feat: add emoji reaction support for files

- Implement `ReactionService` to manage file reactions in the database.
- Add `POST /d/{boxID}/f/{fileID}/react` endpoint to handle user reactions.
- Add `GET /emoji/{pack}/{file}` endpoint to serve custom emoji assets.
- Support loading custom emoji packs dynamically from the data directory.
- Update README with instructions on configuring emoji reaction packs.

backend/libs/handlers/app.go

@@ -16,12 +16,13 @@ type App struct {
 	uploadService   *services.UploadService
 	authService     *services.AuthService
 	settingsService *services.SettingsService
+	reactionService *services.ReactionService
 	banService      *services.BanService
 	rateLimiter     *rateLimiter
 	uploadGroups    *uploadGrouper
 }
 
-func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uploadService *services.UploadService, authService *services.AuthService, settingsService *services.SettingsService, banService *services.BanService) *App {
+func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uploadService *services.UploadService, authService *services.AuthService, settingsService *services.SettingsService, reactionService *services.ReactionService, banService *services.BanService) *App {
 	return &App{
 		cfg:             cfg,
 		logger:          logger,
@@ -29,6 +30,7 @@ func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uplo
 		uploadService:   uploadService,
 		authService:     authService,
 		settingsService: settingsService,
+		reactionService: reactionService,
 		banService:      banService,
 		rateLimiter:     newRateLimiter(),
 		uploadGroups:    newUploadGrouper(),
@@ -121,6 +123,7 @@ func (a *App) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /d/{boxID}/manage/{token}/delete", a.ManageDeleteBox)
 	mux.HandleFunc("POST /d/{boxID}/unlock", a.UnlockBox)
 	mux.HandleFunc("GET /d/{boxID}/zip", a.DownloadZip)
+	mux.HandleFunc("POST /d/{boxID}/f/{fileID}/react", a.ReactToFile)
 	mux.HandleFunc("GET /d/{boxID}/f/{fileID}", a.DownloadFile)
 	mux.HandleFunc("GET /d/{boxID}/f/{fileID}/download", a.DownloadFileContent)
 	mux.HandleFunc("GET /d/{boxID}/thumb/{fileID}", a.Thumbnail)
@@ -132,5 +135,6 @@ func (a *App) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /api/v1/schemas/upload-request.json", a.UploadRequestSchema)
 	mux.HandleFunc("GET /api/v1/schemas/upload-response.json", a.UploadResponseSchema)
 	mux.HandleFunc("POST /api/v1/upload", a.Upload)
+	mux.HandleFunc("GET /emoji/{pack}/{file}", a.EmojiAsset)
 	mux.Handle("GET /static/", a.Static())
 }

backend/libs/handlers/download.go

@@ -2,12 +2,15 @@ package handlers
 
 import (
 	"bytes"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
+	"sort"
 	"strings"
 	"time"
 
@@ -26,6 +29,7 @@ type downloadPageData struct {
 	DownloadCount int
 	MaxDownloads  int
 	ExpiresLabel  string
+	EmojiTabs     []emojiTabView
 }
 
 type boxView struct {
@@ -41,6 +45,28 @@ type fileView struct {
 	URL          string
 	DownloadURL  string
 	ThumbnailURL string
+	ReactURL     string
+	Reactions    []reactionView
+	Reacted      bool
+}
+
+type reactionView struct {
+	EmojiID string `json:"emojiId"`
+	URL     string `json:"url"`
+	Label   string `json:"label"`
+	Count   int    `json:"count"`
+}
+
+type emojiTabView struct {
+	ID     string
+	Label  string
+	Emojis []emojiOptionView
+}
+
+type emojiOptionView struct {
+	ID    string `json:"id"`
+	URL   string `json:"url"`
+	Label string `json:"label"`
 }
 
 type previewPageData struct {
@@ -70,13 +96,22 @@ func (a *App) DownloadPage(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	locked := a.uploadService.IsProtected(box) && !a.isBoxUnlocked(r, box)
+	visitorID := a.reactionVisitorID(w, r)
+	reactionsByFile, reactedByFile, err := a.reactionService.SummaryForBox(box.ID, visitorID)
+	if err != nil {
+		a.logger.Warn("failed to load file reactions", withRequestLogAttrs(r, "source", "reactions", "severity", "warn", "code", 4300, "box_id", box.ID, "error", err.Error())...)
+	}
 
 	files := make([]fileView, 0, len(box.Files))
 	if !(locked && box.Obfuscate) {
 		for _, file := range box.Files {
-			files = append(files, a.fileView(box, file))
+			files = append(files, a.fileViewWithReactions(box, file, reactionsByFile[file.ID], reactedByFile[file.ID]))
 		}
 	}
+	emojiTabs, err := a.emojiTabs()
+	if err != nil {
+		a.logger.Warn("failed to load emoji tabs", withRequestLogAttrs(r, "source", "reactions", "severity", "warn", "code", 4301, "box_id", box.ID, "error", err.Error())...)
+	}
 
 	expiresLabel := boxExpiryLabel(box.ExpiresAt, "Jan 2, 2006 15:04 MST")
 	title := "Shared files on Warpbox"
@@ -99,6 +134,7 @@ func (a *App) DownloadPage(w http.ResponseWriter, r *http.Request) {
 			DownloadCount: box.DownloadCount,
 			MaxDownloads:  box.MaxDownloads,
 			ExpiresLabel:  expiresLabel,
+			EmojiTabs:     emojiTabs,
 		},
 	})
 	a.logger.Info("download page viewed", withRequestLogAttrs(r, "source", "download", "severity", "user_activity", "code", 2003, "box_id", box.ID, "locked", locked)...)
@@ -310,6 +346,10 @@ func (a *App) DownloadZip(w http.ResponseWriter, r *http.Request) {
 }
 
 func (a *App) fileView(box services.Box, file services.File) fileView {
+	return a.fileViewWithReactions(box, file, nil, false)
+}
+
+func (a *App) fileViewWithReactions(box services.Box, file services.File, reactions []services.ReactionSummary, reacted bool) fileView {
 	return fileView{
 		ID:           file.ID,
 		Name:         file.Name,
@@ -319,9 +359,171 @@ func (a *App) fileView(box services.Box, file services.File) fileView {
 		URL:          fmt.Sprintf("/d/%s/f/%s", box.ID, file.ID),
 		DownloadURL:  fmt.Sprintf("/d/%s/f/%s/download", box.ID, file.ID),
 		ThumbnailURL: fmt.Sprintf("/d/%s/thumb/%s", box.ID, file.ID),
+		ReactURL:     fmt.Sprintf("/d/%s/f/%s/react", box.ID, file.ID),
+		Reactions:    a.reactionViews(reactions),
+		Reacted:      reacted,
 	}
 }
 
+func (a *App) ReactToFile(w http.ResponseWriter, r *http.Request) {
+	box, file, ok := a.loadFileForRequest(w, r)
+	if !ok {
+		return
+	}
+	if a.uploadService.IsProtected(box) && !a.isBoxUnlocked(r, box) {
+		http.Error(w, "password required", http.StatusUnauthorized)
+		return
+	}
+
+	if err := r.ParseForm(); err != nil {
+		http.Error(w, "invalid reaction", http.StatusBadRequest)
+		return
+	}
+	emojiID := strings.TrimSpace(r.FormValue("emoji_id"))
+	if !a.validEmojiID(emojiID) {
+		http.Error(w, "unknown emoji", http.StatusBadRequest)
+		return
+	}
+
+	visitorID := a.reactionVisitorID(w, r)
+	reactions, err := a.reactionService.Add(box.ID, file.ID, visitorID, emojiID)
+	if errors.Is(err, os.ErrExist) {
+		writeJSON(w, http.StatusConflict, map[string]any{"error": "already reacted"})
+		return
+	}
+	if err != nil {
+		a.logger.Warn("file reaction failed", withRequestLogAttrs(r, "source", "reactions", "severity", "warn", "code", 4302, "box_id", box.ID, "file_id", file.ID, "error", err.Error())...)
+		http.Error(w, "could not save reaction", http.StatusInternalServerError)
+		return
+	}
+
+	a.logger.Info("file reaction added", withRequestLogAttrs(r, "source", "reactions", "severity", "user_activity", "code", 2301, "box_id", box.ID, "file_id", file.ID, "emoji_id", emojiID)...)
+	writeJSON(w, http.StatusCreated, map[string]any{
+		"reactions": a.reactionViews(reactions),
+		"reacted":   true,
+	})
+}
+
+func (a *App) reactionViews(reactions []services.ReactionSummary) []reactionView {
+	views := make([]reactionView, 0, len(reactions))
+	for _, reaction := range reactions {
+		views = append(views, reactionView{
+			EmojiID: reaction.EmojiID,
+			URL:     emojiURL(reaction.EmojiID),
+			Label:   emojiLabel(reaction.EmojiID),
+			Count:   reaction.Count,
+		})
+	}
+	return views
+}
+
+func (a *App) emojiTabs() ([]emojiTabView, error) {
+	root := a.emojiRoot()
+	entries, err := os.ReadDir(root)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return nil, nil
+		}
+		return nil, err
+	}
+	tabs := make([]emojiTabView, 0, len(entries))
+	for _, entry := range entries {
+		if !entry.IsDir() {
+			continue
+		}
+		tabID := entry.Name()
+		files, err := os.ReadDir(filepath.Join(root, tabID))
+		if err != nil {
+			return nil, err
+		}
+		tab := emojiTabView{ID: tabID, Label: emojiTabLabel(tabID)}
+		for _, file := range files {
+			if file.IsDir() || !isEmojiFile(file.Name()) {
+				continue
+			}
+			emojiID := tabID + "/" + file.Name()
+			tab.Emojis = append(tab.Emojis, emojiOptionView{
+				ID:    emojiID,
+				URL:   emojiURL(emojiID),
+				Label: emojiLabel(emojiID),
+			})
+		}
+		sort.Slice(tab.Emojis, func(i, j int) bool { return tab.Emojis[i].ID < tab.Emojis[j].ID })
+		if len(tab.Emojis) > 0 {
+			tabs = append(tabs, tab)
+		}
+	}
+	sort.Slice(tabs, func(i, j int) bool { return tabs[i].ID < tabs[j].ID })
+	return tabs, nil
+}
+
+func (a *App) validEmojiID(id string) bool {
+	id = strings.TrimSpace(id)
+	if id == "" || strings.Contains(id, "\\") || strings.Contains(id, "..") || strings.HasPrefix(id, "/") {
+		return false
+	}
+	parts := strings.Split(id, "/")
+	if len(parts) != 2 || parts[0] == "" || parts[1] == "" || !isEmojiFile(parts[1]) {
+		return false
+	}
+	info, err := os.Stat(filepath.Join(a.emojiRoot(), parts[0], parts[1]))
+	return err == nil && !info.IsDir()
+}
+
+func (a *App) emojiRoot() string {
+	return filepath.Join(a.cfg.DataDir, "emoji")
+}
+
+func (a *App) reactionVisitorID(w http.ResponseWriter, r *http.Request) string {
+	const cookieName = "warpbox_reactor"
+	if cookie, err := r.Cookie(cookieName); err == nil && strings.TrimSpace(cookie.Value) != "" {
+		return cookie.Value
+	}
+	visitorID := services.RandomPublicToken(32)
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieName,
+		Value:    visitorID,
+		Path:     "/",
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+		Secure:   r.TLS != nil,
+		Expires:  time.Now().AddDate(1, 0, 0),
+	})
+	return visitorID
+}
+
+func isEmojiFile(name string) bool {
+	ext := strings.ToLower(filepath.Ext(name))
+	return ext == ".svg" || ext == ".webp" || ext == ".png" || ext == ".jpg" || ext == ".jpeg" || ext == ".gif"
+}
+
+func emojiTabLabel(id string) string {
+	label := strings.NewReplacer("-", " ", "_", " ").Replace(id)
+	if label == "" {
+		return "Emoji"
+	}
+	return strings.ToUpper(label[:1]) + label[1:]
+}
+
+func emojiLabel(id string) string {
+	base := strings.TrimSuffix(filepath.Base(id), filepath.Ext(id))
+	return strings.ReplaceAll(base, "-", " ")
+}
+
+func emojiURL(id string) string {
+	parts := strings.Split(id, "/")
+	if len(parts) != 2 {
+		return ""
+	}
+	return "/emoji/" + url.PathEscape(parts[0]) + "/" + url.PathEscape(parts[1])
+}
+
+func writeJSON(w http.ResponseWriter, status int, value any) {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(status)
+	_ = json.NewEncoder(w).Encode(value)
+}
+
 func (a *App) isBoxUnlocked(r *http.Request, box services.Box) bool {
 	if !a.uploadService.IsProtected(box) {
 		return true

backend/libs/handlers/static.go

@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"net/http"
+	"os"
 	"path/filepath"
 	"strings"
 )
@@ -15,6 +16,24 @@ func (a *App) Static() http.Handler {
 	})
 }
 
+func (a *App) EmojiAsset(w http.ResponseWriter, r *http.Request) {
+	pack := strings.TrimSpace(r.PathValue("pack"))
+	file := strings.TrimSpace(r.PathValue("file"))
+	if pack == "" || file == "" || strings.Contains(pack, "/") || strings.Contains(pack, "\\") || strings.Contains(pack, "..") || strings.Contains(file, "/") || strings.Contains(file, "\\") || strings.Contains(file, "..") || !isEmojiFile(file) {
+		http.NotFound(w, r)
+		return
+	}
+
+	path := filepath.Join(a.emojiRoot(), pack, file)
+	info, err := os.Stat(path)
+	if err != nil || info.IsDir() {
+		http.NotFound(w, r)
+		return
+	}
+	setStaticCacheHeaders(w, r.URL.Path)
+	http.ServeFile(w, r, path)
+}
+
 func setStaticCacheHeaders(w http.ResponseWriter, path string) {
 	ext := strings.ToLower(filepath.Ext(path))
 

backend/libs/handlers/upload_stage3_test.go

@@ -46,6 +46,42 @@ func TestUploadJSONIncludesManageURLsAndAcceptsShareXField(t *testing.T) {
 	}
 }
 
+func TestFileReactionCanBeAddedOncePerVisitor(t *testing.T) {
+	app, cleanup := newTestApp(t)
+	defer cleanup()
+
+	payload := uploadThroughApp(t, app)
+	if len(payload.Files) != 1 {
+		t.Fatalf("uploaded files = %d", len(payload.Files))
+	}
+
+	request := httptest.NewRequest(http.MethodPost, "/d/"+payload.BoxID+"/f/"+payload.Files[0].ID+"/react", strings.NewReader("emoji_id=openmoji/1F600.svg"))
+	request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	request.SetPathValue("boxID", payload.BoxID)
+	request.SetPathValue("fileID", payload.Files[0].ID)
+	response := httptest.NewRecorder()
+	app.ReactToFile(response, request)
+	if response.Code != http.StatusCreated {
+		t.Fatalf("first reaction status = %d, body = %s", response.Code, response.Body.String())
+	}
+	if !strings.Contains(response.Body.String(), `"count":1`) {
+		t.Fatalf("reaction response missing count: %s", response.Body.String())
+	}
+
+	retry := httptest.NewRequest(http.MethodPost, "/d/"+payload.BoxID+"/f/"+payload.Files[0].ID+"/react", strings.NewReader("emoji_id=openmoji/1F600.svg"))
+	retry.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	retry.SetPathValue("boxID", payload.BoxID)
+	retry.SetPathValue("fileID", payload.Files[0].ID)
+	for _, cookie := range response.Result().Cookies() {
+		retry.AddCookie(cookie)
+	}
+	retryResponse := httptest.NewRecorder()
+	app.ReactToFile(retryResponse, retry)
+	if retryResponse.Code != http.StatusConflict {
+		t.Fatalf("second reaction status = %d, body = %s", retryResponse.Code, retryResponse.Body.String())
+	}
+}
+
 func TestUploadTextResponseReturnsOnlyBoxURL(t *testing.T) {
 	app, cleanup := newTestApp(t)
 	defer cleanup()
@@ -198,6 +234,14 @@ func newTestApp(t *testing.T) (*App, func()) {
 	if err != nil {
 		t.Fatalf("NewUploadService returned error: %v", err)
 	}
+	if err := os.MkdirAll(filepath.Join(cfg.DataDir, "emoji", "openmoji"), 0o755); err != nil {
+		service.Close()
+		t.Fatalf("create emoji test dir: %v", err)
+	}
+	if err := os.WriteFile(filepath.Join(cfg.DataDir, "emoji", "openmoji", "1F600.svg"), []byte(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1 1"></svg>`), 0o644); err != nil {
+		service.Close()
+		t.Fatalf("write emoji test file: %v", err)
+	}
 	renderer, err := web.NewRenderer(cfg.TemplateDir, cfg.AppName, cfg.AppVersion, cfg.BaseURL)
 	if err != nil {
 		service.Close()
@@ -213,12 +257,17 @@ func newTestApp(t *testing.T) (*App, func()) {
 		service.Close()
 		t.Fatalf("NewSettingsService returned error: %v", err)
 	}
+	reactionService, err := services.NewReactionService(service.DB())
+	if err != nil {
+		service.Close()
+		t.Fatalf("NewReactionService returned error: %v", err)
+	}
 	banService, err := services.NewBanService(service.DB())
 	if err != nil {
 		service.Close()
 		t.Fatalf("NewBanService returned error: %v", err)
 	}
-	return NewApp(cfg, logger, renderer, service, authService, settingsService, banService), func() {
+	return NewApp(cfg, logger, renderer, service, authService, settingsService, reactionService, banService), func() {
 		if err := service.Close(); err != nil {
 			t.Fatalf("Close returned error: %v", err)
 		}

backend/libs/httpserver/server.go

@@ -32,13 +32,18 @@ func New(cfg config.Config, logger *slog.Logger) (*http.Server, error) {
 		uploadService.Close()
 		return nil, err
 	}
+	reactionService, err := services.NewReactionService(uploadService.DB())
+	if err != nil {
+		uploadService.Close()
+		return nil, err
+	}
 	banService, err := services.NewBanService(uploadService.DB())
 	if err != nil {
 		uploadService.Close()
 		return nil, err
 	}
 	stopJobs := jobs.StartAll(cfg, logger, uploadService, banService)
-	app := handlers.NewApp(cfg, logger, renderer, uploadService, authService, settingsService, banService)
+	app := handlers.NewApp(cfg, logger, renderer, uploadService, authService, settingsService, reactionService, banService)
 
 	router := http.NewServeMux()
 	app.RegisterRoutes(router)

backend/libs/services/reactions.go

@@ -0,0 +1,166 @@
+package services
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"os"
+	"sort"
+	"strings"
+	"time"
+
+	"go.etcd.io/bbolt"
+)
+
+var reactionsBucket = []byte("file_reactions")
+
+type ReactionService struct {
+	db *bbolt.DB
+}
+
+type FileReaction struct {
+	BoxID       string    `json:"boxId"`
+	FileID      string    `json:"fileId"`
+	EmojiID     string    `json:"emojiId"`
+	VisitorHash string    `json:"visitorHash"`
+	CreatedAt   time.Time `json:"createdAt"`
+}
+
+type ReactionSummary struct {
+	EmojiID string `json:"emojiId"`
+	Count   int    `json:"count"`
+}
+
+func NewReactionService(db *bbolt.DB) (*ReactionService, error) {
+	if err := db.Update(func(tx *bbolt.Tx) error {
+		_, err := tx.CreateBucketIfNotExists(reactionsBucket)
+		return err
+	}); err != nil {
+		return nil, err
+	}
+	return &ReactionService{db: db}, nil
+}
+
+func (s *ReactionService) Add(boxID, fileID, visitorID, emojiID string) ([]ReactionSummary, error) {
+	boxID = strings.TrimSpace(boxID)
+	fileID = strings.TrimSpace(fileID)
+	visitorHash := reactionVisitorHash(visitorID)
+	emojiID = strings.TrimSpace(emojiID)
+	if boxID == "" || fileID == "" || visitorHash == "" || emojiID == "" {
+		return nil, errors.New("missing reaction data")
+	}
+
+	reaction := FileReaction{
+		BoxID:       boxID,
+		FileID:      fileID,
+		EmojiID:     emojiID,
+		VisitorHash: visitorHash,
+		CreatedAt:   time.Now().UTC(),
+	}
+	data, err := json.Marshal(reaction)
+	if err != nil {
+		return nil, err
+	}
+
+	key := reactionKey(boxID, fileID, visitorHash)
+	if err := s.db.Update(func(tx *bbolt.Tx) error {
+		bucket := tx.Bucket(reactionsBucket)
+		if bucket.Get([]byte(key)) != nil {
+			return os.ErrExist
+		}
+		return bucket.Put([]byte(key), data)
+	}); err != nil {
+		return nil, err
+	}
+	return s.SummaryForFile(boxID, fileID)
+}
+
+func (s *ReactionService) SummaryForBox(boxID, visitorID string) (map[string][]ReactionSummary, map[string]bool, error) {
+	visitorHash := reactionVisitorHash(visitorID)
+	summaries := make(map[string]map[string]int)
+	viewerReacted := make(map[string]bool)
+	err := s.db.View(func(tx *bbolt.Tx) error {
+		bucket := tx.Bucket(reactionsBucket)
+		if bucket == nil {
+			return nil
+		}
+		return bucket.ForEach(func(_, data []byte) error {
+			var reaction FileReaction
+			if err := json.Unmarshal(data, &reaction); err != nil {
+				return err
+			}
+			if reaction.BoxID != boxID {
+				return nil
+			}
+			if summaries[reaction.FileID] == nil {
+				summaries[reaction.FileID] = make(map[string]int)
+			}
+			summaries[reaction.FileID][reaction.EmojiID]++
+			if visitorHash != "" && reaction.VisitorHash == visitorHash {
+				viewerReacted[reaction.FileID] = true
+			}
+			return nil
+		})
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	result := make(map[string][]ReactionSummary, len(summaries))
+	for fileID, counts := range summaries {
+		result[fileID] = reactionCountsToSummaries(counts)
+	}
+	return result, viewerReacted, nil
+}
+
+func (s *ReactionService) SummaryForFile(boxID, fileID string) ([]ReactionSummary, error) {
+	counts := make(map[string]int)
+	err := s.db.View(func(tx *bbolt.Tx) error {
+		bucket := tx.Bucket(reactionsBucket)
+		if bucket == nil {
+			return nil
+		}
+		return bucket.ForEach(func(_, data []byte) error {
+			var reaction FileReaction
+			if err := json.Unmarshal(data, &reaction); err != nil {
+				return err
+			}
+			if reaction.BoxID == boxID && reaction.FileID == fileID {
+				counts[reaction.EmojiID]++
+			}
+			return nil
+		})
+	})
+	if err != nil {
+		return nil, err
+	}
+	return reactionCountsToSummaries(counts), nil
+}
+
+func reactionCountsToSummaries(counts map[string]int) []ReactionSummary {
+	summaries := make([]ReactionSummary, 0, len(counts))
+	for emojiID, count := range counts {
+		summaries = append(summaries, ReactionSummary{EmojiID: emojiID, Count: count})
+	}
+	sort.Slice(summaries, func(i, j int) bool {
+		if summaries[i].Count == summaries[j].Count {
+			return summaries[i].EmojiID < summaries[j].EmojiID
+		}
+		return summaries[i].Count > summaries[j].Count
+	})
+	return summaries
+}
+
+func reactionKey(boxID, fileID, visitorHash string) string {
+	return boxID + "\x00" + fileID + "\x00" + visitorHash
+}
+
+func reactionVisitorHash(visitorID string) string {
+	visitorID = strings.TrimSpace(visitorID)
+	if visitorID == "" {
+		return ""
+	}
+	sum := sha256.Sum256([]byte(visitorID))
+	return hex.EncodeToString(sum[:])
+}

backend/libs/services/upload.go

@@ -137,6 +137,9 @@ func NewUploadService(maxUploadSize int64, dataDir, baseURL string, logger *slog
 	if err := os.MkdirAll(dbDir, 0o755); err != nil {
 		return nil, err
 	}
+	if err := os.MkdirAll(filepath.Join(dataDir, "emoji"), 0o755); err != nil {
+		return nil, err
+	}
 
 	db, err := bbolt.Open(filepath.Join(dbDir, "warpbox.bbolt"), 0o600, &bbolt.Options{Timeout: time.Second})
 	if err != nil {
@@ -957,6 +960,10 @@ func randomID(byteCount int) string {
 	return base64.RawURLEncoding.EncodeToString(data)
 }
 
+func RandomPublicToken(byteCount int) string {
+	return randomID(byteCount)
+}
+
 func hashPassword(password string) (string, string) {
 	salt := randomID(18)
 	return salt, passwordHash(salt, password)