카테고리 페이지에서의 네트워크 호출 최적화

tRPC 도입

.dockerignore

@@ -1,5 +1,6 @@
 .git
 node_modules
+/Makefile
 
 # Output
 .output
@@ -10,13 +11,15 @@ node_modules
 /build
 /data
 /library
+/thumbnails
 
 # OS
 .DS_Store
 Thumbs.db
 
-# VSCode
+# Editors
 /.vscode
+/.idea
 
 # Env
 .env

.env.example

@@ -11,3 +11,4 @@ SESSION_EXPIRES=
 USER_CLIENT_CHALLENGE_EXPIRES=
 SESSION_UPGRADE_CHALLENGE_EXPIRES=
 LIBRARY_PATH=
+THUMBNAILS_PATH=

.gitignore

@@ -9,13 +9,15 @@ node_modules
 /build
 /data
 /library
+/thumbnails
 
 # OS
 .DS_Store
 Thumbs.db
 
-# VSCode
+# Editors
 /.vscode
+/.idea
 
 # Env
 .env

Dockerfile

@@ -2,11 +2,7 @@
 FROM node:22-alpine AS base
 WORKDIR /app
 
-RUN apk add --no-cache bash curl && \
+RUN npm install -g pnpm@10
-    curl -o /usr/local/bin/wait-for-it https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh && \
-    chmod +x /usr/local/bin/wait-for-it
-
-RUN npm install -g pnpm@9
 COPY pnpm-lock.yaml .
 
 # Build Stage
@@ -29,4 +25,4 @@ COPY --from=build /app/build ./build
 
 EXPOSE 3000
 ENV BODY_SIZE_LIMIT=Infinity
-CMD ["bash", "-c", "wait-for-it ${DATABASE_HOST:-localhost}:${DATABASE_PORT:-5432} -- node ./build/index.js"]
+CMD ["node", "./build/index.js"]

docker-compose.dev.yaml

@@ -1,7 +1,7 @@
 services:
   database:
-    image: postgres:17.2
+    image: postgres:17
-    restart: on-failure
+    restart: always
     volumes:
       - database:/var/lib/postgresql/data
     environment:

docker-compose.yaml

@@ -1,12 +1,14 @@
 services:
   server:
     build: .
-    restart: on-failure
+    restart: unless-stopped
     depends_on:
-      - database
+      database:
+        condition: service_healthy
     user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
     volumes:
       - ./data/library:/app/data/library
+      - ./data/thumbnails:/app/data/thumbnails
     environment:
       # ArkVault
       - DATABASE_HOST=database
@@ -17,6 +19,7 @@ services:
       - USER_CLIENT_CHALLENGE_EXPIRES
       - SESSION_UPGRADE_CHALLENGE_EXPIRES
       - LIBRARY_PATH=/app/data/library
+      - THUMBNAILS_PATH=/app/data/thumbnails
       # SvelteKit
       - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
       - XFF_DEPTH=${TRUST_PROXY:-}
@@ -25,11 +28,16 @@ services:
       - ${PORT:-80}:3000
 
   database:
-    image: postgres:17.2-alpine
+    image: postgres:17-alpine
-    restart: on-failure
+    restart: unless-stopped
     user: ${CONTAINER_UID:-0}:${CONTAINER_GID:-0}
     volumes:
       - ./data/database:/var/lib/postgresql/data
     environment:
       - POSTGRES_USER=arkvault
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD:?}
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5

eslint.config.js

@@ -1,21 +1,24 @@
-import prettier from "eslint-config-prettier";
-import js from "@eslint/js";
 import { includeIgnoreFile } from "@eslint/compat";
+import js from "@eslint/js";
+import { defineConfig } from "eslint/config";
+import prettier from "eslint-config-prettier";
 import svelte from "eslint-plugin-svelte";
 import tailwind from "eslint-plugin-tailwindcss";
 import globals from "globals";
-import { fileURLToPath } from "node:url";
 import ts from "typescript-eslint";
+import { fileURLToPath } from "url";
+import svelteConfig from "./svelte.config.js";
+
 const gitignorePath = fileURLToPath(new URL("./.gitignore", import.meta.url));
 
-export default ts.config(
+export default defineConfig(
   includeIgnoreFile(gitignorePath),
   js.configs.recommended,
   ...ts.configs.recommended,
-  ...svelte.configs["flat/recommended"],
+  ...svelte.configs.recommended,
   ...tailwind.configs["flat/recommended"],
   prettier,
-  ...svelte.configs["flat/prettier"],
+  ...svelte.configs.prettier,
   {
     languageOptions: {
       globals: {
@@ -23,13 +26,18 @@ export default ts.config(
         ...globals.node,
       },
     },
+    rules: {
+      "no-undef": "off",
+    },
   },
   {
-    files: ["**/*.svelte"],
+    files: ["**/*.svelte", "**/*.svelte.ts", "**/*.svelte.js"],
-
     languageOptions: {
       parserOptions: {
+        projectService: true,
+        extraFileExtensions: [".svelte"],
         parser: ts.parser,
+        svelteConfig,
       },
     },
   },

package.json

@@ -1,7 +1,7 @@
 {
   "name": "arkvault",
   "private": true,
-  "version": "0.4.0",
+  "version": "0.6.0",
   "type": "module",
   "scripts": {
     "dev": "vite dev",
@@ -16,52 +16,57 @@
     "db:migrate": "kysely migrate"
   },
   "devDependencies": {
-    "@eslint/compat": "^1.2.4",
+    "@eslint/compat": "^2.0.0",
-    "@iconify-json/material-symbols": "^1.2.12",
+    "@iconify-json/material-symbols": "^1.2.50",
-    "@sveltejs/adapter-node": "^5.2.11",
+    "@sveltejs/adapter-node": "^5.4.0",
-    "@sveltejs/kit": "^2.15.2",
+    "@sveltejs/kit": "^2.49.2",
-    "@sveltejs/vite-plugin-svelte": "^4.0.4",
+    "@sveltejs/vite-plugin-svelte": "^6.2.1",
+    "@tanstack/svelte-virtual": "^3.13.13",
+    "@trpc/client": "^11.8.1",
     "@types/file-saver": "^2.0.7",
     "@types/ms": "^0.7.34",
-    "@types/node-schedule": "^2.1.7",
+    "@types/node-schedule": "^2.1.8",
-    "@types/pg": "^8.11.10",
+    "@types/pg": "^8.16.0",
-    "autoprefixer": "^10.4.20",
+    "autoprefixer": "^10.4.23",
-    "axios": "^1.7.9",
+    "axios": "^1.13.2",
-    "dexie": "^4.0.10",
+    "dexie": "^4.2.1",
-    "eslint": "^9.17.0",
+    "eslint": "^9.39.2",
-    "eslint-config-prettier": "^9.1.0",
+    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-svelte": "^2.46.1",
+    "eslint-plugin-svelte": "^3.13.1",
-    "eslint-plugin-tailwindcss": "^3.17.5",
+    "eslint-plugin-tailwindcss": "^3.18.2",
-    "exifreader": "^4.26.0",
+    "exifreader": "^4.33.1",
     "file-saver": "^2.0.5",
-    "globals": "^15.14.0",
+    "globals": "^16.5.0",
     "heic2any": "^0.0.4",
-    "kysely-ctl": "^0.10.1",
+    "kysely-ctl": "^0.19.0",
-    "mime": "^4.0.6",
+    "lru-cache": "^11.2.4",
-    "p-limit": "^6.2.0",
+    "mime": "^4.1.0",
-    "prettier": "^3.4.2",
+    "p-limit": "^7.2.0",
-    "prettier-plugin-svelte": "^3.3.2",
+    "prettier": "^3.7.4",
-    "prettier-plugin-tailwindcss": "^0.6.9",
+    "prettier-plugin-svelte": "^3.4.1",
-    "svelte": "^5.19.1",
+    "prettier-plugin-tailwindcss": "^0.7.2",
-    "svelte-check": "^4.1.3",
+    "svelte": "^5.46.1",
-    "tailwindcss": "^3.4.17",
+    "svelte-check": "^4.3.5",
-    "typescript": "^5.7.3",
+    "tailwindcss": "^3.4.19",
-    "typescript-eslint": "^8.19.1",
+    "typescript": "^5.9.3",
-    "unplugin-icons": "^0.22.0",
+    "typescript-eslint": "^8.50.1",
-    "vite": "^5.4.11"
+    "unplugin-icons": "^22.5.0",
+    "vite": "^7.3.0"
   },
   "dependencies": {
-    "@fastify/busboy": "^3.1.1",
+    "@fastify/busboy": "^3.2.0",
-    "argon2": "^0.41.1",
+    "@trpc/server": "^11.8.1",
-    "kysely": "^0.27.5",
+    "argon2": "^0.44.0",
+    "kysely": "^0.28.9",
     "ms": "^2.1.3",
     "node-schedule": "^2.1.1",
-    "pg": "^8.13.1",
+    "pg": "^8.16.3",
-    "uuid": "^11.0.4",
+    "superjson": "^2.2.6",
-    "zod": "^3.24.1"
+    "uuid": "^13.0.0",
+    "zod": "^4.2.1"
   },
   "engines": {
     "node": "^22.0.0",
-    "pnpm": "^9.0.0"
+    "pnpm": "^10.0.0"
   }
 }

src/hooks.client.ts

@@ -4,6 +4,15 @@ import { prepareFileCache } from "$lib/modules/file";
 import { prepareOpfs } from "$lib/modules/opfs";
 import { clientKeyStore, masterKeyStore, hmacSecretStore } from "$lib/stores";
 
+const requestPersistentStorage = async () => {
+  const isPersistent = await navigator.storage.persist();
+  if (isPersistent) {
+    console.log("[ArkVault] Persistent storage granted.");
+  } else {
+    console.warn("[ArkVault] Persistent storage not granted.");
+  }
+};
+
 const prepareClientKeyStore = async () => {
   const [encryptKey, decryptKey, signKey, verifyKey] = await Promise.all([
     getClientKey("encrypt"),
@@ -32,6 +41,7 @@ const prepareHmacSecretStore = async () => {
 
 export const init: ClientInit = async () => {
   await Promise.all([
+    requestPersistentStorage(),
     prepareFileCache(),
     prepareClientKeyStore(),
     prepareMasterKeyStore(),

src/lib/components/atoms/RowVirtualizer.svelte

@@ -0,0 +1,58 @@
+<script lang="ts">
+  import { createWindowVirtualizer } from "@tanstack/svelte-virtual";
+  import type { Snippet } from "svelte";
+  import type { ClassValue } from "svelte/elements";
+
+  interface Props {
+    class?: ClassValue;
+    count: number;
+    item: Snippet<[index: number]>;
+    itemHeight: (index: number) => number;
+    placeholder?: Snippet;
+  }
+
+  let { class: className, count, item, itemHeight, placeholder }: Props = $props();
+
+  let element: HTMLElement | undefined = $state();
+  let scrollMargin = $state(0);
+
+  let virtualizer = $derived(
+    createWindowVirtualizer({
+      count,
+      estimateSize: itemHeight,
+      scrollMargin,
+    }),
+  );
+
+  const measureItem = (node: HTMLElement) => {
+    $effect(() => $virtualizer.measureElement(node));
+  };
+
+  $effect(() => {
+    if (!element) return;
+
+    const observer = new ResizeObserver(() => {
+      scrollMargin = element!.getBoundingClientRect().top + window.scrollY;
+    });
+    observer.observe(element.parentElement!);
+    return () => observer.disconnect();
+  });
+</script>
+
+<div bind:this={element} class={["relative", className]}>
+  <div style:height="{$virtualizer.getTotalSize()}px">
+    {#each $virtualizer.getVirtualItems() as virtualItem (virtualItem.key)}
+      <div
+        class="absolute left-0 top-0 w-full"
+        style:transform="translateY({virtualItem.start - scrollMargin}px)"
+        data-index={virtualItem.index}
+        use:measureItem
+      >
+        {@render item(virtualItem.index)}
+      </div>
+    {/each}
+  </div>
+  {#if placeholder && $virtualizer.getVirtualItems().length === 0}
+    {@render placeholder()}
+  {/if}
+</div>

src/lib/components/atoms/buttons/FileThumbnailButton.svelte

@@ -0,0 +1,42 @@
+<script lang="ts">
+  import type { Writable } from "svelte/store";
+  import type { FileInfo } from "$lib/modules/filesystem";
+  import { requestFileThumbnailDownload } from "$lib/services/file";
+
+  interface Props {
+    info: Writable<FileInfo | null>;
+    onclick?: (file: FileInfo) => void;
+  }
+
+  let { info, onclick }: Props = $props();
+
+  let thumbnail: string | undefined = $state();
+
+  $effect(() => {
+    if ($info) {
+      requestFileThumbnailDownload($info.id, $info.dataKey)
+        .then((thumbnailUrl) => {
+          thumbnail = thumbnailUrl ?? undefined;
+        })
+        .catch(() => {
+          // TODO: Error Handling
+          thumbnail = undefined;
+        });
+    } else {
+      thumbnail = undefined;
+    }
+  });
+</script>
+
+{#if $info}
+  <button
+    onclick={() => onclick?.($info)}
+    class="aspect-square overflow-hidden rounded transition active:scale-95 active:brightness-90"
+  >
+    {#if thumbnail}
+      <img src={thumbnail} alt={$info.name} class="h-full w-full object-cover" />
+    {:else}
+      <div class="h-full w-full bg-gray-100"></div>
+    {/if}
+  </button>
+{/if}

src/lib/components/atoms/buttons/index.ts

@@ -1,5 +1,6 @@
 export { default as ActionEntryButton } from "./ActionEntryButton.svelte";
 export { default as Button } from "./Button.svelte";
 export { default as EntryButton } from "./EntryButton.svelte";
+export { default as FileThumbnailButton } from "./FileThumbnailButton.svelte";
 export { default as FloatingButton } from "./FloatingButton.svelte";
 export { default as TextButton } from "./TextButton.svelte";

src/lib/components/atoms/divs/FullscreenDiv.svelte

@@ -1,7 +1,15 @@
 <script lang="ts">
-  let { children } = $props();
+  import type { Snippet } from "svelte";
+  import type { ClassValue } from "svelte/elements";
+
+  interface Props {
+    children: Snippet;
+    class?: ClassValue;
+  }
+
+  let { children, class: className }: Props = $props();
 </script>
 
-<div class="flex flex-grow flex-col justify-between px-4">
+<div class={["flex flex-grow flex-col justify-between px-4", className]}>
   {@render children()}
 </div>

src/lib/components/atoms/index.ts

@@ -3,3 +3,4 @@ export * from "./buttons";
 export * from "./divs";
 export * from "./inputs";
 export { default as Modal } from "./Modal.svelte";
+export { default as RowVirtualizer } from "./RowVirtualizer.svelte";

src/lib/components/molecules/ActionModal.svelte

@@ -12,6 +12,7 @@
     confirmText: string;
     isOpen: boolean;
     onbeforeclose?: () => void;
+    oncancel?: () => void;
     onConfirmClick: ConfirmHandler;
     title: string;
   }
@@ -22,6 +23,7 @@
     confirmText,
     isOpen = $bindable(),
     onbeforeclose,
+    oncancel,
     onConfirmClick,
     title,
   }: Props = $props();
@@ -31,6 +33,11 @@
     isOpen = false;
   };
 
+  const cancelAction = () => {
+    oncancel?.();
+    closeModal();
+  };
+
   const confirmAction = async () => {
     if ((await onConfirmClick()) !== false) {
       closeModal();
@@ -38,13 +45,13 @@
   };
 </script>
 
-<Modal bind:isOpen onclose={closeModal} class="space-y-4">
+<Modal bind:isOpen onclose={cancelAction} class="space-y-4">
   <div class="flex flex-col gap-y-2 break-keep">
     <p class="text-xl font-bold">{title}</p>
     {@render children()}
   </div>
   <div class="flex gap-x-2">
-    <Button color="gray" onclick={closeModal} class="flex-1">{cancelText}</Button>
+    <Button color="gray" onclick={cancelAction} class="flex-1">{cancelText}</Button>
     <Button onclick={confirmAction} class="flex-1">{confirmText}</Button>
   </div>
 </Modal>

src/lib/components/molecules/Categories/Categories.svelte

@@ -1,59 +1,29 @@
 <script lang="ts">
-  import { untrack, type Component } from "svelte";
+  import type { Component } from "svelte";
   import type { SvelteHTMLElements } from "svelte/elements";
-  import { get, type Writable } from "svelte/store";
+  import type { SubCategoryInfo } from "$lib/modules/filesystem2.svelte";
-  import type { CategoryInfo } from "$lib/modules/filesystem";
+  import { SortBy, sortEntries } from "$lib/utils";
-  import { SortBy, sortEntries } from "$lib/modules/util";
   import Category from "./Category.svelte";
   import type { SelectedCategory } from "./service";
 
   interface Props {
-    categories: Writable<CategoryInfo | null>[];
+    categories: SubCategoryInfo[];
     categoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
     onCategoryClick: (category: SelectedCategory) => void;
     onCategoryMenuClick?: (category: SelectedCategory) => void;
     sortBy?: SortBy;
   }
 
-  let {
+  let { categories, categoryMenuIcon, onCategoryClick, onCategoryMenuClick }: Props = $props();
-    categories,
-    categoryMenuIcon,
-    onCategoryClick,
-    onCategoryMenuClick,
-    sortBy = SortBy.NAME_ASC,
-  }: Props = $props();
 
-  let categoriesWithName: { name?: string; info: Writable<CategoryInfo | null> }[] = $state([]);
+  let categoriesWithName = $derived(sortEntries(structuredClone($state.snapshot(categories))));
-
-  $effect(() => {
-    categoriesWithName = categories.map((category) => ({
-      name: get(category)?.name,
-      info: category,
-    }));
-
-    const sort = () => {
-      sortEntries(categoriesWithName, sortBy);
-    };
-    return untrack(() => {
-      sort();
-
-      const unsubscribes = categoriesWithName.map((category) =>
-        category.info.subscribe((value) => {
-          if (category.name === value?.name) return;
-          category.name = value?.name;
-          sort();
-        }),
-      );
-      return () => unsubscribes.forEach((unsubscribe) => unsubscribe());
-    });
-  });
 </script>
 
 {#if categoriesWithName.length > 0}
   <div class="space-y-1">
-    {#each categoriesWithName as { info }}
+    {#each categoriesWithName as category}
       <Category
-        {info}
+        info={category}
         menuIcon={categoryMenuIcon}
         onclick={onCategoryClick}
         onMenuClick={onCategoryMenuClick}

src/lib/components/molecules/Categories/Category.svelte

@@ -1,43 +1,26 @@
 <script lang="ts">
   import type { Component } from "svelte";
   import type { SvelteHTMLElements } from "svelte/elements";
-  import type { Writable } from "svelte/store";
   import { ActionEntryButton } from "$lib/components/atoms";
   import { CategoryLabel } from "$lib/components/molecules";
-  import type { CategoryInfo } from "$lib/modules/filesystem";
+  import type { SubCategoryInfo } from "$lib/modules/filesystem2.svelte";
   import type { SelectedCategory } from "./service";
 
   interface Props {
-    info: Writable<CategoryInfo | null>;
+    info: SubCategoryInfo;
     menuIcon?: Component<SvelteHTMLElements["svg"]>;
     onclick: (category: SelectedCategory) => void;
     onMenuClick?: (category: SelectedCategory) => void;
   }
 
   let { info, menuIcon, onclick, onMenuClick }: Props = $props();
-
-  const openCategory = () => {
-    const { id, dataKey, dataKeyVersion, name } = $info as CategoryInfo;
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
-
-    onclick({ id, dataKey, dataKeyVersion, name });
-  };
-
-  const openMenu = () => {
-    const { id, dataKey, dataKeyVersion, name } = $info as CategoryInfo;
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
-
-    onMenuClick!({ id, dataKey, dataKeyVersion, name });
-  };
 </script>
 
-{#if $info}
 <ActionEntryButton
   class="h-12"
-    onclick={openCategory}
+  onclick={() => onclick(info)}
   actionButtonIcon={menuIcon}
-    onActionButtonClick={openMenu}
+  onActionButtonClick={() => onMenuClick?.(info)}
 >
-    <CategoryLabel name={$info.name!} />
+  <CategoryLabel name={info.name} />
 </ActionEntryButton>
-{/if}

src/lib/components/molecules/Categories/service.ts

@@ -1,6 +1,5 @@
 export interface SelectedCategory {
   id: number;
-  dataKey: CryptoKey;
+  dataKey?: { key: CryptoKey; version: Date };
-  dataKeyVersion: Date;
   name: string;
 }

src/lib/components/molecules/SubCategories.svelte

@@ -1,10 +1,8 @@
 <script lang="ts">
   import type { Component } from "svelte";
   import type { ClassValue, SvelteHTMLElements } from "svelte/elements";
-  import type { Writable } from "svelte/store";
   import { Categories, IconEntryButton, type SelectedCategory } from "$lib/components/molecules";
-  import { getCategoryInfo, type CategoryInfo } from "$lib/modules/filesystem";
+  import type { CategoryInfo } from "$lib/modules/filesystem2.svelte";
-  import { masterKeyStore } from "$lib/stores";
 
   import IconAddCircle from "~icons/material-symbols/add-circle";
 
@@ -27,14 +25,6 @@
     subCategoryCreatePosition = "bottom",
     subCategoryMenuIcon,
   }: Props = $props();
-
-  let subCategories: Writable<CategoryInfo | null>[] = $state([]);
-
-  $effect(() => {
-    subCategories = info.subCategoryIds.map((id) =>
-      getCategoryInfo(id, $masterKeyStore?.get(1)?.key!),
-    );
-  });
 </script>
 
 <div class={["space-y-1", className]}>
@@ -53,14 +43,12 @@
   {#if subCategoryCreatePosition === "top"}
     {@render subCategoryCreate()}
   {/if}
-  {#key info}
   <Categories
-      categories={subCategories}
+    categories={info.subCategories}
     categoryMenuIcon={subCategoryMenuIcon}
     onCategoryClick={onSubCategoryClick}
     onCategoryMenuClick={onSubCategoryMenuClick}
   />
-  {/key}
   {#if subCategoryCreatePosition === "bottom"}
     {@render subCategoryCreate()}
   {/if}

src/lib/components/molecules/labels/DirectoryEntryLabel.svelte

@@ -3,6 +3,7 @@
   import { IconLabel } from "$lib/components/molecules";
 
   import IconFolder from "~icons/material-symbols/folder";
+  import IconDriveFolderUpload from "~icons/material-symbols/drive-folder-upload";
   import IconDraft from "~icons/material-symbols/draft";
 
   interface Props {
@@ -10,19 +11,40 @@
     name: string;
     subtext?: string;
     textClass?: ClassValue;
-    type: "directory" | "file";
+    thumbnail?: string;
+    type: "directory" | "parent-directory" | "file";
   }
 
-  let { class: className, name, subtext, textClass: textClassName, type }: Props = $props();
+  let {
+    class: className,
+    name,
+    subtext,
+    textClass: textClassName,
+    thumbnail,
+    type,
+  }: Props = $props();
 </script>
 
+{#snippet iconSnippet()}
+  <div class="flex h-10 w-10 items-center justify-center text-xl">
+    {#if thumbnail}
+      <img src={thumbnail} alt={name} loading="lazy" class="aspect-square rounded object-cover" />
+    {:else if type === "directory"}
+      <IconFolder />
+    {:else if type === "parent-directory"}
+      <IconDriveFolderUpload class="text-yellow-500" />
+    {:else}
+      <IconDraft class="text-blue-400" />
+    {/if}
+  </div>
+{/snippet}
+
 {#snippet subtextSnippet()}
   {subtext}
 {/snippet}
 
 <IconLabel
-  icon={type === "directory" ? IconFolder : IconDraft}
+  {iconSnippet}
-  iconClass={type === "file" ? "text-blue-400" : undefined}
   subtext={subtext ? subtextSnippet : undefined}
   class={className}
   textClass={textClassName}

src/lib/components/molecules/labels/IconLabel.svelte

@@ -5,8 +5,9 @@
   interface Props {
     children: Snippet;
     class?: ClassValue;
-    icon: Component<SvelteHTMLElements["svg"]>;
+    icon?: Component<SvelteHTMLElements["svg"]>;
     iconClass?: ClassValue;
+    iconSnippet?: Snippet;
     subtext?: Snippet;
     textClass?: ClassValue;
   }
@@ -16,15 +17,22 @@
     class: className,
     icon: Icon,
     iconClass: iconClassName,
+    iconSnippet,
     subtext,
     textClass: textClassName,
   }: Props = $props();
 </script>
 
 <div class={["flex items-center gap-x-4", className]}>
+  {#if iconSnippet}
+    <div class={["flex-shrink-0", iconClassName]}>
+      {@render iconSnippet()}
+    </div>
+  {:else if Icon}
     <div class={["flex-shrink-0 text-lg", iconClassName]}>
       <Icon />
     </div>
+  {/if}
   <div class="flex flex-grow flex-col overflow-x-hidden text-left">
     <p class={["truncate font-medium", textClassName]}>
       {@render children()}

src/lib/components/organisms/Category/Category.svelte

@@ -1,11 +1,8 @@
 <script lang="ts">
-  import { untrack } from "svelte";
+  import { CheckBox, RowVirtualizer } from "$lib/components/atoms";
-  import { get, type Writable } from "svelte/store";
-  import { CheckBox } from "$lib/components/atoms";
   import { SubCategories, type SelectedCategory } from "$lib/components/molecules";
-  import { getFileInfo, type FileInfo, type CategoryInfo } from "$lib/modules/filesystem";
+  import type { CategoryInfo } from "$lib/modules/filesystem2.svelte";
-  import { SortBy, sortEntries } from "$lib/modules/util";
+  import { sortEntries } from "$lib/utils";
-  import { masterKeyStore } from "$lib/stores";
   import File from "./File.svelte";
   import type { SelectedFile } from "./service";
 
@@ -13,13 +10,12 @@
 
   interface Props {
     info: CategoryInfo;
+    isFileRecursive: boolean | undefined;
     onFileClick: (file: SelectedFile) => void;
     onFileRemoveClick: (file: SelectedFile) => void;
     onSubCategoryClick: (subCategory: SelectedCategory) => void;
     onSubCategoryCreateClick: () => void;
     onSubCategoryMenuClick: (subCategory: SelectedCategory) => void;
-    sortBy?: SortBy;
-    isFileRecursive: boolean;
   }
 
   let {
@@ -29,43 +25,16 @@
     onSubCategoryClick,
     onSubCategoryCreateClick,
     onSubCategoryMenuClick,
-    sortBy = SortBy.NAME_ASC,
     isFileRecursive = $bindable(),
   }: Props = $props();
 
-  let files: { name?: string; info: Writable<FileInfo | null>; isRecursive: boolean }[] = $state(
+  let files = $derived(
-    [],
+    sortEntries(
-  );
-
-  $effect(() => {
-    files =
       info.files
-        ?.filter(({ isRecursive }) => isFileRecursive || !isRecursive)
+        ?.map((file) => ({ name: file.name, details: file }))
-        .map(({ id, isRecursive }) => {
+        .filter(({ details }) => isFileRecursive || !details.isRecursive) ?? [],
-          const info = getFileInfo(id, $masterKeyStore?.get(1)?.key!);
+    ),
-          return {
-            name: get(info)?.name,
-            info,
-            isRecursive,
-          };
-        }) ?? [];
-
-    const sort = () => {
-      sortEntries(files, sortBy);
-    };
-    return untrack(() => {
-      sort();
-
-      const unsubscribes = files.map((file) =>
-        file.info.subscribe((value) => {
-          if (file.name === value?.name) return;
-          file.name = value?.name;
-          sort();
-        }),
   );
-      return () => unsubscribes.forEach((unsubscribe) => unsubscribe());
-    });
-  });
 </script>
 
 <div class="space-y-4">
@@ -89,19 +58,24 @@
           <p class="font-medium">하위 카테고리의 파일</p>
         </CheckBox>
       </div>
-      <div class="space-y-1">
+      <RowVirtualizer
-        {#key info}
+        count={files.length}
-          {#each files as { info, isRecursive }}
+        itemHeight={(index) => 48 + (index + 1 < files.length ? 4 : 0)}
+      >
+        {#snippet item(index)}
+          {@const { details } = files[index]!}
+          <div class={[index + 1 < files.length && "pb-1"]}>
             <File
-              {info}
+              info={details}
               onclick={onFileClick}
-              onRemoveClick={!isRecursive ? onFileRemoveClick : undefined}
+              onRemoveClick={!details.isRecursive ? onFileRemoveClick : undefined}
             />
-          {:else}
-            <p class="text-gray-500 text-center">이 카테고리에 추가된 파일이 없어요.</p>
-          {/each}
-        {/key}
           </div>
+        {/snippet}
+        {#snippet placeholder()}
+          <p class="text-center text-gray-500">이 카테고리에 추가된 파일이 없어요.</p>
+        {/snippet}
+      </RowVirtualizer>
     </div>
   {/if}
 </div>

src/lib/components/organisms/Category/File.svelte

@@ -1,42 +1,38 @@
 <script lang="ts">
-  import type { Writable } from "svelte/store";
+  import { browser } from "$app/environment";
   import { ActionEntryButton } from "$lib/components/atoms";
   import { DirectoryEntryLabel } from "$lib/components/molecules";
-  import type { FileInfo } from "$lib/modules/filesystem";
+  import type { CategoryFileInfo } from "$lib/modules/filesystem2.svelte";
+  import { requestFileThumbnailDownload } from "$lib/services/file";
   import type { SelectedFile } from "./service";
 
   import IconClose from "~icons/material-symbols/close";
 
   interface Props {
-    info: Writable<FileInfo | null>;
+    info: CategoryFileInfo;
-    onclick: (selectedFile: SelectedFile) => void;
+    onclick: (file: SelectedFile) => void;
-    onRemoveClick?: (selectedFile: SelectedFile) => void;
+    onRemoveClick?: (file: SelectedFile) => void;
   }
 
   let { info, onclick, onRemoveClick }: Props = $props();
 
-  const openFile = () => {
+  let showThumbnail = $derived(
-    const { id, dataKey, dataKeyVersion, name } = $info as FileInfo;
+    browser && (info.contentType.startsWith("image/") || info.contentType.startsWith("video/")),
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
+  );
-
+  let thumbnailPromise = $derived(
-    onclick({ id, dataKey, dataKeyVersion, name });
+    showThumbnail ? requestFileThumbnailDownload(info.id, info.dataKey?.key) : null,
-  };
+  );
-
-  const removeFile = () => {
-    const { id, dataKey, dataKeyVersion, name } = $info as FileInfo;
-    if (!dataKey || !dataKeyVersion) return; // TODO: Error handling
-
-    onRemoveClick!({ id, dataKey, dataKeyVersion, name });
-  };
 </script>
 
-{#if $info}
 <ActionEntryButton
   class="h-12"
-    onclick={openFile}
+  onclick={() => onclick(info)}
   actionButtonIcon={onRemoveClick && IconClose}
-    onActionButtonClick={removeFile}
+  onActionButtonClick={() => onRemoveClick?.(info)}
 >
-    <DirectoryEntryLabel type="file" name={$info.name} />
+  {#await thumbnailPromise}
+    <DirectoryEntryLabel type="file" name={info.name} />
+  {:then thumbnail}
+    <DirectoryEntryLabel type="file" thumbnail={thumbnail ?? undefined} name={info.name} />
+  {/await}
 </ActionEntryButton>
-{/if}

src/lib/components/organisms/Category/service.ts

@@ -1,6 +1,4 @@
 export interface SelectedFile {
   id: number;
-  dataKey: CryptoKey;
-  dataKeyVersion: Date;
   name: string;
 }

src/lib/components/organisms/Gallery.svelte

@@ -0,0 +1,134 @@
+<script lang="ts">
+  import { untrack } from "svelte";
+  import { get, type Writable } from "svelte/store";
+  import { FileThumbnailButton, RowVirtualizer } from "$lib/components/atoms";
+  import type { FileInfo } from "$lib/modules/filesystem";
+  import { formatDate, formatDateSortable, SortBy, sortEntries } from "$lib/utils";
+
+  interface Props {
+    files: Writable<FileInfo | null>[];
+    onFileClick?: (file: FileInfo) => void;
+  }
+
+  let { files, onFileClick }: Props = $props();
+
+  type FileEntry =
+    | { date?: undefined; contentType?: undefined; info: Writable<FileInfo | null> }
+    | { date: Date; contentType: string; info: Writable<FileInfo | null> };
+  type Row =
+    | { type: "header"; label: string }
+    | { type: "items"; items: FileEntry[]; isLast: boolean };
+
+  let filesWithDate: FileEntry[] = $state([]);
+  let rows: Row[] = $state([]);
+
+  $effect(() => {
+    filesWithDate = files.map((file) => {
+      const info = get(file);
+      if (info) {
+        return {
+          date: info.createdAt ?? info.lastModifiedAt,
+          contentType: info.contentType,
+          info: file,
+        };
+      } else {
+        return { info: file };
+      }
+    });
+
+    const buildRows = () => {
+      const map = new Map<string, FileEntry[]>();
+
+      for (const file of filesWithDate) {
+        if (
+          !file.date ||
+          !(file.contentType.startsWith("image/") || file.contentType.startsWith("video/"))
+        ) {
+          continue;
+        }
+
+        const date = formatDateSortable(file.date);
+        const entries = map.get(date) ?? [];
+        entries.push(file);
+        map.set(date, entries);
+      }
+
+      const newRows: Row[] = [];
+      const sortedDates = Array.from(map.keys()).sort((a, b) => b.localeCompare(a));
+      for (const date of sortedDates) {
+        const entries = map.get(date)!;
+        sortEntries(entries, SortBy.DATE_DESC);
+
+        newRows.push({
+          type: "header",
+          label: formatDate(entries[0]!.date!),
+        });
+
+        for (let i = 0; i < entries.length; i += 4) {
+          newRows.push({
+            type: "items",
+            items: entries.slice(i, i + 4),
+            isLast: i + 4 >= entries.length,
+          });
+        }
+      }
+
+      rows = newRows;
+    };
+    return untrack(() => {
+      buildRows();
+
+      const unsubscribes = filesWithDate.map((file) =>
+        file.info.subscribe((value) => {
+          const newDate = value?.createdAt ?? value?.lastModifiedAt;
+          const newContentType = value?.contentType;
+          if (file.date?.getTime() === newDate?.getTime() && file.contentType === newContentType) {
+            return;
+          }
+
+          file.date = newDate;
+          file.contentType = newContentType;
+          buildRows();
+        }),
+      );
+      return () => unsubscribes.forEach((unsubscribe) => unsubscribe());
+    });
+  });
+</script>
+
+<RowVirtualizer
+  count={rows.length}
+  itemHeight={(index) =>
+    rows[index]!.type === "header"
+      ? 28
+      : Math.ceil(rows[index]!.items.length / 4) * 181 +
+        (Math.ceil(rows[index]!.items.length / 4) - 1) * 4 +
+        16}
+  class="flex flex-grow flex-col"
+>
+  {#snippet item(index)}
+    {@const row = rows[index]!}
+    {#if row.type === "header"}
+      <p class="pb-2 text-sm font-medium">{row.label}</p>
+    {:else}
+      <div class={["grid grid-cols-4 gap-x-1", row.isLast ? "pb-4" : "pb-1"]}>
+        {#each row.items as { info }}
+          <FileThumbnailButton {info} onclick={onFileClick} />
+        {/each}
+      </div>
+    {/if}
+  {/snippet}
+  {#snippet placeholder()}
+    <div class="flex h-full flex-grow items-center justify-center">
+      <p class="text-gray-500">
+        {#if files.length === 0}
+          업로드된 파일이 없어요.
+        {:else if filesWithDate.length === 0}
+          파일 목록을 불러오고 있어요.
+        {:else}
+          사진 또는 동영상이 없어요.
+        {/if}
+      </p>
+    </div>
+  {/snippet}
+</RowVirtualizer>

src/lib/components/organisms/index.ts

@@ -1,3 +1,4 @@
 export * from "./Category";
 export { default as Category } from "./Category";
+export { default as Gallery } from "./Gallery.svelte";
 export * from "./modals";

src/lib/components/organisms/modals/ForceLoginModal.svelte

@@ -0,0 +1,22 @@
+<script lang="ts">
+  import { ActionModal } from "$lib/components/molecules";
+
+  interface Props {
+    isOpen: boolean;
+    oncancel?: () => void;
+    onLoginClick: () => void;
+  }
+
+  let { isOpen = $bindable(), oncancel, onLoginClick }: Props = $props();
+</script>
+
+<ActionModal
+  bind:isOpen
+  title="다른 디바이스에 이미 로그인되어 있어요."
+  cancelText="아니요"
+  {oncancel}
+  confirmText="네"
+  onConfirmClick={onLoginClick}
+>
+  <p>다른 디바이스에서는 로그아웃하고, 이 디바이스에서 로그인할까요?</p>
+</ActionModal>

src/lib/components/organisms/modals/index.ts

@@ -1,3 +1,4 @@
 export { default as CategoryCreateModal } from "./CategoryCreateModal.svelte";
+export { default as ForceLoginModal } from "./ForceLoginModal.svelte";
 export { default as RenameModal } from "./RenameModal.svelte";
 export { default as TextInputModal } from "./TextInputModal.svelte";

src/lib/hooks/callApi.ts

@@ -1,11 +0,0 @@
-export const callGetApi = async (input: RequestInfo, fetchInternal = fetch) => {
-  return await fetchInternal(input);
-};
-
-export const callPostApi = async <T>(input: RequestInfo, payload?: T, fetchInternal = fetch) => {
-  return await fetchInternal(input, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: payload ? JSON.stringify(payload) : undefined,
-  });
-};

src/lib/hooks/index.ts

@@ -1,2 +0,0 @@
-export * from "./callApi";
-export * from "./gotoStateful";

src/lib/indexedDB/filesystem.ts

@@ -1,7 +1,5 @@
 import { Dexie, type EntityTable } from "dexie";
 
-export type DirectoryId = "root" | number;
-
 interface DirectoryInfo {
   id: number;
   parentId: DirectoryId;
@@ -18,13 +16,12 @@ interface FileInfo {
   categoryIds: number[];
 }
 
-export type CategoryId = "root" | number;
-
 interface CategoryInfo {
   id: number;
   parentId: CategoryId;
   name: string;
   files: { id: number; isRecursive: boolean }[];
+  isFileRecursive: boolean;
 }
 
 const filesystem = new Dexie("filesystem") as Dexie & {
@@ -33,10 +30,20 @@ const filesystem = new Dexie("filesystem") as Dexie & {
   category: EntityTable<CategoryInfo, "id">;
 };
 
-filesystem.version(2).stores({
+filesystem
+  .version(3)
+  .stores({
     directory: "id, parentId",
     file: "id, parentId",
     category: "id, parentId",
+  })
+  .upgrade(async (trx) => {
+    await trx
+      .table("category")
+      .toCollection()
+      .modify((category) => {
+        category.isFileRecursive = false;
+      });
   });
 
 export const getDirectoryInfos = async (parentId: DirectoryId) => {
@@ -55,6 +62,10 @@ export const deleteDirectoryInfo = async (id: number) => {
   await filesystem.directory.delete(id);
 };
 
+export const getAllFileInfos = async () => {
+  return await filesystem.file.toArray();
+};
+
 export const getFileInfos = async (parentId: DirectoryId) => {
   return await filesystem.file.where({ parentId }).toArray();
 };
@@ -83,6 +94,10 @@ export const storeCategoryInfo = async (categoryInfo: CategoryInfo) => {
   await filesystem.category.put(categoryInfo);
 };
 
+export const updateCategoryInfo = async (id: number, changes: { isFileRecursive?: boolean }) => {
+  await filesystem.category.update(id, changes);
+};
+
 export const deleteCategoryInfo = async (id: number) => {
   await filesystem.category.delete(id);
 };

src/lib/modules/crypto/rsa.ts

@@ -46,6 +46,56 @@ export const exportRSAKeyToBase64 = async (key: CryptoKey) => {
   return encodeToBase64((await exportRSAKey(key)).key);
 };
 
+export const importEncryptionKeyPairFromBase64 = async (
+  encryptKeyBase64: string,
+  decryptKeyBase64: string,
+) => {
+  const algorithm: RsaHashedImportParams = {
+    name: "RSA-OAEP",
+    hash: "SHA-256",
+  };
+  const encryptKey = await window.crypto.subtle.importKey(
+    "spki",
+    decodeFromBase64(encryptKeyBase64),
+    algorithm,
+    true,
+    ["encrypt", "wrapKey"],
+  );
+  const decryptKey = await window.crypto.subtle.importKey(
+    "pkcs8",
+    decodeFromBase64(decryptKeyBase64),
+    algorithm,
+    true,
+    ["decrypt", "unwrapKey"],
+  );
+  return { encryptKey, decryptKey };
+};
+
+export const importSigningKeyPairFromBase64 = async (
+  signKeyBase64: string,
+  verifyKeyBase64: string,
+) => {
+  const algorithm: RsaHashedImportParams = {
+    name: "RSA-PSS",
+    hash: "SHA-256",
+  };
+  const signKey = await window.crypto.subtle.importKey(
+    "pkcs8",
+    decodeFromBase64(signKeyBase64),
+    algorithm,
+    true,
+    ["sign"],
+  );
+  const verifyKey = await window.crypto.subtle.importKey(
+    "spki",
+    decodeFromBase64(verifyKeyBase64),
+    algorithm,
+    true,
+    ["verify"],
+  );
+  return { signKey, verifyKey };
+};
+
 export const makeRSAKeyNonextractable = async (key: CryptoKey) => {
   const { key: exportedKey, format } = await exportRSAKey(key);
   return await window.crypto.subtle.importKey(

src/lib/modules/file/cache.ts

@@ -1,12 +1,15 @@
+import { LRUCache } from "lru-cache";
 import {
   getFileCacheIndex as getFileCacheIndexFromIndexedDB,
   storeFileCacheIndex,
   deleteFileCacheIndex,
   type FileCacheIndex,
 } from "$lib/indexedDB";
-import { readFile, writeFile, deleteFile } from "$lib/modules/opfs";
+import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
+import { getThumbnailUrl } from "$lib/modules/thumbnail";
 
 const fileCacheIndex = new Map<number, FileCacheIndex>();
+const loadedThumbnails = new LRUCache<number, string>({ max: 100 });
 
 export const prepareFileCache = async () => {
   for (const cache of await getFileCacheIndexFromIndexedDB()) {
@@ -48,3 +51,30 @@ export const deleteFileCache = async (fileId: number) => {
   await deleteFile(`/cache/${fileId}`);
   await deleteFileCacheIndex(fileId);
 };
+
+export const getFileThumbnailCache = async (fileId: number) => {
+  const thumbnail = loadedThumbnails.get(fileId);
+  if (thumbnail) return thumbnail;
+
+  const thumbnailBuffer = await readFile(`/thumbnail/file/${fileId}`);
+  if (!thumbnailBuffer) return null;
+
+  const thumbnailUrl = getThumbnailUrl(thumbnailBuffer);
+  loadedThumbnails.set(fileId, thumbnailUrl);
+  return thumbnailUrl;
+};
+
+export const storeFileThumbnailCache = async (fileId: number, thumbnailBuffer: ArrayBuffer) => {
+  await writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
+  loadedThumbnails.set(fileId, getThumbnailUrl(thumbnailBuffer));
+};
+
+export const deleteFileThumbnailCache = async (fileId: number) => {
+  loadedThumbnails.delete(fileId);
+  await deleteFile(`/thumbnail/file/${fileId}`);
+};
+
+export const deleteAllFileThumbnailCaches = async () => {
+  loadedThumbnails.clear();
+  await deleteDirectory("/thumbnail/file");
+};

src/lib/modules/file/index.ts

@@ -1,3 +1,3 @@
 export * from "./cache";
 export * from "./download";
-export * from "./upload";
+export * from "./upload.svelte";

src/lib/modules/file/upload.svelte.ts

@@ -1,7 +1,6 @@
 import axios from "axios";
 import ExifReader from "exifreader";
 import { limitFunction } from "p-limit";
-import { writable, type Writable } from "svelte/store";
 import {
   encodeToBase64,
   generateDataKey,
@@ -11,30 +10,60 @@ import {
   digestMessage,
   signMessageHmac,
 } from "$lib/modules/crypto";
+import { generateThumbnail } from "$lib/modules/thumbnail";
 import type {
-  DuplicateFileScanRequest,
+  FileThumbnailUploadRequest,
-  DuplicateFileScanResponse,
   FileUploadRequest,
   FileUploadResponse,
 } from "$lib/server/schemas";
-import {
+import type { MasterKey, HmacSecret } from "$lib/stores";
-  fileUploadStatusStore,
+import { trpc } from "$trpc/client";
-  type MasterKey,
+
-  type HmacSecret,
+export interface FileUploadState {
-  type FileUploadStatus,
+  name: string;
-} from "$lib/stores";
+  parentId: DirectoryId;
+  status:
+    | "encryption-pending"
+    | "encrypting"
+    | "upload-pending"
+    | "uploading"
+    | "uploaded"
+    | "canceled"
+    | "error";
+  progress?: number;
+  rate?: number;
+  estimated?: number;
+}
+
+export type LiveFileUploadState = FileUploadState & {
+  status: "encryption-pending" | "encrypting" | "upload-pending" | "uploading";
+};
+
+let uploadingFiles: FileUploadState[] = $state([]);
+
+const isFileUploading = (status: FileUploadState["status"]) =>
+  ["encryption-pending", "encrypting", "upload-pending", "uploading"].includes(status);
+
+export const getUploadingFiles = (parentId?: DirectoryId) => {
+  return uploadingFiles.filter(
+    (file): file is LiveFileUploadState =>
+      (parentId === undefined || file.parentId === parentId) && isFileUploading(file.status),
+  );
+};
+
+export const clearUploadedFiles = () => {
+  uploadingFiles = uploadingFiles.filter((file) => isFileUploading(file.status));
+};
 
 const requestDuplicateFileScan = limitFunction(
   async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => {
     const fileBuffer = await file.arrayBuffer();
     const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret));
 
-    const res = await axios.post("/api/file/scanDuplicates", {
+    const files = await trpc().file.listByHash.query({
       hskVersion: hmacSecret.version,
       contentHmac: fileSigned,
-    } satisfies DuplicateFileScanRequest);
+    });
-    const { files }: DuplicateFileScanResponse = res.data;
-
     if (files.length === 0 || (await onDuplicate())) {
       return { fileBuffer, fileSigned };
     } else {
@@ -77,16 +106,8 @@ const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
 };
 
 const encryptFile = limitFunction(
-  async (
+  async (state: FileUploadState, file: File, fileBuffer: ArrayBuffer, masterKey: MasterKey) => {
-    status: Writable<FileUploadStatus>,
+    state.status = "encrypting";
-    file: File,
-    fileBuffer: ArrayBuffer,
-    masterKey: MasterKey,
-  ) => {
-    status.update((value) => {
-      value.status = "encrypting";
-      return value;
-    });
 
     const fileType = getFileType(file);
 
@@ -106,10 +127,11 @@ const encryptFile = limitFunction(
       createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
     const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey);
 
-    status.update((value) => {
+    const thumbnail = await generateThumbnail(fileBuffer, fileType);
-      value.status = "upload-pending";
+    const thumbnailBuffer = await thumbnail?.arrayBuffer();
-      return value;
+    const thumbnailEncrypted = thumbnailBuffer && (await encryptData(thumbnailBuffer, dataKey));
-    });
+
+    state.status = "upload-pending";
 
     return {
       dataKeyWrapped,
@@ -120,34 +142,35 @@ const encryptFile = limitFunction(
       nameEncrypted,
       createdAtEncrypted,
       lastModifiedAtEncrypted,
+      thumbnail: thumbnailEncrypted && { plaintext: thumbnailBuffer, ...thumbnailEncrypted },
     };
   },
   { concurrency: 4 },
 );
 
 const requestFileUpload = limitFunction(
-  async (status: Writable<FileUploadStatus>, form: FormData) => {
+  async (state: FileUploadState, form: FormData, thumbnailForm: FormData | null) => {
-    status.update((value) => {
+    state.status = "uploading";
-      value.status = "uploading";
-      return value;
-    });
 
     const res = await axios.post("/api/file/upload", form, {
       onUploadProgress: ({ progress, rate, estimated }) => {
-        status.update((value) => {
+        state.progress = progress;
-          value.progress = progress;
+        state.rate = rate;
-          value.rate = rate;
+        state.estimated = estimated;
-          value.estimated = estimated;
-          return value;
-        });
       },
     });
     const { file }: FileUploadResponse = res.data;
 
-    status.update((value) => {
+    if (thumbnailForm) {
-      value.status = "uploaded";
+      try {
-      return value;
+        await axios.post(`/api/file/${file}/thumbnail/upload`, thumbnailForm);
-    });
+      } catch (e) {
+        // TODO
+        console.error(e);
+      }
+    }
+
+    state.status = "uploaded";
 
     return { fileId: file };
   },
@@ -160,16 +183,15 @@ export const uploadFile = async (
   hmacSecret: HmacSecret,
   masterKey: MasterKey,
   onDuplicate: () => Promise<boolean>,
-): Promise<{ fileId: number; fileBuffer: ArrayBuffer } | undefined> => {
+): Promise<
-  const status = writable<FileUploadStatus>({
+  { fileId: number; fileBuffer: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined
+> => {
+  uploadingFiles.push({
     name: file.name,
     parentId,
     status: "encryption-pending",
   });
-  fileUploadStatusStore.update((value) => {
+  const state = uploadingFiles.at(-1)!;
-    value.push(status);
-    return value;
-  });
 
   try {
     const { fileBuffer, fileSigned } = await requestDuplicateFileScan(
@@ -178,14 +200,8 @@ export const uploadFile = async (
       onDuplicate,
     );
     if (!fileBuffer || !fileSigned) {
-      status.update((value) => {
+      state.status = "canceled";
-        value.status = "canceled";
+      uploadingFiles = uploadingFiles.filter((file) => file !== state);
-        return value;
-      });
-      fileUploadStatusStore.update((value) => {
-        value = value.filter((v) => v !== status);
-        return value;
-      });
       return undefined;
     }
 
@@ -198,7 +214,8 @@ export const uploadFile = async (
       nameEncrypted,
       createdAtEncrypted,
       lastModifiedAtEncrypted,
-    } = await encryptFile(status, file, fileBuffer, masterKey);
+      thumbnail,
+    } = await encryptFile(state, file, fileBuffer, masterKey);
 
     const form = new FormData();
     form.set(
@@ -218,18 +235,28 @@ export const uploadFile = async (
         createdAtIv: createdAtEncrypted?.iv,
         lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
         lastModifiedAtIv: lastModifiedAtEncrypted.iv,
-      } as FileUploadRequest),
+      } satisfies FileUploadRequest),
     );
     form.set("content", new Blob([fileEncrypted.ciphertext]));
     form.set("checksum", fileEncryptedHash);
 
-    const { fileId } = await requestFileUpload(status, form);
+    let thumbnailForm = null;
-    return { fileId, fileBuffer };
+    if (thumbnail) {
+      thumbnailForm = new FormData();
+      thumbnailForm.set(
+        "metadata",
+        JSON.stringify({
+          dekVersion: dataKeyVersion.toISOString(),
+          contentIv: thumbnail.iv,
+        } satisfies FileThumbnailUploadRequest),
+      );
+      thumbnailForm.set("content", new Blob([thumbnail.ciphertext]));
+    }
+
+    const { fileId } = await requestFileUpload(state, form, thumbnailForm);
+    return { fileId, fileBuffer, thumbnailBuffer: thumbnail?.plaintext };
   } catch (e) {
-    status.update((value) => {
+    state.status = "error";
-      value.status = "error";
-      return value;
-    });
     throw e;
   }
 };

src/lib/modules/filesystem.ts

@@ -1,49 +1,15 @@
 import { get, writable, type Writable } from "svelte/store";
-import { callGetApi } from "$lib/hooks";
 import {
-  getDirectoryInfos as getDirectoryInfosFromIndexedDB,
-  getDirectoryInfo as getDirectoryInfoFromIndexedDB,
-  storeDirectoryInfo,
-  deleteDirectoryInfo,
-  getFileInfos as getFileInfosFromIndexedDB,
   getFileInfo as getFileInfoFromIndexedDB,
   storeFileInfo,
   deleteFileInfo,
-  getCategoryInfos as getCategoryInfosFromIndexedDB,
-  getCategoryInfo as getCategoryInfoFromIndexedDB,
-  storeCategoryInfo,
-  deleteCategoryInfo,
-  type DirectoryId,
-  type CategoryId,
 } from "$lib/indexedDB";
 import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
-import type {
+import { trpc, isTRPCClientError } from "$trpc/client";
-  CategoryInfoResponse,
-  CategoryFileListResponse,
-  DirectoryInfoResponse,
-  FileInfoResponse,
-} from "$lib/server/schemas";
-
-export type DirectoryInfo =
-  | {
-      id: "root";
-      dataKey?: undefined;
-      dataKeyVersion?: undefined;
-      name?: undefined;
-      subDirectoryIds: number[];
-      fileIds: number[];
-    }
-  | {
-      id: number;
-      dataKey?: CryptoKey;
-      dataKeyVersion?: Date;
-      name: string;
-      subDirectoryIds: number[];
-      fileIds: number[];
-    };
 
 export interface FileInfo {
   id: number;
+  parentId: DirectoryId;
   dataKey?: CryptoKey;
   dataKeyVersion?: Date;
   contentType: string;
@@ -54,109 +20,7 @@ export interface FileInfo {
   categoryIds: number[];
 }
 
-export type CategoryInfo =
-  | {
-      id: "root";
-      dataKey?: undefined;
-      dataKeyVersion?: undefined;
-      name?: undefined;
-      subCategoryIds: number[];
-      files?: undefined;
-    }
-  | {
-      id: number;
-      dataKey?: CryptoKey;
-      dataKeyVersion?: Date;
-      name: string;
-      subCategoryIds: number[];
-      files: { id: number; isRecursive: boolean }[];
-    };
-
-const directoryInfoStore = new Map<DirectoryId, Writable<DirectoryInfo | null>>();
 const fileInfoStore = new Map<number, Writable<FileInfo | null>>();
-const categoryInfoStore = new Map<CategoryId, Writable<CategoryInfo | null>>();
-
-const fetchDirectoryInfoFromIndexedDB = async (
-  id: DirectoryId,
-  info: Writable<DirectoryInfo | null>,
-) => {
-  if (get(info)) return;
-
-  const [directory, subDirectories, files] = await Promise.all([
-    id !== "root" ? getDirectoryInfoFromIndexedDB(id) : undefined,
-    getDirectoryInfosFromIndexedDB(id),
-    getFileInfosFromIndexedDB(id),
-  ]);
-  const subDirectoryIds = subDirectories.map(({ id }) => id);
-  const fileIds = files.map(({ id }) => id);
-
-  if (id === "root") {
-    info.set({ id, subDirectoryIds, fileIds });
-  } else {
-    if (!directory) return;
-    info.set({ id, name: directory.name, subDirectoryIds, fileIds });
-  }
-};
-
-const fetchDirectoryInfoFromServer = async (
-  id: DirectoryId,
-  info: Writable<DirectoryInfo | null>,
-  masterKey: CryptoKey,
-) => {
-  const res = await callGetApi(`/api/directory/${id}`);
-  if (res.status === 404) {
-    info.set(null);
-    await deleteDirectoryInfo(id as number);
-    return;
-  } else if (!res.ok) {
-    throw new Error("Failed to fetch directory information");
-  }
-
-  const {
-    metadata,
-    subDirectories: subDirectoryIds,
-    files: fileIds,
-  }: DirectoryInfoResponse = await res.json();
-
-  if (id === "root") {
-    info.set({ id, subDirectoryIds, fileIds });
-  } else {
-    const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
-    const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
-
-    info.set({
-      id,
-      dataKey,
-      dataKeyVersion: new Date(metadata!.dekVersion),
-      name,
-      subDirectoryIds,
-      fileIds,
-    });
-    await storeDirectoryInfo({ id, parentId: metadata!.parent, name });
-  }
-};
-
-const fetchDirectoryInfo = async (
-  id: DirectoryId,
-  info: Writable<DirectoryInfo | null>,
-  masterKey: CryptoKey,
-) => {
-  await fetchDirectoryInfoFromIndexedDB(id, info);
-  await fetchDirectoryInfoFromServer(id, info, masterKey);
-};
-
-export const getDirectoryInfo = (id: DirectoryId, masterKey: CryptoKey) => {
-  // TODO: MEK rotation
-
-  let info = directoryInfoStore.get(id);
-  if (!info) {
-    info = writable(null);
-    directoryInfoStore.set(id, info);
-  }
-
-  fetchDirectoryInfo(id, info, masterKey); // Intended
-  return info;
-};
 
 const fetchFileInfoFromIndexedDB = async (id: number, info: Writable<FileInfo | null>) => {
   if (get(info)) return;
@@ -176,16 +40,17 @@ const fetchFileInfoFromServer = async (
   info: Writable<FileInfo | null>,
   masterKey: CryptoKey,
 ) => {
-  const res = await callGetApi(`/api/file/${id}`);
+  let metadata;
-  if (res.status === 404) {
+  try {
+    metadata = await trpc().file.get.query({ id });
+  } catch (e) {
+    if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
       info.set(null);
       await deleteFileInfo(id);
       return;
-  } else if (!res.ok) {
+    }
     throw new Error("Failed to fetch file information");
   }
-
-  const metadata: FileInfoResponse = await res.json();
   const { dataKey } = await unwrapDataKey(metadata.dek, masterKey);
 
   const name = await decryptString(metadata.name, metadata.nameIv, dataKey);
@@ -201,6 +66,7 @@ const fetchFileInfoFromServer = async (
 
   info.set({
     id,
+    parentId: metadata.parent,
     dataKey,
     dataKeyVersion: new Date(metadata.dekVersion),
     contentType: metadata.contentType,
@@ -238,92 +104,3 @@ export const getFileInfo = (fileId: number, masterKey: CryptoKey) => {
   fetchFileInfo(fileId, info, masterKey); // Intended
   return info;
 };
-
-const fetchCategoryInfoFromIndexedDB = async (
-  id: CategoryId,
-  info: Writable<CategoryInfo | null>,
-) => {
-  if (get(info)) return;
-
-  const [category, subCategories] = await Promise.all([
-    id !== "root" ? getCategoryInfoFromIndexedDB(id) : undefined,
-    getCategoryInfosFromIndexedDB(id),
-  ]);
-  const subCategoryIds = subCategories.map(({ id }) => id);
-
-  if (id === "root") {
-    info.set({ id, subCategoryIds });
-  } else {
-    if (!category) return;
-    info.set({ id, name: category.name, subCategoryIds, files: category.files });
-  }
-};
-
-const fetchCategoryInfoFromServer = async (
-  id: CategoryId,
-  info: Writable<CategoryInfo | null>,
-  masterKey: CryptoKey,
-) => {
-  let res = await callGetApi(`/api/category/${id}`);
-  if (res.status === 404) {
-    info.set(null);
-    await deleteCategoryInfo(id as number);
-    return;
-  } else if (!res.ok) {
-    throw new Error("Failed to fetch category information");
-  }
-
-  const { metadata, subCategories }: CategoryInfoResponse = await res.json();
-
-  if (id === "root") {
-    info.set({ id, subCategoryIds: subCategories });
-  } else {
-    const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
-    const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
-
-    res = await callGetApi(`/api/category/${id}/file/list?recurse=true`);
-    if (!res.ok) {
-      throw new Error("Failed to fetch category files");
-    }
-
-    const { files }: CategoryFileListResponse = await res.json();
-    const filesMapped = files.map(({ file, isRecursive }) => ({ id: file, isRecursive }));
-
-    info.set({
-      id,
-      dataKey,
-      dataKeyVersion: new Date(metadata!.dekVersion),
-      name,
-      subCategoryIds: subCategories,
-      files: filesMapped,
-    });
-    await storeCategoryInfo({
-      id,
-      parentId: metadata!.parent,
-      name,
-      files: filesMapped,
-    });
-  }
-};
-
-const fetchCategoryInfo = async (
-  id: CategoryId,
-  info: Writable<CategoryInfo | null>,
-  masterKey: CryptoKey,
-) => {
-  await fetchCategoryInfoFromIndexedDB(id, info);
-  await fetchCategoryInfoFromServer(id, info, masterKey);
-};
-
-export const getCategoryInfo = (categoryId: CategoryId, masterKey: CryptoKey) => {
-  // TODO: MEK rotation
-
-  let info = categoryInfoStore.get(categoryId);
-  if (!info) {
-    info = writable(null);
-    categoryInfoStore.set(categoryId, info);
-  }
-
-  fetchCategoryInfo(categoryId, info, masterKey); // Intended
-  return info;
-};

src/lib/modules/filesystem2.svelte.ts

@@ -0,0 +1,341 @@
+import {
+  getDirectoryInfos as getDirectoryInfosFromIndexedDB,
+  getDirectoryInfo as getDirectoryInfoFromIndexedDB,
+  storeDirectoryInfo,
+  deleteDirectoryInfo,
+  getFileInfos as getFileInfosFromIndexedDB,
+  getFileInfo as getFileInfoFromIndexedDB,
+  storeFileInfo,
+  deleteFileInfo,
+  getCategoryInfos as getCategoryInfosFromIndexedDB,
+  getCategoryInfo as getCategoryInfoFromIndexedDB,
+  storeCategoryInfo,
+  updateCategoryInfo as updateCategoryInfoInIndexedDB,
+  deleteCategoryInfo,
+} from "$lib/indexedDB";
+import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
+import { monotonicResolve } from "$lib/utils";
+import { trpc, isTRPCClientError } from "$trpc/client";
+
+type DataKey = { key: CryptoKey; version: Date };
+
+interface LocalDirectoryInfo {
+  id: number;
+  parentId: DirectoryId;
+  dataKey?: DataKey;
+  name: string;
+  subDirectories: SubDirectoryInfo[];
+  files: SummarizedFileInfo[];
+}
+
+interface RootDirectoryInfo {
+  id: "root";
+  parentId?: undefined;
+  dataKey?: undefined;
+  dataKeyVersion?: undefined;
+  name?: undefined;
+  subDirectories: SubDirectoryInfo[];
+  files: SummarizedFileInfo[];
+}
+
+export type DirectoryInfo = LocalDirectoryInfo | RootDirectoryInfo;
+export type SubDirectoryInfo = Omit<LocalDirectoryInfo, "parentId" | "subDirectories" | "files">;
+
+interface FileInfo {
+  id: number;
+  parentId: DirectoryId;
+  dataKey?: DataKey;
+  contentType: string;
+  contentIv: string | undefined;
+  name: string;
+  createdAt?: Date;
+  lastModifiedAt: Date;
+  categories: { id: number; name: string }[];
+}
+
+export type SummarizedFileInfo = Omit<FileInfo, "parentId" | "contentIv" | "categories">;
+export type CategoryFileInfo = SummarizedFileInfo & { isRecursive: boolean };
+
+interface LocalCategoryInfo {
+  id: number;
+  dataKey?: DataKey | undefined;
+  name: string;
+  subCategories: SubCategoryInfo[];
+  files: CategoryFileInfo[];
+  isFileRecursive: boolean;
+}
+
+interface RootCategoryInfo {
+  id: "root";
+  dataKey?: undefined;
+  name?: undefined;
+  subCategories: SubCategoryInfo[];
+  files?: undefined;
+  isFileRecursive?: undefined;
+}
+
+export type CategoryInfo = LocalCategoryInfo | RootCategoryInfo;
+export type SubCategoryInfo = Omit<
+  LocalCategoryInfo,
+  "subCategories" | "files" | "isFileRecursive"
+>;
+
+const directoryInfoCache = new Map<DirectoryId, DirectoryInfo | Promise<DirectoryInfo>>();
+const categoryInfoCache = new Map<CategoryId, CategoryInfo | Promise<CategoryInfo>>();
+
+export const getDirectoryInfo = async (id: DirectoryId, masterKey: CryptoKey) => {
+  const info = directoryInfoCache.get(id);
+  if (info instanceof Promise) {
+    return info;
+  }
+
+  const { promise, resolve } = Promise.withResolvers<DirectoryInfo>();
+  if (!info) {
+    directoryInfoCache.set(id, promise);
+  }
+
+  monotonicResolve(
+    [!info && fetchDirectoryInfoFromIndexedDB(id), fetchDirectoryInfoFromServer(id, masterKey)],
+    (directoryInfo) => {
+      let info = directoryInfoCache.get(id);
+      if (info instanceof Promise) {
+        const state = $state(directoryInfo);
+        directoryInfoCache.set(id, state);
+        resolve(state);
+      } else {
+        Object.assign(info!, directoryInfo);
+        resolve(info!);
+      }
+    },
+  );
+  return info ?? promise;
+};
+
+const fetchDirectoryInfoFromIndexedDB = async (
+  id: DirectoryId,
+): Promise<DirectoryInfo | undefined> => {
+  const [directory, subDirectories, files] = await Promise.all([
+    id !== "root" ? getDirectoryInfoFromIndexedDB(id) : undefined,
+    getDirectoryInfosFromIndexedDB(id),
+    getFileInfosFromIndexedDB(id),
+  ]);
+
+  if (id === "root") {
+    return { id, subDirectories, files };
+  } else if (directory) {
+    return { id, parentId: directory.parentId, name: directory.name, subDirectories, files };
+  }
+};
+
+const fetchDirectoryInfoFromServer = async (
+  id: DirectoryId,
+  masterKey: CryptoKey,
+): Promise<DirectoryInfo | undefined> => {
+  try {
+    const {
+      metadata,
+      subDirectories: subDirectoriesRaw,
+      files: filesRaw,
+    } = await trpc().directory.get.query({ id });
+    const [subDirectories, files] = await Promise.all([
+      Promise.all(
+        subDirectoriesRaw.map(async (directory) => {
+          const { dataKey } = await unwrapDataKey(directory.dek, masterKey);
+          const name = await decryptString(directory.name, directory.nameIv, dataKey);
+          return {
+            id: directory.id,
+            dataKey: { key: dataKey, version: directory.dekVersion },
+            name,
+          };
+        }),
+      ),
+      Promise.all(
+        filesRaw.map(async (file) => {
+          const { dataKey } = await unwrapDataKey(file.dek, masterKey);
+          const [name, createdAt, lastModifiedAt] = await Promise.all([
+            decryptString(file.name, file.nameIv, dataKey),
+            file.createdAt ? decryptDate(file.createdAt, file.createdAtIv!, dataKey) : undefined,
+            decryptDate(file.lastModifiedAt, file.lastModifiedAtIv, dataKey),
+          ]);
+          return {
+            id: file.id,
+            dataKey: { key: dataKey, version: file.dekVersion },
+            contentType: file.contentType,
+            name,
+            createdAt,
+            lastModifiedAt,
+          };
+        }),
+      ),
+    ]);
+
+    if (id === "root") {
+      return { id, subDirectories, files };
+    } else {
+      const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
+      const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
+      return {
+        id,
+        parentId: metadata!.parent,
+        dataKey: { key: dataKey, version: metadata!.dekVersion },
+        name,
+        subDirectories,
+        files,
+      };
+    }
+  } catch (e) {
+    if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
+      directoryInfoCache.delete(id);
+      await deleteDirectoryInfo(id as number);
+      return;
+    }
+    throw new Error("Failed to fetch directory information");
+  }
+};
+
+const decryptDate = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
+  return new Date(parseInt(await decryptString(ciphertext, iv, dataKey), 10));
+};
+
+export const getCategoryInfo = async (id: CategoryId, masterKey: CryptoKey) => {
+  const info = categoryInfoCache.get(id);
+  if (info instanceof Promise) {
+    return info;
+  }
+
+  const { promise, resolve } = Promise.withResolvers<CategoryInfo>();
+  if (!info) {
+    categoryInfoCache.set(id, promise);
+    const categoryInfo = await fetchCategoryInfoFromIndexedDB(id);
+    if (categoryInfo) {
+      const state = $state(categoryInfo);
+      categoryInfoCache.set(id, state);
+      resolve(state);
+    }
+  }
+
+  fetchCategoryInfoFromServer(id, masterKey).then((categoryInfo) => {
+    if (!categoryInfo) return;
+
+    let info = categoryInfoCache.get(id);
+    if (info instanceof Promise) {
+      const state = $state(categoryInfo);
+      categoryInfoCache.set(id, state);
+      resolve(state);
+    } else {
+      Object.assign(info!, categoryInfo);
+      resolve(info!);
+    }
+  });
+
+  return info ?? promise;
+};
+
+const fetchCategoryInfoFromIndexedDB = async (
+  id: CategoryId,
+): Promise<CategoryInfo | undefined> => {
+  const [category, subCategories] = await Promise.all([
+    id !== "root" ? getCategoryInfoFromIndexedDB(id) : undefined,
+    getCategoryInfosFromIndexedDB(id),
+  ]);
+  const files = category
+    ? await Promise.all(
+        category.files.map(async (file) => {
+          const fileInfo = await getFileInfoFromIndexedDB(file.id);
+          return fileInfo
+            ? {
+                id: file.id,
+                contentType: fileInfo.contentType,
+                name: fileInfo.name,
+                createdAt: fileInfo.createdAt,
+                lastModifiedAt: fileInfo.lastModifiedAt,
+                isRecursive: file.isRecursive,
+              }
+            : undefined;
+        }),
+      )
+    : undefined;
+
+  if (id === "root") {
+    return { id, subCategories };
+  } else if (category) {
+    return {
+      id,
+      name: category.name,
+      subCategories,
+      files: files!.filter((file) => !!file),
+      isFileRecursive: category.isFileRecursive,
+    };
+  }
+};
+
+const fetchCategoryInfoFromServer = async (
+  id: CategoryId,
+  masterKey: CryptoKey,
+): Promise<CategoryInfo | undefined> => {
+  try {
+    const {
+      metadata,
+      subCategories: subCategoriesRaw,
+      files: filesRaw,
+    } = await trpc().category.get.query({ id, recurse: true });
+    const [subCategories, files] = await Promise.all([
+      Promise.all(
+        subCategoriesRaw.map(async (category) => {
+          const { dataKey } = await unwrapDataKey(category.dek, masterKey);
+          const name = await decryptString(category.name, category.nameIv, dataKey);
+          return {
+            id: category.id,
+            dataKey: { key: dataKey, version: category.dekVersion },
+            name,
+          };
+        }),
+      ),
+      id !== "root"
+        ? Promise.all(
+            filesRaw!.map(async (file) => {
+              const { dataKey } = await unwrapDataKey(file.dek, masterKey);
+              const [name, createdAt, lastModifiedAt] = await Promise.all([
+                decryptString(file.name, file.nameIv, dataKey),
+                file.createdAt
+                  ? decryptDate(file.createdAt, file.createdAtIv!, dataKey)
+                  : undefined,
+                decryptDate(file.lastModifiedAt, file.lastModifiedAtIv, dataKey),
+              ]);
+              return {
+                id: file.id,
+                dataKey: { key: dataKey, version: file.dekVersion },
+                contentType: file.contentType,
+                name,
+                createdAt,
+                lastModifiedAt,
+                isRecursive: file.isRecursive,
+              };
+            }),
+          )
+        : undefined,
+    ]);
+
+    if (id === "root") {
+      return { id, subCategories };
+    } else {
+      const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
+      const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
+      return {
+        id,
+        dataKey: { key: dataKey, version: metadata!.dekVersion },
+        name,
+        subCategories,
+        files: files!,
+        isFileRecursive: false,
+      };
+    }
+  } catch (e) {
+    if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") {
+      categoryInfoCache.delete(id);
+      await deleteCategoryInfo(id as number);
+      return;
+    }
+    throw new Error("Failed to fetch category information");
+  }
+};

src/lib/modules/key.ts

@@ -0,0 +1,65 @@
+import { z } from "zod";
+import { storeClientKey } from "$lib/indexedDB";
+import type { ClientKeys } from "$lib/stores";
+
+const serializedClientKeysSchema = z.intersection(
+  z.object({
+    generator: z.literal("ArkVault"),
+    exportedAt: z.iso.datetime(),
+  }),
+  z.object({
+    version: z.literal(1),
+    encryptKey: z.base64().nonempty(),
+    decryptKey: z.base64().nonempty(),
+    signKey: z.base64().nonempty(),
+    verifyKey: z.base64().nonempty(),
+  }),
+);
+
+type SerializedClientKeys = z.infer<typeof serializedClientKeysSchema>;
+
+type DeserializedClientKeys = {
+  encryptKeyBase64: string;
+  decryptKeyBase64: string;
+  signKeyBase64: string;
+  verifyKeyBase64: string;
+};
+
+export const serializeClientKeys = ({
+  encryptKeyBase64,
+  decryptKeyBase64,
+  signKeyBase64,
+  verifyKeyBase64,
+}: DeserializedClientKeys) => {
+  return JSON.stringify({
+    version: 1,
+    generator: "ArkVault",
+    exportedAt: new Date().toISOString(),
+    encryptKey: encryptKeyBase64,
+    decryptKey: decryptKeyBase64,
+    signKey: signKeyBase64,
+    verifyKey: verifyKeyBase64,
+  } satisfies SerializedClientKeys);
+};
+
+export const deserializeClientKeys = (serialized: string) => {
+  const zodRes = serializedClientKeysSchema.safeParse(JSON.parse(serialized));
+  if (zodRes.success) {
+    return {
+      encryptKeyBase64: zodRes.data.encryptKey,
+      decryptKeyBase64: zodRes.data.decryptKey,
+      signKeyBase64: zodRes.data.signKey,
+      verifyKeyBase64: zodRes.data.verifyKey,
+    } satisfies DeserializedClientKeys;
+  }
+  return undefined;
+};
+
+export const storeClientKeys = async (clientKeys: ClientKeys) => {
+  await Promise.all([
+    storeClientKey(clientKeys.encryptKey, "encrypt"),
+    storeClientKey(clientKeys.decryptKey, "decrypt"),
+    storeClientKey(clientKeys.signKey, "sign"),
+    storeClientKey(clientKeys.verifyKey, "verify"),
+  ]);
+};

src/lib/modules/opfs.ts

@@ -59,3 +59,39 @@ export const deleteFile = async (path: string) => {
 
   await parentHandle.removeEntry(filename);
 };
+
+const getDirectoryHandle = async (path: string) => {
+  if (!rootHandle) {
+    throw new Error("OPFS not prepared");
+  } else if (path[0] !== "/") {
+    throw new Error("Path must be absolute");
+  }
+
+  const parts = path.split("/");
+  if (parts.length <= 1) {
+    throw new Error("Invalid path");
+  }
+
+  try {
+    let directoryHandle = rootHandle;
+    let parentHandle;
+    for (const part of parts.slice(1)) {
+      if (!part) continue;
+      parentHandle = directoryHandle;
+      directoryHandle = await directoryHandle.getDirectoryHandle(part);
+    }
+    return { directoryHandle, parentHandle };
+  } catch (e) {
+    if (e instanceof DOMException && e.name === "NotFoundError") {
+      return {};
+    }
+    throw e;
+  }
+};
+
+export const deleteDirectory = async (path: string) => {
+  const { directoryHandle, parentHandle } = await getDirectoryHandle(path);
+  if (!parentHandle) return;
+
+  await parentHandle.removeEntry(directoryHandle.name, { recursive: true });
+};

src/lib/modules/thumbnail.ts

@@ -0,0 +1,127 @@
+import { encodeToBase64 } from "$lib/modules/crypto";
+
+const scaleSize = (width: number, height: number, targetSize: number) => {
+  if (width <= targetSize || height <= targetSize) {
+    return { width, height };
+  }
+
+  const scale = targetSize / Math.min(width, height);
+  return {
+    width: Math.round(width * scale),
+    height: Math.round(height * scale),
+  };
+};
+
+const capture = (
+  width: number,
+  height: number,
+  drawer: (context: CanvasRenderingContext2D, width: number, height: number) => void,
+  targetSize = 250,
+) => {
+  return new Promise<Blob>((resolve, reject) => {
+    const canvas = document.createElement("canvas");
+    const { width: scaledWidth, height: scaledHeight } = scaleSize(width, height, targetSize);
+
+    canvas.width = scaledWidth;
+    canvas.height = scaledHeight;
+
+    const context = canvas.getContext("2d");
+    if (!context) {
+      return reject(new Error("Failed to generate thumbnail"));
+    }
+
+    drawer(context, scaledWidth, scaledHeight);
+    canvas.toBlob((blob) => {
+      if (blob && blob.type === "image/webp") {
+        resolve(blob);
+      } else {
+        reject(new Error("Failed to generate thumbnail"));
+      }
+    }, "image/webp");
+  });
+};
+
+const generateImageThumbnail = (imageUrl: string) => {
+  return new Promise<Blob>((resolve, reject) => {
+    const image = new Image();
+    image.onload = () => {
+      capture(image.width, image.height, (context, width, height) => {
+        context.drawImage(image, 0, 0, width, height);
+      })
+        .then(resolve)
+        .catch(reject);
+    };
+    image.onerror = reject;
+
+    image.src = imageUrl;
+  });
+};
+
+export const captureVideoThumbnail = (video: HTMLVideoElement) => {
+  return capture(video.videoWidth, video.videoHeight, (context, width, height) => {
+    context.drawImage(video, 0, 0, width, height);
+  });
+};
+
+const generateVideoThumbnail = (videoUrl: string, time = 0) => {
+  return new Promise<Blob>((resolve, reject) => {
+    const video = document.createElement("video");
+    video.onloadedmetadata = () => {
+      if (video.videoWidth === 0 || video.videoHeight === 0) {
+        return reject();
+      }
+
+      const callbackId = video.requestVideoFrameCallback(() => {
+        captureVideoThumbnail(video).then(resolve).catch(reject);
+        video.cancelVideoFrameCallback(callbackId);
+      });
+      video.currentTime = Math.min(time, video.duration);
+    };
+    video.onerror = reject;
+
+    video.muted = true;
+    video.playsInline = true;
+    video.src = videoUrl;
+  });
+};
+
+export const generateThumbnail = async (fileBuffer: ArrayBuffer, fileType: string) => {
+  let url;
+  try {
+    if (fileType.startsWith("image/")) {
+      const fileBlob = new Blob([fileBuffer], { type: fileType });
+      url = URL.createObjectURL(fileBlob);
+
+      try {
+        return await generateImageThumbnail(url);
+      } catch {
+        URL.revokeObjectURL(url);
+        url = undefined;
+
+        if (fileType === "image/heic") {
+          const { default: heic2any } = await import("heic2any");
+          url = URL.createObjectURL(
+            (await heic2any({ blob: fileBlob, toType: "image/png" })) as Blob,
+          );
+          return await generateImageThumbnail(url);
+        } else {
+          return null;
+        }
+      }
+    } else if (fileType.startsWith("video/")) {
+      url = URL.createObjectURL(new Blob([fileBuffer], { type: fileType }));
+      return await generateVideoThumbnail(url);
+    }
+    return null;
+  } catch {
+    return null;
+  } finally {
+    if (url) {
+      URL.revokeObjectURL(url);
+    }
+  }
+};
+
+export const getThumbnailUrl = (thumbnailBuffer: ArrayBuffer) => {
+  return `data:image/webp;base64,${encodeToBase64(thumbnailBuffer)}`;
+};

src/lib/server/db/category.ts

@@ -2,8 +2,6 @@ import { IntegrityError } from "./error";
 import db from "./kysely";
 import type { Ciphertext } from "./schema";
 
-export type CategoryId = "root" | number;
-
 interface Category {
   id: number;
   parentId: CategoryId;

src/lib/server/db/client.ts

@@ -98,22 +98,6 @@ export const createUserClient = async (userId: number, clientId: number) => {
   }
 };
 
-export const getAllUserClients = async (userId: number) => {
-  const userClients = await db
-    .selectFrom("user_client")
-    .selectAll()
-    .where("user_id", "=", userId)
-    .execute();
-  return userClients.map(
-    ({ user_id, client_id, state }) =>
-      ({
-        userId: user_id,
-        clientId: client_id,
-        state,
-      }) satisfies UserClient,
-  );
-};
-
 export const getUserClient = async (userId: number, clientId: number) => {
   const userClient = await db
     .selectFrom("user_client")
@@ -178,7 +162,7 @@ export const registerUserClientChallenge = async (
   allowedIp: string,
   expiresAt: Date,
 ) => {
-  await db
+  const { id } = await db
     .insertInto("user_client_challenge")
     .values({
       user_id: userId,
@@ -187,19 +171,25 @@ export const registerUserClientChallenge = async (
       allowed_ip: allowedIp,
       expires_at: expiresAt,
     })
-    .execute();
+    .returning("id")
+    .executeTakeFirstOrThrow();
+  return { id };
 };
 
-export const consumeUserClientChallenge = async (userId: number, answer: string, ip: string) => {
+export const consumeUserClientChallenge = async (
+  challengeId: number,
+  userId: number,
+  ip: string,
+) => {
   const challenge = await db
     .deleteFrom("user_client_challenge")
+    .where("id", "=", challengeId)
     .where("user_id", "=", userId)
-    .where("answer", "=", answer)
     .where("allowed_ip", "=", ip)
     .where("expires_at", ">", new Date())
-    .returning("client_id")
+    .returning(["client_id", "answer"])
     .executeTakeFirst();
-  return challenge ? { clientId: challenge.client_id } : null;
+  return challenge ? { clientId: challenge.client_id, answer: challenge.answer } : null;
 };
 
 export const cleanupExpiredUserClientChallenges = async () => {

src/lib/server/db/file.ts

@@ -4,8 +4,6 @@ import { IntegrityError } from "./error";
 import db from "./kysely";
 import type { Ciphertext } from "./schema";
 
-export type DirectoryId = "root" | number;
-
 interface Directory {
   id: number;
   parentId: DirectoryId;
@@ -163,16 +161,24 @@ export const unregisterDirectory = async (userId: number, directoryId: number) =
     .setIsolationLevel("repeatable read") // TODO: Sufficient?
     .execute(async (trx) => {
       const unregisterFiles = async (parentId: number) => {
-        return await trx
+        const files = await trx
+          .selectFrom("file")
+          .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
+          .select(["file.id", "file.path", "thumbnail.path as thumbnailPath"])
+          .where("file.parent_id", "=", parentId)
+          .where("file.user_id", "=", userId)
+          .forUpdate("file")
+          .execute();
+        await trx
           .deleteFrom("file")
           .where("parent_id", "=", parentId)
           .where("user_id", "=", userId)
-          .returning(["id", "path"])
           .execute();
+        return files;
       };
       const unregisterDirectoryRecursively = async (
         directoryId: number,
-      ): Promise<{ id: number; path: string }[]> => {
+      ): Promise<{ id: number; path: string; thumbnailPath: string | null }[]> => {
         const files = await unregisterFiles(directoryId);
         const subDirectories = await trx
           .selectFrom("directory")
@@ -298,38 +304,56 @@ export const getAllFilesByCategory = async (
   recurse: boolean,
 ) => {
   const files = await db
-    .withRecursive("cte", (db) =>
+    .withRecursive("category_tree", (db) =>
       db
         .selectFrom("category")
-        .leftJoin("file_category", "category.id", "file_category.category_id")
+        .select(["id", sql<number>`0`.as("depth")])
-        .select(["id", "parent_id", "user_id", "file_category.file_id"])
-        .select(sql<number>`0`.as("depth"))
         .where("id", "=", categoryId)
+        .where("user_id", "=", userId)
         .$if(recurse, (qb) =>
           qb.unionAll((db) =>
             db
               .selectFrom("category")
-              .leftJoin("file_category", "category.id", "file_category.category_id")
+              .innerJoin("category_tree", "category.parent_id", "category_tree.id")
-              .innerJoin("cte", "category.parent_id", "cte.id")
+              .select(["category.id", sql<number>`depth + 1`.as("depth")]),
-              .select([
-                "category.id",
-                "category.parent_id",
-                "category.user_id",
-                "file_category.file_id",
-              ])
-              .select(sql<number>`cte.depth + 1`.as("depth")),
           ),
         ),
     )
-    .selectFrom("cte")
+    .selectFrom("category_tree")
+    .innerJoin("file_category", "category_tree.id", "file_category.category_id")
+    .innerJoin("file", "file_category.file_id", "file.id")
     .select(["file_id", "depth"])
+    .selectAll("file")
     .distinctOn("file_id")
-    .where("user_id", "=", userId)
+    .orderBy("file_id")
-    .where("file_id", "is not", null)
+    .orderBy("depth")
-    .$narrowType<{ file_id: NotNull }>()
-    .orderBy(["file_id", "depth"])
     .execute();
-  return files.map(({ file_id, depth }) => ({ id: file_id, isRecursive: depth > 0 }));
+  return files.map(
+    (file) =>
+      ({
+        id: file.file_id,
+        parentId: file.parent_id ?? "root",
+        userId: file.user_id,
+        path: file.path,
+        mekVersion: file.master_encryption_key_version,
+        encDek: file.encrypted_data_encryption_key,
+        dekVersion: file.data_encryption_key_version,
+        hskVersion: file.hmac_secret_key_version,
+        contentHmac: file.content_hmac,
+        contentType: file.content_type,
+        encContentIv: file.encrypted_content_iv,
+        encContentHash: file.encrypted_content_hash,
+        encName: file.encrypted_name,
+        encCreatedAt: file.encrypted_created_at,
+        encLastModifiedAt: file.encrypted_last_modified_at,
+        isRecursive: file.depth > 0,
+      }) satisfies File & { isRecursive: boolean },
+  );
+};
+
+export const getAllFileIds = async (userId: number) => {
+  const files = await db.selectFrom("file").select("id").where("user_id", "=", userId).execute();
+  return files.map(({ id }) => id);
 };
 
 export const getAllFileIdsByContentHmac = async (
@@ -344,7 +368,7 @@ export const getAllFileIdsByContentHmac = async (
     .where("hmac_secret_key_version", "=", hskVersion)
     .where("content_hmac", "=", contentHmac)
     .execute();
-  return files.map(({ id }) => ({ id }));
+  return files.map(({ id }) => id);
 };
 
 export const getFile = async (userId: number, fileId: number) => {
@@ -416,16 +440,22 @@ export const setFileEncName = async (
 };
 
 export const unregisterFile = async (userId: number, fileId: number) => {
-  const file = await db
+  return await db.transaction().execute(async (trx) => {
-    .deleteFrom("file")
+    const file = await trx
-    .where("id", "=", fileId)
+      .selectFrom("file")
-    .where("user_id", "=", userId)
+      .leftJoin("thumbnail", "file.id", "thumbnail.file_id")
-    .returning("path")
+      .select(["file.path", "thumbnail.path as thumbnailPath"])
+      .where("file.id", "=", fileId)
+      .where("file.user_id", "=", userId)
+      .forUpdate("file")
       .executeTakeFirst();
     if (!file) {
       throw new IntegrityError("File not found");
     }
-  return { path: file.path };
+
+    await trx.deleteFrom("file").where("id", "=", fileId).execute();
+    return file;
+  });
 };
 
 export const addFileToCategory = async (fileId: number, categoryId: number) => {

src/lib/server/db/index.ts

@@ -0,0 +1,10 @@
+export * as CategoryRepo from "./category";
+export * as ClientRepo from "./client";
+export * as FileRepo from "./file";
+export * as HskRepo from "./hsk";
+export * as MediaRepo from "./media";
+export * as MekRepo from "./mek";
+export * as SessionRepo from "./session";
+export * as UserRepo from "./user";
+
+export * from "./error";

src/lib/server/db/media.ts

@@ -0,0 +1,110 @@
+import type { NotNull } from "kysely";
+import { IntegrityError } from "./error";
+import db from "./kysely";
+
+interface Thumbnail {
+  id: number;
+  path: string;
+  updatedAt: Date;
+  encContentIv: string;
+}
+
+interface FileThumbnail extends Thumbnail {
+  fileId: number;
+}
+
+export const updateFileThumbnail = async (
+  userId: number,
+  fileId: number,
+  dekVersion: Date,
+  path: string,
+  encContentIv: string,
+) => {
+  return await db.transaction().execute(async (trx) => {
+    const file = await trx
+      .selectFrom("file")
+      .select("data_encryption_key_version")
+      .where("id", "=", fileId)
+      .where("user_id", "=", userId)
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    if (!file) {
+      throw new IntegrityError("File not found");
+    } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+      throw new IntegrityError("Invalid DEK version");
+    }
+
+    const thumbnail = await trx
+      .selectFrom("thumbnail")
+      .select("path as oldPath")
+      .where("file_id", "=", fileId)
+      .limit(1)
+      .forUpdate()
+      .executeTakeFirst();
+    const now = new Date();
+
+    await trx
+      .insertInto("thumbnail")
+      .values({
+        file_id: fileId,
+        path,
+        updated_at: now,
+        encrypted_content_iv: encContentIv,
+      })
+      .onConflict((oc) =>
+        oc.column("file_id").doUpdateSet({
+          path,
+          updated_at: now,
+          encrypted_content_iv: encContentIv,
+        }),
+      )
+      .execute();
+    return thumbnail?.oldPath ?? null;
+  });
+};
+
+export const getFileThumbnail = async (userId: number, fileId: number) => {
+  const thumbnail = await db
+    .selectFrom("thumbnail")
+    .innerJoin("file", "thumbnail.file_id", "file.id")
+    .selectAll("thumbnail")
+    .where("file.id", "=", fileId)
+    .where("file.user_id", "=", userId)
+    .$narrowType<{ file_id: NotNull }>()
+    .limit(1)
+    .executeTakeFirst();
+  return thumbnail
+    ? ({
+        id: thumbnail.id,
+        fileId: thumbnail.file_id,
+        path: thumbnail.path,
+        encContentIv: thumbnail.encrypted_content_iv,
+        updatedAt: thumbnail.updated_at,
+      } satisfies FileThumbnail)
+    : null;
+};
+
+export const getMissingFileThumbnails = async (userId: number, limit: number = 100) => {
+  const files = await db
+    .selectFrom("file")
+    .select("id")
+    .where("user_id", "=", userId)
+    .where((eb) =>
+      eb.or([eb("content_type", "like", "image/%"), eb("content_type", "like", "video/%")]),
+    )
+    .where((eb) =>
+      eb.not(
+        eb.exists(
+          eb
+            .selectFrom("thumbnail")
+            .select("thumbnail.id")
+            .whereRef("thumbnail.file_id", "=", "file.id")
+            .limit(1),
+        ),
+      ),
+    )
+    .limit(limit)
+    .execute();
+  return files.map(({ id }) => id);
+};

src/lib/server/db/mek.ts

@@ -60,19 +60,6 @@ export const registerInitialMek = async (
   });
 };
 
-export const getInitialMek = async (userId: number) => {
-  const mek = await db
-    .selectFrom("master_encryption_key")
-    .selectAll()
-    .where("user_id", "=", userId)
-    .where("version", "=", 1)
-    .limit(1)
-    .executeTakeFirst();
-  return mek
-    ? ({ userId: mek.user_id, version: mek.version, state: mek.state } satisfies Mek)
-    : null;
-};
-
 export const getAllValidClientMeks = async (userId: number, clientId: number) => {
   const clientMeks = await db
     .selectFrom("client_master_encryption_key")

src/lib/server/db/migrations/1738409340-AddThumbnail.ts

@@ -0,0 +1,31 @@
+import { Kysely, sql } from "kysely";
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const up = async (db: Kysely<any>) => {
+  // media.ts
+  await db.schema
+    .createTable("thumbnail")
+    .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+    .addColumn("directory_id", "integer", (col) =>
+      col.references("directory.id").onDelete("cascade").unique(),
+    )
+    .addColumn("file_id", "integer", (col) =>
+      col.references("file.id").onDelete("cascade").unique(),
+    )
+    .addColumn("category_id", "integer", (col) =>
+      col.references("category.id").onDelete("cascade").unique(),
+    )
+    .addColumn("path", "text", (col) => col.unique().notNull())
+    .addColumn("updated_at", "timestamp(3)", (col) => col.notNull())
+    .addColumn("encrypted_content_iv", "text", (col) => col.notNull())
+    .addCheckConstraint(
+      "thumbnail_ck01",
+      sql`(file_id IS NOT NULL)::integer + (directory_id IS NOT NULL)::integer + (category_id IS NOT NULL)::integer = 1`,
+    )
+    .execute();
+};
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const down = async (db: Kysely<any>) => {
+  await db.schema.dropTable("thumbnail").execute();
+};

src/lib/server/db/migrations/index.ts

@@ -1,7 +1,9 @@
 import * as Initial1737357000 from "./1737357000-Initial";
 import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory";
+import * as AddThumbnail1738409340 from "./1738409340-AddThumbnail";
 
 export default {
   "1737357000-Initial": Initial1737357000,
   "1737422340-AddFileCategory": AddFileCategory1737422340,
+  "1738409340-AddThumbnail": AddThumbnail1738409340,
 };

src/lib/server/db/schema/index.ts

@@ -2,6 +2,7 @@ export * from "./category";
 export * from "./client";
 export * from "./file";
 export * from "./hsk";
+export * from "./media";
 export * from "./mek";
 export * from "./session";
 export * from "./user";

src/lib/server/db/schema/media.ts

@@ -0,0 +1,17 @@
+import type { Generated } from "kysely";
+
+interface ThumbnailTable {
+  id: Generated<number>;
+  directory_id: number | null;
+  file_id: number | null;
+  category_id: number | null;
+  path: string;
+  updated_at: Date;
+  encrypted_content_iv: string; // Base64
+}
+
+declare module "./index" {
+  interface Database {
+    thumbnail: ThumbnailTable;
+  }
+}

src/lib/server/db/session.ts

@@ -5,31 +5,22 @@ import db from "./kysely";
 
 export const createSession = async (
   userId: number,
-  clientId: number | null,
   sessionId: string,
   ip: string | null,
   agent: string | null,
 ) => {
-  try {
   const now = new Date();
   await db
     .insertInto("session")
     .values({
       id: sessionId,
       user_id: userId,
-        client_id: clientId,
       created_at: now,
       last_used_at: now,
       last_used_by_ip: ip || null,
       last_used_by_agent: agent || null,
     })
     .execute();
-  } catch (e) {
-    if (e instanceof pg.DatabaseError && e.code === "23505") {
-      throw new IntegrityError("Session already exists");
-    }
-    throw e;
-  }
 };
 
 export const refreshSession = async (
@@ -55,8 +46,23 @@ export const refreshSession = async (
   return { userId: session.user_id, clientId: session.client_id };
 };
 
-export const upgradeSession = async (sessionId: string, clientId: number) => {
+export const upgradeSession = async (
-  const res = await db
+  userId: number,
+  sessionId: string,
+  clientId: number,
+  force: boolean,
+) => {
+  try {
+    await db.transaction().execute(async (trx) => {
+      if (force) {
+        await trx
+          .deleteFrom("session")
+          .where("id", "!=", sessionId)
+          .where("user_id", "=", userId)
+          .where("client_id", "=", clientId)
+          .execute();
+      }
+      const res = await trx
         .updateTable("session")
         .set({ client_id: clientId })
         .where("id", "=", sessionId)
@@ -65,6 +71,13 @@ export const upgradeSession = async (sessionId: string, clientId: number) => {
       if (res.numUpdatedRows === 0n) {
         throw new IntegrityError("Session not found");
       }
+    });
+  } catch (e) {
+    if (e instanceof pg.DatabaseError && e.code === "23505") {
+      throw new IntegrityError("Session already exists");
+    }
+    throw e;
+  }
 };
 
 export const deleteSession = async (sessionId: string) => {
@@ -94,7 +107,7 @@ export const registerSessionUpgradeChallenge = async (
   expiresAt: Date,
 ) => {
   try {
-    await db
+    const { id } = await db
       .insertInto("session_upgrade_challenge")
       .values({
         session_id: sessionId,
@@ -103,7 +116,9 @@ export const registerSessionUpgradeChallenge = async (
         allowed_ip: allowedIp,
         expires_at: expiresAt,
       })
-      .execute();
+      .returning("id")
+      .executeTakeFirstOrThrow();
+    return { id };
   } catch (e) {
     if (e instanceof pg.DatabaseError && e.code === "23505") {
       throw new IntegrityError("Challenge already registered");
@@ -113,19 +128,19 @@ export const registerSessionUpgradeChallenge = async (
 };
 
 export const consumeSessionUpgradeChallenge = async (
+  challengeId: number,
   sessionId: string,
-  answer: string,
   ip: string,
 ) => {
   const challenge = await db
     .deleteFrom("session_upgrade_challenge")
+    .where("id", "=", challengeId)
     .where("session_id", "=", sessionId)
-    .where("answer", "=", answer)
     .where("allowed_ip", "=", ip)
     .where("expires_at", ">", new Date())
-    .returning("client_id")
+    .returning(["client_id", "answer"])
     .executeTakeFirst();
-  return challenge ? { clientId: challenge.client_id } : null;
+  return challenge ? { clientId: challenge.client_id, answer: challenge.answer } : null;
 };
 
 export const cleanupExpiredSessionUpgradeChallenges = async () => {

src/lib/server/db/user.ts

@@ -27,10 +27,6 @@ export const getUserByEmail = async (email: string) => {
   return user ? (user satisfies User) : null;
 };
 
-export const setUserNickname = async (userId: number, nickname: string) => {
-  await db.updateTable("user").set({ nickname }).where("id", "=", userId).execute();
-};
-
 export const setUserPassword = async (userId: number, password: string) => {
   await db.updateTable("user").set({ password }).where("id", "=", userId).execute();
 };

src/lib/server/loadenv.ts

@@ -25,4 +25,5 @@ export default {
     sessionUpgradeExp: ms(env.SESSION_UPGRADE_CHALLENGE_EXPIRES || "5m"),
   },
   libraryPath: env.LIBRARY_PATH || "library",
+  thumbnailsPath: env.THUMBNAILS_PATH || "thumbnails",
 };

src/lib/server/middlewares/authenticate.ts

@@ -1,12 +1,7 @@
 import { error, redirect, type Handle } from "@sveltejs/kit";
-import { authenticate, AuthenticationError } from "$lib/server/modules/auth";
+import { cookieOptions, authenticate, AuthenticationError } from "$lib/server/modules/auth";
 
 export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
-  const { pathname, search } = event.url;
-  if (pathname === "/api/auth/login") {
-    return await resolve(event);
-  }
-
   try {
     const sessionIdSigned = event.cookies.get("sessionId");
     if (!sessionIdSigned) {
@@ -15,9 +10,11 @@ export const authenticateMiddleware: Handle = async ({ event, resolve }) => {
 
     const { ip, userAgent } = event.locals;
     event.locals.session = await authenticate(sessionIdSigned, ip, userAgent);
+    event.cookies.set("sessionId", sessionIdSigned, cookieOptions);
   } catch (e) {
     if (e instanceof AuthenticationError) {
-      if (pathname === "/auth/login") {
+      const { pathname, search } = event.url;
+      if (pathname === "/auth/login" || pathname.startsWith("/api/trpc")) {
         return await resolve(event);
       } else if (pathname.startsWith("/api")) {
         error(e.status, e.message);

src/lib/server/modules/auth.ts

@@ -1,20 +1,25 @@
 import { error } from "@sveltejs/kit";
-import { getUserClient } from "$lib/server/db/client";
+import { ClientRepo, SessionRepo, IntegrityError } from "$lib/server/db";
-import { IntegrityError } from "$lib/server/db/error";
-import { createSession, refreshSession } from "$lib/server/db/session";
 import env from "$lib/server/loadenv";
-import { issueSessionId, verifySessionId } from "$lib/server/modules/crypto";
+import { verifySessionId } from "$lib/server/modules/crypto";
 
-interface Session {
+export interface Session {
   sessionId: string;
   userId: number;
   clientId?: number;
 }
 
-interface ClientSession extends Session {
+export interface ClientSession extends Session {
   clientId: number;
 }
 
+export type SessionPermission =
+  | "any"
+  | "notClient"
+  | "anyClient"
+  | "pendingClient"
+  | "activeClient";
+
 export class AuthenticationError extends Error {
   constructor(
     public status: 400 | 401,
@@ -25,11 +30,22 @@ export class AuthenticationError extends Error {
   }
 }
 
-export const startSession = async (userId: number, ip: string, userAgent: string) => {
+export class AuthorizationError extends Error {
-  const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
+  constructor(
-  await createSession(userId, null, sessionId, ip, userAgent);
+    public status: 403 | 500,
-  return sessionIdSigned;
+    message: string,
-};
+  ) {
+    super(message);
+    this.name = "AuthorizationError";
+  }
+}
+
+export const cookieOptions = {
+  path: "/",
+  maxAge: env.session.exp / 1000,
+  secure: true,
+  sameSite: "strict",
+} as const;
 
 export const authenticate = async (sessionIdSigned: string, ip: string, userAgent: string) => {
   const sessionId = verifySessionId(sessionIdSigned, env.session.secret);
@@ -38,7 +54,7 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
   }
 
   try {
-    const { userId, clientId } = await refreshSession(sessionId, ip, userAgent);
+    const { userId, clientId } = await SessionRepo.refreshSession(sessionId, ip, userAgent);
     return {
       id: sessionId,
       userId,
@@ -52,34 +68,12 @@ export const authenticate = async (sessionIdSigned: string, ip: string, userAgen
   }
 };
 
-export async function authorize(locals: App.Locals, requiredPermission: "any"): Promise<Session>;
+export const authorizeInternal = async (
-
-export async function authorize(
   locals: App.Locals,
-  requiredPermission: "notClient",
+  requiredPermission: SessionPermission,
-): Promise<Session>;
+): Promise<Session> => {
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "anyClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "pendingClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "activeClient",
-): Promise<ClientSession>;
-
-export async function authorize(
-  locals: App.Locals,
-  requiredPermission: "any" | "notClient" | "anyClient" | "pendingClient" | "activeClient",
-): Promise<Session> {
   if (!locals.session) {
-    error(500, "Unauthenticated");
+    throw new AuthorizationError(500, "Unauthenticated");
   }
 
   const { id: sessionId, userId, clientId } = locals.session;
@@ -89,39 +83,63 @@ export async function authorize(
       break;
     case "notClient":
       if (clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     case "anyClient":
       if (!clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     case "pendingClient": {
       if (!clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
-      const userClient = await getUserClient(userId, clientId);
+      const userClient = await ClientRepo.getUserClient(userId, clientId);
       if (!userClient) {
-        error(500, "Invalid session id");
+        throw new AuthorizationError(500, "Invalid session id");
       } else if (userClient.state !== "pending") {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     }
     case "activeClient": {
       if (!clientId) {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
-      const userClient = await getUserClient(userId, clientId);
+      const userClient = await ClientRepo.getUserClient(userId, clientId);
       if (!userClient) {
-        error(500, "Invalid session id");
+        throw new AuthorizationError(500, "Invalid session id");
       } else if (userClient.state !== "active") {
-        error(403, "Forbidden");
+        throw new AuthorizationError(403, "Forbidden");
       }
       break;
     }
   }
 
   return { sessionId, userId, clientId };
+};
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "any" | "notClient",
+): Promise<Session>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: "anyClient" | "pendingClient" | "activeClient",
+): Promise<ClientSession>;
+
+export async function authorize(
+  locals: App.Locals,
+  requiredPermission: SessionPermission,
+): Promise<Session> {
+  try {
+    return await authorizeInternal(locals, requiredPermission);
+  } catch (e) {
+    if (e instanceof AuthorizationError) {
+      error(e.status, e.message);
+    }
+    throw e;
+  }
 }

src/lib/server/modules/filesystem.ts

@@ -0,0 +1,7 @@
+import { unlink } from "fs/promises";
+
+export const safeUnlink = async (path: string | null | undefined) => {
+  if (path) {
+    await unlink(path).catch(console.error);
+  }
+};

src/lib/server/modules/mek.ts

@@ -1,25 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { getUserClientWithDetails } from "$lib/server/db/client";
-import { getInitialMek } from "$lib/server/db/mek";
-import { verifySignature } from "$lib/server/modules/crypto";
-
-export const isInitialMekNeeded = async (userId: number) => {
-  const initialMek = await getInitialMek(userId);
-  return !initialMek;
-};
-
-export const verifyClientEncMekSig = async (
-  userId: number,
-  clientId: number,
-  version: number,
-  encMek: string,
-  encMekSig: string,
-) => {
-  const userClient = await getUserClientWithDetails(userId, clientId);
-  if (!userClient) {
-    error(500, "Invalid session id");
-  }
-
-  const data = JSON.stringify({ version, key: encMek });
-  return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey);
-};

src/lib/server/schemas/auth.ts

@@ -1,30 +0,0 @@
-import { z } from "zod";
-
-export const passwordChangeRequest = z.object({
-  oldPassword: z.string().trim().nonempty(),
-  newPassword: z.string().trim().nonempty(),
-});
-export type PasswordChangeRequest = z.infer<typeof passwordChangeRequest>;
-
-export const loginRequest = z.object({
-  email: z.string().email(),
-  password: z.string().trim().nonempty(),
-});
-export type LoginRequest = z.infer<typeof loginRequest>;
-
-export const sessionUpgradeRequest = z.object({
-  encPubKey: z.string().base64().nonempty(),
-  sigPubKey: z.string().base64().nonempty(),
-});
-export type SessionUpgradeRequest = z.infer<typeof sessionUpgradeRequest>;
-
-export const sessionUpgradeResponse = z.object({
-  challenge: z.string().base64().nonempty(),
-});
-export type SessionUpgradeResponse = z.infer<typeof sessionUpgradeResponse>;
-
-export const sessionUpgradeVerifyRequest = z.object({
-  answer: z.string().base64().nonempty(),
-  answerSig: z.string().base64().nonempty(),
-});
-export type SessionUpgradeVerifyRequest = z.infer<typeof sessionUpgradeVerifyRequest>;

src/lib/server/schemas/category.ts

@@ -1,55 +1,3 @@
 import { z } from "zod";
 
-export const categoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+export const categoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
-
-export const categoryInfoResponse = z.object({
-  metadata: z
-    .object({
-      parent: categoryIdSchema,
-      mekVersion: z.number().int().positive(),
-      dek: z.string().base64().nonempty(),
-      dekVersion: z.string().datetime(),
-      name: z.string().base64().nonempty(),
-      nameIv: z.string().base64().nonempty(),
-    })
-    .optional(),
-  subCategories: z.number().int().positive().array(),
-});
-export type CategoryInfoResponse = z.infer<typeof categoryInfoResponse>;
-
-export const categoryFileAddRequest = z.object({
-  file: z.number().int().positive(),
-});
-export type CategoryFileAddRequest = z.infer<typeof categoryFileAddRequest>;
-
-export const categoryFileListResponse = z.object({
-  files: z.array(
-    z.object({
-      file: z.number().int().positive(),
-      isRecursive: z.boolean(),
-    }),
-  ),
-});
-export type CategoryFileListResponse = z.infer<typeof categoryFileListResponse>;
-
-export const categoryFileRemoveRequest = z.object({
-  file: z.number().int().positive(),
-});
-export type CategoryFileRemoveRequest = z.infer<typeof categoryFileRemoveRequest>;
-
-export const categoryRenameRequest = z.object({
-  dekVersion: z.string().datetime(),
-  name: z.string().base64().nonempty(),
-  nameIv: z.string().base64().nonempty(),
-});
-export type CategoryRenameRequest = z.infer<typeof categoryRenameRequest>;
-
-export const categoryCreateRequest = z.object({
-  parent: categoryIdSchema,
-  mekVersion: z.number().int().positive(),
-  dek: z.string().base64().nonempty(),
-  dekVersion: z.string().datetime(),
-  name: z.string().base64().nonempty(),
-  nameIv: z.string().base64().nonempty(),
-});
-export type CategoryCreateRequest = z.infer<typeof categoryCreateRequest>;

src/lib/server/schemas/client.ts

@@ -1,35 +0,0 @@
-import { z } from "zod";
-
-export const clientListResponse = z.object({
-  clients: z.array(
-    z.object({
-      id: z.number().int().positive(),
-      state: z.enum(["pending", "active"]),
-    }),
-  ),
-});
-export type ClientListResponse = z.infer<typeof clientListResponse>;
-
-export const clientRegisterRequest = z.object({
-  encPubKey: z.string().base64().nonempty(),
-  sigPubKey: z.string().base64().nonempty(),
-});
-export type ClientRegisterRequest = z.infer<typeof clientRegisterRequest>;
-
-export const clientRegisterResponse = z.object({
-  challenge: z.string().base64().nonempty(),
-});
-export type ClientRegisterResponse = z.infer<typeof clientRegisterResponse>;
-
-export const clientRegisterVerifyRequest = z.object({
-  answer: z.string().base64().nonempty(),
-  answerSig: z.string().base64().nonempty(),
-});
-export type ClientRegisterVerifyRequest = z.infer<typeof clientRegisterVerifyRequest>;
-
-export const clientStatusResponse = z.object({
-  id: z.number().int().positive(),
-  state: z.enum(["pending", "active"]),
-  isInitialMekNeeded: z.boolean(),
-});
-export type ClientStatusResponse = z.infer<typeof clientStatusResponse>;

src/lib/server/schemas/directory.ts

@@ -1,41 +1,3 @@
 import { z } from "zod";
 
-export const directoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+export const directoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
-
-export const directoryInfoResponse = z.object({
-  metadata: z
-    .object({
-      parent: directoryIdSchema,
-      mekVersion: z.number().int().positive(),
-      dek: z.string().base64().nonempty(),
-      dekVersion: z.string().datetime(),
-      name: z.string().base64().nonempty(),
-      nameIv: z.string().base64().nonempty(),
-    })
-    .optional(),
-  subDirectories: z.number().int().positive().array(),
-  files: z.number().int().positive().array(),
-});
-export type DirectoryInfoResponse = z.infer<typeof directoryInfoResponse>;
-
-export const directoryDeleteResponse = z.object({
-  deletedFiles: z.number().int().positive().array(),
-});
-export type DirectoryDeleteResponse = z.infer<typeof directoryDeleteResponse>;
-
-export const directoryRenameRequest = z.object({
-  dekVersion: z.string().datetime(),
-  name: z.string().base64().nonempty(),
-  nameIv: z.string().base64().nonempty(),
-});
-export type DirectoryRenameRequest = z.infer<typeof directoryRenameRequest>;
-
-export const directoryCreateRequest = z.object({
-  parent: directoryIdSchema,
-  mekVersion: z.number().int().positive(),
-  dek: z.string().base64().nonempty(),
-  dekVersion: z.string().datetime(),
-  name: z.string().base64().nonempty(),
-  nameIv: z.string().base64().nonempty(),
-});
-export type DirectoryCreateRequest = z.infer<typeof directoryCreateRequest>;

src/lib/server/schemas/file.ts

@@ -2,68 +2,35 @@ import mime from "mime";
 import { z } from "zod";
 import { directoryIdSchema } from "./directory";
 
-export const fileInfoResponse = z.object({
+export const fileThumbnailUploadRequest = z.object({
-  parent: directoryIdSchema,
+  dekVersion: z.iso.datetime(),
-  mekVersion: z.number().int().positive(),
+  contentIv: z.base64().nonempty(),
-  dek: z.string().base64().nonempty(),
-  dekVersion: z.string().datetime(),
-  contentType: z
-    .string()
-    .trim()
-    .nonempty()
-    .refine((value) => mime.getExtension(value) !== null), // MIME type
-  contentIv: z.string().base64().nonempty(),
-  name: z.string().base64().nonempty(),
-  nameIv: z.string().base64().nonempty(),
-  createdAt: z.string().base64().nonempty().optional(),
-  createdAtIv: z.string().base64().nonempty().optional(),
-  lastModifiedAt: z.string().base64().nonempty(),
-  lastModifiedAtIv: z.string().base64().nonempty(),
-  categories: z.number().int().positive().array(),
 });
-export type FileInfoResponse = z.infer<typeof fileInfoResponse>;
+export type FileThumbnailUploadRequest = z.input<typeof fileThumbnailUploadRequest>;
-
-export const fileRenameRequest = z.object({
-  dekVersion: z.string().datetime(),
-  name: z.string().base64().nonempty(),
-  nameIv: z.string().base64().nonempty(),
-});
-export type FileRenameRequest = z.infer<typeof fileRenameRequest>;
-
-export const duplicateFileScanRequest = z.object({
-  hskVersion: z.number().int().positive(),
-  contentHmac: z.string().base64().nonempty(),
-});
-export type DuplicateFileScanRequest = z.infer<typeof duplicateFileScanRequest>;
-
-export const duplicateFileScanResponse = z.object({
-  files: z.number().int().positive().array(),
-});
-export type DuplicateFileScanResponse = z.infer<typeof duplicateFileScanResponse>;
 
 export const fileUploadRequest = z.object({
   parent: directoryIdSchema,
-  mekVersion: z.number().int().positive(),
+  mekVersion: z.int().positive(),
-  dek: z.string().base64().nonempty(),
+  dek: z.base64().nonempty(),
-  dekVersion: z.string().datetime(),
+  dekVersion: z.iso.datetime(),
-  hskVersion: z.number().int().positive(),
+  hskVersion: z.int().positive(),
-  contentHmac: z.string().base64().nonempty(),
+  contentHmac: z.base64().nonempty(),
   contentType: z
     .string()
     .trim()
     .nonempty()
     .refine((value) => mime.getExtension(value) !== null), // MIME type
-  contentIv: z.string().base64().nonempty(),
+  contentIv: z.base64().nonempty(),
-  name: z.string().base64().nonempty(),
+  name: z.base64().nonempty(),
-  nameIv: z.string().base64().nonempty(),
+  nameIv: z.base64().nonempty(),
-  createdAt: z.string().base64().nonempty().optional(),
+  createdAt: z.base64().nonempty().optional(),
-  createdAtIv: z.string().base64().nonempty().optional(),
+  createdAtIv: z.base64().nonempty().optional(),
-  lastModifiedAt: z.string().base64().nonempty(),
+  lastModifiedAt: z.base64().nonempty(),
-  lastModifiedAtIv: z.string().base64().nonempty(),
+  lastModifiedAtIv: z.base64().nonempty(),
 });
-export type FileUploadRequest = z.infer<typeof fileUploadRequest>;
+export type FileUploadRequest = z.input<typeof fileUploadRequest>;
 
 export const fileUploadResponse = z.object({
-  file: z.number().int().positive(),
+  file: z.int().positive(),
 });
-export type FileUploadResponse = z.infer<typeof fileUploadResponse>;
+export type FileUploadResponse = z.output<typeof fileUploadResponse>;

src/lib/server/schemas/hsk.ts

@@ -1,19 +0,0 @@
-import { z } from "zod";
-
-export const hmacSecretListResponse = z.object({
-  hsks: z.array(
-    z.object({
-      version: z.number().int().positive(),
-      state: z.enum(["active"]),
-      mekVersion: z.number().int().positive(),
-      hsk: z.string().base64().nonempty(),
-    }),
-  ),
-});
-export type HmacSecretListResponse = z.infer<typeof hmacSecretListResponse>;
-
-export const initialHmacSecretRegisterRequest = z.object({
-  mekVersion: z.number().int().positive(),
-  hsk: z.string().base64().nonempty(),
-});
-export type InitialHmacSecretRegisterRequest = z.infer<typeof initialHmacSecretRegisterRequest>;

src/lib/server/schemas/index.ts

@@ -1,8 +1,3 @@
-export * from "./auth";
 export * from "./category";
-export * from "./client";
 export * from "./directory";
 export * from "./file";
-export * from "./hsk";
-export * from "./mek";
-export * from "./user";

src/lib/server/schemas/mek.ts

@@ -1,19 +0,0 @@
-import { z } from "zod";
-
-export const masterKeyListResponse = z.object({
-  meks: z.array(
-    z.object({
-      version: z.number().int().positive(),
-      state: z.enum(["active", "retired"]),
-      mek: z.string().base64().nonempty(),
-      mekSig: z.string().base64().nonempty(),
-    }),
-  ),
-});
-export type MasterKeyListResponse = z.infer<typeof masterKeyListResponse>;
-
-export const initialMasterKeyRegisterRequest = z.object({
-  mek: z.string().base64().nonempty(),
-  mekSig: z.string().base64().nonempty(),
-});
-export type InitialMasterKeyRegisterRequest = z.infer<typeof initialMasterKeyRegisterRequest>;

src/lib/server/schemas/user.ts

@@ -1,12 +0,0 @@
-import { z } from "zod";
-
-export const userInfoResponse = z.object({
-  email: z.string().email(),
-  nickname: z.string().nonempty(),
-});
-export type UserInfoResponse = z.infer<typeof userInfoResponse>;
-
-export const nicknameChangeRequest = z.object({
-  newNickname: z.string().trim().min(2).max(8),
-});
-export type NicknameChangeRequest = z.infer<typeof nicknameChangeRequest>;

src/lib/server/services/auth.ts

@@ -1,121 +0,0 @@
-import { error } from "@sveltejs/kit";
-import argon2 from "argon2";
-import { getClient, getClientByPubKeys, getUserClient } from "$lib/server/db/client";
-import { IntegrityError } from "$lib/server/db/error";
-import {
-  upgradeSession,
-  deleteSession,
-  deleteAllOtherSessions,
-  registerSessionUpgradeChallenge,
-  consumeSessionUpgradeChallenge,
-} from "$lib/server/db/session";
-import { getUser, getUserByEmail, setUserPassword } from "$lib/server/db/user";
-import env from "$lib/server/loadenv";
-import { startSession } from "$lib/server/modules/auth";
-import { verifySignature, generateChallenge } from "$lib/server/modules/crypto";
-
-const hashPassword = async (password: string) => {
-  return await argon2.hash(password);
-};
-
-const verifyPassword = async (hash: string, password: string) => {
-  return await argon2.verify(hash, password);
-};
-
-export const changePassword = async (
-  userId: number,
-  sessionId: string,
-  oldPassword: string,
-  newPassword: string,
-) => {
-  if (oldPassword === newPassword) {
-    error(400, "Same passwords");
-  } else if (newPassword.length < 8) {
-    error(400, "Too short password");
-  }
-
-  const user = await getUser(userId);
-  if (!user) {
-    error(500, "Invalid session id");
-  } else if (!(await verifyPassword(user.password, oldPassword))) {
-    error(403, "Invalid password");
-  }
-
-  await setUserPassword(userId, await hashPassword(newPassword));
-  await deleteAllOtherSessions(userId, sessionId);
-};
-
-export const login = async (email: string, password: string, ip: string, userAgent: string) => {
-  const user = await getUserByEmail(email);
-  if (!user || !(await verifyPassword(user.password, password))) {
-    error(401, "Invalid email or password");
-  }
-
-  try {
-    return { sessionIdSigned: await startSession(user.id, ip, userAgent) };
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Session already exists") {
-      error(403, "Already logged in");
-    }
-    throw e;
-  }
-};
-
-export const logout = async (sessionId: string) => {
-  await deleteSession(sessionId);
-};
-
-export const createSessionUpgradeChallenge = async (
-  sessionId: string,
-  userId: number,
-  ip: string,
-  encPubKey: string,
-  sigPubKey: string,
-) => {
-  const client = await getClientByPubKeys(encPubKey, sigPubKey);
-  const userClient = client ? await getUserClient(userId, client.id) : undefined;
-  if (!client) {
-    error(401, "Invalid public key(s)");
-  } else if (!userClient || userClient.state === "challenging") {
-    error(403, "Unregistered client");
-  }
-
-  const { answer, challenge } = await generateChallenge(32, encPubKey);
-  await registerSessionUpgradeChallenge(
-    sessionId,
-    client.id,
-    answer.toString("base64"),
-    ip,
-    new Date(Date.now() + env.challenge.sessionUpgradeExp),
-  );
-
-  return { challenge: challenge.toString("base64") };
-};
-
-export const verifySessionUpgradeChallenge = async (
-  sessionId: string,
-  ip: string,
-  answer: string,
-  answerSig: string,
-) => {
-  const challenge = await consumeSessionUpgradeChallenge(sessionId, answer, ip);
-  if (!challenge) {
-    error(403, "Invalid challenge answer");
-  }
-
-  const client = await getClient(challenge.clientId);
-  if (!client) {
-    error(500, "Invalid challenge answer");
-  } else if (!verifySignature(Buffer.from(answer, "base64"), answerSig, client.sigPubKey)) {
-    error(403, "Invalid challenge answer signature");
-  }
-
-  try {
-    await upgradeSession(sessionId, client.id);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Session not found") {
-      error(500, "Invalid challenge answer");
-    }
-    throw e;
-  }
-};

src/lib/server/services/category.ts

@@ -1,133 +0,0 @@
-import { error } from "@sveltejs/kit";
-import {
-  registerCategory,
-  getAllCategoriesByParent,
-  getCategory,
-  setCategoryEncName,
-  unregisterCategory,
-  type CategoryId,
-  type NewCategory,
-} from "$lib/server/db/category";
-import { IntegrityError } from "$lib/server/db/error";
-import {
-  getAllFilesByCategory,
-  getFile,
-  addFileToCategory,
-  removeFileFromCategory,
-} from "$lib/server/db/file";
-import type { Ciphertext } from "$lib/server/db/schema";
-
-export const getCategoryInformation = async (userId: number, categoryId: CategoryId) => {
-  const category = categoryId !== "root" ? await getCategory(userId, categoryId) : undefined;
-  if (category === null) {
-    error(404, "Invalid category id");
-  }
-
-  const categories = await getAllCategoriesByParent(userId, categoryId);
-  return {
-    metadata: category && {
-      parentId: category.parentId ?? ("root" as const),
-      mekVersion: category.mekVersion,
-      encDek: category.encDek,
-      dekVersion: category.dekVersion,
-      encName: category.encName,
-    },
-    categories: categories.map(({ id }) => id),
-  };
-};
-
-export const deleteCategory = async (userId: number, categoryId: number) => {
-  try {
-    await unregisterCategory(userId, categoryId);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Category not found") {
-      error(404, "Invalid category id");
-    }
-    throw e;
-  }
-};
-
-export const addCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
-  const category = await getCategory(userId, categoryId);
-  const file = await getFile(userId, fileId);
-  if (!category) {
-    error(404, "Invalid category id");
-  } else if (!file) {
-    error(404, "Invalid file id");
-  }
-
-  try {
-    await addFileToCategory(fileId, categoryId);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "File already added to category") {
-      error(400, "File already added");
-    }
-    throw e;
-  }
-};
-
-export const getCategoryFiles = async (userId: number, categoryId: number, recurse: boolean) => {
-  const category = await getCategory(userId, categoryId);
-  if (!category) {
-    error(404, "Invalid category id");
-  }
-
-  const files = await getAllFilesByCategory(userId, categoryId, recurse);
-  return { files };
-};
-
-export const removeCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
-  const category = await getCategory(userId, categoryId);
-  const file = await getFile(userId, fileId);
-  if (!category) {
-    error(404, "Invalid category id");
-  } else if (!file) {
-    error(404, "Invalid file id");
-  }
-
-  try {
-    await removeFileFromCategory(fileId, categoryId);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "File not found in category") {
-      error(400, "File not added");
-    }
-    throw e;
-  }
-};
-
-export const renameCategory = async (
-  userId: number,
-  categoryId: number,
-  dekVersion: Date,
-  newEncName: Ciphertext,
-) => {
-  try {
-    await setCategoryEncName(userId, categoryId, dekVersion, newEncName);
-  } catch (e) {
-    if (e instanceof IntegrityError) {
-      if (e.message === "Category not found") {
-        error(404, "Invalid category id");
-      } else if (e.message === "Invalid DEK version") {
-        error(400, "Invalid DEK version");
-      }
-    }
-    throw e;
-  }
-};
-
-export const createCategory = async (params: NewCategory) => {
-  const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
-  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
-  if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
-    error(400, "Invalid DEK version");
-  }
-
-  try {
-    await registerCategory(params);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
-      error(400, "Inactive MEK version");
-    }
-    throw e;
-  }
-};

src/lib/server/services/client.ts

@@ -1,108 +0,0 @@
-import { error } from "@sveltejs/kit";
-import {
-  createClient,
-  getClient,
-  getClientByPubKeys,
-  createUserClient,
-  getAllUserClients,
-  getUserClient,
-  setUserClientStateToPending,
-  registerUserClientChallenge,
-  consumeUserClientChallenge,
-} from "$lib/server/db/client";
-import { IntegrityError } from "$lib/server/db/error";
-import { verifyPubKey, verifySignature, generateChallenge } from "$lib/server/modules/crypto";
-import { isInitialMekNeeded } from "$lib/server/modules/mek";
-import env from "$lib/server/loadenv";
-
-export const getUserClientList = async (userId: number) => {
-  const userClients = await getAllUserClients(userId);
-  return {
-    userClients: userClients.map(({ clientId, state }) => ({
-      id: clientId,
-      state: state as "pending" | "active",
-    })),
-  };
-};
-
-const expiresAt = () => new Date(Date.now() + env.challenge.userClientExp);
-
-const createUserClientChallenge = async (
-  ip: string,
-  userId: number,
-  clientId: number,
-  encPubKey: string,
-) => {
-  const { answer, challenge } = await generateChallenge(32, encPubKey);
-  await registerUserClientChallenge(userId, clientId, answer.toString("base64"), ip, expiresAt());
-  return challenge.toString("base64");
-};
-
-export const registerUserClient = async (
-  userId: number,
-  ip: string,
-  encPubKey: string,
-  sigPubKey: string,
-) => {
-  const client = await getClientByPubKeys(encPubKey, sigPubKey);
-  if (client) {
-    try {
-      await createUserClient(userId, client.id);
-      return { challenge: await createUserClientChallenge(ip, userId, client.id, encPubKey) };
-    } catch (e) {
-      if (e instanceof IntegrityError && e.message === "User client already exists") {
-        error(409, "Client already registered");
-      }
-      throw e;
-    }
-  } else {
-    if (encPubKey === sigPubKey) {
-      error(400, "Same public keys");
-    } else if (!verifyPubKey(encPubKey) || !verifyPubKey(sigPubKey)) {
-      error(400, "Invalid public key(s)");
-    }
-
-    try {
-      const { id: clientId } = await createClient(encPubKey, sigPubKey, userId);
-      return { challenge: await createUserClientChallenge(ip, userId, clientId, encPubKey) };
-    } catch (e) {
-      if (e instanceof IntegrityError && e.message === "Public key(s) already registered") {
-        error(409, "Public key(s) already used");
-      }
-      throw e;
-    }
-  }
-};
-
-export const verifyUserClient = async (
-  userId: number,
-  ip: string,
-  answer: string,
-  answerSig: string,
-) => {
-  const challenge = await consumeUserClientChallenge(userId, answer, ip);
-  if (!challenge) {
-    error(403, "Invalid challenge answer");
-  }
-
-  const client = await getClient(challenge.clientId);
-  if (!client) {
-    error(500, "Invalid challenge answer");
-  } else if (!verifySignature(Buffer.from(answer, "base64"), answerSig, client.sigPubKey)) {
-    error(403, "Invalid challenge answer signature");
-  }
-
-  await setUserClientStateToPending(userId, client.id);
-};
-
-export const getUserClientStatus = async (userId: number, clientId: number) => {
-  const userClient = await getUserClient(userId, clientId);
-  if (!userClient) {
-    error(500, "Invalid session id");
-  }
-
-  return {
-    state: userClient.state as "pending" | "active",
-    isInitialMekNeeded: await isInitialMekNeeded(userId),
-  };
-};

src/lib/server/services/directory.ts

@@ -1,89 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { unlink } from "fs/promises";
-import { IntegrityError } from "$lib/server/db/error";
-import {
-  registerDirectory,
-  getAllDirectoriesByParent,
-  getDirectory,
-  setDirectoryEncName,
-  unregisterDirectory,
-  getAllFilesByParent,
-  type DirectoryId,
-  type NewDirectory,
-} from "$lib/server/db/file";
-import type { Ciphertext } from "$lib/server/db/schema";
-
-export const getDirectoryInformation = async (userId: number, directoryId: DirectoryId) => {
-  const directory = directoryId !== "root" ? await getDirectory(userId, directoryId) : undefined;
-  if (directory === null) {
-    error(404, "Invalid directory id");
-  }
-
-  const directories = await getAllDirectoriesByParent(userId, directoryId);
-  const files = await getAllFilesByParent(userId, directoryId);
-  return {
-    metadata: directory && {
-      parentId: directory.parentId ?? ("root" as const),
-      mekVersion: directory.mekVersion,
-      encDek: directory.encDek,
-      dekVersion: directory.dekVersion,
-      encName: directory.encName,
-    },
-    directories: directories.map(({ id }) => id),
-    files: files.map(({ id }) => id),
-  };
-};
-
-export const deleteDirectory = async (userId: number, directoryId: number) => {
-  try {
-    const files = await unregisterDirectory(userId, directoryId);
-    return {
-      files: files.map(({ id, path }) => {
-        unlink(path); // Intended
-        return id;
-      }),
-    };
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Directory not found") {
-      error(404, "Invalid directory id");
-    }
-    throw e;
-  }
-};
-
-export const renameDirectory = async (
-  userId: number,
-  directoryId: number,
-  dekVersion: Date,
-  newEncName: Ciphertext,
-) => {
-  try {
-    await setDirectoryEncName(userId, directoryId, dekVersion, newEncName);
-  } catch (e) {
-    if (e instanceof IntegrityError) {
-      if (e.message === "Directory not found") {
-        error(404, "Invalid directory id");
-      } else if (e.message === "Invalid DEK version") {
-        error(400, "Invalid DEK version");
-      }
-    }
-    throw e;
-  }
-};
-
-export const createDirectory = async (params: NewDirectory) => {
-  const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
-  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
-  if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
-    error(400, "Invalid DEK version");
-  }
-
-  try {
-    await registerDirectory(params);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
-      error(400, "Invalid MEK version");
-    }
-    throw e;
-  }
-};

src/lib/server/services/file.ts

@@ -1,59 +1,17 @@
 import { error } from "@sveltejs/kit";
 import { createHash } from "crypto";
 import { createReadStream, createWriteStream } from "fs";
-import { mkdir, stat, unlink } from "fs/promises";
+import { mkdir, stat } from "fs/promises";
 import { dirname } from "path";
 import { Readable } from "stream";
 import { pipeline } from "stream/promises";
 import { v4 as uuidv4 } from "uuid";
-import { IntegrityError } from "$lib/server/db/error";
+import { FileRepo, MediaRepo, IntegrityError } from "$lib/server/db";
-import {
-  registerFile,
-  getAllFileIdsByContentHmac,
-  getFile,
-  setFileEncName,
-  unregisterFile,
-  getAllFileCategories,
-  type NewFile,
-} from "$lib/server/db/file";
-import type { Ciphertext } from "$lib/server/db/schema";
 import env from "$lib/server/loadenv";
-
+import { safeUnlink } from "$lib/server/modules/filesystem";
-export const getFileInformation = async (userId: number, fileId: number) => {
-  const file = await getFile(userId, fileId);
-  if (!file) {
-    error(404, "Invalid file id");
-  }
-
-  const categories = await getAllFileCategories(fileId);
-  return {
-    parentId: file.parentId ?? ("root" as const),
-    mekVersion: file.mekVersion,
-    encDek: file.encDek,
-    dekVersion: file.dekVersion,
-    contentType: file.contentType,
-    encContentIv: file.encContentIv,
-    encName: file.encName,
-    encCreatedAt: file.encCreatedAt,
-    encLastModifiedAt: file.encLastModifiedAt,
-    categories: categories.map(({ id }) => id),
-  };
-};
-
-export const deleteFile = async (userId: number, fileId: number) => {
-  try {
-    const { path } = await unregisterFile(userId, fileId);
-    unlink(path); // Intended
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "File not found") {
-      error(404, "Invalid file id");
-    }
-    throw e;
-  }
-};
 
 export const getFileStream = async (userId: number, fileId: number) => {
-  const file = await getFile(userId, fileId);
+  const file = await FileRepo.getFile(userId, fileId);
   if (!file) {
     error(404, "Invalid file id");
   }
@@ -65,41 +23,56 @@ export const getFileStream = async (userId: number, fileId: number) => {
   };
 };
 
-export const renameFile = async (
+export const getFileThumbnailStream = async (userId: number, fileId: number) => {
+  const thumbnail = await MediaRepo.getFileThumbnail(userId, fileId);
+  if (!thumbnail) {
+    error(404, "File or its thumbnail not found");
+  }
+
+  const { size } = await stat(thumbnail.path);
+  return {
+    encContentStream: Readable.toWeb(createReadStream(thumbnail.path)),
+    encContentSize: size,
+  };
+};
+
+export const uploadFileThumbnail = async (
   userId: number,
   fileId: number,
   dekVersion: Date,
-  newEncName: Ciphertext,
+  encContentIv: string,
+  encContentStream: Readable,
 ) => {
+  const path = `${env.thumbnailsPath}/${userId}/${uuidv4()}`;
+  await mkdir(dirname(path), { recursive: true });
+
   try {
-    await setFileEncName(userId, fileId, dekVersion, newEncName);
+    await pipeline(encContentStream, createWriteStream(path, { flags: "wx", mode: 0o600 }));
+
+    const oldPath = await MediaRepo.updateFileThumbnail(
+      userId,
+      fileId,
+      dekVersion,
+      path,
+      encContentIv,
+    );
+    safeUnlink(oldPath); // Intended
   } catch (e) {
+    await safeUnlink(path);
+
     if (e instanceof IntegrityError) {
       if (e.message === "File not found") {
-        error(404, "Invalid file id");
+        error(404, "File not found");
       } else if (e.message === "Invalid DEK version") {
-        error(400, "Invalid DEK version");
+        error(400, "Mismatched DEK version");
       }
     }
     throw e;
   }
 };
 
-export const scanDuplicateFiles = async (
-  userId: number,
-  hskVersion: number,
-  contentHmac: string,
-) => {
-  const fileIds = await getAllFileIdsByContentHmac(userId, hskVersion, contentHmac);
-  return { files: fileIds.map(({ id }) => id) };
-};
-
-const safeUnlink = async (path: string) => {
-  await unlink(path).catch(console.error);
-};
-
 export const uploadFile = async (
-  params: Omit<NewFile, "path" | "encContentHash">,
+  params: Omit<FileRepo.NewFile, "path" | "encContentHash">,
   encContentStream: Readable,
   encContentHash: Promise<string>,
 ) => {
@@ -131,7 +104,7 @@ export const uploadFile = async (
       throw new Error("Invalid checksum");
     }
 
-    const { id: fileId } = await registerFile({
+    const { id: fileId } = await FileRepo.registerFile({
       ...params,
       path,
       encContentHash: hash,

src/lib/server/services/hsk.ts

@@ -1,31 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { IntegrityError } from "$lib/server/db/error";
-import { registerInitialHsk, getAllValidHsks } from "$lib/server/db/hsk";
-
-export const getHskList = async (userId: number) => {
-  const hsks = await getAllValidHsks(userId);
-  return {
-    encHsks: hsks.map(({ version, state, mekVersion, encHsk }) => ({
-      version,
-      state,
-      mekVersion,
-      encHsk,
-    })),
-  };
-};
-
-export const registerInitialActiveHsk = async (
-  userId: number,
-  createdBy: number,
-  mekVersion: number,
-  encHsk: string,
-) => {
-  try {
-    await registerInitialHsk(userId, createdBy, mekVersion, encHsk);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "HSK already registered") {
-      error(409, "Initial HSK already registered");
-    }
-    throw e;
-  }
-};

src/lib/server/services/mek.ts

@@ -1,38 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { setUserClientStateToActive } from "$lib/server/db/client";
-import { IntegrityError } from "$lib/server/db/error";
-import { registerInitialMek, getAllValidClientMeks } from "$lib/server/db/mek";
-import { verifyClientEncMekSig } from "$lib/server/modules/mek";
-
-export const getClientMekList = async (userId: number, clientId: number) => {
-  const clientMeks = await getAllValidClientMeks(userId, clientId);
-  return {
-    encMeks: clientMeks.map(({ version, state, encMek, encMekSig }) => ({
-      version,
-      state,
-      encMek,
-      encMekSig,
-    })),
-  };
-};
-
-export const registerInitialActiveMek = async (
-  userId: number,
-  createdBy: number,
-  encMek: string,
-  encMekSig: string,
-) => {
-  if (!(await verifyClientEncMekSig(userId, createdBy, 1, encMek, encMekSig))) {
-    error(400, "Invalid signature");
-  }
-
-  try {
-    await registerInitialMek(userId, createdBy, encMek, encMekSig);
-    await setUserClientStateToActive(userId, createdBy);
-  } catch (e) {
-    if (e instanceof IntegrityError && e.message === "MEK already registered") {
-      error(409, "Initial MEK already registered");
-    }
-    throw e;
-  }
-};

src/lib/server/services/user.ts

@@ -1,15 +0,0 @@
-import { error } from "@sveltejs/kit";
-import { getUser, setUserNickname } from "$lib/server/db/user";
-
-export const getUserInformation = async (userId: number) => {
-  const user = await getUser(userId);
-  if (!user) {
-    error(500, "Invalid session id");
-  }
-
-  return { email: user.email, nickname: user.nickname };
-};
-
-export const changeNickname = async (userId: number, nickname: string) => {
-  await setUserNickname(userId, nickname);
-};

src/lib/services/auth.ts

@@ -1,30 +1,50 @@
-import { callPostApi } from "$lib/hooks";
 import { encodeToBase64, decryptChallenge, signMessageRSA } from "$lib/modules/crypto";
-import type {
+import { trpc, isTRPCClientError } from "$trpc/client";
-  SessionUpgradeRequest,
-  SessionUpgradeResponse,
-  SessionUpgradeVerifyRequest,
-} from "$lib/server/schemas";
 
 export const requestSessionUpgrade = async (
   encryptKeyBase64: string,
   decryptKey: CryptoKey,
   verifyKeyBase64: string,
   signKey: CryptoKey,
+  force = false,
 ) => {
-  let res = await callPostApi<SessionUpgradeRequest>("/api/auth/upgradeSession", {
+  let id, challenge;
+  try {
+    ({ id, challenge } = await trpc().auth.upgrade.mutate({
       encPubKey: encryptKeyBase64,
       sigPubKey: verifyKeyBase64,
-  });
+    }));
-  if (!res.ok) return false;
+  } catch (e) {
-
+    if (isTRPCClientError(e) && e.data?.code === "FORBIDDEN") {
-  const { challenge }: SessionUpgradeResponse = await res.json();
+      return [false, "Unregistered client"] as const;
+    }
+    return [false] as const;
+  }
   const answer = await decryptChallenge(challenge, decryptKey);
   const answerSig = await signMessageRSA(answer, signKey);
 
-  res = await callPostApi<SessionUpgradeVerifyRequest>("/api/auth/upgradeSession/verify", {
+  try {
-    answer: encodeToBase64(answer),
+    await trpc().auth.verifyUpgrade.mutate({
+      id,
       answerSig: encodeToBase64(answerSig),
+      force,
     });
-  return res.ok;
+  } catch (e) {
+    if (isTRPCClientError(e) && e.data?.code === "CONFLICT") {
+      return [false, "Already logged in"] as const;
+    }
+    return [false] as const;
+  }
+
+  return [true] as const;
+};
+
+export const requestLogout = async () => {
+  try {
+    await trpc().auth.logout.mutate();
+    return true;
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
 };

src/lib/services/category.ts

@@ -1,7 +1,6 @@
-import { callPostApi } from "$lib/hooks";
 import { generateDataKey, wrapDataKey, encryptString } from "$lib/modules/crypto";
-import type { CategoryCreateRequest, CategoryFileRemoveRequest } from "$lib/server/schemas";
 import type { MasterKey } from "$lib/stores";
+import { trpc } from "$trpc/client";
 
 export const requestCategoryCreation = async (
   name: string,
@@ -11,21 +10,28 @@ export const requestCategoryCreation = async (
   const { dataKey, dataKeyVersion } = await generateDataKey();
   const nameEncrypted = await encryptString(name, dataKey);
 
-  const res = await callPostApi<CategoryCreateRequest>("/api/category/create", {
+  try {
+    await trpc().category.create.mutate({
       parent: parentId,
       mekVersion: masterKey.version,
       dek: await wrapDataKey(dataKey, masterKey.key),
-    dekVersion: dataKeyVersion.toISOString(),
+      dekVersion: dataKeyVersion,
       name: nameEncrypted.ciphertext,
       nameIv: nameEncrypted.iv,
     });
-  return res.ok;
+    return true;
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
 };
 
 export const requestFileRemovalFromCategory = async (fileId: number, categoryId: number) => {
-  const res = await callPostApi<CategoryFileRemoveRequest>(
+  try {
-    `/api/category/${categoryId}/file/remove`,
+    await trpc().category.removeFile.mutate({ id: categoryId, file: fileId });
-    { file: fileId },
+    return true;
-  );
+  } catch {
-  return res.ok;
+    // TODO: Error Handling
+    return false;
+  }
 };

src/lib/services/file.ts

@@ -0,0 +1,87 @@
+import { getAllFileInfos } from "$lib/indexedDB/filesystem";
+import { decryptData } from "$lib/modules/crypto";
+import {
+  getFileCache,
+  storeFileCache,
+  deleteFileCache,
+  getFileThumbnailCache,
+  storeFileThumbnailCache,
+  deleteFileThumbnailCache,
+  downloadFile,
+} from "$lib/modules/file";
+import { getThumbnailUrl } from "$lib/modules/thumbnail";
+import type { FileThumbnailUploadRequest } from "$lib/server/schemas";
+import { trpc } from "$trpc/client";
+
+export const requestFileDownload = async (
+  fileId: number,
+  fileEncryptedIv: string,
+  dataKey: CryptoKey,
+) => {
+  const cache = await getFileCache(fileId);
+  if (cache) return cache;
+
+  const fileBuffer = await downloadFile(fileId, fileEncryptedIv, dataKey);
+  storeFileCache(fileId, fileBuffer); // Intended
+  return fileBuffer;
+};
+
+export const requestFileThumbnailUpload = async (
+  fileId: number,
+  dataKeyVersion: Date,
+  thumbnailEncrypted: { ciphertext: ArrayBuffer; iv: string },
+) => {
+  const form = new FormData();
+  form.set(
+    "metadata",
+    JSON.stringify({
+      dekVersion: dataKeyVersion.toISOString(),
+      contentIv: thumbnailEncrypted.iv,
+    } satisfies FileThumbnailUploadRequest),
+  );
+  form.set("content", new Blob([thumbnailEncrypted.ciphertext]));
+
+  return await fetch(`/api/file/${fileId}/thumbnail/upload`, { method: "POST", body: form });
+};
+
+export const requestFileThumbnailDownload = async (fileId: number, dataKey?: CryptoKey) => {
+  const cache = await getFileThumbnailCache(fileId);
+  if (cache || !dataKey) return cache;
+
+  let thumbnailInfo;
+  try {
+    thumbnailInfo = await trpc().file.thumbnail.query({ id: fileId });
+  } catch {
+    // TODO: Error Handling
+    return null;
+  }
+  const { contentIv: thumbnailEncryptedIv } = thumbnailInfo;
+
+  const res = await fetch(`/api/file/${fileId}/thumbnail/download`);
+  if (!res.ok) return null;
+
+  const thumbnailEncrypted = await res.arrayBuffer();
+  const thumbnailBuffer = await decryptData(thumbnailEncrypted, thumbnailEncryptedIv, dataKey);
+
+  storeFileThumbnailCache(fileId, thumbnailBuffer); // Intended
+  return getThumbnailUrl(thumbnailBuffer);
+};
+
+export const requestDeletedFilesCleanup = async () => {
+  let liveFiles;
+  try {
+    liveFiles = await trpc().file.list.query();
+  } catch {
+    // TODO: Error Handling
+    return;
+  }
+
+  const liveFilesSet = new Set(liveFiles);
+  const maybeCachedFiles = await getAllFileInfos();
+
+  await Promise.all(
+    maybeCachedFiles
+      .filter(({ id }) => !liveFilesSet.has(id))
+      .flatMap(({ id }) => [deleteFileCache(id), deleteFileThumbnailCache(id)]),
+  );
+};

src/lib/services/key.ts

@@ -1,19 +1,16 @@
-import { callGetApi, callPostApi } from "$lib/hooks";
 import { storeMasterKeys } from "$lib/indexedDB";
 import {
   encodeToBase64,
+  exportRSAKeyToBase64,
   decryptChallenge,
   signMessageRSA,
   unwrapMasterKey,
+  signMasterKeyWrapped,
   verifyMasterKeyWrapped,
 } from "$lib/modules/crypto";
-import type {
+import { requestSessionUpgrade } from "$lib/services/auth";
-  ClientRegisterRequest,
+import { masterKeyStore, type ClientKeys } from "$lib/stores";
-  ClientRegisterResponse,
+import { trpc, isTRPCClientError } from "$trpc/client";
-  ClientRegisterVerifyRequest,
-  MasterKeyListResponse,
-} from "$lib/server/schemas";
-import { masterKeyStore } from "$lib/stores";
 
 export const requestClientRegistration = async (
   encryptKeyBase64: string,
@@ -21,28 +18,62 @@ export const requestClientRegistration = async (
   verifyKeyBase64: string,
   signKey: CryptoKey,
 ) => {
-  let res = await callPostApi<ClientRegisterRequest>("/api/client/register", {
+  try {
+    const { id, challenge } = await trpc().client.register.mutate({
       encPubKey: encryptKeyBase64,
       sigPubKey: verifyKeyBase64,
     });
-  if (!res.ok) return false;
-
-  const { challenge }: ClientRegisterResponse = await res.json();
     const answer = await decryptChallenge(challenge, decryptKey);
     const answerSig = await signMessageRSA(answer, signKey);
-
+    await trpc().client.verify.mutate({
-  res = await callPostApi<ClientRegisterVerifyRequest>("/api/client/register/verify", {
+      id,
-    answer: encodeToBase64(answer),
       answerSig: encodeToBase64(answerSig),
     });
-  return res.ok;
+    return true;
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
+};
+
+export const requestClientRegistrationAndSessionUpgrade = async (
+  { encryptKey, decryptKey, signKey, verifyKey }: ClientKeys,
+  force: boolean,
+) => {
+  const encryptKeyBase64 = await exportRSAKeyToBase64(encryptKey);
+  const verifyKeyBase64 = await exportRSAKeyToBase64(verifyKey);
+  const [res, error] = await requestSessionUpgrade(
+    encryptKeyBase64,
+    decryptKey,
+    verifyKeyBase64,
+    signKey,
+    force,
+  );
+  if (error === undefined) return [res] as const;
+
+  if (
+    error === "Unregistered client" &&
+    !(await requestClientRegistration(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey))
+  ) {
+    return [false] as const;
+  } else if (error === "Already logged in") {
+    return [false, force ? undefined : error] as const;
+  }
+
+  return [
+    (await requestSessionUpgrade(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey))[0],
+  ] as const;
 };
 
 export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verifyKey: CryptoKey) => {
-  const res = await callGetApi("/api/mek/list");
+  let masterKeysWrapped;
-  if (!res.ok) return false;
+  try {
+    masterKeysWrapped = await trpc().mek.list.query();
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
 
-  const { meks: masterKeysWrapped }: MasterKeyListResponse = await res.json();
   const masterKeys = await Promise.all(
     masterKeysWrapped.map(
       async ({ version, state, mek: masterKeyWrapped, mekSig: masterKeyWrappedSig }) => {
@@ -68,3 +99,33 @@ export const requestMasterKeyDownload = async (decryptKey: CryptoKey, verifyKey:
 
   return true;
 };
+
+export const requestInitialMasterKeyAndHmacSecretRegistration = async (
+  masterKeyWrapped: string,
+  hmacSecretWrapped: string,
+  signKey: CryptoKey,
+) => {
+  try {
+    await trpc().mek.registerInitial.mutate({
+      mek: masterKeyWrapped,
+      mekSig: await signMasterKeyWrapped(masterKeyWrapped, 1, signKey),
+    });
+  } catch (e) {
+    if (isTRPCClientError(e) && (e.data?.code === "FORBIDDEN" || e.data?.code === "CONFLICT")) {
+      return true;
+    }
+    // TODO: Error Handling
+    return false;
+  }
+
+  try {
+    await trpc().hsk.registerInitial.mutate({
+      mekVersion: 1,
+      hsk: hmacSecretWrapped,
+    });
+    return true;
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
+};

src/lib/stores/file.ts

@@ -1,21 +1,5 @@
 import { writable, type Writable } from "svelte/store";
 
-export interface FileUploadStatus {
-  name: string;
-  parentId: "root" | number;
-  status:
-    | "encryption-pending"
-    | "encrypting"
-    | "upload-pending"
-    | "uploading"
-    | "uploaded"
-    | "canceled"
-    | "error";
-  progress?: number;
-  rate?: number;
-  estimated?: number;
-}
-
 export interface FileDownloadStatus {
   id: number;
   status:
@@ -32,16 +16,8 @@ export interface FileDownloadStatus {
   result?: ArrayBuffer;
 }
 
-export const fileUploadStatusStore = writable<Writable<FileUploadStatus>[]>([]);
-
 export const fileDownloadStatusStore = writable<Writable<FileDownloadStatus>[]>([]);
 
-export const isFileUploading = (
-  status: FileUploadStatus["status"],
-): status is "encryption-pending" | "encrypting" | "upload-pending" | "uploading" => {
-  return ["encryption-pending", "encrypting", "upload-pending", "uploading"].includes(status);
-};
-
 export const isFileDownloading = (
   status: FileDownloadStatus["status"],
 ): status is "download-pending" | "downloading" | "decryption-pending" | "decrypting" => {

src/lib/types/filesystem.d.ts

@@ -0,0 +1,2 @@
+type DirectoryId = "root" | number;
+type CategoryId = "root" | number;

src/lib/utils/format.ts

@@ -7,6 +7,13 @@ export const formatDate = (date: Date) => {
   return `${year}. ${month}. ${day}.`;
 };
 
+export const formatDateSortable = (date: Date) => {
+  const year = date.getFullYear();
+  const month = pad2(date.getMonth() + 1);
+  const day = pad2(date.getDate());
+  return `${year}${month}${day}`;
+};
+
 export const formatDateTime = (date: Date) => {
   const dateFormatted = formatDate(date);
   const hours = date.getHours();
@@ -32,32 +39,3 @@ export const truncateString = (str: string, maxLength = 20) => {
   if (str.length <= maxLength) return str;
   return `${str.slice(0, maxLength)}...`;
 };
-
-export enum SortBy {
-  NAME_ASC,
-  NAME_DESC,
-}
-
-type SortFunc = (a?: string, b?: string) => number;
-
-const collator = new Intl.Collator(undefined, { numeric: true, sensitivity: "base" });
-
-const sortByNameAsc: SortFunc = (a, b) => {
-  if (a && b) return collator.compare(a, b);
-  if (a) return -1;
-  if (b) return 1;
-  return 0;
-};
-
-const sortByNameDesc: SortFunc = (a, b) => -sortByNameAsc(a, b);
-
-export const sortEntries = <T extends { name?: string }>(entries: T[], sortBy: SortBy) => {
-  let sortFunc: SortFunc;
-  if (sortBy === SortBy.NAME_ASC) {
-    sortFunc = sortByNameAsc;
-  } else {
-    sortFunc = sortByNameDesc;
-  }
-
-  entries.sort((a, b) => sortFunc(a.name, b.name));
-};

src/lib/utils/index.ts

@@ -0,0 +1,4 @@
+export * from "./format";
+export * from "./gotoStateful";
+export * from "./promise";
+export * from "./sort";

src/lib/utils/promise.ts

@@ -0,0 +1,16 @@
+export const monotonicResolve = <T>(
+  promises: (Promise<T | undefined> | false)[],
+  callback: (value: T) => void,
+) => {
+  let latestResolvedIndex = -1;
+
+  promises.forEach((promise, index) => {
+    if (!promise) return;
+    promise.then((value) => {
+      if (value !== undefined && index > latestResolvedIndex) {
+        latestResolvedIndex = index;
+        callback(value);
+      }
+    });
+  });
+};

src/lib/utils/sort.ts

@@ -0,0 +1,58 @@
+interface SortEntry {
+  name?: string;
+  date?: Date;
+}
+
+export enum SortBy {
+  NAME_ASC,
+  NAME_DESC,
+  DATE_ASC,
+  DATE_DESC,
+}
+
+type SortFunc = (a: SortEntry, b: SortEntry) => number;
+
+const collator = new Intl.Collator(undefined, { numeric: true, sensitivity: "base" });
+
+const sortByNameAsc: SortFunc = ({ name: a }, { name: b }) => {
+  if (a && b) return collator.compare(a, b);
+  if (a) return -1;
+  if (b) return 1;
+  return 0;
+};
+
+const sortByNameDesc: SortFunc = (a, b) => -sortByNameAsc(a, b);
+
+const sortByDateAsc: SortFunc = ({ date: a }, { date: b }) => {
+  if (a && b) return a.getTime() - b.getTime();
+  if (a) return -1;
+  if (b) return 1;
+  return 0;
+};
+
+const sortByDateDesc: SortFunc = (a, b) => -sortByDateAsc(a, b);
+
+export const sortEntries = <T extends SortEntry>(entries: T[], sortBy = SortBy.NAME_ASC) => {
+  let sortFunc: SortFunc;
+
+  switch (sortBy) {
+    case SortBy.NAME_ASC:
+      sortFunc = sortByNameAsc;
+      break;
+    case SortBy.NAME_DESC:
+      sortFunc = sortByNameDesc;
+      break;
+    case SortBy.DATE_ASC:
+      sortFunc = sortByDateAsc;
+      break;
+    case SortBy.DATE_DESC:
+      sortFunc = sortByDateDesc;
+      break;
+    default:
+      const exhaustive: never = sortBy;
+      sortFunc = exhaustive;
+  }
+
+  entries.sort(sortFunc);
+  return entries;
+};

src/routes/(fullscreen)/auth/changePassword/+page.svelte

@@ -6,8 +6,14 @@
 
   let oldPassword = $state("");
   let newPassword = $state("");
+  let confirmPassword = $state("");
 
   const changePassword = async () => {
+    if (newPassword !== confirmPassword) {
+      // TODO: Alert
+      return;
+    }
+
     if (await requestPasswordChange(oldPassword, newPassword)) {
       await goto("/menu");
     }
@@ -30,6 +36,7 @@
 
     <TextInput bind:value={oldPassword} placeholder="기존 비밀번호" type="password" />
     <TextInput bind:value={newPassword} placeholder="새 비밀번호" type="password" />
+    <TextInput bind:value={confirmPassword} placeholder="새 비밀번호 확인" type="password" />
   </TitledDiv>
   <BottomDiv>
     <Button onclick={changePassword} class="w-full">비밀번호 바꾸기</Button>

src/routes/(fullscreen)/auth/changePassword/service.ts

@@ -1,10 +1,11 @@
-import { callPostApi } from "$lib/hooks";
+import { trpc } from "$trpc/client";
-import type { PasswordChangeRequest } from "$lib/server/schemas";
 
 export const requestPasswordChange = async (oldPassword: string, newPassword: string) => {
-  const res = await callPostApi<PasswordChangeRequest>("/api/auth/changePassword", {
+  try {
-    oldPassword,
+    await trpc().auth.changePassword.mutate({ oldPassword, newPassword });
-    newPassword,
+    return true;
-  });
+  } catch {
-  return res.ok;
+    // TODO: Error Handling
+    return false;
+  }
 };

src/routes/(fullscreen)/auth/login/+page.svelte

@@ -2,18 +2,57 @@
   import { goto } from "$app/navigation";
   import { BottomDiv, Button, FullscreenDiv, TextButton, TextInput } from "$lib/components/atoms";
   import { TitledDiv } from "$lib/components/molecules";
+  import { ForceLoginModal } from "$lib/components/organisms";
   import { clientKeyStore, masterKeyStore } from "$lib/stores";
-  import { requestLogin, requestSessionUpgrade, requestMasterKeyDownload } from "./service";
+  import {
+    requestLogin,
+    requestClientRegistrationAndSessionUpgrade,
+    requestMasterKeyDownload,
+    requestDeletedFilesCleanup,
+    requestLogout,
+  } from "./service";
 
   let { data } = $props();
 
   let email = $state("");
   let password = $state("");
 
+  let isForceLoginModalOpen = $state(false);
+
   const redirect = async (url: string) => {
     return await goto(`${url}?redirect=${encodeURIComponent(data.redirectPath)}`);
   };
 
+  const upgradeSession = async (force: boolean) => {
+    try {
+      const [upgradeRes, upgradeError] = await requestClientRegistrationAndSessionUpgrade(
+        $clientKeyStore!,
+        force,
+      );
+      if (!force && upgradeError === "Already logged in") {
+        isForceLoginModalOpen = true;
+        return;
+      } else if (!upgradeRes) {
+        throw new Error("Failed to upgrade session");
+      }
+
+      // TODO: Multi-user support
+
+      if (
+        $masterKeyStore ||
+        (await requestMasterKeyDownload($clientKeyStore!.decryptKey, $clientKeyStore!.verifyKey))
+      ) {
+        await requestDeletedFilesCleanup();
+        await goto(data.redirectPath);
+      } else {
+        await redirect("/client/pending");
+      }
+    } catch (e) {
+      // TODO
+      throw e;
+    }
+  };
+
   const login = async () => {
     // TODO: Validation
 
@@ -22,19 +61,7 @@
 
       if (!$clientKeyStore) return await redirect("/key/generate");
 
-      if (!(await requestSessionUpgrade($clientKeyStore)))
+      await upgradeSession(false);
-        throw new Error("Failed to upgrade session");
-
-      // TODO: Multi-user support
-
-      if (
-        $masterKeyStore ||
-        (await requestMasterKeyDownload($clientKeyStore.decryptKey, $clientKeyStore.verifyKey))
-      ) {
-        await goto(data.redirectPath);
-      } else {
-        await redirect("/client/pending");
-      }
     } catch (e) {
       // TODO: Alert
       throw e;
@@ -63,3 +90,9 @@
     <TextButton>계정이 없어요</TextButton>
   </BottomDiv>
 </FullscreenDiv>
+
+<ForceLoginModal
+  bind:isOpen={isForceLoginModalOpen}
+  oncancel={requestLogout}
+  onLoginClick={() => upgradeSession(true)}
+/>

src/routes/(fullscreen)/auth/login/service.ts

@@ -1,37 +1,18 @@
-import { callPostApi } from "$lib/hooks";
+import { trpc } from "$trpc/client";
-import { exportRSAKeyToBase64 } from "$lib/modules/crypto";
-import type { LoginRequest } from "$lib/server/schemas";
-import { requestSessionUpgrade as requestSessionUpgradeInternal } from "$lib/services/auth";
-import { requestClientRegistration } from "$lib/services/key";
-import type { ClientKeys } from "$lib/stores";
 
-export { requestMasterKeyDownload } from "$lib/services/key";
+export { requestLogout } from "$lib/services/auth";
+export { requestDeletedFilesCleanup } from "$lib/services/file";
+export {
+  requestClientRegistrationAndSessionUpgrade,
+  requestMasterKeyDownload,
+} from "$lib/services/key";
 
 export const requestLogin = async (email: string, password: string) => {
-  const res = await callPostApi<LoginRequest>("/api/auth/login", { email, password });
+  try {
-  return res.ok;
+    await trpc().auth.login.mutate({ email, password });
-};
-
-export const requestSessionUpgrade = async ({
-  encryptKey,
-  decryptKey,
-  signKey,
-  verifyKey,
-}: ClientKeys) => {
-  const encryptKeyBase64 = await exportRSAKeyToBase64(encryptKey);
-  const verifyKeyBase64 = await exportRSAKeyToBase64(verifyKey);
-  if (await requestSessionUpgradeInternal(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey)) {
     return true;
-  }
+  } catch {
-
+    // TODO: Error Handling
-  if (await requestClientRegistration(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey)) {
-    return await requestSessionUpgradeInternal(
-      encryptKeyBase64,
-      decryptKey,
-      verifyKeyBase64,
-      signKey,
-    );
-  } else {
     return false;
   }
 };

src/routes/(fullscreen)/file/[id]/+page.svelte

@@ -3,31 +3,33 @@
   import { untrack } from "svelte";
   import { get, type Writable } from "svelte/store";
   import { goto } from "$app/navigation";
+  import { page } from "$app/state";
   import { FullscreenDiv } from "$lib/components/atoms";
   import { Categories, IconEntryButton, TopBar } from "$lib/components/molecules";
-  import {
+  import { getFileInfo, type FileInfo } from "$lib/modules/filesystem";
-    getFileInfo,
+  import { captureVideoThumbnail } from "$lib/modules/thumbnail";
-    getCategoryInfo,
-    type FileInfo,
-    type CategoryInfo,
-  } from "$lib/modules/filesystem";
   import { fileDownloadStatusStore, isFileDownloading, masterKeyStore } from "$lib/stores";
   import AddToCategoryBottomSheet from "./AddToCategoryBottomSheet.svelte";
   import DownloadStatus from "./DownloadStatus.svelte";
   import {
     requestFileRemovalFromCategory,
     requestFileDownload,
+    requestThumbnailUpload,
     requestFileAdditionToCategory,
   } from "./service";
+  import TopBarMenu from "./TopBarMenu.svelte";
 
+  import IconMoreVert from "~icons/material-symbols/more-vert";
+  import IconCamera from "~icons/material-symbols/camera";
   import IconClose from "~icons/material-symbols/close";
   import IconAddCircle from "~icons/material-symbols/add-circle";
 
   let { data } = $props();
 
   let info: Writable<FileInfo | null> | undefined = $state();
-  let categories: Writable<CategoryInfo | null>[] = $state([]);
+  // let categories: Writable<CategoryInfo | null>[] = $state([]);
 
+  let isMenuOpen = $state(false);
   let isAddToCategoryBottomSheetOpen = $state(false);
 
   let downloadStatus = $derived(
@@ -39,20 +41,31 @@
 
   let isDownloadRequested = $state(false);
   let viewerType: "image" | "video" | undefined = $state();
+  let fileBlob: Blob | undefined = $state();
   let fileBlobUrl: string | undefined = $state();
+  let videoElement: HTMLVideoElement | undefined = $state();
 
   const updateViewer = async (buffer: ArrayBuffer, contentType: string) => {
-    const fileBlob = new Blob([buffer], { type: contentType });
+    fileBlob = new Blob([buffer], { type: contentType });
-    if (contentType === "image/heic") {
+    fileBlobUrl = URL.createObjectURL(fileBlob);
+    return fileBlob;
+  };
+
+  const convertHeicToJpeg = async () => {
+    if (fileBlob?.type !== "image/heic") return;
+
+    URL.revokeObjectURL(fileBlobUrl!);
+    fileBlobUrl = undefined;
+
     const { default: heic2any } = await import("heic2any");
     fileBlobUrl = URL.createObjectURL(
       (await heic2any({ blob: fileBlob, toType: "image/jpeg" })) as Blob,
     );
-    } else if (viewerType) {
+  };
-      fileBlobUrl = URL.createObjectURL(fileBlob);
-    }
 
-    return fileBlob;
+  const updateThumbnail = async (dataKey: CryptoKey, dataKeyVersion: Date) => {
+    const thumbnail = await captureVideoThumbnail(videoElement!);
+    await requestThumbnailUpload(data.id, thumbnail, dataKey, dataKeyVersion);
   };
 
   const addToCategory = async (categoryId: number) => {
@@ -72,10 +85,10 @@
     viewerType = undefined;
   });
 
-  $effect(() => {
+  // $effect(() => {
-    categories =
+  //   categories =
-      $info?.categoryIds.map((id) => getCategoryInfo(id, $masterKeyStore?.get(1)?.key!)) ?? [];
+  //     $info?.categoryIds.map((id) => getCategoryInfo(id, $masterKeyStore?.get(1)?.key!)) ?? [];
-  });
+  // });
 
   $effect(() => {
     if ($info && $info.dataKey && $info.contentIv) {
@@ -115,7 +128,26 @@
   <title>파일</title>
 </svelte:head>
 
-<TopBar title={$info?.name} />
+<TopBar title={$info?.name}>
+  <!-- svelte-ignore a11y_no_static_element_interactions -->
+  <!-- svelte-ignore a11y_click_events_have_key_events -->
+  <div onclick={(e) => e.stopPropagation()}>
+    <button
+      onclick={() => (isMenuOpen = !isMenuOpen)}
+      class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
+    >
+      <IconMoreVert class="text-2xl" />
+    </button>
+    <TopBarMenu
+      bind:isOpen={isMenuOpen}
+      directoryId={["category", "gallery"].includes(page.url.searchParams.get("from") ?? "")
+        ? $info?.parentId
+        : undefined}
+      {fileBlob}
+      filename={$info?.name}
+    />
+  </div>
+</TopBar>
 <FullscreenDiv>
   <div class="space-y-4 pb-4">
     <DownloadStatus status={downloadStatus} />
@@ -127,14 +159,23 @@
 
         {#if viewerType === "image"}
           {#if fileBlobUrl}
-            <img src={fileBlobUrl} alt={$info.name} />
+            <img src={fileBlobUrl} alt={$info.name} onerror={convertHeicToJpeg} />
           {:else}
             {@render viewerLoading("이미지를 불러오고 있어요.")}
           {/if}
         {:else if viewerType === "video"}
           {#if fileBlobUrl}
+            <div class="flex flex-col space-y-2">
               <!-- svelte-ignore a11y_media_has_caption -->
-            <video src={fileBlobUrl} controls></video>
+              <video bind:this={videoElement} src={fileBlobUrl} controls muted></video>
+              <IconEntryButton
+                icon={IconCamera}
+                onclick={() => updateThumbnail($info.dataKey!, $info.dataKeyVersion!)}
+                class="w-full"
+              >
+                이 장면을 썸네일로 설정하기
+              </IconEntryButton>
+            </div>
           {:else}
             {@render viewerLoading("비디오를 불러오고 있어요.")}
           {/if}
@@ -144,12 +185,12 @@
     <div class="space-y-2">
       <p class="text-lg font-bold">카테고리</p>
       <div class="space-y-1">
-        <Categories
+        <!-- <Categories
           {categories}
           categoryMenuIcon={IconClose}
           onCategoryClick={({ id }) => goto(`/category/${id}`)}
           onCategoryMenuClick={({ id }) => removeFromCategory(id)}
-        />
+        /> -->
         <IconEntryButton
           icon={IconAddCircle}
           onclick={() => (isAddToCategoryBottomSheetOpen = true)}

src/routes/(fullscreen)/file/[id]/AddToCategoryBottomSheet.svelte

@@ -1,9 +1,8 @@
 <script lang="ts">
-  import type { Writable } from "svelte/store";
   import { BottomDiv, BottomSheet, Button, FullscreenDiv } from "$lib/components/atoms";
   import { SubCategories } from "$lib/components/molecules";
   import { CategoryCreateModal } from "$lib/components/organisms";
-  import { getCategoryInfo, type CategoryInfo } from "$lib/modules/filesystem";
+  import { getCategoryInfo, type CategoryInfo } from "$lib/modules/filesystem2.svelte";
   import { masterKeyStore } from "$lib/stores";
   import { requestCategoryCreation } from "./service";
 
@@ -14,46 +13,48 @@
 
   let { onAddToCategoryClick, isOpen = $bindable() }: Props = $props();
 
-  let category: Writable<CategoryInfo | null> | undefined = $state();
+  let categoryInfoPromise: Promise<CategoryInfo | null> | undefined = $state();
 
   let isCategoryCreateModalOpen = $state(false);
 
   $effect(() => {
     if (isOpen) {
-      category = getCategoryInfo("root", $masterKeyStore?.get(1)?.key!);
+      categoryInfoPromise = getCategoryInfo("root", $masterKeyStore?.get(1)?.key!);
     }
   });
 </script>
 
-{#if $category}
+{#await categoryInfoPromise then categoryInfo}
+  {#if categoryInfo}
     <BottomSheet bind:isOpen class="flex flex-col">
       <FullscreenDiv>
         <SubCategories
           class="py-4"
-        info={$category}
+          info={categoryInfo}
           onSubCategoryClick={({ id }) =>
-          (category = getCategoryInfo(id, $masterKeyStore?.get(1)?.key!))}
+            (categoryInfoPromise = getCategoryInfo(id, $masterKeyStore?.get(1)?.key!))}
           onSubCategoryCreateClick={() => (isCategoryCreateModalOpen = true)}
           subCategoryCreatePosition="top"
         />
-      {#if $category.id !== "root"}
+        {#if categoryInfo.id !== "root"}
           <BottomDiv>
-          <Button onclick={() => onAddToCategoryClick($category.id)} class="w-full">
+            <Button onclick={() => onAddToCategoryClick(categoryInfo.id)} class="w-full">
               이 카테고리에 추가하기
             </Button>
           </BottomDiv>
         {/if}
       </FullscreenDiv>
     </BottomSheet>
-{/if}
 
     <CategoryCreateModal
       bind:isOpen={isCategoryCreateModalOpen}
       onCreateClick={async (name: string) => {
-    if (await requestCategoryCreation(name, $category!.id, $masterKeyStore?.get(1)!)) {
+        if (await requestCategoryCreation(name, categoryInfo.id, $masterKeyStore?.get(1)!)) {
-      category = getCategoryInfo($category!.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+          categoryInfoPromise = getCategoryInfo(categoryInfo.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
           return true;
         }
         return false;
       }}
     />
+  {/if}
+{/await}

src/routes/(fullscreen)/file/[id]/DownloadStatus.svelte

@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { Writable } from "svelte/store";
-  import { formatNetworkSpeed } from "$lib/modules/util";
   import { isFileDownloading, type FileDownloadStatus } from "$lib/stores";
+  import { formatNetworkSpeed } from "$lib/utils";
 
   interface Props {
     status?: Writable<FileDownloadStatus>;

src/routes/(fullscreen)/file/[id]/TopBarMenu.svelte

@@ -0,0 +1,59 @@
+<script lang="ts">
+  import FileSaver from "file-saver";
+  import type { Component } from "svelte";
+  import type { SvelteHTMLElements } from "svelte/elements";
+  import { fly } from "svelte/transition";
+  import { goto } from "$app/navigation";
+
+  import IconFolderOpen from "~icons/material-symbols/folder-open";
+  import IconCloudDownload from "~icons/material-symbols/cloud-download";
+
+  interface Props {
+    directoryId?: "root" | number;
+    fileBlob?: Blob;
+    filename?: string;
+    isOpen: boolean;
+  }
+
+  let { directoryId, fileBlob, filename, isOpen = $bindable() }: Props = $props();
+</script>
+
+<svelte:window onclick={() => (isOpen = false)} />
+
+{#if isOpen && (directoryId || fileBlob)}
+  <div
+    class="absolute right-2 top-full z-20 space-y-1 rounded-lg bg-white px-1 py-2 shadow-2xl"
+    transition:fly={{ y: -8, duration: 200 }}
+  >
+    <p class="px-3 pt-2 text-sm font-semibold text-gray-600">더보기</p>
+    <div class="flex flex-col">
+      {#snippet menuButton(
+        Icon: Component<SvelteHTMLElements["svg"]>,
+        text: string,
+        onclick: () => void,
+      )}
+        <button {onclick} class="rounded-xl active:bg-gray-100">
+          <div
+            class="flex items-center gap-x-3 px-3 py-2 text-lg text-gray-700 transition active:scale-95"
+          >
+            <Icon />
+            <p class="font-medium">{text}</p>
+          </div>
+        </button>
+      {/snippet}
+
+      {#if directoryId}
+        {@render menuButton(IconFolderOpen, "폴더에서 보기", () =>
+          goto(
+            directoryId === "root" ? "/directory?from=file" : `/directory/${directoryId}?from=file`,
+          ),
+        )}
+      {/if}
+      {#if fileBlob}
+        {@render menuButton(IconCloudDownload, "다운로드", () => {
+          FileSaver.saveAs(fileBlob, filename);
+        })}
+      {/if}
+    </div>
+  </div>
+{/if}

src/routes/(fullscreen)/file/[id]/service.ts

@@ -1,25 +1,32 @@
-import { callPostApi } from "$lib/hooks";
+import { encryptData } from "$lib/modules/crypto";
-import { getFileCache, storeFileCache, downloadFile } from "$lib/modules/file";
+import { storeFileThumbnailCache } from "$lib/modules/file";
-import type { CategoryFileAddRequest } from "$lib/server/schemas";
+import { requestFileThumbnailUpload } from "$lib/services/file";
+import { trpc } from "$trpc/client";
 
 export { requestCategoryCreation, requestFileRemovalFromCategory } from "$lib/services/category";
+export { requestFileDownload } from "$lib/services/file";
 
-export const requestFileDownload = async (
+export const requestThumbnailUpload = async (
   fileId: number,
-  fileEncryptedIv: string,
+  thumbnail: Blob,
   dataKey: CryptoKey,
+  dataKeyVersion: Date,
 ) => {
-  const cache = await getFileCache(fileId);
+  const thumbnailBuffer = await thumbnail.arrayBuffer();
-  if (cache) return cache;
+  const thumbnailEncrypted = await encryptData(thumbnailBuffer, dataKey);
+  const res = await requestFileThumbnailUpload(fileId, dataKeyVersion, thumbnailEncrypted);
+  if (!res.ok) return false;
 
-  const fileBuffer = await downloadFile(fileId, fileEncryptedIv, dataKey);
+  storeFileThumbnailCache(fileId, thumbnailBuffer); // Intended
-  storeFileCache(fileId, fileBuffer); // Intended
+  return true;
-  return fileBuffer;
 };
 
 export const requestFileAdditionToCategory = async (fileId: number, categoryId: number) => {
-  const res = await callPostApi<CategoryFileAddRequest>(`/api/category/${categoryId}/file/add`, {
+  try {
-    file: fileId,
+    await trpc().category.addFile.mutate({ id: categoryId, file: fileId });
-  });
+    return true;
-  return res.ok;
+  } catch {
+    // TODO: Error Handling
+    return false;
+  }
 };

src/routes/(fullscreen)/file/downloads/File.svelte

@@ -1,8 +1,8 @@
 <script lang="ts">
   import { get, type Writable } from "svelte/store";
   import { getFileInfo, type FileInfo } from "$lib/modules/filesystem";
-  import { formatNetworkSpeed } from "$lib/modules/util";
   import { masterKeyStore, type FileDownloadStatus } from "$lib/stores";
+  import { formatNetworkSpeed } from "$lib/utils";
 
   import IconCloud from "~icons/material-symbols/cloud";
   import IconCloudDownload from "~icons/material-symbols/cloud-download";

src/routes/(fullscreen)/file/uploads/+page.svelte

@@ -1,19 +1,10 @@
 <script lang="ts">
-  import { get } from "svelte/store";
   import { FullscreenDiv } from "$lib/components/atoms";
   import { TopBar } from "$lib/components/molecules";
-  import { fileUploadStatusStore, isFileUploading } from "$lib/stores";
+  import { getUploadingFiles, clearUploadedFiles } from "$lib/modules/file";
   import File from "./File.svelte";
 
-  let uploadingFiles = $derived(
+  $effect(() => clearUploadedFiles);
-    $fileUploadStatusStore.filter((status) => isFileUploading(get(status).status)),
-  );
-
-  $effect(() => () => {
-    $fileUploadStatusStore = $fileUploadStatusStore.filter((status) =>
-      isFileUploading(get(status).status),
-    );
-  });
 </script>
 
 <svelte:head>
@@ -23,8 +14,8 @@
 <TopBar />
 <FullscreenDiv>
   <div class="space-y-2 pb-4">
-    {#each uploadingFiles as status}
+    {#each getUploadingFiles() as file}
-      <File {status} />
+      <File state={file} />
     {/each}
   </div>
 </FullscreenDiv>

src/routes/(fullscreen)/file/uploads/File.svelte

@@ -1,7 +1,6 @@
 <script lang="ts">
-  import type { Writable } from "svelte/store";
+  import type { FileUploadState } from "$lib/modules/file";
-  import { formatNetworkSpeed } from "$lib/modules/util";
+  import { formatNetworkSpeed } from "$lib/utils";
-  import type { FileUploadStatus } from "$lib/stores";
 
   import IconPending from "~icons/material-symbols/pending";
   import IconLockClock from "~icons/material-symbols/lock-clock";
@@ -11,45 +10,45 @@
   import IconError from "~icons/material-symbols/error";
 
   interface Props {
-    status: Writable<FileUploadStatus>;
+    state: FileUploadState;
   }
 
-  let { status }: Props = $props();
+  let { state }: Props = $props();
 </script>
 
 <div class="flex h-14 items-center gap-x-4 p-2">
   <div class="flex-shrink-0 text-lg text-gray-600">
-    {#if $status.status === "encryption-pending"}
+    {#if state.status === "encryption-pending"}
       <IconPending />
-    {:else if $status.status === "encrypting"}
+    {:else if state.status === "encrypting"}
       <IconLockClock />
-    {:else if $status.status === "upload-pending"}
+    {:else if state.status === "upload-pending"}
       <IconCloud />
-    {:else if $status.status === "uploading"}
+    {:else if state.status === "uploading"}
       <IconCloudUpload />
-    {:else if $status.status === "uploaded"}
+    {:else if state.status === "uploaded"}
       <IconCloudDone class="text-blue-500" />
-    {:else if $status.status === "error"}
+    {:else if state.status === "error"}
       <IconError class="text-red-500" />
     {/if}
   </div>
   <div class="flex-grow overflow-hidden">
-    <p title={$status.name} class="truncate font-medium">
+    <p title={state.name} class="truncate font-medium">
-      {$status.name}
+      {state.name}
     </p>
     <p class="text-xs text-gray-800">
-      {#if $status.status === "encryption-pending"}
+      {#if state.status === "encryption-pending"}
         준비 중
-      {:else if $status.status === "encrypting"}
+      {:else if state.status === "encrypting"}
         암호화하는 중
-      {:else if $status.status === "upload-pending"}
+      {:else if state.status === "upload-pending"}
         업로드를 기다리는 중
-      {:else if $status.status === "uploading"}
+      {:else if state.status === "uploading"}
         전송됨
-        {Math.floor(($status.progress ?? 0) * 100)}% · {formatNetworkSpeed(($status.rate ?? 0) * 8)}
+        {Math.floor((state.progress ?? 0) * 100)}% · {formatNetworkSpeed((state.rate ?? 0) * 8)}
-      {:else if $status.status === "uploaded"}
+      {:else if state.status === "uploaded"}
         업로드 완료
-      {:else if $status.status === "error"}
+      {:else if state.status === "error"}
         업로드 실패
       {/if}
     </p>

src/routes/(fullscreen)/gallery/+page.server.ts

@@ -0,0 +1,7 @@
+import { createCaller } from "$trpc/router.server";
+import type { PageServerLoad } from "./$types";
+
+export const load: PageServerLoad = async (event) => {
+  const files = await createCaller(event).file.list();
+  return { files };
+};

src/routes/(fullscreen)/gallery/+page.svelte

@@ -0,0 +1,26 @@
+<script lang="ts">
+  import type { Writable } from "svelte/store";
+  import { goto } from "$app/navigation";
+  import { FullscreenDiv } from "$lib/components/atoms";
+  import { TopBar } from "$lib/components/molecules";
+  import { Gallery } from "$lib/components/organisms";
+  import { getFileInfo, type FileInfo } from "$lib/modules/filesystem";
+  import { masterKeyStore } from "$lib/stores";
+
+  let { data } = $props();
+
+  let files: Writable<FileInfo | null>[] = $state([]);
+
+  $effect(() => {
+    files = data.files.map((file) => getFileInfo(file, $masterKeyStore?.get(1)?.key!));
+  });
+</script>
+
+<svelte:head>
+  <title>사진 및 동영상</title>
+</svelte:head>
+
+<TopBar title="사진 및 동영상" />
+<FullscreenDiv>
+  <Gallery {files} onFileClick={({ id }) => goto(`/file/${id}?from=gallery`)} />
+</FullscreenDiv>