@muhgholy/next-drive 4.23.6 → 4.23.8

package/dist/{chunk-GV4HB2G6.js → chunk-RBSFEEJJ.js}

@@ -1,15 +1,15 @@
-import formidable from 'formidable';
+import mongoose, { Schema, isValidObjectId } from 'mongoose';
 import path from 'path';
-import fs from 'fs';
 import os2 from 'os';
-import crypto2 from 'crypto';
-import mongoose, { Schema, isValidObjectId } from 'mongoose';
+import fs from 'fs';
+import crypto3 from 'crypto';
 import sharp2 from 'sharp';
 import ffmpeg from 'fluent-ffmpeg';
 import { google } from 'googleapis';
+import formidable from 'formidable';
 import { z } from 'zod';
 
-// src/server/index.ts
+// src/server/config.ts
 var informationSchema = new Schema({
   type: { type: String, enum: ["FILE", "FOLDER"], required: true },
   sizeInBytes: { type: Number, default: 0 },
@@ -324,6 +324,53 @@ var getDriveInformation = async (input) => {
   }
   return config.information(input);
 };
+
+// src/server/actions/cors.ts
+var applyCorsHeaders = (req, res, config) => {
+  const cors = config.cors;
+  if (!cors?.enabled) return false;
+  const origin = req.headers.origin;
+  const allowedOrigins = cors.origins ?? "*";
+  const methods = cors.methods ?? ["GET", "POST", "PUT", "DELETE", "OPTIONS"];
+  const allowedHeaders = cors.allowedHeaders ?? ["Content-Type", "Authorization", "X-Drive-Account"];
+  const exposedHeaders = cors.exposedHeaders ?? ["Content-Length", "Content-Type", "Content-Disposition"];
+  const credentials = cors.credentials ?? false;
+  const maxAge = cors.maxAge ?? 86400;
+  let allowOrigin = null;
+  if (origin) {
+    if (allowedOrigins === "*") {
+      allowOrigin = origin;
+    } else if (Array.isArray(allowedOrigins)) {
+      if (allowedOrigins.includes(origin)) {
+        allowOrigin = origin;
+      }
+    } else if (allowedOrigins === origin) {
+      allowOrigin = origin;
+    }
+  } else if (allowedOrigins === "*") {
+    allowOrigin = "*";
+  }
+  if (!allowOrigin) {
+    if (req.method === "OPTIONS") {
+      res.status(403).end();
+      return true;
+    }
+    return false;
+  }
+  res.setHeader("Access-Control-Allow-Origin", allowOrigin);
+  res.setHeader("Access-Control-Allow-Methods", methods.join(", "));
+  res.setHeader("Access-Control-Allow-Headers", allowedHeaders.join(", "));
+  res.setHeader("Access-Control-Expose-Headers", exposedHeaders.join(", "));
+  res.setHeader("Access-Control-Max-Age", maxAge.toString());
+  if (credentials) {
+    res.setHeader("Access-Control-Allow-Credentials", "true");
+  }
+  if (req.method === "OPTIONS") {
+    res.status(204).end();
+    return true;
+  }
+  return false;
+};
 var validateMimeType = (mime, allowedTypes) => {
   if (allowedTypes.includes("*/*")) return true;
   return allowedTypes.some((pattern) => {
@@ -336,7 +383,7 @@ var validateMimeType = (mime, allowedTypes) => {
   });
 };
 var computeFileHash = (filePath) => new Promise((resolve, reject) => {
-  const hash = crypto2.createHash("sha256");
+  const hash = crypto3.createHash("sha256");
   const stream = fs.createReadStream(filePath);
   stream.on("data", (data) => hash.update(data));
   stream.on("end", () => resolve(hash.digest("hex")));
@@ -487,6 +534,12 @@ var getImageSettings = (fileSizeInBytes, qualityPreset, display, size, fit, posi
     ...resolvedPosition && { position: resolvedPosition }
   };
 };
+
+// src/server/security/crypto-utils.ts
+function sanitizeContentDispositionFilename(filename) {
+  const basename = filename.replace(/^.*[\\\/]/, "");
+  return basename.replace(/["\r\n]/g, "").replace(/[^\x20-\x7E]/g, "").slice(0, 255);
+}
 var generatePlaceholderThumbnail = async (outputPath, mimeType) => {
   const typeParts = mimeType.split("/");
   const subtype = typeParts[1] || "file";
@@ -529,11 +582,11 @@ var LocalStorageProvider = {
     return { usedInBytes, quotaInBytes: configuredQuotaInBytes ?? 0 };
   },
   openStream: async (item, accountId) => {
-    if (item.information.type !== "FILE") throw new Error("Cannot stream folder");
+    if (item.information.type !== "FILE") throw new Error("Could not open local file: folders cannot be streamed");
     const storagePath = getDriveConfig().storage.path;
     const filePath = path.join(storagePath, "file", item._id.toString(), "data.bin");
     if (!fs.existsSync(filePath)) {
-      throw new Error("File not found on disk");
+      throw new Error("Could not open local file: it is missing from disk");
     }
     const stat = fs.statSync(filePath);
     const stream = fs.createReadStream(filePath);
@@ -544,13 +597,13 @@ var LocalStorageProvider = {
     };
   },
   getThumbnail: async (item, accountId) => {
-    if (item.information.type !== "FILE") throw new Error("No thumbnail for folder");
+    if (item.information.type !== "FILE") throw new Error("No preview available: folders do not have thumbnails");
     const storagePath = getDriveConfig().storage.path;
     const fileDir = path.join(storagePath, "file", item._id.toString());
     const originalPath = path.join(fileDir, "data.bin");
     const thumbDir = path.join(fileDir, "cache");
     const thumbPath = path.join(thumbDir, "thumbnail.webp");
-    if (!fs.existsSync(originalPath)) throw new Error("Original file not found");
+    if (!fs.existsSync(originalPath)) throw new Error("Could not generate preview: the original file is missing");
     if (fs.existsSync(thumbPath)) {
       return fs.createReadStream(thumbPath);
     }
@@ -599,12 +652,12 @@ var LocalStorageProvider = {
     return folder.toClient();
   },
   uploadFile: async (drive, filePath, accountId) => {
-    if (drive.information.type !== "FILE") throw new Error("Invalid drive type");
+    if (drive.information.type !== "FILE") throw new Error("Could not save local file: invalid file record");
     const storagePath = getDriveConfig().storage.path;
     const destDir = path.join(storagePath, "file", String(drive._id));
     const destPath = path.join(destDir, "data.bin");
     if (!fs.existsSync(filePath)) {
-      throw new Error("Source file not found");
+      throw new Error("Could not save local file: the uploaded data is missing");
     }
     if (!fs.existsSync(destDir)) {
       fs.mkdirSync(destDir, { recursive: true });
@@ -620,12 +673,12 @@ var LocalStorageProvider = {
       }
     }
     if (!fs.existsSync(destPath)) {
-      throw new Error("Failed to write file to destination");
+      throw new Error("Could not save local file: writing to storage failed");
     }
     const destStats = fs.statSync(destPath);
     if (destStats.size !== drive.information.sizeInBytes) {
       fs.unlinkSync(destPath);
-      throw new Error(`Destination file size mismatch: expected ${drive.information.sizeInBytes}, got ${destStats.size}`);
+      throw new Error("Could not save local file: the stored data was incomplete (size mismatch)");
     }
     drive.status = "READY";
     drive.information.path = path.join("file", String(drive._id), "data.bin");
@@ -670,12 +723,12 @@ var LocalStorageProvider = {
   },
   rename: async (id, newName, owner, accountId) => {
     const item = await drive_default.findOneAndUpdate({ _id: id, owner }, { name: newName }, { new: true });
-    if (!item) throw new Error("Item not found");
+    if (!item) throw new Error("Could not rename: the item no longer exists");
     return item.toClient();
   },
   move: async (id, newParentId, owner, accountId) => {
     const item = await drive_default.findOne({ _id: id, owner });
-    if (!item) throw new Error("Item not found");
+    if (!item) throw new Error("Could not move: the item no longer exists");
     item.parentId = newParentId === "root" || !newParentId ? null : new mongoose.Types.ObjectId(newParentId);
     await item.save();
     return item.toClient();
@@ -713,18 +766,18 @@ StorageAccountSchema.method("toClient", async function() {
 var StorageAccount = mongoose.models.StorageAccount || mongoose.model("StorageAccount", StorageAccountSchema);
 var account_default = StorageAccount;
 
-// src/server/providers/google.ts
+// src/server/storage-adapters/google.ts
 var createAuthClient = async (owner, accountId) => {
   const query = { owner, "metadata.provider": "GOOGLE" };
   if (accountId) query._id = accountId;
   const account = await account_default.findOne(query);
-  if (!account) throw new Error("Google Drive account not connected");
+  if (!account) throw new Error("Could not reach Google Drive: account not connected");
   const config = getDriveConfig();
   const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
-  if (!clientId || !clientSecret) throw new Error("Google credentials not configured on server");
+  if (!clientId || !clientSecret) throw new Error("Could not reach Google Drive: Google credentials are not configured on the server");
   const oAuth2Client = new google.auth.OAuth2(clientId, clientSecret, redirectUri);
   if (account.metadata.provider !== "GOOGLE" || !account.metadata.google) {
-    throw new Error("Invalid Google Account Metadata");
+    throw new Error("Could not reach Google Drive: account data is invalid, please reconnect");
   }
   oAuth2Client.setCredentials(account.metadata.google.credentials);
   oAuth2Client.on("tokens", async (tokens) => {
@@ -946,8 +999,8 @@ var GoogleDriveProvider = {
   openStream: async (item, accountId) => {
     const { client } = await createAuthClient(item.owner, accountId || item.storageAccountId?.toString());
     const drive = google.drive({ version: "v3", auth: client });
-    if (!item.provider?.google?.id) throw new Error("Missing Google File ID");
-    if (item.information.type === "FOLDER") throw new Error("Cannot stream folder");
+    if (!item.provider?.google?.id) throw new Error("Could not open Google Drive file: its Google file ID is missing");
+    if (item.information.type === "FOLDER") throw new Error("Could not open Google Drive file: folders cannot be streamed");
     const res = await drive.files.get(
       { fileId: item.provider.google.id, alt: "media" },
       { responseType: "stream" }
@@ -967,7 +1020,7 @@ var GoogleDriveProvider = {
       return fs.createReadStream(thumbPath);
     }
     const { client } = await createAuthClient(item.owner, accountId || item.storageAccountId?.toString());
-    if (!item.provider?.google?.thumbnailLink) throw new Error("No thumbnail available");
+    if (!item.provider?.google?.thumbnailLink) throw new Error("No preview available for this Google Drive file");
     const res = await client.request({ url: item.provider.google.thumbnailLink, responseType: "stream" });
     if (!fs.existsSync(thumbDir)) {
       fs.mkdirSync(thumbDir, { recursive: true });
@@ -1007,7 +1060,7 @@ var GoogleDriveProvider = {
       fields: "id, name, mimeType, webViewLink, iconLink"
     });
     const file = res.data;
-    if (!file.id) throw new Error("Failed to create folder on Google Drive");
+    if (!file.id) throw new Error("Could not create folder on Google Drive");
     const folder = new drive_default({
       owner,
       name: file.name,
@@ -1028,7 +1081,7 @@ var GoogleDriveProvider = {
     return folder.toClient();
   },
   uploadFile: async (drive, filePath, accountId) => {
-    if (drive.information.type !== "FILE") throw new Error("Invalid drive type");
+    if (drive.information.type !== "FILE") throw new Error("Could not upload to Google Drive: invalid file record");
     const { client } = await createAuthClient(drive.owner, accountId || drive.storageAccountId?.toString());
     const googleDrive = google.drive({ version: "v3", auth: client });
     let googleParentId = "root";
@@ -1050,7 +1103,7 @@ var GoogleDriveProvider = {
         fields: "id, name, mimeType, webViewLink, iconLink, thumbnailLink, size"
       });
       const gFile = res.data;
-      if (!gFile.id) throw new Error("Upload to Google Drive failed");
+      if (!gFile.id) throw new Error("Could not upload to Google Drive: no file was created");
       drive.status = "READY";
       drive.provider = {
         type: "GOOGLE",
@@ -1122,7 +1175,7 @@ var GoogleDriveProvider = {
     const { client } = await createAuthClient(owner, accountId);
     const drive = google.drive({ version: "v3", auth: client });
     const item = await drive_default.findOne({ _id: id, owner });
-    if (!item || !item.provider?.google?.id) throw new Error("Item not found");
+    if (!item || !item.provider?.google?.id) throw new Error("Could not rename on Google Drive: item not found or not synced");
     await drive.files.update({
       fileId: item.provider.google.id,
       requestBody: { name: newName }
@@ -1135,7 +1188,7 @@ var GoogleDriveProvider = {
     const { client, accountId: foundAccountId } = await createAuthClient(owner, accountId);
     const drive = google.drive({ version: "v3", auth: client });
     const item = await drive_default.findOne({ _id: id, owner });
-    if (!item || !item.provider?.google?.id) throw new Error("Item not found or not synced");
+    if (!item || !item.provider?.google?.id) throw new Error("Could not move on Google Drive: item not found or not synced");
     let previousGoogleParentId = void 0;
     if (item.parentId) {
       const oldParent = await drive_default.findOne({ _id: item.parentId, owner });
@@ -1155,7 +1208,7 @@ var GoogleDriveProvider = {
     let newGoogleParentId = "root";
     if (newParentId && newParentId !== "root") {
       const newParent = await drive_default.findOne({ _id: newParentId, owner });
-      if (!newParent || !newParent.provider?.google?.id) throw new Error("Target folder not found in Google Drive");
+      if (!newParent || !newParent.provider?.google?.id) throw new Error("Could not move on Google Drive: target folder not found");
       newGoogleParentId = newParent.provider.google.id;
     }
     await drive.files.update({
@@ -1181,7 +1234,367 @@ var GoogleDriveProvider = {
   }
 };
 
-// src/server/controllers/drive.ts
+// src/server/actions/public.ts
+var handlePublicAction = async (req, res, action, config) => {
+  if (action !== "serve" && action !== "thumbnail") {
+    return false;
+  }
+  try {
+    const { id, token } = req.query;
+    if (!id || typeof id !== "string") {
+      res.status(400).json({ status: 400, message: "Could not open file: missing or invalid file ID" });
+      return true;
+    }
+    const drive = await drive_default.findById(id);
+    if (!drive) {
+      res.status(404).json({ status: 404, message: "File not found or no longer available" });
+      return true;
+    }
+    if (config.security?.signedUrls?.enabled) {
+      if (!token || typeof token !== "string") {
+        res.status(401).json({ status: 401, message: "Access denied: this link is missing its access token" });
+        return true;
+      }
+      try {
+        const decoded = Buffer.from(token, "base64url").toString();
+        const [expiryStr, signature] = decoded.split(":");
+        const expiry = parseInt(expiryStr, 10);
+        if (Date.now() / 1e3 > expiry) {
+          res.status(401).json({ status: 401, message: "Access denied: this link has expired" });
+          return true;
+        }
+        const { secret } = config.security.signedUrls;
+        const expectedSignature = crypto3.createHmac("sha256", secret).update(`${id}:${expiry}`).digest("hex");
+        if (signature !== expectedSignature) {
+          res.status(401).json({ status: 401, message: "Access denied: this link's access token is invalid" });
+          return true;
+        }
+      } catch {
+        res.status(401).json({ status: 401, message: "Access denied: this link's access token is malformed" });
+        return true;
+      }
+    }
+    const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
+    const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
+    if (action === "thumbnail") {
+      const stream2 = await itemProvider.getThumbnail(drive, itemAccountId);
+      res.setHeader("Content-Type", "image/webp");
+      if (config.cors?.enabled) {
+        res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
+      }
+      stream2.pipe(res);
+      return true;
+    }
+    const { stream, mime, size: fileSize } = await itemProvider.openStream(drive, itemAccountId);
+    const safeFilename = sanitizeContentDispositionFilename(drive.name);
+    const format = req.query.format;
+    const quality = req.query.quality;
+    const display = req.query.display;
+    const sizePreset = req.query.size;
+    const fit = req.query.fit;
+    const position = req.query.position;
+    const isImage = mime.startsWith("image/");
+    const shouldTransform = isImage && (format || quality || display || sizePreset || fit);
+    res.setHeader("Content-Disposition", `inline; filename="${safeFilename}"`);
+    if (config.cors?.enabled) {
+      res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
+    }
+    if (shouldTransform) {
+      try {
+        const settings = getImageSettings(fileSize, quality, display, sizePreset, fit, position);
+        let targetFormat = format || mime.split("/")[1];
+        if (targetFormat === "jpg") targetFormat = "jpeg";
+        if (!["jpeg", "png", "webp", "avif"].includes(targetFormat)) {
+          targetFormat = format || "webp";
+        }
+        const cacheDir = path.join(config.storage.path, "file", drive._id.toString(), "cache");
+        const cacheKey = [
+          "opt",
+          `q${settings.quality}`,
+          `e${settings.effort}`,
+          settings.width ? `${settings.width}x${settings.height}` : "orig",
+          settings.fit || "none",
+          settings.position || "c",
+          targetFormat
+        ].join("_");
+        const cachePath = path.join(cacheDir, `${cacheKey}.bin`);
+        if (fs.existsSync(cachePath)) {
+          const cacheStat = fs.statSync(cachePath);
+          res.setHeader("Content-Type", `image/${targetFormat}`);
+          res.setHeader("Content-Length", cacheStat.size);
+          res.setHeader("Cache-Control", "public, max-age=31536000, immutable");
+          if (config.cors?.enabled) {
+            res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
+          }
+          if ("destroy" in stream) {
+            stream.destroy();
+          }
+          fs.createReadStream(cachePath).pipe(res);
+          return true;
+        }
+        if (!fs.existsSync(cacheDir)) fs.mkdirSync(cacheDir, { recursive: true });
+        let pipeline = sharp2();
+        if (settings.width && settings.height) {
+          pipeline = pipeline.resize(settings.width, settings.height, {
+            fit: settings.fit || "inside",
+            position: settings.position || "center",
+            withoutEnlargement: true,
+            background: { r: 0, g: 0, b: 0, alpha: 0 }
+          });
+        }
+        if (targetFormat === "jpeg") {
+          pipeline = pipeline.jpeg({ quality: settings.quality, mozjpeg: true });
+          res.setHeader("Content-Type", "image/jpeg");
+        } else if (targetFormat === "png") {
+          pipeline = pipeline.png({ compressionLevel: settings.pngCompression, adaptiveFiltering: true });
+          res.setHeader("Content-Type", "image/png");
+        } else if (targetFormat === "webp") {
+          const webpEffort = Math.min(settings.effort, 6);
+          pipeline = pipeline.webp({ quality: settings.quality, effort: webpEffort });
+          res.setHeader("Content-Type", "image/webp");
+        } else if (targetFormat === "avif") {
+          pipeline = pipeline.avif({ quality: settings.quality, effort: settings.effort });
+          res.setHeader("Content-Type", "image/avif");
+        }
+        res.setHeader("Cache-Control", "public, max-age=31536000, immutable");
+        pipeline.on("error", (err) => {
+          console.error("[next-drive] Pipeline error:", err);
+        });
+        stream.pipe(pipeline);
+        pipeline.clone().toFile(cachePath).catch((e) => console.error("[next-drive] Cache write failed:", e));
+        pipeline.clone().pipe(res);
+        return true;
+      } catch (e) {
+        console.error("[next-drive] Image transformation failed:", e);
+      }
+    }
+    res.setHeader("Content-Type", mime);
+    if (fileSize) res.setHeader("Content-Length", fileSize);
+    stream.pipe(res);
+    return true;
+  } catch (error) {
+    console.error(`[next-drive] Error in ${action}:`, error);
+    const detail = error instanceof Error ? error.message : "Something went wrong while serving the file";
+    res.status(500).json({ status: 500, message: `Request "${action}" failed: ${detail}` });
+    return true;
+  }
+};
+var handleAuthAction = async (req, res, action, config, owner) => {
+  if (!["getAuthUrl", "callback", "listAccounts", "removeAccount"].includes(action)) {
+    return false;
+  }
+  switch (action) {
+    case "getAuthUrl": {
+      const { provider } = req.query;
+      if (provider === "GOOGLE") {
+        const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
+        if (!clientId || !clientSecret || !redirectUri) {
+          res.status(500).json({ status: 500, message: "Google Drive is not configured on the server" });
+          return true;
+        }
+        const callbackUri = new URL(redirectUri);
+        callbackUri.searchParams.set("action", "callback");
+        const oAuth2Client = new google.auth.OAuth2(clientId, clientSecret, callbackUri.toString());
+        const state = Buffer.from(JSON.stringify({ owner })).toString("base64");
+        const url = oAuth2Client.generateAuthUrl({
+          access_type: "offline",
+          scope: ["https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/userinfo.email"],
+          state,
+          prompt: "consent"
+        });
+        res.status(200).json({ status: 200, message: "Auth URL generated", data: { url } });
+        return true;
+      }
+      res.status(400).json({ status: 400, message: "Unknown storage provider requested" });
+      return true;
+    }
+    case "callback": {
+      const { code } = req.query;
+      if (!code) {
+        res.status(400).json({ status: 400, message: "Google sign-in failed: authorization code missing" });
+        return true;
+      }
+      const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
+      if (!clientId || !clientSecret || !redirectUri) {
+        res.status(500).json({ status: 500, message: "Google Drive sign-in is not configured on the server" });
+        return true;
+      }
+      const callbackUri = new URL(redirectUri);
+      callbackUri.searchParams.set("action", "callback");
+      const oAuth2Client = new google.auth.OAuth2(clientId, clientSecret, callbackUri.toString());
+      const { tokens } = await oAuth2Client.getToken(code);
+      oAuth2Client.setCredentials(tokens);
+      const oauth2 = google.oauth2({ version: "v2", auth: oAuth2Client });
+      const userInfo = await oauth2.userinfo.get();
+      const existing = await account_default.findOne({ owner, "metadata.google.email": userInfo.data.email, "metadata.provider": "GOOGLE" });
+      if (existing) {
+        existing.metadata.google.credentials = tokens;
+        existing.markModified("metadata");
+        await existing.save();
+      } else {
+        const newAccount = new account_default({
+          owner,
+          name: userInfo.data.name || "Google Drive",
+          metadata: {
+            provider: "GOOGLE",
+            google: {
+              email: userInfo.data.email,
+              credentials: tokens
+            }
+          }
+        });
+        await newAccount.save();
+      }
+      res.setHeader("Content-Type", "text/html");
+      res.send(`<!DOCTYPE html>
+<html>
+<head><title>Authentication Complete</title></head>
+<body>
+<p>Authentication successful! This window will close automatically.</p>
+<script>
+(function() {
+	if (window.opener) {
+		try {
+			window.opener.postMessage('oauth-success', '*');
+		} catch (e) {}
+	}
+	try {
+		localStorage.setItem('next-drive-oauth-success', Date.now().toString());
+		localStorage.removeItem('next-drive-oauth-success');
+	} catch (e) {}
+	window.close();
+	setTimeout(function() {
+		document.body.innerHTML = '<p style="font-family: system-ui; text-align: center; margin-top: 50px;">Authentication successful!<br>You can close this tab now.</p>';
+	}, 500);
+})();
+</script>
+</body>
+</html>`);
+      return true;
+    }
+    case "listAccounts": {
+      const accounts = await account_default.find({ owner });
+      res.status(200).json({
+        status: 200,
+        data: {
+          accounts: accounts.map((a) => ({
+            id: a._id.toString(),
+            name: a.name,
+            email: a.metadata.google?.email || "",
+            provider: a.metadata.provider
+          }))
+        }
+      });
+      return true;
+    }
+    case "removeAccount": {
+      const { id } = req.query;
+      const account = await account_default.findOne({ _id: id, owner });
+      if (!account) {
+        res.status(404).json({ status: 404, message: "Could not disconnect: account not found" });
+        return true;
+      }
+      if (account.metadata.provider === "GOOGLE") {
+        try {
+          await GoogleDriveProvider.revokeToken(owner, account._id.toString());
+        } catch (e) {
+          console.error("Failed to revoke Google token:", e);
+        }
+      }
+      await account_default.deleteOne({ _id: id, owner });
+      await drive_default.deleteMany({ owner, storageAccountId: id });
+      res.status(200).json({ status: 200, message: "Account removed" });
+      return true;
+    }
+    default:
+      return false;
+  }
+};
+var objectIdSchema = z.string().refine((val) => isValidObjectId(val), {
+  message: "Invalid ObjectId format"
+});
+var sanitizeFilename = (name) => {
+  return name.replace(/[<>:"|?*\x00-\x1F]/g, "").replace(/^\.+/, "").replace(/\.+$/, "").replace(/\\/g, "/").replace(/\/+/g, "/").replace(/\.\.\//g, "").replace(/\.\.+/g, "").split("/").pop() || "".trim().slice(0, 255);
+};
+var sanitizeRegexInput = (input) => {
+  return input.replace(/[.*+?^${}()|[\]\\]/g, "\\$&").slice(0, 100);
+};
+var nameSchema = z.string().min(1, "Name is required").max(255, "Name too long").transform(sanitizeFilename).refine((val) => val.length > 0, { message: "Invalid name after sanitization" });
+var uploadChunkSchema = z.object({
+  chunkIndex: z.number().int().min(0).max(1e4),
+  totalChunks: z.number().int().min(1).max(1e4),
+  driveId: z.string().optional(),
+  fileName: nameSchema,
+  fileSize: z.number().int().min(0).max(Number.MAX_SAFE_INTEGER),
+  fileType: z.string().min(1).max(255),
+  folderId: z.string().optional()
+}).refine((data) => data.chunkIndex < data.totalChunks, {
+  message: "Chunk index must be less than total chunks"
+});
+var listQuerySchema = z.object({
+  folderId: z.union([z.literal("root"), objectIdSchema, z.undefined()]),
+  limit: z.string().optional().transform((val) => {
+    const num = parseInt(val || "50", 10);
+    return Math.min(Math.max(1, num), 100);
+  }),
+  afterId: objectIdSchema.optional()
+});
+z.object({
+  id: objectIdSchema,
+  token: z.string().optional()
+});
+z.object({
+  id: objectIdSchema,
+  size: z.enum(["small", "medium", "large"]).optional().default("medium"),
+  token: z.string().optional()
+});
+var renameBodySchema = z.object({
+  id: objectIdSchema,
+  newName: nameSchema
+});
+var deleteQuerySchema = z.object({
+  id: objectIdSchema
+});
+z.object({
+  ids: z.array(objectIdSchema).min(1).max(1e3)
+});
+var createFolderBodySchema = z.object({
+  name: nameSchema,
+  parentId: z.union([z.literal("root"), objectIdSchema, z.string().length(0), z.undefined()]).optional()
+});
+var moveBodySchema = z.object({
+  ids: z.array(objectIdSchema).min(1).max(1e3),
+  targetFolderId: z.union([z.literal("root"), objectIdSchema, z.undefined()]).optional()
+});
+var reorderBodySchema = z.object({
+  ids: z.array(objectIdSchema).min(1).max(1e3)
+});
+var searchQuerySchema = z.object({
+  q: z.string().min(1).max(100).transform(sanitizeRegexInput),
+  folderId: z.union([z.literal("root"), objectIdSchema, z.undefined()]).optional(),
+  limit: z.string().optional().transform((val) => {
+    const num = parseInt(val || "50", 10);
+    return Math.min(Math.max(1, num), 100);
+  }),
+  trashed: z.string().optional().transform((val) => val === "true")
+});
+z.object({
+  id: objectIdSchema
+});
+var cancelQuerySchema = z.object({
+  id: z.string().uuid()
+});
+z.object({
+  days: z.number().int().min(1).max(365).optional()
+});
+var driveFileSchemaZod = z.object({
+  id: z.string(),
+  file: z.object({
+    name: z.string(),
+    mime: z.string(),
+    size: z.number()
+  })
+});
 var getNextOrderValue = async (owner) => {
   const lastItem = await drive_default.findOne({ owner }, {}, { sort: { order: -1 } });
   return lastItem ? lastItem.order + 1 : 0;
@@ -1200,7 +1613,7 @@ var driveGetUrl = (fileId, options) => {
   } else {
     expiryTimestamp = Math.floor(Date.now() / 1e3) + expiresIn;
   }
-  const signature = crypto2.createHmac("sha256", secret).update(`${fileId}:${expiryTimestamp}`).digest("hex");
+  const signature = crypto3.createHmac("sha256", secret).update(`${fileId}:${expiryTimestamp}`).digest("hex");
   const token = Buffer.from(`${expiryTimestamp}:${signature}`).toString("base64url");
   return `${config.apiUrl || "/api/drive"}?action=serve&id=${fileId}&token=${token}`;
 };
@@ -1209,7 +1622,7 @@ var driveAddSignedUrlToken = (item, config) => {
   if (config.security?.signedUrls?.enabled && config.security.signedUrls.secret) {
     const { secret, expiresIn } = config.security.signedUrls;
     const expiryTimestamp = Math.floor(Date.now() / 1e3) + expiresIn;
-    const signature = crypto2.createHmac("sha256", secret).update(`${item.id}:${expiryTimestamp}`).digest("hex");
+    const signature = crypto3.createHmac("sha256", secret).update(`${item.id}:${expiryTimestamp}`).digest("hex");
     token = Buffer.from(`${expiryTimestamp}:${signature}`).toString("base64url");
   }
   const apiUrl = config.apiUrl || "/api/drive";
@@ -1223,15 +1636,15 @@ var driveReadFile = async (file) => {
   let drive;
   if (typeof file === "string") {
     const doc = await drive_default.findById(file);
-    if (!doc) throw new Error(`File not found: ${file}`);
+    if (!doc) throw new Error("Could not read file: the file no longer exists");
     drive = doc;
   } else if ("toClient" in file) {
     drive = file;
   } else {
-    throw new Error("Invalid file parameter provided");
+    throw new Error("Could not read file: invalid file reference provided");
   }
   if (drive.information.type !== "FILE") {
-    throw new Error("Cannot read a folder");
+    throw new Error("Could not read file: this item is a folder, not a file");
   }
   const provider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
   const accountId = drive.storageAccountId?.toString();
@@ -1240,7 +1653,7 @@ var driveReadFile = async (file) => {
 var driveInfo = async (source) => {
   const fileId = typeof source === "string" ? source : source.id;
   const drive = await drive_default.findById(fileId);
-  if (!drive) throw new Error(`File not found: ${fileId}`);
+  if (!drive) throw new Error("Could not load file details: the file no longer exists");
   let parentName;
   if (drive.parentId) {
     const parent = await drive_default.findById(drive.parentId);
@@ -1279,15 +1692,15 @@ var driveFilePath = async (file) => {
   let drive;
   if (typeof file === "string") {
     const doc = await drive_default.findById(file);
-    if (!doc) throw new Error(`File not found: ${file}`);
+    if (!doc) throw new Error("Could not locate file: the file no longer exists");
     drive = doc;
   } else if ("toClient" in file) {
     drive = file;
   } else {
-    throw new Error("Invalid file parameter provided");
+    throw new Error("Could not locate file: invalid file reference provided");
   }
   if (drive.information.type !== "FILE") {
-    throw new Error("Cannot get path for a folder");
+    throw new Error("Could not locate file: this item is a folder, not a file");
   }
   const config = getDriveConfig();
   const STORAGE_PATH = config.storage.path;
@@ -1295,7 +1708,7 @@ var driveFilePath = async (file) => {
   if (providerType === "LOCAL") {
     const filePath = path.join(STORAGE_PATH, "file", String(drive._id), "data.bin");
     if (!fs.existsSync(filePath)) {
-      throw new Error(`Local file not found on disk: ${filePath}`);
+      throw new Error("Could not locate file: the stored file is missing from disk");
     }
     return Object.freeze({
       path: filePath,
@@ -1352,7 +1765,7 @@ var driveFilePath = async (file) => {
       provider: "GOOGLE"
     });
   }
-  throw new Error(`Unsupported provider: ${providerType}`);
+  throw new Error(`Could not locate file: unsupported storage provider "${providerType}"`);
 };
 var driveList = async (options) => {
   const { key, folderId, accountId, limit = 100, afterId } = options;
@@ -1360,7 +1773,7 @@ var driveList = async (options) => {
   if (accountId && accountId !== "LOCAL") {
     const account = await drive_default.db.model("StorageAccount").findOne({ _id: accountId, owner: key });
     if (!account) {
-      throw new Error("Invalid Storage Account");
+      throw new Error("Could not list files: storage account not found or access denied");
     }
     if (account.metadata.provider === "GOOGLE") {
       providerName = "GOOGLE";
@@ -1388,7 +1801,7 @@ var driveListFiles = async (options) => {
   if (accountId && accountId !== "LOCAL") {
     const account = await drive_default.db.model("StorageAccount").findOne({ _id: accountId, owner: key });
     if (!account) {
-      throw new Error("Invalid Storage Account");
+      throw new Error("Could not load files: storage account not found or access denied");
     }
     if (account.metadata.provider === "GOOGLE") {
       providerName = "GOOGLE";
@@ -1432,7 +1845,7 @@ var driveDelete = async (source, options) => {
   let driveId;
   if (typeof source === "string") {
     const doc = await drive_default.findById(source);
-    if (!doc) throw new Error(`File not found: ${source}`);
+    if (!doc) throw new Error("Could not delete: the file no longer exists");
     drive = doc;
     driveId = source;
   } else if ("toClient" in source) {
@@ -1440,7 +1853,7 @@ var driveDelete = async (source, options) => {
     driveId = String(drive._id);
   } else {
     const doc = await drive_default.findById(source.id);
-    if (!doc) throw new Error(`File not found: ${source.id}`);
+    if (!doc) throw new Error("Could not delete: the selected file no longer exists");
     drive = doc;
     driveId = source.id;
   }
@@ -1452,7 +1865,7 @@ var driveDelete = async (source, options) => {
       trashedAt: null
     });
     if (childCount > 0) {
-      throw new Error(`Cannot delete folder: it contains ${childCount} item(s). Use recurse: true to delete folder and all its contents.`);
+      throw new Error(`Could not delete folder: it still contains ${childCount} item(s). Enable recursive delete to remove the folder and everything inside it.`);
     }
   }
   const provider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
@@ -1463,17 +1876,17 @@ var driveDelete = async (source, options) => {
 var resolveFolderByPath = async (folderPath, owner, accountId) => {
   const normalizedPath = folderPath.replace(/^\/+|\/+$/g, "");
   if (!normalizedPath) {
-    throw new Error("Folder path cannot be empty");
+    throw new Error("Could not resolve folder: the folder path is empty");
   }
   const segments = normalizedPath.split("/").filter((s) => s.length > 0);
   if (segments.length === 0) {
-    throw new Error("Invalid folder path");
+    throw new Error("Could not resolve folder: the folder path is invalid");
   }
   let providerName = "LOCAL";
   if (accountId && accountId !== "LOCAL") {
     const account = await drive_default.db.model("StorageAccount").findOne({ _id: accountId, owner });
     if (!account) {
-      throw new Error("Invalid Storage Account");
+      throw new Error("Could not resolve folder: storage account not found or access denied");
     }
     if (account.metadata.provider === "GOOGLE") {
       providerName = "GOOGLE";
@@ -1507,7 +1920,7 @@ var driveUpload = async (source, key, options) => {
   if (accountId && accountId !== "LOCAL") {
     const account = await drive_default.db.model("StorageAccount").findOne({ _id: accountId, owner: key });
     if (!account) {
-      throw new Error("Invalid Storage Account");
+      throw new Error("Could not upload: storage account not found or access denied");
     }
     if (account.metadata.provider === "GOOGLE") {
       provider = GoogleDriveProvider;
@@ -1518,7 +1931,7 @@ var driveUpload = async (source, key, options) => {
   let fileSize;
   if (typeof source === "string") {
     if (!fs.existsSync(source)) {
-      throw new Error(`Source file not found: ${source}`);
+      throw new Error("Could not upload: source file not found");
     }
     sourceFilePath = source;
     const stats = fs.statSync(source);
@@ -1528,7 +1941,7 @@ var driveUpload = async (source, key, options) => {
     if (!fs.existsSync(tempDir)) {
       fs.mkdirSync(tempDir, { recursive: true });
     }
-    tempFilePath = path.join(tempDir, `upload-${crypto2.randomUUID()}.tmp`);
+    tempFilePath = path.join(tempDir, `upload-${crypto3.randomUUID()}.tmp`);
     fs.writeFileSync(tempFilePath, source);
     sourceFilePath = tempFilePath;
     fileSize = source.length;
@@ -1537,7 +1950,7 @@ var driveUpload = async (source, key, options) => {
     if (!fs.existsSync(tempDir)) {
       fs.mkdirSync(tempDir, { recursive: true });
     }
-    tempFilePath = path.join(tempDir, `upload-${crypto2.randomUUID()}.tmp`);
+    tempFilePath = path.join(tempDir, `upload-${crypto3.randomUUID()}.tmp`);
     const writeStream = fs.createWriteStream(tempFilePath);
     await new Promise((resolve, reject) => {
       source.pipe(writeStream);
@@ -1577,17 +1990,17 @@ var driveUpload = async (source, key, options) => {
       mimeType = mimeTypes[ext] || "application/octet-stream";
     }
     if (config.security && !validateMimeType(mimeType, config.security.allowedMimeTypes)) {
-      throw new Error(`File type ${mimeType} not allowed`);
+      throw new Error(`Could not upload: file type "${mimeType}" is not allowed`);
     }
     if (config.security && fileSize > config.security.maxUploadSizeInBytes) {
-      throw new Error(`File size ${fileSize} exceeds maximum allowed size ${config.security.maxUploadSizeInBytes}`);
+      throw new Error("Could not upload: file is larger than the maximum allowed size");
     }
     const isRootMode = config.mode === "ROOT";
     if (!options.enforce && !isRootMode) {
       const information = await getDriveInformation({ method: "KEY", key });
       const quota = await provider.getQuota(key, accountId, information.storage.quotaInBytes);
       if (quota.usedInBytes + fileSize > quota.quotaInBytes) {
-        throw new Error("Storage quota exceeded");
+        throw new Error("Could not upload: you have run out of storage space");
       }
     }
     let resolvedParentId = null;
@@ -1708,832 +2121,516 @@ var driveCleanup = async () => {
   }
   return { removed, totalFreedInBytes };
 };
-var objectIdSchema = z.string().refine((val) => isValidObjectId(val), {
-  message: "Invalid ObjectId format"
-});
-var sanitizeFilename = (name) => {
-  return name.replace(/[<>:"|?*\x00-\x1F]/g, "").replace(/^\.+/, "").replace(/\.+$/, "").replace(/\\/g, "/").replace(/\/+/g, "/").replace(/\.\.\//g, "").replace(/\.\.+/g, "").split("/").pop() || "".trim().slice(0, 255);
+
+// src/server/actions/shared.ts
+var resolveProvider = async (req, owner) => {
+  const accountId = req.headers["x-drive-account"];
+  if (!accountId || accountId === "LOCAL") {
+    return { provider: LocalStorageProvider };
+  }
+  const account = await account_default.findOne({ _id: accountId, owner });
+  if (!account) {
+    throw new Error("Storage account not found or access denied");
+  }
+  if (account.metadata.provider === "GOOGLE") {
+    return { provider: GoogleDriveProvider, accountId: account._id.toString() };
+  }
+  return { provider: LocalStorageProvider };
 };
-var sanitizeRegexInput = (input) => {
-  return input.replace(/[.*+?^${}()|[\]\\]/g, "\\$&").slice(0, 100);
+var withSignedUrl = (item, config) => {
+  return driveAddSignedUrlToken(item, config);
 };
-var nameSchema = z.string().min(1, "Name is required").max(255, "Name too long").transform(sanitizeFilename).refine((val) => val.length > 0, { message: "Invalid name after sanitization" });
-var uploadChunkSchema = z.object({
-  chunkIndex: z.number().int().min(0).max(1e4),
-  totalChunks: z.number().int().min(1).max(1e4),
-  driveId: z.string().optional(),
-  fileName: nameSchema,
-  fileSize: z.number().int().min(0).max(Number.MAX_SAFE_INTEGER),
-  fileType: z.string().min(1).max(255),
-  folderId: z.string().optional()
-}).refine((data) => data.chunkIndex < data.totalChunks, {
-  message: "Chunk index must be less than total chunks"
-});
-var listQuerySchema = z.object({
-  folderId: z.union([z.literal("root"), objectIdSchema, z.undefined()]),
-  limit: z.string().optional().transform((val) => {
-    const num = parseInt(val || "50", 10);
-    return Math.min(Math.max(1, num), 100);
-  }),
-  afterId: objectIdSchema.optional()
-});
-z.object({
-  id: objectIdSchema,
-  token: z.string().optional()
-});
-z.object({
-  id: objectIdSchema,
-  size: z.enum(["small", "medium", "large"]).optional().default("medium"),
-  token: z.string().optional()
-});
-var renameBodySchema = z.object({
-  id: objectIdSchema,
-  newName: nameSchema
-});
-var deleteQuerySchema = z.object({
-  id: objectIdSchema
-});
-z.object({
-  ids: z.array(objectIdSchema).min(1).max(1e3)
-});
-var createFolderBodySchema = z.object({
-  name: nameSchema,
-  parentId: z.union([z.literal("root"), objectIdSchema, z.string().length(0), z.undefined()]).optional()
-});
-var moveBodySchema = z.object({
-  ids: z.array(objectIdSchema).min(1).max(1e3),
-  targetFolderId: z.union([z.literal("root"), objectIdSchema, z.undefined()]).optional()
-});
-z.object({
-  ids: z.array(objectIdSchema).min(1).max(1e3)
-});
-var searchQuerySchema = z.object({
-  q: z.string().min(1).max(100).transform(sanitizeRegexInput),
-  folderId: z.union([z.literal("root"), objectIdSchema, z.undefined()]).optional(),
-  limit: z.string().optional().transform((val) => {
-    const num = parseInt(val || "50", 10);
-    return Math.min(Math.max(1, num), 100);
-  }),
-  trashed: z.string().optional().transform((val) => val === "true")
-});
-z.object({
-  id: objectIdSchema
-});
-var cancelQuerySchema = z.object({
-  id: z.string().uuid()
-});
-z.object({
-  days: z.number().int().min(1).max(365).optional()
-});
-var driveFileSchemaZod = z.object({
-  id: z.string(),
-  file: z.object({
-    name: z.string(),
-    mime: z.string(),
-    size: z.number()
-  })
-});
-
-// src/server/security/cryptoUtils.ts
-function sanitizeContentDispositionFilename(filename) {
-  const basename = filename.replace(/^.*[\\\/]/, "");
-  return basename.replace(/["\r\n]/g, "").replace(/[^\x20-\x7E]/g, "").slice(0, 255);
-}
-var getProvider = async (req, owner) => {
-  const accountId = req.headers["x-drive-account"];
-  if (!accountId || accountId === "LOCAL") {
-    return { provider: LocalStorageProvider };
-  }
-  const account = await account_default.findOne({ _id: accountId, owner });
-  if (!account) {
-    throw new Error("Invalid Storage Account");
-  }
-  if (account.metadata.provider === "GOOGLE") return { provider: GoogleDriveProvider, accountId: account._id.toString() };
-  return { provider: LocalStorageProvider };
-};
-var addSignedUrlToken = (item, config) => {
-  return driveAddSignedUrlToken(item, config);
-};
-var addSignedUrlTokens = (items, config) => {
+var withSignedUrls = (items, config) => {
   return driveAddSignedUrlTokens(items, config);
 };
-var applyCorsHeaders = (req, res, config) => {
-  const cors = config.cors;
-  if (!cors?.enabled) return false;
-  const origin = req.headers.origin;
-  const allowedOrigins = cors.origins ?? "*";
-  const methods = cors.methods ?? ["GET", "POST", "PUT", "DELETE", "OPTIONS"];
-  const allowedHeaders = cors.allowedHeaders ?? ["Content-Type", "Authorization", "X-Drive-Account"];
-  const exposedHeaders = cors.exposedHeaders ?? ["Content-Length", "Content-Type", "Content-Disposition"];
-  const credentials = cors.credentials ?? false;
-  const maxAge = cors.maxAge ?? 86400;
-  let allowOrigin = null;
-  if (origin) {
-    if (allowedOrigins === "*") {
-      allowOrigin = origin;
-    } else if (Array.isArray(allowedOrigins)) {
-      if (allowedOrigins.includes(origin)) {
-        allowOrigin = origin;
+
+// src/server/actions/drive.ts
+var handleDriveAction = async (ctx) => {
+  const { req, res, action, config, owner, isRootMode, information, provider, accountId } = ctx;
+  switch (action) {
+    case "list": {
+      if (req.method !== "GET") return void res.status(405).json({ status: 405, message: "Listing files requires a GET request" });
+      const listQuery = listQuerySchema.safeParse(req.query);
+      if (!listQuery.success) return void res.status(400).json({ status: 400, message: "Could not list files: invalid request parameters" });
+      const { folderId, limit, afterId } = listQuery.data;
+      try {
+        await provider.sync(folderId || "root", owner, accountId);
+      } catch (e) {
+        console.error("Sync failed", e);
       }
-    } else if (allowedOrigins === origin) {
-      allowOrigin = origin;
-    }
-  } else if (allowedOrigins === "*") {
-    allowOrigin = "*";
-  }
-  if (!allowOrigin) {
-    if (req.method === "OPTIONS") {
-      res.status(403).end();
-      return true;
-    }
-    return false;
-  }
-  res.setHeader("Access-Control-Allow-Origin", allowOrigin);
-  res.setHeader("Access-Control-Allow-Methods", methods.join(", "));
-  res.setHeader("Access-Control-Allow-Headers", allowedHeaders.join(", "));
-  res.setHeader("Access-Control-Expose-Headers", exposedHeaders.join(", "));
-  res.setHeader("Access-Control-Max-Age", maxAge.toString());
-  if (credentials) {
-    res.setHeader("Access-Control-Allow-Credentials", "true");
-  }
-  if (req.method === "OPTIONS") {
-    res.status(204).end();
-    return true;
-  }
-  return false;
-};
-var driveAPIHandler = async (req, res) => {
-  const action = req.query.action || (req.query.code && req.query.state ? "callback" : void 0);
-  let config;
-  try {
-    config = getDriveConfig();
-  } catch (error) {
-    console.error("[next-drive] Configuration error:", error);
-    res.status(500).json({ status: 500, message: "Failed to initialize drive configuration" });
-    return;
-  }
-  const isPreflightHandled = applyCorsHeaders(req, res, config);
-  if (isPreflightHandled) return;
-  if (!action) {
-    res.status(400).json({ status: 400, message: "Missing action query parameter" });
-    return;
-  }
-  if (action === "serve" || action === "thumbnail") {
-    try {
-      const { id, token } = req.query;
-      if (!id || typeof id !== "string") {
-        return res.status(400).json({ status: 400, message: "Missing or invalid file ID" });
+      const query = {
+        "provider.type": provider.name,
+        storageAccountId: accountId || null,
+        parentId: folderId === "root" || !folderId ? null : folderId,
+        trashedAt: null
+      };
+      if (!isRootMode) {
+        query.owner = owner;
       }
-      const drive = await drive_default.findById(id);
-      if (!drive) return res.status(404).json({ status: 404, message: "File not found" });
-      if (config.security?.signedUrls?.enabled) {
-        if (!token || typeof token !== "string") {
-          return res.status(401).json({ status: 401, message: "Missing or invalid token" });
-        }
+      if (afterId) query._id = { $lt: afterId };
+      const items = await drive_default.find(query, {}, { sort: { order: 1, _id: -1 }, limit });
+      const plainItems = withSignedUrls(await Promise.all(items.map((item) => item.toClient())), config);
+      res.status(200).json({ status: 200, message: "Items retrieved", data: { items: plainItems, hasMore: items.length === limit } });
+      return;
+    }
+    case "search": {
+      const searchData = searchQuerySchema.safeParse(req.query);
+      if (!searchData.success) return void res.status(400).json({ status: 400, message: "Could not search: invalid request parameters" });
+      const { q, folderId, limit, trashed } = searchData.data;
+      if (!trashed) {
         try {
-          const decoded = Buffer.from(token, "base64url").toString();
-          const [expiryStr, signature] = decoded.split(":");
-          const expiry = parseInt(expiryStr, 10);
-          if (Date.now() / 1e3 > expiry) {
-            return res.status(401).json({ status: 401, message: "Token expired" });
-          }
-          const { secret } = config.security.signedUrls;
-          const expectedSignature = crypto2.createHmac("sha256", secret).update(`${id}:${expiry}`).digest("hex");
-          if (signature !== expectedSignature) {
-            return res.status(401).json({ status: 401, message: "Invalid token" });
-          }
-        } catch (err) {
-          return res.status(401).json({ status: 401, message: "Invalid token format" });
-        }
-      }
-      const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
-      const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
-      if (action === "thumbnail") {
-        const stream = await itemProvider.getThumbnail(drive, itemAccountId);
-        res.setHeader("Content-Type", "image/webp");
-        if (config.cors?.enabled) {
-          res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
+          await provider.search(q, owner, accountId);
+        } catch (e) {
+          console.error("Search sync failed", e);
         }
-        stream.pipe(res);
-        return;
       }
-      if (action === "serve") {
-        const { stream, mime, size: fileSize } = await itemProvider.openStream(drive, itemAccountId);
-        const safeFilename = sanitizeContentDispositionFilename(drive.name);
-        const format = req.query.format;
-        const quality = req.query.quality;
-        const display = req.query.display;
-        const sizePreset = req.query.size;
-        const fit = req.query.fit;
-        const position = req.query.position;
-        const isImage = mime.startsWith("image/");
-        const shouldTransform = isImage && (format || quality || display || sizePreset || fit);
-        res.setHeader("Content-Disposition", `inline; filename="${safeFilename}"`);
-        if (config.cors?.enabled) {
-          res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
-        }
-        if (shouldTransform) {
-          try {
-            const settings = getImageSettings(fileSize, quality, display, sizePreset, fit, position);
-            let targetFormat = format || mime.split("/")[1];
-            if (targetFormat === "jpg") targetFormat = "jpeg";
-            if (!["jpeg", "png", "webp", "avif"].includes(targetFormat)) {
-              targetFormat = format || "webp";
-            }
-            const cacheDir = path.join(config.storage.path, "file", drive._id.toString(), "cache");
-            const cacheKey = [
-              "opt",
-              `q${settings.quality}`,
-              `e${settings.effort}`,
-              settings.width ? `${settings.width}x${settings.height}` : "orig",
-              settings.fit || "none",
-              settings.position || "c",
-              targetFormat
-            ].join("_");
-            const cachePath = path.join(cacheDir, `${cacheKey}.bin`);
-            if (fs.existsSync(cachePath)) {
-              const cacheStat = fs.statSync(cachePath);
-              res.setHeader("Content-Type", `image/${targetFormat}`);
-              res.setHeader("Content-Length", cacheStat.size);
-              res.setHeader("Cache-Control", "public, max-age=31536000, immutable");
-              if (config.cors?.enabled) {
-                res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
-              }
-              if ("destroy" in stream) stream.destroy();
-              fs.createReadStream(cachePath).pipe(res);
-              return;
-            }
-            if (!fs.existsSync(cacheDir)) fs.mkdirSync(cacheDir, { recursive: true });
-            let pipeline = sharp2();
-            if (settings.width && settings.height) {
-              pipeline = pipeline.resize(settings.width, settings.height, {
-                fit: settings.fit || "inside",
-                position: settings.position || "center",
-                withoutEnlargement: true,
-                // Use transparent background for 'contain' fit to preserve transparency
-                background: { r: 0, g: 0, b: 0, alpha: 0 }
-              });
-            }
-            if (targetFormat === "jpeg") {
-              pipeline = pipeline.jpeg({ quality: settings.quality, mozjpeg: true });
-              res.setHeader("Content-Type", "image/jpeg");
-            } else if (targetFormat === "png") {
-              pipeline = pipeline.png({ compressionLevel: settings.pngCompression, adaptiveFiltering: true });
-              res.setHeader("Content-Type", "image/png");
-            } else if (targetFormat === "webp") {
-              const webpEffort = Math.min(settings.effort, 6);
-              pipeline = pipeline.webp({ quality: settings.quality, effort: webpEffort });
-              res.setHeader("Content-Type", "image/webp");
-            } else if (targetFormat === "avif") {
-              pipeline = pipeline.avif({ quality: settings.quality, effort: settings.effort });
-              res.setHeader("Content-Type", "image/avif");
-            }
-            res.setHeader("Cache-Control", "public, max-age=31536000, immutable");
-            pipeline.on("error", (err) => {
-              console.error("[next-drive] Pipeline error:", err);
-            });
-            stream.pipe(pipeline);
-            pipeline.clone().toFile(cachePath).catch((e) => console.error("[next-drive] Cache write failed:", e));
-            pipeline.clone().pipe(res);
-            return;
-          } catch (e) {
-            console.error("[next-drive] Image transformation failed:", e);
-          }
-        }
-        res.setHeader("Content-Type", mime);
-        if (fileSize) res.setHeader("Content-Length", fileSize);
-        stream.pipe(res);
-        return;
+      const query = {
+        "provider.type": provider.name,
+        storageAccountId: accountId || null,
+        trashedAt: trashed ? { $ne: null } : null,
+        name: { $regex: q, $options: "i" }
+      };
+      if (!isRootMode) {
+        query.owner = owner;
       }
-    } catch (error) {
-      console.error(`[next-drive] Error in ${action}:`, error);
-      return res.status(500).json({
-        status: 500,
-        message: error instanceof Error ? error.message : "Unknown error"
+      if (folderId && folderId !== "root") query.parentId = folderId;
+      const items = await drive_default.find(query, {}, { limit, sort: { createdAt: -1 } });
+      const plainItems = withSignedUrls(await Promise.all(items.map((i) => i.toClient())), config);
+      res.status(200).json({ status: 200, message: "Results", data: { items: plainItems } });
+      return;
+    }
+    case "upload": {
+      if (req.method !== "POST") return void res.status(405).json({ status: 405, message: "Uploading requires a POST request" });
+      const systemTmpDir = path.join(os2.tmpdir(), "next-drive-uploads");
+      if (!fs.existsSync(systemTmpDir)) fs.mkdirSync(systemTmpDir, { recursive: true });
+      const form = formidable({
+        multiples: false,
+        maxFileSize: (config.security?.maxUploadSizeInBytes ?? 1024 * 1024 * 1024) * 2,
+        uploadDir: systemTmpDir,
+        keepExtensions: true
       });
-    }
-  }
-  try {
-    const mode = config.mode || "NORMAL";
-    const information = await getDriveInformation({ method: "REQUEST", req });
-    const { key: owner } = information;
-    const STORAGE_PATH = config.storage.path;
-    const isRootMode = mode === "ROOT";
-    if (action === "information") {
-      const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
-      const googleConfigured = !!(clientId && clientSecret && redirectUri);
-      return res.status(200).json({
-        status: 200,
-        message: "Information retrieved",
-        data: {
-          providers: {
-            google: googleConfigured
-          },
-          mode
-        }
+      const [fields, files] = await new Promise((resolve, reject) => {
+        form.parse(req, (err, parsedFields, parsedFiles) => {
+          if (err) reject(err);
+          else resolve([parsedFields, parsedFiles]);
+        });
       });
-    }
-    if (["getAuthUrl", "callback", "listAccounts", "removeAccount"].includes(action)) {
-      switch (action) {
-        case "getAuthUrl": {
-          const { provider: provider2 } = req.query;
-          if (provider2 === "GOOGLE") {
-            const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
-            if (!clientId || !clientSecret || !redirectUri) return res.status(500).json({ status: 500, message: "Google not configured" });
-            const callbackUri = new URL(redirectUri);
-            callbackUri.searchParams.set("action", "callback");
-            const oAuth2Client = new google.auth.OAuth2(clientId, clientSecret, callbackUri.toString());
-            const state = Buffer.from(JSON.stringify({ owner })).toString("base64");
-            const url = oAuth2Client.generateAuthUrl({
-              access_type: "offline",
-              scope: ["https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/userinfo.email"],
-              state,
-              prompt: "consent"
-              // force refresh token
-            });
-            return res.status(200).json({ status: 200, message: "Auth URL generated", data: { url } });
+      const cleanupTempFiles = (allFiles) => {
+        Object.values(allFiles).flat().forEach((file) => {
+          if (file && fs.existsSync(file.filepath)) fs.rmSync(file.filepath, { force: true });
+        });
+      };
+      const getString = (f) => Array.isArray(f) ? f[0] : f || "";
+      const getInt = (f) => parseInt(getString(f) || "0", 10);
+      const uploadData = uploadChunkSchema.safeParse({
+        chunkIndex: getInt(fields.chunkIndex),
+        totalChunks: getInt(fields.totalChunks),
+        driveId: getString(fields.driveId) || void 0,
+        fileName: getString(fields.fileName),
+        fileSize: getInt(fields.fileSize),
+        fileType: getString(fields.fileType),
+        folderId: getString(fields.folderId) || void 0
+      });
+      if (!uploadData.success) {
+        cleanupTempFiles(files);
+        return void res.status(400).json({ status: 400, message: uploadData.error.errors[0].message });
+      }
+      const { chunkIndex, totalChunks, driveId, fileName, fileSize: fileSizeInBytes, fileType, folderId } = uploadData.data;
+      let currentUploadId = driveId;
+      const tempBaseDir = path.join(os2.tmpdir(), "next-drive-uploads");
+      if (!currentUploadId) {
+        if (chunkIndex !== 0) return void res.status(400).json({ message: "Could not upload: missing upload session for this chunk" });
+        if (fileType && config.security) {
+          if (!validateMimeType(fileType, config.security.allowedMimeTypes)) {
+            cleanupTempFiles(files);
+            return void res.status(400).json({ status: 400, message: `Could not upload: file type "${fileType}" is not allowed` });
           }
-          return res.status(400).json({ status: 400, message: "Unknown provider" });
         }
-        case "callback": {
-          const { code, state } = req.query;
-          if (!code) return res.status(400).json({ status: 400, message: "Missing code" });
-          const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
-          if (!clientId || !clientSecret || !redirectUri) return res.status(500).json({ status: 500, message: "Google not configured" });
-          const callbackUri = new URL(redirectUri);
-          callbackUri.searchParams.set("action", "callback");
-          const oAuth2Client = new google.auth.OAuth2(clientId, clientSecret, callbackUri.toString());
-          const { tokens } = await oAuth2Client.getToken(code);
-          oAuth2Client.setCredentials(tokens);
-          const oauth2 = google.oauth2({ version: "v2", auth: oAuth2Client });
-          const userInfo = await oauth2.userinfo.get();
-          const existing = await account_default.findOne({ owner, "metadata.google.email": userInfo.data.email, "metadata.provider": "GOOGLE" });
-          if (existing) {
-            existing.metadata.google.credentials = tokens;
-            existing.markModified("metadata");
-            await existing.save();
-          } else {
-            const newAccount = new account_default({
-              owner,
-              name: userInfo.data.name || "Google Drive",
-              metadata: {
-                provider: "GOOGLE",
-                google: {
-                  email: userInfo.data.email,
-                  credentials: tokens
-                }
-              }
-            });
-            await newAccount.save();
-          }
-          res.setHeader("Content-Type", "text/html");
-          return res.send(`<!DOCTYPE html>
-<html>
-<head><title>Authentication Complete</title></head>
-<body>
-<p>Authentication successful! This window will close automatically.</p>
-<script>
-(function() {
-	// Method 1: postMessage for popup windows
-	if (window.opener) {
-		try {
-			window.opener.postMessage('oauth-success', '*');
-		} catch (e) {}
-	}
-	// Method 2: localStorage event for new tabs (macOS fullscreen mode)
-	try {
-		localStorage.setItem('next-drive-oauth-success', Date.now().toString());
-		localStorage.removeItem('next-drive-oauth-success');
-	} catch (e) {}
-	// Close the window/tab
-	window.close();
-	// Fallback: If window.close() doesn't work (some browsers block it),
-	// show a message to manually close
-	setTimeout(function() {
-		document.body.innerHTML = '<p style="font-family: system-ui; text-align: center; margin-top: 50px;">Authentication successful!<br>You can close this tab now.</p>';
-	}, 500);
-})();
-</script>
-</body>
-</html>`);
-        }
-        case "listAccounts": {
-          const accounts = await account_default.find({ owner });
-          return res.status(200).json({
-            status: 200,
-            data: {
-              accounts: accounts.map((a) => ({
-                id: a._id.toString(),
-                name: a.name,
-                email: a.metadata.google?.email || "",
-                provider: a.metadata.provider
-              }))
-            }
-          });
-        }
-        case "removeAccount": {
-          const { id } = req.query;
-          const account = await account_default.findOne({ _id: id, owner });
-          if (!account) return res.status(404).json({ status: 404, message: "Account not found" });
-          if (account.metadata.provider === "GOOGLE") {
-            try {
-              await GoogleDriveProvider.revokeToken(owner, account._id.toString());
-            } catch (e) {
-              console.error("Failed to revoke Google token:", e);
-            }
+        if (!isRootMode) {
+          const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
+          if (quota.usedInBytes + fileSizeInBytes > quota.quotaInBytes) {
+            cleanupTempFiles(files);
+            return void res.status(413).json({ status: 413, message: "Could not upload: you have run out of storage space" });
           }
-          await account_default.deleteOne({ _id: id, owner });
-          await drive_default.deleteMany({ owner, storageAccountId: id });
-          return res.status(200).json({ status: 200, message: "Account removed" });
         }
-      }
-    }
-    const { provider, accountId } = await getProvider(req, owner);
-    switch (action) {
-      // ** 1. LIST **
-      case "list": {
-        if (req.method !== "GET") return res.status(405).json({ status: 405, message: "Only GET allowed" });
-        const listQuery = listQuerySchema.safeParse(req.query);
-        if (!listQuery.success) return res.status(400).json({ status: 400, message: "Invalid parameters" });
-        const { folderId, limit, afterId } = listQuery.data;
-        try {
-          await provider.sync(folderId || "root", owner, accountId);
-        } catch (e) {
-          console.error("Sync failed", e);
-        }
-        const query = {
-          "provider.type": provider.name,
-          storageAccountId: accountId || null,
+        currentUploadId = crypto3.randomUUID();
+        const uploadDir2 = path.join(tempBaseDir, currentUploadId);
+        fs.mkdirSync(uploadDir2, { recursive: true });
+        const metadata = {
+          owner,
+          accountId,
+          providerName: provider.name,
+          name: fileName,
           parentId: folderId === "root" || !folderId ? null : folderId,
-          trashedAt: null
+          fileSize: fileSizeInBytes,
+          mimeType: fileType,
+          totalChunks
         };
-        if (!isRootMode) {
-          query.owner = owner;
-        }
-        if (afterId) query._id = { $lt: afterId };
-        const items = await drive_default.find(query, {}, { sort: { order: 1, _id: -1 }, limit });
-        const plainItems = addSignedUrlTokens(await Promise.all(items.map((item) => item.toClient())), config);
-        res.status(200).json({ status: 200, message: "Items retrieved", data: { items: plainItems, hasMore: items.length === limit } });
-        return;
+        fs.writeFileSync(path.join(uploadDir2, "metadata.json"), JSON.stringify(metadata));
       }
-      // ** 2. SEARCH **
-      case "search": {
-        const searchData = searchQuerySchema.safeParse(req.query);
-        if (!searchData.success) return res.status(400).json({ status: 400, message: "Invalid params" });
-        const { q, folderId, limit, trashed } = searchData.data;
-        if (!trashed) {
-          try {
-            await provider.search(q, owner, accountId);
-          } catch (e) {
-            console.error("Search sync failed", e);
+      if (!currentUploadId) {
+        cleanupTempFiles(files);
+        return void res.status(400).json({ status: 400, message: "Could not upload: invalid upload request" });
+      }
+      const uploadDir = path.join(tempBaseDir, currentUploadId);
+      if (!fs.existsSync(uploadDir)) {
+        cleanupTempFiles(files);
+        return void res.status(404).json({ status: 404, message: "Could not upload: this upload session was not found or has expired" });
+      }
+      try {
+        const chunkFile = Array.isArray(files.chunk) ? files.chunk[0] : files.chunk;
+        if (!chunkFile) throw new Error("Could not upload: no file chunk was received");
+        const partPath = path.join(uploadDir, `part_${chunkIndex}`);
+        try {
+          fs.renameSync(chunkFile.filepath, partPath);
+        } catch (err) {
+          if (err instanceof Error && "code" in err && err.code === "EXDEV") {
+            fs.copyFileSync(chunkFile.filepath, partPath);
+            fs.unlinkSync(chunkFile.filepath);
+          } else {
+            throw err;
           }
         }
-        const query = {
-          "provider.type": provider.name,
-          storageAccountId: accountId || null,
-          trashedAt: trashed ? { $ne: null } : null,
-          name: { $regex: q, $options: "i" }
-        };
-        if (!isRootMode) {
-          query.owner = owner;
-        }
-        if (folderId && folderId !== "root") query.parentId = folderId;
-        const items = await drive_default.find(query, {}, { limit, sort: { createdAt: -1 } });
-        const plainItems = addSignedUrlTokens(await Promise.all(items.map((i) => i.toClient())), config);
-        return res.status(200).json({ status: 200, message: "Results", data: { items: plainItems } });
-      }
-      // ** 3. UPLOAD **
-      case "upload": {
-        if (req.method !== "POST") return res.status(405).json({ status: 405, message: "Only POST allowed" });
-        const systemTmpDir = path.join(os2.tmpdir(), "next-drive-uploads");
-        if (!fs.existsSync(systemTmpDir)) fs.mkdirSync(systemTmpDir, { recursive: true });
-        const form = formidable({
-          multiples: false,
-          maxFileSize: (config.security?.maxUploadSizeInBytes ?? 1024 * 1024 * 1024) * 2,
-          uploadDir: systemTmpDir,
-          keepExtensions: true
-        });
-        const [fields, files] = await new Promise((resolve, reject) => {
-          form.parse(req, (err, fields2, files2) => {
-            if (err) reject(err);
-            else resolve([fields2, files2]);
+        const uploadedParts = fs.readdirSync(uploadDir).filter((f) => f.startsWith("part_"));
+        if (uploadedParts.length === totalChunks) {
+          const metaPath = path.join(uploadDir, "metadata.json");
+          const meta = JSON.parse(fs.readFileSync(metaPath, "utf-8"));
+          const finalTempPath = path.join(uploadDir, "final.bin");
+          const writeStream = fs.createWriteStream(finalTempPath);
+          let streamError = null;
+          writeStream.on("error", (err) => {
+            streamError = err;
           });
-        });
-        const cleanupTempFiles = (files2) => {
-          Object.values(files2).flat().forEach((file) => {
-            if (file && fs.existsSync(file.filepath)) fs.rmSync(file.filepath, { force: true });
+          await new Promise((resolve, reject) => {
+            writeStream.on("open", () => resolve());
+            writeStream.once("error", reject);
           });
-        };
-        const getString = (f) => Array.isArray(f) ? f[0] : f || "";
-        const getInt = (f) => parseInt(getString(f) || "0", 10);
-        const uploadData = uploadChunkSchema.safeParse({
-          chunkIndex: getInt(fields.chunkIndex),
-          totalChunks: getInt(fields.totalChunks),
-          driveId: getString(fields.driveId) || void 0,
-          fileName: getString(fields.fileName),
-          fileSize: getInt(fields.fileSize),
-          fileType: getString(fields.fileType),
-          folderId: getString(fields.folderId) || void 0
-        });
-        if (!uploadData.success) {
-          cleanupTempFiles(files);
-          return res.status(400).json({ status: 400, message: uploadData.error.errors[0].message });
-        }
-        const { chunkIndex, totalChunks, driveId, fileName, fileSize: fileSizeInBytes, fileType, folderId } = uploadData.data;
-        let currentUploadId = driveId;
-        const tempBaseDir = path.join(os2.tmpdir(), "next-drive-uploads");
-        if (!currentUploadId) {
-          if (chunkIndex !== 0) return res.status(400).json({ message: "Missing upload ID for non-zero chunk" });
-          if (fileType && config.security) {
-            if (!validateMimeType(fileType, config.security.allowedMimeTypes)) {
-              cleanupTempFiles(files);
-              return res.status(400).json({ status: 400, message: `File type ${fileType} not allowed` });
-            }
-          }
-          if (!isRootMode) {
-            const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
-            if (quota.usedInBytes + fileSizeInBytes > quota.quotaInBytes) {
-              cleanupTempFiles(files);
-              return res.status(413).json({ status: 413, message: "Storage quota exceeded" });
+          for (let i = 0; i < totalChunks; i++) {
+            if (streamError) {
+              writeStream.destroy();
+              throw streamError;
             }
-          }
-          currentUploadId = crypto2.randomUUID();
-          const uploadDir = path.join(tempBaseDir, currentUploadId);
-          fs.mkdirSync(uploadDir, { recursive: true });
-          const metadata = {
-            owner,
-            accountId,
-            providerName: provider.name,
-            name: fileName,
-            parentId: folderId === "root" || !folderId ? null : folderId,
-            fileSize: fileSizeInBytes,
-            mimeType: fileType,
-            totalChunks
-          };
-          fs.writeFileSync(path.join(uploadDir, "metadata.json"), JSON.stringify(metadata));
-        }
-        if (currentUploadId) {
-          const uploadDir = path.join(tempBaseDir, currentUploadId);
-          if (!fs.existsSync(uploadDir)) {
-            cleanupTempFiles(files);
-            return res.status(404).json({ status: 404, message: "Upload session not found or expired" });
-          }
-          try {
-            const chunkFile = Array.isArray(files.chunk) ? files.chunk[0] : files.chunk;
-            if (!chunkFile) throw new Error("No chunk file received");
-            const partPath = path.join(uploadDir, `part_${chunkIndex}`);
-            try {
-              fs.renameSync(chunkFile.filepath, partPath);
-            } catch (err) {
-              if (err instanceof Error && "code" in err && err.code === "EXDEV") {
-                fs.copyFileSync(chunkFile.filepath, partPath);
-                fs.unlinkSync(chunkFile.filepath);
-              } else {
-                throw err;
-              }
+            const pPath = path.join(uploadDir, `part_${i}`);
+            if (!fs.existsSync(pPath)) {
+              writeStream.destroy();
+              throw new Error(`Could not finish upload: chunk ${i} is missing`);
             }
-            const uploadedParts = fs.readdirSync(uploadDir).filter((f) => f.startsWith("part_"));
-            if (uploadedParts.length === totalChunks) {
-              const metaPath = path.join(uploadDir, "metadata.json");
-              const meta = JSON.parse(fs.readFileSync(metaPath, "utf-8"));
-              const finalTempPath = path.join(uploadDir, "final.bin");
-              const writeStream = fs.createWriteStream(finalTempPath);
-              let streamError = null;
-              writeStream.on("error", (err) => {
-                streamError = err;
-              });
-              await new Promise((resolve, reject) => {
-                writeStream.on("open", () => resolve());
-                writeStream.once("error", reject);
-              });
-              for (let i = 0; i < totalChunks; i++) {
-                if (streamError) {
-                  writeStream.destroy();
-                  throw streamError;
-                }
-                const pPath = path.join(uploadDir, `part_${i}`);
-                if (!fs.existsSync(pPath)) {
-                  writeStream.destroy();
-                  throw new Error(`Missing chunk part: ${i}`);
-                }
-                const data = fs.readFileSync(pPath);
-                const canContinue = writeStream.write(data);
-                if (!canContinue) {
-                  await new Promise((resolve, reject) => {
-                    writeStream.once("drain", resolve);
-                    writeStream.once("error", reject);
-                  });
-                }
-              }
+            const data = fs.readFileSync(pPath);
+            const canContinue = writeStream.write(data);
+            if (!canContinue) {
               await new Promise((resolve, reject) => {
-                if (streamError) {
-                  reject(streamError);
-                  return;
-                }
-                writeStream.end();
-                writeStream.on("finish", resolve);
+                writeStream.once("drain", resolve);
                 writeStream.once("error", reject);
               });
-              if (!fs.existsSync(finalTempPath)) {
-                throw new Error("Failed to create merged file");
-              }
-              const finalStats = fs.statSync(finalTempPath);
-              if (finalStats.size !== meta.fileSize) {
-                throw new Error(`File size mismatch: expected ${meta.fileSize}, got ${finalStats.size}`);
-              }
-              const drive = new drive_default({
-                owner: meta.owner,
-                storageAccountId: meta.accountId || null,
-                provider: { type: meta.providerName },
-                name: meta.name,
-                parentId: meta.parentId,
-                order: 0,
-                information: { type: "FILE", sizeInBytes: meta.fileSize, mime: meta.mimeType, path: "" },
-                // path set by provider
-                status: "UPLOADING",
-                currentChunk: totalChunks,
-                totalChunks
-              });
-              if (meta.providerName === "LOCAL" && drive.information.type === "FILE") {
-                drive.information.path = path.join("file", String(drive._id), "data.bin");
-              }
-              await drive.save();
-              try {
-                const item = await provider.uploadFile(drive, finalTempPath, meta.accountId);
-                fs.rmSync(uploadDir, { recursive: true, force: true });
-                const newQuota = await provider.getQuota(meta.owner, meta.accountId, information.storage.quotaInBytes);
-                res.status(200).json({ status: 200, message: "Upload complete", data: { type: "UPLOAD_COMPLETE", driveId: String(drive._id), item: addSignedUrlToken(item, config) }, statistic: { storage: newQuota } });
-              } catch (err) {
-                await drive_default.deleteOne({ _id: drive._id });
-                throw err;
-              }
-            } else {
-              const newQuota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
-              if (chunkIndex === 0) {
-                res.status(200).json({ status: 200, message: "Upload started", data: { type: "UPLOAD_STARTED", driveId: currentUploadId }, statistic: { storage: newQuota } });
-              } else {
-                res.status(200).json({ status: 200, message: "Chunk received", data: { type: "CHUNK_RECEIVED", driveId: currentUploadId, chunkIndex }, statistic: { storage: newQuota } });
-              }
             }
-          } catch (e) {
-            cleanupTempFiles(files);
-            throw e;
           }
-          return;
-        }
-        cleanupTempFiles(files);
-        return res.status(400).json({ status: 400, message: "Invalid upload request" });
-      }
-      // ** 4. CANCEL UPLOAD **
-      case "cancel": {
-        const cancelData = cancelQuerySchema.safeParse(req.query);
-        if (!cancelData.success) return res.status(400).json({ status: 400, message: "Invalid ID" });
-        const { id } = cancelData.data;
-        const tempUploadDir = path.join(os2.tmpdir(), "next-drive-uploads", id);
-        if (fs.existsSync(tempUploadDir)) {
+          await new Promise((resolve, reject) => {
+            if (streamError) {
+              reject(streamError);
+              return;
+            }
+            writeStream.end();
+            writeStream.on("finish", resolve);
+            writeStream.once("error", reject);
+          });
+          if (!fs.existsSync(finalTempPath)) {
+            throw new Error("Could not finish upload: failed to assemble the file");
+          }
+          const finalStats = fs.statSync(finalTempPath);
+          if (finalStats.size !== meta.fileSize) {
+            throw new Error("Could not finish upload: the assembled file is incomplete (size mismatch)");
+          }
+          const drive = new drive_default({
+            owner: meta.owner,
+            storageAccountId: meta.accountId || null,
+            provider: { type: meta.providerName },
+            name: meta.name,
+            parentId: meta.parentId,
+            order: 0,
+            information: { type: "FILE", sizeInBytes: meta.fileSize, mime: meta.mimeType, path: "" },
+            status: "UPLOADING",
+            currentChunk: totalChunks,
+            totalChunks
+          });
+          if (meta.providerName === "LOCAL" && drive.information.type === "FILE") {
+            drive.information.path = path.join("file", String(drive._id), "data.bin");
+          }
+          await drive.save();
           try {
-            fs.rmSync(tempUploadDir, { recursive: true, force: true });
-          } catch (e) {
-            console.error("Failed to cleanup temp upload:", e);
+            const item = await provider.uploadFile(drive, finalTempPath, meta.accountId);
+            fs.rmSync(uploadDir, { recursive: true, force: true });
+            const newQuota = await provider.getQuota(meta.owner, meta.accountId, information.storage.quotaInBytes);
+            res.status(200).json({ status: 200, message: "Upload complete", data: { type: "UPLOAD_COMPLETE", driveId: String(drive._id), item: withSignedUrl(item, config) }, statistic: { storage: newQuota } });
+          } catch (err) {
+            await drive_default.deleteOne({ _id: drive._id });
+            throw err;
+          }
+        } else {
+          const newQuota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
+          if (chunkIndex === 0) {
+            res.status(200).json({ status: 200, message: "Upload started", data: { type: "UPLOAD_STARTED", driveId: currentUploadId }, statistic: { storage: newQuota } });
+          } else {
+            res.status(200).json({ status: 200, message: "Chunk received", data: { type: "CHUNK_RECEIVED", driveId: currentUploadId, chunkIndex }, statistic: { storage: newQuota } });
           }
         }
-        return res.status(200).json({ status: 200, message: "Upload cancelled", data: null });
-      }
-      // ** 5. CREATE FOLDER **
-      case "createFolder": {
-        const folderData = createFolderBodySchema.safeParse(req.body);
-        if (!folderData.success) return res.status(400).json({ status: 400, message: folderData.error.errors[0].message });
-        const { name, parentId } = folderData.data;
-        const item = addSignedUrlToken(await provider.createFolder(name, parentId ?? null, owner, accountId), config);
-        return res.status(201).json({ status: 201, message: "Folder created", data: { item } });
+      } catch (e) {
+        cleanupTempFiles(files);
+        throw e;
       }
-      // ** 5. DELETE **
-      case "delete": {
-        const deleteData = deleteQuerySchema.safeParse(req.query);
-        if (!deleteData.success) return res.status(400).json({ status: 400, message: "Invalid ID" });
-        const { id } = deleteData.data;
-        const drive = await drive_default.findById(id);
-        if (!drive) return res.status(404).json({ status: 404, message: "Not found" });
-        const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
-        const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
+      return;
+    }
+    case "cancel": {
+      const cancelData = cancelQuerySchema.safeParse(req.query);
+      if (!cancelData.success) return void res.status(400).json({ status: 400, message: "Could not cancel upload: invalid ID" });
+      const { id } = cancelData.data;
+      const tempUploadDir = path.join(os2.tmpdir(), "next-drive-uploads", id);
+      if (fs.existsSync(tempUploadDir)) {
         try {
-          await itemProvider.trash([id], owner, itemAccountId);
+          fs.rmSync(tempUploadDir, { recursive: true, force: true });
         } catch (e) {
-          console.error("Provider trash failed:", e);
+          console.error("Failed to cleanup temp upload:", e);
         }
-        drive.trashedAt = /* @__PURE__ */ new Date();
-        await drive.save();
-        return res.status(200).json({ status: 200, message: "Moved to trash", data: null });
       }
-      // ** 6. HARD DELETE **
-      case "deletePermanent": {
-        const deleteData = deleteQuerySchema.safeParse(req.query);
-        if (!deleteData.success) return res.status(400).json({ status: 400, message: "Invalid ID" });
-        const { id } = deleteData.data;
-        await provider.delete([id], owner, accountId);
-        const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
-        return res.status(200).json({ status: 200, message: "Deleted", statistic: { storage: quota } });
+      res.status(200).json({ status: 200, message: "Upload cancelled", data: null });
+      return;
+    }
+    case "createFolder": {
+      const folderData = createFolderBodySchema.safeParse(req.body);
+      if (!folderData.success) return void res.status(400).json({ status: 400, message: folderData.error.errors[0].message });
+      const { name, parentId } = folderData.data;
+      const item = withSignedUrl(await provider.createFolder(name, parentId ?? null, owner, accountId), config);
+      res.status(201).json({ status: 201, message: "Folder created", data: { item } });
+      return;
+    }
+    case "delete": {
+      const deleteData = deleteQuerySchema.safeParse(req.query);
+      if (!deleteData.success) return void res.status(400).json({ status: 400, message: "Could not move to trash: invalid ID" });
+      const { id } = deleteData.data;
+      const drive = await drive_default.findById(id);
+      if (!drive) return void res.status(404).json({ status: 404, message: "Could not move to trash: item not found" });
+      const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
+      const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
+      try {
+        await itemProvider.trash([id], owner, itemAccountId);
+      } catch (e) {
+        console.error("Provider trash failed:", e);
       }
-      // ** 7. QUOTA **
-      case "quota": {
-        const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
-        return res.status(200).json({
-          status: 200,
-          message: "Quota retrieved",
-          data: { usedInBytes: quota.usedInBytes, totalInBytes: quota.quotaInBytes, availableInBytes: Math.max(0, quota.quotaInBytes - quota.usedInBytes), percentage: quota.quotaInBytes > 0 ? Math.round(quota.usedInBytes / quota.quotaInBytes * 100) : 0 },
-          statistic: { storage: quota }
-        });
+      drive.trashedAt = /* @__PURE__ */ new Date();
+      await drive.save();
+      res.status(200).json({ status: 200, message: "Moved to trash", data: null });
+      return;
+    }
+    case "deletePermanent": {
+      const deleteData = deleteQuerySchema.safeParse(req.query);
+      if (!deleteData.success) return void res.status(400).json({ status: 400, message: "Could not delete: invalid ID" });
+      const { id } = deleteData.data;
+      await provider.delete([id], owner, accountId);
+      const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
+      res.status(200).json({ status: 200, message: "Deleted", statistic: { storage: quota } });
+      return;
+    }
+    case "quota": {
+      const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
+      res.status(200).json({
+        status: 200,
+        message: "Quota retrieved",
+        data: {
+          usedInBytes: quota.usedInBytes,
+          totalInBytes: quota.quotaInBytes,
+          availableInBytes: Math.max(0, quota.quotaInBytes - quota.usedInBytes),
+          percentage: quota.quotaInBytes > 0 ? Math.round(quota.usedInBytes / quota.quotaInBytes * 100) : 0
+        },
+        statistic: { storage: quota }
+      });
+      return;
+    }
+    case "trash": {
+      try {
+        const { provider: trashProvider, accountId: trashAccountId } = await resolveProvider(req, owner);
+        await trashProvider.syncTrash(owner, trashAccountId);
+      } catch (e) {
+        console.error("Trash sync failed", e);
       }
-      // ** 7B. TRASH **
-      case "trash": {
-        try {
-          const { provider: trashProvider, accountId: trashAccountId } = await getProvider(req, owner);
-          await trashProvider.syncTrash(owner, trashAccountId);
-        } catch (e) {
-          console.error("Trash sync failed", e);
+      const query = {
+        owner,
+        "provider.type": provider.name,
+        storageAccountId: accountId || null,
+        trashedAt: { $ne: null }
+      };
+      const items = await drive_default.find(query, {}, { sort: { trashedAt: -1 } });
+      const plainItems = withSignedUrls(await Promise.all(items.map((item) => item.toClient())), config);
+      res.status(200).json({ status: 200, message: "Trash items", data: { items: plainItems, hasMore: false } });
+      return;
+    }
+    case "restore": {
+      const restoreData = deleteQuerySchema.safeParse(req.query);
+      if (!restoreData.success) return void res.status(400).json({ status: 400, message: "Could not restore: invalid ID" });
+      const { id } = restoreData.data;
+      const drive = await drive_default.findById(id);
+      if (!drive) return void res.status(404).json({ status: 404, message: "Could not restore: item not found" });
+      let targetParentId = drive.parentId;
+      if (targetParentId) {
+        const parent = await drive_default.findById(targetParentId);
+        if (parent?.trashedAt) {
+          targetParentId = null;
         }
-        const query = {
-          owner,
-          "provider.type": provider.name,
-          storageAccountId: accountId || null,
-          trashedAt: { $ne: null }
-        };
-        const items = await drive_default.find(query, {}, { sort: { trashedAt: -1 } });
-        const plainItems = addSignedUrlTokens(await Promise.all(items.map((item) => item.toClient())), config);
-        return res.status(200).json({
-          status: 200,
-          message: "Trash items",
-          data: { items: plainItems, hasMore: false }
-        });
       }
-      // ** 7C. RESTORE **
-      case "restore": {
-        const restoreData = deleteQuerySchema.safeParse(req.query);
-        if (!restoreData.success) return res.status(400).json({ status: 400, message: "Invalid ID" });
-        const { id } = restoreData.data;
-        const drive = await drive_default.findById(id);
-        if (!drive) return res.status(404).json({ status: 404, message: "Not found" });
-        let targetParentId = drive.parentId;
-        if (targetParentId) {
-          const parent = await drive_default.findById(targetParentId);
-          if (parent?.trashedAt) {
-            targetParentId = null;
-          }
+      const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
+      const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
+      try {
+        await itemProvider.untrash([id], owner, itemAccountId);
+        if (targetParentId !== drive.parentId) {
+          await itemProvider.move(id, targetParentId?.toString() ?? null, owner, itemAccountId);
         }
-        const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
-        const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
+      } catch (e) {
+        console.error("Provider restore failed:", e);
+      }
+      drive.trashedAt = null;
+      drive.parentId = targetParentId;
+      await drive.save();
+      res.status(200).json({
+        status: 200,
+        message: targetParentId === null && drive.parentId !== null ? "Restored to root (parent folder was trashed)" : "Restored",
+        data: null
+      });
+      return;
+    }
+    case "move": {
+      const moveData = moveBodySchema.safeParse(req.body);
+      if (!moveData.success) return void res.status(400).json({ status: 400, message: "Could not move: invalid request data" });
+      const { ids, targetFolderId } = moveData.data;
+      const items = [];
+      const effectiveTargetId = targetFolderId === "root" || !targetFolderId ? null : targetFolderId;
+      for (const id of ids) {
         try {
-          await itemProvider.untrash([id], owner, itemAccountId);
-          if (targetParentId !== drive.parentId) {
-            await itemProvider.move(id, targetParentId?.toString() ?? null, owner, itemAccountId);
-          }
+          const item = await provider.move(id, effectiveTargetId, owner, accountId);
+          items.push(item);
         } catch (e) {
-          console.error("Provider restore failed:", e);
+          console.error(`Failed to move item ${id}`, e);
         }
-        drive.trashedAt = null;
-        drive.parentId = targetParentId;
-        await drive.save();
-        return res.status(200).json({
-          status: 200,
-          message: targetParentId === null && drive.parentId !== null ? "Restored to root (parent folder was trashed)" : "Restored",
-          data: null
-        });
       }
-      // ** 7D. MOVE **
-      case "move": {
-        const moveData = moveBodySchema.safeParse(req.body);
-        if (!moveData.success) return res.status(400).json({ status: 400, message: "Invalid data" });
-        const { ids, targetFolderId } = moveData.data;
-        const items = [];
-        const effectiveTargetId = targetFolderId === "root" || !targetFolderId ? null : targetFolderId;
-        for (const id of ids) {
-          try {
-            const item = await provider.move(id, effectiveTargetId, owner, accountId);
-            items.push(item);
-          } catch (e) {
-            console.error(`Failed to move item ${id}`, e);
-          }
-        }
-        return res.status(200).json({ status: 200, message: "Moved", data: { items: addSignedUrlTokens(items, config) } });
+      res.status(200).json({ status: 200, message: "Moved", data: { items: withSignedUrls(items, config) } });
+      return;
+    }
+    case "reorder": {
+      if (req.method !== "POST") {
+        return void res.status(405).json({ status: 405, message: "Reordering requires a POST request" });
+      }
+      const reorderData = reorderBodySchema.safeParse(req.body);
+      if (!reorderData.success) {
+        return void res.status(400).json({ status: 400, message: "Could not reorder: invalid request data" });
+      }
+      const { ids } = reorderData.data;
+      const query = {
+        _id: { $in: ids },
+        "provider.type": provider.name,
+        storageAccountId: accountId || null,
+        trashedAt: null
+      };
+      if (!isRootMode) {
+        query.owner = owner;
+      }
+      const existingItems = await drive_default.find(query, { _id: 1, parentId: 1 });
+      if (existingItems.length !== ids.length) {
+        return void res.status(404).json({ status: 404, message: "Could not reorder: one or more items were not found" });
       }
-      // ** 8. RENAME **
-      case "rename": {
-        const renameData = renameBodySchema.safeParse({ id: req.query.id, ...req.body });
-        if (!renameData.success) return res.status(400).json({ status: 400, message: "Invalid data" });
-        const { id, newName } = renameData.data;
-        const item = addSignedUrlToken(await provider.rename(id, newName, owner, accountId), config);
-        return res.status(200).json({ status: 200, message: "Renamed", data: { item } });
+      const parentIds = new Set(existingItems.map((item) => item.parentId ? item.parentId.toString() : "root"));
+      if (parentIds.size > 1) {
+        return void res.status(400).json({ status: 400, message: "Could not reorder: all items must be in the same folder" });
       }
-      // ** 9. THUMBNAIL **
-      default:
-        res.status(400).json({ status: 400, message: `Unknown action: ${action}` });
+      const operations = ids.map((id, order) => ({
+        updateOne: {
+          filter: {
+            _id: id,
+            "provider.type": provider.name,
+            storageAccountId: accountId || null,
+            trashedAt: null,
+            ...isRootMode ? {} : { owner }
+          },
+          update: { $set: { order } }
+        }
+      }));
+      await drive_default.bulkWrite(operations);
+      const updatedItems = await drive_default.find(query, {}, { sort: { order: 1 } });
+      const plainItems = withSignedUrls(await Promise.all(updatedItems.map((item) => item.toClient())), config);
+      res.status(200).json({ status: 200, message: "Reordered", data: { items: plainItems } });
+      return;
+    }
+    case "rename": {
+      const renameData = renameBodySchema.safeParse({ id: req.query.id, ...req.body });
+      if (!renameData.success) return void res.status(400).json({ status: 400, message: "Could not rename: invalid request data" });
+      const { id, newName } = renameData.data;
+      const item = withSignedUrl(await provider.rename(id, newName, owner, accountId), config);
+      res.status(200).json({ status: 200, message: "Renamed", data: { item } });
+      return;
+    }
+    default: {
+      res.status(400).json({ status: 400, message: `Unknown action requested: "${action}"` });
+      return;
     }
+  }
+};
+
+// src/server/index.ts
+var driveAPIHandler = async (req, res) => {
+  const action = req.query.action || (req.query.code && req.query.state ? "callback" : void 0);
+  let config;
+  try {
+    config = getDriveConfig();
+  } catch (error) {
+    console.error("[next-drive] Configuration error:", error);
+    res.status(500).json({ status: 500, message: "Drive is not ready: failed to initialize configuration" });
+    return;
+  }
+  const isPreflightHandled = applyCorsHeaders(req, res, config);
+  if (isPreflightHandled) return;
+  if (!action) {
+    res.status(400).json({ status: 400, message: 'Missing "action" parameter in request' });
+    return;
+  }
+  const wasPublicHandled = await handlePublicAction(req, res, action, config);
+  if (wasPublicHandled) return;
+  try {
+    const mode = config.mode || "NORMAL";
+    const information = await getDriveInformation({ method: "REQUEST", req });
+    const { key: owner } = information;
+    const isRootMode = mode === "ROOT";
+    if (action === "information") {
+      const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
+      const googleConfigured = !!(clientId && clientSecret && redirectUri);
+      res.status(200).json({
+        status: 200,
+        message: "Information retrieved",
+        data: {
+          providers: {
+            google: googleConfigured
+          },
+          mode
+        }
+      });
+      return;
+    }
+    const wasAuthHandled = await handleAuthAction(req, res, action, config, owner);
+    if (wasAuthHandled) return;
+    const { provider, accountId } = await resolveProvider(req, owner);
+    await handleDriveAction({
+      req,
+      res,
+      action,
+      config,
+      owner,
+      isRootMode,
+      information,
+      provider,
+      accountId
+    });
   } catch (error) {
     console.error(`[next-drive] Error handling action ${action}:`, error);
-    res.status(500).json({ status: 500, message: error instanceof Error ? error.message : "Unknown error" });
+    const detail = error instanceof Error ? error.message : "Something went wrong while processing your request";
+    res.status(500).json({ status: 500, message: `Request "${action}" failed: ${detail}` });
   }
 };
 
 export { driveAPIHandler, driveCleanup, driveConfiguration, driveDelete, driveFilePath, driveFileSchemaZod, driveGetUrl, driveInfo, driveList, driveListFiles, driveReadFile, driveUpload, drive_default, getDriveConfig, getDriveInformation };
-//# sourceMappingURL=chunk-GV4HB2G6.js.map
-//# sourceMappingURL=chunk-GV4HB2G6.js.map
+//# sourceMappingURL=chunk-RBSFEEJJ.js.map
+//# sourceMappingURL=chunk-RBSFEEJJ.js.map