chore(release): update versions (#518 )

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
fix(file-upload): set default parameter charset to utf8 (#521 )
2025-12-17 12:15:22 -06:00 · 2025-09-30 11:51:10 +02:00 · 2025-09-29 21:20:43 +02:00 · 2025-09-26 01:49:59 +02:00 · 2025-09-24 17:00:01 +02:00 · 2025-09-24 16:49:11 +02:00
128 changed files with 1611 additions and 307 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -35,6 +35,8 @@ cache
 *.db-shm
 *.db-wal
 *.sqlite
+*.sqlite-shm
+*.sqlite-wal

 local-documents
 ingestion
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -105,6 +105,73 @@ We recommend running the app locally for development. Follow these steps:

 6. Open your browser and navigate to `http://localhost:3000`.

+### IDE Setup
+
+#### ESLint Extension
+
+We recommend installing the [ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) for VS Code to get real-time linting feedback and automatic code fixing.
+The linting configuration is based on [@antfu/eslint-config](https://github.com/antfu/eslint-config), you can find specific IDE configurations in their repository.
+
+<details>
+<summary>Recommended VS Code Settings</summary>
+
+Create or update your `.vscode/settings.json` file with the following configuration:
+
+```json
+{
+  // Disable the default formatter, use eslint instead
+  "prettier.enable": false,
+  "editor.formatOnSave": false,
+
+  // Auto fix
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit",
+    "source.organizeImports": "never"
+  },
+
+  // Silent the stylistic rules in your IDE, but still auto fix them
+  "eslint.rules.customizations": [
+    { "rule": "style/*", "severity": "off", "fixable": true },
+    { "rule": "format/*", "severity": "off", "fixable": true },
+    { "rule": "*-indent", "severity": "off", "fixable": true },
+    { "rule": "*-spacing", "severity": "off", "fixable": true },
+    { "rule": "*-spaces", "severity": "off", "fixable": true },
+    { "rule": "*-order", "severity": "off", "fixable": true },
+    { "rule": "*-dangle", "severity": "off", "fixable": true },
+    { "rule": "*-newline", "severity": "off", "fixable": true },
+    { "rule": "*quotes", "severity": "off", "fixable": true },
+    { "rule": "*semi", "severity": "off", "fixable": true }
+  ],
+
+  // Enable eslint for all supported languages
+  "eslint.validate": [
+    "javascript",
+    "javascriptreact",
+    "typescript",
+    "typescriptreact",
+    "vue",
+    "html",
+    "markdown",
+    "json",
+    "jsonc",
+    "yaml",
+    "toml",
+    "xml",
+    "gql",
+    "graphql",
+    "astro",
+    "svelte",
+    "css",
+    "less",
+    "scss",
+    "pcss",
+    "postcss"
+  ]
+}
+```
+
+</details>
+
 ### Testing

 We use **Vitest** for testing. Each package comes with its own testing commands.
--- a/apps/docs/CHANGELOG.md
+++ b/apps/docs/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @papra/docs

+## 0.6.1
+
+### Patch Changes
+
+- [#512](https://github.com/papra-hq/papra/pull/512) [`cb3ce6b`](https://github.com/papra-hq/papra/commit/cb3ce6b1d8d5dba09cbf0d2964f14b1c93220571) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added organizations permissions for api keys
+
 ## 0.6.0

 ### Minor Changes
--- a/apps/docs/package.json
+++ b/apps/docs/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@papra/docs",
  "type": "module",
-  "version": "0.6.0",
+  "version": "0.6.1",
  "private": true,
  "packageManager": "pnpm@10.12.3",
  "description": "Papra documentation website",
@@ -37,7 +37,7 @@
    "@unocss/reset": "^0.64.0",
    "eslint": "^9.17.0",
    "eslint-plugin-astro": "^1.3.1",
-    "figue": "^2.2.2",
+    "figue": "^3.1.1",
    "lodash-es": "^4.17.21",
    "marked": "^15.0.6",
    "typescript": "^5.7.3",
--- a/apps/docs/src/config.data.ts
+++ b/apps/docs/src/config.data.ts
@@ -1,5 +1,5 @@
 import type { ConfigDefinition, ConfigDefinitionElement } from 'figue';
-import { isArray, isEmpty, isNil } from 'lodash-es';
+import { castArray, isArray, isEmpty, isNil } from 'lodash-es';
 import { marked } from 'marked';

 import { configDefinition } from '../../papra-server/src/modules/config/config';
@@ -46,16 +46,21 @@ const rows = configDetails
    };
  });

-const mdSections = rows.map(({ documentation, env, path, defaultValue }) => `
-### ${env}
+const mdSections = rows.map(({ documentation, env, path, defaultValue }) => {
+  const envs = castArray(env);
+  const [firstEnv, ...restEnvs] = envs;
+
+  return `
+### ${firstEnv}
 ${documentation}

 - Path: \`${path.join('.')}\`
- Environment variable: \`${env}\`
+- Environment variable: \`${firstEnv}\` ${restEnvs.length ? `, with fallback to: ${restEnvs.map(e => `\`${e}\``).join(', ')}` : ''}
 - Default value: \`${defaultValue}\`


-`.trim()).join('\n\n---\n\n');
+`.trim();
+}).join('\n\n---\n\n');

 function wrapText(text: string, maxLength = 75) {
  const words = text.split(' ');
@@ -80,10 +85,12 @@ function wrapText(text: string, maxLength = 75) {

 const fullDotEnv = rows.map(({ env, defaultValue, documentation }) => {
  const isEmptyDefaultValue = isNil(defaultValue) || (isArray(defaultValue) && isEmpty(defaultValue)) || defaultValue === '';
+  const envs = castArray(env);
+  const [firstEnv] = envs;

  return [
    ...wrapText(documentation),
-    `# ${env}=${isEmptyDefaultValue ? '' : defaultValue}`,
+    `# ${firstEnv}=${isEmptyDefaultValue ? '' : defaultValue}`,
  ].join('\n');
 }).join('\n\n');

--- a/apps/docs/src/content/docs/04-resources/03-api-endpoints.mdx
+++ b/apps/docs/src/content/docs/04-resources/03-api-endpoints.mdx
@@ -18,8 +18,107 @@ The public API uses a bearer token for authentication. You can get a token by lo
 </details>


+To authenticate your requests, include the token in the `Authorization` header with the `Bearer` prefix:
+
+```
+Authorization: Bearer YOUR_API_TOKEN
+```
+
+### Examples
+
+**Using cURL:**
+```bash
+curl -H "Authorization: Bearer YOUR_API_TOKEN" \
+  https://api.papra.app/api/organizations
+```
+
+**Using JavaScript (fetch):**
+```javascript
+const response = await fetch('https://api.papra.app/api/organizations', {
+  headers: {
+    'Authorization': 'Bearer YOUR_API_TOKEN',
+    'Content-Type': 'application/json'
+  }
+})
+```
+
+### API Key Permissions
+
+When creating an API key, you can select from the following permissions:
+
+**Organizations:**
+- `organizations:create` - Create new organizations
+- `organizations:read` - Read organization information and list organizations of the user
+- `organizations:update` - Update organization details
+- `organizations:delete` - Delete organizations
+
+**Documents:**
+- `documents:create` - Upload and create new documents
+- `documents:read` - Read and download documents
+- `documents:update` - Update document metadata and content
+- `documents:delete` - Delete documents
+
+**Tags:**
+- `tags:create` - Create new tags
+- `tags:read` - Read tag information and list tags
+- `tags:update` - Update tag details
+- `tags:delete` - Delete tags
+
 ## Endpoints

+### List organizations
+
+**GET** `/api/organizations`
+
+List all organizations accessible to the authenticated user.
+
+- Required API key permissions: `organizations:read`
+- Response (JSON)
+  - `organizations`: The list of organizations.
+
+### Create an organization
+
+**POST** `/api/organizations`
+
+Create a new organization.
+
+- Required API key permissions: `organizations:create`
+- Body (JSON)
+  - `name`: The organization name (3-50 characters).
+- Response (JSON)
+  - `organization`: The created organization.
+
+### Get an organization
+
+**GET** `/api/organizations/:organizationId`
+
+Get an organization by its ID.
+
+- Required API key permissions: `organizations:read`
+- Response (JSON)
+  - `organization`: The organization.
+
+### Update an organization
+
+**PUT** `/api/organizations/:organizationId`
+
+Update an organization's name.
+
+- Required API key permissions: `organizations:update`
+- Body (JSON)
+  - `name`: The new organization name (3-50 characters).
+- Response (JSON)
+  - `organization`: The updated organization.
+
+### Delete an organization
+
+**DELETE** `/api/organizations/:organizationId`
+
+Delete an organization by its ID.
+
+- Required API key permissions: `organizations:delete`
+- Response: empty (204 status code)
+
 ### Create a document

 **POST** `/api/organizations/:organizationId/documents`
--- a/apps/papra-client/CHANGELOG.md
+++ b/apps/papra-client/CHANGELOG.md
@@ -1,5 +1,43 @@
 # @papra/app-client

+## 0.9.5
+
+### Patch Changes
+
+- [#517](https://github.com/papra-hq/papra/pull/517) [`a3f9f05`](https://github.com/papra-hq/papra/commit/a3f9f05c664b4995b62db59f2e9eda8a3bfef0de) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Prevented organization deletion by non-organization owner
+
+## 0.9.4
+
+### Patch Changes
+
+- [#512](https://github.com/papra-hq/papra/pull/512) [`cb3ce6b`](https://github.com/papra-hq/papra/commit/cb3ce6b1d8d5dba09cbf0d2964f14b1c93220571) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added organizations permissions for api keys
+
+## 0.9.3
+
+### Patch Changes
+
+- [#506](https://github.com/papra-hq/papra/pull/506) [`6bcb2a7`](https://github.com/papra-hq/papra/commit/6bcb2a71e990d534dd12d84e64a38f2b2baea25a) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added the possibility to define patterns for email intake username generation
+
+## 0.9.2
+
+### Patch Changes
+
+- [#501](https://github.com/papra-hq/papra/pull/501) [`b5bf0cc`](https://github.com/papra-hq/papra/commit/b5bf0cca4b571495329cb553da06e0d334ee8968) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Fix an issue preventing to disable the max upload size
+
+- [#498](https://github.com/papra-hq/papra/pull/498) [`3da13f7`](https://github.com/papra-hq/papra/commit/3da13f759155df5d7c532160a7ea582385db63b6) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Removed the "open in new tab" button for security improvement (xss prevention)
+
+## 0.9.1
+
+### Patch Changes
+
+- [#492](https://github.com/papra-hq/papra/pull/492) [`54514e1`](https://github.com/papra-hq/papra/commit/54514e15db5deaffc59dcba34929b5e2e74282e1) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added a client side guard for rejecting too-big files
+
+- [#488](https://github.com/papra-hq/papra/pull/488) [`83e943c`](https://github.com/papra-hq/papra/commit/83e943c5b46432e55b6dfbaa587019a95ffab466) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Fix favicons display issues on firefox
+
+- [#492](https://github.com/papra-hq/papra/pull/492) [`54514e1`](https://github.com/papra-hq/papra/commit/54514e15db5deaffc59dcba34929b5e2e74282e1) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Fix i18n messages when a file-too-big error happens
+
+- [#492](https://github.com/papra-hq/papra/pull/492) [`54514e1`](https://github.com/papra-hq/papra/commit/54514e15db5deaffc59dcba34929b5e2e74282e1) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Clean all upload method to happen through the import status modal
+
 ## 0.9.0

 ### Patch Changes
--- a/apps/papra-client/eslint.config.js
+++ b/apps/papra-client/eslint.config.js
@@ -6,8 +6,7 @@ export default antfu({
  },

  ignores: [
-    // Generated file
-    'src/modules/i18n/locales.types.ts',
+    'public/manifest.json',
  ],

  rules: {
--- a/apps/papra-client/index.html
+++ b/apps/papra-client/index.html
@@ -27,10 +27,23 @@
    <meta property="twitter:image" content="https://papra.app/og-image.png">

    <!-- Favicon and Icons -->
-    <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96" />
-    <link rel="shortcut icon" href="/favicon.ico" />
-    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
-    <link rel="manifest" href="/site.webmanifest" />
+    <link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png">
+    <link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png">
+    <link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png">
+    <link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png">
+    <link rel="apple-touch-icon" sizes="114x114" href="/apple-icon-114x114.png">
+    <link rel="apple-touch-icon" sizes="120x120" href="/apple-icon-120x120.png">
+    <link rel="apple-touch-icon" sizes="144x144" href="/apple-icon-144x144.png">
+    <link rel="apple-touch-icon" sizes="152x152" href="/apple-icon-152x152.png">
+    <link rel="apple-touch-icon" sizes="180x180" href="/apple-icon-180x180.png">
+    <link rel="icon" type="image/png" sizes="192x192"  href="/android-icon-192x192.png">
+    <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
+    <link rel="icon" type="image/png" sizes="96x96" href="/favicon-96x96.png">
+    <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
+    <link rel="manifest" href="/manifest.json">
+    <meta name="msapplication-TileColor" content="#ffffff">
+    <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
+    <meta name="theme-color" content="#ffffff">

    <!-- Structured Data (JSON-LD for rich snippets) -->
    <script type="application/ld+json">
--- a/apps/papra-client/package.json
+++ b/apps/papra-client/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@papra/app-client",
  "type": "module",
-  "version": "0.9.0",
+  "version": "0.9.5",
  "private": true,
  "packageManager": "pnpm@10.12.3",
  "description": "Papra frontend client",
@@ -21,12 +21,10 @@
    "serve": "vite preview",
    "lint": "eslint .",
    "lint:fix": "eslint --fix .",
-    "test": "pnpm check-i18n-types-outdated && vitest run",
+    "test": "vitest run",
    "test:watch": "vitest watch",
    "test:e2e": "playwright test",
    "typecheck": "tsc --noEmit",
-    "check-i18n-types-outdated": "pnpm script:generate-i18n-types && git diff --exit-code -- src/modules/i18n/locales.types.ts > /dev/null || (echo \"Locales types are outdated, please run 'pnpm script:generate-i18n-types' and commit the changes.\" && exit 1)",
-    "script:get-missing-i18n-keys": "tsx src/scripts/get-missing-i18n-keys.script.ts",
    "script:sync-i18n-key-order": "tsx src/scripts/sync-i18n-key-order.script.ts"
  },
  "dependencies": {
--- a/apps/papra-client/public/android-icon-144x144.png
+++ b/apps/papra-client/public/android-icon-144x144.png
--- a/apps/papra-client/public/android-icon-192x192.png
+++ b/apps/papra-client/public/android-icon-192x192.png
--- a/apps/papra-client/public/android-icon-36x36.png
+++ b/apps/papra-client/public/android-icon-36x36.png
--- a/apps/papra-client/public/android-icon-48x48.png
+++ b/apps/papra-client/public/android-icon-48x48.png
--- a/apps/papra-client/public/android-icon-72x72.png
+++ b/apps/papra-client/public/android-icon-72x72.png
--- a/apps/papra-client/public/android-icon-96x96.png
+++ b/apps/papra-client/public/android-icon-96x96.png
--- a/apps/papra-client/public/apple-icon-114x114.png
+++ b/apps/papra-client/public/apple-icon-114x114.png
--- a/apps/papra-client/public/apple-icon-120x120.png
+++ b/apps/papra-client/public/apple-icon-120x120.png
--- a/apps/papra-client/public/apple-icon-144x144.png
+++ b/apps/papra-client/public/apple-icon-144x144.png
--- a/apps/papra-client/public/apple-icon-152x152.png
+++ b/apps/papra-client/public/apple-icon-152x152.png
--- a/apps/papra-client/public/apple-icon-180x180.png
+++ b/apps/papra-client/public/apple-icon-180x180.png
--- a/apps/papra-client/public/apple-icon-57x57.png
+++ b/apps/papra-client/public/apple-icon-57x57.png
--- a/apps/papra-client/public/apple-icon-60x60.png
+++ b/apps/papra-client/public/apple-icon-60x60.png
--- a/apps/papra-client/public/apple-icon-72x72.png
+++ b/apps/papra-client/public/apple-icon-72x72.png
--- a/apps/papra-client/public/apple-icon-76x76.png
+++ b/apps/papra-client/public/apple-icon-76x76.png
--- a/apps/papra-client/public/apple-icon-precomposed.png
+++ b/apps/papra-client/public/apple-icon-precomposed.png
--- a/apps/papra-client/public/apple-icon.png
+++ b/apps/papra-client/public/apple-icon.png
--- a/apps/papra-client/public/browserconfig.xml
+++ b/apps/papra-client/public/browserconfig.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="utf-8"?>
+<browserconfig><msapplication><tile><square70x70logo src="/ms-icon-70x70.png"/><square150x150logo src="/ms-icon-150x150.png"/><square310x310logo src="/ms-icon-310x310.png"/><TileColor>#ffffff</TileColor></tile></msapplication></browserconfig>
--- a/apps/papra-client/public/favicon-16x16.png
+++ b/apps/papra-client/public/favicon-16x16.png
--- a/apps/papra-client/public/favicon-32x32.png
+++ b/apps/papra-client/public/favicon-32x32.png
--- a/apps/papra-client/public/favicon-96x96.png
+++ b/apps/papra-client/public/favicon-96x96.png
--- a/apps/papra-client/public/favicon.ico
+++ b/apps/papra-client/public/favicon.ico
--- a/apps/papra-client/public/manifest.json
+++ b/apps/papra-client/public/manifest.json
@@ -0,0 +1,41 @@
+{
+  "name": "Papra",
+  "icons": [
+    {
+      "src": "\/android-icon-36x36.png",
+      "sizes": "36x36",
+      "type": "image\/png",
+      "density": "0.75"
+    },
+    {
+      "src": "\/android-icon-48x48.png",
+      "sizes": "48x48",
+      "type": "image\/png",
+      "density": "1.0"
+    },
+    {
+      "src": "\/android-icon-72x72.png",
+      "sizes": "72x72",
+      "type": "image\/png",
+      "density": "1.5"
+    },
+    {
+      "src": "\/android-icon-96x96.png",
+      "sizes": "96x96",
+      "type": "image\/png",
+      "density": "2.0"
+    },
+    {
+      "src": "\/android-icon-144x144.png",
+      "sizes": "144x144",
+      "type": "image\/png",
+      "density": "3.0"
+    },
+    {
+      "src": "\/android-icon-192x192.png",
+      "sizes": "192x192",
+      "type": "image\/png",
+      "density": "4.0"
+    }
+  ]
+}
--- a/apps/papra-client/public/ms-icon-144x144.png
+++ b/apps/papra-client/public/ms-icon-144x144.png
--- a/apps/papra-client/public/ms-icon-150x150.png
+++ b/apps/papra-client/public/ms-icon-150x150.png
--- a/apps/papra-client/public/ms-icon-310x310.png
+++ b/apps/papra-client/public/ms-icon-310x310.png
--- a/apps/papra-client/public/ms-icon-70x70.png
+++ b/apps/papra-client/public/ms-icon-70x70.png
--- a/apps/papra-client/src/locales/de.dictionary.ts
+++ b/apps/papra-client/src/locales/de.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Organisation löschen',
  'organization.settings.delete.confirm.cancel-button': 'Abbrechen',
  'organization.settings.delete.success': 'Organisation gelöscht',
+  'organization.settings.delete.only-owner': 'Nur der Organisationsinhaber kann diese Organisation löschen.',

  'organizations.members.title': 'Mitglieder',
  'organizations.members.description': 'Verwalten Sie Ihre Organisationsmitglieder',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Alle auswählen',
+  'api-keys.permissions.deselect-all': 'Alle abwählen',
+  'api-keys.permissions.organizations.title': 'Organisationen',
+  'api-keys.permissions.organizations.organizations:create': 'Organisationen erstellen',
+  'api-keys.permissions.organizations.organizations:read': 'Organisationen lesen',
+  'api-keys.permissions.organizations.organizations:update': 'Organisationen aktualisieren',
+  'api-keys.permissions.organizations.organizations:delete': 'Organisationen löschen',
  'api-keys.permissions.documents.title': 'Dokumente',
  'api-keys.permissions.documents.documents:create': 'Dokumente erstellen',
  'api-keys.permissions.documents.documents:read': 'Dokumente lesen',
@@ -540,8 +548,9 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'Das Dokument existiert bereits',
-  'api-errors.document.file_too_big': 'Die Dokumentdatei ist zu groß',
-  'api-errors.intake_email.limit_reached': 'Die maximale Anzahl an Eingangse-Mails für diese Organisation wurde erreicht. Bitte aktualisieren Sie Ihren Plan, um weitere Eingangse-Mails zu erstellen.',
+  'api-errors.document.size_too_large': 'Die Datei ist zu groß',
+  'api-errors.intake-emails.already_exists': 'Eine Eingang-Email mit dieser Adresse existiert bereits.',
+  'api-errors.intake_email.limit_reached': 'Die maximale Anzahl an Eingang-EMails für diese Organisation wurde erreicht. Bitte aktualisieren Sie Ihren Plan, um weitere Eingangse-Mails zu erstellen.',
  'api-errors.user.max_organization_count_reached': 'Sie haben die maximale Anzahl an Organisationen erreicht, die Sie erstellen können. Wenn Sie weitere erstellen möchten, kontaktieren Sie bitte den Support.',
  'api-errors.default': 'Beim Verarbeiten Ihrer Anfrage ist ein Fehler aufgetreten.',
  'api-errors.organization.invitation_already_exists': 'Eine Einladung für diese E-Mail existiert bereits in dieser Organisation.',
--- a/apps/papra-client/src/locales/en.dictionary.ts
+++ b/apps/papra-client/src/locales/en.dictionary.ts
@@ -141,6 +141,7 @@ export const translations = {
  'organization.settings.delete.confirm.confirm-button': 'Delete organization',
  'organization.settings.delete.confirm.cancel-button': 'Cancel',
  'organization.settings.delete.success': 'Organization deleted',
+  'organization.settings.delete.only-owner': 'Only the organization owner can delete this organization.',

  'organizations.members.title': 'Members',
  'organizations.members.description': 'Manage your organization members',
@@ -415,6 +416,13 @@ export const translations = {

  // API keys

+  'api-keys.permissions.select-all': 'Select all',
+  'api-keys.permissions.deselect-all': 'Deselect all',
+  'api-keys.permissions.organizations.title': 'Organizations',
+  'api-keys.permissions.organizations.organizations:create': 'Create organizations',
+  'api-keys.permissions.organizations.organizations:read': 'Read organizations',
+  'api-keys.permissions.organizations.organizations:update': 'Update organizations',
+  'api-keys.permissions.organizations.organizations:delete': 'Delete organizations',
  'api-keys.permissions.documents.title': 'Documents',
  'api-keys.permissions.documents.documents:create': 'Create documents',
  'api-keys.permissions.documents.documents:read': 'Read documents',
@@ -538,7 +546,8 @@ export const translations = {
  // API errors

  'api-errors.document.already_exists': 'The document already exists',
-  'api-errors.document.file_too_big': 'The document file is too big',
+  'api-errors.document.size_too_large': 'The file size is too large',
+  'api-errors.intake-emails.already_exists': 'An intake email with this address already exists.',
  'api-errors.intake_email.limit_reached': 'The maximum number of intake emails for this organization has been reached. Please upgrade your plan to create more intake emails.',
  'api-errors.user.max_organization_count_reached': 'You have reached the maximum number of organizations you can create, if you need to create more, please contact support.',
  'api-errors.default': 'An error occurred while processing your request.',
--- a/apps/papra-client/src/locales/es.dictionary.ts
+++ b/apps/papra-client/src/locales/es.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Eliminar organización',
  'organization.settings.delete.confirm.cancel-button': 'Cancelar',
  'organization.settings.delete.success': 'Organización eliminada',
+  'organization.settings.delete.only-owner': 'Solo el propietario de la organización puede eliminar esta organización.',

  'organizations.members.title': 'Miembros',
  'organizations.members.description': 'Administra los miembros de tu organización',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Seleccionar todo',
+  'api-keys.permissions.deselect-all': 'Deseleccionar todo',
+  'api-keys.permissions.organizations.title': 'Organizaciones',
+  'api-keys.permissions.organizations.organizations:create': 'Crear organizaciones',
+  'api-keys.permissions.organizations.organizations:read': 'Leer organizaciones',
+  'api-keys.permissions.organizations.organizations:update': 'Actualizar organizaciones',
+  'api-keys.permissions.organizations.organizations:delete': 'Eliminar organizaciones',
  'api-keys.permissions.documents.title': 'Documentos',
  'api-keys.permissions.documents.documents:create': 'Crear documentos',
  'api-keys.permissions.documents.documents:read': 'Leer documentos',
@@ -540,7 +548,8 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'El documento ya existe',
-  'api-errors.document.file_too_big': 'El archivo del documento es demasiado grande',
+  'api-errors.document.size_too_large': 'El archivo es demasiado grande',
+  'api-errors.intake-emails.already_exists': 'Ya existe un correo de ingreso con esta dirección.',
  'api-errors.intake_email.limit_reached': 'Se ha alcanzado el número máximo de correos de ingreso para esta organización. Por favor, mejora tu plan para crear más correos de ingreso.',
  'api-errors.user.max_organization_count_reached': 'Has alcanzado el número máximo de organizaciones que puedes crear, si necesitas crear más, contacta al soporte.',
  'api-errors.default': 'Ocurrió un error al procesar tu solicitud.',
--- a/apps/papra-client/src/locales/fr.dictionary.ts
+++ b/apps/papra-client/src/locales/fr.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Supprimer l\'organisation',
  'organization.settings.delete.confirm.cancel-button': 'Annuler',
  'organization.settings.delete.success': 'Organisation supprimée',
+  'organization.settings.delete.only-owner': 'Seul le propriétaire de l\'organisation peut supprimer cette organisation.',

  'organizations.members.title': 'Membres',
  'organizations.members.description': 'Gérez les membres de votre organisation.',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Tout sélectionner',
+  'api-keys.permissions.deselect-all': 'Tout désélectionner',
+  'api-keys.permissions.organizations.title': 'Organisations',
+  'api-keys.permissions.organizations.organizations:create': 'Créer des organisations',
+  'api-keys.permissions.organizations.organizations:read': 'Lire des organisations',
+  'api-keys.permissions.organizations.organizations:update': 'Mettre à jour des organisations',
+  'api-keys.permissions.organizations.organizations:delete': 'Supprimer des organisations',
  'api-keys.permissions.documents.title': 'Documents',
  'api-keys.permissions.documents.documents:create': 'Créer des documents',
  'api-keys.permissions.documents.documents:read': 'Lire des documents',
@@ -540,7 +548,8 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'Le document existe déjà',
-  'api-errors.document.file_too_big': 'Le fichier du document est trop grand',
+  'api-errors.document.size_too_large': 'Le fichier est trop volumineux',
+  'api-errors.intake-emails.already_exists': 'Un email de réception avec cette adresse existe déjà.',
  'api-errors.intake_email.limit_reached': 'Le nombre maximum d\'emails de réception pour cette organisation a été atteint. Veuillez mettre à niveau votre plan pour créer plus d\'emails de réception.',
  'api-errors.user.max_organization_count_reached': 'Vous avez atteint le nombre maximum d\'organisations que vous pouvez créer, si vous avez besoin de créer plus, veuillez contacter le support.',
  'api-errors.default': 'Une erreur est survenue lors du traitement de votre requête.',
--- a/apps/papra-client/src/locales/it.dictionary.ts
+++ b/apps/papra-client/src/locales/it.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Elimina organizzazione',
  'organization.settings.delete.confirm.cancel-button': 'Annulla',
  'organization.settings.delete.success': 'Organizzazione eliminata',
+  'organization.settings.delete.only-owner': 'Solo il proprietario dell\'organizzazione può eliminare questa organizzazione.',

  'organizations.members.title': 'Membri',
  'organizations.members.description': 'Gestisci i membri della tua organizzazione',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Seleziona tutto',
+  'api-keys.permissions.deselect-all': 'Deseleziona tutto',
+  'api-keys.permissions.organizations.title': 'Organizzazioni',
+  'api-keys.permissions.organizations.organizations:create': 'Crea organizzazioni',
+  'api-keys.permissions.organizations.organizations:read': 'Leggi organizzazioni',
+  'api-keys.permissions.organizations.organizations:update': 'Aggiorna organizzazioni',
+  'api-keys.permissions.organizations.organizations:delete': 'Elimina organizzazioni',
  'api-keys.permissions.documents.title': 'Documenti',
  'api-keys.permissions.documents.documents:create': 'Crea documenti',
  'api-keys.permissions.documents.documents:read': 'Leggi documenti',
@@ -540,7 +548,8 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'Il documento esiste già',
-  'api-errors.document.file_too_big': 'Il file del documento è troppo grande',
+  'api-errors.document.size_too_large': 'Il file è troppo grande',
+  'api-errors.intake-emails.already_exists': 'Un\'email di acquisizione con questo indirizzo esiste già.',
  'api-errors.intake_email.limit_reached': 'È stato raggiunto il numero massimo di email di acquisizione per questa organizzazione. Aggiorna il tuo piano per crearne altre.',
  'api-errors.user.max_organization_count_reached': 'Hai raggiunto il numero massimo di organizzazioni che puoi creare, se hai bisogno di crearne altre contatta il supporto.',
  'api-errors.default': 'Si è verificato un errore durante l\'elaborazione della richiesta.',
--- a/apps/papra-client/src/locales/pl.dictionary.ts
+++ b/apps/papra-client/src/locales/pl.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Usuń organizację',
  'organization.settings.delete.confirm.cancel-button': 'Anuluj',
  'organization.settings.delete.success': 'Organizacja została usunięta',
+  'organization.settings.delete.only-owner': 'Tylko właściciel organizacji może usunąć tę organizację.',

  'organizations.members.title': 'Członkowie',
  'organizations.members.description': 'Zarządzaj członkami swojej organizacji',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Zaznacz wszystko',
+  'api-keys.permissions.deselect-all': 'Odznacz wszystko',
+  'api-keys.permissions.organizations.title': 'Organizacje',
+  'api-keys.permissions.organizations.organizations:create': 'Tworzenie organizacji',
+  'api-keys.permissions.organizations.organizations:read': 'Odczyt organizacji',
+  'api-keys.permissions.organizations.organizations:update': 'Aktualizacja organizacji',
+  'api-keys.permissions.organizations.organizations:delete': 'Usuwanie organizacji',
  'api-keys.permissions.documents.title': 'Dokumenty',
  'api-keys.permissions.documents.documents:create': 'Tworzenie dokumentów',
  'api-keys.permissions.documents.documents:read': 'Odczyt dokumentów',
@@ -540,7 +548,8 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'Dokument już istnieje',
-  'api-errors.document.file_too_big': 'Plik dokumentu jest zbyt duży',
+  'api-errors.document.size_too_large': 'Plik jest zbyt duży',
+  'api-errors.intake-emails.already_exists': 'Adres e-mail do przyjęć z tym adresem już istnieje.',
  'api-errors.intake_email.limit_reached': 'Osiągnięto maksymalną liczbę adresów e-mail do przyjęć dla tej organizacji. Aby utworzyć więcej adresów e-mail do przyjęć, zaktualizuj swój plan.',
  'api-errors.user.max_organization_count_reached': 'Osiągnięto maksymalną liczbę organizacji, które możesz utworzyć. Jeśli potrzebujesz utworzyć więcej, skontaktuj się z pomocą techniczną.',
  'api-errors.default': 'Wystąpił błąd podczas przetwarzania żądania.',
--- a/apps/papra-client/src/locales/pt-BR.dictionary.ts
+++ b/apps/papra-client/src/locales/pt-BR.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Excluir organização',
  'organization.settings.delete.confirm.cancel-button': 'Cancelar',
  'organization.settings.delete.success': 'Organização excluída',
+  'organization.settings.delete.only-owner': 'Apenas o proprietário da organização pode excluir esta organização.',

  'organizations.members.title': 'Membros',
  'organizations.members.description': 'Gerencie os membros da sua organização',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Selecionar tudo',
+  'api-keys.permissions.deselect-all': 'Desmarcar tudo',
+  'api-keys.permissions.organizations.title': 'Organizações',
+  'api-keys.permissions.organizations.organizations:create': 'Criar organizações',
+  'api-keys.permissions.organizations.organizations:read': 'Ler organizações',
+  'api-keys.permissions.organizations.organizations:update': 'Atualizar organizações',
+  'api-keys.permissions.organizations.organizations:delete': 'Excluir organizações',
  'api-keys.permissions.documents.title': 'Documentos',
  'api-keys.permissions.documents.documents:create': 'Criar documentos',
  'api-keys.permissions.documents.documents:read': 'Ler documentos',
@@ -540,7 +548,8 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'O documento já existe',
-  'api-errors.document.file_too_big': 'O arquivo do documento é muito grande',
+  'api-errors.document.size_too_large': 'O arquivo é muito grande',
+  'api-errors.intake-emails.already_exists': 'Um e-mail de entrada com este endereço já existe.',
  'api-errors.intake_email.limit_reached': 'O número máximo de e-mails de entrada para esta organização foi atingido. Faça um upgrade no seu plano para criar mais e-mails de entrada.',
  'api-errors.user.max_organization_count_reached': 'Você atingiu o número máximo de organizações que pode criar. Se precisar criar mais, entre em contato com o suporte.',
  'api-errors.default': 'Ocorreu um erro ao processar sua solicitação.',
--- a/apps/papra-client/src/locales/pt.dictionary.ts
+++ b/apps/papra-client/src/locales/pt.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Eliminar organização',
  'organization.settings.delete.confirm.cancel-button': 'Cancelar',
  'organization.settings.delete.success': 'Organização eliminada',
+  'organization.settings.delete.only-owner': 'Apenas o proprietário da organização pode eliminar esta organização.',

  'organizations.members.title': 'Membros',
  'organizations.members.description': 'Gira os membros da sua organização',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Selecionar tudo',
+  'api-keys.permissions.deselect-all': 'Desselecionar tudo',
+  'api-keys.permissions.organizations.title': 'Organizações',
+  'api-keys.permissions.organizations.organizations:create': 'Criar organizações',
+  'api-keys.permissions.organizations.organizations:read': 'Ler organizações',
+  'api-keys.permissions.organizations.organizations:update': 'Atualizar organizações',
+  'api-keys.permissions.organizations.organizations:delete': 'Eliminar organizações',
  'api-keys.permissions.documents.title': 'Documentos',
  'api-keys.permissions.documents.documents:create': 'Criar documentos',
  'api-keys.permissions.documents.documents:read': 'Ler documentos',
@@ -540,7 +548,8 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'O documento já existe',
-  'api-errors.document.file_too_big': 'O arquivo do documento é muito grande',
+  'api-errors.document.size_too_large': 'O arquivo é muito grande',
+  'api-errors.intake-emails.already_exists': 'Um e-mail de entrada com este endereço já existe.',
  'api-errors.intake_email.limit_reached': 'O número máximo de e-mails de entrada para esta organização foi atingido. Faça um upgrade no seu plano para criar mais e-mails de entrada.',
  'api-errors.user.max_organization_count_reached': 'Atingiu o número máximo de organizações que pode criar. Se precisar de criar mais, entre em contato com o suporte.',
  'api-errors.default': 'Ocorreu um erro ao processar a solicitação.',
--- a/apps/papra-client/src/locales/ro.dictionary.ts
+++ b/apps/papra-client/src/locales/ro.dictionary.ts
@@ -143,6 +143,7 @@ export const translations: Partial<TranslationsDictionary> = {
  'organization.settings.delete.confirm.confirm-button': 'Șterge organizație',
  'organization.settings.delete.confirm.cancel-button': 'Anulează',
  'organization.settings.delete.success': 'Organizație ștearsă cu succes',
+  'organization.settings.delete.only-owner': 'Doar proprietarul organizației poate șterge această organizație.',

  'organizations.members.title': 'Membri',
  'organizations.members.description': 'Gestionează membrii organizației tale',
@@ -417,6 +418,13 @@ export const translations: Partial<TranslationsDictionary> = {

  // API keys

+  'api-keys.permissions.select-all': 'Selectează tot',
+  'api-keys.permissions.deselect-all': 'Deselectează tot',
+  'api-keys.permissions.organizations.title': 'Organizații',
+  'api-keys.permissions.organizations.organizations:create': 'Creează organizații',
+  'api-keys.permissions.organizations.organizations:read': 'Citește organizații',
+  'api-keys.permissions.organizations.organizations:update': 'Actualizează organizații',
+  'api-keys.permissions.organizations.organizations:delete': 'Șterge organizații',
  'api-keys.permissions.documents.title': 'Documente',
  'api-keys.permissions.documents.documents:create': 'Creează documente',
  'api-keys.permissions.documents.documents:read': 'Citește documente',
@@ -540,7 +548,8 @@ export const translations: Partial<TranslationsDictionary> = {
  // API errors

  'api-errors.document.already_exists': 'Documentul există deja',
-  'api-errors.document.file_too_big': 'Fișierul documentului este prea mare',
+  'api-errors.document.size_too_large': 'Fișierul este prea mare',
+  'api-errors.intake-emails.already_exists': 'Un email de primire cu această adresă există deja.',
  'api-errors.intake_email.limit_reached': 'Numărul maxim de email-uri de primire pentru această organizație a fost atins. Te rugăm să-ți îmbunătățești planul pentru a crea mai multe email-uri de primire.',
  'api-errors.user.max_organization_count_reached': 'Ai atins numărul maxim de organizații pe care le poți crea. Dacă ai nevoie să creezi mai multe, te rugăm să contactezi asistența.',
  'api-errors.default': 'A apărut o eroare la procesarea cererii.',
--- a/apps/papra-client/src/modules/api-keys/api-keys.constants.ts
+++ b/apps/papra-client/src/modules/api-keys/api-keys.constants.ts
@@ -5,6 +5,15 @@
 // } as const;

 export const API_KEY_PERMISSIONS = [
+  {
+    section: 'organizations',
+    permissions: [
+      'organizations:create',
+      'organizations:read',
+      'organizations:update',
+      'organizations:delete',
+    ],
+  },
  {
    section: 'documents',
    permissions: [
--- a/apps/papra-client/src/modules/api-keys/components/api-key-permissions-picker.component.tsx
+++ b/apps/papra-client/src/modules/api-keys/components/api-key-permissions-picker.component.tsx
@@ -2,6 +2,7 @@ import type { Component } from 'solid-js';
 import type { TranslationKeys } from '@/modules/i18n/locales.types';
 import { createSignal, For } from 'solid-js';
 import { useI18n } from '@/modules/i18n/i18n.provider';
+import { Button } from '@/modules/ui/components/button';
 import { Checkbox, CheckboxControl, CheckboxLabel } from '@/modules/ui/components/checkbox';
 import { API_KEY_PERMISSIONS } from '../api-keys.constants';

@@ -42,14 +43,36 @@ export const ApiKeyPermissionsPicker: Component<{ permissions: string[]; onChang
    props.onChange(permissions());
  };

+  const toggleSection = (sectionName: typeof API_KEY_PERMISSIONS[number]['section']) => {
+    const section = API_KEY_PERMISSIONS.find(s => s.section === sectionName);
+    if (!section) {
+      return;
+    }
+
+    const sectionPermissions: ReadonlyArray<string> = section.permissions;
+    const currentPermissions = permissions();
+
+    const allSelected = sectionPermissions.every(p => currentPermissions.includes(p));
+
+    setPermissions((prev) => {
+      if (allSelected) {
+        return [...prev.filter(p => !sectionPermissions.includes(p))];
+      }
+
+      return [...new Set([...prev, ...sectionPermissions])];
+    });
+  };
+
  return (
-    <div class="grid grid-cols-1 sm:grid-cols-2 gap-4">
+    <div class="p-6 pb-8 border rounded-md mt-2">
+
+      <div class="flex flex-col gap-6">
        <For each={getPermissionsSections()}>
          {section => (
            <div>
-            <p class="text-muted-foreground text-xs">{section.title}</p>
+              <Button variant="link" class="text-muted-foreground text-xs p-0 h-auto hover:no-underline" onClick={() => toggleSection(section.section)}>{section.title}</Button>

-            <div class="pl-4 flex flex-col gap-4 mt-4">
+              <div class="pl-4 flex flex-col mt-2">
                <For each={section.permissions}>
                  {permission => (
                    <Checkbox
@@ -59,7 +82,7 @@ export const ApiKeyPermissionsPicker: Component<{ permissions: string[]; onChang
                    >
                      <CheckboxControl />
                      <div class="flex flex-col gap-1">
-                      <CheckboxLabel class="text-sm leading-none">
+                        <CheckboxLabel class="text-sm leading-none py-1">
                          {permission.description}
                        </CheckboxLabel>
                      </div>
@@ -71,5 +94,27 @@ export const ApiKeyPermissionsPicker: Component<{ permissions: string[]; onChang
          )}
        </For>
      </div>
+
+      <div class="flex items-center gap-2 mt-6 border-t pt-6">
+        <Button
+          variant="outline"
+          size="sm"
+          class="disabled:(op-100! border-op-50 text-muted-foreground)"
+          onClick={() => setPermissions(API_KEY_PERMISSIONS.flatMap(section => section.permissions))}
+          disabled={permissions().length === API_KEY_PERMISSIONS.flatMap(section => section.permissions).length}
+        >
+          {t('api-keys.permissions.select-all')}
+        </Button>
+        <Button
+          variant="outline"
+          size="sm"
+          class="disabled:(op-100! border-op-50 text-muted-foreground)"
+          onClick={() => setPermissions([])}
+          disabled={permissions().length === 0}
+        >
+          {t('api-keys.permissions.deselect-all')}
+        </Button>
+      </div>
+    </div>
  );
 };
--- a/apps/papra-client/src/modules/api-keys/pages/create-api-key.page.tsx
+++ b/apps/papra-client/src/modules/api-keys/pages/create-api-key.page.tsx
@@ -96,9 +96,7 @@ export const CreateApiKeyPage: Component = () => {
              <div>
                <p class="text-sm font-bold">{t('api-keys.create.form.permissions.label')}</p>

-                <div class="p-6 pb-8 border rounded-md mt-2">
                <ApiKeyPermissionsPicker permissions={field.value ?? []} onChange={permissions => setValue(form, 'permissions', permissions)} />
-                </div>

                {field.error && <div class="text-red-500 text-sm">{field.error}</div>}
              </div>
--- a/apps/papra-client/src/modules/config/config.ts
+++ b/apps/papra-client/src/modules/config/config.ts
@@ -38,6 +38,9 @@ export const buildTimeConfig = {
    isEnabled: asBoolean(import.meta.env.VITE_INTAKE_EMAILS_IS_ENABLED, false),
  },
  isSubscriptionsEnabled: asBoolean(import.meta.env.VITE_IS_SUBSCRIPTIONS_ENABLED, false),
+  documentsStorage: {
+    maxUploadSize: asNumber(import.meta.env.VITE_DOCUMENTS_STORAGE_MAX_UPLOAD_SIZE, 10 * 1024 * 1024),
+  },
 } as const;

 export type Config = typeof buildTimeConfig;
--- a/apps/papra-client/src/modules/documents/components/document-import-status.component.tsx
+++ b/apps/papra-client/src/modules/documents/components/document-import-status.component.tsx
@@ -5,6 +5,7 @@ import { A } from '@solidjs/router';
 import { throttle } from 'lodash-es';
 import { createContext, createSignal, For, Match, Show, Switch, useContext } from 'solid-js';
 import { Portal } from 'solid-js/web';
+import { useConfig } from '@/modules/config/config.provider';
 import { useI18n } from '@/modules/i18n/i18n.provider';
 import { promptUploadFiles } from '@/modules/shared/files/upload';
 import { useI18nApiErrors } from '@/modules/shared/http/composables/i18n-api-errors';
@@ -57,6 +58,7 @@ export const DocumentUploadProvider: ParentComponent = (props) => {
  const throttledInvalidateOrganizationDocumentsQuery = throttle(invalidateOrganizationDocumentsQuery, 500);
  const { getErrorMessage } = useI18nApiErrors();
  const { t } = useI18n();
+  const { config } = useConfig();

  const [getState, setState] = createSignal<'open' | 'closed' | 'collapsed'>('closed');
  const [getTasks, setTasks] = createSignal<Task[]>([]);
@@ -70,8 +72,14 @@ export const DocumentUploadProvider: ParentComponent = (props) => {
    setState('open');

    await Promise.all(files.map(async (file) => {
+      const { maxUploadSize } = config.documentsStorage;
      updateTaskStatus({ file, status: 'uploading' });

+      if (maxUploadSize > 0 && file.size > maxUploadSize) {
+        updateTaskStatus({ file, status: 'error', error: Object.assign(new Error('File too large'), { code: 'document.size_too_large' }) });
+        return;
+      }
+
      const [result, error] = await safely(uploadDocument({ file, organizationId }));

      if (error) {
--- a/apps/papra-client/src/modules/documents/components/document-upload-area.component.tsx
+++ b/apps/papra-client/src/modules/documents/components/document-upload-area.component.tsx
@@ -1,11 +1,9 @@
 import type { Component } from 'solid-js';
 import { useParams } from '@solidjs/router';
 import { createSignal } from 'solid-js';
-import { promptUploadFiles } from '@/modules/shared/files/upload';
-import { queryClient } from '@/modules/shared/query/query-client';
 import { cn } from '@/modules/shared/style/cn';
 import { Button } from '@/modules/ui/components/button';
-import { uploadDocument } from '../documents.services';
+import { useDocumentUpload } from './document-import-status.component';

 export const DocumentUploadArea: Component<{ organizationId?: string }> = (props) => {
  const [isDragging, setIsDragging] = createSignal(false);
@@ -13,21 +11,7 @@ export const DocumentUploadArea: Component<{ organizationId?: string }> = (props

  const getOrganizationId = () => props.organizationId ?? params.organizationId;

-  const uploadFiles = async ({ files }: { files: File[] }) => {
-    for (const file of files) {
-      await uploadDocument({ file, organizationId: getOrganizationId() });
-    }
-
-    await queryClient.invalidateQueries({
-      queryKey: ['organizations', getOrganizationId(), 'documents'],
-      refetchType: 'all',
-    });
-  };
-
-  const promptImport = async () => {
-    const { files } = await promptUploadFiles();
-    await uploadFiles({ files });
-  };
+  const { promptImport, uploadDocuments } = useDocumentUpload({ getOrganizationId });

  const handleDragOver = (event: DragEvent) => {
    event.preventDefault();
@@ -46,7 +30,7 @@ export const DocumentUploadArea: Component<{ organizationId?: string }> = (props
    }

    const files = [...event.dataTransfer.files].filter(file => file.type === 'application/pdf');
-    await uploadFiles({ files });
+    await uploadDocuments({ files });
  };

  return (
--- a/apps/papra-client/src/modules/documents/documents.composables.tsx
+++ b/apps/papra-client/src/modules/documents/documents.composables.tsx
@@ -1,13 +1,9 @@
 import type { Document } from './documents.types';
-import { safely } from '@corentinth/chisels';
-import { throttle } from 'lodash-es';
 import { createSignal } from 'solid-js';
 import { useConfirmModal } from '../shared/confirm';
-import { promptUploadFiles } from '../shared/files/upload';
-import { isHttpErrorWithCode } from '../shared/http/http-errors';
 import { queryClient } from '../shared/query/query-client';
 import { createToast } from '../ui/components/sonner';
-import { deleteDocument, restoreDocument, uploadDocument } from './documents.services';
+import { deleteDocument, restoreDocument } from './documents.services';

 export function invalidateOrganizationDocumentsQuery({ organizationId }: { organizationId: string }) {
  return queryClient.invalidateQueries({
@@ -76,57 +72,3 @@ export function useRestoreDocument() {
    },
  };
 }
-
-function toastUploadError({ error, file }: { error: Error; file: File }) {
-  if (isHttpErrorWithCode({ error, code: 'document.already_exists' })) {
-    createToast({
-      type: 'error',
-      message: 'Document already exists',
-      description: `The document ${file.name} already exists, it has not been uploaded.`,
-    });
-
-    return;
-  }
-
-  if (isHttpErrorWithCode({ error, code: 'document.file_too_big' })) {
-    createToast({
-      type: 'error',
-      message: 'Document too big',
-      description: `The document ${file.name} is too big, it has not been uploaded.`,
-    });
-
-    return;
-  }
-
-  createToast({
-    type: 'error',
-    message: 'Failed to upload document',
-    description: error.message,
-  });
-}
-
-export function useUploadDocuments({ organizationId }: { organizationId: string }) {
-  const uploadDocuments = async ({ files }: { files: File[] }) => {
-    const throttledInvalidateOrganizationDocumentsQuery = throttle(invalidateOrganizationDocumentsQuery, 500);
-
-    await Promise.all(files.map(async (file) => {
-      const [, error] = await safely(uploadDocument({ file, organizationId }));
-
-      if (error) {
-        toastUploadError({ error, file });
-      }
-
-      await throttledInvalidateOrganizationDocumentsQuery({ organizationId });
-    }),
-    );
-  };
-
-  return {
-    uploadDocuments,
-    promptImport: async () => {
-      const { files } = await promptUploadFiles();
-
-      await uploadDocuments({ files });
-    },
-  };
-}
--- a/apps/papra-client/src/modules/documents/pages/document.page.tsx
+++ b/apps/papra-client/src/modules/documents/pages/document.page.tsx
@@ -214,15 +214,6 @@ export const DocumentPage: Component = () => {
                      {t('documents.actions.download')}
                    </Button>

-                    <Button
-                      variant="outline"
-                      onClick={() => window.open(getDataUrl()!, '_blank')}
-                      size="sm"
-                    >
-                      <div class="i-tabler-eye size-4 mr-2"></div>
-                      {t('documents.actions.open-in-new-tab')}
-                    </Button>
-
                    {getDocument().isDeleted
                      ? (
                          <Button
--- a/apps/papra-client/src/modules/i18n/locales.types.ts
+++ b/apps/papra-client/src/modules/i18n/locales.types.ts
@@ -1,5 +1,4 @@
-import { translations as defaultTranslations } from '@/locales/en.dictionary';
+import type { translations as defaultTranslations } from '@/locales/en.dictionary';

 export type TranslationKeys = keyof typeof defaultTranslations;
 export type TranslationsDictionary = Record<TranslationKeys, string>;
- 
--- a/apps/papra-client/src/modules/intake-emails/pages/intake-emails.page.tsx
+++ b/apps/papra-client/src/modules/intake-emails/pages/intake-emails.page.tsx
@@ -10,7 +10,7 @@ import { useConfig } from '@/modules/config/config.provider';
 import { useI18n } from '@/modules/i18n/i18n.provider';
 import { useConfirmModal } from '@/modules/shared/confirm';
 import { createForm } from '@/modules/shared/form/form';
-import { isHttpErrorWithCode } from '@/modules/shared/http/http-errors';
+import { useI18nApiErrors } from '@/modules/shared/http/composables/i18n-api-errors';
 import { queryClient } from '@/modules/shared/query/query-client';
 import { cn } from '@/modules/shared/style/cn';
 import { Alert, AlertDescription } from '@/modules/ui/components/alert';
@@ -187,6 +187,7 @@ export const IntakeEmailsPage: Component = () => {

  const params = useParams();
  const { confirm } = useConfirmModal();
+  const { getErrorMessage } = useI18nApiErrors({ t });

  const query = useQuery(() => ({
    queryKey: ['organizations', params.organizationId, 'intake-emails'],
@@ -196,16 +197,12 @@ export const IntakeEmailsPage: Component = () => {
  const createEmail = async () => {
    const [,error] = await safely(createIntakeEmail({ organizationId: params.organizationId }));

-    if (isHttpErrorWithCode({ error, code: 'intake_email.limit_reached' })) {
+    if (error) {
      createToast({
-        message: t('api-errors.intake_email.limit_reached'),
+        message: getErrorMessage({ error }),
        type: 'error',
      });

-      return;
-    }
-
-    if (error) {
      throw error;
    }

--- a/apps/papra-client/src/modules/organizations/pages/organization.page.tsx
+++ b/apps/papra-client/src/modules/organizations/pages/organization.page.tsx
@@ -3,9 +3,9 @@ import { formatBytes } from '@corentinth/chisels';
 import { useParams } from '@solidjs/router';
 import { createQueries, keepPreviousData } from '@tanstack/solid-query';
 import { createSignal, Show, Suspense } from 'solid-js';
+import { useDocumentUpload } from '@/modules/documents/components/document-import-status.component';
 import { DocumentUploadArea } from '@/modules/documents/components/document-upload-area.component';
 import { createdAtColumn, DocumentsPaginatedList, standardActionsColumn, tagsColumn } from '@/modules/documents/components/documents-list.component';
-import { useUploadDocuments } from '@/modules/documents/documents.composables';
 import { fetchOrganizationDocuments, getOrganizationDocumentsStats } from '@/modules/documents/documents.services';
 import { useI18n } from '@/modules/i18n/i18n.provider';
 import { Button } from '@/modules/ui/components/button';
@@ -32,7 +32,7 @@ export const OrganizationPage: Component = () => {
    ],
  }));

-  const { promptImport } = useUploadDocuments({ organizationId: params.organizationId });
+  const { promptImport } = useDocumentUpload({ getOrganizationId: () => params.organizationId });

  return (
    <div class="p-6 mt-4 pb-32 max-w-5xl mx-auto">
--- a/apps/papra-client/src/modules/organizations/pages/organizations-settings.page.tsx
+++ b/apps/papra-client/src/modules/organizations/pages/organizations-settings.page.tsx
@@ -15,7 +15,7 @@ import { Button } from '@/modules/ui/components/button';
 import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from '@/modules/ui/components/card';
 import { createToast } from '@/modules/ui/components/sonner';
 import { TextField, TextFieldLabel, TextFieldRoot } from '@/modules/ui/components/textfield';
-import { useDeleteOrganization, useUpdateOrganization } from '../organizations.composables';
+import { useCurrentUserRole, useDeleteOrganization, useUpdateOrganization } from '../organizations.composables';
 import { organizationNameSchema } from '../organizations.schemas';
 import { fetchOrganization } from '../organizations.services';

@@ -24,6 +24,8 @@ const DeleteOrganizationCard: Component<{ organization: Organization }> = (props
  const { confirm } = useConfirmModal();
  const { t } = useI18n();

+  const { getIsOwner, query } = useCurrentUserRole({ organizationId: props.organization.id });
+
  const handleDelete = async () => {
    const confirmed = await confirm({
      title: t('organization.settings.delete.confirm.title'),
@@ -54,10 +56,16 @@ const DeleteOrganizationCard: Component<{ organization: Organization }> = (props
          </CardDescription>
        </CardHeader>

-        <CardFooter class="pt-6">
-          <Button onClick={handleDelete} variant="destructive">
+        <CardFooter class="pt-6 gap-4">
+          <Button onClick={handleDelete} variant="destructive" disabled={!getIsOwner()}>
            {t('organization.settings.delete.confirm.confirm-button')}
          </Button>
+
+          <Show when={query.isSuccess && !getIsOwner()}>
+            <span class="text-sm text-muted-foreground">
+              {t('organization.settings.delete.only-owner')}
+            </span>
+          </Show>
        </CardFooter>
      </Card>
    </div>
--- a/apps/papra-client/src/modules/shared/http/composables/i18n-api-errors.ts
+++ b/apps/papra-client/src/modules/shared/http/composables/i18n-api-errors.ts
@@ -1,5 +1,6 @@
 import type { TranslationKeys } from '@/modules/i18n/locales.types';
 import { get } from 'lodash-es';
+import { FetchError } from 'ofetch';
 import { useI18n } from '@/modules/i18n/i18n.provider';

 function codeToKey(code: string): TranslationKeys {
@@ -30,6 +31,11 @@ export function useI18nApiErrors({ t = useI18n().t }: { t?: ReturnType<typeof us
        return translation;
      }

+      // Fetch error message is not helpful
+      if (error instanceof FetchError) {
+        return getDefaultErrorMessage();
+      }
+
      if (typeof error === 'object' && error && 'message' in error && typeof error.message === 'string') {
        return error.message;
      }
--- a/apps/papra-client/vitest.config.ts
+++ b/apps/papra-client/vitest.config.ts
@@ -0,0 +1,9 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    env: {
+      TZ: 'UTC',
+    },
+  },
+});
--- a/apps/papra-server/CHANGELOG.md
+++ b/apps/papra-server/CHANGELOG.md
@@ -1,5 +1,62 @@
 # @papra/app-server

+## 0.9.5
+
+### Patch Changes
+
+- [#521](https://github.com/papra-hq/papra/pull/521) [`b287723`](https://github.com/papra-hq/papra/commit/b28772317c3662555e598755b85597d6cd5aeea1) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Properly handle file names encoding (utf8 instead of latin1) to support non-ASCII characters.
+
+- [#517](https://github.com/papra-hq/papra/pull/517) [`a3f9f05`](https://github.com/papra-hq/papra/commit/a3f9f05c664b4995b62db59f2e9eda8a3bfef0de) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Prevented organization deletion by non-organization owner
+
+## 0.9.4
+
+### Patch Changes
+
+- [#508](https://github.com/papra-hq/papra/pull/508) [`782f70f`](https://github.com/papra-hq/papra/commit/782f70ff663634bf9ff7218edabb9885a7c6f965) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added an option to disable PRAGMA statements from sqlite task service migrations
+
+- [#510](https://github.com/papra-hq/papra/pull/510) [`ab6fd6a`](https://github.com/papra-hq/papra/commit/ab6fd6ad10387f1dcd626936efc195d9d58d40ec) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added fallbacks env variables for the task worker id
+
+- [#512](https://github.com/papra-hq/papra/pull/512) [`cb3ce6b`](https://github.com/papra-hq/papra/commit/cb3ce6b1d8d5dba09cbf0d2964f14b1c93220571) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added organizations permissions for api keys
+
+## 0.9.3
+
+### Patch Changes
+
+- [#506](https://github.com/papra-hq/papra/pull/506) [`6bcb2a7`](https://github.com/papra-hq/papra/commit/6bcb2a71e990d534dd12d84e64a38f2b2baea25a) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added the possibility to define patterns for email intake username generation
+
+- [#504](https://github.com/papra-hq/papra/pull/504) [`936bc2b`](https://github.com/papra-hq/papra/commit/936bc2bd0a788e4fb0bceb6d14810f9f8734097b) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Split the intake-email username generation from the email address creation, some changes regarding the configuration when using the `random` driver.
+
+  ```env
+  # Old configuration
+  INTAKE_EMAILS_DRIVER=random-username
+  INTAKE_EMAILS_EMAIL_GENERATION_DOMAIN=mydomain.com
+
+  # New configuration
+  INTAKE_EMAILS_DRIVER=catch-all
+  INTAKE_EMAILS_CATCH_ALL_DOMAIN=mydomain.com
+  INTAKE_EMAILS_USERNAME_DRIVER=random
+  ```
+
+- [#504](https://github.com/papra-hq/papra/pull/504) [`936bc2b`](https://github.com/papra-hq/papra/commit/936bc2bd0a788e4fb0bceb6d14810f9f8734097b) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added the possibility to configure OwlRelay domain
+
+## 0.9.2
+
+### Patch Changes
+
+- [#493](https://github.com/papra-hq/papra/pull/493) [`ed4d7e4`](https://github.com/papra-hq/papra/commit/ed4d7e4a00b2ca2c7fe808201c322f957d6ed990) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Fix to allow cross docker volume file moving when consumption is done
+
+- [#500](https://github.com/papra-hq/papra/pull/500) [`208a561`](https://github.com/papra-hq/papra/commit/208a561668ed2d1019430a9f4f5c5d3fd4cde603) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added the possibility to define a Libsql/Sqlite driver for the tasks service
+
+- [#499](https://github.com/papra-hq/papra/pull/499) [`40cb1d7`](https://github.com/papra-hq/papra/commit/40cb1d71d5e52c40aab7ea2c6bc222cea6d55b70) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Enhanced security by serving files as attachement and with an octet-stream content type
+
+## 0.9.1
+
+### Patch Changes
+
+- [#492](https://github.com/papra-hq/papra/pull/492) [`54514e1`](https://github.com/papra-hq/papra/commit/54514e15db5deaffc59dcba34929b5e2e74282e1) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Added a client side guard for rejecting too-big files
+
+- [#491](https://github.com/papra-hq/papra/pull/491) [`bb9d555`](https://github.com/papra-hq/papra/commit/bb9d5556d3f16225ae40ca4d39600999e819b2c4) Thanks [@CorentinTh](https://github.com/CorentinTh)! - Fix cleanup state when a too-big-file is uploaded
+
 ## 0.9.0

 ### Minor Changes
--- a/apps/papra-server/package.json
+++ b/apps/papra-server/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@papra/app-server",
  "type": "module",
-  "version": "0.9.0",
+  "version": "0.9.5",
  "private": true,
  "packageManager": "pnpm@10.12.3",
  "description": "Papra app server",
@@ -42,6 +42,7 @@
    "@aws-sdk/lib-storage": "^3.835.0",
    "@azure/storage-blob": "^12.27.0",
    "@cadence-mq/core": "^0.2.1",
+    "@cadence-mq/driver-libsql": "^0.2.4",
    "@cadence-mq/driver-memory": "^0.2.0",
    "@corentinth/chisels": "^1.3.1",
    "@corentinth/friendly-ids": "^0.0.1",
@@ -54,6 +55,7 @@
    "@papra/lecture": "workspace:*",
    "@papra/webhooks": "workspace:*",
    "@paralleldrive/cuid2": "^2.2.2",
+    "@sindresorhus/slugify": "^3.0.0",
    "better-auth": "catalog:",
    "busboy": "^1.6.0",
    "c12": "^3.0.4",
@@ -61,7 +63,7 @@
    "date-fns": "^4.1.0",
    "drizzle-kit": "^0.30.6",
    "drizzle-orm": "^0.38.4",
-    "figue": "^2.2.3",
+    "figue": "^3.1.1",
    "hono": "^4.8.2",
    "lodash-es": "^4.17.21",
    "mime-types": "^3.0.1",
--- a/apps/papra-server/src/index.ts
+++ b/apps/papra-server/src/index.ts
@@ -21,6 +21,8 @@ const { db, client } = setupDatabase(config.database);
 const documentsStorageService = createDocumentStorageService({ documentStorageConfig: config.documentsStorage });

 const taskServices = createTaskServices({ config });
+await taskServices.initialize();
+
 const { app } = await createServer({ config, db, taskServices, documentsStorageService });

 const server = serve(
--- a/apps/papra-server/src/modules/api-keys/api-keys.constants.ts
+++ b/apps/papra-server/src/modules/api-keys/api-keys.constants.ts
@@ -5,8 +5,15 @@ export const API_KEY_ID_REGEX = createPrefixedIdRegex({ prefix: API_KEY_ID_PREFI

 export const API_KEY_PREFIX = 'ppapi';
 export const API_KEY_TOKEN_LENGTH = 64;
+export const API_KEY_TOKEN_REGEX = new RegExp(`^${API_KEY_PREFIX}_[A-Za-z0-9]{${API_KEY_TOKEN_LENGTH}}$`);

 export const API_KEY_PERMISSIONS = {
+  ORGANIZATIONS: {
+    CREATE: 'organizations:create',
+    READ: 'organizations:read',
+    UPDATE: 'organizations:update',
+    DELETE: 'organizations:delete',
+  },
  DOCUMENTS: {
    CREATE: 'documents:create',
    READ: 'documents:read',
--- a/apps/papra-server/src/modules/api-keys/api-keys.middlewares.ts
+++ b/apps/papra-server/src/modules/api-keys/api-keys.middlewares.ts
@@ -4,6 +4,7 @@ import { createMiddleware } from 'hono/factory';
 import { createUnauthorizedError } from '../app/auth/auth.errors';
 import { getAuthorizationHeader } from '../shared/headers/headers.models';
 import { isNil } from '../shared/utils';
+import { looksLikeAnApiKey } from './api-keys.models';
 import { createApiKeysRepository } from './api-keys.repository';
 import { getApiKey } from './api-keys.usecases';

@@ -31,8 +32,7 @@ export function createApiKeyMiddleware({ db }: { db: Database }) {
      throw createUnauthorizedError();
    }

-    if (isNil(token)) {
-      // For type safety
+    if (!looksLikeAnApiKey(token)) {
      throw createUnauthorizedError();
    }

--- a/apps/papra-server/src/modules/api-keys/api-keys.models.test.ts
+++ b/apps/papra-server/src/modules/api-keys/api-keys.models.test.ts
@@ -1,5 +1,6 @@
 import { describe, expect, test } from 'vitest';
-import { getApiKeyUiPrefix } from './api-keys.models';
+import { getApiKeyUiPrefix, looksLikeAnApiKey } from './api-keys.models';
+import { generateApiToken } from './api-keys.services';

 describe('api-keys models', () => {
  describe('getApiKeyUiPrefix', () => {
@@ -11,4 +12,39 @@ describe('api-keys models', () => {
      );
    });
  });
+
+  describe('looksLikeAnApiKey', () => {
+    test(`validate that a token looks like an api key
+        - it starts with the api key prefix
+        - it has the correct length
+        - it only contains alphanumeric characters`, () => {
+      expect(
+        looksLikeAnApiKey('ppapi_29qxv9eCbRkQQGhwrVZCEXEFjOYpXZX07G4vDK4HT03Jp7fVHyJx1b0l6e1LIEPD'),
+      ).toBe(true);
+
+      expect(
+        looksLikeAnApiKey(''),
+      ).toBe(false);
+
+      expect(
+        looksLikeAnApiKey('ppapi_'),
+      ).toBe(false);
+
+      expect(
+        looksLikeAnApiKey('ppapi_29qxv9eCbRkQQGhwrVZCEXEFjOYpXZX07G4vDK4HT03Jp7fVHyJx1b0l6e1LIEPD_extra'),
+      ).toBe(false);
+
+      expect(
+        looksLikeAnApiKey('invalidprefix_29qxv9eCbRkQQGhwrVZCEXEFjOYpXZX07G4vDK4HT03Jp7fVHyJx1b0l6e1LIEPD'),
+      ).toBe(false);
+    });
+
+    test('a freshly generated token should always look like an api key', () => {
+      const { token } = generateApiToken();
+
+      expect(
+        looksLikeAnApiKey(token),
+      ).toBe(true);
+    });
+  });
 });
--- a/apps/papra-server/src/modules/api-keys/api-keys.models.ts
+++ b/apps/papra-server/src/modules/api-keys/api-keys.models.ts
@@ -1,5 +1,6 @@
 import { sha256 } from '../shared/crypto/hash';
-import { API_KEY_PREFIX } from './api-keys.constants';
+import { isNil } from '../shared/utils';
+import { API_KEY_PREFIX, API_KEY_TOKEN_REGEX } from './api-keys.constants';

 export function getApiKeyUiPrefix({ token }: { token: string }) {
  return {
@@ -12,3 +13,12 @@ export function getApiKeyHash({ token }: { token: string }) {
    keyHash: sha256(token, { digest: 'base64url' }),
  };
 }
+
+// Positional argument as TS does not like named argument with type guards
+export function looksLikeAnApiKey(token?: string | null | undefined): token is string {
+  if (isNil(token)) {
+    return false;
+  }
+
+  return API_KEY_TOKEN_REGEX.test(token);
+}
--- a/apps/papra-server/src/modules/app/auth/auth.routes.ts
+++ b/apps/papra-server/src/modules/app/auth/auth.routes.ts
@@ -1,7 +1,7 @@
 import type { Context, RouteDefinitionContext } from '../server.types';
 import type { Session } from './auth.types';
 import { get } from 'lodash-es';
-import { isDefined } from '../../shared/utils';
+import { isDefined, isString } from '../../shared/utils';

 export function registerAuthRoutes({ app, auth, config }: RouteDefinitionContext) {
  app.on(
@@ -26,7 +26,7 @@ export function registerAuthRoutes({ app, auth, config }: RouteDefinitionContext
    app.use('*', async (context: Context, next) => {
      const overrideUserId: unknown = get(context.env, 'loggedInUserId');

-      if (isDefined(overrideUserId) && typeof overrideUserId === 'string') {
+      if (isDefined(overrideUserId) && isString(overrideUserId)) {
        context.set('userId', overrideUserId);
        context.set('session', {} as Session);
        context.set('authType', 'session');
--- a/apps/papra-server/src/modules/config/config.models.test.ts
+++ b/apps/papra-server/src/modules/config/config.models.test.ts
@@ -69,6 +69,9 @@ describe('config models', () => {
          intakeEmails: {
            isEnabled: true,
          },
+          documentsStorage: {
+            maxUploadSize: 10485760,
+          },
        },
      });
    });
--- a/apps/papra-server/src/modules/config/config.models.ts
+++ b/apps/papra-server/src/modules/config/config.models.ts
@@ -13,6 +13,7 @@ export function getPublicConfig({ config }: { config: Config }) {
      'auth.providers.github.isEnabled',
      'auth.providers.google.isEnabled',
      'documents.deletedDocumentsRetentionDays',
+      'documentsStorage.maxUploadSize',
      'intakeEmails.isEnabled',
    ]),
    {
--- a/apps/papra-server/src/modules/config/config.ts
+++ b/apps/papra-server/src/modules/config/config.ts
@@ -15,6 +15,7 @@ import { intakeEmailsConfig } from '../intake-emails/intake-emails.config';
 import { organizationsConfig } from '../organizations/organizations.config';
 import { organizationPlansConfig } from '../plans/plans.config';
 import { createLogger } from '../shared/logger/logger';
+import { isString } from '../shared/utils';
 import { subscriptionsConfig } from '../subscriptions/subscriptions.config';
 import { tasksConfig } from '../tasks/tasks.config';
 import { trackingConfig } from '../tracking/tracking.config';
@@ -71,7 +72,7 @@ export const configDefinition = {
      schema: z.union([
        z.string(),
        z.array(z.string()),
-      ]).transform(value => (typeof value === 'string' ? value.split(',') : value)),
+      ]).transform(value => (isString(value) ? value.split(',') : value)),
      default: ['http://localhost:3000'],
      env: 'SERVER_CORS_ORIGINS',
    },
--- a/apps/papra-server/src/modules/documents/documents.constants.test.ts
+++ b/apps/papra-server/src/modules/documents/documents.constants.test.ts
@@ -0,0 +1,21 @@
+import { Buffer } from 'node:buffer';
+import { describe, expect, test } from 'vitest';
+import { MULTIPART_FORM_DATA_SINGLE_FILE_CONTENT_LENGTH_OVERHEAD } from './documents.constants';
+
+const unusuallyLongFileName = 'an-unusually-long-file-name-in-order-to-test-the-content-length-header-with-the-metadata-that-are-included-in-the-form-data-so-lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-sed-do-eiusmod-tempor-incididunt-ut-labore-et-dolore-magna-aliqua-ut-enim-ad-minim-veniam-quis-nostrud-exercitation-ullamco-laboris-nisi-ut-aliquip-ex-ea-commodo-consequat-duis-aute-irure-dolor-in-reprehenderit-in-voluptate-velit-esse-cillum-dolore-eu-fugiat-nulla-pariatur-excepteur-sint-occaecat-proident-in-voluptate-velit-esse-cillum-dolore-eu-fugiat-nulla-pariatur-excepteur-sint-occaecat-proident-in-voluptate-velit-esse-cillum-dolore-eu-fugiat-nulla-pariatur-excepteur-sint-occaecat-proident.txt';
+
+describe('documents constants', () => {
+  // eslint-disable-next-line test/prefer-lowercase-title
+  describe('MULTIPART_FORM_DATA_SINGLE_FILE_CONTENT_LENGTH_OVERHEAD', () => {
+    test('when uploading a formdata multipart, the body has boundaries and other metadata, so the content length is greater than the file size', async () => {
+      const fileSize = 100;
+      const formData = new FormData();
+      formData.append('file', new File(['a'.repeat(fileSize)], unusuallyLongFileName, { type: 'text/plain' }));
+      const body = new Response(formData);
+      const contentLength = Buffer.from(await body.arrayBuffer()).length;
+
+      expect(contentLength).to.be.greaterThan(fileSize);
+      expect(contentLength).to.be.lessThan(fileSize + MULTIPART_FORM_DATA_SINGLE_FILE_CONTENT_LENGTH_OVERHEAD);
+    });
+  });
+});
--- a/apps/papra-server/src/modules/documents/documents.constants.ts
+++ b/apps/papra-server/src/modules/documents/documents.constants.ts
@@ -11,3 +11,6 @@ export const ORIGINAL_DOCUMENTS_STORAGE_KEY = 'originals';
 // import { ocrLanguages } from '@papra/lecture';
 // console.log(JSON.stringify(ocrLanguages));
 export const OCR_LANGUAGES = ['afr', 'amh', 'ara', 'asm', 'aze', 'aze_cyrl', 'bel', 'ben', 'bod', 'bos', 'bul', 'cat', 'ceb', 'ces', 'chi_sim', 'chi_tra', 'chr', 'cym', 'dan', 'deu', 'dzo', 'ell', 'eng', 'enm', 'epo', 'est', 'eus', 'fas', 'fin', 'fra', 'frk', 'frm', 'gle', 'glg', 'grc', 'guj', 'hat', 'heb', 'hin', 'hrv', 'hun', 'iku', 'ind', 'isl', 'ita', 'ita_old', 'jav', 'jpn', 'kan', 'kat', 'kat_old', 'kaz', 'khm', 'kir', 'kor', 'kur', 'lao', 'lat', 'lav', 'lit', 'mal', 'mar', 'mkd', 'mlt', 'msa', 'mya', 'nep', 'nld', 'nor', 'ori', 'pan', 'pol', 'por', 'pus', 'ron', 'rus', 'san', 'sin', 'slk', 'slv', 'spa', 'spa_old', 'sqi', 'srp', 'srp_latn', 'swa', 'swe', 'syr', 'tam', 'tel', 'tgk', 'tgl', 'tha', 'tir', 'tur', 'uig', 'ukr', 'urd', 'uzb', 'uzb_cyrl', 'vie', 'yid'] as const;
+
+// When uploading a formdata multipart, the body has boundaries and other metadata that need to be accounted for
+export const MULTIPART_FORM_DATA_SINGLE_FILE_CONTENT_LENGTH_OVERHEAD = 1024; // 1024 bytes
--- a/apps/papra-server/src/modules/documents/documents.routes.ts
+++ b/apps/papra-server/src/modules/documents/documents.routes.ts
@@ -13,7 +13,7 @@ import { deferTriggerWebhooks } from '../webhooks/webhook.usecases';
 import { createDocumentActivityRepository } from './document-activity/document-activity.repository';
 import { deferRegisterDocumentActivityLog } from './document-activity/document-activity.usecases';
 import { createDocumentIsNotDeletedError } from './documents.errors';
-import { formatDocumentForApi, formatDocumentsForApi } from './documents.models';
+import { formatDocumentForApi, formatDocumentsForApi, isDocumentSizeLimitEnabled } from './documents.models';
 import { createDocumentsRepository } from './documents.repository';
 import { documentIdSchema } from './documents.schemas';
 import { createDocumentCreationUsecase, deleteAllTrashDocuments, deleteTrashDocument, ensureDocumentExists, getDocumentOrThrow } from './documents.usecases';
@@ -34,6 +34,8 @@ export function registerDocumentsRoutes(context: RouteDefinitionContext) {
 }

 function setupCreateDocumentRoute({ app, ...deps }: RouteDefinitionContext) {
+  const { config } = deps;
+
  app.post(
    '/api/organizations/:organizationId/documents',
    requireAuthentication({ apiKeyPermissions: ['documents:create'] }),
@@ -44,9 +46,12 @@ function setupCreateDocumentRoute({ app, ...deps }: RouteDefinitionContext) {
      const { userId } = getUser({ context });
      const { organizationId } = context.req.valid('param');

+      const { maxUploadSize } = config.documentsStorage;
+
      const { fileStream, fileName, mimeType } = await getFileStreamFromMultipartForm({
        body: context.req.raw.body,
        headers: context.req.header(),
+        maxFileSize: isDocumentSizeLimitEnabled({ maxUploadSize }) ? maxUploadSize : undefined,
      });

      const createDocument = createDocumentCreationUsecase({ ...deps });
@@ -283,9 +288,13 @@ function setupGetDocumentFileRoute({ app, db, documentsStorageService }: RouteDe
        Readable.toWeb(fileStream),
        200,
        {
-          'Content-Type': document.mimeType,
-          'Content-Disposition': `inline; filename*=UTF-8''${encodeURIComponent(document.name)}`,
+          // Prevent XSS by serving the file as an octet-stream
+          'Content-Type': 'application/octet-stream',
+          // Always use attachment for defense in depth - client uses blob API anyway
+          'Content-Disposition': `attachment; filename*=UTF-8''${encodeURIComponent(document.name)}`,
          'Content-Length': String(document.originalSize),
+          'X-Content-Type-Options': 'nosniff',
+          'X-Frame-Options': 'DENY',
        },
      );
    },
--- a/apps/papra-server/src/modules/documents/documents.usecases.ts
+++ b/apps/papra-server/src/modules/documents/documents.usecases.ts
@@ -14,6 +14,8 @@ import type { DocumentsRepository } from './documents.repository';
 import type { Document } from './documents.types';
 import type { DocumentStorageService } from './storage/documents.storage.services';
 import type { EncryptionContext } from './storage/drivers/drivers.models';
+import { PassThrough } from 'node:stream';
+import { pipeline } from 'node:stream/promises';
 import { safely } from '@corentinth/chisels';
 import pLimit from 'p-limit';
 import { createOrganizationDocumentStorageLimitReachedError } from '../organizations/organizations.errors';
@@ -101,17 +103,27 @@ export async function createDocument({
    },
  });

-  const outputStream = fileStream
-    .pipe(hashStream)
-    .pipe(byteCountStream);
+  // Create a PassThrough stream that will be used for saving the file
+  // This allows us to use pipeline for better error handling
+  const outputStream = new PassThrough();
+
+  const streamProcessingPromise = pipeline(
+    fileStream,
+    hashStream,
+    byteCountStream,
+    outputStream,
+  );

  // We optimistically save the file to leverage streaming, if the file already exists, we will delete it
-  const newFileStorageContext = await documentsStorageService.saveFile({
+  const [newFileStorageContext] = await Promise.all([
+    documentsStorageService.saveFile({
      fileStream: outputStream,
      storageKey: originalDocumentStorageKey,
      mimeType,
      fileName,
-  });
+    }),
+    streamProcessingPromise,
+  ]);

  const hash = getHash();
  const size = getByteCount();
--- a/apps/papra-server/src/modules/documents/e2e/upload-documents.e2e.test.ts
+++ b/apps/papra-server/src/modules/documents/e2e/upload-documents.e2e.test.ts
@@ -127,5 +127,71 @@ describe('documents e2e', () => {
      // Ensure no file is saved in the storage
      expect(documentsStorageService._getStorage().size).to.eql(0);
    });
+
+    // https://github.com/papra-hq/papra/issues/519
+    test('uploading documents with various UTF-8 characters in filenames', async () => {
+      const { db } = await createInMemoryDatabase({
+        users: [{ id: 'usr_111111111111111111111111', email: 'user@example.com' }],
+        organizations: [{ id: 'org_222222222222222222222222', name: 'Org 1' }],
+        organizationMembers: [{ organizationId: 'org_222222222222222222222222', userId: 'usr_111111111111111111111111', role: ORGANIZATION_ROLES.OWNER }],
+      });
+
+      const { app } = await createServer({
+        db,
+        config: overrideConfig({
+          env: 'test',
+          documentsStorage: {
+            driver: 'in-memory',
+          },
+        }),
+      });
+
+      // Various UTF-8 characters that cause encoding issues
+      const testCases = [
+        { filename: 'ΒΕΒΑΙΩΣΗ ΧΑΡΕΣ.txt', content: 'Filename with Greek characters' },
+        { filename: 'résumé français.txt', content: 'French document' },
+        { filename: 'documento español.txt', content: 'Spanish document' },
+        { filename: '日本語ファイル.txt', content: 'Japanese document' },
+        { filename: 'файл на русском.txt', content: 'Russian document' },
+        { filename: 'émojis 🎉📄.txt', content: 'Document with emojis' },
+      ];
+
+      for (const testCase of testCases) {
+        const formData = new FormData();
+        formData.append('file', new File([testCase.content], testCase.filename, { type: 'text/plain' }));
+        const body = new Response(formData);
+
+        const createDocumentResponse = await app.request(
+          '/api/organizations/org_222222222222222222222222/documents',
+          {
+            method: 'POST',
+            headers: {
+              ...Object.fromEntries(body.headers.entries()),
+            },
+            body: await body.arrayBuffer(),
+          },
+          { loggedInUserId: 'usr_111111111111111111111111' },
+        );
+
+        expect(createDocumentResponse.status).to.eql(200);
+        const { document } = (await createDocumentResponse.json()) as { document: Document };
+
+        // Each filename should be preserved correctly
+        expect(document.name).to.eql(testCase.filename);
+        expect(document.originalName).to.eql(testCase.filename);
+
+        // Retrieve the document
+        const getDocumentResponse = await app.request(
+          `/api/organizations/org_222222222222222222222222/documents/${document.id}`,
+          { method: 'GET' },
+          { loggedInUserId: 'usr_111111111111111111111111' },
+        );
+
+        expect(getDocumentResponse.status).to.eql(200);
+        const { document: retrievedDocument } = (await getDocumentResponse.json()) as { document: Document };
+
+        expect(retrievedDocument).to.eql({ ...document, tags: [] });
+      }
+    });
  });
 });
--- a/apps/papra-server/src/modules/documents/storage/drivers/fs/fs.storage-driver.ts
+++ b/apps/papra-server/src/modules/documents/storage/drivers/fs/fs.storage-driver.ts
@@ -37,6 +37,14 @@ export const fsStorageDriverFactory = defineStorageDriver(({ documentStorageConf
        writeStream.on('error', (error) => {
          reject(error);
        });
+
+        // Listen for errors on the input stream as well
+        fileStream.on('error', (error) => {
+          // Clean up the write stream and file
+          writeStream.destroy();
+          fs.unlink(storagePath, () => {}); // Ignore errors when cleaning up
+          reject(error);
+        });
      });
    },
    getFileStream: async ({ storageKey }) => {
--- a/apps/papra-server/src/modules/documents/storage/drivers/s3/s3.storage-driver.ts
+++ b/apps/papra-server/src/modules/documents/storage/drivers/s3/s3.storage-driver.ts
@@ -3,6 +3,7 @@ import { DeleteObjectCommand, GetObjectCommand, HeadObjectCommand, S3Client } fr

 import { Upload } from '@aws-sdk/lib-storage';
 import { safely } from '@corentinth/chisels';
+import { isString } from '../../../../shared/utils';
 import { createFileNotFoundError } from '../../document-storage.errors';
 import { defineStorageDriver } from '../drivers.models';

@@ -12,7 +13,7 @@ function isS3NotFoundError(error: Error) {
  const codes = ['NoSuchKey', 'NotFound'];

  return codes.includes(error.name)
-    || ('Code' in error && typeof error.Code === 'string' && codes.includes(error.Code));
+    || ('Code' in error && isString(error.Code) && codes.includes(error.Code));
 }

 export const s3StorageDriverFactory = defineStorageDriver(({ documentStorageConfig }) => {
--- a/apps/papra-server/src/modules/ingestion-folders/ingestion-folders.config.ts
+++ b/apps/papra-server/src/modules/ingestion-folders/ingestion-folders.config.ts
@@ -1,6 +1,7 @@
 import type { ConfigDefinition } from 'figue';
 import { z } from 'zod';
 import { booleanishSchema } from '../config/config.schemas';
+import { isString } from '../shared/utils';
 import { defaultIgnoredPatterns } from './ingestion-folders.constants';

 export const ingestionFolderConfig = {
@@ -61,7 +62,7 @@ export const ingestionFolderConfig = {
    schema: z.union([
      z.string(),
      z.array(z.string()),
-    ]).transform(value => (typeof value === 'string' ? value.split(',') : value)),
+    ]).transform(value => (isString(value) ? value.split(',') : value)),
    default: defaultIgnoredPatterns,
    env: 'INGESTION_FOLDER_IGNORED_PATTERNS',
  },
--- a/apps/papra-server/src/modules/intake-emails/drivers/random-username/random-username.intake-email-driver.config.ts
+++ b/apps/papra-server/src/modules/intake-emails/drivers/random-username/random-username.intake-email-driver.config.ts
@@ -1,11 +1,12 @@
 import type { ConfigDefinition } from 'figue';
+
 import { z } from 'zod';

-export const randomUsernameIntakeEmailDriverConfig = {
+export const catchAllIntakeEmailDriverConfig = {
  domain: {
-    doc: 'The domain to use when generating email addresses for intake emails when using the random username driver',
+    doc: 'The domain to use when generating email addresses for intake emails when using the `catch-all` driver',
    schema: z.string(),
-    default: 'papra.email',
-    env: 'INTAKE_EMAILS_EMAIL_GENERATION_DOMAIN',
+    default: 'papra.local',
+    env: 'INTAKE_EMAILS_CATCH_ALL_DOMAIN',
  },
 } as const satisfies ConfigDefinition;
--- a/apps/papra-server/src/modules/intake-emails/drivers/catch-all/catch-all.intake-email-driver.ts
+++ b/apps/papra-server/src/modules/intake-emails/drivers/catch-all/catch-all.intake-email-driver.ts
@@ -0,0 +1,20 @@
+import { buildEmailAddress } from '../../intake-emails.models';
+import { defineIntakeEmailDriver } from '../intake-emails.drivers.models';
+
+export const CATCH_ALL_INTAKE_EMAIL_DRIVER_NAME = 'catch-all';
+
+// This driver is used when no external service is used to manage the email addresses
+// like for example when using a catch-all domain
+export const catchAllIntakeEmailDriverFactory = defineIntakeEmailDriver(({ config }) => {
+  const { domain } = config.intakeEmails.drivers.catchAll;
+
+  return {
+    name: CATCH_ALL_INTAKE_EMAIL_DRIVER_NAME,
+    createEmailAddress: async ({ username }) => {
+      const emailAddress = buildEmailAddress({ username, domain });
+
+      return { emailAddress };
+    },
+    deleteEmailAddress: async () => {},
+  };
+});
--- a/apps/papra-server/src/modules/intake-emails/drivers/intake-emails.drivers.models.ts
+++ b/apps/papra-server/src/modules/intake-emails/drivers/intake-emails.drivers.models.ts
@@ -2,8 +2,8 @@ import type { Config } from '../../config/config.types';

 export type IntakeEmailsServices = {
  name: string;
-  generateEmailAddress: () => Promise<{ emailAddress: string }>;
-  deleteEmailAddress: ({ emailAddress }: { emailAddress: string }) => Promise<void>;
+  createEmailAddress: (args: { username: string }) => Promise<{ emailAddress: string }>;
+  deleteEmailAddress: (args: { emailAddress: string }) => Promise<void>;
 };

 export type IntakeEmailDriverFactory = (args: { config: Config }) => IntakeEmailsServices;
--- a/apps/papra-server/src/modules/intake-emails/drivers/intake-emails.drivers.ts
+++ b/apps/papra-server/src/modules/intake-emails/drivers/intake-emails.drivers.ts
@@ -1,9 +1,9 @@
+import { CATCH_ALL_INTAKE_EMAIL_DRIVER_NAME, catchAllIntakeEmailDriverFactory } from './catch-all/catch-all.intake-email-driver';
 import { OWLRELAY_INTAKE_EMAIL_DRIVER_NAME, owlrelayIntakeEmailDriverFactory } from './owlrelay/owlrelay.intake-email-driver';
-import { RANDOM_USERNAME_INTAKE_EMAIL_DRIVER_NAME, randomUsernameIntakeEmailDriverFactory } from './random-username/random-username.intake-email-driver';

 export const intakeEmailDrivers = {
-  [RANDOM_USERNAME_INTAKE_EMAIL_DRIVER_NAME]: randomUsernameIntakeEmailDriverFactory,
  [OWLRELAY_INTAKE_EMAIL_DRIVER_NAME]: owlrelayIntakeEmailDriverFactory,
+  [CATCH_ALL_INTAKE_EMAIL_DRIVER_NAME]: catchAllIntakeEmailDriverFactory,
 } as const;

 export type IntakeEmailDriverName = keyof typeof intakeEmailDrivers;
--- a/apps/papra-server/src/modules/intake-emails/drivers/owlrelay/owlrelay.intake-email-driver.config.ts
+++ b/apps/papra-server/src/modules/intake-emails/drivers/owlrelay/owlrelay.intake-email-driver.config.ts
@@ -15,4 +15,10 @@ export const owlrelayIntakeEmailDriverConfig = {
    default: undefined,
    env: 'OWLRELAY_WEBHOOK_URL',
  },
+  domain: {
+    doc: 'The domain to use when generating email addresses for intake emails with OwlRelay, if not provided, the OwlRelay will use their default domain',
+    schema: z.string().optional(), // TODO: check valid hostname
+    default: undefined,
+    env: 'OWLRELAY_DOMAIN',
+  },
 } as const satisfies ConfigDefinition;
--- a/apps/papra-server/src/modules/intake-emails/drivers/owlrelay/owlrelay.intake-email-driver.ts
+++ b/apps/papra-server/src/modules/intake-emails/drivers/owlrelay/owlrelay.intake-email-driver.ts
@@ -1,7 +1,7 @@
 import { buildUrl, safely } from '@corentinth/chisels';
-import { generateId as generateHumanReadableId } from '@corentinth/friendly-ids';
 import { createClient } from '@owlrelay/api-sdk';
 import { getServerBaseUrl } from '../../../config/config.models';
+import { createError } from '../../../shared/errors/errors';
 import { createLogger } from '../../../shared/logger/logger';
 import { INTAKE_EMAILS_INGEST_ROUTE } from '../../intake-emails.constants';
 import { buildEmailAddress } from '../../intake-emails.models';
@@ -14,24 +14,35 @@ const logger = createLogger({ namespace: 'intake-emails.drivers.owlrelay' });
 export const owlrelayIntakeEmailDriverFactory = defineIntakeEmailDriver(({ config }) => {
  const { serverBaseUrl } = getServerBaseUrl({ config });
  const { webhookSecret } = config.intakeEmails;
-  const { owlrelayApiKey, webhookUrl: configuredWebhookUrl } = config.intakeEmails.drivers.owlrelay;
+  const { owlrelayApiKey, webhookUrl: configuredWebhookUrl, domain } = config.intakeEmails.drivers.owlrelay;

-  const client = createClient({
-    apiKey: owlrelayApiKey,
-  });
+  const client = createClient({ apiKey: owlrelayApiKey });

  const webhookUrl = configuredWebhookUrl ?? buildUrl({ baseUrl: serverBaseUrl, path: INTAKE_EMAILS_INGEST_ROUTE });

  return {
    name: OWLRELAY_INTAKE_EMAIL_DRIVER_NAME,
-    generateEmailAddress: async () => {
-      const { domain, username, id: owlrelayEmailId } = await client.createEmail({
-        username: generateHumanReadableId(),
+    createEmailAddress: async ({ username }) => {
+      const [result, error] = await safely(client.createEmail({
+        username,
        webhookUrl,
        webhookSecret,
-      });
+        domain,
+      }));

-      const emailAddress = buildEmailAddress({ username, domain });
+      if (error) {
+        logger.error({ error, username }, 'Failed to create email address in OwlRelay');
+
+        throw createError({
+          code: 'intake_emails.create_email_address_failed',
+          message: 'Failed to create email address in OwlRelay',
+          statusCode: 500,
+          isInternal: true,
+        });
+      }
+
+      const { id: owlrelayEmailId, username: createdAddressUsername, domain: createdAddressDomain } = result;
+      const emailAddress = buildEmailAddress({ username: createdAddressUsername, domain: createdAddressDomain });

      logger.info({ emailAddress, owlrelayEmailId }, 'Created email address in OwlRelay');

--- a/apps/papra-server/src/modules/intake-emails/drivers/random-username/random-username.intake-email-driver.ts
+++ b/apps/papra-server/src/modules/intake-emails/drivers/random-username/random-username.intake-email-driver.ts
@@ -1,21 +0,0 @@
-import { generateId as generateHumanReadableId } from '@corentinth/friendly-ids';
-import { defineIntakeEmailDriver } from '../intake-emails.drivers.models';
-
-export const RANDOM_USERNAME_INTAKE_EMAIL_DRIVER_NAME = 'random-username';
-
-export const randomUsernameIntakeEmailDriverFactory = defineIntakeEmailDriver(({ config }) => {
-  const { domain } = config.intakeEmails.drivers.randomUsername;
-
-  return {
-    name: RANDOM_USERNAME_INTAKE_EMAIL_DRIVER_NAME,
-    generateEmailAddress: async () => {
-      const randomUsername = generateHumanReadableId();
-
-      return {
-        emailAddress: `${randomUsername}@${domain}`,
-      };
-    },
-    // Deletion functionality is not required for this driver
-    deleteEmailAddress: async () => {},
-  };
-});
--- a/apps/papra-server/src/modules/intake-emails/intake-emails.config.ts
+++ b/apps/papra-server/src/modules/intake-emails/intake-emails.config.ts
@@ -1,10 +1,11 @@
 import type { ConfigDefinition } from 'figue';
 import { z } from 'zod';
 import { booleanishSchema } from '../config/config.schemas';
+import { CATCH_ALL_INTAKE_EMAIL_DRIVER_NAME } from './drivers/catch-all/catch-all.intake-email-driver';
+import { catchAllIntakeEmailDriverConfig } from './drivers/catch-all/catch-all.intake-email-driver.config';
 import { intakeEmailDrivers } from './drivers/intake-emails.drivers';
 import { owlrelayIntakeEmailDriverConfig } from './drivers/owlrelay/owlrelay.intake-email-driver.config';
-import { RANDOM_USERNAME_INTAKE_EMAIL_DRIVER_NAME } from './drivers/random-username/random-username.intake-email-driver';
-import { randomUsernameIntakeEmailDriverConfig } from './drivers/random-username/random-username.intake-email-driver.config';
+import { intakeEmailUsernameConfig } from './username-drivers/intake-email-username.config';

 export const intakeEmailsConfig = {
  isEnabled: {
@@ -13,20 +14,21 @@ export const intakeEmailsConfig = {
    default: false,
    env: 'INTAKE_EMAILS_IS_ENABLED',
  },
-  driver: {
-    doc: `The driver to use when generating email addresses for intake emails, value can be one of: ${Object.keys(intakeEmailDrivers).map(x => `\`${x}\``).join(', ')}`,
-    schema: z.enum(Object.keys(intakeEmailDrivers) as [string, ...string[]]),
-    default: RANDOM_USERNAME_INTAKE_EMAIL_DRIVER_NAME,
-    env: 'INTAKE_EMAILS_DRIVER',
-  },
  webhookSecret: {
    doc: 'The secret to use when verifying webhooks',
    schema: z.string(),
    default: 'change-me',
    env: 'INTAKE_EMAILS_WEBHOOK_SECRET',
  },
-  drivers: {
-    randomUsername: randomUsernameIntakeEmailDriverConfig,
-    owlrelay: owlrelayIntakeEmailDriverConfig,
+  driver: {
+    doc: `The driver to use when generating email addresses for intake emails, value can be one of: ${Object.keys(intakeEmailDrivers).map(x => `\`${x}\``).join(', ')}.`,
+    schema: z.enum(Object.keys(intakeEmailDrivers) as [string, ...string[]]),
+    default: CATCH_ALL_INTAKE_EMAIL_DRIVER_NAME,
+    env: 'INTAKE_EMAILS_DRIVER',
  },
+  drivers: {
+    owlrelay: owlrelayIntakeEmailDriverConfig,
+    catchAll: catchAllIntakeEmailDriverConfig,
+  },
+  username: intakeEmailUsernameConfig,
 } as const satisfies ConfigDefinition;
--- a/apps/papra-server/src/modules/intake-emails/intake-emails.errors.ts
+++ b/apps/papra-server/src/modules/intake-emails/intake-emails.errors.ts
@@ -11,3 +11,9 @@ export const createIntakeEmailNotFoundError = createErrorFactory({
  code: 'intake_email.not_found',
  statusCode: 404,
 });
+
+export const createIntakeEmailAlreadyExistsError = createErrorFactory({
+  message: 'Intake email already exists',
+  code: 'intake_email.already_exists',
+  statusCode: 400,
+});
--- a/apps/papra-server/src/modules/intake-emails/intake-emails.models.ts
+++ b/apps/papra-server/src/modules/intake-emails/intake-emails.models.ts
@@ -27,6 +27,14 @@ export function parseEmailAddress({ email }: { email: string }) {
  const [username, ...plusParts] = fullUsername.split('+');
  const plusPart = plusParts.length > 0 ? plusParts.join('+') : undefined;

+  if (isNil(username)) {
+    throw createError({
+      message: 'Badly formatted email address',
+      code: 'intake_emails.badly_formatted_email_address',
+      statusCode: 400,
+    });
+  }
+
  return { username, domain, plusPart };
 }

--- a/apps/papra-server/src/modules/intake-emails/intake-emails.repository.ts
+++ b/apps/papra-server/src/modules/intake-emails/intake-emails.repository.ts
@@ -1,9 +1,10 @@
 import type { Database } from '../app/database/database.types';
-import { injectArguments } from '@corentinth/chisels';
+import { injectArguments, safely } from '@corentinth/chisels';
 import { and, count, eq } from 'drizzle-orm';
+import { isUniqueConstraintError } from '../shared/db/constraints.models';
 import { createError } from '../shared/errors/errors';
 import { omitUndefined } from '../shared/utils';
-import { createIntakeEmailNotFoundError } from './intake-emails.errors';
+import { createIntakeEmailAlreadyExistsError, createIntakeEmailNotFoundError } from './intake-emails.errors';
 import { intakeEmailsTable } from './intake-emails.tables';

 export type IntakeEmailsRepository = ReturnType<typeof createIntakeEmailsRepository>;
@@ -24,7 +25,17 @@ export function createIntakeEmailsRepository({ db }: { db: Database }) {
 }

 async function createIntakeEmail({ organizationId, emailAddress, db }: { organizationId: string; emailAddress: string; db: Database }) {
-  const [intakeEmail] = await db.insert(intakeEmailsTable).values({ organizationId, emailAddress }).returning();
+  const [result, error] = await safely(db.insert(intakeEmailsTable).values({ organizationId, emailAddress }).returning());
+
+  if (isUniqueConstraintError({ error })) {
+    throw createIntakeEmailAlreadyExistsError();
+  }
+
+  if (error) {
+    throw error;
+  }
+
+  const [intakeEmail] = result;

  if (!intakeEmail) {
    // Very unlikely to happen as the insertion should throw an issue, it's for type safety
--- a/apps/papra-server/src/modules/intake-emails/intake-emails.routes.ts
+++ b/apps/papra-server/src/modules/intake-emails/intake-emails.routes.ts
@@ -15,11 +15,13 @@ import { createLogger } from '../shared/logger/logger';
 import { isNil } from '../shared/utils';
 import { validateFormData, validateJsonBody, validateParams } from '../shared/validation/validation';
 import { createSubscriptionsRepository } from '../subscriptions/subscriptions.repository';
+import { createUsersRepository } from '../users/users.repository';
 import { INTAKE_EMAILS_INGEST_ROUTE } from './intake-emails.constants';
 import { createIntakeEmailsRepository } from './intake-emails.repository';
 import { allowedOriginsSchema, intakeEmailIdSchema, intakeEmailsIngestionMetaSchema, parseJson } from './intake-emails.schemas';
 import { createIntakeEmailsServices } from './intake-emails.services';
 import { createIntakeEmail, deleteIntakeEmail, processIntakeEmailIngestion } from './intake-emails.usecases';
+import { createIntakeEmailUsernameServices } from './username-drivers/intake-email-username.services';

 const logger = createLogger({ namespace: 'intake-emails.routes' });

@@ -65,20 +67,24 @@ function setupCreateIntakeEmailRoute({ app, db, config }: RouteDefinitionContext
      const { userId } = getUser({ context });
      const { organizationId } = context.req.valid('param');

+      const usersRepository = createUsersRepository({ db });
      const organizationsRepository = createOrganizationsRepository({ db });
      const intakeEmailsRepository = createIntakeEmailsRepository({ db });
      const intakeEmailsServices = createIntakeEmailsServices({ config });
      const plansRepository = createPlansRepository({ config });
      const subscriptionsRepository = createSubscriptionsRepository({ db });
+      const intakeEmailUsernameServices = createIntakeEmailUsernameServices({ config, usersRepository, organizationsRepository });

      await ensureUserIsInOrganization({ userId, organizationId, organizationsRepository });

      const { intakeEmail } = await createIntakeEmail({
+        userId,
        organizationId,
        intakeEmailsRepository,
        intakeEmailsServices,
        plansRepository,
        subscriptionsRepository,
+        intakeEmailUsernameServices,
      });

      return context.json({ intakeEmail });
--- a/apps/papra-server/src/modules/intake-emails/intake-emails.usecases.ts
+++ b/apps/papra-server/src/modules/intake-emails/intake-emails.usecases.ts
@@ -4,6 +4,7 @@ import type { Logger } from '../shared/logger/logger';
 import type { SubscriptionsRepository } from '../subscriptions/subscriptions.repository';
 import type { IntakeEmailsServices } from './drivers/intake-emails.drivers.models';
 import type { IntakeEmailsRepository } from './intake-emails.repository';
+import type { IntakeEmailUsernameServices } from './username-drivers/intake-email-username.services';
 import { safely } from '@corentinth/chisels';
 import { getOrganizationPlan } from '../plans/plans.usecases';
 import { addLogContext, createLogger } from '../shared/logger/logger';
@@ -12,17 +13,21 @@ import { createIntakeEmailLimitReachedError, createIntakeEmailNotFoundError } fr
 import { getIsFromAllowedOrigin } from './intake-emails.models';

 export async function createIntakeEmail({
+  userId,
  organizationId,
  intakeEmailsRepository,
  intakeEmailsServices,
  plansRepository,
  subscriptionsRepository,
+  intakeEmailUsernameServices,
 }: {
+  userId: string;
  organizationId: string;
  intakeEmailsRepository: IntakeEmailsRepository;
  intakeEmailsServices: IntakeEmailsServices;
  plansRepository: PlansRepository;
  subscriptionsRepository: SubscriptionsRepository;
+  intakeEmailUsernameServices: IntakeEmailUsernameServices;
 }) {
  await checkIfOrganizationCanCreateNewIntakeEmail({
    organizationId,
@@ -31,7 +36,9 @@ export async function createIntakeEmail({
    intakeEmailsRepository,
  });

-  const { emailAddress } = await intakeEmailsServices.generateEmailAddress();
+  const { username } = await intakeEmailUsernameServices.generateIntakeEmailUsername({ userId, organizationId });
+
+  const { emailAddress } = await intakeEmailsServices.createEmailAddress({ username });

  const { intakeEmail } = await intakeEmailsRepository.createIntakeEmail({ organizationId, emailAddress });

--- a/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.config.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.config.ts
@@ -0,0 +1,17 @@
+import type { ConfigDefinition } from 'figue';
+import { z } from 'zod';
+import { intakeEmailUsernameDrivers } from './intake-email-username.drivers';
+import { patternIntakeEmailDriverConfig } from './pattern/pattern.intake-email-username-driver.config';
+import { RANDOM_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME } from './random/random.intake-email-username-driver';
+
+export const intakeEmailUsernameConfig = {
+  driver: {
+    doc: `The driver to use when generating email addresses for intake emails, value can be one of: ${Object.keys(intakeEmailUsernameDrivers).map(x => `\`${x}\``).join(', ')}`,
+    schema: z.enum(Object.keys(intakeEmailUsernameDrivers) as [string, ...string[]]),
+    default: RANDOM_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME,
+    env: 'INTAKE_EMAILS_USERNAME_DRIVER',
+  },
+  drivers: {
+    pattern: patternIntakeEmailDriverConfig,
+  },
+} as const satisfies ConfigDefinition;
--- a/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.drivers.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.drivers.ts
@@ -0,0 +1,10 @@
+import { patternIntakeEmailUsernameDriverFactory } from './pattern/pattern.intake-email-username-driver';
+import { PATTERN_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME } from './pattern/pattern.intake-email-username-driver.config';
+import { RANDOM_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME, randomIntakeEmailUsernameDriverFactory } from './random/random.intake-email-username-driver';
+
+export const intakeEmailUsernameDrivers = {
+  [RANDOM_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME]: randomIntakeEmailUsernameDriverFactory,
+  [PATTERN_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME]: patternIntakeEmailUsernameDriverFactory,
+} as const;
+
+export type IntakeEmailUsernameDriverName = keyof typeof intakeEmailUsernameDrivers;
--- a/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.models.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.models.ts
@@ -0,0 +1,20 @@
+import type { Logger } from '@crowlog/logger';
+import type { Config } from '../../config/config.types';
+import type { OrganizationsRepository } from '../../organizations/organizations.repository';
+import type { UsersRepository } from '../../users/users.repository';
+
+export type IntakeEmailUsernameDriver = {
+  name: string;
+  generateIntakeEmailUsername: (args: { userId: string; organizationId: string }) => Promise<{ username: string }>;
+};
+
+export type IntakeEmailUsernameDriverFactory = (args: {
+  config: Config;
+  logger?: Logger;
+  usersRepository: UsersRepository;
+  organizationsRepository: OrganizationsRepository;
+}) => IntakeEmailUsernameDriver;
+
+export function defineIntakeEmailUsernameDriverFactory(factory: IntakeEmailUsernameDriverFactory) {
+  return factory;
+}
--- a/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.services.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/intake-email-username.services.ts
@@ -0,0 +1,35 @@
+import type { Config } from '../../config/config.types';
+import type { OrganizationsRepository } from '../../organizations/organizations.repository';
+import type { UsersRepository } from '../../users/users.repository';
+import type { IntakeEmailUsernameDriverName } from './intake-email-username.drivers';
+import type { IntakeEmailUsernameDriver, IntakeEmailUsernameDriverFactory } from './intake-email-username.models';
+import { createError } from '../../shared/errors/errors';
+import { isNil } from '../../shared/utils';
+import { intakeEmailUsernameDrivers } from './intake-email-username.drivers';
+
+export type IntakeEmailUsernameServices = IntakeEmailUsernameDriver;
+
+export function createIntakeEmailUsernameServices({
+  config,
+  ...dependencies
+}: {
+  config: Config;
+  usersRepository: UsersRepository;
+  organizationsRepository: OrganizationsRepository;
+}) {
+  const { driver } = config.intakeEmails.username;
+  const intakeEmailUsernameDriver: IntakeEmailUsernameDriverFactory | undefined = intakeEmailUsernameDrivers[driver as IntakeEmailUsernameDriverName];
+
+  if (isNil(intakeEmailUsernameDriver)) {
+    throw createError({
+      message: `Invalid intake email addresses driver ${driver}`,
+      code: 'intake-emails.addresses.invalid_driver',
+      statusCode: 500,
+      isInternal: true,
+    });
+  }
+
+  const intakeEmailUsernameServices = intakeEmailUsernameDriver({ config, ...dependencies });
+
+  return intakeEmailUsernameServices;
+}
--- a/apps/papra-server/src/modules/intake-emails/username-drivers/pattern/pattern.intake-email-username-driver.config.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/pattern/pattern.intake-email-username-driver.config.ts
@@ -0,0 +1,15 @@
+import type { ConfigDefinition } from 'figue';
+
+import { z } from 'zod';
+import { PATTERNS_PLACEHOLDERS } from './pattern.intake-email-username-driver.constants';
+
+export const PATTERN_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME = 'pattern';
+
+export const patternIntakeEmailDriverConfig = {
+  pattern: {
+    doc: `The pattern to use when generating email addresses usernames (before the @) for intake emails. Available placeholders are: ${Object.values(PATTERNS_PLACEHOLDERS).join(', ')}. Note: the resulting username will be slugified to remove special characters and spaces.`,
+    schema: z.string(),
+    default: `${PATTERNS_PLACEHOLDERS.USER_NAME}-${PATTERNS_PLACEHOLDERS.RANDOM_DIGITS}`,
+    env: 'INTAKE_EMAILS_USERNAME_DRIVER_PATTERN',
+  },
+} as const satisfies ConfigDefinition;
--- a/apps/papra-server/src/modules/intake-emails/username-drivers/pattern/pattern.intake-email-username-driver.constants.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/pattern/pattern.intake-email-username-driver.constants.ts
@@ -0,0 +1,8 @@
+export const PATTERNS_PLACEHOLDERS = {
+  USER_NAME: '{{user.name}}',
+  USER_ID: '{{user.id}}',
+  USER_EMAIL_USERNAME: '{{user.email.username}}',
+  ORGANIZATION_ID: '{{organization.id}}',
+  ORGANIZATION_NAME: '{{organization.name}}',
+  RANDOM_DIGITS: '{{random.digits}}',
+} as const;
--- a/apps/papra-server/src/modules/intake-emails/username-drivers/pattern/pattern.intake-email-username-driver.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/pattern/pattern.intake-email-username-driver.ts
@@ -0,0 +1,52 @@
+import slugify from '@sindresorhus/slugify';
+import { createError } from '../../../shared/errors/errors';
+import { createLogger } from '../../../shared/logger/logger';
+import { isNil } from '../../../shared/utils';
+import { parseEmailAddress } from '../../intake-emails.models';
+import { defineIntakeEmailUsernameDriverFactory } from '../intake-email-username.models';
+import { PATTERN_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME } from './pattern.intake-email-username-driver.config';
+import { PATTERNS_PLACEHOLDERS } from './pattern.intake-email-username-driver.constants';
+
+export const patternIntakeEmailUsernameDriverFactory = defineIntakeEmailUsernameDriverFactory(({
+  logger = createLogger({ namespace: 'intake-emails.addresses-drivers.pattern' }),
+  config,
+  usersRepository,
+  organizationsRepository,
+}) => {
+  const { pattern } = config.intakeEmails.username.drivers.pattern;
+
+  return {
+    name: PATTERN_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME,
+    generateIntakeEmailUsername: async ({ userId, organizationId }) => {
+      const [{ user }, { organization }] = await Promise.all([
+        usersRepository.getUserById({ userId }),
+        organizationsRepository.getOrganizationById({ organizationId }),
+      ]);
+
+      if (isNil(user) || isNil(organization)) {
+        // Should not really happen, there is a check on the routes handlers
+        throw createError({
+          message: 'User or organization not found',
+          code: 'intake-emails.addresses.user_or_organization_not_found',
+          statusCode: 404,
+        });
+      }
+
+      const { username: userEmailUsername } = parseEmailAddress({ email: user.email });
+
+      const rawUsername = pattern
+        .replaceAll(PATTERNS_PLACEHOLDERS.USER_NAME, user.name ?? '')
+        .replaceAll(PATTERNS_PLACEHOLDERS.USER_ID, user.id)
+        .replaceAll(PATTERNS_PLACEHOLDERS.USER_EMAIL_USERNAME, userEmailUsername)
+        .replaceAll(PATTERNS_PLACEHOLDERS.ORGANIZATION_ID, organization.id)
+        .replaceAll(PATTERNS_PLACEHOLDERS.ORGANIZATION_NAME, organization.name)
+        .replaceAll(PATTERNS_PLACEHOLDERS.RANDOM_DIGITS, () => Math.floor(Math.random() * 10000).toString());
+
+      const username = slugify(rawUsername);
+
+      logger.debug({ rawUsername, username, pattern, userId, organizationId }, 'Generated email address');
+
+      return { username };
+    },
+  };
+});
--- a/apps/papra-server/src/modules/intake-emails/username-drivers/random/random.intake-email-username-driver.ts
+++ b/apps/papra-server/src/modules/intake-emails/username-drivers/random/random.intake-email-username-driver.ts
@@ -0,0 +1,18 @@
+import { generateId as generateHumanReadableId } from '@corentinth/friendly-ids';
+import { createLogger } from '../../../shared/logger/logger';
+import { defineIntakeEmailUsernameDriverFactory } from '../intake-email-username.models';
+
+export const RANDOM_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME = 'random';
+
+export const randomIntakeEmailUsernameDriverFactory = defineIntakeEmailUsernameDriverFactory(({ logger = createLogger({ namespace: 'intake-emails.addresses-drivers.random' }) }) => {
+  return {
+    name: RANDOM_INTAKE_EMAIL_ADDRESSES_DRIVER_NAME,
+    generateIntakeEmailUsername: async () => {
+      const username = generateHumanReadableId();
+
+      logger.debug({ username }, 'Generated email address');
+
+      return { username };
+    },
+  };
+});
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Corentin Thomasset	9b5f3993c3	chore(release): update versions (#518 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-09-30 11:51:10 +02:00
Corentin Thomasset	b28772317c	fix(file-upload): set default parameter charset to utf8 (#521 )	2025-09-29 21:20:43 +02:00
Corentin Thomasset	a3f9f05c66	feat(organizations): restrict organization deletion to owners only (#517 )	2025-09-26 01:49:59 +02:00
Corentin Thomasset	0616635cd6	chore(release): update versions (#509 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-09-24 17:00:01 +02:00
Corentin Thomasset	9e7a3ba70b	chore(version): update version bump for api keys permissions changes (#516 )	2025-09-24 16:49:11 +02:00
Corentin Thomasset	04990b986e	docs(api-endpoints): added explications on how to use api keys (#515 )	2025-09-24 14:41:14 +00:00
Corentin Thomasset	097b6bf2b7	feat(api-keys): added format check for api tokens to avoid unnecessary db call (#514 )	2025-09-24 14:32:34 +00:00
Corentin Thomasset	cb3ce6b1d8	feat(api-keys): add organization permissions for api keys (#512 )	2025-09-24 15:25:48 +02:00
Corentin Thomasset	405ba645f6	feat(docker): disable Better Auth telemetry in Dockerfiles (#511 )	2025-09-21 20:56:43 +00:00
Corentin Thomasset	ab6fd6ad10	feat(tasks): update figue to allow for fallback task worker ids env variables (#510 )	2025-09-21 22:53:04 +02:00
Corentin Thomasset	782f70ff66	feat(tasks): add option to disable PRAGMA statements in migrations (#508 )	2025-09-20 22:07:34 +00:00
Corentin Thomasset	1abbf18e94	chore(release): update versions (#505 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-09-20 14:59:01 +02:00
Corentin Thomasset	6bcb2a71e9	feat(intake-emails): add intake email username pattern config (#506 ) Co-authored-by: Alexander <goldengamerlp@users.noreply.github.com>	2025-09-19 20:37:25 +02:00
Corentin Thomasset	936bc2bd0a	refactor(intake-emails): split username creation from addresses management (#504 )	2025-09-18 01:59:29 +02:00
Corentin Thomasset	2efe7321cd	chore(release): update versions (#494 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-09-14 11:31:31 +02:00
Corentin Thomasset	947bdf8385	docs(CONTRIBUTING): add IDE setup instructions for ESLint in VS Code (#502 ) * docs(CONTRIBUTING): add IDE setup instructions for ESLint in VS Code * Update CONTRIBUTING.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-09-14 09:18:37 +00:00
Corentin Thomasset	b5bf0cca4b	fix(upload): disable client size guard when maxUploadSize <= 0 (#501 )	2025-09-14 10:44:29 +02:00
Corentin Thomasset	208a561668	feat(tasks): added libsql task service driver (#500 )	2025-09-13 22:42:08 +02:00
Corentin Thomasset	40cb1d71d5	fix(documents): enhance file fetching security by setting appropriate headers (#499 )	2025-09-13 15:46:34 +02:00
Corentin Thomasset	3da13f7591	refactor(document-page): remove "open in new tab" button (#498 )	2025-09-13 15:29:51 +02:00
Corentin Thomasset	2a444aad31	chore(tests): set timezone in vitest configurations (#497 )	2025-09-13 09:25:40 +00:00
Corentin Thomasset	47d8bbd356	refactor(utils): added isString and isNonEmptyString utility functions (#495 )	2025-09-12 22:22:01 +02:00
Corentin Thomasset	ed4d7e4a00	fix(folder-ingestion): allow cross docker volume file moving (#493 )	2025-09-10 22:48:56 +02:00
Corentin Thomasset	f382397c0e	chore(release): update versions (#489 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-09-10 15:38:36 +02:00
Corentin Thomasset	54514e15db	fix(translations): update error messages for file size limits across multiple languages (#492 )	2025-09-10 15:35:34 +02:00
Corentin Thomasset	bb9d5556d3	fix(upload): properly handle file-too-big errors (#491 )	2025-09-10 14:57:46 +02:00
Corentin Thomasset	83e943c5b4	refactor(client): update favicons (#488 )	2025-09-09 23:30:27 +02:00