feat(policy): support unlimited values in user policies and box expiry

- Update user policy and user update handlers to accept -1 as an unlimited value for MaxDays, DailyBoxes, ActiveBoxes, and ShortWindowRequests.
- Introduce `optionalIntAllowUnlimited` helper and update `optionalMBAllowZero` to support -1.
- Use `boxExpiryLabel` helper across admin, dashboard, and download handlers to properly format expiration dates, supporting boxes that never expire.

backend/libs/services/auth.go

@@ -862,20 +862,20 @@ func validateUserPolicy(policy UserPolicy) error {
 	if policy.DailyUploadMB != nil && ((*policy.DailyUploadMB < 0 && *policy.DailyUploadMB != -1) || *policy.DailyUploadMB == 0) {
 		return fmt.Errorf("daily upload override must be positive or -1 for unlimited")
 	}
-	if policy.StorageQuotaMB != nil && *policy.StorageQuotaMB < 0 {
-		return fmt.Errorf("storage quota override cannot be negative")
+	if policy.StorageQuotaMB != nil && *policy.StorageQuotaMB < 0 && *policy.StorageQuotaMB != -1 {
+		return fmt.Errorf("storage quota override must be 0/positive or -1 for unlimited")
 	}
-	if policy.MaxDays != nil && *policy.MaxDays <= 0 {
-		return fmt.Errorf("expiration override must be positive")
+	if policy.MaxDays != nil && *policy.MaxDays <= 0 && *policy.MaxDays != -1 {
+		return fmt.Errorf("expiration override must be positive or -1 for unlimited")
 	}
-	if policy.DailyBoxes != nil && *policy.DailyBoxes <= 0 {
-		return fmt.Errorf("daily box override must be positive")
+	if policy.DailyBoxes != nil && *policy.DailyBoxes <= 0 && *policy.DailyBoxes != -1 {
+		return fmt.Errorf("daily box override must be positive or -1 for unlimited")
 	}
-	if policy.ActiveBoxes != nil && *policy.ActiveBoxes <= 0 {
-		return fmt.Errorf("active box override must be positive")
+	if policy.ActiveBoxes != nil && *policy.ActiveBoxes <= 0 && *policy.ActiveBoxes != -1 {
+		return fmt.Errorf("active box override must be positive or -1 for unlimited")
 	}
-	if policy.ShortWindowRequests != nil && *policy.ShortWindowRequests <= 0 {
-		return fmt.Errorf("short-window request override must be positive")
+	if policy.ShortWindowRequests != nil && *policy.ShortWindowRequests <= 0 && *policy.ShortWindowRequests != -1 {
+		return fmt.Errorf("short-window request override must be positive or -1 for unlimited")
 	}
 	return nil
 }

backend/libs/services/upload.go

@@ -198,14 +198,21 @@ func (s *UploadService) CreateBox(files []*multipart.FileHeader, opts UploadOpti
 	if len(files) == 0 {
 		return UploadResult{}, fmt.Errorf("no files were uploaded")
 	}
-	if opts.MaxDays <= 0 {
-		opts.MaxDays = 7
-	}
-
 	now := time.Now().UTC()
-	expiresAt := now.Add(time.Duration(opts.MaxDays) * 24 * time.Hour)
-	if opts.ExpiresInMinutes > 0 {
+	var expiresAt time.Time
+	switch {
+	case opts.ExpiresInMinutes < 0 || opts.MaxDays < 0:
+		// "Forever" — a date far enough out that the box effectively never
+		// expires. No schema change; CanDownload/cleanup keep working as-is.
+		expiresAt = now.AddDate(100, 0, 0)
+	case opts.ExpiresInMinutes > 0:
 		expiresAt = now.Add(time.Duration(opts.ExpiresInMinutes) * time.Minute)
+	default:
+		days := opts.MaxDays
+		if days <= 0 {
+			days = 7
+		}
+		expiresAt = now.Add(time.Duration(days) * 24 * time.Hour)
 	}
 
 	box := Box{