Skip to content

SMAH1/DataDock

Repository files navigation

DataDock

DataDock is a lightweight, self-contained file & text sharing server built with .NET 9 and compiled as a Native AOT single-file binary. It has zero runtime dependencies – just copy and run.

Users connect directly through any modern web browser to upload, share, download and manage files and text snippets.

DataDock screenshot


✨ Features

Feature Details
Zero-dependency binary Single executable, Native AOT, minimal memory usage
File & text sharing Drag & drop upload, text snippet storage
Three security modes No-auth / Auth (TOTP) / Mixed
TOTP authentication RFC 6238, shared secret, no external IdP needed
Multilingual UI English + فارسی (Persian), auto RTL/LTR
HTTP + HTTPS Configurable ports, optional PFX certificate
SHA-256 integrity Hash computed on every upload
Retention policy Optional auto-delete after N days
Multi-source config CLI β†’ Env vars β†’ DB β†’ appsettings.json β†’ defaults

πŸš€ Quick Start

# Run on default HTTP port 6440 (no auth)
./datadock

# Open in browser
http://localhost:6440

βš™οΈ Configuration

Settings are merged in this priority order (highest β†’ lowest):

  1. CLI arguments
  2. Environment variables (DATADOCK_* prefix)
  3. Database-stored settings (saved via Web UI)
  4. appsettings.json
  5. Built-in defaults

Default values

Key Default Description
HttpPort 6440 HTTP listening port
HttpsPort 6441 HTTPS listening port
UseHttps false Enable HTTPS
SecurityMode NoAuth NoAuth / Auth / Mixed
TotpSecret (empty) Base-32 TOTP shared secret
PfxPath (empty) Path to PFX/PKCS#12 file
PfxPassword (empty) PFX file password
MaxUploadSizeMb 0 Max upload size (0 = unlimited)
UploadsPath ./uploads Upload directory
DatabasePath ./datadock.db Database file path
SessionMinutes 720 Auth cookie lifetime (in minutes; 720 = 12 h)
RetentionDays 0 Auto-delete after N days (0 = disabled)

Environment variables

DATADOCK_HTTP_PORT=8080
DATADOCK_HTTPS_PORT=8443
DATADOCK_USE_HTTPS=true
DATADOCK_SECURITY_MODE=Mixed
DATADOCK_TOTP_SECRET=JBSWY3DPEHPK3PXP
DATADOCK_PFX_PATH=/certs/server.pfx
DATADOCK_PFX_PASSWORD=mypassword
DATADOCK_MAX_UPLOAD_SIZE_MB=500
DATADOCK_ALLOWED_IPS=192.168.1.0/24,2001:db8::/32
DATADOCK_RETENTION_DAYS=7

πŸ”’ Security Modes

NoAuth (default)

Fully open. Any user can upload, download, view and delete items.

Auth

All operations require authentication.

Mixed

  • Anonymous users: can view and download items marked as public only.
  • Authenticated admin: full access (upload, download, delete, toggle public).

πŸ’» CLI Reference

datadock [OPTIONS]

OPTIONS
  --port <number>               HTTP port                       (default: 6440)
  --https-port <number>         HTTPS port                      (default: 6441)
  --use-https <true|false>      Enable HTTPS                    (default: false)
  --pfx-path <path>             PFX certificate path
  --pfx-password <password>     PFX password
  --security-mode <mode>        NoAuth | Auth | Mixed           (default: NoAuth)
  --no-auth                     Shorthand for --security-mode NoAuth
  --totp-secret <secret>        Base-32 TOTP secret
  --max-upload-size-mb <n>      Upload size limit (0=unlimited) (default: 0)
  --allowed-ips <list>          Comma-separated allowed IPs / CIDR ranges (IPv4 & IPv6).
                                Empty = allow all. Loopback (127.0.0.1 / ::1) is
                                always allowed regardless of this setting. Examples:
                                  "192.168.1.10"              IPv4 single
                                  "192.168.1.0/24"            IPv4 subnet
                                  "2001:db8::1"               IPv6 single
                                  "2001:db8::/32"             IPv6 subnet
                                  "10.0.0.0/8,2001:db8::/32" mixed entries
  --show-qr                     Start a QR-code-only server for TOTP setup
                                (requires Auth or Mixed + --totp-secret)
  --config-db                   Start a web panel to manage database settings
  --help | -h                   Show help

Examples

# Simple HTTP, no auth
./datadock --port 8080

# Auth TOTP
./datadock --security-mode Auth --totp-secret JBSWY3DPEHPK3PXP

# Mixed mode with HTTPS
./datadock --security-mode Mixed --totp-secret JBSWY3DPEHPK3PXP \
          --use-https true --pfx-path ./cert.pfx --pfx-password s3cr3t

# Custom upload limit (500 MB)
./datadock --max-upload-size-mb 500

# 7-day retention
DATADOCK_RETENTION_DAYS=7 ./datadock

πŸ› οΈ Utility Modes

Beyond the normal server, DataDock has two single-purpose startup modes.

--show-qr β€” TOTP QR-code setup page

Spins up a minimal HTTP server that serves only a QR-code page for scanning with Google Authenticator, Aegis, or any TOTP app. Every URL on that server returns the same page; no items or uploads are accessible.

Requirements: --security-mode Auth or Mixed plus --totp-secret.

./datadock --show-qr --security-mode Auth --totp-secret JBSWY3DPEHPK3PXP
# Open http://localhost:6440 β†’ scan QR code β†’ Ctrl+C β†’ restart normally

The page displays the QR code image, the raw Base-32 secret, and the otpauth:// URI. Once you've scanned it, stop the process and start DataDock normally.

--config-db β€” Database settings panel

Opens a web-based configuration panel that reads and writes settings stored in the database. These DB-stored settings sit below env vars and CLI flags in the precedence order, so they are a convenient way to persist defaults without editing appsettings.json.

No authentication is required for the config panel β€” run it only on a trusted network or loopback, then stop it before starting the normal server.

./datadock --config-db
# Open http://localhost:6440 β†’ adjust settings β†’ Save β†’ Ctrl+C β†’ restart normally

Configurable keys: HttpPort, HttpsPort, UseHttps, SecurityMode, TotpSecret, PfxPath, PfxPassword, MaxUploadSizeMb, UploadsPath, SessionMinutes, RetentionDays, AllowedIps.


🌐 API Endpoints

Method Path Description
GET / Web UI (SPA)
GET /health Health check {"status":"ok"}

πŸ—οΈ Project Structure

DataDock/
β”œβ”€β”€ src/DataDock/
β”‚   β”œβ”€β”€ Configuration/        AppConfig, ConfigurationLoader, HelpPrinter
β”‚   β”œβ”€β”€ Endpoints/            Auth, Item, Health, Static route handlers
β”‚   β”œβ”€β”€ Middleware/           RateLimitMiddleware
β”‚   β”œβ”€β”€ Models/               DockItem
β”‚   β”œβ”€β”€ Serialization/        AppJsonContext (AOT JSON source generation)
β”‚   β”œβ”€β”€ Services/             DatabaseService, ItemService, TotpHelper,
β”‚   β”‚                         RateLimiter, AccessControl, FileNameSanitizer
β”‚   β”œβ”€β”€ wwwroot/              index.html, styles.css, app.js (embedded in binary)
β”‚   β”œβ”€β”€ appsettings.json
β”‚   └── Program.cs
└── tests/DataDock.Tests/
    β”œβ”€β”€ ConfigurationPrecedenceTests.cs
    β”œβ”€β”€ AccessControlTests.cs
    └── FileValidationTests.cs

πŸ”¨ Build & Publish

Normal build (for development)

cd src/DataDock
dotnet build
dotnet run

Run tests

dotnet test

Publish as Native AOT single-file binary

# Linux x64
dotnet publish src/DataDock -c Release -r linux-x64 -o ./publish

# Windows x64
dotnet publish src/DataDock -c Release -r win-x64 -o ./publish

# macOS arm64 (Apple Silicon)
dotnet publish src/DataDock -c Release -r osx-arm64 -o ./publish

The output is a single self-contained executable with the Web UI embedded inside.

Prerequisites for Native AOT on Linux:

sudo apt install clang zlib1g-dev

πŸ“¦ File Storage Layout

./uploads/
  {guid}/
    {sanitized-filename}       ← uploaded file
  {guid}/
    datadock-{guid}.txt        ← long text (> 4 KB)

Short texts (≀ 4 KB) are stored inline in the database. Each item gets a server-assigned GUID to prevent collisions and path traversal.


🌍 Multilingual UI

The web interface ships with English and فارسی (Persian) locale files embedded in the binary.

Language Code Direction
English en LTR
Persian (فارسی) fa RTL
  • The UI auto-detects the preferred language from the browser's Accept-Language header and defaults to English if no match is found.
  • Layout direction (LTR / RTL) switches automatically β€” no manual configuration needed.
  • The font list changes automatically based on the active language so the most suitable typeface is selected for each script.
  • Locale files are at src/wwwroot/locales/{en,fa}.json. To add a new language, add a JSON file with the same keys and a meta block specifying name, dir ("ltr" or "rtl"), and fonts.

πŸ” TOTP Setup

  1. Generate a Base-32 secret (e.g. with openssl rand -base32 20)
  2. Import it into any authenticator app (Google Authenticator, Aegis, etc.) – most apps accept the raw Base-32 string or a otpauth:// URL
  3. Pass the secret to DataDock:
./datadock --totp-secret YOUR_BASE32_SECRET --security-mode Auth

πŸ™ Credits

Asset Source License
UI icons Lucide Icons ISC

See THIRD_PARTY_LICENSES.md for full license text.


License

MIT

About

DataDock is a lightweight, self-contained file & text sharing server

Topics

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors