chore(scanner): skip profile_pics subtree during scans

fix(scanner): rebuild per-folder metadata to match File/Folder models
fix(scanner): resolve dirs via CLI/env/constants; write per-item JSON; skip trash
2025-10-04 03:35:39 -04:00 · 2025-10-04 03:15:55 -04:00 · 2025-10-04 03:00:15 -04:00 · 2025-10-04 02:25:16 -04:00 · 2025-10-04 01:55:02 -04:00 · 2025-10-04 01:13:45 -04:00
16 changed files with 739 additions and 161 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,16 +1,138 @@
 # Changelog

-## Changes 5/20/2025 1.3.6
+## Changes 10/4/2025 v1.3.13
+
+fix(scanner): resolve dirs via CLI/env/constants; write per-item JSON; skip trash
+fix(scanner): rebuild per-folder metadata to match File/Folder models
+chore(scanner): skip profile_pics subtree during scans
+
+- scan_uploads.php now falls back to UPLOAD_DIR/META_DIR from config.php
+- prevents double slashes in metadata paths; respects app timezone
+- unblocks SCAN_ON_START so externally added files are indexed at boot
+- Writes per-folder metadata files (root_metadata.json / folder_metadata.json) using the same naming rule as the models
+- Adds missing entries for files (uploaded, modified using DATE_TIME_FORMAT, uploader=Imported)
+- Prunes stale entries for files that no longer exist
+- Skips uploads/trash and symlinks
+- Resolves paths from CLI flags, env vars, or config constants (UPLOAD_DIR/META_DIR)
+- Idempotent; safe to run at startup via SCAN_ON_START
+- Avoids indexing internal avatar images (folder already hidden in UI)
+- Reduces scan noise and metadata churn; keeps firmware/other content indexed
+
+## Changes 10/4/2025 v1.3.12
+
+Fix: robust PUID/PGID handling; optional ownership normalization (closes #43)
+
+- Remap www-data to PUID/PGID when running as root; skip with helpful log if non-root
+- Added CHOWN_ON_START env to control recursive chown (default true; turn off after first run)
+- SCAN_ON_START unchanged, with non-root fallback
+
+## Changes 10/4/2025 v1.3.11
+
+Chore: keep BASE_URL fallback, prefer env SHARE_URL; fix HTTPS auto-detect
+
+- Remove no-op sed of SHARE_URL from start.sh (env already used)
+- Build default share link with correct scheme (http/https, proxy-aware)
+
+## Changes 10/4/2025 v1.3.10
+
+Fix: index externally added files on startup; harden start.sh (#46)
+
+- Run metadata scan before Apache when SCAN_ON_START=true (was unreachable after exec)
+- Execute scan as www-data; continue on failure so startup isn’t blocked
+- Guard env reads for set -u; add umask 002 for consistent 775/664
+- Make ServerName idempotent; avoid duplicate entries
+- Ensure sessions/metadata/log dirs exist with correct ownership and perms
+
+No behavior change unless SCAN_ON_START=true.
+
+## Changes 5/27/2025 v1.3.9
+
+- Support for mounting CIFS (SMB) network shares via Docker volumes
+- New `scripts/scan_uploads.php` script to generate metadata for imported files and folders
+- `SCAN_ON_START` environment variable to trigger automatic scanning on container startup
+- Documentation for configuring CIFS share mounting and scanning
+
+- Clipboard Paste Upload Support (single image):
+  - Users can now paste images directly into the FileRise web interface.
+  - Pasted images are renamed to `image<TIMESTAMP>.png` and added to the upload queue using the existing drag-and-drop logic.
+  - Implemented using a `.isClipboard` flag and a delayed UI cleanup inside `xhr.addEventListener("load", ...)`.
+
+---
+
+## Changes 5/26/2025
+
+- Updated `REGEX_FOLDER_NAME` in `config.php` to forbids < > : " | ? * characters in folder names.
+  - Ensures the whole name can’t end in a space or period.
+  - Blocks Windows device names.
+
+- Updated `FolderController.php` when `createFolder` issues invalid folder name to return `http_response_code(400);`
+
+---
+
+## Changes 5/23/2025 v1.3.8
+
+- **Folder-strip context menu**  
+  - Enabled right-click on items in the new folder strip (above file list) to open the same “Create / Rename / Share / Delete Folder” menu as in the main folder tree.  
+  - Bound `contextmenu` event on each `.folder-item` in `loadFileList` to:
+    - Prevent the default browser menu  
+    - Highlight the clicked folder-strip item  
+    - Invoke `showFolderManagerContextMenu` with menu entries:
+      - Create Folder  
+      - Rename Folder  
+      - Share Folder (passes the strip’s `data-folder` value)  
+      - Delete Folder  
+  - Ensured menu actions are wrapped in arrow functions (`() => …`) so they fire only on menu-item click, not on render.
+
+- Refactored folder-strip injection in `fileListView.js` to:
+  - Mark each strip item as `draggable="true"` (for drag-and-drop)  
+  - Add `el.addEventListener("contextmenu", …)` alongside existing click/drag handlers  
+  - Clean up global click listener for hiding the context menu
+
+- Prevented premature invocation of `openFolderShareModal` by switching to `action: () => openFolderShareModal(dest)` instead of calling it directly.
+
+- **Create File/Folder dropdown**  
+  - Replaced standalone “Create File” button with a combined dropdown button in the actions toolbar.  
+  - New markup
+  - Wired up JS handlers in `fileActions.js`:
+    - `#createFileOption` → `openCreateFileModal()`  
+    - `#createFolderOption` → `document.getElementById('createFolderModal').style.display = 'block'`  
+    - Toggled `.dropdown-menu` visibility on button click, and closed on outside click.  
+  - Applied dark-mode support: dropdown background and text colors switch with `.dark-mode` class.  
+
+---
+
+## Changes 5/22/2025 v1.3.7
+
+- `.folder-strip-container .folder-name` css added to center text below folder material icon.
+- Override file share_url to always use current origin
+- Update `fileList` css to keep file name wrapping tight.
+
+---
+
+## Changes 5/21/2025
+
+- **Drag & Drop to Folder Strip**  
+  - Enabled dragging files from the file list directly onto the folder-strip items.  
+  - Hooked up `folderDragOverHandler`, `folderDragLeaveHandler`, and `folderDropHandler` to `.folder-strip-container .folder-item`.  
+  - On drop, files are moved via `/api/file/moveFiles.php` and the file list is refreshed.
+
+- **Restore files from trash Toast Message**  
+  - Changed the restore handlers so that the toast always reports the actual file(s) restored (e.g. “Restored file: foo.txt”) instead of “No trash record found.”  
+  - Removed reliance on backend message payload and now generate the confirmation text client-side based on selected items.  
+
+---
+
+## Changes 5/20/2025 v1.3.6

 - **domUtils.js**
  - `updateFileActionButtons`
    - Hide selection buttons (`Delete Files`, `Copy Files`, `Move Files` & `Download ZIP`) until file is selected.
-    - Hides `Extract ZIP` until selecting zip files
+    - Hide `Extract ZIP` until selecting zip files
    - Hide `Create File` button when file list items are selected.

 ---

-## Changes 5/19/2025 1.3.5
+## Changes 5/19/2025 v1.3.5

 ### Added Folder strip & Create File

--- a/README.md
+++ b/README.md
@@ -52,38 +52,61 @@ Curious about the UI? **Check out the live demo:** <https://demo.filerise.net> (

 You can deploy FileRise either by running the **Docker container** (quickest way) or by a **manual installation** on a PHP web server. Both methods are outlined below.

-### 1. Running with Docker (Recommended)
+---

-If you have Docker installed, you can get FileRise up and running in minutes:
+### 1) Running with Docker (Recommended)

- **Pull the image from Docker Hub:**
+#### Pull the image

-``` bash
+```bash
 docker pull error311/filerise-docker:latest
 ```

- **Run a container:**
+#### Run a container

-``` bash
+```bash
 docker run -d \
+  --name filerise \
  -p 8080:80 \
  -e TIMEZONE="America/New_York" \
+  -e DATE_TIME_FORMAT="m/d/y  h:iA" \
  -e TOTAL_UPLOAD_SIZE="5G" \
  -e SECURE="false" \
+  -e PERSISTENT_TOKENS_KEY="please_change_this_@@" \
+  -e PUID="1000" \
+  -e PGID="1000" \
+  -e CHOWN_ON_START="true" \
+  -e SCAN_ON_START="true" \
+  -e SHARE_URL="" \
  -v ~/filerise/uploads:/var/www/uploads \
  -v ~/filerise/users:/var/www/users \
  -v ~/filerise/metadata:/var/www/metadata \
-  --name filerise \
  error311/filerise-docker:latest
-  ```
+```

-  This will start FileRise on port 8080. Visit `http://your-server-ip:8080` to access it. Environment variables shown above are optional – for instance, set `SECURE="true"` to enforce HTTPS (assuming you have SSL at proxy level) and adjust `TIMEZONE` as needed. The volume mounts ensure your files and user data persist outside the container.
+This starts FileRise on port **8080** → visit `http://your-server-ip:8080`.

- **Using Docker Compose:**
-Alternatively, use **docker-compose**. Save the snippet below as docker-compose.yml and run `docker-compose up -d`:
+**Notes**  

-``` yaml
-version: '3'
+- **Do not use** Docker `--user`. Use **PUID/PGID** to map on-disk ownership (e.g., `1000:1000`; on Unraid typically `99:100`).
+- `CHOWN_ON_START=true` is recommended on **first run** to normalize ownership of existing trees. Set to **false** later for faster restarts.
+- `SCAN_ON_START=true` runs a one-time index of files added outside the UI so their metadata appears.
+- `SHARE_URL` is optional; leave blank to auto-detect from the current host/scheme. You can set it to your site root (e.g., `https://files.example.com`) or directly to the full endpoint.
+- Set `SECURE="true"` if you serve via HTTPS at your proxy layer.
+
+**Verify ownership mapping (optional)**  
+
+```bash
+docker exec -it filerise id www-data
+# expect: uid=1000 gid=1000   (or 99/100 on Unraid)
+```
+
+#### Using Docker Compose
+
+Save as `docker-compose.yml`, then `docker-compose up -d`:
+
+```yaml
+version: "3"
 services:
  filerise:
    image: error311/filerise-docker:latest
@@ -91,59 +114,88 @@ services:
      - "8080:80"
    environment:
      TIMEZONE: "UTC"
+      DATE_TIME_FORMAT: "m/d/y  h:iA"
      TOTAL_UPLOAD_SIZE: "10G"
      SECURE: "false"
      PERSISTENT_TOKENS_KEY: "please_change_this_@@"
+      # Ownership & indexing
+      PUID: "1000"              # Unraid users often use 99
+      PGID: "1000"              # Unraid users often use 100
+      CHOWN_ON_START: "true"    # first run; set to "false" afterwards
+      SCAN_ON_START: "true"     # index files added outside the UI at boot
+      # Sharing URL (optional): leave blank to auto-detect from host/scheme
+      SHARE_URL: ""
    volumes:
      - ./uploads:/var/www/uploads
      - ./users:/var/www/users
      - ./metadata:/var/www/metadata
 ```

-FileRise will be accessible at `http://localhost:8080` (or your server’s IP). The above example also sets a custom `PERSISTENT_TOKENS_KEY` (used to encrypt “remember me” tokens) – be sure to change it to a random string for security.
+FileRise will be accessible at `http://localhost:8080` (or your server’s IP).  
+The example also sets a custom `PERSISTENT_TOKENS_KEY` (used to encrypt “Remember Me” tokens)—change it to a strong random string.

-**First-time Setup:** On first launch, FileRise will detect no users and prompt you to create an **Admin account**. Choose your admin username & password, and you’re in! You can then head to the **User Management** section to add additional users if needed.
+**First-time Setup**  
+On first launch, if no users exist, you’ll be prompted to create an **Admin account**. After logging in, use **User Management** to add more users.

-### 2. Manual Installation (PHP/Apache)
+---
+
+### 2) Manual Installation (PHP/Apache)

 If you prefer to run FileRise on a traditional web server (LAMP stack or similar):

- **Requirements:** PHP 8.3 or higher, Apache (with mod_php) or another web server configured for PHP. Ensure PHP extensions json, curl, and zip are enabled. No database needed.
- **Download Files:** Clone this repo or download the [latest release archive](https://github.com/error311/FileRise/releases).
+**Requirements**  

-``` bash
-git clone https://github.com/error311/FileRise.git  
+- PHP **8.3+**
+- Apache (mod_php) or another web server configured for PHP
+- PHP extensions: `json`, `curl`, `zip` (and typical defaults). No database required.
+
+**Download Files**  
+
+```bash
+git clone https://github.com/error311/FileRise.git
 ```

-Place the files into your web server’s directory (e.g., `/var/www/`). It can be in a subfolder (just adjust the `BASE_URL` in config as below).
+Place the files in your web root (e.g., `/var/www/`). Subfolder installs are fine.

- **Composer Dependencies:** Install Composer and run `composer install` in the FileRise directory. (This pulls in a couple of PHP libraries like jumbojett/openid-connect for OAuth support.)
+**Composer (if applicable)**
+If you use optional features requiring Composer libraries, run:

- **Folder Permissions:** Ensure the server can write to the following directories (create them if they don’t exist):
+```bash
+composer install
+```

-``` bash
+**Folders & Permissions**  
+
+```bash
 mkdir -p uploads users metadata
-chown -R www-data:www-data uploads users metadata   # www-data is Apache user; use appropriate user
+chown -R www-data:www-data uploads users metadata   # use your web user
 chmod -R 775 uploads users metadata
 ```

-The uploads/ folder is where files go, users/ stores the user credentials file, and metadata/ holds metadata like tags and share links.
+- `uploads/`: actual files  
+- `users/`: credentials & token storage  
+- `metadata/`: file metadata (tags, share links, etc.)

- **Configuration:** Open the `config.php` file in a text editor. You may want to adjust:
+**Configuration**  

-  - `BASE_URL` – the URL where you will access FileRise (e.g., `“https://files.mydomain.com/”`). This is used for generating share links.
-  
-  - `TIMEZONE` and `DATE_TIME_FORMAT` – match your locale (for correct timestamps).
-  
-  - `TOTAL_UPLOAD_SIZE` – max aggregate upload size (default 5G). Also adjust PHP’s `upload_max_filesize` and `post_max_size` to at least this value (the Docker start script auto-adjusts PHP limits).
-  
-  - `PERSISTENT_TOKENS_KEY` – set a unique secret if you use “Remember Me” logins, to encrypt the tokens.
-  
-  - Other settings like `UPLOAD_DIR`, `USERS_FILE` etc. generally don’t need changes unless you move those folders. Defaults are set for the directories mentioned above.
+Open `config.php` and consider:

- **Web Server Config:** If using Apache, ensure `.htaccess` files are allowed or manually add the rules from `.htaccess` to your Apache config – these disable directory listings and prevent access to certain files. For Nginx or others, you’ll need to replicate those protections (see Wiki: [Nginx Setup for examples](https://github.com/error311/FileRise/wiki/Nginx-Setup)). Also enable mod_rewrite if not already, as FileRise may use pretty URLs for share links.
+- `TIMEZONE`, `DATE_TIME_FORMAT` for your locale.
+- `TOTAL_UPLOAD_SIZE` (also ensure your PHP `upload_max_filesize` & `post_max_size` meet/exceed this).
+- `PERSISTENT_TOKENS_KEY` set to a unique secret if using “Remember Me”.

-Now navigate to the FileRise URL in your browser. On first load, you’ll be prompted to create the Admin user (same as Docker setup). After that, the application is ready to use!
+**Share links base URL**  
+
+- You can set **`SHARE_URL`** via your web server environment variables (preferred),  
+  **or** keep using `BASE_URL` in `config.php` as a fallback for manual installs.
+- If neither is set, FileRise auto-detects from the current host/scheme.
+
+**Web Server Config**  
+
+- Apache: allow `.htaccess` or merge its rules; ensure `mod_rewrite` is enabled.
+- Nginx/other: replicate the basic protections (no directory listing, deny sensitive files). See Wiki for examples.
+
+Now browse to your FileRise URL; you’ll be prompted to create the Admin user on first load.

 ---

--- a/config/config.php
+++ b/config/config.php
@@ -28,7 +28,7 @@ define('TRASH_DIR',     UPLOAD_DIR . 'trash/');
 define('TIMEZONE',      'America/New_York');
 define('DATE_TIME_FORMAT','m/d/y  h:iA');
 define('TOTAL_UPLOAD_SIZE','5G');
-define('REGEX_FOLDER_NAME', '/^[\p{L}\p{N}_\-\s\/\\\\]+$/u');
+define('REGEX_FOLDER_NAME','/^(?!^(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])$)(?!.*[. ]$)(?:[^<>:"\/\\\\|?*\x00-\x1F]{1,255})(?:[\/\\\\][^<>:"\/\\\\|?*\x00-\x1F]{1,255})*$/xu');
 define('PATTERN_FOLDER_NAME','[\p{L}\p{N}_\-\s\/\\\\]+');
 define('REGEX_FILE_NAME', '/^[^\x00-\x1F\/\\\\]{1,255}$/u');
 define('REGEX_USER',       '/^[\p{L}\p{N}_\- ]+$/u');
@@ -196,13 +196,21 @@ if (AUTH_BYPASS) {
        $_SESSION['disableUpload'] = $perms['disableUpload'] ?? false;
    }
 }
-// Share URL fallback
+
+// Share URL fallback (keep BASE_URL behavior)
 define('BASE_URL', 'http://yourwebsite/uploads/');
+
+// Detect scheme correctly (works behind proxies too)
+$proto = $_SERVER['HTTP_X_FORWARDED_PROTO'] ?? (
+           (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'
+         );
+$host  = $_SERVER['HTTP_HOST'] ?? 'localhost';
+
 if (strpos(BASE_URL, 'yourwebsite') !== false) {
-    $defaultShare = isset($_SERVER['HTTP_HOST'])
-        ? "http://{$_SERVER['HTTP_HOST']}/api/file/share.php"
-        : "http://localhost/api/file/share.php";
+    $defaultShare = "{$proto}://{$host}/api/file/share.php";
 } else {
    $defaultShare = rtrim(BASE_URL, '/') . "/api/file/share.php";
 }
+
+// Final: env var wins, else fallback
 define('SHARE_URL', getenv('SHARE_URL') ?: $defaultShare);
--- a/public/css/styles.css
+++ b/public/css/styles.css
@@ -848,11 +848,27 @@ body:not(.dark-mode) .material-icons.pauseResumeBtn:hover {
  background-color: #00796B;
 }

-#createFileBtn {
+#createBtn {
  background-color: #007bff;
  color: white;
 }

+body.dark-mode .dropdown-menu {
+  background-color: #2c2c2c !important;
+  border-color:   #444    !important;
+  color:          #e0e0e0!important;
+}
+body.dark-mode .dropdown-menu .dropdown-item {
+  color: #e0e0e0 !important;
+}
+
+.dropdown-item:hover {
+  background-color: rgba(0,0,0,0.05);
+}
+body.dark-mode .dropdown-item:hover {
+  background-color: rgba(255,255,255,0.1);
+}
+
 #fileList button.edit-btn {
  background-color: #007bff;
  color: white;
@@ -971,16 +987,15 @@ body.dark-mode #fileList table tr {
 }

 :root {
-  --file-row-height: 48px; /* default, will be overwritten by your slider */
+  --file-row-height: 48px;
 }

-/* Force each <tr> to be exactly the var() height */
 #fileList table.table tbody tr {
-  height: var(--file-row-height) !important;
+  height: auto !important;
+  min-height: var(--file-row-height) !important;
 }

-/* And force each <td> to match, with no extra padding or line-height */
-#fileList table.table tbody td {
+#fileList table.table tbody td:not(.file-name-cell) {
  height: var(--file-row-height) !important;
  line-height: var(--file-row-height) !important;
  padding-top: 0 !important;
@@ -988,6 +1003,13 @@ body.dark-mode #fileList table tr {
  vertical-align: middle;
 }

+#fileList table.table tbody td.file-name-cell {
+  white-space: normal;
+  word-break: break-word;
+  line-height: 1.2em !important;
+  height: auto !important;
+}
+
 /* ===========================================================
   HEADINGS & FORM LABELS
   =========================================================== */
@@ -2261,13 +2283,20 @@ body.dark-mode .user-dropdown .user-menu .item:hover {
  align-items: center;
  cursor: pointer;
  width: 80px;
-  color: inherit; /* icon will pick up text color */
+  color: inherit;
  font-size: 0.85em;
 }
 .folder-strip-container .folder-item i.material-icons {
  font-size: 28px;
  margin-bottom: 4px;
 }
+.folder-strip-container .folder-name {
+  text-align: center;
+  white-space: normal;
+  word-break: break-word;
+  max-width: 80px;
+  margin-top: 4px;
+}

 .folder-strip-container .folder-item i.material-icons {
  color: currentColor;
--- a/public/index.html
+++ b/public/index.html
@@ -391,9 +391,36 @@
              data-i18n-key="download_zip">Download ZIP</button>
            <button id="extractZipBtn" class="btn action-btn btn-sm btn-info" data-i18n-title="extract_zip"
              data-i18n-key="extract_zip_button">Extract Zip</button>
-            <button id="createFileBtn" class="btn action-btn" data-i18n-key="create_file">
-              ${t('create_file')}
-            </button>
+              <div id="createDropdown" class="dropdown-container" style="position:relative; display:inline-block;">
+                <button id="createBtn"  class="btn action-btn" data-i18n-key="create">
+                  ${t('create')} <span class="material-icons" style="font-size:16px;vertical-align:middle;">arrow_drop_down</span>
+                </button>
+                <ul
+                  id="createMenu"
+                  class="dropdown-menu"
+                  style="
+                    display: none;
+                    position: absolute;
+                    top: 100%;
+                    left: 0;
+                    margin: 4px 0 0;
+                    padding: 0;
+                    list-style: none;
+                    background: #fff;
+                    border: 1px solid #ccc;
+                    box-shadow: 0 2px 6px rgba(0,0,0,0.2);
+                    z-index: 1000;
+                    min-width: 140px;
+                  "
+                >
+                  <li id="createFileOption" class="dropdown-item" data-i18n-key="create_file" style="padding:8px 12px; cursor:pointer;">
+                    ${t('create_file')}
+                  </li>
+                  <li id="createFolderOption" class="dropdown-item" data-i18n-key="create_folder" style="padding:8px 12px; cursor:pointer;">
+                    ${t('create_folder')}
+                  </li>
+                </ul>
+              </div>
            <!-- Create File Modal -->
            <div id="createFileModal" class="modal" style="display:none;">
              <div class="modal-content">
--- a/public/js/adminPanel.js
+++ b/public/js/adminPanel.js
@@ -3,7 +3,7 @@ import { loadAdminConfigFunc } from './auth.js';
 import { showToast, toggleVisibility, attachEnterKeyListener } from './domUtils.js';
 import { sendRequest } from './networkUtils.js';

-const version = "v1.3.6";
+const version = "v1.3.13";
 const adminTitle = `${t("admin_panel")} <small style="font-size:12px;color:gray;">${version}</small>`;

 // ————— Inject updated styles —————
--- a/public/js/domUtils.js
+++ b/public/js/domUtils.js
@@ -39,7 +39,7 @@ export function updateFileActionButtons() {
  const moveBtn = document.getElementById("moveSelectedBtn");
  const zipBtn = document.getElementById("downloadZipBtn");
  const extractZipBtn = document.getElementById("extractZipBtn");
-  const createBtn = document.getElementById("createFileBtn");
+  const createBtn = document.getElementById("createBtn");

  const anyFiles = fileCheckboxes.length > 0;
  const anySelected = selectedCheckboxes.length > 0;
--- a/public/js/fileActions.js
+++ b/public/js/fileActions.js
@@ -688,4 +688,35 @@ document.addEventListener("DOMContentLoaded", () => {
  attachEnterKeyListener("downloadFileModal", "confirmSingleDownloadButton");
 });

+document.addEventListener('DOMContentLoaded', () => {
+  const btn      = document.getElementById('createBtn');
+  const menu     = document.getElementById('createMenu');
+  const fileOpt  = document.getElementById('createFileOption');
+  const folderOpt= document.getElementById('createFolderOption');
+
+  // Toggle dropdown on click
+  btn.addEventListener('click', (e) => {
+    e.stopPropagation();
+    menu.style.display = menu.style.display === 'block' ? 'none' : 'block';
+  });
+
+  // Create File
+  fileOpt.addEventListener('click', () => {
+    menu.style.display = 'none';
+    openCreateFileModal();  // your existing function
+  });
+
+  // Create Folder
+  folderOpt.addEventListener('click', () => {
+    menu.style.display = 'none';
+    document.getElementById('createFolderModal').style.display = 'block';
+    document.getElementById('newFolderName').focus();
+  });
+
+  // Close if you click anywhere else
+  document.addEventListener('click', () => {
+    menu.style.display = 'none';
+  });
+});
+
 window.renameFile = renameFile;
--- a/public/js/fileListView.js
+++ b/public/js/fileListView.js
@@ -16,7 +16,21 @@ import { t } from './i18n.js';
 import { bindFileListContextMenu } from './fileMenu.js';
 import { openDownloadModal } from './fileActions.js';
 import { openTagModal, openMultiTagModal } from './fileTags.js';
-import { getParentFolder, updateBreadcrumbTitle, setupBreadcrumbDelegation } from './folderManager.js';
+import {
+    getParentFolder,
+    updateBreadcrumbTitle,
+    setupBreadcrumbDelegation,
+    showFolderManagerContextMenu,
+    hideFolderManagerContextMenu,
+    openRenameFolderModal,
+    openDeleteFolderModal
+} from './folderManager.js';
+import { openFolderShareModal } from './folderShareModal.js';
+import {
+    folderDragOverHandler,
+    folderDragLeaveHandler,
+    folderDropHandler
+} from './fileDragDrop.js';

 export let fileData = [];
 export let sortOrder = { column: "uploaded", ascending: true };
@@ -190,7 +204,7 @@ window.updateRowHighlight = updateRowHighlight;
 export async function loadFileList(folderParam) {
    const folder = folderParam || "root";
    const fileListContainer = document.getElementById("fileList");
-    const actionsContainer   = document.getElementById("fileListActions");
+    const actionsContainer = document.getElementById("fileListActions");

    // 1) show loader
    fileListContainer.style.visibility = "hidden";
@@ -207,15 +221,15 @@ export async function loadFileList(folderParam) {
            window.location.href = "/api/auth/logout.php";
            throw new Error("Unauthorized");
        }
-        const data      = await filesRes.json();
+        const data = await filesRes.json();
        const folderRaw = await foldersRes.json();

        // --- build ONLY the *direct* children of current folder ---
        let subfolders = [];
-        const hidden = new Set([ "profile_pics", "trash" ]);
+        const hidden = new Set(["profile_pics", "trash"]);
        if (Array.isArray(folderRaw)) {
            const allPaths = folderRaw.map(item => item.folder ?? item);
-            const depth    = folder === "root" ? 1 : folder.split("/").length + 1;
+            const depth = folder === "root" ? 1 : folder.split("/").length + 1;
            subfolders = allPaths
                .filter(p => {
                    if (folder === "root") {
@@ -235,17 +249,40 @@ export async function loadFileList(folderParam) {
        if (!data.files || Object.keys(data.files).length === 0) {
            fileListContainer.textContent = t("no_files_found");

-            // hide summary
+            // hide summary + slider
            const summaryElem = document.getElementById("fileSummary");
            if (summaryElem) summaryElem.style.display = "none";
-
-            // hide slider
            const sliderContainer = document.getElementById("viewSliderContainer");
            if (sliderContainer) sliderContainer.style.display = "none";

-            // hide folder strip
-            const strip = document.getElementById("folderStripContainer");
-            if (strip) strip.style.display = "none";
+            // show/hide folder strip *even when there are no files*
+            let strip = document.getElementById("folderStripContainer");
+            if (!strip) {
+                strip = document.createElement("div");
+                strip.id = "folderStripContainer";
+                strip.className = "folder-strip-container";
+                actionsContainer.parentNode.insertBefore(strip, fileListContainer);
+            }
+            if (window.showFoldersInList && subfolders.length) {
+                strip.innerHTML = subfolders.map(sf => `
+        <div class="folder-item" data-folder="${sf.full}">
+          <i class="material-icons">folder</i>
+          <div class="folder-name">${escapeHTML(sf.name)}</div>
+        </div>
+      `).join("");
+                strip.style.display = "flex";
+                strip.querySelectorAll(".folder-item").forEach(el => {
+                    el.addEventListener("click", () => {
+                        const dest = el.dataset.folder;
+                        window.currentFolder = dest;
+                        localStorage.setItem("lastOpenedFolder", dest);
+                        updateBreadcrumbTitle(dest);
+                        loadFileList(dest);
+                    });
+                });
+            } else {
+                strip.style.display = "none";
+            }

            updateFileActionButtons();
            return [];
@@ -261,7 +298,7 @@ export async function loadFileList(folderParam) {
        data.files = data.files.map(f => {
            f.fullName = (f.path || f.name).trim().toLowerCase();
            f.editable = canEditFile(f.name);
-            f.folder   = folder;
+            f.folder = folder;
            return f;
        });
        fileData = data.files;
@@ -294,13 +331,13 @@ export async function loadFileList(folderParam) {
            if (viewMode === "gallery") {
                const w = window.innerWidth;
                let maxCols;
-                if   (w < 600)   maxCols = 1;
-                else if (w < 900)  maxCols = 2;
+                if (w < 600) maxCols = 1;
+                else if (w < 900) maxCols = 2;
                else if (w < 1200) maxCols = 4;
-                else               maxCols = 6;
+                else maxCols = 6;

                const currentCols = Math.min(
-                    parseInt(localStorage.getItem("galleryColumns")||"3",10),
+                    parseInt(localStorage.getItem("galleryColumns") || "3", 10),
                    maxCols
                );

@@ -319,7 +356,7 @@ export async function loadFileList(folderParam) {
              <span id="galleryColumnsValue" style="margin-left:6px;line-height:1;">${currentCols}</span>
            `;
                const gallerySlider = document.getElementById("galleryColumnsSlider");
-                const galleryValue  = document.getElementById("galleryColumnsValue");
+                const galleryValue = document.getElementById("galleryColumnsValue");
                gallerySlider.oninput = e => {
                    const v = +e.target.value;
                    localStorage.setItem("galleryColumns", v);
@@ -328,16 +365,16 @@ export async function loadFileList(folderParam) {
                        ?.style.setProperty("grid-template-columns", `repeat(${v},1fr)`);
                };
            } else {
-                const currentHeight = parseInt(localStorage.getItem("rowHeight")||"48",10);
+                const currentHeight = parseInt(localStorage.getItem("rowHeight") || "48", 10);
                sliderContainer.innerHTML = `
              <label for="rowHeightSlider" style="margin-right:8px;line-height:1;">
                ${t("row_height")}:
              </label>
-              <input type="range" id="rowHeightSlider" min="31" max="60" value="${currentHeight}" style="vertical-align:middle;">
+              <input type="range" id="rowHeightSlider" min="30" max="60" value="${currentHeight}" style="vertical-align:middle;">
              <span id="rowHeightValue" style="margin-left:6px;line-height:1;">${currentHeight}px</span>
            `;
                const rowSlider = document.getElementById("rowHeightSlider");
-                const rowValue  = document.getElementById("rowHeightValue");
+                const rowValue = document.getElementById("rowHeightValue");
                rowSlider.oninput = e => {
                    const v = e.target.value;
                    document.documentElement.style.setProperty("--file-row-height", v + "px");
@@ -355,29 +392,73 @@ export async function loadFileList(folderParam) {
            strip.className = "folder-strip-container";
            actionsContainer.parentNode.insertBefore(strip, actionsContainer);
        }
+
        if (window.showFoldersInList && subfolders.length) {
            strip.innerHTML = subfolders.map(sf => `
-                <div class="folder-item" data-folder="${sf.full}">
-                  <i class="material-icons">folder</i>
-                  <div class="folder-name">${escapeHTML(sf.name)}</div>
-                </div>
-            `).join("");
+    <div class="folder-item" data-folder="${sf.full}" draggable="true">
+      <i class="material-icons">folder</i>
+      <div class="folder-name">${escapeHTML(sf.name)}</div>
+    </div>
+  `).join("");
            strip.style.display = "flex";
+
+            // wire up each folder‐tile
            strip.querySelectorAll(".folder-item").forEach(el => {
+                // 1) click to navigate
                el.addEventListener("click", () => {
                    const dest = el.dataset.folder;
                    window.currentFolder = dest;
                    localStorage.setItem("lastOpenedFolder", dest);
-                    // sync breadcrumb & tree
                    updateBreadcrumbTitle(dest);
-                    document.querySelectorAll(".folder-option.selected")
-                        .forEach(o => o.classList.remove("selected"));
-                    document.querySelector(`.folder-option[data-folder="${dest}"]`)
-                        ?.classList.add("selected");
-                    // reload
+                    document.querySelectorAll(".folder-option.selected").forEach(o => o.classList.remove("selected"));
+                    document.querySelector(`.folder-option[data-folder="${dest}"]`)?.classList.add("selected");
                    loadFileList(dest);
                });
+
+                // 2) drag & drop
+                el.addEventListener("dragover", folderDragOverHandler);
+                el.addEventListener("dragleave", folderDragLeaveHandler);
+                el.addEventListener("drop", folderDropHandler);
+
+                // 3) right-click context menu
+                el.addEventListener("contextmenu", e => {
+                    e.preventDefault();
+                    e.stopPropagation();
+
+                    const dest = el.dataset.folder;
+                    window.currentFolder = dest;
+                    localStorage.setItem("lastOpenedFolder", dest);
+
+                    // highlight the strip tile
+                    strip.querySelectorAll(".folder-item.selected").forEach(i => i.classList.remove("selected"));
+                    el.classList.add("selected");
+
+                    // reuse folderManager menu
+                    const menuItems = [
+                        {
+                            label: t("create_folder"),
+                            action: () => document.getElementById("createFolderModal").style.display = "block"
+                        },
+                        {
+                            label: t("rename_folder"),
+                            action: () => openRenameFolderModal()
+                        },
+                        {
+                            label: t("folder_share"),
+                            action: () => openFolderShareModal(dest)
+                        },
+                        {
+                            label: t("delete_folder"),
+                            action: () => openDeleteFolderModal()
+                        }
+                    ];
+                    showFolderManagerContextMenu(e.pageX, e.pageY, menuItems);
+                });
            });
+
+            // one global click to hide any open context menu
+            document.addEventListener("click", hideFolderManagerContextMenu);
+
        } else {
            strip.style.display = "none";
        }
--- a/public/js/folderManager.js
+++ b/public/js/folderManager.js
@@ -551,7 +551,7 @@ export function loadFolderList(selectedFolder) {
 document.getElementById("renameFolderBtn").addEventListener("click", openRenameFolderModal);
 document.getElementById("deleteFolderBtn").addEventListener("click", openDeleteFolderModal);

-function openRenameFolderModal() {
+export function openRenameFolderModal() {
  const selectedFolder = window.currentFolder || "root";
  if (!selectedFolder || selectedFolder === "root") {
    showToast("Please select a valid folder to rename.");
@@ -614,7 +614,7 @@ document.getElementById("submitRenameFolder").addEventListener("click", function
    });
 });

-function openDeleteFolderModal() {
+export function openDeleteFolderModal() {
  const selectedFolder = window.currentFolder || "root";
  if (!selectedFolder || selectedFolder === "root") {
    showToast("Please select a valid folder to delete.");
@@ -718,7 +718,7 @@ document.getElementById("submitCreateFolder").addEventListener("click", async ()
 });

 // ---------- CONTEXT MENU SUPPORT FOR FOLDER MANAGER ----------
-function showFolderManagerContextMenu(x, y, menuItems) {
+export function showFolderManagerContextMenu(x, y, menuItems) {
  let menu = document.getElementById("folderManagerContextMenu");
  if (!menu) {
    menu = document.createElement("div");
@@ -765,7 +765,7 @@ function showFolderManagerContextMenu(x, y, menuItems) {
  menu.style.display = "block";
 }

-function hideFolderManagerContextMenu() {
+export function hideFolderManagerContextMenu() {
  const menu = document.getElementById("folderManagerContextMenu");
  if (menu) {
    menu.style.display = "none";
@@ -796,7 +796,7 @@ function folderManagerContextMenuHandler(e) {
    },
    {
      label: t("folder_share"),
-      action: () => { openFolderShareModal(); }
+      action: () => { openFolderShareModal(folder); }
    },
    {
      label: t("delete_folder"),
--- a/public/js/main.js
+++ b/public/js/main.js
@@ -64,35 +64,26 @@ export function initializeApp() {
 }

 export function loadCsrfToken() {
-  return fetchWithCsrf('/api/auth/token.php', {
-    method: 'GET'
-  })
+  return fetchWithCsrf('/api/auth/token.php', { method: 'GET' })
    .then(res => {
-      if (!res.ok) {
-        throw new Error(`Token fetch failed with status ${res.status}`);
-      }
+      if (!res.ok) throw new Error(`Token fetch failed with status ${res.status}`);
      return res.json();
    })
    .then(({ csrf_token, share_url }) => {
-      // Update global and <meta>
      window.csrfToken = csrf_token;
-      let meta = document.querySelector('meta[name="csrf-token"]');
-      if (!meta) {
-        meta = document.createElement('meta');
-        meta.name = 'csrf-token';
-        document.head.appendChild(meta);
-      }
+
+      // update CSRF meta
+      let meta = document.querySelector('meta[name="csrf-token"]') ||
+        Object.assign(document.head.appendChild(document.createElement('meta')), { name: 'csrf-token' });
      meta.content = csrf_token;

-      let shareMeta = document.querySelector('meta[name="share-url"]');
-      if (!shareMeta) {
-        shareMeta = document.createElement('meta');
-        shareMeta.name = 'share-url';
-        document.head.appendChild(shareMeta);
-      }
-      shareMeta.content = share_url;
+      // force share_url to match wherever we're browsing
+      const actualShare = window.location.origin;
+      let shareMeta = document.querySelector('meta[name="share-url"]') ||
+        Object.assign(document.head.appendChild(document.createElement('meta')), { name: 'share-url' });
+      shareMeta.content = actualShare;

-      return { csrf_token, share_url };
+      return { csrf_token, share_url: actualShare };
    });
 }

--- a/public/js/trashRestoreDelete.js
+++ b/public/js/trashRestoreDelete.js
@@ -79,15 +79,16 @@ export function setupTrashRestoreDelete() {
                body: JSON.stringify({ files })
            })
                .then(response => response.json())
-                .then(data => {
-                    if (data.success) {
-                        showToast(data.success);
-                        toggleVisibility("restoreFilesModal", false);
-                        loadFileList(window.currentFolder);
-                        loadFolderTree(window.currentFolder);
+                .then(() => {
+                    // Always report what we actually restored
+                    if (files.length === 1) {
+                        showToast(`Restored file: ${files[0]}`);
                    } else {
-                        showToast(data.error);
+                        showToast(`Restored files: ${files.join(", ")}`);
                    }
+                    toggleVisibility("restoreFilesModal", false);
+                    loadFileList(window.currentFolder);
+                    loadFolderTree(window.currentFolder);
                })
                .catch(err => {
                    console.error("Error restoring files:", err);
@@ -119,16 +120,15 @@ export function setupTrashRestoreDelete() {
                body: JSON.stringify({ files })
            })
                .then(response => response.json())
-                .then(data => {
-                    if (data.success) {
-                        showToast(data.success);
-                        toggleVisibility("restoreFilesModal", false);
-                        loadFileList(window.currentFolder);
-                        loadFolderTree(window.currentFolder);
-
+                .then(() => {
+                    if (files.length === 1) {
+                        showToast(`Restored file: ${files[0]}`);
                    } else {
-                        showToast(data.error);
+                        showToast(`Restored files: ${files.join(", ")}`);
                    }
+                    toggleVisibility("restoreFilesModal", false);
+                    loadFileList(window.currentFolder);
+                    loadFolderTree(window.currentFolder);
                })
                .catch(err => {
                    console.error("Error restoring files:", err);
--- a/public/js/upload.js
+++ b/public/js/upload.js
@@ -669,6 +669,18 @@ function submitFiles(allFiles) {
        }
        allSucceeded = false;
      }
+      if (file.isClipboard) {
+        setTimeout(() => {
+          window.selectedFiles = [];
+          updateFileInfoCount();
+          const progressContainer = document.getElementById("uploadProgressContainer");
+          if (progressContainer) progressContainer.innerHTML = "";
+          const fileInfoContainer = document.getElementById("fileInfoContainer");
+          if (fileInfoContainer) {
+            fileInfoContainer.innerHTML = `<span id="fileInfoDefault">No files selected</span>`;
+          }
+        }, 5000);
+      }
    
      // ─── Only now count this chunk as finished ───────────────────
      finishedCount++;
@@ -847,4 +859,39 @@ function initUpload() {
  }
 }

-export { initUpload };
+export { initUpload };
+
+// -------------------------
+// Clipboard Paste Handler (Mimics Drag-and-Drop)
+// -------------------------
+document.addEventListener('paste', function handlePasteUpload(e) {
+  const items = e.clipboardData?.items;
+  if (!items) return;
+
+  const files = [];
+
+  for (let i = 0; i < items.length; i++) {
+    const item = items[i];
+    if (item.kind === 'file') {
+      const file = item.getAsFile();
+      if (file) {
+        const ext = file.name.split('.').pop() || 'png';
+        const renamedFile = new File([file], `image${Date.now()}.${ext}`, { type: file.type });
+        renamedFile.isClipboard = true;
+
+        Object.defineProperty(renamedFile, 'customRelativePath', {
+          value: renamedFile.name,
+          writable: true,
+          configurable: true
+        });
+
+        files.push(renamedFile);
+      }
+    }
+  }
+
+  if (files.length > 0) {
+    processFiles(files);
+    showToast('Pasted file added to upload list.', 'success');
+  }
+});
--- a/scripts/scan_uploads.php
+++ b/scripts/scan_uploads.php
@@ -0,0 +1,143 @@
+<?php
+/**
+ * scan_uploads.php
+ * Rebuild/repair per-folder metadata used by FileRise models.
+ * - Uses UPLOAD_DIR / META_DIR / DATE_TIME_FORMAT from config.php
+ * - Per-folder metadata naming matches FileModel/FolderModel:
+ *     "root" -> root_metadata.json
+ *     "<sub/dir>" -> str_replace(['/', '\\', ' '], '-', '<sub/dir>') . '_metadata.json'
+ */
+
+require_once __DIR__ . '/../config/config.php';
+
+// ---------- helpers that mirror model behavior ----------
+
+/** Compute the metadata JSON path for a folder key (e.g., "root", "invoices/2025"). */
+function folder_metadata_path(string $folderKey): string {
+    if (strtolower(trim($folderKey)) === 'root' || trim($folderKey) === '') {
+        return rtrim(META_DIR, '/\\') . '/root_metadata.json';
+    }
+    $safe = str_replace(['/', '\\', ' '], '-', trim($folderKey));
+    return rtrim(META_DIR, '/\\') . '/' . $safe . '_metadata.json';
+}
+
+/** Turn an absolute path under UPLOAD_DIR into a folder key (“root” or relative with slashes). */
+function to_folder_key(string $absPath): string {
+    $base = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR;
+    if (realpath($absPath) === realpath(rtrim(UPLOAD_DIR, '/\\'))) {
+        return 'root';
+    }
+    $rel = ltrim(str_replace('\\', '/', substr($absPath, strlen($base))), '/');
+    return $rel;
+}
+
+/** List immediate files in a directory (no subdirs). */
+function list_files(string $dir): array {
+    $out = [];
+    $entries = @scandir($dir);
+    if ($entries === false) return $out;
+    foreach ($entries as $name) {
+        if ($name === '.' || $name === '..') continue;
+        $p = $dir . DIRECTORY_SEPARATOR . $name;
+        if (is_file($p)) $out[] = $name;
+    }
+    sort($out, SORT_NATURAL | SORT_FLAG_CASE);
+    return $out;
+}
+
+/** Recursively list subfolders (relative folder keys), skipping trash/. */
+function list_all_folders(string $root): array {
+    $root = rtrim($root, '/\\');
+    $folders = ['root'];
+    $it = new RecursiveIteratorIterator(
+        new RecursiveDirectoryIterator($root, FilesystemIterator::SKIP_DOTS),
+        RecursiveIteratorIterator::SELF_FIRST
+    );
+    foreach ($it as $path => $info) {
+        if ($info->isDir()) {
+            // relative key like "foo/bar"
+            $rel = ltrim(str_replace(['\\'], '/', substr($path, strlen($root) + 1)), '/');
+            if ($rel === '') continue;
+            // skip trash and profile_pics subtrees
+            if ($rel === 'trash' || strpos($rel, 'trash/') === 0) continue;
+            if ($rel === 'profile_pics' || strpos($rel, 'profile_pics/') === 0) continue;
+            // obey the app’s folder-name regex to stay consistent
+            if (preg_match(REGEX_FOLDER_NAME, basename($rel))) {
+                $folders[] = $rel;
+            }
+        }
+    }
+    // de-dup and sort
+    $folders = array_values(array_unique($folders));
+    sort($folders, SORT_NATURAL | SORT_FLAG_CASE);
+    return $folders;
+}
+
+// ---------- main ----------
+
+$uploads = rtrim(UPLOAD_DIR, '/\\');
+$metaDir = rtrim(META_DIR, '/\\');
+
+// Ensure metadata dir exists
+if (!is_dir($metaDir)) {
+    @mkdir($metaDir, 0775, true);
+}
+
+$now = date(DATE_TIME_FORMAT);
+$folders = list_all_folders($uploads);
+
+$totalCreated = 0;
+$totalPruned  = 0;
+
+foreach ($folders as $folderKey) {
+    $absFolder = ($folderKey === 'root')
+        ? $uploads
+        : $uploads . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $folderKey);
+
+    if (!is_dir($absFolder)) continue;
+
+    $files = list_files($absFolder);
+
+    $metaPath = folder_metadata_path($folderKey);
+    $metadata = [];
+    if (is_file($metaPath)) {
+        $decoded = json_decode(@file_get_contents($metaPath), true);
+        if (is_array($decoded)) $metadata = $decoded;
+    }
+
+    // Build a quick lookup of existing entries
+    $existing = array_keys($metadata);
+
+    // ADD missing files
+    foreach ($files as $name) {
+        // Keep same filename validation used in FileModel
+        if (!preg_match(REGEX_FILE_NAME, $name)) continue;
+
+        if (!isset($metadata[$name])) {
+            $metadata[$name] = [
+                'uploaded' => $now,
+                'modified' => $now,
+                'uploader' => 'Imported'
+            ];
+            $totalCreated++;
+            echo "Indexed: " . ($folderKey === 'root' ? '' : $folderKey . '/') . $name . PHP_EOL;
+        }
+    }
+
+    // PRUNE stale metadata entries for files that no longer exist
+    foreach ($existing as $name) {
+        if (!in_array($name, $files, true)) {
+            unset($metadata[$name]);
+            $totalPruned++;
+        }
+    }
+
+    // Ensure parent dir exists and write metadata
+    @mkdir(dirname($metaPath), 0775, true);
+    if (@file_put_contents($metaPath, json_encode($metadata, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)) === false) {
+        fwrite(STDERR, "Failed to write metadata for folder: {$folderKey}\n");
+    }
+}
+
+echo "Done. Created {$totalCreated} entr" . ($totalCreated === 1 ? "y" : "ies") .
+     ", pruned {$totalPruned}.\n";
--- a/src/controllers/FolderController.php
+++ b/src/controllers/FolderController.php
@@ -96,12 +96,14 @@ class FolderController

        // Basic sanitation for folderName.
        if (!preg_match(REGEX_FOLDER_NAME, $folderName)) {
+            http_response_code(400);
            echo json_encode(['error' => 'Invalid folder name.']);
            exit;
        }

        // Optionally sanitize the parent.
        if ($parent && !preg_match(REGEX_FOLDER_NAME, $parent)) {
+            http_response_code(400);
            echo json_encode(['error' => 'Invalid parent folder name.']);
            exit;
        }
--- a/start.sh
+++ b/start.sh
@@ -1,35 +1,67 @@
 #!/bin/bash
 set -euo pipefail
+umask 002
 echo "🚀 Running start.sh..."

-# 1) Token‐key warning
-if [ "${PERSISTENT_TOKENS_KEY}" = "default_please_change_this_key" ]; then
-  echo "⚠️ WARNING: Using default persistent tokens key—override for production."
+# ──────────────────────────────────────────────────────────────
+# 0) If NOT root, we can't remap/chown. Log a hint and skip those parts.
+#    If root, remap www-data to PUID/PGID and (optionally) chown data dirs.
+if [ "$(id -u)" -ne 0 ]; then
+  echo "[startup] Running as non-root. Skipping PUID/PGID remap and chown."
+  echo "[startup] Tip: remove '--user' and set PUID/PGID env vars instead."
+else
+  # Remap www-data to match provided PUID/PGID (e.g., Unraid 99:100 or 1000:1000)
+  if [ -n "${PGID:-}" ]; then
+    current_gid="$(getent group www-data | cut -d: -f3 || true)"
+    if [ "${current_gid}" != "${PGID}" ]; then
+      groupmod -o -g "${PGID}" www-data || true
+    fi
+  fi
+  if [ -n "${PUID:-}" ]; then
+    current_uid="$(id -u www-data 2>/dev/null || echo '')"
+    target_gid="${PGID:-$(getent group www-data | cut -d: -f3)}"
+    if [ "${current_uid}" != "${PUID}" ]; then
+      usermod -o -u "${PUID}" -g "${target_gid}" www-data || true
+    fi
+  fi
+
+  # Optional: normalize ownership on data dirs (good for first run on existing shares)
+  if [ "${CHOWN_ON_START:-true}" = "true" ]; then
+    echo "[startup] Normalizing ownership on uploads/metadata..."
+    chown -R www-data:www-data /var/www/metadata /var/www/uploads || echo "[startup] chown failed (continuing)"
+    chmod -R u+rwX /var/www/metadata /var/www/uploads || echo "[startup] chmod failed (continuing)"
+  fi
+fi
+
+# ──────────────────────────────────────────────────────────────
+# 1) Token‐key warning (guarded for -u)
+if [ "${PERSISTENT_TOKENS_KEY:-}" = "default_please_change_this_key" ] || [ -z "${PERSISTENT_TOKENS_KEY:-}" ]; then
+  echo "⚠️ WARNING: Using default/empty persistent tokens key—override for production."
 fi

 # 2) Update config.php based on environment variables
 CONFIG_FILE="/var/www/config/config.php"
 if [ -f "${CONFIG_FILE}" ]; then
  echo "🔄 Updating config.php from env vars..."
-  [ -n "${TIMEZONE:-}" ]       && sed -i "s|define('TIMEZONE',[[:space:]]*'[^']*');|define('TIMEZONE', '${TIMEZONE}');|" "${CONFIG_FILE}"
+  [ -n "${TIMEZONE:-}" ]         && sed -i "s|define('TIMEZONE',[[:space:]]*'[^']*');|define('TIMEZONE', '${TIMEZONE}');|" "${CONFIG_FILE}"
  [ -n "${DATE_TIME_FORMAT:-}" ] && sed -i "s|define('DATE_TIME_FORMAT',[[:space:]]*'[^']*');|define('DATE_TIME_FORMAT', '${DATE_TIME_FORMAT}');|" "${CONFIG_FILE}"
  if [ -n "${TOTAL_UPLOAD_SIZE:-}" ]; then
    sed -i "s|define('TOTAL_UPLOAD_SIZE',[[:space:]]*'[^']*');|define('TOTAL_UPLOAD_SIZE', '${TOTAL_UPLOAD_SIZE}');|" "${CONFIG_FILE}"
  fi
-  [ -n "${SECURE:-}" ]         && sed -i "s|\$envSecure = getenv('SECURE');|\$envSecure = '${SECURE}';|" "${CONFIG_FILE}"
-  [ -n "${SHARE_URL:-}" ]      && sed -i "s|define('SHARE_URL',[[:space:]]*'[^']*');|define('SHARE_URL', '${SHARE_URL}');|" "${CONFIG_FILE}"
+  [ -n "${SECURE:-}" ]           && sed -i "s|\$envSecure = getenv('SECURE');|\$envSecure = '${SECURE}';|" "${CONFIG_FILE}"
+  # NOTE: SHARE_URL is read from getenv in PHP; no sed needed.
 fi

-# 2.1) Prepare metadata/log for Apache logs
+# 2.1) Prepare metadata/log & sessions
 mkdir -p /var/www/metadata/log
-chown www-data:www-data    /var/www/metadata/log
-chmod 775                  /var/www/metadata/log
+chown www-data:www-data /var/www/metadata/log
+chmod 775 /var/www/metadata/log

 mkdir -p /var/www/sessions
 chown www-data:www-data /var/www/sessions
 chmod 700 /var/www/sessions

-# 2.2) Prepare other dynamic dirs
+# 2.2) Prepare dynamic dirs (uploads/users/metadata)
 for d in uploads users metadata; do
  tgt="/var/www/${d}"
  mkdir -p "${tgt}"
@@ -37,7 +69,7 @@ for d in uploads users metadata; do
  chmod 775 "${tgt}"
 done

-# 3) Ensure PHP config dir & set upload limits
+# 3) Ensure PHP conf dir & set upload limits
 mkdir -p /etc/php/8.3/apache2/conf.d
 if [ -n "${TOTAL_UPLOAD_SIZE:-}" ]; then
  echo "🔄 Setting PHP upload limits to ${TOTAL_UPLOAD_SIZE}"
@@ -49,8 +81,7 @@ fi

 # 4) Adjust Apache LimitRequestBody
 if [ -n "${TOTAL_UPLOAD_SIZE:-}" ]; then
-  # convert to bytes
-  size_str=$(echo "${TOTAL_UPLOAD_SIZE}" | tr '[:upper:]' '[:lower:]')
+  size_str="$(echo "${TOTAL_UPLOAD_SIZE}" | tr '[:upper:]' '[:lower:]')"
  case "${size_str: -1}" in
    g) factor=$((1024*1024*1024)); num=${size_str%g} ;;
    m) factor=$((1024*1024));       num=${size_str%m} ;;
@@ -73,29 +104,22 @@ EOF

 # 6) Override ports if provided
 if [ -n "${HTTP_PORT:-}" ]; then
-  sed -i "s/^Listen 80$/Listen ${HTTP_PORT}/" /etc/apache2/ports.conf
-  sed -i "s/<VirtualHost \*:80>/<VirtualHost *:${HTTP_PORT}>/" /etc/apache2/sites-available/000-default.conf
+  sed -i "s/^Listen 80$/Listen ${HTTP_PORT}/" /etc/apache2/ports.conf || true
+  sed -i "s/<VirtualHost \*:80>/<VirtualHost *:${HTTP_PORT}>/" /etc/apache2/sites-available/000-default.conf || true
 fi
 if [ -n "${HTTPS_PORT:-}" ]; then
-  sed -i "s/^Listen 443$/Listen ${HTTPS_PORT}/" /etc/apache2/ports.conf
+  sed -i "s/^Listen 443$/Listen ${HTTPS_PORT}/" /etc/apache2/ports.conf || true
 fi

-# 7) Set ServerName
-if [ -n "${SERVER_NAME:-}" ]; then
-  echo "ServerName ${SERVER_NAME}" >> /etc/apache2/apache2.conf
+# 7) Set ServerName (idempotent)
+SN="${SERVER_NAME:-FileRise}"
+if grep -qE '^ServerName\s' /etc/apache2/apache2.conf; then
+  sed -i "s|^ServerName .*|ServerName ${SN}|" /etc/apache2/apache2.conf
 else
-  echo "ServerName FileRise" >> /etc/apache2/apache2.conf
+  echo "ServerName ${SN}" >> /etc/apache2/apache2.conf
 fi

-# 8) Prepare dynamic data directories with least privilege
-for d in uploads users metadata; do
-  tgt="/var/www/${d}"
-  mkdir -p "${tgt}"
-  chown www-data:www-data "${tgt}"
-  chmod 775 "${tgt}"
-done
-
-# 9) Initialize persistent files if absent
+# 8) Initialize persistent files if absent
 if [ ! -f /var/www/users/users.txt ]; then
  echo "" > /var/www/users/users.txt
  chown www-data:www-data /var/www/users/users.txt
@@ -108,5 +132,26 @@ if [ ! -f /var/www/metadata/createdTags.json ]; then
  chmod 664 /var/www/metadata/createdTags.json
 fi

+# 8.5) Harden scan script perms (only if root)
+if [ -f /var/www/scripts/scan_uploads.php ] && [ "$(id -u)" -eq 0 ]; then
+  chown root:root /var/www/scripts/scan_uploads.php
+  chmod 0644 /var/www/scripts/scan_uploads.php
+fi
+
+# 9) One-shot scan when the container starts (opt-in via SCAN_ON_START)
+if [ "${SCAN_ON_START:-}" = "true" ]; then
+  echo "[startup] Scanning uploads directory to build metadata..."
+  if [ "$(id -u)" -eq 0 ]; then
+    if command -v runuser >/dev/null 2>&1; then
+      runuser -u www-data -- /usr/bin/php /var/www/scripts/scan_uploads.php || echo "[startup] Scan failed (continuing)"
+    else
+      su -s /bin/sh -c "/usr/bin/php /var/www/scripts/scan_uploads.php" www-data || echo "[startup] Scan failed (continuing)"
+    fi
+  else
+    # Non-root fallback: run as current user (permissions may limit writes)
+    /usr/bin/php /var/www/scripts/scan_uploads.php || echo "[startup] Scan failed (continuing)"
+  fi
+fi
+
 echo "🔥 Starting Apache..."
-exec apachectl -D FOREGROUND
+exec apachectl -D FOREGROUND
Author	SHA1	Message	Date
Ryan	e3e3aaa475	chore(scanner): skip profile_pics subtree during scans	2025-10-04 03:35:39 -04:00
Ryan	494be05801	fix(scanner): rebuild per-folder metadata to match File/Folder models	2025-10-04 03:15:55 -04:00
Ryan	ceb651894e	fix(scanner): resolve dirs via CLI/env/constants; write per-item JSON; skip trash	2025-10-04 03:00:15 -04:00
Ryan	ad72ef74d1	Fix: robust PUID/PGID handling; optional ownership normalization (closes #43 )	2025-10-04 02:25:16 -04:00
Ryan	680c82638f	Chore: keep BASE_URL fallback, prefer env SHARE_URL; fix HTTPS auto-detect	2025-10-04 01:55:02 -04:00
Ryan	31f54afc74	Fix: index externally added files on startup; harden start.sh (fixes #46 )	2025-10-04 01:13:45 -04:00
Ryan	4f39b3a41e	Support clipboard paste image uploads with UI cleanup (closes #40 )	2025-05-27 23:48:33 -04:00
Ryan	40cecc10ad	support CIFS-mounted uploads and automatic scan on container start (closes #34 )	2025-05-27 19:53:00 -04:00
Ryan	aee78c9750	REGEX_FOLDER_NAME updated (closes #39 )	2025-05-26 18:14:08 -04:00
Ryan	16ccb66d55	Add folder-strip context menu & combined Create File/Folder dropdown	2025-05-23 08:55:09 -04:00
Ryan	9209f7a582	Center folder strip name, fix file share url, keep fileList wrapping tight (closes #38 )	2025-05-22 07:32:38 -04:00
Ryan	4a736b0224	Enable drag-and-drop to folder strip & fix restore toast messaging	2025-05-21 00:54:20 -04:00