Merge pull request #12 from kmc7468/dev

v0.5.0
Merge pull request #10 from kmc7468/dev
2026-02-04 16:16:55 +00:00 · 2025-07-12 06:01:08 +09:00 · 2025-01-30 21:06:50 +09:00 · 2025-01-18 13:29:09 +09:00 · 2025-01-13 03:53:14 +09:00 · 2025-01-09 06:24:31 +09:00
193 changed files with 5278 additions and 5743 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -12,7 +12,6 @@ node_modules
 /data
 /library
 /thumbnails
-/uploads

 # OS
 .DS_Store
--- a/.env.example
+++ b/.env.example
@@ -12,4 +12,3 @@ USER_CLIENT_CHALLENGE_EXPIRES=
 SESSION_UPGRADE_CHALLENGE_EXPIRES=
 LIBRARY_PATH=
 THUMBNAILS_PATH=
-UPLOADS_PATH=
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,6 @@ node_modules
 /data
 /library
 /thumbnails
-/uploads

 # OS
 .DS_Store
--- a/8
+++ b/8
@@ -2,7 +2,11 @@
 FROM node:22-alpine AS base
 WORKDIR /app

-RUN npm install -g pnpm@10
+RUN apk add --no-cache bash curl && \
+    curl -o /usr/local/bin/wait-for-it https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh && \
+    chmod +x /usr/local/bin/wait-for-it
+
+RUN npm install -g pnpm@9
 COPY pnpm-lock.yaml .

 # Build Stage
@@ -25,4 +29,4 @@ COPY --from=build /app/build ./build

 EXPOSE 3000
 ENV BODY_SIZE_LIMIT=Infinity
-CMD ["node", "./build/index.js"]
+CMD ["bash", "-c", "wait-for-it ${DATABASE_HOST:-localhost}:${DATABASE_PORT:-5432} -- node ./build/index.js"]
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -3,8 +3,7 @@ services:
    build: .
    restart: unless-stopped
    depends_on:
-      database:
-        condition: service_healthy
+      - database
    user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
    volumes:
      - ./data/library:/app/data/library
@@ -20,7 +19,6 @@ services:
      - SESSION_UPGRADE_CHALLENGE_EXPIRES
      - LIBRARY_PATH=/app/data/library
      - THUMBNAILS_PATH=/app/data/thumbnails
-      - UPLOADS_PATH=/app/data/uploads
      # SvelteKit
      - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
      - XFF_DEPTH=${TRUST_PROXY:-}
@@ -37,8 +35,3 @@ services:
    environment:
      - POSTGRES_USER=arkvault
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD:?}
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER}"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
--- a/eslint.config.js
+++ b/eslint.config.js
@@ -1,24 +1,21 @@
-import { includeIgnoreFile } from "@eslint/compat";
-import js from "@eslint/js";
-import { defineConfig } from "eslint/config";
 import prettier from "eslint-config-prettier";
+import js from "@eslint/js";
+import { includeIgnoreFile } from "@eslint/compat";
 import svelte from "eslint-plugin-svelte";
 import tailwind from "eslint-plugin-tailwindcss";
 import globals from "globals";
+import { fileURLToPath } from "node:url";
 import ts from "typescript-eslint";
-import { fileURLToPath } from "url";
-import svelteConfig from "./svelte.config.js";
-
 const gitignorePath = fileURLToPath(new URL("./.gitignore", import.meta.url));

-export default defineConfig(
+export default ts.config(
  includeIgnoreFile(gitignorePath),
  js.configs.recommended,
  ...ts.configs.recommended,
-  ...svelte.configs.recommended,
+  ...svelte.configs["flat/recommended"],
  ...tailwind.configs["flat/recommended"],
  prettier,
-  ...svelte.configs.prettier,
+  ...svelte.configs["flat/prettier"],
  {
    languageOptions: {
      globals: {
@@ -26,18 +23,13 @@ export default defineConfig(
        ...globals.node,
      },
    },
-    rules: {
-      "no-undef": "off",
-    },
  },
  {
-    files: ["**/*.svelte", "**/*.svelte.ts", "**/*.svelte.js"],
+    files: ["**/*.svelte"],
+
    languageOptions: {
      parserOptions: {
-        projectService: true,
-        extraFileExtensions: [".svelte"],
        parser: ts.parser,
-        svelteConfig,
      },
    },
  },
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "arkvault",
  "private": true,
-  "version": "0.7.0",
+  "version": "0.5.0",
  "type": "module",
  "scripts": {
    "dev": "vite dev",
@@ -16,58 +16,53 @@
    "db:migrate": "kysely migrate"
  },
  "devDependencies": {
-    "@eslint/compat": "^2.0.0",
-    "@eslint/js": "^9.39.2",
-    "@iconify-json/material-symbols": "^1.2.50",
-    "@sveltejs/adapter-node": "^5.4.0",
-    "@sveltejs/kit": "^2.49.2",
-    "@sveltejs/vite-plugin-svelte": "^6.2.1",
-    "@tanstack/svelte-virtual": "^3.13.16",
-    "@trpc/client": "^11.8.1",
+    "@eslint/compat": "^1.3.1",
+    "@iconify-json/material-symbols": "^1.2.29",
+    "@sveltejs/adapter-node": "^5.2.13",
+    "@sveltejs/kit": "^2.22.5",
+    "@sveltejs/vite-plugin-svelte": "^4.0.4",
    "@types/file-saver": "^2.0.7",
    "@types/ms": "^0.7.34",
    "@types/node-schedule": "^2.1.8",
-    "@types/pg": "^8.16.0",
-    "autoprefixer": "^10.4.23",
-    "axios": "^1.13.2",
-    "dexie": "^4.2.1",
-    "eslint": "^9.39.2",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-svelte": "^3.13.1",
-    "eslint-plugin-tailwindcss": "^3.18.2",
-    "exifreader": "^4.33.1",
+    "@types/pg": "^8.15.4",
+    "autoprefixer": "^10.4.21",
+    "axios": "^1.10.0",
+    "dexie": "^4.0.11",
+    "eslint": "^9.30.1",
+    "eslint-config-prettier": "^10.1.5",
+    "eslint-plugin-svelte": "^3.10.1",
+    "eslint-plugin-tailwindcss": "^3.18.0",
+    "exifreader": "^4.31.1",
    "file-saver": "^2.0.5",
-    "globals": "^16.5.0",
+    "globals": "^16.3.0",
    "heic2any": "^0.0.4",
-    "kysely-ctl": "^0.19.0",
-    "lru-cache": "^11.2.4",
-    "mime": "^4.1.0",
-    "p-limit": "^7.2.0",
-    "prettier": "^3.7.4",
-    "prettier-plugin-svelte": "^3.4.1",
-    "prettier-plugin-tailwindcss": "^0.7.2",
-    "svelte": "^5.46.1",
-    "svelte-check": "^4.3.5",
-    "tailwindcss": "^3.4.19",
-    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.51.0",
-    "unplugin-icons": "^22.5.0",
-    "vite": "^7.3.0"
+    "kysely-ctl": "^0.13.1",
+    "lru-cache": "^11.1.0",
+    "mime": "^4.0.7",
+    "p-limit": "^6.2.0",
+    "prettier": "^3.6.2",
+    "prettier-plugin-svelte": "^3.4.0",
+    "prettier-plugin-tailwindcss": "^0.6.14",
+    "svelte": "^5.35.6",
+    "svelte-check": "^4.2.2",
+    "tailwindcss": "^3.4.17",
+    "typescript": "^5.8.3",
+    "typescript-eslint": "^8.36.0",
+    "unplugin-icons": "^22.1.0",
+    "vite": "^5.4.19"
  },
  "dependencies": {
-    "@fastify/busboy": "^3.2.0",
-    "@trpc/server": "^11.8.1",
-    "argon2": "^0.44.0",
-    "kysely": "^0.28.9",
+    "@fastify/busboy": "^3.1.1",
+    "argon2": "^0.43.0",
+    "kysely": "^0.28.2",
    "ms": "^2.1.3",
    "node-schedule": "^2.1.1",
    "pg": "^8.16.3",
-    "superjson": "^2.2.6",
-    "uuid": "^13.0.0",
-    "zod": "^4.3.5"
+    "uuid": "^11.1.0",
+    "zod": "^3.25.76"
  },
  "engines": {
    "node": "^22.0.0",
-    "pnpm": "^10.0.0"
+    "pnpm": "^9.0.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -7,7 +7,6 @@ import {
  cleanupExpiredSessions,
  cleanupExpiredSessionUpgradeChallenges,
 } from "$lib/server/db/session";
-import { cleanupExpiredUploadSessions } from "$lib/server/db/upload";
 import { authenticate, setAgentInfo } from "$lib/server/middlewares";

 export const init: ServerInit = async () => {
@@ -17,7 +16,6 @@ export const init: ServerInit = async () => {
    cleanupExpiredUserClientChallenges();
    cleanupExpiredSessions();
    cleanupExpiredSessionUpgradeChallenges();
-    cleanupExpiredUploadSessions();
  });
 };

--- a/src/lib/components/atoms/RowVirtualizer.svelte
+++ b/src/lib/components/atoms/RowVirtualizer.svelte
@@ -1,60 +0,0 @@
-<script lang="ts">
-  import { createWindowVirtualizer } from "@tanstack/svelte-virtual";
-  import type { Snippet } from "svelte";
-  import type { ClassValue } from "svelte/elements";
-
-  interface Props {
-    class?: ClassValue;
-    count: number;
-    item: Snippet<[index: number]>;
-    itemHeight: (index: number) => number;
-    itemGap?: number;
-    placeholder?: Snippet;
-  }
-
-  let { class: className, count, item, itemHeight, itemGap, placeholder }: Props = $props();
-
-  let element: HTMLElement | undefined = $state();
-  let scrollMargin = $state(0);
-
-  let virtualizer = $derived(
-    createWindowVirtualizer({
-      count,
-      estimateSize: itemHeight,
-      gap: itemGap,
-      scrollMargin,
-    }),
-  );
-
-  const measureItem = (node: HTMLElement) => {
-    $effect(() => $virtualizer.measureElement(node));
-  };
-
-  $effect(() => {
-    if (!element) return;
-
-    const observer = new ResizeObserver(() => {
-      scrollMargin = Math.round(element!.getBoundingClientRect().top + window.scrollY);
-    });
-    observer.observe(element.parentElement!);
-    return () => observer.disconnect();
-  });
-</script>
-
-<div bind:this={element} class={["relative", className]}>
-  <div style:height="{$virtualizer.getTotalSize()}px">
-    {#each $virtualizer.getVirtualItems() as virtualItem (virtualItem.key)}
-      <div
-        class="absolute left-0 top-0 w-full"
-        style:transform="translateY({virtualItem.start - scrollMargin}px)"
-        data-index={virtualItem.index}
-        use:measureItem
-      >
-        {@render item(virtualItem.index)}
-      </div>
-    {/each}
-  </div>
-  {#if placeholder && count === 0}
-    {@render placeholder()}
-  {/if}
-</div>
--- a/src/lib/components/atoms/buttons/FileThumbnailButton.svelte
+++ b/src/lib/components/atoms/buttons/FileThumbnailButton.svelte
@@ -1,24 +0,0 @@
-<script lang="ts">
-  import { getFileThumbnail } from "$lib/modules/file";
-  import type { SummarizedFileInfo } from "$lib/modules/filesystem";
-
-  interface Props {
-    info: SummarizedFileInfo;
-    onclick?: (file: SummarizedFileInfo) => void;
-  }
-
-  let { info, onclick }: Props = $props();
-
-  let thumbnail = $derived(getFileThumbnail(info));
-</script>
-
-<button
-  onclick={onclick && (() => setTimeout(() => onclick(info), 100))}
-  class="aspect-square overflow-hidden rounded transition active:scale-95 active:brightness-90"
->
-  {#if $thumbnail}
-    <img src={$thumbnail} alt={info.name} class="h-full w-full object-cover" />
-  {:else}
-    <div class="h-full w-full bg-gray-100"></div>
-  {/if}
-</button>
--- a/src/lib/components/atoms/buttons/index.ts
+++ b/src/lib/components/atoms/buttons/index.ts
@@ -1,6 +1,5 @@
 export { default as ActionEntryButton } from "./ActionEntryButton.svelte";
 export { default as Button } from "./Button.svelte";
 export { default as EntryButton } from "./EntryButton.svelte";
-export { default as FileThumbnailButton } from "./FileThumbnailButton.svelte";
 export { default as FloatingButton } from "./FloatingButton.svelte";
 export { default as TextButton } from "./TextButton.svelte";
--- a/src/lib/components/atoms/index.ts
+++ b/src/lib/components/atoms/index.ts
@@ -3,4 +3,3 @@ export * from "./buttons";
 export * from "./divs";
 export * from "./inputs";
 export { default as Modal } from "./Modal.svelte";
-export { default as RowVirtualizer } from "./RowVirtualizer.svelte";
--- a/src/lib/components/molecules/Categories.svelte
+++ b/src/lib/components/molecules/Categories.svelte
@@ -1,44 +0,0 @@
-<script module lang="ts">
-  import type { DataKey } from "$lib/modules/filesystem";
-
-  export interface SelectedCategory {
-    id: number;
-    dataKey?: DataKey;
-    name: string;
-  }
-</script>
-
-<script lang="ts">
-  import type { Component } from "svelte";
-  import type { SvelteHTMLElements } from "svelte/elements";
-  import { ActionEntryButton } from "$lib/components/atoms";
-  import { CategoryLabel } from "$lib/components/molecules";
-  import type { SubCategoryInfo } from "$lib/modules/filesystem";
-  import { sortEntries } from "$lib/utils";
-
-  interface Props {
-    categories: SubCategoryInfo[];
-    categoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
-    onCategoryClick: (category: SelectedCategory) => void;
-    onCategoryMenuClick?: (category: SelectedCategory) => void;
-  }
-
-  let { categories, categoryMenuIcon, onCategoryClick, onCategoryMenuClick }: Props = $props();
-
-  let categoriesWithName = $derived(sortEntries([...categories]));
-</script>
-
-{#if categoriesWithName.length > 0}
-  <div class="space-y-1">
-    {#each categoriesWithName as category (category.id)}
-      <ActionEntryButton
-        class="h-12"
-        onclick={() => onCategoryClick(category)}
-        actionButtonIcon={categoryMenuIcon}
-        onActionButtonClick={() => onCategoryMenuClick?.(category)}
-      >
-        <CategoryLabel name={category.name} />
-      </ActionEntryButton>
-    {/each}
-  </div>
-{/if}
--- a/src/lib/components/molecules/Categories/Categories.svelte
+++ b/src/lib/components/molecules/Categories/Categories.svelte
@@ -0,0 +1,63 @@
+<script lang="ts">
+  import { untrack, type Component } from "svelte";
+  import type { SvelteHTMLElements } from "svelte/elements";
+  import { get, type Writable } from "svelte/store";
+  import type { CategoryInfo } from "$lib/modules/filesystem";
+  import { SortBy, sortEntries } from "$lib/modules/util";
+  import Category from "./Category.svelte";
+  import type { SelectedCategory } from "./service";
+
+  interface Props {
+    categories: Writable<CategoryInfo | null>[];
+    categoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
+    onCategoryClick: (category: SelectedCategory) => void;
+    onCategoryMenuClick?: (category: SelectedCategory) => void;
+    sortBy?: SortBy;
+  }
+
+  let {
+    categories,
+    categoryMenuIcon,
+    onCategoryClick,
+    onCategoryMenuClick,
+    sortBy = SortBy.NAME_ASC,
+  }: Props = $props();
+
+  let categoriesWithName: { name?: string; info: Writable<CategoryInfo | null> }[] = $state([]);
+
+  $effect(() => {
+    categoriesWithName = categories.map((category) => ({
+      name: get(category)?.name,
+      info: category,
+    }));
+
+    const sort = () => {
+      sortEntries(categoriesWithName, sortBy);
+    };
+    return untrack(() => {
+      sort();
+
+      const unsubscribes = categoriesWithName.map((category) =>
+        category.info.subscribe((value) => {
+          if (category.name === value?.name) return;
+          category.name = value?.name;
+          sort();
+        }),
+      );
+      return () => unsubscribes.forEach((unsubscribe) => unsubscribe());
+    });
+  });
+</script>
+
+{#if categoriesWithName.length > 0}
+  <div class="space-y-1">
+    {#each categoriesWithName as { info }}
+      <Category
+        {info}
+        menuIcon={categoryMenuIcon}
+        onclick={onCategoryClick}
+        onMenuClick={onCategoryMenuClick}
+      />
+    {/each}
+  </div>
+{/if}
--- a/src/lib/components/molecules/Categories/Category.svelte
+++ b/src/lib/components/molecules/Categories/Category.svelte
@@ -0,0 +1,43 @@
+<script lang="ts">
+  import type { Component } from "svelte";
+  import type { SvelteHTMLElements } from "svelte/elements";
+  import type { Writable } from "svelte/store";
+  import { ActionEntryButton } from "$lib/components/atoms";
+  import { CategoryLabel } from "$lib/components/molecules";
+  import type { CategoryInfo } from "$lib/modules/filesystem";
+  import type { SelectedCategory } from "./service";
+
+  interface Props {
+    info: Writable<CategoryInfo | null>;
+    menuIcon?: Component<SvelteHTMLElements["svg"]>;
+    onclick: (category: SelectedCategory) => void;
+    onMenuClick?: (category: SelectedCategory) => void;
+  }
+
+  let { info, menuIcon, onclick, onMenuClick }: Props = $props();
+
+  const openCategory = () => {
+    const { id, dataKey, dataKeyVersion, name } = $info as CategoryInfo;
+    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
+
+    onclick({ id, dataKey, dataKeyVersion, name });
+  };
+
+  const openMenu = () => {
+    const { id, dataKey, dataKeyVersion, name } = $info as CategoryInfo;
+    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
+
+    onMenuClick!({ id, dataKey, dataKeyVersion, name });
+  };
+</script>
+
+{#if $info}
+  <ActionEntryButton
+    class="h-12"
+    onclick={openCategory}
+    actionButtonIcon={menuIcon}
+    onActionButtonClick={openMenu}
+  >
+    <CategoryLabel name={$info.name!} />
+  </ActionEntryButton>
+{/if}
--- a/src/lib/components/molecules/Categories/index.ts
+++ b/src/lib/components/molecules/Categories/index.ts
@@ -0,0 +1,2 @@
+export { default } from "./Categories.svelte";
+export * from "./service";
--- a/src/lib/components/molecules/Categories/service.ts
+++ b/src/lib/components/molecules/Categories/service.ts
@@ -0,0 +1,6 @@
+export interface SelectedCategory {
+  id: number;
+  dataKey: CryptoKey;
+  dataKeyVersion: Date;
+  name: string;
+}
--- a/src/lib/components/molecules/SubCategories.svelte
+++ b/src/lib/components/molecules/SubCategories.svelte
@@ -1,8 +1,10 @@
 <script lang="ts">
  import type { Component } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
+  import type { Writable } from "svelte/store";
  import { Categories, IconEntryButton, type SelectedCategory } from "$lib/components/molecules";
-  import type { CategoryInfo } from "$lib/modules/filesystem";
+  import { getCategoryInfo, type CategoryInfo } from "$lib/modules/filesystem";
+  import { masterKeyStore } from "$lib/stores";

  import IconAddCircle from "~icons/material-symbols/add-circle";

@@ -25,6 +27,14 @@
    subCategoryCreatePosition = "bottom",
    subCategoryMenuIcon,
  }: Props = $props();
+
+  let subCategories: Writable<CategoryInfo | null>[] = $state([]);
+
+  $effect(() => {
+    subCategories = info.subCategoryIds.map((id) =>
+      getCategoryInfo(id, $masterKeyStore?.get(1)?.key!),
+    );
+  });
 </script>

 <div class={["space-y-1", className]}>
@@ -43,12 +53,14 @@
  {#if subCategoryCreatePosition === "top"}
    {@render subCategoryCreate()}
  {/if}
-  <Categories
-    categories={info.subCategories}
-    categoryMenuIcon={subCategoryMenuIcon}
-    onCategoryClick={onSubCategoryClick}
-    onCategoryMenuClick={onSubCategoryMenuClick}
-  />
+  {#key info}
+    <Categories
+      categories={subCategories}
+      categoryMenuIcon={subCategoryMenuIcon}
+      onCategoryClick={onSubCategoryClick}
+      onCategoryMenuClick={onSubCategoryMenuClick}
+    />
+  {/key}
  {#if subCategoryCreatePosition === "bottom"}
    {@render subCategoryCreate()}
  {/if}
--- a/src/lib/components/molecules/index.ts
+++ b/src/lib/components/molecules/index.ts
@@ -1,7 +1,7 @@
 export * from "./ActionModal.svelte";
 export { default as ActionModal } from "./ActionModal.svelte";
-export * from "./Categories.svelte";
-export { default as Categories } from "./Categories.svelte";
+export * from "./Categories";
+export { default as Categories } from "./Categories";
 export { default as IconEntryButton } from "./IconEntryButton.svelte";
 export * from "./labels";
 export { default as SubCategories } from "./SubCategories.svelte";
--- a/src/lib/components/molecules/labels/DirectoryEntryLabel.svelte
+++ b/src/lib/components/molecules/labels/DirectoryEntryLabel.svelte
@@ -3,7 +3,6 @@
  import { IconLabel } from "$lib/components/molecules";

  import IconFolder from "~icons/material-symbols/folder";
-  import IconDriveFolderUpload from "~icons/material-symbols/drive-folder-upload";
  import IconDraft from "~icons/material-symbols/draft";

  interface Props {
@@ -12,7 +11,7 @@
    subtext?: string;
    textClass?: ClassValue;
    thumbnail?: string;
-    type: "directory" | "parent-directory" | "file";
+    type: "directory" | "file";
  }

  let {
@@ -31,8 +30,6 @@
      <img src={thumbnail} alt={name} loading="lazy" class="aspect-square rounded object-cover" />
    {:else if type === "directory"}
      <IconFolder />
-    {:else if type === "parent-directory"}
-      <IconDriveFolderUpload class="text-yellow-500" />
    {:else}
      <IconDraft class="text-blue-400" />
    {/if}
--- a/src/lib/components/organisms/Category/Category.svelte
+++ b/src/lib/components/organisms/Category/Category.svelte
@@ -0,0 +1,107 @@
+<script lang="ts">
+  import { untrack } from "svelte";
+  import { get, type Writable } from "svelte/store";
+  import { CheckBox } from "$lib/components/atoms";
+  import { SubCategories, type SelectedCategory } from "$lib/components/molecules";
+  import { getFileInfo, type FileInfo, type CategoryInfo } from "$lib/modules/filesystem";
+  import { SortBy, sortEntries } from "$lib/modules/util";
+  import { masterKeyStore } from "$lib/stores";
+  import File from "./File.svelte";
+  import type { SelectedFile } from "./service";
+
+  import IconMoreVert from "~icons/material-symbols/more-vert";
+
+  interface Props {
+    info: CategoryInfo;
+    onFileClick: (file: SelectedFile) => void;
+    onFileRemoveClick: (file: SelectedFile) => void;
+    onSubCategoryClick: (subCategory: SelectedCategory) => void;
+    onSubCategoryCreateClick: () => void;
+    onSubCategoryMenuClick: (subCategory: SelectedCategory) => void;
+    sortBy?: SortBy;
+    isFileRecursive: boolean;
+  }
+
+  let {
+    info,
+    onFileClick,
+    onFileRemoveClick,
+    onSubCategoryClick,
+    onSubCategoryCreateClick,
+    onSubCategoryMenuClick,
+    sortBy = SortBy.NAME_ASC,
+    isFileRecursive = $bindable(),
+  }: Props = $props();
+
+  let files: { name?: string; info: Writable<FileInfo | null>; isRecursive: boolean }[] = $state(
+    [],
+  );
+
+  $effect(() => {
+    files =
+      info.files
+        ?.filter(({ isRecursive }) => isFileRecursive || !isRecursive)
+        .map(({ id, isRecursive }) => {
+          const info = getFileInfo(id, $masterKeyStore?.get(1)?.key!);
+          return {
+            name: get(info)?.name,
+            info,
+            isRecursive,
+          };
+        }) ?? [];
+
+    const sort = () => {
+      sortEntries(files, sortBy);
+    };
+    return untrack(() => {
+      sort();
+
+      const unsubscribes = files.map((file) =>
+        file.info.subscribe((value) => {
+          if (file.name === value?.name) return;
+          file.name = value?.name;
+          sort();
+        }),
+      );
+      return () => unsubscribes.forEach((unsubscribe) => unsubscribe());
+    });
+  });
+</script>
+
+<div class="space-y-4">
+  <div class="space-y-4 bg-white p-4">
+    {#if info.id !== "root"}
+      <p class="text-lg font-bold text-gray-800">하위 카테고리</p>
+    {/if}
+    <SubCategories
+      {info}
+      {onSubCategoryClick}
+      {onSubCategoryCreateClick}
+      {onSubCategoryMenuClick}
+      subCategoryMenuIcon={IconMoreVert}
+    />
+  </div>
+  {#if info.id !== "root"}
+    <div class="space-y-4 bg-white p-4">
+      <div class="flex items-center justify-between">
+        <p class="text-lg font-bold text-gray-800">파일</p>
+        <CheckBox bind:checked={isFileRecursive}>
+          <p class="font-medium">하위 카테고리의 파일</p>
+        </CheckBox>
+      </div>
+      <div class="space-y-1">
+        {#key info}
+          {#each files as { info, isRecursive }}
+            <File
+              {info}
+              onclick={onFileClick}
+              onRemoveClick={!isRecursive ? onFileRemoveClick : undefined}
+            />
+          {:else}
+            <p class="text-gray-500 text-center">이 카테고리에 추가된 파일이 없어요.</p>
+          {/each}
+        {/key}
+      </div>
+    </div>
+  {/if}
+</div>
--- a/src/lib/components/organisms/Category/File.svelte
+++ b/src/lib/components/organisms/Category/File.svelte
@@ -0,0 +1,59 @@
+<script lang="ts">
+  import type { Writable } from "svelte/store";
+  import { ActionEntryButton } from "$lib/components/atoms";
+  import { DirectoryEntryLabel } from "$lib/components/molecules";
+  import type { FileInfo } from "$lib/modules/filesystem";
+  import { requestFileThumbnailDownload, type SelectedFile } from "./service";
+
+  import IconClose from "~icons/material-symbols/close";
+
+  interface Props {
+    info: Writable<FileInfo | null>;
+    onclick: (selectedFile: SelectedFile) => void;
+    onRemoveClick?: (selectedFile: SelectedFile) => void;
+  }
+
+  let { info, onclick, onRemoveClick }: Props = $props();
+
+  let thumbnail: string | undefined = $state();
+
+  const openFile = () => {
+    const { id, dataKey, dataKeyVersion, name } = $info as FileInfo;
+    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
+
+    onclick({ id, dataKey, dataKeyVersion, name });
+  };
+
+  const removeFile = () => {
+    const { id, dataKey, dataKeyVersion, name } = $info as FileInfo;
+    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
+
+    onRemoveClick!({ id, dataKey, dataKeyVersion, name });
+  };
+
+  $effect(() => {
+    if ($info?.dataKey) {
+      requestFileThumbnailDownload($info.id, $info.dataKey)
+        .then((thumbnailUrl) => {
+          thumbnail = thumbnailUrl ?? undefined;
+        })
+        .catch(() => {
+          // TODO: Error Handling
+          thumbnail = undefined;
+        });
+    } else {
+      thumbnail = undefined;
+    }
+  });
+</script>
+
+{#if $info}
+  <ActionEntryButton
+    class="h-12"
+    onclick={openFile}
+    actionButtonIcon={onRemoveClick && IconClose}
+    onActionButtonClick={removeFile}
+  >
+    <DirectoryEntryLabel type="file" {thumbnail} name={$info.name} />
+  </ActionEntryButton>
+{/if}
--- a/src/lib/components/organisms/Category/index.ts
+++ b/src/lib/components/organisms/Category/index.ts
@@ -0,0 +1,2 @@
+export { default } from "./Category.svelte";
+export * from "./service";
--- a/src/lib/components/organisms/Category/service.ts
+++ b/src/lib/components/organisms/Category/service.ts
@@ -0,0 +1,8 @@
+export { requestFileThumbnailDownload } from "$lib/services/file";
+
+export interface SelectedFile {
+  id: number;
+  dataKey: CryptoKey;
+  dataKeyVersion: Date;
+  name: string;
+}
--- a/src/lib/components/organisms/index.ts
+++ b/src/lib/components/organisms/index.ts
@@ -1 +1,3 @@
+export * from "./Category";
+export { default as Category } from "./Category";
 export * from "./modals";
--- a/src/lib/constants/index.ts
+++ b/src/lib/constants/index.ts
@@ -1 +0,0 @@
-export * from "./upload";
--- a/src/lib/constants/upload.ts
+++ b/src/lib/constants/upload.ts
@@ -1,5 +0,0 @@
-export const CHUNK_SIZE = 4 * 1024 * 1024;
-
-export const AES_GCM_IV_SIZE = 12;
-export const AES_GCM_TAG_SIZE = 16;
-export const ENCRYPTION_OVERHEAD = AES_GCM_IV_SIZE + AES_GCM_TAG_SIZE;
--- a/src/lib/hooks/callApi.ts
+++ b/src/lib/hooks/callApi.ts
@@ -0,0 +1,11 @@
+export const callGetApi = async (input: RequestInfo, fetchInternal = fetch) => {
+  return await fetchInternal(input);
+};
+
+export const callPostApi = async <T>(input: RequestInfo, payload?: T, fetchInternal = fetch) => {
+  return await fetchInternal(input, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: payload ? JSON.stringify(payload) : undefined,
+  });
+};
--- a/src/lib/hooks/gotoStateful.ts
+++ b/src/lib/hooks/gotoStateful.ts
--- a/src/lib/hooks/index.ts
+++ b/src/lib/hooks/index.ts
@@ -0,0 +1,2 @@
+export * from "./callApi";
+export * from "./gotoStateful";
--- a/src/lib/indexedDB/filesystem.ts
+++ b/src/lib/indexedDB/filesystem.ts
@@ -1,5 +1,7 @@
 import { Dexie, type EntityTable } from "dexie";

+export type DirectoryId = "root" | number;
+
 interface DirectoryInfo {
  id: number;
  parentId: DirectoryId;
@@ -13,15 +15,16 @@ interface FileInfo {
  contentType: string;
  createdAt?: Date;
  lastModifiedAt: Date;
-  categoryIds?: number[];
+  categoryIds: number[];
 }

+export type CategoryId = "root" | number;
+
 interface CategoryInfo {
  id: number;
  parentId: CategoryId;
  name: string;
-  files?: { id: number; isRecursive: boolean }[];
-  isFileRecursive?: boolean;
+  files: { id: number; isRecursive: boolean }[];
 }

 const filesystem = new Dexie("filesystem") as Dexie & {
@@ -30,21 +33,11 @@ const filesystem = new Dexie("filesystem") as Dexie & {
  category: EntityTable<CategoryInfo, "id">;
 };

-filesystem
-  .version(3)
-  .stores({
-    directory: "id, parentId",
-    file: "id, parentId",
-    category: "id, parentId",
-  })
-  .upgrade(async (trx) => {
-    await trx
-      .table("category")
-      .toCollection()
-      .modify((category) => {
-        category.isFileRecursive = false;
-      });
-  });
+filesystem.version(2).stores({
+  directory: "id, parentId",
+  file: "id, parentId",
+  category: "id, parentId",
+});

 export const getDirectoryInfos = async (parentId: DirectoryId) => {
  return await filesystem.directory.where({ parentId }).toArray();
@@ -55,23 +48,13 @@ export const getDirectoryInfo = async (id: number) => {
 };

 export const storeDirectoryInfo = async (directoryInfo: DirectoryInfo) => {
-  await filesystem.directory.upsert(directoryInfo.id, { ...directoryInfo });
+  await filesystem.directory.put(directoryInfo);
 };

 export const deleteDirectoryInfo = async (id: number) => {
  await filesystem.directory.delete(id);
 };

-export const deleteDanglingDirectoryInfos = async (
-  parentId: DirectoryId,
-  validIds: Set<number>,
-) => {
-  await filesystem.directory
-    .where({ parentId })
-    .and((directory) => !validIds.has(directory.id))
-    .delete();
-};
-
 export const getAllFileInfos = async () => {
  return await filesystem.file.toArray();
 };
@@ -84,29 +67,14 @@ export const getFileInfo = async (id: number) => {
  return await filesystem.file.get(id);
 };

-export const bulkGetFileInfos = async (ids: number[]) => {
-  return await filesystem.file.bulkGet(ids);
-};
-
 export const storeFileInfo = async (fileInfo: FileInfo) => {
-  await filesystem.file.upsert(fileInfo.id, { ...fileInfo });
+  await filesystem.file.put(fileInfo);
 };

 export const deleteFileInfo = async (id: number) => {
  await filesystem.file.delete(id);
 };

-export const bulkDeleteFileInfos = async (ids: number[]) => {
-  await filesystem.file.bulkDelete(ids);
-};
-
-export const deleteDanglingFileInfos = async (parentId: DirectoryId, validIds: Set<number>) => {
-  await filesystem.file
-    .where({ parentId })
-    .and((file) => !validIds.has(file.id))
-    .delete();
-};
-
 export const getCategoryInfos = async (parentId: CategoryId) => {
  return await filesystem.category.where({ parentId }).toArray();
 };
@@ -116,24 +84,13 @@ export const getCategoryInfo = async (id: number) => {
 };

 export const storeCategoryInfo = async (categoryInfo: CategoryInfo) => {
-  await filesystem.category.upsert(categoryInfo.id, { ...categoryInfo });
-};
-
-export const updateCategoryInfo = async (id: number, changes: { isFileRecursive?: boolean }) => {
-  await filesystem.category.update(id, changes);
+  await filesystem.category.put(categoryInfo);
 };

 export const deleteCategoryInfo = async (id: number) => {
  await filesystem.category.delete(id);
 };

-export const deleteDanglingCategoryInfos = async (parentId: CategoryId, validIds: Set<number>) => {
-  await filesystem.category
-    .where({ parentId })
-    .and((category) => !validIds.has(category.id))
-    .delete();
-};
-
 export const cleanupDanglingInfos = async () => {
  const validDirectoryIds: number[] = [];
  const validFileIds: number[] = [];
--- a/src/lib/modules/crypto/aes.ts
+++ b/src/lib/modules/crypto/aes.ts
@@ -1,11 +1,4 @@
-import { AES_GCM_IV_SIZE } from "$lib/constants";
-import {
-  encodeString,
-  decodeString,
-  encodeToBase64,
-  decodeFromBase64,
-  concatenateBuffers,
-} from "./util";
+import { encodeString, decodeString, encodeToBase64, decodeFromBase64 } from "./util";

 export const generateMasterKey = async () => {
  return {
@@ -93,18 +86,14 @@ export const encryptData = async (data: BufferSource, dataKey: CryptoKey) => {
    dataKey,
    data,
  );
-  return { ciphertext, iv: iv.buffer };
+  return { ciphertext, iv: encodeToBase64(iv.buffer) };
 };

-export const decryptData = async (
-  ciphertext: BufferSource,
-  iv: string | BufferSource,
-  dataKey: CryptoKey,
-) => {
+export const decryptData = async (ciphertext: BufferSource, iv: string, dataKey: CryptoKey) => {
  return await window.crypto.subtle.decrypt(
    {
      name: "AES-GCM",
-      iv: typeof iv === "string" ? decodeFromBase64(iv) : iv,
+      iv: decodeFromBase64(iv),
    } satisfies AesGcmParams,
    dataKey,
    ciphertext,
@@ -113,22 +102,9 @@ export const decryptData = async (

 export const encryptString = async (plaintext: string, dataKey: CryptoKey) => {
  const { ciphertext, iv } = await encryptData(encodeString(plaintext), dataKey);
-  return { ciphertext: encodeToBase64(ciphertext), iv: encodeToBase64(iv) };
+  return { ciphertext: encodeToBase64(ciphertext), iv };
 };

 export const decryptString = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
  return decodeString(await decryptData(decodeFromBase64(ciphertext), iv, dataKey));
 };
-
-export const encryptChunk = async (chunk: ArrayBuffer, dataKey: CryptoKey) => {
-  const { ciphertext, iv } = await encryptData(chunk, dataKey);
-  return concatenateBuffers(iv, ciphertext).buffer;
-};
-
-export const decryptChunk = async (encryptedChunk: ArrayBuffer, dataKey: CryptoKey) => {
-  return await decryptData(
-    encryptedChunk.slice(AES_GCM_IV_SIZE),
-    encryptedChunk.slice(0, AES_GCM_IV_SIZE),
-    dataKey,
-  );
-};
--- a/src/lib/modules/file/cache.ts
+++ b/src/lib/modules/file/cache.ts
@@ -1,12 +1,15 @@
+import { LRUCache } from "lru-cache";
 import {
  getFileCacheIndex as getFileCacheIndexFromIndexedDB,
  storeFileCacheIndex,
  deleteFileCacheIndex,
  type FileCacheIndex,
 } from "$lib/indexedDB";
-import { readFile, writeFile, deleteFile } from "$lib/modules/opfs";
+import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
+import { getThumbnailUrl } from "$lib/modules/thumbnail";

 const fileCacheIndex = new Map<number, FileCacheIndex>();
+const loadedThumbnails = new LRUCache<number, string>({ max: 100 });

 export const prepareFileCache = async () => {
  for (const cache of await getFileCacheIndexFromIndexedDB()) {
@@ -48,3 +51,30 @@ export const deleteFileCache = async (fileId: number) => {
  await deleteFile(`/cache/${fileId}`);
  await deleteFileCacheIndex(fileId);
 };
+
+export const getFileThumbnailCache = async (fileId: number) => {
+  const thumbnail = loadedThumbnails.get(fileId);
+  if (thumbnail) return thumbnail;
+
+  const thumbnailBuffer = await readFile(`/thumbnail/file/${fileId}`);
+  if (!thumbnailBuffer) return null;
+
+  const thumbnailUrl = getThumbnailUrl(thumbnailBuffer);
+  loadedThumbnails.set(fileId, thumbnailUrl);
+  return thumbnailUrl;
+};
+
+export const storeFileThumbnailCache = async (fileId: number, thumbnailBuffer: ArrayBuffer) => {
+  await writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
+  loadedThumbnails.set(fileId, getThumbnailUrl(thumbnailBuffer));
+};
+
+export const deleteFileThumbnailCache = async (fileId: number) => {
+  loadedThumbnails.delete(fileId);
+  await deleteFile(`/thumbnail/file/${fileId}`);
+};
+
+export const deleteAllFileThumbnailCaches = async () => {
+  loadedThumbnails.clear();
+  await deleteDirectory("/thumbnail/file");
+};
--- a/src/lib/modules/file/download.svelte.ts
+++ b/src/lib/modules/file/download.svelte.ts
@@ -1,110 +0,0 @@
-import axios from "axios";
-import { limitFunction } from "p-limit";
-import { CHUNK_SIZE, ENCRYPTION_OVERHEAD } from "$lib/constants";
-import { decryptChunk, concatenateBuffers } from "$lib/modules/crypto";
-
-export interface FileDownloadState {
-  id: number;
-  status:
-    | "download-pending"
-    | "downloading"
-    | "decryption-pending"
-    | "decrypting"
-    | "decrypted"
-    | "canceled"
-    | "error";
-  progress?: number;
-  rate?: number;
-  estimated?: number;
-  result?: ArrayBuffer;
-}
-
-type LiveFileDownloadState = FileDownloadState & {
-  status: "download-pending" | "downloading" | "decryption-pending" | "decrypting";
-};
-
-let downloadingFiles: FileDownloadState[] = $state([]);
-
-export const isFileDownloading = (
-  status: FileDownloadState["status"],
-): status is LiveFileDownloadState["status"] =>
-  ["download-pending", "downloading", "decryption-pending", "decrypting"].includes(status);
-
-export const getFileDownloadState = (fileId: number) => {
-  return downloadingFiles.find((file) => file.id === fileId && isFileDownloading(file.status));
-};
-
-export const getDownloadingFiles = () => {
-  return downloadingFiles.filter((file) => isFileDownloading(file.status));
-};
-
-export const clearDownloadedFiles = () => {
-  downloadingFiles = downloadingFiles.filter((file) => isFileDownloading(file.status));
-};
-
-const requestFileDownload = limitFunction(
-  async (state: FileDownloadState, id: number) => {
-    state.status = "downloading";
-
-    const res = await axios.get(`/api/file/${id}/download`, {
-      responseType: "arraybuffer",
-      onDownloadProgress: ({ progress, rate, estimated }) => {
-        state.progress = progress;
-        state.rate = rate;
-        state.estimated = estimated;
-      },
-    });
-    const fileEncrypted: ArrayBuffer = res.data;
-
-    state.status = "decryption-pending";
-    return fileEncrypted;
-  },
-  { concurrency: 1 },
-);
-
-const decryptFile = limitFunction(
-  async (
-    state: FileDownloadState,
-    fileEncrypted: ArrayBuffer,
-    encryptedChunkSize: number,
-    dataKey: CryptoKey,
-  ) => {
-    state.status = "decrypting";
-
-    const chunks: ArrayBuffer[] = [];
-    let offset = 0;
-
-    while (offset < fileEncrypted.byteLength) {
-      const nextOffset = Math.min(offset + encryptedChunkSize, fileEncrypted.byteLength);
-      chunks.push(await decryptChunk(fileEncrypted.slice(offset, nextOffset), dataKey));
-      offset = nextOffset;
-    }
-
-    const fileBuffer = concatenateBuffers(...chunks).buffer;
-    state.status = "decrypted";
-    state.result = fileBuffer;
-    return fileBuffer;
-  },
-  { concurrency: 4 },
-);
-
-export const downloadFile = async (id: number, dataKey: CryptoKey, isLegacy: boolean) => {
-  downloadingFiles.push({
-    id,
-    status: "download-pending",
-  });
-  const state = downloadingFiles.at(-1)!;
-
-  try {
-    const fileEncrypted = await requestFileDownload(state, id);
-    return await decryptFile(
-      state,
-      fileEncrypted,
-      isLegacy ? fileEncrypted.byteLength : CHUNK_SIZE + ENCRYPTION_OVERHEAD,
-      dataKey,
-    );
-  } catch (e) {
-    state.status = "error";
-    throw e;
-  }
-};
--- a/src/lib/modules/file/download.ts
+++ b/src/lib/modules/file/download.ts
@@ -0,0 +1,84 @@
+import axios from "axios";
+import { limitFunction } from "p-limit";
+import { writable, type Writable } from "svelte/store";
+import { decryptData } from "$lib/modules/crypto";
+import { fileDownloadStatusStore, type FileDownloadStatus } from "$lib/stores";
+
+const requestFileDownload = limitFunction(
+  async (status: Writable<FileDownloadStatus>, id: number) => {
+    status.update((value) => {
+      value.status = "downloading";
+      return value;
+    });
+
+    const res = await axios.get(`/api/file/${id}/download`, {
+      responseType: "arraybuffer",
+      onDownloadProgress: ({ progress, rate, estimated }) => {
+        status.update((value) => {
+          value.progress = progress;
+          value.rate = rate;
+          value.estimated = estimated;
+          return value;
+        });
+      },
+    });
+    const fileEncrypted: ArrayBuffer = res.data;
+
+    status.update((value) => {
+      value.status = "decryption-pending";
+      return value;
+    });
+    return fileEncrypted;
+  },
+  { concurrency: 1 },
+);
+
+const decryptFile = limitFunction(
+  async (
+    status: Writable<FileDownloadStatus>,
+    fileEncrypted: ArrayBuffer,
+    fileEncryptedIv: string,
+    dataKey: CryptoKey,
+  ) => {
+    status.update((value) => {
+      value.status = "decrypting";
+      return value;
+    });
+
+    const fileBuffer = await decryptData(fileEncrypted, fileEncryptedIv, dataKey);
+
+    status.update((value) => {
+      value.status = "decrypted";
+      value.result = fileBuffer;
+      return value;
+    });
+    return fileBuffer;
+  },
+  { concurrency: 4 },
+);
+
+export const downloadFile = async (id: number, fileEncryptedIv: string, dataKey: CryptoKey) => {
+  const status = writable<FileDownloadStatus>({
+    id,
+    status: "download-pending",
+  });
+  fileDownloadStatusStore.update((value) => {
+    value.push(status);
+    return value;
+  });
+
+  try {
+    return await decryptFile(
+      status,
+      await requestFileDownload(status, id),
+      fileEncryptedIv,
+      dataKey,
+    );
+  } catch (e) {
+    status.update((value) => {
+      value.status = "error";
+      return value;
+    });
+    throw e;
+  }
+};
--- a/src/lib/modules/file/index.ts
+++ b/src/lib/modules/file/index.ts
@@ -1,4 +1,3 @@
 export * from "./cache";
-export * from "./download.svelte";
-export * from "./thumbnail";
-export * from "./upload.svelte";
+export * from "./download";
+export * from "./upload";
--- a/src/lib/modules/file/thumbnail.ts
+++ b/src/lib/modules/file/thumbnail.ts
@@ -1,82 +0,0 @@
-import { LRUCache } from "lru-cache";
-import { writable, type Writable } from "svelte/store";
-import { browser } from "$app/environment";
-import { decryptData } from "$lib/modules/crypto";
-import type { SummarizedFileInfo } from "$lib/modules/filesystem";
-import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
-import { getThumbnailUrl } from "$lib/modules/thumbnail";
-
-const loadedThumbnails = new LRUCache<number, Writable<string>>({ max: 100 });
-const loadingThumbnails = new Map<number, Writable<string | undefined>>();
-
-const fetchFromOpfs = async (fileId: number) => {
-  const thumbnailBuffer = await readFile(`/thumbnail/file/${fileId}`);
-  if (thumbnailBuffer) {
-    return getThumbnailUrl(thumbnailBuffer);
-  }
-};
-
-const fetchFromServer = async (fileId: number, dataKey: CryptoKey) => {
-  const res = await fetch(`/api/file/${fileId}/thumbnail/download`);
-  if (!res.ok) return null;
-
-  const thumbnailEncrypted = await res.arrayBuffer();
-  const thumbnailBuffer = await decryptData(
-    thumbnailEncrypted.slice(12),
-    thumbnailEncrypted.slice(0, 12),
-    dataKey,
-  );
-
-  void writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
-  return getThumbnailUrl(thumbnailBuffer);
-};
-
-export const getFileThumbnail = (file: SummarizedFileInfo) => {
-  if (
-    !browser ||
-    !(file.contentType.startsWith("image/") || file.contentType.startsWith("video/"))
-  ) {
-    return undefined;
-  }
-
-  const thumbnail = loadedThumbnails.get(file.id);
-  if (thumbnail) return thumbnail;
-
-  let loadingThumbnail = loadingThumbnails.get(file.id);
-  if (loadingThumbnail) return loadingThumbnail;
-
-  loadingThumbnail = writable(undefined);
-  loadingThumbnails.set(file.id, loadingThumbnail);
-
-  fetchFromOpfs(file.id)
-    .then((thumbnail) => thumbnail ?? (file.dataKey && fetchFromServer(file.id, file.dataKey.key)))
-    .then((thumbnail) => {
-      if (thumbnail) {
-        loadingThumbnail.set(thumbnail);
-        loadedThumbnails.set(file.id, loadingThumbnail as Writable<string>);
-      }
-      loadingThumbnails.delete(file.id);
-    });
-  return loadingThumbnail;
-};
-
-export const storeFileThumbnailCache = async (fileId: number, thumbnailBuffer: ArrayBuffer) => {
-  await writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
-
-  const oldThumbnail = loadedThumbnails.get(fileId);
-  if (oldThumbnail) {
-    oldThumbnail.set(getThumbnailUrl(thumbnailBuffer));
-  } else {
-    loadedThumbnails.set(fileId, writable(getThumbnailUrl(thumbnailBuffer)));
-  }
-};
-
-export const deleteFileThumbnailCache = async (fileId: number) => {
-  loadedThumbnails.delete(fileId);
-  await deleteFile(`/thumbnail/file/${fileId}`);
-};
-
-export const deleteAllFileThumbnailCaches = async () => {
-  loadedThumbnails.clear();
-  await deleteDirectory(`/thumbnail/file`);
-};
--- a/src/lib/modules/file/upload.svelte.ts
+++ b/src/lib/modules/file/upload.svelte.ts
@@ -1,320 +0,0 @@
-import axios from "axios";
-import ExifReader from "exifreader";
-import { limitFunction } from "p-limit";
-import { CHUNK_SIZE } from "$lib/constants";
-import {
-  encodeToBase64,
-  generateDataKey,
-  wrapDataKey,
-  encryptData,
-  encryptString,
-  encryptChunk,
-  digestMessage,
-  signMessageHmac,
-} from "$lib/modules/crypto";
-import { Scheduler } from "$lib/modules/scheduler";
-import { generateThumbnail } from "$lib/modules/thumbnail";
-import type { FileThumbnailUploadRequest } from "$lib/server/schemas";
-import type { MasterKey, HmacSecret } from "$lib/stores";
-import { trpc } from "$trpc/client";
-import type { RouterInputs } from "$trpc/router.server";
-
-export interface FileUploadState {
-  name: string;
-  parentId: DirectoryId;
-  status:
-    | "queued"
-    | "encryption-pending"
-    | "encrypting"
-    | "upload-pending"
-    | "uploading"
-    | "uploaded"
-    | "canceled"
-    | "error";
-  progress?: number;
-  rate?: number;
-  estimated?: number;
-}
-
-export type LiveFileUploadState = FileUploadState & {
-  status: "queued" | "encryption-pending" | "encrypting" | "upload-pending" | "uploading";
-};
-
-const scheduler = new Scheduler<
-  { fileId: number; fileBuffer: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined
->();
-let uploadingFiles: FileUploadState[] = $state([]);
-
-const isFileUploading = (status: FileUploadState["status"]) =>
-  ["queued", "encryption-pending", "encrypting", "upload-pending", "uploading"].includes(status);
-
-export const getUploadingFiles = (parentId?: DirectoryId) => {
-  return uploadingFiles.filter(
-    (file) =>
-      (parentId === undefined || file.parentId === parentId) && isFileUploading(file.status),
-  );
-};
-
-export const clearUploadedFiles = () => {
-  uploadingFiles = uploadingFiles.filter((file) => isFileUploading(file.status));
-};
-
-const requestDuplicateFileScan = limitFunction(
-  async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => {
-    const fileBuffer = await file.arrayBuffer();
-    const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret));
-
-    const files = await trpc().file.listByHash.query({
-      hskVersion: hmacSecret.version,
-      contentHmac: fileSigned,
-    });
-    if (files.length === 0 || (await onDuplicate())) {
-      return { fileBuffer, fileSigned };
-    } else {
-      return {};
-    }
-  },
-  { concurrency: 1 },
-);
-
-const getFileType = (file: File) => {
-  if (file.type) return file.type;
-  if (file.name.endsWith(".heic")) return "image/heic";
-  throw new Error("Unknown file type");
-};
-
-const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
-  const exif = ExifReader.load(fileBuffer);
-  const dateTimeOriginal = exif["DateTimeOriginal"]?.description;
-  const offsetTimeOriginal = exif["OffsetTimeOriginal"]?.description;
-  if (!dateTimeOriginal) return undefined;
-
-  const [date, time] = dateTimeOriginal.split(" ");
-  if (!date || !time) return undefined;
-
-  const [year, month, day] = date.split(":").map(Number);
-  const [hour, minute, second] = time.split(":").map(Number);
-  if (!year || !month || !day || !hour || !minute || !second) return undefined;
-
-  if (!offsetTimeOriginal) {
-    // No timezone information.. Assume local timezone
-    return new Date(year, month - 1, day, hour, minute, second);
-  }
-
-  const offsetSign = offsetTimeOriginal[0] === "+" ? 1 : -1;
-  const [offsetHour, offsetMinute] = offsetTimeOriginal.slice(1).split(":").map(Number);
-
-  const utcDate = Date.UTC(year, month - 1, day, hour, minute, second);
-  const offsetMs = offsetSign * ((offsetHour ?? 0) * 60 + (offsetMinute ?? 0)) * 60 * 1000;
-  return new Date(utcDate - offsetMs);
-};
-
-const encryptChunks = async (fileBuffer: ArrayBuffer, dataKey: CryptoKey) => {
-  const chunksEncrypted: { chunkEncrypted: ArrayBuffer; chunkEncryptedHash: string }[] = [];
-  let offset = 0;
-
-  while (offset < fileBuffer.byteLength) {
-    const nextOffset = Math.min(offset + CHUNK_SIZE, fileBuffer.byteLength);
-    const chunkEncrypted = await encryptChunk(fileBuffer.slice(offset, nextOffset), dataKey);
-    chunksEncrypted.push({
-      chunkEncrypted: chunkEncrypted,
-      chunkEncryptedHash: encodeToBase64(await digestMessage(chunkEncrypted)),
-    });
-    offset = nextOffset;
-  }
-
-  return chunksEncrypted;
-};
-
-const encryptFile = limitFunction(
-  async (state: FileUploadState, file: File, fileBuffer: ArrayBuffer, masterKey: MasterKey) => {
-    state.status = "encrypting";
-
-    const fileType = getFileType(file);
-
-    let createdAt;
-    if (fileType.startsWith("image/")) {
-      createdAt = extractExifDateTime(fileBuffer);
-    }
-
-    const { dataKey, dataKeyVersion } = await generateDataKey();
-    const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
-    const chunksEncrypted = await encryptChunks(fileBuffer, dataKey);
-
-    const nameEncrypted = await encryptString(file.name, dataKey);
-    const createdAtEncrypted =
-      createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
-    const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey);
-
-    const thumbnail = await generateThumbnail(fileBuffer, fileType);
-    const thumbnailBuffer = await thumbnail?.arrayBuffer();
-    const thumbnailEncrypted = thumbnailBuffer && (await encryptData(thumbnailBuffer, dataKey));
-
-    state.status = "upload-pending";
-
-    return {
-      dataKeyWrapped,
-      dataKeyVersion,
-      fileType,
-      chunksEncrypted,
-      nameEncrypted,
-      createdAtEncrypted,
-      lastModifiedAtEncrypted,
-      thumbnail: thumbnailEncrypted && { plaintext: thumbnailBuffer, ...thumbnailEncrypted },
-    };
-  },
-  { concurrency: 4 },
-);
-
-const requestFileUpload = limitFunction(
-  async (
-    state: FileUploadState,
-    metadata: RouterInputs["file"]["startUpload"],
-    chunksEncrypted: { chunkEncrypted: ArrayBuffer; chunkEncryptedHash: string }[],
-    fileSigned: string | undefined,
-    thumbnailForm: FormData | null,
-  ) => {
-    state.status = "uploading";
-
-    const { uploadId } = await trpc().file.startUpload.mutate(metadata);
-
-    // Upload chunks with progress tracking
-    const totalBytes = chunksEncrypted.reduce((sum, c) => sum + c.chunkEncrypted.byteLength, 0);
-    let uploadedBytes = 0;
-    const startTime = Date.now();
-
-    for (let i = 0; i < chunksEncrypted.length; i++) {
-      const { chunkEncrypted, chunkEncryptedHash } = chunksEncrypted[i]!;
-
-      const response = await fetch(`/api/file/upload/${uploadId}/chunks/${i}`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/octet-stream",
-          "Content-Digest": `sha-256=:${chunkEncryptedHash}:`,
-        },
-        body: chunkEncrypted,
-      });
-
-      if (!response.ok) {
-        throw new Error(`Chunk upload failed: ${response.status} ${response.statusText}`);
-      }
-
-      uploadedBytes += chunkEncrypted.byteLength;
-
-      // Calculate progress, rate, estimated
-      const elapsed = (Date.now() - startTime) / 1000; // seconds
-      const rate = uploadedBytes / elapsed; // bytes per second
-      const remaining = totalBytes - uploadedBytes;
-      const estimated = rate > 0 ? remaining / rate : undefined;
-
-      state.progress = uploadedBytes / totalBytes;
-      state.rate = rate;
-      state.estimated = estimated;
-    }
-
-    // Complete upload
-    const { file: fileId } = await trpc().file.completeUpload.mutate({
-      uploadId,
-      contentHmac: fileSigned,
-    });
-
-    // Upload thumbnail if exists
-    if (thumbnailForm) {
-      try {
-        await axios.post(`/api/file/${fileId}/thumbnail/upload`, thumbnailForm);
-      } catch (e) {
-        // TODO: Error handling for thumbnail upload
-        console.error(e);
-      }
-    }
-
-    state.status = "uploaded";
-
-    return { fileId };
-  },
-  { concurrency: 1 },
-);
-
-export const uploadFile = async (
-  file: File,
-  parentId: "root" | number,
-  hmacSecret: HmacSecret,
-  masterKey: MasterKey,
-  onDuplicate: () => Promise<boolean>,
-) => {
-  uploadingFiles.push({
-    name: file.name,
-    parentId,
-    status: "queued",
-  });
-  const state = uploadingFiles.at(-1)!;
-
-  return await scheduler.schedule(file.size, async () => {
-    state.status = "encryption-pending";
-
-    try {
-      const { fileBuffer, fileSigned } = await requestDuplicateFileScan(
-        file,
-        hmacSecret,
-        onDuplicate,
-      );
-      if (!fileBuffer || !fileSigned) {
-        state.status = "canceled";
-        uploadingFiles = uploadingFiles.filter((file) => file !== state);
-        return undefined;
-      }
-
-      const {
-        dataKeyWrapped,
-        dataKeyVersion,
-        fileType,
-        chunksEncrypted,
-        nameEncrypted,
-        createdAtEncrypted,
-        lastModifiedAtEncrypted,
-        thumbnail,
-      } = await encryptFile(state, file, fileBuffer, masterKey);
-
-      const metadata = {
-        chunks: chunksEncrypted.length,
-        parent: parentId,
-        mekVersion: masterKey.version,
-        dek: dataKeyWrapped,
-        dekVersion: dataKeyVersion,
-        hskVersion: hmacSecret.version,
-        contentType: fileType,
-        name: nameEncrypted.ciphertext,
-        nameIv: nameEncrypted.iv,
-        createdAt: createdAtEncrypted?.ciphertext,
-        createdAtIv: createdAtEncrypted?.iv,
-        lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
-        lastModifiedAtIv: lastModifiedAtEncrypted.iv,
-      };
-
-      let thumbnailForm = null;
-      if (thumbnail) {
-        thumbnailForm = new FormData();
-        thumbnailForm.set(
-          "metadata",
-          JSON.stringify({
-            dekVersion: dataKeyVersion.toISOString(),
-            contentIv: encodeToBase64(thumbnail.iv),
-          } satisfies FileThumbnailUploadRequest),
-        );
-        thumbnailForm.set("content", new Blob([thumbnail.ciphertext]));
-      }
-
-      const { fileId } = await requestFileUpload(
-        state,
-        metadata,
-        chunksEncrypted,
-        fileSigned,
-        thumbnailForm,
-      );
-      return { fileId, fileBuffer, thumbnailBuffer: thumbnail?.plaintext };
-    } catch (e) {
-      state.status = "error";
-      throw e;
-    }
-  });
-};
--- a/src/lib/modules/file/upload.ts
+++ b/src/lib/modules/file/upload.ts
@@ -0,0 +1,267 @@
+import axios from "axios";
+import ExifReader from "exifreader";
+import { limitFunction } from "p-limit";
+import { writable, type Writable } from "svelte/store";
+import {
+  encodeToBase64,
+  generateDataKey,
+  wrapDataKey,
+  encryptData,
+  encryptString,
+  digestMessage,
+  signMessageHmac,
+} from "$lib/modules/crypto";
+import { generateThumbnail } from "$lib/modules/thumbnail";
+import type {
+  DuplicateFileScanRequest,
+  DuplicateFileScanResponse,
+  FileThumbnailUploadRequest,
+  FileUploadRequest,
+  FileUploadResponse,
+} from "$lib/server/schemas";
+import {
+  fileUploadStatusStore,
+  type MasterKey,
+  type HmacSecret,
+  type FileUploadStatus,
+} from "$lib/stores";
+
+const requestDuplicateFileScan = limitFunction(
+  async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => {
+    const fileBuffer = await file.arrayBuffer();
+    const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret));
+
+    const res = await axios.post("/api/file/scanDuplicates", {
+      hskVersion: hmacSecret.version,
+      contentHmac: fileSigned,
+    } satisfies DuplicateFileScanRequest);
+    const { files }: DuplicateFileScanResponse = res.data;
+
+    if (files.length === 0 || (await onDuplicate())) {
+      return { fileBuffer, fileSigned };
+    } else {
+      return {};
+    }
+  },
+  { concurrency: 1 },
+);
+
+const getFileType = (file: File) => {
+  if (file.type) return file.type;
+  if (file.name.endsWith(".heic")) return "image/heic";
+  throw new Error("Unknown file type");
+};
+
+const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
+  const exif = ExifReader.load(fileBuffer);
+  const dateTimeOriginal = exif["DateTimeOriginal"]?.description;
+  const offsetTimeOriginal = exif["OffsetTimeOriginal"]?.description;
+  if (!dateTimeOriginal) return undefined;
+
+  const [date, time] = dateTimeOriginal.split(" ");
+  if (!date || !time) return undefined;
+
+  const [year, month, day] = date.split(":").map(Number);
+  const [hour, minute, second] = time.split(":").map(Number);
+  if (!year || !month || !day || !hour || !minute || !second) return undefined;
+
+  if (!offsetTimeOriginal) {
+    // No timezone information.. Assume local timezone
+    return new Date(year, month - 1, day, hour, minute, second);
+  }
+
+  const offsetSign = offsetTimeOriginal[0] === "+" ? 1 : -1;
+  const [offsetHour, offsetMinute] = offsetTimeOriginal.slice(1).split(":").map(Number);
+
+  const utcDate = Date.UTC(year, month - 1, day, hour, minute, second);
+  const offsetMs = offsetSign * ((offsetHour ?? 0) * 60 + (offsetMinute ?? 0)) * 60 * 1000;
+  return new Date(utcDate - offsetMs);
+};
+
+const encryptFile = limitFunction(
+  async (
+    status: Writable<FileUploadStatus>,
+    file: File,
+    fileBuffer: ArrayBuffer,
+    masterKey: MasterKey,
+  ) => {
+    status.update((value) => {
+      value.status = "encrypting";
+      return value;
+    });
+
+    const fileType = getFileType(file);
+
+    let createdAt;
+    if (fileType.startsWith("image/")) {
+      createdAt = extractExifDateTime(fileBuffer);
+    }
+
+    const { dataKey, dataKeyVersion } = await generateDataKey();
+    const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
+
+    const fileEncrypted = await encryptData(fileBuffer, dataKey);
+    const fileEncryptedHash = encodeToBase64(await digestMessage(fileEncrypted.ciphertext));
+
+    const nameEncrypted = await encryptString(file.name, dataKey);
+    const createdAtEncrypted =
+      createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
+    const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey);
+
+    const thumbnail = await generateThumbnail(fileBuffer, fileType);
+    const thumbnailBuffer = await thumbnail?.arrayBuffer();
+    const thumbnailEncrypted = thumbnailBuffer && (await encryptData(thumbnailBuffer, dataKey));
+
+    status.update((value) => {
+      value.status = "upload-pending";
+      return value;
+    });
+
+    return {
+      dataKeyWrapped,
+      dataKeyVersion,
+      fileType,
+      fileEncrypted,
+      fileEncryptedHash,
+      nameEncrypted,
+      createdAtEncrypted,
+      lastModifiedAtEncrypted,
+      thumbnail: thumbnailEncrypted && { plaintext: thumbnailBuffer, ...thumbnailEncrypted },
+    };
+  },
+  { concurrency: 4 },
+);
+
+const requestFileUpload = limitFunction(
+  async (status: Writable<FileUploadStatus>, form: FormData, thumbnailForm: FormData | null) => {
+    status.update((value) => {
+      value.status = "uploading";
+      return value;
+    });
+
+    const res = await axios.post("/api/file/upload", form, {
+      onUploadProgress: ({ progress, rate, estimated }) => {
+        status.update((value) => {
+          value.progress = progress;
+          value.rate = rate;
+          value.estimated = estimated;
+          return value;
+        });
+      },
+    });
+    const { file }: FileUploadResponse = res.data;
+
+    if (thumbnailForm) {
+      try {
+        await axios.post(`/api/file/${file}/thumbnail/upload`, thumbnailForm);
+      } catch (e) {
+        // TODO
+        console.error(e);
+      }
+    }
+
+    status.update((value) => {
+      value.status = "uploaded";
+      return value;
+    });
+
+    return { fileId: file };
+  },
+  { concurrency: 1 },
+);
+
+export const uploadFile = async (
+  file: File,
+  parentId: "root" | number,
+  hmacSecret: HmacSecret,
+  masterKey: MasterKey,
+  onDuplicate: () => Promise<boolean>,
+): Promise<
+  { fileId: number; fileBuffer: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined
+> => {
+  const status = writable<FileUploadStatus>({
+    name: file.name,
+    parentId,
+    status: "encryption-pending",
+  });
+  fileUploadStatusStore.update((value) => {
+    value.push(status);
+    return value;
+  });
+
+  try {
+    const { fileBuffer, fileSigned } = await requestDuplicateFileScan(
+      file,
+      hmacSecret,
+      onDuplicate,
+    );
+    if (!fileBuffer || !fileSigned) {
+      status.update((value) => {
+        value.status = "canceled";
+        return value;
+      });
+      fileUploadStatusStore.update((value) => {
+        value = value.filter((v) => v !== status);
+        return value;
+      });
+      return undefined;
+    }
+
+    const {
+      dataKeyWrapped,
+      dataKeyVersion,
+      fileType,
+      fileEncrypted,
+      fileEncryptedHash,
+      nameEncrypted,
+      createdAtEncrypted,
+      lastModifiedAtEncrypted,
+      thumbnail,
+    } = await encryptFile(status, file, fileBuffer, masterKey);
+
+    const form = new FormData();
+    form.set(
+      "metadata",
+      JSON.stringify({
+        parent: parentId,
+        mekVersion: masterKey.version,
+        dek: dataKeyWrapped,
+        dekVersion: dataKeyVersion.toISOString(),
+        hskVersion: hmacSecret.version,
+        contentHmac: fileSigned,
+        contentType: fileType,
+        contentIv: fileEncrypted.iv,
+        name: nameEncrypted.ciphertext,
+        nameIv: nameEncrypted.iv,
+        createdAt: createdAtEncrypted?.ciphertext,
+        createdAtIv: createdAtEncrypted?.iv,
+        lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
+        lastModifiedAtIv: lastModifiedAtEncrypted.iv,
+      } satisfies FileUploadRequest),
+    );
+    form.set("content", new Blob([fileEncrypted.ciphertext]));
+    form.set("checksum", fileEncryptedHash);
+
+    let thumbnailForm = null;
+    if (thumbnail) {
+      thumbnailForm = new FormData();
+      thumbnailForm.set(
+        "metadata",
+        JSON.stringify({
+          dekVersion: dataKeyVersion.toISOString(),
+          contentIv: thumbnail.iv,
+        } satisfies FileThumbnailUploadRequest),
+      );
+      thumbnailForm.set("content", new Blob([thumbnail.ciphertext]));
+    }
+
+    const { fileId } = await requestFileUpload(status, form, thumbnailForm);
+    return { fileId, fileBuffer, thumbnailBuffer: thumbnail?.plaintext };
+  } catch (e) {
+    status.update((value) => {
+      value.status = "error";
+      return value;
+    });
+    throw e;
+  }
+};
--- a/src/lib/modules/filesystem.ts
+++ b/src/lib/modules/filesystem.ts
@@ -0,0 +1,329 @@
+import { get, writable, type Writable } from "svelte/store";
+import { callGetApi } from "$lib/hooks";
+import {
+  getDirectoryInfos as getDirectoryInfosFromIndexedDB,
+  getDirectoryInfo as getDirectoryInfoFromIndexedDB,
+  storeDirectoryInfo,
+  deleteDirectoryInfo,
+  getFileInfos as getFileInfosFromIndexedDB,
+  getFileInfo as getFileInfoFromIndexedDB,
+  storeFileInfo,
+  deleteFileInfo,
+  getCategoryInfos as getCategoryInfosFromIndexedDB,
+  getCategoryInfo as getCategoryInfoFromIndexedDB,
+  storeCategoryInfo,
+  deleteCategoryInfo,
+  type DirectoryId,
+  type CategoryId,
+} from "$lib/indexedDB";
+import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
+import type {
+  CategoryInfoResponse,
+  CategoryFileListResponse,
+  DirectoryInfoResponse,
+  FileInfoResponse,
+} from "$lib/server/schemas";
+
+export type DirectoryInfo =
+  | {
+      id: "root";
+      dataKey?: undefined;
+      dataKeyVersion?: undefined;
+      name?: undefined;
+      subDirectoryIds: number[];
+      fileIds: number[];
+    }
+  | {
+      id: number;
+      dataKey?: CryptoKey;
+      dataKeyVersion?: Date;
+      name: string;
+      subDirectoryIds: number[];
+      fileIds: number[];
+    };
+
+export interface FileInfo {
+  id: number;
+  dataKey?: CryptoKey;
+  dataKeyVersion?: Date;
+  contentType: string;
+  contentIv?: string;
+  name: string;
+  createdAt?: Date;
+  lastModifiedAt: Date;
+  categoryIds: number[];
+}
+
+export type CategoryInfo =
+  | {
+      id: "root";
+      dataKey?: undefined;
+      dataKeyVersion?: undefined;
+      name?: undefined;
+      subCategoryIds: number[];
+      files?: undefined;
+    }
+  | {
+      id: number;
+      dataKey?: CryptoKey;
+      dataKeyVersion?: Date;
+      name: string;
+      subCategoryIds: number[];
+      files: { id: number; isRecursive: boolean }[];
+    };
+
+const directoryInfoStore = new Map<DirectoryId, Writable<DirectoryInfo | null>>();
+const fileInfoStore = new Map<number, Writable<FileInfo | null>>();
+const categoryInfoStore = new Map<CategoryId, Writable<CategoryInfo | null>>();
+
+const fetchDirectoryInfoFromIndexedDB = async (
+  id: DirectoryId,
+  info: Writable<DirectoryInfo | null>,
+) => {
+  if (get(info)) return;
+
+  const [directory, subDirectories, files] = await Promise.all([
+    id !== "root" ? getDirectoryInfoFromIndexedDB(id) : undefined,
+    getDirectoryInfosFromIndexedDB(id),
+    getFileInfosFromIndexedDB(id),
+  ]);
+  const subDirectoryIds = subDirectories.map(({ id }) => id);
+  const fileIds = files.map(({ id }) => id);
+
+  if (id === "root") {
+    info.set({ id, subDirectoryIds, fileIds });
+  } else {
+    if (!directory) return;
+    info.set({ id, name: directory.name, subDirectoryIds, fileIds });
+  }
+};
+
+const fetchDirectoryInfoFromServer = async (
+  id: DirectoryId,
+  info: Writable<DirectoryInfo | null>,
+  masterKey: CryptoKey,
+) => {
+  const res = await callGetApi(`/api/directory/${id}`);
+  if (res.status === 404) {
+    info.set(null);
+    await deleteDirectoryInfo(id as number);
+    return;
+  } else if (!res.ok) {
+    throw new Error("Failed to fetch directory information");
+  }
+
+  const {
+    metadata,
+    subDirectories: subDirectoryIds,
+    files: fileIds,
+  }: DirectoryInfoResponse = await res.json();
+
+  if (id === "root") {
+    info.set({ id, subDirectoryIds, fileIds });
+  } else {
+    const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
+    const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
+
+    info.set({
+      id,
+      dataKey,
+      dataKeyVersion: new Date(metadata!.dekVersion),
+      name,
+      subDirectoryIds,
+      fileIds,
+    });
+    await storeDirectoryInfo({ id, parentId: metadata!.parent, name });
+  }
+};
+
+const fetchDirectoryInfo = async (
+  id: DirectoryId,
+  info: Writable<DirectoryInfo | null>,
+  masterKey: CryptoKey,
+) => {
+  await fetchDirectoryInfoFromIndexedDB(id, info);
+  await fetchDirectoryInfoFromServer(id, info, masterKey);
+};
+
+export const getDirectoryInfo = (id: DirectoryId, masterKey: CryptoKey) => {
+  // TODO: MEK rotation
+
+  let info = directoryInfoStore.get(id);
+  if (!info) {
+    info = writable(null);
+    directoryInfoStore.set(id, info);
+  }
+
+  fetchDirectoryInfo(id, info, masterKey); // Intended
+  return info;
+};
+
+const fetchFileInfoFromIndexedDB = async (id: number, info: Writable<FileInfo | null>) => {
+  if (get(info)) return;
+
+  const file = await getFileInfoFromIndexedDB(id);
+  if (!file) return;
+
+  info.set(file);
+};
+
+const decryptDate = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
+  return new Date(parseInt(await decryptString(ciphertext, iv, dataKey), 10));
+};
+
+const fetchFileInfoFromServer = async (
+  id: number,
+  info: Writable<FileInfo | null>,
+  masterKey: CryptoKey,
+) => {
+  const res = await callGetApi(`/api/file/${id}`);
+  if (res.status === 404) {
+    info.set(null);
+    await deleteFileInfo(id);
+    return;
+  } else if (!res.ok) {
+    throw new Error("Failed to fetch file information");
+  }
+
+  const metadata: FileInfoResponse = await res.json();
+  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
+
+  const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
+  const createdAt =
+    metadata.createdAt && metadata.createdAtIv
+      ? await decryptDate(metadata.createdAt, metadata.createdAtIv, dataKey)
+      : undefined;
+  const lastModifiedAt = await decryptDate(
+    metadata.lastModifiedAt,
+    metadata.lastModifiedAtIv,
+    dataKey,
+  );
+
+  info.set({
+    id,
+    dataKey,
+    dataKeyVersion: new Date(metadata.dekVersion),
+    contentType: metadata.contentType,
+    contentIv: metadata.contentIv,
+    name,
+    createdAt,
+    lastModifiedAt,
+    categoryIds: metadata.categories,
+  });
+  await storeFileInfo({
+    id,
+    parentId: metadata.parent,
+    name,
+    contentType: metadata.contentType,
+    createdAt,
+    lastModifiedAt,
+    categoryIds: metadata.categories,
+  });
+};
+
+const fetchFileInfo = async (id: number, info: Writable<FileInfo | null>, masterKey: CryptoKey) => {
+  await fetchFileInfoFromIndexedDB(id, info);
+  await fetchFileInfoFromServer(id, info, masterKey);
+};
+
+export const getFileInfo = (fileId: number, masterKey: CryptoKey) => {
+  // TODO: MEK rotation
+
+  let info = fileInfoStore.get(fileId);
+  if (!info) {
+    info = writable(null);
+    fileInfoStore.set(fileId, info);
+  }
+
+  fetchFileInfo(fileId, info, masterKey); // Intended
+  return info;
+};
+
+const fetchCategoryInfoFromIndexedDB = async (
+  id: CategoryId,
+  info: Writable<CategoryInfo | null>,
+) => {
+  if (get(info)) return;
+
+  const [category, subCategories] = await Promise.all([
+    id !== "root" ? getCategoryInfoFromIndexedDB(id) : undefined,
+    getCategoryInfosFromIndexedDB(id),
+  ]);
+  const subCategoryIds = subCategories.map(({ id }) => id);
+
+  if (id === "root") {
+    info.set({ id, subCategoryIds });
+  } else {
+    if (!category) return;
+    info.set({ id, name: category.name, subCategoryIds, files: category.files });
+  }
+};
+
+const fetchCategoryInfoFromServer = async (
+  id: CategoryId,
+  info: Writable<CategoryInfo | null>,
+  masterKey: CryptoKey,
+) => {
+  let res = await callGetApi(`/api/category/${id}`);
+  if (res.status === 404) {
+    info.set(null);
+    await deleteCategoryInfo(id as number);
+    return;
+  } else if (!res.ok) {
+    throw new Error("Failed to fetch category information");
+  }
+
+  const { metadata, subCategories }: CategoryInfoResponse = await res.json();
+
+  if (id === "root") {
+    info.set({ id, subCategoryIds: subCategories });
+  } else {
+    const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
+    const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
+
+    res = await callGetApi(`/api/category/${id}/file/list?recurse=true`);
+    if (!res.ok) {
+      throw new Error("Failed to fetch category files");
+    }
+
+    const { files }: CategoryFileListResponse = await res.json();
+    const filesMapped = files.map(({ file, isRecursive }) => ({ id: file, isRecursive }));
+
+    info.set({
+      id,
+      dataKey,
+      dataKeyVersion: new Date(metadata!.dekVersion),
+      name,
+      subCategoryIds: subCategories,
+      files: filesMapped,
+    });
+    await storeCategoryInfo({
+      id,
+      parentId: metadata!.parent,
+      name,
+      files: filesMapped,
+    });
+  }
+};
+
+const fetchCategoryInfo = async (
+  id: CategoryId,
+  info: Writable<CategoryInfo | null>,
+  masterKey: CryptoKey,
+) => {
+  await fetchCategoryInfoFromIndexedDB(id, info);
+  await fetchCategoryInfoFromServer(id, info, masterKey);
+};
+
+export const getCategoryInfo = (categoryId: CategoryId, masterKey: CryptoKey) => {
+  // TODO: MEK rotation
+
+  let info = categoryInfoStore.get(categoryId);
+  if (!info) {
+    info = writable(null);
+    categoryInfoStore.set(categoryId, info);
+  }
+
+  fetchCategoryInfo(categoryId, info, masterKey); // Intended
+  return info;
+};
--- a/src/lib/modules/filesystem/category.ts
+++ b/src/lib/modules/filesystem/category.ts
@@ -1,121 +0,0 @@
-import * as IndexedDB from "$lib/indexedDB";
-import { trpc, isTRPCClientError } from "$trpc/client";
-import { FilesystemCache, decryptFileMetadata, decryptCategoryMetadata } from "./internal.svelte";
-import type { CategoryInfo, MaybeCategoryInfo } from "./types";
-
-const cache = new FilesystemCache<CategoryId, MaybeCategoryInfo>({
-  async fetchFromIndexedDB(id) {
-    const [category, subCategories] = await Promise.all([
-      id !== "root" ? IndexedDB.getCategoryInfo(id) : undefined,
-      IndexedDB.getCategoryInfos(id),
-    ]);
-    const files = category?.files
-      ? await Promise.all(
-          category.files.map(async (file) => {
-            const fileInfo = await IndexedDB.getFileInfo(file.id);
-            return fileInfo
-              ? {
-                  id: file.id,
-                  parentId: fileInfo.parentId,
-                  contentType: fileInfo.contentType,
-                  name: fileInfo.name,
-                  createdAt: fileInfo.createdAt,
-                  lastModifiedAt: fileInfo.lastModifiedAt,
-                  isRecursive: file.isRecursive,
-                }
-              : undefined;
-          }),
-        )
-      : undefined;
-
-    if (id === "root") {
-      return {
-        id,
-        exists: true,
-        subCategories,
-      };
-    } else if (category) {
-      return {
-        id,
-        exists: true,
-        parentId: category.parentId,
-        name: category.name,
-        subCategories,
-        files: files?.filter((file) => !!file) ?? [],
-        isFileRecursive: category.isFileRecursive ?? false,
-      };
-    }
-  },
-
-  async fetchFromServer(id, cachedInfo, masterKey) {
-    try {
-      const category = await trpc().category.get.query({ id, recurse: true });
-      const [subCategories, files, metadata] = await Promise.all([
-        Promise.all(
-          category.subCategories.map(async (category) => ({
-            id: category.id,
-            parentId: id,
-            ...(await decryptCategoryMetadata(category, masterKey)),
-          })),
-        ),
-        category.files &&
-          Promise.all(
-            category.files.map(async (file) => ({
-              id: file.id,
-              parentId: file.parent,
-              contentType: file.contentType,
-              isRecursive: file.isRecursive,
-              ...(await decryptFileMetadata(file, masterKey)),
-            })),
-          ),
-        category.metadata && decryptCategoryMetadata(category.metadata, masterKey),
-      ]);
-
-      return storeToIndexedDB(
-        id !== "root"
-          ? {
-              id,
-              parentId: category.metadata!.parent,
-              subCategories,
-              files: files!,
-              isFileRecursive: cachedInfo?.isFileRecursive ?? false,
-              ...metadata!,
-            }
-          : { id, subCategories },
-      );
-    } catch (e) {
-      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
-        await IndexedDB.deleteCategoryInfo(id as number);
-        return { id, exists: false };
-      }
-      throw e;
-    }
-  },
-});
-
-const storeToIndexedDB = (info: CategoryInfo) => {
-  if (info.id !== "root") {
-    void IndexedDB.storeCategoryInfo(info);
-
-    // TODO: Bulk Upsert
-    new Map(info.files.map((file) => [file.id, file])).forEach((file) => {
-      void IndexedDB.storeFileInfo(file);
-    });
-  }
-
-  // TODO: Bulk Upsert
-  info.subCategories.forEach((category) => {
-    void IndexedDB.storeCategoryInfo(category);
-  });
-
-  void IndexedDB.deleteDanglingCategoryInfos(
-    info.id,
-    new Set(info.subCategories.map(({ id }) => id)),
-  );
-
-  return { ...info, exists: true as const };
-};
-
-export const getCategoryInfo = (id: CategoryId, masterKey: CryptoKey) => {
-  return cache.get(id, masterKey);
-};
--- a/src/lib/modules/filesystem/directory.ts
+++ b/src/lib/modules/filesystem/directory.ts
@@ -1,102 +0,0 @@
-import * as IndexedDB from "$lib/indexedDB";
-import { trpc, isTRPCClientError } from "$trpc/client";
-import { FilesystemCache, decryptDirectoryMetadata, decryptFileMetadata } from "./internal.svelte";
-import type { DirectoryInfo, MaybeDirectoryInfo } from "./types";
-
-const cache = new FilesystemCache<DirectoryId, MaybeDirectoryInfo>({
-  async fetchFromIndexedDB(id) {
-    const [directory, subDirectories, files] = await Promise.all([
-      id !== "root" ? IndexedDB.getDirectoryInfo(id) : undefined,
-      IndexedDB.getDirectoryInfos(id),
-      IndexedDB.getFileInfos(id),
-    ]);
-
-    if (id === "root") {
-      return {
-        id,
-        exists: true,
-        subDirectories,
-        files,
-      };
-    } else if (directory) {
-      return {
-        id,
-        exists: true,
-        parentId: directory.parentId,
-        name: directory.name,
-        subDirectories,
-        files,
-      };
-    }
-  },
-
-  async fetchFromServer(id, _cachedInfo, masterKey) {
-    try {
-      const directory = await trpc().directory.get.query({ id });
-      const [subDirectories, files, metadata] = await Promise.all([
-        Promise.all(
-          directory.subDirectories.map(async (directory) => ({
-            id: directory.id,
-            parentId: id,
-            ...(await decryptDirectoryMetadata(directory, masterKey)),
-          })),
-        ),
-        Promise.all(
-          directory.files.map(async (file) => ({
-            id: file.id,
-            parentId: id,
-            contentType: file.contentType,
-            ...(await decryptFileMetadata(file, masterKey)),
-          })),
-        ),
-        directory.metadata && decryptDirectoryMetadata(directory.metadata, masterKey),
-      ]);
-
-      return storeToIndexedDB(
-        id !== "root"
-          ? {
-              id,
-              parentId: directory.metadata!.parent,
-              subDirectories,
-              files,
-              ...metadata!,
-            }
-          : { id, subDirectories, files },
-      );
-    } catch (e) {
-      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
-        await IndexedDB.deleteDirectoryInfo(id as number);
-        return { id, exists: false as const };
-      }
-      throw e;
-    }
-  },
-});
-
-const storeToIndexedDB = (info: DirectoryInfo) => {
-  if (info.id !== "root") {
-    void IndexedDB.storeDirectoryInfo(info);
-  }
-
-  // TODO: Bulk Upsert
-  info.subDirectories.forEach((subDirectory) => {
-    void IndexedDB.storeDirectoryInfo(subDirectory);
-  });
-
-  // TODO: Bulk Upsert
-  info.files.forEach((file) => {
-    void IndexedDB.storeFileInfo(file);
-  });
-
-  void IndexedDB.deleteDanglingDirectoryInfos(
-    info.id,
-    new Set(info.subDirectories.map(({ id }) => id)),
-  );
-  void IndexedDB.deleteDanglingFileInfos(info.id, new Set(info.files.map(({ id }) => id)));
-
-  return { ...info, exists: true as const };
-};
-
-export const getDirectoryInfo = (id: DirectoryId, masterKey: CryptoKey) => {
-  return cache.get(id, masterKey);
-};
--- a/src/lib/modules/filesystem/file.ts
+++ b/src/lib/modules/filesystem/file.ts
@@ -1,177 +0,0 @@
-import * as IndexedDB from "$lib/indexedDB";
-import { trpc, isTRPCClientError } from "$trpc/client";
-import { FilesystemCache, decryptFileMetadata, decryptCategoryMetadata } from "./internal.svelte";
-import type { FileInfo, MaybeFileInfo } from "./types";
-
-const cache = new FilesystemCache<number, MaybeFileInfo>({
-  async fetchFromIndexedDB(id) {
-    const file = await IndexedDB.getFileInfo(id);
-    const categories = file?.categoryIds
-      ? await Promise.all(
-          file.categoryIds.map(async (categoryId) => {
-            const category = await IndexedDB.getCategoryInfo(categoryId);
-            return category
-              ? { id: category.id, parentId: category.parentId, name: category.name }
-              : undefined;
-          }),
-        )
-      : undefined;
-
-    if (file) {
-      return {
-        id,
-        exists: true,
-        parentId: file.parentId,
-        contentType: file.contentType,
-        name: file.name,
-        createdAt: file.createdAt,
-        lastModifiedAt: file.lastModifiedAt,
-        categories: categories?.filter((category) => !!category) ?? [],
-      };
-    }
-  },
-
-  async fetchFromServer(id, _cachedInfo, masterKey) {
-    try {
-      const file = await trpc().file.get.query({ id });
-      const [categories, metadata] = await Promise.all([
-        Promise.all(
-          file.categories.map(async (category) => ({
-            id: category.id,
-            parentId: category.parent,
-            ...(await decryptCategoryMetadata(category, masterKey)),
-          })),
-        ),
-        decryptFileMetadata(file, masterKey),
-      ]);
-
-      return storeToIndexedDB({
-        id,
-        isLegacy: file.isLegacy,
-        parentId: file.parent,
-        dataKey: metadata.dataKey,
-        contentType: file.contentType,
-        name: metadata.name,
-        createdAt: metadata.createdAt,
-        lastModifiedAt: metadata.lastModifiedAt,
-        categories,
-      });
-    } catch (e) {
-      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
-        await IndexedDB.deleteFileInfo(id);
-        return { id, exists: false as const };
-      }
-      throw e;
-    }
-  },
-
-  async bulkFetchFromIndexedDB(ids) {
-    const files = await IndexedDB.bulkGetFileInfos([...ids]);
-    const categories = await Promise.all(
-      files.map(async (file) =>
-        file?.categoryIds
-          ? await Promise.all(
-              file.categoryIds.map(async (categoryId) => {
-                const category = await IndexedDB.getCategoryInfo(categoryId);
-                return category
-                  ? { id: category.id, parentId: category.parentId, name: category.name }
-                  : undefined;
-              }),
-            )
-          : undefined,
-      ),
-    );
-
-    return new Map(
-      files
-        .filter((file) => !!file)
-        .map((file, index) => [
-          file.id,
-          {
-            ...file,
-            exists: true,
-            categories: categories[index]?.filter((category) => !!category) ?? [],
-          },
-        ]),
-    );
-  },
-
-  async bulkFetchFromServer(ids, masterKey) {
-    const idsArray = [...ids.keys()];
-
-    const filesRaw = await trpc().file.bulkGet.query({ ids: idsArray });
-    const files = await Promise.all(
-      filesRaw.map(async ({ id, categories: categoriesRaw, ...metadataRaw }) => {
-        const [categories, metadata] = await Promise.all([
-          Promise.all(
-            categoriesRaw.map(async (category) => ({
-              id: category.id,
-              parentId: category.parent,
-              ...(await decryptCategoryMetadata(category, masterKey)),
-            })),
-          ),
-          decryptFileMetadata(metadataRaw, masterKey),
-        ]);
-
-        return {
-          id,
-          exists: true as const,
-          isLegacy: metadataRaw.isLegacy,
-          parentId: metadataRaw.parent,
-          contentType: metadataRaw.contentType,
-          categories,
-          ...metadata,
-        };
-      }),
-    );
-
-    const existingIds = new Set(filesRaw.map(({ id }) => id));
-    const deletedIds = idsArray.filter((id) => !existingIds.has(id));
-
-    void IndexedDB.bulkDeleteFileInfos(deletedIds);
-    return new Map<number, MaybeFileInfo>([
-      ...bulkStoreToIndexedDB(files),
-      ...deletedIds.map((id) => [id, { id, exists: false }] as const),
-    ]);
-  },
-});
-
-const storeToIndexedDB = (info: FileInfo) => {
-  void IndexedDB.storeFileInfo({
-    ...info,
-    categoryIds: info.categories.map(({ id }) => id),
-  });
-
-  info.categories.forEach((category) => {
-    void IndexedDB.storeCategoryInfo(category);
-  });
-
-  return { ...info, exists: true as const };
-};
-
-const bulkStoreToIndexedDB = (infos: FileInfo[]) => {
-  // TODO: Bulk Upsert
-  infos.forEach((info) => {
-    void IndexedDB.storeFileInfo({
-      ...info,
-      categoryIds: info.categories.map(({ id }) => id),
-    });
-  });
-
-  // TODO: Bulk Upsert
-  new Map(
-    infos.flatMap(({ categories }) => categories).map((category) => [category.id, category]),
-  ).forEach((category) => {
-    void IndexedDB.storeCategoryInfo(category);
-  });
-
-  return infos.map((info) => [info.id, { ...info, exists: true }] as const);
-};
-
-export const getFileInfo = (id: number, masterKey: CryptoKey) => {
-  return cache.get(id, masterKey);
-};
-
-export const bulkGetFileInfo = (ids: number[], masterKey: CryptoKey) => {
-  return cache.bulkGet(new Set(ids), masterKey);
-};
--- a/src/lib/modules/filesystem/index.ts
+++ b/src/lib/modules/filesystem/index.ts
@@ -1,4 +0,0 @@
-export * from "./category";
-export * from "./directory";
-export * from "./file";
-export * from "./types";
--- a/src/lib/modules/filesystem/internal.svelte.ts
+++ b/src/lib/modules/filesystem/internal.svelte.ts
@@ -1,172 +0,0 @@
-import { untrack } from "svelte";
-import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
-
-interface FilesystemCacheOptions<K, V> {
-  fetchFromIndexedDB: (key: K) => Promise<V | undefined>;
-  fetchFromServer: (key: K, cachedValue: V | undefined, masterKey: CryptoKey) => Promise<V>;
-  bulkFetchFromIndexedDB?: (keys: Set<K>) => Promise<Map<K, V>>;
-  bulkFetchFromServer?: (
-    keys: Map<K, { cachedValue: V | undefined }>,
-    masterKey: CryptoKey,
-  ) => Promise<Map<K, V>>;
-}
-
-export class FilesystemCache<K, V extends object> {
-  private map = new Map<K, { value?: V; promise?: Promise<V> }>();
-
-  constructor(private readonly options: FilesystemCacheOptions<K, V>) {}
-
-  get(key: K, masterKey: CryptoKey) {
-    return untrack(() => {
-      let state = this.map.get(key);
-      if (state?.promise) return state.value ?? state.promise;
-
-      const { promise: newPromise, resolve } = Promise.withResolvers<V>();
-
-      if (!state) {
-        const newState = $state({});
-        state = newState;
-        this.map.set(key, newState);
-      }
-
-      (state.value
-        ? Promise.resolve(state.value)
-        : this.options.fetchFromIndexedDB(key).then((loadedInfo) => {
-            if (loadedInfo) {
-              state.value = loadedInfo;
-              resolve(state.value);
-            }
-            return loadedInfo;
-          })
-      )
-        .then((cachedInfo) => this.options.fetchFromServer(key, cachedInfo, masterKey))
-        .then((loadedInfo) => {
-          if (state.value) {
-            Object.assign(state.value, loadedInfo);
-          } else {
-            state.value = loadedInfo;
-          }
-          resolve(state.value);
-        })
-        .finally(() => {
-          state.promise = undefined;
-        });
-
-      state.promise = newPromise;
-      return state.value ?? newPromise;
-    });
-  }
-
-  bulkGet(keys: Set<K>, masterKey: CryptoKey) {
-    return untrack(() => {
-      const newPromises = new Map(
-        keys
-          .keys()
-          .filter((key) => this.map.get(key)?.promise === undefined)
-          .map((key) => [key, Promise.withResolvers<V>()]),
-      );
-      newPromises.forEach(({ promise }, key) => {
-        const state = this.map.get(key);
-        if (state) {
-          state.promise = promise;
-        } else {
-          const newState = $state({ promise });
-          this.map.set(key, newState);
-        }
-      });
-
-      const resolve = (loadedInfos: Map<K, V>) => {
-        loadedInfos.forEach((loadedInfo, key) => {
-          const state = this.map.get(key)!;
-          if (state.value) {
-            Object.assign(state.value, loadedInfo);
-          } else {
-            state.value = loadedInfo;
-          }
-          newPromises.get(key)!.resolve(state.value);
-        });
-        return loadedInfos;
-      };
-
-      this.options.bulkFetchFromIndexedDB!(
-        new Set(newPromises.keys().filter((key) => this.map.get(key)!.value === undefined)),
-      )
-        .then(resolve)
-        .then(() =>
-          this.options.bulkFetchFromServer!(
-            new Map(
-              newPromises.keys().map((key) => [key, { cachedValue: this.map.get(key)!.value }]),
-            ),
-            masterKey,
-          ),
-        )
-        .then(resolve)
-        .finally(() => {
-          newPromises.forEach((_, key) => {
-            this.map.get(key)!.promise = undefined;
-          });
-        });
-
-      const bottleneckPromises = Array.from(
-        keys
-          .keys()
-          .filter((key) => this.map.get(key)!.value === undefined)
-          .map((key) => this.map.get(key)!.promise!),
-      );
-      const makeResult = () =>
-        new Map(keys.keys().map((key) => [key, this.map.get(key)!.value!] as const));
-      return bottleneckPromises.length > 0
-        ? Promise.all(bottleneckPromises).then(makeResult)
-        : makeResult();
-    });
-  }
-}
-
-export const decryptDirectoryMetadata = async (
-  metadata: { dek: string; dekVersion: Date; name: string; nameIv: string },
-  masterKey: CryptoKey,
-) => {
-  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
-  const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
-
-  return {
-    dataKey: { key: dataKey, version: metadata.dekVersion },
-    name,
-  };
-};
-
-const decryptDate = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
-  return new Date(parseInt(await decryptString(ciphertext, iv, dataKey), 10));
-};
-
-export const decryptFileMetadata = async (
-  metadata: {
-    dek: string;
-    dekVersion: Date;
-    name: string;
-    nameIv: string;
-    createdAt?: string;
-    createdAtIv?: string;
-    lastModifiedAt: string;
-    lastModifiedAtIv: string;
-  },
-  masterKey: CryptoKey,
-) => {
-  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
-  const [name, createdAt, lastModifiedAt] = await Promise.all([
-    decryptString(metadata.name, metadata.nameIv, dataKey),
-    metadata.createdAt
-      ? decryptDate(metadata.createdAt, metadata.createdAtIv!, dataKey)
-      : undefined,
-    decryptDate(metadata.lastModifiedAt, metadata.lastModifiedAtIv, dataKey),
-  ]);
-
-  return {
-    dataKey: { key: dataKey, version: metadata.dekVersion },
-    name,
-    createdAt,
-    lastModifiedAt,
-  };
-};
-
-export const decryptCategoryMetadata = decryptDirectoryMetadata;
--- a/src/lib/modules/filesystem/types.ts
+++ b/src/lib/modules/filesystem/types.ts
@@ -1,77 +0,0 @@
-export type DataKey = { key: CryptoKey; version: Date };
-type AllUndefined<T> = { [K in keyof T]?: undefined };
-
-interface LocalDirectoryInfo {
-  id: number;
-  parentId: DirectoryId;
-  dataKey?: DataKey;
-  name: string;
-  subDirectories: SubDirectoryInfo[];
-  files: SummarizedFileInfo[];
-}
-
-interface RootDirectoryInfo {
-  id: "root";
-  parentId?: undefined;
-  dataKey?: undefined;
-  name?: undefined;
-  subDirectories: SubDirectoryInfo[];
-  files: SummarizedFileInfo[];
-}
-
-export type DirectoryInfo = LocalDirectoryInfo | RootDirectoryInfo;
-export type MaybeDirectoryInfo =
-  | (DirectoryInfo & { exists: true })
-  | ({ id: DirectoryId; exists: false } & AllUndefined<Omit<DirectoryInfo, "id">>);
-
-export type SubDirectoryInfo = Omit<LocalDirectoryInfo, "subDirectories" | "files">;
-
-export interface FileInfo {
-  id: number;
-  isLegacy?: boolean;
-  parentId: DirectoryId;
-  dataKey?: DataKey;
-  contentType: string;
-  name: string;
-  createdAt?: Date;
-  lastModifiedAt: Date;
-  categories: FileCategoryInfo[];
-}
-
-export type MaybeFileInfo =
-  | (FileInfo & { exists: true })
-  | ({ id: number; exists: false } & AllUndefined<Omit<FileInfo, "id">>);
-
-export type SummarizedFileInfo = Omit<FileInfo, "categories">;
-export type CategoryFileInfo = SummarizedFileInfo & { isRecursive: boolean };
-
-interface LocalCategoryInfo {
-  id: number;
-  parentId: DirectoryId;
-  dataKey?: DataKey;
-  name: string;
-  subCategories: SubCategoryInfo[];
-  files: CategoryFileInfo[];
-  isFileRecursive: boolean;
-}
-
-interface RootCategoryInfo {
-  id: "root";
-  parentId?: undefined;
-  dataKey?: undefined;
-  name?: undefined;
-  subCategories: SubCategoryInfo[];
-  files?: undefined;
-  isFileRecursive?: undefined;
-}
-
-export type CategoryInfo = LocalCategoryInfo | RootCategoryInfo;
-export type MaybeCategoryInfo =
-  | (CategoryInfo & { exists: true })
-  | ({ id: CategoryId; exists: false } & AllUndefined<Omit<CategoryInfo, "id">>);
-
-export type SubCategoryInfo = Omit<
-  LocalCategoryInfo,
-  "subCategories" | "files" | "isFileRecursive"
->;
-export type FileCategoryInfo = Omit<SubCategoryInfo, "dataKey">;
--- a/src/lib/modules/key.ts
+++ b/src/lib/modules/key.ts
@@ -5,14 +5,14 @@ import type { ClientKeys } from "$lib/stores";
 const serializedClientKeysSchema = z.intersection(
  z.object({
    generator: z.literal("ArkVault"),
-    exportedAt: z.iso.datetime(),
+    exportedAt: z.string().datetime(),
  }),
  z.object({
    version: z.literal(1),
-    encryptKey: z.base64().nonempty(),
-    decryptKey: z.base64().nonempty(),
-    signKey: z.base64().nonempty(),
-    verifyKey: z.base64().nonempty(),
+    encryptKey: z.string().base64().nonempty(),
+    decryptKey: z.string().base64().nonempty(),
+    signKey: z.string().base64().nonempty(),
+    verifyKey: z.string().base64().nonempty(),
  }),
 );

--- a/src/lib/modules/scheduler.ts
+++ b/src/lib/modules/scheduler.ts
@@ -1,48 +0,0 @@
-export class Scheduler<T = void> {
-  private isEstimating = false;
-  private memoryUsage = 0;
-  private queue: (() => void)[] = [];
-
-  constructor(public readonly memoryLimit = 100 * 1024 * 1024 /* 100 MiB */) {}
-
-  private next() {
-    if (!this.isEstimating && this.memoryUsage < this.memoryLimit) {
-      const resolve = this.queue.shift();
-      if (resolve) {
-        this.isEstimating = true;
-        resolve();
-      }
-    }
-  }
-
-  async schedule(
-    estimateMemoryUsage: number | (() => number | Promise<number>),
-    task: () => Promise<T>,
-  ) {
-    if (this.isEstimating || this.memoryUsage >= this.memoryLimit) {
-      await new Promise<void>((resolve) => {
-        this.queue.push(resolve);
-      });
-    } else {
-      this.isEstimating = true;
-    }
-
-    let taskMemoryUsage = 0;
-
-    try {
-      taskMemoryUsage =
-        typeof estimateMemoryUsage === "number" ? estimateMemoryUsage : await estimateMemoryUsage();
-      this.memoryUsage += taskMemoryUsage;
-    } finally {
-      this.isEstimating = false;
-      this.next();
-    }
-
-    try {
-      return await task();
-    } finally {
-      this.memoryUsage -= taskMemoryUsage;
-      this.next();
-    }
-  }
-}
--- a/src/lib/modules/thumbnail.ts
+++ b/src/lib/modules/thumbnail.ts
@@ -32,7 +32,7 @@ const capture = (

    drawer(context, scaledWidth, scaledHeight);
    canvas.toBlob((blob) => {
-      if (blob && blob.type === "image/webp") {
+      if (blob) {
        resolve(blob);
      } else {
        reject(new Error("Failed to generate thumbnail"));
@@ -67,15 +67,10 @@ const generateVideoThumbnail = (videoUrl: string, time = 0) => {
  return new Promise<Blob>((resolve, reject) => {
    const video = document.createElement("video");
    video.onloadedmetadata = () => {
-      if (video.videoWidth === 0 || video.videoHeight === 0) {
-        return reject();
-      }
-
-      const callbackId = video.requestVideoFrameCallback(() => {
-        captureVideoThumbnail(video).then(resolve).catch(reject);
-        video.cancelVideoFrameCallback(callbackId);
-      });
      video.currentTime = Math.min(time, video.duration);
+      video.requestVideoFrameCallback(() => {
+        captureVideoThumbnail(video).then(resolve).catch(reject);
+      });
    };
    video.onerror = reject;

@@ -88,26 +83,18 @@ const generateVideoThumbnail = (videoUrl: string, time = 0) => {
 export const generateThumbnail = async (fileBuffer: ArrayBuffer, fileType: string) => {
  let url;
  try {
-    if (fileType.startsWith("image/")) {
-      const fileBlob = new Blob([fileBuffer], { type: fileType });
-      url = URL.createObjectURL(fileBlob);
-
-      try {
-        return await generateImageThumbnail(url);
-      } catch {
-        URL.revokeObjectURL(url);
-        url = undefined;
-
-        if (fileType === "image/heic") {
-          const { default: heic2any } = await import("heic2any");
-          url = URL.createObjectURL(
-            (await heic2any({ blob: fileBlob, toType: "image/png" })) as Blob,
-          );
-          return await generateImageThumbnail(url);
-        } else {
-          return null;
-        }
-      }
+    if (fileType === "image/heic") {
+      const { default: heic2any } = await import("heic2any");
+      url = URL.createObjectURL(
+        (await heic2any({
+          blob: new Blob([fileBuffer], { type: fileType }),
+          toType: "image/png",
+        })) as Blob,
+      );
+      return await generateImageThumbnail(url);
+    } else if (fileType.startsWith("image/")) {
+      url = URL.createObjectURL(new Blob([fileBuffer], { type: fileType }));
+      return await generateImageThumbnail(url);
    } else if (fileType.startsWith("video/")) {
      url = URL.createObjectURL(new Blob([fileBuffer], { type: fileType }));
      return await generateVideoThumbnail(url);
--- a/src/lib/modules/util.ts
+++ b/src/lib/modules/util.ts
@@ -7,13 +7,6 @@ export const formatDate = (date: Date) => {
  return `${year}. ${month}. ${day}.`;
 };

-export const formatDateSortable = (date: Date) => {
-  const year = date.getFullYear();
-  const month = pad2(date.getMonth() + 1);
-  const day = pad2(date.getDate());
-  return `${year}${month}${day}`;
-};
-
 export const formatDateTime = (date: Date) => {
  const dateFormatted = formatDate(date);
  const hours = date.getHours();
@@ -39,3 +32,32 @@ export const truncateString = (str: string, maxLength = 20) => {
  if (str.length <= maxLength) return str;
  return `${str.slice(0, maxLength)}...`;
 };
+
+export enum SortBy {
+  NAME_ASC,
+  NAME_DESC,
+}
+
+type SortFunc = (a?: string, b?: string) => number;
+
+const collator = new Intl.Collator(undefined, { numeric: true, sensitivity: "base" });
+
+const sortByNameAsc: SortFunc = (a, b) => {
+  if (a && b) return collator.compare(a, b);
+  if (a) return -1;
+  if (b) return 1;
+  return 0;
+};
+
+const sortByNameDesc: SortFunc = (a, b) => -sortByNameAsc(a, b);
+
+export const sortEntries = <T extends { name?: string }>(entries: T[], sortBy: SortBy) => {
+  let sortFunc: SortFunc;
+  if (sortBy === SortBy.NAME_ASC) {
+    sortFunc = sortByNameAsc;
+  } else {
+    sortFunc = sortByNameDesc;
+  }
+
+  entries.sort((a, b) => sortFunc(a.name, b.name));
+};
--- a/src/lib/server/db/category.ts
+++ b/src/lib/server/db/category.ts
@@ -2,6 +2,8 @@ import { IntegrityError } from "./error";
 import db from "./kysely";
 import type { Ciphertext } from "./schema";

+export type CategoryId = "root" | number;
+
 interface Category {
  id: number;
  parentId: CategoryId;
--- a/src/lib/server/db/client.ts
+++ b/src/lib/server/db/client.ts
@@ -98,6 +98,22 @@ export const createUserClient = async (userId: number, clientId: number) => {
  }
 };

+export const getAllUserClients = async (userId: number) => {
+  const userClients = await db
+    .selectFrom("user_client")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .execute();
+  return userClients.map(
+    ({ user_id, client_id, state }) =>
+      ({
+        userId: user_id,
+        clientId: client_id,
+        state,
+      }) satisfies UserClient,
+  );
+};
+
 export const getUserClient = async (userId: number, clientId: number) => {
  const userClient = await db
    .selectFrom("user_client")
--- a/src/lib/server/db/file.ts
+++ b/src/lib/server/db/file.ts
@@ -1,10 +1,11 @@
-import { sql } from "kysely";
-import { jsonArrayFrom } from "kysely/helpers/postgres";
+import { sql, type NotNull } from "kysely";
 import pg from "pg";
 import { IntegrityError } from "./error";
 import db from "./kysely";
 import type { Ciphertext } from "./schema";

+export type DirectoryId = "root" | number;
+
 interface Directory {
  id: number;
  parentId: DirectoryId;
@@ -15,6 +16,8 @@ interface Directory {
  encName: Ciphertext;
 }

+export type NewDirectory = Omit<Directory, "id">;
+
 interface File {
  id: number;
  parentId: DirectoryId;
@@ -26,23 +29,16 @@ interface File {
  hskVersion: number | null;
  contentHmac: string | null;
  contentType: string;
-  encContentIv: string | null;
+  encContentIv: string;
  encContentHash: string;
  encName: Ciphertext;
  encCreatedAt: Ciphertext | null;
  encLastModifiedAt: Ciphertext;
 }

-interface FileCategory {
-  id: number;
-  parentId: CategoryId;
-  mekVersion: number;
-  encDek: string;
-  dekVersion: Date;
-  encName: Ciphertext;
-}
+export type NewFile = Omit<File, "id">;

-export const registerDirectory = async (params: Omit<Directory, "id">) => {
+export const registerDirectory = async (params: NewDirectory) => {
  await db.transaction().execute(async (trx) => {
    const mek = await trx
      .selectFrom("master_encryption_key")
@@ -210,41 +206,69 @@ export const unregisterDirectory = async (userId: number, directoryId: number) =
    });
 };

-export const registerFile = async (trx: typeof db, params: Omit<File, "id">) => {
+export const registerFile = async (params: NewFile) => {
  if ((params.hskVersion && !params.contentHmac) || (!params.hskVersion && params.contentHmac)) {
    throw new Error("Invalid arguments");
  }

-  const { fileId } = await trx
-    .insertInto("file")
-    .values({
-      parent_id: params.parentId !== "root" ? params.parentId : null,
-      user_id: params.userId,
-      path: params.path,
-      master_encryption_key_version: params.mekVersion,
-      encrypted_data_encryption_key: params.encDek,
-      data_encryption_key_version: params.dekVersion,
-      hmac_secret_key_version: params.hskVersion,
-      content_hmac: params.contentHmac,
-      content_type: params.contentType,
-      encrypted_content_iv: params.encContentIv,
-      encrypted_content_hash: params.encContentHash,
-      encrypted_name: params.encName,
-      encrypted_created_at: params.encCreatedAt,
-      encrypted_last_modified_at: params.encLastModifiedAt,
-    })
-    .returning("id as fileId")
-    .executeTakeFirstOrThrow();
-  await trx
-    .insertInto("file_log")
-    .values({
-      file_id: fileId,
-      timestamp: new Date(),
-      action: "create",
-      new_name: params.encName,
-    })
-    .execute();
-  return { id: fileId };
+  return await db.transaction().execute(async (trx) => {
+    const mek = await trx
+      .selectFrom("master_encryption_key")
+      .select("version")
+      .where("user_id", "=", params.userId)
+      .where("state", "=", "active")
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (mek?.version !== params.mekVersion) {
+      throw new IntegrityError("Inactive MEK version");
+    }
+
+    if (params.hskVersion) {
+      const hsk = await trx
+        .selectFrom("hmac_secret_key")
+        .select("version")
+        .where("user_id", "=", params.userId)
+        .where("state", "=", "active")
+        .limit(1)
+        .forUpdate()
+        .executeTakeFirst();
+      if (hsk?.version !== params.hskVersion) {
+        throw new IntegrityError("Inactive HSK version");
+      }
+    }
+
+    const { fileId } = await trx
+      .insertInto("file")
+      .values({
+        parent_id: params.parentId !== "root" ? params.parentId : null,
+        user_id: params.userId,
+        path: params.path,
+        master_encryption_key_version: params.mekVersion,
+        encrypted_data_encryption_key: params.encDek,
+        data_encryption_key_version: params.dekVersion,
+        hmac_secret_key_version: params.hskVersion,
+        content_hmac: params.contentHmac,
+        content_type: params.contentType,
+        encrypted_content_iv: params.encContentIv,
+        encrypted_content_hash: params.encContentHash,
+        encrypted_name: params.encName,
+        encrypted_created_at: params.encCreatedAt,
+        encrypted_last_modified_at: params.encLastModifiedAt,
+      })
+      .returning("id as fileId")
+      .executeTakeFirstOrThrow();
+    await trx
+      .insertInto("file_log")
+      .values({
+        file_id: fileId,
+        timestamp: new Date(),
+        action: "create",
+        new_name: params.encName,
+      })
+      .execute();
+    return { id: fileId };
+  });
 };

 export const getAllFilesByParent = async (userId: number, parentId: DirectoryId) => {
@@ -282,51 +306,39 @@ export const getAllFilesByCategory = async (
  recurse: boolean,
 ) => {
  const files = await db
-    .withRecursive("category_tree", (db) =>
+    .withRecursive("cte", (db) =>
      db
        .selectFrom("category")
-        .select(["id", sql<number>`0`.as("depth")])
+        .leftJoin("file_category", "category.id", "file_category.category_id")
+        .select(["id", "parent_id", "user_id", "file_category.file_id"])
+        .select(sql<number>`0`.as("depth"))
        .where("id", "=", categoryId)
-        .where("user_id", "=", userId)
        .$if(recurse, (qb) =>
          qb.unionAll((db) =>
            db
              .selectFrom("category")
-              .innerJoin("category_tree", "category.parent_id", "category_tree.id")
-              .select(["category.id", sql<number>`depth + 1`.as("depth")]),
+              .leftJoin("file_category", "category.id", "file_category.category_id")
+              .innerJoin("cte", "category.parent_id", "cte.id")
+              .select([
+                "category.id",
+                "category.parent_id",
+                "category.user_id",
+                "file_category.file_id",
+              ])
+              .select(sql<number>`cte.depth + 1`.as("depth")),
          ),
        ),
    )
-    .selectFrom("category_tree")
-    .innerJoin("file_category", "category_tree.id", "file_category.category_id")
-    .innerJoin("file", "file_category.file_id", "file.id")
+    .selectFrom("cte")
    .select(["file_id", "depth"])
-    .selectAll("file")
    .distinctOn("file_id")
+    .where("user_id", "=", userId)
+    .where("file_id", "is not", null)
+    .$narrowType<{ file_id: NotNull }>()
    .orderBy("file_id")
    .orderBy("depth")
    .execute();
-  return files.map(
-    (file) =>
-      ({
-        id: file.file_id,
-        parentId: file.parent_id ?? "root",
-        userId: file.user_id,
-        path: file.path,
-        mekVersion: file.master_encryption_key_version,
-        encDek: file.encrypted_data_encryption_key,
-        dekVersion: file.data_encryption_key_version,
-        hskVersion: file.hmac_secret_key_version,
-        contentHmac: file.content_hmac,
-        contentType: file.content_type,
-        encContentIv: file.encrypted_content_iv,
-        encContentHash: file.encrypted_content_hash,
-        encName: file.encrypted_name,
-        encCreatedAt: file.encrypted_created_at,
-        encLastModifiedAt: file.encrypted_last_modified_at,
-        isRecursive: file.depth > 0,
-      }) satisfies File & { isRecursive: boolean },
-  );
+  return files.map(({ file_id, depth }) => ({ id: file_id, isRecursive: depth > 0 }));
 };

 export const getAllFileIds = async (userId: number) => {
@@ -378,52 +390,6 @@ export const getFile = async (userId: number, fileId: number) => {
    : null;
 };

-export const getFilesWithCategories = async (userId: number, fileIds: number[]) => {
-  const files = await db
-    .selectFrom("file")
-    .selectAll()
-    .select((eb) =>
-      jsonArrayFrom(
-        eb
-          .selectFrom("file_category")
-          .innerJoin("category", "file_category.category_id", "category.id")
-          .where("file_category.file_id", "=", eb.ref("file.id"))
-          .selectAll("category"),
-      ).as("categories"),
-    )
-    .where("id", "=", (eb) => eb.fn.any(eb.val(fileIds)))
-    .where("user_id", "=", userId)
-    .execute();
-  return files.map(
-    (file) =>
-      ({
-        id: file.id,
-        parentId: file.parent_id ?? "root",
-        userId: file.user_id,
-        path: file.path,
-        mekVersion: file.master_encryption_key_version,
-        encDek: file.encrypted_data_encryption_key,
-        dekVersion: file.data_encryption_key_version,
-        hskVersion: file.hmac_secret_key_version,
-        contentHmac: file.content_hmac,
-        contentType: file.content_type,
-        encContentIv: file.encrypted_content_iv,
-        encContentHash: file.encrypted_content_hash,
-        encName: file.encrypted_name,
-        encCreatedAt: file.encrypted_created_at,
-        encLastModifiedAt: file.encrypted_last_modified_at,
-        categories: file.categories.map((category) => ({
-          id: category.id,
-          parentId: category.parent_id ?? "root",
-          mekVersion: category.master_encryption_key_version,
-          encDek: category.encrypted_data_encryption_key,
-          dekVersion: new Date(category.data_encryption_key_version),
-          encName: category.encrypted_name,
-        })),
-      }) satisfies File & { categories: FileCategory[] },
-  );
-};
-
 export const setFileEncName = async (
  userId: number,
  fileId: number,
@@ -510,21 +476,10 @@ export const addFileToCategory = async (fileId: number, categoryId: number) => {
 export const getAllFileCategories = async (fileId: number) => {
  const categories = await db
    .selectFrom("file_category")
-    .innerJoin("category", "file_category.category_id", "category.id")
-    .selectAll("category")
+    .select("category_id")
    .where("file_id", "=", fileId)
    .execute();
-  return categories.map(
-    (category) =>
-      ({
-        id: category.id,
-        parentId: category.parent_id ?? "root",
-        mekVersion: category.master_encryption_key_version,
-        encDek: category.encrypted_data_encryption_key,
-        dekVersion: category.data_encryption_key_version,
-        encName: category.encrypted_name,
-      }) satisfies FileCategory,
-  );
+  return categories.map(({ category_id }) => ({ id: category_id }));
 };

 export const removeFileFromCategory = async (fileId: number, categoryId: number) => {
--- a/src/lib/server/db/index.ts
+++ b/src/lib/server/db/index.ts
@@ -1,11 +0,0 @@
-export * as CategoryRepo from "./category";
-export * as ClientRepo from "./client";
-export * as FileRepo from "./file";
-export * as HskRepo from "./hsk";
-export * as MediaRepo from "./media";
-export * as MekRepo from "./mek";
-export * as SessionRepo from "./session";
-export * as UploadRepo from "./upload";
-export * as UserRepo from "./user";
-
-export * from "./error";
--- a/src/lib/server/db/mek.ts
+++ b/src/lib/server/db/mek.ts
@@ -60,6 +60,19 @@ export const registerInitialMek = async (
  });
 };

+export const getInitialMek = async (userId: number) => {
+  const mek = await db
+    .selectFrom("master_encryption_key")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .where("version", "=", 1)
+    .limit(1)
+    .executeTakeFirst();
+  return mek
+    ? ({ userId: mek.user_id, version: mek.version, state: mek.state } satisfies Mek)
+    : null;
+};
+
 export const getAllValidClientMeks = async (userId: number, clientId: number) => {
  const clientMeks = await db
    .selectFrom("client_master_encryption_key")
--- a/src/lib/server/db/migrations/1768062380-AddChunkedUpload.ts
+++ b/src/lib/server/db/migrations/1768062380-AddChunkedUpload.ts
@@ -1,50 +0,0 @@
-import { Kysely, sql } from "kysely";
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export const up = async (db: Kysely<any>) => {
-  // file.ts
-  await db.schema
-    .alterTable("file")
-    .alterColumn("encrypted_content_iv", (col) => col.dropNotNull())
-    .execute();
-
-  // upload.ts
-  await db.schema
-    .createTable("upload_session")
-    .addColumn("id", "uuid", (col) => col.primaryKey().defaultTo(sql`gen_random_uuid()`))
-    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
-    .addColumn("total_chunks", "integer", (col) => col.notNull())
-    .addColumn("uploaded_chunks", sql`integer[]`, (col) => col.notNull().defaultTo(sql`'{}'`))
-    .addColumn("expires_at", "timestamp(3)", (col) => col.notNull())
-    .addColumn("parent_id", "integer", (col) => col.references("directory.id"))
-    .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
-    .addColumn("encrypted_data_encryption_key", "text", (col) => col.notNull())
-    .addColumn("data_encryption_key_version", "timestamp(3)", (col) => col.notNull())
-    .addColumn("hmac_secret_key_version", "integer")
-    .addColumn("content_type", "text", (col) => col.notNull())
-    .addColumn("encrypted_name", "json", (col) => col.notNull())
-    .addColumn("encrypted_created_at", "json")
-    .addColumn("encrypted_last_modified_at", "json", (col) => col.notNull())
-    .addForeignKeyConstraint(
-      "upload_session_fk01",
-      ["user_id", "master_encryption_key_version"],
-      "master_encryption_key",
-      ["user_id", "version"],
-    )
-    .addForeignKeyConstraint(
-      "upload_session_fk02",
-      ["user_id", "hmac_secret_key_version"],
-      "hmac_secret_key",
-      ["user_id", "version"],
-    )
-    .execute();
-};
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export const down = async (db: Kysely<any>) => {
-  await db.schema.dropTable("upload_session").execute();
-  await db.schema
-    .alterTable("file")
-    .alterColumn("encrypted_content_iv", (col) => col.setNotNull())
-    .execute();
-};
--- a/src/lib/server/db/migrations/index.ts
+++ b/src/lib/server/db/migrations/index.ts
@@ -1,11 +1,9 @@
 import * as Initial1737357000 from "./1737357000-Initial";
 import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory";
 import * as AddThumbnail1738409340 from "./1738409340-AddThumbnail";
-import * as AddChunkedUpload1768062380 from "./1768062380-AddChunkedUpload";

 export default {
  "1737357000-Initial": Initial1737357000,
  "1737422340-AddFileCategory": AddFileCategory1737422340,
  "1738409340-AddThumbnail": AddThumbnail1738409340,
-  "1768062380-AddChunkedUpload": AddChunkedUpload1768062380,
 };
--- a/src/lib/server/db/schema/file.ts
+++ b/src/lib/server/db/schema/file.ts
@@ -30,7 +30,7 @@ interface FileTable {
  hmac_secret_key_version: number | null;
  content_hmac: string | null; // Base64
  content_type: string;
-  encrypted_content_iv: string | null; // Base64
+  encrypted_content_iv: string; // Base64
  encrypted_content_hash: string; // Base64
  encrypted_name: Ciphertext;
  encrypted_created_at: Ciphertext | null;
--- a/src/lib/server/db/schema/index.ts
+++ b/src/lib/server/db/schema/index.ts
@@ -5,7 +5,6 @@ export * from "./hsk";
 export * from "./media";
 export * from "./mek";
 export * from "./session";
-export * from "./upload";
 export * from "./user";
 export * from "./util";

--- a/src/lib/server/db/schema/upload.ts
+++ b/src/lib/server/db/schema/upload.ts
@@ -1,26 +0,0 @@
-import type { Generated } from "kysely";
-import type { Ciphertext } from "./util";
-
-interface UploadSessionTable {
-  id: Generated<string>;
-  user_id: number;
-  total_chunks: number;
-  uploaded_chunks: Generated<number[]>;
-  expires_at: Date;
-
-  parent_id: number | null;
-  master_encryption_key_version: number;
-  encrypted_data_encryption_key: string; // Base64
-  data_encryption_key_version: Date;
-  hmac_secret_key_version: number | null;
-  content_type: string;
-  encrypted_name: Ciphertext;
-  encrypted_created_at: Ciphertext | null;
-  encrypted_last_modified_at: Ciphertext;
-}
-
-declare module "./index" {
-  interface Database {
-    upload_session: UploadSessionTable;
-  }
-}
--- a/src/lib/server/db/upload.ts
+++ b/src/lib/server/db/upload.ts
@@ -1,122 +0,0 @@
-import { sql } from "kysely";
-import { IntegrityError } from "./error";
-import db from "./kysely";
-import type { Ciphertext } from "./schema";
-
-interface UploadSession {
-  id: string;
-  userId: number;
-  totalChunks: number;
-  uploadedChunks: number[];
-  expiresAt: Date;
-
-  parentId: DirectoryId;
-  mekVersion: number;
-  encDek: string;
-  dekVersion: Date;
-  hskVersion: number | null;
-  contentType: string;
-  encName: Ciphertext;
-  encCreatedAt: Ciphertext | null;
-  encLastModifiedAt: Ciphertext;
-}
-
-export const createUploadSession = async (params: Omit<UploadSession, "id" | "uploadedChunks">) => {
-  return await db.transaction().execute(async (trx) => {
-    const mek = await trx
-      .selectFrom("master_encryption_key")
-      .select("version")
-      .where("user_id", "=", params.userId)
-      .where("state", "=", "active")
-      .limit(1)
-      .forUpdate()
-      .executeTakeFirst();
-    if (mek?.version !== params.mekVersion) {
-      throw new IntegrityError("Inactive MEK version");
-    }
-
-    if (params.hskVersion) {
-      const hsk = await trx
-        .selectFrom("hmac_secret_key")
-        .select("version")
-        .where("user_id", "=", params.userId)
-        .where("state", "=", "active")
-        .limit(1)
-        .forUpdate()
-        .executeTakeFirst();
-      if (hsk?.version !== params.hskVersion) {
-        throw new IntegrityError("Inactive HSK version");
-      }
-    }
-
-    const { sessionId } = await trx
-      .insertInto("upload_session")
-      .values({
-        user_id: params.userId,
-        total_chunks: params.totalChunks,
-        expires_at: params.expiresAt,
-        parent_id: params.parentId !== "root" ? params.parentId : null,
-        master_encryption_key_version: params.mekVersion,
-        encrypted_data_encryption_key: params.encDek,
-        data_encryption_key_version: params.dekVersion,
-        hmac_secret_key_version: params.hskVersion,
-        content_type: params.contentType,
-        encrypted_name: params.encName,
-        encrypted_created_at: params.encCreatedAt,
-        encrypted_last_modified_at: params.encLastModifiedAt,
-      })
-      .returning("id as sessionId")
-      .executeTakeFirstOrThrow();
-    return { id: sessionId };
-  });
-};
-
-export const getUploadSession = async (sessionId: string, userId: number) => {
-  const session = await db
-    .selectFrom("upload_session")
-    .selectAll()
-    .where("id", "=", sessionId)
-    .where("user_id", "=", userId)
-    .where("expires_at", ">", new Date())
-    .limit(1)
-    .executeTakeFirst();
-  return session
-    ? ({
-        id: session.id,
-        userId: session.user_id,
-        totalChunks: session.total_chunks,
-        uploadedChunks: session.uploaded_chunks,
-        expiresAt: session.expires_at,
-        parentId: session.parent_id ?? "root",
-        mekVersion: session.master_encryption_key_version,
-        encDek: session.encrypted_data_encryption_key,
-        dekVersion: session.data_encryption_key_version,
-        hskVersion: session.hmac_secret_key_version,
-        contentType: session.content_type,
-        encName: session.encrypted_name,
-        encCreatedAt: session.encrypted_created_at,
-        encLastModifiedAt: session.encrypted_last_modified_at,
-      } satisfies UploadSession)
-    : null;
-};
-
-export const markChunkAsUploaded = async (sessionId: string, chunkIndex: number) => {
-  await db
-    .updateTable("upload_session")
-    .set({ uploaded_chunks: sql`array_append(uploaded_chunks, ${chunkIndex})` })
-    .where("id", "=", sessionId)
-    .execute();
-};
-
-export const deleteUploadSession = async (trx: typeof db, sessionId: string) => {
-  await trx.deleteFrom("upload_session").where("id", "=", sessionId).execute();
-};
-
-export const cleanupExpiredUploadSessions = async () => {
-  const sessions = await db
-    .deleteFrom("upload_session")
-    .where("expires_at", "<", new Date())
-    .returning("id")
-    .execute();
-  return sessions.map(({ id }) => id);
-};
--- a/src/lib/server/db/user.ts
+++ b/src/lib/server/db/user.ts
@@ -27,6 +27,10 @@ export const getUserByEmail = async (email: string) => {
  return user ? (user satisfies User) : null;
 };

+export const setUserNickname = async (userId: number, nickname: string) => {
+  await db.updateTable("user").set({ nickname }).where("id", "=", userId).execute();
+};
+
 export const setUserPassword = async (userId: number, password: string) => {
  await db.updateTable("user").set({ password }).where("id", "=", userId).execute();
 };
--- a/src/lib/server/loadenv.ts
+++ b/src/lib/server/loadenv.ts
@@ -26,5 +26,4 @@ export default {
  },
  libraryPath: env.LIBRARY_PATH || "library",
  thumbnailsPath: env.THUMBNAILS_PATH || "thumbnails",
-  uploadsPath: env.UPLOADS_PATH || "uploads",
 };
--- a/src/lib/server/middlewares/authenticate.ts
+++ b/src/lib/server/middlewares/authenticate.ts
@@ -1,7 +1,13 @@
 import { error, redirect, type Handle } from "@sveltejs/kit";
-import { cookieOptions, authenticate, AuthenticationError } from "$lib/server/modules/auth";
+import env from "$lib/server/loadenv";
+import { authenticate, AuthenticationError } from "$lib/server/modules/auth";

 export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
+  const { pathname, search } = event.url;
+  if (pathname === "/api/auth/login") {
+    return await resolve(event);
+  }
+
  try {
    const sessionIdSigned = event.cookies.get("sessionId");
    if (!sessionIdSigned) {
@@ -10,11 +16,15 @@ export const authenticateMiddleware: Handle = async ({ event, resolve }) => {

    const { ip, userAgent } = event.locals;
    event.locals.session = await authenticate(sessionIdSigned, ip, userAgent);
-    event.cookies.set("sessionId", sessionIdSigned, cookieOptions);
+    event.cookies.set("sessionId", sessionIdSigned, {
+      path: "/",
+      maxAge: env.session.exp / 1000,
+      secure: true,
+      sameSite: "strict",
+    });
  } catch (e) {
    if (e instanceof AuthenticationError) {
-      const { pathname, search } = event.url;
-      if (pathname === "/auth/login" || pathname.startsWith("/api/trpc")) {
+      if (pathname === "/auth/login") {
        return await resolve(event);
      } else if (pathname.startsWith("/api")) {
        error(e.status, e.message);
--- a/src/lib/server/modules/auth.ts
+++ b/src/lib/server/modules/auth.ts
@@ -1,25 +1,20 @@
 import { error } from "@sveltejs/kit";
-import { ClientRepo, SessionRepo, IntegrityError } from "$lib/server/db";
+import { getUserClient } from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import { createSession, refreshSession } from "$lib/server/db/session";
 import env from "$lib/server/loadenv";
-import { verifySessionId } from "$lib/server/modules/crypto";
+import { issueSessionId, verifySessionId } from "$lib/server/modules/crypto";

-export interface Session {
+interface Session {
  sessionId: string;
  userId: number;
  clientId?: number;
 }

-export interface ClientSession extends Session {
+interface ClientSession extends Session {
  clientId: number;
 }

-export type SessionPermission =
-  | "any"
-  | "notClient"
-  | "anyClient"
-  | "pendingClient"
-  | "activeClient";
-
 export class AuthenticationError extends Error {
  constructor(
    public status: 400 | 401,
@@ -30,22 +25,11 @@ export class AuthenticationError extends Error {
  }
 }

-export class AuthorizationError extends Error {
-  constructor(
-    public status: 403 | 500,
-    message: string,
-  ) {
-    super(message);
-    this.name = "AuthorizationError";
-  }
-}
-
-export const cookieOptions = {
-  path: "/",
-  maxAge: env.session.exp / 1000,
-  secure: true,
-  sameSite: "strict",
-} as const;
+export const startSession = async (userId: number, ip: string, userAgent: string) => {
+  const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
+  await createSession(userId, sessionId, ip, userAgent);
+  return sessionIdSigned;
+};

 export const authenticate = async (sessionIdSigned: string, ip: string, userAgent: string) => {
  const sessionId = verifySessionId(sessionIdSigned, env.session.secret);
@@ -54,7 +38,7 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
  }

  try {
-    const { userId, clientId } = await SessionRepo.refreshSession(sessionId, ip, userAgent);
+    const { userId, clientId } = await refreshSession(sessionId, ip, userAgent);
    return {
      id: sessionId,
      userId,
@@ -68,12 +52,34 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
  }
 };

-export const authorizeInternal = async (
+export async function authorize(locals: App.Locals, requiredPermission: "any"): Promise<Session>;
+
+export async function authorize(
  locals: App.Locals,
-  requiredPermission: SessionPermission,
-): Promise<Session> => {
+  requiredPermission: "notClient",
+): Promise<Session>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "anyClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "pendingClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "activeClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "any" | "notClient" | "anyClient" | "pendingClient" | "activeClient",
+): Promise<Session> {
  if (!locals.session) {
-    throw new AuthorizationError(500, "Unauthenticated");
+    error(500, "Unauthenticated");
  }

  const { id: sessionId, userId, clientId } = locals.session;
@@ -83,63 +89,39 @@ export const authorizeInternal = async (
      break;
    case "notClient":
      if (clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
      }
      break;
    case "anyClient":
      if (!clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
      }
      break;
    case "pendingClient": {
      if (!clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
      }
-      const userClient = await ClientRepo.getUserClient(userId, clientId);
+      const userClient = await getUserClient(userId, clientId);
      if (!userClient) {
-        throw new AuthorizationError(500, "Invalid session id");
+        error(500, "Invalid session id");
      } else if (userClient.state !== "pending") {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
      }
      break;
    }
    case "activeClient": {
      if (!clientId) {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
      }
-      const userClient = await ClientRepo.getUserClient(userId, clientId);
+      const userClient = await getUserClient(userId, clientId);
      if (!userClient) {
-        throw new AuthorizationError(500, "Invalid session id");
+        error(500, "Invalid session id");
      } else if (userClient.state !== "active") {
-        throw new AuthorizationError(403, "Forbidden");
+        error(403, "Forbidden");
      }
      break;
    }
  }

  return { sessionId, userId, clientId };
-};
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "any" | "notClient",
-): Promise<Session>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "anyClient" | "pendingClient" | "activeClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: SessionPermission,
-): Promise<Session> {
-  try {
-    return await authorizeInternal(locals, requiredPermission);
-  } catch (e) {
-    if (e instanceof AuthorizationError) {
-      error(e.status, e.message);
-    }
-    throw e;
-  }
 }
--- a/src/lib/server/modules/filesystem.ts
+++ b/src/lib/server/modules/filesystem.ts
@@ -1,10 +0,0 @@
-import { unlink } from "fs/promises";
-import env from "$lib/server/loadenv";
-
-export const getChunkDirectoryPath = (sessionId: string) => `${env.uploadsPath}/${sessionId}`;
-
-export const safeUnlink = async (path: string | null | undefined) => {
-  if (path) {
-    await unlink(path).catch(console.error);
-  }
-};
--- a/src/lib/server/modules/http.ts
+++ b/src/lib/server/modules/http.ts
@@ -1,14 +0,0 @@
-export const parseRangeHeader = (rangeHeader: string | null) => {
-  if (!rangeHeader) return undefined;
-
-  const firstRange = rangeHeader.split(",")[0]!.trim();
-  const parts = firstRange.replace(/bytes=/, "").split("-");
-  return {
-    start: parts[0] ? parseInt(parts[0], 10) : undefined,
-    end: parts[1] ? parseInt(parts[1], 10) : undefined,
-  };
-};
-
-export const getContentRangeHeader = (range?: { start: number; end: number; total: number }) => {
-  return range && { "Content-Range": `bytes ${range.start}-${range.end}/${range.total}` };
-};
--- a/src/lib/server/modules/mek.ts
+++ b/src/lib/server/modules/mek.ts
@@ -0,0 +1,25 @@
+import { error } from "@sveltejs/kit";
+import { getUserClientWithDetails } from "$lib/server/db/client";
+import { getInitialMek } from "$lib/server/db/mek";
+import { verifySignature } from "$lib/server/modules/crypto";
+
+export const isInitialMekNeeded = async (userId: number) => {
+  const initialMek = await getInitialMek(userId);
+  return !initialMek;
+};
+
+export const verifyClientEncMekSig = async (
+  userId: number,
+  clientId: number,
+  version: number,
+  encMek: string,
+  encMekSig: string,
+) => {
+  const userClient = await getUserClientWithDetails(userId, clientId);
+  if (!userClient) {
+    error(500, "Invalid session id");
+  }
+
+  const data = JSON.stringify({ version, key: encMek });
+  return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey);
+};
--- a/src/lib/server/schemas/auth.ts
+++ b/src/lib/server/schemas/auth.ts
@@ -0,0 +1,32 @@
+import { z } from "zod";
+
+export const passwordChangeRequest = z.object({
+  oldPassword: z.string().trim().nonempty(),
+  newPassword: z.string().trim().nonempty(),
+});
+export type PasswordChangeRequest = z.input<typeof passwordChangeRequest>;
+
+export const loginRequest = z.object({
+  email: z.string().email(),
+  password: z.string().trim().nonempty(),
+});
+export type LoginRequest = z.input<typeof loginRequest>;
+
+export const sessionUpgradeRequest = z.object({
+  encPubKey: z.string().base64().nonempty(),
+  sigPubKey: z.string().base64().nonempty(),
+});
+export type SessionUpgradeRequest = z.input<typeof sessionUpgradeRequest>;
+
+export const sessionUpgradeResponse = z.object({
+  id: z.number().int().positive(),
+  challenge: z.string().base64().nonempty(),
+});
+export type SessionUpgradeResponse = z.output<typeof sessionUpgradeResponse>;
+
+export const sessionUpgradeVerifyRequest = z.object({
+  id: z.number().int().positive(),
+  answerSig: z.string().base64().nonempty(),
+  force: z.boolean().default(false),
+});
+export type SessionUpgradeVerifyRequest = z.input<typeof sessionUpgradeVerifyRequest>;
--- a/src/lib/server/schemas/category.ts
+++ b/src/lib/server/schemas/category.ts
@@ -1,3 +1,55 @@
 import { z } from "zod";

-export const categoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
+export const categoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+
+export const categoryInfoResponse = z.object({
+  metadata: z
+    .object({
+      parent: categoryIdSchema,
+      mekVersion: z.number().int().positive(),
+      dek: z.string().base64().nonempty(),
+      dekVersion: z.string().datetime(),
+      name: z.string().base64().nonempty(),
+      nameIv: z.string().base64().nonempty(),
+    })
+    .optional(),
+  subCategories: z.number().int().positive().array(),
+});
+export type CategoryInfoResponse = z.output<typeof categoryInfoResponse>;
+
+export const categoryFileAddRequest = z.object({
+  file: z.number().int().positive(),
+});
+export type CategoryFileAddRequest = z.input<typeof categoryFileAddRequest>;
+
+export const categoryFileListResponse = z.object({
+  files: z.array(
+    z.object({
+      file: z.number().int().positive(),
+      isRecursive: z.boolean(),
+    }),
+  ),
+});
+export type CategoryFileListResponse = z.output<typeof categoryFileListResponse>;
+
+export const categoryFileRemoveRequest = z.object({
+  file: z.number().int().positive(),
+});
+export type CategoryFileRemoveRequest = z.input<typeof categoryFileRemoveRequest>;
+
+export const categoryRenameRequest = z.object({
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type CategoryRenameRequest = z.input<typeof categoryRenameRequest>;
+
+export const categoryCreateRequest = z.object({
+  parent: categoryIdSchema,
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type CategoryCreateRequest = z.input<typeof categoryCreateRequest>;
--- a/src/lib/server/schemas/client.ts
+++ b/src/lib/server/schemas/client.ts
@@ -0,0 +1,36 @@
+import { z } from "zod";
+
+export const clientListResponse = z.object({
+  clients: z.array(
+    z.object({
+      id: z.number().int().positive(),
+      state: z.enum(["pending", "active"]),
+    }),
+  ),
+});
+export type ClientListResponse = z.output<typeof clientListResponse>;
+
+export const clientRegisterRequest = z.object({
+  encPubKey: z.string().base64().nonempty(),
+  sigPubKey: z.string().base64().nonempty(),
+});
+export type ClientRegisterRequest = z.input<typeof clientRegisterRequest>;
+
+export const clientRegisterResponse = z.object({
+  id: z.number().int().positive(),
+  challenge: z.string().base64().nonempty(),
+});
+export type ClientRegisterResponse = z.output<typeof clientRegisterResponse>;
+
+export const clientRegisterVerifyRequest = z.object({
+  id: z.number().int().positive(),
+  answerSig: z.string().base64().nonempty(),
+});
+export type ClientRegisterVerifyRequest = z.input<typeof clientRegisterVerifyRequest>;
+
+export const clientStatusResponse = z.object({
+  id: z.number().int().positive(),
+  state: z.enum(["pending", "active"]),
+  isInitialMekNeeded: z.boolean(),
+});
+export type ClientStatusResponse = z.output<typeof clientStatusResponse>;
--- a/src/lib/server/schemas/directory.ts
+++ b/src/lib/server/schemas/directory.ts
@@ -1,3 +1,41 @@
 import { z } from "zod";

-export const directoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
+export const directoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+
+export const directoryInfoResponse = z.object({
+  metadata: z
+    .object({
+      parent: directoryIdSchema,
+      mekVersion: z.number().int().positive(),
+      dek: z.string().base64().nonempty(),
+      dekVersion: z.string().datetime(),
+      name: z.string().base64().nonempty(),
+      nameIv: z.string().base64().nonempty(),
+    })
+    .optional(),
+  subDirectories: z.number().int().positive().array(),
+  files: z.number().int().positive().array(),
+});
+export type DirectoryInfoResponse = z.output<typeof directoryInfoResponse>;
+
+export const directoryDeleteResponse = z.object({
+  deletedFiles: z.number().int().positive().array(),
+});
+export type DirectoryDeleteResponse = z.output<typeof directoryDeleteResponse>;
+
+export const directoryRenameRequest = z.object({
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type DirectoryRenameRequest = z.input<typeof directoryRenameRequest>;
+
+export const directoryCreateRequest = z.object({
+  parent: directoryIdSchema,
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type DirectoryCreateRequest = z.input<typeof directoryCreateRequest>;
--- a/src/lib/server/schemas/file.ts
+++ b/src/lib/server/schemas/file.ts
@@ -1,7 +1,91 @@
+import mime from "mime";
 import { z } from "zod";
+import { directoryIdSchema } from "./directory";
+
+export const fileInfoResponse = z.object({
+  parent: directoryIdSchema,
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  contentType: z
+    .string()
+    .trim()
+    .nonempty()
+    .refine((value) => mime.getExtension(value) !== null), // MIME type
+  contentIv: z.string().base64().nonempty(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+  createdAt: z.string().base64().nonempty().optional(),
+  createdAtIv: z.string().base64().nonempty().optional(),
+  lastModifiedAt: z.string().base64().nonempty(),
+  lastModifiedAtIv: z.string().base64().nonempty(),
+  categories: z.number().int().positive().array(),
+});
+export type FileInfoResponse = z.output<typeof fileInfoResponse>;
+
+export const fileRenameRequest = z.object({
+  dekVersion: z.string().datetime(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+});
+export type FileRenameRequest = z.input<typeof fileRenameRequest>;
+
+export const fileThumbnailInfoResponse = z.object({
+  updatedAt: z.string().datetime(),
+  contentIv: z.string().base64().nonempty(),
+});
+export type FileThumbnailInfoResponse = z.output<typeof fileThumbnailInfoResponse>;

 export const fileThumbnailUploadRequest = z.object({
-  dekVersion: z.iso.datetime(),
-  contentIv: z.base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  contentIv: z.string().base64().nonempty(),
 });
 export type FileThumbnailUploadRequest = z.input<typeof fileThumbnailUploadRequest>;
+
+export const fileListResponse = z.object({
+  files: z.number().int().positive().array(),
+});
+export type FileListResponse = z.output<typeof fileListResponse>;
+
+export const duplicateFileScanRequest = z.object({
+  hskVersion: z.number().int().positive(),
+  contentHmac: z.string().base64().nonempty(),
+});
+export type DuplicateFileScanRequest = z.input<typeof duplicateFileScanRequest>;
+
+export const duplicateFileScanResponse = z.object({
+  files: z.number().int().positive().array(),
+});
+export type DuplicateFileScanResponse = z.output<typeof duplicateFileScanResponse>;
+
+export const missingThumbnailFileScanResponse = z.object({
+  files: z.number().int().positive().array(),
+});
+export type MissingThumbnailFileScanResponse = z.output<typeof missingThumbnailFileScanResponse>;
+
+export const fileUploadRequest = z.object({
+  parent: directoryIdSchema,
+  mekVersion: z.number().int().positive(),
+  dek: z.string().base64().nonempty(),
+  dekVersion: z.string().datetime(),
+  hskVersion: z.number().int().positive(),
+  contentHmac: z.string().base64().nonempty(),
+  contentType: z
+    .string()
+    .trim()
+    .nonempty()
+    .refine((value) => mime.getExtension(value) !== null), // MIME type
+  contentIv: z.string().base64().nonempty(),
+  name: z.string().base64().nonempty(),
+  nameIv: z.string().base64().nonempty(),
+  createdAt: z.string().base64().nonempty().optional(),
+  createdAtIv: z.string().base64().nonempty().optional(),
+  lastModifiedAt: z.string().base64().nonempty(),
+  lastModifiedAtIv: z.string().base64().nonempty(),
+});
+export type FileUploadRequest = z.input<typeof fileUploadRequest>;
+
+export const fileUploadResponse = z.object({
+  file: z.number().int().positive(),
+});
+export type FileUploadResponse = z.output<typeof fileUploadResponse>;
--- a/src/lib/server/schemas/hsk.ts
+++ b/src/lib/server/schemas/hsk.ts
@@ -0,0 +1,19 @@
+import { z } from "zod";
+
+export const hmacSecretListResponse = z.object({
+  hsks: z.array(
+    z.object({
+      version: z.number().int().positive(),
+      state: z.enum(["active"]),
+      mekVersion: z.number().int().positive(),
+      hsk: z.string().base64().nonempty(),
+    }),
+  ),
+});
+export type HmacSecretListResponse = z.output<typeof hmacSecretListResponse>;
+
+export const initialHmacSecretRegisterRequest = z.object({
+  mekVersion: z.number().int().positive(),
+  hsk: z.string().base64().nonempty(),
+});
+export type InitialHmacSecretRegisterRequest = z.input<typeof initialHmacSecretRegisterRequest>;
--- a/src/lib/server/schemas/index.ts
+++ b/src/lib/server/schemas/index.ts
@@ -1,3 +1,8 @@
+export * from "./auth";
 export * from "./category";
+export * from "./client";
 export * from "./directory";
 export * from "./file";
+export * from "./hsk";
+export * from "./mek";
+export * from "./user";
--- a/src/lib/server/schemas/mek.ts
+++ b/src/lib/server/schemas/mek.ts
@@ -0,0 +1,19 @@
+import { z } from "zod";
+
+export const masterKeyListResponse = z.object({
+  meks: z.array(
+    z.object({
+      version: z.number().int().positive(),
+      state: z.enum(["active", "retired"]),
+      mek: z.string().base64().nonempty(),
+      mekSig: z.string().base64().nonempty(),
+    }),
+  ),
+});
+export type MasterKeyListResponse = z.output<typeof masterKeyListResponse>;
+
+export const initialMasterKeyRegisterRequest = z.object({
+  mek: z.string().base64().nonempty(),
+  mekSig: z.string().base64().nonempty(),
+});
+export type InitialMasterKeyRegisterRequest = z.input<typeof initialMasterKeyRegisterRequest>;
--- a/src/lib/server/schemas/user.ts
+++ b/src/lib/server/schemas/user.ts
@@ -0,0 +1,12 @@
+import { z } from "zod";
+
+export const userInfoResponse = z.object({
+  email: z.string().email(),
+  nickname: z.string().nonempty(),
+});
+export type UserInfoResponse = z.output<typeof userInfoResponse>;
+
+export const nicknameChangeRequest = z.object({
+  newNickname: z.string().trim().min(2).max(8),
+});
+export type NicknameChangeRequest = z.input<typeof nicknameChangeRequest>;
--- a/src/lib/server/services/auth.ts
+++ b/src/lib/server/services/auth.ts
@@ -0,0 +1,122 @@
+import { error } from "@sveltejs/kit";
+import argon2 from "argon2";
+import { getClient, getClientByPubKeys, getUserClient } from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  upgradeSession,
+  deleteSession,
+  deleteAllOtherSessions,
+  registerSessionUpgradeChallenge,
+  consumeSessionUpgradeChallenge,
+} from "$lib/server/db/session";
+import { getUser, getUserByEmail, setUserPassword } from "$lib/server/db/user";
+import env from "$lib/server/loadenv";
+import { startSession } from "$lib/server/modules/auth";
+import { verifySignature, generateChallenge } from "$lib/server/modules/crypto";
+
+const hashPassword = async (password: string) => {
+  return await argon2.hash(password);
+};
+
+const verifyPassword = async (hash: string, password: string) => {
+  return await argon2.verify(hash, password);
+};
+
+export const changePassword = async (
+  userId: number,
+  sessionId: string,
+  oldPassword: string,
+  newPassword: string,
+) => {
+  if (oldPassword === newPassword) {
+    error(400, "Same passwords");
+  } else if (newPassword.length < 8) {
+    error(400, "Too short password");
+  }
+
+  const user = await getUser(userId);
+  if (!user) {
+    error(500, "Invalid session id");
+  } else if (!(await verifyPassword(user.password, oldPassword))) {
+    error(403, "Invalid password");
+  }
+
+  await setUserPassword(userId, await hashPassword(newPassword));
+  await deleteAllOtherSessions(userId, sessionId);
+};
+
+export const login = async (email: string, password: string, ip: string, userAgent: string) => {
+  const user = await getUserByEmail(email);
+  if (!user || !(await verifyPassword(user.password, password))) {
+    error(401, "Invalid email or password");
+  }
+
+  return { sessionIdSigned: await startSession(user.id, ip, userAgent) };
+};
+
+export const logout = async (sessionId: string) => {
+  await deleteSession(sessionId);
+};
+
+export const createSessionUpgradeChallenge = async (
+  sessionId: string,
+  userId: number,
+  ip: string,
+  encPubKey: string,
+  sigPubKey: string,
+) => {
+  const client = await getClientByPubKeys(encPubKey, sigPubKey);
+  const userClient = client ? await getUserClient(userId, client.id) : undefined;
+  if (!client) {
+    error(401, "Invalid public key(s)");
+  } else if (!userClient || userClient.state === "challenging") {
+    error(403, "Unregistered client");
+  }
+
+  const { answer, challenge } = await generateChallenge(32, encPubKey);
+  const { id } = await registerSessionUpgradeChallenge(
+    sessionId,
+    client.id,
+    answer.toString("base64"),
+    ip,
+    new Date(Date.now() + env.challenge.sessionUpgradeExp),
+  );
+
+  return { id, challenge: challenge.toString("base64") };
+};
+
+export const verifySessionUpgradeChallenge = async (
+  sessionId: string,
+  userId: number,
+  ip: string,
+  challengeId: number,
+  answerSig: string,
+  force: boolean,
+) => {
+  const challenge = await consumeSessionUpgradeChallenge(challengeId, sessionId, ip);
+  if (!challenge) {
+    error(403, "Invalid challenge answer");
+  }
+
+  const client = await getClient(challenge.clientId);
+  if (!client) {
+    error(500, "Invalid challenge answer");
+  } else if (
+    !verifySignature(Buffer.from(challenge.answer, "base64"), answerSig, client.sigPubKey)
+  ) {
+    error(403, "Invalid challenge answer signature");
+  }
+
+  try {
+    await upgradeSession(userId, sessionId, client.id, force);
+  } catch (e) {
+    if (e instanceof IntegrityError) {
+      if (e.message === "Session not found") {
+        error(500, "Invalid challenge answer");
+      } else if (!force && e.message === "Session already exists") {
+        error(409, "Already logged in");
+      }
+    }
+    throw e;
+  }
+};
--- a/src/lib/server/services/category.ts
+++ b/src/lib/server/services/category.ts
@@ -0,0 +1,133 @@
+import { error } from "@sveltejs/kit";
+import {
+  registerCategory,
+  getAllCategoriesByParent,
+  getCategory,
+  setCategoryEncName,
+  unregisterCategory,
+  type CategoryId,
+  type NewCategory,
+} from "$lib/server/db/category";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  getAllFilesByCategory,
+  getFile,
+  addFileToCategory,
+  removeFileFromCategory,
+} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
+
+export const getCategoryInformation = async (userId: number, categoryId: CategoryId) => {
+  const category = categoryId !== "root" ? await getCategory(userId, categoryId) : undefined;
+  if (category === null) {
+    error(404, "Invalid category id");
+  }
+
+  const categories = await getAllCategoriesByParent(userId, categoryId);
+  return {
+    metadata: category && {
+      parentId: category.parentId ?? ("root" as const),
+      mekVersion: category.mekVersion,
+      encDek: category.encDek,
+      dekVersion: category.dekVersion,
+      encName: category.encName,
+    },
+    categories: categories.map(({ id }) => id),
+  };
+};
+
+export const deleteCategory = async (userId: number, categoryId: number) => {
+  try {
+    await unregisterCategory(userId, categoryId);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Category not found") {
+      error(404, "Invalid category id");
+    }
+    throw e;
+  }
+};
+
+export const addCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
+  const category = await getCategory(userId, categoryId);
+  const file = await getFile(userId, fileId);
+  if (!category) {
+    error(404, "Invalid category id");
+  } else if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  try {
+    await addFileToCategory(fileId, categoryId);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "File already added to category") {
+      error(400, "File already added");
+    }
+    throw e;
+  }
+};
+
+export const getCategoryFiles = async (userId: number, categoryId: number, recurse: boolean) => {
+  const category = await getCategory(userId, categoryId);
+  if (!category) {
+    error(404, "Invalid category id");
+  }
+
+  const files = await getAllFilesByCategory(userId, categoryId, recurse);
+  return { files };
+};
+
+export const removeCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
+  const category = await getCategory(userId, categoryId);
+  const file = await getFile(userId, fileId);
+  if (!category) {
+    error(404, "Invalid category id");
+  } else if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  try {
+    await removeFileFromCategory(fileId, categoryId);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "File not found in category") {
+      error(400, "File not added");
+    }
+    throw e;
+  }
+};
+
+export const renameCategory = async (
+  userId: number,
+  categoryId: number,
+  dekVersion: Date,
+  newEncName: Ciphertext,
+) => {
+  try {
+    await setCategoryEncName(userId, categoryId, dekVersion, newEncName);
+  } catch (e) {
+    if (e instanceof IntegrityError) {
+      if (e.message === "Category not found") {
+        error(404, "Invalid category id");
+      } else if (e.message === "Invalid DEK version") {
+        error(400, "Invalid DEK version");
+      }
+    }
+    throw e;
+  }
+};
+
+export const createCategory = async (params: NewCategory) => {
+  const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
+  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
+  if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
+    error(400, "Invalid DEK version");
+  }
+
+  try {
+    await registerCategory(params);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
+      error(400, "Inactive MEK version");
+    }
+    throw e;
+  }
+};
--- a/src/lib/server/services/client.ts
+++ b/src/lib/server/services/client.ts
@@ -0,0 +1,116 @@
+import { error } from "@sveltejs/kit";
+import {
+  createClient,
+  getClient,
+  getClientByPubKeys,
+  createUserClient,
+  getAllUserClients,
+  getUserClient,
+  setUserClientStateToPending,
+  registerUserClientChallenge,
+  consumeUserClientChallenge,
+} from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import { verifyPubKey, verifySignature, generateChallenge } from "$lib/server/modules/crypto";
+import { isInitialMekNeeded } from "$lib/server/modules/mek";
+import env from "$lib/server/loadenv";
+
+export const getUserClientList = async (userId: number) => {
+  const userClients = await getAllUserClients(userId);
+  return {
+    userClients: userClients.map(({ clientId, state }) => ({
+      id: clientId,
+      state: state as "pending" | "active",
+    })),
+  };
+};
+
+const expiresAt = () => new Date(Date.now() + env.challenge.userClientExp);
+
+const createUserClientChallenge = async (
+  ip: string,
+  userId: number,
+  clientId: number,
+  encPubKey: string,
+) => {
+  const { answer, challenge } = await generateChallenge(32, encPubKey);
+  const { id } = await registerUserClientChallenge(
+    userId,
+    clientId,
+    answer.toString("base64"),
+    ip,
+    expiresAt(),
+  );
+  return { id, challenge: challenge.toString("base64") };
+};
+
+export const registerUserClient = async (
+  userId: number,
+  ip: string,
+  encPubKey: string,
+  sigPubKey: string,
+) => {
+  const client = await getClientByPubKeys(encPubKey, sigPubKey);
+  if (client) {
+    try {
+      await createUserClient(userId, client.id);
+      return await createUserClientChallenge(ip, userId, client.id, encPubKey);
+    } catch (e) {
+      if (e instanceof IntegrityError && e.message === "User client already exists") {
+        error(409, "Client already registered");
+      }
+      throw e;
+    }
+  } else {
+    if (encPubKey === sigPubKey) {
+      error(400, "Same public keys");
+    } else if (!verifyPubKey(encPubKey) || !verifyPubKey(sigPubKey)) {
+      error(400, "Invalid public key(s)");
+    }
+
+    try {
+      const { id: clientId } = await createClient(encPubKey, sigPubKey, userId);
+      return await createUserClientChallenge(ip, userId, clientId, encPubKey);
+    } catch (e) {
+      if (e instanceof IntegrityError && e.message === "Public key(s) already registered") {
+        error(409, "Public key(s) already used");
+      }
+      throw e;
+    }
+  }
+};
+
+export const verifyUserClient = async (
+  userId: number,
+  ip: string,
+  challengeId: number,
+  answerSig: string,
+) => {
+  const challenge = await consumeUserClientChallenge(challengeId, userId, ip);
+  if (!challenge) {
+    error(403, "Invalid challenge answer");
+  }
+
+  const client = await getClient(challenge.clientId);
+  if (!client) {
+    error(500, "Invalid challenge answer");
+  } else if (
+    !verifySignature(Buffer.from(challenge.answer, "base64"), answerSig, client.sigPubKey)
+  ) {
+    error(403, "Invalid challenge answer signature");
+  }
+
+  await setUserClientStateToPending(userId, client.id);
+};
+
+export const getUserClientStatus = async (userId: number, clientId: number) => {
+  const userClient = await getUserClient(userId, clientId);
+  if (!userClient) {
+    error(500, "Invalid session id");
+  }
+
+  return {
+    state: userClient.state as "pending" | "active",
+    isInitialMekNeeded: await isInitialMekNeeded(userId),
+  };
+};
--- a/src/lib/server/services/directory.ts
+++ b/src/lib/server/services/directory.ts
@@ -0,0 +1,96 @@
+import { error } from "@sveltejs/kit";
+import { unlink } from "fs/promises";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  registerDirectory,
+  getAllDirectoriesByParent,
+  getDirectory,
+  setDirectoryEncName,
+  unregisterDirectory,
+  getAllFilesByParent,
+  type DirectoryId,
+  type NewDirectory,
+} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
+
+export const getDirectoryInformation = async (userId: number, directoryId: DirectoryId) => {
+  const directory = directoryId !== "root" ? await getDirectory(userId, directoryId) : undefined;
+  if (directory === null) {
+    error(404, "Invalid directory id");
+  }
+
+  const directories = await getAllDirectoriesByParent(userId, directoryId);
+  const files = await getAllFilesByParent(userId, directoryId);
+  return {
+    metadata: directory && {
+      parentId: directory.parentId ?? ("root" as const),
+      mekVersion: directory.mekVersion,
+      encDek: directory.encDek,
+      dekVersion: directory.dekVersion,
+      encName: directory.encName,
+    },
+    directories: directories.map(({ id }) => id),
+    files: files.map(({ id }) => id),
+  };
+};
+
+const safeUnlink = async (path: string | null) => {
+  if (path) {
+    await unlink(path).catch(console.error);
+  }
+};
+
+export const deleteDirectory = async (userId: number, directoryId: number) => {
+  try {
+    const files = await unregisterDirectory(userId, directoryId);
+    return {
+      files: files.map(({ id, path, thumbnailPath }) => {
+        safeUnlink(path); // Intended
+        safeUnlink(thumbnailPath); // Intended
+        return id;
+      }),
+    };
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Directory not found") {
+      error(404, "Invalid directory id");
+    }
+    throw e;
+  }
+};
+
+export const renameDirectory = async (
+  userId: number,
+  directoryId: number,
+  dekVersion: Date,
+  newEncName: Ciphertext,
+) => {
+  try {
+    await setDirectoryEncName(userId, directoryId, dekVersion, newEncName);
+  } catch (e) {
+    if (e instanceof IntegrityError) {
+      if (e.message === "Directory not found") {
+        error(404, "Invalid directory id");
+      } else if (e.message === "Invalid DEK version") {
+        error(400, "Invalid DEK version");
+      }
+    }
+    throw e;
+  }
+};
+
+export const createDirectory = async (params: NewDirectory) => {
+  const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
+  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
+  if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
+    error(400, "Invalid DEK version");
+  }
+
+  try {
+    await registerDirectory(params);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
+      error(400, "Invalid MEK version");
+    }
+    throw e;
+  }
+};
--- a/src/lib/server/services/file.ts
+++ b/src/lib/server/services/file.ts
@@ -1,85 +1,123 @@
 import { error } from "@sveltejs/kit";
 import { createHash } from "crypto";
 import { createReadStream, createWriteStream } from "fs";
-import { mkdir, stat } from "fs/promises";
+import { mkdir, stat, unlink } from "fs/promises";
 import { dirname } from "path";
 import { Readable } from "stream";
 import { pipeline } from "stream/promises";
 import { v4 as uuidv4 } from "uuid";
-import { CHUNK_SIZE, ENCRYPTION_OVERHEAD } from "$lib/constants";
-import { FileRepo, MediaRepo, UploadRepo, IntegrityError } from "$lib/server/db";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+  registerFile,
+  getAllFileIds,
+  getAllFileIdsByContentHmac,
+  getFile,
+  setFileEncName,
+  unregisterFile,
+  getAllFileCategories,
+  type NewFile,
+} from "$lib/server/db/file";
+import {
+  updateFileThumbnail,
+  getFileThumbnail,
+  getMissingFileThumbnails,
+} from "$lib/server/db/media";
+import type { Ciphertext } from "$lib/server/db/schema";
 import env from "$lib/server/loadenv";
-import { getChunkDirectoryPath, safeUnlink } from "$lib/server/modules/filesystem";

-const uploadLocks = new Set<string>();
-
-const createEncContentStream = async (
-  path: string,
-  iv?: Buffer,
-  range?: { start?: number; end?: number },
-) => {
-  const { size: fileSize } = await stat(path);
-  const ivSize = iv?.byteLength ?? 0;
-  const totalSize = fileSize + ivSize;
-
-  const start = range?.start ?? 0;
-  const end = range?.end ?? totalSize - 1;
-  if (start > end || start < 0 || end >= totalSize) {
-    error(416, "Invalid range");
-  }
-
-  return {
-    encContentStream: Readable.toWeb(
-      Readable.from(
-        (async function* () {
-          if (start < ivSize) {
-            yield iv!.subarray(start, Math.min(end + 1, ivSize));
-          }
-          if (end >= ivSize) {
-            yield* createReadStream(path, {
-              start: Math.max(0, start - ivSize),
-              end: end - ivSize,
-            });
-          }
-        })(),
-      ),
-    ),
-    range: { start, end, total: totalSize },
-  };
-};
-
-export const getFileStream = async (
-  userId: number,
-  fileId: number,
-  range?: { start?: number; end?: number },
-) => {
-  const file = await FileRepo.getFile(userId, fileId);
+export const getFileInformation = async (userId: number, fileId: number) => {
+  const file = await getFile(userId, fileId);
  if (!file) {
    error(404, "Invalid file id");
  }

-  return createEncContentStream(
-    file.path,
-    file.encContentIv ? Buffer.from(file.encContentIv, "base64") : undefined,
-    range,
-  );
+  const categories = await getAllFileCategories(fileId);
+  return {
+    parentId: file.parentId ?? ("root" as const),
+    mekVersion: file.mekVersion,
+    encDek: file.encDek,
+    dekVersion: file.dekVersion,
+    contentType: file.contentType,
+    encContentIv: file.encContentIv,
+    encName: file.encName,
+    encCreatedAt: file.encCreatedAt,
+    encLastModifiedAt: file.encLastModifiedAt,
+    categories: categories.map(({ id }) => id),
+  };
 };

-export const getFileThumbnailStream = async (
+const safeUnlink = async (path: string | null) => {
+  if (path) {
+    await unlink(path).catch(console.error);
+  }
+};
+
+export const deleteFile = async (userId: number, fileId: number) => {
+  try {
+    const { path, thumbnailPath } = await unregisterFile(userId, fileId);
+    safeUnlink(path); // Intended
+    safeUnlink(thumbnailPath); // Intended
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "File not found") {
+      error(404, "Invalid file id");
+    }
+    throw e;
+  }
+};
+
+export const getFileStream = async (userId: number, fileId: number) => {
+  const file = await getFile(userId, fileId);
+  if (!file) {
+    error(404, "Invalid file id");
+  }
+
+  const { size } = await stat(file.path);
+  return {
+    encContentStream: Readable.toWeb(createReadStream(file.path)),
+    encContentSize: size,
+  };
+};
+
+export const renameFile = async (
  userId: number,
  fileId: number,
-  range?: { start?: number; end?: number },
+  dekVersion: Date,
+  newEncName: Ciphertext,
 ) => {
-  const thumbnail = await MediaRepo.getFileThumbnail(userId, fileId);
+  try {
+    await setFileEncName(userId, fileId, dekVersion, newEncName);
+  } catch (e) {
+    if (e instanceof IntegrityError) {
+      if (e.message === "File not found") {
+        error(404, "Invalid file id");
+      } else if (e.message === "Invalid DEK version") {
+        error(400, "Invalid DEK version");
+      }
+    }
+    throw e;
+  }
+};
+
+export const getFileThumbnailInformation = async (userId: number, fileId: number) => {
+  const thumbnail = await getFileThumbnail(userId, fileId);
  if (!thumbnail) {
    error(404, "File or its thumbnail not found");
  }

-  return createEncContentStream(
-    thumbnail.path,
-    Buffer.from(thumbnail.encContentIv, "base64"),
-    range,
-  );
+  return { updatedAt: thumbnail.updatedAt, encContentIv: thumbnail.encContentIv };
+};
+
+export const getFileThumbnailStream = async (userId: number, fileId: number) => {
+  const thumbnail = await getFileThumbnail(userId, fileId);
+  if (!thumbnail) {
+    error(404, "File or its thumbnail not found");
+  }
+
+  const { size } = await stat(thumbnail.path);
+  return {
+    encContentStream: Readable.toWeb(createReadStream(thumbnail.path)),
+    encContentSize: size,
+  };
 };

 export const uploadFileThumbnail = async (
@@ -95,13 +133,7 @@ export const uploadFileThumbnail = async (
  try {
    await pipeline(encContentStream, createWriteStream(path, { flags: "wx", mode: 0o600 }));

-    const oldPath = await MediaRepo.updateFileThumbnail(
-      userId,
-      fileId,
-      dekVersion,
-      path,
-      encContentIv,
-    );
+    const oldPath = await updateFileThumbnail(userId, fileId, dekVersion, path, encContentIv);
    safeUnlink(oldPath); // Intended
  } catch (e) {
    await safeUnlink(path);
@@ -117,70 +149,75 @@ export const uploadFileThumbnail = async (
  }
 };

-export const uploadChunk = async (
+export const getFileList = async (userId: number) => {
+  const fileIds = await getAllFileIds(userId);
+  return { files: fileIds };
+};
+
+export const scanDuplicateFiles = async (
  userId: number,
-  sessionId: string,
-  chunkIndex: number,
-  encChunkStream: Readable,
-  encChunkHash: string,
+  hskVersion: number,
+  contentHmac: string,
 ) => {
-  const lockKey = `${sessionId}/${chunkIndex}`;
-  if (uploadLocks.has(lockKey)) {
-    error(409, "Chunk already uploaded"); // TODO: Message
-  } else {
-    uploadLocks.add(lockKey);
+  const fileIds = await getAllFileIdsByContentHmac(userId, hskVersion, contentHmac);
+  return { files: fileIds };
+};
+
+export const scanMissingFileThumbnails = async (userId: number) => {
+  const fileIds = await getMissingFileThumbnails(userId);
+  return { files: fileIds };
+};
+
+export const uploadFile = async (
+  params: Omit<NewFile, "path" | "encContentHash">,
+  encContentStream: Readable,
+  encContentHash: Promise<string>,
+) => {
+  const oneDayAgo = new Date(Date.now() - 24 * 60 * 60 * 1000);
+  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
+  if (params.dekVersion <= oneDayAgo || params.dekVersion >= oneMinuteLater) {
+    error(400, "Invalid DEK version");
  }

-  const filePath = `${getChunkDirectoryPath(sessionId)}/${chunkIndex}`;
+  const path = `${env.libraryPath}/${params.userId}/${uuidv4()}`;
+  await mkdir(dirname(path), { recursive: true });

  try {
-    const session = await UploadRepo.getUploadSession(sessionId, userId);
-    if (!session) {
-      error(404, "Invalid upload id");
-    } else if (chunkIndex >= session.totalChunks) {
-      error(400, "Invalid chunk index");
-    } else if (session.uploadedChunks.includes(chunkIndex)) {
-      error(409, "Chunk already uploaded");
-    }
-
-    const isLastChunk = chunkIndex === session.totalChunks - 1;
-
-    let writtenBytes = 0;
    const hashStream = createHash("sha256");
-    const writeStream = createWriteStream(filePath, { flags: "wx", mode: 0o600 });
-
-    for await (const chunk of encChunkStream) {
-      writtenBytes += chunk.length;
-      hashStream.update(chunk);
-      writeStream.write(chunk);
-    }
-
-    await new Promise<void>((resolve, reject) => {
-      writeStream.end((e: any) => (e ? reject(e) : resolve()));
-    });
-
-    if (hashStream.digest("base64") !== encChunkHash) {
+    const [, hash] = await Promise.all([
+      pipeline(
+        encContentStream,
+        async function* (source) {
+          for await (const chunk of source) {
+            hashStream.update(chunk);
+            yield chunk;
+          }
+        },
+        createWriteStream(path, { flags: "wx", mode: 0o600 }),
+      ),
+      encContentHash,
+    ]);
+    if (hashStream.digest("base64") !== hash) {
      throw new Error("Invalid checksum");
-    } else if (
-      (!isLastChunk && writtenBytes !== CHUNK_SIZE + ENCRYPTION_OVERHEAD) ||
-      (isLastChunk &&
-        (writtenBytes <= ENCRYPTION_OVERHEAD || writtenBytes > CHUNK_SIZE + ENCRYPTION_OVERHEAD))
-    ) {
-      throw new Error("Invalid chunk size");
    }

-    await UploadRepo.markChunkAsUploaded(sessionId, chunkIndex);
+    const { id: fileId } = await registerFile({
+      ...params,
+      path,
+      encContentHash: hash,
+    });
+    return { fileId };
  } catch (e) {
-    await safeUnlink(filePath);
+    await safeUnlink(path);

-    if (
+    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
+      error(400, "Invalid MEK version");
+    } else if (
      e instanceof Error &&
-      (e.message === "Invalid checksum" || e.message === "Invalid chunk size")
+      (e.message === "Invalid request body" || e.message === "Invalid checksum")
    ) {
      error(400, "Invalid request body");
    }
    throw e;
-  } finally {
-    uploadLocks.delete(lockKey);
  }
 };
--- a/src/lib/server/services/hsk.ts
+++ b/src/lib/server/services/hsk.ts
@@ -0,0 +1,31 @@
+import { error } from "@sveltejs/kit";
+import { IntegrityError } from "$lib/server/db/error";
+import { registerInitialHsk, getAllValidHsks } from "$lib/server/db/hsk";
+
+export const getHskList = async (userId: number) => {
+  const hsks = await getAllValidHsks(userId);
+  return {
+    encHsks: hsks.map(({ version, state, mekVersion, encHsk }) => ({
+      version,
+      state,
+      mekVersion,
+      encHsk,
+    })),
+  };
+};
+
+export const registerInitialActiveHsk = async (
+  userId: number,
+  createdBy: number,
+  mekVersion: number,
+  encHsk: string,
+) => {
+  try {
+    await registerInitialHsk(userId, createdBy, mekVersion, encHsk);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "HSK already registered") {
+      error(409, "Initial HSK already registered");
+    }
+    throw e;
+  }
+};
--- a/src/lib/server/services/mek.ts
+++ b/src/lib/server/services/mek.ts
@@ -0,0 +1,38 @@
+import { error } from "@sveltejs/kit";
+import { setUserClientStateToActive } from "$lib/server/db/client";
+import { IntegrityError } from "$lib/server/db/error";
+import { registerInitialMek, getAllValidClientMeks } from "$lib/server/db/mek";
+import { verifyClientEncMekSig } from "$lib/server/modules/mek";
+
+export const getClientMekList = async (userId: number, clientId: number) => {
+  const clientMeks = await getAllValidClientMeks(userId, clientId);
+  return {
+    encMeks: clientMeks.map(({ version, state, encMek, encMekSig }) => ({
+      version,
+      state,
+      encMek,
+      encMekSig,
+    })),
+  };
+};
+
+export const registerInitialActiveMek = async (
+  userId: number,
+  createdBy: number,
+  encMek: string,
+  encMekSig: string,
+) => {
+  if (!(await verifyClientEncMekSig(userId, createdBy, 1, encMek, encMekSig))) {
+    error(400, "Invalid signature");
+  }
+
+  try {
+    await registerInitialMek(userId, createdBy, encMek, encMekSig);
+    await setUserClientStateToActive(userId, createdBy);
+  } catch (e) {
+    if (e instanceof IntegrityError && e.message === "MEK already registered") {
+      error(409, "Initial MEK already registered");
+    }
+    throw e;
+  }
+};
--- a/src/lib/server/services/user.ts
+++ b/src/lib/server/services/user.ts
@@ -0,0 +1,15 @@
+import { error } from "@sveltejs/kit";
+import { getUser, setUserNickname } from "$lib/server/db/user";
+
+export const getUserInformation = async (userId: number) => {
+  const user = await getUser(userId);
+  if (!user) {
+    error(500, "Invalid session id");
+  }
+
+  return { email: user.email, nickname: user.nickname };
+};
+
+export const changeNickname = async (userId: number, nickname: string) => {
+  await setUserNickname(userId, nickname);
+};
--- a/src/lib/services/auth.ts
+++ b/src/lib/services/auth.ts
@@ -1,5 +1,10 @@
+import { callPostApi } from "$lib/hooks";
 import { encodeToBase64, decryptChallenge, signMessageRSA } from "$lib/modules/crypto";
-import { trpc, isTRPCClientError } from "$trpc/client";
+import type {
+  SessionUpgradeRequest,
+  SessionUpgradeResponse,
+  SessionUpgradeVerifyRequest,
+} from "$lib/server/schemas";

 export const requestSessionUpgrade = async (
  encryptKeyBase64: string,
@@ -8,43 +13,27 @@ export const requestSessionUpgrade = async (
  signKey: CryptoKey,
  force = false,
 ) => {
-  let id, challenge;
-  try {
-    ({ id, challenge } = await trpc().auth.upgrade.mutate({
-      encPubKey: encryptKeyBase64,
-      sigPubKey: verifyKeyBase64,
-    }));
-  } catch (e) {
-    if (isTRPCClientError(e) && e.data?.code === "FORBIDDEN") {
-      return [false, "Unregistered client"] as const;
-    }
-    return [false] as const;
-  }
+  let res = await callPostApi<SessionUpgradeRequest>("/api/auth/upgradeSession", {
+    encPubKey: encryptKeyBase64,
+    sigPubKey: verifyKeyBase64,
+  });
+  if (res.status === 403) return [false, "Unregistered client"] as const;
+  else if (!res.ok) return [false] as const;
+
+  const { id, challenge }: SessionUpgradeResponse = await res.json();
  const answer = await decryptChallenge(challenge, decryptKey);
  const answerSig = await signMessageRSA(answer, signKey);

-  try {
-    await trpc().auth.verifyUpgrade.mutate({
-      id,
-      answerSig: encodeToBase64(answerSig),
-      force,
-    });
-  } catch (e) {
-    if (isTRPCClientError(e) && e.data?.code === "CONFLICT") {
-      return [false, "Already logged in"] as const;
-    }
-    return [false] as const;
-  }
-
-  return [true] as const;
+  res = await callPostApi<SessionUpgradeVerifyRequest>("/api/auth/upgradeSession/verify", {
+    id,
+    answerSig: encodeToBase64(answerSig),
+    force,
+  });
+  if (res.status === 409) return [false, "Already logged in"] as const;
+  else return [res.ok] as const;
 };

 export const requestLogout = async () => {
-  try {
-    await trpc().auth.logout.mutate();
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi("/api/auth/logout");
+  return res.ok;
 };
--- a/src/lib/services/category.ts
+++ b/src/lib/services/category.ts
@@ -1,6 +1,7 @@
+import { callPostApi } from "$lib/hooks";
 import { generateDataKey, wrapDataKey, encryptString } from "$lib/modules/crypto";
+import type { CategoryCreateRequest, CategoryFileRemoveRequest } from "$lib/server/schemas";
 import type { MasterKey } from "$lib/stores";
-import { trpc } from "$trpc/client";

 export const requestCategoryCreation = async (
  name: string,
@@ -10,28 +11,21 @@ export const requestCategoryCreation = async (
  const { dataKey, dataKeyVersion } = await generateDataKey();
  const nameEncrypted = await encryptString(name, dataKey);

-  try {
-    await trpc().category.create.mutate({
-      parent: parentId,
-      mekVersion: masterKey.version,
-      dek: await wrapDataKey(dataKey, masterKey.key),
-      dekVersion: dataKeyVersion,
-      name: nameEncrypted.ciphertext,
-      nameIv: nameEncrypted.iv,
-    });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<CategoryCreateRequest>("/api/category/create", {
+    parent: parentId,
+    mekVersion: masterKey.version,
+    dek: await wrapDataKey(dataKey, masterKey.key),
+    dekVersion: dataKeyVersion.toISOString(),
+    name: nameEncrypted.ciphertext,
+    nameIv: nameEncrypted.iv,
+  });
+  return res.ok;
 };

 export const requestFileRemovalFromCategory = async (fileId: number, categoryId: number) => {
-  try {
-    await trpc().category.removeFile.mutate({ id: categoryId, file: fileId });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<CategoryFileRemoveRequest>(
+    `/api/category/${categoryId}/file/remove`,
+    { file: fileId },
+  );
+  return res.ok;
 };
--- a/src/lib/services/file.ts
+++ b/src/lib/services/file.ts
@@ -1,24 +1,31 @@
+import { callGetApi } from "$lib/hooks";
 import { getAllFileInfos } from "$lib/indexedDB/filesystem";
-import { encodeToBase64 } from "$lib/modules/crypto";
+import { decryptData } from "$lib/modules/crypto";
 import {
  getFileCache,
  storeFileCache,
  deleteFileCache,
-  downloadFile,
+  getFileThumbnailCache,
+  storeFileThumbnailCache,
  deleteFileThumbnailCache,
+  downloadFile,
 } from "$lib/modules/file";
-import type { FileThumbnailUploadRequest } from "$lib/server/schemas";
-import { trpc } from "$trpc/client";
+import { getThumbnailUrl } from "$lib/modules/thumbnail";
+import type {
+  FileThumbnailInfoResponse,
+  FileThumbnailUploadRequest,
+  FileListResponse,
+} from "$lib/server/schemas";

 export const requestFileDownload = async (
  fileId: number,
+  fileEncryptedIv: string,
  dataKey: CryptoKey,
-  isLegacy: boolean,
 ) => {
  const cache = await getFileCache(fileId);
  if (cache) return cache;

-  const fileBuffer = await downloadFile(fileId, dataKey, isLegacy);
+  const fileBuffer = await downloadFile(fileId, fileEncryptedIv, dataKey);
  storeFileCache(fileId, fileBuffer); // Intended
  return fileBuffer;
 };
@@ -26,14 +33,14 @@ export const requestFileDownload = async (
 export const requestFileThumbnailUpload = async (
  fileId: number,
  dataKeyVersion: Date,
-  thumbnailEncrypted: { ciphertext: ArrayBuffer; iv: ArrayBuffer },
+  thumbnailEncrypted: { ciphertext: ArrayBuffer; iv: string },
 ) => {
  const form = new FormData();
  form.set(
    "metadata",
    JSON.stringify({
      dekVersion: dataKeyVersion.toISOString(),
-      contentIv: encodeToBase64(thumbnailEncrypted.iv),
+      contentIv: thumbnailEncrypted.iv,
    } satisfies FileThumbnailUploadRequest),
  );
  form.set("content", new Blob([thumbnailEncrypted.ciphertext]));
@@ -41,15 +48,30 @@ export const requestFileThumbnailUpload = async (
  return await fetch(`/api/file/${fileId}/thumbnail/upload`, { method: "POST", body: form });
 };

-export const requestDeletedFilesCleanup = async () => {
-  let liveFiles;
-  try {
-    liveFiles = await trpc().file.list.query();
-  } catch {
-    // TODO: Error Handling
-    return;
-  }
+export const requestFileThumbnailDownload = async (fileId: number, dataKey: CryptoKey) => {
+  const cache = await getFileThumbnailCache(fileId);
+  if (cache) return cache;

+  let res = await callGetApi(`/api/file/${fileId}/thumbnail`);
+  if (!res.ok) return null;
+
+  const { contentIv: thumbnailEncryptedIv }: FileThumbnailInfoResponse = await res.json();
+
+  res = await callGetApi(`/api/file/${fileId}/thumbnail/download`);
+  if (!res.ok) return null;
+
+  const thumbnailEncrypted = await res.arrayBuffer();
+  const thumbnailBuffer = await decryptData(thumbnailEncrypted, thumbnailEncryptedIv, dataKey);
+
+  storeFileThumbnailCache(fileId, thumbnailBuffer); // Intended
+  return getThumbnailUrl(thumbnailBuffer);
+};
+
+export const requestDeletedFilesCleanup = async () => {
+  const res = await callGetApi("/api/file/list");
+  if (!res.ok) return;
+
+  const { files: liveFiles }: FileListResponse = await res.json();
  const liveFilesSet = new Set(liveFiles);
  const maybeCachedFiles = await getAllFileInfos();

--- a/src/lib/services/key.ts
+++ b/src/lib/services/key.ts
@@ -1,3 +1,4 @@
+import { callGetApi, callPostApi } from "$lib/hooks";
 import { storeMasterKeys } from "$lib/indexedDB";
 import {
  encodeToBase64,
@@ -8,9 +9,16 @@ import {
  signMasterKeyWrapped,
  verifyMasterKeyWrapped,
 } from "$lib/modules/crypto";
+import type {
+  ClientRegisterRequest,
+  ClientRegisterResponse,
+  ClientRegisterVerifyRequest,
+  InitialHmacSecretRegisterRequest,
+  MasterKeyListResponse,
+  InitialMasterKeyRegisterRequest,
+} from "$lib/server/schemas";
 import { requestSessionUpgrade } from "$lib/services/auth";
 import { masterKeyStore, type ClientKeys } from "$lib/stores";
-import { trpc, isTRPCClientError } from "$trpc/client";

 export const requestClientRegistration = async (
  encryptKeyBase64: string,
@@ -18,22 +26,21 @@ export const requestClientRegistration = async (
  verifyKeyBase64: string,
  signKey: CryptoKey,
 ) => {
-  try {
-    const { id, challenge } = await trpc().client.register.mutate({
-      encPubKey: encryptKeyBase64,
-      sigPubKey: verifyKeyBase64,
-    });
-    const answer = await decryptChallenge(challenge, decryptKey);
-    const answerSig = await signMessageRSA(answer, signKey);
-    await trpc().client.verify.mutate({
-      id,
-      answerSig: encodeToBase64(answerSig),
-    });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  let res = await callPostApi<ClientRegisterRequest>("/api/client/register", {
+    encPubKey: encryptKeyBase64,
+    sigPubKey: verifyKeyBase64,
+  });
+  if (!res.ok) return false;
+
+  const { id, challenge }: ClientRegisterResponse = await res.json();
+  const answer = await decryptChallenge(challenge, decryptKey);
+  const answerSig = await signMessageRSA(answer, signKey);
+
+  res = await callPostApi<ClientRegisterVerifyRequest>("/api/client/register/verify", {
+    id,
+    answerSig: encodeToBase64(answerSig),
+  });
+  return res.ok;
 };

 export const requestClientRegistrationAndSessionUpgrade = async (
@@ -66,14 +73,10 @@ export const requestClientRegistrationAndSessionUpgrade = async (
 };

 export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verifyKey: CryptoKey) => {
-  let masterKeysWrapped;
-  try {
-    masterKeysWrapped = await trpc().mek.list.query();
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callGetApi("/api/mek/list");
+  if (!res.ok) return false;

+  const { meks: masterKeysWrapped }: MasterKeyListResponse = await res.json();
  const masterKeys = await Promise.all(
    masterKeysWrapped.map(
      async ({ version, state, mek: masterKeyWrapped, mekSig: masterKeyWrappedSig }) => {
@@ -105,27 +108,17 @@ export const requestInitialMasterKeyAndHmacSecretRegistration = async (
  hmacSecretWrapped: string,
  signKey: CryptoKey,
 ) => {
-  try {
-    await trpc().mek.registerInitial.mutate({
-      mek: masterKeyWrapped,
-      mekSig: await signMasterKeyWrapped(masterKeyWrapped, 1, signKey),
-    });
-  } catch (e) {
-    if (isTRPCClientError(e) && (e.data?.code === "FORBIDDEN" || e.data?.code === "CONFLICT")) {
-      return true;
-    }
-    // TODO: Error Handling
-    return false;
+  let res = await callPostApi<InitialMasterKeyRegisterRequest>("/api/mek/register/initial", {
+    mek: masterKeyWrapped,
+    mekSig: await signMasterKeyWrapped(masterKeyWrapped, 1, signKey),
+  });
+  if (!res.ok) {
+    return res.status === 403 || res.status === 409;
  }

-  try {
-    await trpc().hsk.registerInitial.mutate({
-      mekVersion: 1,
-      hsk: hmacSecretWrapped,
-    });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  res = await callPostApi<InitialHmacSecretRegisterRequest>("/api/hsk/register/initial", {
+    mekVersion: 1,
+    hsk: hmacSecretWrapped,
+  });
+  return res.ok;
 };
--- a/src/lib/stores/file.ts
+++ b/src/lib/stores/file.ts
@@ -0,0 +1,49 @@
+import { writable, type Writable } from "svelte/store";
+
+export interface FileUploadStatus {
+  name: string;
+  parentId: "root" | number;
+  status:
+    | "encryption-pending"
+    | "encrypting"
+    | "upload-pending"
+    | "uploading"
+    | "uploaded"
+    | "canceled"
+    | "error";
+  progress?: number;
+  rate?: number;
+  estimated?: number;
+}
+
+export interface FileDownloadStatus {
+  id: number;
+  status:
+    | "download-pending"
+    | "downloading"
+    | "decryption-pending"
+    | "decrypting"
+    | "decrypted"
+    | "canceled"
+    | "error";
+  progress?: number;
+  rate?: number;
+  estimated?: number;
+  result?: ArrayBuffer;
+}
+
+export const fileUploadStatusStore = writable<Writable<FileUploadStatus>[]>([]);
+
+export const fileDownloadStatusStore = writable<Writable<FileDownloadStatus>[]>([]);
+
+export const isFileUploading = (
+  status: FileUploadStatus["status"],
+): status is "encryption-pending" | "encrypting" | "upload-pending" | "uploading" => {
+  return ["encryption-pending", "encrypting", "upload-pending", "uploading"].includes(status);
+};
+
+export const isFileDownloading = (
+  status: FileDownloadStatus["status"],
+): status is "download-pending" | "downloading" | "decryption-pending" | "decrypting" => {
+  return ["download-pending", "downloading", "decryption-pending", "decrypting"].includes(status);
+};
--- a/src/lib/stores/index.ts
+++ b/src/lib/stores/index.ts
@@ -1 +1,2 @@
+export * from "./file";
 export * from "./key";
--- a/src/lib/types/filesystem.d.ts
+++ b/src/lib/types/filesystem.d.ts
@@ -1,2 +0,0 @@
-type DirectoryId = "root" | number;
-type CategoryId = "root" | number;
--- a/src/lib/utils/HybridPromise.ts
+++ b/src/lib/utils/HybridPromise.ts
@@ -1,93 +0,0 @@
-type MaybePromise<T> = T | Promise<T> | HybridPromise<T>;
-
-type HybridPromiseState<T> =
-  | { mode: "sync"; status: "fulfilled"; value: T }
-  | { mode: "sync"; status: "rejected"; reason: unknown }
-  | { mode: "async"; promise: Promise<T> };
-
-export class HybridPromise<T> implements PromiseLike<T> {
-  private isConsumed = false;
-
-  private constructor(private readonly state: HybridPromiseState<T>) {
-    if (state.mode === "sync" && state.status === "rejected") {
-      queueMicrotask(() => {
-        if (!this.isConsumed) {
-          throw state.reason;
-        }
-      });
-    }
-  }
-
-  isSync(): boolean {
-    return this.state.mode === "sync";
-  }
-
-  toPromise(): Promise<T> {
-    this.isConsumed = true;
-
-    if (this.state.mode === "async") return this.state.promise;
-    return this.state.status === "fulfilled"
-      ? Promise.resolve(this.state.value)
-      : Promise.reject(this.state.reason);
-  }
-
-  static resolve<T>(value: MaybePromise<T>): HybridPromise<T> {
-    if (value instanceof HybridPromise) return value;
-    return new HybridPromise(
-      value instanceof Promise
-        ? { mode: "async", promise: value }
-        : { mode: "sync", status: "fulfilled", value },
-    );
-  }
-
-  static reject<T = never>(reason?: unknown): HybridPromise<T> {
-    return new HybridPromise({ mode: "sync", status: "rejected", reason });
-  }
-
-  then<TResult1 = T, TResult2 = never>(
-    onfulfilled?: ((value: T) => MaybePromise<TResult1>) | null | undefined,
-    onrejected?: ((reason: unknown) => MaybePromise<TResult2>) | null | undefined,
-  ): HybridPromise<TResult1 | TResult2> {
-    this.isConsumed = true;
-
-    if (this.state.mode === "async") {
-      return new HybridPromise({
-        mode: "async",
-        promise: this.state.promise.then(onfulfilled, onrejected) as any,
-      });
-    }
-
-    try {
-      if (this.state.status === "fulfilled") {
-        if (!onfulfilled) return HybridPromise.resolve(this.state.value as any);
-        return HybridPromise.resolve(onfulfilled(this.state.value));
-      } else {
-        if (!onrejected) return HybridPromise.reject(this.state.reason);
-        return HybridPromise.resolve(onrejected(this.state.reason));
-      }
-    } catch (e) {
-      return HybridPromise.reject(e);
-    }
-  }
-
-  catch<TResult = never>(
-    onrejected?: ((reason: unknown) => MaybePromise<TResult>) | null | undefined,
-  ): HybridPromise<T | TResult> {
-    return this.then<T, TResult>(null, onrejected);
-  }
-
-  finally(onfinally?: (() => void) | null | undefined): HybridPromise<T> {
-    this.isConsumed = true;
-
-    if (this.state.mode === "async") {
-      return new HybridPromise({ mode: "async", promise: this.state.promise.finally(onfinally) });
-    }
-
-    try {
-      onfinally?.();
-      return new HybridPromise(this.state);
-    } catch (e) {
-      return HybridPromise.reject(e);
-    }
-  }
-}
--- a/src/lib/utils/index.ts
+++ b/src/lib/utils/index.ts
@@ -1,4 +0,0 @@
-export * from "./format";
-export * from "./gotoStateful";
-export * from "./HybridPromise";
-export * from "./sort";
--- a/src/lib/utils/sort.ts
+++ b/src/lib/utils/sort.ts
@@ -1,59 +0,0 @@
-interface SortEntry {
-  name?: string;
-  date?: Date;
-}
-
-export enum SortBy {
-  NAME_ASC,
-  NAME_DESC,
-  DATE_ASC,
-  DATE_DESC,
-}
-
-type SortFunc = (a: SortEntry, b: SortEntry) => number;
-
-const collator = new Intl.Collator(undefined, { numeric: true, sensitivity: "base" });
-
-const sortByNameAsc: SortFunc = ({ name: a }, { name: b }) => {
-  if (a && b) return collator.compare(a, b);
-  if (a) return -1;
-  if (b) return 1;
-  return 0;
-};
-
-const sortByNameDesc: SortFunc = (a, b) => -sortByNameAsc(a, b);
-
-const sortByDateAsc: SortFunc = ({ date: a }, { date: b }) => {
-  if (a && b) return a.getTime() - b.getTime();
-  if (a) return -1;
-  if (b) return 1;
-  return 0;
-};
-
-const sortByDateDesc: SortFunc = (a, b) => -sortByDateAsc(a, b);
-
-export const sortEntries = <T extends SortEntry>(entries: T[], sortBy = SortBy.NAME_ASC) => {
-  let sortFunc: SortFunc;
-
-  switch (sortBy) {
-    case SortBy.NAME_ASC:
-      sortFunc = sortByNameAsc;
-      break;
-    case SortBy.NAME_DESC:
-      sortFunc = sortByNameDesc;
-      break;
-    case SortBy.DATE_ASC:
-      sortFunc = sortByDateAsc;
-      break;
-    case SortBy.DATE_DESC:
-      sortFunc = sortByDateDesc;
-      break;
-    default: {
-      const exhaustive: never = sortBy;
-      sortFunc = exhaustive;
-    }
-  }
-
-  entries.sort(sortFunc);
-  return entries;
-};
--- a/src/routes/(fullscreen)/auth/changePassword/+page.svelte
+++ b/src/routes/(fullscreen)/auth/changePassword/+page.svelte
@@ -6,14 +6,8 @@

  let oldPassword = $state("");
  let newPassword = $state("");
-  let confirmPassword = $state("");

  const changePassword = async () => {
-    if (newPassword !== confirmPassword) {
-      // TODO: Alert
-      return;
-    }
-
    if (await requestPasswordChange(oldPassword, newPassword)) {
      await goto("/menu");
    }
@@ -36,7 +30,6 @@

    <TextInput bind:value={oldPassword} placeholder="기존 비밀번호" type="password" />
    <TextInput bind:value={newPassword} placeholder="새 비밀번호" type="password" />
-    <TextInput bind:value={confirmPassword} placeholder="새 비밀번호 확인" type="password" />
  </TitledDiv>
  <BottomDiv>
    <Button onclick={changePassword} class="w-full">비밀번호 바꾸기</Button>
--- a/src/routes/(fullscreen)/auth/changePassword/service.ts
+++ b/src/routes/(fullscreen)/auth/changePassword/service.ts
@@ -1,11 +1,10 @@
-import { trpc } from "$trpc/client";
+import { callPostApi } from "$lib/hooks";
+import type { PasswordChangeRequest } from "$lib/server/schemas";

 export const requestPasswordChange = async (oldPassword: string, newPassword: string) => {
-  try {
-    await trpc().auth.changePassword.mutate({ oldPassword, newPassword });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<PasswordChangeRequest>("/api/auth/changePassword", {
+    oldPassword,
+    newPassword,
+  });
+  return res.ok;
 };
--- a/src/routes/(fullscreen)/auth/login/service.ts
+++ b/src/routes/(fullscreen)/auth/login/service.ts
@@ -1,4 +1,5 @@
-import { trpc } from "$trpc/client";
+import { callPostApi } from "$lib/hooks";
+import type { LoginRequest } from "$lib/server/schemas";

 export { requestLogout } from "$lib/services/auth";
 export { requestDeletedFilesCleanup } from "$lib/services/file";
@@ -8,11 +9,6 @@ export {
 } from "$lib/services/key";

 export const requestLogin = async (email: string, password: string) => {
-  try {
-    await trpc().auth.login.mutate({ email, password });
-    return true;
-  } catch {
-    // TODO: Error Handling
-    return false;
-  }
+  const res = await callPostApi<LoginRequest>("/api/auth/login", { email, password });
+  return res.ok;
 };
--- a/src/routes/(fullscreen)/file/[id]/+page.svelte
+++ b/src/routes/(fullscreen)/file/[id]/+page.svelte
@@ -1,15 +1,18 @@
 <script lang="ts">
  import FileSaver from "file-saver";
  import { untrack } from "svelte";
+  import { get, type Writable } from "svelte/store";
  import { goto } from "$app/navigation";
-  import { page } from "$app/state";
  import { FullscreenDiv } from "$lib/components/atoms";
  import { Categories, IconEntryButton, TopBar } from "$lib/components/molecules";
-  import { getFileInfo, type MaybeFileInfo } from "$lib/modules/filesystem";
+  import {
+    getFileInfo,
+    getCategoryInfo,
+    type FileInfo,
+    type CategoryInfo,
+  } from "$lib/modules/filesystem";
  import { captureVideoThumbnail } from "$lib/modules/thumbnail";
-  import { getFileDownloadState } from "$lib/modules/file";
-  import { masterKeyStore } from "$lib/stores";
-  import { HybridPromise } from "$lib/utils";
+  import { fileDownloadStatusStore, isFileDownloading, masterKeyStore } from "$lib/stores";
  import AddToCategoryBottomSheet from "./AddToCategoryBottomSheet.svelte";
  import DownloadStatus from "./DownloadStatus.svelte";
  import {
@@ -18,45 +21,44 @@
    requestThumbnailUpload,
    requestFileAdditionToCategory,
  } from "./service";
-  import TopBarMenu from "./TopBarMenu.svelte";

-  import IconMoreVert from "~icons/material-symbols/more-vert";
  import IconCamera from "~icons/material-symbols/camera";
  import IconClose from "~icons/material-symbols/close";
  import IconAddCircle from "~icons/material-symbols/add-circle";

  let { data } = $props();

-  let info: MaybeFileInfo | undefined = $state();
-  let downloadState = $derived(getFileDownloadState(data.id));
+  let info: Writable<FileInfo | null> | undefined = $state();
+  let categories: Writable<CategoryInfo | null>[] = $state([]);

-  let isMenuOpen = $state(false);
  let isAddToCategoryBottomSheetOpen = $state(false);

+  let downloadStatus = $derived(
+    $fileDownloadStatusStore.find((statusStore) => {
+      const { id, status } = get(statusStore);
+      return id === data.id && isFileDownloading(status);
+    }),
+  );
+
  let isDownloadRequested = $state(false);
  let viewerType: "image" | "video" | undefined = $state();
-  let fileBlob: Blob | undefined = $state();
  let fileBlobUrl: string | undefined = $state();
  let videoElement: HTMLVideoElement | undefined = $state();

  const updateViewer = async (buffer: ArrayBuffer, contentType: string) => {
-    fileBlob = new Blob([buffer], { type: contentType });
-    fileBlobUrl = URL.createObjectURL(fileBlob);
+    const fileBlob = new Blob([buffer], { type: contentType });
+    if (contentType === "image/heic") {
+      const { default: heic2any } = await import("heic2any");
+      fileBlobUrl = URL.createObjectURL(
+        (await heic2any({ blob: fileBlob, toType: "image/jpeg" })) as Blob,
+      );
+    } else if (viewerType) {
+      fileBlobUrl = URL.createObjectURL(fileBlob);
+    }
+
    return fileBlob;
  };

-  const convertHeicToJpeg = async () => {
-    if (fileBlob?.type !== "image/heic") return;
-
-    URL.revokeObjectURL(fileBlobUrl!);
-    fileBlobUrl = undefined;
-
-    const { default: heic2any } = await import("heic2any");
-    fileBlobUrl = URL.createObjectURL(
-      (await heic2any({ blob: fileBlob, toType: "image/jpeg" })) as Blob,
-    );
-  };
-
  const updateThumbnail = async (dataKey: CryptoKey, dataKeyVersion: Date) => {
    const thumbnail = await captureVideoThumbnail(videoElement!);
    await requestThumbnailUpload(data.id, thumbnail, dataKey, dataKeyVersion);
@@ -65,27 +67,28 @@
  const addToCategory = async (categoryId: number) => {
    await requestFileAdditionToCategory(data.id, categoryId);
    isAddToCategoryBottomSheetOpen = false;
-    void getFileInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+    info = getFileInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
  };

  const removeFromCategory = async (categoryId: number) => {
    await requestFileRemovalFromCategory(data.id, categoryId);
-    void getFileInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+    info = getFileInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
  };

  $effect(() => {
-    HybridPromise.resolve(getFileInfo(data.id, $masterKeyStore?.get(1)?.key!)).then((result) => {
-      if (data.id === result.id) {
-        info = result;
-      }
-    });
+    info = getFileInfo(data.id, $masterKeyStore?.get(1)?.key!);
    isDownloadRequested = false;
    viewerType = undefined;
  });

  $effect(() => {
-    if (info?.dataKey) {
-      const contentType = info.contentType;
+    categories =
+      $info?.categoryIds.map((id) => getCategoryInfo(id, $masterKeyStore?.get(1)?.key!)) ?? [];
+  });
+
+  $effect(() => {
+    if ($info && $info.dataKey && $info.contentIv) {
+      const contentType = $info.contentType;
      if (contentType.startsWith("image")) {
        viewerType = "image";
      } else if (contentType.startsWith("video")) {
@@ -93,12 +96,12 @@
      }

      untrack(() => {
-        if (!downloadState && !isDownloadRequested) {
+        if (!downloadStatus && !isDownloadRequested) {
          isDownloadRequested = true;
-          requestFileDownload(data.id, info!.dataKey!.key, info!.isLegacy!).then(async (buffer) => {
+          requestFileDownload(data.id, $info.contentIv!, $info.dataKey!).then(async (buffer) => {
            const blob = await updateViewer(buffer, contentType);
            if (!viewerType) {
-              FileSaver.saveAs(blob, info!.name);
+              FileSaver.saveAs(blob, $info.name);
            }
          });
        }
@@ -107,9 +110,9 @@
  });

  $effect(() => {
-    if (info?.exists && downloadState?.status === "decrypted") {
+    if ($info && $downloadStatus?.status === "decrypted") {
      untrack(
-        () => !isDownloadRequested && updateViewer(downloadState.result!, info!.contentType!),
+        () => !isDownloadRequested && updateViewer($downloadStatus.result!, $info.contentType),
      );
    }
  });
@@ -121,32 +124,11 @@
  <title>파일</title>
 </svelte:head>

-<TopBar title={info?.name}>
-  <!-- svelte-ignore a11y_no_static_element_interactions -->
-  <!-- svelte-ignore a11y_click_events_have_key_events -->
-  <div onclick={(e) => e.stopPropagation()}>
-    <button
-      onclick={() => (isMenuOpen = !isMenuOpen)}
-      class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
-    >
-      <IconMoreVert class="text-2xl" />
-    </button>
-    <TopBarMenu
-      bind:isOpen={isMenuOpen}
-      directoryId={["category", "gallery"].includes(page.url.searchParams.get("from") ?? "")
-        ? info?.parentId
-        : undefined}
-      {fileBlob}
-      filename={info?.name}
-    />
-  </div>
-</TopBar>
+<TopBar title={$info?.name} />
 <FullscreenDiv>
  <div class="space-y-4 pb-4">
-    {#if downloadState}
-      <DownloadStatus state={downloadState} />
-    {/if}
-    {#if info && viewerType}
+    <DownloadStatus status={downloadStatus} />
+    {#if $info && viewerType}
      <div class="flex w-full justify-center">
        {#snippet viewerLoading(message: string)}
          <p class="text-gray-500">{message}</p>
@@ -154,17 +136,18 @@

        {#if viewerType === "image"}
          {#if fileBlobUrl}
-            <img src={fileBlobUrl} alt={info.name} onerror={convertHeicToJpeg} />
+            <img src={fileBlobUrl} alt={$info.name} />
          {:else}
            {@render viewerLoading("이미지를 불러오고 있어요.")}
          {/if}
        {:else if viewerType === "video"}
          {#if fileBlobUrl}
            <div class="flex flex-col space-y-2">
+              <!-- svelte-ignore a11y_media_has_caption -->
              <video bind:this={videoElement} src={fileBlobUrl} controls muted></video>
              <IconEntryButton
                icon={IconCamera}
-                onclick={() => updateThumbnail(info?.dataKey?.key!, info?.dataKey?.version!)}
+                onclick={() => updateThumbnail($info.dataKey!, $info.dataKeyVersion!)}
                class="w-full"
              >
                이 장면을 썸네일로 설정하기
@@ -180,7 +163,7 @@
      <p class="text-lg font-bold">카테고리</p>
      <div class="space-y-1">
        <Categories
-          categories={info?.categories ?? []}
+          {categories}
          categoryMenuIcon={IconClose}
          onCategoryClick={({ id }) => goto(`/category/${id}`)}
          onCategoryMenuClick={({ id }) => removeFromCategory(id)}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
static	0cd55a413d	Merge pull request #12 from kmc7468/dev v0.5.0	2025-07-12 06:01:08 +09:00
static	361d966a59	Merge pull request #10 from kmc7468/dev v0.4.0	2025-01-30 21:06:50 +09:00
static	aef43b8bfa	Merge pull request #6 from kmc7468/dev v0.3.0	2025-01-18 13:29:09 +09:00
static	7f128cccf6	Merge pull request #5 from kmc7468/dev v0.2.0	2025-01-13 03:53:14 +09:00
static	a198e5f6dc	Merge pull request #2 from kmc7468/dev v0.1.0	2025-01-09 06:24:31 +09:00