A tiny personal minimalistic file-sharing service. Written in Go, minimal dependencies.
docker run -it --rm -p 9999:9999 ghcr.io/heylu/share:main
Alternatively, clone the repo and run it using go run .
.
-
command line:
-addr string The address the server is listening on. (default "localhost:9999") -uploads-dir string The directory to store the uploads in. (default "./uploads/")
-
BASE_URL
(environment) -
upload-secret.txt
(a secret string that needs to be specified to be able to upload)- empty by default, allowing uploads by everyone
-
admin-secret.txt
(optional, allows viewing usage stats at/stats
with useradmin
+ admin-secret) -
code-only:
- max upload size (50mb)
- rate limit (1 upload request per 10 seconds)
- expiry (14 days)
(Unchecked items are not implemented yet.)
- upload only with password
- upload rate limiting
- set content type for downloads
- delete files after N days
- admin stats (rate limiting, uploads, num downloads)
- password encryption (optional, encrypted with password on disk, crypto/aes?)
- seems extremely tricky, consider using WebCryptoAPI implementation from firefox send?
- would like to keep it server-side though, to avoid JS as we did so far...
- could do an "obfuscation" method for pseudo-security, i.e. security against novices, like me
- seems extremely tricky, consider using WebCryptoAPI implementation from firefox send?
- encryption at rest, i.e. the server gets sent the plaintext
- malicious code/servers could record the plaintext
- crypto/aes (with
sha256(password)
as key) + cipher.NewOTR - password is also checked using bcrypt before attempting decryption