Secure File Sharing Application

A modern, secure file sharing application with password protection, expiration dates, download limits, and virus scanning capabilities.

Features

🔒 Security Features

Password Protection: All files are protected with user-defined passwords
Virus Scanning: Automatic virus scanning using VirusTotal API before upload
File Encryption: Files are encrypted before storage
Secure Links: Time-limited, download-limited sharing links
Authentication: Supabase-based user authentication

Real-time virus scanning integrated into the upload workflow.

📁 File Management

Multiple Formats: Support for documents, images, and archives
Size Limits: 50MB maximum file size
Download Tracking: Monitor download counts and limits
Expiration Control: Set custom expiration times (1 hour to 1 year)

🎨 Modern UI

Responsive Design: Works on desktop and mobile
Real-time Feedback: Progress indicators and status updates
Beautiful Animations: Network background and smooth transitions
User-friendly: Intuitive drag-and-drop interface

Tech Stack

Frontend

Vue.js 3: Modern reactive framework
Vite: Fast build tool
Axios: HTTP client for API calls
Supabase: Authentication and database

Backend

Flask: Python web framework
Supabase: Database and storage
VirusTotal API: Virus scanning service
Cryptography: File encryption

Infrastructure

Docker: Containerization for consistent development and production environments
Docker Compose: Multi-container orchestration

Quick Start

Prerequisites

Node.js 16+
Python 3.7+
Supabase account
VirusTotal API key (optional but recommended)

Installation

Clone the repository

git clone <repository-url>
cd secure-file-sharing

Setup Backend

cd backend
pip install -r requirements.txt

Configure Environment Variables Create a .env file in the backend directory:

SUPABASE_URL=<SUPABASE_URL>
SUPABASE_KEY=<SUPABASE_KEY>
SUPABASE_SERVICE_ROLE_KEY=<SUPABASE_SERVICE_ROLE_KEY>
FERNET_KEY=<FERNET_KEY>
VIRUSTOTAL_API_KEY=<VIRUSTOTAL_API_KEY>  # Optional

Setup Frontend
```
cd frontend
npm install
```

Start the Application

# Terminal 1 - Backend
cd backend
python app.py

# Terminal 2 - Frontend
cd frontend
npm run dev

Access the Application Open http://localhost:5173 in your browser

Docker Quick Start

The easiest way to run the application is using Docker Compose.

Configure Environment Variables Ensure you have .env files in both backend/ and frontend/ directories as described in the Operations Guide.
Run with Docker Compose
```
docker-compose up --build
```
Access the Application
- Frontend: http://localhost:5173
- Backend API: http://localhost:5000

Virus Scanning Setup

The application includes automatic virus scanning using VirusTotal API. See OPERATIONS.md for detailed setup instructions.

Quick VirusTotal Setup:

Get a free API key from VirusTotal
Add VIRUSTOTAL_API_KEY=your_key to your .env file
Restart the backend server

Usage

Uploading Files

Login/Signup: Create an account or sign in to access your dashboard.

Secure authentication using Supabase.
Select File: Drag and drop or click to browse.
Configure Settings: Set download limits and expiration.
Set Password: Create a secure password.
Upload: File is automatically scanned and uploaded.

Get a secure shareable link instantly.
Share: Copy the generated download link.

Downloading Files

Access Link: Open the shared download link
Enter Password: Provide the file password
Download: File is decrypted and downloaded. Keep track of limits and expiry.

View file details and transfer status.

Security Features

Virus Scanning Process

File Upload: File is temporarily saved
Hash Calculation: SHA-256 hash is computed
VirusTotal Check: Hash is checked against VirusTotal database
Upload if New: If not found, file is uploaded for scanning
Analysis: 70+ antivirus engines analyze the file
Decision: Safe files proceed, threats are blocked

VirusTotal blocking a malicious file upload.

File Protection

Encryption: Files are encrypted using Fernet (AES-128)
Password Hashing: Passwords are hashed with PBKDF2
Secure Storage: Files stored in Supabase with access controls
Temporary Scanning: Files are deleted after virus scanning

Security Testing

This application has been thoroughly tested using industry-standard security tools:

OWASP ZAP: Web application security scanner for identifying vulnerabilities
Trivy: Comprehensive security scanner for container images, file systems, and git repositories
SonarQube: Continuous code quality and security inspection platform
Snyk: Dependency vulnerability scanning and monitoring
Bandit: Python security linter for identifying common security issues
Semgrep: Static analysis tool for finding security vulnerabilities and bugs

Detailed security reports and implementation details can be found in SECURITY_REPORT.md.

🚀 DevSecOps Pipeline

The project employs a comprehensive GitHub Actions pipeline to ensure security at every stage:

Secrets Detection: Scans for hardcoded secrets using Gitleaks and Trivy.
SCA (Software Composition Analysis): Checks dependencies for vulnerabilities using Snyk, Safety (Python), and npm audit (Node.js).
SAST (Static Application Security Testing): Analyzes code for security flaws using Bandit (Python) and Semgrep.
Container Security: Scans Docker images for OS-level vulnerabilities using Trivy.
DAST (Dynamic Application Security Testing): Scans the running application using OWASP ZAP.

The pipeline runs automatically on every push and pull request to the main branch.

API Endpoints

File Sharing

POST /api/share - Upload and share a file
GET /api/download/<token> - Get download page info
POST /api/download/<token>/file - Download file with password

Dashboard

GET /api/dashboard/files - Get user's shared files
DELETE /api/dashboard/files/<id> - Delete shared file

Comprehensive view of your active shares and storage.

Admin Interface

For administrators, the application provides a robust management interface to monitor all activity.

Overall system health and user activity monitoring.

Manage registered users and permissions.

Monitor all shared files across the system.

Configuration

Environment Variables

Variable	Description	Required
`SUPABASE_URL`	Supabase project URL	Yes
`SUPABASE_KEY`	Supabase anonymous key	Yes
`SUPABASE_SERVICE_ROLE_KEY`	Supabase service role key	Yes
`FERNET_KEY`	Encryption key	Yes
`VIRUSTOTAL_API_KEY`	VirusTotal API key	Yes

File Size Limits

Maximum: 50MB per file
Supported Types: PDF, DOC, DOCX, XLS, XLSX, PPT, PPTX, JPG, JPEG, PNG, GIF, SVG, WEBP, TXT, CSV, RTF, ZIP, RAR

Development

Project Structure

secure-file-sharing/
├── backend/
│   ├── app.py              # Main Flask application
│   ├── config.py           # Configuration settings
│   ├── requirements.txt    # Python dependencies
│   ├── routes/            # API route handlers
│   └── utils/             # Utility functions
│       ├── encryption.py   # File encryption
│       └── virus_scan.py   # VirusTotal integration
├── frontend/
│   ├── src/
│   │   ├── components/    # Vue components
│   │   ├── router.js      # Vue router
│   │   └── supabase.js    # Supabase client
│   ├── package.json       # Node dependencies
│   └── vite.config.js     # Vite configuration
└── README.md              # This file

Running Tests

# Backend tests
cd backend
python -m pytest

# Frontend tests
cd frontend
npm run test

### Security Verification
The `python/` directory contains custom security verification scripts to ensure the server is hardened against common vulnerabilities.

```bash
# Run comprehensive security checks
python python/comprehensive_security_test.py

# Validate admin route security
python python/validate_admin_fix.py

Deployment

Backend Deployment

Set up a Python environment (Python 3.7+)
Install dependencies: pip install -r requirements.txt
Configure environment variables
Run with Gunicorn: gunicorn app:app

Frontend Deployment

Build the project: npm run build
Deploy the dist folder to your hosting service
Configure environment variables for production

Contributing

Fork the repository
Create a feature branch
Make your changes
Add tests if applicable
Submit a pull request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

For issues and questions:

Check the OPERATIONS.md for virus scanning issues
Review the troubleshooting section in the setup guide
DEPLOYMENT.md for installation issues
ARCHITECTURE.md for technical deep-dives

Security Considerations

API Keys: Never commit API keys to version control
Rate Limits: Monitor VirusTotal API usage
File Privacy: Files are encrypted and not accessible without passwords
Temporary Storage: Files are deleted after virus scanning
HTTPS: Always use HTTPS in production

Note: This application includes virus scanning capabilities. Ensure you comply with VirusTotal's terms of service and API usage limits.

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.github/workflows		.github/workflows
backend		backend
frontend		frontend
pics		pics
python		python
.gitignore		.gitignore
ARCHITECTURE.md		ARCHITECTURE.md
CLOUDFLARE.md		CLOUDFLARE.md
DEPLOYMENT.md		DEPLOYMENT.md
OPERATIONS.md		OPERATIONS.md
README.md		README.md
SECURITY_REPORT.md		SECURITY_REPORT.md
docker-compose.yml		docker-compose.yml
setup_cloudflare.sh		setup_cloudflare.sh

Elyes-2/Secure-Vault

Folders and files

Latest commit

History

Repository files navigation