Some feature requests about send HOT 8 CLOSED

Could we make a separate ticket for auth and close this? I'm interested in that too, but there should be one feature request per ticket. So maybe if everything else here has been dealt with, we can close this? Otherwise, please open separate ticket for those too. Then we can close this. Thanks!

Please post the new ticket links here when done.

from send.

Authentication can be applied in some form using Basic HTTP authentication through a reverse proxy in front of a Send instance.

I tried that and on the desktop version of the site it works, however mobile users are prompted for the password to download, and if they hit cancel, the download works. Then they get offered the option to try uploading. Authentication for the uploader would be really nice to have baked in to the code.

from send.

Done, new issue here #32

from send.

@AliMickey for you or anyone else arriving here via Google, the relevant config options to change the download expiration time are:

# set the global limit enforced by the backend for all CLI/UI/API users
MAX_EXPIRE_SECONDS=315360000

# set the options available in the UI dropdown (first item is the default)
EXPIRE_TIMES_SECONDS=3600,86400,604800,2592000,31536000,157680000

# set the default expiration for CLI/API users
DEFAULT_EXPIRE_SECONDS=157680000

You can see these options, their defaults, and more limit configuration options available here: https://github.com/timvisee/send/blob/master/server/config.js

from send.

Hi there, first of all, thanks for your suggestions.

1. Increase 7 day download limit time to something longer. (1 month perhaps).
   (...)
   I looked at the config file and i can see a max value for the seconds, i can try and help in this area.

I assume you're suggesting this for my public instance (https://send.vis.ee/). I set this to 7 days to limit disk usage and to make it less attractive for malicious intent (in turn preventing DMCAs and such). Note that I pay for hosting myself (with the help of some awesome donators though). I therefore don't have any plans to increase this limit. It is just intended for 'quick sharing' after all.

You may choose to host your own instance though! On your own instance you can set the limits to anything you'd like.

2. Enable video streaming directly through the web if the file is a compatible file.

I'm afraid this is hard to implement with the current decrypting/downloading setup, especially with wide browser support. Sadly, I don't have the time available to make such big changes for this. If there's someone would like to give this a try though, sure, go ahead!

3. Authentication for uploading.

What would you suggest? A password for the upload page, or real account authentication?

Send did have Firefox Account Authentication, but it has been removed because Mozilla does not allow usage of this in third party projects.

Authentication can be applied in some form using Basic HTTP authentication through a reverse proxy in front of a Send instance.

I'm sorry to say that the answer to most of your idea's is a 'no' for now. I hope you understand.

from send.

1. i meant on this repository, im hosting it myself and i can change it. But i mean for others as well. Is the config file only thing i need to change or is there a gui change as well?

2. is understandable, ill look into some solutions for that.

3. i would think a simple password check would be enough. I will look into this as well.

Also my instance works if i access it over direct ip, but going through https on reverse proxy is breaking uploading. Is there something i have to enable on nginx?

from send.

Is the config file only thing i need to change or is there a gui change as well?

You only have to apply the change in the configuration file. In fact, you can change the configuration properties through environment variables. They are listed in the configuration file.

Also my instance works if i access it over direct ip, but going through https on reverse proxy is breaking uploading. Is there something i have to enable on nginx?

I don't think so. Web sockets must be supported for uploading, but I don't think this requires setting anything explicitly. You might want to take a look at this Docker example, which deploys an nginx reverse proxy.

from send.

Yes i think having a simple GUI based password for uploading would be better opposed to http auth.

@timvisee I dont have any experience with the framework/language you are using, but could you point towards the main file where i would need to make the required changes for authentication? I would like to look around, thanks.

from send.