Implements a master toggle for security features across config,
CLI, and application logic. This allows granular control over
whether the advanced security middleware and protections are
active globally.
Introduce new environment variables to control the behavior of one-time download boxes:
- `WARPBOX_ONE_TIME_DOWNLOAD_EXPIRY_SECONDS`: Sets the lifetime of a one-time box after uploads are complete.
- `WARPBOX_ONE_TIME_DOWNLOAD_RETRY_ON_FAILURE`: Determines whether a box remains available if the ZIP creation or transfer fails.
To support these settings, the ZIP delivery process was refactored to use a temporary file. This ensures that a one-time box is only marked as consumed after the file has been successfully transferred to the client, preventing data loss on network interruptions.
Additionally, added a `DecorateFiles` helper in the box store to reduce code duplication.
Introduces a new configuration setting `one_time_download_expiry_seconds` to allow administrators to define a default expiration period for one-time downloads.
The retention logic in `boxstore` has been updated to use this global expiry value when a box is marked as a one-time download and no specific retention period is defined in the manifest.
- Add `formatBrowserTime()` and include ISO-8601 `expires_at` in box status JSON and `ExpiresAtISO` in the box view for browser-friendly rendering.
- Refresh UI styling (switch to MonoCraft/PixelOperatorMono, tweak base font size) and treat `aria-disabled="true"` like `disabled` for consistent button states.
- Introduce a clear-queue action with confirmation to reset upload state, unlock controls, and provide user feedback.feat(ui): add clear queue flow and expose ISO expiry
- Add `formatBrowserTime()` and include ISO-8601 `expires_at` in box status JSON and `ExpiresAtISO` in the box view for browser-friendly rendering.
- Refresh UI styling (switch to MonoCraft/PixelOperatorMono, tweak base font size) and treat `aria-disabled="true"` like `disabled` for consistent button states.
- Introduce a clear-queue action with confirmation to reset upload state, unlock controls, and provide user feedback.
- Add `applyMegabytesOrBytesEnv` to accept size settings in either bytes or MB
- Prefer `*_BYTES` when set, otherwise convert `*_MB` to bytes with overflow guard
- Add coverage for MB-based environment overrides
- Introduce `static/js/upload-popups.js` to lazy-load and cache popup templatesfeat(config): support *_MB env vars for upload size limits
- Add `applyMegabytesOrBytesEnv` to accept size settings in either bytes or MB
- Prefer `*_BYTES` when set, otherwise convert `*_MB` to bytes with overflow guard
- Add coverage for MB-based environment overrides
- Introduce `static/js/upload-popups.js` to lazy-load and cache popup templates
- Replace legacy salted password hashing with bcrypt and store hash alg
- Accept existing bcrypt hashes while keeping legacy verification fallback
- Validate box IDs and use SafeChildPath for box/file operations to prevent traversal
- Refactor download flow to share zip writer logic and correctly handle one-time deletes and optional renew-on-download only after a successful zip writefeat(security): use bcrypt hashes and safe paths for boxes
- Replace legacy salted password hashing with bcrypt and store hash alg
- Accept existing bcrypt hashes while keeping legacy verification fallback
- Validate box IDs and use SafeChildPath for box/file operations to prevent traversal
- Refactor download flow to share zip writer logic and correctly handle one-time deletes and optional renew-on-download only after a successful zip write
Update README to explain startup config precedence (defaults/env/admin overrides),
document admin/bootstrap and feature toggles, and clarify storage locations under
WARPBOX_DATA_DIR including BadgerDB metadata. Also refresh project layout to
include new config and metastore packages.docs: expand configuration docs for admin and BadgerDB
Update README to explain startup config precedence (defaults/env/admin overrides),
document admin/bootstrap and feature toggles, and clarify storage locations under
WARPBOX_DATA_DIR including BadgerDB metadata. Also refresh project layout to
include new config and metastore packages.
Introduce a `one-time` retention option and persist it on the manifest as `one_time_download`. One-time download boxes bypass retention expiry scheduling, force zip downloads, and reject download attempts until all files are complete to prevent partial retrievals.feat(boxstore): add one-time download retention mode
Introduce a `one-time` retention option and persist it on the manifest as `one_time_download`. One-time download boxes bypass retention expiry scheduling, force zip downloads, and reject download attempts until all files are complete to prevent partial retrievals.
- Extend `BoxFile` with thumbnail path/status fields and internal URL
- Populate `ThumbnailURL` when a thumbnail path is present during decoration
- Add `/box/:id/thumbnails/:file_id` route and handler to serve JPEG thumbnails
- Introduce thumbnail status constants to standardize processing state reportingfeat: add thumbnail metadata and download endpoint
- Extend `BoxFile` with thumbnail path/status fields and internal URL
- Populate `ThumbnailURL` when a thumbnail path is present during decoration
- Add `/box/:id/thumbnails/:file_id` route and handler to serve JPEG thumbnails
- Introduce thumbnail status constants to standardize processing state reporting
Introduce configurable retention options and default selection, store
retention when creating manifests, and add a helper to delete box
directories to enable expiring/cleanup workflows. Update login and upload
styles (new login layout, taller upload window) to support the new UI.feat(boxstore): add retention options and box deletion support
Introduce configurable retention options and default selection, store
retention when creating manifests, and add a helper to delete box
directories to enable expiring/cleanup workflows. Update login and upload
styles (new login layout, taller upload window) to support the new UI.
- Move box ID validation, file listing/pathing, manifest creation, and uploads to `boxstore`
- Use shared helpers for safe filenames and polling interval env parsing
- Add file status constants to `models` to avoid duplicated magic strings across handlersrefactor(server): use boxstore helpers and file status consts
- Move box ID validation, file listing/pathing, manifest creation, and uploads to `boxstore`
- Use shared helpers for safe filenames and polling interval env parsing
- Add file status constants to `models` to avoid duplicated magic strings across handlers
- Move API request/response structs into new lib/models package
- Centralize Gin route registration in lib/routing to simplify wiring
- Add lib/server config helper to allow WARPBOX_BOX_POLL_INTERVAL_MS override
- Improves modularity and makes polling behavior configurable per environmentrefactor: extract models/routes and env-based server config
- Move API request/response structs into new lib/models package
- Centralize Gin route registration in lib/routing to simplify wiring
- Add lib/server config helper to allow WARPBOX_BOX_POLL_INTERVAL_MS override
- Improves modularity and makes polling behavior configurable per environment
- Persist per-box file metadata in a .warpbox.json manifest, including IDs and status fields (pending/uploading/complete/failed)
- Add GET /box/:id/status to return current file states for clients polling upload progress
- Update upload handling to mark failures and completion in the manifest and decorate responses
- Add CSS states for loading/failed files and disable interactions for unavailable itemsfeat(server): track upload status via manifest and /status API
- Persist per-box file metadata in a .warpbox.json manifest, including IDs and status fields (pending/uploading/complete/failed)
- Add GET /box/:id/status to return current file states for clients polling upload progress
- Update upload handling to mark failures and completion in the manifest and decorate responses
- Add CSS states for loading/failed files and disable interactions for unavailable items
- Track per-file loaded bytes and compute an overall upload percentage
- Add overall progress bar/percent styling and resize upload window to fit
- Hide the upload result section until a share URL is available
- Use a specific icon for .exe files and update the default fallback iconfeat(ui): add overall upload progress and improve file icons
- Track per-file loaded bytes and compute an overall upload percentage
- Add overall progress bar/percent styling and resize upload window to fit
- Hide the upload result section until a share URL is available
- Use a specific icon for .exe files and update the default fallback icon
Introduce `/box/:id` to render a box page with file metadata, plus
endpoints to download individual files and a “download all” ZIP. Add
helpers to safely list box contents, stream files into a ZIP response,
and infer MIME types/icons for better UI and correct downloads.feat(server): add box file listing and download routes
Introduce `/box/:id` to render a box page with file metadata, plus
endpoints to download individual files and a “download all” ZIP. Add
helpers to safely list box contents, stream files into a ZIP response,
and infer MIME types/icons for better UI and correct downloads.
- Add `/box` endpoint to create an upload box and return its URL
- Add `/box/:id/upload` endpoint for uploading a single file to an existing box
- Refactor upload saving into a shared helper and validate box IDs/filenames
- Ensure unique filenames by checking existing files on disk to avoid collisions
- Update upload panel CSS to use flex layout for better resizing/scroll behaviorfeat(server): add box create/upload endpoints and improve UI
- Add `/box` endpoint to create an upload box and return its URL
- Add `/box/:id/upload` endpoint for uploading a single file to an existing box
- Refactor upload saving into a shared helper and validate box IDs/filenames
- Ensure unique filenames by checking existing files on disk to avoid collisions
- Update upload panel CSS to use flex layout for better resizing/scroll behavior
- Add POST /upload to accept multipart file uploads
- Generate random box IDs and persist files under data/uploads/<boxID>
- Sanitize and deduplicate filenames to avoid invalid paths/collisions
- Return box metadata and saved file details in the response
- Add Win98-style upload UI styling to support the new flowfeat(server): add multipart upload endpoint with box IDs
- Add POST /upload to accept multipart file uploads
- Generate random box IDs and persist files under data/uploads/<boxID>
- Sanitize and deduplicate filenames to avoid invalid paths/collisions
- Return box metadata and saved file details in the response
- Add Win98-style upload UI styling to support the new flow
Add `github.com/gin-contrib/gzip` to the module dependencies and update `go.sum` with the newly introduced transitive dependencies, preparing the Gin server for gzip-compressed responses.chore(deps): add gin-contrib/gzip for response compression
Add `github.com/gin-contrib/gzip` to the module dependencies and update `go.sum` with the newly introduced transitive dependencies, preparing the Gin server for gzip-compressed responses.
- Add `cmd/main.go` with a new `warpbox` root command and `run` subcommand
- Support `--addr` flag (default `:8080`) and delegate startup to `server.Run`
- Initialize Go module and dependencies (cobra, gin) via `go.mod`/`go.sum` to enable building the new CLI entrypointfeat(cli): add cobra-based CLI to run WarpBox server
- Add `cmd/main.go` with a new `warpbox` root command and `run` subcommand
- Support `--addr` flag (default `:8080`) and delegate startup to `server.Run`
- Initialize Go module and dependencies (cobra, gin) via `go.mod`/`go.sum` to enable building the new CLI entrypoint
