Fix upload timeout + apply Lumière to settings/auth pages

Nginx: add dedicated upload location with client_body_timeout 15m,
client_max_body_size 550m, and proxy_request_buffering off. Default
client_body_timeout of 60s was the actual culprit cutting slow uploads.
Node.js requestTimeout (build 228) remains as a backstop.

Lumière: pass isLumiere from UserPagesController (settings),
PasswordResetController (set-password), and UserActivateController
(first-time activation). auth.scss adds card styling for auth pages.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

server-ce/nginx/overleaf.conf

@@ -9,6 +9,21 @@ server {
 		internal;
 	}
 
+	# File upload endpoints: stream directly to Node.js with generous timeouts
+	# for large files on slow / unreliable connections.
+	location ~ ^/project/[^/]+/upload$ {
+		proxy_pass http://127.0.0.1:4000;
+		proxy_http_version 1.1;
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-Host $host;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_read_timeout 15m;
+		proxy_send_timeout 15m;
+		client_body_timeout 15m;
+		client_max_body_size 550m;
+		proxy_request_buffering off;
+	}
+
 	location / {
 		proxy_pass http://127.0.0.1:4000;
 		proxy_http_version 1.1;

services/web/app/src/Features/PasswordReset/PasswordResetController.mjs

@@ -215,12 +215,23 @@ async function renderSetPasswordForm(req, res, next) {
   const passwordResetToken = req.session.resetToken
   delete req.session.resetToken
 
+  let isLumiere = false
+  if (email) {
+    try {
+      const emailUser = await UserGetter.promises.getUserByMainEmail(email, {
+        'ace.overallTheme': 1,
+      })
+      isLumiere = (emailUser?.ace?.overallTheme ?? '') === 'lumiere-'
+    } catch {}
+  }
+
   res.render(
     Features.hasFeature('saas') ? 'user/setPasswordCiam' : 'user/setPassword',
     {
       title: 'set_password',
       email,
       passwordResetToken,
+      isLumiere,
     }
   )
 }

services/web/app/src/Features/User/UserPagesController.mjs

@@ -177,6 +177,7 @@ async function settingsPage(req, res) {
     isSaas: Features.hasFeature('saas'),
     memberOfSSOEnabledGroups,
     capabilities: [...req.capabilitySet],
+    isLumiere: (user?.ace?.overallTheme ?? '') === 'lumiere-',
   })
 }
 

services/web/frontend/stylesheets/pages/auth.scss

@@ -1,3 +1,15 @@
+// Lumière-themed overrides for auth pages (setPassword, activate, etc.)
+[data-lumiere='true'] {
+  .auth-aux-container {
+    background: rgba(255, 255, 255, 0.88);
+    border-radius: 16px;
+    padding: 2rem;
+    box-shadow: 0 4px 24px rgba(42, 157, 143, 0.12);
+    min-height: unset;
+    margin-top: 5rem;
+  }
+}
+
 .auth-aux-logo {
   position: absolute;
   top: var(--spacing-06);

services/web/modules/user-activate/app/src/UserActivateController.mjs

@@ -40,6 +40,7 @@ async function activateAccountPage(req, res, next) {
   const user = await UserGetter.promises.getUser(req.query.user_id, {
     email: 1,
     loginCount: 1,
+    'ace.overallTheme': 1,
   })
 
   if (!user) {
@@ -59,6 +60,7 @@ async function activateAccountPage(req, res, next) {
     title: 'activate_account',
     email: user.email,
     token: req.query.token,
+    isLumiere: (user?.ace?.overallTheme ?? '') === 'lumiere-',
   })
 }