feat(storage): add S3 backend support and advanced upload limits

- Introduce S3-compatible storage backend support using minio-go. - Add configuration options for local storage limits, box limits, and rate limiting. - Implement storage backend selection (local vs S3) for anonymous and registered users. - Add an `/admin/storage` management interface. - Update documentation and environment examples with the new configuration variables.
2026-05-31 02:14:10 +03:00
parent 830d2a885c
commit c3558fd353
34 changed files with 2668 additions and 168 deletions
--- a/backend/libs/handlers/app.go
+++ b/backend/libs/handlers/app.go
@@ -16,6 +16,7 @@ type App struct {
 	uploadService   *services.UploadService
 	authService     *services.AuthService
 	settingsService *services.SettingsService
+	rateLimiter     *rateLimiter
 }

 func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uploadService *services.UploadService, authService *services.AuthService, settingsService *services.SettingsService) *App {
@@ -26,6 +27,7 @@ func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uplo
 		uploadService:   uploadService,
 		authService:     authService,
 		settingsService: settingsService,
+		rateLimiter:     newRateLimiter(),
 	}
 }

@@ -33,6 +35,7 @@ func (a *App) renderPage(w http.ResponseWriter, r *http.Request, status int, pag
 	if data.CurrentUser == nil {
 		data.CurrentUser = a.currentPublicUser(r)
 	}
+	data.CSRFToken = a.csrfToken(w, r)
 	a.renderer.Render(w, status, page, data)
 }

@@ -59,12 +62,22 @@ func (a *App) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /admin", a.AdminDashboard)
 	mux.HandleFunc("GET /admin/files", a.AdminFiles)
 	mux.HandleFunc("GET /admin/users", a.AdminUsers)
+	mux.HandleFunc("GET /admin/users/{userID}/edit", a.AdminEditUser)
 	mux.HandleFunc("GET /admin/settings", a.AdminSettings)
 	mux.HandleFunc("POST /admin/settings", a.AdminSettingsPost)
+	mux.HandleFunc("GET /admin/storage", a.AdminStorage)
+	mux.HandleFunc("POST /admin/storage/s3", a.AdminCreateS3Storage)
+	mux.HandleFunc("POST /admin/storage/{backendID}/edit", a.AdminEditStorage)
+	mux.HandleFunc("POST /admin/storage/{backendID}/test", a.AdminTestStorage)
+	mux.HandleFunc("POST /admin/storage/{backendID}/disable", a.AdminDisableStorage)
+	mux.HandleFunc("POST /admin/storage/{backendID}/delete", a.AdminDeleteStorage)
 	mux.HandleFunc("POST /admin/invites", a.AdminCreateInvite)
 	mux.HandleFunc("POST /admin/users/{userID}/disable", a.AdminDisableUser)
 	mux.HandleFunc("POST /admin/users/{userID}/reset", a.AdminResetUser)
 	mux.HandleFunc("POST /admin/users/{userID}/quota", a.AdminUpdateUserQuota)
+	mux.HandleFunc("POST /admin/users/{userID}/edit", a.AdminUpdateUser)
+	mux.HandleFunc("POST /admin/users/{userID}/policy", a.AdminUpdateUserPolicy)
+	mux.HandleFunc("POST /admin/users/{userID}/storage", a.AdminUpdateUserStorage)
 	mux.HandleFunc("GET /admin/boxes/{boxID}/view", a.AdminViewBox)
 	mux.HandleFunc("POST /admin/boxes/{boxID}/delete", a.AdminDeleteBox)
 	mux.HandleFunc("GET /d/{boxID}", a.DownloadPage)