1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
Shareit
#######
Description
===========
When you want to share a file by e-mail or on a chat conversation, and the
file is relatively big, the file might be refused or it might just be
impractical.
Shareit is a simple webpage allowing one to store a file for some time (10
days by default) and create a url to share. Recipients just have to download
the file from the created url.
This service supports resume, useful for big files.
Created urls have the following form:
https://shareit.exemple.com/download/90580754da3ed1b3e4be38c9b277bc9b
No real security is implemented, it is a quick and dirty hack.
Access restriction might be done on the server configuration side. For
example, you might want to restrict people to send files to the server to
prevent abuse of service, or preventing the share of illegal content, but
allowing unauthentified download.
The `doc` directory contains example of configuration you can use to deploy
the service. The `scripts` directory contains example client scripts to ease
the use of service and pass authentication with a netrc file.
Installation
============
The shareit service might be run in development mode by simply calling it
inside shareit directory:
cd sharit && ./shareit.py
The service can be run as a python wsgi service. I tested it under uwsgi.
Limitations
===========
Hashes are currently md5 of the content of the file:
- It is possible to change the file content but having its md5 unchanged. This
can be used to maliciously put a compromised file in place of the original
one.
- It is possible to change the file name by just downloading the file, and
reuploading it with another name.
Both risks can be mitigated by protecting upload side with a password in the
webserver configuration.
It is possible to do better, but my instance has its upload side protected by
a password, thus I'm not in a hurry and I'm open to pull requests if you have
suggestions.
License
=======
Unless specified otherwise, this project is licensed under the terms of the
GNU General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version. You
should have received a copy of the GNU General Public License along with this
program. If not, see <https://opensource.org/licenses/GPL-3.0> or
<http://www.gnu.org/licenses/>.
SPDX-License-Identifier: GPL-3.0+
Copyright © 2018 vg <vgm+dev@devys.org>
Contact
=======
developer
vg
mail
vgm+dev@devys.org
|
