release: 1.2.1

* New translations en-us.ts (Polish)

* New translations en-us.ts (Italian)

* New translations en-us.ts (French)

* New translations en-us.ts (German)

* New translations en-us.ts (French)

* New translations en-us.ts (Danish)

* New translations en-us.ts (Japanese)

* New translations en-us.ts (Vietnamese)

* New translations en-us.ts (Spanish)

* New translations en-us.ts (Bulgarian)

* New translations en-us.ts (Czech)

* New translations en-us.ts (German)

* New translations en-us.ts (Greek)

* New translations en-us.ts (Finnish)

* New translations en-us.ts (Hungarian)

* New translations en-us.ts (Italian)

* New translations en-us.ts (Korean)

* New translations en-us.ts (Polish)

* New translations en-us.ts (Russian)

* New translations en-us.ts (Slovenian)

* New translations en-us.ts (Serbian (Cyrillic))

* New translations en-us.ts (Swedish)

* New translations en-us.ts (Turkish)

* New translations en-us.ts (Ukrainian)

* New translations en-us.ts (Chinese Simplified)

* New translations en-us.ts (Chinese Traditional)

* New translations en-us.ts (Portuguese, Brazilian)

* New translations en-us.ts (Thai)

* New translations en-us.ts (Dutch, Belgium)

* New translations en-us.ts (Arabic, Egypt)

CHANGELOG.md

@@ -1,3 +1,59 @@
+## [1.2.1](https://github.com/stonith404/pingvin-share/compare/v1.2.0...v1.2.1) (2024-10-15)
+
+
+### Bug Fixes
+
+* disallow passwort reset if it's a ldap user ([2e69224](https://github.com/stonith404/pingvin-share/commit/2e692241c57b001c9312302523c6374c0c24ea0c))
+* error message for invalid max use count of reverse share ([613bae9](https://github.com/stonith404/pingvin-share/commit/613bae90330a76c0964352a3fe927df3697309eb))
+* **oauth:** add `post_logout_redirect_uri` to OAuth logout redirect URI ([#638](https://github.com/stonith404/pingvin-share/issues/638)) ([bfbe8de](https://github.com/stonith404/pingvin-share/commit/bfbe8de98a6a7a2d32dd8d4dddbcc1d4ce6388f4))
+* share can't be created if an invalid email is entered in mail recipients ([d5cd300](https://github.com/stonith404/pingvin-share/commit/d5cd3002a1661e58d584e12280be36f17948c38c))
+* trim username, email and password on sign in and sign up page ([77a092a](https://github.com/stonith404/pingvin-share/commit/77a092a3cf089a4aa8b9897b5ad14e5500181d10))
+
+## [1.2.0](https://github.com/stonith404/pingvin-share/compare/v1.1.3...v1.2.0) (2024-10-14)
+
+
+### Features
+
+* **oauth:** add ability to limit user IDs for Discord authentication ([#621](https://github.com/stonith404/pingvin-share/issues/621)) ([5883dff](https://github.com/stonith404/pingvin-share/commit/5883dff4cf0abe99b3ac8f0b56fdc9d04e80b51c))
+* **oauth:** Add option to logout from OpenID Connect provider ([2b3ce3f](https://github.com/stonith404/pingvin-share/commit/2b3ce3ffd250f7e3052d43c1c1e76947abf91e55)), closes [#598](https://github.com/stonith404/pingvin-share/issues/598)
+
+
+### Bug Fixes
+
+* use unique port env variable for backend ([d6b8b56](https://github.com/stonith404/pingvin-share/commit/d6b8b56247814087c2b676fe2367300172b5a94b))
+
+## [1.1.3](https://github.com/stonith404/pingvin-share/compare/v1.1.2...v1.1.3) (2024-09-27)
+
+
+### Features
+
+* improve the LDAP implementation ([#615](https://github.com/stonith404/pingvin-share/issues/615)) ([3310fe5](https://github.com/stonith404/pingvin-share/commit/3310fe53b3e4c89db78d57ede6c8d57d8137ecc1)), closes [#601](https://github.com/stonith404/pingvin-share/issues/601)
+
+
+### Bug Fixes
+
+* omit invalid username characters in oidc registration ([adc4af9](https://github.com/stonith404/pingvin-share/commit/adc4af996d30b295b06e4ee517aa53be62c0f6c1))
+
+## [1.1.2](https://github.com/stonith404/pingvin-share/compare/v1.1.1...v1.1.2) (2024-09-24)
+
+
+### Bug Fixes
+
+* disable auto complete for email recipients and share password ([ee73293](https://github.com/stonith404/pingvin-share/commit/ee73293c0f822d3e79cfefd096c656d4c36a12d1))
+* enable secure cookies if app url starts with https ([69752b8](https://github.com/stonith404/pingvin-share/commit/69752b8b417edda1ab4a4acedbdda09d545d6df8))
+
+## [1.1.1](https://github.com/stonith404/pingvin-share/compare/v1.1.0...v1.1.1) (2024-09-18)
+
+
+### Features
+
+* add environment variable to trust the reverse proxy ([b13a81a](https://github.com/stonith404/pingvin-share/commit/b13a81a88ca871c5714b2ed52d0e12fb7ceca176))
+
+
+### Bug Fixes
+
+* disable email login if ldap is enabled ([d9cfe69](https://github.com/stonith404/pingvin-share/commit/d9cfe697d66e9db7bfbc2252b3700580793ce9bb))
+
 ## [1.1.0](https://github.com/stonith404/pingvin-share/compare/v1.0.4...v1.1.0) (2024-09-14)
 
 

Caddyfile

@@ -1,15 +0,0 @@
-:3000 {
-    # Reverse proxy for /api
-    reverse_proxy /api/* http://localhost:8080 {
-        header_up X-Forwarded-Host {host}:{server_port}
-        header_up X-Forwarded-For {remote_host}
-        header_up X-Forwarded-Proto {scheme}
-    }
-
-    # Reverse proxy for all other requests
-    reverse_proxy http://localhost:3333 {
-        header_up X-Forwarded-Host {host}:{server_port}
-        header_up X-Forwarded-For {remote_host}
-        header_up X-Forwarded-Proto {scheme}
-    }
-}

Dockerfile

@@ -46,7 +46,7 @@ COPY --from=backend-builder /opt/app/dist ./dist
 COPY --from=backend-builder /opt/app/prisma ./prisma
 COPY --from=backend-builder /opt/app/package.json ./
 
-COPY ./Caddyfile /etc/caddy/Caddyfile
+COPY ./reverse-proxy /etc/caddy
 COPY ./scripts/docker-entrypoint.sh /opt/app/docker-entrypoint.sh
 
 WORKDIR /opt/app

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share-backend",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "scripts": {
     "build": "nest build",
     "dev": "cross-env NODE_ENV=development nest start --watch",
@@ -14,74 +14,73 @@
   },
   "dependencies": {
     "@nestjs/cache-manager": "^2.2.2",
-    "@nestjs/common": "^10.3.9",
-    "@nestjs/config": "^3.2.2",
-    "@nestjs/core": "^10.3.9",
+    "@nestjs/common": "^10.4.3",
+    "@nestjs/config": "^3.2.3",
+    "@nestjs/core": "^10.4.3",
     "@nestjs/jwt": "^10.2.0",
     "@nestjs/passport": "^10.0.3",
-    "@nestjs/platform-express": "^10.3.9",
-    "@nestjs/schedule": "^4.0.2",
-    "@nestjs/swagger": "^7.3.1",
-    "@nestjs/throttler": "^5.2.0",
-    "@prisma/client": "^5.16.1",
+    "@nestjs/platform-express": "^10.4.3",
+    "@nestjs/schedule": "^4.1.1",
+    "@nestjs/swagger": "^7.4.2",
+    "@nestjs/throttler": "^6.2.1",
+    "@prisma/client": "^5.19.1",
     "@types/jmespath": "^0.15.2",
-    "@types/ldapjs": "^3.0.6",
     "archiver": "^7.0.1",
-    "argon2": "^0.40.3",
-    "body-parser": "^1.20.2",
-    "cache-manager": "^5.6.1",
-    "clamscan": "^2.2.1",
+    "argon2": "^0.41.1",
+    "body-parser": "^1.20.3",
+    "cache-manager": "^5.7.6",
+    "clamscan": "^2.3.1",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
     "content-disposition": "^0.5.4",
     "cookie-parser": "^1.4.6",
     "jmespath": "^0.16.0",
-    "ldapjs": "^3.0.7",
+    "ldapts": "^7.2.0",
     "mime-types": "^2.1.35",
     "moment": "^2.30.1",
     "nanoid": "^3.3.7",
-    "nodemailer": "^6.9.14",
+    "nodemailer": "^6.9.15",
     "otplib": "^12.0.1",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0",
     "qrcode-svg": "^1.1.0",
     "reflect-metadata": "^0.2.2",
-    "rimraf": "^5.0.7",
+    "rimraf": "^6.0.1",
     "rxjs": "^7.8.1",
-    "sharp": "^0.33.4",
+    "sharp": "^0.33.5",
     "ts-node": "^10.9.2"
   },
   "devDependencies": {
-    "@nestjs/cli": "^10.3.2",
-    "@nestjs/schematics": "^10.1.1",
-    "@nestjs/testing": "^10.3.9",
+    "@nestjs/cli": "^10.4.5",
+    "@nestjs/schematics": "^10.1.4",
+    "@nestjs/testing": "^10.4.3",
     "@types/archiver": "^6.0.2",
     "@types/clamscan": "^2.0.8",
     "@types/cookie-parser": "^1.4.7",
-    "@types/cron": "^2.0.1",
+    "@types/cron": "^2.4.0",
     "@types/express": "^4.17.21",
     "@types/mime-types": "^2.1.4",
-    "@types/multer": "^1.4.11",
-    "@types/node": "^20.14.9",
-    "@types/nodemailer": "^6.4.15",
+    "@types/multer": "^1.4.12",
+    "@types/node": "^22.5.5",
+    "@types/nodemailer": "^6.4.16",
     "@types/passport-jwt": "^4.0.1",
-    "@types/qrcode-svg": "^1.1.4",
-    "@types/sharp": "^0.31.1",
+    "@types/qrcode-svg": "^1.1.5",
+    "@types/sharp": "^0.32.0",
     "@types/supertest": "^6.0.2",
-    "@typescript-eslint/eslint-plugin": "^7.14.1",
-    "@typescript-eslint/parser": "^7.14.1",
+    "@typescript-eslint/eslint-plugin": "^8.6.0",
+    "@typescript-eslint/parser": "^8.6.0",
     "cross-env": "^7.0.3",
-    "eslint": "^8.56.0",
+    "eslint": "^9.10.0",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-prettier": "^5.1.3",
-    "newman": "^6.1.3",
-    "prettier": "^3.3.2",
-    "prisma": "^5.16.1",
+    "eslint-plugin-prettier": "^5.2.1",
+    "newman": "^6.2.1",
+    "prettier": "^3.3.3",
+    "prisma": "^5.19.1",
     "source-map-support": "^0.5.21",
     "ts-loader": "^9.5.1",
     "tsconfig-paths": "4.2.0",
-    "typescript": "^5.5.2",
-    "wait-on": "^7.2.0"
+    "typescript": "^5.6.2",
+    "wait-on": "^8.0.1"
   }
 }

backend/prisma/migrations/20241007181823_oauth_id_token/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "RefreshToken" ADD COLUMN "oauthIDToken" TEXT;

backend/prisma/schema.prisma

@@ -40,6 +40,8 @@ model RefreshToken {
 
   userId String
   user   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  oauthIDToken  String? // prefixed with the ID of the issuing OAuth provider, separated by a colon
 }
 
 model LoginToken {

backend/prisma/seed/config.seed.ts

@@ -178,6 +178,15 @@ const configVariables: ConfigVariables = {
     adminGroups: {
       type: "string",
       defaultValue: ""
+    },
+
+    fieldNameMemberOf: {
+      type: "string",
+      defaultValue: "memberOf",
+    },
+    fieldNameEmail: {
+      type: "string",
+      defaultValue: "userPrincipalName",
     }
   },
   oauth: {
@@ -245,6 +254,10 @@ const configVariables: ConfigVariables = {
       type: "string",
       defaultValue: "",
     },
+    "discord-limitedUsers": {
+      type: "string",
+      defaultValue: "",
+    },
     "discord-clientId": {
       type: "string",
       defaultValue: "",
@@ -262,6 +275,10 @@ const configVariables: ConfigVariables = {
       type: "string",
       defaultValue: "",
     },
+    "oidc-signOut": {
+      type: "boolean",
+      defaultValue: "false",
+    },
     "oidc-usernameClaim": {
       type: "string",
       defaultValue: "",

backend/src/auth/auth.controller.ts

@@ -120,7 +120,7 @@ export class AuthController {
   })
   @HttpCode(202)
   async requestResetPassword(@Param("email") email: string) {
-    this.authService.requestResetPassword(email);
+    await this.authService.requestResetPassword(email);
   }
 
   @Post("resetPassword")
@@ -172,13 +172,25 @@ export class AuthController {
     @Req() request: Request,
     @Res({ passthrough: true }) response: Response,
   ) {
-    await this.authService.signOut(request.cookies.access_token);
-    response.cookie("access_token", "accessToken", { maxAge: -1 });
+    const redirectURI = await this.authService.signOut(
+      request.cookies.access_token,
+    );
+
+    const isSecure = this.config.get("general.appUrl").startsWith("https");
+    response.cookie("access_token", "", {
+      maxAge: -1,
+      secure: isSecure,
+    });
     response.cookie("refresh_token", "", {
       path: "/api/auth/token",
       httpOnly: true,
       maxAge: -1,
+      secure: isSecure,
     });
+
+    if (typeof redirectURI === "string") {
+      return { redirectURI: redirectURI.toString() };
+    }
   }
 
   @Post("totp/enable")

backend/src/auth/auth.module.ts

@@ -1,4 +1,4 @@
-import { Module } from "@nestjs/common";
+import { forwardRef, Module } from "@nestjs/common";
 import { JwtModule } from "@nestjs/jwt";
 import { EmailModule } from "src/email/email.module";
 import { AuthController } from "./auth.controller";
@@ -7,6 +7,7 @@ import { AuthTotpService } from "./authTotp.service";
 import { JwtStrategy } from "./strategy/jwt.strategy";
 import { LdapService } from "./ldap.service";
 import { UserModule } from "../user/user.module";
+import { OAuthModule } from "../oauth/oauth.module";
 
 @Module({
   imports: [
@@ -14,6 +15,7 @@ import { UserModule } from "../user/user.module";
       global: true,
     }),
     EmailModule,
+    forwardRef(() => OAuthModule),
     UserModule,
   ],
   controllers: [AuthController],

backend/src/auth/auth.service.ts

@@ -1,6 +1,8 @@
 import {
   BadRequestException,
   ForbiddenException,
+  forwardRef,
+  Inject,
   Injectable,
   Logger,
   UnauthorizedException,
@@ -14,11 +16,12 @@ import * as moment from "moment";
 import { ConfigService } from "src/config/config.service";
 import { EmailService } from "src/email/email.service";
 import { PrismaService } from "src/prisma/prisma.service";
+import { OAuthService } from "../oauth/oauth.service";
+import { GenericOidcProvider } from "../oauth/provider/genericOidc.provider";
+import { UserSevice } from "../user/user.service";
 import { AuthRegisterDTO } from "./dto/authRegister.dto";
 import { AuthSignInDTO } from "./dto/authSignIn.dto";
 import { LdapService } from "./ldap.service";
-import { inspect } from "util";
-import { UserSevice } from "../user/user.service";
 
 @Injectable()
 export class AuthService {
@@ -29,6 +32,7 @@ export class AuthService {
     private emailService: EmailService,
     private ldapService: LdapService,
     private userService: UserSevice,
+    @Inject(forwardRef(() => OAuthService)) private oAuthService: OAuthService,
   ) {}
   private readonly logger = new Logger(AuthService.name);
 
@@ -66,8 +70,9 @@ export class AuthService {
   }
 
   async signIn(dto: AuthSignInDTO, ip: string) {
-    if (!dto.email && !dto.username)
+    if (!dto.email && !dto.username) {
       throw new BadRequestException("Email or username is required");
+    }
 
     if (!this.config.get("oauth.disablePassword")) {
       const user = await this.prisma.user.findFirst({
@@ -85,18 +90,22 @@ export class AuthService {
     }
 
     if (this.config.get("ldap.enabled")) {
-      this.logger.debug(`Trying LDAP login for user ${dto.username}`);
+      /*
+       * E-mail-like user credentials are passed as the email property
+       * instead of the username. Since the username format does not matter
+       * when searching for users in LDAP, we simply use the username
+       * in whatever format it is provided.
+       */
+      const ldapUsername = dto.username || dto.email;
+      this.logger.debug(`Trying LDAP login for user ${ldapUsername}`);
       const ldapUser = await this.ldapService.authenticateUser(
-        dto.username,
+        ldapUsername,
         dto.password,
       );
       if (ldapUser) {
-        const user = await this.userService.findOrCreateFromLDAP(
-          dto.username,
-          ldapUser,
-        );
+        const user = await this.userService.findOrCreateFromLDAP(dto, ldapUser);
         this.logger.log(
-          `Successful LDAP login for user ${user.email} from IP ${ip}`,
+          `Successful LDAP login for user ${ldapUsername} (${user.id}) from IP ${ip}`,
         );
         return this.generateToken(user);
       }
@@ -108,13 +117,10 @@ export class AuthService {
     throw new UnauthorizedException("Wrong email or password");
   }
 
-  async generateToken(user: User, isOAuth = false) {
+  async generateToken(user: User, oauth?: { idToken?: string }) {
     // TODO: Make all old loginTokens invalid when a new one is created
     // Check if the user has TOTP enabled
-    if (
-      user.totpVerified &&
-      !(isOAuth && this.config.get("oauth.ignoreTotp"))
-    ) {
+    if (user.totpVerified && !(oauth && this.config.get("oauth.ignoreTotp"))) {
       const loginToken = await this.createLoginToken(user.id);
 
       return { loginToken };
@@ -122,6 +128,7 @@ export class AuthService {
 
     const { refreshToken, refreshTokenId } = await this.createRefreshToken(
       user.id,
+      oauth?.idToken,
     );
     const accessToken = await this.createAccessToken(user, refreshTokenId);
 
@@ -139,6 +146,15 @@ export class AuthService {
 
     if (!user) return;
 
+    if (user.ldapDN) {
+      this.logger.log(
+        `Failed password reset request for user ${email} because it is an LDAP user`,
+      );
+      throw new BadRequestException(
+        "This account can't reset its password here. Please contact your administrator.",
+      );
+    }
+
     // Delete old reset password token
     if (user.resetPasswordToken) {
       await this.prisma.resetPasswordToken.delete({
@@ -153,7 +169,7 @@ export class AuthService {
       },
     });
 
-    await this.emailService.sendResetPasswordEmail(user.email, token);
+    this.emailService.sendResetPasswordEmail(user.email, token);
   }
 
   async resetPassword(token: string, newPassword: string) {
@@ -220,12 +236,54 @@ export class AuthService {
       }) || {};
 
     if (refreshTokenId) {
+      const oauthIDToken = await this.prisma.refreshToken
+        .findFirst({
+          select: { oauthIDToken: true },
+          where: { id: refreshTokenId },
+        })
+        .then((refreshToken) => refreshToken?.oauthIDToken)
+        .catch((e) => {
+          // Ignore error if refresh token doesn't exist
+          if (e.code != "P2025") throw e;
+        });
       await this.prisma.refreshToken
         .delete({ where: { id: refreshTokenId } })
         .catch((e) => {
           // Ignore error if refresh token doesn't exist
           if (e.code != "P2025") throw e;
         });
+
+      if (typeof oauthIDToken === "string") {
+        const [providerName, idTokenHint] = oauthIDToken.split(":");
+        const provider = this.oAuthService.availableProviders()[providerName];
+        let signOutFromProviderSupportedAndActivated = false;
+        try {
+          signOutFromProviderSupportedAndActivated = this.config.get(
+            `oauth.${providerName}-signOut`,
+          );
+        } catch (_) {
+          // Ignore error if the provider is not supported or if the provider sign out is not activated
+        }
+        if (
+          provider instanceof GenericOidcProvider &&
+          signOutFromProviderSupportedAndActivated
+        ) {
+          const configuration = await provider.getConfiguration();
+          if (
+            configuration.frontchannel_logout_supported &&
+            URL.canParse(configuration.end_session_endpoint)
+          ) {
+            const redirectURI = new URL(configuration.end_session_endpoint);
+            redirectURI.searchParams.append("post_logout_redirect_uri", this.config.get("general.appUrl"));
+            redirectURI.searchParams.append("id_token_hint", idTokenHint);
+            redirectURI.searchParams.append(
+              "client_id",
+              this.config.get(`oauth.${providerName}-clientId`),
+            );
+            return redirectURI.toString();
+          }
+        }
+      }
     }
   }
 
@@ -244,13 +302,14 @@ export class AuthService {
     );
   }
 
-  async createRefreshToken(userId: string) {
+  async createRefreshToken(userId: string, idToken?: string) {
     const { id, token } = await this.prisma.refreshToken.create({
       data: {
         userId,
         expiresAt: moment()
           .add(this.config.get("general.sessionDuration"), "hours")
           .toDate(),
+        oauthIDToken: idToken,
       },
     });
 
@@ -272,9 +331,11 @@ export class AuthService {
     refreshToken?: string,
     accessToken?: string,
   ) {
+    const isSecure = this.config.get("general.appUrl").startsWith("https");
     if (accessToken)
       response.cookie("access_token", accessToken, {
         sameSite: "lax",
+        secure: isSecure,
         maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months
       });
     if (refreshToken)
@@ -282,6 +343,7 @@ export class AuthService {
         path: "/api/auth/token",
         httpOnly: true,
         sameSite: "strict",
+        secure: isSecure,
         maxAge: 1000 * 60 * 60 * this.config.get("general.sessionDuration"),
       });
   }

backend/src/auth/ldap.service.ts

@@ -1,101 +1,7 @@
 import { Inject, Injectable, Logger } from "@nestjs/common";
-import * as ldap from "ldapjs";
-import {
-  AttributeJson,
-  InvalidCredentialsError,
-  SearchCallbackResponse,
-  SearchOptions,
-} from "ldapjs";
 import { inspect } from "node:util";
 import { ConfigService } from "../config/config.service";
-
-type LdapSearchEntry = {
-  objectName: string;
-  attributes: AttributeJson[];
-};
-
-async function ldapExecuteSearch(
-  client: ldap.Client,
-  base: string,
-  options: SearchOptions,
-): Promise<LdapSearchEntry[]> {
-  const searchResponse = await new Promise<SearchCallbackResponse>(
-    (resolve, reject) => {
-      client.search(base, options, (err, res) => {
-        if (err) {
-          reject(err);
-        } else {
-          resolve(res);
-        }
-      });
-    },
-  );
-
-  return await new Promise<any[]>((resolve, reject) => {
-    const entries: LdapSearchEntry[] = [];
-    searchResponse.on("searchEntry", (entry) =>
-      entries.push({
-        attributes: entry.pojo.attributes,
-        objectName: entry.pojo.objectName,
-      }),
-    );
-    searchResponse.once("error", reject);
-    searchResponse.once("end", () => resolve(entries));
-  });
-}
-
-async function ldapBindUser(
-  client: ldap.Client,
-  dn: string,
-  password: string,
-): Promise<void> {
-  return new Promise<void>((resolve, reject) => {
-    client.bind(dn, password, (error) => {
-      if (error) {
-        reject(error);
-      } else {
-        resolve();
-      }
-    });
-  });
-}
-
-async function ldapCreateConnection(
-  logger: Logger,
-  url: string,
-): Promise<ldap.Client> {
-  const ldapClient = ldap.createClient({
-    url: url.split(","),
-    connectTimeout: 10_000,
-    timeout: 10_000,
-  });
-
-  await new Promise((resolve, reject) => {
-    ldapClient.once("error", reject);
-    ldapClient.on("setupError", reject);
-    ldapClient.on("socketTimeout", reject);
-    ldapClient.on("connectRefused", () =>
-      reject(new Error("connection has been refused")),
-    );
-    ldapClient.on("connectTimeout", () =>
-      reject(new Error("connect timed out")),
-    );
-    ldapClient.on("connectError", reject);
-
-    ldapClient.on("connect", resolve);
-  }).catch((error) => {
-    logger.error(`Connect error: ${inspect(error)}`);
-    ldapClient.destroy();
-    throw error;
-  });
-
-  return ldapClient;
-}
-
-export type LdapAuthenticateResult = {
-  userDn: string;
-  attributes: Record<string, string[]>;
-};
+import { Client, Entry, InvalidCredentialsError } from "ldapts";
 
 @Injectable()
 export class LdapService {
@@ -105,40 +11,42 @@ export class LdapService {
     private readonly serviceConfig: ConfigService,
   ) {}
 
-  private async createLdapConnection(): Promise<ldap.Client> {
+  private async createLdapConnection(): Promise<Client> {
     const ldapUrl = this.serviceConfig.get("ldap.url");
     if (!ldapUrl) {
       throw new Error("LDAP server URL is not defined");
     }
 
-    const ldapClient = await ldapCreateConnection(this.logger, ldapUrl);
-    try {
-      const bindDn = this.serviceConfig.get("ldap.bindDn") || null;
-      if (bindDn) {
-        try {
-          await ldapBindUser(
-            ldapClient,
-            bindDn,
-            this.serviceConfig.get("ldap.bindPassword"),
-          );
-        } catch (error) {
-          this.logger.warn(`Failed to bind to default user: ${error}`);
-          throw new Error("failed to bind to default user");
-        }
-      }
+    const ldapClient = new Client({
+      url: ldapUrl,
+      timeout: 15_000,
+      connectTimeout: 15_000,
+    });
 
-      return ldapClient;
-    } catch (error) {
-      ldapClient.destroy();
-      throw error;
+    const bindDn = this.serviceConfig.get("ldap.bindDn") || null;
+    if (bindDn) {
+      try {
+        await ldapClient.bind(
+          bindDn,
+          this.serviceConfig.get("ldap.bindPassword"),
+        );
+      } catch (error) {
+        this.logger.warn(`Failed to bind to default user: ${error}`);
+        throw new Error("failed to bind to default user");
+      }
     }
+
+    return ldapClient;
   }
 
   public async authenticateUser(
     username: string,
     password: string,
-  ): Promise<LdapAuthenticateResult | null> {
-    if (!username.match(/^[a-zA-Z0-0]+$/)) {
+  ): Promise<Entry | null> {
+    if (!username.match(/^[a-zA-Z0-9-_.@]+$/)) {
+      this.logger.verbose(
+        `Username ${username} does not match username pattern. Authentication failed.`,
+      );
       return null;
     }
 
@@ -149,45 +57,48 @@ export class LdapService {
 
     const ldapClient = await this.createLdapConnection();
     try {
-      const [result] = await ldapExecuteSearch(ldapClient, searchBase, {
+      const { searchEntries } = await ldapClient.search(searchBase, {
         filter: searchQuery,
         scope: "sub",
+
+        attributes: ["*"],
+        returnAttributeValues: true,
       });
 
-      if (!result) {
+      if (searchEntries.length > 1) {
+        /* too many users found */
+        this.logger.verbose(
+          `Authentication for username ${username} failed. Too many users found with query ${searchQuery}`,
+        );
+        return null;
+      } else if (searchEntries.length == 0) {
         /* user not found */
+        this.logger.verbose(
+          `Authentication for username ${username} failed. No user found with query ${searchQuery}`,
+        );
         return null;
       }
 
+      const targetEntity = searchEntries[0];
+      this.logger.verbose(
+        `Trying to authenticate ${username} against LDAP user ${targetEntity.dn}`,
+      );
       try {
-        await ldapBindUser(ldapClient, result.objectName, password);
-
-        /*
-         * In theory we could query the user attributes now,
-         * but as we must query the user attributes for validation anyways
-         * we'll create a second ldap server connection.
-         */
-        return {
-          userDn: result.objectName,
-          attributes: Object.fromEntries(
-            result.attributes.map((attribute) => [
-              attribute.type,
-              attribute.values,
-            ]),
-          ),
-        };
+        await ldapClient.bind(targetEntity.dn, password);
+        return targetEntity;
       } catch (error) {
         if (error instanceof InvalidCredentialsError) {
+          this.logger.verbose(
+            `Failed to authenticate ${username} against ${targetEntity.dn}. Invalid credentials.`,
+          );
           return null;
         }
 
-        this.logger.warn(`LDAP user bind failure: ${inspect(error)}`);
+        this.logger.warn(`User bind failure: ${inspect(error)}`);
         return null;
-      } finally {
-        ldapClient.destroy();
       }
     } catch (error) {
-      this.logger.warn(`LDAP connect error: ${inspect(error)}`);
+      this.logger.warn(`Connect error: ${inspect(error)}`);
       return null;
     }
   }

backend/src/constants.ts

@@ -1,3 +1,5 @@
+import { LogLevel } from "@nestjs/common";
+
 export const DATA_DIRECTORY = process.env.DATA_DIRECTORY || "./data";
 export const SHARE_DIRECTORY = `${DATA_DIRECTORY}/uploads/shares`;
 export const DATABASE_URL =
@@ -7,3 +9,7 @@ export const CLAMAV_HOST =
   process.env.CLAMAV_HOST ||
   (process.env.NODE_ENV == "docker" ? "clamav" : "127.0.0.1");
 export const CLAMAV_PORT = parseInt(process.env.CLAMAV_PORT) || 3310;
+
+export const LOG_LEVEL_AVAILABLE: LogLevel[] = ['verbose', 'debug', 'log', 'warn', 'error', 'fatal'];
+export const LOG_LEVEL_DEFAULT: LogLevel = process.env.NODE_ENV === 'development' ? "verbose" : "log";
+export const LOG_LEVEL_ENV = `${process.env.PV_LOG_LEVEL || ""}`;

backend/src/main.ts

@@ -1,6 +1,7 @@
 import {
   ClassSerializerInterceptor,
   Logger,
+  LogLevel,
   ValidationPipe,
 } from "@nestjs/common";
 import { NestFactory, Reflector } from "@nestjs/core";
@@ -12,10 +13,35 @@ import { NextFunction, Request, Response } from "express";
 import * as fs from "fs";
 import { AppModule } from "./app.module";
 import { ConfigService } from "./config/config.service";
-import { DATA_DIRECTORY } from "./constants";
+import {
+  DATA_DIRECTORY,
+  LOG_LEVEL_AVAILABLE,
+  LOG_LEVEL_DEFAULT,
+  LOG_LEVEL_ENV,
+} from "./constants";
+
+function generateNestJsLogLevels(): LogLevel[] {
+  if (LOG_LEVEL_ENV) {
+    const levelIndex = LOG_LEVEL_AVAILABLE.indexOf(LOG_LEVEL_ENV as any);
+    if (levelIndex === -1) {
+      throw new Error(`log level ${LOG_LEVEL_ENV} unknown`);
+    }
+
+    return LOG_LEVEL_AVAILABLE.slice(levelIndex, LOG_LEVEL_AVAILABLE.length);
+  } else {
+    const levelIndex = LOG_LEVEL_AVAILABLE.indexOf(LOG_LEVEL_DEFAULT);
+    return LOG_LEVEL_AVAILABLE.slice(levelIndex, LOG_LEVEL_AVAILABLE.length);
+  }
+}
 
 async function bootstrap() {
-  const app = await NestFactory.create<NestExpressApplication>(AppModule);
+  const logLevels = generateNestJsLogLevels();
+  Logger.log(`Showing ${logLevels.join(", ")} messages`);
+
+  const app = await NestFactory.create<NestExpressApplication>(AppModule, {
+    logger: logLevels,
+  });
+
   app.useGlobalPipes(new ValidationPipe({ whitelist: true }));
   app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)));
 
@@ -48,7 +74,9 @@ async function bootstrap() {
     SwaggerModule.setup("api/swagger", app, document);
   }
 
-  await app.listen(parseInt(process.env.PORT) || 8080);
+  await app.listen(
+    parseInt(process.env.BACKEND_PORT || process.env.PORT || "8080"),
+  );
 
   const logger = new Logger("UnhandledAsyncError");
   process.on("unhandledRejection", (e) => logger.error(e));

backend/src/oauth/dto/oauthSignIn.dto.ts

@@ -4,4 +4,5 @@ export interface OAuthSignInDto {
   providerUsername: string;
   email: string;
   isAdmin?: boolean;
+  idToken?: string;
 }

backend/src/oauth/oauth.module.ts

@@ -1,4 +1,4 @@
-import { Module } from "@nestjs/common";
+import { forwardRef, Module } from "@nestjs/common";
 import { OAuthController } from "./oauth.controller";
 import { OAuthService } from "./oauth.service";
 import { AuthModule } from "../auth/auth.module";
@@ -51,6 +51,7 @@ import { MicrosoftProvider } from "./provider/microsoft.provider";
       inject: ["OAUTH_PROVIDERS"],
     },
   ],
-  imports: [AuthModule],
+  imports: [forwardRef(() => AuthModule)],
+  exports: [OAuthService],
 })
 export class OAuthModule {}

backend/src/oauth/oauth.service.ts

@@ -1,4 +1,4 @@
-import { Inject, Injectable, Logger } from "@nestjs/common";
+import { forwardRef, Inject, Injectable, Logger } from "@nestjs/common";
 import { User } from "@prisma/client";
 import { nanoid } from "nanoid";
 import { AuthService } from "../auth/auth.service";
@@ -6,14 +6,17 @@ import { ConfigService } from "../config/config.service";
 import { PrismaService } from "../prisma/prisma.service";
 import { OAuthSignInDto } from "./dto/oauthSignIn.dto";
 import { ErrorPageException } from "./exceptions/errorPage.exception";
+import { OAuthProvider } from "./provider/oauthProvider.interface";
 
 @Injectable()
 export class OAuthService {
   constructor(
     private prisma: PrismaService,
     private config: ConfigService,
-    private auth: AuthService,
+    @Inject(forwardRef(() => AuthService)) private auth: AuthService,
     @Inject("OAUTH_PLATFORMS") private platforms: string[],
+    @Inject("OAUTH_PROVIDERS")
+    private oAuthProviders: Record<string, OAuthProvider<unknown>>,
   ) {}
   private readonly logger = new Logger(OAuthService.name);
 
@@ -27,6 +30,18 @@ export class OAuthService {
       .map(([platform, _]) => platform);
   }
 
+  availableProviders(): Record<string, OAuthProvider<unknown>> {
+    return Object.fromEntries(
+      Object.entries(this.oAuthProviders)
+        .map(([providerName, provider]) => [
+          [providerName, provider],
+          this.config.get(`oauth.${providerName}-enabled`),
+        ])
+        .filter(([_, enabled]) => enabled)
+        .map(([provider, _]) => provider),
+    );
+  }
+
   async status(user: User) {
     const oauthUsers = await this.prisma.oAuthUser.findMany({
       select: {
@@ -55,7 +70,7 @@ export class OAuthService {
         },
       });
       this.logger.log(`Successful login for user ${user.email} from IP ${ip}`);
-      return this.auth.generateToken(updatedUser, true);
+      return this.auth.generateToken(updatedUser, { idToken: user.idToken });
     }
 
     return this.signUp(user, ip);
@@ -108,8 +123,10 @@ export class OAuthService {
   }
 
   private async getAvailableUsername(preferredUsername: string) {
-    // only remove + and - from preferred username for now (maybe not enough)
-    let username = preferredUsername.replace(/[+-]/g, "").substring(0, 20);
+    // Only keep letters, numbers, dots, and underscores. Truncate to 20 characters.
+    let username = preferredUsername
+      .replace(/[^a-zA-Z0-9._]/g, "")
+      .substring(0, 20);
     while (true) {
       const user = await this.prisma.user.findFirst({
         where: {
@@ -154,7 +171,7 @@ export class OAuthService {
         },
       });
       await this.updateIsAdmin(user);
-      return this.auth.generateToken(existingUser, true);
+      return this.auth.generateToken(existingUser, { idToken: user.idToken });
     }
 
     const result = await this.auth.signUp(

backend/src/oauth/provider/discord.provider.ts

@@ -81,12 +81,17 @@ export class DiscordProvider implements OAuthProvider<DiscordToken> {
     if (guild) {
       await this.checkLimitedGuild(token, guild);
     }
+    const limitedUsers = this.config.get("oauth.discord-limitedUsers");
+    if (limitedUsers) {
+      await this.checkLimitedUsers(user, limitedUsers);
+    }
 
     return {
       provider: "discord",
       providerId: user.id,
       providerUsername: user.global_name ?? user.username,
       email: user.email,
+      idToken: `discord:${token.idToken}`,
     };
   }
 
@@ -107,6 +112,12 @@ export class DiscordProvider implements OAuthProvider<DiscordToken> {
       throw new ErrorPageException("user_not_allowed");
     }
   }
+
+  async checkLimitedUsers(user: DiscordUser, userIds: string) {
+    if (!userIds.split(",").includes(user.id)) {
+      throw new ErrorPageException("user_not_allowed");
+    }
+  }
 }
 
 export interface DiscordToken {

backend/src/oauth/provider/genericOidc.provider.ts

@@ -197,6 +197,7 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
       providerId: idTokenData.sub,
       providerUsername: username,
       ...(isAdmin !== undefined && { isAdmin }),
+      idToken: `${this.name}:${token.idToken}`,
     };
   }
 
@@ -251,6 +252,8 @@ export interface OidcConfiguration {
   id_token_signing_alg_values_supported: string[];
   scopes_supported?: string[];
   claims_supported?: string[];
+  frontchannel_logout_supported?: boolean;
+  end_session_endpoint?: string;
 }
 
 export interface OidcJwk {

backend/src/oauth/provider/github.provider.ts

@@ -61,6 +61,7 @@ export class GitHubProvider implements OAuthProvider<GitHubToken> {
       providerId: user.id.toString(),
       providerUsername: user.name ?? user.login,
       email,
+      idToken: `github:${token.idToken}`,
     };
   }
 

backend/src/prisma/prisma.service.ts

@@ -1,9 +1,11 @@
-import { Injectable } from "@nestjs/common";
+import { Injectable, Logger } from "@nestjs/common";
 import { PrismaClient } from "@prisma/client";
 import { DATABASE_URL } from "../constants";
 
 @Injectable()
 export class PrismaService extends PrismaClient {
+  private readonly logger = new Logger(PrismaService.name);
+
   constructor() {
     super({
       datasources: {
@@ -12,6 +14,6 @@ export class PrismaService extends PrismaClient {
         },
       },
     });
-    super.$connect().then(() => console.info("Connected to the database"));
+    super.$connect().then(() => this.logger.log("Connected to the database"));
   }
 }

backend/src/user/user.controller.ts

@@ -19,10 +19,14 @@ import { UpdateOwnUserDTO } from "./dto/updateOwnUser.dto";
 import { UpdateUserDto } from "./dto/updateUser.dto";
 import { UserDTO } from "./dto/user.dto";
 import { UserSevice } from "./user.service";
+import { ConfigService } from "../config/config.service";
 
 @Controller("users")
 export class UserController {
-  constructor(private userService: UserSevice) {}
+  constructor(
+    private userService: UserSevice,
+    private config: ConfigService,
+  ) {}
 
   // Own user operations
   @Get("me")
@@ -49,11 +53,17 @@ export class UserController {
     @GetUser() user: User,
     @Res({ passthrough: true }) response: Response,
   ) {
-    response.cookie("access_token", "accessToken", { maxAge: -1 });
+    const isSecure = this.config.get("general.appUrl").startsWith("https");
+
+    response.cookie("access_token", "accessToken", {
+      maxAge: -1,
+      secure: isSecure,
+    });
     response.cookie("refresh_token", "", {
       path: "/api/auth/token",
       httpOnly: true,
       maxAge: -1,
+      secure: isSecure,
     });
     return new UserDTO().from(await this.userService.delete(user.id));
   }

backend/src/user/user.service.ts

@@ -1,4 +1,4 @@
-import { BadRequestException, Injectable } from "@nestjs/common";
+import { BadRequestException, Injectable, Logger } from "@nestjs/common";
 import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import * as argon from "argon2";
 import * as crypto from "crypto";
@@ -8,10 +8,14 @@ import { FileService } from "../file/file.service";
 import { CreateUserDTO } from "./dto/createUser.dto";
 import { UpdateUserDto } from "./dto/updateUser.dto";
 import { ConfigService } from "../config/config.service";
-import { LdapAuthenticateResult } from "../auth/ldap.service";
+import { Entry } from "ldapts";
+import { AuthSignInDTO } from "src/auth/dto/authSignIn.dto";
+import { inspect } from "util";
 
 @Injectable()
 export class UserSevice {
+  private readonly logger = new Logger(UserSevice.name);
+
   constructor(
     private prisma: PrismaService,
     private emailService: EmailService,
@@ -92,33 +96,114 @@ export class UserSevice {
     return await this.prisma.user.delete({ where: { id } });
   }
 
-  async findOrCreateFromLDAP(username: string, ldap: LdapAuthenticateResult) {
-    const passwordHash = await argon.hash(crypto.randomUUID());
-    const userEmail =
-      ldap.attributes["userPrincipalName"]?.at(0) ??
-      `${crypto.randomUUID()}@ldap.local`;
-    const adminGroup = this.configService.get("ldap.adminGroups");
-    const isAdmin = ldap.attributes["memberOf"]?.includes(adminGroup) ?? false;
+  async findOrCreateFromLDAP(
+    providedCredentials: AuthSignInDTO,
+    ldapEntry: Entry,
+  ) {
+    const fieldNameMemberOf = this.configService.get("ldap.fieldNameMemberOf");
+    const fieldNameEmail = this.configService.get("ldap.fieldNameEmail");
+
+    let isAdmin = false;
+    if (fieldNameMemberOf in ldapEntry) {
+      const adminGroup = this.configService.get("ldap.adminGroups");
+      const entryGroups = Array.isArray(ldapEntry[fieldNameMemberOf])
+        ? ldapEntry[fieldNameMemberOf]
+        : [ldapEntry[fieldNameMemberOf]];
+      isAdmin = entryGroups.includes(adminGroup) ?? false;
+    } else {
+      this.logger.warn(
+        `Trying to create/update a ldap user but the member field ${fieldNameMemberOf} is not present.`,
+      );
+    }
+
+    let userEmail: string | null = null;
+    if (fieldNameEmail in ldapEntry) {
+      const value = Array.isArray(ldapEntry[fieldNameEmail])
+        ? ldapEntry[fieldNameEmail][0]
+        : ldapEntry[fieldNameEmail];
+      if (value) {
+        userEmail = value.toString();
+      }
+    } else {
+      this.logger.warn(
+        `Trying to create/update a ldap user but the email field ${fieldNameEmail} is not present.`,
+      );
+    }
+
+    if (providedCredentials.email) {
+      /* if LDAP does not provides an users email address, take the user provided email address instead */
+      userEmail = providedCredentials.email;
+    }
+
+    const randomId = crypto.randomUUID();
+    const placeholderUsername = `ldap_user_${randomId}`;
+    const placeholderEMail = `${randomId}@ldap.local`;
+
     try {
-      return await this.prisma.user.upsert({
+      const user = await this.prisma.user.upsert({
         create: {
-          username,
-          email: userEmail,
-          password: passwordHash,
-          isAdmin,
-          ldapDN: ldap.userDn,
-        },
-        update: {
-          username,
-          email: userEmail,
+          username: providedCredentials.username ?? placeholderUsername,
+          email: userEmail ?? placeholderEMail,
+          password: await argon.hash(crypto.randomUUID()),
 
           isAdmin,
-          ldapDN: ldap.userDn,
+          ldapDN: ldapEntry.dn,
+        },
+        update: {
+          isAdmin,
+          ldapDN: ldapEntry.dn,
         },
         where: {
-          ldapDN: ldap.userDn,
+          ldapDN: ldapEntry.dn,
         },
       });
+
+      if (user.username === placeholderUsername) {
+        /* Give the user a human readable name if the user has been created with a placeholder username */
+        await this.prisma.user
+          .update({
+            where: {
+              id: user.id,
+            },
+            data: {
+              username: `user_${user.id}`,
+            },
+          })
+          .then((newUser) => {
+            user.username = newUser.username;
+          })
+          .catch((error) => {
+            this.logger.warn(
+              `Failed to update users ${user.id} placeholder username: ${inspect(error)}`,
+            );
+          });
+      }
+
+      if (userEmail && userEmail !== user.email) {
+        /* Sync users email if it has changed */
+        await this.prisma.user
+          .update({
+            where: {
+              id: user.id,
+            },
+            data: {
+              email: userEmail,
+            },
+          })
+          .then((newUser) => {
+            this.logger.log(
+              `Updated users ${user.id} email from ldap from ${user.email} to ${userEmail}.`,
+            );
+            user.email = newUser.email;
+          })
+          .catch((error) => {
+            this.logger.error(
+              `Failed to update users ${user.id} email to ${userEmail}: ${inspect(error)}`,
+            );
+          });
+      }
+
+      return user;
     } catch (e) {
       if (e instanceof PrismaClientKnownRequestError) {
         if (e.code == "P2002") {

docker-compose.yml

@@ -4,15 +4,11 @@ services:
     restart: unless-stopped
     ports:
       - 3000:3000
+    environment:
+      - TRUST_PROXY=false # Set to true if a reverse proxy is in front of the container
     volumes:
       - "./data:/opt/app/backend/data"
       - "./data/images:/opt/app/frontend/public/img"
-# Optional: If you add ClamAV, uncomment the following to have ClamAV start first.
-#    depends_on:
-#      clamav:
-#        condition: service_healthy
-# Optional: Add ClamAV (see README.md)  
-# ClamAV is currently only available for AMD64 see https://github.com/Cisco-Talos/clamav/issues/482
-#  clamav:
-#    restart: unless-stopped
-#    image: clamav/clamav
+
+  # To add ClamAV, to scan your shares for malicious files, 
+  # see https://stonith404.github.io/pingvin-share/setup/integrations/#clamav-docker-only

docs/docs/setup/configuration.md

@@ -34,13 +34,13 @@ For installation specific configuration, you can use environment variables. The
 
 #### Backend
 
-| Variable         | Default Value                                      | Description                            |
-| ---------------- | -------------------------------------------------- | -------------------------------------- |
-| `PORT`           | `8080`                                             | The port on which the backend listens. |
-| `DATABASE_URL`   | `file:../data/pingvin-share.db?connection_limit=1` | The URL of the SQLite database.        |
-| `DATA_DIRECTORY` | `./data`                                           | The directory where data is stored.    |
-| `CLAMAV_HOST`    | `127.0.0.1`                                        | The IP address of the ClamAV server.   |
-| `CLAMAV_PORT`    | `3310`                                             | The port number of the ClamAV server.  |
+| Variable         | Default Value                                      | Description                                                                                              |
+| ---------------- | -------------------------------------------------- | -------------------------------------------------------------------------------------------------------- |
+| `BACKEND_PORT`   | `8080`                                             | The port on which the backend listens.                                                                   |
+| `DATABASE_URL`   | `file:../data/pingvin-share.db?connection_limit=1` | The URL of the SQLite database.                                                                          |
+| `DATA_DIRECTORY` | `./data`                                           | The directory where data is stored.                                                                      |
+| `CLAMAV_HOST`    | `127.0.0.1` or `clamav` when running with Docker   | The IP address of the ClamAV server. See the [ClamAV docs](integrations.md#clamav) for more information. |
+| `CLAMAV_PORT`    | `3310`                                             | The port number of the ClamAV server.                                                                    |
 
 #### Frontend
 
@@ -48,3 +48,9 @@ For installation specific configuration, you can use environment variables. The
 | --------- | ----------------------- | ---------------------------------------- |
 | `PORT`    | `3000`                  | The port on which the frontend listens.  |
 | `API_URL` | `http://localhost:8080` | The URL of the backend for the frontend. |
+
+#### Reverse Proxy (inside the Docker container)
+
+| Variable      | Default Value | Description                                                                                                 |
+| ------------- | ------------- | ----------------------------------------------------------------------------------------------------------- |
+| `TRUST_PROXY` | `false`       | Whether Pingvin Share is behind a reverse proxy. If set to `true`, the `X-Forwarded-For` header is trusted. |

docs/docs/setup/installation.md

@@ -37,9 +37,9 @@ cd ../frontend
 npm install
 npm run build
 API_URL=http://localhost:8080 # Set the URL of the backend, default: http://localhost:8080
-pm2 start --name="pingvin-share-frontend" .next/standalone/server.js
+pm2 start npm --name "pingvin-share-frontend" -- run start
 ```
 
-**Uploading Large Files**: By default, Pingvin Share uses a built-in reverse proxy to reduce the installation steps. However, this reverse proxy is not optimized for uploading large files. If you wish to upload larger files, you can either use the Docker installation or set up your own reverse proxy. An example configuration for Caddy can be found in `./Caddyfile`.
+**Uploading Large Files**: By default, Pingvin Share uses a built-in reverse proxy to reduce the installation steps. However, this reverse proxy is not optimized for uploading large files. If you wish to upload larger files, you can either use the Docker installation or set up your own reverse proxy. An example configuration for Caddy can be found in `./reverse-proxy/Caddyfile`.
 
 The website is now listening on `http://localhost:3000`, have fun with Pingvin Share 🐧!

docs/docs/setup/integrations.md

@@ -4,12 +4,39 @@ id: integrations
 
 # Integrations
 
-#### ClamAV (Docker only)
+## ClamAV
 
 ClamAV is used to scan shares for malicious files and remove them if found.
 
-1. Add the ClamAV container to the Docker Compose stack (see `docker-compose.yml`) and start the container.
+Please note that ClamAV needs a lot of [ressources](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).
+
+### Docker
+
+If you are already running ClamAV elsewhere, you can specify the `CLAMAV_HOST` environment variable to point to that instance.
+
+Else you have to add the ClamAV container to the Pingvin Share Docker Compose stack:
+
+1. Add the ClamAV container to the Docker Compose stack and start the container.
+
+```diff
+services:
+  pingvin-share:
+    image: stonith404/pingvin-share
+    ...
++   depends_on:
++     clamav:
++       condition: service_healthy
+
++  clamav:
++    restart: unless-stopped
++    image: clamav/clamav
+
+```
+
 2. Docker will wait for ClamAV to start before starting Pingvin Share. This may take a minute or two.
 3. The Pingvin Share logs should now log "ClamAV is active"
 
-Please note that ClamAV needs a lot of [ressources](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).
+### Stand-Alone
+
+1. Install ClamAV
+2. Specify the `CLAMAV_HOST` environment variable for the backend and restart the Pingvin Share backend.

docs/docs/setup/oauth2login.md

@@ -42,7 +42,9 @@ Redirect URL: `https://<your-domain>/api/oauth/callback/discord`
 
 Generic OpenID Connect provider is also supported, we have tested it on Keycloak, Authentik and Casdoor.
 
-Redirect URL: `https://<your-domain>/api/oauth/callback/oidc`
+Redirect URI: `https://<your-domain>/api/oauth/callback/oidc`
+
+Post Logout Redirect URI: `https://<your-domain>`
 
 ## Custom your OAuth 2 Provider
 

docs/docs/setup/upgrading.md

@@ -39,6 +39,6 @@ docker compose up -d
    cd ../frontend
    npm install
    npm run build
-   API_URL=http://localhost:8080 # Set the URL of the backend, default: http://localhost:8080
    pm2 restart pingvin-share-frontend
    ```
+Note that environemnt variables are not picked up when using pm2 restart, if you actually want to change configs, you need to run ````pm2 --update-env restart````

docs/package.json

@@ -7,7 +7,7 @@
     "start": "docusaurus start",
     "build": "docusaurus build",
     "swizzle": "docusaurus swizzle",
-    "deploy": "docusaurus deploy",
+    "deploy": "GIT_USER=stonith404 docusaurus deploy",
     "clear": "docusaurus clear",
     "serve": "docusaurus serve",
     "write-translations": "docusaurus write-translations",
@@ -15,19 +15,19 @@
     "typecheck": "tsc"
   },
   "dependencies": {
-    "@docusaurus/core": "3.4.0",
-    "@docusaurus/preset-classic": "3.4.0",
-    "@mdx-js/react": "^3.0.0",
-    "clsx": "^2.0.0",
-    "prism-react-renderer": "^2.3.0",
-    "react": "^18.0.0",
-    "react-dom": "^18.0.0"
+    "@docusaurus/core": "3.5.2",
+    "@docusaurus/preset-classic": "3.5.2",
+    "@mdx-js/react": "^3.0.1",
+    "clsx": "^2.1.1",
+    "prism-react-renderer": "^2.4.0",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1"
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "3.4.0",
-    "@docusaurus/tsconfig": "3.4.0",
-    "@docusaurus/types": "3.4.0",
-    "typescript": "~5.2.2"
+    "@docusaurus/module-type-aliases": "3.5.2",
+    "@docusaurus/tsconfig": "3.5.2",
+    "@docusaurus/types": "3.5.2",
+    "typescript": "~5.6.2"
   },
   "browserslist": {
     "production": [

docs/sidebars.ts

@@ -56,6 +56,11 @@ const sidebars: SidebarsConfig = {
         },
       ],
     },
+    {
+      type: "link",
+      label: "Demo",
+      href: "https://pingvin-share.dev.eliasschneider.com",
+    },
     {
       type: "link",
       label: "Discord",

frontend/next-env.d.ts

@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
+// see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share-frontend",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "scripts": {
     "dev": "next dev",
     "build": "next build",
@@ -9,7 +9,7 @@
     "format": "prettier --end-of-line=auto --write \"src/**/*.ts*\""
   },
   "dependencies": {
-    "@emotion/react": "^11.11.4",
+    "@emotion/react": "^11.13.3",
     "@emotion/server": "^11.11.0",
     "@mantine/core": "^6.0.21",
     "@mantine/dropzone": "^6.0.21",
@@ -18,37 +18,37 @@
     "@mantine/modals": "^6.0.21",
     "@mantine/next": "^6.0.21",
     "@mantine/notifications": "^6.0.21",
-    "axios": "^1.7.2",
-    "cookies-next": "^2.1.2",
+    "axios": "^1.7.7",
+    "cookies-next": "^4.2.1",
     "file-saver": "^2.0.5",
-    "jose": "^4.15.5",
-    "jwt-decode": "^3.1.2",
-    "markdown-to-jsx": "^7.4.7",
+    "jose": "^5.9.2",
+    "jwt-decode": "^4.0.0",
+    "markdown-to-jsx": "^7.5.0",
     "mime-types": "^2.1.35",
     "moment": "^2.30.1",
-    "next": "^14.2.3",
+    "next": "^14.2.12",
     "next-http-proxy-middleware": "^1.2.6",
     "next-pwa": "^5.6.0",
-    "p-limit": "^4.0.0",
+    "p-limit": "^6.1.0",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
-    "react-icons": "^4.12.0",
+    "react-icons": "^5.3.0",
     "react-intl": "^6.6.8",
-    "sharp": "^0.33.4",
+    "sharp": "^0.33.5",
     "yup": "^1.4.0"
   },
   "devDependencies": {
     "@types/mime-types": "^2.1.4",
-    "@types/node": "20.12.12",
-    "@types/react": "18.3.2",
+    "@types/node": "22.5.5",
+    "@types/react": "18.3.7",
     "@types/react-dom": "18.3.0",
-    "@typescript-eslint/parser": "^7.10.0",
-    "axios": "^1.7.2",
+    "@typescript-eslint/parser": "^8.6.0",
+    "axios": "^1.7.7",
     "eslint": "8.57.0",
-    "eslint-config-next": "^13.5.6",
-    "eslint-config-prettier": "^8.10.0",
-    "prettier": "^3.2.5",
-    "tar": "^6.2.1",
-    "typescript": "^5.4.5"
+    "eslint-config-next": "^14.2.12",
+    "eslint-config-prettier": "^9.1.0",
+    "prettier": "^3.3.3",
+    "tar": "^7.4.3",
+    "typescript": "^5.6.2"
   }
 }

frontend/src/components/auth/SignInForm.tsx

@@ -97,7 +97,7 @@ const SignInForm = ({ redirectPath }: { redirectPath: string }) => {
 
   const signIn = async (email: string, password: string) => {
     await authService
-      .signIn(email, password)
+      .signIn(email.trim(), password.trim())
       .then(async (response) => {
         if (response.data["loginToken"]) {
           // Prompt the user to enter their totp code

frontend/src/components/auth/SignUpForm.tsx

@@ -48,7 +48,7 @@ const SignUpForm = () => {
 
   const signUp = async (email: string, username: string, password: string) => {
     await authService
-      .signUp(email, username, password)
+      .signUp(email.trim(), username.trim(), password.trim())
       .then(async () => {
         const user = await refreshUser();
         if (user?.isAdmin) {

frontend/src/components/share/modals/showCreateReverseShareModal.tsx

@@ -9,11 +9,13 @@ import {
   Switch,
   Text,
 } from "@mantine/core";
-import { useForm } from "@mantine/form";
+import { useForm, yupResolver } from "@mantine/form";
 import { useModals } from "@mantine/modals";
 import { ModalsContextProps } from "@mantine/modals/lib/context";
+import { getCookie, setCookie } from "cookies-next";
 import moment from "moment";
 import { FormattedMessage } from "react-intl";
+import * as yup from "yup";
 import useTranslate, {
   translateOutsideContext,
 } from "../../../hooks/useTranslate.hook";
@@ -22,7 +24,6 @@ import { getExpirationPreview } from "../../../utils/date.util";
 import toast from "../../../utils/toast.util";
 import FileSizeInput from "../FileSizeInput";
 import showCompletedReverseShareModal from "./showCompletedReverseShareModal";
-import { getCookie, setCookie } from "cookies-next";
 
 const showCreateReverseShareModal = (
   modals: ModalsContextProps,
@@ -65,6 +66,16 @@ const Body = ({
       simplified: !!(getCookie("reverse-share.simplified") ?? false),
       publicAccess: !!(getCookie("reverse-share.public-access") ?? true),
     },
+    validate: yupResolver(
+      yup.object().shape({
+        maxUseCount: yup
+          .number()
+          .typeError(t("common.error.invalid-number"))
+          .min(1, t("common.error.number-too-small", { min: 1 }))
+          .max(1000, t("common.error.number-too-large", { max: 1000 }))
+          .required(t("common.error.field-required")),
+      }),
+    ),
   });
 
   const onSubmit = form.onSubmit(async (values) => {

frontend/src/components/upload/modals/showCreateUploadModal.tsx

@@ -370,9 +370,8 @@ const CreateUploadModalBody = ({
                     placeholder={t("upload.modal.accordion.email.placeholder")}
                     searchable
                     creatable
-                    id="recipient_email"
-                    autoComplete="email"
-                    type="email"
+                    id="recipient-emails"
+                    inputMode="email"
                     getCreateLabel={(query) => `+ ${query}`}
                     onCreate={(query) => {
                       if (!query.match(/^\S+@\S+\.\S+$/)) {
@@ -426,7 +425,7 @@ const CreateUploadModalBody = ({
                       "upload.modal.accordion.security.password.placeholder",
                     )}
                     label={t("upload.modal.accordion.security.password.label")}
-                    autoComplete="off"
+                    autoComplete="new-password"
                     {...form.getInputProps("password")}
                   />
                   <NumberInput

frontend/src/i18n/translations/ar-EG.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "تفعيل الدخول باستخدام OpenID Connect",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "رابط الاستكشاف لتطبيق OpenID Connect OAuth",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "طلب اسم المستخدم في رمز معرف OpenID Connect. إذا كنت لا تعرف معنى هذا الإعداد، اتركه فارغًا.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "هذه الصفحة غير موجودة.",
   "404.button.home": "أعدني للصفحة الرئيسية",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "الرابط",
   "common.text.navigate-to-link": "الذهاب إلى الرابط",
   "common.text.or": "أو",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "العودة",
   "common.button.go-home": "العودة للصفحة الرئيسية",
   "common.notify.copied": "تم نسخ الرابط إلى الحافظة",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "عنوان البريد غير صحيح",
   "common.error.too-short": "يجب أن يكون على الأقل {length} حرفًا",
   "common.error.too-long": "يجب أن يكون على الأكثر {length} حرفًا",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "يجب أن يكون بالضبط {length} حرفًا",
   "common.error.invalid-number": "يجب أن يكون رقماً",
   "common.error.field-required": "هذا الحقل مطلوب"

frontend/src/i18n/translations/bg-BG.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Oops this page doesn't exist.",
   "404.button.home": "Bring me back home",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Link",
   "common.text.navigate-to-link": "Go to the link",
   "common.text.or": "or",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Go back",
   "common.button.go-home": "Go home",
   "common.notify.copied": "Your link was copied to the clipboard",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Invalid email address",
   "common.error.too-short": "Must be at least {length} characters",
   "common.error.too-long": "Must be at most {length} characters",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Must be exactly {length} characters",
   "common.error.invalid-number": "Must be a number",
   "common.error.field-required": "This field is required"

frontend/src/i18n/translations/cs-CZ.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Zda je povoleno přihlášení přes OpenID Connect",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Skupina potřebná pro administrativní přístup.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Jejda, tato stránka neexistuje.",
   "404.button.home": "Bring me back home",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Odkaz",
   "common.text.navigate-to-link": "Přejít na odkaz",
   "common.text.or": "nebo",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Vrátit se zpět",
   "common.button.go-home": "Jít domů",
   "common.notify.copied": "Váš odkaz byl zkopírován do schránky",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Invalid email address",
   "common.error.too-short": "Musí mít alespoň {length} znaků",
   "common.error.too-long": "Musí mít maximálně {length} znaků",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Musí mít přesně {length} znaků",
   "common.error.invalid-number": "Musí být číslo",
   "common.error.field-required": "Toto pole je povinné"

frontend/src/i18n/translations/da-DK.ts

@@ -34,7 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "2-faktor login påkrævet",
   "signIn.notify.totp-required.description": "Indtast den aktuelle engangskode fra din 2-faktor Authenticator",
   "signIn.oauth.or": "OR",
-  "signIn.oauth.signInWith": "Sign in with",
+  "signIn.oauth.signInWith": "Log ind med",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -58,7 +58,7 @@ export default {
   // /auth/reset-password
   "resetPassword.title": "Glemt din adgangskode?",
   "resetPassword.description": "Indtast din e-mail for at nulstille din adgangskode.",
-  "resetPassword.notify.success": "A message with a link to reset your password has been sent if the email exists.",
+  "resetPassword.notify.success": "En besked med et link til at nulstille din adgangskode er blevet sendt, hvis e-mailen eksisterer.",
   "resetPassword.button.back": "Tilbage til login",
   "resetPassword.text.resetPassword": "Nulstil adgangskode",
   "resetPassword.text.enterNewPassword": "Indtast din nye adgangskode",
@@ -135,7 +135,7 @@ export default {
   "account.reverseShares.title.empty": "Der er tomt her 👀",
   "account.reverseShares.description.empty": "You don't have any reverse shares.",
   // showCreateReverseShareModal.tsx
-  "account.reverseShares.modal.title": "Create reverse share",
+  "account.reverseShares.modal.title": "Opret omvendt deling",
   "account.reverseShares.modal.expiration.label": "Udløb",
   "account.reverseShares.modal.expiration.minute-singular": "Minut",
   "account.reverseShares.modal.expiration.minute-plural": "Minutter",
@@ -154,7 +154,7 @@ export default {
   "account.reverseShares.modal.send-email.description": "Send en e-mail notifikation, når der oprettes en deling med dette omvendte delingslink.",
   "account.reverseShares.modal.simplified": "Simple mode",
   "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
-  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access": "Offentlig adgang",
   "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
   "account.reverseShares.modal.max-use.label": "Maksimal anvendelser",
   "account.reverseShares.modal.max-use.description": "Det maksimale antal gange, denne URL kan bruges til at oprette en deling.",
@@ -168,7 +168,7 @@ export default {
   "account.reverseShares.table.max-size": "Maksimal størrelse for deling",
   "account.reverseShares.table.expires": "Udløber d",
   "account.reverseShares.modal.reverse-share-link": "Reverse share link",
-  "account.reverseShares.modal.delete.title": "Delete reverse share",
+  "account.reverseShares.modal.delete.title": "Slet omvendt deling",
   "account.reverseShares.modal.delete.description": "Ønsker du virkelig at slette denne omvendte deling? Hvis du gør det, vil de tilknyttede delinger også blive slettet.",
   // END /account/reverseShares
   // /admin
@@ -244,7 +244,7 @@ export default {
   "upload.modal.expires.month-plural": "Måneder",
   "upload.modal.expires.year-singular": "År",
   "upload.modal.expires.year-plural": "År",
-  "upload.modal.accordion.name-and-description.title": "Name and description",
+  "upload.modal.accordion.name-and-description.title": "Navn og beskrivelse",
   "upload.modal.accordion.name-and-description.name.placeholder": "Navn",
   "upload.modal.accordion.name-and-description.description.placeholder": "Note for the recipients of this share",
   "upload.modal.accordion.email.title": "E-mail modtagere",
@@ -269,7 +269,7 @@ export default {
   "share.error.removed.title": "Deling fjernet",
   "share.error.not-found.title": "Delingen blev ikke fundet",
   "share.error.not-found.description": "Den deling, du leder efter, eksisterer ikke.",
-  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.title": "Privat deling",
   "share.error.access-denied.description": "The current account does not have permission to access this share",
   "share.modal.password.title": "Adgangskode påkrævet",
   "share.modal.password.description": "For at få adgang til denne deling, indtast venligst adgangskoden til delingen.",
@@ -287,7 +287,7 @@ export default {
   "share.edit.title": "Rediger {shareId}",
   "share.edit.append-upload": "Append file",
   "share.edit.notify.generic-error": "An error occurred while finishing your share.",
-  "share.edit.notify.save-success": "Share updated successfully",
+  "share.edit.notify.save-success": "Deling opdateret",
   // END /share/[id]/edit
   // /admin/config
   "admin.config.title": "Konfiguration",
@@ -355,13 +355,13 @@ export default {
   "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
   "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
   "admin.config.oauth.allow-registration": "Tillad registrering",
-  "admin.config.oauth.allow-registration.description": "Allow users to register via social login",
+  "admin.config.oauth.allow-registration.description": "Tillad brugere at registrere sig via socialt login",
   "admin.config.oauth.ignore-totp": "Ignore TOTP",
   "admin.config.oauth.ignore-totp.description": "Whether to ignore TOTP when user using social login",
-  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password": "Deaktiver login med password",
   "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
   "admin.config.oauth.github-enabled": "GitHub",
-  "admin.config.oauth.github-enabled.description": "Whether GitHub login is enabled",
+  "admin.config.oauth.github-enabled.description": "Om GitHub login er aktiveret",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
   "admin.config.oauth.github-client-id.description": "Client ID of the GitHub OAuth app",
   "admin.config.oauth.github-client-secret": "GitHub Client secret",
@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -405,7 +407,7 @@ export default {
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
   "admin.config.category.ldap": "LDAP",
-  "admin.config.ldap.enabled": "Enabled LDAP",
+  "admin.config.ldap.enabled": "Aktiveret LDAP",
   "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
   "admin.config.ldap.url": "Server URL",
   "admin.config.ldap.url.description": "URL of the LDAP server",
@@ -417,8 +419,12 @@ export default {
   "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
   "admin.config.ldap.search-query": "User query",
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
-  "admin.config.ldap.admin-groups": "Admin group",
-  "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.admin-groups": "Admin gruppe",
+  "admin.config.ldap.admin-groups.description": "Gruppe påkrævet for administrativ adgang.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Ups! Denne side findes ikke.",
   "404.button.home": "Gå tilbage",
@@ -426,7 +432,7 @@ export default {
   "error.title": "Fejl",
   "error.description": "Hovsa!",
   "error.button.back": "Gå tilbage",
-  "error.msg.default": "Something went wrong.",
+  "error.msg.default": "Noget gik galt.",
   "error.msg.access_denied": "You canceled the authentication process, please try again.",
   "error.msg.expired_token": "The authentication process took too long, please try again.",
   "error.msg.invalid_token": "Intern Fejl",
@@ -454,8 +460,9 @@ export default {
   "common.button.generate": "Generer",
   "common.button.done": "Færdig",
   "common.text.link": "Link",
-  "common.text.navigate-to-link": "Go to the link",
+  "common.text.navigate-to-link": "Gå til linket",
   "common.text.or": "eller",
+  "common.text.redirecting": "Omdirigerer...",
   "common.button.go-back": "Gå tilbage",
   "common.button.go-home": "Go home",
   "common.notify.copied": "Linket blev kopieret til udklipsholderen",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Ugyldig e-mail",
   "common.error.too-short": "Skal være på mindst {length} tegn",
   "common.error.too-long": "Må højst være {length} tegn",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Skal være præcis {length} tegn",
   "common.error.invalid-number": "Skal være et tal",
   "common.error.field-required": "Dette felt er påkrævet"

frontend/src/i18n/translations/de-DE.ts

@@ -131,7 +131,7 @@ export default {
   // END /account/shares
   // /account/reverseShares
   "account.reverseShares.title": "Externe Freigaben",
-  "account.reverseShares.description": "Eine externe Freigabe erlaubt dir eine einzigartige URL zu erstellen, die externen Benutzern erlaubt Dateien hochzuladen.",
+  "account.reverseShares.description": "Eine externe Freigabe erlaubt dir eine einzigartige URL zu erstellen, die externen Benutzern erlaubt, Dateien hochzuladen.",
   "account.reverseShares.title.empty": "Es ist leer hier 👀",
   "account.reverseShares.description.empty": "Du hast keine externen Freigaben erstellt.",
   // showCreateReverseShareModal.tsx
@@ -155,7 +155,7 @@ export default {
   "account.reverseShares.modal.simplified": "Einfacher Modus",
   "account.reverseShares.modal.simplified.description": "Mache es der Person einfach, die die Datei hochlädt, sie mit Dir zu teilen. Sie können nur den Namen und die Beschreibung der Freigabe ändern.",
   "account.reverseShares.modal.public-access": "Öffentlicher Zugriff",
-  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
+  "account.reverseShares.modal.public-access.description": "Mache die erstellten Freigaben mit dieser Rückfreigabe öffentlich. Wenn deaktiviert, kannst nur du und der Ersteller der Freigaben diese anzeigen.",
   "account.reverseShares.modal.max-use.label": "Maximale Nutzungen",
   "account.reverseShares.modal.max-use.description": "Die maximale Anzahl von Verwendungen der URL, um Dateien hochzuladen.",
   "account.reverseShare.never-expires": "Diese externe Freigabe wird nicht ablaufen.",
@@ -324,7 +324,7 @@ export default {
   "admin.config.email.invite-subject": "Betreff für Einladung",
   "admin.config.email.invite-subject.description": "Betreff der E-Mail, die gesendet wird, wenn ein Administrator einen Benutzer einlädt.",
   "admin.config.email.invite-message": "Nachricht für Einladung",
-  "admin.config.email.invite-message.description": "Message which gets sent when an admin invites a user. {url} will be replaced with the invite URL, {email} with the email and {password} with the password of the user.",
+  "admin.config.email.invite-message.description": "Nachricht welche gesendet wird, wenn der Administrator einen Nutzer einlädt. {url} wird ersetzt durch die Einladung URL, {email} mit der die E-Mail und {password} mit dem Passwort des Benutzers.",
   "admin.config.share.allow-registration": "Registrierung erlauben",
   "admin.config.share.allow-registration.description": "Gibt an, ob eine Registrierung erlaubt ist",
   "admin.config.share.allow-unauthenticated-shares": "Nicht authentifizierte Freigaben erlauben",
@@ -392,11 +392,13 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "OpenID Connect Anmeldung erlaubt",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Verbindung Discovery URL",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery-URL der OpenID OAuth App",
+  "admin.config.oauth.oidc-sign-out": "Abmelden von OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Wenn aktiviert, wird der Benutzer mit der „Abmelden“-Schaltfläche vom OpenID-Connect-Provider abgemeldet.",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect Benutzername anfordern",
   "admin.config.oauth.oidc-username-claim.description": "Benutzername im OpenID Token. Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
-  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path": "Pfad zu den Rollen im OpenID Verbindungs-Token",
   "admin.config.oauth.oidc-role-path.description": "Muss ein valider JMES-Pfad sein, der zu einem Array an Rollen führt. " + "Die Zugangsverwaltung über Rollen in OpenID Connect ist nur empfohlen, wenn kein anderer Identitätsprovider konfiguriert und die Anmeldung per Password deaktiviert ist. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
-  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect Rolle für allgemeinen Zugriff",
   "admin.config.oauth.oidc-role-general-access.description": "Rolle für generellen Zugriff. Muss Teil der Rollen eines Benutzers sein, damit dieser sich anmelden kann. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
   "admin.config.oauth.oidc-role-admin-access": "OpenID Connect Rolle für Admin-Zugriff",
   "admin.config.oauth.oidc-role-admin-access.description": "Rolle für administrativen Zugriff. Muss Teil der Rollen eines Benutzers sein, damit dieser auf das Administrator-Panel zugreifen kann. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
@@ -405,10 +407,10 @@ export default {
   "admin.config.oauth.oidc-client-secret": "OpenID Connect Client-Secret",
   "admin.config.oauth.oidc-client-secret.description": "Client-Secret der OpenID Connect OAuth-App",
   "admin.config.category.ldap": "LDAP",
-  "admin.config.ldap.enabled": "Enabled LDAP",
-  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
-  "admin.config.ldap.url": "Server URL",
-  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.enabled": "LDAP aktivieren",
+  "admin.config.ldap.enabled.description": "LDAP-Authentifizierung für die Benutzeranmeldung verwenden",
+  "admin.config.ldap.url": "Server-URL",
+  "admin.config.ldap.url.description": "URL des LDAP-Servers",
   "admin.config.ldap.bind-dn": "Bind DN",
   "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
   "admin.config.ldap.bind-password": "Bind password",
@@ -416,9 +418,13 @@ export default {
   "admin.config.ldap.search-base": "User base",
   "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
   "admin.config.ldap.search-query": "User query",
-  "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
+  "admin.config.ldap.search-query.description": "Die Benutzer Abfrage wird in der \"Benutzerdatenbank\" gesucht für den LDAP Benutzer. %username% kann als Platzhalter für den Benutzer eingegeben werden.",
   "admin.config.ldap.admin-groups": "Administratorengruppe",
-  "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.admin-groups.description": "Gruppe benötigt für den Administrations Zugang.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Ups, diese Seite existiert nicht.",
   "404.button.home": "Zurück zur Startseite",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Link",
   "common.text.navigate-to-link": "Link öffnen",
   "common.text.or": "oder",
+  "common.text.redirecting": "Umleitung...",
   "common.button.go-back": "Zurück",
   "common.button.go-home": "Zur Startseite",
   "common.notify.copied": "Dein Link wurde in die Zwischenablage kopiert",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Ungültige E-Mail-Adresse",
   "common.error.too-short": "Muss mindestens {length} Zeichen enthalten",
   "common.error.too-long": "Muss maximal {length} Zeichen enthalten",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Muss genau {length} Zeichen lang sein",
   "common.error.invalid-number": "Muss eine Zahl sein",
   "common.error.field-required": "Dieses Feld ist erforderlich"

frontend/src/i18n/translations/el-GR.ts

@@ -153,9 +153,9 @@ export default {
   "account.reverseShares.modal.send-email": "Αποστολή ειδοποιήσεων με email",
   "account.reverseShares.modal.send-email.description": "Στείλτε μια ειδοποίηση μέσω ηλεκτρονικού ταχυδρομείου όταν δημιουργείται ένας διαμοιρασμός με αυτόν τον σύνδεσμο ανάστροφης κοινοποίησης.",
   "account.reverseShares.modal.simplified": "Απλή λειτουργία",
-  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
-  "account.reverseShares.modal.public-access": "Public access",
-  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
+  "account.reverseShares.modal.simplified.description": "Κάντε εύκολο για το άτομο που ανεβάζει το αρχείο να το μοιραστεί μαζί σας. Θα είναι σε θέση να προσαρμόσει μόνο το όνομα και την περιγραφή της κοινοποίησης.",
+  "account.reverseShares.modal.public-access": "Δημόσια πρόσβαση",
+  "account.reverseShares.modal.public-access.description": "Κάντε τις δημιουργημένες κοινοποιήσεις με αυτή την αντίστροφη κοινή χρήση δημόσιες. Εάν απενεργοποιηθεί, μόνο εσείς και ο δημιουργός της κοινής χρήσης μπορείτε να τη δείτε.",
   "account.reverseShares.modal.max-use.label": "Μέγιστες χρήσεις",
   "account.reverseShares.modal.max-use.description": "Ο μέγιστος αριθμός που μπορεί να χρησιμοποιηθεί αυτό το URL για τη δημιουργία ενός διαμοιρασμού.",
   "account.reverseShare.never-expires": "Αυτός ο αντίστροφος διαμοιρασμός δε λήγει.",
@@ -174,7 +174,7 @@ export default {
   // /admin
   "admin.title": "Διαχείριση",
   "admin.button.users": "Διαχείριση χρηστών",
-  "admin.button.shares": "Share management",
+  "admin.button.shares": "Διαχείριση κοινοποιήσεων",
   "admin.button.config": "Διαμόρφωση",
   "admin.version": "Έκδοση",
   // END /admin
@@ -202,13 +202,13 @@ export default {
   "admin.users.modal.create.admin.description": "Αν ενεργοποιηθεί, ο χρήστης θα μπορεί να έχει πρόσβαση στον πίνακα διαχείρισης.",
   // END /admin/users
   // /admin/shares
-  "admin.shares.title": "Share management",
-  "admin.shares.table.id": "Share ID",
-  "admin.shares.table.username": "Creator",
-  "admin.shares.table.visitors": "Visitors",
-  "admin.shares.table.expires": "Expires At",
-  "admin.shares.edit.delete.title": "Delete share {id}",
-  "admin.shares.edit.delete.description": "Do you really want to delete this share?",
+  "admin.shares.title": "Διαχείριση κοινοποιήσεων",
+  "admin.shares.table.id": "Αναγνωριστικό κοινοποίησης",
+  "admin.shares.table.username": "Δημιουργός",
+  "admin.shares.table.visitors": "Επισκέπτες",
+  "admin.shares.table.expires": "Λήγει στις",
+  "admin.shares.edit.delete.title": "Διαγραφή κοινοποίησης {id}",
+  "admin.shares.edit.delete.description": "Θέλετε πραγματικά να διαγράψετε αυτή τη κοινοποίηση;",
   // END /admin/shares
   // /upload
   "upload.title": "Μεταφόρτωση",
@@ -244,9 +244,9 @@ export default {
   "upload.modal.expires.month-plural": "Μήνες",
   "upload.modal.expires.year-singular": "Έτος",
   "upload.modal.expires.year-plural": "Έτη",
-  "upload.modal.accordion.name-and-description.title": "Name and description",
-  "upload.modal.accordion.name-and-description.name.placeholder": "Name",
-  "upload.modal.accordion.name-and-description.description.placeholder": "Note for the recipients of this share",
+  "upload.modal.accordion.name-and-description.title": "Όνομα και περιγραφή",
+  "upload.modal.accordion.name-and-description.name.placeholder": "Όνομα",
+  "upload.modal.accordion.name-and-description.description.placeholder": "Σημείωση για τους παραλήπτες αυτής της κοινοποίησης",
   "upload.modal.accordion.email.title": "Αποδέκτες email",
   "upload.modal.accordion.email.placeholder": "Εισάγετε αποδέκτες email",
   "upload.modal.accordion.email.invalid-email": "Μη έγκυρη διεύθυνση e-mail",
@@ -259,7 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Αυτός ο διαμοιρασμός δεν λήγει.",
   "upload.modal.completed.expires-on": "Αυτός ο διαμοιρασμός θα λήξει {expiration}.",
   "upload.modal.completed.share-ready": "Κοινοποίηση έτοιμου",
-  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
+  "upload.modal.completed.notified-reverse-share-creator": "Έχουμε ειδοποιήσει τον δημιουργό της αντίστροφης κοινής χρήσης. Μπορείτε επίσης να μοιραστείτε χειροκίνητα αυτόν τον σύνδεσμο μαζί τους μέσω άλλων μέσων.",
   // END /upload
   // /share/[id]
   "share.title": "Διαμοιρασμός {shareId}",
@@ -269,8 +269,8 @@ export default {
   "share.error.removed.title": "Κοινοποίηση αφαιρέθηκε",
   "share.error.not-found.title": "Η κοινοποίηση δε βρέθηκε",
   "share.error.not-found.description": "Η κοινοποίηση που ψάχνετε δεν υπάρχει.",
-  "share.error.access-denied.title": "Private share",
-  "share.error.access-denied.description": "The current account does not have permission to access this share",
+  "share.error.access-denied.title": "Ιδιωτική κοινοποίηση",
+  "share.error.access-denied.description": "Ο τρέχων λογαριασμός δεν έχει δικαίωμα πρόσβασης σε αυτήν την κοινοποίηση",
   "share.modal.password.title": "Απαιτείται κωδικός",
   "share.modal.password.description": "Για να αποκτήσετε πρόσβαση σε αυτή την κοινοποίηση εισάγετε τον κωδικό πρόσβασης.",
   "share.modal.password": "Κωδικός πρόσβασης",
@@ -302,8 +302,8 @@ export default {
   "admin.config.general.app-url.description": "Η διεύθυνση URL όπου το Pingvin Share είναι διαθέσιμο",
   "admin.config.general.show-home-page": "Εμφάνιση αρχικής σελίδας",
   "admin.config.general.show-home-page.description": "Εάν θα εμφανίζεται η αρχική σελίδα",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "Διάρκεια συνεδρίας",
+  "admin.config.general.session-duration.description": "Χρόνος σε ώρες μετά την οποία ένας χρήστης πρέπει να συνδεθεί ξανά (προεπιλογή: 3 μήνες).",
   "admin.config.general.logo": "Λογότυπο",
   "admin.config.general.logo.description": "Αλλάξτε το λογότυπό σας ανεβάζοντας μια νέα εικόνα. Η εικόνα πρέπει να είναι PNG και αναλογία 1:1.",
   "admin.config.general.logo.placeholder": "Επιλέξτε εικόνα",
@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Αν είναι ενεργοποιημένη η σύνδεση OpenID",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Αφήστε κενό αν δε γνωρίζετε για αυτή τη ρύθμιση",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Ουπς. Αυτή η σελίδα δεν υπάρχει.",
   "404.button.home": "Πήγαινέ με πίσω",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Σύνδεσμος",
   "common.text.navigate-to-link": "Μεταβείτε στο σύνδεσμο",
   "common.text.or": "ή",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Επιστροφή",
   "common.button.go-home": "Μετάβαση στην αρχική",
   "common.notify.copied": "Ο σύνδεσμος σας αντιγράφηκε στο πρόχειρο",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Μη έγκυρη διεύθυνση e-mail",
   "common.error.too-short": "Πρέπει να αποτελείται τουλάχιστον {length} χαρακτήρες",
   "common.error.too-long": "Πρέπει να αποτελείται το πολύ από {length} χαρακτήρες",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Πρέπει να αποτελείται ακριβώς από {length} χαρακτήρες",
   "common.error.invalid-number": "Πρέπει να είναι αριθμός",
   "common.error.field-required": "Αυτό το πεδίο είναι υποχρεωτικό"

frontend/src/i18n/translations/en-US.ts

@@ -547,6 +547,9 @@ export default {
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description":
     "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description":
+    "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description":
     "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
@@ -585,6 +588,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
 
   // 404
   "404.description": "Oops this page doesn't exist.",
@@ -642,6 +649,8 @@ export default {
   "common.error.invalid-email": "Invalid email address",
   "common.error.too-short": "Must be at least {length} characters",
   "common.error.too-long": "Must be at most {length} characters",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Must be exactly {length} characters",
   "common.error.invalid-number": "Must be a number",
   "common.error.field-required": "This field is required",

frontend/src/i18n/translations/es-ES.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Oops esta página no existe.",
   "404.button.home": "Regrésame al inicio",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Enlace",
   "common.text.navigate-to-link": "Ir al enlace",
   "common.text.or": "o",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Volver",
   "common.button.go-home": "Página de inicio",
   "common.notify.copied": "Tu enlace se ha copiado al portapapeles",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Correo electrónico no válido",
   "common.error.too-short": "Debe tener al menos {length} caracteres",
   "common.error.too-long": "Debe tener como máximo {length} caracteres",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Debe tener exactamente {length} caracteres",
   "common.error.invalid-number": "Debe ser un número",
   "common.error.field-required": "Este campo es requerido"

frontend/src/i18n/translations/fi-FI.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Hups tätä sivua ei ole olemassa.",
   "404.button.home": "Tuo minut takaisin kotiin",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Linkki",
   "common.text.navigate-to-link": "Go to the link",
   "common.text.or": "tai",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Takaisin",
   "common.button.go-home": "Go home",
   "common.notify.copied": "Linkki kopioitiin leikepöydälle",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Virheellinen sähköpostiosoite",
   "common.error.too-short": "Täytyy olla vähintään {length} merkkiä",
   "common.error.too-long": "Täytyy olla enintään {length} merkkiä",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "On oltava tarkasti {length} merkkiä pitkä",
   "common.error.invalid-number": "Pitää olla luku",
   "common.error.field-required": "Tämä kenttä on pakollinen"

frontend/src/i18n/translations/fr-FR.ts

@@ -24,10 +24,10 @@ export default {
   // END /
   // /auth/signin
   "signin.title": "Content de vous revoir",
-  "signin.description": "Pas encore de compte ?",
+  "signin.description": "Vous n'avez pas encore de compte ?",
   "signin.button.signup": "S’inscrire",
-  "signin.input.email-or-username": "Courriel ou surnom",
-  "signin.input.email-or-username.placeholder": "Votre courriel ou surnom",
+  "signin.input.email-or-username": "Courriel ou nom d'utilisateur",
+  "signin.input.email-or-username.placeholder": "Votre courriel ou nom d'utilisateur",
   "signin.input.password": "Mot de passe",
   "signin.input.password.placeholder": "Votre mot de passe",
   "signin.button.submit": "Se connecter",
@@ -45,8 +45,8 @@ export default {
   "signup.title": "Créer un compte",
   "signup.description": "Vous avez déjà un compte ?",
   "signup.button.signin": "Se connecter",
-  "signup.input.username": "Surnom",
-  "signup.input.username.placeholder": "Votre surnom",
+  "signup.input.username": "Nom d'utilisateur",
+  "signup.input.username.placeholder": "Votre nom d'utilisateur",
   "signup.input.email": "Adresse email",
   "signup.input.email.placeholder": "Votre courriel",
   "signup.button.submit": "Commençons",
@@ -156,7 +156,7 @@ export default {
   "account.reverseShares.modal.simplified.description": "Simplifiez la tâche de la personne qui télécharge le fichier pour le partager avec vous. Ils ne pourront personnaliser que le nom et la description du partage.",
   "account.reverseShares.modal.public-access": "Accès public",
   "account.reverseShares.modal.public-access.description": "Rendre les partages créés avec ce partage inversé public. Si désactivé, seul vous et le créateur du partage pouvez le voir.",
-  "account.reverseShares.modal.max-use.label": "Nombre d'utilisation max",
+  "account.reverseShares.modal.max-use.label": "Nombre d'utilisations max",
   "account.reverseShares.modal.max-use.description": "Le nombre maximal de fois que cette URL peut être utilisée pour créer un partage.",
   "account.reverseShare.never-expires": "Ce partage inversé n'expirera jamais.",
   "account.reverseShare.expires-on": "Ce partage inversé expirera le {expiration}.",
@@ -324,9 +324,9 @@ export default {
   "admin.config.email.invite-subject": "Sujet d’une invitation",
   "admin.config.email.invite-subject.description": "Intitulé du courriel envoyé lorsqu’un administrateur invite un utilisateur.",
   "admin.config.email.invite-message": "Message d’une invitation",
-  "admin.config.email.invite-message.description": "Message which gets sent when an admin invites a user. {url} will be replaced with the invite URL, {email} with the email and {password} with the password of the user.",
+  "admin.config.email.invite-message.description": "Message qui est envoyé lorsqu'un administrateur invite un utilisateur. {url} sera remplacé avec l'URL d'invitation, {email} avec le courriel et {password} avec le mot de passe de l'utilisateur.",
   "admin.config.share.allow-registration": "Autoriser les inscriptions",
-  "admin.config.share.allow-registration.description": "Permet aux visiteurs de créer un compte.",
+  "admin.config.share.allow-registration.description": "Permet aux visiteurs de créer un compte",
   "admin.config.share.allow-unauthenticated-shares": "Autoriser les partages anonymes",
   "admin.config.share.allow-unauthenticated-shares.description": "Permet aux visiteurs de créer des partages",
   "admin.config.share.max-expiration": "Échéance",
@@ -381,7 +381,7 @@ export default {
   "admin.config.oauth.microsoft-client-secret": "Secret du client Microsoft",
   "admin.config.oauth.microsoft-client-secret.description": "Le secret du client de l’application Microsoft OAuth",
   "admin.config.oauth.discord-enabled": "Discord",
-  "admin.config.oauth.discord-enabled.description": "Permettre la connexion via Discord.",
+  "admin.config.oauth.discord-enabled.description": "Permettre la connexion via Discord",
   "admin.config.oauth.discord-limited-guild": "ID de serveur restreint Discord",
   "admin.config.oauth.discord-limited-guild.description": "Limiter la connexion aux utilisateurs sur un serveur spécifique. Laissez vide pour désactiver.",
   "admin.config.oauth.discord-client-id": "ID du client Discord",
@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Permettre la connexion via OpenID",
   "admin.config.oauth.oidc-discovery-uri": "URI de découverte OpenID",
   "admin.config.oauth.oidc-discovery-uri.description": "L’URI de découverte de la connexion à l'application OpenID OAuth",
+  "admin.config.oauth.oidc-sign-out": "Déconnexion du fournisseur OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Si activé, le bouton \"Déconnexion\" vous déconnectera également du fournisseur d'identité OpenID Connect",
   "admin.config.oauth.oidc-username-claim": "Revendication du nom d’utilisateur OpenID",
   "admin.config.oauth.oidc-username-claim.description": "Le champ contenant la revendication du nom d’utilisateur dans le jeton OpenID Connect. Laissez vide si vous ne savez pas quoi indiquer.",
   "admin.config.oauth.oidc-role-path": "Chemin vers les rôles dans le jeton OpenID Connect",
@@ -418,7 +420,11 @@ export default {
   "admin.config.ldap.search-query": "Requête utilisateur",
   "admin.config.ldap.search-query.description": "La requête utilisateur sera utilisée pour rechercher dans la ‘base d'utilisateurs’ de l'utilisateur LDAP. %username% peut être utilisé comme espace réservé pour les entrées données par l'utilisateur.",
   "admin.config.ldap.admin-groups": "Groupe administrateur",
-  "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.admin-groups.description": "Un groupe est nécessaire pour un accès administratif.",
+  "admin.config.ldap.field-name-member-of": "Nom de l'attribut des groupes d'utilisateurs",
+  "admin.config.ldap.field-name-member-of.description": "Nom d'attribut LDAP pour les groupes dont un utilisateur est membre. Il est utilisé lors de la vérification du groupe d'administrateurs.",
+  "admin.config.ldap.field-name-email": "Nom d'attribut de l'e-mail de l'utilisateur",
+  "admin.config.ldap.field-name-email.description": "Nom d'attribut LDAP pour l'e-mail d'un utilisateur.",
   // 404
   "404.description": "Désolé, mais cette page n’existe pas.",
   "404.button.home": "Retour à l’accueil",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Lien",
   "common.text.navigate-to-link": "Accéder au lien",
   "common.text.or": "ou",
+  "common.text.redirecting": "Redirection...",
   "common.button.go-back": "Précédent",
   "common.button.go-home": "Accueil",
   "common.notify.copied": "Votre lien a été copié dans le presse-papiers",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Adresse courriel invalide",
   "common.error.too-short": "Doit comporter au moins {length} caractères",
   "common.error.too-long": "Doit comporter au plus {length} caractères",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Doit comporter exactement {length} caractères",
   "common.error.invalid-number": "Doit être un nombre",
   "common.error.field-required": "Ce champ est obligatoire"

frontend/src/i18n/translations/hu-HU.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "OpenID Connect bejelentkezés engedélyezése",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Az OpenID Connect OAuth applikáció Discovery URI azonosítója",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect felhasználónév igény",
   "admin.config.oauth.oidc-username-claim.description": "Az OpenID Connect ID token felhasználónév igénye. Hagyja üresen ha nincs információja a beállításról.",
   "admin.config.oauth.oidc-role-path": "Az OpenID Connect token szerepeinek elérési útvonala",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "A felhasználó lekérdezés kísérli meg az LDAP felhasználó elérését a felhasználóbázisban. %username% helyettesítheti az adott felhasználónevet.",
   "admin.config.ldap.admin-groups": "Admin csoport",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Hoppá - ez az oldal nem létezik.",
   "404.button.home": "Vissza a Kezdőlapra",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Hivatkozás",
   "common.text.navigate-to-link": "Ugrás a hivatkozásra",
   "common.text.or": "vagy",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Vissza",
   "common.button.go-home": "Kezdőlap",
   "common.notify.copied": "A hivatkozást a Vágólapra másoltuk",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Érvénytelen emailcím",
   "common.error.too-short": "Legalább {length} karakter kell",
   "common.error.too-long": "Legfejlebb {length} karakter adható meg",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Pontosan {length} karakter szükséges",
   "common.error.invalid-number": "Számot kell megadnia",
   "common.error.field-required": "Ez egy kötelező mező"

frontend/src/i18n/translations/it-IT.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Se il login tramite OpenID Connect è abilitato",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "URI di scoperta dell'app OAuth di OpenID Connect",
+  "admin.config.oauth.oidc-sign-out": "Esci da OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Se premuto, il pulsante “Disconnettersi” disconnetterà dal provider OpenID Connect",
   "admin.config.oauth.oidc-username-claim": "Richiesta nome utente OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Nome utente nel token OpenID Connect. Lascialo vuoto se non sai cos'è questa configurazione.",
   "admin.config.oauth.oidc-role-path": "Percorso verso i ruoli in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "La query utente verrà utilizzata per cercare la 'base utente' per l'utente LDAP. %username% può essere usato come segnaposto per l'input dato dall'utente.",
   "admin.config.ldap.admin-groups": "Gruppo di amministrazione",
   "admin.config.ldap.admin-groups.description": "Gruppo richiesto per l’accesso amministrativo.",
+  "admin.config.ldap.field-name-member-of": "Nome dell'attributo per il gruppo utenti",
+  "admin.config.ldap.field-name-member-of.description": "Nome attributo LDAP per i gruppi, di cui un utente è membro. Questo viene utilizzato per controllare il gruppo amministratore.",
+  "admin.config.ldap.field-name-email": "Nome dell'attributo email dell'utente",
+  "admin.config.ldap.field-name-email.description": "Nome attributo LDAP per l'email di un utente.",
   // 404
   "404.description": "Ops, questa pagina non esiste.",
   "404.button.home": "Riportami a casa",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Collegamento",
   "common.text.navigate-to-link": "Vai al collegamento",
   "common.text.or": "o",
+  "common.text.redirecting": "Reindirizzamento...",
   "common.button.go-back": "Torna indietro",
   "common.button.go-home": "Vai alla Home Page",
   "common.notify.copied": "Il tuo collegamento e' stato copiato negli appunti",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Indirizzo email non valido",
   "common.error.too-short": "Deve contenere almeno {length} caratteri",
   "common.error.too-long": "Deve contenere al massimo {length} caratteri",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Deve essere esattamente {length} caratteri",
   "common.error.invalid-number": "Deve essere un numero",
   "common.error.field-required": "Questo campo è obbligatorio"

frontend/src/i18n/translations/ja-JP.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "OpenID Connect のログインが有効かを設定します",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "OpenID OAuthアプリのDiscovery URI",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect ユーザー名の要求",
   "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID トークンのユーザー名要求。この設定が何かわからない場合は空白のままにしてください。",
   "admin.config.oauth.oidc-role-path": "OpenID Connectトークンのロールへのパス",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "ユーザークエリはLDAPユーザーの「ユーザーベース」を検索するために使用されます。 %username% は、入力されたユーザーのプレースホルダとして使用できます。",
   "admin.config.ldap.admin-groups": "管理者グループ",
   "admin.config.ldap.admin-groups.description": "管理者アクセスに必要なグループです。",
+  "admin.config.ldap.field-name-member-of": "ユーザーグループ属性名",
+  "admin.config.ldap.field-name-member-of.description": "ユーザーがメンバーであるグループのLDAP属性名。これは、管理者グループを確認するときに使用されます。",
+  "admin.config.ldap.field-name-email": "ユーザーのメール属性名",
+  "admin.config.ldap.field-name-email.description": "ユーザーのメールのLDAP属性名。",
   // 404
   "404.description": "ページが見つかりません。",
   "404.button.home": "ホームに戻る",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "リンク",
   "common.text.navigate-to-link": "リンクへ移動",
   "common.text.or": "または",
+  "common.text.redirecting": "リダイレクトしています...",
   "common.button.go-back": "戻る",
   "common.button.go-home": "ホームに戻る",
   "common.notify.copied": "リンクをクリップボードにコピーしました",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "無効なメールアドレス",
   "common.error.too-short": "最低{length} 文字である必要があります",
   "common.error.too-long": "最大{length} 文字である必要があります",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "{length} 文字である必要があります",
   "common.error.invalid-number": "数字でなければなりません",
   "common.error.field-required": "これは必須項目です"

frontend/src/i18n/translations/ko-KR.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "OpenID Connect 로그인 사용 여부",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID 토큰의 Username claim 입니다. 이 구성이 무엇인지 모르면 비워 둡니다.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "이런, 이 페이지는 존재하지 않습니다.",
   "404.button.home": "나를 집으로 데려다 줘",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "링크",
   "common.text.navigate-to-link": "링크로 이동",
   "common.text.or": "또는",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "뒤로 가기",
   "common.button.go-home": "첫 페이지",
   "common.notify.copied": "당신의 링크가 클립보드에 복사되었습니다.",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "이메일 주소가 틀립니다",
   "common.error.too-short": "최소 {length} 자 이상이어야 합니다",
   "common.error.too-long": "최대 {length} 자 까지 입력가능합니다.",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "{length} 자 이어야 합니다.",
   "common.error.invalid-number": "숫자만 가능합니다.",
   "common.error.field-required": "이 필드는 필수입니다"

frontend/src/i18n/translations/nl-BE.ts

@@ -34,7 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Tweestapsverificatie vereist",
   "signIn.notify.totp-required.description": "Voer uw tweestapsverificatiecode in",
   "signIn.oauth.or": "OF",
-  "signIn.oauth.signInWith": "Sign in with",
+  "signIn.oauth.signInWith": "Registreer met",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -151,11 +151,11 @@ export default {
   "account.reverseShares.modal.expiration.year-plural": "Jaren",
   "account.reverseShares.modal.max-size.label": "Maximale share-grootte",
   "account.reverseShares.modal.send-email": "Stuur e-mailnotificatie",
-  "account.reverseShares.modal.send-email.description": "Stuur een e-mailnotificatie wanneer er bestanden zijn gedeeld via deze omgekeerde share link.",
+  "account.reverseShares.modal.send-email.description": "Stuur een e-mail notificatie wanneer er bestanden zijn gedeeld via deze omgekeerde share link.",
   "account.reverseShares.modal.simplified": "Simple mode",
-  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+  "account.reverseShares.modal.simplified.description": "Maak het makkelijk voor de persoon die het bestand uploadt om het met u te delen. Ze kunnen alleen de naam en beschrijving van de share aanpassen.",
   "account.reverseShares.modal.public-access": "Public access",
-  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
+  "account.reverseShares.modal.public-access.description": "Maak de gemaakte shares met deze reverse share openbaar. Als dit is uitgeschakeld, kunnen alleen jij en de maker van de share deze bekijken.",
   "account.reverseShares.modal.max-use.label": "Maximaal gebruikte keren",
   "account.reverseShares.modal.max-use.description": "Maximale keren dat deze URL gebruikt kan worden om een share aan te maken.",
   "account.reverseShare.never-expires": "Deze omgekeerde share zal nooit verlopen.",
@@ -246,7 +246,7 @@ export default {
   "upload.modal.expires.year-plural": "Jaren",
   "upload.modal.accordion.name-and-description.title": "Naam en beschrijving",
   "upload.modal.accordion.name-and-description.name.placeholder": "Naam",
-  "upload.modal.accordion.name-and-description.description.placeholder": "Note for the recipients of this share",
+  "upload.modal.accordion.name-and-description.description.placeholder": "Opmerking voor de ontvangers van deze share",
   "upload.modal.accordion.email.title": "E-mail van de ontvangers",
   "upload.modal.accordion.email.placeholder": "Voer e-mail ontvangers in",
   "upload.modal.accordion.email.invalid-email": "Ongeldig e-mailadres",
@@ -259,7 +259,7 @@ export default {
   "upload.modal.completed.never-expires": "Deze omgekeerde share zal nooit verlopen.",
   "upload.modal.completed.expires-on": "Deze omgekeerde share verloopt op {expiration}.",
   "upload.modal.completed.share-ready": "Share is gereed",
-  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",
+  "upload.modal.completed.notified-reverse-share-creator": "We hebben de maker van de reverse share op de hoogte gesteld. U kunt deze link ook handmatig met hen delen via andere middelen.",
   // END /upload
   // /share/[id]
   "share.title": "Share {shareId}",
@@ -270,7 +270,7 @@ export default {
   "share.error.not-found.title": "Share niet gevonden",
   "share.error.not-found.description": "De share die u zoekt kan niet gevonden worden.",
   "share.error.access-denied.title": "Private share",
-  "share.error.access-denied.description": "The current account does not have permission to access this share",
+  "share.error.access-denied.description": "Dit account heeft geen toestemming om toegang te krijgen tot deze share",
   "share.modal.password.title": "Wachtwoord vereist",
   "share.modal.password.description": "Vul een wachtwoord in om toegang te krijgen tot deze share.",
   "share.modal.password": "Wachtwoord",
@@ -302,8 +302,8 @@ export default {
   "admin.config.general.app-url.description": "De URL waar Pingvin Share bereikbaar is",
   "admin.config.general.show-home-page": "Toon startpagina",
   "admin.config.general.show-home-page.description": "Toon of verberg de home pagina",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "Sessieduur",
+  "admin.config.general.session-duration.description": "Tijd in uren waarna een gebruiker zich opnieuw moet aanmelden (standaard: 3 maanden).",
   "admin.config.general.logo": "Logo",
   "admin.config.general.logo.description": "Verander uw logo door een nieuwe afbeelding te uploaden. De afbeelding moet PNG zijn en het formaat moet 1:1 hebben.",
   "admin.config.general.logo.placeholder": "Afbeelding kiezen",
@@ -324,7 +324,7 @@ export default {
   "admin.config.email.invite-subject": "Onderwerp voor uitnodiging",
   "admin.config.email.invite-subject.description": "Onderwerp van de e-mail die wordt verzonden wanneer een beheerder een gebruiker uitnodigt.",
   "admin.config.email.invite-message": "Bericht voor uitnodiging",
-  "admin.config.email.invite-message.description": "Message which gets sent when an admin invites a user. {url} will be replaced with the invite URL, {email} with the email and {password} with the password of the user.",
+  "admin.config.email.invite-message.description": "Bericht dat wordt verzonden wanneer een beheerder een gebruiker uitnodigt. {url} wordt vervangen door de uitnodigings-URL, {email} door het e-mailadres en {password} door het wachtwoord van de gebruiker.",
   "admin.config.share.allow-registration": "Sta registratie toe",
   "admin.config.share.allow-registration.description": "Of registratie is toegestaan",
   "admin.config.share.allow-unauthenticated-shares": "Ongeverifieerde shares toestaan",
@@ -336,7 +336,7 @@ export default {
   "admin.config.share.zip-compression-level": "Zip compressie niveau",
   "admin.config.share.zip-compression-level.description": "Pas het niveau aan voor evenwicht tussen bestandsgrootte en compressie snelheid. Geldige waarden variëren van 0 tot 9, waarbij 0 geen compressie is en 9 de maximale compressie is. ",
   "admin.config.share.chunk-size": "Chunk size",
-  "admin.config.share.chunk-size.description": "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
+  "admin.config.share.chunk-size.description": "Pas de chunkgrootte (in bytes) voor uw uploads aan om efficiëntie en betrouwbaarheid in evenwicht te brengen op basis van uw internetverbinding. Kleinere chunks kunnen de slagingspercentages voor onstabiele verbindingen verbeteren, terwijl grotere chunks uploads voor stabiele verbindingen versnellen.",
   "admin.config.share.auto-open-share-modal": "Auto open create share modal",
   "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
   "admin.config.smtp.enabled": "Inschakelen",
@@ -352,14 +352,14 @@ export default {
   "admin.config.smtp.password": "Wachtwoord",
   "admin.config.smtp.password.description": "Wachtwoord van de SMTP-server",
   "admin.config.smtp.button.test": "Teste-mail verzenden",
-  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
-  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
+  "admin.config.smtp.allow-unauthorized-certificates": "Vertrouw ongeautoriseerde SMTP-servercertificaten",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Zet dit alleen aan als je de self signed certificates vertrouwt.",
   "admin.config.oauth.allow-registration": "Sta registratie toe",
   "admin.config.oauth.allow-registration.description": "Gebruikers toestaan zich te registreren via sociale login",
   "admin.config.oauth.ignore-totp": "TOTP negeren",
   "admin.config.oauth.ignore-totp.description": "TOTP negeren wanneer gebruiker sociale login gebruikt",
-  "admin.config.oauth.disable-password": "Disable password login",
-  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
+  "admin.config.oauth.disable-password": "Zet password login uit",
+  "admin.config.oauth.disable-password.description": "Of password login moet worden uitgeschakeld\nZorg ervoor dat een OAuth-provider correct is geconfigureerd voordat u deze configuratie activeert om te voorkomen dat u wordt buitengesloten.",
   "admin.config.oauth.github-enabled": "GitHub",
   "admin.config.oauth.github-enabled.description": "Ofdat GitHub login is ingeschakeld",
   "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -392,33 +392,39 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Ofdat OpenID Connect login is ingeschakeld",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI van de OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Gebruikersnaam claim in OpenID Connect-ID-token. Laat het leeg als u niet weet wat deze configuratie is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
-  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
-  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
-  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
-  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
-  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path.description": "Moet een geldig JMES-pad zijn dat verwijst naar een reeks rollen. " + "Het beheren van toegangsrechten met behulp van OpenID Connect-rollen wordt alleen aanbevolen als er geen andere identiteitsprovider is geconfigureerd en wachtwoordaanmelding is uitgeschakeld. " + "Laat dit leeg als u niet weet wat deze configuratie is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role voor algemene toegang",
+  "admin.config.oauth.oidc-role-general-access.description": "Rol vereist voor algemene toegang. Moet aanwezig zijn in de rollen van een gebruiker om in te loggen. " + "Laat het leeg als u niet weet wat deze configuratie is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role voor admin toegang",
+  "admin.config.oauth.oidc-role-admin-access.description": "Rol vereist voor administratieve toegang. Moet aanwezig zijn in de rollen van een gebruiker om toegang te krijgen tot het admin-paneel. " + "Laat dit leeg als u niet weet wat deze configuratie is.",
   "admin.config.oauth.oidc-client-id": "Client-ID OpenID Connect",
   "admin.config.oauth.oidc-client-id.description": "Client-ID van de OpenID Connect OAuth app",
   "admin.config.oauth.oidc-client-secret": "OpenID Connect client secret",
   "admin.config.oauth.oidc-client-secret.description": "Client secret van de OpenID Connect OAuth app",
   "admin.config.category.ldap": "LDAP",
   "admin.config.ldap.enabled": "Enabled LDAP",
-  "admin.config.ldap.enabled.description": "Use LDAP authentication for user login",
+  "admin.config.ldap.enabled.description": "Gebruik LDAP authentication voor gebruiker login",
   "admin.config.ldap.url": "Server URL",
-  "admin.config.ldap.url.description": "URL of the LDAP server",
+  "admin.config.ldap.url.description": "URL van de LDAP server",
   "admin.config.ldap.bind-dn": "Bind DN",
-  "admin.config.ldap.bind-dn.description": "Default user which will be used to execute the user search",
+  "admin.config.ldap.bind-dn.description": "Standaardgebruiker die zal worden gebruikt om de gebruikerszoekopdracht uit te voeren",
   "admin.config.ldap.bind-password": "Bind password",
-  "admin.config.ldap.bind-password.description": "Password for the user search user",
+  "admin.config.ldap.bind-password.description": "Wachtwoord voor de user search gebruiker",
   "admin.config.ldap.search-base": "User base",
   "admin.config.ldap.search-base.description": "Base location, where the user search will be performed",
   "admin.config.ldap.search-query": "User query",
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
-  "admin.config.ldap.admin-groups": "Admin group",
-  "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.admin-groups": "Admin groep",
+  "admin.config.ldap.admin-groups.description": "Groep vereist voor administratieve toegang.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Oeps, deze pagina bestaat niet.",
   "404.button.home": "Breng me terug naar huis",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Koppeling",
   "common.text.navigate-to-link": "Ga naar de koppeling",
   "common.text.or": "of",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Ga terug",
   "common.button.go-home": "Go home",
   "common.notify.copied": "Uw link is gekopieerd naar het klembord",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Ongeldig e-mailadres",
   "common.error.too-short": "Moet ten minste {length} tekens bevatten",
   "common.error.too-long": "Moet maximaal {length} tekens bevatten",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Moet precies {length} tekens bevatten",
   "common.error.invalid-number": "Moet een getal zijn",
   "common.error.field-required": "Dit veld is verplicht"

frontend/src/i18n/translations/pl-PL.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Czy jest włączony login OpenID Connect",
   "admin.config.oauth.oidc-discovery-uri": "Wykrywanie URI OpenID Connect",
   "admin.config.oauth.oidc-discovery-uri.description": "Wykrywanie URI OAuth aplikacji OpenID Connect",
+  "admin.config.oauth.oidc-sign-out": "Wylogowanie z OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Czy przycisk „Wyloguj się” spowoduje wylogowanie z dostawcy OpenID Connect",
   "admin.config.oauth.oidc-username-claim": "Żądanie nazwy użytkownika OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Żądanie nazwy użytkownika w tokenie identyfikatora OpenID Connect. Jeśli nie wiesz, czym jest ta konfiguracja, pozostaw pustą.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Ups! Ta strona nie istnieje.",
   "404.button.home": "Wróć do strony domowej",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Link",
   "common.text.navigate-to-link": "Przejdź do linku",
   "common.text.or": "lub",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Wróć",
   "common.button.go-home": "Wróć do ekranu głównego",
   "common.notify.copied": "Link został skopiowany do schowka",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Adres e-mail jest nieprawidłowy",
   "common.error.too-short": "Musi mieć co najmniej {length} znaków",
   "common.error.too-long": "Musi mieć co najmniej {length} znaków",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Musi mieć dokładnie {length} znaków",
   "common.error.invalid-number": "Musi być liczbą",
   "common.error.field-required": "To pole jest wymagane"

frontend/src/i18n/translations/pt-BR.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Se o login do OpenID Connect está ativado",
   "admin.config.oauth.oidc-discovery-uri": "URI de descoberta do OpenID Connect",
   "admin.config.oauth.oidc-discovery-uri.description": "URI da descoberta do aplicativo OpenID Connect OAuth",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "Reivindicação de nome de usuário OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Nome de usuário no token de ID OpenID Connect. Deixe em branco se você não sabe o que é esta configuração.",
   "admin.config.oauth.oidc-role-path": "Caminho para as funções no token OpenID Connect",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "A consulta do usuário será usada para pesquisar a 'base de usuários' para o usuário LDAP. %username% pode ser usado como espaço reservado para o usuário fornecido na entrada.",
   "admin.config.ldap.admin-groups": "Grupo de administração",
   "admin.config.ldap.admin-groups.description": "Grupo necessário para acesso administrativo.",
+  "admin.config.ldap.field-name-member-of": "Nome do atributo do grupo de usuários",
+  "admin.config.ldap.field-name-member-of.description": "Nome do atributo LDAP para os grupos, de um usuário é membro. Isto é usado ao verificar para o grupo de administração.",
+  "admin.config.ldap.field-name-email": "Nome do atributo do grupo de usuários",
+  "admin.config.ldap.field-name-email.description": "Nome do atributo LDAP para o email de um usuário.",
   // 404
   "404.description": "Ops, esta página não existe.",
   "404.button.home": "Me traga de volta para casa",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Link",
   "common.text.navigate-to-link": "Ir para o link",
   "common.text.or": "ou",
+  "common.text.redirecting": "Redirecionando...",
   "common.button.go-back": "Voltar",
   "common.button.go-home": "Voltar para o Início",
   "common.notify.copied": "O seu link foi copiado para a área de transferência",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Endereço de e-mail inválido",
   "common.error.too-short": "Deve ter no mínimo {length} caracteres",
   "common.error.too-long": "Deve ter no máximo {length} caracteres",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Deve ter exatamente {length} caracteres",
   "common.error.invalid-number": "Tem que ser um número",
   "common.error.field-required": "Este campo é obrigatório"

frontend/src/i18n/translations/ru-RU.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Упс, этой страницы не существует.",
   "404.button.home": "Верните меня домой",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Ссылка",
   "common.text.navigate-to-link": "Go to the link",
   "common.text.or": "или",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Назад",
   "common.button.go-home": "Домой",
   "common.notify.copied": "Ваша ссылка скопирована в буфер обмена",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Недопустимый адрес электронной почты",
   "common.error.too-short": "Должно быть не менее {length} символов",
   "common.error.too-long": "Должно быть не больше {length} символов",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Должно быть ровно {length} символов",
   "common.error.invalid-number": "Должно быть числом",
   "common.error.field-required": "Поле обязательно для заполнения"

frontend/src/i18n/translations/sl-SI.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Če je dovoljena prijava z OpenID Connect",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect URI za odkrivanje",
   "admin.config.oauth.oidc-discovery-uri.description": "URI za odkrivanje OpenID Connect OAuth aplikacije",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect zahteva za uporabniško ime",
   "admin.config.oauth.oidc-username-claim.description": "Zahteva za uporabniško ime za OpenID Connect ID žetona. Pustite prazno, če ne poznate te nastavitve.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Ups! Ta stran ne obstaja.",
   "404.button.home": "Pelji me domov",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Poveži",
   "common.text.navigate-to-link": "Pojdi na povezavo",
   "common.text.or": "ali",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Nazaj",
   "common.button.go-home": "Pojdi domov",
   "common.notify.copied": "Povezava je bila kopirana v odložišče",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Neveljaven e-poštni naslov",
   "common.error.too-short": "Vsebovati mora vsaj {length} znakov",
   "common.error.too-long": "Vsebuje lahko največ {length} znakov",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Dolžina mora biti točno {length} znakov",
   "common.error.invalid-number": "Mora biti številka",
   "common.error.field-required": "To polje je obvezno"

frontend/src/i18n/translations/sr-SP.ts

@@ -34,7 +34,7 @@ export default {
   "signIn.notify.totp-required.title": "Потребна је двофакторска аутентификација",
   "signIn.notify.totp-required.description": "Унесите свој двофакторски код за аутентификацију",
   "signIn.oauth.or": "Или",
-  "signIn.oauth.signInWith": "Sign in with",
+  "signIn.oauth.signInWith": "Пријавите се са",
   "signIn.oauth.github": "GitHub",
   "signIn.oauth.google": "Google",
   "signIn.oauth.microsoft": "Microsoft",
@@ -58,7 +58,7 @@ export default {
   // /auth/reset-password
   "resetPassword.title": "Заборавили сте лозинку?",
   "resetPassword.description": "Унесите своју е-пошту да бисте ресетовали лозинку.",
-  "resetPassword.notify.success": "A message with a link to reset your password has been sent if the email exists.",
+  "resetPassword.notify.success": "Порука са везом за ресетовање ваше лозинке је послата ако имејл постоји.",
   "resetPassword.button.back": "Назад на страницу за пријаву",
   "resetPassword.text.resetPassword": "Обнови лозинку",
   "resetPassword.text.enterNewPassword": "Унесите вашу нову лозинку",
@@ -152,10 +152,10 @@ export default {
   "account.reverseShares.modal.max-size.label": "Максимална величина дељења",
   "account.reverseShares.modal.send-email": "Пошаљите обавештење путем е-поште",
   "account.reverseShares.modal.send-email.description": "Пошаљите обавештење е-поштом када се креира дељење помоћу ове обрнуте везе за дељење.",
-  "account.reverseShares.modal.simplified": "Simple mode",
-  "account.reverseShares.modal.simplified.description": "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
-  "account.reverseShares.modal.public-access": "Public access",
-  "account.reverseShares.modal.public-access.description": "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
+  "account.reverseShares.modal.simplified": "Једноставан режим",
+  "account.reverseShares.modal.simplified.description": "Олакшајте особи која отпрема датотеку да је подели са вама. Они ће моћи да прилагоде само име и опис дељења.",
+  "account.reverseShares.modal.public-access": "Јавни приступ",
+  "account.reverseShares.modal.public-access.description": "Учините креирана дељења са овим обрнутим дељењем јавном. Ако је онемогућено, само ви и креатор дељења можете да га видите.",
   "account.reverseShares.modal.max-use.label": "Максималан број коришћења",
   "account.reverseShares.modal.max-use.description": "Максималан број пута који овај URL може да се користи за прављење дељења.",
   "account.reverseShare.never-expires": "Ово обрнуто дељење никада неће истећи.",
@@ -174,7 +174,7 @@ export default {
   // /admin
   "admin.title": "Администрација",
   "admin.button.users": "Управљање корисницима",
-  "admin.button.shares": "Share management",
+  "admin.button.shares": "Управљање deljenjima",
   "admin.button.config": "Конфигурација",
   "admin.version": "Верзија",
   // END /admin
@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Опа - Ова страна не постоји.",
   "404.button.home": "Врати ме на почетак",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Линк",
   "common.text.navigate-to-link": "Go to the link",
   "common.text.or": "или",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Иди назад",
   "common.button.go-home": "Go home",
   "common.notify.copied": "Ваша веза је копирана у clipboard",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Неисправна адреса е-поште",
   "common.error.too-short": "Мора да има најмање {length} знакова",
   "common.error.too-long": "Мора да има највише {length} знакова",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Мора да има тачно {length} знакова",
   "common.error.invalid-number": "Мора бити број",
   "common.error.field-required": "Поље је обавезно"

frontend/src/i18n/translations/sv-SE.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Om OpenID-inloggning är aktiverat",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI för OpenID Connect OAuth appen",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect användarnamnsanspråk",
   "admin.config.oauth.oidc-username-claim.description": "Användarnamnsanspråk i OpenID Connect ID token. Lämna tomt om du inte vet vad denna konfiguration är.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Hoppsan den här sidan finns inte.",
   "404.button.home": "Ta mig tillbaka hem",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Länk",
   "common.text.navigate-to-link": "Gå till länken",
   "common.text.or": "eller",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Gå tillbaka",
   "common.button.go-home": "Gå hem",
   "common.notify.copied": "Din länk har kopierats till urklipp",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Ogiltig e-postadress",
   "common.error.too-short": "Måste minst vara {length} tecken långt",
   "common.error.too-long": "Får högst innehålla {length} tecken",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Måste vara exakt {length} tecken långt",
   "common.error.invalid-number": "Måste vara ett tal",
   "common.error.field-required": "Obligatoriskt fält"

frontend/src/i18n/translations/th-TH.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "ไม่พบหน้าที่คุณกำลังมองหา",
   "404.button.home": "หน้าแรก",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "ลิงค์",
   "common.text.navigate-to-link": "Go to the link",
   "common.text.or": "หรือ",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "ย้อนกลับ",
   "common.button.go-home": "Go home",
   "common.notify.copied": "คัดลอกไปยังคลิปบอร์ดแล้ว",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "ที่อยู่อีเมล์ไม่ถูกต้อง",
   "common.error.too-short": "ต้องมีอย่างน้อย {length} ตัวอักษร",
   "common.error.too-long": "ต้องมีไม่เกิน {length} ตัวอักษร",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "ต้องมีความยาว {length} ตัวอักษร",
   "common.error.invalid-number": "ต้องเป็นตัวเลข",
   "common.error.field-required": "ต้องกรอกข้อมูลนี้"

frontend/src/i18n/translations/tr-TR.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "OpenID girişine izin verilip verilmeyeceği",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Keşfetme URI'si",
   "admin.config.oauth.oidc-discovery-uri.description": "OpenID Connect OAuth uygulamasının Keşfetme URI'si",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect kullanıcı adı sahiplenme",
   "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID belirtecinde kullanıcı adı sahiplenme. Bu yapılandırmanın ne olduğunu bilmiyorsanız boş bırakın.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Haydaa, böyle bir sayfa yok.",
   "404.button.home": "Beni eve götür",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Bağlantı",
   "common.text.navigate-to-link": "Bağlantıya git",
   "common.text.or": "ya da",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Geri dön",
   "common.button.go-home": "Ana sayfaya dön",
   "common.notify.copied": "Bağlantınız kopyalandı",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Geçersiz E-Posta adresi",
   "common.error.too-short": "En azından {length} karakter olmalı",
   "common.error.too-long": "En fazla {length} karakter olmalı",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Tam tamına {length} karakter olmalı",
   "common.error.invalid-number": "Bir sayı olmalı",
   "common.error.field-required": "Bu alan gerekli"

frontend/src/i18n/translations/uk-UA.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Чи ввімкнено логін OpenID Connect",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "URI Discovery URI додатка OpenID Connect OAuth",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "Заява на ім'я користувача OpenID Connect",
   "admin.config.oauth.oidc-username-claim.description": "Заява про ім'я користувача в токені OpenID Connect ID. Залиште порожнім, якщо не знаєте, що це за конфіг.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Бляха, цієї строрінки не існує.",
   "404.button.home": "Поверни мене додому",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Посилання",
   "common.text.navigate-to-link": "Перейти до посилання",
   "common.text.or": "або",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Назад",
   "common.button.go-home": "Перейти додому",
   "common.notify.copied": "Ваше посилання скопійовано в буфер обміну",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Неприпустима адреса електронної пошти",
   "common.error.too-short": "Повинно бути не менше {length} символів",
   "common.error.too-long": "Повинно бути не більше {length} символів",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Повинно бути рівно {length} символів",
   "common.error.invalid-number": "Повинно бути числом",
   "common.error.field-required": "Поле обов'язкове для заповнення"

frontend/src/i18n/translations/vi-VN.ts

@@ -3,15 +3,15 @@ export default {
   "navbar.upload": "Tải lên",
   "navbar.signin": "Đăng nhập",
   "navbar.home": "Trang chủ",
-  "navbar.signup": "Đăng kí",
-  "navbar.links.shares": "My shares",
+  "navbar.signup": "Đăng ký",
+  "navbar.links.shares": "Chia sẻ của tôi",
   "navbar.links.reverse": "Reverse shares",
   "navbar.avatar.account": "Tài khoản",
-  "navbar.avatar.admin": "Administration",
+  "navbar.avatar.admin": "Quản trị viên",
   "navbar.avatar.signout": "Đăng xuất",
   // END navbar
   // /
-  "home.title": "A <h>self-hosted</h> file sharing platform.",
+  "home.title": "Một nền tảng <h>seft-hosted</h> chi sẻ tệp tin.",
   "home.description": "Do you really want to give your personal files in the hand of third parties like WeTransfer?",
   "home.bullet.a.name": "Self-Hosted",
   "home.bullet.a.description": "Host Pingvin Share on your own machine.",
@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "Oops this page doesn't exist.",
   "404.button.home": "Về trang chủ",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "Link",
   "common.text.navigate-to-link": "Go to the link",
   "common.text.or": "hoặc",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "Quay lại",
   "common.button.go-home": "Về trang chủ",
   "common.notify.copied": "Đã sao chép liên kết vào bộ nhớ",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Invalid email address",
   "common.error.too-short": "Must be at least {length} characters",
   "common.error.too-long": "Must be at most {length} characters",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "Bằng {length} kí tự",
   "common.error.invalid-number": "Phải là số",
   "common.error.field-required": "Trường bắt buộc"

frontend/src/i18n/translations/zh-CN.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "是否启用 OpenID Connect 登录",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect 的 Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "OpenID Connect OAuth App 的 Discovery URI",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect 用户名请求",
   "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID token 中的用户名请求。如果您不知道这项配置是什么，请留空。",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "将用于在 'User base'中搜索 LDAP 用户。%username% 可以作为用户输入的占位符。",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "当前的页面走丢啦",
   "404.button.home": "返回主页",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "链接",
   "common.text.navigate-to-link": "访问链接",
   "common.text.or": "或",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "返回",
   "common.button.go-home": "返回主页",
   "common.notify.copied": "已复制到剪贴板",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "邮件地址不可用",
   "common.error.too-short": "必须不少于 {length} 个字符",
   "common.error.too-long": "必须不超过 {length} 个字符",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "必须为 {length} 个字符",
   "common.error.invalid-number": "必须为数字",
   "common.error.field-required": "必填项"

frontend/src/i18n/translations/zh-TW.ts

@@ -392,6 +392,8 @@ export default {
   "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
   "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
   "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
+  "admin.config.oauth.oidc-sign-out.description": "Whether the “Sign out” button will sign out from the OpenID Connect provider",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
   "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
@@ -419,6 +421,10 @@ export default {
   "admin.config.ldap.search-query.description": "The user query will be used to search the 'User base' for the LDAP user. %username% can be used as the placeholder for the user given input.",
   "admin.config.ldap.admin-groups": "Admin group",
   "admin.config.ldap.admin-groups.description": "Group required for administrative access.",
+  "admin.config.ldap.field-name-member-of": "User groups attribute name",
+  "admin.config.ldap.field-name-member-of.description": "LDAP attribute name for the groups, an user is a member of. This is used when checking for the admin group.",
+  "admin.config.ldap.field-name-email": "User email attribute name",
+  "admin.config.ldap.field-name-email.description": "LDAP attribute name for the email of an user.",
   // 404
   "404.description": "查無此頁",
   "404.button.home": "返回主頁",
@@ -456,6 +462,7 @@ export default {
   "common.text.link": "聯結",
   "common.text.navigate-to-link": "Go to the link",
   "common.text.or": "或",
+  "common.text.redirecting": "Redirecting...",
   "common.button.go-back": "返回",
   "common.button.go-home": "Go home",
   "common.notify.copied": "已複製到剪貼簿",
@@ -465,6 +472,8 @@ export default {
   "common.error.invalid-email": "Email地址不可用",
   "common.error.too-short": "必須不少於 {length} 個字元",
   "common.error.too-long": "必須不超過 {length} 個字元",
+  "common.error.number-too-small": "Must be at least {min}",
+  "common.error.number-too-large": "Must be at most {max}",
   "common.error.exact-length": "必須為 {length} 個字元",
   "common.error.invalid-number": "必須為數字",
   "common.error.field-required": "必填"

frontend/src/middleware.ts

@@ -1,4 +1,4 @@
-import jwtDecode from "jwt-decode";
+import { jwtDecode } from "jwt-decode";
 import { NextRequest, NextResponse } from "next/server";
 import configService from "./services/config.service";
 

frontend/src/pages/account/index.tsx

@@ -1,4 +1,5 @@
 import {
+  Badge,
   Button,
   Center,
   Container,
@@ -14,7 +15,7 @@ import {
 import { useForm, yupResolver } from "@mantine/form";
 import { useModals } from "@mantine/modals";
 import { useEffect, useState } from "react";
-import { Tb2Fa } from "react-icons/tb";
+import { TbAuth2Fa } from "react-icons/tb";
 import { FormattedMessage } from "react-intl";
 import * as yup from "yup";
 import Meta from "../../components/Meta";
@@ -142,6 +143,9 @@ const Account = () => {
         <Paper withBorder p="xl">
           <Title order={5} mb="xs">
             <FormattedMessage id="account.card.info.title" />
+            {user?.isLdap ? (
+              <Badge style={{ marginLeft: "1em" }}>LDAP</Badge>
+            ) : null}
           </Title>
           <form
             onSubmit={accountForm.onSubmit((values) =>
@@ -162,13 +166,16 @@ const Account = () => {
               />
               <TextInput
                 label={t("account.card.info.email")}
+                disabled={user?.isLdap}
                 {...accountForm.getInputProps("email")}
               />
-              <Group position="right">
-                <Button type="submit">
-                  <FormattedMessage id="common.button.save" />
-                </Button>
-              </Group>
+              {!user?.isLdap && (
+                <Group position="right">
+                  <Button type="submit">
+                    <FormattedMessage id="common.button.save" />
+                  </Button>
+                </Group>
+              )}
             </Stack>
           </form>
         </Paper>
@@ -293,7 +300,7 @@ const Account = () => {
 
           <Tabs defaultValue="totp">
             <Tabs.List>
-              <Tabs.Tab value="totp" icon={<Tb2Fa size={14} />}>
+              <Tabs.Tab value="totp" icon={<TbAuth2Fa size={14} />}>
                 TOTP
               </Tabs.Tab>
             </Tabs.List>

frontend/src/pages/admin/config/[category].tsx

@@ -68,6 +68,8 @@ export default function AppShellDemo() {
         })
         .catch(toast.axiosError);
       void config.refresh();
+    } else {
+      toast.success("No changes to save");
     }
   };
 

frontend/src/services/auth.service.ts

@@ -29,8 +29,11 @@ const signUp = async (email: string, username: string, password: string) => {
 };
 
 const signOut = async () => {
-  await api.post("/auth/signOut");
-  window.location.reload();
+  const response = await api.post("/auth/signOut");
+
+  if (URL.canParse(response.data?.redirectURI))
+    window.location.href = response.data.redirectURI;
+  else window.location.reload();
 };
 
 const refreshAccessToken = async () => {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "pingvin-share",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "pingvin-share",
-      "version": "1.1.0",
+      "version": "1.2.1",
       "devDependencies": {
         "conventional-changelog-cli": "^3.0.0"
       }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "scripts": {
     "format": "cd frontend && npm run format && cd ../backend && npm run format",
     "lint": "cd frontend && npm run lint && cd ../backend && npm run lint",

reverse-proxy/Caddyfile

@@ -0,0 +1,7 @@
+:3000 {
+    # Reverse proxy for /api
+    reverse_proxy /api/* http://localhost:8080
+
+    # Reverse proxy for all other requests
+    reverse_proxy http://localhost:3333
+}

reverse-proxy/Caddyfile.trust-proxy

@@ -0,0 +1,14 @@
+:3000 {
+    reverse_proxy /* http://localhost:3333  {
+            trusted_proxies 0.0.0.0/0
+    }
+
+    reverse_proxy /api/* http://localhost:8080  {
+            trusted_proxies 0.0.0.0/0
+    }
+
+    log {
+        output file /var/log/caddy/access.log
+        level WARN
+    }
+}

scripts/docker-entrypoint.sh

@@ -4,10 +4,17 @@
 cp -rn /tmp/img/* /opt/app/frontend/public/img
 
 # Start Caddy
-caddy start --config /etc/caddy/Caddyfile &
+if [ "$TRUST_PROXY" = "true" ]; then
+  caddy start --config /etc/caddy/Caddyfile.trust-proxy &
+else
+  caddy start --config /etc/caddy/Caddyfile &
+fi
+
 # Run the frontend server
 PORT=3333 HOSTNAME=0.0.0.0 node frontend/server.js &
+
 # Run the backend server
 cd backend && npm run prod
+
 # Wait for all processes to finish
 wait -n