Changelog

v0.0.1 (2025-12-28)

Features

Supported Platforms

  • macOS desktop
  • iOS app
  • android app
  • linux server

File Sharing

  • File browsing: View file list in shared directories (supports subdirectories)
  • File upload: Supports local upload and remote upload (remote upload toggle)
  • File download: Download files from server to local
  • File deletion: Delete server files (requires permission enabled)
  • Resumable download: HTTP Range support, large files can be resumed
  • Name conflict handling: Supports three strategies - auto rename / overwrite / error

Device Discovery

  • Automatic LAN device discovery
  • Manual connection: Direct browser access, mobile app manual connection

Service Configuration

  • Shared directory selection: Visual or config file selection of folders to share
  • Remote upload control: Configurable whether to allow remote devices to upload files
  • Deletion permission control: Configurable whether to allow file deletion
  • Auto-stop service: Configurable auto-close service after inactivity
  • Configuration persistence: Configuration automatically saved to local file

User Interface

  • Web UI: Responsive design, adapts to mobile and desktop browsers
  • Desktop UI: Native window interface for desktop applications
  • Dark mode: Supports light/dark theme switching
  • Internationalization: Supports Chinese and English
  • Access address display: Shows list of accessible URLs on server
  • QR code sharing: Generate QR codes for mobile scanning access

Security Mechanisms

  • Path traversal attack: URL decoding validation, prohibits special paths like ..
  • Symbolic link escape: Does not follow symlinks in shared directories
  • File overwrite risk: Write to temporary file first, atomic rename after completion
  • LAN restriction: Configurable to allow only LAN IP access
  • Large file attack: Single file size limit (default 10GB)
  • Password protection: Access password

Server Deployment Security Requirements

  • lan_only=false: Enable remote access
  • password: Required - startup fails without password
  • listen_addr: 0.0.0.0 | Listen on all network interfaces, do not use public IP
  • LAN device discovery: Automatically disabled - automatically closed when lan_only=false