From fa45619dbba3f63d4c61b74f428023b088055513 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Sun, 16 Oct 2022 20:54:23 -0400
Subject: [PATCH 01/25] added basic UI for file transfer

---
 client/src/components/files.vue | 194 ++++++++++++++++++++++++++++++++
 client/src/components/side.vue  |   7 ++
 client/src/locale/en-us.ts      |   1 +
 3 files changed, 202 insertions(+)
 create mode 100644 client/src/components/files.vue

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
new file mode 100644
index 0000000..7e81fb9
--- /dev/null
+++ b/client/src/components/files.vue
@@ -0,0 +1,194 @@
+<template>
+  <div class="files">
+    <div class="files-cwd">
+      <p>{{ cwd }}</p>
+      <i class="fas fa-rotate-right refresh" @click="refresh" />
+    </div>
+    <div class="files-list">
+      <div v-for="item in files" :key="item.name" class="files-list-item">
+        <i :class="fileIcon(item)" />
+        <p>{{ item.name }}</p>
+        <i class="fas fa-download download" @click="() => download(item)" />
+      </div>
+    </div>
+    <div class="files-transfer" @dragover.prevent @drop.prevent="onFileDrop">
+      <i class="fas fa-file-arrow-up" />
+      <p>Drag files here to upload</p>
+    </div>
+  </div>
+</template>
+
+<style lang="scss" scoped>
+  .files {
+    flex: 1;
+    flex-direction: column;
+    display: flex;
+    max-width: 100%;
+
+    .files-cwd {
+      display: flex;
+      flex-direction: row;
+      margin: 10px 10px 0px 10px;
+      padding: 0.5em;
+      font-weight: 600;
+      background-color: rgba($color: #fff, $alpha: 0.05);
+      border-radius: 5px;
+    }
+
+    .files-list {
+      margin: 10px 10px 10px 10px;
+      background-color: rgba($color: #fff, $alpha: 0.05);
+      border-radius: 5px;
+      overflow-y: scroll;
+      scrollbar-width: thin;
+      scrollbar-color: $background-tertiary transparent;
+
+      &::-webkit-scrollbar {
+        width: 8px;
+      }
+
+      &::-webkit-scrollbar-track {
+        background-color: transparent;
+      }
+
+      &::-webkit-scrollbar-thumb {
+        background-color: $background-tertiary;
+        border: 2px solid $background-primary;
+        border-radius: 4px;
+      }
+
+      &::-webkit-scrollbar-thumb:hover {
+        background-color: $background-floating;
+      }
+    }
+
+    .files-list-item {
+      padding: 0.5em;
+      border-bottom: 2px solid rgba($color: #fff, $alpha: 0.10);
+      display: flex;
+      flex-direction: row;
+    }
+
+    .file-icon {
+      width: 14px;
+      margin-right: 0.5em;
+    }
+
+    .files-list-item:last-child {
+      border-bottom: 0px;
+    }
+
+    .refresh, .download {
+      margin-left: auto;
+    }
+
+    .refresh:hover, .download:hover {
+      cursor: pointer;
+    }
+
+    .files-transfer {
+      display: flex;
+      flex-direction: column;
+      text-align: center;
+      justify-content: center;
+      margin: auto 10px 10px 10px;
+      background-color: rgba($color: #fff, $alpha: 0.05);
+      border-radius: 5px;
+    }
+
+    .files-transfer > i {
+      font-size: 4em;
+      margin: 10px 10px 10px 10px;
+    }
+
+    .files-transfer > p {
+      margin: 0px 10px 10px 10px;
+    }
+
+  }
+</style>
+
+<script lang="ts">
+
+  import { Component, Vue } from 'vue-property-decorator'
+  import { onMounted, onUnmounted } from 'vue'
+
+  import Markdown from './markdown'
+  import Content from './context.vue'
+
+  @Component({
+    name: 'neko-files',
+    components: {
+      'neko-markdown': Markdown,
+      'neko-context': Content,
+    }
+  })
+  export default class extends Vue {
+
+    data() {
+      return {
+        cwd: '~/Downloads',
+        files: [
+          {
+            name: 'a.txt',
+            type: 'file'
+          },
+          {
+            name: 'b',
+            type: 'dir'
+          },
+          {
+            name: 'c.mkv',
+            type: 'file'
+          },
+          {
+            name: 'd.mp3',
+            type: 'file'
+          }
+        ]
+      }
+    }
+    
+    refresh() {
+      console.log('refresh')
+    }
+
+    download(item: any) {
+      console.log(item.name);
+    }
+
+    fileIcon(file: any) {
+      let className = 'file-icon fas '
+      if (file.type === 'dir') {
+        className += 'fa-folder'
+        return className
+      }
+      const parts = file.name.split('.')
+      if (!parts) {
+        className += 'fa-file'
+        return className
+      }
+      const ext = parts[parts.length - 1]
+      switch (ext) {
+        case 'mp3':
+        case 'flac':
+          className += 'fa-music'
+          break;
+        case 'webm':
+        case 'mp4':
+        case 'mkv':
+          className += 'fa-film'
+          break;
+        default:
+          className += 'fa-file'
+      }
+      return className;
+    }
+
+    onFileDrop(e: any) {
+      console.log('file dropped', e)
+      console.log(e.dataTransfer.files)
+    }
+  }
+
+</script>
diff --git a/client/src/components/side.vue b/client/src/components/side.vue
index db1ff81..2122e78 100644
--- a/client/src/components/side.vue
+++ b/client/src/components/side.vue
@@ -6,6 +6,10 @@
           <i class="fas fa-comment-alt" />
           <span>{{ $t('side.chat') }}</span>
         </li>
+        <li :class="{ active: tab === 'files' }" @click.stop.prevent="change('files')">
+          <i class="fas fa-file" />
+          <span>{{ $t('side.files') }}</span>
+        </li>
         <li :class="{ active: tab === 'settings' }" @click.stop.prevent="change('settings')">
           <i class="fas fa-sliders-h" />
           <span>{{ $t('side.settings') }}</span>
@@ -14,6 +18,7 @@
     </div>
     <div class="page-container">
       <neko-chat v-if="tab === 'chat'" />
+      <neko-files v-if="tab === 'files'" />
       <neko-settings v-if="tab === 'settings'" />
     </div>
   </aside>
@@ -78,12 +83,14 @@
 
   import Settings from '~/components/settings.vue'
   import Chat from '~/components/chat.vue'
+  import Files from '~/components/files.vue'
 
   @Component({
     name: 'neko',
     components: {
       'neko-settings': Settings,
       'neko-chat': Chat,
+      'neko-files': Files
     },
   })
   export default class extends Vue {
diff --git a/client/src/locale/en-us.ts b/client/src/locale/en-us.ts
index 91d98d9..b397e2d 100644
--- a/client/src/locale/en-us.ts
+++ b/client/src/locale/en-us.ts
@@ -7,6 +7,7 @@ export const send_a_message = 'Send a message'
 
 export const side = {
   chat: 'Chat',
+  files: 'Files',
   settings: 'Settings',
 }
 

From 1505abb70375eac4130aabbae498aa07ebc0612c Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Sun, 30 Oct 2022 21:06:05 -0400
Subject: [PATCH 02/25] http endpoints for transferring files

---
 server/internal/config/websocket.go    | 23 ++++++
 server/internal/http/http.go           | 97 ++++++++++++++++++++++++++
 server/internal/types/websocket.go     |  2 +
 server/internal/websocket/websocket.go | 25 +++++++
 4 files changed, 147 insertions(+)

diff --git a/server/internal/config/websocket.go b/server/internal/config/websocket.go
index 9105018..653411e 100644
--- a/server/internal/config/websocket.go
+++ b/server/internal/config/websocket.go
@@ -12,6 +12,10 @@ type WebSocket struct {
 	Locks         []string
 
 	ControlProtection bool
+
+	FileTransfer       bool
+	UnprivFileTransfer bool
+	FileTransferPath   string
 }
 
 func (WebSocket) Init(cmd *cobra.Command) error {
@@ -40,6 +44,21 @@ func (WebSocket) Init(cmd *cobra.Command) error {
 		return err
 	}
 
+	cmd.PersistentFlags().Bool("file_transfer", false, "allow file transfer for admins")
+	if err := viper.BindPFlag("file_transfer", cmd.PersistentFlags().Lookup("file_transfer")); err != nil {
+		return err
+	}
+
+	cmd.PersistentFlags().Bool("unpriv_file_transfer", false, "allow file transfer for non admins")
+	if err := viper.BindPFlag("unpriv_file_transfer", cmd.PersistentFlags().Lookup("unpriv_file_transfer")); err != nil {
+		return err
+	}
+
+	cmd.PersistentFlags().String("file_transfer_path", "/home/neko/Downloads", "path to use for file transfer")
+	if err := viper.BindPFlag("file_transfer_path", cmd.PersistentFlags().Lookup("file_transfer_path")); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -50,4 +69,8 @@ func (s *WebSocket) Set() {
 	s.Locks = viper.GetStringSlice("locks")
 
 	s.ControlProtection = viper.GetBool("control_protection")
+
+	s.FileTransfer = viper.GetBool("file_transfer")
+	s.UnprivFileTransfer = viper.GetBool("unpriv_file_transfer")
+	s.FileTransferPath = viper.GetString("file_transfer_path")
 }
diff --git a/server/internal/http/http.go b/server/internal/http/http.go
index 06b0863..4b8989c 100644
--- a/server/internal/http/http.go
+++ b/server/internal/http/http.go
@@ -3,9 +3,11 @@ package http
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"image/jpeg"
 	"net/http"
 	"os"
+	"regexp"
 	"strconv"
 
 	"github.com/go-chi/chi"
@@ -17,6 +19,8 @@ import (
 	"m1k1o/neko/internal/types"
 )
 
+const FILE_UPLOAD_BUF_SIZE = 65000
+
 type Server struct {
 	logger zerolog.Logger
 	router *chi.Mux
@@ -99,6 +103,99 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t
 		}
 	})
 
+	router.Get("/file", func(w http.ResponseWriter, r *http.Request) {
+		password := r.URL.Query().Get("pwd")
+		isAuthorized, err := webSocketHandler.CanTransferFiles(password)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusForbidden)
+			return
+		}
+
+		if !isAuthorized {
+			http.Error(w, "bad authorization", http.StatusUnauthorized)
+			return
+		}
+
+		filename := r.URL.Query().Get("filename")
+		badChars, _ := regexp.MatchString(`(?m)\.\.(?:\/|$)`, filename)
+		if filename == "" || badChars {
+			http.Error(w, "bad filename", http.StatusBadRequest)
+			return
+		}
+
+		path := webSocketHandler.MakeFilePath(filename)
+		f, err := os.Open(path)
+		if err != nil {
+			http.Error(w, "not found or unable to open", http.StatusNotFound)
+			return
+		}
+		defer f.Close()
+		fileinfo, err := f.Stat()
+		if err != nil {
+			http.Error(w, "unable to stat file", http.StatusInternalServerError)
+			return
+		}
+
+		buffer := make([]byte, fileinfo.Size())
+		_, err = f.Read(buffer)
+		if err != nil {
+			http.Error(w, "error reading file", http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("Content-Type", "application/octet-stream")
+		w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filename))
+		w.Write(buffer)
+	})
+
+	router.Post("/file", func(w http.ResponseWriter, r *http.Request) {
+		password := r.URL.Query().Get("pwd")
+		isAuthorized, err := webSocketHandler.CanTransferFiles(password)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusForbidden)
+			return
+		}
+
+		if !isAuthorized {
+			http.Error(w, "bad authorization", http.StatusUnauthorized)
+			return
+		}
+
+		r.ParseMultipartForm(32 << 20)
+		buffer := make([]byte, FILE_UPLOAD_BUF_SIZE)
+		for _, formheader := range r.MultipartForm.File["files"] {
+			formfile, err := formheader.Open()
+			if err != nil {
+				logger.Warn().Err(err).Msg("failed to open formdata file")
+				http.Error(w, "error writing file", http.StatusInternalServerError)
+				return
+			}
+			f, err := os.OpenFile(webSocketHandler.MakeFilePath(formheader.Filename), os.O_WRONLY|os.O_CREATE, 0644)
+			if err != nil {
+				http.Error(w, "unable to open file for writing", http.StatusInternalServerError)
+				return
+			}
+
+			var copied int64 = 0
+			for copied < formheader.Size {
+				var limit int64 = int64(len(buffer))
+				if limit > formheader.Size-copied {
+					limit = formheader.Size - copied
+				}
+				bytesRead, err := formfile.ReadAt(buffer[:limit], copied)
+				if err != nil {
+					logger.Warn().Err(err).Msg("failed copying file in upload")
+					http.Error(w, "error writing file", http.StatusInternalServerError)
+					return
+				}
+				f.Write(buffer[:bytesRead])
+				copied += int64(bytesRead)
+			}
+
+			formfile.Close()
+			f.Close()
+		}
+	})
+
 	router.Get("/health", func(w http.ResponseWriter, r *http.Request) {
 		_, _ = w.Write([]byte("true"))
 	})
diff --git a/server/internal/types/websocket.go b/server/internal/types/websocket.go
index 968bbb8..374d4f9 100644
--- a/server/internal/types/websocket.go
+++ b/server/internal/types/websocket.go
@@ -34,4 +34,6 @@ type WebSocketHandler interface {
 	Stats() Stats
 	IsLocked(resource string) bool
 	IsAdmin(password string) (bool, error)
+	CanTransferFiles(password string) (bool, error)
+	MakeFilePath(filename string) string
 }
diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go
index a4ec572..00e8eda 100644
--- a/server/internal/websocket/websocket.go
+++ b/server/internal/websocket/websocket.go
@@ -3,6 +3,7 @@ package websocket
 import (
 	"fmt"
 	"net/http"
+	"os"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -33,6 +34,14 @@ func New(sessions types.SessionManager, desktop types.DesktopManager, capture ty
 		logger.Info().Msgf("control locked on behalf of control protection")
 	}
 
+	if conf.FileTransferPath[len(conf.FileTransferPath)-1] != '/' {
+		conf.FileTransferPath += "/"
+	}
+	err := os.Mkdir(conf.FileTransferPath, 0755)
+	if err != nil && !os.IsExist(err) {
+		logger.Panic().Err(err).Msg("unable to create file transfer directory")
+	}
+
 	// apply default locks
 	for _, lock := range conf.Locks {
 		state.Lock(lock, "") // empty session ID
@@ -314,6 +323,22 @@ func (ws *WebSocketHandler) IsAdmin(password string) (bool, error) {
 	return false, fmt.Errorf("invalid password")
 }
 
+func (ws *WebSocketHandler) CanTransferFiles(password string) (bool, error) {
+	if !ws.conf.FileTransfer {
+		return false, nil
+	}
+
+	if !ws.conf.UnprivFileTransfer {
+		return ws.IsAdmin(password)
+	}
+
+	return password == ws.conf.Password, nil
+}
+
+func (ws *WebSocketHandler) MakeFilePath(filename string) string {
+	return fmt.Sprintf("%s%s", ws.conf.FileTransferPath, filename)
+}
+
 func (ws *WebSocketHandler) authenticate(r *http.Request) (bool, error) {
 	passwords, ok := r.URL.Query()["password"]
 	if !ok || len(passwords[0]) < 1 {

From 70e84c584075b8d2964330cdf10d94fac0455256 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Wed, 2 Nov 2022 22:20:32 -0400
Subject: [PATCH 03/25] listing of files on connect

---
 client/src/components/files.vue           | 32 ++++++---------------
 client/src/neko/events.ts                 | 16 +++++++++++
 client/src/neko/index.ts                  |  9 ++++++
 client/src/neko/messages.ts               | 17 ++++++++++-
 client/src/neko/types.ts                  |  5 ++++
 client/src/store/files.ts                 | 35 +++++++++++++++++++++++
 client/src/store/index.ts                 |  3 +-
 server/internal/types/event/events.go     |  8 ++++++
 server/internal/types/message/messages.go | 11 +++++++
 server/internal/types/websocket.go        |  5 ++++
 server/internal/utils/files.go            | 30 +++++++++++++++++++
 server/internal/websocket/websocket.go    | 15 ++++++++++
 12 files changed, 160 insertions(+), 26 deletions(-)
 create mode 100644 client/src/store/files.ts
 create mode 100644 server/internal/utils/files.go

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 7e81fb9..d663b31 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -8,7 +8,8 @@
       <div v-for="item in files" :key="item.name" class="files-list-item">
         <i :class="fileIcon(item)" />
         <p>{{ item.name }}</p>
-        <i class="fas fa-download download" @click="() => download(item)" />
+        <i v-if="item.type !== 'dir'" class="fas fa-download download"
+        @click="() => download(item)" />
       </div>
     </div>
     <div class="files-transfer" @dragover.prevent @drop.prevent="onFileDrop">
@@ -111,7 +112,6 @@
 <script lang="ts">
 
   import { Component, Vue } from 'vue-property-decorator'
-  import { onMounted, onUnmounted } from 'vue'
 
   import Markdown from './markdown'
   import Content from './context.vue'
@@ -125,28 +125,12 @@
   })
   export default class extends Vue {
 
-    data() {
-      return {
-        cwd: '~/Downloads',
-        files: [
-          {
-            name: 'a.txt',
-            type: 'file'
-          },
-          {
-            name: 'b',
-            type: 'dir'
-          },
-          {
-            name: 'c.mkv',
-            type: 'file'
-          },
-          {
-            name: 'd.mp3',
-            type: 'file'
-          }
-        ]
-      }
+    get cwd() {
+      return this.$accessor.files.cwd
+    }
+
+    get files() {
+      return this.$accessor.files.files
     }
     
     refresh() {
diff --git a/client/src/neko/events.ts b/client/src/neko/events.ts
index 7b637a6..b6c6cbd 100644
--- a/client/src/neko/events.ts
+++ b/client/src/neko/events.ts
@@ -38,6 +38,13 @@ export const EVENT = {
     MESSAGE: 'chat/message',
     EMOTE: 'chat/emote',
   },
+  FILETRANSFER: {
+    ENABLE: 'filetransfer/enable',
+    DISABLE: 'filetransfer/disable',
+    UNPRIVENABLE: 'filetransfer/unprivenable',
+    UNPRIVDISABLE: 'filetransfer/unprivdisable',
+    LIST: 'filetransfer/list'
+  },
   SCREEN: {
     CONFIGURATIONS: 'screen/configurations',
     RESOLUTION: 'screen/resolution',
@@ -69,6 +76,7 @@ export type WebSocketEvents =
   | MemberEvents
   | SignalEvents
   | ChatEvents
+  | FileTransferEvents
   | ScreenEvents
   | BroadcastEvents
   | AdminEvents
@@ -91,6 +99,14 @@ export type SignalEvents =
   | typeof EVENT.SIGNAL.CANDIDATE
 
 export type ChatEvents = typeof EVENT.CHAT.MESSAGE | typeof EVENT.CHAT.EMOTE
+
+export type FileTransferEvents =
+  | typeof EVENT.FILETRANSFER.ENABLE
+  | typeof EVENT.FILETRANSFER.DISABLE
+  | typeof EVENT.FILETRANSFER.UNPRIVENABLE
+  | typeof EVENT.FILETRANSFER.UNPRIVDISABLE
+  | typeof EVENT.FILETRANSFER.LIST
+
 export type ScreenEvents = typeof EVENT.SCREEN.CONFIGURATIONS | typeof EVENT.SCREEN.RESOLUTION | typeof EVENT.SCREEN.SET
 
 export type BroadcastEvents =
diff --git a/client/src/neko/index.ts b/client/src/neko/index.ts
index 35f057f..a066b3b 100644
--- a/client/src/neko/index.ts
+++ b/client/src/neko/index.ts
@@ -24,6 +24,7 @@ import {
   AdminLockMessage,
   SystemInitPayload,
   AdminLockResource,
+  FileTransferListPayload,
 } from './messages'
 
 interface NekoEvents extends BaseEvents {}
@@ -351,6 +352,14 @@ export class NekoClient extends BaseClient implements EventEmitter<NekoEvents> {
     this.$accessor.chat.newEmote({ type: emote })
   }
 
+  /////////////////////////////
+  // Chat Events
+  /////////////////////////////
+  protected [EVENT.FILETRANSFER.LIST]({ cwd, files }: FileTransferListPayload) {
+    this.$accessor.files.setCwd(cwd)
+    this.$accessor.files.setFileList(files)
+  }
+
   /////////////////////////////
   // Screen Events
   /////////////////////////////
diff --git a/client/src/neko/messages.ts b/client/src/neko/messages.ts
index 65c3969..feb6073 100644
--- a/client/src/neko/messages.ts
+++ b/client/src/neko/messages.ts
@@ -8,8 +8,14 @@ import {
   ChatEvents,
   ScreenEvents,
   AdminEvents,
+  FileTransferEvents,
 } from './events'
-import { Member, ScreenConfigurations, ScreenResolution } from './types'
+import {
+  FileListItem,
+  Member,
+  ScreenConfigurations,
+  ScreenResolution
+} from './types'
 
 export type WebSocketMessages =
   | WebSocketMessage
@@ -192,6 +198,15 @@ export interface EmojiSendPayload {
   emote: string
 }
 
+// file transfer
+export interface FileTransferMessage extends WebSocketMessage, FileTransferListPayload {
+  event: FileTransferEvents
+}
+export interface FileTransferListPayload {
+  cwd: string,
+  files: FileListItem[]
+}
+
 /*
   SCREEN PAYLOADS
 */
diff --git a/client/src/neko/types.ts b/client/src/neko/types.ts
index a4df647..938fc8c 100644
--- a/client/src/neko/types.ts
+++ b/client/src/neko/types.ts
@@ -22,3 +22,8 @@ export interface ScreenResolution {
   height: number
   rate: number
 }
+
+export interface FileListItem {
+  name: string,
+  type: 'file' | 'dir'
+}
diff --git a/client/src/store/files.ts b/client/src/store/files.ts
new file mode 100644
index 0000000..ce57a6e
--- /dev/null
+++ b/client/src/store/files.ts
@@ -0,0 +1,35 @@
+import { actionTree, getterTree, mutationTree } from 'typed-vuex'
+import { FileListItem } from '~/neko/types'
+import { accessor } from '~/store'
+
+export const state = () => ({
+  cwd: '',
+  files: [] as FileListItem[]
+})
+
+export const getters = getterTree(state, {
+  //
+})
+
+export const mutations = mutationTree(state, {
+  _setCwd(state, cwd: string) {
+    state.cwd = cwd
+  },
+
+  _setFileList(state, files: FileListItem[]) {
+    state.files = files
+  }
+})
+
+export const actions = actionTree(
+  { state, getters, mutations },
+  {
+    setCwd(store, cwd: string) {
+      accessor.files._setCwd(cwd)
+    },
+
+    setFileList(store, files: FileListItem[]) {
+      accessor.files._setFileList(files)
+    }
+  }
+)
diff --git a/client/src/store/index.ts b/client/src/store/index.ts
index 3abb348..11bafe2 100644
--- a/client/src/store/index.ts
+++ b/client/src/store/index.ts
@@ -7,6 +7,7 @@ import { get, set } from '~/utils/localstorage'
 
 import * as video from './video'
 import * as chat from './chat'
+import * as files from './files'
 import * as remote from './remote'
 import * as user from './user'
 import * as settings from './settings'
@@ -97,7 +98,7 @@ export const storePattern = {
   state,
   mutations,
   actions,
-  modules: { video, chat, user, remote, settings, client, emoji },
+  modules: { video, chat, files, user, remote, settings, client, emoji },
 }
 
 Vue.use(Vuex)
diff --git a/server/internal/types/event/events.go b/server/internal/types/event/events.go
index fca67f8..e6bf8b5 100644
--- a/server/internal/types/event/events.go
+++ b/server/internal/types/event/events.go
@@ -34,6 +34,14 @@ const (
 	CHAT_EMOTE   = "chat/emote"
 )
 
+const (
+	FILETRANSFER_ENABLE        = "filetransfer/enable"
+	FILETRANSFER_DISABLE       = "filetransfer/disable"
+	FILETRANSFER_UNPRIVENABLE  = "filetransfer/unprivenable"
+	FILETRANSFER_UNPRIVDISABLE = "filetransfer/unprivdisable"
+	FILETRANSFER_LIST          = "filetransfer/list"
+)
+
 const (
 	SCREEN_CONFIGURATIONS = "screen/configurations"
 	SCREEN_RESOLUTION     = "screen/resolution"
diff --git a/server/internal/types/message/messages.go b/server/internal/types/message/messages.go
index 29542be..2364360 100644
--- a/server/internal/types/message/messages.go
+++ b/server/internal/types/message/messages.go
@@ -106,6 +106,17 @@ type EmoteSend struct {
 	Emote string `json:"emote"`
 }
 
+type FileTransferTarget struct {
+	Event string `json:"event"`
+	ID    string `json:"id"`
+}
+
+type FileList struct {
+	Event string               `json:"event"`
+	Cwd   string               `json:"cwd"`
+	Files []types.FileListItem `json:"files"`
+}
+
 type Admin struct {
 	Event string `json:"event"`
 	ID    string `json:"id"`
diff --git a/server/internal/types/websocket.go b/server/internal/types/websocket.go
index 374d4f9..2fa1479 100644
--- a/server/internal/types/websocket.go
+++ b/server/internal/types/websocket.go
@@ -37,3 +37,8 @@ type WebSocketHandler interface {
 	CanTransferFiles(password string) (bool, error)
 	MakeFilePath(filename string) string
 }
+
+type FileListItem struct {
+	Filename string `json:"name"`
+	Type     string `json:"type"`
+}
diff --git a/server/internal/utils/files.go b/server/internal/utils/files.go
new file mode 100644
index 0000000..7ac3005
--- /dev/null
+++ b/server/internal/utils/files.go
@@ -0,0 +1,30 @@
+package utils
+
+import (
+	"os"
+
+	"m1k1o/neko/internal/types"
+)
+
+func ListFiles(path string) (*[]types.FileListItem, error) {
+	items, err := os.ReadDir(path)
+	if err != nil {
+		return nil, err
+	}
+
+	out := make([]types.FileListItem, len(items))
+	for i, item := range items {
+		var itemType string = ""
+		if item.IsDir() {
+			itemType = "dir"
+		} else {
+			itemType = "file"
+		}
+		out[i] = types.FileListItem{
+			Filename: item.Name(),
+			Type:     itemType,
+		}
+	}
+
+	return &out, nil
+}
diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go
index 00e8eda..ade10be 100644
--- a/server/internal/websocket/websocket.go
+++ b/server/internal/websocket/websocket.go
@@ -133,6 +133,21 @@ func (ws *WebSocketHandler) Start() {
 			}
 		}
 
+		// send file list if necessary
+		if session.Admin() && ws.conf.FileTransfer || ws.conf.FileTransfer && ws.conf.UnprivFileTransfer {
+			files, err := utils.ListFiles(ws.conf.FileTransferPath)
+			if err == nil {
+				if err := session.Send(
+					message.FileList{
+						Event: event.FILETRANSFER_LIST,
+						Cwd:   ws.conf.FileTransferPath,
+						Files: *files,
+					}); err != nil {
+					ws.logger.Warn().Err(err).Msg("file list event has failed")
+				}
+			}
+		}
+
 		// remove outdated stats
 		if session.Admin() {
 			ws.lastAdminLeftAt = nil

From cfc7b15211dfa8e7a54ddd9c7795f61ce1184add Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Thu, 3 Nov 2022 21:54:05 -0400
Subject: [PATCH 04/25] manual refresh function

---
 client/src/components/files.vue              |  2 +-
 client/src/neko/base.ts                      |  8 ++++++
 client/src/neko/events.ts                    |  4 ++-
 client/src/store/files.ts                    |  7 ++++++
 server/internal/types/event/events.go        |  1 +
 server/internal/websocket/handler/files.go   | 26 ++++++++++++++++++++
 server/internal/websocket/handler/handler.go |  4 +++
 server/internal/websocket/state/state.go     | 24 +++++++++++++++++-
 server/internal/websocket/websocket.go       |  2 +-
 9 files changed, 74 insertions(+), 4 deletions(-)
 create mode 100644 server/internal/websocket/handler/files.go

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index d663b31..6dc82cf 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -134,7 +134,7 @@
     }
     
     refresh() {
-      console.log('refresh')
+      this.$accessor.files.refresh()
     }
 
     download(item: any) {
diff --git a/client/src/neko/base.ts b/client/src/neko/base.ts
index 31ec8ad..dc767b5 100644
--- a/client/src/neko/base.ts
+++ b/client/src/neko/base.ts
@@ -187,6 +187,14 @@ export abstract class BaseClient extends EventEmitter<BaseEvents> {
     this._ws!.send(JSON.stringify({ event, ...payload }))
   }
 
+  public refreshFiles() {
+    if (!this.connected) {
+      this.emit('warn', 'attempting to refresh files while disconnected')
+    }
+    this.emit('debug', `sending event '${EVENT.FILETRANSFER.REFRESH}'`)
+    this._ws!.send(JSON.stringify({ event: EVENT.FILETRANSFER.REFRESH }))
+  }
+
   public async createPeer(lite: boolean, servers: RTCIceServer[]) {
     this.emit('debug', `creating peer`)
     if (!this.socketOpen) {
diff --git a/client/src/neko/events.ts b/client/src/neko/events.ts
index b6c6cbd..d12046a 100644
--- a/client/src/neko/events.ts
+++ b/client/src/neko/events.ts
@@ -43,7 +43,8 @@ export const EVENT = {
     DISABLE: 'filetransfer/disable',
     UNPRIVENABLE: 'filetransfer/unprivenable',
     UNPRIVDISABLE: 'filetransfer/unprivdisable',
-    LIST: 'filetransfer/list'
+    LIST: 'filetransfer/list',
+    REFRESH: 'filetransfer/refresh'
   },
   SCREEN: {
     CONFIGURATIONS: 'screen/configurations',
@@ -106,6 +107,7 @@ export type FileTransferEvents =
   | typeof EVENT.FILETRANSFER.UNPRIVENABLE
   | typeof EVENT.FILETRANSFER.UNPRIVDISABLE
   | typeof EVENT.FILETRANSFER.LIST
+  | typeof EVENT.FILETRANSFER.REFRESH
 
 export type ScreenEvents = typeof EVENT.SCREEN.CONFIGURATIONS | typeof EVENT.SCREEN.RESOLUTION | typeof EVENT.SCREEN.SET
 
diff --git a/client/src/store/files.ts b/client/src/store/files.ts
index ce57a6e..9c8ce06 100644
--- a/client/src/store/files.ts
+++ b/client/src/store/files.ts
@@ -30,6 +30,13 @@ export const actions = actionTree(
 
     setFileList(store, files: FileListItem[]) {
       accessor.files._setFileList(files)
+    },
+
+    refresh(store) {
+      if (!accessor.connected) {
+        return
+      }
+      $client.refreshFiles()
     }
   }
 )
diff --git a/server/internal/types/event/events.go b/server/internal/types/event/events.go
index e6bf8b5..8c5e12f 100644
--- a/server/internal/types/event/events.go
+++ b/server/internal/types/event/events.go
@@ -40,6 +40,7 @@ const (
 	FILETRANSFER_UNPRIVENABLE  = "filetransfer/unprivenable"
 	FILETRANSFER_UNPRIVDISABLE = "filetransfer/unprivdisable"
 	FILETRANSFER_LIST          = "filetransfer/list"
+	FILETRANSFER_REFRESH       = "filetransfer/refresh"
 )
 
 const (
diff --git a/server/internal/websocket/handler/files.go b/server/internal/websocket/handler/files.go
new file mode 100644
index 0000000..cda7ec8
--- /dev/null
+++ b/server/internal/websocket/handler/files.go
@@ -0,0 +1,26 @@
+package handler
+
+import (
+	"errors"
+	"m1k1o/neko/internal/types"
+	"m1k1o/neko/internal/types/event"
+	"m1k1o/neko/internal/types/message"
+	"m1k1o/neko/internal/utils"
+)
+
+func (h *MessageHandler) refresh(session types.Session) error {
+	if !(h.state.FileTransferEnabled() && session.Admin() || h.state.UnprivFileTransferEnabled()) {
+		return errors.New(session.Member().Name + " tried to refresh file list when they can't")
+	}
+
+	files, err := utils.ListFiles(h.state.FileTransferPath())
+	if err != nil {
+		return err
+	}
+	return session.Send(
+		message.FileList{
+			Event: event.FILETRANSFER_LIST,
+			Cwd:   h.state.FileTransferPath(),
+			Files: *files,
+		})
+}
diff --git a/server/internal/websocket/handler/handler.go b/server/internal/websocket/handler/handler.go
index b2b529c..004a4b4 100644
--- a/server/internal/websocket/handler/handler.go
+++ b/server/internal/websocket/handler/handler.go
@@ -126,6 +126,10 @@ func (h *MessageHandler) Message(id string, raw []byte) error {
 				return h.chatEmote(id, session, payload)
 			}), "%s failed", header.Event)
 
+	// File Transfer Events
+	case event.FILETRANSFER_REFRESH:
+		return errors.Wrapf(h.refresh(session), "%s failed", header.Event)
+
 	// Screen Events
 	case event.SCREEN_RESOLUTION:
 		return errors.Wrapf(h.screenResolution(id, session), "%s failed", header.Event)
diff --git a/server/internal/websocket/state/state.go b/server/internal/websocket/state/state.go
index 3b38797..1c2719c 100644
--- a/server/internal/websocket/state/state.go
+++ b/server/internal/websocket/state/state.go
@@ -3,12 +3,20 @@ package state
 type State struct {
 	banned map[string]string // IP -> session ID (that banned it)
 	locked map[string]string // resource name -> session ID (that locked it)
+
+	fileTransferEnabled       bool   // admins can transfer files
+	fileTransferUnprivEnabled bool   // all users can transfer files
+	fileTransferPath          string // path where files are located
 }
 
-func New() *State {
+func New(fileTransferEnabled bool, fileTransferUnprivEnabled bool, fileTransferPath string) *State {
 	return &State{
 		banned: make(map[string]string),
 		locked: make(map[string]string),
+
+		fileTransferEnabled:       fileTransferEnabled,
+		fileTransferUnprivEnabled: fileTransferUnprivEnabled,
+		fileTransferPath:          fileTransferPath,
 	}
 }
 
@@ -59,3 +67,17 @@ func (s *State) GetLocked(resource string) (string, bool) {
 func (s *State) AllLocked() map[string]string {
 	return s.locked
 }
+
+// File Transfer
+
+func (s *State) FileTransferEnabled() bool {
+	return s.fileTransferEnabled
+}
+
+func (s *State) UnprivFileTransferEnabled() bool {
+	return s.fileTransferUnprivEnabled
+}
+
+func (s *State) FileTransferPath() string {
+	return s.fileTransferPath
+}
diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go
index ade10be..23c42bd 100644
--- a/server/internal/websocket/websocket.go
+++ b/server/internal/websocket/websocket.go
@@ -26,7 +26,7 @@ const CONTROL_PROTECTION_SESSION = "by_control_protection"
 func New(sessions types.SessionManager, desktop types.DesktopManager, capture types.CaptureManager, webrtc types.WebRTCManager, conf *config.WebSocket) *WebSocketHandler {
 	logger := log.With().Str("module", "websocket").Logger()
 
-	state := state.New()
+	state := state.New(conf.FileTransfer, conf.UnprivFileTransfer, conf.FileTransferPath)
 
 	// if control protection is enabled
 	if conf.ControlProtection {

From 7c6029aa996af182b343a289c6c82b4330c458f5 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Fri, 4 Nov 2022 22:43:18 -0400
Subject: [PATCH 05/25] watch file transfer dir for changes

---
 server/internal/websocket/websocket.go | 49 ++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go
index 23c42bd..f461765 100644
--- a/server/internal/websocket/websocket.go
+++ b/server/internal/websocket/websocket.go
@@ -8,6 +8,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/fsnotify/fsnotify"
 	"github.com/gorilla/websocket"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
@@ -211,6 +212,30 @@ func (ws *WebSocketHandler) Start() {
 
 		ws.logger.Err(err).Msg("sync clipboard")
 	})
+
+	// watch for file changes
+	if ws.conf.FileTransfer {
+		watcher, err := fsnotify.NewWatcher()
+		if err != nil {
+			ws.logger.Err(err).Msg("unable to start file transfer dir watcher")
+			return
+		}
+
+		go func() {
+			for {
+				select {
+				case <-watcher.Events:
+					ws.sendFileTransferUpdate()
+				case err := <-watcher.Errors:
+					ws.logger.Err(err).Msg("error in file transfer dir watcher")
+				}
+			}
+		}()
+
+		if err := watcher.Add(ws.conf.FileTransferPath); err != nil {
+			ws.logger.Err(err).Msg("unable to add file transfer path to watcher")
+		}
+	}
 }
 
 func (ws *WebSocketHandler) Shutdown() error {
@@ -354,6 +379,30 @@ func (ws *WebSocketHandler) MakeFilePath(filename string) string {
 	return fmt.Sprintf("%s%s", ws.conf.FileTransferPath, filename)
 }
 
+func (ws *WebSocketHandler) sendFileTransferUpdate() {
+	files, err := utils.ListFiles(ws.conf.FileTransferPath)
+	if err != nil {
+		ws.logger.Err(err).Msg("unable to ls file transfer path")
+		return
+	}
+
+	message := message.FileList{
+		Event: event.FILETRANSFER_LIST,
+		Cwd:   ws.conf.FileTransferPath,
+		Files: *files,
+	}
+
+	var broadcastErr error
+	if ws.conf.UnprivFileTransfer {
+		broadcastErr = ws.sessions.Broadcast(message, nil)
+	} else {
+		broadcastErr = ws.sessions.AdminBroadcast(message, nil)
+	}
+	if broadcastErr != nil {
+		ws.logger.Err(broadcastErr).Msg("unable to broadcast file list")
+	}
+}
+
 func (ws *WebSocketHandler) authenticate(r *http.Request) (bool, error) {
 	passwords, ok := r.URL.Query()["password"]
 	if !ok || len(passwords[0]) < 1 {

From b9f31cc19c1dabc7efde25ef2486eab8cd6e1bc9 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Fri, 11 Nov 2022 20:27:15 -0500
Subject: [PATCH 06/25] added file downloads to frontend

---
 client/src/components/files.vue    | 148 ++++++++++++++++++++++++++---
 client/src/neko/base.ts            |   8 --
 client/src/neko/index.ts           |   8 ++
 client/src/neko/types.ts           |  14 ++-
 client/src/store/files.ts          |  24 ++++-
 server/internal/http/http.go       |   1 +
 server/internal/types/websocket.go |   1 +
 server/internal/utils/files.go     |   6 ++
 8 files changed, 185 insertions(+), 25 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 6dc82cf..1c99496 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -8,13 +8,28 @@
       <div v-for="item in files" :key="item.name" class="files-list-item">
         <i :class="fileIcon(item)" />
         <p>{{ item.name }}</p>
+        <p class="file-size">{{ fileSize(item.size) }}</p>
         <i v-if="item.type !== 'dir'" class="fas fa-download download"
         @click="() => download(item)" />
       </div>
     </div>
-    <div class="files-transfer" @dragover.prevent @drop.prevent="onFileDrop">
-      <i class="fas fa-file-arrow-up" />
-      <p>Drag files here to upload</p>
+    <div class="transfer-area">
+      <div class="transfers" v-if="transfers.length > 0">
+        <p>Downloads</p>
+        <div v-for="download in downloads" :key="download.name" class="transfers-list-item">
+          <div class="transfer-info">
+            <p>{{ download.name }}</p>
+            <p class="file-size">{{ Math.max(100, Math.round(download.progress / download.size * 100))}}%</p>
+            <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(download)"></i>
+          </div>
+          <progress class="transfer-progress" :aria-label="download.name + ' progress'" :value="download.progress"
+          :max="download.size"></progress>
+        </div>
+      </div>
+      <div class="upload-area" @dragover.prevent @drop.prevent="onFileDrop">
+        <i class="fas fa-file-arrow-up" />
+        <p>Drag files here to upload</p>
+      </div>
     </div>
   </div>
 </template>
@@ -79,30 +94,63 @@
       border-bottom: 0px;
     }
 
-    .refresh, .download {
+    .refresh {
       margin-left: auto;
     }
 
-    .refresh:hover, .download:hover {
+    .file-size {
+      margin-left: auto;
+      margin-right: 0.5em;
+      color: rgba($color: #fff, $alpha: 0.40);
+    }
+
+    .refresh:hover, .download:hover, .remove-transfer:hover {
       cursor: pointer;
     }
 
-    .files-transfer {
-      display: flex;
-      flex-direction: column;
-      text-align: center;
-      justify-content: center;
-      margin: auto 10px 10px 10px;
+    .transfer-area {
+      margin-top: auto;
+    }
+
+    .transfers {
+      margin: 10px 10px 10px 10px;
       background-color: rgba($color: #fff, $alpha: 0.05);
       border-radius: 5px;
     }
 
-    .files-transfer > i {
+    .transfers > p {
+      padding: 10px;
+      font-weight: 600;
+    }
+
+    .transfer-info {
+      display: flex;
+      flex-direction: row;
+      max-width: 100%;
+      padding: 10px;
+    }
+
+    .transfer-progress {
+      margin: 0px 10px 10px 10px;
+      width: 95%;
+    }
+
+    .upload-area {
+      display: flex;
+      flex-direction: column;
+      text-align: center;
+      justify-content: center;
+      margin: 10px 10px 10px 10px;
+      background-color: rgba($color: #fff, $alpha: 0.05);
+      border-radius: 5px;
+    }
+
+    .upload-area > i {
       font-size: 4em;
       margin: 10px 10px 10px 10px;
     }
 
-    .files-transfer > p {
+    .upload-area > p {
       margin: 0px 10px 10px 10px;
     }
 
@@ -115,6 +163,7 @@
 
   import Markdown from './markdown'
   import Content from './context.vue'
+import { FileTransfer } from '~/neko/types'
 
   @Component({
     name: 'neko-files',
@@ -132,13 +181,68 @@
     get files() {
       return this.$accessor.files.files
     }
+
+    get transfers() {
+      return this.$accessor.files.transfers
+    }
+
+    get downloads() {
+      return this.$accessor.files.transfers.filter((t => t.direction === 'download'))
+    }
+
+    get uploads() {
+      return this.$accessor.files.transfers.filter((t => t.direction === 'upload'))
+    }
     
     refresh() {
       this.$accessor.files.refresh()
     }
 
     download(item: any) {
-      console.log(item.name);
+      const url = `/file?pwd=${this.$accessor.password}&filename=${item.name}`
+      let transfer: FileTransfer = {
+        id: Math.round(Math.random() * 10000),
+        name: item.name,
+        direction: 'download',
+        // this is just an estimation, but for large files the content length
+        // is not sent (chunked transfer)
+        size: item.size,
+        progress: 0,
+        status: 'pending',
+        axios: null,
+        // TODO add support for aborting in progress requests, requires axios >=0.22
+        abortController: null
+      }
+      transfer.axios = this.$http.get(url, {
+        responseType: 'blob',
+        onDownloadProgress: (x) => {
+          transfer.progress = x.loaded
+
+          if (x.lengthComputable) {
+            transfer.size = x.total
+          }
+          if (transfer.progress === transfer.size) {
+            transfer.status = 'completed'
+          }
+        }
+      }).then((res) => {
+        const url = window.URL
+        .createObjectURL(new Blob([res.data]))
+        const link = document.createElement('a')
+        link.href = url
+        link.setAttribute('download', item.name)
+        document.body.appendChild(link)
+        link.click()
+        document.body.removeChild(link)
+      }).catch((err) => {
+        this.$log.error(err)
+      })
+      this.$accessor.files.addTransfer(transfer)
+    }
+
+    removeTransfer(item: FileTransfer) {
+      console.log(item)
+      this.$accessor.files.removeTransfer(item)
     }
 
     fileIcon(file: any) {
@@ -169,6 +273,22 @@
       return className;
     }
 
+    fileSize(size: number) {
+      if (size < 1000) {
+        return `${size} b`
+      }
+      if (size < 1000 ** 2) {
+        return `${(size / 1000).toFixed(2)} kb`
+      }
+      if (size < 1000 ** 3) {
+        return `${(size / 1000 ** 2).toFixed(2)} mb`
+      }
+      if (size < 1000 ** 4) {
+        return `${(size / 1000 ** 3).toFixed(2)} gb`
+      }
+      return `${(size / 1000 ** 4).toFixed(3)} tb`
+    }
+
     onFileDrop(e: any) {
       console.log('file dropped', e)
       console.log(e.dataTransfer.files)
diff --git a/client/src/neko/base.ts b/client/src/neko/base.ts
index dc767b5..31ec8ad 100644
--- a/client/src/neko/base.ts
+++ b/client/src/neko/base.ts
@@ -187,14 +187,6 @@ export abstract class BaseClient extends EventEmitter<BaseEvents> {
     this._ws!.send(JSON.stringify({ event, ...payload }))
   }
 
-  public refreshFiles() {
-    if (!this.connected) {
-      this.emit('warn', 'attempting to refresh files while disconnected')
-    }
-    this.emit('debug', `sending event '${EVENT.FILETRANSFER.REFRESH}'`)
-    this._ws!.send(JSON.stringify({ event: EVENT.FILETRANSFER.REFRESH }))
-  }
-
   public async createPeer(lite: boolean, servers: RTCIceServer[]) {
     this.emit('debug', `creating peer`)
     if (!this.socketOpen) {
diff --git a/client/src/neko/index.ts b/client/src/neko/index.ts
index a066b3b..15033db 100644
--- a/client/src/neko/index.ts
+++ b/client/src/neko/index.ts
@@ -71,6 +71,14 @@ export class NekoClient extends BaseClient implements EventEmitter<NekoEvents> {
     })
   }
 
+  public refreshFiles() {
+    if (!this.connected) {
+      this.emit('warn', 'attempting to refresh files while disconnected')
+    }
+    this.emit('debug', `sending event '${EVENT.FILETRANSFER.REFRESH}'`)
+    this._ws!.send(JSON.stringify({ event: EVENT.FILETRANSFER.REFRESH }))
+  }
+
   /////////////////////////////
   // Internal Events
   /////////////////////////////
diff --git a/client/src/neko/types.ts b/client/src/neko/types.ts
index 938fc8c..31bb44a 100644
--- a/client/src/neko/types.ts
+++ b/client/src/neko/types.ts
@@ -25,5 +25,17 @@ export interface ScreenResolution {
 
 export interface FileListItem {
   name: string,
-  type: 'file' | 'dir'
+  type: 'file' | 'dir',
+  size: number
+}
+
+export interface FileTransfer {
+  id: number,
+  name: string,
+  direction: 'upload' | 'download',
+  size: number,
+  progress: number,
+  status: 'pending' | 'inprogress' | 'completed',
+  axios: Promise<void> | null,
+  abortController: AbortController | null
 }
diff --git a/client/src/store/files.ts b/client/src/store/files.ts
index 9c8ce06..5eb2c1f 100644
--- a/client/src/store/files.ts
+++ b/client/src/store/files.ts
@@ -1,10 +1,11 @@
 import { actionTree, getterTree, mutationTree } from 'typed-vuex'
-import { FileListItem } from '~/neko/types'
+import { FileListItem, FileTransfer } from '~/neko/types'
 import { accessor } from '~/store'
 
 export const state = () => ({
   cwd: '',
-  files: [] as FileListItem[]
+  files: [] as FileListItem[],
+  transfers: [] as FileTransfer[]
 })
 
 export const getters = getterTree(state, {
@@ -18,6 +19,14 @@ export const mutations = mutationTree(state, {
 
   _setFileList(state, files: FileListItem[]) {
     state.files = files
+  },
+
+  _addTransfer(state, transfer: FileTransfer) {
+    state.transfers = [...state.transfers, transfer]
+  },
+
+  _removeTransfer(state, transfer: FileTransfer) {
+    state.transfers = state.transfers.filter((t) => t.id !== transfer.id)
   }
 })
 
@@ -32,6 +41,17 @@ export const actions = actionTree(
       accessor.files._setFileList(files)
     },
 
+    addTransfer(store, transfer: FileTransfer) {
+      if (transfer.status !== 'pending') {
+        return
+      }
+      accessor.files._addTransfer(transfer)
+    },
+
+    removeTransfer(store, transfer: FileTransfer) {
+      accessor.files._removeTransfer(transfer)
+    },
+
     refresh(store) {
       if (!accessor.connected) {
         return
diff --git a/server/internal/http/http.go b/server/internal/http/http.go
index 4b8989c..82eea6b 100644
--- a/server/internal/http/http.go
+++ b/server/internal/http/http.go
@@ -35,6 +35,7 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t
 	router.Use(middleware.RequestID) // Create a request ID for each request
 	router.Use(middleware.RequestLogger(&logformatter{logger}))
 	router.Use(middleware.Recoverer) // Recover from panics without crashing server
+	router.Use(middleware.Compress(5, "application/octet-stream"))
 
 	if conf.PathPrefix != "/" {
 		router.Use(func(h http.Handler) http.Handler {
diff --git a/server/internal/types/websocket.go b/server/internal/types/websocket.go
index 2fa1479..cb80fcc 100644
--- a/server/internal/types/websocket.go
+++ b/server/internal/types/websocket.go
@@ -41,4 +41,5 @@ type WebSocketHandler interface {
 type FileListItem struct {
 	Filename string `json:"name"`
 	Type     string `json:"type"`
+	Size     int64  `json:"size"`
 }
diff --git a/server/internal/utils/files.go b/server/internal/utils/files.go
index 7ac3005..56c714d 100644
--- a/server/internal/utils/files.go
+++ b/server/internal/utils/files.go
@@ -15,14 +15,20 @@ func ListFiles(path string) (*[]types.FileListItem, error) {
 	out := make([]types.FileListItem, len(items))
 	for i, item := range items {
 		var itemType string = ""
+		var size int64 = 0
 		if item.IsDir() {
 			itemType = "dir"
 		} else {
 			itemType = "file"
+			info, err := item.Info()
+			if err == nil {
+				size = info.Size()
+			}
 		}
 		out[i] = types.FileListItem{
 			Filename: item.Name(),
 			Type:     itemType,
+			Size:     size,
 		}
 	}
 

From 5ba4019e36ae7e0bb6382d72c49a1f7f4b2b7c6e Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Sun, 13 Nov 2022 11:27:04 -0500
Subject: [PATCH 07/25] abort in progress transfers on cancel (updated axios
 too)

---
 client/package.json             |  2 +-
 client/src/components/files.vue | 25 ++++++++++++++++---------
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/client/package.json b/client/package.json
index fe48e21..b138b7e 100644
--- a/client/package.json
+++ b/client/package.json
@@ -22,7 +22,7 @@
   "dependencies": {
     "@fortawesome/fontawesome-free": "^6.2.0",
     "animejs": "^3.2.0",
-    "axios": "^0.21.4",
+    "axios": "^0.24.0",
     "date-fns": "^2.29.3",
     "emoji-datasource": "^6.0.1",
     "eventemitter3": "^4.0.7",
diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 1c99496..320df30 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -19,7 +19,7 @@
         <div v-for="download in downloads" :key="download.name" class="transfers-list-item">
           <div class="transfer-info">
             <p>{{ download.name }}</p>
-            <p class="file-size">{{ Math.max(100, Math.round(download.progress / download.size * 100))}}%</p>
+            <p class="file-size">{{ Math.min(100, Math.round(download.progress / download.size * 100))}}%</p>
             <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(download)"></i>
           </div>
           <progress class="transfer-progress" :aria-label="download.name + ' progress'" :value="download.progress"
@@ -199,6 +199,10 @@ import { FileTransfer } from '~/neko/types'
     }
 
     download(item: any) {
+      if (this.downloads.map((t) => t.name).includes(item.name)) {
+        return
+      }
+
       const url = `/file?pwd=${this.$accessor.password}&filename=${item.name}`
       let transfer: FileTransfer = {
         id: Math.round(Math.random() * 10000),
@@ -210,15 +214,16 @@ import { FileTransfer } from '~/neko/types'
         progress: 0,
         status: 'pending',
         axios: null,
-        // TODO add support for aborting in progress requests, requires axios >=0.22
         abortController: null
       }
+      transfer.abortController = new AbortController()
       transfer.axios = this.$http.get(url, {
         responseType: 'blob',
+        signal: transfer.abortController.signal,
         onDownloadProgress: (x) => {
           transfer.progress = x.loaded
 
-          if (x.lengthComputable) {
+          if (x.lengthComputable && transfer.size !== x.total) {
             transfer.size = x.total
           }
           if (transfer.progress === transfer.size) {
@@ -240,9 +245,11 @@ import { FileTransfer } from '~/neko/types'
       this.$accessor.files.addTransfer(transfer)
     }
 
-    removeTransfer(item: FileTransfer) {
-      console.log(item)
-      this.$accessor.files.removeTransfer(item)
+    removeTransfer(transfer: FileTransfer) {
+      if (transfer.status !== 'completed') {
+        transfer.abortController?.abort()
+      }
+      this.$accessor.files.removeTransfer(transfer)
     }
 
     fileIcon(file: any) {
@@ -261,16 +268,16 @@ import { FileTransfer } from '~/neko/types'
         case 'mp3':
         case 'flac':
           className += 'fa-music'
-          break;
+          break
         case 'webm':
         case 'mp4':
         case 'mkv':
           className += 'fa-film'
-          break;
+          break
         default:
           className += 'fa-file'
       }
-      return className;
+      return className
     }
 
     fileSize(size: number) {

From 19af9219134c6a065308710c8d03cc71475ce29c Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Sun, 13 Nov 2022 22:06:24 -0500
Subject: [PATCH 08/25] added file uploads to frontend

---
 client/src/components/files.vue | 103 ++++++++++++++++++++++++++++----
 1 file changed, 92 insertions(+), 11 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 320df30..bfae9cf 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -15,8 +15,8 @@
     </div>
     <div class="transfer-area">
       <div class="transfers" v-if="transfers.length > 0">
-        <p>Downloads</p>
-        <div v-for="download in downloads" :key="download.name" class="transfers-list-item">
+        <p v-if="downloads.length > 0">Downloads</p>
+        <div v-for="download in downloads" :key="download.id" class="transfers-list-item">
           <div class="transfer-info">
             <p>{{ download.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round(download.progress / download.size * 100))}}%</p>
@@ -25,10 +25,22 @@
           <progress class="transfer-progress" :aria-label="download.name + ' progress'" :value="download.progress"
           :max="download.size"></progress>
         </div>
+        <p v-if="uploads.length > 0">Uploads</p>
+        <div v-for="upload in uploads" :key="upload.id" class="transfers-list-item">
+          <div class="transfer-info">
+            <p>{{ upload.name }}</p>
+            <p class="file-size">{{ Math.min(100, Math.round(upload.progress / upload.size * 100))}}%</p>
+            <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(upload)"></i>
+          </div>
+          <progress class="transfer-progress" :aria-label="upload.name + ' progress'" :value="upload.progress"
+          :max="upload.size"></progress>
+        </div>
       </div>
-      <div class="upload-area" @dragover.prevent @drop.prevent="onFileDrop">
+      <div class="upload-area" :class="{ 'upload-area-drag': uploadAreaDrag }"
+      @dragover.prevent="() => uploadAreaDrag = true" @dragleave.prevent="() => uploadAreaDrag = false"
+      @drop.prevent="(e) => upload(e.dataTransfer)" @click="openFileBrowser">
         <i class="fas fa-file-arrow-up" />
-        <p>Drag files here to upload</p>
+        <p>Click or drag files here to upload</p>
       </div>
     </div>
   </div>
@@ -116,6 +128,9 @@
       margin: 10px 10px 10px 10px;
       background-color: rgba($color: #fff, $alpha: 0.05);
       border-radius: 5px;
+      max-height: 50vh;
+      overflow-y: scroll;
+      overflow-x: hidden;
     }
 
     .transfers > p {
@@ -145,6 +160,14 @@
       border-radius: 5px;
     }
 
+    .upload-area:hover {
+      cursor: pointer;
+    }
+
+    .upload-area-drag, .upload-area:hover {
+      background-color: rgba($color: #fff, $alpha: 0.10);
+    }
+
     .upload-area > i {
       font-size: 4em;
       margin: 10px 10px 10px 10px;
@@ -163,7 +186,7 @@
 
   import Markdown from './markdown'
   import Content from './context.vue'
-import { FileTransfer } from '~/neko/types'
+  import { FileTransfer } from '~/neko/types'
 
   @Component({
     name: 'neko-files',
@@ -174,6 +197,8 @@ import { FileTransfer } from '~/neko/types'
   })
   export default class extends Vue {
 
+    public uploadAreaDrag: boolean = false;
+
     get cwd() {
       return this.$accessor.files.cwd
     }
@@ -208,8 +233,8 @@ import { FileTransfer } from '~/neko/types'
         id: Math.round(Math.random() * 10000),
         name: item.name,
         direction: 'download',
-        // this is just an estimation, but for large files the content length
-        // is not sent (chunked transfer)
+        // this may be smaller than the actual transfer amount, but for large files the
+        // content length is not sent (chunked transfer)
         size: item.size,
         progress: 0,
         status: 'pending',
@@ -228,6 +253,8 @@ import { FileTransfer } from '~/neko/types'
           }
           if (transfer.progress === transfer.size) {
             transfer.status = 'completed'
+          } else if (transfer.status !== 'inprogress') {
+            transfer.status = 'inprogress'
           }
         }
       }).then((res) => {
@@ -245,6 +272,64 @@ import { FileTransfer } from '~/neko/types'
       this.$accessor.files.addTransfer(transfer)
     }
 
+    upload(dt: DataTransfer) {
+      this.uploadAreaDrag = false
+
+      for (const file of dt.files) {
+        const formdata = new FormData()
+        formdata.append("files", file, file.name)
+
+        const url = `/file?pwd=${this.$accessor.password}`
+        let transfer: FileTransfer = {
+          id: Math.round(Math.random() * 10000),
+          name: file.name,
+          direction: 'upload',
+          size: file.size,
+          progress: 0,
+          status: 'pending',
+          axios: null,
+          abortController: null
+        }
+        transfer.abortController = new AbortController()
+        this.$http.post(url, formdata, {
+          onUploadProgress: (x: any) => {
+            transfer.progress = x.loaded
+
+            if (transfer.size !== x.total) {
+              transfer.size = x.total
+            }
+            if (transfer.progress === transfer.size) {
+              transfer.status = 'completed'
+            } else if (transfer.status !== 'inprogress') {
+              transfer.status = 'inprogress'
+            }
+          }
+        }).catch((err) => {
+          this.$log.error(err)
+        })
+        this.$accessor.files.addTransfer(transfer)
+      }
+    }
+
+    openFileBrowser() {
+      const input = document.createElement('input')
+      input.type = 'file'
+      input.setAttribute('multiple', 'true')
+      input.click()
+
+      input.onchange = (e) => {
+        if (e === null) {
+          return
+        }
+        const dt = new DataTransfer()
+        const target = e.target as any
+        for (const f of target.files) {
+          dt.items.add(f)
+        }
+        this.upload(dt)
+      }
+    }
+
     removeTransfer(transfer: FileTransfer) {
       if (transfer.status !== 'completed') {
         transfer.abortController?.abort()
@@ -296,10 +381,6 @@ import { FileTransfer } from '~/neko/types'
       return `${(size / 1000 ** 4).toFixed(3)} tb`
     }
 
-    onFileDrop(e: any) {
-      console.log('file dropped', e)
-      console.log(e.dataTransfer.files)
-    }
   }
 
 </script>

From 57e89bb1cc77168aac440191c1274f1ca69da9f9 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Tue, 15 Nov 2022 20:39:06 -0500
Subject: [PATCH 09/25] file transfer permission state management

---
 client/src/components/files.vue              | 20 +++++++
 client/src/components/settings.vue           | 30 ++++++++++
 client/src/components/side.vue               | 16 +++++-
 client/src/neko/events.ts                    | 10 +---
 client/src/neko/index.ts                     |  7 ++-
 client/src/neko/messages.ts                  | 14 ++++-
 client/src/store/files.ts                    |  9 +++
 client/src/store/settings.ts                 | 28 ++++++++++
 server/internal/types/event/events.go        |  9 +--
 server/internal/types/message/messages.go    |  7 ++-
 server/internal/websocket/handler/files.go   | 30 ++++++++++
 server/internal/websocket/handler/handler.go |  6 ++
 server/internal/websocket/state/state.go     |  5 ++
 server/internal/websocket/websocket.go       | 58 ++++++++++++--------
 14 files changed, 208 insertions(+), 41 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index bfae9cf..cc4c7b9 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -131,6 +131,26 @@
       max-height: 50vh;
       overflow-y: scroll;
       overflow-x: hidden;
+      scrollbar-width: thin;
+      scrollbar-color: $background-tertiary transparent;
+
+      &::-webkit-scrollbar {
+        width: 8px;
+      }
+
+      &::-webkit-scrollbar-track {
+        background-color: transparent;
+      }
+
+      &::-webkit-scrollbar-thumb {
+        background-color: $background-tertiary;
+        border: 2px solid $background-primary;
+        border-radius: 4px;
+      }
+
+      &::-webkit-scrollbar-thumb:hover {
+        background-color: $background-floating;
+      }
     }
 
     .transfers > p {
diff --git a/client/src/components/settings.vue b/client/src/components/settings.vue
index e6c991b..7b02b83 100644
--- a/client/src/components/settings.vue
+++ b/client/src/components/settings.vue
@@ -44,6 +44,20 @@
           <span />
         </label>
       </li>
+      <li v-if="admin">
+        <span>File transfer</span>
+        <label class="switch">
+          <input type="checkbox" v-model="file_transfer" />
+          <span />
+        </label>
+      </li>
+      <li v-if="admin && file_transfer">
+        <span>Non-admin file transfer</span>
+        <label class="switch">
+          <input type="checkbox" v-model="unpriv_file_transfer" />
+          <span />
+        </label>
+      </li>
       <li class="broadcast" v-if="admin">
         <div>
           <span>{{ $t('setting.broadcast_title') }}</span>
@@ -366,6 +380,22 @@
       return this.$accessor.settings.keyboard_layout
     }
 
+    get file_transfer() {
+      return this.$accessor.settings.file_transfer
+    }
+
+    set file_transfer(value: boolean) {
+      this.$accessor.settings.setGlobalFileTransferStatus({ admin: value, unpriv: false })
+    }
+
+    get unpriv_file_transfer() {
+      return this.$accessor.settings.unpriv_file_transfer
+    }
+
+    set unpriv_file_transfer(value: boolean) {
+      this.$accessor.settings.setGlobalFileTransferStatus({ admin: this.file_transfer, unpriv: value }) 
+    }
+
     get broadcast_is_active() {
       return this.$accessor.settings.broadcast_is_active
     }
diff --git a/client/src/components/side.vue b/client/src/components/side.vue
index 2122e78..282065a 100644
--- a/client/src/components/side.vue
+++ b/client/src/components/side.vue
@@ -6,7 +6,7 @@
           <i class="fas fa-comment-alt" />
           <span>{{ $t('side.chat') }}</span>
         </li>
-        <li :class="{ active: tab === 'files' }" @click.stop.prevent="change('files')">
+        <li v-if="filetransferAllowed" :class="{ active: tab === 'files' }" @click.stop.prevent="change('files')">
           <i class="fas fa-file" />
           <span>{{ $t('side.files') }}</span>
         </li>
@@ -94,6 +94,20 @@
     },
   })
   export default class extends Vue {
+
+    constructor() {
+      super()
+      if (this.tab === 'files' && (!this.$accessor.settings.file_transfer ||
+      !this.$accessor.user.admin && this.$accessor.settings.unpriv_file_transfer)) {
+        this.change('chat')
+      }
+    }
+
+    get filetransferAllowed() {
+      return this.$accessor.user.admin && this.$accessor.settings.file_transfer ||
+        this.$accessor.settings.unpriv_file_transfer
+    }
+
     get tab() {
       return this.$accessor.client.tab
     }
diff --git a/client/src/neko/events.ts b/client/src/neko/events.ts
index d12046a..d73c185 100644
--- a/client/src/neko/events.ts
+++ b/client/src/neko/events.ts
@@ -39,10 +39,7 @@ export const EVENT = {
     EMOTE: 'chat/emote',
   },
   FILETRANSFER: {
-    ENABLE: 'filetransfer/enable',
-    DISABLE: 'filetransfer/disable',
-    UNPRIVENABLE: 'filetransfer/unprivenable',
-    UNPRIVDISABLE: 'filetransfer/unprivdisable',
+    STATUS: 'filetransfer/status',
     LIST: 'filetransfer/list',
     REFRESH: 'filetransfer/refresh'
   },
@@ -102,10 +99,7 @@ export type SignalEvents =
 export type ChatEvents = typeof EVENT.CHAT.MESSAGE | typeof EVENT.CHAT.EMOTE
 
 export type FileTransferEvents =
-  | typeof EVENT.FILETRANSFER.ENABLE
-  | typeof EVENT.FILETRANSFER.DISABLE
-  | typeof EVENT.FILETRANSFER.UNPRIVENABLE
-  | typeof EVENT.FILETRANSFER.UNPRIVDISABLE
+  | typeof EVENT.FILETRANSFER.STATUS
   | typeof EVENT.FILETRANSFER.LIST
   | typeof EVENT.FILETRANSFER.REFRESH
 
diff --git a/client/src/neko/index.ts b/client/src/neko/index.ts
index 15033db..dc4b5ee 100644
--- a/client/src/neko/index.ts
+++ b/client/src/neko/index.ts
@@ -25,6 +25,7 @@ import {
   SystemInitPayload,
   AdminLockResource,
   FileTransferListPayload,
+  FileTransferStatusPayload,
 } from './messages'
 
 interface NekoEvents extends BaseEvents {}
@@ -361,8 +362,12 @@ export class NekoClient extends BaseClient implements EventEmitter<NekoEvents> {
   }
 
   /////////////////////////////
-  // Chat Events
+  // Filetransfer Events
   /////////////////////////////
+  protected [EVENT.FILETRANSFER.STATUS]({ admin, unpriv }: FileTransferStatusPayload) {
+    this.$accessor.settings.setLocalFileTransferStatus({ admin, unpriv })
+  }
+
   protected [EVENT.FILETRANSFER.LIST]({ cwd, files }: FileTransferListPayload) {
     this.$accessor.files.setCwd(cwd)
     this.$accessor.files.setFileList(files)
diff --git a/client/src/neko/messages.ts b/client/src/neko/messages.ts
index feb6073..b71d73d 100644
--- a/client/src/neko/messages.ts
+++ b/client/src/neko/messages.ts
@@ -44,6 +44,7 @@ export type WebSocketPayloads =
   | ChatPayload
   | ChatSendPayload
   | EmojiSendPayload
+  | FileTransferStatusPayload
   | ScreenResolutionPayload
   | ScreenConfigurationsPayload
   | AdminPayload
@@ -198,8 +199,17 @@ export interface EmojiSendPayload {
   emote: string
 }
 
-// file transfer
-export interface FileTransferMessage extends WebSocketMessage, FileTransferListPayload {
+// file transfer enabled
+export interface FileTransferStatusMessage extends WebSocketMessage, FileTransferStatusPayload {
+  event: typeof EVENT.FILETRANSFER.STATUS
+}
+export interface FileTransferStatusPayload {
+  admin: boolean,
+  unpriv: boolean
+}
+
+// file transfer list
+export interface FileTransferListMessage extends WebSocketMessage, FileTransferListPayload {
   event: FileTransferEvents
 }
 export interface FileTransferListPayload {
diff --git a/client/src/store/files.ts b/client/src/store/files.ts
index 5eb2c1f..c4122af 100644
--- a/client/src/store/files.ts
+++ b/client/src/store/files.ts
@@ -52,6 +52,15 @@ export const actions = actionTree(
       accessor.files._removeTransfer(transfer)
     },
 
+    cancelAllTransfers(store) {
+      for (const t of accessor.files.transfers) {
+        if (t.status !== 'completed') {
+          t.abortController?.abort()
+        }
+        accessor.files.removeTransfer(t)
+      }
+    },
+
     refresh(store) {
       if (!accessor.connected) {
         return
diff --git a/client/src/store/settings.ts b/client/src/store/settings.ts
index 3d99fad..f68a468 100644
--- a/client/src/store/settings.ts
+++ b/client/src/store/settings.ts
@@ -20,6 +20,9 @@ export const state = () => {
 
     keyboard_layouts_list: {} as KeyboardLayouts,
 
+    file_transfer: false,
+    unpriv_file_transfer: false,
+
     broadcast_is_active: false,
     broadcast_url: '',
   }
@@ -58,6 +61,14 @@ export const mutations = mutationTree(state, {
     set('keyboard_layout', value)
   },
 
+  setFileTransfer(state, value: boolean) {
+    state.file_transfer = value
+  },
+
+  setUnprivFileTransfer(state, value: boolean) {
+    state.unpriv_file_transfer = value
+  },
+
   setKeyboardLayoutsList(state, value: KeyboardLayouts) {
     state.keyboard_layouts_list = value
   },
@@ -79,6 +90,23 @@ export const actions = actionTree(
       }
     },
 
+    setLocalFileTransferStatus({ getters }, { admin, unpriv }) {
+      accessor.settings.setFileTransfer(admin)
+      accessor.settings.setUnprivFileTransfer(unpriv)
+
+      if (!admin || !accessor.user.admin && !unpriv) {
+        accessor.files.cancelAllTransfers()
+      }
+      
+      if (accessor.client.tab === 'files' && !unpriv) {
+        accessor.client.setTab('chat')
+      }
+    },
+
+    setGlobalFileTransferStatus({ getters}, { admin, unpriv }) {
+      $client.sendMessage(EVENT.FILETRANSFER.STATUS, { admin, unpriv })
+    },
+
     broadcastStatus({ getters }, { url, isActive }) {
       accessor.settings.setBroadcastStatus({ url, isActive })
     },
diff --git a/server/internal/types/event/events.go b/server/internal/types/event/events.go
index 8c5e12f..4b6b047 100644
--- a/server/internal/types/event/events.go
+++ b/server/internal/types/event/events.go
@@ -35,12 +35,9 @@ const (
 )
 
 const (
-	FILETRANSFER_ENABLE        = "filetransfer/enable"
-	FILETRANSFER_DISABLE       = "filetransfer/disable"
-	FILETRANSFER_UNPRIVENABLE  = "filetransfer/unprivenable"
-	FILETRANSFER_UNPRIVDISABLE = "filetransfer/unprivdisable"
-	FILETRANSFER_LIST          = "filetransfer/list"
-	FILETRANSFER_REFRESH       = "filetransfer/refresh"
+	FILETRANSFER_STATUS  = "filetransfer/status"
+	FILETRANSFER_LIST    = "filetransfer/list"
+	FILETRANSFER_REFRESH = "filetransfer/refresh"
 )
 
 const (
diff --git a/server/internal/types/message/messages.go b/server/internal/types/message/messages.go
index 2364360..27a83d6 100644
--- a/server/internal/types/message/messages.go
+++ b/server/internal/types/message/messages.go
@@ -108,7 +108,12 @@ type EmoteSend struct {
 
 type FileTransferTarget struct {
 	Event string `json:"event"`
-	ID    string `json:"id"`
+}
+
+type FileTransferStatus struct {
+	Event  string `json:"event"`
+	Admin  bool   `json:"admin"`
+	Unpriv bool   `json:"unpriv"`
 }
 
 type FileList struct {
diff --git a/server/internal/websocket/handler/files.go b/server/internal/websocket/handler/files.go
index cda7ec8..fb1d190 100644
--- a/server/internal/websocket/handler/files.go
+++ b/server/internal/websocket/handler/files.go
@@ -8,6 +8,36 @@ import (
 	"m1k1o/neko/internal/utils"
 )
 
+func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *message.FileTransferStatus) error {
+	if !session.Admin() {
+		return errors.New(session.Member().Name + " tried to toggle file transfer but they're not admin")
+	}
+	h.state.SetFileTransferState(payload.Admin, payload.Unpriv)
+	err := h.sessions.Broadcast(message.FileTransferStatus{
+		Event:  event.FILETRANSFER_STATUS,
+		Admin:  payload.Admin,
+		Unpriv: payload.Admin && payload.Unpriv,
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	files, err := utils.ListFiles(h.state.FileTransferPath())
+	if err != nil {
+		return err
+	}
+	msg := message.FileList{
+		Event: event.FILETRANSFER_LIST,
+		Cwd:   h.state.FileTransferPath(),
+		Files: *files,
+	}
+	if payload.Unpriv {
+		return h.sessions.Broadcast(msg, nil)
+	} else {
+		return h.sessions.AdminBroadcast(msg, nil)
+	}
+}
+
 func (h *MessageHandler) refresh(session types.Session) error {
 	if !(h.state.FileTransferEnabled() && session.Admin() || h.state.UnprivFileTransferEnabled()) {
 		return errors.New(session.Member().Name + " tried to refresh file list when they can't")
diff --git a/server/internal/websocket/handler/handler.go b/server/internal/websocket/handler/handler.go
index 004a4b4..985f027 100644
--- a/server/internal/websocket/handler/handler.go
+++ b/server/internal/websocket/handler/handler.go
@@ -127,6 +127,12 @@ func (h *MessageHandler) Message(id string, raw []byte) error {
 			}), "%s failed", header.Event)
 
 	// File Transfer Events
+	case event.FILETRANSFER_STATUS:
+		payload := &message.FileTransferStatus{}
+		return errors.Wrapf(
+			utils.Unmarshal(payload, raw, func() error {
+				return h.setFileTransferStatus(session, payload)
+			}), "%s failed", header.Event)
 	case event.FILETRANSFER_REFRESH:
 		return errors.Wrapf(h.refresh(session), "%s failed", header.Event)
 
diff --git a/server/internal/websocket/state/state.go b/server/internal/websocket/state/state.go
index 1c2719c..3eba130 100644
--- a/server/internal/websocket/state/state.go
+++ b/server/internal/websocket/state/state.go
@@ -78,6 +78,11 @@ func (s *State) UnprivFileTransferEnabled() bool {
 	return s.fileTransferUnprivEnabled
 }
 
+func (s *State) SetFileTransferState(admin bool, unpriv bool) {
+	s.fileTransferEnabled = admin
+	s.fileTransferUnprivEnabled = unpriv
+}
+
 func (s *State) FileTransferPath() string {
 	return s.fileTransferPath
 }
diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go
index f461765..022067a 100644
--- a/server/internal/websocket/websocket.go
+++ b/server/internal/websocket/websocket.go
@@ -135,7 +135,19 @@ func (ws *WebSocketHandler) Start() {
 		}
 
 		// send file list if necessary
-		if session.Admin() && ws.conf.FileTransfer || ws.conf.FileTransfer && ws.conf.UnprivFileTransfer {
+		if session.Admin() && ws.state.FileTransferEnabled() ||
+			ws.state.FileTransferEnabled() && ws.state.UnprivFileTransferEnabled() {
+			err := session.Send(
+				message.FileTransferStatus{
+					Event:  event.FILETRANSFER_STATUS,
+					Admin:  ws.state.FileTransferEnabled(),
+					Unpriv: ws.state.UnprivFileTransferEnabled(),
+				})
+			if err != nil {
+				ws.logger.Warn().Err(err).Msgf("file transfer status event has failed")
+				return
+			}
+
 			files, err := utils.ListFiles(ws.conf.FileTransferPath)
 			if err == nil {
 				if err := session.Send(
@@ -214,27 +226,25 @@ func (ws *WebSocketHandler) Start() {
 	})
 
 	// watch for file changes
-	if ws.conf.FileTransfer {
-		watcher, err := fsnotify.NewWatcher()
-		if err != nil {
-			ws.logger.Err(err).Msg("unable to start file transfer dir watcher")
-			return
-		}
+	watcher, err := fsnotify.NewWatcher()
+	if err != nil {
+		ws.logger.Err(err).Msg("unable to start file transfer dir watcher")
+		return
+	}
 
-		go func() {
-			for {
-				select {
-				case <-watcher.Events:
-					ws.sendFileTransferUpdate()
-				case err := <-watcher.Errors:
-					ws.logger.Err(err).Msg("error in file transfer dir watcher")
-				}
+	go func() {
+		for {
+			select {
+			case <-watcher.Events:
+				ws.sendFileTransferUpdate()
+			case err := <-watcher.Errors:
+				ws.logger.Err(err).Msg("error in file transfer dir watcher")
 			}
-		}()
-
-		if err := watcher.Add(ws.conf.FileTransferPath); err != nil {
-			ws.logger.Err(err).Msg("unable to add file transfer path to watcher")
 		}
+	}()
+
+	if err := watcher.Add(ws.conf.FileTransferPath); err != nil {
+		ws.logger.Err(err).Msg("unable to add file transfer path to watcher")
 	}
 }
 
@@ -364,11 +374,11 @@ func (ws *WebSocketHandler) IsAdmin(password string) (bool, error) {
 }
 
 func (ws *WebSocketHandler) CanTransferFiles(password string) (bool, error) {
-	if !ws.conf.FileTransfer {
+	if !ws.state.FileTransferEnabled() {
 		return false, nil
 	}
 
-	if !ws.conf.UnprivFileTransfer {
+	if !ws.state.UnprivFileTransferEnabled() {
 		return ws.IsAdmin(password)
 	}
 
@@ -380,6 +390,10 @@ func (ws *WebSocketHandler) MakeFilePath(filename string) string {
 }
 
 func (ws *WebSocketHandler) sendFileTransferUpdate() {
+	if !ws.state.FileTransferEnabled() {
+		return
+	}
+
 	files, err := utils.ListFiles(ws.conf.FileTransferPath)
 	if err != nil {
 		ws.logger.Err(err).Msg("unable to ls file transfer path")
@@ -393,7 +407,7 @@ func (ws *WebSocketHandler) sendFileTransferUpdate() {
 	}
 
 	var broadcastErr error
-	if ws.conf.UnprivFileTransfer {
+	if ws.state.UnprivFileTransferEnabled() {
 		broadcastErr = ws.sessions.Broadcast(message, nil)
 	} else {
 		broadcastErr = ws.sessions.AdminBroadcast(message, nil)

From b65df3e3bfd2c9434e06c21a2b409c6bce713a6a Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Wed, 16 Nov 2022 20:06:36 -0500
Subject: [PATCH 10/25] more efficient file upload/download

---
 server/internal/http/http.go | 37 +++++-------------------------------
 1 file changed, 5 insertions(+), 32 deletions(-)

diff --git a/server/internal/http/http.go b/server/internal/http/http.go
index 82eea6b..9b8a237 100644
--- a/server/internal/http/http.go
+++ b/server/internal/http/http.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"image/jpeg"
+	"io"
 	"net/http"
 	"os"
 	"regexp"
@@ -131,21 +132,10 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t
 			return
 		}
 		defer f.Close()
-		fileinfo, err := f.Stat()
-		if err != nil {
-			http.Error(w, "unable to stat file", http.StatusInternalServerError)
-			return
-		}
 
-		buffer := make([]byte, fileinfo.Size())
-		_, err = f.Read(buffer)
-		if err != nil {
-			http.Error(w, "error reading file", http.StatusInternalServerError)
-			return
-		}
 		w.Header().Set("Content-Type", "application/octet-stream")
 		w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filename))
-		w.Write(buffer)
+		io.Copy(w, f)
 	})
 
 	router.Post("/file", func(w http.ResponseWriter, r *http.Request) {
@@ -162,7 +152,6 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t
 		}
 
 		r.ParseMultipartForm(32 << 20)
-		buffer := make([]byte, FILE_UPLOAD_BUF_SIZE)
 		for _, formheader := range r.MultipartForm.File["files"] {
 			formfile, err := formheader.Open()
 			if err != nil {
@@ -170,30 +159,14 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t
 				http.Error(w, "error writing file", http.StatusInternalServerError)
 				return
 			}
+			defer formfile.Close()
 			f, err := os.OpenFile(webSocketHandler.MakeFilePath(formheader.Filename), os.O_WRONLY|os.O_CREATE, 0644)
 			if err != nil {
 				http.Error(w, "unable to open file for writing", http.StatusInternalServerError)
 				return
 			}
-
-			var copied int64 = 0
-			for copied < formheader.Size {
-				var limit int64 = int64(len(buffer))
-				if limit > formheader.Size-copied {
-					limit = formheader.Size - copied
-				}
-				bytesRead, err := formfile.ReadAt(buffer[:limit], copied)
-				if err != nil {
-					logger.Warn().Err(err).Msg("failed copying file in upload")
-					http.Error(w, "error writing file", http.StatusInternalServerError)
-					return
-				}
-				f.Write(buffer[:bytesRead])
-				copied += int64(bytesRead)
-			}
-
-			formfile.Close()
-			f.Close()
+			defer f.Close()
+			io.Copy(f, formfile)
 		}
 	})
 

From 4885c2d69eb54117e5c9431ffdeabaf325724606 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Wed, 16 Nov 2022 20:58:39 -0500
Subject: [PATCH 11/25] frontend improvements

---
 client/src/components/files.vue | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index cc4c7b9..4261afb 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -18,6 +18,7 @@
         <p v-if="downloads.length > 0">Downloads</p>
         <div v-for="download in downloads" :key="download.id" class="transfers-list-item">
           <div class="transfer-info">
+            <i class="fas transfer-status" :class="{ 'fa-arrows-rotate': download.status !== 'completed', 'fa-check': download.status === 'completed' }"></i>
             <p>{{ download.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round(download.progress / download.size * 100))}}%</p>
             <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(download)"></i>
@@ -28,6 +29,7 @@
         <p v-if="uploads.length > 0">Uploads</p>
         <div v-for="upload in uploads" :key="upload.id" class="transfers-list-item">
           <div class="transfer-info">
+            <i class="fas transfer-status" :class="{ 'fa-arrows-rotate': upload.status !== 'completed', 'fa-check': upload.status === 'completed' }"></i>
             <p>{{ upload.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round(upload.progress / upload.size * 100))}}%</p>
             <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(upload)"></i>
@@ -97,7 +99,7 @@
       flex-direction: row;
     }
 
-    .file-icon {
+    .file-icon, .transfer-status {
       width: 14px;
       margin-right: 0.5em;
     }
@@ -286,6 +288,9 @@
         document.body.appendChild(link)
         link.click()
         document.body.removeChild(link)
+
+        transfer.progress = transfer.size
+        transfer.status = 'completed'
       }).catch((err) => {
         this.$log.error(err)
       })
@@ -370,15 +375,31 @@
       }
       const ext = parts[parts.length - 1]
       switch (ext) {
-        case 'mp3':
+        case 'aac':
         case 'flac':
+        case 'midi':
+        case 'mp3':
+        case 'ogg':
+        case 'wav':
           className += 'fa-music'
           break
-        case 'webm':
-        case 'mp4':
         case 'mkv':
+        case 'mov':
+        case 'mpeg':
+        case 'mp4':
+        case 'webm':
           className += 'fa-film'
           break
+        case 'bmp':
+        case 'gif':
+        case 'jpeg':
+        case 'jpg':
+        case 'png':
+        case 'svg':
+        case 'tiff':
+        case 'webp':
+          className += 'fa-image'
+          break;
         default:
           className += 'fa-file'
       }

From bbfa0d5834af6fc82ec4912726e80c1834115318 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Wed, 16 Nov 2022 22:03:25 -0500
Subject: [PATCH 12/25] added translations

---
 client/src/components/files.vue    | 6 +++---
 client/src/components/settings.vue | 4 ++--
 client/src/locale/de-de.ts         | 9 +++++++++
 client/src/locale/en-us.ts         | 8 ++++++++
 client/src/locale/es-sp.ts         | 9 +++++++++
 client/src/locale/fi-fi.ts         | 9 +++++++++
 client/src/locale/fr-fr.ts         | 9 +++++++++
 client/src/locale/ko-kr.ts         | 9 +++++++++
 client/src/locale/nb-no.ts         | 9 +++++++++
 client/src/locale/ru-ru.ts         | 9 +++++++++
 client/src/locale/sk-sk.ts         | 9 +++++++++
 client/src/locale/sv-se.ts         | 9 +++++++++
 client/src/locale/zh-cn.ts         | 9 +++++++++
 13 files changed, 103 insertions(+), 5 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 4261afb..b40553a 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -15,7 +15,7 @@
     </div>
     <div class="transfer-area">
       <div class="transfers" v-if="transfers.length > 0">
-        <p v-if="downloads.length > 0">Downloads</p>
+        <p v-if="downloads.length > 0">{{ $t('files.downloads') }}</p>
         <div v-for="download in downloads" :key="download.id" class="transfers-list-item">
           <div class="transfer-info">
             <i class="fas transfer-status" :class="{ 'fa-arrows-rotate': download.status !== 'completed', 'fa-check': download.status === 'completed' }"></i>
@@ -26,7 +26,7 @@
           <progress class="transfer-progress" :aria-label="download.name + ' progress'" :value="download.progress"
           :max="download.size"></progress>
         </div>
-        <p v-if="uploads.length > 0">Uploads</p>
+        <p v-if="uploads.length > 0">{{ $t('files.uploads' )}}</p>
         <div v-for="upload in uploads" :key="upload.id" class="transfers-list-item">
           <div class="transfer-info">
             <i class="fas transfer-status" :class="{ 'fa-arrows-rotate': upload.status !== 'completed', 'fa-check': upload.status === 'completed' }"></i>
@@ -42,7 +42,7 @@
       @dragover.prevent="() => uploadAreaDrag = true" @dragleave.prevent="() => uploadAreaDrag = false"
       @drop.prevent="(e) => upload(e.dataTransfer)" @click="openFileBrowser">
         <i class="fas fa-file-arrow-up" />
-        <p>Click or drag files here to upload</p>
+        <p>{{ $t('files.upload_here') }}</p>
       </div>
     </div>
   </div>
diff --git a/client/src/components/settings.vue b/client/src/components/settings.vue
index 7b02b83..c95bd67 100644
--- a/client/src/components/settings.vue
+++ b/client/src/components/settings.vue
@@ -45,14 +45,14 @@
         </label>
       </li>
       <li v-if="admin">
-        <span>File transfer</span>
+        <span>{{ $t('setting.file_transfer') }}</span>
         <label class="switch">
           <input type="checkbox" v-model="file_transfer" />
           <span />
         </label>
       </li>
       <li v-if="admin && file_transfer">
-        <span>Non-admin file transfer</span>
+        <span>{{ $t('setting.unpriv_file_transfer') }}</span>
         <label class="switch">
           <input type="checkbox" v-model="unpriv_file_transfer" />
           <span />
diff --git a/client/src/locale/de-de.ts b/client/src/locale/de-de.ts
index dd68028..4a6677c 100644
--- a/client/src/locale/de-de.ts
+++ b/client/src/locale/de-de.ts
@@ -7,6 +7,7 @@ export const send_a_message = 'Sende eine Nachricht'
 
 export const side = {
   chat: 'Chat',
+  files: 'Dateien',
   settings: 'Einstellungen',
 }
 
@@ -77,6 +78,8 @@ export const setting = {
   ignore_emotes: 'Emotes ignorieren',
   chat_sound: 'Chat-Sound abspielen',
   keyboard_layout: 'Tastaturbelegung',
+  file_transfer: 'Dateiübertragung',
+  unpriv_file_transfer: 'Übertragung von Benutzerdateien',
   broadcast_title: 'Live-Übertragung',
 }
 
@@ -108,3 +111,9 @@ export const notifications = {
   muted: '{name} stummgeschaltet',
   unmuted: '{name} stummschaltung aufgehoben',
 }
+
+export const files = {
+  downloads: 'Herunterladen',
+  uploads: 'Hochladen',
+  upload_here: 'Klicken oder ziehen Sie Dateien zum Hochladen hierher'
+}
diff --git a/client/src/locale/en-us.ts b/client/src/locale/en-us.ts
index b397e2d..7fab0d6 100644
--- a/client/src/locale/en-us.ts
+++ b/client/src/locale/en-us.ts
@@ -80,6 +80,8 @@ export const setting = {
   ignore_emotes: 'Ignore Emotes',
   chat_sound: 'Play Chat Sound',
   keyboard_layout: 'Keyboard Layout',
+  file_transfer: 'File Transfer',
+  unpriv_file_transfer: 'Non-admin File Transfer',
   broadcast_title: 'Live Broadcast',
 }
 
@@ -111,3 +113,9 @@ export const notifications = {
   muted: 'muted {name}',
   unmuted: 'unmuted {name}',
 }
+
+export const files = {
+  downloads: 'Downloads',
+  uploads: 'Uploads',
+  upload_here: 'Click or drag files here to upload'
+}
diff --git a/client/src/locale/es-sp.ts b/client/src/locale/es-sp.ts
index 3c33b1d..7bcac54 100644
--- a/client/src/locale/es-sp.ts
+++ b/client/src/locale/es-sp.ts
@@ -8,6 +8,7 @@ export const send_a_message = 'Enviar un mensaje'
 
 export const side = {
   chat: 'Chat',
+  files: 'Archivos',
   settings: 'Configuración',
 }
 
@@ -83,6 +84,8 @@ export const setting = {
   ignore_emotes: 'Ignorar Emotes',
   chat_sound: 'Reproducir Sonidos Chat',
   keyboard_layout: 'Keyboard Layout',
+  file_transfer: 'Transferencia de archivos',
+  unpriv_file_transfer: 'Transferencia de archivos de usuario',
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
@@ -117,3 +120,9 @@ export const notifications = {
   muted: '{name} silenciado',
   unmuted: '{name} no silenciado',
 }
+
+export const files = {
+  downloads: 'Descargas',
+  uploads: 'Cargar',
+  upload_here: 'Haga clic o arrastre los archivos aquí para cargarlos'
+}
diff --git a/client/src/locale/fi-fi.ts b/client/src/locale/fi-fi.ts
index c7b95b3..e5be783 100644
--- a/client/src/locale/fi-fi.ts
+++ b/client/src/locale/fi-fi.ts
@@ -7,6 +7,7 @@ export const send_a_message = 'Lähetä viesti'
 
 export const side = {
   chat: 'Chatti',
+  files: 'Tiedostot',
   settings: 'Asetukset',
 }
 
@@ -79,6 +80,8 @@ export const setting = {
   ignore_emotes: 'Estä emojit',
   chat_sound: 'Soita viesti ääni',
   keyboard_layout: 'Näppäimistöasettelu',
+  file_transfer: 'Tiedoston siirto',
+  unpriv_file_transfer: 'Käyttäjän tiedostojen siirto',
   broadcast_title: 'Suora Lähetys',
 }
 
@@ -110,3 +113,9 @@ export const notifications = {
   muted: 'mykistetty {name}',
   unmuted: 'poistettu mykistys {name}',
 }
+
+export const files = {
+  downloads: 'Lataukset',
+  uploads: 'Lataa',
+  upload_here: 'Klikkaa tai vedä tiedostoja tähän ladataksesi'
+}
diff --git a/client/src/locale/fr-fr.ts b/client/src/locale/fr-fr.ts
index 7a7c9c6..34945fc 100644
--- a/client/src/locale/fr-fr.ts
+++ b/client/src/locale/fr-fr.ts
@@ -8,6 +8,7 @@ export const send_a_message = 'Envoyer un message'
 
 export const side = {
   chat: 'Chat',
+  files: 'Fichiers',
   settings: 'Paramètres',
 }
 
@@ -83,6 +84,8 @@ export const setting = {
   ignore_emotes: 'Ignorer les Emotes',
   chat_sound: 'Jouer le son du tchat',
   keyboard_layout: 'Langue du clavier',
+  file_transfer: 'Transfert de fichiers',
+  unpriv_file_transfer: 'Transfert de fichiers d\'utilisateurs',
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
@@ -117,3 +120,9 @@ export const notifications = {
   muted: 'a mute {name}',
   unmuted: 'a démute {name}',
 }
+
+export const files = {
+  downloads: 'Téléchargements',
+  uploads: 'Télécharger',
+  upload_here: 'Cliquez ou faites glisser les fichiers ici pour les télécharger'
+}
diff --git a/client/src/locale/ko-kr.ts b/client/src/locale/ko-kr.ts
index 3ed0ca7..7aa7cbe 100644
--- a/client/src/locale/ko-kr.ts
+++ b/client/src/locale/ko-kr.ts
@@ -7,6 +7,7 @@ export const send_a_message = '메세지 보내기'
 
 export const side = {
   chat: '채팅',
+  files: '파일',
   settings: '설정',
 }
 
@@ -77,6 +78,8 @@ export const setting = {
   ignore_emotes: '이모지 무시',
   chat_sound: '채팅 소리 재생',
   keyboard_layout: '키보드 레이아웃',
+  file_transfer: '파일 전송',
+  unpriv_file_transfer: '사용자 파일 전송',
   broadcast_title: '실시간 방송',
 }
 
@@ -108,3 +111,9 @@ export const notifications = {
   muted: '{name} 님이 뮤트됐습니다',
   unmuted: '{name} 님의 뮤트가 해제됐습니다',
 }
+
+export const files = {
+  downloads: '다운로드',
+  uploads: '업로드',
+  upload_here: '업로드할 파일을 여기로 클릭하거나 드래그하세요.'
+}
diff --git a/client/src/locale/nb-no.ts b/client/src/locale/nb-no.ts
index f19e999..c283dd4 100644
--- a/client/src/locale/nb-no.ts
+++ b/client/src/locale/nb-no.ts
@@ -8,6 +8,7 @@ export const send_a_message = 'Send en melding'
 
 export const side = {
   chat: 'Sludring',
+  files: 'Filer',
   settings: 'Innstillinger',
 }
 
@@ -83,6 +84,8 @@ export const setting = {
   ignore_emotes: 'Ignorer smilefjes',
   chat_sound: 'Sludringslyd',
   keyboard_layout: 'Tastaturoppsett',
+  file_transfer: 'Filoverførsel',
+  unpriv_file_transfer: 'Overførsel af brugerfiler',
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
@@ -117,3 +120,9 @@ export const notifications = {
   muted: 'forstummet {name}',
   unmuted: 'opphevet forstummingen av {name}',
 }
+
+export const files = {
+  downloads: 'Overførsler',
+  uploads: 'Overfør',
+  upload_here: 'Klik eller træk filer her for at uploade'
+}
diff --git a/client/src/locale/ru-ru.ts b/client/src/locale/ru-ru.ts
index ee6f481..b7cb4ad 100644
--- a/client/src/locale/ru-ru.ts
+++ b/client/src/locale/ru-ru.ts
@@ -7,6 +7,7 @@ export const send_a_message = 'Отправить сообщение'
 
 export const side = {
   chat: 'Чат',
+  files: 'Файлы',
   settings: 'Настройки',
 }
 
@@ -79,6 +80,8 @@ export const setting = {
   ignore_emotes: 'Игнорировать эмоции',
   chat_sound: 'Проигрывать звук чата',
   keyboard_layout: 'Раскладка клавиатуры',
+  file_transfer: 'Передача файлов',
+  unpriv_file_transfer: 'Передача файлов пользователей',
   broadcast_title: 'Прямой эфир',
 }
 
@@ -110,3 +113,9 @@ export const notifications = {
   muted: 'заглушен {name}',
   unmuted: 'не заглушен {name}',
 }
+
+export const files = {
+  downloads: 'Загрузки',
+  uploads: 'Загрузить',
+  upload_here: 'Нажмите или перетащите сюда файлы для загрузки'
+}
diff --git a/client/src/locale/sk-sk.ts b/client/src/locale/sk-sk.ts
index 93fe5c9..a2a6625 100644
--- a/client/src/locale/sk-sk.ts
+++ b/client/src/locale/sk-sk.ts
@@ -8,6 +8,7 @@ export const send_a_message = 'Odoslať správu'
 
 export const side = {
   chat: 'Chat',
+  files: 'Súbory',
   settings: 'Nastavenia',
 }
 
@@ -82,6 +83,8 @@ export const setting = {
   ignore_emotes: 'Ignorovať smajlíky',
   chat_sound: 'Prehrávať zvuky chatu',
   keyboard_layout: 'Rozloženie klávesnice',
+  file_transfer: 'Prenos súborov',
+  unpriv_file_transfer: 'Prenos súborov používateľa',
   broadcast_title: 'Živé vysielanie',
 }
 
@@ -113,3 +116,9 @@ export const notifications = {
   muted: 'zakázal chat používateľovi {name}',
   unmuted: 'povolil chat používateľovi {name}',
 }
+
+export const files = {
+  downloads: 'Stiahnutia',
+  uploads: 'Nahrávanie',
+  upload_here: 'Kliknutím alebo pretiahnutím súborov sem ich môžete nahrať'
+}
diff --git a/client/src/locale/sv-se.ts b/client/src/locale/sv-se.ts
index ad9904a..be831a3 100644
--- a/client/src/locale/sv-se.ts
+++ b/client/src/locale/sv-se.ts
@@ -8,6 +8,7 @@ export const send_a_message = 'Skicka ett meddelande'
 
 export const side = {
   chat: 'Chatt',
+  files: 'Filer',
   settings: 'Inställningar',
 }
 
@@ -83,6 +84,8 @@ export const setting = {
   ignore_emotes: 'Ignorera Emotes',
   chat_sound: 'Spela Chatt Ljud',
   keyboard_layout: 'Tangentbordslayout',
+  file_transfer: 'Överföring av filer',
+  unpriv_file_transfer: 'Överföring av användarfiler',
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
@@ -117,3 +120,9 @@ export const notifications = {
   muted: 'tystade {name}',
   unmuted: 'tog bort tystningen på {name}',
 }
+
+export const files = {
+  downloads: 'Nedladdningar',
+  uploads: 'Ladda upp',
+  upload_here: 'Klicka eller dra filer hit för att ladda upp dem'
+}
diff --git a/client/src/locale/zh-cn.ts b/client/src/locale/zh-cn.ts
index 566d1af..81d2c50 100644
--- a/client/src/locale/zh-cn.ts
+++ b/client/src/locale/zh-cn.ts
@@ -7,6 +7,7 @@ export const send_a_message = '发送消息'
 
 export const side = {
   chat: '聊天',
+  files: '文件',
   settings: '设置',
 }
 
@@ -79,6 +80,8 @@ export const setting = {
   ignore_emotes: '忽略表情符号',
   chat_sound: '播放聊天声音',
   keyboard_layout: '键盘布局',
+  file_transfer: '文件传输',
+  unpriv_file_transfer: '用户文件传输',
   broadcast_title: '现场流媒体',
 }
 
@@ -110,3 +113,9 @@ export const notifications = {
   muted: '鸟粪 {name}',
   unmuted: '取消静音 {name}',
 }
+
+export const files = {
+  downloads: '下载',
+  uploads: '上传',
+  upload_here: '点击或拖动文件到这里来上传'
+}

From 42ee7477a017c9700bfbca487fe5c393175e99c6 Mon Sep 17 00:00:00 2001
From: William Harrell <wharrell1@protonmail.com>
Date: Wed, 16 Nov 2022 22:30:50 -0500
Subject: [PATCH 13/25] updated configuration

---
 docs/getting-started/configuration.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/getting-started/configuration.md b/docs/getting-started/configuration.md
index 8026d0c..26a8db2 100644
--- a/docs/getting-started/configuration.md
+++ b/docs/getting-started/configuration.md
@@ -126,6 +126,19 @@ nat1to1: <ip>
   - Path prefix for HTTP requests.
   - e.g. `/neko/`
 
+### File Transfer
+
+#### `NEKO_FILE_TRANSFER`:
+  - Enable file transfer for admins at start
+  - e.g. `1`
+#### `NEKO_UNPRIV_FILE_TRANSFER`:
+  - Enable file transfer for all users at start. Ignored if NEKO_FILE_TRANSFER not enabled.
+  - e.g. `1`
+#### `NEKO_FILE_TRANSFER_PATH`:
+  - Path where files will be transferred between the host and users. By default this is
+  /home/neko/Downloads. If the path doesn't exist, it will be created.
+  - e.g. `/home/neko/Desktop`
+
 ### Expert settings
 
 #### `NEKO_DISPLAY`:
@@ -155,6 +168,8 @@ Flags:
       --device string               audio device to capture (default "auto_null.monitor")
       --display string              XDisplay to capture (default ":99.0")
       --epr string                  limits the pool of ephemeral ports that ICE UDP connections can allocate from (default "59000-59100")
+      --file_transfer               allow file transfer for admins
+      --file_transfer_path string   path to use for file transfer (default "/home/neko/Downloads")
       --g722                        DEPRECATED: use audio_codec
       --h264                        DEPRECATED: use video_codec
   -h, --help                        help for serve
@@ -179,6 +194,7 @@ Flags:
       --static string               path to neko client files to serve (default "./www")
       --tcpmux int                  single TCP mux port for all peers
       --udpmux int                  single UDP mux port for all peers
+      --unpriv_file_transfer        allow file transfer for non admins
       --video string                video codec parameters to use for streaming
       --video_bitrate int           video bitrate in kbit/s (default 3072)
       --video_codec string          video codec to be used (default "vp8")

From 04cd943eb43bdce49c81e6fc55f0a669baa825b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 15:46:27 +0100
Subject: [PATCH 14/25] move refresh ws to store.

---
 client/src/neko/index.ts  | 8 --------
 client/src/store/files.ts | 3 ++-
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/client/src/neko/index.ts b/client/src/neko/index.ts
index dc4b5ee..eefa6d6 100644
--- a/client/src/neko/index.ts
+++ b/client/src/neko/index.ts
@@ -72,14 +72,6 @@ export class NekoClient extends BaseClient implements EventEmitter<NekoEvents> {
     })
   }
 
-  public refreshFiles() {
-    if (!this.connected) {
-      this.emit('warn', 'attempting to refresh files while disconnected')
-    }
-    this.emit('debug', `sending event '${EVENT.FILETRANSFER.REFRESH}'`)
-    this._ws!.send(JSON.stringify({ event: EVENT.FILETRANSFER.REFRESH }))
-  }
-
   /////////////////////////////
   // Internal Events
   /////////////////////////////
diff --git a/client/src/store/files.ts b/client/src/store/files.ts
index c4122af..19d7c75 100644
--- a/client/src/store/files.ts
+++ b/client/src/store/files.ts
@@ -1,5 +1,6 @@
 import { actionTree, getterTree, mutationTree } from 'typed-vuex'
 import { FileListItem, FileTransfer } from '~/neko/types'
+import { EVENT } from '~/neko/events'
 import { accessor } from '~/store'
 
 export const state = () => ({
@@ -65,7 +66,7 @@ export const actions = actionTree(
       if (!accessor.connected) {
         return
       }
-      $client.refreshFiles()
+      $client.sendMessage(EVENT.FILETRANSFER.REFRESH)
     }
   }
 )

From fac8700192c73f8177e99db41120bea5ec59047f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 16:01:57 +0100
Subject: [PATCH 15/25] lint fix.

---
 client/src/components/files.vue    | 178 ++++++++++++++++-------------
 client/src/components/settings.vue |   4 +-
 client/src/components/side.vue     |  25 ++--
 client/src/lib.ts                  |  15 +--
 client/src/locale/de-de.ts         |   2 +-
 client/src/locale/en-us.ts         |   2 +-
 client/src/locale/es-sp.ts         |   2 +-
 client/src/locale/fi-fi.ts         |   2 +-
 client/src/locale/fr-fr.ts         |   4 +-
 client/src/locale/ko-kr.ts         |   2 +-
 client/src/locale/nb-no.ts         |   2 +-
 client/src/locale/ru-ru.ts         |   2 +-
 client/src/locale/sk-sk.ts         |   2 +-
 client/src/locale/sv-se.ts         |   2 +-
 client/src/locale/zh-cn.ts         |   2 +-
 client/src/neko/events.ts          |   2 +-
 client/src/neko/messages.ts        |  21 ++--
 client/src/neko/types.ts           |  18 +--
 client/src/store/files.ts          |   8 +-
 client/src/store/settings.ts       |   7 +-
 client/vue.config.js               |   2 +-
 21 files changed, 160 insertions(+), 144 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index b40553a..fae901e 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -9,8 +9,7 @@
         <i :class="fileIcon(item)" />
         <p>{{ item.name }}</p>
         <p class="file-size">{{ fileSize(item.size) }}</p>
-        <i v-if="item.type !== 'dir'" class="fas fa-download download"
-        @click="() => download(item)" />
+        <i v-if="item.type !== 'dir'" class="fas fa-download download" @click="() => download(item)" />
       </div>
     </div>
     <div class="transfer-area">
@@ -18,29 +17,51 @@
         <p v-if="downloads.length > 0">{{ $t('files.downloads') }}</p>
         <div v-for="download in downloads" :key="download.id" class="transfers-list-item">
           <div class="transfer-info">
-            <i class="fas transfer-status" :class="{ 'fa-arrows-rotate': download.status !== 'completed', 'fa-check': download.status === 'completed' }"></i>
+            <i
+              class="fas transfer-status"
+              :class="{
+                'fa-arrows-rotate': download.status !== 'completed',
+                'fa-check': download.status === 'completed',
+              }"
+            ></i>
             <p>{{ download.name }}</p>
-            <p class="file-size">{{ Math.min(100, Math.round(download.progress / download.size * 100))}}%</p>
+            <p class="file-size">{{ Math.min(100, Math.round((download.progress / download.size) * 100)) }}%</p>
             <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(download)"></i>
           </div>
-          <progress class="transfer-progress" :aria-label="download.name + ' progress'" :value="download.progress"
-          :max="download.size"></progress>
+          <progress
+            class="transfer-progress"
+            :aria-label="download.name + ' progress'"
+            :value="download.progress"
+            :max="download.size"
+          ></progress>
         </div>
-        <p v-if="uploads.length > 0">{{ $t('files.uploads' )}}</p>
+        <p v-if="uploads.length > 0">{{ $t('files.uploads') }}</p>
         <div v-for="upload in uploads" :key="upload.id" class="transfers-list-item">
           <div class="transfer-info">
-            <i class="fas transfer-status" :class="{ 'fa-arrows-rotate': upload.status !== 'completed', 'fa-check': upload.status === 'completed' }"></i>
+            <i
+              class="fas transfer-status"
+              :class="{ 'fa-arrows-rotate': upload.status !== 'completed', 'fa-check': upload.status === 'completed' }"
+            ></i>
             <p>{{ upload.name }}</p>
-            <p class="file-size">{{ Math.min(100, Math.round(upload.progress / upload.size * 100))}}%</p>
+            <p class="file-size">{{ Math.min(100, Math.round((upload.progress / upload.size) * 100)) }}%</p>
             <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(upload)"></i>
           </div>
-          <progress class="transfer-progress" :aria-label="upload.name + ' progress'" :value="upload.progress"
-          :max="upload.size"></progress>
+          <progress
+            class="transfer-progress"
+            :aria-label="upload.name + ' progress'"
+            :value="upload.progress"
+            :max="upload.size"
+          ></progress>
         </div>
       </div>
-      <div class="upload-area" :class="{ 'upload-area-drag': uploadAreaDrag }"
-      @dragover.prevent="() => uploadAreaDrag = true" @dragleave.prevent="() => uploadAreaDrag = false"
-      @drop.prevent="(e) => upload(e.dataTransfer)" @click="openFileBrowser">
+      <div
+        class="upload-area"
+        :class="{ 'upload-area-drag': uploadAreaDrag }"
+        @dragover.prevent="() => (uploadAreaDrag = true)"
+        @dragleave.prevent="() => (uploadAreaDrag = false)"
+        @drop.prevent="(e) => upload(e.dataTransfer)"
+        @click="openFileBrowser"
+      >
         <i class="fas fa-file-arrow-up" />
         <p>{{ $t('files.upload_here') }}</p>
       </div>
@@ -94,12 +115,13 @@
 
     .files-list-item {
       padding: 0.5em;
-      border-bottom: 2px solid rgba($color: #fff, $alpha: 0.10);
+      border-bottom: 2px solid rgba($color: #fff, $alpha: 0.1);
       display: flex;
       flex-direction: row;
     }
 
-    .file-icon, .transfer-status {
+    .file-icon,
+    .transfer-status {
       width: 14px;
       margin-right: 0.5em;
     }
@@ -115,10 +137,12 @@
     .file-size {
       margin-left: auto;
       margin-right: 0.5em;
-      color: rgba($color: #fff, $alpha: 0.40);
+      color: rgba($color: #fff, $alpha: 0.4);
     }
 
-    .refresh:hover, .download:hover, .remove-transfer:hover {
+    .refresh:hover,
+    .download:hover,
+    .remove-transfer:hover {
       cursor: pointer;
     }
 
@@ -186,8 +210,9 @@
       cursor: pointer;
     }
 
-    .upload-area-drag, .upload-area:hover {
-      background-color: rgba($color: #fff, $alpha: 0.10);
+    .upload-area-drag,
+    .upload-area:hover {
+      background-color: rgba($color: #fff, $alpha: 0.1);
     }
 
     .upload-area > i {
@@ -198,12 +223,10 @@
     .upload-area > p {
       margin: 0px 10px 10px 10px;
     }
-
   }
 </style>
 
 <script lang="ts">
-
   import { Component, Vue } from 'vue-property-decorator'
 
   import Markdown from './markdown'
@@ -215,11 +238,10 @@
     components: {
       'neko-markdown': Markdown,
       'neko-context': Content,
-    }
+    },
   })
   export default class extends Vue {
-
-    public uploadAreaDrag: boolean = false;
+    public uploadAreaDrag: boolean = false
 
     get cwd() {
       return this.$accessor.files.cwd
@@ -234,13 +256,13 @@
     }
 
     get downloads() {
-      return this.$accessor.files.transfers.filter((t => t.direction === 'download'))
+      return this.$accessor.files.transfers.filter((t) => t.direction === 'download')
     }
 
     get uploads() {
-      return this.$accessor.files.transfers.filter((t => t.direction === 'upload'))
+      return this.$accessor.files.transfers.filter((t) => t.direction === 'upload')
     }
-    
+
     refresh() {
       this.$accessor.files.refresh()
     }
@@ -261,39 +283,41 @@
         progress: 0,
         status: 'pending',
         axios: null,
-        abortController: null
+        abortController: null,
       }
       transfer.abortController = new AbortController()
-      transfer.axios = this.$http.get(url, {
-        responseType: 'blob',
-        signal: transfer.abortController.signal,
-        onDownloadProgress: (x) => {
-          transfer.progress = x.loaded
+      transfer.axios = this.$http
+        .get(url, {
+          responseType: 'blob',
+          signal: transfer.abortController.signal,
+          onDownloadProgress: (x) => {
+            transfer.progress = x.loaded
 
-          if (x.lengthComputable && transfer.size !== x.total) {
-            transfer.size = x.total
-          }
-          if (transfer.progress === transfer.size) {
-            transfer.status = 'completed'
-          } else if (transfer.status !== 'inprogress') {
-            transfer.status = 'inprogress'
-          }
-        }
-      }).then((res) => {
-        const url = window.URL
-        .createObjectURL(new Blob([res.data]))
-        const link = document.createElement('a')
-        link.href = url
-        link.setAttribute('download', item.name)
-        document.body.appendChild(link)
-        link.click()
-        document.body.removeChild(link)
+            if (x.lengthComputable && transfer.size !== x.total) {
+              transfer.size = x.total
+            }
+            if (transfer.progress === transfer.size) {
+              transfer.status = 'completed'
+            } else if (transfer.status !== 'inprogress') {
+              transfer.status = 'inprogress'
+            }
+          },
+        })
+        .then((res) => {
+          const url = window.URL.createObjectURL(new Blob([res.data]))
+          const link = document.createElement('a')
+          link.href = url
+          link.setAttribute('download', item.name)
+          document.body.appendChild(link)
+          link.click()
+          document.body.removeChild(link)
 
-        transfer.progress = transfer.size
-        transfer.status = 'completed'
-      }).catch((err) => {
-        this.$log.error(err)
-      })
+          transfer.progress = transfer.size
+          transfer.status = 'completed'
+        })
+        .catch((err) => {
+          this.$log.error(err)
+        })
       this.$accessor.files.addTransfer(transfer)
     }
 
@@ -302,7 +326,7 @@
 
       for (const file of dt.files) {
         const formdata = new FormData()
-        formdata.append("files", file, file.name)
+        formdata.append('files', file, file.name)
 
         const url = `/file?pwd=${this.$accessor.password}`
         let transfer: FileTransfer = {
@@ -313,25 +337,27 @@
           progress: 0,
           status: 'pending',
           axios: null,
-          abortController: null
+          abortController: null,
         }
         transfer.abortController = new AbortController()
-        this.$http.post(url, formdata, {
-          onUploadProgress: (x: any) => {
-            transfer.progress = x.loaded
+        this.$http
+          .post(url, formdata, {
+            onUploadProgress: (x: any) => {
+              transfer.progress = x.loaded
 
-            if (transfer.size !== x.total) {
-              transfer.size = x.total
-            }
-            if (transfer.progress === transfer.size) {
-              transfer.status = 'completed'
-            } else if (transfer.status !== 'inprogress') {
-              transfer.status = 'inprogress'
-            }
-          }
-        }).catch((err) => {
-          this.$log.error(err)
-        })
+              if (transfer.size !== x.total) {
+                transfer.size = x.total
+              }
+              if (transfer.progress === transfer.size) {
+                transfer.status = 'completed'
+              } else if (transfer.status !== 'inprogress') {
+                transfer.status = 'inprogress'
+              }
+            },
+          })
+          .catch((err) => {
+            this.$log.error(err)
+          })
         this.$accessor.files.addTransfer(transfer)
       }
     }
@@ -399,7 +425,7 @@
         case 'tiff':
         case 'webp':
           className += 'fa-image'
-          break;
+          break
         default:
           className += 'fa-file'
       }
@@ -421,7 +447,5 @@
       }
       return `${(size / 1000 ** 4).toFixed(3)} tb`
     }
-
   }
-
 </script>
diff --git a/client/src/components/settings.vue b/client/src/components/settings.vue
index c95bd67..2535cb2 100644
--- a/client/src/components/settings.vue
+++ b/client/src/components/settings.vue
@@ -385,7 +385,7 @@
     }
 
     set file_transfer(value: boolean) {
-      this.$accessor.settings.setGlobalFileTransferStatus({ admin: value, unpriv: false })
+      this.$accessor.settings.setRemoteFileTransferStatus({ admin: value, unpriv: false })
     }
 
     get unpriv_file_transfer() {
@@ -393,7 +393,7 @@
     }
 
     set unpriv_file_transfer(value: boolean) {
-      this.$accessor.settings.setGlobalFileTransferStatus({ admin: this.file_transfer, unpriv: value }) 
+      this.$accessor.settings.setRemoteFileTransferStatus({ admin: this.file_transfer, unpriv: value })
     }
 
     get broadcast_is_active() {
diff --git a/client/src/components/side.vue b/client/src/components/side.vue
index 282065a..7404a98 100644
--- a/client/src/components/side.vue
+++ b/client/src/components/side.vue
@@ -79,7 +79,7 @@
 </style>
 
 <script lang="ts">
-  import { Vue, Component } from 'vue-property-decorator'
+  import { Vue, Component, Watch } from 'vue-property-decorator'
 
   import Settings from '~/components/settings.vue'
   import Chat from '~/components/chat.vue'
@@ -90,28 +90,29 @@
     components: {
       'neko-settings': Settings,
       'neko-chat': Chat,
-      'neko-files': Files
+      'neko-files': Files,
     },
   })
   export default class extends Vue {
-
-    constructor() {
-      super()
-      if (this.tab === 'files' && (!this.$accessor.settings.file_transfer ||
-      !this.$accessor.user.admin && this.$accessor.settings.unpriv_file_transfer)) {
-        this.change('chat')
-      }
-    }
-
     get filetransferAllowed() {
-      return this.$accessor.user.admin && this.$accessor.settings.file_transfer ||
+      return (
+        (this.$accessor.user.admin && this.$accessor.settings.file_transfer) ||
         this.$accessor.settings.unpriv_file_transfer
+      )
     }
 
     get tab() {
       return this.$accessor.client.tab
     }
 
+    @Watch('tab', { immediate: true })
+    onTabChange() {
+      // do not show the files tab if file transfer is disabled
+      if (this.tab === 'files' && !this.filetransferAllowed) {
+        this.change('chat')
+      }
+    }
+
     change(tab: string) {
       this.$accessor.client.setTab(tab)
     }
diff --git a/client/src/lib.ts b/client/src/lib.ts
index 5062fdf..bdcd46b 100644
--- a/client/src/lib.ts
+++ b/client/src/lib.ts
@@ -38,9 +38,9 @@ const exportMixin = {
     $accessor() {
       return neko
     },
-    $client () {
+    $client() {
       return window.$client
-    }
+    },
   },
 }
 
@@ -52,15 +52,8 @@ const plugini18n: PluginObject<undefined> = {
   },
 }
 
-function extend (component: any) {
-  return component
-    .use(plugini18n)
-    .use(Logger)
-    .use(Axios)
-    .use(Swal)
-    .use(Anime)
-    .use(Client)
-    .extend(exportMixin)
+function extend(component: any) {
+  return component.use(plugini18n).use(Logger).use(Axios).use(Swal).use(Anime).use(Client).extend(exportMixin)
 }
 
 export const NekoConnect = extend(Connect)
diff --git a/client/src/locale/de-de.ts b/client/src/locale/de-de.ts
index 4a6677c..7eac5b4 100644
--- a/client/src/locale/de-de.ts
+++ b/client/src/locale/de-de.ts
@@ -115,5 +115,5 @@ export const notifications = {
 export const files = {
   downloads: 'Herunterladen',
   uploads: 'Hochladen',
-  upload_here: 'Klicken oder ziehen Sie Dateien zum Hochladen hierher'
+  upload_here: 'Klicken oder ziehen Sie Dateien zum Hochladen hierher',
 }
diff --git a/client/src/locale/en-us.ts b/client/src/locale/en-us.ts
index 7fab0d6..db9dfe8 100644
--- a/client/src/locale/en-us.ts
+++ b/client/src/locale/en-us.ts
@@ -117,5 +117,5 @@ export const notifications = {
 export const files = {
   downloads: 'Downloads',
   uploads: 'Uploads',
-  upload_here: 'Click or drag files here to upload'
+  upload_here: 'Click or drag files here to upload',
 }
diff --git a/client/src/locale/es-sp.ts b/client/src/locale/es-sp.ts
index 7bcac54..0aecc12 100644
--- a/client/src/locale/es-sp.ts
+++ b/client/src/locale/es-sp.ts
@@ -124,5 +124,5 @@ export const notifications = {
 export const files = {
   downloads: 'Descargas',
   uploads: 'Cargar',
-  upload_here: 'Haga clic o arrastre los archivos aquí para cargarlos'
+  upload_here: 'Haga clic o arrastre los archivos aquí para cargarlos',
 }
diff --git a/client/src/locale/fi-fi.ts b/client/src/locale/fi-fi.ts
index e5be783..a63eb90 100644
--- a/client/src/locale/fi-fi.ts
+++ b/client/src/locale/fi-fi.ts
@@ -117,5 +117,5 @@ export const notifications = {
 export const files = {
   downloads: 'Lataukset',
   uploads: 'Lataa',
-  upload_here: 'Klikkaa tai vedä tiedostoja tähän ladataksesi'
+  upload_here: 'Klikkaa tai vedä tiedostoja tähän ladataksesi',
 }
diff --git a/client/src/locale/fr-fr.ts b/client/src/locale/fr-fr.ts
index 34945fc..7481dc3 100644
--- a/client/src/locale/fr-fr.ts
+++ b/client/src/locale/fr-fr.ts
@@ -85,7 +85,7 @@ export const setting = {
   chat_sound: 'Jouer le son du tchat',
   keyboard_layout: 'Langue du clavier',
   file_transfer: 'Transfert de fichiers',
-  unpriv_file_transfer: 'Transfert de fichiers d\'utilisateurs',
+  unpriv_file_transfer: "Transfert de fichiers d'utilisateurs",
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
@@ -124,5 +124,5 @@ export const notifications = {
 export const files = {
   downloads: 'Téléchargements',
   uploads: 'Télécharger',
-  upload_here: 'Cliquez ou faites glisser les fichiers ici pour les télécharger'
+  upload_here: 'Cliquez ou faites glisser les fichiers ici pour les télécharger',
 }
diff --git a/client/src/locale/ko-kr.ts b/client/src/locale/ko-kr.ts
index 7aa7cbe..10e6a02 100644
--- a/client/src/locale/ko-kr.ts
+++ b/client/src/locale/ko-kr.ts
@@ -115,5 +115,5 @@ export const notifications = {
 export const files = {
   downloads: '다운로드',
   uploads: '업로드',
-  upload_here: '업로드할 파일을 여기로 클릭하거나 드래그하세요.'
+  upload_here: '업로드할 파일을 여기로 클릭하거나 드래그하세요.',
 }
diff --git a/client/src/locale/nb-no.ts b/client/src/locale/nb-no.ts
index c283dd4..6366784 100644
--- a/client/src/locale/nb-no.ts
+++ b/client/src/locale/nb-no.ts
@@ -124,5 +124,5 @@ export const notifications = {
 export const files = {
   downloads: 'Overførsler',
   uploads: 'Overfør',
-  upload_here: 'Klik eller træk filer her for at uploade'
+  upload_here: 'Klik eller træk filer her for at uploade',
 }
diff --git a/client/src/locale/ru-ru.ts b/client/src/locale/ru-ru.ts
index b7cb4ad..faa8ea1 100644
--- a/client/src/locale/ru-ru.ts
+++ b/client/src/locale/ru-ru.ts
@@ -117,5 +117,5 @@ export const notifications = {
 export const files = {
   downloads: 'Загрузки',
   uploads: 'Загрузить',
-  upload_here: 'Нажмите или перетащите сюда файлы для загрузки'
+  upload_here: 'Нажмите или перетащите сюда файлы для загрузки',
 }
diff --git a/client/src/locale/sk-sk.ts b/client/src/locale/sk-sk.ts
index a2a6625..f5cf9f8 100644
--- a/client/src/locale/sk-sk.ts
+++ b/client/src/locale/sk-sk.ts
@@ -120,5 +120,5 @@ export const notifications = {
 export const files = {
   downloads: 'Stiahnutia',
   uploads: 'Nahrávanie',
-  upload_here: 'Kliknutím alebo pretiahnutím súborov sem ich môžete nahrať'
+  upload_here: 'Kliknutím alebo pretiahnutím súborov sem ich môžete nahrať',
 }
diff --git a/client/src/locale/sv-se.ts b/client/src/locale/sv-se.ts
index be831a3..3ea55e3 100644
--- a/client/src/locale/sv-se.ts
+++ b/client/src/locale/sv-se.ts
@@ -124,5 +124,5 @@ export const notifications = {
 export const files = {
   downloads: 'Nedladdningar',
   uploads: 'Ladda upp',
-  upload_here: 'Klicka eller dra filer hit för att ladda upp dem'
+  upload_here: 'Klicka eller dra filer hit för att ladda upp dem',
 }
diff --git a/client/src/locale/zh-cn.ts b/client/src/locale/zh-cn.ts
index 81d2c50..b709d63 100644
--- a/client/src/locale/zh-cn.ts
+++ b/client/src/locale/zh-cn.ts
@@ -117,5 +117,5 @@ export const notifications = {
 export const files = {
   downloads: '下载',
   uploads: '上传',
-  upload_here: '点击或拖动文件到这里来上传'
+  upload_here: '点击或拖动文件到这里来上传',
 }
diff --git a/client/src/neko/events.ts b/client/src/neko/events.ts
index d73c185..8dfdbd8 100644
--- a/client/src/neko/events.ts
+++ b/client/src/neko/events.ts
@@ -41,7 +41,7 @@ export const EVENT = {
   FILETRANSFER: {
     STATUS: 'filetransfer/status',
     LIST: 'filetransfer/list',
-    REFRESH: 'filetransfer/refresh'
+    REFRESH: 'filetransfer/refresh',
   },
   SCREEN: {
     CONFIGURATIONS: 'screen/configurations',
diff --git a/client/src/neko/messages.ts b/client/src/neko/messages.ts
index b71d73d..4e179ac 100644
--- a/client/src/neko/messages.ts
+++ b/client/src/neko/messages.ts
@@ -10,12 +10,7 @@ import {
   AdminEvents,
   FileTransferEvents,
 } from './events'
-import {
-  FileListItem,
-  Member,
-  ScreenConfigurations,
-  ScreenResolution
-} from './types'
+import { FileListItem, Member, ScreenConfigurations, ScreenResolution } from './types'
 
 export type WebSocketMessages =
   | WebSocketMessage
@@ -199,12 +194,15 @@ export interface EmojiSendPayload {
   emote: string
 }
 
-// file transfer enabled
+/*
+  FILE TRANSFER PAYLOADS
+*/
 export interface FileTransferStatusMessage extends WebSocketMessage, FileTransferStatusPayload {
   event: typeof EVENT.FILETRANSFER.STATUS
 }
+
 export interface FileTransferStatusPayload {
-  admin: boolean,
+  admin: boolean
   unpriv: boolean
 }
 
@@ -212,8 +210,9 @@ export interface FileTransferStatusPayload {
 export interface FileTransferListMessage extends WebSocketMessage, FileTransferListPayload {
   event: FileTransferEvents
 }
+
 export interface FileTransferListPayload {
-  cwd: string,
+  cwd: string
   files: FileListItem[]
 }
 
@@ -240,11 +239,11 @@ export interface ScreenConfigurationsPayload {
   BROADCAST PAYLOADS
 */
 export interface BroadcastCreatePayload {
-  url:   string
+  url: string
 }
 
 export interface BroadcastStatusPayload {
-  url:      string
+  url: string
   isActive: boolean
 }
 
diff --git a/client/src/neko/types.ts b/client/src/neko/types.ts
index 31bb44a..14123f4 100644
--- a/client/src/neko/types.ts
+++ b/client/src/neko/types.ts
@@ -24,18 +24,18 @@ export interface ScreenResolution {
 }
 
 export interface FileListItem {
-  name: string,
-  type: 'file' | 'dir',
+  name: string
+  type: 'file' | 'dir'
   size: number
 }
 
 export interface FileTransfer {
-  id: number,
-  name: string,
-  direction: 'upload' | 'download',
-  size: number,
-  progress: number,
-  status: 'pending' | 'inprogress' | 'completed',
-  axios: Promise<void> | null,
+  id: number
+  name: string
+  direction: 'upload' | 'download'
+  size: number
+  progress: number
+  status: 'pending' | 'inprogress' | 'completed'
+  axios: Promise<void> | null
   abortController: AbortController | null
 }
diff --git a/client/src/store/files.ts b/client/src/store/files.ts
index 19d7c75..038ec6a 100644
--- a/client/src/store/files.ts
+++ b/client/src/store/files.ts
@@ -6,7 +6,7 @@ import { accessor } from '~/store'
 export const state = () => ({
   cwd: '',
   files: [] as FileListItem[],
-  transfers: [] as FileTransfer[]
+  transfers: [] as FileTransfer[],
 })
 
 export const getters = getterTree(state, {
@@ -28,7 +28,7 @@ export const mutations = mutationTree(state, {
 
   _removeTransfer(state, transfer: FileTransfer) {
     state.transfers = state.transfers.filter((t) => t.id !== transfer.id)
-  }
+  },
 })
 
 export const actions = actionTree(
@@ -67,6 +67,6 @@ export const actions = actionTree(
         return
       }
       $client.sendMessage(EVENT.FILETRANSFER.REFRESH)
-    }
-  }
+    },
+  },
 )
diff --git a/client/src/store/settings.ts b/client/src/store/settings.ts
index f68a468..8b41112 100644
--- a/client/src/store/settings.ts
+++ b/client/src/store/settings.ts
@@ -94,16 +94,15 @@ export const actions = actionTree(
       accessor.settings.setFileTransfer(admin)
       accessor.settings.setUnprivFileTransfer(unpriv)
 
-      if (!admin || !accessor.user.admin && !unpriv) {
+      if (!admin || (!accessor.user.admin && !unpriv)) {
         accessor.files.cancelAllTransfers()
       }
-      
+
       if (accessor.client.tab === 'files' && !unpriv) {
         accessor.client.setTab('chat')
       }
     },
-
-    setGlobalFileTransferStatus({ getters}, { admin, unpriv }) {
+    setRemoteFileTransferStatus({ getters }, { admin, unpriv }) {
       $client.sendMessage(EVENT.FILETRANSFER.STATUS, { admin, unpriv })
     },
 
diff --git a/client/vue.config.js b/client/vue.config.js
index 1b96262..07af7de 100644
--- a/client/vue.config.js
+++ b/client/vue.config.js
@@ -23,5 +23,5 @@ module.exports = {
   },
   devServer: {
     disableHostCheck: true,
-  }
+  },
 }

From 3703d2b73de4ecfda7707a715cace5cbc22457fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 16:53:13 +0100
Subject: [PATCH 16/25] lint fix.

---
 client/src/components/files.vue | 83 +++++++++++++++++++++------------
 1 file changed, 54 insertions(+), 29 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index fae901e..972c069 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -231,7 +231,7 @@
 
   import Markdown from './markdown'
   import Content from './context.vue'
-  import { FileTransfer } from '~/neko/types'
+  import { FileTransfer, FileListItem } from '~/neko/types'
 
   @Component({
     name: 'neko-files',
@@ -267,12 +267,15 @@
       this.$accessor.files.refresh()
     }
 
-    download(item: any) {
+    download(item: FileListItem) {
       if (this.downloads.map((t) => t.name).includes(item.name)) {
         return
       }
 
-      const url = `/file?pwd=${this.$accessor.password}&filename=${item.name}`
+      const url =
+        '/file?pwd=' + encodeURIComponent(this.$accessor.password) + '&filename=' + encodeURIComponent(item.name)
+      const abortController = new AbortController()
+
       let transfer: FileTransfer = {
         id: Math.round(Math.random() * 10000),
         name: item.name,
@@ -283,13 +286,13 @@
         progress: 0,
         status: 'pending',
         axios: null,
-        abortController: null,
+        abortController: abortController,
       }
-      transfer.abortController = new AbortController()
+
       transfer.axios = this.$http
         .get(url, {
           responseType: 'blob',
-          signal: transfer.abortController.signal,
+          signal: abortController.signal,
           onDownloadProgress: (x) => {
             transfer.progress = x.loaded
 
@@ -318,17 +321,20 @@
         .catch((err) => {
           this.$log.error(err)
         })
+
       this.$accessor.files.addTransfer(transfer)
     }
 
     upload(dt: DataTransfer) {
+      const url = '/file?pwd=' + encodeURIComponent(this.$accessor.password)
       this.uploadAreaDrag = false
 
       for (const file of dt.files) {
+        const abortController = new AbortController()
+
         const formdata = new FormData()
         formdata.append('files', file, file.name)
 
-        const url = `/file?pwd=${this.$accessor.password}`
         let transfer: FileTransfer = {
           id: Math.round(Math.random() * 10000),
           name: file.name,
@@ -337,11 +343,12 @@
           progress: 0,
           status: 'pending',
           axios: null,
-          abortController: null,
+          abortController: abortController,
         }
-        transfer.abortController = new AbortController()
+
         this.$http
           .post(url, formdata, {
+            signal: abortController.signal,
             onUploadProgress: (x: any) => {
               transfer.progress = x.loaded
 
@@ -358,6 +365,7 @@
           .catch((err) => {
             this.$log.error(err)
           })
+
         this.$accessor.files.addTransfer(transfer)
       }
     }
@@ -366,19 +374,20 @@
       const input = document.createElement('input')
       input.type = 'file'
       input.setAttribute('multiple', 'true')
-      input.click()
+      input.onchange = (e: Event) => {
+        if (e === null) return
 
-      input.onchange = (e) => {
-        if (e === null) {
-          return
-        }
         const dt = new DataTransfer()
-        const target = e.target as any
+        const target = e.target as HTMLInputElement
+        if (target.files === null) return
+
         for (const f of target.files) {
           dt.items.add(f)
         }
+
         this.upload(dt)
       }
+      input.click()
     }
 
     removeTransfer(transfer: FileTransfer) {
@@ -388,19 +397,34 @@
       this.$accessor.files.removeTransfer(transfer)
     }
 
-    fileIcon(file: any) {
+    fileIcon(file: FileListItem) {
       let className = 'file-icon fas '
+      // if is directory
       if (file.type === 'dir') {
         className += 'fa-folder'
         return className
       }
-      const parts = file.name.split('.')
-      if (!parts) {
+      // try to get file extension
+      const ext = file.name.split('.').pop()
+      if (ext === undefined) {
         className += 'fa-file'
         return className
       }
-      const ext = parts[parts.length - 1]
-      switch (ext) {
+      // try to find icon
+      switch (ext.toLowerCase()) {
+        case 'txt':
+        case 'md':
+          className += 'fa-file-text'
+          break
+        case 'pdf':
+          className += 'fa-file-pdf'
+          break
+        case 'zip':
+        case 'rar':
+        case '7z':
+        case 'gz':
+          className += 'fa-archive'
+          break
         case 'aac':
         case 'flac':
         case 'midi':
@@ -409,6 +433,7 @@
         case 'wav':
           className += 'fa-music'
           break
+        case 'avi':
         case 'mkv':
         case 'mov':
         case 'mpeg':
@@ -433,19 +458,19 @@
     }
 
     fileSize(size: number) {
-      if (size < 1000) {
-        return `${size} b`
+      if (size < 1024) {
+        return size + ' B'
       }
-      if (size < 1000 ** 2) {
-        return `${(size / 1000).toFixed(2)} kb`
+      if (size < 1024 * 1024) {
+        return Math.round(size / 1024) + ' KB'
       }
-      if (size < 1000 ** 3) {
-        return `${(size / 1000 ** 2).toFixed(2)} mb`
+      if (size < 1024 * 1024 * 1024) {
+        return Math.round(size / (1024 * 1024)) + ' MB'
       }
-      if (size < 1000 ** 4) {
-        return `${(size / 1000 ** 3).toFixed(2)} gb`
+      if (size < 1024 * 1024 * 1024 * 1024) {
+        return Math.round(size / (1024 * 1024 * 1024)) + ' GB'
       }
-      return `${(size / 1000 ** 4).toFixed(3)} tb`
+      return Math.round(size / (1024 * 1024 * 1024 * 1024)) + ' TB'
     }
   }
 </script>

From 950cb118cca13dfc1f14127356d512fc9433af86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 16:57:00 +0100
Subject: [PATCH 17/25] remove unused property.

---
 client/src/components/files.vue | 4 +---
 client/src/neko/types.ts        | 1 -
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 972c069..359eda8 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -285,11 +285,10 @@
         size: item.size,
         progress: 0,
         status: 'pending',
-        axios: null,
         abortController: abortController,
       }
 
-      transfer.axios = this.$http
+      this.$http
         .get(url, {
           responseType: 'blob',
           signal: abortController.signal,
@@ -342,7 +341,6 @@
           size: file.size,
           progress: 0,
           status: 'pending',
-          axios: null,
           abortController: abortController,
         }
 
diff --git a/client/src/neko/types.ts b/client/src/neko/types.ts
index 14123f4..ab6a813 100644
--- a/client/src/neko/types.ts
+++ b/client/src/neko/types.ts
@@ -36,6 +36,5 @@ export interface FileTransfer {
   size: number
   progress: number
   status: 'pending' | 'inprogress' | 'completed'
-  axios: Promise<void> | null
   abortController: AbortController | null
 }

From 76b44b949c84928a6e1668040f78ea7577274959 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 17:35:02 +0100
Subject: [PATCH 18/25] add status failed + error.

---
 client/src/components/files.vue | 52 ++++++++++++++++++++++++++++-----
 client/src/neko/types.ts        |  5 ++--
 2 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 359eda8..84b34c8 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -14,39 +14,57 @@
     </div>
     <div class="transfer-area">
       <div class="transfers" v-if="transfers.length > 0">
-        <p v-if="downloads.length > 0">{{ $t('files.downloads') }}</p>
+        <p v-if="downloads.length > 0" class="transfers-list-header">
+          <span>{{ $t('files.downloads') }}</span>
+          <i class="fas fa-xmark remove-transfer" @click="downloads.forEach((t) => removeTransfer(t))"></i>
+        </p>
         <div v-for="download in downloads" :key="download.id" class="transfers-list-item">
           <div class="transfer-info">
             <i
               class="fas transfer-status"
               :class="{
-                'fa-arrows-rotate': download.status !== 'completed',
+                'fa-clock': download.status === 'pending',
+                'fa-arrows-rotate': download.status === 'inprogress',
                 'fa-check': download.status === 'completed',
+                'fa-warning': download.status === 'failed',
               }"
             ></i>
             <p>{{ download.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round((download.progress / download.size) * 100)) }}%</p>
             <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(download)"></i>
           </div>
+          <div v-if="download.status === 'failed'" class="transfer-error">{{ download.error }}</div>
           <progress
+            v-else
             class="transfer-progress"
             :aria-label="download.name + ' progress'"
             :value="download.progress"
             :max="download.size"
           ></progress>
         </div>
-        <p v-if="uploads.length > 0">{{ $t('files.uploads') }}</p>
+        <p v-if="uploads.length > 0" class="transfers-list-header">
+          <span>{{ $t('files.uploads') }}</span>
+          <i class="fas fa-xmark remove-transfer" @click="uploads.forEach((t) => removeTransfer(t))"></i>
+        </p>
         <div v-for="upload in uploads" :key="upload.id" class="transfers-list-item">
           <div class="transfer-info">
             <i
               class="fas transfer-status"
-              :class="{ 'fa-arrows-rotate': upload.status !== 'completed', 'fa-check': upload.status === 'completed' }"
+              :title="upload.status"
+              :class="{
+                'fa-clock': upload.status === 'pending',
+                'fa-arrows-rotate': upload.status === 'inprogress',
+                'fa-check': upload.status === 'completed',
+                'fa-warning': upload.status === 'failed',
+              }"
             ></i>
             <p>{{ upload.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round((upload.progress / upload.size) * 100)) }}%</p>
             <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(upload)"></i>
           </div>
+          <div v-if="upload.status === 'failed'" class="transfer-error">{{ upload.error }}</div>
           <progress
+            v-else
             class="transfer-progress"
             :aria-label="upload.name + ' progress'"
             :value="upload.progress"
@@ -120,12 +138,24 @@
       flex-direction: row;
     }
 
+    .transfers-list-header {
+      display: flex;
+      justify-content: space-between;
+      border-bottom: 2px solid rgba($color: #fff, $alpha: 0.1);
+    }
+
     .file-icon,
     .transfer-status {
       width: 14px;
       margin-right: 0.5em;
     }
 
+    .transfer-error {
+      border: 1px solid $style-error;
+      border-radius: 5px;
+      padding: 10px;
+    }
+
     .files-list-item:last-child {
       border-bottom: 0px;
     }
@@ -317,8 +347,11 @@
           transfer.progress = transfer.size
           transfer.status = 'completed'
         })
-        .catch((err) => {
-          this.$log.error(err)
+        .catch((error) => {
+          this.$log.error(error)
+
+          transfer.status = 'failed'
+          transfer.error = error.message
         })
 
       this.$accessor.files.addTransfer(transfer)
@@ -360,8 +393,11 @@
               }
             },
           })
-          .catch((err) => {
-            this.$log.error(err)
+          .catch((error) => {
+            this.$log.error(error)
+
+            transfer.status = 'failed'
+            transfer.error = error.message
           })
 
         this.$accessor.files.addTransfer(transfer)
diff --git a/client/src/neko/types.ts b/client/src/neko/types.ts
index ab6a813..bc4d046 100644
--- a/client/src/neko/types.ts
+++ b/client/src/neko/types.ts
@@ -35,6 +35,7 @@ export interface FileTransfer {
   direction: 'upload' | 'download'
   size: number
   progress: number
-  status: 'pending' | 'inprogress' | 'completed'
-  abortController: AbortController | null
+  status: 'pending' | 'inprogress' | 'completed' | 'failed'
+  error?: string
+  abortController?: AbortController
 }

From cdb9b185f2ae773a06465955f9c6f1231d376a2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 18:29:21 +0100
Subject: [PATCH 19/25] filepath clean.

---
 server/internal/config/websocket.go        |  3 ++
 server/internal/utils/files.go             |  4 +-
 server/internal/websocket/handler/files.go | 12 ++++--
 server/internal/websocket/websocket.go     | 47 ++++++++++++----------
 4 files changed, 40 insertions(+), 26 deletions(-)

diff --git a/server/internal/config/websocket.go b/server/internal/config/websocket.go
index 653411e..377e141 100644
--- a/server/internal/config/websocket.go
+++ b/server/internal/config/websocket.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"path/filepath"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -73,4 +75,5 @@ func (s *WebSocket) Set() {
 	s.FileTransfer = viper.GetBool("file_transfer")
 	s.UnprivFileTransfer = viper.GetBool("unpriv_file_transfer")
 	s.FileTransferPath = viper.GetString("file_transfer_path")
+	s.FileTransferPath = filepath.Clean(s.FileTransferPath)
 }
diff --git a/server/internal/utils/files.go b/server/internal/utils/files.go
index 56c714d..d9f24db 100644
--- a/server/internal/utils/files.go
+++ b/server/internal/utils/files.go
@@ -6,7 +6,7 @@ import (
 	"m1k1o/neko/internal/types"
 )
 
-func ListFiles(path string) (*[]types.FileListItem, error) {
+func ListFiles(path string) ([]types.FileListItem, error) {
 	items, err := os.ReadDir(path)
 	if err != nil {
 		return nil, err
@@ -32,5 +32,5 @@ func ListFiles(path string) (*[]types.FileListItem, error) {
 		}
 	}
 
-	return &out, nil
+	return out, nil
 }
diff --git a/server/internal/websocket/handler/files.go b/server/internal/websocket/handler/files.go
index fb1d190..4ac85f5 100644
--- a/server/internal/websocket/handler/files.go
+++ b/server/internal/websocket/handler/files.go
@@ -10,9 +10,12 @@ import (
 
 func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *message.FileTransferStatus) error {
 	if !session.Admin() {
-		return errors.New(session.Member().Name + " tried to toggle file transfer but they're not admin")
+		h.logger.Debug().Msg("user not admin")
+		return nil
 	}
+
 	h.state.SetFileTransferState(payload.Admin, payload.Unpriv)
+
 	err := h.sessions.Broadcast(message.FileTransferStatus{
 		Event:  event.FILETRANSFER_STATUS,
 		Admin:  payload.Admin,
@@ -26,11 +29,13 @@ func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *m
 	if err != nil {
 		return err
 	}
+
 	msg := message.FileList{
 		Event: event.FILETRANSFER_LIST,
 		Cwd:   h.state.FileTransferPath(),
-		Files: *files,
+		Files: files,
 	}
+
 	if payload.Unpriv {
 		return h.sessions.Broadcast(msg, nil)
 	} else {
@@ -47,10 +52,11 @@ func (h *MessageHandler) refresh(session types.Session) error {
 	if err != nil {
 		return err
 	}
+
 	return session.Send(
 		message.FileList{
 			Event: event.FILETRANSFER_LIST,
 			Cwd:   h.state.FileTransferPath(),
-			Files: *files,
+			Files: files,
 		})
 }
diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go
index 022067a..96d6cd6 100644
--- a/server/internal/websocket/websocket.go
+++ b/server/internal/websocket/websocket.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"path/filepath"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -35,12 +36,9 @@ func New(sessions types.SessionManager, desktop types.DesktopManager, capture ty
 		logger.Info().Msgf("control locked on behalf of control protection")
 	}
 
-	if conf.FileTransferPath[len(conf.FileTransferPath)-1] != '/' {
-		conf.FileTransferPath += "/"
-	}
-	err := os.Mkdir(conf.FileTransferPath, 0755)
-	if err != nil && !os.IsExist(err) {
-		logger.Panic().Err(err).Msg("unable to create file transfer directory")
+	if _, err := os.Stat(conf.FileTransferPath); os.IsNotExist(err) {
+		err = os.Mkdir(conf.FileTransferPath, os.ModePerm)
+		logger.Err(err).Msg("creating file transfer directory")
 	}
 
 	// apply default locks
@@ -135,8 +133,7 @@ func (ws *WebSocketHandler) Start() {
 		}
 
 		// send file list if necessary
-		if session.Admin() && ws.state.FileTransferEnabled() ||
-			ws.state.FileTransferEnabled() && ws.state.UnprivFileTransferEnabled() {
+		if ws.state.FileTransferEnabled() && (session.Admin() || ws.state.UnprivFileTransferEnabled()) {
 			err := session.Send(
 				message.FileTransferStatus{
 					Event:  event.FILETRANSFER_STATUS,
@@ -154,7 +151,7 @@ func (ws *WebSocketHandler) Start() {
 					message.FileList{
 						Event: event.FILETRANSFER_LIST,
 						Cwd:   ws.conf.FileTransferPath,
-						Files: *files,
+						Files: files,
 					}); err != nil {
 					ws.logger.Warn().Err(err).Msg("file list event has failed")
 				}
@@ -235,8 +232,14 @@ func (ws *WebSocketHandler) Start() {
 	go func() {
 		for {
 			select {
-			case <-watcher.Events:
-				ws.sendFileTransferUpdate()
+			case e, ok := <-watcher.Events:
+				if !ok {
+					ws.logger.Info().Msg("file transfer dir watcher closed")
+					return
+				}
+				if e.Has(fsnotify.Create) || e.Has(fsnotify.Remove) || e.Has(fsnotify.Rename) {
+					ws.sendFileTransferUpdate()
+				}
 			case err := <-watcher.Errors:
 				ws.logger.Err(err).Msg("error in file transfer dir watcher")
 			}
@@ -378,15 +381,17 @@ func (ws *WebSocketHandler) CanTransferFiles(password string) (bool, error) {
 		return false, nil
 	}
 
-	if !ws.state.UnprivFileTransferEnabled() {
-		return ws.IsAdmin(password)
+	isAdmin, err := ws.IsAdmin(password)
+	if err != nil {
+		return false, err
 	}
 
-	return password == ws.conf.Password, nil
+	return isAdmin || ws.state.UnprivFileTransferEnabled(), nil
 }
 
 func (ws *WebSocketHandler) MakeFilePath(filename string) string {
-	return fmt.Sprintf("%s%s", ws.conf.FileTransferPath, filename)
+	cleanPath := filepath.Clean(filename)
+	return filepath.Join(ws.conf.FileTransferPath, cleanPath)
 }
 
 func (ws *WebSocketHandler) sendFileTransferUpdate() {
@@ -403,17 +408,17 @@ func (ws *WebSocketHandler) sendFileTransferUpdate() {
 	message := message.FileList{
 		Event: event.FILETRANSFER_LIST,
 		Cwd:   ws.conf.FileTransferPath,
-		Files: *files,
+		Files: files,
 	}
 
-	var broadcastErr error
 	if ws.state.UnprivFileTransferEnabled() {
-		broadcastErr = ws.sessions.Broadcast(message, nil)
+		err = ws.sessions.Broadcast(message, nil)
 	} else {
-		broadcastErr = ws.sessions.AdminBroadcast(message, nil)
+		err = ws.sessions.AdminBroadcast(message, nil)
 	}
-	if broadcastErr != nil {
-		ws.logger.Err(broadcastErr).Msg("unable to broadcast file list")
+
+	if err != nil {
+		ws.logger.Err(err).Msg("unable to broadcast file list")
 	}
 }
 

From d17a7e8d82e6f0cc29af81810825ba62f9496495 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 20:26:45 +0100
Subject: [PATCH 20/25] move filetransfer to locks.

---
 client/src/components/files.vue               |  12 +-
 client/src/components/header.vue              |  39 +++--
 client/src/components/settings.vue            |  30 ----
 client/src/components/side.vue                |  13 +-
 client/src/locale/de-de.ts                    |  10 +-
 client/src/locale/en-us.ts                    |  10 +-
 client/src/locale/es-sp.ts                    |  11 +-
 client/src/locale/fi-fi.ts                    |  11 +-
 client/src/locale/fr-fr.ts                    |  11 +-
 client/src/locale/ko-kr.ts                    |  11 +-
 client/src/locale/nb-no.ts                    |  11 +-
 client/src/locale/ru-ru.ts                    |  11 +-
 client/src/locale/sk-sk.ts                    |  11 +-
 client/src/locale/sv-se.ts                    |  11 +-
 client/src/locale/zh-cn.ts                    |  11 +-
 client/src/neko/events.ts                     |   6 +-
 client/src/neko/index.ts                      |  10 +-
 client/src/neko/messages.ts                   |  14 +-
 client/src/store/index.ts                     |  17 +-
 client/src/store/remote.ts                    |   5 +
 client/src/store/settings.ts                  |  27 ---
 server/internal/config/websocket.go           |  17 +-
 server/internal/http/http.go                  | 121 ++++++-------
 server/internal/types/event/events.go         |   1 -
 server/internal/types/message/messages.go     |  17 +-
 server/internal/types/websocket.go            |   5 +-
 server/internal/websocket/handler/admin.go    |   7 +-
 server/internal/websocket/handler/files.go    |  62 -------
 .../websocket/handler/filetransfer.go         |  42 +++++
 server/internal/websocket/handler/handler.go  |   8 +-
 server/internal/websocket/handler/session.go  |  12 +-
 server/internal/websocket/state/state.go      |  38 ++---
 server/internal/websocket/websocket.go        | 160 +++++++-----------
 33 files changed, 377 insertions(+), 405 deletions(-)
 delete mode 100644 server/internal/websocket/handler/files.go
 create mode 100644 server/internal/websocket/handler/filetransfer.go

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 84b34c8..58d4ddf 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -9,7 +9,7 @@
         <i :class="fileIcon(item)" />
         <p>{{ item.name }}</p>
         <p class="file-size">{{ fileSize(item.size) }}</p>
-        <i v-if="item.type !== 'dir'" class="fas fa-download download" @click="() => download(item)" />
+        <i v-if="item.type !== 'dir'" class="fas fa-download download" @click="download(item)" />
       </div>
     </div>
     <div class="transfer-area">
@@ -31,7 +31,7 @@
             ></i>
             <p>{{ download.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round((download.progress / download.size) * 100)) }}%</p>
-            <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(download)"></i>
+            <i class="fas fa-xmark remove-transfer" @click="removeTransfer(download)"></i>
           </div>
           <div v-if="download.status === 'failed'" class="transfer-error">{{ download.error }}</div>
           <progress
@@ -60,7 +60,7 @@
             ></i>
             <p>{{ upload.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round((upload.progress / upload.size) * 100)) }}%</p>
-            <i class="fas fa-xmark remove-transfer" @click="() => removeTransfer(upload)"></i>
+            <i class="fas fa-xmark remove-transfer" @click="removeTransfer(upload)"></i>
           </div>
           <div v-if="upload.status === 'failed'" class="transfer-error">{{ upload.error }}</div>
           <progress
@@ -75,8 +75,8 @@
       <div
         class="upload-area"
         :class="{ 'upload-area-drag': uploadAreaDrag }"
-        @dragover.prevent="() => (uploadAreaDrag = true)"
-        @dragleave.prevent="() => (uploadAreaDrag = false)"
+        @dragover.prevent="uploadAreaDrag = true"
+        @dragleave.prevent="uploadAreaDrag = false"
         @drop.prevent="(e) => upload(e.dataTransfer)"
         @click="openFileBrowser"
       >
@@ -322,6 +322,7 @@
         .get(url, {
           responseType: 'blob',
           signal: abortController.signal,
+          withCredentials: false,
           onDownloadProgress: (x) => {
             transfer.progress = x.loaded
 
@@ -380,6 +381,7 @@
         this.$http
           .post(url, formdata, {
             signal: abortController.signal,
+            withCredentials: false,
             onUploadProgress: (x: any) => {
               transfer.progress = x.loaded
 
diff --git a/client/src/components/header.vue b/client/src/components/header.vue
index 7db5e10..2f6506f 100644
--- a/client/src/components/header.vue
+++ b/client/src/components/header.vue
@@ -31,6 +31,19 @@
           }"
         />
       </li>
+      <li v-if="fileTransfer">
+        <i
+          :class="[{ disabled: !admin }, { locked: isLocked('file_transfer') }, 'fas', 'fa-file']"
+          @click="toggleLock('file_transfer')"
+          v-tooltip="{
+            content: lockedTooltip('file_transfer'),
+            placement: 'bottom',
+            offset: 5,
+            boundariesElement: 'body',
+            delay: { show: 300, hide: 100 },
+          }"
+        />
+      </li>
       <li>
         <span v-if="showBadge" class="badge">&bull;</span>
         <i class="fas fa-bars toggle" @click="toggleMenu" />
@@ -169,26 +182,24 @@
       return !this.side && this.readTexts != this.texts
     }
 
+    get fileTransfer() {
+      return this.$accessor.remote.fileTransfer
+    }
+
+    toggleLock(resource: AdminLockResource) {
+      this.$accessor.toggleLock(resource)
+    }
+
+    isLocked(resource: AdminLockResource): boolean {
+      return this.$accessor.isLocked(resource)
+    }
+
     readTexts: number = 0
     toggleMenu() {
       this.$accessor.client.toggleSide()
       this.readTexts = this.texts
     }
 
-    toggleLock(resource: AdminLockResource) {
-      if (!this.admin) return
-
-      if (this.isLocked(resource)) {
-        this.$accessor.unlock(resource)
-      } else {
-        this.$accessor.lock(resource)
-      }
-    }
-
-    isLocked(resource: AdminLockResource): boolean {
-      return resource in this.locked && this.locked[resource]
-    }
-
     lockedTooltip(resource: AdminLockResource) {
       if (this.admin) {
         return this.$t(`locks.${resource}.` + (this.isLocked(resource) ? `unlock` : `lock`))
diff --git a/client/src/components/settings.vue b/client/src/components/settings.vue
index 2535cb2..e6c991b 100644
--- a/client/src/components/settings.vue
+++ b/client/src/components/settings.vue
@@ -44,20 +44,6 @@
           <span />
         </label>
       </li>
-      <li v-if="admin">
-        <span>{{ $t('setting.file_transfer') }}</span>
-        <label class="switch">
-          <input type="checkbox" v-model="file_transfer" />
-          <span />
-        </label>
-      </li>
-      <li v-if="admin && file_transfer">
-        <span>{{ $t('setting.unpriv_file_transfer') }}</span>
-        <label class="switch">
-          <input type="checkbox" v-model="unpriv_file_transfer" />
-          <span />
-        </label>
-      </li>
       <li class="broadcast" v-if="admin">
         <div>
           <span>{{ $t('setting.broadcast_title') }}</span>
@@ -380,22 +366,6 @@
       return this.$accessor.settings.keyboard_layout
     }
 
-    get file_transfer() {
-      return this.$accessor.settings.file_transfer
-    }
-
-    set file_transfer(value: boolean) {
-      this.$accessor.settings.setRemoteFileTransferStatus({ admin: value, unpriv: false })
-    }
-
-    get unpriv_file_transfer() {
-      return this.$accessor.settings.unpriv_file_transfer
-    }
-
-    set unpriv_file_transfer(value: boolean) {
-      this.$accessor.settings.setRemoteFileTransferStatus({ admin: this.file_transfer, unpriv: value })
-    }
-
     get broadcast_is_active() {
       return this.$accessor.settings.broadcast_is_active
     }
diff --git a/client/src/components/side.vue b/client/src/components/side.vue
index 7404a98..33fcfe2 100644
--- a/client/src/components/side.vue
+++ b/client/src/components/side.vue
@@ -95,10 +95,7 @@
   })
   export default class extends Vue {
     get filetransferAllowed() {
-      return (
-        (this.$accessor.user.admin && this.$accessor.settings.file_transfer) ||
-        this.$accessor.settings.unpriv_file_transfer
-      )
+      return this.$accessor.remote.fileTransfer && (this.$accessor.user.admin || !this.$accessor.isLocked('file_transfer'))
     }
 
     get tab() {
@@ -106,6 +103,7 @@
     }
 
     @Watch('tab', { immediate: true })
+    @Watch('filetransferAllowed', { immediate: true })
     onTabChange() {
       // do not show the files tab if file transfer is disabled
       if (this.tab === 'files' && !this.filetransferAllowed) {
@@ -113,6 +111,13 @@
       }
     }
 
+    @Watch('filetransferAllowed')
+    onFileTransferAllowedChange() {
+      if (this.filetransferAllowed) {
+        this.$accessor.files.refresh()
+      }
+    }
+
     change(tab: string) {
       this.$accessor.client.setTab(tab)
     }
diff --git a/client/src/locale/de-de.ts b/client/src/locale/de-de.ts
index 7eac5b4..c163c6f 100644
--- a/client/src/locale/de-de.ts
+++ b/client/src/locale/de-de.ts
@@ -69,6 +69,14 @@ export const locks = {
     notif_locked: 'Raum gesperrt',
     notif_unlocked: 'Raum entsperrt',
   },
+  file_transfer: {
+    lock: 'Dateiübertragung sperren (für Nutzer)',
+    unlock: 'Dateiübertragung entsperren (für Nutzer)',
+    locked: 'Dateiübertragung gesperrt (für Nutzer)',
+    unlocked: 'Dateiübertragung entsperrt (für Nutzer)',
+    notif_locked: 'Dateiübertragung gesperrt',
+    notif_unlocked: 'Dateiübertragung entsperrt',
+  },
 }
 
 export const setting = {
@@ -78,8 +86,6 @@ export const setting = {
   ignore_emotes: 'Emotes ignorieren',
   chat_sound: 'Chat-Sound abspielen',
   keyboard_layout: 'Tastaturbelegung',
-  file_transfer: 'Dateiübertragung',
-  unpriv_file_transfer: 'Übertragung von Benutzerdateien',
   broadcast_title: 'Live-Übertragung',
 }
 
diff --git a/client/src/locale/en-us.ts b/client/src/locale/en-us.ts
index db9dfe8..edc7f2b 100644
--- a/client/src/locale/en-us.ts
+++ b/client/src/locale/en-us.ts
@@ -71,6 +71,14 @@ export const locks = {
     notif_locked: 'locked the room',
     notif_unlocked: 'unlocked the room',
   },
+  file_transfer: {
+    lock: 'Lock File Transfer (for users)',
+    unlock: 'Unlock File Transfer (for users)',
+    locked: 'File Transfer Locked (for users)',
+    unlocked: 'File Transfer Unlocked (for users)',
+    notif_locked: 'locked file transfer',
+    notif_unlocked: 'unlocked file transfer',
+  },
 }
 
 export const setting = {
@@ -80,8 +88,6 @@ export const setting = {
   ignore_emotes: 'Ignore Emotes',
   chat_sound: 'Play Chat Sound',
   keyboard_layout: 'Keyboard Layout',
-  file_transfer: 'File Transfer',
-  unpriv_file_transfer: 'Non-admin File Transfer',
   broadcast_title: 'Live Broadcast',
 }
 
diff --git a/client/src/locale/es-sp.ts b/client/src/locale/es-sp.ts
index 0aecc12..d8bf6b9 100644
--- a/client/src/locale/es-sp.ts
+++ b/client/src/locale/es-sp.ts
@@ -75,6 +75,15 @@ export const locks = {
     notif_locked: 'bloqueó la sala',
     notif_unlocked: 'desbloqueó la sala',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -84,8 +93,6 @@ export const setting = {
   ignore_emotes: 'Ignorar Emotes',
   chat_sound: 'Reproducir Sonidos Chat',
   keyboard_layout: 'Keyboard Layout',
-  file_transfer: 'Transferencia de archivos',
-  unpriv_file_transfer: 'Transferencia de archivos de usuario',
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
diff --git a/client/src/locale/fi-fi.ts b/client/src/locale/fi-fi.ts
index a63eb90..105cbf2 100644
--- a/client/src/locale/fi-fi.ts
+++ b/client/src/locale/fi-fi.ts
@@ -71,6 +71,15 @@ export const locks = {
     notif_locked: 'lukittu huone',
     notif_unlocked: 'vapautettu huone',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -80,8 +89,6 @@ export const setting = {
   ignore_emotes: 'Estä emojit',
   chat_sound: 'Soita viesti ääni',
   keyboard_layout: 'Näppäimistöasettelu',
-  file_transfer: 'Tiedoston siirto',
-  unpriv_file_transfer: 'Käyttäjän tiedostojen siirto',
   broadcast_title: 'Suora Lähetys',
 }
 
diff --git a/client/src/locale/fr-fr.ts b/client/src/locale/fr-fr.ts
index 7481dc3..67d49ea 100644
--- a/client/src/locale/fr-fr.ts
+++ b/client/src/locale/fr-fr.ts
@@ -75,6 +75,15 @@ export const locks = {
     notif_locked: 'a vérouillé la salle',
     notif_unlocked: 'a dévérouillé la salle',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -84,8 +93,6 @@ export const setting = {
   ignore_emotes: 'Ignorer les Emotes',
   chat_sound: 'Jouer le son du tchat',
   keyboard_layout: 'Langue du clavier',
-  file_transfer: 'Transfert de fichiers',
-  unpriv_file_transfer: "Transfert de fichiers d'utilisateurs",
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
diff --git a/client/src/locale/ko-kr.ts b/client/src/locale/ko-kr.ts
index 10e6a02..d4fd19f 100644
--- a/client/src/locale/ko-kr.ts
+++ b/client/src/locale/ko-kr.ts
@@ -69,6 +69,15 @@ export const locks = {
     notif_locked: '방이 잠겼습니다',
     notif_unlocked: '방 잠금이 해제됐습니다',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -78,8 +87,6 @@ export const setting = {
   ignore_emotes: '이모지 무시',
   chat_sound: '채팅 소리 재생',
   keyboard_layout: '키보드 레이아웃',
-  file_transfer: '파일 전송',
-  unpriv_file_transfer: '사용자 파일 전송',
   broadcast_title: '실시간 방송',
 }
 
diff --git a/client/src/locale/nb-no.ts b/client/src/locale/nb-no.ts
index 6366784..ec3c969 100644
--- a/client/src/locale/nb-no.ts
+++ b/client/src/locale/nb-no.ts
@@ -75,6 +75,15 @@ export const locks = {
     notif_locked: 'låste rommet',
     notif_unlocked: 'låste opp rommet',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -84,8 +93,6 @@ export const setting = {
   ignore_emotes: 'Ignorer smilefjes',
   chat_sound: 'Sludringslyd',
   keyboard_layout: 'Tastaturoppsett',
-  file_transfer: 'Filoverførsel',
-  unpriv_file_transfer: 'Overførsel af brugerfiler',
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
diff --git a/client/src/locale/ru-ru.ts b/client/src/locale/ru-ru.ts
index faa8ea1..cfb3a63 100644
--- a/client/src/locale/ru-ru.ts
+++ b/client/src/locale/ru-ru.ts
@@ -71,6 +71,15 @@ export const locks = {
     notif_locked: 'комната закрыта',
     notif_unlocked: 'комната открыта',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -80,8 +89,6 @@ export const setting = {
   ignore_emotes: 'Игнорировать эмоции',
   chat_sound: 'Проигрывать звук чата',
   keyboard_layout: 'Раскладка клавиатуры',
-  file_transfer: 'Передача файлов',
-  unpriv_file_transfer: 'Передача файлов пользователей',
   broadcast_title: 'Прямой эфир',
 }
 
diff --git a/client/src/locale/sk-sk.ts b/client/src/locale/sk-sk.ts
index f5cf9f8..5176dae 100644
--- a/client/src/locale/sk-sk.ts
+++ b/client/src/locale/sk-sk.ts
@@ -74,6 +74,15 @@ export const locks = {
     notif_locked: 'miestnosť bola zamknutá',
     notif_unlocked: 'miestnosť bola odomknutá',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -83,8 +92,6 @@ export const setting = {
   ignore_emotes: 'Ignorovať smajlíky',
   chat_sound: 'Prehrávať zvuky chatu',
   keyboard_layout: 'Rozloženie klávesnice',
-  file_transfer: 'Prenos súborov',
-  unpriv_file_transfer: 'Prenos súborov používateľa',
   broadcast_title: 'Živé vysielanie',
 }
 
diff --git a/client/src/locale/sv-se.ts b/client/src/locale/sv-se.ts
index 3ea55e3..f65cd4d 100644
--- a/client/src/locale/sv-se.ts
+++ b/client/src/locale/sv-se.ts
@@ -75,6 +75,15 @@ export const locks = {
     notif_locked: 'låste rummet',
     notif_unlocked: 'låste upp rummet',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -84,8 +93,6 @@ export const setting = {
   ignore_emotes: 'Ignorera Emotes',
   chat_sound: 'Spela Chatt Ljud',
   keyboard_layout: 'Tangentbordslayout',
-  file_transfer: 'Överföring av filer',
-  unpriv_file_transfer: 'Överföring av användarfiler',
   // TODO
   //broadcast_title: 'Live Broadcast',
 }
diff --git a/client/src/locale/zh-cn.ts b/client/src/locale/zh-cn.ts
index b709d63..7737f1d 100644
--- a/client/src/locale/zh-cn.ts
+++ b/client/src/locale/zh-cn.ts
@@ -71,6 +71,15 @@ export const locks = {
     notif_locked: '锁上房间',
     notif_unlocked: '解锁房间',
   },
+  // TODO
+  //file_transfer: {
+  //  lock: 'Lock File Transfer (for users)',
+  //  unlock: 'Unlock File Transfer (for users)',
+  //  locked: 'File Transfer Locked (for users)',
+  //  unlocked: 'File Transfer Unlocked (for users)',
+  //  notif_locked: 'locked file transfer',
+  //  notif_unlocked: 'unlocked file transfer',
+  //},
 }
 
 export const setting = {
@@ -80,8 +89,6 @@ export const setting = {
   ignore_emotes: '忽略表情符号',
   chat_sound: '播放聊天声音',
   keyboard_layout: '键盘布局',
-  file_transfer: '文件传输',
-  unpriv_file_transfer: '用户文件传输',
   broadcast_title: '现场流媒体',
 }
 
diff --git a/client/src/neko/events.ts b/client/src/neko/events.ts
index 8dfdbd8..5deb010 100644
--- a/client/src/neko/events.ts
+++ b/client/src/neko/events.ts
@@ -39,7 +39,6 @@ export const EVENT = {
     EMOTE: 'chat/emote',
   },
   FILETRANSFER: {
-    STATUS: 'filetransfer/status',
     LIST: 'filetransfer/list',
     REFRESH: 'filetransfer/refresh',
   },
@@ -98,10 +97,7 @@ export type SignalEvents =
 
 export type ChatEvents = typeof EVENT.CHAT.MESSAGE | typeof EVENT.CHAT.EMOTE
 
-export type FileTransferEvents =
-  | typeof EVENT.FILETRANSFER.STATUS
-  | typeof EVENT.FILETRANSFER.LIST
-  | typeof EVENT.FILETRANSFER.REFRESH
+export type FileTransferEvents = typeof EVENT.FILETRANSFER.LIST | typeof EVENT.FILETRANSFER.REFRESH
 
 export type ScreenEvents = typeof EVENT.SCREEN.CONFIGURATIONS | typeof EVENT.SCREEN.RESOLUTION | typeof EVENT.SCREEN.SET
 
diff --git a/client/src/neko/index.ts b/client/src/neko/index.ts
index eefa6d6..777520e 100644
--- a/client/src/neko/index.ts
+++ b/client/src/neko/index.ts
@@ -25,7 +25,6 @@ import {
   SystemInitPayload,
   AdminLockResource,
   FileTransferListPayload,
-  FileTransferStatusPayload,
 } from './messages'
 
 interface NekoEvents extends BaseEvents {}
@@ -135,8 +134,9 @@ export class NekoClient extends BaseClient implements EventEmitter<NekoEvents> {
   /////////////////////////////
   // System Events
   /////////////////////////////
-  protected [EVENT.SYSTEM.INIT]({ implicit_hosting, locks }: SystemInitPayload) {
+  protected [EVENT.SYSTEM.INIT]({ implicit_hosting, locks, file_transfer }: SystemInitPayload) {
     this.$accessor.remote.setImplicitHosting(implicit_hosting)
+    this.$accessor.remote.setFileTransfer(file_transfer)
 
     for (const resource in locks) {
       this[EVENT.ADMIN.LOCK]({
@@ -354,12 +354,8 @@ export class NekoClient extends BaseClient implements EventEmitter<NekoEvents> {
   }
 
   /////////////////////////////
-  // Filetransfer Events
+  // File Transfer Events
   /////////////////////////////
-  protected [EVENT.FILETRANSFER.STATUS]({ admin, unpriv }: FileTransferStatusPayload) {
-    this.$accessor.settings.setLocalFileTransferStatus({ admin, unpriv })
-  }
-
   protected [EVENT.FILETRANSFER.LIST]({ cwd, files }: FileTransferListPayload) {
     this.$accessor.files.setCwd(cwd)
     this.$accessor.files.setFileList(files)
diff --git a/client/src/neko/messages.ts b/client/src/neko/messages.ts
index 4e179ac..54d1cb1 100644
--- a/client/src/neko/messages.ts
+++ b/client/src/neko/messages.ts
@@ -39,7 +39,6 @@ export type WebSocketPayloads =
   | ChatPayload
   | ChatSendPayload
   | EmojiSendPayload
-  | FileTransferStatusPayload
   | ScreenResolutionPayload
   | ScreenConfigurationsPayload
   | AdminPayload
@@ -61,6 +60,7 @@ export interface SystemInit extends WebSocketMessage, SystemInitPayload {
 export interface SystemInitPayload {
   implicit_hosting: boolean
   locks: Record<string, string>
+  file_transfer: boolean
 }
 
 // system/disconnect
@@ -197,16 +197,6 @@ export interface EmojiSendPayload {
 /*
   FILE TRANSFER PAYLOADS
 */
-export interface FileTransferStatusMessage extends WebSocketMessage, FileTransferStatusPayload {
-  event: typeof EVENT.FILETRANSFER.STATUS
-}
-
-export interface FileTransferStatusPayload {
-  admin: boolean
-  unpriv: boolean
-}
-
-// file transfer list
 export interface FileTransferListMessage extends WebSocketMessage, FileTransferListPayload {
   event: FileTransferEvents
 }
@@ -272,7 +262,7 @@ export interface AdminLockMessage extends WebSocketMessage, AdminLockPayload {
   id: string
 }
 
-export type AdminLockResource = 'login' | 'control'
+export type AdminLockResource = 'login' | 'control' | 'file_transfer'
 
 export interface AdminLockPayload {
   resource: AdminLockResource
diff --git a/client/src/store/index.ts b/client/src/store/index.ts
index 11bafe2..662b005 100644
--- a/client/src/store/index.ts
+++ b/client/src/store/index.ts
@@ -1,6 +1,6 @@
 import Vue from 'vue'
 import Vuex from 'vuex'
-import { useAccessor, mutationTree, actionTree } from 'typed-vuex'
+import { useAccessor, mutationTree, getterTree, actionTree } from 'typed-vuex'
 import { EVENT } from '~/neko/events'
 import { AdminLockResource } from '~/neko/messages'
 import { get, set } from '~/utils/localstorage'
@@ -56,8 +56,12 @@ export const mutations = mutationTree(state, {
   },
 })
 
+export const getters = getterTree(state, {
+  isLocked: (state) => (resource: AdminLockResource) => resource in state.locked && state.locked[resource],
+})
+
 export const actions = actionTree(
-  { state, mutations },
+  { state, getters, mutations },
   {
     initialise(store) {
       accessor.emoji.initialise()
@@ -80,6 +84,14 @@ export const actions = actionTree(
       $client.sendMessage(EVENT.ADMIN.UNLOCK, { resource })
     },
 
+    toggleLock(_, resource: AdminLockResource) {
+      if (accessor.isLocked(resource)) {
+        accessor.unlock(resource)
+      } else {
+        accessor.lock(resource)
+      }
+    },
+
     login({ state }, { displayname, password }: { displayname: string; password: string }) {
       accessor.setLogin({ displayname, password })
       $client.login(password, displayname)
@@ -98,6 +110,7 @@ export const storePattern = {
   state,
   mutations,
   actions,
+  getters,
   modules: { video, chat, files, user, remote, settings, client, emoji },
 }
 
diff --git a/client/src/store/remote.ts b/client/src/store/remote.ts
index c6834f7..ff99e1c 100644
--- a/client/src/store/remote.ts
+++ b/client/src/store/remote.ts
@@ -13,6 +13,7 @@ export const state = () => ({
   clipboard: '',
   locked: false,
   implicitHosting: true,
+  fileTransfer: true,
   keyboardModifierState: -1,
 })
 
@@ -53,6 +54,10 @@ export const mutations = mutationTree(state, {
     state.implicitHosting = val
   },
 
+  setFileTransfer(state, val: boolean) {
+    state.fileTransfer = val
+  },
+
   reset(state) {
     state.id = ''
     state.clipboard = ''
diff --git a/client/src/store/settings.ts b/client/src/store/settings.ts
index 8b41112..3d99fad 100644
--- a/client/src/store/settings.ts
+++ b/client/src/store/settings.ts
@@ -20,9 +20,6 @@ export const state = () => {
 
     keyboard_layouts_list: {} as KeyboardLayouts,
 
-    file_transfer: false,
-    unpriv_file_transfer: false,
-
     broadcast_is_active: false,
     broadcast_url: '',
   }
@@ -61,14 +58,6 @@ export const mutations = mutationTree(state, {
     set('keyboard_layout', value)
   },
 
-  setFileTransfer(state, value: boolean) {
-    state.file_transfer = value
-  },
-
-  setUnprivFileTransfer(state, value: boolean) {
-    state.unpriv_file_transfer = value
-  },
-
   setKeyboardLayoutsList(state, value: KeyboardLayouts) {
     state.keyboard_layouts_list = value
   },
@@ -90,22 +79,6 @@ export const actions = actionTree(
       }
     },
 
-    setLocalFileTransferStatus({ getters }, { admin, unpriv }) {
-      accessor.settings.setFileTransfer(admin)
-      accessor.settings.setUnprivFileTransfer(unpriv)
-
-      if (!admin || (!accessor.user.admin && !unpriv)) {
-        accessor.files.cancelAllTransfers()
-      }
-
-      if (accessor.client.tab === 'files' && !unpriv) {
-        accessor.client.setTab('chat')
-      }
-    },
-    setRemoteFileTransferStatus({ getters }, { admin, unpriv }) {
-      $client.sendMessage(EVENT.FILETRANSFER.STATUS, { admin, unpriv })
-    },
-
     broadcastStatus({ getters }, { url, isActive }) {
       accessor.settings.setBroadcastStatus({ url, isActive })
     },
diff --git a/server/internal/config/websocket.go b/server/internal/config/websocket.go
index 377e141..163d9ec 100644
--- a/server/internal/config/websocket.go
+++ b/server/internal/config/websocket.go
@@ -15,9 +15,8 @@ type WebSocket struct {
 
 	ControlProtection bool
 
-	FileTransfer       bool
-	UnprivFileTransfer bool
-	FileTransferPath   string
+	FileTransferEnabled bool
+	FileTransferPath    string
 }
 
 func (WebSocket) Init(cmd *cobra.Command) error {
@@ -46,13 +45,10 @@ func (WebSocket) Init(cmd *cobra.Command) error {
 		return err
 	}
 
-	cmd.PersistentFlags().Bool("file_transfer", false, "allow file transfer for admins")
-	if err := viper.BindPFlag("file_transfer", cmd.PersistentFlags().Lookup("file_transfer")); err != nil {
-		return err
-	}
+	// File transfer
 
-	cmd.PersistentFlags().Bool("unpriv_file_transfer", false, "allow file transfer for non admins")
-	if err := viper.BindPFlag("unpriv_file_transfer", cmd.PersistentFlags().Lookup("unpriv_file_transfer")); err != nil {
+	cmd.PersistentFlags().Bool("file_transfer_enabled", true, "enable file transfer feature")
+	if err := viper.BindPFlag("file_transfer_enabled", cmd.PersistentFlags().Lookup("file_transfer_enabled")); err != nil {
 		return err
 	}
 
@@ -72,8 +68,7 @@ func (s *WebSocket) Set() {
 
 	s.ControlProtection = viper.GetBool("control_protection")
 
-	s.FileTransfer = viper.GetBool("file_transfer")
-	s.UnprivFileTransfer = viper.GetBool("unpriv_file_transfer")
+	s.FileTransferEnabled = viper.GetBool("file_transfer_enabled")
 	s.FileTransferPath = viper.GetString("file_transfer_path")
 	s.FileTransferPath = filepath.Clean(s.FileTransferPath)
 }
diff --git a/server/internal/http/http.go b/server/internal/http/http.go
index 9b8a237..bf75d10 100644
--- a/server/internal/http/http.go
+++ b/server/internal/http/http.go
@@ -105,70 +105,77 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t
 		}
 	})
 
-	router.Get("/file", func(w http.ResponseWriter, r *http.Request) {
-		password := r.URL.Query().Get("pwd")
-		isAuthorized, err := webSocketHandler.CanTransferFiles(password)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusForbidden)
-			return
-		}
-
-		if !isAuthorized {
-			http.Error(w, "bad authorization", http.StatusUnauthorized)
-			return
-		}
-
-		filename := r.URL.Query().Get("filename")
-		badChars, _ := regexp.MatchString(`(?m)\.\.(?:\/|$)`, filename)
-		if filename == "" || badChars {
-			http.Error(w, "bad filename", http.StatusBadRequest)
-			return
-		}
-
-		path := webSocketHandler.MakeFilePath(filename)
-		f, err := os.Open(path)
-		if err != nil {
-			http.Error(w, "not found or unable to open", http.StatusNotFound)
-			return
-		}
-		defer f.Close()
-
-		w.Header().Set("Content-Type", "application/octet-stream")
-		w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filename))
-		io.Copy(w, f)
-	})
-
-	router.Post("/file", func(w http.ResponseWriter, r *http.Request) {
-		password := r.URL.Query().Get("pwd")
-		isAuthorized, err := webSocketHandler.CanTransferFiles(password)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusForbidden)
-			return
-		}
-
-		if !isAuthorized {
-			http.Error(w, "bad authorization", http.StatusUnauthorized)
-			return
-		}
-
-		r.ParseMultipartForm(32 << 20)
-		for _, formheader := range r.MultipartForm.File["files"] {
-			formfile, err := formheader.Open()
+	// allow downloading and uploading files
+	if webSocketHandler.FileTransferEnabled() {
+		router.Get("/file", func(w http.ResponseWriter, r *http.Request) {
+			password := r.URL.Query().Get("pwd")
+			isAuthorized, err := webSocketHandler.CanTransferFiles(password)
 			if err != nil {
-				logger.Warn().Err(err).Msg("failed to open formdata file")
-				http.Error(w, "error writing file", http.StatusInternalServerError)
+				http.Error(w, err.Error(), http.StatusForbidden)
 				return
 			}
-			defer formfile.Close()
-			f, err := os.OpenFile(webSocketHandler.MakeFilePath(formheader.Filename), os.O_WRONLY|os.O_CREATE, 0644)
+
+			if !isAuthorized {
+				http.Error(w, "bad authorization", http.StatusUnauthorized)
+				return
+			}
+
+			filename := r.URL.Query().Get("filename")
+			badChars, _ := regexp.MatchString(`(?m)\.\.(?:\/|$)`, filename)
+			if filename == "" || badChars {
+				http.Error(w, "bad filename", http.StatusBadRequest)
+				return
+			}
+
+			filePath := webSocketHandler.FileTransferPath(filename)
+			f, err := os.Open(filePath)
 			if err != nil {
-				http.Error(w, "unable to open file for writing", http.StatusInternalServerError)
+				http.Error(w, "not found or unable to open", http.StatusNotFound)
 				return
 			}
 			defer f.Close()
-			io.Copy(f, formfile)
-		}
-	})
+
+			w.Header().Set("Content-Type", "application/octet-stream")
+			w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%q", filename))
+			io.Copy(w, f)
+		})
+
+		router.Post("/file", func(w http.ResponseWriter, r *http.Request) {
+			password := r.URL.Query().Get("pwd")
+			isAuthorized, err := webSocketHandler.CanTransferFiles(password)
+			if err != nil {
+				http.Error(w, err.Error(), http.StatusForbidden)
+				return
+			}
+
+			if !isAuthorized {
+				http.Error(w, "bad authorization", http.StatusUnauthorized)
+				return
+			}
+
+			r.ParseMultipartForm(32 << 20)
+			for _, formheader := range r.MultipartForm.File["files"] {
+				filePath := webSocketHandler.FileTransferPath(formheader.Filename)
+
+				formfile, err := formheader.Open()
+				if err != nil {
+					logger.Warn().Err(err).Msg("failed to open formdata file")
+					http.Error(w, "error writing file", http.StatusInternalServerError)
+					return
+				}
+				defer formfile.Close()
+
+				f, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE, 0644)
+				if err != nil {
+					http.Error(w, "unable to open file for writing", http.StatusInternalServerError)
+					return
+				}
+				defer f.Close()
+
+				io.Copy(f, formfile)
+			}
+		})
+	}
 
 	router.Get("/health", func(w http.ResponseWriter, r *http.Request) {
 		_, _ = w.Write([]byte("true"))
diff --git a/server/internal/types/event/events.go b/server/internal/types/event/events.go
index 4b6b047..a091ab6 100644
--- a/server/internal/types/event/events.go
+++ b/server/internal/types/event/events.go
@@ -35,7 +35,6 @@ const (
 )
 
 const (
-	FILETRANSFER_STATUS  = "filetransfer/status"
 	FILETRANSFER_LIST    = "filetransfer/list"
 	FILETRANSFER_REFRESH = "filetransfer/refresh"
 )
diff --git a/server/internal/types/message/messages.go b/server/internal/types/message/messages.go
index 27a83d6..89552b7 100644
--- a/server/internal/types/message/messages.go
+++ b/server/internal/types/message/messages.go
@@ -14,6 +14,7 @@ type SystemInit struct {
 	Event           string            `json:"event"`
 	ImplicitHosting bool              `json:"implicit_hosting"`
 	Locks           map[string]string `json:"locks"`
+	FileTransfer    bool              `json:"file_transfer"`
 }
 
 type SystemMessage struct {
@@ -47,8 +48,8 @@ type SignalCandidate struct {
 }
 
 type MembersList struct {
-	Event    string          `json:"event"`
-	Memebers []*types.Member `json:"members"`
+	Event   string          `json:"event"`
+	Members []*types.Member `json:"members"`
 }
 
 type Member struct {
@@ -106,17 +107,7 @@ type EmoteSend struct {
 	Emote string `json:"emote"`
 }
 
-type FileTransferTarget struct {
-	Event string `json:"event"`
-}
-
-type FileTransferStatus struct {
-	Event  string `json:"event"`
-	Admin  bool   `json:"admin"`
-	Unpriv bool   `json:"unpriv"`
-}
-
-type FileList struct {
+type FileTransferList struct {
 	Event string               `json:"event"`
 	Cwd   string               `json:"cwd"`
 	Files []types.FileListItem `json:"files"`
diff --git a/server/internal/types/websocket.go b/server/internal/types/websocket.go
index cb80fcc..15b684c 100644
--- a/server/internal/types/websocket.go
+++ b/server/internal/types/websocket.go
@@ -34,8 +34,11 @@ type WebSocketHandler interface {
 	Stats() Stats
 	IsLocked(resource string) bool
 	IsAdmin(password string) (bool, error)
+
+	// File Transfer
 	CanTransferFiles(password string) (bool, error)
-	MakeFilePath(filename string) string
+	FileTransferPath(filename string) string
+	FileTransferEnabled() bool
 }
 
 type FileListItem struct {
diff --git a/server/internal/websocket/handler/admin.go b/server/internal/websocket/handler/admin.go
index 7b9f1ee..6fb1ede 100644
--- a/server/internal/websocket/handler/admin.go
+++ b/server/internal/websocket/handler/admin.go
@@ -19,7 +19,12 @@ func (h *MessageHandler) adminLock(id string, session types.Session, payload *me
 		return nil
 	}
 
-	if payload.Resource != "login" && payload.Resource != "control" {
+	// allow only known resources
+	switch payload.Resource {
+	case "login":
+	case "control":
+	case "file_transfer":
+	default:
 		h.logger.Debug().Msg("unknown lock resource")
 		return nil
 	}
diff --git a/server/internal/websocket/handler/files.go b/server/internal/websocket/handler/files.go
deleted file mode 100644
index 4ac85f5..0000000
--- a/server/internal/websocket/handler/files.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package handler
-
-import (
-	"errors"
-	"m1k1o/neko/internal/types"
-	"m1k1o/neko/internal/types/event"
-	"m1k1o/neko/internal/types/message"
-	"m1k1o/neko/internal/utils"
-)
-
-func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *message.FileTransferStatus) error {
-	if !session.Admin() {
-		h.logger.Debug().Msg("user not admin")
-		return nil
-	}
-
-	h.state.SetFileTransferState(payload.Admin, payload.Unpriv)
-
-	err := h.sessions.Broadcast(message.FileTransferStatus{
-		Event:  event.FILETRANSFER_STATUS,
-		Admin:  payload.Admin,
-		Unpriv: payload.Admin && payload.Unpriv,
-	}, nil)
-	if err != nil {
-		return err
-	}
-
-	files, err := utils.ListFiles(h.state.FileTransferPath())
-	if err != nil {
-		return err
-	}
-
-	msg := message.FileList{
-		Event: event.FILETRANSFER_LIST,
-		Cwd:   h.state.FileTransferPath(),
-		Files: files,
-	}
-
-	if payload.Unpriv {
-		return h.sessions.Broadcast(msg, nil)
-	} else {
-		return h.sessions.AdminBroadcast(msg, nil)
-	}
-}
-
-func (h *MessageHandler) refresh(session types.Session) error {
-	if !(h.state.FileTransferEnabled() && session.Admin() || h.state.UnprivFileTransferEnabled()) {
-		return errors.New(session.Member().Name + " tried to refresh file list when they can't")
-	}
-
-	files, err := utils.ListFiles(h.state.FileTransferPath())
-	if err != nil {
-		return err
-	}
-
-	return session.Send(
-		message.FileList{
-			Event: event.FILETRANSFER_LIST,
-			Cwd:   h.state.FileTransferPath(),
-			Files: files,
-		})
-}
diff --git a/server/internal/websocket/handler/filetransfer.go b/server/internal/websocket/handler/filetransfer.go
new file mode 100644
index 0000000..3ceb4d2
--- /dev/null
+++ b/server/internal/websocket/handler/filetransfer.go
@@ -0,0 +1,42 @@
+package handler
+
+import (
+	"m1k1o/neko/internal/types"
+	"m1k1o/neko/internal/types/event"
+	"m1k1o/neko/internal/types/message"
+	"m1k1o/neko/internal/utils"
+)
+
+func (h *MessageHandler) FileTransferRefresh(session types.Session) error {
+	fileTransferPath := h.state.FileTransferPath("") // root
+
+	// allow users only if file transfer is not locked
+	if session != nil && !(session.Admin() || !h.state.IsLocked("file_transfer")) {
+		h.logger.Debug().Msg("file transfer is locked for users")
+		return nil
+	}
+
+	files, err := utils.ListFiles(fileTransferPath)
+	if err != nil {
+		return err
+	}
+
+	message := message.FileTransferList{
+		Event: event.FILETRANSFER_LIST,
+		Cwd:   fileTransferPath,
+		Files: files,
+	}
+
+	// send to just one user
+	if session != nil {
+		return session.Send(message)
+	}
+
+	// broadcast to all admins
+	if h.state.IsLocked("file_transfer") {
+		return h.sessions.AdminBroadcast(message, nil)
+	}
+
+	// broadcast to all users
+	return h.sessions.Broadcast(message, nil)
+}
diff --git a/server/internal/websocket/handler/handler.go b/server/internal/websocket/handler/handler.go
index 985f027..039ba49 100644
--- a/server/internal/websocket/handler/handler.go
+++ b/server/internal/websocket/handler/handler.go
@@ -127,14 +127,8 @@ func (h *MessageHandler) Message(id string, raw []byte) error {
 			}), "%s failed", header.Event)
 
 	// File Transfer Events
-	case event.FILETRANSFER_STATUS:
-		payload := &message.FileTransferStatus{}
-		return errors.Wrapf(
-			utils.Unmarshal(payload, raw, func() error {
-				return h.setFileTransferStatus(session, payload)
-			}), "%s failed", header.Event)
 	case event.FILETRANSFER_REFRESH:
-		return errors.Wrapf(h.refresh(session), "%s failed", header.Event)
+		return errors.Wrapf(h.FileTransferRefresh(session), "%s failed", header.Event)
 
 	// Screen Events
 	case event.SCREEN_RESOLUTION:
diff --git a/server/internal/websocket/handler/session.go b/server/internal/websocket/handler/session.go
index 33a03a3..da2b1bd 100644
--- a/server/internal/websocket/handler/session.go
+++ b/server/internal/websocket/handler/session.go
@@ -17,6 +17,7 @@ func (h *MessageHandler) SessionCreated(id string, session types.Session) error
 		Event:           event.SYSTEM_INIT,
 		ImplicitHosting: h.webrtc.ImplicitControl(),
 		Locks:           h.state.AllLocked(),
+		FileTransfer:    h.state.FileTransferEnabled(),
 	}); err != nil {
 		h.logger.Warn().Str("id", id).Err(err).Msgf("sending event %s has failed", event.SYSTEM_INIT)
 		return err
@@ -34,14 +35,21 @@ func (h *MessageHandler) SessionCreated(id string, session types.Session) error
 		}
 	}
 
+	// send file list if file transfer is enabled
+	if h.state.FileTransferEnabled() && (session.Admin() || !h.state.IsLocked("file_transfer")) {
+		if err := h.FileTransferRefresh(session); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
 func (h *MessageHandler) SessionConnected(id string, session types.Session) error {
 	// send list of members to session
 	if err := session.Send(message.MembersList{
-		Event:    event.MEMBER_LIST,
-		Memebers: h.sessions.Members(),
+		Event:   event.MEMBER_LIST,
+		Members: h.sessions.Members(),
 	}); err != nil {
 		h.logger.Warn().Str("id", id).Err(err).Msgf("sending event %s has failed", event.MEMBER_LIST)
 		return err
diff --git a/server/internal/websocket/state/state.go b/server/internal/websocket/state/state.go
index 3eba130..a348c19 100644
--- a/server/internal/websocket/state/state.go
+++ b/server/internal/websocket/state/state.go
@@ -1,22 +1,22 @@
 package state
 
+import "path/filepath"
+
 type State struct {
 	banned map[string]string // IP -> session ID (that banned it)
 	locked map[string]string // resource name -> session ID (that locked it)
 
-	fileTransferEnabled       bool   // admins can transfer files
-	fileTransferUnprivEnabled bool   // all users can transfer files
-	fileTransferPath          string // path where files are located
+	fileTransferEnabled bool
+	fileTransferPath    string // path where files are located
 }
 
-func New(fileTransferEnabled bool, fileTransferUnprivEnabled bool, fileTransferPath string) *State {
+func New(fileTransferEnabled bool, fileTransferPath string) *State {
 	return &State{
 		banned: make(map[string]string),
 		locked: make(map[string]string),
 
-		fileTransferEnabled:       fileTransferEnabled,
-		fileTransferUnprivEnabled: fileTransferUnprivEnabled,
-		fileTransferPath:          fileTransferPath,
+		fileTransferEnabled: fileTransferEnabled,
+		fileTransferPath:    fileTransferPath,
 	}
 }
 
@@ -68,21 +68,17 @@ func (s *State) AllLocked() map[string]string {
 	return s.locked
 }
 
-// File Transfer
+// File transfer
+
+func (s *State) FileTransferPath(filename string) string {
+	if filename == "" {
+		return s.fileTransferPath
+	}
+
+	cleanPath := filepath.Clean(filename)
+	return filepath.Join(s.fileTransferPath, cleanPath)
+}
 
 func (s *State) FileTransferEnabled() bool {
 	return s.fileTransferEnabled
 }
-
-func (s *State) UnprivFileTransferEnabled() bool {
-	return s.fileTransferUnprivEnabled
-}
-
-func (s *State) SetFileTransferState(admin bool, unpriv bool) {
-	s.fileTransferEnabled = admin
-	s.fileTransferUnprivEnabled = unpriv
-}
-
-func (s *State) FileTransferPath() string {
-	return s.fileTransferPath
-}
diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go
index 96d6cd6..6d28ab1 100644
--- a/server/internal/websocket/websocket.go
+++ b/server/internal/websocket/websocket.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"path/filepath"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -28,7 +27,7 @@ const CONTROL_PROTECTION_SESSION = "by_control_protection"
 func New(sessions types.SessionManager, desktop types.DesktopManager, capture types.CaptureManager, webrtc types.WebRTCManager, conf *config.WebSocket) *WebSocketHandler {
 	logger := log.With().Str("module", "websocket").Logger()
 
-	state := state.New(conf.FileTransfer, conf.UnprivFileTransfer, conf.FileTransferPath)
+	state := state.New(conf.FileTransferEnabled, conf.FileTransferPath)
 
 	// if control protection is enabled
 	if conf.ControlProtection {
@@ -36,9 +35,12 @@ func New(sessions types.SessionManager, desktop types.DesktopManager, capture ty
 		logger.Info().Msgf("control locked on behalf of control protection")
 	}
 
-	if _, err := os.Stat(conf.FileTransferPath); os.IsNotExist(err) {
-		err = os.Mkdir(conf.FileTransferPath, os.ModePerm)
-		logger.Err(err).Msg("creating file transfer directory")
+	// create file transfer directory if not exists
+	if conf.FileTransferEnabled {
+		if _, err := os.Stat(conf.FileTransferPath); os.IsNotExist(err) {
+			err = os.Mkdir(conf.FileTransferPath, os.ModePerm)
+			logger.Err(err).Msg("creating file transfer directory")
+		}
 	}
 
 	// apply default locks
@@ -132,32 +134,6 @@ func (ws *WebSocketHandler) Start() {
 			}
 		}
 
-		// send file list if necessary
-		if ws.state.FileTransferEnabled() && (session.Admin() || ws.state.UnprivFileTransferEnabled()) {
-			err := session.Send(
-				message.FileTransferStatus{
-					Event:  event.FILETRANSFER_STATUS,
-					Admin:  ws.state.FileTransferEnabled(),
-					Unpriv: ws.state.UnprivFileTransferEnabled(),
-				})
-			if err != nil {
-				ws.logger.Warn().Err(err).Msgf("file transfer status event has failed")
-				return
-			}
-
-			files, err := utils.ListFiles(ws.conf.FileTransferPath)
-			if err == nil {
-				if err := session.Send(
-					message.FileList{
-						Event: event.FILETRANSFER_LIST,
-						Cwd:   ws.conf.FileTransferPath,
-						Files: files,
-					}); err != nil {
-					ws.logger.Warn().Err(err).Msg("file list event has failed")
-				}
-			}
-		}
-
 		// remove outdated stats
 		if session.Admin() {
 			ws.lastAdminLeftAt = nil
@@ -222,32 +198,35 @@ func (ws *WebSocketHandler) Start() {
 		ws.logger.Err(err).Msg("sync clipboard")
 	})
 
-	// watch for file changes
-	watcher, err := fsnotify.NewWatcher()
-	if err != nil {
-		ws.logger.Err(err).Msg("unable to start file transfer dir watcher")
-		return
-	}
-
-	go func() {
-		for {
-			select {
-			case e, ok := <-watcher.Events:
-				if !ok {
-					ws.logger.Info().Msg("file transfer dir watcher closed")
-					return
-				}
-				if e.Has(fsnotify.Create) || e.Has(fsnotify.Remove) || e.Has(fsnotify.Rename) {
-					ws.sendFileTransferUpdate()
-				}
-			case err := <-watcher.Errors:
-				ws.logger.Err(err).Msg("error in file transfer dir watcher")
-			}
+	// watch for file changes and send file list if file transfer is enabled
+	if ws.conf.FileTransferEnabled {
+		watcher, err := fsnotify.NewWatcher()
+		if err != nil {
+			ws.logger.Err(err).Msg("unable to start file transfer dir watcher")
+			return
 		}
-	}()
 
-	if err := watcher.Add(ws.conf.FileTransferPath); err != nil {
-		ws.logger.Err(err).Msg("unable to add file transfer path to watcher")
+		go func() {
+			for {
+				select {
+				case e, ok := <-watcher.Events:
+					if !ok {
+						ws.logger.Info().Msg("file transfer dir watcher closed")
+						return
+					}
+					if e.Has(fsnotify.Create) || e.Has(fsnotify.Remove) || e.Has(fsnotify.Rename) {
+						ws.logger.Debug().Str("event", e.String()).Msg("file transfer dir watcher event")
+						ws.handler.FileTransferRefresh(nil)
+					}
+				case err := <-watcher.Errors:
+					ws.logger.Err(err).Msg("error in file transfer dir watcher")
+				}
+			}
+		}()
+
+		if err := watcher.Add(ws.conf.FileTransferPath); err != nil {
+			ws.logger.Err(err).Msg("unable to add file transfer path to watcher")
+		}
 	}
 }
 
@@ -376,52 +355,6 @@ func (ws *WebSocketHandler) IsAdmin(password string) (bool, error) {
 	return false, fmt.Errorf("invalid password")
 }
 
-func (ws *WebSocketHandler) CanTransferFiles(password string) (bool, error) {
-	if !ws.state.FileTransferEnabled() {
-		return false, nil
-	}
-
-	isAdmin, err := ws.IsAdmin(password)
-	if err != nil {
-		return false, err
-	}
-
-	return isAdmin || ws.state.UnprivFileTransferEnabled(), nil
-}
-
-func (ws *WebSocketHandler) MakeFilePath(filename string) string {
-	cleanPath := filepath.Clean(filename)
-	return filepath.Join(ws.conf.FileTransferPath, cleanPath)
-}
-
-func (ws *WebSocketHandler) sendFileTransferUpdate() {
-	if !ws.state.FileTransferEnabled() {
-		return
-	}
-
-	files, err := utils.ListFiles(ws.conf.FileTransferPath)
-	if err != nil {
-		ws.logger.Err(err).Msg("unable to ls file transfer path")
-		return
-	}
-
-	message := message.FileList{
-		Event: event.FILETRANSFER_LIST,
-		Cwd:   ws.conf.FileTransferPath,
-		Files: files,
-	}
-
-	if ws.state.UnprivFileTransferEnabled() {
-		err = ws.sessions.Broadcast(message, nil)
-	} else {
-		err = ws.sessions.AdminBroadcast(message, nil)
-	}
-
-	if err != nil {
-		ws.logger.Err(err).Msg("unable to broadcast file list")
-	}
-}
-
 func (ws *WebSocketHandler) authenticate(r *http.Request) (bool, error) {
 	passwords, ok := r.URL.Query()["password"]
 	if !ok || len(passwords[0]) < 1 {
@@ -492,3 +425,28 @@ func (ws *WebSocketHandler) handle(connection *websocket.Conn, id string) {
 		}
 	}
 }
+
+//
+// File transfer
+//
+
+func (ws *WebSocketHandler) CanTransferFiles(password string) (bool, error) {
+	if !ws.conf.FileTransferEnabled {
+		return false, nil
+	}
+
+	isAdmin, err := ws.IsAdmin(password)
+	if err != nil {
+		return false, err
+	}
+
+	return isAdmin || !ws.state.IsLocked("file_transfer"), nil
+}
+
+func (ws *WebSocketHandler) FileTransferPath(filename string) string {
+	return ws.state.FileTransferPath(filename)
+}
+
+func (ws *WebSocketHandler) FileTransferEnabled() bool {
+	return ws.conf.FileTransferEnabled
+}

From 1666693c2574934d63f36493881e8cfe96575180 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 20:33:03 +0100
Subject: [PATCH 21/25] add cors.

---
 client/src/neko/index.ts         |  2 ++
 server/go.mod                    |  3 ++-
 server/go.sum                    |  2 ++
 server/internal/config/server.go | 19 +++++++++++++++++++
 server/internal/http/http.go     | 10 ++++++++++
 5 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/client/src/neko/index.ts b/client/src/neko/index.ts
index 777520e..f6b56d2 100644
--- a/client/src/neko/index.ts
+++ b/client/src/neko/index.ts
@@ -47,6 +47,8 @@ export class NekoClient extends BaseClient implements EventEmitter<NekoEvents> {
     this.$vue = vue
     this.$accessor = vue.$accessor
     this.url = url
+    // convert ws url to http url
+    this.$vue.$http.defaults.baseURL = url.replace(/^ws/, 'http').replace(/\/ws$/, '')
   }
 
   private cleanup() {
diff --git a/server/go.mod b/server/go.mod
index 027b970..a3c7c96 100644
--- a/server/go.mod
+++ b/server/go.mod
@@ -3,8 +3,9 @@ module m1k1o/neko
 go 1.18
 
 require (
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.6.0
 	github.com/go-chi/chi v4.1.2+incompatible
+	github.com/go-chi/cors v1.2.1
 	github.com/gorilla/websocket v1.5.0
 	github.com/kataras/go-events v0.0.3
 	github.com/pion/ice/v2 v2.2.11 // indirect
diff --git a/server/go.sum b/server/go.sum
index 024d6b2..8fdd49c 100644
--- a/server/go.sum
+++ b/server/go.sum
@@ -65,6 +65,8 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
 github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
+github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
+github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
diff --git a/server/internal/config/server.go b/server/internal/config/server.go
index 51f0465..d3cd24f 100644
--- a/server/internal/config/server.go
+++ b/server/internal/config/server.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"m1k1o/neko/internal/utils"
+	"net/http"
 	"path"
 
 	"github.com/spf13/cobra"
@@ -13,6 +15,7 @@ type Server struct {
 	Bind       string
 	Static     string
 	PathPrefix string
+	CORS       []string
 }
 
 func (Server) Init(cmd *cobra.Command) error {
@@ -41,6 +44,11 @@ func (Server) Init(cmd *cobra.Command) error {
 		return err
 	}
 
+	cmd.PersistentFlags().StringSlice("cors", []string{"*"}, "list of allowed origins for CORS")
+	if err := viper.BindPFlag("cors", cmd.PersistentFlags().Lookup("cors")); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -50,4 +58,15 @@ func (s *Server) Set() {
 	s.Bind = viper.GetString("bind")
 	s.Static = viper.GetString("static")
 	s.PathPrefix = path.Join("/", path.Clean(viper.GetString("path_prefix")))
+
+	s.CORS = viper.GetStringSlice("cors")
+	in, _ := utils.ArrayIn("*", s.CORS)
+	if len(s.CORS) == 0 || in {
+		s.CORS = []string{"*"}
+	}
+}
+
+func (s *Server) AllowOrigin(r *http.Request, origin string) bool {
+	in, _ := utils.ArrayIn(origin, s.CORS)
+	return in || s.CORS[0] == "*"
 }
diff --git a/server/internal/http/http.go b/server/internal/http/http.go
index bf75d10..b71a806 100644
--- a/server/internal/http/http.go
+++ b/server/internal/http/http.go
@@ -13,6 +13,7 @@ import (
 
 	"github.com/go-chi/chi"
 	"github.com/go-chi/chi/middleware"
+	"github.com/go-chi/cors"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 
@@ -38,6 +39,15 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t
 	router.Use(middleware.Recoverer) // Recover from panics without crashing server
 	router.Use(middleware.Compress(5, "application/octet-stream"))
 
+	router.Use(cors.Handler(cors.Options{
+		AllowOriginFunc:  conf.AllowOrigin,
+		AllowedMethods:   []string{"GET", "POST", "DELETE", "OPTIONS"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+		ExposedHeaders:   []string{"Link"},
+		AllowCredentials: true,
+		MaxAge:           300, // Maximum value not ignored by any of major browsers
+	}))
+
 	if conf.PathPrefix != "/" {
 		router.Use(func(h http.Handler) http.Handler {
 			return http.StripPrefix(conf.PathPrefix, h)

From e25e9c2b24cdc1df1dbfcd11b8533d5f726357c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 20:33:08 +0100
Subject: [PATCH 22/25] lint.

---
 client/src/components/side.vue | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/client/src/components/side.vue b/client/src/components/side.vue
index 33fcfe2..51d4970 100644
--- a/client/src/components/side.vue
+++ b/client/src/components/side.vue
@@ -95,7 +95,9 @@
   })
   export default class extends Vue {
     get filetransferAllowed() {
-      return this.$accessor.remote.fileTransfer && (this.$accessor.user.admin || !this.$accessor.isLocked('file_transfer'))
+      return (
+        this.$accessor.remote.fileTransfer && (this.$accessor.user.admin || !this.$accessor.isLocked('file_transfer'))
+      )
     }
 
     get tab() {

From ac822a253141fb63b60bc33d4aa5b5316b688946 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 20:45:38 +0100
Subject: [PATCH 23/25] update docs.

---
 docs/changelog.md                     |  2 ++
 docs/getting-started/configuration.md | 19 ++++++++++---------
 server/internal/config/server.go      |  3 ++-
 server/internal/config/websocket.go   |  2 +-
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/docs/changelog.md b/docs/changelog.md
index 9f608a0..5b3653a 100644
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -8,11 +8,13 @@
 - Added `NEKO_PATH_PREFIX`.
 - Added screenshot function `/screenshot.jpg?pwd=<admin>`, works only for unlocked rooms.
 - Added emoji support (by @yesBad).
+- Added file transfer (by @prophetofxenu).
 
 ### Misc
 - Server: Split `remote` to `desktop` and `capture`.
 - Server: Refactored `xorg` - added `xevent` and clipboard is handled as event (no looped polling anymore).
 - Introduced `NEKO_AUDIO_CODEC=` and `NEKO_VIDEO_CODEC=` as a new way of setting codecs.
+- Added CORS.
 
 ## [n.eko v2.6](https://github.com/m1k1o/neko/releases/tag/v2.6)
 
diff --git a/docs/getting-started/configuration.md b/docs/getting-started/configuration.md
index 26a8db2..84e378b 100644
--- a/docs/getting-started/configuration.md
+++ b/docs/getting-started/configuration.md
@@ -32,6 +32,7 @@ nat1to1: <ip>
   - Currently supported:
     - `control`
     - `login`
+    - `file_transfer`
   - e.g. `control`
 
 ### WebRTC
@@ -125,18 +126,18 @@ nat1to1: <ip>
 #### `NEKO_PATH_PREFIX`:
   - Path prefix for HTTP requests.
   - e.g. `/neko/`
+#### `NEKO_CORS`:
+  - Cross origin request sharing, whitespace separated list of allowed hosts, `*` for all.
+  - e.g. `127.0.0.1 neko.example.com`
 
 ### File Transfer
 
-#### `NEKO_FILE_TRANSFER`:
-  - Enable file transfer for admins at start
-  - e.g. `1`
-#### `NEKO_UNPRIV_FILE_TRANSFER`:
-  - Enable file transfer for all users at start. Ignored if NEKO_FILE_TRANSFER not enabled.
-  - e.g. `1`
+#### `NEKO_FILE_TRANSFER_ENABLED`:
+  - Enable file transfer feature.
+  - e.g. `true`
 #### `NEKO_FILE_TRANSFER_PATH`:
   - Path where files will be transferred between the host and users. By default this is
-  /home/neko/Downloads. If the path doesn't exist, it will be created.
+  `/home/neko/Downloads`. If the path doesn't exist, it will be created.
   - e.g. `/home/neko/Desktop`
 
 ### Expert settings
@@ -165,10 +166,11 @@ Flags:
       --broadcast_url string        URL for broadcasting, setting this value will automatically enable broadcasting
       --cert string                 path to the SSL cert used to secure the neko server
       --control_protection          control protection means, users can gain control only if at least one admin is in the room
+      --cors strings                list of allowed origins for CORS (default [*])
       --device string               audio device to capture (default "auto_null.monitor")
       --display string              XDisplay to capture (default ":99.0")
       --epr string                  limits the pool of ephemeral ports that ICE UDP connections can allocate from (default "59000-59100")
-      --file_transfer               allow file transfer for admins
+      --file_transfer_enabled       enable file transfer feature (default false)
       --file_transfer_path string   path to use for file transfer (default "/home/neko/Downloads")
       --g722                        DEPRECATED: use audio_codec
       --h264                        DEPRECATED: use video_codec
@@ -194,7 +196,6 @@ Flags:
       --static string               path to neko client files to serve (default "./www")
       --tcpmux int                  single TCP mux port for all peers
       --udpmux int                  single UDP mux port for all peers
-      --unpriv_file_transfer        allow file transfer for non admins
       --video string                video codec parameters to use for streaming
       --video_bitrate int           video bitrate in kbit/s (default 3072)
       --video_codec string          video codec to be used (default "vp8")
diff --git a/server/internal/config/server.go b/server/internal/config/server.go
index d3cd24f..f39766e 100644
--- a/server/internal/config/server.go
+++ b/server/internal/config/server.go
@@ -1,12 +1,13 @@
 package config
 
 import (
-	"m1k1o/neko/internal/utils"
 	"net/http"
 	"path"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
+
+	"m1k1o/neko/internal/utils"
 )
 
 type Server struct {
diff --git a/server/internal/config/websocket.go b/server/internal/config/websocket.go
index 163d9ec..7e534fd 100644
--- a/server/internal/config/websocket.go
+++ b/server/internal/config/websocket.go
@@ -47,7 +47,7 @@ func (WebSocket) Init(cmd *cobra.Command) error {
 
 	// File transfer
 
-	cmd.PersistentFlags().Bool("file_transfer_enabled", true, "enable file transfer feature")
+	cmd.PersistentFlags().Bool("file_transfer_enabled", false, "enable file transfer feature")
 	if err := viper.BindPFlag("file_transfer_enabled", cmd.PersistentFlags().Lookup("file_transfer_enabled")); err != nil {
 		return err
 	}

From ad5abb6054e6802a28d316c2b3b7ae34af736916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 20:53:27 +0100
Subject: [PATCH 24/25] css fix long file names.

---
 client/src/components/files.vue | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index 58d4ddf..f4af0f8 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -7,7 +7,7 @@
     <div class="files-list">
       <div v-for="item in files" :key="item.name" class="files-list-item">
         <i :class="fileIcon(item)" />
-        <p>{{ item.name }}</p>
+        <p class="file-name" :title="item.name">{{ item.name }}</p>
         <p class="file-size">{{ fileSize(item.size) }}</p>
         <i v-if="item.type !== 'dir'" class="fas fa-download download" @click="download(item)" />
       </div>
@@ -29,7 +29,7 @@
                 'fa-warning': download.status === 'failed',
               }"
             ></i>
-            <p>{{ download.name }}</p>
+            <p class="file-name" :title="download.name">{{ download.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round((download.progress / download.size) * 100)) }}%</p>
             <i class="fas fa-xmark remove-transfer" @click="removeTransfer(download)"></i>
           </div>
@@ -58,7 +58,7 @@
                 'fa-warning': upload.status === 'failed',
               }"
             ></i>
-            <p>{{ upload.name }}</p>
+            <p class="file-name" :title="upload.name">{{ upload.name }}</p>
             <p class="file-size">{{ Math.min(100, Math.round((upload.progress / upload.size) * 100)) }}%</p>
             <i class="fas fa-xmark remove-transfer" @click="removeTransfer(upload)"></i>
           </div>
@@ -164,10 +164,17 @@
       margin-left: auto;
     }
 
+    .file-name {
+      text-overflow: ellipsis;
+      overflow: hidden;
+      white-space: nowrap;
+    }
+
     .file-size {
       margin-left: auto;
       margin-right: 0.5em;
       color: rgba($color: #fff, $alpha: 0.4);
+      white-space: nowrap;
     }
 
     .refresh:hover,

From 3df319e071d93161fe56d99a9c404b42c20b3f5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sat, 19 Nov 2022 20:55:50 +0100
Subject: [PATCH 25/25] line height.

---
 client/src/components/files.vue | 1 +
 1 file changed, 1 insertion(+)

diff --git a/client/src/components/files.vue b/client/src/components/files.vue
index f4af0f8..bce8512 100644
--- a/client/src/components/files.vue
+++ b/client/src/components/files.vue
@@ -136,6 +136,7 @@
       border-bottom: 2px solid rgba($color: #fff, $alpha: 0.1);
       display: flex;
       flex-direction: row;
+      line-height: 1.2;
     }
 
     .transfers-list-header {