aboutsummaryrefslogtreecommitdiffstats

Shareit

Description

When you want to share a file by e-mail or on a chat conversation, and the file is relatively big, the file might be refused or it might just be impractical.

Shareit is a simple webpage allowing one to store a file for some time (10 days by default) and create a url to share. Recipients just have to download the file from the created url.

This service supports resume, useful for big files.

Created urls have the following form:

https://shareit.exemple.com/download/90580754da3ed1b3e4be38c9b277bc9b

No real security is implemented, it is a quick and dirty hack.

Access restriction might be done on the server configuration side. For example, you might want to restrict people to send files to the server to prevent abuse of service, or preventing the share of illegal content, but allowing unauthentified download.

The doc directory contains example of configuration you can use to deploy the service. The scripts directory contains example client scripts to ease the use of service and pass authentication with a netrc file.

Installation

The shareit service might be run in development mode by simply calling it inside shareit directory:

cd sharit && ./shareit.py

The service can be run as a python wsgi service. I tested it under uwsgi.

Limitations

Hashes are currently md5 of the content of the file:

  • It is possible to change the file content but having its md5 unchanged. This can be used to maliciously put a compromised file in place of the original one.
  • It is possible to change the file name by just downloading the file, and reuploading it with another name.

Both risks can be mitigated by protecting upload side with a password in the webserver configuration.

It is possible to do better, but my instance has its upload side protected by a password, thus I'm not in a hurry and I'm open to pull requests if you have suggestions.

License

Unless specified otherwise, this project is licensed under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. You should have received a copy of the GNU General Public License along with this program. If not, see <https://opensource.org/licenses/GPL-3.0> or <http://www.gnu.org/licenses/>.

SPDX-License-Identifier: GPL-3.0+

Copyright © 2018 vg <vgm+dev@devys.org>

Contact

developer
vg
mail
vgm+dev@devys.org