Temporary, resumable file transfers on your own Cloudflare account.

Share creates an upload link and a separate download link immediately, then transfers the file in resumable parts through a private R2 bucket. It is an OSS starter for teams that want a small transfer lane, not another collaboration suite.

• Demo: https://share.coey.dev
• Source: https://github.com/acoyfellow/share
• Deploy: https://deploy.workers.cloudflare.com/?url=https://github.com/acoyfellow/share

A single Worker backed by two Durable Objects and one local R2 bucket:

• ShareSession owns one temporary share, capability checks, multipart upload, download budget, and expiration.
• DemoQuota reserves bytes and limits anonymous share creation.
• R2 stores completed bytes privately; the browser never receives a public storage URL.
• Turnstile gates anonymous creation using Cloudflare's official automated-test keys in local development.

Requirements: Bun and a Cloudflare-compatible browser.

bun install
bun run check
bunx wrangler dev --local --port 8796 \
  --var TURNSTILE_SITE_KEY:1x00000000000000000000AA \
  --var TURNSTILE_SECRET_KEY:1x0000000000000000000000000000000AA

Open http://localhost:8796.

For an automated browser pass while that server is running:

bun run browser:e2e

1. Choose a temporary file.
2. Complete the visible test Turnstile challenge.
3. Select Create secure links and upload.
4. Copy the Share link into another tab. It contains only a read capability in the URL fragment.
5. Observe upload readiness and download the finished file.
6. Use the Manage link to resume an interrupted upload or remove the share.

You have now exercised the same capability boundary and R2 multipart path intended for a public demo deployment.

bun run typecheck
bun run test
bun run dry-run
bun run browser:e2e # with the local Worker running as in the tutorial

The test suite runs real Worker/Durable Object/R2 behavior under Cloudflare's Workers Vitest pool. It covers capabilities, quota reservation, multipart finalization, range downloads, aborts, and metadata non-disclosure.

The Deploy to Cloudflare button above creates your Worker, Durable Objects, and private R2 bucket from wrangler.jsonc.

During setup:

1. Choose your Worker name and R2 bucket name.
2. Create a Turnstile widget for your assigned Worker hostname (or your custom domain).
3. Set TURNSTILE_SITE_KEY and the secret TURNSTILE_SECRET_KEY from that widget.
4. Optionally set PUBLIC_URL when you will use a custom hostname.

A fresh button deploy is reachable on its workers.dev hostname with Preview URLs disabled. If you attach a custom domain, switch to a single public surface in your generated repository:

"workers_dev": false,
"preview_urls": false,
"routes": [{ "pattern": "share.example.com", "custom_domain": true }]

Manual deployment is also supported:

bun install
bunx wrangler r2 bucket create share-files
bunx wrangler secret put TURNSTILE_SECRET_KEY
# Set TURNSTILE_SITE_KEY in wrangler.jsonc
bunx wrangler deploy

Before operating a public hosted instance, read SECURITY.md and tune its limits for your cost and abuse posture.

All public limits are explicit Worker variables in wrangler.jsonc:

The uploader should not need to wait for a large transfer to finish before sharing intent. Share first creates a temporary record and two capabilities, then uploads chunks into R2. The read link can display pending progress and becomes downloadable after completion.

Public demo mode has no user accounts. It therefore uses capability security:

• The share link grants status and download access.
• The manage link additionally grants upload resume, cancellation, and deletion.

Capabilities live in URL fragments (#read=…, #manage=…), which are not sent to the server during navigation. Browser API calls move the selected capability into an Authorization: ShareCapability … header. The server stores only capability hashes.

An anonymous file-transfer site can otherwise become unbounded storage or distribution infrastructure. Share's defaults demonstrate the architecture while constraining cost and abuse:

• one temporary file per share;
• no public index or recipient email claims;
• private object storage and attachment-only downloads;
• Turnstile before storage reservation;
• exact retained-byte reservation in a Durable Object;
• request-time expiry enforcement plus cleanup alarms;
• bounded upload retry bytes and pre-debited download byte budgets.

For confidential or regulated file sharing, add identity-backed authorization, scanning, audit, retention, and operator processes rather than increasing public-demo limits.

MIT