3
1
Fork
You've already forked upload
0
an file upload server
  • Go 96.1%
  • Shell 2.7%
  • Dockerfile 1.2%
2026年06月30日 17:00:17 +01:00
init add auto update key 2025年08月24日 00:01:25 +01:00
.gitignore refactor storage 2023年06月13日 17:03:35 +01:00
build_and_push.sh beep 2026年04月09日 15:20:22 +01:00
common.go Refactor config to be a bit more dry 2024年10月29日 23:24:11 +00:00
config.go waa 2026年04月12日 14:35:34 +01:00
Containerfile bwaa 2026年04月08日 10:49:16 +01:00
file.go oops 2026年04月24日 10:03:52 +01:00
go.mod bump 2026年06月30日 17:00:17 +01:00
go.sum bump 2026年06月30日 17:00:17 +01:00
LICENSE license 2023年06月28日 09:15:57 +01:00
main.go remove a few unnecessary returns 2026年05月09日 06:05:13 +01:00
randomstring.go tidy 2025年09月23日 10:26:14 +01:00
README.md ahaaa 2026年04月12日 15:05:32 +01:00
storage.go oops 2026年04月12日 15:05:03 +01:00
users.go remove a few unnecessary returns 2026年05月09日 06:05:13 +01:00

A temporary upload server

Changelog!

v2.1.1

  • now you can spam as much data as you want at it, and it'll no longer run into silly race conditions when trying to read and write from the global state at the same time! :D

v2.0.0

  • breaking changes for end-users/clients! the shitty webpage is gone in favor of simplifying the routing and endpoints.
  • the data schema has changed and is incompatible with older versions.
  • Authentication now uses a base64 encoded user:password to reduce the code overhead of having a large number of users and reliance on loops.
  • simplified the api significantly, also added ?json query strings to list endpoints for programatic interaction
  • UPLOAD_PRESETADMINTOKEN has been renamed to UPLOAD_PRESETADMINPASSWORD

v1.1.1

fixed up a whole bunch of shit and closed some holes with incorrectly non-returning authentication based functionality 🙈

running

go build
./upload --config=/path/to/config.toml

also available as a container image

example config

It's not necessary to set all of these options, the example below lists the defaults.

dataPath = '/var/lib/upload'
ttl = '24h'
scanTime = '30s'
bindAddress = ':8080'
basePath = '/upload'

at a minimum you'll want to set dataPath, bindAddress

Time units for TTL and scanTime are taken from go's time.ParseDuration() Valid time units are "ns", "us" (or "μs"), "ms", "s", "m", "h".

  • dataPath is where you want the data to be stored
  • ttl is how long you want uploaded files to live before being deleted
  • scanTime is how often you want to check for expired files
  • bindAddress is the address you want the application to listen on, (i.e :8080 or 127.0.0.1:8080)
  • basePath is the base path to this server (i.e /upload)
  • scheme is the target scheme for redirects if you want to explicitly set this. defaults to https
  • presetAdminPassword allows you to use a predefined string as the initial admin token instead of the default behaviour of randomly generating the initial admin password
  • maxUploadBytes is the upload limit in bytes.

It is also possible to set config options through environment variables:

  • UPLOAD_DATAPATH
  • UPLOAD_TTL
  • UPLOAD_SCANTIME
  • UPLOAD_BINDADDRESS
  • UPLOAD_BASEPATH
  • UPLOAD_SCHEME
  • UPLOAD_PRESETADMINPASSWORD
  • UPLOAD_MAXUPLOADBYTES

uploading

curl examples

curl -H"Authentication: <token>" http://localhost:8080 --form file=@somefile.png

You have the option when uploading a file to make it "private", this file can only be downloaded by another authenticated user.

curl -H"Authentication: <token>" http://localhost:8080 --form file=@somefile.png --form private=true

And make a file available only for a single download:

curl -H"Authentication: <token>" http://localhost:8080 --form file=@somefile.png --form single=true

or both

curl -H"Authentication: <token>" http://localhost:8080 --form file=@somefile.png --form private=true --form single=true

for compatibility with things that do not support multipart forms, you can also send the file in the body of the request. you can test this with curl via:

curl -H"Authentication: <token>" http://localhost:8080 --data-binary @somefile.png

when uploading a file in the body of the request, you can specify upload options for single-use or authenticated-only downloads via query strings in the url. like:

curl -H"Authentication: <token>" http://localhost:8080?single=true&private=true --data-binary @somefile.png

auth tokens

On first start, the application will output it's first admin token in the logs. keep this somewhere safe.

You can use the initial admin tokens to create new user and admin tokens.

Authentication can be done via the following:

  1. the header: Authentication: <password>
  2. the header: Authorization: bearer <password>
  3. basic auth: you'll need to base64 decode the token to get the basic auth credentials.
  4. the ?token= url query string

user actions

  • DELETE <basepath>/file.ext manually removes a file, users can only remove their own files, admins can remove all files.
  • GET <basepath>/files lists files you have uploaded. appending ?json will print the response in json format.

admin actions

holders of admin keys can interact with the server with the following methods:

  • GET <basepath>/users lists all users, their creation timestamp, and a boolean for if they are admin. appending ?json will print the result in json format
  • PUT <basepath>/users/<name> creates a new token with the name specified, returns the token's authentication key
  • DELETE <basepath>/users/<name> revokes a token
  • GET <basepath>/files?all lists all files from all users.