A stupid simple file upload application that provides a clean, modern interface for dragging and dropping files. Built with Node.js and vanilla JavaScript.
No auth (unless you want it now!), no storage, no nothing. Just a simple file uploader to drop dumb files into a dumb folder.
- Quick Start
- Production Deployment with Docker
- Local Development (Recommended Quick Start)
- Features
- Configuration
- Security
- Technical Details
- Demo Mode
- Contributing
- License
# Pull and run with one command
docker run -p 3000:3000 -v ./uploads:/app/uploads dumbwareio/dumbdrop:latest- Go to http://localhost:3000
- Upload a File - It'll show up in ./uploads
- Celebrate on how dumb easy this was
Create a docker-compose.yml file:
services:
dumbdrop:
image: dumbwareio/dumbdrop:latest
ports:
- 3000:3000
volumes:
# Where your uploaded files will land
- ./uploads:/app/uploads
environment:
# Explicitly set upload directory inside the container
UPLOAD_DIR: /app/uploads
# The title shown in the web interface
DUMBDROP_TITLE: DumbDrop
# Maximum file size in MB
MAX_FILE_SIZE: 1024
# Optional PIN protection (leave empty to disable)
DUMBDROP_PIN: 123456
# Upload without clicking button
AUTO_UPLOAD: false
# The base URL for the application
# You must update this to the url you use to access your site
BASE_URL: http://localhost:3000Then run:
docker compose up -d- Go to http://localhost:3000
- Upload a File - It'll show up in ./uploads
- Rejoice in the glory of your dumb uploads
Note: The
UPLOAD_DIRenvironment variable is now explicitly set to/app/uploadsin the container. The Dockerfile only creates theuploadsdirectory, notlocal_uploads. The host directory./uploadsis mounted to/app/uploadsfor persistent storage.
For local development setup, troubleshooting, and advanced usage, see the dedicated guide:
- π Drag and drop file uploads
- π Multiple file selection
- π¨ Clean, responsive UI with Dark Mode
- π¦ Docker support with easy configuration
- π Directory upload support (maintains structure)
- π Optional PIN protection
- π± Mobile-friendly interface
- π Configurable notifications via Apprise
- β‘ Zero dependencies on client-side
- π‘οΈ Built-in security features
- πΎ Configurable file size limits
- π― File extension filtering
| Variable | Description | Default | Required |
|---|---|---|---|
| PORT | Server port | 3000 | No |
| BASE_URL | Base URL for the application | http://localhost:PORT | No |
| MAX_FILE_SIZE | Maximum file size in MB | 1024 | No |
| DUMBDROP_PIN | PIN protection (4-10 digits) | None | No |
| DUMBDROP_TITLE | Site title displayed in header | DumbDrop | No |
| APPRISE_URL | Apprise URL for notifications | None | No |
| APPRISE_MESSAGE | Notification message template | New file uploaded {filename} ({size}), Storage used {storage} | No |
| APPRISE_SIZE_UNIT | Size unit for notifications (B, KB, MB, GB, TB, or Auto) | Auto | No |
| AUTO_UPLOAD | Enable automatic upload on file selection | false | No |
| ALLOWED_EXTENSIONS | Comma-separated list of allowed file extensions | None | No |
| ALLOWED_IFRAME_ORIGINS | Comma-separated list of origins allowed to embed the app in an iframe | None | No |
| UPLOAD_DIR | Directory for uploads (Docker/production; should be /app/uploads in container) |
None (see LOCAL_UPLOAD_DIR fallback) | No |
| LOCAL_UPLOAD_DIR | Directory for uploads (local dev, fallback: './local_uploads') | ./local_uploads | No |
- UPLOAD_DIR is used in Docker/production. If not set, LOCAL_UPLOAD_DIR is used for local development. If neither is set, the default is
./local_uploads. - Docker Note: The Dockerfile now only creates the
uploadsdirectory inside the container. The host's./local_uploadsis mounted to/app/uploadsand should be managed on the host system. - BASE_URL: If you are deploying DumbDrop under a subpath (e.g.,
https://example.com/watchfolder/), you must setBASE_URLto the full path including the trailing slash (e.g.,https://example.com/watchfolder/). All API and asset requests will be prefixed with this value. If you deploy at the root, usehttps://example.com/. - BASE_URL must end with a trailing slash. The app will fail to start if this is not the case.
See .env.example for a template and more details.
ALLOWED_IFRAME_ORIGINS
To allow this app to be embedded in an iframe on specific origins (such as Organizr), set the ALLOWED_IFRAME_ORIGINS environment variable. For example:
ALLOWED_IFRAME_ORIGINS=https://organizr.example.com,https://myportal.com- If not set, the app will only allow itself to be embedded in an iframe on the same origin (default security).
- If set, the app will allow embedding in iframes on the specified origins and itself.
- Security Note: Only add trusted origins. Allowing arbitrary origins can expose your app to clickjacking and other attacks.
File Extension Filtering
To restrict which file types can be uploaded, set the ALLOWED_EXTENSIONS environment variable. For example:
ALLOWED_EXTENSIONS=.jpg,.jpeg,.png,.pdf,.doc,.docx,.txtIf not set, all file extensions will be allowed.
Notification Setup
The notification message supports the following placeholders:
{filename}: Name of the uploaded file{size}: Size of the file (formatted according to APPRISE_SIZE_UNIT){storage}: Total size of all files in upload directory
Example message template:
APPRISE_MESSAGE: New file uploaded {filename} ({size}), Storage used {storage}Size formatting examples:
- Auto (default): Chooses nearest unit (e.g., "1.44MB", "256KB")
- Fixed unit: Set APPRISE_SIZE_UNIT to B, KB, MB, GB, or TB
Both {size} and {storage} use the same formatting rules based on APPRISE_SIZE_UNIT.
- Integration with Apprise for flexible notifications
- Support for all Apprise notification services
- Customizable notification messages with filename templating
- Optional - disabled if no APPRISE_URL is set
- Variable-length PIN support (4-10 digits)
- Constant-time PIN comparison
- Input sanitization
- Rate limiting
- File extension filtering
- No client-side PIN storage
- Secure file handling
- Backend: Node.js (>=20.0.0) with Express
- Frontend: Vanilla JavaScript (ES6+)
- Container: Docker with multi-stage builds
- Security: Express security middleware
- Upload: Chunked file handling via Multer
- Notifications: Apprise integration
- express: Web framework
- multer: File upload handling
- apprise: Notification system
- cors: Cross-origin resource sharing
- dotenv: Environment configuration
- express-rate-limit: Rate limiting
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes using conventional commits
- Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
See Local Development (Recommended Quick Start) for local setup and guidelines.
Made with β€οΈ by DumbWare.io
- Camera Upload for Mobile
Got an idea? Open an issue or submit a PR
