A self-hosted local file sharing app built by students, for students (and honestly, for any small network setup).
Team 0xTJRS23
This is a web app where one machine hosts the server and everyone else on the same reachable network can upload, manage, and share files from a browser.
Even though registration format is @student.ruet.ac.bd, the app itself is not locked to RUET campus Wi-Fi only. You can run it on home Wi-Fi, lab LAN, or private WAN too.
- Login with username or email
- Registration with
@student.ruet.ac.bdformat validation - Google Drive-style dashboard UI
- Upload/download/preview files
- Create/open/rename/delete folders
- Rename files
- Trash bin for files and folders (restore, permanent delete, empty trash)
- Share files and folders via:
- public token links (with expiry)
- user-to-user share
- Revoke share access (owner-only)
- "Shared with me" supports both files and folders
- File/folder info popup (owner, size, dates, share info)
- Profile page with editable info + avatar upload/remove
- Admin panel for users, files, shares, and logs
- Social share shortcuts (Facebook, WhatsApp, Messenger, Telegram)
- Responsive/mobile-friendly layout
- Password hashing with Werkzeug
- Signed Flask session auth
- Session hardening:
SESSION_COOKIE_HTTPONLY=TrueSESSION_COOKIE_SAMESITE='Lax'SESSION_COOKIE_SECUREvia env (1for HTTPS)- 12-hour permanent session lifetime
- Login rate-limit logic for repeated failed attempts
- Restrictive CORS config for
/api/*with allowlist origins - Upload filtering:
- dangerous extension blocking
- executable magic-byte checks
- empty file rejection
- per-user quota enforcement
- Ownership checks for sensitive actions (share/revoke/manage)
- Protected profile image route (user can access only own avatar file)
- SIEM field sanitization before writing logs
Logs are written to:
logs/access.loglogs/error.log
Each line follows this structure:
YYYY-MM-DD HH:MM:SS | LEVEL | EVENT=... | IP=... | PATH=... | METHOD=... | UA=... | USERNAME=... | REFERRER=... | CATEGORY=... | OUTCOME=... | STATUS=... | TARGET=... | MESSAGE=...
Rotation:
- 10 MB per log file
- 10 backups
On first run (if no admin exists), app creates:
| Username | Password | |
|---|---|---|
admin |
admin@student.ruet.ac.bd |
admin123 |
Please change the password after first login.
git clone https://github.com/InferiorAK/Integrated-Share.git
cd Integrated-Share
pip install -r requirements.txt
python app.pyApp starts at:
http://<server-ip>:5000
Service file in repo: integrated-share.service
Gunicorn command:
gunicorn -w 4 -b 0.0.0.0:5000 app:appManual service setup:
sudo cp integrated-share.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable integrated-share
sudo systemctl start integrated-share
sudo systemctl status integrated-shareOne-command installer from GitHub:
curl -fsSL https://raw.githubusercontent.com/InferiorAK/Integrated-Share/main/setup.sh | sudo bashAt the end, installer prints:
- start
- stop
- restart
- status
- disable
commands for integrated-share service.
-
CORS_ALLOWED_ORIGINS
Default:http://localhost:5000,http://127.0.0.1:5000 -
SESSION_COOKIE_SECURE
Set to1in HTTPS deployment.
Integrated-Share/
├── app.py
├── requirements.txt
├── setup.sh
├── integrated-share.service
├── clean.sh
├── core/
│ ├── admin.py
│ ├── auth.py
│ ├── extensions.py
│ ├── files.py
│ ├── logger.py
│ ├── models.py
│ ├── share.py
│ └── utils.py
├── templates/
│ ├── admin.html
│ ├── error.html
│ ├── folder_share.html
│ ├── index.html
│ ├── login.html
│ ├── profile.html
│ └── register.html
├── static/
│ ├── main.js
│ ├── style.css
│ └── images/
├── assets/
│ ├── Banner.jpg
│ ├── Register.png
│ ├── Login.png
│ ├── Sharing Application Interface.png
│ ├── Profile.png
│ ├── Admin Interface.png
│ ├── Security Logs.png
│ ├── Project_Mechanism.png
│ └── Logo.png
├── logs/
├── uploads/
└── instance/