1.2.1 • Published 8 years ago

tmpshare v1.2.1

Weekly downloads
1
License
MIT
Repository
-
Last release
8 years ago

tmpshare

Easily share temporary files over http

Like https://transfer.sh/ but with following differences:

  • Shared files are deleted immediately once they are downloaded
  • Files are encrypted on the server and no encryption key is saved on the server

Installation

npm install tmpshare

Usage

Uploads can be done using the buildin form or curl:

$ curl -T file.txt example.com
http://example.com/download/2015-03-29-14-57-a25bd309c8/file.txt#6028503d10954b73ab57e326997bca0b67c5b061

$ curl -F file=@file.txt -F file2=@file2.txt example.com
http://example.com/download/2015-03-29-14-58-bd7dd3cfb3/file.txt#4806f599e6d104b2ab93c709db2c3769d576eb8d
http://example.com/download/2015-03-29-14-58-e600a5b4fa/file2.txt#87fa049560d6b3f4b9fa77d1708dc6b399eb3d4c

Standalone server

tmpshare --port 1234 ./uploads

Express middleware

var app = express();

app.use("/tmp", require("tmpshare")({
    dir: __dirname + "/uploads"
}));

How?

When upload begins an encryption key is generated on the server and the file stream is piped through an encryption transform to the disk. The plain file never touches the disk (unless you use nginx (ticket) or some other proxy which buffers uploads to disk).

After the upload a download URL is generated and the encryption key is put in the fragment identifier. It's put there in order to avoid it appearing in the server request logs when the URL is opened in the browser as fragments are never sent to the server. User is redirected to the URL and the encryption key is discarded.

User is presented with a download form generated by client-side Javascript. When the form is posted the encryption key is sent to the server in the request body and the file download begins. After the download finishes the file is deleted from the server.