{"id":46519329,"url":"https://github.com/fjmerc/safeshare","last_synced_at":"2026-03-06T19:08:59.428Z","repository":{"id":322722242,"uuid":"1090634887","full_name":"fjmerc/safeshare","owner":"fjmerc","description":"Secure temporary file sharing service with encryption, authentication, and automatic expiration","archived":false,"fork":false,"pushed_at":"2026-02-16T11:40:30.000Z","size":3173,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-16T19:10:14.288Z","etag":null,"topics":["authentication","chunked-uploads","docker","docker-image","encryption","file-sharing","file-transfer","file-upload","go","golang","http2","pwa","rate-limiting","reverse-proxy","security","self-hosted","single-binary","sqlite"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fjmerc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-05T23:47:07.000Z","updated_at":"2026-02-16T11:40:38.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fjmerc/safeshare","commit_stats":null,"previous_names":["fjmerc/safeshare"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/fjmerc/safeshare","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fjmerc%2Fsafeshare","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fjmerc%2Fsafeshare/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fjmerc%2Fsafeshare/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fjmerc%2Fsafeshare/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fjmerc","download_url":"https://codeload.github.com/fjmerc/safeshare/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fjmerc%2Fsafeshare/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30192445,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T18:54:55.862Z","status":"ssl_error","status_checked_at":"2026-03-06T18:53:04.013Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","chunked-uploads","docker","docker-image","encryption","file-sharing","file-transfer","file-upload","go","golang","http2","pwa","rate-limiting","reverse-proxy","security","self-hosted","single-binary","sqlite"],"created_at":"2026-03-06T19:08:58.702Z","updated_at":"2026-03-06T19:08:59.413Z","avatar_url":"https://github.com/fjmerc.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SafeShare - Secure Temporary File Sharing\n\n[![Tests](https://github.com/fjmerc/safeshare/actions/workflows/build-and-push.yml/badge.svg)](https://github.com/fjmerc/safeshare/actions/workflows/build-and-push.yml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/fjmerc/safeshare)](https://goreportcard.com/report/github.com/fjmerc/safeshare)\n\nA self-hosted secure file sharing service for temporary transfers with automatic expiration, cryptographically secure claim codes, and enterprise-grade security features.\n\n**Version**: 1.5.1\n\n## Screenshots\n\n### Main Interface\n![SafeShare Main Interface](docs/screenshots/main.png)\n*Modern web interface with drag-drop upload, QR codes, dark mode, and PWA support*\n\n### Admin Dashboard\n![Admin Dashboard](docs/screenshots/admin-dashboard.png)\n*Comprehensive admin dashboard for file management, user administration, and system configuration*\n\n### User Dashboard\n![User Dashboard](docs/screenshots/user-dashboard.png)\n*User dashboard for viewing upload history, managing files, and sharing with advanced features*\n\n### Admin Login (Dark Theme)\n![Admin Login Dark Theme](docs/screenshots/admin-login-dark.png)\n*Beautiful dark mode with gradient background for admin authentication*\n\n---\n\n## Key Features\n\n### Core Capabilities\n- **Chunked/Resumable Uploads** - Large file support (\u003e100MB) with pause/resume\n- **Resumable Downloads** - Browser-based download resume with progress tracking\n- **HTTP/2 Support** - Optimized performance with 250 concurrent streams\n- **Progressive Web App (PWA)** - Installable app with offline support\n- **Automatic Expiration** - Files auto-delete after configurable time\n- **Download Limits** - Optional max downloads per file\n- **Password Protection** - Optional bcrypt-hashed passwords for files\n- **Claim Codes** - Cryptographically secure, URL-safe identifiers\n- **QR Code Generation** - One-click QR codes for mobile sharing\n- **File Checksums** - SHA256 hashes for integrity verification\n\n### Security Features\n- **Encryption at Rest** - AES-256-GCM authenticated encryption\n- **Multi-Factor Authentication (MFA/TOTP)** - Two-factor authentication with authenticator apps\n- **WebAuthn/FIDO2** - Hardware security key support (YubiKey, Windows Hello, Touch ID)\n- **Single Sign-On (SSO/OIDC)** - Enterprise SSO with Google, Azure AD, Okta, Auth0, Keycloak\n- **API Token Authentication** - Bearer tokens with scopes, rotation, audit logging, and expiration\n- **User Authentication** - Invite-only registration with role-based access\n- **Admin Dashboard** - Web-based administration with CSRF protection\n- **IP Blocking** - Block malicious IPs from uploads/downloads\n- **Rate Limiting** - IP-based DoS protection (configurable limits)\n- **File Extension Blacklist** - Blocks dangerous file types (executables, scripts)\n- **Trusted Proxy Validation** - Smart proxy header validation (anti-spoofing)\n- **Security Headers** - CSP, X-Frame-Options, X-Content-Type-Options\n- **MIME Type Detection** - Server-side content validation\n- **Storage Quotas** - Configurable per-application limits\n- **Audit Logging** - Comprehensive JSON-structured logs\n\n### User Management\n- **Invite-Only Registration** - Admin-managed user accounts\n- **User Dashboard** - View uploads, manage files, share with advanced features\n- **File Management** - Rename files, edit expiration, regenerate claim codes\n- **Session Management** - Secure httpOnly cookies with configurable expiry\n- **Temporary Passwords** - Forced password change on first login\n- **Role-Based Access** - User and admin roles with different permissions\n- **Anonymous Uploads** - Configurable (enabled by default, can require authentication)\n\n### Admin Dashboard\n- **File Management** - View all files, search, bulk delete, download statistics\n- **User Administration** - Create, edit, enable/disable, reset passwords\n- **MFA Management** - View and manage user MFA status, disable MFA for emergency recovery\n- **SSO Provider Management** - Configure OIDC providers, test connections, auto-provisioning\n- **API Token Management** - View all tokens, bulk operations (revoke, extend), usage statistics\n- **Webhook Management** - Configure webhooks for file lifecycle events (uploaded, downloaded, deleted, expired)\n- **Backup Management** - Schedule automated backups, download backups, retention policies\n- **IP Blocking** - Block/unblock IPs with reason tracking\n- **Enterprise Features** - Runtime feature toggles (MFA, SSO, Webhooks, API Tokens, Backups)\n- **Dynamic Settings** - Adjust quotas, limits, security settings without restart\n- **Configuration Assistant** - Intelligent config recommendations based on environment\n- **Real-Time Statistics** - Storage usage, file counts, user counts, quota metrics\n- **Partial Upload Management** - Monitor and cleanup abandoned chunked uploads\n\n### Monitoring \u0026 Operations\n- **Health Check Endpoints** - Comprehensive, liveness, and readiness probes\n- **Prometheus Metrics** - Full metrics export for monitoring and alerting\n- **Structured Logging** - JSON logs for aggregation tools (ELK, Splunk, Datadog)\n- **Graceful Shutdown** - Safe container stop with request completion\n- **Background Workers** - Auto-cleanup of expired files and abandoned uploads\n- **Database Migrations** - Automatic schema versioning and upgrades\n\n### Enterprise Features\n- **PostgreSQL Backend** - Production-grade database for high-availability deployments\n- **S3-Compatible Storage** - Object storage support (AWS S3, MinIO, DigitalOcean Spaces)\n- **High Availability** - Multi-node deployments with shared storage and distributed locking\n- **Automated Backups** - Scheduled backups with cron expressions and retention policies\n- **Webhook Notifications** - Real-time event notifications for integrations (Gotify, ntfy.sh, Discord)\n- **Advanced API Tokens** - Token rotation, usage tracking, bulk operations, expiration warnings\n- **Feature Flags** - Runtime feature toggles without container restarts\n\n### Deployment\n- **Single Binary** - No external dependencies (pure Go, embedded SQLite)\n- **Docker Container** - Minimal ~26MB Alpine-based image\n- **Reverse Proxy Ready** - Works with Traefik, nginx, Caddy, Apache\n- **CDN Compatible** - Supports Cloudflare and other CDNs\n- **PostgreSQL Support** - Optional PostgreSQL backend for enterprise deployments\n- **S3 Storage Support** - Optional S3-compatible object storage backend\n- **No CGO Required** - Portable across architectures (amd64, arm64)\n\n---\n\n## Quick Start\n\n### Web UI\n\nSimply visit the root URL after starting the server:\n\n```\nhttp://localhost:8080/ # Main upload interface\nhttp://localhost:8080/admin/login # Admin dashboard (if configured)\nhttp://localhost:8080/login # User login\n```\n\nFeatures drag-drop upload, QR code generation, PWA installation, and one-click sharing!\n\n### Docker\n\n```bash\n# Basic deployment (anonymous uploads)\ndocker run -d \\\n -p 8080:8080 \\\n -v safeshare-data:/app/data \\\n -v safeshare-uploads:/app/uploads \\\n --name safeshare \\\n fjmerc/safeshare:latest\n\n# Production deployment with encryption and admin dashboard\ndocker run -d \\\n -p 8080:8080 \\\n -e ENCRYPTION_KEY=\"$(openssl rand -hex 32)\" \\\n -e ADMIN_USERNAME=admin \\\n -e ADMIN_PASSWORD=\"YourSecurePassword123!\" \\\n -e QUOTA_LIMIT_GB=100 \\\n -e TZ=Europe/Berlin \\\n -v safeshare-data:/app/data \\\n -v safeshare-uploads:/app/uploads \\\n --name safeshare \\\n fjmerc/safeshare:latest\n\n# Visit http://localhost:8080/admin/login\n```\n\n### Binary\n\n```bash\n# Download latest release\nwget https://github.com/fjmerc/safeshare/releases/latest/download/safeshare-linux-amd64\n\n# Make executable\nchmod +x safeshare-linux-amd64\n\n# Run (uses default settings)\n./safeshare-linux-amd64\n\n# Or with custom configuration\nexport MAX_FILE_SIZE=209715200 # 200MB\nexport DEFAULT_EXPIRATION_HOURS=48\nexport ADMIN_USERNAME=admin\nexport ADMIN_PASSWORD=admin123\n./safeshare-linux-amd64\n```\n\n---\n\n## API Quick Start\n\n### Simple Upload \u0026 Download\n\n```bash\n# Upload a file\ncurl -X POST -F \"file=@document.pdf\" \\\n http://localhost:8080/api/upload | jq .\n\n# Response includes claim code\n{\n \"claim_code\": \"Xy9kLm8pQz4vDwE\",\n \"download_url\": \"http://localhost:8080/api/claim/Xy9kLm8pQz4vDwE\",\n \"expires_at\": \"2025-11-22T10:00:00Z\",\n \"file_size\": 1048576\n}\n\n# Download the file\ncurl -O http://localhost:8080/api/claim/Xy9kLm8pQz4vDwE\n```\n\n### With Options\n\n```bash\n# Upload with expiration, download limit, and password\ncurl -X POST \\\n -F \"file=@sensitive.pdf\" \\\n -F \"expires_in_hours=24\" \\\n -F \"max_downloads=1\" \\\n -F \"password=secret123\" \\\n http://localhost:8080/api/upload | jq .\n\n# Download with password\ncurl -O \"http://localhost:8080/api/claim/Xy9kLm8pQz4vDwE?password=secret123\"\n```\n\n### Get File Info (Without Downloading)\n\n```bash\n# Check file metadata\ncurl \"http://localhost:8080/api/claim/Xy9kLm8pQz4vDwE/info\" | jq .\n\n# Response\n{\n \"claim_code\": \"Xy9kLm8pQz4vDwE\",\n \"original_filename\": \"document.pdf\",\n \"file_size\": 1048576,\n \"downloads_remaining\": 4,\n \"expires_at\": \"2025-11-22T10:00:00Z\",\n \"password_protected\": false,\n \"sha256_hash\": \"a3b2c1d4...\"\n}\n```\n\n**Full API Documentation**: See [docs/API_REFERENCE.md](docs/API_REFERENCE.md) for complete endpoint details, authentication, user management, admin operations, health checks, and Prometheus metrics.\n\n---\n\n## Configuration\n\nSafeShare is configured via environment variables. Common settings:\n\n| Variable | Default | Description |\n|----------|---------|-------------|\n| `PORT` | `8080` | HTTP server port |\n| `MAX_FILE_SIZE` | `104857600` | Max file size in bytes (100MB) |\n| `DEFAULT_EXPIRATION_HOURS` | `24` | Default file expiration |\n| `ENCRYPTION_KEY` | (empty) | AES-256 key (64 hex chars) - enables encryption |\n| `ADMIN_USERNAME` | (empty) | Admin username - enables dashboard |\n| `ADMIN_PASSWORD` | (empty) | Admin password (min 8 chars) |\n| `REQUIRE_AUTH_FOR_UPLOAD` | `false` | Require user authentication for uploads |\n| `QUOTA_LIMIT_GB` | `0` | Storage quota in GB (0 = unlimited) |\n| `RATE_LIMIT_UPLOAD` | `10` | Uploads per hour per IP |\n| `RATE_LIMIT_DOWNLOAD` | `50` | Downloads per hour per IP |\n| `PUBLIC_URL` | (empty) | Public URL for download links (e.g., `https://share.domain.com`) |\n| `DOWNLOAD_URL` | (empty) | Separate URL for downloads (bypasses CDN timeouts) |\n| `CHUNKED_UPLOAD_ENABLED` | `true` | Enable chunked uploads |\n| `CHUNK_SIZE` | `10485760` | Chunk size in bytes (10MB) |\n| `READ_TIMEOUT` | `120` | HTTP read timeout (seconds) |\n| `WRITE_TIMEOUT` | `120` | HTTP write timeout (seconds) |\n| `TZ` | `UTC` | Timezone for container |\n\n**Advanced Configuration**:\n- `TRUST_PROXY_HEADERS` - Proxy header validation (`auto`, `true`, `false`)\n- `TRUSTED_PROXY_IPS` - Comma-separated trusted proxy IPs/CIDR ranges\n- `MAX_EXPIRATION_HOURS` - Maximum allowed expiration (default: 168 hours / 7 days)\n- `BLOCKED_EXTENSIONS` - Comma-separated blocked file extensions\n- `DB_PATH`, `UPLOAD_DIR`, `CLEANUP_INTERVAL_MINUTES`, `SESSION_EXPIRY_HOURS`\n- `CHUNKED_UPLOAD_THRESHOLD`, `PARTIAL_UPLOAD_EXPIRY_HOURS`, `HTTPS_ENABLED`\n\n**Configuration Assistant**: The admin dashboard includes an intelligent configuration assistant that analyzes your deployment environment and provides optimized settings recommendations.\n\n---\n\n## Documentation\n\nComprehensive documentation is available in the [`docs/`](docs/) directory:\n\n| Document | Description |\n|----------|-------------|\n| **[API_REFERENCE.md](docs/API_REFERENCE.md)** | Complete API documentation with all endpoints, authentication, and examples |\n| **[SECURITY.md](docs/SECURITY.md)** | Enterprise security features, encryption, admin dashboard security, best practices |\n| **[SSO_SETUP.md](docs/SSO_SETUP.md)** | SSO/OIDC configuration guide with provider-specific examples |\n| **[MFA_SETUP.md](docs/MFA_SETUP.md)** | Multi-factor authentication setup guide |\n| **[BACKUP_RESTORE.md](docs/BACKUP_RESTORE.md)** | Backup and restore system documentation |\n| **[CHUNKED_UPLOAD.md](docs/CHUNKED_UPLOAD.md)** | Chunked/resumable upload API, architecture, client implementation guide |\n| **[REVERSE_PROXY.md](docs/REVERSE_PROXY.md)** | Reverse proxy configuration (Traefik, nginx, Caddy, Apache) |\n| **[PROMETHEUS.md](docs/PROMETHEUS.md)** | Prometheus metrics, Grafana dashboards, alerting rules |\n| **[HTTP_RANGE_SUPPORT.md](docs/HTTP_RANGE_SUPPORT.md)** | Resumable downloads, HTTP Range requests (RFC 7233) |\n| **[PRODUCTION.md](docs/PRODUCTION.md)** | Production deployment guide with security hardening |\n| **[INFRASTRUCTURE_PLANNING.md](docs/INFRASTRUCTURE_PLANNING.md)** | CDN timeouts, upload speed testing, configuration planning |\n| **[ARCHITECTURE.md](docs/ARCHITECTURE.md)** | Detailed technical architecture, PostgreSQL/S3 backends |\n| **[FRONTEND.md](docs/FRONTEND.md)** | Web UI features, customization guide, browser compatibility |\n| **[TESTING.md](docs/TESTING.md)** | Testing guide, test suite, coverage requirements |\n| **[VERSION_STRATEGY.md](docs/VERSION_STRATEGY.md)** | Semantic versioning, Git Flow, release process |\n| **[CHANGELOG.md](docs/CHANGELOG.md)** | Complete version history with all changes |\n| **[CLAUDE.md](CLAUDE.md)** | Developer guide, architecture overview, build commands |\n\n**Quick Links**:\n- šŸ” [Encryption Setup](docs/SECURITY.md#encryption-at-rest)\n- šŸ”‘ [MFA Setup](docs/MFA_SETUP.md)\n- šŸŒ [SSO Setup](docs/SSO_SETUP.md)\n- šŸ’¾ [Backup/Restore](docs/BACKUP_RESTORE.md)\n- šŸŽ›ļø [Admin Dashboard](docs/SECURITY.md#admin-dashboard-security)\n- šŸ“Š [Monitoring Setup](docs/PROMETHEUS.md)\n- šŸ”§ [Reverse Proxy Config](docs/REVERSE_PROXY.md)\n- šŸ“± [PWA Features](docs/FRONTEND.md#progressive-web-app-pwa)\n\n---\n\n## Architecture\n\n```\nSafeShare Application\nā”œā”€ā”€ HTTP Server (net/http) with HTTP/2 support\nā”‚ ā”œā”€ā”€ Public API: Upload, Download, Claim Info, Health, Metrics\nā”‚ ā”œā”€ā”€ Chunked Upload: Init, Chunk, Complete, Status\nā”‚ ā”œā”€ā”€ User Auth: Login, Logout, Dashboard, File Management\nā”‚ ā””ā”€ā”€ Admin Dashboard: Files, Users, IPs, Settings, Config Assistant\nā”œā”€ā”€ SQLite Database (modernc.org/sqlite - pure Go, no CGO)\nā”‚ ā”œā”€ā”€ Tables: files, users, sessions, partial_uploads, blocked_ips, settings\nā”‚ ā””ā”€ā”€ Migrations: Automatic schema versioning (6 migrations)\nā”œā”€ā”€ File Storage\nā”‚ ā”œā”€ā”€ Completed files: UUID filenames (encrypted if ENCRYPTION_KEY set)\nā”‚ ā””ā”€ā”€ Partial uploads: .partial/{upload_id}/chunk_{number}\nā”œā”€ā”€ Middleware\nā”‚ ā”œā”€ā”€ Authentication (user \u0026 admin), IP Blocking, Rate Limiting\nā”‚ ā”œā”€ā”€ CSRF Protection, Security Headers, Logging, Metrics Collection\nā”‚ ā””ā”€ā”€ Proxy Header Validation (anti-spoofing)\nā””ā”€ā”€ Background Workers\n ā”œā”€ā”€ Expired File Cleanup (configurable interval)\n ā”œā”€ā”€ Partial Upload Cleanup (abandoned uploads)\n ā”œā”€ā”€ Assembly Recovery (interrupted chunked uploads)\n ā””ā”€ā”€ Session Cleanup (expired auth sessions)\n```\n\n**Key Technologies**:\n- **Go 1.21+** - Single binary, no external dependencies\n- **SQLite** - Embedded database with WAL mode (modernc.org/sqlite)\n- **HTTP/2** - Concurrent stream multiplexing (h2c support)\n- **Embedded Frontend** - HTML/CSS/JS bundled in binary (27KB total)\n- **Service Worker** - PWA with offline support\n\n---\n\n## Building from Source\n\n### Prerequisites\n- Go 1.21 or later\n- Docker (optional, for containerized builds)\n\n### Build Binary\n\n```bash\n# Clone repository\ngit clone https://github.com/fjmerc/safeshare\ncd safeshare\n\n# Build\ngo build -o safeshare ./cmd/safeshare\n\n# Run\n./safeshare\n```\n\n### Build Docker Image\n\n```bash\n# Build image\ndocker build -t safeshare:latest .\n\n# Check image size (~26MB)\ndocker images safeshare\n\n# Run container\ndocker run -d -p 8080:8080 --name safeshare safeshare:latest\n```\n\n---\n\n## Performance\n\n- **Startup time**: \u003c 1 second\n- **Memory usage**: ~10-20 MB baseline\n- **Disk usage**: File size + ~2KB per file record\n- **Concurrent requests**: 1000+ concurrent connections\n- **SQLite optimizations**: WAL mode, performance indexes, temp_store=MEMORY\n- **Chunked upload**: 250 concurrent streams (HTTP/2)\n- **Encryption throughput**: ~50-60 MB/s (tested on ARM VPS)\n\n---\n\n## Security Best Practices\n\n**Production Deployments**:\n1. **Always use encryption**: Set `ENCRYPTION_KEY` (64 hex chars)\n2. **Enable admin authentication**: Set `ADMIN_USERNAME` and `ADMIN_PASSWORD`\n3. **Use HTTPS**: Configure reverse proxy with TLS certificates\n4. **Set storage quota**: Use `QUOTA_LIMIT_GB` to prevent disk abuse\n5. **Configure rate limits**: Adjust `RATE_LIMIT_UPLOAD` and `RATE_LIMIT_DOWNLOAD`\n6. **Block dangerous extensions**: Customize `BLOCKED_EXTENSIONS`\n7. **Use trusted proxies only**: Configure `TRUST_PROXY_HEADERS=auto` (default)\n8. **Enable audit logging**: Forward logs to SIEM/log aggregation\n9. **Monitor metrics**: Set up Prometheus + Grafana dashboards\n10. **Regular backups**: Backup database and encryption key securely\n\n**Security Guide**: See [docs/SECURITY.md](docs/SECURITY.md) for complete security documentation, compliance mapping (HIPAA, SOC 2, GDPR, PCI-DSS), and security audit checklist.\n\n---\n\n## Troubleshooting\n\n### Container Won't Start\n\n```bash\n# Check logs\ndocker logs safeshare\n\n# Common issues:\n# - Port 8080 already in use\n# - Insufficient volume permissions\n# - Invalid environment variables\n```\n\n### Upload Fails\n\nCheck:\n- File size is within `MAX_FILE_SIZE` limit\n- Disk space available (requires \u003e1GB free)\n- Storage quota not exceeded\n- File extension not in `BLOCKED_EXTENSIONS`\n- Rate limit not exceeded\n\n### Large Files Timeout\n\nFor files \u003e100MB:\n- Ensure `CHUNKED_UPLOAD_ENABLED=true` (default)\n- Increase `READ_TIMEOUT` and `WRITE_TIMEOUT` if needed\n- Configure `DOWNLOAD_URL` to bypass CDN timeouts\n- See [docs/INFRASTRUCTURE_PLANNING.md](docs/INFRASTRUCTURE_PLANNING.md)\n\n### Database Issues\n\n```bash\n# Reset database (CAUTION: deletes all data)\ndocker stop safeshare\ndocker rm safeshare\ndocker volume rm safeshare-data\ndocker run -d -p 8080:8080 \\\n -v safeshare-data:/app/data \\\n -v safeshare-uploads:/app/uploads \\\n safeshare:latest\n```\n\n---\n\n## Contributing\n\nContributions welcome! Please:\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Make your changes following Git Flow ([docs/VERSION_STRATEGY.md](docs/VERSION_STRATEGY.md))\n4. Add tests if applicable (minimum 60% coverage)\n5. Update documentation (README, CHANGELOG, API docs)\n6. Submit a pull request to `develop` branch\n\n**Development Guide**: See [CLAUDE.md](CLAUDE.md) for architecture overview, build commands, testing procedures, and Git Flow workflow.\n\n---\n\n## License\n\nMIT License - See [LICENSE](LICENSE) file for details.\n\n---\n\n## Changelog\n\nSee [docs/CHANGELOG.md](docs/CHANGELOG.md) for complete version history.\n\n**Latest Release (v1.5.0)**:\n- Single Sign-On (SSO/OIDC) support for enterprise deployments\n- WebAuthn/FIDO2 hardware key and MFA/TOTP authentication\n- PostgreSQL database backend and S3-compatible storage\n- Automated backup scheduler with retention policies\n- Enterprise feature management UI\n\n---\n\n## Support\n\n- **GitHub Issues**: [Report bugs or request features](https://github.com/fjmerc/safeshare/issues)\n- **Documentation**: See [docs/](docs/) directory\n- **Security Issues**: See [SECURITY.md](docs/SECURITY.md) for responsible disclosure\n\n---\n\n**Built with Go**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffjmerc%2Fsafeshare","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffjmerc%2Fsafeshare","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffjmerc%2Fsafeshare/lists"}