Merge branch 'chunked'

remove unused size field on File model
get rid of backwards compatibility complexity
2026-06-05 14:50:13 +02:00 · 2026-06-05 14:44:12 +02:00 · 2026-06-05 14:29:45 +02:00 · 2026-06-05 14:06:01 +02:00 · 2026-06-05 13:51:25 +02:00
18 changed files with 523 additions and 175 deletions
--- a/.ignore
+++ b/.ignore
@@ -0,0 +1 @@
+.devenv
--- a/Backend/build.gradle
+++ b/Backend/build.gradle
@@ -27,6 +27,8 @@ dependencies {
 	implementation 'org.webjars:webjars-locator-lite'
 	implementation 'org.webjars.npm:htmx.org:2.0.4'
 	implementation 'org.webjars.npm:bootstrap:5.3.3'
+	implementation platform('software.amazon.awssdk:bom:2.45.1')
+	implementation 'software.amazon.awssdk:s3'
 	runtimeOnly 'org.postgresql:postgresql'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/config/DefaultConfig.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/config/DefaultConfig.java
@@ -22,6 +22,12 @@ public class DefaultConfig {
    StorageService ss = new StorageService();
    ss.type = StorageServiceType.LOCAL;
    ss.path = Path.of(System.getProperty("user.home"),".local","share","gtransfer").toString();
+    ss.bucket = "";
+    ss.region = "us-east-1";
+    ss.endpoint = "";
+    ss.accessKeyId = "";
+    ss.secretAccessKey = "";
+    ss.pathStyleAccessEnabled = false;
    c.storageService= ss;
    
    SpringConfig sc = new SpringConfig();
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/config/types/StorageService.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/config/types/StorageService.java
@@ -9,4 +9,16 @@ public class StorageService implements TomlSerializable {
  public StorageServiceType type;
  @Property(name = "root")
  public String path;
+  @Property(name = "bucket")
+  public String bucket;
+  @Property(name = "region")
+  public String region;
+  @Property(name = "endpoint")
+  public String endpoint;
+  @Property(name = "accessKeyId")
+  public String accessKeyId;
+  @Property(name = "secretAccessKey")
+  public String secretAccessKey;
+  @Property(name = "pathStyleAccessEnabled")
+  public Boolean pathStyleAccessEnabled;
 }
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/controller/DownloadController.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/controller/DownloadController.java
@@ -1,10 +1,10 @@
 package com.gregor_lohaus.gtransfer.controller;

 import java.time.LocalDateTime;
+import java.util.Map;
 import java.util.Optional;

 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -12,11 +12,13 @@ import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.ResponseBody;

 import com.gregor_lohaus.gtransfer.model.File;
 import com.gregor_lohaus.gtransfer.model.FileRepository;
 import com.gregor_lohaus.gtransfer.services.filewriter.AbstractStorageService;
+import com.gregor_lohaus.gtransfer.services.filewriter.StorageKeys;

@Controller
 public class DownloadController {
@@ -32,52 +34,109 @@ public class DownloadController {
        return "download/page";
    }

-    @GetMapping("/download/{id}/data")
+    @GetMapping("/download/{id}/metadata")
    @ResponseBody
    @Transactional
-    public ResponseEntity<byte[]> data(@PathVariable String id) {
-        Optional<File> fileOpt = fileRepository.findById(id);
-        if (fileOpt.isEmpty()) {
-            return ResponseEntity.notFound().build();
+    public ResponseEntity<Map<String, Object>> metadata(@PathVariable String id) {
+        AvailableFile available = getAvailableFile(id);
+        if (!available.found()) {
+            return ResponseEntity.status(available.status()).build();
        }

-        File file = fileOpt.get();
-
-        // Check expiry
-        if (file.getExpireyDateTime() != null && LocalDateTime.now().isAfter(file.getExpireyDateTime())) {
-            storageService.delete(id);
-            fileRepository.delete(file);
-            return ResponseEntity.status(HttpStatus.GONE).build();
+        File file = available.file();
+        return ResponseEntity.ok(Map.of(
+                "name", file.getName(),
+                "chunkCount", file.getChunkCount()));
    }

-        // Check download limit before serving
-        if (file.getDownloadLimit() != null && file.getDownloads() >= file.getDownloadLimit()) {
-            storageService.delete(id);
-            fileRepository.delete(file);
-            return ResponseEntity.status(HttpStatus.GONE).build();
+    @GetMapping("/download/{id}/chunk/{index}")
+    @ResponseBody
+    @Transactional
+    public ResponseEntity<byte[]> chunk(@PathVariable String id, @PathVariable Integer index) {
+        AvailableFile available = getAvailableFile(id);
+        if (!available.found()) {
+            return ResponseEntity.status(available.status()).build();
        }

-        Optional<byte[]> data = storageService.get(id);
+        File file = available.file();
+        if (index == null || index < 0 || index >= file.getChunkCount()) {
+            return ResponseEntity.badRequest().build();
+        }
+
+        Optional<byte[]> data = storageService.get(StorageKeys.chunk(file.getId(), index));
        if (data.isEmpty()) {
            return ResponseEntity.notFound().build();
        }

-        // Increment counter
-        file.setDownloads(file.getDownloads() + 1);
-        fileRepository.save(file);
-
-        // Clean up if limit now reached
-        if (file.getDownloadLimit() != null && file.getDownloads() >= file.getDownloadLimit()) {
-            storageService.delete(id);
-            fileRepository.delete(file);
-        }
-
-        String disposition = "attachment; filename=\""
-                + file.getName().replace("\\", "\\\\").replace("\"", "\\\"") + "\"";
-
        return ResponseEntity.ok()
-                .header(HttpHeaders.CONTENT_DISPOSITION, disposition)
                .contentType(MediaType.APPLICATION_OCTET_STREAM)
                .body(data.get());
    }
+
+    @PostMapping("/download/{id}/complete")
+    @ResponseBody
+    @Transactional
+    public ResponseEntity<Void> complete(@PathVariable String id) {
+        AvailableFile available = getAvailableFile(id);
+        if (!available.found()) {
+            return ResponseEntity.status(available.status()).build();
+        }
+
+        File file = available.file();
+        file.setDownloads(file.getDownloads() + 1);
+        fileRepository.save(file);
+
+        if (file.getDownloadLimit() != null && file.getDownloads() >= file.getDownloadLimit()) {
+            deleteStoredFile(file);
+            fileRepository.delete(file);
+        }
+
+        return ResponseEntity.noContent().build();
+    }
+
+    private AvailableFile getAvailableFile(String id) {
+        Optional<File> fileOpt = fileRepository.findById(id);
+        if (fileOpt.isEmpty()) {
+            return AvailableFile.notFound();
+        }
+
+        File file = fileOpt.get();
+        if (file.getExpireyDateTime() != null && LocalDateTime.now().isAfter(file.getExpireyDateTime())) {
+            deleteStoredFile(file);
+            fileRepository.delete(file);
+            return AvailableFile.gone();
+        }
+
+        if (file.getDownloadLimit() != null && file.getDownloads() >= file.getDownloadLimit()) {
+            deleteStoredFile(file);
+            fileRepository.delete(file);
+            return AvailableFile.gone();
+        }
+
+        return AvailableFile.ok(file);
+    }
+
+    private void deleteStoredFile(File file) {
+        for (int i = 0; i < file.getChunkCount(); i++) {
+            storageService.delete(StorageKeys.chunk(file.getId(), i));
+        }
+    }
+
+    private record AvailableFile(File file, HttpStatus status) {
+        static AvailableFile ok(File file) {
+            return new AvailableFile(file, HttpStatus.OK);
+        }
+
+        static AvailableFile notFound() {
+            return new AvailableFile(null, HttpStatus.NOT_FOUND);
+        }
+
+        static AvailableFile gone() {
+            return new AvailableFile(null, HttpStatus.GONE);
+        }
+
+        boolean found() {
+            return file != null;
+        }
+    }
 }
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/controller/UploadController.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/controller/UploadController.java
@@ -2,11 +2,15 @@ package com.gregor_lohaus.gtransfer.controller;

 import java.io.IOException;
 import java.time.LocalDateTime;
+import java.util.OptionalLong;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -15,6 +19,7 @@ import org.springframework.web.multipart.MultipartFile;
 import com.gregor_lohaus.gtransfer.model.File;
 import com.gregor_lohaus.gtransfer.model.FileRepository;
 import com.gregor_lohaus.gtransfer.services.filewriter.AbstractStorageService;
+import com.gregor_lohaus.gtransfer.services.filewriter.StorageKeys;

@Controller
 public class UploadController {
@@ -41,21 +46,44 @@ public class UploadController {

    @PostMapping("/upload")
    public String upload(
-            @RequestParam("file") MultipartFile file,
            @RequestParam("hash") String hash,
            @RequestParam("name") String name,
+            @RequestParam("chunkCount") Integer chunkCount,
            @RequestParam(required = false) Integer expiryDays,
-            @RequestParam(required = false) Integer downloadLimit) throws IOException {
-
-        storageService.put(hash, file.getBytes());
+            @RequestParam(required = false) Integer downloadLimit) {
+        if (!isValidId(hash) || chunkCount == null || chunkCount < 1) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid upload metadata");
+        }

        int days = expiryDays != null ? Math.min(expiryDays, maxExpiryDays) : maxExpiryDays;
        Integer limit = downloadLimit != null ? Math.min(downloadLimit, maxDownloadLimit) : null;

        File f = new File(hash, hash, name, LocalDateTime.now().plusDays(days));
+        f.setChunkCount(chunkCount);
        f.setDownloadLimit(limit);
        fileRepository.save(f);

        return "upload/result :: view";
    }
+
+    @PostMapping("/upload/chunk")
+    public ResponseEntity<Void> uploadChunk(
+            @RequestParam("chunk") MultipartFile chunk,
+            @RequestParam("hash") String hash,
+            @RequestParam("index") Integer index) throws IOException {
+        if (!isValidId(hash) || index == null || index < 0) {
+            return ResponseEntity.badRequest().build();
+        }
+
+        OptionalLong written = storageService.put(StorageKeys.chunk(hash, index), chunk.getBytes());
+        if (written.isEmpty()) {
+            return ResponseEntity.internalServerError().build();
+        }
+
+        return ResponseEntity.noContent().build();
+    }
+
+    private boolean isValidId(String id) {
+        return id != null && id.matches("[a-f0-9]{64}");
+    }
 }
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/model/File.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/model/File.java
@@ -13,6 +13,7 @@ public class File {
  private String id;
  private String path;
  private String name;
+  private Integer chunkCount;
  private LocalDateTime expireyDateTime;
  private Integer downloadLimit;
  @Column(columnDefinition = "integer default 0")
@@ -41,6 +42,12 @@ public class File {
  public void setName(String name) {
 	this.name = name;
  }
+  public Integer getChunkCount() {
+    return chunkCount == null ? 1 : chunkCount;
+  }
+  public void setChunkCount(Integer chunkCount) {
+    this.chunkCount = chunkCount;
+  }
  public Integer getDownloadLimit() {
    return downloadLimit;
  }
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filecleanup/FileCleanupService.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filecleanup/FileCleanupService.java
@@ -14,6 +14,7 @@ import org.springframework.transaction.annotation.Transactional;
 import com.gregor_lohaus.gtransfer.model.File;
 import com.gregor_lohaus.gtransfer.model.FileRepository;
 import com.gregor_lohaus.gtransfer.services.filewriter.AbstractStorageService;
+import com.gregor_lohaus.gtransfer.services.filewriter.StorageKeys;

 public class FileCleanupService {
    private Boolean enabled;
@@ -43,9 +44,15 @@ public class FileCleanupService {
        };

        for (File file : expired) {
-            storageService.delete(file.getId());
+            deleteStoredFile(file);
            fileRepository.delete(file);
        }
        log.info("Cleaned up {} expired file(s)", expired.size());
    }
+
+    private void deleteStoredFile(File file) {
+        for (int i = 0; i < file.getChunkCount(); i++) {
+            storageService.delete(StorageKeys.chunk(file.getId(), i));
+        }
+    }
 }
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/LocalStorageService.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/LocalStorageService.java
@@ -15,8 +15,12 @@ public class LocalStorageService extends AbstractStorageService {
  @Override
  public OptionalLong put(String id, byte[] data) {
    try {
-      Files.createDirectories(root);
-      Files.write(root.resolve(id), data);
+      Path target = root.resolve(id);
+      Path parent = target.getParent();
+      if (parent != null) {
+        Files.createDirectories(parent);
+      }
+      Files.write(target, data);
      return OptionalLong.of(data.length);
    } catch (IOException e) {
      return OptionalLong.empty();
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/S3StorageService.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/S3StorageService.java
@@ -0,0 +1,191 @@
+package com.gregor_lohaus.gtransfer.services.filewriter;
+
+import java.net.URI;
+import java.nio.file.Path;
+import java.util.Optional;
+import java.util.OptionalLong;
+
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.core.ResponseBytes;
+import software.amazon.awssdk.core.exception.SdkException;
+import software.amazon.awssdk.core.sync.RequestBody;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.S3ClientBuilder;
+import software.amazon.awssdk.services.s3.S3Configuration;
+import software.amazon.awssdk.services.s3.model.BucketAlreadyExistsException;
+import software.amazon.awssdk.services.s3.model.BucketAlreadyOwnedByYouException;
+import software.amazon.awssdk.services.s3.model.BucketLocationConstraint;
+import software.amazon.awssdk.services.s3.model.CreateBucketConfiguration;
+import software.amazon.awssdk.services.s3.model.CreateBucketRequest;
+import software.amazon.awssdk.services.s3.model.DeleteObjectRequest;
+import software.amazon.awssdk.services.s3.model.GetObjectRequest;
+import software.amazon.awssdk.services.s3.model.GetObjectResponse;
+import software.amazon.awssdk.services.s3.model.HeadBucketRequest;
+import software.amazon.awssdk.services.s3.model.NoSuchKeyException;
+import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+import software.amazon.awssdk.services.s3.model.S3Exception;
+
+public class S3StorageService extends AbstractStorageService {
+  private final S3Client client;
+  private final String bucket;
+  private final String prefix;
+  private final String region;
+
+  public S3StorageService(
+      String bucket,
+      String region,
+      String prefix,
+      String endpoint,
+      String accessKeyId,
+      String secretAccessKey,
+      boolean pathStyleAccessEnabled) {
+    super(Path.of(""));
+    if (bucket == null || bucket.isBlank()) {
+      throw new IllegalArgumentException("S3 storage requires a bucket");
+    }
+    this.bucket = bucket;
+    this.region = blankToDefault(region, "us-east-1");
+    this.prefix = normalizePrefix(prefix);
+    this.client = createClient(this.region, endpoint, accessKeyId, secretAccessKey, pathStyleAccessEnabled);
+    ensureBucketExists();
+  }
+
+  private S3Client createClient(
+      String region,
+      String endpoint,
+      String accessKeyId,
+      String secretAccessKey,
+      boolean pathStyleAccessEnabled) {
+    S3ClientBuilder builder = S3Client.builder()
+        .region(Region.of(blankToDefault(region, "us-east-1")))
+        .serviceConfiguration(S3Configuration.builder()
+            .pathStyleAccessEnabled(pathStyleAccessEnabled)
+            .build());
+
+    if (endpoint != null && !endpoint.isBlank()) {
+      builder.endpointOverride(URI.create(endpoint));
+    }
+
+    if (accessKeyId != null && !accessKeyId.isBlank()) {
+      if (secretAccessKey == null || secretAccessKey.isBlank()) {
+        throw new IllegalArgumentException("S3 storage requires a secretAccessKey when accessKeyId is set");
+      }
+      builder.credentialsProvider(
+          StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKeyId, secretAccessKey)));
+    } else {
+      builder.credentialsProvider(DefaultCredentialsProvider.create());
+    }
+
+    return builder.build();
+  }
+
+  private void ensureBucketExists() {
+    try {
+      client.headBucket(HeadBucketRequest.builder()
+          .bucket(bucket)
+          .build());
+      return;
+    } catch (S3Exception e) {
+      if (e.statusCode() != 404) {
+        throw e;
+      }
+    }
+
+    try {
+      client.createBucket(createBucketRequest());
+    } catch (BucketAlreadyOwnedByYouException e) {
+      return;
+    } catch (BucketAlreadyExistsException e) {
+      throw e;
+    }
+  }
+
+  private CreateBucketRequest createBucketRequest() {
+    CreateBucketRequest.Builder builder = CreateBucketRequest.builder()
+        .bucket(bucket);
+
+    if (!region.equals("us-east-1")) {
+      builder.createBucketConfiguration(CreateBucketConfiguration.builder()
+          .locationConstraint(BucketLocationConstraint.fromValue(region))
+          .build());
+    }
+
+    return builder.build();
+  }
+
+  private String blankToDefault(String value, String defaultValue) {
+    if (value == null || value.isBlank()) {
+      return defaultValue;
+    }
+    return value;
+  }
+
+  private String normalizePrefix(String value) {
+    if (value == null || value.isBlank()) {
+      return "";
+    }
+    String normalized = value;
+    while (normalized.startsWith("/")) {
+      normalized = normalized.substring(1);
+    }
+    while (normalized.endsWith("/")) {
+      normalized = normalized.substring(0, normalized.length() - 1);
+    }
+    return normalized;
+  }
+
+  private String key(String id) {
+    if (prefix.isEmpty()) {
+      return id;
+    }
+    return prefix + "/" + id;
+  }
+
+  @Override
+  public OptionalLong put(String id, byte[] data) {
+    try {
+      PutObjectRequest request = PutObjectRequest.builder()
+          .bucket(bucket)
+          .key(key(id))
+          .contentLength((long) data.length)
+          .build();
+      client.putObject(request, RequestBody.fromBytes(data));
+      return OptionalLong.of(data.length);
+    } catch (SdkException e) {
+      return OptionalLong.empty();
+    }
+  }
+
+  @Override
+  public Optional<byte[]> get(String id) {
+    try {
+      GetObjectRequest request = GetObjectRequest.builder()
+          .bucket(bucket)
+          .key(key(id))
+          .build();
+      ResponseBytes<GetObjectResponse> response = client.getObjectAsBytes(request);
+      return Optional.of(response.asByteArray());
+    } catch (NoSuchKeyException e) {
+      return Optional.empty();
+    } catch (SdkException e) {
+      return Optional.empty();
+    }
+  }
+
+  @Override
+  public boolean delete(String id) {
+    try {
+      DeleteObjectRequest request = DeleteObjectRequest.builder()
+          .bucket(bucket)
+          .key(key(id))
+          .build();
+      client.deleteObject(request);
+      return true;
+    } catch (SdkException e) {
+      return false;
+    }
+  }
+}
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/StorageKeys.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/StorageKeys.java
@@ -0,0 +1,9 @@
+package com.gregor_lohaus.gtransfer.services.filewriter;
+
+public final class StorageKeys {
+  private StorageKeys() {}
+
+  public static String chunk(String id, int index) {
+    return id + "/chunks/" + index;
+  }
+}
--- a/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/StorageServiceConfiguration.java
+++ b/Backend/src/main/java/com/gregor_lohaus/gtransfer/services/filewriter/StorageServiceConfiguration.java
@@ -11,15 +11,27 @@ import com.gregor_lohaus.gtransfer.config.types.StorageServiceType;
@Configuration
 public class StorageServiceConfiguration {

-    //TODO S3 implementation
    @Bean
    public AbstractStorageService storageService(
            @Value("${gtransfer-config.storageService.type}") StorageServiceType type,
-            @Value("${gtransfer-config.storageService.root}") String root) {
+            @Value("${gtransfer-config.storageService.root}") String root,
+            @Value("${gtransfer-config.storageService.bucket:}") String bucket,
+            @Value("${gtransfer-config.storageService.region:us-east-1}") String region,
+            @Value("${gtransfer-config.storageService.endpoint:}") String endpoint,
+            @Value("${gtransfer-config.storageService.accessKeyId:}") String accessKeyId,
+            @Value("${gtransfer-config.storageService.secretAccessKey:}") String secretAccessKey,
+            @Value("${gtransfer-config.storageService.pathStyleAccessEnabled:false}") boolean pathStyleAccessEnabled) {
        return switch (type) {
            case LOCAL -> new LocalStorageService(Path.of(root));
            case DUMMY -> new DummyStorageService(Path.of(root));
-            case S3 -> new LocalStorageService(Path.of(root));
+            case S3 -> new S3StorageService(
+                    bucket,
+                    region,
+                    root,
+                    endpoint,
+                    accessKeyId,
+                    secretAccessKey,
+                    pathStyleAccessEnabled);
        };
    }
 }
--- a/Backend/src/main/resources/static/crypto.js
+++ b/Backend/src/main/resources/static/crypto.js
@@ -1,26 +1,39 @@
-async function encryptFile(arrayBuffer) {
+var DEFAULT_CHUNK_SIZE = 4 * 1024 * 1024;
+
+async function encryptFile(file, chunkSize = DEFAULT_CHUNK_SIZE) {
    const key = await crypto.subtle.generateKey(
        { name: 'AES-GCM', length: 256 },
        true,
        ['encrypt', 'decrypt']
    );

+    const rawKey = await crypto.subtle.exportKey('raw', key);
+    const hash = await hashKey(rawKey);
+    const base64urlKey = encodeKey(rawKey);
+    const chunkCount = Math.max(1, Math.ceil(file.size / chunkSize));
+
+    return {
+        hash,
+        base64urlKey,
+        chunkCount,
+        chunks: encryptedChunks(file, key, chunkCount, chunkSize)
+    };
+}
+
+async function* encryptedChunks(file, key, chunkCount, chunkSize) {
+    for (let index = 0; index < chunkCount; index++) {
+        const start = index * chunkSize;
+        const end = Math.min(start + chunkSize, file.size);
+        const plaintext = await file.slice(start, end).arrayBuffer();
        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, plaintext);

-    const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, arrayBuffer);
-
-    // Payload: 12-byte IV prepended to ciphertext
        const payload = new Uint8Array(12 + ciphertext.byteLength);
        payload.set(iv, 0);
        payload.set(new Uint8Array(ciphertext), 12);

-    // SHA-256(rawKey) → file identifier sent to server; server never sees the key itself
-    const rawKey = await crypto.subtle.exportKey('raw', key);
-    const hash = await hashKey(rawKey);
-
-    const base64urlKey = encodeKey(rawKey);
-
-    return { payload, hash, base64urlKey };
+        yield { index, payload };
+    }
 }

 async function hashKey(rawKey) {
@@ -29,7 +42,7 @@ async function hashKey(rawKey) {
        .join('');
 }

-async function decryptFile(payload, key) {
+async function decryptChunk(payload, key) {
    const bytes = new Uint8Array(payload);
    const iv = bytes.slice(0, 12);
    const ciphertext = bytes.slice(12);
--- a/Backend/src/main/resources/static/download.js
+++ b/Backend/src/main/resources/static/download.js
@@ -11,24 +11,46 @@ if (!fragment) {
        'raw', rawKeyBytes, { name: 'AES-GCM' }, false, ['decrypt']
    );

-    setStatus('Downloading\u2026');
-    const response = await fetch('/download/' + id + '/data');
+    setProgress('Loading metadata\u2026', 0, 1);
+    const metadataResponse = await fetch('/download/' + id + '/metadata');

-    if (response.status === 410) {
+    if (metadataResponse.status === 410) {
        showError('This file has expired or reached its download limit.');
-    } else if (!response.ok) {
-        showError(`Download failed (${response.status}).`);
+    } else if (!metadataResponse.ok) {
+        showError(`Download failed (${metadataResponse.status}).`);
    } else {
-        const disposition = response.headers.get('Content-Disposition') || '';
-        const filename = disposition.match(/filename="?([^"]+)"?/)?.[1] || 'download';
+        const metadata = await metadataResponse.json();
+        const filename = metadata.name || 'download';
+        const chunkCount = metadata.chunkCount || 1;
+        const chunks = [];

-        setStatus('Decrypting\u2026');
-        const plaintext = await decryptFile(await response.arrayBuffer(), key);
+        for (let index = 0; index < chunkCount; index++) {
+            setProgress(`Downloading chunk ${index + 1} of ${chunkCount}\u2026`, index, chunkCount);
+            const chunkResponse = await fetch('/download/' + id + '/chunk/' + index);
+            if (chunkResponse.status === 410) {
+                throw new Error('This file has expired or reached its download limit.');
+            }
+            if (!chunkResponse.ok) {
+                throw new Error(`Chunk download failed (${chunkResponse.status})`);
+            }

+            setProgress(`Decrypting chunk ${index + 1} of ${chunkCount}\u2026`, index + 0.5, chunkCount);
+            const plaintextChunk = await decryptChunk(await chunkResponse.arrayBuffer(), key);
+            chunks.push(new Uint8Array(plaintextChunk));
+            setProgress(`Downloaded ${index + 1} of ${chunkCount} chunks`, index + 1, chunkCount);
+        }
+
+        const completeResponse = await fetch('/download/' + id + '/complete', { method: 'POST' });
+        if (!completeResponse.ok && completeResponse.status !== 404 && completeResponse.status !== 410) {
+            throw new Error(`Download completion failed (${completeResponse.status})`);
+        }
+
+        setProgress('Preparing preview\u2026', chunkCount, chunkCount);
+        const plaintext = combineChunks(chunks);
        showPreview(filename, plaintext);
    }
 } catch (err) {
-    showError('Decryption failed: ' + err.message);
+    showError(err.message);
 }

 function setStatus(msg) {
@@ -36,6 +58,16 @@ function setStatus(msg) {
    if (el) el.textContent = msg;
 }

+function setProgress(msg, completed, total) {
+    setStatus(msg);
+    const percent = Math.round((completed / total) * 100);
+    const bar = htmx.find('#download-progress');
+    if (!bar) return;
+    bar.style.width = `${percent}%`;
+    bar.textContent = `${percent}%`;
+    bar.setAttribute('aria-valuenow', String(percent));
+}
+
 function escapeHtml(str) {
    return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
 }
@@ -58,6 +90,17 @@ function getMimeType(filename) {
    return types[ext] || 'application/octet-stream';
 }

+function combineChunks(chunks) {
+    const size = chunks.reduce((sum, chunk) => sum + chunk.byteLength, 0);
+    const combined = new Uint8Array(size);
+    let offset = 0;
+    for (const chunk of chunks) {
+        combined.set(chunk, offset);
+        offset += chunk.byteLength;
+    }
+    return combined.buffer;
+}
+
 function showPreview(filename, plaintext) {
    const mimeType = getMimeType(filename);
    const blob = new Blob([plaintext], { type: mimeType });
--- a/Backend/src/main/resources/static/upload.js
+++ b/Backend/src/main/resources/static/upload.js
@@ -43,27 +43,44 @@ async function startUpload() {
                <span class="visually-hidden">Loading\u2026</span>
            </div>
        </div>
-        <div class="drop-zone-text" id="upload-status">Encrypting\u2026</div>`,
+        <div class="drop-zone-text mb-3" id="upload-status">Preparing\u2026</div>
+        <div class="progress" role="progressbar" aria-label="Upload progress" aria-valuemin="0" aria-valuemax="100">
+            <div id="upload-progress" class="progress-bar bg-success" style="width: 0%">0%</div>
+        </div>`,
        { swapStyle: 'innerHTML' });

    try {
-        const { payload, hash, base64urlKey } = await encryptFile(await selectedFile.arrayBuffer());
+        const encryptedFile = await encryptFile(selectedFile);

-        setStatus('Uploading\u2026');
+        for await (const { index, payload } of encryptedFile.chunks) {
+            const chunkCount = encryptedFile.chunkCount;
+            setProgress(`Encrypting chunk ${index + 1} of ${chunkCount}\u2026`, index, chunkCount);

-        const formData = new FormData();
-        formData.append('file', new Blob([payload]), selectedFile.name);
-        formData.append('hash', hash);
-        formData.append('name', selectedFile.name);
-        if (expiryDays)    formData.append('expiryDays', expiryDays);
-        if (downloadLimit) formData.append('downloadLimit', downloadLimit);
+            setProgress(`Uploading chunk ${index + 1} of ${chunkCount}\u2026`, index + 0.5, chunkCount);
+            const chunkData = new FormData();
+            chunkData.append('chunk', new Blob([payload]), String(index));
+            chunkData.append('hash', encryptedFile.hash);
+            chunkData.append('index', index);

-        const response = await fetch('/upload', { method: 'POST', body: formData });
+            const chunkResponse = await fetch('/upload/chunk', { method: 'POST', body: chunkData });
+            if (!chunkResponse.ok) throw new Error(`Chunk upload failed (${chunkResponse.status})`);
+            setProgress(`Uploaded chunk ${index + 1} of ${chunkCount}`, index + 1, chunkCount);
+        }
+
+        setProgress('Finalizing\u2026', encryptedFile.chunkCount, encryptedFile.chunkCount);
+        const metadata = new FormData();
+        metadata.append('hash', encryptedFile.hash);
+        metadata.append('name', selectedFile.name);
+        metadata.append('chunkCount', encryptedFile.chunkCount);
+        if (expiryDays)    metadata.append('expiryDays', expiryDays);
+        if (downloadLimit) metadata.append('downloadLimit', downloadLimit);
+
+        const response = await fetch('/upload', { method: 'POST', body: metadata });
        if (!response.ok) throw new Error(`Server error ${response.status}`);

        htmx.swap(dropZone, await response.text(), { swapStyle: 'innerHTML' });
        htmx.process(dropZone);
-        htmx.find('#share-link').value = window.location.origin + '/download#' + base64urlKey;
+        htmx.find('#share-link').value = window.location.origin + '/download#' + encryptedFile.base64urlKey;

    } catch (err) {
        htmx.swap(dropZone, `
@@ -79,6 +96,16 @@ function setStatus(msg) {
    if (el) el.textContent = msg;
 }

+function setProgress(msg, completed, total) {
+    setStatus(msg);
+    const percent = Math.round((completed / total) * 100);
+    const bar = htmx.find('#upload-progress');
+    if (!bar) return;
+    bar.style.width = `${percent}%`;
+    bar.textContent = `${percent}%`;
+    bar.setAttribute('aria-valuenow', String(percent));
+}
+
 function resetUpload() {
    selectedFile = null;
    fileInput.value = '';
--- a/Backend/src/main/resources/templates/download/page.html
+++ b/Backend/src/main/resources/templates/download/page.html
@@ -20,7 +20,10 @@
    <main class="flex-grow-1 d-flex align-items-center justify-content-center py-5 px-3">
        <div id="download-state" class="drop-zone text-center py-5 px-4" style="max-width: 520px; width: 100%;">
            <div class="drop-zone-icon mb-3">&#x1F512;</div>
-<div class="drop-zone-text" id="download-status">Preparing&hellip;</div>
+            <div class="drop-zone-text mb-3" id="download-status">Preparing&hellip;</div>
+            <div class="progress" role="progressbar" aria-label="Download progress" aria-valuemin="0" aria-valuemax="100">
+                <div id="download-progress" class="progress-bar bg-success" style="width: 0%">0%</div>
+            </div>
        </div>
    </main>

--- a/devenv.lock
+++ b/devenv.lock
@@ -3,11 +3,11 @@
    "devenv": {
      "locked": {
        "dir": "src/modules",
-        "lastModified": 1771852244,
-        "narHash": "sha256-4t3gQ4s7kqtDwSiE74Px6szKJtKtcoHgUiNmIm+Xl9Y=",
+        "lastModified": 1777321427,
+        "narHash": "sha256-EV/mIQur/dvCFwHzBjL7LBAgyhT0l3wQBgFjjY6zucg=",
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "c88c14a32d06173867e26b7d4f5daed38a3f6f1e",
+        "rev": "fb3d8df47420022c47a42151c26e5cdaee6c641d",
        "type": "github"
      },
      "original": {
@@ -17,72 +17,16 @@
        "type": "github"
      }
    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1767039857,
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "git-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1772024342,
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1762808025,
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "inputs": {
        "nixpkgs-src": "nixpkgs-src"
      },
      "locked": {
-        "lastModified": 1770434727,
-        "narHash": "sha256-YzOZRgiqIccnkkZvckQha7wvOfN2z50xEdPvfgu6sf8=",
+        "lastModified": 1776852779,
+        "narHash": "sha256-WwO/ITisCXwyiRgtktZgv3iGhAGO+IB5Av4kKCwezR0=",
        "owner": "cachix",
        "repo": "devenv-nixpkgs",
-        "rev": "8430f16a39c27bdeef236f1eeb56f0b51b33d348",
+        "rev": "ec3063523dcd911aeadb50faa589f237cdab5853",
        "type": "github"
      },
      "original": {
@@ -95,11 +39,11 @@
    "nixpkgs-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1769922788,
-        "narHash": "sha256-H3AfG4ObMDTkTJYkd8cz1/RbY9LatN5Mk4UF48VuSXc=",
+        "lastModified": 1776329215,
+        "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "207d15f1a6603226e1e223dc79ac29c7846da32e",
+        "rev": "b86751bc4085f48661017fa226dee99fab6c651b",
        "type": "github"
      },
      "original": {
@@ -112,11 +56,7 @@
    "root": {
      "inputs": {
        "devenv": "devenv",
-        "git-hooks": "git-hooks",
-        "nixpkgs": "nixpkgs",
-        "pre-commit-hooks": [
-          "git-hooks"
-        ]
+        "nixpkgs": "nixpkgs"
      }
    }
  },
--- a/devenv.nix
+++ b/devenv.nix
@@ -1,57 +1,41 @@
 { pkgs, lib, config, inputs, ... }:

 {
-  # https://devenv.sh/basics/
  env.GRAALVM_HOME = "${pkgs.graalvmPackages.graalvm-ce}";

-  # https://devenv.sh/packages/
  packages = [
    pkgs.graalvmPackages.graalvm-ce
    pkgs.watchexec
  ];

-  # https://devenv.sh/languages/
  languages.java.enable = true;
  languages.java.lsp.enable = true;
  languages.java.gradle.enable = true;
  languages.java.jdk.package = pkgs.jdk25_headless;
-  # https://devenv.sh/processes/
-  # processes.cargo-watch.exec = "cargo-watch";
-  # process.manager.implementation = "mprocs";
  processes.watchbuild = {
-    exec = "watchexec -r -e java,html,css,js -w ./Backend/src -- build-backend";
+    exec = "build-backend";
+    watch = {
+      paths = [./Backend/src];
+      extensions = ["java"  "html"  "css"  "js"];
+    };
  };
  processes.runbin = {
-    exec = "watchexec -r -w ./Backend/buildcompleted.at ./Backend/build/native/nativeCompile/gtransfer";
+    exec = "./Backend/build/native/nativeCompile/gtransfer";
+    watch = {
+      paths = [ ./Backend/buildcompleted.at ];
+    };
  };
-  # https://devenv.sh/services/
  services.postgres.enable = true;
  services.postgres.listen_addresses = "localhost";
  services.postgres.port = 5432;
  services.postgres.initialDatabases = [
    {name="gtransfer";user="gtransfer";pass="gtransfer";}
  ];
-
-  # https://devenv.sh/scripts/
+  services.minio.enable = true;
  scripts.build-backend.exec = ''
    gradle -p ./Backend build && echo $(date) > ./Backend/buildcompleted.at
  '';
-  # enterShell = ''
-  #   PATH="$(pwd)/x86_64-linux-musl-native/bin:$PATH"
-  # '';

-  # https://devenv.sh/tasks/
-  # tasks = {
-  #   "myproj:setup".exec = "mytool build";
-  #   "devenv:enterShell".after = [ "myproj:setup" ];
-  # };
-
-  # https://devenv.sh/tests/
  enterTest = ''
  '';
-
-  # https://devenv.sh/git-hooks/
-  # git-hooks.hooks.shellcheck.enable = true;
-
-  # See full reference at https://devenv.sh/reference/options/
 }
Author	SHA1	Message	Date
Gregor Lohaus	8b9b3a0ff8	Merge branch 'chunked' All checks were successful Deploy / Explore-Gitea-Actions (push) Successful in 8m45s Details	2026-06-05 14:50:13 +02:00
Gregor Lohaus	f5e024f41c	remove unused size field on File model	2026-06-05 14:44:12 +02:00
Gregor Lohaus	0c3f8353be	get rid of backwards compatibility complexity	2026-06-05 14:29:45 +02:00
Gregor Lohaus	af02e24b4e	chunking	2026-06-05 14:06:01 +02:00
Gregor Lohaus	be5b9e0626	s3 support	2026-06-05 13:51:25 +02:00