ZFile/README.md

FileZ

Drive-like app with Go backend + Bun/React frontend.

What is implemented

• Public registration disabled
• Admin-only account creation from web admin panel
• Admin credentials loaded from root /.env (ADMIN_PASSWORD_HASH)
• Secure auth: Argon2id password hashing, short-lived JWT access cookie, rotating hashed refresh tokens
• Per-account data isolation in user-specific roots
• File manager with upload, folder create, delete, preview, download
• Folder download as archive (ZIP by default, optional RAR)
• Markdown editor with live preview (.md, .markdown)
• In-app image/video preview dialog
• Resumable downloads via HTTP Range (Accept-Ranges: bytes)
• Expiring share links with optional max download count
• Programmer color schemes per user: dracula|nord|monokai|solarized|github + light|dark|auto
• Separate Web UI URLs: /drive (files) and /admin (admin)
• Landing page at /
• UI uses Radix-based components (shadcn-style wrappers)
• Auto language detection with English/Russian translations
• SMB path info exposed so users can connect with built-in OS SMB clients
• Optional SMB backend storage mode

Task-style commands

Run from repository root:

npx --yes concurrently -n setup-backend,setup-frontend "cd backend && go mod tidy" "cd frontend && bun install"

Start both API and Web UI:

cd frontend && bun run dev:full

Build checks:

npx --yes concurrently -n build-api,build-web "cd backend && go build ./..." "cd frontend && bun run build"

Open URLs:

• https://file.example.com/
• https://file.example.com/drive
• https://file.example.com/admin

Docker (no nginx)

This stack does not run nginx. Frontend is served by Bun (vite preview) and backend is Go. All container runtime images are Alpine-based where possible.

Edit ports in root /.env:

• APP_HOST_PORT
• APP_INTERNAL_PORT
• BACKEND_HOST_PORT
• BACKEND_INTERNAL_PORT
• FRONTEND_HOST_PORT
• FRONTEND_INTERNAL_PORT

Use default app/backend config from root /.env.

Build and start:

make up

Run attached (foreground logs):

make run-all

Run locally without Docker (backend + frontend dev):

make run-local

Build and start as a single container (single binary backend with embedded frontend):

docker compose --profile single up -d --build

Stop:

make down

Single binary build (local)

Build one Linux binary that includes backend + frontend assets:

make build-all

Output binary:

• dist/driveflow-allinone

Backend env

Defaults are already provided in root /.env.

Important values:

• ADMIN_LOGIN
• ADMIN_PASSWORD_HASH
• JWT_SECRET
• DB_PATH
• STORAGE_ROOT
• ALLOWED_HOST
• CORS_ALLOWED_ORIGIN
• APP_DOMAIN
• MAX_BODY_MB
• RATE_LIMIT_PER_MIN
• AUTH_RATE_LIMIT_PER_MIN

Generate admin hash:

cd backend && go run . hash-admin "your-strong-password"

Host/CORS policy:

• Requests are allowed only when host matches ALLOWED_HOST (example: file.example.com)
• CORS allows only CORS_ALLOWED_ORIGIN
• If ALLOWED_HOST/CORS_ALLOWED_ORIGIN are empty, backend derives them from APP_DOMAIN

API security hardening:

• Security headers (CSP, HSTS, X-Frame-Options, etc.)
• Request body size limits for non-upload API endpoints
• Built-in per-IP rate limiting (general and stricter auth limits)
• Panic recovery middleware

Folder archive notes:

• User can choose archive format in UI Settings modal
• ZIP works out of the box
• TAR.GZ works out of the box
• RAR requires rar binary installed on the backend host/container
• LZ4 requires lz4 binary installed on the backend host/container

File tags:

• Users can assign tags to files/folders directly in Drive
• Tags are stored per-user and can be used as a sidebar filter

Optional SMB backend mode (only if you want backend itself to store files over SMB):

• STORAGE_BACKEND=smb
• SMB_HOST, SMB_SHARE, SMB_USER, SMB_PASS, SMB_DOMAIN, SMB_BASE_PATH