ZFile/README.md

# FileZ

Drive-like app with Go backend + Bun/React frontend.

## What is implemented

- Public registration disabled
- Admin-only account creation from web admin panel
- Admin credentials loaded from root `/.env` (`ADMIN_PASSWORD_HASH`)
- Secure auth: Argon2id password hashing, short-lived JWT access cookie, rotating hashed refresh tokens
- Per-account data isolation in user-specific roots
- File manager with upload, folder create, delete, preview, download
- Folder download as archive (ZIP by default, optional RAR)
- Markdown editor with live preview (`.md`, `.markdown`)
- In-app image/video preview dialog
- Resumable downloads via HTTP Range (`Accept-Ranges: bytes`)
- Expiring share links with optional max download count
- Programmer color schemes per user: `dracula|nord|monokai|solarized|github` + `light|dark|auto`
- Separate Web UI URLs: `/drive` (files) and `/admin` (admin)
- Landing page at `/`
- UI uses Radix-based components (shadcn-style wrappers)
- Auto language detection with English/Russian translations
- SMB path info exposed so users can connect with built-in OS SMB clients
- Optional SMB backend storage mode

## Task-style commands

Run from repository root:

```bash
npx --yes concurrently -n setup-backend,setup-frontend "cd backend && go mod tidy" "cd frontend && bun install"
```

Start both API and Web UI:

```bash
cd frontend && bun run dev:full
```

Build checks:

```bash
npx --yes concurrently -n build-api,build-web "cd backend && go build ./..." "cd frontend && bun run build"
```

Open URLs:

- `https://file.example.com/`
- `https://file.example.com/drive`
- `https://file.example.com/admin`

## Docker (no nginx)

This stack does not run nginx. Frontend is served by Bun (`vite preview`) and backend is Go.
All container runtime images are Alpine-based where possible.

Edit ports in root `/.env`:

- `APP_HOST_PORT`
- `APP_INTERNAL_PORT`
- `BACKEND_HOST_PORT`
- `BACKEND_INTERNAL_PORT`
- `FRONTEND_HOST_PORT`
- `FRONTEND_INTERNAL_PORT`

Use default app/backend config from root `/.env`.

Build and start:

```bash
make up
```

Run attached (foreground logs):

```bash
make run-all
```

Run locally without Docker (backend + frontend dev):

```bash
make run-local
```

Build and start as a single container (single binary backend with embedded frontend):

```bash
docker compose --profile single up -d --build
```

Stop:

```bash
make down
```

## Single binary build (local)

Build one Linux binary that includes backend + frontend assets:

```bash
make build-all
```

Output binary:

- `dist/driveflow-allinone`

## Backend env

Defaults are already provided in root `/.env`.

Important values:

- `ADMIN_LOGIN`
- `ADMIN_PASSWORD_HASH`
- `JWT_SECRET`
- `DB_PATH`
- `STORAGE_ROOT`
- `ALLOWED_HOST`
- `CORS_ALLOWED_ORIGIN`
- `APP_DOMAIN`
- `MAX_BODY_MB`
- `RATE_LIMIT_PER_MIN`
- `AUTH_RATE_LIMIT_PER_MIN`

Generate admin hash:

```bash
cd backend && go run . hash-admin "your-strong-password"
```

Host/CORS policy:

- Requests are allowed only when host matches `ALLOWED_HOST` (example: `file.example.com`)
- CORS allows only `CORS_ALLOWED_ORIGIN`
- If `ALLOWED_HOST`/`CORS_ALLOWED_ORIGIN` are empty, backend derives them from `APP_DOMAIN`

API security hardening:

- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Request body size limits for non-upload API endpoints
- Built-in per-IP rate limiting (general and stricter auth limits)
- Panic recovery middleware

Folder archive notes:

- User can choose archive format in UI Settings modal
- `ZIP` works out of the box
- `TAR.GZ` works out of the box
- `RAR` requires `rar` binary installed on the backend host/container
- `LZ4` requires `lz4` binary installed on the backend host/container

File tags:

- Users can assign tags to files/folders directly in Drive
- Tags are stored per-user and can be used as a sidebar filter

Optional SMB backend mode (only if you want backend itself to store files over SMB):

- `STORAGE_BACKEND=smb`
- `SMB_HOST`, `SMB_SHARE`, `SMB_USER`, `SMB_PASS`, `SMB_DOMAIN`, `SMB_BASE_PATH`