diff --git a/src/lib/server/db/client.ts b/src/lib/server/db/client.ts
index d992773..d22030d 100644
--- a/src/lib/server/db/client.ts
+++ b/src/lib/server/db/client.ts
@@ -1,6 +1,6 @@
 import { and, eq, gt, lte } from "drizzle-orm";
 import db from "./drizzle";
-import { client, userClient, userClientChallenge, UserClientState } from "./schema";
+import { client, userClient, userClientChallenge } from "./schema";
 
 export const createClient = async (pubKey: string, userId: number) => {
   return await db.transaction(async (tx) => {
@@ -33,12 +33,12 @@ export const getUserClient = async (userId: number, clientId: number) => {
 export const setUserClientStateToPending = async (userId: number, clientId: number) => {
   await db
     .update(userClient)
-    .set({ state: UserClientState.Pending })
+    .set({ state: "pending" })
     .where(
       and(
         eq(userClient.userId, userId),
         eq(userClient.clientId, clientId),
-        eq(userClient.state, UserClientState.Challenging),
+        eq(userClient.state, "challenging"),
       ),
     )
     .execute();
@@ -49,7 +49,7 @@ export const createUserClientChallenge = async (
   clientId: number,
   challenge: string,
   allowedIp: string,
-  expiresAt: number,
+  expiresAt: Date,
 ) => {
   await db
     .insert(userClientChallenge)
@@ -71,7 +71,7 @@ export const getUserClientChallenge = async (challenge: string, ip: string) => {
       and(
         eq(userClientChallenge.challenge, challenge),
         eq(userClientChallenge.allowedIp, ip),
-        gt(userClientChallenge.expiresAt, Date.now()),
+        gt(userClientChallenge.expiresAt, new Date()),
       ),
     )
     .execute();
@@ -81,6 +81,6 @@ export const getUserClientChallenge = async (challenge: string, ip: string) => {
 export const cleanupExpiredUserClientChallenges = async () => {
   await db
     .delete(userClientChallenge)
-    .where(lte(userClientChallenge.expiresAt, Date.now()))
+    .where(lte(userClientChallenge.expiresAt, new Date()))
     .execute();
 };
diff --git a/src/lib/server/db/schema/client.ts b/src/lib/server/db/schema/client.ts
index efacf31..f905308 100644
--- a/src/lib/server/db/schema/client.ts
+++ b/src/lib/server/db/schema/client.ts
@@ -1,15 +1,9 @@
 import { sqliteTable, text, integer, primaryKey } from "drizzle-orm/sqlite-core";
 import { user } from "./user";
 
-export enum UserClientState {
-  Challenging = 0,
-  Pending = 1,
-  Active = 2,
-}
-
 export const client = sqliteTable("client", {
   id: integer("id").primaryKey(),
-  pubKey: text("public_key").notNull().unique(),
+  pubKey: text("public_key").notNull().unique(), // Base64
 });
 
 export const userClient = sqliteTable(
@@ -21,7 +15,9 @@ export const userClient = sqliteTable(
     clientId: integer("client_id")
       .notNull()
       .references(() => client.id),
-    state: integer("state").notNull().default(UserClientState.Challenging),
+    state: text("state", { enum: ["challenging", "pending", "active"] })
+      .notNull()
+      .default("challenging"),
     encKey: text("encrypted_key"),
   },
   (t) => ({
@@ -37,7 +33,7 @@ export const userClientChallenge = sqliteTable("user_client_challenge", {
   clientId: integer("client_id")
     .notNull()
     .references(() => client.id),
-  challenge: text("challenge").notNull().unique(),
+  challenge: text("challenge").notNull().unique(), // Base64
   allowedIp: text("allowed_ip").notNull(),
-  expiresAt: integer("expires_at").notNull(),
+  expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
 });
diff --git a/src/lib/server/db/schema/token.ts b/src/lib/server/db/schema/token.ts
index bbf6acf..7007f77 100644
--- a/src/lib/server/db/schema/token.ts
+++ b/src/lib/server/db/schema/token.ts
@@ -10,7 +10,7 @@ export const refreshToken = sqliteTable(
       .notNull()
       .references(() => user.id),
     clientId: integer("client_id").references(() => client.id),
-    expiresAt: integer("expires_at").notNull(), // Only used for cleanup
+    expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(), // Only used for cleanup
   },
   (t) => ({
     unq: unique().on(t.userId, t.clientId),
diff --git a/src/lib/server/db/token.ts b/src/lib/server/db/token.ts
index 89e0deb..133b3b4 100644
--- a/src/lib/server/db/token.ts
+++ b/src/lib/server/db/token.ts
@@ -6,7 +6,7 @@ import db from "./drizzle";
 import { refreshToken } from "./schema";
 
 const expiresIn = ms(env.jwt.refreshExp);
-const expiresAt = () => Date.now() + expiresIn;
+const expiresAt = () => new Date(Date.now() + expiresIn);
 
 export const registerRefreshToken = async (
   userId: number,
@@ -71,5 +71,5 @@ export const revokeRefreshToken = async (tokenId: string) => {
 };
 
 export const cleanupExpiredRefreshTokens = async () => {
-  await db.delete(refreshToken).where(lte(refreshToken.expiresAt, Date.now())).execute();
+  await db.delete(refreshToken).where(lte(refreshToken.expiresAt, new Date())).execute();
 };
diff --git a/src/lib/server/services/auth.ts b/src/lib/server/services/auth.ts
index ef50978..8a9a2c4 100644
--- a/src/lib/server/services/auth.ts
+++ b/src/lib/server/services/auth.ts
@@ -10,7 +10,6 @@ import {
   upgradeRefreshToken,
   revokeRefreshToken,
 } from "$lib/server/db/token";
-import { UserClientState } from "$lib/server/db/schema";
 import { issueToken, verifyToken, TokenError } from "$lib/server/modules/auth";
 
 const verifyPassword = async (hash: string, password: string) => {
@@ -41,7 +40,7 @@ export const login = async (email: string, password: string, pubKey?: string) =>
   const userClient = client ? await getUserClient(user.id, client.id) : undefined;
   if (client === null) {
     error(401, "Invalid public key");
-  } else if (client && (!userClient || userClient.state === UserClientState.Challenging)) {
+  } else if (client && (!userClient || userClient.state === "challenging")) {
     error(401, "Unregistered public key");
   }
 
@@ -99,7 +98,7 @@ export const upgradeTokens = async (refreshToken: string, pubKey: string) => {
   const userClient = client ? await getUserClient(userId, client.id) : undefined;
   if (!client) {
     error(401, "Invalid public key");
-  } else if (client && (!userClient || userClient.state === UserClientState.Challenging)) {
+  } else if (client && (!userClient || userClient.state === "challenging")) {
     error(401, "Unregistered public key");
   }
 
diff --git a/src/lib/server/services/key.ts b/src/lib/server/services/key.ts
index 325d927..da86b2b 100644
--- a/src/lib/server/services/key.ts
+++ b/src/lib/server/services/key.ts
@@ -14,7 +14,7 @@ import {
 import env from "$lib/server/loadenv";
 
 const expiresIn = ms(env.challenge.pubKeyExp);
-const expiresAt = () => Date.now() + expiresIn;
+const expiresAt = () => new Date(Date.now() + expiresIn);
 
 const generateChallenge = async (userId: number, ip: string, clientId: number, pubKey: string) => {
   const challenge = await promisify(randomBytes)(32);