t, 1, form.Length())
+
+	// has a textarea
+	textarea := doc.Find("textarea")
+	assert.Equal(t, 1, textarea.Length())
+
+	// has a button
+	button := doc.Find("button")
+	assert.Equal(t, 1, button.Length())
+}
+
+func TestHandlerPaste(t *testing.T) {
+	h := NewHandler(nil)
+
+	t.Run("empty text", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("POST", "/", nil)
+
+		h.Paste(w, r)
+		assert.Equal(t, http.StatusBadRequest, w.Code)
+
+		doc, err := goquery.NewDocumentFromReader(w.Body)
+		assert.NoError(t, err)
+
+		errorMessage := doc.Find("hgroup > small").Text()
+		assert.Equal(t, "Paste content is required.", errorMessage)
+
+	})
+
+	t.Run("invalid expiration", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("POST", "/", nil)
+		r.Form = url.Values{"text": {"hello"}, "expiration": {"invalid"}}
+
+		h.Paste(w, r)
+		assert.Equal(t, http.StatusBadRequest, w.Code)
+
+		doc, err := goquery.NewDocumentFromReader(w.Body)
+		assert.NoError(t, err)
+
+		errorMessage := doc.Find("hgroup > small").Text()
+		assert.Equal(t, "Invalid expiration time.", errorMessage)
+	})
+
+	db, err := db.NewTestDB()
+	assert.NoError(t, err)
+	defer db.Reset()
+
+	t.Run("success", func(t *testing.T) {
+		h = NewHandler(db)
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("POST", "/", nil)
+		r.Form = url.Values{"text": {"hello"}, "expiration": {"1h"}}
+
+		h.Paste(w, r)
+		assert.Equal(t, http.StatusOK, w.Code)
+
+		doc, err := goquery.NewDocumentFromReader(w.Body)
+		assert.NoError(t, err)
+
+		pasteUrl := doc.Find("pre").Text()
+		assert.Contains(t, pasteUrl, "/p/")
+	})
+
+	t.Run("url scheme", func(t *testing.T) {
+		h = NewHandler(db)
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("POST", "/", nil)
+		r.Header.Set("X-Forwarded-Proto", "https")
+		r.Form = url.Values{"text": {"hello"}, "expiration": {"1h"}}
+
+		h.Paste(w, r)
+		assert.Equal(t, http.StatusOK, w.Code)
+
+		doc, err := goquery.NewDocumentFromReader(w.Body)
+		assert.NoError(t, err)
+
+		pasteUrl := doc.Find("pre").Text()
+		assert.Contains(t, pasteUrl, "https")
+	})
+
+}
+
+func TestHandlerView(t *testing.T) {
+	db, err := db.NewTestDB()
+	assert.NoError(t, err)
+	defer db.Reset()
+
+	h := NewHandler(db)
+
+	paste, err := db.NewPaste("test paste", time.Now().Add(time.Hour))
+	assert.NoError(t, err)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest("GET", "/p/"+paste.ID+"/"+paste.Key, nil)
+	r.SetPathValue("id", paste.ID)
+	r.SetPathValue("key", paste.Key)
+
+	h.View(w, r)
+	assert.Equal(t, http.StatusOK, w.Code)
+
+	doc, err := goquery.NewDocumentFromReader(w.Body)
+	assert.NoError(t, err)
+
+	// document does not contain the content of the paste
+	// it is only displayed upon decryption
+	assert.NotContains(t, doc.Text(), "test paste")
+
+	t.Run("expired paste", func(t *testing.T) {
+		paste, err := db.NewPaste("test paste", time.Now().Add(-time.Hour))
+		assert.NoError(t, err)
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("GET", "/p/"+paste.ID+"/"+paste.Key, nil)
+		r.SetPathValue("id", paste.ID)
+		r.SetPathValue("key", paste.Key)
+
+		h.View(w, r)
+		assert.Equal(t, http.StatusNotFound, w.Code)
+	})
+
+	t.Run("nonexistent paste", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("GET", "/p/nonexistent/key", nil)
+		r.SetPathValue("id", "nonexistent")
+		r.SetPathValue("key", "key")
+
+		h.View(w, r)
+		assert.Equal(t, http.StatusNotFound, w.Code)
+	})
+}
+
+func TestHandlerDecrypt(t *testing.T) {
+	db, err := db.NewTestDB()
+	assert.NoError(t, err)
+	defer db.Reset()
+
+	h := NewHandler(db)
+
+	paste, err := db.NewPaste("test paste", time.Now().Add(time.Hour))
+	assert.NoError(t, err)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest("POST", "/p/"+paste.ID+"/"+paste.Key, nil)
+	r.SetPathValue("id", paste.ID)
+	r.SetPathValue("key", paste.Key)
+
+	h.Decrypt(w, r)
+	assert.Equal(t, http.StatusOK, w.Code)
+
+	doc, err := goquery.NewDocumentFromReader(w.Body)
+	assert.NoError(t, err)
+
+	// document contains the content of the paste
+	pre := doc.Find("pre").Text()
+	assert.Contains(t, pre, "test paste")
+
+	// paste is deleted after decryption
+	_, err = db.Get(paste.ID)
+	assert.Error(t, err)
+
+	// try to decrypt again
+	w = httptest.NewRecorder()
+	h.Decrypt(w, r)
+	assert.Equal(t, http.StatusInternalServerError, w.Code)
+}
+
+func TestHandlerStatic(t *testing.T) {
+	h := NewHandler(nil)
+
+	t.Run("css", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("GET", "/static/pico.min.css", nil)
+
+		h.Router().ServeHTTP(w, r)
+		assert.Equal(t, http.StatusOK, w.Code)
+	})
+
+	t.Run("js", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("GET", "/static/pastepass.js", nil)
+
+		h.Router().ServeHTTP(w, r)
+		assert.Equal(t, http.StatusOK, w.Code)
+	})
+
+	t.Run("404", func(t *testing.T) {
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest("GET", "/static/notfound", nil)
+
+		h.Router().ServeHTTP(w, r)
+		assert.Equal(t, http.StatusNotFound, w.Code)
+	})
+}