데모를 위해 파일 용량 제한 추가, 비밀번호 변경 기능 삭제, 악용될 수 있는 API에 로깅 추가

Merge pull request #21 from kmc7468/dev
v0.9.1
2026-02-04 16:16:55 +00:00 · 2026-01-18 18:07:53 +09:00 · 2026-01-18 16:35:41 +09:00 · 2026-01-18 16:32:06 +09:00 · 2026-01-18 16:16:38 +09:00 · 2026-01-18 14:16:40 +09:00
23 changed files with 245 additions and 126 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -13,6 +13,7 @@ node_modules
 /library
 /thumbnails
 /uploads
+/log

 # OS
 .DS_Store
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,7 @@ node_modules
 /library
 /thumbnails
 /uploads
+/log

 # OS
 .DS_Store
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -10,6 +10,7 @@ services:
      - ./data/library:/app/data/library
      - ./data/thumbnails:/app/data/thumbnails
      - ./data/uploads:/app/data/uploads
+      - ./data/log:/app/data/log
    environment:
      # ArkVault
      - DATABASE_HOST=database
@@ -22,6 +23,7 @@ services:
      - LIBRARY_PATH=/app/data/library
      - THUMBNAILS_PATH=/app/data/thumbnails
      - UPLOADS_PATH=/app/data/uploads
+      - LOG_DIR=/app/data/log
      # SvelteKit
      - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
      - XFF_DEPTH=${TRUST_PROXY:-}
--- a/src/lib/constants/upload.ts
+++ b/src/lib/constants/upload.ts
@@ -4,3 +4,6 @@ export const ENCRYPTION_OVERHEAD = AES_GCM_IV_SIZE + AES_GCM_TAG_SIZE;

 export const CHUNK_SIZE = 4 * 1024 * 1024; // 4 MiB
 export const ENCRYPTED_CHUNK_SIZE = CHUNK_SIZE + ENCRYPTION_OVERHEAD;
+
+export const MAX_FILE_SIZE = 512 * 1024 * 1024; // 512 MiB
+export const MAX_CHUNKS = Math.ceil(MAX_FILE_SIZE / CHUNK_SIZE); // 128 chunks
--- a/src/lib/modules/filesystem/internal.svelte.ts
+++ b/src/lib/modules/filesystem/internal.svelte.ts
@@ -34,7 +34,7 @@ export class FilesystemCache<K, V extends object> {
      }

      (state.value
-        ? Promise.resolve(state.value)
+        ? Promise.resolve($state.snapshot(state.value) as V)
        : this.options.fetchFromIndexedDB(key).then((loadedInfo) => {
            if (loadedInfo) {
              state.value = loadedInfo;
--- a/src/lib/server/db/directory.ts
+++ b/src/lib/server/db/directory.ts
@@ -74,28 +74,6 @@ export const getAllDirectoriesByParent = async (userId: number, parentId: Direct
  return directories.map(toDirectory);
 };

-export const getAllRecursiveDirectoriesByParent = async (userId: number, parentId: DirectoryId) => {
-  const directories = await db
-    .withRecursive("directory_tree", (db) =>
-      db
-        .selectFrom("directory")
-        .selectAll()
-        .$if(parentId === "root", (qb) => qb.where("parent_id", "is", null))
-        .$if(parentId !== "root", (qb) => qb.where("parent_id", "=", parentId as number))
-        .where("user_id", "=", userId)
-        .unionAll((db) =>
-          db
-            .selectFrom("directory")
-            .innerJoin("directory_tree", "directory.parent_id", "directory_tree.id")
-            .selectAll("directory"),
-        ),
-    )
-    .selectFrom("directory_tree")
-    .selectAll()
-    .execute();
-  return directories.map(toDirectory);
-};
-
 export const getAllFavoriteDirectories = async (userId: number) => {
  const directories = await db
    .selectFrom("directory")
@@ -117,6 +95,61 @@ export const getDirectory = async (userId: number, directoryId: number) => {
  return directory ? toDirectory(directory) : null;
 };

+export const searchDirectories = async (
+  userId: number,
+  filters: {
+    parentId: DirectoryId;
+    inFavorites: boolean;
+  },
+) => {
+  const directories = await db
+    .withRecursive("directory_tree", (db) =>
+      db
+        .selectFrom("directory")
+        .select("id")
+        .where("user_id", "=", userId)
+        .$if(filters.parentId === "root", (qb) => qb.where((eb) => eb.lit(false))) // directory_tree will be empty if parentId is "root"
+        .$if(filters.parentId !== "root", (qb) => qb.where("id", "=", filters.parentId as number))
+        .unionAll(
+          db
+            .selectFrom("directory as d")
+            .innerJoin("directory_tree as dt", "d.parent_id", "dt.id")
+            .select("d.id"),
+        ),
+    )
+    .withRecursive("favorite_directory_tree", (db) =>
+      db
+        .selectFrom("directory")
+        .select("id")
+        .where("user_id", "=", userId)
+        .$if(!filters.inFavorites, (qb) => qb.where((eb) => eb.lit(false))) // favorite_directory_tree will be empty if inFavorites is false
+        .$if(filters.inFavorites, (qb) => qb.where("is_favorite", "=", true))
+        .unionAll((db) =>
+          db
+            .selectFrom("directory as d")
+            .innerJoin("favorite_directory_tree as dt", "d.parent_id", "dt.id")
+            .select("d.id"),
+        ),
+    )
+    .selectFrom("directory")
+    .selectAll()
+    .where("user_id", "=", userId)
+    .$if(filters.parentId !== "root", (qb) =>
+      qb.where((eb) =>
+        eb.exists(eb.selectFrom("directory_tree as dt").whereRef("dt.id", "=", "parent_id")),
+      ),
+    )
+    .$if(filters.inFavorites, (qb) =>
+      qb.where((eb) =>
+        eb.exists(
+          eb.selectFrom("favorite_directory_tree as dt").whereRef("dt.id", "=", "directory.id"),
+        ),
+      ),
+    )
+    .execute();
+  return directories.map(toDirectory);
+};
+
 export const setDirectoryEncName = async (
  userId: number,
  directoryId: number,
--- a/src/lib/server/db/file.ts
+++ b/src/lib/server/db/file.ts
@@ -248,6 +248,7 @@ export const searchFiles = async (
  userId: number,
  filters: {
    parentId: DirectoryId;
+    inFavorites: boolean;
    includeCategoryIds: number[];
    excludeCategoryIds: number[];
  },
@@ -258,7 +259,7 @@ export const searchFiles = async (
        .selectFrom("directory")
        .select("id")
        .where("user_id", "=", userId)
-        .where((eb) => eb.val(filters.parentId !== "root")) // directory_tree will be empty if parentId is "root"
+        .$if(filters.parentId === "root", (qb) => qb.where((eb) => eb.lit(false))) // directory_tree will be empty if parentId is "root"
        .$if(filters.parentId !== "root", (qb) => qb.where("id", "=", filters.parentId as number))
        .unionAll(
          db
@@ -267,6 +268,20 @@ export const searchFiles = async (
            .select("d.id"),
        ),
    )
+    .withRecursive("favorite_directory_tree", (db) =>
+      db
+        .selectFrom("directory")
+        .select("id")
+        .where("user_id", "=", userId)
+        .$if(!filters.inFavorites, (qb) => qb.where((eb) => eb.lit(false))) // favorite_directory_tree will be empty if inFavorites is false
+        .$if(filters.inFavorites, (qb) => qb.where("is_favorite", "=", true))
+        .unionAll((db) =>
+          db
+            .selectFrom("directory as d")
+            .innerJoin("favorite_directory_tree as dt", "d.parent_id", "dt.id")
+            .select("d.id"),
+        ),
+    )
    .withRecursive("include_category_tree", (db) =>
      db
        .selectFrom("category")
@@ -295,18 +310,30 @@ export const searchFiles = async (
    )
    .selectFrom("file")
    .selectAll("file")
-    .$if(filters.parentId === "root", (qb) => qb.where("user_id", "=", userId)) // directory_tree isn't used if parentId is "root"
+    .where("user_id", "=", userId)
    .$if(filters.parentId !== "root", (qb) =>
-      qb.where("parent_id", "in", (eb) => eb.selectFrom("directory_tree").select("id")),
+      qb.where((eb) =>
+        eb.exists(eb.selectFrom("directory_tree as dt").whereRef("dt.id", "=", "file.parent_id")),
+      ),
    )
-    .where((eb) =>
+    .$if(filters.inFavorites, (qb) =>
+      qb.where((eb) =>
+        eb.or([
+          eb("is_favorite", "=", true),
+          eb.exists(
+            eb.selectFrom("favorite_directory_tree as dt").whereRef("dt.id", "=", "file.parent_id"),
+          ),
+        ]),
+      ),
+    )
+    .$if(filters.excludeCategoryIds.length > 0, (qb) =>
+      qb.where((eb) =>
        eb.not(
          eb.exists(
            eb
              .selectFrom("file_category")
-            .whereRef("file_id", "=", "file.id")
-            .where("category_id", "in", (eb) =>
-              eb.selectFrom("exclude_category_tree").select("id"),
+              .innerJoin("exclude_category_tree", "category_id", "exclude_category_tree.id")
+              .whereRef("file_id", "=", "file.id"),
          ),
        ),
      ),
--- a/src/lib/server/modules/logger.ts
+++ b/src/lib/server/modules/logger.ts
@@ -0,0 +1,37 @@
+import { appendFileSync, existsSync, mkdirSync } from "fs";
+import { env } from "$env/dynamic/private";
+
+const LOG_DIR = env.LOG_DIR || "log";
+
+const getLogFilePath = () => {
+  const date = new Date().toISOString().slice(0, 10); // YYYY-MM-DD
+  return `${LOG_DIR}/arkvault-${date}.log`;
+};
+
+const ensureLogDir = () => {
+  if (!existsSync(LOG_DIR)) {
+    mkdirSync(LOG_DIR, { recursive: true });
+  }
+};
+
+const formatLogLine = (type: string, data: Record<string, unknown>) => {
+  const timestamp = new Date().toISOString();
+  return JSON.stringify({ timestamp, type, ...data });
+};
+
+export const demoLogger = {
+  log: (type: string, data: Record<string, unknown>) => {
+    const line = formatLogLine(type, data);
+
+    // Output to stdout
+    console.log(line);
+
+    // Output to file
+    try {
+      ensureLogDir();
+      appendFileSync(getLogFilePath(), line + "\n", { encoding: "utf-8" });
+    } catch (e) {
+      console.error("Failed to write to log file:", e);
+    }
+  },
+};
--- a/src/routes/(fullscreen)/auth/login/+page.svelte
+++ b/src/routes/(fullscreen)/auth/login/+page.svelte
@@ -14,8 +14,8 @@

  let { data } = $props();

-  let email = $state("");
-  let password = $state("");
+  let email = $state("arkvault-demo@minchan.me");
+  let password = $state("arkvault-demo");

  let isForceLoginModalOpen = $state(false);

--- a/src/routes/(fullscreen)/file/[id]/TopBarMenu.svelte
+++ b/src/routes/(fullscreen)/file/[id]/TopBarMenu.svelte
@@ -46,7 +46,7 @@

 {#if isOpen && (directoryId || downloadUrl || fileBlob)}
  <div
-    class="absolute right-2 top-full z-20 min-w-40 space-y-1 rounded-lg bg-white px-1 py-2 shadow-2xl"
+    class="absolute right-2 top-full z-20 min-w-44 space-y-1 rounded-lg bg-white px-1 py-2 shadow-2xl"
    transition:fly={{ y: -8, duration: 200 }}
  >
    <p class="px-3 pt-2 text-sm font-semibold text-gray-600">더보기</p>
@@ -57,7 +57,9 @@
        onclick: () => void,
      )}
        <button {onclick} class="rounded-xl active:bg-gray-100">
-          <div class="flex items-center gap-x-3 px-3 py-2 text-gray-700 transition active:scale-95">
+          <div
+            class="flex items-center gap-x-3 px-3 py-2 text-lg text-gray-700 transition active:scale-95"
+          >
            <Icon />
            <p class="font-medium">{text}</p>
          </div>
--- a/src/routes/(fullscreen)/search/+page.svelte
+++ b/src/routes/(fullscreen)/search/+page.svelte
@@ -37,8 +37,8 @@
    includeImages: false,
    includeVideos: false,
    includeDirectories: false,
-    searchInFavorites: false,
    searchInDirectory: false,
+    searchInFavorites: false,
    categories: [],
  });
  let hasCategoryFilter = $derived(filters.categories.length > 0);
@@ -47,7 +47,6 @@
      filters.includeImages ||
      filters.includeVideos ||
      filters.includeDirectories ||
-      filters.searchInFavorites ||
      filters.name.trim().length > 0,
  );

@@ -84,9 +83,7 @@

    return sortEntries(
      [...directories, ...files].filter(
-        (entry) =>
-          (!nameFilter || searchString(entry.name, nameFilter)) &&
-          (!filters.searchInFavorites || entry.isFavorite),
+        (entry) => !nameFilter || searchString(entry.name, nameFilter),
      ),
    );
  });
@@ -145,6 +142,7 @@
    // Svelte sucks
    hasAnyFilter;
    filters.searchInDirectory;
+    filters.searchInFavorites;
    filters.categories.length;

    if (untrack(() => isRestoredFromSnapshot)) {
@@ -156,6 +154,7 @@
      requestSearch(
        {
          ancestorId: filters.searchInDirectory ? data.directoryId! : "root",
+          inFavorites: filters.searchInFavorites,
          categories: filters.categories,
        },
        $masterKeyStore?.get(1)?.key!,
@@ -216,7 +215,12 @@
    </div>
    {#if hasAnyFilter}
      <div class="flex flex-grow flex-col space-y-2 bg-white p-4">
-        <p class="text-lg font-bold text-gray-800">검색 결과</p>
+        <p class="text-lg font-bold text-gray-800">
+          검색 결과
+          {#if result.length > 0}
+            {" "}({result.length}개)
+          {/if}
+        </p>
        {#if result.length > 0}
          <RowVirtualizer
            count={result.length}
--- a/src/routes/(fullscreen)/search/SearchBar.svelte
+++ b/src/routes/(fullscreen)/search/SearchBar.svelte
@@ -1,17 +1,14 @@
 <script lang="ts">
-  import type { ClassValue } from "svelte/elements";
-
  import IconArrowBack from "~icons/material-symbols/arrow-back";

  interface Props {
-    class?: ClassValue;
    value: string;
  }

-  let { class: className, value = $bindable() }: Props = $props();
+  let { value = $bindable() }: Props = $props();
 </script>

-<div class={["sticky top-0 z-10 flex items-center gap-x-2 px-2 py-3 backdrop-blur-2xl", className]}>
+<div class={"sticky top-0 z-10 flex items-center gap-x-2 px-2 py-3 backdrop-blur-2xl"}>
  <button
    onclick={() => history.back()}
    class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
@@ -22,6 +19,6 @@
    bind:value
    type="text"
    placeholder="검색"
-    class="mr-1 h-[2.3rem] flex-grow rounded-lg bg-gray-100 px-3 py-1.5 placeholder-gray-600 focus:outline-none"
+    class="mr-1 h-[2.3rem] min-w-0 flex-grow rounded-lg bg-gray-100 px-3 py-1.5 placeholder-gray-600 focus:outline-none"
  />
 </div>
--- a/src/routes/(fullscreen)/search/service.ts
+++ b/src/routes/(fullscreen)/search/service.ts
@@ -10,6 +10,7 @@ import { trpc } from "$trpc/client";

 export interface SearchFilter {
  ancestorId: DirectoryId;
+  inFavorites: boolean;
  categories: { info: LocalCategoryInfo; type: "include" | "exclude" }[];
 }

@@ -21,6 +22,7 @@ export interface SearchResult {
 export const requestSearch = async (filter: SearchFilter, masterKey: CryptoKey) => {
  const { directories: directoriesRaw, files: filesRaw } = await trpc().search.search.query({
    ancestor: filter.ancestorId,
+    inFavorites: filter.inFavorites,
    includeCategories: filter.categories
      .filter(({ type }) => type === "include")
      .map(({ info }) => info.id),
--- a/src/routes/(main)/category/[[id]]/File.svelte
+++ b/src/routes/(main)/category/[[id]]/File.svelte
@@ -3,6 +3,7 @@
  import { DirectoryEntryLabel } from "$lib/components/molecules";
  import { getFileThumbnail } from "$lib/modules/file";
  import type { CategoryFileInfo } from "$lib/modules/filesystem";
+  import { formatDateTime } from "$lib/utils";
  import type { SelectedFile } from "./service.svelte";

  import IconClose from "~icons/material-symbols/close";
@@ -19,7 +20,7 @@
 </script>

 <ActionEntryButton
-  class="h-12"
+  class="h-14"
  onclick={() => onclick(info)}
  actionButtonIcon={onRemoveClick && IconClose}
  onActionButtonClick={() => onRemoveClick?.(info)}
@@ -28,6 +29,7 @@
    type="file"
    thumbnail={$thumbnail}
    name={info.name}
+    subtext={formatDateTime(info.createdAt ?? info.lastModifiedAt)}
    isFavorite={info.isFavorite}
  />
 </ActionEntryButton>
--- a/src/routes/(main)/directory/[[id]]/+page.svelte
+++ b/src/routes/(main)/directory/[[id]]/+page.svelte
@@ -103,7 +103,7 @@
 </script>

 <svelte:head>
-  <title>파일</title>
+  <title>내 파일</title>
 </svelte:head>

 <input bind:this={fileInput} onchange={uploadFile} type="file" multiple class="hidden" />
--- a/src/routes/(main)/favorites/+page.svelte
+++ b/src/routes/(main)/favorites/+page.svelte
@@ -44,30 +44,17 @@
  <title>즐겨찾기</title>
 </svelte:head>

-<TopBar title="즐겨찾기" showBackButton={false}>
+<div class="flex h-full flex-col">
+  <TopBar title="즐겨찾기" showBackButton={false}>
    <button
      onclick={() => goto("/search?from=favorites")}
      class="w-full rounded-full p-1 text-2xl active:bg-black active:bg-opacity-[0.04]"
    >
      <IconSearch />
    </button>
-</TopBar>
-<div class="flex h-full flex-col p-4 !pt-0">
-  {#if isLoading}
-    <div class="flex flex-grow items-center justify-center">
-      <p class="text-gray-500">
-        {#if data.favorites.files.length === 0 && data.favorites.directories.length === 0}
-          즐겨찾기한 항목이 없어요.
-        {:else}
-          즐겨찾기 목록을 불러오고 있어요.
-        {/if}
-      </p>
-    </div>
-  {:else if entries.length === 0}
-    <div class="flex flex-grow items-center justify-center">
-      <p class="text-gray-500">즐겨찾기한 항목이 없어요.</p>
-    </div>
-  {:else}
+  </TopBar>
+  <div class="flex flex-grow flex-col px-4 pb-4">
+    {#if entries.length > 0}
      <RowVirtualizer
        count={entries.length}
        getItemKey={(index) => `${entries[index]!.type}-${entries[index]!.details.id}`}
@@ -91,5 +78,16 @@
          {/if}
        {/snippet}
      </RowVirtualizer>
+    {:else}
+      <div class="flex flex-grow items-center justify-center">
+        <p class="text-gray-500">
+          {#if isLoading}
+            즐겨찾기 목록을 불러오고 있어요.
+          {:else}
+            즐겨찾기한 항목이 없어요.
          {/if}
+        </p>
+      </div>
+    {/if}
+  </div>
 </div>
--- a/src/routes/(main)/favorites/File.svelte
+++ b/src/routes/(main)/favorites/File.svelte
@@ -3,6 +3,7 @@
  import { DirectoryEntryLabel } from "$lib/components/molecules";
  import { getFileThumbnail } from "$lib/modules/file";
  import type { SummarizedFileInfo } from "$lib/modules/filesystem";
+  import { formatDateTime } from "$lib/utils";

  import IconClose from "~icons/material-symbols/close";

@@ -23,5 +24,11 @@
  actionButtonIcon={IconClose}
  onActionButtonClick={onRemoveClick}
 >
-  <DirectoryEntryLabel type="file" thumbnail={$thumbnail} name={info.name} isFavorite />
+  <DirectoryEntryLabel
+    type="file"
+    thumbnail={$thumbnail}
+    name={info.name}
+    subtext={formatDateTime(info.createdAt ?? info.lastModifiedAt)}
+    isFavorite
+  />
 </ActionEntryButton>
--- a/src/routes/(main)/menu/+page.svelte
+++ b/src/routes/(main)/menu/+page.svelte
@@ -52,13 +52,6 @@
  </div>
  <div class="space-y-2">
    <p class="font-semibold">보안</p>
-    <MenuEntryButton
-      onclick={() => goto("/auth/changePassword")}
-      icon={IconPassword}
-      iconColor="text-blue-500"
-    >
-      비밀번호 바꾸기
-    </MenuEntryButton>
    <MenuEntryButton onclick={logout} icon={IconLogout} iconColor="text-red-500">
      로그아웃
    </MenuEntryButton>
--- a/src/trpc/routers/auth.ts
+++ b/src/trpc/routers/auth.ts
@@ -5,6 +5,7 @@ import { ClientRepo, SessionRepo, UserRepo, IntegrityError } from "$lib/server/d
 import env from "$lib/server/loadenv";
 import { cookieOptions } from "$lib/server/modules/auth";
 import { generateChallenge, verifySignature, issueSessionId } from "$lib/server/modules/crypto";
+import { demoLogger } from "$lib/server/modules/logger";
 import { router, publicProcedure, roleProcedure } from "../init.server";

 const authRouter = router({
@@ -24,6 +25,10 @@ const authRouter = router({
      const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
      await SessionRepo.createSession(user.id, sessionId, ctx.locals.ip, ctx.locals.userAgent);
      ctx.cookies.set("sessionId", sessionIdSigned, cookieOptions);
+
+      if (input.email === "arkvault-demo@minchan.me") {
+        demoLogger.log("demo:login", { ip: ctx.locals.ip, sessionId });
+      }
    }),

  logout: roleProcedure["any"].mutation(async ({ ctx }) => {
@@ -38,22 +43,8 @@ const authRouter = router({
        newPassword: z.string().nonempty(),
      }),
    )
-    .mutation(async ({ ctx, input }) => {
-      if (input.oldPassword === input.newPassword) {
-        throw new TRPCError({ code: "BAD_REQUEST", message: "Same passwords" });
-      } else if (input.newPassword.length < 8) {
-        throw new TRPCError({ code: "BAD_REQUEST", message: "Too short password" });
-      }
-
-      const user = await UserRepo.getUser(ctx.session.userId);
-      if (!user) {
-        throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "Invalid session id" });
-      } else if (!(await argon2.verify(user.password, input.oldPassword))) {
-        throw new TRPCError({ code: "FORBIDDEN", message: "Invalid password" });
-      }
-
-      await UserRepo.setUserPassword(ctx.session.userId, await argon2.hash(input.newPassword));
-      await SessionRepo.deleteAllOtherSessions(ctx.session.userId, ctx.session.sessionId);
+    .mutation(() => {
+      throw new TRPCError({ code: "NOT_IMPLEMENTED" });
    }),

  upgrade: roleProcedure["notClient"]
--- a/src/trpc/routers/directory.ts
+++ b/src/trpc/routers/directory.ts
@@ -3,6 +3,7 @@ import { z } from "zod";
 import { DirectoryIdSchema } from "$lib/schemas";
 import { DirectoryRepo, FileRepo, IntegrityError } from "$lib/server/db";
 import { safeUnlink } from "$lib/server/modules/filesystem";
+import { demoLogger } from "$lib/server/modules/logger";
 import { router, roleProcedure } from "../init.server";

 const directoryRouter = router({
@@ -134,6 +135,7 @@ const directoryRouter = router({
        const files = await DirectoryRepo.unregisterDirectory(ctx.session.userId, input.id);
        return {
          deletedFiles: files.map((file) => {
+            demoLogger.log("file:delete", { ip: ctx.locals.ip, fileId: file.id, recursive: true });
            safeUnlink(file.path); // Intended
            safeUnlink(file.thumbnailPath); // Intended
            return file.id;
--- a/src/trpc/routers/file.ts
+++ b/src/trpc/routers/file.ts
@@ -2,6 +2,7 @@ import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { FileRepo, MediaRepo, IntegrityError } from "$lib/server/db";
 import { safeUnlink } from "$lib/server/modules/filesystem";
+import { demoLogger } from "$lib/server/modules/logger";
 import { router, roleProcedure } from "../init.server";

 const fileRouter = router({
@@ -174,6 +175,7 @@ const fileRouter = router({
    .mutation(async ({ ctx, input }) => {
      try {
        const { path, thumbnailPath } = await FileRepo.unregisterFile(ctx.session.userId, input.id);
+        demoLogger.log("file:delete", { ip: ctx.locals.ip, fileId: input.id });
        safeUnlink(path); // Intended
        safeUnlink(thumbnailPath); // Intended
      } catch (e) {
--- a/src/trpc/routers/search.ts
+++ b/src/trpc/routers/search.ts
@@ -8,6 +8,7 @@ const searchRouter = router({
    .input(
      z.object({
        ancestor: DirectoryIdSchema.default("root"),
+        inFavorites: z.boolean().default(false),
        includeCategories: z.number().positive().array().default([]),
        excludeCategories: z.number().positive().array().default([]),
      }),
@@ -15,10 +16,14 @@ const searchRouter = router({
    .query(async ({ ctx, input }) => {
      const [directories, files] = await Promise.all([
        input.includeCategories.length === 0 && input.excludeCategories.length === 0
-          ? DirectoryRepo.getAllRecursiveDirectoriesByParent(ctx.session.userId, input.ancestor)
+          ? DirectoryRepo.searchDirectories(ctx.session.userId, {
+              parentId: input.ancestor,
+              inFavorites: input.inFavorites,
+            })
          : [],
        FileRepo.searchFiles(ctx.session.userId, {
          parentId: input.ancestor,
+          inFavorites: input.inFavorites,
          includeCategoryIds: input.includeCategories,
          excludeCategoryIds: input.excludeCategories,
        }),
--- a/src/trpc/routers/upload.ts
+++ b/src/trpc/routers/upload.ts
@@ -6,11 +6,13 @@ import mime from "mime";
 import { dirname } from "path";
 import { v4 as uuidv4 } from "uuid";
 import { z } from "zod";
+import { MAX_CHUNKS } from "$lib/constants";
 import { DirectoryIdSchema } from "$lib/schemas";
 import { FileRepo, MediaRepo, UploadRepo, IntegrityError } from "$lib/server/db";
 import db from "$lib/server/db/kysely";
 import env from "$lib/server/loadenv";
 import { safeRecursiveRm, safeUnlink } from "$lib/server/modules/filesystem";
+import { demoLogger } from "$lib/server/modules/logger";
 import { router, roleProcedure } from "../init.server";

 const UPLOADS_EXPIRES = 24 * 3600 * 1000; // 24 hours
@@ -28,7 +30,7 @@ const uploadRouter = router({
  startFileUpload: roleProcedure["activeClient"]
    .input(
      z.object({
-        chunks: z.int().positive(),
+        chunks: z.int().positive().max(MAX_CHUNKS),
        parent: DirectoryIdSchema,
        mekVersion: z.int().positive(),
        dek: z.base64().nonempty(),
@@ -76,6 +78,7 @@ const uploadRouter = router({
              : null,
          encLastModifiedAt: { ciphertext: input.lastModifiedAt, iv: input.lastModifiedAtIv },
        });
+        demoLogger.log("upload:start", { ip: ctx.locals.ip, uploadId: id });
        return { uploadId: id };
      } catch (e) {
        await safeRecursiveRm(path);
@@ -153,6 +156,7 @@ const uploadRouter = router({
        });

        await safeRecursiveRm(session.path);
+        demoLogger.log("upload:complete", { ip: ctx.locals.ip, uploadId, fileId });
        return { file: fileId };
      } catch (e) {
        await safeUnlink(filePath);
@@ -183,6 +187,7 @@ const uploadRouter = router({
          fileId: input.file,
          dekVersion: input.dekVersion,
        });
+        demoLogger.log("thumbnail:start", { ip: ctx.locals.ip, uploadId: id });
        return { uploadId: id };
      } catch (e) {
        await safeRecursiveRm(path);
@@ -238,6 +243,11 @@ const uploadRouter = router({
          await UploadRepo.deleteUploadSession(trx, uploadId);
          return oldPath;
        });
+        demoLogger.log("thumbnail:complete", {
+          ip: ctx.locals.ip,
+          uploadId,
+          fileId: session.fileId,
+        });
        await Promise.all([safeUnlink(oldThumbnailPath), safeRecursiveRm(session.path)]);
      } catch (e) {
        await safeUnlink(thumbnailPath);
Author	SHA1	Message	Date
static	66c3f2df71	데모를 위해 파일 용량 제한 추가, 비밀번호 변경 기능 삭제, 악용될 수 있는 API에 로깅 추가	2026-01-18 18:07:53 +09:00
static	385404ece2	Merge pull request #21 from kmc7468/dev v0.9.1	2026-01-18 16:35:41 +09:00
static	9635d2a51b	IndexedDB에 가끔 파일 및 디렉터리 정보를 저장하지 못하던 버그 수정	2026-01-18 16:32:06 +09:00
static	3b0cfd5a92	즐겨찾기 검색 필터를 재귀적으로 동작하도록 변경	2026-01-18 16:16:38 +09:00
static	2f6d35c335	모바일 환경에서 SearchBar의 레이아웃이 깨지는 문제 수정	2026-01-18 14:16:40 +09:00