kissen / fmajor Goto Github PK

Currently, anyone with access to an instance of fmajor can upload and delete files. It would be nice if only certain authorized users could upload and delete files.

• Introduce some kind of passphrase required for uploading and deleting.
• fmajor is for small-scale installations. It's okay if there is only one password. It's also okay to just store the password hash in the fmajor.conf.
• Remember authentication status in a cookie so admins don't have to type in their credentials all the time.
• Anyone with access to the instance could still download and see all files. However they could not upload files.

Such a feature would remove the need for basic authentication on all installations and enable users to share files with other untrusted users.

Would it be possible for this to support a user/pass auth system for logging in with isolated files for each user account?

I've been trying to find a file/image/video/upload/host/manager in Go but I have not been able to find one that allows for permanent uploads with multiple users. Most are temporary file uploaders, multiple user upload but no way to view a list of uploads, or a single user with a manage page.

Would this be possible to consider? Everybody is making pomf clones but nobody is making Puush clones.

Currently, the way we infer the content type of uploads is pretty curde, it's done by file extension. Instead we should do the following.

• During upload actually look at file headers to decide on a content type.
• Set the download property on the file download links except maybe for images, videos and PDFs. In particular, we shouldn't serve HTML document as-is; displayed in the browser they could steal cookies.