7 releases 9 tags

RSS feed

• v0.0.9 2102f6c95d

  Compare

  v0.0.9 Stable

  patillacode released this 2026-05-31 20:09:10 +02:00 | 1 commits to main since this release

  v0.0.9

  Features

  • Clickable upload URL: the success URL is now a direct link that opens in a new tab, replacing the separate Copy button
  • Filename and upload date in admin: the admin table now shows the original filename and upload timestamp; the
    index page history list also displays the date. Existing rows show for both fields

  Fixes

  • Upload size enforcement: Content-Length is now checked early and chunked reads are capped at
    max_upload_size, preventing oversized uploads from slipping through
  • Content subdomain middleware: static assets and reserved subdomains (www, etc.) are now passed through
    correctly; previously, CSS failed to load on error pages and www.dropit.patilla.es returned a 404
  • Admin auth hardening: token comparison now uses constant-time comparison; admin auth logic consolidated

  Chores

  • Updated README link to point to the new tutorial/portfolio

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads
• v0.0.8 f9fdfc5822

  Compare

  v0.0.8 Stable

  patillacode released this 2026-05-28 19:07:57 +02:00 | 11 commits to main since this release

  v0.0.8

  ⚠️ Breaking Change: existing shared links will stop working

  Pages are now served from per-page subdomains ({page_id}.{CONTENT_DOMAIN}) instead of the old /p/{page_id} path. That route is gone and there's no redirect, so any links shared before this release will 404. You'll need to re-upload and re-share them.

  Why the change: serving user-supplied HTML on the same origin as the app lets a malicious page steal localStorage tokens. Putting each page on its own subdomain cuts that off entirely.

  ---

  What's New

  Per-page subdomain serving (origin isolation)

  Each uploaded page now lives at {page_id}.{CONTENT_DOMAIN}. Security headers are applied to app routes (CSP, X-Frame-Options, etc.) and content pages get noindex and no-store too. Uvicorn now runs with --proxy-headers so the host resolves correctly behind a reverse proxy.

  Auto-upload drop zone

  The upload UI was fully rebuilt. Drop a file or pick one from the browser and it uploads straight away, no separate button needed. The zone moves through a few states:

  • idle: waiting for a file
  • uploading: shows a progress indicator
  • success: shows the URL with click-to-copy and an "Upload another" button to reset
  • error: shows an inline message with a click-to-retry hint

  The old result and error panels below the zone are gone.

  Cleanup scheduler card in admin UI

  The admin panel now has a cleanup scheduler section. It shows the last run time, how many pages were deleted, what triggered it (scheduled or manual), when the next run is, and a collapsible history table. There's also a "Run now" button if you want to trigger it manually.

  Custom 404 page

  Unknown routes now return a proper styled HTML 404 page instead of a raw JSON error.

  ---

  Bug Fixes

  Mixed-case page IDs now resolve correctly

  Older page IDs were generated with token_urlsafe, which can include uppercase letters (like sRysndGq). Browsers lowercase hostnames before sending them, so the subdomain would arrive as srysndgq and the case-sensitive DB lookup would miss it. The lookup now lowercases both sides and resolves the file path from the stored ID, so old pages with uppercase IDs still work fine.

  ---

  Refactoring

  Inline <style> and <script> blocks in index.html, admin.html, and error.html were moved out into separate files under app/static/css/ and app/static/js/.

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads
• v0.0.7 7d6474e2e1

  Compare

  v0.0.7 Stable

  patillacode released this 2026-05-23 15:55:28 +02:00 | 35 commits to main since this release

  v0.0.7

  Bug fix: expired pages were still being served

  Pages with a TTL were remaining accessible past their expiry time.

  • Root cause: SQLAlchemy converts timezone aware datetimes to the container's local time (TZ=Europe/Madrid = UTC+2) before writing to SQLite
  • The expiry check then treated the stored value as UTC, effectively granting every page an invisible 2-hour extension.
  • This affected any deployment with a non UTC TZ setting.

  Fix: datetimes are now stored as naive UTC (timezone stripped before write) so the system clock offset is irrelevant.

  New: admin cleanup visibility

  Three new endpoints under /admin/cleanup/:

  • GET /admin/cleanup/status: last run timestamp, pages deleted, next scheduled run
  • GET /admin/cleanup/history: last 50 cleanup runs with trigger source
  • POST /admin/cleanup/trigger: run cleanup immediately from the admin panel

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads
• v0.0.6 1e29b092c3

  Compare

  v0.0.6 Stable

  patillacode released this 2026-05-23 15:01:31 +02:00 | 38 commits to main since this release

  v0.0.6

  Custom 404 pages

  • Expired and missing page links now show a branded error page instead of a raw JSON response.
  • Expired links display "This page has expired", unknown links display "This page doesn't exist".
  • API routes are unaffected and continue returning JSON.
  • The dropit aesthetic is preserved.

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads
• v0.0.5 0e8fe6bba8

  Compare

  v0.0.5 Stable

  patillacode released this 2026-05-23 14:14:07 +02:00 | 43 commits to main since this release

  v0.0.5

  Features

  • GHCR publishing: Docker images are now also pushed to GitHub Container Registry on every release,
    in addition to the Forgejo registry. Both tagged versions and latest are published.
  • GitHub link in footer: The "Open source" text in the footer now links to the GitHub repository.

  Documentation

  • Added Claude Code integration section: documents the /dropit skill for uploading HTML files directly from Claude Code sessions.

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads
• v0.0.4 849a410606

  Compare

  v0.0.4 Stable

  patillacode released this 2026-05-22 16:43:35 +02:00 | 46 commits to main since this release

  v0.0.4

  • Fix port confusion: all references to port 52031 replaced with 8000 across Dockerfile, compose.yml, .env.example, settings defaults, and docs.

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads
• v0.0.3 a37f3c13db

  Compare

  v0.0.3 Stable

  patillacode released this 2026-05-22 16:29:55 +02:00 | 47 commits to main since this release

  Initial release of drop•it: a self-hosted HTML file sharing with short-lived public URLs.

  What's included

  Core

  • Upload an HTML file, get a shareable URL with a configurable TTL (1h, 6h, 24h, 48h, 7d)
  • Automatic cleanup of expired pages on a configurable schedule
  • Bearer token auth with named upload tokens

  Admin

  • Admin token with access to the /admin panel (list and delete all uploads)
  • forever TTL option: admin-only permanent uploads
  • Per-user TTL cap: non-admin tokens can be restricted to a maximum expiry

  UI

  • Drag-and-drop landing page — enter token once, upload, copy link
  • Recent uploads history (last 5, persisted in localStorage)
  • Admin panel at /admin — full upload table with delete controls

  API

  • POST /upload with optional ?ttl= parameter
  • GET /p/{id} serving raw HTML
  • GET /me for token verification
  • GET /config returning available TTLs for the current token
  • GET /health

  Deployment

  • Docker image for amd64 and arm64 (Raspberry Pi 4/5)
  • Single compose.yml deployment, data persisted in a mounted volume

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads