[Release] v3.2.4-beta (#310)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: danielalves96 <62755605+danielalves96@users.noreply.github.com>

.github/copilot-instructions.md

@@ -0,0 +1,259 @@
+# GitHub Copilot Instructions for Palmr
+
+This file contains instructions for GitHub Copilot to help contributors work effectively with the Palmr codebase.
+
+## Project Overview
+
+Palmr is a flexible and open-source alternative to file transfer services like WeTransfer and SendGB. It's built with:
+
+- **Backend**: Fastify (Node.js) with TypeScript, SQLite database, and filesystem/S3 storage
+- **Frontend**: Next.js 15 + React + TypeScript + Shadcn/ui
+- **Documentation**: Next.js + Fumadocs + MDX
+- **Package Manager**: pnpm (v10.6.0)
+- **Monorepo Structure**: Three main apps (web, server, docs) in the `apps/` directory
+
+## Architecture and Structure
+
+### Monorepo Layout
+
+```
+apps/
+├── docs/       # Documentation site (Next.js + Fumadocs)
+├── server/     # Backend API (Fastify + TypeScript)
+└── web/        # Frontend application (Next.js 15)
+```
+
+### Key Technologies
+
+- **TypeScript**: Primary language for all applications
+- **Database**: Prisma ORM with SQLite (optional S3-compatible storage)
+- **Authentication**: Multiple OAuth providers (Google, GitHub, Discord, etc.)
+- **Internationalization**: Multi-language support with translation scripts
+- **Validation**: Husky pre-push hooks for linting and type checking
+
+## Development Workflow
+
+### Base Branch
+
+Always create new branches from and submit PRs to the `next` branch, not `main`.
+
+### Commit Convention
+
+Use Conventional Commits format for all commits:
+
+```
+<type>(<scope>): <description>
+
+Types:
+- feat: New feature
+- fix: Bug fix
+- docs: Documentation changes
+- test: Adding or updating tests
+- refactor: Code refactoring
+- style: Code formatting
+- chore: Maintenance tasks
+```
+
+Examples:
+
+- `feat(web): add user authentication system`
+- `fix(api): resolve null pointer exception in user service`
+- `docs: update installation instructions in README`
+- `test(server): add unit tests for user validation`
+
+### Code Quality Standards
+
+1. **Linting**: All apps use ESLint. Run `pnpm lint` before committing
+2. **Formatting**: Use Prettier for code formatting. Run `pnpm format`
+3. **Type Checking**: Run `pnpm type-check` to validate TypeScript
+4. **Validation**: Run `pnpm validate` to run both linting and type checking
+5. **Pre-push Hook**: Automatically validates all apps before pushing
+
+### Testing Changes
+
+- Test incrementally during development
+- Run validation locally before pushing: `pnpm validate` in each app directory
+- Keep changes focused on a single issue or feature
+- Review your work before committing
+
+## Application-Specific Guidelines
+
+### Web App (`apps/web/`)
+
+- Framework: Next.js 15 with App Router
+- Port: 3000 (development)
+- Scripts:
+  - `pnpm dev`: Start development server
+  - `pnpm build`: Build for production
+  - `pnpm validate`: Run linting and type checking
+- Translations: Use Python scripts in `scripts/` directory
+  - `pnpm translations:check`: Check translation status
+  - `pnpm translations:sync`: Synchronize translations
+
+### Server App (`apps/server/`)
+
+- Framework: Fastify with TypeScript
+- Port: 3333 (default)
+- Scripts:
+  - `pnpm dev`: Start development server with watch mode
+  - `pnpm build`: Build TypeScript to JavaScript
+  - `pnpm validate`: Run linting and type checking
+  - `pnpm db:seed`: Seed database
+- Database: Prisma ORM with SQLite
+
+### Docs App (`apps/docs/`)
+
+- Framework: Next.js with Fumadocs
+- Port: 3001 (development)
+- Content: MDX files in `content/docs/`
+- Scripts:
+  - `pnpm dev`: Start development server
+  - `pnpm build`: Build documentation site
+  - `pnpm validate`: Run linting and type checking
+
+## Code Style and Best Practices
+
+### General Guidelines
+
+1. **Follow Style Guidelines**: Ensure code adheres to ESLint and Prettier configurations
+2. **TypeScript First**: Always use TypeScript, avoid `any` types when possible
+3. **Component Organization**: Keep components focused and single-purpose
+4. **Error Handling**: Implement proper error handling and logging
+5. **Comments**: Add comments only when necessary to explain complex logic
+6. **Imports**: Use absolute imports where configured, keep imports organized
+
+### API Development (Server)
+
+- Use Fastify's schema validation for all routes
+- Follow REST principles for endpoint design
+- Implement proper authentication and authorization
+- Handle errors gracefully with appropriate status codes
+- Document API endpoints in the docs app
+
+### Frontend Development (Web)
+
+- Use React Server Components where appropriate
+- Implement proper loading and error states
+- Follow accessibility best practices (WCAG guidelines)
+- Optimize performance (lazy loading, code splitting)
+- Use Shadcn/ui components for consistent UI
+
+### Documentation
+
+- Write clear, concise documentation
+- Include code examples where helpful
+- Update documentation when changing functionality
+- Use MDX features for interactive documentation
+- Follow the existing documentation structure
+
+## Translation and Internationalization
+
+- All user-facing strings should be translatable
+- Use the Next.js internationalization system
+- Translation files are in `apps/web/messages/`
+- Reference file: `en-US.json`
+- Run `pnpm translations:check` to verify translations
+- Mark untranslated strings with `[TO_TRANSLATE]` prefix
+
+## Common Patterns
+
+### Authentication Providers
+
+- Provider configurations in `apps/server/src/modules/auth-providers/providers.config.ts`
+- Support for OAuth2 and OIDC protocols
+- Field mappings for user data normalization
+- Special handling for providers like GitHub that require additional API calls
+
+### File Storage
+
+- Default: Filesystem storage
+- Optional: S3-compatible object storage
+- File metadata stored in SQLite database
+
+### Environment Variables
+
+- Configure via `.env` files (not committed to repository)
+- Required variables documented in README or docs
+- Use environment-specific configurations
+
+## Contributing Guidelines
+
+### Pull Request Process
+
+1. Fork the repository
+2. Create a branch from `next`: `git checkout -b feature/your-feature upstream/next`
+3. Make focused changes addressing a single issue/feature
+4. Write or update tests as needed
+5. Update documentation to reflect changes
+6. Ensure all validations pass: `pnpm validate` in each app
+7. Commit using Conventional Commits
+8. Push to your fork
+9. Create Pull Request targeting the `next` branch
+
+### Code Review
+
+- Be responsive to feedback
+- Keep discussions constructive and professional
+- Make requested changes promptly
+- Ask questions if requirements are unclear
+
+### What to Avoid
+
+- Don't mix unrelated changes in a single PR
+- Don't skip linting or type checking
+- Don't commit directly to `main` or `next` branches
+- Don't add unnecessary dependencies
+- Don't ignore existing code style and patterns
+- Don't remove or modify tests without good reason
+
+## Helpful Commands
+
+### Root Level
+
+```bash
+pnpm install          # Install all dependencies
+git config core.hooksPath .husky  # Configure Git hooks
+```
+
+### Per App (web/server/docs)
+
+```bash
+pnpm dev              # Start development server
+pnpm build            # Build for production
+pnpm lint             # Run ESLint
+pnpm lint:fix         # Fix ESLint issues automatically
+pnpm format           # Format code with Prettier
+pnpm format:check     # Check code formatting
+pnpm type-check       # Run TypeScript type checking
+pnpm validate         # Run lint + type-check
+```
+
+### Docker
+
+```bash
+docker-compose up     # Start all services
+docker-compose down   # Stop all services
+```
+
+## Resources
+
+- **Documentation**: [https://palmr.kyantech.com.br](https://palmr.kyantech.com.br)
+- **Contributing Guide**: [CONTRIBUTING.md](../CONTRIBUTING.md)
+- **Issue Tracker**: GitHub Issues
+- **License**: Apache-2.0
+
+## Getting Help
+
+- Review existing documentation in `apps/docs/content/docs/`
+- Check contribution guide in `CONTRIBUTING.md`
+- Review existing code for patterns and examples
+- Ask questions in PR discussions or issues
+- Read error messages and logs carefully
+
+## Important Notes
+
+- **Beta Status**: This project is in beta; expect changes and improvements
+- **Focus on Quality**: Prioritize code quality and maintainability over speed
+- **Test Locally**: Always test your changes locally before submitting
+- **Documentation Matters**: Keep documentation synchronized with code
+- **Community First**: Be respectful, patient, and constructive with all contributors

.gitignore

@@ -33,4 +33,5 @@ apps/server/dist/*
 .steering
 data/
 
-node_modules/
+node_modules/
+screenshots/

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20-alpine AS base
+FROM node:24-alpine AS base
 
 # Install system dependencies
 RUN apk add --no-cache \

README.md

@@ -6,6 +6,17 @@
 
 **Palmr.** is a **flexible** and **open-source** alternative to file transfer services like **WeTransfer**, **SendGB**, **Send Anywhere**, and **Files.fm**.
 
+<div align="center">
+  <div style="background: linear-gradient(135deg, #ff4757, #ff3838); padding: 20px; border-radius: 12px; margin: 20px 0; box-shadow: 0 4px 15px rgba(255, 71, 87, 0.3); border: 2px solid #ff3838;">
+    <h3 style="color: white; margin: 0 0 10px 0; font-size: 18px; font-weight: bold;">
+      ⚠️ BETA VERSION
+    </h3>
+    <p style="color: white; margin: 0; font-size: 14px; opacity: 0.95;">
+      <strong>This project is currently in beta phase.</strong><br>
+      Not recommended for production environments.
+    </p>
+  </div>
+</div>
 
 🔗 **For detailed documentation visit:** [Palmr. - Documentation](https://palmr.kyantech.com.br)
 

apps/docs/content/docs/3.2-beta/cleanup-orphan-files.mdx

@@ -0,0 +1,374 @@
+---
+title: Cleanup Orphan Files
+icon: Trash2
+---
+
+This guide provides detailed instructions on how to identify and remove orphan file records from your Palmr database. Orphan files are database entries that reference files that no longer exist in the storage system, typically resulting from failed uploads or interrupted transfers.
+
+## When and why to use this tool
+
+The orphan file cleanup script is designed to maintain database integrity by removing stale file records. Consider using this tool if:
+
+- Users are experiencing "File not found" errors when attempting to download files that appear in the UI
+- You've identified failed uploads that left incomplete database records
+- You're performing routine database maintenance
+- You've migrated storage systems and need to verify file consistency
+- You need to free up quota space occupied by phantom file records
+
+> **Note:** This script only removes **database records** for files that don't exist in storage. It does not delete physical files. Files that exist in storage will remain untouched.
+
+## How the cleanup works
+
+Palmr provides a maintenance script that scans all file records in the database and verifies their existence in the storage system (either filesystem or S3). The script operates in two modes:
+
+- **Dry-run mode (default):** Identifies orphan files and displays what would be deleted without making any changes
+- **Confirmation mode:** Actually removes the orphan database records after explicit confirmation
+
+The script maintains safety by:
+- Checking file existence before marking as orphan
+- Providing detailed statistics and file listings
+- Requiring explicit `--confirm` flag to delete records
+- Working with both filesystem and S3 storage providers
+- Preserving all files that exist in storage
+
+## Understanding orphan files
+
+### What are orphan files?
+
+Orphan files occur when:
+
+1. **Failed chunked uploads:** A large file upload starts, creates a database record, but the upload fails before completion
+2. **Interrupted transfers:** Network issues or server restarts interrupt file transfers mid-process
+3. **Manual deletions:** Files are manually deleted from storage without removing the database record
+4. **Storage migrations:** Files are moved or lost during storage system changes
+
+### Why they cause problems
+
+When orphan records exist in the database:
+- Users see files in the UI that cannot be downloaded
+- Download attempts result in "ENOENT: no such file or directory" errors
+- Storage quota calculations become inaccurate
+- The system returns 500 errors instead of proper 404 responses (in older versions)
+
+### Renamed files with suffixes
+
+Files with duplicate names are automatically renamed with suffixes (e.g., `file (1).png`, `file (2).png`). Sometimes the upload fails after the database record is created but before the physical file is saved, creating an orphan record with a suffix.
+
+**Example:**
+```
+Database record: photo (1).png → objectName: user123/1758805195682-Rjn9at692HdR.png
+Physical file: Does not exist ❌
+```
+
+## Step-by-step instructions
+
+### 1. Access the server environment
+
+**For Docker installations:**
+
+```bash
+docker exec -it <container_name> /bin/sh
+cd /app/palmr-app
+```
+
+**For bare-metal installations:**
+
+```bash
+cd /path/to/palmr/apps/server
+```
+
+### 2. Run the cleanup script in dry-run mode
+
+First, run the script without the `--confirm` flag to see what would be deleted:
+
+```bash
+pnpm cleanup:orphan-files
+```
+
+This will:
+- Scan all file records in the database
+- Check if each file exists in storage
+- Display a summary of orphan files
+- Show what would be deleted (without actually deleting)
+
+### 3. Review the output
+
+The script will provide detailed information about orphan files:
+
+```text
+Starting orphan file cleanup...
+Storage mode: Filesystem
+Found 7 files in database
+❌ Orphan: photo(1).png (cmddjchw80000gmiimqnxga2g/1758805195682-Rjn9at692HdR.png)
+❌ Orphan: document.pdf (cmddjchw80000gmiimqnxga2g/1758803757558-JQxlvF816UVo.pdf)
+
+📊 Summary:
+  Total files in DB: 7
+  ✅ Files with storage: 5
+  ❌ Orphan files: 2
+
+🗑️  Orphan files to be deleted:
+  - photo(1).png (0.76 MB) - cmddjchw80000gmiimqnxga2g/1758805195682-Rjn9at692HdR.png
+  - document.pdf (2.45 MB) - cmddjchw80000gmiimqnxga2g/1758803757558-JQxlvF816UVo.pdf
+
+⚠️  Dry run mode. To actually delete orphan records, run with --confirm flag:
+   pnpm cleanup:orphan-files:confirm
+```
+
+### 4. Confirm and execute the cleanup
+
+If you're satisfied with the results and want to proceed with the deletion:
+
+```bash
+pnpm cleanup:orphan-files:confirm
+```
+
+This will remove the orphan database records and display a confirmation:
+
+```text
+🗑️  Deleting orphan file records...
+  ✓ Deleted: photo(1).png
+  ✓ Deleted: document.pdf
+
+✅ Cleanup complete!
+   Deleted 2 orphan file records
+```
+
+## Example session
+
+Below is a complete example of running the cleanup script:
+
+```bash
+$ pnpm cleanup:orphan-files
+
+> palmr-api@3.2.3-beta cleanup:orphan-files
+> tsx src/scripts/cleanup-orphan-files.ts
+
+Starting orphan file cleanup...
+Storage mode: Filesystem
+Found 15 files in database
+❌ Orphan: video.mp4 (user123/1758803869037-1WhtnrQioeFQ.mp4)
+❌ Orphan: image(1).png (user123/1758805195682-Rjn9at692HdR.png)
+❌ Orphan: image(2).png (user123/1758803757558-JQxlvF816UVo.png)
+
+📊 Summary:
+  Total files in DB: 15
+  ✅ Files with storage: 12
+  ❌ Orphan files: 3
+
+🗑️  Orphan files to be deleted:
+  - video.mp4 (97.09 MB) - user123/1758803869037-1WhtnrQioeFQ.mp4
+  - image(1).png (0.01 MB) - user123/1758805195682-Rjn9at692HdR.png
+  - image(2).png (0.76 MB) - user123/1758803757558-JQxlvF816UVo.png
+
+⚠️  Dry run mode. To actually delete orphan records, run with --confirm flag:
+   pnpm cleanup:orphan-files:confirm
+
+$ pnpm cleanup:orphan-files:confirm
+
+> palmr-api@3.2.3-beta cleanup:orphan-files:confirm
+> tsx src/scripts/cleanup-orphan-files.ts --confirm
+
+Starting orphan file cleanup...
+Storage mode: Filesystem
+Found 15 files in database
+❌ Orphan: video.mp4 (user123/1758803869037-1WhtnrQioeFQ.mp4)
+❌ Orphan: image(1).png (user123/1758805195682-Rjn9at692HdR.png)
+❌ Orphan: image(2).png (user123/1758803757558-JQxlvF816UVo.png)
+
+📊 Summary:
+  Total files in DB: 15
+  ✅ Files with storage: 12
+  ❌ Orphan files: 3
+
+🗑️  Orphan files to be deleted:
+  - video.mp4 (97.09 MB) - user123/1758803869037-1WhtnrQioeFQ.mp4
+  - image(1).png (0.01 MB) - user123/1758805195682-Rjn9at692HdR.png
+  - image(2).png (0.76 MB) - user123/1758803757558-JQxlvF816UVo.png
+
+🗑️  Deleting orphan file records...
+  ✓ Deleted: video.mp4
+  ✓ Deleted: image(1).png
+  ✓ Deleted: image(2).png
+
+✅ Cleanup complete!
+   Deleted 3 orphan file records
+
+Script completed successfully
+```
+
+## Troubleshooting common issues
+
+### No orphan files found
+
+```text
+📊 Summary:
+  Total files in DB: 10
+  ✅ Files with storage: 10
+  ❌ Orphan files: 0
+
+✨ No orphan files found!
+```
+
+**This is good!** It means your database is in sync with your storage system.
+
+### Script cannot connect to database
+
+If you see database connection errors:
+
+1. Verify the database file exists:
+   ```bash
+   ls -la prisma/palmr.db
+   ```
+
+2. Check database permissions:
+   ```bash
+   chmod 644 prisma/palmr.db
+   ```
+
+3. Ensure you're in the correct directory:
+   ```bash
+   pwd  # Should show .../palmr/apps/server
+   ```
+
+### Storage provider errors
+
+For **S3 storage:**
+- Verify your S3 credentials are configured correctly
+- Check that the bucket is accessible
+- Ensure network connectivity to S3
+
+For **Filesystem storage:**
+- Verify the uploads directory exists and is readable
+- Check file system permissions
+- Ensure sufficient disk space
+
+### Script fails to delete records
+
+If deletion fails for specific files:
+- Check database locks (close other connections)
+- Verify you have write permissions to the database
+- Review the error message for specific details
+
+## Understanding the output
+
+### File statistics
+
+The script provides several key metrics:
+
+- **Total files in DB:** All file records in your database
+- **Files with storage:** Records where the physical file exists
+- **Orphan files:** Records where the physical file is missing
+
+### File information
+
+For each orphan file, you'll see:
+
+- **Name:** Display name in the UI
+- **Size:** File size as recorded in the database
+- **Object name:** Internal storage path
+
+Example: `photo(1).png (0.76 MB) - user123/1758805195682-Rjn9at692HdR.png`
+
+## Prevention and best practices
+
+### Prevent orphan files from occurring
+
+1. **Monitor upload failures:** Check server logs for upload errors
+2. **Stable network:** Ensure reliable network connectivity for large uploads
+3. **Adequate resources:** Provide sufficient disk space and memory
+4. **Regular maintenance:** Run this script periodically as part of maintenance
+
+### When to run cleanup
+
+Consider running the cleanup script:
+
+- **Monthly:** As part of routine database maintenance
+- **After incidents:** Following server crashes or storage issues
+- **Before migrations:** Before moving to new storage systems
+- **When users report errors:** If download failures are reported
+
+### Safe cleanup practices
+
+1. **Always run dry-run first:** Review what will be deleted before confirming
+2. **Backup your database:** Create a backup before running with `--confirm`
+3. **Check during low usage:** Run during off-peak hours to minimize disruption
+4. **Document the cleanup:** Keep records of when and why cleanup was performed
+5. **Verify after cleanup:** Check that file counts match expectations
+
+## Technical details
+
+### How files are stored
+
+When files are uploaded to Palmr:
+
+1. Frontend generates a safe object name using random identifiers
+2. Backend creates the final `objectName` as: `${userId}/${timestamp}-${randomId}.${extension}`
+3. If a duplicate name exists, the **display name** gets a suffix, but `objectName` remains unique
+4. Physical file is stored using `objectName`, display name is stored separately in database
+
+### Storage providers
+
+The script works with both storage providers:
+
+- **FilesystemStorageProvider:** Uses `fs.promises.access()` to check file existence
+- **S3StorageProvider:** Uses `HeadObjectCommand` to verify objects in S3 bucket
+
+### Database schema
+
+Files table structure:
+```typescript
+{
+  name: string           // Display name (can have suffixes like "file (1).png")
+  objectName: string     // Physical storage path (always unique)
+  size: bigint          // File size in bytes
+  extension: string     // File extension
+  userId: string        // Owner of the file
+  folderId: string?     // Parent folder (null for root)
+}
+```
+
+## Related improvements
+
+### Download validation (v3.2.3-beta+)
+
+Starting from version 3.2.3-beta, Palmr includes enhanced download validation:
+
+- Files are checked for existence **before** attempting download
+- Returns proper 404 error if file is missing (instead of 500)
+- Provides helpful error message to users
+
+This prevents errors when trying to download orphan files that haven't been cleaned up yet.
+
+## Security considerations
+
+- **Read-only by default:** Dry-run mode is safe and doesn't modify data
+- **Explicit confirmation:** Requires `--confirm` flag to delete records
+- **No file deletion:** Only removes database records, never deletes physical files
+- **Audit trail:** All actions are logged to console
+- **Permission-based:** Only users with server access can run the script
+
+> **Important:** This script does not delete physical files from storage. It only removes database records for files that don't exist. This is intentional to prevent accidental data loss.
+
+## FAQ
+
+**Q: Will this delete my files?**  
+A: No. The script only removes database records for files that are already missing from storage. Physical files are never deleted.
+
+**Q: Can I undo the cleanup?**  
+A: No. Once orphan records are deleted, they cannot be recovered. Always run dry-run mode first and backup your database.
+
+**Q: Why do orphan files have suffixes like (1), (2)?**  
+A: When duplicate files are uploaded, Palmr renames them with suffixes. If the upload fails after creating the database record, an orphan with a suffix remains.
+
+**Q: How often should I run this script?**  
+A: Monthly maintenance is usually sufficient. Run more frequently if you experience many upload failures.
+
+**Q: Does this work with S3 storage?**  
+A: Yes! The script automatically detects your storage provider (filesystem or S3) and works with both.
+
+**Q: What if I have thousands of orphan files?**  
+A: The script handles large numbers efficiently. Consider running during off-peak hours for very large cleanups.
+
+**Q: Can this fix "File not found" errors?**  
+A: Yes, if the errors are caused by orphan database records. The script removes those records, preventing future errors.

apps/docs/content/docs/3.2-beta/manual-installation.mdx

@@ -165,6 +165,27 @@ cp .env.example .env
 
 This creates a `.env` file with the necessary configurations for the frontend.
 
+##### Upload Configuration
+
+Palmr. supports configurable chunked uploading for large files. You can customize the chunk size by setting the following environment variable in your `.env` file:
+
+```bash
+NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100
+```
+
+**How it works:**
+
+- If `NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB` is set, Palmr. will use this value (in megabytes) as the chunk size for all file uploads that exceed this threshold.
+- If not set or left empty, Palmr. automatically calculates optimal chunk sizes based on file size:
+  - Files ≤ 100MB: uploaded without chunking
+  - Files > 100MB and ≤ 1GB: 75MB chunks
+  - Files > 1GB: 150MB chunks
+
+**When to configure:**
+
+- **Default (not set):** Recommended for most use cases. Palmr. will intelligently determine the best chunk size.
+- **Custom value:** Set this if you have specific network conditions or want to optimize for your infrastructure (e.g., slower connections may benefit from smaller chunks like 50MB, while fast networks can handle larger chunks like 200MB, or the upload size per payload may be limited by a proxy like Cloudflare)
+
 #### Install dependencies
 
 Install all the frontend dependencies:

apps/docs/content/docs/3.2-beta/meta.json

@@ -16,6 +16,7 @@
     "reverse-proxy-configuration",
     "download-memory-management",
     "password-reset-without-smtp",
+    "cleanup-orphan-files",
     "oidc-authentication",
     "troubleshooting",
     "---Developers---",

apps/docs/content/docs/3.2-beta/quick-start.mdx

@@ -76,6 +76,7 @@ Choose your storage method based on your needs:
           # - DOWNLOAD_MIN_FILE_SIZE_GB=3.0 # Minimum file size in GB to activate memory management (default: 3.0)
           # - DOWNLOAD_AUTO_SCALE=true # Enable auto-scaling based on system memory (default: true)
           # - NODE_OPTIONS=--expose-gc # Enable garbage collection for large downloads (recommended for production)
+          # - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB for large file uploads (OPTIONAL - auto-calculates if not set)
         volumes:
           - palmr_data:/app/server
 
@@ -151,32 +152,33 @@ Choose your storage method based on your needs:
 
 Customize Palmr's behavior with these environment variables:
 
-| Variable                        | Default    | Description                                                                                                            |
-| ------------------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------- |
-| `ENABLE_S3`                     | `false`    | Enable S3-compatible storage backends                                                                                  |
-| `S3_ENDPOINT`                   | -          | S3 server endpoint URL (required when using S3)                                                                        |
-| `S3_PORT`                       | -          | S3 server port (optional when using S3)                                                                                |
-| `S3_USE_SSL`                    | -          | Enable SSL for S3 connections (optional when using S3)                                                                 |
-| `S3_ACCESS_KEY`                 | -          | S3 access key for authentication (required when using S3)                                                              |
-| `S3_SECRET_KEY`                 | -          | S3 secret key for authentication (required when using S3)                                                              |
-| `S3_REGION`                     | -          | S3 region configuration (optional when using S3)                                                                       |
-| `S3_BUCKET_NAME`                | -          | S3 bucket name for file storage (required when using S3)                                                               |
-| `S3_FORCE_PATH_STYLE`           | `false`    | Force path-style S3 URLs (optional when using S3)                                                                      |
-| `S3_REJECT_UNAUTHORIZED`        | `true`     | Enable strict SSL certificate validation for S3 (set to `false` for self-signed certificates)                          |
-| `ENCRYPTION_KEY`                | -          | **Required when encryption is enabled**: 32+ character key for file encryption                                         |
-| `DISABLE_FILESYSTEM_ENCRYPTION` | `true`     | Disable file encryption for better performance (set to `false` to enable encryption)                                   |
-| `PRESIGNED_URL_EXPIRATION`      | `3600`     | Duration in seconds for presigned URL expiration (applies to both filesystem and S3 storage)                           |
-| `CUSTOM_PATH`                   | -          | Custom base path for disk space detection in manual installations with symlinks                                        |
-| `SECURE_SITE`                   | `false`    | Enable secure cookies for HTTPS/reverse proxy deployments                                                              |
-| `DEFAULT_LANGUAGE`              | `en-US`    | Default application language ([see available languages](/docs/3.2-beta/available-languages))                           |
-| `PALMR_UID`                     | `1000`     | User ID for container processes (helps with file permissions)                                                          |
-| `PALMR_GID`                     | `1000`     | Group ID for container processes (helps with file permissions)                                                         |
-| `NODE_OPTIONS`                  | -          | Node.js options (recommended: `--expose-gc` for garbage collection in production)                                      |
-| `DOWNLOAD_MAX_CONCURRENT`       | auto-scale | Maximum number of simultaneous downloads (see [Download Memory Management](/docs/3.2-beta/download-memory-management)) |
-| `DOWNLOAD_MEMORY_THRESHOLD_MB`  | auto-scale | Memory threshold in MB before throttling                                                                               |
-| `DOWNLOAD_QUEUE_SIZE`           | auto-scale | Maximum queue size for pending downloads                                                                               |
-| `DOWNLOAD_MIN_FILE_SIZE_GB`     | `3.0`      | Minimum file size in GB to activate memory management                                                                  |
-| `DOWNLOAD_AUTO_SCALE`           | `true`     | Enable auto-scaling based on system memory                                                                             |
+| Variable                           | Default        | Description                                                                                                                           |
+| ---------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| `ENABLE_S3`                        | `false`        | Enable S3-compatible storage backends                                                                                                 |
+| `S3_ENDPOINT`                      | -              | S3 server endpoint URL (required when using S3)                                                                                       |
+| `S3_PORT`                          | -              | S3 server port (optional when using S3)                                                                                               |
+| `S3_USE_SSL`                       | -              | Enable SSL for S3 connections (optional when using S3)                                                                                |
+| `S3_ACCESS_KEY`                    | -              | S3 access key for authentication (required when using S3)                                                                             |
+| `S3_SECRET_KEY`                    | -              | S3 secret key for authentication (required when using S3)                                                                             |
+| `S3_REGION`                        | -              | S3 region configuration (optional when using S3)                                                                                      |
+| `S3_BUCKET_NAME`                   | -              | S3 bucket name for file storage (required when using S3)                                                                              |
+| `S3_FORCE_PATH_STYLE`              | `false`        | Force path-style S3 URLs (optional when using S3)                                                                                     |
+| `S3_REJECT_UNAUTHORIZED`           | `true`         | Enable strict SSL certificate validation for S3 (set to `false` for self-signed certificates)                                         |
+| `ENCRYPTION_KEY`                   | -              | **Required when encryption is enabled**: 32+ character key for file encryption                                                        |
+| `DISABLE_FILESYSTEM_ENCRYPTION`    | `true`         | Disable file encryption for better performance (set to `false` to enable encryption)                                                  |
+| `PRESIGNED_URL_EXPIRATION`         | `3600`         | Duration in seconds for presigned URL expiration (applies to both filesystem and S3 storage)                                          |
+| `CUSTOM_PATH`                      | -              | Custom base path for disk space detection in manual installations with symlinks                                                       |
+| `SECURE_SITE`                      | `false`        | Enable secure cookies for HTTPS/reverse proxy deployments                                                                             |
+| `DEFAULT_LANGUAGE`                 | `en-US`        | Default application language ([see available languages](/docs/3.2-beta/available-languages))                                          |
+| `PALMR_UID`                        | `1000`         | User ID for container processes (helps with file permissions)                                                                         |
+| `PALMR_GID`                        | `1000`         | Group ID for container processes (helps with file permissions)                                                                        |
+| `NODE_OPTIONS`                     | -              | Node.js options (recommended: `--expose-gc` for garbage collection in production)                                                     |
+| `DOWNLOAD_MAX_CONCURRENT`          | auto-scale     | Maximum number of simultaneous downloads (see [Download Memory Management](/docs/3.2-beta/download-memory-management))                |
+| `DOWNLOAD_MEMORY_THRESHOLD_MB`     | auto-scale     | Memory threshold in MB before throttling                                                                                              |
+| `DOWNLOAD_QUEUE_SIZE`              | auto-scale     | Maximum queue size for pending downloads                                                                                              |
+| `DOWNLOAD_MIN_FILE_SIZE_GB`        | `3.0`          | Minimum file size in GB to activate memory management                                                                                 |
+| `NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB` | auto-calculate | Chunk size in MB for large file uploads (see [Chunked Upload Configuration](/docs/3.2-beta/quick-start#chunked-upload-configuration)) |
+| `DOWNLOAD_AUTO_SCALE`              | `true`         | Enable auto-scaling based on system memory                                                                                            |
 
 <Callout type="info">
   **Performance First**: Palmr runs without encryption by default for optimal speed and lower resource usage—perfect for
@@ -314,6 +316,28 @@ environment:
 
 **Note:** S3 storage handles encryption through your S3 provider's encryption features.
 
+### Chunked Upload Configuration
+
+Palmr supports configurable chunked uploading for large files. You can customize the chunk size by setting the following environment variable:
+
+```yaml
+environment:
+  - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB
+```
+
+**How it works:**
+
+- If `NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB` is set, Palmr will use this value (in megabytes) as the chunk size for all file uploads that exceed this threshold.
+- If not set or left empty, Palmr automatically calculates optimal chunk sizes based on file size:
+  - Files ≤ 100MB: uploaded without chunking
+  - Files > 100MB and ≤ 1GB: 75MB chunks
+  - Files > 1GB: 150MB chunks
+
+**When to configure:**
+
+- **Default (not set):** Recommended for most use cases. Palmr will intelligently determine the best chunk size.
+- **Custom value:** Set this if you have specific network conditions or want to optimize for your infrastructure (e.g., slower connections may benefit from smaller chunks like 50MB, while fast networks can handle larger chunks like 200MB, or the upload size per payload may be limited by a proxy like Cloudflare)
+
 ---
 
 ## Maintenance

apps/docs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "palmr-docs",
-  "version": "3.2.1-beta",
+  "version": "3.2.4-beta",
   "description": "Docs for Palmr",
   "private": true,
   "author": "Daniel Luiz Alves <daniel@kyantech.com.br>",
@@ -13,7 +13,7 @@
     "react",
     "typescript"
   ],
-  "license": "BSD-2-Clause",
+  "license": "Apache-2.0",
   "packageManager": "pnpm@10.6.0",
   "scripts": {
     "build": "next build",
@@ -62,4 +62,4 @@
     "tw-animate-css": "^1.2.8",
     "typescript": "^5.8.3"
   }
-}
+}

apps/server/.gitignore

@@ -4,3 +4,4 @@ dist/*
 uploads/*
 temp-uploads/*
 prisma/*.db
+tsconfig.tsbuildinfo

apps/server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "palmr-api",
-  "version": "3.2.1-beta",
+  "version": "3.2.4-beta",
   "description": "API for Palmr",
   "private": true,
   "author": "Daniel Luiz Alves <daniel@kyantech.com.br>",
@@ -12,7 +12,7 @@
     "nodejs",
     "typescript"
   ],
-  "license": "BSD-2-Clause",
+  "license": "Apache-2.0",
   "packageManager": "pnpm@10.6.0",
   "main": "index.js",
   "scripts": {
@@ -25,7 +25,9 @@
     "format:check": "prettier . --check",
     "type-check": "npx tsc --noEmit",
     "validate": "pnpm lint && pnpm type-check",
-    "db:seed": "ts-node prisma/seed.js"
+    "db:seed": "ts-node prisma/seed.js",
+    "cleanup:orphan-files": "tsx src/scripts/cleanup-orphan-files.ts",
+    "cleanup:orphan-files:confirm": "tsx src/scripts/cleanup-orphan-files.ts --confirm"
   },
   "prisma": {
     "seed": "node prisma/seed.js"
@@ -77,4 +79,4 @@
     "tsx": "^4.19.2",
     "typescript": "^5.7.3"
   }
-}
+}

apps/server/prisma/schema.prisma

@@ -59,7 +59,6 @@ model File {
   shares Share[] @relation("ShareFiles")
 
   @@index([folderId])
-
   @@map("files")
 }
 
@@ -278,40 +277,40 @@ enum PageLayout {
 }
 
 model TrustedDevice {
-  id           String   @id @default(cuid())
-  userId       String
-  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-  deviceHash   String   @unique
-  deviceName   String?
-  userAgent    String?
-  ipAddress    String?
-  lastUsedAt   DateTime @default(now())
-  expiresAt    DateTime
-  createdAt    DateTime @default(now())
-  updatedAt    DateTime @updatedAt
+  id         String   @id @default(cuid())
+  userId     String
+  user       User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  deviceHash String   @unique
+  deviceName String?
+  userAgent  String?
+  ipAddress  String?
+  lastUsedAt DateTime @default(now())
+  expiresAt  DateTime
+  createdAt  DateTime @default(now())
+  updatedAt  DateTime @updatedAt
 
   @@map("trusted_devices")
 }
 
 model Folder {
-  id          String   @id @default(cuid())
+  id          String  @id @default(cuid())
   name        String
   description String?
   objectName  String
 
-  parentId    String?
-  parent      Folder?  @relation("FolderHierarchy", fields: [parentId], references: [id], onDelete: Cascade)
-  children    Folder[] @relation("FolderHierarchy")
+  parentId String?
+  parent   Folder?  @relation("FolderHierarchy", fields: [parentId], references: [id], onDelete: Cascade)
+  children Folder[] @relation("FolderHierarchy")
 
-  userId      String
-  user        User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  userId String
+  user   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
 
-  files       File[]
+  files File[]
 
-  shares      Share[]  @relation("ShareFolders")
+  shares Share[] @relation("ShareFolders")
 
-  createdAt   DateTime @default(now())
-  updatedAt   DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
   @@index([userId])
   @@index([parentId])

apps/server/prisma/seed.js

@@ -17,6 +17,12 @@ const defaultConfigs = [
     type: "boolean",
     group: "general",
   },
+  {
+    key: "hideVersion",
+    value: "false",
+    type: "boolean",
+    group: "general",
+  },
   {
     key: "appDescription",
     value: "Secure and simple file sharing - Your personal cloud",

apps/server/src/modules/file/controller.ts

@@ -3,6 +3,11 @@ import { FastifyReply, FastifyRequest } from "fastify";
 
 import { env } from "../../env";
 import { prisma } from "../../shared/prisma";
+import {
+  generateUniqueFileName,
+  generateUniqueFileNameForRename,
+  parseFileName,
+} from "../../utils/file-name-generator";
 import { ConfigService } from "../config/service";
 import {
   CheckFileInput,
@@ -93,9 +98,13 @@ export class FileController {
         }
       }
 
+      // Parse the filename and generate a unique name if there's a duplicate
+      const { baseName, extension } = parseFileName(input.name);
+      const uniqueName = await generateUniqueFileName(baseName, extension, userId, input.folderId);
+
       const fileRecord = await prisma.file.create({
         data: {
-          name: input.name,
+          name: uniqueName,
           description: input.description,
           extension: input.extension,
           size: BigInt(input.size),
@@ -169,9 +178,20 @@ export class FileController {
         });
       }
 
-      return reply.status(201).send({
+      // Check for duplicate filename and provide the suggested unique name
+      const { baseName, extension } = parseFileName(input.name);
+      const uniqueName = await generateUniqueFileName(baseName, extension, userId, input.folderId);
+
+      // Include suggestedName in response if the name was changed
+      const response: any = {
         message: "File checks succeeded.",
-      });
+      };
+
+      if (uniqueName !== input.name) {
+        response.suggestedName = uniqueName;
+      }
+
+      return reply.status(201).send(response);
     } catch (error: any) {
       console.error("Error in checkFile:", error);
       return reply.status(400).send({ error: error.message });
@@ -359,6 +379,13 @@ export class FileController {
         return reply.status(403).send({ error: "Access denied." });
       }
 
+      // If renaming the file, check for duplicates and auto-rename if necessary
+      if (updateData.name && updateData.name !== fileRecord.name) {
+        const { baseName, extension } = parseFileName(updateData.name);
+        const uniqueName = await generateUniqueFileNameForRename(baseName, extension, userId, fileRecord.folderId, id);
+        updateData.name = uniqueName;
+      }
+
       const updatedFile = await prisma.file.update({
         where: { id },
         data: updateData,

apps/server/src/modules/filesystem/controller.ts

@@ -12,6 +12,20 @@ export class FilesystemController {
   private chunkManager = ChunkManager.getInstance();
   private memoryManager = DownloadMemoryManager.getInstance();
 
+  /**
+   * Check if a character is valid in an HTTP token (RFC 2616)
+   * Tokens can contain: alphanumeric and !#$%&'*+-.^_`|~
+   * Must exclude separators: ()<>@,;:\"/[]?={} and space/tab
+   */
+  private isTokenChar(char: string): boolean {
+    const code = char.charCodeAt(0);
+    // Basic ASCII range check
+    if (code < 33 || code > 126) return false;
+    // Exclude separator characters per RFC 2616
+    const separators = '()<>@,;:\\"/[]?={} \t';
+    return !separators.includes(char);
+  }
+
   private encodeFilenameForHeader(filename: string): string {
     if (!filename || filename.trim() === "") {
       return 'attachment; filename="download"';
@@ -36,12 +50,10 @@ export class FilesystemController {
       return 'attachment; filename="download"';
     }
 
+    // Create ASCII-safe version with only valid token characters
     const asciiSafe = sanitized
       .split("")
-      .filter((char) => {
-        const code = char.charCodeAt(0);
-        return code >= 32 && code <= 126;
-      })
+      .filter((char) => this.isTokenChar(char))
       .join("");
 
     if (asciiSafe && asciiSafe.trim()) {
@@ -110,13 +122,22 @@ export class FilesystemController {
     const totalChunks = request.headers["x-total-chunks"] as string;
     const chunkSize = request.headers["x-chunk-size"] as string;
     const totalSize = request.headers["x-total-size"] as string;
-    const fileName = request.headers["x-file-name"] as string;
+    const encodedFileName = request.headers["x-file-name"] as string;
     const isLastChunk = request.headers["x-is-last-chunk"] as string;
 
-    if (!fileId || !chunkIndex || !totalChunks || !chunkSize || !totalSize || !fileName) {
+    if (!fileId || !chunkIndex || !totalChunks || !chunkSize || !totalSize || !encodedFileName) {
       return null;
     }
 
+    // Decode the base64-encoded filename to handle UTF-8 characters
+    let fileName: string;
+    try {
+      fileName = decodeURIComponent(escape(Buffer.from(encodedFileName, "base64").toString("binary")));
+    } catch (error) {
+      // Fallback to the encoded value if decoding fails (for backward compatibility)
+      fileName = encodedFileName;
+    }
+
     const metadata = {
       fileId,
       chunkIndex: parseInt(chunkIndex, 10),
@@ -182,6 +203,17 @@ export class FilesystemController {
       }
 
       const filePath = provider.getFilePath(tokenData.objectName);
+
+      const fileExists = await provider.fileExists(tokenData.objectName);
+      if (!fileExists) {
+        console.error(`[DOWNLOAD] File not found: ${tokenData.objectName}`);
+        return reply.status(404).send({
+          error: "File not found",
+          message:
+            "The requested file does not exist on the server. It may have been deleted or the upload was incomplete.",
+        });
+      }
+
       const stats = await fs.promises.stat(filePath);
       const fileSize = stats.size;
       const fileName = tokenData.fileName || "download";

apps/server/src/modules/folder/controller.ts

@@ -35,21 +35,13 @@ export class FolderController {
         }
       }
 
-      const existingFolder = await prisma.folder.findFirst({
-        where: {
-          name: input.name,
-          parentId: input.parentId || null,
-          userId,
-        },
-      });
-
-      if (existingFolder) {
-        return reply.status(400).send({ error: "A folder with this name already exists in this location" });
-      }
+      // Check for duplicates and auto-rename if necessary
+      const { generateUniqueFolderName } = await import("../../utils/file-name-generator.js");
+      const uniqueName = await generateUniqueFolderName(input.name, userId, input.parentId);
 
       const folderRecord = await prisma.folder.create({
         data: {
-          name: input.name,
+          name: uniqueName,
           description: input.description,
           objectName: input.objectName,
           parentId: input.parentId,
@@ -231,19 +223,11 @@ export class FolderController {
         return reply.status(403).send({ error: "Access denied." });
       }
 
+      // If renaming the folder, check for duplicates and auto-rename if necessary
       if (updateData.name && updateData.name !== folderRecord.name) {
-        const duplicateFolder = await prisma.folder.findFirst({
-          where: {
-            name: updateData.name,
-            parentId: folderRecord.parentId,
-            userId,
-            id: { not: id },
-          },
-        });
-
-        if (duplicateFolder) {
-          return reply.status(400).send({ error: "A folder with this name already exists in this location" });
-        }
+        const { generateUniqueFolderName } = await import("../../utils/file-name-generator.js");
+        const uniqueName = await generateUniqueFolderName(updateData.name, userId, folderRecord.parentId, id);
+        updateData.name = uniqueName;
       }
 
       const updatedFolder = await prisma.folder.update({

apps/server/src/modules/reverse-share/controller.ts

@@ -536,4 +536,17 @@ export class ReverseShareController {
       return reply.status(500).send({ error: "Internal server error" });
     }
   }
+
+  async getReverseShareMetadataByAlias(request: FastifyRequest, reply: FastifyReply) {
+    try {
+      const { alias } = request.params as { alias: string };
+      const metadata = await this.reverseShareService.getReverseShareMetadataByAlias(alias);
+      return reply.send(metadata);
+    } catch (error: any) {
+      if (error.message === "Reverse share not found") {
+        return reply.status(404).send({ error: error.message });
+      }
+      return reply.status(400).send({ error: error.message });
+    }
+  }
 }

apps/server/src/modules/reverse-share/routes.ts

@@ -592,4 +592,32 @@ export async function reverseShareRoutes(app: FastifyInstance) {
     },
     reverseShareController.copyFileToUserFiles.bind(reverseShareController)
   );
+
+  app.get(
+    "/reverse-shares/alias/:alias/metadata",
+    {
+      schema: {
+        tags: ["Reverse Share"],
+        operationId: "getReverseShareMetadataByAlias",
+        summary: "Get reverse share metadata by alias for Open Graph",
+        description: "Get lightweight metadata for a reverse share by alias, used for social media previews",
+        params: z.object({
+          alias: z.string().describe("Alias of the reverse share"),
+        }),
+        response: {
+          200: z.object({
+            name: z.string().nullable(),
+            description: z.string().nullable(),
+            totalFiles: z.number(),
+            hasPassword: z.boolean(),
+            isExpired: z.boolean(),
+            isInactive: z.boolean(),
+            maxFiles: z.number().nullable(),
+          }),
+          404: z.object({ error: z.string() }),
+        },
+      },
+    },
+    reverseShareController.getReverseShareMetadataByAlias.bind(reverseShareController)
+  );
 }

apps/server/src/modules/reverse-share/service.ts

@@ -773,4 +773,30 @@ export class ReverseShareService {
       updatedAt: file.updatedAt.toISOString(),
     };
   }
+
+  async getReverseShareMetadataByAlias(alias: string) {
+    const reverseShare = await this.reverseShareRepository.findByAlias(alias);
+    if (!reverseShare) {
+      throw new Error("Reverse share not found");
+    }
+
+    // Check if reverse share is expired
+    const isExpired = reverseShare.expiration && new Date(reverseShare.expiration) < new Date();
+
+    // Check if inactive
+    const isInactive = !reverseShare.isActive;
+
+    const totalFiles = reverseShare.files?.length || 0;
+    const hasPassword = !!reverseShare.password;
+
+    return {
+      name: reverseShare.name,
+      description: reverseShare.description,
+      totalFiles,
+      hasPassword,
+      isExpired,
+      isInactive,
+      maxFiles: reverseShare.maxFiles,
+    };
+  }
 }

apps/server/src/modules/share/controller.ts

@@ -295,4 +295,17 @@ export class ShareController {
       return reply.status(400).send({ error: error.message });
     }
   }
+
+  async getShareMetadataByAlias(request: FastifyRequest, reply: FastifyReply) {
+    try {
+      const { alias } = request.params as { alias: string };
+      const metadata = await this.shareService.getShareMetadataByAlias(alias);
+      return reply.send(metadata);
+    } catch (error: any) {
+      if (error.message === "Share not found") {
+        return reply.status(404).send({ error: error.message });
+      }
+      return reply.status(400).send({ error: error.message });
+    }
+  }
 }

apps/server/src/modules/share/repository.ts

@@ -17,6 +17,9 @@ export interface IShareRepository {
   findShareBySecurityId(
     securityId: string
   ): Promise<(Share & { security: ShareSecurity; files: any[]; folders: any[] }) | null>;
+  findShareByAlias(
+    alias: string
+  ): Promise<(Share & { security: ShareSecurity; files: any[]; folders: any[]; recipients: any[] }) | null>;
   updateShare(id: string, data: Partial<Share>): Promise<Share>;
   updateShareSecurity(id: string, data: Partial<ShareSecurity>): Promise<ShareSecurity>;
   deleteShare(id: string): Promise<Share>;
@@ -130,6 +133,41 @@ export class PrismaShareRepository implements IShareRepository {
     });
   }
 
+  async findShareByAlias(alias: string) {
+    const shareAlias = await prisma.shareAlias.findUnique({
+      where: { alias },
+      include: {
+        share: {
+          include: {
+            security: true,
+            files: true,
+            folders: {
+              select: {
+                id: true,
+                name: true,
+                description: true,
+                objectName: true,
+                parentId: true,
+                userId: true,
+                createdAt: true,
+                updatedAt: true,
+                _count: {
+                  select: {
+                    files: true,
+                    children: true,
+                  },
+                },
+              },
+            },
+            recipients: true,
+          },
+        },
+      },
+    });
+
+    return shareAlias?.share || null;
+  }
+
   async updateShare(id: string, data: Partial<Share>): Promise<Share> {
     return prisma.share.update({
       where: { id },

apps/server/src/modules/share/routes.ts

@@ -347,4 +347,32 @@ export async function shareRoutes(app: FastifyInstance) {
     },
     shareController.notifyRecipients.bind(shareController)
   );
+
+  app.get(
+    "/shares/alias/:alias/metadata",
+    {
+      schema: {
+        tags: ["Share"],
+        operationId: "getShareMetadataByAlias",
+        summary: "Get share metadata by alias for Open Graph",
+        description: "Get lightweight metadata for a share by alias, used for social media previews",
+        params: z.object({
+          alias: z.string().describe("The share alias"),
+        }),
+        response: {
+          200: z.object({
+            name: z.string().nullable(),
+            description: z.string().nullable(),
+            totalFiles: z.number(),
+            totalFolders: z.number(),
+            hasPassword: z.boolean(),
+            isExpired: z.boolean(),
+            isMaxViewsReached: z.boolean(),
+          }),
+          404: z.object({ error: z.string() }),
+        },
+      },
+    },
+    shareController.getShareMetadataByAlias.bind(shareController)
+  );
 }

apps/server/src/modules/share/service.ts

@@ -440,4 +440,31 @@ export class ShareService {
       notifiedRecipients,
     };
   }
+
+  async getShareMetadataByAlias(alias: string) {
+    const share = await this.shareRepository.findShareByAlias(alias);
+    if (!share) {
+      throw new Error("Share not found");
+    }
+
+    // Check if share is expired
+    const isExpired = share.expiration && new Date(share.expiration) < new Date();
+
+    // Check if max views reached
+    const isMaxViewsReached = share.security.maxViews !== null && share.views >= share.security.maxViews;
+
+    const totalFiles = share.files?.length || 0;
+    const totalFolders = share.folders?.length || 0;
+    const hasPassword = !!share.security.password;
+
+    return {
+      name: share.name,
+      description: share.description,
+      totalFiles,
+      totalFolders,
+      hasPassword,
+      isExpired,
+      isMaxViewsReached,
+    };
+  }
 }

apps/server/src/providers/filesystem-storage.provider.ts

@@ -240,7 +240,7 @@ export class FilesystemStorageProvider implements StorageProvider {
 
     try {
       await pipeline(inputStream, encryptStream, writeStream);
-      await fs.rename(tempPath, filePath);
+      await this.moveFile(tempPath, filePath);
     } catch (error) {
       await this.cleanupTempFile(tempPath);
       throw error;
@@ -707,4 +707,18 @@ export class FilesystemStorageProvider implements StorageProvider {
       console.error("Error during temp directory cleanup:", error);
     }
   }
+
+  private async moveFile(src: string, dest: string): Promise<void> {
+    try {
+      await fs.rename(src, dest);
+    } catch (err: any) {
+      if (err.code === "EXDEV") {
+        // cross-device: fallback to copy + delete
+        await fs.copyFile(src, dest);
+        await fs.unlink(src);
+      } else {
+        throw err;
+      }
+    }
+  }
 }

apps/server/src/providers/s3-storage.provider.ts

@@ -1,4 +1,4 @@
-import { DeleteObjectCommand, GetObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3";
+import { DeleteObjectCommand, GetObjectCommand, HeadObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3";
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
 
 import { bucketName, s3Client } from "../config/storage.config";
@@ -14,6 +14,20 @@ export class S3StorageProvider implements StorageProvider {
     }
   }
 
+  /**
+   * Check if a character is valid in an HTTP token (RFC 2616)
+   * Tokens can contain: alphanumeric and !#$%&'*+-.^_`|~
+   * Must exclude separators: ()<>@,;:\"/[]?={} and space/tab
+   */
+  private isTokenChar(char: string): boolean {
+    const code = char.charCodeAt(0);
+    // Basic ASCII range check
+    if (code < 33 || code > 126) return false;
+    // Exclude separator characters per RFC 2616
+    const separators = '()<>@,;:\\"/[]?={} \t';
+    return !separators.includes(char);
+  }
+
   /**
    * Safely encode filename for Content-Disposition header
    */
@@ -41,12 +55,10 @@ export class S3StorageProvider implements StorageProvider {
       return 'attachment; filename="download"';
     }
 
+    // Create ASCII-safe version with only valid token characters
     const asciiSafe = sanitized
       .split("")
-      .filter((char) => {
-        const code = char.charCodeAt(0);
-        return code >= 32 && code <= 126;
-      })
+      .filter((char) => this.isTokenChar(char))
       .join("");
 
     if (asciiSafe && asciiSafe.trim()) {
@@ -110,4 +122,25 @@ export class S3StorageProvider implements StorageProvider {
 
     await s3Client.send(command);
   }
+
+  async fileExists(objectName: string): Promise<boolean> {
+    if (!s3Client) {
+      throw new Error("S3 client is not available");
+    }
+
+    try {
+      const command = new HeadObjectCommand({
+        Bucket: bucketName,
+        Key: objectName,
+      });
+
+      await s3Client.send(command);
+      return true;
+    } catch (error: any) {
+      if (error.name === "NotFound" || error.$metadata?.httpStatusCode === 404) {
+        return false;
+      }
+      throw error;
+    }
+  }
 }

apps/server/src/scripts/cleanup-orphan-files.ts

@@ -0,0 +1,102 @@
+import { isS3Enabled } from "../config/storage.config";
+import { FilesystemStorageProvider } from "../providers/filesystem-storage.provider";
+import { S3StorageProvider } from "../providers/s3-storage.provider";
+import { prisma } from "../shared/prisma";
+import { StorageProvider } from "../types/storage";
+
+/**
+ * Script to clean up orphan file records in the database
+ * (files that are registered in DB but don't exist in storage)
+ */
+async function cleanupOrphanFiles() {
+  console.log("Starting orphan file cleanup...");
+  console.log(`Storage mode: ${isS3Enabled ? "S3" : "Filesystem"}`);
+
+  let storageProvider: StorageProvider;
+  if (isS3Enabled) {
+    storageProvider = new S3StorageProvider();
+  } else {
+    storageProvider = FilesystemStorageProvider.getInstance();
+  }
+
+  // Get all files from database
+  const allFiles = await prisma.file.findMany({
+    select: {
+      id: true,
+      name: true,
+      objectName: true,
+      userId: true,
+      size: true,
+    },
+  });
+
+  console.log(`Found ${allFiles.length} files in database`);
+
+  const orphanFiles: typeof allFiles = [];
+  const existingFiles: typeof allFiles = [];
+
+  // Check each file
+  for (const file of allFiles) {
+    const exists = await storageProvider.fileExists(file.objectName);
+    if (!exists) {
+      orphanFiles.push(file);
+      console.log(`❌ Orphan: ${file.name} (${file.objectName})`);
+    } else {
+      existingFiles.push(file);
+    }
+  }
+
+  console.log(`\n📊 Summary:`);
+  console.log(`  Total files in DB: ${allFiles.length}`);
+  console.log(`  ✅ Files with storage: ${existingFiles.length}`);
+  console.log(`  ❌ Orphan files: ${orphanFiles.length}`);
+
+  if (orphanFiles.length === 0) {
+    console.log("\n✨ No orphan files found!");
+    return;
+  }
+
+  console.log(`\n🗑️  Orphan files to be deleted:`);
+  orphanFiles.forEach((file) => {
+    const sizeMB = Number(file.size) / (1024 * 1024);
+    console.log(`  - ${file.name} (${sizeMB.toFixed(2)} MB) - ${file.objectName}`);
+  });
+
+  // Ask for confirmation (if running interactively)
+  const shouldDelete = process.argv.includes("--confirm");
+
+  if (!shouldDelete) {
+    console.log(`\n⚠️  Dry run mode. To actually delete orphan records, run with --confirm flag:`);
+    console.log(`   node dist/scripts/cleanup-orphan-files.js --confirm`);
+    return;
+  }
+
+  console.log(`\n🗑️  Deleting orphan file records...`);
+
+  let deletedCount = 0;
+  for (const file of orphanFiles) {
+    try {
+      await prisma.file.delete({
+        where: { id: file.id },
+      });
+      deletedCount++;
+      console.log(`  ✓ Deleted: ${file.name}`);
+    } catch (error) {
+      console.error(`  ✗ Failed to delete ${file.name}:`, error);
+    }
+  }
+
+  console.log(`\n✅ Cleanup complete!`);
+  console.log(`   Deleted ${deletedCount} orphan file records`);
+}
+
+// Run the cleanup
+cleanupOrphanFiles()
+  .then(() => {
+    console.log("\nScript completed successfully");
+    process.exit(0);
+  })
+  .catch((error) => {
+    console.error("\n❌ Script failed:", error);
+    process.exit(1);
+  });

apps/server/src/types/storage.ts

@@ -2,6 +2,7 @@ export interface StorageProvider {
   getPresignedPutUrl(objectName: string, expires: number): Promise<string>;
   getPresignedGetUrl(objectName: string, expires: number, fileName?: string): Promise<string>;
   deleteObject(objectName: string): Promise<void>;
+  fileExists(objectName: string): Promise<boolean>;
 }
 
 export interface StorageConfig {

apps/server/src/utils/file-name-generator.ts

@@ -0,0 +1,206 @@
+import { prisma } from "../shared/prisma";
+
+/**
+ * Generates a unique filename by checking for duplicates in the database
+ * and appending a numeric suffix if necessary (e.g., file (1).txt, file (2).txt)
+ *
+ * @param baseName - The original filename without extension
+ * @param extension - The file extension
+ * @param userId - The user ID who owns the file
+ * @param folderId - The folder ID where the file will be stored (null for root)
+ * @returns A unique filename with extension
+ */
+export async function generateUniqueFileName(
+  baseName: string,
+  extension: string,
+  userId: string,
+  folderId: string | null | undefined
+): Promise<string> {
+  const fullName = `${baseName}.${extension}`;
+  const targetFolderId = folderId || null;
+
+  // Check if the original filename exists in the target folder
+  const existingFile = await prisma.file.findFirst({
+    where: {
+      name: fullName,
+      userId,
+      folderId: targetFolderId,
+    },
+  });
+
+  // If no duplicate, return the original name
+  if (!existingFile) {
+    return fullName;
+  }
+
+  // Find the next available suffix number
+  let suffix = 1;
+  let uniqueName = `${baseName} (${suffix}).${extension}`;
+
+  while (true) {
+    const duplicateFile = await prisma.file.findFirst({
+      where: {
+        name: uniqueName,
+        userId,
+        folderId: targetFolderId,
+      },
+    });
+
+    if (!duplicateFile) {
+      return uniqueName;
+    }
+
+    suffix++;
+    uniqueName = `${baseName} (${suffix}).${extension}`;
+  }
+}
+
+/**
+ * Generates a unique filename for rename operations by checking for duplicates
+ * and appending a numeric suffix if necessary (e.g., file (1).txt, file (2).txt)
+ *
+ * @param baseName - The original filename without extension
+ * @param extension - The file extension
+ * @param userId - The user ID who owns the file
+ * @param folderId - The folder ID where the file will be stored (null for root)
+ * @param excludeFileId - The ID of the file being renamed (to exclude from duplicate check)
+ * @returns A unique filename with extension
+ */
+export async function generateUniqueFileNameForRename(
+  baseName: string,
+  extension: string,
+  userId: string,
+  folderId: string | null | undefined,
+  excludeFileId: string
+): Promise<string> {
+  const fullName = `${baseName}.${extension}`;
+  const targetFolderId = folderId || null;
+
+  // Check if the original filename exists in the target folder (excluding current file)
+  const existingFile = await prisma.file.findFirst({
+    where: {
+      name: fullName,
+      userId,
+      folderId: targetFolderId,
+      id: { not: excludeFileId },
+    },
+  });
+
+  // If no duplicate, return the original name
+  if (!existingFile) {
+    return fullName;
+  }
+
+  // Find the next available suffix number
+  let suffix = 1;
+  let uniqueName = `${baseName} (${suffix}).${extension}`;
+
+  while (true) {
+    const duplicateFile = await prisma.file.findFirst({
+      where: {
+        name: uniqueName,
+        userId,
+        folderId: targetFolderId,
+        id: { not: excludeFileId },
+      },
+    });
+
+    if (!duplicateFile) {
+      return uniqueName;
+    }
+
+    suffix++;
+    uniqueName = `${baseName} (${suffix}).${extension}`;
+  }
+}
+
+/**
+ * Generates a unique folder name by checking for duplicates in the database
+ * and appending a numeric suffix if necessary (e.g., folder (1), folder (2))
+ *
+ * @param name - The original folder name
+ * @param userId - The user ID who owns the folder
+ * @param parentId - The parent folder ID (null for root)
+ * @param excludeFolderId - The ID of the folder being renamed (to exclude from duplicate check)
+ * @returns A unique folder name
+ */
+export async function generateUniqueFolderName(
+  name: string,
+  userId: string,
+  parentId: string | null | undefined,
+  excludeFolderId?: string
+): Promise<string> {
+  const targetParentId = parentId || null;
+
+  // Build the where clause
+  const whereClause: any = {
+    name,
+    userId,
+    parentId: targetParentId,
+  };
+
+  // Exclude the current folder if this is a rename operation
+  if (excludeFolderId) {
+    whereClause.id = { not: excludeFolderId };
+  }
+
+  // Check if the original folder name exists in the target location
+  const existingFolder = await prisma.folder.findFirst({
+    where: whereClause,
+  });
+
+  // If no duplicate, return the original name
+  if (!existingFolder) {
+    return name;
+  }
+
+  // Find the next available suffix number
+  let suffix = 1;
+  let uniqueName = `${name} (${suffix})`;
+
+  while (true) {
+    const whereClauseForSuffix: any = {
+      name: uniqueName,
+      userId,
+      parentId: targetParentId,
+    };
+
+    if (excludeFolderId) {
+      whereClauseForSuffix.id = { not: excludeFolderId };
+    }
+
+    const duplicateFolder = await prisma.folder.findFirst({
+      where: whereClauseForSuffix,
+    });
+
+    if (!duplicateFolder) {
+      return uniqueName;
+    }
+
+    suffix++;
+    uniqueName = `${name} (${suffix})`;
+  }
+}
+
+/**
+ * Parses a filename into base name and extension
+ *
+ * @param filename - The full filename with extension
+ * @returns Object with baseName and extension
+ */
+export function parseFileName(filename: string): { baseName: string; extension: string } {
+  const lastDotIndex = filename.lastIndexOf(".");
+
+  if (lastDotIndex === -1 || lastDotIndex === 0) {
+    // No extension or hidden file with no name before dot
+    return {
+      baseName: filename,
+      extension: "",
+    };
+  }
+
+  return {
+    baseName: filename.substring(0, lastDotIndex),
+    extension: filename.substring(lastDotIndex + 1),
+  };
+}

apps/web/.env.example

@@ -1,2 +1,5 @@
 API_BASE_URL=http:localhost:3333
-NEXT_PUBLIC_DEFAULT_LANGUAGE=en-US
+NEXT_PUBLIC_DEFAULT_LANGUAGE=en-US
+
+# Configuration options
+NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=

apps/web/messages/ar-SA.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "رفع الملفات - Palmr",
-        "description": "رفع الملفات عبر الرابط المشترك"
+        "description": "رفع الملفات عبر الرابط المشترك",
+        "descriptionWithLimit": "تحميل الملفات (الحد الأقصى {limit} ملفات)"
       },
       "layout": {
         "defaultTitle": "رفع الملفات",
@@ -1300,6 +1301,10 @@
       "passwordAuthEnabled": {
         "title": "المصادقة بالكلمة السرية",
         "description": "تمكين أو تعطيل المصادقة بالكلمة السرية"
+      },
+      "hideVersion": {
+        "title": "إخفاء الإصدار",
+        "description": "إخفاء إصدار Palmr في تذييل جميع الصفحات"
       }
     },
     "buttons": {
@@ -1361,7 +1366,11 @@
       "description": "قد يكون تم حذف هذه المشاركة أو انتهت صلاحيتها."
     },
     "pageTitle": "المشاركة",
-    "downloadAll": "تحميل الكل"
+    "downloadAll": "تحميل الكل",
+    "metadata": {
+      "defaultDescription": "مشاركة الملفات بشكل آمن",
+      "filesShared": "{count, plural, =1 {ملف واحد تمت مشاركته} other {# ملفات تمت مشاركتها}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "حذف المشاركة",

apps/web/messages/de-DE.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Dateien senden - Palmr",
-        "description": "Senden Sie Dateien über den geteilten Link"
+        "description": "Senden Sie Dateien über den geteilten Link",
+        "descriptionWithLimit": "Dateien hochladen (max. {limit} Dateien)"
       },
       "layout": {
         "defaultTitle": "Dateien senden",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "Passwort-Authentifizierung",
         "description": "Passwort-basierte Authentifizierung aktivieren oder deaktivieren"
+      },
+      "hideVersion": {
+        "title": "Version Ausblenden",
+        "description": "Die Palmr-Version in der Fußzeile aller Seiten ausblenden"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "Diese Freigabe wurde möglicherweise gelöscht oder ist abgelaufen."
     },
     "pageTitle": "Freigabe",
-    "downloadAll": "Alle herunterladen"
+    "downloadAll": "Alle herunterladen",
+    "metadata": {
+      "defaultDescription": "Dateien sicher teilen",
+      "filesShared": "{count, plural, =1 {1 Datei geteilt} other {# Dateien geteilt}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Freigabe Löschen",

apps/web/messages/en-US.json

@@ -1057,7 +1057,8 @@
     "upload": {
       "metadata": {
         "title": "Send Files - Palmr",
-        "description": "Send files through the shared link"
+        "description": "Send files through the shared link",
+        "descriptionWithLimit": "Upload files (max {limit} files)"
       },
       "layout": {
         "defaultTitle": "Send Files",
@@ -1211,6 +1212,10 @@
         "title": "Show Home Page",
         "description": "Show Home Page after installation"
       },
+      "hideVersion": {
+        "title": "Hide Version",
+        "description": "Hide the Palmr version from the footer on all pages"
+      },
       "smtpEnabled": {
         "title": "SMTP Enabled",
         "description": "Enable or disable SMTP email functionality"
@@ -1357,7 +1362,11 @@
       "title": "Share Not Found",
       "description": "This share may have been deleted or expired."
     },
-    "pageTitle": "Share"
+    "pageTitle": "Share",
+    "metadata": {
+      "defaultDescription": "Share files securely",
+      "filesShared": "{count, plural, =1 {1 file shared} other {# files shared}}"
+    }
   },
   "shareActions": {
     "fileTitle": "Share File",

apps/web/messages/es-ES.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Enviar Archivos - Palmr",
-        "description": "Envía archivos a través del enlace compartido"
+        "description": "Envía archivos a través del enlace compartido",
+        "descriptionWithLimit": "Subir archivos (máx. {limit} archivos)"
       },
       "layout": {
         "defaultTitle": "Enviar Archivos",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "Autenticación por Contraseña",
         "description": "Habilitar o deshabilitar la autenticación basada en contraseña"
+      },
+      "hideVersion": {
+        "title": "Ocultar Versión",
+        "description": "Ocultar la versión de Palmr en el pie de página de todas las páginas"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "Esta compartición puede haber sido eliminada o haber expirado."
     },
     "pageTitle": "Compartición",
-    "downloadAll": "Descargar Todo"
+    "downloadAll": "Descargar Todo",
+    "metadata": {
+      "defaultDescription": "Compartir archivos de forma segura",
+      "filesShared": "{count, plural, =1 {1 archivo compartido} other {# archivos compartidos}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Eliminar Compartir",

apps/web/messages/fr-FR.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Envoyer des Fichiers - Palmr",
-        "description": "Envoyez des fichiers via le lien partagé"
+        "description": "Envoyez des fichiers via le lien partagé",
+        "descriptionWithLimit": "Télécharger des fichiers (max {limit} fichiers)"
       },
       "layout": {
         "defaultTitle": "Envoyer des Fichiers",
@@ -1301,6 +1302,10 @@
       "passwordAuthEnabled": {
         "title": "Authentification par Mot de Passe",
         "description": "Activer ou désactiver l'authentification basée sur mot de passe"
+      },
+      "hideVersion": {
+        "title": "Masquer la Version",
+        "description": "Masquer la version de Palmr dans le pied de page de toutes les pages"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "Ce partage a peut-être été supprimé ou a expiré."
     },
     "pageTitle": "Partage",
-    "downloadAll": "Tout Télécharger"
+    "downloadAll": "Tout Télécharger",
+    "metadata": {
+      "defaultDescription": "Partager des fichiers en toute sécurité",
+      "filesShared": "{count, plural, =1 {1 fichier partagé} other {# fichiers partagés}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Supprimer le Partage",

apps/web/messages/hi-IN.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "फ़ाइलें भेजें - पाल्मर",
-        "description": "साझा किए गए लिंक के माध्यम से फ़ाइलें भेजें"
+        "description": "साझा किए गए लिंक के माध्यम से फ़ाइलें भेजें",
+        "descriptionWithLimit": "फ़ाइलें अपलोड करें (अधिकतम {limit} फ़ाइलें)"
       },
       "layout": {
         "defaultTitle": "फ़ाइलें भेजें",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "पासवर्ड प्रमाणीकरण",
         "description": "पासवर्ड आधारित प्रमाणीकरण सक्षम या अक्षम करें"
+      },
+      "hideVersion": {
+        "title": "संस्करण छुपाएं",
+        "description": "सभी पृष्ठों के फुटर में Palmr संस्करण छुपाएं"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "यह साझाकरण हटा दिया गया हो सकता है या समाप्त हो चुका है।"
     },
     "pageTitle": "साझाकरण",
-    "downloadAll": "सभी डाउनलोड करें"
+    "downloadAll": "सभी डाउनलोड करें",
+    "metadata": {
+      "defaultDescription": "फाइलों को सुरक्षित रूप से साझा करें",
+      "filesShared": "{count, plural, =1 {1 फ़ाइल साझा की गई} other {# फ़ाइलें साझा की गईं}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "साझाकरण हटाएं",

apps/web/messages/it-IT.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Invia File - Palmr",
-        "description": "Invia file attraverso il link condiviso"
+        "description": "Invia file attraverso il link condiviso",
+        "descriptionWithLimit": "Carica file (max {limit} file)"
       },
       "layout": {
         "defaultTitle": "Invia File",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "Autenticazione Password",
         "description": "Abilita o disabilita l'autenticazione basata su password"
+      },
+      "hideVersion": {
+        "title": "Nascondi Versione",
+        "description": "Nascondi la versione di Palmr nel piè di pagina di tutte le pagine"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "Questa condivisione potrebbe essere stata eliminata o è scaduta."
     },
     "pageTitle": "Condivisione",
-    "downloadAll": "Scarica Tutto"
+    "downloadAll": "Scarica Tutto",
+    "metadata": {
+      "defaultDescription": "Condividi file in modo sicuro",
+      "filesShared": "{count, plural, =1 {1 file condiviso} other {# file condivisi}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Elimina Condivisione",

apps/web/messages/ja-JP.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "ファイルを送信 - Palmr",
-        "description": "共有リンクを通じてファイルを送信"
+        "description": "共有リンクを通じてファイルを送信",
+        "descriptionWithLimit": "ファイルをアップロード（最大{limit}ファイル）"
       },
       "layout": {
         "defaultTitle": "ファイルを送信",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "パスワード認証",
         "description": "パスワード認証を有効または無効にする"
+      },
+      "hideVersion": {
+        "title": "バージョンを非表示",
+        "description": "すべてのページのフッターにあるPalmrバージョンを非表示にする"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "この共有は削除されたか、期限が切れている可能性があります。"
     },
     "pageTitle": "共有",
-    "downloadAll": "すべてダウンロード"
+    "downloadAll": "すべてダウンロード",
+    "metadata": {
+      "defaultDescription": "ファイルを安全に共有",
+      "filesShared": "{count, plural, =1 {1 ファイルが共有されました} other {# ファイルが共有されました}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "共有を削除",

apps/web/messages/ko-KR.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "파일 보내기 - Palmr",
-        "description": "공유된 링크를 통해 파일 보내기"
+        "description": "공유된 링크를 통해 파일 보내기",
+        "descriptionWithLimit": "파일 업로드 (최대 {limit}개 파일)"
       },
       "layout": {
         "defaultTitle": "파일 보내기",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "비밀번호 인증",
         "description": "비밀번호 기반 인증 활성화 또는 비활성화"
+      },
+      "hideVersion": {
+        "title": "버전 숨기기",
+        "description": "모든 페이지의 바닥글에서 Palmr 버전 숨기기"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "이 공유는 삭제되었거나 만료되었을 수 있습니다."
     },
     "pageTitle": "공유",
-    "downloadAll": "모두 다운로드"
+    "downloadAll": "모두 다운로드",
+    "metadata": {
+      "defaultDescription": "파일을 안전하게 공유",
+      "filesShared": "{count, plural, =1 {1개 파일 공유됨} other {#개 파일 공유됨}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "공유 삭제",

apps/web/messages/nl-NL.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Bestanden Verzenden - Palmr",
-        "description": "Verzend bestanden via de gedeelde link"
+        "description": "Verzend bestanden via de gedeelde link",
+        "descriptionWithLimit": "Upload bestanden (max {limit} bestanden)"
       },
       "layout": {
         "defaultTitle": "Bestanden Verzenden",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "Wachtwoord Authenticatie",
         "description": "Wachtwoord-gebaseerde authenticatie inschakelen of uitschakelen"
+      },
+      "hideVersion": {
+        "title": "Versie Verbergen",
+        "description": "Verberg de Palmr-versie in de voettekst van alle pagina's"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "Dit delen is mogelijk verwijderd of verlopen."
     },
     "pageTitle": "Delen",
-    "downloadAll": "Alles Downloaden"
+    "downloadAll": "Alles Downloaden",
+    "metadata": {
+      "defaultDescription": "Bestanden veilig delen",
+      "filesShared": "{count, plural, =1 {1 bestand gedeeld} other {# bestanden gedeeld}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Delen Verwijderen",

apps/web/messages/pl-PL.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Wyślij pliki - Palmr",
-        "description": "Wysyłaj pliki za pośrednictwem udostępnionego linku"
+        "description": "Wysyłaj pliki za pośrednictwem udostępnionego linku",
+        "descriptionWithLimit": "Prześlij pliki (maks. {limit} plików)"
       },
       "layout": {
         "defaultTitle": "Wyślij pliki",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "Uwierzytelnianie hasłem",
         "description": "Włącz lub wyłącz uwierzytelnianie oparte na haśle"
+      },
+      "hideVersion": {
+        "title": "Ukryj Wersję",
+        "description": "Ukryj wersję Palmr w stopce wszystkich stron"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "To udostępnienie mogło zostać usunięte lub wygasło."
     },
     "pageTitle": "Udostępnij",
-    "downloadAll": "Pobierz wszystkie"
+    "downloadAll": "Pobierz wszystkie",
+    "metadata": {
+      "defaultDescription": "Bezpiecznie udostępniaj pliki",
+      "filesShared": "{count, plural, =1 {1 plik udostępniony} other {# plików udostępnionych}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Usuń udostępnienie",

apps/web/messages/pt-BR.json

@@ -1057,7 +1057,8 @@
     "upload": {
       "metadata": {
         "title": "Enviar Arquivos - Palmr",
-        "description": "Envie arquivos através do link compartilhado"
+        "description": "Envie arquivos através do link compartilhado",
+        "descriptionWithLimit": "Enviar arquivos (máx. {limit} arquivos)"
       },
       "layout": {
         "defaultTitle": "Enviar Arquivos",
@@ -1307,6 +1308,10 @@
       "passwordAuthEnabled": {
         "title": "Autenticação por Senha",
         "description": "Ative ou desative a autenticação baseada em senha"
+      },
+      "hideVersion": {
+        "title": "Ocultar Versão",
+        "description": "Ocultar a versão do Palmr no rodapé de todas as páginas"
       }
     },
     "buttons": {
@@ -1360,7 +1365,11 @@
       "description": "Este compartilhamento pode ter sido excluído ou expirado."
     },
     "pageTitle": "Compartilhamento",
-    "downloadAll": "Baixar todos"
+    "downloadAll": "Baixar todos",
+    "metadata": {
+      "defaultDescription": "Compartilhar arquivos com segurança",
+      "filesShared": "{count, plural, =1 {1 arquivo compartilhado} other {# arquivos compartilhados}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Excluir Compartilhamento",

apps/web/messages/ru-RU.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Отправка файлов - Palmr",
-        "description": "Отправка файлов через общую ссылку"
+        "description": "Отправка файлов через общую ссылку",
+        "descriptionWithLimit": "Загрузить файлы (макс. {limit} файлов)"
       },
       "layout": {
         "defaultTitle": "Отправка файлов",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "Парольная аутентификация",
         "description": "Включить или отключить парольную аутентификацию"
+      },
+      "hideVersion": {
+        "title": "Скрыть Версию",
+        "description": "Скрыть версию Palmr в нижнем колонтитуле всех страниц"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "Этот общий доступ может быть удален или истек."
     },
     "pageTitle": "Общий доступ",
-    "downloadAll": "Скачать все"
+    "downloadAll": "Скачать все",
+    "metadata": {
+      "defaultDescription": "Безопасный обмен файлами",
+      "filesShared": "{count, plural, =1 {1 файл отправлен} other {# файлов отправлено}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Удалить Общий Доступ",

apps/web/messages/tr-TR.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "Dosya Gönder - Palmr",
-        "description": "Paylaşılan bağlantı üzerinden dosya gönderin"
+        "description": "Paylaşılan bağlantı üzerinden dosya gönderin",
+        "descriptionWithLimit": "Dosya yükle (maks. {limit} dosya)"
       },
       "layout": {
         "defaultTitle": "Dosya Gönder",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "Şifre Doğrulama",
         "description": "Şifre tabanlı doğrulamayı etkinleştirme veya devre dışı bırakma"
+      },
+      "hideVersion": {
+        "title": "Sürümü Gizle",
+        "description": "Tüm sayfaların alt bilgisinde Palmr sürümünü gizle"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "Bu paylaşım silinmiş veya süresi dolmuş olabilir."
     },
     "pageTitle": "Paylaşım",
-    "downloadAll": "Tümünü İndir"
+    "downloadAll": "Tümünü İndir",
+    "metadata": {
+      "defaultDescription": "Dosyaları güvenli bir şekilde paylaşın",
+      "filesShared": "{count, plural, =1 {1 dosya paylaşıldı} other {# dosya paylaşıldı}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "Paylaşımı Sil",

apps/web/messages/zh-CN.json

@@ -1056,7 +1056,8 @@
     "upload": {
       "metadata": {
         "title": "上传文件 - Palmr",
-        "description": "通过共享链接上传文件"
+        "description": "通过共享链接上传文件",
+        "descriptionWithLimit": "上传文件（最多 {limit} 个文件）"
       },
       "layout": {
         "defaultTitle": "上传文件",
@@ -1298,6 +1299,10 @@
       "passwordAuthEnabled": {
         "title": "密码认证",
         "description": "启用或禁用基于密码的认证"
+      },
+      "hideVersion": {
+        "title": "隐藏版本",
+        "description": "在所有页面的页脚中隐藏Palmr版本"
       }
     },
     "buttons": {
@@ -1359,7 +1364,11 @@
       "description": "该共享可能已被删除或已过期。"
     },
     "pageTitle": "共享",
-    "downloadAll": "下载所有"
+    "downloadAll": "下载所有",
+    "metadata": {
+      "defaultDescription": "安全共享文件",
+      "filesShared": "{count, plural, =1 {已共享 1 个文件} other {已共享 # 个文件}}"
+    }
   },
   "shareActions": {
     "deleteTitle": "删除共享",
@@ -1684,7 +1693,11 @@
       "copyToClipboard": "复制到剪贴板",
       "savedMessage": "我已保存备用码",
       "available": "可用备用码：{count}个",
-      "instructions": ["• 将这些代码保存在安全的位置", "• 每个备用码只能使用一次", "• 您可以随时生成新的备用码"]
+      "instructions": [
+        "• 将这些代码保存在安全的位置",
+        "• 每个备用码只能使用一次",
+        "• 您可以随时生成新的备用码"
+      ]
     },
     "verification": {
       "title": "双重认证",

apps/web/package.json

@@ -1,6 +1,6 @@
 {
   "name": "palmr-web",
-  "version": "3.2.1-beta",
+  "version": "3.2.4-beta",
   "description": "Frontend for Palmr",
   "private": true,
   "author": "Daniel Luiz Alves <daniel@kyantech.com.br>",
@@ -11,7 +11,7 @@
     "react",
     "typescript"
   ],
-  "license": "BSD-2-Clause Copyright 2023 Kyantech",
+  "license": "Apache-2.0",
   "packageManager": "pnpm@10.6.0",
   "scripts": {
     "dev": "next dev -p 3000",
@@ -100,4 +100,4 @@
     "tailwindcss": "4.1.11",
     "typescript": "5.8.3"
   }
-}
+}

apps/web/src/app/(shares)/r/[alias]/components/transparent-footer.tsx

@@ -1,12 +1,18 @@
+"use client";
+
 import Link from "next/link";
 import { useTranslations } from "next-intl";
 
+import { useSecureConfigValue } from "@/hooks/use-secure-configs";
 import packageJson from "../../../../../../package.json";
 
 const { version } = packageJson;
 
 export function TransparentFooter() {
   const t = useTranslations();
+  const { value: hideVersion } = useSecureConfigValue("hideVersion");
+
+  const shouldHideVersion = hideVersion === "true";
 
   return (
     <footer className="absolute bottom-0 left-0 right-0 z-50 w-full flex items-center justify-center py-3 h-16 pointer-events-none">
@@ -22,7 +28,7 @@ export function TransparentFooter() {
             Kyantech Solutions
           </p>
         </Link>
-        <span className="text-white text-[11px] mt-1">v{version}</span>
+        {!shouldHideVersion && <span className="text-white text-[11px] mt-1">v{version}</span>}
       </div>
     </footer>
   );

apps/web/src/app/(shares)/r/[alias]/layout.tsx

@@ -1,12 +1,91 @@
 import type { Metadata } from "next";
+import { headers } from "next/headers";
 import { getTranslations } from "next-intl/server";
 
-export async function generateMetadata(): Promise<Metadata> {
+async function getReverseShareMetadata(alias: string) {
+  try {
+    const API_BASE_URL = process.env.API_BASE_URL || "http://localhost:3333";
+    const response = await fetch(`${API_BASE_URL}/reverse-shares/alias/${alias}/metadata`, {
+      cache: "no-store",
+    });
+
+    if (!response.ok) {
+      return null;
+    }
+
+    return await response.json();
+  } catch (error) {
+    console.error("Error fetching reverse share metadata:", error);
+    return null;
+  }
+}
+
+async function getAppInfo() {
+  try {
+    const API_BASE_URL = process.env.API_BASE_URL || "http://localhost:3333";
+    const response = await fetch(`${API_BASE_URL}/app/info`, {
+      cache: "no-store",
+    });
+
+    if (!response.ok) {
+      return { appName: "Palmr", appDescription: "File sharing platform", appLogo: null };
+    }
+
+    return await response.json();
+  } catch (error) {
+    console.error("Error fetching app info:", error);
+    return { appName: "Palmr", appDescription: "File sharing platform", appLogo: null };
+  }
+}
+
+async function getBaseUrl(): Promise<string> {
+  const headersList = await headers();
+  const protocol = headersList.get("x-forwarded-proto") || "http";
+  const host = headersList.get("x-forwarded-host") || headersList.get("host") || "localhost:3000";
+  return `${protocol}://${host}`;
+}
+
+export async function generateMetadata({ params }: { params: { alias: string } }): Promise<Metadata> {
   const t = await getTranslations();
+  const metadata = await getReverseShareMetadata(params.alias);
+  const appInfo = await getAppInfo();
+
+  const title = metadata?.name || t("reverseShares.upload.metadata.title");
+  const description =
+    metadata?.description ||
+    (metadata?.maxFiles
+      ? t("reverseShares.upload.metadata.descriptionWithLimit", { limit: metadata.maxFiles })
+      : t("reverseShares.upload.metadata.description"));
+
+  const baseUrl = await getBaseUrl();
+  const shareUrl = `${baseUrl}/r/${params.alias}`;
 
   return {
-    title: t("reverseShares.upload.metadata.title"),
-    description: t("reverseShares.upload.metadata.description"),
+    title,
+    description,
+    openGraph: {
+      title,
+      description,
+      url: shareUrl,
+      siteName: appInfo.appName || "Palmr",
+      type: "website",
+      images: appInfo.appLogo
+        ? [
+            {
+              url: appInfo.appLogo,
+              width: 1200,
+              height: 630,
+              alt: appInfo.appName || "Palmr",
+            },
+          ]
+        : [],
+    },
+    twitter: {
+      card: "summary_large_image",
+      title,
+      description,
+      images: appInfo.appLogo ? [appInfo.appLogo] : [],
+    },
   };
 }
 

apps/web/src/app/(shares)/reverse-shares/components/reverse-shares-search.tsx

@@ -27,13 +27,13 @@ export function ReverseSharesSearch({
 
   return (
     <div className="flex flex-col gap-6">
-      <div className="flex justify-between items-center">
+      <div className="flex flex-col sm:flex-row justify-between sm:items-center gap-4">
         <h2 className="text-xl font-semibold">{t("reverseShares.search.title")}</h2>
-        <div className="flex items-center gap-2">
-          <Button variant="outline" size="icon" onClick={onRefresh} disabled={isRefreshing}>
+        <div className="flex flex-col sm:flex-row items-stretch sm:items-center gap-2">
+          <Button variant="outline" size="icon" onClick={onRefresh} disabled={isRefreshing} className="sm:w-auto">
             <IconRefresh className={`h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`} />
           </Button>
-          <Button onClick={onCreateReverseShare}>
+          <Button onClick={onCreateReverseShare} className="w-full sm:w-auto">
             <IconPlus className="h-4 w-4" />
             {t("reverseShares.search.createButton")}
           </Button>

apps/web/src/app/(shares)/s/[alias]/components/share-details.tsx

@@ -91,13 +91,13 @@ export function ShareDetails({
         <CardContent>
           <div className="flex flex-col gap-6">
             <div className="flex flex-col gap-2">
-              <div className="flex items-center justify-between">
+              <div className="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-4">
                 <div className="flex items-center gap-2">
                   <IconShare className="w-6 h-6 text-muted-foreground" />
                   <h1 className="text-2xl font-semibold">{share.name || t("share.details.untitled")}</h1>
                 </div>
                 {shareHasItems && hasMultipleFiles && (
-                  <Button onClick={onBulkDownload} className="flex items-center gap-2">
+                  <Button onClick={onBulkDownload} className="flex items-center gap-2 w-full sm:w-auto">
                     <IconDownload className="w-4 h-4" />
                     {t("share.downloadAll")}
                   </Button>

apps/web/src/app/(shares)/s/[alias]/layout.tsx

@@ -1,15 +1,96 @@
 import { Metadata } from "next";
+import { headers } from "next/headers";
 import { getTranslations } from "next-intl/server";
 
 interface LayoutProps {
   children: React.ReactNode;
+  params: { alias: string };
 }
 
-export async function generateMetadata(): Promise<Metadata> {
+async function getShareMetadata(alias: string) {
+  try {
+    const API_BASE_URL = process.env.API_BASE_URL || "http://localhost:3333";
+    const response = await fetch(`${API_BASE_URL}/shares/alias/${alias}/metadata`, {
+      cache: "no-store",
+    });
+
+    if (!response.ok) {
+      return null;
+    }
+
+    return await response.json();
+  } catch (error) {
+    console.error("Error fetching share metadata:", error);
+    return null;
+  }
+}
+
+async function getAppInfo() {
+  try {
+    const API_BASE_URL = process.env.API_BASE_URL || "http://localhost:3333";
+    const response = await fetch(`${API_BASE_URL}/app/info`, {
+      cache: "no-store",
+    });
+
+    if (!response.ok) {
+      return { appName: "Palmr", appDescription: "File sharing platform", appLogo: null };
+    }
+
+    return await response.json();
+  } catch (error) {
+    console.error("Error fetching app info:", error);
+    return { appName: "Palmr", appDescription: "File sharing platform", appLogo: null };
+  }
+}
+
+async function getBaseUrl(): Promise<string> {
+  const headersList = await headers();
+  const protocol = headersList.get("x-forwarded-proto") || "http";
+  const host = headersList.get("x-forwarded-host") || headersList.get("host") || "localhost:3000";
+  return `${protocol}://${host}`;
+}
+
+export async function generateMetadata({ params }: { params: { alias: string } }): Promise<Metadata> {
   const t = await getTranslations();
+  const metadata = await getShareMetadata(params.alias);
+  const appInfo = await getAppInfo();
+
+  const title = metadata?.name || t("share.pageTitle");
+  const description =
+    metadata?.description ||
+    (metadata?.totalFiles
+      ? t("share.metadata.filesShared", { count: metadata.totalFiles + (metadata.totalFolders || 0) })
+      : appInfo.appDescription || t("share.metadata.defaultDescription"));
+
+  const baseUrl = await getBaseUrl();
+  const shareUrl = `${baseUrl}/s/${params.alias}`;
 
   return {
-    title: `${t("share.pageTitle")}`,
+    title,
+    description,
+    openGraph: {
+      title,
+      description,
+      url: shareUrl,
+      siteName: appInfo.appName || "Palmr",
+      type: "website",
+      images: appInfo.appLogo
+        ? [
+            {
+              url: appInfo.appLogo,
+              width: 1200,
+              height: 630,
+              alt: appInfo.appName || "Palmr",
+            },
+          ]
+        : [],
+    },
+    twitter: {
+      card: "summary_large_image",
+      title,
+      description,
+      images: appInfo.appLogo ? [appInfo.appLogo] : [],
+    },
   };
 }
 

apps/web/src/app/(shares)/shares/components/shares-search.tsx

@@ -16,9 +16,9 @@ export function SharesSearch({
 
   return (
     <div className="flex flex-col gap-6">
-      <div className="flex justify-between items-center">
+      <div className="flex flex-col sm:flex-row justify-between sm:items-center gap-4">
         <h2 className="text-xl font-semibold">{t("shares.search.title")}</h2>
-        <Button onClick={onCreateShare}>
+        <Button onClick={onCreateShare} className="w-full sm:w-auto">
           <IconPlus className="h-4 w-4" />
           {t("shares.search.createButton")}
         </Button>

apps/web/src/app/dashboard/components/recent-files.tsx

@@ -15,13 +15,13 @@ export function RecentFiles({ files, fileManager, onOpenUploadModal }: RecentFil
   return (
     <Card>
       <CardHeader>
-        <div className="flex justify-between items-center">
+        <div className="flex flex-col sm:flex-row justify-between sm:items-center gap-4">
           <CardTitle className="text-xl font-semibold flex items-center gap-2">
             <IconCloudUpload className="text-xl text-gray-500" />
             {t("recentFiles.title")}
           </CardTitle>
 
-          <div className="flex items-center gap-2">
+          <div className="flex flex-col sm:flex-row items-stretch sm:items-center gap-2">
             <Button
               className="font-semibold text-sm cursor-pointer"
               variant="outline"

apps/web/src/app/dashboard/components/recent-shares.tsx

@@ -16,13 +16,13 @@ export function RecentShares({ shares, shareManager, onOpenCreateModal, onCopyLi
     <Card>
       <CardContent>
         <div className="flex flex-col gap-6">
-          <div className="flex justify-between items-center">
+          <div className="flex flex-col sm:flex-row justify-between sm:items-center gap-4">
             <h2 className="text-xl font-semibold flex items-center gap-2">
               <IconShare className="text-xl text-gray-500" />
               {t("recentShares.title")}
             </h2>
 
-            <div className="flex items-center gap-2">
+            <div className="flex flex-col sm:flex-row items-stretch sm:items-center gap-2">
               <Button
                 className="font-semibold text-sm cursor-pointer"
                 variant="outline"

apps/web/src/app/files/components/header.tsx

@@ -8,16 +8,16 @@ export function Header({ onUpload, onCreateFolder }: HeaderProps) {
   const t = useTranslations();
 
   return (
-    <div className="flex justify-between items-center">
+    <div className="flex flex-col sm:flex-row justify-between sm:items-center gap-4">
       <h2 className="text-xl font-semibold">{t("files.title")}</h2>
-      <div className="flex items-center gap-2">
+      <div className="flex flex-col sm:flex-row items-stretch sm:items-center gap-2">
         {onCreateFolder && (
-          <Button variant="outline" onClick={onCreateFolder}>
+          <Button variant="outline" onClick={onCreateFolder} className="w-full sm:w-auto">
             <IconFolderPlus className="h-4 w-4" />
             {t("folderActions.createFolder")}
           </Button>
         )}
-        <Button variant="default" onClick={onUpload}>
+        <Button variant="default" onClick={onUpload} className="w-full sm:w-auto">
           <IconCloudUpload className="h-4 w-4" />
           {t("files.uploadFile")}
         </Button>

apps/web/src/app/files/page.tsx

@@ -114,7 +114,10 @@ export default function FilesPage() {
 
   return (
     <ProtectedRoute>
-      <GlobalDropZone onSuccess={loadFiles}>
+      <GlobalDropZone
+        onSuccess={loadFiles}
+        currentFolderId={currentPath.length > 0 ? currentPath[currentPath.length - 1].id : null}
+      >
         <FileManagerLayout
           breadcrumbLabel={t("files.breadcrumb")}
           icon={<IconFolderOpen size={20} />}

apps/web/src/app/settings/constants.ts

@@ -35,6 +35,7 @@ export const createFieldDescriptions = (t: ReturnType<typeof createTranslator>)
   appName: t("settings.fields.appName.description"),
   appDescription: t("settings.fields.appDescription.description"),
   showHomePage: t("settings.fields.showHomePage.description"),
+  hideVersion: t("settings.fields.hideVersion.description"),
   firstUserAccess: t("settings.fields.firstUserAccess.description"),
   serverUrl: t("settings.fields.serverUrl.description"),
 
@@ -70,6 +71,7 @@ export const createFieldTitles = (t: ReturnType<typeof createTranslator>) => ({
   appName: t("settings.fields.appName.title"),
   appDescription: t("settings.fields.appDescription.title"),
   showHomePage: t("settings.fields.showHomePage.title"),
+  hideVersion: t("settings.fields.hideVersion.title"),
   firstUserAccess: t("settings.fields.firstUserAccess.title"),
   serverUrl: t("settings.fields.serverUrl.title"),
 

apps/web/src/components/general/global-drop-zone.tsx

@@ -243,8 +243,13 @@ export function GlobalDropZone({ onSuccess, children, currentFolderId }: GlobalD
 
   const handlePaste = useCallback(
     (event: ClipboardEvent) => {
-      event.preventDefault();
-      event.stopPropagation();
+      const target = event.target as HTMLElement;
+      const isInput = target.tagName === "INPUT" || target.tagName === "TEXTAREA";
+      const isPasswordInput = target.tagName === "INPUT" && (target as HTMLInputElement).type === "password";
+
+      if (isInput && !isPasswordInput) {
+        return;
+      }
 
       const items = event.clipboardData?.items;
       if (!items) return;
@@ -253,6 +258,9 @@ export function GlobalDropZone({ onSuccess, children, currentFolderId }: GlobalD
 
       if (imageItems.length === 0) return;
 
+      event.preventDefault();
+      event.stopPropagation();
+
       const newUploads: FileUpload[] = [];
 
       imageItems.forEach((item) => {

apps/web/src/components/ui/default-footer.tsx

@@ -1,12 +1,19 @@
+"use client";
+
 import Link from "next/link";
 import { useTranslations } from "next-intl";
 
+import { useSecureConfigValue } from "@/hooks/use-secure-configs";
+
 import packageJson from "../../../package.json";
 
 const { version } = packageJson;
 
 export function DefaultFooter() {
   const t = useTranslations();
+  const { value: hideVersion } = useSecureConfigValue("hideVersion");
+
+  const shouldHideVersion = hideVersion === "true";
 
   return (
     <footer className="w-full flex items-center justify-center py-3 h-16">
@@ -20,7 +27,7 @@ export function DefaultFooter() {
           <span className="text-default-600 text-xs sm:text-sm">{t("footer.poweredBy")}</span>
           <p className="text-primary text-xs sm:text-sm">Kyantech Solutions</p>
         </Link>
-        <span className="text-default-500 text-[11px] mt-1">v{version}</span>
+        {!shouldHideVersion && <span className="text-default-500 text-[11px] mt-1">v{version}</span>}
       </div>
     </footer>
   );

apps/web/src/utils/chunked-upload.ts

@@ -18,6 +18,8 @@ export interface ChunkedUploadResult {
 }
 
 export class ChunkedUploader {
+  private static defaultChunkSizeInBytes = 100 * 1024 * 1024; // 100MB
+
   /**
    * Upload a file in chunks with streaming
    */
@@ -155,6 +157,10 @@ export class ChunkedUploader {
     url: string;
     signal?: AbortSignal;
   }): Promise<any> {
+    // Encode filename as base64 to handle UTF-8 characters in HTTP headers
+    // This prevents errors when setting headers with non-ASCII characters
+    const encodedFileName = btoa(unescape(encodeURIComponent(fileName)));
+
     const headers = {
       "Content-Type": "application/octet-stream",
       "X-File-Id": fileId,
@@ -162,7 +168,7 @@ export class ChunkedUploader {
       "X-Total-Chunks": totalChunks.toString(),
       "X-Chunk-Size": chunkSize.toString(),
       "X-Total-Size": totalSize.toString(),
-      "X-File-Name": fileName,
+      "X-File-Name": encodedFileName,
       "X-Is-Last-Chunk": isLastChunk.toString(),
     };
 
@@ -246,7 +252,7 @@ export class ChunkedUploader {
       return false;
     }
 
-    const threshold = 100 * 1024 * 1024; // 100MB
+    const threshold = this.getConfiguredChunkSize() || this.defaultChunkSizeInBytes;
     const shouldUse = fileSize > threshold;
 
     return shouldUse;
@@ -256,12 +262,19 @@ export class ChunkedUploader {
    * Calculate optimal chunk size based on file size
    */
   static calculateOptimalChunkSize(fileSize: number): number {
-    if (fileSize <= 100 * 1024 * 1024) {
+    const configuredChunkSize = this.getConfiguredChunkSize();
+    const chunkSize = configuredChunkSize || this.defaultChunkSizeInBytes;
+
+    if (fileSize <= chunkSize) {
       throw new Error(
-        `calculateOptimalChunkSize should not be called for files <= 100MB. File size: ${(fileSize / (1024 * 1024)).toFixed(2)}MB`
+        `calculateOptimalChunkSize should not be called for files <= ${chunkSize}. File size: ${(fileSize / (1024 * 1024)).toFixed(2)}MB`
       );
     }
 
+    if (configuredChunkSize) {
+      return configuredChunkSize;
+    }
+
     // For files > 1GB, use 150MB chunks
     if (fileSize > 1024 * 1024 * 1024) {
       return 150 * 1024 * 1024;
@@ -275,4 +288,24 @@ export class ChunkedUploader {
     // For files > 100MB, use 75MB chunks (minimum for chunked upload)
     return 75 * 1024 * 1024;
   }
+
+  private static getConfiguredChunkSize(): number | null {
+    const configuredChunkSizeMb = process.env.NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB;
+
+    if (!configuredChunkSizeMb) {
+      return null;
+    }
+
+    const parsedValue = Number(configuredChunkSizeMb);
+
+    if (Number.isNaN(parsedValue) || parsedValue <= 0) {
+      console.warn(
+        `Invalid NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB value: ${configuredChunkSizeMb}. Falling back to optimal chunk size.`
+      );
+
+      return null;
+    }
+
+    return Math.floor(parsedValue * 1024 * 1024);
+  }
 }

apps/web/src/utils/download-queue-utils.ts

@@ -451,7 +451,13 @@ export async function bulkDownloadWithQueue(
     const folders = items.filter((item) => item.type === "folder");
 
     // eslint-disable-next-line prefer-const
-    let allFilesToDownload: Array<{ objectName: string; name: string; zipPath: string }> = [];
+    let allFilesToDownload: Array<{
+      objectName: string;
+      name: string;
+      zipPath: string;
+      isReverseShare?: boolean;
+      fileId?: string;
+    }> = [];
     // eslint-disable-next-line prefer-const
     let allEmptyFolders: string[] = [];
 
@@ -484,6 +490,8 @@ export async function bulkDownloadWithQueue(
             objectName: file.objectName || file.name,
             name: file.name,
             zipPath: wrapperPath + file.name,
+            isReverseShare: file.isReverseShare,
+            fileId: file.id,
           });
         }
       }
@@ -494,6 +502,8 @@ export async function bulkDownloadWithQueue(
           objectName: file.objectName || file.name,
           name: file.name,
           zipPath: wrapperPath + file.name,
+          isReverseShare: file.isReverseShare,
+          fileId: file.id,
         });
       }
     }
@@ -505,7 +515,12 @@ export async function bulkDownloadWithQueue(
     for (let i = 0; i < allFilesToDownload.length; i++) {
       const file = allFilesToDownload[i];
       try {
-        const blob = await downloadFileAsBlobWithQueue(file.objectName, file.name);
+        const blob = await downloadFileAsBlobWithQueue(
+          file.objectName,
+          file.name,
+          file.isReverseShare || false,
+          file.fileId
+        );
         zip.file(file.zipPath, blob);
         onProgress?.(i + 1, allFilesToDownload.length);
       } catch (error) {

docker-compose-bind-mount-example.yaml

@@ -13,7 +13,7 @@ services:
       # - DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | See the docs for see all supported languages
       # - PRESIGNED_URL_EXPIRATION=3600 # Duration in seconds for presigned URL expiration (OPTIONAL - default is 3600 seconds / 1 hour)
       # - SECURE_SITE=true # Set to true if you are using a reverse proxy (OPTIONAL - default is false)
-      
+
       # Download Memory Management Configuration (OPTIONAL - See documentation for details)
       # - DOWNLOAD_MAX_CONCURRENT=5 # Maximum number of simultaneous downloads (OPTIONAL - auto-scales based on system memory if not set)
       # - DOWNLOAD_MEMORY_THRESHOLD_MB=2048 # Memory threshold in MB before throttling (OPTIONAL - auto-scales based on system memory if not set)
@@ -21,6 +21,7 @@ services:
       # - DOWNLOAD_MIN_FILE_SIZE_GB=3.0 # Minimum file size in GB to activate memory management (OPTIONAL - default is 3.0)
       # - DOWNLOAD_AUTO_SCALE=true # Enable auto-scaling based on system memory (OPTIONAL - default is true)
       # - NODE_OPTIONS=--expose-gc # Enable garbage collection for large file downloads (RECOMMENDED for production)
+      # - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB for large file uploads (OPTIONAL - auto-calculates if not set)
     ports:
       - "5487:5487" # Web port
       - "3333:3333" # API port (OPTIONAL EXPOSED - ONLY IF YOU WANT TO ACCESS THE API DIRECTLY)

docker-compose-minio.yaml

@@ -18,7 +18,7 @@ services:
       # - DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | See the docs for see all supported languages
       # - PRESIGNED_URL_EXPIRATION=3600 # Duration in seconds for presigned URL expiration (OPTIONAL - default is 3600 seconds / 1 hour)
       # - SECURE_SITE=true # Set to true if you are using a reverse proxy (OPTIONAL - default is false)
-      
+
       # Download Memory Management Configuration (OPTIONAL - See documentation for details)
       # - DOWNLOAD_MAX_CONCURRENT=5 # Maximum number of simultaneous downloads (OPTIONAL - auto-scales based on system memory if not set)
       # - DOWNLOAD_MEMORY_THRESHOLD_MB=2048 # Memory threshold in MB before throttling (OPTIONAL - auto-scales based on system memory if not set)
@@ -26,6 +26,7 @@ services:
       # - DOWNLOAD_MIN_FILE_SIZE_GB=3.0 # Minimum file size in GB to activate memory management (OPTIONAL - default is 3.0)
       # - DOWNLOAD_AUTO_SCALE=true # Enable auto-scaling based on system memory (OPTIONAL - default is true)
       # - NODE_OPTIONS=--expose-gc # Enable garbage collection for large file downloads (RECOMMENDED for production)
+      # - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB for large file uploads (OPTIONAL - auto-calculates if not set)
     ports:
       - "5487:5487" # Web port
       - "3333:3333" # API port (OPTIONAL EXPOSED - ONLY IF YOU WANT TO ACCESS THE API DIRECTLY)

docker-compose-s3.yaml

@@ -18,7 +18,7 @@ services:
       # - DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | See the docs for see all supported languages
       # - PRESIGNED_URL_EXPIRATION=3600 # Duration in seconds for presigned URL expiration (OPTIONAL - default is 3600 seconds / 1 hour)
       # - SECURE_SITE=true # Set to true if you are using a reverse proxy (OPTIONAL - default is false)
-      
+
       # Download Memory Management Configuration (OPTIONAL - See documentation for details)
       # - DOWNLOAD_MAX_CONCURRENT=5 # Maximum number of simultaneous downloads (OPTIONAL - auto-scales based on system memory if not set)
       # - DOWNLOAD_MEMORY_THRESHOLD_MB=2048 # Memory threshold in MB before throttling (OPTIONAL - auto-scales based on system memory if not set)
@@ -26,6 +26,7 @@ services:
       # - DOWNLOAD_MIN_FILE_SIZE_GB=3.0 # Minimum file size in GB to activate memory management (OPTIONAL - default is 3.0)
       # - DOWNLOAD_AUTO_SCALE=true # Enable auto-scaling based on system memory (OPTIONAL - default is true)
       # - NODE_OPTIONS=--expose-gc # Enable garbage collection for large file downloads (RECOMMENDED for production)
+      # - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB for large file uploads (OPTIONAL - auto-calculates if not set)
     ports:
       - "5487:5487" # Web port
       - "3333:3333" # API port (OPTIONAL EXPOSED - ONLY IF YOU WANT TO ACCESS THE API DIRECTLY)

docker-compose.yaml

@@ -13,7 +13,7 @@ services:
       # - DEFAULT_LANGUAGE=en-US # Default language for the application (optional, defaults to en-US) | See the docs to see all supported languages
       # - PRESIGNED_URL_EXPIRATION=3600 # Duration in seconds for presigned URL expiration (OPTIONAL - default is 3600 seconds / 1 hour)
       # - SECURE_SITE=true # Set to true if you are using a reverse proxy (OPTIONAL - default is false)
-      
+
       # Download Memory Management Configuration (OPTIONAL - See documentation for details)
       # - DOWNLOAD_MAX_CONCURRENT=5 # Maximum number of simultaneous downloads (OPTIONAL - auto-scales based on system memory if not set)
       # - DOWNLOAD_MEMORY_THRESHOLD_MB=2048 # Memory threshold in MB before throttling (OPTIONAL - auto-scales based on system memory if not set)
@@ -21,6 +21,7 @@ services:
       # - DOWNLOAD_MIN_FILE_SIZE_GB=3.0 # Minimum file size in GB to activate memory management (OPTIONAL - default is 3.0)
       # - DOWNLOAD_AUTO_SCALE=true # Enable auto-scaling based on system memory (OPTIONAL - default is true)
       # - NODE_OPTIONS=--expose-gc # Enable garbage collection for large file downloads (RECOMMENDED for production)
+      # - NEXT_PUBLIC_UPLOAD_CHUNK_SIZE_MB=100 # Chunk size in MB for large file uploads (OPTIONAL - auto-calculates if not set)
     ports:
       - "5487:5487" # Web port
       - "3333:3333" # API port (OPTIONAL EXPOSED - ONLY IF YOU WANT TO ACCESS THE API DIRECTLY)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "palmr-monorepo",
-  "version": "3.2.1-beta",
+  "version": "3.2.4-beta",
   "description": "Palmr monorepo with Husky configuration",
   "private": true,
   "packageManager": "pnpm@10.6.0",