Merge pull request #6 from kmc7468/dev

v0.3.0
Merge pull request #5 from kmc7468/dev
2026-02-04 08:06:56 +00:00 · 2025-01-18 13:29:09 +09:00 · 2025-01-13 03:53:14 +09:00 · 2025-01-09 06:24:31 +09:00
260 changed files with 9229 additions and 9820 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,5 @@
 .git
 node_modules
 /Makefile
 # Output
 .output
@@ -11,15 +10,13 @@ node_modules
 /build
 /data
 /library
 /thumbnails
 # OS
 .DS_Store
 Thumbs.db
-# Editors
+# VSCode
 /.vscode
 /.idea
 # Env
 .env
@@ -30,3 +27,6 @@ Thumbs.db
 # Vite
 vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
 # SQLite
 *.db
--- a/.env.example
+++ b/.env.example
@@ -1,14 +1,9 @@
 # Required environment variables
 DATABASE_PASSWORD=
 SESSION_SECRET=
 # Optional environment variables
-DATABASE_HOST=
+DATABASE_URL=
 DATABASE_PORT=
 DATABASE_USER=
 DATABASE_NAME=
 SESSION_EXPIRES=
 USER_CLIENT_CHALLENGE_EXPIRES=
 SESSION_UPGRADE_CHALLENGE_EXPIRES=
 LIBRARY_PATH=
 THUMBNAILS_PATH=
--- a/.gitignore
+++ b/.gitignore
@@ -9,15 +9,13 @@ node_modules
 /build
 /data
 /library
 /thumbnails
 # OS
 .DS_Store
 Thumbs.db
-# Editors
+# VSCode
 /.vscode
 /.idea
 # Env
 .env
@@ -28,3 +26,6 @@ Thumbs.db
 # Vite
 vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
 # SQLite
 *.db
--- a/.prettierignore
+++ b/.prettierignore
@@ -3,5 +3,8 @@ package-lock.json
 pnpm-lock.yaml
 yarn.lock
 # Output
 /drizzle
 # Documents
 *.md
--- a/11
+++ b/11
@@ -2,7 +2,7 @@
 FROM node:22-alpine AS base
 WORKDIR /app
-RUN npm install -g pnpm@10
+RUN npm install -g pnpm@9
 COPY pnpm-lock.yaml .
 # Build Stage
@@ -10,9 +10,10 @@ FROM base AS build
 RUN pnpm fetch
 COPY . .
-RUN pnpm install --offline && \
+RUN pnpm install --offline
-    pnpm build && \
+RUN pnpm build
-    sed -i "s/http\.createServer()/http.createServer({ requestTimeout: 0 })/g" ./build/index.js
+
 RUN sed -i "s/http\.createServer()/http.createServer({ requestTimeout: 0 })/g" ./build/index.js
 # Deploy Stage
 FROM base
@@ -22,7 +23,9 @@ COPY package.json .
 RUN pnpm install --offline --prod
 COPY --from=build /app/build ./build
 COPY drizzle ./drizzle
 EXPOSE 3000
 ENV BODY_SIZE_LIMIT=Infinity
 CMD ["node", "./build/index.js"]
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ vim .env # 아래를 참고하여 환경 변수를 설정해 주세요.
 docker compose up --build -d
 ```
-모든 데이터는 `./data` 디렉터리에 아래에 저장될 거예요.
+모든 데이터는 `./data` 디렉터리에 저장될 거예요.
 ### Environment Variables
@@ -31,8 +31,7 @@ docker compose up --build -d
 |이름|필수|기본값|설명|
 |:-|:-:|:-:|:-|
-|`DATABASE_PASSWORD`|Y||데이터베이스에 접근하기 위해 필요한 비밀번호예요. 안전한 값으로 설정해 주세요.|
+|`SESSION_SECRET`|Y||Session ID의 서명을 위해 사용돼요. 안전한 값으로 설정해 주세요.|
 |`SESSION_SECRET`|Y||Session ID의 서명에 사용되는 비밀번호예요. 안전한 값으로 설정해 주세요.|
 |`SESSION_EXPIRES`||`14d`|Session의 유효 시간이에요. Session은 마지막으로 사용된 후 설정된 유효 시간이 지나면 자동으로 삭제돼요.|
 |`USER_CLIENT_CHALLENGE_EXPIRES`||`5m`|암호 키를 서버에 처음 등록할 때 사용되는 챌린지의 유효 시간이에요.|
 |`SESSION_UPGRADE_CHALLENGE_EXPIRES`||`5m`|암호 키와 함께 로그인할 때 사용되는 챌린지의 유효 시간이에요.|
--- a/docker-compose.dev.yaml
+++ b/docker-compose.dev.yaml
@@ -1,15 +0,0 @@
 services:
  database:
    image: postgres:17
    restart: always
    volumes:
      - database:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=${DATABASE_USER:-}
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD:?} # Required
      - POSTGRES_DB=${DATABASE_NAME:-}
    ports:
      - ${DATABASE_PORT:-5432}:5432
 volumes:
  database:
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -2,42 +2,20 @@ services:
  server:
    build: .
    restart: unless-stopped
    depends_on:
      database:
        condition: service_healthy
    user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
    volumes:
-      - ./data/library:/app/data/library
+      - ./data:/app/data
      - ./data/thumbnails:/app/data/thumbnails
    environment:
      # ArkVault
-      - DATABASE_HOST=database
+      - DATABASE_URL=/app/data/database.sqlite
      - DATABASE_USER=arkvault
      - DATABASE_PASSWORD=${DATABASE_PASSWORD:?} # Required
      - SESSION_SECRET=${SESSION_SECRET:?} # Required
      - SESSION_EXPIRES
      - USER_CLIENT_CHALLENGE_EXPIRES
      - SESSION_UPGRADE_CHALLENGE_EXPIRES
      - LIBRARY_PATH=/app/data/library
      - THUMBNAILS_PATH=/app/data/thumbnails
      # SvelteKit
      - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
      - XFF_DEPTH=${TRUST_PROXY:-}
      - NODE_ENV=${NODE_ENV:-production}
    ports:
      - ${PORT:-80}:3000
  database:
    image: postgres:17-alpine
    restart: unless-stopped
    user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
    volumes:
      - ./data/database:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=arkvault
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD:?}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER}"]
      interval: 5s
      timeout: 5s
      retries: 5
--- a/drizzle.config.ts
+++ b/drizzle.config.ts
@@ -0,0 +1,13 @@
 import { defineConfig } from "drizzle-kit";
 export default defineConfig({
  schema: "./src/lib/server/db/schema",
  dbCredentials: {
    url: process.env.DATABASE_URL || "local.db",
  },
  verbose: true,
  strict: true,
  dialect: "sqlite",
 });
--- a/drizzle/0000_unknown_stark_industries.sql
+++ b/drizzle/0000_unknown_stark_industries.sql
@@ -0,0 +1,175 @@
 CREATE TABLE `client` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`encryption_public_key` text NOT NULL,
 	`signature_public_key` text NOT NULL
 );
 --> statement-breakpoint
 CREATE TABLE `user_client` (
 	`user_id` integer NOT NULL,
 	`client_id` integer NOT NULL,
 	`state` text DEFAULT 'challenging' NOT NULL,
 	PRIMARY KEY(`client_id`, `user_id`),
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `user_client_challenge` (
 	`id` integer PRIMARY KEY NOT NULL,
 	`user_id` integer NOT NULL,
 	`client_id` integer NOT NULL,
 	`answer` text NOT NULL,
 	`allowed_ip` text NOT NULL,
 	`expires_at` integer NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`client_id`) REFERENCES `user_client`(`user_id`,`client_id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `directory` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`parent_id` integer,
 	`user_id` integer NOT NULL,
 	`master_encryption_key_version` integer NOT NULL,
 	`encrypted_data_encryption_key` text NOT NULL,
 	`data_encryption_key_version` integer NOT NULL,
 	`encrypted_name` text NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`parent_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `directory_log` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`directory_id` integer NOT NULL,
 	`timestamp` integer NOT NULL,
 	`action` text NOT NULL,
 	`new_name` text,
 	FOREIGN KEY (`directory_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE TABLE `file` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`parent_id` integer,
 	`user_id` integer NOT NULL,
 	`path` text NOT NULL,
 	`master_encryption_key_version` integer NOT NULL,
 	`encrypted_data_encryption_key` text NOT NULL,
 	`data_encryption_key_version` integer NOT NULL,
 	`hmac_secret_key_version` integer,
 	`content_hmac` text,
 	`content_type` text NOT NULL,
 	`encrypted_content_iv` text NOT NULL,
 	`encrypted_name` text NOT NULL,
 	FOREIGN KEY (`parent_id`) REFERENCES `directory`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`hmac_secret_key_version`) REFERENCES `hmac_secret_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `file_log` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`file_id` integer NOT NULL,
 	`timestamp` integer NOT NULL,
 	`action` text NOT NULL,
 	`new_name` text,
 	FOREIGN KEY (`file_id`) REFERENCES `file`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE TABLE `hmac_secret_key` (
 	`user_id` integer NOT NULL,
 	`version` integer NOT NULL,
 	`state` text NOT NULL,
 	`master_encryption_key_version` integer NOT NULL,
 	`encrypted_key` text NOT NULL,
 	PRIMARY KEY(`user_id`, `version`),
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `hmac_secret_key_log` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
 	`hmac_secret_key_version` integer NOT NULL,
 	`timestamp` integer NOT NULL,
 	`action` text NOT NULL,
 	`action_by` integer,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`action_by`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`hmac_secret_key_version`) REFERENCES `hmac_secret_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `client_master_encryption_key` (
 	`user_id` integer NOT NULL,
 	`client_id` integer NOT NULL,
 	`version` integer NOT NULL,
 	`encrypted_key` text NOT NULL,
 	`encrypted_key_signature` text NOT NULL,
 	PRIMARY KEY(`client_id`, `user_id`, `version`),
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `master_encryption_key` (
 	`user_id` integer NOT NULL,
 	`version` integer NOT NULL,
 	`state` text NOT NULL,
 	`retired_at` integer,
 	PRIMARY KEY(`user_id`, `version`),
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `master_encryption_key_log` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
 	`master_encryption_key_version` integer NOT NULL,
 	`timestamp` integer NOT NULL,
 	`action` text NOT NULL,
 	`action_by` integer,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`action_by`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`user_id`,`master_encryption_key_version`) REFERENCES `master_encryption_key`(`user_id`,`version`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `session` (
 	`id` text PRIMARY KEY NOT NULL,
 	`user_id` integer NOT NULL,
 	`client_id` integer,
 	`created_at` integer NOT NULL,
 	`last_used_at` integer NOT NULL,
 	`last_used_by_ip` text,
 	`last_used_by_user_agent` text,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `session_upgrade_challenge` (
 	`id` integer PRIMARY KEY NOT NULL,
 	`session_id` text NOT NULL,
 	`client_id` integer NOT NULL,
 	`answer` text NOT NULL,
 	`allowed_ip` text NOT NULL,
 	`expires_at` integer NOT NULL,
 	FOREIGN KEY (`session_id`) REFERENCES `session`(`id`) ON UPDATE no action ON DELETE no action,
 	FOREIGN KEY (`client_id`) REFERENCES `client`(`id`) ON UPDATE no action ON DELETE no action
 );
 --> statement-breakpoint
 CREATE TABLE `user` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`email` text NOT NULL,
 	`password` text NOT NULL,
 	`nickname` text NOT NULL
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `client_encryption_public_key_unique` ON `client` (`encryption_public_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `client_signature_public_key_unique` ON `client` (`signature_public_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `client_encryption_public_key_signature_public_key_unique` ON `client` (`encryption_public_key`,`signature_public_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `user_client_challenge_answer_unique` ON `user_client_challenge` (`answer`);--> statement-breakpoint
 CREATE UNIQUE INDEX `directory_encrypted_data_encryption_key_unique` ON `directory` (`encrypted_data_encryption_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `file_path_unique` ON `file` (`path`);--> statement-breakpoint
 CREATE UNIQUE INDEX `file_encrypted_data_encryption_key_unique` ON `file` (`encrypted_data_encryption_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `hmac_secret_key_encrypted_key_unique` ON `hmac_secret_key` (`encrypted_key`);--> statement-breakpoint
 CREATE UNIQUE INDEX `session_user_id_client_id_unique` ON `session` (`user_id`,`client_id`);--> statement-breakpoint
 CREATE UNIQUE INDEX `session_upgrade_challenge_session_id_unique` ON `session_upgrade_challenge` (`session_id`);--> statement-breakpoint
 CREATE UNIQUE INDEX `session_upgrade_challenge_answer_unique` ON `session_upgrade_challenge` (`answer`);--> statement-breakpoint
 CREATE UNIQUE INDEX `user_email_unique` ON `user` (`email`);
--- a/drizzle/0001_blushing_alice.sql
+++ b/drizzle/0001_blushing_alice.sql
@@ -0,0 +1,2 @@
 ALTER TABLE `file` ADD `encrypted_created_at` text;--> statement-breakpoint
 ALTER TABLE `file` ADD `encrypted_last_modified_at` text NOT NULL;
--- a/drizzle/meta/0000_snapshot.json
+++ b/drizzle/meta/0000_snapshot.json
--- a/drizzle/meta/0001_snapshot.json
+++ b/drizzle/meta/0001_snapshot.json
--- a/drizzle/meta/_journal.json
+++ b/drizzle/meta/_journal.json
@@ -0,0 +1,20 @@
 {
  "version": "7",
  "dialect": "sqlite",
  "entries": [
    {
      "idx": 0,
      "version": "6",
      "when": 1736704436996,
      "tag": "0000_unknown_stark_industries",
      "breakpoints": true
    },
    {
      "idx": 1,
      "version": "6",
      "when": 1736720831242,
      "tag": "0001_blushing_alice",
      "breakpoints": true
    }
  ]
 }
--- a/eslint.config.js
+++ b/eslint.config.js
@@ -1,24 +1,21 @@
 import { includeIgnoreFile } from "@eslint/compat";
 import js from "@eslint/js";
 import { defineConfig } from "eslint/config";
 import prettier from "eslint-config-prettier";
 import js from "@eslint/js";
 import { includeIgnoreFile } from "@eslint/compat";
 import svelte from "eslint-plugin-svelte";
 import tailwind from "eslint-plugin-tailwindcss";
 import globals from "globals";
 import { fileURLToPath } from "node:url";
 import ts from "typescript-eslint";
 import { fileURLToPath } from "url";
 import svelteConfig from "./svelte.config.js";
 const gitignorePath = fileURLToPath(new URL("./.gitignore", import.meta.url));
-export default defineConfig(
+export default ts.config(
  includeIgnoreFile(gitignorePath),
  js.configs.recommended,
  ...ts.configs.recommended,
-  ...svelte.configs.recommended,
+  ...svelte.configs["flat/recommended"],
  ...tailwind.configs["flat/recommended"],
  prettier,
-  ...svelte.configs.prettier,
+  ...svelte.configs["flat/prettier"],
  {
    languageOptions: {
      globals: {
@@ -26,18 +23,13 @@ export default defineConfig(
        ...globals.node,
      },
    },
    rules: {
      "no-undef": "off",
    },
  },
  {
-    files: ["**/*.svelte", "**/*.svelte.ts", "**/*.svelte.js"],
+    files: ["**/*.svelte"],
    languageOptions: {
      parserOptions: {
        projectService: true,
        extraFileExtensions: [".svelte"],
        parser: ts.parser,
        svelteConfig,
      },
    },
  },
--- a/kysely.config.ts
+++ b/kysely.config.ts
@@ -1,18 +0,0 @@
 import { defineConfig } from "kysely-ctl";
 import { Pool } from "pg";
 export default defineConfig({
  dialect: "pg",
  dialectConfig: {
    pool: new Pool({
      host: process.env.DATABASE_HOST,
      port: process.env.DATABASE_PORT ? parseInt(process.env.DATABASE_PORT) : undefined,
      user: process.env.DATABASE_USER,
      password: process.env.DATABASE_PASSWORD,
      database: process.env.DATABASE_NAME,
    }),
  },
  migrations: {
    migrationFolder: "./src/lib/server/db/migrations",
  },
 });
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "arkvault",
  "private": true,
-  "version": "0.7.0",
+  "version": "0.2.0",
  "type": "module",
  "scripts": {
    "dev": "vite dev",
@@ -11,63 +11,58 @@
    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
    "format": "prettier --write .",
    "lint": "prettier --check . && eslint .",
-    "db:up": "docker compose -f docker-compose.dev.yaml -p arkvault-dev up -d",
+    "db:push": "drizzle-kit push",
-    "db:down": "docker compose -f docker-compose.dev.yaml -p arkvault-dev down",
+    "db:generate": "drizzle-kit generate",
-    "db:migrate": "kysely migrate"
+    "db:migrate": "drizzle-kit migrate",
    "db:studio": "drizzle-kit studio"
  },
  "devDependencies": {
-    "@eslint/compat": "^2.0.0",
+    "@eslint/compat": "^1.2.4",
-    "@eslint/js": "^9.39.2",
+    "@iconify-json/material-symbols": "^1.2.12",
-    "@iconify-json/material-symbols": "^1.2.50",
+    "@sveltejs/adapter-node": "^5.2.11",
-    "@sveltejs/adapter-node": "^5.4.0",
+    "@sveltejs/kit": "^2.15.2",
-    "@sveltejs/kit": "^2.49.2",
+    "@sveltejs/vite-plugin-svelte": "^4.0.4",
-    "@sveltejs/vite-plugin-svelte": "^6.2.1",
+    "@types/better-sqlite3": "^7.6.12",
    "@tanstack/svelte-virtual": "^3.13.16",
    "@trpc/client": "^11.8.1",
    "@types/file-saver": "^2.0.7",
    "@types/ms": "^0.7.34",
-    "@types/node-schedule": "^2.1.8",
+    "@types/node-schedule": "^2.1.7",
-    "@types/pg": "^8.16.0",
+    "autoprefixer": "^10.4.20",
-    "autoprefixer": "^10.4.23",
+    "axios": "^1.7.9",
-    "axios": "^1.13.2",
+    "dexie": "^4.0.10",
-    "dexie": "^4.2.1",
+    "drizzle-kit": "^0.22.8",
-    "eslint": "^9.39.2",
+    "eslint": "^9.17.0",
-    "eslint-config-prettier": "^10.1.8",
+    "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-svelte": "^3.13.1",
+    "eslint-plugin-svelte": "^2.46.1",
-    "eslint-plugin-tailwindcss": "^3.18.2",
+    "eslint-plugin-tailwindcss": "^3.17.5",
-    "exifreader": "^4.33.1",
+    "exifreader": "^4.26.0",
    "file-saver": "^2.0.5",
-    "globals": "^16.5.0",
+    "globals": "^15.14.0",
    "heic2any": "^0.0.4",
-    "kysely-ctl": "^0.19.0",
+    "mime": "^4.0.6",
-    "lru-cache": "^11.2.4",
+    "p-limit": "^6.2.0",
-    "mime": "^4.1.0",
+    "prettier": "^3.4.2",
-    "p-limit": "^7.2.0",
+    "prettier-plugin-svelte": "^3.3.2",
-    "prettier": "^3.7.4",
+    "prettier-plugin-tailwindcss": "^0.6.9",
-    "prettier-plugin-svelte": "^3.4.1",
+    "svelte": "^5.17.1",
-    "prettier-plugin-tailwindcss": "^0.7.2",
+    "svelte-check": "^4.1.3",
-    "svelte": "^5.46.1",
+    "tailwindcss": "^3.4.17",
-    "svelte-check": "^4.3.5",
+    "typescript": "^5.7.3",
-    "tailwindcss": "^3.4.19",
+    "typescript-eslint": "^8.19.1",
-    "typescript": "^5.9.3",
+    "unplugin-icons": "^0.22.0",
-    "typescript-eslint": "^8.51.0",
+    "vite": "^5.4.11"
    "unplugin-icons": "^22.5.0",
    "vite": "^7.3.0"
  },
  "dependencies": {
-    "@fastify/busboy": "^3.2.0",
+    "@fastify/busboy": "^3.1.1",
-    "@trpc/server": "^11.8.1",
+    "argon2": "^0.41.1",
-    "argon2": "^0.44.0",
+    "better-sqlite3": "^11.7.2",
-    "kysely": "^0.28.9",
+    "drizzle-orm": "^0.33.0",
    "ms": "^2.1.3",
    "node-schedule": "^2.1.1",
-    "pg": "^8.16.3",
+    "uuid": "^11.0.4",
-    "superjson": "^2.2.6",
+    "zod": "^3.24.1"
    "uuid": "^13.0.0",
    "zod": "^4.3.5"
  },
  "engines": {
    "node": "^22.0.0",
-    "pnpm": "^10.0.0"
+    "pnpm": "^9.0.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/src/app.html
+++ b/src/app.html
@@ -1,5 +1,5 @@
 <!doctype html>
-<html lang="ko">
+<html lang="en">
  <head>
    <meta charset="utf-8" />
    <link rel="icon" href="%sveltekit.assets%/favicon.png" />
--- a/src/hooks.client.ts
+++ b/src/hooks.client.ts
@@ -4,15 +4,6 @@ import { prepareFileCache } from "$lib/modules/file";
 import { prepareOpfs } from "$lib/modules/opfs";
 import { clientKeyStore, masterKeyStore, hmacSecretStore } from "$lib/stores";
 const requestPersistentStorage = async () => {
  const isPersistent = await navigator.storage.persist();
  if (isPersistent) {
    console.log("[ArkVault] Persistent storage granted.");
  } else {
    console.warn("[ArkVault] Persistent storage not granted.");
  }
 };
 const prepareClientKeyStore = async () => {
  const [encryptKey, decryptKey, signKey, verifyKey] = await Promise.all([
    getClientKey("encrypt"),
@@ -41,7 +32,6 @@ const prepareHmacSecretStore = async () => {
 export const init: ClientInit = async () => {
  await Promise.all([
    requestPersistentStorage(),
    prepareFileCache(),
    prepareClientKeyStore(),
    prepareMasterKeyStore(),
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -2,15 +2,15 @@ import type { ServerInit } from "@sveltejs/kit";
 import { sequence } from "@sveltejs/kit/hooks";
 import schedule from "node-schedule";
 import { cleanupExpiredUserClientChallenges } from "$lib/server/db/client";
-import { migrateDB } from "$lib/server/db/kysely";
+import { migrateDB } from "$lib/server/db/drizzle";
 import {
  cleanupExpiredSessions,
  cleanupExpiredSessionUpgradeChallenges,
 } from "$lib/server/db/session";
 import { authenticate, setAgentInfo } from "$lib/server/middlewares";
-export const init: ServerInit = async () => {
+export const init: ServerInit = () => {
-  await migrateDB();
+  migrateDB();
  schedule.scheduleJob("0 * * * *", () => {
    cleanupExpiredUserClientChallenges();
--- a/src/lib/components/BottomSheet.svelte
+++ b/src/lib/components/BottomSheet.svelte
@@ -0,0 +1,39 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import { fade, fly } from "svelte/transition";
  import { AdaptiveDiv } from "$lib/components/divs";
  interface Props {
    children: Snippet;
    onclose?: () => void;
    isOpen: boolean;
  }
  let { children, onclose, isOpen = $bindable() }: Props = $props();
  const closeBottomSheet = $derived(
    onclose ||
      (() => {
        isOpen = false;
      }),
  );
 </script>
 {#if isOpen}
  <!-- svelte-ignore a11y_click_events_have_key_events -->
  <!-- svelte-ignore a11y_no_static_element_interactions -->
  <div onclick={closeBottomSheet} class="fixed inset-0 z-10 flex items-end justify-center">
    <div class="absolute inset-0 bg-black bg-opacity-50" transition:fade={{ duration: 100 }}></div>
    <div class="z-20 w-full">
      <AdaptiveDiv>
        <div
          onclick={(e) => e.stopPropagation()}
          class="flex max-h-[70vh] min-h-[30vh] rounded-t-2xl bg-white px-4"
          transition:fly={{ y: 100, duration: 200 }}
        >
          {@render children?.()}
        </div>
      </AdaptiveDiv>
    </div>
  </div>
 {/if}
--- a/src/lib/components/Modal.svelte
+++ b/src/lib/components/Modal.svelte
@@ -0,0 +1,38 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import { fade } from "svelte/transition";
  import { AdaptiveDiv } from "$lib/components/divs";
  interface Props {
    children: Snippet;
    onclose?: () => void;
    isOpen: boolean;
  }
  let { children, onclose, isOpen = $bindable() }: Props = $props();
  const closeModal = $derived(
    onclose ||
      (() => {
        isOpen = false;
      }),
  );
 </script>
 {#if isOpen}
  <!-- svelte-ignore a11y_click_events_have_key_events -->
  <!-- svelte-ignore a11y_no_static_element_interactions -->
  <div
    onclick={closeModal}
    class="fixed inset-0 z-10 bg-black bg-opacity-50"
    transition:fade={{ duration: 100 }}
  >
    <AdaptiveDiv>
      <div class="flex h-full items-center justify-center px-4">
        <div onclick={(e) => e.stopPropagation()} class="rounded-2xl bg-white p-4">
          {@render children?.()}
        </div>
      </div>
    </AdaptiveDiv>
  </div>
 {/if}
--- a/src/lib/components/TopBar.svelte
+++ b/src/lib/components/TopBar.svelte
@@ -0,0 +1,31 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import IconArrowBack from "~icons/material-symbols/arrow-back";
  interface Props {
    children?: Snippet;
    onback?: () => void;
    title?: string;
  }
  let { children, onback, title }: Props = $props();
  const back = $derived(() => {
    setTimeout(onback || (() => history.back()), 100);
  });
 </script>
 <div class="sticky top-0 z-10 flex flex-shrink-0 items-center justify-between bg-white py-4">
  <button onclick={back} class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-gray-100">
    <IconArrowBack class="text-2xl" />
  </button>
  {#if title}
    <p class="flex-grow truncate px-2 text-center text-lg font-semibold">{title}</p>
  {/if}
  <div class="w-[2.3rem] flex-shrink-0">
    {#if children}
      {@render children?.()}
    {/if}
  </div>
 </div>
--- a/src/lib/components/atoms/BottomSheet.svelte
+++ b/src/lib/components/atoms/BottomSheet.svelte
@@ -1,40 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  import { fade, fly } from "svelte/transition";
  import { AdaptiveDiv } from "$lib/components/atoms";
  interface Props {
    children: Snippet;
    class?: ClassValue;
    isOpen: boolean;
    onclose?: () => void;
  }
  let { children, class: className, isOpen = $bindable(), onclose }: Props = $props();
 </script>
 {#if isOpen}
  <!-- svelte-ignore a11y_click_events_have_key_events -->
  <!-- svelte-ignore a11y_no_static_element_interactions -->
  <div
    onclick={onclose || (() => (isOpen = false))}
    class="fixed inset-0 z-10 flex items-end justify-center"
  >
    <div
      class="absolute inset-0 bg-black bg-opacity-50"
      transition:fade|global={{ duration: 100 }}
    ></div>
    <AdaptiveDiv class="z-10 w-full">
      <div
        onclick={(e) => e.stopPropagation()}
        class="flex max-h-[70vh] min-h-[30vh] flex-col rounded-t-2xl bg-white"
        transition:fly|global={{ y: 100, duration: 200 }}
      >
        <div class={["flex-grow overflow-y-auto", className]}>
          {@render children()}
        </div>
      </div>
    </AdaptiveDiv>
  </div>
 {/if}
--- a/src/lib/components/atoms/Modal.svelte
+++ b/src/lib/components/atoms/Modal.svelte
@@ -1,31 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  import { fade } from "svelte/transition";
  import { AdaptiveDiv } from "$lib/components/atoms";
  interface Props {
    children: Snippet;
    class?: ClassValue;
    isOpen: boolean;
    onclose?: () => void;
  }
  let { children, class: className, isOpen = $bindable(), onclose }: Props = $props();
 </script>
 {#if isOpen}
  <!-- svelte-ignore a11y_click_events_have_key_events -->
  <!-- svelte-ignore a11y_no_static_element_interactions -->
  <div
    onclick={onclose || (() => (isOpen = false))}
    class="fixed inset-0 z-10 bg-black bg-opacity-50"
    transition:fade|global={{ duration: 100 }}
  >
    <AdaptiveDiv class="flex h-full items-center justify-center px-4">
      <div onclick={(e) => e.stopPropagation()} class={["rounded-2xl bg-white p-4", className]}>
        {@render children()}
      </div>
    </AdaptiveDiv>
  </div>
 {/if}
--- a/src/lib/components/atoms/RowVirtualizer.svelte
+++ b/src/lib/components/atoms/RowVirtualizer.svelte
@@ -1,60 +0,0 @@
 <script lang="ts">
  import { createWindowVirtualizer } from "@tanstack/svelte-virtual";
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  interface Props {
    class?: ClassValue;
    count: number;
    item: Snippet<[index: number]>;
    itemHeight: (index: number) => number;
    itemGap?: number;
    placeholder?: Snippet;
  }
  let { class: className, count, item, itemHeight, itemGap, placeholder }: Props = $props();
  let element: HTMLElement | undefined = $state();
  let scrollMargin = $state(0);
  let virtualizer = $derived(
    createWindowVirtualizer({
      count,
      estimateSize: itemHeight,
      gap: itemGap,
      scrollMargin,
    }),
  );
  const measureItem = (node: HTMLElement) => {
    $effect(() => $virtualizer.measureElement(node));
  };
  $effect(() => {
    if (!element) return;
    const observer = new ResizeObserver(() => {
      scrollMargin = Math.round(element!.getBoundingClientRect().top + window.scrollY);
    });
    observer.observe(element.parentElement!);
    return () => observer.disconnect();
  });
 </script>
 <div bind:this={element} class={["relative", className]}>
  <div style:height="{$virtualizer.getTotalSize()}px">
    {#each $virtualizer.getVirtualItems() as virtualItem (virtualItem.key)}
      <div
        class="absolute left-0 top-0 w-full"
        style:transform="translateY({virtualItem.start - scrollMargin}px)"
        data-index={virtualItem.index}
        use:measureItem
      >
        {@render item(virtualItem.index)}
      </div>
    {/each}
  </div>
  {#if placeholder && count === 0}
    {@render placeholder()}
  {/if}
 </div>
--- a/src/lib/components/atoms/buttons/ActionEntryButton.svelte
+++ b/src/lib/components/atoms/buttons/ActionEntryButton.svelte
@@ -1,59 +0,0 @@
 <script lang="ts">
  import type { Component, Snippet } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
  interface Props {
    actionButtonClass?: ClassValue;
    actionButtonIcon?: Component<SvelteHTMLElements["svg"]>;
    children: Snippet;
    class?: ClassValue;
    onActionButtonClick?: () => void;
    onclick?: () => void;
  }
  let {
    actionButtonIcon: ActionButtonIcon,
    actionButtonClass: actionButtonClassName,
    children,
    class: className,
    onActionButtonClick,
    onclick,
  }: Props = $props();
 </script>
 <!-- svelte-ignore a11y_no_static_element_interactions -->
 <!-- svelte-ignore a11y_click_events_have_key_events -->
 <div
  id="container"
  onclick={onclick && (() => setTimeout(onclick, 100))}
  class={["rounded-xl", className]}
 >
  <div id="children" class="flex h-full items-center gap-x-4 p-2 transition">
    <div class="flex-grow overflow-x-hidden">
      {@render children()}
    </div>
    {#if ActionButtonIcon}
      <button
        id="action-button"
        onclick={(e) => {
          e.stopPropagation();
          if (onActionButtonClick) {
            setTimeout(onActionButtonClick, 100);
          }
        }}
        class={["flex-shrink-0 rounded-full p-1 text-lg active:bg-gray-100", actionButtonClassName]}
      >
        <ActionButtonIcon />
      </button>
    {/if}
  </div>
 </div>
 <style>
  #container:active:not(:has(#action-button:active)) {
    @apply bg-gray-100;
  }
  #children:active:not(:has(#action-button:active)) {
    @apply scale-95;
  }
 </style>
--- a/src/lib/components/atoms/buttons/Button.svelte
+++ b/src/lib/components/atoms/buttons/Button.svelte
@@ -1,38 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  interface Props {
    children: Snippet;
    class?: ClassValue;
    color?: "primary" | "gray";
    onclick?: () => void;
  }
  let { children, class: className, color = "primary", onclick }: Props = $props();
  let bgColor = $derived(
    {
      primary: "bg-primary-600 active:bg-primary-500",
      gray: "bg-gray-300 active:bg-gray-400",
    }[color],
  );
  let textColor = $derived(
    {
      primary: "text-white",
      gray: "text-gray-800",
    }[color],
  );
 </script>
 <button
  onclick={onclick && (() => setTimeout(onclick, 100))}
  class={[
    "h-12 min-w-fit rounded-xl p-3 font-medium transition active:scale-95",
    bgColor,
    textColor,
    className,
  ]}
 >
  {@render children()}
 </button>
--- a/src/lib/components/atoms/buttons/EntryButton.svelte
+++ b/src/lib/components/atoms/buttons/EntryButton.svelte
@@ -1,26 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  import IconChevronRight from "~icons/material-symbols/chevron-right";
  interface Props {
    children: Snippet;
    class?: ClassValue;
    onclick?: () => void;
  }
  let { children, class: className, onclick }: Props = $props();
 </script>
 <button
  onclick={onclick && (() => setTimeout(onclick, 100))}
  class={["rounded-xl active:bg-gray-100", className]}
 >
  <div class="flex h-full items-center gap-x-4 p-2 transition active:scale-95">
    <div class="flex-grow">
      {@render children()}
    </div>
    <IconChevronRight class="flex-shrink-0 text-xl text-gray-800" />
  </div>
 </button>
--- a/src/lib/components/atoms/buttons/FileThumbnailButton.svelte
+++ b/src/lib/components/atoms/buttons/FileThumbnailButton.svelte
@@ -1,24 +0,0 @@
 <script lang="ts">
  import { getFileThumbnail } from "$lib/modules/file";
  import type { SummarizedFileInfo } from "$lib/modules/filesystem";
  interface Props {
    info: SummarizedFileInfo;
    onclick?: (file: SummarizedFileInfo) => void;
  }
  let { info, onclick }: Props = $props();
  let thumbnail = $derived(getFileThumbnail(info));
 </script>
 <button
  onclick={onclick && (() => setTimeout(() => onclick(info), 100))}
  class="aspect-square overflow-hidden rounded transition active:scale-95 active:brightness-90"
 >
  {#if $thumbnail}
    <img src={$thumbnail} alt={info.name} class="h-full w-full object-cover" />
  {:else}
    <div class="h-full w-full bg-gray-100"></div>
  {/if}
 </button>
--- a/src/lib/components/atoms/buttons/FloatingButton.svelte
+++ b/src/lib/components/atoms/buttons/FloatingButton.svelte
@@ -1,27 +0,0 @@
 <script lang="ts">
  import type { Component } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
  import { AdaptiveDiv } from "$lib/components/atoms";
  interface Props {
    class: ClassValue;
    icon: Component<SvelteHTMLElements["svg"]>;
    onclick?: () => void;
  }
  let { class: className, icon: Icon, onclick }: Props = $props();
 </script>
 <div class="pointer-events-none fixed inset-0">
  <AdaptiveDiv class="relative h-full">
    <button
      onclick={onclick && (() => setTimeout(onclick, 100))}
      class={[
        "pointer-events-auto absolute flex h-14 w-14 items-center justify-center rounded-full bg-gray-300 text-xl shadow-lg transition active:scale-95 active:bg-gray-400",
        className,
      ]}
    >
      <Icon />
    </button>
  </AdaptiveDiv>
 </div>
--- a/src/lib/components/atoms/divs/AdaptiveDiv.svelte
+++ b/src/lib/components/atoms/divs/AdaptiveDiv.svelte
@@ -1,15 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  interface Props {
    children: Snippet;
    class?: ClassValue;
  }
  let { children, class: className }: Props = $props();
 </script>
 <div class={["mx-auto max-w-screen-md", className]}>
  {@render children()}
 </div>
--- a/src/lib/components/atoms/divs/BottomDiv.svelte
+++ b/src/lib/components/atoms/divs/BottomDiv.svelte
@@ -1,15 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  interface Props {
    children: Snippet;
    class?: ClassValue;
  }
  let { children, class: className }: Props = $props();
 </script>
 <div class={["sticky bottom-0 bg-white pb-4", className]}>
  {@render children()}
 </div>
--- a/src/lib/components/atoms/divs/FullscreenDiv.svelte
+++ b/src/lib/components/atoms/divs/FullscreenDiv.svelte
@@ -1,15 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  interface Props {
    children: Snippet;
    class?: ClassValue;
  }
  let { children, class: className }: Props = $props();
 </script>
 <div class={["flex flex-grow flex-col justify-between px-4", className]}>
  {@render children()}
 </div>
--- a/src/lib/components/atoms/index.ts
+++ b/src/lib/components/atoms/index.ts
@@ -1,6 +0,0 @@
 export { default as BottomSheet } from "./BottomSheet.svelte";
 export * from "./buttons";
 export * from "./divs";
 export * from "./inputs";
 export { default as Modal } from "./Modal.svelte";
 export { default as RowVirtualizer } from "./RowVirtualizer.svelte";
--- a/src/lib/components/atoms/inputs/CheckBox.svelte
+++ b/src/lib/components/atoms/inputs/CheckBox.svelte
@@ -1,23 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import IconCheckCircle from "~icons/material-symbols/check-circle";
  import IconCheckCircleOutline from "~icons/material-symbols/check-circle-outline";
  interface Props {
    checked?: boolean;
    children: Snippet;
  }
  let { checked = $bindable(false), children }: Props = $props();
 </script>
 <label class="flex items-center gap-x-1">
  <input bind:checked type="checkbox" class="hidden" />
  {@render children()}
  {#if checked}
    <IconCheckCircle class="text-primary-600" />
  {:else}
    <IconCheckCircleOutline class="text-gray-300" />
  {/if}
 </label>
--- a/src/lib/components/atoms/inputs/TextInput.svelte
+++ b/src/lib/components/atoms/inputs/TextInput.svelte
@@ -1,40 +0,0 @@
 <script lang="ts">
  import type { ClassValue } from "svelte/elements";
  interface Props {
    class?: ClassValue;
    placeholder: string;
    type?: "text" | "password";
    value?: string;
  }
  let { class: className, placeholder, type = "text", value = $bindable("") }: Props = $props();
 </script>
 <div class={className}>
  <div class="relative mt-5">
    <input
      bind:value
      {type}
      placeholder=""
      class="w-full border-b-2 border-gray-300 py-1 text-xl outline-none transition duration-300 ease-in-out"
    />
    <!-- svelte-ignore a11y_label_has_associated_control -->
    <label
      class="pointer-events-none absolute left-0 top-1/2 -translate-y-1/2 transform text-xl text-gray-400 transition-all duration-300 ease-in-out"
    >
      {placeholder}
    </label>
  </div>
 </div>
 <style>
  input:focus,
  input:not(:placeholder-shown) {
    @apply border-primary-300;
  }
  input:focus + label,
  input:not(:placeholder-shown) + label {
    @apply top-0 -translate-y-full text-sm text-primary-400;
  }
 </style>
--- a/src/lib/components/buttons/Button.svelte
+++ b/src/lib/components/buttons/Button.svelte
@@ -0,0 +1,37 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  interface Props {
    children: Snippet;
    color?: "primary" | "gray";
    onclick?: () => void;
  }
  let { children, color = "primary", onclick }: Props = $props();
  const bgColorStyle = $derived(
    {
      primary: "bg-primary-600 active:bg-primary-500",
      gray: "bg-gray-300 active:bg-gray-400",
    }[color],
  );
  const fontColorStyle = $derived(
    {
      primary: "text-white",
      gray: "text-gray-800",
    }[color],
  );
 </script>
 <button
  onclick={() => {
    setTimeout(() => {
      onclick?.();
    }, 100);
  }}
  class="{bgColorStyle} {fontColorStyle} h-12 w-full min-w-fit rounded-xl font-medium"
 >
  <div class="h-full w-full p-3 transition active:scale-95">
    {@render children?.()}
  </div>
 </button>
--- a/src/lib/components/buttons/EntryButton.svelte
+++ b/src/lib/components/buttons/EntryButton.svelte
@@ -0,0 +1,30 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import IconChevronRight from "~icons/material-symbols/chevron-right";
  interface Props {
    children: Snippet;
    onclick?: () => void;
  }
  let { children, onclick }: Props = $props();
 </script>
 <button
  onclick={() => {
    setTimeout(() => {
      onclick?.();
    }, 100);
  }}
  class="w-full rounded-xl active:bg-gray-100"
 >
  <div class="flex w-full justify-between p-2 transition active:scale-95">
    <div>
      {@render children?.()}
    </div>
    <div class="flex items-center justify-center">
      <IconChevronRight class="text-xl text-gray-800" />
    </div>
  </div>
 </button>
--- a/src/lib/components/buttons/FloatingButton.svelte
+++ b/src/lib/components/buttons/FloatingButton.svelte
@@ -0,0 +1,36 @@
 <script lang="ts">
  import type { Component } from "svelte";
  import type { SvelteHTMLElements } from "svelte/elements";
  import { AdaptiveDiv } from "$lib/components/divs";
  interface Props {
    icon: Component<SvelteHTMLElements["svg"]>;
    offset?: string;
    onclick?: () => void;
  }
  let { icon: Icon, offset = "bottom-20", onclick }: Props = $props();
  const click = () => {
    setTimeout(() => {
      onclick?.();
    }, 100);
  };
 </script>
 <div class="pointer-events-none fixed inset-0">
  <div class="absolute w-full {offset}">
    <AdaptiveDiv>
      <div class="relative">
        <div class="absolute bottom-4 right-4">
          <button
            onclick={click}
            class="pointer-events-auto flex h-14 w-14 items-center justify-center rounded-full bg-gray-300 shadow-lg transition active:scale-95 active:bg-gray-400"
          >
            <Icon class="text-xl" />
          </button>
        </div>
      </div>
    </AdaptiveDiv>
  </div>
 </div>
--- a/src/lib/components/atoms/buttons/TextButton.svelte
+++ b/src/lib/components/atoms/buttons/TextButton.svelte
@@ -10,10 +10,14 @@
 </script>
 <button
-  onclick={onclick && (() => setTimeout(onclick, 100))}
+  onclick={() => {
    setTimeout(() => {
      onclick?.();
    }, 100);
  }}
  class="text-sm font-medium text-gray-800 underline underline-offset-2 active:rounded-xl active:bg-gray-100"
 >
-  <div class="h-full p-1 transition active:scale-95">
+  <div class="h-full w-full p-1 transition active:scale-95">
-    {@render children()}
+    {@render children?.()}
  </div>
 </button>
--- a/src/lib/components/atoms/buttons/index.ts
+++ b/src/lib/components/atoms/buttons/index.ts
@@ -1,6 +1,4 @@
 export { default as ActionEntryButton } from "./ActionEntryButton.svelte";
 export { default as Button } from "./Button.svelte";
 export { default as EntryButton } from "./EntryButton.svelte";
 export { default as FileThumbnailButton } from "./FileThumbnailButton.svelte";
 export { default as FloatingButton } from "./FloatingButton.svelte";
 export { default as TextButton } from "./TextButton.svelte";
--- a/src/lib/components/divs/AdaptiveDiv.svelte
+++ b/src/lib/components/divs/AdaptiveDiv.svelte
@@ -0,0 +1,7 @@
 <script lang="ts">
  let { children } = $props();
 </script>
 <div class="mx-auto h-full w-full max-w-screen-md">
  {@render children?.()}
 </div>
--- a/src/lib/components/divs/BottomDiv.svelte
+++ b/src/lib/components/divs/BottomDiv.svelte
@@ -0,0 +1,7 @@
 <script lang="ts">
  let { children } = $props();
 </script>
 <div class="sticky bottom-0 flex flex-col items-center gap-y-2 bg-white pb-4">
  {@render children?.()}
 </div>
--- a/src/lib/components/divs/TitleDiv.svelte
+++ b/src/lib/components/divs/TitleDiv.svelte
@@ -0,0 +1,21 @@
 <script lang="ts">
  import type { Component, Snippet } from "svelte";
  import type { SvelteHTMLElements } from "svelte/elements";
  interface Props {
    children: Snippet;
    icon?: Component<SvelteHTMLElements["svg"]>;
    topPadding?: boolean;
  }
  let { topPadding = true, children, icon: Icon }: Props = $props();
 </script>
 <div>
  <div class="box-content flex min-h-[10vh] items-center {topPadding ? 'pt-4' : ''}">
    {#if Icon}
      <Icon class="text-5xl text-gray-600" />
    {/if}
  </div>
  {@render children?.()}
 </div>
--- a/src/lib/components/atoms/divs/index.ts
+++ b/src/lib/components/atoms/divs/index.ts
@@ -1,3 +1,3 @@
 export { default as AdaptiveDiv } from "./AdaptiveDiv.svelte";
 export { default as BottomDiv } from "./BottomDiv.svelte";
-export { default as FullscreenDiv } from "./FullscreenDiv.svelte";
+export { default as TitleDiv } from "./TitleDiv.svelte";
--- a/src/lib/components/index.ts
+++ b/src/lib/components/index.ts
@@ -0,0 +1,3 @@
 export { default as BottomSheet } from "./BottomSheet.svelte";
 export { default as Modal } from "./Modal.svelte";
 export { default as TopBar } from "./TopBar.svelte";
--- a/src/lib/components/inputs/TextInput.svelte
+++ b/src/lib/components/inputs/TextInput.svelte
@@ -0,0 +1,35 @@
 <script lang="ts">
  interface Props {
    placeholder: string;
    type?: "text" | "password";
    value?: string;
  }
  let { placeholder, type = "text", value = $bindable("") }: Props = $props();
 </script>
 <div class="relative mt-5">
  <input
    bind:value
    {type}
    placeholder=""
    class="w-full border-b-2 border-gray-300 py-1 text-xl outline-none transition duration-300 ease-in-out"
  />
  <!-- svelte-ignore a11y_label_has_associated_control -->
  <label
    class="absolute left-0 top-1/2 -translate-y-1/2 transform text-xl text-gray-400 transition-all duration-300 ease-in-out"
  >
    {placeholder}
  </label>
 </div>
 <style>
  input:focus,
  input:not(:placeholder-shown) {
    @apply border-primary-300;
  }
  input:focus + label,
  input:not(:placeholder-shown) + label {
    @apply top-0 -translate-y-full text-sm text-primary-400;
  }
 </style>
--- a/src/lib/components/atoms/inputs/index.ts
+++ b/src/lib/components/atoms/inputs/index.ts
@@ -1,2 +1 @@
 export { default as CheckBox } from "./CheckBox.svelte";
 export { default as TextInput } from "./TextInput.svelte";
--- a/src/lib/components/molecules/ActionModal.svelte
+++ b/src/lib/components/molecules/ActionModal.svelte
@@ -1,57 +0,0 @@
 <script module lang="ts">
  export type ConfirmHandler = () => void | Promise<void> | boolean | Promise<boolean>;
 </script>
 <script lang="ts">
  import type { Snippet } from "svelte";
  import { Button, Modal } from "$lib/components/atoms";
  interface Props {
    cancelText?: string;
    children: Snippet;
    confirmText: string;
    isOpen: boolean;
    onbeforeclose?: () => void;
    oncancel?: () => void;
    onConfirmClick: ConfirmHandler;
    title: string;
  }
  let {
    cancelText = "닫기",
    children,
    confirmText,
    isOpen = $bindable(),
    onbeforeclose,
    oncancel,
    onConfirmClick,
    title,
  }: Props = $props();
  const closeModal = () => {
    onbeforeclose?.();
    isOpen = false;
  };
  const cancelAction = () => {
    oncancel?.();
    closeModal();
  };
  const confirmAction = async () => {
    if ((await onConfirmClick()) !== false) {
      closeModal();
    }
  };
 </script>
 <Modal bind:isOpen onclose={cancelAction} class="space-y-4">
  <div class="flex flex-col gap-y-2 break-keep">
    <p class="text-xl font-bold">{title}</p>
    {@render children()}
  </div>
  <div class="flex gap-x-2">
    <Button color="gray" onclick={cancelAction} class="flex-1">{cancelText}</Button>
    <Button onclick={confirmAction} class="flex-1">{confirmText}</Button>
  </div>
 </Modal>
--- a/src/lib/components/molecules/Categories.svelte
+++ b/src/lib/components/molecules/Categories.svelte
@@ -1,44 +0,0 @@
 <script module lang="ts">
  import type { DataKey } from "$lib/modules/filesystem";
  export interface SelectedCategory {
    id: number;
    dataKey?: DataKey;
    name: string;
  }
 </script>
 <script lang="ts">
  import type { Component } from "svelte";
  import type { SvelteHTMLElements } from "svelte/elements";
  import { ActionEntryButton } from "$lib/components/atoms";
  import { CategoryLabel } from "$lib/components/molecules";
  import type { SubCategoryInfo } from "$lib/modules/filesystem";
  import { sortEntries } from "$lib/utils";
  interface Props {
    categories: SubCategoryInfo[];
    categoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
    onCategoryClick: (category: SelectedCategory) => void;
    onCategoryMenuClick?: (category: SelectedCategory) => void;
  }
  let { categories, categoryMenuIcon, onCategoryClick, onCategoryMenuClick }: Props = $props();
  let categoriesWithName = $derived(sortEntries([...categories]));
 </script>
 {#if categoriesWithName.length > 0}
  <div class="space-y-1">
    {#each categoriesWithName as category (category.id)}
      <ActionEntryButton
        class="h-12"
        onclick={() => onCategoryClick(category)}
        actionButtonIcon={categoryMenuIcon}
        onActionButtonClick={() => onCategoryMenuClick?.(category)}
      >
        <CategoryLabel name={category.name} />
      </ActionEntryButton>
    {/each}
  </div>
 {/if}
--- a/src/lib/components/molecules/IconEntryButton.svelte
+++ b/src/lib/components/molecules/IconEntryButton.svelte
@@ -1,30 +0,0 @@
 <script lang="ts">
  import type { Component, Snippet } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
  import { EntryButton } from "$lib/components/atoms";
  import { IconLabel } from "$lib/components/molecules";
  interface Props {
    children: Snippet;
    class?: ClassValue;
    icon: Component<SvelteHTMLElements["svg"]>;
    iconClass?: ClassValue;
    onclick?: () => void;
    textClass?: ClassValue;
  }
  let {
    children,
    class: className,
    icon,
    iconClass: iconClassName,
    onclick,
    textClass: textClassName,
  }: Props = $props();
 </script>
 <EntryButton {onclick} class={className}>
  <IconLabel {icon} class="h-full" iconClass={iconClassName} textClass={textClassName}>
    {@render children()}
  </IconLabel>
 </EntryButton>
--- a/src/lib/components/molecules/SubCategories.svelte
+++ b/src/lib/components/molecules/SubCategories.svelte
@@ -1,55 +0,0 @@
 <script lang="ts">
  import type { Component } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
  import { Categories, IconEntryButton, type SelectedCategory } from "$lib/components/molecules";
  import type { CategoryInfo } from "$lib/modules/filesystem";
  import IconAddCircle from "~icons/material-symbols/add-circle";
  interface Props {
    class?: ClassValue;
    info: CategoryInfo;
    onSubCategoryClick: (subCategory: SelectedCategory) => void;
    onSubCategoryCreateClick: () => void;
    onSubCategoryMenuClick?: (category: SelectedCategory) => void;
    subCategoryCreatePosition?: "top" | "bottom";
    subCategoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
  }
  let {
    class: className,
    info,
    onSubCategoryClick,
    onSubCategoryCreateClick,
    onSubCategoryMenuClick,
    subCategoryCreatePosition = "bottom",
    subCategoryMenuIcon,
  }: Props = $props();
 </script>
 <div class={["space-y-1", className]}>
  {#snippet subCategoryCreate()}
    <IconEntryButton
      icon={IconAddCircle}
      onclick={onSubCategoryCreateClick}
      class="h-12 w-full"
      iconClass="text-gray-600"
      textClass="text-gray-700"
    >
      카테고리 추가하기
    </IconEntryButton>
  {/snippet}
  {#if subCategoryCreatePosition === "top"}
    {@render subCategoryCreate()}
  {/if}
  <Categories
    categories={info.subCategories}
    categoryMenuIcon={subCategoryMenuIcon}
    onCategoryClick={onSubCategoryClick}
    onCategoryMenuClick={onSubCategoryMenuClick}
  />
  {#if subCategoryCreatePosition === "bottom"}
    {@render subCategoryCreate()}
  {/if}
 </div>
--- a/src/lib/components/molecules/TitledDiv.svelte
+++ b/src/lib/components/molecules/TitledDiv.svelte
@@ -1,43 +0,0 @@
 <script lang="ts">
  import type { Component, Snippet } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
  import { TitleLabel } from "$lib/components/molecules";
  interface Props {
    children?: Snippet;
    childrenClass?: ClassValue;
    class?: ClassValue;
    description?: Snippet;
    icon?: Component<SvelteHTMLElements["svg"]>;
    title: Snippet;
    titleClass?: ClassValue;
  }
  let {
    children,
    childrenClass: childrenClassName,
    class: className,
    description,
    icon,
    title,
    titleClass: titleClassName,
  }: Props = $props();
 </script>
 <div class={["space-y-4 py-4", className]}>
  <div class="space-y-2 break-keep">
    <TitleLabel {icon} textClass={titleClassName}>
      {@render title()}
    </TitleLabel>
    {#if description}
      <p>
        {@render description()}
      </p>
    {/if}
  </div>
  {#if children}
    <div class={childrenClassName}>
      {@render children()}
    </div>
  {/if}
 </div>
--- a/src/lib/components/molecules/TopBar.svelte
+++ b/src/lib/components/molecules/TopBar.svelte
@@ -1,37 +0,0 @@
 <script lang="ts">
  import type { Snippet } from "svelte";
  import type { ClassValue } from "svelte/elements";
  import IconArrowBack from "~icons/material-symbols/arrow-back";
  interface Props {
    children?: Snippet;
    class?: ClassValue;
    onBackClick?: () => void;
    title?: string;
  }
  let { children, class: className, onBackClick, title }: Props = $props();
 </script>
 <div
  class={[
    "sticky top-0 z-10 flex items-center justify-between gap-x-2 px-2 py-3 backdrop-blur-2xl",
    className,
  ]}
 >
  <button
    onclick={onBackClick || (() => history.back())}
    class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
  >
    <IconArrowBack class="text-2xl" />
  </button>
  {#if title}
    <p class="flex-grow truncate text-center text-lg font-semibold">{title}</p>
  {/if}
  <div class="w-[2.3rem] flex-shrink-0">
    {#if children}
      {@render children()}
    {/if}
  </div>
 </div>
--- a/src/lib/components/molecules/index.ts
+++ b/src/lib/components/molecules/index.ts
@@ -1,9 +0,0 @@
 export * from "./ActionModal.svelte";
 export { default as ActionModal } from "./ActionModal.svelte";
 export * from "./Categories.svelte";
 export { default as Categories } from "./Categories.svelte";
 export { default as IconEntryButton } from "./IconEntryButton.svelte";
 export * from "./labels";
 export { default as SubCategories } from "./SubCategories.svelte";
 export { default as TitledDiv } from "./TitledDiv.svelte";
 export { default as TopBar } from "./TopBar.svelte";
--- a/src/lib/components/molecules/labels/CategoryLabel.svelte
+++ b/src/lib/components/molecules/labels/CategoryLabel.svelte
@@ -1,28 +0,0 @@
 <script lang="ts">
  import type { ClassValue } from "svelte/elements";
  import { IconLabel } from "$lib/components/molecules";
  import IconCategory from "~icons/material-symbols/category";
  interface Props {
    class?: ClassValue;
    name: string;
    subtext?: string;
    textClass?: ClassValue;
  }
  let { class: className, name, subtext, textClass: textClassName }: Props = $props();
 </script>
 {#snippet subtextSnippet()}
  {subtext}
 {/snippet}
 <IconLabel
  icon={IconCategory}
  subtext={subtext ? subtextSnippet : undefined}
  class={className}
  textClass={textClassName}
 >
  {name}
 </IconLabel>
--- a/src/lib/components/molecules/labels/DirectoryEntryLabel.svelte
+++ b/src/lib/components/molecules/labels/DirectoryEntryLabel.svelte
@@ -1,53 +0,0 @@
 <script lang="ts">
  import type { ClassValue } from "svelte/elements";
  import { IconLabel } from "$lib/components/molecules";
  import IconFolder from "~icons/material-symbols/folder";
  import IconDriveFolderUpload from "~icons/material-symbols/drive-folder-upload";
  import IconDraft from "~icons/material-symbols/draft";
  interface Props {
    class?: ClassValue;
    name: string;
    subtext?: string;
    textClass?: ClassValue;
    thumbnail?: string;
    type: "directory" | "parent-directory" | "file";
  }
  let {
    class: className,
    name,
    subtext,
    textClass: textClassName,
    thumbnail,
    type,
  }: Props = $props();
 </script>
 {#snippet iconSnippet()}
  <div class="flex h-10 w-10 items-center justify-center text-xl">
    {#if thumbnail}
      <img src={thumbnail} alt={name} loading="lazy" class="aspect-square rounded object-cover" />
    {:else if type === "directory"}
      <IconFolder />
    {:else if type === "parent-directory"}
      <IconDriveFolderUpload class="text-yellow-500" />
    {:else}
      <IconDraft class="text-blue-400" />
    {/if}
  </div>
 {/snippet}
 {#snippet subtextSnippet()}
  {subtext}
 {/snippet}
 <IconLabel
  {iconSnippet}
  subtext={subtext ? subtextSnippet : undefined}
  class={className}
  textClass={textClassName}
 >
  {name}
 </IconLabel>
--- a/src/lib/components/molecules/labels/IconLabel.svelte
+++ b/src/lib/components/molecules/labels/IconLabel.svelte
@@ -1,46 +0,0 @@
 <script lang="ts">
  import type { Component, Snippet } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
  interface Props {
    children: Snippet;
    class?: ClassValue;
    icon?: Component<SvelteHTMLElements["svg"]>;
    iconClass?: ClassValue;
    iconSnippet?: Snippet;
    subtext?: Snippet;
    textClass?: ClassValue;
  }
  let {
    children,
    class: className,
    icon: Icon,
    iconClass: iconClassName,
    iconSnippet,
    subtext,
    textClass: textClassName,
  }: Props = $props();
 </script>
 <div class={["flex items-center gap-x-4", className]}>
  {#if iconSnippet}
    <div class={["flex-shrink-0", iconClassName]}>
      {@render iconSnippet()}
    </div>
  {:else if Icon}
    <div class={["flex-shrink-0 text-lg", iconClassName]}>
      <Icon />
    </div>
  {/if}
  <div class="flex flex-grow flex-col overflow-x-hidden text-left">
    <p class={["truncate font-medium", textClassName]}>
      {@render children()}
    </p>
    {#if subtext}
      <p class="truncate text-xs text-gray-800">
        {@render subtext()}
      </p>
    {/if}
  </div>
 </div>
--- a/src/lib/components/molecules/labels/TitleLabel.svelte
+++ b/src/lib/components/molecules/labels/TitleLabel.svelte
@@ -1,24 +0,0 @@
 <script lang="ts">
  import type { Component, Snippet } from "svelte";
  import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
  interface Props {
    children: Snippet;
    class?: ClassValue;
    icon?: Component<SvelteHTMLElements["svg"]>;
    textClass?: ClassValue;
  }
  let { children, class: className, icon: Icon, textClass: textClassName }: Props = $props();
 </script>
 <div class={className}>
  <div class="flex min-h-[10vh] items-center">
    {#if Icon}
      <Icon class="text-5xl text-gray-600" />
    {/if}
  </div>
  <p class={["text-3xl font-bold", textClassName]}>
    {@render children()}
  </p>
 </div>
--- a/src/lib/components/molecules/labels/index.ts
+++ b/src/lib/components/molecules/labels/index.ts
@@ -1,4 +0,0 @@
 export { default as CategoryLabel } from "./CategoryLabel.svelte";
 export { default as DirectoryEntryLabel } from "./DirectoryEntryLabel.svelte";
 export { default as IconLabel } from "./IconLabel.svelte";
 export { default as TitleLabel } from "./TitleLabel.svelte";
--- a/src/lib/components/organisms/index.ts
+++ b/src/lib/components/organisms/index.ts
@@ -1 +0,0 @@
 export * from "./modals";
--- a/src/lib/components/organisms/modals/CategoryCreateModal.svelte
+++ b/src/lib/components/organisms/modals/CategoryCreateModal.svelte
@@ -1,18 +0,0 @@
 <script lang="ts">
  import { TextInputModal } from "$lib/components/organisms";
  interface Props {
    isOpen: boolean;
    onCreateClick: (name: string) => Promise<boolean>;
  }
  let { isOpen = $bindable(), onCreateClick }: Props = $props();
 </script>
 <TextInputModal
  bind:isOpen
  title="새 카테고리"
  placeholder="카테고리 이름"
  submitText="만들기"
  onSubmitClick={onCreateClick}
 />
--- a/src/lib/components/organisms/modals/ForceLoginModal.svelte
+++ b/src/lib/components/organisms/modals/ForceLoginModal.svelte
@@ -1,22 +0,0 @@
 <script lang="ts">
  import { ActionModal } from "$lib/components/molecules";
  interface Props {
    isOpen: boolean;
    oncancel?: () => void;
    onLoginClick: () => void;
  }
  let { isOpen = $bindable(), oncancel, onLoginClick }: Props = $props();
 </script>
 <ActionModal
  bind:isOpen
  title="다른 디바이스에 이미 로그인되어 있어요."
  cancelText="아니요"
  {oncancel}
  confirmText="네"
  onConfirmClick={onLoginClick}
 >
  <p>다른 디바이스에서는 로그아웃하고, 이 디바이스에서 로그인할까요?</p>
 </ActionModal>
--- a/src/lib/components/organisms/modals/RenameModal.svelte
+++ b/src/lib/components/organisms/modals/RenameModal.svelte
@@ -1,22 +0,0 @@
 <script lang="ts">
  import { TextInputModal } from "$lib/components/organisms";
  interface Props {
    isOpen: boolean;
    onbeforeclose?: () => void;
    onRenameClick: (newName: string) => Promise<boolean>;
    originalName: string | undefined;
  }
  let { isOpen = $bindable(), onbeforeclose, onRenameClick, originalName }: Props = $props();
 </script>
 <TextInputModal
  bind:isOpen
  {onbeforeclose}
  title="이름 바꾸기"
  placeholder="이름"
  defaultValue={originalName}
  submitText="바꾸기"
  onSubmitClick={onRenameClick}
 />
--- a/src/lib/components/organisms/modals/TextInputModal.svelte
+++ b/src/lib/components/organisms/modals/TextInputModal.svelte
@@ -1,42 +0,0 @@
 <script lang="ts">
  import { TextInput } from "$lib/components/atoms";
  import { ActionModal, type ConfirmHandler } from "$lib/components/molecules";
  interface Props {
    defaultValue?: string;
    isOpen: boolean;
    onbeforeclose?: () => void;
    onSubmitClick: (value: string) => ReturnType<ConfirmHandler>;
    placeholder: string;
    submitText: string;
    title: string;
  }
  let {
    defaultValue = "",
    isOpen = $bindable(),
    onbeforeclose,
    onSubmitClick,
    placeholder,
    submitText,
    title,
  }: Props = $props();
  let value = $state("");
  $effect.pre(() => {
    if (isOpen) {
      value = defaultValue;
    }
  });
 </script>
 <ActionModal
  bind:isOpen
  {onbeforeclose}
  {title}
  confirmText={submitText}
  onConfirmClick={() => onSubmitClick(value)}
 >
  <TextInput bind:value {placeholder} class="mb-3" />
 </ActionModal>
--- a/src/lib/components/organisms/modals/index.ts
+++ b/src/lib/components/organisms/modals/index.ts
@@ -1,4 +0,0 @@
 export { default as CategoryCreateModal } from "./CategoryCreateModal.svelte";
 export { default as ForceLoginModal } from "./ForceLoginModal.svelte";
 export { default as RenameModal } from "./RenameModal.svelte";
 export { default as TextInputModal } from "./TextInputModal.svelte";
--- a/src/lib/hooks/callApi.ts
+++ b/src/lib/hooks/callApi.ts
@@ -0,0 +1,11 @@
 export const callGetApi = async (input: RequestInfo, fetchInternal = fetch) => {
  return await fetchInternal(input);
 };
 export const callPostApi = async <T>(input: RequestInfo, payload?: T, fetchInternal = fetch) => {
  return await fetchInternal(input, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: payload ? JSON.stringify(payload) : undefined,
  });
 };
--- a/src/lib/hooks/gotoStateful.ts
+++ b/src/lib/hooks/gotoStateful.ts
--- a/src/lib/hooks/index.ts
+++ b/src/lib/hooks/index.ts
@@ -0,0 +1,2 @@
 export * from "./callApi";
 export * from "./gotoStateful";
--- a/src/lib/indexedDB/filesystem.ts
+++ b/src/lib/indexedDB/filesystem.ts
@@ -1,5 +1,7 @@
 import { Dexie, type EntityTable } from "dexie";
 export type DirectoryId = "root" | number;
 interface DirectoryInfo {
  id: number;
  parentId: DirectoryId;
@@ -13,38 +15,17 @@ interface FileInfo {
  contentType: string;
  createdAt?: Date;
  lastModifiedAt: Date;
  categoryIds?: number[];
 }
 interface CategoryInfo {
  id: number;
  parentId: CategoryId;
  name: string;
  files?: { id: number; isRecursive: boolean }[];
  isFileRecursive?: boolean;
 }
 const filesystem = new Dexie("filesystem") as Dexie & {
  directory: EntityTable<DirectoryInfo, "id">;
  file: EntityTable<FileInfo, "id">;
  category: EntityTable<CategoryInfo, "id">;
 };
-filesystem
+filesystem.version(1).stores({
-  .version(3)
+  directory: "id, parentId",
-  .stores({
+  file: "id, parentId",
-    directory: "id, parentId",
+});
    file: "id, parentId",
    category: "id, parentId",
  })
  .upgrade(async (trx) => {
    await trx
      .table("category")
      .toCollection()
      .modify((category) => {
        category.isFileRecursive = false;
      });
  });
 export const getDirectoryInfos = async (parentId: DirectoryId) => {
  return await filesystem.directory.where({ parentId }).toArray();
@@ -55,27 +36,13 @@ export const getDirectoryInfo = async (id: number) => {
 };
 export const storeDirectoryInfo = async (directoryInfo: DirectoryInfo) => {
-  await filesystem.directory.upsert(directoryInfo.id, { ...directoryInfo });
+  await filesystem.directory.put(directoryInfo);
 };
 export const deleteDirectoryInfo = async (id: number) => {
  await filesystem.directory.delete(id);
 };
 export const deleteDanglingDirectoryInfos = async (
  parentId: DirectoryId,
  validIds: Set<number>,
 ) => {
  await filesystem.directory
    .where({ parentId })
    .and((directory) => !validIds.has(directory.id))
    .delete();
 };
 export const getAllFileInfos = async () => {
  return await filesystem.file.toArray();
 };
 export const getFileInfos = async (parentId: DirectoryId) => {
  return await filesystem.file.where({ parentId }).toArray();
 };
@@ -84,63 +51,21 @@ export const getFileInfo = async (id: number) => {
  return await filesystem.file.get(id);
 };
 export const bulkGetFileInfos = async (ids: number[]) => {
  return await filesystem.file.bulkGet(ids);
 };
 export const storeFileInfo = async (fileInfo: FileInfo) => {
-  await filesystem.file.upsert(fileInfo.id, { ...fileInfo });
+  await filesystem.file.put(fileInfo);
 };
 export const deleteFileInfo = async (id: number) => {
  await filesystem.file.delete(id);
 };
 export const bulkDeleteFileInfos = async (ids: number[]) => {
  await filesystem.file.bulkDelete(ids);
 };
 export const deleteDanglingFileInfos = async (parentId: DirectoryId, validIds: Set<number>) => {
  await filesystem.file
    .where({ parentId })
    .and((file) => !validIds.has(file.id))
    .delete();
 };
 export const getCategoryInfos = async (parentId: CategoryId) => {
  return await filesystem.category.where({ parentId }).toArray();
 };
 export const getCategoryInfo = async (id: number) => {
  return await filesystem.category.get(id);
 };
 export const storeCategoryInfo = async (categoryInfo: CategoryInfo) => {
  await filesystem.category.upsert(categoryInfo.id, { ...categoryInfo });
 };
 export const updateCategoryInfo = async (id: number, changes: { isFileRecursive?: boolean }) => {
  await filesystem.category.update(id, changes);
 };
 export const deleteCategoryInfo = async (id: number) => {
  await filesystem.category.delete(id);
 };
 export const deleteDanglingCategoryInfos = async (parentId: CategoryId, validIds: Set<number>) => {
  await filesystem.category
    .where({ parentId })
    .and((category) => !validIds.has(category.id))
    .delete();
 };
 export const cleanupDanglingInfos = async () => {
  const validDirectoryIds: number[] = [];
  const validFileIds: number[] = [];
-  const directoryQueue: DirectoryId[] = ["root"];
+  const queue: DirectoryId[] = ["root"];
  while (true) {
-    const directoryId = directoryQueue.shift();
+    const directoryId = queue.shift();
    if (!directoryId) break;
    const [subDirectories, files] = await Promise.all([
@@ -149,28 +74,13 @@ export const cleanupDanglingInfos = async () => {
    ]);
    subDirectories.forEach(({ id }) => {
      validDirectoryIds.push(id);
-      directoryQueue.push(id);
+      queue.push(id);
    });
    files.forEach(({ id }) => validFileIds.push(id));
  }
  const validCategoryIds: number[] = [];
  const categoryQueue: CategoryId[] = ["root"];
  while (true) {
    const categoryId = categoryQueue.shift();
    if (!categoryId) break;
    const subCategories = await filesystem.category.where({ parentId: categoryId }).toArray();
    subCategories.forEach(({ id }) => {
      validCategoryIds.push(id);
      categoryQueue.push(id);
    });
  }
  await Promise.all([
    filesystem.directory.where("id").noneOf(validDirectoryIds).delete(),
    filesystem.file.where("id").noneOf(validFileIds).delete(),
    filesystem.category.where("id").noneOf(validCategoryIds).delete(),
  ]);
 };
--- a/src/lib/modules/crypto/rsa.ts
+++ b/src/lib/modules/crypto/rsa.ts
@@ -46,56 +46,6 @@ export const exportRSAKeyToBase64 = async (key: CryptoKey) => {
  return encodeToBase64((await exportRSAKey(key)).key);
 };
 export const importEncryptionKeyPairFromBase64 = async (
  encryptKeyBase64: string,
  decryptKeyBase64: string,
 ) => {
  const algorithm: RsaHashedImportParams = {
    name: "RSA-OAEP",
    hash: "SHA-256",
  };
  const encryptKey = await window.crypto.subtle.importKey(
    "spki",
    decodeFromBase64(encryptKeyBase64),
    algorithm,
    true,
    ["encrypt", "wrapKey"],
  );
  const decryptKey = await window.crypto.subtle.importKey(
    "pkcs8",
    decodeFromBase64(decryptKeyBase64),
    algorithm,
    true,
    ["decrypt", "unwrapKey"],
  );
  return { encryptKey, decryptKey };
 };
 export const importSigningKeyPairFromBase64 = async (
  signKeyBase64: string,
  verifyKeyBase64: string,
 ) => {
  const algorithm: RsaHashedImportParams = {
    name: "RSA-PSS",
    hash: "SHA-256",
  };
  const signKey = await window.crypto.subtle.importKey(
    "pkcs8",
    decodeFromBase64(signKeyBase64),
    algorithm,
    true,
    ["sign"],
  );
  const verifyKey = await window.crypto.subtle.importKey(
    "spki",
    decodeFromBase64(verifyKeyBase64),
    algorithm,
    true,
    ["verify"],
  );
  return { signKey, verifyKey };
 };
 export const makeRSAKeyNonextractable = async (key: CryptoKey) => {
  const { key: exportedKey, format } = await exportRSAKey(key);
  return await window.crypto.subtle.importKey(
--- a/src/lib/modules/file/download.svelte.ts
+++ b/src/lib/modules/file/download.svelte.ts
@@ -1,95 +0,0 @@
 import axios from "axios";
 import { limitFunction } from "p-limit";
 import { decryptData } from "$lib/modules/crypto";
 export interface FileDownloadState {
  id: number;
  status:
    | "download-pending"
    | "downloading"
    | "decryption-pending"
    | "decrypting"
    | "decrypted"
    | "canceled"
    | "error";
  progress?: number;
  rate?: number;
  estimated?: number;
  result?: ArrayBuffer;
 }
 type LiveFileDownloadState = FileDownloadState & {
  status: "download-pending" | "downloading" | "decryption-pending" | "decrypting";
 };
 let downloadingFiles: FileDownloadState[] = $state([]);
 export const isFileDownloading = (
  status: FileDownloadState["status"],
 ): status is LiveFileDownloadState["status"] =>
  ["download-pending", "downloading", "decryption-pending", "decrypting"].includes(status);
 export const getFileDownloadState = (fileId: number) => {
  return downloadingFiles.find((file) => file.id === fileId && isFileDownloading(file.status));
 };
 export const getDownloadingFiles = () => {
  return downloadingFiles.filter((file) => isFileDownloading(file.status));
 };
 export const clearDownloadedFiles = () => {
  downloadingFiles = downloadingFiles.filter((file) => isFileDownloading(file.status));
 };
 const requestFileDownload = limitFunction(
  async (state: FileDownloadState, id: number) => {
    state.status = "downloading";
    const res = await axios.get(`/api/file/${id}/download`, {
      responseType: "arraybuffer",
      onDownloadProgress: ({ progress, rate, estimated }) => {
        state.progress = progress;
        state.rate = rate;
        state.estimated = estimated;
      },
    });
    const fileEncrypted: ArrayBuffer = res.data;
    state.status = "decryption-pending";
    return fileEncrypted;
  },
  { concurrency: 1 },
 );
 const decryptFile = limitFunction(
  async (
    state: FileDownloadState,
    fileEncrypted: ArrayBuffer,
    fileEncryptedIv: string,
    dataKey: CryptoKey,
  ) => {
    state.status = "decrypting";
    const fileBuffer = await decryptData(fileEncrypted, fileEncryptedIv, dataKey);
    state.status = "decrypted";
    state.result = fileBuffer;
    return fileBuffer;
  },
  { concurrency: 4 },
 );
 export const downloadFile = async (id: number, fileEncryptedIv: string, dataKey: CryptoKey) => {
  downloadingFiles.push({
    id,
    status: "download-pending",
  });
  const state = downloadingFiles.at(-1)!;
  try {
    return await decryptFile(state, await requestFileDownload(state, id), fileEncryptedIv, dataKey);
  } catch (e) {
    state.status = "error";
    throw e;
  }
 };
--- a/src/lib/modules/file/download.ts
+++ b/src/lib/modules/file/download.ts
@@ -0,0 +1,84 @@
 import axios from "axios";
 import { limitFunction } from "p-limit";
 import { writable, type Writable } from "svelte/store";
 import { decryptData } from "$lib/modules/crypto";
 import { fileDownloadStatusStore, type FileDownloadStatus } from "$lib/stores";
 const requestFileDownload = limitFunction(
  async (status: Writable<FileDownloadStatus>, id: number) => {
    status.update((value) => {
      value.status = "downloading";
      return value;
    });
    const res = await axios.get(`/api/file/${id}/download`, {
      responseType: "arraybuffer",
      onDownloadProgress: ({ progress, rate, estimated }) => {
        status.update((value) => {
          value.progress = progress;
          value.rate = rate;
          value.estimated = estimated;
          return value;
        });
      },
    });
    const fileEncrypted: ArrayBuffer = res.data;
    status.update((value) => {
      value.status = "decryption-pending";
      return value;
    });
    return fileEncrypted;
  },
  { concurrency: 1 },
 );
 const decryptFile = limitFunction(
  async (
    status: Writable<FileDownloadStatus>,
    fileEncrypted: ArrayBuffer,
    fileEncryptedIv: string,
    dataKey: CryptoKey,
  ) => {
    status.update((value) => {
      value.status = "decrypting";
      return value;
    });
    const fileBuffer = await decryptData(fileEncrypted, fileEncryptedIv, dataKey);
    status.update((value) => {
      value.status = "decrypted";
      value.result = fileBuffer;
      return value;
    });
    return fileBuffer;
  },
  { concurrency: 4 },
 );
 export const downloadFile = async (id: number, fileEncryptedIv: string, dataKey: CryptoKey) => {
  const status = writable<FileDownloadStatus>({
    id,
    status: "download-pending",
  });
  fileDownloadStatusStore.update((value) => {
    value.push(status);
    return value;
  });
  try {
    return await decryptFile(
      status,
      await requestFileDownload(status, id),
      fileEncryptedIv,
      dataKey,
    );
  } catch (e) {
    status.update((value) => {
      value.status = "error";
      return value;
    });
    throw e;
  }
 };
--- a/src/lib/modules/file/index.ts
+++ b/src/lib/modules/file/index.ts
@@ -1,4 +1,3 @@
 export * from "./cache";
-export * from "./download.svelte";
+export * from "./download";
-export * from "./thumbnail";
+export * from "./upload";
 export * from "./upload.svelte";
--- a/src/lib/modules/file/thumbnail.ts
+++ b/src/lib/modules/file/thumbnail.ts
@@ -1,90 +0,0 @@
 import { LRUCache } from "lru-cache";
 import { writable, type Writable } from "svelte/store";
 import { browser } from "$app/environment";
 import { decryptData } from "$lib/modules/crypto";
 import type { SummarizedFileInfo } from "$lib/modules/filesystem";
 import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
 import { getThumbnailUrl } from "$lib/modules/thumbnail";
 import { isTRPCClientError, trpc } from "$trpc/client";
 const loadedThumbnails = new LRUCache<number, Writable<string>>({ max: 100 });
 const loadingThumbnails = new Map<number, Writable<string | undefined>>();
 const fetchFromOpfs = async (fileId: number) => {
  const thumbnailBuffer = await readFile(`/thumbnail/file/${fileId}`);
  if (thumbnailBuffer) {
    return getThumbnailUrl(thumbnailBuffer);
  }
 };
 const fetchFromServer = async (fileId: number, dataKey: CryptoKey) => {
  try {
    const [thumbnailEncrypted, { contentIv: thumbnailEncryptedIv }] = await Promise.all([
      fetch(`/api/file/${fileId}/thumbnail/download`),
      trpc().file.thumbnail.query({ id: fileId }),
    ]);
    const thumbnailBuffer = await decryptData(
      await thumbnailEncrypted.arrayBuffer(),
      thumbnailEncryptedIv,
      dataKey,
    );
    void writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
    return getThumbnailUrl(thumbnailBuffer);
  } catch (e) {
    if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
      return null;
    }
    throw e;
  }
 };
 export const getFileThumbnail = (file: SummarizedFileInfo) => {
  if (
    !browser ||
    !(file.contentType.startsWith("image/") || file.contentType.startsWith("video/"))
  ) {
    return undefined;
  }
  const thumbnail = loadedThumbnails.get(file.id);
  if (thumbnail) return thumbnail;
  let loadingThumbnail = loadingThumbnails.get(file.id);
  if (loadingThumbnail) return loadingThumbnail;
  loadingThumbnail = writable(undefined);
  loadingThumbnails.set(file.id, loadingThumbnail);
  fetchFromOpfs(file.id)
    .then((thumbnail) => thumbnail ?? (file.dataKey && fetchFromServer(file.id, file.dataKey.key)))
    .then((thumbnail) => {
      if (thumbnail) {
        loadingThumbnail.set(thumbnail);
        loadedThumbnails.set(file.id, loadingThumbnail as Writable<string>);
      }
      loadingThumbnails.delete(file.id);
    });
  return loadingThumbnail;
 };
 export const storeFileThumbnailCache = async (fileId: number, thumbnailBuffer: ArrayBuffer) => {
  await writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
  const oldThumbnail = loadedThumbnails.get(fileId);
  if (oldThumbnail) {
    oldThumbnail.set(getThumbnailUrl(thumbnailBuffer));
  } else {
    loadedThumbnails.set(fileId, writable(getThumbnailUrl(thumbnailBuffer)));
  }
 };
 export const deleteFileThumbnailCache = async (fileId: number) => {
  loadedThumbnails.delete(fileId);
  await deleteFile(`/thumbnail/file/${fileId}`);
 };
 export const deleteAllFileThumbnailCaches = async () => {
  loadedThumbnails.clear();
  await deleteDirectory(`/thumbnail/file`);
 };
--- a/src/lib/modules/file/upload.svelte.ts
+++ b/src/lib/modules/file/upload.svelte.ts
@@ -1,269 +0,0 @@
 import axios from "axios";
 import ExifReader from "exifreader";
 import { limitFunction } from "p-limit";
 import {
  encodeToBase64,
  generateDataKey,
  wrapDataKey,
  encryptData,
  encryptString,
  digestMessage,
  signMessageHmac,
 } from "$lib/modules/crypto";
 import { Scheduler } from "$lib/modules/scheduler";
 import { generateThumbnail } from "$lib/modules/thumbnail";
 import type {
  FileThumbnailUploadRequest,
  FileUploadRequest,
  FileUploadResponse,
 } from "$lib/server/schemas";
 import type { MasterKey, HmacSecret } from "$lib/stores";
 import { trpc } from "$trpc/client";
 export interface FileUploadState {
  name: string;
  parentId: DirectoryId;
  status:
    | "queued"
    | "encryption-pending"
    | "encrypting"
    | "upload-pending"
    | "uploading"
    | "uploaded"
    | "canceled"
    | "error";
  progress?: number;
  rate?: number;
  estimated?: number;
 }
 export type LiveFileUploadState = FileUploadState & {
  status: "queued" | "encryption-pending" | "encrypting" | "upload-pending" | "uploading";
 };
 const scheduler = new Scheduler<
  { fileId: number; fileBuffer: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined
 >();
 let uploadingFiles: FileUploadState[] = $state([]);
 const isFileUploading = (status: FileUploadState["status"]) =>
  ["queued", "encryption-pending", "encrypting", "upload-pending", "uploading"].includes(status);
 export const getUploadingFiles = (parentId?: DirectoryId) => {
  return uploadingFiles.filter(
    (file) =>
      (parentId === undefined || file.parentId === parentId) && isFileUploading(file.status),
  );
 };
 export const clearUploadedFiles = () => {
  uploadingFiles = uploadingFiles.filter((file) => isFileUploading(file.status));
 };
 const requestDuplicateFileScan = limitFunction(
  async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => {
    const fileBuffer = await file.arrayBuffer();
    const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret));
    const files = await trpc().file.listByHash.query({
      hskVersion: hmacSecret.version,
      contentHmac: fileSigned,
    });
    if (files.length === 0 || (await onDuplicate())) {
      return { fileBuffer, fileSigned };
    } else {
      return {};
    }
  },
  { concurrency: 1 },
 );
 const getFileType = (file: File) => {
  if (file.type) return file.type;
  if (file.name.endsWith(".heic")) return "image/heic";
  throw new Error("Unknown file type");
 };
 const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
  const exif = ExifReader.load(fileBuffer);
  const dateTimeOriginal = exif["DateTimeOriginal"]?.description;
  const offsetTimeOriginal = exif["OffsetTimeOriginal"]?.description;
  if (!dateTimeOriginal) return undefined;
  const [date, time] = dateTimeOriginal.split(" ");
  if (!date || !time) return undefined;
  const [year, month, day] = date.split(":").map(Number);
  const [hour, minute, second] = time.split(":").map(Number);
  if (!year || !month || !day || !hour || !minute || !second) return undefined;
  if (!offsetTimeOriginal) {
    // No timezone information.. Assume local timezone
    return new Date(year, month - 1, day, hour, minute, second);
  }
  const offsetSign = offsetTimeOriginal[0] === "+" ? 1 : -1;
  const [offsetHour, offsetMinute] = offsetTimeOriginal.slice(1).split(":").map(Number);
  const utcDate = Date.UTC(year, month - 1, day, hour, minute, second);
  const offsetMs = offsetSign * ((offsetHour ?? 0) * 60 + (offsetMinute ?? 0)) * 60 * 1000;
  return new Date(utcDate - offsetMs);
 };
 const encryptFile = limitFunction(
  async (state: FileUploadState, file: File, fileBuffer: ArrayBuffer, masterKey: MasterKey) => {
    state.status = "encrypting";
    const fileType = getFileType(file);
    let createdAt;
    if (fileType.startsWith("image/")) {
      createdAt = extractExifDateTime(fileBuffer);
    }
    const { dataKey, dataKeyVersion } = await generateDataKey();
    const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
    const fileEncrypted = await encryptData(fileBuffer, dataKey);
    const fileEncryptedHash = encodeToBase64(await digestMessage(fileEncrypted.ciphertext));
    const nameEncrypted = await encryptString(file.name, dataKey);
    const createdAtEncrypted =
      createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
    const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey);
    const thumbnail = await generateThumbnail(fileBuffer, fileType);
    const thumbnailBuffer = await thumbnail?.arrayBuffer();
    const thumbnailEncrypted = thumbnailBuffer && (await encryptData(thumbnailBuffer, dataKey));
    state.status = "upload-pending";
    return {
      dataKeyWrapped,
      dataKeyVersion,
      fileType,
      fileEncrypted,
      fileEncryptedHash,
      nameEncrypted,
      createdAtEncrypted,
      lastModifiedAtEncrypted,
      thumbnail: thumbnailEncrypted && { plaintext: thumbnailBuffer, ...thumbnailEncrypted },
    };
  },
  { concurrency: 4 },
 );
 const requestFileUpload = limitFunction(
  async (state: FileUploadState, form: FormData, thumbnailForm: FormData | null) => {
    state.status = "uploading";
    const res = await axios.post("/api/file/upload", form, {
      onUploadProgress: ({ progress, rate, estimated }) => {
        state.progress = progress;
        state.rate = rate;
        state.estimated = estimated;
      },
    });
    const { file }: FileUploadResponse = res.data;
    if (thumbnailForm) {
      try {
        await axios.post(`/api/file/${file}/thumbnail/upload`, thumbnailForm);
      } catch (e) {
        // TODO
        console.error(e);
      }
    }
    state.status = "uploaded";
    return { fileId: file };
  },
  { concurrency: 1 },
 );
 export const uploadFile = async (
  file: File,
  parentId: "root" | number,
  hmacSecret: HmacSecret,
  masterKey: MasterKey,
  onDuplicate: () => Promise<boolean>,
 ) => {
  uploadingFiles.push({
    name: file.name,
    parentId,
    status: "queued",
  });
  const state = uploadingFiles.at(-1)!;
  return await scheduler.schedule(file.size, async () => {
    state.status = "encryption-pending";
    try {
      const { fileBuffer, fileSigned } = await requestDuplicateFileScan(
        file,
        hmacSecret,
        onDuplicate,
      );
      if (!fileBuffer || !fileSigned) {
        state.status = "canceled";
        uploadingFiles = uploadingFiles.filter((file) => file !== state);
        return undefined;
      }
      const {
        dataKeyWrapped,
        dataKeyVersion,
        fileType,
        fileEncrypted,
        fileEncryptedHash,
        nameEncrypted,
        createdAtEncrypted,
        lastModifiedAtEncrypted,
        thumbnail,
      } = await encryptFile(state, file, fileBuffer, masterKey);
      const form = new FormData();
      form.set(
        "metadata",
        JSON.stringify({
          parent: parentId,
          mekVersion: masterKey.version,
          dek: dataKeyWrapped,
          dekVersion: dataKeyVersion.toISOString(),
          hskVersion: hmacSecret.version,
          contentHmac: fileSigned,
          contentType: fileType,
          contentIv: fileEncrypted.iv,
          name: nameEncrypted.ciphertext,
          nameIv: nameEncrypted.iv,
          createdAt: createdAtEncrypted?.ciphertext,
          createdAtIv: createdAtEncrypted?.iv,
          lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
          lastModifiedAtIv: lastModifiedAtEncrypted.iv,
        } satisfies FileUploadRequest),
      );
      form.set("content", new Blob([fileEncrypted.ciphertext]));
      form.set("checksum", fileEncryptedHash);
      let thumbnailForm = null;
      if (thumbnail) {
        thumbnailForm = new FormData();
        thumbnailForm.set(
          "metadata",
          JSON.stringify({
            dekVersion: dataKeyVersion.toISOString(),
            contentIv: thumbnail.iv,
          } satisfies FileThumbnailUploadRequest),
        );
        thumbnailForm.set("content", new Blob([thumbnail.ciphertext]));
      }
      const { fileId } = await requestFileUpload(state, form, thumbnailForm);
      return { fileId, fileBuffer, thumbnailBuffer: thumbnail?.plaintext };
    } catch (e) {
      state.status = "error";
      throw e;
    }
  });
 };
--- a/src/lib/modules/file/upload.ts
+++ b/src/lib/modules/file/upload.ts
@@ -0,0 +1,225 @@
 import axios from "axios";
 import ExifReader from "exifreader";
 import { limitFunction } from "p-limit";
 import { writable, type Writable } from "svelte/store";
 import {
  encodeToBase64,
  generateDataKey,
  wrapDataKey,
  encryptData,
  encryptString,
  signMessageHmac,
 } from "$lib/modules/crypto";
 import type {
  DuplicateFileScanRequest,
  DuplicateFileScanResponse,
  FileUploadRequest,
 } from "$lib/server/schemas";
 import {
  fileUploadStatusStore,
  type MasterKey,
  type HmacSecret,
  type FileUploadStatus,
 } from "$lib/stores";
 const requestDuplicateFileScan = limitFunction(
  async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => {
    const fileBuffer = await file.arrayBuffer();
    const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret));
    const res = await axios.post("/api/file/scanDuplicates", {
      hskVersion: hmacSecret.version,
      contentHmac: fileSigned,
    } satisfies DuplicateFileScanRequest);
    const { files }: DuplicateFileScanResponse = res.data;
    if (files.length === 0 || (await onDuplicate())) {
      return { fileBuffer, fileSigned };
    } else {
      return {};
    }
  },
  { concurrency: 1 },
 );
 const getFileType = (file: File) => {
  if (file.type) return file.type;
  if (file.name.endsWith(".heic")) return "image/heic";
  throw new Error("Unknown file type");
 };
 const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
  const exif = ExifReader.load(fileBuffer);
  const dateTimeOriginal = exif["DateTimeOriginal"]?.description;
  const offsetTimeOriginal = exif["OffsetTimeOriginal"]?.description;
  if (!dateTimeOriginal) return undefined;
  const [date, time] = dateTimeOriginal.split(" ");
  if (!date || !time) return undefined;
  const [year, month, day] = date.split(":").map(Number);
  const [hour, minute, second] = time.split(":").map(Number);
  if (!year || !month || !day || !hour || !minute || !second) return undefined;
  if (!offsetTimeOriginal) {
    // No timezone information.. Assume local timezone
    return new Date(year, month - 1, day, hour, minute, second);
  }
  const offsetSign = offsetTimeOriginal[0] === "+" ? 1 : -1;
  const [offsetHour, offsetMinute] = offsetTimeOriginal.slice(1).split(":").map(Number);
  const utcDate = Date.UTC(year, month - 1, day, hour, minute, second);
  const offsetMs = offsetSign * ((offsetHour ?? 0) * 60 + (offsetMinute ?? 0)) * 60 * 1000;
  return new Date(utcDate - offsetMs);
 };
 const encryptFile = limitFunction(
  async (
    status: Writable<FileUploadStatus>,
    file: File,
    fileBuffer: ArrayBuffer,
    masterKey: MasterKey,
  ) => {
    status.update((value) => {
      value.status = "encrypting";
      return value;
    });
    const fileType = getFileType(file);
    let createdAt;
    if (fileType.startsWith("image/")) {
      createdAt = extractExifDateTime(fileBuffer);
    }
    const { dataKey, dataKeyVersion } = await generateDataKey();
    const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
    const fileEncrypted = await encryptData(fileBuffer, dataKey);
    const nameEncrypted = await encryptString(file.name, dataKey);
    const createdAtEncrypted =
      createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
    const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey);
    status.update((value) => {
      value.status = "upload-pending";
      return value;
    });
    return {
      dataKeyWrapped,
      dataKeyVersion,
      fileEncrypted,
      fileType,
      nameEncrypted,
      createdAtEncrypted,
      lastModifiedAtEncrypted,
    };
  },
  { concurrency: 4 },
 );
 const requestFileUpload = limitFunction(
  async (status: Writable<FileUploadStatus>, form: FormData) => {
    status.update((value) => {
      value.status = "uploading";
      return value;
    });
    await axios.post("/api/file/upload", form, {
      onUploadProgress: ({ progress, rate, estimated }) => {
        status.update((value) => {
          value.progress = progress;
          value.rate = rate;
          value.estimated = estimated;
          return value;
        });
      },
    });
    status.update((value) => {
      value.status = "uploaded";
      return value;
    });
  },
  { concurrency: 1 },
 );
 export const uploadFile = async (
  file: File,
  parentId: "root" | number,
  hmacSecret: HmacSecret,
  masterKey: MasterKey,
  onDuplicate: () => Promise<boolean>,
 ) => {
  const status = writable<FileUploadStatus>({
    name: file.name,
    parentId,
    status: "encryption-pending",
  });
  fileUploadStatusStore.update((value) => {
    value.push(status);
    return value;
  });
  try {
    const { fileBuffer, fileSigned } = await requestDuplicateFileScan(
      file,
      hmacSecret,
      onDuplicate,
    );
    if (!fileBuffer || !fileSigned) {
      status.update((value) => {
        value.status = "canceled";
        return value;
      });
      fileUploadStatusStore.update((value) => {
        value = value.filter((v) => v !== status);
        return value;
      });
      return false;
    }
    const {
      dataKeyWrapped,
      dataKeyVersion,
      fileEncrypted,
      fileType,
      nameEncrypted,
      createdAtEncrypted,
      lastModifiedAtEncrypted,
    } = await encryptFile(status, file, fileBuffer, masterKey);
    const form = new FormData();
    form.set(
      "metadata",
      JSON.stringify({
        parent: parentId,
        mekVersion: masterKey.version,
        dek: dataKeyWrapped,
        dekVersion: dataKeyVersion.toISOString(),
        hskVersion: hmacSecret.version,
        contentHmac: fileSigned,
        contentType: fileType,
        contentIv: fileEncrypted.iv,
        name: nameEncrypted.ciphertext,
        nameIv: nameEncrypted.iv,
        createdAt: createdAtEncrypted?.ciphertext,
        createdAtIv: createdAtEncrypted?.iv,
        lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
        lastModifiedAtIv: lastModifiedAtEncrypted.iv,
      } as FileUploadRequest),
    );
    form.set("content", new Blob([fileEncrypted.ciphertext]));
    await requestFileUpload(status, form);
    return true;
  } catch (e) {
    status.update((value) => {
      value.status = "error";
      return value;
    });
    throw e;
  }
 };
--- a/src/lib/modules/filesystem.ts
+++ b/src/lib/modules/filesystem.ts
@@ -0,0 +1,206 @@
 import { get, writable, type Writable } from "svelte/store";
 import { callGetApi } from "$lib/hooks";
 import {
  getDirectoryInfos as getDirectoryInfosFromIndexedDB,
  getDirectoryInfo as getDirectoryInfoFromIndexedDB,
  storeDirectoryInfo,
  deleteDirectoryInfo,
  getFileInfos as getFileInfosFromIndexedDB,
  getFileInfo as getFileInfoFromIndexedDB,
  storeFileInfo,
  deleteFileInfo,
  type DirectoryId,
 } from "$lib/indexedDB";
 import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
 import type { DirectoryInfoResponse, FileInfoResponse } from "$lib/server/schemas";
 export type DirectoryInfo =
  | {
      id: "root";
      dataKey?: undefined;
      dataKeyVersion?: undefined;
      name?: undefined;
      subDirectoryIds: number[];
      fileIds: number[];
    }
  | {
      id: number;
      dataKey?: CryptoKey;
      dataKeyVersion?: Date;
      name: string;
      subDirectoryIds: number[];
      fileIds: number[];
    };
 export interface FileInfo {
  id: number;
  dataKey?: CryptoKey;
  dataKeyVersion?: Date;
  contentType: string;
  contentIv?: string;
  name: string;
  createdAt?: Date;
  lastModifiedAt: Date;
 }
 const directoryInfoStore = new Map<DirectoryId, Writable<DirectoryInfo | null>>();
 const fileInfoStore = new Map<number, Writable<FileInfo | null>>();
 const fetchDirectoryInfoFromIndexedDB = async (
  id: DirectoryId,
  info: Writable<DirectoryInfo | null>,
 ) => {
  if (get(info)) return;
  const [directory, subDirectories, files] = await Promise.all([
    id !== "root" ? getDirectoryInfoFromIndexedDB(id) : undefined,
    getDirectoryInfosFromIndexedDB(id),
    getFileInfosFromIndexedDB(id),
  ]);
  const subDirectoryIds = subDirectories.map(({ id }) => id);
  const fileIds = files.map(({ id }) => id);
  if (id === "root") {
    info.set({ id, subDirectoryIds, fileIds });
  } else {
    if (!directory) return;
    info.set({ id, name: directory.name, subDirectoryIds, fileIds });
  }
 };
 const fetchDirectoryInfoFromServer = async (
  id: DirectoryId,
  info: Writable<DirectoryInfo | null>,
  masterKey: CryptoKey,
 ) => {
  const res = await callGetApi(`/api/directory/${id}`);
  if (res.status === 404) {
    info.set(null);
    await deleteDirectoryInfo(id as number);
  } else if (!res.ok) {
    throw new Error("Failed to fetch directory information");
  }
  const {
    metadata,
    subDirectories: subDirectoryIds,
    files: fileIds,
  }: DirectoryInfoResponse = await res.json();
  if (id === "root") {
    info.set({ id, subDirectoryIds, fileIds });
  } else {
    const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
    const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
    info.set({
      id,
      dataKey,
      dataKeyVersion: new Date(metadata!.dekVersion),
      name,
      subDirectoryIds,
      fileIds,
    });
    await storeDirectoryInfo({ id, parentId: metadata!.parent, name });
  }
 };
 const fetchDirectoryInfo = async (
  id: DirectoryId,
  info: Writable<DirectoryInfo | null>,
  masterKey: CryptoKey,
 ) => {
  await fetchDirectoryInfoFromIndexedDB(id, info);
  await fetchDirectoryInfoFromServer(id, info, masterKey);
 };
 export const getDirectoryInfo = (id: DirectoryId, masterKey: CryptoKey) => {
  // TODO: MEK rotation
  let info = directoryInfoStore.get(id);
  if (!info) {
    info = writable(null);
    directoryInfoStore.set(id, info);
  }
  fetchDirectoryInfo(id, info, masterKey);
  return info;
 };
 const fetchFileInfoFromIndexedDB = async (id: number, info: Writable<FileInfo | null>) => {
  if (get(info)) return;
  const file = await getFileInfoFromIndexedDB(id);
  if (!file) return;
  info.set(file);
 };
 const decryptDate = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
  return new Date(parseInt(await decryptString(ciphertext, iv, dataKey), 10));
 };
 const fetchFileInfoFromServer = async (
  id: number,
  info: Writable<FileInfo | null>,
  masterKey: CryptoKey,
 ) => {
  const res = await callGetApi(`/api/file/${id}`);
  if (res.status === 404) {
    info.set(null);
    await deleteFileInfo(id);
  } else if (!res.ok) {
    throw new Error("Failed to fetch file information");
  }
  const metadata: FileInfoResponse = await res.json();
  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
  const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
  const createdAt =
    metadata.createdAt && metadata.createdAtIv
      ? await decryptDate(metadata.createdAt, metadata.createdAtIv, dataKey)
      : undefined;
  const lastModifiedAt = await decryptDate(
    metadata.lastModifiedAt,
    metadata.lastModifiedAtIv,
    dataKey,
  );
  info.set({
    id,
    dataKey,
    dataKeyVersion: new Date(metadata.dekVersion),
    contentType: metadata.contentType,
    contentIv: metadata.contentIv,
    name,
    createdAt,
    lastModifiedAt,
  });
  await storeFileInfo({
    id,
    parentId: metadata.parent,
    name,
    contentType: metadata.contentType,
    createdAt,
    lastModifiedAt,
  });
 };
 const fetchFileInfo = async (id: number, info: Writable<FileInfo | null>, masterKey: CryptoKey) => {
  await fetchFileInfoFromIndexedDB(id, info);
  await fetchFileInfoFromServer(id, info, masterKey);
 };
 export const getFileInfo = (fileId: number, masterKey: CryptoKey) => {
  // TODO: MEK rotation
  let info = fileInfoStore.get(fileId);
  if (!info) {
    info = writable(null);
    fileInfoStore.set(fileId, info);
  }
  fetchFileInfo(fileId, info, masterKey);
  return info;
 };
--- a/src/lib/modules/filesystem/category.ts
+++ b/src/lib/modules/filesystem/category.ts
@@ -1,121 +0,0 @@
 import * as IndexedDB from "$lib/indexedDB";
 import { trpc, isTRPCClientError } from "$trpc/client";
 import { FilesystemCache, decryptFileMetadata, decryptCategoryMetadata } from "./internal.svelte";
 import type { CategoryInfo, MaybeCategoryInfo } from "./types";
 const cache = new FilesystemCache<CategoryId, MaybeCategoryInfo>({
  async fetchFromIndexedDB(id) {
    const [category, subCategories] = await Promise.all([
      id !== "root" ? IndexedDB.getCategoryInfo(id) : undefined,
      IndexedDB.getCategoryInfos(id),
    ]);
    const files = category?.files
      ? await Promise.all(
          category.files.map(async (file) => {
            const fileInfo = await IndexedDB.getFileInfo(file.id);
            return fileInfo
              ? {
                  id: file.id,
                  parentId: fileInfo.parentId,
                  contentType: fileInfo.contentType,
                  name: fileInfo.name,
                  createdAt: fileInfo.createdAt,
                  lastModifiedAt: fileInfo.lastModifiedAt,
                  isRecursive: file.isRecursive,
                }
              : undefined;
          }),
        )
      : undefined;
    if (id === "root") {
      return {
        id,
        exists: true,
        subCategories,
      };
    } else if (category) {
      return {
        id,
        exists: true,
        parentId: category.parentId,
        name: category.name,
        subCategories,
        files: files?.filter((file) => !!file) ?? [],
        isFileRecursive: category.isFileRecursive ?? false,
      };
    }
  },
  async fetchFromServer(id, cachedInfo, masterKey) {
    try {
      const category = await trpc().category.get.query({ id, recurse: true });
      const [subCategories, files, metadata] = await Promise.all([
        Promise.all(
          category.subCategories.map(async (category) => ({
            id: category.id,
            parentId: id,
            ...(await decryptCategoryMetadata(category, masterKey)),
          })),
        ),
        category.files &&
          Promise.all(
            category.files.map(async (file) => ({
              id: file.id,
              parentId: file.parent,
              contentType: file.contentType,
              isRecursive: file.isRecursive,
              ...(await decryptFileMetadata(file, masterKey)),
            })),
          ),
        category.metadata && decryptCategoryMetadata(category.metadata, masterKey),
      ]);
      return storeToIndexedDB(
        id !== "root"
          ? {
              id,
              parentId: category.metadata!.parent,
              subCategories,
              files: files!,
              isFileRecursive: cachedInfo?.isFileRecursive ?? false,
              ...metadata!,
            }
          : { id, subCategories },
      );
    } catch (e) {
      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
        await IndexedDB.deleteCategoryInfo(id as number);
        return { id, exists: false };
      }
      throw e;
    }
  },
 });
 const storeToIndexedDB = (info: CategoryInfo) => {
  if (info.id !== "root") {
    void IndexedDB.storeCategoryInfo(info);
    // TODO: Bulk Upsert
    new Map(info.files.map((file) => [file.id, file])).forEach((file) => {
      void IndexedDB.storeFileInfo(file);
    });
  }
  // TODO: Bulk Upsert
  info.subCategories.forEach((category) => {
    void IndexedDB.storeCategoryInfo(category);
  });
  void IndexedDB.deleteDanglingCategoryInfos(
    info.id,
    new Set(info.subCategories.map(({ id }) => id)),
  );
  return { ...info, exists: true as const };
 };
 export const getCategoryInfo = (id: CategoryId, masterKey: CryptoKey) => {
  return cache.get(id, masterKey);
 };
--- a/src/lib/modules/filesystem/directory.ts
+++ b/src/lib/modules/filesystem/directory.ts
@@ -1,102 +0,0 @@
 import * as IndexedDB from "$lib/indexedDB";
 import { trpc, isTRPCClientError } from "$trpc/client";
 import { FilesystemCache, decryptDirectoryMetadata, decryptFileMetadata } from "./internal.svelte";
 import type { DirectoryInfo, MaybeDirectoryInfo } from "./types";
 const cache = new FilesystemCache<DirectoryId, MaybeDirectoryInfo>({
  async fetchFromIndexedDB(id) {
    const [directory, subDirectories, files] = await Promise.all([
      id !== "root" ? IndexedDB.getDirectoryInfo(id) : undefined,
      IndexedDB.getDirectoryInfos(id),
      IndexedDB.getFileInfos(id),
    ]);
    if (id === "root") {
      return {
        id,
        exists: true,
        subDirectories,
        files,
      };
    } else if (directory) {
      return {
        id,
        exists: true,
        parentId: directory.parentId,
        name: directory.name,
        subDirectories,
        files,
      };
    }
  },
  async fetchFromServer(id, _cachedInfo, masterKey) {
    try {
      const directory = await trpc().directory.get.query({ id });
      const [subDirectories, files, metadata] = await Promise.all([
        Promise.all(
          directory.subDirectories.map(async (directory) => ({
            id: directory.id,
            parentId: id,
            ...(await decryptDirectoryMetadata(directory, masterKey)),
          })),
        ),
        Promise.all(
          directory.files.map(async (file) => ({
            id: file.id,
            parentId: id,
            contentType: file.contentType,
            ...(await decryptFileMetadata(file, masterKey)),
          })),
        ),
        directory.metadata && decryptDirectoryMetadata(directory.metadata, masterKey),
      ]);
      return storeToIndexedDB(
        id !== "root"
          ? {
              id,
              parentId: directory.metadata!.parent,
              subDirectories,
              files,
              ...metadata!,
            }
          : { id, subDirectories, files },
      );
    } catch (e) {
      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
        await IndexedDB.deleteDirectoryInfo(id as number);
        return { id, exists: false as const };
      }
      throw e;
    }
  },
 });
 const storeToIndexedDB = (info: DirectoryInfo) => {
  if (info.id !== "root") {
    void IndexedDB.storeDirectoryInfo(info);
  }
  // TODO: Bulk Upsert
  info.subDirectories.forEach((subDirectory) => {
    void IndexedDB.storeDirectoryInfo(subDirectory);
  });
  // TODO: Bulk Upsert
  info.files.forEach((file) => {
    void IndexedDB.storeFileInfo(file);
  });
  void IndexedDB.deleteDanglingDirectoryInfos(
    info.id,
    new Set(info.subDirectories.map(({ id }) => id)),
  );
  void IndexedDB.deleteDanglingFileInfos(info.id, new Set(info.files.map(({ id }) => id)));
  return { ...info, exists: true as const };
 };
 export const getDirectoryInfo = (id: DirectoryId, masterKey: CryptoKey) => {
  return cache.get(id, masterKey);
 };
--- a/src/lib/modules/filesystem/file.ts
+++ b/src/lib/modules/filesystem/file.ts
@@ -1,177 +0,0 @@
 import * as IndexedDB from "$lib/indexedDB";
 import { trpc, isTRPCClientError } from "$trpc/client";
 import { FilesystemCache, decryptFileMetadata, decryptCategoryMetadata } from "./internal.svelte";
 import type { FileInfo, MaybeFileInfo } from "./types";
 const cache = new FilesystemCache<number, MaybeFileInfo>({
  async fetchFromIndexedDB(id) {
    const file = await IndexedDB.getFileInfo(id);
    const categories = file?.categoryIds
      ? await Promise.all(
          file.categoryIds.map(async (categoryId) => {
            const category = await IndexedDB.getCategoryInfo(categoryId);
            return category
              ? { id: category.id, parentId: category.parentId, name: category.name }
              : undefined;
          }),
        )
      : undefined;
    if (file) {
      return {
        id,
        exists: true,
        parentId: file.parentId,
        contentType: file.contentType,
        name: file.name,
        createdAt: file.createdAt,
        lastModifiedAt: file.lastModifiedAt,
        categories: categories?.filter((category) => !!category) ?? [],
      };
    }
  },
  async fetchFromServer(id, _cachedInfo, masterKey) {
    try {
      const file = await trpc().file.get.query({ id });
      const [categories, metadata] = await Promise.all([
        Promise.all(
          file.categories.map(async (category) => ({
            id: category.id,
            parentId: category.parent,
            ...(await decryptCategoryMetadata(category, masterKey)),
          })),
        ),
        decryptFileMetadata(file, masterKey),
      ]);
      return storeToIndexedDB({
        id,
        parentId: file.parent,
        dataKey: metadata.dataKey,
        contentType: file.contentType,
        contentIv: file.contentIv,
        name: metadata.name,
        createdAt: metadata.createdAt,
        lastModifiedAt: metadata.lastModifiedAt,
        categories,
      });
    } catch (e) {
      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
        await IndexedDB.deleteFileInfo(id);
        return { id, exists: false as const };
      }
      throw e;
    }
  },
  async bulkFetchFromIndexedDB(ids) {
    const files = await IndexedDB.bulkGetFileInfos([...ids]);
    const categories = await Promise.all(
      files.map(async (file) =>
        file?.categoryIds
          ? await Promise.all(
              file.categoryIds.map(async (categoryId) => {
                const category = await IndexedDB.getCategoryInfo(categoryId);
                return category
                  ? { id: category.id, parentId: category.parentId, name: category.name }
                  : undefined;
              }),
            )
          : undefined,
      ),
    );
    return new Map(
      files
        .filter((file) => !!file)
        .map((file, index) => [
          file.id,
          {
            ...file,
            exists: true,
            categories: categories[index]?.filter((category) => !!category) ?? [],
          },
        ]),
    );
  },
  async bulkFetchFromServer(ids, masterKey) {
    const idsArray = [...ids.keys()];
    const filesRaw = await trpc().file.bulkGet.query({ ids: idsArray });
    const files = await Promise.all(
      filesRaw.map(async ({ id, categories: categoriesRaw, ...metadataRaw }) => {
        const [categories, metadata] = await Promise.all([
          Promise.all(
            categoriesRaw.map(async (category) => ({
              id: category.id,
              parentId: category.parent,
              ...(await decryptCategoryMetadata(category, masterKey)),
            })),
          ),
          decryptFileMetadata(metadataRaw, masterKey),
        ]);
        return {
          id,
          exists: true as const,
          parentId: metadataRaw.parent,
          contentType: metadataRaw.contentType,
          contentIv: metadataRaw.contentIv,
          categories,
          ...metadata,
        };
      }),
    );
    const existingIds = new Set(filesRaw.map(({ id }) => id));
    const deletedIds = idsArray.filter((id) => !existingIds.has(id));
    void IndexedDB.bulkDeleteFileInfos(deletedIds);
    return new Map<number, MaybeFileInfo>([
      ...bulkStoreToIndexedDB(files),
      ...deletedIds.map((id) => [id, { id, exists: false }] as const),
    ]);
  },
 });
 const storeToIndexedDB = (info: FileInfo) => {
  void IndexedDB.storeFileInfo({
    ...info,
    categoryIds: info.categories.map(({ id }) => id),
  });
  info.categories.forEach((category) => {
    void IndexedDB.storeCategoryInfo(category);
  });
  return { ...info, exists: true as const };
 };
 const bulkStoreToIndexedDB = (infos: FileInfo[]) => {
  // TODO: Bulk Upsert
  infos.forEach((info) => {
    void IndexedDB.storeFileInfo({
      ...info,
      categoryIds: info.categories.map(({ id }) => id),
    });
  });
  // TODO: Bulk Upsert
  new Map(
    infos.flatMap(({ categories }) => categories).map((category) => [category.id, category]),
  ).forEach((category) => {
    void IndexedDB.storeCategoryInfo(category);
  });
  return infos.map((info) => [info.id, { ...info, exists: true }] as const);
 };
 export const getFileInfo = (id: number, masterKey: CryptoKey) => {
  return cache.get(id, masterKey);
 };
 export const bulkGetFileInfo = (ids: number[], masterKey: CryptoKey) => {
  return cache.bulkGet(new Set(ids), masterKey);
 };
--- a/src/lib/modules/filesystem/index.ts
+++ b/src/lib/modules/filesystem/index.ts
@@ -1,4 +0,0 @@
 export * from "./category";
 export * from "./directory";
 export * from "./file";
 export * from "./types";
--- a/src/lib/modules/filesystem/internal.svelte.ts
+++ b/src/lib/modules/filesystem/internal.svelte.ts
@@ -1,172 +0,0 @@
 import { untrack } from "svelte";
 import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
 interface FilesystemCacheOptions<K, V> {
  fetchFromIndexedDB: (key: K) => Promise<V | undefined>;
  fetchFromServer: (key: K, cachedValue: V | undefined, masterKey: CryptoKey) => Promise<V>;
  bulkFetchFromIndexedDB?: (keys: Set<K>) => Promise<Map<K, V>>;
  bulkFetchFromServer?: (
    keys: Map<K, { cachedValue: V | undefined }>,
    masterKey: CryptoKey,
  ) => Promise<Map<K, V>>;
 }
 export class FilesystemCache<K, V extends object> {
  private map = new Map<K, { value?: V; promise?: Promise<V> }>();
  constructor(private readonly options: FilesystemCacheOptions<K, V>) {}
  get(key: K, masterKey: CryptoKey) {
    return untrack(() => {
      let state = this.map.get(key);
      if (state?.promise) return state.value ?? state.promise;
      const { promise: newPromise, resolve } = Promise.withResolvers<V>();
      if (!state) {
        const newState = $state({});
        state = newState;
        this.map.set(key, newState);
      }
      (state.value
        ? Promise.resolve(state.value)
        : this.options.fetchFromIndexedDB(key).then((loadedInfo) => {
            if (loadedInfo) {
              state.value = loadedInfo;
              resolve(state.value);
            }
            return loadedInfo;
          })
      )
        .then((cachedInfo) => this.options.fetchFromServer(key, cachedInfo, masterKey))
        .then((loadedInfo) => {
          if (state.value) {
            Object.assign(state.value, loadedInfo);
          } else {
            state.value = loadedInfo;
          }
          resolve(state.value);
        })
        .finally(() => {
          state.promise = undefined;
        });
      state.promise = newPromise;
      return state.value ?? newPromise;
    });
  }
  bulkGet(keys: Set<K>, masterKey: CryptoKey) {
    return untrack(() => {
      const newPromises = new Map(
        keys
          .keys()
          .filter((key) => this.map.get(key)?.promise === undefined)
          .map((key) => [key, Promise.withResolvers<V>()]),
      );
      newPromises.forEach(({ promise }, key) => {
        const state = this.map.get(key);
        if (state) {
          state.promise = promise;
        } else {
          const newState = $state({ promise });
          this.map.set(key, newState);
        }
      });
      const resolve = (loadedInfos: Map<K, V>) => {
        loadedInfos.forEach((loadedInfo, key) => {
          const state = this.map.get(key)!;
          if (state.value) {
            Object.assign(state.value, loadedInfo);
          } else {
            state.value = loadedInfo;
          }
          newPromises.get(key)!.resolve(state.value);
        });
        return loadedInfos;
      };
      this.options.bulkFetchFromIndexedDB!(
        new Set(newPromises.keys().filter((key) => this.map.get(key)!.value === undefined)),
      )
        .then(resolve)
        .then(() =>
          this.options.bulkFetchFromServer!(
            new Map(
              newPromises.keys().map((key) => [key, { cachedValue: this.map.get(key)!.value }]),
            ),
            masterKey,
          ),
        )
        .then(resolve)
        .finally(() => {
          newPromises.forEach((_, key) => {
            this.map.get(key)!.promise = undefined;
          });
        });
      const bottleneckPromises = Array.from(
        keys
          .keys()
          .filter((key) => this.map.get(key)!.value === undefined)
          .map((key) => this.map.get(key)!.promise!),
      );
      const makeResult = () =>
        new Map(keys.keys().map((key) => [key, this.map.get(key)!.value!] as const));
      return bottleneckPromises.length > 0
        ? Promise.all(bottleneckPromises).then(makeResult)
        : makeResult();
    });
  }
 }
 export const decryptDirectoryMetadata = async (
  metadata: { dek: string; dekVersion: Date; name: string; nameIv: string },
  masterKey: CryptoKey,
 ) => {
  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
  const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
  return {
    dataKey: { key: dataKey, version: metadata.dekVersion },
    name,
  };
 };
 const decryptDate = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
  return new Date(parseInt(await decryptString(ciphertext, iv, dataKey), 10));
 };
 export const decryptFileMetadata = async (
  metadata: {
    dek: string;
    dekVersion: Date;
    name: string;
    nameIv: string;
    createdAt?: string;
    createdAtIv?: string;
    lastModifiedAt: string;
    lastModifiedAtIv: string;
  },
  masterKey: CryptoKey,
 ) => {
  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
  const [name, createdAt, lastModifiedAt] = await Promise.all([
    decryptString(metadata.name, metadata.nameIv, dataKey),
    metadata.createdAt
      ? decryptDate(metadata.createdAt, metadata.createdAtIv!, dataKey)
      : undefined,
    decryptDate(metadata.lastModifiedAt, metadata.lastModifiedAtIv, dataKey),
  ]);
  return {
    dataKey: { key: dataKey, version: metadata.dekVersion },
    name,
    createdAt,
    lastModifiedAt,
  };
 };
 export const decryptCategoryMetadata = decryptDirectoryMetadata;
--- a/src/lib/modules/filesystem/types.ts
+++ b/src/lib/modules/filesystem/types.ts
@@ -1,77 +0,0 @@
 export type DataKey = { key: CryptoKey; version: Date };
 type AllUndefined<T> = { [K in keyof T]?: undefined };
 interface LocalDirectoryInfo {
  id: number;
  parentId: DirectoryId;
  dataKey?: DataKey;
  name: string;
  subDirectories: SubDirectoryInfo[];
  files: SummarizedFileInfo[];
 }
 interface RootDirectoryInfo {
  id: "root";
  parentId?: undefined;
  dataKey?: undefined;
  name?: undefined;
  subDirectories: SubDirectoryInfo[];
  files: SummarizedFileInfo[];
 }
 export type DirectoryInfo = LocalDirectoryInfo | RootDirectoryInfo;
 export type MaybeDirectoryInfo =
  | (DirectoryInfo & { exists: true })
  | ({ id: DirectoryId; exists: false } & AllUndefined<Omit<DirectoryInfo, "id">>);
 export type SubDirectoryInfo = Omit<LocalDirectoryInfo, "subDirectories" | "files">;
 export interface FileInfo {
  id: number;
  parentId: DirectoryId;
  dataKey?: DataKey;
  contentType: string;
  contentIv?: string;
  name: string;
  createdAt?: Date;
  lastModifiedAt: Date;
  categories: FileCategoryInfo[];
 }
 export type MaybeFileInfo =
  | (FileInfo & { exists: true })
  | ({ id: number; exists: false } & AllUndefined<Omit<FileInfo, "id">>);
 export type SummarizedFileInfo = Omit<FileInfo, "contentIv" | "categories">;
 export type CategoryFileInfo = SummarizedFileInfo & { isRecursive: boolean };
 interface LocalCategoryInfo {
  id: number;
  parentId: DirectoryId;
  dataKey?: DataKey;
  name: string;
  subCategories: SubCategoryInfo[];
  files: CategoryFileInfo[];
  isFileRecursive: boolean;
 }
 interface RootCategoryInfo {
  id: "root";
  parentId?: undefined;
  dataKey?: undefined;
  name?: undefined;
  subCategories: SubCategoryInfo[];
  files?: undefined;
  isFileRecursive?: undefined;
 }
 export type CategoryInfo = LocalCategoryInfo | RootCategoryInfo;
 export type MaybeCategoryInfo =
  | (CategoryInfo & { exists: true })
  | ({ id: CategoryId; exists: false } & AllUndefined<Omit<CategoryInfo, "id">>);
 export type SubCategoryInfo = Omit<
  LocalCategoryInfo,
  "subCategories" | "files" | "isFileRecursive"
 >;
 export type FileCategoryInfo = Omit<SubCategoryInfo, "dataKey">;
--- a/src/lib/modules/key.ts
+++ b/src/lib/modules/key.ts
@@ -1,65 +0,0 @@
 import { z } from "zod";
 import { storeClientKey } from "$lib/indexedDB";
 import type { ClientKeys } from "$lib/stores";
 const serializedClientKeysSchema = z.intersection(
  z.object({
    generator: z.literal("ArkVault"),
    exportedAt: z.iso.datetime(),
  }),
  z.object({
    version: z.literal(1),
    encryptKey: z.base64().nonempty(),
    decryptKey: z.base64().nonempty(),
    signKey: z.base64().nonempty(),
    verifyKey: z.base64().nonempty(),
  }),
 );
 type SerializedClientKeys = z.infer<typeof serializedClientKeysSchema>;
 type DeserializedClientKeys = {
  encryptKeyBase64: string;
  decryptKeyBase64: string;
  signKeyBase64: string;
  verifyKeyBase64: string;
 };
 export const serializeClientKeys = ({
  encryptKeyBase64,
  decryptKeyBase64,
  signKeyBase64,
  verifyKeyBase64,
 }: DeserializedClientKeys) => {
  return JSON.stringify({
    version: 1,
    generator: "ArkVault",
    exportedAt: new Date().toISOString(),
    encryptKey: encryptKeyBase64,
    decryptKey: decryptKeyBase64,
    signKey: signKeyBase64,
    verifyKey: verifyKeyBase64,
  } satisfies SerializedClientKeys);
 };
 export const deserializeClientKeys = (serialized: string) => {
  const zodRes = serializedClientKeysSchema.safeParse(JSON.parse(serialized));
  if (zodRes.success) {
    return {
      encryptKeyBase64: zodRes.data.encryptKey,
      decryptKeyBase64: zodRes.data.decryptKey,
      signKeyBase64: zodRes.data.signKey,
      verifyKeyBase64: zodRes.data.verifyKey,
    } satisfies DeserializedClientKeys;
  }
  return undefined;
 };
 export const storeClientKeys = async (clientKeys: ClientKeys) => {
  await Promise.all([
    storeClientKey(clientKeys.encryptKey, "encrypt"),
    storeClientKey(clientKeys.decryptKey, "decrypt"),
    storeClientKey(clientKeys.signKey, "sign"),
    storeClientKey(clientKeys.verifyKey, "verify"),
  ]);
 };
--- a/src/lib/modules/opfs.ts
+++ b/src/lib/modules/opfs.ts
@@ -59,39 +59,3 @@ export const deleteFile = async (path: string) => {
  await parentHandle.removeEntry(filename);
 };
 const getDirectoryHandle = async (path: string) => {
  if (!rootHandle) {
    throw new Error("OPFS not prepared");
  } else if (path[0] !== "/") {
    throw new Error("Path must be absolute");
  }
  const parts = path.split("/");
  if (parts.length <= 1) {
    throw new Error("Invalid path");
  }
  try {
    let directoryHandle = rootHandle;
    let parentHandle;
    for (const part of parts.slice(1)) {
      if (!part) continue;
      parentHandle = directoryHandle;
      directoryHandle = await directoryHandle.getDirectoryHandle(part);
    }
    return { directoryHandle, parentHandle };
  } catch (e) {
    if (e instanceof DOMException && e.name === "NotFoundError") {
      return {};
    }
    throw e;
  }
 };
 export const deleteDirectory = async (path: string) => {
  const { directoryHandle, parentHandle } = await getDirectoryHandle(path);
  if (!parentHandle) return;
  await parentHandle.removeEntry(directoryHandle.name, { recursive: true });
 };
--- a/src/lib/modules/scheduler.ts
+++ b/src/lib/modules/scheduler.ts
@@ -1,48 +0,0 @@
 export class Scheduler<T = void> {
  private isEstimating = false;
  private memoryUsage = 0;
  private queue: (() => void)[] = [];
  constructor(public readonly memoryLimit = 100 * 1024 * 1024 /* 100 MiB */) {}
  private next() {
    if (!this.isEstimating && this.memoryUsage < this.memoryLimit) {
      const resolve = this.queue.shift();
      if (resolve) {
        this.isEstimating = true;
        resolve();
      }
    }
  }
  async schedule(
    estimateMemoryUsage: number | (() => number | Promise<number>),
    task: () => Promise<T>,
  ) {
    if (this.isEstimating || this.memoryUsage >= this.memoryLimit) {
      await new Promise<void>((resolve) => {
        this.queue.push(resolve);
      });
    } else {
      this.isEstimating = true;
    }
    let taskMemoryUsage = 0;
    try {
      taskMemoryUsage =
        typeof estimateMemoryUsage === "number" ? estimateMemoryUsage : await estimateMemoryUsage();
      this.memoryUsage += taskMemoryUsage;
    } finally {
      this.isEstimating = false;
      this.next();
    }
    try {
      return await task();
    } finally {
      this.memoryUsage -= taskMemoryUsage;
      this.next();
    }
  }
 }
--- a/src/lib/modules/thumbnail.ts
+++ b/src/lib/modules/thumbnail.ts
@@ -1,127 +0,0 @@
 import { encodeToBase64 } from "$lib/modules/crypto";
 const scaleSize = (width: number, height: number, targetSize: number) => {
  if (width <= targetSize || height <= targetSize) {
    return { width, height };
  }
  const scale = targetSize / Math.min(width, height);
  return {
    width: Math.round(width * scale),
    height: Math.round(height * scale),
  };
 };
 const capture = (
  width: number,
  height: number,
  drawer: (context: CanvasRenderingContext2D, width: number, height: number) => void,
  targetSize = 250,
 ) => {
  return new Promise<Blob>((resolve, reject) => {
    const canvas = document.createElement("canvas");
    const { width: scaledWidth, height: scaledHeight } = scaleSize(width, height, targetSize);
    canvas.width = scaledWidth;
    canvas.height = scaledHeight;
    const context = canvas.getContext("2d");
    if (!context) {
      return reject(new Error("Failed to generate thumbnail"));
    }
    drawer(context, scaledWidth, scaledHeight);
    canvas.toBlob((blob) => {
      if (blob && blob.type === "image/webp") {
        resolve(blob);
      } else {
        reject(new Error("Failed to generate thumbnail"));
      }
    }, "image/webp");
  });
 };
 const generateImageThumbnail = (imageUrl: string) => {
  return new Promise<Blob>((resolve, reject) => {
    const image = new Image();
    image.onload = () => {
      capture(image.width, image.height, (context, width, height) => {
        context.drawImage(image, 0, 0, width, height);
      })
        .then(resolve)
        .catch(reject);
    };
    image.onerror = reject;
    image.src = imageUrl;
  });
 };
 export const captureVideoThumbnail = (video: HTMLVideoElement) => {
  return capture(video.videoWidth, video.videoHeight, (context, width, height) => {
    context.drawImage(video, 0, 0, width, height);
  });
 };
 const generateVideoThumbnail = (videoUrl: string, time = 0) => {
  return new Promise<Blob>((resolve, reject) => {
    const video = document.createElement("video");
    video.onloadedmetadata = () => {
      if (video.videoWidth === 0 || video.videoHeight === 0) {
        return reject();
      }
      const callbackId = video.requestVideoFrameCallback(() => {
        captureVideoThumbnail(video).then(resolve).catch(reject);
        video.cancelVideoFrameCallback(callbackId);
      });
      video.currentTime = Math.min(time, video.duration);
    };
    video.onerror = reject;
    video.muted = true;
    video.playsInline = true;
    video.src = videoUrl;
  });
 };
 export const generateThumbnail = async (fileBuffer: ArrayBuffer, fileType: string) => {
  let url;
  try {
    if (fileType.startsWith("image/")) {
      const fileBlob = new Blob([fileBuffer], { type: fileType });
      url = URL.createObjectURL(fileBlob);
      try {
        return await generateImageThumbnail(url);
      } catch {
        URL.revokeObjectURL(url);
        url = undefined;
        if (fileType === "image/heic") {
          const { default: heic2any } = await import("heic2any");
          url = URL.createObjectURL(
            (await heic2any({ blob: fileBlob, toType: "image/png" })) as Blob,
          );
          return await generateImageThumbnail(url);
        } else {
          return null;
        }
      }
    } else if (fileType.startsWith("video/")) {
      url = URL.createObjectURL(new Blob([fileBuffer], { type: fileType }));
      return await generateVideoThumbnail(url);
    }
    return null;
  } catch {
    return null;
  } finally {
    if (url) {
      URL.revokeObjectURL(url);
    }
  }
 };
 export const getThumbnailUrl = (thumbnailBuffer: ArrayBuffer) => {
  return `data:image/webp;base64,${encodeToBase64(thumbnailBuffer)}`;
 };
--- a/src/lib/modules/util.ts
+++ b/src/lib/modules/util.ts
@@ -7,13 +7,6 @@ export const formatDate = (date: Date) => {
  return `${year}. ${month}. ${day}.`;
 };
 export const formatDateSortable = (date: Date) => {
  const year = date.getFullYear();
  const month = pad2(date.getMonth() + 1);
  const day = pad2(date.getDate());
  return `${year}${month}${day}`;
 };
 export const formatDateTime = (date: Date) => {
  const dateFormatted = formatDate(date);
  const hours = date.getHours();
@@ -34,8 +27,3 @@ export const formatNetworkSpeed = (speed: number) => {
  if (speed < 1000 * 1000 * 1000) return `${(speed / 1000 / 1000).toFixed(1)} Mbps`;
  return `${(speed / 1000 / 1000 / 1000).toFixed(1)} Gbps`;
 };
 export const truncateString = (str: string, maxLength = 20) => {
  if (str.length <= maxLength) return str;
  return `${str.slice(0, maxLength)}...`;
 };
--- a/src/lib/server/db/category.ts
+++ b/src/lib/server/db/category.ts
@@ -1,145 +0,0 @@
 import { IntegrityError } from "./error";
 import db from "./kysely";
 import type { Ciphertext } from "./schema";
 interface Category {
  id: number;
  parentId: CategoryId;
  userId: number;
  mekVersion: number;
  encDek: string;
  dekVersion: Date;
  encName: Ciphertext;
 }
 export type NewCategory = Omit<Category, "id">;
 export const registerCategory = async (params: NewCategory) => {
  await db.transaction().execute(async (trx) => {
    const mek = await trx
      .selectFrom("master_encryption_key")
      .select("version")
      .where("user_id", "=", params.userId)
      .where("state", "=", "active")
      .limit(1)
      .forUpdate()
      .executeTakeFirst();
    if (mek?.version !== params.mekVersion) {
      throw new IntegrityError("Inactive MEK version");
    }
    const { categoryId } = await trx
      .insertInto("category")
      .values({
        parent_id: params.parentId !== "root" ? params.parentId : null,
        user_id: params.userId,
        master_encryption_key_version: params.mekVersion,
        encrypted_data_encryption_key: params.encDek,
        data_encryption_key_version: params.dekVersion,
        encrypted_name: params.encName,
      })
      .returning("id as categoryId")
      .executeTakeFirstOrThrow();
    await trx
      .insertInto("category_log")
      .values({
        category_id: categoryId,
        timestamp: new Date(),
        action: "create",
        new_name: params.encName,
      })
      .execute();
  });
 };
 export const getAllCategoriesByParent = async (userId: number, parentId: CategoryId) => {
  let query = db.selectFrom("category").selectAll().where("user_id", "=", userId);
  query =
    parentId === "root"
      ? query.where("parent_id", "is", null)
      : query.where("parent_id", "=", parentId);
  const categories = await query.execute();
  return categories.map(
    (category) =>
      ({
        id: category.id,
        parentId: category.parent_id ?? "root",
        userId: category.user_id,
        mekVersion: category.master_encryption_key_version,
        encDek: category.encrypted_data_encryption_key,
        dekVersion: category.data_encryption_key_version,
        encName: category.encrypted_name,
      }) satisfies Category,
  );
 };
 export const getCategory = async (userId: number, categoryId: number) => {
  const category = await db
    .selectFrom("category")
    .selectAll()
    .where("id", "=", categoryId)
    .where("user_id", "=", userId)
    .limit(1)
    .executeTakeFirst();
  return category
    ? ({
        id: category.id,
        parentId: category.parent_id ?? "root",
        userId: category.user_id,
        mekVersion: category.master_encryption_key_version,
        encDek: category.encrypted_data_encryption_key,
        dekVersion: category.data_encryption_key_version,
        encName: category.encrypted_name,
      } satisfies Category)
    : null;
 };
 export const setCategoryEncName = async (
  userId: number,
  categoryId: number,
  dekVersion: Date,
  encName: Ciphertext,
 ) => {
  await db.transaction().execute(async (trx) => {
    const category = await trx
      .selectFrom("category")
      .select("data_encryption_key_version")
      .where("id", "=", categoryId)
      .where("user_id", "=", userId)
      .limit(1)
      .forUpdate()
      .executeTakeFirst();
    if (!category) {
      throw new IntegrityError("Category not found");
    } else if (category.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
      throw new IntegrityError("Invalid DEK version");
    }
    await trx
      .updateTable("category")
      .set({ encrypted_name: encName })
      .where("id", "=", categoryId)
      .where("user_id", "=", userId)
      .execute();
    await trx
      .insertInto("category_log")
      .values({
        category_id: categoryId,
        timestamp: new Date(),
        action: "rename",
        new_name: encName,
      })
      .execute();
  });
 };
 export const unregisterCategory = async (userId: number, categoryId: number) => {
  const res = await db
    .deleteFrom("category")
    .where("id", "=", categoryId)
    .where("user_id", "=", userId)
    .executeTakeFirst();
  if (res.numDeletedRows === 0n) {
    throw new IntegrityError("Category not found");
  }
 };
--- a/src/lib/server/db/client.ts
+++ b/src/lib/server/db/client.ts
@@ -1,158 +1,106 @@
-import pg from "pg";
+import { SqliteError } from "better-sqlite3";
 import { and, or, eq, gt, lte } from "drizzle-orm";
 import db from "./drizzle";
 import { IntegrityError } from "./error";
-import db from "./kysely";
+import { client, userClient, userClientChallenge } from "./schema";
 import type { UserClientState } from "./schema";
 interface Client {
  id: number;
  encPubKey: string;
  sigPubKey: string;
 }
 interface UserClient {
  userId: number;
  clientId: number;
  state: UserClientState;
 }
 interface UserClientWithDetails extends UserClient {
  encPubKey: string;
  sigPubKey: string;
 }
 export const createClient = async (encPubKey: string, sigPubKey: string, userId: number) => {
-  return await db
+  return await db.transaction(
-    .transaction()
+    async (tx) => {
-    .setIsolationLevel("serializable")
+      const clients = await tx
-    .execute(async (trx) => {
+        .select({ id: client.id })
-      const client = await trx
+        .from(client)
-        .selectFrom("client")
+        .where(or(eq(client.encPubKey, sigPubKey), eq(client.sigPubKey, encPubKey)))
-        .where((eb) =>
+        .limit(1);
-          eb.or([
+      if (clients.length !== 0) {
            eb("encryption_public_key", "=", encPubKey),
            eb("encryption_public_key", "=", sigPubKey),
            eb("signature_public_key", "=", encPubKey),
            eb("signature_public_key", "=", sigPubKey),
          ]),
        )
        .limit(1)
        .executeTakeFirst();
      if (client) {
        throw new IntegrityError("Public key(s) already registered");
      }
-      const { clientId } = await trx
+      const newClients = await tx
-        .insertInto("client")
+        .insert(client)
-        .values({ encryption_public_key: encPubKey, signature_public_key: sigPubKey })
+        .values({ encPubKey, sigPubKey })
-        .returning("id as clientId")
+        .returning({ id: client.id });
-        .executeTakeFirstOrThrow();
+      const { id: clientId } = newClients[0]!;
-      await trx
+      await tx.insert(userClient).values({ userId, clientId });
-        .insertInto("user_client")
+
-        .values({ user_id: userId, client_id: clientId })
+      return clientId;
-        .execute();
+    },
-      return { id: clientId };
+    { behavior: "exclusive" },
-    });
+  );
 };
 export const getClient = async (clientId: number) => {
-  const client = await db
+  const clients = await db.select().from(client).where(eq(client.id, clientId)).limit(1);
-    .selectFrom("client")
+  return clients[0] ?? null;
    .selectAll()
    .where("id", "=", clientId)
    .limit(1)
    .executeTakeFirst();
  return client
    ? ({
        id: client.id,
        encPubKey: client.encryption_public_key,
        sigPubKey: client.signature_public_key,
      } satisfies Client)
    : null;
 };
 export const getClientByPubKeys = async (encPubKey: string, sigPubKey: string) => {
-  const client = await db
+  const clients = await db
-    .selectFrom("client")
+    .select()
-    .selectAll()
+    .from(client)
-    .where("encryption_public_key", "=", encPubKey)
+    .where(and(eq(client.encPubKey, encPubKey), eq(client.sigPubKey, sigPubKey)))
-    .where("signature_public_key", "=", sigPubKey)
+    .limit(1);
-    .limit(1)
+  return clients[0] ?? null;
    .executeTakeFirst();
  return client
    ? ({
        id: client.id,
        encPubKey: client.encryption_public_key,
        sigPubKey: client.signature_public_key,
      } satisfies Client)
    : null;
 };
 export const createUserClient = async (userId: number, clientId: number) => {
  try {
-    await db.insertInto("user_client").values({ user_id: userId, client_id: clientId }).execute();
+    await db.insert(userClient).values({ userId, clientId });
  } catch (e) {
-    if (e instanceof pg.DatabaseError && e.code === "23505") {
+    if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
      throw new IntegrityError("User client already exists");
    }
    throw e;
  }
 };
 export const getAllUserClients = async (userId: number) => {
  return await db.select().from(userClient).where(eq(userClient.userId, userId));
 };
 export const getUserClient = async (userId: number, clientId: number) => {
-  const userClient = await db
+  const userClients = await db
-    .selectFrom("user_client")
+    .select()
-    .selectAll()
+    .from(userClient)
-    .where("user_id", "=", userId)
+    .where(and(eq(userClient.userId, userId), eq(userClient.clientId, clientId)))
-    .where("client_id", "=", clientId)
+    .limit(1);
-    .limit(1)
+  return userClients[0] ?? null;
    .executeTakeFirst();
  return userClient
    ? ({
        userId: userClient.user_id,
        clientId: userClient.client_id,
        state: userClient.state,
      } satisfies UserClient)
    : null;
 };
 export const getUserClientWithDetails = async (userId: number, clientId: number) => {
-  const userClient = await db
+  const userClients = await db
-    .selectFrom("user_client")
+    .select()
-    .innerJoin("client", "user_client.client_id", "client.id")
+    .from(userClient)
-    .selectAll()
+    .innerJoin(client, eq(userClient.clientId, client.id))
-    .where("user_id", "=", userId)
+    .where(and(eq(userClient.userId, userId), eq(userClient.clientId, clientId)))
-    .where("client_id", "=", clientId)
+    .limit(1);
-    .limit(1)
+  return userClients[0] ?? null;
    .executeTakeFirst();
  return userClient
    ? ({
        userId: userClient.user_id,
        clientId: userClient.client_id,
        state: userClient.state,
        encPubKey: userClient.encryption_public_key,
        sigPubKey: userClient.signature_public_key,
      } satisfies UserClientWithDetails)
    : null;
 };
 export const setUserClientStateToPending = async (userId: number, clientId: number) => {
  await db
-    .updateTable("user_client")
+    .update(userClient)
    .set({ state: "pending" })
-    .where("user_id", "=", userId)
+    .where(
-    .where("client_id", "=", clientId)
+      and(
-    .where("state", "=", "challenging")
+        eq(userClient.userId, userId),
-    .execute();
+        eq(userClient.clientId, clientId),
        eq(userClient.state, "challenging"),
      ),
    );
 };
 export const setUserClientStateToActive = async (userId: number, clientId: number) => {
  await db
-    .updateTable("user_client")
+    .update(userClient)
    .set({ state: "active" })
-    .where("user_id", "=", userId)
+    .where(
-    .where("client_id", "=", clientId)
+      and(
-    .where("state", "=", "pending")
+        eq(userClient.userId, userId),
-    .execute();
+        eq(userClient.clientId, clientId),
        eq(userClient.state, "pending"),
      ),
    );
 };
 export const registerUserClientChallenge = async (
@@ -162,36 +110,30 @@ export const registerUserClientChallenge = async (
  allowedIp: string,
  expiresAt: Date,
 ) => {
-  const { id } = await db
+  await db.insert(userClientChallenge).values({
-    .insertInto("user_client_challenge")
+    userId,
-    .values({
+    clientId,
-      user_id: userId,
+    answer,
-      client_id: clientId,
+    allowedIp,
-      answer,
+    expiresAt,
-      allowed_ip: allowedIp,
+  });
      expires_at: expiresAt,
    })
    .returning("id")
    .executeTakeFirstOrThrow();
  return { id };
 };
-export const consumeUserClientChallenge = async (
+export const consumeUserClientChallenge = async (userId: number, answer: string, ip: string) => {
-  challengeId: number,
+  const challenges = await db
-  userId: number,
+    .delete(userClientChallenge)
-  ip: string,
+    .where(
-) => {
+      and(
-  const challenge = await db
+        eq(userClientChallenge.userId, userId),
-    .deleteFrom("user_client_challenge")
+        eq(userClientChallenge.answer, answer),
-    .where("id", "=", challengeId)
+        eq(userClientChallenge.allowedIp, ip),
-    .where("user_id", "=", userId)
+        gt(userClientChallenge.expiresAt, new Date()),
-    .where("allowed_ip", "=", ip)
+      ),
-    .where("expires_at", ">", new Date())
+    )
-    .returning(["client_id", "answer"])
+    .returning({ clientId: userClientChallenge.clientId });
-    .executeTakeFirst();
+  return challenges[0] ?? null;
  return challenge ? { clientId: challenge.client_id, answer: challenge.answer } : null;
 };
 export const cleanupExpiredUserClientChallenges = async () => {
-  await db.deleteFrom("user_client_challenge").where("expires_at", "<=", new Date()).execute();
+  await db.delete(userClientChallenge).where(lte(userClientChallenge.expiresAt, new Date()));
 };
--- a/src/lib/server/db/drizzle.ts
+++ b/src/lib/server/db/drizzle.ts
@@ -0,0 +1,15 @@
 import Database from "better-sqlite3";
 import { drizzle } from "drizzle-orm/better-sqlite3";
 import { migrate } from "drizzle-orm/better-sqlite3/migrator";
 import env from "$lib/server/loadenv";
 const client = new Database(env.databaseUrl);
 const db = drizzle(client);
 export const migrateDB = () => {
  if (process.env.NODE_ENV === "production") {
    migrate(db, { migrationsFolder: "./drizzle" });
  }
 };
 export default db;
--- a/src/lib/server/db/error.ts
+++ b/src/lib/server/db/error.ts
@@ -1,6 +1,4 @@
 type IntegrityErrorMessages =
  // Category
  | "Category not found"
  // Challenge
  | "Challenge already registered"
  // Client
@@ -9,8 +7,6 @@ type IntegrityErrorMessages =
  // File
  | "Directory not found"
  | "File not found"
  | "File not found in category"
  | "File already added to category"
  | "Invalid DEK version"
  // HSK
  | "HSK already registered"
--- a/src/lib/server/db/file.ts
+++ b/src/lib/server/db/file.ts
@@ -1,24 +1,21 @@
-import { sql } from "kysely";
+import { and, eq, isNull } from "drizzle-orm";
-import { jsonArrayFrom } from "kysely/helpers/postgres";
+import db from "./drizzle";
 import pg from "pg";
 import { IntegrityError } from "./error";
-import db from "./kysely";
+import { directory, directoryLog, file, fileLog, hsk, mek } from "./schema";
 import type { Ciphertext } from "./schema";
-interface Directory {
+type DirectoryId = "root" | number;
-  id: number;
+
 export interface NewDirectoryParams {
  parentId: DirectoryId;
  userId: number;
  mekVersion: number;
  encDek: string;
  dekVersion: Date;
-  encName: Ciphertext;
+  encName: string;
  encNameIv: string;
 }
-export type NewDirectory = Omit<Directory, "id">;
+export interface NewFileParams {
 interface File {
  id: number;
  parentId: DirectoryId;
  userId: number;
  path: string;
@@ -29,341 +26,216 @@ interface File {
  contentHmac: string | null;
  contentType: string;
  encContentIv: string;
-  encContentHash: string;
+  encName: string;
-  encName: Ciphertext;
+  encNameIv: string;
-  encCreatedAt: Ciphertext | null;
+  encCreatedAt: string | null;
-  encLastModifiedAt: Ciphertext;
+  encCreatedAtIv: string | null;
  encLastModifiedAt: string;
  encLastModifiedAtIv: string;
 }
-export type NewFile = Omit<File, "id">;
+export const registerDirectory = async (params: NewDirectoryParams) => {
  await db.transaction(
    async (tx) => {
      const meks = await tx
        .select({ version: mek.version })
        .from(mek)
        .where(and(eq(mek.userId, params.userId), eq(mek.state, "active")))
        .limit(1);
      if (meks[0]?.version !== params.mekVersion) {
        throw new IntegrityError("Inactive MEK version");
      }
-interface FileCategory {
+      const newDirectories = await tx
-  id: number;
+        .insert(directory)
-  parentId: CategoryId;
+        .values({
-  mekVersion: number;
+          parentId: params.parentId === "root" ? null : params.parentId,
-  encDek: string;
+          userId: params.userId,
-  dekVersion: Date;
+          mekVersion: params.mekVersion,
-  encName: Ciphertext;
+          encDek: params.encDek,
-}
+          dekVersion: params.dekVersion,
-
+          encName: { ciphertext: params.encName, iv: params.encNameIv },
-export const registerDirectory = async (params: NewDirectory) => {
+        })
-  await db.transaction().execute(async (trx) => {
+        .returning({ id: directory.id });
-    const mek = await trx
+      const { id: directoryId } = newDirectories[0]!;
-      .selectFrom("master_encryption_key")
+      await tx.insert(directoryLog).values({
-      .select("version")
+        directoryId,
      .where("user_id", "=", params.userId)
      .where("state", "=", "active")
      .limit(1)
      .forUpdate()
      .executeTakeFirst();
    if (mek?.version !== params.mekVersion) {
      throw new IntegrityError("Inactive MEK version");
    }
    const { directoryId } = await trx
      .insertInto("directory")
      .values({
        parent_id: params.parentId !== "root" ? params.parentId : null,
        user_id: params.userId,
        master_encryption_key_version: params.mekVersion,
        encrypted_data_encryption_key: params.encDek,
        data_encryption_key_version: params.dekVersion,
        encrypted_name: params.encName,
      })
      .returning("id as directoryId")
      .executeTakeFirstOrThrow();
    await trx
      .insertInto("directory_log")
      .values({
        directory_id: directoryId,
        timestamp: new Date(),
        action: "create",
-        new_name: params.encName,
+        newName: { ciphertext: params.encName, iv: params.encNameIv },
-      })
+      });
-      .execute();
+    },
-  });
+    { behavior: "exclusive" },
 };
 export const getAllDirectoriesByParent = async (userId: number, parentId: DirectoryId) => {
  let query = db.selectFrom("directory").selectAll().where("user_id", "=", userId);
  query =
    parentId === "root"
      ? query.where("parent_id", "is", null)
      : query.where("parent_id", "=", parentId);
  const directories = await query.execute();
  return directories.map(
    (directory) =>
      ({
        id: directory.id,
        parentId: directory.parent_id ?? "root",
        userId: directory.user_id,
        mekVersion: directory.master_encryption_key_version,
        encDek: directory.encrypted_data_encryption_key,
        dekVersion: directory.data_encryption_key_version,
        encName: directory.encrypted_name,
      }) satisfies Directory,
  );
 };
 export const getAllDirectoriesByParent = async (userId: number, parentId: DirectoryId) => {
  return await db
    .select()
    .from(directory)
    .where(
      and(
        eq(directory.userId, userId),
        parentId === "root" ? isNull(directory.parentId) : eq(directory.parentId, parentId),
      ),
    );
 };
 export const getDirectory = async (userId: number, directoryId: number) => {
-  const directory = await db
+  const res = await db
-    .selectFrom("directory")
+    .select()
-    .selectAll()
+    .from(directory)
-    .where("id", "=", directoryId)
+    .where(and(eq(directory.userId, userId), eq(directory.id, directoryId)))
-    .where("user_id", "=", userId)
+    .limit(1);
-    .limit(1)
+  return res[0] ?? null;
    .executeTakeFirst();
  return directory
    ? ({
        id: directory.id,
        parentId: directory.parent_id ?? "root",
        userId: directory.user_id,
        mekVersion: directory.master_encryption_key_version,
        encDek: directory.encrypted_data_encryption_key,
        dekVersion: directory.data_encryption_key_version,
        encName: directory.encrypted_name,
      } satisfies Directory)
    : null;
 };
 export const setDirectoryEncName = async (
  userId: number,
  directoryId: number,
  dekVersion: Date,
-  encName: Ciphertext,
+  encName: string,
  encNameIv: string,
 ) => {
-  await db.transaction().execute(async (trx) => {
+  await db.transaction(
-    const directory = await trx
+    async (tx) => {
-      .selectFrom("directory")
+      const directories = await tx
-      .select("data_encryption_key_version")
+        .select({ version: directory.dekVersion })
-      .where("id", "=", directoryId)
+        .from(directory)
-      .where("user_id", "=", userId)
+        .where(and(eq(directory.userId, userId), eq(directory.id, directoryId)))
-      .limit(1)
+        .limit(1);
-      .forUpdate()
+      if (!directories[0]) {
-      .executeTakeFirst();
+        throw new IntegrityError("Directory not found");
-    if (!directory) {
+      } else if (directories[0].version.getTime() !== dekVersion.getTime()) {
-      throw new IntegrityError("Directory not found");
+        throw new IntegrityError("Invalid DEK version");
-    } else if (directory.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+      }
      throw new IntegrityError("Invalid DEK version");
    }
-    await trx
+      await tx
-      .updateTable("directory")
+        .update(directory)
-      .set({ encrypted_name: encName })
+        .set({ encName: { ciphertext: encName, iv: encNameIv } })
-      .where("id", "=", directoryId)
+        .where(and(eq(directory.userId, userId), eq(directory.id, directoryId)));
-      .where("user_id", "=", userId)
+      await tx.insert(directoryLog).values({
-      .execute();
+        directoryId,
    await trx
      .insertInto("directory_log")
      .values({
        directory_id: directoryId,
        timestamp: new Date(),
        action: "rename",
-        new_name: encName,
+        newName: { ciphertext: encName, iv: encNameIv },
-      })
+      });
-      .execute();
+    },
-  });
+    { behavior: "exclusive" },
  );
 };
 export const unregisterDirectory = async (userId: number, directoryId: number) => {
-  return await db
+  return await db.transaction(
-    .transaction()
+    async (tx) => {
    .setIsolationLevel("repeatable read") // TODO: Sufficient?
    .execute(async (trx) => {
      const unregisterFiles = async (parentId: number) => {
-        const files = await trx
+        return await tx
-          .selectFrom("file")
+          .delete(file)
-          .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
+          .where(and(eq(file.userId, userId), eq(file.parentId, parentId)))
-          .select(["file.id", "file.path", "thumbnail.path as thumbnailPath"])
+          .returning({ id: file.id, path: file.path });
          .where("file.parent_id", "=", parentId)
          .where("file.user_id", "=", userId)
          .forUpdate("file")
          .execute();
        await trx
          .deleteFrom("file")
          .where("parent_id", "=", parentId)
          .where("user_id", "=", userId)
          .execute();
        return files;
      };
      const unregisterDirectoryRecursively = async (
        directoryId: number,
-      ): Promise<{ id: number; path: string; thumbnailPath: string | null }[]> => {
+      ): Promise<{ id: number; path: string }[]> => {
        const files = await unregisterFiles(directoryId);
-        const subDirectories = await trx
+        const subDirectories = await tx
-          .selectFrom("directory")
+          .select({ id: directory.id })
-          .select("id")
+          .from(directory)
-          .where("parent_id", "=", directoryId)
+          .where(and(eq(directory.userId, userId), eq(directory.parentId, directoryId)));
          .where("user_id", "=", userId)
          .execute();
        const subDirectoryFilePaths = await Promise.all(
          subDirectories.map(async ({ id }) => await unregisterDirectoryRecursively(id)),
        );
-        const deleteRes = await trx
+        const deleteRes = await tx.delete(directory).where(eq(directory.id, directoryId));
-          .deleteFrom("directory")
+        if (deleteRes.changes === 0) {
          .where("id", "=", directoryId)
          .where("user_id", "=", userId)
          .executeTakeFirst();
        if (deleteRes.numDeletedRows === 0n) {
          throw new IntegrityError("Directory not found");
        }
        return files.concat(...subDirectoryFilePaths);
      };
      return await unregisterDirectoryRecursively(directoryId);
-    });
+    },
    { behavior: "exclusive" },
  );
 };
-export const registerFile = async (params: NewFile) => {
+export const registerFile = async (params: NewFileParams) => {
-  if ((params.hskVersion && !params.contentHmac) || (!params.hskVersion && params.contentHmac)) {
+  if (
    (params.hskVersion && !params.contentHmac) ||
    (!params.hskVersion && params.contentHmac) ||
    (params.encCreatedAt && !params.encCreatedAtIv) ||
    (!params.encCreatedAt && params.encCreatedAtIv)
  ) {
    throw new Error("Invalid arguments");
  }
-  return await db.transaction().execute(async (trx) => {
+  await db.transaction(
-    const mek = await trx
+    async (tx) => {
-      .selectFrom("master_encryption_key")
+      const meks = await tx
-      .select("version")
+        .select({ version: mek.version })
-      .where("user_id", "=", params.userId)
+        .from(mek)
-      .where("state", "=", "active")
+        .where(and(eq(mek.userId, params.userId), eq(mek.state, "active")))
-      .limit(1)
+        .limit(1);
-      .forUpdate()
+      if (meks[0]?.version !== params.mekVersion) {
-      .executeTakeFirst();
+        throw new IntegrityError("Inactive MEK version");
    if (mek?.version !== params.mekVersion) {
      throw new IntegrityError("Inactive MEK version");
    }
    if (params.hskVersion) {
      const hsk = await trx
        .selectFrom("hmac_secret_key")
        .select("version")
        .where("user_id", "=", params.userId)
        .where("state", "=", "active")
        .limit(1)
        .forUpdate()
        .executeTakeFirst();
      if (hsk?.version !== params.hskVersion) {
        throw new IntegrityError("Inactive HSK version");
      }
    }
-    const { fileId } = await trx
+      if (params.hskVersion) {
-      .insertInto("file")
+        const hsks = await tx
-      .values({
+          .select({ version: hsk.version })
-        parent_id: params.parentId !== "root" ? params.parentId : null,
+          .from(hsk)
-        user_id: params.userId,
+          .where(and(eq(hsk.userId, params.userId), eq(hsk.state, "active")))
-        path: params.path,
+          .limit(1);
-        master_encryption_key_version: params.mekVersion,
+        if (hsks[0]?.version !== params.hskVersion) {
-        encrypted_data_encryption_key: params.encDek,
+          throw new IntegrityError("Inactive HSK version");
-        data_encryption_key_version: params.dekVersion,
+        }
-        hmac_secret_key_version: params.hskVersion,
+      }
-        content_hmac: params.contentHmac,
+
-        content_type: params.contentType,
+      const newFiles = await tx
-        encrypted_content_iv: params.encContentIv,
+        .insert(file)
-        encrypted_content_hash: params.encContentHash,
+        .values({
-        encrypted_name: params.encName,
+          path: params.path,
-        encrypted_created_at: params.encCreatedAt,
+          parentId: params.parentId === "root" ? null : params.parentId,
-        encrypted_last_modified_at: params.encLastModifiedAt,
+          userId: params.userId,
-      })
+          mekVersion: params.mekVersion,
-      .returning("id as fileId")
+          hskVersion: params.hskVersion,
-      .executeTakeFirstOrThrow();
+          contentHmac: params.contentHmac,
-    await trx
+          contentType: params.contentType,
-      .insertInto("file_log")
+          encDek: params.encDek,
-      .values({
+          dekVersion: params.dekVersion,
-        file_id: fileId,
+          encContentIv: params.encContentIv,
          encName: { ciphertext: params.encName, iv: params.encNameIv },
          encCreatedAt:
            params.encCreatedAt && params.encCreatedAtIv
              ? { ciphertext: params.encCreatedAt, iv: params.encCreatedAtIv }
              : null,
          encLastModifiedAt: {
            ciphertext: params.encLastModifiedAt,
            iv: params.encLastModifiedAtIv,
          },
        })
        .returning({ id: file.id });
      const { id: fileId } = newFiles[0]!;
      await tx.insert(fileLog).values({
        fileId,
        timestamp: new Date(),
        action: "create",
-        new_name: params.encName,
+        newName: { ciphertext: params.encName, iv: params.encNameIv },
-      })
+      });
-      .execute();
+    },
-    return { id: fileId };
+    { behavior: "exclusive" },
-  });
+  );
 };
 export const getAllFilesByParent = async (userId: number, parentId: DirectoryId) => {
-  let query = db.selectFrom("file").selectAll().where("user_id", "=", userId);
+  return await db
-  query =
+    .select()
-    parentId === "root"
+    .from(file)
-      ? query.where("parent_id", "is", null)
+    .where(
-      : query.where("parent_id", "=", parentId);
+      and(
-  const files = await query.execute();
+        eq(file.userId, userId),
-  return files.map(
+        parentId === "root" ? isNull(file.parentId) : eq(file.parentId, parentId),
-    (file) =>
+      ),
-      ({
+    );
        id: file.id,
        parentId: file.parent_id ?? "root",
        userId: file.user_id,
        path: file.path,
        mekVersion: file.master_encryption_key_version,
        encDek: file.encrypted_data_encryption_key,
        dekVersion: file.data_encryption_key_version,
        hskVersion: file.hmac_secret_key_version,
        contentHmac: file.content_hmac,
        contentType: file.content_type,
        encContentIv: file.encrypted_content_iv,
        encContentHash: file.encrypted_content_hash,
        encName: file.encrypted_name,
        encCreatedAt: file.encrypted_created_at,
        encLastModifiedAt: file.encrypted_last_modified_at,
      }) satisfies File,
  );
 };
 export const getAllFilesByCategory = async (
  userId: number,
  categoryId: number,
  recurse: boolean,
 ) => {
  const files = await db
    .withRecursive("category_tree", (db) =>
      db
        .selectFrom("category")
        .select(["id", sql<number>`0`.as("depth")])
        .where("id", "=", categoryId)
        .where("user_id", "=", userId)
        .$if(recurse, (qb) =>
          qb.unionAll((db) =>
            db
              .selectFrom("category")
              .innerJoin("category_tree", "category.parent_id", "category_tree.id")
              .select(["category.id", sql<number>`depth + 1`.as("depth")]),
          ),
        ),
    )
    .selectFrom("category_tree")
    .innerJoin("file_category", "category_tree.id", "file_category.category_id")
    .innerJoin("file", "file_category.file_id", "file.id")
    .select(["file_id", "depth"])
    .selectAll("file")
    .distinctOn("file_id")
    .orderBy("file_id")
    .orderBy("depth")
    .execute();
  return files.map(
    (file) =>
      ({
        id: file.file_id,
        parentId: file.parent_id ?? "root",
        userId: file.user_id,
        path: file.path,
        mekVersion: file.master_encryption_key_version,
        encDek: file.encrypted_data_encryption_key,
        dekVersion: file.data_encryption_key_version,
        hskVersion: file.hmac_secret_key_version,
        contentHmac: file.content_hmac,
        contentType: file.content_type,
        encContentIv: file.encrypted_content_iv,
        encContentHash: file.encrypted_content_hash,
        encName: file.encrypted_name,
        encCreatedAt: file.encrypted_created_at,
        encLastModifiedAt: file.encrypted_last_modified_at,
        isRecursive: file.depth > 0,
      }) satisfies File & { isRecursive: boolean },
  );
 };
 export const getAllFileIds = async (userId: number) => {
  const files = await db.selectFrom("file").select("id").where("user_id", "=", userId).execute();
  return files.map(({ id }) => id);
 };
 export const getAllFileIdsByContentHmac = async (
@@ -371,213 +243,69 @@ export const getAllFileIdsByContentHmac = async (
  hskVersion: number,
  contentHmac: string,
 ) => {
-  const files = await db
+  return await db
-    .selectFrom("file")
+    .select({ id: file.id })
-    .select("id")
+    .from(file)
-    .where("user_id", "=", userId)
+    .where(
-    .where("hmac_secret_key_version", "=", hskVersion)
+      and(
-    .where("content_hmac", "=", contentHmac)
+        eq(file.userId, userId),
-    .execute();
+        eq(file.hskVersion, hskVersion),
-  return files.map(({ id }) => id);
+        eq(file.contentHmac, contentHmac),
      ),
    );
 };
 export const getFile = async (userId: number, fileId: number) => {
-  const file = await db
+  const res = await db
-    .selectFrom("file")
+    .select()
-    .selectAll()
+    .from(file)
-    .where("id", "=", fileId)
+    .where(and(eq(file.userId, userId), eq(file.id, fileId)))
-    .where("user_id", "=", userId)
+    .limit(1);
-    .limit(1)
+  return res[0] ?? null;
    .executeTakeFirst();
  return file
    ? ({
        id: file.id,
        parentId: file.parent_id ?? "root",
        userId: file.user_id,
        path: file.path,
        mekVersion: file.master_encryption_key_version,
        encDek: file.encrypted_data_encryption_key,
        dekVersion: file.data_encryption_key_version,
        hskVersion: file.hmac_secret_key_version,
        contentHmac: file.content_hmac,
        contentType: file.content_type,
        encContentIv: file.encrypted_content_iv,
        encContentHash: file.encrypted_content_hash,
        encName: file.encrypted_name,
        encCreatedAt: file.encrypted_created_at,
        encLastModifiedAt: file.encrypted_last_modified_at,
      } satisfies File)
    : null;
 };
 export const getFilesWithCategories = async (userId: number, fileIds: number[]) => {
  const files = await db
    .selectFrom("file")
    .selectAll()
    .select((eb) =>
      jsonArrayFrom(
        eb
          .selectFrom("file_category")
          .innerJoin("category", "file_category.category_id", "category.id")
          .where("file_category.file_id", "=", eb.ref("file.id"))
          .selectAll("category"),
      ).as("categories"),
    )
    .where("id", "=", (eb) => eb.fn.any(eb.val(fileIds)))
    .where("user_id", "=", userId)
    .execute();
  return files.map(
    (file) =>
      ({
        id: file.id,
        parentId: file.parent_id ?? "root",
        userId: file.user_id,
        path: file.path,
        mekVersion: file.master_encryption_key_version,
        encDek: file.encrypted_data_encryption_key,
        dekVersion: file.data_encryption_key_version,
        hskVersion: file.hmac_secret_key_version,
        contentHmac: file.content_hmac,
        contentType: file.content_type,
        encContentIv: file.encrypted_content_iv,
        encContentHash: file.encrypted_content_hash,
        encName: file.encrypted_name,
        encCreatedAt: file.encrypted_created_at,
        encLastModifiedAt: file.encrypted_last_modified_at,
        categories: file.categories.map((category) => ({
          id: category.id,
          parentId: category.parent_id ?? "root",
          mekVersion: category.master_encryption_key_version,
          encDek: category.encrypted_data_encryption_key,
          dekVersion: new Date(category.data_encryption_key_version),
          encName: category.encrypted_name,
        })),
      }) satisfies File & { categories: FileCategory[] },
  );
 };
 export const setFileEncName = async (
  userId: number,
  fileId: number,
  dekVersion: Date,
-  encName: Ciphertext,
+  encName: string,
  encNameIv: string,
 ) => {
-  await db.transaction().execute(async (trx) => {
+  await db.transaction(
-    const file = await trx
+    async (tx) => {
-      .selectFrom("file")
+      const files = await tx
-      .select("data_encryption_key_version")
+        .select({ version: file.dekVersion })
-      .where("id", "=", fileId)
+        .from(file)
-      .where("user_id", "=", userId)
+        .where(and(eq(file.userId, userId), eq(file.id, fileId)))
-      .limit(1)
+        .limit(1);
-      .forUpdate()
+      if (!files[0]) {
-      .executeTakeFirst();
+        throw new IntegrityError("File not found");
-    if (!file) {
+      } else if (files[0].version.getTime() !== dekVersion.getTime()) {
-      throw new IntegrityError("File not found");
+        throw new IntegrityError("Invalid DEK version");
-    } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+      }
      throw new IntegrityError("Invalid DEK version");
    }
-    await trx
+      await tx
-      .updateTable("file")
+        .update(file)
-      .set({ encrypted_name: encName })
+        .set({ encName: { ciphertext: encName, iv: encNameIv } })
-      .where("id", "=", fileId)
+        .where(and(eq(file.userId, userId), eq(file.id, fileId)));
-      .where("user_id", "=", userId)
+      await tx.insert(fileLog).values({
-      .execute();
+        fileId,
    await trx
      .insertInto("file_log")
      .values({
        file_id: fileId,
        timestamp: new Date(),
        action: "rename",
-        new_name: encName,
+        newName: { ciphertext: encName, iv: encNameIv },
-      })
+      });
-      .execute();
+    },
-  });
+    { behavior: "exclusive" },
 };
 export const unregisterFile = async (userId: number, fileId: number) => {
  return await db.transaction().execute(async (trx) => {
    const file = await trx
      .selectFrom("file")
      .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
      .select(["file.path", "thumbnail.path as thumbnailPath"])
      .where("file.id", "=", fileId)
      .where("file.user_id", "=", userId)
      .forUpdate("file")
      .executeTakeFirst();
    if (!file) {
      throw new IntegrityError("File not found");
    }
    await trx.deleteFrom("file").where("id", "=", fileId).execute();
    return file;
  });
 };
 export const addFileToCategory = async (fileId: number, categoryId: number) => {
  await db.transaction().execute(async (trx) => {
    try {
      await trx
        .insertInto("file_category")
        .values({ file_id: fileId, category_id: categoryId })
        .execute();
      await trx
        .insertInto("file_log")
        .values({
          file_id: fileId,
          timestamp: new Date(),
          action: "add-to-category",
          category_id: categoryId,
        })
        .execute();
    } catch (e) {
      if (e instanceof pg.DatabaseError && e.code === "23505") {
        throw new IntegrityError("File already added to category");
      }
      throw e;
    }
  });
 };
 export const getAllFileCategories = async (fileId: number) => {
  const categories = await db
    .selectFrom("file_category")
    .innerJoin("category", "file_category.category_id", "category.id")
    .selectAll("category")
    .where("file_id", "=", fileId)
    .execute();
  return categories.map(
    (category) =>
      ({
        id: category.id,
        parentId: category.parent_id ?? "root",
        mekVersion: category.master_encryption_key_version,
        encDek: category.encrypted_data_encryption_key,
        dekVersion: category.data_encryption_key_version,
        encName: category.encrypted_name,
      }) satisfies FileCategory,
  );
 };
-export const removeFileFromCategory = async (fileId: number, categoryId: number) => {
+export const unregisterFile = async (userId: number, fileId: number) => {
-  await db.transaction().execute(async (trx) => {
+  const files = await db
-    const res = await trx
+    .delete(file)
-      .deleteFrom("file_category")
+    .where(and(eq(file.userId, userId), eq(file.id, fileId)))
-      .where("file_id", "=", fileId)
+    .returning({ path: file.path });
-      .where("category_id", "=", categoryId)
+  if (!files[0]) {
-      .executeTakeFirst();
+    throw new IntegrityError("File not found");
-    if (res.numDeletedRows === 0n) {
+  }
-      throw new IntegrityError("File not found in category");
+  return files[0].path;
    }
    await trx
      .insertInto("file_log")
      .values({
        file_id: fileId,
        timestamp: new Date(),
        action: "remove-from-category",
        category_id: categoryId,
      })
      .execute();
  });
 };
--- a/src/lib/server/db/hsk.ts
+++ b/src/lib/server/db/hsk.ts
@@ -1,15 +1,8 @@
-import pg from "pg";
+import { SqliteError } from "better-sqlite3";
 import { and, eq } from "drizzle-orm";
 import db from "./drizzle";
 import { IntegrityError } from "./error";
-import db from "./kysely";
+import { hsk, hskLog } from "./schema";
 import type { HskState } from "./schema";
 interface Hsk {
  userId: number;
  version: number;
  state: HskState;
  mekVersion: number;
  encHsk: string;
 }
 export const registerInitialHsk = async (
  userId: number,
@@ -17,52 +10,37 @@ export const registerInitialHsk = async (
  mekVersion: number,
  encHsk: string,
 ) => {
-  await db.transaction().execute(async (trx) => {
+  await db.transaction(
-    try {
+    async (tx) => {
-      await trx
+      try {
-        .insertInto("hmac_secret_key")
+        await tx.insert(hsk).values({
-        .values({
+          userId,
          user_id: userId,
          version: 1,
          state: "active",
-          master_encryption_key_version: mekVersion,
+          mekVersion,
-          encrypted_key: encHsk,
+          encHsk,
-        })
+        });
-        .execute();
+        await tx.insert(hskLog).values({
-      await trx
+          userId,
-        .insertInto("hmac_secret_key_log")
+          hskVersion: 1,
        .values({
          user_id: userId,
          hmac_secret_key_version: 1,
          timestamp: new Date(),
          action: "create",
-          action_by: createdBy,
+          actionBy: createdBy,
-        })
+        });
-        .execute();
+      } catch (e) {
-    } catch (e) {
+        if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
-      if (e instanceof pg.DatabaseError && e.code === "23505") {
+          throw new IntegrityError("HSK already registered");
-        throw new IntegrityError("HSK already registered");
+        }
        throw e;
      }
-      throw e;
+    },
-    }
+    { behavior: "exclusive" },
-  });
+  );
 };
 export const getAllValidHsks = async (userId: number) => {
-  const hsks = await db
+  return await db
-    .selectFrom("hmac_secret_key")
+    .select()
-    .selectAll()
+    .from(hsk)
-    .where("user_id", "=", userId)
+    .where(and(eq(hsk.userId, userId), eq(hsk.state, "active")));
    .where("state", "=", "active")
    .execute();
  return hsks.map(
    ({ user_id, version, state, master_encryption_key_version, encrypted_key }) =>
      ({
        userId: user_id,
        version,
        state: state as "active",
        mekVersion: master_encryption_key_version,
        encHsk: encrypted_key,
      }) satisfies Hsk,
  );
 };
--- a/src/lib/server/db/index.ts
+++ b/src/lib/server/db/index.ts
@@ -1,10 +0,0 @@
 export * as CategoryRepo from "./category";
 export * as ClientRepo from "./client";
 export * as FileRepo from "./file";
 export * as HskRepo from "./hsk";
 export * as MediaRepo from "./media";
 export * as MekRepo from "./mek";
 export * as SessionRepo from "./session";
 export * as UserRepo from "./user";
 export * from "./error";
--- a/src/lib/server/db/kysely.ts
+++ b/src/lib/server/db/kysely.ts
@@ -1,47 +0,0 @@
 import { Kysely, PostgresDialect, Migrator } from "kysely";
 import pg from "pg";
 import env from "$lib/server/loadenv";
 import migrations from "./migrations";
 import type { Database } from "./schema";
 const dialect = new PostgresDialect({
  pool: new pg.Pool({
    host: env.database.host,
    port: env.database.port,
    user: env.database.user,
    password: env.database.password,
    database: env.database.name,
  }),
 });
 const db = new Kysely<Database>({ dialect });
 export const migrateDB = async () => {
  if (env.nodeEnv !== "production") return;
  const migrator = new Migrator({
    db,
    provider: {
      async getMigrations() {
        return migrations;
      },
    },
  });
  const { error, results } = await migrator.migrateToLatest();
  if (error) {
    const migration = results?.find(({ status }) => status === "Error");
    if (migration) {
      console.error(`Migration "${migration.migrationName}" failed.`);
    }
    console.error(error);
    process.exit(1);
  }
  if (results?.length === 0) {
    console.log("Database is up-to-date.");
  } else {
    console.log("Database migration completed.");
  }
 };
 export default db;
--- a/src/lib/server/db/media.ts
+++ b/src/lib/server/db/media.ts
@@ -1,110 +0,0 @@
 import type { NotNull } from "kysely";
 import { IntegrityError } from "./error";
 import db from "./kysely";
 interface Thumbnail {
  id: number;
  path: string;
  updatedAt: Date;
  encContentIv: string;
 }
 interface FileThumbnail extends Thumbnail {
  fileId: number;
 }
 export const updateFileThumbnail = async (
  userId: number,
  fileId: number,
  dekVersion: Date,
  path: string,
  encContentIv: string,
 ) => {
  return await db.transaction().execute(async (trx) => {
    const file = await trx
      .selectFrom("file")
      .select("data_encryption_key_version")
      .where("id", "=", fileId)
      .where("user_id", "=", userId)
      .limit(1)
      .forUpdate()
      .executeTakeFirst();
    if (!file) {
      throw new IntegrityError("File not found");
    } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
      throw new IntegrityError("Invalid DEK version");
    }
    const thumbnail = await trx
      .selectFrom("thumbnail")
      .select("path as oldPath")
      .where("file_id", "=", fileId)
      .limit(1)
      .forUpdate()
      .executeTakeFirst();
    const now = new Date();
    await trx
      .insertInto("thumbnail")
      .values({
        file_id: fileId,
        path,
        updated_at: now,
        encrypted_content_iv: encContentIv,
      })
      .onConflict((oc) =>
        oc.column("file_id").doUpdateSet({
          path,
          updated_at: now,
          encrypted_content_iv: encContentIv,
        }),
      )
      .execute();
    return thumbnail?.oldPath ?? null;
  });
 };
 export const getFileThumbnail = async (userId: number, fileId: number) => {
  const thumbnail = await db
    .selectFrom("thumbnail")
    .innerJoin("file", "thumbnail.file_id", "file.id")
    .selectAll("thumbnail")
    .where("file.id", "=", fileId)
    .where("file.user_id", "=", userId)
    .$narrowType<{ file_id: NotNull }>()
    .limit(1)
    .executeTakeFirst();
  return thumbnail
    ? ({
        id: thumbnail.id,
        fileId: thumbnail.file_id,
        path: thumbnail.path,
        encContentIv: thumbnail.encrypted_content_iv,
        updatedAt: thumbnail.updated_at,
      } satisfies FileThumbnail)
    : null;
 };
 export const getMissingFileThumbnails = async (userId: number, limit: number = 100) => {
  const files = await db
    .selectFrom("file")
    .select("id")
    .where("user_id", "=", userId)
    .where((eb) =>
      eb.or([eb("content_type", "like", "image/%"), eb("content_type", "like", "video/%")]),
    )
    .where((eb) =>
      eb.not(
        eb.exists(
          eb
            .selectFrom("thumbnail")
            .select("thumbnail.id")
            .whereRef("thumbnail.file_id", "=", "file.id")
            .limit(1),
        ),
      ),
    )
    .limit(limit)
    .execute();
  return files.map(({ id }) => id);
 };
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
static	aef43b8bfa	Merge pull request #6 from kmc7468/dev v0.3.0	2025-01-18 13:29:09 +09:00
static	7f128cccf6	Merge pull request #5 from kmc7468/dev v0.2.0	2025-01-13 03:53:14 +09:00
static	a198e5f6dc	Merge pull request #2 from kmc7468/dev v0.1.0	2025-01-09 06:24:31 +09:00
		`@@ -0,0 +1,2 @@`
							ALTER TABLE `file` ADD `encrypted_created_at` text;--> statement-breakpoint
							ALTER TABLE `file` ADD `encrypted_last_modified_at` text NOT NULL;
`@@ -1,2 +1 @@`
	`export { default as CheckBox } from "./CheckBox.svelte";`
	`export { default as TextInput } from "./TextInput.svelte";`	`export { default as TextInput } from "./TextInput.svelte";`
		`@@ -0,0 +1,2 @@`
							`export * from "./callApi";`
							`export * from "./gotoStateful";`