Merge pull request #10 from kmc7468/dev

v0.4.0

.dockerignore

@@ -1,6 +1,5 @@
 .git
 node_modules
-/Makefile
 
 # Output
 .output
@@ -11,15 +10,13 @@ node_modules
 /build
 /data
 /library
-/thumbnails
 
 # OS
 .DS_Store
 Thumbs.db
 
-# Editors
+# VSCode
 /.vscode
-/.idea
 
 # Env
 .env

.env.example

@@ -11,4 +11,3 @@ SESSION_EXPIRES=
 USER_CLIENT_CHALLENGE_EXPIRES=
 SESSION_UPGRADE_CHALLENGE_EXPIRES=
 LIBRARY_PATH=
-THUMBNAILS_PATH=

.gitignore

@@ -9,15 +9,13 @@ node_modules
 /build
 /data
 /library
-/thumbnails
 
 # OS
 .DS_Store
 Thumbs.db
 
-# Editors
+# VSCode
 /.vscode
-/.idea
 
 # Env
 .env

Dockerfile

@@ -2,7 +2,11 @@
 FROM node:22-alpine AS base
 WORKDIR /app
 
-RUN npm install -g pnpm@10
+RUN apk add --no-cache bash curl && \
+    curl -o /usr/local/bin/wait-for-it https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh && \
+    chmod +x /usr/local/bin/wait-for-it
+
+RUN npm install -g pnpm@9
 COPY pnpm-lock.yaml .
 
 # Build Stage
@@ -25,4 +29,4 @@ COPY --from=build /app/build ./build
 
 EXPOSE 3000
 ENV BODY_SIZE_LIMIT=Infinity
-CMD ["node", "./build/index.js"]
+CMD ["bash", "-c", "wait-for-it ${DATABASE_HOST:-localhost}:${DATABASE_PORT:-5432} -- node ./build/index.js"]

docker-compose.dev.yaml

@@ -1,7 +1,7 @@
 services:
   database:
-    image: postgres:17
-    restart: always
+    image: postgres:17.2
+    restart: on-failure
     volumes:
       - database:/var/lib/postgresql/data
     environment:

docker-compose.yaml

@@ -1,14 +1,12 @@
 services:
   server:
     build: .
-    restart: unless-stopped
+    restart: on-failure
     depends_on:
-      database:
-        condition: service_healthy
+      - database
     user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
     volumes:
       - ./data/library:/app/data/library
-      - ./data/thumbnails:/app/data/thumbnails
     environment:
       # ArkVault
       - DATABASE_HOST=database
@@ -19,7 +17,6 @@ services:
       - USER_CLIENT_CHALLENGE_EXPIRES
       - SESSION_UPGRADE_CHALLENGE_EXPIRES
       - LIBRARY_PATH=/app/data/library
-      - THUMBNAILS_PATH=/app/data/thumbnails
       # SvelteKit
       - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
       - XFF_DEPTH=${TRUST_PROXY:-}
@@ -28,16 +25,11 @@ services:
       - ${PORT:-80}:3000
 
   database:
-    image: postgres:17-alpine
-    restart: unless-stopped
+    image: postgres:17.2-alpine
+    restart: on-failure
     user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
     volumes:
       - ./data/database:/var/lib/postgresql/data
     environment:
       - POSTGRES_USER=arkvault
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD:?}
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER}"]
-      interval: 5s
-      timeout: 5s
-      retries: 5

eslint.config.js

@@ -1,24 +1,21 @@
-import { includeIgnoreFile } from "@eslint/compat";
-import js from "@eslint/js";
-import { defineConfig } from "eslint/config";
 import prettier from "eslint-config-prettier";
+import js from "@eslint/js";
+import { includeIgnoreFile } from "@eslint/compat";
 import svelte from "eslint-plugin-svelte";
 import tailwind from "eslint-plugin-tailwindcss";
 import globals from "globals";
+import { fileURLToPath } from "node:url";
 import ts from "typescript-eslint";
-import { fileURLToPath } from "url";
-import svelteConfig from "./svelte.config.js";
-
 const gitignorePath = fileURLToPath(new URL("./.gitignore", import.meta.url));
 
-export default defineConfig(
+export default ts.config(
   includeIgnoreFile(gitignorePath),
   js.configs.recommended,
   ...ts.configs.recommended,
-  ...svelte.configs.recommended,
+  ...svelte.configs["flat/recommended"],
   ...tailwind.configs["flat/recommended"],
   prettier,
-  ...svelte.configs.prettier,
+  ...svelte.configs["flat/prettier"],
   {
     languageOptions: {
       globals: {
@@ -26,18 +23,13 @@ export default defineConfig(
         ...globals.node,
       },
     },
-    rules: {
-      "no-undef": "off",
-    },
   },
   {
-    files: ["**/*.svelte", "**/*.svelte.ts", "**/*.svelte.js"],
+    files: ["**/*.svelte"],
+
     languageOptions: {
       parserOptions: {
-        projectService: true,
-        extraFileExtensions: [".svelte"],
         parser: ts.parser,
-        svelteConfig,
       },
     },
   },

package.json

@@ -1,7 +1,7 @@
 {
   "name": "arkvault",
   "private": true,
-  "version": "0.6.0",
+  "version": "0.4.0",
   "type": "module",
   "scripts": {
     "dev": "vite dev",
@@ -16,57 +16,52 @@
     "db:migrate": "kysely migrate"
   },
   "devDependencies": {
-    "@eslint/compat": "^2.0.0",
-    "@iconify-json/material-symbols": "^1.2.50",
-    "@sveltejs/adapter-node": "^5.4.0",
-    "@sveltejs/kit": "^2.49.2",
-    "@sveltejs/vite-plugin-svelte": "^6.2.1",
-    "@tanstack/svelte-virtual": "^3.13.13",
-    "@trpc/client": "^11.8.1",
+    "@eslint/compat": "^1.2.4",
+    "@iconify-json/material-symbols": "^1.2.12",
+    "@sveltejs/adapter-node": "^5.2.11",
+    "@sveltejs/kit": "^2.15.2",
+    "@sveltejs/vite-plugin-svelte": "^4.0.4",
     "@types/file-saver": "^2.0.7",
     "@types/ms": "^0.7.34",
-    "@types/node-schedule": "^2.1.8",
-    "@types/pg": "^8.16.0",
-    "autoprefixer": "^10.4.23",
-    "axios": "^1.13.2",
-    "dexie": "^4.2.1",
-    "eslint": "^9.39.2",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-svelte": "^3.13.1",
-    "eslint-plugin-tailwindcss": "^3.18.2",
-    "exifreader": "^4.33.1",
+    "@types/node-schedule": "^2.1.7",
+    "@types/pg": "^8.11.10",
+    "autoprefixer": "^10.4.20",
+    "axios": "^1.7.9",
+    "dexie": "^4.0.10",
+    "eslint": "^9.17.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-svelte": "^2.46.1",
+    "eslint-plugin-tailwindcss": "^3.17.5",
+    "exifreader": "^4.26.0",
     "file-saver": "^2.0.5",
-    "globals": "^16.5.0",
+    "globals": "^15.14.0",
     "heic2any": "^0.0.4",
-    "kysely-ctl": "^0.19.0",
-    "lru-cache": "^11.2.4",
-    "mime": "^4.1.0",
-    "p-limit": "^7.2.0",
-    "prettier": "^3.7.4",
-    "prettier-plugin-svelte": "^3.4.1",
-    "prettier-plugin-tailwindcss": "^0.7.2",
-    "svelte": "^5.46.1",
-    "svelte-check": "^4.3.5",
-    "tailwindcss": "^3.4.19",
-    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.50.1",
-    "unplugin-icons": "^22.5.0",
-    "vite": "^7.3.0"
+    "kysely-ctl": "^0.10.1",
+    "mime": "^4.0.6",
+    "p-limit": "^6.2.0",
+    "prettier": "^3.4.2",
+    "prettier-plugin-svelte": "^3.3.2",
+    "prettier-plugin-tailwindcss": "^0.6.9",
+    "svelte": "^5.19.1",
+    "svelte-check": "^4.1.3",
+    "tailwindcss": "^3.4.17",
+    "typescript": "^5.7.3",
+    "typescript-eslint": "^8.19.1",
+    "unplugin-icons": "^0.22.0",
+    "vite": "^5.4.11"
   },
   "dependencies": {
-    "@fastify/busboy": "^3.2.0",
-    "@trpc/server": "^11.8.1",
-    "argon2": "^0.44.0",
-    "kysely": "^0.28.9",
+    "@fastify/busboy": "^3.1.1",
+    "argon2": "^0.41.1",
+    "kysely": "^0.27.5",
     "ms": "^2.1.3",
     "node-schedule": "^2.1.1",
-    "pg": "^8.16.3",
-    "superjson": "^2.2.6",
-    "uuid": "^13.0.0",
-    "zod": "^4.2.1"
+    "pg": "^8.13.1",
+    "uuid": "^11.0.4",
+    "zod": "^3.24.1"
   },
   "engines": {
     "node": "^22.0.0",
-    "pnpm": "^10.0.0"
+    "pnpm": "^9.0.0"
   }
 }

src/hooks.client.ts

@@ -4,15 +4,6 @@ import { prepareFileCache } from "$lib/modules/file";
 import { prepareOpfs } from "$lib/modules/opfs";
 import { clientKeyStore, masterKeyStore, hmacSecretStore } from "$lib/stores";
 
-const requestPersistentStorage = async () => {
-  const isPersistent = await navigator.storage.persist();
-  if (isPersistent) {
-    console.log("[ArkVault] Persistent storage granted.");
-  } else {
-    console.warn("[ArkVault] Persistent storage not granted.");
-  }
-};
-
 const prepareClientKeyStore = async () => {
   const [encryptKey, decryptKey, signKey, verifyKey] = await Promise.all([
     getClientKey("encrypt"),
@@ -41,7 +32,6 @@ const prepareHmacSecretStore = async () => {
 
 export const init: ClientInit = async () => {
   await Promise.all([
-    requestPersistentStorage(),
     prepareFileCache(),
     prepareClientKeyStore(),
     prepareMasterKeyStore(),

src/lib/components/atoms/RowVirtualizer.svelte

@@ -1,46 +0,0 @@
-<script lang="ts">
-  import { createWindowVirtualizer } from "@tanstack/svelte-virtual";
-  import { untrack, type Snippet } from "svelte";
-  import type { ClassValue } from "svelte/elements";
-
-  interface Props {
-    class?: ClassValue;
-    count: number;
-    item: Snippet<[index: number]>;
-    itemHeight: (index: number) => number;
-    placeholder?: Snippet;
-  }
-
-  let { class: className, count, item, itemHeight, placeholder }: Props = $props();
-
-  const virtualizer = $derived(
-    createWindowVirtualizer({
-      count: untrack(() => count),
-      estimateSize: itemHeight,
-    }),
-  );
-
-  const measureItem = (node: HTMLElement) => {
-    $effect(() => $virtualizer.measureElement(node));
-  };
-
-  $effect(() => $virtualizer.setOptions({ count }));
-</script>
-
-<div class={["relative", className]}>
-  <div style:height="{$virtualizer.getTotalSize()}px">
-    {#each $virtualizer.getVirtualItems() as virtualItem (virtualItem.key)}
-      <div
-        class="absolute left-0 top-0 w-full"
-        style:transform="translateY({virtualItem.start}px)"
-        data-index={virtualItem.index}
-        use:measureItem
-      >
-        {@render item(virtualItem.index)}
-      </div>
-    {/each}
-  </div>
-  {#if placeholder && $virtualizer.getVirtualItems().length === 0}
-    {@render placeholder()}
-  {/if}
-</div>

src/lib/components/atoms/buttons/FileThumbnailButton.svelte

@@ -1,42 +0,0 @@
-<script lang="ts">
-  import type { Writable } from "svelte/store";
-  import type { FileInfo } from "$lib/modules/filesystem";
-  import { requestFileThumbnailDownload } from "$lib/services/file";
-
-  interface Props {
-    info: Writable<FileInfo | null>;
-    onclick?: (file: FileInfo) => void;
-  }
-
-  let { info, onclick }: Props = $props();
-
-  let thumbnail: string | undefined = $state();
-
-  $effect(() => {
-    if ($info) {
-      requestFileThumbnailDownload($info.id, $info.dataKey)
-        .then((thumbnailUrl) => {
-          thumbnail = thumbnailUrl ?? undefined;
-        })
-        .catch(() => {
-          // TODO: Error Handling
-          thumbnail = undefined;
-        });
-    } else {
-      thumbnail = undefined;
-    }
-  });
-</script>
-
-{#if $info}
-  <button
-    onclick={() => onclick?.($info)}
-    class="aspect-square overflow-hidden rounded transition active:scale-95 active:brightness-90"
-  >
-    {#if thumbnail}
-      <img src={thumbnail} alt={$info.name} class="h-full w-full object-cover" />
-    {:else}
-      <div class="h-full w-full bg-gray-100"></div>
-    {/if}
-  </button>
-{/if}

src/lib/components/atoms/buttons/index.ts

@@ -1,6 +1,5 @@
 export { default as ActionEntryButton } from "./ActionEntryButton.svelte";
 export { default as Button } from "./Button.svelte";
 export { default as EntryButton } from "./EntryButton.svelte";
-export { default as FileThumbnailButton } from "./FileThumbnailButton.svelte";
 export { default as FloatingButton } from "./FloatingButton.svelte";
 export { default as TextButton } from "./TextButton.svelte";

src/lib/components/atoms/divs/FullscreenDiv.svelte

@@ -1,15 +1,7 @@
 <script lang="ts">
-  import type { Snippet } from "svelte";
-  import type { ClassValue } from "svelte/elements";
-
-  interface Props {
-    children: Snippet;
-    class?: ClassValue;
-  }
-
-  let { children, class: className }: Props = $props();
+  let { children } = $props();
 </script>
 
-<div class={["flex flex-grow flex-col justify-between px-4", className]}>
+<div class="flex flex-grow flex-col justify-between px-4">
   {@render children()}
 </div>

src/lib/components/atoms/index.ts

@@ -3,4 +3,3 @@ export * from "./buttons";
 export * from "./divs";
 export * from "./inputs";
 export { default as Modal } from "./Modal.svelte";
-export { default as RowVirtualizer } from "./RowVirtualizer.svelte";

src/lib/components/molecules/ActionModal.svelte

@@ -12,7 +12,6 @@
     confirmText: string;
     isOpen: boolean;
     onbeforeclose?: () => void;
-    oncancel?: () => void;
     onConfirmClick: ConfirmHandler;
     title: string;
   }
@@ -23,7 +22,6 @@
     confirmText,
     isOpen = $bindable(),
     onbeforeclose,
-    oncancel,
     onConfirmClick,
     title,
   }: Props = $props();
@@ -33,11 +31,6 @@
     isOpen = false;
   };
 
-  const cancelAction = () => {
-    oncancel?.();
-    closeModal();
-  };
-
   const confirmAction = async () => {
     if ((await onConfirmClick()) !== false) {
       closeModal();
@@ -45,13 +38,13 @@
   };
 </script>
 
-<Modal bind:isOpen onclose={cancelAction} class="space-y-4">
+<Modal bind:isOpen onclose={closeModal} class="space-y-4">
   <div class="flex flex-col gap-y-2 break-keep">
     <p class="text-xl font-bold">{title}</p>
     {@render children()}
   </div>
   <div class="flex gap-x-2">
-    <Button color="gray" onclick={cancelAction} class="flex-1">{cancelText}</Button>
+    <Button color="gray" onclick={closeModal} class="flex-1">{cancelText}</Button>
     <Button onclick={confirmAction} class="flex-1">{confirmText}</Button>
   </div>
 </Modal>

src/lib/components/molecules/Categories/Categories.svelte

@@ -3,7 +3,7 @@
   import type { SvelteHTMLElements } from "svelte/elements";
   import { get, type Writable } from "svelte/store";
   import type { CategoryInfo } from "$lib/modules/filesystem";
-  import { SortBy, sortEntries } from "$lib/utils";
+  import { SortBy, sortEntries } from "$lib/modules/util";
   import Category from "./Category.svelte";
   import type { SelectedCategory } from "./service";
 

src/lib/components/molecules/labels/DirectoryEntryLabel.svelte

@@ -3,7 +3,6 @@
   import { IconLabel } from "$lib/components/molecules";
 
   import IconFolder from "~icons/material-symbols/folder";
-  import IconDriveFolderUpload from "~icons/material-symbols/drive-folder-upload";
   import IconDraft from "~icons/material-symbols/draft";
 
   interface Props {
@@ -11,40 +10,19 @@
     name: string;
     subtext?: string;
     textClass?: ClassValue;
-    thumbnail?: string;
-    type: "directory" | "parent-directory" | "file";
+    type: "directory" | "file";
   }
 
-  let {
-    class: className,
-    name,
-    subtext,
-    textClass: textClassName,
-    thumbnail,
-    type,
-  }: Props = $props();
+  let { class: className, name, subtext, textClass: textClassName, type }: Props = $props();
 </script>
 
-{#snippet iconSnippet()}
-  <div class="flex h-10 w-10 items-center justify-center text-xl">
-    {#if thumbnail}
-      <img src={thumbnail} alt={name} loading="lazy" class="aspect-square rounded object-cover" />
-    {:else if type === "directory"}
-      <IconFolder />
-    {:else if type === "parent-directory"}
-      <IconDriveFolderUpload class="text-yellow-500" />
-    {:else}
-      <IconDraft class="text-blue-400" />
-    {/if}
-  </div>
-{/snippet}
-
 {#snippet subtextSnippet()}
   {subtext}
 {/snippet}
 
 <IconLabel
-  {iconSnippet}
+  icon={type === "directory" ? IconFolder : IconDraft}
+  iconClass={type === "file" ? "text-blue-400" : undefined}
   subtext={subtext ? subtextSnippet : undefined}
   class={className}
   textClass={textClassName}

src/lib/components/molecules/labels/IconLabel.svelte

@@ -5,9 +5,8 @@
   interface Props {
     children: Snippet;
     class?: ClassValue;
-    icon?: Component<SvelteHTMLElements["svg"]>;
+    icon: Component<SvelteHTMLElements["svg"]>;
     iconClass?: ClassValue;
-    iconSnippet?: Snippet;
     subtext?: Snippet;
     textClass?: ClassValue;
   }
@@ -17,22 +16,15 @@
     class: className,
     icon: Icon,
     iconClass: iconClassName,
-    iconSnippet,
     subtext,
     textClass: textClassName,
   }: Props = $props();
 </script>
 
 <div class={["flex items-center gap-x-4", className]}>
-  {#if iconSnippet}
-    <div class={["flex-shrink-0", iconClassName]}>
-      {@render iconSnippet()}
-    </div>
-  {:else if Icon}
-    <div class={["flex-shrink-0 text-lg", iconClassName]}>
-      <Icon />
-    </div>
-  {/if}
+  <div class={["flex-shrink-0 text-lg", iconClassName]}>
+    <Icon />
+  </div>
   <div class="flex flex-grow flex-col overflow-x-hidden text-left">
     <p class={["truncate font-medium", textClassName]}>
       {@render children()}

src/lib/components/organisms/Category/Category.svelte

@@ -1,11 +1,11 @@
 <script lang="ts">
   import { untrack } from "svelte";
   import { get, type Writable } from "svelte/store";
-  import { CheckBox, RowVirtualizer } from "$lib/components/atoms";
+  import { CheckBox } from "$lib/components/atoms";
   import { SubCategories, type SelectedCategory } from "$lib/components/molecules";
   import { getFileInfo, type FileInfo, type CategoryInfo } from "$lib/modules/filesystem";
+  import { SortBy, sortEntries } from "$lib/modules/util";
   import { masterKeyStore } from "$lib/stores";
-  import { SortBy, sortEntries } from "$lib/utils";
   import File from "./File.svelte";
   import type { SelectedFile } from "./service";
 
@@ -89,26 +89,19 @@
           <p class="font-medium">하위 카테고리의 파일</p>
         </CheckBox>
       </div>
-      {#key info}
-        <RowVirtualizer
-          count={files.length}
-          itemHeight={(index) => 56 + (index + 1 < files.length ? 4 : 0)}
-        >
-          {#snippet item(index)}
-            {@const { info, isRecursive } = files[index]!}
-            <div class={[index + 1 < files.length && "pb-1"]}>
-              <File
-                {info}
-                onclick={onFileClick}
-                onRemoveClick={!isRecursive ? onFileRemoveClick : undefined}
-              />
-            </div>
-          {/snippet}
-          {#snippet placeholder()}
-            <p class="text-center text-gray-500">이 카테고리에 추가된 파일이 없어요.</p>
-          {/snippet}
-        </RowVirtualizer>
-      {/key}
+      <div class="space-y-1">
+        {#key info}
+          {#each files as { info, isRecursive }}
+            <File
+              {info}
+              onclick={onFileClick}
+              onRemoveClick={!isRecursive ? onFileRemoveClick : undefined}
+            />
+          {:else}
+            <p class="text-gray-500 text-center">이 카테고리에 추가된 파일이 없어요.</p>
+          {/each}
+        {/key}
+      </div>
     </div>
   {/if}
 </div>

src/lib/components/organisms/Category/File.svelte

@@ -3,7 +3,7 @@
   import { ActionEntryButton } from "$lib/components/atoms";
   import { DirectoryEntryLabel } from "$lib/components/molecules";
   import type { FileInfo } from "$lib/modules/filesystem";
-  import { requestFileThumbnailDownload, type SelectedFile } from "./service";
+  import type { SelectedFile } from "./service";
 
   import IconClose from "~icons/material-symbols/close";
 
@@ -15,8 +15,6 @@
 
   let { info, onclick, onRemoveClick }: Props = $props();
 
-  let thumbnail: string | undefined = $state();
-
   const openFile = () => {
     const { id, dataKey, dataKeyVersion, name } = $info as FileInfo;
     if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
@@ -30,21 +28,6 @@
 
     onRemoveClick!({ id, dataKey, dataKeyVersion, name });
   };
-
-  $effect(() => {
-    if ($info) {
-      requestFileThumbnailDownload($info.id, $info.dataKey)
-        .then((thumbnailUrl) => {
-          thumbnail = thumbnailUrl ?? undefined;
-        })
-        .catch(() => {
-          // TODO: Error Handling
-          thumbnail = undefined;
-        });
-    } else {
-      thumbnail = undefined;
-    }
-  });
 </script>
 
 {#if $info}
@@ -54,6 +37,6 @@
     actionButtonIcon={onRemoveClick && IconClose}
     onActionButtonClick={removeFile}
   >
-    <DirectoryEntryLabel type="file" {thumbnail} name={$info.name} />
+    <DirectoryEntryLabel type="file" name={$info.name} />
   </ActionEntryButton>
 {/if}

src/lib/components/organisms/Category/service.ts

@@ -1,5 +1,3 @@
-export { requestFileThumbnailDownload } from "$lib/services/file";
-
 export interface SelectedFile {
   id: number;
   dataKey: CryptoKey;

src/lib/components/organisms/Gallery.svelte

@@ -1,134 +0,0 @@
-<script lang="ts">
-  import { untrack } from "svelte";
-  import { get, type Writable } from "svelte/store";
-  import { FileThumbnailButton, RowVirtualizer } from "$lib/components/atoms";
-  import type { FileInfo } from "$lib/modules/filesystem";
-  import { formatDate, formatDateSortable, SortBy, sortEntries } from "$lib/utils";
-
-  interface Props {
-    files: Writable<FileInfo | null>[];
-    onFileClick?: (file: FileInfo) => void;
-  }
-
-  let { files, onFileClick }: Props = $props();
-
-  type FileEntry =
-    | { date?: undefined; contentType?: undefined; info: Writable<FileInfo | null> }
-    | { date: Date; contentType: string; info: Writable<FileInfo | null> };
-  type Row =
-    | { type: "header"; label: string }
-    | { type: "items"; items: FileEntry[]; isLast: boolean };
-
-  let filesWithDate: FileEntry[] = $state([]);
-  let rows: Row[] = $state([]);
-
-  $effect(() => {
-    filesWithDate = files.map((file) => {
-      const info = get(file);
-      if (info) {
-        return {
-          date: info.createdAt ?? info.lastModifiedAt,
-          contentType: info.contentType,
-          info: file,
-        };
-      } else {
-        return { info: file };
-      }
-    });
-
-    const buildRows = () => {
-      const map = new Map<string, FileEntry[]>();
-
-      for (const file of filesWithDate) {
-        if (
-          !file.date ||
-          !(file.contentType.startsWith("image/") || file.contentType.startsWith("video/"))
-        ) {
-          continue;
-        }
-
-        const date = formatDateSortable(file.date);
-        const entries = map.get(date) ?? [];
-        entries.push(file);
-        map.set(date, entries);
-      }
-
-      const newRows: Row[] = [];
-      const sortedDates = Array.from(map.keys()).sort((a, b) => b.localeCompare(a));
-      for (const date of sortedDates) {
-        const entries = map.get(date)!;
-        sortEntries(entries, SortBy.DATE_DESC);
-
-        newRows.push({
-          type: "header",
-          label: formatDate(entries[0]!.date!),
-        });
-
-        for (let i = 0; i < entries.length; i += 4) {
-          newRows.push({
-            type: "items",
-            items: entries.slice(i, i + 4),
-            isLast: i + 4 >= entries.length,
-          });
-        }
-      }
-
-      rows = newRows;
-    };
-    return untrack(() => {
-      buildRows();
-
-      const unsubscribes = filesWithDate.map((file) =>
-        file.info.subscribe((value) => {
-          const newDate = value?.createdAt ?? value?.lastModifiedAt;
-          const newContentType = value?.contentType;
-          if (file.date?.getTime() === newDate?.getTime() && file.contentType === newContentType) {
-            return;
-          }
-
-          file.date = newDate;
-          file.contentType = newContentType;
-          buildRows();
-        }),
-      );
-      return () => unsubscribes.forEach((unsubscribe) => unsubscribe());
-    });
-  });
-</script>
-
-<RowVirtualizer
-  count={rows.length}
-  itemHeight={(index) =>
-    rows[index]!.type === "header"
-      ? 32
-      : Math.ceil(rows[index]!.items.length / 4) * 181 +
-        (Math.ceil(rows[index]!.items.length / 4) - 1) * 4 +
-        16}
-  class="flex flex-grow flex-col"
->
-  {#snippet item(index)}
-    {@const row = rows[index]!}
-    {#if row.type === "header"}
-      <p class="pb-2 font-medium">{row.label}</p>
-    {:else}
-      <div class={["grid grid-cols-4 gap-x-1", row.isLast ? "pb-4" : "pb-1"]}>
-        {#each row.items as { info }}
-          <FileThumbnailButton {info} onclick={onFileClick} />
-        {/each}
-      </div>
-    {/if}
-  {/snippet}
-  {#snippet placeholder()}
-    <div class="flex h-full flex-grow items-center justify-center">
-      <p class="text-gray-500">
-        {#if files.length === 0}
-          업로드된 파일이 없어요.
-        {:else if filesWithDate.length === 0}
-          파일 목록을 불러오고 있어요.
-        {:else}
-          사진 또는 동영상이 없어요.
-        {/if}
-      </p>
-    </div>
-  {/snippet}
-</RowVirtualizer>

src/lib/components/organisms/index.ts

@@ -1,4 +1,3 @@
 export * from "./Category";
 export { default as Category } from "./Category";
-export { default as Gallery } from "./Gallery.svelte";
 export * from "./modals";

src/lib/components/organisms/modals/ForceLoginModal.svelte

@@ -1,22 +0,0 @@
-<script lang="ts">
-  import { ActionModal } from "$lib/components/molecules";
-
-  interface Props {
-    isOpen: boolean;
-    oncancel?: () => void;
-    onLoginClick: () => void;
-  }
-
-  let { isOpen = $bindable(), oncancel, onLoginClick }: Props = $props();
-</script>
-
-<ActionModal
-  bind:isOpen
-  title="다른 디바이스에 이미 로그인되어 있어요."
-  cancelText="아니요"
-  {oncancel}
-  confirmText="네"
-  onConfirmClick={onLoginClick}
->
-  <p>다른 디바이스에서는 로그아웃하고, 이 디바이스에서 로그인할까요?</p>
-</ActionModal>

src/lib/components/organisms/modals/index.ts

@@ -1,4 +1,3 @@
 export { default as CategoryCreateModal } from "./CategoryCreateModal.svelte";
-export { default as ForceLoginModal } from "./ForceLoginModal.svelte";
 export { default as RenameModal } from "./RenameModal.svelte";
 export { default as TextInputModal } from "./TextInputModal.svelte";

src/lib/hooks/callApi.ts

@@ -0,0 +1,11 @@
+export const callGetApi = async (input: RequestInfo, fetchInternal = fetch) => {
+  return await fetchInternal(input);
+};
+
+export const callPostApi = async <T>(input: RequestInfo, payload?: T, fetchInternal = fetch) => {
+  return await fetchInternal(input, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: payload ? JSON.stringify(payload) : undefined,
+  });
+};

src/lib/hooks/index.ts

@@ -0,0 +1,2 @@
+export * from "./callApi";
+export * from "./gotoStateful";

src/lib/indexedDB/filesystem.ts

@@ -25,7 +25,6 @@ interface CategoryInfo {
   parentId: CategoryId;
   name: string;
   files: { id: number; isRecursive: boolean }[];
-  isFileRecursive: boolean;
 }
 
 const filesystem = new Dexie("filesystem") as Dexie & {
@@ -34,21 +33,11 @@ const filesystem = new Dexie("filesystem") as Dexie & {
   category: EntityTable<CategoryInfo, "id">;
 };
 
-filesystem
-  .version(3)
-  .stores({
-    directory: "id, parentId",
-    file: "id, parentId",
-    category: "id, parentId",
-  })
-  .upgrade(async (trx) => {
-    await trx
-      .table("category")
-      .toCollection()
-      .modify((category) => {
-        category.isFileRecursive = false;
-      });
-  });
+filesystem.version(2).stores({
+  directory: "id, parentId",
+  file: "id, parentId",
+  category: "id, parentId",
+});
 
 export const getDirectoryInfos = async (parentId: DirectoryId) => {
   return await filesystem.directory.where({ parentId }).toArray();
@@ -66,10 +55,6 @@ export const deleteDirectoryInfo = async (id: number) => {
   await filesystem.directory.delete(id);
 };
 
-export const getAllFileInfos = async () => {
-  return await filesystem.file.toArray();
-};
-
 export const getFileInfos = async (parentId: DirectoryId) => {
   return await filesystem.file.where({ parentId }).toArray();
 };
@@ -98,10 +83,6 @@ export const storeCategoryInfo = async (categoryInfo: CategoryInfo) => {
   await filesystem.category.put(categoryInfo);
 };
 
-export const updateCategoryInfo = async (id: number, changes: { isFileRecursive?: boolean }) => {
-  await filesystem.category.update(id, changes);
-};
-
 export const deleteCategoryInfo = async (id: number) => {
   await filesystem.category.delete(id);
 };

src/lib/modules/crypto/rsa.ts

@@ -46,56 +46,6 @@ export const exportRSAKeyToBase64 = async (key: CryptoKey) => {
   return encodeToBase64((await exportRSAKey(key)).key);
 };
 
-export const importEncryptionKeyPairFromBase64 = async (
-  encryptKeyBase64: string,
-  decryptKeyBase64: string,
-) => {
-  const algorithm: RsaHashedImportParams = {
-    name: "RSA-OAEP",
-    hash: "SHA-256",
-  };
-  const encryptKey = await window.crypto.subtle.importKey(
-    "spki",
-    decodeFromBase64(encryptKeyBase64),
-    algorithm,
-    true,
-    ["encrypt", "wrapKey"],
-  );
-  const decryptKey = await window.crypto.subtle.importKey(
-    "pkcs8",
-    decodeFromBase64(decryptKeyBase64),
-    algorithm,
-    true,
-    ["decrypt", "unwrapKey"],
-  );
-  return { encryptKey, decryptKey };
-};
-
-export const importSigningKeyPairFromBase64 = async (
-  signKeyBase64: string,
-  verifyKeyBase64: string,
-) => {
-  const algorithm: RsaHashedImportParams = {
-    name: "RSA-PSS",
-    hash: "SHA-256",
-  };
-  const signKey = await window.crypto.subtle.importKey(
-    "pkcs8",
-    decodeFromBase64(signKeyBase64),
-    algorithm,
-    true,
-    ["sign"],
-  );
-  const verifyKey = await window.crypto.subtle.importKey(
-    "spki",
-    decodeFromBase64(verifyKeyBase64),
-    algorithm,
-    true,
-    ["verify"],
-  );
-  return { signKey, verifyKey };
-};
-
 export const makeRSAKeyNonextractable = async (key: CryptoKey) => {
   const { key: exportedKey, format } = await exportRSAKey(key);
   return await window.crypto.subtle.importKey(

src/lib/modules/file/cache.ts

@@ -1,15 +1,12 @@
-import { LRUCache } from "lru-cache";
 import {
   getFileCacheIndex as getFileCacheIndexFromIndexedDB,
   storeFileCacheIndex,
   deleteFileCacheIndex,
   type FileCacheIndex,
 } from "$lib/indexedDB";
-import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
-import { getThumbnailUrl } from "$lib/modules/thumbnail";
+import { readFile, writeFile, deleteFile } from "$lib/modules/opfs";
 
 const fileCacheIndex = new Map<number, FileCacheIndex>();
-const loadedThumbnails = new LRUCache<number, string>({ max: 100 });
 
 export const prepareFileCache = async () => {
   for (const cache of await getFileCacheIndexFromIndexedDB()) {
@@ -51,30 +48,3 @@ export const deleteFileCache = async (fileId: number) => {
   await deleteFile(`/cache/${fileId}`);
   await deleteFileCacheIndex(fileId);
 };
-
-export const getFileThumbnailCache = async (fileId: number) => {
-  const thumbnail = loadedThumbnails.get(fileId);
-  if (thumbnail) return thumbnail;
-
-  const thumbnailBuffer = await readFile(`/thumbnail/file/${fileId}`);
-  if (!thumbnailBuffer) return null;
-
-  const thumbnailUrl = getThumbnailUrl(thumbnailBuffer);
-  loadedThumbnails.set(fileId, thumbnailUrl);
-  return thumbnailUrl;
-};
-
-export const storeFileThumbnailCache = async (fileId: number, thumbnailBuffer: ArrayBuffer) => {
-  await writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
-  loadedThumbnails.set(fileId, getThumbnailUrl(thumbnailBuffer));
-};
-
-export const deleteFileThumbnailCache = async (fileId: number) => {
-  loadedThumbnails.delete(fileId);
-  await deleteFile(`/thumbnail/file/${fileId}`);
-};
-
-export const deleteAllFileThumbnailCaches = async () => {
-  loadedThumbnails.clear();
-  await deleteDirectory("/thumbnail/file");
-};

src/lib/modules/file/upload.ts

@@ -11,9 +11,9 @@ import {
   digestMessage,
   signMessageHmac,
 } from "$lib/modules/crypto";
-import { generateThumbnail } from "$lib/modules/thumbnail";
 import type {
-  FileThumbnailUploadRequest,
+  DuplicateFileScanRequest,
+  DuplicateFileScanResponse,
   FileUploadRequest,
   FileUploadResponse,
 } from "$lib/server/schemas";
@@ -23,17 +23,18 @@ import {
   type HmacSecret,
   type FileUploadStatus,
 } from "$lib/stores";
-import { trpc } from "$trpc/client";
 
 const requestDuplicateFileScan = limitFunction(
   async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => {
     const fileBuffer = await file.arrayBuffer();
     const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret));
 
-    const files = await trpc().file.listByHash.query({
+    const res = await axios.post("/api/file/scanDuplicates", {
       hskVersion: hmacSecret.version,
       contentHmac: fileSigned,
-    });
+    } satisfies DuplicateFileScanRequest);
+    const { files }: DuplicateFileScanResponse = res.data;
+
     if (files.length === 0 || (await onDuplicate())) {
       return { fileBuffer, fileSigned };
     } else {
@@ -105,10 +106,6 @@ const encryptFile = limitFunction(
       createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
     const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey);
 
-    const thumbnail = await generateThumbnail(fileBuffer, fileType);
-    const thumbnailBuffer = await thumbnail?.arrayBuffer();
-    const thumbnailEncrypted = thumbnailBuffer && (await encryptData(thumbnailBuffer, dataKey));
-
     status.update((value) => {
       value.status = "upload-pending";
       return value;
@@ -123,14 +120,13 @@ const encryptFile = limitFunction(
       nameEncrypted,
       createdAtEncrypted,
       lastModifiedAtEncrypted,
-      thumbnail: thumbnailEncrypted && { plaintext: thumbnailBuffer, ...thumbnailEncrypted },
     };
   },
   { concurrency: 4 },
 );
 
 const requestFileUpload = limitFunction(
-  async (status: Writable<FileUploadStatus>, form: FormData, thumbnailForm: FormData | null) => {
+  async (status: Writable<FileUploadStatus>, form: FormData) => {
     status.update((value) => {
       value.status = "uploading";
       return value;
@@ -148,15 +144,6 @@ const requestFileUpload = limitFunction(
     });
     const { file }: FileUploadResponse = res.data;
 
-    if (thumbnailForm) {
-      try {
-        await axios.post(`/api/file/${file}/thumbnail/upload`, thumbnailForm);
-      } catch (e) {
-        // TODO
-        console.error(e);
-      }
-    }
-
     status.update((value) => {
       value.status = "uploaded";
       return value;
@@ -173,9 +160,7 @@ export const uploadFile = async (
   hmacSecret: HmacSecret,
   masterKey: MasterKey,
   onDuplicate: () => Promise<boolean>,
-): Promise<
-  { fileId: number; fileBuffer: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined
-> => {
+): Promise<{ fileId: number; fileBuffer: ArrayBuffer } | undefined> => {
   const status = writable<FileUploadStatus>({
     name: file.name,
     parentId,
@@ -213,7 +198,6 @@ export const uploadFile = async (
       nameEncrypted,
       createdAtEncrypted,
       lastModifiedAtEncrypted,
-      thumbnail,
     } = await encryptFile(status, file, fileBuffer, masterKey);
 
     const form = new FormData();
@@ -234,26 +218,13 @@ export const uploadFile = async (
         createdAtIv: createdAtEncrypted?.iv,
         lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
         lastModifiedAtIv: lastModifiedAtEncrypted.iv,
-      } satisfies FileUploadRequest),
+      } as FileUploadRequest),
     );
     form.set("content", new Blob([fileEncrypted.ciphertext]));
     form.set("checksum", fileEncryptedHash);
 
-    let thumbnailForm = null;
-    if (thumbnail) {
-      thumbnailForm = new FormData();
-      thumbnailForm.set(
-        "metadata",
-        JSON.stringify({
-          dekVersion: dataKeyVersion.toISOString(),
-          contentIv: thumbnail.iv,
-        } satisfies FileThumbnailUploadRequest),
-      );
-      thumbnailForm.set("content", new Blob([thumbnail.ciphertext]));
-    }
-
-    const { fileId } = await requestFileUpload(status, form, thumbnailForm);
-    return { fileId, fileBuffer, thumbnailBuffer: thumbnail?.plaintext };
+    const { fileId } = await requestFileUpload(status, form);
+    return { fileId, fileBuffer };
   } catch (e) {
     status.update((value) => {
       value.status = "error";

src/lib/modules/filesystem.ts

@@ -1,5 +1,5 @@
-import { TRPCClientError } from "@trpc/client";
 import { get, writable, type Writable } from "svelte/store";
+import { callGetApi } from "$lib/hooks";
 import {
   getDirectoryInfos as getDirectoryInfosFromIndexedDB,
   getDirectoryInfo as getDirectoryInfoFromIndexedDB,
@@ -12,18 +12,21 @@ import {
   getCategoryInfos as getCategoryInfosFromIndexedDB,
   getCategoryInfo as getCategoryInfoFromIndexedDB,
   storeCategoryInfo,
-  updateCategoryInfo as updateCategoryInfoInIndexedDB,
   deleteCategoryInfo,
   type DirectoryId,
   type CategoryId,
 } from "$lib/indexedDB";
 import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
-import { trpc } from "$trpc/client";
+import type {
+  CategoryInfoResponse,
+  CategoryFileListResponse,
+  DirectoryInfoResponse,
+  FileInfoResponse,
+} from "$lib/server/schemas";
 
 export type DirectoryInfo =
   | {
       id: "root";
-      parentId?: undefined;
       dataKey?: undefined;
       dataKeyVersion?: undefined;
       name?: undefined;
@@ -32,7 +35,6 @@ export type DirectoryInfo =
     }
   | {
       id: number;
-      parentId: DirectoryId;
       dataKey?: CryptoKey;
       dataKeyVersion?: Date;
       name: string;
@@ -42,7 +44,6 @@ export type DirectoryInfo =
 
 export interface FileInfo {
   id: number;
-  parentId: DirectoryId;
   dataKey?: CryptoKey;
   dataKeyVersion?: Date;
   contentType: string;
@@ -61,7 +62,6 @@ export type CategoryInfo =
       name?: undefined;
       subCategoryIds: number[];
       files?: undefined;
-      isFileRecursive?: undefined;
     }
   | {
       id: number;
@@ -70,7 +70,6 @@ export type CategoryInfo =
       name: string;
       subCategoryIds: number[];
       files: { id: number; isRecursive: boolean }[];
-      isFileRecursive: boolean;
     };
 
 const directoryInfoStore = new Map<DirectoryId, Writable<DirectoryInfo | null>>();
@@ -95,13 +94,7 @@ const fetchDirectoryInfoFromIndexedDB = async (
     info.set({ id, subDirectoryIds, fileIds });
   } else {
     if (!directory) return;
-    info.set({
-      id,
-      parentId: directory.parentId,
-      name: directory.name,
-      subDirectoryIds,
-      fileIds,
-    });
+    info.set({ id, name: directory.name, subDirectoryIds, fileIds });
   }
 };
 
@@ -110,19 +103,20 @@ const fetchDirectoryInfoFromServer = async (
   info: Writable<DirectoryInfo | null>,
   masterKey: CryptoKey,
 ) => {
-  let data;
-  try {
-    data = await trpc().directory.get.query({ id });
-  } catch (e) {
-    if (e instanceof TRPCClientError && e.data?.code === "NOT_FOUND") {
-      info.set(null);
-      await deleteDirectoryInfo(id as number);
-      return;
-    }
+  const res = await callGetApi(`/api/directory/${id}`);
+  if (res.status === 404) {
+    info.set(null);
+    await deleteDirectoryInfo(id as number);
+    return;
+  } else if (!res.ok) {
     throw new Error("Failed to fetch directory information");
   }
 
-  const { metadata, subDirectories: subDirectoryIds, files: fileIds } = data;
+  const {
+    metadata,
+    subDirectories: subDirectoryIds,
+    files: fileIds,
+  }: DirectoryInfoResponse = await res.json();
 
   if (id === "root") {
     info.set({ id, subDirectoryIds, fileIds });
@@ -132,7 +126,6 @@ const fetchDirectoryInfoFromServer = async (
 
     info.set({
       id,
-      parentId: metadata!.parent,
       dataKey,
       dataKeyVersion: new Date(metadata!.dekVersion),
       name,
@@ -183,17 +176,16 @@ const fetchFileInfoFromServer = async (
   info: Writable<FileInfo | null>,
   masterKey: CryptoKey,
 ) => {
-  let metadata;
-  try {
-    metadata = await trpc().file.get.query({ id });
-  } catch (e) {
-    if (e instanceof TRPCClientError && e.data?.code === "NOT_FOUND") {
-      info.set(null);
-      await deleteFileInfo(id);
-      return;
-    }
+  const res = await callGetApi(`/api/file/${id}`);
+  if (res.status === 404) {
+    info.set(null);
+    await deleteFileInfo(id);
+    return;
+  } else if (!res.ok) {
     throw new Error("Failed to fetch file information");
   }
+
+  const metadata: FileInfoResponse = await res.json();
   const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
 
   const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
@@ -209,7 +201,6 @@ const fetchFileInfoFromServer = async (
 
   info.set({
     id,
-    parentId: metadata.parent,
     dataKey,
     dataKeyVersion: new Date(metadata.dekVersion),
     contentType: metadata.contentType,
@@ -264,13 +255,7 @@ const fetchCategoryInfoFromIndexedDB = async (
     info.set({ id, subCategoryIds });
   } else {
     if (!category) return;
-    info.set({
-      id,
-      name: category.name,
-      subCategoryIds,
-      files: category.files,
-      isFileRecursive: category.isFileRecursive,
-    });
+    info.set({ id, name: category.name, subCategoryIds, files: category.files });
   }
 };
 
@@ -279,19 +264,16 @@ const fetchCategoryInfoFromServer = async (
   info: Writable<CategoryInfo | null>,
   masterKey: CryptoKey,
 ) => {
-  let data;
-  try {
-    data = await trpc().category.get.query({ id });
-  } catch (e) {
-    if (e instanceof TRPCClientError && e.data?.code === "NOT_FOUND") {
-      info.set(null);
-      await deleteCategoryInfo(id as number);
-      return;
-    }
+  let res = await callGetApi(`/api/category/${id}`);
+  if (res.status === 404) {
+    info.set(null);
+    await deleteCategoryInfo(id as number);
+    return;
+  } else if (!res.ok) {
     throw new Error("Failed to fetch category information");
   }
 
-  const { metadata, subCategories } = data;
+  const { metadata, subCategories }: CategoryInfoResponse = await res.json();
 
   if (id === "root") {
     info.set({ id, subCategoryIds: subCategories });
@@ -299,36 +281,27 @@ const fetchCategoryInfoFromServer = async (
     const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
     const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
 
-    let files;
-    try {
-      files = await trpc().category.files.query({ id, recurse: true });
-    } catch {
+    res = await callGetApi(`/api/category/${id}/file/list?recurse=true`);
+    if (!res.ok) {
       throw new Error("Failed to fetch category files");
     }
 
+    const { files }: CategoryFileListResponse = await res.json();
     const filesMapped = files.map(({ file, isRecursive }) => ({ id: file, isRecursive }));
-    let isFileRecursive: boolean | undefined = undefined;
 
-    info.update((value) => {
-      const newValue = {
-        isFileRecursive: false,
-        ...value,
-        id,
-        dataKey,
-        dataKeyVersion: new Date(metadata!.dekVersion),
-        name,
-        subCategoryIds: subCategories,
-        files: filesMapped,
-      };
-      isFileRecursive = newValue.isFileRecursive;
-      return newValue;
+    info.set({
+      id,
+      dataKey,
+      dataKeyVersion: new Date(metadata!.dekVersion),
+      name,
+      subCategoryIds: subCategories,
+      files: filesMapped,
     });
     await storeCategoryInfo({
       id,
       parentId: metadata!.parent,
       name,
       files: filesMapped,
-      isFileRecursive: isFileRecursive!,
     });
   }
 };
@@ -354,17 +327,3 @@ export const getCategoryInfo = (categoryId: CategoryId, masterKey: CryptoKey) =>
   fetchCategoryInfo(categoryId, info, masterKey); // Intended
   return info;
 };
-
-export const updateCategoryInfo = async (
-  categoryId: number,
-  changes: { isFileRecursive?: boolean },
-) => {
-  await updateCategoryInfoInIndexedDB(categoryId, changes);
-  categoryInfoStore.get(categoryId)?.update((value) => {
-    if (!value) return value;
-    if (changes.isFileRecursive !== undefined) {
-      value.isFileRecursive = changes.isFileRecursive;
-    }
-    return value;
-  });
-};

src/lib/modules/key.ts

@@ -1,65 +0,0 @@
-import { z } from "zod";
-import { storeClientKey } from "$lib/indexedDB";
-import type { ClientKeys } from "$lib/stores";
-
-const serializedClientKeysSchema = z.intersection(
-  z.object({
-    generator: z.literal("ArkVault"),
-    exportedAt: z.iso.datetime(),
-  }),
-  z.object({
-    version: z.literal(1),
-    encryptKey: z.base64().nonempty(),
-    decryptKey: z.base64().nonempty(),
-    signKey: z.base64().nonempty(),
-    verifyKey: z.base64().nonempty(),
-  }),
-);
-
-type SerializedClientKeys = z.infer<typeof serializedClientKeysSchema>;
-
-type DeserializedClientKeys = {
-  encryptKeyBase64: string;
-  decryptKeyBase64: string;
-  signKeyBase64: string;
-  verifyKeyBase64: string;
-};
-
-export const serializeClientKeys = ({
-  encryptKeyBase64,
-  decryptKeyBase64,
-  signKeyBase64,
-  verifyKeyBase64,
-}: DeserializedClientKeys) => {
-  return JSON.stringify({
-    version: 1,
-    generator: "ArkVault",
-    exportedAt: new Date().toISOString(),
-    encryptKey: encryptKeyBase64,
-    decryptKey: decryptKeyBase64,
-    signKey: signKeyBase64,
-    verifyKey: verifyKeyBase64,
-  } satisfies SerializedClientKeys);
-};
-
-export const deserializeClientKeys = (serialized: string) => {
-  const zodRes = serializedClientKeysSchema.safeParse(JSON.parse(serialized));
-  if (zodRes.success) {
-    return {
-      encryptKeyBase64: zodRes.data.encryptKey,
-      decryptKeyBase64: zodRes.data.decryptKey,
-      signKeyBase64: zodRes.data.signKey,
-      verifyKeyBase64: zodRes.data.verifyKey,
-    } satisfies DeserializedClientKeys;
-  }
-  return undefined;
-};
-
-export const storeClientKeys = async (clientKeys: ClientKeys) => {
-  await Promise.all([
-    storeClientKey(clientKeys.encryptKey, "encrypt"),
-    storeClientKey(clientKeys.decryptKey, "decrypt"),
-    storeClientKey(clientKeys.signKey, "sign"),
-    storeClientKey(clientKeys.verifyKey, "verify"),
-  ]);
-};

src/lib/modules/opfs.ts

@@ -59,39 +59,3 @@ export const deleteFile = async (path: string) => {
 
   await parentHandle.removeEntry(filename);
 };
-
-const getDirectoryHandle = async (path: string) => {
-  if (!rootHandle) {
-    throw new Error("OPFS not prepared");
-  } else if (path[0] !== "/") {
-    throw new Error("Path must be absolute");
-  }
-
-  const parts = path.split("/");
-  if (parts.length <= 1) {
-    throw new Error("Invalid path");
-  }
-
-  try {
-    let directoryHandle = rootHandle;
-    let parentHandle;
-    for (const part of parts.slice(1)) {
-      if (!part) continue;
-      parentHandle = directoryHandle;
-      directoryHandle = await directoryHandle.getDirectoryHandle(part);
-    }
-    return { directoryHandle, parentHandle };
-  } catch (e) {
-    if (e instanceof DOMException && e.name === "NotFoundError") {
-      return {};
-    }
-    throw e;
-  }
-};
-
-export const deleteDirectory = async (path: string) => {
-  const { directoryHandle, parentHandle } = await getDirectoryHandle(path);
-  if (!parentHandle) return;
-
-  await parentHandle.removeEntry(directoryHandle.name, { recursive: true });
-};

src/lib/modules/thumbnail.ts

@@ -1,127 +0,0 @@
-import { encodeToBase64 } from "$lib/modules/crypto";
-
-const scaleSize = (width: number, height: number, targetSize: number) => {
-  if (width <= targetSize || height <= targetSize) {
-    return { width, height };
-  }
-
-  const scale = targetSize / Math.min(width, height);
-  return {
-    width: Math.round(width * scale),
-    height: Math.round(height * scale),
-  };
-};
-
-const capture = (
-  width: number,
-  height: number,
-  drawer: (context: CanvasRenderingContext2D, width: number, height: number) => void,
-  targetSize = 250,
-) => {
-  return new Promise<Blob>((resolve, reject) => {
-    const canvas = document.createElement("canvas");
-    const { width: scaledWidth, height: scaledHeight } = scaleSize(width, height, targetSize);
-
-    canvas.width = scaledWidth;
-    canvas.height = scaledHeight;
-
-    const context = canvas.getContext("2d");
-    if (!context) {
-      return reject(new Error("Failed to generate thumbnail"));
-    }
-
-    drawer(context, scaledWidth, scaledHeight);
-    canvas.toBlob((blob) => {
-      if (blob && blob.type === "image/webp") {
-        resolve(blob);
-      } else {
-        reject(new Error("Failed to generate thumbnail"));
-      }
-    }, "image/webp");
-  });
-};
-
-const generateImageThumbnail = (imageUrl: string) => {
-  return new Promise<Blob>((resolve, reject) => {
-    const image = new Image();
-    image.onload = () => {
-      capture(image.width, image.height, (context, width, height) => {
-        context.drawImage(image, 0, 0, width, height);
-      })
-        .then(resolve)
-        .catch(reject);
-    };
-    image.onerror = reject;
-
-    image.src = imageUrl;
-  });
-};
-
-export const captureVideoThumbnail = (video: HTMLVideoElement) => {
-  return capture(video.videoWidth, video.videoHeight, (context, width, height) => {
-    context.drawImage(video, 0, 0, width, height);
-  });
-};
-
-const generateVideoThumbnail = (videoUrl: string, time = 0) => {
-  return new Promise<Blob>((resolve, reject) => {
-    const video = document.createElement("video");
-    video.onloadedmetadata = () => {
-      if (video.videoWidth === 0 || video.videoHeight === 0) {
-        return reject();
-      }
-
-      const callbackId = video.requestVideoFrameCallback(() => {
-        captureVideoThumbnail(video).then(resolve).catch(reject);
-        video.cancelVideoFrameCallback(callbackId);
-      });
-      video.currentTime = Math.min(time, video.duration);
-    };
-    video.onerror = reject;
-
-    video.muted = true;
-    video.playsInline = true;
-    video.src = videoUrl;
-  });
-};
-
-export const generateThumbnail = async (fileBuffer: ArrayBuffer, fileType: string) => {
-  let url;
-  try {
-    if (fileType.startsWith("image/")) {
-      const fileBlob = new Blob([fileBuffer], { type: fileType });
-      url = URL.createObjectURL(fileBlob);
-
-      try {
-        return await generateImageThumbnail(url);
-      } catch {
-        URL.revokeObjectURL(url);
-        url = undefined;
-
-        if (fileType === "image/heic") {
-          const { default: heic2any } = await import("heic2any");
-          url = URL.createObjectURL(
-            (await heic2any({ blob: fileBlob, toType: "image/png" })) as Blob,
-          );
-          return await generateImageThumbnail(url);
-        } else {
-          return null;
-        }
-      }
-    } else if (fileType.startsWith("video/")) {
-      url = URL.createObjectURL(new Blob([fileBuffer], { type: fileType }));
-      return await generateVideoThumbnail(url);
-    }
-    return null;
-  } catch {
-    return null;
-  } finally {
-    if (url) {
-      URL.revokeObjectURL(url);
-    }
-  }
-};
-
-export const getThumbnailUrl = (thumbnailBuffer: ArrayBuffer) => {
-  return `data:image/webp;base64,${encodeToBase64(thumbnailBuffer)}`;
-};

src/lib/modules/util.ts

@@ -7,13 +7,6 @@ export const formatDate = (date: Date) => {
   return `${year}. ${month}. ${day}.`;
 };
 
-export const formatDateSortable = (date: Date) => {
-  const year = date.getFullYear();
-  const month = pad2(date.getMonth() + 1);
-  const day = pad2(date.getDate());
-  return `${year}${month}${day}`;
-};
-
 export const formatDateTime = (date: Date) => {
   const dateFormatted = formatDate(date);
   const hours = date.getHours();
@@ -39,3 +32,32 @@ export const truncateString = (str: string, maxLength = 20) => {
   if (str.length <= maxLength) return str;
   return `${str.slice(0, maxLength)}...`;
 };
+
+export enum SortBy {
+  NAME_ASC,
+  NAME_DESC,
+}
+
+type SortFunc = (a?: string, b?: string) => number;
+
+const collator = new Intl.Collator(undefined, { numeric: true, sensitivity: "base" });
+
+const sortByNameAsc: SortFunc = (a, b) => {
+  if (a && b) return collator.compare(a, b);
+  if (a) return -1;
+  if (b) return 1;
+  return 0;
+};
+
+const sortByNameDesc: SortFunc = (a, b) => -sortByNameAsc(a, b);
+
+export const sortEntries = <T extends { name?: string }>(entries: T[], sortBy: SortBy) => {
+  let sortFunc: SortFunc;
+  if (sortBy === SortBy.NAME_ASC) {
+    sortFunc = sortByNameAsc;
+  } else {
+    sortFunc = sortByNameDesc;
+  }
+
+  entries.sort((a, b) => sortFunc(a.name, b.name));
+};

src/lib/server/db/client.ts

@@ -98,6 +98,22 @@ export const createUserClient = async (userId: number, clientId: number) => {
   }
 };
 
+export const getAllUserClients = async (userId: number) => {
+  const userClients = await db
+    .selectFrom("user_client")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .execute();
+  return userClients.map(
+    ({ user_id, client_id, state }) =>
+      ({
+        userId: user_id,
+        clientId: client_id,
+        state,
+      }) satisfies UserClient,
+  );
+};
+
 export const getUserClient = async (userId: number, clientId: number) => {
   const userClient = await db
     .selectFrom("user_client")
@@ -162,7 +178,7 @@ export const registerUserClientChallenge = async (
   allowedIp: string,
   expiresAt: Date,
 ) => {
-  const { id } = await db
+  await db
     .insertInto("user_client_challenge")
     .values({
       user_id: userId,
@@ -171,25 +187,19 @@ export const registerUserClientChallenge = async (
       allowed_ip: allowedIp,
       expires_at: expiresAt,
     })
-    .returning("id")
-    .executeTakeFirstOrThrow();
-  return { id };
+    .execute();
 };
 
-export const consumeUserClientChallenge = async (
-  challengeId: number,
-  userId: number,
-  ip: string,
-) => {
+export const consumeUserClientChallenge = async (userId: number, answer: string, ip: string) => {
   const challenge = await db
     .deleteFrom("user_client_challenge")
-    .where("id", "=", challengeId)
     .where("user_id", "=", userId)
+    .where("answer", "=", answer)
     .where("allowed_ip", "=", ip)
     .where("expires_at", ">", new Date())
-    .returning(["client_id", "answer"])
+    .returning("client_id")
     .executeTakeFirst();
-  return challenge ? { clientId: challenge.client_id, answer: challenge.answer } : null;
+  return challenge ? { clientId: challenge.client_id } : null;
 };
 
 export const cleanupExpiredUserClientChallenges = async () => {

src/lib/server/db/file.ts

@@ -163,24 +163,16 @@ export const unregisterDirectory = async (userId: number, directoryId: number) =
     .setIsolationLevel("repeatable read") // TODO: Sufficient?
     .execute(async (trx) => {
       const unregisterFiles = async (parentId: number) => {
-        const files = await trx
-          .selectFrom("file")
-          .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
-          .select(["file.id", "file.path", "thumbnail.path as thumbnailPath"])
-          .where("file.parent_id", "=", parentId)
-          .where("file.user_id", "=", userId)
-          .forUpdate("file")
-          .execute();
-        await trx
+        return await trx
           .deleteFrom("file")
           .where("parent_id", "=", parentId)
           .where("user_id", "=", userId)
+          .returning(["id", "path"])
           .execute();
-        return files;
       };
       const unregisterDirectoryRecursively = async (
         directoryId: number,
-      ): Promise<{ id: number; path: string; thumbnailPath: string | null }[]> => {
+      ): Promise<{ id: number; path: string }[]> => {
         const files = await unregisterFiles(directoryId);
         const subDirectories = await trx
           .selectFrom("directory")
@@ -335,17 +327,11 @@ export const getAllFilesByCategory = async (
     .where("user_id", "=", userId)
     .where("file_id", "is not", null)
     .$narrowType<{ file_id: NotNull }>()
-    .orderBy("file_id")
-    .orderBy("depth")
+    .orderBy(["file_id", "depth"])
     .execute();
   return files.map(({ file_id, depth }) => ({ id: file_id, isRecursive: depth > 0 }));
 };
 
-export const getAllFileIds = async (userId: number) => {
-  const files = await db.selectFrom("file").select("id").where("user_id", "=", userId).execute();
-  return files.map(({ id }) => id);
-};
-
 export const getAllFileIdsByContentHmac = async (
   userId: number,
   hskVersion: number,
@@ -358,7 +344,7 @@ export const getAllFileIdsByContentHmac = async (
     .where("hmac_secret_key_version", "=", hskVersion)
     .where("content_hmac", "=", contentHmac)
     .execute();
-  return files.map(({ id }) => id);
+  return files.map(({ id }) => ({ id }));
 };
 
 export const getFile = async (userId: number, fileId: number) => {
@@ -430,22 +416,16 @@ export const setFileEncName = async (
 };
 
 export const unregisterFile = async (userId: number, fileId: number) => {
-  return await db.transaction().execute(async (trx) => {
-    const file = await trx
-      .selectFrom("file")
-      .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
-      .select(["file.path", "thumbnail.path as thumbnailPath"])
-      .where("file.id", "=", fileId)
-      .where("file.user_id", "=", userId)
-      .forUpdate("file")
-      .executeTakeFirst();
-    if (!file) {
-      throw new IntegrityError("File not found");
-    }
-
-    await trx.deleteFrom("file").where("id", "=", fileId).execute();
-    return file;
-  });
+  const file = await db
+    .deleteFrom("file")
+    .where("id", "=", fileId)
+    .where("user_id", "=", userId)
+    .returning("path")
+    .executeTakeFirst();
+  if (!file) {
+    throw new IntegrityError("File not found");
+  }
+  return { path: file.path };
 };
 
 export const addFileToCategory = async (fileId: number, categoryId: number) => {

src/lib/server/db/index.ts

@@ -1,10 +0,0 @@
-export * as CategoryRepo from "./category";
-export * as ClientRepo from "./client";
-export * as FileRepo from "./file";
-export * as HskRepo from "./hsk";
-export * as MediaRepo from "./media";
-export * as MekRepo from "./mek";
-export * as SessionRepo from "./session";
-export * as UserRepo from "./user";
-
-export * from "./error";

src/lib/server/db/media.ts

@@ -1,110 +0,0 @@
-import type { NotNull } from "kysely";
-import { IntegrityError } from "./error";
-import db from "./kysely";
-
-interface Thumbnail {
-  id: number;
-  path: string;
-  updatedAt: Date;
-  encContentIv: string;
-}
-
-interface FileThumbnail extends Thumbnail {
-  fileId: number;
-}
-
-export const updateFileThumbnail = async (
-  userId: number,
-  fileId: number,
-  dekVersion: Date,
-  path: string,
-  encContentIv: string,
-) => {
-  return await db.transaction().execute(async (trx) => {
-    const file = await trx
-      .selectFrom("file")
-      .select("data_encryption_key_version")
-      .where("id", "=", fileId)
-      .where("user_id", "=", userId)
-      .limit(1)
-      .forUpdate()
-      .executeTakeFirst();
-    if (!file) {
-      throw new IntegrityError("File not found");
-    } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
-      throw new IntegrityError("Invalid DEK version");
-    }
-
-    const thumbnail = await trx
-      .selectFrom("thumbnail")
-      .select("path as oldPath")
-      .where("file_id", "=", fileId)
-      .limit(1)
-      .forUpdate()
-      .executeTakeFirst();
-    const now = new Date();
-
-    await trx
-      .insertInto("thumbnail")
-      .values({
-        file_id: fileId,
-        path,
-        updated_at: now,
-        encrypted_content_iv: encContentIv,
-      })
-      .onConflict((oc) =>
-        oc.column("file_id").doUpdateSet({
-          path,
-          updated_at: now,
-          encrypted_content_iv: encContentIv,
-        }),
-      )
-      .execute();
-    return thumbnail?.oldPath ?? null;
-  });
-};
-
-export const getFileThumbnail = async (userId: number, fileId: number) => {
-  const thumbnail = await db
-    .selectFrom("thumbnail")
-    .innerJoin("file", "thumbnail.file_id", "file.id")
-    .selectAll("thumbnail")
-    .where("file.id", "=", fileId)
-    .where("file.user_id", "=", userId)
-    .$narrowType<{ file_id: NotNull }>()
-    .limit(1)
-    .executeTakeFirst();
-  return thumbnail
-    ? ({
-        id: thumbnail.id,
-        fileId: thumbnail.file_id,
-        path: thumbnail.path,
-        encContentIv: thumbnail.encrypted_content_iv,
-        updatedAt: thumbnail.updated_at,
-      } satisfies FileThumbnail)
-    : null;
-};
-
-export const getMissingFileThumbnails = async (userId: number, limit: number = 100) => {
-  const files = await db
-    .selectFrom("file")
-    .select("id")
-    .where("user_id", "=", userId)
-    .where((eb) =>
-      eb.or([eb("content_type", "like", "image/%"), eb("content_type", "like", "video/%")]),
-    )
-    .where((eb) =>
-      eb.not(
-        eb.exists(
-          eb
-            .selectFrom("thumbnail")
-            .select("thumbnail.id")
-            .whereRef("thumbnail.file_id", "=", "file.id")
-            .limit(1),
-        ),
-      ),
-    )
-    .limit(limit)
-    .execute();
-  return files.map(({ id }) => id);
-};

src/lib/server/db/mek.ts

@@ -60,6 +60,19 @@ export const registerInitialMek = async (
   });
 };
 
+export const getInitialMek = async (userId: number) => {
+  const mek = await db
+    .selectFrom("master_encryption_key")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .where("version", "=", 1)
+    .limit(1)
+    .executeTakeFirst();
+  return mek
+    ? ({ userId: mek.user_id, version: mek.version, state: mek.state } satisfies Mek)
+    : null;
+};
+
 export const getAllValidClientMeks = async (userId: number, clientId: number) => {
   const clientMeks = await db
     .selectFrom("client_master_encryption_key")

src/lib/server/db/migrations/1738409340-AddThumbnail.ts

@@ -1,31 +0,0 @@
-import { Kysely, sql } from "kysely";
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export const up = async (db: Kysely<any>) => {
-  // media.ts
-  await db.schema
-    .createTable("thumbnail")
-    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
-    .addColumn("directory_id", "integer", (col) =>
-      col.references("directory.id").onDelete("cascade").unique(),
-    )
-    .addColumn("file_id", "integer", (col) =>
-      col.references("file.id").onDelete("cascade").unique(),
-    )
-    .addColumn("category_id", "integer", (col) =>
-      col.references("category.id").onDelete("cascade").unique(),
-    )
-    .addColumn("path", "text", (col) => col.unique().notNull())
-    .addColumn("updated_at", "timestamp(3)", (col) => col.notNull())
-    .addColumn("encrypted_content_iv", "text", (col) => col.notNull())
-    .addCheckConstraint(
-      "thumbnail_ck01",
-      sql`(file_id IS NOT NULL)::integer + (directory_id IS NOT NULL)::integer + (category_id IS NOT NULL)::integer = 1`,
-    )
-    .execute();
-};
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export const down = async (db: Kysely<any>) => {
-  await db.schema.dropTable("thumbnail").execute();
-};

src/lib/server/db/migrations/index.ts

@@ -1,9 +1,7 @@
 import * as Initial1737357000 from "./1737357000-Initial";
 import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory";
-import * as AddThumbnail1738409340 from "./1738409340-AddThumbnail";
 
 export default {
   "1737357000-Initial": Initial1737357000,
   "1737422340-AddFileCategory": AddFileCategory1737422340,
-  "1738409340-AddThumbnail": AddThumbnail1738409340,
 };

src/lib/server/db/schema/index.ts

@@ -2,7 +2,6 @@ export * from "./category";
 export * from "./client";
 export * from "./file";
 export * from "./hsk";
-export * from "./media";
 export * from "./mek";
 export * from "./session";
 export * from "./user";

src/lib/server/db/schema/media.ts

@@ -1,17 +0,0 @@
-import type { Generated } from "kysely";
-
-interface ThumbnailTable {
-  id: Generated<number>;
-  directory_id: number | null;
-  file_id: number | null;
-  category_id: number | null;
-  path: string;
-  updated_at: Date;
-  encrypted_content_iv: string; // Base64
-}
-
-declare module "./index" {
-  interface Database {
-    thumbnail: ThumbnailTable;
-  }
-}

src/lib/server/db/session.ts

@@ -5,22 +5,31 @@ import db from "./kysely";
 
 export const createSession = async (
   userId: number,
+  clientId: number | null,
   sessionId: string,
   ip: string | null,
   agent: string | null,
 ) => {
-  const now = new Date();
-  await db
-    .insertInto("session")
-    .values({
-      id: sessionId,
-      user_id: userId,
-      created_at: now,
-      last_used_at: now,
-      last_used_by_ip: ip || null,
-      last_used_by_agent: agent || null,
-    })
-    .execute();
+  try {
+    const now = new Date();
+    await db
+      .insertInto("session")
+      .values({
+        id: sessionId,
+        user_id: userId,
+        client_id: clientId,
+        created_at: now,
+        last_used_at: now,
+        last_used_by_ip: ip || null,
+        last_used_by_agent: agent || null,
+      })
+      .execute();
+  } catch (e) {
+    if (e instanceof pg.DatabaseError && e.code === "23505") {
+      throw new IntegrityError("Session already exists");
+    }
+    throw e;
+  }
 };
 
 export const refreshSession = async (
@@ -46,37 +55,15 @@ export const refreshSession = async (
   return { userId: session.user_id, clientId: session.client_id };
 };
 
-export const upgradeSession = async (
-  userId: number,
-  sessionId: string,
-  clientId: number,
-  force: boolean,
-) => {
-  try {
-    await db.transaction().execute(async (trx) => {
-      if (force) {
-        await trx
-          .deleteFrom("session")
-          .where("id", "!=", sessionId)
-          .where("user_id", "=", userId)
-          .where("client_id", "=", clientId)
-          .execute();
-      }
-      const res = await trx
-        .updateTable("session")
-        .set({ client_id: clientId })
-        .where("id", "=", sessionId)
-        .where("client_id", "is", null)
-        .executeTakeFirst();
-      if (res.numUpdatedRows === 0n) {
-        throw new IntegrityError("Session not found");
-      }
-    });
-  } catch (e) {
-    if (e instanceof pg.DatabaseError && e.code === "23505") {
-      throw new IntegrityError("Session already exists");
-    }
-    throw e;
+export const upgradeSession = async (sessionId: string, clientId: number) => {
+  const res = await db
+    .updateTable("session")
+    .set({ client_id: clientId })
+    .where("id", "=", sessionId)
+    .where("client_id", "is", null)
+    .executeTakeFirst();
+  if (res.numUpdatedRows === 0n) {
+    throw new IntegrityError("Session not found");
   }
 };
 
@@ -107,7 +94,7 @@ export const registerSessionUpgradeChallenge = async (
   expiresAt: Date,
 ) => {
   try {
-    const { id } = await db
+    await db
       .insertInto("session_upgrade_challenge")
       .values({
         session_id: sessionId,
@@ -116,9 +103,7 @@ export const registerSessionUpgradeChallenge = async (
         allowed_ip: allowedIp,
         expires_at: expiresAt,
       })
-      .returning("id")
-      .executeTakeFirstOrThrow();
-    return { id };
+      .execute();
   } catch (e) {
     if (e instanceof pg.DatabaseError && e.code === "23505") {
       throw new IntegrityError("Challenge already registered");
@@ -128,19 +113,19 @@ export const registerSessionUpgradeChallenge = async (
 };
 
 export const consumeSessionUpgradeChallenge = async (
-  challengeId: number,
   sessionId: string,
+  answer: string,
   ip: string,
 ) => {
   const challenge = await db
     .deleteFrom("session_upgrade_challenge")
-    .where("id", "=", challengeId)
     .where("session_id", "=", sessionId)
+    .where("answer", "=", answer)
     .where("allowed_ip", "=", ip)
     .where("expires_at", ">", new Date())
-    .returning(["client_id", "answer"])
+    .returning("client_id")
     .executeTakeFirst();
-  return challenge ? { clientId: challenge.client_id, answer: challenge.answer } : null;
+  return challenge ? { clientId: challenge.client_id } : null;
 };
 
 export const cleanupExpiredSessionUpgradeChallenges = async () => {

src/lib/server/db/user.ts

@@ -27,6 +27,10 @@ export const getUserByEmail = async (email: string) => {
   return user ? (user satisfies User) : null;
 };
 
+export const setUserNickname = async (userId: number, nickname: string) => {
+  await db.updateTable("user").set({ nickname }).where("id", "=", userId).execute();
+};
+
 export const setUserPassword = async (userId: number, password: string) => {
   await db.updateTable("user").set({ password }).where("id", "=", userId).execute();
 };

src/lib/server/loadenv.ts

@@ -25,5 +25,4 @@ export default {
     sessionUpgradeExp: ms(env.SESSION_UPGRADE_CHALLENGE_EXPIRES || "5m"),
   },
   libraryPath: env.LIBRARY_PATH || "library",
-  thumbnailsPath: env.THUMBNAILS_PATH || "thumbnails",
 };

src/lib/server/middlewares/authenticate.ts

@@ -1,7 +1,12 @@
 import { error, redirect, type Handle } from "@sveltejs/kit";
-import { cookieOptions, authenticate, AuthenticationError } from "$lib/server/modules/auth";
+import { authenticate, AuthenticationError } from "$lib/server/modules/auth";
 
 export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
+  const { pathname, search } = event.url;
+  if (pathname === "/api/auth/login") {
+    return await resolve(event);
+  }
+
   try {
     const sessionIdSigned = event.cookies.get("sessionId");
     if (!sessionIdSigned) {
@@ -10,11 +15,9 @@ export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
 
     const { ip, userAgent } = event.locals;
     event.locals.session = await authenticate(sessionIdSigned, ip, userAgent);
-    event.cookies.set("sessionId", sessionIdSigned, cookieOptions);
   } catch (e) {
     if (e instanceof AuthenticationError) {
-      const { pathname, search } = event.url;
-      if (pathname === "/auth/login" || pathname.startsWith("/api/trpc")) {
+      if (pathname === "/auth/login") {
         return await resolve(event);
       } else if (pathname.startsWith("/api")) {
         error(e.status, e.message);

src/lib/server/modules/auth.ts

@@ -1,25 +1,20 @@
 import { error } from "@sveltejs/kit";
-import { ClientRepo, SessionRepo, IntegrityError } from "$lib/server/db";
+import { getUserClient } from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import { createSession, refreshSession } from "$lib/server/db/session";
 import env from "$lib/server/loadenv";
-import { verifySessionId } from "$lib/server/modules/crypto";
+import { issueSessionId, verifySessionId } from "$lib/server/modules/crypto";
 
-export interface Session {
+interface Session {
   sessionId: string;
   userId: number;
   clientId?: number;
 }
 
-export interface ClientSession extends Session {
+interface ClientSession extends Session {
   clientId: number;
 }
 
-export type SessionPermission =
-  | "any"
-  | "notClient"
-  | "anyClient"
-  | "pendingClient"
-  | "activeClient";
-
 export class AuthenticationError extends Error {
   constructor(
     public status: 400 | 401,
@@ -30,22 +25,11 @@ export class AuthenticationError extends Error {
   }
 }
 
-export class AuthorizationError extends Error {
-  constructor(
-    public status: 403 | 500,
-    message: string,
-  ) {
-    super(message);
-    this.name = "AuthorizationError";
-  }
-}
-
-export const cookieOptions = {
-  path: "/",
-  maxAge: env.session.exp / 1000,
-  secure: true,
-  sameSite: "strict",
-} as const;
+export const startSession = async (userId: number, ip: string, userAgent: string) => {
+  const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
+  await createSession(userId, null, sessionId, ip, userAgent);
+  return sessionIdSigned;
+};
 
 export const authenticate = async (sessionIdSigned: string, ip: string, userAgent: string) => {
   const sessionId = verifySessionId(sessionIdSigned, env.session.secret);
@@ -54,7 +38,7 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
   }
 
   try {
-    const { userId, clientId } = await SessionRepo.refreshSession(sessionId, ip, userAgent);
+    const { userId, clientId } = await refreshSession(sessionId, ip, userAgent);
     return {
       id: sessionId,
       userId,
@@ -68,12 +52,34 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
   }
 };
 
-export const authorizeInternal = async (
+export async function authorize(locals: App.Locals, requiredPermission: "any"): Promise<Session>;
+
+export async function authorize(
   locals: App.Locals,
-  requiredPermission: SessionPermission,
-): Promise<Session> => {
+  requiredPermission: "notClient",
+): Promise<Session>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "anyClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "pendingClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "activeClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "any" | "notClient" | "anyClient" | "pendingClient" | "activeClient",
+): Promise<Session> {
   if (!locals.session) {
-    throw new AuthorizationError(500, "Unauthenticated");
+    error(500, "Unauthenticated");
   }
 
   const { id: sessionId, userId, clientId } = locals.session;
@@ -83,63 +89,39 @@ export const authorizeInternal = async (
       break;
     case "notClient":
       if (clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
       }
       break;
     case "anyClient":
       if (!clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
       }
       break;
     case "pendingClient": {
       if (!clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
       }
-      const userClient = await ClientRepo.getUserClient(userId, clientId);
+      const userClient = await getUserClient(userId, clientId);
       if (!userClient) {
-        throw new AuthorizationError(500, "Invalid session id");
+        error(500, "Invalid session id");
       } else if (userClient.state !== "pending") {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
       }
       break;
     }
     case "activeClient": {
       if (!clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
       }
-      const userClient = await ClientRepo.getUserClient(userId, clientId);
+      const userClient = await getUserClient(userId, clientId);
       if (!userClient) {
-        throw new AuthorizationError(500, "Invalid session id");
+        error(500, "Invalid session id");
       } else if (userClient.state !== "active") {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
       }
       break;
     }
   }
 
   return { sessionId, userId, clientId };
-};
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "any" | "notClient",
-): Promise<Session>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "anyClient" | "pendingClient" | "activeClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: SessionPermission,
-): Promise<Session> {
-  try {
-    return await authorizeInternal(locals, requiredPermission);
-  } catch (e) {
-    if (e instanceof AuthorizationError) {
-      error(e.status, e.message);
-    }
-    throw e;
-  }
 }

src/lib/server/modules/filesystem.ts

@@ -1,7 +0,0 @@
-import { unlink } from "fs/promises";
-
-export const safeUnlink = async (path: string | null | undefined) => {
-  if (path) {
-    await unlink(path).catch(console.error);
-  }
-};

src/lib/server/modules/mek.ts

@@ -0,0 +1,25 @@
+import { error } from "@sveltejs/kit";
+import { getUserClientWithDetails } from "$lib/server/db/client";
+import { getInitialMek } from "$lib/server/db/mek";
+import { verifySignature } from "$lib/server/modules/crypto";
+
+export const isInitialMekNeeded = async (userId: number) => {
+  const initialMek = await getInitialMek(userId);
+  return !initialMek;
+};
+
+export const verifyClientEncMekSig = async (
+  userId: number,
+  clientId: number,
+  version: number,
+  encMek: string,
+  encMekSig: string,
+) => {
+  const userClient = await getUserClientWithDetails(userId, clientId);
+  if (!userClient) {
+    error(500, "Invalid session id");
+  }
+
+  const data = JSON.stringify({ version, key: encMek });
+  return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey);
+};

src/lib/server/schemas/auth.ts

@@ -0,0 +1,30 @@
+import { z } from "zod";
+
+export const passwordChangeRequest = z.object({
+  oldPassword: z.string().trim().nonempty(),
+  newPassword: z.string().trim().nonempty(),
+});
+export type PasswordChangeRequest = z.infer<typeof passwordChangeRequest>;
+
+export const loginRequest = z.object({
+  email: z.string().email(),
+  password: z.string().trim().nonempty(),
+});
+export type LoginRequest = z.infer<typeof loginRequest>;
+
+export const sessionUpgradeRequest = z.object({
+  encPubKey: z.string().base64().nonempty(),
+  sigPubKey: z.string().base64().nonempty(),
+});
+export type SessionUpgradeRequest = z.infer<typeof sessionUpgradeRequest>;
+
+export const sessionUpgradeResponse = z.object({
+  challenge: z.string().base64().nonempty(),
+});
+export type SessionUpgradeResponse = z.infer<typeof sessionUpgradeResponse>;
+
+export const sessionUpgradeVerifyRequest = z.object({
+  answer: z.string().base64().nonempty(),
+  answerSig: z.string().base64().nonempty(),
+});
+export type SessionUpgradeVerifyRequest = z.infer<typeof sessionUpgradeVerifyRequest>;

src/lib/server/schemas/category.ts

@@ -1,3 +1,55 @@
 import { z } from "zod";
 
-export const categoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
+export const categoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+
+export const categoryInfoResponse = z.object({
+  metadata: z
+    .object({
+      parent: categoryIdSchema,
+      mekVersion: z.number().int().positive(),
+      dek: z.string().base64().nonempty(),
+      dekVersion: z.string().datetime(),
+      name: z.string().base64().nonempty(),
+      nameIv: z.string().base64().nonempty(),
+    })
+    .optional(),
+  subCategories: z.number().int().positive().array(),
+});
+export type CategoryInfoResponse = z.infer<typeof categoryInfoResponse>;
+
+export const categoryFileAddRequest = z.object({
+  file: z.number().int().positive(),
+});
+export type CategoryFileAddRequest = z.infer<typeof categoryFileAddRequest>;
+
+export const categoryFileListResponse = z.object({
+  files: z.array(
+    z.object({
+      file: z.number().int().positive(),
+      isRecursive: z.boolean(),
+    }),
+  ),
+});
+export type CategoryFileListResponse = z.infer<typeof categoryFileListResponse>;
+
+export const categoryFileRemoveRequest = z.object({
+  file: z.number().int().positive(),
+});
+export type CategoryFileRemoveRequest = z.infer<typeof categoryFileRemoveRequest>;
+
+export const categoryRenameRequest = z.object({
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type CategoryRenameRequest = z.infer<typeof categoryRenameRequest>;
+
+export const categoryCreateRequest = z.object({
+  parent: categoryIdSchema,
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type CategoryCreateRequest = z.infer<typeof categoryCreateRequest>;

src/lib/server/schemas/client.ts

@@ -0,0 +1,35 @@
+import { z } from "zod";
+
+export const clientListResponse = z.object({
+  clients: z.array(
+    z.object({
+      id: z.number().int().positive(),
+      state: z.enum(["pending", "active"]),
+    }),
+  ),
+});
+export type ClientListResponse = z.infer<typeof clientListResponse>;
+
+export const clientRegisterRequest = z.object({
+  encPubKey: z.string().base64().nonempty(),
+  sigPubKey: z.string().base64().nonempty(),
+});
+export type ClientRegisterRequest = z.infer<typeof clientRegisterRequest>;
+
+export const clientRegisterResponse = z.object({
+  challenge: z.string().base64().nonempty(),
+});
+export type ClientRegisterResponse = z.infer<typeof clientRegisterResponse>;
+
+export const clientRegisterVerifyRequest = z.object({
+  answer: z.string().base64().nonempty(),
+  answerSig: z.string().base64().nonempty(),
+});
+export type ClientRegisterVerifyRequest = z.infer<typeof clientRegisterVerifyRequest>;
+
+export const clientStatusResponse = z.object({
+  id: z.number().int().positive(),
+  state: z.enum(["pending", "active"]),
+  isInitialMekNeeded: z.boolean(),
+});
+export type ClientStatusResponse = z.infer<typeof clientStatusResponse>;

src/lib/server/schemas/directory.ts

@@ -1,3 +1,41 @@
 import { z } from "zod";
 
-export const directoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
+export const directoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+
+export const directoryInfoResponse = z.object({
+  metadata: z
+    .object({
+      parent: directoryIdSchema,
+      mekVersion: z.number().int().positive(),
+      dek: z.string().base64().nonempty(),
+      dekVersion: z.string().datetime(),
+      name: z.string().base64().nonempty(),
+      nameIv: z.string().base64().nonempty(),
+    })
+    .optional(),
+  subDirectories: z.number().int().positive().array(),
+  files: z.number().int().positive().array(),
+});
+export type DirectoryInfoResponse = z.infer<typeof directoryInfoResponse>;
+
+export const directoryDeleteResponse = z.object({
+  deletedFiles: z.number().int().positive().array(),
+});
+export type DirectoryDeleteResponse = z.infer<typeof directoryDeleteResponse>;
+
+export const directoryRenameRequest = z.object({
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type DirectoryRenameRequest = z.infer<typeof directoryRenameRequest>;
+
+export const directoryCreateRequest = z.object({
+  parent: directoryIdSchema,
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type DirectoryCreateRequest = z.infer<typeof directoryCreateRequest>;

src/lib/server/schemas/file.ts

@@ -2,35 +2,68 @@ import mime from "mime";
 import { z } from "zod";
 import { directoryIdSchema } from "./directory";
 
-export const fileThumbnailUploadRequest = z.object({
-  dekVersion: z.iso.datetime(),
-  contentIv: z.base64().nonempty(),
-});
-export type FileThumbnailUploadRequest = z.input<typeof fileThumbnailUploadRequest>;
-
-export const fileUploadRequest = z.object({
+export const fileInfoResponse = z.object({
   parent: directoryIdSchema,
-  mekVersion: z.int().positive(),
-  dek: z.base64().nonempty(),
-  dekVersion: z.iso.datetime(),
-  hskVersion: z.int().positive(),
-  contentHmac: z.base64().nonempty(),
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
   contentType: z
     .string()
     .trim()
     .nonempty()
     .refine((value) => mime.getExtension(value) !== null), // MIME type
-  contentIv: z.base64().nonempty(),
-  name: z.base64().nonempty(),
-  nameIv: z.base64().nonempty(),
-  createdAt: z.base64().nonempty().optional(),
-  createdAtIv: z.base64().nonempty().optional(),
-  lastModifiedAt: z.base64().nonempty(),
-  lastModifiedAtIv: z.base64().nonempty(),
+  contentIv: z.string().base64().nonempty(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+  createdAt: z.string().base64().nonempty().optional(),
+  createdAtIv: z.string().base64().nonempty().optional(),
+  lastModifiedAt: z.string().base64().nonempty(),
+  lastModifiedAtIv: z.string().base64().nonempty(),
+  categories: z.number().int().positive().array(),
 });
-export type FileUploadRequest = z.input<typeof fileUploadRequest>;
+export type FileInfoResponse = z.infer<typeof fileInfoResponse>;
+
+export const fileRenameRequest = z.object({
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type FileRenameRequest = z.infer<typeof fileRenameRequest>;
+
+export const duplicateFileScanRequest = z.object({
+  hskVersion: z.number().int().positive(),
+  contentHmac: z.string().base64().nonempty(),
+});
+export type DuplicateFileScanRequest = z.infer<typeof duplicateFileScanRequest>;
+
+export const duplicateFileScanResponse = z.object({
+  files: z.number().int().positive().array(),
+});
+export type DuplicateFileScanResponse = z.infer<typeof duplicateFileScanResponse>;
+
+export const fileUploadRequest = z.object({
+  parent: directoryIdSchema,
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  hskVersion: z.number().int().positive(),
+  contentHmac: z.string().base64().nonempty(),
+  contentType: z
+    .string()
+    .trim()
+    .nonempty()
+    .refine((value) => mime.getExtension(value) !== null), // MIME type
+  contentIv: z.string().base64().nonempty(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+  createdAt: z.string().base64().nonempty().optional(),
+  createdAtIv: z.string().base64().nonempty().optional(),
+  lastModifiedAt: z.string().base64().nonempty(),
+  lastModifiedAtIv: z.string().base64().nonempty(),
+});
+export type FileUploadRequest = z.infer<typeof fileUploadRequest>;
 
 export const fileUploadResponse = z.object({
-  file: z.int().positive(),
+  file: z.number().int().positive(),
 });
-export type FileUploadResponse = z.output<typeof fileUploadResponse>;
+export type FileUploadResponse = z.infer<typeof fileUploadResponse>;

src/lib/server/schemas/hsk.ts

@@ -0,0 +1,19 @@
+import { z } from "zod";
+
+export const hmacSecretListResponse = z.object({
+  hsks: z.array(
+    z.object({
+      version: z.number().int().positive(),
+      state: z.enum(["active"]),
+      mekVersion: z.number().int().positive(),
+      hsk: z.string().base64().nonempty(),
+    }),
+  ),
+});
+export type HmacSecretListResponse = z.infer<typeof hmacSecretListResponse>;
+
+export const initialHmacSecretRegisterRequest = z.object({
+  mekVersion: z.number().int().positive(),
+  hsk: z.string().base64().nonempty(),
+});
+export type InitialHmacSecretRegisterRequest = z.infer<typeof initialHmacSecretRegisterRequest>;

src/lib/server/schemas/index.ts

@@ -1,3 +1,8 @@
+export * from "./auth";
 export * from "./category";
+export * from "./client";
 export * from "./directory";
 export * from "./file";
+export * from "./hsk";
+export * from "./mek";
+export * from "./user";

src/lib/server/schemas/mek.ts

@@ -0,0 +1,19 @@
+import { z } from "zod";
+
+export const masterKeyListResponse = z.object({
+  meks: z.array(
+    z.object({
+      version: z.number().int().positive(),
+      state: z.enum(["active", "retired"]),
+      mek: z.string().base64().nonempty(),
+      mekSig: z.string().base64().nonempty(),
+    }),
+  ),
+});
+export type MasterKeyListResponse = z.infer<typeof masterKeyListResponse>;
+
+export const initialMasterKeyRegisterRequest = z.object({
+  mek: z.string().base64().nonempty(),
+  mekSig: z.string().base64().nonempty(),
+});
+export type InitialMasterKeyRegisterRequest = z.infer<typeof initialMasterKeyRegisterRequest>;

src/lib/server/schemas/user.ts

@@ -0,0 +1,12 @@
+import { z } from "zod";
+
+export const userInfoResponse = z.object({
+  email: z.string().email(),
+  nickname: z.string().nonempty(),
+});
+export type UserInfoResponse = z.infer<typeof userInfoResponse>;
+
+export const nicknameChangeRequest = z.object({
+  newNickname: z.string().trim().min(2).max(8),
+});
+export type NicknameChangeRequest = z.infer<typeof nicknameChangeRequest>;

src/lib/server/services/auth.ts

@@ -0,0 +1,121 @@
+import { error } from "@sveltejs/kit";
+import argon2 from "argon2";
+import { getClient, getClientByPubKeys, getUserClient } from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  upgradeSession,
+  deleteSession,
+  deleteAllOtherSessions,
+  registerSessionUpgradeChallenge,
+  consumeSessionUpgradeChallenge,
+} from "$lib/server/db/session";
+import { getUser, getUserByEmail, setUserPassword } from "$lib/server/db/user";
+import env from "$lib/server/loadenv";
+import { startSession } from "$lib/server/modules/auth";
+import { verifySignature, generateChallenge } from "$lib/server/modules/crypto";
+
+const hashPassword = async (password: string) => {
+  return await argon2.hash(password);
+};
+
+const verifyPassword = async (hash: string, password: string) => {
+  return await argon2.verify(hash, password);
+};
+
+export const changePassword = async (
+  userId: number,
+  sessionId: string,
+  oldPassword: string,
+  newPassword: string,
+) => {
+  if (oldPassword === newPassword) {
+    error(400, "Same passwords");
+  } else if (newPassword.length < 8) {
+    error(400, "Too short password");
+  }
+
+  const user = await getUser(userId);
+  if (!user) {
+    error(500, "Invalid session id");
+  } else if (!(await verifyPassword(user.password, oldPassword))) {
+    error(403, "Invalid password");
+  }
+
+  await setUserPassword(userId, await hashPassword(newPassword));
+  await deleteAllOtherSessions(userId, sessionId);
+};
+
+export const login = async (email: string, password: string, ip: string, userAgent: string) => {
+  const user = await getUserByEmail(email);
+  if (!user || !(await verifyPassword(user.password, password))) {
+    error(401, "Invalid email or password");
+  }
+
+  try {
+    return { sessionIdSigned: await startSession(user.id, ip, userAgent) };
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Session already exists") {
+      error(403, "Already logged in");
+    }
+    throw e;
+  }
+};
+
+export const logout = async (sessionId: string) => {
+  await deleteSession(sessionId);
+};
+
+export const createSessionUpgradeChallenge = async (
+  sessionId: string,
+  userId: number,
+  ip: string,
+  encPubKey: string,
+  sigPubKey: string,
+) => {
+  const client = await getClientByPubKeys(encPubKey, sigPubKey);
+  const userClient = client ? await getUserClient(userId, client.id) : undefined;
+  if (!client) {
+    error(401, "Invalid public key(s)");
+  } else if (!userClient || userClient.state === "challenging") {
+    error(403, "Unregistered client");
+  }
+
+  const { answer, challenge } = await generateChallenge(32, encPubKey);
+  await registerSessionUpgradeChallenge(
+    sessionId,
+    client.id,
+    answer.toString("base64"),
+    ip,
+    new Date(Date.now() + env.challenge.sessionUpgradeExp),
+  );
+
+  return { challenge: challenge.toString("base64") };
+};
+
+export const verifySessionUpgradeChallenge = async (
+  sessionId: string,
+  ip: string,
+  answer: string,
+  answerSig: string,
+) => {
+  const challenge = await consumeSessionUpgradeChallenge(sessionId, answer, ip);
+  if (!challenge) {
+    error(403, "Invalid challenge answer");
+  }
+
+  const client = await getClient(challenge.clientId);
+  if (!client) {
+    error(500, "Invalid challenge answer");
+  } else if (!verifySignature(Buffer.from(answer, "base64"), answerSig, client.sigPubKey)) {
+    error(403, "Invalid challenge answer signature");
+  }
+
+  try {
+    await upgradeSession(sessionId, client.id);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Session not found") {
+      error(500, "Invalid challenge answer");
+    }
+    throw e;
+  }
+};

src/lib/server/services/category.ts

@@ -0,0 +1,133 @@
+import { error } from "@sveltejs/kit";
+import {
+  registerCategory,
+  getAllCategoriesByParent,
+  getCategory,
+  setCategoryEncName,
+  unregisterCategory,
+  type CategoryId,
+  type NewCategory,
+} from "$lib/server/db/category";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  getAllFilesByCategory,
+  getFile,
+  addFileToCategory,
+  removeFileFromCategory,
+} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
+
+export const getCategoryInformation = async (userId: number, categoryId: CategoryId) => {
+  const category = categoryId !== "root" ? await getCategory(userId, categoryId) : undefined;
+  if (category === null) {
+    error(404, "Invalid category id");
+  }
+
+  const categories = await getAllCategoriesByParent(userId, categoryId);
+  return {
+    metadata: category && {
+      parentId: category.parentId ?? ("root" as const),
+      mekVersion: category.mekVersion,
+      encDek: category.encDek,
+      dekVersion: category.dekVersion,
+      encName: category.encName,
+    },
+    categories: categories.map(({ id }) => id),
+  };
+};
+
+export const deleteCategory = async (userId: number, categoryId: number) => {
+  try {
+    await unregisterCategory(userId, categoryId);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Category not found") {
+      error(404, "Invalid category id");
+    }
+    throw e;
+  }
+};
+
+export const addCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
+  const category = await getCategory(userId, categoryId);
+  const file = await getFile(userId, fileId);
+  if (!category) {
+    error(404, "Invalid category id");
+  } else if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  try {
+    await addFileToCategory(fileId, categoryId);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "File already added to category") {
+      error(400, "File already added");
+    }
+    throw e;
+  }
+};
+
+export const getCategoryFiles = async (userId: number, categoryId: number, recurse: boolean) => {
+  const category = await getCategory(userId, categoryId);
+  if (!category) {
+    error(404, "Invalid category id");
+  }
+
+  const files = await getAllFilesByCategory(userId, categoryId, recurse);
+  return { files };
+};
+
+export const removeCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
+  const category = await getCategory(userId, categoryId);
+  const file = await getFile(userId, fileId);
+  if (!category) {
+    error(404, "Invalid category id");
+  } else if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  try {
+    await removeFileFromCategory(fileId, categoryId);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "File not found in category") {
+      error(400, "File not added");
+    }
+    throw e;
+  }
+};
+
+export const renameCategory = async (
+  userId: number,
+  categoryId: number,
+  dekVersion: Date,
+  newEncName: Ciphertext,
+) => {
+  try {
+    await setCategoryEncName(userId, categoryId, dekVersion, newEncName);
+  } catch (e) {
+    if (e instanceof IntegrityError) {
+      if (e.message === "Category not found") {
+        error(404, "Invalid category id");
+      } else if (e.message === "Invalid DEK version") {
+        error(400, "Invalid DEK version");
+      }
+    }
+    throw e;
+  }
+};
+
+export const createCategory = async (params: NewCategory) => {
+  const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
+  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
+  if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
+    error(400, "Invalid DEK version");
+  }
+
+  try {
+    await registerCategory(params);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
+      error(400, "Inactive MEK version");
+    }
+    throw e;
+  }
+};

src/lib/server/services/client.ts

@@ -0,0 +1,108 @@
+import { error } from "@sveltejs/kit";
+import {
+  createClient,
+  getClient,
+  getClientByPubKeys,
+  createUserClient,
+  getAllUserClients,
+  getUserClient,
+  setUserClientStateToPending,
+  registerUserClientChallenge,
+  consumeUserClientChallenge,
+} from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import { verifyPubKey, verifySignature, generateChallenge } from "$lib/server/modules/crypto";
+import { isInitialMekNeeded } from "$lib/server/modules/mek";
+import env from "$lib/server/loadenv";
+
+export const getUserClientList = async (userId: number) => {
+  const userClients = await getAllUserClients(userId);
+  return {
+    userClients: userClients.map(({ clientId, state }) => ({
+      id: clientId,
+      state: state as "pending" | "active",
+    })),
+  };
+};
+
+const expiresAt = () => new Date(Date.now() + env.challenge.userClientExp);
+
+const createUserClientChallenge = async (
+  ip: string,
+  userId: number,
+  clientId: number,
+  encPubKey: string,
+) => {
+  const { answer, challenge } = await generateChallenge(32, encPubKey);
+  await registerUserClientChallenge(userId, clientId, answer.toString("base64"), ip, expiresAt());
+  return challenge.toString("base64");
+};
+
+export const registerUserClient = async (
+  userId: number,
+  ip: string,
+  encPubKey: string,
+  sigPubKey: string,
+) => {
+  const client = await getClientByPubKeys(encPubKey, sigPubKey);
+  if (client) {
+    try {
+      await createUserClient(userId, client.id);
+      return { challenge: await createUserClientChallenge(ip, userId, client.id, encPubKey) };
+    } catch (e) {
+      if (e instanceof IntegrityError && e.message === "User client already exists") {
+        error(409, "Client already registered");
+      }
+      throw e;
+    }
+  } else {
+    if (encPubKey === sigPubKey) {
+      error(400, "Same public keys");
+    } else if (!verifyPubKey(encPubKey) || !verifyPubKey(sigPubKey)) {
+      error(400, "Invalid public key(s)");
+    }
+
+    try {
+      const { id: clientId } = await createClient(encPubKey, sigPubKey, userId);
+      return { challenge: await createUserClientChallenge(ip, userId, clientId, encPubKey) };
+    } catch (e) {
+      if (e instanceof IntegrityError && e.message === "Public key(s) already registered") {
+        error(409, "Public key(s) already used");
+      }
+      throw e;
+    }
+  }
+};
+
+export const verifyUserClient = async (
+  userId: number,
+  ip: string,
+  answer: string,
+  answerSig: string,
+) => {
+  const challenge = await consumeUserClientChallenge(userId, answer, ip);
+  if (!challenge) {
+    error(403, "Invalid challenge answer");
+  }
+
+  const client = await getClient(challenge.clientId);
+  if (!client) {
+    error(500, "Invalid challenge answer");
+  } else if (!verifySignature(Buffer.from(answer, "base64"), answerSig, client.sigPubKey)) {
+    error(403, "Invalid challenge answer signature");
+  }
+
+  await setUserClientStateToPending(userId, client.id);
+};
+
+export const getUserClientStatus = async (userId: number, clientId: number) => {
+  const userClient = await getUserClient(userId, clientId);
+  if (!userClient) {
+    error(500, "Invalid session id");
+  }
+
+  return {
+    state: userClient.state as "pending" | "active",
+    isInitialMekNeeded: await isInitialMekNeeded(userId),
+  };
+};

src/lib/server/services/directory.ts

@@ -0,0 +1,89 @@
+import { error } from "@sveltejs/kit";
+import { unlink } from "fs/promises";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  registerDirectory,
+  getAllDirectoriesByParent,
+  getDirectory,
+  setDirectoryEncName,
+  unregisterDirectory,
+  getAllFilesByParent,
+  type DirectoryId,
+  type NewDirectory,
+} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
+
+export const getDirectoryInformation = async (userId: number, directoryId: DirectoryId) => {
+  const directory = directoryId !== "root" ? await getDirectory(userId, directoryId) : undefined;
+  if (directory === null) {
+    error(404, "Invalid directory id");
+  }
+
+  const directories = await getAllDirectoriesByParent(userId, directoryId);
+  const files = await getAllFilesByParent(userId, directoryId);
+  return {
+    metadata: directory && {
+      parentId: directory.parentId ?? ("root" as const),
+      mekVersion: directory.mekVersion,
+      encDek: directory.encDek,
+      dekVersion: directory.dekVersion,
+      encName: directory.encName,
+    },
+    directories: directories.map(({ id }) => id),
+    files: files.map(({ id }) => id),
+  };
+};
+
+export const deleteDirectory = async (userId: number, directoryId: number) => {
+  try {
+    const files = await unregisterDirectory(userId, directoryId);
+    return {
+      files: files.map(({ id, path }) => {
+        unlink(path); // Intended
+        return id;
+      }),
+    };
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Directory not found") {
+      error(404, "Invalid directory id");
+    }
+    throw e;
+  }
+};
+
+export const renameDirectory = async (
+  userId: number,
+  directoryId: number,
+  dekVersion: Date,
+  newEncName: Ciphertext,
+) => {
+  try {
+    await setDirectoryEncName(userId, directoryId, dekVersion, newEncName);
+  } catch (e) {
+    if (e instanceof IntegrityError) {
+      if (e.message === "Directory not found") {
+        error(404, "Invalid directory id");
+      } else if (e.message === "Invalid DEK version") {
+        error(400, "Invalid DEK version");
+      }
+    }
+    throw e;
+  }
+};
+
+export const createDirectory = async (params: NewDirectory) => {
+  const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
+  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
+  if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
+    error(400, "Invalid DEK version");
+  }
+
+  try {
+    await registerDirectory(params);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
+      error(400, "Invalid MEK version");
+    }
+    throw e;
+  }
+};

src/lib/server/services/file.ts

@@ -1,17 +1,59 @@
 import { error } from "@sveltejs/kit";
 import { createHash } from "crypto";
 import { createReadStream, createWriteStream } from "fs";
-import { mkdir, stat } from "fs/promises";
+import { mkdir, stat, unlink } from "fs/promises";
 import { dirname } from "path";
 import { Readable } from "stream";
 import { pipeline } from "stream/promises";
 import { v4 as uuidv4 } from "uuid";
-import { FileRepo, MediaRepo, IntegrityError } from "$lib/server/db";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  registerFile,
+  getAllFileIdsByContentHmac,
+  getFile,
+  setFileEncName,
+  unregisterFile,
+  getAllFileCategories,
+  type NewFile,
+} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
 import env from "$lib/server/loadenv";
-import { safeUnlink } from "$lib/server/modules/filesystem";
+
+export const getFileInformation = async (userId: number, fileId: number) => {
+  const file = await getFile(userId, fileId);
+  if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  const categories = await getAllFileCategories(fileId);
+  return {
+    parentId: file.parentId ?? ("root" as const),
+    mekVersion: file.mekVersion,
+    encDek: file.encDek,
+    dekVersion: file.dekVersion,
+    contentType: file.contentType,
+    encContentIv: file.encContentIv,
+    encName: file.encName,
+    encCreatedAt: file.encCreatedAt,
+    encLastModifiedAt: file.encLastModifiedAt,
+    categories: categories.map(({ id }) => id),
+  };
+};
+
+export const deleteFile = async (userId: number, fileId: number) => {
+  try {
+    const { path } = await unregisterFile(userId, fileId);
+    unlink(path); // Intended
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "File not found") {
+      error(404, "Invalid file id");
+    }
+    throw e;
+  }
+};
 
 export const getFileStream = async (userId: number, fileId: number) => {
-  const file = await FileRepo.getFile(userId, fileId);
+  const file = await getFile(userId, fileId);
   if (!file) {
     error(404, "Invalid file id");
   }
@@ -23,56 +65,41 @@ export const getFileStream = async (userId: number, fileId: number) => {
   };
 };
 
-export const getFileThumbnailStream = async (userId: number, fileId: number) => {
-  const thumbnail = await MediaRepo.getFileThumbnail(userId, fileId);
-  if (!thumbnail) {
-    error(404, "File or its thumbnail not found");
-  }
-
-  const { size } = await stat(thumbnail.path);
-  return {
-    encContentStream: Readable.toWeb(createReadStream(thumbnail.path)),
-    encContentSize: size,
-  };
-};
-
-export const uploadFileThumbnail = async (
+export const renameFile = async (
   userId: number,
   fileId: number,
   dekVersion: Date,
-  encContentIv: string,
-  encContentStream: Readable,
+  newEncName: Ciphertext,
 ) => {
-  const path = `${env.thumbnailsPath}/${userId}/${uuidv4()}`;
-  await mkdir(dirname(path), { recursive: true });
-
   try {
-    await pipeline(encContentStream, createWriteStream(path, { flags: "wx", mode: 0o600 }));
-
-    const oldPath = await MediaRepo.updateFileThumbnail(
-      userId,
-      fileId,
-      dekVersion,
-      path,
-      encContentIv,
-    );
-    safeUnlink(oldPath); // Intended
+    await setFileEncName(userId, fileId, dekVersion, newEncName);
   } catch (e) {
-    await safeUnlink(path);
-
     if (e instanceof IntegrityError) {
       if (e.message === "File not found") {
-        error(404, "File not found");
+        error(404, "Invalid file id");
       } else if (e.message === "Invalid DEK version") {
-        error(400, "Mismatched DEK version");
+        error(400, "Invalid DEK version");
       }
     }
     throw e;
   }
 };
 
+export const scanDuplicateFiles = async (
+  userId: number,
+  hskVersion: number,
+  contentHmac: string,
+) => {
+  const fileIds = await getAllFileIdsByContentHmac(userId, hskVersion, contentHmac);
+  return { files: fileIds.map(({ id }) => id) };
+};
+
+const safeUnlink = async (path: string) => {
+  await unlink(path).catch(console.error);
+};
+
 export const uploadFile = async (
-  params: Omit<FileRepo.NewFile, "path" | "encContentHash">,
+  params: Omit<NewFile, "path" | "encContentHash">,
   encContentStream: Readable,
   encContentHash: Promise<string>,
 ) => {
@@ -104,7 +131,7 @@ export const uploadFile = async (
       throw new Error("Invalid checksum");
     }
 
-    const { id: fileId } = await FileRepo.registerFile({
+    const { id: fileId } = await registerFile({
       ...params,
       path,
       encContentHash: hash,

src/lib/server/services/hsk.ts

@@ -0,0 +1,31 @@
+import { error } from "@sveltejs/kit";
+import { IntegrityError } from "$lib/server/db/error";
+import { registerInitialHsk, getAllValidHsks } from "$lib/server/db/hsk";
+
+export const getHskList = async (userId: number) => {
+  const hsks = await getAllValidHsks(userId);
+  return {
+    encHsks: hsks.map(({ version, state, mekVersion, encHsk }) => ({
+      version,
+      state,
+      mekVersion,
+      encHsk,
+    })),
+  };
+};
+
+export const registerInitialActiveHsk = async (
+  userId: number,
+  createdBy: number,
+  mekVersion: number,
+  encHsk: string,
+) => {
+  try {
+    await registerInitialHsk(userId, createdBy, mekVersion, encHsk);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "HSK already registered") {
+      error(409, "Initial HSK already registered");
+    }
+    throw e;
+  }
+};

src/lib/server/services/mek.ts

@@ -0,0 +1,38 @@
+import { error } from "@sveltejs/kit";
+import { setUserClientStateToActive } from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import { registerInitialMek, getAllValidClientMeks } from "$lib/server/db/mek";
+import { verifyClientEncMekSig } from "$lib/server/modules/mek";
+
+export const getClientMekList = async (userId: number, clientId: number) => {
+  const clientMeks = await getAllValidClientMeks(userId, clientId);
+  return {
+    encMeks: clientMeks.map(({ version, state, encMek, encMekSig }) => ({
+      version,
+      state,
+      encMek,
+      encMekSig,
+    })),
+  };
+};
+
+export const registerInitialActiveMek = async (
+  userId: number,
+  createdBy: number,
+  encMek: string,
+  encMekSig: string,
+) => {
+  if (!(await verifyClientEncMekSig(userId, createdBy, 1, encMek, encMekSig))) {
+    error(400, "Invalid signature");
+  }
+
+  try {
+    await registerInitialMek(userId, createdBy, encMek, encMekSig);
+    await setUserClientStateToActive(userId, createdBy);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "MEK already registered") {
+      error(409, "Initial MEK already registered");
+    }
+    throw e;
+  }
+};

src/lib/server/services/user.ts

@@ -0,0 +1,15 @@
+import { error } from "@sveltejs/kit";
+import { getUser, setUserNickname } from "$lib/server/db/user";
+
+export const getUserInformation = async (userId: number) => {
+  const user = await getUser(userId);
+  if (!user) {
+    error(500, "Invalid session id");
+  }
+
+  return { email: user.email, nickname: user.nickname };
+};
+
+export const changeNickname = async (userId: number, nickname: string) => {
+  await setUserNickname(userId, nickname);
+};

src/lib/services/auth.ts

@@ -1,51 +1,30 @@
-import { TRPCClientError } from "@trpc/client";
+import { callPostApi } from "$lib/hooks";
 import { encodeToBase64, decryptChallenge, signMessageRSA } from "$lib/modules/crypto";
-import { trpc } from "$trpc/client";
+import type {
+  SessionUpgradeRequest,
+  SessionUpgradeResponse,
+  SessionUpgradeVerifyRequest,
+} from "$lib/server/schemas";
 
 export const requestSessionUpgrade = async (
   encryptKeyBase64: string,
   decryptKey: CryptoKey,
   verifyKeyBase64: string,
   signKey: CryptoKey,
-  force = false,
 ) => {
-  let id, challenge;
-  try {
-    ({ id, challenge } = await trpc().auth.upgrade.mutate({
-      encPubKey: encryptKeyBase64,
-      sigPubKey: verifyKeyBase64,
-    }));
-  } catch (e) {
-    if (e instanceof TRPCClientError && e.data?.code === "FORBIDDEN") {
-      return [false, "Unregistered client"] as const;
-    }
-    return [false] as const;
-  }
+  let res = await callPostApi<SessionUpgradeRequest>("/api/auth/upgradeSession", {
+    encPubKey: encryptKeyBase64,
+    sigPubKey: verifyKeyBase64,
+  });
+  if (!res.ok) return false;
+
+  const { challenge }: SessionUpgradeResponse = await res.json();
   const answer = await decryptChallenge(challenge, decryptKey);
   const answerSig = await signMessageRSA(answer, signKey);
 
-  try {
-    await trpc().auth.verifyUpgrade.mutate({
-      id,
-      answerSig: encodeToBase64(answerSig),
-      force,
-    });
-  } catch (e) {
-    if (e instanceof TRPCClientError && e.data?.code === "CONFLICT") {
-      return [false, "Already logged in"] as const;
-    }
-    return [false] as const;
-  }
-
-  return [true] as const;
-};
-
-export const requestLogout = async () => {
-  try {
-    await trpc().auth.logout.mutate();
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  res = await callPostApi<SessionUpgradeVerifyRequest>("/api/auth/upgradeSession/verify", {
+    answer: encodeToBase64(answer),
+    answerSig: encodeToBase64(answerSig),
+  });
+  return res.ok;
 };

src/lib/services/category.ts

@@ -1,6 +1,7 @@
+import { callPostApi } from "$lib/hooks";
 import { generateDataKey, wrapDataKey, encryptString } from "$lib/modules/crypto";
+import type { CategoryCreateRequest, CategoryFileRemoveRequest } from "$lib/server/schemas";
 import type { MasterKey } from "$lib/stores";
-import { trpc } from "$trpc/client";
 
 export const requestCategoryCreation = async (
   name: string,
@@ -10,28 +11,21 @@ export const requestCategoryCreation = async (
   const { dataKey, dataKeyVersion } = await generateDataKey();
   const nameEncrypted = await encryptString(name, dataKey);
 
-  try {
-    await trpc().category.create.mutate({
-      parent: parentId,
-      mekVersion: masterKey.version,
-      dek: await wrapDataKey(dataKey, masterKey.key),
-      dekVersion: dataKeyVersion,
-      name: nameEncrypted.ciphertext,
-      nameIv: nameEncrypted.iv,
-    });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<CategoryCreateRequest>("/api/category/create", {
+    parent: parentId,
+    mekVersion: masterKey.version,
+    dek: await wrapDataKey(dataKey, masterKey.key),
+    dekVersion: dataKeyVersion.toISOString(),
+    name: nameEncrypted.ciphertext,
+    nameIv: nameEncrypted.iv,
+  });
+  return res.ok;
 };
 
 export const requestFileRemovalFromCategory = async (fileId: number, categoryId: number) => {
-  try {
-    await trpc().category.removeFile.mutate({ id: categoryId, file: fileId });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<CategoryFileRemoveRequest>(
+    `/api/category/${categoryId}/file/remove`,
+    { file: fileId },
+  );
+  return res.ok;
 };

src/lib/services/file.ts

@@ -1,87 +0,0 @@
-import { getAllFileInfos } from "$lib/indexedDB/filesystem";
-import { decryptData } from "$lib/modules/crypto";
-import {
-  getFileCache,
-  storeFileCache,
-  deleteFileCache,
-  getFileThumbnailCache,
-  storeFileThumbnailCache,
-  deleteFileThumbnailCache,
-  downloadFile,
-} from "$lib/modules/file";
-import { getThumbnailUrl } from "$lib/modules/thumbnail";
-import type { FileThumbnailUploadRequest } from "$lib/server/schemas";
-import { trpc } from "$trpc/client";
-
-export const requestFileDownload = async (
-  fileId: number,
-  fileEncryptedIv: string,
-  dataKey: CryptoKey,
-) => {
-  const cache = await getFileCache(fileId);
-  if (cache) return cache;
-
-  const fileBuffer = await downloadFile(fileId, fileEncryptedIv, dataKey);
-  storeFileCache(fileId, fileBuffer); // Intended
-  return fileBuffer;
-};
-
-export const requestFileThumbnailUpload = async (
-  fileId: number,
-  dataKeyVersion: Date,
-  thumbnailEncrypted: { ciphertext: ArrayBuffer; iv: string },
-) => {
-  const form = new FormData();
-  form.set(
-    "metadata",
-    JSON.stringify({
-      dekVersion: dataKeyVersion.toISOString(),
-      contentIv: thumbnailEncrypted.iv,
-    } satisfies FileThumbnailUploadRequest),
-  );
-  form.set("content", new Blob([thumbnailEncrypted.ciphertext]));
-
-  return await fetch(`/api/file/${fileId}/thumbnail/upload`, { method: "POST", body: form });
-};
-
-export const requestFileThumbnailDownload = async (fileId: number, dataKey?: CryptoKey) => {
-  const cache = await getFileThumbnailCache(fileId);
-  if (cache || !dataKey) return cache;
-
-  let thumbnailInfo;
-  try {
-    thumbnailInfo = await trpc().file.thumbnail.query({ id: fileId });
-  } catch {
-    // TODO: Error Handling
-    return null;
-  }
-  const { contentIv: thumbnailEncryptedIv } = thumbnailInfo;
-
-  const res = await fetch(`/api/file/${fileId}/thumbnail/download`);
-  if (!res.ok) return null;
-
-  const thumbnailEncrypted = await res.arrayBuffer();
-  const thumbnailBuffer = await decryptData(thumbnailEncrypted, thumbnailEncryptedIv, dataKey);
-
-  storeFileThumbnailCache(fileId, thumbnailBuffer); // Intended
-  return getThumbnailUrl(thumbnailBuffer);
-};
-
-export const requestDeletedFilesCleanup = async () => {
-  let liveFiles;
-  try {
-    liveFiles = await trpc().file.list.query();
-  } catch {
-    // TODO: Error Handling
-    return;
-  }
-
-  const liveFilesSet = new Set(liveFiles);
-  const maybeCachedFiles = await getAllFileInfos();
-
-  await Promise.all(
-    maybeCachedFiles
-      .filter(({ id }) => !liveFilesSet.has(id))
-      .flatMap(({ id }) => [deleteFileCache(id), deleteFileThumbnailCache(id)]),
-  );
-};

src/lib/services/key.ts

@@ -1,17 +1,19 @@
-import { TRPCClientError } from "@trpc/client";
+import { callGetApi, callPostApi } from "$lib/hooks";
 import { storeMasterKeys } from "$lib/indexedDB";
 import {
   encodeToBase64,
-  exportRSAKeyToBase64,
   decryptChallenge,
   signMessageRSA,
   unwrapMasterKey,
-  signMasterKeyWrapped,
   verifyMasterKeyWrapped,
 } from "$lib/modules/crypto";
-import { requestSessionUpgrade } from "$lib/services/auth";
-import { masterKeyStore, type ClientKeys } from "$lib/stores";
-import { trpc } from "$trpc/client";
+import type {
+  ClientRegisterRequest,
+  ClientRegisterResponse,
+  ClientRegisterVerifyRequest,
+  MasterKeyListResponse,
+} from "$lib/server/schemas";
+import { masterKeyStore } from "$lib/stores";
 
 export const requestClientRegistration = async (
   encryptKeyBase64: string,
@@ -19,62 +21,28 @@ export const requestClientRegistration = async (
   verifyKeyBase64: string,
   signKey: CryptoKey,
 ) => {
-  try {
-    const { id, challenge } = await trpc().client.register.mutate({
-      encPubKey: encryptKeyBase64,
-      sigPubKey: verifyKeyBase64,
-    });
-    const answer = await decryptChallenge(challenge, decryptKey);
-    const answerSig = await signMessageRSA(answer, signKey);
-    await trpc().client.verify.mutate({
-      id,
-      answerSig: encodeToBase64(answerSig),
-    });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
-};
+  let res = await callPostApi<ClientRegisterRequest>("/api/client/register", {
+    encPubKey: encryptKeyBase64,
+    sigPubKey: verifyKeyBase64,
+  });
+  if (!res.ok) return false;
 
-export const requestClientRegistrationAndSessionUpgrade = async (
-  { encryptKey, decryptKey, signKey, verifyKey }: ClientKeys,
-  force: boolean,
-) => {
-  const encryptKeyBase64 = await exportRSAKeyToBase64(encryptKey);
-  const verifyKeyBase64 = await exportRSAKeyToBase64(verifyKey);
-  const [res, error] = await requestSessionUpgrade(
-    encryptKeyBase64,
-    decryptKey,
-    verifyKeyBase64,
-    signKey,
-    force,
-  );
-  if (error === undefined) return [res] as const;
+  const { challenge }: ClientRegisterResponse = await res.json();
+  const answer = await decryptChallenge(challenge, decryptKey);
+  const answerSig = await signMessageRSA(answer, signKey);
 
-  if (
-    error === "Unregistered client" &&
-    !(await requestClientRegistration(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey))
-  ) {
-    return [false] as const;
-  } else if (error === "Already logged in") {
-    return [false, force ? undefined : error] as const;
-  }
-
-  return [
-    (await requestSessionUpgrade(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey))[0],
-  ] as const;
+  res = await callPostApi<ClientRegisterVerifyRequest>("/api/client/register/verify", {
+    answer: encodeToBase64(answer),
+    answerSig: encodeToBase64(answerSig),
+  });
+  return res.ok;
 };
 
 export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verifyKey: CryptoKey) => {
-  let masterKeysWrapped;
-  try {
-    masterKeysWrapped = await trpc().mek.list.query();
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callGetApi("/api/mek/list");
+  if (!res.ok) return false;
 
+  const { meks: masterKeysWrapped }: MasterKeyListResponse = await res.json();
   const masterKeys = await Promise.all(
     masterKeysWrapped.map(
       async ({ version, state, mek: masterKeyWrapped, mekSig: masterKeyWrappedSig }) => {
@@ -100,36 +68,3 @@ export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verifyKey:
 
   return true;
 };
-
-export const requestInitialMasterKeyAndHmacSecretRegistration = async (
-  masterKeyWrapped: string,
-  hmacSecretWrapped: string,
-  signKey: CryptoKey,
-) => {
-  try {
-    await trpc().mek.registerInitial.mutate({
-      mek: masterKeyWrapped,
-      mekSig: await signMasterKeyWrapped(masterKeyWrapped, 1, signKey),
-    });
-  } catch (e) {
-    if (
-      e instanceof TRPCClientError &&
-      (e.data?.code === "FORBIDDEN" || e.data?.code === "CONFLICT")
-    ) {
-      return true;
-    }
-    // TODO: Error Handling
-    return false;
-  }
-
-  try {
-    await trpc().hsk.registerInitial.mutate({
-      mekVersion: 1,
-      hsk: hmacSecretWrapped,
-    });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
-};

src/lib/utils/index.ts

@@ -1,3 +0,0 @@
-export * from "./format";
-export * from "./gotoStateful";
-export * from "./sort";

src/lib/utils/sort.ts

@@ -1,57 +0,0 @@
-interface SortEntry {
-  name?: string;
-  date?: Date;
-}
-
-export enum SortBy {
-  NAME_ASC,
-  NAME_DESC,
-  DATE_ASC,
-  DATE_DESC,
-}
-
-type SortFunc = (a: SortEntry, b: SortEntry) => number;
-
-const collator = new Intl.Collator(undefined, { numeric: true, sensitivity: "base" });
-
-const sortByNameAsc: SortFunc = ({ name: a }, { name: b }) => {
-  if (a && b) return collator.compare(a, b);
-  if (a) return -1;
-  if (b) return 1;
-  return 0;
-};
-
-const sortByNameDesc: SortFunc = (a, b) => -sortByNameAsc(a, b);
-
-const sortByDateAsc: SortFunc = ({ date: a }, { date: b }) => {
-  if (a && b) return a.getTime() - b.getTime();
-  if (a) return -1;
-  if (b) return 1;
-  return 0;
-};
-
-const sortByDateDesc: SortFunc = (a, b) => -sortByDateAsc(a, b);
-
-export const sortEntries = <T extends SortEntry>(entries: T[], sortBy: SortBy) => {
-  let sortFunc: SortFunc;
-
-  switch (sortBy) {
-    case SortBy.NAME_ASC:
-      sortFunc = sortByNameAsc;
-      break;
-    case SortBy.NAME_DESC:
-      sortFunc = sortByNameDesc;
-      break;
-    case SortBy.DATE_ASC:
-      sortFunc = sortByDateAsc;
-      break;
-    case SortBy.DATE_DESC:
-      sortFunc = sortByDateDesc;
-      break;
-    default:
-      const exhaustive: never = sortBy;
-      sortFunc = exhaustive;
-  }
-
-  entries.sort(sortFunc);
-};

src/routes/(fullscreen)/auth/changePassword/+page.svelte

@@ -6,14 +6,8 @@
 
   let oldPassword = $state("");
   let newPassword = $state("");
-  let confirmPassword = $state("");
 
   const changePassword = async () => {
-    if (newPassword !== confirmPassword) {
-      // TODO: Alert
-      return;
-    }
-
     if (await requestPasswordChange(oldPassword, newPassword)) {
       await goto("/menu");
     }
@@ -36,7 +30,6 @@
 
     <TextInput bind:value={oldPassword} placeholder="기존 비밀번호" type="password" />
     <TextInput bind:value={newPassword} placeholder="새 비밀번호" type="password" />
-    <TextInput bind:value={confirmPassword} placeholder="새 비밀번호 확인" type="password" />
   </TitledDiv>
   <BottomDiv>
     <Button onclick={changePassword} class="w-full">비밀번호 바꾸기</Button>

src/routes/(fullscreen)/auth/changePassword/service.ts

@@ -1,11 +1,10 @@
-import { trpc } from "$trpc/client";
+import { callPostApi } from "$lib/hooks";
+import type { PasswordChangeRequest } from "$lib/server/schemas";
 
 export const requestPasswordChange = async (oldPassword: string, newPassword: string) => {
-  try {
-    await trpc().auth.changePassword.mutate({ oldPassword, newPassword });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<PasswordChangeRequest>("/api/auth/changePassword", {
+    oldPassword,
+    newPassword,
+  });
+  return res.ok;
 };

src/routes/(fullscreen)/auth/login/+page.svelte

@@ -2,57 +2,18 @@
   import { goto } from "$app/navigation";
   import { BottomDiv, Button, FullscreenDiv, TextButton, TextInput } from "$lib/components/atoms";
   import { TitledDiv } from "$lib/components/molecules";
-  import { ForceLoginModal } from "$lib/components/organisms";
   import { clientKeyStore, masterKeyStore } from "$lib/stores";
-  import {
-    requestLogin,
-    requestClientRegistrationAndSessionUpgrade,
-    requestMasterKeyDownload,
-    requestDeletedFilesCleanup,
-    requestLogout,
-  } from "./service";
+  import { requestLogin, requestSessionUpgrade, requestMasterKeyDownload } from "./service";
 
   let { data } = $props();
 
   let email = $state("");
   let password = $state("");
 
-  let isForceLoginModalOpen = $state(false);
-
   const redirect = async (url: string) => {
     return await goto(`${url}?redirect=${encodeURIComponent(data.redirectPath)}`);
   };
 
-  const upgradeSession = async (force: boolean) => {
-    try {
-      const [upgradeRes, upgradeError] = await requestClientRegistrationAndSessionUpgrade(
-        $clientKeyStore!,
-        force,
-      );
-      if (!force && upgradeError === "Already logged in") {
-        isForceLoginModalOpen = true;
-        return;
-      } else if (!upgradeRes) {
-        throw new Error("Failed to upgrade session");
-      }
-
-      // TODO: Multi-user support
-
-      if (
-        $masterKeyStore ||
-        (await requestMasterKeyDownload($clientKeyStore!.decryptKey, $clientKeyStore!.verifyKey))
-      ) {
-        await requestDeletedFilesCleanup();
-        await goto(data.redirectPath);
-      } else {
-        await redirect("/client/pending");
-      }
-    } catch (e) {
-      // TODO
-      throw e;
-    }
-  };
-
   const login = async () => {
     // TODO: Validation
 
@@ -61,7 +22,19 @@
 
       if (!$clientKeyStore) return await redirect("/key/generate");
 
-      await upgradeSession(false);
+      if (!(await requestSessionUpgrade($clientKeyStore)))
+        throw new Error("Failed to upgrade session");
+
+      // TODO: Multi-user support
+
+      if (
+        $masterKeyStore ||
+        (await requestMasterKeyDownload($clientKeyStore.decryptKey, $clientKeyStore.verifyKey))
+      ) {
+        await goto(data.redirectPath);
+      } else {
+        await redirect("/client/pending");
+      }
     } catch (e) {
       // TODO: Alert
       throw e;
@@ -90,9 +63,3 @@
     <TextButton>계정이 없어요</TextButton>
   </BottomDiv>
 </FullscreenDiv>
-
-<ForceLoginModal
-  bind:isOpen={isForceLoginModalOpen}
-  oncancel={requestLogout}
-  onLoginClick={() => upgradeSession(true)}
-/>

src/routes/(fullscreen)/auth/login/service.ts

@@ -1,18 +1,37 @@
-import { trpc } from "$trpc/client";
+import { callPostApi } from "$lib/hooks";
+import { exportRSAKeyToBase64 } from "$lib/modules/crypto";
+import type { LoginRequest } from "$lib/server/schemas";
+import { requestSessionUpgrade as requestSessionUpgradeInternal } from "$lib/services/auth";
+import { requestClientRegistration } from "$lib/services/key";
+import type { ClientKeys } from "$lib/stores";
 
-export { requestLogout } from "$lib/services/auth";
-export { requestDeletedFilesCleanup } from "$lib/services/file";
-export {
-  requestClientRegistrationAndSessionUpgrade,
-  requestMasterKeyDownload,
-} from "$lib/services/key";
+export { requestMasterKeyDownload } from "$lib/services/key";
 
 export const requestLogin = async (email: string, password: string) => {
-  try {
-    await trpc().auth.login.mutate({ email, password });
+  const res = await callPostApi<LoginRequest>("/api/auth/login", { email, password });
+  return res.ok;
+};
+
+export const requestSessionUpgrade = async ({
+  encryptKey,
+  decryptKey,
+  signKey,
+  verifyKey,
+}: ClientKeys) => {
+  const encryptKeyBase64 = await exportRSAKeyToBase64(encryptKey);
+  const verifyKeyBase64 = await exportRSAKeyToBase64(verifyKey);
+  if (await requestSessionUpgradeInternal(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey)) {
     return true;
-  } catch {
-    // TODO: Error Handling
+  }
+
+  if (await requestClientRegistration(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey)) {
+    return await requestSessionUpgradeInternal(
+      encryptKeyBase64,
+      decryptKey,
+      verifyKeyBase64,
+      signKey,
+    );
+  } else {
     return false;
   }
 };

src/routes/(fullscreen)/file/[id]/+page.svelte

@@ -3,7 +3,6 @@
   import { untrack } from "svelte";
   import { get, type Writable } from "svelte/store";
   import { goto } from "$app/navigation";
-  import { page } from "$app/state";
   import { FullscreenDiv } from "$lib/components/atoms";
   import { Categories, IconEntryButton, TopBar } from "$lib/components/molecules";
   import {
@@ -12,20 +11,15 @@
     type FileInfo,
     type CategoryInfo,
   } from "$lib/modules/filesystem";
-  import { captureVideoThumbnail } from "$lib/modules/thumbnail";
   import { fileDownloadStatusStore, isFileDownloading, masterKeyStore } from "$lib/stores";
   import AddToCategoryBottomSheet from "./AddToCategoryBottomSheet.svelte";
   import DownloadStatus from "./DownloadStatus.svelte";
   import {
     requestFileRemovalFromCategory,
     requestFileDownload,
-    requestThumbnailUpload,
     requestFileAdditionToCategory,
   } from "./service";
-  import TopBarMenu from "./TopBarMenu.svelte";
 
-  import IconMoreVert from "~icons/material-symbols/more-vert";
-  import IconCamera from "~icons/material-symbols/camera";
   import IconClose from "~icons/material-symbols/close";
   import IconAddCircle from "~icons/material-symbols/add-circle";
 
@@ -34,7 +28,6 @@
   let info: Writable<FileInfo | null> | undefined = $state();
   let categories: Writable<CategoryInfo | null>[] = $state([]);
 
-  let isMenuOpen = $state(false);
   let isAddToCategoryBottomSheetOpen = $state(false);
 
   let downloadStatus = $derived(
@@ -46,33 +39,22 @@
 
   let isDownloadRequested = $state(false);
   let viewerType: "image" | "video" | undefined = $state();
-  let fileBlob: Blob | undefined = $state();
   let fileBlobUrl: string | undefined = $state();
-  let videoElement: HTMLVideoElement | undefined = $state();
 
   const updateViewer = async (buffer: ArrayBuffer, contentType: string) => {
-    fileBlob = new Blob([buffer], { type: contentType });
-    fileBlobUrl = URL.createObjectURL(fileBlob);
+    const fileBlob = new Blob([buffer], { type: contentType });
+    if (contentType === "image/heic") {
+      const { default: heic2any } = await import("heic2any");
+      fileBlobUrl = URL.createObjectURL(
+        (await heic2any({ blob: fileBlob, toType: "image/jpeg" })) as Blob,
+      );
+    } else if (viewerType) {
+      fileBlobUrl = URL.createObjectURL(fileBlob);
+    }
+
     return fileBlob;
   };
 
-  const convertHeicToJpeg = async () => {
-    if (fileBlob?.type !== "image/heic") return;
-
-    URL.revokeObjectURL(fileBlobUrl!);
-    fileBlobUrl = undefined;
-
-    const { default: heic2any } = await import("heic2any");
-    fileBlobUrl = URL.createObjectURL(
-      (await heic2any({ blob: fileBlob, toType: "image/jpeg" })) as Blob,
-    );
-  };
-
-  const updateThumbnail = async (dataKey: CryptoKey, dataKeyVersion: Date) => {
-    const thumbnail = await captureVideoThumbnail(videoElement!);
-    await requestThumbnailUpload(data.id, thumbnail, dataKey, dataKeyVersion);
-  };
-
   const addToCategory = async (categoryId: number) => {
     await requestFileAdditionToCategory(data.id, categoryId);
     isAddToCategoryBottomSheetOpen = false;
@@ -133,24 +115,7 @@
   <title>파일</title>
 </svelte:head>
 
-<TopBar title={$info?.name}>
-  <!-- svelte-ignore a11y_no_static_element_interactions -->
-  <!-- svelte-ignore a11y_click_events_have_key_events -->
-  <div onclick={(e) => e.stopPropagation()}>
-    <button
-      onclick={() => (isMenuOpen = !isMenuOpen)}
-      class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
-    >
-      <IconMoreVert class="text-2xl" />
-    </button>
-    <TopBarMenu
-      bind:isOpen={isMenuOpen}
-      directoryId={page.url.searchParams.get("from") === "category" ? $info?.parentId : undefined}
-      {fileBlob}
-      filename={$info?.name}
-    />
-  </div>
-</TopBar>
+<TopBar title={$info?.name} />
 <FullscreenDiv>
   <div class="space-y-4 pb-4">
     <DownloadStatus status={downloadStatus} />
@@ -162,23 +127,14 @@
 
         {#if viewerType === "image"}
           {#if fileBlobUrl}
-            <img src={fileBlobUrl} alt={$info.name} onerror={convertHeicToJpeg} />
+            <img src={fileBlobUrl} alt={$info.name} />
           {:else}
             {@render viewerLoading("이미지를 불러오고 있어요.")}
           {/if}
         {:else if viewerType === "video"}
           {#if fileBlobUrl}
-            <div class="flex flex-col space-y-2">
-              <!-- svelte-ignore a11y_media_has_caption -->
-              <video bind:this={videoElement} src={fileBlobUrl} controls muted></video>
-              <IconEntryButton
-                icon={IconCamera}
-                onclick={() => updateThumbnail($info.dataKey!, $info.dataKeyVersion!)}
-                class="w-full"
-              >
-                이 장면을 썸네일로 설정하기
-              </IconEntryButton>
-            </div>
+            <!-- svelte-ignore a11y_media_has_caption -->
+            <video src={fileBlobUrl} controls></video>
           {:else}
             {@render viewerLoading("비디오를 불러오고 있어요.")}
           {/if}

src/routes/(fullscreen)/file/[id]/DownloadStatus.svelte

@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { Writable } from "svelte/store";
+  import { formatNetworkSpeed } from "$lib/modules/util";
   import { isFileDownloading, type FileDownloadStatus } from "$lib/stores";
-  import { formatNetworkSpeed } from "$lib/utils";
 
   interface Props {
     status?: Writable<FileDownloadStatus>;

src/routes/(fullscreen)/file/[id]/TopBarMenu.svelte

@@ -1,59 +0,0 @@
-<script lang="ts">
-  import FileSaver from "file-saver";
-  import type { Component } from "svelte";
-  import type { SvelteHTMLElements } from "svelte/elements";
-  import { fly } from "svelte/transition";
-  import { goto } from "$app/navigation";
-
-  import IconFolderOpen from "~icons/material-symbols/folder-open";
-  import IconCloudDownload from "~icons/material-symbols/cloud-download";
-
-  interface Props {
-    directoryId?: "root" | number;
-    fileBlob?: Blob;
-    filename?: string;
-    isOpen: boolean;
-  }
-
-  let { directoryId, fileBlob, filename, isOpen = $bindable() }: Props = $props();
-</script>
-
-<svelte:window onclick={() => (isOpen = false)} />
-
-{#if isOpen && (directoryId || fileBlob)}
-  <div
-    class="absolute right-2 top-full z-20 space-y-1 rounded-lg bg-white px-1 py-2 shadow-2xl"
-    transition:fly={{ y: -8, duration: 200 }}
-  >
-    <p class="px-3 pt-2 text-sm font-semibold text-gray-600">더보기</p>
-    <div class="flex flex-col">
-      {#snippet menuButton(
-        Icon: Component<SvelteHTMLElements["svg"]>,
-        text: string,
-        onclick: () => void,
-      )}
-        <button {onclick} class="rounded-xl active:bg-gray-100">
-          <div
-            class="flex items-center gap-x-3 px-3 py-2 text-lg text-gray-700 transition active:scale-95"
-          >
-            <Icon />
-            <p class="font-medium">{text}</p>
-          </div>
-        </button>
-      {/snippet}
-
-      {#if directoryId}
-        {@render menuButton(IconFolderOpen, "폴더에서 보기", () =>
-          goto(
-            directoryId === "root" ? "/directory?from=file" : `/directory/${directoryId}?from=file`,
-          ),
-        )}
-      {/if}
-      {#if fileBlob}
-        {@render menuButton(IconCloudDownload, "다운로드", () => {
-          FileSaver.saveAs(fileBlob, filename);
-        })}
-      {/if}
-    </div>
-  </div>
-{/if}

src/routes/(fullscreen)/file/[id]/service.ts

@@ -1,32 +1,25 @@
-import { encryptData } from "$lib/modules/crypto";
-import { storeFileThumbnailCache } from "$lib/modules/file";
-import { requestFileThumbnailUpload } from "$lib/services/file";
-import { trpc } from "$trpc/client";
+import { callPostApi } from "$lib/hooks";
+import { getFileCache, storeFileCache, downloadFile } from "$lib/modules/file";
+import type { CategoryFileAddRequest } from "$lib/server/schemas";
 
 export { requestCategoryCreation, requestFileRemovalFromCategory } from "$lib/services/category";
-export { requestFileDownload } from "$lib/services/file";
 
-export const requestThumbnailUpload = async (
+export const requestFileDownload = async (
   fileId: number,
-  thumbnail: Blob,
+  fileEncryptedIv: string,
   dataKey: CryptoKey,
-  dataKeyVersion: Date,
 ) => {
-  const thumbnailBuffer = await thumbnail.arrayBuffer();
-  const thumbnailEncrypted = await encryptData(thumbnailBuffer, dataKey);
-  const res = await requestFileThumbnailUpload(fileId, dataKeyVersion, thumbnailEncrypted);
-  if (!res.ok) return false;
+  const cache = await getFileCache(fileId);
+  if (cache) return cache;
 
-  storeFileThumbnailCache(fileId, thumbnailBuffer); // Intended
-  return true;
+  const fileBuffer = await downloadFile(fileId, fileEncryptedIv, dataKey);
+  storeFileCache(fileId, fileBuffer); // Intended
+  return fileBuffer;
 };
 
 export const requestFileAdditionToCategory = async (fileId: number, categoryId: number) => {
-  try {
-    await trpc().category.addFile.mutate({ id: categoryId, file: fileId });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<CategoryFileAddRequest>(`/api/category/${categoryId}/file/add`, {
+    file: fileId,
+  });
+  return res.ok;
 };

src/routes/(fullscreen)/file/downloads/File.svelte

@@ -1,8 +1,8 @@
 <script lang="ts">
   import { get, type Writable } from "svelte/store";
   import { getFileInfo, type FileInfo } from "$lib/modules/filesystem";
+  import { formatNetworkSpeed } from "$lib/modules/util";
   import { masterKeyStore, type FileDownloadStatus } from "$lib/stores";
-  import { formatNetworkSpeed } from "$lib/utils";
 
   import IconCloud from "~icons/material-symbols/cloud";
   import IconCloudDownload from "~icons/material-symbols/cloud-download";

src/routes/(fullscreen)/file/uploads/File.svelte

@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { Writable } from "svelte/store";
+  import { formatNetworkSpeed } from "$lib/modules/util";
   import type { FileUploadStatus } from "$lib/stores";
-  import { formatNetworkSpeed } from "$lib/utils";
 
   import IconPending from "~icons/material-symbols/pending";
   import IconLockClock from "~icons/material-symbols/lock-clock";

src/routes/(fullscreen)/gallery/+page.svelte

@@ -1,26 +0,0 @@
-<script lang="ts">
-  import type { Writable } from "svelte/store";
-  import { goto } from "$app/navigation";
-  import { FullscreenDiv } from "$lib/components/atoms";
-  import { TopBar } from "$lib/components/molecules";
-  import { Gallery } from "$lib/components/organisms";
-  import { getFileInfo, type FileInfo } from "$lib/modules/filesystem";
-  import { masterKeyStore } from "$lib/stores";
-
-  let { data } = $props();
-
-  let files: Writable<FileInfo | null>[] = $state([]);
-
-  $effect(() => {
-    files = data.files.map((file) => getFileInfo(file, $masterKeyStore?.get(1)?.key!));
-  });
-</script>
-
-<svelte:head>
-  <title>사진 및 동영상</title>
-</svelte:head>
-
-<TopBar title="사진 및 동영상" />
-<FullscreenDiv>
-  <Gallery {files} onFileClick={({ id }) => goto(`/file/${id}`)} />
-</FullscreenDiv>

src/routes/(fullscreen)/gallery/+page.ts

@@ -1,7 +0,0 @@
-import { trpc } from "$trpc/client";
-import type { PageLoad } from "./$types";
-
-export const load: PageLoad = async ({ fetch }) => {
-  const files = await trpc(fetch).file.list.query();
-  return { files };
-};

src/routes/(fullscreen)/key/export/+page.svelte

@@ -3,12 +3,13 @@
   import { goto } from "$app/navigation";
   import { BottomDiv, Button, FullscreenDiv, TextButton } from "$lib/components/atoms";
   import { TitledDiv } from "$lib/components/molecules";
-  import { serializeClientKeys, storeClientKeys } from "$lib/modules/key";
   import { clientKeyStore } from "$lib/stores";
   import BeforeContinueBottomSheet from "./BeforeContinueBottomSheet.svelte";
   import BeforeContinueModal from "./BeforeContinueModal.svelte";
   import {
+    serializeClientKeys,
     requestClientRegistration,
+    storeClientKeys,
     requestSessionUpgrade,
     requestInitialMasterKeyAndHmacSecretRegistration,
   } from "./service";
@@ -21,8 +22,15 @@
   let isBeforeContinueBottomSheetOpen = $state(false);
 
   const exportClientKeys = () => {
-    const clientKeysSerialized = serializeClientKeys(data);
-    const clientKeysBlob = new Blob([clientKeysSerialized], { type: "application/json" });
+    const clientKeysSerialized = serializeClientKeys(
+      data.encryptKeyBase64,
+      data.decryptKeyBase64,
+      data.signKeyBase64,
+      data.verifyKeyBase64,
+    );
+    const clientKeysBlob = new Blob([JSON.stringify(clientKeysSerialized)], {
+      type: "application/json",
+    });
     FileSaver.saveAs(clientKeysBlob, "arkvault-clientkey.json");
 
     if (!isBeforeContinueBottomSheetOpen) {
@@ -51,14 +59,12 @@
       await storeClientKeys($clientKeyStore);
 
       if (
-        !(
-          await requestSessionUpgrade(
-            data.encryptKeyBase64,
-            $clientKeyStore.decryptKey,
-            data.verifyKeyBase64,
-            $clientKeyStore.signKey,
-          )
-        )[0]
+        !(await requestSessionUpgrade(
+          data.encryptKeyBase64,
+          $clientKeyStore.decryptKey,
+          data.verifyKeyBase64,
+          $clientKeyStore.signKey,
+        ))
       )
         throw new Error("Failed to upgrade session");
 

src/routes/(fullscreen)/key/export/+page.ts

@@ -1,5 +1,5 @@
 import { error } from "@sveltejs/kit";
-import { keyExportState } from "$lib/utils";
+import { keyExportState } from "$lib/hooks/gotoStateful";
 import type { PageLoad } from "./$types";
 
 export const load: PageLoad = async () => {

src/routes/(fullscreen)/key/export/service.ts

@@ -1,5 +1,68 @@
+import { callPostApi } from "$lib/hooks";
+import { storeClientKey } from "$lib/indexedDB";
+import { signMasterKeyWrapped } from "$lib/modules/crypto";
+import type {
+  InitialMasterKeyRegisterRequest,
+  InitialHmacSecretRegisterRequest,
+} from "$lib/server/schemas";
+import type { ClientKeys } from "$lib/stores";
+
 export { requestSessionUpgrade } from "$lib/services/auth";
-export {
-  requestClientRegistration,
-  requestInitialMasterKeyAndHmacSecretRegistration,
-} from "$lib/services/key";
+export { requestClientRegistration } from "$lib/services/key";
+
+type SerializedKeyPairs = {
+  generator: "ArkVault";
+  exportedAt: Date;
+} & {
+  version: 1;
+  encryptKey: string;
+  decryptKey: string;
+  signKey: string;
+  verifyKey: string;
+};
+
+export const serializeClientKeys = (
+  encryptKeyBase64: string,
+  decryptKeyBase64: string,
+  signKeyBase64: string,
+  verifyKeyBase64: string,
+) => {
+  return {
+    version: 1,
+    generator: "ArkVault",
+    exportedAt: new Date(),
+    encryptKey: encryptKeyBase64,
+    decryptKey: decryptKeyBase64,
+    signKey: signKeyBase64,
+    verifyKey: verifyKeyBase64,
+  } satisfies SerializedKeyPairs;
+};
+
+export const storeClientKeys = async (clientKeys: ClientKeys) => {
+  await Promise.all([
+    storeClientKey(clientKeys.encryptKey, "encrypt"),
+    storeClientKey(clientKeys.decryptKey, "decrypt"),
+    storeClientKey(clientKeys.signKey, "sign"),
+    storeClientKey(clientKeys.verifyKey, "verify"),
+  ]);
+};
+
+export const requestInitialMasterKeyAndHmacSecretRegistration = async (
+  masterKeyWrapped: string,
+  hmacSecretWrapped: string,
+  signKey: CryptoKey,
+) => {
+  let res = await callPostApi<InitialMasterKeyRegisterRequest>("/api/mek/register/initial", {
+    mek: masterKeyWrapped,
+    mekSig: await signMasterKeyWrapped(masterKeyWrapped, 1, signKey),
+  });
+  if (!res.ok) {
+    return res.status === 409;
+  }
+
+  res = await callPostApi<InitialHmacSecretRegisterRequest>("/api/hsk/register/initial", {
+    mekVersion: 1,
+    hsk: hmacSecretWrapped,
+  });
+  return res.ok;
+};

src/routes/(fullscreen)/key/generate/+page.svelte

@@ -3,29 +3,19 @@
   import { goto } from "$app/navigation";
   import { BottomDiv, Button, FullscreenDiv, TextButton } from "$lib/components/atoms";
   import { TitledDiv } from "$lib/components/molecules";
-  import { ForceLoginModal } from "$lib/components/organisms";
-  import { storeClientKeys } from "$lib/modules/key";
+  import { gotoStateful } from "$lib/hooks";
   import { clientKeyStore } from "$lib/stores";
-  import { gotoStateful } from "$lib/utils";
   import Order from "./Order.svelte";
   import {
     generateClientKeys,
     generateInitialMasterKey,
     generateInitialHmacSecret,
-    importClientKeys,
-    requestClientRegistrationAndSessionUpgrade,
-    requestInitialMasterKeyAndHmacSecretRegistration,
-    requestDeletedFilesCleanup,
   } from "./service";
 
   import IconKey from "~icons/material-symbols/key";
 
   let { data } = $props();
 
-  let fileInput: HTMLInputElement | undefined = $state();
-
-  let isForceLoginModalOpen = $state(false);
-
   // TODO: Update
   const orders = [
     {
@@ -61,54 +51,6 @@
     });
   };
 
-  const upgradeSession = async (force: boolean) => {
-    const [upgradeRes, upgradeError] = await requestClientRegistrationAndSessionUpgrade(
-      $clientKeyStore!,
-      force,
-    );
-    if (!force && upgradeError === "Already logged in") {
-      isForceLoginModalOpen = true;
-      return;
-    } else if (!upgradeRes) {
-      // TODO: Error Handling
-      return;
-    }
-
-    const { masterKey, masterKeyWrapped } = await generateInitialMasterKey(
-      $clientKeyStore!.encryptKey,
-    );
-    const { hmacSecretWrapped } = await generateInitialHmacSecret(masterKey);
-
-    await storeClientKeys($clientKeyStore!);
-
-    if (
-      !(await requestInitialMasterKeyAndHmacSecretRegistration(
-        masterKeyWrapped,
-        hmacSecretWrapped,
-        $clientKeyStore!.signKey,
-      ))
-    ) {
-      // TODO: Error Handling
-      return;
-    }
-
-    await requestDeletedFilesCleanup();
-    await goto("/client/pending?redirect=" + encodeURIComponent(data.redirectPath));
-  };
-
-  const importKeys = async () => {
-    const file = fileInput?.files?.[0];
-    if (!file) return;
-
-    if (await importClientKeys(await file.text())) {
-      await upgradeSession(false);
-    } else {
-      // TODO: Error Handling
-    }
-
-    fileInput!.value = "";
-  };
-
   onMount(async () => {
     if ($clientKeyStore) {
       await goto(data.redirectPath, { replaceState: true });
@@ -120,14 +62,6 @@
   <title>암호 키 생성하기</title>
 </svelte:head>
 
-<input
-  bind:this={fileInput}
-  onchange={importKeys}
-  type="file"
-  accept="application/json"
-  class="hidden"
-/>
-
 <FullscreenDiv>
   <TitledDiv childrenClass="space-y-4">
     {#snippet title()}
@@ -149,8 +83,6 @@
   </TitledDiv>
   <BottomDiv class="flex flex-col items-center gap-y-2">
     <Button onclick={generateKeys} class="w-full">새 암호 키 생성하기</Button>
-    <TextButton onclick={() => fileInput?.click()}>키를 갖고 있어요</TextButton>
+    <TextButton>키를 갖고 있어요</TextButton>
   </BottomDiv>
 </FullscreenDiv>
-
-<ForceLoginModal bind:isOpen={isForceLoginModalOpen} onLoginClick={() => upgradeSession(true)} />

src/routes/(fullscreen)/key/generate/service.ts

@@ -2,8 +2,6 @@ import {
   generateEncryptionKeyPair,
   generateSigningKeyPair,
   exportRSAKeyToBase64,
-  importEncryptionKeyPairFromBase64,
-  importSigningKeyPairFromBase64,
   makeRSAKeyNonextractable,
   wrapMasterKey,
   generateMasterKey,
@@ -11,16 +9,8 @@ import {
   wrapHmacSecret,
   generateHmacSecret,
 } from "$lib/modules/crypto";
-import { deserializeClientKeys } from "$lib/modules/key";
 import { clientKeyStore } from "$lib/stores";
 
-export { requestLogout } from "$lib/services/auth";
-export { requestDeletedFilesCleanup } from "$lib/services/file";
-export {
-  requestClientRegistrationAndSessionUpgrade,
-  requestInitialMasterKeyAndHmacSecretRegistration,
-} from "$lib/services/key";
-
 export const generateClientKeys = async () => {
   const { encryptKey, decryptKey } = await generateEncryptionKeyPair();
   const { signKey, verifyKey } = await generateSigningKeyPair();
@@ -55,25 +45,3 @@ export const generateInitialHmacSecret = async (masterKey: CryptoKey) => {
     hmacSecretWrapped: await wrapHmacSecret(hmacSecret, masterKey),
   };
 };
-
-export const importClientKeys = async (clientKeysSerialized: string) => {
-  const clientKeys = deserializeClientKeys(clientKeysSerialized);
-  if (!clientKeys) return false;
-
-  const { encryptKey, decryptKey } = await importEncryptionKeyPairFromBase64(
-    clientKeys.encryptKeyBase64,
-    clientKeys.decryptKeyBase64,
-  );
-  const { signKey, verifyKey } = await importSigningKeyPairFromBase64(
-    clientKeys.signKeyBase64,
-    clientKeys.verifyKeyBase64,
-  );
-
-  clientKeyStore.set({
-    encryptKey,
-    decryptKey: await makeRSAKeyNonextractable(decryptKey),
-    signKey: await makeRSAKeyNonextractable(signKey),
-    verifyKey,
-  });
-  return true;
-};

src/routes/(fullscreen)/settings/cache/+page.svelte

@@ -4,11 +4,12 @@
   import { FullscreenDiv } from "$lib/components/atoms";
   import { TopBar } from "$lib/components/molecules";
   import type { FileCacheIndex } from "$lib/indexedDB";
-  import { getFileCacheIndex, deleteFileCache as doDeleteFileCache } from "$lib/modules/file";
+  import { getFileCacheIndex } from "$lib/modules/file";
   import { getFileInfo, type FileInfo } from "$lib/modules/filesystem";
+  import { formatFileSize } from "$lib/modules/util";
   import { masterKeyStore } from "$lib/stores";
-  import { formatFileSize } from "$lib/utils";
   import File from "./File.svelte";
+  import { deleteFileCache as doDeleteFileCache } from "./service";
 
   interface FileCache {
     index: FileCacheIndex;

src/routes/(fullscreen)/settings/cache/File.svelte

@@ -2,7 +2,7 @@
   import type { Writable } from "svelte/store";
   import type { FileCacheIndex } from "$lib/indexedDB";
   import type { FileInfo } from "$lib/modules/filesystem";
-  import { formatDate, formatFileSize } from "$lib/utils";
+  import { formatDate, formatFileSize } from "$lib/modules/util";
 
   import IconDraft from "~icons/material-symbols/draft";
   import IconScanDelete from "~icons/material-symbols/scan-delete";

src/routes/(fullscreen)/settings/cache/service.ts

@@ -0,0 +1,5 @@
+import { deleteFileCache as doDeleteFileCache } from "$lib/modules/file";
+
+export const deleteFileCache = async (fileId: number) => {
+  await doDeleteFileCache(fileId);
+};

src/routes/(fullscreen)/settings/thumbnail/+page.svelte

@@ -1,77 +0,0 @@
-<script lang="ts">
-  import { onMount } from "svelte";
-  import { get } from "svelte/store";
-  import { goto } from "$app/navigation";
-  import { BottomDiv, Button, FullscreenDiv } from "$lib/components/atoms";
-  import { IconEntryButton, TopBar } from "$lib/components/molecules";
-  import { deleteAllFileThumbnailCaches } from "$lib/modules/file";
-  import { getFileInfo } from "$lib/modules/filesystem";
-  import { masterKeyStore } from "$lib/stores";
-  import File from "./File.svelte";
-  import {
-    persistentStates,
-    getGenerationStatus,
-    requestThumbnailGeneration,
-  } from "./service.svelte";
-
-  import IconDelete from "~icons/material-symbols/delete";
-
-  let { data } = $props();
-
-  const generateAllThumbnails = () => {
-    persistentStates.files.forEach(({ info }) => {
-      const fileInfo = get(info);
-      if (fileInfo) {
-        requestThumbnailGeneration(fileInfo);
-      }
-    });
-  };
-
-  onMount(() => {
-    persistentStates.files = data.files.map((fileId) => ({
-      id: fileId,
-      info: getFileInfo(fileId, $masterKeyStore?.get(1)?.key!),
-      status: getGenerationStatus(fileId),
-    }));
-  });
-</script>
-
-<svelte:head>
-  <title>썸네일 설정</title>
-</svelte:head>
-
-<TopBar title="썸네일" />
-<FullscreenDiv class="bg-gray-100 !px-0">
-  <div class="flex flex-grow flex-col space-y-4">
-    <div class="bg-white p-4 !pt-0">
-      <IconEntryButton icon={IconDelete} onclick={deleteAllFileThumbnailCaches} class="w-full">
-        저장된 썸네일 모두 삭제하기
-      </IconEntryButton>
-    </div>
-    {#if persistentStates.files.length > 0}
-      <div class="flex-grow space-y-2 bg-white p-4">
-        <p class="text-lg font-bold text-gray-800">썸네일이 누락된 파일</p>
-        <div class="space-y-4">
-          <p class="break-keep text-gray-800">
-            {persistentStates.files.length}개 파일의 썸네일이 존재하지 않아요.
-          </p>
-          <div class="space-y-2">
-            {#each persistentStates.files as { info, status }}
-              <File
-                {info}
-                generationStatus={status}
-                onclick={({ id }) => goto(`/file/${id}`)}
-                onGenerateThumbnailClick={requestThumbnailGeneration}
-              />
-            {/each}
-          </div>
-        </div>
-      </div>
-    {/if}
-  </div>
-  {#if persistentStates.files.length > 0}
-    <BottomDiv class="px-4">
-      <Button onclick={generateAllThumbnails} class="w-full">모두 썸네일 생성하기</Button>
-    </BottomDiv>
-  {/if}
-</FullscreenDiv>

src/routes/(fullscreen)/settings/thumbnail/+page.ts

@@ -1,7 +0,0 @@
-import { trpc } from "$trpc/client";
-import type { PageLoad } from "./$types";
-
-export const load: PageLoad = async ({ fetch }) => {
-  const files = await trpc(fetch).file.listWithoutThumbnail.query();
-  return { files };
-};

src/routes/(fullscreen)/settings/thumbnail/File.svelte

@@ -1,46 +0,0 @@
-<script module lang="ts">
-  const subtexts = {
-    queued: "대기 중",
-    "generation-pending": "준비 중",
-    generating: "생성하는 중",
-    "upload-pending": "업로드를 기다리는 중",
-    uploading: "업로드하는 중",
-    error: "실패",
-  } as const;
-</script>
-
-<script lang="ts">
-  import type { Writable } from "svelte/store";
-  import { ActionEntryButton } from "$lib/components/atoms";
-  import { DirectoryEntryLabel } from "$lib/components/molecules";
-  import type { FileInfo } from "$lib/modules/filesystem";
-  import { formatDateTime } from "$lib/utils";
-  import type { GenerationStatus } from "./service.svelte";
-
-  import IconCamera from "~icons/material-symbols/camera";
-
-  interface Props {
-    info: Writable<FileInfo | null>;
-    onclick: (selectedFile: FileInfo) => void;
-    onGenerateThumbnailClick: (selectedFile: FileInfo) => void;
-    generationStatus?: Writable<GenerationStatus>;
-  }
-
-  let { info, onclick, onGenerateThumbnailClick, generationStatus }: Props = $props();
-</script>
-
-{#if $info}
-  <ActionEntryButton
-    class="h-14"
-    onclick={() => onclick($info)}
-    actionButtonIcon={!$generationStatus || $generationStatus === "error" ? IconCamera : undefined}
-    onActionButtonClick={() => onGenerateThumbnailClick($info)}
-    actionButtonClass="text-gray-800"
-  >
-    {@const subtext =
-      $generationStatus && $generationStatus !== "uploaded"
-        ? subtexts[$generationStatus]
-        : formatDateTime($info.createdAt ?? $info.lastModifiedAt)}
-    <DirectoryEntryLabel type="file" name={$info.name} {subtext} />
-  </ActionEntryButton>
-{/if}