From 38524cc45984ad2b836f2125c02d81f9d15666fe Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Sun, 24 May 2026 23:27:11 +0800
Subject: [PATCH 01/16] feat(sharing): batch-apply collaborator/permission
 changes on Done + add regenerate share password

---
 web/src/components/common/ShareDialog.spec.ts | 329 ++++++++++
 web/src/components/common/ShareDialog.vue     | 580 ++++++++++--------
 .../sharing/SharedLinksTable.spec.ts          |  42 +-
 .../organisms/sharing/SharedLinksTable.vue    |  11 +-
 web/src/composables/useSharingCenter.spec.ts  | 174 ++++++
 web/src/composables/useSharingCenter.ts       |  44 +-
 web/src/i18n/messages.ts                      |  42 ++
 web/src/pages/shared/SharedWithMe.vue         |   8 +-
 8 files changed, 956 insertions(+), 274 deletions(-)
 create mode 100644 web/src/components/common/ShareDialog.spec.ts
 create mode 100644 web/src/composables/useSharingCenter.spec.ts

diff --git a/web/src/components/common/ShareDialog.spec.ts b/web/src/components/common/ShareDialog.spec.ts
new file mode 100644
index 0000000..7b911b8
--- /dev/null
+++ b/web/src/components/common/ShareDialog.spec.ts
@@ -0,0 +1,329 @@
+import { describe, expect, it, beforeEach, vi } from 'vitest';
+import { nextTick } from 'vue';
+import { mount } from '../../test/mount';
+import ShareDialog from './ShareDialog.vue';
+import type { Share } from '../../types/share';
+
+type MockPagination = {
+  totalItems: number;
+  totalPages: number;
+  perPage: number;
+  currentPage: number;
+  hasPrev: boolean;
+  hasNext: boolean;
+};
+
+type MockShareList = {
+  items: Share[];
+  pagination: MockPagination;
+};
+
+const {
+  getSharesMock,
+  createShareMock,
+  updateShareSettingsMock,
+  deleteShareMock,
+  getPermissionsMock,
+  createPermissionMock,
+  updatePermissionMock,
+  deletePermissionMock,
+  getUsersMock,
+  getUserGroupsMock,
+  confirmMock,
+  copyTextMock,
+} = vi.hoisted(() => ({
+  getSharesMock: vi.fn(async (): Promise<MockShareList> => ({
+    items: [],
+    pagination: { totalItems: 0, totalPages: 1, perPage: 100, currentPage: 1, hasPrev: false, hasNext: false },
+  })),
+  createShareMock: vi.fn(async (_payload?: Record<string, unknown>): Promise<Share> => ({
+    shareId: 's-new',
+    shareLink: 'NEW123',
+    itemType: 'file',
+    itemInfo: { id: 'f-1', name: 'draft.txt', size: 12, mimeType: 'text/plain', folderPath: '/My Files' },
+    settings: { passwordProtected: false, expireAt: null, allowDownload: true, allowPreview: true },
+    createdAt: '2026-05-24T00:00:00.000Z',
+  })),
+  updateShareSettingsMock: vi.fn(async (_shareLink?: string, _payload?: Record<string, unknown>): Promise<Share> => ({
+    shareId: 's-new',
+    shareLink: 'NEW123',
+    itemType: 'file',
+    itemInfo: { id: 'f-1', name: 'draft.txt', size: 12, mimeType: 'text/plain', folderPath: '/My Files' },
+    settings: { passwordProtected: false, expireAt: null, allowDownload: true, allowPreview: false },
+    createdAt: '2026-05-24T00:00:00.000Z',
+  })),
+  deleteShareMock: vi.fn(async () => ({
+    shareId: 's-old',
+    shareLink: 'OLD999',
+    deletedAt: '2026-05-24T00:00:00.000Z',
+  })),
+  getPermissionsMock: vi.fn(async () => ({ items: [], pagination: { totalItems: 0, totalPages: 1, perPage: 50, currentPage: 1, hasPrev: false, hasNext: false } })),
+  createPermissionMock: vi.fn(async () => ({
+    permissionId: 'perm-new',
+    itemType: 'file',
+    itemId: 'f-1',
+    grantedTo: { type: 'user', id: 'u-2', name: 'alice' },
+    permission: 'read',
+    createdAt: '2026-05-24T00:00:00.000Z',
+  })),
+  updatePermissionMock: vi.fn(async () => ({})),
+  deletePermissionMock: vi.fn(async () => ({})),
+  getUsersMock: vi.fn(async () => ({ items: [{ userId: 'u-2', username: 'alice', email: 'alice@example.com' }] })),
+  getUserGroupsMock: vi.fn(async () => ({ items: [] })),
+  confirmMock: vi.fn(async () => true),
+  copyTextMock: vi.fn(async () => undefined),
+}));
+
+vi.mock('@vueuse/core', () => ({
+  useDebounceFn: (fn: (...args: unknown[]) => unknown) => fn,
+}));
+
+vi.mock('../../api/share', () => ({
+  getShares: getSharesMock,
+  createShare: createShareMock,
+  updateShareSettings: updateShareSettingsMock,
+  deleteShare: deleteShareMock,
+}));
+
+vi.mock('../../api/permission', () => ({
+  getPermissions: getPermissionsMock,
+  createPermission: createPermissionMock,
+  updatePermission: updatePermissionMock,
+  deletePermission: deletePermissionMock,
+}));
+
+vi.mock('../../api/user', () => ({
+  getUsers: getUsersMock,
+}));
+
+vi.mock('../../api/usergroup', () => ({
+  getUserGroups: getUserGroupsMock,
+}));
+
+vi.mock('../../utils/ui', () => ({
+  ui: {
+    confirm: confirmMock,
+    copyText: copyTextMock,
+    toast: vi.fn(),
+    promptText: vi.fn(),
+    resolveConfirm: vi.fn(),
+    resolvePrompt: vi.fn(),
+    dismissToast: vi.fn(),
+  },
+  uiState: {
+    confirm: null,
+    prompt: null,
+    toasts: [],
+  },
+}));
+
+const baseItem = {
+  itemType: 'file' as const,
+  id: 'f-1',
+  name: 'draft.txt',
+  size: 12,
+  mimeType: 'text/plain',
+  ownerName: 'owner',
+  createdAt: '2026-05-24T00:00:00.000Z',
+  updatedAt: '2026-05-24T00:00:00.000Z',
+  folderId: 'root',
+};
+
+const makeShare = (overrides: Partial<Share> = {}): Share => {
+  const base: Share = {
+    shareId: 's-new',
+    shareLink: 'NEW123',
+    itemType: 'file',
+    itemInfo: { id: 'f-1', name: 'draft.txt', size: 12, mimeType: 'text/plain', folderPath: '/My Files' },
+    settings: { passwordProtected: false, expireAt: null, allowDownload: true, allowPreview: true },
+    createdAt: '2026-05-24T00:00:00.000Z',
+  };
+  return {
+    ...base,
+    ...overrides,
+    itemInfo: { ...base.itemInfo, ...(overrides.itemInfo || {}) },
+    settings: { ...base.settings, ...(overrides.settings || {}) },
+  };
+};
+
+const flush = async () => {
+  await Promise.resolve();
+  await nextTick();
+  await Promise.resolve();
+};
+
+const openDialog = async () => {
+  const wrapper = mount(ShareDialog, {
+    props: {
+      isVisible: false,
+      itemToShare: baseItem,
+    },
+  });
+  await wrapper.setProps({ isVisible: true });
+  await flush();
+  return wrapper;
+};
+
+const addDraftCollaborator = async (wrapper: ReturnType<typeof mount>) => {
+  const input = wrapper.find('.search-box input');
+  await input.setValue('ali');
+  await input.trigger('input');
+  await flush();
+  const result = wrapper.find('.search-item');
+  await result.trigger('click');
+  await flush();
+};
+
+describe('ShareDialog draft submit flow', () => {
+  beforeEach(() => {
+    getSharesMock.mockClear();
+    createShareMock.mockClear();
+    updateShareSettingsMock.mockClear();
+    deleteShareMock.mockClear();
+    getPermissionsMock.mockClear();
+    createPermissionMock.mockClear();
+    updatePermissionMock.mockClear();
+    deletePermissionMock.mockClear();
+    getUsersMock.mockClear();
+    getUserGroupsMock.mockClear();
+    confirmMock.mockClear();
+    copyTextMock.mockClear();
+  });
+
+  it('does not submit anything when closed without done', async () => {
+    const wrapper = await openDialog();
+    await wrapper.find('.modal-close').trigger('click');
+
+    expect(wrapper.emitted('close')).toBeTruthy();
+    expect(createShareMock).not.toHaveBeenCalled();
+    expect(updateShareSettingsMock).not.toHaveBeenCalled();
+    expect(createPermissionMock).not.toHaveBeenCalled();
+    expect(updatePermissionMock).not.toHaveBeenCalled();
+    expect(deletePermissionMock).not.toHaveBeenCalled();
+    expect(deleteShareMock).not.toHaveBeenCalled();
+  });
+
+  it('submits collaborator and share settings only when done is clicked', async () => {
+    const wrapper = await openDialog();
+
+    const switchInput = wrapper.find('.switch input[type="checkbox"]');
+    await switchInput.setValue(true);
+    await addDraftCollaborator(wrapper);
+
+    const settingChecks = wrapper.findAll('.settings-grid .setting-check input[type="checkbox"]');
+    await settingChecks[2].setValue(false);
+    await wrapper.find('.done-btn').trigger('click');
+    await flush();
+
+    expect(createPermissionMock).toHaveBeenCalledTimes(1);
+    expect(createPermissionMock).toHaveBeenCalledWith({
+      fileId: 'f-1',
+      userId: 'u-2',
+      groupId: undefined,
+      permission: 'read',
+    });
+    expect(createShareMock).toHaveBeenCalledTimes(1);
+    expect(updateShareSettingsMock).toHaveBeenCalledTimes(1);
+    expect(updateShareSettingsMock).toHaveBeenCalledWith('NEW123', expect.objectContaining({ allowPreview: false }));
+    expect(wrapper.emitted('close')).toBeTruthy();
+  });
+
+  it('requires confirmation before revoking an existing public link', async () => {
+    getSharesMock.mockImplementationOnce(async (): Promise<MockShareList> => ({
+      items: [makeShare({ shareId: 's-old', shareLink: 'OLD999' })],
+      pagination: { totalItems: 1, totalPages: 1, perPage: 100, currentPage: 1, hasPrev: false, hasNext: false },
+    }));
+
+    const wrapper = await openDialog();
+    const switchInput = wrapper.find('.switch input[type="checkbox"]');
+    await switchInput.setValue(false);
+
+    confirmMock.mockResolvedValueOnce(false);
+    await wrapper.find('.done-btn').trigger('click');
+    await flush();
+
+    expect(confirmMock).toHaveBeenCalledTimes(1);
+    expect(deleteShareMock).not.toHaveBeenCalled();
+    expect(wrapper.emitted('close')).toBeFalsy();
+
+    confirmMock.mockResolvedValueOnce(true);
+    await wrapper.find('.done-btn').trigger('click');
+    await flush();
+
+    expect(deleteShareMock).toHaveBeenCalledTimes(1);
+    expect(deleteShareMock).toHaveBeenCalledWith('OLD999');
+    expect(wrapper.emitted('close')).toBeTruthy();
+  });
+
+  it('shows auto-generated password after done when password was left blank', async () => {
+    updateShareSettingsMock.mockImplementationOnce(async () => makeShare({
+      settings: {
+        passwordProtected: true,
+        password: 'AUTO-987654',
+        expireAt: null,
+        allowDownload: true,
+        allowPreview: true,
+      },
+    }));
+
+    const wrapper = await openDialog();
+    await wrapper.find('.switch input[type="checkbox"]').setValue(true);
+
+    const settingChecks = wrapper.findAll('.settings-grid .setting-check input[type="checkbox"]');
+    await settingChecks[0].setValue(true);
+    await wrapper.find('.done-btn').trigger('click');
+    await flush();
+
+    expect(updateShareSettingsMock).toHaveBeenCalledTimes(1);
+    const payload = updateShareSettingsMock.mock.calls[0]?.[1] as Record<string, unknown> | undefined;
+    expect(payload?.passwordProtected).toBe(true);
+    expect(payload?.password).toBeUndefined();
+    expect(copyTextMock).toHaveBeenCalledTimes(1);
+    expect(copyTextMock).toHaveBeenCalledWith(expect.objectContaining({ text: 'AUTO-987654' }));
+    expect(wrapper.emitted('close')).toBeTruthy();
+  });
+
+  it('does not force password dialog after done when user provided password manually', async () => {
+    updateShareSettingsMock.mockImplementationOnce(async () => makeShare({
+      settings: {
+        passwordProtected: true,
+        password: 'manual-pass',
+        expireAt: null,
+        allowDownload: true,
+        allowPreview: true,
+      },
+    }));
+
+    const wrapper = await openDialog();
+    await wrapper.find('.switch input[type="checkbox"]').setValue(true);
+
+    const settingChecks = wrapper.findAll('.settings-grid .setting-check input[type="checkbox"]');
+    await settingChecks[0].setValue(true);
+    await wrapper.find('.password-row input').setValue('manual-pass');
+    await wrapper.find('.done-btn').trigger('click');
+    await flush();
+
+    expect(updateShareSettingsMock).toHaveBeenCalledTimes(1);
+    const payload = updateShareSettingsMock.mock.calls[0]?.[1] as Record<string, unknown> | undefined;
+    expect(payload?.password).toBe('manual-pass');
+    expect(copyTextMock).not.toHaveBeenCalled();
+    expect(wrapper.emitted('close')).toBeTruthy();
+  });
+
+  it('keeps dialog open and refreshes state when submit fails', async () => {
+    createPermissionMock.mockRejectedValueOnce(new Error('boom'));
+    const wrapper = await openDialog();
+    const initialShareCalls = getSharesMock.mock.calls.length;
+    const initialPermissionCalls = getPermissionsMock.mock.calls.length;
+
+    const switchInput = wrapper.find('.switch input[type="checkbox"]');
+    await switchInput.setValue(true);
+    await addDraftCollaborator(wrapper);
+    await wrapper.find('.done-btn').trigger('click');
+    await flush();
+
+    expect(wrapper.emitted('close')).toBeFalsy();
+    expect(getSharesMock.mock.calls.length).toBeGreaterThan(initialShareCalls);
+    expect(getPermissionsMock.mock.calls.length).toBeGreaterThan(initialPermissionCalls);
+  });
+});
diff --git a/web/src/components/common/ShareDialog.vue b/web/src/components/common/ShareDialog.vue
index f8dff89..b6a501e 100644
--- a/web/src/components/common/ShareDialog.vue
+++ b/web/src/components/common/ShareDialog.vue
@@ -5,13 +5,27 @@ import type { ContentItem } from '../../types/file';
 import type { Collaborator, Share } from '../../types/share';
 import type { PermissionItem } from '../../types/permission';
 import type { User, UserGroup } from '../../types/user';
-import { createShare, getShares, updateShareSettings } from '../../api/share';
+import { createShare, deleteShare, getShares, updateShareSettings } from '../../api/share';
 import { getUsers } from '../../api/user';
 import { getUserGroups } from '../../api/usergroup';
 import { createPermission, deletePermission, getPermissions, updatePermission } from '../../api/permission';
 import { useLocaleStore } from '../../store/locale';
 import { ui } from '../../utils/ui';
 
+type SharePermission = 'read' | 'write' | 'admin';
+
+interface ShareSettingsDraft {
+  passwordProtected: boolean;
+  password: string;
+  expireAt: string;
+  allowDownload: boolean;
+  allowPreview: boolean;
+}
+
+interface ShareApplyResult {
+  autoGeneratedPassword: string | null;
+}
+
 interface Props {
   isVisible: boolean;
   itemToShare: ContentItem | null;
@@ -26,21 +40,24 @@ const searchKeyword = ref('');
 const searchResults = ref<Collaborator[]>([]);
 const collaborators = ref<Collaborator[]>([]);
 const isSearching = ref(false);
+const isSubmitting = ref(false);
+
+const initialCollaborators = ref<Collaborator[]>([]);
+const initialShare = ref<Share | null>(null);
 
 const publicLinkEnabled = ref(false);
-const publicLink = ref('');
 const currentShareLink = ref('');
-const isCreatingShare = ref(false);
-const isSavingSettings = ref(false);
 const settingsMessage = ref('');
 
-const shareSettings = ref({
-	  passwordProtected: false,
-	  password: '' as string,
-	  expireAt: '' as string,
-	  allowDownload: true,
-	  allowPreview: true,
-	});
+const createDefaultSettings = (): ShareSettingsDraft => ({
+  passwordProtected: false,
+  password: '',
+  expireAt: '',
+  allowDownload: true,
+  allowPreview: true,
+});
+
+const shareSettings = ref<ShareSettingsDraft>(createDefaultSettings());
 
 const currentItemPayload = computed(() => {
   if (!props.itemToShare) return null;
@@ -52,12 +69,48 @@ const currentItemPayload = computed(() => {
   return { folderId: props.itemToShare.id };
 });
 
-const fetchPermissions = async () => {
-  if (!currentItemPayload.value) return;
+const publicLink = computed(() => {
+  if (!currentShareLink.value) return '';
+  return `${window.location.origin}/share/${currentShareLink.value}`;
+});
+
+const cloneCollaborator = (collaborator: Collaborator): Collaborator => ({
+  id: collaborator.id,
+  name: collaborator.name,
+  type: collaborator.type,
+  email: collaborator.email,
+  avatar: collaborator.avatar,
+  permission: collaborator.permission,
+  permissionId: collaborator.permissionId,
+});
+
+const collaboratorKey = (collaborator: Pick<Collaborator, 'type' | 'id'>): string =>
+  `${collaborator.type}:${collaborator.id}`;
+
+const normalizePermission = (permission: Collaborator['permission']): SharePermission =>
+  permission || 'read';
+
+const hydrateShareSettings = (share: Share | null) => {
+  if (!share) {
+    shareSettings.value = createDefaultSettings();
+    return;
+  }
+
+  shareSettings.value = {
+    passwordProtected: share.settings.passwordProtected,
+    password: share.settings.password || '',
+    expireAt: share.settings.expireAt ? share.settings.expireAt.slice(0, 10) : '',
+    allowDownload: share.settings.allowDownload,
+    allowPreview: share.settings.allowPreview,
+  };
+};
+
+const fetchPermissions = async (): Promise<Collaborator[]> => {
+  if (!currentItemPayload.value) return [];
 
   try {
     const response = await getPermissions({ ...currentItemPayload.value, page: 1, perPage: 50 });
-    collaborators.value = response.items.map((permission: PermissionItem) => ({
+    return response.items.map((permission: PermissionItem) => ({
       id: permission.grantedTo.id,
       name: permission.grantedTo.name,
       type: permission.grantedTo.type,
@@ -66,54 +119,43 @@ const fetchPermissions = async () => {
     }));
   } catch (error) {
     console.error('Failed to fetch permissions', error);
-    collaborators.value = [];
+    return [];
   }
 };
 
-const hydrateShareSettings = (share: Share) => {
-	  shareSettings.value = {
-	    passwordProtected: share.settings.passwordProtected,
-	    password: share.settings.password || '',
-	    expireAt: share.settings.expireAt ? share.settings.expireAt.slice(0, 10) : '',
-	    allowDownload: share.settings.allowDownload,
-	    allowPreview: share.settings.allowPreview,
-	  };
-	};
-
-const loadExistingShare = async () => {
-  if (!props.itemToShare) {
-    return;
-  }
+const loadExistingShare = async (): Promise<Share | null> => {
+  if (!props.itemToShare) return null;
 
   try {
     const response = await getShares({ page: 1, perPage: 100 });
-    const matched = response.items.find(
-      (item) => item.itemType === props.itemToShare?.itemType && item.itemInfo.id === props.itemToShare?.id,
+    return (
+      response.items.find(
+        (item) => item.itemType === props.itemToShare?.itemType && item.itemInfo.id === props.itemToShare?.id,
+      ) || null
     );
-
-	    if (!matched) {
-	      currentShareLink.value = '';
-	      publicLink.value = '';
-	      publicLinkEnabled.value = false;
-	      shareSettings.value = {
-	        passwordProtected: false,
-	        password: '',
-	        expireAt: '',
-	        allowDownload: true,
-	        allowPreview: true,
-	      };
-	      return;
-	    }
-
-    currentShareLink.value = matched.shareLink;
-    publicLink.value = `${window.location.origin}/share/${matched.shareLink}`;
-    publicLinkEnabled.value = true;
-    hydrateShareSettings(matched);
   } catch (error) {
     console.error('Failed to load existing share', error);
+    return null;
   }
 };
 
+const resetDraft = (nextCollaborators: Collaborator[], share: Share | null) => {
+  initialCollaborators.value = nextCollaborators.map(cloneCollaborator);
+  collaborators.value = nextCollaborators.map(cloneCollaborator);
+  initialShare.value = share;
+  currentShareLink.value = share?.shareLink || '';
+  publicLinkEnabled.value = Boolean(share);
+  hydrateShareSettings(share);
+  searchKeyword.value = '';
+  searchResults.value = [];
+  settingsMessage.value = '';
+};
+
+const refreshDialogState = async () => {
+  const [permissionList, share] = await Promise.all([fetchPermissions(), loadExistingShare()]);
+  resetDraft(permissionList, share);
+};
+
 const searchCollaborators = async (keyword: string) => {
   const query = keyword.trim();
   if (!query) {
@@ -141,8 +183,8 @@ const searchCollaborators = async (keyword: string) => {
       type: 'group',
     }));
 
-    const existingIds = new Set(collaborators.value.map((item) => `${item.type}:${item.id}`));
-    searchResults.value = [...userResults, ...groupResults].filter((item) => !existingIds.has(`${item.type}:${item.id}`));
+    const existingIds = new Set(collaborators.value.map((item) => collaboratorKey(item)));
+    searchResults.value = [...userResults, ...groupResults].filter((item) => !existingIds.has(collaboratorKey(item)));
   } finally {
     isSearching.value = false;
   }
@@ -150,133 +192,30 @@ const searchCollaborators = async (keyword: string) => {
 
 const debouncedSearch = useDebounceFn(searchCollaborators, 260);
 
-const addCollaborator = async (target: Collaborator) => {
-  if (!currentItemPayload.value) return;
-
-  try {
-    const created = await createPermission({
-      ...currentItemPayload.value,
-      userId: target.type === 'user' ? target.id : undefined,
-      groupId: target.type === 'group' ? target.id : undefined,
-      permission: 'read',
-    });
-
-    collaborators.value.push({
-      ...target,
-      permission: created.permission,
-      permissionId: created.permissionId,
-    });
-
-    searchKeyword.value = '';
-    searchResults.value = [];
-  } catch (error) {
-    console.error('Failed to add collaborator', error);
+const addCollaborator = (target: Collaborator) => {
+  if (isSubmitting.value) return;
+  const key = collaboratorKey(target);
+  if (collaborators.value.some((item) => collaboratorKey(item) === key)) {
+    return;
   }
-};
 
-const changePermission = async (collaborator: Collaborator, permission: 'read' | 'write' | 'admin') => {
-  if (!collaborator.permissionId) return;
+  collaborators.value.push({
+    ...cloneCollaborator(target),
+    permission: 'read',
+  });
 
-  try {
-    await updatePermission(collaborator.permissionId, { permission });
-    collaborator.permission = permission;
-  } catch (error) {
-    console.error('Failed to update permission', error);
-  }
+  searchKeyword.value = '';
+  searchResults.value = [];
 };
 
-const removeCollaborator = async (collaborator: Collaborator) => {
-  if (!collaborator.permissionId) return;
-
-  try {
-    await deletePermission(collaborator.permissionId);
-    collaborators.value = collaborators.value.filter((item) => item.permissionId !== collaborator.permissionId);
-  } catch (error) {
-    console.error('Failed to remove permission', error);
-  }
+const changePermission = (collaborator: Collaborator, permission: SharePermission) => {
+  if (isSubmitting.value) return;
+  collaborator.permission = permission;
 };
 
-const createPublicShare = async () => {
-  if (!props.itemToShare) return;
-
-  isCreatingShare.value = true;
-  settingsMessage.value = '';
-  try {
-    const share = await createShare({
-      resourceType: props.itemToShare.itemType,
-      resourceId: props.itemToShare.id,
-    });
-
-    currentShareLink.value = share.shareLink;
-    publicLink.value = `${window.location.origin}/share/${share.shareLink}`;
-    hydrateShareSettings(share);
-  } catch (error) {
-    console.error('Failed to create share link', error);
-    publicLinkEnabled.value = false;
-  } finally {
-    isCreatingShare.value = false;
-  }
-};
-
-const saveShareSettings = async () => {
-	  if (!currentShareLink.value) return;
-
-	  isSavingSettings.value = true;
-	  settingsMessage.value = '';
-
-	  try {
-	    const payload: Record<string, any> = {
-	      passwordProtected: shareSettings.value.passwordProtected,
-	      allowDownload: shareSettings.value.allowDownload,
-	      allowPreview: shareSettings.value.allowPreview,
-	      expireAt: shareSettings.value.expireAt ? `${shareSettings.value.expireAt}T23:59:59.000Z` : null,
-	    };
-
-	    const trimmedPassword = shareSettings.value.password?.trim();
-	    if (shareSettings.value.passwordProtected && trimmedPassword) {
-	      payload.password = trimmedPassword;
-	    }
-
-	    const updated = await updateShareSettings(currentShareLink.value, payload);
-
-	    hydrateShareSettings(updated);
-	    if (updated.settings.password) {
-	      shareSettings.value.password = updated.settings.password;
-	      settingsMessage.value = t('share.dialog.settings.passwordUpdated');
-	    } else {
-	      settingsMessage.value = t('share.dialog.settings.saved');
-	    }
-	  } catch (error) {
-	    console.error('Failed to save share settings', error);
-	    settingsMessage.value = t('share.dialog.settings.saveFailed');
-	  } finally {
-	    isSavingSettings.value = false;
-	  }
-		};
-
-const regeneratePassword = async () => {
-  if (!currentShareLink.value) return;
-
-  isSavingSettings.value = true;
-  settingsMessage.value = '';
-
-  try {
-    const updated = await updateShareSettings(currentShareLink.value, {
-      passwordProtected: true,
-      regeneratePassword: true,
-    });
-
-    hydrateShareSettings(updated);
-	    if (updated.settings.password) {
-	      shareSettings.value.password = updated.settings.password;
-	    }
-	    settingsMessage.value = t('share.dialog.settings.regenerated');
-	  } catch (error) {
-	    console.error('Failed to regenerate password', error);
-	    settingsMessage.value = t('share.dialog.settings.regenerateFailed');
-	  } finally {
-	    isSavingSettings.value = false;
-	  }
+const removeCollaborator = (collaborator: Collaborator) => {
+  if (isSubmitting.value) return;
+  collaborators.value = collaborators.value.filter((item) => collaboratorKey(item) !== collaboratorKey(collaborator));
 };
 
 const copyPassword = async () => {
@@ -294,6 +233,7 @@ const copyPassword = async () => {
 };
 
 const clearExpireDate = () => {
+  if (isSubmitting.value) return;
   shareSettings.value.expireAt = '';
 };
 
@@ -312,28 +252,154 @@ const copyLink = async () => {
   }
 };
 
-watch(
-  () => props.isVisible,
-  async (visible) => {
-    if (!visible) return;
+const buildShareSettingsPayload = () => {
+  const trimmedPassword = shareSettings.value.password.trim();
+  const shouldAutoGeneratePassword = shareSettings.value.passwordProtected && !trimmedPassword;
+  const payload: Record<string, string | boolean | null> = {
+    passwordProtected: shareSettings.value.passwordProtected,
+    allowDownload: shareSettings.value.allowDownload,
+    allowPreview: shareSettings.value.allowPreview,
+    expireAt: shareSettings.value.expireAt ? `${shareSettings.value.expireAt}T23:59:59.000Z` : null,
+  };
+
+  if (shareSettings.value.passwordProtected && trimmedPassword) {
+    payload.password = trimmedPassword;
+  }
 
-    searchKeyword.value = '';
-    searchResults.value = [];
-    settingsMessage.value = '';
+  return { payload, shouldAutoGeneratePassword };
+};
 
-    await Promise.all([fetchPermissions(), loadExistingShare()]);
-  },
-);
+const hasSettingsChanged = (before: Share, after: ShareSettingsDraft): boolean => {
+  const beforeExpireAt = before.settings.expireAt ? before.settings.expireAt.slice(0, 10) : '';
+  if (before.settings.passwordProtected !== after.passwordProtected) return true;
+  if (before.settings.allowDownload !== after.allowDownload) return true;
+  if (before.settings.allowPreview !== after.allowPreview) return true;
+  if (beforeExpireAt !== after.expireAt) return true;
+  if (after.passwordProtected && after.password.trim()) return true;
+  return false;
+};
+
+const applyCollaboratorChanges = async () => {
+  const payloadBase = currentItemPayload.value;
+  if (!payloadBase) return;
+
+  const initialMap = new Map(initialCollaborators.value.map((item) => [collaboratorKey(item), item]));
+  const draftMap = new Map(collaborators.value.map((item) => [collaboratorKey(item), item]));
 
-watch(publicLinkEnabled, (enabled) => {
-  if (enabled && !currentShareLink.value) {
-    createPublicShare();
+  for (const initialItem of initialCollaborators.value) {
+    const key = collaboratorKey(initialItem);
+    if (draftMap.has(key)) continue;
+    if (!initialItem.permissionId) continue;
+    await deletePermission(initialItem.permissionId);
   }
 
-  if (!enabled) {
-    settingsMessage.value = t('share.dialog.publicHiddenNotice');
+  for (const draftItem of collaborators.value) {
+    const key = collaboratorKey(draftItem);
+    const initialItem = initialMap.get(key);
+    if (!initialItem) {
+      await createPermission({
+        ...payloadBase,
+        userId: draftItem.type === 'user' ? draftItem.id : undefined,
+        groupId: draftItem.type === 'group' ? draftItem.id : undefined,
+        permission: normalizePermission(draftItem.permission),
+      });
+      continue;
+    }
+
+    if (!initialItem.permissionId) continue;
+    if (normalizePermission(initialItem.permission) === normalizePermission(draftItem.permission)) continue;
+
+    await updatePermission(initialItem.permissionId, { permission: normalizePermission(draftItem.permission) });
   }
-});
+};
+
+const applyShareChanges = async (): Promise<ShareApplyResult> => {
+  if (!props.itemToShare) {
+    return { autoGeneratedPassword: null };
+  }
+
+  if (!publicLinkEnabled.value) {
+    if (initialShare.value?.shareLink) {
+      await deleteShare(initialShare.value.shareLink);
+      currentShareLink.value = '';
+    }
+    return { autoGeneratedPassword: null };
+  }
+
+  let shareLink = initialShare.value?.shareLink || '';
+  if (!shareLink) {
+    const created = await createShare({
+      resourceType: props.itemToShare.itemType,
+      resourceId: props.itemToShare.id,
+    });
+    shareLink = created.shareLink;
+    currentShareLink.value = created.shareLink;
+  }
+
+  if (initialShare.value && !hasSettingsChanged(initialShare.value, shareSettings.value)) {
+    return { autoGeneratedPassword: null };
+  }
+
+  const { payload, shouldAutoGeneratePassword } = buildShareSettingsPayload();
+  const updated = await updateShareSettings(shareLink, payload);
+  currentShareLink.value = updated.shareLink;
+  const issuedPassword = updated.settings.password?.trim() || '';
+  if (issuedPassword) {
+    shareSettings.value.password = issuedPassword;
+    settingsMessage.value = t('share.dialog.settings.passwordUpdated');
+  }
+  return {
+    autoGeneratedPassword: shouldAutoGeneratePassword && issuedPassword ? issuedPassword : null,
+  };
+};
+
+const handleDone = async () => {
+  if (isSubmitting.value) return;
+  settingsMessage.value = '';
+
+  if (initialShare.value?.shareLink && !publicLinkEnabled.value) {
+    const confirmed = await ui.confirm({
+      title: t('share.dialog.confirmRevoke.title'),
+      message: t('share.dialog.confirmRevoke.message'),
+      confirmText: t('share.dialog.confirmRevoke.confirm'),
+      danger: true,
+    });
+    if (!confirmed) return;
+  }
+
+  isSubmitting.value = true;
+  try {
+    await applyCollaboratorChanges();
+    const shareResult = await applyShareChanges();
+    if (shareResult.autoGeneratedPassword) {
+      await ui.copyText({
+        title: t('share.dialog.generatedPassword.title'),
+        message: t('share.dialog.generatedPassword.message'),
+        text: shareResult.autoGeneratedPassword,
+      });
+    }
+    emit('close');
+  } catch (error) {
+    console.error('Failed to submit share changes', error);
+    settingsMessage.value = t('share.dialog.settings.saveFailed');
+    await refreshDialogState();
+  } finally {
+    isSubmitting.value = false;
+  }
+};
+
+const handleClose = () => {
+  if (isSubmitting.value) return;
+  emit('close');
+};
+
+watch(
+  () => props.isVisible,
+  async (visible) => {
+    if (!visible) return;
+    await refreshDialogState();
+  },
+);
 
 watch(
   () => shareSettings.value.passwordProtected,
@@ -343,18 +409,19 @@ watch(
     }
   },
 );
+
 </script>
 
 <template>
   <transition name="modal-fade">
-    <div v-if="isVisible" class="modal-overlay" @click.self="$emit('close')">
-      <div class="modal-dialog">
+    <div v-if="isVisible" class="modal-overlay" @click.self="handleClose">
+      <div class="modal-dialog" :class="{ 'modal-dialog--busy': isSubmitting }">
         <header class="modal-header">
           <div>
             <h3 class="modal-title">{{ t('share.dialog.title').replace('{itemName}', itemToShare?.name || '') }}</h3>
             <p class="subtitle">{{ t('share.dialog.subtitle') }}</p>
           </div>
-          <button class="modal-close" @click="$emit('close')" :aria-label="t('share.dialog.close')">x</button>
+          <button class="modal-close" :disabled="isSubmitting" @click="handleClose" :aria-label="t('share.dialog.close')">x</button>
         </header>
 
         <div class="modal-body">
@@ -366,13 +433,14 @@ watch(
                 v-model="searchKeyword"
                 type="text"
                 :placeholder="t('share.dialog.searchPlaceholder')"
+                :disabled="isSubmitting"
                 @input="debouncedSearch(searchKeyword)"
               />
               <div v-if="isSearching" class="hint">{{ t('share.dialog.searching') }}</div>
             </div>
 
             <div v-if="searchResults.length" class="search-list">
-              <button v-for="result in searchResults" :key="`${result.type}-${result.id}`" class="search-item" @click="addCollaborator(result)">
+              <button v-for="result in searchResults" :key="`${result.type}-${result.id}`" class="search-item" :disabled="isSubmitting" @click="addCollaborator(result)">
                 <span>{{ result.name }}</span>
                 <small>{{ result.type === 'user' ? result.email : t('share.dialog.result.userGroup') }}</small>
               </button>
@@ -389,6 +457,7 @@ watch(
 
                 <select
                   :value="collaborator.permission"
+                  :disabled="isSubmitting"
                   @change="changePermission(collaborator, ($event.target as HTMLSelectElement).value as 'read' | 'write' | 'admin')"
                 >
                   <option value="read">{{ t('share.dialog.permission.read') }}</option>
@@ -396,7 +465,7 @@ watch(
                   <option value="admin">{{ t('share.dialog.permission.admin') }}</option>
                 </select>
 
-                <button class="remove-btn" @click="removeCollaborator(collaborator)">{{ t('share.dialog.remove') }}</button>
+                <button class="remove-btn" :disabled="isSubmitting" @click="removeCollaborator(collaborator)">{{ t('share.dialog.remove') }}</button>
               </div>
             </div>
           </section>
@@ -409,62 +478,58 @@ watch(
               </div>
 
               <label class="switch">
-                <input v-model="publicLinkEnabled" type="checkbox" :disabled="isCreatingShare" />
+                <input v-model="publicLinkEnabled" type="checkbox" :disabled="isSubmitting" />
                 <span class="slider" />
               </label>
             </div>
 
             <div v-if="publicLinkEnabled" class="public-content">
-              <div v-if="isCreatingShare" class="hint">{{ t('share.dialog.generatingLink') }}</div>
-              <template v-else>
+              <template v-if="currentShareLink">
                 <div class="link-row">
                   <input type="text" :value="publicLink" readonly />
-                  <button @click="copyLink">{{ t('share.dialog.copy') }}</button>
+                  <button :disabled="isSubmitting" @click="copyLink">{{ t('share.dialog.copy') }}</button>
                 </div>
-
-		                <div class="settings-grid">
-		                  <label class="setting-check">
-		                    <input v-model="shareSettings.passwordProtected" type="checkbox" />
-		                    <span>{{ t('share.dialog.passwordProtected') }}</span>
-		                  </label>
-		                  <div v-if="shareSettings.passwordProtected" class="password-row">
-		                    <input v-model="shareSettings.password" type="text" :placeholder="t('share.dialog.passwordPlaceholder')" />
-		                    <button type="button" class="ghost-btn" :disabled="isSavingSettings" @click="regeneratePassword">
-		                      {{ t('share.dialog.regenerate') }}
-		                    </button>
-		                    <button v-if="shareSettings.password" type="button" class="ghost-btn" @click="copyPassword">{{ t('share.dialog.copy') }}</button>
-		                  </div>
-		                  <label class="setting-check">
-		                    <input v-model="shareSettings.allowDownload" type="checkbox" />
-		                    <span>{{ t('share.dialog.allowDownload') }}</span>
-		                  </label>
-		                  <label class="setting-check">
-	                    <input v-model="shareSettings.allowPreview" type="checkbox" />
-	                    <span>{{ t('share.dialog.allowPreview') }}</span>
-	                  </label>
-
-	                  <div class="setting-date-row">
-	                    <label for="share-expire-date">{{ t('share.dialog.expireDate') }}</label>
-	                    <div class="date-input-wrap">
-	                      <input id="share-expire-date" v-model="shareSettings.expireAt" type="date" />
-	                      <button type="button" class="ghost-btn" @click="clearExpireDate">{{ t('share.dialog.clear') }}</button>
-	                    </div>
-	                  </div>
-	                </div>
-
-	                <div class="settings-actions">
-	                  <button class="save-btn" :disabled="isSavingSettings" @click="saveShareSettings">
-	                    {{ isSavingSettings ? t('share.dialog.saving') : t('share.dialog.saveSettings') }}
-	                  </button>
-	                  <span v-if="settingsMessage" class="hint">{{ settingsMessage }}</span>
-	                </div>
               </template>
+              <div v-else class="hint">{{ t('share.dialog.pendingApplyNotice') }}</div>
+
+              <div class="settings-grid">
+                <label class="setting-check">
+                  <input v-model="shareSettings.passwordProtected" type="checkbox" :disabled="isSubmitting" />
+                  <span>{{ t('share.dialog.passwordProtected') }}</span>
+                </label>
+                <div v-if="shareSettings.passwordProtected" class="password-row">
+                  <input v-model="shareSettings.password" type="text" :disabled="isSubmitting" :placeholder="t('share.dialog.passwordPlaceholder')" />
+                  <button v-if="shareSettings.password" type="button" class="ghost-btn" :disabled="isSubmitting" @click="copyPassword">
+                    {{ t('share.dialog.copy') }}
+                  </button>
+                </div>
+                <label class="setting-check">
+                  <input v-model="shareSettings.allowDownload" type="checkbox" :disabled="isSubmitting" />
+                  <span>{{ t('share.dialog.allowDownload') }}</span>
+                </label>
+                <label class="setting-check">
+                  <input v-model="shareSettings.allowPreview" type="checkbox" :disabled="isSubmitting" />
+                  <span>{{ t('share.dialog.allowPreview') }}</span>
+                </label>
+
+                <div class="setting-date-row">
+                  <label for="share-expire-date">{{ t('share.dialog.expireDate') }}</label>
+                  <div class="date-input-wrap">
+                    <input id="share-expire-date" v-model="shareSettings.expireAt" type="date" :disabled="isSubmitting" />
+                    <button type="button" class="ghost-btn" :disabled="isSubmitting" @click="clearExpireDate">{{ t('share.dialog.clear') }}</button>
+                  </div>
+                </div>
+              </div>
             </div>
           </section>
+          <span class="hint">{{ t('share.dialog.pendingApplyNotice') }}</span>
+          <span v-if="settingsMessage" class="hint">{{ settingsMessage }}</span>
         </div>
 
         <footer class="modal-footer">
-          <button class="done-btn" @click="$emit('close')">{{ t('share.dialog.done') }}</button>
+          <button class="done-btn" :disabled="isSubmitting" @click="handleDone">
+            {{ isSubmitting ? t('share.dialog.saving') : t('share.dialog.done') }}
+          </button>
         </footer>
       </div>
     </div>
@@ -493,6 +558,10 @@ watch(
   box-shadow: var(--shadow-xl);
 }
 
+.modal-dialog--busy {
+  cursor: progress;
+}
+
 .modal-header {
   display: flex;
   justify-content: space-between;
@@ -670,7 +739,6 @@ watch(
 }
 
 .link-row button,
-.save-btn,
 .ghost-btn {
   height: 36px;
   border-radius: 8px;
@@ -715,32 +783,20 @@ watch(
   padding: 0 10px;
 }
 
-	.settings-actions {
-	  display: flex;
-	  align-items: center;
-	  gap: 10px;
-	}
-
-	.password-row {
-	  display: grid;
-	  grid-template-columns: 1fr auto auto;
-	  gap: 8px;
-	}
-
-	.password-row input {
-	  height: 36px;
-	  border-radius: 8px;
-	  border: 1px solid var(--color-border);
-	  background-color: var(--color-bg-primary);
-	  padding: 0 10px;
-	  font-family: var(--font-family-mono);
-	  font-size: 12px;
-	}
-
-.save-btn {
-  border: none;
-  background-color: var(--color-primary);
-  color: var(--color-text-on-primary);
+.password-row {
+  display: grid;
+  grid-template-columns: 1fr auto;
+  gap: 8px;
+}
+
+.password-row input {
+  height: 36px;
+  border-radius: 8px;
+  border: 1px solid var(--color-border);
+  background-color: var(--color-bg-primary);
+  padding: 0 10px;
+  font-family: var(--font-family-mono);
+  font-size: 12px;
 }
 
 .modal-footer {
diff --git a/web/src/components/organisms/sharing/SharedLinksTable.spec.ts b/web/src/components/organisms/sharing/SharedLinksTable.spec.ts
index 2640ca2..9ad60e9 100644
--- a/web/src/components/organisms/sharing/SharedLinksTable.spec.ts
+++ b/web/src/components/organisms/sharing/SharedLinksTable.spec.ts
@@ -3,14 +3,31 @@ import { mount } from '../../../test/mount';
 import SharedLinksTable from './SharedLinksTable.vue';
 import type { Share } from '../../../types/share';
 
-const items: Share[] = [
-  {
-    shareId: 's1', shareLink: 'abc123', itemType: 'file',
+const makeShare = (overrides: Partial<Share> = {}): Share => {
+  const base: Share = {
+    shareId: 's1',
+    shareLink: 'abc123',
+    itemType: 'file',
     itemInfo: { id: 'f1', name: 'report.pdf', size: 1024, mimeType: 'application/pdf' },
     settings: { passwordProtected: false, expireAt: null, allowDownload: true, allowPreview: true },
-    createdAt: '2026-05-01T00:00:00Z', visitCount: 3, downloadCount: 1,
-  },
-];
+    createdAt: '2026-05-01T00:00:00Z',
+    visitCount: 3,
+    downloadCount: 1,
+  };
+  return {
+    ...base,
+    ...overrides,
+    itemInfo: { ...base.itemInfo, ...(overrides.itemInfo || {}) },
+    settings: { ...base.settings, ...(overrides.settings || {}) },
+  };
+};
+
+const plainShare = makeShare();
+const protectedShare = makeShare({
+  shareId: 's2',
+  shareLink: 'pw789',
+  settings: { passwordProtected: true, expireAt: null, allowDownload: true, allowPreview: true },
+});
 
 describe('SharedLinksTable', () => {
   beforeEach(() => {
@@ -18,18 +35,27 @@ describe('SharedLinksTable', () => {
   });
 
   it('renders rows', () => {
-    const w = mount(SharedLinksTable, { props: { items } });
+    const w = mount(SharedLinksTable, { props: { items: [plainShare, protectedShare] } });
     expect(w.text()).toContain('report.pdf');
     expect(w.text()).toContain('abc123');
+    expect(w.text()).toContain('pw789');
     expect(w.text()).toContain('3 / 1');
   });
 
   it('emits copy + delete', async () => {
-    const w = mount(SharedLinksTable, { props: { items } });
+    const w = mount(SharedLinksTable, { props: { items: [protectedShare] } });
     const buttons = w.findAll('button');
     await buttons.filter((b) => b.text().includes('Copy'))[0].trigger('click');
+    await buttons.filter((b) => b.text().includes('Reset & Show Password'))[0].trigger('click');
     await buttons.filter((b) => b.text().includes('Delete'))[0].trigger('click');
     expect(w.emitted('copy')).toBeTruthy();
+    expect(w.emitted('regenerate-password')).toBeTruthy();
     expect(w.emitted('delete')).toBeTruthy();
   });
+
+  it('shows regenerate button only for password protected links', () => {
+    const w = mount(SharedLinksTable, { props: { items: [plainShare, protectedShare] } });
+    const regenerateButtons = w.findAll('button').filter((button) => button.text().includes('Reset & Show Password'));
+    expect(regenerateButtons).toHaveLength(1);
+  });
 });
diff --git a/web/src/components/organisms/sharing/SharedLinksTable.vue b/web/src/components/organisms/sharing/SharedLinksTable.vue
index 75f231b..b4d1a64 100644
--- a/web/src/components/organisms/sharing/SharedLinksTable.vue
+++ b/web/src/components/organisms/sharing/SharedLinksTable.vue
@@ -9,6 +9,7 @@ defineProps<{ items: Share[] }>();
 defineEmits<{
   (e: 'copy', share: Share): void;
   (e: 'delete', share: Share): void;
+  (e: 'regenerate-password', share: Share): void;
 }>();
 
 const localeStore = useLocaleStore();
@@ -47,6 +48,14 @@ const formatItemType = (itemType: Share['itemType']) =>
 
       <div class="links-table__cell links-table__cell--action">
         <Button size="sm" variant="ghost" @click="$emit('copy', share)">{{ t('sharing.table.links.copy') }}</Button>
+        <Button
+          v-if="share.settings.passwordProtected"
+          size="sm"
+          variant="ghost"
+          @click="$emit('regenerate-password', share)"
+        >
+          {{ t('sharing.table.links.regeneratePassword') }}
+        </Button>
         <Button size="sm" variant="danger" @click="$emit('delete', share)">{{ t('sharing.table.links.delete') }}</Button>
       </div>
     </div>
@@ -58,7 +67,7 @@ const formatItemType = (itemType: Share['itemType']) =>
 .links-table__head,
 .links-table__row {
   display: grid;
-  grid-template-columns: 1.4fr 1fr 0.9fr 1.1fr 160px;
+  grid-template-columns: 1.4fr 1fr 0.9fr 1.1fr 270px;
   align-items: center;
   gap: 12px;
   padding: 0 12px;
diff --git a/web/src/composables/useSharingCenter.spec.ts b/web/src/composables/useSharingCenter.spec.ts
new file mode 100644
index 0000000..edafb8b
--- /dev/null
+++ b/web/src/composables/useSharingCenter.spec.ts
@@ -0,0 +1,174 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { computed, ref } from 'vue';
+import type { Share } from '../types/share';
+
+const {
+  getSharedItemsMock,
+  getSharesMock,
+  updateShareSettingsMock,
+  deleteShareMock,
+  acceptSharedItemMock,
+  confirmMock,
+  copyTextMock,
+  toastMock,
+} = vi.hoisted(() => ({
+  getSharedItemsMock: vi.fn(async () => ({
+    items: [],
+    pagination: { totalItems: 0, totalPages: 1, perPage: 50, currentPage: 1, hasPrev: false, hasNext: false },
+  })),
+  getSharesMock: vi.fn(async () => ({
+    items: [],
+    pagination: { totalItems: 0, totalPages: 1, perPage: 50, currentPage: 1, hasPrev: false, hasNext: false },
+  })),
+  updateShareSettingsMock: vi.fn(async (_shareLink?: string, _payload?: Record<string, unknown>): Promise<Share> => ({
+    shareId: 's1',
+    shareLink: 'abc123',
+    itemType: 'file',
+    itemInfo: { id: 'f1', name: 'report.pdf', size: 1024, mimeType: 'application/pdf', folderPath: '/My Files' },
+    settings: { passwordProtected: true, password: 'NEW-PASS', expireAt: null, allowDownload: true, allowPreview: true },
+    createdAt: '2026-05-24T00:00:00.000Z',
+  })),
+  deleteShareMock: vi.fn(async () => ({})),
+  acceptSharedItemMock: vi.fn(async () => ({})),
+  confirmMock: vi.fn(async () => true),
+  copyTextMock: vi.fn(async () => undefined),
+  toastMock: vi.fn(),
+}));
+
+vi.mock('../store/locale', () => ({
+  useLocaleStore: () => ({
+    t: (key: string) => key,
+  }),
+}));
+
+vi.mock('./useFileSelection', () => ({
+  useFileSelection: () => ({
+    selectedItems: ref(new Set<string>()),
+    selectedCount: computed(() => 0),
+    clear: vi.fn(),
+    clearSelection: vi.fn(),
+    toggleSelection: vi.fn(),
+    toggleAdd: vi.fn(),
+    selectRange: vi.fn(),
+    lastSelectedId: ref<string | null>(null),
+    isSelected: vi.fn(() => false),
+  }),
+}));
+
+vi.mock('../api/share', () => ({
+  getSharedItems: getSharedItemsMock,
+  getShares: getSharesMock,
+  updateShareSettings: updateShareSettingsMock,
+  deleteShare: deleteShareMock,
+  acceptSharedItem: acceptSharedItemMock,
+}));
+
+vi.mock('../utils/ui', () => ({
+  ui: {
+    confirm: confirmMock,
+    copyText: copyTextMock,
+    toast: toastMock,
+  },
+}));
+
+import { useSharingCenter } from './useSharingCenter';
+
+const makeShare = (overrides: Partial<Share> = {}): Share => {
+  const base: Share = {
+    shareId: 's1',
+    shareLink: 'abc123',
+    itemType: 'file',
+    itemInfo: { id: 'f1', name: 'report.pdf', size: 1024, mimeType: 'application/pdf' },
+    settings: { passwordProtected: true, expireAt: null, allowDownload: true, allowPreview: true },
+    createdAt: '2026-05-24T00:00:00.000Z',
+  };
+  return {
+    ...base,
+    ...overrides,
+    itemInfo: { ...base.itemInfo, ...(overrides.itemInfo || {}) },
+    settings: { ...base.settings, ...(overrides.settings || {}) },
+  };
+};
+
+describe('useSharingCenter regenerate password', () => {
+  beforeEach(() => {
+    getSharedItemsMock.mockClear();
+    getSharesMock.mockClear();
+    updateShareSettingsMock.mockClear();
+    deleteShareMock.mockClear();
+    acceptSharedItemMock.mockClear();
+    confirmMock.mockClear();
+    copyTextMock.mockClear();
+    toastMock.mockClear();
+  });
+
+  it('confirms, regenerates password, and shows it to the sharer', async () => {
+    confirmMock.mockResolvedValueOnce(true);
+    updateShareSettingsMock.mockResolvedValueOnce(makeShare({
+      settings: { passwordProtected: true, password: 'NEW-PASS-001', expireAt: null, allowDownload: true, allowPreview: true },
+    }));
+
+    const sharing = useSharingCenter();
+    const share = makeShare();
+    sharing.myShares.value = [share];
+
+    await sharing.regenerateAndShowPassword(share);
+
+    expect(confirmMock).toHaveBeenCalledTimes(1);
+    expect(updateShareSettingsMock).toHaveBeenCalledWith('abc123', {
+      passwordProtected: true,
+      regeneratePassword: true,
+    });
+    expect(copyTextMock).toHaveBeenCalledWith(expect.objectContaining({ text: 'NEW-PASS-001' }));
+    expect(toastMock).toHaveBeenCalledWith({
+      type: 'success',
+      message: 'sharing.toast.passwordRegenerated',
+    });
+  });
+
+  it('does not regenerate when user cancels confirmation', async () => {
+    confirmMock.mockResolvedValueOnce(false);
+
+    const sharing = useSharingCenter();
+    const share = makeShare();
+    await sharing.regenerateAndShowPassword(share);
+
+    expect(confirmMock).toHaveBeenCalledTimes(1);
+    expect(updateShareSettingsMock).not.toHaveBeenCalled();
+    expect(copyTextMock).not.toHaveBeenCalled();
+  });
+
+  it('shows error when api returns without new password', async () => {
+    confirmMock.mockResolvedValueOnce(true);
+    updateShareSettingsMock.mockResolvedValueOnce(makeShare({
+      settings: { passwordProtected: true, password: null, expireAt: null, allowDownload: true, allowPreview: true },
+    }));
+
+    const sharing = useSharingCenter();
+    const share = makeShare();
+    await sharing.regenerateAndShowPassword(share);
+
+    expect(copyTextMock).not.toHaveBeenCalled();
+    expect(toastMock).toHaveBeenCalledWith({
+      type: 'error',
+      message: 'sharing.toast.passwordRegenerateFailed',
+    });
+    expect(getSharesMock).toHaveBeenCalledTimes(1);
+  });
+
+  it('shows error and refreshes links when regenerate api fails', async () => {
+    confirmMock.mockResolvedValueOnce(true);
+    updateShareSettingsMock.mockRejectedValueOnce(new Error('boom'));
+
+    const sharing = useSharingCenter();
+    const share = makeShare();
+    await sharing.regenerateAndShowPassword(share);
+
+    expect(copyTextMock).not.toHaveBeenCalled();
+    expect(toastMock).toHaveBeenCalledWith({
+      type: 'error',
+      message: 'sharing.toast.passwordRegenerateFailed',
+    });
+    expect(getSharesMock).toHaveBeenCalledTimes(1);
+  });
+});
diff --git a/web/src/composables/useSharingCenter.ts b/web/src/composables/useSharingCenter.ts
index 762c06d..4721c5b 100644
--- a/web/src/composables/useSharingCenter.ts
+++ b/web/src/composables/useSharingCenter.ts
@@ -1,5 +1,5 @@
 import { computed, ref } from 'vue';
-import { acceptSharedItem, deleteShare, getSharedItems, getShares } from '../api/share';
+import { acceptSharedItem, deleteShare, getSharedItems, getShares, updateShareSettings } from '../api/share';
 import { useLocaleStore } from '../store/locale';
 import { useFileSelection } from './useFileSelection';
 import type { Share, SharedItem } from '../types/share';
@@ -80,8 +80,48 @@ export function useSharingCenter() {
     }
   };
 
+  const regenerateAndShowPassword = async (share: Share) => {
+    if (!share.settings.passwordProtected) return;
+
+    const ok = await ui.confirm({
+      title: t('sharing.confirm.regeneratePassword.title'),
+      message: t('sharing.confirm.regeneratePassword.message').replace('{shareLink}', share.shareLink),
+      confirmText: t('sharing.confirm.regeneratePassword.confirm'),
+      danger: true,
+    });
+    if (!ok) return;
+
+    try {
+      const updated = await updateShareSettings(share.shareLink, {
+        passwordProtected: true,
+        regeneratePassword: true,
+      });
+      const nextPassword = updated.settings.password?.trim() || '';
+      if (!nextPassword) {
+        ui.toast({ type: 'error', message: t('sharing.toast.passwordRegenerateFailed') });
+        await loadLinks();
+        return;
+      }
+      await ui.copyText({
+        title: t('sharing.passwordDialog.title'),
+        message: t('sharing.passwordDialog.message'),
+        text: nextPassword,
+      });
+      myShares.value = myShares.value.map((item) => {
+        if (item.shareId === updated.shareId) return updated;
+        if (item.shareLink === share.shareLink) return updated;
+        return item;
+      });
+      ui.toast({ type: 'success', message: t('sharing.toast.passwordRegenerated') });
+    } catch (e) {
+      console.error('Failed to regenerate share password', e);
+      ui.toast({ type: 'error', message: t('sharing.toast.passwordRegenerateFailed') });
+      await loadLinks();
+    }
+  };
+
   return {
     activeTab, isLoading, sharedItems, myShares, selection, showBatch,
-    loadData, switchTab, toggleAll, acceptOne, acceptSelected, removeShare, copyShare,
+    loadData, switchTab, toggleAll, acceptOne, acceptSelected, removeShare, copyShare, regenerateAndShowPassword,
   };
 }
diff --git a/web/src/i18n/messages.ts b/web/src/i18n/messages.ts
index 3480894..fd9228c 100644
--- a/web/src/i18n/messages.ts
+++ b/web/src/i18n/messages.ts
@@ -316,6 +316,7 @@ export type LocaleKey =
   | 'sharing.table.links.visitsDownloads'
   | 'sharing.table.links.createdAt'
   | 'sharing.table.links.copy'
+  | 'sharing.table.links.regeneratePassword'
   | 'sharing.table.links.delete'
   | 'sharing.batch.selected'
   | 'sharing.batch.acceptSelected'
@@ -323,11 +324,18 @@ export type LocaleKey =
   | 'sharing.confirm.deleteLink.title'
   | 'sharing.confirm.deleteLink.message'
   | 'sharing.confirm.deleteLink.confirm'
+  | 'sharing.confirm.regeneratePassword.title'
+  | 'sharing.confirm.regeneratePassword.message'
+  | 'sharing.confirm.regeneratePassword.confirm'
   | 'sharing.toast.linkDeleted'
   | 'sharing.toast.linkDeleteFailed'
   | 'sharing.toast.linkCopied'
+  | 'sharing.toast.passwordRegenerated'
+  | 'sharing.toast.passwordRegenerateFailed'
   | 'sharing.copyDialog.title'
   | 'sharing.copyDialog.message'
+  | 'sharing.passwordDialog.title'
+  | 'sharing.passwordDialog.message'
   | 'trash.page.title'
   | 'trash.page.description'
   | 'trash.page.clearBin'
@@ -431,6 +439,12 @@ export type LocaleKey =
   | 'share.dialog.copyLink.title'
   | 'share.dialog.copyLink.message'
   | 'share.dialog.publicHiddenNotice'
+  | 'share.dialog.pendingApplyNotice'
+  | 'share.dialog.confirmRevoke.title'
+  | 'share.dialog.confirmRevoke.message'
+  | 'share.dialog.confirmRevoke.confirm'
+  | 'share.dialog.generatedPassword.title'
+  | 'share.dialog.generatedPassword.message'
   | 'share.dialog.done'
   | 'move.dialog.title.single'
   | 'move.dialog.title.multiple'
@@ -868,6 +882,7 @@ export const LOCALE_MESSAGES: Record<AppLanguage, LocaleMessages> = {
     'sharing.table.links.visitsDownloads': '访问 / 下载',
     'sharing.table.links.createdAt': '创建时间',
     'sharing.table.links.copy': '复制',
+    'sharing.table.links.regeneratePassword': '重置并查看密码',
     'sharing.table.links.delete': '删除',
     'sharing.batch.selected': '已选',
     'sharing.batch.acceptSelected': '接收所选',
@@ -875,11 +890,18 @@ export const LOCALE_MESSAGES: Record<AppLanguage, LocaleMessages> = {
     'sharing.confirm.deleteLink.title': '删除共享链接',
     'sharing.confirm.deleteLink.message': '确定删除共享链接 {shareLink} 吗？',
     'sharing.confirm.deleteLink.confirm': '删除',
+    'sharing.confirm.regeneratePassword.title': '重置并查看密码',
+    'sharing.confirm.regeneratePassword.message': '确定重置共享链接 {shareLink} 的访问密码吗？旧密码将立即失效。',
+    'sharing.confirm.regeneratePassword.confirm': '确认重置',
     'sharing.toast.linkDeleted': '共享链接已删除。',
     'sharing.toast.linkDeleteFailed': '删除共享链接失败。',
     'sharing.toast.linkCopied': '共享链接已复制。',
+    'sharing.toast.passwordRegenerated': '已重置密码，请妥善保存新密码。',
+    'sharing.toast.passwordRegenerateFailed': '重置密码失败，请重试。',
     'sharing.copyDialog.title': '复制共享链接',
     'sharing.copyDialog.message': '剪贴板不可用，请手动复制此链接：',
+    'sharing.passwordDialog.title': '新共享密码',
+    'sharing.passwordDialog.message': '请立即保存该密码，旧密码已失效：',
     'trash.page.title': '回收站',
     'trash.page.description': '项目会保留最多 30 天，之后系统会自动清理。',
     'trash.page.clearBin': '清空回收站',
@@ -983,6 +1005,12 @@ export const LOCALE_MESSAGES: Record<AppLanguage, LocaleMessages> = {
     'share.dialog.copyLink.title': '复制链接',
     'share.dialog.copyLink.message': '剪贴板不可用，请手动复制此链接：',
     'share.dialog.publicHiddenNotice': '当前仅在弹窗中隐藏公开链接，已有链接仍保持可用。',
+    'share.dialog.pendingApplyNotice': '所有改动将在点击“完成”后生效。',
+    'share.dialog.confirmRevoke.title': '关闭公开链接',
+    'share.dialog.confirmRevoke.message': '继续操作将导致当前共享链接失效，确认继续吗？',
+    'share.dialog.confirmRevoke.confirm': '确认关闭',
+    'share.dialog.generatedPassword.title': '已生成共享密码',
+    'share.dialog.generatedPassword.message': '系统已自动生成密码，请先保存再关闭：',
     'share.dialog.done': '完成',
     'move.dialog.title.single': '移动“{itemName}”',
     'move.dialog.title.multiple': '移动 {count} 个项目',
@@ -1415,6 +1443,7 @@ export const LOCALE_MESSAGES: Record<AppLanguage, LocaleMessages> = {
     'sharing.table.links.visitsDownloads': 'Visits / Downloads',
     'sharing.table.links.createdAt': 'Created At',
     'sharing.table.links.copy': 'Copy',
+    'sharing.table.links.regeneratePassword': 'Reset & Show Password',
     'sharing.table.links.delete': 'Delete',
     'sharing.batch.selected': 'SELECTED',
     'sharing.batch.acceptSelected': 'Accept Selected',
@@ -1422,11 +1451,18 @@ export const LOCALE_MESSAGES: Record<AppLanguage, LocaleMessages> = {
     'sharing.confirm.deleteLink.title': 'Delete Share Link',
     'sharing.confirm.deleteLink.message': 'Delete share link {shareLink}?',
     'sharing.confirm.deleteLink.confirm': 'Delete',
+    'sharing.confirm.regeneratePassword.title': 'Reset and Show Password',
+    'sharing.confirm.regeneratePassword.message': 'Reset the password for share link {shareLink}? The old password will be invalid immediately.',
+    'sharing.confirm.regeneratePassword.confirm': 'Reset Password',
     'sharing.toast.linkDeleted': 'Share link deleted.',
     'sharing.toast.linkDeleteFailed': 'Failed to delete share link.',
     'sharing.toast.linkCopied': 'Share link copied.',
+    'sharing.toast.passwordRegenerated': 'Password reset successfully. Save the new password now.',
+    'sharing.toast.passwordRegenerateFailed': 'Failed to reset password.',
     'sharing.copyDialog.title': 'Copy Share Link',
     'sharing.copyDialog.message': 'Clipboard is unavailable. Copy this link manually:',
+    'sharing.passwordDialog.title': 'New Share Password',
+    'sharing.passwordDialog.message': 'Save this password now. The old password is no longer valid:',
     'trash.page.title': 'Recycle Bin',
     'trash.page.description': 'Items are kept for up to 30 days before automatic cleanup.',
     'trash.page.clearBin': 'Clear Bin',
@@ -1530,6 +1566,12 @@ export const LOCALE_MESSAGES: Record<AppLanguage, LocaleMessages> = {
     'share.dialog.copyLink.title': 'Copy Link',
     'share.dialog.copyLink.message': 'Clipboard is unavailable. Copy this link manually:',
     'share.dialog.publicHiddenNotice': 'Public link hidden in this dialog. Existing links are kept.',
+    'share.dialog.pendingApplyNotice': 'All changes will take effect only after you click "Done".',
+    'share.dialog.confirmRevoke.title': 'Disable Public Link',
+    'share.dialog.confirmRevoke.message': 'Continuing will invalidate this share link. Do you want to proceed?',
+    'share.dialog.confirmRevoke.confirm': 'Disable Link',
+    'share.dialog.generatedPassword.title': 'Generated Share Password',
+    'share.dialog.generatedPassword.message': 'A password was generated automatically. Save it before closing:',
     'share.dialog.done': 'Done',
     'move.dialog.title.single': 'Move "{itemName}"',
     'move.dialog.title.multiple': 'Move {count} items',
diff --git a/web/src/pages/shared/SharedWithMe.vue b/web/src/pages/shared/SharedWithMe.vue
index 8feb140..b87391e 100644
--- a/web/src/pages/shared/SharedWithMe.vue
+++ b/web/src/pages/shared/SharedWithMe.vue
@@ -36,7 +36,13 @@ onMounted(s.loadData);
     </template>
     <template v-else>
       <EmptyState v-if="!s.myShares.value.length" variant="empty" :message="t('sharing.empty.links')" />
-      <SharedLinksTable v-else :items="s.myShares.value" @copy="s.copyShare" @delete="s.removeShare" />
+      <SharedLinksTable
+        v-else
+        :items="s.myShares.value"
+        @copy="s.copyShare"
+        @delete="s.removeShare"
+        @regenerate-password="s.regenerateAndShowPassword"
+      />
     </template>
 
     <Transition name="bulk-bar">

From ef252f5353d5aa476a4c9bcb491d623421e7625e Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Sun, 24 May 2026 23:27:41 +0800
Subject: [PATCH 02/16] feat(storage): reactive storage stats with auto-refresh
 on file-tree change + user store schedule

---
 .../components/layout/StorageStatus.spec.ts   | 69 ++++++++++++++++
 web/src/components/layout/StorageStatus.vue   | 61 +++++++++++---
 .../shell/StorageStatusWidget.spec.ts         | 51 ++++++++++++
 .../organisms/shell/StorageStatusWidget.vue   | 27 +++++--
 web/src/store/user.spec.ts                    | 80 +++++++++++++++++++
 web/src/store/user.ts                         | 19 +++++
 6 files changed, 287 insertions(+), 20 deletions(-)
 create mode 100644 web/src/components/layout/StorageStatus.spec.ts
 create mode 100644 web/src/components/organisms/shell/StorageStatusWidget.spec.ts
 create mode 100644 web/src/store/user.spec.ts

diff --git a/web/src/components/layout/StorageStatus.spec.ts b/web/src/components/layout/StorageStatus.spec.ts
new file mode 100644
index 0000000..7a8db2d
--- /dev/null
+++ b/web/src/components/layout/StorageStatus.spec.ts
@@ -0,0 +1,69 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { ref } from 'vue';
+import { mount } from '../../test/mount';
+import type { StorageStats } from '../../types/user';
+
+const fetchStorageStatsMock = vi.fn(async () => undefined);
+const scheduleStorageStatsRefreshMock = vi.fn();
+const storageStatsRef = ref<StorageStats | null>(null);
+
+vi.mock('../../store/user', () => ({
+  useUserStore: () => ({
+    storageStats: storageStatsRef,
+    fetchStorageStats: () => fetchStorageStatsMock(),
+    scheduleStorageStatsRefresh: () => scheduleStorageStatsRefreshMock(),
+  }),
+}));
+
+import StorageStatus from './StorageStatus.vue';
+
+function buildStats(overrides: Partial<StorageStats> = {}): StorageStats {
+  return {
+    storageLimit: 1000,
+    storageUsed: 0,
+    storageAvailable: 1000,
+    storagePercentage: 0,
+    fileCount: 0,
+    folderCount: 0,
+    breakdown: {},
+    ...overrides,
+  };
+}
+
+describe('layout/StorageStatus', () => {
+  beforeEach(() => {
+    fetchStorageStatsMock.mockClear();
+    scheduleStorageStatsRefreshMock.mockClear();
+    storageStatsRef.value = null;
+  });
+
+  it('uses a minimum visible width when storage is non-zero but percentage is tiny', () => {
+    const wrapper = mount(StorageStatus, {
+      props: {
+        stats: buildStats({
+          storageUsed: 1,
+          storageLimit: 10_000,
+          storageAvailable: 9_999,
+          storagePercentage: 0.01,
+        }),
+      },
+    });
+    const style = wrapper.find('.progress-bar-fill').attributes('style');
+    expect(style).toContain('width: 1%;');
+  });
+
+  it('clamps and uses actual percentage for normal values', () => {
+    const wrapper = mount(StorageStatus, {
+      props: {
+        stats: buildStats({
+          storageUsed: 500,
+          storageLimit: 1000,
+          storageAvailable: 500,
+          storagePercentage: 145.3,
+        }),
+      },
+    });
+    const style = wrapper.find('.progress-bar-fill').attributes('style');
+    expect(style).toContain('width: 100%;');
+  });
+});
diff --git a/web/src/components/layout/StorageStatus.vue b/web/src/components/layout/StorageStatus.vue
index e91586c..b1cbc51 100644
--- a/web/src/components/layout/StorageStatus.vue
+++ b/web/src/components/layout/StorageStatus.vue
@@ -1,7 +1,8 @@
 <script setup lang="ts">
-import { ref, onMounted, computed, type PropType } from 'vue';
+import { ref, onMounted, onUnmounted, watch, computed, type PropType } from 'vue';
 import { useUserStore } from '../../store/user';
 import type { StorageStats } from '../../types/user';
+import { eventBus } from '../../utils/eventBus';
 
 const props = defineProps({
   stats: {
@@ -15,6 +16,20 @@ const localStats = ref<StorageStats | null>(null);
 const isLoading = ref(false);
 
 const storageData = computed(() => props.stats || localStats.value);
+const progressPercentage = computed(() => {
+  if (!storageData.value) return 0;
+  const raw = Number(storageData.value.storagePercentage);
+  if (!Number.isFinite(raw)) return 0;
+  return Math.min(100, Math.max(0, raw));
+});
+const progressWidthPercentage = computed(() => {
+  const stats = storageData.value;
+  if (!stats) return 0;
+  if (stats.storageUsed > 0 && progressPercentage.value > 0 && progressPercentage.value < 1) {
+    return 1;
+  }
+  return progressPercentage.value;
+});
 
 const formatBytes = (bytes: number, decimals = 2) => {
   if (bytes === 0) return '0 Bytes';
@@ -25,18 +40,38 @@ const formatBytes = (bytes: number, decimals = 2) => {
   return parseFloat((bytes / Math.pow(k, i)).toFixed(dm)) + ' ' + sizes[i];
 };
 
-onMounted(async () => {
-  if (!props.stats) {
-    isLoading.value = true;
-    try {
-      await userStore.fetchStorageStats();
-      localStats.value = userStore.storageStats;
-    } catch (error) {
-      console.error('Failed to load storage stats in component:', error);
-    } finally {
-      isLoading.value = false;
+watch(
+  () => userStore.storageStats,
+  (nextStats) => {
+    if (!props.stats) {
+      localStats.value = nextStats;
     }
+  },
+  { immediate: true },
+);
+
+function refreshStorageStats() {
+  userStore.scheduleStorageStatsRefresh();
+}
+
+onMounted(async () => {
+  eventBus.on('refresh-file-tree', refreshStorageStats);
+  if (props.stats) {
+    return;
   }
+  isLoading.value = true;
+  try {
+    await userStore.fetchStorageStats();
+    localStats.value = userStore.storageStats;
+  } catch (error) {
+    console.error('Failed to load storage stats in component:', error);
+  } finally {
+    isLoading.value = false;
+  }
+});
+
+onUnmounted(() => {
+  eventBus.off('refresh-file-tree', refreshStorageStats);
 });
 </script>
 
@@ -50,7 +85,7 @@ onMounted(async () => {
         <div class="progress-bar">
           <div 
             class="progress-bar-fill" 
-            :style="{ width: storageData.storagePercentage + '%' }"
+            :style="{ width: progressWidthPercentage + '%' }"
           ></div>
         </div>
       </div>
@@ -97,4 +132,4 @@ onMounted(async () => {
   color: var(--color-text-secondary);
   padding: var(--spacing-lg) 0;
 }
-</style> 
\ No newline at end of file
+</style> 
diff --git a/web/src/components/organisms/shell/StorageStatusWidget.spec.ts b/web/src/components/organisms/shell/StorageStatusWidget.spec.ts
new file mode 100644
index 0000000..73160b4
--- /dev/null
+++ b/web/src/components/organisms/shell/StorageStatusWidget.spec.ts
@@ -0,0 +1,51 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { ref } from 'vue';
+import { mount } from '../../../test/mount';
+import { eventBus } from '../../../utils/eventBus';
+import type { StorageStats } from '../../../types/user';
+
+const fetchStorageStatsMock = vi.fn(async () => undefined);
+const scheduleStorageStatsRefreshMock = vi.fn();
+const storageStatsRef = ref<StorageStats | null>(null);
+
+vi.mock('../../../store/user', () => ({
+  useUserStore: () => ({
+    storageStats: storageStatsRef,
+    fetchStorageStats: () => fetchStorageStatsMock(),
+    scheduleStorageStatsRefresh: () => scheduleStorageStatsRefreshMock(),
+  }),
+}));
+
+import StorageStatusWidget from './StorageStatusWidget.vue';
+
+describe('organisms/shell/StorageStatusWidget', () => {
+  beforeEach(() => {
+    fetchStorageStatsMock.mockClear();
+    scheduleStorageStatsRefreshMock.mockClear();
+    storageStatsRef.value = {
+      storageLimit: 1000,
+      storageUsed: 10,
+      storageAvailable: 990,
+      storagePercentage: 1,
+      fileCount: 1,
+      folderCount: 1,
+      breakdown: {},
+    };
+  });
+
+  it('fetches storage stats on mount', () => {
+    const wrapper = mount(StorageStatusWidget, { props: { collapsed: false } });
+    expect(fetchStorageStatsMock).toHaveBeenCalledTimes(1);
+    wrapper.unmount();
+  });
+
+  it('refreshes storage stats when file tree refresh event is emitted', async () => {
+    const wrapper = mount(StorageStatusWidget, { props: { collapsed: false } });
+    eventBus.emit('refresh-file-tree');
+    expect(scheduleStorageStatsRefreshMock).toHaveBeenCalledTimes(1);
+
+    wrapper.unmount();
+    eventBus.emit('refresh-file-tree');
+    expect(scheduleStorageStatsRefreshMock).toHaveBeenCalledTimes(1);
+  });
+});
diff --git a/web/src/components/organisms/shell/StorageStatusWidget.vue b/web/src/components/organisms/shell/StorageStatusWidget.vue
index 64fea2f..79f74e8 100644
--- a/web/src/components/organisms/shell/StorageStatusWidget.vue
+++ b/web/src/components/organisms/shell/StorageStatusWidget.vue
@@ -1,18 +1,22 @@
 <script setup lang="ts">
-import { computed, onMounted, ref } from 'vue';
-import { getStorageStats } from '../../../api/user';
-import type { StorageStats } from '../../../types/user';
+import { computed, onMounted, onUnmounted } from 'vue';
+import { useUserStore } from '../../../store/user';
+import { eventBus } from '../../../utils/eventBus';
 import Text from '../../atoms/Text.vue';
 import MonoNumber from '../../atoms/MonoNumber.vue';
 import Bar from '../../atoms/Bar.vue';
 
 defineProps<{ collapsed: boolean }>();
 
-const storage = ref<StorageStats | null>(null);
+const userStore = useUserStore();
+const storage = computed(() => userStore.storageStats);
 
 const pct = computed(() => {
-  if (!storage.value || storage.value.storageLimit === 0) return 0;
-  return Math.min(1, storage.value.storageUsed / storage.value.storageLimit);
+  if (!storage.value) return 0;
+  const rawPercentage = Number(storage.value.storagePercentage);
+  if (!Number.isFinite(rawPercentage)) return 0;
+  const clamped = Math.min(100, Math.max(0, rawPercentage));
+  return clamped / 100;
 });
 const pctLabel = computed(() => Math.round(pct.value * 100));
 
@@ -24,8 +28,17 @@ function fmt(bytes: number, decimals = 1) {
   return `${parseFloat((bytes / Math.pow(k, i)).toFixed(decimals < 0 ? 0 : decimals))} ${sizes[i]}`;
 }
 
+function refreshStorageStats() {
+  userStore.scheduleStorageStatsRefresh();
+}
+
 onMounted(() => {
-  getStorageStats().then(s => storage.value = s);
+  void userStore.fetchStorageStats();
+  eventBus.on('refresh-file-tree', refreshStorageStats);
+});
+
+onUnmounted(() => {
+  eventBus.off('refresh-file-tree', refreshStorageStats);
 });
 </script>
 
diff --git a/web/src/store/user.spec.ts b/web/src/store/user.spec.ts
new file mode 100644
index 0000000..5f5376e
--- /dev/null
+++ b/web/src/store/user.spec.ts
@@ -0,0 +1,80 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { createPinia, setActivePinia } from 'pinia';
+
+const loginMock = vi.fn();
+const getProfileMock = vi.fn();
+const getStorageStatsMock = vi.fn();
+const refreshTokenMock = vi.fn();
+const logoutMock = vi.fn();
+const updatePreferenceMock = vi.fn();
+const setLocaleMock = vi.fn();
+
+vi.mock('../api/user', () => ({
+  login: (...args: unknown[]) => loginMock(...args),
+  getProfile: (...args: unknown[]) => getProfileMock(...args),
+  getStorageStats: (...args: unknown[]) => getStorageStatsMock(...args),
+  refreshToken: (...args: unknown[]) => refreshTokenMock(...args),
+  logout: (...args: unknown[]) => logoutMock(...args),
+  updatePreference: (...args: unknown[]) => updatePreferenceMock(...args),
+}));
+
+vi.mock('./locale', () => ({
+  useLocaleStore: () => ({
+    setLocale: (...args: unknown[]) => setLocaleMock(...args),
+  }),
+}));
+
+import { useUserStore } from './user';
+
+describe('store/user', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia());
+    localStorage.clear();
+    vi.useRealTimers();
+    loginMock.mockReset();
+    getProfileMock.mockReset();
+    getStorageStatsMock.mockReset();
+    refreshTokenMock.mockReset();
+    logoutMock.mockReset();
+    updatePreferenceMock.mockReset();
+    setLocaleMock.mockReset();
+  });
+
+  it('debounces storage stats refresh requests', async () => {
+    vi.useFakeTimers();
+    const store = useUserStore();
+    store.setToken('token-1');
+    store.setUser({
+      userId: 'u-1',
+      username: 'demo',
+      email: 'demo@example.com',
+      storageLimit: 1000,
+      storageUsed: 0,
+      emailVerified: true,
+      createdAt: '2026-05-24T00:00:00Z',
+    });
+    getStorageStatsMock.mockResolvedValue({
+      storageLimit: 1000,
+      storageUsed: 10,
+      storageAvailable: 990,
+      storagePercentage: 1,
+      fileCount: 1,
+      folderCount: 1,
+      breakdown: {},
+    });
+
+    store.scheduleStorageStatsRefresh(200);
+    store.scheduleStorageStatsRefresh(200);
+    store.scheduleStorageStatsRefresh(200);
+
+    vi.advanceTimersByTime(199);
+    await Promise.resolve();
+    expect(getStorageStatsMock).toHaveBeenCalledTimes(0);
+
+    vi.advanceTimersByTime(1);
+    await Promise.resolve();
+    await Promise.resolve();
+    expect(getStorageStatsMock).toHaveBeenCalledTimes(1);
+    expect(store.storageStats?.storageUsed).toBe(10);
+  });
+});
diff --git a/web/src/store/user.ts b/web/src/store/user.ts
index dce347a..474c475 100644
--- a/web/src/store/user.ts
+++ b/web/src/store/user.ts
@@ -37,6 +37,7 @@ export const useUserStore = defineStore('user', () => {
   const token = ref<string | null>(localStorage.getItem('authToken'));
   const user = ref<UserProfile | User | null>(loadStoredUser());
   const storageStats = ref<StorageStats | null>(null);
+  let storageRefreshTimer: ReturnType<typeof setTimeout> | null = null;
 
   const isAuthenticated = computed(() => !!token.value);
   const isAdmin = computed(() => user.value?.role === 'admin');
@@ -120,6 +121,19 @@ export const useUserStore = defineStore('user', () => {
     }
   }
 
+  function scheduleStorageStatsRefresh(delayMs = 250) {
+    if (!isAuthenticated.value || user.value?.emailVerified === false) {
+      return;
+    }
+    if (storageRefreshTimer !== null) {
+      clearTimeout(storageRefreshTimer);
+    }
+    storageRefreshTimer = setTimeout(() => {
+      storageRefreshTimer = null;
+      void fetchStorageStats();
+    }, delayMs);
+  }
+
   /**
    * Refresh the access token
    * @returns The refresh token response
@@ -155,6 +169,10 @@ export const useUserStore = defineStore('user', () => {
 
   function logout() {
     apiLogout().catch(() => undefined);
+    if (storageRefreshTimer !== null) {
+      clearTimeout(storageRefreshTimer);
+      storageRefreshTimer = null;
+    }
     setToken(null);
     setUser(null);
     storageStats.value = null;
@@ -185,5 +203,6 @@ export const useUserStore = defineStore('user', () => {
     updatePreference,
     fetchUserProfile,
     fetchStorageStats,
+    scheduleStorageStatsRefresh,
   };
 });

From f0891cc5172971bfab35cdf1adab71b3f133ea1c Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Sun, 24 May 2026 23:28:13 +0800
Subject: [PATCH 03/16] chore(config): add upload_verify_merged_object_hash
 toggle, bump single file size max to 20GB

---
 app/.env.example                   | 3 ++-
 app/src/fileflash/core/settings.py | 1 +
 app/tests/test_settings.py         | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/.env.example b/app/.env.example
index b466c14..b61de2d 100644
--- a/app/.env.example
+++ b/app/.env.example
@@ -25,7 +25,8 @@ OBJECT_STORAGE_SECURE=false
 UPLOAD_CHUNK_SIZE_DEFAULT=5242880
 UPLOAD_CHUNK_SIZE_MIN=1048576
 UPLOAD_CHUNK_SIZE_MAX=16777216
-UPLOAD_SINGLE_FILE_SIZE_MAX=5368709120
+UPLOAD_SINGLE_FILE_SIZE_MAX=21474836480
+UPLOAD_VERIFY_MERGED_OBJECT_HASH=false
 STARRED_ITEMS_LIMIT=20
 UPLOAD_SESSION_TTL_HOURS=24
 UPLOAD_TEMP_PREFIX=tmp
diff --git a/app/src/fileflash/core/settings.py b/app/src/fileflash/core/settings.py
index bc7e066..f5d4a47 100644
--- a/app/src/fileflash/core/settings.py
+++ b/app/src/fileflash/core/settings.py
@@ -72,6 +72,7 @@ class Settings(BaseSettings):
     upload_chunk_size_min: int = Field(default=1 * 1024 * 1024, alias="UPLOAD_CHUNK_SIZE_MIN")
     upload_chunk_size_max: int = Field(default=16 * 1024 * 1024, alias="UPLOAD_CHUNK_SIZE_MAX")
     upload_single_file_size_max: int = Field(default=5 * 1024 * 1024 * 1024, alias="UPLOAD_SINGLE_FILE_SIZE_MAX")
+    upload_verify_merged_object_hash: bool = Field(default=False, alias="UPLOAD_VERIFY_MERGED_OBJECT_HASH")
     starred_items_limit: int = Field(default=20, alias="STARRED_ITEMS_LIMIT")
     upload_session_ttl_hours: int = Field(default=24, alias="UPLOAD_SESSION_TTL_HOURS")
     upload_temp_prefix: str = Field(default="tmp", alias="UPLOAD_TEMP_PREFIX")
diff --git a/app/tests/test_settings.py b/app/tests/test_settings.py
index de26b55..81ea223 100644
--- a/app/tests/test_settings.py
+++ b/app/tests/test_settings.py
@@ -14,6 +14,8 @@ def test_upload_related_settings_defaults():
     settings = Settings(FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash")
     assert settings.object_storage_bucket == "fileflash"
     assert settings.upload_chunk_size_default == 5 * 1024 * 1024
+    assert settings.upload_single_file_size_max == 20 * 1024 * 1024 * 1024
+    assert settings.upload_verify_merged_object_hash is False
     assert settings.upload_session_ttl_seconds == 24 * 3600
     assert settings.starred_items_limit == 20
     assert settings.worker_process_count == 1
@@ -57,6 +59,7 @@ def test_verify_base_url_defaults_to_localhost_in_development():
     settings = Settings(
         FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
         APP_ENV="development",
+        EMAIL_VERIFY_BASE_URL="",
     )
     assert settings.normalized_email_verify_base_url == "http://localhost:8080"
 

From bdb1a811f020ee49e30743ba69de6cd75cd5e027 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Sun, 24 May 2026 23:28:37 +0800
Subject: [PATCH 04/16] feat(admin): wire hash_computation_enabled to
 upload_verify_merged_object_hash setting

---
 app/src/fileflash/services/admin/system.py |  2 +-
 app/tests/test_admin_system_service.py     | 37 ++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 app/tests/test_admin_system_service.py

diff --git a/app/src/fileflash/services/admin/system.py b/app/src/fileflash/services/admin/system.py
index 629018a..1cbbffe 100644
--- a/app/src/fileflash/services/admin/system.py
+++ b/app/src/fileflash/services/admin/system.py
@@ -39,7 +39,7 @@ async def health(self) -> SystemHealth:
             virus_scan_enabled=bool(getattr(self.settings, "virus_scan_enabled", False)),
             thumbnail_generation_enabled=bool(getattr(self.settings, "thumbnail_generation_enabled", True)),
             registration_mail_enabled=bool(self.settings.mail_server and self.settings.mail_from),
-            hash_computation_enabled=True,
+            hash_computation_enabled=bool(self.settings.upload_verify_merged_object_hash),
             last_updated_at=datetime.now(UTC),
         )
 
diff --git a/app/tests/test_admin_system_service.py b/app/tests/test_admin_system_service.py
new file mode 100644
index 0000000..f5cbe7c
--- /dev/null
+++ b/app/tests/test_admin_system_service.py
@@ -0,0 +1,37 @@
+from __future__ import annotations
+
+import pytest
+
+from fileflash.core.settings import Settings
+from fileflash.services.admin.system import AdminSystemService
+
+
+class DummySession:
+    async def scalar(self, _query: object) -> int:
+        return 0
+
+
+def make_settings(**overrides: object) -> Settings:
+    payload = {
+        "FF_DB_URI": "postgresql://root:pwd@localhost:5432/fileflash",
+        "JWT_SECRET_KEY": "unit-test-secret-key-1234567890abcd",
+    }
+    payload.update(overrides)
+    return Settings(**payload)
+
+
+@pytest.mark.asyncio
+async def test_health_hash_computation_enabled_follows_settings() -> None:
+    disabled_service = AdminSystemService(
+        db=DummySession(),
+        settings=make_settings(UPLOAD_VERIFY_MERGED_OBJECT_HASH=False),
+    )
+    disabled_health = await disabled_service.health()
+    assert disabled_health.hash_computation_enabled is False
+
+    enabled_service = AdminSystemService(
+        db=DummySession(),
+        settings=make_settings(UPLOAD_VERIFY_MERGED_OBJECT_HASH=True),
+    )
+    enabled_health = await enabled_service.health()
+    assert enabled_health.hash_computation_enabled is True

From a3294d6dcae9794383cfc69e1dba270438d9e9ef Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Sun, 24 May 2026 23:29:00 +0800
Subject: [PATCH 05/16] feat(transcode): force stereo audio output +
 deterministic ffmpeg error classification

---
 app/src/fileflash/tasks/transcode.py | 34 +++++++++++++++++++-
 app/tests/test_tasks_transcode.py    | 48 +++++++++++++++++++++++++++-
 2 files changed, 80 insertions(+), 2 deletions(-)

diff --git a/app/src/fileflash/tasks/transcode.py b/app/src/fileflash/tasks/transcode.py
index 31632a9..adbfa7f 100644
--- a/app/src/fileflash/tasks/transcode.py
+++ b/app/src/fileflash/tasks/transcode.py
@@ -13,6 +13,11 @@
 from ..s3.minio_client import MinioObjectStorageClient
 
 TRANSCODE_PROFILE_VERSION = "mp4-v1"
+_FFMPEG_DETERMINISTIC_ERROR_PATTERNS = (
+    "unsupported channel layout",
+    "error while opening encoder",
+    "could not open encoder before eof",
+)
 
 
 @dataclass(slots=True)
@@ -182,6 +187,8 @@ def build_ffmpeg_command(
                 audio_codec,
                 "-b:a",
                 f"{audio_bitrate}k",
+                "-ac",
+                "2",
                 "-map",
                 "0:v:0",
                 "-map",
@@ -196,6 +203,8 @@ def build_ffmpeg_command(
                 "aac",
                 "-b:a",
                 f"{audio_bitrate}k",
+                "-ac",
+                "2",
                 "-movflags",
                 "+faststart",
                 "-map",
@@ -279,10 +288,33 @@ def _run_command(command: list[str], *, timeout_seconds: int) -> subprocess.Comp
         raise RuntimeError(f"Binary not found for command: {command[0]}") from exc
     if result.returncode != 0:
         stderr = (result.stderr or "").strip()
-        raise RuntimeError(f"Command failed ({result.returncode}): {' '.join(command)} | {stderr}")
+        error_message = f"Command failed ({result.returncode}): {' '.join(command)} | {stderr}"
+        if _is_deterministic_ffmpeg_failure(command=command, stderr=stderr):
+            raise ValueError(error_message)
+        raise RuntimeError(error_message)
     return result
 
 
+def _is_deterministic_ffmpeg_failure(*, command: list[str], stderr: str) -> bool:
+    if not command:
+        return False
+
+    binary_name = Path(command[0]).name.lower()
+    if "ffmpeg" not in binary_name:
+        return False
+
+    stderr_text = stderr.lower()
+    if any(pattern in stderr_text for pattern in _FFMPEG_DETERMINISTIC_ERROR_PATTERNS):
+        return True
+
+    if "invalid argument" in stderr_text and (
+        "enc:aac" in stderr_text or "aac @" in stderr_text or "channel layout" in stderr_text
+    ):
+        return True
+
+    return False
+
+
 def _run_async(awaitable: Any) -> Any:
     return asyncio.run(awaitable)
 
diff --git a/app/tests/test_tasks_transcode.py b/app/tests/test_tasks_transcode.py
index 63ad82a..3998257 100644
--- a/app/tests/test_tasks_transcode.py
+++ b/app/tests/test_tasks_transcode.py
@@ -5,7 +5,9 @@
 from pathlib import Path
 from types import SimpleNamespace
 
-from fileflash.tasks.transcode import build_ffmpeg_command, run_media_transcode
+import pytest
+
+from fileflash.tasks.transcode import _run_command, build_ffmpeg_command, run_media_transcode
 
 
 def test_build_ffmpeg_command_for_video_contains_profile_flags():
@@ -24,9 +26,53 @@ def test_build_ffmpeg_command_for_video_contains_profile_flags():
     assert "+faststart" in command
     assert "-pix_fmt" in command
     assert "yuv420p" in command
+    assert "-ac" in command
+    assert command[command.index("-ac") + 1] == "2"
     assert command[-1] == "output.mp4"
 
 
+def test_build_ffmpeg_command_for_audio_forces_stereo():
+    command = build_ffmpeg_command(
+        input_path=Path("input.wav"),
+        output_path=Path("output.m4a"),
+        media_type="audio",
+        ffmpeg_binary="ffmpeg",
+        payload={},
+    )
+
+    assert command[:4] == ["ffmpeg", "-y", "-i", "input.wav"]
+    assert "-vn" in command
+    assert "-c:a" in command
+    assert "-ac" in command
+    assert command[command.index("-ac") + 1] == "2"
+    assert command[-1] == "output.m4a"
+
+
+def test_run_command_raises_value_error_for_deterministic_ffmpeg_encoder_failure(monkeypatch):
+    def fake_run(
+        command: list[str],
+        *,
+        check: bool,
+        capture_output: bool,
+        text: bool,
+        timeout: int,
+    ) -> subprocess.CompletedProcess[str]:
+        _ = (check, capture_output, text, timeout)
+        return subprocess.CompletedProcess(
+            command,
+            returncode=1,
+            stdout="",
+            stderr='[aac @ 0000020b7eff3d00] Unsupported channel layout "6 channels"\n'
+            "Error while opening encoder - maybe incorrect parameters\n"
+            "[af#0:1 @ 0000020b003fde00] Task finished with error code: -22 (Invalid argument)",
+        )
+
+    monkeypatch.setattr("fileflash.tasks.transcode.subprocess.run", fake_run)
+
+    with pytest.raises(ValueError, match="Command failed"):
+        _run_command(["ffmpeg", "-i", "input.mp4", "output.mp4"], timeout_seconds=30)
+
+
 def test_run_media_transcode_storage_mode_with_mocked_subprocess(monkeypatch, tmp_path: Path):
     source_probe = {
         "streams": [{"codec_type": "audio", "codec_name": "pcm_s16le", "sample_rate": "44100"}],

From 4d8c19c2f337498d0ac263a96e67154f2fed2f0d Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Sun, 24 May 2026 23:29:23 +0800
Subject: [PATCH 06/16] feat(ui): add showCancelButton option to PromptDialog +
 auto-select root folder in SelectFolderDialog

---
 .../components/common/PromptDialog.spec.ts    | 50 +++++++++++
 web/src/components/common/PromptDialog.vue    |  2 +-
 .../common/SelectFolderDialog.spec.ts         | 89 +++++++++++++++++++
 .../components/common/SelectFolderDialog.vue  |  7 +-
 web/src/utils/ui.ts                           |  3 +
 5 files changed, 148 insertions(+), 3 deletions(-)
 create mode 100644 web/src/components/common/PromptDialog.spec.ts
 create mode 100644 web/src/components/common/SelectFolderDialog.spec.ts

diff --git a/web/src/components/common/PromptDialog.spec.ts b/web/src/components/common/PromptDialog.spec.ts
new file mode 100644
index 0000000..e0b4377
--- /dev/null
+++ b/web/src/components/common/PromptDialog.spec.ts
@@ -0,0 +1,50 @@
+import { afterEach, describe, expect, it } from 'vitest';
+import { nextTick } from 'vue';
+import { mount } from '../../test/mount';
+import PromptDialog from './PromptDialog.vue';
+import { ui, uiState } from '../../utils/ui';
+
+const flush = async () => {
+  await Promise.resolve();
+  await nextTick();
+  await Promise.resolve();
+};
+
+describe('PromptDialog', () => {
+  afterEach(() => {
+    uiState.prompt = null;
+  });
+
+  it('shows one footer close button for copyText flow and keeps top-right close button', async () => {
+    const wrapper = mount(PromptDialog);
+    const pending = ui.copyText({
+      title: 'Generated Password',
+      message: 'Copy this password:',
+      text: 'AUTO-112233',
+    });
+    await flush();
+
+    expect(wrapper.find('.modal-close').exists()).toBe(true);
+    const footerButtons = wrapper.findAll('.modal-footer .btn');
+    expect(footerButtons).toHaveLength(1);
+    expect(footerButtons[0]?.text()).toBe('Close');
+
+    await wrapper.find('.modal-close').trigger('click');
+    await pending;
+    expect(uiState.prompt).toBeNull();
+  });
+
+  it('keeps cancel + confirm buttons for normal promptText flow', async () => {
+    const wrapper = mount(PromptDialog);
+    const pending = ui.promptText({ message: 'Type value' });
+    await flush();
+
+    const footerButtons = wrapper.findAll('.modal-footer .btn');
+    expect(footerButtons).toHaveLength(2);
+    expect(footerButtons[0]?.text()).toBe('Cancel');
+    expect(footerButtons[1]?.text()).toBe('Confirm');
+
+    await footerButtons[1]!.trigger('click');
+    await expect(pending).resolves.toBe('');
+  });
+});
diff --git a/web/src/components/common/PromptDialog.vue b/web/src/components/common/PromptDialog.vue
index af6a814..707f7fd 100644
--- a/web/src/components/common/PromptDialog.vue
+++ b/web/src/components/common/PromptDialog.vue
@@ -42,7 +42,7 @@ const handleConfirm = () => {
           />
         </div>
         <footer class="modal-footer">
-          <button class="btn btn-secondary" @click="handleClose">{{ active.cancelText }}</button>
+          <button v-if="active.showCancelButton" class="btn btn-secondary" @click="handleClose">{{ active.cancelText }}</button>
           <button class="btn" :class="active.danger ? 'btn-danger' : 'btn-primary'" @click="handleConfirm">
             {{ active.confirmText }}
           </button>
diff --git a/web/src/components/common/SelectFolderDialog.spec.ts b/web/src/components/common/SelectFolderDialog.spec.ts
new file mode 100644
index 0000000..9b431b4
--- /dev/null
+++ b/web/src/components/common/SelectFolderDialog.spec.ts
@@ -0,0 +1,89 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { nextTick } from 'vue';
+import { mount } from '../../test/mount';
+import SelectFolderDialog from './SelectFolderDialog.vue';
+
+const { getFolderContentsMock } = vi.hoisted(() => ({
+  getFolderContentsMock: vi.fn(async () => ({
+    items: [],
+    pagination: {
+      totalItems: 0,
+      totalPages: 1,
+      perPage: 20,
+      currentPage: 1,
+      hasPrev: false,
+      hasNext: false,
+    },
+  })),
+}));
+
+vi.mock('../../api/folder', () => ({
+  getFolderContents: getFolderContentsMock,
+}));
+
+const flush = async () => {
+  await Promise.resolve();
+  await nextTick();
+  await Promise.resolve();
+};
+
+describe('SelectFolderDialog', () => {
+  beforeEach(() => {
+    localStorage.setItem('fileflash-locale', 'en-US');
+    getFolderContentsMock.mockClear();
+  });
+
+  it('shows and preselects root when there are no subfolders, then confirms root', async () => {
+    getFolderContentsMock.mockResolvedValueOnce({
+      items: [],
+      pagination: {
+        totalItems: 0,
+        totalPages: 1,
+        perPage: 20,
+        currentPage: 1,
+        hasPrev: false,
+        hasNext: false,
+      },
+    });
+
+    const wrapper = mount(SelectFolderDialog, {
+      props: {
+        isVisible: true,
+        title: 'Save to My Space',
+        confirmText: 'Save Here',
+      },
+    });
+    await flush();
+
+    const rootRow = wrapper.find('.root-folder-item');
+    expect(rootRow.exists()).toBe(true);
+    expect(rootRow.classes()).toContain('selected');
+
+    const confirmButton = wrapper.find('.btn-primary');
+    expect(confirmButton.attributes('disabled')).toBeUndefined();
+    await confirmButton.trigger('click');
+
+    expect(wrapper.emitted('confirm')).toBeTruthy();
+    expect(wrapper.emitted('confirm')?.[0]).toEqual(['root']);
+  });
+
+  it('keeps root selectable when folder loading fails', async () => {
+    getFolderContentsMock.mockRejectedValueOnce(new Error('network'));
+
+    const wrapper = mount(SelectFolderDialog, {
+      props: {
+        isVisible: true,
+        title: 'Save to My Space',
+        confirmText: 'Save Here',
+      },
+    });
+    await flush();
+
+    expect(wrapper.find('.root-folder-item').exists()).toBe(true);
+    expect(wrapper.find('.root-folder-item').classes()).toContain('selected');
+    await wrapper.find('.btn-primary').trigger('click');
+
+    expect(wrapper.emitted('confirm')).toBeTruthy();
+    expect(wrapper.emitted('confirm')?.[0]).toEqual(['root']);
+  });
+});
diff --git a/web/src/components/common/SelectFolderDialog.vue b/web/src/components/common/SelectFolderDialog.vue
index e5b470d..7a1fc1e 100644
--- a/web/src/components/common/SelectFolderDialog.vue
+++ b/web/src/components/common/SelectFolderDialog.vue
@@ -19,7 +19,7 @@ const t = localeStore.t;
 
 const rootFolders = ref<FolderItem[]>([]);
 const isLoading = ref(false);
-const selectedFolderId = ref<string | null>(null);
+const selectedFolderId = ref<string | null>(props.isVisible ? 'root' : null);
 
 const fetchRootFolders = async () => {
   if (rootFolders.value.length > 0) return;
@@ -46,6 +46,9 @@ onMounted(fetchRootFolders);
 
 watch(() => props.isVisible, (visible) => {
   if (visible) {
+    selectedFolderId.value = 'root';
+    void fetchRootFolders();
+  } else {
     selectedFolderId.value = null;
   }
 });
@@ -75,7 +78,6 @@ const handleConfirm = () => {
           <p class="prompt">{{ t('move.dialog.prompt') }}</p>
           <div class="folder-tree-container">
             <div v-if="isLoading" class="loading-indicator">{{ t('move.dialog.loading') }}</div>
-            <div v-else-if="rootFolders.length === 0" class="empty-state">{{ t('move.dialog.empty') }}</div>
             <div v-else>
               <div
                 class="root-folder-item"
@@ -84,6 +86,7 @@ const handleConfirm = () => {
               >
                 {{ t('move.dialog.root') }}
               </div>
+              <div v-if="rootFolders.length === 0" class="empty-state">{{ t('move.dialog.empty') }}</div>
               <FolderTreeNode
                 v-for="folder in rootFolders"
                 :key="folder.id"
diff --git a/web/src/utils/ui.ts b/web/src/utils/ui.ts
index d4d0612..feed8f9 100644
--- a/web/src/utils/ui.ts
+++ b/web/src/utils/ui.ts
@@ -14,6 +14,7 @@ export interface PromptOptions extends ConfirmOptions {
   placeholder?: string;
   defaultValue?: string;
   readonly?: boolean;
+  showCancelButton?: boolean;
   confirmText?: string;
   cancelText?: string;
 }
@@ -80,6 +81,7 @@ export const ui = {
         placeholder: normalized.placeholder || '',
         defaultValue: normalized.defaultValue || '',
         readonly: Boolean(normalized.readonly),
+        showCancelButton: normalized.showCancelButton !== false,
         confirmText: normalized.confirmText || 'Confirm',
         cancelText: normalized.cancelText || 'Cancel',
         danger: Boolean(normalized.danger),
@@ -98,6 +100,7 @@ export const ui = {
       message: normalized.message || 'Clipboard is unavailable. Copy text manually:',
       defaultValue: normalized.text,
       readonly: true,
+      showCancelButton: false,
       confirmText: 'Close',
       cancelText: 'Close',
     });

From 28b201e3af16330a54f91eabfc0653bceccad478 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 00:35:33 +0800
Subject: [PATCH 07/16] feat(preview): add signed preview URL endpoint for
 video streaming

Add POST /files/{id}/preview-url returning a signed token-based streaming
URL, and GET /files/{id}/preview-stream for token-authenticated range
requests. Switch VideoPreviewDialog from blob download to stream URL.
---
 app/src/fileflash/core/security.py            |  29 +++++
 app/src/fileflash/core/settings.py            |   4 +
 app/src/fileflash/routers/files.py            |  70 +++++++++++-
 app/src/fileflash/schemas/file.py             |   5 +
 app/tests/test_file_folder_patch_routes.py    | 106 +++++++++++++++++-
 app/tests/test_security.py                    |  22 ++++
 web/src/api/file.ts                           |   5 +
 .../organisms/files/FilePreviewDialog.spec.ts |   1 +
 .../organisms/files/VideoPreviewDialog.vue    |  15 +--
 web/src/mock/handlers/file.ts                 |  24 ++++
 web/src/types/file.d.ts                       |   5 +
 11 files changed, 272 insertions(+), 14 deletions(-)

diff --git a/app/src/fileflash/core/security.py b/app/src/fileflash/core/security.py
index 63f3dda..f2b3c45 100644
--- a/app/src/fileflash/core/security.py
+++ b/app/src/fileflash/core/security.py
@@ -70,3 +70,32 @@ def decode_share_access_token(token: str, settings: Settings) -> dict[str, Any]:
     if token_type != "share":
         raise jwt.InvalidTokenError("Invalid token type")
     return payload
+
+
+def create_file_preview_token(
+    *,
+    user_id: int,
+    file_id: int,
+    settings: Settings,
+    expires_at: datetime,
+) -> str:
+    now = datetime.now(UTC)
+    payload: dict[str, Any] = {
+        "sub": str(user_id),
+        "typ": "file_preview",
+        "scope": "file.preview",
+        "fileId": str(file_id),
+        "iat": int(now.timestamp()),
+        "exp": int(expires_at.timestamp()),
+        "jti": str(uuid.uuid4()),
+    }
+    return jwt.encode(payload, settings.jwt_secret_key, algorithm=settings.jwt_algorithm)
+
+
+def decode_file_preview_token(token: str, settings: Settings) -> dict[str, Any]:
+    payload = jwt.decode(token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm])
+    token_type = payload.get("typ")
+    scope = payload.get("scope")
+    if token_type != "file_preview" or scope != "file.preview":
+        raise jwt.InvalidTokenError("Invalid token type")
+    return payload
diff --git a/app/src/fileflash/core/settings.py b/app/src/fileflash/core/settings.py
index f5d4a47..e27b7b7 100644
--- a/app/src/fileflash/core/settings.py
+++ b/app/src/fileflash/core/settings.py
@@ -39,6 +39,10 @@ class Settings(BaseSettings):
     jwt_algorithm: str = "HS256"
     access_token_expire_minutes: int = 60 * 24 * 3
     refresh_token_expire_days: int = 7
+    file_preview_url_ttl_seconds: int = Field(
+        default=4 * 60 * 60,
+        alias="FILE_PREVIEW_URL_TTL_SECONDS",
+    )
 
     refresh_cookie_name: str = "refreshToken"
     refresh_cookie_secure: bool = False
diff --git a/app/src/fileflash/routers/files.py b/app/src/fileflash/routers/files.py
index b5fe019..e54c99a 100644
--- a/app/src/fileflash/routers/files.py
+++ b/app/src/fileflash/routers/files.py
@@ -1,18 +1,24 @@
 from __future__ import annotations
 
 import os
+from datetime import UTC, datetime, timedelta
+from urllib.parse import urlencode
 
-from fastapi import APIRouter, Depends, Header, Query
+from fastapi import APIRouter, Depends, Header, Query, Request
 from fastapi.responses import FileResponse, StreamingResponse
+from jwt import InvalidTokenError
 from starlette.background import BackgroundTask
 
-from ..core.deps import get_archive_service, get_current_user, get_file_service
+from ..core.deps import get_archive_service, get_current_user, get_file_service, get_settings_dep
 from ..core.errors import ApiError, api_success
+from ..core.security import create_file_preview_token, decode_file_preview_token
+from ..core.settings import Settings
 from ..models.tables_identity import User
 from ..schemas.archive import ArchiveExtractRequest
 from ..schemas.file import (
     BatchDownloadRequest,
     BatchFilesRequest,
+    FilePreviewUrlResponse,
     GetFilesQuery,
     MoveFileRequest,
     RenameFileRequest,
@@ -174,6 +180,66 @@ async def preview_file(
     )
 
 
+@router.post("/{file_id}/preview-url")
+async def create_file_preview_url(
+    file_id: str,
+    request: Request,
+    current_user: User = Depends(get_current_user),
+    file_service: FileService = Depends(get_file_service),
+    settings: Settings = Depends(get_settings_dep),
+):
+    try:
+        fid = int(file_id)
+    except ValueError as exc:
+        raise ApiError(status_code=400, code=400, message="Invalid fileId") from exc
+
+    await file_service.get_file(user_id=current_user.user_id, file_id=fid)
+    expires_at = datetime.now(UTC) + timedelta(seconds=settings.file_preview_url_ttl_seconds)
+    token = create_file_preview_token(
+        user_id=int(current_user.user_id),
+        file_id=fid,
+        settings=settings,
+        expires_at=expires_at,
+    )
+    stream_url = str(request.url_for("preview_file_stream", file_id=str(fid)))
+    result = FilePreviewUrlResponse(
+        url=f"{stream_url}?{urlencode({'token': token})}",
+        expires_at=expires_at,
+    )
+    return api_success(data=result.model_dump(by_alias=True))
+
+
+@router.get("/{file_id}/preview-stream", name="preview_file_stream")
+async def preview_file_stream(
+    file_id: str,
+    token: str = Query(..., min_length=1),
+    range_header: str | None = Header(default=None, alias="Range"),
+    file_service: FileService = Depends(get_file_service),
+    settings: Settings = Depends(get_settings_dep),
+):
+    try:
+        payload = decode_file_preview_token(token, settings)
+        user_id = int(payload["sub"])
+        token_file_id = str(payload["fileId"])
+    except (InvalidTokenError, KeyError, ValueError):
+        raise ApiError(status_code=401, code=401, message="Invalid or expired preview token") from None
+
+    if token_file_id != str(file_id):
+        raise ApiError(status_code=403, code=403, message="Preview token does not match file")
+
+    result = await file_service.get_preview_stream(
+        user_id=user_id,
+        file_id=file_id,
+        range_header=range_header,
+    )
+    return StreamingResponse(
+        result.stream,
+        media_type=result.content_type,
+        headers=result.headers,
+        status_code=result.status_code,
+    )
+
+
 @router.delete("/{file_id}")
 async def delete_file(
     file_id: str,
diff --git a/app/src/fileflash/schemas/file.py b/app/src/fileflash/schemas/file.py
index 3bf75c9..3827366 100644
--- a/app/src/fileflash/schemas/file.py
+++ b/app/src/fileflash/schemas/file.py
@@ -177,6 +177,11 @@ class MediaOptimization(CamelModel):
     updated_at: datetime
 
 
+class FilePreviewUrlResponse(CamelModel):
+    url: str
+    expires_at: datetime
+
+
 class RenameFileRequest(CamelModel):
     file_name: str = Field(min_length=1, max_length=255)
 
diff --git a/app/tests/test_file_folder_patch_routes.py b/app/tests/test_file_folder_patch_routes.py
index b289d06..1c38aac 100644
--- a/app/tests/test_file_folder_patch_routes.py
+++ b/app/tests/test_file_folder_patch_routes.py
@@ -1,12 +1,15 @@
 from __future__ import annotations
 
 from collections.abc import AsyncIterator
-from datetime import UTC, datetime
+from datetime import UTC, datetime, timedelta
 
 from fastapi import FastAPI
 from fastapi.testclient import TestClient
 
-from fileflash.core.deps import get_current_user, get_file_service, get_folder_service
+from fileflash.core.deps import get_current_user, get_file_service, get_folder_service, get_settings_dep
+from fileflash.core.errors import ApiError, api_error_handler
+from fileflash.core.security import create_file_preview_token
+from fileflash.core.settings import Settings
 from fileflash.models.tables_identity import User
 from fileflash.routers.files import router as files_router
 from fileflash.routers.folders import router as folders_router
@@ -47,6 +50,9 @@ def _make_folder_item(*, is_starred: bool) -> FolderItem:
 
 
 class StubFileService:
+    async def get_file(self, *, user_id: int, file_id: int) -> FileDetails:  # noqa: ARG002
+        return _make_file_details(name="demo.txt", is_starred=False)
+
     async def rename_file(self, *, user_id: int, file_id: str, payload: RenameFileRequest) -> FileDetails:  # noqa: ARG002
         return _make_file_details(name=payload.file_name, is_starred=False)
 
@@ -93,17 +99,26 @@ async def toggle_folder_star(self, *, user_id: int, folder_id: str, is_starred:
         return _make_folder_item(is_starred=is_starred)
 
 
-def _build_client() -> TestClient:
+def _build_client(*, authenticated: bool = True, settings: Settings | None = None) -> TestClient:
     app = FastAPI()
     app.include_router(files_router, prefix="/api/v1")
     app.include_router(folders_router, prefix="/api/v1")
+    app.add_exception_handler(ApiError, api_error_handler)
 
     async def _current_user_override() -> User:
+        if not authenticated:
+            raise ApiError(status_code=401, code=401, message="Missing authorization token")
         return User(user_id=1, username="owner", email="owner@example.com", password_hash="hash")
 
+    resolved_settings = settings or Settings(
+        JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
+        FF_DB_URI="postgresql://u:p@localhost:5432/db",
+    )
+
     app.dependency_overrides[get_current_user] = _current_user_override
     app.dependency_overrides[get_file_service] = lambda: StubFileService()
     app.dependency_overrides[get_folder_service] = lambda: StubFolderService()
+    app.dependency_overrides[get_settings_dep] = lambda: resolved_settings
     return TestClient(app)
 
 
@@ -142,3 +157,88 @@ def test_get_file_preview_route_returns_stream() -> None:
     assert response.headers["content-range"] == "bytes 0-3/12"
     assert response.headers["content-type"].startswith("text/plain")
     assert response.content == b"prev"
+
+
+def test_create_file_preview_url_route_returns_signed_stream_url() -> None:
+    settings = Settings(
+        JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
+        FF_DB_URI="postgresql://u:p@localhost:5432/db",
+    )
+    with _build_client(settings=settings) as client:
+        response = client.post("/api/v1/files/1/preview-url")
+
+    assert response.status_code == 200
+    payload = response.json()
+    assert payload["success"] is True
+    assert payload["data"]["url"].startswith("http://testserver/api/v1/files/1/preview-stream?token=")
+    assert payload["data"]["expiresAt"]
+
+
+def test_create_file_preview_url_route_requires_authentication() -> None:
+    with _build_client(authenticated=False) as client:
+        response = client.post("/api/v1/files/1/preview-url")
+
+    assert response.status_code == 401
+    assert response.json()["message"] == "Missing authorization token"
+
+
+def test_get_file_preview_stream_route_supports_range_with_valid_token() -> None:
+    settings = Settings(
+        JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
+        FF_DB_URI="postgresql://u:p@localhost:5432/db",
+    )
+    token = create_file_preview_token(
+        user_id=1,
+        file_id=1,
+        settings=settings,
+        expires_at=datetime.now(UTC) + timedelta(minutes=10),
+    )
+
+    with _build_client(settings=settings) as client:
+        response = client.get(
+            f"/api/v1/files/1/preview-stream?token={token}",
+            headers={"Range": "bytes=0-3"},
+        )
+
+    assert response.status_code == 206
+    assert response.headers["content-range"] == "bytes 0-3/12"
+    assert response.headers["content-length"] == "4"
+    assert response.content == b"prev"
+
+
+def test_get_file_preview_stream_route_rejects_mismatched_token_file_id() -> None:
+    settings = Settings(
+        JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
+        FF_DB_URI="postgresql://u:p@localhost:5432/db",
+    )
+    token = create_file_preview_token(
+        user_id=1,
+        file_id=2,
+        settings=settings,
+        expires_at=datetime.now(UTC) + timedelta(minutes=10),
+    )
+
+    with _build_client(settings=settings) as client:
+        response = client.get(f"/api/v1/files/1/preview-stream?token={token}")
+
+    assert response.status_code == 403
+    assert response.json()["message"] == "Preview token does not match file"
+
+
+def test_get_file_preview_stream_route_rejects_expired_token() -> None:
+    settings = Settings(
+        JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
+        FF_DB_URI="postgresql://u:p@localhost:5432/db",
+    )
+    token = create_file_preview_token(
+        user_id=1,
+        file_id=1,
+        settings=settings,
+        expires_at=datetime.now(UTC) - timedelta(minutes=10),
+    )
+
+    with _build_client(settings=settings) as client:
+        response = client.get(f"/api/v1/files/1/preview-stream?token={token}")
+
+    assert response.status_code == 401
+    assert response.json()["message"] == "Invalid or expired preview token"
diff --git a/app/tests/test_security.py b/app/tests/test_security.py
index fe29f57..d1b3e45 100644
--- a/app/tests/test_security.py
+++ b/app/tests/test_security.py
@@ -1,9 +1,13 @@
 from __future__ import annotations
 
+from datetime import UTC, datetime, timedelta
+
 from fileflash.core.security import (
     create_access_token,
+    create_file_preview_token,
     create_refresh_token,
     decode_access_token,
+    decode_file_preview_token,
     get_password_hash,
     hash_token,
     verify_password,
@@ -31,6 +35,24 @@ def test_access_token_round_trip():
     assert "exp" in payload
 
 
+def test_file_preview_token_round_trip():
+    settings = Settings(
+        JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
+        FF_DB_URI="postgresql://u:p@localhost:5432/db",
+    )
+    token = create_file_preview_token(
+        user_id=42,
+        file_id=99,
+        settings=settings,
+        expires_at=datetime.now(UTC) + timedelta(minutes=10),
+    )
+    payload = decode_file_preview_token(token=token, settings=settings)
+    assert payload["sub"] == "42"
+    assert payload["fileId"] == "99"
+    assert payload["scope"] == "file.preview"
+    assert payload["typ"] == "file_preview"
+
+
 def test_refresh_token_hash_is_deterministic():
     settings = Settings(
         JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
diff --git a/web/src/api/file.ts b/web/src/api/file.ts
index e8db9ac..38c5d32 100644
--- a/web/src/api/file.ts
+++ b/web/src/api/file.ts
@@ -6,6 +6,7 @@ import type {
   FileItem,
   ContentItem,
   FileDetails,
+  FilePreviewUrlResponse,
   GetFilesRequest,
   RenameFileRequest,
   MoveFileRequest,
@@ -150,6 +151,10 @@ export const previewFile = (fileId: string) => {
   return http.get<Blob>(`/files/${fileId}/preview`, undefined, { responseType: 'blob' });
 };
 
+export const getPreviewUrl = (fileId: string) => {
+  return http.post<FilePreviewUrlResponse>(`/files/${fileId}/preview-url`);
+};
+
 /**
  * 获取文件缩略图
  * @param fileId 文件ID
diff --git a/web/src/components/organisms/files/FilePreviewDialog.spec.ts b/web/src/components/organisms/files/FilePreviewDialog.spec.ts
index 5632637..aefe21c 100644
--- a/web/src/components/organisms/files/FilePreviewDialog.spec.ts
+++ b/web/src/components/organisms/files/FilePreviewDialog.spec.ts
@@ -5,6 +5,7 @@ import FilePreviewDialog from './FilePreviewDialog.vue';
 
 vi.mock('../../../api/file', () => ({
   previewFile: vi.fn(() => Promise.resolve(new Blob(['ok'], { type: 'text/plain' }))),
+  getPreviewUrl: vi.fn(() => Promise.resolve({ url: '/mock-video.mp4', expiresAt: '2026-01-01T01:00:00Z' })),
   downloadFile: vi.fn(),
 }));
 
diff --git a/web/src/components/organisms/files/VideoPreviewDialog.vue b/web/src/components/organisms/files/VideoPreviewDialog.vue
index 6e036ed..fc9facd 100644
--- a/web/src/components/organisms/files/VideoPreviewDialog.vue
+++ b/web/src/components/organisms/files/VideoPreviewDialog.vue
@@ -1,6 +1,6 @@
 <script setup lang="ts">
 import { computed, nextTick, onBeforeUnmount, onMounted, ref, watch } from 'vue';
-import { downloadFile, previewFile } from '../../../api/file';
+import { downloadFile, getPreviewUrl } from '../../../api/file';
 import { getPreviewCapabilities } from '../../../utils/preview';
 import { useLocaleStore } from '../../../store/locale';
 import { useVideoPlayer } from '../../../composables/useVideoPlayer';
@@ -16,7 +16,7 @@ const isOpen = computed(() => props.file !== null);
 const videoRef = ref<HTMLVideoElement | null>(null);
 const isLoading = ref(false);
 const error = ref('');
-const objectUrl = ref('');
+const streamUrl = ref('');
 
 const { mount: mountVideo, destroy: destroyVideo } = useVideoPlayer(videoRef);
 
@@ -35,10 +35,7 @@ const formatBytes = (bytes: number | undefined) => {
 const reset = () => {
   destroyVideo();
   error.value = '';
-  if (objectUrl.value) {
-    URL.revokeObjectURL(objectUrl.value);
-    objectUrl.value = '';
-  }
+  streamUrl.value = '';
 };
 
 const load = async () => {
@@ -47,12 +44,12 @@ const load = async () => {
 
   isLoading.value = true;
   try {
-    const blob = await previewFile(props.file.id);
-    objectUrl.value = URL.createObjectURL(blob);
+    const preview = await getPreviewUrl(props.file.id);
+    streamUrl.value = preview.url;
     isLoading.value = false;
     await nextTick();
     mountVideo({
-      source: objectUrl.value,
+      source: streamUrl.value,
       isHls: capabilities.value.isHls,
       onFatalError: (msg) => {
         error.value = msg;
diff --git a/web/src/mock/handlers/file.ts b/web/src/mock/handlers/file.ts
index 26b7308..67c2b7d 100644
--- a/web/src/mock/handlers/file.ts
+++ b/web/src/mock/handlers/file.ts
@@ -599,6 +599,30 @@ export const setupFileMocks = () => {
     return buildMockFileBlob(resolvePreviewNode(node));
   });
 
+  Mock.mock(/\/api\/v1\/files\/([^/]+)\/preview-url$/, 'post', (options) => {
+    const fileId = (options.url.match(/\/api\/v1\/files\/([^/]+)\/preview-url/) || [])[1];
+    const node = vfsApi.get(fileId);
+
+    if (!node || node.type !== 'file') {
+      return {
+        success: false,
+        code: 404,
+        message: 'File not found',
+        data: null,
+      };
+    }
+
+    const previewBlob = buildMockFileBlob(resolvePreviewNode(node));
+    return {
+      success: true,
+      code: 200,
+      data: {
+        url: URL.createObjectURL(previewBlob),
+        expiresAt: new Date(Date.now() + 4 * 60 * 60 * 1000).toISOString(),
+      },
+    };
+  });
+
   Mock.mock(/\/api\/v1\/files\/([^/]+)\/archive\/preview$/, 'post', (options) => {
     const fileId = (options.url.match(/\/api\/v1\/files\/([^/]+)\/archive\/preview/) || [])[1];
     const node = vfsApi.get(fileId);
diff --git a/web/src/types/file.d.ts b/web/src/types/file.d.ts
index bd4ab91..0e1ed12 100644
--- a/web/src/types/file.d.ts
+++ b/web/src/types/file.d.ts
@@ -419,6 +419,11 @@ export interface FileDetails extends FileItem {
   updatedAt: string;
 }
 
+export interface FilePreviewUrlResponse {
+  url: string;
+  expiresAt: string;
+}
+
 /**
  * 重命名文件的请求体
  */

From 34e962895e520234b4d0593e1c6c585dc69483a4 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 00:35:42 +0800
Subject: [PATCH 08/16] feat(stream): add ResolvedStreamObject with transcode
 MIME content-type override

Return correct MIME type (e.g. video/mp4) when serving transcoded
content even if the source file has a different extension (e.g. .mkv).
---
 app/src/fileflash/services/file.py            | 43 +++++++++++++------
 .../test_file_download_recycle_service.py     |  7 +--
 2 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/app/src/fileflash/services/file.py b/app/src/fileflash/services/file.py
index 3d910da..453abdb 100644
--- a/app/src/fileflash/services/file.py
+++ b/app/src/fileflash/services/file.py
@@ -74,6 +74,12 @@ class DownloadStreamResult:
     headers: dict[str, str]
 
 
+@dataclass(slots=True)
+class ResolvedStreamObject:
+    storage_object: StorageObject
+    content_type_override: str | None = None
+
+
 class FileService:
     def __init__(
         self,
@@ -284,10 +290,11 @@ async def _get_file_stream(
             raise ApiError(status_code=503, code=503, message="Object storage is unavailable")
 
         file_row = await self._get_active_file(user_id=user_id, file_id=file_id)
-        storage_object = await self._resolve_stream_storage_object(
+        resolved_object = await self._resolve_stream_storage_object(
             file_row=file_row,
             prefer_optimized=(content_disposition == "inline"),
         )
+        storage_object = resolved_object.storage_object if resolved_object is not None else None
         if storage_object is None or storage_object.upload_status != UploadStatus.ACTIVE:
             raise ApiError(status_code=404, code=404, message="File content not found")
 
@@ -296,7 +303,11 @@ async def _get_file_stream(
             raise ApiError(status_code=404, code=404, message="File content not found")
 
         content_type = resolve_file_mime_type(
-            mime_type=file_row.mime_type or storage_object.content_type,
+            mime_type=(
+                resolved_object.content_type_override
+                if resolved_object is not None and resolved_object.content_type_override
+                else file_row.mime_type or storage_object.content_type
+            ),
             file_ext=file_row.file_ext,
             file_name=file_row.file_name,
             default=DEFAULT_MIME_TYPE,
@@ -1832,12 +1843,12 @@ async def _resolve_stream_storage_object(
         *,
         file_row: File,
         prefer_optimized: bool,
-    ) -> StorageObject | None:
+    ) -> ResolvedStreamObject | None:
         source_object = await self.db.get(StorageObject, int(file_row.storage_object_id))
         if source_object is None:
             return None
         if not prefer_optimized:
-            return source_object
+            return ResolvedStreamObject(storage_object=source_object)
 
         metadata_row = await self.db.scalar(
             select(FileMediaMetadata)
@@ -1845,17 +1856,19 @@ async def _resolve_stream_storage_object(
             .limit(1)
         )
         if not isinstance(metadata_row, FileMediaMetadata):
-            return source_object
+            return ResolvedStreamObject(storage_object=source_object)
         transcode = (metadata_row.extra_metadata or {}).get("transcode")
         if not isinstance(transcode, dict):
-            return source_object
+            return ResolvedStreamObject(storage_object=source_object)
         if str(transcode.get("status") or "").strip().lower() != TRANSCODE_READY_STATUS:
-            return source_object
+            return ResolvedStreamObject(storage_object=source_object)
 
         bucket_name = str(transcode.get("optimizedBucketName") or "").strip()
         object_key = str(transcode.get("optimizedObjectKey") or "").strip()
         if not bucket_name or not object_key:
-            return source_object
+            return ResolvedStreamObject(storage_object=source_object)
+
+        optimized_mime_type = str(transcode.get("optimizedMimeType") or "").strip() or None
 
         optimized_object = await self.db.scalar(
             select(StorageObject)
@@ -1869,13 +1882,16 @@ async def _resolve_stream_storage_object(
             .limit(1)
         )
         if isinstance(optimized_object, StorageObject):
-            return optimized_object
+            return ResolvedStreamObject(
+                storage_object=optimized_object,
+                content_type_override=optimized_mime_type or optimized_object.content_type,
+            )
 
         if self.storage is None:
-            return source_object
+            return ResolvedStreamObject(storage_object=source_object)
         exists = await self.storage.object_exists(bucket_name=bucket_name, object_key=object_key)
         if not exists:
-            return source_object
+            return ResolvedStreamObject(storage_object=source_object)
 
         stat = await self.storage.stat_object(bucket_name=bucket_name, object_key=object_key)
         created = StorageObject(
@@ -1889,7 +1905,10 @@ async def _resolve_stream_storage_object(
         )
         self.db.add(created)
         await self.db.flush()
-        return created
+        return ResolvedStreamObject(
+            storage_object=created,
+            content_type_override=optimized_mime_type or created.content_type,
+        )
 
     @staticmethod
     def _parse_datetime(raw: object) -> datetime | None:
diff --git a/app/tests/test_file_download_recycle_service.py b/app/tests/test_file_download_recycle_service.py
index cf5ec2c..3d1caba 100644
--- a/app/tests/test_file_download_recycle_service.py
+++ b/app/tests/test_file_download_recycle_service.py
@@ -291,9 +291,9 @@ async def test_get_preview_stream_prefers_transcoded_object_when_ready(monkeypat
     storage = DummyStorage()
     service = FileService(db=session, storage=storage)
 
-    file_row = make_file_row(file_id=11, file_name="preview.mp4")
-    file_row.file_ext = "mp4"
-    file_row.mime_type = "video/mp4"
+    file_row = make_file_row(file_id=11, file_name="preview.mkv")
+    file_row.file_ext = "mkv"
+    file_row.mime_type = "video/x-matroska"
     file_row.storage_object_id = 101
     source_object = StorageObject(
         object_id=101,
@@ -330,6 +330,7 @@ async def test_get_preview_stream_prefers_transcoded_object_when_ready(monkeypat
 
     result = await service.get_preview_stream(user_id=1, file_id="11", range_header=None)
     assert result.status_code == 200
+    assert result.content_type == "video/mp4"
     assert result.headers["Content-Length"] == "128"
 
 

From 181bd6164e128badb10b811bd0c2c4376a63ed33 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 00:35:50 +0800
Subject: [PATCH 09/16] feat(upload): make merged-object hash verification
 conditional on settings toggle

Skip full-object hash verification during merge when
upload_verify_merged_object_hash is disabled (default). Add tests for
fast mode, hash mismatch, and 20GB size boundary.
---
 app/src/fileflash/services/upload.py |  21 +++---
 app/tests/test_upload_service.py     | 100 ++++++++++++++++++++++++++-
 2 files changed, 110 insertions(+), 11 deletions(-)

diff --git a/app/src/fileflash/services/upload.py b/app/src/fileflash/services/upload.py
index 76e135a..491e6d8 100644
--- a/app/src/fileflash/services/upload.py
+++ b/app/src/fileflash/services/upload.py
@@ -511,16 +511,17 @@ async def _operation() -> MergeChunksResponse:
                 await self.db.commit()
                 raise ApiError(status_code=422, code=422, message="Composed file size mismatch")
 
-            actual_hash = await self.storage.compute_object_hash(
-                object_key=task.object_key,
-                algorithm=hash_algorithm,
-            )
-            if actual_hash != object_hash:
-                await self.storage.remove_object(object_key=task.object_key)
-                task.status = UploadTaskStatus.FAILED
-                task.last_error = "Composed file hash mismatch"
-                await self.db.commit()
-                raise ApiError(status_code=422, code=422, message="Composed file hash mismatch")
+            if self.settings.upload_verify_merged_object_hash:
+                actual_hash = await self.storage.compute_object_hash(
+                    object_key=task.object_key,
+                    algorithm=hash_algorithm,
+                )
+                if actual_hash != object_hash:
+                    await self.storage.remove_object(object_key=task.object_key)
+                    task.status = UploadTaskStatus.FAILED
+                    task.last_error = "Composed file hash mismatch"
+                    await self.db.commit()
+                    raise ApiError(status_code=422, code=422, message="Composed file hash mismatch")
 
             storage_object = await self._find_storage_object(
                 object_hash=object_hash,
diff --git a/app/tests/test_upload_service.py b/app/tests/test_upload_service.py
index af27651..58d3382 100644
--- a/app/tests/test_upload_service.py
+++ b/app/tests/test_upload_service.py
@@ -168,6 +168,57 @@ async def test_preflight_returns_503_when_storage_is_unavailable(monkeypatch: py
     cleanup_mock.assert_not_awaited()
 
 
+@pytest.mark.asyncio
+async def test_preflight_allows_20gb_file_size_boundary(monkeypatch: pytest.MonkeyPatch):
+    max_file_size = 20 * 1024 * 1024 * 1024
+    settings = make_settings(UPLOAD_SINGLE_FILE_SIZE_MAX=str(max_file_size))
+    session = DummySession()
+    service, _storage = make_service(session, settings=settings)
+
+    monkeypatch.setattr(service, "_cleanup_expired_tasks", AsyncMock())
+    monkeypatch.setattr(service, "_resolve_folder_id", AsyncMock(return_value=7))
+    monkeypatch.setattr(service, "_find_storage_object", AsyncMock(return_value=None))
+    monkeypatch.setattr(service, "_find_active_task", AsyncMock(return_value=None))
+
+    response = await service.preflight(
+        user_id=2,
+        payload=UploadPreflightRequest(
+            fileHash="b" * 64,
+            fileName="video.mp4",
+            fileSize=max_file_size,
+            mimeType="video/mp4",
+            parentId="7",
+        ),
+    )
+
+    assert response.status == "UPLOADING"
+    assert response.upload_id is not None
+
+
+@pytest.mark.asyncio
+async def test_preflight_rejects_file_size_over_20gb():
+    max_file_size = 20 * 1024 * 1024 * 1024
+    settings = make_settings(UPLOAD_SINGLE_FILE_SIZE_MAX=str(max_file_size))
+    session = DummySession()
+    service, storage = make_service(session, settings=settings)
+
+    with pytest.raises(ApiError) as exc:
+        await service.preflight(
+            user_id=2,
+            payload=UploadPreflightRequest(
+                fileHash="b" * 64,
+                fileName="video.mp4",
+                fileSize=max_file_size + 1,
+                mimeType="video/mp4",
+                parentId="7",
+            ),
+        )
+
+    assert exc.value.status_code == 413
+    assert exc.value.code == 413
+    storage.ensure_bucket.assert_not_awaited()
+
+
 @pytest.mark.asyncio
 async def test_list_recoverable_sessions_returns_only_active_non_expired_tasks():
     session = DummySession()
@@ -458,9 +509,56 @@ async def test_merge_returns_conflict_without_strategy(monkeypatch: pytest.Monke
 
 
 @pytest.mark.asyncio
-async def test_merge_marks_failed_on_hash_mismatch(monkeypatch: pytest.MonkeyPatch):
+async def test_merge_skips_full_hash_verification_in_fast_mode(monkeypatch: pytest.MonkeyPatch):
     session = DummySession()
     service, storage = make_service(session)
+    task = UploadTask(
+        task_id=19,
+        user_id=2,
+        folder_id=2,
+        file_name="asset.bin",
+        mime_type="application/octet-stream",
+        bucket_name="fileflash",
+        object_key="objects/u2/new",
+        object_hash="a" * 64,
+        total_size=4,
+        chunk_size=2,
+        upload_id="upload-fast-mode",
+        status=UploadTaskStatus.UPLOADING,
+        expired_at=datetime.now(UTC) + timedelta(hours=1),
+    )
+    parts = [
+        UploadTaskPart(task_id=19, part_number=0, part_size=2, status=UploadPartStatus.UPLOADED),
+        UploadTaskPart(task_id=19, part_number=1, part_size=2, status=UploadPartStatus.UPLOADED),
+    ]
+    session.scalars_queue = [parts]
+
+    monkeypatch.setattr(service, "_get_task_for_update", AsyncMock(return_value=task))
+    monkeypatch.setattr(service, "_resolve_folder_id", AsyncMock(return_value=2))
+    monkeypatch.setattr(service, "_find_conflict_file", AsyncMock(return_value=None))
+    monkeypatch.setattr(service, "_find_storage_object", AsyncMock(return_value=None))
+
+    response = await service.merge_chunks(
+        user_id=2,
+        upload_id="upload-fast-mode",
+        payload=MergeChunksRequest(
+            fileHash="a" * 64,
+            fileName="asset.bin",
+            mimeType="application/octet-stream",
+            parentId="2",
+            conflictStrategy="rename",
+        ),
+    )
+
+    assert response.file_name == "asset.bin"
+    storage.compute_object_hash.assert_not_awaited()
+
+
+@pytest.mark.asyncio
+async def test_merge_marks_failed_on_hash_mismatch(monkeypatch: pytest.MonkeyPatch):
+    settings = make_settings(UPLOAD_VERIFY_MERGED_OBJECT_HASH=True)
+    session = DummySession()
+    service, storage = make_service(session, settings=settings)
     task = UploadTask(
         task_id=20,
         user_id=2,

From f7254095b93fb231bec98cfb22285da1eb7f8af9 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 00:35:59 +0800
Subject: [PATCH 10/16] refactor(uploader): extract hash chunk size constants
 and add backend error fallback

Export HASH_CHUNK_SIZE_DEFAULT and HASH_CHUNK_SIZE_LARGE_FILE from
hash.ts; use large chunk size in uploader; fall back to backend error
message when upload initiation fails.
---
 web/src/utils/hash.ts     |  5 ++++-
 web/src/utils/uploader.ts | 11 ++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/web/src/utils/hash.ts b/web/src/utils/hash.ts
index 3b4bbd9..835a684 100644
--- a/web/src/utils/hash.ts
+++ b/web/src/utils/hash.ts
@@ -1,5 +1,8 @@
 import SparkMD5 from 'spark-md5';  
 
+export const HASH_CHUNK_SIZE_DEFAULT = 2 * 1024 * 1024;
+export const HASH_CHUNK_SIZE_LARGE_FILE = 16 * 1024 * 1024;
+
 /**  
  * 进度回调函数的类型定义。  
  * @param percentage - 当前计算进度的百分比 (0-100)。  
@@ -34,7 +37,7 @@ function createAbortError(message: string): Error {
 export function calculateFileHash(  
   file: File,  
   onProgress?: HashProgressCallback,  
-  chunkSize: number = 2 * 1024 * 1024, // 默认分片大小: 2MB
+  chunkSize: number = HASH_CHUNK_SIZE_DEFAULT,
   options: {
     signal?: AbortSignal;
   } = {},
diff --git a/web/src/utils/uploader.ts b/web/src/utils/uploader.ts
index 5954c73..8b322c4 100644
--- a/web/src/utils/uploader.ts
+++ b/web/src/utils/uploader.ts
@@ -1,6 +1,10 @@
 import axios from 'axios';
 import http from './http';
-import { calculateFileHash, type HashProgressCallback } from './hash';
+import {
+  calculateFileHash,
+  HASH_CHUNK_SIZE_LARGE_FILE,
+  type HashProgressCallback,
+} from './hash';
 import type {
   BackgroundJob,
   MergeChunksRequest,
@@ -151,7 +155,7 @@ export async function uploadFile(options: UploadFileOptions): Promise<MergeChunk
 
   try {
     throwIfAborted(signal);
-    const fileHash = await calculateFileHash(file, onHashProgress, chunkSize, { signal });
+    const fileHash = await calculateFileHash(file, onHashProgress, HASH_CHUNK_SIZE_LARGE_FILE, { signal });
     onFileHashed?.(fileHash);
     throwIfAborted(signal);
 
@@ -172,7 +176,8 @@ export async function uploadFile(options: UploadFileOptions): Promise<MergeChunk
     } catch (error) {
       const canceled = normalizeCanceledError(error);
       if (canceled) throw canceled;
-      throw new Error('无法开始上传，请检查网络连接或与管理员联系。');
+      const backendMessage = extractApiErrorMessage(error);
+      throw new Error(backendMessage || '无法开始上传，请检查网络连接或与管理员联系。');
     }
 
     const { status, fileId, uploadId, uploadedChunkIndexes } = preflightResponse;

From 487239150a9f57e76b5c948f66cd9f823b5e8fe5 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 00:36:07 +0800
Subject: [PATCH 11/16] test(upload): add refresh-file-tree emit test and new
 spec files

Add test verifying eventBus emit on upload success; add untracked
spec files for uploader and VideoPreviewDialog.
---
 .../files/VideoPreviewDialog.spec.ts          | 67 ++++++++++++++++
 web/src/store/upload.spec.ts                  | 24 +++++-
 web/src/utils/uploader.spec.ts                | 76 +++++++++++++++++++
 3 files changed, 166 insertions(+), 1 deletion(-)
 create mode 100644 web/src/components/organisms/files/VideoPreviewDialog.spec.ts
 create mode 100644 web/src/utils/uploader.spec.ts

diff --git a/web/src/components/organisms/files/VideoPreviewDialog.spec.ts b/web/src/components/organisms/files/VideoPreviewDialog.spec.ts
new file mode 100644
index 0000000..3d86172
--- /dev/null
+++ b/web/src/components/organisms/files/VideoPreviewDialog.spec.ts
@@ -0,0 +1,67 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { flushPromises } from '@vue/test-utils';
+import { mount } from '../../../test/mount';
+import VideoPreviewDialog from './VideoPreviewDialog.vue';
+
+const mocks = vi.hoisted(() => ({
+  getPreviewUrl: vi.fn(),
+  previewFile: vi.fn(),
+  downloadFile: vi.fn(),
+  mountVideo: vi.fn(),
+  destroyVideo: vi.fn(),
+}));
+
+vi.mock('../../../api/file', () => ({
+  getPreviewUrl: mocks.getPreviewUrl,
+  previewFile: mocks.previewFile,
+  downloadFile: mocks.downloadFile,
+}));
+
+vi.mock('../../../composables/useVideoPlayer', () => ({
+  useVideoPlayer: () => ({
+    mount: mocks.mountVideo,
+    destroy: mocks.destroyVideo,
+  }),
+}));
+
+const videoFile = {
+  itemType: 'file',
+  id: 'v1',
+  name: 'movie.mp4',
+  size: 1024,
+  mimeType: 'video/mp4',
+  ownerName: 'me',
+  updatedAt: '2026-01-01T00:00:00Z',
+  createdAt: '2026-01-01T00:00:00Z',
+  folderId: 'root',
+};
+
+describe('VideoPreviewDialog', () => {
+  beforeEach(() => {
+    document.body.replaceChildren();
+    vi.clearAllMocks();
+    mocks.getPreviewUrl.mockResolvedValue({
+      url: 'http://testserver/api/v1/files/v1/preview-stream?token=signed',
+      expiresAt: '2026-01-01T04:00:00Z',
+    });
+  });
+
+  it('loads a signed stream URL instead of downloading the preview blob', async () => {
+    const wrapper = mount(VideoPreviewDialog, {
+      props: { file: videoFile as any },
+      attachTo: document.body,
+    });
+
+    await flushPromises();
+
+    expect(mocks.getPreviewUrl).toHaveBeenCalledWith('v1');
+    expect(mocks.previewFile).not.toHaveBeenCalled();
+    expect(mocks.mountVideo).toHaveBeenCalledWith(expect.objectContaining({
+      source: 'http://testserver/api/v1/files/v1/preview-stream?token=signed',
+      isHls: false,
+    }));
+    expect(document.body.querySelector('.video-preview-dialog')).toBeTruthy();
+
+    wrapper.unmount();
+  });
+});
diff --git a/web/src/store/upload.spec.ts b/web/src/store/upload.spec.ts
index ad6d4b3..9057f44 100644
--- a/web/src/store/upload.spec.ts
+++ b/web/src/store/upload.spec.ts
@@ -6,6 +6,7 @@ import type { MergeChunksResponse, UploadRecoverableSession } from '../types/fil
 
 const uploadFileMock = vi.fn();
 const completeUploadSessionMock = vi.fn();
+const emitMock = vi.fn();
 const cancelUploadSessionMock = vi.fn(async (_uploadId: string) => ({
   uploadId: 'upload-1',
   canceledAt: '2026-05-24T00:00:00Z',
@@ -31,7 +32,7 @@ vi.mock('../utils/ui', () => ({
 
 vi.mock('../utils/eventBus', () => ({
   eventBus: {
-    emit: vi.fn(),
+    emit: (...args: unknown[]) => emitMock(...args),
   },
 }));
 
@@ -55,6 +56,7 @@ describe('upload store', () => {
     localStorage.clear();
     uploadFileMock.mockReset();
     completeUploadSessionMock.mockReset();
+    emitMock.mockReset();
     cancelUploadSessionMock.mockClear();
     getRecoverableUploadsMock.mockReset();
     getRecoverableUploadsMock.mockResolvedValue([]);
@@ -251,4 +253,24 @@ describe('upload store', () => {
     expect((completeUploadSessionMock.mock.calls[0]?.[0] as { uploadId: string }).uploadId).toBe('upload-complete');
     expect(store.tasks.find((task) => task.uploadId === 'upload-partial')?.status).toBe('paused');
   });
+
+  it('emits refresh-file-tree after upload succeeds', async () => {
+    uploadFileMock.mockResolvedValue({
+      fileId: 'file-1',
+      fileName: 'done.txt',
+      fileSize: 5,
+      mimeType: 'text/plain',
+      folderId: 'root',
+      objectHash: 'f'.repeat(64),
+      createdAt: '2026-05-24T03:00:00Z',
+      downloadUrl: '/api/v1/files/file-1/download',
+    });
+
+    const store = useUploadStore();
+    await store.startUpload(new File(['hello'], 'done.txt', { type: 'text/plain' }), 'root');
+    await Promise.resolve();
+    await Promise.resolve();
+
+    expect(emitMock).toHaveBeenCalledWith('refresh-file-tree');
+  });
 });
diff --git a/web/src/utils/uploader.spec.ts b/web/src/utils/uploader.spec.ts
new file mode 100644
index 0000000..b6a0796
--- /dev/null
+++ b/web/src/utils/uploader.spec.ts
@@ -0,0 +1,76 @@
+import { AxiosError } from 'axios';
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { HASH_CHUNK_SIZE_LARGE_FILE } from './hash';
+
+const postMock = vi.fn();
+const getMock = vi.fn();
+const calculateFileHashMock = vi.fn();
+
+vi.mock('./http', () => ({
+  default: {
+    post: (...args: unknown[]) => postMock(...args),
+    get: (...args: unknown[]) => getMock(...args),
+  },
+}));
+
+vi.mock('./hash', async () => {
+  const actual = await vi.importActual<typeof import('./hash')>('./hash');
+  return {
+    ...actual,
+    calculateFileHash: (...args: unknown[]) => calculateFileHashMock(...args),
+  };
+});
+
+import { uploadFile } from './uploader';
+
+function makePreflightError(message: string): AxiosError {
+  return new AxiosError(
+    message,
+    'ERR_BAD_REQUEST',
+    { headers: {} } as any,
+    undefined,
+    {
+      status: 413,
+      statusText: 'Request Entity Too Large',
+      headers: {},
+      config: { headers: {} } as any,
+      data: { message },
+    } as any,
+  );
+}
+
+describe('utils/uploader', () => {
+  beforeEach(() => {
+    postMock.mockReset();
+    getMock.mockReset();
+    calculateFileHashMock.mockReset();
+    calculateFileHashMock.mockResolvedValue('a'.repeat(64));
+  });
+
+  it('uses backend preflight error message when preflight fails', async () => {
+    postMock.mockRejectedValueOnce(makePreflightError('File size exceeds maximum upload limit'));
+
+    await expect(
+      uploadFile({
+        file: new File(['x'], 'large.bin', { type: 'application/octet-stream' }),
+        parentId: 'root',
+      }),
+    ).rejects.toThrow('File size exceeds maximum upload limit');
+  });
+
+  it('uses larger chunks for hash computation than upload chunks', async () => {
+    postMock.mockResolvedValueOnce({
+      status: 'COMPLETE',
+      fileId: 'file-1',
+    });
+
+    await uploadFile({
+      file: new File(['hello'], 'demo.txt', { type: 'text/plain' }),
+      parentId: 'root',
+      chunkSize: 5 * 1024 * 1024,
+    });
+
+    expect(calculateFileHashMock).toHaveBeenCalledTimes(1);
+    expect(calculateFileHashMock.mock.calls[0]?.[2]).toBe(HASH_CHUNK_SIZE_LARGE_FILE);
+  });
+});

From 1637822267881b792b5af5036d792a393b0a19ad Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 10:03:02 +0800
Subject: [PATCH 12/16] feat(config): add DEFAULT_ADMIN_* env vars for
 production bootstrap

Add default_admin_username/email/password fields to Settings with
production-only validation. New admin env vars are required in production
and enforce minimum length on the password.
---
 app/.env.example                   |  7 +++++-
 app/src/fileflash/core/settings.py | 38 +++++++++++++++++++++++++++---
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/app/.env.example b/app/.env.example
index b61de2d..f88678f 100644
--- a/app/.env.example
+++ b/app/.env.example
@@ -3,6 +3,11 @@ FF_DB_URI=postgresql://root:password@localhost:5432/fileflash
 # DATABASE_URL=postgresql://root:password@localhost:5432/fileflash
 APP_ENV=development
 
+# Required when APP_ENV=production or APP_ENV=prod.
+DEFAULT_ADMIN_USERNAME=admin
+DEFAULT_ADMIN_EMAIL=admin@example.com
+DEFAULT_ADMIN_PASSWORD=replace-with-32-bytes-or-longer-password
+
 JWT_SECRET_KEY=please-set-at-least-32-bytes-secret-key
 # Optional dedicated HMAC key for token hash persistence.
 # Falls back to JWT_SECRET_KEY when omitted.
@@ -25,7 +30,7 @@ OBJECT_STORAGE_SECURE=false
 UPLOAD_CHUNK_SIZE_DEFAULT=5242880
 UPLOAD_CHUNK_SIZE_MIN=1048576
 UPLOAD_CHUNK_SIZE_MAX=16777216
-UPLOAD_SINGLE_FILE_SIZE_MAX=21474836480
+UPLOAD_SINGLE_FILE_SIZE_MAX=5368709120
 UPLOAD_VERIFY_MERGED_OBJECT_HASH=false
 STARRED_ITEMS_LIMIT=20
 UPLOAD_SESSION_TTL_HOURS=24
diff --git a/app/src/fileflash/core/settings.py b/app/src/fileflash/core/settings.py
index e27b7b7..f93a38b 100644
--- a/app/src/fileflash/core/settings.py
+++ b/app/src/fileflash/core/settings.py
@@ -28,6 +28,10 @@ class Settings(BaseSettings):
     api_v1_prefix: str = "/api/v1"
     app_env: str = Field(default="production", alias="APP_ENV")
 
+    default_admin_username: str | None = Field(default=None, alias="DEFAULT_ADMIN_USERNAME")
+    default_admin_email: str | None = Field(default=None, alias="DEFAULT_ADMIN_EMAIL")
+    default_admin_password: str | None = Field(default=None, alias="DEFAULT_ADMIN_PASSWORD")
+
     database_url: str | None = Field(default=None, alias="DATABASE_URL")
     ff_db_uri: str | None = Field(default=None, alias="FF_DB_URI")
 
@@ -72,11 +76,20 @@ class Settings(BaseSettings):
     object_storage_secure: bool = Field(default=False, alias="OBJECT_STORAGE_SECURE")
     object_storage_region: str | None = Field(default=None, alias="OBJECT_STORAGE_REGION")
 
-    upload_chunk_size_default: int = Field(default=5 * 1024 * 1024, alias="UPLOAD_CHUNK_SIZE_DEFAULT")
+    upload_chunk_size_default: int = Field(
+        default=5 * 1024 * 1024,
+        alias="UPLOAD_CHUNK_SIZE_DEFAULT",
+    )
     upload_chunk_size_min: int = Field(default=1 * 1024 * 1024, alias="UPLOAD_CHUNK_SIZE_MIN")
     upload_chunk_size_max: int = Field(default=16 * 1024 * 1024, alias="UPLOAD_CHUNK_SIZE_MAX")
-    upload_single_file_size_max: int = Field(default=5 * 1024 * 1024 * 1024, alias="UPLOAD_SINGLE_FILE_SIZE_MAX")
-    upload_verify_merged_object_hash: bool = Field(default=False, alias="UPLOAD_VERIFY_MERGED_OBJECT_HASH")
+    upload_single_file_size_max: int = Field(
+        default=5 * 1024 * 1024 * 1024,
+        alias="UPLOAD_SINGLE_FILE_SIZE_MAX",
+    )
+    upload_verify_merged_object_hash: bool = Field(
+        default=False,
+        alias="UPLOAD_VERIFY_MERGED_OBJECT_HASH",
+    )
     starred_items_limit: int = Field(default=20, alias="STARRED_ITEMS_LIMIT")
     upload_session_ttl_hours: int = Field(default=24, alias="UPLOAD_SESSION_TTL_HOURS")
     upload_temp_prefix: str = Field(default="tmp", alias="UPLOAD_TEMP_PREFIX")
@@ -189,6 +202,25 @@ def security_configuration_issues(self) -> tuple[str, ...]:
         token_hash_secret = (self.token_hash_secret or "").strip()
         if token_hash_secret and len(token_hash_secret.encode("utf-8")) < self.MIN_SECRET_LENGTH:
             issues.append(f"TOKEN_HASH_SECRET must be at least {self.MIN_SECRET_LENGTH} bytes")
+        issues.extend(self.default_admin_configuration_issues)
+        return tuple(issues)
+
+    @property
+    def default_admin_configuration_issues(self) -> tuple[str, ...]:
+        if not self.is_production_env:
+            return ()
+
+        issues: list[str] = []
+        if not (self.default_admin_username or "").strip():
+            issues.append("DEFAULT_ADMIN_USERNAME is required in production")
+        if not (self.default_admin_email or "").strip():
+            issues.append("DEFAULT_ADMIN_EMAIL is required in production")
+
+        password = (self.default_admin_password or "").strip()
+        if not password:
+            issues.append("DEFAULT_ADMIN_PASSWORD is required in production")
+        elif len(password.encode("utf-8")) < self.MIN_SECRET_LENGTH:
+            issues.append(f"DEFAULT_ADMIN_PASSWORD must be at least {self.MIN_SECRET_LENGTH} bytes")
         return tuple(issues)
 
     def assert_runtime_security(self) -> None:

From 84cebf2b74b4a156ed29c16dab2a6f540282c61c Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 10:03:08 +0800
Subject: [PATCH 13/16] feat(seed): support production admin account seeding
 from env vars

Refactor DevAccountSeeder to accept an accounts parameter. Add
_seed_accounts_for_settings() that reads DEFAULT_ADMIN_* env vars in
production. Update init_dev_accounts script messages accordingly.
---
 .../fileflash/scripts/init_dev_accounts.py    |  8 +--
 app/src/fileflash/services/dev_seed.py        | 62 +++++++++++++++----
 2 files changed, 55 insertions(+), 15 deletions(-)

diff --git a/app/src/fileflash/scripts/init_dev_accounts.py b/app/src/fileflash/scripts/init_dev_accounts.py
index 80c5f6d..da67db6 100644
--- a/app/src/fileflash/scripts/init_dev_accounts.py
+++ b/app/src/fileflash/scripts/init_dev_accounts.py
@@ -11,11 +11,11 @@
 
 
 def build_parser() -> argparse.ArgumentParser:
-    parser = argparse.ArgumentParser(description="Initialize development test accounts for FileFlash.")
+    parser = argparse.ArgumentParser(description="Initialize seeded accounts for FileFlash.")
     parser.add_argument(
         "--reset-password",
         action="store_true",
-        help="Force reset passwords to defaults (admin/admin123, demo/demo123).",
+        help="Force reset seeded account passwords from the active environment configuration.",
     )
     return parser
 
@@ -23,8 +23,8 @@ def build_parser() -> argparse.ArgumentParser:
 async def run(reset_password: bool) -> int:
     settings = get_settings()
     if settings.is_production_env:
-        logger.warning(
-            "Manual dev-account initialization is running under APP_ENV=%s. This is not executed automatically in production.",
+        logger.info(
+            "Manual account initialization is using DEFAULT_ADMIN_* for APP_ENV=%s.",
             settings.app_env,
         )
 
diff --git a/app/src/fileflash/services/dev_seed.py b/app/src/fileflash/services/dev_seed.py
index 0845280..6c66fd6 100644
--- a/app/src/fileflash/services/dev_seed.py
+++ b/app/src/fileflash/services/dev_seed.py
@@ -59,19 +59,23 @@ async def initialize_dev_accounts(
     reset_password: bool = False,
     auto_run: bool = False,
 ) -> bool:
-    if auto_run and not settings.is_development_env:
-        if settings.is_production_env:
-            logger.info("Skip dev account auto-initialization in production environment: %s", settings.app_env)
-        else:
-            logger.info("Skip dev account auto-initialization for non-dev APP_ENV=%s", settings.app_env)
+    if auto_run and not settings.is_development_env and not settings.is_production_env:
+        logger.info("Skip account auto-initialization for non-dev APP_ENV=%s", settings.app_env)
         return False
 
+    if settings.is_production_env:
+        settings.assert_runtime_security()
+
+    accounts = _seed_accounts_for_settings(settings)
+
     async with SessionLocal() as db:
-        seeder = DevAccountSeeder(db=db)
+        seeder = DevAccountSeeder(db=db, accounts=accounts)
         summary = await seeder.seed(reset_password=reset_password)
 
     logger.info(
-        "Dev accounts initialized: createdUsers=%s updatedUsers=%s resetPasswordUsers=%s createdPreferences=%s createdRoots=%s",
+        "%s initialized: createdUsers=%s updatedUsers=%s resetPasswordUsers=%s "
+        "createdPreferences=%s createdRoots=%s",
+        "Production default admin" if settings.is_production_env else "Dev accounts",
         summary.created_users,
         summary.updated_users,
         summary.reset_password_users,
@@ -81,15 +85,44 @@ async def initialize_dev_accounts(
     return True
 
 
+def _seed_accounts_for_settings(settings: Settings) -> tuple[DevSeedAccount, ...]:
+    if not settings.is_production_env:
+        return DEV_SEED_ACCOUNTS
+
+    username = (settings.default_admin_username or "").strip()
+    email = (settings.default_admin_email or "").strip()
+    password = (settings.default_admin_password or "").strip()
+    if not username or not email or not password:
+        raise ValueError(
+            "DEFAULT_ADMIN_USERNAME, DEFAULT_ADMIN_EMAIL, and DEFAULT_ADMIN_PASSWORD are required"
+        )
+
+    return (
+        DevSeedAccount(
+            username=username,
+            email=email,
+            password=password,
+            role=UserRole.ADMIN,
+            language=UiLanguage.ZH_CN,
+        ),
+    )
+
+
 class DevAccountSeeder:
-    def __init__(self, *, db: AsyncSession) -> None:
+    def __init__(
+        self,
+        *,
+        db: AsyncSession,
+        accounts: tuple[DevSeedAccount, ...] = DEV_SEED_ACCOUNTS,
+    ) -> None:
         self.db = db
+        self.accounts = accounts
 
     async def seed(self, *, reset_password: bool = False) -> DevSeedSummary:
         summary = DevSeedSummary()
         now = datetime.now(UTC)
 
-        for spec in DEV_SEED_ACCOUNTS:
+        for spec in self.accounts:
             user = await self._find_existing_user(spec=spec)
             created = user is None
 
@@ -129,7 +162,12 @@ async def seed(self, *, reset_password: bool = False) -> DevSeedSummary:
             if created:
                 user.password_changed_at = now
 
-            await self._ensure_preference(user=user, language=spec.language, now=now, summary=summary)
+            await self._ensure_preference(
+                user=user,
+                language=spec.language,
+                now=now,
+                summary=summary,
+            )
             await self._ensure_root_folder(user=user, now=now, summary=summary)
 
         await self.db.commit()
@@ -156,7 +194,9 @@ async def _ensure_preference(
         now: datetime,
         summary: DevSeedSummary,
     ) -> None:
-        preference = await self.db.scalar(select(UserPreference).where(UserPreference.user_id == user.user_id))
+        preference = await self.db.scalar(
+            select(UserPreference).where(UserPreference.user_id == user.user_id)
+        )
         if preference is None:
             self.db.add(
                 UserPreference(

From 367903191fb8c47764b4fcdcdc4e97fac1ae3898 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 10:03:13 +0800
Subject: [PATCH 14/16] test(settings): add production admin env validation
 tests

Add tests for DEFAULT_ADMIN_USERNAME required check and
DEFAULT_ADMIN_PASSWORD minimum length enforcement in production.
Refactor existing tests to use a shared make_settings helper.
---
 app/tests/test_settings.py | 84 +++++++++++++++++++++++++++-----------
 1 file changed, 61 insertions(+), 23 deletions(-)

diff --git a/app/tests/test_settings.py b/app/tests/test_settings.py
index 81ea223..738f3ff 100644
--- a/app/tests/test_settings.py
+++ b/app/tests/test_settings.py
@@ -5,16 +5,22 @@
 from fileflash.core.settings import Settings
 
 
+def make_settings(**overrides: object) -> Settings:
+    payload = {"FF_DB_URI": "postgresql://root:pwd@localhost:5432/fileflash"}
+    payload.update(overrides)
+    return Settings(_env_file=None, **payload)
+
+
 def test_async_database_url_conversion():
-    settings = Settings(FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash")
+    settings = make_settings()
     assert settings.async_database_url == "postgresql+asyncpg://root:pwd@localhost:5432/fileflash"
 
 
 def test_upload_related_settings_defaults():
-    settings = Settings(FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash")
+    settings = make_settings()
     assert settings.object_storage_bucket == "fileflash"
     assert settings.upload_chunk_size_default == 5 * 1024 * 1024
-    assert settings.upload_single_file_size_max == 20 * 1024 * 1024 * 1024
+    assert settings.upload_single_file_size_max == 5 * 1024 * 1024 * 1024
     assert settings.upload_verify_merged_object_hash is False
     assert settings.upload_session_ttl_seconds == 24 * 3600
     assert settings.starred_items_limit == 20
@@ -22,7 +28,7 @@ def test_upload_related_settings_defaults():
 
 
 def test_agent_related_settings_defaults():
-    settings = Settings(FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash")
+    settings = make_settings()
     assert settings.agent_queue_stream == "fileflash:agents"
     assert settings.agent_job_timeout_sec == 600
     assert settings.agent_tool_timeout_sec == 30
@@ -30,34 +36,31 @@ def test_agent_related_settings_defaults():
 
 
 def test_app_env_detection():
-    dev = Settings(FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash", APP_ENV="development")
+    dev = make_settings(APP_ENV="development")
     assert dev.is_development_env is True
     assert dev.is_production_env is False
 
-    prod = Settings(FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash", APP_ENV="prod")
+    prod = make_settings(APP_ENV="prod")
     assert prod.is_development_env is False
     assert prod.is_production_env is True
 
 
 def test_worker_process_count_from_env():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
         WORKER_PROCESS_COUNT="3",
     )
     assert settings.worker_process_count == 3
 
 
 def test_starred_items_limit_from_env():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
         STARRED_ITEMS_LIMIT="12",
     )
     assert settings.starred_items_limit == 12
 
 
 def test_verify_base_url_defaults_to_localhost_in_development():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
         APP_ENV="development",
         EMAIL_VERIFY_BASE_URL="",
     )
@@ -65,16 +68,14 @@ def test_verify_base_url_defaults_to_localhost_in_development():
 
 
 def test_verify_base_url_adds_http_when_scheme_missing():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
         EMAIL_VERIFY_BASE_URL="localhost:3000",
     )
     assert settings.normalized_email_verify_base_url == "http://localhost:3000"
 
 
 def test_mail_configuration_issues_includes_missing_required_fields():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
         APP_ENV="development",
         MAIL_FROM="",
         MAIL_SERVER="",
@@ -88,8 +89,7 @@ def test_mail_configuration_issues_includes_missing_required_fields():
 
 
 def test_mail_configuration_rejects_both_tls_modes_enabled():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
         EMAIL_VERIFY_BASE_URL="http://localhost:5173",
         MAIL_FROM="demo@example.com",
         MAIL_SERVER="smtp.example.com",
@@ -99,12 +99,15 @@ def test_mail_configuration_rejects_both_tls_modes_enabled():
         MAIL_STARTTLS=True,
         MAIL_SSL_TLS=True,
     )
-    assert "MAIL_SSL_TLS and MAIL_STARTTLS cannot both be true" in settings.mail_configuration_issues
+    assert (
+        "MAIL_SSL_TLS and MAIL_STARTTLS cannot both be true"
+        in settings.mail_configuration_issues
+    )
 
 
 def test_assert_runtime_security_raises_when_jwt_secret_too_short():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
+        APP_ENV="development",
         JWT_SECRET_KEY="short-key",
     )
     with pytest.raises(ValueError, match="JWT_SECRET_KEY must be at least 32 bytes"):
@@ -112,11 +115,46 @@ def test_assert_runtime_security_raises_when_jwt_secret_too_short():
 
 
 def test_assert_runtime_security_raises_when_token_hash_secret_too_short():
-    settings = Settings(
-        FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+    settings = make_settings(
+        APP_ENV="development",
         JWT_SECRET_KEY="x" * 32,
         TOKEN_HASH_SECRET="short-key",
     )
     with pytest.raises(ValueError, match="TOKEN_HASH_SECRET must be at least 32 bytes"):
         settings.assert_runtime_security()
 
+
+def test_assert_runtime_security_requires_default_admin_env_in_production():
+    settings = make_settings(
+        APP_ENV="production",
+        JWT_SECRET_KEY="x" * 32,
+    )
+
+    with pytest.raises(ValueError, match="DEFAULT_ADMIN_USERNAME is required in production"):
+        settings.assert_runtime_security()
+
+
+def test_assert_runtime_security_rejects_short_default_admin_password_in_production():
+    settings = make_settings(
+        APP_ENV="production",
+        JWT_SECRET_KEY="x" * 32,
+        DEFAULT_ADMIN_USERNAME="admin",
+        DEFAULT_ADMIN_EMAIL="admin@example.com",
+        DEFAULT_ADMIN_PASSWORD="short-password",
+    )
+
+    with pytest.raises(ValueError, match="DEFAULT_ADMIN_PASSWORD must be at least 32 bytes"):
+        settings.assert_runtime_security()
+
+
+def test_assert_runtime_security_accepts_default_admin_env_in_production():
+    settings = make_settings(
+        APP_ENV="production",
+        JWT_SECRET_KEY="x" * 32,
+        DEFAULT_ADMIN_USERNAME="admin",
+        DEFAULT_ADMIN_EMAIL="admin@example.com",
+        DEFAULT_ADMIN_PASSWORD="p" * 32,
+    )
+
+    settings.assert_runtime_security()
+

From d8db5deb328753fca591d4fe1816a5d7eebcb4c6 Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 10:03:18 +0800
Subject: [PATCH 15/16] test(seed): add production admin account seeding test

Add test for initialize_dev_accounts using DEFAULT_ADMIN_* env vars
in production mode. Refactor existing test for auto-run skip outside
dev and prod.
---
 app/tests/test_dev_seed.py | 72 +++++++++++++++++++++++++++++++++++---
 1 file changed, 67 insertions(+), 5 deletions(-)

diff --git a/app/tests/test_dev_seed.py b/app/tests/test_dev_seed.py
index 2ac47c2..6681920 100644
--- a/app/tests/test_dev_seed.py
+++ b/app/tests/test_dev_seed.py
@@ -5,8 +5,9 @@
 import pytest
 
 from fileflash.core.settings import Settings
+from fileflash.models.enums import UserRole
 from fileflash.models.tables_identity import User
-from fileflash.services.dev_seed import DevAccountSeeder, initialize_dev_accounts
+from fileflash.services.dev_seed import DevAccountSeeder, DevSeedSummary, initialize_dev_accounts
 
 
 class DummySeedSession:
@@ -38,7 +39,10 @@ async def _find_existing_user(self, *, spec):  # type: ignore[override]
         for obj in self.db.added:
             if not isinstance(obj, User):
                 continue
-            if obj.username.lower() == spec.username.lower() or obj.email.lower() == spec.email.lower():
+            if (
+                obj.username.lower() == spec.username.lower()
+                or obj.email.lower() == spec.email.lower()
+            ):
                 return obj
         return None
 
@@ -59,7 +63,7 @@ def make_settings(**overrides: object) -> Settings:
         "JWT_SECRET_KEY": "unit-test-secret-key-1234567890abcd",
     }
     payload.update(overrides)
-    return Settings(**payload)
+    return Settings(_env_file=None, **payload)
 
 
 @pytest.mark.asyncio
@@ -95,12 +99,14 @@ async def test_dev_account_seeder_is_idempotent_and_supports_password_reset():
 
 
 @pytest.mark.asyncio
-async def test_initialize_dev_accounts_skips_auto_run_in_production(monkeypatch: pytest.MonkeyPatch):
+async def test_initialize_dev_accounts_skips_auto_run_outside_dev_and_prod(
+    monkeypatch: pytest.MonkeyPatch,
+):
     guard = AsyncMock(side_effect=AssertionError("SessionLocal should not be called"))
     monkeypatch.setattr("fileflash.services.dev_seed.SessionLocal", guard)
 
     result = await initialize_dev_accounts(
-        settings=make_settings(APP_ENV="production"),
+        settings=make_settings(APP_ENV="staging"),
         auto_run=True,
         reset_password=False,
     )
@@ -108,3 +114,59 @@ async def test_initialize_dev_accounts_skips_auto_run_in_production(monkeypatch:
     assert result is False
     guard.assert_not_called()
 
+
+@pytest.mark.asyncio
+async def test_initialize_dev_accounts_uses_env_admin_in_production(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    captured: dict[str, object] = {}
+
+    class SessionLocalStub:
+        calls = 0
+
+        def __call__(self):
+            self.calls += 1
+            return self
+
+        async def __aenter__(self):
+            return object()
+
+        async def __aexit__(self, exc_type, exc, traceback):
+            return None
+
+    class SeederStub:
+        def __init__(self, *, db: object, accounts: tuple[object, ...]) -> None:
+            captured["db"] = db
+            captured["accounts"] = accounts
+
+        async def seed(self, *, reset_password: bool = False) -> DevSeedSummary:
+            captured["reset_password"] = reset_password
+            return DevSeedSummary(created_users=1)
+
+    session_local = SessionLocalStub()
+    monkeypatch.setattr("fileflash.services.dev_seed.SessionLocal", session_local)
+    monkeypatch.setattr("fileflash.services.dev_seed.DevAccountSeeder", SeederStub)
+
+    result = await initialize_dev_accounts(
+        settings=make_settings(
+            APP_ENV="production",
+            DEFAULT_ADMIN_USERNAME="root-admin",
+            DEFAULT_ADMIN_EMAIL="root-admin@example.com",
+            DEFAULT_ADMIN_PASSWORD="p" * 32,
+        ),
+        auto_run=True,
+        reset_password=False,
+    )
+
+    assert result is True
+    assert session_local.calls == 1
+    accounts = captured["accounts"]
+    assert isinstance(accounts, tuple)
+    assert len(accounts) == 1
+    account = accounts[0]
+    assert account.username == "root-admin"
+    assert account.email == "root-admin@example.com"
+    assert account.password == "p" * 32
+    assert account.role == UserRole.ADMIN
+    assert captured["reset_password"] is False
+

From bb3ec082d448ea7a1561586bf3912b498321370c Mon Sep 17 00:00:00 2001
From: 0neStep <146049978+AperturePlus@users.noreply.github.com>
Date: Mon, 25 May 2026 10:03:23 +0800
Subject: [PATCH 16/16] test(startup): add fail-fast tests for production admin
 env validation

Add tests for lifespan raising ValueError when DEFAULT_ADMIN_USERNAME
is missing or DEFAULT_ADMIN_PASSWORD is too short in production.
Refactor existing tests with a shared make_settings helper.
---
 app/tests/test_startup_fail_fast.py | 72 ++++++++++++++++++++++++++++-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/app/tests/test_startup_fail_fast.py b/app/tests/test_startup_fail_fast.py
index a2ea383..b6c23e8 100644
--- a/app/tests/test_startup_fail_fast.py
+++ b/app/tests/test_startup_fail_fast.py
@@ -5,15 +5,30 @@
 
 import pytest
 
+from fileflash.core.settings import Settings
 from fileflash.main import lifespan
 from fileflash.s3.minio_client import ObjectStorageAuthError
 
 
+def make_settings(**overrides: object) -> Settings:
+    payload = {
+        "FF_DB_URI": "postgresql://root:pwd@localhost:5432/fileflash",
+        "APP_ENV": "production",
+        "JWT_SECRET_KEY": "unit-test-secret-key-1234567890abcd",
+        "DEFAULT_ADMIN_USERNAME": "admin",
+        "DEFAULT_ADMIN_EMAIL": "admin@example.com",
+        "DEFAULT_ADMIN_PASSWORD": "p" * 32,
+    }
+    payload.update(overrides)
+    return Settings(_env_file=None, **payload)
+
+
 @pytest.mark.asyncio
 async def test_lifespan_fails_fast_when_database_check_fails(monkeypatch: pytest.MonkeyPatch):
     verify = AsyncMock(side_effect=RuntimeError("database unavailable"))
     verify_schema = AsyncMock()
     seed = AsyncMock()
+    monkeypatch.setattr("fileflash.main.settings", make_settings())
     monkeypatch.setattr("fileflash.main.verify_database_connection", verify)
     monkeypatch.setattr("fileflash.main.verify_schema_compatibility", verify_schema)
     monkeypatch.setattr("fileflash.main.initialize_dev_accounts", seed)
@@ -32,6 +47,7 @@ async def test_lifespan_fails_fast_when_schema_check_fails(monkeypatch: pytest.M
     verify = AsyncMock()
     verify_schema = AsyncMock(side_effect=RuntimeError("schema incompatible"))
     seed = AsyncMock()
+    monkeypatch.setattr("fileflash.main.settings", make_settings())
     monkeypatch.setattr("fileflash.main.verify_database_connection", verify)
     monkeypatch.setattr("fileflash.main.verify_schema_compatibility", verify_schema)
     monkeypatch.setattr("fileflash.main.initialize_dev_accounts", seed)
@@ -50,7 +66,10 @@ async def test_lifespan_fails_fast_when_object_storage_check_fails(monkeypatch:
     verify = AsyncMock()
     verify_schema = AsyncMock()
     seed = AsyncMock()
-    storage = SimpleNamespace(ensure_bucket=AsyncMock(side_effect=ObjectStorageAuthError("bad credentials")))
+    storage = SimpleNamespace(
+        ensure_bucket=AsyncMock(side_effect=ObjectStorageAuthError("bad credentials"))
+    )
+    monkeypatch.setattr("fileflash.main.settings", make_settings())
     monkeypatch.setattr("fileflash.main.verify_database_connection", verify)
     monkeypatch.setattr("fileflash.main.verify_schema_compatibility", verify_schema)
     monkeypatch.setattr("fileflash.main.get_object_storage", lambda: storage)
@@ -64,3 +83,54 @@ async def test_lifespan_fails_fast_when_object_storage_check_fails(monkeypatch:
     verify_schema.assert_awaited_once()
     storage.ensure_bucket.assert_awaited_once()
     seed.assert_not_awaited()
+
+
+@pytest.mark.asyncio
+async def test_lifespan_fails_fast_when_prod_admin_env_missing(monkeypatch: pytest.MonkeyPatch):
+    verify = AsyncMock()
+    verify_schema = AsyncMock()
+    seed = AsyncMock()
+    monkeypatch.setattr(
+        "fileflash.main.settings",
+        Settings(
+            _env_file=None,
+            FF_DB_URI="postgresql://root:pwd@localhost:5432/fileflash",
+            APP_ENV="production",
+            JWT_SECRET_KEY="unit-test-secret-key-1234567890abcd",
+        ),
+    )
+    monkeypatch.setattr("fileflash.main.verify_database_connection", verify)
+    monkeypatch.setattr("fileflash.main.verify_schema_compatibility", verify_schema)
+    monkeypatch.setattr("fileflash.main.initialize_dev_accounts", seed)
+
+    with pytest.raises(ValueError, match="DEFAULT_ADMIN_USERNAME is required in production"):
+        async with lifespan(object()):
+            pass
+
+    verify.assert_not_awaited()
+    verify_schema.assert_not_awaited()
+    seed.assert_not_awaited()
+
+
+@pytest.mark.asyncio
+async def test_lifespan_fails_fast_when_prod_admin_password_too_short(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    verify = AsyncMock()
+    verify_schema = AsyncMock()
+    seed = AsyncMock()
+    monkeypatch.setattr(
+        "fileflash.main.settings",
+        make_settings(DEFAULT_ADMIN_PASSWORD="short-password"),
+    )
+    monkeypatch.setattr("fileflash.main.verify_database_connection", verify)
+    monkeypatch.setattr("fileflash.main.verify_schema_compatibility", verify_schema)
+    monkeypatch.setattr("fileflash.main.initialize_dev_accounts", seed)
+
+    with pytest.raises(ValueError, match="DEFAULT_ADMIN_PASSWORD must be at least 32 bytes"):
+        async with lifespan(object()):
+            pass
+
+    verify.assert_not_awaited()
+    verify_schema.assert_not_awaited()
+    seed.assert_not_awaited()