forceu / gokapi Goto Github PK
View Code? Open in Web Editor NEWLightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported.
License: GNU Affero General Public License v3.0
Lightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported.
License: GNU Affero General Public License v3.0
It would be really helpful if AWS S3 could be used as the storage backend for this.
From what I can tell you either need to provide an allowedDownloads
value when uploading via the add
API or it will default to the last value from the web interface. Though the web interface you can turn off the allowed downloads to allow unlimited downloads, but you can't do the same thing through the API.
Could allowedDownloads
take a value like 0
or -1
to indicate unlimited downloads?
I stood up your docker container with the following environment variables via the following docker-compose. From there I tried generating an api key and using python requests, the built in api test, and your curl example to upload a file. All of which resulted in default values being used and a file being accessible with 1 download and no password prompt at all.
version: '3.9'
services:
gokapi:
build:
context: .
dockerfile: "Dockerfile"
- GOKAPI_AWS_BUCKET=X
- GOKAPI_AWS_KEY=Y
- GOKAPI_AWS_KEY_SECRET=Z
- GOKAPI_AWS_REGION=us-west-2
- GOKAPI_DISABLE_LOGIN=false
- GOKAPI_EXTERNAL_URL=https://files.poisoned.site
- GOKAPI_LOCALHOST=false
- GOKAPI_PASSWORD=J
- GOKAPI_PORT=8080
- GOKAPI_REDIRECT_URL=https://www.poisoned.site
- GOKAPI_SALT_FILES=true
- GOKAPI_USERNAME=admin
- GOKAPI_USE_SSL=false
- GOKAPI_MAX_FILESIZE=2048
ports:
- "8080:8080"
Here is my curl test. Notice I specify 8 downloads and it returns with 1 download remaining.
$ curl -X POST "http://files.poisoned.site:8080/api/files/add" -H "accept: application/json" -H "apikey: S5U2jWeG5KuCvEJcX5hap3kiw0vXe8" -H "Content-Type: multipart/form-data" -F "allowedDownloads=8" -F "expiryDays=5" -F "password=abc123" -F "[email protected]"
{"Result":"OK","FileInfo":{"Id":"G8GyfnrIe7CVvrY","Name":"go.sum","Size":"4.9 kB","SHA256":"fad229ca87506edfb269ec58495b4b1729752d14","ExpireAt":1640299509,"ExpireAtString":"2021-12-23 22:45","DownloadsRemaining":1,"PasswordHash":"","HotlinkId":"","ContentType":"application/octet-stream","AwsBucket":"gokapi-s3"},"Url":"https://files.poisoned.site/d?id=","HotlinkUrl":"https://files.poisoned.site/hotlink/"}%
I made a python requests thing that does the same thing:
$ ./gclient.py -v upload -g http://files.poisoned.site:8080 -k Z -p abcd1234 -f go.mod
Namespace(verbose=True, command='upload', file='go.mod', key='S5U2jWeG5KuCvEJcX5hap3kiw0vXe8', ghost='http://files.poisoned.site:8080', days=1, clicks=7, password='abcd1234')
go.mod
DEBUG: http://files.poisoned.site:8080/api/files/add
DEBUG: Z
DEBUG: HEADERS
DEBUG: {'accept': 'application/json', 'apikey': 'Z'}
DEBUG: FILES
DEBUG: {'allowedDownloads': 7, 'expiryDays': 1, 'password': 'abcd1234', 'file': ('go.mod', <_io.BufferedReader name='go.mod'>)}
================
External Links
================
File_URL: https://files.poisoned.site/d?id=eyjbVnCkBmuuEbo
Direct_download: https://files.poisoned.site/downloadFile?id=eyjbVnCkBmuuEbo
================
Internal Links
================
File_URL: https://localhost:8080/d?id=eyjbVnCkBmuuEbo
Direct_download: https://localhost:8080/downloadFile?id=eyjbVnCkBmuuEbo
The same is true for the internal apidocumentation/ link as well.
Hello sir, I face a problem, when I deploy your elegant App on my VPS, I found this question, when I upload some file to gokapi app, I always face a error: "Server respond with a 404 error code", I check alll my settings, but I can not found the cause;
platform: debian 10 + docker 19.03.12;
web server: caddy v2.1.1
reverse proxy set:
route /gokapi/* {
uri strip_prefix /gokapi
reverse_proxy 127.0.0.1:53842
}
I can viste the web page normally, but only when I upload file, the error appear;
If you need more log, please tell me, thank you very much, thank you for your elegant app;
In the future the Json output for the file object should be better:
Reported by @acourter27 in #49
This tool is awesome and mostly works for me. During uploading a larger file I noticed, my docker system almost running out of space.
I have set the data dir to a folder on my docker host, so this is unexpected.
Only after fully uploading the file, does it get transfered from within the docker container to that external folder.
Hi, would it be possible to add a fourth button to be able to copy the direct link to a non image file? This would make it easier to download files in a console. I currently create the link manually with https://host.tld/downloadFile?id=<ID>
.
It does not necessarily have to be another button, but a possibility in general to copy the above link in the frontend. On that note, you could also add DownloadUrl
to the json response when uploading via the api, so custom upload scripts can use it as well.
Would be cool to have a config option, to let everybody who knows the url upload files. Maybe with a maximum file size.
So the admin can upload unlimited files and delete files and everybody else can uplaod files up to x MB.
I'd like to have the option of seeing the IP addresses / User-Agents / etc of users who downloaded files. Thanks
Hi. I just ran gokapi on a Debian 10 box with apache already installed and it works fine when using the internal IP address to connect, however, when I use my domain to try and connect to it, it changes my connection from being an HTTP connection to an HTTPS connection and FireFox throws the error: SSL_ERROR_RX_RECORD_TOO_LONG
I'm not sure whats wrong here, as it runs perfectly fine when using my internal IP, however, this defeats the purpose of using it to share files with others. All of the settings are default except it is not bound only to localhost and I'm not using a reverse proxy. Port 53842 is port forwarded.
Item | description |
---|---|
gokapi |
Ver: 1.5.1 |
Host | Linux amd64 |
file | current permission | should be |
---|---|---|
./config/ssl.crt |
700 | 600 |
./config/ssl.key |
700 | 600 |
./data/filestorage.db/meta.json |
700 | 600 |
./data/log.txt
as well uploaded blobs (filenames as hashes) should have permissions 600 instead of 644
Hi,
I'm trying run gokapi in docker on Synology NAS and neither after maybe tens attempts i'm don't have any success.
Can you help me with settings please?
I'm runnig many other containers but with this....i don't know.
My container minimal settings:
{ "cap_add" : null, "cap_drop" : null, "cmd" : "/app/gokapi", "cpu_priority" : 50, "devices" : null, "enable_publish_all_ports" : false, "enable_restart_policy" : false, "enabled" : true, "env_variables" : [ { "key" : "PATH", "value" : "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" }, { "key" : "GOKAPI_PASSWORD", "value" : "xxxxxxxxxxxxxxxxxx" }, { "key" : "GOKAPI_USERNAME", "value" : "myName" } ], "exporting" : false, "id" : "2379bc3ac01d530858f539bc131313d61cf54dbe0ea20b90694e015ad338875f", "image" : "f0rc3/gokapi:latest", "is_ddsm" : false, "is_package" : false, "links" : [], "memory_limit" : 0, "name" : "f0rc3-gokapi1", "network" : [ { "driver" : "bridge", "name" : "bridge" } ], "network_mode" : "bridge", "port_bindings" : [ { "container_port" : 53842, "host_port" : 0, "type" : "tcp" } ], "privileged" : false, "shortcut" : { "enable_shortcut" : false }, "use_host_network" : false, "volume_bindings" : [] }
Sorry for my bad eglish.
It's already possible to upload images in batches, but each image is saved as its own upload.
Would be great if they could be saved together and displayed on one page.
Hi, I was tryting to setup gokapi with docker-compose, but wasn't able to get everything up and running. Starting with docker-compose works fine and it creates a config file, but trying to access gokapi from a different machine does not work at all. Trying to access it with curl on the machine its running on does not work (curl: (7) Failed to connect to 127.0.0.1 port 8084: Verbindungsaufbau abgelehnt
).
I then tried to run everything with the provided command from the readme with docker run -it -v /home/gokapi/data:/app/data -v /home/gokapi/config:/app/config -p 8084:53842 f0rc3/gokapi:latest
with the same result. Config file is the same both ways but I cannot access the sever, neither with an apache reverse proxy nor with ip:port (or on the machine itself). I also tried to run gokapi with the default ports, but same result again.
Additionally I saw, the LengthId
in the config is always 0, despite me setting it in the environment. The created config will never use use my value or the default 15. This happens with both docker run... and docker-compose btw.
Am I missing something?
docker-compose.yml:
version: "3"
services:
gokapi:
image: f0rc3/gokapi:latest
container_name: gokapi
restart: unless-stopped
environment:
- GOKAPI_USERNAME=Jisagi
- GOKAPI_PASSWORD=XXXXXX
- GOKAPI_LENGTH_ID=20
ports:
- "8084:53842"
volumes:
- /home/gokapi/data:/app/data
- /home/gokapi/config:/app/config
created config:
{
"Port": "127.0.0.1:53842",
"AdminName": "Jisagi",
"AdminPassword": "XXXXXXXXXXXXXXXXX",
"ServerUrl": "http://127.0.0.1:53842/",
"DefaultDownloads": 1,
"DefaultExpiry": 14,
"DefaultPassword": "",
"RedirectUrl": "https://github.com/Forceu/Gokapi/",
"Sessions": {},
"Files": {},
"Hotlinks": {},
"ConfigVersion": 4,
"SaltAdmin": "zsYecQPNEbPxhInpa62nOvWrICDyVCfoDOxotOW",
"SaltFiles": "2z8CH4B6mkE3YoVHcXLUUg1j8lcVEuNclFe6Umq9",
"LengthId": 0,
"DataDir": "data"
}
Hello.
Storing files and sessions inside config is not great idea for several reasons:
What do you think about adding new backend. Sqlite will be the simplest one, which can be used for existing configs, mostly, inplace (for example, another .sqlite
file in config folder). Also supporting sqlite may lead to supporting normal DBs like Postrgres or MariaDB.
Benefits:
What do you think? I also can help with this if you wish.
Regards.
I might be too dumb and not understand but it would be great if instead of creating a user and static credentials to instead allow inheriting ephemeral credentials from an I am profile from an ec2 instance. Sorry if this is already possible. I tried to figure this out and couldn't get it to work.
My system is configured to use an S3 bucket. When I press "delete", it deletes the file from S3 without an issue, but if the file is downloaded it doesn't automatically delete.
Is there a configuration piece I missed, or is this a bug with the AWS configuration?
It would be quite helpful if I could see the number of downloads for files without download limits. Since just putting the number of downloads into the "Downloads remaining" column wouldn't make much sense, I was thinking that a sensable change would be to rename the column to something like "Downloads/Limit" and change each row to "x/limit" for files with download restrictions or "x/Unlimited" for files without restrictions. Thank you!
If you are running 1.5.X and use the encryption feature, all encrypted files will not be able to download after rerunning the setup. Please refrain from changing the configuration if you have encrypted files, backup your files first or update to the latest dev image.
To reproduce:
cipher: message authentication failed
)Would it be possible to change that the Docker container runs as root in case of container escapes?
I gave it a quick try to run it as nobody, but the setup fails to complete and logs show:
"http: panic serving my_ip:61273: mkdir config: permission denied"
When trying to use a hotlink URL after the file has been deleted from the server (max download 1), it shows a page of this:
If you use the regular file URL for the same file, it redirects to /error with "Sorry, this file cannot be found. Either the link has expired or it has been downloaded already".
It'd be cool to be able to create a temporary "upload zone" or "drop zone" link that you could send to someone and have them upload a file. Ideally you'd still be able to set the criteria up front (days, downloads, password) so that the user couldn't change them.
That way, you could send a link to someone, have them drop a file, but you're the only one who knows the password so only you can receive the file. That would still keep the system secure and not open, but would allow a quick way for someone to send you a file.
I'm using docker. When I run this:
sudo docker run -v gokapi-data:/app/data -v gokapi-config:/app/config -p 53842:53842 f0rc3/gokapi:latest
it gives me the setup & and I can walk through it. However, when it asks me to pick the storage location, Cloud isn't an option because I didn't build it with that?
I was able to run this instead to build it with the cloud part set up:
sudo docker run -d --restart always -it -v gokapi-data:/app/data -v gokapi-config:/app/config -p 53842:53842
-e GOKAPI_AWS_BUCKET={hiddenBucketName}
-e GOKAPI_AWS_REGION=us-west-2
-e GOKAPI_AWS_KEY={hiddenKey}
-e GOKAPI_AWS_KEY_SECRET={hiddenSecretKey}
f0rc3/gokapi:latest
That boots everything up and lets me upload files. The files go into my S3 bucket. But, I can't download them. I set the CORS value to:
[
{
"AllowedHeaders": [
""
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"HEAD"
],
"AllowedOrigins": [
"https://{domain}",
"https://{domain}/"
],
"ExposeHeaders": []
}
]
But when I try to download, the button just turns dark grey and nothing happens.
When running Gokapi v1.3.1
using Docker template customization according to the documentation is broken. Browsing the login page works fine (and changes are visible), but when attempting login an error is thrown.
cp -r Gokapi/internal/webserver/web/templates .
templates/data/templates/string_constants.tmpl
docker-compose.yml
:version: '3.7'
services:
gokapi:
image: f0rc3/gokapi:latest
container_name: gokapi
ports:
- 53842:53842
environment:
- GOKAPI_USERNAME=admin
- GOKAPI_PASSWORD=admin
volumes:
- ./data:/app/data
- ./config:/app/config
- ./templates:/app/templates
gokapi | 2022/01/24 10:48:39 http: panic serving x.x.x.x:XXXX: template: html_header.tmpl:48:18: executing "header" at <.IsLogoutAvailable>: can't evaluate field IsLogoutAvailable in type *webserver.UploadView
gokapi | goroutine 41 [running]:
gokapi | net/http.(*conn).serve.func1(0xc000308500)
gokapi | /usr/local/go/src/net/http/server.go:1824 +0x153
gokapi | panic(0xb2f080, 0xc00032a180)
gokapi | /usr/local/go/src/runtime/panic.go:971 +0x499
gokapi | Gokapi/internal/helper.Check(...)
gokapi | /compile/internal/helper/OS.go:61
gokapi | Gokapi/internal/webserver.showAdminMenu(0x17bf070, 0xc000348380, 0xc000336600)
gokapi | /compile/internal/webserver/Webserver.go:335 +0x14a
gokapi | net/http.HandlerFunc.ServeHTTP(0x1689a18, 0x17bf070, 0xc000348380, 0xc000336600)
gokapi | /usr/local/go/src/net/http/server.go:2069 +0x44
gokapi | net/http.(*ServeMux).ServeHTTP(0x1b3f6e0, 0x17bf070, 0xc000348380, 0xc000336600)
gokapi | /usr/local/go/src/net/http/server.go:2448 +0x1ad
gokapi | net/http.serverHandler.ServeHTTP(0xc0002a2000, 0x17bf070, 0xc000348380, 0xc000336600)
gokapi | /usr/local/go/src/net/http/server.go:2887 +0xa3
gokapi | net/http.(*conn).serve(0xc000308500, 0x17c1dc0, 0xc000320480)
gokapi | /usr/local/go/src/net/http/server.go:1952 +0x8cd
gokapi | created by net/http.(*Server).Serve
gokapi | /usr/local/go/src/net/http/server.go:3013 +0x39b
I am using the latest-dev branch as I needed passwords to work through the API. When I tried to customize the pages, I copied the templates folder to my own location. After loading the container with the local templates folder, the API link on the admin page would lead to an error 403.
In the templates folder, I found out the issue is that in the file html_header.tmpl, the link for the API goes to ./api. It should be linking to ./apiKeys. It was an easy fix but still something I wanted to bring to your attention.
The url /logout
already works, however in the admin menu there should be a logout button in the top right corner. This could be integrated with a hamburger menu for API access (#6)
I am not very experienced with HTML/CSS, if anyone is able to add a button and still having the title centered, I would appreciate a PR! :)
I'm running Gokapi behind Authentik, so only logged-in users can access it.
Users need to know the admin username/password if they want to upload files. Could I disable authentication or use basic-auth (user/password JS prompt) or header based authentication to login as admin?
Hello,
it would be very nice to have the possibilites to add new user that can access the admin board
And : remove a user, edit user passwords could be cool too
Thanks !
Performing the initial startup of the Docker image, it appears that it expects a configuration file to already exist or it is prompting the user, but with Docker we don't have that prompt presented.
Might just be a documentation update to show to do that.
Would it be possible to set maybe 0 as either/both download limit / expiry date, or would that break the idea of the project too much? Not knowing the possible downloads would be possible use case. As alternative to no expiry date, a datepicker like selection for expiry date would be a neat idea as well.
On another note, is it intended, that a changed download/expiry will also be written to the config?
Would prevent time outs and solve the 100MB limit for cloudflare
Trying to install Gokapi in docker on an oracle ampere server I get the following error (as usual on arm64...):
docker: no matching manifest for linux/arm64/v8 in the manifest list entries.
Any workarround?
Currently, Gokapi requires a 4 character minimum username. Can this be decreased to 3 or less?
"Username needs to be at least 4 characters long".
Thanks!
If you experience this problem, please switch back to the original remote storage with --reconfigure
and delete the files first.
Hi, it would be nice to have a TOTP secret in the admin so the user has to enter the correct 6-digit code to download the file.
MeshCentral has an Assistant feature which allows users to download a file that connects to your server so you can connect to their computer for assistance. The process to invitee a user to download and run the software is not intuitive. Also, as a personal preference, I don't want to host the file in the same system that the agent connects to.
Ideally, if they go to help.example.com
, they can see a general help page with instructions for downloading/running the agent. When they click the link, it will take them to Gokapi at which point it will ask for a static password. Since this password never changes, anyone with the password can revisit the page and download the software. If the password rotates, like with TOTP, they won't know the code to download the software. A rotating password also helps protect against brute force.
Would be useful to either copypaste text or at least show text files content.
Sort of what linx-server does.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.