lixmal · Nov 27, 2019
diff --git a/‎.gitignore
+27 b/‎.gitignore
+27
diff --git a/‎Dockerfile
+38 b/‎Dockerfile
+38
diff --git a/‎LICENSE
+21 b/‎LICENSE
+21
diff --git a/‎README.md
+6 b/‎README.md
+6
diff --git a/‎config.yml
+53 b/‎config.yml
+53
diff --git a/‎files/.gitignore
+2 b/‎files/.gitignore
+2
diff --git a/‎go.mod
+21 b/‎go.mod
+21
diff --git a/‎go.sum
+218 b/‎go.sum
+218
diff --git a/‎main.go
+616 b/‎main.go
+616
diff --git a/‎package-lock.json
+4,246 b/‎package-lock.json
+4,246
diff --git a/‎package.json
+48 b/‎package.json
+48
diff --git a/‎public/index.html
+16 b/‎public/index.html
+16
diff --git a/‎public/scripts/.gitignore
+2 b/‎public/scripts/.gitignore
+2
diff --git a/‎src/scripts/Alert.js
+20 b/‎src/scripts/Alert.js
+20
diff --git a/‎src/scripts/Download.js
+195 b/‎src/scripts/Download.js
+195
diff --git a/‎src/scripts/ErrPage.js
+29 b/‎src/scripts/ErrPage.js
+29
diff --git a/‎src/scripts/Polyfills.js
+66 b/‎src/scripts/Polyfills.js
+66
diff --git a/‎src/scripts/Upload.js
+301 b/‎src/scripts/Upload.js
+301
diff --git a/‎src/scripts/Uploaded.js
+116 b/‎src/scripts/Uploaded.js
+116
diff --git a/‎src/scripts/app.js
+82 b/‎src/scripts/app.js
+82
diff --git a/‎src/style/app.css
+92 b/‎src/style/app.css
+92
diff --git a/‎v8_to_v10.go
+56 b/‎v8_to_v10.go
+56
@@ -0,0 +1,27 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+gdprshare
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+*.db
+
+# npm
+node_modules/
+public/scripts/bundle.js
+npm-debug.log
+disc.html
+
+# vim
+*.sw[a-z]
+
+config_test.yml
+test/
@@ -0,0 +1,38 @@
+FROM alpine:edge
+
+WORKDIR /opt/gdprshare/
+RUN apk add --update --no-cache --virtual .build-deps \
+    # install build tools
+        npm \
+        go \
+        git \
+    # get source
+    && cd .. \
+    && git clone https://github.com/lixmal/gdprshare \
+    && cd gdprshare \
+    # build go binary
+    && go build \
+    # install js dependencies
+    && npm install \
+    # build bundle.js
+    && npm run build \
+    && rm -rf node_modules \
+    # remove build tools
+    && apk del --purge .build-deps \
+    && rm -rf src *.go go.* *.json \
+    # create dir
+    && mkdir /conf \
+    # move config to volume
+    && mv config.yml /conf/
+
+EXPOSE 8080
+
+VOLUME ["/conf"]
+
+STOPSIGNAL SIGTERM
+
+USER nobody:nogroup
+
+ENV GIN_MODE release
+
+CMD ["./gdprshare", "--config", "/conf/config.yml"]
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 lixmal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,6 @@
+# gdprshare
+
+## BUILDING
+go build
+npm install
+npm run build
@@ -0,0 +1,53 @@
+# post size in MiB
+maxuploadsize: 25
+
+idlength: 20
+
+# directory to store uploaded files
+storepath: 'files'
+
+# listen address/port
+listenaddr: ':8080'
+
+tls:
+    use:  false
+    key:  '/etc/ssl/private/ssl-cert-snakeoil.key'
+    cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+
+database:
+    # see https://godoc.org/github.com/jinzhu/gorm#Open
+    driver: 'sqlite3'
+    args:   'gdprshare.db'
+
+mail:
+    smtphost: 'localhost'
+    smtpport: 25
+    smtpuser: ''
+    smtppass: ''
+    from:     'root@localhost'
+    subject:  'File was downloaded: %s'
+
+    # available variables:
+    #   .FileID
+    #   .Addr
+    #   .UserAgent
+    #   .SrcTLSVersion
+    #   .SrcTLSCipherSuite
+    #   .DstTLSVersion
+    #   .DstTLSCipherSuite
+    body:     'File with id {{.FileID}} was downloaded.'
+
+
+# headers in case app is behind a reverse proxy
+header:
+    tlsversion:     'X-TLS-Version'
+    tlsciphersuite: 'X-TLS-CipherSuite'
+
+# saves receiver IP addr and user agent in database
+saveclientinfo: false
+
+# length of password pregenerated on the frontend
+passwordlength: 12
+
+
+# for config via env vars see https://github.com/jinzhu/configor#advanced-usage
@@ -0,0 +1,2 @@
+*
+!.gitignore
@@ -0,0 +1,21 @@
+module github.com/lixmal/gdprshare
+
+go 1.13
+
+require (
+	github.com/gin-contrib/size v0.0.0-20190911145601-c5a150d91bbf
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-contrib/static v0.0.0-20190913125243-df30d4057ba1 // indirect
+	github.com/gin-gonic/gin v1.4.0
+	github.com/go-gomail/gomail v0.0.0-20160411212932-81ebce5c23df
+	github.com/go-playground/validator/v10 v10.0.1
+	github.com/golang/protobuf v1.3.2 // indirect
+	github.com/jinzhu/configor v1.1.1
+	github.com/jinzhu/gorm v1.9.11
+	github.com/json-iterator/go v1.1.8 // indirect
+	github.com/mattn/go-isatty v0.0.10 // indirect
+	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
+	github.com/ugorji/go v1.1.7 // indirect
+	golang.org/x/sys v0.0.0-20191115151921-52ab43148777 // indirect
+	gopkg.in/yaml.v2 v2.2.5 // indirect
+)
@@ -0,0 +1,48 @@
+{
+    "name": "gdprshare",
+    "version": "0.1.0",
+    "description": "share files according to gdpr rules",
+    "main": "src/scripts/app.js",
+    "scripts": {
+        "test": "echo \"Error: no test specified\" && exit 1",
+        "dev": "node_modules/.bin/browserify -t browserify-css -t [ babelify --presets [ @babel/preset-env @babel/preset-react ] ] src/scripts/app.js -o public/scripts/bundle.js; sed -i 's/node_modules\\/bootstrap\\/dist\\///g' public/scripts/bundle.js",
+        "build": "NODE_ENV=production node_modules/.bin/browserify -p [ minifyify --no-map ] -t browserify-css -t [ babelify --presets [ @babel/preset-env @babel/preset-react ] ] src/scripts/app.js -o public/scripts/bundle.js; sed -i 's/node_modules\\/bootstrap\\/dist\\///g' public/scripts/bundle.js"
+    },
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/lixmal/gdprshare"
+    },
+    "keywords": [
+        "gdpr",
+        "fileshare"
+    ],
+    "author": "Viktor Liu",
+    "license": "MIT",
+    "bugs": {
+        "url": "https://github.com/lixmal/gdprshare/issues"
+    },
+    "devDependencies": {
+        "@babel/core": "^7.7.2",
+        "@babel/preset-env": "^7.7.1",
+        "@babel/preset-react": "^7.7.0",
+        "babelify": "^10.0.0",
+        "browserify": "^16.5.0",
+        "browserify-css": "^0.15.0",
+        "minifyify": "^7.3.5"
+    },
+    "dependencies": {
+        "@primer/octicons-react": "^9.3.0",
+        "bootstrap": "^4.3.1",
+        "bs-custom-file-input": "^1.3.2",
+        "classnames": "^2.2.6",
+        "clipboard-polyfill": "^2.8.6",
+        "react": "^16.12.0",
+        "react-dom": "^16.12.0",
+        "react-router-dom": "^5.1.2"
+    },
+    "browserify-css": {
+        "autoInject": true,
+        "minify": true,
+        "rootDir": "."
+    }
+}
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+        <title>GDPR Share</title>
+        <link rel="icon" type="image/png" href="/assets/img/favicon.png">
+    </head>
+    <body ontouchstart>
+        <noscript>
+            <h4>Your browser doesn't support JavaScript or it is disabled. Please enable JavaScript.</h4>
+        </noscript>
+        <div id="app-content"></div>
+        <script type="text/javascript" src="/assets/scripts/bundle.js"></script>
+    </body>
+</html>
@@ -0,0 +1,2 @@
+*
+!.gitignore
@@ -0,0 +1,20 @@
+import React from 'react'
+import Octicon, { Alert as AlertI } from '@primer/octicons-react'
+
+export default class Alert extends React.Component {
+    constructor() {
+        super()
+    }
+
+    render() {
+        return this.props.error ? (
+            <div className="alert alert-danger alert-dismissible col-sm-12 file-error text-center">
+                <Octicon icon={AlertI} />
+                <span className="sr-only">
+                    Error:
+                </span>
+                {this.props.error}
+            </div>
+        ) : null
+    }
+}
@@ -0,0 +1,195 @@
+import React from 'react'
+import { Link } from 'react-router-dom'
+import Classnames from 'classnames'
+import Alert from './Alert'
+
+export default class Download extends React.Component {
+    constructor() {
+        super()
+        this.url = '/api/v1/download'
+
+        this.handleDownload = this.handleDownload.bind(this)
+        this.downloadFile = this.downloadFile.bind(this)
+
+        this.state = {
+            error: null,
+            mask: false,
+            direct: false,
+            finished: false,
+        }
+    }
+
+    componentDidMount() {
+        var url = new URL(window.location.href)
+        var password = url.searchParams.get('p')
+
+        // don't render password field
+        if (password) {
+            this.setState({
+                direct: true,
+            })
+
+            this.handleDownload(null, password)
+        }
+    }
+
+    classes() {
+        return Classnames({
+            'app-outer': true,
+            'loading-mask': this.state.mask,
+        })
+    }
+
+    downloadFile(data, filename) {
+        var blob
+        if (typeof File === 'function') {
+            try {
+                blob = new File([data], filename)
+            } catch (e) { /* Edge */ }
+        }
+        if (typeof blob === 'undefined') {
+            blob = new Blob([this.response], { type: type })
+        }
+
+        if (typeof window.navigator.msSaveBlob !== 'undefined') {
+            // IE workaround for "HTML7007: One or more blob URLs were revoked by closing the blob for which they were created. These URLs will no longer resolve as the data backing the URL has been freed."
+            window.navigator.msSaveBlob(blob, filename)
+        } else {
+            var URL = window.URL || window.webkitURL
+            var downloadUrl = URL.createObjectURL(blob)
+
+            if (filename) {
+                // use HTML5 a[download] attribute to specify filename
+                var a = document.createElement('a')
+                // safari doesn't support this yet
+                if (typeof a.download === 'undefined') {
+                    window.location = downloadUrl
+                } else {
+                    a.href = downloadUrl
+                    a.download = filename
+                    document.body.appendChild(a)
+                    a.click()
+                }
+            } else {
+                window.location = downloadUrl
+            }
+
+            setTimeout(function () { URL.revokeObjectURL(downloadUrl) }, 100)
+        }
+        this.setState({
+            mask: false,
+            // no second download allowed
+            finished: true,
+        })
+    }
+
+    decrypt(cipherText, salt, password, callback) {
+        window.crypto.subtle.importKey(
+            'raw',
+            new TextEncoder().encode(password),
+            { name: 'PBKDF2' },
+            false,
+            [ 'deriveBits', 'deriveKey' ]
+        ).then(function (keyMaterial) {
+            gdprshare.deriveKey(keyMaterial, salt, function (key) {
+                var iv = cipherText.slice(0,12)
+                var cipherT  = cipherText.slice(12)
+                var gcmParams = {
+                    name: 'aes-gcm',
+                    iv: iv,
+                }
+
+                window.crypto.subtle.decrypt(gcmParams, key, cipherT).then(callback, function(error) {
+                    console.log(error)
+                    var err = error.toString()
+                    if (err === 'OperationError')
+                        err = 'Decryption error. Wrong password?'
+                    this.setState({
+                        error: err,
+                        mask: false,
+                    })
+                }.bind(this))
+            }.bind(this))
+        }.bind(this), gdprshare.rejecterr.bind(this))
+    }
+
+    handleDownload(event, password) {
+        if (event)
+            event.preventDefault()
+
+        if (this.state.mask)
+            return
+
+        if (!password)
+            password = this.refs.password.value
+
+        this.setState({
+            error: null,
+            mask: true
+        })
+
+        let fileId = window.location.pathname.split('/').pop()
+
+        window.fetch(this.url + '/' + fileId, {
+            method: 'GET',
+        }).then(function (response) {
+            if (response.ok) {
+                var buf = Buffer.from(response.headers.get('X-Filename'), 'base64')
+                var salt = buf.slice(0,32)
+                var filename  = buf.slice(32)
+
+                // decryption of filename
+                this.decrypt(filename, salt, password, function (clearText) {
+                    var filename = new TextDecoder().decode(clearText)
+
+                    response.arrayBuffer().then(function (file) {
+                        this.decrypt(file, salt, password, function(clearText) {
+                            this.downloadFile(clearText, filename)
+                        }.bind(this), gdprshare.rejecterr.bind(this))
+                    }.bind(this), gdprshare.rejecterr.bind(this))
+                }.bind(this), gdprshare.rejecterr.bind(this))
+            }
+            else {
+                response.clone().json().then(function(data) {
+                    this.setState({
+                        error: data.message,
+                    })
+                }.bind(this), gdprshare.fetcherr.bind(this, response))
+            }
+
+            this.setState({
+                mask: false
+            })
+        }.bind(this), gdprshare.rejecterr.bind(this))
+    }
+
+    render() {
+        var form = (
+            <form className="app-inner" onSubmit={this.handleDownload}>
+                <div className="form-group row">
+                    <label htmlFor="password" className="col-sm-3 col-form-label">Password</label>
+                    <div className="col-sm-9">
+                        <input className="form-control" id="password" type="password" ref="password" placeholder="Password" maxLength="255" autoFocus="autoFocus" required="required"/>
+                    </div>
+                </div>
+                <div className="text-center col-sm-12">
+                    <input type="submit" className="btn btn-primary" value="Download"/>
+                </div>
+            </form>
+        )
+        return (
+            <div className="container-fluid col-sm-4">
+                <div className={this.classes()}>
+                    <h4 className="text-center">GDPRShare Download</h4>
+                    { this.state.direct || this.state.finished ? null : form }
+                    <br />
+                    <Alert error={this.state.error} />
+
+                    <div className="text-center col-sm-12">
+                        <Link to="/">Upload new file</Link>
+                    </div>
+                </div>
+            </div>
+        )
+    }
+}
@@ -0,0 +1,29 @@
+import React from 'react'
+import Classnames from 'classnames'
+import Alert from './Alert'
+
+export default class ErrPage extends React.Component {
+    constructor() {
+        super()
+        this.url = '/stats'
+    }
+
+    UNSAFE_componentWillMount() {
+        window.fetch(this.url, {
+            method: 'POST',
+            body: {
+                url: window.document.location.toString(),
+            },
+        })
+    }
+
+    render() {
+        return (
+            <div className="container-fluid text-center col-sm-4">
+                <h4>BROWSER ERROR</h4>
+                <br />
+                <Alert error="Your browser doesn't support required operations. Please try a different browser." />
+            </div>
+        )
+    }
+}
@@ -0,0 +1,66 @@
+//import 'promiz'
+//import 'webcrypto-shim'
+
+// IE11
+if (!window.crypto)
+    window.crypto = window.msCrypto
+
+// Edge
+if (typeof TextEncoder === "undefined") {
+    window.TextEncoder = function TextEncoder() {}
+    TextEncoder.prototype.encode = function encode(str) {
+        'use strict'
+        var Len = str.length, resPos = -1
+        // The Uint8Array's length must be at least 3x the length of the string because an invalid UTF-16
+        //  takes up the equivelent space of 3 UTF-8 characters to encode it properly. However, Array's
+        //  have an auto expanding length and 1.5x should be just the right balance for most uses.
+        var resArr = typeof Uint8Array === "undefined" ? new Array(Len * 1.5) : new Uint8Array(Len * 3)
+        for (var point=0, nextcode=0, i = 0; i !== Len; ) {
+            point = str.charCodeAt(i), i += 1
+            if (point >= 0xD800 && point <= 0xDBFF) {
+                if (i === Len) {
+                    resArr[resPos += 1] = 0xef/*0b11101111*/; resArr[resPos += 1] = 0xbf/*0b10111111*/
+                    resArr[resPos += 1] = 0xbd/*0b10111101*/; break
+                }
+                // https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
+                nextcode = str.charCodeAt(i)
+                if (nextcode >= 0xDC00 && nextcode <= 0xDFFF) {
+                    point = (point - 0xD800) * 0x400 + nextcode - 0xDC00 + 0x10000
+                    i += 1
+                    if (point > 0xffff) {
+                        resArr[resPos += 1] = (0x1e/*0b11110*/<<3) | (point>>>18)
+                        resArr[resPos += 1] = (0x2/*0b10*/<<6) | ((point>>>12)&0x3f/*0b00111111*/)
+                        resArr[resPos += 1] = (0x2/*0b10*/<<6) | ((point>>>6)&0x3f/*0b00111111*/)
+                        resArr[resPos += 1] = (0x2/*0b10*/<<6) | (point&0x3f/*0b00111111*/)
+                        continue
+                    }
+                } else {
+                    resArr[resPos += 1] = 0xef/*0b11101111*/; resArr[resPos += 1] = 0xbf/*0b10111111*/
+                    resArr[resPos += 1] = 0xbd/*0b10111101*/; continue
+                }
+            }
+            if (point <= 0x007f) {
+                resArr[resPos += 1] = (0x0/*0b0*/<<7) | point
+            } else if (point <= 0x07ff) {
+                resArr[resPos += 1] = (0x6/*0b110*/<<5) | (point>>>6)
+                resArr[resPos += 1] = (0x2/*0b10*/<<6)  | (point&0x3f/*0b00111111*/)
+            } else {
+                resArr[resPos += 1] = (0xe/*0b1110*/<<4) | (point>>>12)
+                resArr[resPos += 1] = (0x2/*0b10*/<<6)    | ((point>>>6)&0x3f/*0b00111111*/)
+                resArr[resPos += 1] = (0x2/*0b10*/<<6)    | (point&0x3f/*0b00111111*/)
+            }
+        }
+        if (typeof Uint8Array !== "undefined") return resArr.subarray(0, resPos + 1)
+        // else // IE 6-9
+        resArr.length = resPos + 1; // trim off extra weight
+        return resArr
+    }
+    TextEncoder.prototype.toString = function(){return "[object TextEncoder]"}
+    try { // Object.defineProperty only works on DOM prototypes in IE8
+        Object.defineProperty(TextEncoder.prototype,"encoding",{
+            get:function(){if(TextEncoder.prototype.isPrototypeOf(this)) return"utf-8"
+                else throw TypeError("Illegal invocation");}
+        })
+    } catch(e) { /*IE6-8 fallback*/ TextEncoder.prototype.encoding = "utf-8"; }
+    if(typeof Symbol!=="undefined")TextEncoder.prototype[Symbol.toStringTag]="TextEncoder"
+}
@@ -0,0 +1,301 @@
+import React from 'react'
+import Classnames from 'classnames'
+import Octicon, { Key } from '@primer/octicons-react'
+import BsCustomFileInput from 'bs-custom-file-input'
+import Alert from './Alert'
+
+export default class Upload extends React.Component {
+    constructor() {
+        super()
+        this.url = '/api/v1/upload'
+
+        this.handleFile = this.handleFile.bind(this)
+        this.handleUpload = this.handleUpload.bind(this)
+        this.handleDrop = this.handleDrop.bind(this)
+        this.handleDragOn = this.handleDragOn.bind(this)
+        this.handleDragOff = this.handleDragOff.bind(this)
+        this.uploadFile = this.uploadFile.bind(this)
+        this.reGenPassword = this.reGenPassword.bind(this)
+
+        this.state = {
+            error: null,
+            mask: false,
+        }
+    }
+
+    UNSAFE_componentDidMount() {
+        BsCustomFileInput.init()
+    }
+
+    classes() {
+        return Classnames({
+            'app-outer': true,
+            'loading-mask': this.state.mask,
+        })
+    }
+
+    dndClasses() {
+        return Classnames({
+            'col-sm-4': true,
+            'container-fluid': true,
+            'is-dragover': this.state.isDragOver,
+        })
+    }
+
+    genPassword(length) {
+        function genString() {
+            var array = new Uint16Array(length)
+            window.crypto.getRandomValues(array)
+            var array = Array.apply([], array)
+            array = array.filter(function(x) {
+                // -.0-9A-Za-z
+                return x >= 45 && x <=46 || x >= 48 && x<=57 || x >= 65 && x<= 90 || x >= 97 && x <= 122
+            })
+            return String.fromCharCode.apply(String, array)
+        }
+        var randomString = genString()
+        while (randomString.length < length) {
+            randomString += genString()
+        }
+        return randomString
+    }
+
+    reGenPassword(event) {
+        var btn = event.currentTarget
+        btn.blur()
+        var val = btn.parentNode.nextSibling.value = this.genPassword(gdprshare.config.passwordLength)
+    }
+
+    uploadFile(data, filename) {
+        var formData = new FormData()
+        var file = new File(
+            [ data ],
+            {
+                type: 'application/octet-stream'
+            },
+        )
+
+        var email = this.refs.email.value
+        formData.append('file', file, filename)
+        formData.append('filename', filename)
+        formData.append('count', this.refs.count.value)
+        formData.append('expiry', this.refs.expiry.value)
+        formData.append('email', email)
+
+        window.localStorage.setItem('email', email)
+
+        window.fetch(this.url, {
+            method: 'POST',
+            body: formData,
+        }).then(function (response) {
+            if (response.ok)
+                this.props.history.push(
+                    'uploaded',
+                    {
+                        location: location.protocol + '//' + location.hostname + (location.port ? ':' + location.port : '') + response.headers.get('Location'),
+                        // unencrypted filename
+                        filename: this.refs.file.files[0].name,
+                        password: this.refs.password.value,
+                    }
+                )
+            else {
+                response.clone().json().then(function(data) {
+                    this.setState({
+                        error: data.message,
+                        mask: false,
+                    })
+                }.bind(this), gdprshare.fetcherr.bind(this, response))
+            }
+        }.bind(this), gdprshare.rejecterr.bind(this))
+    }
+
+    encrypt(clearText, salt, password, callback) {
+        window.crypto.subtle.importKey(
+            'raw',
+            new TextEncoder().encode(password),
+            { name: 'PBKDF2' },
+            false,
+            [ 'deriveBits', 'deriveKey' ]
+        ).then(function (keyMaterial) {
+            var iv = window.crypto.getRandomValues(new Uint8Array(12))
+
+            gdprshare.deriveKey(keyMaterial, salt, function (key) {
+                var gcmParams = {
+                    name: 'aes-gcm',
+                    iv: iv,
+                }
+                window.crypto.subtle.encrypt(gcmParams, key, clearText).then(function(cipherText) {
+                    callback(Buffer.concat([iv, Buffer.from(cipherText)]))
+                }.bind(this), gdprshare.rejecterr.bind(this))
+            }.bind(this))
+        }.bind(this), gdprshare.rejecterr.bind(this))
+    }
+
+    handleDrop(event) {
+        event.preventDefault()
+        event.stopPropagation()
+
+        this.setState({
+            isDragOver: false
+        })
+
+        var files = event.dataTransfer.files
+        if (!this.checkFileSize(files[0], event))
+            return
+
+        this.refs.file.files = files
+        //this.handleUpload(event)
+        this.refs.submit.click()
+    }
+
+    handleUpload(event) {
+        event.preventDefault()
+        if (this.state.mask)
+            return
+
+        this.setState({
+            error: null,
+            mask: true,
+        })
+
+        var password = this.refs.password.value
+        var salt = window.crypto.getRandomValues(new Uint8Array(32))
+        var file = this.refs.file.files[0]
+
+        // encryption of filename
+        this.encrypt(new TextEncoder().encode(file.name), salt, password, function (cipherText) {
+            var filename = Buffer.concat([salt, Buffer.from(cipherText)]).toString('base64')
+
+            var reader = new FileReader()
+            reader.onload = function () {
+                // encryption of file
+                this.encrypt(reader.result, salt, password, function (clearText) {
+                    this.uploadFile(clearText, filename)
+                }.bind(this))
+            }.bind(this)
+            reader.readAsArrayBuffer(file)
+        }.bind(this))
+    }
+
+    checkFileSize(file) {
+        if (!file)
+            return
+        var allowedSize = gdprshare.config.maxFileSize
+        
+        if (file.size > allowedSize * 1024 * 1024) {
+            this.setState({
+                error: 'File to big, maximum allowed size: ' + allowedSize + ' MiB.',
+            })
+            this.refs.file.value = null
+            return false
+        }
+        return true
+    }
+
+    handleFile(event) {
+        var file = event.currentTarget.files[0]
+        if (!this.checkFileSize(file, event))
+            return
+    }
+
+    handleDragOn(event) {
+        event.preventDefault()
+        event.stopPropagation()
+        this.setState({
+            isDragOver: true
+        })
+    }
+
+    handleDragOff(event) {
+        event.preventDefault()
+        event.stopPropagation()
+        this.setState({
+            isDragOver: false
+        })
+    }
+
+    render() {
+        return (
+            <div className={this.dndClasses()} onDrop={this.handleDrop} onDragEnter={this.handleDragOn} onDragOver={this.handleDragOn} onDragLeave={this.handleDragOff} onDragEnd={this.handleDragOff}>
+                <div className={this.classes()}>
+                    <h4 className="text-center">GDPRShare Upload</h4>
+                    <form ref="form" className="app-inner" onSubmit={this.handleUpload}>
+                        <div className="form-group row">
+                            <label htmlFor="file" className="col-sm-3 col-form-label col-form-label-sm">
+                                File
+                            </label>
+                            <div className="col-sm-9">
+                                <div className="custom-file">
+                                    <input className="custom-file-input form-control form-control-sm" id="file" type="file" ref="file" onChange={this.handleFile} required="required"  autoFocus="autoFocus" />
+                                    <label className="custom-file-label col-form-label col-form-label-sm" htmlFor="file">
+                                        Select or drop file
+                                    </label>
+                                </div>
+                            </div>
+                        </div>
+
+                        <div>
+                            <div className="form-group row">
+                                <label htmlFor="email" className="col-sm-3 col-form-label col-form-label-sm">
+                                    Notification
+                                </label>
+                                <div className="col-sm-9">
+                                    <input className="form-control form-control-sm" id="email" type="email" ref="email" placeholder="Enter email (optional)" maxLength="255" aria-describedby="emailHelp"
+                                        defaultValue={window.localStorage.getItem('email')}
+                                    />
+                                    <small id="emailHelp" className="form-text text-muted">Email address to receive download notifications</small>
+                                </div>
+                            </div>
+
+                            <div className="form-group row">
+                                <label htmlFor="count" className="col-sm-3 col-form-label col-form-label-sm">
+                                    Count
+                                </label>
+                                <div className="col-sm-9">
+                                    <input className="form-control form-control-sm" className="form-control form-control-sm" id="count" type="number" ref="count" min="1" max="15" defaultValue="1" required="required" aria-describedby="countHelp" />
+                                    <small id="countHelp" className="form-text text-muted">Maximum number of downloads before file is deleted</small>
+                                </div>
+                            </div>
+
+                            <div className="form-group row">
+                                <label htmlFor="expiry" className="col-sm-3 col-form-label col-form-label-sm">
+                                    Expiry
+                                </label>
+                                <div className="col-sm-9">
+                                    <input className="form-control form-control-sm" id="expiry" type="number" ref="expiry" min="1" max="14" defaultValue="7" required="required" aria-describedby="expiryHelp" />
+                                    <small id="expiryHelp" className="form-text text-muted">Maximum days before file is deleted</small>
+                                </div>
+                            </div>
+                        </div>
+
+                        <div className="form-group row">
+                            <label htmlFor="password" className="col-sm-3 col-form-label col-form-label-sm">
+                                Password
+                            </label>
+                            <div className="col-sm-9">
+                                <div className="input-group">
+                                    <div className="input-group-prepend">
+                                        <button onClick={this.reGenPassword} type="button" className="input-group-text">
+                                            <Octicon icon={Key} />
+                                        </button>
+                                    </div>
+                                    <input className="form-control form-control-sm" id="password" type="text" ref="password" placeholder="Password" maxLength="255"
+                                        defaultValue={this.genPassword(gdprshare.config.passwordLength)} required="required"
+                                    />
+                                </div>
+                            </div>
+                        </div>
+                        <div className="text-center col-sm-12">
+                            <input type="submit" ref="submit" className="btn btn-primary" value="Upload"/>
+                        </div>
+
+                    </form>
+
+                    <br />
+
+                    <Alert error={this.state.error} />
+                </div>
+            </div>
+        )
+    }
+}
@@ -0,0 +1,116 @@
+import React from 'react'
+import { Link } from 'react-router-dom'
+import * as Clipboard from "clipboard-polyfill/dist/clipboard-polyfill.promise"
+import Octicon, { Clippy } from '@primer/octicons-react'
+
+export default class Uploaded extends React.Component {
+    constructor() {
+        super()
+
+        this.copyHandler = this.copyHandler.bind(this)
+    }
+
+    showTooltip(btn, message) {
+        // TODO
+    }
+
+    copyHandler(event) {
+        var btn = event.currentTarget
+        btn.blur()
+        var input = btn.parentNode.nextSibling
+        Clipboard.writeText(input.value).then(
+            function () {
+                this.showTooltip(btn, 'Copied')
+            }.bind(this),
+            function () {
+                this.showTooltip(btn, 'Failed to copy')
+            }.bind(this),
+        )
+    }
+
+    render() {
+        if (!this.props.history.location.state)
+            return null
+
+        return (
+            <div className="container-fluid col-sm-4">
+                <div className="app-outer">
+                    <h4 className="text-center">File was uploaded</h4>
+                    <form className="app-inner">
+                        <div className="form-group row">
+                            <label htmlFor="filename" className="col-sm-3 col-form-label col-form-label-sm">
+                                Filename
+                            </label>
+                            <div className="col-sm-9">
+                                <input className="form-control form-control-sm" id="filename" type="text" ref="filename" readOnly="readOnly" defaultValue={this.props.history.location.state.filename} />
+                            </div>
+                        </div>
+
+                        <div className="form-group row">
+                            <label htmlFor="password" className="col-sm-3 col-form-label col-form-label-sm">
+                                Password
+                            </label>
+                            <div className="col-sm-9">
+                                <div className="input-group">
+                                    <div className="input-group-prepend">
+                                        <button id="pw-copy" onClick={this.copyHandler} type="button" className="input-group-text">
+                                            <Octicon icon={Clippy} />
+                                        </button>
+                                    </div>
+                                    <input className="form-control form-control-sm" id="password" type="text" ref="password" readOnly="readOnly" defaultValue={this.props.history.location.state.password} />
+                                </div>
+                            </div>
+                        </div>
+
+                        <br/>
+
+                        <div className="form-group row">
+                            <label htmlFor="link" className="col-sm-3 col-form-label col-form-label-sm">
+                                Link
+                            </label>
+                            <div className="col-sm-9">
+                                <div className="input-group">
+                                    <div className="input-group-prepend">
+                                        <button id="link-copy" onClick={this.copyHandler} type="button" className="input-group-text">
+                                            <Octicon icon={Clippy} />
+                                        </button>
+                                    </div>
+                                    <input className="form-control form-control-sm" id="link" type="text" ref="link" placeholder="Link" readOnly="readOnly" aria-describedby="linkHelp"
+                                        value={this.props.history.location.state.location}
+                                    />
+                                </div>
+                                <small id="linkHelp" className="form-text text-muted">Send link and password via different channels (e.g. one via email, one via chat or phone call)</small>
+                            </div>
+                        </div>
+
+
+                        <div className="form-group row">
+                            <label htmlFor="linkpw" className="col-sm-3 col-form-label col-form-label-sm">
+                                Link and Password
+                            </label>
+                            <div className="col-sm-9">
+                                <div className="input-group">
+                                    <div className="input-group-prepend">
+                                        <button id="linkpw-copy" onClick={this.copyHandler} type="button" className="input-group-text">
+                                            <Octicon icon={Clippy} />
+                                        </button>
+                                    </div>
+                                    <input className="form-control form-control-sm" id="linkpassword" type="text" ref="linkpassword" placeholder="Link and passwod" readOnly="readOnly" aria-describedby="linkpasswordHelp"
+                                        value={ this.props.history.location.state.location + '?p=' + this.props.history.location.state.password }
+                                    />
+                                </div>
+                                <small id="linkpasswordHelp" className="form-text text-muted">Send link and password at once (less secure)</small>
+                            </div>
+                        </div>
+                    </form>
+
+                    <br />
+
+                    <div className="text-center col-sm-12">
+                        <Link to="/">Upload another file</Link>
+                    </div>
+                </div>
+            </div>
+        )
+    }
+}
@@ -0,0 +1,82 @@
+import Css from '../style/app.css'
+import React from 'react'
+import ReactDOM from 'react-dom'
+
+import { Switch, Router, Route } from 'react-router'
+import { createBrowserHistory } from 'history'
+import Classnames from 'classnames'
+
+import ErrPage from './ErrPage'
+import Upload from './Upload'
+import Uploaded from './Uploaded'
+import Download from './Download'
+
+import './Polyfills'
+
+const history = createBrowserHistory()
+
+// global namespace
+window.gdprshare = {}
+
+// TODO: get config from server
+gdprshare.config = {
+    maxFileSize: 25,
+    passwordLength: 12,
+}
+
+gdprshare.rejecterr = function (error) {
+    console.log(error)
+    this.setState({
+        error: error.toString(),
+        mask: false,
+    })
+}
+
+gdprshare.fetcherr = function (response, error) {
+    console.log(error)
+    response.text().then(function(data) {
+        this.setState({
+            error: data,
+            mask: false,
+        })
+    }.bind(this), gdprshare.rejecterr.bind(this))
+}
+
+var rootEl = document.getElementById('app-content')
+
+// IE
+if (!window.crypto || !window.TextEncoder || !window.Promise || !window.File) {
+    ReactDOM.render(
+        <ErrPage />,
+        rootEl
+    )
+    throw 'browser does not support required functions'
+}
+
+gdprshare.deriveKey = function (keyMaterial, salt, callback) {
+    window.crypto.subtle.deriveKey(
+        {
+            'name': 'PBKDF2',
+            salt: salt,
+            'iterations': 100000,
+            'hash': 'SHA-256'
+        },
+        keyMaterial,
+        { 'name': 'AES-GCM', 'length': 256 },
+        true,
+        [ 'encrypt', 'decrypt' ]
+    ).then(callback, gdprshare.rejecterr.bind(this))
+}
+
+
+
+ReactDOM.render(
+    <Router history={history}>
+        <Switch>
+            <Route path="/" exact    component={Upload} />
+            <Route path="/uploaded"  component={Uploaded} />
+            <Route path="/d/:fileId" component={Download} />
+        </Switch>
+    </Router>,
+    rootEl
+)
@@ -0,0 +1,92 @@
+.is-dragover {
+    background-color: gray;
+}
+
+.app-outer {
+    margin-top: 5px !important;
+    padding: 10px;
+    width: auto;
+    height: auto;
+    min-height: 200px;
+    min-width: 320px;
+    background-color: #f3f3f3;
+    margin:0 auto;
+    border-radius: 9px;
+    border: 1px solid ##c5c5c5;
+}
+
+.app-inner {
+    margin:0 auto;
+    max-width: 380px;
+    width: auto;
+}
+
+.app-outer>h4 {
+    font-size: 20px;
+    font-weight: 600;
+}
+
+.input-group-text:active:focus {
+    outline: none;
+}
+
+.file-error {
+    margin-top: 15px;
+    animation: blinker 1s linear;
+    margin-bottom: 0px;
+    padding-bottom: 0px;
+}
+
+.file-error>svg {
+    margin-right: 5px;
+}
+
+@keyframes blinker {
+    50% { opacity: 0.0; }
+}
+
+.panel-body {
+    background-color: #EEEEEE;
+}
+
+.loading-mask {
+    position: relative;
+}
+
+.loading-mask::before {
+    content: '';
+    position: absolute;
+    top: 0;
+    right: 0;
+    bottom: 0;
+    left: 0;
+    background-color: rgba(0, 0, 0, 0.25);
+    z-index: 100;
+    border-radius: 9px;
+}
+@keyframes spin {
+    from {
+        transform: rotate(0deg);
+    }
+    to {
+        transform: rotate(359deg);
+    }
+}
+
+.loading-mask::after {
+    content: '';
+    z-index: 100;
+    position: absolute;
+    border-width: 3px;
+    border-style: solid;
+    border-color: transparent rgb(255, 255, 255) rgb(255, 255, 255);
+    border-radius: 50%;
+    width: 24px;
+    height: 24px;
+    top: calc(50% - 12px);
+    left: calc(50% - 12px);
+    animation: 2s linear 0s normal none infinite running spin;
+    filter: drop-shadow(0 0 2 rgba(0, 0, 0, 0.33));
+}
+
+@import url('node_modules/bootstrap/dist/css/bootstrap.min.css');
@@ -0,0 +1,56 @@
+package main
+
+import (
+	"reflect"
+	"sync"
+
+	"github.com/gin-gonic/gin/binding"
+	"github.com/go-playground/validator/v10"
+)
+
+type defaultValidator struct {
+	once     sync.Once
+	validate *validator.Validate
+}
+
+var _ binding.StructValidator = &defaultValidator{}
+
+func (v *defaultValidator) ValidateStruct(obj interface{}) error {
+
+	if kindOfData(obj) == reflect.Struct {
+
+		v.lazyinit()
+
+		if err := v.validate.Struct(obj); err != nil {
+			return error(err)
+		}
+	}
+
+	return nil
+}
+
+func (v *defaultValidator) Engine() interface{} {
+	v.lazyinit()
+	return v.validate
+}
+
+func (v *defaultValidator) lazyinit() {
+	v.once.Do(func() {
+		v.validate = validator.New()
+		v.validate.SetTagName("binding")
+
+		// add any custom validations etc. here
+	})
+}
+
+func kindOfData(data interface{}) reflect.Kind {
+
+	value := reflect.ValueOf(data)
+	valueType := value.Kind()
+
+	if valueType == reflect.Ptr {
+		valueType = value.Elem().Kind()
+	}
+	return valueType
+}
+