stonith404 / pingvin-share

A self-hosted file sharing platform that combines lightness and beauty, perfect for seamless and efficient file sharing.
https://stonith404.github.io/pingvin-share/
BSD 2-Clause "Simplified" License
3.37k stars 238 forks source link

🚀 Feature: Enforce expiration/limit for guest uploads #75

Open lockheed opened 1 year ago

lockheed commented 1 year ago

It would be great if admin could set default and separate limits for uploads from unregistered users, ie:

This would make it far more abuse resistant.

stonith404 commented 1 year ago

In my opinion Pingvin Share is only used by people that the hoster knows so quotas are not necessary. Why should someone upload to your Pingvin Share instance that you don't know, he/she could easily use an other public service like WeTranfer.

Do you have a specific use case for anonymous users?

lockheed commented 1 year ago

Bots. Finding an instance URL and filling it up with junk or illegal/malicious content.

stonith404 commented 1 year ago

That's true but I meant, why should you even enable anonymous shares? Do you have a specific use case for enabling it?

lockheed commented 1 year ago

Because I want to exchange files with people who are not technical, and asking them to create and account makes them not willing to share files.

stonith404 commented 1 year ago

That's a good point. Limiting the expiration time and the share size limit are possible to implement but limiting the anonymous uploads is in my opinion not possible because how should we identify the anonymous user?

lockheed commented 1 year ago

I mean limit for all anonymous users, so if there is one anonymous upload, there cannot be another one within X hours/days/weeks. No matter if it's the same person or not.

EgonHeuson commented 1 year ago

Agreed, this would be a great feature, and actually, I'd love to be able to set up the same limitations to registered users. Most of the times, my friends forget to remove their uploaded files. Actually that's why they use services like WeTransfer. They upload, share, and then never have to think about those files again. Would this be possible?

coaz commented 1 year ago

For anonymus user, the limit could by based on the IP.

stonith404 commented 1 year ago

@coaz I'm not really sure if this would be a nice solution because a VPN or proxy could easily be used to bypass the limit. Additionally if there are many people in the same network (like in a school or company) the limit would apply for all in the same network as they all have the same IP.

iUnstable0 commented 1 year ago

Maybe I can do something like a captcha for public reverse share uploads. It wont stop all bots but some

gill6151 commented 1 year ago

In my opinion Pingvin Share is only used by people that the hoster knows so quotas are not necessary. Why should someone upload to your Pingvin Share instance that you don't know, he/she could easily use an other public service like WeTranfer.

While I can see why Pingvin Share works well with people you know, it also can serve as a very solid base for an anonymous file uploading service. I would very much love to deploy it for that use case as it is the only file sharing service I know of with a clean and no bullshit interface but the only thing holding me back from doing so is the lack of enforced upload expiry times.

EgonHeuson commented 1 year ago

Maybe I can do something like a captcha for public reverse share uploads. It wont stop all bots but some

Would be amazing! :-D

EgonHeuson commented 1 year ago

In my opinion Pingvin Share is only used by people that the hoster knows so quotas are not necessary. Why should someone upload to your Pingvin Share instance that you don't know, he/she could easily use an other public service like WeTranfer.

While I can see why Pingvin Share works well with people you know, it also can serve as a very solid base for an anonymous file uploading service. I would very much love to deploy it for that use case as it is the only file sharing service I know of with a clean and no bullshit interface but the only thing holding me back from doing so is the lack of enforced upload expiry times.

Same for me. And also, even if you only open it to people you know, you have 2 main issues. First these people may just not know how much they can upload before making your server full, and most of the members of my family always forget to empty their trash on their computer, so that will fill up even more quickly the server. And second, if you want a service to be used, you need it as simple as possible. If my family members have to register on my file transfer system, but not on WeTransfer, they will go for the latter. Which is precisely what I want to avoid (due to privacy, energy saving, etc. reasons) if I self host such tools :-)

ccrsxx commented 5 months ago

One workaround that I use is to spin up another pingvin-share container on another port specifically for guests. This way you can have separate limits for Admin and Guest.