Merge pull request #21 from kmc7468/dev

v0.9.1

.dockerignore

@@ -12,6 +12,7 @@ node_modules
 /data
 /library
 /thumbnails
+/uploads
 
 # OS
 .DS_Store

.env.example

@@ -12,3 +12,4 @@ USER_CLIENT_CHALLENGE_EXPIRES=
 SESSION_UPGRADE_CHALLENGE_EXPIRES=
 LIBRARY_PATH=
 THUMBNAILS_PATH=
+UPLOADS_PATH=

.github/workflows/docker.yaml

@@ -0,0 +1,45 @@
+name: Docker Image Build
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=raw,value=latest
+            type=sha
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.gitignore

@@ -10,6 +10,7 @@ node_modules
 /data
 /library
 /thumbnails
+/uploads
 
 # OS
 .DS_Store

Dockerfile

@@ -2,11 +2,7 @@
 FROM node:22-alpine AS base
 WORKDIR /app
 
-RUN apk add --no-cache bash curl && \
+RUN npm install -g pnpm@10
-    curl -o /usr/local/bin/wait-for-it https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh && \
-    chmod +x /usr/local/bin/wait-for-it
-
-RUN npm install -g pnpm@9
 COPY pnpm-lock.yaml .
 
 # Build Stage
@@ -29,4 +25,4 @@ COPY --from=build /app/build ./build
 
 EXPOSE 3000
 ENV BODY_SIZE_LIMIT=Infinity
-CMD ["bash", "-c", "wait-for-it ${DATABASE_HOST:-localhost}:${DATABASE_PORT:-5432} -- node ./build/index.js"]
+CMD ["node", "./build/index.js"]

docker-compose.yaml

@@ -3,11 +3,13 @@ services:
     build: .
     restart: unless-stopped
     depends_on:
-      - database
+      database:
+        condition: service_healthy
     user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
     volumes:
       - ./data/library:/app/data/library
       - ./data/thumbnails:/app/data/thumbnails
+      - ./data/uploads:/app/data/uploads
     environment:
       # ArkVault
       - DATABASE_HOST=database
@@ -19,6 +21,7 @@ services:
       - SESSION_UPGRADE_CHALLENGE_EXPIRES
       - LIBRARY_PATH=/app/data/library
       - THUMBNAILS_PATH=/app/data/thumbnails
+      - UPLOADS_PATH=/app/data/uploads
       # SvelteKit
       - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
       - XFF_DEPTH=${TRUST_PROXY:-}
@@ -35,3 +38,8 @@ services:
     environment:
       - POSTGRES_USER=arkvault
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD:?}
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5

eslint.config.js

@@ -1,23 +1,24 @@
 import { includeIgnoreFile } from "@eslint/compat";
 import js from "@eslint/js";
-import svelteQuery from "@tanstack/eslint-plugin-query";
+import { defineConfig } from "eslint/config";
 import prettier from "eslint-config-prettier";
 import svelte from "eslint-plugin-svelte";
 import tailwind from "eslint-plugin-tailwindcss";
 import globals from "globals";
 import ts from "typescript-eslint";
 import { fileURLToPath } from "url";
+import svelteConfig from "./svelte.config.js";
 
 const gitignorePath = fileURLToPath(new URL("./.gitignore", import.meta.url));
 
-export default ts.config(
+export default defineConfig(
   includeIgnoreFile(gitignorePath),
   js.configs.recommended,
   ...ts.configs.recommended,
-  ...svelte.configs["flat/recommended"],
+  ...svelte.configs.recommended,
   ...tailwind.configs["flat/recommended"],
   prettier,
-  ...svelte.configs["flat/prettier"],
+  ...svelte.configs.prettier,
   {
     languageOptions: {
       globals: {
@@ -25,14 +26,19 @@ export default ts.config(
         ...globals.node,
       },
     },
+    rules: {
+      "no-undef": "off",
+    },
   },
   {
-    files: ["**/*.svelte"],
+    files: ["**/*.svelte", "**/*.svelte.ts", "**/*.svelte.js"],
     languageOptions: {
       parserOptions: {
+        projectService: true,
+        extraFileExtensions: [".svelte"],
         parser: ts.parser,
+        svelteConfig,
       },
     },
   },
-  ...svelteQuery.configs["flat/recommended"],
 );

package.json

@@ -1,7 +1,7 @@
 {
   "name": "arkvault",
   "private": true,
-  "version": "0.5.1",
+  "version": "0.9.0",
   "type": "module",
   "scripts": {
     "dev": "vite dev",
@@ -16,55 +16,59 @@
     "db:migrate": "kysely migrate"
   },
   "devDependencies": {
-    "@eslint/compat": "^1.3.1",
+    "@eslint/compat": "^2.0.1",
-    "@iconify-json/material-symbols": "^1.2.29",
+    "@eslint/js": "^9.39.2",
-    "@sveltejs/adapter-node": "^5.2.13",
+    "@iconify-json/material-symbols": "^1.2.51",
-    "@sveltejs/kit": "^2.22.5",
+    "@noble/hashes": "^2.0.1",
-    "@sveltejs/vite-plugin-svelte": "^4.0.4",
+    "@sveltejs/adapter-node": "^5.5.1",
-    "@tanstack/eslint-plugin-query": "^5.81.2",
+    "@sveltejs/kit": "^2.49.5",
-    "@tanstack/svelte-query": "^5.83.0",
+    "@sveltejs/vite-plugin-svelte": "^6.2.4",
+    "@tanstack/svelte-virtual": "^3.13.18",
+    "@trpc/client": "^11.8.1",
     "@types/file-saver": "^2.0.7",
     "@types/ms": "^0.7.34",
     "@types/node-schedule": "^2.1.8",
-    "@types/pg": "^8.15.4",
+    "@types/pg": "^8.16.0",
-    "autoprefixer": "^10.4.21",
+    "autoprefixer": "^10.4.23",
-    "axios": "^1.10.0",
+    "axios": "^1.13.2",
-    "dexie": "^4.0.11",
+    "dexie": "^4.2.1",
-    "eslint": "^9.30.1",
+    "es-hangul": "^2.3.8",
-    "eslint-config-prettier": "^10.1.5",
+    "eslint": "^9.39.2",
-    "eslint-plugin-svelte": "^3.10.1",
+    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-tailwindcss": "^3.18.0",
+    "eslint-plugin-svelte": "^3.14.0",
-    "exifreader": "^4.31.1",
+    "eslint-plugin-tailwindcss": "^3.18.2",
+    "exifreader": "^4.36.0",
     "file-saver": "^2.0.5",
-    "globals": "^16.3.0",
+    "globals": "^17.0.0",
     "heic2any": "^0.0.4",
-    "kysely-ctl": "^0.13.1",
+    "kysely-ctl": "^0.20.0",
-    "lru-cache": "^11.1.0",
+    "lru-cache": "^11.2.4",
-    "mime": "^4.0.7",
+    "mime": "^4.1.0",
-    "p-limit": "^6.2.0",
+    "p-limit": "^7.2.0",
-    "prettier": "^3.6.2",
+    "prettier": "^3.8.0",
-    "prettier-plugin-svelte": "^3.4.0",
+    "prettier-plugin-svelte": "^3.4.1",
-    "prettier-plugin-tailwindcss": "^0.6.14",
+    "prettier-plugin-tailwindcss": "^0.7.2",
-    "svelte": "^5.35.6",
+    "svelte": "^5.46.4",
-    "svelte-check": "^4.2.2",
+    "svelte-check": "^4.3.5",
-    "tailwindcss": "^3.4.17",
+    "tailwindcss": "^3.4.19",
-    "typescript": "^5.8.3",
+    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.36.0",
+    "typescript-eslint": "^8.53.0",
-    "unplugin-icons": "^22.1.0",
+    "unplugin-icons": "^23.0.1",
-    "vite": "^5.4.19"
+    "vite": "^7.3.1"
   },
   "dependencies": {
-    "@fastify/busboy": "^3.1.1",
+    "@trpc/server": "^11.8.1",
-    "argon2": "^0.43.0",
+    "argon2": "^0.44.0",
-    "kysely": "^0.28.2",
+    "kysely": "^0.28.9",
     "ms": "^2.1.3",
     "node-schedule": "^2.1.1",
-    "pg": "^8.16.3",
+    "pg": "^8.17.1",
-    "uuid": "^11.1.0",
+    "superjson": "^2.2.6",
-    "zod": "^3.25.76"
+    "uuid": "^13.0.0",
+    "zod": "^4.3.5"
   },
   "engines": {
     "node": "^22.0.0",
-    "pnpm": "^9.0.0"
+    "pnpm": "^10.0.0"
   }
 }

src/hooks.client.ts

@@ -1,7 +1,6 @@
 import type { ClientInit } from "@sveltejs/kit";
 import { cleanupDanglingInfos, getClientKey, getMasterKeys, getHmacSecrets } from "$lib/indexedDB";
 import { prepareFileCache } from "$lib/modules/file";
-import { prepareOpfs } from "$lib/modules/opfs";
 import { clientKeyStore, masterKeyStore, hmacSecretStore } from "$lib/stores";
 
 const requestPersistentStorage = async () => {
@@ -46,7 +45,6 @@ export const init: ClientInit = async () => {
     prepareClientKeyStore(),
     prepareMasterKeyStore(),
     prepareHmacSecretStore(),
-    prepareOpfs(),
   ]);
 
   cleanupDanglingInfos(); // Intended

src/hooks.server.ts

@@ -8,6 +8,7 @@ import {
   cleanupExpiredSessionUpgradeChallenges,
 } from "$lib/server/db/session";
 import { authenticate, setAgentInfo } from "$lib/server/middlewares";
+import { cleanupExpiredUploadSessions } from "$lib/server/services/upload";
 
 export const init: ServerInit = async () => {
   await migrateDB();
@@ -16,6 +17,7 @@ export const init: ServerInit = async () => {
     cleanupExpiredUserClientChallenges();
     cleanupExpiredSessions();
     cleanupExpiredSessionUpgradeChallenges();
+    cleanupExpiredUploadSessions();
   });
 };
 

src/lib/components/atoms/Chip.svelte

@@ -0,0 +1,53 @@
+<script lang="ts">
+  import type { Snippet } from "svelte";
+  import type { ClassValue } from "svelte/elements";
+
+  import IconClose from "~icons/material-symbols/close";
+
+  interface Props {
+    children: Snippet;
+    class?: ClassValue;
+    onclick?: () => void;
+    onRemoveClick?: () => void;
+    removable?: boolean;
+    selected?: boolean;
+  }
+
+  let {
+    children,
+    class: className,
+    onclick = () => (selected = !selected),
+    onRemoveClick,
+    removable = false,
+    selected = $bindable(false),
+  }: Props = $props();
+</script>
+
+<!-- svelte-ignore a11y_no_static_element_interactions -->
+<!-- svelte-ignore a11y_click_events_have_key_events -->
+<div
+  onclick={onclick && (() => setTimeout(onclick, 100))}
+  class={[
+    "inline-flex cursor-pointer items-center gap-x-1 rounded-lg px-3 py-1.5 text-sm font-medium transition active:scale-95",
+    selected
+      ? "bg-primary-500 text-white active:bg-primary-400"
+      : "bg-gray-100 text-gray-700 active:bg-gray-200",
+    className,
+  ]}
+>
+  <span>
+    {@render children()}
+  </span>
+  {#if removable && selected}
+    <button
+      onclick={(e) => {
+        e.stopPropagation();
+        if (onRemoveClick) {
+          setTimeout(onRemoveClick, 100);
+        }
+      }}
+    >
+      <IconClose />
+    </button>
+  {/if}
+</div>

src/lib/components/atoms/RowVirtualizer.svelte

@@ -0,0 +1,70 @@
+<script lang="ts">
+  import { createWindowVirtualizer } from "@tanstack/svelte-virtual";
+  import type { Snippet } from "svelte";
+  import type { ClassValue } from "svelte/elements";
+
+  interface Props {
+    class?: ClassValue;
+    count: number;
+    estimateItemHeight: (index: number) => number;
+    getItemKey?: (index: number) => string | number;
+    item: Snippet<[index: number]>;
+    itemGap?: number;
+    placeholder?: Snippet;
+  }
+
+  let {
+    class: className,
+    count,
+    estimateItemHeight,
+    getItemKey,
+    item,
+    itemGap,
+    placeholder,
+  }: Props = $props();
+
+  let element: HTMLElement | undefined = $state();
+  let scrollMargin = $state(0);
+
+  let virtualizer = $derived(
+    createWindowVirtualizer({
+      count,
+      estimateSize: estimateItemHeight,
+      gap: itemGap,
+      getItemKey: getItemKey,
+      scrollMargin,
+    }),
+  );
+
+  const measureItem = (node: HTMLElement) => {
+    $effect(() => $virtualizer.measureElement(node));
+  };
+
+  $effect(() => {
+    if (!element) return;
+
+    const observer = new ResizeObserver(() => {
+      scrollMargin = Math.round(element!.getBoundingClientRect().top + window.scrollY);
+    });
+    observer.observe(element.parentElement!);
+    return () => observer.disconnect();
+  });
+</script>
+
+<div bind:this={element} class={["relative", className]}>
+  <div style:height="{$virtualizer.getTotalSize()}px">
+    {#each $virtualizer.getVirtualItems() as virtualItem (virtualItem.key)}
+      <div
+        class="absolute left-0 top-0 w-full"
+        style:transform="translateY({virtualItem.start - scrollMargin}px)"
+        data-index={virtualItem.index}
+        use:measureItem
+      >
+        {@render item(virtualItem.index)}
+      </div>
+    {/each}
+  </div>
+  {#if placeholder && count === 0}
+    {@render placeholder()}
+  {/if}
+</div>

src/lib/components/atoms/buttons/ActionEntryButton.svelte

@@ -49,7 +49,7 @@
   </div>
 </div>
 
-<style>
+<style lang="postcss">
   #container:active:not(:has(#action-button:active)) {
     @apply bg-gray-100;
   }

src/lib/components/atoms/buttons/FileThumbnailButton.svelte

@@ -0,0 +1,34 @@
+<script lang="ts">
+  import { getFileThumbnail } from "$lib/modules/file";
+  import type { SummarizedFileInfo } from "$lib/modules/filesystem";
+
+  import IconFavorite from "~icons/material-symbols/favorite";
+
+  interface Props {
+    info: SummarizedFileInfo;
+    onclick?: (file: SummarizedFileInfo) => void;
+  }
+
+  let { info, onclick }: Props = $props();
+
+  let thumbnail = $derived(getFileThumbnail(info));
+</script>
+
+<button
+  onclick={onclick && (() => setTimeout(() => onclick(info), 100))}
+  class="relative aspect-square overflow-hidden rounded transition active:scale-95 active:brightness-90"
+>
+  {#if $thumbnail}
+    <img src={$thumbnail} alt={info.name} class="h-full w-full object-cover" />
+  {:else}
+    <div class="h-full w-full bg-gray-100"></div>
+  {/if}
+  {#if info.isFavorite}
+    <div class={["absolute bottom-0.5 right-0.5"]}>
+      <IconFavorite
+        class="text-sm text-red-500"
+        style="filter: drop-shadow(0 0 1px white) drop-shadow(0 0 1px white)"
+      />
+    </div>
+  {/if}
+</button>

src/lib/components/atoms/buttons/index.ts

@@ -1,5 +1,6 @@
 export { default as ActionEntryButton } from "./ActionEntryButton.svelte";
 export { default as Button } from "./Button.svelte";
 export { default as EntryButton } from "./EntryButton.svelte";
+export { default as FileThumbnailButton } from "./FileThumbnailButton.svelte";
 export { default as FloatingButton } from "./FloatingButton.svelte";
 export { default as TextButton } from "./TextButton.svelte";

src/lib/components/atoms/index.ts

@@ -1,5 +1,7 @@
 export { default as BottomSheet } from "./BottomSheet.svelte";
 export * from "./buttons";
+export { default as Chip } from "./Chip.svelte";
 export * from "./divs";
 export * from "./inputs";
 export { default as Modal } from "./Modal.svelte";
+export { default as RowVirtualizer } from "./RowVirtualizer.svelte";

src/lib/components/atoms/inputs/TextInput.svelte

@@ -28,7 +28,7 @@
   </div>
 </div>
 
-<style>
+<style lang="postcss">
   input:focus,
   input:not(:placeholder-shown) {
     @apply border-primary-300;

src/lib/components/molecules/Categories.svelte

@@ -0,0 +1,44 @@
+<script module lang="ts">
+  import type { DataKey } from "$lib/modules/filesystem";
+
+  export interface SelectedCategory {
+    id: number;
+    dataKey?: DataKey;
+    name: string;
+  }
+</script>
+
+<script lang="ts">
+  import type { Component } from "svelte";
+  import type { SvelteHTMLElements } from "svelte/elements";
+  import { ActionEntryButton } from "$lib/components/atoms";
+  import { CategoryLabel } from "$lib/components/molecules";
+  import type { SubCategoryInfo } from "$lib/modules/filesystem";
+  import { sortEntries } from "$lib/utils";
+
+  interface Props {
+    categories: SubCategoryInfo[];
+    categoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
+    onCategoryClick: (category: SelectedCategory) => void;
+    onCategoryMenuClick?: (category: SelectedCategory) => void;
+  }
+
+  let { categories, categoryMenuIcon, onCategoryClick, onCategoryMenuClick }: Props = $props();
+
+  let categoriesWithName = $derived(sortEntries([...categories]));
+</script>
+
+{#if categoriesWithName.length > 0}
+  <div class="space-y-1">
+    {#each categoriesWithName as category (category.id)}
+      <ActionEntryButton
+        class="h-12"
+        onclick={() => onCategoryClick(category)}
+        actionButtonIcon={categoryMenuIcon}
+        onActionButtonClick={() => onCategoryMenuClick?.(category)}
+      >
+        <CategoryLabel name={category.name} />
+      </ActionEntryButton>
+    {/each}
+  </div>
+{/if}

src/lib/components/molecules/Categories/Categories.svelte

@@ -1,56 +0,0 @@
-<script lang="ts">
-  import type { Component } from "svelte";
-  import type { SvelteHTMLElements } from "svelte/elements";
-  import { derived } from "svelte/store";
-  import type { CategoryId } from "$lib/indexedDB";
-  import { getCategoryInfo, type SubCategoryInfo } from "$lib/modules/filesystem2";
-  import { SortBy, sortEntries } from "$lib/modules/util";
-  import { masterKeyStore } from "$lib/stores";
-  import Category from "./Category.svelte";
-  import type { SelectedCategory } from "./service";
-
-  interface Props {
-    categoryIds: CategoryId[];
-    categoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
-    onCategoryClick: (category: SelectedCategory) => void;
-    onCategoryMenuClick?: (category: SelectedCategory) => void;
-    sortBy?: SortBy;
-  }
-
-  let {
-    categoryIds,
-    categoryMenuIcon,
-    onCategoryClick,
-    onCategoryMenuClick,
-    sortBy = SortBy.NAME_ASC,
-  }: Props = $props();
-
-  let categories = $derived(
-    derived(
-      categoryIds.map((id) => getCategoryInfo(id, $masterKeyStore?.get(1)?.key!)),
-      (infos) => {
-        const categories = infos
-          .filter(($info) => $info.status === "success")
-          .map(($info) => ({
-            name: $info.data.name,
-            info: $info.data as SubCategoryInfo,
-          }));
-        sortEntries(categories, sortBy);
-        return categories;
-      },
-    ),
-  );
-</script>
-
-{#if $categories.length > 0}
-  <div class="space-y-1">
-    {#each $categories as { info }}
-      <Category
-        {info}
-        menuIcon={categoryMenuIcon}
-        onclick={onCategoryClick}
-        onMenuClick={onCategoryMenuClick}
-      />
-    {/each}
-  </div>
-{/if}

src/lib/components/molecules/Categories/Category.svelte

@@ -1,40 +0,0 @@
-<script lang="ts">
-  import type { Component } from "svelte";
-  import type { SvelteHTMLElements } from "svelte/elements";
-  import { ActionEntryButton } from "$lib/components/atoms";
-  import { CategoryLabel } from "$lib/components/molecules";
-  import type { SubCategoryInfo } from "$lib/modules/filesystem2";
-  import type { SelectedCategory } from "./service";
-
-  interface Props {
-    info: SubCategoryInfo;
-    menuIcon?: Component<SvelteHTMLElements["svg"]>;
-    onclick: (category: SelectedCategory) => void;
-    onMenuClick?: (category: SelectedCategory) => void;
-  }
-
-  let { info, menuIcon, onclick, onMenuClick }: Props = $props();
-
-  const openCategory = () => {
-    const { id, dataKey, dataKeyVersion, name } = info;
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
-
-    onclick({ id, dataKey, dataKeyVersion, name });
-  };
-
-  const openMenu = () => {
-    const { id, dataKey, dataKeyVersion, name } = info;
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
-
-    onMenuClick!({ id, dataKey, dataKeyVersion, name });
-  };
-</script>
-
-<ActionEntryButton
-  class="h-12"
-  onclick={openCategory}
-  actionButtonIcon={menuIcon}
-  onActionButtonClick={openMenu}
->
-  <CategoryLabel name={info.name} />
-</ActionEntryButton>

src/lib/components/molecules/Categories/index.ts

@@ -1,2 +0,0 @@
-export { default } from "./Categories.svelte";
-export * from "./service";

src/lib/components/molecules/Categories/service.ts

@@ -1,6 +0,0 @@
-export interface SelectedCategory {
-  id: number;
-  dataKey: CryptoKey;
-  dataKeyVersion: Date;
-  name: string;
-}

src/lib/components/molecules/SubCategories.svelte

@@ -2,7 +2,7 @@
   import type { Component } from "svelte";
   import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
   import { Categories, IconEntryButton, type SelectedCategory } from "$lib/components/molecules";
-  import type { CategoryInfo } from "$lib/modules/filesystem2";
+  import type { CategoryInfo } from "$lib/modules/filesystem";
 
   import IconAddCircle from "~icons/material-symbols/add-circle";
 
@@ -10,9 +10,9 @@
     class?: ClassValue;
     info: CategoryInfo;
     onSubCategoryClick: (subCategory: SelectedCategory) => void;
-    onSubCategoryCreateClick: () => void;
+    onSubCategoryCreateClick?: () => void;
     onSubCategoryMenuClick?: (category: SelectedCategory) => void;
-    subCategoryCreatePosition?: "top" | "bottom";
+    subCategoryCreatePosition?: "top" | "bottom" | "none";
     subCategoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
   }
 
@@ -22,7 +22,7 @@
     onSubCategoryClick,
     onSubCategoryCreateClick,
     onSubCategoryMenuClick,
-    subCategoryCreatePosition = "bottom",
+    subCategoryCreatePosition = "none",
     subCategoryMenuIcon,
   }: Props = $props();
 </script>
@@ -43,14 +43,12 @@
   {#if subCategoryCreatePosition === "top"}
     {@render subCategoryCreate()}
   {/if}
-  {#key info}
+  <Categories
-    <Categories
+    categories={info.subCategories}
-      categoryIds={info.subCategoryIds}
+    categoryMenuIcon={subCategoryMenuIcon}
-      categoryMenuIcon={subCategoryMenuIcon}
+    onCategoryClick={onSubCategoryClick}
-      onCategoryClick={onSubCategoryClick}
+    onCategoryMenuClick={onSubCategoryMenuClick}
-      onCategoryMenuClick={onSubCategoryMenuClick}
+  />
-    />
-  {/key}
   {#if subCategoryCreatePosition === "bottom"}
     {@render subCategoryCreate()}
   {/if}

src/lib/components/molecules/TopBar.svelte

@@ -8,10 +8,11 @@
     children?: Snippet;
     class?: ClassValue;
     onBackClick?: () => void;
+    showBackButton?: boolean;
     title?: string;
   }
 
-  let { children, class: className, onBackClick, title }: Props = $props();
+  let { children, class: className, onBackClick, showBackButton = true, title }: Props = $props();
 </script>
 
 <div
@@ -20,12 +21,16 @@
     className,
   ]}
 >
-  <button
+  <div class="w-[2.3rem] flex-shrink-0">
-    onclick={onBackClick || (() => history.back())}
+    {#if showBackButton}
-    class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
+      <button
-  >
+        onclick={onBackClick ?? (() => history.back())}
-    <IconArrowBack class="text-2xl" />
+        class="w-full rounded-full p-1 text-2xl active:bg-black active:bg-opacity-[0.04]"
-  </button>
+      >
+        <IconArrowBack />
+      </button>
+    {/if}
+  </div>
   {#if title}
     <p class="flex-grow truncate text-center text-lg font-semibold">{title}</p>
   {/if}

src/lib/components/molecules/index.ts

@@ -1,7 +1,7 @@
 export * from "./ActionModal.svelte";
 export { default as ActionModal } from "./ActionModal.svelte";
-export * from "./Categories";
+export * from "./Categories.svelte";
-export { default as Categories } from "./Categories";
+export { default as Categories } from "./Categories.svelte";
 export { default as IconEntryButton } from "./IconEntryButton.svelte";
 export * from "./labels";
 export { default as SubCategories } from "./SubCategories.svelte";

src/lib/components/molecules/labels/DirectoryEntryLabel.svelte

@@ -3,19 +3,23 @@
   import { IconLabel } from "$lib/components/molecules";
 
   import IconFolder from "~icons/material-symbols/folder";
+  import IconDriveFolderUpload from "~icons/material-symbols/drive-folder-upload";
   import IconDraft from "~icons/material-symbols/draft";
+  import IconFavorite from "~icons/material-symbols/favorite";
 
   interface Props {
     class?: ClassValue;
+    isFavorite?: boolean;
     name: string;
     subtext?: string;
     textClass?: ClassValue;
     thumbnail?: string;
-    type: "directory" | "file";
+    type: "directory" | "parent-directory" | "file";
   }
 
   let {
     class: className,
+    isFavorite = false,
     name,
     subtext,
     textClass: textClassName,
@@ -25,14 +29,24 @@
 </script>
 
 {#snippet iconSnippet()}
-  <div class="flex h-10 w-10 items-center justify-center text-xl">
+  <div class="relative flex h-10 w-10 items-center justify-center text-xl">
     {#if thumbnail}
       <img src={thumbnail} alt={name} loading="lazy" class="aspect-square rounded object-cover" />
     {:else if type === "directory"}
       <IconFolder />
+    {:else if type === "parent-directory"}
+      <IconDriveFolderUpload class="text-yellow-500" />
     {:else}
       <IconDraft class="text-blue-400" />
     {/if}
+    {#if isFavorite}
+      <div class={["absolute bottom-0 right-0", !thumbnail && "rounded-full bg-white p-0.5"]}>
+        <IconFavorite
+          class="text-xs text-red-500"
+          style="filter: drop-shadow(0 0 1px white) drop-shadow(0 0 1px white)"
+        />
+      </div>
+    {/if}
   </div>
 {/snippet}
 

src/lib/components/organisms/Category/Category.svelte

@@ -1,104 +0,0 @@
-<script lang="ts">
-  import { derived } from "svelte/store";
-  import { CheckBox } from "$lib/components/atoms";
-  import { SubCategories, type SelectedCategory } from "$lib/components/molecules";
-  import { getFileInfo, type CategoryInfo } from "$lib/modules/filesystem2";
-  import { SortBy, sortEntries } from "$lib/modules/util";
-  import { masterKeyStore } from "$lib/stores";
-  import File from "./File.svelte";
-  import type { SelectedFile } from "./service";
-
-  import IconMoreVert from "~icons/material-symbols/more-vert";
-
-  interface Props {
-    info: CategoryInfo;
-    onFileClick: (file: SelectedFile) => void;
-    onFileRemoveClick: (file: SelectedFile) => void;
-    onSubCategoryClick: (subCategory: SelectedCategory) => void;
-    onSubCategoryCreateClick: () => void;
-    onSubCategoryMenuClick: (subCategory: SelectedCategory) => void;
-    sortBy?: SortBy;
-    isFileRecursive?: boolean;
-  }
-
-  let {
-    info,
-    onFileClick,
-    onFileRemoveClick,
-    onSubCategoryClick,
-    onSubCategoryCreateClick,
-    onSubCategoryMenuClick,
-    sortBy = SortBy.NAME_ASC,
-    isFileRecursive = $bindable(),
-  }: Props = $props();
-
-  let fileInfos = $derived(
-    info.files
-      ?.filter(({ isRecursive }) => isFileRecursive || !isRecursive)
-      .map(({ id, isRecursive }) => ({
-        info: getFileInfo(id, $masterKeyStore?.get(1)?.key!),
-        isRecursive,
-      })) ?? [],
-  );
-  let files = $derived(
-    derived(
-      fileInfos.map(({ info }) => info),
-      (infos) => {
-        const files = infos
-          .map(($info, i) => {
-            if ($info.status === "success") {
-              return {
-                name: $info.data.name,
-                isRecursive: fileInfos[i]!.isRecursive,
-                info: $info.data,
-              };
-            }
-            return undefined;
-          })
-          .filter((info) => info !== undefined);
-        sortEntries(files, sortBy);
-        return files;
-      },
-    ),
-  );
-</script>
-
-<div class="space-y-4">
-  <div class="space-y-4 bg-white p-4">
-    {#if info.id !== "root"}
-      <p class="text-lg font-bold text-gray-800">하위 카테고리</p>
-    {/if}
-    <SubCategories
-      {info}
-      {onSubCategoryClick}
-      {onSubCategoryCreateClick}
-      {onSubCategoryMenuClick}
-      subCategoryMenuIcon={IconMoreVert}
-    />
-  </div>
-  {#if info.id !== "root"}
-    <div class="space-y-4 bg-white p-4">
-      <div class="flex items-center justify-between">
-        <p class="text-lg font-bold text-gray-800">파일</p>
-        {#if isFileRecursive !== undefined}
-          <CheckBox bind:checked={isFileRecursive}>
-            <p class="font-medium">하위 카테고리의 파일</p>
-          </CheckBox>
-        {/if}
-      </div>
-      <div class="space-y-1">
-        {#key info}
-          {#each $files as { info, isRecursive }}
-            <File
-              {info}
-              onclick={onFileClick}
-              onRemoveClick={!isRecursive ? onFileRemoveClick : undefined}
-            />
-          {:else}
-            <p class="text-gray-500 text-center">이 카테고리에 추가된 파일이 없어요.</p>
-          {/each}
-        {/key}
-      </div>
-    </div>
-  {/if}
-</div>

src/lib/components/organisms/Category/File.svelte

@@ -1,56 +0,0 @@
-<script lang="ts">
-  import { ActionEntryButton } from "$lib/components/atoms";
-  import { DirectoryEntryLabel } from "$lib/components/molecules";
-  import type { FileInfo } from "$lib/modules/filesystem2";
-  import { requestFileThumbnailDownload, type SelectedFile } from "./service";
-
-  import IconClose from "~icons/material-symbols/close";
-
-  interface Props {
-    info: FileInfo;
-    onclick: (selectedFile: SelectedFile) => void;
-    onRemoveClick?: (selectedFile: SelectedFile) => void;
-  }
-
-  let { info, onclick, onRemoveClick }: Props = $props();
-
-  let thumbnail: string | undefined = $state();
-
-  const openFile = () => {
-    const { id, dataKey, dataKeyVersion, name } = info;
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
-
-    onclick({ id, dataKey, dataKeyVersion, name });
-  };
-
-  const removeFile = () => {
-    const { id, dataKey, dataKeyVersion, name } = info;
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
-
-    onRemoveClick!({ id, dataKey, dataKeyVersion, name });
-  };
-
-  $effect(() => {
-    if (info.dataKey) {
-      requestFileThumbnailDownload(info.id, info.dataKey)
-        .then((thumbnailUrl) => {
-          thumbnail = thumbnailUrl ?? undefined;
-        })
-        .catch(() => {
-          // TODO: Error Handling
-          thumbnail = undefined;
-        });
-    } else {
-      thumbnail = undefined;
-    }
-  });
-</script>
-
-<ActionEntryButton
-  class="h-12"
-  onclick={openFile}
-  actionButtonIcon={onRemoveClick && IconClose}
-  onActionButtonClick={removeFile}
->
-  <DirectoryEntryLabel type="file" {thumbnail} name={info.name} />
-</ActionEntryButton>

src/lib/components/organisms/Category/index.ts

@@ -1,2 +0,0 @@
-export { default } from "./Category.svelte";
-export * from "./service";

src/lib/components/organisms/Category/service.ts

@@ -1,8 +0,0 @@
-export { requestFileThumbnailDownload } from "$lib/services/file";
-
-export interface SelectedFile {
-  id: number;
-  dataKey: CryptoKey;
-  dataKeyVersion: Date;
-  name: string;
-}

src/lib/components/organisms/index.ts

@@ -1,3 +1 @@
-export * from "./Category";
-export { default as Category } from "./Category";
 export * from "./modals";

src/lib/constants/index.ts

@@ -0,0 +1,2 @@
+export * from "./serviceWorker";
+export * from "./upload";

src/lib/constants/serviceWorker.ts

@@ -0,0 +1 @@
+export const DECRYPTED_FILE_URL_PREFIX = "/_internal/decryptedFile/";

src/lib/constants/upload.ts

@@ -0,0 +1,6 @@
+export const AES_GCM_IV_SIZE = 12;
+export const AES_GCM_TAG_SIZE = 16;
+export const ENCRYPTION_OVERHEAD = AES_GCM_IV_SIZE + AES_GCM_TAG_SIZE;
+
+export const CHUNK_SIZE = 4 * 1024 * 1024; // 4 MiB
+export const ENCRYPTED_CHUNK_SIZE = CHUNK_SIZE + ENCRYPTION_OVERHEAD;

src/lib/hooks/callApi.ts

@@ -1,24 +0,0 @@
-interface FetchOptions {
-  fetch?: typeof fetch;
-  signal?: AbortSignal;
-}
-
-export const callGetApi = async (
-  input: RequestInfo,
-  { fetch = globalThis.fetch, signal }: FetchOptions = {},
-) => {
-  return await fetch(input, { method: "GET", signal });
-};
-
-export const callPostApi = async <T>(
-  input: RequestInfo,
-  payload?: T,
-  { fetch = globalThis.fetch, signal }: FetchOptions = {},
-) => {
-  return await fetch(input, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: payload ? JSON.stringify(payload) : undefined,
-    signal,
-  });
-};

src/lib/hooks/index.ts

@@ -1,2 +0,0 @@
-export * from "./callApi";
-export * from "./gotoStateful";

src/lib/indexedDB/cacheIndex.ts

@@ -20,7 +20,12 @@ export const getFileCacheIndex = async () => {
 };
 
 export const storeFileCacheIndex = async (fileCacheIndex: FileCacheIndex) => {
-  await cacheIndex.fileCache.put(fileCacheIndex);
+  await cacheIndex.fileCache.put({
+    fileId: fileCacheIndex.fileId,
+    cachedAt: fileCacheIndex.cachedAt,
+    lastRetrievedAt: fileCacheIndex.lastRetrievedAt,
+    size: fileCacheIndex.size,
+  });
 };
 
 export const deleteFileCacheIndex = async (fileId: number) => {

src/lib/indexedDB/filesystem.ts

@@ -1,11 +1,10 @@
 import { Dexie, type EntityTable } from "dexie";
 
-export type DirectoryId = "root" | number;
-
 interface DirectoryInfo {
   id: number;
   parentId: DirectoryId;
   name: string;
+  isFavorite: boolean;
 }
 
 interface FileInfo {
@@ -15,17 +14,16 @@ interface FileInfo {
   contentType: string;
   createdAt?: Date;
   lastModifiedAt: Date;
-  categoryIds: number[];
+  categoryIds?: number[];
+  isFavorite: boolean;
 }
 
-export type CategoryId = "root" | number;
-
 interface CategoryInfo {
   id: number;
   parentId: CategoryId;
   name: string;
-  files: { id: number; isRecursive: boolean }[];
+  files?: { id: number; isRecursive: boolean }[];
-  isFileRecursive: boolean;
+  isFileRecursive?: boolean;
 }
 
 const filesystem = new Dexie("filesystem") as Dexie & {
@@ -50,6 +48,23 @@ filesystem
       });
   });
 
+filesystem.version(4).upgrade(async (trx) => {
+  await Promise.all([
+    trx
+      .table("directory")
+      .toCollection()
+      .modify((directory) => {
+        directory.isFavorite = false;
+      }),
+    trx
+      .table("file")
+      .toCollection()
+      .modify((file) => {
+        file.isFavorite = false;
+      }),
+  ]);
+});
+
 export const getDirectoryInfos = async (parentId: DirectoryId) => {
   return await filesystem.directory.where({ parentId }).toArray();
 };
@@ -59,17 +74,27 @@ export const getDirectoryInfo = async (id: number) => {
 };
 
 export const storeDirectoryInfo = async (directoryInfo: DirectoryInfo) => {
-  await filesystem.directory.put(directoryInfo);
+  await filesystem.directory.upsert(directoryInfo.id, {
-};
+    parentId: directoryInfo.parentId,
-
+    name: directoryInfo.name,
-export const updateDirectoryInfo = async (id: number, changes: { name?: string }) => {
+    isFavorite: directoryInfo.isFavorite,
-  await filesystem.directory.update(id, changes);
+  });
 };
 
 export const deleteDirectoryInfo = async (id: number) => {
   await filesystem.directory.delete(id);
 };
 
+export const deleteDanglingDirectoryInfos = async (
+  parentId: DirectoryId,
+  validIds: Set<number>,
+) => {
+  await filesystem.directory
+    .where({ parentId })
+    .and((directory) => !validIds.has(directory.id))
+    .delete();
+};
+
 export const getAllFileInfos = async () => {
   return await filesystem.file.toArray();
 };
@@ -82,18 +107,37 @@ export const getFileInfo = async (id: number) => {
   return await filesystem.file.get(id);
 };
 
-export const storeFileInfo = async (fileInfo: FileInfo) => {
+export const bulkGetFileInfos = async (ids: number[]) => {
-  await filesystem.file.put(fileInfo);
+  return await filesystem.file.bulkGet(ids);
 };
 
-export const updateFileInfo = async (id: number, changes: { name?: string }) => {
+export const storeFileInfo = async (fileInfo: FileInfo) => {
-  await filesystem.file.update(id, changes);
+  await filesystem.file.upsert(fileInfo.id, {
+    parentId: fileInfo.parentId,
+    name: fileInfo.name,
+    contentType: fileInfo.contentType,
+    createdAt: fileInfo.createdAt,
+    lastModifiedAt: fileInfo.lastModifiedAt,
+    categoryIds: fileInfo.categoryIds,
+    isFavorite: fileInfo.isFavorite,
+  });
 };
 
 export const deleteFileInfo = async (id: number) => {
   await filesystem.file.delete(id);
 };
 
+export const bulkDeleteFileInfos = async (ids: number[]) => {
+  await filesystem.file.bulkDelete(ids);
+};
+
+export const deleteDanglingFileInfos = async (parentId: DirectoryId, validIds: Set<number>) => {
+  await filesystem.file
+    .where({ parentId })
+    .and((file) => !validIds.has(file.id))
+    .delete();
+};
+
 export const getCategoryInfos = async (parentId: CategoryId) => {
   return await filesystem.category.where({ parentId }).toArray();
 };
@@ -103,13 +147,15 @@ export const getCategoryInfo = async (id: number) => {
 };
 
 export const storeCategoryInfo = async (categoryInfo: CategoryInfo) => {
-  await filesystem.category.put(categoryInfo);
+  await filesystem.category.upsert(categoryInfo.id, {
+    parentId: categoryInfo.parentId,
+    name: categoryInfo.name,
+    files: categoryInfo.files,
+    isFileRecursive: categoryInfo.isFileRecursive,
+  });
 };
 
-export const updateCategoryInfo = async (
+export const updateCategoryInfo = async (id: number, changes: { isFileRecursive?: boolean }) => {
-  id: number,
-  changes: { name?: string; isFileRecursive?: boolean },
-) => {
   await filesystem.category.update(id, changes);
 };
 
@@ -117,6 +163,13 @@ export const deleteCategoryInfo = async (id: number) => {
   await filesystem.category.delete(id);
 };
 
+export const deleteDanglingCategoryInfos = async (parentId: CategoryId, validIds: Set<number>) => {
+  await filesystem.category
+    .where({ parentId })
+    .and((category) => !validIds.has(category.id))
+    .delete();
+};
+
 export const cleanupDanglingInfos = async () => {
   const validDirectoryIds: number[] = [];
   const validFileIds: number[] = [];

src/lib/indexedDB/keyStore.ts

@@ -70,12 +70,12 @@ export const storeMasterKeys = async (keys: MasterKey[]) => {
 };
 
 export const getHmacSecrets = async () => {
-  return await keyStore.hmacSecret.toArray();
+  return (await keyStore.hmacSecret.toArray()).filter(({ secret }) => secret.extractable);
 };
 
 export const storeHmacSecrets = async (secrets: HmacSecret[]) => {
-  if (secrets.some(({ secret }) => secret.extractable)) {
+  if (secrets.some(({ secret }) => !secret.extractable)) {
-    throw new Error("Hmac secrets must be nonextractable");
+    throw new Error("Hmac secrets must be extractable");
   }
   await keyStore.hmacSecret.bulkPut(secrets);
 };

src/lib/modules/crypto/aes.ts

@@ -1,8 +1,15 @@
-import { encodeString, decodeString, encodeToBase64, decodeFromBase64 } from "./util";
+import { AES_GCM_IV_SIZE } from "$lib/constants";
+import {
+  encodeString,
+  decodeString,
+  encodeToBase64,
+  decodeFromBase64,
+  concatenateBuffers,
+} from "./utils";
 
 export const generateMasterKey = async () => {
   return {
-    masterKey: await window.crypto.subtle.generateKey(
+    masterKey: await crypto.subtle.generateKey(
       {
         name: "AES-KW",
         length: 256,
@@ -15,7 +22,7 @@ export const generateMasterKey = async () => {
 
 export const generateDataKey = async () => {
   return {
-    dataKey: await window.crypto.subtle.generateKey(
+    dataKey: await crypto.subtle.generateKey(
       {
         name: "AES-GCM",
         length: 256,
@@ -28,9 +35,9 @@ export const generateDataKey = async () => {
 };
 
 export const makeAESKeyNonextractable = async (key: CryptoKey) => {
-  return await window.crypto.subtle.importKey(
+  return await crypto.subtle.importKey(
     "raw",
-    await window.crypto.subtle.exportKey("raw", key),
+    await crypto.subtle.exportKey("raw", key),
     key.algorithm,
     false,
     key.usages,
@@ -38,12 +45,12 @@ export const makeAESKeyNonextractable = async (key: CryptoKey) => {
 };
 
 export const wrapDataKey = async (dataKey: CryptoKey, masterKey: CryptoKey) => {
-  return encodeToBase64(await window.crypto.subtle.wrapKey("raw", dataKey, masterKey, "AES-KW"));
+  return encodeToBase64(await crypto.subtle.wrapKey("raw", dataKey, masterKey, "AES-KW"));
 };
 
 export const unwrapDataKey = async (dataKeyWrapped: string, masterKey: CryptoKey) => {
   return {
-    dataKey: await window.crypto.subtle.unwrapKey(
+    dataKey: await crypto.subtle.unwrapKey(
       "raw",
       decodeFromBase64(dataKeyWrapped),
       masterKey,
@@ -56,12 +63,12 @@ export const unwrapDataKey = async (dataKeyWrapped: string, masterKey: CryptoKey
 };
 
 export const wrapHmacSecret = async (hmacSecret: CryptoKey, masterKey: CryptoKey) => {
-  return encodeToBase64(await window.crypto.subtle.wrapKey("raw", hmacSecret, masterKey, "AES-KW"));
+  return encodeToBase64(await crypto.subtle.wrapKey("raw", hmacSecret, masterKey, "AES-KW"));
 };
 
 export const unwrapHmacSecret = async (hmacSecretWrapped: string, masterKey: CryptoKey) => {
   return {
-    hmacSecret: await window.crypto.subtle.unwrapKey(
+    hmacSecret: await crypto.subtle.unwrapKey(
       "raw",
       decodeFromBase64(hmacSecretWrapped),
       masterKey,
@@ -70,15 +77,15 @@ export const unwrapHmacSecret = async (hmacSecretWrapped: string, masterKey: Cry
         name: "HMAC",
         hash: "SHA-256",
       } satisfies HmacImportParams,
-      false, // Nonextractable
+      true, // Extractable
       ["sign", "verify"],
     ),
   };
 };
 
 export const encryptData = async (data: BufferSource, dataKey: CryptoKey) => {
-  const iv = window.crypto.getRandomValues(new Uint8Array(12));
+  const iv = crypto.getRandomValues(new Uint8Array(12));
-  const ciphertext = await window.crypto.subtle.encrypt(
+  const ciphertext = await crypto.subtle.encrypt(
     {
       name: "AES-GCM",
       iv,
@@ -86,14 +93,18 @@ export const encryptData = async (data: BufferSource, dataKey: CryptoKey) => {
     dataKey,
     data,
   );
-  return { ciphertext, iv: encodeToBase64(iv.buffer) };
+  return { ciphertext, iv: iv.buffer };
 };
 
-export const decryptData = async (ciphertext: BufferSource, iv: string, dataKey: CryptoKey) => {
+export const decryptData = async (
-  return await window.crypto.subtle.decrypt(
+  ciphertext: BufferSource,
+  iv: string | BufferSource,
+  dataKey: CryptoKey,
+) => {
+  return await crypto.subtle.decrypt(
     {
       name: "AES-GCM",
-      iv: decodeFromBase64(iv),
+      iv: typeof iv === "string" ? decodeFromBase64(iv) : iv,
     } satisfies AesGcmParams,
     dataKey,
     ciphertext,
@@ -102,9 +113,22 @@ export const decryptData = async (ciphertext: BufferSource, iv: string, dataKey:
 
 export const encryptString = async (plaintext: string, dataKey: CryptoKey) => {
   const { ciphertext, iv } = await encryptData(encodeString(plaintext), dataKey);
-  return { ciphertext: encodeToBase64(ciphertext), iv };
+  return { ciphertext: encodeToBase64(ciphertext), iv: encodeToBase64(iv) };
 };
 
 export const decryptString = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
   return decodeString(await decryptData(decodeFromBase64(ciphertext), iv, dataKey));
 };
+
+export const encryptChunk = async (chunk: ArrayBuffer, dataKey: CryptoKey) => {
+  const { ciphertext, iv } = await encryptData(chunk, dataKey);
+  return concatenateBuffers(iv, ciphertext).buffer;
+};
+
+export const decryptChunk = async (encryptedChunk: ArrayBuffer, dataKey: CryptoKey) => {
+  return await decryptData(
+    encryptedChunk.slice(AES_GCM_IV_SIZE),
+    encryptedChunk.slice(0, AES_GCM_IV_SIZE),
+    dataKey,
+  );
+};

src/lib/modules/crypto/index.ts

@@ -1,4 +1,4 @@
 export * from "./aes";
 export * from "./rsa";
 export * from "./sha";
-export * from "./util";
+export * from "./utils";

src/lib/modules/crypto/rsa.ts

@@ -1,7 +1,7 @@
-import { encodeString, encodeToBase64, decodeFromBase64 } from "./util";
+import { encodeString, encodeToBase64, decodeFromBase64 } from "./utils";
 
 export const generateEncryptionKeyPair = async () => {
-  const keyPair = await window.crypto.subtle.generateKey(
+  const keyPair = await crypto.subtle.generateKey(
     {
       name: "RSA-OAEP",
       modulusLength: 4096,
@@ -18,7 +18,7 @@ export const generateEncryptionKeyPair = async () => {
 };
 
 export const generateSigningKeyPair = async () => {
-  const keyPair = await window.crypto.subtle.generateKey(
+  const keyPair = await crypto.subtle.generateKey(
     {
       name: "RSA-PSS",
       modulusLength: 4096,
@@ -37,7 +37,7 @@ export const generateSigningKeyPair = async () => {
 export const exportRSAKey = async (key: CryptoKey) => {
   const format = key.type === "public" ? ("spki" as const) : ("pkcs8" as const);
   return {
-    key: await window.crypto.subtle.exportKey(format, key),
+    key: await crypto.subtle.exportKey(format, key),
     format,
   };
 };
@@ -54,14 +54,14 @@ export const importEncryptionKeyPairFromBase64 = async (
     name: "RSA-OAEP",
     hash: "SHA-256",
   };
-  const encryptKey = await window.crypto.subtle.importKey(
+  const encryptKey = await crypto.subtle.importKey(
     "spki",
     decodeFromBase64(encryptKeyBase64),
     algorithm,
     true,
     ["encrypt", "wrapKey"],
   );
-  const decryptKey = await window.crypto.subtle.importKey(
+  const decryptKey = await crypto.subtle.importKey(
     "pkcs8",
     decodeFromBase64(decryptKeyBase64),
     algorithm,
@@ -79,14 +79,14 @@ export const importSigningKeyPairFromBase64 = async (
     name: "RSA-PSS",
     hash: "SHA-256",
   };
-  const signKey = await window.crypto.subtle.importKey(
+  const signKey = await crypto.subtle.importKey(
     "pkcs8",
     decodeFromBase64(signKeyBase64),
     algorithm,
     true,
     ["sign"],
   );
-  const verifyKey = await window.crypto.subtle.importKey(
+  const verifyKey = await crypto.subtle.importKey(
     "spki",
     decodeFromBase64(verifyKeyBase64),
     algorithm,
@@ -98,17 +98,11 @@ export const importSigningKeyPairFromBase64 = async (
 
 export const makeRSAKeyNonextractable = async (key: CryptoKey) => {
   const { key: exportedKey, format } = await exportRSAKey(key);
-  return await window.crypto.subtle.importKey(
+  return await crypto.subtle.importKey(format, exportedKey, key.algorithm, false, key.usages);
-    format,
-    exportedKey,
-    key.algorithm,
-    false,
-    key.usages,
-  );
 };
 
 export const decryptChallenge = async (challenge: string, decryptKey: CryptoKey) => {
-  return await window.crypto.subtle.decrypt(
+  return await crypto.subtle.decrypt(
     {
       name: "RSA-OAEP",
     } satisfies RsaOaepParams,
@@ -119,7 +113,7 @@ export const decryptChallenge = async (challenge: string, decryptKey: CryptoKey)
 
 export const wrapMasterKey = async (masterKey: CryptoKey, encryptKey: CryptoKey) => {
   return encodeToBase64(
-    await window.crypto.subtle.wrapKey("raw", masterKey, encryptKey, {
+    await crypto.subtle.wrapKey("raw", masterKey, encryptKey, {
       name: "RSA-OAEP",
     } satisfies RsaOaepParams),
   );
@@ -131,7 +125,7 @@ export const unwrapMasterKey = async (
   extractable = false,
 ) => {
   return {
-    masterKey: await window.crypto.subtle.unwrapKey(
+    masterKey: await crypto.subtle.unwrapKey(
       "raw",
       decodeFromBase64(masterKeyWrapped),
       decryptKey,
@@ -146,7 +140,7 @@ export const unwrapMasterKey = async (
 };
 
 export const signMessageRSA = async (message: BufferSource, signKey: CryptoKey) => {
-  return await window.crypto.subtle.sign(
+  return await crypto.subtle.sign(
     {
       name: "RSA-PSS",
       saltLength: 32, // SHA-256
@@ -161,7 +155,7 @@ export const verifySignatureRSA = async (
   signature: BufferSource,
   verifyKey: CryptoKey,
 ) => {
-  return await window.crypto.subtle.verify(
+  return await crypto.subtle.verify(
     {
       name: "RSA-PSS",
       saltLength: 32, // SHA-256

src/lib/modules/crypto/sha.ts

@@ -1,10 +1,13 @@
+import HmacWorker from "$workers/hmac?worker";
+import type { ComputeMessage, ResultMessage } from "$workers/hmac";
+
 export const digestMessage = async (message: BufferSource) => {
-  return await window.crypto.subtle.digest("SHA-256", message);
+  return await crypto.subtle.digest("SHA-256", message);
 };
 
 export const generateHmacSecret = async () => {
   return {
-    hmacSecret: await window.crypto.subtle.generateKey(
+    hmacSecret: await crypto.subtle.generateKey(
       {
         name: "HMAC",
         hash: "SHA-256",
@@ -15,6 +18,24 @@ export const generateHmacSecret = async () => {
   };
 };
 
-export const signMessageHmac = async (message: BufferSource, hmacSecret: CryptoKey) => {
+export const signMessageHmac = async (message: Blob, hmacSecret: CryptoKey) => {
-  return await window.crypto.subtle.sign("HMAC", hmacSecret, message);
+  const stream = message.stream();
+  const hmacSecretRaw = new Uint8Array(await crypto.subtle.exportKey("raw", hmacSecret));
+  const worker = new HmacWorker();
+
+  return new Promise<Uint8Array>((resolve, reject) => {
+    worker.onmessage = ({ data }: MessageEvent<ResultMessage>) => {
+      resolve(data.result);
+      worker.terminate();
+    };
+
+    worker.onerror = ({ error }) => {
+      reject(error);
+      worker.terminate();
+    };
+
+    worker.postMessage({ stream, key: hmacSecretRaw } satisfies ComputeMessage, {
+      transfer: [stream, hmacSecretRaw.buffer],
+    });
+  });
 };

src/lib/modules/crypto/utils.ts

@@ -9,8 +9,8 @@ export const decodeString = (data: ArrayBuffer) => {
   return textDecoder.decode(data);
 };
 
-export const encodeToBase64 = (data: ArrayBuffer) => {
+export const encodeToBase64 = (data: ArrayBuffer | Uint8Array) => {
-  return btoa(String.fromCharCode(...new Uint8Array(data)));
+  return btoa(String.fromCharCode(...(data instanceof ArrayBuffer ? new Uint8Array(data) : data)));
 };
 
 export const decodeFromBase64 = (data: string) => {

src/lib/modules/file/cache.ts

@@ -1,15 +1,12 @@
-import { LRUCache } from "lru-cache";
 import {
   getFileCacheIndex as getFileCacheIndexFromIndexedDB,
   storeFileCacheIndex,
   deleteFileCacheIndex,
   type FileCacheIndex,
 } from "$lib/indexedDB";
-import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
+import { readFile, writeFile, deleteFile } from "$lib/modules/opfs";
-import { getThumbnailUrl } from "$lib/modules/thumbnail";
 
 const fileCacheIndex = new Map<number, FileCacheIndex>();
-const loadedThumbnails = new LRUCache<number, string>({ max: 100 });
 
 export const prepareFileCache = async () => {
   for (const cache of await getFileCacheIndexFromIndexedDB()) {
@@ -51,30 +48,3 @@ export const deleteFileCache = async (fileId: number) => {
   await deleteFile(`/cache/${fileId}`);
   await deleteFileCacheIndex(fileId);
 };
-
-export const getFileThumbnailCache = async (fileId: number) => {
-  const thumbnail = loadedThumbnails.get(fileId);
-  if (thumbnail) return thumbnail;
-
-  const thumbnailBuffer = await readFile(`/thumbnail/file/${fileId}`);
-  if (!thumbnailBuffer) return null;
-
-  const thumbnailUrl = getThumbnailUrl(thumbnailBuffer);
-  loadedThumbnails.set(fileId, thumbnailUrl);
-  return thumbnailUrl;
-};
-
-export const storeFileThumbnailCache = async (fileId: number, thumbnailBuffer: ArrayBuffer) => {
-  await writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
-  loadedThumbnails.set(fileId, getThumbnailUrl(thumbnailBuffer));
-};
-
-export const deleteFileThumbnailCache = async (fileId: number) => {
-  loadedThumbnails.delete(fileId);
-  await deleteFile(`/thumbnail/file/${fileId}`);
-};
-
-export const deleteAllFileThumbnailCaches = async () => {
-  loadedThumbnails.clear();
-  await deleteDirectory("/thumbnail/file");
-};

src/lib/modules/file/download.svelte.ts

@@ -0,0 +1,110 @@
+import axios from "axios";
+import { limitFunction } from "p-limit";
+import { ENCRYPTED_CHUNK_SIZE } from "$lib/constants";
+import { decryptChunk, concatenateBuffers } from "$lib/modules/crypto";
+
+export interface FileDownloadState {
+  id: number;
+  status:
+    | "download-pending"
+    | "downloading"
+    | "decryption-pending"
+    | "decrypting"
+    | "decrypted"
+    | "canceled"
+    | "error";
+  progress?: number;
+  rate?: number;
+  estimated?: number;
+  result?: ArrayBuffer;
+}
+
+type LiveFileDownloadState = FileDownloadState & {
+  status: "download-pending" | "downloading" | "decryption-pending" | "decrypting";
+};
+
+let downloadingFiles: FileDownloadState[] = $state([]);
+
+export const isFileDownloading = (
+  status: FileDownloadState["status"],
+): status is LiveFileDownloadState["status"] =>
+  ["download-pending", "downloading", "decryption-pending", "decrypting"].includes(status);
+
+export const getFileDownloadState = (fileId: number) => {
+  return downloadingFiles.find((file) => file.id === fileId && isFileDownloading(file.status));
+};
+
+export const getDownloadingFiles = () => {
+  return downloadingFiles.filter((file) => isFileDownloading(file.status));
+};
+
+export const clearDownloadedFiles = () => {
+  downloadingFiles = downloadingFiles.filter((file) => isFileDownloading(file.status));
+};
+
+const requestFileDownload = limitFunction(
+  async (state: FileDownloadState, id: number) => {
+    state.status = "downloading";
+
+    const res = await axios.get(`/api/file/${id}/download`, {
+      responseType: "arraybuffer",
+      onDownloadProgress: ({ progress, rate, estimated }) => {
+        state.progress = progress;
+        state.rate = rate;
+        state.estimated = estimated;
+      },
+    });
+    const fileEncrypted: ArrayBuffer = res.data;
+
+    state.status = "decryption-pending";
+    return fileEncrypted;
+  },
+  { concurrency: 1 },
+);
+
+const decryptFile = limitFunction(
+  async (
+    state: FileDownloadState,
+    fileEncrypted: ArrayBuffer,
+    encryptedChunkSize: number,
+    dataKey: CryptoKey,
+  ) => {
+    state.status = "decrypting";
+
+    const chunks: ArrayBuffer[] = [];
+    let offset = 0;
+
+    while (offset < fileEncrypted.byteLength) {
+      const nextOffset = Math.min(offset + encryptedChunkSize, fileEncrypted.byteLength);
+      chunks.push(await decryptChunk(fileEncrypted.slice(offset, nextOffset), dataKey));
+      offset = nextOffset;
+    }
+
+    const fileBuffer = concatenateBuffers(...chunks).buffer;
+    state.status = "decrypted";
+    state.result = fileBuffer;
+    return fileBuffer;
+  },
+  { concurrency: 4 },
+);
+
+export const downloadFile = async (id: number, dataKey: CryptoKey, isLegacy: boolean) => {
+  downloadingFiles.push({
+    id,
+    status: "download-pending",
+  });
+  const state = downloadingFiles.at(-1)!;
+
+  try {
+    const fileEncrypted = await requestFileDownload(state, id);
+    return await decryptFile(
+      state,
+      fileEncrypted,
+      isLegacy ? fileEncrypted.byteLength : ENCRYPTED_CHUNK_SIZE,
+      dataKey,
+    );
+  } catch (e) {
+    state.status = "error";
+    throw e;
+  }
+};

src/lib/modules/file/download.ts

@@ -1,84 +0,0 @@
-import axios from "axios";
-import { limitFunction } from "p-limit";
-import { writable, type Writable } from "svelte/store";
-import { decryptData } from "$lib/modules/crypto";
-import { fileDownloadStatusStore, type FileDownloadStatus } from "$lib/stores";
-
-const requestFileDownload = limitFunction(
-  async (status: Writable<FileDownloadStatus>, id: number) => {
-    status.update((value) => {
-      value.status = "downloading";
-      return value;
-    });
-
-    const res = await axios.get(`/api/file/${id}/download`, {
-      responseType: "arraybuffer",
-      onDownloadProgress: ({ progress, rate, estimated }) => {
-        status.update((value) => {
-          value.progress = progress;
-          value.rate = rate;
-          value.estimated = estimated;
-          return value;
-        });
-      },
-    });
-    const fileEncrypted: ArrayBuffer = res.data;
-
-    status.update((value) => {
-      value.status = "decryption-pending";
-      return value;
-    });
-    return fileEncrypted;
-  },
-  { concurrency: 1 },
-);
-
-const decryptFile = limitFunction(
-  async (
-    status: Writable<FileDownloadStatus>,
-    fileEncrypted: ArrayBuffer,
-    fileEncryptedIv: string,
-    dataKey: CryptoKey,
-  ) => {
-    status.update((value) => {
-      value.status = "decrypting";
-      return value;
-    });
-
-    const fileBuffer = await decryptData(fileEncrypted, fileEncryptedIv, dataKey);
-
-    status.update((value) => {
-      value.status = "decrypted";
-      value.result = fileBuffer;
-      return value;
-    });
-    return fileBuffer;
-  },
-  { concurrency: 4 },
-);
-
-export const downloadFile = async (id: number, fileEncryptedIv: string, dataKey: CryptoKey) => {
-  const status = writable<FileDownloadStatus>({
-    id,
-    status: "download-pending",
-  });
-  fileDownloadStatusStore.update((value) => {
-    value.push(status);
-    return value;
-  });
-
-  try {
-    return await decryptFile(
-      status,
-      await requestFileDownload(status, id),
-      fileEncryptedIv,
-      dataKey,
-    );
-  } catch (e) {
-    status.update((value) => {
-      value.status = "error";
-      return value;
-    });
-    throw e;
-  }
-};

src/lib/modules/file/index.ts

@@ -1,3 +1,4 @@
 export * from "./cache";
-export * from "./download";
+export * from "./download.svelte";
-export * from "./upload";
+export * from "./thumbnail";
+export * from "./upload.svelte";

src/lib/modules/file/thumbnail.ts

@@ -0,0 +1,77 @@
+import { LRUCache } from "lru-cache";
+import { writable, type Writable } from "svelte/store";
+import { browser } from "$app/environment";
+import { decryptChunk } from "$lib/modules/crypto";
+import type { SummarizedFileInfo } from "$lib/modules/filesystem";
+import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
+import { getThumbnailUrl } from "$lib/modules/thumbnail";
+
+const loadedThumbnails = new LRUCache<number, Writable<string>>({ max: 100 });
+const loadingThumbnails = new Map<number, Writable<string | undefined>>();
+
+const fetchFromOpfs = async (fileId: number) => {
+  const thumbnailBuffer = await readFile(`/thumbnail/file/${fileId}`);
+  if (thumbnailBuffer) {
+    return getThumbnailUrl(thumbnailBuffer);
+  }
+};
+
+const fetchFromServer = async (fileId: number, dataKey: CryptoKey) => {
+  const res = await fetch(`/api/file/${fileId}/thumbnail/download`);
+  if (!res.ok) return null;
+
+  const thumbnailBuffer = await decryptChunk(await res.arrayBuffer(), dataKey);
+
+  void writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
+  return getThumbnailUrl(thumbnailBuffer);
+};
+
+export const getFileThumbnail = (file: SummarizedFileInfo) => {
+  if (
+    !browser ||
+    !(file.contentType.startsWith("image/") || file.contentType.startsWith("video/"))
+  ) {
+    return undefined;
+  }
+
+  const thumbnail = loadedThumbnails.get(file.id);
+  if (thumbnail) return thumbnail;
+
+  let loadingThumbnail = loadingThumbnails.get(file.id);
+  if (loadingThumbnail) return loadingThumbnail;
+
+  loadingThumbnail = writable(undefined);
+  loadingThumbnails.set(file.id, loadingThumbnail);
+
+  fetchFromOpfs(file.id)
+    .then((thumbnail) => thumbnail ?? (file.dataKey && fetchFromServer(file.id, file.dataKey.key)))
+    .then((thumbnail) => {
+      if (thumbnail) {
+        loadingThumbnail.set(thumbnail);
+        loadedThumbnails.set(file.id, loadingThumbnail as Writable<string>);
+      }
+      loadingThumbnails.delete(file.id);
+    });
+  return loadingThumbnail;
+};
+
+export const storeFileThumbnailCache = async (fileId: number, thumbnailBuffer: ArrayBuffer) => {
+  await writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
+
+  const oldThumbnail = loadedThumbnails.get(fileId);
+  if (oldThumbnail) {
+    oldThumbnail.set(getThumbnailUrl(thumbnailBuffer));
+  } else {
+    loadedThumbnails.set(fileId, writable(getThumbnailUrl(thumbnailBuffer)));
+  }
+};
+
+export const deleteFileThumbnailCache = async (fileId: number) => {
+  loadedThumbnails.delete(fileId);
+  await deleteFile(`/thumbnail/file/${fileId}`);
+};
+
+export const deleteAllFileThumbnailCaches = async () => {
+  loadedThumbnails.clear();
+  await deleteDirectory(`/thumbnail/file`);
+};

src/lib/modules/file/upload.svelte.ts

@@ -0,0 +1,263 @@
+import ExifReader from "exifreader";
+import { limitFunction } from "p-limit";
+import { CHUNK_SIZE } from "$lib/constants";
+import { encodeToBase64, generateDataKey, wrapDataKey, encryptString } from "$lib/modules/crypto";
+import { signMessageHmac } from "$lib/modules/crypto";
+import { generateThumbnail } from "$lib/modules/thumbnail";
+import { uploadBlob } from "$lib/modules/upload";
+import type { MasterKey, HmacSecret } from "$lib/stores";
+import { Scheduler } from "$lib/utils";
+import { trpc } from "$trpc/client";
+
+export interface FileUploadState {
+  id: string;
+  name: string;
+  parentId: DirectoryId;
+  status:
+    | "queued"
+    | "encryption-pending"
+    | "encrypting"
+    | "upload-pending"
+    | "uploading"
+    | "uploaded"
+    | "canceled"
+    | "error";
+  progress?: number;
+  rate?: number;
+  estimated?: number;
+}
+
+export type LiveFileUploadState = FileUploadState & {
+  status: "queued" | "encryption-pending" | "encrypting" | "upload-pending" | "uploading";
+};
+
+const scheduler = new Scheduler<
+  { fileId: number; fileBuffer?: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined
+>();
+let uploadingFiles: FileUploadState[] = $state([]);
+
+const isFileUploading = (status: FileUploadState["status"]) =>
+  ["queued", "encryption-pending", "encrypting", "upload-pending", "uploading"].includes(status);
+
+export const getUploadingFiles = (parentId?: DirectoryId) => {
+  return uploadingFiles.filter(
+    (file) =>
+      (parentId === undefined || file.parentId === parentId) && isFileUploading(file.status),
+  );
+};
+
+export const clearUploadedFiles = () => {
+  uploadingFiles = uploadingFiles.filter((file) => isFileUploading(file.status));
+};
+
+const requestDuplicateFileScan = limitFunction(
+  async (
+    state: FileUploadState,
+    file: File,
+    hmacSecret: HmacSecret,
+    onDuplicate: () => Promise<boolean>,
+  ) => {
+    state.status = "encryption-pending";
+
+    const fileSigned = encodeToBase64(await signMessageHmac(file, hmacSecret.secret));
+    const files = await trpc().file.listByHash.query({
+      hskVersion: hmacSecret.version,
+      contentHmac: fileSigned,
+    });
+    if (files.length === 0 || (await onDuplicate())) {
+      return { fileSigned };
+    } else {
+      return {};
+    }
+  },
+  { concurrency: 1 },
+);
+
+const getFileType = (file: File) => {
+  if (file.type) return file.type;
+  if (file.name.endsWith(".heic")) return "image/heic";
+  throw new Error("Unknown file type");
+};
+
+const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
+  const exif = ExifReader.load(fileBuffer);
+  const dateTimeOriginal = exif["DateTimeOriginal"]?.description;
+  const offsetTimeOriginal = exif["OffsetTimeOriginal"]?.description;
+  if (!dateTimeOriginal) return undefined;
+
+  const [date, time] = dateTimeOriginal.split(" ");
+  if (!date || !time) return undefined;
+
+  const [year, month, day] = date.split(":").map(Number);
+  const [hour, minute, second] = time.split(":").map(Number);
+  if (!year || !month || !day || !hour || !minute || !second) return undefined;
+
+  if (!offsetTimeOriginal) {
+    // No timezone information.. Assume local timezone
+    return new Date(year, month - 1, day, hour, minute, second);
+  }
+
+  const offsetSign = offsetTimeOriginal[0] === "+" ? 1 : -1;
+  const [offsetHour, offsetMinute] = offsetTimeOriginal.slice(1).split(":").map(Number);
+
+  const utcDate = Date.UTC(year, month - 1, day, hour, minute, second);
+  const offsetMs = offsetSign * ((offsetHour ?? 0) * 60 + (offsetMinute ?? 0)) * 60 * 1000;
+  return new Date(utcDate - offsetMs);
+};
+
+interface FileMetadata {
+  parentId: "root" | number;
+  name: string;
+  createdAt?: Date;
+  lastModifiedAt: Date;
+}
+
+const requestFileMetadataEncryption = limitFunction(
+  async (
+    state: FileUploadState,
+    file: Blob,
+    fileMetadata: FileMetadata,
+    masterKey: MasterKey,
+    hmacSecret: HmacSecret,
+  ) => {
+    state.status = "encrypting";
+
+    const { dataKey, dataKeyVersion } = await generateDataKey();
+    const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
+
+    const [nameEncrypted, createdAtEncrypted, lastModifiedAtEncrypted, thumbnailBuffer] =
+      await Promise.all([
+        encryptString(fileMetadata.name, dataKey),
+        fileMetadata.createdAt &&
+          encryptString(fileMetadata.createdAt.getTime().toString(), dataKey),
+        encryptString(fileMetadata.lastModifiedAt.getTime().toString(), dataKey),
+        generateThumbnail(file).then((blob) => blob?.arrayBuffer()),
+      ]);
+
+    const { uploadId } = await trpc().upload.startFileUpload.mutate({
+      chunks: Math.ceil(file.size / CHUNK_SIZE),
+      parent: fileMetadata.parentId,
+      mekVersion: masterKey.version,
+      dek: dataKeyWrapped,
+      dekVersion: dataKeyVersion,
+      hskVersion: hmacSecret.version,
+      contentType: file.type,
+      name: nameEncrypted.ciphertext,
+      nameIv: nameEncrypted.iv,
+      createdAt: createdAtEncrypted?.ciphertext,
+      createdAtIv: createdAtEncrypted?.iv,
+      lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
+      lastModifiedAtIv: lastModifiedAtEncrypted.iv,
+    });
+
+    state.status = "upload-pending";
+    return { uploadId, thumbnailBuffer, dataKey, dataKeyVersion };
+  },
+  { concurrency: 4 },
+);
+
+const requestFileUpload = limitFunction(
+  async (
+    state: FileUploadState,
+    uploadId: string,
+    file: Blob,
+    fileSigned: string,
+    thumbnailBuffer: ArrayBuffer | undefined,
+    dataKey: CryptoKey,
+    dataKeyVersion: Date,
+  ) => {
+    state.status = "uploading";
+
+    await uploadBlob(uploadId, file, dataKey, {
+      onProgress(s) {
+        state.progress = s.progress;
+        state.rate = s.rate;
+      },
+    });
+
+    const { file: fileId } = await trpc().upload.completeFileUpload.mutate({
+      uploadId,
+      contentHmac: fileSigned,
+    });
+
+    if (thumbnailBuffer) {
+      try {
+        const { uploadId } = await trpc().upload.startFileThumbnailUpload.mutate({
+          file: fileId,
+          dekVersion: dataKeyVersion,
+        });
+
+        await uploadBlob(uploadId, new Blob([thumbnailBuffer]), dataKey);
+
+        await trpc().upload.completeFileThumbnailUpload.mutate({ uploadId });
+      } catch (e) {
+        console.error(e);
+      }
+    }
+
+    state.status = "uploaded";
+    return { fileId };
+  },
+  { concurrency: 1 },
+);
+
+export const uploadFile = async (
+  file: File,
+  parentId: "root" | number,
+  masterKey: MasterKey,
+  hmacSecret: HmacSecret,
+  onDuplicate: () => Promise<boolean>,
+) => {
+  uploadingFiles.push({
+    id: crypto.randomUUID(),
+    name: file.name,
+    parentId,
+    status: "queued",
+  });
+  const state = uploadingFiles.at(-1)!;
+
+  return await scheduler.schedule(file.size, async () => {
+    try {
+      const { fileSigned } = await requestDuplicateFileScan(state, file, hmacSecret, onDuplicate);
+
+      if (!fileSigned) {
+        state.status = "canceled";
+        uploadingFiles = uploadingFiles.filter((file) => file !== state);
+        return;
+      }
+
+      let fileBuffer;
+      const fileType = getFileType(file);
+      const fileMetadata: FileMetadata = {
+        parentId,
+        name: file.name,
+        lastModifiedAt: new Date(file.lastModified),
+      };
+
+      if (fileType.startsWith("image/")) {
+        fileBuffer = await file.arrayBuffer();
+        fileMetadata.createdAt = extractExifDateTime(fileBuffer);
+      }
+
+      const blob = new Blob([file], { type: fileType });
+
+      const { uploadId, thumbnailBuffer, dataKey, dataKeyVersion } =
+        await requestFileMetadataEncryption(state, blob, fileMetadata, masterKey, hmacSecret);
+
+      const { fileId } = await requestFileUpload(
+        state,
+        uploadId,
+        blob,
+        fileSigned,
+        thumbnailBuffer,
+        dataKey,
+        dataKeyVersion,
+      );
+
+      return { fileId, fileBuffer, thumbnailBuffer };
+    } catch (e) {
+      state.status = "error";
+      throw e;
+    }
+  });
+};

src/lib/modules/file/upload.ts

@@ -1,279 +0,0 @@
-import axios from "axios";
-import ExifReader from "exifreader";
-import { limitFunction } from "p-limit";
-import { writable, type Writable } from "svelte/store";
-import {
-  encodeToBase64,
-  generateDataKey,
-  makeAESKeyNonextractable,
-  wrapDataKey,
-  encryptData,
-  encryptString,
-  digestMessage,
-  signMessageHmac,
-} from "$lib/modules/crypto";
-import { generateThumbnail } from "$lib/modules/thumbnail";
-import type {
-  DuplicateFileScanRequest,
-  DuplicateFileScanResponse,
-  FileThumbnailUploadRequest,
-  FileUploadRequest,
-  FileUploadResponse,
-} from "$lib/server/schemas";
-import {
-  fileUploadStatusStore,
-  type MasterKey,
-  type HmacSecret,
-  type FileUploadStatus,
-} from "$lib/stores";
-
-const requestDuplicateFileScan = limitFunction(
-  async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => {
-    const fileBuffer = await file.arrayBuffer();
-    const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret));
-
-    const res = await axios.post("/api/file/scanDuplicates", {
-      hskVersion: hmacSecret.version,
-      contentHmac: fileSigned,
-    } satisfies DuplicateFileScanRequest);
-    const { files }: DuplicateFileScanResponse = res.data;
-
-    if (files.length === 0 || (await onDuplicate())) {
-      return { fileBuffer, fileSigned };
-    } else {
-      return {};
-    }
-  },
-  { concurrency: 1 },
-);
-
-const getFileType = (file: File) => {
-  if (file.type) return file.type;
-  if (file.name.endsWith(".heic")) return "image/heic";
-  throw new Error("Unknown file type");
-};
-
-const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
-  const exif = ExifReader.load(fileBuffer);
-  const dateTimeOriginal = exif["DateTimeOriginal"]?.description;
-  const offsetTimeOriginal = exif["OffsetTimeOriginal"]?.description;
-  if (!dateTimeOriginal) return undefined;
-
-  const [date, time] = dateTimeOriginal.split(" ");
-  if (!date || !time) return undefined;
-
-  const [year, month, day] = date.split(":").map(Number);
-  const [hour, minute, second] = time.split(":").map(Number);
-  if (!year || !month || !day || !hour || !minute || !second) return undefined;
-
-  if (!offsetTimeOriginal) {
-    // No timezone information.. Assume local timezone
-    return new Date(year, month - 1, day, hour, minute, second);
-  }
-
-  const offsetSign = offsetTimeOriginal[0] === "+" ? 1 : -1;
-  const [offsetHour, offsetMinute] = offsetTimeOriginal.slice(1).split(":").map(Number);
-
-  const utcDate = Date.UTC(year, month - 1, day, hour, minute, second);
-  const offsetMs = offsetSign * ((offsetHour ?? 0) * 60 + (offsetMinute ?? 0)) * 60 * 1000;
-  return new Date(utcDate - offsetMs);
-};
-
-const encryptFile = limitFunction(
-  async (
-    status: Writable<FileUploadStatus>,
-    file: File,
-    fileBuffer: ArrayBuffer,
-    masterKey: MasterKey,
-  ) => {
-    status.update((value) => {
-      value.status = "encrypting";
-      return value;
-    });
-
-    const fileType = getFileType(file);
-
-    let createdAt;
-    if (fileType.startsWith("image/")) {
-      createdAt = extractExifDateTime(fileBuffer);
-    }
-
-    const { dataKey, dataKeyVersion } = await generateDataKey();
-    const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
-
-    const fileEncrypted = await encryptData(fileBuffer, dataKey);
-    const fileEncryptedHash = encodeToBase64(await digestMessage(fileEncrypted.ciphertext));
-
-    const nameEncrypted = await encryptString(file.name, dataKey);
-    const createdAtEncrypted =
-      createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
-    const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey);
-
-    const thumbnail = await generateThumbnail(fileBuffer, fileType);
-    const thumbnailBuffer = await thumbnail?.arrayBuffer();
-    const thumbnailEncrypted = thumbnailBuffer && (await encryptData(thumbnailBuffer, dataKey));
-
-    status.update((value) => {
-      value.status = "upload-pending";
-      return value;
-    });
-
-    return {
-      dataKey: await makeAESKeyNonextractable(dataKey),
-      dataKeyWrapped,
-      dataKeyVersion,
-      fileType,
-      fileEncrypted,
-      fileEncryptedHash,
-      nameEncrypted,
-      createdAt,
-      createdAtEncrypted,
-      lastModifiedAtEncrypted,
-      thumbnail: thumbnailEncrypted && { plaintext: thumbnailBuffer, ...thumbnailEncrypted },
-    };
-  },
-  { concurrency: 4 },
-);
-
-const requestFileUpload = limitFunction(
-  async (status: Writable<FileUploadStatus>, form: FormData, thumbnailForm: FormData | null) => {
-    status.update((value) => {
-      value.status = "uploading";
-      return value;
-    });
-
-    const res = await axios.post("/api/file/upload", form, {
-      onUploadProgress: ({ progress, rate, estimated }) => {
-        status.update((value) => {
-          value.progress = progress;
-          value.rate = rate;
-          value.estimated = estimated;
-          return value;
-        });
-      },
-    });
-    const { file }: FileUploadResponse = res.data;
-
-    if (thumbnailForm) {
-      try {
-        await axios.post(`/api/file/${file}/thumbnail/upload`, thumbnailForm);
-      } catch (e) {
-        // TODO
-        console.error(e);
-      }
-    }
-
-    status.update((value) => {
-      value.status = "uploaded";
-      return value;
-    });
-
-    return { fileId: file };
-  },
-  { concurrency: 1 },
-);
-
-export const uploadFile = async (
-  file: File,
-  parentId: "root" | number,
-  hmacSecret: HmacSecret,
-  masterKey: MasterKey,
-  onDuplicate: () => Promise<boolean>,
-) => {
-  const status = writable<FileUploadStatus>({
-    name: file.name,
-    parentId,
-    status: "encryption-pending",
-  });
-  fileUploadStatusStore.update((value) => {
-    value.push(status);
-    return value;
-  });
-
-  try {
-    const { fileBuffer, fileSigned } = await requestDuplicateFileScan(
-      file,
-      hmacSecret,
-      onDuplicate,
-    );
-    if (!fileBuffer || !fileSigned) {
-      status.update((value) => {
-        value.status = "canceled";
-        return value;
-      });
-      fileUploadStatusStore.update((value) => {
-        value = value.filter((v) => v !== status);
-        return value;
-      });
-      return undefined;
-    }
-
-    const {
-      dataKey,
-      dataKeyWrapped,
-      dataKeyVersion,
-      fileType,
-      fileEncrypted,
-      fileEncryptedHash,
-      nameEncrypted,
-      createdAt,
-      createdAtEncrypted,
-      lastModifiedAtEncrypted,
-      thumbnail,
-    } = await encryptFile(status, file, fileBuffer, masterKey);
-
-    const form = new FormData();
-    form.set(
-      "metadata",
-      JSON.stringify({
-        parent: parentId,
-        mekVersion: masterKey.version,
-        dek: dataKeyWrapped,
-        dekVersion: dataKeyVersion.toISOString(),
-        hskVersion: hmacSecret.version,
-        contentHmac: fileSigned,
-        contentType: fileType,
-        contentIv: fileEncrypted.iv,
-        name: nameEncrypted.ciphertext,
-        nameIv: nameEncrypted.iv,
-        createdAt: createdAtEncrypted?.ciphertext,
-        createdAtIv: createdAtEncrypted?.iv,
-        lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
-        lastModifiedAtIv: lastModifiedAtEncrypted.iv,
-      } satisfies FileUploadRequest),
-    );
-    form.set("content", new Blob([fileEncrypted.ciphertext]));
-    form.set("checksum", fileEncryptedHash);
-
-    let thumbnailForm = null;
-    if (thumbnail) {
-      thumbnailForm = new FormData();
-      thumbnailForm.set(
-        "metadata",
-        JSON.stringify({
-          dekVersion: dataKeyVersion.toISOString(),
-          contentIv: thumbnail.iv,
-        } satisfies FileThumbnailUploadRequest),
-      );
-      thumbnailForm.set("content", new Blob([thumbnail.ciphertext]));
-    }
-
-    const { fileId } = await requestFileUpload(status, form, thumbnailForm);
-    return {
-      fileId,
-      fileDataKey: dataKey,
-      fileDataKeyVersion: dataKeyVersion,
-      fileType,
-      fileEncryptedIv: fileEncrypted.iv,
-      fileCreatedAt: createdAt,
-      fileBuffer,
-      thumbnailBuffer: thumbnail?.plaintext,
-    };
-  } catch (e) {
-    status.update((value) => {
-      value.status = "error";
-      return value;
-    });
-    throw e;
-  }
-};

src/lib/modules/filesystem/category.ts

@@ -0,0 +1,123 @@
+import * as IndexedDB from "$lib/indexedDB";
+import { trpc, isTRPCClientError } from "$trpc/client";
+import { FilesystemCache, decryptFileMetadata, decryptCategoryMetadata } from "./internal.svelte";
+import type { CategoryInfo, MaybeCategoryInfo } from "./types";
+
+const cache = new FilesystemCache<CategoryId, MaybeCategoryInfo>({
+  async fetchFromIndexedDB(id) {
+    const [category, subCategories] = await Promise.all([
+      id !== "root" ? IndexedDB.getCategoryInfo(id) : undefined,
+      IndexedDB.getCategoryInfos(id),
+    ]);
+    const files = category?.files
+      ? await Promise.all(
+          category.files.map(async (file) => {
+            const fileInfo = await IndexedDB.getFileInfo(file.id);
+            return fileInfo
+              ? {
+                  id: file.id,
+                  parentId: fileInfo.parentId,
+                  contentType: fileInfo.contentType,
+                  name: fileInfo.name,
+                  createdAt: fileInfo.createdAt,
+                  lastModifiedAt: fileInfo.lastModifiedAt,
+                  isFavorite: fileInfo.isFavorite,
+                  isRecursive: file.isRecursive,
+                }
+              : undefined;
+          }),
+        )
+      : undefined;
+
+    if (id === "root") {
+      return {
+        id,
+        exists: true,
+        subCategories,
+      };
+    } else if (category) {
+      return {
+        id,
+        exists: true,
+        parentId: category.parentId,
+        name: category.name,
+        subCategories,
+        files: files?.filter((file) => !!file) ?? [],
+        isFileRecursive: category.isFileRecursive ?? false,
+      };
+    }
+  },
+
+  async fetchFromServer(id, cachedInfo, masterKey) {
+    try {
+      const category = await trpc().category.get.query({ id, recurse: true });
+      const [subCategories, files, metadata] = await Promise.all([
+        Promise.all(
+          category.subCategories.map(async (category) => ({
+            id: category.id,
+            parentId: id,
+            ...(await decryptCategoryMetadata(category, masterKey)),
+          })),
+        ),
+        category.files &&
+          Promise.all(
+            category.files.map(async (file) => ({
+              id: file.id,
+              parentId: file.parent,
+              contentType: file.contentType,
+              isFavorite: file.isFavorite,
+              isRecursive: file.isRecursive,
+              ...(await decryptFileMetadata(file, masterKey)),
+            })),
+          ),
+        category.metadata && decryptCategoryMetadata(category.metadata, masterKey),
+      ]);
+
+      return storeToIndexedDB(
+        id !== "root"
+          ? {
+              id,
+              parentId: category.metadata!.parent,
+              subCategories,
+              files: files!,
+              isFileRecursive: cachedInfo?.isFileRecursive ?? false,
+              ...metadata!,
+            }
+          : { id, subCategories },
+      );
+    } catch (e) {
+      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
+        await IndexedDB.deleteCategoryInfo(id as number);
+        return { id, exists: false };
+      }
+      throw e;
+    }
+  },
+});
+
+const storeToIndexedDB = (info: CategoryInfo) => {
+  if (info.id !== "root") {
+    void IndexedDB.storeCategoryInfo(info);
+
+    // TODO: Bulk Upsert
+    new Map(info.files.map((file) => [file.id, file])).forEach((file) => {
+      void IndexedDB.storeFileInfo(file);
+    });
+  }
+
+  // TODO: Bulk Upsert
+  info.subCategories.forEach((category) => {
+    void IndexedDB.storeCategoryInfo(category);
+  });
+
+  void IndexedDB.deleteDanglingCategoryInfos(
+    info.id,
+    new Set(info.subCategories.map(({ id }) => id)),
+  );
+
+  return { ...info, exists: true as const };
+};
+
+export const getCategoryInfo = (id: CategoryId, masterKey: CryptoKey) => {
+  return cache.get(id, masterKey);
+};

src/lib/modules/filesystem/directory.ts

@@ -0,0 +1,134 @@
+import * as IndexedDB from "$lib/indexedDB";
+import { trpc, isTRPCClientError } from "$trpc/client";
+import { FilesystemCache, decryptDirectoryMetadata, decryptFileMetadata } from "./internal.svelte";
+import type { DirectoryInfo, MaybeDirectoryInfo } from "./types";
+
+const cache = new FilesystemCache<DirectoryId, MaybeDirectoryInfo>({
+  async fetchFromIndexedDB(id) {
+    const [directory, subDirectories, files] = await Promise.all([
+      id !== "root" ? IndexedDB.getDirectoryInfo(id) : undefined,
+      IndexedDB.getDirectoryInfos(id),
+      IndexedDB.getFileInfos(id),
+    ]);
+
+    if (id === "root") {
+      return {
+        id,
+        exists: true,
+        subDirectories,
+        files,
+      };
+    } else if (directory) {
+      return {
+        id,
+        exists: true,
+        parentId: directory.parentId,
+        name: directory.name,
+        subDirectories,
+        files,
+        isFavorite: directory.isFavorite,
+      };
+    }
+  },
+
+  async fetchFromServer(id, _cachedInfo, masterKey) {
+    try {
+      const directory = await trpc().directory.get.query({ id });
+      const [subDirectories, files, metadata] = await Promise.all([
+        Promise.all(
+          directory.subDirectories.map(async (directory) => ({
+            id: directory.id,
+            parentId: id,
+            isFavorite: directory.isFavorite,
+            ...(await decryptDirectoryMetadata(directory, masterKey)),
+          })),
+        ),
+        Promise.all(
+          directory.files.map(async (file) => ({
+            id: file.id,
+            parentId: id,
+            contentType: file.contentType,
+            isFavorite: file.isFavorite,
+            ...(await decryptFileMetadata(file, masterKey)),
+          })),
+        ),
+        directory.metadata && decryptDirectoryMetadata(directory.metadata, masterKey),
+      ]);
+
+      return storeToIndexedDB(
+        id !== "root"
+          ? {
+              id,
+              parentId: directory.metadata!.parent,
+              subDirectories,
+              files,
+              isFavorite: directory.metadata!.isFavorite,
+              ...metadata!,
+            }
+          : { id, subDirectories, files },
+      );
+    } catch (e) {
+      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
+        await IndexedDB.deleteDirectoryInfo(id as number);
+        return { id, exists: false as const };
+      }
+      throw e;
+    }
+  },
+});
+
+const storeToIndexedDB = (info: DirectoryInfo) => {
+  if (info.id !== "root") {
+    void IndexedDB.storeDirectoryInfo(info);
+  }
+
+  // TODO: Bulk Upsert
+  info.subDirectories.forEach((subDirectory) => {
+    void IndexedDB.storeDirectoryInfo(subDirectory);
+  });
+
+  // TODO: Bulk Upsert
+  info.files.forEach((file) => {
+    void IndexedDB.storeFileInfo(file);
+  });
+
+  void IndexedDB.deleteDanglingDirectoryInfos(
+    info.id,
+    new Set(info.subDirectories.map(({ id }) => id)),
+  );
+  void IndexedDB.deleteDanglingFileInfos(info.id, new Set(info.files.map(({ id }) => id)));
+
+  return { ...info, exists: true as const };
+};
+
+export const getDirectoryInfo = (
+  id: DirectoryId,
+  masterKey: CryptoKey,
+  options?: {
+    serverResponse?: {
+      parent: DirectoryId;
+      dek: string;
+      dekVersion: Date;
+      name: string;
+      nameIv: string;
+      isFavorite: boolean;
+    };
+  },
+) => {
+  return cache.get(id, masterKey, {
+    fetchFromServer:
+      options?.serverResponse &&
+      (async (cachedValue) => {
+        const metadata = await decryptDirectoryMetadata(options!.serverResponse!, masterKey);
+        return storeToIndexedDB({
+          subDirectories: [],
+          files: [],
+          ...cachedValue,
+          id: id as number,
+          parentId: options!.serverResponse!.parent,
+          isFavorite: options!.serverResponse!.isFavorite,
+          ...metadata,
+        });
+      }),
+  });
+};

src/lib/modules/filesystem/file.ts

@@ -0,0 +1,213 @@
+import * as IndexedDB from "$lib/indexedDB";
+import { trpc, isTRPCClientError } from "$trpc/client";
+import { FilesystemCache, decryptFileMetadata, decryptCategoryMetadata } from "./internal.svelte";
+import type { FileInfo, MaybeFileInfo } from "./types";
+
+const cache = new FilesystemCache<number, MaybeFileInfo>({
+  async fetchFromIndexedDB(id) {
+    const file = await IndexedDB.getFileInfo(id);
+    const categories = file?.categoryIds
+      ? await Promise.all(
+          file.categoryIds.map(async (categoryId) => {
+            const category = await IndexedDB.getCategoryInfo(categoryId);
+            return category
+              ? { id: category.id, parentId: category.parentId, name: category.name }
+              : undefined;
+          }),
+        )
+      : undefined;
+
+    if (file) {
+      return {
+        id,
+        exists: true,
+        parentId: file.parentId,
+        contentType: file.contentType,
+        name: file.name,
+        createdAt: file.createdAt,
+        lastModifiedAt: file.lastModifiedAt,
+        categories: categories?.filter((category) => !!category) ?? [],
+        isFavorite: file.isFavorite,
+      };
+    }
+  },
+
+  async fetchFromServer(id, _cachedInfo, masterKey) {
+    try {
+      const file = await trpc().file.get.query({ id });
+      const [categories, metadata] = await Promise.all([
+        Promise.all(
+          file.categories.map(async (category) => ({
+            id: category.id,
+            parentId: category.parent,
+            ...(await decryptCategoryMetadata(category, masterKey)),
+          })),
+        ),
+        decryptFileMetadata(file, masterKey),
+      ]);
+
+      return storeToIndexedDB({
+        id,
+        isLegacy: file.isLegacy,
+        parentId: file.parent,
+        dataKey: metadata.dataKey,
+        contentType: file.contentType,
+        name: metadata.name,
+        createdAt: metadata.createdAt,
+        lastModifiedAt: metadata.lastModifiedAt,
+        categories,
+        isFavorite: file.isFavorite,
+      });
+    } catch (e) {
+      if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
+        await IndexedDB.deleteFileInfo(id);
+        return { id, exists: false as const };
+      }
+      throw e;
+    }
+  },
+
+  async bulkFetchFromIndexedDB(ids) {
+    const files = await IndexedDB.bulkGetFileInfos([...ids]);
+    const categories = await Promise.all(
+      files.map(async (file) =>
+        file?.categoryIds
+          ? await Promise.all(
+              file.categoryIds.map(async (categoryId) => {
+                const category = await IndexedDB.getCategoryInfo(categoryId);
+                return category
+                  ? { id: category.id, parentId: category.parentId, name: category.name }
+                  : undefined;
+              }),
+            )
+          : undefined,
+      ),
+    );
+
+    return new Map(
+      files
+        .filter((file) => !!file)
+        .map((file, index) => [
+          file.id,
+          {
+            ...file,
+            exists: true,
+            categories: categories[index]?.filter((category) => !!category) ?? [],
+          },
+        ]),
+    );
+  },
+
+  async bulkFetchFromServer(ids, masterKey) {
+    const idsArray = [...ids.keys()];
+
+    const filesRaw = await trpc().file.bulkGet.query({ ids: idsArray });
+    const files = await Promise.all(
+      filesRaw.map(async ({ id, categories: categoriesRaw, ...metadataRaw }) => {
+        const [categories, metadata] = await Promise.all([
+          Promise.all(
+            categoriesRaw.map(async (category) => ({
+              id: category.id,
+              parentId: category.parent,
+              ...(await decryptCategoryMetadata(category, masterKey)),
+            })),
+          ),
+          decryptFileMetadata(metadataRaw, masterKey),
+        ]);
+
+        return {
+          id,
+          exists: true as const,
+          isLegacy: metadataRaw.isLegacy,
+          parentId: metadataRaw.parent,
+          contentType: metadataRaw.contentType,
+          categories,
+          isFavorite: metadataRaw.isFavorite,
+          ...metadata,
+        };
+      }),
+    );
+
+    const existingIds = new Set(filesRaw.map(({ id }) => id));
+    const deletedIds = idsArray.filter((id) => !existingIds.has(id));
+
+    void IndexedDB.bulkDeleteFileInfos(deletedIds);
+    return new Map<number, MaybeFileInfo>([
+      ...bulkStoreToIndexedDB(files),
+      ...deletedIds.map((id) => [id, { id, exists: false }] as const),
+    ]);
+  },
+});
+
+const storeToIndexedDB = (info: FileInfo) => {
+  void IndexedDB.storeFileInfo({
+    ...info,
+    categoryIds: info.categories.map(({ id }) => id),
+  });
+
+  info.categories.forEach((category) => {
+    void IndexedDB.storeCategoryInfo(category);
+  });
+
+  return { ...info, exists: true as const };
+};
+
+const bulkStoreToIndexedDB = (infos: FileInfo[]) => {
+  // TODO: Bulk Upsert
+  infos.forEach((info) => {
+    void IndexedDB.storeFileInfo({
+      ...info,
+      categoryIds: info.categories.map(({ id }) => id),
+    });
+  });
+
+  // TODO: Bulk Upsert
+  new Map(
+    infos.flatMap(({ categories }) => categories).map((category) => [category.id, category]),
+  ).forEach((category) => {
+    void IndexedDB.storeCategoryInfo(category);
+  });
+
+  return infos.map((info) => [info.id, { ...info, exists: true }] as const);
+};
+
+export const getFileInfo = (
+  id: number,
+  masterKey: CryptoKey,
+  options?: {
+    serverResponse?: {
+      parent: DirectoryId;
+      dek: string;
+      dekVersion: Date;
+      contentType: string;
+      name: string;
+      nameIv: string;
+      createdAt?: string;
+      createdAtIv?: string;
+      lastModifiedAt: string;
+      lastModifiedAtIv: string;
+      isFavorite: boolean;
+    };
+  },
+) => {
+  return cache.get(id, masterKey, {
+    fetchFromServer:
+      options?.serverResponse &&
+      (async (cachedValue) => {
+        const metadata = await decryptFileMetadata(options!.serverResponse!, masterKey);
+        return storeToIndexedDB({
+          categories: [],
+          ...cachedValue,
+          id,
+          parentId: options!.serverResponse!.parent,
+          contentType: options!.serverResponse!.contentType,
+          isFavorite: options!.serverResponse!.isFavorite,
+          ...metadata,
+        });
+      }),
+  });
+};
+
+export const bulkGetFileInfo = (ids: number[], masterKey: CryptoKey) => {
+  return cache.bulkGet(new Set(ids), masterKey);
+};

src/lib/modules/filesystem/index.ts

@@ -1,3 +1,4 @@
 export * from "./category";
 export * from "./directory";
 export * from "./file";
+export * from "./types";

src/lib/modules/filesystem/internal.svelte.ts

@@ -0,0 +1,180 @@
+import { untrack } from "svelte";
+import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
+
+interface FilesystemCacheOptions<K, V> {
+  fetchFromIndexedDB: (key: K) => Promise<V | undefined>;
+  fetchFromServer: (key: K, cachedValue: V | undefined, masterKey: CryptoKey) => Promise<V>;
+  bulkFetchFromIndexedDB?: (keys: Set<K>) => Promise<Map<K, V>>;
+  bulkFetchFromServer?: (
+    keys: Map<K, { cachedValue: V | undefined }>,
+    masterKey: CryptoKey,
+  ) => Promise<Map<K, V>>;
+}
+
+export class FilesystemCache<K, V extends object> {
+  private map = new Map<K, { value?: V; promise?: Promise<V> }>();
+
+  constructor(private readonly options: FilesystemCacheOptions<K, V>) {}
+
+  get(
+    key: K,
+    masterKey: CryptoKey,
+    options?: { fetchFromServer?: (cachedValue: V | undefined) => Promise<V> },
+  ) {
+    return untrack(() => {
+      let state = this.map.get(key);
+      if (state?.promise) return state.value ?? state.promise;
+
+      const { promise: newPromise, resolve } = Promise.withResolvers<V>();
+
+      if (!state) {
+        const newState = $state({});
+        state = newState;
+        this.map.set(key, newState);
+      }
+
+      (state.value
+        ? Promise.resolve($state.snapshot(state.value) as V)
+        : this.options.fetchFromIndexedDB(key).then((loadedInfo) => {
+            if (loadedInfo) {
+              state.value = loadedInfo;
+              resolve(state.value);
+            }
+            return loadedInfo;
+          })
+      )
+        .then(
+          (cachedInfo) =>
+            options?.fetchFromServer?.(cachedInfo) ??
+            this.options.fetchFromServer(key, cachedInfo, masterKey),
+        )
+        .then((loadedInfo) => {
+          if (state.value) {
+            Object.assign(state.value, loadedInfo);
+          } else {
+            state.value = loadedInfo;
+          }
+          resolve(state.value);
+        })
+        .finally(() => {
+          state.promise = undefined;
+        });
+
+      state.promise = newPromise;
+      return state.value ?? newPromise;
+    });
+  }
+
+  bulkGet(keys: Set<K>, masterKey: CryptoKey) {
+    return untrack(() => {
+      const newPromises = new Map(
+        keys
+          .keys()
+          .filter((key) => this.map.get(key)?.promise === undefined)
+          .map((key) => [key, Promise.withResolvers<V>()]),
+      );
+      newPromises.forEach(({ promise }, key) => {
+        const state = this.map.get(key);
+        if (state) {
+          state.promise = promise;
+        } else {
+          const newState = $state({ promise });
+          this.map.set(key, newState);
+        }
+      });
+
+      const resolve = (loadedInfos: Map<K, V>) => {
+        loadedInfos.forEach((loadedInfo, key) => {
+          const state = this.map.get(key)!;
+          if (state.value) {
+            Object.assign(state.value, loadedInfo);
+          } else {
+            state.value = loadedInfo;
+          }
+          newPromises.get(key)!.resolve(state.value);
+        });
+        return loadedInfos;
+      };
+
+      this.options.bulkFetchFromIndexedDB!(
+        new Set(newPromises.keys().filter((key) => this.map.get(key)!.value === undefined)),
+      )
+        .then(resolve)
+        .then(() =>
+          this.options.bulkFetchFromServer!(
+            new Map(
+              newPromises.keys().map((key) => [key, { cachedValue: this.map.get(key)!.value }]),
+            ),
+            masterKey,
+          ),
+        )
+        .then(resolve)
+        .finally(() => {
+          newPromises.forEach((_, key) => {
+            this.map.get(key)!.promise = undefined;
+          });
+        });
+
+      const bottleneckPromises = Array.from(
+        keys
+          .keys()
+          .filter((key) => this.map.get(key)!.value === undefined)
+          .map((key) => this.map.get(key)!.promise!),
+      );
+      const makeResult = () =>
+        new Map(keys.keys().map((key) => [key, this.map.get(key)!.value!] as const));
+      return bottleneckPromises.length > 0
+        ? Promise.all(bottleneckPromises).then(makeResult)
+        : makeResult();
+    });
+  }
+}
+
+export const decryptDirectoryMetadata = async (
+  metadata: { dek: string; dekVersion: Date; name: string; nameIv: string },
+  masterKey: CryptoKey,
+) => {
+  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
+  const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
+
+  return {
+    dataKey: { key: dataKey, version: metadata.dekVersion },
+    name,
+  };
+};
+
+const decryptDate = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
+  return new Date(parseInt(await decryptString(ciphertext, iv, dataKey), 10));
+};
+
+export const decryptFileMetadata = async (
+  metadata: {
+    dek: string;
+    dekVersion: Date;
+    name: string;
+    nameIv: string;
+    createdAt?: string;
+    createdAtIv?: string;
+    lastModifiedAt: string;
+    lastModifiedAtIv: string;
+  },
+  masterKey: CryptoKey,
+) => {
+  const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
+  const [name, createdAt, lastModifiedAt] = await Promise.all([
+    decryptString(metadata.name, metadata.nameIv, dataKey),
+    metadata.createdAt
+      ? decryptDate(metadata.createdAt, metadata.createdAtIv!, dataKey)
+      : undefined,
+    decryptDate(metadata.lastModifiedAt, metadata.lastModifiedAtIv, dataKey),
+  ]);
+
+  return {
+    dataKey: { key: dataKey, version: metadata.dekVersion },
+    name,
+    createdAt,
+    lastModifiedAt,
+  };
+};
+
+export const decryptCategoryMetadata = decryptDirectoryMetadata;

src/lib/modules/filesystem/types.ts

@@ -0,0 +1,79 @@
+export type DataKey = { key: CryptoKey; version: Date };
+
+export interface LocalDirectoryInfo {
+  id: number;
+  parentId: DirectoryId;
+  dataKey?: DataKey;
+  name: string;
+  subDirectories: SubDirectoryInfo[];
+  files: SummarizedFileInfo[];
+  isFavorite: boolean;
+}
+
+export interface RootDirectoryInfo {
+  id: "root";
+  parentId?: undefined;
+  dataKey?: undefined;
+  name?: undefined;
+  subDirectories: SubDirectoryInfo[];
+  files: SummarizedFileInfo[];
+  isFavorite?: undefined;
+}
+
+export type DirectoryInfo = LocalDirectoryInfo | RootDirectoryInfo;
+export type MaybeDirectoryInfo =
+  | (DirectoryInfo & { exists: true })
+  | ({ id: DirectoryId; exists: false } & AllUndefined<Omit<DirectoryInfo, "id">>);
+
+export type SubDirectoryInfo = Omit<LocalDirectoryInfo, "subDirectories" | "files">;
+
+export interface FileInfo {
+  id: number;
+  isLegacy?: boolean;
+  parentId: DirectoryId;
+  dataKey?: DataKey;
+  contentType: string;
+  name: string;
+  createdAt?: Date;
+  lastModifiedAt: Date;
+  categories: FileCategoryInfo[];
+  isFavorite: boolean;
+}
+
+export type MaybeFileInfo =
+  | (FileInfo & { exists: true })
+  | ({ id: number; exists: false } & AllUndefined<Omit<FileInfo, "id">>);
+
+export type SummarizedFileInfo = Omit<FileInfo, "categories">;
+export type CategoryFileInfo = SummarizedFileInfo & { isRecursive: boolean };
+
+export interface LocalCategoryInfo {
+  id: number;
+  parentId: DirectoryId;
+  dataKey?: DataKey;
+  name: string;
+  subCategories: SubCategoryInfo[];
+  files: CategoryFileInfo[];
+  isFileRecursive: boolean;
+}
+
+export interface RootCategoryInfo {
+  id: "root";
+  parentId?: undefined;
+  dataKey?: undefined;
+  name?: undefined;
+  subCategories: SubCategoryInfo[];
+  files?: undefined;
+  isFileRecursive?: undefined;
+}
+
+export type CategoryInfo = LocalCategoryInfo | RootCategoryInfo;
+export type MaybeCategoryInfo =
+  | (CategoryInfo & { exists: true })
+  | ({ id: CategoryId; exists: false } & AllUndefined<Omit<CategoryInfo, "id">>);
+
+export type SubCategoryInfo = Omit<
+  LocalCategoryInfo,
+  "subCategories" | "files" | "isFileRecursive"
+>;
+export type FileCategoryInfo = Omit<SubCategoryInfo, "dataKey">;

src/lib/modules/filesystem2/category.ts

@@ -1,294 +0,0 @@
-import { useQueryClient, createQuery, createMutation } from "@tanstack/svelte-query";
-import { callGetApi, callPostApi } from "$lib/hooks";
-import {
-  getCategoryInfos as getCategoryInfosFromIndexedDB,
-  getCategoryInfo as getCategoryInfoFromIndexedDB,
-  storeCategoryInfo,
-  updateCategoryInfo,
-  deleteCategoryInfo,
-  type CategoryId,
-} from "$lib/indexedDB";
-import {
-  generateDataKey,
-  wrapDataKey,
-  unwrapDataKey,
-  encryptString,
-  decryptString,
-} from "$lib/modules/crypto";
-import type {
-  CategoryInfoResponse,
-  CategoryFileListResponse,
-  CategoryRenameRequest,
-  CategoryCreateRequest,
-  CategoryCreateResponse,
-} from "$lib/server/schemas";
-import type { MasterKey } from "$lib/stores";
-
-export type CategoryInfo =
-  | {
-      id: "root";
-      dataKey?: undefined;
-      dataKeyVersion?: undefined;
-      name?: undefined;
-      subCategoryIds: number[];
-      files?: undefined;
-      isFileRecursive?: undefined;
-    }
-  | {
-      id: number;
-      dataKey?: CryptoKey;
-      dataKeyVersion?: Date;
-      name: string;
-      subCategoryIds: number[];
-      files: { id: number; isRecursive: boolean }[];
-      isFileRecursive: boolean;
-    };
-export type SubCategoryInfo = CategoryInfo & { id: number };
-
-let temporaryIdCounter = -1;
-
-const getInitialCategoryInfo = async (id: CategoryId) => {
-  const [category, subCategories] = await Promise.all([
-    id !== "root" ? getCategoryInfoFromIndexedDB(id) : undefined,
-    getCategoryInfosFromIndexedDB(id),
-  ]);
-  const subCategoryIds = subCategories.map(({ id }) => id);
-
-  if (id === "root") {
-    return { id, subCategoryIds };
-  } else if (category) {
-    return {
-      id,
-      name: category.name,
-      subCategoryIds,
-      files: category.files,
-      isFileRecursive: category.isFileRecursive,
-    };
-  }
-  return undefined;
-};
-
-export const getCategoryInfo = (id: CategoryId, masterKey: CryptoKey) => {
-  return createQuery<CategoryInfo>({
-    queryKey: ["category", id],
-    queryFn: async ({ client, signal }) => {
-      if (!client.getQueryData<CategoryInfo>(["category", id])) {
-        const initialInfo = await getInitialCategoryInfo(id);
-        if (initialInfo) {
-          setTimeout(() => client.invalidateQueries({ queryKey: ["category", id] }), 0);
-          return initialInfo;
-        }
-      }
-
-      const res = await callGetApi(`/api/category/${id}`, { signal }); // TODO: 404
-      const { metadata, subCategories }: CategoryInfoResponse = await res.json();
-
-      if (id === "root") {
-        return { id, subCategoryIds: subCategories };
-      } else {
-        const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
-        const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
-
-        const res = await callGetApi(`/api/category/${id}/file/list?recurse=true`); // TODO: Error Handling
-        const { files }: CategoryFileListResponse = await res.json();
-        const filesMapped = files.map(({ file, isRecursive }) => ({ id: file, isRecursive }));
-
-        const prevInfo = client.getQueryData<CategoryInfo>(["category", id]);
-        await storeCategoryInfo({
-          id,
-          parentId: metadata!.parent,
-          name,
-          files: filesMapped,
-          isFileRecursive: prevInfo?.isFileRecursive ?? false,
-        });
-        return {
-          id,
-          dataKey,
-          dataKeyVersion: new Date(metadata!.dekVersion),
-          name,
-          subCategoryIds: subCategories,
-          files: filesMapped,
-          isFileRecursive: prevInfo?.isFileRecursive ?? false,
-        };
-      }
-    },
-    staleTime: Infinity,
-  });
-};
-
-export type CategoryInfoStore = ReturnType<typeof getCategoryInfo>;
-
-export const useCategoryCreation = (parentId: CategoryId, masterKey: MasterKey) => {
-  const queryClient = useQueryClient();
-  return createMutation<void, Error, { name: string }, { tempId: number }>({
-    mutationFn: async ({ name }) => {
-      const { dataKey, dataKeyVersion } = await generateDataKey();
-      const nameEncrypted = await encryptString(name, dataKey);
-
-      const res = await callPostApi<CategoryCreateRequest>("/api/category/create", {
-        parent: parentId,
-        mekVersion: masterKey.version,
-        dek: await wrapDataKey(dataKey, masterKey.key),
-        dekVersion: dataKeyVersion.toISOString(),
-        name: nameEncrypted.ciphertext,
-        nameIv: nameEncrypted.iv,
-      });
-      if (!res.ok) throw new Error("Failed to create category");
-
-      const { category: id }: CategoryCreateResponse = await res.json();
-      queryClient.setQueryData<CategoryInfo>(["category", id], {
-        id,
-        name,
-        dataKey,
-        dataKeyVersion,
-        subCategoryIds: [],
-        files: [],
-        isFileRecursive: false,
-      });
-      await storeCategoryInfo({ id, parentId, name, files: [], isFileRecursive: false });
-    },
-    onMutate: async ({ name }) => {
-      const tempId = temporaryIdCounter--;
-      queryClient.setQueryData<CategoryInfo>(["category", tempId], {
-        id: tempId,
-        name,
-        subCategoryIds: [],
-        files: [],
-        isFileRecursive: false,
-      });
-
-      await queryClient.cancelQueries({ queryKey: ["category", parentId] });
-      queryClient.setQueryData<CategoryInfo>(["category", parentId], (prevParentInfo) => {
-        if (!prevParentInfo) return;
-        return {
-          ...prevParentInfo,
-          subCategoryIds: [...prevParentInfo.subCategoryIds, tempId],
-        };
-      });
-
-      return { tempId };
-    },
-    onError: (_error, _variables, context) => {
-      if (context) {
-        queryClient.setQueryData<CategoryInfo>(["category", parentId], (prevParentInfo) => {
-          if (!prevParentInfo) return;
-          return {
-            ...prevParentInfo,
-            subCategoryIds: prevParentInfo.subCategoryIds.filter((id) => id !== context.tempId),
-          };
-        });
-      }
-    },
-    onSettled: () => {
-      queryClient.invalidateQueries({ queryKey: ["category", parentId] });
-    },
-  });
-};
-
-export const useCategoryRename = () => {
-  const queryClient = useQueryClient();
-  return createMutation<
-    void,
-    Error,
-    {
-      id: number;
-      dataKey: CryptoKey;
-      dataKeyVersion: Date;
-      newName: string;
-    },
-    { oldName: string | undefined }
-  >({
-    mutationFn: async ({ id, dataKey, dataKeyVersion, newName }) => {
-      const newNameEncrypted = await encryptString(newName, dataKey);
-      const res = await callPostApi<CategoryRenameRequest>(`/api/category/${id}/rename`, {
-        dekVersion: dataKeyVersion.toISOString(),
-        name: newNameEncrypted.ciphertext,
-        nameIv: newNameEncrypted.iv,
-      });
-      if (!res.ok) throw new Error("Failed to rename category");
-
-      await updateCategoryInfo(id, { name: newName });
-    },
-    onMutate: async ({ id, newName }) => {
-      await queryClient.cancelQueries({ queryKey: ["category", id] });
-
-      const prevInfo = queryClient.getQueryData<SubCategoryInfo>(["category", id]);
-      if (prevInfo) {
-        queryClient.setQueryData<CategoryInfo>(["category", id], {
-          ...prevInfo,
-          name: newName,
-        });
-      }
-
-      return { oldName: prevInfo?.name };
-    },
-    onError: (_error, { id }, context) => {
-      if (context?.oldName) {
-        queryClient.setQueryData<SubCategoryInfo>(["category", id], (prevInfo) => {
-          if (!prevInfo) return;
-          return { ...prevInfo, name: context.oldName! };
-        });
-      }
-    },
-    onSettled: (_data, _error, { id }) => {
-      queryClient.invalidateQueries({ queryKey: ["category", id] });
-    },
-  });
-};
-
-export const useCategoryDeletion = (parentId: CategoryId) => {
-  const queryClient = useQueryClient();
-  return createMutation<void, Error, { id: number }, {}>({
-    mutationFn: async ({ id }) => {
-      const res = await callPostApi(`/api/category/${id}/delete`);
-      if (!res.ok) throw new Error("Failed to delete category");
-
-      await deleteCategoryInfo(id);
-
-      // TODO: Update FileInfo
-    },
-    onMutate: async ({ id }) => {
-      await queryClient.cancelQueries({ queryKey: ["category", parentId] });
-      queryClient.setQueryData<CategoryInfo>(["category", parentId], (prevParentInfo) => {
-        if (!prevParentInfo) return;
-        return {
-          ...prevParentInfo,
-          subCategoryIds: prevParentInfo.subCategoryIds.filter((categoryId) => categoryId !== id),
-        };
-      });
-      return {};
-    },
-    onError: (_error, { id }, context) => {
-      if (context) {
-        queryClient.setQueryData<CategoryInfo>(["category", parentId], (prevParentInfo) => {
-          if (!prevParentInfo) return;
-          return {
-            ...prevParentInfo,
-            subCategoryIds: [...prevParentInfo.subCategoryIds, id],
-          };
-        });
-      }
-    },
-    onSettled: () => {
-      queryClient.invalidateQueries({ queryKey: ["category", parentId] });
-    },
-  });
-};
-
-export const useCategoryFileRecursionToggle = () => {
-  const queryClient = useQueryClient();
-  return createMutation<void, Error, { id: number; isFileRecursive: boolean }, {}>({
-    mutationFn: async ({ id, isFileRecursive }) => {
-      await updateCategoryInfo(id, { isFileRecursive });
-    },
-    onMutate: async ({ id, isFileRecursive }) => {
-      const prevInfo = queryClient.getQueryData<SubCategoryInfo>(["category", id]);
-      if (prevInfo) {
-        queryClient.setQueryData<CategoryInfo>(["category", id], {
-          ...prevInfo,
-          isFileRecursive,
-        });
-      }
-    },
-  });
-};

src/lib/modules/filesystem2/directory.ts

@@ -1,267 +0,0 @@
-import { useQueryClient, createQuery, createMutation } from "@tanstack/svelte-query";
-import { callGetApi, callPostApi } from "$lib/hooks";
-import {
-  getDirectoryInfos as getDirectoryInfosFromIndexedDB,
-  getDirectoryInfo as getDirectoryInfoFromIndexedDB,
-  storeDirectoryInfo,
-  updateDirectoryInfo,
-  deleteDirectoryInfo,
-  getFileInfos as getFileInfosFromIndexedDB,
-  deleteFileInfo,
-  type DirectoryId,
-} from "$lib/indexedDB";
-import {
-  generateDataKey,
-  wrapDataKey,
-  unwrapDataKey,
-  encryptString,
-  decryptString,
-} from "$lib/modules/crypto";
-import type {
-  DirectoryInfoResponse,
-  DirectoryDeleteResponse,
-  DirectoryRenameRequest,
-  DirectoryCreateRequest,
-  DirectoryCreateResponse,
-} from "$lib/server/schemas";
-import type { MasterKey } from "$lib/stores";
-
-export type DirectoryInfo =
-  | {
-      id: "root";
-      dataKey?: undefined;
-      dataKeyVersion?: undefined;
-      name?: undefined;
-      subDirectoryIds: number[];
-      fileIds: number[];
-    }
-  | {
-      id: number;
-      dataKey?: CryptoKey;
-      dataKeyVersion?: Date;
-      name: string;
-      subDirectoryIds: number[];
-      fileIds: number[];
-    };
-export type SubDirectoryInfo = DirectoryInfo & { id: number };
-
-let temporaryIdCounter = -1;
-
-const getInitialDirectoryInfo = async (id: DirectoryId) => {
-  const [directory, subDirectories, files] = await Promise.all([
-    id !== "root" ? getDirectoryInfoFromIndexedDB(id) : undefined,
-    getDirectoryInfosFromIndexedDB(id),
-    getFileInfosFromIndexedDB(id),
-  ]);
-  const subDirectoryIds = subDirectories.map(({ id }) => id);
-  const fileIds = files.map(({ id }) => id);
-
-  if (id === "root") {
-    return { id, subDirectoryIds, fileIds };
-  } else if (directory) {
-    return { id, name: directory.name, subDirectoryIds, fileIds };
-  }
-  return undefined;
-};
-
-export const getDirectoryInfo = (id: DirectoryId, masterKey: CryptoKey) => {
-  return createQuery<DirectoryInfo>({
-    queryKey: ["directory", id],
-    queryFn: async ({ client, signal }) => {
-      if (!client.getQueryData(["directory", id])) {
-        const initialInfo = await getInitialDirectoryInfo(id);
-        if (initialInfo) {
-          setTimeout(() => client.invalidateQueries({ queryKey: ["directory", id] }), 0);
-          return initialInfo;
-        }
-      }
-
-      const res = await callGetApi(`/api/directory/${id}`, { signal }); // TODO: 404
-      const {
-        metadata,
-        subDirectories: subDirectoryIds,
-        files: fileIds,
-      }: DirectoryInfoResponse = await res.json();
-
-      if (id === "root") {
-        return { id, subDirectoryIds, fileIds };
-      } else {
-        const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
-        const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
-        await storeDirectoryInfo({ id, parentId: metadata!.parent, name });
-        return {
-          id,
-          dataKey,
-          dataKeyVersion: new Date(metadata!.dekVersion),
-          name,
-          subDirectoryIds,
-          fileIds,
-        };
-      }
-    },
-    staleTime: Infinity,
-  });
-};
-
-export type DirectoryInfoStore = ReturnType<typeof getDirectoryInfo>;
-
-export const useDirectoryCreation = (parentId: DirectoryId, masterKey: MasterKey) => {
-  const queryClient = useQueryClient();
-  return createMutation<void, Error, { name: string }, { tempId: number }>({
-    mutationFn: async ({ name }) => {
-      const { dataKey, dataKeyVersion } = await generateDataKey();
-      const nameEncrypted = await encryptString(name, dataKey);
-
-      const res = await callPostApi<DirectoryCreateRequest>(`/api/directory/create`, {
-        parent: parentId,
-        mekVersion: masterKey.version,
-        dek: await wrapDataKey(dataKey, masterKey.key),
-        dekVersion: dataKeyVersion.toISOString(),
-        name: nameEncrypted.ciphertext,
-        nameIv: nameEncrypted.iv,
-      });
-      if (!res.ok) throw new Error("Failed to create directory");
-
-      const { directory: id }: DirectoryCreateResponse = await res.json();
-      queryClient.setQueryData<DirectoryInfo>(["directory", id], {
-        id,
-        name,
-        dataKey,
-        dataKeyVersion,
-        subDirectoryIds: [],
-        fileIds: [],
-      });
-      await storeDirectoryInfo({ id, parentId, name });
-    },
-    onMutate: async ({ name }) => {
-      const tempId = temporaryIdCounter--;
-      queryClient.setQueryData<DirectoryInfo>(["directory", tempId], {
-        id: tempId,
-        name,
-        subDirectoryIds: [],
-        fileIds: [],
-      });
-
-      await queryClient.cancelQueries({ queryKey: ["directory", parentId] });
-      queryClient.setQueryData<DirectoryInfo>(["directory", parentId], (prevParentInfo) => {
-        if (!prevParentInfo) return undefined;
-        return {
-          ...prevParentInfo,
-          subDirectoryIds: [...prevParentInfo.subDirectoryIds, tempId],
-        };
-      });
-
-      return { tempId };
-    },
-    onError: (_error, _variables, context) => {
-      if (context) {
-        queryClient.setQueryData<DirectoryInfo>(["directory", parentId], (prevParentInfo) => {
-          if (!prevParentInfo) return undefined;
-          return {
-            ...prevParentInfo,
-            subDirectoryIds: prevParentInfo.subDirectoryIds.filter((id) => id !== context.tempId),
-          };
-        });
-      }
-    },
-    onSettled: () => {
-      queryClient.invalidateQueries({ queryKey: ["directory", parentId] });
-    },
-  });
-};
-
-export const useDirectoryRename = () => {
-  const queryClient = useQueryClient();
-  return createMutation<
-    void,
-    Error,
-    {
-      id: number;
-      dataKey: CryptoKey;
-      dataKeyVersion: Date;
-      newName: string;
-    },
-    { oldName: string | undefined }
-  >({
-    mutationFn: async ({ id, dataKey, dataKeyVersion, newName }) => {
-      const newNameEncrypted = await encryptString(newName, dataKey);
-      const res = await callPostApi<DirectoryRenameRequest>(`/api/directory/${id}/rename`, {
-        dekVersion: dataKeyVersion.toISOString(),
-        name: newNameEncrypted.ciphertext,
-        nameIv: newNameEncrypted.iv,
-      });
-      if (!res.ok) throw new Error("Failed to rename directory");
-
-      await updateDirectoryInfo(id, { name: newName });
-    },
-    onMutate: async ({ id, newName }) => {
-      await queryClient.cancelQueries({ queryKey: ["directory", id] });
-
-      const prevInfo = queryClient.getQueryData<SubDirectoryInfo>(["directory", id]);
-      if (prevInfo) {
-        queryClient.setQueryData<DirectoryInfo>(["directory", id], {
-          ...prevInfo,
-          name: newName,
-        });
-      }
-
-      return { oldName: prevInfo?.name };
-    },
-    onError: (_error, { id }, context) => {
-      if (context?.oldName) {
-        queryClient.setQueryData<SubDirectoryInfo>(["directory", id], (prevInfo) => {
-          if (!prevInfo) return undefined;
-          return { ...prevInfo, name: context.oldName! };
-        });
-      }
-    },
-    onSettled: (_data, _error, { id }) => {
-      queryClient.invalidateQueries({ queryKey: ["directory", id] });
-    },
-  });
-};
-
-export const useDirectoryDeletion = (parentId: DirectoryId) => {
-  const queryClient = useQueryClient();
-  return createMutation<{ deletedFiles: number[] }, Error, { id: number }, {}>({
-    mutationFn: async ({ id }) => {
-      const res = await callPostApi(`/api/directory/${id}/delete`);
-      if (!res.ok) throw new Error("Failed to delete directory");
-
-      const { deletedDirectories, deletedFiles }: DirectoryDeleteResponse = await res.json();
-      await Promise.all([
-        ...deletedDirectories.map(deleteDirectoryInfo),
-        ...deletedFiles.map(deleteFileInfo),
-      ]);
-
-      return { deletedFiles };
-    },
-    onMutate: async ({ id }) => {
-      await queryClient.cancelQueries({ queryKey: ["directory", parentId] });
-      queryClient.setQueryData<DirectoryInfo>(["directory", parentId], (prevParentInfo) => {
-        if (!prevParentInfo) return undefined;
-        return {
-          ...prevParentInfo,
-          subDirectoryIds: prevParentInfo.subDirectoryIds.filter(
-            (subDirectoryId) => subDirectoryId !== id,
-          ),
-        };
-      });
-      return {};
-    },
-    onError: (_error, { id }, context) => {
-      if (context) {
-        queryClient.setQueryData<DirectoryInfo>(["directory", parentId], (prevParentInfo) => {
-          if (!prevParentInfo) return undefined;
-          return {
-            ...prevParentInfo,
-            subDirectoryIds: [...prevParentInfo.subDirectoryIds, id],
-          };
-        });
-      }
-    },
-    onSettled: () => {
-      queryClient.invalidateQueries({ queryKey: ["directory", parentId] });
-    },
-  });
-};

src/lib/modules/filesystem2/file.ts

@@ -1,230 +0,0 @@
-import { useQueryClient, createQuery, createMutation } from "@tanstack/svelte-query";
-import { callGetApi, callPostApi } from "$lib/hooks";
-import {
-  getFileInfo as getFileInfoFromIndexedDB,
-  storeFileInfo,
-  updateFileInfo,
-  deleteFileInfo,
-  type DirectoryId,
-} from "$lib/indexedDB";
-import { unwrapDataKey, encryptString, decryptString } from "$lib/modules/crypto";
-import { uploadFile } from "$lib/modules/file";
-import type { FileInfoResponse, FileRenameRequest } from "$lib/server/schemas";
-import type { MasterKey, HmacSecret } from "$lib/stores";
-import type { DirectoryInfo } from "./directory";
-
-export interface FileInfo {
-  id: number;
-  dataKey?: CryptoKey;
-  dataKeyVersion?: Date;
-  contentType: string;
-  contentIv?: string;
-  name: string;
-  createdAt?: Date;
-  lastModifiedAt: Date;
-  categoryIds: number[];
-}
-
-const decryptDate = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
-  return new Date(parseInt(await decryptString(ciphertext, iv, dataKey), 10));
-};
-
-export const getFileInfo = (id: number, masterKey: CryptoKey) => {
-  return createQuery<FileInfo>({
-    queryKey: ["file", id],
-    queryFn: async ({ client, signal }) => {
-      if (!client.getQueryData(["file", id])) {
-        const initialInfo = await getFileInfoFromIndexedDB(id);
-        if (initialInfo) {
-          setTimeout(() => client.invalidateQueries({ queryKey: ["file", id] }), 0);
-          return initialInfo;
-        }
-      }
-
-      const res = await callGetApi(`/api/file/${id}`, { signal }); // TODO: 404
-      const metadata: FileInfoResponse = await res.json();
-
-      const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
-      const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
-      const createdAt =
-        metadata.createdAt && metadata.createdAtIv
-          ? await decryptDate(metadata.createdAt, metadata.createdAtIv, dataKey)
-          : undefined;
-      const lastModifiedAt = await decryptDate(
-        metadata.lastModifiedAt,
-        metadata.lastModifiedAtIv,
-        dataKey,
-      );
-
-      await storeFileInfo({
-        id,
-        parentId: metadata.parent,
-        name,
-        contentType: metadata.contentType,
-        createdAt,
-        lastModifiedAt,
-        categoryIds: metadata.categories,
-      });
-      return {
-        id,
-        dataKey,
-        dataKeyVersion: new Date(metadata.dekVersion),
-        contentType: metadata.contentType,
-        contentIv: metadata.contentIv,
-        name,
-        createdAt,
-        lastModifiedAt,
-        categoryIds: metadata.categories,
-      };
-    },
-    staleTime: Infinity,
-  });
-};
-
-export type FileInfoStore = ReturnType<typeof getFileInfo>;
-
-export const useFileUpload = (
-  parentId: DirectoryId,
-  masterKey: MasterKey,
-  hmacSecret: HmacSecret,
-) => {
-  const queryClient = useQueryClient();
-  return createMutation<
-    { fileId: number; fileBuffer: ArrayBuffer; thumbnailBuffer?: ArrayBuffer },
-    Error,
-    { file: File; onDuplicate: () => Promise<boolean> },
-    { tempId: number }
-  >({
-    mutationFn: async ({ file, onDuplicate }) => {
-      const res = await uploadFile(file, parentId, hmacSecret, masterKey, onDuplicate);
-      if (!res) throw new Error("Failed to upload file");
-
-      queryClient.setQueryData<FileInfo>(["file", res.fileId], {
-        id: res.fileId,
-        dataKey: res.fileDataKey,
-        dataKeyVersion: res.fileDataKeyVersion,
-        contentType: res.fileType,
-        contentIv: res.fileEncryptedIv,
-        name: file.name,
-        createdAt: res.fileCreatedAt,
-        lastModifiedAt: new Date(file.lastModified),
-        categoryIds: [],
-      });
-      await storeFileInfo({
-        id: res.fileId,
-        parentId,
-        name: file.name,
-        contentType: res.fileType,
-        createdAt: res.fileCreatedAt,
-        lastModifiedAt: new Date(file.lastModified),
-        categoryIds: [],
-      });
-      return {
-        fileId: res.fileId,
-        fileBuffer: res.fileBuffer,
-        thumbnailBuffer: res.thumbnailBuffer,
-      };
-    },
-    onSuccess: async ({ fileId }) => {
-      await queryClient.cancelQueries({ queryKey: ["directory", parentId] });
-      queryClient.setQueryData<DirectoryInfo>(["directory", parentId], (prevParentInfo) => {
-        if (!prevParentInfo) return undefined;
-        return {
-          ...prevParentInfo,
-          fileIds: [...prevParentInfo.fileIds, fileId],
-        };
-      });
-    },
-    onSettled: () => {
-      queryClient.invalidateQueries({ queryKey: ["directory", parentId] });
-    },
-  });
-};
-
-export const useFileRename = () => {
-  const queryClient = useQueryClient();
-  return createMutation<
-    void,
-    Error,
-    {
-      id: number;
-      dataKey: CryptoKey;
-      dataKeyVersion: Date;
-      newName: string;
-    },
-    { oldName: string | undefined }
-  >({
-    mutationFn: async ({ id, dataKey, dataKeyVersion, newName }) => {
-      const newNameEncrypted = await encryptString(newName, dataKey);
-      const res = await callPostApi<FileRenameRequest>(`/api/file/${id}/rename`, {
-        dekVersion: dataKeyVersion.toISOString(),
-        name: newNameEncrypted.ciphertext,
-        nameIv: newNameEncrypted.iv,
-      });
-      if (!res.ok) throw new Error("Failed to rename file");
-
-      await updateFileInfo(id, { name: newName });
-    },
-    onMutate: async ({ id, newName }) => {
-      await queryClient.cancelQueries({ queryKey: ["file", id] });
-
-      const prevInfo = queryClient.getQueryData<FileInfo>(["file", id]);
-      if (prevInfo) {
-        queryClient.setQueryData<FileInfo>(["file", id], {
-          ...prevInfo,
-          name: newName,
-        });
-      }
-
-      return { oldName: prevInfo?.name };
-    },
-    onError: (_error, { id }, context) => {
-      if (context?.oldName) {
-        queryClient.setQueryData<FileInfo>(["file", id], (prevInfo) => {
-          if (!prevInfo) return undefined;
-          return { ...prevInfo, name: context.oldName! };
-        });
-      }
-    },
-    onSettled: (_data, _error, { id }) => {
-      queryClient.invalidateQueries({ queryKey: ["file", id] });
-    },
-  });
-};
-
-export const useFileDeletion = (parentId: DirectoryId) => {
-  const queryClient = useQueryClient();
-  return createMutation<void, Error, { id: number }, {}>({
-    mutationFn: async ({ id }) => {
-      const res = await callPostApi(`/api/file/${id}/delete`);
-      if (!res.ok) throw new Error("Failed to delete file");
-
-      await deleteFileInfo(id);
-    },
-    onMutate: async ({ id }) => {
-      await queryClient.cancelQueries({ queryKey: ["directory", parentId] });
-      queryClient.setQueryData<DirectoryInfo>(["directory", parentId], (prevParentInfo) => {
-        if (!prevParentInfo) return undefined;
-        return {
-          ...prevParentInfo,
-          fileIds: prevParentInfo.fileIds.filter((fileId) => fileId !== id),
-        };
-      });
-      return {};
-    },
-    onError: (_error, { id }, context) => {
-      if (context) {
-        queryClient.setQueryData<DirectoryInfo>(["directory", parentId], (prevParentInfo) => {
-          if (!prevParentInfo) return undefined;
-          return {
-            ...prevParentInfo,
-            fileIds: [...prevParentInfo.fileIds, id],
-          };
-        });
-      }
-    },
-    onSettled: () => {
-      queryClient.invalidateQueries({ queryKey: ["directory", parentId] });
-    },
-  });
-};

src/lib/modules/http.ts

@@ -0,0 +1,22 @@
+export const parseRangeHeader = (value: string | null) => {
+  if (!value) return undefined;
+
+  const firstRange = value.split(",")[0]!.trim();
+  const parts = firstRange.replace(/bytes=/, "").split("-");
+  return {
+    start: parts[0] ? parseInt(parts[0], 10) : undefined,
+    end: parts[1] ? parseInt(parts[1], 10) : undefined,
+  };
+};
+
+export const getContentRangeHeader = (range?: { start: number; end: number; total: number }) => {
+  return range && { "Content-Range": `bytes ${range.start}-${range.end}/${range.total}` };
+};
+
+export const parseContentDigestHeader = (value: string | null) => {
+  if (!value) return undefined;
+
+  const firstDigest = value.split(",")[0]!.trim();
+  const match = firstDigest.match(/^sha-256=:([A-Za-z0-9+/=]+):$/);
+  return match?.[1];
+};

src/lib/modules/key.ts

@@ -2,21 +2,21 @@ import { z } from "zod";
 import { storeClientKey } from "$lib/indexedDB";
 import type { ClientKeys } from "$lib/stores";
 
-const serializedClientKeysSchema = z.intersection(
+const SerializedClientKeysSchema = z.intersection(
   z.object({
     generator: z.literal("ArkVault"),
-    exportedAt: z.string().datetime(),
+    exportedAt: z.iso.datetime(),
   }),
   z.object({
     version: z.literal(1),
-    encryptKey: z.string().base64().nonempty(),
+    encryptKey: z.base64().nonempty(),
-    decryptKey: z.string().base64().nonempty(),
+    decryptKey: z.base64().nonempty(),
-    signKey: z.string().base64().nonempty(),
+    signKey: z.base64().nonempty(),
-    verifyKey: z.string().base64().nonempty(),
+    verifyKey: z.base64().nonempty(),
   }),
 );
 
-type SerializedClientKeys = z.infer<typeof serializedClientKeysSchema>;
+type SerializedClientKeys = z.infer<typeof SerializedClientKeysSchema>;
 
 type DeserializedClientKeys = {
   encryptKeyBase64: string;
@@ -43,7 +43,7 @@ export const serializeClientKeys = ({
 };
 
 export const deserializeClientKeys = (serialized: string) => {
-  const zodRes = serializedClientKeysSchema.safeParse(JSON.parse(serialized));
+  const zodRes = SerializedClientKeysSchema.safeParse(JSON.parse(serialized));
   if (zodRes.success) {
     return {
       encryptKeyBase64: zodRes.data.encryptKey,

src/lib/modules/opfs.ts

@@ -1,13 +1,5 @@
-let rootHandle: FileSystemDirectoryHandle | null = null;
-
-export const prepareOpfs = async () => {
-  rootHandle = await navigator.storage.getDirectory();
-};
-
 const getFileHandle = async (path: string, create = true) => {
-  if (!rootHandle) {
+  if (path[0] !== "/") {
-    throw new Error("OPFS not prepared");
-  } else if (path[0] !== "/") {
     throw new Error("Path must be absolute");
   }
 
@@ -17,7 +9,7 @@ const getFileHandle = async (path: string, create = true) => {
   }
 
   try {
-    let directoryHandle = rootHandle;
+    let directoryHandle = await navigator.storage.getDirectory();
     for (const part of parts.slice(0, -1)) {
       if (!part) continue;
       directoryHandle = await directoryHandle.getDirectoryHandle(part, { create });
@@ -34,12 +26,15 @@ const getFileHandle = async (path: string, create = true) => {
   }
 };
 
-export const readFile = async (path: string) => {
+export const getFile = async (path: string) => {
   const { fileHandle } = await getFileHandle(path, false);
   if (!fileHandle) return null;
 
-  const file = await fileHandle.getFile();
+  return await fileHandle.getFile();
-  return await file.arrayBuffer();
+};
+
+export const readFile = async (path: string) => {
+  return (await getFile(path))?.arrayBuffer() ?? null;
 };
 
 export const writeFile = async (path: string, data: ArrayBuffer) => {
@@ -61,9 +56,7 @@ export const deleteFile = async (path: string) => {
 };
 
 const getDirectoryHandle = async (path: string) => {
-  if (!rootHandle) {
+  if (path[0] !== "/") {
-    throw new Error("OPFS not prepared");
-  } else if (path[0] !== "/") {
     throw new Error("Path must be absolute");
   }
 
@@ -73,7 +66,7 @@ const getDirectoryHandle = async (path: string) => {
   }
 
   try {
-    let directoryHandle = rootHandle;
+    let directoryHandle = await navigator.storage.getDirectory();
     let parentHandle;
     for (const part of parts.slice(1)) {
       if (!part) continue;

src/lib/modules/thumbnail.ts

@@ -52,7 +52,6 @@ const generateImageThumbnail = (imageUrl: string) => {
         .catch(reject);
     };
     image.onerror = reject;
-
     image.src = imageUrl;
   });
 };
@@ -85,31 +84,27 @@ const generateVideoThumbnail = (videoUrl: string, time = 0) => {
   });
 };
 
-export const generateThumbnail = async (fileBuffer: ArrayBuffer, fileType: string) => {
+export const generateThumbnail = async (blob: Blob) => {
   let url;
   try {
-    if (fileType.startsWith("image/")) {
+    if (blob.type.startsWith("image/")) {
-      const fileBlob = new Blob([fileBuffer], { type: fileType });
+      url = URL.createObjectURL(blob);
-      url = URL.createObjectURL(fileBlob);
-
       try {
         return await generateImageThumbnail(url);
       } catch {
         URL.revokeObjectURL(url);
         url = undefined;
 
-        if (fileType === "image/heic") {
+        if (blob.type === "image/heic") {
           const { default: heic2any } = await import("heic2any");
-          url = URL.createObjectURL(
+          url = URL.createObjectURL((await heic2any({ blob, toType: "image/png" })) as Blob);
-            (await heic2any({ blob: fileBlob, toType: "image/png" })) as Blob,
-          );
           return await generateImageThumbnail(url);
         } else {
           return null;
         }
       }
-    } else if (fileType.startsWith("video/")) {
+    } else if (blob.type.startsWith("video/")) {
-      url = URL.createObjectURL(new Blob([fileBuffer], { type: fileType }));
+      url = URL.createObjectURL(blob);
       return await generateVideoThumbnail(url);
     }
     return null;

src/lib/modules/upload.ts

@@ -0,0 +1,183 @@
+import axios from "axios";
+import pLimit from "p-limit";
+import { ENCRYPTION_OVERHEAD, CHUNK_SIZE } from "$lib/constants";
+import { encryptChunk, digestMessage, encodeToBase64 } from "$lib/modules/crypto";
+import { BoundedQueue } from "$lib/utils";
+
+interface UploadStats {
+  progress: number;
+  rate: number;
+}
+
+interface EncryptedChunk {
+  index: number;
+  data: ArrayBuffer;
+  hash: string;
+}
+
+const createSpeedMeter = (timeWindow = 3000, minInterval = 200, warmupPeriod = 500) => {
+  const samples: { t: number; b: number }[] = [];
+  let lastSpeed = 0;
+  let startTime: number | null = null;
+
+  return (bytesNow?: number) => {
+    if (bytesNow === undefined) return lastSpeed;
+
+    const now = performance.now();
+
+    // Initialize start time on first call
+    if (startTime === null) {
+      startTime = now;
+    }
+
+    // Check if enough time has passed since the last sample
+    const lastSample = samples[samples.length - 1];
+    if (lastSample && now - lastSample.t < minInterval) {
+      return lastSpeed;
+    }
+
+    samples.push({ t: now, b: bytesNow });
+
+    // Remove old samples outside the time window
+    const cutoff = now - timeWindow;
+    while (samples.length > 2 && samples[0]!.t < cutoff) samples.shift();
+
+    // Need at least 2 samples to calculate speed
+    if (samples.length < 2) {
+      return lastSpeed;
+    }
+
+    const first = samples[0]!;
+    const dt = now - first.t;
+    const db = bytesNow - first.b;
+
+    if (dt >= minInterval) {
+      const instantSpeed = (db / dt) * 1000;
+      // Apply EMA for smoother speed transitions
+      const alpha = 0.3;
+      const rawSpeed =
+        lastSpeed === 0 ? instantSpeed : alpha * instantSpeed + (1 - alpha) * lastSpeed;
+
+      // Apply warmup ramp to prevent initial overestimation
+      const elapsed = now - startTime;
+      const warmupWeight = Math.min(1, elapsed / warmupPeriod);
+      lastSpeed = rawSpeed * warmupWeight;
+    }
+
+    return lastSpeed;
+  };
+};
+
+const encryptChunkData = async (
+  chunk: Blob,
+  dataKey: CryptoKey,
+): Promise<{ data: ArrayBuffer; hash: string }> => {
+  const encrypted = await encryptChunk(await chunk.arrayBuffer(), dataKey);
+  const hash = encodeToBase64(await digestMessage(encrypted));
+  return { data: encrypted, hash };
+};
+
+const uploadEncryptedChunk = async (
+  uploadId: string,
+  chunkIndex: number,
+  encrypted: ArrayBuffer,
+  hash: string,
+  onChunkProgress: (chunkIndex: number, loaded: number) => void,
+) => {
+  await axios.post(`/api/upload/${uploadId}/chunks/${chunkIndex + 1}`, encrypted, {
+    headers: {
+      "Content-Type": "application/octet-stream",
+      "Content-Digest": `sha-256=:${hash}:`,
+    },
+    onUploadProgress(e) {
+      onChunkProgress(chunkIndex, e.loaded ?? 0);
+    },
+  });
+
+  onChunkProgress(chunkIndex, encrypted.byteLength);
+};
+
+export const uploadBlob = async (
+  uploadId: string,
+  blob: Blob,
+  dataKey: CryptoKey,
+  options?: { concurrency?: number; onProgress?: (s: UploadStats) => void },
+) => {
+  const onProgress = options?.onProgress;
+  const networkConcurrency = options?.concurrency ?? 4;
+  const maxQueueSize = 8;
+
+  const totalChunks = Math.ceil(blob.size / CHUNK_SIZE);
+  const totalBytes = blob.size + totalChunks * ENCRYPTION_OVERHEAD;
+
+  const uploadedByChunk = new Array<number>(totalChunks).fill(0);
+  const speedMeter = createSpeedMeter(3000, 200);
+
+  const emit = () => {
+    if (!onProgress) return;
+
+    const uploadedBytes = uploadedByChunk.reduce((a, b) => a + b, 0);
+    const rate = speedMeter(uploadedBytes);
+    const progress = Math.min(1, uploadedBytes / totalBytes);
+
+    onProgress({ progress, rate });
+  };
+
+  const onChunkProgress = (idx: number, loaded: number) => {
+    uploadedByChunk[idx] = loaded;
+    emit();
+  };
+
+  const queue = new BoundedQueue<EncryptedChunk>(maxQueueSize);
+  let encryptionError: Error | null = null;
+
+  // Producer: encrypt chunks and push to queue
+  const encryptionProducer = async () => {
+    try {
+      for (let i = 0; i < totalChunks; i++) {
+        const chunk = blob.slice(i * CHUNK_SIZE, (i + 1) * CHUNK_SIZE);
+        const { data, hash } = await encryptChunkData(chunk, dataKey);
+        await queue.push({ index: i, data, hash });
+      }
+    } catch (e) {
+      encryptionError = e instanceof Error ? e : new Error(String(e));
+    } finally {
+      queue.close();
+    }
+  };
+
+  // Consumer: upload chunks from queue with concurrency limit
+  const uploadConsumer = async () => {
+    const limit = pLimit(networkConcurrency);
+    const activeTasks = new Set<Promise<void>>();
+
+    while (true) {
+      const item = await queue.pop();
+      if (item === null) break;
+      if (encryptionError) throw encryptionError;
+
+      const task = limit(async () => {
+        try {
+          await uploadEncryptedChunk(uploadId, item.index, item.data, item.hash, onChunkProgress);
+        } finally {
+          // @ts-ignore
+          item.data = null;
+        }
+      });
+
+      activeTasks.add(task);
+      task.finally(() => activeTasks.delete(task));
+
+      if (activeTasks.size >= networkConcurrency) {
+        await Promise.race(activeTasks);
+      }
+    }
+
+    await Promise.all(activeTasks);
+  };
+
+  // Run producer and consumer concurrently
+  await Promise.all([encryptionProducer(), uploadConsumer()]);
+
+  onProgress?.({ progress: 1, rate: speedMeter() });
+};

src/lib/schemas/filesystem.ts

@@ -0,0 +1,4 @@
+import { z } from "zod";
+
+export const DirectoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
+export const CategoryIdSchema = z.union([z.literal("root"), z.int().positive()]);

src/lib/schemas/index.ts

@@ -0,0 +1 @@
+export * from "./filesystem";

src/lib/server/db/category.ts

@@ -2,8 +2,6 @@ import { IntegrityError } from "./error";
 import db from "./kysely";
 import type { Ciphertext } from "./schema";
 
-export type CategoryId = "root" | number;
-
 interface Category {
   id: number;
   parentId: CategoryId;
@@ -17,7 +15,7 @@ interface Category {
 export type NewCategory = Omit<Category, "id">;
 
 export const registerCategory = async (params: NewCategory) => {
-  return await db.transaction().execute(async (trx) => {
+  await db.transaction().execute(async (trx) => {
     const mek = await trx
       .selectFrom("master_encryption_key")
       .select("version")
@@ -51,7 +49,6 @@ export const registerCategory = async (params: NewCategory) => {
         new_name: params.encName,
       })
       .execute();
-    return { id: categoryId };
   });
 };
 

src/lib/server/db/client.ts

@@ -98,22 +98,6 @@ export const createUserClient = async (userId: number, clientId: number) => {
   }
 };
 
-export const getAllUserClients = async (userId: number) => {
-  const userClients = await db
-    .selectFrom("user_client")
-    .selectAll()
-    .where("user_id", "=", userId)
-    .execute();
-  return userClients.map(
-    ({ user_id, client_id, state }) =>
-      ({
-        userId: user_id,
-        clientId: client_id,
-        state,
-      }) satisfies UserClient,
-  );
-};
-
 export const getUserClient = async (userId: number, clientId: number) => {
   const userClient = await db
     .selectFrom("user_client")

src/lib/server/db/directory.ts

@@ -0,0 +1,278 @@
+import type { Selectable } from "kysely";
+import { IntegrityError } from "./error";
+import db from "./kysely";
+import type { Ciphertext, DirectoryTable } from "./schema";
+
+interface Directory {
+  id: number;
+  parentId: DirectoryId;
+  userId: number;
+  mekVersion: number;
+  encDek: string;
+  dekVersion: Date;
+  encName: Ciphertext;
+  isFavorite: boolean;
+}
+
+const toDirectory = (row: Selectable<DirectoryTable>): Directory => ({
+  id: row.id,
+  parentId: row.parent_id ?? "root",
+  userId: row.user_id,
+  mekVersion: row.master_encryption_key_version,
+  encDek: row.encrypted_data_encryption_key,
+  dekVersion: row.data_encryption_key_version,
+  encName: row.encrypted_name,
+  isFavorite: row.is_favorite,
+});
+
+export const registerDirectory = async (params: Omit<Directory, "id" | "isFavorite">) => {
+  await db.transaction().execute(async (trx) => {
+    const mek = await trx
+      .selectFrom("master_encryption_key")
+      .select("version")
+      .where("user_id", "=", params.userId)
+      .where("state", "=", "active")
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (mek?.version !== params.mekVersion) {
+      throw new IntegrityError("Inactive MEK version");
+    }
+
+    const { directoryId } = await trx
+      .insertInto("directory")
+      .values({
+        parent_id: params.parentId !== "root" ? params.parentId : null,
+        user_id: params.userId,
+        master_encryption_key_version: params.mekVersion,
+        encrypted_data_encryption_key: params.encDek,
+        data_encryption_key_version: params.dekVersion,
+        encrypted_name: params.encName,
+      })
+      .returning("id as directoryId")
+      .executeTakeFirstOrThrow();
+    await trx
+      .insertInto("directory_log")
+      .values({
+        directory_id: directoryId,
+        timestamp: new Date(),
+        action: "create",
+        new_name: params.encName,
+      })
+      .execute();
+  });
+};
+
+export const getAllDirectoriesByParent = async (userId: number, parentId: DirectoryId) => {
+  const directories = await db
+    .selectFrom("directory")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .$if(parentId === "root", (qb) => qb.where("parent_id", "is", null))
+    .$if(parentId !== "root", (qb) => qb.where("parent_id", "=", parentId as number))
+    .execute();
+  return directories.map(toDirectory);
+};
+
+export const getAllFavoriteDirectories = async (userId: number) => {
+  const directories = await db
+    .selectFrom("directory")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .where("is_favorite", "=", true)
+    .execute();
+  return directories.map(toDirectory);
+};
+
+export const getDirectory = async (userId: number, directoryId: number) => {
+  const directory = await db
+    .selectFrom("directory")
+    .selectAll()
+    .where("id", "=", directoryId)
+    .where("user_id", "=", userId)
+    .limit(1)
+    .executeTakeFirst();
+  return directory ? toDirectory(directory) : null;
+};
+
+export const searchDirectories = async (
+  userId: number,
+  filters: {
+    parentId: DirectoryId;
+    inFavorites: boolean;
+  },
+) => {
+  const directories = await db
+    .withRecursive("directory_tree", (db) =>
+      db
+        .selectFrom("directory")
+        .select("id")
+        .where("user_id", "=", userId)
+        .$if(filters.parentId === "root", (qb) => qb.where((eb) => eb.lit(false))) // directory_tree will be empty if parentId is "root"
+        .$if(filters.parentId !== "root", (qb) => qb.where("id", "=", filters.parentId as number))
+        .unionAll(
+          db
+            .selectFrom("directory as d")
+            .innerJoin("directory_tree as dt", "d.parent_id", "dt.id")
+            .select("d.id"),
+        ),
+    )
+    .withRecursive("favorite_directory_tree", (db) =>
+      db
+        .selectFrom("directory")
+        .select("id")
+        .where("user_id", "=", userId)
+        .$if(!filters.inFavorites, (qb) => qb.where((eb) => eb.lit(false))) // favorite_directory_tree will be empty if inFavorites is false
+        .$if(filters.inFavorites, (qb) => qb.where("is_favorite", "=", true))
+        .unionAll((db) =>
+          db
+            .selectFrom("directory as d")
+            .innerJoin("favorite_directory_tree as dt", "d.parent_id", "dt.id")
+            .select("d.id"),
+        ),
+    )
+    .selectFrom("directory")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .$if(filters.parentId !== "root", (qb) =>
+      qb.where((eb) =>
+        eb.exists(eb.selectFrom("directory_tree as dt").whereRef("dt.id", "=", "parent_id")),
+      ),
+    )
+    .$if(filters.inFavorites, (qb) =>
+      qb.where((eb) =>
+        eb.exists(
+          eb.selectFrom("favorite_directory_tree as dt").whereRef("dt.id", "=", "directory.id"),
+        ),
+      ),
+    )
+    .execute();
+  return directories.map(toDirectory);
+};
+
+export const setDirectoryEncName = async (
+  userId: number,
+  directoryId: number,
+  dekVersion: Date,
+  encName: Ciphertext,
+) => {
+  await db.transaction().execute(async (trx) => {
+    const directory = await trx
+      .selectFrom("directory")
+      .select("data_encryption_key_version")
+      .where("id", "=", directoryId)
+      .where("user_id", "=", userId)
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (!directory) {
+      throw new IntegrityError("Directory not found");
+    } else if (directory.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+      throw new IntegrityError("Invalid DEK version");
+    }
+
+    await trx
+      .updateTable("directory")
+      .set({ encrypted_name: encName })
+      .where("id", "=", directoryId)
+      .where("user_id", "=", userId)
+      .execute();
+    await trx
+      .insertInto("directory_log")
+      .values({
+        directory_id: directoryId,
+        timestamp: new Date(),
+        action: "rename",
+        new_name: encName,
+      })
+      .execute();
+  });
+};
+
+export const setDirectoryFavorite = async (
+  userId: number,
+  directoryId: number,
+  isFavorite: boolean,
+) => {
+  await db.transaction().execute(async (trx) => {
+    const directory = await trx
+      .selectFrom("directory")
+      .select("is_favorite")
+      .where("id", "=", directoryId)
+      .where("user_id", "=", userId)
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (!directory) {
+      throw new IntegrityError("Directory not found");
+    } else if (directory.is_favorite === isFavorite) {
+      throw new IntegrityError(
+        isFavorite ? "Directory already favorited" : "Directory not favorited",
+      );
+    }
+
+    await trx
+      .updateTable("directory")
+      .set({ is_favorite: isFavorite })
+      .where("id", "=", directoryId)
+      .where("user_id", "=", userId)
+      .execute();
+    await trx
+      .insertInto("directory_log")
+      .values({
+        directory_id: directoryId,
+        timestamp: new Date(),
+        action: isFavorite ? "add-to-favorites" : "remove-from-favorites",
+      })
+      .execute();
+  });
+};
+
+export const unregisterDirectory = async (userId: number, directoryId: number) => {
+  return await db
+    .transaction()
+    .setIsolationLevel("repeatable read") // TODO: Sufficient?
+    .execute(async (trx) => {
+      const unregisterFiles = async (parentId: number) => {
+        const files = await trx
+          .selectFrom("file")
+          .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
+          .select(["file.id", "file.path", "thumbnail.path as thumbnailPath"])
+          .where("file.parent_id", "=", parentId)
+          .where("file.user_id", "=", userId)
+          .forUpdate("file")
+          .execute();
+        await trx
+          .deleteFrom("file")
+          .where("parent_id", "=", parentId)
+          .where("user_id", "=", userId)
+          .execute();
+        return files;
+      };
+      const unregisterDirectoryRecursively = async (
+        directoryId: number,
+      ): Promise<{ id: number; path: string; thumbnailPath: string | null }[]> => {
+        const files = await unregisterFiles(directoryId);
+        const subDirectories = await trx
+          .selectFrom("directory")
+          .select("id")
+          .where("parent_id", "=", directoryId)
+          .where("user_id", "=", userId)
+          .execute();
+        const subDirectoryFilePaths = await Promise.all(
+          subDirectories.map(async ({ id }) => await unregisterDirectoryRecursively(id)),
+        );
+
+        const deleteRes = await trx
+          .deleteFrom("directory")
+          .where("id", "=", directoryId)
+          .where("user_id", "=", userId)
+          .executeTakeFirst();
+        if (deleteRes.numDeletedRows === 0n) {
+          throw new IntegrityError("Directory not found");
+        }
+        return files.concat(...subDirectoryFilePaths);
+      };
+      return await unregisterDirectoryRecursively(directoryId);
+    });
+};

src/lib/server/db/error.ts

@@ -8,9 +8,14 @@ type IntegrityErrorMessages =
   | "User client already exists"
   // File
   | "Directory not found"
+  | "Directory already favorited"
+  | "Directory not favorited"
   | "File not found"
+  | "File is not legacy"
   | "File not found in category"
   | "File already added to category"
+  | "File already favorited"
+  | "File not favorited"
   | "Invalid DEK version"
   // HSK
   | "HSK already registered"

src/lib/server/db/file.ts

@@ -1,22 +1,9 @@
-import { sql, type NotNull } from "kysely";
+import { sql, type Selectable } from "kysely";
+import { jsonArrayFrom } from "kysely/helpers/postgres";
 import pg from "pg";
 import { IntegrityError } from "./error";
 import db from "./kysely";
-import type { Ciphertext } from "./schema";
+import type { Ciphertext, FileTable } from "./schema";
-
-export type DirectoryId = "root" | number;
-
-interface Directory {
-  id: number;
-  parentId: DirectoryId;
-  userId: number;
-  mekVersion: number;
-  encDek: string;
-  dekVersion: Date;
-  encName: Ciphertext;
-}
-
-export type NewDirectory = Omit<Directory, "id">;
 
 interface File {
   id: number;
@@ -29,284 +16,88 @@ interface File {
   hskVersion: number | null;
   contentHmac: string | null;
   contentType: string;
-  encContentIv: string;
+  encContentIv: string | null;
   encContentHash: string;
   encName: Ciphertext;
   encCreatedAt: Ciphertext | null;
   encLastModifiedAt: Ciphertext;
+  isFavorite: boolean;
 }
 
-export type NewFile = Omit<File, "id">;
+interface FileCategory {
+  id: number;
+  parentId: CategoryId;
+  mekVersion: number;
+  encDek: string;
+  dekVersion: Date;
+  encName: Ciphertext;
+}
 
-export const registerDirectory = async (params: NewDirectory) => {
+const toFile = (row: Selectable<FileTable>): File => ({
-  return await db.transaction().execute(async (trx) => {
+  id: row.id,
-    const mek = await trx
+  parentId: row.parent_id ?? "root",
-      .selectFrom("master_encryption_key")
+  userId: row.user_id,
-      .select("version")
+  path: row.path,
-      .where("user_id", "=", params.userId)
+  mekVersion: row.master_encryption_key_version,
-      .where("state", "=", "active")
+  encDek: row.encrypted_data_encryption_key,
-      .limit(1)
+  dekVersion: row.data_encryption_key_version,
-      .forUpdate()
+  hskVersion: row.hmac_secret_key_version,
-      .executeTakeFirst();
+  contentHmac: row.content_hmac,
-    if (mek?.version !== params.mekVersion) {
+  contentType: row.content_type,
-      throw new IntegrityError("Inactive MEK version");
+  encContentIv: row.encrypted_content_iv,
-    }
+  encContentHash: row.encrypted_content_hash,
+  encName: row.encrypted_name,
+  encCreatedAt: row.encrypted_created_at,
+  encLastModifiedAt: row.encrypted_last_modified_at,
+  isFavorite: row.is_favorite,
+});
 
-    const { directoryId } = await trx
+export const registerFile = async (trx: typeof db, params: Omit<File, "id" | "isFavorite">) => {
-      .insertInto("directory")
-      .values({
-        parent_id: params.parentId !== "root" ? params.parentId : null,
-        user_id: params.userId,
-        master_encryption_key_version: params.mekVersion,
-        encrypted_data_encryption_key: params.encDek,
-        data_encryption_key_version: params.dekVersion,
-        encrypted_name: params.encName,
-      })
-      .returning("id as directoryId")
-      .executeTakeFirstOrThrow();
-    await trx
-      .insertInto("directory_log")
-      .values({
-        directory_id: directoryId,
-        timestamp: new Date(),
-        action: "create",
-        new_name: params.encName,
-      })
-      .execute();
-    return { id: directoryId };
-  });
-};
-
-export const getAllDirectoriesByParent = async (userId: number, parentId: DirectoryId) => {
-  let query = db.selectFrom("directory").selectAll().where("user_id", "=", userId);
-  query =
-    parentId === "root"
-      ? query.where("parent_id", "is", null)
-      : query.where("parent_id", "=", parentId);
-  const directories = await query.execute();
-  return directories.map(
-    (directory) =>
-      ({
-        id: directory.id,
-        parentId: directory.parent_id ?? "root",
-        userId: directory.user_id,
-        mekVersion: directory.master_encryption_key_version,
-        encDek: directory.encrypted_data_encryption_key,
-        dekVersion: directory.data_encryption_key_version,
-        encName: directory.encrypted_name,
-      }) satisfies Directory,
-  );
-};
-
-export const getDirectory = async (userId: number, directoryId: number) => {
-  const directory = await db
-    .selectFrom("directory")
-    .selectAll()
-    .where("id", "=", directoryId)
-    .where("user_id", "=", userId)
-    .limit(1)
-    .executeTakeFirst();
-  return directory
-    ? ({
-        id: directory.id,
-        parentId: directory.parent_id ?? "root",
-        userId: directory.user_id,
-        mekVersion: directory.master_encryption_key_version,
-        encDek: directory.encrypted_data_encryption_key,
-        dekVersion: directory.data_encryption_key_version,
-        encName: directory.encrypted_name,
-      } satisfies Directory)
-    : null;
-};
-
-export const setDirectoryEncName = async (
-  userId: number,
-  directoryId: number,
-  dekVersion: Date,
-  encName: Ciphertext,
-) => {
-  await db.transaction().execute(async (trx) => {
-    const directory = await trx
-      .selectFrom("directory")
-      .select("data_encryption_key_version")
-      .where("id", "=", directoryId)
-      .where("user_id", "=", userId)
-      .limit(1)
-      .forUpdate()
-      .executeTakeFirst();
-    if (!directory) {
-      throw new IntegrityError("Directory not found");
-    } else if (directory.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
-      throw new IntegrityError("Invalid DEK version");
-    }
-
-    await trx
-      .updateTable("directory")
-      .set({ encrypted_name: encName })
-      .where("id", "=", directoryId)
-      .where("user_id", "=", userId)
-      .execute();
-    await trx
-      .insertInto("directory_log")
-      .values({
-        directory_id: directoryId,
-        timestamp: new Date(),
-        action: "rename",
-        new_name: encName,
-      })
-      .execute();
-  });
-};
-
-export const unregisterDirectory = async (userId: number, directoryId: number) => {
-  return await db
-    .transaction()
-    .setIsolationLevel("repeatable read") // TODO: Sufficient?
-    .execute(async (trx) => {
-      const unregisterFiles = async (parentId: number) => {
-        const files = await trx
-          .selectFrom("file")
-          .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
-          .select(["file.id", "file.path", "thumbnail.path as thumbnailPath"])
-          .where("file.parent_id", "=", parentId)
-          .where("file.user_id", "=", userId)
-          .forUpdate("file")
-          .execute();
-        await trx
-          .deleteFrom("file")
-          .where("parent_id", "=", parentId)
-          .where("user_id", "=", userId)
-          .execute();
-        return files;
-      };
-      const unregisterDirectoryRecursively = async (
-        directoryId: number,
-      ): Promise<{
-        subDirectories: { id: number }[];
-        files: { id: number; path: string; thumbnailPath: string | null }[];
-      }> => {
-        const files = await unregisterFiles(directoryId);
-        const subDirectories = await trx
-          .selectFrom("directory")
-          .select("id")
-          .where("parent_id", "=", directoryId)
-          .where("user_id", "=", userId)
-          .execute();
-        const subDirectoryEntries = await Promise.all(
-          subDirectories.map(async ({ id }) => await unregisterDirectoryRecursively(id)),
-        );
-
-        const deleteRes = await trx
-          .deleteFrom("directory")
-          .where("id", "=", directoryId)
-          .where("user_id", "=", userId)
-          .executeTakeFirst();
-        if (deleteRes.numDeletedRows === 0n) {
-          throw new IntegrityError("Directory not found");
-        }
-        return {
-          subDirectories: subDirectoryEntries
-            .flatMap(({ subDirectories }) => subDirectories)
-            .concat(subDirectories),
-          files: subDirectoryEntries.flatMap(({ files }) => files).concat(files),
-        };
-      };
-      return await unregisterDirectoryRecursively(directoryId);
-    });
-};
-
-export const registerFile = async (params: NewFile) => {
   if ((params.hskVersion && !params.contentHmac) || (!params.hskVersion && params.contentHmac)) {
     throw new Error("Invalid arguments");
   }
 
-  return await db.transaction().execute(async (trx) => {
+  const { fileId } = await trx
-    const mek = await trx
+    .insertInto("file")
-      .selectFrom("master_encryption_key")
+    .values({
-      .select("version")
+      parent_id: params.parentId !== "root" ? params.parentId : null,
-      .where("user_id", "=", params.userId)
+      user_id: params.userId,
-      .where("state", "=", "active")
+      path: params.path,
-      .limit(1)
+      master_encryption_key_version: params.mekVersion,
-      .forUpdate()
+      encrypted_data_encryption_key: params.encDek,
-      .executeTakeFirst();
+      data_encryption_key_version: params.dekVersion,
-    if (mek?.version !== params.mekVersion) {
+      hmac_secret_key_version: params.hskVersion,
-      throw new IntegrityError("Inactive MEK version");
+      content_hmac: params.contentHmac,
-    }
+      content_type: params.contentType,
-
+      encrypted_content_iv: params.encContentIv,
-    if (params.hskVersion) {
+      encrypted_content_hash: params.encContentHash,
-      const hsk = await trx
+      encrypted_name: params.encName,
-        .selectFrom("hmac_secret_key")
+      encrypted_created_at: params.encCreatedAt,
-        .select("version")
+      encrypted_last_modified_at: params.encLastModifiedAt,
-        .where("user_id", "=", params.userId)
+    })
-        .where("state", "=", "active")
+    .returning("id as fileId")
-        .limit(1)
+    .executeTakeFirstOrThrow();
-        .forUpdate()
+  await trx
-        .executeTakeFirst();
+    .insertInto("file_log")
-      if (hsk?.version !== params.hskVersion) {
+    .values({
-        throw new IntegrityError("Inactive HSK version");
+      file_id: fileId,
-      }
+      timestamp: new Date(),
-    }
+      action: "create",
-
+      new_name: params.encName,
-    const { fileId } = await trx
+    })
-      .insertInto("file")
+    .execute();
-      .values({
+  return { id: fileId };
-        parent_id: params.parentId !== "root" ? params.parentId : null,
-        user_id: params.userId,
-        path: params.path,
-        master_encryption_key_version: params.mekVersion,
-        encrypted_data_encryption_key: params.encDek,
-        data_encryption_key_version: params.dekVersion,
-        hmac_secret_key_version: params.hskVersion,
-        content_hmac: params.contentHmac,
-        content_type: params.contentType,
-        encrypted_content_iv: params.encContentIv,
-        encrypted_content_hash: params.encContentHash,
-        encrypted_name: params.encName,
-        encrypted_created_at: params.encCreatedAt,
-        encrypted_last_modified_at: params.encLastModifiedAt,
-      })
-      .returning("id as fileId")
-      .executeTakeFirstOrThrow();
-    await trx
-      .insertInto("file_log")
-      .values({
-        file_id: fileId,
-        timestamp: new Date(),
-        action: "create",
-        new_name: params.encName,
-      })
-      .execute();
-    return { id: fileId };
-  });
 };
 
 export const getAllFilesByParent = async (userId: number, parentId: DirectoryId) => {
-  let query = db.selectFrom("file").selectAll().where("user_id", "=", userId);
+  const files = await db
-  query =
+    .selectFrom("file")
-    parentId === "root"
+    .selectAll()
-      ? query.where("parent_id", "is", null)
+    .where("user_id", "=", userId)
-      : query.where("parent_id", "=", parentId);
+    .$if(parentId === "root", (qb) => qb.where("parent_id", "is", null))
-  const files = await query.execute();
+    .$if(parentId !== "root", (qb) => qb.where("parent_id", "=", parentId as number))
-  return files.map(
+    .execute();
-    (file) =>
+  return files.map(toFile);
-      ({
-        id: file.id,
-        parentId: file.parent_id ?? "root",
-        userId: file.user_id,
-        path: file.path,
-        mekVersion: file.master_encryption_key_version,
-        encDek: file.encrypted_data_encryption_key,
-        dekVersion: file.data_encryption_key_version,
-        hskVersion: file.hmac_secret_key_version,
-        contentHmac: file.content_hmac,
-        contentType: file.content_type,
-        encContentIv: file.encrypted_content_iv,
-        encContentHash: file.encrypted_content_hash,
-        encName: file.encrypted_name,
-        encCreatedAt: file.encrypted_created_at,
-        encLastModifiedAt: file.encrypted_last_modified_at,
-      }) satisfies File,
-  );
 };
 
 export const getAllFilesByCategory = async (
@@ -315,39 +106,34 @@ export const getAllFilesByCategory = async (
   recurse: boolean,
 ) => {
   const files = await db
-    .withRecursive("cte", (db) =>
+    .withRecursive("category_tree", (db) =>
       db
         .selectFrom("category")
-        .leftJoin("file_category", "category.id", "file_category.category_id")
+        .select(["id", sql<number>`0`.as("depth")])
-        .select(["id", "parent_id", "user_id", "file_category.file_id"])
-        .select(sql<number>`0`.as("depth"))
         .where("id", "=", categoryId)
+        .where("user_id", "=", userId)
         .$if(recurse, (qb) =>
           qb.unionAll((db) =>
             db
               .selectFrom("category")
-              .leftJoin("file_category", "category.id", "file_category.category_id")
+              .innerJoin("category_tree", "category.parent_id", "category_tree.id")
-              .innerJoin("cte", "category.parent_id", "cte.id")
+              .select(["category.id", sql<number>`depth + 1`.as("depth")]),
-              .select([
-                "category.id",
-                "category.parent_id",
-                "category.user_id",
-                "file_category.file_id",
-              ])
-              .select(sql<number>`cte.depth + 1`.as("depth")),
           ),
         ),
     )
-    .selectFrom("cte")
+    .selectFrom("category_tree")
+    .innerJoin("file_category", "category_tree.id", "file_category.category_id")
+    .innerJoin("file", "file_category.file_id", "file.id")
     .select(["file_id", "depth"])
+    .selectAll("file")
     .distinctOn("file_id")
-    .where("user_id", "=", userId)
-    .where("file_id", "is not", null)
-    .$narrowType<{ file_id: NotNull }>()
     .orderBy("file_id")
     .orderBy("depth")
     .execute();
-  return files.map(({ file_id, depth }) => ({ id: file_id, isRecursive: depth > 0 }));
+  return files.map((file) => ({
+    ...toFile(file),
+    isRecursive: file.depth > 0,
+  }));
 };
 
 export const getAllFileIds = async (userId: number) => {
@@ -355,6 +141,41 @@ export const getAllFileIds = async (userId: number) => {
   return files.map(({ id }) => id);
 };
 
+export const getLegacyFiles = async (userId: number, limit: number = 100) => {
+  const files = await db
+    .selectFrom("file")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .where("encrypted_content_iv", "is not", null)
+    .limit(limit)
+    .execute();
+  return files.map(toFile);
+};
+
+export const getFilesWithoutThumbnail = async (userId: number, limit: number = 100) => {
+  const files = await db
+    .selectFrom("file")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .where((eb) =>
+      eb.or([eb("content_type", "like", "image/%"), eb("content_type", "like", "video/%")]),
+    )
+    .where((eb) =>
+      eb.not(
+        eb.exists(
+          eb
+            .selectFrom("thumbnail")
+            .select("thumbnail.id")
+            .whereRef("thumbnail.file_id", "=", "file.id")
+            .limit(1),
+        ),
+      ),
+    )
+    .limit(limit)
+    .execute();
+  return files.map(toFile);
+};
+
 export const getAllFileIdsByContentHmac = async (
   userId: number,
   hskVersion: number,
@@ -378,25 +199,163 @@ export const getFile = async (userId: number, fileId: number) => {
     .where("user_id", "=", userId)
     .limit(1)
     .executeTakeFirst();
-  return file
+  return file ? toFile(file) : null;
-    ? ({
+};
-        id: file.id,
+
-        parentId: file.parent_id ?? "root",
+export const getFilesWithCategories = async (userId: number, fileIds: number[]) => {
-        userId: file.user_id,
+  const files = await db
-        path: file.path,
+    .selectFrom("file")
-        mekVersion: file.master_encryption_key_version,
+    .selectAll()
-        encDek: file.encrypted_data_encryption_key,
+    .select((eb) =>
-        dekVersion: file.data_encryption_key_version,
+      jsonArrayFrom(
-        hskVersion: file.hmac_secret_key_version,
+        eb
-        contentHmac: file.content_hmac,
+          .selectFrom("file_category")
-        contentType: file.content_type,
+          .innerJoin("category", "file_category.category_id", "category.id")
-        encContentIv: file.encrypted_content_iv,
+          .where("file_category.file_id", "=", eb.ref("file.id"))
-        encContentHash: file.encrypted_content_hash,
+          .selectAll("category"),
-        encName: file.encrypted_name,
+      ).as("categories"),
-        encCreatedAt: file.encrypted_created_at,
+    )
-        encLastModifiedAt: file.encrypted_last_modified_at,
+    .where("id", "=", (eb) => eb.fn.any(eb.val(fileIds)))
-      } satisfies File)
+    .where("user_id", "=", userId)
-    : null;
+    .execute();
+  return files.map((file) => ({
+    ...toFile(file),
+    categories: file.categories.map(
+      (category) =>
+        ({
+          id: category.id,
+          parentId: category.parent_id ?? "root",
+          mekVersion: category.master_encryption_key_version,
+          encDek: category.encrypted_data_encryption_key,
+          dekVersion: new Date(category.data_encryption_key_version),
+          encName: category.encrypted_name,
+        }) satisfies FileCategory,
+    ),
+  }));
+};
+
+export const getAllFavoriteFiles = async (userId: number) => {
+  const files = await db
+    .selectFrom("file")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .where("is_favorite", "=", true)
+    .execute();
+  return files.map(toFile);
+};
+
+export const searchFiles = async (
+  userId: number,
+  filters: {
+    parentId: DirectoryId;
+    inFavorites: boolean;
+    includeCategoryIds: number[];
+    excludeCategoryIds: number[];
+  },
+) => {
+  const baseQuery = db
+    .withRecursive("directory_tree", (db) =>
+      db
+        .selectFrom("directory")
+        .select("id")
+        .where("user_id", "=", userId)
+        .$if(filters.parentId === "root", (qb) => qb.where((eb) => eb.lit(false))) // directory_tree will be empty if parentId is "root"
+        .$if(filters.parentId !== "root", (qb) => qb.where("id", "=", filters.parentId as number))
+        .unionAll(
+          db
+            .selectFrom("directory as d")
+            .innerJoin("directory_tree as dt", "d.parent_id", "dt.id")
+            .select("d.id"),
+        ),
+    )
+    .withRecursive("favorite_directory_tree", (db) =>
+      db
+        .selectFrom("directory")
+        .select("id")
+        .where("user_id", "=", userId)
+        .$if(!filters.inFavorites, (qb) => qb.where((eb) => eb.lit(false))) // favorite_directory_tree will be empty if inFavorites is false
+        .$if(filters.inFavorites, (qb) => qb.where("is_favorite", "=", true))
+        .unionAll((db) =>
+          db
+            .selectFrom("directory as d")
+            .innerJoin("favorite_directory_tree as dt", "d.parent_id", "dt.id")
+            .select("d.id"),
+        ),
+    )
+    .withRecursive("include_category_tree", (db) =>
+      db
+        .selectFrom("category")
+        .select(["id", "id as root_id"])
+        .where("id", "=", (eb) => eb.fn.any(eb.val(filters.includeCategoryIds)))
+        .where("user_id", "=", userId)
+        .unionAll(
+          db
+            .selectFrom("category as c")
+            .innerJoin("include_category_tree as ct", "c.parent_id", "ct.id")
+            .select(["c.id", "ct.root_id"]),
+        ),
+    )
+    .withRecursive("exclude_category_tree", (db) =>
+      db
+        .selectFrom("category")
+        .select("id")
+        .where("id", "=", (eb) => eb.fn.any(eb.val(filters.excludeCategoryIds)))
+        .where("user_id", "=", userId)
+        .unionAll((db) =>
+          db
+            .selectFrom("category as c")
+            .innerJoin("exclude_category_tree as ct", "c.parent_id", "ct.id")
+            .select("c.id"),
+        ),
+    )
+    .selectFrom("file")
+    .selectAll("file")
+    .where("user_id", "=", userId)
+    .$if(filters.parentId !== "root", (qb) =>
+      qb.where((eb) =>
+        eb.exists(eb.selectFrom("directory_tree as dt").whereRef("dt.id", "=", "file.parent_id")),
+      ),
+    )
+    .$if(filters.inFavorites, (qb) =>
+      qb.where((eb) =>
+        eb.or([
+          eb("is_favorite", "=", true),
+          eb.exists(
+            eb.selectFrom("favorite_directory_tree as dt").whereRef("dt.id", "=", "file.parent_id"),
+          ),
+        ]),
+      ),
+    )
+    .$if(filters.excludeCategoryIds.length > 0, (qb) =>
+      qb.where((eb) =>
+        eb.not(
+          eb.exists(
+            eb
+              .selectFrom("file_category")
+              .innerJoin("exclude_category_tree", "category_id", "exclude_category_tree.id")
+              .whereRef("file_id", "=", "file.id"),
+          ),
+        ),
+      ),
+    );
+  const files =
+    filters.includeCategoryIds.length > 0
+      ? await baseQuery
+          .innerJoin("file_category", "file.id", "file_category.file_id")
+          .innerJoin(
+            "include_category_tree",
+            "file_category.category_id",
+            "include_category_tree.id",
+          )
+          .groupBy("file.id")
+          .having(
+            (eb) => eb.fn.count("include_category_tree.root_id").distinct(),
+            "=",
+            filters.includeCategoryIds.length,
+          )
+          .execute()
+      : await baseQuery.execute();
+  return files.map(toFile);
 };
 
 export const setFileEncName = async (
@@ -457,6 +416,51 @@ export const unregisterFile = async (userId: number, fileId: number) => {
   });
 };
 
+export const migrateFileContent = async (
+  trx: typeof db,
+  userId: number,
+  fileId: number,
+  newPath: string,
+  dekVersion: Date,
+  encContentHash: string,
+) => {
+  const file = await trx
+    .selectFrom("file")
+    .select(["path", "data_encryption_key_version", "encrypted_content_iv"])
+    .where("id", "=", fileId)
+    .where("user_id", "=", userId)
+    .limit(1)
+    .forUpdate()
+    .executeTakeFirst();
+  if (!file) {
+    throw new IntegrityError("File not found");
+  } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+    throw new IntegrityError("Invalid DEK version");
+  } else if (!file.encrypted_content_iv) {
+    throw new IntegrityError("File is not legacy");
+  }
+
+  await trx
+    .updateTable("file")
+    .set({
+      path: newPath,
+      encrypted_content_iv: null,
+      encrypted_content_hash: encContentHash,
+    })
+    .where("id", "=", fileId)
+    .where("user_id", "=", userId)
+    .execute();
+  await trx
+    .insertInto("file_log")
+    .values({
+      file_id: fileId,
+      timestamp: new Date(),
+      action: "migrate",
+    })
+    .execute();
+  return { oldPath: file.path };
+};
+
 export const addFileToCategory = async (fileId: number, categoryId: number) => {
   await db.transaction().execute(async (trx) => {
     try {
@@ -485,10 +489,21 @@ export const addFileToCategory = async (fileId: number, categoryId: number) => {
 export const getAllFileCategories = async (fileId: number) => {
   const categories = await db
     .selectFrom("file_category")
-    .select("category_id")
+    .innerJoin("category", "file_category.category_id", "category.id")
+    .selectAll("category")
     .where("file_id", "=", fileId)
     .execute();
-  return categories.map(({ category_id }) => ({ id: category_id }));
+  return categories.map(
+    (category) =>
+      ({
+        id: category.id,
+        parentId: category.parent_id ?? "root",
+        mekVersion: category.master_encryption_key_version,
+        encDek: category.encrypted_data_encryption_key,
+        dekVersion: category.data_encryption_key_version,
+        encName: category.encrypted_name,
+      }) satisfies FileCategory,
+  );
 };
 
 export const removeFileFromCategory = async (fileId: number, categoryId: number) => {
@@ -513,3 +528,36 @@ export const removeFileFromCategory = async (fileId: number, categoryId: number)
       .execute();
   });
 };
+
+export const setFileFavorite = async (userId: number, fileId: number, isFavorite: boolean) => {
+  await db.transaction().execute(async (trx) => {
+    const file = await trx
+      .selectFrom("file")
+      .select("is_favorite")
+      .where("id", "=", fileId)
+      .where("user_id", "=", userId)
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (!file) {
+      throw new IntegrityError("File not found");
+    } else if (file.is_favorite === isFavorite) {
+      throw new IntegrityError(isFavorite ? "File already favorited" : "File not favorited");
+    }
+
+    await trx
+      .updateTable("file")
+      .set({ is_favorite: isFavorite })
+      .where("id", "=", fileId)
+      .where("user_id", "=", userId)
+      .execute();
+    await trx
+      .insertInto("file_log")
+      .values({
+        file_id: fileId,
+        timestamp: new Date(),
+        action: isFavorite ? "add-to-favorites" : "remove-from-favorites",
+      })
+      .execute();
+  });
+};

src/lib/server/db/index.ts

@@ -0,0 +1,12 @@
+export * as CategoryRepo from "./category";
+export * as ClientRepo from "./client";
+export * as DirectoryRepo from "./directory";
+export * as FileRepo from "./file";
+export * as HskRepo from "./hsk";
+export * as MediaRepo from "./media";
+export * as MekRepo from "./mek";
+export * as SessionRepo from "./session";
+export * as UploadRepo from "./upload";
+export * as UserRepo from "./user";
+
+export * from "./error";

src/lib/server/db/media.ts

@@ -6,7 +6,7 @@ interface Thumbnail {
   id: number;
   path: string;
   updatedAt: Date;
-  encContentIv: string;
+  encContentIv: string | null;
 }
 
 interface FileThumbnail extends Thumbnail {
@@ -14,54 +14,53 @@ interface FileThumbnail extends Thumbnail {
 }
 
 export const updateFileThumbnail = async (
+  trx: typeof db,
   userId: number,
   fileId: number,
   dekVersion: Date,
   path: string,
-  encContentIv: string,
+  encContentIv: string | null,
 ) => {
-  return await db.transaction().execute(async (trx) => {
+  const file = await trx
-    const file = await trx
+    .selectFrom("file")
-      .selectFrom("file")
+    .select("data_encryption_key_version")
-      .select("data_encryption_key_version")
+    .where("id", "=", fileId)
-      .where("id", "=", fileId)
+    .where("user_id", "=", userId)
-      .where("user_id", "=", userId)
+    .limit(1)
-      .limit(1)
+    .forUpdate()
-      .forUpdate()
+    .executeTakeFirst();
-      .executeTakeFirst();
+  if (!file) {
-    if (!file) {
+    throw new IntegrityError("File not found");
-      throw new IntegrityError("File not found");
+  } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
-    } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+    throw new IntegrityError("Invalid DEK version");
-      throw new IntegrityError("Invalid DEK version");
+  }
-    }
 
-    const thumbnail = await trx
+  const thumbnail = await trx
-      .selectFrom("thumbnail")
+    .selectFrom("thumbnail")
-      .select("path as oldPath")
+    .select("path as oldPath")
-      .where("file_id", "=", fileId)
+    .where("file_id", "=", fileId)
-      .limit(1)
+    .limit(1)
-      .forUpdate()
+    .forUpdate()
-      .executeTakeFirst();
+    .executeTakeFirst();
-    const now = new Date();
+  const now = new Date();
 
-    await trx
+  await trx
-      .insertInto("thumbnail")
+    .insertInto("thumbnail")
-      .values({
+    .values({
-        file_id: fileId,
+      file_id: fileId,
+      path,
+      updated_at: now,
+      encrypted_content_iv: encContentIv,
+    })
+    .onConflict((oc) =>
+      oc.column("file_id").doUpdateSet({
         path,
         updated_at: now,
         encrypted_content_iv: encContentIv,
-      })
+      }),
-      .onConflict((oc) =>
+    )
-        oc.column("file_id").doUpdateSet({
+    .execute();
-          path,
+  return thumbnail?.oldPath ?? null;
-          updated_at: now,
-          encrypted_content_iv: encContentIv,
-        }),
-      )
-      .execute();
-    return thumbnail?.oldPath ?? null;
-  });
 };
 
 export const getFileThumbnail = async (userId: number, fileId: number) => {
@@ -84,27 +83,3 @@ export const getFileThumbnail = async (userId: number, fileId: number) => {
       } satisfies FileThumbnail)
     : null;
 };
-
-export const getMissingFileThumbnails = async (userId: number, limit: number = 100) => {
-  const files = await db
-    .selectFrom("file")
-    .select("id")
-    .where("user_id", "=", userId)
-    .where((eb) =>
-      eb.or([eb("content_type", "like", "image/%"), eb("content_type", "like", "video/%")]),
-    )
-    .where((eb) =>
-      eb.not(
-        eb.exists(
-          eb
-            .selectFrom("thumbnail")
-            .select("thumbnail.id")
-            .whereRef("thumbnail.file_id", "=", "file.id")
-            .limit(1),
-        ),
-      ),
-    )
-    .limit(limit)
-    .execute();
-  return files.map(({ id }) => id);
-};

src/lib/server/db/mek.ts

@@ -60,19 +60,6 @@ export const registerInitialMek = async (
   });
 };
 
-export const getInitialMek = async (userId: number) => {
-  const mek = await db
-    .selectFrom("master_encryption_key")
-    .selectAll()
-    .where("user_id", "=", userId)
-    .where("version", "=", 1)
-    .limit(1)
-    .executeTakeFirst();
-  return mek
-    ? ({ userId: mek.user_id, version: mek.version, state: mek.state } satisfies Mek)
-    : null;
-};
-
 export const getAllValidClientMeks = async (userId: number, clientId: number) => {
   const clientMeks = await db
     .selectFrom("client_master_encryption_key")
@@ -84,7 +71,7 @@ export const getAllValidClientMeks = async (userId: number, clientId: number) =>
     .selectAll()
     .where("client_master_encryption_key.user_id", "=", userId)
     .where("client_master_encryption_key.client_id", "=", clientId)
-    .where((eb) => eb.or([eb("state", "=", "active"), eb("state", "=", "retired")]))
+    .where("state", "in", ["active", "retired"])
     .execute();
   return clientMeks.map(
     ({ user_id, client_id, version, state, encrypted_key, encrypted_key_signature }) =>

src/lib/server/db/migrations/1737357000-Initial.ts

@@ -135,7 +135,7 @@ export const up = async (db: Kysely<any>) => {
     )
     .execute();
 
-  // file.ts
+  // directory.ts
   await db.schema
     .createTable("directory")
     .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
@@ -162,6 +162,8 @@ export const up = async (db: Kysely<any>) => {
     .addColumn("action", "text", (col) => col.notNull())
     .addColumn("new_name", "json")
     .execute();
+
+  // file.ts
   await db.schema
     .createTable("file")
     .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())

src/lib/server/db/migrations/1737422340-AddFileCategory.ts

@@ -53,9 +53,7 @@ export const up = async (db: Kysely<any>) => {
 export const down = async (db: Kysely<any>) => {
   await db
     .deleteFrom("file_log")
-    .where((eb) =>
+    .where("action", "in", ["add-to-category", "remove-from-category"])
-      eb.or([eb("action", "=", "add-to-category"), eb("action", "=", "remove-from-category")]),
-    )
     .execute();
 
   await db.schema.dropTable("file_category").execute();

src/lib/server/db/migrations/1768062380-AddChunkedUpload.ts

@@ -0,0 +1,76 @@
+import { Kysely, sql } from "kysely";
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const up = async (db: Kysely<any>) => {
+  // file.ts
+  await db.schema
+    .alterTable("file")
+    .alterColumn("encrypted_content_iv", (col) => col.dropNotNull())
+    .execute();
+
+  // media.ts
+  await db.schema
+    .alterTable("thumbnail")
+    .alterColumn("encrypted_content_iv", (col) => col.dropNotNull())
+    .execute();
+
+  // upload.ts
+  await db.schema
+    .createTable("upload_session")
+    .addColumn("id", "uuid", (col) => col.primaryKey())
+    .addColumn("type", "text", (col) => col.notNull())
+    .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+    .addColumn("path", "text", (col) => col.notNull())
+    .addColumn("bitmap", "bytea", (col) => col.notNull())
+    .addColumn("total_chunks", "integer", (col) => col.notNull())
+    .addColumn("uploaded_chunks", "integer", (col) =>
+      col
+        .generatedAlwaysAs(sql`bit_count(bitmap)`)
+        .stored()
+        .notNull(),
+    )
+    .addColumn("expires_at", "timestamp(3)", (col) => col.notNull())
+    .addColumn("parent_id", "integer", (col) => col.references("directory.id"))
+    .addColumn("master_encryption_key_version", "integer")
+    .addColumn("encrypted_data_encryption_key", "text")
+    .addColumn("data_encryption_key_version", "timestamp(3)")
+    .addColumn("hmac_secret_key_version", "integer")
+    .addColumn("content_type", "text")
+    .addColumn("encrypted_name", "json")
+    .addColumn("encrypted_created_at", "json")
+    .addColumn("encrypted_last_modified_at", "json")
+    .addColumn("file_id", "integer", (col) => col.references("file.id"))
+    .addForeignKeyConstraint(
+      "upload_session_fk01",
+      ["user_id", "master_encryption_key_version"],
+      "master_encryption_key",
+      ["user_id", "version"],
+    )
+    .addForeignKeyConstraint(
+      "upload_session_fk02",
+      ["user_id", "hmac_secret_key_version"],
+      "hmac_secret_key",
+      ["user_id", "version"],
+    )
+    .addCheckConstraint(
+      "upload_session_ck01",
+      sql`length(bitmap) = ceil(total_chunks / 8.0)::integer`,
+    )
+    .addCheckConstraint("upload_session_ck02", sql`uploaded_chunks <= total_chunks`)
+    .execute();
+};
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const down = async (db: Kysely<any>) => {
+  await db.deleteFrom("file_log").where("action", "=", "migrate").execute();
+
+  await db.schema.dropTable("upload_session").execute();
+  await db.schema
+    .alterTable("thumbnail")
+    .alterColumn("encrypted_content_iv", (col) => col.setNotNull())
+    .execute();
+  await db.schema
+    .alterTable("file")
+    .alterColumn("encrypted_content_iv", (col) => col.setNotNull())
+    .execute();
+};

src/lib/server/db/migrations/1768643000-AddFavorites.ts

@@ -0,0 +1,31 @@
+import { Kysely } from "kysely";
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const up = async (db: Kysely<any>) => {
+  // directory.ts
+  await db.schema
+    .alterTable("directory")
+    .addColumn("is_favorite", "boolean", (col) => col.notNull().defaultTo(false))
+    .execute();
+
+  // file.ts
+  await db.schema
+    .alterTable("file")
+    .addColumn("is_favorite", "boolean", (col) => col.notNull().defaultTo(false))
+    .execute();
+};
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const down = async (db: Kysely<any>) => {
+  await db
+    .deleteFrom("file_log")
+    .where("action", "in", ["add-to-favorites", "remove-from-favorites"])
+    .execute();
+  await db
+    .deleteFrom("directory_log")
+    .where("action", "in", ["add-to-favorites", "remove-from-favorites"])
+    .execute();
+
+  await db.schema.alterTable("file").dropColumn("is_favorite").execute();
+  await db.schema.alterTable("directory").dropColumn("is_favorite").execute();
+};

src/lib/server/db/migrations/index.ts

@@ -1,9 +1,13 @@
 import * as Initial1737357000 from "./1737357000-Initial";
 import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory";
 import * as AddThumbnail1738409340 from "./1738409340-AddThumbnail";
+import * as AddChunkedUpload1768062380 from "./1768062380-AddChunkedUpload";
+import * as AddFavorites1768643000 from "./1768643000-AddFavorites";
 
 export default {
   "1737357000-Initial": Initial1737357000,
   "1737422340-AddFileCategory": AddFileCategory1737422340,
   "1738409340-AddThumbnail": AddThumbnail1738409340,
+  "1768062380-AddChunkedUpload": AddChunkedUpload1768062380,
+  "1768643000-AddFavorites": AddFavorites1768643000,
 };

src/lib/server/db/schema/category.ts

@@ -1,7 +1,7 @@
 import type { Generated } from "kysely";
-import type { Ciphertext } from "./util";
+import type { Ciphertext } from "./utils";
 
-interface CategoryTable {
+export interface CategoryTable {
   id: Generated<number>;
   parent_id: number | null;
   user_id: number;
@@ -11,7 +11,7 @@ interface CategoryTable {
   encrypted_name: Ciphertext;
 }
 
-interface CategoryLogTable {
+export interface CategoryLogTable {
   id: Generated<number>;
   category_id: number;
   timestamp: Date;

src/lib/server/db/schema/client.ts

@@ -1,6 +1,6 @@
 import type { ColumnType, Generated } from "kysely";
 
-interface ClientTable {
+export interface ClientTable {
   id: Generated<number>;
   encryption_public_key: string; // Base64
   signature_public_key: string; // Base64
@@ -8,13 +8,13 @@ interface ClientTable {
 
 export type UserClientState = "challenging" | "pending" | "active";
 
-interface UserClientTable {
+export interface UserClientTable {
   user_id: number;
   client_id: number;
   state: ColumnType<UserClientState, UserClientState | undefined>;
 }
 
-interface UserClientChallengeTable {
+export interface UserClientChallengeTable {
   id: Generated<number>;
   user_id: number;
   client_id: number;

src/lib/server/db/schema/directory.ts

@@ -0,0 +1,28 @@
+import type { ColumnType, Generated } from "kysely";
+import type { Ciphertext } from "./utils";
+
+export interface DirectoryTable {
+  id: Generated<number>;
+  parent_id: number | null;
+  user_id: number;
+  master_encryption_key_version: number;
+  encrypted_data_encryption_key: string; // Base64
+  data_encryption_key_version: Date;
+  encrypted_name: Ciphertext;
+  is_favorite: Generated<boolean>;
+}
+
+export interface DirectoryLogTable {
+  id: Generated<number>;
+  directory_id: number;
+  timestamp: ColumnType<Date, Date, never>;
+  action: "create" | "rename" | "add-to-favorites" | "remove-from-favorites";
+  new_name: Ciphertext | null;
+}
+
+declare module "./index" {
+  interface Database {
+    directory: DirectoryTable;
+    directory_log: DirectoryLogTable;
+  }
+}

src/lib/server/db/schema/file.ts

@@ -1,25 +1,7 @@
 import type { ColumnType, Generated } from "kysely";
-import type { Ciphertext } from "./util";
+import type { Ciphertext } from "./utils";
 
-interface DirectoryTable {
+export interface FileTable {
-  id: Generated<number>;
-  parent_id: number | null;
-  user_id: number;
-  master_encryption_key_version: number;
-  encrypted_data_encryption_key: string; // Base64
-  data_encryption_key_version: Date;
-  encrypted_name: Ciphertext;
-}
-
-interface DirectoryLogTable {
-  id: Generated<number>;
-  directory_id: number;
-  timestamp: ColumnType<Date, Date, never>;
-  action: "create" | "rename";
-  new_name: Ciphertext | null;
-}
-
-interface FileTable {
   id: Generated<number>;
   parent_id: number | null;
   user_id: number;
@@ -30,31 +12,37 @@ interface FileTable {
   hmac_secret_key_version: number | null;
   content_hmac: string | null; // Base64
   content_type: string;
-  encrypted_content_iv: string; // Base64
+  encrypted_content_iv: string | null; // Base64
   encrypted_content_hash: string; // Base64
   encrypted_name: Ciphertext;
   encrypted_created_at: Ciphertext | null;
   encrypted_last_modified_at: Ciphertext;
+  is_favorite: Generated<boolean>;
 }
 
-interface FileLogTable {
+export interface FileLogTable {
   id: Generated<number>;
   file_id: number;
   timestamp: ColumnType<Date, Date, never>;
-  action: "create" | "rename" | "add-to-category" | "remove-from-category";
+  action:
+    | "create"
+    | "rename"
+    | "migrate"
+    | "add-to-category"
+    | "remove-from-category"
+    | "add-to-favorites"
+    | "remove-from-favorites";
   new_name: Ciphertext | null;
   category_id: number | null;
 }
 
-interface FileCategoryTable {
+export interface FileCategoryTable {
   file_id: number;
   category_id: number;
 }
 
 declare module "./index" {
   interface Database {
-    directory: DirectoryTable;
-    directory_log: DirectoryLogTable;
     file: FileTable;
     file_log: FileLogTable;
     file_category: FileCategoryTable;

src/lib/server/db/schema/hsk.ts

@@ -2,7 +2,7 @@ import type { ColumnType, Generated } from "kysely";
 
 export type HskState = "active";
 
-interface HskTable {
+export interface HskTable {
   user_id: number;
   version: number;
   state: HskState;
@@ -10,7 +10,7 @@ interface HskTable {
   encrypted_key: string; // Base64
 }
 
-interface HskLogTable {
+export interface HskLogTable {
   id: Generated<number>;
   user_id: number;
   hmac_secret_key_version: number;

src/lib/server/db/schema/index.ts

@@ -1,12 +1,14 @@
 export * from "./category";
 export * from "./client";
+export * from "./directory";
 export * from "./file";
 export * from "./hsk";
 export * from "./media";
 export * from "./mek";
 export * from "./session";
+export * from "./upload";
 export * from "./user";
-export * from "./util";
+export * from "./utils";
 
 // eslint-disable-next-line @typescript-eslint/no-empty-object-type
 export interface Database {}

src/lib/server/db/schema/media.ts

@@ -1,13 +1,13 @@
 import type { Generated } from "kysely";
 
-interface ThumbnailTable {
+export interface ThumbnailTable {
   id: Generated<number>;
   directory_id: number | null;
   file_id: number | null;
   category_id: number | null;
   path: string;
   updated_at: Date;
-  encrypted_content_iv: string; // Base64
+  encrypted_content_iv: string | null; // Base64
 }
 
 declare module "./index" {

src/lib/server/db/schema/mek.ts

@@ -2,13 +2,13 @@ import type { ColumnType, Generated } from "kysely";
 
 export type MekState = "active" | "retired" | "dead";
 
-interface MekTable {
+export interface MekTable {
   user_id: number;
   version: number;
   state: MekState;
 }
 
-interface MekLogTable {
+export interface MekLogTable {
   id: Generated<number>;
   user_id: number;
   master_encryption_key_version: number;
@@ -17,7 +17,7 @@ interface MekLogTable {
   action_by: number | null;
 }
 
-interface ClientMekTable {
+export interface ClientMekTable {
   user_id: number;
   client_id: number;
   version: number;

src/lib/server/db/schema/session.ts

@@ -1,6 +1,6 @@
 import type { ColumnType, Generated } from "kysely";
 
-interface SessionTable {
+export interface SessionTable {
   id: string;
   user_id: number;
   client_id: number | null;
@@ -10,7 +10,7 @@ interface SessionTable {
   last_used_by_agent: string | null;
 }
 
-interface SessionUpgradeChallengeTable {
+export interface SessionUpgradeChallengeTable {
   id: Generated<number>;
   session_id: string;
   client_id: number;

src/lib/server/db/schema/upload.ts

@@ -0,0 +1,30 @@
+import type { Generated } from "kysely";
+import type { Ciphertext } from "./utils";
+
+export interface UploadSessionTable {
+  id: string;
+  type: "file" | "thumbnail" | "migration";
+  user_id: number;
+  path: string;
+  bitmap: Buffer;
+  total_chunks: number;
+  uploaded_chunks: Generated<number>;
+  expires_at: Date;
+
+  parent_id: number | null;
+  master_encryption_key_version: number | null;
+  encrypted_data_encryption_key: string | null; // Base64
+  data_encryption_key_version: Date | null;
+  hmac_secret_key_version: number | null;
+  content_type: string | null;
+  encrypted_name: Ciphertext | null;
+  encrypted_created_at: Ciphertext | null;
+  encrypted_last_modified_at: Ciphertext | null;
+  file_id: number | null;
+}
+
+declare module "./index" {
+  interface Database {
+    upload_session: UploadSessionTable;
+  }
+}

src/lib/server/db/schema/user.ts

@@ -1,6 +1,6 @@
 import type { Generated } from "kysely";
 
-interface UserTable {
+export interface UserTable {
   id: Generated<number>;
   email: string;
   nickname: string;

src/lib/server/db/upload.ts

@@ -0,0 +1,192 @@
+import { sql } from "kysely";
+import { IntegrityError } from "./error";
+import db from "./kysely";
+import type { Ciphertext } from "./schema";
+
+interface BaseUploadSession {
+  id: string;
+  userId: number;
+  path: string;
+  bitmap: Buffer;
+  totalChunks: number;
+  uploadedChunks: number;
+  expiresAt: Date;
+}
+
+interface FileUploadSession extends BaseUploadSession {
+  type: "file";
+  parentId: DirectoryId;
+  mekVersion: number;
+  encDek: string;
+  dekVersion: Date;
+  hskVersion: number | null;
+  contentType: string;
+  encName: Ciphertext;
+  encCreatedAt: Ciphertext | null;
+  encLastModifiedAt: Ciphertext;
+}
+
+interface ThumbnailOrMigrationUploadSession extends BaseUploadSession {
+  type: "thumbnail" | "migration";
+  fileId: number;
+  dekVersion: Date;
+}
+
+export const createFileUploadSession = async (
+  params: Omit<FileUploadSession, "type" | "bitmap" | "uploadedChunks">,
+) => {
+  await db.transaction().execute(async (trx) => {
+    const mek = await trx
+      .selectFrom("master_encryption_key")
+      .select("version")
+      .where("user_id", "=", params.userId)
+      .where("state", "=", "active")
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (mek?.version !== params.mekVersion) {
+      throw new IntegrityError("Inactive MEK version");
+    }
+
+    if (params.hskVersion) {
+      const hsk = await trx
+        .selectFrom("hmac_secret_key")
+        .select("version")
+        .where("user_id", "=", params.userId)
+        .where("state", "=", "active")
+        .limit(1)
+        .forUpdate()
+        .executeTakeFirst();
+      if (hsk?.version !== params.hskVersion) {
+        throw new IntegrityError("Inactive HSK version");
+      }
+    }
+
+    await trx
+      .insertInto("upload_session")
+      .values({
+        id: params.id,
+        type: "file",
+        user_id: params.userId,
+        path: params.path,
+        bitmap: Buffer.alloc(Math.ceil(params.totalChunks / 8)),
+        total_chunks: params.totalChunks,
+        expires_at: params.expiresAt,
+        parent_id: params.parentId !== "root" ? params.parentId : null,
+        master_encryption_key_version: params.mekVersion,
+        encrypted_data_encryption_key: params.encDek,
+        data_encryption_key_version: params.dekVersion,
+        hmac_secret_key_version: params.hskVersion,
+        content_type: params.contentType,
+        encrypted_name: params.encName,
+        encrypted_created_at: params.encCreatedAt,
+        encrypted_last_modified_at: params.encLastModifiedAt,
+      })
+      .execute();
+  });
+};
+
+export const createThumbnailOrMigrationUploadSession = async (
+  params: Omit<ThumbnailOrMigrationUploadSession, "bitmap" | "uploadedChunks">,
+) => {
+  await db.transaction().execute(async (trx) => {
+    const file = await trx
+      .selectFrom("file")
+      .select("data_encryption_key_version")
+      .where("id", "=", params.fileId)
+      .where("user_id", "=", params.userId)
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (!file) {
+      throw new IntegrityError("File not found");
+    } else if (file.data_encryption_key_version.getTime() !== params.dekVersion.getTime()) {
+      throw new IntegrityError("Invalid DEK version");
+    }
+
+    await trx
+      .insertInto("upload_session")
+      .values({
+        id: params.id,
+        type: params.type,
+        user_id: params.userId,
+        path: params.path,
+        bitmap: Buffer.alloc(Math.ceil(params.totalChunks / 8)),
+        total_chunks: params.totalChunks,
+        expires_at: params.expiresAt,
+        file_id: params.fileId,
+        data_encryption_key_version: params.dekVersion,
+      })
+      .execute();
+  });
+};
+
+export const getUploadSession = async (sessionId: string, userId: number) => {
+  const session = await db
+    .selectFrom("upload_session")
+    .selectAll()
+    .where("id", "=", sessionId)
+    .where("user_id", "=", userId)
+    .where("expires_at", ">", new Date())
+    .limit(1)
+    .executeTakeFirst();
+  if (!session) {
+    return null;
+  } else if (session.type === "file") {
+    return {
+      type: "file",
+      id: session.id,
+      userId: session.user_id,
+      path: session.path,
+      bitmap: session.bitmap,
+      totalChunks: session.total_chunks,
+      uploadedChunks: session.uploaded_chunks,
+      expiresAt: session.expires_at,
+      parentId: session.parent_id ?? "root",
+      mekVersion: session.master_encryption_key_version!,
+      encDek: session.encrypted_data_encryption_key!,
+      dekVersion: session.data_encryption_key_version!,
+      hskVersion: session.hmac_secret_key_version,
+      contentType: session.content_type!,
+      encName: session.encrypted_name!,
+      encCreatedAt: session.encrypted_created_at,
+      encLastModifiedAt: session.encrypted_last_modified_at!,
+    } satisfies FileUploadSession;
+  } else {
+    return {
+      type: session.type,
+      id: session.id,
+      userId: session.user_id,
+      path: session.path,
+      bitmap: session.bitmap,
+      totalChunks: session.total_chunks,
+      uploadedChunks: session.uploaded_chunks,
+      expiresAt: session.expires_at,
+      fileId: session.file_id!,
+      dekVersion: session.data_encryption_key_version!,
+    } satisfies ThumbnailOrMigrationUploadSession;
+  }
+};
+
+export const markChunkAsUploaded = async (sessionId: string, chunkIndex: number) => {
+  await db
+    .updateTable("upload_session")
+    .set({
+      bitmap: sql`set_bit(${sql.ref("bitmap")}, ${chunkIndex - 1}, 1)`,
+    })
+    .where("id", "=", sessionId)
+    .execute();
+};
+
+export const deleteUploadSession = async (trx: typeof db, sessionId: string) => {
+  await trx.deleteFrom("upload_session").where("id", "=", sessionId).execute();
+};
+
+export const cleanupExpiredUploadSessions = async () => {
+  const sessions = await db
+    .deleteFrom("upload_session")
+    .where("expires_at", "<=", new Date())
+    .returning("path")
+    .execute();
+  return sessions.map(({ path }) => path);
+};

src/lib/server/db/user.ts

@@ -27,10 +27,6 @@ export const getUserByEmail = async (email: string) => {
   return user ? (user satisfies User) : null;
 };
 
-export const setUserNickname = async (userId: number, nickname: string) => {
-  await db.updateTable("user").set({ nickname }).where("id", "=", userId).execute();
-};
-
 export const setUserPassword = async (userId: number, password: string) => {
   await db.updateTable("user").set({ password }).where("id", "=", userId).execute();
 };

src/lib/server/loadenv.ts

@@ -26,4 +26,5 @@ export default {
   },
   libraryPath: env.LIBRARY_PATH || "library",
   thumbnailsPath: env.THUMBNAILS_PATH || "thumbnails",
+  uploadsPath: env.UPLOADS_PATH || "uploads",
 };

src/lib/server/middlewares/authenticate.ts

@@ -1,13 +1,7 @@
 import { error, redirect, type Handle } from "@sveltejs/kit";
-import env from "$lib/server/loadenv";
+import { cookieOptions, authenticate, AuthenticationError } from "$lib/server/modules/auth";
-import { authenticate, AuthenticationError } from "$lib/server/modules/auth";
 
 export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
-  const { pathname, search } = event.url;
-  if (pathname === "/api/auth/login") {
-    return await resolve(event);
-  }
-
   try {
     const sessionIdSigned = event.cookies.get("sessionId");
     if (!sessionIdSigned) {
@@ -16,15 +10,11 @@ export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
 
     const { ip, userAgent } = event.locals;
     event.locals.session = await authenticate(sessionIdSigned, ip, userAgent);
-    event.cookies.set("sessionId", sessionIdSigned, {
+    event.cookies.set("sessionId", sessionIdSigned, cookieOptions);
-      path: "/",
-      maxAge: env.session.exp / 1000,
-      secure: true,
-      sameSite: "strict",
-    });
   } catch (e) {
     if (e instanceof AuthenticationError) {
-      if (pathname === "/auth/login") {
+      const { pathname, search } = event.url;
+      if (pathname === "/auth/login" || pathname.startsWith("/api/trpc")) {
         return await resolve(event);
       } else if (pathname.startsWith("/api")) {
         error(e.status, e.message);

src/lib/server/modules/auth.ts

@@ -1,20 +1,25 @@
 import { error } from "@sveltejs/kit";
-import { getUserClient } from "$lib/server/db/client";
+import { ClientRepo, SessionRepo, IntegrityError } from "$lib/server/db";
-import { IntegrityError } from "$lib/server/db/error";
-import { createSession, refreshSession } from "$lib/server/db/session";
 import env from "$lib/server/loadenv";
-import { issueSessionId, verifySessionId } from "$lib/server/modules/crypto";
+import { verifySessionId } from "$lib/server/modules/crypto";
 
-interface Session {
+export interface Session {
   sessionId: string;
   userId: number;
   clientId?: number;
 }
 
-interface ClientSession extends Session {
+export interface ClientSession extends Session {
   clientId: number;
 }
 
+export type SessionPermission =
+  | "any"
+  | "notClient"
+  | "anyClient"
+  | "pendingClient"
+  | "activeClient";
+
 export class AuthenticationError extends Error {
   constructor(
     public status: 400 | 401,
@@ -25,11 +30,22 @@ export class AuthenticationError extends Error {
   }
 }
 
-export const startSession = async (userId: number, ip: string, userAgent: string) => {
+export class AuthorizationError extends Error {
-  const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
+  constructor(
-  await createSession(userId, sessionId, ip, userAgent);
+    public status: 403 | 500,
-  return sessionIdSigned;
+    message: string,
-};
+  ) {
+    super(message);
+    this.name = "AuthorizationError";
+  }
+}
+
+export const cookieOptions = {
+  path: "/",
+  maxAge: env.session.exp / 1000,
+  secure: true,
+  sameSite: "strict",
+} as const;
 
 export const authenticate = async (sessionIdSigned: string, ip: string, userAgent: string) => {
   const sessionId = verifySessionId(sessionIdSigned, env.session.secret);
@@ -38,7 +54,7 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
   }
 
   try {
-    const { userId, clientId } = await refreshSession(sessionId, ip, userAgent);
+    const { userId, clientId } = await SessionRepo.refreshSession(sessionId, ip, userAgent);
     return {
       id: sessionId,
       userId,
@@ -52,34 +68,12 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
   }
 };
 
-export async function authorize(locals: App.Locals, requiredPermission: "any"): Promise<Session>;
+export const authorizeInternal = async (
-
-export async function authorize(
   locals: App.Locals,
-  requiredPermission: "notClient",
+  requiredPermission: SessionPermission,
-): Promise<Session>;
+): Promise<Session> => {
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "anyClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "pendingClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "activeClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "any" | "notClient" | "anyClient" | "pendingClient" | "activeClient",
-): Promise<Session> {
   if (!locals.session) {
-    error(500, "Unauthenticated");
+    throw new AuthorizationError(500, "Unauthenticated");
   }
 
   const { id: sessionId, userId, clientId } = locals.session;
@@ -89,39 +83,63 @@ export async function authorize(
       break;
     case "notClient":
       if (clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     case "anyClient":
       if (!clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     case "pendingClient": {
       if (!clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
-      const userClient = await getUserClient(userId, clientId);
+      const userClient = await ClientRepo.getUserClient(userId, clientId);
       if (!userClient) {
-        error(500, "Invalid session id");
+        throw new AuthorizationError(500, "Invalid session id");
       } else if (userClient.state !== "pending") {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     }
     case "activeClient": {
       if (!clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
-      const userClient = await getUserClient(userId, clientId);
+      const userClient = await ClientRepo.getUserClient(userId, clientId);
       if (!userClient) {
-        error(500, "Invalid session id");
+        throw new AuthorizationError(500, "Invalid session id");
       } else if (userClient.state !== "active") {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     }
   }
 
   return { sessionId, userId, clientId };
+};
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "any" | "notClient",
+): Promise<Session>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "anyClient" | "pendingClient" | "activeClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: SessionPermission,
+): Promise<Session> {
+  try {
+    return await authorizeInternal(locals, requiredPermission);
+  } catch (e) {
+    if (e instanceof AuthorizationError) {
+      error(e.status, e.message);
+    }
+    throw e;
+  }
 }

src/lib/server/modules/filesystem.ts

@@ -0,0 +1,13 @@
+import { rm, unlink } from "fs/promises";
+
+export const safeRecursiveRm = async (path: string | null | undefined) => {
+  if (path) {
+    await rm(path, { recursive: true }).catch(console.error);
+  }
+};
+
+export const safeUnlink = async (path: string | null | undefined) => {
+  if (path) {
+    await unlink(path).catch(console.error);
+  }
+};

src/lib/server/modules/mek.ts

@@ -1,25 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { getUserClientWithDetails } from "$lib/server/db/client";
-import { getInitialMek } from "$lib/server/db/mek";
-import { verifySignature } from "$lib/server/modules/crypto";
-
-export const isInitialMekNeeded = async (userId: number) => {
-  const initialMek = await getInitialMek(userId);
-  return !initialMek;
-};
-
-export const verifyClientEncMekSig = async (
-  userId: number,
-  clientId: number,
-  version: number,
-  encMek: string,
-  encMekSig: string,
-) => {
-  const userClient = await getUserClientWithDetails(userId, clientId);
-  if (!userClient) {
-    error(500, "Invalid session id");
-  }
-
-  const data = JSON.stringify({ version, key: encMek });
-  return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey);
-};