Implements a master toggle for security features across config,
CLI, and application logic. This allows granular control over
whether the advanced security middleware and protections are
active globally.
Introduce new environment variables to control the behavior of one-time download boxes:
- `WARPBOX_ONE_TIME_DOWNLOAD_EXPIRY_SECONDS`: Sets the lifetime of a one-time box after uploads are complete.
- `WARPBOX_ONE_TIME_DOWNLOAD_RETRY_ON_FAILURE`: Determines whether a box remains available if the ZIP creation or transfer fails.
To support these settings, the ZIP delivery process was refactored to use a temporary file. This ensures that a one-time box is only marked as consumed after the file has been successfully transferred to the client, preventing data loss on network interruptions.
Additionally, added a `DecorateFiles` helper in the box store to reduce code duplication.
- Add `applyMegabytesOrBytesEnv` to accept size settings in either bytes or MB
- Prefer `*_BYTES` when set, otherwise convert `*_MB` to bytes with overflow guard
- Add coverage for MB-based environment overrides
- Introduce `static/js/upload-popups.js` to lazy-load and cache popup templatesfeat(config): support *_MB env vars for upload size limits
- Add `applyMegabytesOrBytesEnv` to accept size settings in either bytes or MB
- Prefer `*_BYTES` when set, otherwise convert `*_MB` to bytes with overflow guard
- Add coverage for MB-based environment overrides
- Introduce `static/js/upload-popups.js` to lazy-load and cache popup templates
