# FileZ Drive-like app with Go backend + Bun/React frontend. ## What is implemented - Public registration disabled - Admin-only account creation from web admin panel - Admin credentials loaded from root `/.env` (`ADMIN_PASSWORD_HASH`) - Secure auth: Argon2id password hashing, short-lived JWT access cookie, rotating hashed refresh tokens - Per-account data isolation in user-specific roots - File manager with upload, folder create, delete, preview, download - Folder download as archive (ZIP by default, optional RAR) - Markdown editor with live preview (`.md`, `.markdown`) - In-app image/video preview dialog - Resumable downloads via HTTP Range (`Accept-Ranges: bytes`) - Expiring share links with optional max download count - Programmer color schemes per user: `dracula|nord|monokai|solarized|github` + `light|dark|auto` - Separate Web UI URLs: `/drive` (files) and `/admin` (admin) - Landing page at `/` - UI uses Radix-based components (shadcn-style wrappers) - Auto language detection with English/Russian translations - SMB path info exposed so users can connect with built-in OS SMB clients - Optional SMB backend storage mode ## Task-style commands Run from repository root: ```bash npx --yes concurrently -n setup-backend,setup-frontend "cd backend && go mod tidy" "cd frontend && bun install" ``` Start both API and Web UI: ```bash cd frontend && bun run dev:full ``` Build checks: ```bash npx --yes concurrently -n build-api,build-web "cd backend && go build ./..." "cd frontend && bun run build" ``` Open URLs: - `https://file.example.com/` - `https://file.example.com/drive` - `https://file.example.com/admin` ## Docker (no nginx) This stack does not run nginx. Frontend is served by Bun (`vite preview`) and backend is Go. All container runtime images are Alpine-based where possible. Edit ports in root `/.env`: - `APP_HOST_PORT` - `APP_INTERNAL_PORT` - `BACKEND_HOST_PORT` - `BACKEND_INTERNAL_PORT` - `FRONTEND_HOST_PORT` - `FRONTEND_INTERNAL_PORT` Use default app/backend config from root `/.env`. Build and start: ```bash make up ``` Run attached (foreground logs): ```bash make run-all ``` Run locally without Docker (backend + frontend dev): ```bash make run-local ``` Build and start as a single container (single binary backend with embedded frontend): ```bash docker compose --profile single up -d --build ``` Stop: ```bash make down ``` ## Single binary build (local) Build one Linux binary that includes backend + frontend assets: ```bash make build-all ``` Output binary: - `dist/driveflow-allinone` ## Backend env Defaults are already provided in root `/.env`. Important values: - `ADMIN_LOGIN` - `ADMIN_PASSWORD_HASH` - `JWT_SECRET` - `DB_PATH` - `STORAGE_ROOT` - `ALLOWED_HOST` - `CORS_ALLOWED_ORIGIN` - `APP_DOMAIN` - `MAX_BODY_MB` - `RATE_LIMIT_PER_MIN` - `AUTH_RATE_LIMIT_PER_MIN` Generate admin hash: ```bash cd backend && go run . hash-admin "your-strong-password" ``` Host/CORS policy: - Requests are allowed only when host matches `ALLOWED_HOST` (example: `file.example.com`) - CORS allows only `CORS_ALLOWED_ORIGIN` - If `ALLOWED_HOST`/`CORS_ALLOWED_ORIGIN` are empty, backend derives them from `APP_DOMAIN` API security hardening: - Security headers (CSP, HSTS, X-Frame-Options, etc.) - Request body size limits for non-upload API endpoints - Built-in per-IP rate limiting (general and stricter auth limits) - Panic recovery middleware Folder archive notes: - User can choose archive format in UI Settings modal - `ZIP` works out of the box - `TAR.GZ` works out of the box - `RAR` requires `rar` binary installed on the backend host/container - `LZ4` requires `lz4` binary installed on the backend host/container File tags: - Users can assign tags to files/folders directly in Drive - Tags are stored per-user and can be used as a sidebar filter Optional SMB backend mode (only if you want backend itself to store files over SMB): - `STORAGE_BACKEND=smb` - `SMB_HOST`, `SMB_SHARE`, `SMB_USER`, `SMB_PASS`, `SMB_DOMAIN`, `SMB_BASE_PATH`