diff --git a/src/main/java/app/annotations/impl/PermitionFlagAspect.java b/src/main/java/app/annotations/impl/PermitionFlagAspect.java
index f1320c7..e44fcbf 100644
--- a/src/main/java/app/annotations/impl/PermitionFlagAspect.java
+++ b/src/main/java/app/annotations/impl/PermitionFlagAspect.java
@@ -32,9 +32,14 @@ public class PermitionFlagAspect {
     @Autowired
     private HttpServletRequest request;
 
+    private final boolean enabled;
+
     @Autowired
     public PermitionFlagAspect(ProfileService profileService) {
         this.profileService = profileService;
+        this.enabled = !"true".equals(System.getenv("DISABLE_AUTH"));
+        if (!this.enabled)
+            this.logger.warn("PERMITION FLAG CHECK IS DISABLED, ALLOW ALL ACTIONS");
     }
 
     public boolean ValidateAdmin(String steam64, String flag) {
@@ -48,6 +53,11 @@ public class PermitionFlagAspect {
     public void before(JoinPoint joinPoint){
         String flag = ((MethodSignature) joinPoint.getSignature()).getMethod().getAnnotation(CheckPermitionFlag.class).flag();
         logger.info("check permition flag, requested: {}", flag);
+        if (!this.enabled) {
+            logger.warn("bypass request, permition check is disabled");
+            return;
+        }
+
         if(!(request instanceof HttpServletRequest)) {
             throw new RuntimeException("invalid request");
         }
diff --git a/src/main/java/app/controllers/FileController.java b/src/main/java/app/controllers/FileController.java
index d1cbbe6..d313519 100644
--- a/src/main/java/app/controllers/FileController.java
+++ b/src/main/java/app/controllers/FileController.java
@@ -22,6 +22,7 @@ import org.springframework.web.multipart.MultipartFile;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.sql.Timestamp;
@@ -88,6 +89,7 @@ public class FileController {
         dbFile.setTimestamp(timestamp);
         dbFile.setId(uuid);
         dbFile.setTags(tags);
+        dbFile.setDeleted(false);
         fileRepository.save(dbFile);
         return ResponseEntity.ok(uuid.toString());
     }
@@ -97,12 +99,17 @@ public class FileController {
         DbFile dbFile = fileRepository.findById(UUID.fromString(uuid)).orElse(null);
         if (dbFile == null) return ResponseEntity.notFound().build();
 
+        MediaType mediaType = MediaType.APPLICATION_OCTET_STREAM;
+        try {
+            mediaType = MediaType.valueOf(URLConnection.guessContentTypeFromName(dbFile.getFilename()));
+        } catch (Exception ignored) {}
+
         HttpHeaders headers = new HttpHeaders();
         headers.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + encodeFileName(dbFile.getFilename()));
         return ResponseEntity.ok()
                 .headers(headers)
                 .contentLength(dbFile.getFilesize())
-                .contentType(MediaType.APPLICATION_OCTET_STREAM)
+                .contentType(mediaType)
                 .body(new InputStreamResource(new ByteArrayInputStream(dbFile.getData())));
     }
 
@@ -111,6 +118,9 @@ public class FileController {
     @CheckPermitionFlag(flag = "z")
     @CollectStatistic(stage = CollectStages.COMBINED)
     public Page<DbFile> getFiles(Pageable pageable, @RequestBody(required = false) SearchFilter searchFilter) {
+        if (searchFilter == null)
+            searchFilter = new SearchFilter();
+
         String steam64_ids = searchFilter.getAccountsSteam64(profileService);
 
         return filePSRepository.getFiles(pageable,
diff --git a/src/main/java/app/entities/db/DbFile.java b/src/main/java/app/entities/db/DbFile.java
index 89aafdc..62255dc 100644
--- a/src/main/java/app/entities/db/DbFile.java
+++ b/src/main/java/app/entities/db/DbFile.java
@@ -3,6 +3,7 @@ package app.entities.db;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import jakarta.persistence.*;
 import lombok.Data;
+import org.apache.commons.compress.utils.FileNameUtils;
 
 import java.sql.Timestamp;
 import java.util.UUID;
@@ -35,8 +36,13 @@ public class DbFile {
     private Timestamp timestamp;
 
     @Column(name = "deleted")
+    @JsonIgnore
     private Boolean deleted;
 
     @Column(name = "tags")
     private String tags;
+
+    public String getExtension() {
+        return this.filename == null ? null : FileNameUtils.getExtension(this.filename);
+    }
 }
diff --git a/src/main/java/app/repositories/FilePSRepository.java b/src/main/java/app/repositories/FilePSRepository.java
index 229585d..b5d4dc7 100644
--- a/src/main/java/app/repositories/FilePSRepository.java
+++ b/src/main/java/app/repositories/FilePSRepository.java
@@ -11,7 +11,7 @@ import java.util.UUID;
 
 public interface FilePSRepository extends PagingAndSortingRepository<DbFile, UUID> {
 
-    @Query("select f from DbFile f where f.deleted = false and " +
+    @Query("select f from DbFile f where (f.deleted = false or f.deleted is null) and " +
             "(:steam64_non_exists = true or position(f.uploader in :steam64_ids) > 0) and " +
             "(:begin_date is null or DATE_PART('EPOCH', f.timestamp) >= :begin_date) and " +
             "(:end_date is null or :end_date >= DATE_PART('EPOCH', f.timestamp)) " +