A modern, full-stack secure file sharing platform built with React, Express, and MongoDB. Instantly upload files and share secure download links with anyone.
Live Demo: https://drop-vault-secure-file-sharing.vercel.app/
- Multiple File Upload: Upload single or multiple files at once (up to 10 files)
- Easy File Upload: Drag & drop or click to select files, then upload with one click
- Manual Upload Control: Select files, configure options (password/expiry), then click "Upload Files" button
- Download Tracking: Each file's download count is tracked
- Modern UI: Clean, responsive React interface with beautiful gradients and animations
- Password Protection: Optional password protection for sensitive files
- File Expiration: Set automatic expiration dates for files (auto-delete after X days)
- Server-Side Validation: File size (25MB) and type validation on both client and server
- Security Filtering: Blocks dangerous file types (executables, scripts, etc.)
- File Previews: Image previews before upload
- Manual Upload Workflow: Select files β Set password/expiry options β Click "Upload Files" button
- QR Code Generation: Generate QR codes for easy mobile sharing
- Toast Notifications: Beautiful toast notifications for user feedback
- Recent Uploads: View and access recently uploaded files (stored locally)
- File Metadata: Display file size, type, upload date, and expiration info
- Progress Tracking: Real-time upload progress bar
- Copy to Clipboard: One-click link copying
- File Info API: Get file metadata without downloading
- Automatic Cleanup: Expired files are automatically deleted
- Orphaned File Cleanup: Utility to clean up files not in database
- Error Handling: Comprehensive error handling and user feedback
- Frontend: React, Vite, Axios, QRCode.react
- Backend: Node.js, Express, Multer, Mongoose
- Database: MongoDB
- Storage: Local filesystem (can be replaced with S3/Cloudinary)
git clone <your-repo-url>
cd DropVault-Secure-File-Sharing-Platformcd server
npm installcd ../client
npm installNote: The frontend now includes qrcode.react for QR code generation. It will be installed automatically with npm install.
Create a .env file in the server directory:
MONGO_URI=your_mongodb_connection_string
# Optional: public URL of your API (used to build download links)
PUBLIC_BASE_URL=https://your-api.example.com
# Optional: comma-separated list of allowed origins for CORS
CORS_ORIGINS=https://your-app.vercel.app,http://localhost:5173
Create a .env.local file in the client directory:
VITE_API_URL=http://localhost:8000
cd server
npm run devcd ../client
npm run dev-
Select Files:
- Drag and drop files into the upload area, or
- Click "Choose Files" button to browse and select files
-
Configure Options (Optional):
- Set a password to protect your files
- Set expiration time in days (files will auto-delete after expiration)
-
Upload:
- Click the "Upload Files" button to start the upload
- Watch the progress bar as files upload
- Once complete, you'll receive shareable links
-
Share:
- Copy the download link
- Share the link with others (include password if set)
- Generate QR code for easy mobile sharing
- Open the shared link in your browser
- If password-protected, a password page will appear β enter the password and click Download File
- The file will download
DropVault-Secure-File-Sharing-Platform/
βββ client/ # React frontend
β βββ src/
β βββ App.jsx # Main application component
β βββ App.css # Styling
β βββ service/
β βββ api.js # API service layer
βββ server/ # Express backend
β βββ controller/
β β βββ image-controller.js # Upload/download handlers
β βββ models/
β β βββ file.js # MongoDB file schema
β βββ routes/
β β βββ routes.js # API routes
β βββ utils/
β β βββ upload.js # Multer configuration
β β βββ cleanup.js # File cleanup utilities
β βββ database/
β β βββ db.js # MongoDB connection
β βββ server.js # Express server setup
- POST
/uploadβ Upload single or multiple files- Body:
multipart/form-data - Fields:
file(required): File(s) to upload (can be multiple)password(optional): Password to protect the fileexpiresInDays(optional): Number of days until file expires
- Response: Array of uploaded file objects with shareable links
- Body:
- GET
/file/:fileId/infoβ Get file metadata without downloading- Response: File information (name, size, type, download count, expiration, etc.)
- GET
/file/:fileIdβ Download a file by its unique ID- Query Parameters:
password(optional): Password if file is protected
- Response: File download or error message
- Query Parameters:
This setup deploys the frontend to Vercel and the backend to a host with persistent storage (e.g., Render/Railway/Fly/VM). Vercel serverless is not ideal for local-disk uploads.
- Root directory:
server - Build command:
npm install - Start command:
node server.js - Environment variables:
MONGO_URI,PUBLIC_BASE_URL,CORS_ORIGINS(and optionallyPORT) - If using persistent disk for uploads, ensure
server/uploads/is writable or configure a mounted disk.
- Root directory:
client/ - Build command:
npm run build - Output directory:
dist - Environment variables: set
VITE_API_URLto your backend URL (e.g.,https://your-api.example.com) - Optional
vercel.jsonat repo root (already included) builds fromclient/.
- β Password protection for files
- β File expiration and automatic deletion
- β Server-side file size validation (25MB limit)
- β Dangerous file type filtering (executables, scripts blocked)
- β CORS configuration for allowed origins
- β Secure password hashing (SHA-256)
- Enhanced File Model: Added
size,mimetype,originalName,password,expiresAt, anduploadedAtfields with MongoDB TTL index support. - Improved Upload Handler: Support for multiple files, password hashing, and expiration date handling.
- New API Endpoints: Added
/file/:fileId/infofor metadata and enhanced/uploadwith options. - Cleanup Utilities: Added functions for automated cleanup of expired and orphaned files.
- Modern UI Components: Added file preview cards, upload options panel, and QR code display.
- Better State Management: Handled multiple files, toast notifications, and recent uploads persistence.
- Improved UX: Drag and drop support, real-time progress tracking, and responsive design improvements.
- Manual Upload Control: Files no longer auto-upload on selection. Users can configure password/expiry options before clicking the "Upload Files" button, providing better control over the upload process.
- The database schema has been updated. Existing files will remain functional but won't have the new metadata (size, mimetype, etc.).
- New optional features like password protection and expiration are available for all new uploads.
- Dependencies: Install the new frontend dependency using
npm installin theclientdirectory. - Maintenance: Set up a cron job to run the cleanup utilities periodically as described in the Maintenance section.
- User authentication and accounts
- File versioning and history
- Advanced search and filtering
- Cloud storage integration (S3, Cloudinary)
- Virus scanning for uploaded files
- Rate limiting to prevent abuse
Run the cleanup utility to remove expired files:
import { cleanupExpiredFiles, cleanupOrphanedFiles } from './utils/cleanup.js';
// Clean expired files
await cleanupExpiredFiles();
// Clean orphaned files (files on disk but not in database)
await cleanupOrphanedFiles();Set up a cron job to run cleanup periodically:
# Example: Run cleanup daily at 2 AM
0 2 * * * node /path/to/server/utils/cleanup.js- Storage: Replace local
multerdisk with S3/Cloudinary for reliable storage on serverless/free tiers - Rate Limiting: Consider adding rate limiting to prevent abuse
- File Scanning: Add virus scanning for uploaded files
- Monitoring: Set up logging and monitoring for file operations
- Backup: Implement backup strategy for important files
Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change.
Β© 2025 Abhiswant Chaudhary.
All rights reserved.
This project and its source code cannot be copied, modified, or distributed without explicit permission from the author.