hshare
A private upload and password-protected temporary file sharing service.
Purpose
- Accept files from trusted users or scripts through a private upload API
- Generate temporary share links for humans to download artifacts safely
- Keep the upload surface off the public internet
Public / operational shape
- Repository: https://github.com/Gandalf-The-IT-Wizard/hshare
- Public download endpoint:
/f/{token} - Private upload endpoint:
POST /api/files
What it does
- Stores share token hashes in SQLite
- Uses shared HTTP Basic Auth for downloads
- Supports configurable link lifetimes
- Can serve images and PDFs inline
- Uses Docker Compose for deployment
Deployment notes
- The upload API should remain private.
- Only the download path should be exposed through a reverse proxy.
- Do not put an error-page middleware in front of the download endpoint if it rewrites
401responses, because browsers need theWWW-Authenticateheader for the login prompt. - Runtime secrets live in
hshare.env.
Why it matters
This is the sort of small but useful tool that keeps generated artifacts from being flung into the wild like loose parchments in a gale.