Merge branch 'metadata-fix' into 'master'

fix: multivalue tags See merge request joelilas/filebrowser!2
fix: multivalue tags
2026-02-08 15:55:13 +00:00 · 2026-02-08 16:50:29 +01:00 · 2026-01-30 08:52:51 +00:00 · 2026-01-30 09:50:55 +01:00 · 2026-01-29 18:57:17 +01:00 · 2026-01-28 14:38:57 +01:00
409 changed files with 136418 additions and 40381 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,4 +1,7 @@
-*
+.venv
-!docker/*
+dist
-!docker_config.json
+.idea
-!filebrowser
+frontend/node_modules
 frontend/dist
 filebrowser.db
 docs/index.md
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,5 +1 @@
-# These owners will be the default owners for everything in the repo.
+* @filebrowser/maintainers
 # Unless a later match takes precedence, @o1egl will be requested for
 # review when someone opens a pull request.
 *       @o1egl
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,22 +0,0 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 ---
 **Description**
 <!-- A clear and concise description of what the issue is about. What are you trying to do? -->
 **Expected behaviour**
 <!-- What did you expect to happen? -->
 **What is happening instead?**
 <!-- Please, give full error messages and/or log. -->
 **Additional context**
 <!-- Add any other context about the problem here. If applicable, add screenshots to help explain your problem. -->
 **How to reproduce?**
 <!-- Tell us how to reproduce this issue. How can someone who is starting from scratch reproduce this behaviour as minimally as possible? -->
 **Files**
 <!-- A list of relevant files for this issue. Large files can be uploaded one-by-one or in a tarball/zipfile. -->
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,53 @@
 name: Bug Report
 description: Report a bug in FileBrowser.
 labels: [bug, 'waiting: triage']
 body:
  - type: checkboxes
    attributes:
      label: Checklist
      description: Please verify that you've followed these steps
      options:
        - label: This is a bug report, not a question.
          required: true
        - label: I have searched on the [issue tracker](https://github.com/filebrowser/filebrowser/issues?q=is%3Aissue) for my bug.
          required: true
        - label: I am running the latest [FileBrowser version](https://github.com/filebrowser/filebrowser/releases) or have an issue updating.
          required: true
  - type: textarea
    id: version
    attributes:
      label: Version
      render: Text
      description: |
        Enter the version of FileBrowser you are using.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Description
      description: |
        A clear and concise description of what the issue is about. What are you trying to do?
    validations:
      required: true
  - type: textarea
    attributes:
      label: What did you expect to happen?
    validations:
      required: true
  - type: textarea
    attributes:
      label: What actually happened?
    validations:
      required: true
  - type: textarea
    attributes:
      label: Reproduction Steps
      description: |
        Tell us how to reproduce this issue. How can someone who is starting from scratch reproduce this behavior as minimally as possible?
    validations:
      required: true
  - type: textarea
    attributes:
      label: Files
      description: |
        A list of relevant files for this issue. Large files can be uploaded one-by-one or in a tarball/zipfile.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
 blank_issues_enabled: false
 contact_links:
  - name: GitHub Discussions
    url: https://github.com/filebrowser/filebrowser/discussions
    about: Please ask questions and discuss features here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,16 +0,0 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 ---
 **Is your feature request related to a problem? Please describe.**
 <!-- Add a clear and concise description of what the problem is. E.g. *I'm always frustrated when [...]* -->
 **Describe the solution you'd like**
 <!-- Add a clear and concise description of what you want to happen.  -->
 **Describe alternatives you've considered**
 <!-- Add a clear and concise description of any alternative solutions or features you've considered.  -->
 **Additional context**
 <!-- Add any other context or screenshots about the feature request here. -->
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,20 +1,16 @@
-**Description**
+## Description
 <!--
 Please explain the changes you made here.
 If the feature changes current behaviour, explain why your solution is better.
 -->
-:rotating_light: Before submitting your PR, please read [community](https://github.com/filebrowser/community), and indicate which issues (in any of the repos) are either fixed or closed by this PR. See [GitHub Help: Closing issues using keywords](https://help.github.com/articles/closing-issues-via-commit-messages/).
+<!-- Please explain the changes you made here. -->
- [ ] DO make sure you are requesting to **pull a topic/feature/bugfix branch** (right side). Don't request your master!
+## Additional Information
 - [ ] DO make sure you are making a pull request against the **master branch** (left side). Also you should start *your branch* off *our master*.
 - [ ] DO make sure that File Browser can be successfully built. See [builds](https://github.com/filebrowser/community/blob/master/builds.md) and [development](https://github.com/filebrowser/community/blob/master/development.md).
 - [ ] DO make sure that related issues are opened in other repositories. I.e., the frontend, caddy plugins or the web page need to be updated accordingly.
 - [ ] AVOID breaking the continuous integration build.
-**Further comments**
+<!-- If it is a relatively large or complex change, please add more information to explain what you did, how you did it, if you considered any alternatives, etc. -->
 <!--
 If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did, what alternatives you considered, etc.
-:heart: Thank you!
+## Checklist
-->
+
 Before submitting your PR, please indicate which issues are either fixed or closed by this PR. See [GitHub Help: Closing issues using keywords](https://help.github.com/articles/closing-issues-via-commit-messages/).
 - [ ] I am aware the project is currently in maintenance-only mode. See [README](https://github.com/filebrowser/community/blob/master/README.md)
 - [ ] I am aware that translations MUST be made through [Transifex](https://app.transifex.com/file-browser/file-browser/) and that this PR is NOT a translation update
 - [ ] I am making a PR against the `master` branch.
 - [ ] I am sure File Browser can be successfully built. See [builds](https://github.com/filebrowser/community/blob/master/builds.md) and [development](https://github.com/filebrowser/community/blob/master/development.md).
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,115 @@
 name: Continuous Integration
 on:
  push:
    branches:
      - "master"
    tags:
      - "v*"
  pull_request:
 jobs:
  lint-frontend:
    name: Lint Frontend
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: pnpm/action-setup@v4
        with:
          package_json_file: "frontend/package.json"
      - uses: actions/setup-node@v6
        with:
          node-version: "24.x"
          cache: "pnpm"
          cache-dependency-path: "frontend/pnpm-lock.yaml"
      - working-directory: frontend
        run: |
          pnpm install --frozen-lockfile
          pnpm run lint
  lint-backend:
    name: Lint Backend
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version: "1.25.x"
      - uses: golangci/golangci-lint-action@v9
        with:
          version: "latest"
  test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version: "1.25.x"
      - run: go test --race ./...
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - uses: actions/setup-go@v6
        with:
          go-version: '1.25'
      - uses: pnpm/action-setup@v4
        with:
          package_json_file: "frontend/package.json"
      - uses: actions/setup-node@v6
        with:
          node-version: "24.x"
          cache: "pnpm"
          cache-dependency-path: "frontend/pnpm-lock.yaml"
      - name: Install Task
        uses: go-task/setup-task@v1
      - run: task build
  release:
    name: Release
    needs: ["lint-frontend", "lint-backend", "test", "build"]
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - uses: actions/setup-go@v6
        with:
          go-version: '1.25'
      - uses: pnpm/action-setup@v4
        with:
          package_json_file: "frontend/package.json"
      - uses: actions/setup-node@v6
        with:
          node-version: "24.x"
          cache: "pnpm"
          cache-dependency-path: "frontend/pnpm-lock.yaml"
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Install Task
        uses: go-task/setup-task@v1
      - run: task build:frontend
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -0,0 +1,52 @@
 name: Docs
 on:
  pull_request:
    paths:
      - 'www'
      - '*.md'
  push:
    branches:
      - master
 jobs:
  build:
    name: Build Docs
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Install Task
        uses: go-task/setup-task@v1
      - name: Build site
        run: task docs
  build-and-release:
    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    name: Build and Release Docs
    permissions:
      pages: write
      id-token: write
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Install Task
        uses: go-task/setup-task@v1
      - name: Build site
        run: task docs
      - name: Upload static files as artifact
        uses: actions/upload-pages-artifact@v4
        with:
          path: www/public
      - name: Deploy to GitHub Pages
        uses: actions/deploy-pages@v4
--- a/.github/workflows/lint-pr.yaml
+++ b/.github/workflows/lint-pr.yaml
@@ -0,0 +1,46 @@
 name: "Lint PR"
 on:
  pull_request_target:
    types:
      - opened
      - reopened
      - edited
      - synchronize
 permissions:
  pull-requests: write
 jobs:
  main:
    name: Validate Title
    runs-on: ubuntu-latest
    steps:
      - uses: amannn/action-semantic-pull-request@v6
        id: lint_pr_title
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - uses: marocchino/sticky-pull-request-comment@v2
        # When the previous steps fails, the workflow would stop. By adding this
        # condition you can continue the execution with the populated error message.
        if: always() && (steps.lint_pr_title.outputs.error_message != null)
        with:
          header: pr-title-lint-error
          message: |
            Hey there and thank you for opening this pull request! 👋🏼
            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
            Details:
            ```
            ${{ steps.lint_pr_title.outputs.error_message }}
            ```
      # Delete a previous comment when the issue has been resolved
      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
        uses: marocchino/sticky-pull-request-comment@v2
        with:
          header: pr-title-lint-error
          delete: true
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -1,100 +0,0 @@
 name: main
 on:
  push:
    branches:
      - 'master'
    tags:
      - 'v*'
  pull_request:
 jobs:
 # linters
  lint-frontend:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: '16'
      - run: make lint-frontend
  lint-backend:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
          go-version: 1.20.6
      - run: make lint-backend
  lint-commits:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/setup-node@v2
        with:
          node-version: '16'
      - run: make lint-commits
  lint:
    runs-on: ubuntu-latest
    needs: [lint-frontend, lint-backend, lint-commits]
    steps:
      - run: echo "done"
 # tests
  test-frontend:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: '16'
      - run: make test-frontend
  test-backend:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
          go-version: 1.20.6
      - run: make test-backend
  test:
    runs-on: ubuntu-latest
    needs: [test-frontend, test-backend]
    steps:
      - run: echo "done"
 # release
  release:
    runs-on: ubuntu-latest
    needs: [lint, test]
    if: startsWith(github.event.ref, 'refs/tags/v')
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/setup-go@v2
        with:
          go-version: 1.20.6
      - uses: actions/setup-node@v2
        with:
          node-version: '16'
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: Build frontend
        run: make build-frontend
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v2
        with:
          version: latest
          args: release --rm-dist
        env:
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,24 +0,0 @@
 name: 'Close stale issues and PRs'
 permissions:
  issues: write
  pull-requests: write
 on:
  schedule:
    - cron: '30 1 * * *'
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v5
        with:
          stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
          close-pr-message: 'This PR was closed because it has been stalled for 5 days with no activity.'
          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
          close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
          days-before-stale: 30
          days-before-close: 5
          exempt-issue-labels: 'feature ☘,enhancement ⚙,bug 🐞'
          exempt-pr-labels: 'need-help,wip'
          operations-per-run: 100
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@ rice-box.go
 /filebrowser
 /filebrowser.exe
 /dist
 .venv
 .DS_Store
 node_modules
@@ -29,3 +30,19 @@ yarn-error.log*
 *.sw*
 bin/
 build/
 # Vue distributable files
 /frontend/dist/*
 !/frontend/dist/.gitkeep
 default.nix
 Dockerfile.dev
 filebrowser.log
 filebrowser.pid
 frontend-dev.log
 frontend.pid
 SWAG.mp3
 test/M5.flac
 test/MALIBU.flac
 test/SWAG.mp3
 test
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,121 +1,14 @@
-linters-settings:
+version: "2"
  dupl:
    threshold: 100
  exhaustive:
    default-signifies-exhaustive: false
  funlen:
    lines: 100
    statements: 50
  gci:
    local-prefixes: github.com/filebrowser/filebrowser
  goconst:
    min-len: 2
    min-occurrences: 2
  gocritic:
    enabled-tags:
      - diagnostic
      - experimental
      - opinionated
      - performance
      - style
    disabled-checks:
      - dupImport # https://github.com/go-critic/go-critic/issues/845
      - ifElseChain
      - octalLiteral
      - whyNoLint
      - wrapperFunc
  gocyclo:
    min-complexity: 15
  goimports:
    local-prefixes: github.com/filebrowser/filebrowser
  gomnd:
    settings:
      mnd:
        # don't include the "operation" and "assign"
        checks: argument,case,condition,return
  govet:
    check-shadowing: true
  lll:
    line-length: 140
  maligned:
    suggest-new: true
  misspell:
    locale: US
  nolintlint:
    allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
    allow-unused: false # report any unused nolint directives
    require-explanation: false # don't require an explanation for nolint directives
    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
 linters:
-  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  default: standard
  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
  disable-all: true
  enable:
    - bodyclose
    - deadcode
    - depguard
    - dogsled
    - dupl
    - errcheck
    - exportloopref
    - exhaustive
    - funlen
    - gochecknoinits
    - goconst
    - gocritic
    - gocyclo
    - goimports
    - gomnd
    - goprintffuncname
    - gosec
    - gosimple
    - govet
-    - ineffassign
+    - revive
-    - lll
+  exclusions:
-    - misspell
+    presets:
-    - nakedret
+      - std-error-handling
-    - nolintlint
+      - comments
-    - rowserrcheck
+    paths:
-    - staticcheck
+      - frontend/
    - structcheck
    - stylecheck
    - typecheck
    - unconvert
    - unparam
    - unused
    - varcheck
    - whitespace
    - prealloc
 issues:
  exclude-rules:
    - path: cmd/.*.go
      linters:
        - gochecknoinits
    - path: .*_test.go
      linters:
        - lll
        - gochecknoinits
        - gocyclo
        - funlen
        - dupl
        - scopelint
    - text: "Auther"
      linters:
        - misspell
    - text: "strconv.Parse"
      linters:
        - gomnd
 run:
  go: '1.18'
  skip-dirs:
    - frontend/
  skip-files:
    - http/rice-box.go
 # golangci.com configuration
 # https://github.com/golangci/golangci/wiki/Configuration
 service:
  golangci-lint-version: 1.27.x # use the fixed version to not introduce new linters unexpectedly
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,46 +1,55 @@
 version: 2
 project_name: filebrowser
 env:
  - GO111MODULE=on
-build:
+builds:
-  env:
+  - env:
-    - CGO_ENABLED=0
+      - CGO_ENABLED=0
-  ldflags:
+    ldflags:
-    - -s -w -X github.com/filebrowser/filebrowser/v2/version.Version={{ .Version }} -X github.com/filebrowser/filebrowser/v2/version.CommitSHA={{ .ShortCommit }}
+      - -s -w -X github.com/filebrowser/filebrowser/v2/version.Version={{ .Version }} -X github.com/filebrowser/filebrowser/v2/version.CommitSHA={{ .ShortCommit }}
-  main: main.go
+    main: main.go
-  binary: filebrowser
+    binary: filebrowser
-  goos:
+    goos:
-    - darwin
+      - darwin
-    - linux
+      - linux
-    - windows
+      - windows
-    - freebsd
+      - freebsd
-  goarch:
+      - openbsd
-    - amd64
+    goarch:
-    - 386
+      - amd64
-    - arm
+      - "386"
-    - arm64
+      - arm
-  goarm:
+      - arm64
-    - 5
+      - riscv64
-    - 6
+    goarm:
-    - 7
+      - "5"
-  ignore:
+      - "6"
-    - goos: darwin
+      - "7"
-      goarch: 386
+    ignore:
-    - goos: freebsd
+      - goos: darwin
-      goarch: arm
+        goarch: "386"
      # Experimental, may not work properly
      - goos: openbsd
        goarch: riscv64
      # Broken as of Go 1.24, deprecated as of Go 1.26
      - goos: windows
        goarch: arm
      - goos: freebsd
        goarch: arm
 archives:
-  -
+  - name_template: "{{.Os}}-{{.Arch}}{{if .Arm}}v{{.Arm}}{{end}}-{{ .ProjectName }}"
-    name_template: "{{.Os}}-{{.Arch}}{{if .Arm}}v{{.Arm}}{{end}}-{{ .ProjectName }}"
+    formats: ["tar.gz"]
    format: tar.gz
    format_overrides:
      - goos: windows
-        format: zip
+        formats: ["zip"]
 dockers:
-  -
+  # Alpine docker images
-    dockerfile: Dockerfile
+  - dockerfile: Dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
@@ -56,10 +65,8 @@ dockers:
      - "filebrowser/filebrowser:{{ .Tag }}-amd64"
      - "filebrowser/filebrowser:v{{ .Major }}-amd64"
    extra_files:
-      - docker_config.json
+      - docker
-      - healthcheck.sh
+  - dockerfile: Dockerfile
  -
    dockerfile: Dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
@@ -75,10 +82,8 @@ dockers:
      - "filebrowser/filebrowser:{{ .Tag }}-arm64"
      - "filebrowser/filebrowser:v{{ .Major }}-arm64"
    extra_files:
-      - docker_config.json
+      - docker
-      - healthcheck.sh
+  - dockerfile: Dockerfile
  -
    dockerfile: Dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
@@ -90,15 +95,13 @@ dockers:
      - "--platform=linux/arm/v6"
    goos: linux
    goarch: arm
-    goarm: '6'
+    goarm: "6"
    image_templates:
      - "filebrowser/filebrowser:{{ .Tag }}-armv6"
      - "filebrowser/filebrowser:v{{ .Major }}-armv6"
    extra_files:
-      - docker_config.json
+      - docker
-      - healthcheck.sh
+  - dockerfile: Dockerfile
  -
    dockerfile: Dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
@@ -110,16 +113,15 @@ dockers:
      - "--platform=linux/arm/v7"
    goos: linux
    goarch: arm
-    goarm: '7'
+    goarm: "7"
    image_templates:
      - "filebrowser/filebrowser:{{ .Tag }}-armv7"
      - "filebrowser/filebrowser:v{{ .Major }}-armv7"
    extra_files:
-      - docker_config.json
+      - docker
-      - healthcheck.sh
+
-## s6 based docker images
+  ## s6-overlay docker images
-  -
+  - dockerfile: Dockerfile.s6
    dockerfile: Dockerfile.s6
    use: buildx
    build_flag_templates:
      - "--pull"
@@ -135,9 +137,8 @@ dockers:
      - "filebrowser/filebrowser:{{ .Tag }}-amd64-s6"
      - "filebrowser/filebrowser:v{{ .Major }}-amd64-s6"
    extra_files:
-      - docker/root
+      - docker
-  -
+  - dockerfile: Dockerfile.s6
    dockerfile: Dockerfile.s6.aarch64
    use: buildx
    build_flag_templates:
      - "--pull"
@@ -153,7 +154,8 @@ dockers:
      - "filebrowser/filebrowser:{{ .Tag }}-arm64-s6"
      - "filebrowser/filebrowser:v{{ .Major }}-arm64-s6"
    extra_files:
-      - docker/root
+      - docker
 docker_manifests:
  - name_template: "filebrowser/filebrowser:latest"
    image_templates:
@@ -170,7 +172,7 @@ docker_manifests:
      - "filebrowser/filebrowser:v{{ .Major }}-amd64"
      - "filebrowser/filebrowser:v{{ .Major }}-arm64"
      - "filebrowser/filebrowser:v{{ .Major }}-armv7"
-## s6 image manifests
+  ## s6 image manifests
  - name_template: "filebrowser/filebrowser:s6"
    image_templates:
      - "filebrowser/filebrowser:{{ .Tag }}-amd64-s6"
@@ -183,15 +185,20 @@ docker_manifests:
    image_templates:
      - "filebrowser/filebrowser:v{{ .Major }}-amd64-s6"
      - "filebrowser/filebrowser:v{{ .Major }}-arm64-s6"
-brews:
+
 homebrew_casks:
  - name: filebrowser
-    tap:
+    repository:
      owner: filebrowser
      name: homebrew-tap
    folder: Formula
    homepage: https://filebrowser.org
    commit_author:
      name: FileBrowser Robot
      email: robot@filebrowser.org
    homepage: https://github.com/filebrowser/filebrowser
    description: File Browser is a create-your-own-cloud-kind of software where you can install it on a server, direct it to a path and then access your files through a nice web interface
-    license: "MIT"
+    hooks:
      post:
        install: |
          if system_command("/usr/bin/xattr", args: ["-h"]).exit_status == 0
            system_command "/usr/bin/xattr", args: ["-dr", "com.apple.quarantine", "#{staged_path}/filebrowser"]
          end
--- a/.tx/config
+++ b/.tx/config
@@ -1,10 +0,0 @@
 [main]
 host = https://www.transifex.com
 lang_map = pt_BR: pt-br, zh_CN: zh-cn, zh_HK: zh-hk, zh_TW: zh-tw, nl_BE: nl-be, sv_SE: sv-se
 [file-browser.file-browser]
 file_filter = frontend/src/i18n/<lang>.json
 minimum_perc = 50
 source_file = frontend/src/i18n/en.json
 source_lang = en
 type = KEYVALUEJSON
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CODE-OF-CONDUCT.md
+++ b/CODE-OF-CONDUCT.md
@@ -0,0 +1,46 @@
 # Code of Conduct
 ## Contributor Covenant Code of Conduct
 ### Our Pledge
 In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
 ### Our Standards
 Examples of behavior that contributes to creating a positive environment include:
 * Using welcoming and inclusive language
 * Being respectful of differing viewpoints and experiences
 * Gracefully accepting constructive criticism
 * Focusing on what is best for the community
 * Showing empathy towards other community members
 Examples of unacceptable behavior by participants include:
 * The use of sexualized language or imagery and unwelcome sexual attention or advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or electronic address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a professional setting
 ### Our Responsibilities
 Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
 Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
 ### Scope
 This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
 ### Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at hacdias@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
 ### Attribution
 This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.4, available at [https://contributor-covenant.org/version/1/4](https://contributor-covenant.org/version/1/4).
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,128 @@
 # Contributing
 If you're interested in contributing to this project, this is the best place to start. Before contributing to this project, please take a bit of time to read our [Code of Conduct](code-of-conduct.md). Also, note that this project is open-source and licensed under [Apache License 2.0](LICENSE).
 ## Project Structure
 The backend side of the application is written in [Go](https://golang.org/), while the frontend (located on a subdirectory of the same name) is written in [Vue.js](https://vuejs.org/). Due to the tight coupling required by some features, basic knowledge of both Go and Vue.js is recommended.
 * Learn Go: [https://github.com/golang/go/wiki/Learn](https://github.com/golang/go/wiki/Learn)
 * Learn Vue.js: [https://vuejs.org/guide/introduction.html](https://vuejs.org/guide/introduction.html)
 We encourage you to use git to manage your fork. To clone the main repository, just run:
 ```bash
 git clone https://github.com/filebrowser/filebrowser
 ```
 We use [Taskfile](https://taskfile.dev/) to manage the different processes (building, releasing, etc) automatically.
 ## Build
 You can fully build the project in order to produce a binary by running:
 ```bash
 task build
 ```
 ## Development
 For development, there are a few things to have in mind.
 ### Frontend
 We use [Node.js](https://nodejs.org/en/) on the frontend to manage the build process. Prepare the frontend environment:
 ```bash
 # From the root of the repo, go to frontend/
 cd frontend
 # Install the dependencies
 pnpm install
 ```
 If you just want to develop the backend, you can create a static build of the frontend:
 ```bash
 pnpm run build
 ```
 If you want to develop the frontend, start a development server which watches for changes:
 ```bash
 pnpm run dev
 ```
 Please note that you need to access File Browser's interface through the development server of the frontend.
 ### Backend
 First prepare the backend environment by downloading all required dependencies:
 ```bash
 go mod download
 ```
 You can now build or run File Browser as any other Go project:
 ```bash
 # Build
 go build
 # Run
 go run .
 ```
 ## Documentation
 We rely on Docker to abstract all the dependencies required for building the documentation.
 To build the documentation to `www/public`:
 ```bash
 task docs
 ```
 To start a local server on port `8000` to view the built documentation:
 ```bash
 task docs:serve
 ```
 ## Release
 To make a release, just run:
 ```bash
 task release
 ```
 ## Translations
 Translations are managed on Transifex, which is an online website where everyone can contribute and translate strings for our project. It automatically syncs with the main language file \(in English\) and,, for you to contribute, you just need to:
 1. Go to our Transifex web page: [app.transifex.com/file-browser/file-browser](https://app.transifex.com/file-browser/file-browser/)
 2. Click on **Join the project** and pick your language. We'll accept you as soon as possible. If you're language is not on the list, please request it via the interface.
 Translations are automatically pushed to GitHub via an integration.
 ## Authentication Provider
 To build a new authentication provider, you need to implement the [Auther interface](https://github.com/filebrowser/filebrowser/blob/master/auth/auth.go), whose method will be called on the login page after the user has submitted their login data.
 ```go
 // Auther is the authentication interface.
 type Auther interface {
    // Auth is called to authenticate a request.
    Auth(r *http.Request, s *users.Storage, root string) (*users.User, error)
 }
 ```
 After implementing the interface you should:
 1. Add it to [`auth` directory](https://github.com/filebrowser/filebrowser/blob/master/auth).
 2. Add it to the [configuration parser](https://github.com/filebrowser/filebrowser/blob/master/cmd/config.go) for the CLI.
 3. Add it to the [`authBackend.Get`](https://github.com/filebrowser/filebrowser/blob/master/storage/bolt/auth.go).
 If you need to add more flags, please update the function `addConfigFlags`.
--- a/55
+++ b/55
@@ -1,19 +1,46 @@
-FROM alpine:latest
+## Multistage build: First stage fetches dependencies
-RUN apk --update add ca-certificates \
+FROM alpine:3.23 AS fetcher
                     mailcap \
                     curl \
                     jq
-COPY healthcheck.sh /healthcheck.sh
+# install and copy ca-certificates, mailcap, and tini-static; download JSON.sh
-RUN chmod +x /healthcheck.sh  # Make the script executable
+RUN apk update && \
    apk --no-cache add ca-certificates mailcap tini-static && \
    wget -O /JSON.sh https://raw.githubusercontent.com/dominictarr/JSON.sh/0d5e5c77365f63809bf6e77ef44a1f34b0e05840/JSON.sh
-HEALTHCHECK --start-period=2s --interval=5s --timeout=3s \
+## Second stage: Use lightweight BusyBox image for final runtime environment
-    CMD /healthcheck.sh || exit 1
+FROM busybox:1.37.0-musl
 # Define non-root user UID and GID
 ENV UID=1000
 ENV GID=1000
 # Create user group and user
 RUN addgroup -g $GID user && \
    adduser -D -u $UID -G user user
 # Copy binary, scripts, and configurations into image with proper ownership
 COPY --chown=user:user filebrowser /bin/filebrowser
 COPY --chown=user:user docker/common/ /
 COPY --chown=user:user docker/alpine/ /
 COPY --chown=user:user --from=fetcher /sbin/tini-static /bin/tini
 COPY --from=fetcher /JSON.sh /JSON.sh
 COPY --from=fetcher /etc/ca-certificates.conf /etc/ca-certificates.conf
 COPY --from=fetcher /etc/ca-certificates /etc/ca-certificates
 COPY --from=fetcher /etc/mime.types /etc/mime.types
 COPY --from=fetcher /etc/ssl /etc/ssl
 # Create data directories, set ownership, and ensure healthcheck script is executable
 RUN mkdir -p /config /database /srv && \
    chown -R user:user /config /database /srv \
    && chmod +x /healthcheck.sh
 # Define healthcheck script
 HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh
 # Set the user, volumes and exposed ports
 USER user
 VOLUME /srv /config /database
 VOLUME /srv
 EXPOSE 80
-COPY docker_config.json /.filebrowser.json
+ENTRYPOINT [ "tini", "--", "/init.sh" ]
 COPY filebrowser /filebrowser
 ENTRYPOINT [ "/filebrowser" ]
--- a/Dockerfile.full
+++ b/Dockerfile.full
@@ -0,0 +1,86 @@
 # Multi-stage build: compile frontend + backend, then package
 # This is a full build Dockerfile for filebrowser from source
 ##############################################################################
 # Stage 1: Build frontend (Node.js / pnpm)
 ##############################################################################
 FROM node:20-alpine AS frontend-builder
 RUN corepack enable && corepack prepare pnpm@latest --activate
 WORKDIR /app/frontend
 COPY frontend/package.json frontend/pnpm-lock.yaml ./
 RUN pnpm install --frozen-lockfile
 COPY frontend/ ./
 RUN pnpm run build
 ##############################################################################
 # Stage 2: Build backend (Go)
 ##############################################################################
 FROM golang:1.25-alpine AS backend-builder
 RUN apk add --no-cache git
 WORKDIR /app
 COPY . .
 COPY --from=frontend-builder /app/frontend/dist ./frontend/dist
 RUN go mod tidy && go mod download
 ARG VERSION=dev
 ARG GIT_COMMIT=unknown
 RUN CGO_ENABLED=0 go build \
    -ldflags="-s -w -X 'github.com/filebrowser/filebrowser/v2/version.Version=${VERSION}' -X 'github.com/filebrowser/filebrowser/v2/version.CommitSHA=${GIT_COMMIT}'" \
    -o filebrowser .
 ##############################################################################
 # Stage 3: Fetch runtime dependencies
 ##############################################################################
 FROM alpine:3.23 AS fetcher
 RUN apk update && \
    apk --no-cache add ca-certificates mailcap tini-static && \
    wget -O /JSON.sh https://raw.githubusercontent.com/dominictarr/JSON.sh/0d5e5c77365f63809bf6e77ef44a1f34b0e05840/JSON.sh
 ##############################################################################
 # Stage 4: Final runtime image (Alpine with ffmpeg)
 ##############################################################################
 FROM alpine:3.23
 ENV UID=1000
 ENV GID=1000
 RUN addgroup -g $GID user && \
    adduser -D -u $UID -G user user && \
    apk add --no-cache ffmpeg flac
 # Copy compiled binary from backend-builder
 COPY --from=backend-builder --chown=user:user /app/filebrowser /bin/filebrowser
 # Copy scripts and configs from repo
 COPY --chown=user:user docker/common/ /
 COPY --chown=user:user docker/alpine/ /
 # Copy runtime deps from fetcher
 COPY --chown=user:user --from=fetcher /sbin/tini-static /bin/tini
 COPY --from=fetcher /JSON.sh /JSON.sh
 COPY --from=fetcher /etc/ca-certificates.conf /etc/ca-certificates.conf
 COPY --from=fetcher /etc/ca-certificates /etc/ca-certificates
 COPY --from=fetcher /etc/mime.types /etc/mime.types
 COPY --from=fetcher /etc/ssl /etc/ssl
 RUN mkdir -p /config /database /srv && \
    chown -R user:user /config /database /srv && \
    chmod +x /healthcheck.sh
 HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh
 USER user
 VOLUME /srv /config /database
 EXPOSE 80
 ENTRYPOINT [ "tini", "--", "/init.sh" ]
--- a/Dockerfile.s6
+++ b/Dockerfile.s6
@@ -1,16 +1,24 @@
-FROM ghcr.io/linuxserver/baseimage-alpine:3.17
+FROM ghcr.io/linuxserver/baseimage-alpine:3.23
-RUN apk --update add ca-certificates \
+RUN apk update && \
-                     mailcap \
+  apk --no-cache add ca-certificates mailcap jq libcap ffmpeg
                     curl
-HEALTHCHECK --start-period=2s --interval=5s --timeout=3s \
+# Make user and create necessary directories
-  CMD curl -f http://localhost/health || exit 1
+RUN mkdir -p /config /database /srv && \
  chown -R abc:abc /config /database /srv
-# copy local files
+# Copy files and set permissions
-COPY docker/root/ /
+COPY filebrowser /bin/filebrowser
-COPY filebrowser /usr/bin/filebrowser
+COPY docker/common/ /
 COPY docker/s6/ /
-# ports and volumes
+RUN chown -R abc:abc /bin/filebrowser /defaults healthcheck.sh && \
  setcap 'cap_net_bind_service=+ep' /bin/filebrowser
 # Define healthcheck script
 HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh
 # Set the volumes and exposed ports
 VOLUME /srv /config /database
 EXPOSE 80
--- a/Dockerfile.s6.aarch64
+++ b/Dockerfile.s6.aarch64
@@ -1,16 +0,0 @@
 FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.17
 RUN apk --update add ca-certificates \
                     mailcap \
                     curl
 HEALTHCHECK --start-period=2s --interval=5s --timeout=3s \
  CMD curl -f http://localhost/health || exit 1
 # copy local files
 COPY docker/root/ /
 COPY filebrowser /usr/bin/filebrowser
 # ports and volumes
 VOLUME /srv /config /database
 EXPOSE 80
--- a/Dockerfile.s6.armhf
+++ b/Dockerfile.s6.armhf
@@ -1,16 +0,0 @@
 FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.17
 RUN apk --update add ca-certificates \
                     mailcap \
                     curl
 HEALTHCHECK --start-period=2s --interval=5s --timeout=3s \
  CMD curl -f http://localhost/health || exit 1
 # copy local files
 COPY docker/root/ /
 COPY filebrowser /usr/bin/filebrowser
 # ports and volumes
 VOLUME /srv /config /database
 EXPOSE 80
--- a/2
+++ b/2
@@ -187,7 +187,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
-   Copyright 2018 File Browser contributors
+   Copyright 2018 File Browser Contributors
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/68
+++ b/68
@@ -1,68 +0,0 @@
 include common.mk
 include tools.mk
 LDFLAGS += -X "$(MODULE)/version.Version=$(VERSION)" -X "$(MODULE)/version.CommitSHA=$(VERSION_HASH)"
 ## Build:
 .PHONY: build
 build: | build-frontend build-backend ## Build binary
 .PHONY: build-frontend
 build-frontend: ## Build frontend
 	$Q cd frontend && npm ci && npm run build
 .PHONY: build-backend
 build-backend: ## Build backend
 	$Q $(go) build -ldflags '$(LDFLAGS)' -o .
 .PHONY: test
 test: | test-frontend test-backend ## Run all tests
 .PHONY: test-frontend
 test-frontend: ## Run frontend tests
 .PHONY: test-backend
 test-backend: ## Run backend tests
 	$Q $(go) test -v ./...
 .PHONY: lint
 lint: lint-frontend lint-backend lint-commits ## Run all linters
 .PHONY: lint-frontend
 lint-frontend: ## Run frontend linters
 	$Q cd frontend && npm ci && npm run lint
 .PHONY: lint-backend
 lint-backend: | $(golangci-lint) ## Run backend linters
 	$Q $(golangci-lint) run -v
 .PHONY: lint-commits
 lint-commits: $(commitlint) ## Run commit linters
 	$Q ./scripts/commitlint.sh
 fmt: $(goimports) ## Format source files
 	$Q $(goimports) -local $(MODULE) -w $$(find . -type f -name '*.go' -not -path "./vendor/*")
 clean: clean-tools ## Clean
 ## Release:
 .PHONY: bump-version
 bump-version: $(standard-version) ## Bump app version
 	$Q ./scripts/bump_version.sh
 ## Help:
 help: ## Show this help
 	@echo ''
 	@echo 'Usage:'
 	@echo '  ${YELLOW}make${RESET} ${GREEN}<target> [options]${RESET}'
 	@echo ''
 	@echo 'Options:'
 	@$(call global_option, "V [0|1]", "enable verbose mode (default:0)")
 	@echo ''
 	@echo 'Targets:'
 	@awk 'BEGIN {FS = ":.*?## "} { \
 		if (/^[a-zA-Z_-]+:.*?##.*$$/) {printf "    ${YELLOW}%-20s${GREEN}%s${RESET}\n", $$1, $$2} \
 		else if (/^## .*$$/) {printf "  ${CYAN}%s${RESET}\n", substr($$1,4)} \
 		}' $(MAKEFILE_LIST)
--- a/README.md
+++ b/README.md
@@ -1,33 +1,31 @@
 <p align="center">
-  <img src="https://raw.githubusercontent.com/filebrowser/logo/master/banner.png" width="550"/>
+  <img src="https://raw.githubusercontent.com/filebrowser/filebrowser/master/branding/banner.png" width="550"/>
 </p>
-![Preview](https://user-images.githubusercontent.com/5447088/50716739-ebd26700-107a-11e9-9817-14230c53efd2.gif)
+[![Build](https://github.com/filebrowser/filebrowser/actions/workflows/ci.yaml/badge.svg)](https://github.com/filebrowser/filebrowser/actions/workflows/ci.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/filebrowser/filebrowser/v2)](https://goreportcard.com/report/github.com/filebrowser/filebrowser/v2)
 [![Version](https://img.shields.io/github/release/filebrowser/filebrowser.svg)](https://github.com/filebrowser/filebrowser/releases/latest)
-[![Build](https://github.com/filebrowser/filebrowser/actions/workflows/main.yaml/badge.svg)](https://github.com/filebrowser/filebrowser/actions/workflows/main.yaml)
+File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview and edit your files. It is a **create-your-own-cloud**-kind of software where you can just install it on your server, direct it to a path and access your files through a nice web interface.
 [![Go Report Card](https://goreportcard.com/badge/github.com/filebrowser/filebrowser?style=flat-square)](https://goreportcard.com/report/github.com/filebrowser/filebrowser)
 [![Documentation](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square)](http://godoc.org/github.com/filebrowser/filebrowser)
 [![Version](https://img.shields.io/github/release/filebrowser/filebrowser.svg?style=flat-square)](https://github.com/filebrowser/filebrowser/releases/latest)
 [![Chat IRC](https://img.shields.io/badge/freenode-%23filebrowser-blue.svg?style=flat-square)](http://webchat.freenode.net/?channels=%23filebrowser)
-filebrowser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit your files. It allows the creation of multiple users and each user can have its own directory. It can be used as a standalone app.
+## Documentation
-## Features
+Documentation on how to install, configure, and contribute to this project is hosted at [filebrowser.org](https://filebrowser.org).
-Please refer to our docs at [https://filebrowser.org/features](https://filebrowser.org/features)
+## Project Status
-## Install
+This project is a finished product which fulfills its goal: be a single binary web File Browser which can be run by anyone anywhere. That means that File Browser is currently on **maintenance-only** mode. Therefore, please note the following:
-For installation instructions please refer to our docs at [https://filebrowser.org/installation](https://filebrowser.org/installation).
+- It can take a while until someone gets back to you. Please be patient.
-
+- [Issues](https://github.com/filebrowser/filebrowser/issues) are meant to track bugs. Unrelated issues will be converted into [discussions](https://github.com/filebrowser/filebrowser/discussions).
-## Configuration
+- No new features will be implemented by maintainers. Pull requests for new features will be reviewed on a case by case basis.
-
+- The priority is triaging issues, addressing security issues and reviewing pull requests meant to solve bugs.
 [Authentication Method](https://filebrowser.org/configuration/authentication-method) - You can change the way the user authenticates with the filebrowser server
 [Command Runner](https://filebrowser.org/configuration/command-runner) - The command runner is a feature that enables you to execute any shell command you want before or after a certain event.
 [Custom Branding](https://filebrowser.org/configuration/custom-branding) - You can customize your File Browser installation by change its name to any other you want, by adding a global custom style sheet and by using your own logotype if you want.
 ## Contributing
-If you're interested in contributing to this project, our docs are best places to start [https://filebrowser.org/contributing](https://filebrowser.org/contributing).
+Contributions are always welcome. To start contributing to this project, read our [guidelines](CONTRIBUTING.md) first.
 ## License
 [Apache License 2.0](LICENSE) © File Browser Contributors
 # Work in progress: metadata modifier
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -12,7 +12,9 @@ currently being supported with security updates.
 ## Reporting a Vulnerability
-Vulnerabilities should be reported to filebrowser@googlegroups.com - which is a private, maintainer-only group. Maintainers will attempt to respond to/confirm reports within 2-3 days, but if you believe your report to be "critical" to user safety and security, please note as such in the subject. We have tens of thousands of users using our software, and take security vulnerabilities seriously.
+Vulnerabilities with critical impact should be reported on the [Security](https://github.com/filebrowser/filebrowser/security) page of this repository, which is a private way of communicating vulnerabilities to maintainers. This project is in maintenance-only mode and it can take a while until someone gets back to you.
 If it is not a critical vulnerability, please open an issue and we will categorize it as a security issue. By giving visibility, we can get more help from the community at fixing such issues.
 When reporting an issue, where possible, please provide at least:
@@ -21,6 +23,4 @@ When reporting an issue, where possible, please provide at least:
 * Steps to reproduce
 * Your recommended remediation(s), if any.
-The FileBrowser team is a volunteer-only effort, and may reach back out for clarification.
+The File Browser team is a volunteer-only effort, and may reach back out for clarification.
 > Note: Please do not open public issues for security issues, as GitHub does not provide facility for private issues, and deleting the issue makes it hard to triage/respond back to the reporter.
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -0,0 +1,83 @@
 version: '3'
 vars:
  SITE_DOCKER_FLAGS: >-
    -v ./www:/docs
    -v ./LICENSE:/docs/docs/LICENSE
    -v ./SECURITY.md:/docs/docs/security.md
    -v ./CHANGELOG.md:/docs/docs/changelog.md
    -v ./CODE-OF-CONDUCT.md:/docs/docs/code-of-conduct.md
    -v ./CONTRIBUTING.md:/docs/docs/contributing.md
 tasks:
  build:frontend:
    desc: Build frontend assets
    dir: frontend
    cmds:
      - pnpm install --frozen-lockfile
      - pnpm run build
  build:backend:
    desc: Build backend binary
    cmds:
      - go build -ldflags='-s -w -X "github.com/filebrowser/filebrowser/v2/version.Version={{.VERSION}}" -X "github.com/filebrowser/filebrowser/v2/version.CommitSHA={{.GIT_COMMIT}}"' -o filebrowser .
    vars:
      GIT_COMMIT:
        sh: git log -n 1 --format=%h
      VERSION:
        sh: git describe --tags --abbrev=0 --match=v* | cut -c 2-
  build:
    desc: Build both frontend and backend
    cmds:
      - task: build:frontend
      - task: build:backend
  release:make:
    internal: true
    prompt: Do you wish to proceed?
    cmds:
      - pnpm dlx commit-and-tag-version -s
  release:dry-run:
    internal: true
    cmds:
      - pnpm dlx commit-and-tag-version --dry-run --skip
  release:
    desc: Create a new release
    cmds:
      - task: docs:cli:generate
      - git add www/docs/cli
      - |
        if [[ `git status www/docs/cli --porcelain` ]]; then
          git commit -m 'chore(docs): update CLI documentation'
        fi
      - task: release:dry-run
      - task: release:make
  docs:cli:generate:
    cmds:
      - rm -rf www/docs/cli
      - mkdir -p www/docs/cli
      - go run . docs
    generates:
      - www/docs/cli
  docs:docker:generate:
    internal: true
    cmds: 
      - docker build -f www/Dockerfile --progress=plain -t filebrowser.site www
  docs:
    desc: Generate documentation
    cmds:
      - rm -rf www/public
      - task: docs:docker:generate
      - docker run --rm {{.SITE_DOCKER_FLAGS}} filebrowser.site build -d "public"
  docs:serve:
    desc: Serve documentation
    cmds:
      - task: docs:docker:generate
      - docker run --rm -it -p 8000:8000 {{.SITE_DOCKER_FLAGS}} filebrowser.site
--- a/auth/hook.go
+++ b/auth/hook.go
@@ -2,14 +2,16 @@ package auth
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"log"
 	"net/http"
 	"os"
 	"os/exec"
 	"slices"
 	"strings"
-	"github.com/filebrowser/filebrowser/v2/errors"
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/files"
 	"github.com/filebrowser/filebrowser/v2/settings"
 	"github.com/filebrowser/filebrowser/v2/users"
@@ -101,7 +103,7 @@ func (a *HookAuth) RunCommand() (string, error) {
 		command[i] = os.Expand(arg, envMapping)
 	}
-	cmd := exec.Command(command[0], command[1:]...) //nolint:gosec
+	cmd := exec.Command(command[0], command[1:]...)
 	cmd.Env = append(os.Environ(), fmt.Sprintf("USERNAME=%s", a.Cred.Username))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PASSWORD=%s", a.Cred.Password))
 	out, err := cmd.Output()
@@ -122,11 +124,11 @@ func (a *HookAuth) GetValues(s string) {
 	s = strings.ReplaceAll(s, "\r\n", "\n")
 	// iterate input lines
-	for _, val := range strings.Split(s, "\n") {
+	for val := range strings.Lines(s) {
-		v := strings.SplitN(val, "=", 2) //nolint: gomnd
+		v := strings.SplitN(val, "=", 2)
 		// skips non key and value format
-		if len(v) != 2 { //nolint: gomnd
+		if len(v) != 2 {
 			continue
 		}
@@ -144,28 +146,29 @@ func (a *HookAuth) GetValues(s string) {
 // SaveUser updates the existing user or creates a new one when not found
 func (a *HookAuth) SaveUser() (*users.User, error) {
 	u, err := a.Users.Get(a.Server.Root, a.Cred.Username)
-	if err != nil && err != errors.ErrNotExist {
+	if err != nil && !errors.Is(err, fberrors.ErrNotExist) {
 		return nil, err
 	}
 	if u == nil {
-		pass, err := users.HashPwd(a.Cred.Password)
+		pass, err := users.ValidateAndHashPwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
 		if err != nil {
 			return nil, err
 		}
 		// create user with the provided credentials
 		d := &users.User{
-			Username:     a.Cred.Username,
+			Username:              a.Cred.Username,
-			Password:     pass,
+			Password:              pass,
-			Scope:        a.Settings.Defaults.Scope,
+			Scope:                 a.Settings.Defaults.Scope,
-			Locale:       a.Settings.Defaults.Locale,
+			Locale:                a.Settings.Defaults.Locale,
-			ViewMode:     a.Settings.Defaults.ViewMode,
+			ViewMode:              a.Settings.Defaults.ViewMode,
-			SingleClick:  a.Settings.Defaults.SingleClick,
+			SingleClick:           a.Settings.Defaults.SingleClick,
-			Sorting:      a.Settings.Defaults.Sorting,
+			RedirectAfterCopyMove: a.Settings.Defaults.RedirectAfterCopyMove,
-			Perm:         a.Settings.Defaults.Perm,
+			Sorting:               a.Settings.Defaults.Sorting,
-			Commands:     a.Settings.Defaults.Commands,
+			Perm:                  a.Settings.Defaults.Perm,
-			HideDotfiles: a.Settings.Defaults.HideDotfiles,
+			Commands:              a.Settings.Defaults.Commands,
 			HideDotfiles:          a.Settings.Defaults.HideDotfiles,
 		}
 		u = a.GetUser(d)
@@ -185,7 +188,7 @@ func (a *HookAuth) SaveUser() (*users.User, error) {
 		// update the password when it doesn't match the current
 		if p {
-			pass, err := users.HashPwd(a.Cred.Password)
+			pass, err := users.ValidateAndHashPwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
 			if err != nil {
 				return nil, err
 			}
@@ -217,13 +220,14 @@ func (a *HookAuth) GetUser(d *users.User) *users.User {
 		Download: isAdmin || a.Fields.GetBoolean("user.perm.download", d.Perm.Download),
 	}
 	user := users.User{
-		ID:          d.ID,
+		ID:                    d.ID,
-		Username:    d.Username,
+		Username:              d.Username,
-		Password:    d.Password,
+		Password:              d.Password,
-		Scope:       a.Fields.GetString("user.scope", d.Scope),
+		Scope:                 a.Fields.GetString("user.scope", d.Scope),
-		Locale:      a.Fields.GetString("user.locale", d.Locale),
+		Locale:                a.Fields.GetString("user.locale", d.Locale),
-		ViewMode:    users.ViewMode(a.Fields.GetString("user.viewMode", string(d.ViewMode))),
+		ViewMode:              users.ViewMode(a.Fields.GetString("user.viewMode", string(d.ViewMode))),
-		SingleClick: a.Fields.GetBoolean("user.singleClick", d.SingleClick),
+		SingleClick:           a.Fields.GetBoolean("user.singleClick", d.SingleClick),
 		RedirectAfterCopyMove: a.Fields.GetBoolean("user.redirectAfterCopyMove", d.RedirectAfterCopyMove),
 		Sorting: files.Sorting{
 			Asc: a.Fields.GetBoolean("user.sorting.asc", d.Sorting.Asc),
 			By:  a.Fields.GetString("user.sorting.by", d.Sorting.By),
@@ -249,6 +253,7 @@ var validHookFields = []string{
 	"user.locale",
 	"user.viewMode",
 	"user.singleClick",
 	"user.redirectAfterCopyMove",
 	"user.sorting.by",
 	"user.sorting.asc",
 	"user.commands",
@@ -265,13 +270,7 @@ var validHookFields = []string{
 // IsValid checks if the provided field is on the valid fields list
 func (hf *hookFields) IsValid(field string) bool {
-	for _, val := range validHookFields {
+	return slices.Contains(validHookFields, field)
 		if field == val {
 			return true
 		}
 	}
 	return false
 }
 // GetString returns the string value or provided default
--- a/auth/json.go
+++ b/auth/json.go
@@ -14,6 +14,10 @@ import (
 // MethodJSONAuth is used to identify json auth.
 const MethodJSONAuth settings.AuthMethod = "json"
 // dummyHash is used to prevent user enumeration timing attacks.
 // It MUST be a valid bcrypt hash.
 const dummyHash = "$2a$10$O4mEMeOL/nit6zqe.WQXauLRbRlzb3IgLHsa26Pf0N/GiU9b.wK1m"
 type jsonCred struct {
 	Password  string `json:"password"`
 	Username  string `json:"username"`
@@ -26,7 +30,7 @@ type JSONAuth struct {
 }
 // Auth authenticates the user via a json in content body.
-func (a JSONAuth) Auth(r *http.Request, usr users.Store, stg *settings.Settings, srv *settings.Server) (*users.User, error) {
+func (a JSONAuth) Auth(r *http.Request, usr users.Store, _ *settings.Settings, srv *settings.Server) (*users.User, error) {
 	var cred jsonCred
 	if r.Body == nil {
@@ -39,8 +43,8 @@ func (a JSONAuth) Auth(r *http.Request, usr users.Store, stg *settings.Settings,
 	}
 	// If ReCaptcha is enabled, check the code.
-	if a.ReCaptcha != nil && len(a.ReCaptcha.Secret) > 0 {
+	if a.ReCaptcha != nil && a.ReCaptcha.Secret != "" {
-		ok, err := a.ReCaptcha.Ok(cred.ReCaptcha) //nolint:govet
+		ok, err := a.ReCaptcha.Ok(cred.ReCaptcha)
 		if err != nil {
 			return nil, err
@@ -52,7 +56,17 @@ func (a JSONAuth) Auth(r *http.Request, usr users.Store, stg *settings.Settings,
 	}
 	u, err := usr.Get(srv.Root, cred.Username)
-	if err != nil || !users.CheckPwd(cred.Password, u.Password) {
+
 	hash := dummyHash
 	if err == nil {
 		hash = u.Password
 	}
 	if !users.CheckPwd(cred.Password, hash) {
 		return nil, os.ErrPermission
 	}
 	if err != nil {
 		return nil, os.ErrPermission
 	}
--- a/auth/none.go
+++ b/auth/none.go
@@ -14,7 +14,7 @@ const MethodNoAuth settings.AuthMethod = "noauth"
 type NoAuth struct{}
 // Auth uses authenticates user 1.
-func (a NoAuth) Auth(r *http.Request, usr users.Store, stg *settings.Settings, srv *settings.Server) (*users.User, error) {
+func (a NoAuth) Auth(_ *http.Request, usr users.Store, _ *settings.Settings, srv *settings.Server) (*users.User, error) {
 	return usr.Get(srv.Root, uint(1))
 }
--- a/auth/proxy.go
+++ b/auth/proxy.go
@@ -1,10 +1,10 @@
 package auth
 import (
 	"errors"
 	"net/http"
 	"os"
-	"github.com/filebrowser/filebrowser/v2/errors"
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/settings"
 	"github.com/filebrowser/filebrowser/v2/users"
 )
@@ -18,14 +18,48 @@ type ProxyAuth struct {
 }
 // Auth authenticates the user via an HTTP header.
-func (a ProxyAuth) Auth(r *http.Request, usr users.Store, stg *settings.Settings, srv *settings.Server) (*users.User, error) {
+func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Settings, srv *settings.Server) (*users.User, error) {
 	username := r.Header.Get(a.Header)
 	user, err := usr.Get(srv.Root, username)
-	if err == errors.ErrNotExist {
+	if errors.Is(err, fberrors.ErrNotExist) {
-		return nil, os.ErrPermission
+		return a.createUser(usr, setting, srv, username)
 	}
 	return user, err
 }
 func (a ProxyAuth) createUser(usr users.Store, setting *settings.Settings, srv *settings.Server, username string) (*users.User, error) {
 	const randomPasswordLength = settings.DefaultMinimumPasswordLength + 10
 	pwd, err := users.RandomPwd(randomPasswordLength)
 	if err != nil {
 		return nil, err
 	}
-	return user, err
+	var hashedRandomPassword string
 	hashedRandomPassword, err = users.ValidateAndHashPwd(pwd, setting.MinimumPasswordLength)
 	if err != nil {
 		return nil, err
 	}
 	user := &users.User{
 		Username:     username,
 		Password:     hashedRandomPassword,
 		LockPassword: true,
 	}
 	setting.Defaults.Apply(user)
 	var userHome string
 	userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root)
 	if err != nil {
 		return nil, err
 	}
 	user.Scope = userHome
 	err = usr.Save(user)
 	if err != nil {
 		return nil, err
 	}
 	return user, nil
 }
 // LoginPage tells that proxy auth doesn't require a login page.
--- a/branding/banner.png
+++ b/branding/banner.png
--- a/branding/banner.svg
+++ b/branding/banner.svg
--- a/branding/icon.png
+++ b/branding/icon.png
--- a/branding/icon.svg
+++ b/branding/icon.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="700" height="700" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" image-rendering="optimizeQuality" fill-rule="evenodd" clip-rule="evenodd"><defs><style>.prefix__fil1{fill:#fefefe}.prefix__fil6{fill:#006498}.prefix__fil5{fill:#bdeaff}</style></defs><g id="prefix__Layer_x0020_1"><path d="M80 0h540c44 0 80 36 80 80v540c0 44-36 80-80 80H80c-44 0-80-36-80-80V80C0 36 36 0 80 0z" fill="#455a64"/><path class="prefix__fil1" d="M350 71c154 0 279 125 279 279S504 629 350 629 71 504 71 350 196 71 350 71z"/><path d="M475 236l118 151c3 116-149 252-292 198l-76-99 114-156s138-95 136-94z" fill="#332c2b" fill-opacity=".149"/><path d="M231 211h208l38 24v246c0 5-3 8-8 8H231c-5 0-8-3-8-8V219c0-5 3-8 8-8z" fill="#2bbcff"/><path d="M231 211h208l38 24v2l-37-23H231c-4 0-7 3-7 7v263c-1-1-1-2-1-3V219c0-5 3-8 8-8z" fill="#53c6fc"/><path class="prefix__fil5" d="M305 212h113v98H305zM255 363h189c3 0 5 2 5 4v116H250V367c0-2 2-4 5-4z"/><path class="prefix__fil6" d="M250 470h199v13H250zM380 226h10c3 0 6 2 6 5v40c0 3-3 6-6 6h-10c-3 0-6-3-6-6v-40c0-3 3-5 6-5z"/><path class="prefix__fil1" d="M254 226c10 0 17 7 17 17 0 9-7 16-17 16-9 0-17-7-17-16 0-10 8-17 17-17z"/><path class="prefix__fil6" d="M267 448h165c2 0 3 1 3 3 0 1-1 3-3 3H267c-2 0-3-2-3-3 0-2 1-3 3-3zM267 415h165c2 0 3 1 3 3 0 1-1 2-3 2H267c-2 0-3-1-3-2 0-2 1-3 3-3zM267 381h165c2 0 3 2 3 3 0 2-1 3-3 3H267c-2 0-3-1-3-3 0-1 1-3 3-3z"/><path class="prefix__fil1" d="M236 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5zM463 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5z"/><path class="prefix__fil6" d="M305 212h-21v98h21z"/><path d="M477 479v2c0 5-3 8-8 8H231c-5 0-8-3-8-8v-2c0 4 3 8 8 8h238c5 0 8-4 8-8z" fill="#0ea5eb"/><path d="M350 70c155 0 280 125 280 280S505 630 350 630 70 505 70 350 195 70 350 70zm0 46c129 0 234 105 234 234S479 584 350 584 116 479 116 350s105-234 234-234z" fill="#2979ff"/></g></svg>
--- a/branding/logo.png
+++ b/branding/logo.png
--- a/branding/logo.svg
+++ b/branding/logo.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" width="560" height="560" version="1.1" id="prefix__svg44" clip-rule="evenodd" fill-rule="evenodd" image-rendering="optimizeQuality" shape-rendering="geometricPrecision" text-rendering="geometricPrecision"><defs id="prefix__defs4"><style type="text/css" id="style2">.prefix__fil1{fill:#fefefe}.prefix__fil6{fill:#006498}.prefix__fil5{fill:#bdeaff}</style></defs><g id="prefix__g85" transform="translate(-70 -70)"><path class="prefix__fil1" d="M350 71c154 0 279 125 279 279S504 629 350 629 71 504 71 350 196 71 350 71z" id="prefix__path9" fill="#fefefe"/><path d="M475 236l118 151c3 116-149 252-292 198l-76-99 114-156s138-95 136-94z" id="prefix__path11" fill="#332c2b" fill-opacity=".149"/><path d="M231 211h208l38 24v246c0 5-3 8-8 8H231c-5 0-8-3-8-8V219c0-5 3-8 8-8z" id="prefix__path13" fill="#2bbcff"/><path d="M231 211h208l38 24v2l-37-23H231c-4 0-7 3-7 7v263c-1-1-1-2-1-3V219c0-5 3-8 8-8z" id="prefix__path15" fill="#53c6fc"/><path class="prefix__fil5" id="prefix__polygon17" fill="#bdeaff" d="M305 212h113v98H305z"/><path class="prefix__fil5" d="M255 363h189c3 0 5 2 5 4v116H250V367c0-2 2-4 5-4z" id="prefix__path19" fill="#bdeaff"/><path class="prefix__fil6" id="prefix__polygon21" fill="#006498" d="M250 470h199v13H250z"/><path class="prefix__fil6" d="M380 226h10c3 0 6 2 6 5v40c0 3-3 6-6 6h-10c-3 0-6-3-6-6v-40c0-3 3-5 6-5z" id="prefix__path23" fill="#006498"/><path class="prefix__fil1" d="M254 226c10 0 17 7 17 17 0 9-7 16-17 16-9 0-17-7-17-16 0-10 8-17 17-17z" id="prefix__path25" fill="#fefefe"/><path class="prefix__fil6" d="M267 448h165c2 0 3 1 3 3 0 1-1 3-3 3H267c-2 0-3-2-3-3 0-2 1-3 3-3z" id="prefix__path27" fill="#006498"/><path class="prefix__fil6" d="M267 415h165c2 0 3 1 3 3 0 1-1 2-3 2H267c-2 0-3-1-3-2 0-2 1-3 3-3z" id="prefix__path29" fill="#006498"/><path class="prefix__fil6" d="M267 381h165c2 0 3 2 3 3 0 2-1 3-3 3H267c-2 0-3-1-3-3 0-1 1-3 3-3z" id="prefix__path31" fill="#006498"/><path class="prefix__fil1" d="M236 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5z" id="prefix__path33" fill="#fefefe"/><path class="prefix__fil1" d="M463 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5z" id="prefix__path35" fill="#fefefe"/><path class="prefix__fil6" id="prefix__polygon37" fill="#006498" d="M305 212h-21v98h21z"/><path d="M477 479v2c0 5-3 8-8 8H231c-5 0-8-3-8-8v-2c0 4 3 8 8 8h238c5 0 8-4 8-8z" id="prefix__path39" fill="#0ea5eb"/><path d="M350 70c155 0 280 125 280 280S505 630 350 630 70 505 70 350 195 70 350 70zm0 46c129 0 234 105 234 234S479 584 350 584 116 479 116 350s105-234 234-234z" id="prefix__path41" fill="#2979ff"/></g></svg>
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -1,12 +1,6 @@
 package cmd
 import (
 	"log"
 )
 // Execute executes the commands.
-func Execute() {
+func Execute() error {
-	if err := rootCmd.Execute(); err != nil {
+	return rootCmd.Execute()
 		log.Fatal(err)
 	}
 }
--- a/cmd/cmd_test.go
+++ b/cmd/cmd_test.go
@@ -0,0 +1,35 @@
 package cmd
 import (
 	"testing"
 	"github.com/samber/lo"
 	"github.com/spf13/cobra"
 )
 // TestEnvCollisions ensures that there are no collisions in the produced environment
 // variable names for all commands and their flags.
 func TestEnvCollisions(t *testing.T) {
 	testEnvCollisions(t, rootCmd)
 }
 func testEnvCollisions(t *testing.T, cmd *cobra.Command) {
 	for _, cmd := range cmd.Commands() {
 		testEnvCollisions(t, cmd)
 	}
 	replacements := generateEnvKeyReplacements(cmd)
 	envVariables := []string{}
 	for i := range replacements {
 		if i%2 != 0 {
 			envVariables = append(envVariables, replacements[i])
 		}
 	}
 	duplicates := lo.FindDuplicates(envVariables)
 	if len(duplicates) > 0 {
 		t.Errorf("Found duplicate environment variable keys for command %q: %v", cmd.Name(), duplicates)
 	}
 }
--- a/cmd/cmds_add.go
+++ b/cmd/cmds_add.go
@@ -14,14 +14,19 @@ var cmdsAddCmd = &cobra.Command{
 	Use:   "add <event> <command>",
 	Short: "Add a command to run on a specific event",
 	Long:  `Add a command to run on a specific event.`,
-	Args:  cobra.MinimumNArgs(2), //nolint:gomnd
+	Args:  cobra.MinimumNArgs(2),
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
-		s, err := d.store.Settings.Get()
+		s, err := st.Settings.Get()
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		command := strings.Join(args[1:], " ")
 		s.Commands[args[0]] = append(s.Commands[args[0]], command)
-		err = d.store.Settings.Save(s)
+		err = st.Settings.Save(s)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		printEvents(s.Commands)
-	}, pythonConfig{}),
+		return nil
 	}, storeOptions{}),
 }
--- a/cmd/cmds_ls.go
+++ b/cmd/cmds_ls.go
@@ -14,10 +14,16 @@ var cmdsLsCmd = &cobra.Command{
 	Short: "List all commands for each event",
 	Long:  `List all commands for each event.`,
 	Args:  cobra.NoArgs,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
-		s, err := d.store.Settings.Get()
+		s, err := st.Settings.Get()
-		checkErr(err)
+		if err != nil {
-		evt := mustGetString(cmd.Flags(), "event")
+			return err
 		}
 		evt, err := cmd.Flags().GetString("event")
 		if err != nil {
 			return err
 		}
 		if evt == "" {
 			printEvents(s.Commands)
@@ -27,5 +33,7 @@ var cmdsLsCmd = &cobra.Command{
 			show["after_"+evt] = s.Commands["after_"+evt]
 			printEvents(show)
 		}
-	}, pythonConfig{}),
+
 		return nil
 	}, storeOptions{}),
 }
--- a/cmd/cmds_rm.go
+++ b/cmd/cmds_rm.go
@@ -23,7 +23,7 @@ You can also specify an optional parameter (index_end) so
 you can remove all commands from 'index' to 'index_end',
 including 'index_end'.`,
 	Args: func(cmd *cobra.Command, args []string) error {
-		if err := cobra.RangeArgs(2, 3)(cmd, args); err != nil { //nolint:gomnd
+		if err := cobra.RangeArgs(2, 3)(cmd, args); err != nil {
 			return err
 		}
@@ -35,22 +35,31 @@ including 'index_end'.`,
 		return nil
 	},
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
-		s, err := d.store.Settings.Get()
+		s, err := st.Settings.Get()
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		evt := args[0]
 		i, err := strconv.Atoi(args[1])
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		f := i
-		if len(args) == 3 { //nolint:gomnd
+		if len(args) == 3 {
 			f, err = strconv.Atoi(args[2])
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 		}
 		s.Commands[evt] = append(s.Commands[evt][:i], s.Commands[evt][f+1:]...)
-		err = d.store.Settings.Save(s)
+		err = st.Settings.Save(s)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		printEvents(s.Commands)
-	}, pythonConfig{}),
+		return nil
 	}, storeOptions{}),
 }
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -2,7 +2,7 @@ package cmd
 import (
 	"encoding/json"
-	nerrors "errors"
+	"errors"
 	"fmt"
 	"os"
 	"strings"
@@ -12,7 +12,7 @@ import (
 	"github.com/spf13/pflag"
 	"github.com/filebrowser/filebrowser/v2/auth"
-	"github.com/filebrowser/filebrowser/v2/errors"
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/settings"
 )
@@ -30,27 +30,44 @@ var configCmd = &cobra.Command{
 func addConfigFlags(flags *pflag.FlagSet) {
 	addServerFlags(flags)
 	addUserFlags(flags)
 	flags.BoolP("signup", "s", false, "allow users to signup")
 	flags.Bool("hideLoginButton", false, "hide login button from public pages")
 	flags.Bool("createUserDir", false, "generate user's home directory automatically")
 	flags.Uint("minimumPasswordLength", settings.DefaultMinimumPasswordLength, "minimum password length for new users")
 	flags.String("shell", "", "shell command to which other commands should be appended")
 	// NB: these are string so they can be presented as octal in the help text
 	// as that's the conventional representation for modes in Unix.
 	flags.String("fileMode", fmt.Sprintf("%O", settings.DefaultFileMode), "mode bits that new files are created with")
 	flags.String("dirMode", fmt.Sprintf("%O", settings.DefaultDirMode), "mode bits that new directories are created with")
 	flags.String("auth.method", string(auth.MethodJSONAuth), "authentication type")
 	flags.String("auth.header", "", "HTTP header for auth.method=proxy")
 	flags.String("auth.command", "", "command for auth.method=hook")
 	flags.String("auth.logoutPage", "", "url of custom logout page")
 	flags.String("recaptcha.host", "https://www.google.com", "use another host for ReCAPTCHA. recaptcha.net might be useful in China")
 	flags.String("recaptcha.key", "", "ReCaptcha site key")
 	flags.String("recaptcha.secret", "", "ReCaptcha secret")
 	flags.String("branding.name", "", "replace 'File Browser' by this name")
 	flags.String("branding.theme", "", "set the theme")
 	flags.String("branding.color", "", "set the theme color")
 	flags.String("branding.files", "", "path to directory with images and custom styles")
 	flags.Bool("branding.disableExternal", false, "disable external links such as GitHub links")
 	flags.Bool("branding.disableUsedPercentage", false, "disable used disk percentage graph")
 	flags.Uint64("tus.chunkSize", settings.DefaultTusChunkSize, "the tus chunk size")
 	flags.Uint16("tus.retryCount", settings.DefaultTusRetryCount, "the tus retry count")
 }
-//nolint:gocyclo
+func getAuthMethod(flags *pflag.FlagSet, defaults ...interface{}) (settings.AuthMethod, map[string]interface{}, error) {
-func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.AuthMethod, auth.Auther) {
+	methodStr, err := flags.GetString("auth.method")
-	method := settings.AuthMethod(mustGetString(flags, "auth.method"))
+	if err != nil {
 		return "", nil, err
 	}
 	method := settings.AuthMethod(methodStr)
 	var defaultAuther map[string]interface{}
 	if len(defaults) > 0 {
@@ -61,95 +78,143 @@ func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.
 					method = def.AuthMethod
 				case auth.Auther:
 					ms, err := json.Marshal(def)
-					checkErr(err)
+					if err != nil {
 						return "", nil, err
 					}
 					err = json.Unmarshal(ms, &defaultAuther)
-					checkErr(err)
+					if err != nil {
 						return "", nil, err
 					}
 				}
 			}
 		}
 	}
-	var auther auth.Auther
+	return method, defaultAuther, nil
 	if method == auth.MethodProxyAuth {
 		header := mustGetString(flags, "auth.header")
 		if header == "" {
 			header = defaultAuther["header"].(string)
 		}
 		if header == "" {
 			checkErr(nerrors.New("you must set the flag 'auth.header' for method 'proxy'"))
 		}
 		auther = &auth.ProxyAuth{Header: header}
 	}
 	if method == auth.MethodNoAuth {
 		auther = &auth.NoAuth{}
 	}
 	if method == auth.MethodJSONAuth {
 		jsonAuth := &auth.JSONAuth{}
 		host := mustGetString(flags, "recaptcha.host")
 		key := mustGetString(flags, "recaptcha.key")
 		secret := mustGetString(flags, "recaptcha.secret")
 		if key == "" {
 			if kmap, ok := defaultAuther["recaptcha"].(map[string]interface{}); ok {
 				key = kmap["key"].(string)
 			}
 		}
 		if secret == "" {
 			if smap, ok := defaultAuther["recaptcha"].(map[string]interface{}); ok {
 				secret = smap["secret"].(string)
 			}
 		}
 		if key != "" && secret != "" {
 			jsonAuth.ReCaptcha = &auth.ReCaptcha{
 				Host:   host,
 				Key:    key,
 				Secret: secret,
 			}
 		}
 		auther = jsonAuth
 	}
 	if method == auth.MethodHookAuth {
 		command := mustGetString(flags, "auth.command")
 		if command == "" {
 			command = defaultAuther["command"].(string)
 		}
 		if command == "" {
 			checkErr(nerrors.New("you must set the flag 'auth.command' for method 'hook'"))
 		}
 		auther = &auth.HookAuth{Command: command}
 	}
 	if auther == nil {
 		panic(errors.ErrInvalidAuthMethod)
 	}
 	return method, auther
 }
-func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Auther) {
+func getProxyAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
-	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) //nolint:gomnd
+	header, err := flags.GetString("auth.header")
 	if err != nil {
 		return nil, err
 	}
 	if header == "" && defaultAuther != nil {
 		header = defaultAuther["header"].(string)
 	}
 	if header == "" {
 		return nil, errors.New("you must set the flag 'auth.header' for method 'proxy'")
 	}
 	return &auth.ProxyAuth{Header: header}, nil
 }
 func getNoAuth() auth.Auther {
 	return &auth.NoAuth{}
 }
 func getJSONAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
 	jsonAuth := &auth.JSONAuth{}
 	host, err := flags.GetString("recaptcha.host")
 	if err != nil {
 		return nil, err
 	}
 	key, err := flags.GetString("recaptcha.key")
 	if err != nil {
 		return nil, err
 	}
 	secret, err := flags.GetString("recaptcha.secret")
 	if err != nil {
 		return nil, err
 	}
 	if key == "" {
 		if kmap, ok := defaultAuther["recaptcha"].(map[string]interface{}); ok {
 			key = kmap["key"].(string)
 		}
 	}
 	if secret == "" {
 		if smap, ok := defaultAuther["recaptcha"].(map[string]interface{}); ok {
 			secret = smap["secret"].(string)
 		}
 	}
 	if key != "" && secret != "" {
 		jsonAuth.ReCaptcha = &auth.ReCaptcha{
 			Host:   host,
 			Key:    key,
 			Secret: secret,
 		}
 	}
 	return jsonAuth, nil
 }
 func getHookAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
 	command, err := flags.GetString("auth.command")
 	if err != nil {
 		return nil, err
 	}
 	if command == "" {
 		command = defaultAuther["command"].(string)
 	}
 	if command == "" {
 		return nil, errors.New("you must set the flag 'auth.command' for method 'hook'")
 	}
 	return &auth.HookAuth{Command: command}, nil
 }
 func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.AuthMethod, auth.Auther, error) {
 	method, defaultAuther, err := getAuthMethod(flags, defaults...)
 	if err != nil {
 		return "", nil, err
 	}
 	var auther auth.Auther
 	switch method {
 	case auth.MethodProxyAuth:
 		auther, err = getProxyAuth(flags, defaultAuther)
 	case auth.MethodNoAuth:
 		auther = getNoAuth()
 	case auth.MethodJSONAuth:
 		auther, err = getJSONAuth(flags, defaultAuther)
 	case auth.MethodHookAuth:
 		auther, err = getHookAuth(flags, defaultAuther)
 	default:
 		return "", nil, fberrors.ErrInvalidAuthMethod
 	}
 	if err != nil {
 		return "", nil, err
 	}
 	return method, auther, nil
 }
 func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Auther) error {
 	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
 	fmt.Fprintf(w, "Sign up:\t%t\n", set.Signup)
 	fmt.Fprintf(w, "Hide Login Button:\t%t\n", set.HideLoginButton)
 	fmt.Fprintf(w, "Create User Dir:\t%t\n", set.CreateUserDir)
-	fmt.Fprintf(w, "Auth method:\t%s\n", set.AuthMethod)
+	fmt.Fprintf(w, "Logout Page:\t%s\n", set.LogoutPage)
 	fmt.Fprintf(w, "Minimum Password Length:\t%d\n", set.MinimumPasswordLength)
 	fmt.Fprintf(w, "Auth Method:\t%s\n", set.AuthMethod)
 	fmt.Fprintf(w, "Shell:\t%s\t\n", strings.Join(set.Shell, " "))
 	fmt.Fprintln(w, "\nBranding:")
 	fmt.Fprintf(w, "\tName:\t%s\n", set.Branding.Name)
 	fmt.Fprintf(w, "\tFiles override:\t%s\n", set.Branding.Files)
 	fmt.Fprintf(w, "\tDisable external links:\t%t\n", set.Branding.DisableExternal)
 	fmt.Fprintf(w, "\tDisable used disk percentage graph:\t%t\n", set.Branding.DisableUsedPercentage)
 	fmt.Fprintf(w, "\tColor:\t%s\n", set.Branding.Color)
 	fmt.Fprintf(w, "\tTheme:\t%s\n", set.Branding.Theme)
 	fmt.Fprintln(w, "\nServer:")
 	fmt.Fprintf(w, "\tLog:\t%s\n", ser.Log)
 	fmt.Fprintf(w, "\tPort:\t%s\n", ser.Port)
@@ -159,16 +224,32 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Fprintf(w, "\tAddress:\t%s\n", ser.Address)
 	fmt.Fprintf(w, "\tTLS Cert:\t%s\n", ser.TLSCert)
 	fmt.Fprintf(w, "\tTLS Key:\t%s\n", ser.TLSKey)
 	fmt.Fprintf(w, "\tToken Expiration Time:\t%s\n", ser.TokenExpirationTime)
 	fmt.Fprintf(w, "\tExec Enabled:\t%t\n", ser.EnableExec)
 	fmt.Fprintf(w, "\tThumbnails Enabled:\t%t\n", ser.EnableThumbnails)
 	fmt.Fprintf(w, "\tResize Preview:\t%t\n", ser.ResizePreview)
 	fmt.Fprintf(w, "\tType Detection by Header:\t%t\n", ser.TypeDetectionByHeader)
 	fmt.Fprintln(w, "\nTUS:")
 	fmt.Fprintf(w, "\tChunk size:\t%d\n", set.Tus.ChunkSize)
 	fmt.Fprintf(w, "\tRetry count:\t%d\n", set.Tus.RetryCount)
 	fmt.Fprintln(w, "\nDefaults:")
 	fmt.Fprintf(w, "\tScope:\t%s\n", set.Defaults.Scope)
 	fmt.Fprintf(w, "\tHideDotfiles:\t%t\n", set.Defaults.HideDotfiles)
 	fmt.Fprintf(w, "\tLocale:\t%s\n", set.Defaults.Locale)
 	fmt.Fprintf(w, "\tView mode:\t%s\n", set.Defaults.ViewMode)
 	fmt.Fprintf(w, "\tSingle Click:\t%t\n", set.Defaults.SingleClick)
 	fmt.Fprintf(w, "\tRedirect after Copy/Move:\t%t\n", set.Defaults.RedirectAfterCopyMove)
 	fmt.Fprintf(w, "\tFile Creation Mode:\t%O\n", set.FileMode)
 	fmt.Fprintf(w, "\tDirectory Creation Mode:\t%O\n", set.DirMode)
 	fmt.Fprintf(w, "\tCommands:\t%s\n", strings.Join(set.Defaults.Commands, " "))
 	fmt.Fprintf(w, "\tAce editor syntax highlighting theme:\t%s\n", set.Defaults.AceEditorTheme)
 	fmt.Fprintf(w, "\tSorting:\n")
 	fmt.Fprintf(w, "\t\tBy:\t%s\n", set.Defaults.Sorting.By)
 	fmt.Fprintf(w, "\t\tAsc:\t%t\n", set.Defaults.Sorting.Asc)
 	fmt.Fprintf(w, "\tPermissions:\n")
 	fmt.Fprintf(w, "\t\tAdmin:\t%t\n", set.Defaults.Perm.Admin)
 	fmt.Fprintf(w, "\t\tExecute:\t%t\n", set.Defaults.Perm.Execute)
@@ -178,9 +259,133 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Fprintf(w, "\t\tDelete:\t%t\n", set.Defaults.Perm.Delete)
 	fmt.Fprintf(w, "\t\tShare:\t%t\n", set.Defaults.Perm.Share)
 	fmt.Fprintf(w, "\t\tDownload:\t%t\n", set.Defaults.Perm.Download)
 	w.Flush()
 	b, err := json.MarshalIndent(auther, "", "  ")
-	checkErr(err)
+	if err != nil {
 		return err
 	}
 	fmt.Printf("\nAuther configuration (raw):\n\n%s\n\n", string(b))
 	return nil
 }
 func getSettings(flags *pflag.FlagSet, set *settings.Settings, ser *settings.Server, auther auth.Auther, all bool) (auth.Auther, error) {
 	errs := []error{}
 	hasAuth := false
 	visit := func(flag *pflag.Flag) {
 		var err error
 		switch flag.Name {
 		// Server flags from [addServerFlags]
 		case "address":
 			ser.Address, err = flags.GetString(flag.Name)
 		case "log":
 			ser.Log, err = flags.GetString(flag.Name)
 		case "port":
 			ser.Port, err = flags.GetString(flag.Name)
 		case "cert":
 			ser.TLSCert, err = flags.GetString(flag.Name)
 		case "key":
 			ser.TLSKey, err = flags.GetString(flag.Name)
 		case "root":
 			ser.Root, err = flags.GetString(flag.Name)
 		case "socket":
 			ser.Socket, err = flags.GetString(flag.Name)
 		case "baseURL":
 			ser.BaseURL, err = flags.GetString(flag.Name)
 		case "tokenExpirationTime":
 			ser.TokenExpirationTime, err = flags.GetString(flag.Name)
 		case "disableThumbnails":
 			ser.EnableThumbnails, err = flags.GetBool(flag.Name)
 			ser.EnableThumbnails = !ser.EnableThumbnails
 		case "disablePreviewResize":
 			ser.ResizePreview, err = flags.GetBool(flag.Name)
 			ser.ResizePreview = !ser.ResizePreview
 		case "disableExec":
 			ser.EnableExec, err = flags.GetBool(flag.Name)
 			ser.EnableExec = !ser.EnableExec
 		case "disableTypeDetectionByHeader":
 			ser.TypeDetectionByHeader, err = flags.GetBool(flag.Name)
 			ser.TypeDetectionByHeader = !ser.TypeDetectionByHeader
 		case "disableImageResolutionCalc":
 			ser.ImageResolutionCal, err = flags.GetBool(flag.Name)
 			ser.ImageResolutionCal = !ser.ImageResolutionCal
 		// Settings flags from [addConfigFlags]
 		case "signup":
 			set.Signup, err = flags.GetBool(flag.Name)
 		case "hideLoginButton":
 			set.HideLoginButton, err = flags.GetBool(flag.Name)
 		case "createUserDir":
 			set.CreateUserDir, err = flags.GetBool(flag.Name)
 		case "minimumPasswordLength":
 			set.MinimumPasswordLength, err = flags.GetUint(flag.Name)
 		case "shell":
 			var shell string
 			shell, err = flags.GetString(flag.Name)
 			if err == nil {
 				set.Shell = convertCmdStrToCmdArray(shell)
 			}
 		case "fileMode":
 			set.FileMode, err = getAndParseFileMode(flags, flag.Name)
 		case "dirMode":
 			set.DirMode, err = getAndParseFileMode(flags, flag.Name)
 		case "auth.method":
 			hasAuth = true
 		case "auth.logoutPage":
 			set.LogoutPage, err = flags.GetString(flag.Name)
 		case "branding.name":
 			set.Branding.Name, err = flags.GetString(flag.Name)
 		case "branding.theme":
 			set.Branding.Theme, err = flags.GetString(flag.Name)
 		case "branding.color":
 			set.Branding.Color, err = flags.GetString(flag.Name)
 		case "branding.files":
 			set.Branding.Files, err = flags.GetString(flag.Name)
 		case "branding.disableExternal":
 			set.Branding.DisableExternal, err = flags.GetBool(flag.Name)
 		case "branding.disableUsedPercentage":
 			set.Branding.DisableUsedPercentage, err = flags.GetBool(flag.Name)
 		case "tus.chunkSize":
 			set.Tus.ChunkSize, err = flags.GetUint64(flag.Name)
 		case "tus.retryCount":
 			set.Tus.RetryCount, err = flags.GetUint16(flag.Name)
 		}
 		if err != nil {
 			errs = append(errs, err)
 		}
 	}
 	if all {
 		flags.VisitAll(visit)
 	} else {
 		flags.Visit(visit)
 	}
 	err := errors.Join(errs...)
 	if err != nil {
 		return nil, err
 	}
 	err = getUserDefaults(flags, &set.Defaults, all)
 	if err != nil {
 		return nil, err
 	}
 	if all {
 		set.AuthMethod, auther, err = getAuthentication(flags)
 		if err != nil {
 			return nil, err
 		}
 	} else {
 		set.AuthMethod, auther, err = getAuthentication(flags, hasAuth, set, auther)
 		if err != nil {
 			return nil, err
 		}
 	}
 	return auther, nil
 }
--- a/cmd/config_cat.go
+++ b/cmd/config_cat.go
@@ -13,13 +13,19 @@ var configCatCmd = &cobra.Command{
 	Short: "Prints the configuration",
 	Long:  `Prints the configuration.`,
 	Args:  cobra.NoArgs,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(_ *cobra.Command, _ []string, st *store) error {
-		set, err := d.store.Settings.Get()
+		set, err := st.Settings.Get()
-		checkErr(err)
+		if err != nil {
-		ser, err := d.store.Settings.GetServer()
+			return err
-		checkErr(err)
+		}
-		auther, err := d.store.Auth.Get(set.AuthMethod)
+		ser, err := st.Settings.GetServer()
-		checkErr(err)
+		if err != nil {
-		printSettings(ser, set, auther)
+			return err
-	}, pythonConfig{}),
+		}
 		auther, err := st.Auth.Get(set.AuthMethod)
 		if err != nil {
 			return err
 		}
 		return printSettings(ser, set, auther)
 	}, storeOptions{}),
 }
--- a/cmd/config_export.go
+++ b/cmd/config_export.go
@@ -15,15 +15,21 @@ var configExportCmd = &cobra.Command{
 json or yaml file. This exported configuration can be changed,
 and imported again with 'config import' command.`,
 	Args: jsonYamlArg,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
-		settings, err := d.store.Settings.Get()
+		settings, err := st.Settings.Get()
-		checkErr(err)
+		if err != nil {
 			return err
 		}
-		server, err := d.store.Settings.GetServer()
+		server, err := st.Settings.GetServer()
-		checkErr(err)
+		if err != nil {
 			return err
 		}
-		auther, err := d.store.Auth.Get(settings.AuthMethod)
+		auther, err := st.Auth.Get(settings.AuthMethod)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		data := &settingsFile{
 			Settings: settings,
@@ -32,6 +38,9 @@ and imported again with 'config import' command.`,
 		}
 		err = marshal(args[0], data)
-		checkErr(err)
+		if err != nil {
-	}, pythonConfig{}),
+			return err
 		}
 		return nil
 	}, storeOptions{}),
 }
--- a/cmd/config_import.go
+++ b/cmd/config_import.go
@@ -34,61 +34,93 @@ database.
 The path must be for a json or yaml file.`,
 	Args: jsonYamlArg,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
 		var key []byte
-		if d.hadDB {
+		var err error
-			settings, err := d.store.Settings.Get()
+		if st.databaseExisted {
-			checkErr(err)
+			settings, settingErr := st.Settings.Get()
 			if settingErr != nil {
 				return settingErr
 			}
 			key = settings.Key
 		} else {
 			key = generateKey()
 		}
 		file := settingsFile{}
-		err := unmarshal(args[0], &file)
+		err = unmarshal(args[0], &file)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		if file.Settings == nil || file.Server == nil {
 			return errors.New("invalid configuration file: 'settings' or 'server' fields are missing. Please ensure you are importing a file generated by the 'config export' command")
 		}
 		file.Settings.Key = key
-		err = d.store.Settings.Save(file.Settings)
+		err = st.Settings.Save(file.Settings)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
-		err = d.store.Settings.SaveServer(file.Server)
+		err = st.Settings.SaveServer(file.Server)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		var rawAuther interface{}
-		if filepath.Ext(args[0]) != ".json" { //nolint:goconst
+		if filepath.Ext(args[0]) != ".json" {
 			rawAuther = cleanUpInterfaceMap(file.Auther.(map[interface{}]interface{}))
 		} else {
 			rawAuther = file.Auther
 		}
 		var auther auth.Auther
 		var autherErr error
 		switch file.Settings.AuthMethod {
 		case auth.MethodJSONAuth:
-			auther = getAuther(auth.JSONAuth{}, rawAuther).(*auth.JSONAuth)
+			var a interface{}
 			a, autherErr = getAuther(auth.JSONAuth{}, rawAuther)
 			auther = a.(*auth.JSONAuth)
 		case auth.MethodNoAuth:
-			auther = getAuther(auth.NoAuth{}, rawAuther).(*auth.NoAuth)
+			var a interface{}
 			a, autherErr = getAuther(auth.NoAuth{}, rawAuther)
 			auther = a.(*auth.NoAuth)
 		case auth.MethodProxyAuth:
-			auther = getAuther(auth.ProxyAuth{}, rawAuther).(*auth.ProxyAuth)
+			var a interface{}
 			a, autherErr = getAuther(auth.ProxyAuth{}, rawAuther)
 			auther = a.(*auth.ProxyAuth)
 		case auth.MethodHookAuth:
-			auther = getAuther(&auth.HookAuth{}, rawAuther).(*auth.HookAuth)
+			var a interface{}
 			a, autherErr = getAuther(&auth.HookAuth{}, rawAuther)
 			auther = a.(*auth.HookAuth)
 		default:
-			checkErr(errors.New("invalid auth method"))
+			return errors.New("invalid auth method")
 		}
-		err = d.store.Auth.Save(auther)
+		if autherErr != nil {
-		checkErr(err)
+			return autherErr
 		}
-		printSettings(file.Server, file.Settings, auther)
+		err = st.Auth.Save(auther)
-	}, pythonConfig{allowNoDB: true}),
+		if err != nil {
 			return err
 		}
 		return printSettings(file.Server, file.Settings, auther)
 	}, storeOptions{allowsNoDatabase: true}),
 }
-func getAuther(sample auth.Auther, data interface{}) interface{} {
+func getAuther(sample auth.Auther, data interface{}) (interface{}, error) {
 	authType := reflect.TypeOf(sample)
 	auther := reflect.New(authType).Interface()
 	bytes, err := json.Marshal(data)
-	checkErr(err)
+	if err != nil {
 		return nil, err
 	}
 	err = json.Unmarshal(bytes, &auther)
-	checkErr(err)
+	if err != nil {
-	return auther
+		return nil, err
 	}
 	return auther, nil
 }
--- a/cmd/config_init.go
+++ b/cmd/config_init.go
@@ -22,49 +22,40 @@ this options can be changed in the future with the command
 to the defaults when creating new users and you don't
 override the options.`,
 	Args: cobra.NoArgs,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
 		defaults := settings.UserDefaults{}
 		flags := cmd.Flags()
 		getUserDefaults(flags, &defaults, true)
 		authMethod, auther := getAuthentication(flags)
-		s := &settings.Settings{
+		// Initialize config
-			Key:        generateKey(),
+		s := &settings.Settings{Key: generateKey()}
-			Signup:     mustGetBool(flags, "signup"),
+		ser := &settings.Server{}
-			Shell:      convertCmdStrToCmdArray(mustGetString(flags, "shell")),
+
-			AuthMethod: authMethod,
+		// Fill config with options
-			Defaults:   defaults,
+		auther, err := getSettings(flags, s, ser, nil, true)
-			Branding: settings.Branding{
+		if err != nil {
-				Name:                  mustGetString(flags, "branding.name"),
+			return err
 				DisableExternal:       mustGetBool(flags, "branding.disableExternal"),
 				DisableUsedPercentage: mustGetBool(flags, "branding.DisableUsedPercentage"),
 				Files:                 mustGetString(flags, "branding.files"),
 			},
 		}
-		ser := &settings.Server{
+		// Save updated config
-			Address: mustGetString(flags, "address"),
+		err = st.Settings.Save(s)
-			Socket:  mustGetString(flags, "socket"),
+		if err != nil {
-			Root:    mustGetString(flags, "root"),
+			return err
 			BaseURL: mustGetString(flags, "baseurl"),
 			TLSKey:  mustGetString(flags, "key"),
 			TLSCert: mustGetString(flags, "cert"),
 			Port:    mustGetString(flags, "port"),
 			Log:     mustGetString(flags, "log"),
 		}
-		err := d.store.Settings.Save(s)
+		err = st.Settings.SaveServer(ser)
-		checkErr(err)
+		if err != nil {
-		err = d.store.Settings.SaveServer(ser)
+			return err
-		checkErr(err)
+		}
-		err = d.store.Auth.Save(auther)
+
-		checkErr(err)
+		err = st.Auth.Save(auther)
 		if err != nil {
 			return err
 		}
 		fmt.Printf(`
 Congratulations! You've set up your database to use with File Browser.
 Now add your first user via 'filebrowser users add' and then you just
 need to call the main command to boot up the server.
 `)
-		printSettings(ser, s, auther)
+		return printSettings(ser, s, auther)
-	}, pythonConfig{noDB: true}),
+	}, storeOptions{expectsNoDatabase: true}),
 }
--- a/cmd/config_set.go
+++ b/cmd/config_set.go
@@ -2,7 +2,6 @@ package cmd
 import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 )
 func init() {
@@ -16,67 +15,47 @@ var configSetCmd = &cobra.Command{
 	Long: `Updates the configuration. Set the flags for the options
 you want to change. Other options will remain unchanged.`,
 	Args: cobra.NoArgs,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
 		flags := cmd.Flags()
 		set, err := d.store.Settings.Get()
 		checkErr(err)
-		ser, err := d.store.Settings.GetServer()
+		// Read existing config
-		checkErr(err)
+		set, err := st.Settings.Get()
 		if err != nil {
 			return err
 		}
-		hasAuth := false
+		ser, err := st.Settings.GetServer()
-		flags.Visit(func(flag *pflag.Flag) {
+		if err != nil {
-			switch flag.Name {
+			return err
-			case "baseurl":
+		}
 				ser.BaseURL = mustGetString(flags, flag.Name)
 			case "root":
 				ser.Root = mustGetString(flags, flag.Name)
 			case "socket":
 				ser.Socket = mustGetString(flags, flag.Name)
 			case "cert":
 				ser.TLSCert = mustGetString(flags, flag.Name)
 			case "key":
 				ser.TLSKey = mustGetString(flags, flag.Name)
 			case "address":
 				ser.Address = mustGetString(flags, flag.Name)
 			case "port":
 				ser.Port = mustGetString(flags, flag.Name)
 			case "log":
 				ser.Log = mustGetString(flags, flag.Name)
 			case "signup":
 				set.Signup = mustGetBool(flags, flag.Name)
 			case "auth.method":
 				hasAuth = true
 			case "shell":
 				set.Shell = convertCmdStrToCmdArray(mustGetString(flags, flag.Name))
 			case "branding.name":
 				set.Branding.Name = mustGetString(flags, flag.Name)
 			case "branding.color":
 				set.Branding.Color = mustGetString(flags, flag.Name)
 			case "branding.disableExternal":
 				set.Branding.DisableExternal = mustGetBool(flags, flag.Name)
 			case "branding.disableUsedPercentage":
 				set.Branding.DisableUsedPercentage = mustGetBool(flags, flag.Name)
 			case "branding.files":
 				set.Branding.Files = mustGetString(flags, flag.Name)
 			}
 		})
-		getUserDefaults(flags, &set.Defaults, false)
+		auther, err := st.Auth.Get(set.AuthMethod)
 		if err != nil {
 			return err
 		}
-		// read the defaults
+		// Get updated config
-		auther, err := d.store.Auth.Get(set.AuthMethod)
+		auther, err = getSettings(flags, set, ser, auther, false)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
-		// check if there are new flags for existing auth method
+		// Save updated config
-		set.AuthMethod, auther = getAuthentication(flags, hasAuth, set, auther)
+		err = st.Auth.Save(auther)
 		if err != nil {
 			return err
 		}
-		err = d.store.Auth.Save(auther)
+		err = st.Settings.Save(set)
-		checkErr(err)
+		if err != nil {
-		err = d.store.Settings.Save(set)
+			return err
-		checkErr(err)
+		}
-		err = d.store.Settings.SaveServer(ser)
+
-		checkErr(err)
+		err = st.Settings.SaveServer(ser)
-		printSettings(ser, set, auther)
+		if err != nil {
-	}, pythonConfig{}),
+			return err
 		}
 		return printSettings(ser, set, auther)
 	}, storeOptions{}),
 }
--- a/cmd/docs.go
+++ b/cmd/docs.go
@@ -3,137 +3,80 @@ package cmd
 import (
 	"bytes"
 	"fmt"
 	"io"
 	"os"
-	"path/filepath"
+	"path"
-	"sort"
+	"regexp"
 	"strings"
 	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
+	"github.com/spf13/cobra/doc"
 )
 func init() {
 	rootCmd.AddCommand(docsCmd)
-	docsCmd.Flags().StringP("path", "p", "./docs", "path to save the docs")
+	docsCmd.Flags().String("out", "www/docs/cli", "directory to write the docs to")
 }
 func printToc(names []string) {
 	for i, name := range names {
 		name = strings.TrimSuffix(name, filepath.Ext(name))
 		name = strings.Replace(name, "-", " ", -1)
 		names[i] = name
 	}
 	sort.Strings(names)
 	toc := ""
 	for _, name := range names {
 		toc += "* [" + name + "](cli/" + strings.Replace(name, " ", "-", -1) + ".md)\n"
 	}
 	fmt.Println(toc)
 }
 var docsCmd = &cobra.Command{
 	Use:    "docs",
 	Hidden: true,
 	Args:   cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
+	RunE: func(cmd *cobra.Command, _ []string) error {
-		dir := mustGetString(cmd.Flags(), "path")
+		outputDir, err := cmd.Flags().GetString("out")
-		generateDocs(rootCmd, dir)
+		if err != nil {
-		names := []string{}
+			return err
 		}
-		err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+		tempDir, err := os.MkdirTemp(os.TempDir(), "filebrowser-docs-")
-			if err != nil || info.IsDir() {
+		if err != nil {
 			return err
 		}
 		defer os.RemoveAll(tempDir)
 		rootCmd.Root().DisableAutoGenTag = true
 		err = doc.GenMarkdownTreeCustom(cmd.Root(), tempDir, func(_ string) string {
 			return ""
 		}, func(s string) string {
 			return s
 		})
 		if err != nil {
 			return err
 		}
 		entries, err := os.ReadDir(tempDir)
 		if err != nil {
 			return err
 		}
 		headerRegex := regexp.MustCompile(`(?m)^(##)(.*)$`)
 		linkRegex := regexp.MustCompile(`\(filebrowser(.*)\.md\)`)
 		fmt.Println("Generated Documents:")
 		for _, entry := range entries {
 			srcPath := path.Join(tempDir, entry.Name())
 			dstPath := path.Join(outputDir, strings.ReplaceAll(entry.Name(), "_", "-"))
 			data, err := os.ReadFile(srcPath)
 			if err != nil {
 				return err
 			}
-			if !strings.HasPrefix(info.Name(), "filebrowser") {
+			data = headerRegex.ReplaceAll(data, []byte("#$2"))
-				return nil
+			data = linkRegex.ReplaceAllFunc(data, func(b []byte) []byte {
 				return bytes.ReplaceAll(b, []byte("_"), []byte("-"))
 			})
 			data = bytes.ReplaceAll(data, []byte("## SEE ALSO"), []byte("## See Also"))
 			err = os.WriteFile(dstPath, data, 0666)
 			if err != nil {
 				return err
 			}
-			names = append(names, info.Name())
+			fmt.Println("- " + dstPath)
 			return nil
 		})
 		checkErr(err)
 		printToc(names)
 	},
 }
 func generateDocs(cmd *cobra.Command, dir string) {
 	for _, c := range cmd.Commands() {
 		if !c.IsAvailableCommand() || c.IsAdditionalHelpTopicCommand() {
 			continue
 		}
-		generateDocs(c, dir)
+		return nil
-	}
+	},
 	basename := strings.Replace(cmd.CommandPath(), " ", "-", -1) + ".md"
 	filename := filepath.Join(dir, basename)
 	f, err := os.Create(filename)
 	checkErr(err)
 	defer f.Close()
 	generateMarkdown(cmd, f)
 }
 func generateMarkdown(cmd *cobra.Command, w io.Writer) {
 	cmd.InitDefaultHelpCmd()
 	cmd.InitDefaultHelpFlag()
 	buf := new(bytes.Buffer)
 	name := cmd.CommandPath()
 	short := cmd.Short
 	long := cmd.Long
 	if long == "" {
 		long = short
 	}
 	buf.WriteString("---\ndescription: " + short + "\n---\n\n")
 	buf.WriteString("# " + name + "\n\n")
 	buf.WriteString("## Synopsis\n\n")
 	buf.WriteString(long + "\n\n")
 	if cmd.Runnable() {
 		buf.WriteString(fmt.Sprintf("```\n%s\n```\n\n", cmd.UseLine()))
 	}
 	if len(cmd.Example) > 0 {
 		buf.WriteString("## Examples\n\n")
 		buf.WriteString(fmt.Sprintf("```\n%s\n```\n\n", cmd.Example))
 	}
 	printOptions(buf, cmd)
 	_, err := buf.WriteTo(w)
 	checkErr(err)
 }
 func generateFlagsTable(fs *pflag.FlagSet, buf io.StringWriter) {
 	_, _ = buf.WriteString("| Name | Shorthand | Usage |\n")
 	_, _ = buf.WriteString("|------|-----------|-------|\n")
 	fs.VisitAll(func(f *pflag.Flag) {
 		_, _ = buf.WriteString("|" + f.Name + "|" + f.Shorthand + "|" + f.Usage + "|\n")
 	})
 }
 func printOptions(buf *bytes.Buffer, cmd *cobra.Command) {
 	flags := cmd.NonInheritedFlags()
 	flags.SetOutput(buf)
 	if flags.HasAvailableFlags() {
 		buf.WriteString("## Options\n\n")
 		generateFlagsTable(flags, buf)
 		buf.WriteString("\n")
 	}
 	parentFlags := cmd.InheritedFlags()
 	parentFlags.SetOutput(buf)
 	if parentFlags.HasAvailableFlags() {
 		buf.WriteString("### Inherited\n\n")
 		generateFlagsTable(parentFlags, buf)
 		buf.WriteString("\n")
 	}
 }
--- a/cmd/hash.go
+++ b/cmd/hash.go
@@ -17,9 +17,12 @@ var hashCmd = &cobra.Command{
 	Short: "Hashes a password",
 	Long:  `Hashes a password using bcrypt algorithm.`,
 	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
+	RunE: func(_ *cobra.Command, args []string) error {
 		pwd, err := users.HashPwd(args[0])
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		fmt.Println(pwd)
 		return nil
 	},
 }
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,8 +1,10 @@
 package cmd
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
 	"io/fs"
 	"log"
@@ -11,14 +13,13 @@ import (
 	"os"
 	"os/signal"
 	"path/filepath"
 	"strings"
 	"syscall"
 	"time"
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	v "github.com/spf13/viper"
+	"github.com/spf13/viper"
 	lumberjack "gopkg.in/natefinch/lumberjack.v2"
 	"github.com/filebrowser/filebrowser/v2/auth"
@@ -32,27 +33,67 @@ import (
 )
 var (
-	cfgFile string
+	flagNamesMigrations = map[string]string{
 		"file-mode":                        "fileMode",
 		"dir-mode":                         "dirMode",
 		"hide-login-button":                "hideLoginButton",
 		"create-user-dir":                  "createUserDir",
 		"minimum-password-length":          "minimumPasswordLength",
 		"socket-perm":                      "socketPerm",
 		"disable-thumbnails":               "disableThumbnails",
 		"disable-preview-resize":           "disablePreviewResize",
 		"disable-exec":                     "disableExec",
 		"disable-type-detection-by-header": "disableTypeDetectionByHeader",
 		"img-processors":                   "imageProcessors",
 		"cache-dir":                        "cacheDir",
 		"token-expiration-time":            "tokenExpirationTime",
 		"baseurl":                          "baseURL",
 	}
 	warnedFlags = map[string]bool{}
 )
 // TODO(remove): remove after July 2026.
 func migrateFlagNames(_ *pflag.FlagSet, name string) pflag.NormalizedName {
 	if newName, ok := flagNamesMigrations[name]; ok {
 		if !warnedFlags[name] {
 			warnedFlags[name] = true
 			log.Printf("DEPRECATION NOTICE: Flag --%s has been deprecated, use --%s instead\n", name, newName)
 		}
 		name = newName
 	}
 	return pflag.NormalizedName(name)
 }
 func init() {
-	cobra.OnInitialize(initConfig)
+	rootCmd.SilenceUsage = true
 	rootCmd.SetGlobalNormalizationFunc(migrateFlagNames)
 	cobra.MousetrapHelpText = ""
 	rootCmd.SetVersionTemplate("File Browser version {{printf \"%s\" .Version}}\n")
-	flags := rootCmd.Flags()
+	// Flags available across the whole program
 	persistent := rootCmd.PersistentFlags()
-
+	persistent.StringP("config", "c", "", "config file path")
 	persistent.StringVarP(&cfgFile, "config", "c", "", "config file path")
 	persistent.StringP("database", "d", "./filebrowser.db", "database path")
 	flags.Bool("noauth", false, "use the noauth auther when using quick setup")
 	flags.String("username", "admin", "username for the first user when using quick config")
 	flags.String("password", "", "hashed password for the first user when using quick config (default \"admin\")")
 	// Runtime flags for the root command
 	flags := rootCmd.Flags()
 	flags.Bool("noauth", false, "use the noauth auther when using quick setup")
 	flags.String("username", "admin", "username for the first user when using quick setup")
 	flags.String("password", "", "hashed password for the first user when using quick setup")
 	flags.Uint32("socketPerm", 0666, "unix socket file permissions")
 	flags.String("cacheDir", "", "file cache directory (disabled if empty)")
 	flags.Int("imageProcessors", 4, "image processors count")
 	addServerFlags(flags)
 }
 // addServerFlags adds server related flags to the given FlagSet. These flags are available
 // in both the root command, config set and config init commands.
 func addServerFlags(flags *pflag.FlagSet) {
 	flags.StringP("address", "a", "127.0.0.1", "address to listen on")
 	flags.StringP("log", "l", "stdout", "log output")
@@ -61,21 +102,20 @@ func addServerFlags(flags *pflag.FlagSet) {
 	flags.StringP("key", "k", "", "tls key")
 	flags.StringP("root", "r", ".", "root to prepend to relative paths")
 	flags.String("socket", "", "socket to listen to (cannot be used with address, port, cert nor key flags)")
-	flags.Uint32("socket-perm", 0666, "unix socket file permissions") //nolint:gomnd
+	flags.StringP("baseURL", "b", "", "base url")
-	flags.StringP("baseurl", "b", "", "base url")
+	flags.String("tokenExpirationTime", "2h", "user session timeout")
-	flags.String("cache-dir", "", "file cache directory (disabled if empty)")
+	flags.Bool("disableThumbnails", false, "disable image thumbnails")
-	flags.Int("img-processors", 4, "image processors count") //nolint:gomnd
+	flags.Bool("disablePreviewResize", false, "disable resize of image previews")
-	flags.Bool("disable-thumbnails", false, "disable image thumbnails")
+	flags.Bool("disableExec", true, "disables Command Runner feature")
-	flags.Bool("disable-preview-resize", false, "disable resize of image previews")
+	flags.Bool("disableTypeDetectionByHeader", false, "disables type detection by reading file headers")
-	flags.Bool("disable-exec", false, "disables Command Runner feature")
+	flags.Bool("disableImageResolutionCalc", false, "disables image resolution calculation by reading image files")
 	flags.Bool("disable-type-detection-by-header", false, "disables type detection by reading file headers")
 }
 var rootCmd = &cobra.Command{
 	Use:   "filebrowser",
 	Short: "A stylish web-based file browser",
 	Long: `File Browser CLI lets you create the database to use with File Browser,
-manage your users and all the configurations without acessing the
+manage your users and all the configurations without accessing the
 web interface.
 If you've never run File Browser, you'll need to have a database for
@@ -83,62 +123,69 @@ it. Don't worry: you don't need to setup a separate database server.
 We're using Bolt DB which is a single file database and all managed
 by ourselves.
-For this specific command, all the flags you have available (except
+For this command, all flags are available as environmental variables,
-"config" for the configuration file), can be given either through
+except for "--config", which specifies the configuration file to use.
-environment variables or configuration files.
+The environment variables are prefixed by "FB_" followed by the flag name in
 UPPER_SNAKE_CASE. For example, the flag "--disablePreviewResize" is available
 as FB_DISABLE_PREVIEW_RESIZE.
-If you don't set "config", it will look for a configuration file called
+If "--config" is not specified, File Browser will look for a configuration
-.filebrowser.{json, toml, yaml, yml} in the following directories:
+file named .filebrowser.{json, toml, yaml, yml} in the following directories:
 - ./
 - $HOME/
 - /etc/filebrowser/
 **Note:** Only the options listed below can be set via the config file or
 environment variables. Other configuration options live exclusively in the
 database and so they must be set by the "config set" or "config
 import" commands.
 The precedence of the configuration values are as follows:
- flags
+- Flags
- environment variables
+- Environment variables
- configuration file
+- Configuration file
- database values
+- Database values
- defaults
+- Defaults
 The environment variables are prefixed by "FB_" followed by the option
 name in caps. So to set "database" via an env variable, you should
 set FB_DATABASE.
 Also, if the database path doesn't exist, File Browser will enter into
-the quick setup mode and a new database will be bootstraped and a new
+the quick setup mode and a new database will be bootstrapped and a new
 user created with the credentials from options "username" and "password".`,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withViperAndStore(func(_ *cobra.Command, _ []string, v *viper.Viper, st *store) error {
-		log.Println(cfgFile)
+		if !st.databaseExisted {
-
+			err := quickSetup(v, st.Storage)
-		if !d.hadDB {
+			if err != nil {
-			quickSetup(cmd.Flags(), d)
+				return err
 			}
 		}
 		// build img service
-		workersCount, err := cmd.Flags().GetInt("img-processors")
+		imgWorkersCount := v.GetInt("imageProcessors")
-		checkErr(err)
+		if imgWorkersCount < 1 {
-		if workersCount < 1 {
+			return errors.New("image resize workers count could not be < 1")
 			log.Fatal("Image resize workers count could not be < 1")
 		}
-		imgSvc := img.New(workersCount)
+		imageService := img.New(imgWorkersCount)
 		var fileCache diskcache.Interface = diskcache.NewNoOp()
-		cacheDir, err := cmd.Flags().GetString("cache-dir")
+		cacheDir := v.GetString("cacheDir")
 		checkErr(err)
 		if cacheDir != "" {
-			if err := os.MkdirAll(cacheDir, 0700); err != nil { //nolint:govet,gomnd
+			if err := os.MkdirAll(cacheDir, 0700); err != nil {
-				log.Fatalf("can't make directory %s: %s", cacheDir, err)
+				return fmt.Errorf("can't make directory %s: %w", cacheDir, err)
 			}
 			fileCache = diskcache.New(afero.NewOsFs(), cacheDir)
 		}
-		server := getRunParams(cmd.Flags(), d.store)
+		server, err := getServerSettings(v, st.Storage)
 		if err != nil {
 			return err
 		}
 		setupLog(server.Log)
 		root, err := filepath.Abs(server.Root)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		server.Root = root
 		adr := server.Address + ":" + server.Port
@@ -148,100 +195,158 @@ user created with the credentials from options "username" and "password".`,
 		switch {
 		case server.Socket != "":
 			listener, err = net.Listen("unix", server.Socket)
-			checkErr(err)
+			if err != nil {
-			socketPerm, err := cmd.Flags().GetUint32("socket-perm") //nolint:govet
+				return err
-			checkErr(err)
+			}
 			socketPerm := v.GetUint32("socketPerm")
 			err = os.Chmod(server.Socket, os.FileMode(socketPerm))
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 		case server.TLSKey != "" && server.TLSCert != "":
-			cer, err := tls.LoadX509KeyPair(server.TLSCert, server.TLSKey) //nolint:govet
+			cer, err := tls.LoadX509KeyPair(server.TLSCert, server.TLSKey)
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 			listener, err = tls.Listen("tcp", adr, &tls.Config{
 				MinVersion:   tls.VersionTLS12,
 				Certificates: []tls.Certificate{cer}},
 			)
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 		default:
 			listener, err = net.Listen("tcp", adr)
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 		}
 		sigc := make(chan os.Signal, 1)
 		signal.Notify(sigc, os.Interrupt, syscall.SIGTERM)
 		go cleanupHandler(listener, sigc)
 		assetsFs, err := fs.Sub(frontend.Assets(), "dist")
 		if err != nil {
 			panic(err)
 		}
-		handler, err := fbhttp.NewHandler(imgSvc, fileCache, d.store, server, assetsFs)
+		handler, err := fbhttp.NewHandler(imageService, fileCache, st.Storage, server, assetsFs)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		defer listener.Close()
 		log.Println("Listening on", listener.Addr().String())
-		//nolint: gosec
+		srv := &http.Server{
-		if err := http.Serve(listener, handler); err != nil {
+			Handler:           handler,
-			log.Fatal(err)
+			ReadHeaderTimeout: 60 * time.Second,
 		}
-	}, pythonConfig{allowNoDB: true}),
+
 		go func() {
 			if err := srv.Serve(listener); !errors.Is(err, http.ErrServerClosed) {
 				log.Fatalf("HTTP server error: %v", err)
 			}
 			log.Println("Stopped serving new connections.")
 		}()
 		sigc := make(chan os.Signal, 1)
 		signal.Notify(sigc,
 			os.Interrupt,
 			syscall.SIGHUP,
 			syscall.SIGINT,
 			syscall.SIGTERM,
 			syscall.SIGQUIT,
 		)
 		sig := <-sigc
 		log.Println("Got signal:", sig)
 		shutdownCtx, shutdownRelease := context.WithTimeout(context.Background(), 10*time.Second)
 		defer shutdownRelease()
 		if err := srv.Shutdown(shutdownCtx); err != nil {
 			log.Fatalf("HTTP shutdown error: %v", err)
 		}
 		log.Println("Graceful shutdown complete.")
 		return nil
 	}, storeOptions{allowsNoDatabase: true}),
 }
-func cleanupHandler(listener net.Listener, c chan os.Signal) { //nolint:interfacer
+func getServerSettings(v *viper.Viper, st *storage.Storage) (*settings.Server, error) {
 	sig := <-c
 	log.Printf("Caught signal %s: shutting down.", sig)
 	listener.Close()
 	os.Exit(0)
 }
 //nolint:gocyclo
 func getRunParams(flags *pflag.FlagSet, st *storage.Storage) *settings.Server {
 	server, err := st.Settings.GetServer()
-	checkErr(err)
+	if err != nil {
-
+		return nil, err
 	if val, set := getParamB(flags, "root"); set {
 		server.Root = val
 	}
 	if val, set := getParamB(flags, "baseurl"); set {
 		server.BaseURL = val
 	}
 	if val, set := getParamB(flags, "log"); set {
 		server.Log = val
 	}
 	isSocketSet := false
 	isAddrSet := false
-	if val, set := getParamB(flags, "address"); set {
+	if v.IsSet("address") {
-		server.Address = val
+		server.Address = v.GetString("address")
-		isAddrSet = isAddrSet || set
+		isAddrSet = true
 	}
-	if val, set := getParamB(flags, "port"); set {
+	if v.IsSet("log") {
-		server.Port = val
+		server.Log = v.GetString("log")
 		isAddrSet = isAddrSet || set
 	}
-	if val, set := getParamB(flags, "key"); set {
+	if v.IsSet("port") {
-		server.TLSKey = val
+		server.Port = v.GetString("port")
-		isAddrSet = isAddrSet || set
+		isAddrSet = true
 	}
-	if val, set := getParamB(flags, "cert"); set {
+	if v.IsSet("cert") {
-		server.TLSCert = val
+		server.TLSCert = v.GetString("cert")
-		isAddrSet = isAddrSet || set
+		isAddrSet = true
 	}
-	if val, set := getParamB(flags, "socket"); set {
+	if v.IsSet("key") {
-		server.Socket = val
+		server.TLSKey = v.GetString("key")
-		isSocketSet = isSocketSet || set
+		isAddrSet = true
 	}
 	if v.IsSet("root") {
 		server.Root = v.GetString("root")
 	}
 	if v.IsSet("socket") {
 		server.Socket = v.GetString("socket")
 		isSocketSet = true
 	}
 	if v.IsSet("baseURL") {
 		server.BaseURL = v.GetString("baseURL")
 		// TODO(remove): remove after July 2026.
 	} else if v := os.Getenv("FB_BASEURL"); v != "" {
 		log.Println("DEPRECATION NOTICE: Environment variable FB_BASEURL has been deprecated, use FB_BASE_URL instead")
 		server.BaseURL = v
 	}
 	if v.IsSet("tokenExpirationTime") {
 		server.TokenExpirationTime = v.GetString("tokenExpirationTime")
 	}
 	if v.IsSet("disableThumbnails") {
 		server.EnableThumbnails = !v.GetBool("disableThumbnails")
 	}
 	if v.IsSet("disablePreviewResize") {
 		server.ResizePreview = !v.GetBool("disablePreviewResize")
 	}
 	if v.IsSet("disableTypeDetectionByHeader") {
 		server.TypeDetectionByHeader = !v.GetBool("disableTypeDetectionByHeader")
 	}
 	if v.IsSet("disableImageResolutionCalc") {
 		server.ImageResolutionCal = !v.GetBool("disableImageResolutionCalc")
 	}
 	if v.IsSet("disableExec") {
 		server.EnableExec = !v.GetBool("disableExec")
 	}
 	if isAddrSet && isSocketSet {
-		checkErr(errors.New("--socket flag cannot be used with --address, --port, --key nor --cert"))
+		return nil, errors.New("--socket flag cannot be used with --address, --port, --key nor --cert")
 	}
 	// Do not use saved Socket if address was manually set.
@@ -249,48 +354,14 @@ func getRunParams(flags *pflag.FlagSet, st *storage.Storage) *settings.Server {
 		server.Socket = ""
 	}
-	_, disableThumbnails := getParamB(flags, "disable-thumbnails")
+	if server.EnableExec {
-	server.EnableThumbnails = !disableThumbnails
+		log.Println("WARNING: Command Runner feature enabled!")
-
+		log.Println("WARNING: This feature has known security vulnerabilities and should not")
-	_, disablePreviewResize := getParamB(flags, "disable-preview-resize")
+		log.Println("WARNING: you fully understand the risks involved. For more information")
-	server.ResizePreview = !disablePreviewResize
+		log.Println("WARNING: read https://github.com/filebrowser/filebrowser/issues/5199")
 	_, disableTypeDetectionByHeader := getParamB(flags, "disable-type-detection-by-header")
 	server.TypeDetectionByHeader = !disableTypeDetectionByHeader
 	_, disableExec := getParamB(flags, "disable-exec")
 	server.EnableExec = !disableExec
 	return server
 }
 // getParamB returns a parameter as a string and a boolean to tell if it is different from the default
 //
 // NOTE: we could simply bind the flags to viper and use IsSet.
 // Although there is a bug on Viper that always returns true on IsSet
 // if a flag is binded. Our alternative way is to manually check
 // the flag and then the value from env/config/gotten by viper.
 // https://github.com/spf13/viper/pull/331
 func getParamB(flags *pflag.FlagSet, key string) (string, bool) {
 	value, _ := flags.GetString(key)
 	// If set on Flags, use it.
 	if flags.Changed(key) {
 		return value, true
 	}
-	// If set through viper (env, config), return it.
+	return server, nil
 	if v.IsSet(key) {
 		return v.GetString(key), true
 	}
 	// Otherwise use default value on flags.
 	return value, false
 }
 func getParam(flags *pflag.FlagSet, key string) string {
 	val, _ := getParamB(flags, key)
 	return val
 }
 func setupLog(logMethod string) {
@@ -311,16 +382,22 @@ func setupLog(logMethod string) {
 	}
 }
-func quickSetup(flags *pflag.FlagSet, d pythonData) {
+func quickSetup(v *viper.Viper, s *storage.Storage) error {
 	log.Println("Performing quick setup")
 	set := &settings.Settings{
-		Key:              generateKey(),
+		Key:                   generateKey(),
-		Signup:           false,
+		Signup:                false,
-		CreateUserDir:    false,
+		HideLoginButton:       true,
-		UserHomeBasePath: settings.DefaultUsersHomeBasePath,
+		CreateUserDir:         false,
 		MinimumPasswordLength: settings.DefaultMinimumPasswordLength,
 		UserHomeBasePath:      settings.DefaultUsersHomeBasePath,
 		Defaults: settings.UserDefaults{
-			Scope:       ".",
+			Scope:                 ".",
-			Locale:      "en",
+			Locale:                "en",
-			SingleClick: false,
+			SingleClick:           false,
 			RedirectAfterCopyMove: true,
 			AceEditorTheme:        v.GetString("defaults.aceEditorTheme"),
 			Perm: users.Permissions{
 				Admin:    false,
 				Execute:  true,
@@ -344,37 +421,60 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) {
 	}
 	var err error
-	if _, noauth := getParamB(flags, "noauth"); noauth {
+	if v.GetBool("noauth") {
 		set.AuthMethod = auth.MethodNoAuth
-		err = d.store.Auth.Save(&auth.NoAuth{})
+		err = s.Auth.Save(&auth.NoAuth{})
 	} else {
 		set.AuthMethod = auth.MethodJSONAuth
-		err = d.store.Auth.Save(&auth.JSONAuth{})
+		err = s.Auth.Save(&auth.JSONAuth{})
 	}
 	if err != nil {
 		return err
 	}
-	checkErr(err)
+	err = s.Settings.Save(set)
-	err = d.store.Settings.Save(set)
+	if err != nil {
-	checkErr(err)
+		return err
 	}
 	ser := &settings.Server{
-		BaseURL: getParam(flags, "baseurl"),
+		BaseURL:               v.GetString("baseURL"),
-		Port:    getParam(flags, "port"),
+		Port:                  v.GetString("port"),
-		Log:     getParam(flags, "log"),
+		Log:                   v.GetString("log"),
-		TLSKey:  getParam(flags, "key"),
+		TLSKey:                v.GetString("key"),
-		TLSCert: getParam(flags, "cert"),
+		TLSCert:               v.GetString("cert"),
-		Address: getParam(flags, "address"),
+		Address:               v.GetString("address"),
-		Root:    getParam(flags, "root"),
+		Root:                  v.GetString("root"),
 		TokenExpirationTime:   v.GetString("tokenExpirationTime"),
 		EnableThumbnails:      !v.GetBool("disableThumbnails"),
 		ResizePreview:         !v.GetBool("disablePreviewResize"),
 		EnableExec:            !v.GetBool("disableExec"),
 		TypeDetectionByHeader: !v.GetBool("disableTypeDetectionByHeader"),
 		ImageResolutionCal:    !v.GetBool("disableImageResolutionCalc"),
 	}
-	err = d.store.Settings.SaveServer(ser)
+	err = s.Settings.SaveServer(ser)
-	checkErr(err)
+	if err != nil {
 		return err
 	}
-	username := getParam(flags, "username")
+	username := v.GetString("username")
-	password := getParam(flags, "password")
+	password := v.GetString("password")
 	if password == "" {
-		password, err = users.HashPwd("admin")
+		var pwd string
-		checkErr(err)
+		pwd, err = users.RandomPwd(set.MinimumPasswordLength)
 		if err != nil {
 			return err
 		}
 		log.Printf("User '%s' initialized with randomly generated password: %s\n", username, pwd)
 		password, err = users.ValidateAndHashPwd(pwd, set.MinimumPasswordLength)
 		if err != nil {
 			return err
 		}
 	} else {
 		log.Printf("User '%s' initialize wth user-provided password\n", username)
 	}
 	if username == "" || password == "" {
@@ -390,32 +490,5 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) {
 	set.Defaults.Apply(user)
 	user.Perm.Admin = true
-	err = d.store.Users.Save(user)
+	return s.Users.Save(user)
 	checkErr(err)
 }
 func initConfig() {
 	if cfgFile == "" {
 		home, err := homedir.Dir()
 		checkErr(err)
 		v.AddConfigPath(".")
 		v.AddConfigPath(home)
 		v.AddConfigPath("/etc/filebrowser/")
 		v.SetConfigName(".filebrowser")
 	} else {
 		v.SetConfigFile(cfgFile)
 	}
 	v.SetEnvPrefix("FB")
 	v.AutomaticEnv()
 	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
 	if err := v.ReadInConfig(); err != nil {
 		if _, ok := err.(v.ConfigParseError); ok {
 			panic(err)
 		}
 		cfgFile = "No config file used"
 	} else {
 		cfgFile = "Using config file: " + v.ConfigFileUsed()
 	}
 }
--- a/cmd/rule_rm.go
+++ b/cmd/rule_rm.go
@@ -28,7 +28,7 @@ You can also specify an optional parameter (index_end) so
 you can remove all commands from 'index' to 'index_end',
 including 'index_end'.`,
 	Args: func(cmd *cobra.Command, args []string) error {
-		if err := cobra.RangeArgs(1, 2)(cmd, args); err != nil { //nolint:gomnd
+		if err := cobra.RangeArgs(1, 2)(cmd, args); err != nil {
 			return err
 		}
@@ -40,27 +40,29 @@ including 'index_end'.`,
 		return nil
 	},
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
 		i, err := strconv.Atoi(args[0])
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		f := i
-		if len(args) == 2 { //nolint:gomnd
+		if len(args) == 2 {
 			f, err = strconv.Atoi(args[1])
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 		}
-		user := func(u *users.User) {
+		user := func(u *users.User) error {
 			u.Rules = append(u.Rules[:i], u.Rules[f+1:]...)
-			err := d.store.Users.Save(u)
+			return st.Users.Save(u)
 			checkErr(err)
 		}
-		global := func(s *settings.Settings) {
+		global := func(s *settings.Settings) error {
 			s.Rules = append(s.Rules[:i], s.Rules[f+1:]...)
-			err := d.store.Settings.Save(s)
+			return st.Settings.Save(s)
 			checkErr(err)
 		}
-		runRules(d.store, cmd, user, global)
+		return runRules(st.Storage, cmd, user, global)
-	}, pythonConfig{}),
+	}, storeOptions{}),
 }
--- a/cmd/rules.go
+++ b/cmd/rules.go
@@ -29,41 +29,63 @@ rules.`,
 	Args: cobra.NoArgs,
 }
-func runRules(st *storage.Storage, cmd *cobra.Command, usersFn func(*users.User), globalFn func(*settings.Settings)) {
+func runRules(st *storage.Storage, cmd *cobra.Command, usersFn func(*users.User) error, globalFn func(*settings.Settings) error) error {
-	id := getUserIdentifier(cmd.Flags())
+	id, err := getUserIdentifier(cmd.Flags())
 	if err != nil {
 		return err
 	}
 	if id != nil {
-		user, err := st.Users.Get("", id)
+		var user *users.User
-		checkErr(err)
+		user, err = st.Users.Get("", id)
 		if err != nil {
 			return err
 		}
 		if usersFn != nil {
-			usersFn(user)
+			err = usersFn(user)
 			if err != nil {
 				return err
 			}
 		}
 		printRules(user.Rules, id)
-		return
+		return nil
 	}
 	s, err := st.Settings.Get()
-	checkErr(err)
+	if err != nil {
 		return err
 	}
 	if globalFn != nil {
-		globalFn(s)
+		err = globalFn(s)
 		if err != nil {
 			return err
 		}
 	}
 	printRules(s.Rules, id)
 	return nil
 }
-func getUserIdentifier(flags *pflag.FlagSet) interface{} {
+func getUserIdentifier(flags *pflag.FlagSet) (interface{}, error) {
-	id := mustGetUint(flags, "id")
+	id, err := flags.GetUint("id")
-	username := mustGetString(flags, "username")
+	if err != nil {
-
+		return nil, err
 	if id != 0 {
 		return id
 	} else if username != "" {
 		return username
 	}
-	return nil
+	username, err := flags.GetString("username")
 	if err != nil {
 		return nil, err
 	}
 	if id != 0 {
 		return id, nil
 	} else if username != "" {
 		return username, nil
 	}
 	return nil, nil
 }
 func printRules(rulez []rules.Rule, id interface{}) {
--- a/cmd/rules_add.go
+++ b/cmd/rules_add.go
@@ -21,9 +21,19 @@ var rulesAddCmd = &cobra.Command{
 	Short: "Add a global rule or user rule",
 	Long:  `Add a global rule or user rule.`,
 	Args:  cobra.ExactArgs(1),
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
-		allow := mustGetBool(cmd.Flags(), "allow")
+		flags := cmd.Flags()
-		regex := mustGetBool(cmd.Flags(), "regex")
+
 		allow, err := flags.GetBool("allow")
 		if err != nil {
 			return err
 		}
 		regex, err := flags.GetBool("regex")
 		if err != nil {
 			return err
 		}
 		exp := args[0]
 		if regex {
@@ -41,18 +51,16 @@ var rulesAddCmd = &cobra.Command{
 			rule.Path = exp
 		}
-		user := func(u *users.User) {
+		user := func(u *users.User) error {
 			u.Rules = append(u.Rules, rule)
-			err := d.store.Users.Save(u)
+			return st.Users.Save(u)
 			checkErr(err)
 		}
-		global := func(s *settings.Settings) {
+		global := func(s *settings.Settings) error {
 			s.Rules = append(s.Rules, rule)
-			err := d.store.Settings.Save(s)
+			return st.Settings.Save(s)
 			checkErr(err)
 		}
-		runRules(d.store, cmd, user, global)
+		return runRules(st.Storage, cmd, user, global)
-	}, pythonConfig{}),
+	}, storeOptions{}),
 }
--- a/cmd/rules_ls.go
+++ b/cmd/rules_ls.go
@@ -13,7 +13,7 @@ var rulesLsCommand = &cobra.Command{
 	Short: "List global rules or user specific rules",
 	Long:  `List global rules or user specific rules.`,
 	Args:  cobra.NoArgs,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
-		runRules(d.store, cmd, nil, nil)
+		return runRules(st.Storage, cmd, nil, nil)
-	}, pythonConfig{}),
+	}, storeOptions{}),
 }
--- a/cmd/upgrade.go
+++ b/cmd/upgrade.go
@@ -1,31 +0,0 @@
 package cmd
 import (
 	"github.com/spf13/cobra"
 	"github.com/filebrowser/filebrowser/v2/storage/bolt/importer"
 )
 func init() {
 	rootCmd.AddCommand(upgradeCmd)
 	upgradeCmd.Flags().String("old.database", "", "")
 	upgradeCmd.Flags().String("old.config", "", "")
 	_ = upgradeCmd.MarkFlagRequired("old.database")
 }
 var upgradeCmd = &cobra.Command{
 	Use:   "upgrade",
 	Short: "Upgrades an old configuration",
 	Long: `Upgrades an old configuration. This command DOES NOT
 import share links because they are incompatible with
 this version.`,
 	Args: cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
 		flags := cmd.Flags()
 		oldDB := mustGetString(flags, "old.database")
 		oldConf := mustGetString(flags, "old.config")
 		err := importer.Import(oldDB, oldConf, getParam(flags, "database"))
 		checkErr(err)
 	},
 }
--- a/cmd/users.go
+++ b/cmd/users.go
@@ -26,17 +26,18 @@ var usersCmd = &cobra.Command{
 }
 func printUsers(usrs []*users.User) {
-	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) //nolint:gomnd
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-	fmt.Fprintln(w, "ID\tUsername\tScope\tLocale\tV. Mode\tS.Click\tAdmin\tExecute\tCreate\tRename\tModify\tDelete\tShare\tDownload\tPwd Lock")
+	fmt.Fprintln(w, "ID\tUsername\tScope\tLocale\tV. Mode\tS.Click\tRed. After C/M\tAdmin\tExecute\tCreate\tRename\tModify\tDelete\tShare\tDownload\tPwd Lock")
 	for _, u := range usrs {
-		fmt.Fprintf(w, "%d\t%s\t%s\t%s\t%s\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t\n",
+		fmt.Fprintf(w, "%d\t%s\t%s\t%s\t%s\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t\n",
 			u.ID,
 			u.Username,
 			u.Scope,
 			u.Locale,
 			u.ViewMode,
 			u.SingleClick,
 			u.RedirectAfterCopyMove,
 			u.Perm.Admin,
 			u.Perm.Execute,
 			u.Perm.Create,
@@ -77,52 +78,72 @@ func addUserFlags(flags *pflag.FlagSet) {
 	flags.String("locale", "en", "locale for users")
 	flags.String("viewMode", string(users.ListViewMode), "view mode for users")
 	flags.Bool("singleClick", false, "use single clicks only")
 	flags.Bool("redirectAfterCopyMove", false, "redirect to destination after copy/move")
 	flags.Bool("dateFormat", false, "use date format (true for absolute time, false for relative)")
 	flags.Bool("hideDotfiles", false, "hide dotfiles")
 	flags.String("aceEditorTheme", "", "ace editor's syntax highlighting theme for users")
 }
-func getViewMode(flags *pflag.FlagSet) users.ViewMode {
+func getAndParseViewMode(flags *pflag.FlagSet) (users.ViewMode, error) {
-	viewMode := users.ViewMode(mustGetString(flags, "viewMode"))
+	viewModeStr, err := flags.GetString("viewMode")
-	if viewMode != users.ListViewMode && viewMode != users.MosaicViewMode {
+	if err != nil {
-		checkErr(errors.New("view mode must be \"" + string(users.ListViewMode) + "\" or \"" + string(users.MosaicViewMode) + "\""))
+		return "", err
 	}
-	return viewMode
+
 	viewMode := users.ViewMode(viewModeStr)
 	if viewMode != users.ListViewMode && viewMode != users.MosaicViewMode {
 		return "", errors.New("view mode must be \"" + string(users.ListViewMode) + "\" or \"" + string(users.MosaicViewMode) + "\"")
 	}
 	return viewMode, nil
 }
-//nolint:gocyclo
+func getUserDefaults(flags *pflag.FlagSet, defaults *settings.UserDefaults, all bool) error {
-func getUserDefaults(flags *pflag.FlagSet, defaults *settings.UserDefaults, all bool) {
+	errs := []error{}
 	visit := func(flag *pflag.Flag) {
 		var err error
 		switch flag.Name {
 		case "scope":
-			defaults.Scope = mustGetString(flags, flag.Name)
+			defaults.Scope, err = flags.GetString(flag.Name)
 		case "locale":
-			defaults.Locale = mustGetString(flags, flag.Name)
+			defaults.Locale, err = flags.GetString(flag.Name)
 		case "viewMode":
-			defaults.ViewMode = getViewMode(flags)
+			defaults.ViewMode, err = getAndParseViewMode(flags)
 		case "singleClick":
-			defaults.SingleClick = mustGetBool(flags, flag.Name)
+			defaults.SingleClick, err = flags.GetBool(flag.Name)
 		case "redirectAfterCopyMove":
 			defaults.RedirectAfterCopyMove, err = flags.GetBool(flag.Name)
 		case "aceEditorTheme":
 			defaults.AceEditorTheme, err = flags.GetString(flag.Name)
 		case "perm.admin":
-			defaults.Perm.Admin = mustGetBool(flags, flag.Name)
+			defaults.Perm.Admin, err = flags.GetBool(flag.Name)
 		case "perm.execute":
-			defaults.Perm.Execute = mustGetBool(flags, flag.Name)
+			defaults.Perm.Execute, err = flags.GetBool(flag.Name)
 		case "perm.create":
-			defaults.Perm.Create = mustGetBool(flags, flag.Name)
+			defaults.Perm.Create, err = flags.GetBool(flag.Name)
 		case "perm.rename":
-			defaults.Perm.Rename = mustGetBool(flags, flag.Name)
+			defaults.Perm.Rename, err = flags.GetBool(flag.Name)
 		case "perm.modify":
-			defaults.Perm.Modify = mustGetBool(flags, flag.Name)
+			defaults.Perm.Modify, err = flags.GetBool(flag.Name)
 		case "perm.delete":
-			defaults.Perm.Delete = mustGetBool(flags, flag.Name)
+			defaults.Perm.Delete, err = flags.GetBool(flag.Name)
 		case "perm.share":
-			defaults.Perm.Share = mustGetBool(flags, flag.Name)
+			defaults.Perm.Share, err = flags.GetBool(flag.Name)
 		case "perm.download":
-			defaults.Perm.Download = mustGetBool(flags, flag.Name)
+			defaults.Perm.Download, err = flags.GetBool(flag.Name)
 		case "commands":
-			commands, err := flags.GetStringSlice(flag.Name)
+			defaults.Commands, err = flags.GetStringSlice(flag.Name)
 			checkErr(err)
 			defaults.Commands = commands
 		case "sorting.by":
-			defaults.Sorting.By = mustGetString(flags, flag.Name)
+			defaults.Sorting.By, err = flags.GetString(flag.Name)
 		case "sorting.asc":
-			defaults.Sorting.Asc = mustGetBool(flags, flag.Name)
+			defaults.Sorting.Asc, err = flags.GetBool(flag.Name)
 		case "hideDotfiles":
 			defaults.HideDotfiles, err = flags.GetBool(flag.Name)
 		}
 		if err != nil {
 			errs = append(errs, err)
 		}
 	}
@@ -131,4 +152,6 @@ func getUserDefaults(flags *pflag.FlagSet, defaults *settings.UserDefaults, all
 	} else {
 		flags.Visit(visit)
 	}
 	return errors.Join(errs...)
 }
--- a/cmd/users_add.go
+++ b/cmd/users_add.go
@@ -15,37 +15,68 @@ var usersAddCmd = &cobra.Command{
 	Use:   "add <username> <password>",
 	Short: "Create a new user",
 	Long:  `Create a new user and add it to the database.`,
-	Args:  cobra.ExactArgs(2), //nolint:gomnd
+	Args:  cobra.ExactArgs(2),
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
-		s, err := d.store.Settings.Get()
+		flags := cmd.Flags()
-		checkErr(err)
+		s, err := st.Settings.Get()
-		getUserDefaults(cmd.Flags(), &s.Defaults, false)
+		if err != nil {
 			return err
 		}
 		err = getUserDefaults(flags, &s.Defaults, false)
 		if err != nil {
 			return err
 		}
-		password, err := users.HashPwd(args[1])
+		password, err := users.ValidateAndHashPwd(args[1], s.MinimumPasswordLength)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		user := &users.User{
-			Username:     args[0],
+			Username: args[0],
-			Password:     password,
+			Password: password,
-			LockPassword: mustGetBool(cmd.Flags(), "lockPassword"),
+		}
 		user.LockPassword, err = flags.GetBool("lockPassword")
 		if err != nil {
 			return err
 		}
 		user.DateFormat, err = flags.GetBool("dateFormat")
 		if err != nil {
 			return err
 		}
 		user.HideDotfiles, err = flags.GetBool("hideDotfiles")
 		if err != nil {
 			return err
 		}
 		s.Defaults.Apply(user)
-		servSettings, err := d.store.Settings.GetServer()
+		servSettings, err := st.Settings.GetServer()
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		// since getUserDefaults() polluted s.Defaults.Scope
 		// which makes the Scope not the one saved in the db
 		// we need the right s.Defaults.Scope here
-		s2, err := d.store.Settings.Get()
+		s2, err := st.Settings.Get()
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		userHome, err := s2.MakeUserDir(user.Username, user.Scope, servSettings.Root)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		user.Scope = userHome
-		err = d.store.Users.Save(user)
+		err = st.Users.Save(user)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		printUsers([]*users.User{user})
-	}, pythonConfig{}),
+		return nil
 	}, storeOptions{}),
 }
--- a/cmd/users_export.go
+++ b/cmd/users_export.go
@@ -14,11 +14,16 @@ var usersExportCmd = &cobra.Command{
 	Long: `Export all users to a json or yaml file. Please indicate the
 path to the file where you want to write the users.`,
 	Args: jsonYamlArg,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
-		list, err := d.store.Users.Gets("")
+		list, err := st.Users.Gets("")
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		err = marshal(args[0], list)
-		checkErr(err)
+		if err != nil {
-	}, pythonConfig{}),
+			return err
 		}
 		return nil
 	}, storeOptions{}),
 }
--- a/cmd/users_find.go
+++ b/cmd/users_find.go
@@ -16,17 +16,17 @@ var usersFindCmd = &cobra.Command{
 	Short: "Find a user by username or id",
 	Long:  `Find a user by username or id. If no flag is set, all users will be printed.`,
 	Args:  cobra.ExactArgs(1),
-	Run:   findUsers,
+	RunE:  findUsers,
 }
 var usersLsCmd = &cobra.Command{
 	Use:   "ls",
 	Short: "List all users.",
 	Args:  cobra.NoArgs,
-	Run:   findUsers,
+	RunE:  findUsers,
 }
-var findUsers = python(func(cmd *cobra.Command, args []string, d pythonData) {
+var findUsers = withStore(func(_ *cobra.Command, args []string, st *store) error {
 	var (
 		list []*users.User
 		user *users.User
@@ -36,16 +36,19 @@ var findUsers = python(func(cmd *cobra.Command, args []string, d pythonData) {
 	if len(args) == 1 {
 		username, id := parseUsernameOrID(args[0])
 		if username != "" {
-			user, err = d.store.Users.Get("", username)
+			user, err = st.Users.Get("", username)
 		} else {
-			user, err = d.store.Users.Get("", id)
+			user, err = st.Users.Get("", id)
 		}
 		list = []*users.User{user}
 	} else {
-		list, err = d.store.Users.Gets("")
+		list, err = st.Users.Gets("")
 	}
-	checkErr(err)
+	if err != nil {
 		return err
 	}
 	printUsers(list)
-}, pythonConfig{})
+	return nil
 }, storeOptions{})
--- a/cmd/users_import.go
+++ b/cmd/users_import.go
@@ -25,50 +25,71 @@ file. You can use this command to import new users to your
 installation. For that, just don't place their ID on the files
 list or set it to 0.`,
 	Args: jsonYamlArg,
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
 		flags := cmd.Flags()
 		fd, err := os.Open(args[0])
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		defer fd.Close()
 		list := []*users.User{}
 		err = unmarshal(args[0], &list)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		for _, user := range list {
 			err = user.Clean("")
-			checkErr(err)
+			if err != nil {
-		}
+				return err
 		if mustGetBool(cmd.Flags(), "replace") {
 			oldUsers, err := d.store.Users.Gets("")
 			checkErr(err)
 			err = marshal("users.backup.json", list)
 			checkErr(err)
 			for _, user := range oldUsers {
 				err = d.store.Users.Delete(user.ID)
 				checkErr(err)
 			}
 		}
-		overwrite := mustGetBool(cmd.Flags(), "overwrite")
+		replace, err := flags.GetBool("replace")
 		if err != nil {
 			return err
 		}
 		if replace {
 			oldUsers, userImportErr := st.Users.Gets("")
 			if userImportErr != nil {
 				return userImportErr
 			}
 			err = marshal("users.backup.json", list)
 			if err != nil {
 				return err
 			}
 			for _, user := range oldUsers {
 				err = st.Users.Delete(user.ID)
 				if err != nil {
 					return err
 				}
 			}
 		}
 		overwrite, err := flags.GetBool("overwrite")
 		if err != nil {
 			return err
 		}
 		for _, user := range list {
-			onDB, err := d.store.Users.Get("", user.ID)
+			onDB, err := st.Users.Get("", user.ID)
 			// User exists in DB.
 			if err == nil {
 				if !overwrite {
-					checkErr(errors.New("user " + strconv.Itoa(int(user.ID)) + " is already registred"))
+					return errors.New("user " + strconv.Itoa(int(user.ID)) + " is already registered")
 				}
 				// If the usernames mismatch, check if there is another one in the DB
 				// with the new username. If there is, print an error and cancel the
 				// operation
 				if user.Username != onDB.Username {
-					if conflictuous, err := d.store.Users.Get("", user.Username); err == nil { //nolint:govet
+					if conflictuous, err := st.Users.Get("", user.Username); err == nil {
-						checkErr(usernameConflictError(user.Username, conflictuous.ID, user.ID))
+						return usernameConflictError(user.Username, conflictuous.ID, user.ID)
 					}
 				}
 			} else {
@@ -77,13 +98,16 @@ list or set it to 0.`,
 				user.ID = 0
 			}
-			err = d.store.Users.Save(user)
+			err = st.Users.Save(user)
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 		}
-	}, pythonConfig{}),
+		return nil
 	}, storeOptions{}),
 }
 func usernameConflictError(username string, originalID, newID uint) error {
-	return fmt.Errorf(`can't import user with ID %d and username "%s" because the username is already registred with the user %d`,
+	return fmt.Errorf(`can't import user with ID %d and username "%s" because the username is already registered with the user %d`,
 		newID, username, originalID)
 }
--- a/cmd/users_rm.go
+++ b/cmd/users_rm.go
@@ -15,17 +15,20 @@ var usersRmCmd = &cobra.Command{
 	Short: "Delete a user by username or id",
 	Long:  `Delete a user by username or id`,
 	Args:  cobra.ExactArgs(1),
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
 		username, id := parseUsernameOrID(args[0])
 		var err error
 		if username != "" {
-			err = d.store.Users.Delete(username)
+			err = st.Users.Delete(username)
 		} else {
-			err = d.store.Users.Delete(id)
+			err = st.Users.Delete(id)
 		}
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		fmt.Println("user deleted successfully")
-	}, pythonConfig{}),
+		return nil
 	}, storeOptions{}),
 }
--- a/cmd/users_update.go
+++ b/cmd/users_update.go
@@ -21,55 +21,91 @@ var usersUpdateCmd = &cobra.Command{
 	Long: `Updates an existing user. Set the flags for the
 options you want to change.`,
 	Args: cobra.ExactArgs(1),
-	Run: python(func(cmd *cobra.Command, args []string, d pythonData) {
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
 		username, id := parseUsernameOrID(args[0])
 		flags := cmd.Flags()
-		password := mustGetString(flags, "password")
+		username, id := parseUsernameOrID(args[0])
-		newUsername := mustGetString(flags, "username")
+		password, err := flags.GetString("password")
 		if err != nil {
 			return err
 		}
 		newUsername, err := flags.GetString("username")
 		if err != nil {
 			return err
 		}
 		s, err := st.Settings.Get()
 		if err != nil {
 			return err
 		}
 		var (
 			err  error
 			user *users.User
 		)
 		if id != 0 {
-			user, err = d.store.Users.Get("", id)
+			user, err = st.Users.Get("", id)
 		} else {
-			user, err = d.store.Users.Get("", username)
+			user, err = st.Users.Get("", username)
 		}
 		if err != nil {
 			return err
 		}
 		checkErr(err)
 		defaults := settings.UserDefaults{
-			Scope:       user.Scope,
+			Scope:                 user.Scope,
-			Locale:      user.Locale,
+			Locale:                user.Locale,
-			ViewMode:    user.ViewMode,
+			ViewMode:              user.ViewMode,
-			SingleClick: user.SingleClick,
+			SingleClick:           user.SingleClick,
-			Perm:        user.Perm,
+			RedirectAfterCopyMove: user.RedirectAfterCopyMove,
-			Sorting:     user.Sorting,
+			Perm:                  user.Perm,
-			Commands:    user.Commands,
+			Sorting:               user.Sorting,
 			Commands:              user.Commands,
 		}
-		getUserDefaults(flags, &defaults, false)
+
 		err = getUserDefaults(flags, &defaults, false)
 		if err != nil {
 			return err
 		}
 		user.Scope = defaults.Scope
 		user.Locale = defaults.Locale
 		user.ViewMode = defaults.ViewMode
 		user.SingleClick = defaults.SingleClick
 		user.RedirectAfterCopyMove = defaults.RedirectAfterCopyMove
 		user.Perm = defaults.Perm
 		user.Commands = defaults.Commands
 		user.Sorting = defaults.Sorting
-		user.LockPassword = mustGetBool(flags, "lockPassword")
+		user.LockPassword, err = flags.GetBool("lockPassword")
 		if err != nil {
 			return err
 		}
 		user.DateFormat, err = flags.GetBool("dateFormat")
 		if err != nil {
 			return err
 		}
 		user.HideDotfiles, err = flags.GetBool("hideDotfiles")
 		if err != nil {
 			return err
 		}
 		if newUsername != "" {
 			user.Username = newUsername
 		}
 		if password != "" {
-			user.Password, err = users.HashPwd(password)
+			user.Password, err = users.ValidateAndHashPwd(password, s.MinimumPasswordLength)
-			checkErr(err)
+			if err != nil {
 				return err
 			}
 		}
-		err = d.store.Users.Update(user)
+		err = st.Users.Update(user)
-		checkErr(err)
+		if err != nil {
 			return err
 		}
 		printUsers([]*users.User{user})
-	}, pythonConfig{}),
+		return nil
 	}, storeOptions{}),
 }
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -4,64 +4,50 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io/fs"
 	"log"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"github.com/asdine/storm/v3"
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/samber/lo"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	yaml "gopkg.in/yaml.v2"
+	"github.com/spf13/viper"
 	yaml "gopkg.in/yaml.v3"
 	"github.com/filebrowser/filebrowser/v2/settings"
 	"github.com/filebrowser/filebrowser/v2/storage"
 	"github.com/filebrowser/filebrowser/v2/storage/bolt"
 )
-func checkErr(err error) {
+const databasePermissions = 0640
 func getAndParseFileMode(flags *pflag.FlagSet, name string) (fs.FileMode, error) {
 	mode, err := flags.GetString(name)
 	if err != nil {
-		log.Fatal(err)
+		return 0, err
 	}
 }
-func mustGetString(flags *pflag.FlagSet, flag string) string {
+	b, err := strconv.ParseUint(mode, 0, 32)
-	s, err := flags.GetString(flag)
+	if err != nil {
-	checkErr(err)
+		return 0, err
-	return s
+	}
 }
-func mustGetBool(flags *pflag.FlagSet, flag string) bool {
+	return fs.FileMode(b), nil
 	b, err := flags.GetBool(flag)
 	checkErr(err)
 	return b
 }
 func mustGetUint(flags *pflag.FlagSet, flag string) uint {
 	b, err := flags.GetUint(flag)
 	checkErr(err)
 	return b
 }
 func generateKey() []byte {
 	k, err := settings.GenerateKey()
-	checkErr(err)
+	if err != nil {
 		panic(err)
 	}
 	return k
 }
 type cobraFunc func(cmd *cobra.Command, args []string)
 type pythonFunc func(cmd *cobra.Command, args []string, data pythonData)
 type pythonConfig struct {
 	noDB      bool
 	allowNoDB bool
 }
 type pythonData struct {
 	hadDB bool
 	store *storage.Storage
 }
 func dbExists(path string) (bool, error) {
 	stat, err := os.Stat(path)
 	if err == nil {
@@ -72,7 +58,7 @@ func dbExists(path string) (bool, error) {
 		d := filepath.Dir(path)
 		_, err = os.Stat(d)
 		if os.IsNotExist(err) {
-			if err := os.MkdirAll(d, 0700); err != nil { //nolint:govet,gomnd
+			if err := os.MkdirAll(d, 0700); err != nil {
 				return false, err
 			}
 			return false, nil
@@ -82,34 +68,142 @@ func dbExists(path string) (bool, error) {
 	return false, err
 }
-func python(fn pythonFunc, cfg pythonConfig) cobraFunc {
+// Generate the replacements for all environment variables. This allows to
-	return func(cmd *cobra.Command, args []string) {
+// use FB_BRANDING_DISABLE_EXTERNAL environment variables, even when the
-		data := pythonData{hadDB: true}
+// option name is branding.disableExternal.
 func generateEnvKeyReplacements(cmd *cobra.Command) []string {
 	replacements := []string{}
-		path := getParam(cmd.Flags(), "database")
+	cmd.Flags().VisitAll(func(f *pflag.Flag) {
-		exists, err := dbExists(path)
+		oldName := strings.ToUpper(f.Name)
 		newName := strings.ToUpper(lo.SnakeCase(f.Name))
 		replacements = append(replacements, oldName, newName)
 	})
 	return replacements
 }
 func initViper(cmd *cobra.Command) (*viper.Viper, error) {
 	v := viper.New()
 	// Get config file from flag
 	cfgFile, err := cmd.Flags().GetString("config")
 	if err != nil {
 		return nil, err
 	}
 	// Configuration file
 	if cfgFile == "" {
 		home, err := homedir.Dir()
 		if err != nil {
-			panic(err)
+			return nil, err
-		} else if exists && cfg.noDB {
+		}
-			log.Fatal(path + " already exists")
+		v.AddConfigPath(".")
-		} else if !exists && !cfg.noDB && !cfg.allowNoDB {
+		v.AddConfigPath(home)
-			log.Fatal(path + " does not exist. Please run 'filebrowser config init' first.")
+		v.AddConfigPath("/etc/filebrowser/")
 		v.SetConfigName(".filebrowser")
 	} else {
 		v.SetConfigFile(cfgFile)
 	}
 	// Environment variables
 	v.SetEnvPrefix("FB")
 	v.AutomaticEnv()
 	v.SetEnvKeyReplacer(strings.NewReplacer(generateEnvKeyReplacements(cmd)...))
 	// Bind the flags
 	err = v.BindPFlags(cmd.Flags())
 	if err != nil {
 		return nil, err
 	}
 	// Read in configuration
 	if err := v.ReadInConfig(); err != nil {
 		if errors.Is(err, viper.ConfigParseError{}) {
 			return nil, err
 		}
-		data.hadDB = exists
+		log.Println("No config file used")
-		db, err := storm.Open(path)
+	} else {
-		checkErr(err)
+		log.Printf("Using config file: %s", v.ConfigFileUsed())
 		defer db.Close()
 		data.store, err = bolt.NewStorage(db)
 		checkErr(err)
 		fn(cmd, args, data)
 	}
 	// Return Viper
 	return v, nil
 }
 type store struct {
 	*storage.Storage
 	databaseExisted bool
 }
 type storeOptions struct {
 	expectsNoDatabase bool
 	allowsNoDatabase  bool
 }
 type cobraFunc func(cmd *cobra.Command, args []string) error
 // withViperAndStore initializes Viper and the storage.Store and passes them to the callback function.
 // This function should only be used by [withStore] and the root command. No other command should call
 // this function directly.
 func withViperAndStore(fn func(cmd *cobra.Command, args []string, v *viper.Viper, store *store) error, options storeOptions) cobraFunc {
 	return func(cmd *cobra.Command, args []string) error {
 		v, err := initViper(cmd)
 		if err != nil {
 			return err
 		}
 		path, err := filepath.Abs(v.GetString("database"))
 		if err != nil {
 			return err
 		}
 		exists, err := dbExists(path)
 		switch {
 		case err != nil:
 			return err
 		case exists && options.expectsNoDatabase:
 			log.Fatal(path + " already exists")
 		case !exists && !options.expectsNoDatabase && !options.allowsNoDatabase:
 			log.Fatal(path + " does not exist. Please run 'filebrowser config init' first.")
 		case !exists && !options.expectsNoDatabase:
 			log.Println("WARNING: filebrowser.db can't be found. Initialing in " + strings.TrimSuffix(path, "filebrowser.db"))
 		}
 		log.Println("Using database: " + path)
 		db, err := storm.Open(path, storm.BoltOptions(databasePermissions, nil))
 		if err != nil {
 			return err
 		}
 		defer db.Close()
 		storage, err := bolt.NewStorage(db)
 		if err != nil {
 			return err
 		}
 		store := &store{
 			Storage:         storage,
 			databaseExisted: exists,
 		}
 		return fn(cmd, args, v, store)
 	}
 }
 func withStore(fn func(cmd *cobra.Command, args []string, store *store) error, options storeOptions) cobraFunc {
 	return withViperAndStore(func(cmd *cobra.Command, args []string, _ *viper.Viper, store *store) error {
 		return fn(cmd, args, store)
 	}, options)
 }
 func marshal(filename string, data interface{}) error {
 	fd, err := os.Create(filename)
-	checkErr(err)
+	if err != nil {
 		return err
 	}
 	defer fd.Close()
 	switch ext := filepath.Ext(filename); ext {
@@ -117,7 +211,7 @@ func marshal(filename string, data interface{}) error {
 		encoder := json.NewEncoder(fd)
 		encoder.SetIndent("", "    ")
 		return encoder.Encode(data)
-	case ".yml", ".yaml": //nolint:goconst
+	case ".yml", ".yaml":
 		encoder := yaml.NewEncoder(fd)
 		return encoder.Encode(data)
 	default:
@@ -127,7 +221,9 @@ func marshal(filename string, data interface{}) error {
 func unmarshal(filename string, data interface{}) error {
 	fd, err := os.Open(filename)
-	checkErr(err)
+	if err != nil {
 		return err
 	}
 	defer fd.Close()
 	switch ext := filepath.Ext(filename); ext {
@@ -181,7 +277,7 @@ func cleanUpMapValue(v interface{}) interface{} {
 }
 // convertCmdStrToCmdArray checks if cmd string is blank (whitespace included)
-// then returns empty string array, else returns the splitted word array of cmd.
+// then returns empty string array, else returns the split word array of cmd.
 // This is to ensure the result will never be []string{""}
 func convertCmdStrToCmdArray(cmd string) []string {
 	var cmdArray []string
--- a/cmd/version.go
+++ b/cmd/version.go
@@ -15,7 +15,7 @@ func init() {
 var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print the version number",
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(_ *cobra.Command, _ []string) {
 		fmt.Println("File Browser v" + version.Version + "/" + version.CommitSHA)
 	},
 }
--- a/commitlint.config.js
+++ b/commitlint.config.js
@@ -1,34 +0,0 @@
 module.exports = {
    rules: {
        'body-leading-blank': [1, 'always'],
        'body-max-line-length': [2, 'always', 100],
        'footer-leading-blank': [1, 'always'],
        'footer-max-line-length': [2, 'always', 100],
        'header-max-length': [2, 'always', 100],
        'scope-case': [2, 'always', 'lower-case'],
        'subject-case': [
            2,
            'never',
            ['sentence-case', 'start-case', 'pascal-case', 'upper-case'],
        ],
        'subject-full-stop': [2, 'never', '.'],
        'type-case': [2, 'always', 'lower-case'],
        'type-empty': [2, 'never'],
        'type-enum': [
            2,
            'always',
            [
                'feat',
                'fix',
                'perf',
                'revert',
                'refactor',
                'build',
                'ci',
                'test',
                'chore',
                'docs',
            ],
        ],
    },
 };
--- a/common.mk
+++ b/common.mk
@@ -1,28 +0,0 @@
 SHELL := /usr/bin/env bash
 DATE ?= $(shell date +%FT%T%z)
 BASE_PATH := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 VERSION ?= $(shell git describe --tags --always --match=v* 2> /dev/null || \
           			cat $(CURDIR)/.version 2> /dev/null || echo v0)
 VERSION_HASH = $(shell git rev-parse HEAD)
 BRANCH = $(shell git rev-parse --abbrev-ref HEAD)
 go = GOGC=off go
 MODULE = $(shell env GO111MODULE=on go list -m)
 # printing
 # $Q (quiet) is used in the targets as a replacer for @.
 # This macro helps to print the command for debugging by setting V to 1. Example `make test-unit V=1`
 V = 0
 Q = $(if $(filter 1,$V),,@)
 # $M is a macro to print a colored ▶ character. Example `$(info $(M) running coverage tests…)` will print "▶ running coverage tests…"
 M = $(shell printf "\033[34;1m▶\033[0m")
 GREEN  := $(shell tput -Txterm setaf 2)
 YELLOW := $(shell tput -Txterm setaf 3)
 WHITE  := $(shell tput -Txterm setaf 7)
 CYAN   := $(shell tput -Txterm setaf 6)
 RESET  := $(shell tput -Txterm sgr0)
 define global_option
    printf "  ${YELLOW}%-20s${GREEN}%s${RESET}\n" $(1) $(2)
 endef
--- a/diskcache/file_cache.go
+++ b/diskcache/file_cache.go
@@ -2,7 +2,7 @@ package diskcache
 import (
 	"context"
-	"crypto/sha1" //nolint:gosec
+	"crypto/sha1"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -31,24 +31,24 @@ func New(fs afero.Fs, root string) *FileCache {
 	}
 }
-func (f *FileCache) Store(ctx context.Context, key string, value []byte) error {
+func (f *FileCache) Store(_ context.Context, key string, value []byte) error {
 	mu := f.getScopedLocks(key)
 	mu.Lock()
 	defer mu.Unlock()
 	fileName := f.getFileName(key)
-	if err := f.fs.MkdirAll(filepath.Dir(fileName), 0700); err != nil { //nolint:gomnd
+	if err := f.fs.MkdirAll(filepath.Dir(fileName), 0700); err != nil {
 		return err
 	}
-	if err := afero.WriteFile(f.fs, fileName, value, 0700); err != nil { //nolint:gomnd
+	if err := afero.WriteFile(f.fs, fileName, value, 0700); err != nil {
 		return err
 	}
 	return nil
 }
-func (f *FileCache) Load(ctx context.Context, key string) (value []byte, exist bool, err error) {
+func (f *FileCache) Load(_ context.Context, key string) (value []byte, exist bool, err error) {
 	r, ok, err := f.open(key)
 	if err != nil || !ok {
 		return nil, ok, err
@@ -62,7 +62,7 @@ func (f *FileCache) Load(ctx context.Context, key string) (value []byte, exist b
 	return value, true, nil
 }
-func (f *FileCache) Delete(ctx context.Context, key string) error {
+func (f *FileCache) Delete(_ context.Context, key string) error {
 	mu := f.getScopedLocks(key)
 	mu.Lock()
 	defer mu.Unlock()
@@ -103,7 +103,7 @@ func (f *FileCache) getScopedLocks(key string) (lock sync.Locker) {
 }
 func (f *FileCache) getFileName(key string) string {
-	hasher := sha1.New() //nolint:gosec
+	hasher := sha1.New()
 	_, _ = hasher.Write([]byte(key))
 	hash := hex.EncodeToString(hasher.Sum(nil))
 	return fmt.Sprintf("%s/%s/%s", hash[:1], hash[1:3], hash)
--- a/diskcache/file_cache_test.go
+++ b/diskcache/file_cache_test.go
@@ -25,12 +25,12 @@ func TestFileCache(t *testing.T) {
 	// store new key
 	err := cache.Store(ctx, key, []byte(value))
 	require.NoError(t, err)
-	checkValue(t, ctx, fs, filepath.Join(cacheRoot, cachedFilePath), cache, key, value)
+	checkValue(ctx, t, fs, filepath.Join(cacheRoot, cachedFilePath), cache, key, value)
 	// update existing key
 	err = cache.Store(ctx, key, []byte(newValue))
 	require.NoError(t, err)
-	checkValue(t, ctx, fs, filepath.Join(cacheRoot, cachedFilePath), cache, key, newValue)
+	checkValue(ctx, t, fs, filepath.Join(cacheRoot, cachedFilePath), cache, key, newValue)
 	// delete key
 	err = cache.Delete(ctx, key)
@@ -40,7 +40,7 @@ func TestFileCache(t *testing.T) {
 	require.False(t, exists)
 }
-func checkValue(t *testing.T, ctx context.Context, fs afero.Fs, fileFullPath string, cache *FileCache, key, wantValue string) { //nolint:golint
+func checkValue(ctx context.Context, t *testing.T, fs afero.Fs, fileFullPath string, cache *FileCache, key, wantValue string) {
 	t.Helper()
 	// check actual file content
 	b, err := afero.ReadFile(fs, fileFullPath)
--- a/diskcache/noop_cache.go
+++ b/diskcache/noop_cache.go
@@ -11,14 +11,14 @@ func NewNoOp() *NoOp {
 	return &NoOp{}
 }
-func (n *NoOp) Store(ctx context.Context, key string, value []byte) error {
+func (n *NoOp) Store(_ context.Context, _ string, _ []byte) error {
 	return nil
 }
-func (n *NoOp) Load(ctx context.Context, key string) (value []byte, exist bool, err error) {
+func (n *NoOp) Load(_ context.Context, _ string) (value []byte, exist bool, err error) {
 	return nil, false, nil
 }
-func (n *NoOp) Delete(ctx context.Context, key string) error {
+func (n *NoOp) Delete(_ context.Context, _ string) error {
 	return nil
 }
--- a/docker/alpine/healthcheck.sh
+++ b/docker/alpine/healthcheck.sh
@@ -0,0 +1,9 @@
 #!/bin/sh
 set -e
 PORT=${FB_PORT:-$(cat /config/settings.json | sh /JSON.sh | grep '\["port"\]' | awk '{print $2}')}
 ADDRESS=${FB_ADDRESS:-$(cat /config/settings.json | sh /JSON.sh | grep '\["address"\]' | awk '{print $2}' | sed 's/"//g')}
 ADDRESS=${ADDRESS:-localhost}
 wget -q --spider http://$ADDRESS:$PORT/health || exit 1
--- a/docker/alpine/init.sh
+++ b/docker/alpine/init.sh
@@ -0,0 +1,35 @@
 #!/bin/sh
 set -e
 # Ensure configuration exists
 if [ ! -f "/config/settings.json" ]; then
  cp -a /defaults/settings.json /config/settings.json
 fi
 # Extract config file path from arguments
 config_file=""
 next_is_config=0
 for arg in "$@"; do
  if [ "$next_is_config" -eq 1 ]; then
    config_file="$arg"
    break
  fi
  case "$arg" in
    -c|--config)
      next_is_config=1
      ;;
    -c=*|--config=*)
      config_file="${arg#*=}"
      break
      ;;
  esac
 done
 # If no config argument is provided, set the default and add it to the args                                                                 
 if [ -z "$config_file" ]; then 
  config_file="/config/settings.json"                                                                                                                                                                                                 
  set -- --config=/config/settings.json "$@"                                                                                                       
 fi                                                                                                                                                                                                                                                                                                                                                             
 exec filebrowser "$@"
--- a/docker/common/defaults/settings.json
+++ b/docker/common/defaults/settings.json
--- a/docker/common/healthcheck.sh
+++ b/docker/common/healthcheck.sh
@@ -0,0 +1,9 @@
 #!/bin/sh
 set -e
 PORT=${FB_PORT:-$(jq -r .port /config/settings.json)}
 ADDRESS=${FB_ADDRESS:-$(jq -r .address /config/settings.json)}
 ADDRESS=${ADDRESS:-localhost}
 wget -q --spider http://$ADDRESS:$PORT/health || exit 1
--- a/docker/root/etc/services.d/filebrowser/run
+++ b/docker/root/etc/services.d/filebrowser/run
@@ -1,3 +0,0 @@
 #!/usr/bin/with-contenv bash
 exec s6-setuidgid abc filebrowser -c /config/settings.json -d /database/filebrowser.db;
--- a/docker/s6/custom-cont-init.d/20-config
+++ b/docker/s6/custom-cont-init.d/20-config
@@ -1,9 +1,6 @@
 #!/usr/bin/with-contenv bash
-# make folders
+# Ensure configuration exists
 mkdir -p /database
 # copy config
 if [ ! -f "/config/settings.json" ]; then
  cp -a /defaults/settings.json /config/settings.json
 fi
--- a/docker/s6/etc/services.d/filebrowser/run
+++ b/docker/s6/etc/services.d/filebrowser/run
@@ -0,0 +1,3 @@
 #!/usr/bin/with-contenv bash
 exec s6-setuidgid abc filebrowser -c /config/settings.json;
--- a/docker_config.json
+++ b/docker_config.json
@@ -1,8 +0,0 @@
 {
  "port": 80,
  "baseURL": "",
  "address": "",
  "log": "stdout",
  "database": "/database.db",
  "root": "/srv"
 }
--- a/errors/errors.go
+++ b/errors/errors.go
@@ -1,21 +1,34 @@
-package errors
+package fberrors
-import "errors"
+import (
 	"errors"
 	"fmt"
 )
 var (
-	ErrEmptyKey             = errors.New("empty key")
+	ErrEmptyKey                 = errors.New("empty key")
-	ErrExist                = errors.New("the resource already exists")
+	ErrExist                    = errors.New("the resource already exists")
-	ErrNotExist             = errors.New("the resource does not exist")
+	ErrNotExist                 = errors.New("the resource does not exist")
-	ErrEmptyPassword        = errors.New("password is empty")
+	ErrEmptyPassword            = errors.New("password is empty")
-	ErrEmptyUsername        = errors.New("username is empty")
+	ErrEasyPassword             = errors.New("password is too easy")
-	ErrEmptyRequest         = errors.New("empty request")
+	ErrEmptyUsername            = errors.New("username is empty")
-	ErrScopeIsRelative      = errors.New("scope is a relative path")
+	ErrEmptyRequest             = errors.New("empty request")
-	ErrInvalidDataType      = errors.New("invalid data type")
+	ErrScopeIsRelative          = errors.New("scope is a relative path")
-	ErrIsDirectory          = errors.New("file is directory")
+	ErrInvalidDataType          = errors.New("invalid data type")
-	ErrInvalidOption        = errors.New("invalid option")
+	ErrIsDirectory              = errors.New("file is directory")
-	ErrInvalidAuthMethod    = errors.New("invalid auth method")
+	ErrInvalidOption            = errors.New("invalid option")
-	ErrPermissionDenied     = errors.New("permission denied")
+	ErrInvalidAuthMethod        = errors.New("invalid auth method")
-	ErrInvalidRequestParams = errors.New("invalid request params")
+	ErrPermissionDenied         = errors.New("permission denied")
-	ErrSourceIsParent       = errors.New("source is parent")
+	ErrInvalidRequestParams     = errors.New("invalid request params")
-	ErrRootUserDeletion     = errors.New("user with id 1 can't be deleted")
+	ErrSourceIsParent           = errors.New("source is parent")
 	ErrRootUserDeletion         = errors.New("user with id 1 can't be deleted")
 	ErrCurrentPasswordIncorrect = errors.New("the current password is incorrect")
 )
 type ErrShortPassword struct {
 	MinimumLength uint
 }
 func (e ErrShortPassword) Error() string {
 	return fmt.Sprintf("password is too short, minimum length is %d", e.MinimumLength)
 }
--- a/files/file.go
+++ b/files/file.go
@@ -1,29 +1,36 @@
 package files
 import (
-	"crypto/md5"  //nolint:gosec
+	"crypto/md5"
-	"crypto/sha1" //nolint:gosec
+	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
 	"errors"
 	"hash"
 	"image"
 	"io"
 	"io/fs"
 	"log"
 	"mime"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"time"
 	"github.com/spf13/afero"
-	"github.com/filebrowser/filebrowser/v2/errors"
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/rules"
 )
-const PERM = 0664
+var (
 	reSubDirs = regexp.MustCompile("(?i)^sub(s|titles)$")
 	reSubExts = regexp.MustCompile("(?i)(.vtt|.srt|.ass|.ssa)$")
 )
 // FileInfo describes a file.
 type FileInfo struct {
@@ -41,7 +48,11 @@ type FileInfo struct {
 	Subtitles []string          `json:"subtitles,omitempty"`
 	Content   string            `json:"content,omitempty"`
 	Checksums map[string]string `json:"checksums,omitempty"`
-	Token     string            `json:"token,omitempty"`
+	// Tags holds audio metadata (ID3, VorbisComment, MP4 tags, ...)
 	Tags       map[string]interface{} `json:"tags,omitempty"`
 	Token      string                 `json:"token,omitempty"`
 	currentDir []os.FileInfo          `json:"-"`
 	Resolution *ImageResolution       `json:"resolution,omitempty"`
 }
 // FileOptions are the options when getting a file info.
@@ -51,15 +62,21 @@ type FileOptions struct {
 	Modify     bool
 	Expand     bool
 	ReadHeader bool
 	CalcImgRes bool
 	Token      string
 	Checker    rules.Checker
 	Content    bool
 }
 type ImageResolution struct {
 	Width  int `json:"width"`
 	Height int `json:"height"`
 }
 // NewFileInfo creates a File object from a path and a given user. This File
 // object will be automatically filled depending on if it is a directory
 // or a file. If it's a video file, it will also detect any subtitles.
-func NewFileInfo(opts FileOptions) (*FileInfo, error) {
+func NewFileInfo(opts *FileOptions) (*FileInfo, error) {
 	if !opts.Checker.Check(opts.Path) {
 		return nil, os.ErrPermission
 	}
@@ -69,15 +86,20 @@ func NewFileInfo(opts FileOptions) (*FileInfo, error) {
 		return nil, err
 	}
 	// Do not expose the name of root directory.
 	if file.Path == "/" {
 		file.Name = ""
 	}
 	if opts.Expand {
 		if file.IsDir {
-			if err := file.readListing(opts.Checker, opts.ReadHeader); err != nil { //nolint:govet
+			if err := file.readListing(opts.Checker, opts.ReadHeader, opts.CalcImgRes); err != nil {
 				return nil, err
 			}
 			return file, nil
 		}
-		err = file.detectType(opts.Modify, opts.Content, true)
+		err = file.detectType(opts.Modify, opts.Content, true, opts.CalcImgRes)
 		if err != nil {
 			return nil, err
 		}
@@ -86,7 +108,7 @@ func NewFileInfo(opts FileOptions) (*FileInfo, error) {
 	return file, err
 }
-func stat(opts FileOptions) (*FileInfo, error) {
+func stat(opts *FileOptions) (*FileInfo, error) {
 	var file *FileInfo
 	if lstaterFs, ok := opts.Fs.(afero.Lstater); ok {
@@ -149,7 +171,7 @@ func stat(opts FileOptions) (*FileInfo, error) {
 // algorithm. The checksums data is saved on File object.
 func (i *FileInfo) Checksum(algo string) error {
 	if i.IsDir {
-		return errors.ErrIsDirectory
+		return fberrors.ErrIsDirectory
 	}
 	if i.Checksums == nil {
@@ -164,7 +186,6 @@ func (i *FileInfo) Checksum(algo string) error {
 	var h hash.Hash
 	//nolint:gosec
 	switch algo {
 	case "md5":
 		h = md5.New()
@@ -175,7 +196,7 @@ func (i *FileInfo) Checksum(algo string) error {
 	case "sha512":
 		h = sha512.New()
 	default:
-		return errors.ErrInvalidOption
+		return fberrors.ErrInvalidOption
 	}
 	_, err = io.Copy(h, reader)
@@ -200,10 +221,7 @@ func (i *FileInfo) RealPath() string {
 	return i.Path
 }
-// TODO: use constants
+func (i *FileInfo) detectType(modify, saveContent, readHeader bool, calcImgRes bool) error {
 //
 //nolint:goconst
 func (i *FileInfo) detectType(modify, saveContent, readHeader bool) error {
 	if IsNamedPipe(i.Mode) {
 		i.Type = "blob"
 		return nil
@@ -234,6 +252,14 @@ func (i *FileInfo) detectType(modify, saveContent, readHeader bool) error {
 		return nil
 	case strings.HasPrefix(mimetype, "image"):
 		i.Type = "image"
 		if calcImgRes {
 			resolution, err := calculateImageResolution(i.Fs, i.Path)
 			if err != nil {
 				log.Printf("Error calculating image resolution: %v", err)
 			} else {
 				i.Resolution = resolution
 			}
 		}
 		return nil
 	case strings.HasSuffix(mimetype, "pdf"):
 		i.Type = "pdf"
@@ -262,6 +288,28 @@ func (i *FileInfo) detectType(modify, saveContent, readHeader bool) error {
 	return nil
 }
 func calculateImageResolution(fSys afero.Fs, filePath string) (*ImageResolution, error) {
 	file, err := fSys.Open(filePath)
 	if err != nil {
 		return nil, err
 	}
 	defer func() {
 		if cErr := file.Close(); cErr != nil {
 			log.Printf("Failed to close file: %v", cErr)
 		}
 	}()
 	config, _, err := image.DecodeConfig(file)
 	if err != nil {
 		return nil, err
 	}
 	return &ImageResolution{
 		Width:  config.Width,
 		Height: config.Height,
 	}, nil
 }
 func (i *FileInfo) readFirstBytes() []byte {
 	reader, err := i.Fs.Open(i.Path)
 	if err != nil {
@@ -271,9 +319,9 @@ func (i *FileInfo) readFirstBytes() []byte {
 	}
 	defer reader.Close()
-	buffer := make([]byte, 512) //nolint:gomnd
+	buffer := make([]byte, 512)
 	n, err := reader.Read(buffer)
-	if err != nil && err != io.EOF {
+	if err != nil && !errors.Is(err, io.EOF) {
 		log.Print(err)
 		i.Type = "blob"
 		return nil
@@ -291,20 +339,60 @@ func (i *FileInfo) detectSubtitles() {
 	ext := filepath.Ext(i.Path)
 	// detect multiple languages. Base*.vtt
 	// TODO: give subtitles descriptive names (lang) and track attributes
 	parentDir := strings.TrimRight(i.Path, i.Name)
-	dir, err := afero.ReadDir(i.Fs, parentDir)
+	var dir []os.FileInfo
 	if len(i.currentDir) > 0 {
 		dir = i.currentDir
 	} else {
 		var err error
 		dir, err = afero.ReadDir(i.Fs, parentDir)
 		if err != nil {
 			return
 		}
 	}
 	base := strings.TrimSuffix(i.Name, ext)
 	for _, f := range dir {
 		// load all supported subtitles from subs directories
 		// should cover all instances of subtitle distributions
 		// like tv-shows with multiple episodes in single dir
 		if f.IsDir() && reSubDirs.MatchString(f.Name()) {
 			subsDir := path.Join(parentDir, f.Name())
 			i.loadSubtitles(subsDir, base, true)
 		} else if isSubtitleMatch(f, base) {
 			i.addSubtitle(path.Join(parentDir, f.Name()))
 		}
 	}
 }
 func (i *FileInfo) loadSubtitles(subsPath, baseName string, recursive bool) {
 	dir, err := afero.ReadDir(i.Fs, subsPath)
 	if err == nil {
 		base := strings.TrimSuffix(i.Name, ext)
 		for _, f := range dir {
-			if !f.IsDir() && strings.HasPrefix(f.Name(), base) && strings.HasSuffix(f.Name(), ".vtt") {
+			if isSubtitleMatch(f, "") {
-				i.Subtitles = append(i.Subtitles, path.Join(parentDir, f.Name()))
+				i.addSubtitle(path.Join(subsPath, f.Name()))
 			} else if f.IsDir() && recursive && strings.HasPrefix(f.Name(), baseName) {
 				subsDir := path.Join(subsPath, f.Name())
 				i.loadSubtitles(subsDir, baseName, false)
 			}
 		}
 	}
 }
-func (i *FileInfo) readListing(checker rules.Checker, readHeader bool) error {
+func IsSupportedSubtitle(fileName string) bool {
 	return reSubExts.MatchString(fileName)
 }
 func isSubtitleMatch(f fs.FileInfo, baseName string) bool {
 	return !f.IsDir() && strings.HasPrefix(f.Name(), baseName) &&
 		IsSupportedSubtitle(f.Name())
 }
 func (i *FileInfo) addSubtitle(fPath string) {
 	i.Subtitles = append(i.Subtitles, fPath)
 }
 func (i *FileInfo) readListing(checker rules.Checker, readHeader bool, calcImgRes bool) error {
 	afs := &afero.Afero{Fs: i.Fs}
 	dir, err := afs.ReadDir(i.Path)
 	if err != nil {
@@ -339,15 +427,25 @@ func (i *FileInfo) readListing(checker rules.Checker, readHeader bool) error {
 		}
 		file := &FileInfo{
-			Fs:        i.Fs,
+			Fs:         i.Fs,
-			Name:      name,
+			Name:       name,
-			Size:      f.Size(),
+			Size:       f.Size(),
-			ModTime:   f.ModTime(),
+			ModTime:    f.ModTime(),
-			Mode:      f.Mode(),
+			Mode:       f.Mode(),
-			IsDir:     f.IsDir(),
+			IsDir:      f.IsDir(),
-			IsSymlink: isSymlink,
+			IsSymlink:  isSymlink,
-			Extension: filepath.Ext(name),
+			Extension:  filepath.Ext(name),
-			Path:      fPath,
+			Path:       fPath,
 			currentDir: dir,
 		}
 		if !file.IsDir && strings.HasPrefix(mime.TypeByExtension(file.Extension), "image/") && calcImgRes {
 			resolution, err := calculateImageResolution(file.Fs, file.Path)
 			if err != nil {
 				log.Printf("Error calculating resolution for image %s: %v", file.Path, err)
 			} else {
 				file.Resolution = resolution
 			}
 		}
 		if file.IsDir {
@@ -358,7 +456,7 @@ func (i *FileInfo) readListing(checker rules.Checker, readHeader bool) error {
 			if isInvalidLink {
 				file.Type = "invalid_link"
 			} else {
-				err := file.detectType(true, false, readHeader)
+				err := file.detectType(true, false, readHeader, calcImgRes)
 				if err != nil {
 					return err
 				}
--- a/files/listing.go
+++ b/files/listing.go
@@ -16,11 +16,8 @@ type Listing struct {
 }
 // ApplySort applies the sort order using .Order and .Sort
 //
 //nolint:goconst
 func (l Listing) ApplySort() {
 	// Check '.Order' to know how to sort
 	// TODO: use enum
 	if !l.Sorting.Asc {
 		switch l.Sorting.By {
 		case "name":
--- a/files/mime.go
+++ b/files/mime.go
@@ -0,0 +1,608 @@
 package files
 // This file contains code primarily sourced from::
 // github.com/kataras/iris
 import (
 	"mime"
 )
 const (
 	// ContentBinaryHeaderValue header value for binary data.
 	ContentBinaryHeaderValue = "application/octet-stream"
 	// ContentWebassemblyHeaderValue header value for web assembly files.
 	ContentWebassemblyHeaderValue = "application/wasm"
 	// ContentHTMLHeaderValue is the  string of text/html response header's content type value.
 	ContentHTMLHeaderValue = "text/html"
 	// ContentJSONHeaderValue header value for JSON data.
 	ContentJSONHeaderValue = "application/json"
 	// ContentJSONProblemHeaderValue header value for JSON API problem error.
 	// Read more at: https://tools.ietf.org/html/rfc7807
 	ContentJSONProblemHeaderValue = "application/problem+json"
 	// ContentXMLProblemHeaderValue header value for XML API problem error.
 	// Read more at: https://tools.ietf.org/html/rfc7807
 	ContentXMLProblemHeaderValue = "application/problem+xml"
 	// ContentJavascriptHeaderValue header value for JSONP & Javascript data.
 	ContentJavascriptHeaderValue = "text/javascript"
 	// ContentTextHeaderValue header value for Text data.
 	ContentTextHeaderValue = "text/plain"
 	// ContentXMLHeaderValue header value for XML data.
 	ContentXMLHeaderValue = "text/xml"
 	// ContentXMLUnreadableHeaderValue obsolete header value for XML.
 	ContentXMLUnreadableHeaderValue = "application/xml"
 	// ContentMarkdownHeaderValue custom key/content type, the real is the text/html.
 	ContentMarkdownHeaderValue = "text/markdown"
 	// ContentYAMLHeaderValue header value for YAML data.
 	ContentYAMLHeaderValue = "application/x-yaml"
 	// ContentYAMLTextHeaderValue header value for YAML plain text.
 	ContentYAMLTextHeaderValue = "text/yaml"
 	// ContentProtobufHeaderValue header value for Protobuf messages data.
 	ContentProtobufHeaderValue = "application/x-protobuf"
 	// ContentMsgPackHeaderValue header value for MsgPack data.
 	ContentMsgPackHeaderValue = "application/msgpack"
 	// ContentMsgPack2HeaderValue alternative header value for MsgPack data.
 	ContentMsgPack2HeaderValue = "application/x-msgpack"
 	// ContentFormHeaderValue header value for post form data.
 	ContentFormHeaderValue = "application/x-www-form-urlencoded"
 	// ContentFormMultipartHeaderValue header value for post multipart form data.
 	ContentFormMultipartHeaderValue = "multipart/form-data"
 	// ContentMultipartRelatedHeaderValue header value for multipart related data.
 	ContentMultipartRelatedHeaderValue = "multipart/related"
 	// ContentGRPCHeaderValue Content-Type header value for gRPC.
 	ContentGRPCHeaderValue = "application/grpc"
 )
 var types = map[string]string{
 	".3dm":       "x-world/x-3dmf",
 	".3dmf":      "x-world/x-3dmf",
 	".7z":        "application/x-7z-compressed",
 	".a":         "application/octet-stream",
 	".aab":       "application/x-authorware-bin",
 	".aam":       "application/x-authorware-map",
 	".aas":       "application/x-authorware-seg",
 	".abc":       "text/vndabc",
 	".ace":       "application/x-ace-compressed",
 	".acgi":      "text/html",
 	".afl":       "video/animaflex",
 	".ai":        "application/postscript",
 	".aif":       "audio/aiff",
 	".aifc":      "audio/aiff",
 	".aiff":      "audio/aiff",
 	".aim":       "application/x-aim",
 	".aip":       "text/x-audiosoft-intra",
 	".alz":       "application/x-alz-compressed",
 	".ani":       "application/x-navi-animation",
 	".aos":       "application/x-nokia-9000-communicator-add-on-software",
 	".aps":       "application/mime",
 	".apk":       "application/vnd.android.package-archive",
 	".arc":       "application/x-arc-compressed",
 	".arj":       "application/arj",
 	".art":       "image/x-jg",
 	".asf":       "video/x-ms-asf",
 	".asm":       "text/x-asm",
 	".asp":       "text/asp",
 	".asx":       "application/x-mplayer2",
 	".au":        "audio/basic",
 	".avi":       "video/x-msvideo",
 	".avs":       "video/avs-video",
 	".bcpio":     "application/x-bcpio",
 	".bin":       "application/mac-binary",
 	".bmp":       "image/bmp",
 	".boo":       "application/book",
 	".book":      "application/book",
 	".boz":       "application/x-bzip2",
 	".bsh":       "application/x-bsh",
 	".bz2":       "application/x-bzip2",
 	".bz":        "application/x-bzip",
 	".c++":       ContentTextHeaderValue,
 	".c":         "text/x-c",
 	".cab":       "application/vnd.ms-cab-compressed",
 	".cat":       "application/vndms-pkiseccat",
 	".cc":        "text/x-c",
 	".ccad":      "application/clariscad",
 	".cco":       "application/x-cocoa",
 	".cdf":       "application/cdf",
 	".cer":       "application/pkix-cert",
 	".cha":       "application/x-chat",
 	".chat":      "application/x-chat",
 	".chrt":      "application/vnd.kde.kchart",
 	".class":     "application/java",
 	".com":       ContentTextHeaderValue,
 	".conf":      ContentTextHeaderValue,
 	".cpio":      "application/x-cpio",
 	".cpp":       "text/x-c",
 	".cpt":       "application/mac-compactpro",
 	".crl":       "application/pkcs-crl",
 	".crt":       "application/pkix-cert",
 	".crx":       "application/x-chrome-extension",
 	".csh":       "text/x-scriptcsh",
 	".css":       "text/css",
 	".csv":       "text/csv",
 	".cxx":       ContentTextHeaderValue,
 	".dar":       "application/x-dar",
 	".dcr":       "application/x-director",
 	".deb":       "application/x-debian-package",
 	".deepv":     "application/x-deepv",
 	".def":       ContentTextHeaderValue,
 	".der":       "application/x-x509-ca-cert",
 	".dif":       "video/x-dv",
 	".dir":       "application/x-director",
 	".divx":      "video/divx",
 	".dl":        "video/dl",
 	".dmg":       "application/x-apple-diskimage",
 	".doc":       "application/msword",
 	".dot":       "application/msword",
 	".dp":        "application/commonground",
 	".drw":       "application/drafting",
 	".dump":      "application/octet-stream",
 	".dv":        "video/x-dv",
 	".dvi":       "application/x-dvi",
 	".dwf":       "drawing/x-dwf=(old)",
 	".dwg":       "application/acad",
 	".dxf":       "application/dxf",
 	".dxr":       "application/x-director",
 	".el":        "text/x-scriptelisp",
 	".elc":       "application/x-bytecodeelisp=(compiled=elisp)",
 	".eml":       "message/rfc822",
 	".env":       "application/x-envoy",
 	".eps":       "application/postscript",
 	".es":        "application/x-esrehber",
 	".etx":       "text/x-setext",
 	".evy":       "application/envoy",
 	".exe":       "application/octet-stream",
 	".f77":       "text/x-fortran",
 	".f90":       "text/x-fortran",
 	".f":         "text/x-fortran",
 	".fdf":       "application/vndfdf",
 	".fif":       "application/fractals",
 	".fli":       "video/fli",
 	".flo":       "image/florian",
 	".flv":       "video/x-flv",
 	".flx":       "text/vndfmiflexstor",
 	".fmf":       "video/x-atomic3d-feature",
 	".for":       "text/x-fortran",
 	".fpx":       "image/vndfpx",
 	".frl":       "application/freeloader",
 	".funk":      "audio/make",
 	".g3":        "image/g3fax",
 	".g":         ContentTextHeaderValue,
 	".gif":       "image/gif",
 	".gl":        "video/gl",
 	".gsd":       "audio/x-gsm",
 	".gsm":       "audio/x-gsm",
 	".gsp":       "application/x-gsp",
 	".gss":       "application/x-gss",
 	".gtar":      "application/x-gtar",
 	".gz":        "application/x-compressed",
 	".gzip":      "application/x-gzip",
 	".h":         "text/x-h",
 	".hdf":       "application/x-hdf",
 	".help":      "application/x-helpfile",
 	".hgl":       "application/vndhp-hpgl",
 	".hh":        "text/x-h",
 	".hlb":       "text/x-script",
 	".hlp":       "application/hlp",
 	".hpg":       "application/vndhp-hpgl",
 	".hpgl":      "application/vndhp-hpgl",
 	".hqx":       "application/binhex",
 	".hta":       "application/hta",
 	".htc":       "text/x-component",
 	".htm":       "text/html",
 	".html":      "text/html",
 	".htmls":     "text/html",
 	".htt":       "text/webviewhtml",
 	".htx":       "text/html",
 	".ice":       "x-conference/x-cooltalk",
 	".ico":       "image/x-icon",
 	".ics":       "text/calendar",
 	".icz":       "text/calendar",
 	".idc":       ContentTextHeaderValue,
 	".ief":       "image/ief",
 	".iefs":      "image/ief",
 	".iges":      "application/iges",
 	".igs":       "application/iges",
 	".ima":       "application/x-ima",
 	".imap":      "application/x-httpd-imap",
 	".inf":       "application/inf",
 	".ins":       "application/x-internett-signup",
 	".ip":        "application/x-ip2",
 	".isu":       "video/x-isvideo",
 	".it":        "audio/it",
 	".iv":        "application/x-inventor",
 	".ivr":       "i-world/i-vrml",
 	".ivy":       "application/x-livescreen",
 	".jam":       "audio/x-jam",
 	".jav":       "text/x-java-source",
 	".java":      "text/x-java-source",
 	".jcm":       "application/x-java-commerce",
 	".jfif-tbnl": "image/jpeg",
 	".jfif":      "image/jpeg",
 	".jnlp":      "application/x-java-jnlp-file",
 	".jpe":       "image/jpeg",
 	".jpeg":      "image/jpeg",
 	".jpg":       "image/jpeg",
 	".jps":       "image/x-jps",
 	".js":        ContentJavascriptHeaderValue,
 	".mjs":       ContentJavascriptHeaderValue,
 	".json":      ContentJSONHeaderValue,
 	".vue":       ContentJavascriptHeaderValue,
 	".jut":       "image/jutvision",
 	".kar":       "audio/midi",
 	".karbon":    "application/vnd.kde.karbon",
 	".kfo":       "application/vnd.kde.kformula",
 	".flw":       "application/vnd.kde.kivio",
 	".kml":       "application/vnd.google-earth.kml+xml",
 	".kmz":       "application/vnd.google-earth.kmz",
 	".kon":       "application/vnd.kde.kontour",
 	".kpr":       "application/vnd.kde.kpresenter",
 	".kpt":       "application/vnd.kde.kpresenter",
 	".ksp":       "application/vnd.kde.kspread",
 	".kwd":       "application/vnd.kde.kword",
 	".kwt":       "application/vnd.kde.kword",
 	".ksh":       "text/x-scriptksh",
 	".la":        "audio/nspaudio",
 	".lam":       "audio/x-liveaudio",
 	".latex":     "application/x-latex",
 	".lha":       "application/lha",
 	".lhx":       "application/octet-stream",
 	".list":      ContentTextHeaderValue,
 	".lma":       "audio/nspaudio",
 	".log":       ContentTextHeaderValue,
 	".lsp":       "text/x-scriptlisp",
 	".lst":       ContentTextHeaderValue,
 	".lsx":       "text/x-la-asf",
 	".ltx":       "application/x-latex",
 	".lzh":       "application/octet-stream",
 	".lzx":       "application/lzx",
 	".m1v":       "video/mpeg",
 	".m2a":       "audio/mpeg",
 	".m2v":       "video/mpeg",
 	".m3u":       "audio/x-mpegurl",
 	".m":         "text/x-m",
 	".man":       "application/x-troff-man",
 	".manifest":  "text/cache-manifest",
 	".map":       "application/x-navimap",
 	".mar":       ContentTextHeaderValue,
 	".mbd":       "application/mbedlet",
 	".mc$":       "application/x-magic-cap-package-10",
 	".mcd":       "application/mcad",
 	".mcf":       "text/mcf",
 	".mcp":       "application/netmc",
 	".me":        "application/x-troff-me",
 	".mht":       "message/rfc822",
 	".mhtml":     "message/rfc822",
 	".mid":       "application/x-midi",
 	".midi":      "application/x-midi",
 	".mif":       "application/x-frame",
 	".mime":      "message/rfc822",
 	".mjf":       "audio/x-vndaudioexplosionmjuicemediafile",
 	".mjpg":      "video/x-motion-jpeg",
 	".mm":        "application/base64",
 	".mme":       "application/base64",
 	".mod":       "audio/mod",
 	".moov":      "video/quicktime",
 	".mov":       "video/quicktime",
 	".movie":     "video/x-sgi-movie",
 	".mp2":       "audio/mpeg",
 	".mp3":       "audio/mpeg",
 	".mp4":       "video/mp4",
 	".mpa":       "audio/mpeg",
 	".mpc":       "application/x-project",
 	".mpe":       "video/mpeg",
 	".mpeg":      "video/mpeg",
 	".mpg":       "video/mpeg",
 	".mpga":      "audio/mpeg",
 	".mpp":       "application/vndms-project",
 	".mpt":       "application/x-project",
 	".mpv":       "application/x-project",
 	".mpx":       "application/x-project",
 	".mrc":       "application/marc",
 	".ms":        "application/x-troff-ms",
 	".mv":        "video/x-sgi-movie",
 	".my":        "audio/make",
 	".mzz":       "application/x-vndaudioexplosionmzz",
 	".nap":       "image/naplps",
 	".naplps":    "image/naplps",
 	".nc":        "application/x-netcdf",
 	".ncm":       "application/vndnokiaconfiguration-message",
 	".nif":       "image/x-niff",
 	".niff":      "image/x-niff",
 	".nix":       "application/x-mix-transfer",
 	".nsc":       "application/x-conference",
 	".nvd":       "application/x-navidoc",
 	".o":         "application/octet-stream",
 	".oda":       "application/oda",
 	".odb":       "application/vnd.oasis.opendocument.database",
 	".odc":       "application/vnd.oasis.opendocument.chart",
 	".odf":       "application/vnd.oasis.opendocument.formula",
 	".odg":       "application/vnd.oasis.opendocument.graphics",
 	".odi":       "application/vnd.oasis.opendocument.image",
 	".odm":       "application/vnd.oasis.opendocument.text-master",
 	".odp":       "application/vnd.oasis.opendocument.presentation",
 	".ods":       "application/vnd.oasis.opendocument.spreadsheet",
 	".odt":       "application/vnd.oasis.opendocument.text",
 	".oga":       "audio/ogg",
 	".ogg":       "audio/ogg",
 	".ogv":       "video/ogg",
 	".omc":       "application/x-omc",
 	".omcd":      "application/x-omcdatamaker",
 	".omcr":      "application/x-omcregerator",
 	".otc":       "application/vnd.oasis.opendocument.chart-template",
 	".otf":       "application/vnd.oasis.opendocument.formula-template",
 	".otg":       "application/vnd.oasis.opendocument.graphics-template",
 	".oth":       "application/vnd.oasis.opendocument.text-web",
 	".oti":       "application/vnd.oasis.opendocument.image-template",
 	".otm":       "application/vnd.oasis.opendocument.text-master",
 	".otp":       "application/vnd.oasis.opendocument.presentation-template",
 	".ots":       "application/vnd.oasis.opendocument.spreadsheet-template",
 	".ott":       "application/vnd.oasis.opendocument.text-template",
 	".p10":       "application/pkcs10",
 	".p12":       "application/pkcs-12",
 	".p7a":       "application/x-pkcs7-signature",
 	".p7c":       "application/pkcs7-mime",
 	".p7m":       "application/pkcs7-mime",
 	".p7r":       "application/x-pkcs7-certreqresp",
 	".p7s":       "application/pkcs7-signature",
 	".p":         "text/x-pascal",
 	".part":      "application/pro_eng",
 	".pas":       "text/pascal",
 	".pbm":       "image/x-portable-bitmap",
 	".pcl":       "application/vndhp-pcl",
 	".pct":       "image/x-pict",
 	".pcx":       "image/x-pcx",
 	".pdb":       "chemical/x-pdb",
 	".pdf":       "application/pdf",
 	".pfunk":     "audio/make",
 	".pgm":       "image/x-portable-graymap",
 	".pic":       "image/pict",
 	".pict":      "image/pict",
 	".pkg":       "application/x-newton-compatible-pkg",
 	".pko":       "application/vndms-pkipko",
 	".pl":        "text/x-scriptperl",
 	".plx":       "application/x-pixclscript",
 	".pm4":       "application/x-pagemaker",
 	".pm5":       "application/x-pagemaker",
 	".pm":        "text/x-scriptperl-module",
 	".png":       "image/png",
 	".pnm":       "application/x-portable-anymap",
 	".pot":       "application/mspowerpoint",
 	".pov":       "model/x-pov",
 	".ppa":       "application/vndms-powerpoint",
 	".ppm":       "image/x-portable-pixmap",
 	".pps":       "application/mspowerpoint",
 	".ppt":       "application/mspowerpoint",
 	".ppz":       "application/mspowerpoint",
 	".pre":       "application/x-freelance",
 	".prt":       "application/pro_eng",
 	".ps":        "application/postscript",
 	".psd":       "application/octet-stream",
 	".pvu":       "paleovu/x-pv",
 	".pwz":       "application/vndms-powerpoint",
 	".py":        "text/x-scriptphyton",
 	".pyc":       "application/x-bytecodepython",
 	".qcp":       "audio/vndqcelp",
 	".qd3":       "x-world/x-3dmf",
 	".qd3d":      "x-world/x-3dmf",
 	".qif":       "image/x-quicktime",
 	".qt":        "video/quicktime",
 	".qtc":       "video/x-qtc",
 	".qti":       "image/x-quicktime",
 	".qtif":      "image/x-quicktime",
 	".ra":        "audio/x-pn-realaudio",
 	".ram":       "audio/x-pn-realaudio",
 	".rar":       "application/x-rar-compressed",
 	".ras":       "application/x-cmu-raster",
 	".rast":      "image/cmu-raster",
 	".rexx":      "text/x-scriptrexx",
 	".rf":        "image/vndrn-realflash",
 	".rgb":       "image/x-rgb",
 	".rm":        "application/vndrn-realmedia",
 	".rmi":       "audio/mid",
 	".rmm":       "audio/x-pn-realaudio",
 	".rmp":       "audio/x-pn-realaudio",
 	".rng":       "application/ringing-tones",
 	".rnx":       "application/vndrn-realplayer",
 	".roff":      "application/x-troff",
 	".rp":        "image/vndrn-realpix",
 	".rpm":       "audio/x-pn-realaudio-plugin",
 	".rt":        "text/vndrn-realtext",
 	".rtf":       "text/richtext",
 	".rtx":       "text/richtext",
 	".rv":        "video/vndrn-realvideo",
 	".s":         "text/x-asm",
 	".s3m":       "audio/s3m",
 	".s7z":       "application/x-7z-compressed",
 	".saveme":    "application/octet-stream",
 	".sbk":       "application/x-tbook",
 	".scm":       "text/x-scriptscheme",
 	".sdml":      ContentTextHeaderValue,
 	".sdp":       "application/sdp",
 	".sdr":       "application/sounder",
 	".sea":       "application/sea",
 	".set":       "application/set",
 	".sgm":       "text/x-sgml",
 	".sgml":      "text/x-sgml",
 	".sh":        "text/x-scriptsh",
 	".shar":      "application/x-bsh",
 	".shtml":     "text/x-server-parsed-html",
 	".sid":       "audio/x-psid",
 	".skd":       "application/x-koan",
 	".skm":       "application/x-koan",
 	".skp":       "application/x-koan",
 	".skt":       "application/x-koan",
 	".sit":       "application/x-stuffit",
 	".sitx":      "application/x-stuffitx",
 	".sl":        "application/x-seelogo",
 	".smi":       "application/smil",
 	".smil":      "application/smil",
 	".snd":       "audio/basic",
 	".sol":       "application/solids",
 	".spc":       "text/x-speech",
 	".spl":       "application/futuresplash",
 	".spr":       "application/x-sprite",
 	".sprite":    "application/x-sprite",
 	".spx":       "audio/ogg",
 	".src":       "application/x-wais-source",
 	".ssi":       "text/x-server-parsed-html",
 	".ssm":       "application/streamingmedia",
 	".sst":       "application/vndms-pkicertstore",
 	".step":      "application/step",
 	".stl":       "application/sla",
 	".stp":       "application/step",
 	".sv4cpio":   "application/x-sv4cpio",
 	".sv4crc":    "application/x-sv4crc",
 	".svf":       "image/vnddwg",
 	".svg":       "image/svg+xml",
 	".svr":       "application/x-world",
 	".swf":       "application/x-shockwave-flash",
 	".t":         "application/x-troff",
 	".talk":      "text/x-speech",
 	".tar":       "application/x-tar",
 	".tbk":       "application/toolbook",
 	".tcl":       "text/x-scripttcl",
 	".tcsh":      "text/x-scripttcsh",
 	".tex":       "application/x-tex",
 	".texi":      "application/x-texinfo",
 	".texinfo":   "application/x-texinfo",
 	".text":      ContentTextHeaderValue,
 	".tgz":       "application/gnutar",
 	".tif":       "image/tiff",
 	".tiff":      "image/tiff",
 	".tr":        "application/x-troff",
 	".tsi":       "audio/tsp-audio",
 	".tsp":       "application/dsptype",
 	".tsv":       "text/tab-separated-values",
 	".turbot":    "image/florian",
 	".txt":       ContentTextHeaderValue,
 	".uil":       "text/x-uil",
 	".uni":       "text/uri-list",
 	".unis":      "text/uri-list",
 	".unv":       "application/i-deas",
 	".uri":       "text/uri-list",
 	".uris":      "text/uri-list",
 	".ustar":     "application/x-ustar",
 	".uu":        "text/x-uuencode",
 	".uue":       "text/x-uuencode",
 	".vcd":       "application/x-cdlink",
 	".vcf":       "text/x-vcard",
 	".vcard":     "text/x-vcard",
 	".vcs":       "text/x-vcalendar",
 	".vda":       "application/vda",
 	".vdo":       "video/vdo",
 	".vew":       "application/groupwise",
 	".viv":       "video/vivo",
 	".vivo":      "video/vivo",
 	".vmd":       "application/vocaltec-media-desc",
 	".vmf":       "application/vocaltec-media-file",
 	".voc":       "audio/voc",
 	".vos":       "video/vosaic",
 	".vox":       "audio/voxware",
 	".vqe":       "audio/x-twinvq-plugin",
 	".vqf":       "audio/x-twinvq",
 	".vql":       "audio/x-twinvq-plugin",
 	".vrml":      "application/x-vrml",
 	".vrt":       "x-world/x-vrt",
 	".vsd":       "application/x-visio",
 	".vst":       "application/x-visio",
 	".vsw":       "application/x-visio",
 	".w60":       "application/wordperfect60",
 	".w61":       "application/wordperfect61",
 	".w6w":       "application/msword",
 	".wav":       "audio/wav",
 	".wb1":       "application/x-qpro",
 	".wbmp":      "image/vnd.wap.wbmp",
 	".web":       "application/vndxara",
 	".wiz":       "application/msword",
 	".wk1":       "application/x-123",
 	".wmf":       "windows/metafile",
 	".wml":       "text/vnd.wap.wml",
 	".wmlc":      "application/vnd.wap.wmlc",
 	".wmls":      "text/vnd.wap.wmlscript",
 	".wmlsc":     "application/vnd.wap.wmlscriptc",
 	".word":      "application/msword",
 	".wp5":       "application/wordperfect",
 	".wp6":       "application/wordperfect",
 	".wp":        "application/wordperfect",
 	".wpd":       "application/wordperfect",
 	".wq1":       "application/x-lotus",
 	".wri":       "application/mswrite",
 	".wrl":       "application/x-world",
 	".wrz":       "model/vrml",
 	".wsc":       "text/scriplet",
 	".wsrc":      "application/x-wais-source",
 	".wtk":       "application/x-wintalk",
 	".x-png":     "image/png",
 	".xbm":       "image/x-xbitmap",
 	".xdr":       "video/x-amt-demorun",
 	".xgz":       "xgl/drawing",
 	".xif":       "image/vndxiff",
 	".xl":        "application/excel",
 	".xla":       "application/excel",
 	".xlb":       "application/excel",
 	".xlc":       "application/excel",
 	".xld":       "application/excel",
 	".xlk":       "application/excel",
 	".xll":       "application/excel",
 	".xlm":       "application/excel",
 	".xls":       "application/excel",
 	".xlt":       "application/excel",
 	".xlv":       "application/excel",
 	".xlw":       "application/excel",
 	".xm":        "audio/xm",
 	".xml":       ContentXMLHeaderValue,
 	".xmz":       "xgl/movie",
 	".xpix":      "application/x-vndls-xpix",
 	".xpm":       "image/x-xpixmap",
 	".xsr":       "video/x-amt-showrun",
 	".xwd":       "image/x-xwd",
 	".xyz":       "chemical/x-pdb",
 	".z":         "application/x-compress",
 	".zip":       "application/zip",
 	".zoo":       "application/octet-stream",
 	".zsh":       "text/x-scriptzsh",
 	".docx":      "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
 	".docm":      "application/vnd.ms-word.document.macroEnabled.12",
 	".dotx":      "application/vnd.openxmlformats-officedocument.wordprocessingml.template",
 	".dotm":      "application/vnd.ms-word.template.macroEnabled.12",
 	".xlsx":      "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
 	".xlsm":      "application/vnd.ms-excel.sheet.macroEnabled.12",
 	".xltx":      "application/vnd.openxmlformats-officedocument.spreadsheetml.template",
 	".xltm":      "application/vnd.ms-excel.template.macroEnabled.12",
 	".xlsb":      "application/vnd.ms-excel.sheet.binary.macroEnabled.12",
 	".xlam":      "application/vnd.ms-excel.addin.macroEnabled.12",
 	".pptx":      "application/vnd.openxmlformats-officedocument.presentationml.presentation",
 	".pptm":      "application/vnd.ms-powerpoint.presentation.macroEnabled.12",
 	".ppsx":      "application/vnd.openxmlformats-officedocument.presentationml.slideshow",
 	".ppsm":      "application/vnd.ms-powerpoint.slideshow.macroEnabled.12",
 	".potx":      "application/vnd.openxmlformats-officedocument.presentationml.template",
 	".potm":      "application/vnd.ms-powerpoint.template.macroEnabled.12",
 	".ppam":      "application/vnd.ms-powerpoint.addin.macroEnabled.12",
 	".sldx":      "application/vnd.openxmlformats-officedocument.presentationml.slide",
 	".sldm":      "application/vnd.ms-powerpoint.slide.macroEnabled.12",
 	".thmx":      "application/vnd.ms-officetheme",
 	".onetoc":    "application/onenote",
 	".onetoc2":   "application/onenote",
 	".onetmp":    "application/onenote",
 	".onepkg":    "application/onenote",
 	".xpi":       "application/x-xpinstall",
 	".wasm":      "application/wasm",
 	".m4a":       "audio/mp4",
 	".flac":      "audio/x-flac",
 	".amr":       "audio/amr",
 	".aac":       "audio/aac",
 	".opus":      "video/ogg",
 	".m4v":       "video/mp4",
 	".mkv":       "video/x-matroska",
 	".caf":       "audio/x-caf",
 	".m3u8":      "application/x-mpegURL",
 	".mpd":       "application/dash+xml",
 	".webp":      "image/webp",
 	".epub":      "application/epub+zip",
 }
 func init() {
 	for ext, typ := range types {
 		// skip errors
 		_ = mime.AddExtensionType(ext, typ)
 	}
 }
--- a/files/tags.go
+++ b/files/tags.go
@@ -0,0 +1,221 @@
 package files
 import (
 	"bytes"
 	"encoding/base64"
 	"io"
 	"log"
 	"os/exec"
 	"path/filepath"
 	"strings"
 	"github.com/dhowden/tag"
 )
 // ReadAudioTags extracts common audio metadata from the file and stores it in
 // the FileInfo.Tags map. It attempts to extract common fields and includes
 // embedded picture(s) as base64 where present.
 // Multi-valued tags like ARTISTS and ALBUMARTISTS are extracted as arrays.
 func (i *FileInfo) ReadAudioTags() error {
 	if i.IsDir {
 		return nil
 	}
 	f, err := i.Fs.Open(i.Path)
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 	m, err := tag.ReadFrom(f)
 	if err != nil {
 		// don't fail hard; log and return nil so callers still get file info
 		log.Printf("ReadAudioTags: failed to read tags for %s: %v", i.Path, err)
 		return nil
 	}
 	tags := map[string]interface{}{}
 	if v := m.Title(); v != "" {
 		tags["title"] = v
 	}
 	if v := m.Album(); v != "" {
 		tags["album"] = v
 	}
 	if v := m.Artist(); v != "" {
 		tags["artist"] = v
 	}
 	if v := m.AlbumArtist(); v != "" {
 		tags["albumartist"] = v
 	}
 	if v := m.Composer(); v != "" {
 		tags["composer"] = v
 	}
 	if v := m.Year(); v != 0 {
 		tags["year"] = v
 	}
 	if t, _ := m.Track(); t > 0 {
 		tags["track"] = t
 	}
 	if dnum, _ := m.Disc(); dnum > 0 {
 		tags["disc"] = dnum
 	}
 	if v := m.Genre(); v != "" {
 		tags["genre"] = v
 	}
 	// Pictures: encode as data URI (base64) so frontend can preview if needed.
 	if pic := m.Picture(); pic != nil {
 		// safe encode image bytes as base64
 		var buf bytes.Buffer
 		if _, err := io.Copy(&buf, bytes.NewReader(pic.Data)); err == nil {
 			b64 := base64.StdEncoding.EncodeToString(buf.Bytes())
 			dataURI := "data:" + pic.MIMEType + ";base64," + b64
 			tags["picture"] = map[string]interface{}{
 				"mime": pic.MIMEType,
 				"data": dataURI,
 			}
 		}
 	}
 	// Keep raw metadata map if available (some formats expose additional fields)
 	// Also extract multi-valued tags like ARTISTS and ALBUMARTISTS
 	if raw := m.Raw(); raw != nil {
 		// First pass: collect multi-valued tags (ARTISTS, ALBUMARTISTS)
 		artists := extractMultiValuedTag(raw, "ARTISTS", "artists")
 		albumArtists := extractMultiValuedTag(raw, "ALBUMARTISTS", "albumartists")
 		// Store multi-valued tags as arrays if present
 		if len(artists) > 0 {
 			tags["artists"] = artists
 		}
 		if len(albumArtists) > 0 {
 			tags["albumartists"] = albumArtists
 		}
 		for k, v := range raw {
 			// Skip raw APIC entries (attached picture frame) to avoid
 			// exposing large binary blobs. We already expose a friendly
 			// `picture` key above when a picture exists.
 			if strings.EqualFold(k, "APIC") {
 				continue
 			}
 			// Skip multi-valued tags we already handled
 			kLower := strings.ToLower(k)
 			if kLower == "artists" || kLower == "albumartists" {
 				continue
 			}
 			// avoid overwriting already set common fields
 			if _, ok := tags[k]; !ok {
 				tags[k] = v
 			}
 		}
 	}
 	// For FLAC files, use metaflac to read multi-valued tags properly
 	// since dhowden/tag doesn't handle them correctly
 	if realPath := i.RealPath(); realPath != "" && strings.EqualFold(filepath.Ext(realPath), ".flac") {
 		if multiTags := readMultiValuedTagsWithMetaflac(realPath); multiTags != nil {
 			if artists, ok := multiTags["ARTISTS"]; ok && len(artists) > 0 {
 				tags["artists"] = artists
 			}
 			if albumArtists, ok := multiTags["ALBUMARTISTS"]; ok && len(albumArtists) > 0 {
 				tags["albumartists"] = albumArtists
 			}
 		}
 	}
 	// Attach tags map
 	if len(tags) > 0 {
 		i.Tags = tags
 	}
 	return nil
 }
 // extractMultiValuedTag extracts values for a multi-valued tag from raw metadata.
 // It handles both Vorbis-style (multiple entries with same key) and ID3-style
 // (single string that may need splitting) formats.
 func extractMultiValuedTag(raw map[string]interface{}, keys ...string) []string {
 	var result []string
 	seen := make(map[string]bool)
 	for _, key := range keys {
 		for rawKey, rawVal := range raw {
 			if !strings.EqualFold(rawKey, key) {
 				continue
 			}
 			// Handle different value types returned by the tag library
 			switch v := rawVal.(type) {
 			case string:
 				v = strings.TrimSpace(v)
 				if v != "" && !seen[v] {
 					result = append(result, v)
 					seen[v] = true
 				}
 			case []string:
 				for _, s := range v {
 					s = strings.TrimSpace(s)
 					if s != "" && !seen[s] {
 						result = append(result, s)
 						seen[s] = true
 					}
 				}
 			case []interface{}:
 				for _, item := range v {
 					if s, ok := item.(string); ok {
 						s = strings.TrimSpace(s)
 						if s != "" && !seen[s] {
 							result = append(result, s)
 							seen[s] = true
 						}
 					}
 				}
 			}
 		}
 	}
 	return result
 }
 // readMultiValuedTagsWithMetaflac uses metaflac to read Vorbis comments from FLAC files.
 // This properly handles multi-valued tags (multiple entries with same key).
 func readMultiValuedTagsWithMetaflac(filepath string) map[string][]string {
 	if _, err := exec.LookPath("metaflac"); err != nil {
 		return nil
 	}
 	// Use metaflac to export all tags
 	cmd := exec.Command("metaflac", "--export-tags-to=-", filepath)
 	out, err := cmd.Output()
 	if err != nil {
 		log.Printf("metaflac export failed for %s: %v", filepath, err)
 		return nil
 	}
 	// Parse output: each line is TAG=VALUE
 	result := make(map[string][]string)
 	for _, line := range strings.Split(string(out), "\n") {
 		line = strings.TrimSpace(line)
 		if line == "" {
 			continue
 		}
 		idx := strings.Index(line, "=")
 		if idx < 0 {
 			continue
 		}
 		key := strings.ToUpper(strings.TrimSpace(line[:idx]))
 		value := strings.TrimSpace(line[idx+1:])
 		if value == "" {
 			continue
 		}
 		// Collect multi-valued artist tags (ARTISTS, ARTIST, ALBUMARTISTS)
 		// Normalize key variations
 		if key == "ARTISTS" || key == "ARTIST" {
 			result["ARTISTS"] = append(result["ARTISTS"], value)
 		} else if key == "ALBUMARTISTS" || key == "ALBUMARTIST" || key == "ALBUM ARTIST" || key == "ALBUM_ARTIST" {
 			result["ALBUMARTISTS"] = append(result["ALBUMARTISTS"], value)
 		}
 	}
 	return result
 }
--- a/files/write_mp3.go
+++ b/files/write_mp3.go
@@ -0,0 +1,7 @@
 package files
 // This file is a placeholder to avoid accidental module resolution for
 // non-implemented MP3 metadata writers. The actual implementation is not
 // required at runtime, and we should not import external packages here.
 // Intentionally left blank.
--- a/fileutils/copy.go
+++ b/fileutils/copy.go
@@ -1,6 +1,7 @@
 package fileutils
 import (
 	"io/fs"
 	"os"
 	"path"
@@ -8,7 +9,7 @@ import (
 )
 // Copy copies a file or folder from one place to another.
-func Copy(fs afero.Fs, src, dst string) error {
+func Copy(afs afero.Fs, src, dst string, fileMode, dirMode fs.FileMode) error {
 	if src = path.Clean("/" + src); src == "" {
 		return os.ErrNotExist
 	}
@@ -26,14 +27,14 @@ func Copy(fs afero.Fs, src, dst string) error {
 		return os.ErrInvalid
 	}
-	info, err := fs.Stat(src)
+	info, err := afs.Stat(src)
 	if err != nil {
 		return err
 	}
 	if info.IsDir() {
-		return CopyDir(fs, src, dst)
+		return CopyDir(afs, src, dst, fileMode, dirMode)
 	}
-	return CopyFile(fs, src, dst)
+	return CopyFile(afs, src, dst, fileMode, dirMode)
 }
--- a/fileutils/dir.go
+++ b/fileutils/dir.go
@@ -2,6 +2,7 @@ package fileutils
 import (
 	"errors"
 	"io/fs"
 	"github.com/spf13/afero"
 )
@@ -9,20 +10,20 @@ import (
 // CopyDir copies a directory from source to dest and all
 // of its sub-directories. It doesn't stop if it finds an error
 // during the copy. Returns an error if any.
-func CopyDir(fs afero.Fs, source, dest string) error {
+func CopyDir(afs afero.Fs, source, dest string, fileMode, dirMode fs.FileMode) error {
 	// Get properties of source.
-	srcinfo, err := fs.Stat(source)
+	srcinfo, err := afs.Stat(source)
 	if err != nil {
 		return err
 	}
 	// Create the destination directory.
-	err = fs.MkdirAll(dest, srcinfo.Mode())
+	err = afs.MkdirAll(dest, srcinfo.Mode())
 	if err != nil {
 		return err
 	}
-	dir, _ := fs.Open(source)
+	dir, _ := afs.Open(source)
 	obs, err := dir.Readdir(-1)
 	if err != nil {
 		return err
@@ -36,13 +37,13 @@ func CopyDir(fs afero.Fs, source, dest string) error {
 		if obj.IsDir() {
 			// Create sub-directories, recursively.
-			err = CopyDir(fs, fsource, fdest)
+			err = CopyDir(afs, fsource, fdest, fileMode, dirMode)
 			if err != nil {
 				errs = append(errs, err)
 			}
 		} else {
 			// Perform the file copy.
-			err = CopyFile(fs, fsource, fdest)
+			err = CopyFile(afs, fsource, fdest, fileMode, dirMode)
 			if err != nil {
 				errs = append(errs, err)
 			}
--- a/fileutils/file.go
+++ b/fileutils/file.go
@@ -2,6 +2,7 @@ package fileutils
 import (
 	"io"
 	"io/fs"
 	"os"
 	"path"
 	"path/filepath"
@@ -12,17 +13,17 @@ import (
 // MoveFile moves file from src to dst.
 // By default the rename filesystem system call is used. If src and dst point to different volumes
 // the file copy is used as a fallback
-func MoveFile(fs afero.Fs, src, dst string) error {
+func MoveFile(afs afero.Fs, src, dst string, fileMode, dirMode fs.FileMode) error {
-	if fs.Rename(src, dst) == nil {
+	if afs.Rename(src, dst) == nil {
 		return nil
 	}
 	// fallback
-	err := Copy(fs, src, dst)
+	err := Copy(afs, src, dst, fileMode, dirMode)
 	if err != nil {
-		_ = fs.Remove(dst)
+		_ = afs.Remove(dst)
 		return err
 	}
-	if err := fs.RemoveAll(src); err != nil {
+	if err := afs.RemoveAll(src); err != nil {
 		return err
 	}
 	return nil
@@ -30,9 +31,9 @@ func MoveFile(fs afero.Fs, src, dst string) error {
 // CopyFile copies a file from source to dest and returns
 // an error if any.
-func CopyFile(fs afero.Fs, source, dest string) error {
+func CopyFile(afs afero.Fs, source, dest string, fileMode, dirMode fs.FileMode) error {
 	// Open the source file.
-	src, err := fs.Open(source)
+	src, err := afs.Open(source)
 	if err != nil {
 		return err
 	}
@@ -40,13 +41,13 @@ func CopyFile(fs afero.Fs, source, dest string) error {
 	// Makes the directory needed to create the dst
 	// file.
-	err = fs.MkdirAll(filepath.Dir(dest), 0666) //nolint:gomnd
+	err = afs.MkdirAll(filepath.Dir(dest), dirMode)
 	if err != nil {
 		return err
 	}
 	// Create the destination file.
-	dst, err := fs.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0775) //nolint:gomnd
+	dst, err := afs.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_TRUNC, fileMode)
 	if err != nil {
 		return err
 	}
@@ -59,11 +60,11 @@ func CopyFile(fs afero.Fs, source, dest string) error {
 	}
 	// Copy the mode
-	info, err := fs.Stat(source)
+	info, err := afs.Stat(source)
 	if err != nil {
 		return err
 	}
-	err = fs.Chmod(dest, info.Mode())
+	err = afs.Chmod(dest, info.Mode())
 	if err != nil {
 		return err
 	}
@@ -96,7 +97,7 @@ func CommonPrefix(sep byte, paths ...string) string {
 	// (e.g. /home/user1, /home/user1/foo, /home/user1/bar).
 	// path.Clean will have cleaned off trailing / separators with
 	// the exception of the root directory, "/" (in which case we
-	// make it "//", but this will get fixed up to "/" bellow).
+	// make it "//", but this will get fixed up to "/" below).
 	c = append(c, sep)
 	// Ignore the first path since it's already in c
--- a/frontend/.prettierignore
+++ b/frontend/.prettierignore
@@ -0,0 +1,3 @@
 # Ignore artifacts:
 dist
 pnpm-lock.yaml
--- a/frontend/.prettierrc.json
+++ b/frontend/.prettierrc.json
@@ -0,0 +1,3 @@
 {
  "trailingComma": "es5"
 }
--- a/frontend/assets.go
+++ b/frontend/assets.go
@@ -1,5 +1,4 @@
 //go:build !dev
 // +build !dev
 package frontend
--- a/frontend/assets_dev.go
+++ b/frontend/assets_dev.go
@@ -1,15 +0,0 @@
 //go:build dev
 // +build dev
 package frontend
 import (
 	"io/fs"
 	"os"
 )
 var assets fs.FS = os.DirFS("frontend")
 func Assets() fs.FS {
 	return assets
 }
--- a/frontend/babel.config.js
+++ b/frontend/babel.config.js
@@ -1,3 +0,0 @@
 module.exports = {
  presets: ["@vue/app"],
 };
--- a/frontend/dist/.gitignore
+++ b/frontend/dist/.gitignore
@@ -1,4 +0,0 @@
 # Ignore everything in this directory
 *
 # Except this file
 !.gitignore
--- a/frontend/dist/.gitkeep
+++ b/frontend/dist/.gitkeep
--- a/frontend/env.d.ts
+++ b/frontend/env.d.ts
@@ -0,0 +1 @@
 /// <reference types="vite/client" />
--- a/frontend/eslint.config.js
+++ b/frontend/eslint.config.js
@@ -0,0 +1,37 @@
 import pluginVue from "eslint-plugin-vue";
 import {
  defineConfigWithVueTs,
  vueTsConfigs,
 } from "@vue/eslint-config-typescript";
 import prettierConfig from "@vue/eslint-config-prettier";
 export default defineConfigWithVueTs(
  {
    name: "app/files-to-lint",
    files: ["**/*.{ts,mts,tsx,vue}"],
  },
  {
    name: "app/files-to-ignore",
    ignores: ["**/dist/**", "**/dist-ssr/**", "**/coverage/**"],
  },
  pluginVue.configs["flat/essential"],
  vueTsConfigs.recommended,
  prettierConfig,
  {
    rules: {
      // Note: you must disable the base rule as it can report incorrect errors
      "@typescript-eslint/no-unused-expressions": "off",
      // TODO: theres too many of these from before ts
      "@typescript-eslint/no-explicit-any": "off",
      // TODO: finish the ts conversion
      "vue/block-lang": "off",
      "vue/multi-word-component-names": "off",
      "vue/no-mutating-props": [
        "error",
        {
          shallowOnly: true,
        },
      ],
    },
  }
 );
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -0,0 +1,176 @@
 <!doctype html>
 <html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta
      name="viewport"
      content="width=device-width, initial-scale=1, user-scalable=no"
    />
    <title>File Browser</title>
    <link rel="icon" type="image/svg+xml" href="/img/icons/favicon.svg" />
    <link rel="shortcut icon" href="/img/icons/favicon.ico" />
    <link
      rel="apple-touch-icon"
      sizes="180x180"
      href="/img/icons/apple-touch-icon.png"
    />
    <meta name="apple-mobile-web-app-title" content="File Browser" />
    <!-- Add to home screen for Android and modern mobile browsers -->
    <link
      rel="manifest"
      id="manifestPlaceholder"
      crossorigin="use-credentials"
    />
    <meta name="theme-color" content="#2979ff" />
    <!-- Inject Some Variables and generate the manifest json -->
    <script>
      // We can assign JSON directly
      window.FileBrowser = {
        AuthMethod: "json",
        BaseURL: "",
        CSS: false,
        Color: "",
        DisableExternal: false,
        DisableUsedPercentage: false,
        EnableExec: true,
        EnableThumbs: true,
        LogoutPage: "",
        LoginPage: true,
        Name: "",
        NoAuth: false,
        ReCaptcha: false,
        ResizePreview: true,
        Signup: false,
        StaticURL: "",
        Theme: "",
        TusSettings: { chunkSize: 10485760, retryCount: 5 },
        Version: "(untracked)",
      };
      // Global function to prepend static url
      window.__prependStaticUrl = (url) => {
        return `${window.FileBrowser.StaticURL}/${url.replace(/^\/+/, "")}`;
      };
      var dynamicManifest = {
        name: window.FileBrowser.Name || "File Browser",
        short_name: window.FileBrowser.Name || "File Browser",
        icons: [
          {
            src: window.__prependStaticUrl(
              "/img/icons/android-chrome-192x192.png"
            ),
            sizes: "192x192",
            type: "image/png",
          },
          {
            src: window.__prependStaticUrl(
              "/img/icons/android-chrome-512x512.png"
            ),
            sizes: "512x512",
            type: "image/png",
          },
        ],
        start_url: window.location.origin + window.FileBrowser.BaseURL,
        display: "standalone",
        background_color: "#ffffff",
        theme_color: window.FileBrowser.Color || "#455a64",
      };
      const stringManifest = JSON.stringify(dynamicManifest);
      const blob = new Blob([stringManifest], { type: "application/json" });
      const manifestURL = URL.createObjectURL(blob);
      document
        .querySelector("#manifestPlaceholder")
        .setAttribute("href", manifestURL);
    </script>
    <style>
      #loading {
        position: fixed;
        top: 0;
        left: 0;
        width: 100%;
        height: 100%;
        background: #fff;
        z-index: 9999;
        transition: 0.1s ease opacity;
        -webkit-transition: 0.1s ease opacity;
      }
      #loading.done {
        opacity: 0;
      }
      #loading .spinner {
        width: 70px;
        text-align: center;
        position: fixed;
        top: 50%;
        left: 50%;
        -webkit-transform: translate(-50%, -50%);
        transform: translate(-50%, -50%);
      }
      #loading .spinner > div {
        width: 18px;
        height: 18px;
        background-color: #333;
        border-radius: 100%;
        display: inline-block;
        -webkit-animation: sk-bouncedelay 1.4s infinite ease-in-out both;
        animation: sk-bouncedelay 1.4s infinite ease-in-out both;
      }
      #loading .spinner .bounce1 {
        -webkit-animation-delay: -0.32s;
        animation-delay: -0.32s;
      }
      #loading .spinner .bounce2 {
        -webkit-animation-delay: -0.16s;
        animation-delay: -0.16s;
      }
      @-webkit-keyframes sk-bouncedelay {
        0%,
        80%,
        100% {
          -webkit-transform: scale(0);
        }
        40% {
          -webkit-transform: scale(1);
        }
      }
      @keyframes sk-bouncedelay {
        0%,
        80%,
        100% {
          -webkit-transform: scale(0);
          transform: scale(0);
        }
        40% {
          -webkit-transform: scale(1);
          transform: scale(1);
        }
      }
    </style>
  </head>
  <body>
    <div id="app"></div>
    <div id="loading">
      <div class="spinner">
        <div class="bounce1"></div>
        <div class="bounce2"></div>
        <div class="bounce3"></div>
      </div>
    </div>
    <script type="module" src="/src/main.ts"></script>
  </body>
 </html>
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							<svg xmlns="http://www.w3.org/2000/svg" width="700" height="700" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" image-rendering="optimizeQuality" fill-rule="evenodd" clip-rule="evenodd"><defs><style>.prefix__fil1{fill:#fefefe}.prefix__fil6{fill:#006498}.prefix__fil5{fill:#bdeaff}</style></defs><g id="prefix__Layer_x0020_1"><path d="M80 0h540c44 0 80 36 80 80v540c0 44-36 80-80 80H80c-44 0-80-36-80-80V80C0 36 36 0 80 0z" fill="#455a64"/><path class="prefix__fil1" d="M350 71c154 0 279 125 279 279S504 629 350 629 71 504 71 350 196 71 350 71z"/><path d="M475 236l118 151c3 116-149 252-292 198l-76-99 114-156s138-95 136-94z" fill="#332c2b" fill-opacity=".149"/><path d="M231 211h208l38 24v246c0 5-3 8-8 8H231c-5 0-8-3-8-8V219c0-5 3-8 8-8z" fill="#2bbcff"/><path d="M231 211h208l38 24v2l-37-23H231c-4 0-7 3-7 7v263c-1-1-1-2-1-3V219c0-5 3-8 8-8z" fill="#53c6fc"/><path class="prefix__fil5" d="M305 212h113v98H305zM255 363h189c3 0 5 2 5 4v116H250V367c0-2 2-4 5-4z"/><path class="prefix__fil6" d="M250 470h199v13H250zM380 226h10c3 0 6 2 6 5v40c0 3-3 6-6 6h-10c-3 0-6-3-6-6v-40c0-3 3-5 6-5z"/><path class="prefix__fil1" d="M254 226c10 0 17 7 17 17 0 9-7 16-17 16-9 0-17-7-17-16 0-10 8-17 17-17z"/><path class="prefix__fil6" d="M267 448h165c2 0 3 1 3 3 0 1-1 3-3 3H267c-2 0-3-2-3-3 0-2 1-3 3-3zM267 415h165c2 0 3 1 3 3 0 1-1 2-3 2H267c-2 0-3-1-3-2 0-2 1-3 3-3zM267 381h165c2 0 3 2 3 3 0 2-1 3-3 3H267c-2 0-3-1-3-3 0-1 1-3 3-3z"/><path class="prefix__fil1" d="M236 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5zM463 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5z"/><path class="prefix__fil6" d="M305 212h-21v98h21z"/><path d="M477 479v2c0 5-3 8-8 8H231c-5 0-8-3-8-8v-2c0 4 3 8 8 8h238c5 0 8-4 8-8z" fill="#0ea5eb"/><path d="M350 70c155 0 280 125 280 280S505 630 350 630 70 505 70 350 195 70 350 70zm0 46c129 0 234 105 234 234S479 584 350 584 116 479 116 350s105-234 234-234z" fill="#2979ff"/></g></svg>
		`@@ -1,3 +0,0 @@`
			`#!/usr/bin/with-contenv bash`

			`exec s6-setuidgid abc filebrowser -c /config/settings.json -d /database/filebrowser.db;`
		`@@ -0,0 +1,3 @@`
							`#!/usr/bin/with-contenv bash`

							`exec s6-setuidgid abc filebrowser -c /config/settings.json;`