.github/workflows | ||
dist | ||
exifscrubber | ||
extdetect | ||
fileexpiration | ||
fixtures | ||
.gitignore | ||
Caddyfile.example | ||
config.go | ||
config_test.go | ||
docker-compose.yml | ||
Dockerfile | ||
example.conf | ||
go.mod | ||
go.sum | ||
LICENSE | ||
Makefile | ||
README.md | ||
README.original | ||
uploadhandler.go | ||
yaf.go |
yaf - Yet Another (Temporary) Fileshare
yaf is a simple Go program to handle file uploads. If you also want to serve the uploaded files, consider a web server like nginx.
Installation with docker-compose and local build
Clone the directory:
git clone https://github.com/nouryxd/yaf.git
Run tests (optional):
go test
Manual Installation
Clone the directory:
git clone https://github.com/nouryxd/yaf.git
Build the executable:
go build
Run tests (optional):
go test
If you plan on using a systemd service or another init system, you might want to move the yaf
executable to a different directory (e.g. /opt
) at this point; you know your setup best.
Configuration
yaf
There are just a few parameters that need to be configured for yaf.
Refer to the example.conf
file:
Port: 4711
# a comment
LinkPrefix: https://yaf.example.com/
FileDir: /var/www/yaf/
LinkLength: 5
ScrubExif: true
# Both IDs also refer to the "Orientation" tag, included for illustrative purposes only
ExifAllowedIds: 0x0112 274
ExifAllowedPaths: IFD/Orientation
ExifAbortOnError: true
FileExpiration: false
Option | Use |
---|---|
Port |
the port number yaf will listen on |
LinkPrefix |
a string that will be prepended to the file name generated by yaf |
FileDir |
path to the directory yaf will save uploaded files in. if using docker-compose needs to be the same as the target mount point (the right side) |
LinkLength |
the number of characters the generated file name is allowed to have |
ScrubExif |
whether to remove EXIF tags from uploaded JPEG and PNG images (true or false ) |
ExifAllowedIds |
a space-separated list of EXIF tag IDs that should be preserved through EXIF scrubbing (only relevant if ScrubExif is true ) |
ExifAllowedPaths |
a space-separated list of EXIF tag paths that should be preserved through EXIF scrubbing (only relevant if ScrubExif is true ) |
ExifAbortOnError |
whether to abort JPEG and PNG uploads if an error occurs during EXIF scrubbing (only relevant if ScrubExif is true ) |
FileExpiration |
whether to automatically remove files after a given time or not (true or false ) |
Make sure the user running yaf has suitable permissions to read, and write to, FileDir
.
Also note that LinkLength
directly relates to the number of files that can be saved.
Since yaf only uses alphanumeric characters for file name generation, a maximum of (26 + 26 + 10)^LinkLength
names can be generated.
A Note on EXIF Scrubbing
EXIF scrubbing can be enabled via the ScrubExif
config key.
When enabled, all standard EXIF tags are removed on uploaded JPEG and PNG images per default.
It is meant as a last-line "defense mechanism" against leaking PII, such as GPS information on pictures.
If possible, you should always prefer disabling capturing potentially sensitive EXIF tags when creating the images!
Obviously, EXIF tags serve a purpose and you may want to keep some of the information, e.g., image orientation.
The ExifAllowedIds
and ExifAllowedPaths
config keys can be used to selectively allow specific tags to survive the scrubbing.
The IDs for standard tags can be found in 1.
You may specify tag IDs in decimal and hexadecimal notation.
(In the latter case, the ID must start with 0x
.)
The path specification for ExifAllowedPaths
relies on the format implemented in go-exif
which is "documented" in machine-readable format in 2.
Multiple paths can be specified, separated by a space.
The path format is as follows:
-
For tags in the main section:
IFD/<GroupName>/<FieldName>
. Examples:IFD/Orientation
,IFD/Exif/Flash
,IFD/GPSInfo/GPSTimeStamp
. You will probably want to use both 1 and 2 in combination if you plan to specify allowed tags by path. -
Tags in the thumbnail section follow the same format but paths start with
IFD1/
instead ofIFD
.
nginx
If you use a reverse-proxy to forward requests to yaf, make sure to correctly forward the original request headers.
For nginx, this is achieved via the proxy_pass_request_headers on;
option.
If you want to limit access to yaf (e.g. require basic authentication), you will also need to do this via your reverse-proxy.
caddy
I provided a Caddyfile.example
for you that should be pretty self explanatory. Copy the contents to your own Caddyfile
and be sure to move the contents of the dist
folder to your file directory so you can enjoy the really pretty high quality frontend page.
yaf.example.com {
root * /path/to/filedir/
file_server
reverse_proxy /upload localhost:4711
reverse_proxy /uploadweb localhost:4711
}
Running
Manually
After adjusting the configuration file to your needs, run:
yaf -configFile yaf.conf
Of course, you can also write a init system script to handle this for you.
Running from docker-compose
Copy configuration file and fill it in:
cp example.conf yaf.conf
Configure the docker-compose.yml
volume paths:
vim docker-compose.yml
Build the local docker file:
make build
Run the local docker file with docker-compose:
make run
Running from Docker
Building the Docker image and running it locally
docker build -t yaf .
docker run \
-p 4711:4711 \
-v /path/to/your/yaf.conf:/app/yaf.conf \
-v /path/to/local/filedir:/var/www/yaf \
yaf
Port 4711 is the default port for the server in example.conf
, if you've changed this in your config you'll need to change this in the docker run
invocations above too.
The above runs forwards the yaf port from 4711 in the container to 4711 on your local system.
Usage
You can use yaf with any application that can send POST requests (e.g. ShareX/ShareNix or just curl
).
Make sure the file you want to upload is attached as a multipart/form-data
field named file
.
In curl
, a request to upload the file /home/alice/foo.txt
could look like this:
curl -L -F "file=@/home/alice/foo.txt" yaf.example.com/upload
The response will include a link to the newly uploaded content. Note that you may have to add additional header fields to the request, e.g. if you have basic authentication enabled.