Secure File Drop

Secure File Drop is a web-based application for secure file uploads with user authentication and admin controls. It provides a simple interface for users to upload files, manage their accounts, and allows administrators to oversee user management and system settings. The application is built with Go, uses SQLite for data storage, and runs in a Docker container with TLS support.

Features

• User Authentication: Secure login with JWT-based sessions and password hashing using bcrypt.
• File Uploads: Drag-and-drop file uploads with client-side progress tracking and server-side validation for file types and sizes.
• Admin Panel: Admins can create users, update passwords, manage file upload policies (allowed/blocked extensions, max size), and view upload logs.
• TLS Support: Runs with SSL/TLS using self-generated certificates or provided certificates.
• Dockerized Deployment: Configured to run in a Docker container with environment-based configuration.

Project Structure

• backend/: Contains the Go source code for the application.
  • main.go: Entry point for the server, initializing configuration, database, and routes.
  • config/config.go: Loads environment variables into a configuration struct.
  • auth/auth.go: Handles JWT generation, validation, and password verification.
  • database/database.go: Initializes SQLite database and creates necessary tables.
  • handlers/handlers.go: Defines HTTP routes and handlers for user and admin actions.
  • models/models.go: Defines data structures for users, settings, and upload logs.
  • templates/*.html: HTML templates for login, upload, admin, and user account pages.
  • static/:
    • style.css: CSS styles for the web interface.
    • upload.js: JavaScript for handling drag-and-drop file uploads and progress display.
• certs/: Stores TLS certificates (cert.pem, key.pem) generated by generate_cert.go.
• generate_cert.go: A Go script to generate self-signed TLS certificates with customizable hostnames, validity, and key size.
• Dockerfile: Defines the Docker image for building and running the application.
• docker-compose.yml: Configures the Docker service with volume mounts and environment variables.
• .env: Environment variables for configuration (e.g., secret key, admin credentials, file upload settings).
• go.mod, go.sum: Go module dependencies and checksums.

Prerequisites

• Go: Version 1.23 or higher for building the application.
• Docker: For containerized deployment.
• Git: For version control and dependency fetching.

Setup Instructions

1. Clone the Repository:

   git clone https://github.com/AyzinA/Secure-File-Drop.git
   cd Secure-File-Drop

2. Generate TLS Certificates (if not using provided certs):

   go run generate_cert.go -hosts="localhost,127.0.0.1,files.example.com" -out=certs -days=365 -bits=2048

   This generates cert.pem and key.pem in the certs/ directory.

3. Configure Environment Variables:

   • Copy the example .env file and update as needed:

     cp .env.example .env

   • Edit .env to set:
     • SECRET_KEY: A random string (e.g., generate with openssl rand -hex 32).
     • ADMIN_USERNAME and ADMIN_PASSWORD: Credentials for the initial admin user.
     • UPLOAD_DIR and DB_DIR: Paths for file uploads and SQLite database.
     • ALLOWED_EXTENSIONS and BLOCKED_EXTENSIONS: Comma-separated file extensions (e.g., pdf,docx,txt).
     • MAX_UPLOAD_SIZE_MB: Maximum file size in MB.
     • HOST, PORT, USE_TLS: Server settings (default: 0.0.0.0, 8000, true).
     • CERT_FILE and KEY_FILE: Paths to TLS certificates inside the container.

4. Build and Run with Docker:

   docker-compose up --build

   The application will be available at https://localhost:8000 (or the configured HOST and PORT).

5. Access the Application:

   • Open https://localhost:8000 in a browser.
   • Log in with the admin credentials set in .env.
   • Use the admin panel to create users, adjust settings, or view logs.
   • Upload files via the drag-and-drop interface.

Usage

• Login: Access /login to sign in with a username and password.
• Upload Files: Navigate to /upload to drag-and-drop files or select them manually. Files are validated against allowed/blocked extensions and size limits.
• Admin Panel: Admins can access /admin to manage users, update file policies, and view upload logs.
• User Account: Visit /me to view upload history or change your password.
• Logs: Admins can view all upload attempts at /logs.

Development

• Build Locally:

  go build -o main ./backend
  ./main

• Run Tests (if applicable): Add test files in backend/ and run:

  go test ./backend/...

Dependencies

• Go Modules:

  • github.com/dgrijalva/jwt-go: For JWT authentication.
  • github.com/gorilla/mux: For HTTP routing.
  • github.com/mattn/go-sqlite3: For SQLite database support.
  • golang.org/x/crypto: For password hashing (bcrypt).

• Docker:

  • Uses golang:1.23-alpine base image.
  • Installs git, gcc, build-base, musl-dev, libc-dev for building.

Security Notes

• TLS: Always use TLS in production (USE_TLS=true) with valid certificates.
• Permissions: The Docker container runs as a non-root user (appuser, UID 1000) with no-new-privileges for security.
• File Validation: Files are checked for allowed/blocked extensions and size limits before saving.
• Credentials: Store sensitive data (e.g., SECRET_KEY, ADMIN_PASSWORD) securely and never commit .env to version control.

Troubleshooting

• Certificate Errors: Ensure cert.pem and key.pem exist and are valid. Regenerate with generate_cert.go if needed.
• Permission Issues: On Windows, comment out the user: 1000:1000 line in docker-compose.yml to avoid permission errors.
• Database Errors: Verify DB_DIR is writable and the SQLite database (app.db) is accessible.
• File Upload Failures: Check ALLOWED_EXTENSIONS, BLOCKED_EXTENSIONS, and MAX_UPLOAD_SIZE_MB in .env.

Contributing

1. Fork the repository.
2. Create a feature branch (git checkout -b feature/your-feature).
3. Commit changes (git commit -m "Add your feature").
4. Push to the branch (git push origin feature/your-feature).
5. Open a pull request.

License

This project is licensed under the MIT License. See the LICENSE file for details.