Skip to content

reliability, batch transfer, and privacy#60

Merged
parvardegr merged 13 commits into
mainfrom
roadmap-implementation
Jun 17, 2026
Merged

reliability, batch transfer, and privacy#60
parvardegr merged 13 commits into
mainfrom
roadmap-implementation

Conversation

@parvardegr

Copy link
Copy Markdown
Owner

Share more, with less friction — reliability, batch transfer, and privacy

This PR turns easy-sharing from "share one file to a browser" into an all-around terminal↔phone tool, while fixing the #1 reason shares silently fail.

Why

The tool is loved (1.8k★) but the magic moment — scan the QR, it just works — broke on common setups: getNetworkAddress() returned the first non-internal IPv4, so on machines with Docker/VPN/WSL it advertised an unreachable address (the QR scans, the page never loads). That, plus a few table-stakes gaps (multi-file receive, folder download, one-flag privacy), is what this PR addresses.

What's new

Reliability

  • Smart network-interface detection that skips Docker/VPN/WSL adapters, with --interface/-i to pin one and a startup hint listing other addresses.
  • /qr browser fallback page + --open for terminals that can't render the QR (Windows / unicode).
  • Connectivity/firewall hint on startup.

Transfer

  • Multi-file and drag-and-drop uploads on --receive (finishes the long-standing multi-file request).
  • "Download folder as .zip" link + /zip route.
  • Clipboard share now opens a page with a one-tap Copy button; new "send text from phone → terminal" on the receive page.

Trust & lifetime

  • -S auto-generates a self-signed cert (no more -C/-K required).
  • --once (stop after first transfer) and --timeout 30s|10m|1h.
  • --token (secret/unguessable link) and --secure (token + generated password + HTTPS in one flag); open shares now print a warning.

Hardening

Upload is basename-only and rejects symlink/.. escapes and same-name clobbering; /zip is confined to the share root and skips symlinks; token is carried in the path (not the query); clipboard mode never serves the cwd.

Compatibility

Fully backward compatible — existing flags and behavior unchanged. Adds qrcode, archiver, selfsigned (lazy-required); engines bumped to >=14.17.

Testing

Test suite extended 18 → 32, all passing (npm test), covering interface ranking, multi-file/traversal/symlink safety, /zip, /qr, /text, the clipboard page, and token gating. Manually verified end-to-end across share, receive, zip, clipboard, --secure, --once, and HTTPS.

@parvardegr parvardegr merged commit e103cc3 into main Jun 17, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant