release: 0.16.0

chore: remove backend Dockerfile
feat: Adding more informations on My Shares page (table and modal) (#174 )
2023-07-09 17:15:26 +02:00 · 2023-06-28 15:45:54 +02:00 · 2023-06-26 08:22:15 +02:00 · 2023-06-23 20:07:49 +02:00 · 2023-05-09 09:18:31 +02:00 · 2023-05-09 09:18:02 +02:00
201 changed files with 11470 additions and 3925 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,2 @@
+# These are supported funding model platforms
+github: stonith404
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -0,0 +1,45 @@
+name: "🐛 Bug Report"
+description: "Submit a bug report to help us improve"
+title: "🐛 Bug Report: "
+labels: [bug]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out our bug report form 🙏
+  - type: textarea
+    id: steps-to-reproduce
+    validations:
+      required: true
+    attributes:
+      label: "👟 Reproduction steps"
+      description: "How do you trigger this bug? Please walk us through it step by step."
+      placeholder: "When I ..."
+  - type: textarea
+    id: expected-behavior
+    validations:
+      required: true
+    attributes:
+      label: "👍 Expected behavior"
+      description: "What did you think would happen?"
+      placeholder: "It should ..."
+  - type: textarea
+    id: actual-behavior
+    validations:
+      required: true
+    attributes:
+      label: "👎 Actual Behavior"
+      description: "What did actually happen? Add screenshots, if applicable."
+      placeholder: "It actually ..."
+  - type: input
+    id: operating-system
+    attributes:
+      label: "🌐 Browser"
+      description: "Which browser do you use?"
+      placeholder: "Firefox"
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: |
+        Before submitting, please check if the issues hasn't been raised before.
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -0,0 +1,29 @@
+name: 🚀 Feature
+description: "Submit a proposal for a new feature"
+title: "🚀 Feature: "
+labels: [feature]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out our feature request form 🙏
+  - type: textarea
+    id: feature-description
+    validations:
+      required: true
+    attributes:
+      label: "🔖 Feature description"
+      description: "A clear and concise description of what the feature is."
+      placeholder: "You should add ..."
+  - type: textarea
+    id: pitch
+    validations:
+      required: true
+    attributes:
+      label: "🎤 Pitch"
+      description: "Please explain why this feature should be implemented and how it would be used. Add examples, if applicable."
+      placeholder: "In my use-case, ..."
+  - type: markdown
+    attributes:
+      value: |
+        Before submitting, please check if the issues hasn't been raised before.
--- a/.github/ISSUE_TEMPLATE/question.yml
+++ b/.github/ISSUE_TEMPLATE/question.yml
@@ -0,0 +1,17 @@
+name: ❓ Question
+description: "Submit a question"
+title: "❓ Question:"
+labels: [question]
+body:
+  - type: textarea
+    id: feature-description
+    validations:
+      required: true
+    attributes:
+      label: "🙋‍♂️ Question"
+      description: "A clear question. Please provide as much detail as possible."
+      placeholder: "How do I ...?"
+  - type: markdown
+    attributes:
+      value: |
+        Before submitting, please check if the question hasn't been asked before.
--- a/.github/workflows/backend-system-tests.yml
+++ b/.github/workflows/backend-system-tests.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest
    container: node:18
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Install Dependencies
        working-directory: ./backend
        run: npm install
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -9,11 +9,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      - name: login to docker registry
        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
      - name: Build the image
--- a/.github/workflows/close_inactive_issues.yml
+++ b/.github/workflows/close_inactive_issues.yml
@@ -0,0 +1,23 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "00 00 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v4
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          exempt-issue-labels: "feature"
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,7 @@ yarn-error.log*

 # env file
 .env
+!/backend/prisma/.env

 # vercel
 .vercel
@@ -39,4 +40,4 @@ yarn-error.log*
 /data/

 # Jetbrains specific (webstorm)
-.idea/**/**
+.idea/**/**
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1 @@
+/backend/src/constants.ts
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,305 @@
+## [0.16.0](https://github.com/stonith404/pingvin-share/compare/v0.15.0...v0.16.0) (2023-07-09)
+
+
+### Features
+
+* Adding more informations on My Shares page (table and modal) ([#174](https://github.com/stonith404/pingvin-share/issues/174)) ([1466240](https://github.com/stonith404/pingvin-share/commit/14662404614f15bc25384d924d8cb0458ab06cd8))
+* Adding the possibility of copying the link by clicking text and icons ([#171](https://github.com/stonith404/pingvin-share/issues/171)) ([348852c](https://github.com/stonith404/pingvin-share/commit/348852cfa4275f5c642669b43697f83c35333044))
+
+## [0.15.0](https://github.com/stonith404/pingvin-share/compare/v0.14.1...v0.15.0) (2023-05-09)
+
+
+### Features
+
+* add env variables for port, database url and data dir  ([98c0de7](https://github.com/stonith404/pingvin-share/commit/98c0de78e8a73e3e5bf0928226cfb8a024b566a1))
+* add healthcheck endpoint ([5132d17](https://github.com/stonith404/pingvin-share/commit/5132d177b8ab4e00a7e701e9956222fa2352d42c))
+* allow to configure clamav with environment variables ([1df5c71](https://github.com/stonith404/pingvin-share/commit/1df5c7123e4ca8695f4f1b7d49f46cdf147fb920))
+* configure ports, db url and api url with env variables ([e5071cb](https://github.com/stonith404/pingvin-share/commit/e5071cba1204093197b72e18d024b484e72e360a))
+
+### [0.14.1](https://github.com/stonith404/pingvin-share/compare/v0.14.0...v0.14.1) (2023-04-07)
+
+
+### Bug Fixes
+
+* boolean config variables can't be set to false ([39a7451](https://github.com/stonith404/pingvin-share/commit/39a74510c1f00466acaead39f7bee003b3db60d7))
+
+## [0.14.0](https://github.com/stonith404/pingvin-share/compare/v0.13.1...v0.14.0) (2023-04-01)
+
+
+### Features
+
+* **share, config:** more variables, placeholder and reset default ([#132](https://github.com/stonith404/pingvin-share/issues/132)) ([beece56](https://github.com/stonith404/pingvin-share/commit/beece56327da141c222fd9f5259697df6db9347a))
+
+
+### Bug Fixes
+
+* bool config variable can't be changed ([0e5c673](https://github.com/stonith404/pingvin-share/commit/0e5c67327092e4751208e559a2b0d5ee2b91b6e3))
+
+### [0.13.1](https://github.com/stonith404/pingvin-share/compare/v0.13.0...v0.13.1) (2023-03-14)
+
+
+### Bug Fixes
+
+* empty file can't be uploaded in chrome ([9f2097e](https://github.com/stonith404/pingvin-share/commit/9f2097e788dfb79c2f95085025934c3134a3eb38))
+
+## [0.13.0](https://github.com/stonith404/pingvin-share/compare/v0.12.1...v0.13.0) (2023-03-14)
+
+
+### Features
+
+* add preview modal ([c807d20](https://github.com/stonith404/pingvin-share/commit/c807d208d8f0518f6390f9f0f3d0eb00c12d213b))
+* sort shared files ([b25c30d](https://github.com/stonith404/pingvin-share/commit/b25c30d1ed57230096b17afaf8545c7b0ef2e4b1))
+
+
+### Bug Fixes
+
+* replace "pingvin share" with dynamic app name ([f55aa80](https://github.com/stonith404/pingvin-share/commit/f55aa805167f31864cb07e269a47533927cb533c))
+* set password manually input not shown ([8ff417a](https://github.com/stonith404/pingvin-share/commit/8ff417a013a45a777308f71c4f0d1817bfeed6be))
+* show line breaks in txt preview ([37e765d](https://github.com/stonith404/pingvin-share/commit/37e765ddc7b19554bc6fb50eb969984b58bf3cc5))
+* upload file if it is 0 bytes ([f82099f](https://github.com/stonith404/pingvin-share/commit/f82099f36eb4699385fc16dfb0e0c02e5d55b1e3))
+
+### [0.12.1](https://github.com/stonith404/pingvin-share/compare/v0.12.0...v0.12.1) (2023-03-11)
+
+
+### Bug Fixes
+
+* 48px icon does not update ([753dbe8](https://github.com/stonith404/pingvin-share/commit/753dbe83b770814115a2576c7a50e1bac9dc8ce1))
+
+## [0.12.0](https://github.com/stonith404/pingvin-share/compare/v0.11.1...v0.12.0) (2023-03-10)
+
+
+### Features
+
+* ability to change logo in frontend ([8403d7e](https://github.com/stonith404/pingvin-share/commit/8403d7e14ded801c3842a9b3fd87c3f6824c519e))
+
+
+### Bug Fixes
+
+* crypto is not defined ([8f71fd3](https://github.com/stonith404/pingvin-share/commit/8f71fd343506506532c1a24a4c66a16b1021705f))
+* home page shown even if disabled ([3ad6b03](https://github.com/stonith404/pingvin-share/commit/3ad6b03b6bd80168870049582683077b689fa548))
+
+### [0.11.1](https://github.com/stonith404/pingvin-share/compare/v0.11.0...v0.11.1) (2023-03-05)
+
+
+### Bug Fixes
+
+* old config variable prevents to create a share ([8b77e81](https://github.com/stonith404/pingvin-share/commit/8b77e81d4c1b8a2bf798595f5a66079c40734e09))
+
+## [0.11.0](https://github.com/stonith404/pingvin-share/compare/v0.10.2...v0.11.0) (2023-03-04)
+
+
+### Features
+
+* custom branding ([#112](https://github.com/stonith404/pingvin-share/issues/112)) ([fddad3e](https://github.com/stonith404/pingvin-share/commit/fddad3ef708c27052a8bf46f3076286d102f6d7e))
+* invite new user with email ([f984050](https://github.com/stonith404/pingvin-share/commit/f9840505b82fcb04364a79576f186b76cc75f5c0))
+
+
+### Bug Fixes
+
+* frontend error when user deleted ([0317f3a](https://github.com/stonith404/pingvin-share/commit/0317f3a508dc88ffe2c33413704f7df03a2372ea))
+
+### [0.10.2](https://github.com/stonith404/pingvin-share/compare/v0.10.1...v0.10.2) (2023-02-13)
+
+
+### Bug Fixes
+
+* pdf preview tries to render on server ([c3af0fe](https://github.com/stonith404/pingvin-share/commit/c3af0fe097582f69b63ed1ad18fb71bff334d32a))
+
+### [0.10.1](https://github.com/stonith404/pingvin-share/compare/v0.10.0...v0.10.1) (2023-02-12)
+
+
+### Bug Fixes
+
+* non administrator user redirection error while setup isn't finished ([dc8cf3d](https://github.com/stonith404/pingvin-share/commit/dc8cf3d5ca6b4f8a8f243b8e0b05e09738cf8b61))
+* setup wizard doesn't redirect after completion ([7cd9dff](https://github.com/stonith404/pingvin-share/commit/7cd9dff637900098c9f6e46ccade37283d47321b))
+
+## [0.10.0](https://github.com/stonith404/pingvin-share/compare/v0.9.0...v0.10.0) (2023-02-10)
+
+
+### ⚠ BREAKING CHANGES
+
+* reset password with email
+
+### Features
+
+* allow multiple shares with one reverse share link ([ccdf8ea](https://github.com/stonith404/pingvin-share/commit/ccdf8ea3ae1e7b8520c5b1dd9bea18b1b3305f35))
+* **frontend:** server side rendering to improve performance ([38de022](https://github.com/stonith404/pingvin-share/commit/38de022215a9b99c2eb36654f8dbb1e17ca87aba))
+* reset password with email ([5d1a7f0](https://github.com/stonith404/pingvin-share/commit/5d1a7f0310df2643213affd2a0d1785b7e0af398))
+
+
+### Bug Fixes
+
+* delete all shares of reverse share ([86a7379](https://github.com/stonith404/pingvin-share/commit/86a737951951c911abd7967d76cb253c4335cb0c))
+* invalid redirection after jwt expiry ([82f204e](https://github.com/stonith404/pingvin-share/commit/82f204e8a93e3113dcf65b1881d4943a898602eb))
+* setup status doesn't change ([064ef38](https://github.com/stonith404/pingvin-share/commit/064ef38d783b3f351535c2911eb451efd9526d71))
+* share creation without reverseShareToken ([b966270](https://github.com/stonith404/pingvin-share/commit/b9662701c42fe6771c07acb869564031accb2932))
+* share fails if a share was created with a reverse share link recently ([edc10b7](https://github.com/stonith404/pingvin-share/commit/edc10b72b7884c629a8417c3c82222b135ef7653))
+
+## [0.9.0](https://github.com/stonith404/pingvin-share/compare/v0.8.0...v0.9.0) (2023-01-31)
+
+
+### Features
+
+* direct file link ([008df06](https://github.com/stonith404/pingvin-share/commit/008df06b5cf48872d4dd68df813370596a4fd468))
+* file preview ([91a6b3f](https://github.com/stonith404/pingvin-share/commit/91a6b3f716d37d7831e17a7be1cdb35cb23da705))
+
+
+### Bug Fixes
+
+* improve send test email UX ([233c26e](https://github.com/stonith404/pingvin-share/commit/233c26e5cfde59e7d51023ef9901dec2b84a4845))
+
+## [0.8.0](https://github.com/stonith404/pingvin-share/compare/v0.7.0...v0.8.0) (2023-01-26)
+
+
+### Features
+
+* reverse shares ([#86](https://github.com/stonith404/pingvin-share/issues/86)) ([4a5fb54](https://github.com/stonith404/pingvin-share/commit/4a5fb549c6ac808261eb65d28db69510a82efd00))
+
+
+### Bug Fixes
+
+* Add meta tags to new pages ([bb64f6c](https://github.com/stonith404/pingvin-share/commit/bb64f6c33fc5c5e11f2c777785c96a74b57dfabc))
+* admin users were created while the setup wizard wasn't finished ([ad92cfc](https://github.com/stonith404/pingvin-share/commit/ad92cfc852ca6aa121654d747a02628492ae5b89))
+
+## [0.7.0](https://github.com/stonith404/pingvin-share/compare/v0.6.1...v0.7.0) (2023-01-13)
+
+
+### Features
+
+* add ClamAV to scan for malicious files ([76088cc](https://github.com/stonith404/pingvin-share/commit/76088cc76aedae709f06deaee2244efcf6a22bed))
+
+
+### Bug Fixes
+
+* invalid github release link on admin page ([349bf47](https://github.com/stonith404/pingvin-share/commit/349bf475cc7fc1141dbd2a9bd2f63153c4d5b41b))
+
+### [0.6.1](https://github.com/stonith404/pingvin-share/compare/v0.6.0...v0.6.1) (2023-01-11)
+
+
+### Features
+
+* delete all sessions if password was changed ([02e41e2](https://github.com/stonith404/pingvin-share/commit/02e41e243768de34de1bdc8833e83f60db530e55))
+
+
+### Bug Fixes
+
+* shareUrl uses wrong origin ([f1b44f8](https://github.com/stonith404/pingvin-share/commit/f1b44f87fa64d3b21ca92c9068cb352d0ad51bc0))
+* update password doesn't work ([74e8956](https://github.com/stonith404/pingvin-share/commit/74e895610642552c98c0015d0f8347735aaed457))
+
+## [0.6.0](https://github.com/stonith404/pingvin-share/compare/v0.5.1...v0.6.0) (2023-01-09)
+
+
+### Features
+
+* chunk uploads ([#76](https://github.com/stonith404/pingvin-share/issues/76)) ([653d72b](https://github.com/stonith404/pingvin-share/commit/653d72bcb958268e2f23efae94cccb72faa745af))
+
+
+### Bug Fixes
+
+* access token refreshes even it is still valid ([c8ad222](https://github.com/stonith404/pingvin-share/commit/c8ad2225e3c9ca79fea494d538b67797fbc7f6ae))
+* error message typo ([72c8081](https://github.com/stonith404/pingvin-share/commit/72c8081e7c135ab1f600ed7e3d7a0bf03dabde34))
+* migration for v0.5.1 ([f2d4895](https://github.com/stonith404/pingvin-share/commit/f2d4895e50d3da82cef68858752fb7f6293e7a20))
+* refresh token expires after 1 day instead of 3 months ([a5bef5d](https://github.com/stonith404/pingvin-share/commit/a5bef5d4a4ae75447ca1f65259c5541edfc87dd8))
+
+### [0.5.1](https://github.com/stonith404/pingvin-share/compare/v0.5.0...v0.5.1) (2023-01-04)
+
+
+### Features
+
+* show version and show button if new release is available on admin page ([71658ad](https://github.com/stonith404/pingvin-share/commit/71658ad39d7e3638de659e8230fad4e05f60fdd8))
+* use cookies for authentication ([faea1ab](https://github.com/stonith404/pingvin-share/commit/faea1abcc4b533f391feaed427e211fef9166fe4))
+
+
+### Bug Fixes
+
+* email configuration updated without restart ([1117465](https://github.com/stonith404/pingvin-share/commit/11174656e425c4be60e4f7b1ea8463678e5c60d2))
+
+## [0.5.0](https://github.com/stonith404/pingvin-share/compare/v0.4.0...v0.5.0) (2022-12-30)
+
+
+### Features
+
+* custom mail subject ([cabaee5](https://github.com/stonith404/pingvin-share/commit/cabaee588b50877872d210c870bfb9c95b541921))
+* improve config UI ([#69](https://github.com/stonith404/pingvin-share/issues/69)) ([5bc4f90](https://github.com/stonith404/pingvin-share/commit/5bc4f902f6218a09423491404806a4b7fb865c98))
+* manually switch color scheme ([ef21bac](https://github.com/stonith404/pingvin-share/commit/ef21bac59b11dc68649ab3b195dcb89d2b192e7b))
+
+
+### Bug Fixes
+
+* refresh token gets deleted on session end ([e5b50f8](https://github.com/stonith404/pingvin-share/commit/e5b50f855c02aa4b5c9ee873dd5a7ab25759972d))
+
+## [0.4.0](https://github.com/stonith404/pingvin-share/compare/v0.3.6...v0.4.0) (2022-12-21)
+
+
+### Features
+
+* custom email message ([0616a68](https://github.com/stonith404/pingvin-share/commit/0616a68bd2e0c9cb559ebdf294e353dd3f69c9a5))
+* TOTP (two-factor) Authentication ([#55](https://github.com/stonith404/pingvin-share/issues/55)) ([16480f6](https://github.com/stonith404/pingvin-share/commit/16480f6e9572011fadeb981a388b92cb646fa6d9))
+
+### [0.3.6](https://github.com/stonith404/pingvin-share/compare/v0.3.5...v0.3.6) (2022-12-13)
+
+
+### Features
+
+* add description field to share ([8728fa5](https://github.com/stonith404/pingvin-share/commit/8728fa5207524e9aee26d68eafe1b6fff367d749))
+
+
+### Bug Fixes
+
+* remove dot in email link ([9b0c08d](https://github.com/stonith404/pingvin-share/commit/9b0c08d0cdeeeef217ccba57f593fea9d8858371))
+* rerange accordion items ([844c47e](https://github.com/stonith404/pingvin-share/commit/844c47e1290fb0f7dedb41a18be59ed5ab83dabc))
+
+### [0.3.5](https://github.com/stonith404/pingvin-share/compare/v0.3.4...v0.3.5) (2022-12-11)
+
+
+### Features
+
+* upload 3 files at same time ([d010a8a](https://github.com/stonith404/pingvin-share/commit/d010a8a2d366708b1bb5088e9c1e9f9378d3e023))
+
+
+### Bug Fixes
+
+* jobs never get executed ([05cbb7b](https://github.com/stonith404/pingvin-share/commit/05cbb7b27ef98a3a80dd9edc318f1dcc9a8bd442))
+* only create zip if more than one file is in the share ([3d1d4d0](https://github.com/stonith404/pingvin-share/commit/3d1d4d0fc7c0351724387c3721280c334ae94d98))
+* remove unnecessary port expose ([084e911](https://github.com/stonith404/pingvin-share/commit/084e911eed95eb22fea0bf185803ba32c3eda1a9))
+* setup wizard table doesn't take full width ([9798e26](https://github.com/stonith404/pingvin-share/commit/9798e26872064edc1049138cf73479b1354a43ed))
+* use node slim to fix arm builds ([797f893](https://github.com/stonith404/pingvin-share/commit/797f8938cac9cc3bb788f632d97eba5c49fe98a5))
+* zip doesn't contain file extension ([5b01108](https://github.com/stonith404/pingvin-share/commit/5b0110877745f1fcde4952737a93c07ef4a2a92d))
+
+### [0.3.4](https://github.com/stonith404/pingvin-share/compare/v0.3.3...v0.3.4) (2022-12-10)
+
+
+### Bug Fixes
+
+* show alternative to copy button if site is not using https ([7e877ce](https://github.com/stonith404/pingvin-share/commit/7e877ce9f4b82d61c9b238e17def9f4c29e7aeb8))
+* sign up page available when registration is disabled ([c8a4521](https://github.com/stonith404/pingvin-share/commit/c8a4521677280d6aba89d293a1fe0c38adf9f92c))
+* tables on mobile ([b1bfb09](https://github.com/stonith404/pingvin-share/commit/b1bfb09dfd5c90cc18847470a9ce1ce8397c1476))
+
+### [0.3.3](https://github.com/stonith404/pingvin-share/compare/v0.3.2...v0.3.3) (2022-12-08)
+
+
+### Features
+
+* add support for different email and user ([888a0c5](https://github.com/stonith404/pingvin-share/commit/888a0c5fafc51b6872ed71e37d4b40c9bf6a07f1))
+
+
+### Bug Fixes
+
+* allow empty strings in config variable ([b8172ef](https://github.com/stonith404/pingvin-share/commit/b8172efd59fb3271ab9b818b13a7003342b2cebd))
+* improve admin dashboard color and layout ([a545c44](https://github.com/stonith404/pingvin-share/commit/a545c444261c90105dcb165ebcf4b26634e729ca))
+* obscure critical config variables ([bfb0d15](https://github.com/stonith404/pingvin-share/commit/bfb0d151ea2ba125e536a16b1873e143a67e9f64))
+* obscured text length ([cbe37c6](https://github.com/stonith404/pingvin-share/commit/cbe37c679853ecef1522ed213e4cac5defd5b45a))
+* space character in email ([907e56a](https://github.com/stonith404/pingvin-share/commit/907e56af0faccdbc8d7f5ab3418a4ad71ff849f5))
+
+### [0.3.2](https://github.com/stonith404/pingvin-share/compare/v0.3.1...v0.3.2) (2022-12-07)
+
+
+### Bug Fixes
+
+* make share password optional ([57cb683](https://github.com/stonith404/pingvin-share/commit/57cb683c64eaedec2697ea6863948bd2ae68dd75))
+* unauthenticated dialog not shown ([4a016ed](https://github.com/stonith404/pingvin-share/commit/4a016ed57db526ee900c567f7b7f0991f948c631))
+* use session storage for share token ([5ea63fb](https://github.com/stonith404/pingvin-share/commit/5ea63fb60be0c508c38ba228cc8ac6dd7b403aac))
+
 ### [0.3.1](https://github.com/stonith404/pingvin-share/compare/v0.3.0...v0.3.1) (2022-12-05)


--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,3 +1,7 @@
+_Read this in another language: [Spanish](/docs/CONTRIBUTING.es.md), [English](/CONTRIBUTING.md), [Simplified Chinese](/docs/CONTRIBUTING.zh-cn.md)_
+
+---
+
 # Contributing

 We would ❤️ for you to contribute to Pingvin Share and help make it better! All contributions are welcome, including issues, suggestions, pull requests and more.
@@ -8,62 +12,55 @@ You've found a bug, have suggestion or something else, just create an issue on G

 ## Submit a Pull Request

-Once you created a issue and you want to create a pull request, follow this guide.
+Before you submit the pull request for review please ensure that

-Branch naming convention is as following
+- The pull request naming follows the [Conventional Commits specification](https://www.conventionalcommits.org):

-`TYPE-ISSUE_ID-DESCRIPTION`
+  `<type>[optional scope]: <description>`

-example:
+  example:
+
+  ```
+  feat(share): add password protection
+  ```
+
+  When `TYPE` can be:
+
+  - **feat** - is a new feature
+  - **doc** - documentation only changes
+  - **fix** - a bug fix
+  - **refactor** - code change that neither fixes a bug nor adds a feature
+
+- Your pull request has a detailed description
+- You run `npm run format` to format the code
+
+<details>
+  <summary>Don't know how to create a pull request? Learn how to create a pull request</summary>
+
+1. Create a fork of the repository by clicking on the `Fork` button in the Pingvin Share repository
+
+2. Clone your fork to your machine with `git clone`

 ```
-feat-69-ability-to-set-share-expiration-to-never
-```
-
-When `TYPE` can be:
-
- **feat** - is a new feature
- **doc** - documentation only changes
- **fix** - a bug fix
- **refactor** - code change that neither fixes a bug nor adds a feature
-
-**All PRs must include a commit message with the changes description!**
-
-For the initial start, fork the project and use the `git clone` command to download the repository to your computer. A standard procedure for working on an issue would be to:
-
-1. `git pull`, before creating a new branch, pull the changes from upstream. Your master needs to be up to date.
-
-```
-$ git pull
-```
-
-2. Create new branch from `main` like: `feat-69-ability-to-set-share-expiration-to-never`<br/>
-
-```
-$ git checkout -b [name_of_your_new_branch]
+$ git clone https://github.com/[your_username]/pingvin-share
 ```

 3. Work - commit - repeat

-4. Before you push your changes, make sure you run the linter and format the code.
-
-```bash
-npm run lint
-npm run format
-```
-
-5. Push changes to GitHub
+4. Push changes to GitHub

 ```
 $ git push origin [name_of_your_new_branch]
 ```

-6. Submit your changes for review
+5. Submit your changes for review
   If you go to your repository on GitHub, you'll see a `Compare & pull request` button. Click on that button.
-7. Start a Pull Request
-   Now submit the pull request and click on `Create pull request`.
+6. Start a Pull Request
+7. Now submit the pull request and click on `Create pull request`.
 8. Get a code review approval/reject

+</details>
+
 ## Setup project

 Pingvin Share consists of a frontend and a backend.
--- a/44
+++ b/44
@@ -1,32 +1,52 @@
-FROM node:18-alpine AS frontend-builder
+# Using node slim because prisma ORM needs libc for ARM builds
+
+# Stage 1: on frontend dependency change
+FROM node:19-slim AS frontend-dependencies
 WORKDIR /opt/app
 COPY frontend/package.json frontend/package-lock.json ./
 RUN npm ci
+
+# Stage 2: on frontend change
+FROM node:19-slim AS frontend-builder
+WORKDIR /opt/app
 COPY ./frontend .
+COPY --from=frontend-dependencies /opt/app/node_modules ./node_modules
 RUN npm run build

-FROM node:18 AS backend-builder
+# Stage 3: on backend dependency change
+FROM node:19-slim AS backend-dependencies
 WORKDIR /opt/app
 COPY backend/package.json backend/package-lock.json ./
 RUN npm ci
-COPY ./backend .
-RUN npx prisma generate
-RUN npm run build

-FROM node:18 AS runner
+# Stage 4:on backend change
+FROM node:19-slim AS backend-builder
+RUN apt-get update && apt-get install -y openssl
+WORKDIR /opt/app
+COPY ./backend .
+COPY --from=backend-dependencies /opt/app/node_modules ./node_modules
+RUN npx prisma generate
+RUN npm run build  && npm prune --production
+
+# Stage 5: Final image
+FROM node:19-slim AS runner
+ENV NODE_ENV=docker
+RUN apt-get update && apt-get install -y curl openssl
+
 WORKDIR /opt/app/frontend
-ENV NODE_ENV=production
-COPY --from=frontend-builder /opt/app/next.config.js .
 COPY --from=frontend-builder /opt/app/public ./public
-COPY --from=frontend-builder /opt/app/.next ./.next
-COPY --from=frontend-builder /opt/app/node_modules ./node_modules
+COPY --from=frontend-builder /opt/app/.next/standalone ./
+COPY --from=frontend-builder /opt/app/.next/static ./.next/static
+COPY --from=frontend-builder /opt/app/public/img /tmp/img

 WORKDIR /opt/app/backend
 COPY --from=backend-builder /opt/app/node_modules ./node_modules
 COPY --from=backend-builder /opt/app/dist ./dist
 COPY --from=backend-builder /opt/app/prisma ./prisma
 COPY --from=backend-builder /opt/app/package.json ./
-WORKDIR /opt/app

+WORKDIR /opt/app
 EXPOSE 3000
-CMD cd frontend && node_modules/.bin/next start & cd backend && npm run prod
+HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost:3000/api/health || exit 1
+
+CMD cp -rn /tmp/img /opt/app/frontend/public && node frontend/server.js & cd backend && npm run prod
--- a/README.md
+++ b/README.md
@@ -1,35 +1,146 @@
 # <div align="center"><img  src="https://user-images.githubusercontent.com/58886915/166198400-c2134044-1198-4647-a8b6-da9c4a204c68.svg" width="40"/> </br>Pingvin Share</div>

+---
+
+_Read this in another language: [Spanish](/docs/README.es.md), [English](/README.md), [Simplified Chinese](/docs/README.zh-cn.md)_
+
+---
+
 Pingvin Share is self-hosted file sharing platform and an alternative for WeTransfer.

-## 🎪 Showcase
-
-Demo: https://pingvin-share.dev.eliasschneider.com
-
-<img src="https://user-images.githubusercontent.com/58886915/167101708-b85032ad-f5b1-480a-b8d7-ec0096ea2a43.png" width="700"/>
-
 ## ✨ Features

- Spin up your instance within 2 minutes
- Create a share with files that you can access with a link
- No file size limit, only your disk will be your limit
- Set a share expiration
- Optionally secure your share with a visitor limit and a password
- Email recepients
- Light & dark mode
+- Share files using a link
+- Unlimited file size (restricted only by disk space)
+- Set an expiration date for shares
+- Secure shares with visitor limits and passwords
+- Email recipients
+- Integration with ClamAV for security scans
+
+## 🐧 Get to know Pingvin Share
+
+- [Demo](https://pingvin-share.dev.eliasschneider.com)
+- [Review by DB Tech](https://www.youtube.com/watch?v=rWwNeZCOPJA)
+
+<img src="https://user-images.githubusercontent.com/58886915/225038319-b2ef742c-3a74-4eb6-9689-4207a36842a4.png" width="700"/>

 ## ⌨️ Setup

-> Pleas note that Pingvin Share is in early stage and could include some bugs
+> Note: Pingvin Share is in its early stages and may contain bugs.
+
+### Installation with Docker (recommended)

 1. Download the `docker-compose.yml` file
 2. Run `docker-compose up -d`

-The website is now listening available on `http://localhost:3000`, have fun with Pingvin Share 🐧!
+The website is now listening on `http://localhost:3000`, have fun with Pingvin Share 🐧!
+
+### Stand-alone Installation
+
+Required tools:
+
+- [Node.js](https://nodejs.org/en/download/) >= 16
+- [Git](https://git-scm.com/downloads)
+- [pm2](https://pm2.keymetrics.io/) for running Pingvin Share in the background
+
+```bash
+git clone https://github.com/stonith404/pingvin-share
+cd pingvin-share
+
+# Checkout the latest version
+git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
+
+# Start the backend
+cd backend
+npm install
+npm run build
+pm2 start --name="pingvin-share-backend" npm -- run prod
+
+# Start the frontend
+cd ../frontend
+npm install
+npm run build
+pm2 start --name="pingvin-share-frontend" npm -- run start
+```
+
+The website is now listening on `http://localhost:3000`, have fun with Pingvin Share 🐧!
+
+### Integrations
+
+#### ClamAV (Docker only)
+
+ClamAV is used to scan shares for malicious files and remove them if found.
+
+1. Add the ClamAV container to the Docker Compose stack (see `docker-compose.yml`) and start the container.
+2. Docker will wait for ClamAV to start before starting Pingvin Share. This may take a minute or two.
+3. The Pingvin Share logs should now log "ClamAV is active"
+
+Please note that ClamAV needs a lot of [ressources](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).
+
+### Additional resources
+
+- [Synology NAS installation](https://mariushosting.com/how-to-install-pingvin-share-on-your-synology-nas/)

 ### Upgrade to a new version

-Run `docker compose pull && docker compose up -d` to update your docker container
+As Pingvin Share is in early stage, see the release notes for breaking changes before upgrading.
+
+#### Docker
+
+```bash
+docker compose pull
+docker compose up -d
+```
+
+#### Stand-alone
+
+1. Stop the running app
+   ```bash
+   pm2 stop pingvin-share-backend pingvin-share-frontend
+   ```
+2. Repeat the steps from the [installation guide](#stand-alone-installation) except the `git clone` step.
+
+   ```bash
+   cd pingvin-share
+
+   # Checkout the latest version
+   git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
+
+   # Start the backend
+   cd backend
+   npm run build
+   pm2 restart pingvin-share-backend
+
+   # Start the frontend
+   cd ../frontend
+   npm run build
+   pm2 restart pingvin-share-frontend
+   ```
+
+### Configuration
+
+You can customize Pingvin Share by going to the configuration page in your admin dashboard.
+
+#### Environment variables
+
+For installation specific configuration, you can use environment variables. The following variables are available:
+
+##### Backend
+
+| Variable         | Default Value                                      | Description                            |
+| ---------------- | -------------------------------------------------- | -------------------------------------- |
+| `PORT`           | `8080`                                             | The port on which the backend listens. |
+| `DATABASE_URL`   | `file:../data/pingvin-share.db?connection_limit=1` | The URL of the SQLite database.        |
+| `DATA_DIRECTORY` | `./data`                                           | The directory where data is stored.    |
+| `CLAMAV_HOST`    | `127.0.0.1`                                        | The IP address of the ClamAV server.   |
+| `CLAMAV_PORT`    | `3310`                                             | The port number of the ClamAV server.  |
+
+##### Frontend
+
+| Variable  | Default Value           | Description                              |
+| --------- | ----------------------- | ---------------------------------------- |
+| `PORT`    | `3000`                  | The port on which the frontend listens.  |
+| `API_URL` | `http://localhost:8080` | The URL of the backend for the frontend. |

 ## 🖤 Contribute

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+## Supported Versions
+As Pingvin Share is in beta, older versions don't get security updates. Please consider to update Pingvin Share regularly. Updates can be automated with e.g [Watchtower](https://github.com/containrrr/watchtower).
+
+## Reporting a Vulnerability
+Thank you for taking the time to report a vulnerability. Please DO NOT create an issue on GitHub because the vulnerability could get exploited. Instead please write an email to [elias@eliasschneider.com](mailto:elias@eliasschneider.com).
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,22 +0,0 @@
-FROM node:18 AS deps
-WORKDIR /opt/app
-COPY package.json package-lock.json ./
-COPY prisma ./prisma
-RUN npm ci
-RUN npx prisma generate
-
-
-FROM node:18 As build
-WORKDIR /opt/app
-COPY . .
-COPY --from=deps /opt/app/node_modules ./node_modules
-RUN npm run build
-
-
-FROM node:18 As runner
-WORKDIR /opt/app
-COPY --from=build /opt/app/node_modules ./node_modules
-COPY --from=build /opt/app/dist ./dist
-COPY --from=build /opt/app/prisma ./prisma
-COPY --from=deps /opt/app/package.json ./
-CMD npm run prod
--- a/backend/nest-cli.json
+++ b/backend/nest-cli.json
@@ -1,5 +1,8 @@
 {
  "$schema": "https://json.schemastore.org/nest-cli",
  "collection": "@nestjs/schematics",
-  "sourceRoot": "src"
+  "sourceRoot": "src",
+  "compilerOptions": {
+    "plugins": ["@nestjs/swagger"]
+  }
 }
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,70 +1,80 @@
 {
  "name": "pingvin-share-backend",
-  "version": "0.0.1",
+  "version": "0.16.0",
  "scripts": {
    "build": "nest build",
-    "dev": "nest start --watch",
+    "dev": "cross-env NODE_ENV=development nest start --watch",
    "prod": "prisma migrate deploy && prisma db seed && node dist/src/main",
    "lint": "eslint 'src/**/*.ts'",
    "format": "prettier --write 'src/**/*.ts'",
-    "test:system": "prisma migrate reset -f && nest start & sleep 10 && newman run ./test/system/newman-system-tests.json"
+    "test:system": "prisma migrate reset -f && nest start & wait-on http://localhost:8080/api/configs && newman run ./test/newman-system-tests.json"
  },
  "prisma": {
    "seed": "ts-node prisma/seed/config.seed.ts"
  },
  "dependencies": {
-    "@nestjs/common": "^9.2.1",
-    "@nestjs/config": "^2.2.0",
-    "@nestjs/core": "^9.2.1",
-    "@nestjs/jwt": "^9.0.0",
-    "@nestjs/mapped-types": "^1.2.0",
-    "@nestjs/passport": "^9.0.0",
-    "@nestjs/platform-express": "^9.2.1",
-    "@nestjs/schedule": "^2.1.0",
-    "@nestjs/throttler": "^3.1.0",
+    "@nestjs/common": "^9.3.9",
+    "@nestjs/config": "^2.3.1",
+    "@nestjs/core": "^9.3.9",
+    "@nestjs/jwt": "^10.0.2",
+    "@nestjs/passport": "^9.0.3",
+    "@nestjs/platform-express": "^9.3.9",
+    "@nestjs/schedule": "^2.2.0",
+    "@nestjs/swagger": "^6.2.1",
+    "@nestjs/throttler": "^4.0.0",
+    "@prisma/client": "^4.11.0",
    "archiver": "^5.3.1",
-    "argon2": "^0.30.2",
+    "argon2": "^0.30.3",
+    "body-parser": "^1.20.2",
+    "clamscan": "^2.1.2",
    "class-transformer": "^0.5.1",
-    "class-validator": "^0.13.2",
+    "class-validator": "^0.14.0",
    "content-disposition": "^0.5.4",
+    "cookie-parser": "^1.4.6",
    "mime-types": "^2.1.35",
    "moment": "^2.29.4",
-    "multer": "^1.4.5-lts.1",
-    "nodemailer": "^6.8.0",
+    "nodemailer": "^6.9.1",
+    "otplib": "^12.0.1",
    "passport": "^0.6.0",
-    "passport-jwt": "^4.0.0",
+    "passport-jwt": "^4.0.1",
    "passport-local": "^1.0.0",
+    "qrcode-svg": "^1.1.0",
    "reflect-metadata": "^0.1.13",
-    "rimraf": "^3.0.2",
-    "rxjs": "^7.6.0"
+    "rimraf": "^4.4.0",
+    "rxjs": "^7.8.0",
+    "sharp": "^0.31.3",
+    "ts-node": "^10.9.1"
  },
  "devDependencies": {
-    "@nestjs/cli": "^9.1.5",
-    "@nestjs/schematics": "^9.0.3",
-    "@nestjs/testing": "^9.2.1",
-    "@prisma/client": "^4.7.1",
+    "@nestjs/cli": "^9.2.0",
+    "@nestjs/schematics": "^9.0.4",
+    "@nestjs/testing": "^9.3.9",
    "@types/archiver": "^5.3.1",
+    "@types/clamscan": "^2.0.4",
+    "@types/cookie-parser": "^1.4.3",
    "@types/cron": "^2.0.0",
-    "@types/express": "^4.17.14",
+    "@types/express": "^4.17.17",
    "@types/mime-types": "^2.1.1",
    "@types/multer": "^1.4.7",
-    "@types/node": "^18.11.10",
-    "@types/nodemailer": "^6.4.6",
-    "@types/passport-jwt": "^3.0.7",
+    "@types/node": "^18.15.0",
+    "@types/nodemailer": "^6.4.7",
+    "@types/passport-jwt": "^3.0.8",
+    "@types/qrcode-svg": "^1.1.1",
+    "@types/sharp": "^0.31.1",
    "@types/supertest": "^2.0.12",
-    "@typescript-eslint/eslint-plugin": "^5.45.0",
-    "@typescript-eslint/parser": "^5.45.0",
+    "@typescript-eslint/eslint-plugin": "^5.54.1",
+    "@typescript-eslint/parser": "^5.54.1",
    "cross-env": "^7.0.3",
-    "eslint": "^8.29.0",
-    "eslint-config-prettier": "^8.5.0",
+    "eslint": "^8.35.0",
+    "eslint-config-prettier": "^8.7.0",
    "eslint-plugin-prettier": "^4.2.1",
    "newman": "^5.3.2",
-    "prettier": "^2.8.0",
-    "prisma": "^4.7.1",
+    "prettier": "^2.8.4",
+    "prisma": "^4.11.0",
    "source-map-support": "^0.5.21",
    "ts-loader": "^9.4.2",
-    "ts-node": "^10.9.1",
-    "tsconfig-paths": "4.1.1",
-    "typescript": "^4.9.3"
+    "tsconfig-paths": "4.1.2",
+    "typescript": "^4.9.5",
+    "wait-on": "^7.0.1"
  }
 }
--- a/backend/prisma/.env
+++ b/backend/prisma/.env
@@ -0,0 +1,2 @@
+#This file is only used to set a default value for the database url
+DATABASE_URL="file:../data/pingvin-share.db"
--- a/backend/prisma/migrations/20221208191607_v0_3_3/migration.sql
+++ b/backend/prisma/migrations/20221208191607_v0_3_3/migration.sql
@@ -0,0 +1,17 @@
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Config" (
+    "updatedAt" DATETIME NOT NULL,
+    "key" TEXT NOT NULL PRIMARY KEY,
+    "type" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false
+);
+INSERT INTO "new_Config" ("description", "key", "locked", "secret", "type", "updatedAt", "value") SELECT "description", "key", "locked", "secret", "type", "updatedAt", "value" FROM "Config";
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/migrations/20221213173854_v0_3_6/migration.sql
+++ b/backend/prisma/migrations/20221213173854_v0_3_6/migration.sql
@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Share" ADD COLUMN "description" TEXT;
--- a/backend/prisma/migrations/20221219061131_user_entity/migration.sql
+++ b/backend/prisma/migrations/20221219061131_user_entity/migration.sql
@@ -0,0 +1,31 @@
+-- CreateTable
+CREATE TABLE "LoginToken" (
+    "token" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "expiresAt" DATETIME NOT NULL,
+    "userId" TEXT NOT NULL,
+    "used" BOOLEAN NOT NULL DEFAULT false,
+    CONSTRAINT "LoginToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_User" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" DATETIME NOT NULL,
+    "username" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "password" TEXT NOT NULL,
+    "isAdmin" BOOLEAN NOT NULL DEFAULT false,
+    "totpEnabled" BOOLEAN NOT NULL DEFAULT false,
+    "totpVerified" BOOLEAN NOT NULL DEFAULT false,
+    "totpSecret" TEXT
+);
+INSERT INTO "new_User" ("createdAt", "email", "id", "isAdmin", "password", "updatedAt", "username") SELECT "createdAt", "email", "id", "isAdmin", "password", "updatedAt", "username" FROM "User";
+DROP TABLE "User";
+ALTER TABLE "new_User" RENAME TO "User";
+CREATE UNIQUE INDEX "User_username_key" ON "User"("username");
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/migrations/20221230120407_category_attribute_config/migration.sql
+++ b/backend/prisma/migrations/20221230120407_category_attribute_config/migration.sql
@@ -0,0 +1,56 @@
+/*
+  Warnings:
+
+  - Added the required column `category` to the `Config` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Config" (
+    "updatedAt" DATETIME NOT NULL,
+    "key" TEXT NOT NULL PRIMARY KEY,
+    "type" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "category" TEXT,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false
+);
+INSERT INTO "new_Config" ("description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value") SELECT "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value" FROM "Config";
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+
+ UPDATE config SET category = "internal" WHERE key = "SETUP_FINISHED";
+ UPDATE config SET category = "internal" WHERE key = "TOTP_SECRET";
+ UPDATE config SET category = "internal" WHERE key = "JWT_SECRET";
+ UPDATE config SET category = "general" WHERE key = "APP_URL";
+ UPDATE config SET category = "general" WHERE key = "SHOW_HOME_PAGE";
+ UPDATE config SET category = "share" WHERE key = "ALLOW_REGISTRATION";
+ UPDATE config SET category = "share" WHERE key = "ALLOW_UNAUTHENTICATED_SHARES";
+ UPDATE config SET category = "share" WHERE key = "MAX_FILE_SIZE";
+ UPDATE config SET category = "email" WHERE key = "ENABLE_EMAIL_RECIPIENTS";
+ UPDATE config SET category = "email" WHERE key = "EMAIL_MESSAGE";
+ UPDATE config SET category = "email" WHERE key = "EMAIL_SUBJECT";
+ UPDATE config SET category = "email" WHERE key = "SMTP_HOST";
+ UPDATE config SET category = "email" WHERE key = "SMTP_PORT";
+ UPDATE config SET category = "email" WHERE key = "SMTP_EMAIL";
+ UPDATE config SET category = "email" WHERE key = "SMTP_USERNAME";
+ UPDATE config SET category = "email" WHERE key = "SMTP_PASSWORD";
+
+CREATE TABLE "new_Config" (
+    "updatedAt" DATETIME NOT NULL,
+    "key" TEXT NOT NULL PRIMARY KEY,
+    "type" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "category" TEXT NOT NULL,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false
+);
+INSERT INTO "new_Config" ("description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value", "category") SELECT "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value", "category" FROM "Config";
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/migrations/20230104145733_v0_5_1/migration.sql
+++ b/backend/prisma/migrations/20230104145733_v0_5_1/migration.sql
@@ -0,0 +1,21 @@
+/*
+  Warnings:
+
+  - The primary key for the `RefreshToken` table will be changed. If it partially fails, the table could be left without primary key constraint.
+  - The required column `id` was added to the `RefreshToken` table with a prisma-level default value. This is not possible if the table is not empty. Please add this column as optional, then populate it before making it required.
+
+*/
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+DROP TABLE "RefreshToken";
+CREATE TABLE "RefreshToken" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "token" TEXT NOT NULL,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "expiresAt" DATETIME NOT NULL,
+    "userId" TEXT NOT NULL,
+    CONSTRAINT "RefreshToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+CREATE UNIQUE INDEX "RefreshToken_token_key" ON "RefreshToken"("token");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/migrations/20230113080918_removed_reason_attribute/migration.sql
+++ b/backend/prisma/migrations/20230113080918_removed_reason_attribute/migration.sql
@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Share" ADD COLUMN "removedReason" TEXT;
--- a/backend/prisma/migrations/20230126125501_reverse_shares/migration.sql
+++ b/backend/prisma/migrations/20230126125501_reverse_shares/migration.sql
@@ -0,0 +1,67 @@
+/*
+  Warnings:
+
+  - Added the required column `order` to the `Config` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- CreateTable
+CREATE TABLE "ReverseShare" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "token" TEXT NOT NULL,
+    "shareExpiration" DATETIME NOT NULL,
+    "maxShareSize" TEXT NOT NULL,
+    "sendEmailNotification" BOOLEAN NOT NULL,
+    "used" BOOLEAN NOT NULL DEFAULT false,
+    "creatorId" TEXT NOT NULL,
+    "shareId" TEXT,
+    CONSTRAINT "ReverseShare_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
+    CONSTRAINT "ReverseShare_shareId_fkey" FOREIGN KEY ("shareId") REFERENCES "Share" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Config" (
+    "updatedAt" DATETIME NOT NULL,
+    "key" TEXT NOT NULL PRIMARY KEY,
+    "type" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "category" TEXT NOT NULL,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false,
+    "order" INTEGER NOT NULL
+);
+INSERT INTO "new_Config" ("category", "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value", "order") SELECT "category", "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value", 0 FROM "Config";
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ReverseShare_shareId_key" ON "ReverseShare"("shareId");
+
+-- Custom migration
+UPDATE Config SET `order` = 0 WHERE key = "JWT_SECRET";
+UPDATE Config SET `order` = 0 WHERE key = "TOTP_SECRET";
+
+UPDATE Config SET `order` = 1 WHERE key = "APP_URL";
+UPDATE Config SET `order` = 2 WHERE key = "SHOW_HOME_PAGE";
+UPDATE Config SET `order` = 3 WHERE key = "ALLOW_REGISTRATION";
+UPDATE Config SET `order` = 4 WHERE key = "ALLOW_UNAUTHENTICATED_SHARES";
+UPDATE Config SET `order` = 5 WHERE key = "MAX_SHARE_SIZE";
+UPDATE Config SET `order` = 6, key = "ENABLE_SHARE_EMAIL_RECIPIENTS" WHERE key = "ENABLE_EMAIL_RECIPIENTS";
+UPDATE Config SET `order` = 7, key = "SHARE_RECEPIENTS_EMAIL_MESSAGE" WHERE key = "EMAIL_MESSAGE";
+UPDATE Config SET `order` = 8, key = "SHARE_RECEPIENTS_EMAIL_SUBJECT" WHERE key = "EMAIL_SUBJECT";
+UPDATE Config SET `order` = 12 WHERE key = "SMTP_HOST";
+UPDATE Config SET `order` = 13 WHERE key = "SMTP_PORT";
+UPDATE Config SET `order` = 14 WHERE key = "SMTP_EMAIL";
+UPDATE Config SET `order` = 15 WHERE key = "SMTP_USERNAME";
+UPDATE Config SET `order` = 16 WHERE key = "SMTP_PASSWORD";
+
+INSERT INTO Config (`order`, `key`, `description`, `type`, `value`, `category`, `secret`, `updatedAt`) VALUES (11, "SMTP_ENABLED", "Whether SMTP is enabled. Only set this to true if you entered the host, port, email, user and password of your SMTP server.", "boolean", IFNULL((SELECT value FROM Config WHERE key="ENABLE_SHARE_EMAIL_RECIPIENTS"), "false"), "smtp", 0, strftime('%s', 'now'));
+INSERT INTO Config (`order`, `key`, `description`, `type`, `value`, `category`, `secret`, `updatedAt`, `locked`) VALUES (0, "SETUP_STATUS", "Status of the setup wizard", "string", IIF((SELECT value FROM Config WHERE key="SETUP_FINISHED") == "true", "FINISHED", "STARTED"), "internal", 0, strftime('%s', 'now'), 1);
--- a/backend/prisma/migrations/20230209205230_v0_10_0/migration.sql
+++ b/backend/prisma/migrations/20230209205230_v0_10_0/migration.sql
@@ -0,0 +1,64 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `shareId` on the `ReverseShare` table. All the data in the column will be lost.
+  - You are about to drop the column `used` on the `ReverseShare` table. All the data in the column will be lost.
+  - Added the required column `remainingUses` to the `ReverseShare` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- CreateTable
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "ResetPasswordToken" (
+    "token" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "expiresAt" DATETIME NOT NULL,
+    "userId" TEXT NOT NULL,
+    CONSTRAINT "ResetPasswordToken_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- Disable TOTP as secret isn't encrypted anymore
+UPDATE User SET totpEnabled=false, totpSecret=null, totpVerified=false WHERE totpSecret IS NOT NULL;
+
+-- RedefineTables
+CREATE TABLE "new_Share" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "uploadLocked" BOOLEAN NOT NULL DEFAULT false,
+    "isZipReady" BOOLEAN NOT NULL DEFAULT false,
+    "views" INTEGER NOT NULL DEFAULT 0,
+    "expiration" DATETIME NOT NULL,
+    "description" TEXT,
+    "removedReason" TEXT,
+    "creatorId" TEXT,
+    "reverseShareId" TEXT,
+    CONSTRAINT "Share_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
+    CONSTRAINT "Share_reverseShareId_fkey" FOREIGN KEY ("reverseShareId") REFERENCES "ReverseShare" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+INSERT INTO "new_Share" ("createdAt", "creatorId", "description", "expiration", "id", "isZipReady", "removedReason", "uploadLocked", "views", "reverseShareId")
+SELECT "createdAt", "creatorId", "description", "expiration", "id", "isZipReady", "removedReason", "uploadLocked", "views", (SELECT id FROM ReverseShare WHERE shareId=Share.id)
+FROM "Share";
+
+
+DROP TABLE "Share";
+ALTER TABLE "new_Share" RENAME TO "Share";
+CREATE TABLE "new_ReverseShare" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "token" TEXT NOT NULL,
+    "shareExpiration" DATETIME NOT NULL,
+    "maxShareSize" TEXT NOT NULL,
+    "sendEmailNotification" BOOLEAN NOT NULL,
+    "remainingUses" INTEGER NOT NULL,
+    "creatorId" TEXT NOT NULL,
+    CONSTRAINT "ReverseShare_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+INSERT INTO "new_ReverseShare" ("createdAt", "creatorId", "id", "maxShareSize", "sendEmailNotification", "shareExpiration", "token", "remainingUses") SELECT "createdAt", "creatorId", "id", "maxShareSize", "sendEmailNotification", "shareExpiration", "token", iif("ReverseShare".used, 0, 1) FROM "ReverseShare";
+DROP TABLE "ReverseShare";
+ALTER TABLE "new_ReverseShare" RENAME TO "ReverseShare";
+CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ResetPasswordToken_userId_key" ON "ResetPasswordToken"("userId");
--- a/backend/prisma/migrations/20230303091601_v0_11_0/migration.sql
+++ b/backend/prisma/migrations/20230303091601_v0_11_0/migration.sql
@@ -0,0 +1,94 @@
+/*
+  Warnings:
+
+  - The primary key for the `Config` table will be changed. If it partially fails, the table could be left without primary key constraint.
+  - You are about to drop the column `key` on the `Config` table. All the data in the column will be lost.
+  - Added the required column `name` to the `Config` table without a default value. This is not possible if the table is not empty.
+
+*/
+
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Config" (
+    "updatedAt" DATETIME NOT NULL,
+    "name" TEXT NOT NULL,
+    "category" TEXT NOT NULL,
+    "type" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false,
+    "order" INTEGER NOT NULL,
+
+    PRIMARY KEY ("name", "category")
+);
+-- INSERT INTO "new_Config" ("category", "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value") SELECT "category", "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value" FROM "Config";
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'internal', 'jwtSecret', "description", "locked", "obscured", 0, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'JWT_SECRET';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'general', 'appUrl', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'APP_URL';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'general', 'showHomePage', "description", "locked", "obscured", 2, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SHOW_HOME_PAGE';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'share', 'allowRegistration', "description", "locked", "obscured", 0, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'ALLOW_REGISTRATION';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'share', 'allowUnauthenticatedShares', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'ALLOW_UNAUTHENTICATED_SHARES';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'share', 'maxSize', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'MAX_SHARE_SIZE';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'email', 'enableShareEmailRecipients', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'ENABLE_SHARE_EMAIL_RECIPIENTS';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'email', 'shareRecipientsSubject', "description", "locked", "obscured", 2, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SHARE_RECEPIENTS_EMAIL_SUBJECT';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'email', 'shareRecipientsMessage', "description", "locked", "obscured", 3, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SHARE_RECEPIENTS_EMAIL_MESSAGE';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'email', 'reverseShareSubject', "description", "locked", "obscured", 4, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'REVERSE_SHARE_EMAIL_SUBJECT';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'email', 'reverseShareMessage', "description", "locked", "obscured", 5, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'REVERSE_SHARE_EMAIL_MESSAGE';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'email', 'resetPasswordSubject', "description", "locked", "obscured", 6, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'RESET_PASSWORD_EMAIL_SUBJECT';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'email', 'resetPasswordMessage', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'RESET_PASSWORD_EMAIL_MESSAGE';
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'smtp', 'enabled', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SMTP_ENABLED';
+
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'smtp', 'host', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SMTP_HOST';
+
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'smtp', 'port', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SMTP_PORT';
+
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'smtp', 'email', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SMTP_EMAIL';
+
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'smtp', 'username', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SMTP_USERNAME';
+
+
+INSERT INTO new_Config ("category", "name" , "description", "locked", "obscured", "order", "secret", "type", "updatedAt", "value")
+SELECT 'smtp', 'password', "description", "locked", "obscured", 1, "secret", "type", "updatedAt", "value" FROM Config WHERE key = 'SMTP_PASSWORD';
+
+
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/migrations/20230319120712_edited_value/migration.sql
+++ b/backend/prisma/migrations/20230319120712_edited_value/migration.sql
@@ -0,0 +1,23 @@
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Config" (
+    "updatedAt" DATETIME NOT NULL,
+    "name" TEXT NOT NULL,
+    "category" TEXT NOT NULL,
+    "type" TEXT NOT NULL,
+    "value" TEXT,
+    "defaultValue" TEXT NOT NULL DEFAULT '',
+    "description" TEXT NOT NULL,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false,
+    "order" INTEGER NOT NULL,
+
+    PRIMARY KEY ("name", "category")
+);
+INSERT INTO "new_Config" ("category", "description", "locked", "name", "obscured", "order", "secret", "type", "updatedAt", "value") SELECT "category", "description", "locked", "name", "obscured", "order", "secret", "type", "updatedAt", "value" FROM "Config";
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/schema.prisma
+++ b/backend/prisma/schema.prisma
@@ -4,7 +4,7 @@ generator client {

 datasource db {
  provider = "sqlite"
-  url      = "file:../data/pingvin-share.db"
+  url      = env("DATABASE_URL")
 }

 model User {
@@ -19,10 +19,18 @@ model User {

  shares        Share[]
  refreshTokens RefreshToken[]
+  loginTokens   LoginToken[]
+  reverseShares ReverseShare[]
+
+  totpEnabled        Boolean             @default(false)
+  totpVerified       Boolean             @default(false)
+  totpSecret         String?
+  resetPasswordToken ResetPasswordToken?
 }

 model RefreshToken {
-  token     String   @id @default(uuid())
+  id        String   @id @default(uuid())
+  token     String   @unique @default(uuid())
  createdAt DateTime @default(now())

  expiresAt DateTime
@@ -31,22 +39,65 @@ model RefreshToken {
  user   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
 }

+model LoginToken {
+  token     String   @id @default(uuid())
+  createdAt DateTime @default(now())
+
+  expiresAt DateTime
+
+  userId String
+  user   User    @relation(fields: [userId], references: [id], onDelete: Cascade)
+  used   Boolean @default(false)
+}
+
+model ResetPasswordToken {
+  token     String   @id @default(uuid())
+  createdAt DateTime @default(now())
+
+  expiresAt DateTime
+
+  userId String @unique
+  user   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
+}
+
 model Share {
  id        String   @id @default(uuid())
  createdAt DateTime @default(now())

-  uploadLocked Boolean  @default(false)
-  isZipReady   Boolean  @default(false)
-  views        Int      @default(0)
-  expiration   DateTime
+  uploadLocked  Boolean  @default(false)
+  isZipReady    Boolean  @default(false)
+  views         Int      @default(0)
+  expiration    DateTime
+  description   String?
+  removedReason String?
+
+  creatorId String?
+  creator   User?   @relation(fields: [creatorId], references: [id], onDelete: Cascade)
+
+  reverseShareId String?
+  reverseShare   ReverseShare? @relation(fields: [reverseShareId], references: [id], onDelete: Cascade)

-  creatorId  String?
-  creator    User?            @relation(fields: [creatorId], references: [id], onDelete: Cascade)
  security   ShareSecurity?
  recipients ShareRecipient[]
  files      File[]
 }

+model ReverseShare {
+  id        String   @id @default(uuid())
+  createdAt DateTime @default(now())
+
+  token                 String   @unique @default(uuid())
+  shareExpiration       DateTime
+  maxShareSize          String
+  sendEmailNotification Boolean
+  remainingUses         Int
+
+  creatorId String
+  creator   User   @relation(fields: [creatorId], references: [id], onDelete: Cascade)
+
+  shares Share[]
+}
+
 model ShareRecipient {
  id    String @id @default(uuid())
  email String
@@ -80,10 +131,16 @@ model ShareSecurity {
 model Config {
  updatedAt DateTime @updatedAt

-  key         String  @id
-  type        String
-  value       String
-  description String
-  secret      Boolean @default(true)
-  locked      Boolean @default(false)
+  name         String
+  category     String
+  type         String
+  defaultValue String @default("")
+  value        String?
+  description  String
+  obscured     Boolean @default(false)
+  secret       Boolean @default(true)
+  locked       Boolean @default(false)
+  order        Int
+
+  @@id([name, category])
 }
--- a/backend/prisma/seed/config.seed.ts
+++ b/backend/prisma/seed/config.seed.ts
@@ -1,119 +1,251 @@
-import { PrismaClient } from "@prisma/client";
+import { Prisma, PrismaClient } from "@prisma/client";
 import * as crypto from "crypto";
+const configVariables: ConfigVariables = {
+  internal: {
+    jwtSecret: {
+      description: "Long random string used to sign JWT tokens",
+      type: "string",
+      defaultValue: crypto.randomBytes(256).toString("base64"),
+      locked: true,
+    },
+  },
+  general: {
+    appName: {
+      description: "Name of the application",
+      type: "string",
+      defaultValue: "Pingvin Share",
+      secret: false,
+    },
+    appUrl: {
+      description: "On which URL Pingvin Share is available",
+      type: "string",
+      defaultValue: "http://localhost:3000",

-const configVariables = [
-  {
-    key: "SETUP_FINISHED",
-    description: "Whether the setup has been finished",
-    type: "boolean",
-    value: "false",
-    secret: false,
-    locked: true,
+      secret: false,
+    },
+    showHomePage: {
+      description: "Whether to show the home page",
+      type: "boolean",
+      defaultValue: "true",
+      secret: false,
+    },
  },
-  {
-    key: "APP_URL",
-    description: "On which URL Pingvin Share is available",
-    type: "string",
-    value: "http://localhost:3000",
-    secret: false,
-  },
-  {
-    key: "SHOW_HOME_PAGE",
-    description: "Whether to show the home page",
-    type: "boolean",
-    value: "true",
-    secret: false,
-  },
-  {
-    key: "ALLOW_REGISTRATION",
-    description: "Whether registration is allowed",
-    type: "boolean",
-    value: "true",
-    secret: false,
-  },
-  {
-    key: "ALLOW_UNAUTHENTICATED_SHARES",
-    description: "Whether unauthorized users can create shares",
-    type: "boolean",
-    value: "false",
-    secret: false,
-  },
-  {
-    key: "MAX_FILE_SIZE",
-    description: "Maximum file size in bytes",
-    type: "number",
-    value: "1000000000",
-    secret: false,
-  },
-  {
-    key: "JWT_SECRET",
-    description: "Long random string used to sign JWT tokens",
-    type: "string",
-    value: crypto.randomBytes(256).toString("base64"),
-    locked: true,
-  },
-  {
-    key: "ENABLE_EMAIL_RECIPIENTS",
-    description:
-      "Whether to send emails to recipients. Only set this to true if you entered the host, port, email and password of your SMTP server.",
-    type: "boolean",
-    value: "false",
-    secret: false,
-  },
-  {
-    key: "SMTP_HOST",
-    description: "Host of the SMTP server",
-    type: "string",
-    value: "",
-  },
-  {
-    key: "SMTP_PORT",
-    description: "Port of the SMTP server",
-    type: "number",
-    value: "",
-  },
-  {
-    key: "SMTP_EMAIL",
-    description: "Email address of the SMTP server",
-    type: "string",
-    value: "",
-  },
-  {
-    key: "SMTP_PASSWORD",
-    description: "Password of the SMTP server",
-    type: "string",
-    value: "",
-  },
-];
+  share: {
+    allowRegistration: {
+      description: "Whether registration is allowed",
+      type: "boolean",
+      defaultValue: "true",

-const prisma = new PrismaClient();
+      secret: false,
+    },
+    allowUnauthenticatedShares: {
+      description: "Whether unauthorized users can create shares",
+      type: "boolean",
+      defaultValue: "false",

-async function main() {
-  for (const variable of configVariables) {
-    const existingConfigVariable = await prisma.config.findUnique({
-      where: { key: variable.key },
-    });
+      secret: false,
+    },
+    maxSize: {
+      description: "Maximum share size in bytes",
+      type: "number",
+      defaultValue: "1073741824",

-    // Create a new config variable if it doesn't exist
-    if (!existingConfigVariable) {
-      await prisma.config.create({
-        data: variable,
+      secret: false,
+    },
+  },
+  email: {
+    enableShareEmailRecipients: {
+      description:
+        "Whether to allow emails to share recipients. Only enable this if you have enabled SMTP.",
+      type: "boolean",
+      defaultValue: "false",
+
+      secret: false,
+    },
+    shareRecipientsSubject: {
+      description:
+        "Subject of the email which gets sent to the share recipients.",
+      type: "string",
+      defaultValue: "Files shared with you",
+    },
+    shareRecipientsMessage: {
+      description:
+        "Message which gets sent to the share recipients.\n\nAvailable variables:\n{creator} - The username of the creator of the share\n{shareUrl} - The URL of the share\n{desc} - The description of the share\n{expires} - The expiration date of the share\n\nVariables will be replaced with the actual values.",
+      type: "text",
+      defaultValue:
+        "Hey!\n\n{creator} shared some files with you, view or download the files with this link: {shareUrl}\n\nThe share will expire {expires}.\n\nNote: {desc}\n\nShared securely with Pingvin Share 🐧",
+    },
+    reverseShareSubject: {
+      description:
+        "Subject of the email which gets sent when someone created a share with your reverse share link.",
+      type: "string",
+      defaultValue: "Reverse share link used",
+    },
+    reverseShareMessage: {
+      description:
+        "Message which gets sent when someone created a share with your reverse share link. {shareUrl} will be replaced with the creator's name and the share URL.",
+      type: "text",
+      defaultValue:
+        "Hey!\n\nA share was just created with your reverse share link: {shareUrl}\n\nShared securely with Pingvin Share 🐧",
+    },
+    resetPasswordSubject: {
+      description:
+        "Subject of the email which gets sent when a user requests a password reset.",
+      type: "string",
+      defaultValue: "Pingvin Share password reset",
+    },
+    resetPasswordMessage: {
+      description:
+        "Message which gets sent when a user requests a password reset. {url} will be replaced with the reset password URL.",
+      type: "text",
+      defaultValue:
+        "Hey!\n\nYou requested a password reset. Click this link to reset your password: {url}\nThe link expires in a hour.\n\nPingvin Share 🐧",
+    },
+    inviteSubject: {
+      description:
+        "Subject of the email which gets sent when an admin invites an user.",
+      type: "string",
+      defaultValue: "Pingvin Share invite",
+    },
+    inviteMessage: {
+      description:
+        "Message which gets sent when an admin invites an user. {url} will be replaced with the invite URL and {password} with the password.",
+      type: "text",
+      defaultValue:
+        "Hey!\n\nYou were invited to Pingvin Share. Click this link to accept the invite: {url}\n\nYour password is: {password}\n\nPingvin Share 🐧",
+    },
+  },
+  smtp: {
+    enabled: {
+      description:
+        "Whether SMTP is enabled. Only set this to true if you entered the host, port, email, user and password of your SMTP server.",
+      type: "boolean",
+      defaultValue: "false",
+      secret: false,
+    },
+    host: {
+      description: "Host of the SMTP server",
+      type: "string",
+      defaultValue: "",
+    },
+    port: {
+      description: "Port of the SMTP server",
+      type: "number",
+      defaultValue: "0",
+    },
+    email: {
+      description: "Email address which the emails get sent from",
+      type: "string",
+      defaultValue: "",
+    },
+    username: {
+      description: "Username of the SMTP server",
+      type: "string",
+      defaultValue: "",
+    },
+    password: {
+      description: "Password of the SMTP server",
+      type: "string",
+      defaultValue: "",
+      obscured: true,
+    },
+  },
+};
+
+type ConfigVariables = {
+  [category: string]: {
+    [variable: string]: Omit<
+      Prisma.ConfigCreateInput,
+      "name" | "category" | "order"
+    >;
+  };
+};
+
+const prisma = new PrismaClient({
+  datasources: {
+    db: {
+      url:
+        process.env.DATABASE_URL ||
+        "file:../data/pingvin-share.db?connection_limit=1",
+    },
+  },
+});
+
+async function seedConfigVariables() {
+  for (const [category, configVariablesOfCategory] of Object.entries(
+    configVariables
+  )) {
+    let order = 0;
+    for (const [name, properties] of Object.entries(
+      configVariablesOfCategory
+    )) {
+      const existingConfigVariable = await prisma.config.findUnique({
+        where: { name_category: { name, category } },
      });
+
+      // Create a new config variable if it doesn't exist
+      if (!existingConfigVariable) {
+        await prisma.config.create({
+          data: {
+            order,
+            name,
+            ...properties,
+            category,
+          },
+        });
+      }
+      order++;
    }
  }
+}

-  // Delete the config variable if it doesn't exist anymore
-  const configVariablesFromDatabase = await prisma.config.findMany();
+async function migrateConfigVariables() {
+  const existingConfigVariables = await prisma.config.findMany();

-  for (const configVariableFromDatabase of configVariablesFromDatabase) {
-    if (!configVariables.find((v) => v.key == configVariableFromDatabase.key)) {
+  for (const existingConfigVariable of existingConfigVariables) {
+    const configVariable =
+      configVariables[existingConfigVariable.category]?.[
+        existingConfigVariable.name
+      ];
+    if (!configVariable) {
      await prisma.config.delete({
-        where: { key: configVariableFromDatabase.key },
+        where: {
+          name_category: {
+            name: existingConfigVariable.name,
+            category: existingConfigVariable.category,
+          },
+        },
+      });
+
+      // Update the config variable if the metadata changed
+    } else if (
+      JSON.stringify({
+        ...configVariable,
+        name: existingConfigVariable.name,
+        category: existingConfigVariable.category,
+        value: existingConfigVariable.value,
+      }) != JSON.stringify(existingConfigVariable)
+    ) {
+      await prisma.config.update({
+        where: {
+          name_category: {
+            name: existingConfigVariable.name,
+            category: existingConfigVariable.category,
+          },
+        },
+        data: {
+          ...configVariable,
+          name: existingConfigVariable.name,
+          category: existingConfigVariable.category,
+          value: existingConfigVariable.value,
+        },
      });
    }
  }
 }
-main()
+
+seedConfigVariables()
+  .then(() => migrateConfigVariables())
  .then(async () => {
    await prisma.$disconnect();
  })
--- a/backend/src/app.module.ts
+++ b/backend/src/app.module.ts
@@ -1,18 +1,19 @@
-import { HttpException, HttpStatus, Module } from "@nestjs/common";
+import { Module } from "@nestjs/common";

 import { ScheduleModule } from "@nestjs/schedule";
 import { AuthModule } from "./auth/auth.module";

-import { MulterModule } from "@nestjs/platform-express";
-import { ThrottlerModule } from "@nestjs/throttler";
-import { Request } from "express";
+import { APP_GUARD } from "@nestjs/core";
+import { ThrottlerGuard, ThrottlerModule } from "@nestjs/throttler";
 import { ConfigModule } from "./config/config.module";
-import { ConfigService } from "./config/config.service";
 import { EmailModule } from "./email/email.module";
 import { FileModule } from "./file/file.module";
+import { JobsModule } from "./jobs/jobs.module";
 import { PrismaModule } from "./prisma/prisma.module";
 import { ShareModule } from "./share/share.module";
 import { UserModule } from "./user/user.module";
+import { ClamScanModule } from "./clamscan/clamscan.module";
+import { ReverseShareModule } from "./reverseShare/reverseShare.module";

@Module({
  imports: [
@@ -22,30 +23,21 @@ import { UserModule } from "./user/user.module";
    EmailModule,
    PrismaModule,
    ConfigModule,
+    JobsModule,
    UserModule,
-    MulterModule.registerAsync({
-      useFactory: (config: ConfigService) => ({
-        fileFilter: (req: Request, file, cb) => {
-          const MAX_FILE_SIZE = config.get("MAX_FILE_SIZE");
-          const requestFileSize = parseInt(req.headers["content-length"]);
-          const isValidFileSize = requestFileSize <= MAX_FILE_SIZE;
-          cb(
-            !isValidFileSize &&
-              new HttpException(
-                `File must be smaller than ${MAX_FILE_SIZE} bytes`,
-                HttpStatus.PAYLOAD_TOO_LARGE
-              ),
-            isValidFileSize
-          );
-        },
-      }),
-      inject: [ConfigService],
-    }),
    ThrottlerModule.forRoot({
      ttl: 60,
      limit: 100,
    }),
    ScheduleModule.forRoot(),
+    ClamScanModule,
+    ReverseShareModule,
+  ],
+  providers: [
+    {
+      provide: APP_GUARD,
+      useClass: ThrottlerGuard,
+    },
  ],
 })
 export class AppModule {}
--- a/backend/src/auth/auth.controller.ts
+++ b/backend/src/auth/auth.controller.ts
@@ -3,55 +3,191 @@ import {
  Controller,
  ForbiddenException,
  HttpCode,
+  Param,
  Patch,
  Post,
+  Req,
+  Res,
+  UnauthorizedException,
  UseGuards,
 } from "@nestjs/common";
 import { Throttle } from "@nestjs/throttler";
 import { User } from "@prisma/client";
+import { Request, Response } from "express";
 import { ConfigService } from "src/config/config.service";
 import { AuthService } from "./auth.service";
+import { AuthTotpService } from "./authTotp.service";
 import { GetUser } from "./decorator/getUser.decorator";
 import { AuthRegisterDTO } from "./dto/authRegister.dto";
 import { AuthSignInDTO } from "./dto/authSignIn.dto";
-import { RefreshAccessTokenDTO } from "./dto/refreshAccessToken.dto";
+import { AuthSignInTotpDTO } from "./dto/authSignInTotp.dto";
+import { EnableTotpDTO } from "./dto/enableTotp.dto";
+import { ResetPasswordDTO } from "./dto/resetPassword.dto";
+import { TokenDTO } from "./dto/token.dto";
 import { UpdatePasswordDTO } from "./dto/updatePassword.dto";
+import { VerifyTotpDTO } from "./dto/verifyTotp.dto";
 import { JwtGuard } from "./guard/jwt.guard";

@Controller("auth")
 export class AuthController {
  constructor(
    private authService: AuthService,
+    private authTotpService: AuthTotpService,
    private config: ConfigService
  ) {}

-  @Throttle(10, 5 * 60)
  @Post("signUp")
-  async signUp(@Body() dto: AuthRegisterDTO) {
-    if (!this.config.get("ALLOW_REGISTRATION"))
+  @Throttle(10, 5 * 60)
+  async signUp(
+    @Body() dto: AuthRegisterDTO,
+    @Res({ passthrough: true }) response: Response
+  ) {
+    if (!this.config.get("share.allowRegistration"))
      throw new ForbiddenException("Registration is not allowed");
-    return this.authService.signUp(dto);
+
+    const result = await this.authService.signUp(dto);
+
+    response = this.addTokensToResponse(
+      response,
+      result.refreshToken,
+      result.accessToken
+    );
+
+    return result;
  }

-  @Throttle(10, 5 * 60)
  @Post("signIn")
+  @Throttle(10, 5 * 60)
  @HttpCode(200)
-  signIn(@Body() dto: AuthSignInDTO) {
-    return this.authService.signIn(dto);
+  async signIn(
+    @Body() dto: AuthSignInDTO,
+    @Res({ passthrough: true }) response: Response
+  ) {
+    const result = await this.authService.signIn(dto);
+
+    if (result.accessToken && result.refreshToken) {
+      response = this.addTokensToResponse(
+        response,
+        result.refreshToken,
+        result.accessToken
+      );
+    }
+
+    return result;
+  }
+
+  @Post("signIn/totp")
+  @Throttle(10, 5 * 60)
+  @HttpCode(200)
+  async signInTotp(
+    @Body() dto: AuthSignInTotpDTO,
+    @Res({ passthrough: true }) response: Response
+  ) {
+    const result = await this.authTotpService.signInTotp(dto);
+
+    response = this.addTokensToResponse(
+      response,
+      result.refreshToken,
+      result.accessToken
+    );
+
+    return new TokenDTO().from(result);
+  }
+
+  @Post("resetPassword/:email")
+  @Throttle(5, 5 * 60)
+  @HttpCode(204)
+  async requestResetPassword(@Param("email") email: string) {
+    return await this.authService.requestResetPassword(email);
+  }
+
+  @Post("resetPassword")
+  @Throttle(5, 5 * 60)
+  @HttpCode(204)
+  async resetPassword(@Body() dto: ResetPasswordDTO) {
+    return await this.authService.resetPassword(dto.token, dto.password);
  }

  @Patch("password")
  @UseGuards(JwtGuard)
-  async updatePassword(@GetUser() user: User, @Body() dto: UpdatePasswordDTO) {
-    await this.authService.updatePassword(user, dto.oldPassword, dto.password);
+  async updatePassword(
+    @GetUser() user: User,
+    @Res({ passthrough: true }) response: Response,
+    @Body() dto: UpdatePasswordDTO
+  ) {
+    const result = await this.authService.updatePassword(
+      user,
+      dto.oldPassword,
+      dto.password
+    );
+
+    response = this.addTokensToResponse(response, result.refreshToken);
+    return new TokenDTO().from(result);
  }

  @Post("token")
  @HttpCode(200)
-  async refreshAccessToken(@Body() body: RefreshAccessTokenDTO) {
+  async refreshAccessToken(
+    @Req() request: Request,
+    @Res({ passthrough: true }) response: Response
+  ) {
+    if (!request.cookies.refresh_token) throw new UnauthorizedException();
+
    const accessToken = await this.authService.refreshAccessToken(
-      body.refreshToken
+      request.cookies.refresh_token
    );
-    return { accessToken };
+    response = this.addTokensToResponse(response, undefined, accessToken);
+    return new TokenDTO().from({ accessToken });
+  }
+
+  @Post("signOut")
+  async signOut(
+    @Req() request: Request,
+    @Res({ passthrough: true }) response: Response
+  ) {
+    await this.authService.signOut(request.cookies.access_token);
+    response.cookie("access_token", "accessToken", { maxAge: -1 });
+    response.cookie("refresh_token", "", {
+      path: "/api/auth/token",
+      httpOnly: true,
+      maxAge: -1,
+    });
+  }
+
+  @Post("totp/enable")
+  @UseGuards(JwtGuard)
+  async enableTotp(@GetUser() user: User, @Body() body: EnableTotpDTO) {
+    return this.authTotpService.enableTotp(user, body.password);
+  }
+
+  @Post("totp/verify")
+  @UseGuards(JwtGuard)
+  async verifyTotp(@GetUser() user: User, @Body() body: VerifyTotpDTO) {
+    return this.authTotpService.verifyTotp(user, body.password, body.code);
+  }
+
+  @Post("totp/disable")
+  @UseGuards(JwtGuard)
+  async disableTotp(@GetUser() user: User, @Body() body: VerifyTotpDTO) {
+    // Note: We use VerifyTotpDTO here because it has both fields we need: password and totp code
+    return this.authTotpService.disableTotp(user, body.password, body.code);
+  }
+
+  private addTokensToResponse(
+    response: Response,
+    refreshToken?: string,
+    accessToken?: string
+  ) {
+    if (accessToken)
+      response.cookie("access_token", accessToken, { sameSite: "lax" });
+    if (refreshToken)
+      response.cookie("refresh_token", refreshToken, {
+        path: "/api/auth/token",
+        httpOnly: true,
+        sameSite: "strict",
+        maxAge: 1000 * 60 * 60 * 24 * 30 * 3,
+      });
+
+    return response;
  }
 }
--- a/backend/src/auth/auth.module.ts
+++ b/backend/src/auth/auth.module.ts
@@ -1,13 +1,15 @@
 import { Module } from "@nestjs/common";
 import { JwtModule } from "@nestjs/jwt";
+import { EmailModule } from "src/email/email.module";
 import { AuthController } from "./auth.controller";
 import { AuthService } from "./auth.service";
+import { AuthTotpService } from "./authTotp.service";
 import { JwtStrategy } from "./strategy/jwt.strategy";

@Module({
-  imports: [JwtModule.register({})],
+  imports: [JwtModule.register({}), EmailModule],
  controllers: [AuthController],
-  providers: [AuthService, JwtStrategy],
+  providers: [AuthService, AuthTotpService, JwtStrategy],
  exports: [AuthService],
 })
 export class AuthModule {}
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -6,10 +6,11 @@ import {
 } from "@nestjs/common";
 import { JwtService } from "@nestjs/jwt";
 import { User } from "@prisma/client";
-import { PrismaClientKnownRequestError } from "@prisma/client/runtime";
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import * as argon from "argon2";
 import * as moment from "moment";
 import { ConfigService } from "src/config/config.service";
+import { EmailService } from "src/email/email.service";
 import { PrismaService } from "src/prisma/prisma.service";
 import { AuthRegisterDTO } from "./dto/authRegister.dto";
 import { AuthSignInDTO } from "./dto/authSignIn.dto";
@@ -19,10 +20,13 @@ export class AuthService {
  constructor(
    private prisma: PrismaService,
    private jwtService: JwtService,
-    private config: ConfigService
+    private config: ConfigService,
+    private emailService: EmailService
  ) {}

  async signUp(dto: AuthRegisterDTO) {
+    const isFirstUser = (await this.prisma.user.count()) == 0;
+
    const hash = await argon.hash(dto.password);
    try {
      const user = await this.prisma.user.create({
@@ -30,12 +34,14 @@ export class AuthService {
          email: dto.email,
          username: dto.username,
          password: hash,
-          isAdmin: !this.config.get("SETUP_FINISHED"),
+          isAdmin: isFirstUser,
        },
      });

-      const accessToken = await this.createAccessToken(user);
-      const refreshToken = await this.createRefreshToken(user.id);
+      const { refreshToken, refreshTokenId } = await this.createRefreshToken(
+        user.id
+      );
+      const accessToken = await this.createAccessToken(user, refreshTokenId);

      return { accessToken, refreshToken };
    } catch (e) {
@@ -63,37 +69,115 @@ export class AuthService {
    if (!user || !(await argon.verify(user.password, dto.password)))
      throw new UnauthorizedException("Wrong email or password");

-    const accessToken = await this.createAccessToken(user);
-    const refreshToken = await this.createRefreshToken(user.id);
+    // TODO: Make all old loginTokens invalid when a new one is created
+    // Check if the user has TOTP enabled
+    if (user.totpVerified) {
+      const loginToken = await this.createLoginToken(user.id);
+
+      return { loginToken };
+    }
+
+    const { refreshToken, refreshTokenId } = await this.createRefreshToken(
+      user.id
+    );
+    const accessToken = await this.createAccessToken(user, refreshTokenId);

    return { accessToken, refreshToken };
  }

+  async requestResetPassword(email: string) {
+    const user = await this.prisma.user.findFirst({
+      where: { email },
+      include: { resetPasswordToken: true },
+    });
+
+    if (!user) throw new BadRequestException("User not found");
+
+    // Delete old reset password token
+    if (user.resetPasswordToken) {
+      await this.prisma.resetPasswordToken.delete({
+        where: { token: user.resetPasswordToken.token },
+      });
+    }
+
+    const { token } = await this.prisma.resetPasswordToken.create({
+      data: {
+        expiresAt: moment().add(1, "hour").toDate(),
+        user: { connect: { id: user.id } },
+      },
+    });
+
+    await this.emailService.sendResetPasswordEmail(user.email, token);
+  }
+
+  async resetPassword(token: string, newPassword: string) {
+    const user = await this.prisma.user.findFirst({
+      where: { resetPasswordToken: { token } },
+    });
+
+    if (!user) throw new BadRequestException("Token invalid or expired");
+
+    const newPasswordHash = await argon.hash(newPassword);
+
+    await this.prisma.resetPasswordToken.delete({
+      where: { token },
+    });
+
+    await this.prisma.user.update({
+      where: { id: user.id },
+      data: { password: newPasswordHash },
+    });
+  }
+
  async updatePassword(user: User, oldPassword: string, newPassword: string) {
-    if (argon.verify(user.password, oldPassword))
+    if (!(await argon.verify(user.password, oldPassword)))
      throw new ForbiddenException("Invalid password");

    const hash = await argon.hash(newPassword);

-    this.prisma.user.update({
+    await this.prisma.refreshToken.deleteMany({
+      where: { userId: user.id },
+    });
+
+    await this.prisma.user.update({
      where: { id: user.id },
      data: { password: hash },
    });
+
+    return this.createRefreshToken(user.id);
  }

-  async createAccessToken(user: User) {
+  async createAccessToken(user: User, refreshTokenId: string) {
    return this.jwtService.sign(
      {
        sub: user.id,
        email: user.email,
+        isAdmin: user.isAdmin,
+        refreshTokenId,
      },
      {
        expiresIn: "15min",
-        secret: this.config.get("JWT_SECRET"),
+        secret: this.config.get("internal.jwtSecret"),
      }
    );
  }

+  async signOut(accessToken: string) {
+    const { refreshTokenId } =
+      (this.jwtService.decode(accessToken) as {
+        refreshTokenId: string;
+      }) || {};
+
+    if (refreshTokenId) {
+      await this.prisma.refreshToken
+        .delete({ where: { id: refreshTokenId } })
+        .catch((e) => {
+          // Ignore error if refresh token doesn't exist
+          if (e.code != "P2025") throw e;
+        });
+    }
+  }
+
  async refreshAccessToken(refreshToken: string) {
    const refreshTokenMetaData = await this.prisma.refreshToken.findUnique({
      where: { token: refreshToken },
@@ -103,16 +187,27 @@ export class AuthService {
    if (!refreshTokenMetaData || refreshTokenMetaData.expiresAt < new Date())
      throw new UnauthorizedException();

-    return this.createAccessToken(refreshTokenMetaData.user);
+    return this.createAccessToken(
+      refreshTokenMetaData.user,
+      refreshTokenMetaData.id
+    );
  }

  async createRefreshToken(userId: string) {
-    const refreshToken = (
-      await this.prisma.refreshToken.create({
-        data: { userId, expiresAt: moment().add(3, "months").toDate() },
+    const { id, token } = await this.prisma.refreshToken.create({
+      data: { userId, expiresAt: moment().add(3, "months").toDate() },
+    });
+
+    return { refreshTokenId: id, refreshToken: token };
+  }
+
+  async createLoginToken(userId: string) {
+    const loginToken = (
+      await this.prisma.loginToken.create({
+        data: { userId, expiresAt: moment().add(5, "minutes").toDate() },
      })
    ).token;

-    return refreshToken;
+    return loginToken;
  }
 }
--- a/backend/src/auth/authTotp.service.ts
+++ b/backend/src/auth/authTotp.service.ts
@@ -0,0 +1,187 @@
+import {
+  BadRequestException,
+  ForbiddenException,
+  Injectable,
+  UnauthorizedException,
+} from "@nestjs/common";
+import { User } from "@prisma/client";
+import * as argon from "argon2";
+import { authenticator, totp } from "otplib";
+import * as qrcode from "qrcode-svg";
+import { ConfigService } from "src/config/config.service";
+import { PrismaService } from "src/prisma/prisma.service";
+import { AuthService } from "./auth.service";
+import { AuthSignInTotpDTO } from "./dto/authSignInTotp.dto";
+
+@Injectable()
+export class AuthTotpService {
+  constructor(
+    private prisma: PrismaService,
+    private authService: AuthService,
+    private config: ConfigService
+  ) {}
+
+  async signInTotp(dto: AuthSignInTotpDTO) {
+    if (!dto.email && !dto.username)
+      throw new BadRequestException("Email or username is required");
+
+    const user = await this.prisma.user.findFirst({
+      where: {
+        OR: [{ email: dto.email }, { username: dto.username }],
+      },
+    });
+
+    if (!user || !(await argon.verify(user.password, dto.password)))
+      throw new UnauthorizedException("Wrong email or password");
+
+    const token = await this.prisma.loginToken.findFirst({
+      where: {
+        token: dto.loginToken,
+      },
+    });
+
+    if (!token || token.userId != user.id || token.used)
+      throw new UnauthorizedException("Invalid login token");
+
+    if (token.expiresAt < new Date())
+      throw new UnauthorizedException("Login token expired", "token_expired");
+
+    // Check the TOTP code
+    const { totpSecret } = await this.prisma.user.findUnique({
+      where: { id: user.id },
+      select: { totpSecret: true },
+    });
+
+    if (!totpSecret) {
+      throw new BadRequestException("TOTP is not enabled");
+    }
+
+    const expected = authenticator.generate(totpSecret);
+
+    if (dto.totp !== expected) {
+      throw new BadRequestException("Invalid code");
+    }
+
+    // Set the login token to used
+    await this.prisma.loginToken.update({
+      where: { token: token.token },
+      data: { used: true },
+    });
+
+    const { refreshToken, refreshTokenId } =
+      await this.authService.createRefreshToken(user.id);
+    const accessToken = await this.authService.createAccessToken(
+      user,
+      refreshTokenId
+    );
+
+    return { accessToken, refreshToken };
+  }
+
+  async enableTotp(user: User, password: string) {
+    if (!(await argon.verify(user.password, password)))
+      throw new ForbiddenException("Invalid password");
+
+    // Check if we have a secret already
+    const { totpVerified } = await this.prisma.user.findUnique({
+      where: { id: user.id },
+      select: { totpVerified: true },
+    });
+
+    if (totpVerified) {
+      throw new BadRequestException("TOTP is already enabled");
+    }
+
+    // TODO: Maybe make the issuer configurable with env vars?
+    const secret = authenticator.generateSecret();
+
+    const otpURL = totp.keyuri(
+      user.username || user.email,
+      this.config.get("general.appName"),
+      secret
+    );
+
+    await this.prisma.user.update({
+      where: { id: user.id },
+      data: {
+        totpEnabled: true,
+        totpSecret: secret,
+      },
+    });
+
+    // TODO: Maybe we should generate the QR code on the client rather than the server?
+    const qrCode = new qrcode({
+      content: otpURL,
+      container: "svg-viewbox",
+      join: true,
+    }).svg();
+
+    return {
+      totpAuthUrl: otpURL,
+      totpSecret: secret,
+      qrCode:
+        "data:image/svg+xml;base64," + Buffer.from(qrCode).toString("base64"),
+    };
+  }
+
+  // TODO: Maybe require a token to verify that the user who started enabling totp is the one who is verifying it?
+  async verifyTotp(user: User, password: string, code: string) {
+    if (!(await argon.verify(user.password, password)))
+      throw new ForbiddenException("Invalid password");
+
+    const { totpSecret } = await this.prisma.user.findUnique({
+      where: { id: user.id },
+      select: { totpSecret: true },
+    });
+
+    if (!totpSecret) {
+      throw new BadRequestException("TOTP is not in progress");
+    }
+
+    const expected = authenticator.generate(totpSecret);
+
+    if (code !== expected) {
+      throw new BadRequestException("Invalid code");
+    }
+
+    await this.prisma.user.update({
+      where: { id: user.id },
+      data: {
+        totpVerified: true,
+      },
+    });
+
+    return true;
+  }
+
+  async disableTotp(user: User, password: string, code: string) {
+    if (!(await argon.verify(user.password, password)))
+      throw new ForbiddenException("Invalid password");
+
+    const { totpSecret } = await this.prisma.user.findUnique({
+      where: { id: user.id },
+      select: { totpSecret: true },
+    });
+
+    if (!totpSecret) {
+      throw new BadRequestException("TOTP is not enabled");
+    }
+
+    const expected = authenticator.generate(totpSecret);
+
+    if (code !== expected) {
+      throw new BadRequestException("Invalid code");
+    }
+
+    await this.prisma.user.update({
+      where: { id: user.id },
+      data: {
+        totpVerified: false,
+        totpEnabled: false,
+        totpSecret: null,
+      },
+    });
+
+    return true;
+  }
+}
--- a/backend/src/auth/dto/authRegister.dto.ts
+++ b/backend/src/auth/dto/authRegister.dto.ts
@@ -1,4 +1,4 @@
-import { PickType } from "@nestjs/mapped-types";
+import { PickType } from "@nestjs/swagger";
 import { UserDTO } from "src/user/dto/user.dto";

 export class AuthRegisterDTO extends PickType(UserDTO, [
--- a/backend/src/auth/dto/authSignIn.dto.ts
+++ b/backend/src/auth/dto/authSignIn.dto.ts
@@ -1,4 +1,4 @@
-import { PickType } from "@nestjs/mapped-types";
+import { PickType } from "@nestjs/swagger";
 import { IsEmail, IsOptional, IsString } from "class-validator";
 import { UserDTO } from "src/user/dto/user.dto";

--- a/backend/src/auth/dto/authSignInTotp.dto.ts
+++ b/backend/src/auth/dto/authSignInTotp.dto.ts
@@ -0,0 +1,10 @@
+import { IsString } from "class-validator";
+import { AuthSignInDTO } from "./authSignIn.dto";
+
+export class AuthSignInTotpDTO extends AuthSignInDTO {
+  @IsString()
+  totp: string;
+
+  @IsString()
+  loginToken: string;
+}
--- a/backend/src/auth/dto/enableTotp.dto.ts
+++ b/backend/src/auth/dto/enableTotp.dto.ts
@@ -0,0 +1,4 @@
+import { PickType } from "@nestjs/swagger";
+import { UserDTO } from "src/user/dto/user.dto";
+
+export class EnableTotpDTO extends PickType(UserDTO, ["password"] as const) {}
--- a/backend/src/auth/dto/refreshAccessToken.dto.ts
+++ b/backend/src/auth/dto/refreshAccessToken.dto.ts
@@ -1,6 +0,0 @@
-import { IsNotEmpty } from "class-validator";
-
-export class RefreshAccessTokenDTO {
-  @IsNotEmpty()
-  refreshToken: string;
-}
--- a/backend/src/auth/dto/resetPassword.dto.ts
+++ b/backend/src/auth/dto/resetPassword.dto.ts
@@ -0,0 +1,8 @@
+import { PickType } from "@nestjs/swagger";
+import { IsString } from "class-validator";
+import { UserDTO } from "src/user/dto/user.dto";
+
+export class ResetPasswordDTO extends PickType(UserDTO, ["password"]) {
+  @IsString()
+  token: string;
+}
--- a/backend/src/auth/dto/token.dto.ts
+++ b/backend/src/auth/dto/token.dto.ts
@@ -0,0 +1,15 @@
+import { Expose, plainToClass } from "class-transformer";
+
+export class TokenDTO {
+  @Expose()
+  accessToken: string;
+
+  @Expose()
+  refreshToken: string;
+
+  from(partial: Partial<TokenDTO>) {
+    return plainToClass(TokenDTO, partial, {
+      excludeExtraneousValues: true,
+    });
+  }
+}
--- a/backend/src/auth/dto/updatePassword.dto.ts
+++ b/backend/src/auth/dto/updatePassword.dto.ts
@@ -1,4 +1,4 @@
-import { PickType } from "@nestjs/mapped-types";
+import { PickType } from "@nestjs/swagger";
 import { IsString } from "class-validator";
 import { UserDTO } from "src/user/dto/user.dto";

--- a/backend/src/auth/dto/verifyTotp.dto.ts
+++ b/backend/src/auth/dto/verifyTotp.dto.ts
@@ -0,0 +1,8 @@
+import { PickType } from "@nestjs/swagger";
+import { IsString } from "class-validator";
+import { UserDTO } from "src/user/dto/user.dto";
+
+export class VerifyTotpDTO extends PickType(UserDTO, ["password"] as const) {
+  @IsString()
+  code: string;
+}
--- a/backend/src/auth/guard/jwt.guard.ts
+++ b/backend/src/auth/guard/jwt.guard.ts
@@ -11,7 +11,7 @@ export class JwtGuard extends AuthGuard("jwt") {
    try {
      return (await super.canActivate(context)) as boolean;
    } catch {
-      return this.config.get("ALLOW_UNAUTHENTICATED_SHARES");
+      return this.config.get("share.allowUnauthenticatedShares");
    }
  }
 }
--- a/backend/src/auth/strategy/jwt.strategy.ts
+++ b/backend/src/auth/strategy/jwt.strategy.ts
@@ -1,20 +1,26 @@
 import { Injectable } from "@nestjs/common";
 import { PassportStrategy } from "@nestjs/passport";
 import { User } from "@prisma/client";
-import { ExtractJwt, Strategy } from "passport-jwt";
+import { Request } from "express";
+import { Strategy } from "passport-jwt";
 import { ConfigService } from "src/config/config.service";
 import { PrismaService } from "src/prisma/prisma.service";

@Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor(config: ConfigService, private prisma: PrismaService) {
-    config.get("JWT_SECRET");
+    config.get("internal.jwtSecret");
    super({
-      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-      secretOrKey: config.get("JWT_SECRET"),
+      jwtFromRequest: JwtStrategy.extractJWT,
+      secretOrKey: config.get("internal.jwtSecret"),
    });
  }

+  private static extractJWT(req: Request) {
+    if (!req.cookies.access_token) return null;
+    return req.cookies.access_token;
+  }
+
  async validate(payload: { sub: string }) {
    const user: User = await this.prisma.user.findUnique({
      where: { id: payload.sub },
--- a/backend/src/clamscan/clamscan.module.ts
+++ b/backend/src/clamscan/clamscan.module.ts
@@ -0,0 +1,10 @@
+import { forwardRef, Module } from "@nestjs/common";
+import { FileModule } from "src/file/file.module";
+import { ClamScanService } from "./clamscan.service";
+
+@Module({
+  imports: [forwardRef(() => FileModule)],
+  providers: [ClamScanService],
+  exports: [ClamScanService],
+})
+export class ClamScanModule {}
--- a/backend/src/clamscan/clamscan.service.ts
+++ b/backend/src/clamscan/clamscan.service.ts
@@ -0,0 +1,88 @@
+import { Injectable, Logger } from "@nestjs/common";
+import * as NodeClam from "clamscan";
+import * as fs from "fs";
+import { FileService } from "src/file/file.service";
+import { PrismaService } from "src/prisma/prisma.service";
+import { CLAMAV_HOST, CLAMAV_PORT, SHARE_DIRECTORY } from "../constants";
+
+const clamscanConfig = {
+  clamdscan: {
+    host: CLAMAV_HOST,
+    port: CLAMAV_PORT,
+    localFallback: false,
+  },
+  preference: "clamdscan",
+};
+@Injectable()
+export class ClamScanService {
+  private readonly logger = new Logger(ClamScanService.name);
+
+  constructor(
+    private fileService: FileService,
+    private prisma: PrismaService
+  ) {}
+
+  private ClamScan: Promise<NodeClam | null> = new NodeClam()
+    .init(clamscanConfig)
+    .then((res) => {
+      this.logger.log("ClamAV is active");
+      return res;
+    })
+    .catch(() => {
+      this.logger.log("ClamAV is not active");
+      return null;
+    });
+
+  async check(shareId: string) {
+    const clamScan = await this.ClamScan;
+
+    if (!clamScan) return [];
+
+    const infectedFiles = [];
+
+    const files = fs
+      .readdirSync(`${SHARE_DIRECTORY}/${shareId}`)
+      .filter((file) => file != "archive.zip");
+
+    for (const fileId of files) {
+      const { isInfected } = await clamScan
+        .isInfected(`${SHARE_DIRECTORY}/${shareId}/${fileId}`)
+        .catch(() => {
+          this.logger.log("ClamAV is not active");
+          return { isInfected: false };
+        });
+
+      const fileName = (
+        await this.prisma.file.findUnique({ where: { id: fileId } })
+      ).name;
+
+      if (isInfected) {
+        infectedFiles.push({ id: fileId, name: fileName });
+      }
+    }
+
+    return infectedFiles;
+  }
+
+  async checkAndRemove(shareId: string) {
+    const infectedFiles = await this.check(shareId);
+
+    if (infectedFiles.length > 0) {
+      await this.fileService.deleteAllFiles(shareId);
+      await this.prisma.file.deleteMany({ where: { shareId } });
+
+      const fileNames = infectedFiles.map((file) => file.name).join(", ");
+
+      await this.prisma.share.update({
+        where: { id: shareId },
+        data: {
+          removedReason: `Your share got removed because the file(s) ${fileNames} are malicious.`,
+        },
+      });
+
+      this.logger.warn(
+        `Share ${shareId} deleted because it contained ${infectedFiles.length} malicious file(s)`
+      );
+    }
+  }
+}
--- a/backend/src/config/config.controller.ts
+++ b/backend/src/config/config.controller.ts
@@ -1,47 +1,75 @@
 import {
  Body,
  Controller,
+  FileTypeValidator,
  Get,
  Param,
+  ParseFilePipe,
  Patch,
  Post,
+  UploadedFile,
  UseGuards,
+  UseInterceptors,
 } from "@nestjs/common";
+import { FileInterceptor } from "@nestjs/platform-express";
+import { SkipThrottle } from "@nestjs/throttler";
 import { AdministratorGuard } from "src/auth/guard/isAdmin.guard";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { EmailService } from "src/email/email.service";
 import { ConfigService } from "./config.service";
 import { AdminConfigDTO } from "./dto/adminConfig.dto";
 import { ConfigDTO } from "./dto/config.dto";
+import { TestEmailDTO } from "./dto/testEmail.dto";
 import UpdateConfigDTO from "./dto/updateConfig.dto";
+import { LogoService } from "./logo.service";

@Controller("configs")
 export class ConfigController {
-  constructor(private configService: ConfigService) {}
+  constructor(
+    private configService: ConfigService,
+    private logoService: LogoService,
+    private emailService: EmailService
+  ) {}

  @Get()
+  @SkipThrottle()
  async list() {
    return new ConfigDTO().fromList(await this.configService.list());
  }

-  @Get("admin")
+  @Get("admin/:category")
  @UseGuards(JwtGuard, AdministratorGuard)
-  async listForAdmin() {
+  async getByCategory(@Param("category") category: string) {
    return new AdminConfigDTO().fromList(
-      await this.configService.listForAdmin()
+      await this.configService.getByCategory(category)
    );
  }

-  @Patch("admin/:key")
+  @Patch("admin")
  @UseGuards(JwtGuard, AdministratorGuard)
-  async update(@Param("key") key: string, @Body() data: UpdateConfigDTO) {
-    return new AdminConfigDTO().from(
-      await this.configService.update(key, data.value)
+  async updateMany(@Body() data: UpdateConfigDTO[]) {
+    return new AdminConfigDTO().fromList(
+      await this.configService.updateMany(data)
    );
  }

-  @Post("admin/finishSetup")
+  @Post("admin/testEmail")
  @UseGuards(JwtGuard, AdministratorGuard)
-  async finishSetup() {
-    return await this.configService.finishSetup();
+  async testEmail(@Body() { email }: TestEmailDTO) {
+    await this.emailService.sendTestMail(email);
+  }
+
+  @Post("admin/logo")
+  @UseInterceptors(FileInterceptor("file"))
+  @UseGuards(JwtGuard, AdministratorGuard)
+  async uploadLogo(
+    @UploadedFile(
+      new ParseFilePipe({
+        validators: [new FileTypeValidator({ fileType: "image/png" })],
+      })
+    )
+    file: Express.Multer.File
+  ) {
+    return await this.logoService.create(file.buffer);
  }
 }
--- a/backend/src/config/config.module.ts
+++ b/backend/src/config/config.module.ts
@@ -1,10 +1,13 @@
 import { Global, Module } from "@nestjs/common";
+import { EmailModule } from "src/email/email.module";
 import { PrismaService } from "src/prisma/prisma.service";
 import { ConfigController } from "./config.controller";
 import { ConfigService } from "./config.service";
+import { LogoService } from "./logo.service";

@Global()
@Module({
+  imports: [EmailModule],
  providers: [
    {
      provide: "CONFIG_VARIABLES",
@@ -14,6 +17,7 @@ import { ConfigService } from "./config.service";
      inject: [PrismaService],
    },
    ConfigService,
+    LogoService,
  ],
  controllers: [ConfigController],
  exports: [ConfigService],
--- a/backend/src/config/config.service.ts
+++ b/backend/src/config/config.service.ts
@@ -14,57 +14,97 @@ export class ConfigService {
    private prisma: PrismaService
  ) {}

-  get(key: string): any {
+  get(key: `${string}.${string}`): any {
    const configVariable = this.configVariables.filter(
-      (variable) => variable.key == key
+      (variable) => `${variable.category}.${variable.name}` == key
    )[0];

    if (!configVariable) throw new Error(`Config variable ${key} not found`);

-    if (configVariable.type == "number") return parseInt(configVariable.value);
-    if (configVariable.type == "boolean") return configVariable.value == "true";
-    if (configVariable.type == "string") return configVariable.value;
+    const value = configVariable.value ?? configVariable.defaultValue;
+
+    if (configVariable.type == "number") return parseInt(value);
+    if (configVariable.type == "boolean") return value == "true";
+    if (configVariable.type == "string" || configVariable.type == "text")
+      return value;
  }

-  async listForAdmin() {
-    return await this.prisma.config.findMany({
-      where: { locked: { equals: false } },
+  async getByCategory(category: string) {
+    const configVariables = await this.prisma.config.findMany({
+      orderBy: { order: "asc" },
+      where: { category, locked: { equals: false } },
+    });
+
+    return configVariables.map((variable) => {
+      return {
+        ...variable,
+        key: `${variable.category}.${variable.name}`,
+        value: variable.value ?? variable.defaultValue,
+      };
    });
  }

  async list() {
-    return await this.prisma.config.findMany({
+    const configVariables = await this.prisma.config.findMany({
      where: { secret: { equals: false } },
    });
+
+    return configVariables.map((variable) => {
+      return {
+        ...variable,
+        key: `${variable.category}.${variable.name}`,
+        value: variable.value ?? variable.defaultValue,
+      };
+    });
+  }
+
+  async updateMany(data: { key: string; value: string | number | boolean }[]) {
+    const response: Config[] = [];
+
+    for (const variable of data) {
+      response.push(await this.update(variable.key, variable.value));
+    }
+
+    return response;
  }

  async update(key: string, value: string | number | boolean) {
    const configVariable = await this.prisma.config.findUnique({
-      where: { key },
+      where: {
+        name_category: {
+          category: key.split(".")[0],
+          name: key.split(".")[1],
+        },
+      },
    });

    if (!configVariable || configVariable.locked)
      throw new NotFoundException("Config variable not found");

-    if (typeof value != configVariable.type)
+    if (value === "") {
+      value = null;
+    } else if (
+      typeof value != configVariable.type &&
+      typeof value == "string" &&
+      configVariable.type != "text"
+    ) {
      throw new BadRequestException(
        `Config variable must be of type ${configVariable.type}`
      );
+    }

    const updatedVariable = await this.prisma.config.update({
-      where: { key },
-      data: { value: value.toString() },
+      where: {
+        name_category: {
+          category: key.split(".")[0],
+          name: key.split(".")[1],
+        },
+      },
+      data: { value: value === null ? null : value.toString() },
    });

    this.configVariables = await this.prisma.config.findMany();

    return updatedVariable;
  }
-
-  async finishSetup() {
-    return await this.prisma.config.update({
-      where: { key: "SETUP_FINISHED" },
-      data: { value: "true" },
-    });
-  }
 }
--- a/backend/src/config/dto/adminConfig.dto.ts
+++ b/backend/src/config/dto/adminConfig.dto.ts
@@ -2,15 +2,24 @@ import { Expose, plainToClass } from "class-transformer";
 import { ConfigDTO } from "./config.dto";

 export class AdminConfigDTO extends ConfigDTO {
+  @Expose()
+  name: string;
+
  @Expose()
  secret: boolean;

+  @Expose()
+  defaultValue: string;
+
  @Expose()
  updatedAt: Date;

  @Expose()
  description: string;

+  @Expose()
+  obscured: boolean;
+
  from(partial: Partial<AdminConfigDTO>) {
    return plainToClass(AdminConfigDTO, partial, {
      excludeExtraneousValues: true,
--- a/backend/src/config/dto/testEmail.dto.ts
+++ b/backend/src/config/dto/testEmail.dto.ts
@@ -0,0 +1,7 @@
+import { IsEmail, IsNotEmpty } from "class-validator";
+
+export class TestEmailDTO {
+  @IsEmail()
+  @IsNotEmpty()
+  email: string;
+}
--- a/backend/src/config/dto/updateConfig.dto.ts
+++ b/backend/src/config/dto/updateConfig.dto.ts
@@ -1,6 +1,9 @@
-import { IsNotEmpty } from "class-validator";
+import { IsNotEmpty, IsString } from "class-validator";

 class UpdateConfigDTO {
+  @IsString()
+  key: string;
+
  @IsNotEmpty()
  value: string | number | boolean;
 }
--- a/backend/src/config/logo.service.ts
+++ b/backend/src/config/logo.service.ts
@@ -0,0 +1,32 @@
+import { Injectable } from "@nestjs/common";
+import * as fs from "fs";
+import * as sharp from "sharp";
+
+const IMAGES_PATH = "../frontend/public/img";
+
+@Injectable()
+export class LogoService {
+  async create(file: Buffer) {
+    fs.writeFileSync(`${IMAGES_PATH}/logo.png`, file, "binary");
+    this.createFavicon(file);
+    this.createPWAIcons(file);
+  }
+
+  async createFavicon(file: Buffer) {
+    const resized = await sharp(file).resize(16).toBuffer();
+    fs.promises.writeFile(`${IMAGES_PATH}/favicon.ico`, resized, "binary");
+  }
+
+  async createPWAIcons(file: Buffer) {
+    const sizes = [48, 72, 96, 128, 144, 152, 192, 384, 512];
+
+    for (const size of sizes) {
+      const resized = await sharp(file).resize(size).toBuffer();
+      fs.promises.writeFile(
+        `${IMAGES_PATH}/icons/icon-${size}x${size}.png`,
+        resized,
+        "binary"
+      );
+    }
+  }
+}
--- a/backend/src/constants.ts
+++ b/backend/src/constants.ts
@@ -0,0 +1,5 @@
+export const DATA_DIRECTORY = process.env.DATA_DIRECTORY || "./data";
+export const SHARE_DIRECTORY =  `${DATA_DIRECTORY}/uploads/shares` 
+export const DATABASE_URL = process.env.DATABASE_URL || "file:../data/pingvin-share.db?connection_limit=1";
+export const CLAMAV_HOST = process.env.CLAMAV_HOST || (process.env.NODE_ENV == "docker" ? "clamav" : "127.0.0.1");
+export const CLAMAV_PORT = parseInt(process.env.CLAMAV_PORT) || 3310;
--- a/backend/src/email/email.service.ts
+++ b/backend/src/email/email.service.ts
@@ -1,34 +1,133 @@
-import { Injectable, InternalServerErrorException } from "@nestjs/common";
+import {
+  Injectable,
+  InternalServerErrorException,
+  Logger,
+} from "@nestjs/common";
 import { User } from "@prisma/client";
+import * as moment from "moment";
 import * as nodemailer from "nodemailer";
 import { ConfigService } from "src/config/config.service";

@Injectable()
 export class EmailService {
  constructor(private config: ConfigService) {}
+  private readonly logger = new Logger(EmailService.name);

-  async sendMail(recipientEmail: string, shareId: string, creator: User) {
-    // create reusable transporter object using the default SMTP transport
-    const transporter = nodemailer.createTransport({
-      host: this.config.get("SMTP_HOST"),
-      port: parseInt(this.config.get("SMTP_PORT")),
-      secure: parseInt(this.config.get("SMTP_PORT")) == 465,
+  getTransporter() {
+    if (!this.config.get("smtp.enabled"))
+      throw new InternalServerErrorException("SMTP is disabled");
+
+    return nodemailer.createTransport({
+      host: this.config.get("smtp.host"),
+      port: this.config.get("smtp.port"),
+      secure: this.config.get("smtp.port") == 465,
      auth: {
-        user: this.config.get("SMTP_EMAIL"),
-        pass: this.config.get("SMTP_PASSWORD"),
+        user: this.config.get("smtp.username"),
+        pass: this.config.get("smtp.password"),
      },
    });
+  }

-    if (!this.config.get("ENABLE_EMAIL_RECIPIENTS"))
+  private async sendMail(email: string, subject: string, text: string) {
+    await this.getTransporter()
+      .sendMail({
+        from: `"${this.config.get("general.appName")}" <${this.config.get(
+          "smtp.email"
+        )}>`,
+        to: email,
+        subject,
+        text,
+      })
+      .catch((e) => {
+        this.logger.error(e);
+        throw new InternalServerErrorException("Failed to send email");
+      });
+  }
+
+  async sendMailToShareRecipients(
+    recipientEmail: string,
+    shareId: string,
+    creator?: User,
+    description?: string,
+    expiration?: Date
+  ) {
+    if (!this.config.get("email.enableShareEmailRecipients"))
      throw new InternalServerErrorException("Email service disabled");

-    const shareUrl = `${this.config.get("APP_URL")}/share/${shareId}`;
+    const shareUrl = `${this.config.get("general.appUrl")}/share/${shareId}`;

-    await transporter.sendMail({
-      from: `"Pingvin Share" <${this.config.get("SMTP_EMAIL")}>`,
-      to: recipientEmail,
-      subject: "Files shared with you",
-      text: `Hey!\n${creator.username} shared some files with you. View or dowload the files with this link: ${shareUrl}.\n Shared securely with Pingvin Share 🐧`,
-    });
+    await this.sendMail(
+      recipientEmail,
+      this.config.get("email.shareRecipientsSubject"),
+      this.config
+        .get("email.shareRecipientsMessage")
+        .replaceAll("\\n", "\n")
+        .replaceAll("{creator}", creator?.username ?? "Someone")
+        .replaceAll("{shareUrl}", shareUrl)
+        .replaceAll("{desc}", description ?? "No description")
+        .replaceAll(
+          "{expires}",
+          moment(expiration).unix() != 0
+            ? moment(expiration).fromNow()
+            : "in: never"
+        )
+    );
+  }
+
+  async sendMailToReverseShareCreator(recipientEmail: string, shareId: string) {
+    const shareUrl = `${this.config.get("general.appUrl")}/share/${shareId}`;
+
+    await this.sendMail(
+      recipientEmail,
+      this.config.get("email.reverseShareSubject"),
+      this.config
+        .get("email.reverseShareMessage")
+        .replaceAll("\\n", "\n")
+        .replaceAll("{shareUrl}", shareUrl)
+    );
+  }
+
+  async sendResetPasswordEmail(recipientEmail: string, token: string) {
+    const resetPasswordUrl = `${this.config.get(
+      "general.appUrl"
+    )}/auth/resetPassword/${token}`;
+
+    await this.sendMail(
+      recipientEmail,
+      this.config.get("email.resetPasswordSubject"),
+      this.config
+        .get("email.resetPasswordMessage")
+        .replaceAll("\\n", "\n")
+        .replaceAll("{url}", resetPasswordUrl)
+    );
+  }
+
+  async sendInviteEmail(recipientEmail: string, password: string) {
+    const loginUrl = `${this.config.get("general.appUrl")}/auth/signIn`;
+
+    await this.sendMail(
+      recipientEmail,
+      this.config.get("email.inviteSubject"),
+      this.config
+        .get("email.inviteMessage")
+        .replaceAll("{url}", loginUrl)
+        .replaceAll("{password}", password)
+    );
+  }
+
+  async sendTestMail(recipientEmail: string) {
+    await this.getTransporter()
+      .sendMail({
+        from: `"${this.config.get("general.appName")}" <${this.config.get(
+          "smtp.email"
+        )}>`,
+        to: recipientEmail,
+        subject: "Test email",
+        text: "This is a test email",
+      })
+      .catch((e) => {
+        this.logger.error(e);
+        throw new InternalServerErrorException(e.message);
+      });
  }
 }
--- a/backend/src/file/file.controller.ts
+++ b/backend/src/file/file.controller.ts
@@ -1,77 +1,50 @@
 import {
+  Body,
  Controller,
  Get,
  Param,
  Post,
+  Query,
  Res,
  StreamableFile,
-  UploadedFile,
  UseGuards,
-  UseInterceptors,
 } from "@nestjs/common";
-import { FileInterceptor } from "@nestjs/platform-express";
+import { SkipThrottle } from "@nestjs/throttler";
 import * as contentDisposition from "content-disposition";
 import { Response } from "express";
-import { JwtGuard } from "src/auth/guard/jwt.guard";
-import { FileDownloadGuard } from "src/file/guard/fileDownload.guard";
-import { ShareDTO } from "src/share/dto/share.dto";
+import { CreateShareGuard } from "src/share/guard/createShare.guard";
 import { ShareOwnerGuard } from "src/share/guard/shareOwner.guard";
-import { ShareSecurityGuard } from "src/share/guard/shareSecurity.guard";
 import { FileService } from "./file.service";
+import { FileSecurityGuard } from "./guard/fileSecurity.guard";

@Controller("shares/:shareId/files")
 export class FileController {
  constructor(private fileService: FileService) {}

  @Post()
-  @UseGuards(JwtGuard, ShareOwnerGuard)
-  @UseInterceptors(
-    FileInterceptor("file", {
-      dest: "./data/uploads/_temp/",
-    })
-  )
+  @SkipThrottle()
+  @UseGuards(CreateShareGuard, ShareOwnerGuard)
  async create(
-    @UploadedFile()
-    file: Express.Multer.File,
+    @Query() query: any,
+
+    @Body() body: string,
    @Param("shareId") shareId: string
  ) {
-    // Fixes file names with special characters
-    file.originalname = Buffer.from(file.originalname, "latin1").toString(
-      "utf8"
+    const { id, name, chunkIndex, totalChunks } = query;
+
+    // Data can be empty if the file is empty
+    const data = body.toString().split(",")[1] ?? "";
+
+    return await this.fileService.create(
+      data,
+      { index: parseInt(chunkIndex), total: parseInt(totalChunks) },
+      { id, name },
+      shareId
    );
-    return new ShareDTO().from(await this.fileService.create(file, shareId));
-  }
-
-  @Get(":fileId/download")
-  @UseGuards(ShareSecurityGuard)
-  async getFileDownloadUrl(
-    @Res({ passthrough: true }) res: Response,
-    @Param("shareId") shareId: string,
-    @Param("fileId") fileId: string
-  ) {
-    const url = this.fileService.getFileDownloadUrl(shareId, fileId);
-
-    return { url };
-  }
-
-  @Get("zip/download")
-  @UseGuards(ShareSecurityGuard)
-  async getZipArchiveDownloadURL(
-    @Res({ passthrough: true }) res: Response,
-    @Param("shareId") shareId: string,
-    @Param("fileId") fileId: string
-  ) {
-    const url = this.fileService.getFileDownloadUrl(shareId, fileId);
-
-    res.set({
-      "Content-Type": "application/zip",
-    });
-
-    return { url };
  }

  @Get("zip")
-  @UseGuards(FileDownloadGuard)
+  @UseGuards(FileSecurityGuard)
  async getZip(
    @Res({ passthrough: true }) res: Response,
    @Param("shareId") shareId: string
@@ -79,25 +52,32 @@ export class FileController {
    const zip = this.fileService.getZip(shareId);
    res.set({
      "Content-Type": "application/zip",
-      "Content-Disposition": `attachment ; filename="pingvin-share-${shareId}"`,
+      "Content-Disposition": contentDisposition(`${shareId}.zip`),
    });

    return new StreamableFile(zip);
  }

  @Get(":fileId")
-  @UseGuards(FileDownloadGuard)
+  @UseGuards(FileSecurityGuard)
  async getFile(
    @Res({ passthrough: true }) res: Response,
    @Param("shareId") shareId: string,
-    @Param("fileId") fileId: string
+    @Param("fileId") fileId: string,
+    @Query("download") download = "true"
  ) {
    const file = await this.fileService.get(shareId, fileId);
-    res.set({
+
+    const headers = {
      "Content-Type": file.metaData.mimeType,
      "Content-Length": file.metaData.size,
-      "Content-Disposition": contentDisposition(file.metaData.name),
-    });
+    };
+
+    if (download === "true") {
+      headers["Content-Disposition"] = contentDisposition(file.metaData.name);
+    }
+
+    res.set(headers);

    return new StreamableFile(file.file);
  }
--- a/backend/src/file/file.module.ts
+++ b/backend/src/file/file.module.ts
@@ -1,14 +1,14 @@
 import { Module } from "@nestjs/common";
 import { JwtModule } from "@nestjs/jwt";
+import { ReverseShareModule } from "src/reverseShare/reverseShare.module";
 import { ShareModule } from "src/share/share.module";
 import { FileController } from "./file.controller";
 import { FileService } from "./file.service";
-import { FileValidationPipe } from "./pipe/fileValidation.pipe";

@Module({
-  imports: [JwtModule.register({}), ShareModule],
+  imports: [JwtModule.register({}), ReverseShareModule, ShareModule],
  controllers: [FileController],
-  providers: [FileService, FileValidationPipe],
+  providers: [FileService],
  exports: [FileService],
 })
 export class FileModule {}
--- a/backend/src/file/file.service.ts
+++ b/backend/src/file/file.service.ts
@@ -1,14 +1,17 @@
 import {
  BadRequestException,
+  HttpException,
+  HttpStatus,
  Injectable,
  NotFoundException,
 } from "@nestjs/common";
 import { JwtService } from "@nestjs/jwt";
-import { randomUUID } from "crypto";
+import * as crypto from "crypto";
 import * as fs from "fs";
 import * as mime from "mime-types";
 import { ConfigService } from "src/config/config.service";
 import { PrismaService } from "src/prisma/prisma.service";
+import { SHARE_DIRECTORY } from "../constants";

@Injectable()
 export class FileService {
@@ -18,32 +21,88 @@ export class FileService {
    private config: ConfigService
  ) {}

-  async create(file: Express.Multer.File, shareId: string) {
+  async create(
+    data: string,
+    chunk: { index: number; total: number },
+    file: { id?: string; name: string },
+    shareId: string
+  ) {
+    if (!file.id) file.id = crypto.randomUUID();
+
    const share = await this.prisma.share.findUnique({
      where: { id: shareId },
+      include: { files: true, reverseShare: true },
    });

    if (share.uploadLocked)
      throw new BadRequestException("Share is already completed");

-    const fileId = randomUUID();
+    let diskFileSize: number;
+    try {
+      diskFileSize = fs.statSync(
+        `${SHARE_DIRECTORY}/${shareId}/${file.id}.tmp-chunk`
+      ).size;
+    } catch {
+      diskFileSize = 0;
+    }

-    await fs.promises.mkdir(`./data/uploads/shares/${shareId}`, {
-      recursive: true,
-    });
-    fs.promises.rename(
-      `./data/uploads/_temp/${file.filename}`,
-      `./data/uploads/shares/${shareId}/${fileId}`
+    // If the sent chunk index and the expected chunk index doesn't match throw an error
+    const chunkSize = 10 * 1024 * 1024; // 10MB
+    const expectedChunkIndex = Math.ceil(diskFileSize / chunkSize);
+
+    if (expectedChunkIndex != chunk.index)
+      throw new BadRequestException({
+        message: "Unexpected chunk received",
+        error: "unexpected_chunk_index",
+        expectedChunkIndex,
+      });
+
+    const buffer = Buffer.from(data, "base64");
+
+    // Check if share size limit is exceeded
+    const fileSizeSum = share.files.reduce(
+      (n, { size }) => n + parseInt(size),
+      0
    );

-    return await this.prisma.file.create({
-      data: {
-        id: fileId,
-        name: file.originalname,
-        size: file.size.toString(),
-        share: { connect: { id: shareId } },
-      },
-    });
+    const shareSizeSum = fileSizeSum + diskFileSize + buffer.byteLength;
+
+    if (
+      shareSizeSum > this.config.get("share.maxSize") ||
+      (share.reverseShare?.maxShareSize &&
+        shareSizeSum > parseInt(share.reverseShare.maxShareSize))
+    ) {
+      throw new HttpException(
+        "Max share size exceeded",
+        HttpStatus.PAYLOAD_TOO_LARGE
+      );
+    }
+
+    fs.appendFileSync(
+      `${SHARE_DIRECTORY}/${shareId}/${file.id}.tmp-chunk`,
+      buffer
+    );
+
+    const isLastChunk = chunk.index == chunk.total - 1;
+    if (isLastChunk) {
+      fs.renameSync(
+        `${SHARE_DIRECTORY}/${shareId}/${file.id}.tmp-chunk`,
+        `${SHARE_DIRECTORY}/${shareId}/${file.id}`
+      );
+      const fileSize = fs.statSync(
+        `${SHARE_DIRECTORY}/${shareId}/${file.id}`
+      ).size;
+      await this.prisma.file.create({
+        data: {
+          id: file.id,
+          name: file.name,
+          size: fileSize.toString(),
+          share: { connect: { id: shareId } },
+        },
+      });
+    }
+
+    return file;
  }

  async get(shareId: string, fileId: string) {
@@ -53,9 +112,7 @@ export class FileService {

    if (!fileMetaData) throw new NotFoundException("File not found");

-    const file = fs.createReadStream(
-      `./data/uploads/shares/${shareId}/${fileId}`
-    );
+    const file = fs.createReadStream(`${SHARE_DIRECTORY}/${shareId}/${fileId}`);

    return {
      metaData: {
@@ -68,47 +125,13 @@ export class FileService {
  }

  async deleteAllFiles(shareId: string) {
-    await fs.promises.rm(`./data/uploads/shares/${shareId}`, {
+    await fs.promises.rm(`${SHARE_DIRECTORY}/${shareId}`, {
      recursive: true,
      force: true,
    });
  }

  getZip(shareId: string) {
-    return fs.createReadStream(`./data/uploads/shares/${shareId}/archive.zip`);
-  }
-
-  getFileDownloadUrl(shareId: string, fileId: string) {
-    const downloadToken = this.generateFileDownloadToken(shareId, fileId);
-
-    return `${this.config.get(
-      "APP_URL"
-    )}/api/shares/${shareId}/files/${fileId}?token=${downloadToken}`;
-  }
-
-  generateFileDownloadToken(shareId: string, fileId: string) {
-    if (fileId == "zip") fileId = undefined;
-
-    return this.jwtService.sign(
-      {
-        shareId,
-        fileId,
-      },
-      {
-        expiresIn: "10min",
-        secret: this.config.get("JWT_SECRET"),
-      }
-    );
-  }
-
-  verifyFileDownloadToken(shareId: string, token: string) {
-    try {
-      const claims = this.jwtService.verify(token, {
-        secret: this.config.get("JWT_SECRET"),
-      });
-      return claims.shareId == shareId;
-    } catch {
-      return false;
-    }
+    return fs.createReadStream(`${SHARE_DIRECTORY}/${shareId}/archive.zip`);
  }
 }
--- a/backend/src/file/guard/fileDownload.guard.ts
+++ b/backend/src/file/guard/fileDownload.guard.ts
@@ -1,17 +0,0 @@
-import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
-import { Request } from "express";
-import { FileService } from "src/file/file.service";
-
-@Injectable()
-export class FileDownloadGuard implements CanActivate {
-  constructor(private fileService: FileService) {}
-
-  async canActivate(context: ExecutionContext) {
-    const request: Request = context.switchToHttp().getRequest();
-
-    const token = request.query.token as string;
-    const { shareId } = request.params;
-
-    return this.fileService.verifyFileDownloadToken(shareId, token);
-  }
-}
--- a/backend/src/file/guard/fileSecurity.guard.ts
+++ b/backend/src/file/guard/fileSecurity.guard.ts
@@ -0,0 +1,65 @@
+import {
+  ExecutionContext,
+  ForbiddenException,
+  Injectable,
+  NotFoundException,
+} from "@nestjs/common";
+import { Request } from "express";
+import * as moment from "moment";
+import { PrismaService } from "src/prisma/prisma.service";
+import { ShareSecurityGuard } from "src/share/guard/shareSecurity.guard";
+import { ShareService } from "src/share/share.service";
+
+@Injectable()
+export class FileSecurityGuard extends ShareSecurityGuard {
+  constructor(
+    private _shareService: ShareService,
+    private _prisma: PrismaService
+  ) {
+    super(_shareService, _prisma);
+  }
+
+  async canActivate(context: ExecutionContext) {
+    const request: Request = context.switchToHttp().getRequest();
+
+    const shareId = Object.prototype.hasOwnProperty.call(
+      request.params,
+      "shareId"
+    )
+      ? request.params.shareId
+      : request.params.id;
+
+    const shareToken = request.cookies[`share_${shareId}_token`];
+
+    const share = await this._prisma.share.findUnique({
+      where: { id: shareId },
+      include: { security: true },
+    });
+
+    // If there is no share token the user requests a file directly
+    if (!shareToken) {
+      if (
+        !share ||
+        (moment().isAfter(share.expiration) &&
+          !moment(share.expiration).isSame(0))
+      ) {
+        throw new NotFoundException("File not found");
+      }
+
+      if (share.security?.password)
+        throw new ForbiddenException("This share is password protected");
+
+      if (share.security?.maxViews && share.security.maxViews <= share.views) {
+        throw new ForbiddenException(
+          "Maximum views exceeded",
+          "share_max_views_exceeded"
+        );
+      }
+
+      await this._shareService.increaseViewCount(share);
+      return true;
+    } else {
+      return super.canActivate(context);
+    }
+  }
+}
--- a/backend/src/file/pipe/fileValidation.pipe.ts
+++ b/backend/src/file/pipe/fileValidation.pipe.ts
@@ -1,17 +0,0 @@
-import {
-  ArgumentMetadata,
-  BadRequestException,
-  Injectable,
-  PipeTransform,
-} from "@nestjs/common";
-import { ConfigService } from "src/config/config.service";
-
-@Injectable()
-export class FileValidationPipe implements PipeTransform {
-  constructor(private config: ConfigService) {}
-  async transform(value: any, metadata: ArgumentMetadata) {
-    if (value.size > this.config.get("MAX_FILE_SIZE"))
-      throw new BadRequestException("File is ");
-    return value;
-  }
-}
--- a/backend/src/jobs/jobs.module.ts
+++ b/backend/src/jobs/jobs.module.ts
@@ -0,0 +1,10 @@
+import { Module } from "@nestjs/common";
+import { FileModule } from "src/file/file.module";
+import { ReverseShareModule } from "src/reverseShare/reverseShare.module";
+import { JobsService } from "./jobs.service";
+
+@Module({
+  imports: [FileModule, ReverseShareModule],
+  providers: [JobsService],
+})
+export class JobsModule {}
--- a/backend/src/jobs/jobs.service.ts
+++ b/backend/src/jobs/jobs.service.ts
@@ -1,14 +1,19 @@
-import { Injectable } from "@nestjs/common";
+import { Injectable, Logger } from "@nestjs/common";
 import { Cron } from "@nestjs/schedule";
 import * as fs from "fs";
 import * as moment from "moment";
 import { FileService } from "src/file/file.service";
 import { PrismaService } from "src/prisma/prisma.service";
+import { ReverseShareService } from "src/reverseShare/reverseShare.service";
+import { SHARE_DIRECTORY } from "../constants";

@Injectable()
 export class JobsService {
+  private readonly logger = new Logger(JobsService.name);
+
  constructor(
    private prisma: PrismaService,
+    private reverseShareService: ReverseShareService,
    private fileService: FileService
  ) {}

@@ -32,35 +37,83 @@ export class JobsService {
      await this.fileService.deleteAllFiles(expiredShare.id);
    }

-    if (expiredShares.length > 0)
-      console.log(`job: deleted ${expiredShares.length} expired shares`);
+    if (expiredShares.length > 0) {
+      this.logger.log(`Deleted ${expiredShares.length} expired shares`);
+    }
+  }
+
+  @Cron("0 * * * *")
+  async deleteExpiredReverseShares() {
+    const expiredReverseShares = await this.prisma.reverseShare.findMany({
+      where: {
+        shareExpiration: { lt: new Date() },
+      },
+    });
+
+    for (const expiredReverseShare of expiredReverseShares) {
+      await this.reverseShareService.remove(expiredReverseShare.id);
+    }
+
+    if (expiredReverseShares.length > 0) {
+      this.logger.log(
+        `Deleted ${expiredReverseShares.length} expired reverse shares`
+      );
+    }
  }

  @Cron("0 0 * * *")
  deleteTemporaryFiles() {
-    const files = fs.readdirSync("./data/uploads/_temp");
+    let filesDeleted = 0;

-    for (const file of files) {
-      const stats = fs.statSync(`./data/uploads/_temp/${file}`);
-      const isOlderThanOneDay = moment(stats.mtime)
-        .add(1, "day")
-        .isBefore(moment());
+    const shareDirectories = fs
+      .readdirSync(SHARE_DIRECTORY, { withFileTypes: true })
+      .filter((dirent) => dirent.isDirectory())
+      .map((dirent) => dirent.name);

-      if (isOlderThanOneDay) fs.rmSync(`./data/uploads/_temp/${file}`);
+    for (const shareDirectory of shareDirectories) {
+      const temporaryFiles = fs
+        .readdirSync(`${SHARE_DIRECTORY}/${shareDirectory}`)
+        .filter((file) => file.endsWith(".tmp-chunk"));
+
+      for (const file of temporaryFiles) {
+        const stats = fs.statSync(
+          `${SHARE_DIRECTORY}/${shareDirectory}/${file}`
+        );
+        const isOlderThanOneDay = moment(stats.mtime)
+          .add(1, "day")
+          .isBefore(moment());
+
+        if (isOlderThanOneDay) {
+          fs.rmSync(`${SHARE_DIRECTORY}/${shareDirectory}/${file}`);
+          filesDeleted++;
+        }
+      }
    }

-    console.log(`job: deleted ${files.length} temporary files`);
+    this.logger.log(`Deleted ${filesDeleted} temporary files`);
  }

  @Cron("0 * * * *")
-  async deleteExpiredRefreshTokens() {
-    const expiredRefreshTokens = await this.prisma.refreshToken.deleteMany({
+  async deleteExpiredTokens() {
+    const { count: refreshTokenCount } =
+      await this.prisma.refreshToken.deleteMany({
+        where: { expiresAt: { lt: new Date() } },
+      });
+
+    const { count: loginTokenCount } = await this.prisma.loginToken.deleteMany({
      where: { expiresAt: { lt: new Date() } },
    });

-    if (expiredRefreshTokens.count > 0)
-      console.log(
-        `job: deleted ${expiredRefreshTokens.count} expired refresh tokens`
-      );
+    const { count: resetPasswordTokenCount } =
+      await this.prisma.resetPasswordToken.deleteMany({
+        where: { expiresAt: { lt: new Date() } },
+      });
+
+    const deletedTokensCount =
+      refreshTokenCount + loginTokenCount + resetPasswordTokenCount;
+
+    if (deletedTokensCount > 0) {
+      this.logger.log(`Deleted ${deletedTokensCount} expired refresh tokens`);
+    }
  }
 }
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@@ -1,19 +1,38 @@
 import { ClassSerializerInterceptor, ValidationPipe } from "@nestjs/common";
 import { NestFactory, Reflector } from "@nestjs/core";
 import { NestExpressApplication } from "@nestjs/platform-express";
+import { DocumentBuilder, SwaggerModule } from "@nestjs/swagger";
+import * as bodyParser from "body-parser";
+import * as cookieParser from "cookie-parser";
 import * as fs from "fs";
 import { AppModule } from "./app.module";
+import { DATA_DIRECTORY } from "./constants";

 async function bootstrap() {
  const app = await NestFactory.create<NestExpressApplication>(AppModule);
  app.useGlobalPipes(new ValidationPipe({ whitelist: true }));
  app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)));

+  app.use(bodyParser.raw({ type: "application/octet-stream", limit: "20mb" }));
+  app.use(cookieParser());
  app.set("trust proxy", true);

-  await fs.promises.mkdir("./data/uploads/_temp", { recursive: true });
+  await fs.promises.mkdir(`${DATA_DIRECTORY}/uploads/_temp`, {
+    recursive: true,
+  });

  app.setGlobalPrefix("api");
-  await app.listen(8080);
+
+  // Setup Swagger in development mode
+  if (process.env.NODE_ENV == "development") {
+    const config = new DocumentBuilder()
+      .setTitle("Pingvin Share API")
+      .setVersion("1.0")
+      .build();
+    const document = SwaggerModule.createDocument(app, config);
+    SwaggerModule.setup("api/swagger", app, document);
+  }
+
+  await app.listen(parseInt(process.env.PORT) || 8080);
 }
 bootstrap();
--- a/backend/src/prisma/prisma.service.ts
+++ b/backend/src/prisma/prisma.service.ts
@@ -1,6 +1,6 @@
 import { Injectable } from "@nestjs/common";
-import { ConfigService } from "@nestjs/config";
 import { PrismaClient } from "@prisma/client";
+import { DATABASE_URL } from "../constants";

@Injectable()
 export class PrismaService extends PrismaClient {
@@ -8,7 +8,7 @@ export class PrismaService extends PrismaClient {
    super({
      datasources: {
        db: {
-          url: "file:../data/pingvin-share.db",
+          url: DATABASE_URL,
        },
      },
    });
--- a/backend/src/reverseShare/dto/createReverseShare.dto.ts
+++ b/backend/src/reverseShare/dto/createReverseShare.dto.ts
@@ -0,0 +1,16 @@
+import { IsBoolean, IsString, Max, Min } from "class-validator";
+
+export class CreateReverseShareDTO {
+  @IsBoolean()
+  sendEmailNotification: boolean;
+
+  @IsString()
+  maxShareSize: string;
+
+  @IsString()
+  shareExpiration: string;
+
+  @Min(1)
+  @Max(1000)
+  maxUseCount: number;
+}
--- a/backend/src/reverseShare/dto/reverseShare.dto.ts
+++ b/backend/src/reverseShare/dto/reverseShare.dto.ts
@@ -0,0 +1,18 @@
+import { Expose, plainToClass } from "class-transformer";
+
+export class ReverseShareDTO {
+  @Expose()
+  id: string;
+
+  @Expose()
+  maxShareSize: string;
+
+  @Expose()
+  shareExpiration: Date;
+
+  from(partial: Partial<ReverseShareDTO>) {
+    return plainToClass(ReverseShareDTO, partial, {
+      excludeExtraneousValues: true,
+    });
+  }
+}
--- a/backend/src/reverseShare/dto/reverseShareTokenWithShares.ts
+++ b/backend/src/reverseShare/dto/reverseShareTokenWithShares.ts
@@ -0,0 +1,29 @@
+import { OmitType } from "@nestjs/swagger";
+import { Expose, plainToClass, Type } from "class-transformer";
+import { MyShareDTO } from "src/share/dto/myShare.dto";
+import { ReverseShareDTO } from "./reverseShare.dto";
+
+export class ReverseShareTokenWithShares extends OmitType(ReverseShareDTO, [
+  "shareExpiration",
+] as const) {
+  @Expose()
+  shareExpiration: Date;
+
+  @Expose()
+  @Type(() => OmitType(MyShareDTO, ["recipients", "hasPassword"] as const))
+  shares: Omit<
+    MyShareDTO,
+    "recipients" | "files" | "from" | "fromList" | "hasPassword"
+  >[];
+
+  @Expose()
+  remainingUses: number;
+
+  fromList(partial: Partial<ReverseShareTokenWithShares>[]) {
+    return partial.map((part) =>
+      plainToClass(ReverseShareTokenWithShares, part, {
+        excludeExtraneousValues: true,
+      })
+    );
+  }
+}
--- a/backend/src/reverseShare/guards/reverseShareOwner.guard.ts
+++ b/backend/src/reverseShare/guards/reverseShareOwner.guard.ts
@@ -0,0 +1,22 @@
+import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+import { User } from "@prisma/client";
+import { Request } from "express";
+import { PrismaService } from "src/prisma/prisma.service";
+
+@Injectable()
+export class ReverseShareOwnerGuard implements CanActivate {
+  constructor(private prisma: PrismaService) {}
+
+  async canActivate(context: ExecutionContext) {
+    const request: Request = context.switchToHttp().getRequest();
+    const { reverseShareId } = request.params;
+
+    const reverseShare = await this.prisma.reverseShare.findUnique({
+      where: { id: reverseShareId },
+    });
+
+    if (!reverseShare) return false;
+
+    return reverseShare.creatorId == (request.user as User).id;
+  }
+}
--- a/backend/src/reverseShare/reverseShare.controller.ts
+++ b/backend/src/reverseShare/reverseShare.controller.ts
@@ -0,0 +1,64 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  NotFoundException,
+  Param,
+  Post,
+  UseGuards,
+} from "@nestjs/common";
+import { Throttle } from "@nestjs/throttler";
+import { User } from "@prisma/client";
+import { GetUser } from "src/auth/decorator/getUser.decorator";
+import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { ConfigService } from "src/config/config.service";
+import { CreateReverseShareDTO } from "./dto/createReverseShare.dto";
+import { ReverseShareDTO } from "./dto/reverseShare.dto";
+import { ReverseShareTokenWithShares } from "./dto/reverseShareTokenWithShares";
+import { ReverseShareOwnerGuard } from "./guards/reverseShareOwner.guard";
+import { ReverseShareService } from "./reverseShare.service";
+
+@Controller("reverseShares")
+export class ReverseShareController {
+  constructor(
+    private reverseShareService: ReverseShareService,
+    private config: ConfigService
+  ) {}
+
+  @Post()
+  @UseGuards(JwtGuard)
+  async create(@Body() body: CreateReverseShareDTO, @GetUser() user: User) {
+    const token = await this.reverseShareService.create(body, user.id);
+
+    const link = `${this.config.get("general.appUrl")}/upload/${token}`;
+
+    return { token, link };
+  }
+
+  @Throttle(20, 60)
+  @Get(":reverseShareToken")
+  async getByToken(@Param("reverseShareToken") reverseShareToken: string) {
+    const isValid = await this.reverseShareService.isValid(reverseShareToken);
+
+    if (!isValid) throw new NotFoundException("Reverse share token not found");
+
+    return new ReverseShareDTO().from(
+      await this.reverseShareService.getByToken(reverseShareToken)
+    );
+  }
+
+  @Get()
+  @UseGuards(JwtGuard)
+  async getAllByUser(@GetUser() user: User) {
+    return new ReverseShareTokenWithShares().fromList(
+      await this.reverseShareService.getAllByUser(user.id)
+    );
+  }
+
+  @Delete(":reverseShareId")
+  @UseGuards(JwtGuard, ReverseShareOwnerGuard)
+  async remove(@Param("reverseShareId") id: string) {
+    await this.reverseShareService.remove(id);
+  }
+}
--- a/backend/src/reverseShare/reverseShare.module.ts
+++ b/backend/src/reverseShare/reverseShare.module.ts
@@ -0,0 +1,12 @@
+import { forwardRef, Module } from "@nestjs/common";
+import { FileModule } from "src/file/file.module";
+import { ReverseShareController } from "./reverseShare.controller";
+import { ReverseShareService } from "./reverseShare.service";
+
+@Module({
+  imports: [forwardRef(() => FileModule)],
+  controllers: [ReverseShareController],
+  providers: [ReverseShareService],
+  exports: [ReverseShareService],
+})
+export class ReverseShareModule {}
--- a/backend/src/reverseShare/reverseShare.service.ts
+++ b/backend/src/reverseShare/reverseShare.service.ts
@@ -0,0 +1,97 @@
+import { BadRequestException, Injectable } from "@nestjs/common";
+import * as moment from "moment";
+import { ConfigService } from "src/config/config.service";
+import { FileService } from "src/file/file.service";
+import { PrismaService } from "src/prisma/prisma.service";
+import { CreateReverseShareDTO } from "./dto/createReverseShare.dto";
+
+@Injectable()
+export class ReverseShareService {
+  constructor(
+    private config: ConfigService,
+    private prisma: PrismaService,
+    private fileService: FileService
+  ) {}
+
+  async create(data: CreateReverseShareDTO, creatorId: string) {
+    // Parse date string to date
+    const expirationDate = moment()
+      .add(
+        data.shareExpiration.split("-")[0],
+        data.shareExpiration.split(
+          "-"
+        )[1] as moment.unitOfTime.DurationConstructor
+      )
+      .toDate();
+
+    const globalMaxShareSize = this.config.get("share.maxSize");
+
+    if (globalMaxShareSize < data.maxShareSize)
+      throw new BadRequestException(
+        `Max share size can't be greater than ${globalMaxShareSize} bytes.`
+      );
+
+    const reverseShare = await this.prisma.reverseShare.create({
+      data: {
+        shareExpiration: expirationDate,
+        remainingUses: data.maxUseCount,
+        maxShareSize: data.maxShareSize,
+        sendEmailNotification: data.sendEmailNotification,
+        creatorId,
+      },
+    });
+
+    return reverseShare.token;
+  }
+
+  async getByToken(reverseShareToken?: string) {
+    if (!reverseShareToken) return null;
+
+    const reverseShare = await this.prisma.reverseShare.findUnique({
+      where: { token: reverseShareToken },
+    });
+
+    return reverseShare;
+  }
+
+  async getAllByUser(userId: string) {
+    const reverseShares = await this.prisma.reverseShare.findMany({
+      where: {
+        creatorId: userId,
+        shareExpiration: { gt: new Date() },
+      },
+      orderBy: {
+        shareExpiration: "desc",
+      },
+      include: { shares: { include: { creator: true } } },
+    });
+
+    return reverseShares;
+  }
+
+  async isValid(reverseShareToken: string) {
+    const reverseShare = await this.prisma.reverseShare.findUnique({
+      where: { token: reverseShareToken },
+    });
+
+    if (!reverseShare) return false;
+
+    const isExpired = new Date() > reverseShare.shareExpiration;
+    const remainingUsesExceeded = reverseShare.remainingUses <= 0;
+
+    return !(isExpired || remainingUsesExceeded);
+  }
+
+  async remove(id: string) {
+    const shares = await this.prisma.share.findMany({
+      where: { reverseShare: { id } },
+    });
+
+    for (const share of shares) {
+      await this.prisma.share.delete({ where: { id: share.id } });
+      await this.fileService.deleteAllFiles(share.id);
+    }
+
+    await this.prisma.reverseShare.delete({ where: { id } });
+  }
+}
--- a/backend/src/share/dto/createShare.dto.ts
+++ b/backend/src/share/dto/createShare.dto.ts
@@ -1,9 +1,11 @@
 import { Type } from "class-transformer";
 import {
  IsEmail,
+  IsOptional,
  IsString,
  Length,
  Matches,
+  MaxLength,
  ValidateNested,
 } from "class-validator";
 import { ShareSecurityDTO } from "./shareSecurity.dto";
@@ -19,6 +21,10 @@ export class CreateShareDTO {
  @IsString()
  expiration: string;

+  @MaxLength(512)
+  @IsOptional()
+  description: string;
+
  @IsEmail({}, { each: true })
  recipients: string[];

--- a/backend/src/share/dto/myShare.dto.ts
+++ b/backend/src/share/dto/myShare.dto.ts
@@ -1,7 +1,13 @@
-import { Expose, plainToClass } from "class-transformer";
+import { Expose, plainToClass, Type } from "class-transformer";
 import { ShareDTO } from "./share.dto";
+import {FileDTO} from "../../file/dto/file.dto";
+import {OmitType} from "@nestjs/swagger";

-export class MyShareDTO extends ShareDTO {
+export class MyShareDTO extends OmitType(ShareDTO, [
+  "files",
+  "from",
+  "fromList",
+] as const) {
  @Expose()
  views: number;

@@ -11,6 +17,10 @@ export class MyShareDTO extends ShareDTO {
  @Expose()
  recipients: string[];

+  @Expose()
+  @Type(() => OmitType(FileDTO, ["share", "from"] as const))
+  files: Omit<FileDTO, "share" | "from">[];
+
  from(partial: Partial<MyShareDTO>) {
    return plainToClass(MyShareDTO, partial, { excludeExtraneousValues: true });
  }
@@ -20,4 +30,4 @@ export class MyShareDTO extends ShareDTO {
      plainToClass(MyShareDTO, part, { excludeExtraneousValues: true })
    );
  }
-}
+}
--- a/backend/src/share/dto/share.dto.ts
+++ b/backend/src/share/dto/share.dto.ts
@@ -17,6 +17,12 @@ export class ShareDTO {
  @Type(() => PublicUserDTO)
  creator: PublicUserDTO;

+  @Expose()
+  description: string;
+
+  @Expose()
+  hasPassword: boolean;
+
  from(partial: Partial<ShareDTO>) {
    return plainToClass(ShareDTO, partial, { excludeExtraneousValues: true });
  }
--- a/backend/src/share/dto/sharePassword.dto.ts
+++ b/backend/src/share/dto/sharePassword.dto.ts
@@ -1,6 +1,7 @@
-import { IsString } from "class-validator";
+import { IsOptional, IsString } from "class-validator";

 export class SharePasswordDto {
  @IsString()
+  @IsOptional()
  password: string;
 }
--- a/backend/src/share/guard/createShare.guard.ts
+++ b/backend/src/share/guard/createShare.guard.ts
@@ -0,0 +1,29 @@
+import { ExecutionContext, Injectable } from "@nestjs/common";
+import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { ConfigService } from "src/config/config.service";
+import { ReverseShareService } from "src/reverseShare/reverseShare.service";
+
+@Injectable()
+export class CreateShareGuard extends JwtGuard {
+  constructor(
+    configService: ConfigService,
+    private reverseShareService: ReverseShareService
+  ) {
+    super(configService);
+  }
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    if (await super.canActivate(context)) return true;
+
+    const reverseShareTokenId = context.switchToHttp().getRequest()
+      .cookies.reverse_share_token;
+
+    if (!reverseShareTokenId) return false;
+
+    const isReverseShareTokenValid = await this.reverseShareService.isValid(
+      reverseShareTokenId
+    );
+
+    return isReverseShareTokenValid;
+  }
+}
--- a/backend/src/share/guard/shareSecurity.guard.ts
+++ b/backend/src/share/guard/shareSecurity.guard.ts
@@ -5,7 +5,6 @@ import {
  Injectable,
  NotFoundException,
 } from "@nestjs/common";
-import { Reflector } from "@nestjs/core";
 import { Request } from "express";
 import * as moment from "moment";
 import { PrismaService } from "src/prisma/prisma.service";
@@ -14,14 +13,13 @@ import { ShareService } from "src/share/share.service";
@Injectable()
 export class ShareSecurityGuard implements CanActivate {
  constructor(
-    private reflector: Reflector,
    private shareService: ShareService,
    private prisma: PrismaService
  ) {}

  async canActivate(context: ExecutionContext) {
    const request: Request = context.switchToHttp().getRequest();
-    const shareToken = request.get("X-Share-Token");
+
    const shareId = Object.prototype.hasOwnProperty.call(
      request.params,
      "shareId"
@@ -29,6 +27,8 @@ export class ShareSecurityGuard implements CanActivate {
      ? request.params.shareId
      : request.params.id;

+    const shareToken = request.cookies[`share_${shareId}_token`];
+
    const share = await this.prisma.share.findUnique({
      where: { id: shareId },
      include: { security: true },
@@ -37,7 +37,7 @@ export class ShareSecurityGuard implements CanActivate {
    if (
      !share ||
      (moment().isAfter(share.expiration) &&
-        moment(share.expiration).unix() !== 0)
+        !moment(share.expiration).isSame(0))
    )
      throw new NotFoundException("Share not found");

--- a/backend/src/share/guard/shareTokenSecurity.guard.ts
+++ b/backend/src/share/guard/shareTokenSecurity.guard.ts
@@ -1,7 +1,6 @@
 import {
  CanActivate,
  ExecutionContext,
-  ForbiddenException,
  Injectable,
  NotFoundException,
 } from "@nestjs/common";
@@ -34,12 +33,6 @@ export class ShareTokenSecurity implements CanActivate {
    )
      throw new NotFoundException("Share not found");

-    if (share.security?.maxViews && share.security.maxViews <= share.views)
-      throw new ForbiddenException(
-        "Maximum views exceeded",
-        "share_max_views_exceeded"
-      );
-
    return true;
  }
 }
--- a/backend/src/share/share.controller.ts
+++ b/backend/src/share/share.controller.ts
@@ -6,10 +6,13 @@ import {
  HttpCode,
  Param,
  Post,
+  Req,
+  Res,
  UseGuards,
 } from "@nestjs/common";
 import { Throttle } from "@nestjs/throttler";
 import { User } from "@prisma/client";
+import { Request, Response } from "express";
 import { GetUser } from "src/auth/decorator/getUser.decorator";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
 import { CreateShareDTO } from "./dto/createShare.dto";
@@ -17,6 +20,7 @@ import { MyShareDTO } from "./dto/myShare.dto";
 import { ShareDTO } from "./dto/share.dto";
 import { ShareMetaDataDTO } from "./dto/shareMetaData.dto";
 import { SharePasswordDto } from "./dto/sharePassword.dto";
+import { CreateShareGuard } from "./guard/createShare.guard";
 import { ShareOwnerGuard } from "./guard/shareOwner.guard";
 import { ShareSecurityGuard } from "./guard/shareSecurity.guard";
 import { ShareTokenSecurity } from "./guard/shareTokenSecurity.guard";
@@ -46,9 +50,16 @@ export class ShareController {
  }

  @Post()
-  @UseGuards(JwtGuard)
-  async create(@Body() body: CreateShareDTO, @GetUser() user: User) {
-    return new ShareDTO().from(await this.shareService.create(body, user));
+  @UseGuards(CreateShareGuard)
+  async create(
+    @Body() body: CreateShareDTO,
+    @Req() request: Request,
+    @GetUser() user: User
+  ) {
+    const { reverse_share_token } = request.cookies;
+    return new ShareDTO().from(
+      await this.shareService.create(body, user, reverse_share_token)
+    );
  }

  @Delete(":id")
@@ -59,21 +70,35 @@ export class ShareController {

  @Post(":id/complete")
  @HttpCode(202)
-  @UseGuards(JwtGuard, ShareOwnerGuard)
-  async complete(@Param("id") id: string) {
-    return new ShareDTO().from(await this.shareService.complete(id));
+  @UseGuards(CreateShareGuard, ShareOwnerGuard)
+  async complete(@Param("id") id: string, @Req() request: Request) {
+    const { reverse_share_token } = request.cookies;
+    return new ShareDTO().from(
+      await this.shareService.complete(id, reverse_share_token)
+    );
  }

+  @Throttle(10, 60)
  @Get("isShareIdAvailable/:id")
  async isShareIdAvailable(@Param("id") id: string) {
    return this.shareService.isShareIdAvailable(id);
  }

  @HttpCode(200)
-  @Throttle(10, 5 * 60)
+  @Throttle(20, 5 * 60)
  @UseGuards(ShareTokenSecurity)
  @Post(":id/token")
-  async getShareToken(@Param("id") id: string, @Body() body: SharePasswordDto) {
-    return this.shareService.getShareToken(id, body.password);
+  async getShareToken(
+    @Param("id") id: string,
+    @Res({ passthrough: true }) response: Response,
+    @Body() body: SharePasswordDto
+  ) {
+    const token = await this.shareService.getShareToken(id, body.password);
+    response.cookie(`share_${id}_token`, token, {
+      path: "/",
+      httpOnly: true,
+    });
+
+    return { token };
  }
 }
--- a/backend/src/share/share.module.ts
+++ b/backend/src/share/share.module.ts
@@ -1,12 +1,20 @@
 import { forwardRef, Module } from "@nestjs/common";
 import { JwtModule } from "@nestjs/jwt";
+import { ClamScanModule } from "src/clamscan/clamscan.module";
 import { EmailModule } from "src/email/email.module";
 import { FileModule } from "src/file/file.module";
+import { ReverseShareModule } from "src/reverseShare/reverseShare.module";
 import { ShareController } from "./share.controller";
 import { ShareService } from "./share.service";

@Module({
-  imports: [JwtModule.register({}), EmailModule, forwardRef(() => FileModule)],
+  imports: [
+    JwtModule.register({}),
+    EmailModule,
+    ClamScanModule,
+    ReverseShareModule,
+    forwardRef(() => FileModule),
+  ],
  controllers: [ShareController],
  providers: [ShareService],
  exports: [ShareService],
--- a/backend/src/share/share.service.ts
+++ b/backend/src/share/share.service.ts
@@ -10,10 +10,13 @@ import * as archiver from "archiver";
 import * as argon from "argon2";
 import * as fs from "fs";
 import * as moment from "moment";
+import { ClamScanService } from "src/clamscan/clamscan.service";
 import { ConfigService } from "src/config/config.service";
 import { EmailService } from "src/email/email.service";
 import { FileService } from "src/file/file.service";
 import { PrismaService } from "src/prisma/prisma.service";
+import { ReverseShareService } from "src/reverseShare/reverseShare.service";
+import { SHARE_DIRECTORY } from "../constants";
 import { CreateShareDTO } from "./dto/createShare.dto";

@Injectable()
@@ -23,10 +26,12 @@ export class ShareService {
    private fileService: FileService,
    private emailService: EmailService,
    private config: ConfigService,
-    private jwtService: JwtService
+    private jwtService: JwtService,
+    private reverseShareService: ReverseShareService,
+    private clamScanService: ClamScanService
  ) {}

-  async create(share: CreateShareDTO, user?: User) {
+  async create(share: CreateShareDTO, user?: User, reverseShareToken?: string) {
    if (!(await this.isShareIdAvailable(share.id)).isAvailable)
      throw new BadRequestException("Share id already in use");

@@ -37,26 +42,35 @@ export class ShareService {
      share.security.password = await argon.hash(share.security.password);
    }

-    // We have to add an exception for "never" (since moment won't like that)
    let expirationDate: Date;
-    if (share.expiration !== "never") {
-      expirationDate = moment()
-        .add(
-          share.expiration.split("-")[0],
-          share.expiration.split(
-            "-"
-          )[1] as moment.unitOfTime.DurationConstructor
-        )
-        .toDate();

-      // Throw error if expiration date is now
-      if (expirationDate.setMilliseconds(0) == new Date().setMilliseconds(0))
-        throw new BadRequestException("Invalid expiration date");
+    // If share is created by a reverse share token override the expiration date
+    const reverseShare = await this.reverseShareService.getByToken(
+      reverseShareToken
+    );
+    if (reverseShare) {
+      expirationDate = reverseShare.shareExpiration;
    } else {
-      expirationDate = moment(0).toDate();
+      // We have to add an exception for "never" (since moment won't like that)
+      if (share.expiration !== "never") {
+        expirationDate = moment()
+          .add(
+            share.expiration.split("-")[0],
+            share.expiration.split(
+              "-"
+            )[1] as moment.unitOfTime.DurationConstructor
+          )
+          .toDate();
+      } else {
+        expirationDate = moment(0).toDate();
+      }
    }

-    return await this.prisma.share.create({
+    fs.mkdirSync(`${SHARE_DIRECTORY}/${share.id}`, {
+      recursive: true,
+    });
+
+    const shareTuple = await this.prisma.share.create({
      data: {
        ...share,
        expiration: expirationDate,
@@ -69,10 +83,24 @@ export class ShareService {
        },
      },
    });
+
+    if (reverseShare) {
+      // Assign share to reverse share token
+      await this.prisma.reverseShare.update({
+        where: { token: reverseShareToken },
+        data: {
+          shares: {
+            connect: { id: shareTuple.id },
+          },
+        },
+      });
+    }
+
+    return shareTuple;
  }

  async createZip(shareId: string) {
-    const path = `./data/uploads/shares/${shareId}`;
+    const path = `${SHARE_DIRECTORY}/${shareId}`;

    const files = await this.prisma.file.findMany({ where: { shareId } });
    const archive = archiver("zip", {
@@ -90,10 +118,15 @@ export class ShareService {
    await archive.finalize();
  }

-  async complete(id: string) {
+  async complete(id: string, reverseShareToken?: string) {
    const share = await this.prisma.share.findUnique({
      where: { id },
-      include: { files: true, recipients: true, creator: true },
+      include: {
+        files: true,
+        recipients: true,
+        creator: true,
+        reverseShare: { include: { creator: true } },
+      },
    });

    if (await this.isShareCompleted(id))
@@ -105,20 +138,44 @@ export class ShareService {
      );

    // Asynchronously create a zip of all files
-    this.createZip(id).then(() =>
-      this.prisma.share.update({ where: { id }, data: { isZipReady: true } })
-    );
+    if (share.files.length > 1)
+      this.createZip(id).then(() =>
+        this.prisma.share.update({ where: { id }, data: { isZipReady: true } })
+      );

-    // Send email for each recepient
-    for (const recepient of share.recipients) {
-      await this.emailService.sendMail(
-        recepient.email,
+    // Send email for each recipient
+    for (const recipient of share.recipients) {
+      await this.emailService.sendMailToShareRecipients(
+        recipient.email,
        share.id,
-        share.creator
+        share.creator,
+        share.description,
+        share.expiration
      );
    }

-    return await this.prisma.share.update({
+    if (
+      share.reverseShare &&
+      this.config.get("smtp.enabled") &&
+      share.reverseShare.sendEmailNotification
+    ) {
+      await this.emailService.sendMailToReverseShareCreator(
+        share.reverseShare.creator.email,
+        share.id
+      );
+    }
+
+    // Check if any file is malicious with ClamAV
+    void this.clamScanService.checkAndRemove(share.id);
+
+    if (share.reverseShare) {
+      await this.prisma.reverseShare.update({
+        where: { token: reverseShareToken },
+        data: { remainingUses: { decrement: 1 } },
+      });
+    }
+
+    return this.prisma.share.update({
      where: { id },
      data: { uploadLocked: true },
    });
@@ -138,32 +195,36 @@ export class ShareService {
      orderBy: {
        expiration: "desc",
      },
-      include: { recipients: true },
+      include: { recipients: true, files: true },
    });

-    const sharesWithEmailRecipients = shares.map((share) => {
+    return shares.map((share) => {
      return {
        ...share,
        recipients: share.recipients.map((recipients) => recipients.email),
      };
    });
-
-    return sharesWithEmailRecipients;
  }

-  async get(id: string) {
-    const share: any = await this.prisma.share.findUnique({
+  async get(id: string): Promise<any> {
+    const share = await this.prisma.share.findUnique({
      where: { id },
      include: {
        files: true,
        creator: true,
+        security: true,
      },
    });

+    if (share.removedReason)
+      throw new NotFoundException(share.removedReason, "share_removed");
+
    if (!share || !share.uploadLocked)
      throw new NotFoundException("Share not found");
-
-    return share;
+    return {
+      ...share,
+      hasPassword: !!share.security?.password,
+    };
  }

  async getMetaData(id: string) {
@@ -217,12 +278,20 @@ export class ShareService {
    if (
      share?.security?.password &&
      !(await argon.verify(share.security.password, password))
-    )
-      throw new ForbiddenException("Wrong password");
+    ) {
+      throw new ForbiddenException("Wrong password", "wrong_password");
+    }
+
+    if (share.security?.maxViews && share.security.maxViews <= share.views) {
+      throw new ForbiddenException(
+        "Maximum views exceeded",
+        "share_max_views_exceeded"
+      );
+    }

    const token = await this.generateShareToken(shareId);
    await this.increaseViewCount(share);
-    return { token };
+    return token;
  }

  async generateShareToken(shareId: string) {
@@ -235,7 +304,7 @@ export class ShareService {
      },
      {
        expiresIn: moment(expiration).diff(new Date(), "seconds") + "s",
-        secret: this.config.get("JWT_SECRET"),
+        secret: this.config.get("internal.jwtSecret"),
      }
    );
  }
@@ -247,7 +316,7 @@ export class ShareService {

    try {
      const claims = this.jwtService.verify(token, {
-        secret: this.config.get("JWT_SECRET"),
+        secret: this.config.get("internal.jwtSecret"),
        // Ignore expiration if expiration is 0
        ignoreExpiration: moment(expiration).isSame(0),
      });
--- a/backend/src/user/dto/createUser.dto.ts
+++ b/backend/src/user/dto/createUser.dto.ts
@@ -1,12 +1,15 @@
-import { Expose, plainToClass } from "class-transformer";
-import { Allow } from "class-validator";
+import { plainToClass } from "class-transformer";
+import { Allow, IsOptional, MinLength } from "class-validator";
 import { UserDTO } from "./user.dto";

 export class CreateUserDTO extends UserDTO {
-  @Expose()
  @Allow()
  isAdmin: boolean;

+  @MinLength(8)
+  @IsOptional()
+  password: string;
+
  from(partial: Partial<CreateUserDTO>) {
    return plainToClass(CreateUserDTO, partial, {
      excludeExtraneousValues: true,
--- a/backend/src/user/dto/publicUser.dto.ts
+++ b/backend/src/user/dto/publicUser.dto.ts
@@ -1,4 +1,4 @@
-import { PickType } from "@nestjs/mapped-types";
+import { PickType } from "@nestjs/swagger";
 import { UserDTO } from "./user.dto";

-export class PublicUserDTO extends PickType(UserDTO, ["email"] as const) {}
+export class PublicUserDTO extends PickType(UserDTO, ["username"] as const) {}
--- a/backend/src/user/dto/updateOwnUser.dto.ts
+++ b/backend/src/user/dto/updateOwnUser.dto.ts
@@ -1,4 +1,4 @@
-import { OmitType, PartialType } from "@nestjs/mapped-types";
+import { OmitType, PartialType } from "@nestjs/swagger";
 import { UserDTO } from "./user.dto";

 export class UpdateOwnUserDTO extends PartialType(
--- a/backend/src/user/dto/updateUser.dto.ts
+++ b/backend/src/user/dto/updateUser.dto.ts
@@ -1,4 +1,4 @@
-import { PartialType } from "@nestjs/mapped-types";
+import { PartialType } from "@nestjs/swagger";
 import { CreateUserDTO } from "./createUser.dto";

 export class UpdateUserDto extends PartialType(CreateUserDTO) {}
--- a/backend/src/user/dto/user.dto.ts
+++ b/backend/src/user/dto/user.dto.ts
@@ -22,6 +22,9 @@ export class UserDTO {
  @Expose()
  isAdmin: boolean;

+  @Expose()
+  totpVerified: boolean;
+
  from(partial: Partial<UserDTO>) {
    return plainToClass(UserDTO, partial, { excludeExtraneousValues: true });
  }
--- a/backend/src/user/user.controller.ts
+++ b/backend/src/user/user.controller.ts
@@ -6,9 +6,11 @@ import {
  Param,
  Patch,
  Post,
+  Res,
  UseGuards,
 } from "@nestjs/common";
 import { User } from "@prisma/client";
+import { Response } from "express";
 import { GetUser } from "src/auth/decorator/getUser.decorator";
 import { AdministratorGuard } from "src/auth/guard/isAdmin.guard";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
@@ -40,7 +42,16 @@ export class UserController {

  @Delete("me")
  @UseGuards(JwtGuard)
-  async deleteCurrentUser(@GetUser() user: User) {
+  async deleteCurrentUser(
+    @GetUser() user: User,
+    @Res({ passthrough: true }) response: Response
+  ) {
+    response.cookie("access_token", "accessToken", { maxAge: -1 });
+    response.cookie("refresh_token", "", {
+      path: "/api/auth/token",
+      httpOnly: true,
+      maxAge: -1,
+    });
    return new UserDTO().from(await this.userService.delete(user.id));
  }

--- a/backend/src/user/user.module.ts
+++ b/backend/src/user/user.module.ts
@@ -1,8 +1,10 @@
 import { Module } from "@nestjs/common";
+import { EmailModule } from "src/email/email.module";
 import { UserController } from "./user.controller";
 import { UserSevice } from "./user.service";

@Module({
+  imports: [EmailModule],
  providers: [UserSevice],
  controllers: [UserController],
 })
--- a/backend/src/user/user.service.ts
+++ b/backend/src/user/user.service.ts
@@ -1,14 +1,18 @@
 import { BadRequestException, Injectable } from "@nestjs/common";
-import { PrismaClientKnownRequestError } from "@prisma/client/runtime";
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import * as argon from "argon2";
+import * as crypto from "crypto";
+import { EmailService } from "src/email/email.service";
 import { PrismaService } from "src/prisma/prisma.service";
 import { CreateUserDTO } from "./dto/createUser.dto";
 import { UpdateUserDto } from "./dto/updateUser.dto";
-import { UserDTO } from "./dto/user.dto";

@Injectable()
 export class UserSevice {
-  constructor(private prisma: PrismaService) {}
+  constructor(
+    private prisma: PrismaService,
+    private emailService: EmailService
+  ) {}

  async list() {
    return await this.prisma.user.findMany();
@@ -19,7 +23,17 @@ export class UserSevice {
  }

  async create(dto: CreateUserDTO) {
-    const hash = await argon.hash(dto.password);
+    let hash: string;
+
+    // The password can be undefined if the user is invited by an admin
+    if (!dto.password) {
+      const randomPassword = crypto.randomUUID();
+      hash = await argon.hash(randomPassword);
+      await this.emailService.sendInviteEmail(dto.email, randomPassword);
+    } else {
+      hash = await argon.hash(dto.password);
+    }
+
    try {
      return await this.prisma.user.create({
        data: {
--- a/backend/test/system/newman-system-tests.json
+++ b/backend/test/system/newman-system-tests.json
@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "243b0832-3a6a-4389-bb71-4d988c0a86d9",
+		"_postman_id": "cd31bdf9-d558-42da-9231-154721476cd2",
 		"name": "Pingvin Share Testing",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
 		"_exporter_id": "17822132"
@@ -18,12 +18,12 @@
 								"exec": [
 									"if(pm.response.to.have.status(201)){",
 									"    const token = pm.response.json()[\"accessToken\"]",
-									"    pm.collectionVariables.set(\"USER_AUTH_TOKEN\", token)",
-									"",
 									"    // Get user id",
 									"    const jwtPayload = JSON.parse(atob(token.split('.')[1]));",
 									"    const userId = jwtPayload[\"sub\"]",
 									"    pm.collectionVariables.set(\"USER_ID\", userId)",
+									"",
+									"    pm.collectionVariables.set(\"COOKIES\", pm.response.headers.get(\"Set-Cookie\"))",
 									"}",
 									""
 								],
@@ -80,6 +80,7 @@
 											"    pm.expect(responseBody).to.have.property(\"accessToken\")",
 											"    pm.expect(responseBody).to.have.property(\"refreshToken\")",
 											"});",
+											"",
 											""
 										],
 										"type": "text/javascript"
@@ -97,7 +98,7 @@
 								],
 								"body": {
 									"mode": "raw",
-									"raw": "{\n    \"email\": \"system2@test.org\",\n   \"username\": \"system.test2\",\n     \"password\": \"N44HcHgeuAvfCT\"\n}",
+									"raw": "{\n    \"email\": \"system2@test.org\",\n   \"username\": \"system2.test\",\n     \"password\": \"N44HcHgeuAvfCT\"\n}",
 									"options": {
 										"raw": {
 											"language": "json"
@@ -431,7 +432,7 @@
 											"    const responseBody = pm.response.json();",
 											"    pm.expect(responseBody).to.have.property(\"id\")",
 											"    pm.expect(responseBody).to.have.property(\"expiration\")",
-											"    pm.expect(Object.keys(responseBody).length).be.equal(2)",
+											"    pm.expect(Object.keys(responseBody).length).be.equal(3)",
 											"});",
 											""
 										],
@@ -477,28 +478,34 @@
 											"pm.test(\"Response body correct\", () => {",
 											"    const responseBody = pm.response.json();",
 											"    pm.expect(responseBody).to.have.property(\"id\")",
-											"    pm.expect(Object.keys(responseBody).length).be.equal(1)",
+											"    pm.expect(responseBody.name).to.be.equal(\"test-file.txt\")",
+											"    pm.expect(Object.keys(responseBody).length).be.equal(2)",
 											"});"
 										],
 										"type": "text/javascript"
 									}
 								}
 							],
+							"protocolProfileBehavior": {
+								"disabledSystemHeaders": {
+									"content-type": true
+								}
+							},
 							"request": {
 								"method": "POST",
-								"header": [],
+								"header": [
+									{
+										"key": "Content-Type",
+										"value": "application/octet-stream",
+										"type": "text"
+									}
+								],
 								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										}
-									]
+									"mode": "raw",
+									"raw": "data:application/octet-stream;base64,VGhpcyBpcyBhIHRlc3QgZmlsZWQgdXNlZCBmb3IgdXBsb2FkaW5nIGluIHRoZSBzeXN0ZW0gdGVzdC4="
 								},
 								"url": {
-									"raw": "{{API_URL}}/shares/:shareId/files",
+									"raw": "{{API_URL}}/shares/:shareId/files?name=test-file.txt&chunkIndex=0&totalChunks=1",
 									"host": [
 										"{{API_URL}}"
 									],
@@ -507,6 +514,93 @@
 										":shareId",
 										"files"
 									],
+									"query": [
+										{
+											"key": "name",
+											"value": "test-file.txt"
+										},
+										{
+											"key": "chunkIndex",
+											"value": "0"
+										},
+										{
+											"key": "totalChunks",
+											"value": "1"
+										}
+									],
+									"variable": [
+										{
+											"key": "shareId",
+											"value": "test-share"
+										}
+									]
+								}
+							},
+							"response": []
+						},
+						{
+							"name": "Upload file 2",
+							"event": [
+								{
+									"listen": "test",
+									"script": {
+										"exec": [
+											"pm.test(\"Status code is 201\",  () => {",
+											"    pm.response.to.have.status(201);",
+											"});",
+											"",
+											"pm.test(\"Response body correct\", () => {",
+											"    const responseBody = pm.response.json();",
+											"    pm.expect(responseBody.name).to.be.equal(\"test-file2.txt\")",
+											"    pm.expect(Object.keys(responseBody).length).be.equal(2)",
+											"});"
+										],
+										"type": "text/javascript"
+									}
+								}
+							],
+							"protocolProfileBehavior": {
+								"disabledSystemHeaders": {
+									"content-type": true
+								}
+							},
+							"request": {
+								"method": "POST",
+								"header": [
+									{
+										"key": "Content-Type",
+										"value": "application/octet-stream",
+										"type": "text"
+									}
+								],
+								"body": {
+									"mode": "raw",
+									"raw": "data:application/octet-stream;base64,VGhpcyBpcyBhIHRlc3QgZmlsZWQgdXNlZCBmb3IgdXBsb2FkaW5nIGluIHRoZSBzeXN0ZW0gdGVzdC4="
+								},
+								"url": {
+									"raw": "{{API_URL}}/shares/:shareId/files?name=test-file2.txt&chunkIndex=0&totalChunks=1",
+									"host": [
+										"{{API_URL}}"
+									],
+									"path": [
+										"shares",
+										":shareId",
+										"files"
+									],
+									"query": [
+										{
+											"key": "name",
+											"value": "test-file2.txt"
+										},
+										{
+											"key": "chunkIndex",
+											"value": "0"
+										},
+										{
+											"key": "totalChunks",
+											"value": "1"
+										}
+									],
 									"variable": [
 										{
 											"key": "shareId",
@@ -532,7 +626,7 @@
 											"    const responseBody = pm.response.json();",
 											"    pm.expect(responseBody).to.have.property(\"id\")",
 											"    pm.expect(responseBody).to.have.property(\"expiration\")",
-											"    pm.expect(Object.keys(responseBody).length).be.equal(2)",
+											"    pm.expect(Object.keys(responseBody).length).be.equal(3)",
 											"});",
 											""
 										],
@@ -710,16 +804,6 @@
 							"request": {
 								"method": "POST",
 								"header": [],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										}
-									]
-								},
 								"url": {
 									"raw": "{{API_URL}}/shares/:shareId/files",
 									"host": [
@@ -759,16 +843,6 @@
 							"request": {
 								"method": "POST",
 								"header": [],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										}
-									]
-								},
 								"url": {
 									"raw": "{{API_URL}}/shares/:shareId/files",
 									"host": [
@@ -893,7 +967,8 @@
 											"    pm.expect(Object.keys(responseBody).length).be.equal(1)",
 											"});",
 											"",
-											"pm.collectionVariables.set(\"shareToken\", pm.response.json().token)"
+											"pm.collectionVariables.set(\"COOKIES\", `${pm.collectionVariables.get(\"COOKIES\")};${pm.response.headers.get(\"Set-Cookie\")}`)",
+											""
 										],
 										"type": "text/javascript"
 									}
@@ -942,13 +1017,11 @@
 											"    pm.response.to.have.status(200);",
 											"});",
 											"",
-											"pm.test(\"Response contains 1 file\", () => {",
+											"pm.test(\"Response contains 2 files\", () => {",
 											"    const responseBody = pm.response.json();",
-											"    pm.expect(responseBody.files.length).be.equal(1)",
+											"    pm.expect(responseBody.files.length).be.equal(2)",
 											"});",
 											"",
-											"",
-											"",
 											"pm.collectionVariables.set(\"fileId\", pm.response.json().files[0].id)"
 										],
 										"type": "text/javascript"
@@ -957,13 +1030,7 @@
 							],
 							"request": {
 								"method": "GET",
-								"header": [
-									{
-										"key": "X-Share-Token",
-										"value": "{{shareToken}}",
-										"type": "text"
-									}
-								],
+								"header": [],
 								"url": {
 									"raw": "{{API_URL}}/shares/:shareId",
 									"host": [
@@ -983,88 +1050,6 @@
 							},
 							"response": []
 						},
-						{
-							"name": "Get file download url",
-							"event": [
-								{
-									"listen": "test",
-									"script": {
-										"exec": [
-											"let URL = require('url');",
-											"",
-											"pm.test(\"Status code is 200\",  () => {",
-											"    pm.response.to.have.status(200);",
-											"});",
-											"",
-											"",
-											"pm.test(\"Response body correct\", () => {",
-											"    const responseBody = pm.response.json();",
-											"    pm.expect(responseBody).to.have.property(\"url\")",
-											"    pm.expect(Object.keys(responseBody).length).be.equal(1)",
-											"});",
-											"",
-											"",
-											"const path = URL.parse(pm.response.json().url).path.replace(\"/api/\", \"\")",
-											"",
-											"pm.collectionVariables.set(\"fileDownloadPath\",path )"
-										],
-										"type": "text/javascript"
-									}
-								}
-							],
-							"protocolProfileBehavior": {
-								"disableBodyPruning": true
-							},
-							"request": {
-								"method": "GET",
-								"header": [
-									{
-										"key": "X-Share-Token",
-										"value": "{{shareToken}}",
-										"type": "text"
-									}
-								],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										},
-										{
-											"key": "shareId",
-											"value": "868c6a44-fb8c-4768-ad0d-ef22feebc8ea",
-											"type": "text"
-										}
-									]
-								},
-								"url": {
-									"raw": "{{API_URL}}/shares/:shareId/files/:fileId/download",
-									"host": [
-										"{{API_URL}}"
-									],
-									"path": [
-										"shares",
-										":shareId",
-										"files",
-										":fileId",
-										"download"
-									],
-									"variable": [
-										{
-											"key": "shareId",
-											"value": "test-share"
-										},
-										{
-											"key": "fileId",
-											"value": "{{fileId}}"
-										}
-									]
-								}
-							},
-							"response": []
-						},
 						{
 							"name": "Get File",
 							"event": [
@@ -1080,97 +1065,11 @@
 									}
 								}
 							],
-							"protocolProfileBehavior": {
-								"disableBodyPruning": true
-							},
 							"request": {
 								"method": "GET",
 								"header": [],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										},
-										{
-											"key": "shareId",
-											"value": "868c6a44-fb8c-4768-ad0d-ef22feebc8ea",
-											"type": "text"
-										}
-									]
-								},
 								"url": {
-									"raw": "{{API_URL}}/{{fileDownloadPath}}",
-									"host": [
-										"{{API_URL}}"
-									],
-									"path": [
-										"{{fileDownloadPath}}"
-									]
-								}
-							},
-							"response": []
-						},
-						{
-							"name": "Get zip download url",
-							"event": [
-								{
-									"listen": "test",
-									"script": {
-										"exec": [
-											"let URL = require('url');",
-											"",
-											"pm.test(\"Status code is 200\",  () => {",
-											"    pm.response.to.have.status(200);",
-											"});",
-											"",
-											"",
-											"pm.test(\"Response body correct\", () => {",
-											"    const responseBody = pm.response.json();",
-											"    pm.expect(responseBody).to.have.property(\"url\")",
-											"    pm.expect(Object.keys(responseBody).length).be.equal(1)",
-											"});",
-											"",
-											"",
-											"const path = URL.parse(pm.response.json().url).path.replace(\"/api/\", \"\")",
-											"",
-											"pm.collectionVariables.set(\"zipDownloadPath\",path )"
-										],
-										"type": "text/javascript"
-									}
-								}
-							],
-							"protocolProfileBehavior": {
-								"disableBodyPruning": true
-							},
-							"request": {
-								"method": "GET",
-								"header": [
-									{
-										"key": "X-Share-Token",
-										"value": "{{shareToken}}",
-										"type": "text"
-									}
-								],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										},
-										{
-											"key": "shareId",
-											"value": "868c6a44-fb8c-4768-ad0d-ef22feebc8ea",
-											"type": "text"
-										}
-									]
-								},
-								"url": {
-									"raw": "{{API_URL}}/shares/:shareId/files/zip/download",
+									"raw": "{{API_URL}}/shares/:shareId/files/{{fileId}}",
 									"host": [
 										"{{API_URL}}"
 									],
@@ -1178,8 +1077,7 @@
 										"shares",
 										":shareId",
 										"files",
-										"zip",
-										"download"
+										"{{fileId}}"
 									],
 									"variable": [
 										{
@@ -1212,64 +1110,16 @@
 							"request": {
 								"method": "GET",
 								"header": [],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										},
-										{
-											"key": "shareId",
-											"value": "868c6a44-fb8c-4768-ad0d-ef22feebc8ea",
-											"type": "text"
-										}
-									]
-								},
 								"url": {
-									"raw": "{{API_URL}}/{{zipDownloadPath}}",
-									"host": [
-										"{{API_URL}}"
-									],
-									"path": [
-										"{{zipDownloadPath}}"
-									]
-								}
-							},
-							"response": []
-						}
-					]
-				},
-				{
-					"name": "Negative",
-					"item": [
-						{
-							"name": "Get share - No token",
-							"event": [
-								{
-									"listen": "test",
-									"script": {
-										"exec": [
-											"pm.test(\"Status code is 403\",  () => {",
-											"    pm.response.to.have.status(403);",
-											"});"
-										],
-										"type": "text/javascript"
-									}
-								}
-							],
-							"request": {
-								"method": "GET",
-								"header": [],
-								"url": {
-									"raw": "{{API_URL}}/shares/:shareId",
+									"raw": "{{API_URL}}/shares/:shareId/files/zip",
 									"host": [
 										"{{API_URL}}"
 									],
 									"path": [
 										"shares",
-										":shareId"
+										":shareId",
+										"files",
+										"zip"
 									],
 									"variable": [
 										{
@@ -1280,7 +1130,12 @@
 								}
 							},
 							"response": []
-						},
+						}
+					]
+				},
+				{
+					"name": "Negative",
+					"item": [
 						{
 							"name": "Get share token - Wrong password",
 							"event": [
@@ -1374,151 +1229,19 @@
 								}
 							},
 							"response": []
-						},
-						{
-							"name": "Get file download url - No token",
-							"event": [
-								{
-									"listen": "test",
-									"script": {
-										"exec": [
-											"pm.test(\"Status code is 403\",  () => {",
-											"    pm.response.to.have.status(403);",
-											"});",
-											""
-										],
-										"type": "text/javascript"
-									}
-								}
-							],
-							"protocolProfileBehavior": {
-								"disableBodyPruning": true
-							},
-							"request": {
-								"method": "GET",
-								"header": [],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										},
-										{
-											"key": "shareId",
-											"value": "868c6a44-fb8c-4768-ad0d-ef22feebc8ea",
-											"type": "text"
-										}
-									]
-								},
-								"url": {
-									"raw": "{{API_URL}}/shares/:shareId/files/:fileId/download",
-									"host": [
-										"{{API_URL}}"
-									],
-									"path": [
-										"shares",
-										":shareId",
-										"files",
-										":fileId",
-										"download"
-									],
-									"variable": [
-										{
-											"key": "shareId",
-											"value": "test-share"
-										},
-										{
-											"key": "fileId",
-											"value": "{{fileId}}"
-										}
-									]
-								}
-							},
-							"response": []
-						},
-						{
-							"name": "Get zip download url - No token",
-							"event": [
-								{
-									"listen": "test",
-									"script": {
-										"exec": [
-											"pm.test(\"Status code is 403\",  () => {",
-											"    pm.response.to.have.status(403);",
-											"});",
-											""
-										],
-										"type": "text/javascript"
-									}
-								}
-							],
-							"protocolProfileBehavior": {
-								"disableBodyPruning": true
-							},
-							"request": {
-								"method": "GET",
-								"header": [],
-								"body": {
-									"mode": "formdata",
-									"formdata": [
-										{
-											"key": "file",
-											"type": "file",
-											"src": "./test/system/test-file.txt"
-										},
-										{
-											"key": "shareId",
-											"value": "868c6a44-fb8c-4768-ad0d-ef22feebc8ea",
-											"type": "text"
-										}
-									]
-								},
-								"url": {
-									"raw": "{{API_URL}}/shares/:shareId/files/zip/download",
-									"host": [
-										"{{API_URL}}"
-									],
-									"path": [
-										"shares",
-										":shareId",
-										"files",
-										"zip",
-										"download"
-									],
-									"variable": [
-										{
-											"key": "shareId",
-											"value": "test-share"
-										}
-									]
-								}
-							},
-							"response": []
 						}
 					]
 				}
 			]
 		}
 	],
-	"auth": {
-		"type": "bearer",
-		"bearer": [
-			{
-				"key": "token",
-				"value": "{{USER_AUTH_TOKEN}}",
-				"type": "string"
-			}
-		]
-	},
 	"event": [
 		{
 			"listen": "prerequest",
 			"script": {
 				"type": "text/javascript",
 				"exec": [
-					""
+					"pm.request.addHeader(\"Cookie\", pm.collectionVariables.get(\"COOKIES\"))"
 				]
 			}
 		},
--- a/backend/test/system/test-file.txt
+++ b/backend/test/system/test-file.txt
@@ -1 +0,0 @@
-This is a test filed used for uploading in the system test.
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -0,0 +1,7 @@
+version: '3.8'
+services:
+  clamav:
+    restart: unless-stopped
+    ports:
+      - 3310:3310
+    image: clamav/clamav
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,4 +6,14 @@ services:
    ports:
      - 3000:3000
    volumes:
-      - "${PWD}/data:/opt/app/backend/data"
+      - "./data:/opt/app/backend/data"
+      - "./data/images:/opt/app/frontend/public/img"
+# Optional: If you add ClamAV, uncomment the following to have ClamAV start first.
+#    depends_on:
+#      clamav:
+#        condition: service_healthy
+# Optional: Add ClamAV (see README.md)  
+# ClamAV is currently only available for AMD64 see https://github.com/Cisco-Talos/clamav/issues/482
+#  clamav:
+#    restart: unless-stopped
+#    image: clamav/clamav
--- a/docs/CONTRIBUTING.es.md
+++ b/docs/CONTRIBUTING.es.md
@@ -0,0 +1,95 @@
+_Leer esto en otro idioma: [Inglés](/CONTRIBUTING.md), [Español](/docs/CONTRIBUTING.es.md), [Chino Simplificado](/docs/CONTRIBUTING.zh-cn.md)_
+
+---
+
+# Contribuyendo
+
+¡Nos ❤️ encantaría que contribuyas a Pingvin Share y nos ayudes a hacerlo mejor! Todas las contribuciones son bienvenidas, incluyendo problemas, sugerencias, _pull requests_ y más.
+
+## Para comenzar
+
+Si encontraste un error, tienes una sugerencia o algo más, simplemente crea un problema (issue) en GitHub y nos pondremos en contacto contigo 😊.
+
+## Para hacer una Pull Request
+
+Antes de enviar la pull request para su revisión, asegúrate de que:
+
+- El nombre de la pull request sigue las [especificaciones de Commits Convencionales](https://www.conventionalcommits.org/):
+
+  `<tipo>[ámbito opcional]: <descripción>`
+
+  ejemplo:
+
+  ```
+  feat(share): agregar protección con contraseña
+  ```
+
+  Donde `tipo` puede ser:
+
+  - **feat** - es una nueva función
+  - **doc** - cambios solo en la documentación
+  - **fix** - una corrección de error
+  - **refactor** - cambios en el código que no solucionan un error ni agregan una función
+
+- Tu pull requests tiene una descripción detallada.
+
+- Ejecutaste `npm run format` para formatear el código.
+
+<details>
+  <summary>¿No sabes como crear una pull request? Aprende cómo crear una pull request</summary>
+
+1. Crea un fork del repositorio haciendo clic en el botón `Fork` en el repositorio de Pingvin Share.
+
+2. Clona tu fork en tu máquina con `git clone`.
+
+```
+$ git clone https://github.com/[your_username]/pingvin-share
+```
+
+3. Trabajar - hacer commit - repetir
+
+4. Haz un `push` de tus cambios a GitHub.
+
+```
+$ git push origin [nombre_de_tu_nueva_rama]
+```
+
+5. Envía tus cambios para su revisión. Si vas a tu repositorio en GitHub, verás un botón `Comparar y crear pull requests`. Haz clic en ese botón.
+6. Inicia una Pull Request
+7. Ahora envía la pull requests y haz clic en `Crear pull requests`
+8. Espera a que alguien revise tu solicitud y apruebe o rechace tus cambios. Puedes ver los comentarios en la página de la solicitud en GitHub.
+
+</details>
+
+## Instalación del proyecto
+
+Pingvin Share consiste de un frontend y un backend.
+
+### Backend
+
+El backend está hecho con [Nest.js](https://nestjs.com) y usa Typescript.
+
+#### Instalación
+
+1. Abrimos la carpeta `backend`
+2. Instalamos las dependencias con `npm install`
+3. Haz un `push` del esquema de la base de datos a la base de datos ejecutando `npx prisma db push`
+4. Rellena la base de datos ejecutando `npx prisma db seed`
+5. Inicia el backend con `npm run dev`
+
+### Frontend
+
+El frontend está hecho con [Next.js](https://nextjs.org) y usa Typescript.
+
+#### Instalación
+
+1. Primero inicia el backend
+2. Abre la carpeta `frontend`
+3. Instala las dependencias con `npm install`
+4. Inicia el frontend con `npm run dev`
+
+¡Ya está todo listo!
+
+### Testing
+
+Por el momento, solo tenemos pruebas para el backend. Para ejecutar estas pruebas, debes ejecutar el comando `npm run test:system` en la carpeta del backend.
--- a/docs/CONTRIBUTING.zh-cn.md
+++ b/docs/CONTRIBUTING.zh-cn.md
@@ -0,0 +1,97 @@
+_选择合适的语言阅读: [西班牙语](/docs/CONTRIBUTING.es.md), [英语](/CONTRIBUTING.md), [简体中文](/docs/CONTRIBUTING.zh-cn.md)_
+
+---
+
+# 提交贡献
+
+我们非常感谢你 ❤️ 为 Pingvin Share 提交贡献使其变得更棒! 欢迎任何形式的贡献，包括 issues, 建议, PRs 和其他形式
+
+## 小小的开始
+
+你找到了一个 bug，有新特性建议或者其他提议，请在 GitHub 建立一个 issue 以便我和你联络 😊
+
+## 提交一个 Pull Request
+
+在你提交 PR 前请确保
+
+- PR 的名字遵守 [Conventional Commits specification](https://www.conventionalcommits.org):
+
+  `<type>[optional scope]: <description>`
+
+  例如:
+
+  ```
+  feat(share): add password protection
+  ```
+
+  `TYPE` 可以是:
+
+  - **feat** - 这是一个新特性 feature
+  - **doc** - 仅仅改变了文档部分 documentation
+  - **fix** - 修复了一个 bug
+  - **refactor** - 更新了代码，但是并非出于增加新特性 feature 或修复 bug 的目的
+
+- 请在 PR 中附详细的解释说明
+- 使用 `npm run format` 格式化你的代码
+
+<details>
+  <summary>不知道怎么发起一个 PR？ 点开了解怎么发起一个 PR </summary>
+
+1. 点击 Pingvin Share 仓库的 `Fork` 按钮，复制一份你的仓库
+
+2. 通过 `git clone` 将你的仓库克隆到本地
+
+```
+$ git clone https://github.com/[你的用户名]/pingvin-share
+```
+
+3. 进行你的修改 - 提交 commit 你的修改 - 重复直到完成
+
+4. 将你的修改提交到 GitHub
+
+```
+$ git push origin [你的新分支的名字]
+```
+
+5. 提交你的代码以便代码审查
+
+   如果你进入你 fork 的 Github 仓库，你会看到一个 `Compare & pull request` 按钮，点击该按钮
+
+6. 发起一个 PR
+7. 点击 `Create pull request` 来提交你的 PR
+8. 等待代码审查，通过或以某些原因拒绝
+
+</details>
+
+## 配置开发项目
+
+Pingvin Share 包括前端和后端部分
+
+### 后端
+
+后端使用 [Nest.js](https://nestjs.com) 建立，使用 Typescript
+
+#### 搭建
+
+1. 打开 `backend` 文件夹
+2. 使用 `npm install` 安装依赖
+3. 通过 `npx prisma db push` 配置数据库结构
+4. 通过 `npx prisma db seed` 初始化数据库数据
+5. 通过 `npm run dev` 启动后端
+
+### 前端
+
+后端使用 [Next.js](https://nextjs.org) 建立，使用 Typescript
+
+#### 搭建
+
+1. 首先启动后端
+2. 打开 `frontend` 文件夹
+3. 通过 `npm install` 安装依赖
+4. 通过 `npm run dev` 启动前端
+
+开发项目配置完成
+
+### 测试
+
+目前阶段我们只有后端的系统测试，在 `backend` 文件夹运行 `npm run test:system` 来执行系统测试
--- a/docs/README.es.md
+++ b/docs/README.es.md
@@ -0,0 +1,128 @@
+# <div align="center"><img  src="https://user-images.githubusercontent.com/58886915/166198400-c2134044-1198-4647-a8b6-da9c4a204c68.svg" width="40"/> </br>Pingvin Share</div>
+
+---
+
+_Leer esto en otro idioma: [Inglés](/README.md), [Español](/docs/README.es.md), [Chino Simplificado](/docs/README.zh-cn.md)_
+
+---
+
+Pingvin Share es una plataforma de intercambio de archivos autoalojada y una alternativa a WeTransfer.
+
+## ✨ Características
+
+- Compartir archivos utilizando un enlace
+- Tamaño de archivo ilimitado (unicamente restringido por el espacio en disco)
+- Establecer una fecha de caducidad para los recursos compartidos
+- Uso compartido seguro con límites de visitantes y contraseñas
+- Destinatarios de correo electrónico
+- Integración con ClamAV para escaneos de seguridad
+
+## 🐧 Conoce Pingvin Share
+
+- [Demo](https://pingvin-share.dev.eliasschneider.com)
+- [Reseña por DB Tech](https://www.youtube.com/watch?v=rWwNeZCOPJA)
+
+<img src="https://user-images.githubusercontent.com/58886915/225038319-b2ef742c-3a74-4eb6-9689-4207a36842a4.png" width="700"/>
+
+## ⌨️ Instalación
+
+> Nota: Pingvin Share está en sus primeras etapas y puede contener errores.
+
+### Instalación con Docker (recomendada)
+
+1. Descarge el archivo `docker-compose.yml`
+2. Ejecute `docker-compose up -d`
+
+El sitio web ahora está esperando conexiones en `http://localhost:3000`, ¡diviértase usando Pingvin Share 🐧!
+
+### Instalación autónoma
+
+Herramientas requeridas:
+
+- [Node.js](https://nodejs.org/en/download/) >= 16
+- [Git](https://git-scm.com/downloads)
+- [pm2](https://pm2.keymetrics.io/) para ejecutar Pingvin Share en segundo plano
+
+```bash
+git clone https://github.com/stonith404/pingvin-share
+cd pingvin-share
+
+# Consultar la última versión
+git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
+
+# Iniciar el backend
+cd backend
+npm install
+npm run build
+pm2 start --name="pingvin-share-backend" npm -- run prod
+
+# Iniciar el frontend
+cd ../frontend
+npm install
+npm run build
+pm2 start --name="pingvin-share-frontend" npm -- run start
+```
+
+El sitio web ahora está esperando conexiones en `http://localhost:3000`, ¡diviértase usando Pingvin Share 🐧!
+
+### Integraciones
+
+#### ClamAV (Unicamente con Docker)
+
+ClamAV se utiliza para escanear los recursos compartidos en busca de archivos maliciosos y eliminarlos si los encuentra.
+
+1. Añade el contenedor ClamAV al stack de Docker Compose (ver `docker-compose.yml`) e inicie el contenedor.
+2. Docker esperará a que ClamAV se inicie antes de iniciar Pingvin Share. Esto puede tardar uno o dos minutos.
+3. Los registros de Pingvin Share ahora deberían decir "ClamAV está activo".
+
+Por favor, ten en cuenta que ClamAV necesita muchos [recursos](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).
+
+### Recursos adicionales
+
+- [Instalación en Synology NAS (Inglés)](https://mariushosting.com/how-to-install-pingvin-share-on-your-synology-nas/)
+
+### Actualizar a una nueva versión
+
+Dado que Pingvin Share se encuentra en una fase inicial, consulte las notas de la versión para conocer los cambios de última hora antes de actualizar.
+
+#### Docker
+
+```bash
+docker compose pull
+docker compose up -d
+```
+
+#### Instalación autónoma
+
+1. Deten la aplicación en ejecución
+
+   ```bash
+   pm2 stop pingvin-share-backend pingvin-share-frontend
+   ```
+
+2. Repite los pasos de la [guía de instalación](#instalación-autonoma) excepto el paso de `git clone`.
+
+   ```bash
+   cd pingvin-share
+
+   # Consultar la última versión
+   git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
+
+   # Iniciar el backend
+   cd backend
+   npm run build
+   pm2 restart pingvin-share-backend
+
+   # Iniciar frontend
+   cd ../frontend
+   npm run build
+   pm2 restart pingvin-share-frontend
+   ```
+
+### Marca personalizada
+
+Puedes cambiar el nombre y el logotipo de la aplicación visitando la página de configuración de administrador.
+
+## 🖤 Contribuye
+
+¡Eres bienvenido a contribuir a Pingvin Share! Sige la [guía de contribución](/CONTRIBUTING.md) para empezar.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Elias Schneider	adf0f8d57e	release: 0.16.0	2023-07-09 17:15:26 +02:00
Elias Schneider	447c86f1c9	chore: remove backend Dockerfile	2023-06-28 15:45:54 +02:00
pierrbt	1466240461	feat: Adding more informations on My Shares page (table and modal) (#174 ) * Adding an information button to the shares and corrected MyShare interface * Adding other informations and disk usage * Adding description, disk usage * Add case if the expiration is never * Adding file size and better UI * UI changes to Information Modal * Adding description to the My Shares page * Ran format * Remove string type Co-authored-by: Elias Schneider <login@eliasschneider.com> * Remove string type check Co-authored-by: Elias Schneider <login@eliasschneider.com> * Remove string type conversion Co-authored-by: Elias Schneider <login@eliasschneider.com> * Variable name changes Co-authored-by: Elias Schneider <login@eliasschneider.com> * Remove color Co-authored-by: Elias Schneider <login@eliasschneider.com> * Requested changes made * Ran format * Adding MediaQuery --------- Co-authored-by: Elias Schneider <login@eliasschneider.com>	2023-06-26 08:22:15 +02:00
pierrbt	348852cfa4	feat: Adding the possibility of copying the link by clicking text and icons (#171 )	2023-06-23 20:07:49 +02:00
Elias Schneider	932496a121	release: 0.15.0	2023-05-09 09:18:31 +02:00
Elias Schneider	0c7b2a8e70	docs: add environment variables to the README	2023-05-09 09:18:02 +02:00
Elias Schneider	1df5c7123e	feat: allow to configure clamav with environment variables	2023-05-09 08:45:56 +02:00
Elias Schneider	2dc0fc9332	refactor: improve logging	2023-05-09 08:45:30 +02:00
Elias Schneider	98c0de78e8	feat: add env variables for port, database url and data dir	2023-05-05 11:37:02 +02:00
Elias Schneider	5132d177b8	feat: add healthcheck endpoint	2023-04-27 22:31:06 +02:00
Elias Schneider	e5071cba12	feat: configure ports, db url and api url with env variables	2023-04-25 23:39:57 +02:00
Elias Schneider	b33c1d7f4b	release: 0.14.1	2023-04-07 23:13:54 +02:00
Elias Schneider	39a74510c1	fix: boolean config variables can't be set to false	2023-04-07 23:13:44 +02:00
Elias Schneider	b7db9b9b40	refactor: simplify create share function	2023-04-04 22:47:32 +02:00
Elias Schneider	2ca0092b71	docs: fix translation path	2023-04-02 18:55:41 +02:00
Elias Schneider	b4bf43910e	docs: move translated docs in `docs` folder	2023-04-02 18:53:54 +02:00
AC6	90aa919694	docs: add Simplified Chinese version of README and CONTRIBUTING (#139 ) * add simplified Chinese translation for README.md * add simplified Chinese translation for CONTRIBUTING.md	2023-04-02 18:49:03 +02:00
Elias Schneider	f2e4019190	release: 0.14.0	2023-04-01 20:19:27 +02:00
Rooyca	ffd4e43f11	docs: add Spanish version of README and CONTRIBUTING (#138 ) * doc: add Spanish version of README and CONTRIBUTING * docs: change h3 tag from language switch to normal size	2023-04-01 20:15:47 +02:00
Elias Schneider	0e5c673270	fix: bool config variable can't be changed	2023-03-24 21:37:39 +01:00
iUnstable0	beece56327	feat(share, config): more variables, placeholder and reset default (#132 ) * More email share vars + unfinished placeolders config {desc} {expires} vars (unfinished) config placeholder vals * done * migrate * edit seed * removed comments * refactor: replace dependecy `luxon` with `moment` * update shareRecipientsMessage message * chore: remove `luxon` * fix: grammatically incorrect `shareRecipientsMessage` message * changed to defaultValue and value instead * fix: don't expose defaultValue to non admin user * fix: update default value if default value changes * refactor: set config value to null instead of a empty string * refactor: merge two migrations into one * fix value check empty --------- Co-authored-by: Elias Schneider <login@eliasschneider.com>	2023-03-23 08:31:21 +01:00
iUnstable0	a0d1d98e24	docs: improve stand-alone upgrade guide (#128 ) * Update README.md * docs: improve stand-alone upgrade guide * Update README.md	2023-03-16 09:21:53 +01:00
Elias Schneider	ca73ccf629	release: 0.13.1	2023-03-14 20:26:04 +01:00
Elias Schneider	9f2097e788	fix: empty file can't be uploaded in chrome	2023-03-14 20:24:21 +01:00
Elias Schneider	2158df4228	release: 0.13.0	2023-03-14 16:09:20 +01:00
Elias Schneider	37e765ddc7	fix: show line breaks in txt preview	2023-03-14 16:08:57 +01:00
Elias Schneider	a91c531642	docs: update main screenshot	2023-03-14 15:47:42 +01:00
Elias Schneider	5a7f7ca2f6	chore: dump node js version	2023-03-14 15:36:35 +01:00
Elias Schneider	813ee4de2c	refactor: rename deprecated Prisma imports	2023-03-14 15:11:24 +01:00
Elias Schneider	b25c30d1ed	feat: sort shared files	2023-03-14 14:50:18 +01:00
Elias Schneider	c807d208d8	feat: add preview modal	2023-03-14 12:09:21 +01:00
Elias Schneider	f82099f36e	fix: upload file if it is 0 bytes	2023-03-13 08:57:56 +01:00
Elias Schneider	6345e21db9	refactor: globalize modal title style	2023-03-13 08:50:54 +01:00
Elias Schneider	f55aa80516	fix: replace "pingvin share" with dynamic app name	2023-03-12 20:13:55 +01:00
Elias Schneider	0ce8b528e1	refactor: improve error handling for failed emails	2023-03-12 19:29:39 +01:00
Elias Schneider	8ff417a013	fix: set password manually input not shown	2023-03-12 19:28:50 +01:00
Elias Schneider	cb1a0d4090	release: 0.12.1	2023-03-11 12:40:27 +01:00
Elias Schneider	753dbe83b7	fix: 48px icon does not update	2023-03-11 12:33:22 +01:00
Elias Schneider	0c2a62b0ca	release: 0.12.0	2023-03-10 09:40:19 +01:00
Elias Schneider	452c635933	chore: dump packages	2023-03-10 09:40:09 +01:00
Elias Schneider	0455ba1bc1	chore: upgrade mantine to v6	2023-03-10 09:01:33 +01:00
Elias Schneider	3ad6b03b6b	fix: home page shown even if disabled	2023-03-10 08:40:32 +01:00
Elias Schneider	91c3525b15	chore: add sharp for image optimizations	2023-03-08 17:47:36 +01:00
Elias Schneider	8403d7e14d	feat: ability to change logo in frontend	2023-03-08 14:47:41 +01:00
Elias Schneider	8f71fd3435	fix: crypto is not defined	2023-03-08 13:10:10 +01:00
Elias Schneider	155c743197	release: 0.11.1	2023-03-05 10:50:32 +01:00
Elias Schneider	8b77e81d4c	fix: old config variable prevents to create a share	2023-03-05 10:48:01 +01:00
Elias Schneider	22d81b2220	release: 0.11.0	2023-03-04 23:41:11 +01:00
Elias Schneider	0317f3a508	fix: frontend error when user deleted	2023-03-04 23:40:02 +01:00
Elias Schneider	fddad3ef70	feat: custom branding (#112 ) * add first concept * remove setup status * split config page in multiple components * add custom branding docs * add test email button * fix invalid email from header * add migration * mount images to host * update docs * remove unused endpoint * run formatter	2023-03-04 23:29:00 +01:00
Elias Schneider	f9840505b8	feat: invite new user with email	2023-02-21 08:51:04 +01:00
Elias Schneider	759c55f625	docs: fix remove app before upgrading	2023-02-13 10:09:53 +01:00
Elias Schneider	edb511252f	release: 0.10.2	2023-02-13 09:39:43 +01:00
Elias Schneider	c3af0fe097	fix: pdf preview tries to render on server	2023-02-13 09:39:27 +01:00
Elias Schneider	6419da07fb	release: 0.10.1	2023-02-12 20:00:55 +01:00
Elias Schneider	7cd9dff637	fix: setup wizard doesn't redirect after completion	2023-02-12 20:00:35 +01:00
Elias Schneider	2a826f7941	docs: stand-alone installation start backend first	2023-02-12 19:04:12 +01:00
Elias Schneider	8720232755	chore: add question issue template	2023-02-12 14:40:10 +01:00
Elias Schneider	dc8cf3d5ca	fix: non administrator user redirection error while setup isn't finished	2023-02-11 15:57:21 +01:00
Elias Schneider	979b882150	docs: add stand-alone installation guide	2023-02-10 14:59:19 +01:00
Elias Schneider	c55019f71b	docs: improve contributing guideline	2023-02-10 14:22:32 +01:00
Elias Schneider	4c6ef52a17	release: 0.10.0	2023-02-10 11:47:29 +01:00
Elias Schneider	b9662701c4	fix: share creation without reverseShareToken	2023-02-10 11:47:17 +01:00
Elias Schneider	e3f88d0826	refactor(jobs): clear expired tokens and reverse shares	2023-02-10 11:29:51 +01:00
Elias Schneider	86a7379519	fix: delete all shares of reverse share	2023-02-10 11:15:23 +01:00
Elias Schneider	ccdf8ea3ae	feat: allow multiple shares with one reverse share link	2023-02-10 11:10:07 +01:00
Elias Schneider	edc10b72b7	fix: share fails if a share was created with a reverse share link recently	2023-02-10 10:58:49 +01:00
Elias Schneider	5d1a7f0310	feat!: reset password with email	2023-02-09 18:17:53 +01:00
Elias Schneider	8ab359b71d	docs(backend): add swagger documentation	2023-02-07 11:23:43 +01:00
Elias Schneider	38de022215	feat(frontend): server side rendering to improve performance	2023-02-07 10:21:25 +01:00
Elias Schneider	82f204e8a9	fix: invalid redirection after jwt expiry	2023-02-06 11:15:46 +01:00
Elias Schneider	4e840ecd29	refactor: handle authentication state in middleware	2023-02-04 18:12:49 +01:00
Elias Schneider	064ef38d78	fix: setup status doesn't change	2023-02-03 11:01:10 +01:00
Elias Schneider	b14e931d8d	test: adapt tests to new features	2023-01-31 15:43:54 +01:00
Elias Schneider	3d5c919110	release: 0.9.0	2023-01-31 15:25:01 +01:00
Elias Schneider	008df06b5c	feat: direct file link	2023-01-31 15:22:08 +01:00
Elias Schneider	cd9d828686	refactor: move guard checks to service	2023-01-31 13:53:23 +01:00
Elias Schneider	233c26e5cf	fix: improve send test email UX	2023-01-31 13:16:11 +01:00
Elias Schneider	91a6b3f716	feat: file preview	2023-01-31 09:03:03 +01:00
Elias Schneider	0a2b7b1243	refactor: use cookie instead of local storage for share token	2023-01-26 21:18:22 +01:00
Elias Schneider	b98fe7911f	release: 0.8.0	2023-01-26 16:10:16 +01:00
Elias Schneider	ad92cfc852	fix: admin users were created while the setup wizard wasn't finished	2023-01-26 15:43:13 +01:00
Elias Schneider	7e91038a24	chore: optimize prisma migration	2023-01-26 14:06:25 +01:00
Elias Schneider	4a5fb549c6	feat: reverse shares (#86 ) * add first concept * add reverse share funcionality to frontend * allow creator to limit share expiration * moved reverse share in seperate module * add table to manage reverse shares * delete complete share if reverse share was deleted * optimize function names * add db migration * enable reverse share email notifications * fix config variable descriptions * fix migration for new installations	2023-01-26 13:44:04 +01:00
Elias Schneider	1ceb07b89e	refactor: fix typo of service name	2023-01-17 09:48:49 +01:00
Elias Schneider	bb64f6c33f	fix: Add meta tags to new pages	2023-01-17 09:13:53 +01:00
Elias Schneider	61c48d57b8	ci/cd: upgrade github actions	2023-01-13 15:37:49 +01:00
Luke	2a7587ed78	chore: docker compose ClamAV optimizations * Update docker-compose.yml Adds a depends_on clause that waits for clamav to be fulyl started before starting pingvin-share. * Update README.md Explains that it may take a minute or two for the app to start while it waits for clamav. * minor refactoring Co-authored-by: Elias Schneider <login@eliasschneider.com>	2023-01-13 14:11:33 +01:00
Elias Schneider	e09213a295	release: 0.7.0	2023-01-13 10:59:52 +01:00
Elias Schneider	fc116d65c0	chore: dump packages	2023-01-13 10:31:22 +01:00
Elias Schneider	76088cc76a	feat: add ClamAV to scan for malicious files	2023-01-13 10:16:35 +01:00
Elias Schneider	16b697053a	ci/cd: don't stale feature issues	2023-01-12 13:47:09 +01:00
Elias Schneider	349bf475cc	fix: invalid github release link on admin page	2023-01-11 22:32:37 +01:00
Elias Schneider	fccc4cbc02	release: 0.6.1	2023-01-11 13:08:09 +01:00
Elias Schneider	f1b44f87fa	fix: shareUrl uses wrong origin	2023-01-11 13:06:38 +01:00
Elias Schneider	02e41e2437	feat: delete all sessions if password was changed	2023-01-10 13:32:37 +01:00
Elias Schneider	74e8956106	fix: update password doesn't work	2023-01-10 12:29:38 +01:00
Elias Schneider	dc9ec429c6	release: 0.6.0	2023-01-09 12:14:41 +01:00
Elias Schneider	653d72bcb9	feat: chunk uploads (#76 ) * add first concept * finished first concept * allow 3 uploads at same time * retry if chunk failed * updated clean temporary files job * fix throttling for chunk uploads * update tests * remove multer * migrate from `MAX_FILE_SIZE` to `MAX_SHARE_SIZE` * improve error handling if file failed to upload * fix promise limit * improve file progress	2023-01-09 11:43:48 +01:00
Elias Schneider	a5bef5d4a4	fix: refresh token expires after 1 day instead of 3 months	2023-01-07 12:16:03 +01:00
Elias Schneider	c8ad2225e3	fix: access token refreshes even it is still valid	2023-01-06 16:07:07 +01:00
Elias Schneider	72c8081e7c	fix: error message typo	2023-01-06 09:21:46 +01:00
Elias Schneider	f2d4895e50	fix: migration for v0.5.1	2023-01-05 08:34:31 +01:00
Elias Schneider	54f591cd60	release: 0.5.1	2023-01-04 16:02:54 +01:00
Elias Schneider	f836a0a3cd	chore: add db migration	2023-01-04 15:58:15 +01:00
Elias Schneider	11174656e4	fix: email configuration updated without restart	2023-01-04 15:30:49 +01:00
Elias Schneider	faea1abcc4	feat: use cookies for authentication	2023-01-04 11:54:28 +01:00
Elias Schneider	71658ad39d	feat: show version and show button if new release is available on admin page	2022-12-30 19:23:17 +01:00
Elias Schneider	167f0f8c7a	chore: improve release scripts	2022-12-30 18:59:05 +01:00
Elias Schneider	85551dc3d3	release: 0.5.0	2022-12-30 14:41:23 +01:00
Elias Schneider	5bc4f902f6	feat: improve config UI (#69 ) * add first concept * completed configuration ui update * add button for testing email configuration * improve mobile layout * add migration * run formatter * delete unnecessary modal * remove unused comment	2022-12-30 14:40:23 +01:00
Elias Schneider	e5b50f855c	fix: refresh token gets deleted on session end	2022-12-26 12:57:54 +01:00
Elias Schneider	b73144295b	refactor: extract totp operations in seperate service	2022-12-26 12:43:36 +01:00
Elias Schneider	ef21bac59b	feat: manually switch color scheme	2022-12-24 23:58:31 +01:00
Elias Schneider	cabaee588b	feat: custom mail subject	2022-12-23 10:57:09 +01:00
Elias Schneider	aac363bb37	release: 0.4.0	2022-12-21 18:25:00 +01:00
Elias Schneider	af71317ec4	Merge remote-tracking branch 'origin/main' into main	2022-12-21 18:01:06 +01:00
Steve	16480f6e95	feat: TOTP (two-factor) Authentication (#55 ) * Working on some initial prototype stuff for TOTP * Fixed a bug that prevented the change password menu from working * Enable/disable totp working * Added the new login procedure including TOTP! :) * misc: Changed bad description for the TOTP_SECRET env var * I forgot to include the migration for the new prisma stuff * fix: refresh user context instead refreshing the page * refactor: simplify totp error handling * Removed U2F tab + format schema * fix: tokens not saved in cookies * refactor: deleted commented out code * refactor: move password text to input description * refactor: remove tabler icon package Co-authored-by: Elias Schneider <login@eliasschneider.com> Co-authored-by: Elias Schneider <58886915+stonith404@users.noreply.github.com>	2022-12-21 17:58:37 +01:00
Elias Schneider	1a034a1966	refector: remove unnecessary content type header	2022-12-15 21:50:22 +01:00
Elias Schneider	0616a68bd2	feat: custom email message	2022-12-15 21:44:04 +01:00
Elias Schneider	bfb47ba6e8	release: 0.3.6	2022-12-13 18:45:52 +01:00
Elias Schneider	c1d87a1c29	test: improve tests for new feature	2022-12-13 18:44:17 +01:00
Elias Schneider	4c7e161217	chore: create prisma migration	2022-12-13 18:39:13 +01:00
Elias Schneider	844c47e129	fix: rerange accordion items	2022-12-13 09:57:48 +01:00
Elias Schneider	9b0c08d0cd	fix: remove dot in email link	2022-12-13 09:06:18 +01:00
Elias Schneider	37fda220e9	Merge branch 'main' of https://github.com/stonith404/pingvin-share	2022-12-12 22:38:40 +01:00
Elias Schneider	3b7f5ddc52	Create close_inactive_issues.yml	2022-12-12 14:34:36 +01:00
Elias Schneider	8728fa5207	feat: add description field to share	2022-12-12 11:54:13 +01:00
Elias Schneider	c265129dcc	Create SECURITY.md	2022-12-12 11:11:28 +01:00
Elias Schneider	78dd4a7e2a	chore: add issue templates	2022-12-12 11:00:10 +01:00
Elias Schneider	3cad4dd487	docs: add synology nas installation by Marius	2022-12-11 12:38:58 +01:00
Elias Schneider	d1d3462056	release: 0.3.5	2022-12-11 12:23:46 +01:00
Elias Schneider	5b01108777	fix: zip doesn't contain file extension	2022-12-11 12:22:01 +01:00
Elias Schneider	3d1d4d0fc7	fix: only create zip if more than one file is in the share	2022-12-11 12:19:42 +01:00
Elias Schneider	7c0d62a429	Update FUNDING.yml	2022-12-10 23:26:57 +01:00
Elias Schneider	d010a8a2d3	feat: upload 3 files at same time	2022-12-10 23:16:10 +01:00
Elias Schneider	9798e26872	fix: setup wizard table doesn't take full width	2022-12-10 18:45:53 +01:00
Elias Schneider	0c10dc674f	Merge pull request #37 from Neyxo/improvement-30-docker-image Improved docker image (size & speed)	2022-12-10 18:33:45 +01:00
Elias Schneider	084e911eed	fix: remove unnecessary port expose	2022-12-10 18:32:14 +01:00
Elias Schneider	797f8938ca	fix: use node slim to fix arm builds	2022-12-10 18:31:39 +01:00
Elias Schneider	05cbb7b27e	fix: jobs never get executed	2022-12-10 17:16:49 +01:00
Elias Schneider	905bab9c86	release: 0.3.4	2022-12-10 15:46:53 +01:00
Jean-Michel Carrel	8e38c5fed7	Improved docker image (size & speed)	2022-12-10 15:34:01 +01:00
Elias Schneider	7e877ce9f4	fix: show alternative to copy button if site is not using https	2022-12-10 13:16:23 +01:00
Elias Schneider	b1bfb09dfd	fix: tables on mobile	2022-12-09 14:37:09 +01:00
Elias Schneider	c8a4521677	fix: sign up page available when registration is disabled	2022-12-09 12:05:43 +01:00
Elias Schneider	3c74cc14df	release: 0.3.3	2022-12-08 23:22:59 +01:00
Elias Schneider	a165f8ec4d	refactor: remove console log	2022-12-08 23:22:15 +01:00
Elias Schneider	d6a88f2a22	performance: reduce docker image size	2022-12-08 23:21:31 +01:00
Elias Schneider	b8172efd59	fix: allow empty strings in config variable	2022-12-08 23:21:16 +01:00
Elias Schneider	cbe37c6798	fix: obscured text length	2022-12-08 23:12:25 +01:00
Elias Schneider	a545c44426	fix: improve admin dashboard color and layout	2022-12-08 22:43:14 +01:00
Elias Schneider	08a2f60f72	chore: add migration for v0.3.3	2022-12-08 21:58:58 +01:00
Elias Schneider	907e56af0f	fix: space character in email	2022-12-08 20:04:56 +01:00
Elias Schneider	888a0c5faf	feat: add support for different email and user	2022-12-08 20:00:04 +01:00
Elias Schneider	bfb0d151ea	fix: obscure critical config variables	2022-12-08 19:14:06 +01:00
Elias Schneider	1f63f22591	docs: add review to README	2022-12-08 17:30:12 +01:00
Elias Schneider	a2d5e0f72c	test: fix system tests not await backend start	2022-12-07 13:44:02 +01:00
Elias Schneider	c0d0f6fa90	release: 0.3.2	2022-12-07 12:41:14 +01:00
Elias Schneider	4a016ed57d	fix: unauthenticated dialog not shown	2022-12-06 11:05:04 +01:00
Elias Schneider	5ea63fb60b	fix: use session storage for share token	2022-12-06 10:54:17 +01:00
Elias Schneider	57cb683c64	fix: make share password optional	2022-12-05 23:58:18 +01:00
				`@@ -1 +0,0 @@`
				`This is a test filed used for uploading in the system test.`