Skip to content

Features

Jump to bottom
Ryan edited this page Apr 21, 2025 · 6 revisions

Features

Multiple File/Folder Uploads with Progress (Resumable.js Integration)

  • Users can effortlessly upload multiple files and folders simultaneously by either selecting them through the file picker or dragging and dropping them directly into the interface.
  • Chunked Uploads: Files are uploaded in configurable chunks (default set as 3 MB) to efficiently handle large files.
  • Pause, Resume, and Retry: Uploads can be paused and resumed at any time, with support for retrying failed chunks.
  • Real-Time Progress: Each file shows an individual progress bar that displays percentage complete and upload speed.
  • File & Folder Grouping: When many files are dropped, files are automatically grouped into a scrollable wrapper, ensuring the interface remains clean.
  • Secure Uploads: All uploads integrate CSRF token validation and other security checks.

WebDAV & Programmatic Access

  • Mount as a Drive: Connect FileRise to any WebDAV‑capable client (Windows Map network drive…, macOS Finder → Go → Connect to Server…, Linux GVFS/GIO, Cyberduck, WinSCP, etc.).
    • Folder Only users are auto‑scoped to /uploads/<username>; admins/unrestricted users see the full tree.
    • Standard operations (upload, download, rename, move, delete) work exactly as in the browser UI.
  • cURL / Shell Automation: Because WebDAV is pure HTTP you can script uploads, downloads, or metadata queries with simple curl commands (PUT, GET, PROPFIND, MOVE, DELETE).
    See wiki ► WebDAV via cURL for ready‑made snippets (batch upload, cron‑style backup, etc.).
  • OpenAPI‑Powered REST: In parallel with WebDAV, FileRise exposes a complete OpenAPI v3 spec (public/openapi.json).
    You can autogenerate typed clients (Python, Go, TypeScript, Bash…) or scaffold a CLI in minutes with OpenAPI Generator.
    A dedicated wiki page CLI Client (REST / OpenAPI) walks through generation examples.

Built-in File Editing & Renaming

  • Text-based files (e.g., .txt, .html, .js) can be opened and edited in a modal window using CodeMirror for:
    • Syntax highlighting
    • Line numbering
    • Adjustable font sizes
  • Files can be renamed directly through the interface.
  • The renaming functionality now supports names with parentheses and checks for duplicate names, automatically generating a unique name (e.g., appending “ (1)”) when needed.
  • Folder-specific metadata is updated accordingly.
  • Enhanced File Editing Check: Files with a Content-Length of 0 KB are now allowed to be edited.

Folder Sharing Feature – Detailed Overview

  • Secure Folder Share Link Creation:

    • Generate one-time or expiring public links for entire folders using a dedicated API endpoint (createFolderShareLink.php).
    • Optionally protect shared folders with a password.
    • Specify the lifespan of the share link in minutes (with a default fallback, e.g. 7 days).
    • Store folder share tokens separately from file share tokens in a dedicated JSON file (share_folder_links.json).

  • Customizable Share Link URL:

    • Automatically builds absolute share links using either a defined BASE_URL or, if the default is detected, the server’s externally accessible IP address.
    • Ensures that folder share links point to the correct endpoint (shareFolder.php) for viewing shared folder content.

  • Folder Share Modal Interface (FolderShareModal.js):

    • Provides a user-friendly modal for generating folder share links.
    • Includes options for setting link expiration, an optional password, and a checkbox to enable uploads.
    • Displays the generated share link with a “copy to clipboard” button.
    • Integrates seamlessly with the folder sharing API endpoints.

  • Shared Folder Access & Presentation (shareFolder.php):

    • Processes GET requests to display shared folder contents.
    • Validates share tokens and, if necessary, prompts for a password when the share is protected.
    • Lists folder contents with:
      • Pagination: Displays a limited number of items per page (e.g., 10 or 20 items per page) with “Prev”, “Next”, and numbered page navigation controls.
      • File Size Display: File sizes are shown in megabytes (MB), rounded to two decimals for clarity.
    • Uses robust file-system security checks with realpath() to ensure that files are served only from allowed directories.
    • Provides download links for each file that point to a dedicated secure download endpoint.

  • Secure Public File Download (downloadSharedFile.php):

    • A dedicated endpoint that accepts a share token and filename as GET parameters.
    • Validates the share token, checks that the file exists within the shared folder, and serves files securely.
    • Sets proper MIME types and content-disposition headers (inline for images, attachment for other file types).
    • Implements strict path and input sanitization to prevent directory traversal or unauthorized access.

  • Public File Upload Handling (uploadToSharedFolder.php):

    • A secure upload endpoint for files uploaded via a shared folder link.
    • Enforces file size limits (e.g., 50MB) and uses a whitelist for allowed file extensions.
    • Generates unique filenames (by prepending a unique prefix) to prevent collisions and aid traceability.
    • Updates file metadata by recording the correct upload date and setting the uploader as “Outside Share” (since public users might not be authenticated).
    • After a successful upload, the endpoint redirects back to the shared folder view so that the new file appears in the listing.
    • Updates a dedicated metadata JSON file for the shared folder with the upload date and uploader information.

  • Overall Security Considerations

    • All endpoints perform comprehensive input validation and sanitization (e.g., using regex for folder names, filtering GET/POST parameters).
    • Secure token generation and password hashing (using PHP’s random_bytes() and password_hash() functions) help ensure robust security.
    • CSRF protection is applied where needed (for authenticated file uploads) to safeguard against cross-site forgery.
    • Separate storage for file share and folder share tokens prevents conflicts between different sharing systems.
    • The system employs file-system security measures (using realpath()) to ensure that only files within allowed directories are accessed or modified.

Built-in File Preview

  • Users can quickly preview images, videos, audio and PDFs directly in modal popups without leaving the page.
  • The preview modal supports inline display of images (with proper scaling) and videos with playback controls.
  • Navigation (prev/next) within image previews is supported for a seamless browsing experience.

Gallery (Grid) View

  • In addition to the traditional table view, users can toggle to a gallery view that arranges image thumbnails in a grid layout.
  • The gallery view offers multiple column options (e.g., 3, 4, or 5 columns) so that users can choose the layout that best fits their screen.
  • Action buttons (Download, Edit, Rename, Share) appear beneath each thumbnail for quick access.

Batch Operations (Delete/Copy/Move/Download/Extract Zip)

  • Delete Files: Delete multiple files at once.
  • Copy Files: Copy selected files to another folder with a unique-naming feature to prevent overwrites.
  • Move Files: Move selected files to a different folder, automatically generating a unique filename if needed to avoid data loss.
  • Download Files as ZIP: Download selected files as a ZIP archive. Users can specify a custom name for the ZIP file via a modal dialog.
  • Extract Zip: When one or more ZIP files are selected, users can extract the archive(s) directly into the current folder.
  • Drag & Drop (File Movement): Easily move files by selecting them from the file list and dragging them onto your desired folder in the folder tree or breadcrumb. When you drop the files onto a folder, the system automatically moves them, updating your file organization in one seamless action.
  • Enhanced Context Menu & Keyboard Shortcuts:
    • Right-Click Context Menu:
      • A custom context menu appears on right-clicking within the file list.
      • For multiple selections, options include Delete Selected, Copy Selected, Move Selected, Download Zip, and (if applicable) Extract Zip.
      • When exactly one file is selected, additional options (Preview, Edit [if editable], Rename, and Tag File) are available.
    • Keyboard Shortcut for Deletion:
      • A global keydown listener detects Delete/Backspace key presses (when no input is focused) to trigger the delete operation.

Shift Key Multi‑Selection Changes 4/10/2025

  • Implemented Range Selection:
    • Modified the toggleRowSelection function so that when the Shift key is held down, all rows between the last clicked (anchor) row (stored as window.lastSelectedFileRow) and the currently clicked row are selected.
  • Modifier Handling:
    • Regular clicks (or Ctrl/Cmd clicks) simply toggle the clicked row without clearing other selections.
  • Prevented Default Browser Behavior:
    • Added event.preventDefault() in the Shift‑click branch to avoid unwanted text selection.
  • Maintaining the Anchor:
    • The last clicked row is stored for future range selections.

File Tagging and Global Tag Management

  • Context Menu Tagging:
    • Single-file tagging: “Tag File” option in the right-click menu opens a modal to add a tag (with name and color) to the file.
    • Multi-file tagging: When multiple files are selected, a “Tag Selected” option opens a multi‑file tagging modal to apply the same tag to all selected files.
  • Tagging Modals & Custom Dropdown:
    • Dedicated modals provide an interface for adding and updating tags.
    • A custom dropdown in each modal displays available global tags with a colored preview and a remove icon.
  • Global Tag Store:
    • Tags are stored globally (persisted in a JSON file) for reuse across files and sessions.
    • New tags added to any file are automatically added to the global store.
    • Users can remove a global tag directly from the dropdown, which removes it from the available tag list for all files.
  • Unified Search Filtering:
    • The single search box now filters files based on both file names and tag names (case‑insensitive).

Folder Management

  • Organize files into folders and subfolders with the ability to create, rename, and delete folders.
  • A dynamic folder tree in the UI allows users to navigate directories easily, with real-time updates.
  • Per-Folder Metadata Storage: Each folder has its own metadata JSON file (e.g., root_metadata.json, FolderName_metadata.json), updated with operations like copy/move/rename.
  • Intuitive Breadcrumb Navigation: Clickable breadcrumbs enable users to quickly jump to any parent folder; supports drag & drop for moving files.
  • Folder Manager Context Menu:
    • Right-clicking on a folder brings up a custom context menu with options for creating, renaming, and deleting folders.
  • Keyboard Shortcut for Folder Deletion:
    • A global key listener (Delete/Backspace) triggers folder deletion with safeguards to prevent deletion of the root folder.

Sorting & Pagination

  • Files can be sorted by name, modified date, upload date, file size, or uploader.
  • Pagination controls let users navigate through files with selectable page sizes (10, 20, 50, or 100 items per page) and “Prev”/“Next” buttons.

Share Link Functionality

  • Generate shareable links for files with configurable expiration times (e.g., 30, 60, 120, 180, 240 minutes, and 1 day) and optional password protection.
  • Share links are stored in a JSON file with details including folder, file, expiration timestamp, and hashed password.
  • The share endpoint validates tokens, expiration, and password before serving files (or forcing downloads).
  • The share URL is configurable via environment variables or auto-detected from the server.

User Authentication & Management

  • Secure, session-based authentication protects the file manager.
  • Admin users can add or remove users through the interface.
  • Passwords are hashed using PHP’s password_hash() for security.
  • All state-changing endpoints include CSRF token validation.
  • Password change functionality is supported for all users.
  • Basic Auth is available for login.
  • Persistent Login (Remember Me) with Encrypted Tokens:
    • Users can remain logged in across sessions securely.
    • Persistent tokens are encrypted using AES‑256‑CBC before being stored in a JSON file.
    • On auto-login, tokens are decrypted on the server to re-establish user sessions without re-authentication.

Responsive, Dynamic & Persistent UI

  • The interface is mobile-friendly and adapts to various screen sizes by hiding non-critical columns on small devices.
  • Asynchronous updates (via Fetch API and XMLHttpRequest) keep the UI responsive without full page reloads.
  • Persistent settings (such as items per page, dark/light mode preference, folder tree state, and the last open folder) ensure a smooth, customized user experience.

Dark Mode/Light Mode

  • The application automatically adapts to the operating system’s theme preference by default, with a manual toggle available.
  • Dark mode provides a darker background with lighter text, and UI elements (including the CodeMirror editor) are adjusted for optimal readability in low-light conditions.
  • Light mode maintains a bright interface suitable for well-lit environments.

Server & Security Enhancements

  • Apache (or .htaccess) configurations disable directory indexing (e.g., using Options -Indexes in the uploads directory), preventing unauthorized file browsing.
  • Direct access to sensitive files (e.g., users.txt) is restricted via .htaccess rules.
  • A proxy download mechanism (via endpoints like download.php and downloadZip.php) routes all file downloads through PHP, ensuring session and CSRF token validation before file access.
  • Administrators are advised to deploy the app on a secure internal network or use the proxy download mechanism for public deployments.

Trash Management with Restore & Delete

  • Trash Storage & Metadata:

    • Deleted files are moved to a designated “Trash” folder rather than being immediately removed.
    • Metadata is stored in a JSON file (trash.json) that records:
      • Original folder and file name
      • Timestamp when the file was trashed
      • Uploader information (and optionally who deleted it)
      • Additional metadata (e.g., file type)

  • Restore Functionality:

    • Admins can view trashed files in a modal and restore individual or all files back to their original location (with conflict checks).

  • Delete Functionality

    • Users can permanently delete trashed files via:
      • Delete Selected: Remove specific files from the Trash and update trash.json.
      • Delete All: Permanently remove every file from the Trash after confirmation.

  • Auto-Purge Mechanism:

    • The system automatically purges files in the Trash older than three days, managing storage and preventing accumulation of outdated files.

  • Trash UI:

    • The trash modal displays file name, uploader/deleter, and trashed date/time.
    • Material icons with tooltips represent restore and delete actions.

  • Drag & Drop Cards with Dedicated Drop Zones:

    • Sidebar Drop Zone:
      • Cards (e.g., upload or folder management) can be dragged into a dedicated sidebar drop zone for quick access to frequently used operations.
      • The sidebar drop zone expands dynamically to accept drops anywhere within its visual area.
    • Top Bar Drop Zone:
      • A top drop zone is available for reordering or managing cards quickly.
      • Dragging a card to the top drop zone provides immediate visual feedback, ensuring a fluid and customizable workflow.
    • Header Drop Zone with State Preservation:
      • Cards can be dragged into the header drop zone, where they are represented by a compact material icon.
      • State Preservation: Instead of removing the card from the DOM, the original card is moved into a hidden container. This ensures that dynamic features (such as the folder tree in the Folder Management card or file selection in the Upload card) remain fully initialized and retain their state on page refresh.
      • Modal Display: When the user interacts (via hover or click) with the header icon, the card is temporarily moved into a modal overlay for full interaction. When the modal is closed, the card is returned to the hidden container, keeping its state persistent.
    • Seamless Interaction:
      • Both drop zones support smooth drag-and-drop interactions with animations and pointer event adjustments, ensuring reliable card placement regardless of screen position.

Flexible Authentication

  • Supports multiple authentication methods including Form-based Login, Basic Auth, OpenID Connect (OIDC), and TOTP-based Two-Factor Authentication.
  • Ensures continuous secure access by allowing administrators to disable only two of the available login options at any time.

Secure OIDC Authentication

  • Seamlessly integrates with OIDC providers (e.g., Keycloak, Okta).
  • Provides admin-configurable OIDC settings—including Provider URL, Client ID, Client Secret, and Redirect URI.
  • Stores all sensitive configurations in an encrypted JSON file.

TOTP Two-Factor Authentication

  • Enhances security by integrating Time-based One-Time Password (TOTP) functionality.
  • The new User Panel automatically displays the TOTP setup modal when users enable TOTP, presenting a QR code for easy configuration in authenticator apps.
  • Administrators can customize a global OTPAuth URL template for consistent TOTP provisioning across accounts.

Dynamic Admin Panel

  • Features an intuitive interface with Material Icons for quick recognition and access.
  • Allows administrators to manage authentication settings, user management, and login methods in real time.
  • Includes real-time validation that prevents the accidental disabling of all authentication methods simultaneously.
  • User Permissions Options:
    • Folder Only gives user their own root folder.
    • Read Only makes it so the user can only read the files.
    • Disable Upload prevents file uploads.

Advanced Search Implementation

  • Advanced Search Toggle:

    • Added a global toggle (window.advancedSearchEnabled) and a UI button to switch between basic and advanced search modes.
    • The toggle button label changes between "Advanced Search" and "Basic Search" to reflect the active mode.

  • Fuse.js Integration Updates:

    • Modified the searchFiles() function to conditionally include the "content" key in the Fuse.js keys only when advanced search mode is enabled.
    • Adjusted Fuse.js options by adding ignoreLocation: true, adjusting the threshold, and optionally assigning weights (e.g., a lower weight for name and a higher weight for content) to prioritize matches in file content.

  • Backend (PHP) Enhancements:

    • Updated getFileList.php to read the content of text-based files (e.g., .txt, .html, .md, etc.) using file_get_contents().
    • Added a "content" property to the JSON response for eligible files to allow for full-text search in advanced mode.

Fuse.js Integration for Indexed Real-Time Searching**

  • Added Fuse.js Library: Included Fuse.js via a CDN <script> tag to leverage its client‑side fuzzy search capabilities.
  • Created searchFiles Helper Function: Introduced a new function that uses Fuse.js to build an index and perform fuzzy searches over file properties (file name, uploader, and nested tag names).
  • Transformed JSON Object to Array: Updated the loadFileList() function to convert the returned file data into an array (if it isn’t already) and assign file names from JSON keys.
  • Updated Rendering Functions: Modified both renderFileTable() and renderGalleryView() to use the searchFiles() helper instead of a simple in‑array .filter(). This ensures that every search—real‑time by user input—is powered by Fuse.js’s indexed search.
  • Enhanced Search Configuration: Configured Fuse.js to search across multiple keys (file name, uploader, and tags) so that users can find files based on any of these properties.
Clone this wiki locally