release: 1.0.1

* feat(email): add {email} placeholder to user invitation email

* change default values and setting description

---------

Co-authored-by: Elias Schneider <login@eliasschneider.com>

.gitignore

@@ -38,6 +38,9 @@ yarn-error.log*
 # project specific
 /backend/data/
 /data/
+/docs/build/
+/docs/.docusaurus
+/docs/.cache-loader
 
 # Jetbrains specific (webstorm)
 .idea/**/**

CHANGELOG.md

@@ -1,3 +1,62 @@
+## [1.0.1](https://github.com/stonith404/pingvin-share/compare/v1.0.0...v1.0.1) (2024-08-25)
+
+
+### Features
+
+* **email:** add {email} placeholder to user invitation email ([#564](https://github.com/stonith404/pingvin-share/issues/564)) ([8c5c696](https://github.com/stonith404/pingvin-share/commit/8c5c696c514a5fb450462184240b21553d7f1532))
+
+
+### Bug Fixes
+
+* **translations:** add missing string for ldap group ([64efac5](https://github.com/stonith404/pingvin-share/commit/64efac5b685bf2de9d65c6a4f8890d45afe6476d))
+
+## [1.0.0](https://github.com/stonith404/pingvin-share/compare/v0.29.0...v1.0.0) (2024-08-25)
+
+
+### Features
+
+* **ldap:** Adding support for LDAP authentication ([#554](https://github.com/stonith404/pingvin-share/issues/554)) ([4186a76](https://github.com/stonith404/pingvin-share/commit/4186a768b310855282bc4876d1f294700963b8f5))
+
+
+### Bug Fixes
+
+* get started button on home page not working when sign-up is disabled ([4924f76](https://github.com/stonith404/pingvin-share/commit/4924f763947c9a6b79ba0d85887f104ed9545c78))
+* internal server error if user has no password when trying to sign in ([9c381a2](https://github.com/stonith404/pingvin-share/commit/9c381a2ed6b3b7dfd95d4278889b937ffb85e01b))
+
+## [0.29.0](https://github.com/stonith404/pingvin-share/compare/v0.28.0...v0.29.0) (2024-07-30)
+
+
+### Features
+
+* add more options to reverse shares ([#495](https://github.com/stonith404/pingvin-share/issues/495)) ([fe735f9](https://github.com/stonith404/pingvin-share/commit/fe735f9704c9d96398f3127a559e17848b08d140)), closes [#155](https://github.com/stonith404/pingvin-share/issues/155)
+* sort share files by name by default ([27ee9fb](https://github.com/stonith404/pingvin-share/commit/27ee9fb6cb98177661bed20a0baa399b27e70b7e))
+
+
+### Reverts
+
+* Revert "fix: set max age of access token cookie to 15 minutes" ([14c2185](https://github.com/stonith404/pingvin-share/commit/14c2185e6f1a81d63e25fbeec3e30a54cf6a44c5))
+
+## [0.28.0](https://github.com/stonith404/pingvin-share/compare/v0.27.0...v0.28.0) (2024-07-22)
+
+
+### Features
+
+* **auth:** Add role-based access management from OpenID Connect ([#535](https://github.com/stonith404/pingvin-share/issues/535)) ([70fd2d9](https://github.com/stonith404/pingvin-share/commit/70fd2d94be3411cc430f5c56e522028398127efb))
+
+
+### Bug Fixes
+
+* store only 10 share tokens in the cookies and clear the expired ones ([e5a0c64](https://github.com/stonith404/pingvin-share/commit/e5a0c649e36e0db419d04446affe2564c45cf321))
+
+## [0.27.0](https://github.com/stonith404/pingvin-share/compare/v0.26.0...v0.27.0) (2024-07-11)
+
+
+### Features
+
+* add logs for successful registration, successful login and failed login ([d2bfb9a](https://github.com/stonith404/pingvin-share/commit/d2bfb9a55fdad6a05377b8552471cf1151304c90))
+* **auth:** Allow to hide username / password login form when OAuth is enabled ([#518](https://github.com/stonith404/pingvin-share/issues/518)) ([e1a68f7](https://github.com/stonith404/pingvin-share/commit/e1a68f75f7b034f1ef9e45f26de584f13e355589)), closes [#489](https://github.com/stonith404/pingvin-share/issues/489)
+* **smtp:** allow unauthorized mail server certificates ([#525](https://github.com/stonith404/pingvin-share/issues/525)) ([083d82c](https://github.com/stonith404/pingvin-share/commit/083d82c28b835c178f076e89ef8f5885e8ea31cb))
+
 ## [0.26.0](https://github.com/stonith404/pingvin-share/compare/v0.25.0...v0.26.0) (2024-07-03)
 
 

Dockerfile

@@ -30,13 +30,10 @@ RUN npm run build && npm prune --production
 FROM node:20-alpine AS runner
 ENV NODE_ENV=docker
 
-# Install Caddy
 RUN apk update --no-cache \
     && apk upgrade --no-cache \
     && apk add --no-cache curl caddy
 
-COPY ./Caddyfile /etc/caddy/Caddyfile
-
 WORKDIR /opt/app/frontend
 COPY --from=frontend-builder /opt/app/public ./public
 COPY --from=frontend-builder /opt/app/.next/standalone ./
@@ -49,12 +46,13 @@ COPY --from=backend-builder /opt/app/dist ./dist
 COPY --from=backend-builder /opt/app/prisma ./prisma
 COPY --from=backend-builder /opt/app/package.json ./
 
+COPY ./Caddyfile /etc/caddy/Caddyfile
+COPY ./scripts/docker-entrypoint.sh /opt/app/docker-entrypoint.sh
+
 WORKDIR /opt/app
 
 EXPOSE 3000
 
-# Health check remains unchanged
 HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost:3000/api/health || exit 1
 
-# Application startup updated for Caddy
-CMD cp -rn /tmp/img/* /opt/app/frontend/public/img && caddy run --config /etc/caddy/Caddyfile & PORT=3333 HOSTNAME=0.0.0.0 node frontend/server.js & cd backend && npm run prod
+CMD ["sh", "/opt/app/docker-entrypoint.sh"]

README.md

@@ -2,8 +2,6 @@
 
 [![](https://dcbadge.limes.pink/api/server/wHRQ9nFRcK)](https://discord.gg/wHRQ9nFRcK) [![](https://img.shields.io/badge/Crowdin-2E3340.svg?style=for-the-badge&logo=Crowdin&logoColor=white)](https://crowdin.com/project/pingvin-share) [![](https://img.shields.io/badge/sponsor-30363D?style=for-the-badge&logo=GitHub-Sponsors&logoColor=#white)](https://github.com/sponsors/stonith404)
 
-_Read this in another language: [Spanish](/docs/README.es.md), [English](/README.md), [简体中文](/docs/README.zh-cn.md), [日本語](/docs/README.ja-jp.md)_
-
 ---
 
 Pingvin Share is self-hosted file sharing platform and an alternative for WeTransfer.
@@ -26,8 +24,6 @@ Pingvin Share is self-hosted file sharing platform and an alternative for WeTran
 
 ## ⌨️ Setup
 
-> Note: Pingvin Share is in its early stages and may contain bugs.
-
 ### Installation with Docker (recommended)
 
 1. Download the `docker-compose.yml` file
@@ -35,135 +31,6 @@ Pingvin Share is self-hosted file sharing platform and an alternative for WeTran
 
 The website is now listening on `http://localhost:3000`, have fun with Pingvin Share 🐧!
 
-### Stand-alone Installation
+## 📚 Documentation
 
-Required tools:
-
-- [Node.js](https://nodejs.org/en/download/) >= 16
-- [Git](https://git-scm.com/downloads)
-- [pm2](https://pm2.keymetrics.io/) for running Pingvin Share in the background
-
-```bash
-git clone https://github.com/stonith404/pingvin-share
-cd pingvin-share
-
-# Checkout the latest version
-git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-# Start the backend
-cd backend
-npm install
-npm run build
-pm2 start --name="pingvin-share-backend" npm -- run prod
-
-# Start the frontend
-cd ../frontend
-npm install
-npm run build
-API_URL=http://localhost:8080 # Set the URL of the backend, default: http://localhost:8080
-pm2 start --name="pingvin-share-frontend" .next/standalone/server.js
-```
-
-**Uploading Large Files**: By default, Pingvin Share uses a built-in reverse proxy to reduce the installation steps. However, this reverse proxy is not optimized for uploading large files. If you wish to upload larger files, you can either use the Docker installation or set up your own reverse proxy. An example configuration for Caddy can be found in `./Caddyfile`.
-
-The website is now listening on `http://localhost:3000`, have fun with Pingvin Share 🐧!
-
-### Integrations
-
-#### ClamAV (Docker only)
-
-ClamAV is used to scan shares for malicious files and remove them if found.
-
-1. Add the ClamAV container to the Docker Compose stack (see `docker-compose.yml`) and start the container.
-2. Docker will wait for ClamAV to start before starting Pingvin Share. This may take a minute or two.
-3. The Pingvin Share logs should now log "ClamAV is active"
-
-Please note that ClamAV needs a lot of [ressources](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).
-
-#### OAuth 2 Login
-
-View the [OAuth 2 guide](/docs/oauth2-guide.md) for more information.
-
-### Additional resources
-
-- [Synology NAS installation](https://mariushosting.com/how-to-install-pingvin-share-on-your-synology-nas/)
-- [Zeabur installation](https://zeabur.com/templates/19G6OK)
-
-### Upgrade to a new version
-
-As Pingvin Share is in early stage, see the release notes for breaking changes before upgrading.
-
-#### Docker
-
-```bash
-docker compose pull
-docker compose up -d
-```
-
-#### Stand-alone
-
-1. Stop the running app
-   ```bash
-   pm2 stop pingvin-share-backend pingvin-share-frontend
-   ```
-2. Repeat the steps from the [installation guide](#stand-alone-installation) except the `git clone` step.
-
-   ```bash
-   cd pingvin-share
-
-   # Checkout the latest version
-   git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-   # Start the backend
-   cd backend
-   npm install
-   npm run build
-   pm2 restart pingvin-share-backend
-
-   # Start the frontend
-   cd ../frontend
-   npm install
-   npm run build
-   API_URL=http://localhost:8080 # Set the URL of the backend, default: http://localhost:8080
-   pm2 restart pingvin-share-frontend
-   ```
-
-### Configuration
-
-You can customize Pingvin Share like changing your domain by going to the configuration page in your admin dashboard `/admin/config`.
-
-#### Environment variables
-
-For installation specific configuration, you can use environment variables. The following variables are available:
-
-##### Backend
-
-| Variable         | Default Value                                      | Description                            |
-| ---------------- | -------------------------------------------------- | -------------------------------------- |
-| `PORT`           | `8080`                                             | The port on which the backend listens. |
-| `DATABASE_URL`   | `file:../data/pingvin-share.db?connection_limit=1` | The URL of the SQLite database.        |
-| `DATA_DIRECTORY` | `./data`                                           | The directory where data is stored.    |
-| `CLAMAV_HOST`    | `127.0.0.1`                                        | The IP address of the ClamAV server.   |
-| `CLAMAV_PORT`    | `3310`                                             | The port number of the ClamAV server.  |
-
-##### Frontend
-
-| Variable  | Default Value           | Description                              |
-| --------- | ----------------------- | ---------------------------------------- |
-| `PORT`    | `3000`                  | The port on which the frontend listens.  |
-| `API_URL` | `http://localhost:8080` | The URL of the backend for the frontend. |
-
-## 🖤 Contribute
-
-### Translations
-
-You can help to translate Pingvin Share into your language.
-On [Crowdin](https://crowdin.com/project/pingvin-share) you can easily translate Pingvin Share online.
-
-Is your language not on Crowdin? Feel free to [Request it](https://github.com/stonith404/pingvin-share/issues/new?assignees=&labels=language-request&projects=&template=language-request.yml&title=%F0%9F%8C%90+Language+request%3A+%3Clanguage+name+in+english%3E).
-
-Any issues while translating? Feel free to participate in the [Localization discussion](https://github.com/stonith404/pingvin-share/discussions/198).
-
-### Project
-
-You're very welcome to contribute to Pingvin Share! Please follow the [contribution guide](/CONTRIBUTING.md) to get started.
+For more installation options and advanced configurations, please refer to the [documentation](https://stonith404.github.io/pingvin-share).

SECURITY.md

@@ -1,7 +1,9 @@
 # Security Policy
 
 ## Supported Versions
-As Pingvin Share is in beta, older versions don't get security updates. Please consider to update Pingvin Share regularly. Updates can be automated with e.g [Watchtower](https://github.com/containrrr/watchtower).
+
+Older versions of Pingvin Share do not receive security updates. To ensure your system remains secure, we strongly recommend updating Pingvin Share regularly. You can automate these updates using tools like [Watchtower](https://github.com/containrrr/watchtower).
 
 ## Reporting a Vulnerability
+
 Thank you for taking the time to report a vulnerability. Please DO NOT create an issue on GitHub because the vulnerability could get exploited. Instead please write an email to [elias@eliasschneider.com](mailto:elias@eliasschneider.com).

backend/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "pingvin-share-backend",
-  "version": "0.26.0",
+  "version": "1.0.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "pingvin-share-backend",
-      "version": "0.26.0",
+      "version": "1.0.1",
       "dependencies": {
         "@nestjs/cache-manager": "^2.2.2",
         "@nestjs/common": "^10.3.9",
@@ -19,6 +19,8 @@
         "@nestjs/swagger": "^7.3.1",
         "@nestjs/throttler": "^5.2.0",
         "@prisma/client": "^5.16.1",
+        "@types/jmespath": "^0.15.2",
+        "@types/ldapjs": "^3.0.6",
         "archiver": "^7.0.1",
         "argon2": "^0.40.3",
         "body-parser": "^1.20.2",
@@ -28,6 +30,8 @@
         "class-validator": "^0.14.1",
         "content-disposition": "^0.5.4",
         "cookie-parser": "^1.4.6",
+        "jmespath": "^0.16.0",
+        "ldapjs": "^3.0.7",
         "mime-types": "^2.1.35",
         "moment": "^2.30.1",
         "nanoid": "^3.3.7",
@@ -1124,6 +1128,101 @@
         "@jridgewell/sourcemap-codec": "^1.4.14"
       }
     },
+    "node_modules/@ldapjs/asn1": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@ldapjs/asn1/-/asn1-2.0.0.tgz",
+      "integrity": "sha512-G9+DkEOirNgdPmD0I8nu57ygQJKOOgFEMKknEuQvIHbGLwP3ny1mY+OTUYLCbCaGJP4sox5eYgBJRuSUpnAddA==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT"
+    },
+    "node_modules/@ldapjs/attribute": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@ldapjs/attribute/-/attribute-1.0.0.tgz",
+      "integrity": "sha512-ptMl2d/5xJ0q+RgmnqOi3Zgwk/TMJYG7dYMC0Keko+yZU6n+oFM59MjQOUht5pxJeS4FWrImhu/LebX24vJNRQ==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT",
+      "dependencies": {
+        "@ldapjs/asn1": "2.0.0",
+        "@ldapjs/protocol": "^1.2.1",
+        "process-warning": "^2.1.0"
+      }
+    },
+    "node_modules/@ldapjs/change": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@ldapjs/change/-/change-1.0.0.tgz",
+      "integrity": "sha512-EOQNFH1RIku3M1s0OAJOzGfAohuFYXFY4s73wOhRm4KFGhmQQ7MChOh2YtYu9Kwgvuq1B0xKciXVzHCGkB5V+Q==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT",
+      "dependencies": {
+        "@ldapjs/asn1": "2.0.0",
+        "@ldapjs/attribute": "1.0.0"
+      }
+    },
+    "node_modules/@ldapjs/controls": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@ldapjs/controls/-/controls-2.1.0.tgz",
+      "integrity": "sha512-2pFdD1yRC9V9hXfAWvCCO2RRWK9OdIEcJIos/9cCVP9O4k72BY1bLDQQ4KpUoJnl4y/JoD4iFgM+YWT3IfITWw==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT",
+      "dependencies": {
+        "@ldapjs/asn1": "^1.2.0",
+        "@ldapjs/protocol": "^1.2.1"
+      }
+    },
+    "node_modules/@ldapjs/controls/node_modules/@ldapjs/asn1": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@ldapjs/asn1/-/asn1-1.2.0.tgz",
+      "integrity": "sha512-KX/qQJ2xxzvO2/WOvr1UdQ+8P5dVvuOLk/C9b1bIkXxZss8BaR28njXdPgFCpj5aHaf1t8PmuVnea+N9YG9YMw==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT"
+    },
+    "node_modules/@ldapjs/dn": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@ldapjs/dn/-/dn-1.1.0.tgz",
+      "integrity": "sha512-R72zH5ZeBj/Fujf/yBu78YzpJjJXG46YHFo5E4W1EqfNpo1UsVPqdLrRMXeKIsJT3x9dJVIfR6OpzgINlKpi0A==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT",
+      "dependencies": {
+        "@ldapjs/asn1": "2.0.0",
+        "process-warning": "^2.1.0"
+      }
+    },
+    "node_modules/@ldapjs/filter": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/@ldapjs/filter/-/filter-2.1.1.tgz",
+      "integrity": "sha512-TwPK5eEgNdUO1ABPBUQabcZ+h9heDORE4V9WNZqCtYLKc06+6+UAJ3IAbr0L0bYTnkkWC/JEQD2F+zAFsuikNw==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT",
+      "dependencies": {
+        "@ldapjs/asn1": "2.0.0",
+        "@ldapjs/protocol": "^1.2.1",
+        "process-warning": "^2.1.0"
+      }
+    },
+    "node_modules/@ldapjs/messages": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/@ldapjs/messages/-/messages-1.3.0.tgz",
+      "integrity": "sha512-K7xZpXJ21bj92jS35wtRbdcNrwmxAtPwy4myeh9duy/eR3xQKvikVycbdWVzkYEAVE5Ce520VXNOwCHjomjCZw==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT",
+      "dependencies": {
+        "@ldapjs/asn1": "^2.0.0",
+        "@ldapjs/attribute": "^1.0.0",
+        "@ldapjs/change": "^1.0.0",
+        "@ldapjs/controls": "^2.1.0",
+        "@ldapjs/dn": "^1.1.0",
+        "@ldapjs/filter": "^2.1.1",
+        "@ldapjs/protocol": "^1.2.1",
+        "process-warning": "^2.2.0"
+      }
+    },
+    "node_modules/@ldapjs/protocol": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@ldapjs/protocol/-/protocol-1.2.1.tgz",
+      "integrity": "sha512-O89xFDLW2gBoZWNXuXpBSM32/KealKCTb3JGtJdtUQc7RjAk8XzrRgyz02cPAwGKwKPxy0ivuC7UP9bmN87egQ==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT"
+    },
     "node_modules/@ljharb/through": {
       "version": "2.3.13",
       "resolved": "https://registry.npmjs.org/@ljharb/through/-/through-2.3.13.tgz",
@@ -1994,6 +2093,12 @@
         "@types/range-parser": "*"
       }
     },
+    "node_modules/@types/jmespath": {
+      "version": "0.15.2",
+      "resolved": "https://registry.npmjs.org/@types/jmespath/-/jmespath-0.15.2.tgz",
+      "integrity": "sha512-pegh49FtNsC389Flyo9y8AfkVIZn9MMPE9yJrO9svhq6Fks2MwymULWjZqySuxmctd3ZH4/n7Mr98D+1Qo5vGA==",
+      "license": "MIT"
+    },
     "node_modules/@types/json-schema": {
       "version": "7.0.12",
       "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.12.tgz",
@@ -2008,6 +2113,15 @@
         "@types/node": "*"
       }
     },
+    "node_modules/@types/ldapjs": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/@types/ldapjs/-/ldapjs-3.0.6.tgz",
+      "integrity": "sha512-E2Tn1ltJDYBsidOT9QG4engaQeQzRQ9aYNxVmjCkD33F7cIeLPgrRDXAYs0O35mK2YDU20c/+ZkNjeAPRGLM0Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/luxon": {
       "version": "3.4.2",
       "resolved": "https://registry.npmjs.org/@types/luxon/-/luxon-3.4.2.tgz",
@@ -2542,6 +2656,12 @@
         "node": ">=6.5"
       }
     },
+    "node_modules/abstract-logging": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/abstract-logging/-/abstract-logging-2.0.1.tgz",
+      "integrity": "sha512-2BjRTZxTPvheOvGbBslFSYOUkr+SjPtOnrLP33f+VIWLzezQpZcqVg7ja3L4dBXmzzgwT+a029jRx5PCi3JuiA==",
+      "license": "MIT"
+    },
     "node_modules/accepts": {
       "version": "1.3.8",
       "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
@@ -2944,7 +3064,6 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
       "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==",
-      "dev": true,
       "engines": {
         "node": ">=0.8"
       }
@@ -2980,6 +3099,18 @@
       "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.6.tgz",
       "integrity": "sha512-5Tk1HLk6b6ctmjIkAcU/Ujv/1WqiDl0F0JdRCR80VsOcUlHcu7pWeWRlOqQLHfDEsVx9YH/aif5AG4ehoCtTmg=="
     },
+    "node_modules/backoff": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
+      "integrity": "sha512-wC5ihrnUXmR2douXmXLCe5O3zg3GKIyvRi/hi58a/XyRxVI+3/yM0PYueQOZXPXQ9pxBislYkw+sF9b7C/RuMA==",
+      "license": "MIT",
+      "dependencies": {
+        "precond": "0.2"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/balanced-match": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
@@ -4506,7 +4637,6 @@
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
       "integrity": "sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==",
-      "dev": true,
       "engines": [
         "node >=0.6.0"
       ]
@@ -5523,6 +5653,15 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
+    "node_modules/jmespath": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/jmespath/-/jmespath-0.16.0.tgz",
+      "integrity": "sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==",
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">= 0.6.0"
+      }
+    },
     "node_modules/joi": {
       "version": "17.11.0",
       "resolved": "https://registry.npmjs.org/joi/-/joi-17.11.0.tgz",
@@ -5706,6 +5845,49 @@
         "node": ">= 0.6.3"
       }
     },
+    "node_modules/ldapjs": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-3.0.7.tgz",
+      "integrity": "sha512-1ky+WrN+4CFMuoekUOv7Y1037XWdjKpu0xAPwSP+9KdvmV9PG+qOKlssDV6a+U32apwxdD3is/BZcWOYzN30cg==",
+      "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md",
+      "license": "MIT",
+      "dependencies": {
+        "@ldapjs/asn1": "^2.0.0",
+        "@ldapjs/attribute": "^1.0.0",
+        "@ldapjs/change": "^1.0.0",
+        "@ldapjs/controls": "^2.1.0",
+        "@ldapjs/dn": "^1.1.0",
+        "@ldapjs/filter": "^2.1.1",
+        "@ldapjs/messages": "^1.3.0",
+        "@ldapjs/protocol": "^1.2.1",
+        "abstract-logging": "^2.0.1",
+        "assert-plus": "^1.0.0",
+        "backoff": "^2.5.0",
+        "once": "^1.4.0",
+        "vasync": "^2.2.1",
+        "verror": "^1.10.1"
+      }
+    },
+    "node_modules/ldapjs/node_modules/core-util-is": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
+      "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==",
+      "license": "MIT"
+    },
+    "node_modules/ldapjs/node_modules/verror": {
+      "version": "1.10.1",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.1.tgz",
+      "integrity": "sha512-veufcmxri4e3XSrT0xwfUR7kguIkaxBeosDg00yDWhk49wdwkSUrvvsm7nc75e1PUyvIeZj6nS8VQRYz2/S4Xg==",
+      "license": "MIT",
+      "dependencies": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
+      },
+      "engines": {
+        "node": ">=0.6.0"
+      }
+    },
     "node_modules/levn": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -6276,7 +6458,6 @@
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
       "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
-      "dev": true,
       "dependencies": {
         "wrappy": "1"
       }
@@ -6813,6 +6994,14 @@
         "node": ">=10"
       }
     },
+    "node_modules/precond": {
+      "version": "0.2.3",
+      "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
+      "integrity": "sha512-QCYG84SgGyGzqJ/vlMsxeXd/pgL/I94ixdNFyh1PusWmTCyVfPJjZ1K1jvHtsbfnXQs2TSkEP2fR7QiMZAnKFQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/prelude-ls": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz",
@@ -6893,6 +7082,12 @@
       "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
       "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
     },
+    "node_modules/process-warning": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-2.3.2.tgz",
+      "integrity": "sha512-n9wh8tvBe5sFmsqlg+XQhaQLumwpqoAUruLwjCopgTmUBjJ/fjtBsJzKleCaIGBOMXYEhp1YfKl4d7rJ5ZKJGA==",
+      "license": "MIT"
+    },
     "node_modules/promise-coalesce": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/promise-coalesce/-/promise-coalesce-1.1.2.tgz",
@@ -7461,6 +7656,7 @@
       "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.33.4.tgz",
       "integrity": "sha512-7i/dt5kGl7qR4gwPRD2biwD2/SvBn3O04J77XKFgL2OnZtQw+AG9wnuS/csmu80nPRHLYE9E41fyEiG8nhH6/Q==",
       "hasInstallScript": true,
+      "license": "Apache-2.0",
       "dependencies": {
         "color": "^4.2.3",
         "detect-libc": "^2.0.3",
@@ -8297,11 +8493,22 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/vasync": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/vasync/-/vasync-2.2.1.tgz",
+      "integrity": "sha512-Hq72JaTpcTFdWiNA4Y22Amej2GH3BFmBaKPPlDZ4/oC8HNn2ISHLkFrJU4Ds8R3jcUi7oo5Y9jcMHKjES+N9wQ==",
+      "engines": [
+        "node >=0.6.0"
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "verror": "1.10.0"
+      }
+    },
     "node_modules/verror": {
       "version": "1.10.0",
       "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
       "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==",
-      "dev": true,
       "engines": [
         "node >=0.6.0"
       ],
@@ -8314,8 +8521,7 @@
     "node_modules/verror/node_modules/core-util-is": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
-      "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==",
-      "dev": true
+      "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ=="
     },
     "node_modules/wait-on": {
       "version": "7.2.0",
@@ -8511,8 +8717,7 @@
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
-      "dev": true
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "node_modules/xmlbuilder": {
       "version": "15.1.1",

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share-backend",
-  "version": "0.26.0",
+  "version": "1.0.1",
   "scripts": {
     "build": "nest build",
     "dev": "cross-env NODE_ENV=development nest start --watch",
@@ -24,6 +24,8 @@
     "@nestjs/swagger": "^7.3.1",
     "@nestjs/throttler": "^5.2.0",
     "@prisma/client": "^5.16.1",
+    "@types/jmespath": "^0.15.2",
+    "@types/ldapjs": "^3.0.6",
     "archiver": "^7.0.1",
     "argon2": "^0.40.3",
     "body-parser": "^1.20.2",
@@ -33,6 +35,8 @@
     "class-validator": "^0.14.1",
     "content-disposition": "^0.5.4",
     "cookie-parser": "^1.4.6",
+    "jmespath": "^0.16.0",
+    "ldapjs": "^3.0.7",
     "mime-types": "^2.1.35",
     "moment": "^2.30.1",
     "nanoid": "^3.3.7",

backend/prisma/migrations/20240609145325_add_simplied_field_for_reverse_share/migration.sql

@@ -0,0 +1,20 @@
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_ReverseShare" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "token" TEXT NOT NULL,
+    "shareExpiration" DATETIME NOT NULL,
+    "maxShareSize" TEXT NOT NULL,
+    "sendEmailNotification" BOOLEAN NOT NULL,
+    "remainingUses" INTEGER NOT NULL,
+    "simplified" BOOLEAN NOT NULL DEFAULT false,
+    "creatorId" TEXT NOT NULL,
+    CONSTRAINT "ReverseShare_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+INSERT INTO "new_ReverseShare" ("createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "token") SELECT "createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "token" FROM "ReverseShare";
+DROP TABLE "ReverseShare";
+ALTER TABLE "new_ReverseShare" RENAME TO "ReverseShare";
+CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;

backend/prisma/migrations/20240725141038_add_public_access_field_for_reverse_share/migration.sql

@@ -0,0 +1,22 @@
+-- RedefineTables
+PRAGMA defer_foreign_keys=ON;
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_ReverseShare" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "token" TEXT NOT NULL,
+    "shareExpiration" DATETIME NOT NULL,
+    "maxShareSize" TEXT NOT NULL,
+    "sendEmailNotification" BOOLEAN NOT NULL,
+    "remainingUses" INTEGER NOT NULL,
+    "simplified" BOOLEAN NOT NULL DEFAULT false,
+    "publicAccess" BOOLEAN NOT NULL DEFAULT true,
+    "creatorId" TEXT NOT NULL,
+    CONSTRAINT "ReverseShare_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+INSERT INTO "new_ReverseShare" ("createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "simplified", "token") SELECT "createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "simplified", "token" FROM "ReverseShare";
+DROP TABLE "ReverseShare";
+ALTER TABLE "new_ReverseShare" RENAME TO "ReverseShare";
+CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
+PRAGMA foreign_keys=ON;
+PRAGMA defer_foreign_keys=OFF;

backend/prisma/migrations/20240803232708_ldap_support/migration.sql

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[ldapDN]` on the table `User` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN "ldapDN" TEXT;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_ldapDN_key" ON "User"("ldapDN");

backend/prisma/schema.prisma

@@ -16,6 +16,7 @@ model User {
   email    String  @unique
   password String?
   isAdmin  Boolean @default(false)
+  ldapDN   String? @unique
 
   shares        Share[]
   refreshTokens RefreshToken[]
@@ -103,6 +104,8 @@ model ReverseShare {
   maxShareSize          String
   sendEmailNotification Boolean
   remainingUses         Int
+  simplified            Boolean  @default(false)
+  publicAccess          Boolean  @default(true)
 
   creatorId String
   creator   User   @relation(fields: [creatorId], references: [id], onDelete: Cascade)

backend/prisma/seed/config.seed.ts

@@ -71,7 +71,6 @@ const configVariables: ConfigVariables = {
     enableShareEmailRecipients: {
       type: "boolean",
       defaultValue: "false",
-
       secret: false,
     },
     shareRecipientsSubject: {
@@ -108,7 +107,7 @@ const configVariables: ConfigVariables = {
     inviteMessage: {
       type: "text",
       defaultValue:
-        "Hey!\n\nYou were invited to Pingvin Share. Click this link to accept the invite: {url}\n\nYour password is: {password}\n\nPingvin Share 🐧",
+        'Hey!\n\nYou were invited to Pingvin Share. Click this link to accept the invite: {url}\n\nYou can use the email "{email}" and the password "{password}" to sign in.\n\nPingvin Share 🐧',
     },
   },
   smtp: {
@@ -117,6 +116,12 @@ const configVariables: ConfigVariables = {
       defaultValue: "false",
       secret: false,
     },
+    allowUnauthorizedCertificates: {
+      type: "boolean",
+      defaultValue: "false",
+
+      secret: false,
+    },
     host: {
       type: "string",
       defaultValue: "",
@@ -139,6 +144,42 @@ const configVariables: ConfigVariables = {
       obscured: true,
     },
   },
+  ldap: {
+    enabled: {
+      type: "boolean",
+      defaultValue: "false",
+      secret: false,
+    },
+
+    url: {
+      type: "string",
+      defaultValue: "",
+    },
+
+    bindDn: {
+      type: "string",
+      defaultValue: "",
+    },
+    bindPassword: {
+      type: "string",
+      defaultValue: "",
+      obscured: true,
+    },
+
+    searchBase: {
+      type: "string",
+      defaultValue: "",
+    },
+    searchQuery: {
+      type: "string",
+      defaultValue: ""
+    },
+
+    adminGroups: {
+      type: "string",
+      defaultValue: ""
+    }
+  },
   oauth: {
     "allowRegistration": {
       type: "boolean",
@@ -148,6 +189,11 @@ const configVariables: ConfigVariables = {
       type: "boolean",
       defaultValue: "true",
     },
+    "disablePassword": {
+      type: "boolean",
+      defaultValue: "false",
+      secret: false,
+    },
     "github-enabled": {
       type: "boolean",
       defaultValue: "false",
@@ -220,6 +266,18 @@ const configVariables: ConfigVariables = {
       type: "string",
       defaultValue: "",
     },
+    "oidc-rolePath": {
+      type: "string",
+      defaultValue: "",
+    },
+    "oidc-roleGeneralAccess": {
+      type: "string",
+      defaultValue: "",
+    },
+    "oidc-roleAdminAccess": {
+      type: "string",
+      defaultValue: "",
+    },
     "oidc-clientId": {
       type: "string",
       defaultValue: "",
@@ -229,7 +287,7 @@ const configVariables: ConfigVariables = {
       defaultValue: "",
       obscured: true,
     },
-  }
+  },
 };
 
 type ConfigVariables = {
@@ -281,12 +339,15 @@ async function seedConfigVariables() {
 
 async function migrateConfigVariables() {
   const existingConfigVariables = await prisma.config.findMany();
+  const orderMap: { [category: string]: number } = {};
 
   for (const existingConfigVariable of existingConfigVariables) {
     const configVariable =
       configVariables[existingConfigVariable.category]?.[
       existingConfigVariable.name
       ];
+
+    // Delete the config variable if it doesn't exist in the seed
     if (!configVariable) {
       await prisma.config.delete({
         where: {
@@ -297,15 +358,11 @@ async function migrateConfigVariables() {
         },
       });
 
-      // Update the config variable if the metadata changed
-    } else if (
-      JSON.stringify({
-        ...configVariable,
-        name: existingConfigVariable.name,
-        category: existingConfigVariable.category,
-        value: existingConfigVariable.value,
-      }) != JSON.stringify(existingConfigVariable)
-    ) {
+      // Update the config variable if it exists in the seed
+    } else {
+      const variableOrder = Object.keys(
+        configVariables[existingConfigVariable.category]
+      ).indexOf(existingConfigVariable.name);
       await prisma.config.update({
         where: {
           name_category: {
@@ -318,8 +375,10 @@ async function migrateConfigVariables() {
           name: existingConfigVariable.name,
           category: existingConfigVariable.category,
           value: existingConfigVariable.value,
+          order: variableOrder,
         },
       });
+      orderMap[existingConfigVariable.category] = variableOrder + 1;
     }
   }
 }

backend/src/auth/auth.controller.ts

@@ -45,12 +45,13 @@ export class AuthController {
   })
   async signUp(
     @Body() dto: AuthRegisterDTO,
+    @Req() { ip }: Request,
     @Res({ passthrough: true }) response: Response,
   ) {
     if (!this.config.get("share.allowRegistration"))
       throw new ForbiddenException("Registration is not allowed");
 
-    const result = await this.authService.signUp(dto);
+    const result = await this.authService.signUp(dto, ip);
 
     this.authService.addTokensToResponse(
       response,
@@ -71,9 +72,10 @@ export class AuthController {
   @HttpCode(200)
   async signIn(
     @Body() dto: AuthSignInDTO,
+    @Req() { ip }: Request,
     @Res({ passthrough: true }) response: Response,
   ) {
-    const result = await this.authService.signIn(dto);
+    const result = await this.authService.signIn(dto, ip);
 
     if (result.accessToken && result.refreshToken) {
       this.authService.addTokensToResponse(

backend/src/auth/auth.module.ts

@@ -5,6 +5,8 @@ import { AuthController } from "./auth.controller";
 import { AuthService } from "./auth.service";
 import { AuthTotpService } from "./authTotp.service";
 import { JwtStrategy } from "./strategy/jwt.strategy";
+import { LdapService } from "./ldap.service";
+import { UserModule } from "../user/user.module";
 
 @Module({
   imports: [
@@ -12,9 +14,10 @@ import { JwtStrategy } from "./strategy/jwt.strategy";
       global: true,
     }),
     EmailModule,
+    UserModule,
   ],
   controllers: [AuthController],
-  providers: [AuthService, AuthTotpService, JwtStrategy],
+  providers: [AuthService, AuthTotpService, JwtStrategy, LdapService],
   exports: [AuthService],
 })
-export class AuthModule {}
+export class AuthModule { }

backend/src/auth/auth.service.ts

@@ -2,6 +2,7 @@ import {
   BadRequestException,
   ForbiddenException,
   Injectable,
+  Logger,
   UnauthorizedException,
 } from "@nestjs/common";
 import { JwtService } from "@nestjs/jwt";
@@ -15,6 +16,9 @@ import { EmailService } from "src/email/email.service";
 import { PrismaService } from "src/prisma/prisma.service";
 import { AuthRegisterDTO } from "./dto/authRegister.dto";
 import { AuthSignInDTO } from "./dto/authSignIn.dto";
+import { LdapService } from "./ldap.service";
+import { inspect } from "util";
+import { UserSevice } from "../user/user.service";
 
 @Injectable()
 export class AuthService {
@@ -23,9 +27,12 @@ export class AuthService {
     private jwtService: JwtService,
     private config: ConfigService,
     private emailService: EmailService,
-  ) {}
+    private ldapService: LdapService,
+    private userService: UserSevice,
+  ) { }
+  private readonly logger = new Logger(AuthService.name);
 
-  async signUp(dto: AuthRegisterDTO) {
+  async signUp(dto: AuthRegisterDTO, ip: string, isAdmin?: boolean) {
     const isFirstUser = (await this.prisma.user.count()) == 0;
 
     const hash = dto.password ? await argon.hash(dto.password) : null;
@@ -35,7 +42,7 @@ export class AuthService {
           email: dto.email,
           username: dto.username,
           password: hash,
-          isAdmin: isFirstUser,
+          isAdmin: isAdmin ?? isFirstUser,
         },
       });
 
@@ -44,6 +51,7 @@ export class AuthService {
       );
       const accessToken = await this.createAccessToken(user, refreshTokenId);
 
+      this.logger.log(`User ${user.email} signed up from IP ${ip}`);
       return { accessToken, refreshToken, user };
     } catch (e) {
       if (e instanceof PrismaClientKnownRequestError) {
@@ -57,20 +65,37 @@ export class AuthService {
     }
   }
 
-  async signIn(dto: AuthSignInDTO) {
+  async signIn(dto: AuthSignInDTO, ip: string) {
     if (!dto.email && !dto.username)
       throw new BadRequestException("Email or username is required");
 
-    const user = await this.prisma.user.findFirst({
-      where: {
-        OR: [{ email: dto.email }, { username: dto.username }],
-      },
-    });
+    if (!this.config.get("oauth.disablePassword")) {
+      const user = await this.prisma.user.findFirst({
+        where: {
+          OR: [{ email: dto.email }, { username: dto.username }],
+        },
+      });
 
-    if (!user || !(await argon.verify(user.password, dto.password)))
-      throw new UnauthorizedException("Wrong email or password");
+      if (user?.password && await argon.verify(user.password, dto.password)) {
+        this.logger.log(`Successful password login for user ${user.email} from IP ${ip}`);
+        return this.generateToken(user);
+      }
+    }
 
-    return this.generateToken(user);
+    if (this.config.get("ldap.enabled")) {
+      this.logger.debug(`Trying LDAP login for user ${dto.username}`);
+      const ldapUser = await this.ldapService.authenticateUser(dto.username, dto.password);
+      if (ldapUser) {
+        const user = await this.userService.findOrCreateFromLDAP(dto.username, ldapUser);
+        this.logger.log(`Successful LDAP login for user ${user.email} from IP ${ip}`);
+        return this.generateToken(user);
+      }
+    }
+
+    this.logger.log(
+      `Failed login attempt for user ${dto.email || dto.username} from IP ${ip}`,
+    );
+    throw new UnauthorizedException("Wrong email or password");
   }
 
   async generateToken(user: User, isOAuth = false) {
@@ -94,6 +119,9 @@ export class AuthService {
   }
 
   async requestResetPassword(email: string) {
+    if (this.config.get("oauth.disablePassword"))
+      throw new ForbiddenException("Password sign in is disabled");
+
     const user = await this.prisma.user.findFirst({
       where: { email },
       include: { resetPasswordToken: true },
@@ -119,6 +147,9 @@ export class AuthService {
   }
 
   async resetPassword(token: string, newPassword: string) {
+    if (this.config.get("oauth.disablePassword"))
+      throw new ForbiddenException("Password sign in is disabled");
+
     const user = await this.prisma.user.findFirst({
       where: { resetPasswordToken: { token } },
     });
@@ -234,7 +265,7 @@ export class AuthService {
     if (accessToken)
       response.cookie("access_token", accessToken, {
         sameSite: "lax",
-        maxAge: 1000 * 60 * 15, // 15 minutes
+        maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months
       });
     if (refreshToken)
       response.cookie("refresh_token", refreshToken, {

backend/src/auth/ldap.service.ts

@@ -0,0 +1,154 @@
+import { Inject, Injectable, Logger } from "@nestjs/common";
+import * as ldap from "ldapjs";
+import { AttributeJson, InvalidCredentialsError, SearchCallbackResponse, SearchOptions } from "ldapjs";
+import { inspect } from "node:util";
+import { ConfigService } from "../config/config.service";
+
+type LdapSearchEntry = {
+    objectName: string,
+    attributes: AttributeJson[],
+};
+
+async function ldapExecuteSearch(client: ldap.Client, base: string, options: SearchOptions): Promise<LdapSearchEntry[]> {
+    const searchResponse = await new Promise<SearchCallbackResponse>((resolve, reject) => {
+        client.search(base, options, (err, res) => {
+            if (err) {
+                reject(err);
+            } else {
+                resolve(res);
+            }
+        });
+    });
+
+    return await new Promise<any[]>((resolve, reject) => {
+        const entries: LdapSearchEntry[] = [];
+        searchResponse.on("searchEntry", entry => entries.push({ attributes: entry.pojo.attributes, objectName: entry.pojo.objectName }));
+        searchResponse.once("error", reject);
+        searchResponse.once("end", () => resolve(entries));
+    });
+}
+
+async function ldapBindUser(client: ldap.Client, dn: string, password: string): Promise<void> {
+    return new Promise<void>((resolve, reject) => {
+        client.bind(dn, password, error => {
+            if (error) {
+                reject(error);
+            } else {
+                resolve();
+            }
+        });
+    })
+}
+
+async function ldapCreateConnection(logger: Logger, url: string): Promise<ldap.Client> {
+    const ldapClient = ldap.createClient({
+        url: url.split(","),
+        connectTimeout: 10_000,
+        timeout: 10_000
+    });
+
+    await new Promise((resolve, reject) => {
+        ldapClient.once("error", reject);
+        ldapClient.on("setupError", reject);
+        ldapClient.on("socketTimeout", reject);
+        ldapClient.on("connectRefused", () => reject(new Error("connection has been refused")));
+        ldapClient.on("connectTimeout", () => reject(new Error("connect timed out")));
+        ldapClient.on("connectError", reject);
+
+        ldapClient.on("connect", resolve);
+    }).catch(error => {
+        logger.error(`Connect error: ${inspect(error)}`);
+        ldapClient.destroy();
+        throw error;
+    });
+
+    return ldapClient;
+}
+
+export type LdapAuthenticateResult = {
+    userDn: string,
+    attributes: Record<string, string[]>
+};
+
+@Injectable()
+export class LdapService {
+    private readonly logger = new Logger(LdapService.name);
+    constructor(
+        @Inject(ConfigService)
+        private readonly serviceConfig: ConfigService,
+    ) { }
+
+    private async createLdapConnection(): Promise<ldap.Client> {
+        const ldapUrl = this.serviceConfig.get("ldap.url");
+        if (!ldapUrl) {
+            throw new Error("LDAP server URL is not defined");
+        }
+
+        const ldapClient = await ldapCreateConnection(this.logger, ldapUrl);
+        try {
+            const bindDn = this.serviceConfig.get("ldap.bindDn") || null;
+            if (bindDn) {
+                try {
+                    await ldapBindUser(ldapClient, bindDn, this.serviceConfig.get("ldap.bindPassword"))
+                } catch (error) {
+                    this.logger.warn(`Failed to bind to default user: ${error}`);
+                    throw new Error("failed to bind to default user");
+                }
+            }
+
+            return ldapClient;
+        } catch (error) {
+            ldapClient.destroy();
+            throw error;
+        }
+    }
+
+    public async authenticateUser(username: string, password: string): Promise<LdapAuthenticateResult | null> {
+        if (!username.match(/^[a-zA-Z0-0]+$/)) {
+            return null;
+        }
+
+        const searchBase = this.serviceConfig.get("ldap.searchBase");
+        const searchQuery = this.serviceConfig.get("ldap.searchQuery")
+            .replaceAll("%username%", username);
+
+        const ldapClient = await this.createLdapConnection();
+        try {
+            const [result] = await ldapExecuteSearch(ldapClient, searchBase, {
+                filter: searchQuery,
+                scope: "sub"
+            });
+
+            if (!result) {
+                /* user not found */
+                return null;
+            }
+
+            try {
+                await ldapBindUser(ldapClient, result.objectName, password);
+
+                /*
+                 * In theory we could query the user attributes now,
+                 * but as we must query the user attributes for validation anyways
+                 * we'll create a second ldap server connection.
+                 */
+                return {
+                    userDn: result.objectName,
+                    attributes: Object.fromEntries(result.attributes.map(attribute => [attribute.type, attribute.values])),
+                };
+            } catch (error) {
+                if (error instanceof InvalidCredentialsError) {
+                    return null;
+                }
+
+                this.logger.warn(`LDAP user bind failure: ${inspect(error)}`);
+                return null;
+            } finally {
+                ldapClient.destroy();
+            }
+        } catch (error) {
+            this.logger.warn(`LDAP connect error: ${inspect(error)}`);
+            return null;
+        }
+    }
+}

backend/src/email/email.service.ts

@@ -25,6 +25,11 @@ export class EmailService {
         user: this.config.get("smtp.username"),
         pass: this.config.get("smtp.password"),
       },
+      tls: {
+        rejectUnauthorized: !this.config.get(
+          "smtp.allowUnauthorizedCertificates",
+        ),
+      },
     });
   }
 
@@ -111,7 +116,8 @@ export class EmailService {
       this.config
         .get("email.inviteMessage")
         .replaceAll("{url}", loginUrl)
-        .replaceAll("{password}", password),
+        .replaceAll("{password}", password)
+        .replaceAll("{email}", recipientEmail),
     );
   }
 

backend/src/file/guard/fileSecurity.guard.ts

@@ -9,14 +9,16 @@ import * as moment from "moment";
 import { PrismaService } from "src/prisma/prisma.service";
 import { ShareSecurityGuard } from "src/share/guard/shareSecurity.guard";
 import { ShareService } from "src/share/share.service";
+import { ConfigService } from "src/config/config.service";
 
 @Injectable()
 export class FileSecurityGuard extends ShareSecurityGuard {
   constructor(
     private _shareService: ShareService,
     private _prisma: PrismaService,
+    _config: ConfigService,
   ) {
-    super(_shareService, _prisma);
+    super(_shareService, _prisma, _config);
   }
 
   async canActivate(context: ExecutionContext) {

backend/src/oauth/dto/oauthSignIn.dto.ts

@@ -3,4 +3,5 @@ export interface OAuthSignInDto {
   providerId: string;
   providerUsername: string;
   email: string;
+  isAdmin?: boolean;
 }

backend/src/oauth/oauth.controller.ts

@@ -85,7 +85,7 @@ export class OAuthController {
         accessToken?: string;
         refreshToken?: string;
         loginToken?: string;
-      } = await this.oauthService.signIn(user);
+      } = await this.oauthService.signIn(user, request.ip);
       if (token.accessToken) {
         this.authService.addTokensToResponse(
           response,

backend/src/oauth/oauth.service.ts

@@ -1,4 +1,4 @@
-import { Inject, Injectable } from "@nestjs/common";
+import { Inject, Injectable, Logger } from "@nestjs/common";
 import { User } from "@prisma/client";
 import { nanoid } from "nanoid";
 import { AuthService } from "../auth/auth.service";
@@ -15,6 +15,7 @@ export class OAuthService {
     private auth: AuthService,
     @Inject("OAUTH_PLATFORMS") private platforms: string[],
   ) {}
+  private readonly logger = new Logger(OAuthService.name);
 
   available(): string[] {
     return this.platforms
@@ -39,21 +40,25 @@ export class OAuthService {
     return Object.fromEntries(oauthUsers.map((u) => [u.provider, u]));
   }
 
-  async signIn(user: OAuthSignInDto) {
+  async signIn(user: OAuthSignInDto, ip: string) {
     const oauthUser = await this.prisma.oAuthUser.findFirst({
       where: {
         provider: user.provider,
         providerUserId: user.providerId,
       },
-      include: {
-        user: true,
-      },
     });
     if (oauthUser) {
-      return this.auth.generateToken(oauthUser.user, true);
+      await this.updateIsAdmin(user);
+      const updatedUser = await this.prisma.user.findFirst({
+        where: {
+          email: user.email,
+        },
+      });
+      this.logger.log(`Successful login for user ${user.email} from IP ${ip}`);
+      return this.auth.generateToken(updatedUser, true);
     }
 
-    return this.signUp(user);
+    return this.signUp(user, ip);
   }
 
   async link(
@@ -119,7 +124,7 @@ export class OAuthService {
     }
   }
 
-  private async signUp(user: OAuthSignInDto) {
+  private async signUp(user: OAuthSignInDto, ip: string) {
     // register
     if (!this.config.get("oauth.allowRegistration")) {
       throw new ErrorPageException("no_user", "/auth/signIn", [
@@ -148,14 +153,19 @@ export class OAuthService {
           userId: existingUser.id,
         },
       });
+      await this.updateIsAdmin(user);
       return this.auth.generateToken(existingUser, true);
     }
 
-    const result = await this.auth.signUp({
-      email: user.email,
-      username: await this.getAvailableUsername(user.providerUsername),
-      password: null,
-    });
+    const result = await this.auth.signUp(
+      {
+        email: user.email,
+        username: await this.getAvailableUsername(user.providerUsername),
+        password: null,
+      },
+      ip,
+      user.isAdmin,
+    );
 
     await this.prisma.oAuthUser.create({
       data: {
@@ -168,4 +178,16 @@ export class OAuthService {
 
     return result;
   }
+
+  private async updateIsAdmin(user: OAuthSignInDto) {
+    if ("isAdmin" in user)
+      await this.prisma.user.update({
+        where: {
+          email: user.email,
+        },
+        data: {
+          isAdmin: user.isAdmin,
+        },
+      });
+  }
 }

backend/src/oauth/provider/discord.provider.ts

@@ -101,10 +101,10 @@ export class DiscordProvider implements OAuthProvider<DiscordToken> {
       });
       const guilds = (await res.json()) as DiscordPartialGuild[];
       if (!guilds.some((guild) => guild.id === guildId)) {
-        throw new ErrorPageException("discord_guild_permission_denied");
+        throw new ErrorPageException("user_not_allowed");
       }
     } catch {
-      throw new ErrorPageException("discord_guild_permission_denied");
+      throw new ErrorPageException("user_not_allowed");
     }
   }
 }

backend/src/oauth/provider/genericOidc.provider.ts

@@ -2,6 +2,7 @@ import { Logger } from "@nestjs/common";
 import { ConfigService } from "../../config/config.service";
 import { JwtService } from "@nestjs/jwt";
 import { Cache } from "cache-manager";
+import * as jmespath from "jmespath";
 import { nanoid } from "nanoid";
 import { OAuthCallbackDto } from "../dto/oauthCallback.dto";
 import { OAuthProvider, OAuthToken } from "./oauthProvider.interface";
@@ -108,6 +109,11 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
     token: OAuthToken<OidcToken>,
     query: OAuthCallbackDto,
     claim?: string,
+    roleConfig?: {
+      path?: string;
+      generalAccess?: string;
+      adminAccess?: string;
+    },
   ): Promise<OAuthSignInDto> {
     const idTokenData = this.decodeIdToken(token.idToken);
     // maybe it's not necessary to verify the id token since it's directly obtained from the provider
@@ -128,6 +134,44 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
         idTokenData.name ||
         idTokenData.nickname;
 
+    let isAdmin: boolean;
+
+    if (roleConfig?.path) {
+      // A path to read roles from the token is configured
+      let roles: string[] | null;
+      try {
+        roles = jmespath.search(idTokenData, roleConfig.path);
+      } catch (e) {
+        roles = null;
+      }
+      if (Array.isArray(roles)) {
+        // Roles are found in the token
+        if (
+          roleConfig.generalAccess &&
+          !roles.includes(roleConfig.generalAccess)
+        ) {
+          // Role for general access is configured and the user does not have it
+          this.logger.error(
+            `User roles ${roles} do not include ${roleConfig.generalAccess}`,
+          );
+          throw new ErrorPageException("user_not_allowed");
+        }
+        if (roleConfig.adminAccess) {
+          // Role for admin access is configured
+          isAdmin = roles.includes(roleConfig.adminAccess);
+        }
+      } else {
+        this.logger.error(
+          `Roles not found at path ${roleConfig.path} in ID Token ${JSON.stringify(
+            idTokenData,
+            undefined,
+            2,
+          )}`,
+        );
+        throw new ErrorPageException("user_not_allowed");
+      }
+    }
+
     if (!username) {
       this.logger.error(
         `Can not get username from ID Token ${JSON.stringify(
@@ -146,6 +190,7 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
       email: idTokenData.email,
       providerId: idTokenData.sub,
       providerUsername: username,
+      ...(isAdmin !== undefined && { isAdmin }),
     };
   }
 

backend/src/oauth/provider/oidc.provider.ts

@@ -34,6 +34,15 @@ export class OidcProvider extends GenericOidcProvider {
     _?: string,
   ): Promise<OAuthSignInDto> {
     const claim = this.config.get("oauth.oidc-usernameClaim") || undefined;
-    return super.getUserInfo(token, query, claim);
+    const rolePath = this.config.get("oauth.oidc-rolePath") || undefined;
+    const roleGeneralAccess =
+      this.config.get("oauth.oidc-roleGeneralAccess") || undefined;
+    const roleAdminAccess =
+      this.config.get("oauth.oidc-roleAdminAccess") || undefined;
+    return super.getUserInfo(token, query, claim, {
+      path: rolePath,
+      generalAccess: roleGeneralAccess,
+      adminAccess: roleAdminAccess,
+    });
   }
 }

backend/src/reverseShare/dto/createReverseShare.dto.ts

@@ -13,4 +13,10 @@ export class CreateReverseShareDTO {
   @Min(1)
   @Max(1000)
   maxUseCount: number;
+
+  @IsBoolean()
+  simplified: boolean;
+
+  @IsBoolean()
+  publicAccess: boolean;
 }

backend/src/reverseShare/dto/reverseShare.dto.ts

@@ -13,6 +13,9 @@ export class ReverseShareDTO {
   @Expose()
   token: string;
 
+  @Expose()
+  simplified: boolean;
+
   from(partial: Partial<ReverseShareDTO>) {
     return plainToClass(ReverseShareDTO, partial, {
       excludeExtraneousValues: true,

backend/src/reverseShare/reverseShare.service.ts

@@ -49,6 +49,8 @@ export class ReverseShareService {
         remainingUses: data.maxUseCount,
         maxShareSize: data.maxShareSize,
         sendEmailNotification: data.sendEmailNotification,
+        simplified: data.simplified,
+        publicAccess: data.publicAccess,
         creatorId,
       },
     });

backend/src/share/dto/shareComplete.dto.ts

@@ -0,0 +1,19 @@
+import { Expose, plainToClass } from "class-transformer";
+import { ShareDTO } from "./share.dto";
+
+export class CompletedShareDTO extends ShareDTO {
+  @Expose()
+  notifyReverseShareCreator?: boolean;
+
+  from(partial: Partial<CompletedShareDTO>) {
+    return plainToClass(CompletedShareDTO, partial, {
+      excludeExtraneousValues: true,
+    });
+  }
+
+  fromList(partial: Partial<CompletedShareDTO>[]) {
+    return partial.map((part) =>
+      plainToClass(CompletedShareDTO, part, { excludeExtraneousValues: true }),
+    );
+  }
+}

backend/src/share/guard/shareSecurity.guard.ts

@@ -1,5 +1,4 @@
 import {
-  CanActivate,
   ExecutionContext,
   ForbiddenException,
   Injectable,
@@ -9,13 +8,19 @@ import { Request } from "express";
 import * as moment from "moment";
 import { PrismaService } from "src/prisma/prisma.service";
 import { ShareService } from "src/share/share.service";
+import { ConfigService } from "src/config/config.service";
+import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { User } from "@prisma/client";
 
 @Injectable()
-export class ShareSecurityGuard implements CanActivate {
+export class ShareSecurityGuard extends JwtGuard {
   constructor(
     private shareService: ShareService,
     private prisma: PrismaService,
-  ) {}
+    configService: ConfigService,
+  ) {
+    super(configService);
+  }
 
   async canActivate(context: ExecutionContext) {
     const request: Request = context.switchToHttp().getRequest();
@@ -31,7 +36,7 @@ export class ShareSecurityGuard implements CanActivate {
 
     const share = await this.prisma.share.findUnique({
       where: { id: shareId },
-      include: { security: true },
+      include: { security: true, reverseShare: true },
     });
 
     if (
@@ -53,6 +58,22 @@ export class ShareSecurityGuard implements CanActivate {
         "share_token_required",
       );
 
+    // Run the JWTGuard to set the user
+    await super.canActivate(context);
+    const user = request.user as User;
+
+    // Only the creator and reverse share creator can access the reverse share if it's not public
+    if (
+      share.reverseShare &&
+      !share.reverseShare.publicAccess &&
+      share.creatorId !== user?.id &&
+      share.reverseShare.creatorId !== user?.id
+    )
+      throw new ForbiddenException(
+        "Only reverse share creator can access this share",
+        "private_share",
+      );
+
     return true;
   }
 }

backend/src/share/share.controller.ts

@@ -10,9 +10,11 @@ import {
   Res,
   UseGuards,
 } from "@nestjs/common";
+import { JwtService } from "@nestjs/jwt";
 import { Throttle } from "@nestjs/throttler";
 import { User } from "@prisma/client";
 import { Request, Response } from "express";
+import * as moment from "moment";
 import { GetUser } from "src/auth/decorator/getUser.decorator";
 import { AdministratorGuard } from "src/auth/guard/isAdmin.guard";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
@@ -27,9 +29,13 @@ import { ShareOwnerGuard } from "./guard/shareOwner.guard";
 import { ShareSecurityGuard } from "./guard/shareSecurity.guard";
 import { ShareTokenSecurity } from "./guard/shareTokenSecurity.guard";
 import { ShareService } from "./share.service";
+import { CompletedShareDTO } from "./dto/shareComplete.dto";
 @Controller("shares")
 export class ShareController {
-  constructor(private shareService: ShareService) {}
+  constructor(
+    private shareService: ShareService,
+    private jwtService: JwtService,
+  ) {}
 
   @Get("all")
   @UseGuards(JwtGuard, AdministratorGuard)
@@ -81,7 +87,7 @@ export class ShareController {
   @UseGuards(CreateShareGuard, ShareOwnerGuard)
   async complete(@Param("id") id: string, @Req() request: Request) {
     const { reverse_share_token } = request.cookies;
-    return new ShareDTO().from(
+    return new CompletedShareDTO().from(
       await this.shareService.complete(id, reverse_share_token),
     );
   }
@@ -121,10 +127,13 @@ export class ShareController {
   @Post(":id/token")
   async getShareToken(
     @Param("id") id: string,
+    @Req() request: Request,
     @Res({ passthrough: true }) response: Response,
     @Body() body: SharePasswordDto,
   ) {
     const token = await this.shareService.getShareToken(id, body.password);
+
+    this.clearShareTokenCookies(request, response);
     response.cookie(`share_${id}_token`, token, {
       path: "/",
       httpOnly: true,
@@ -132,4 +141,32 @@ export class ShareController {
 
     return { token };
   }
+
+  /**
+   * Keeps the 10 most recent share token cookies and deletes the rest and all expired ones
+   */
+  private clearShareTokenCookies(request: Request, response: Response) {
+    const shareTokenCookies = Object.entries(request.cookies)
+      .filter(([key]) => key.startsWith("share_") && key.endsWith("_token"))
+      .map(([key, value]) => ({
+        key,
+        payload: this.jwtService.decode(value),
+      }));
+
+    const expiredTokens = shareTokenCookies.filter(
+      (cookie) => cookie.payload.exp < moment().unix(),
+    );
+    const validTokens = shareTokenCookies.filter(
+      (cookie) => cookie.payload.exp >= moment().unix(),
+    );
+
+    expiredTokens.forEach((cookie) => response.clearCookie(cookie.key));
+
+    if (validTokens.length > 10) {
+      validTokens
+        .sort((a, b) => a.payload.exp - b.payload.exp)
+        .slice(0, -10)
+        .forEach((cookie) => response.clearCookie(cookie.key));
+    }
+  }
 }

backend/src/share/share.service.ts

@@ -4,7 +4,7 @@ import {
   Injectable,
   NotFoundException,
 } from "@nestjs/common";
-import { JwtService } from "@nestjs/jwt";
+import { JwtService, JwtSignOptions } from "@nestjs/jwt";
 import { Share, User } from "@prisma/client";
 import * as archiver from "archiver";
 import * as argon from "argon2";
@@ -159,11 +159,12 @@ export class ShareService {
       );
     }
 
-    if (
-      share.reverseShare &&
-      this.config.get("smtp.enabled") &&
-      share.reverseShare.sendEmailNotification
-    ) {
+    const notifyReverseShareCreator = share.reverseShare
+      ? this.config.get("smtp.enabled") &&
+        share.reverseShare.sendEmailNotification
+      : undefined;
+
+    if (notifyReverseShareCreator) {
       await this.emailService.sendMailToReverseShareCreator(
         share.reverseShare.creator.email,
         share.id,
@@ -180,10 +181,15 @@ export class ShareService {
       });
     }
 
-    return this.prisma.share.update({
+    const updatedShare = await this.prisma.share.update({
       where: { id },
       data: { uploadLocked: true },
     });
+
+    return {
+      ...updatedShare,
+      notifyReverseShareCreator,
+    };
   }
 
   async revertComplete(id: string) {
@@ -239,7 +245,11 @@ export class ShareService {
     const share = await this.prisma.share.findUnique({
       where: { id },
       include: {
-        files: true,
+        files: {
+          orderBy: {
+            name: "asc",
+          },
+        },
         creator: true,
         security: true,
       },
@@ -328,15 +338,21 @@ export class ShareService {
     const { expiration } = await this.prisma.share.findUnique({
       where: { id: shareId },
     });
-    return this.jwtService.sign(
-      {
-        shareId,
-      },
-      {
-        expiresIn: moment(expiration).diff(new Date(), "seconds") + "s",
-        secret: this.config.get("internal.jwtSecret"),
-      },
-    );
+
+    const tokenPayload = {
+      shareId,
+      iat: moment().unix(),
+    };
+
+    const tokenOptions: JwtSignOptions = {
+      secret: this.config.get("internal.jwtSecret"),
+    };
+
+    if (!moment(expiration).isSame(0)) {
+      tokenOptions.expiresIn = moment(expiration).diff(new Date(), "seconds");
+    }
+
+    return this.jwtService.sign(tokenPayload, tokenOptions);
   }
 
   async verifyShareToken(shareId: string, token: string) {

backend/src/user/dto/user.dto.ts

@@ -25,16 +25,21 @@ export class UserDTO {
   @Expose()
   isAdmin: boolean;
 
+  @Expose()
+  isLdap: boolean;
+
+  ldapDN?: string;
+
   @Expose()
   totpVerified: boolean;
 
   from(partial: Partial<UserDTO>) {
-    return plainToClass(UserDTO, partial, { excludeExtraneousValues: true });
+    const result = plainToClass(UserDTO, partial, { excludeExtraneousValues: true });
+    result.isLdap = partial.ldapDN?.length > 0;
+    return result;
   }
 
   fromList(partial: Partial<UserDTO>[]) {
-    return partial.map((part) =>
-      plainToClass(UserDTO, part, { excludeExtraneousValues: true }),
-    );
+    return partial.map((part) => this.from(part));
   }
 }

backend/src/user/user.module.ts

@@ -8,5 +8,6 @@ import { FileModule } from "src/file/file.module";
   imports: [EmailModule, FileModule],
   providers: [UserSevice],
   controllers: [UserController],
+  exports: [UserSevice]
 })
-export class UserModule {}
+export class UserModule { }

backend/src/user/user.service.ts

@@ -7,6 +7,8 @@ import { PrismaService } from "src/prisma/prisma.service";
 import { FileService } from "../file/file.service";
 import { CreateUserDTO } from "./dto/createUser.dto";
 import { UpdateUserDto } from "./dto/updateUser.dto";
+import { ConfigService } from "../config/config.service";
+import { LdapAuthenticateResult } from "../auth/ldap.service";
 
 @Injectable()
 export class UserSevice {
@@ -14,7 +16,8 @@ export class UserSevice {
     private prisma: PrismaService,
     private emailService: EmailService,
     private fileService: FileService,
-  ) {}
+    private configService: ConfigService,
+  ) { }
 
   async list() {
     return await this.prisma.user.findMany();
@@ -88,4 +91,41 @@ export class UserSevice {
 
     return await this.prisma.user.delete({ where: { id } });
   }
+
+  async findOrCreateFromLDAP(username: string, ldap: LdapAuthenticateResult) {
+    const passwordHash = await argon.hash(crypto.randomUUID());
+    const userEmail = ldap.attributes["userPrincipalName"]?.at(0) ?? `${crypto.randomUUID()}@ldap.local`;
+    const adminGroup = this.configService.get("ldap.adminGroups");
+    const isAdmin = ldap.attributes["memberOf"]?.includes(adminGroup) ?? false;
+    try {
+      return await this.prisma.user.upsert({
+        create: {
+          username,
+          email: userEmail,
+          password: passwordHash,
+          isAdmin,
+          ldapDN: ldap.userDn,
+        },
+        update: {
+          username,
+          email: userEmail,
+
+          isAdmin,
+          ldapDN: ldap.userDn,
+        },
+        where: {
+          ldapDN: ldap.userDn
+        }
+      });
+    } catch (e) {
+      if (e instanceof PrismaClientKnownRequestError) {
+        if (e.code == "P2002") {
+          const duplicatedField: string = e.meta.target[0];
+          throw new BadRequestException(
+            `A user with this ${duplicatedField} already exists`,
+          );
+        }
+      }
+    }
+  }
 }

docker-compose-dev.yml

@@ -1,4 +1,3 @@
-version: '3.8'
 services:
   clamav:
     restart: unless-stopped

docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3.8'
 services:
   pingvin-share:
     image: stonith404/pingvin-share

docs/CONTRIBUTING.es.md

@@ -1,95 +0,0 @@
-_Leer esto en otro idioma: [Inglés](/CONTRIBUTING.md), [Español](/docs/CONTRIBUTING.es.md), [Chino Simplificado](/docs/CONTRIBUTING.zh-cn.md)_
-
----
-
-# Contribuyendo
-
-¡Nos ❤️ encantaría que contribuyas a Pingvin Share y nos ayudes a hacerlo mejor! Todas las contribuciones son bienvenidas, incluyendo problemas, sugerencias, _pull requests_ y más.
-
-## Para comenzar
-
-Si encontraste un error, tienes una sugerencia o algo más, simplemente crea un problema (issue) en GitHub y nos pondremos en contacto contigo 😊.
-
-## Para hacer una Pull Request
-
-Antes de enviar la pull request para su revisión, asegúrate de que:
-
-- El nombre de la pull request sigue las [especificaciones de Commits Convencionales](https://www.conventionalcommits.org/):
-
-  `<tipo>[ámbito opcional]: <descripción>`
-
-  ejemplo:
-
-  ```
-  feat(share): agregar protección con contraseña
-  ```
-
-  Donde `tipo` puede ser:
-
-  - **feat** - es una nueva función
-  - **doc** - cambios solo en la documentación
-  - **fix** - una corrección de error
-  - **refactor** - cambios en el código que no solucionan un error ni agregan una función
-
-- Tu pull requests tiene una descripción detallada.
-
-- Ejecutaste `npm run format` para formatear el código.
-
-<details>
-  <summary>¿No sabes como crear una pull request? Aprende cómo crear una pull request</summary>
-
-1. Crea un fork del repositorio haciendo clic en el botón `Fork` en el repositorio de Pingvin Share.
-
-2. Clona tu fork en tu máquina con `git clone`.
-
-```
-$ git clone https://github.com/[your_username]/pingvin-share
-```
-
-3. Trabajar - hacer commit - repetir
-
-4. Haz un `push` de tus cambios a GitHub.
-
-```
-$ git push origin [nombre_de_tu_nueva_rama]
-```
-
-5. Envía tus cambios para su revisión. Si vas a tu repositorio en GitHub, verás un botón `Comparar y crear pull requests`. Haz clic en ese botón.
-6. Inicia una Pull Request
-7. Ahora envía la pull requests y haz clic en `Crear pull requests`
-8. Espera a que alguien revise tu solicitud y apruebe o rechace tus cambios. Puedes ver los comentarios en la página de la solicitud en GitHub.
-
-</details>
-
-## Instalación del proyecto
-
-Pingvin Share consiste de un frontend y un backend.
-
-### Backend
-
-El backend está hecho con [Nest.js](https://nestjs.com) y usa Typescript.
-
-#### Instalación
-
-1. Abrimos la carpeta `backend`
-2. Instalamos las dependencias con `npm install`
-3. Haz un `push` del esquema de la base de datos a la base de datos ejecutando `npx prisma db push`
-4. Rellena la base de datos ejecutando `npx prisma db seed`
-5. Inicia el backend con `npm run dev`
-
-### Frontend
-
-El frontend está hecho con [Next.js](https://nextjs.org) y usa Typescript.
-
-#### Instalación
-
-1. Primero inicia el backend
-2. Abre la carpeta `frontend`
-3. Instala las dependencias con `npm install`
-4. Inicia el frontend con `npm run dev`
-
-¡Ya está todo listo!
-
-### Testing
-
-Por el momento, solo tenemos pruebas para el backend. Para ejecutar estas pruebas, debes ejecutar el comando `npm run test:system` en la carpeta del backend.

docs/CONTRIBUTING.zh-cn.md

@@ -1,97 +0,0 @@
-_选择合适的语言阅读: [西班牙语](/docs/CONTRIBUTING.es.md), [英语](/CONTRIBUTING.md), [简体中文](/docs/CONTRIBUTING.zh-cn.md)_
-
----
-
-# 提交贡献
-
-我们非常感谢你 ❤️ 为 Pingvin Share 提交贡献使其变得更棒! 欢迎任何形式的贡献，包括 issues, 建议, PRs 和其他形式
-
-## 小小的开始
-
-你找到了一个 bug，有新特性建议或者其他提议，请在 GitHub 建立一个 issue 以便我和你联络 😊
-
-## 提交一个 Pull Request
-
-在你提交 PR 前请确保
-
-- PR 的名字遵守 [Conventional Commits specification](https://www.conventionalcommits.org):
-
-  `<type>[optional scope]: <description>`
-
-  例如:
-
-  ```
-  feat(share): add password protection
-  ```
-
-  `TYPE` 可以是:
-
-  - **feat** - 这是一个新特性 feature
-  - **doc** - 仅仅改变了文档部分 documentation
-  - **fix** - 修复了一个 bug
-  - **refactor** - 更新了代码，但是并非出于增加新特性 feature 或修复 bug 的目的
-
-- 请在 PR 中附详细的解释说明
-- 使用 `npm run format` 格式化你的代码
-
-<details>
-  <summary>不知道怎么发起一个 PR？ 点开了解怎么发起一个 PR </summary>
-
-1. 点击 Pingvin Share 仓库的 `Fork` 按钮，复制一份你的仓库
-
-2. 通过 `git clone` 将你的仓库克隆到本地
-
-```
-$ git clone https://github.com/[你的用户名]/pingvin-share
-```
-
-3. 进行你的修改 - 提交 commit 你的修改 - 重复直到完成
-
-4. 将你的修改提交到 GitHub
-
-```
-$ git push origin [你的新分支的名字]
-```
-
-5. 提交你的代码以便代码审查
-
-   如果你进入你 fork 的 Github 仓库，你会看到一个 `Compare & pull request` 按钮，点击该按钮
-
-6. 发起一个 PR
-7. 点击 `Create pull request` 来提交你的 PR
-8. 等待代码审查，通过或以某些原因拒绝
-
-</details>
-
-## 配置开发项目
-
-Pingvin Share 包括前端和后端部分
-
-### 后端
-
-后端使用 [Nest.js](https://nestjs.com) 建立，使用 Typescript
-
-#### 搭建
-
-1. 打开 `backend` 文件夹
-2. 使用 `npm install` 安装依赖
-3. 通过 `npx prisma db push` 配置数据库结构
-4. 通过 `npx prisma db seed` 初始化数据库数据
-5. 通过 `npm run dev` 启动后端
-
-### 前端
-
-后端使用 [Next.js](https://nextjs.org) 建立，使用 Typescript
-
-#### 搭建
-
-1. 首先启动后端
-2. 打开 `frontend` 文件夹
-3. 通过 `npm install` 安装依赖
-4. 通过 `npm run dev` 启动前端
-
-开发项目配置完成
-
-### 测试
-
-目前阶段我们只有后端的系统测试，在 `backend` 文件夹运行 `npm run test:system` 来执行系统测试

docs/README.es.md

@@ -1,129 +0,0 @@
-# <div align="center"><img  src="https://user-images.githubusercontent.com/58886915/166198400-c2134044-1198-4647-a8b6-da9c4a204c68.svg" width="40"/> </br>Pingvin Share</div>
-
----
-
-_Leer esto en otro idioma: [Inglés](/README.md), [Español](/docs/README.es.md), [Chino Simplificado](/docs/README.zh-cn.md), [日本語](/docs/README.ja-jp.md)_
-
----
-
-Pingvin Share es una plataforma de intercambio de archivos autoalojada y una alternativa a WeTransfer.
-
-## ✨ Características
-
-- Compartir archivos utilizando un enlace
-- Tamaño de archivo ilimitado (unicamente restringido por el espacio en disco)
-- Establecer una fecha de caducidad para los recursos compartidos
-- Uso compartido seguro con límites de visitantes y contraseñas
-- Destinatarios de correo electrónico
-- Integración con ClamAV para escaneos de seguridad
-
-## 🐧 Conoce Pingvin Share
-
-- [Demo](https://pingvin-share.dev.eliasschneider.com)
-- [Reseña realizada por No Solo Hacking (español)](https://www.youtube.com/watch?v=ocd4EpLTYkU)
-- [Reseña por DB Tech (inglés)](https://www.youtube.com/watch?v=rWwNeZCOPJA)
-
-<img src="https://user-images.githubusercontent.com/58886915/225038319-b2ef742c-3a74-4eb6-9689-4207a36842a4.png" width="700"/>
-
-## ⌨️ Instalación
-
-> Nota: Pingvin Share está en sus primeras etapas y puede contener errores.
-
-### Instalación con Docker (recomendada)
-
-1. Descarge el archivo `docker-compose.yml`
-2. Ejecute `docker-compose up -d`
-
-El sitio web ahora está esperando conexiones en `http://localhost:3000`, ¡diviértase usando Pingvin Share 🐧!
-
-### Instalación autónoma
-
-Herramientas requeridas:
-
-- [Node.js](https://nodejs.org/en/download/) >= 16
-- [Git](https://git-scm.com/downloads)
-- [pm2](https://pm2.keymetrics.io/) para ejecutar Pingvin Share en segundo plano
-
-```bash
-git clone https://github.com/stonith404/pingvin-share
-cd pingvin-share
-
-# Consultar la última versión
-git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-# Iniciar el backend
-cd backend
-npm install
-npm run build
-pm2 start --name="pingvin-share-backend" npm -- run prod
-
-# Iniciar el frontend
-cd ../frontend
-npm install
-npm run build
-pm2 start --name="pingvin-share-frontend" npm -- run start
-```
-
-El sitio web ahora está esperando conexiones en `http://localhost:3000`, ¡diviértase usando Pingvin Share 🐧!
-
-### Integraciones
-
-#### ClamAV (Unicamente con Docker)
-
-ClamAV se utiliza para escanear los recursos compartidos en busca de archivos maliciosos y eliminarlos si los encuentra.
-
-1. Añade el contenedor ClamAV al stack de Docker Compose (ver `docker-compose.yml`) e inicie el contenedor.
-2. Docker esperará a que ClamAV se inicie antes de iniciar Pingvin Share. Esto puede tardar uno o dos minutos.
-3. Los registros de Pingvin Share ahora deberían decir "ClamAV está activo".
-
-Por favor, ten en cuenta que ClamAV necesita muchos [recursos](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).
-
-### Recursos adicionales
-
-- [Instalación en Synology NAS (Inglés)](https://mariushosting.com/how-to-install-pingvin-share-on-your-synology-nas/)
-
-### Actualizar a una nueva versión
-
-Dado que Pingvin Share se encuentra en una fase inicial, consulte las notas de la versión para conocer los cambios de última hora antes de actualizar.
-
-#### Docker
-
-```bash
-docker compose pull
-docker compose up -d
-```
-
-#### Instalación autónoma
-
-1. Deten la aplicación en ejecución
-
-   ```bash
-   pm2 stop pingvin-share-backend pingvin-share-frontend
-   ```
-
-2. Repite los pasos de la [guía de instalación](#instalación-autonoma) excepto el paso de `git clone`.
-
-   ```bash
-   cd pingvin-share
-
-   # Consultar la última versión
-   git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-   # Iniciar el backend
-   cd backend
-   npm run build
-   pm2 restart pingvin-share-backend
-
-   # Iniciar frontend
-   cd ../frontend
-   npm run build
-   pm2 restart pingvin-share-frontend
-   ```
-
-### Marca personalizada
-
-Puedes cambiar el nombre y el logotipo de la aplicación visitando la página de configuración de administrador.
-
-## 🖤 Contribuye
-
-¡Eres bienvenido a contribuir a Pingvin Share! Sige la [guía de contribución](/CONTRIBUTING.md) para empezar.

docs/README.ja-jp.md

@@ -1,158 +0,0 @@
-# <div align="center"><img  src="https://user-images.githubusercontent.com/58886915/166198400-c2134044-1198-4647-a8b6-da9c4a204c68.svg" width="40"/> </br>Pingvin Share</div>
-
----
-
-_READMEを別の言語で読む: [Spanish](/docs/README.es.md), [English](/README.md), [Simplified Chinese](/docs/README.zh-cn.md), [日本語](/docs/README.ja-jp.md)_
-
----
-
-Pingvin Share は、セルフホスト型のファイル共有プラットフォームであり、WeTransfer、ギガファイル便などの代替プラットフォームです。
-
-## ✨ 特徴的な機能
-
-- リンクを用いたファイル共有
-- ファイルサイズ無制限 (ストレージスペースの範囲内で)
-- 共有への有効期限の設定
-- 訪問回数の制限とパスワードの設定により共有を安全に保つ
-- メールでリンクを共有
-- ClamAVと連携して、ウイルスチェックが可能
-
-## 🐧 Pingvin Shareについて知る
-
-- [デモ](https://pingvin-share.dev.eliasschneider.com)
-- [DB Techによるレビュー](https://www.youtube.com/watch?v=rWwNeZCOPJA)
-
-<img src="https://user-images.githubusercontent.com/58886915/225038319-b2ef742c-3a74-4eb6-9689-4207a36842a4.png" width="700"/>
-
-## ⌨️ セットアップ
-
-> 注意: Pingvin Shareは、早期段階であり、バグが含まれている場合があります。
-
-### Dockerでインストール (おすすめ)
-
-1. `docker-compose.yml`ファイルをダウンロード
-2. `docker-compose up -d`を実行
-
-Webサイトは、`http://localhost:3000`でリッスンされます。これでPingvin Shareをお使い頂けます🐧!
-
-### スタンドアローンインストール
-
-必要なツール:
-
-- [Node.js](https://nodejs.org/en/download/) >= 16
-- [Git](https://git-scm.com/downloads)
-- [pm2](https://pm2.keymetrics.io/) Pingvin Shareをバックグラウンドで動作させるために必要
-
-```bash
-git clone https://github.com/stonith404/pingvin-share
-cd pingvin-share
-
-# 最新バージョンをチェックアウト
-git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-# バックエンドを開始
-cd backend
-npm install
-npm run build
-pm2 start --name="pingvin-share-backend" npm -- run prod
-
-#フロントエンドを開始
-cd ../frontend
-npm install
-npm run build
-pm2 start --name="pingvin-share-frontend" npm -- run start
-```
-
-Webサイトは、`http://localhost:3000`でリッスンされます。これでPingvin Shareをお使い頂けます🐧!
-
-### 連携機能
-
-#### ClamAV (Dockerのみ)
-
-ClamAVは、共有されたファイルをスキャンし、感染したファイルを見つけた場合に削除するために使用されます。
-
-1. ClamAVコンテナをDocker Composeの定義ファイル(`docker-compose.yml`を確認)に追加し、コンテナを開始してください。
-2. Dockerは、Pingvin Shareを開始する前に、ClamAVの準備が整うまで待機します。これには、1分から2分ほどかかります。
-3. Pingvin Shareのログに"ClamAV is active"というログが記録されます。
-
-ClamAVは、非常に多くのリソースを必要とします、詳しくは[リソース](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements)をご確認ください。
-
-### 追加情報
-
-- [Synology NASへのインストール方法](https://mariushosting.com/how-to-install-pingvin-share-on-your-synology-nas/)
-
-### 新しいバージョンへのアップグレード
-
-Pingvin Shareは早期段階のため、アップグレード前に必ずリリースノートを確認して、アップグレードしても問題ないかどうかご確認ください。
-
-#### Docker
-
-```bash
-docker compose pull
-docker compose up -d
-```
-
-#### スタンドアローン
-
-1. アプリを停止する
-   ```bash
-   pm2 stop pingvin-share-backend pingvin-share-frontend
-   ```
-2. `git clone`のステップを除いて、[インストールガイド](#stand-alone-installation)をくり返してください。
-
-   ```bash
-   cd pingvin-share
-
-   # 最新バージョンをチェックアウト
-   git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-   # バックエンドを開始
-   cd backend
-   npm run build
-   pm2 restart pingvin-share-backend
-
-   #フロントエンドを開始
-   cd ../frontend
-   npm run build
-   pm2 restart pingvin-share-frontend
-   ```
-
-### 設定
-
-管理者のダッシュボード内の「設定」ページから、Pingvin Shareをカスタマイズできます。
-
-#### 環境変数
-
-インストール時の特定の設定で、環境変数を使用できます。次の環境変数が使用可能です:
-
-##### バックエンド
-
-| 変数名            | デフォルト値                                        | 説明                                   |
-| ---------------- | -------------------------------------------------- | -------------------------------------- |
-| `PORT`           | `8080`                                             | バックエンドがリッスンするポート番号       |
-| `DATABASE_URL`   | `file:../data/pingvin-share.db?connection_limit=1` | SQLiteのURL                             |
-| `DATA_DIRECTORY` | `./data`                                           | データを保管するディレクトリ               |
-| `CLAMAV_HOST`    | `127.0.0.1`                                        | ClamAVサーバーのIPアドレス               |
-| `CLAMAV_PORT`    | `3310`                                             | ClamAVサーバーのポート番号                |
-
-##### フロントエンド
-
-| 変数名     | デフォルト値             | 説明                                          |
-| --------- | ----------------------- | ----------------------------------------      |
-| `PORT`    | `3000`                  | フロントエンドがリッスンするポート番号            |
-| `API_URL` | `http://localhost:8080` | フロントエンドからアクセスするバックエンドへのURL |
-
-## 🖤 コントリビュート
-
-### 翻訳
-
-Pingvin Shareをあなたが使用している言語に翻訳するお手伝いを募集しています。
-[Crowdin](https://crowdin.com/project/pingvin-share)上で、簡単にPingvin Shareの翻訳作業への参加が可能です。
-
-あなたの言語がありませんか？ 気軽に[リクエスト](https://github.com/stonith404/pingvin-share/issues/new?assignees=&labels=language-request&projects=&template=language-request.yml&title=%F0%9F%8C%90+Language+request%3A+%3Clanguage+name+in+english%3E)してください。
-
-翻訳中に問題がありましたか？ [ローカライズに関するディスカッション](https://github.com/stonith404/pingvin-share/discussions/198)に是非参加してください。
-
-### プロジェクト
-
-Pingvin Shareへのコントリビュートをいつでもお待ちしています！ [コントリビューションガイド](/CONTRIBUTING.md)を確認して、是非参加してください。

docs/README.zh-cn.md

@@ -1,126 +0,0 @@
-# <div align="center"><img  src="https://user-images.githubusercontent.com/58886915/166198400-c2134044-1198-4647-a8b6-da9c4a204c68.svg" width="40"/> </br>Pingvin Share</div>
-
----
-
-_选择合适的语言阅读: [西班牙语](/docs/README.es.md), [英语](/README.md), [简体中文](/docs/README.zh-cn.md), [日本语](/docs/README.ja-jp.md)_
-
----
-
-Pingvin Share 是一个可自建的文件分享平台，是 WeTransfer 的一个替代品
-
-## ✨ 特性
-
-- 通过可自定义后缀的链接分享文件
-- 可自定义任意大小的文件上传限制 (受制于托管所在的硬盘大小)
-- 对共享链接设置有效期限
-- 对共享链接设置访问次数和访问密码
-- 通过邮件自动发送共享链接
-- 整合 ClamAV 进行反病毒检查
-
-## 🐧 了解一下 Pingvin Share
-
-- [示例网站](https://pingvin-share.dev.eliasschneider.com)
-- [DB Tech 推荐视频](https://www.youtube.com/watch?v=rWwNeZCOPJA)
-
-<img src="https://user-images.githubusercontent.com/58886915/225038319-b2ef742c-3a74-4eb6-9689-4207a36842a4.png" width="700"/>
-
-## ⌨️ 自建指南
-
-> 注意：Pingvin Share 仍处于开发阶段并且可能存在 bugs
-
-### Docker 部署 (推荐)
-
-1. 下载 `docker-compose.yml`
-2. 运行命令 `docker-compose up -d`
-
-现在网站运行在 `http://localhost:3000`，尝试一下你本地的 Pingvin Share 🐧!
-
-### Stand-alone 部署
-
-必须的依赖:
-
-- [Node.js](https://nodejs.org/en/download/) >= 16
-- [Git](https://git-scm.com/downloads)
-- [pm2](https://pm2.keymetrics.io/) 用于后台运行 Pingvin Share
-
-```bash
-git clone https://github.com/stonith404/pingvin-share
-cd pingvin-share
-
-# 获取最新的版本
-git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-# 启动后端 backend
-cd backend
-npm install
-npm run build
-pm2 start --name="pingvin-share-backend" npm -- run prod
-
-# 启动前端 frontend
-cd ../frontend
-npm install
-npm run build
-pm2 start --name="pingvin-share-frontend" npm -- run start
-```
-
-现在网站运行在 `http://localhost:3000`，尝试一下你本地的 Pingvin Share 🐧!
-
-### 整合组件
-
-#### ClamAV (仅限 Docker 部署)
-
-扫描上传文件中是否存在可疑文件，如果存在 ClamAV 会自动移除
-
-1. 在 docker-compose 配置中添加 ClamAV 容器 (见 `docker-compose.yml` 注释部分) 并启动容器
-2. Docker 会在启动 Pingvin Share 前启动 ClamAV，也许会花费 1-2 分钟
-3. Pingvin Share 日志中应该有 "ClamAV is active"
-
-请注意 ClamAV 会消耗很多 [系统资源(特别是内存)](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements)
-
-### 更多资源
-
-- [群晖 NAS 配置](https://mariushosting.com/how-to-install-pingvin-share-on-your-synology-nas/)
-
-### 升级
-
-因为 Pingvin Share 仍处在开发阶段，在升级前请务必阅读 release notes 避免不可逆的改变
-
-#### Docker 升级
-
-```bash
-docker compose pull
-docker compose up -d
-```
-
-#### Stand-alone 升级
-
-1. 停止正在运行的 app
-   ```bash
-   pm2 stop pingvin-share-backend pingvin-share-frontend
-   ```
-2. 重复 [installation guide](#stand-alone-installation) 中的步骤，除了 `git clone` 这一步
-
-   ```bash
-   cd pingvin-share
-
-   # 获取最新的版本
-   git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
-
-   # 启动后端 backend
-   cd backend
-   npm run build
-   pm2 restart pingvin-share-backend
-
-   # 启动前端 frontend
-   cd ../frontend
-   npm run build
-   pm2 restart pingvin-share-frontend
-   ```
-
-### 自定义品牌
-
-你可以在管理员配置页面改变网站的名字和 logo
-
-## 🖤 提交贡献
-
-非常欢迎向 Pingvin Share 提交贡献! 请阅读 [contribution guide](/CONTRIBUTING.md) 来提交你的贡献

docs/babel.config.js

@@ -0,0 +1,3 @@
+module.exports = {
+  presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
+};

docs/docs/help-out/contribute.md

@@ -0,0 +1,91 @@
+# Contributing
+
+We would ❤️ for you to contribute to Pingvin Share and help make it better! All contributions are welcome, including issues, suggestions, pull requests and more.
+
+## Getting started
+
+You've found a bug, have suggestion or something else, just create an issue on GitHub and we can get in touch 😊.
+
+## Submit a Pull Request
+
+Before you submit the pull request for review please ensure that
+
+- The pull request naming follows the [Conventional Commits specification](https://www.conventionalcommits.org):
+
+  `<type>[optional scope]: <description>`
+
+  example:
+
+  ```
+  feat(share): add password protection
+  ```
+
+  When `TYPE` can be:
+
+  - **feat** - is a new feature
+  - **doc** - documentation only changes
+  - **fix** - a bug fix
+  - **refactor** - code change that neither fixes a bug nor adds a feature
+
+- Your pull request has a detailed description
+- You run `npm run format` to format the code
+
+<details>
+  <summary>Don't know how to create a pull request? Learn how to create a pull request</summary>
+
+1. Create a fork of the repository by clicking on the `Fork` button in the Pingvin Share repository
+
+2. Clone your fork to your machine with `git clone`
+
+```
+$ git clone https://github.com/[your_username]/pingvin-share
+```
+
+3. Work - commit - repeat
+
+4. Push changes to GitHub
+
+```
+$ git push origin [name_of_your_new_branch]
+```
+
+5. Submit your changes for review
+   If you go to your repository on GitHub, you'll see a `Compare & pull request` button. Click on that button.
+6. Start a Pull Request
+7. Now submit the pull request and click on `Create pull request`.
+8. Get a code review approval/reject
+
+</details>
+
+## Setup project
+
+Pingvin Share consists of a frontend and a backend.
+
+### Backend
+
+The backend is built with [Nest.js](https://nestjs.com) and uses Typescript.
+
+#### Setup
+
+1. Open the `backend` folder
+2. Install the dependencies with `npm install`
+3. Push the database schema to the database by running `npx prisma db push`
+4. Seed the database with `npx prisma db seed`
+5. Start the backend with `npm run dev`
+
+### Frontend
+
+The frontend is built with [Next.js](https://nextjs.org) and uses Typescript.
+
+#### Setup
+
+1. Start the backend first
+2. Open the `frontend` folder
+3. Install the dependencies with `npm install`
+4. Start the frontend with `npm run dev`
+
+You're all set!
+
+### Testing
+
+At the moment we only have system tests for the backend. To run these tests, run `npm run test:system` in the backend folder.

docs/docs/help-out/translate.md

@@ -0,0 +1,8 @@
+# Translating
+
+You can help to translate Pingvin Share into your language.
+On [Crowdin](https://crowdin.com/project/pingvin-share) you can easily translate Pingvin Share online.
+
+Is your language not on Crowdin? Feel free to [Request it](https://github.com/stonith404/pingvin-share/issues/new?assignees=&labels=language-request&projects=&template=language-request.yml&title=%F0%9F%8C%90+Language+request%3A+%3Clanguage+name+in+english%3E).
+
+Any issues while translating? Feel free to participate in the [Localization discussion](https://github.com/stonith404/pingvin-share/discussions/198).

docs/docs/introduction.md

@@ -0,0 +1,24 @@
+---
+id: introduction
+---
+
+# Introduction
+Pingvin Share is self-hosted file sharing platform and an alternative for WeTransfer.
+
+## Features
+
+- Share files using a link
+- Unlimited file size (restricted only by disk space)
+- Set an expiration date for shares
+- Secure shares with visitor limits and passwords
+- Email recipients
+- Integration with ClamAV for security scans
+
+And more!
+
+## Get to know Pingvin Share
+
+- [Demo](https://pingvin-share.dev.eliasschneider.com)
+- [Review by DB Tech](https://www.youtube.com/watch?v=rWwNeZCOPJA)
+
+<img src="https://user-images.githubusercontent.com/58886915/225038319-b2ef742c-3a74-4eb6-9689-4207a36842a4.png" width="700"/>

docs/docs/setup/configuration.md

@@ -0,0 +1,28 @@
+---
+id: configuration
+---
+
+# Configuration
+
+You can customize Pingvin Share like changing your domain by going to the configuration page in your admin dashboard `/admin/config`.
+
+#### Environment variables
+
+For installation specific configuration, you can use environment variables. The following variables are available:
+
+##### Backend
+
+| Variable         | Default Value                                      | Description                            |
+| ---------------- | -------------------------------------------------- | -------------------------------------- |
+| `PORT`           | `8080`                                             | The port on which the backend listens. |
+| `DATABASE_URL`   | `file:../data/pingvin-share.db?connection_limit=1` | The URL of the SQLite database.        |
+| `DATA_DIRECTORY` | `./data`                                           | The directory where data is stored.    |
+| `CLAMAV_HOST`    | `127.0.0.1`                                        | The IP address of the ClamAV server.   |
+| `CLAMAV_PORT`    | `3310`                                             | The port number of the ClamAV server.  |
+
+##### Frontend
+
+| Variable  | Default Value           | Description                              |
+| --------- | ----------------------- | ---------------------------------------- |
+| `PORT`    | `3000`                  | The port on which the frontend listens.  |
+| `API_URL` | `http://localhost:8080` | The URL of the backend for the frontend. |

docs/docs/setup/installation.md

@@ -0,0 +1,45 @@
+---
+id: installation
+---
+
+# Installation
+
+### Installation with Docker (recommended)
+
+1. Download the `docker-compose.yml` file
+2. Run `docker compose up -d`
+
+The website is now listening on `http://localhost:3000`, have fun with Pingvin Share 🐧!
+
+### Stand-alone Installation
+
+Required tools:
+
+- [Node.js](https://nodejs.org/en/download/) >= 16
+- [Git](https://git-scm.com/downloads)
+- [pm2](https://pm2.keymetrics.io/) for running Pingvin Share in the background
+
+```bash
+git clone https://github.com/stonith404/pingvin-share
+cd pingvin-share
+
+# Checkout the latest version
+git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
+
+# Start the backend
+cd backend
+npm install
+npm run build
+pm2 start --name="pingvin-share-backend" npm -- run prod
+
+# Start the frontend
+cd ../frontend
+npm install
+npm run build
+API_URL=http://localhost:8080 # Set the URL of the backend, default: http://localhost:8080
+pm2 start --name="pingvin-share-frontend" .next/standalone/server.js
+```
+
+**Uploading Large Files**: By default, Pingvin Share uses a built-in reverse proxy to reduce the installation steps. However, this reverse proxy is not optimized for uploading large files. If you wish to upload larger files, you can either use the Docker installation or set up your own reverse proxy. An example configuration for Caddy can be found in `./Caddyfile`.
+
+The website is now listening on `http://localhost:3000`, have fun with Pingvin Share 🐧!

docs/docs/setup/integrations.md

@@ -0,0 +1,15 @@
+---
+id: integrations
+---
+
+# Integrations
+
+#### ClamAV (Docker only)
+
+ClamAV is used to scan shares for malicious files and remove them if found.
+
+1. Add the ClamAV container to the Docker Compose stack (see `docker-compose.yml`) and start the container.
+2. Docker will wait for ClamAV to start before starting Pingvin Share. This may take a minute or two.
+3. The Pingvin Share logs should now log "ClamAV is active"
+
+Please note that ClamAV needs a lot of [ressources](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).

docs/docs/setup/oauth2login.md

@@ -1,3 +1,7 @@
+---
+id: oauth2login
+---
+
 # OAuth 2 Login Guide
 
 ## Config Built-in OAuth 2 Providers
@@ -24,8 +28,7 @@ Redirect URL: `https://<your-domain>/api/oauth/callback/google`
 
 Please follow the [official guide](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) to register an application.
 
-> [!IMPORTANT]
-> **Microsoft Tenant** you set in the admin panel must match the **supported account types** you set in the Microsoft Entra admin center, otherwise the OAuth login will not work. Refer to the [official documentation](https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#find-your-apps-openid-configuration-document-uri) for more details.
+> [!IMPORTANT] > **Microsoft Tenant** you set in the admin panel must match the **supported account types** you set in the Microsoft Entra admin center, otherwise the OAuth login will not work. Refer to the [official documentation](https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#find-your-apps-openid-configuration-document-uri) for more details.
 
 Redirect URL: `https://<your-domain>/api/oauth/callback/microsoft`
 
@@ -67,8 +70,8 @@ const configVariables: ConfigVariables = {
       defaultValue: "",
       obscured: true,
     },
-  }
-}
+  },
+};
 ```
 
 ### 2. Create provider class
@@ -106,23 +109,29 @@ Register your provider in [`OAuthModule`](../backend/src/oauth/oauth.module.ts)
     // your provider
     {
       provide: "OAUTH_PROVIDERS",
-      useFactory(github: GitHubProvider, /* your provider */): Record<string, OAuthProvider<unknown>> {
+      useFactory(
+        github: GitHubProvider /* your provider */
+      ): Record<string, OAuthProvider<unknown>> {
         return {
           github,
           /* your provider */
         };
       },
-      inject: [GitHubProvider, /* your provider */],
+      inject: [GitHubProvider /* your provider */],
     },
   ],
 })
-export class OAuthModule {
-}
+export class OAuthModule {}
 ```
 
 ```ts
 export interface OAuthSignInDto {
-  provider: 'github' | 'google' | 'microsoft' | 'discord' | 'oidc' /* your provider*/;
+  provider:
+    | "github"
+    | "google"
+    | "microsoft"
+    | "discord"
+    | "oidc" /* your provider*/;
   providerId: string;
   providerUsername: string;
   email: string;
@@ -136,10 +145,10 @@ Add an icon in [`oauth.util.tsx`](../frontend/src/utils/oauth.util.tsx).
 ```tsx
 const getOAuthIcon = (provider: string) => {
   return {
-    'github': <SiGithub />,
+    github: <SiGithub />,
     /* your provider */
   }[provider];
-}
+};
 ```
 
 ### 5. Add i18n text

docs/docs/setup/upgrading.md

@@ -0,0 +1,44 @@
+---
+id: upgrading
+---
+
+# Upgrading
+
+### Upgrade to a new version
+
+As Pingvin Share is in early stage, see the release notes for breaking changes before upgrading.
+
+#### Docker
+
+```bash
+docker compose pull
+docker compose up -d
+```
+
+#### Stand-alone
+
+1. Stop the running app
+   ```bash
+   pm2 stop pingvin-share-backend pingvin-share-frontend
+   ```
+2. Repeat the steps from the [installation guide](#stand-alone-installation) except the `git clone` step.
+
+   ```bash
+   cd pingvin-share
+
+   # Checkout the latest version
+   git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
+
+   # Start the backend
+   cd backend
+   npm install
+   npm run build
+   pm2 restart pingvin-share-backend
+
+   # Start the frontend
+   cd ../frontend
+   npm install
+   npm run build
+   API_URL=http://localhost:8080 # Set the URL of the backend, default: http://localhost:8080
+   pm2 restart pingvin-share-frontend
+   ```

docs/docusaurus.config.ts

@@ -0,0 +1,64 @@
+import type * as Preset from "@docusaurus/preset-classic";
+import type { Config } from "@docusaurus/types";
+import { themes as prismThemes } from "prism-react-renderer";
+
+const config: Config = {
+  title: "Pingvin Share",
+  tagline:
+    "Pingvin Share is self-hosted file sharing platform and an alternative for WeTransfer.",
+  favicon: "img/pingvinshare.svg",
+  
+  url: "https://stonith404.github.io",
+  baseUrl: "/pingvin-share/",
+  organizationName: "stonith404",
+  projectName: "pingvin-share",
+
+  onBrokenLinks: "warn",
+  onBrokenMarkdownLinks: "warn",
+
+  i18n: {
+    defaultLocale: "en",
+    locales: ["en"],
+  },
+
+  presets: [
+    [
+      "classic",
+      {
+        docs: {
+          routeBasePath: "/",
+          sidebarPath: "./sidebars.ts",
+          editUrl: "https://github.com/stonith404/pingvin-share/edit/main/docs",
+        },
+        blog: false,
+      } satisfies Preset.Options,
+    ],
+  ],
+
+  themeConfig: {
+    image: "img/pingvinshare.svg",
+    colorMode:{
+      respectPrefersColorScheme: true,
+    },
+    navbar: {
+      title: "Pingvin Share",
+      logo: {
+        alt: "Pingvin Share Logo",
+        src: "img/pingvinshare.svg",
+      },
+      items: [
+        {
+          href: "https://github.com/stonith404/pingvin-share",
+          label: "GitHub",
+          position: "right",
+        },
+      ],
+    },
+    prism: {
+      theme: prismThemes.github,
+      darkTheme: prismThemes.dracula,
+    },
+  } satisfies Preset.ThemeConfig,
+};
+
+export default config;

docs/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "pingvindocs",
+  "version": "0.0.0",
+  "private": true,
+  "scripts": {
+    "docusaurus": "docusaurus",
+    "start": "docusaurus start",
+    "build": "docusaurus build",
+    "swizzle": "docusaurus swizzle",
+    "deploy": "docusaurus deploy",
+    "clear": "docusaurus clear",
+    "serve": "docusaurus serve",
+    "write-translations": "docusaurus write-translations",
+    "write-heading-ids": "docusaurus write-heading-ids",
+    "typecheck": "tsc"
+  },
+  "dependencies": {
+    "@docusaurus/core": "3.4.0",
+    "@docusaurus/preset-classic": "3.4.0",
+    "@mdx-js/react": "^3.0.0",
+    "clsx": "^2.0.0",
+    "prism-react-renderer": "^2.3.0",
+    "react": "^18.0.0",
+    "react-dom": "^18.0.0"
+  },
+  "devDependencies": {
+    "@docusaurus/module-type-aliases": "3.4.0",
+    "@docusaurus/tsconfig": "3.4.0",
+    "@docusaurus/types": "3.4.0",
+    "typescript": "~5.2.2"
+  },
+  "browserslist": {
+    "production": [
+      ">0.5%",
+      "not dead",
+      "not op_mini all"
+    ],
+    "development": [
+      "last 3 chrome version",
+      "last 3 firefox version",
+      "last 5 safari version"
+    ]
+  },
+  "engines": {
+    "node": ">=18.0"
+  }
+}

docs/sidebars.ts

@@ -0,0 +1,67 @@
+import type { SidebarsConfig } from "@docusaurus/plugin-content-docs";
+
+/**
+ * Creating a sidebar enables you to:
+ - create an ordered group of docs
+ - render a sidebar for each doc of that group
+ - provide next/previous navigation
+
+ The sidebars can be generated from the filesystem, or explicitly defined here.
+
+ Create as many sidebars as you want.
+ */
+const sidebars: SidebarsConfig = {
+  docsSidebar: [
+    {
+      type: "doc",
+      id : "introduction",
+    },
+    {
+      type: "category",
+      label: "Getting Started",
+      items: [
+        {
+          type: "doc",
+          id: "setup/installation",
+        },
+        {
+          type: "doc",
+          id: "setup/configuration",
+        },
+        {
+          type: "doc",
+          id: "setup/integrations",
+        },
+        {
+          type: "doc",
+          id: "setup/oauth2login",
+        },
+        {
+          type: "doc",
+          id: "setup/upgrading",
+        },
+      ],
+    },
+    {
+      type: "category",
+      label: "Helping Out",
+      items: [
+        {
+          type: "doc",
+          id: "help-out/translate",
+        },
+        {
+          type: "doc",
+          id: "help-out/contribute",
+        },
+      ],
+    },
+    {
+      type: "link",
+      label: "Discord",
+      href: "https://discord.gg/HutpbfB59Q",
+    },
+  ],
+};
+
+export default sidebars;

docs/src/pages/index.tsx

@@ -0,0 +1,6 @@
+import React from 'react';
+import  { Redirect } from 'react-router-dom';
+
+export default function Home() {
+  return <Redirect to='/pingvin-share/introduction' />;
+}

docs/static/img/pingvinshare.svg

@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 943.11 911.62"><ellipse cx="471.56" cy="454.28" rx="471.56" ry="454.28" fill="#46509e"/><ellipse cx="471.56" cy="390.28" rx="233.66" ry="207" fill="#37474f"/><path d="M705.22,849c-36.69,21.14-123.09,64.32-240.64,62.57A469.81,469.81,0,0,1,237.89,849V394.76H705.22Z" fill="#37474f"/><path d="M658.81,397.7V873.49a478.12,478.12,0,0,1-374.19,0V397.7c0-95.55,83.78-173,187.1-173S658.81,302.15,658.81,397.7Z" fill="#fff"/><polygon points="565.02 431.68 471.56 514.49 378.09 431.68 565.02 431.68" fill="#46509e"/><ellipse cx="378.09" cy="369.58" rx="23.37" ry="20.7" fill="#37474f"/><ellipse cx="565.02" cy="369.58" rx="23.37" ry="20.7" fill="#37474f"/><path d="M658.49,400.63c0-40-36.6-72.45-81.79-72.45s-81.78,32.41-81.78,72.45a64.79,64.79,0,0,0,7.9,31.05H440.29a64.79,64.79,0,0,0,7.9-31.05c0-40-36.59-72.45-81.78-72.45s-81.79,32.41-81.79,72.45l-46.73-10.35c0-114.31,104.64-207,233.67-207s233.66,92.69,233.66,207Z" fill="#37474f"/></svg>

docs/tsconfig.json

@@ -0,0 +1,7 @@
+{
+  // This file is not used in compilation. It is here just for a nice editor experience.
+  "extends": "@docusaurus/tsconfig",
+  "compilerOptions": {
+    "baseUrl": "."
+  }
+}

frontend/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "pingvin-share-frontend",
-  "version": "0.26.0",
+  "version": "1.0.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "pingvin-share-frontend",
-      "version": "0.26.0",
+      "version": "1.0.1",
       "dependencies": {
         "@emotion/react": "^11.11.4",
         "@emotion/server": "^11.11.0",
@@ -26,7 +26,6 @@
         "mime-types": "^2.1.35",
         "moment": "^2.30.1",
         "next": "^14.2.3",
-        "next-cookies": "^2.0.3",
         "next-http-proxy-middleware": "^1.2.6",
         "next-pwa": "^5.6.0",
         "p-limit": "^4.0.0",
@@ -3146,11 +3145,6 @@
         "tslib": "^2.4.0"
       }
     },
-    "node_modules/@types/cookie": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.3.3.tgz",
-      "integrity": "sha512-LKVP3cgXBT9RYj+t+9FDKwS5tdI+rPBXaNSkma7hvqy35lc7mAokC2zsqWJH0LaqIt3B962nuYI77hsJoT1gow=="
-    },
     "node_modules/@types/eslint": {
       "version": "8.4.1",
       "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",
@@ -7239,14 +7233,6 @@
         }
       }
     },
-    "node_modules/next-cookies": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/next-cookies/-/next-cookies-2.0.3.tgz",
-      "integrity": "sha512-YVCQzwZx+sz+KqLO4y9niHH9jjz6jajlEQbAKfsYVT6DOfngb/0k5l6vFK4rmpExVug96pGag8OBsdSRL9FZhQ==",
-      "dependencies": {
-        "universal-cookie": "^4.0.2"
-      }
-    },
     "node_modules/next-http-proxy-middleware": {
       "version": "1.2.6",
       "resolved": "https://registry.npmjs.org/next-http-proxy-middleware/-/next-http-proxy-middleware-1.2.6.tgz",
@@ -9142,15 +9128,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/universal-cookie": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/universal-cookie/-/universal-cookie-4.0.4.tgz",
-      "integrity": "sha512-lbRVHoOMtItjWbM7TwDLdl8wug7izB0tq3/YVKhT/ahB4VDvWMyvnADfnJI8y6fSvsjh51Ix7lTGC6Tn4rMPhw==",
-      "dependencies": {
-        "@types/cookie": "^0.3.3",
-        "cookie": "^0.4.0"
-      }
-    },
     "node_modules/universalify": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
@@ -11838,11 +11815,6 @@
         "tslib": "^2.4.0"
       }
     },
-    "@types/cookie": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.3.3.tgz",
-      "integrity": "sha512-LKVP3cgXBT9RYj+t+9FDKwS5tdI+rPBXaNSkma7hvqy35lc7mAokC2zsqWJH0LaqIt3B962nuYI77hsJoT1gow=="
-    },
     "@types/eslint": {
       "version": "8.4.1",
       "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",
@@ -14857,14 +14829,6 @@
         "styled-jsx": "5.1.1"
       }
     },
-    "next-cookies": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/next-cookies/-/next-cookies-2.0.3.tgz",
-      "integrity": "sha512-YVCQzwZx+sz+KqLO4y9niHH9jjz6jajlEQbAKfsYVT6DOfngb/0k5l6vFK4rmpExVug96pGag8OBsdSRL9FZhQ==",
-      "requires": {
-        "universal-cookie": "^4.0.2"
-      }
-    },
     "next-http-proxy-middleware": {
       "version": "1.2.6",
       "resolved": "https://registry.npmjs.org/next-http-proxy-middleware/-/next-http-proxy-middleware-1.2.6.tgz",
@@ -16186,15 +16150,6 @@
         "crypto-random-string": "^2.0.0"
       }
     },
-    "universal-cookie": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/universal-cookie/-/universal-cookie-4.0.4.tgz",
-      "integrity": "sha512-lbRVHoOMtItjWbM7TwDLdl8wug7izB0tq3/YVKhT/ahB4VDvWMyvnADfnJI8y6fSvsjh51Ix7lTGC6Tn4rMPhw==",
-      "requires": {
-        "@types/cookie": "^0.3.3",
-        "cookie": "^0.4.0"
-      }
-    },
     "universalify": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share-frontend",
-  "version": "0.26.0",
+  "version": "1.0.1",
   "scripts": {
     "dev": "next dev",
     "build": "next build",
@@ -27,7 +27,6 @@
     "mime-types": "^2.1.35",
     "moment": "^2.30.1",
     "next": "^14.2.3",
-    "next-cookies": "^2.0.3",
     "next-http-proxy-middleware": "^1.2.6",
     "next-pwa": "^5.6.0",
     "p-limit": "^4.0.0",

frontend/src/components/admin/configuration/ConfigurationNavBar.tsx

@@ -11,7 +11,14 @@ import {
 } from "@mantine/core";
 import Link from "next/link";
 import { Dispatch, SetStateAction } from "react";
-import { TbAt, TbMail, TbShare, TbSocial, TbSquare } from "react-icons/tb";
+import {
+  TbAt,
+  TbMail,
+  TbShare,
+  TbSocial,
+  TbSquare,
+  TbBinaryTree,
+} from "react-icons/tb";
 import { FormattedMessage } from "react-intl";
 
 const categories = [
@@ -20,6 +27,7 @@ const categories = [
   { name: "Share", icon: <TbShare /> },
   { name: "SMTP", icon: <TbAt /> },
   { name: "OAuth", icon: <TbSocial /> },
+  { name: "LDAP", icon: <TbBinaryTree /> },
 ];
 
 const useStyles = createStyles((theme) => ({

frontend/src/components/admin/users/ManageUserTable.tsx

@@ -1,4 +1,4 @@
-import { ActionIcon, Box, Group, Skeleton, Table } from "@mantine/core";
+import { ActionIcon, Badge, Box, Group, Skeleton, Table } from "@mantine/core";
 import { useModals } from "@mantine/modals";
 import { TbCheck, TbEdit, TbTrash } from "react-icons/tb";
 import User from "../../../types/user.type";
@@ -40,21 +40,28 @@ const ManageUserTable = ({
             ? skeletonRows
             : users.map((user) => (
                 <tr key={user.id}>
-                  <td>{user.username}</td>
+                  <td>
+                    {user.username}{" "}
+                    {user.isLdap ? (
+                      <Badge style={{ marginLeft: "1em" }}>LDAP</Badge>
+                    ) : null}
+                  </td>
                   <td>{user.email}</td>
                   <td>{user.isAdmin && <TbCheck />}</td>
                   <td>
                     <Group position="right">
-                      <ActionIcon
-                        variant="light"
-                        color="primary"
-                        size="sm"
-                        onClick={() =>
-                          showUpdateUserModal(modals, user, getUsers)
-                        }
-                      >
-                        <TbEdit />
-                      </ActionIcon>
+                      {user.isLdap ? null : (
+                        <ActionIcon
+                          variant="light"
+                          color="primary"
+                          size="sm"
+                          onClick={() =>
+                            showUpdateUserModal(modals, user, getUsers)
+                          }
+                        >
+                          <TbEdit />
+                        </ActionIcon>
+                      )}
                       <ActionIcon
                         variant="light"
                         color="red"

frontend/src/components/auth/SignInForm.tsx

@@ -28,6 +28,19 @@ import toast from "../../utils/toast.util";
 import { safeRedirectPath } from "../../utils/router.util";
 
 const useStyles = createStyles((theme) => ({
+  signInWith: {
+    fontWeight: 500,
+    "&:before": {
+      content: "''",
+      flex: 1,
+      display: "block",
+    },
+    "&:after": {
+      content: "''",
+      flex: 1,
+      display: "block",
+    },
+  },
   or: {
     "&:before": {
       content: "''",
@@ -128,49 +141,58 @@ const SignInForm = ({ redirectPath }: { redirectPath: string }) => {
         </Text>
       )}
       <Paper withBorder shadow="md" p={30} mt={30} radius="md">
-        <form
-          onSubmit={form.onSubmit((values) => {
-            signIn(values.emailOrUsername, values.password);
-          })}
-        >
-          <TextInput
-            label={t("signin.input.email-or-username")}
-            placeholder={t("signin.input.email-or-username.placeholder")}
-            {...form.getInputProps("emailOrUsername")}
-          />
-          <PasswordInput
-            label={t("signin.input.password")}
-            placeholder={t("signin.input.password.placeholder")}
-            mt="md"
-            {...form.getInputProps("password")}
-          />
-          {config.get("smtp.enabled") && (
-            <Group position="right" mt="xs">
-              <Anchor component={Link} href="/auth/resetPassword" size="xs">
-                <FormattedMessage id="resetPassword.title" />
-              </Anchor>
-            </Group>
-          )}
-          <Button fullWidth mt="xl" type="submit">
-            <FormattedMessage id="signin.button.submit" />
-          </Button>
-        </form>
+        {config.get("oauth.disablePassword") || (
+          <form
+            onSubmit={form.onSubmit((values) => {
+              signIn(values.emailOrUsername, values.password);
+            })}
+          >
+            <TextInput
+              label={t("signin.input.email-or-username")}
+              placeholder={t("signin.input.email-or-username.placeholder")}
+              {...form.getInputProps("emailOrUsername")}
+            />
+            <PasswordInput
+              label={t("signin.input.password")}
+              placeholder={t("signin.input.password.placeholder")}
+              mt="md"
+              {...form.getInputProps("password")}
+            />
+            {config.get("smtp.enabled") && (
+              <Group position="right" mt="xs">
+                <Anchor component={Link} href="/auth/resetPassword" size="xs">
+                  <FormattedMessage id="resetPassword.title" />
+                </Anchor>
+              </Group>
+            )}
+            <Button fullWidth mt="xl" type="submit">
+              <FormattedMessage id="signin.button.submit" />
+            </Button>
+          </form>
+        )}
         {oauth.length > 0 && (
-          <Stack mt="xl">
-            <Group align="center" className={classes.or}>
-              <Text>{t("signIn.oauth.or")}</Text>
-            </Group>
+          <Stack mt={config.get("oauth.disablePassword") ? undefined : "xl"}>
+            {config.get("oauth.disablePassword") ? (
+              <Group align="center" className={classes.signInWith}>
+                <Text>{t("signIn.oauth.signInWith")}</Text>
+              </Group>
+            ) : (
+              <Group align="center" className={classes.or}>
+                <Text>{t("signIn.oauth.or")}</Text>
+              </Group>
+            )}
             <Group position="center">
               {oauth.map((provider) => (
                 <Button
                   key={provider}
                   component="a"
-                  target="_blank"
                   title={t(`signIn.oauth.${provider}`)}
                   href={getOAuthUrl(config.get("general.appUrl"), provider)}
                   variant="light"
+                  fullWidth
                 >
                   {getOAuthIcon(provider)}
+                  {"\u2002" + t(`signIn.oauth.${provider}`)}
                 </Button>
               ))}
             </Group>

frontend/src/components/share/FileList.tsx

@@ -39,7 +39,7 @@ const FileList = ({
   const t = useTranslate();
 
   const [sort, setSort] = useState<TableSort>({
-    property: undefined,
+    property: "name",
     direction: "desc",
   });
 

frontend/src/components/share/modals/showCreateReverseShareModal.tsx

@@ -22,6 +22,7 @@ import { getExpirationPreview } from "../../../utils/date.util";
 import toast from "../../../utils/toast.util";
 import FileSizeInput from "../FileSizeInput";
 import showCompletedReverseShareModal from "./showCompletedReverseShareModal";
+import { getCookie, setCookie } from "cookies-next";
 
 const showCreateReverseShareModal = (
   modals: ModalsContextProps,
@@ -61,10 +62,16 @@ const Body = ({
       sendEmailNotification: false,
       expiration_num: 1,
       expiration_unit: "-days",
+      simplified: !!(getCookie("reverse-share.simplified") ?? false),
+      publicAccess: !!(getCookie("reverse-share.public-access") ?? true),
     },
   });
 
   const onSubmit = form.onSubmit(async (values) => {
+    // remember simplified and publicAccess in cookies
+    setCookie("reverse-share.simplified", values.simplified);
+    setCookie("reverse-share.public-access", values.publicAccess);
+
     const expirationDate = moment().add(
       form.values.expiration_num,
       form.values.expiration_unit.replace(
@@ -91,6 +98,8 @@ const Body = ({
         values.maxShareSize,
         values.maxUseCount,
         values.sendEmailNotification,
+        values.simplified,
+        values.publicAccess,
       )
       .then(({ link }) => {
         modals.closeAll();
@@ -210,7 +219,28 @@ const Body = ({
               })}
             />
           )}
-
+          <Switch
+            mt="xs"
+            labelPosition="left"
+            label={t("account.reverseShares.modal.simplified")}
+            description={t(
+              "account.reverseShares.modal.simplified.description",
+            )}
+            {...form.getInputProps("simplified", {
+              type: "checkbox",
+            })}
+          />
+          <Switch
+            mt="xs"
+            labelPosition="left"
+            label={t("account.reverseShares.modal.public-access")}
+            description={t(
+              "account.reverseShares.modal.public-access.description",
+            )}
+            {...form.getInputProps("publicAccess", {
+              type: "checkbox",
+            })}
+          />
           <Button mt="md" type="submit">
             <FormattedMessage id="common.button.create" />
           </Button>

frontend/src/components/upload/modals/showCompletedUploadModal.tsx

@@ -7,12 +7,12 @@ import { FormattedMessage } from "react-intl";
 import useTranslate, {
   translateOutsideContext,
 } from "../../../hooks/useTranslate.hook";
-import { Share } from "../../../types/share.type";
+import { CompletedShare } from "../../../types/share.type";
 import CopyTextField from "../CopyTextField";
 
 const showCompletedUploadModal = (
   modals: ModalsContextProps,
-  share: Share,
+  share: CompletedShare,
   appUrl: string,
 ) => {
   const t = translateOutsideContext();
@@ -25,7 +25,7 @@ const showCompletedUploadModal = (
   });
 };
 
-const Body = ({ share, appUrl }: { share: Share; appUrl: string }) => {
+const Body = ({ share, appUrl }: { share: CompletedShare; appUrl: string }) => {
   const modals = useModals();
   const router = useRouter();
   const t = useTranslate();
@@ -35,6 +35,19 @@ const Body = ({ share, appUrl }: { share: Share; appUrl: string }) => {
   return (
     <Stack align="stretch">
       <CopyTextField link={link} />
+      {share.notifyReverseShareCreator === true && (
+        <Text
+          size="sm"
+          sx={(theme) => ({
+            color:
+              theme.colorScheme === "dark"
+                ? theme.colors.gray[3]
+                : theme.colors.dark[4],
+          })}
+        >
+          {t("upload.modal.completed.notified-reverse-share-creator")}
+        </Text>
+      )}
       <Text
         size="xs"
         sx={(theme) => ({

frontend/src/components/upload/modals/showCreateUploadModal.tsx

@@ -31,6 +31,7 @@ import { FileUpload } from "../../../types/File.type";
 import { CreateShare } from "../../../types/share.type";
 import { getExpirationPreview } from "../../../utils/date.util";
 import React from "react";
+import toast from "../../../utils/toast.util";
 
 const showCreateUploadModal = (
   modals: ModalsContextProps,
@@ -41,12 +42,26 @@ const showCreateUploadModal = (
     allowUnauthenticatedShares: boolean;
     enableEmailRecepients: boolean;
     maxExpirationInHours: number;
+    simplified: boolean;
   },
   files: FileUpload[],
   uploadCallback: (createShare: CreateShare, files: FileUpload[]) => void,
 ) => {
   const t = translateOutsideContext();
 
+  if (options.simplified) {
+    return modals.openModal({
+      title: t("upload.modal.title"),
+      children: (
+        <SimplifiedCreateUploadModalModal
+          options={options}
+          files={files}
+          uploadCallback={uploadCallback}
+        />
+      ),
+    });
+  }
+
   return modals.openModal({
     title: t("upload.modal.title"),
     children: (
@@ -59,6 +74,23 @@ const showCreateUploadModal = (
   });
 };
 
+const generateLink = () =>
+  Buffer.from(Math.random().toString(), "utf8")
+    .toString("base64")
+    .substring(10, 17);
+
+const generateAvailableLink = async (times = 10): Promise<string> => {
+  if (times <= 0) {
+    throw new Error("Could not generate available link");
+  }
+  const _link = generateLink();
+  if (!(await shareService.isShareIdAvailable(_link))) {
+    return await generateAvailableLink(times - 1);
+  } else {
+    return _link;
+  }
+};
+
 const CreateUploadModalBody = ({
   uploadCallback,
   files,
@@ -78,9 +110,7 @@ const CreateUploadModalBody = ({
   const modals = useModals();
   const t = useTranslate();
 
-  const generatedLink = Buffer.from(Math.random().toString(), "utf8")
-    .toString("base64")
-    .substr(10, 7);
+  const generatedLink = generateLink();
 
   const [showNotSignedInAlert, setShowNotSignedInAlert] = useState(true);
 
@@ -202,14 +232,7 @@ const CreateUploadModalBody = ({
             <Button
               style={{ flex: "0 0 auto" }}
               variant="outline"
-              onClick={() =>
-                form.setFieldValue(
-                  "link",
-                  Buffer.from(Math.random().toString(), "utf8")
-                    .toString("base64")
-                    .substr(10, 7),
-                )
-              }
+              onClick={() => form.setFieldValue("link", generateLink())}
             >
               <FormattedMessage id="common.button.generate" />
             </Button>
@@ -429,4 +452,108 @@ const CreateUploadModalBody = ({
   );
 };
 
+const SimplifiedCreateUploadModalModal = ({
+  uploadCallback,
+  files,
+  options,
+}: {
+  files: FileUpload[];
+  uploadCallback: (createShare: CreateShare, files: FileUpload[]) => void;
+  options: {
+    isUserSignedIn: boolean;
+    isReverseShare: boolean;
+    appUrl: string;
+    allowUnauthenticatedShares: boolean;
+    enableEmailRecepients: boolean;
+    maxExpirationInHours: number;
+  };
+}) => {
+  const modals = useModals();
+  const t = useTranslate();
+
+  const [showNotSignedInAlert, setShowNotSignedInAlert] = useState(true);
+
+  const validationSchema = yup.object().shape({
+    name: yup
+      .string()
+      .transform((value) => value || undefined)
+      .min(3, t("common.error.too-short", { length: 3 }))
+      .max(30, t("common.error.too-long", { length: 30 })),
+  });
+
+  const form = useForm({
+    initialValues: {
+      name: undefined,
+      description: undefined,
+    },
+    validate: yupResolver(validationSchema),
+  });
+
+  const onSubmit = form.onSubmit(async (values) => {
+    const link = await generateAvailableLink().catch(() => {
+      toast.error(t("upload.modal.link.error.taken"));
+      return undefined;
+    });
+
+    if (!link) {
+      return;
+    }
+
+    uploadCallback(
+      {
+        id: link,
+        name: values.name,
+        expiration: "never",
+        recipients: [],
+        description: values.description,
+        security: {
+          password: undefined,
+          maxViews: undefined,
+        },
+      },
+      files,
+    );
+    modals.closeAll();
+  });
+
+  return (
+    <Stack>
+      {showNotSignedInAlert && !options.isUserSignedIn && (
+        <Alert
+          withCloseButton
+          onClose={() => setShowNotSignedInAlert(false)}
+          icon={<TbAlertCircle size={16} />}
+          title={t("upload.modal.not-signed-in")}
+          color="yellow"
+        >
+          <FormattedMessage id="upload.modal.not-signed-in-description" />
+        </Alert>
+      )}
+      <form onSubmit={onSubmit}>
+        <Stack align="stretch">
+          <Stack align="stretch">
+            <TextInput
+              variant="filled"
+              placeholder={t(
+                "upload.modal.accordion.name-and-description.name.placeholder",
+              )}
+              {...form.getInputProps("name")}
+            />
+            <Textarea
+              variant="filled"
+              placeholder={t(
+                "upload.modal.accordion.name-and-description.description.placeholder",
+              )}
+              {...form.getInputProps("description")}
+            />
+          </Stack>
+          <Button type="submit" data-autofocus>
+            <FormattedMessage id="common.button.share" />
+          </Button>
+        </Stack>
+      </form>
+    </Stack>
+  );
+};
+
 export default showCreateUploadModal;

frontend/src/i18n/locales.ts

@@ -22,6 +22,7 @@ import ukrainian from "./translations/uk-UA";
 import chineseSimplified from "./translations/zh-CN";
 import chineseTraditional from "./translations/zh-TW";
 import turkish from "./translations/tr-TR";
+import czech from "./translations/cs-CZ";
 
 export const LOCALES = {
   ENGLISH: {
@@ -144,4 +145,9 @@ export const LOCALES = {
     code: "tr-TR",
     messages: turkish,
   },
+  CZECH: {
+    name: "Čeština",
+    code: "cs-CZ",
+    messages: czech,
+  },
 };

frontend/src/i18n/translations/ar-EG.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "إن المصادقة الثنائية ضرورية",
   "signIn.notify.totp-required.description": "فضلًا أدخل رمز المصادقة الثنائية",
   "signIn.oauth.or": "أو",
+  "signIn.oauth.signInWith": "تسجيل الدخول بواسطة تطبيق",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "الحد الأقصى لحجم المشاركة",
   "account.reverseShares.modal.send-email": "أرسل إشعارًا بالبريد",
   "account.reverseShares.modal.send-email.description": "إرسال إشعار بالبريد الإلكتروني عند إنشاء مشاركة باستخدام رابط المشاركة العكسي هذا.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "الحد الأقصى لعدد الاستخدامات",
   "account.reverseShares.modal.max-use.description": "أقصى عدد من المرّات التي يمكن فيها استخدام هذا الرابط لإنشاء مشاركة.",
   "account.reverseShare.never-expires": "لن تنتهي صلاحية هذه المشاركة العكسية أبدًا.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "لن تنتهي صلاحية هذه المشاركة أبدًا.",
   "upload.modal.completed.expires-on": "هذه المشاركة ستنتهي صلاحيتها في {expiration}.",
   "upload.modal.completed.share-ready": "المشاركة جاهزة",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "المشاركة {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "تمت إزالة المشاركة",
   "share.error.not-found.title": "المشاركة غير موجودة",
   "share.error.not-found.description": "المشاركة التي تبحث عنها غير موجودة.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "كلمة السر مطلوبة",
   "share.modal.password.description": "للوصول إلى هذه المشاركة الرجاء إدخال كلمة سر المشاركة.",
   "share.modal.password": "كلمة السر",
@@ -294,8 +302,8 @@ export default {
   "admin.config.general.app-url.description": "الرابط الذي تكون مشاركة Pingvin صالحة عليه",
   "admin.config.general.show-home-page": "إظهار الصفحة الرئيسية",
   "admin.config.general.show-home-page.description": "تحديد ما إذا كان سيتم عرض الصفحة الرئيسية",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "مدة الجلسة",
+  "admin.config.general.session-duration.description": "الوقت بالساعات الذي يجب على المستخدم بعده إعادة تسجيل الدخول (الافتراضي: 3 أشهر).",
   "admin.config.general.logo": "الشعار",
   "admin.config.general.logo.description": "يمكنك تغيير شعارك عن طريق تحميل صورة جديدة. يجب أن تكون الصورة PNG ويجب أن يكون تنسيقها 1:1.",
   "admin.config.general.logo.placeholder": "اختر صورة",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "كلمة السر",
   "admin.config.smtp.password.description": "كلمة السر لخادم الـSMTP",
   "admin.config.smtp.button.test": "إرسال رسالة بريد تجريبية",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "السماح بتسجيل الحسابات الجديدة",
   "admin.config.oauth.allow-registration.description": "السماح للمستخدمين بالدخول بواسطة حساباتهم الاجتماعية",
   "admin.config.oauth.ignore-totp": "تجاهل TOTP",
   "admin.config.oauth.ignore-totp.description": "تجاهل TOTP إذا دخل المستخدم بحسابه الاجتماعي",
+  "admin.config.oauth.disable-password": "تعطيل تسجيل الدخول باستخدام كلمة السر",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "تفعيل خيار الدخول بحساب GitHub",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "رابط الاستكشاف لتطبيق OpenID Connect OAuth",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "طلب اسم المستخدم في رمز معرف OpenID Connect. إذا كنت لا تعرف معنى هذا الإعداد، اتركه فارغًا.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "معرف العميل لتطبيق OpenID Connect OAuth",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "الرّمز السرّي للعميل لتطبيق OpenID Connect OAuth",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "هذه الصفحة غير موجودة.",
   "404.button.home": "أعدني للصفحة الرئيسية",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "حساب {0} هذا مرتبط بالفعل بحساب آخر.",
   "error.msg.not_linked": "لم يتم ربط حساب {0} هذا بأي حساب حتى الآن.",
   "error.msg.unverified_account": "لم يتم التحقق من حساب {0} هذا، يرجى المحاولة مرة أخرى بعد التحقق.",
-  "error.msg.discord_guild_permission_denied": "غير مسموح لك بتسجيل الدخول.",
+  "error.msg.user_not_allowed": "غير مسموح لك بتسجيل الدخول.",
   "error.msg.cannot_get_user_info": "فشلت عملية جلب معلومات المستخدم الخاصة بك من حساب {0} هذا.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/cs-CZ.ts

@@ -0,0 +1,646 @@
+export default {
+  // Navbar
+  "navbar.upload": "Upload",
+  "navbar.signin": "Sign in",
+  "navbar.home": "Home",
+  "navbar.signup": "Sign Up",
+
+  "navbar.links.shares": "My shares",
+  "navbar.links.reverse": "Reverse shares",
+
+  "navbar.avatar.account": "My account",
+  "navbar.avatar.admin": "Administration",
+  "navbar.avatar.signout": "Sign out",
+  // END navbar
+
+  // /
+  "home.title": "A <h>self-hosted</h> file sharing platform.",
+
+  "home.description":
+    "Do you really want to give your personal files in the hand of third parties like WeTransfer?",
+  "home.bullet.a.name": "Self-Hosted",
+  "home.bullet.a.description": "Host Pingvin Share on your own machine.",
+  "home.bullet.b.name": "Privacy",
+  "home.bullet.b.description":
+    "Your files are your files and should never get into the hands of third parties.",
+  "home.bullet.c.name": "No annoying file size limit",
+  "home.bullet.c.description":
+    "Upload as big files as you want. Only your hard drive will be your limit.",
+
+  "home.button.start": "Get started",
+  "home.button.source": "Source code",
+  // END /
+
+  // /auth/signin
+  "signin.title": "Welcome back",
+  "signin.description": "You don't have an account yet?",
+  "signin.button.signup": "Sign up",
+  "signin.input.email-or-username": "Email or username",
+  "signin.input.email-or-username.placeholder": "Your email or username",
+  "signin.input.password": "Password",
+  "signin.input.password.placeholder": "Your password",
+  "signin.button.submit": "Sign in",
+  "signIn.notify.totp-required.title": "Two-factor authentication required",
+  "signIn.notify.totp-required.description":
+    "Please enter your two-factor authentication code",
+  "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
+  "signIn.oauth.github": "GitHub",
+  "signIn.oauth.google": "Google",
+  "signIn.oauth.microsoft": "Microsoft",
+  "signIn.oauth.discord": "Discord",
+  "signIn.oauth.oidc": "OpenID",
+
+  // END /auth/signin
+
+  // /auth/signup
+  "signup.title": "Create an account",
+  "signup.description": "Already have an account?",
+  "signup.button.signin": "Sign in",
+  "signup.input.username": "Username",
+  "signup.input.username.placeholder": "Your username",
+  "signup.input.email": "Email",
+  "signup.input.email.placeholder": "Your email",
+  "signup.button.submit": "Let's get started",
+
+  // END /auth/signup
+
+  // /auth/totp
+  "totp.title": "TOTP Authentication",
+  "totp.button.signIn": "Sign in",
+
+  // END /auth/totp
+
+  // /auth/reset-password
+  "resetPassword.title": "Forgot your password?",
+  "resetPassword.description": "Enter your email to reset your password.",
+  "resetPassword.notify.success":
+    "A message with a link to reset your password has been sent if the email exists.",
+  "resetPassword.button.back": "Back to sign in page",
+  "resetPassword.text.resetPassword": "Reset password",
+  "resetPassword.text.enterNewPassword": "Enter your new password",
+  "resetPassword.input.password": "New password",
+  "resetPassword.notify.passwordReset":
+    "Your password has been reset successfully.",
+
+  // /account
+  "account.title": "My account",
+
+  "account.card.info.title": "Account info",
+  "account.card.info.username": "Username",
+  "account.card.info.email": "Email",
+  "account.notify.info.success": "Account updated successfully",
+
+  "account.card.password.title": "Password",
+  "account.card.password.old": "Old password",
+  "account.card.password.new": "New password",
+  "account.card.password.noPasswordSet":
+    "You don't have a password set. If you want to sign in with email and password you need to set a password.",
+  "account.notify.password.success": "Password changed successfully",
+
+  "account.card.oauth.title": "Social login",
+  "account.card.oauth.github": "GitHub",
+  "account.card.oauth.google": "Google",
+  "account.card.oauth.microsoft": "Microsoft",
+  "account.card.oauth.discord": "Discord",
+  "account.card.oauth.oidc": "OpenID",
+  "account.card.oauth.link": "Link",
+  "account.card.oauth.unlink": "Unlink",
+  "account.card.oauth.unlinked": "Unlinked",
+  "account.modal.unlink.title": "Unlink account",
+  "account.modal.unlink.description":
+    "Unlinking your social accounts may cause you to lose your account if you don't remember your username and password.",
+  "account.notify.oauth.unlinked.success": "Unlinked successfully",
+
+  "account.card.security.title": "Security",
+  "account.card.security.totp.enable.description":
+    "Enter your current password to start enabling TOTP",
+  "account.card.security.totp.disable.description":
+    "Enter your current password to disable TOTP",
+  "account.card.security.totp.button.start": "Start",
+  "account.modal.totp.title": "Enable TOTP",
+  "account.modal.totp.step1": "Step 1: Add your authenticator",
+  "account.modal.totp.step2": "Step 2: Validate your code",
+  "account.modal.totp.enterManually": "Enter manually",
+  "account.modal.totp.code": "Code",
+  "common.button.clickToCopy": "Click to copy",
+  "account.modal.totp.verify": "Verify",
+  "account.notify.totp.disable": "TOTP disabled successfully",
+  "account.notify.totp.enable": "TOTP enabled successfully",
+
+  "account.card.language.title": "Language",
+  "account.card.language.description":
+    "The project is translated by the community. Some languages might be incomplete.",
+  "account.card.color.title": "Color scheme",
+
+  // ThemeSwitcher.tsx
+  "account.theme.dark": "Dark",
+  "account.theme.light": "Light",
+  "account.theme.system": "System",
+
+  "account.button.delete": "Delete Account",
+  "account.modal.delete.title": "Delete Account",
+  "account.modal.delete.description":
+    "Do you really want to delete your account including all your active shares?",
+  // END /account
+
+  // /account/shares
+  "account.shares.title": "My shares",
+  "account.shares.title.empty": "It's empty here 👀",
+  "account.shares.description.empty": "You don't have any shares.",
+  "account.shares.button.create": "Create one",
+
+  "account.shares.info.title": "Share informations",
+  "account.shares.table.id": "ID",
+  "account.shares.table.name": "Name",
+  "account.shares.table.description": "Description",
+  "account.shares.table.visitors": "Visitors",
+  "account.shares.table.expiresAt": "Expires at",
+  "account.shares.table.createdAt": "Created at",
+  "account.shares.table.size": "Size",
+
+  "account.shares.modal.share-informations": "Share informations",
+  "account.shares.modal.share-link": "Share link",
+
+  "account.shares.modal.delete.title": "Delete share {share}",
+  "account.shares.modal.delete.description":
+    "Do you really want to delete this share?",
+
+  // END /account/shares
+
+  // /account/reverseShares
+  "account.reverseShares.title": "Reverse shares",
+  "account.reverseShares.description":
+    "A reverse share allows you to generate a unique URL that allows external users to create a share.",
+
+  "account.reverseShares.title.empty": "It's empty here 👀",
+  "account.reverseShares.description.empty":
+    "You don't have any reverse shares.",
+
+  // showCreateReverseShareModal.tsx
+  "account.reverseShares.modal.title": "Create reverse share",
+  "account.reverseShares.modal.expiration.label": "Expiration",
+  "account.reverseShares.modal.expiration.minute-singular": "Minute",
+  "account.reverseShares.modal.expiration.minute-plural": "Minutes",
+  "account.reverseShares.modal.expiration.hour-singular": "Hour",
+  "account.reverseShares.modal.expiration.hour-plural": "Hours",
+  "account.reverseShares.modal.expiration.day-singular": "Day",
+  "account.reverseShares.modal.expiration.day-plural": "Days",
+  "account.reverseShares.modal.expiration.week-singular": "Week",
+  "account.reverseShares.modal.expiration.week-plural": "Weeks",
+  "account.reverseShares.modal.expiration.month-singular": "Month",
+  "account.reverseShares.modal.expiration.month-plural": "Months",
+  "account.reverseShares.modal.expiration.year-singular": "Year",
+  "account.reverseShares.modal.expiration.year-plural": "Years",
+
+  "account.reverseShares.modal.max-size.label": "Max share size",
+
+  "account.reverseShares.modal.send-email": "Send email notification",
+  "account.reverseShares.modal.send-email.description":
+    "Send an email notification when a share is created with this reverse share link.",
+
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description":
+    "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description":
+    "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
+
+  "account.reverseShares.modal.max-use.label": "Max uses",
+  "account.reverseShares.modal.max-use.description":
+    "The maximum amount of times this URL can be used to create a share.",
+  "account.reverseShare.never-expires": "This reverse share will never expire.",
+  "account.reverseShare.expires-on":
+    "This reverse share will expire on {expiration}.",
+
+  "account.reverseShares.table.no-shares": "No shares created yet",
+  "account.reverseShares.table.count.singular": "share",
+  "account.reverseShares.table.count.plural": "shares",
+  "account.reverseShares.table.shares": "Shares",
+  "account.reverseShares.table.remaining": "Remaining uses",
+  "account.reverseShares.table.max-size": "Max share size",
+  "account.reverseShares.table.expires": "Expires at",
+
+  "account.reverseShares.modal.reverse-share-link": "Reverse share link",
+
+  "account.reverseShares.modal.delete.title": "Delete reverse share",
+  "account.reverseShares.modal.delete.description":
+    "Do you really want to delete this reverse share? If you do, the associated shares will be deleted as well.",
+
+  // END /account/reverseShares
+
+  // /admin
+  "admin.title": "Administration",
+  "admin.button.users": "User management",
+  "admin.button.shares": "Share management",
+  "admin.button.config": "Configuration",
+  "admin.version": "Version",
+  // END /admin
+
+  // /admin/users
+  "admin.users.title": "User management",
+  "admin.users.table.username": "Username",
+  "admin.users.table.email": "Email",
+  "admin.users.table.admin": "Admin",
+
+  "admin.users.edit.update.title": "Update user {username}",
+  "admin.users.edit.update.admin-privileges": "Admin privileges",
+  "admin.users.edit.update.change-password.title": "Change password",
+  "admin.users.edit.update.change-password.field": "New password",
+  "admin.users.edit.update.change-password.button": "Save new password",
+  "admin.users.edit.update.notify.password.success":
+    "Password changed successfully",
+
+  "admin.users.edit.delete.title": "Delete user {username}",
+  "admin.users.edit.delete.description":
+    "Do you really want to delete this user and all his shares?",
+
+  // showCreateUserModal.tsx
+  "admin.users.modal.create.title": "Create user",
+  "admin.users.modal.create.username": "Username",
+  "admin.users.modal.create.email": "Email",
+  "admin.users.modal.create.password": "Password",
+  "admin.users.modal.create.manual-password": "Set password manually",
+  "admin.users.modal.create.manual-password.description":
+    "If not checked, the user will receive an email with a link to set their password.",
+  "admin.users.modal.create.admin": "Admin privileges",
+  "admin.users.modal.create.admin.description":
+    "If checked, the user will be able to access the admin panel.",
+
+  // END /admin/users
+
+  // /admin/shares
+  "admin.shares.title": "Share management",
+  "admin.shares.table.id": "Share ID",
+  "admin.shares.table.username": "Creator",
+  "admin.shares.table.visitors": "Visitors",
+  "admin.shares.table.expires": "Expires At",
+
+  "admin.shares.edit.delete.title": "Delete share {id}",
+  "admin.shares.edit.delete.description":
+    "Do you really want to delete this share?",
+
+  // END /admin/shares
+
+  // /upload
+  "upload.title": "Upload",
+
+  "upload.notify.generic-error":
+    "An error occurred while finishing your share.",
+  "upload.notify.count-failed": "{count} files failed to upload. Trying again.",
+
+  // Dropzone.tsx
+  "upload.dropzone.title": "Upload files",
+  "upload.dropzone.description":
+    "Drag'n'drop files here to start your share. We can accept only files that are less than {maxSize} in total.",
+  "upload.dropzone.notify.file-too-big":
+    "Your files exceed the maximum share size of {maxSize}.",
+
+  // FileList.tsx
+  "upload.filelist.name": "Name",
+  "upload.filelist.size": "Size",
+
+  // showCreateUploadModal.tsx
+  "upload.modal.title": "Create Share",
+  "upload.modal.link.error.invalid":
+    "Can only contain letters, numbers, underscores, and hyphens",
+  "upload.modal.link.error.taken": "This link is already in use",
+  "upload.modal.not-signed-in": "You're not signed in",
+  "upload.modal.not-signed-in-description":
+    "You will be unable to delete your share manually and view the visitor count.",
+
+  "upload.modal.expires.never": "never",
+  "upload.modal.expires.never-long": "Never Expires",
+  "upload.modal.expires.error.too-long":
+    "Expiration exceeds maximum expiration date of {max}.",
+
+  "upload.modal.link.label": "Link",
+  "upload.modal.expires.label": "Expiration",
+  "upload.modal.expires.minute-singular": "Minute",
+  "upload.modal.expires.minute-plural": "Minutes",
+  "upload.modal.expires.hour-singular": "Hour",
+  "upload.modal.expires.hour-plural": "Hours",
+  "upload.modal.expires.day-singular": "Day",
+  "upload.modal.expires.day-plural": "Days",
+  "upload.modal.expires.week-singular": "Week",
+  "upload.modal.expires.week-plural": "Weeks",
+  "upload.modal.expires.month-singular": "Month",
+  "upload.modal.expires.month-plural": "Months",
+  "upload.modal.expires.year-singular": "Year",
+  "upload.modal.expires.year-plural": "Years",
+
+  "upload.modal.accordion.name-and-description.title": "Name and description",
+  "upload.modal.accordion.name-and-description.name.placeholder": "Name",
+  "upload.modal.accordion.name-and-description.description.placeholder":
+    "Note for the recipients of this share",
+
+  "upload.modal.accordion.email.title": "Email recipients",
+  "upload.modal.accordion.email.placeholder": "Enter email recipients",
+  "upload.modal.accordion.email.invalid-email": "Invalid email address",
+
+  "upload.modal.accordion.security.title": "Security options",
+  "upload.modal.accordion.security.password.label": "Password protection",
+  "upload.modal.accordion.security.password.placeholder": "No password",
+  "upload.modal.accordion.security.max-views.label": "Maximum views",
+  "upload.modal.accordion.security.max-views.placeholder": "No limit",
+
+  // showCompletedUploadModal.tsx
+  "upload.modal.completed.never-expires": "This share will never expire.",
+  "upload.modal.completed.expires-on":
+    "This share will expire on {expiration}.",
+  "upload.modal.completed.share-ready": "Share ready",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
+
+  // END /upload
+
+  // /share/[id]
+  "share.title": "Share {shareId}",
+  "share.description": "Look what I've shared with you!",
+  "share.error.visitor-limit-exceeded.title": "Visitor limit exceeded",
+  "share.error.visitor-limit-exceeded.description":
+    "The visitor limit from this share has been exceeded.",
+  "share.error.removed.title": "Share removed",
+  "share.error.not-found.title": "Share not found",
+  "share.error.not-found.description":
+    "The share you're looking for doesn't exist.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
+
+  "share.modal.password.title": "Password required",
+  "share.modal.password.description":
+    "To access this share please enter the password for the share.",
+  "share.modal.password": "Password",
+  "share.modal.error.invalid-password": "Invalid password",
+
+  "share.button.download-all": "Download all",
+  "share.notify.download-all-preparing":
+    "The share is preparing. Try again in a few minutes.",
+
+  "share.modal.file-link": "File link",
+  "share.table.name": "Name",
+  "share.table.size": "Size",
+
+  "share.modal.file-preview.error.not-supported.title": "Preview not supported",
+  "share.modal.file-preview.error.not-supported.description":
+    "A preview for this file type is unsupported. Please download the file to view it.",
+
+  // END /share/[id]
+
+  // /share/[id]/edit
+  "share.edit.title": "Edit {shareId}",
+  "share.edit.append-upload": "Append file",
+  "share.edit.notify.generic-error":
+    "An error occurred while finishing your share.",
+  "share.edit.notify.save-success": "Share updated successfully",
+  // END /share/[id]/edit
+
+  // /admin/config
+  "admin.config.title": "Configuration",
+  "admin.config.category.general": "General",
+  "admin.config.category.share": "Share",
+  "admin.config.category.email": "Email",
+  "admin.config.category.smtp": "SMTP",
+  "admin.config.category.oauth": "Social Login",
+
+  "admin.config.general.app-name": "App name",
+  "admin.config.general.app-name.description": "Name of the application",
+  "admin.config.general.app-url": "App URL",
+  "admin.config.general.app-url.description":
+    "On which URL Pingvin Share is available",
+  "admin.config.general.show-home-page": "Show home page",
+  "admin.config.general.show-home-page.description":
+    "Whether to show the home page",
+  "admin.config.general.session-duration": "Session Duration",
+  "admin.config.general.session-duration.description":
+    "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.logo": "Logo",
+  "admin.config.general.logo.description":
+    "Change your logo by uploading a new image. The image must be a PNG and should have the format 1:1.",
+  "admin.config.general.logo.placeholder": "Pick image",
+
+  "admin.config.email.enable-share-email-recipients":
+    "Enable share email recipients",
+  "admin.config.email.enable-share-email-recipients.description":
+    "Whether to allow emails to share recipients. Only enable this if you have enabled SMTP.",
+  "admin.config.email.share-recipients-subject": "Share recipients subject",
+  "admin.config.email.share-recipients-subject.description":
+    "Subject of the email which gets sent to the share recipients.",
+  "admin.config.email.share-recipients-message": "Share recipients message",
+  "admin.config.email.share-recipients-message.description":
+    "Message which gets sent to the share recipients. Available variables:\n {creator} - The username of the creator of the share\n {shareUrl} - The URL of the share\n {desc} - The description of the share\n {expires} - The expiration date of the share\n The variables will be replaced with the actual value.",
+  "admin.config.email.reverse-share-subject": "Reverse share subject",
+  "admin.config.email.reverse-share-subject.description":
+    "Subject of the email which gets sent when someone created a share with your reverse share link.",
+  "admin.config.email.reverse-share-message": "Reverse share message",
+  "admin.config.email.reverse-share-message.description":
+    "Message which gets sent when someone created a share with your reverse share link. {shareUrl} will be replaced with the creator's name and the share URL.",
+  "admin.config.email.reset-password-subject": "Reset password subject",
+  "admin.config.email.reset-password-subject.description":
+    "Subject of the email which gets sent when a user requests a password reset.",
+  "admin.config.email.reset-password-message": "Reset password message",
+  "admin.config.email.reset-password-message.description":
+    "Message which gets sent when a user requests a password reset. {url} will be replaced with the reset password URL.",
+  "admin.config.email.invite-subject": "Invite subject",
+  "admin.config.email.invite-subject.description":
+    "Subject of the email which gets sent when an admin invites a user.",
+  "admin.config.email.invite-message": "Invite message",
+  "admin.config.email.invite-message.description":
+    "Message which gets sent when an admin invites a user. {url} will be replaced with the invite URL and {password} with the password.",
+
+  "admin.config.share.allow-registration": "Allow registration",
+  "admin.config.share.allow-registration.description":
+    "Whether registration is allowed",
+  "admin.config.share.allow-unauthenticated-shares":
+    "Allow unauthenticated shares",
+  "admin.config.share.allow-unauthenticated-shares.description":
+    "Whether unauthenticated users can create shares",
+  "admin.config.share.max-expiration": "Max expiration",
+  "admin.config.share.max-expiration.description":
+    "Maximum share expiration in hours. Set to 0 to allow unlimited expiration.",
+  "admin.config.share.max-size": "Max size",
+  "admin.config.share.max-size.description": "Maximum share size in bytes",
+  "admin.config.share.zip-compression-level": "Zip compression level",
+  "admin.config.share.zip-compression-level.description":
+    "Adjust the level to balance between file size and compression speed. Valid values range from 0 to 9, with 0 being no compression and 9 being maximum compression. ",
+  "admin.config.share.chunk-size": "Chunk size",
+  "admin.config.share.chunk-size.description":
+    "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
+  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
+  "admin.config.share.auto-open-share-modal.description":
+    "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+
+  "admin.config.smtp.enabled": "Enabled",
+  "admin.config.smtp.enabled.description":
+    "Whether SMTP is enabled. Only set this to true if you entered the host, port, email, user and password of your SMTP server.",
+  "admin.config.smtp.host": "Host",
+  "admin.config.smtp.host.description": "Host of the SMTP server",
+  "admin.config.smtp.port": "Port",
+  "admin.config.smtp.port.description": "Port of the SMTP server",
+  "admin.config.smtp.email": "Email",
+  "admin.config.smtp.email.description":
+    "Email address which the emails get sent from",
+  "admin.config.smtp.username": "Username",
+  "admin.config.smtp.username.description": "Username of the SMTP server",
+  "admin.config.smtp.password": "Password",
+  "admin.config.smtp.password.description": "Password of the SMTP server",
+  "admin.config.smtp.button.test": "Send test email",
+  "admin.config.smtp.allow-unauthorized-certificates":
+    "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description":
+    "Only set this to true if you need to trust self signed certificates.",
+
+  "admin.config.oauth.allow-registration": "Allow registration",
+  "admin.config.oauth.allow-registration.description":
+    "Allow users to register via social login",
+  "admin.config.oauth.ignore-totp": "Ignore TOTP",
+  "admin.config.oauth.ignore-totp.description":
+    "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description":
+    "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
+  "admin.config.oauth.github-enabled": "GitHub",
+  "admin.config.oauth.github-enabled.description":
+    "Whether GitHub login is enabled",
+  "admin.config.oauth.github-client-id": "GitHub Client ID",
+  "admin.config.oauth.github-client-id.description":
+    "Client ID of the GitHub OAuth app",
+  "admin.config.oauth.github-client-secret": "GitHub Client secret",
+  "admin.config.oauth.github-client-secret.description":
+    "Client secret of the GitHub OAuth app",
+  "admin.config.oauth.google-enabled": "Google",
+  "admin.config.oauth.google-enabled.description":
+    "Whether Google login is enabled",
+  "admin.config.oauth.google-client-id": "Google Client ID",
+  "admin.config.oauth.google-client-id.description":
+    "Client ID of the Google OAuth app",
+  "admin.config.oauth.google-client-secret": "Google Client secret",
+  "admin.config.oauth.google-client-secret.description":
+    "Client secret of the Google OAuth app",
+  "admin.config.oauth.microsoft-enabled": "Microsoft",
+  "admin.config.oauth.microsoft-enabled.description":
+    "Whether Microsoft login is enabled",
+  "admin.config.oauth.microsoft-tenant": "Microsoft Tenant",
+  "admin.config.oauth.microsoft-tenant.description":
+    "Tenant ID of the Microsoft OAuth app\ncommon: Users with both a personal Microsoft account and a work or school account from Microsoft Entra ID can sign in to the application. organizations: Only users with work or school accounts from Microsoft Entra ID can sign in to the application.\nconsumers: Only users with a personal Microsoft account can sign in to the application.\ndomain name of the Microsoft Entra tenant or the tenant ID in GUID format: Only users from a specific Microsoft Entra tenant (directory members with a work or school account or directory guests with a personal Microsoft account) can sign in to the application.",
+  "admin.config.oauth.microsoft-client-id": "Microsoft Client ID",
+  "admin.config.oauth.microsoft-client-id.description":
+    "Client ID of the Microsoft OAuth app",
+  "admin.config.oauth.microsoft-client-secret": "Microsoft Client secret",
+  "admin.config.oauth.microsoft-client-secret.description":
+    "Client secret of the Microsoft OAuth app",
+  "admin.config.oauth.discord-enabled": "Discord",
+  "admin.config.oauth.discord-enabled.description":
+    "Whether Discord login is enabled",
+  "admin.config.oauth.discord-limited-guild": "Discord limited server ID",
+  "admin.config.oauth.discord-limited-guild.description":
+    "Limit signing in to users in a specific server. Leave it blank to disable.",
+  "admin.config.oauth.discord-client-id": "Discord Client ID",
+  "admin.config.oauth.discord-client-id.description":
+    "Client ID of the Discord OAuth app",
+  "admin.config.oauth.discord-client-secret": "Discord Client secret",
+  "admin.config.oauth.discord-client-secret.description":
+    "Client secret of the Discord OAuth app",
+  "admin.config.oauth.oidc-enabled": "OpenID Connect",
+  "admin.config.oauth.oidc-enabled.description":
+    "Whether OpenID Connect login is enabled",
+  "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
+  "admin.config.oauth.oidc-discovery-uri.description":
+    "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
+  "admin.config.oauth.oidc-username-claim.description":
+    "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description":
+    "Must be a valid JMES path referencing an array of roles. " +
+    "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " +
+    "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description":
+    "Role required for general access. Must be present in a user’s roles for them to log in. " +
+    "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description":
+    "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " +
+    "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
+  "admin.config.oauth.oidc-client-id.description":
+    "Client ID of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
+  "admin.config.oauth.oidc-client-secret.description":
+    "Client secret of the OpenID Connect OAuth app",
+
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
+
+  // 404
+  "404.description": "Oops this page doesn't exist.",
+  "404.button.home": "Bring me back home",
+
+  // error
+  "error.title": "Error",
+  "error.description": "Oops!",
+  "error.button.back": "Go back",
+  "error.msg.default": "Something went wrong.",
+  "error.msg.access_denied":
+    "You canceled the authentication process, please try again.",
+  "error.msg.expired_token":
+    "The authentication process took too long, please try again.",
+  "error.msg.invalid_token": "Internal Error",
+  "error.msg.no_user": "User linked to this {0} account doesn't exist.",
+  "error.msg.no_email": "Can't get email address from this {0} account.",
+  "error.msg.already_linked":
+    "This {0} account is already linked to another account.",
+  "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
+  "error.msg.unverified_account":
+    "This {0} account is unverified, please try again after verification.",
+  "error.msg.user_not_allowed":
+    "You are not allowed to sign in.",
+  "error.msg.cannot_get_user_info":
+    "Can not get your user info from this {0} account.",
+  "error.param.provider_github": "GitHub",
+  "error.param.provider_google": "Google",
+  "error.param.provider_microsoft": "Microsoft",
+  "error.param.provider_discord": "Discord",
+  "error.param.provider_oidc": "OpenID Connect",
+
+  // Common translations
+  "common.button.save": "Save",
+  "common.button.create": "Create",
+  "common.button.submit": "Submit",
+  "common.button.delete": "Delete",
+  "common.button.cancel": "Cancel",
+  "common.button.confirm": "Confirm",
+  "common.button.disable": "Disable",
+  "common.button.share": "Share",
+  "common.button.generate": "Generate",
+  "common.button.done": "Done",
+  "common.text.link": "Link",
+  "common.text.navigate-to-link": "Go to the link",
+  "common.text.or": "or",
+  "common.button.go-back": "Go back",
+  "common.button.go-home": "Go home",
+  "common.notify.copied": "Your link was copied to the clipboard",
+  "common.success": "Success",
+
+  "common.error": "Error",
+  "common.error.unknown": "An unknown error occurred",
+  "common.error.invalid-email": "Invalid email address",
+  "common.error.too-short": "Must be at least {length} characters",
+  "common.error.too-long": "Must be at most {length} characters",
+  "common.error.exact-length": "Must be exactly {length} characters",
+  "common.error.invalid-number": "Must be a number",
+  "common.error.field-required": "This field is required",
+};

frontend/src/i18n/translations/da-DK.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "2-faktor login påkrævet",
   "signIn.notify.totp-required.description": "Indtast den aktuelle engangskode fra din 2-faktor Authenticator",
   "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Maksimal størrelse for deling",
   "account.reverseShares.modal.send-email": "Send e-mail notifikation",
   "account.reverseShares.modal.send-email.description": "Send en e-mail notifikation, når der oprettes en deling med dette omvendte delingslink.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Maksimal anvendelser",
   "account.reverseShares.modal.max-use.description": "Det maksimale antal gange, denne URL kan bruges til at oprette en deling.",
   "account.reverseShare.never-expires": "Denne omvendte deling udløber aldrig.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Denne deling vil aldrig udløbe.",
   "upload.modal.completed.expires-on": "Denne omvendte deling udløber den {expiration}.",
   "upload.modal.completed.share-ready": "Delingen er klar",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Del {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Deling fjernet",
   "share.error.not-found.title": "Delingen blev ikke fundet",
   "share.error.not-found.description": "Den deling, du leder efter, eksisterer ikke.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Adgangskode påkrævet",
   "share.modal.password.description": "For at få adgang til denne deling, indtast venligst adgangskoden til delingen.",
   "share.modal.password": "Adgangskode",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Adgangskode",
   "admin.config.smtp.password.description": "Adgangskoden til SMTP serveren",
   "admin.config.smtp.button.test": "Send test e-mail",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Tillad registrering",
   "admin.config.oauth.allow-registration.description": "Allow users to register via social login",
   "admin.config.oauth.ignore-totp": "Ignore TOTP",
   "admin.config.oauth.ignore-totp.description": "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Whether GitHub login is enabled",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Ups! Denne side findes ikke.",
   "404.button.home": "Gå tilbage",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "This {0} account is already linked to another account.",
   "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
   "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "Du har ikke tilladelse til at logge ind.",
+  "error.msg.user_not_allowed": "Du har ikke tilladelse til at logge ind.",
   "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/de-DE.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Zwei-Faktor-Authentifizierung benötigt",
   "signIn.notify.totp-required.description": "Bitte füge deinen Zwei-Faktor-Authentifizierungscode ein",
   "signIn.oauth.or": "ODER",
+  "signIn.oauth.signInWith": "Anmelden mit",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -72,7 +73,7 @@ export default {
   "account.card.password.title": "Passwort",
   "account.card.password.old": "Altes Passwort",
   "account.card.password.new": "Neues Passwort",
-  "account.card.password.noPasswordSet": "Du hast kein Passwort erstellt. Wenn Du Dich mit E-Mail und Passwort anmelden möchtest, musst Du ein Passwort festlegen.",
+  "account.card.password.noPasswordSet": "Du hast kein Passwort erstellt. Wenn du dich mit E-Mail und Passwort anmelden möchtest, musst du ein Passwort festlegen.",
   "account.notify.password.success": "Passwort erfolgreich geändert",
   "account.card.oauth.title": "Anmeldung über soziale Netzwerke",
   "account.card.oauth.github": "GitHub",
@@ -84,7 +85,7 @@ export default {
   "account.card.oauth.unlink": "Verknüpfung aufheben",
   "account.card.oauth.unlinked": "Verknüpfung aufgehoben",
   "account.modal.unlink.title": "Kontoverknüpfung aufheben",
-  "account.modal.unlink.description": "Das Entfernen der Verknüpfung mit Deinem sozialen Konten kann dazu führen, dass Du Dein Konto verlierst, wenn Du Dich nicht an Deinen Benutzernamen und Dein Passwort erinnerst.",
+  "account.modal.unlink.description": "Das Entfernen der Verknüpfung mit deinem sozialen Konten kann dazu führen, dass du dein Konto verlierst, wenn du dich nicht an deinen Benutzernamen und dein Passwort erinnerst.",
   "account.notify.oauth.unlinked.success": "Verknüpfung erfolgreich aufgehoben",
   "account.card.security.title": "Sicherheit",
   "account.card.security.totp.enable.description": "Gib dein aktuelles Passwort ein, um TOTP zu aktivieren",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Max. Freigabengröße",
   "account.reverseShares.modal.send-email": "Email Benachrichtigung senden",
   "account.reverseShares.modal.send-email.description": "Sendet eine Email Benachrichtigung, wenn eine Datei auf einer externen Freigabe hochgeladen wurde.",
+  "account.reverseShares.modal.simplified": "Einfacher Modus",
+  "account.reverseShares.modal.simplified.description": "Mache es der Person einfach, die die Datei hochlädt, sie mit Dir zu teilen. Sie können nur den Namen und die Beschreibung der Freigabe ändern.",
+  "account.reverseShares.modal.public-access": "Öffentlicher Zugriff",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Maximale Nutzungen",
   "account.reverseShares.modal.max-use.description": "Die maximale Anzahl von Verwendungen der URL, um Dateien hochzuladen.",
   "account.reverseShare.never-expires": "Diese externe Freigabe wird nicht ablaufen.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Diese Freigabe läuft niemals ab.",
   "upload.modal.completed.expires-on": "Diese Freigabe wird am {expiration} ablaufen.",
   "upload.modal.completed.share-ready": "Freigabe bereit",
+  "upload.modal.completed.notified-reverse-share-creator": "Wir haben den Ersteller der externen Freigabe benachrichtigt. Du kannst den Link auch auf andere Wege teilen.",
   // END /upload
   // /share/[id]
   "share.title": "Freigabe {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Freigabe entfernt",
   "share.error.not-found.title": "Freigabe nicht gefunden",
   "share.error.not-found.description": "Die gesuchte Freigabe existiert nicht.",
+  "share.error.access-denied.title": "Private Freigabe",
+  "share.error.access-denied.description": "Das aktuelle Konto hat keine Berechtigung, um auf diese Freigabe zuzugreifen",
   "share.modal.password.title": "Passwort erforderlich",
   "share.modal.password.description": "Um auf diese Freigabe zuzugreifen, gib bitte das Passwort für die Freigabe ein.",
   "share.modal.password": "Passwort",
@@ -300,7 +308,7 @@ export default {
   "admin.config.general.logo.description": "Ändere dein Logo durch Hochladen eines Bildes. Das Bild muss im PNG-Format vorliegen und sollte mit Seitenverhältnis 1:1 sein.",
   "admin.config.general.logo.placeholder": "Bild auswählen",
   "admin.config.email.enable-share-email-recipients": "Erlaube das Teilen der Freigabe via Email",
-  "admin.config.email.enable-share-email-recipients.description": "Gibt an, ob Emails an Freigabe-Empfänger ermöglicht werden sollen. Aktiviere dies nur, wenn Du SMTP aktivierst hast.",
+  "admin.config.email.enable-share-email-recipients.description": "Gibt an, ob Emails an Freigabe-Empfänger ermöglicht werden sollen. Aktiviere dies nur, wenn du SMTP aktivierst hast.",
   "admin.config.email.share-recipients-subject": "Betreff für Freigabe-Empfänger",
   "admin.config.email.share-recipients-subject.description": "Betreff der E-Mail, die an die Freigabe-Empfänger gesendet wird.",
   "admin.config.email.share-recipients-message": "Nachricht für Freigabe-Empfänger",
@@ -329,10 +337,10 @@ export default {
   "admin.config.share.zip-compression-level.description": "Passe den Wert an, um ein Gleichgewicht zwischen Dateigröße und Komprimierungsgeschwindigkeit herzustellen. Gültige Werte liegen zwischen 0 und 9, wobei 0 für keine Komprimierung und 9 für maximale Komprimierung steht.",
   "admin.config.share.chunk-size": "Chunkgröße",
   "admin.config.share.chunk-size.description": "Passe die Chunkgröße (in Bytes) für deine Uploads an, um die Zuverlässigkeit deiner Internetverbindung auszugleichen. Kleinere Chunks können die Erfolgsraten für instabile Verbindungen verbessern, während größere Chunks Uploads für stabile Verbindungen beschleunigen können.",
-  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.auto-open-share-modal": "Freigabe-Fenster automatisch öffnen",
+  "admin.config.share.auto-open-share-modal.description": "Das Freigabe-Fenster erscheint automatisch, sobald ein Benutzer Dateien ausgewählt hat, ohne extra auf den Button klicken zu müssen.",
   "admin.config.smtp.enabled": "Aktiviert",
-  "admin.config.smtp.enabled.description": "Gibt an, ob SMTP aktiviert ist. Aktiviere dies nur, wenn Du den Host, den Port, die Email, den Benutzernamen und das Passwort deines SMTP-Servers eingegeben hast.",
+  "admin.config.smtp.enabled.description": "Gibt an, ob SMTP aktiviert ist. Aktiviere dies nur, wenn du den Host, den Port, die Email, den Benutzernamen und das Passwort deines SMTP-Servers eingegeben hast.",
   "admin.config.smtp.host": "Host",
   "admin.config.smtp.host.description": "Host des SMTP-Servers",
   "admin.config.smtp.port": "Port",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Passwort",
   "admin.config.smtp.password.description": "Passwort des SMTP-Servers",
   "admin.config.smtp.button.test": "Test-E-Mail senden",
+  "admin.config.smtp.allow-unauthorized-certificates": "Vertrauen von nicht authentifizierten SMTP-Server-Zertifikaten",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Verwenden Sie diese Option nur, wenn Sie selbst signierten Zertifikaten vertrauen müssen.",
   "admin.config.oauth.allow-registration": "Registrierung erlauben",
   "admin.config.oauth.allow-registration.description": "Benutzern erlauben, sich über Soziale Netzwerke zu registrieren",
   "admin.config.oauth.ignore-totp": "TOTP ignorieren",
   "admin.config.oauth.ignore-totp.description": "Gibt an, ob TOTP ignoriert werden soll, wenn sich der Benutzer über Soziale Netzwerke anmeldet",
+  "admin.config.oauth.disable-password": "Anmelden mit Passwort deaktivieren",
+  "admin.config.oauth.disable-password.description": "Deaktiviert das Anmelden mit Passwort\nStelle vor Aktivierung dieser Konfiguration sicher, dass ein OAuth-Provider korrekt konfiguriert ist, um nicht ausgesperrt zu werden.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "GitHub Anmeldung erlaubt",
   "admin.config.oauth.github-client-id": "GitHub Client-ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery-URL der OpenID OAuth App",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect Benutzername anfordern",
   "admin.config.oauth.oidc-username-claim.description": "Benutzername im OpenID Token. Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Muss ein valider JMES-Pfad sein, der zu einem Array an Rollen führt. " + "Die Zugangsverwaltung über Rollen in OpenID Connect ist nur empfohlen, wenn kein anderer Identitätsprovider konfiguriert und die Anmeldung per Password deaktiviert ist. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Rolle für generellen Zugriff. Muss Teil der Rollen eines Benutzers sein, damit dieser sich anmelden kann. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect Rolle für Admin-Zugriff",
+  "admin.config.oauth.oidc-role-admin-access.description": "Rolle für administrativen Zugriff. Muss Teil der Rollen eines Benutzers sein, damit dieser auf das Administrator-Panel zugreifen kann. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client-ID",
   "admin.config.oauth.oidc-client-id.description": "Client-ID der OpenID Connect OAuth-App",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client-Secret",
   "admin.config.oauth.oidc-client-secret.description": "Client-Secret der OpenID Connect OAuth-App",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Ups, diese Seite existiert nicht.",
   "404.button.home": "Zurück zur Startseite",
@@ -401,8 +433,8 @@ export default {
   "error.msg.no_email": "Kann die E-Mail-Adresse von dem Konto {0} nicht abrufen.",
   "error.msg.already_linked": "Das Konto {0} ist bereits mit einem anderen Konto verknüpft.",
   "error.msg.not_linked": "Das Konto {0} wurde noch nicht mit einem Konto verknüpft.",
-  "error.msg.unverified_account": "Dieses Konto {0} wurde noch nicht verifiziert, bitte versuchen Sie es nach der Verifikation erneut.",
-  "error.msg.discord_guild_permission_denied": "Du bist nicht berechtigt, Dich anzumelden.",
+  "error.msg.unverified_account": "Dieses Konto {0} wurde noch nicht verifiziert, bitte versuche es nach der Verifikation erneut.",
+  "error.msg.user_not_allowed": "Du bist nicht berechtigt, dich anzumelden.",
   "error.msg.cannot_get_user_info": "Deine Benutzerinformationen können nicht von diesem Konto {0} abgerufen werden.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/el-GR.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Απαιτείται έλεγχος ταυτότητας δύο παραγόντων.",
   "signIn.notify.totp-required.description": "Παρακαλώ εισάγετε τον κωδικό 2FA.",
   "signIn.oauth.or": "Ή",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Μέγιστο μέγεθος κοινοποίησης",
   "account.reverseShares.modal.send-email": "Αποστολή ειδοποιήσεων με email",
   "account.reverseShares.modal.send-email.description": "Στείλτε μια ειδοποίηση μέσω ηλεκτρονικού ταχυδρομείου όταν δημιουργείται ένας διαμοιρασμός με αυτόν τον σύνδεσμο ανάστροφης κοινοποίησης.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Μέγιστες χρήσεις",
   "account.reverseShares.modal.max-use.description": "Ο μέγιστος αριθμός που μπορεί να χρησιμοποιηθεί αυτό το URL για τη δημιουργία ενός διαμοιρασμού.",
   "account.reverseShare.never-expires": "Αυτός ο αντίστροφος διαμοιρασμός δε λήγει.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Αυτός ο διαμοιρασμός δεν λήγει.",
   "upload.modal.completed.expires-on": "Αυτός ο διαμοιρασμός θα λήξει {expiration}.",
   "upload.modal.completed.share-ready": "Κοινοποίηση έτοιμου",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Διαμοιρασμός {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Κοινοποίηση αφαιρέθηκε",
   "share.error.not-found.title": "Η κοινοποίηση δε βρέθηκε",
   "share.error.not-found.description": "Η κοινοποίηση που ψάχνετε δεν υπάρχει.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Απαιτείται κωδικός",
   "share.modal.password.description": "Για να αποκτήσετε πρόσβαση σε αυτή την κοινοποίηση εισάγετε τον κωδικό πρόσβασης.",
   "share.modal.password": "Κωδικός πρόσβασης",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Κωδικός πρόσβασης",
   "admin.config.smtp.password.description": "Κωδικός πρόσβασης στον εξυπηρετητή SMTP",
   "admin.config.smtp.button.test": "Αποστολή δοκιμαστικού email",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Να επιτρέπεται η εγγραφή",
   "admin.config.oauth.allow-registration.description": "Επιτρέψτε στους χρήστες να εγγραφούν μέσω λογαριασμών κοινωνικής δικτύωσης",
   "admin.config.oauth.ignore-totp": "Παράβλεψη TOTP",
   "admin.config.oauth.ignore-totp.description": "Αν θα αγνοηθεί το TOTP όταν ο χρήστης χρησιμοποιεί την κοινωνική σύνδεση",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Αν είναι ενεργοποιημένη η σύνδεση GitHub",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Αφήστε κενό αν δε γνωρίζετε για αυτή τη ρύθμιση",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Ουπς. Αυτή η σελίδα δεν υπάρχει.",
   "404.button.home": "Πήγαινέ με πίσω",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Αυτός ο λογαριασμός {0} είναι ήδη συνδεδεμένος με άλλο λογαριασμό.",
   "error.msg.not_linked": "Αυτός ο λογαριασμός {0} δεν έχει συνδεθεί με κανένα λογαριασμό ακόμα.",
   "error.msg.unverified_account": "Αυτός ο λογαριασμός {0} δεν έχει επαληθευτεί, παρακαλώ προσπαθήστε ξανά μετά την επαλήθευση.",
-  "error.msg.discord_guild_permission_denied": "Δεν σας επιτρέπεται η σύνδεση.",
+  "error.msg.user_not_allowed": "Δεν σας επιτρέπεται η σύνδεση.",
   "error.msg.cannot_get_user_info": "Δεν είναι δυνατή η λήψη των πληροφοριών χρήστη από αυτόν τον λογαριασμό {0}.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/en-US.ts

@@ -44,6 +44,7 @@ export default {
   "signIn.notify.totp-required.description":
     "Please enter your two-factor authentication code",
   "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -198,6 +199,14 @@ export default {
   "account.reverseShares.modal.send-email.description":
     "Send an email notification when a share is created with this reverse share link.",
 
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description":
+    "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description":
+    "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
+
   "account.reverseShares.modal.max-use.label": "Max uses",
   "account.reverseShares.modal.max-use.description":
     "The maximum amount of times this URL can be used to create a share.",
@@ -341,6 +350,7 @@ export default {
   "upload.modal.completed.expires-on":
     "This share will expire on {expiration}.",
   "upload.modal.completed.share-ready": "Share ready",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
 
   // END /upload
 
@@ -354,6 +364,8 @@ export default {
   "share.error.not-found.title": "Share not found",
   "share.error.not-found.description":
     "The share you're looking for doesn't exist.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
 
   "share.modal.password.title": "Password required",
   "share.modal.password.description":
@@ -399,9 +411,8 @@ export default {
   "admin.config.general.show-home-page": "Show home page",
   "admin.config.general.show-home-page.description":
     "Whether to show the home page",
-  "admin.config.general.session-duration": 
-    "Session Duration",
-  "admin.config.general.session-duration.description": 
+  "admin.config.general.session-duration": "Session Duration",
+  "admin.config.general.session-duration.description":
     "Time in hours after which a user must log in again (default: 3 months).",
   "admin.config.general.logo": "Logo",
   "admin.config.general.logo.description":
@@ -435,7 +446,7 @@ export default {
     "Subject of the email which gets sent when an admin invites a user.",
   "admin.config.email.invite-message": "Invite message",
   "admin.config.email.invite-message.description":
-    "Message which gets sent when an admin invites a user. {url} will be replaced with the invite URL and {password} with the password.",
+    "Message which gets sent when an admin invites a user. {url} will be replaced with the invite URL, {email} with the email and {password} with the password of the user.",
 
   "admin.config.share.allow-registration": "Allow registration",
   "admin.config.share.allow-registration.description":
@@ -453,9 +464,11 @@ export default {
   "admin.config.share.zip-compression-level.description":
     "Adjust the level to balance between file size and compression speed. Valid values range from 0 to 9, with 0 being no compression and 9 being maximum compression. ",
   "admin.config.share.chunk-size": "Chunk size",
-  "admin.config.share.chunk-size.description": "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
+  "admin.config.share.chunk-size.description":
+    "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
   "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.auto-open-share-modal.description":
+    "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
 
   "admin.config.smtp.enabled": "Enabled",
   "admin.config.smtp.enabled.description":
@@ -472,6 +485,10 @@ export default {
   "admin.config.smtp.password": "Password",
   "admin.config.smtp.password.description": "Password of the SMTP server",
   "admin.config.smtp.button.test": "Send test email",
+  "admin.config.smtp.allow-unauthorized-certificates":
+    "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description":
+    "Only set this to true if you need to trust self signed certificates.",
 
   "admin.config.oauth.allow-registration": "Allow registration",
   "admin.config.oauth.allow-registration.description":
@@ -479,6 +496,9 @@ export default {
   "admin.config.oauth.ignore-totp": "Ignore TOTP",
   "admin.config.oauth.ignore-totp.description":
     "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description":
+    "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description":
     "Whether GitHub login is enabled",
@@ -530,6 +550,19 @@ export default {
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description":
     "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description":
+    "Must be a valid JMES path referencing an array of roles. " +
+    "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " +
+    "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description":
+    "Role required for general access. Must be present in a user’s roles for them to log in. " +
+    "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description":
+    "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " +
+    "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description":
     "Client ID of the OpenID Connect OAuth app",
@@ -537,6 +570,22 @@ export default {
   "admin.config.oauth.oidc-client-secret.description":
     "Client secret of the OpenID Connect OAuth app",
 
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
+  "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+
   // 404
   "404.description": "Oops this page doesn't exist.",
   "404.button.home": "Bring me back home",
@@ -558,7 +607,7 @@ export default {
   "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
   "error.msg.unverified_account":
     "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied":
+  "error.msg.user_not_allowed":
     "You are not allowed to sign in.",
   "error.msg.cannot_get_user_info":
     "Can not get your user info from this {0} account.",

frontend/src/i18n/translations/es-ES.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Se requiere autenticación de dos factores",
   "signIn.notify.totp-required.description": "Por favor ingrese su código de autenticación de dos factores",
   "signIn.oauth.or": "O",
+  "signIn.oauth.signInWith": "Iniciar sesión con",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Tamaño máximo del compartido",
   "account.reverseShares.modal.send-email": "Enviar notificación por correo",
   "account.reverseShares.modal.send-email.description": "Enviar una notificación por correo cuando se comparta algo con este enlace de compartición inversa.",
+  "account.reverseShares.modal.simplified": "Modo simple",
+  "account.reverseShares.modal.simplified.description": "Facilita que la persona que suba el archivo comparta el mismo contigo. Serán capaces de personalizar sólo el nombre y la descripción de la compartición.",
+  "account.reverseShares.modal.public-access": "Acceso público",
+  "account.reverseShares.modal.public-access.description": "Haz públicas las comparticiones creadas con esta compartición inversa. Si está desactivado, sólo tú y el creador de la compartición pueden verla.",
   "account.reverseShares.modal.max-use.label": "Máximo de usos",
   "account.reverseShares.modal.max-use.description": "Cantidad máxima de veces que esta URL se puede usar para crear un compartido.",
   "account.reverseShare.never-expires": "Esta compartición inversa nunca expirará.",
@@ -169,7 +174,7 @@ export default {
   // /admin
   "admin.title": "Administración",
   "admin.button.users": "Gestión de usuarios",
-  "admin.button.shares": "Share management",
+  "admin.button.shares": "Gestión de comparticiones",
   "admin.button.config": "Configuración",
   "admin.version": "Versión",
   // END /admin
@@ -197,13 +202,13 @@ export default {
   "admin.users.modal.create.admin.description": "Si se marca, el usuario podrá acceder al panel de administrador.",
   // END /admin/users
   // /admin/shares
-  "admin.shares.title": "Share management",
-  "admin.shares.table.id": "Share ID",
-  "admin.shares.table.username": "Creator",
-  "admin.shares.table.visitors": "Visitors",
-  "admin.shares.table.expires": "Expires At",
-  "admin.shares.edit.delete.title": "Delete share {id}",
-  "admin.shares.edit.delete.description": "Do you really want to delete this share?",
+  "admin.shares.title": "Gestión de comparticiones",
+  "admin.shares.table.id": "ID de compartición",
+  "admin.shares.table.username": "Creador",
+  "admin.shares.table.visitors": "Visitantes",
+  "admin.shares.table.expires": "Expira el",
+  "admin.shares.edit.delete.title": "Eliminar compartido {id}",
+  "admin.shares.edit.delete.description": "¿Seguro que quieres eliminar este compartido?",
   // END /admin/shares
   // /upload
   "upload.title": "Subir",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Este compartido nunca expirará.",
   "upload.modal.completed.expires-on": "Este compartido expira en {expiration}.",
   "upload.modal.completed.share-ready": "Compartido listo",
+  "upload.modal.completed.notified-reverse-share-creator": "Hemos notificado al creador de la compartición inversa. También puedes compartir manualmente este enlace con otros a través de otros medios.",
   // END /upload
   // /share/[id]
   "share.title": "Compartido {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Compartido eliminado",
   "share.error.not-found.title": "Compartido no encontrado",
   "share.error.not-found.description": "El compartido que estás buscando no existe.",
+  "share.error.access-denied.title": "Compartición privada",
+  "share.error.access-denied.description": "La cuenta actual no tiene permiso para acceder a este compartido",
   "share.modal.password.title": "Se requiere contraseña",
   "share.modal.password.description": "Por favor ingrese la contraseña para poder acceder a este compartido.",
   "share.modal.password": "Contraseña",
@@ -294,8 +302,8 @@ export default {
   "admin.config.general.app-url.description": "En cuál URL está disponible Pingvin Share",
   "admin.config.general.show-home-page": "Mostrar página de inicio",
   "admin.config.general.show-home-page.description": "Mostrar o no la página de inicio",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "Duración de la sesión",
+  "admin.config.general.session-duration.description": "Tiempo en horas después del cual un usuario debe iniciar sesión de nuevo (por defecto: 3 meses).",
   "admin.config.general.logo": "Logo",
   "admin.config.general.logo.description": "Cambia tu logo subiendo una nueva imagen. La imagen debe ser un PNG y debe estar en formato 1:1.",
   "admin.config.general.logo.placeholder": "Elegir imagen",
@@ -329,8 +337,8 @@ export default {
   "admin.config.share.zip-compression-level.description": "Ajustar el nivel para equilibrar entre el tamaño del archivo y la velocidad de compresión. Los valores válidos van del 0 al 9, siendo 0 sin compresión y 9 el nivel máximo de compresión. ",
   "admin.config.share.chunk-size": "Tamaño de los fragmentos",
   "admin.config.share.chunk-size.description": "Ajusta el tamaño de los fragmentos (en bytes) para tus cargas para equilibrar la eficiencia y la fiabilidad según tu conexión a internet. Fragmentos más pequeños pueden mejorar las tasas de éxito para conexiones inestables, mientras que fragmentos más grandes aceleran las cargas para conexiones estables.",
-  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.auto-open-share-modal": "Auto abrir un modal de creación de compartidos",
+  "admin.config.share.auto-open-share-modal.description": "El modal de creación de compartir aparece automáticamente cuando un usuario selecciona archivos, eliminando la necesidad de hacer clic manualmente en el botón.",
   "admin.config.smtp.enabled": "Habilitado",
   "admin.config.smtp.enabled.description": "Si SMTP está habilitado. Active solo si ha introducido el host, el puerto, el correo, el usuario y la contraseña de su servidor SMTP.",
   "admin.config.smtp.host": "Host",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Contraseña",
   "admin.config.smtp.password.description": "Contraseña del servidor SMTP",
   "admin.config.smtp.button.test": "Enviar correo de prueba",
+  "admin.config.smtp.allow-unauthorized-certificates": "Confiar en certificados de servidor SMTP no autorizados",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Sólo establece esto como verdadero si necesitas confiar en certificados autofirmados.",
   "admin.config.oauth.allow-registration": "Permitir registro",
   "admin.config.oauth.allow-registration.description": "Permitir a los usuarios registrarse mediante login social",
   "admin.config.oauth.ignore-totp": "Ignorar TOTP",
   "admin.config.oauth.ignore-totp.description": "Ignorar TOTP cuando el usuario utiliza inicio de sesión social",
+  "admin.config.oauth.disable-password": "Desactivar el inicio de sesión con contraseña",
+  "admin.config.oauth.disable-password.description": "Al desactivar el inicio de sesión de contraseña\nAsegúrese de que un proveedor de OAuth está configurado correctamente antes de activar esta configuración para evitar ser bloqueado.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Si el inicio de sesión de GitHub está habilitado",
   "admin.config.oauth.github-client-id": "ID del Cliente de GitHub",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Debe ser una ruta JMES válida que haga referencia a un array de roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Déjalo en blanco si no sabe lo que es esta configuración.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Rol requerido para acceso general. Debe estar presente en los roles de un usuario para que inicie sesión. " + "Déjalo en blanco si no sabe lo que es esta configuración.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Rol requerido para el acceso administrativo. Debe estar presente en los roles de un usuario para acceder al panel de administración. " + "Déjalo en blanco si no sabe lo que es esta configuración.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Oops esta página no existe.",
   "404.button.home": "Regrésame al inicio",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Esta cuenta {0} ya está vinculada a otra cuenta.",
   "error.msg.not_linked": "Esta cuenta {0} aún no ha sido vinculada a ninguna cuenta.",
   "error.msg.unverified_account": "Esta cuenta {0} no está verificada, por favor inténtalo de nuevo después de la verificación.",
-  "error.msg.discord_guild_permission_denied": "No tienes permitido iniciar sesion.",
+  "error.msg.user_not_allowed": "No tienes permitido iniciar sesion.",
   "error.msg.cannot_get_user_info": "No se puede obtener la información de usuario de la cuenta {0}.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/fi-FI.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Kaksivaiheinen tunnistautuminen vaadittu",
   "signIn.notify.totp-required.description": "Syötä kaksivaiheisen tunnistautumisen koodi tähän",
   "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Suurin tiedostonkoko",
   "account.reverseShares.modal.send-email": "Lähetä sähköposti-ilmoitus",
   "account.reverseShares.modal.send-email.description": "Lähetä sähköpostiilmoitus kun jako on luotu tällä käänteisellä jakolinkillä.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Käyttökertoja enintään",
   "account.reverseShares.modal.max-use.description": "Enimmäismäärä kertoja, joilla tämä URL-osoite voidaan käyttää joita luomiseen.",
   "account.reverseShare.never-expires": "Tämä käänteinen jako ei koskaan vanhene.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Tämä käänteinen jako ei koskaan vanhene.",
   "upload.modal.completed.expires-on": "Tämä käänteinen jako vanhenee kun on {expiration}.",
   "upload.modal.completed.share-ready": "Jako valmiina",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Jaa {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Jako poistettu",
   "share.error.not-found.title": "Jakoa ei löydetty",
   "share.error.not-found.description": "Etsimääsi sivua ei ole olemassa.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Salasana vaaditaan",
   "share.modal.password.description": "Päästäksesi käsiksi tähän jakoon anna jaon salasana.",
   "share.modal.password": "Salasana",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Salasana",
   "admin.config.smtp.password.description": "SMTP palvelimen salasana",
   "admin.config.smtp.button.test": "Lähetä testisähköposti",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Allow registration",
   "admin.config.oauth.allow-registration.description": "Allow users to register via social login",
   "admin.config.oauth.ignore-totp": "Ignore TOTP",
   "admin.config.oauth.ignore-totp.description": "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Whether GitHub login is enabled",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Hups tätä sivua ei ole olemassa.",
   "404.button.home": "Tuo minut takaisin kotiin",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "This {0} account is already linked to another account.",
   "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
   "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
   "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/fr-FR.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Une authentification à deux facteurs est requise",
   "signIn.notify.totp-required.description": "Veuillez entrer votre code d'authentification à deux facteurs",
   "signIn.oauth.or": "OU",
+  "signIn.oauth.signInWith": "Se connecter avec",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Taille maximale du partage",
   "account.reverseShares.modal.send-email": "Envoyer un courriel de notification",
   "account.reverseShares.modal.send-email.description": "Envoyer une notification par courriel lorsqu'un partage est créé depuis ce partage inversé.",
+  "account.reverseShares.modal.simplified": "Mode simple",
+  "account.reverseShares.modal.simplified.description": "Simplifiez la tâche de la personne qui télécharge le fichier pour le partager avec vous. Ils ne pourront personnaliser que le nom et la description du partage.",
+  "account.reverseShares.modal.public-access": "Accès public",
+  "account.reverseShares.modal.public-access.description": "Rendre les partages créés avec ce partage inversé public. Si désactivé, seul vous et le créateur du partage pouvez le voir.",
   "account.reverseShares.modal.max-use.label": "Nombre d'utilisation max",
   "account.reverseShares.modal.max-use.description": "Le nombre maximal de fois que cette URL peut être utilisée pour créer un partage.",
   "account.reverseShare.never-expires": "Ce partage inversé n'expirera jamais.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Ce partage n’expirera jamais.",
   "upload.modal.completed.expires-on": "Ce partage expirera le {expiration}.",
   "upload.modal.completed.share-ready": "Partage prêt",
+  "upload.modal.completed.notified-reverse-share-creator": "Nous avons notifié le créateur du partage inverse. Vous pouvez également partager manuellement ce lien avec eux par d'autres moyens.",
   // END /upload
   // /share/[id]
   "share.title": "Partage {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Partage supprimé",
   "share.error.not-found.title": "Partage introuvable",
   "share.error.not-found.description": "Le partage que vous cherchez n’existe pas.",
+  "share.error.access-denied.title": "Partage privé",
+  "share.error.access-denied.description": "Le compte actuel n'a pas la permission d'accéder à ce partage",
   "share.modal.password.title": "Mot de passe requis",
   "share.modal.password.description": "Pour accéder à ce partage, veuillez entrer le mot de passe du partage.",
   "share.modal.password": "Mot de passe",
@@ -294,8 +302,8 @@ export default {
   "admin.config.general.app-url.description": "Depuis quel URL le partage Pingvin est disponible",
   "admin.config.general.show-home-page": "Afficher la page d’accueil",
   "admin.config.general.show-home-page.description": "Afficher ou non la page d’accueil",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "Durée de la session",
+  "admin.config.general.session-duration.description": "Nombre d’heures après lesquelles un utilisateur doit se reconnecter (par défaut : 3 mois).",
   "admin.config.general.logo": "Logo",
   "admin.config.general.logo.description": "Changez de logo en envoyant une nouvelle image. L’image doit être au format PNG et doit avoir un ratio 1:1.",
   "admin.config.general.logo.placeholder": "Sélectionner une image",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Mot de passe",
   "admin.config.smtp.password.description": "Mot de passe du serveur SMTP",
   "admin.config.smtp.button.test": "Envoyer un courriel de test",
+  "admin.config.smtp.allow-unauthorized-certificates": "Faire confiance aux certificats de serveurs SMTP non autorisés",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Ne permettez ceci que si vous avez besoin de faire confiance aux certificats autosignés.",
   "admin.config.oauth.allow-registration": "Autoriser l’inscription",
   "admin.config.oauth.allow-registration.description": "Permettre aux utilisateurs de s’inscrire via leur identifiant social",
   "admin.config.oauth.ignore-totp": "Ignorer TOTP",
   "admin.config.oauth.ignore-totp.description": "Ignorer le TOTP lorsque l’utilisateur utilise un identifiant social.",
+  "admin.config.oauth.disable-password": "Désactiver la connexion par mot de passe",
+  "admin.config.oauth.disable-password.description": "Désactive la connexion par mot de passe\nAssurez-vous qu’un fournisseur OAuth soit correctement configuré avant d’activer cette configuration pour éviter d'être enfermé.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Permettre la connexion via GitHub.",
   "admin.config.oauth.github-client-id": "ID client de GitHub",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "L’URI de découverte de la connexion à l'application OpenID OAuth",
   "admin.config.oauth.oidc-username-claim": "Revendication du nom d’utilisateur OpenID",
   "admin.config.oauth.oidc-username-claim.description": "Le champ contenant la revendication du nom d’utilisateur dans le jeton OpenID Connect. Laissez vide si vous ne savez pas quoi indiquer.",
+  "admin.config.oauth.oidc-role-path": "Chemin vers les rôles dans le jeton OpenID Connect",
+  "admin.config.oauth.oidc-role-path.description": "Doit être un chemin JMES valide référençant un tableau de rôles. " + "La gestion des droits d'accès en utilisant les rôles OpenID Connect n'est recommandée que si aucun autre fournisseur d'identité n'est configuré et que la connexion par mot de passe est désactivée. " + "Laissez vide si vous ne savez pas ce qu'est cette configuration.",
+  "admin.config.oauth.oidc-role-general-access": "Rôle OpenID Connect pour un accès général",
+  "admin.config.oauth.oidc-role-general-access.description": "Rôle requis pour un accès général. Doit être présent dans les rôles d'un utilisateur pour qu'il se connecte. " + "Laissez vide si vous ne savez pas ce qu'est cette configuration.",
+  "admin.config.oauth.oidc-role-admin-access": "Rôle OpenID Connect pour l'accès admin",
+  "admin.config.oauth.oidc-role-admin-access.description": "Rôle requis pour l'accès administratif. Doit être présent dans les rôles d'un utilisateur pour accéder au panneau d'administration. " + "Laissez vide si vous ne savez pas ce qu'est cette configuration.",
   "admin.config.oauth.oidc-client-id": "ID du client OpenID",
   "admin.config.oauth.oidc-client-id.description": "L’ID du client de l’application OAuth OpenID Connect",
   "admin.config.oauth.oidc-client-secret": "Secret du client OpenID",
   "admin.config.oauth.oidc-client-secret.description": "Le secret du client de l’application OAuth OpenID Connect",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Désolé, mais cette page n’existe pas.",
   "404.button.home": "Retour à l’accueil",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Le compte {0} est déjà associé à un autre compte.",
   "error.msg.not_linked": "Le compte {0} n’est pas encore associé à compte.",
   "error.msg.unverified_account": "Le compte {0} n'est pas vérifié, veuillez réessayer après vérification.",
-  "error.msg.discord_guild_permission_denied": "Vous n’êtes pas autorisé à vous authentifier.",
+  "error.msg.user_not_allowed": "Vous n’êtes pas autorisé à vous authentifier.",
   "error.msg.cannot_get_user_info": "Impossible d’obtenir vos informations utilisateur à partir du compte {0}.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/hu-HU.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Kétfaktoros hitelesítésre van szükség",
   "signIn.notify.totp-required.description": "Adja meg a másik úton kapott kódját",
   "signIn.oauth.or": "VAGY",
+  "signIn.oauth.signInWith": "Bejelentkezés a következővel",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Megosztás megengedett max mérete",
   "account.reverseShares.modal.send-email": "Email értesítés küldése",
   "account.reverseShares.modal.send-email.description": "Email értesítés arról, amikor a fordított megosztási hivatkozást használva megosztást hoznak létre.",
+  "account.reverseShares.modal.simplified": "Egyszerű mód",
+  "account.reverseShares.modal.simplified.description": "A fájlt feltöltő személy számára egyszerűsíthető az Önnel történő megosztás. A megosztásnak csak a neve és a leírása módosítható.",
+  "account.reverseShares.modal.public-access": "Nyilvános megosztás",
+  "account.reverseShares.modal.public-access.description": "A fordított megosztással létrehozott megosztások nyilvánossá tétele. Kikapcsolása esetén csak a megosztás létrehozója és Ön láthatja a megosztást.",
   "account.reverseShares.modal.max-use.label": "Megengedett alkalmak száma",
   "account.reverseShares.modal.max-use.description": "A megosztási hivatkozás megengedett felhasználási alkalmainak száma.",
   "account.reverseShare.never-expires": "Ez a fordított megosztás soha nem fog lejárni.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Ez a megosztás soha nem fog lejárni.",
   "upload.modal.completed.expires-on": "A megosztás lejárata: {expiration}.",
   "upload.modal.completed.share-ready": "A megosztás készen áll",
+  "upload.modal.completed.notified-reverse-share-creator": "Értesítettük a fordított megosztás létrehozóját. Ezt a linket kézzel is megoszthatja velük más csatornákon keresztül.",
   // END /upload
   // /share/[id]
   "share.title": "Megosztás: {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Korábban már eltávolított megosztás",
   "share.error.not-found.title": "Fel nem lelhető megosztás",
   "share.error.not-found.description": "A keresett megosztás nem létezik.",
+  "share.error.access-denied.title": "Privát megosztás",
+  "share.error.access-denied.description": "Ez a fiók nem rendelkezik jogosultsággal a megosztás eléréséhez",
   "share.modal.password.title": "Jelszó szükséges",
   "share.modal.password.description": "A megosztott tartalom eléréséhez adja meg a megosztás jelszavát.",
   "share.modal.password": "Jelszó",
@@ -294,8 +302,8 @@ export default {
   "admin.config.general.app-url.description": "A Pingvin Share megosztáskezelőre mutató hivatkozás",
   "admin.config.general.show-home-page": "Kezdőlap mutatása",
   "admin.config.general.show-home-page.description": "A kezdőlap mutatásának ki- és bekapcsolása",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "Munkamenet időtartama",
+  "admin.config.general.session-duration.description": "Annak az időtartamnak a megadása, amit követően a felhasználónak ismét be kell jelentkeznie (alapérték: 3 hónap).",
   "admin.config.general.logo": "Logó",
   "admin.config.general.logo.description": "A logó személyessé tételéhez töltsön fel egy új képet. A formátum legyen PNG, az oldalarány 1:1.",
   "admin.config.general.logo.placeholder": "Kép kiválasztása",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Jelszó",
   "admin.config.smtp.password.description": "Jelszó az SMTP kiszolgálón",
   "admin.config.smtp.button.test": "Teszt email küldése",
+  "admin.config.smtp.allow-unauthorized-certificates": "A jogosulatlan SMTP kiszolgáló tanúsítványok is megbízhatók",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Csak akkor engedélyezze ha saját aláírású tanúsítványok elfogadása is szükséges.",
   "admin.config.oauth.allow-registration": "Regisztráció engedélyezése",
   "admin.config.oauth.allow-registration.description": "A felhasználók közösségi bejelentkezésen át is regisztrálhatnak",
   "admin.config.oauth.ignore-totp": "TOTP mellőzése",
   "admin.config.oauth.ignore-totp.description": "TOTP mellőzése a közösségi bejelentkezést használó felhasználónál",
+  "admin.config.oauth.disable-password": "Jelszavas bejelentkezés letiltása",
+  "admin.config.oauth.disable-password.description": "A jelszavas bejelentkezés be- és kikapcsolása\nA letiltás előtt a kizáródás elkerülésére mindenképpen ellenőrizendő az OAuth szolgáltató megfelelő konfigurációja.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "GitHub bejelentkezés engedélyezése",
   "admin.config.oauth.github-client-id": "GitHub ügyfél ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Az OpenID Connect OAuth applikáció Discovery URI azonosítója",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect felhasználónév igény",
   "admin.config.oauth.oidc-username-claim.description": "Az OpenID Connect ID token felhasználónév igénye. Hagyja üresen ha nincs információja a beállításról.",
+  "admin.config.oauth.oidc-role-path": "Az OpenID Connect token szerepeinek elérési útvonala",
+  "admin.config.oauth.oidc-role-path.description": "Szerepkörökből álló tömbre hivatkozó érvényes JMES-útvonalnak kell lennie. " + "A belépési jogosultságok kezelésére az OpenID Connect szerepkörök csak más azonosító szolgáltatások hiányában és a jelszavas bejelentkezés letiltottsága mellett javasolt. " + "Hagyja üresen, ha nem tudja, mi ez a konfiguráció.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect szerepkör általános hozzáféréshez",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Hagyja üresen, ha nem tudja, mi ez a konfiguráció.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect szerepkör admin hozzáféréshez",
+  "admin.config.oauth.oidc-role-admin-access.description": "A rendszergazdai hozzáféréshez szükséges szerepkör. Meg kell lennie a felhasználó szerepkörében ahhoz, hogy hozzáférhessen az adminisztrációs panelhez. " + "Hagyja üresen, ha nem tudja, mi ez a konfiguráció.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect ügyfél ID azonosító",
   "admin.config.oauth.oidc-client-id.description": "Az OpenID Connect OAuth applikáció ügyfél ID azonosítója",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect ügyfél titok",
   "admin.config.oauth.oidc-client-secret.description": "Az OpenID Connect OAuth applikáció ügyfél titka",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "LDAP engedélyezve",
+  "admin.config.ldap.enabled.description": "LDAP hitelesítés használata a felhasználói beléptetéshez",
+  "admin.config.ldap.url": "Kiszolgáló URL",
+  "admin.config.ldap.url.description": "Az LDAP kiszolgáló URL címe",
+  "admin.config.ldap.bind-dn": "DN csatolása",
+  "admin.config.ldap.bind-dn.description": "A felhasználókeresés végrehajtásában használt alapértelmezett felhasználó",
+  "admin.config.ldap.bind-password": "Jelszó csatolása",
+  "admin.config.ldap.bind-password.description": "A felhasználókeresés felhasználójának jelszava",
+  "admin.config.ldap.search-base": "Felhasználóbázis",
+  "admin.config.ldap.search-base.description": "A felhasználókeresés végrehajtásának helye",
+  "admin.config.ldap.search-query": "Felhasználó lekérdezés",
+  "admin.config.ldap.search-query.description": "A felhasználó lekérdezés kísérli meg az LDAP felhasználó elérését a felhasználóbázisban. %username% helyettesítheti az adott felhasználónevet.",
+  "admin.config.ldap.admin-groups": "Admin csoport",
   // 404
   "404.description": "Hoppá - ez az oldal nem létezik.",
   "404.button.home": "Vissza a Kezdőlapra",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Ez a(z) {0} fiók már kapcsolódik egy másik fiókhoz.",
   "error.msg.not_linked": "Ez a(z){0} fiók még nem kapcsolódott egyetlen fiókhoz sem.",
   "error.msg.unverified_account": "Ezt a(z) {0} fiókot még nem igazolták vissza, kérem próbálja újra a megerősítés után.",
-  "error.msg.discord_guild_permission_denied": "Nem jelentkezhet be.",
+  "error.msg.user_not_allowed": "Nem jelentkezhet be.",
   "error.msg.cannot_get_user_info": "Nem nyerhető ki felhasználói információ ebből a(z) {0} fiókból.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/it-IT.ts

@@ -1,20 +1,20 @@
 export default {
   // Navbar
   "navbar.upload": "Carica",
-  "navbar.signin": "Registrati",
+  "navbar.signin": "Accedi",
   "navbar.home": "Home",
-  "navbar.signup": "Accedi",
+  "navbar.signup": "Registrati",
   "navbar.links.shares": "Le mie condivisioni",
   "navbar.links.reverse": "Condivisioni Inverse",
   "navbar.avatar.account": "Il mio account",
   "navbar.avatar.admin": "Amministrazione",
-  "navbar.avatar.signout": "Disconetti",
+  "navbar.avatar.signout": "Esci",
   // END navbar
   // /
-  "home.title": "Una piattaforma di condivisione di file <h>autohosted</h>.",
+  "home.title": "Una piattaforma di condivisione file <h>self-hosted</h>.",
   "home.description": "Vuoi davvero dare i tuoi file personali in mano a terzi come WeTransfer?",
   "home.bullet.a.name": "Self-hosted",
-  "home.bullet.a.description": "Ospita Pingvin Condividi sulla tua macchina.",
+  "home.bullet.a.description": "Configura Pingvin Share sul tuo server.",
   "home.bullet.b.name": "Privacy",
   "home.bullet.b.description": "I tuoi file sono i tuoi file e non dovrebbero mai entrare nelle mani di terzi.",
   "home.bullet.c.name": "Nessun fastidioso limite alle dimensioni dei files",
@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Autenticazione a due fattori richiesta",
   "signIn.notify.totp-required.description": "Inserisci il tuo codice di autenticazione a due fattori",
   "signIn.oauth.or": "OPPURE",
+  "signIn.oauth.signInWith": "Registrati con",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -114,7 +115,7 @@ export default {
   "account.shares.title": "Le mie condivisioni",
   "account.shares.title.empty": "È vuoto qui 👀",
   "account.shares.description.empty": "Non hai nessuna condivisione.",
-  "account.shares.button.create": "Creane uno",
+  "account.shares.button.create": "Creane una",
   "account.shares.info.title": "Condividi le informazioni",
   "account.shares.table.id": "ID",
   "account.shares.table.name": "Nome",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Dimensione massima della condivisione",
   "account.reverseShares.modal.send-email": "Invia una notifica via email",
   "account.reverseShares.modal.send-email.description": "Invia una notifica email quando viene creata una condivisione con questo link di condivisione inversa.",
+  "account.reverseShares.modal.simplified": "Modalità semplificata",
+  "account.reverseShares.modal.simplified.description": "Rendi facile la condivisione con te per la persona che carica il file. Potranno personalizzare solo il nome e la descrizione della condivisione.",
+  "account.reverseShares.modal.public-access": "Accesso pubblico",
+  "account.reverseShares.modal.public-access.description": "Rendi pubbliche le condivisioni create con questa condivisione inversa. Se disabilitata, solo tu e il creatore della condivisione potrete vederlo.",
   "account.reverseShares.modal.max-use.label": "Utilizzo massimo",
   "account.reverseShares.modal.max-use.description": "La quantità massima di volte che questo URL può essere usato per creare una condivisione.",
   "account.reverseShare.never-expires": "Questa condivisione inversa non scadrà mai.",
@@ -206,11 +211,11 @@ export default {
   "admin.shares.edit.delete.description": "Vuoi davvero cancellare questa condivisione?",
   // END /admin/shares
   // /upload
-  "upload.title": "Upload",
+  "upload.title": "Carica",
   "upload.notify.generic-error": "Si è verificato un errore durante il completamento della condivisione.",
   "upload.notify.count-failed": "Impossibile caricare {count} file. Riprovare.",
   // Dropzone.tsx
-  "upload.dropzone.title": "Upload files",
+  "upload.dropzone.title": "Carica File",
   "upload.dropzone.description": "Trascina qui i file per iniziare la tua condivisione. Possiamo accettare solo i file che sono inferiori a {maxSize} in totale.",
   "upload.dropzone.notify.file-too-big": "I tuoi file superano la dimensione massima di condivisione di {maxSize}.",
   // FileList.tsx
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Questa condivisione non scadrà mai.",
   "upload.modal.completed.expires-on": "Questa condivisione scadrà il {expiration}.",
   "upload.modal.completed.share-ready": "Condivisione pronta",
+  "upload.modal.completed.notified-reverse-share-creator": "Abbiamo avvisato il creatore della condivisione inversa. Puoi anche condividere manualmente questo link tramite altri mezzi.",
   // END /upload
   // /share/[id]
   "share.title": "Condividi {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Condivisione rimossa",
   "share.error.not-found.title": "Condivisione non trovata",
   "share.error.not-found.description": "La condivisione che stai cercando non esiste.",
+  "share.error.access-denied.title": "Condivisione privata",
+  "share.error.access-denied.description": "L' account non ha il premesso di accedere a questa condivisione",
   "share.modal.password.title": "Password richiesta",
   "share.modal.password.description": "Per accedere a questa condivisione inserisci la password.",
   "share.modal.password": "Password",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Password",
   "admin.config.smtp.password.description": "Password del server SMTP",
   "admin.config.smtp.button.test": "Invia e-mail di prova",
+  "admin.config.smtp.allow-unauthorized-certificates": "Fidati di certificati server SMTP non autorizzati",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Imposta il parametro a \"vero\" solo se vuoi fidarti di certificati self signed.",
   "admin.config.oauth.allow-registration": "Consenti la registrazione",
   "admin.config.oauth.allow-registration.description": "Consenti agli utenti di registrarsi tramite social login",
   "admin.config.oauth.ignore-totp": "Ignora TOTP",
   "admin.config.oauth.ignore-totp.description": "Indica se ignorare TOTP quando l'utente utilizza il social login",
+  "admin.config.oauth.disable-password": "Disabilita l'accesso tramite password",
+  "admin.config.oauth.disable-password.description": "Nel caso di disabilitazione della password di accesso\nAssicurarti di aver configurato correttamente un provider OAuth prima di attivare questa configurazione, per evitare di essere bloccato fuori dal servizio.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Se l'accesso tramite GitHub è abilitato",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "URI di scoperta dell'app OAuth di OpenID Connect",
   "admin.config.oauth.oidc-username-claim": "Richiesta nome utente OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Nome utente nel token OpenID Connect. Lascialo vuoto se non sai cos'è questa configurazione.",
+  "admin.config.oauth.oidc-role-path": "Percorso verso i ruoli in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Deve essere un percorso JMES valido che faccia riferimento a una serie di ruoli. " + "La gestione dei diritti di accesso utilizzando i ruoli OpenID Connect è consigliata solo se nessun altro provider d'identità è configurato e l'accesso tramite password è disabilitato. " + "Lascialo vuoto se non sai cosa sia questa configurazione.",
+  "admin.config.oauth.oidc-role-general-access": "Ruolo OpenID Connect per l'accesso generale",
+  "admin.config.oauth.oidc-role-general-access.description": "Ruolo richiesto per l'accesso generale. Deve essere presente nei ruoli di un utente affinché possa accedere. " + "Lascialo vuoto se non sai cosa sia questa configurazione.",
+  "admin.config.oauth.oidc-role-admin-access": "Ruolo OpenID Connect per l'accesso amministrativo",
+  "admin.config.oauth.oidc-role-admin-access.description": "Ruolo richiesto per l'accesso amministrativo. Deve essere presente nei ruoli di un utente per accedere al pannello di amministrazione. " + "Lascialo vuoto se non sai cosa sia questa configurazione.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID dell'app OAuth di OpenID Connect",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret dell'app OAuth OpenID Connect",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Ops, questa pagina non esiste.",
   "404.button.home": "Riportami a casa",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Questo account {0} è già collegato ad un altro account.",
   "error.msg.not_linked": "Questo account {0} non è ancora collegato ad alcun account.",
   "error.msg.unverified_account": "Questo account {0} non è verificato, per favore riprova dopo la verifica.",
-  "error.msg.discord_guild_permission_denied": "Non sei autorizzato ad accedere.",
+  "error.msg.user_not_allowed": "Non sei autorizzato ad accedere.",
   "error.msg.cannot_get_user_info": "Non è possibile ottenere le informazioni utente da questo account {0}.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/ja-JP.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "二段階認証が必要です",
   "signIn.notify.totp-required.description": "二段階認証コードを入力してください",
   "signIn.oauth.or": "または",
+  "signIn.oauth.signInWith": "サインインの方法",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -57,7 +58,7 @@ export default {
   // /auth/reset-password
   "resetPassword.title": "パスワードを忘れてしまいましたか？",
   "resetPassword.description": "登録しているメールアドレスを入力してください。",
-  "resetPassword.notify.success": "A message with a link to reset your password has been sent if the email exists.",
+  "resetPassword.notify.success": "電子メールが存在する場合、パスワードをリセットするためのリンクを含むメッセージが送信されました。",
   "resetPassword.button.back": "サインインページに戻る",
   "resetPassword.text.resetPassword": "パスワードをリセット",
   "resetPassword.text.enterNewPassword": "新規パスワードを入力",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "最大ファイルサイズ",
   "account.reverseShares.modal.send-email": "メール通知を送信",
   "account.reverseShares.modal.send-email.description": "このファイルリクエストリンクを使用して、ファイルがアップロードされた場合にメールで通知します。",
+  "account.reverseShares.modal.simplified": "シンプルモード",
+  "account.reverseShares.modal.simplified.description": "ファイルをアップロードする人が簡単に共有できるようにします。共有の名前と説明のみをカスタマイズできます。",
+  "account.reverseShares.modal.public-access": "公開アクセス",
+  "account.reverseShares.modal.public-access.description": "このファイルリクエストで作成された共有を公開にします。無効にすると、あなたと共有の作成者のみが閲覧できます。",
   "account.reverseShares.modal.max-use.label": "最大回数",
   "account.reverseShares.modal.max-use.description": "このURLを使用してファイルをアップロードできる最大回数です。",
   "account.reverseShare.never-expires": "このファイルリクエストリンクは期限切れになりません。",
@@ -169,7 +174,7 @@ export default {
   // /admin
   "admin.title": "管理画面",
   "admin.button.users": "ユーザー管理",
-  "admin.button.shares": "Share management",
+  "admin.button.shares": "共有管理",
   "admin.button.config": "設定",
   "admin.version": "バージョン",
   // END /admin
@@ -197,13 +202,13 @@ export default {
   "admin.users.modal.create.admin.description": "チェックされている場合、ユーザーは管理画面にアクセスできるようになります。",
   // END /admin/users
   // /admin/shares
-  "admin.shares.title": "Share management",
-  "admin.shares.table.id": "Share ID",
-  "admin.shares.table.username": "Creator",
-  "admin.shares.table.visitors": "Visitors",
-  "admin.shares.table.expires": "Expires At",
-  "admin.shares.edit.delete.title": "Delete share {id}",
-  "admin.shares.edit.delete.description": "Do you really want to delete this share?",
+  "admin.shares.title": "共有管理",
+  "admin.shares.table.id": "共有ID",
+  "admin.shares.table.username": "作成者",
+  "admin.shares.table.visitors": "訪問者",
+  "admin.shares.table.expires": "有効期限",
+  "admin.shares.edit.delete.title": "共有 {id} を削除",
+  "admin.shares.edit.delete.description": "この共有を削除してもよろしいですか？",
   // END /admin/shares
   // /upload
   "upload.title": "アップロード",
@@ -239,9 +244,9 @@ export default {
   "upload.modal.expires.month-plural": "ヶ月間",
   "upload.modal.expires.year-singular": "年間",
   "upload.modal.expires.year-plural": "年間",
-  "upload.modal.accordion.name-and-description.title": "Name and description",
-  "upload.modal.accordion.name-and-description.name.placeholder": "Name",
-  "upload.modal.accordion.name-and-description.description.placeholder": "Note for the recipients of this share",
+  "upload.modal.accordion.name-and-description.title": "名前と説明",
+  "upload.modal.accordion.name-and-description.name.placeholder": "名前",
+  "upload.modal.accordion.name-and-description.description.placeholder": "この共有に関する受信者へのメモ",
   "upload.modal.accordion.email.title": "メールで受け取る相手",
   "upload.modal.accordion.email.placeholder": "メールの宛先を入力",
   "upload.modal.accordion.email.invalid-email": "無効なメールアドレスです",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "この共有は期限切れになりません。",
   "upload.modal.completed.expires-on": "この共有は、{expiration} に期限切れとなります。",
   "upload.modal.completed.share-ready": "共有の準備ができました",
+  "upload.modal.completed.notified-reverse-share-creator": "ファイルリクエストの作成者に通知しました。他の手段でこのリンクを手動で共有することもできます。",
   // END /upload
   // /share/[id]
   "share.title": "「{shareId}」が共有されました",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "共有が削除されました",
   "share.error.not-found.title": "共有が見つかりません",
   "share.error.not-found.description": "お探しの共有が見つかりません。",
+  "share.error.access-denied.title": "プライベートシェア",
+  "share.error.access-denied.description": "現在のアカウントにはこの共有にアクセスする権限がありません",
   "share.modal.password.title": "パスワードが必要です",
   "share.modal.password.description": "この共有にアクセスするには、共有相手から伝えられているパスワードを入力してください。",
   "share.modal.password": "パスワード",
@@ -273,7 +281,7 @@ export default {
   "share.table.name": "ファイル名",
   "share.table.size": "サイズ",
   "share.modal.file-preview.error.not-supported.title": "プレビューに対応していません",
-  "share.modal.file-preview.error.not-supported.description": "A preview for this file type is unsupported. Please download the file to view it.",
+  "share.modal.file-preview.error.not-supported.description": "このファイルタイプのプレビューはサポートされていません。ファイルをダウンロードして表示してください。",
   // END /share/[id]
   // /share/[id]/edit
   "share.edit.title": "編集 {shareId}",
@@ -294,8 +302,8 @@ export default {
   "admin.config.general.app-url.description": "Pingvin Shareで利用できるURL",
   "admin.config.general.show-home-page": "ホームページを表示する",
   "admin.config.general.show-home-page.description": "ホームページを表示するかどうか選択",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "セッション期間",
+  "admin.config.general.session-duration.description": "ユーザーが再度ログインする必要がある時間（時間単位）（デフォルト: 3 か月）。",
   "admin.config.general.logo": "ロゴ",
   "admin.config.general.logo.description": "新しい画像をアップロードしてロゴを変更できます。画像は、PNG形式でアスペクト比が1:1である必要があります。",
   "admin.config.general.logo.placeholder": "画像を選択",
@@ -327,10 +335,10 @@ export default {
   "admin.config.share.max-size.description": "最大ファイルサイズ（byte単位）",
   "admin.config.share.zip-compression-level": "Zip圧縮レベル",
   "admin.config.share.zip-compression-level.description": "ファイルサイズと圧縮速度のバランスを取るように、レベルを調整できます。有効な値は0～9の間で、0が無圧縮、9で最大限の圧縮となります。 ",
-  "admin.config.share.chunk-size": "Chunk size",
-  "admin.config.share.chunk-size.description": "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
-  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.chunk-size": "チャンクサイズ",
+  "admin.config.share.chunk-size.description": "インターネット接続に応じてアップロードのチャンクサイズ（バイト単位）を調整し、効率と信頼性のバランスを取ってください。不安定な接続の場合、チャンクサイズを小さくすることでアップロード成功率を高めることができ、安定した接続の場合、チャンクサイズを大きくすることでアップロード速度を速めることができます。",
+  "admin.config.share.auto-open-share-modal": "共有モーダルを自動的に開く",
+  "admin.config.share.auto-open-share-modal.description": "ユーザーがファイルを選択すると、共有作成モーダルが自動的に表示されるため、手動でボタンをクリックする必要がありません。",
   "admin.config.smtp.enabled": "有効",
   "admin.config.smtp.enabled.description": "SMTPを有効にするかどうかを選択してください。SMTPサーバーのホスト名、ポート番号、電子メールアドレス、ユーザー名、パスワードが入力されている場合にのみ、有効にしてください。",
   "admin.config.smtp.host": "ホスト名",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "パスワード",
   "admin.config.smtp.password.description": "SMTPサーバーのパスワード",
   "admin.config.smtp.button.test": "テストメールを送信",
+  "admin.config.smtp.allow-unauthorized-certificates": "許可されていない SMTP サーバー証明書を信頼します",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "自己署名証明書を信頼する必要がある場合にのみ、これをtrueに設定してください。",
   "admin.config.oauth.allow-registration": "登録を許可する",
   "admin.config.oauth.allow-registration.description": "ユーザーにソーシャルアカウント経由での登録を許可します",
   "admin.config.oauth.ignore-totp": "二段階認証を無視する",
   "admin.config.oauth.ignore-totp.description": "ソーシャルログイン時に二段階認証を無視するかどうかを設定します",
+  "admin.config.oauth.disable-password": "パスワードログインを無効にする",
+  "admin.config.oauth.disable-password.description": "パスワードログインを無効にするかどうか\nロックアウトされないように、この設定を有効にする前にOAuthプロバイダーが適切に設定されていることを確認してください。",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "GitHubアカウントを使用したログインを許可するかどうかを設定します",
   "admin.config.oauth.github-client-id": "GitHub クライアントID",
@@ -370,22 +382,42 @@ export default {
   "admin.config.oauth.microsoft-client-secret.description": "Microsoft OAuthアプリのクライアントシークレット",
   "admin.config.oauth.discord-enabled": "Discord",
   "admin.config.oauth.discord-enabled.description": "Discordアカウントを使用したログインを許可するかどうかを設定します",
-  "admin.config.oauth.discord-limited-guild": "Discord limited server ID",
-  "admin.config.oauth.discord-limited-guild.description": "Limit signing in to users in a specific server. Leave it blank to disable.",
+  "admin.config.oauth.discord-limited-guild": "Discord限定サーバーID",
+  "admin.config.oauth.discord-limited-guild.description": "特定のサーバーのユーザーにサインインを制限します。無効にするには空白のままにしてください。",
   "admin.config.oauth.discord-client-id": "Discord クライアントID",
   "admin.config.oauth.discord-client-id.description": "Discord OAuthアプリのクライアントID",
   "admin.config.oauth.discord-client-secret": "Discord クライアントシークレット",
   "admin.config.oauth.discord-client-secret.description": "Discord OAuthアプリのクライアントシークレット",
   "admin.config.oauth.oidc-enabled": "OpenID Connect",
-  "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
+  "admin.config.oauth.oidc-enabled.description": "OpenID Connect のログインが有効かを設定します",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
-  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
-  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
-  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
-  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
-  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-discovery-uri.description": "OpenID OAuthアプリのDiscovery URI",
+  "admin.config.oauth.oidc-username-claim": "OpenID Connect ユーザー名の要求",
+  "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID トークンのユーザー名要求。この設定が何かわからない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-role-path": "OpenID Connectトークンのロールへのパス",
+  "admin.config.oauth.oidc-role-path.description": "ロールの配列を参照する有効なJMESパスでなければなりません。" + "OpenID Connectのロールを使用してアクセス権を管理することは、他のIDプロバイダが設定されておらず、パスワードログインが無効になっている場合にのみ推奨されます。この構成がわからない場合は空白のままにしてください。" + "この設定が何であるか分からない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-role-general-access": "一般的なアクセスのためのOpenID Connectのロール",
+  "admin.config.oauth.oidc-role-general-access.description": "一般的なアクセスに必要なロール。ログインするユーザーのロールに存在する必要があります。 " + "この設定が何であるか分からない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-role-admin-access": "管理者アクセスのための OpenID Connectのロール",
+  "admin.config.oauth.oidc-role-admin-access.description": "管理者アクセスに必要なロール。管理パネルにアクセスするためには、ユーザのロールに存在する必要があります。" + "この設定が何であるか分からない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-client-id": "OpenID Connect クライアントID",
+  "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth アプリのクライアント ID",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
-  "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-client-secret.description": "OpenID Connect OAuthアプリのクライアントシークレット",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "ページが見つかりません。",
   "404.button.home": "ホームに戻る",
@@ -396,14 +428,14 @@ export default {
   "error.msg.default": "問題が発生しました。",
   "error.msg.access_denied": "認証処理を中止しました、後で再度お試しください。",
   "error.msg.expired_token": "認証処理に時間がかかりすぎています、後で再度お試しください。",
-  "error.msg.invalid_token": "Internal Error",
+  "error.msg.invalid_token": "内部エラー",
   "error.msg.no_user": "この{0} アカウントにリンクしたユーザーが存在しません。",
   "error.msg.no_email": "この{0} アカウントからメールアドレスを取得出来ません。",
   "error.msg.already_linked": "この{0} アカウントは、既に別のアカウントにリンクされています。",
   "error.msg.not_linked": "この{0} アカウントはどのアカウントにもリンクされていません。",
-  "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
-  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
+  "error.msg.unverified_account": "この {0} アカウントは認証されていません。認証後にもう一度お試しください。",
+  "error.msg.user_not_allowed": "サインインできません。",
+  "error.msg.cannot_get_user_info": "この {0} アカウントからユーザー情報を取得できません。",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",
   "error.param.provider_microsoft": "Microsoft",
@@ -421,10 +453,10 @@ export default {
   "common.button.generate": "生成",
   "common.button.done": "完了",
   "common.text.link": "リンク",
-  "common.text.navigate-to-link": "Go to the link",
+  "common.text.navigate-to-link": "リンクへ移動",
   "common.text.or": "または",
   "common.button.go-back": "戻る",
-  "common.button.go-home": "Go home",
+  "common.button.go-home": "ホームに戻る",
   "common.notify.copied": "リンクをクリップボードにコピーしました",
   "common.success": "成功",
   "common.error": "エラー",

frontend/src/i18n/translations/ko-KR.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "2단계 인증이 필요합니다",
   "signIn.notify.totp-required.description": "2단계 인증 코드를 입력해주세요",
   "signIn.oauth.or": "또는",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "깃허브",
   "signIn.oauth.google": "구글",
   "signIn.oauth.microsoft": "마이크로소프트",
@@ -44,10 +45,10 @@ export default {
   "signup.title": "계정 만들기",
   "signup.description": "이미 계정이 있으신가요?",
   "signup.button.signin": "로그인",
-  "signup.input.username": "사용자 이름",
-  "signup.input.username.placeholder": "당신의 사용지 이름",
+  "signup.input.username": "사용자명",
+  "signup.input.username.placeholder": "귀하의 사용자명",
   "signup.input.email": "이메일",
-  "signup.input.email.placeholder": "당신의 이메일",
+  "signup.input.email.placeholder": "귀하의 이메일",
   "signup.button.submit": "시작하기",
   // END /auth/signup
   // /auth/totp
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "최대 공유 크기",
   "account.reverseShares.modal.send-email": "이메일 알림 보내기",
   "account.reverseShares.modal.send-email.description": "이 역방향 공유 링크를 사용하여 공유가 생성되면 이메일 알림을 보냅니다.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "공유 생성 제한",
   "account.reverseShares.modal.max-use.description": "이 URL을 사용하여 공유를 생성할 수 있는 최대 횟수입니다.",
   "account.reverseShare.never-expires": "이 역공유 링크는 만료되지 않습니다.",
@@ -254,17 +259,20 @@ export default {
   "upload.modal.completed.never-expires": "이 공유 만료되지 않습니다.",
   "upload.modal.completed.expires-on": "이 공유는 {expiration} 에 만료됩니다.",
   "upload.modal.completed.share-ready": "공유 준비",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "공유 {shareId}",
   "share.description": "내가 당신과 공유한 것을 보세요!",
-  "share.error.visitor-limit-exceeded.title": "방문자 제한 초과",
-  "share.error.visitor-limit-exceeded.description": "The visitor limit from this share has been exceeded.",
+  "share.error.visitor-limit-exceeded.title": "방문자 한도 초과",
+  "share.error.visitor-limit-exceeded.description": "이 공유의 방문자 한도를 초과했습니다.",
   "share.error.removed.title": "공유가 삭제됨",
   "share.error.not-found.title": "공유를 찾을 수 없습니다.",
   "share.error.not-found.description": "당신이 찾는 공유는 존재하지 않습니다.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "비밀번호 필요",
-  "share.modal.password.description": "이 공유에 액세스하려면 공유의 암호를 입력하십시오.",
+  "share.modal.password.description": "이 공유에 접근하려면 공유의 암호를 입력하십시오.",
   "share.modal.password": "비밀번호",
   "share.modal.error.invalid-password": "잘못된 비밀번호",
   "share.button.download-all": "모두 다운로드",
@@ -289,13 +297,13 @@ export default {
   "admin.config.category.smtp": "SMTP",
   "admin.config.category.oauth": "소셜 로그인",
   "admin.config.general.app-name": "앱 이름",
-  "admin.config.general.app-name.description": "Name of the application",
+  "admin.config.general.app-name.description": "이 앱의 이름",
   "admin.config.general.app-url": "앱 URL",
   "admin.config.general.app-url.description": "Pingvin Share를 사용할 수 있는 URL",
   "admin.config.general.show-home-page": "홈 페이지 표시",
-  "admin.config.general.show-home-page.description": "홈 페이지를 표시할지 여부를 점검하십시오.",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.show-home-page.description": "홈 페이지를 표시할지 여부",
+  "admin.config.general.session-duration": "세션 기간",
+  "admin.config.general.session-duration.description": "사용자가 다시 로그인해야 하는 시간 (기본값: 3개월)",
   "admin.config.general.logo": "로고",
   "admin.config.general.logo.description": "새 이미지를 업로드하여 로고를 변경하십시오. 이미지는 PNG여야 하며 1:1 비율이어야 합니다.",
   "admin.config.general.logo.placeholder": "이미지 선택",
@@ -305,9 +313,9 @@ export default {
   "admin.config.email.share-recipients-subject.description": "공유 수신자에게 전송되는 이메일의 제목입니다.",
   "admin.config.email.share-recipients-message": "수신자 메시지 공유",
   "admin.config.email.share-recipients-message.description": "공유 수신자에게 보내는 메시지입니다. 사용 가능한 변수:\n {creator} - 공유 작성자의 사용자 이름\n {shareUrl} - 공유의 URL\n {desc} - 공유에 대한 설명\n {expires} - 공유 만료일\n 변수는 실제 값으로 대체됩니다.",
-  "admin.config.email.reverse-share-subject": "역공유 제목",
+  "admin.config.email.reverse-share-subject": "역방향 공유 제목",
   "admin.config.email.reverse-share-subject.description": "누군가 당신이 공유한 역방향 공유 링크를 사용하여 공유를 생성했을 때 전송되는 이메일의 제목입니다.",
-  "admin.config.email.reverse-share-message": "역공유 메시지",
+  "admin.config.email.reverse-share-message": "역방향 공유 메시지",
   "admin.config.email.reverse-share-message.description": "누군가 귀하의 역방향 공유 링크를 사용하여 공유를 생성하면 전송되는 메시지입니다.. {shareUrl} 은 작성자 이름 및 공유 URL로 대체됩니다.",
   "admin.config.email.reset-password-subject": "비밀번호 재설정 제목",
   "admin.config.email.reset-password-subject.description": "사용자가 암호 재설정을 요청할 때 전송되는 메일의 제목입니다.",
@@ -321,16 +329,16 @@ export default {
   "admin.config.share.allow-registration.description": "등록 가능 여부",
   "admin.config.share.allow-unauthenticated-shares": "인증되지 않은 공유 허용",
   "admin.config.share.allow-unauthenticated-shares.description": "인증되지 않은 사용자가 공유를 생성할 수 있는지 여부",
-  "admin.config.share.max-expiration": "최대 만료일",
-  "admin.config.share.max-expiration.description": "최대 공유 만료 시간입니다. 만료 기간을 설정하지 않는경우 0으로 설정합니다.",
+  "admin.config.share.max-expiration": "최대 만료 시간",
+  "admin.config.share.max-expiration.description": "공유의 최대 만료 시간. 무제한 만료를 허용하려면 0으로 설정하세요.",
   "admin.config.share.max-size": "최대 크기",
-  "admin.config.share.max-size.description": "공유 최대 크기 - 바이트",
-  "admin.config.share.zip-compression-level": "압축 레벨",
+  "admin.config.share.max-size.description": "공유의 최대 크기 (바이트)",
+  "admin.config.share.zip-compression-level": "Zip 압축 레벨",
   "admin.config.share.zip-compression-level.description": "파일 크기와 압축 속도 간의 균형을 맞추도록 레벨을 조정합니다. 유효한 값의 범위는 0에서 9까지이며, 0은 압축되지 않고 9는 최대 압축입니다. ",
   "admin.config.share.chunk-size": "청크 크기",
   "admin.config.share.chunk-size.description": "업로드할 청크 크기(바이트 단위)를 조정하여 인터넷 연결에 따라 효율성과 신뢰성의 균형을 유지합니다. 더 작은 청크는 불안정한 연결에 대한 성공률을 향상시킬 수 있고, 더 큰 청크는 안정적인 연결에 대한 업로드 속도를 높일 수 있습니다.",
-  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.auto-open-share-modal": "공유 생성 창 자동 열기",
+  "admin.config.share.auto-open-share-modal.description": "사용자가 파일을 선택하면 공유 생성 창이 자동으로 나타나서 버튼을 수동으로 클릭할 필요가 없습니다.",
   "admin.config.smtp.enabled": "활성화됨",
   "admin.config.smtp.enabled.description": "SMTP 사용 여부 SMTP 서버의 호스트, 포트, 전자 메일, 사용자 및 암호를 입력한 경우에만 true로 설정합니다.",
   "admin.config.smtp.host": "호스트",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "비밀번호",
   "admin.config.smtp.password.description": "SMTP 서버 비밀번호",
   "admin.config.smtp.button.test": "테스트 이메일 보내기",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "가입 허용",
   "admin.config.oauth.allow-registration.description": "사용자가 소셜 로그인을 통해 등록할 수 있도록 허용",
   "admin.config.oauth.ignore-totp": "TOTP 무시",
   "admin.config.oauth.ignore-totp.description": "사용자가 소셜 로그인을 사용하는 경우 TOTP를 무시할 것인지 여부",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "깃허브",
   "admin.config.oauth.github-enabled.description": "깃허브 로그인 사용 여부",
   "admin.config.oauth.github-client-id": "GitHub 클라이언트 ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID 토큰의 Username claim 입니다. 이 구성이 무엇인지 모르면 비워 둡니다.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect 클라이언트 ID",
   "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth 앱의 클라이언트 ID",
   "admin.config.oauth.oidc-client-secret": "OpenID 클라이언트 secret",
   "admin.config.oauth.oidc-client-secret.description": "OpenID Connect OAuth 앱의 클라이언트 secret",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "이런, 이 페이지는 존재하지 않습니다.",
   "404.button.home": "나를 집으로 데려다 줘",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "이 {0} 계정은 이미 다른 계정에 연결되어 있습니다.",
   "error.msg.not_linked": "이 {0} 계정은 아직 어떤 계정에도 연결되지 않았습니다.",
   "error.msg.unverified_account": "이 {0} 계정은 확인되지 않았습니다. 확인 후 다시 시도하십시오.",
-  "error.msg.discord_guild_permission_denied": "로그인할 수 없습니다.",
+  "error.msg.user_not_allowed": "로그인할 수 없습니다.",
   "error.msg.cannot_get_user_info": "이 {0} 계정에서 사용자 정보를 가져올 수 없습니다",
   "error.param.provider_github": "깃허브",
   "error.param.provider_google": "구글",

frontend/src/i18n/translations/nl-BE.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Tweestapsverificatie vereist",
   "signIn.notify.totp-required.description": "Voer uw tweestapsverificatiecode in",
   "signIn.oauth.or": "OF",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Maximale share-grootte",
   "account.reverseShares.modal.send-email": "Stuur e-mailnotificatie",
   "account.reverseShares.modal.send-email.description": "Stuur een e-mailnotificatie wanneer er bestanden zijn gedeeld via deze omgekeerde share link.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Maximaal gebruikte keren",
   "account.reverseShares.modal.max-use.description": "Maximale keren dat deze URL gebruikt kan worden om een share aan te maken.",
   "account.reverseShare.never-expires": "Deze omgekeerde share zal nooit verlopen.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Deze omgekeerde share zal nooit verlopen.",
   "upload.modal.completed.expires-on": "Deze omgekeerde share verloopt op {expiration}.",
   "upload.modal.completed.share-ready": "Share is gereed",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Share {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Share was verwijderd",
   "share.error.not-found.title": "Share niet gevonden",
   "share.error.not-found.description": "De share die u zoekt kan niet gevonden worden.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Wachtwoord vereist",
   "share.modal.password.description": "Vul een wachtwoord in om toegang te krijgen tot deze share.",
   "share.modal.password": "Wachtwoord",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Wachtwoord",
   "admin.config.smtp.password.description": "Wachtwoord van de SMTP-server",
   "admin.config.smtp.button.test": "Teste-mail verzenden",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Sta registratie toe",
   "admin.config.oauth.allow-registration.description": "Gebruikers toestaan zich te registreren via sociale login",
   "admin.config.oauth.ignore-totp": "TOTP negeren",
   "admin.config.oauth.ignore-totp.description": "TOTP negeren wanneer gebruiker sociale login gebruikt",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Ofdat GitHub login is ingeschakeld",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI van de OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Gebruikersnaam claim in OpenID Connect-ID-token. Laat het leeg als u niet weet wat deze configuratie is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "Client-ID OpenID Connect",
   "admin.config.oauth.oidc-client-id.description": "Client-ID van de OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret van de OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Oeps, deze pagina bestaat niet.",
   "404.button.home": "Breng me terug naar huis",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Dit {0} account is al gekoppeld aan een ander account.",
   "error.msg.not_linked": "Dit {0} account is nog aan geen enkel account gekoppeld.",
   "error.msg.unverified_account": "Dit {0} account is nog niet geverifieerd, probeer het opnieuw na de verificatie.",
-  "error.msg.discord_guild_permission_denied": "U heeft geen toestemming om in te loggen.",
+  "error.msg.user_not_allowed": "U heeft geen toestemming om in te loggen.",
   "error.msg.cannot_get_user_info": "Kan uw gebruikersgegevens van dit {0} account niet ophalen.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/pl-PL.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Wymagane jest uwierzytelnianie dwuetapowe",
   "signIn.notify.totp-required.description": "Wprowadź kod uwierzytelniania dwuetapowego",
   "signIn.oauth.or": "LUB",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Maksymalny rozmiar udziału",
   "account.reverseShares.modal.send-email": "Wysyłanie powiadomienia e-mail",
   "account.reverseShares.modal.send-email.description": "Wyślij powiadomienie e-mail, gdy udostępnianie zostanie utworzone za pomocą linku udostępniania odwrotnego.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Limit użyć",
   "account.reverseShares.modal.max-use.description": "Maksymalna ilość razy, kiedy ten adres URL może być użyty do utworzenia udostępniania.",
   "account.reverseShare.never-expires": "To udostępnienie odwrotne nigdy nie wygasa.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "To udostępnienie nigdy nie wygaśnie.",
   "upload.modal.completed.expires-on": "To udostępnienie wygaśnie dnia {expiration}.",
   "upload.modal.completed.share-ready": "Udostępnianie gotowe",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Udostępnij {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Udostępnianie usunięte",
   "share.error.not-found.title": "Nie znaleziono udziału",
   "share.error.not-found.description": "Udział, który szukasz, nie istnieje.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Wymagane hasło",
   "share.modal.password.description": "Aby uzyskać dostęp do tego udziału, wprowadź hasło.",
   "share.modal.password": "Hasło",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Hasło",
   "admin.config.smtp.password.description": "Hasło serwera SMTP",
   "admin.config.smtp.button.test": "Wyślij testowego e-maila",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Zezwól na rejestrację",
   "admin.config.oauth.allow-registration.description": "Zezwalaj użytkownikom na rejestrację za pomocą konta społecznościowego",
   "admin.config.oauth.ignore-totp": "Ignoruj TOTP",
   "admin.config.oauth.ignore-totp.description": "Czy zignorować TOTP, kiedy użytkownik loguje się za pomocą konta społecznościowego",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Czy login na GitHub jest włączony",
   "admin.config.oauth.github-client-id": "ID klienta GitHub",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Wykrywanie URI OAuth aplikacji OpenID Connect",
   "admin.config.oauth.oidc-username-claim": "Żądanie nazwy użytkownika OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Żądanie nazwy użytkownika w tokenie identyfikatora OpenID Connect. Jeśli nie wiesz, czym jest ta konfiguracja, pozostaw pustą.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "Identyfikator klienta OpenID Connect",
   "admin.config.oauth.oidc-client-id.description": "Identyfikator klienta OAuth aplikacji OpenID Connect",
   "admin.config.oauth.oidc-client-secret": "Sekret klienta OpenID Connect",
   "admin.config.oauth.oidc-client-secret.description": "Sekret klienta OAuth aplikacji OpenID Connect",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Ups! Ta strona nie istnieje.",
   "404.button.home": "Wróć do strony domowej",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "To konto {0} zostało już połączone z innym kontem.",
   "error.msg.not_linked": "To konto {0} nie zostało jeszcze połączone z żadnym kontem.",
   "error.msg.unverified_account": "To konto {0} nie zostało zweryfikowane, spróbuj ponownie po weryfikacji.",
-  "error.msg.discord_guild_permission_denied": "Nie możesz się zalogować.",
+  "error.msg.user_not_allowed": "Nie możesz się zalogować.",
   "error.msg.cannot_get_user_info": "Nie można uzyskać informacji o użytkowniku z tego konta {0}.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/pt-BR.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Autenticação de dois fatores necessária",
   "signIn.notify.totp-required.description": "Insira seu código de autenticação de dois fatores",
   "signIn.oauth.or": "OU",
+  "signIn.oauth.signInWith": "Iniciar sessão com",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Tamanho máximo do compartilhamento",
   "account.reverseShares.modal.send-email": "Enviar notificação por e-mail",
   "account.reverseShares.modal.send-email.description": "Enviar uma notificação por e-mail quando um compartilhamento for criado com este link reverso.",
+  "account.reverseShares.modal.simplified": "Modo simples",
+  "account.reverseShares.modal.simplified.description": "Facilite o upload da pessoa para compartilhar o arquivo com você. Eles serão capazes de personalizar somente o nome e a descrição do compartilhamento.",
+  "account.reverseShares.modal.public-access": "Acesso público",
+  "account.reverseShares.modal.public-access.description": "Faça os compartilhamentos criados com este compartilhamento reverso público. Se desativado, somente você e o criador do compartilhamento poderão visualizá-lo.",
   "account.reverseShares.modal.max-use.label": "Limite de uso",
   "account.reverseShares.modal.max-use.description": "A quantidade máxima de vezes que esta URL pode ser usada para criar um compartilhamento.",
   "account.reverseShare.never-expires": "Este compartilhamento reverso nunca irá expirar.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Este compartilhamento reverso nunca irá expirar.",
   "upload.modal.completed.expires-on": "Este compartilhamento reverso irá expirar em {expiration}.",
   "upload.modal.completed.share-ready": "Compartilhamento pronto",
+  "upload.modal.completed.notified-reverse-share-creator": "Nós notificamos o criador do compartilhamento reverso. Você também pode compartilhar este link manualmente com ele por outros meios.",
   // END /upload
   // /share/[id]
   "share.title": "Compartilhar {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Compartilhamento removido",
   "share.error.not-found.title": "Compartilhamento não encontrado",
   "share.error.not-found.description": "O compartilhamento que você procura não existe.",
+  "share.error.access-denied.title": "Compartilhamento privado",
+  "share.error.access-denied.description": "A conta atual não tem permissão para acessar este compartilhamento",
   "share.modal.password.title": "Senha necessária",
   "share.modal.password.description": "Para acessar este compartilhamento, por favor digite a senha para o compartilhamento.",
   "share.modal.password": "Senha",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Senha",
   "admin.config.smtp.password.description": "Senha do servidor SMTP",
   "admin.config.smtp.button.test": "Enviar email de teste",
+  "admin.config.smtp.allow-unauthorized-certificates": "Confiar em certificados de servidor SMTP não autorizados",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Apenas defina isso como verdadeiro se você precisar confiar nos certificados auto-assinados.",
   "admin.config.oauth.allow-registration": "Permitir registro",
   "admin.config.oauth.allow-registration.description": "Permitir que os usuários se registrem através do login de redes sociais",
   "admin.config.oauth.ignore-totp": "Ignorar TOTP",
   "admin.config.oauth.ignore-totp.description": "Ignorar o TOTP quando usuário usando login social",
+  "admin.config.oauth.disable-password": "Desativar login por senha",
+  "admin.config.oauth.disable-password.description": "Se deseja desativar o login por senha\nCertifique-se de que um provedor OAuth está configurado corretamente antes de ativar essa configuração para evitar ser bloqueado.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Se o login GitHub está habilitado",
   "admin.config.oauth.github-client-id": "Client ID do GitHub",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "URI da descoberta do aplicativo OpenID Connect OAuth",
   "admin.config.oauth.oidc-username-claim": "Reivindicação de nome de usuário OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Nome de usuário no token de ID OpenID Connect. Deixe em branco se você não sabe o que é esta configuração.",
+  "admin.config.oauth.oidc-role-path": "Caminho para as funções no token OpenID Connect",
+  "admin.config.oauth.oidc-role-path.description": "Deve ser um caminho JMES válido, fazendo referência a uma matriz de funções. " + "Gerenciar direitos de acesso usando as funções OpenID Connect só é recomendado se nenhum outro provedor de identidade for configurado e o login por senha for desativado. " + "Deixe em branco se você não sabe o que é esta configuração.",
+  "admin.config.oauth.oidc-role-general-access": "Função OpenID Connect para acesso geral",
+  "admin.config.oauth.oidc-role-general-access.description": "Função necessária para acesso geral. Deve estar presente nas funções de um usuário para que ele faça o login. " + "Deixe em branco se você não sabe o que é esta configuração.",
+  "admin.config.oauth.oidc-role-admin-access": "Função OpenID Connect para acesso de administrador",
+  "admin.config.oauth.oidc-role-admin-access.description": "Função necessária para acesso administrativo. Deve estar presente nos papéis de um usuário para ele acessar o painel de administração. " + "Deixe em branco se você não sabe o que é esta configuração.",
   "admin.config.oauth.oidc-client-id": "ID do cliente OpenID Connect",
   "admin.config.oauth.oidc-client-id.description": "ID do cliente do aplicativo OpenID OAuth",
   "admin.config.oauth.oidc-client-secret": "Segredo do cliente OpenID Connect",
   "admin.config.oauth.oidc-client-secret.description": "ID do cliente do aplicativo OpenID OAuth",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Ops, esta página não existe.",
   "404.button.home": "Me traga de volta para casa",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Esta conta {0} já está vinculada a outra conta.",
   "error.msg.not_linked": "Esta conta {0} ainda não foi vinculada a nenhuma conta.",
   "error.msg.unverified_account": "Esta conta {0} não foi verificada, tente novamente após a verificação.",
-  "error.msg.discord_guild_permission_denied": "Você não tem permissão para acessar.",
+  "error.msg.user_not_allowed": "Você não tem permissão para acessar.",
   "error.msg.cannot_get_user_info": "Não é possível obter suas informações de usuário desta conta {0}.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/ru-RU.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Требуется двухфакторная аутентификация",
   "signIn.notify.totp-required.description": "Пожалуйста, введите код Вашей 2-х факторной аутентификации",
   "signIn.oauth.or": "ИЛИ",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Макс. размер загрузки",
   "account.reverseShares.modal.send-email": "Отправить уведомление по эл. почте",
   "account.reverseShares.modal.send-email.description": "Отправлять уведомление по электронной почте, когда загрузка создается с помощью этой обратной ссылки.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Максимум использований",
   "account.reverseShares.modal.max-use.description": "Максимальное количество раз, когда URL может быть использован для создания загрузки.",
   "account.reverseShare.never-expires": "Эта обратная загрузка никогда не устареет.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Эта загрузка никогда не устареет.",
   "upload.modal.completed.expires-on": "Эта загрузка устареет {expiration}.",
   "upload.modal.completed.share-ready": "Готово",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Загрузка {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Загрузка удалена",
   "share.error.not-found.title": "Загрузка не найдена",
   "share.error.not-found.description": "Страница, которую вы ищете, не существует.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Требуется пароль",
   "share.modal.password.description": "Для доступа к этому ресурсу введите пароль для общего доступа.",
   "share.modal.password": "Пароль",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Пароль",
   "admin.config.smtp.password.description": "Пароль SMTP-сервера",
   "admin.config.smtp.button.test": "Отправить тестовое письмо",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Разрешить регистрацию",
   "admin.config.oauth.allow-registration.description": "Разрешить пользователям регистрироваться используя учетные записи социальных сетей",
   "admin.config.oauth.ignore-totp": "Игнорировать TOTP",
   "admin.config.oauth.ignore-totp.description": "Игнорировать TOTP при использовании социальной авторизации",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Включен ли логин на GitHub",
   "admin.config.oauth.github-client-id": "ID клиента GitHub",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Упс, этой страницы не существует.",
   "404.button.home": "Верните меня домой",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Эта учетная запись {0} уже привязана к другому аккаунту.",
   "error.msg.not_linked": "Эта учетная запись {0} ещё не привязана ни к одному аккаунту.",
   "error.msg.unverified_account": "Эта учетная запись {0} не подтверждена, повторите попытку после подтверждения.",
-  "error.msg.discord_guild_permission_denied": "У вас нет разрешения на вход.",
+  "error.msg.user_not_allowed": "У вас нет разрешения на вход.",
   "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/sl-SI.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Zahtevana je dvofaktorska avtentikacija",
   "signIn.notify.totp-required.description": "Prosim vnesite vašo kodo dvofaktorske avtentikacije",
   "signIn.oauth.or": "ALI",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Največja velikost delitve",
   "account.reverseShares.modal.send-email": "Pošlji e-poštno obvestilo",
   "account.reverseShares.modal.send-email.description": "Pošlji e-poštno obvestilo, ko je ustvarjena delitev s povezavo te delitve v obratni smeri.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Največ uporab",
   "account.reverseShares.modal.max-use.description": "Največje število uporab URL-ja za ustvarjanje delitve.",
   "account.reverseShare.never-expires": "Ta povezava delitve v obratni smeri ne bo nikoli potekla.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Ta delitev ne bo nikoli potekla.",
   "upload.modal.completed.expires-on": "Ta delitev bo potekla {expiration}.",
   "upload.modal.completed.share-ready": "Delitev je pripravljena",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Deli {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Delitev je odstranjena",
   "share.error.not-found.title": "Delitve ni mogoče najti",
   "share.error.not-found.description": "Delitev, ki jo iščete ne obstaja.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Zahtevano geslo",
   "share.modal.password.description": "Za ogled delitve vnesite geslo te delitve.",
   "share.modal.password": "Geslo",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Geslo",
   "admin.config.smtp.password.description": "Geslo SMTP strežnika",
   "admin.config.smtp.button.test": "Pošlji testno sporočilo",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Dovoli registracijo",
   "admin.config.oauth.allow-registration.description": "Dovoli registracijo uporabnika prek družbenih omrežij",
   "admin.config.oauth.ignore-totp": "Ignoriraj TOTP",
   "admin.config.oauth.ignore-totp.description": "Če ignorirati TOTP, ko se uporabnik registrira prek družbenih omrežij",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Če je dovoljena prijava z GitHub računom",
   "admin.config.oauth.github-client-id": "GitHub ID klienta",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "URI za odkrivanje OpenID Connect OAuth aplikacije",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect zahteva za uporabniško ime",
   "admin.config.oauth.oidc-username-claim.description": "Zahteva za uporabniško ime za OpenID Connect ID žetona. Pustite prazno, če ne poznate te nastavitve.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect ID klienta",
   "admin.config.oauth.oidc-client-id.description": "ID Klienta OpenID Connect OAuth aplikacije",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect skrivnost klienta",
   "admin.config.oauth.oidc-client-secret.description": "Skrivnost klienta OpenID Connect OAuth aplikacije",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Ups! Ta stran ne obstaja.",
   "404.button.home": "Pelji me domov",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Račun {0} je že povezan na drug račun.",
   "error.msg.not_linked": "Račun {0} še ni povezan z nobenim računom.",
   "error.msg.unverified_account": "Račun {0} je nepreverjen, prosimo poskusite ponovno po preverjanju.",
-  "error.msg.discord_guild_permission_denied": "Nimate dovoljenja za prijavo.",
+  "error.msg.user_not_allowed": "Nimate dovoljenja za prijavo.",
   "error.msg.cannot_get_user_info": "Ne moremo najti uporabniških informacij za račun {0}.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/sr-SP.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Потребна је двофакторска аутентификација",
   "signIn.notify.totp-required.description": "Унесите свој двофакторски код за аутентификацију",
   "signIn.oauth.or": "Или",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Максимална величина дељења",
   "account.reverseShares.modal.send-email": "Пошаљите обавештење путем е-поште",
   "account.reverseShares.modal.send-email.description": "Пошаљите обавештење е-поштом када се креира дељење помоћу ове обрнуте везе за дељење.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Максималан број коришћења",
   "account.reverseShares.modal.max-use.description": "Максималан број пута који овај URL може да се користи за прављење дељења.",
   "account.reverseShare.never-expires": "Ово обрнуто дељење никада неће истећи.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Ово дељење никада неће истећи.",
   "upload.modal.completed.expires-on": "Ово дељење ће истећи {expiration}.",
   "upload.modal.completed.share-ready": "Дељење је спремно",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Дељење {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Дељење је уклоњено",
   "share.error.not-found.title": "Дељење није пронађено",
   "share.error.not-found.description": "Удео који тражите не постоји.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Обавезна лозинка",
   "share.modal.password.description": "Да бисте приступили овом дељењу, унесите лозинку за дељење.",
   "share.modal.password": "Лозинка",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Лозинка",
   "admin.config.smtp.password.description": "Лозинка SMTP сервера",
   "admin.config.smtp.button.test": "Пошаљи тестну е-пошту",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Дозволи регистрацију",
   "admin.config.oauth.allow-registration.description": "Дозволите корисницима да се региструју путем друштвене пријаве",
   "admin.config.oauth.ignore-totp": "Занемари ТОТП",
   "admin.config.oauth.ignore-totp.description": "Да ли да игноришете ТОТП када корисник користи пријаву на друштвеним мрежама",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Да ли је пријављивање на GitHub омогућено",
   "admin.config.oauth.github-client-id": "GitHub ИД клијента",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Опа - Ова страна не постоји.",
   "404.button.home": "Врати ме на почетак",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Овај {0} налог је већ повезан са другим налогом.",
   "error.msg.not_linked": "Овај {0} налог још увек није повезан ни са једним налогом.",
   "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
   "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/sv-SE.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Tvåfaktorsautentisering krävs",
   "signIn.notify.totp-required.description": "Vänligen ange din tvåfaktorsautentiseringskod",
   "signIn.oauth.or": "ELLER",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Max storlek på delning",
   "account.reverseShares.modal.send-email": "Skicka e-postavisering",
   "account.reverseShares.modal.send-email.description": "Skicka ett e-postmeddelande när en delning skapas med denna länk för omvänd delning.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Maxanvändningar",
   "account.reverseShares.modal.max-use.description": "Den maximala mängden gånger denna URL kan användas för att skapa en delning.",
   "account.reverseShare.never-expires": "Denna omvända delning kommer aldrig att förfalla.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Denna delning kommer aldrig att upphöra.",
   "upload.modal.completed.expires-on": "Denna delning upphör att gälla {expiration}.",
   "upload.modal.completed.share-ready": "Delning redo",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Delning {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Delning borttagen",
   "share.error.not-found.title": "Delningen hittades inte",
   "share.error.not-found.description": "Delningen du letar efter existerar inte.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Lösenord krävs",
   "share.modal.password.description": "För att komma åt denna delning, vänligen ange lösenordet för delningen.",
   "share.modal.password": "Lösenord",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Lösenord",
   "admin.config.smtp.password.description": "Lösenord för SMTP-servern",
   "admin.config.smtp.button.test": "Skicka testmeddelande",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Tillåt registrering",
   "admin.config.oauth.allow-registration.description": "Tillåt användare att registrera sig via social inloggning",
   "admin.config.oauth.ignore-totp": "Ignorera TOTP",
   "admin.config.oauth.ignore-totp.description": "Om du vill ignorera TOTP när användaren använder social inloggning",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Om GitHub-inloggning är aktiverad",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI för OpenID Connect OAuth appen",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect användarnamnsanspråk",
   "admin.config.oauth.oidc-username-claim.description": "Användarnamnsanspråk i OpenID Connect ID token. Lämna tomt om du inte vet vad denna konfiguration är.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID för OpenID OAuth",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret för OpenID OAuth",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Hoppsan den här sidan finns inte.",
   "404.button.home": "Ta mig tillbaka hem",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Detta {0} konto är redan länkat till ett annat konto.",
   "error.msg.not_linked": "Detta {0} konto har ännu inte länkat till något konto.",
   "error.msg.unverified_account": "Detta {0} -konto är overifierat, försök igen efter verifiering.",
-  "error.msg.discord_guild_permission_denied": "Du är inte tillåten att logga in.",
+  "error.msg.user_not_allowed": "Du är inte tillåten att logga in.",
   "error.msg.cannot_get_user_info": "Kan inte hämta din användarinformation från detta {0} konto.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/th-TH.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "ยืนยันตรวจสอบสิทธิ์สองปัจจัย",
   "signIn.notify.totp-required.description": "กรุณาใส่รหัสยืนยันตัวตนสองปัจจัย",
   "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "ขนาดสูงสุดของแชร์",
   "account.reverseShares.modal.send-email": "ส่งอีเมล์์์์์์์แจ้งเตือน",
   "account.reverseShares.modal.send-email.description": "ส่งอีเมล์์์์์์์แจ้งเตือนเมื่อมีการสร้างแชร์ด้วยลิงค์รีเวิร์สนี้",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "จำนวนการใช้งานสูงสุด",
   "account.reverseShares.modal.max-use.description": "จำนวนครั้งสูงสุดที่ลิงค์นี้สามารถใช้งานได้",
   "account.reverseShare.never-expires": "ลิงค์นี้ไม่มีวันหมดอายุ",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "การแชร์นี้จะไม่มีวันหมดอายุ",
   "upload.modal.completed.expires-on": "การแชร์นี้จะหมดอายุเมื่อวันที่ {expiration}",
   "upload.modal.completed.share-ready": "แชร์พร้อมใช้งาน",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "แชร์ {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "การแชร์ถูกลบ",
   "share.error.not-found.title": "ไม่พบการแชร์นี้",
   "share.error.not-found.description": "การแชร์ที่คุณกำลังมองหาไม่มีอยู่จริง",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "ต้องการรหัสผ่าน",
   "share.modal.password.description": "กรุณาป้อนรหัสผ่านเพื่อเข้าถึงการแชร์นี้",
   "share.modal.password": "รหัสผ่าน",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "รหัสผ่าน",
   "admin.config.smtp.password.description": "รหัสผ่านของเซิร์ฟเวอร์ SMTP",
   "admin.config.smtp.button.test": "ส่งอีเมล์์์์์์ทดสอบ",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Allow registration",
   "admin.config.oauth.allow-registration.description": "Allow users to register via social login",
   "admin.config.oauth.ignore-totp": "Ignore TOTP",
   "admin.config.oauth.ignore-totp.description": "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Whether GitHub login is enabled",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "ไม่พบหน้าที่คุณกำลังมองหา",
   "404.button.home": "หน้าแรก",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "This {0} account is already linked to another account.",
   "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
   "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
   "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/tr-TR.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "İki faktörlü kimlik doğrulama gerekli",
   "signIn.notify.totp-required.description": "Lütfen iki faktörlü doğrulama kodunuzu girin",
   "signIn.oauth.or": "YA DA",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Maks paylaşım boyutu",
   "account.reverseShares.modal.send-email": "E-Posta bildirimi gönder",
   "account.reverseShares.modal.send-email.description": "Bu tersine paylaşım bağlantısıyla bir paylaşım oluşturulduğunda e-posta bildirimi gönderin.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Maks Kullanım",
   "account.reverseShares.modal.max-use.description": "Bu URL'nin bir paylaşım oluşturmak için kullanılabileceği maksimum sayı.",
   "account.reverseShare.never-expires": "Bu tersine paylaşım asla sona ermeyecek.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Bu paylaşım asla sona ermeyecek.",
   "upload.modal.completed.expires-on": "Bu paylaşım {expiration} tarihinde sona erecek.",
   "upload.modal.completed.share-ready": "Paylaşım hazır",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Paylaş {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Paylaşım kaldırıldı",
   "share.error.not-found.title": "Paylaşım bulunamadı",
   "share.error.not-found.description": "Aradığınız paylaşım bulunmuyor.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Şifre gerekli",
   "share.modal.password.description": "Bu paylaşıma erişmek için lütfen paylaşımın şifresini girin.",
   "share.modal.password": "Şifre",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Şifre",
   "admin.config.smtp.password.description": "SMTP sunucusunun şifresi",
   "admin.config.smtp.button.test": "Test e-postası gönder",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Kayıtlara izin ver",
   "admin.config.oauth.allow-registration.description": "Sosyal Medya kayıtlarına izin verilip verilmeyeceği",
   "admin.config.oauth.ignore-totp": "2FA görmezden gel",
   "admin.config.oauth.ignore-totp.description": "Sosyal Medya ile giriş yapıldıktıktan sonra 2FA görmezden gelinip gelinmeyeceği",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "GitHub girişine izin verilip verilmeyeceği",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "OpenID Connect OAuth uygulamasının Keşfetme URI'si",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect kullanıcı adı sahiplenme",
   "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID belirtecinde kullanıcı adı sahiplenme. Bu yapılandırmanın ne olduğunu bilmiyorsanız boş bırakın.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth uygulamasının Client ID'si",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "OpenID Connect OAuth uygulamasının Client Secret'i",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Haydaa, böyle bir sayfa yok.",
   "404.button.home": "Beni eve götür",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Bu {0} hesabı zaten başka bir hesaba bağlı.",
   "error.msg.not_linked": "Bu {0} hesabı henüz bir hesaba bağlı değil.",
   "error.msg.unverified_account": "Bu {0} hesabı doğrulanmamış, lütfen doğruladıktan sonra yeniden dene.",
-  "error.msg.discord_guild_permission_denied": "Giriş yapmana izin verilmiyor.",
+  "error.msg.user_not_allowed": "Giriş yapmana izin verilmiyor.",
   "error.msg.cannot_get_user_info": "Bu {0} hesabından kullanıcı bilgilerinizi alamıyorum.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/uk-UA.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Потрібна двофакторна аутентифікація",
   "signIn.notify.totp-required.description": "Будь ласка, введіть код Вашої 2-х факторної аутентифікації",
   "signIn.oauth.or": "АБО",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Макс. розмір завантаження",
   "account.reverseShares.modal.send-email": "Надіслати повідомлення електронною поштою",
   "account.reverseShares.modal.send-email.description": "Надсилати повідомлення електронною поштою, коли завантаження створюється за допомогою цього зворотного посилання.",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Максимум використань",
   "account.reverseShares.modal.max-use.description": "Максимальна кількість разів, коли URL може бути використаний для створення завантаження.",
   "account.reverseShare.never-expires": "Це зворотне завантаження ніколи не застаріє.",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Це завантаження ніколи не застаріє.",
   "upload.modal.completed.expires-on": "Це завантаження застаріє {expiration}.",
   "upload.modal.completed.share-ready": "Готово",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "Завантаження {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "Завантаження видалено",
   "share.error.not-found.title": "Завантаження не знайдено",
   "share.error.not-found.description": "Сторінка, яку ви шукаєте, не існує.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Потрібен пароль",
   "share.modal.password.description": "Для доступу до цього ресурсу введіть пароль для загального доступу.",
   "share.modal.password": "Пароль",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "Пароль",
   "admin.config.smtp.password.description": "Пароль SMTP-сервера",
   "admin.config.smtp.button.test": "Відправити тестовий лист",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Дозволити реєстрацію",
   "admin.config.oauth.allow-registration.description": "Дозволити користувачам реєструватися, використовуючи облікові записи соціальних мереж",
   "admin.config.oauth.ignore-totp": "Ігнорувати TOTP",
   "admin.config.oauth.ignore-totp.description": "Ігнорувати TOTP при використанні соціальної авторизації",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Чи ввімкнено логін на GitHub",
   "admin.config.oauth.github-client-id": "ID клієнта GitHub",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "URI Discovery URI додатка OpenID Connect OAuth",
   "admin.config.oauth.oidc-username-claim": "Заява на ім'я користувача OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Заява про ім'я користувача в токені OpenID Connect ID. Залиште порожнім, якщо не знаєте, що це за конфіг.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Клієнтський ідентифікатор додатка OpenID Connect OAuth",
   "admin.config.oauth.oidc-client-secret": "Секрет клієнта OpenID Connect",
   "admin.config.oauth.oidc-client-secret.description": "Клієнтський секрет програми OpenID Connect OAuth",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "Бляха, цієї строрінки не існує.",
   "404.button.home": "Поверни мене додому",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "Цей обліковий запис {0} уже прив'язано до іншого акаунта.",
   "error.msg.not_linked": "Цей обліковий запис {0} ще не прив'язаний до жодного акаунту.",
   "error.msg.unverified_account": "Цей обліковий запис {0} не підтверджено, повторіть спробу після підтвердження.",
-  "error.msg.discord_guild_permission_denied": "У вас немає дозволу на вхід.",
+  "error.msg.user_not_allowed": "У вас немає дозволу на вхід.",
   "error.msg.cannot_get_user_info": "Не вдається отримати інфу про користувача з цього {0} облікового запису.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/i18n/translations/zh-CN.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "请继续两步验证",
   "signIn.notify.totp-required.description": "请输入一次性验证码",
   "signIn.oauth.or": "或",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "谷歌",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "共享文件上限",
   "account.reverseShares.modal.send-email": "发送邮件提醒",
   "account.reverseShares.modal.send-email.description": "当这个预留共享链接被用于共享时，发送邮件提醒",
+  "account.reverseShares.modal.simplified": "简单模式",
+  "account.reverseShares.modal.simplified.description": "让上传者更轻松地与你共享文件，他们仅能自定义共享的名称和描述。",
+  "account.reverseShares.modal.public-access": "公开访问",
+  "account.reverseShares.modal.public-access.description": "让通过这个预留共享创建共享能被公开访问。如果禁用，将只有您和创建者能够访问。",
   "account.reverseShares.modal.max-use.label": "最大使用次数",
   "account.reverseShares.modal.max-use.description": "这个预留共享链接可被用于创建共享的最大使用次数",
   "account.reverseShare.never-expires": "这个预留共享永不过期",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "这个共享永不过期",
   "upload.modal.completed.expires-on": "这个共享将过期于 {expiration}.",
   "upload.modal.completed.share-ready": "共享创建完毕",
+  "upload.modal.completed.notified-reverse-share-creator": "我们已经通知预留共享的创建者。您也可以通过其他方式将该链接手动分享给他们。",
   // END /upload
   // /share/[id]
   "share.title": "共享 {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "共享已删除",
   "share.error.not-found.title": "共享未找到",
   "share.error.not-found.description": "共享文件走丢了",
+  "share.error.access-denied.title": "私有共享",
+  "share.error.access-denied.description": "当前账户没有权限访问此共享",
   "share.modal.password.title": "需要密码",
   "share.modal.password.description": "请输入密码来访问此共享",
   "share.modal.password": "密码",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "密码",
   "admin.config.smtp.password.description": "SMTP 主机密码",
   "admin.config.smtp.button.test": "发送测试邮件",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "允许注册",
   "admin.config.oauth.allow-registration.description": "允许用户通过登录社交账号来注册",
   "admin.config.oauth.ignore-totp": "忽略两步验证",
   "admin.config.oauth.ignore-totp.description": "用户通过社交账号登录时是否忽略两步验证",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "是否启用 GitHub 账号登录",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "OpenID Connect OAuth App 的 Discovery URI",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect 用户名请求",
   "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID token 中的用户名请求。如果您不知道这项配置是什么，请留空。",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect 的 Client ID",
   "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth App 的 Client ID",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect 的 Client secret",
   "admin.config.oauth.oidc-client-secret.description": "OpenID Connect OAuth App 的 Client secret",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "当前的页面走丢啦",
   "404.button.home": "返回主页",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "{0} 这个账户已经关联到另一个账号。",
   "error.msg.not_linked": "{0} 这个账户尚未关联到任何账号。",
   "error.msg.unverified_account": "{0} 这个账户尚未验证，请在验证后重试。",
-  "error.msg.discord_guild_permission_denied": "您无权登录。",
+  "error.msg.user_not_allowed": "您无权登录。",
   "error.msg.cannot_get_user_info": "无法从 {0} 这个账户获取您的用户信息。",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "谷歌",

frontend/src/i18n/translations/zh-TW.ts

@@ -34,6 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "請繼續兩步驗證",
   "signIn.notify.totp-required.description": "請輸入一次性驗證碼",
   "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "上傳大小上限",
   "account.reverseShares.modal.send-email": "發送Email提醒",
   "account.reverseShares.modal.send-email.description": "當這個檔案請求聯結被用於分享時，發送Email提醒",
+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "最大使用次數",
   "account.reverseShares.modal.max-use.description": "這個檔案請求聯結可被用於建立分享的最大使用次數",
   "account.reverseShare.never-expires": "這個檔案請求永不過期",
@@ -254,6 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "這個分享永不過期",
   "upload.modal.completed.expires-on": "這個分享將過期於 {expiration}。",
   "upload.modal.completed.share-ready": "分享建立完畢",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
   // END /upload
   // /share/[id]
   "share.title": "分享 {shareId}",
@@ -263,6 +269,8 @@ export default {
   "share.error.removed.title": "分享已刪除",
   "share.error.not-found.title": "分享未找到",
   "share.error.not-found.description": "分享檔案遺失了",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "需要密碼",
   "share.modal.password.description": "請輸入密碼來查看此分享",
   "share.modal.password": "密碼",
@@ -344,10 +352,14 @@ export default {
   "admin.config.smtp.password": "密碼",
   "admin.config.smtp.password.description": "SMTP 主機密碼",
   "admin.config.smtp.button.test": "發送測試Email",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "允許註冊",
   "admin.config.oauth.allow-registration.description": "允許使用者以第三方登入註冊",
   "admin.config.oauth.ignore-totp": "略過 TOTP",
   "admin.config.oauth.ignore-totp.description": "當使用者使用第三方登入時，略過 TOTP 驗證",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "啟用 Github 登入",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,10 +394,30 @@ export default {
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
   "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.category.ldap": "LDAP",
+  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.url": "Server URL",
+  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.bind-dn": "Bind DN",
+  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-password": "Bind password",
+  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.search-base": "User base",
+  "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
+  "admin.config.ldap.search-query": "User query",
+  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.admin-groups": "Admin group",
   // 404
   "404.description": "查無此頁",
   "404.button.home": "返回主頁",
@@ -402,7 +434,7 @@ export default {
   "error.msg.already_linked": "此 {0} 帳號已與另一個帳號關聯。",
   "error.msg.not_linked": "此 {0} 帳號尚未關聯到任何帳號。",
   "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
   "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
   "error.param.provider_github": "GitHub",
   "error.param.provider_google": "Google",

frontend/src/pages/account/index.tsx

@@ -157,6 +157,7 @@ const Account = () => {
             <Stack>
               <TextInput
                 label={t("account.card.info.username")}
+                disabled={user?.isLdap}
                 {...accountForm.getInputProps("username")}
               />
               <TextInput
@@ -171,45 +172,47 @@ const Account = () => {
             </Stack>
           </form>
         </Paper>
-        <Paper withBorder p="xl" mt="lg">
-          <Title order={5} mb="xs">
-            <FormattedMessage id="account.card.password.title" />
-          </Title>
-          <form
-            onSubmit={passwordForm.onSubmit((values) =>
-              authService
-                .updatePassword(values.oldPassword, values.password)
-                .then(async () => {
-                  refreshUser();
-                  toast.success(t("account.notify.password.success"));
-                  passwordForm.reset();
-                })
-                .catch(toast.axiosError),
-            )}
-          >
-            <Stack>
-              {user?.hasPassword ? (
-                <PasswordInput
-                  label={t("account.card.password.old")}
-                  {...passwordForm.getInputProps("oldPassword")}
-                />
-              ) : (
-                <Text size="sm" color="dimmed">
-                  <FormattedMessage id="account.card.password.noPasswordSet" />
-                </Text>
+        {user?.isLdap ? null : (
+          <Paper withBorder p="xl" mt="lg">
+            <Title order={5} mb="xs">
+              <FormattedMessage id="account.card.password.title" />
+            </Title>
+            <form
+              onSubmit={passwordForm.onSubmit((values) =>
+                authService
+                  .updatePassword(values.oldPassword, values.password)
+                  .then(async () => {
+                    refreshUser();
+                    toast.success(t("account.notify.password.success"));
+                    passwordForm.reset();
+                  })
+                  .catch(toast.axiosError),
               )}
-              <PasswordInput
-                label={t("account.card.password.new")}
-                {...passwordForm.getInputProps("password")}
-              />
-              <Group position="right">
-                <Button type="submit">
-                  <FormattedMessage id="common.button.save" />
-                </Button>
-              </Group>
-            </Stack>
-          </form>
-        </Paper>
+            >
+              <Stack>
+                {user?.hasPassword ? (
+                  <PasswordInput
+                    label={t("account.card.password.old")}
+                    {...passwordForm.getInputProps("oldPassword")}
+                  />
+                ) : (
+                  <Text size="sm" color="dimmed">
+                    <FormattedMessage id="account.card.password.noPasswordSet" />
+                  </Text>
+                )}
+                <PasswordInput
+                  label={t("account.card.password.new")}
+                  {...passwordForm.getInputProps("password")}
+                />
+                <Group position="right">
+                  <Button type="submit">
+                    <FormattedMessage id="common.button.save" />
+                  </Button>
+                </Group>
+              </Stack>
+            </form>
+          </Paper>
+        )}
         {oauth.length > 0 && (
           <Paper withBorder p="xl" mt="lg">
             <Title order={5} mb="xs">

frontend/src/pages/index.tsx

@@ -10,12 +10,13 @@ import {
 } from "@mantine/core";
 import Link from "next/link";
 import { useRouter } from "next/router";
-import { useEffect } from "react";
+import { useEffect, useState } from "react";
 import { TbCheck } from "react-icons/tb";
 import { FormattedMessage } from "react-intl";
 import Logo from "../components/Logo";
 import Meta from "../components/Meta";
 import useUser from "../hooks/user.hook";
+import useConfig from "../hooks/config.hook";
 
 const useStyles = createStyles((theme) => ({
   inner: {
@@ -73,15 +74,29 @@ export default function Home() {
   const { classes } = useStyles();
   const { refreshUser } = useUser();
   const router = useRouter();
+  const config = useConfig();
+  const [signupEnabled, setSignupEnabled] = useState(true);
 
-  // If the user is already logged in, redirect to the upload page
+  // If user is already authenticated, redirect to the upload page
   useEffect(() => {
     refreshUser().then((user) => {
       if (user) {
         router.replace("/upload");
       }
     });
-  }, []);
+
+    // If registration is disabled, get started button should redirect to the sign in page
+    try {
+      const allowRegistration = config.get("share.allowRegistration");
+      setSignupEnabled(allowRegistration !== false);
+    } catch (error) {
+      setSignupEnabled(true);
+    }
+  }, [config]);
+
+  const getButtonHref = () => {
+    return signupEnabled ? "/auth/signUp" : "/auth/signIn";
+  };
 
   return (
     <>
@@ -142,12 +157,14 @@ export default function Home() {
             <Group mt={30}>
               <Button
                 component={Link}
-                href="/auth/signUp"
+                href={getButtonHref()}
                 radius="xl"
                 size="md"
                 className={classes.control}
               >
-                <FormattedMessage id="home.button.start" />
+                <FormattedMessage 
+                  id="home.button.start"
+                />
               </Button>
               <Button
                 component={Link}
@@ -169,4 +186,4 @@ export default function Home() {
       </Container>
     </>
   );
-}
+}

frontend/src/pages/share/[shareId]/edit.tsx

@@ -43,6 +43,12 @@ const Share = ({ shareId }: { shareId: string }) => {
               t("share.error.not-found.description"),
             );
           }
+        } else if (e.response.status == 403 && error == "share_removed") {
+          showErrorModal(
+            modals,
+            t("share.error.access-denied.title"),
+            t("share.error.access-denied.description"),
+          );
         } else {
           showErrorModal(modals, t("common.error"), t("common.error.unknown"));
         }

frontend/src/pages/share/[shareId]/index.tsx

@@ -69,6 +69,12 @@ const Share = ({ shareId }: { shareId: string }) => {
               "go-home",
             );
           }
+        } else if (e.response.status == 403 && error == "private_share") {
+          showErrorModal(
+            modals,
+            t("share.error.access-denied.title"),
+            t("share.error.access-denied.description"),
+          );
         } else if (error == "share_password_required") {
           showEnterPasswordModal(modals, getShareToken);
         } else if (error == "share_token_required") {

frontend/src/pages/upload/[reverseShareToken].tsx

@@ -17,12 +17,14 @@ const Share = ({ reverseShareToken }: { reverseShareToken: string }) => {
   const [isLoading, setIsLoading] = useState(true);
 
   const [maxShareSize, setMaxShareSize] = useState(0);
+  const [simplified, setSimplified] = useState(false);
 
   useEffect(() => {
     shareService
       .setReverseShare(reverseShareToken)
       .then((reverseShareTokenData) => {
         setMaxShareSize(parseInt(reverseShareTokenData.maxShareSize));
+        setSimplified(reverseShareTokenData.simplified);
         setIsLoading(false);
       })
       .catch(() => {
@@ -38,7 +40,13 @@ const Share = ({ reverseShareToken }: { reverseShareToken: string }) => {
 
   if (isLoading) return <LoadingOverlay visible />;
 
-  return <Upload isReverseShare maxShareSize={maxShareSize} />;
+  return (
+    <Upload
+      isReverseShare
+      maxShareSize={maxShareSize}
+      simplified={simplified}
+    />
+  );
 };
 
 export default Share;

frontend/src/pages/upload/index.tsx

@@ -25,9 +25,11 @@ let createdShare: Share;
 const Upload = ({
   maxShareSize,
   isReverseShare = false,
+  simplified,
 }: {
   maxShareSize?: number;
   isReverseShare: boolean;
+  simplified: boolean;
 }) => {
   const modals = useModals();
   const t = useTranslate();
@@ -133,6 +135,7 @@ const Upload = ({
         ),
         enableEmailRecepients: config.get("email.enableShareEmailRecipients"),
         maxExpirationInHours: config.get("share.maxExpiration"),
+        simplified,
       },
       files,
       uploadFiles,

frontend/src/services/share.service.ts

@@ -109,6 +109,8 @@ const createReverseShare = async (
   maxShareSize: number,
   maxUseCount: number,
   sendEmailNotification: boolean,
+  simplified: boolean,
+  publicAccess: boolean,
 ) => {
   return (
     await api.post("reverseShares", {
@@ -116,6 +118,8 @@ const createReverseShare = async (
       maxShareSize: maxShareSize.toString(),
       maxUseCount,
       sendEmailNotification,
+      simplified,
+      publicAccess,
     })
   ).data;
 };