fix: enforce max file size

Signed-off-by: skidoodle <contact@albert.lol>

.goreleaser.yaml

@@ -28,7 +28,6 @@ archives:
     files:
       - web/**/*
       - README.md
-      - CHANGELOG.md
 
 dockers:
   - image_templates:

CHANGELOG.md

@@ -1,44 +0,0 @@
-# Changelog
-
-## [3.0.0](https://github.com/skidoodle/safebin/compare/v2.0.0...v3.0.0) (2026-01-16)
-
-
-### ⚠ BREAKING CHANGES
-
-* Docker volume paths and environment variables have been updated. The internal storage path in the container has changed from `/home/appuser/storage` to `/app/storage`. Existing deployments must update their volume mappings and environment variable names to maintain persistence.
-
-### Code Refactoring
-
-* relocate core logic to internal package and modernize project structure ([43be383](https://github.com/skidoodle/safebin/commit/43be383fdbfb0263036284b8beb0ce3c646db87c))
-
-## [2.0.0](https://github.com/skidoodle/safebin/compare/v1.1.0...v2.0.0) (2026-01-16)
-
-
-### ⚠ BREAKING CHANGES
-
-* The encryption scheme and URL structure have been completely redesigned. Links generated with previous versions of safebin are no longer compatible and cannot be decrypted by this version.
-
-### Features
-
-* overhaul encryption to zero-knowledge at rest and modernize UI ([599347e](https://github.com/skidoodle/safebin/commit/599347e867444288fa58f8e358269121c5d32e36))
-
-## [1.1.0](https://github.com/skidoodle/safebin/compare/v1.0.1...v1.1.0) (2026-01-14)
-
-
-### Features
-
-* implement chunked uploads and environment-based configuration ([1ccc80a](https://github.com/skidoodle/safebin/commit/1ccc80ad4e5b949a8f1d1f3a8b3b4e8c4d2e1353))
-
-## [1.0.1](https://github.com/skidoodle/safebin/compare/v1.0.0...v1.0.1) (2026-01-14)
-
-
-### Bug Fixes
-
-* better dockerfile ([c1ecbe5](https://github.com/skidoodle/safebin/commit/c1ecbe567a24eb4e755f19fee68422025f3b15b2))
-
-## 1.0.0 (2026-01-13)
-
-
-### Features
-
-* add automated release and docker workflow ([e40e6d0](https://github.com/skidoodle/safebin/commit/e40e6d01afd0067bba5d0cf4a9b1ff3d7122259f))

Dockerfile

@@ -21,6 +21,7 @@ LABEL org.opencontainers.image.licenses="GPL-2.0-only"
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
     ca-certificates \
+    media-types \
     && rm -rf /var/lib/apt/lists/*
 
 RUN useradd -m -u 10001 -s /bin/bash appuser

Dockerfile.release

@@ -2,6 +2,7 @@ FROM debian:trixie-slim
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
     ca-certificates \
+    media-types \
     && rm -rf /var/lib/apt/lists/*
 
 RUN useradd -m -u 10001 -s /bin/bash appuser

README.md

@@ -4,74 +4,47 @@
 
 ## Features
 
-- **Server-Side Encryption**: Files are encrypted using AES-256-GCM before touching the disk.
+- **End-to-End Encryption**: Files are encrypted using AES-128-GCM before being written to disk.
-- **Log-Safe Keys**: The decryption key is stored in the URL fragment (`#`). Since fragments are never sent to the server, the key never appears in your HTTP access logs.
+- **Key-Derived URLs**: The decryption key is part of the URL. The server uses this key to locate and decrypt the file on the fly.
 - **Integrity**: Uses GCM (Galois/Counter Mode) to ensure files cannot be tampered with while stored.
-- **Deterministic**: Identical files result in the same ID, allowing for storage deduplication.
+- **Storage Deduplication**: Identical files result in the same ID, saving disk space.
+- **Chunked Uploads**: Supports large file uploads via the web interface using 8MB chunks.
 
 ## Usage
 
-You can interact with the service via the web interface or through the command line.
+### Web Interface
+Simply drag and drop files into the browser. The interface handles chunking and provides a shareable link once the upload is finalized.
 
-### Uploading a file
+### Command Line (CLI)
+You can upload files directly using `curl`:
 
 ```bash
-curl -F 'file=@archive.zip' https://bin.example.com
+curl -F 'file=@photo.jpg' https://bin.example.com
 ```
 
-The server will return a URL containing the file ID and the decryption key:
+The server will return a direct link:
-`https://bin.example.com/vS6_1_8pS-Y_8-8_...`
+`https://bin.example.com/0iEZGtW-ikVdu...jpg`
-
-### Downloading a file
-
-Simply open the link in a browser or use `curl`:
-
-```bash
-curl https://bin.example.com/vS6_1_8pS-Y_8-8_... > archive.zip
-```
 
 ## Configuration
 
-`safebin` is configured via command-line flags:
+`safebin` can be configured via environment variables or command-line flags:
 
-| Flag | Description | Default |
+| Flag | Environment Variable | Description | Default |
-| :--- | :--- | :--- |
+| :--- | :--- | :--- | :--- |
-| `-h` | Bind address for the server. | `0.0.0.0` |
+| `-h` | `SAFEBIN_HOST` | Bind address for the server. | `0.0.0.0` |
-| `-p` | Port to listen on. | `8080` |
+| `-p` | `SAFEBIN_PORT` | Port to listen on. | `8080` |
-| `-s` | Directory where encrypted files are stored. | `./storage` |
+| `-s` | `SAFEBIN_STORAGE` | Directory for encrypted storage. | `./storage` |
-| `-m` | Maximum file size in mb. | `512` |
+| `-m` | `SAFEBIN_MAX_MB` | Maximum file size in MB. | `512` |
 
-## Running Locally
+## Deployment
-
-### With Docker
-
-```bash
-git clone https://github.com/skidoodle/safebin
-cd safebin
-docker compose -f compose.dev.yaml up --build
-```
-
-### Without Docker
-
-Requires Go 1.25 or higher.
-
-```bash
-git clone https://github.com/skidoodle/safebin
-cd safebin
-go build -o safebin .
-./safebin -p 8080 -s ./data
-```
-
-## Deploying
 
 ### Docker Compose
-
+The easiest way to deploy is using the provided `compose.yaml`:
-The easiest way to deploy is using the provided `compose.yaml`.
 
 ```yaml
 services:
   safebin:
-    image: ghcr.io/skidoodle/safebin:main
+    image: ghcr.io/skidoodle/safebin:latest
     container_name: safebin
     restart: unless-stopped
     ports:
@@ -88,10 +61,22 @@ volumes:
   data:
 ```
 
+### Manual Build
+Requires Go 1.25 or higher.
+
+```bash
+go build -o safebin .
+./safebin -p 8080 -s ./data
+```
+
 ## Retention Policy
 
-The server runs a cleanup task every hour. Retention is calculated using a cubic scaling formula to balance disk usage:
+The server runs a background cleanup task every hour. Retention is calculated using a cubic scaling formula to prioritize small files:
-- **Small files (< 1MB)**: Up to 365 days.
-- **Large files (512MB)**: 24 hours.
 
-This ensures that the server doesn't run out of disk space due to large binary blobs while allowing small text files or images to persist for longer periods.
+- **Small files (e.g., < 1MB)**: Kept for up to **365 days**.
+- **Large files (at Max MB)**: Kept for **24 hours**.
+- **Temporary Uploads**: Unfinished chunked uploads are purged after **4 hours**.
+
+## License
+
+This project is licensed under the **GNU General Public License v2.0**.

compose.yaml

@@ -1,6 +1,6 @@
 services:
   safebin:
-    image: ghcr.io/skidoodle/safebin:main
+    image: ghcr.io/skidoodle/safebin:latest
     container_name: safebin
     restart: unless-stopped
     ports:

internal/app/handlers.go

@@ -21,9 +21,9 @@ func (app *App) HandleHome(w http.ResponseWriter, r *http.Request) {
 		"MaxMB": app.Conf.MaxMB,
 		"Host":  r.Host,
 	})
-    if err != nil {
+	if err != nil {
-        app.Logger.Error("Template error", "err", err)
+		app.Logger.Error("Template error", "err", err)
-    }
+	}
 }
 
 func (app *App) HandleUpload(w http.ResponseWriter, r *http.Request) {
@@ -32,17 +32,27 @@ func (app *App) HandleUpload(w http.ResponseWriter, r *http.Request) {
 
 	file, header, err := r.FormFile("file")
 	if err != nil {
+		if err.Error() == "http: request body too large" {
+			app.SendError(w, r, http.StatusRequestEntityTooLarge)
+			return
+		}
 		app.SendError(w, r, http.StatusBadRequest)
 		return
 	}
 	defer file.Close()
 
 	tmpPath := filepath.Join(app.Conf.StorageDir, "tmp", fmt.Sprintf("up_%d", os.Getpid()))
-	tmp, _ := os.Create(tmpPath)
+	tmp, err := os.Create(tmpPath)
+	if err != nil {
+		app.Logger.Error("Failed to create temp file", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
 	defer os.Remove(tmpPath)
 	defer tmp.Close()
 
 	if _, err := io.Copy(tmp, file); err != nil {
+		app.Logger.Error("Failed to write temp file", "err", err)
 		app.SendError(w, r, http.StatusRequestEntityTooLarge)
 		return
 	}
@@ -51,53 +61,124 @@ func (app *App) HandleUpload(w http.ResponseWriter, r *http.Request) {
 }
 
 func (app *App) HandleChunk(w http.ResponseWriter, r *http.Request) {
-	uid := r.FormValue("upload_id")
+	r.Body = http.MaxBytesReader(w, r.Body, 10<<20)
-	idx, _ := strconv.Atoi(r.FormValue("index"))
 
-	if !reUploadID.MatchString(uid) || idx > 1000 {
+	uid := r.FormValue("upload_id")
+	idx, err := strconv.Atoi(r.FormValue("index"))
+	if err != nil {
+		app.SendError(w, r, http.StatusBadRequest)
+		return
+	}
+
+	const chunkSize = 8 << 20
+	maxChunks := int((app.Conf.MaxMB<<20)/chunkSize) + 2
+
+	if !reUploadID.MatchString(uid) || idx > maxChunks || idx < 0 {
 		app.SendError(w, r, http.StatusBadRequest)
 		return
 	}
 
 	file, _, err := r.FormFile("chunk")
 	if err != nil {
+		if err.Error() == "http: request body too large" {
+			app.SendError(w, r, http.StatusRequestEntityTooLarge)
+			return
+		}
+		app.SendError(w, r, http.StatusBadRequest)
 		return
 	}
 	defer file.Close()
 
 	dir := filepath.Join(app.Conf.StorageDir, "tmp", uid)
-	os.MkdirAll(dir, 0700)
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		app.Logger.Error("Failed to create chunk dir", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
 
-	dest, _ := os.Create(filepath.Join(dir, strconv.Itoa(idx)))
+	dest, err := os.Create(filepath.Join(dir, strconv.Itoa(idx)))
+	if err != nil {
+		app.Logger.Error("Failed to create chunk file", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
 	defer dest.Close()
-	io.Copy(dest, file)
+
+	if _, err := io.Copy(dest, file); err != nil {
+		app.Logger.Error("Failed to save chunk", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
 }
 
 func (app *App) HandleFinish(w http.ResponseWriter, r *http.Request) {
 	uid := r.FormValue("upload_id")
-	total, _ := strconv.Atoi(r.FormValue("total"))
+	total, err := strconv.Atoi(r.FormValue("total"))
+	if err != nil {
+		app.SendError(w, r, http.StatusBadRequest)
+		return
+	}
 
-	if !reUploadID.MatchString(uid) || total > 1000 {
+	const chunkSize = 8 << 20
+	maxChunks := int((app.Conf.MaxMB<<20)/chunkSize) + 2
+
+	if !reUploadID.MatchString(uid) || total > maxChunks || total <= 0 {
 		app.SendError(w, r, http.StatusBadRequest)
 		return
 	}
 
 	tmpPath := filepath.Join(app.Conf.StorageDir, "tmp", "m_"+uid)
-	merged, _ := os.Create(tmpPath)
+	merged, err := os.Create(tmpPath)
+	if err != nil {
+		app.Logger.Error("Failed to create merge file", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
 	defer os.Remove(tmpPath)
 	defer merged.Close()
 
+	limit := app.Conf.MaxMB << 20
+	var written int64
+
 	for i := range total {
 		partPath := filepath.Join(app.Conf.StorageDir, "tmp", uid, strconv.Itoa(i))
 		part, err := os.Open(partPath)
 		if err != nil {
-			continue
+			app.Logger.Error("Missing chunk during merge", "uid", uid, "index", i, "err", err)
+			app.SendError(w, r, http.StatusBadRequest)
+			return
 		}
-		io.Copy(merged, part)
+
+		n, err := io.Copy(merged, part)
 		part.Close()
+		if err != nil {
+			app.Logger.Error("Failed to append chunk", "err", err)
+			app.SendError(w, r, http.StatusInternalServerError)
+			return
+		}
+
+		written += n
+		if written > limit {
+			app.SendError(w, r, http.StatusRequestEntityTooLarge)
+			return
+		}
 	}
 
-	app.FinalizeFile(w, r, merged, r.FormValue("filename"))
+	if err := merged.Close(); err != nil {
+		app.Logger.Error("Failed to close merged file", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
+	mergedRead, err := os.Open(tmpPath)
+	if err != nil {
+		app.Logger.Error("Failed to open merged file", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+	defer mergedRead.Close()
+
+	app.FinalizeFile(w, r, mergedRead, r.FormValue("filename"))
 	os.RemoveAll(filepath.Join(app.Conf.StorageDir, "tmp", uid))
 }
 
@@ -126,10 +207,21 @@ func (app *App) HandleGetFile(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	f, _ := os.Open(path)
+	f, err := os.Open(path)
+	if err != nil {
+		app.Logger.Error("Failed to open file", "path", path, "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
 	defer f.Close()
 
-	streamer, _ := crypto.NewGCMStreamer(key)
+	streamer, err := crypto.NewGCMStreamer(key)
+	if err != nil {
+		app.Logger.Error("Failed to create crypto streamer", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
 	decryptor := crypto.NewDecryptor(f, streamer.AEAD, info.Size())
 
 	contentType := mime.TypeByExtension(ext)
@@ -146,13 +238,28 @@ func (app *App) HandleGetFile(w http.ResponseWriter, r *http.Request) {
 }
 
 func (app *App) FinalizeFile(w http.ResponseWriter, r *http.Request, src *os.File, filename string) {
-	src.Seek(0, 0)
+	if _, err := src.Seek(0, 0); err != nil {
-	key, _ := crypto.DeriveKey(src)
+		app.Logger.Error("Seek failed", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
+	key, err := crypto.DeriveKey(src)
+	if err != nil {
+		app.Logger.Error("Key derivation failed", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
 
 	ext := filepath.Ext(filename)
 	id := crypto.GetID(key, ext)
 
-	src.Seek(0, 0)
+	if _, err := src.Seek(0, 0); err != nil {
+		app.Logger.Error("Seek failed", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
 	finalPath := filepath.Join(app.Conf.StorageDir, id)
 
 	if _, err := os.Stat(finalPath); err == nil {
@@ -160,15 +267,41 @@ func (app *App) FinalizeFile(w http.ResponseWriter, r *http.Request, src *os.Fil
 		return
 	}
 
-	out, _ := os.Create(finalPath + ".tmp")
+	out, err := os.Create(finalPath + ".tmp")
-	streamer, _ := crypto.NewGCMStreamer(key)
+	if err != nil {
-	if err := streamer.EncryptStream(out, src); err != nil {
+		app.Logger.Error("Failed to create final file", "err", err)
-		out.Close()
-		os.Remove(finalPath + ".tmp")
 		app.SendError(w, r, http.StatusInternalServerError)
 		return
 	}
-	out.Close()
+	defer func() {
-	os.Rename(finalPath+".tmp", finalPath)
+		out.Close()
+		os.Remove(finalPath + ".tmp")
+	}()
+
+	streamer, err := crypto.NewGCMStreamer(key)
+	if err != nil {
+		app.Logger.Error("Failed to create streamer", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
+	if err := streamer.EncryptStream(out, src); err != nil {
+		app.Logger.Error("Encryption failed", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
+	if err := out.Close(); err != nil {
+		app.Logger.Error("Failed to close final file", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
+	if err := os.Rename(finalPath+".tmp", finalPath); err != nil {
+		app.Logger.Error("Failed to rename final file", "err", err)
+		app.SendError(w, r, http.StatusInternalServerError)
+		return
+	}
+
 	app.RespondWithLink(w, r, key, filename)
 }

internal/app/server.go

@@ -9,38 +9,34 @@ import (
 
 func (app *App) Routes() *http.ServeMux {
 	mux := http.NewServeMux()
-
+	fs := http.FileServer(http.Dir("./web/static"))
-    fs := http.FileServer(http.Dir("./web/static"))
+	mux.Handle("GET /static/", http.StripPrefix("/static/", fs))
-    mux.Handle("GET /static/", http.StripPrefix("/static/", fs))
-
 	mux.HandleFunc("GET /{$}", app.HandleHome)
 	mux.HandleFunc("POST /{$}", app.HandleUpload)
 	mux.HandleFunc("POST /upload/chunk", app.HandleChunk)
 	mux.HandleFunc("POST /upload/finish", app.HandleFinish)
 	mux.HandleFunc("GET /{slug}", app.HandleGetFile)
-
 	return mux
 }
 
 func (app *App) RespondWithLink(w http.ResponseWriter, r *http.Request, key []byte, originalName string) {
 	keySlug := base64.RawURLEncoding.EncodeToString(key)
 	ext := filepath.Ext(originalName)
-
 	link := fmt.Sprintf("%s/%s%s", r.Host, keySlug, ext)
-
 	if r.Header.Get("X-Requested-With") == "XMLHttpRequest" {
 		fmt.Fprintf(w, `
-			<div style="text-align: left;">
+			<div class="result-container">
-				<div class="dim" style="margin-bottom: 8px;">Upload Complete:</div>
+				<div class="dim result-label">Upload Complete:</div>
 				<div class="copy-box">
 					<input type="text" value="%s" id="share-url" readonly onclick="this.select()">
 					<button onclick="copyToClipboard(this)">Copy</button>
 				</div>
-				<button class="reset-btn" onclick="resetUI()">Upload another</button>
+				<div class="reset-wrapper">
+					<button class="reset-btn" onclick="resetUI()">Upload another</button>
+				</div>
 			</div>`, link)
 		return
 	}
-
 	scheme := "https"
 	if r.TLS == nil {
 		scheme = "http"
@@ -51,7 +47,13 @@ func (app *App) RespondWithLink(w http.ResponseWriter, r *http.Request, key []by
 func (app *App) SendError(w http.ResponseWriter, r *http.Request, code int) {
 	if r.Header.Get("X-Requested-With") == "XMLHttpRequest" {
 		w.WriteHeader(code)
-		fmt.Fprintf(w, `<div class="error-text">Error %d</div><button class="reset-btn" onclick="resetUI()">Try again</button>`, code)
+		fmt.Fprintf(w, `
+			<div class="result-container">
+				<div class="error-text">Error %d</div>
+				<div class="reset-wrapper">
+					<button class="reset-btn" onclick="resetUI()">Try again</button>
+				</div>
+			</div>`, code)
 		return
 	}
 	http.Error(w, http.StatusText(code), code)

web/static/css/style.css

@@ -20,7 +20,7 @@ body {
 
 .container {
     width: 100%;
-    max-width: 600px;
+    max-width: 800px;
     padding: 20px;
 }
 
@@ -28,16 +28,33 @@ body {
     margin-bottom: 30px;
     border-left: 3px solid var(--accent);
     padding-left: 16px;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+}
+
+.header-title {
+    margin: 0;
+    color: var(--header-white);
 }
 
 .upload-area {
     border: 2px dashed var(--border);
     border-radius: 12px;
-    padding: 60px 20px;
+    padding: 20px;
     text-align: center;
     cursor: pointer;
     background: #161b22;
-    transition: 0.2s;
+    transition:
+        border-color 0.2s,
+        background 0.2s;
+    height: 220px;
+    display: flex;
+    flex-direction: column;
+    justify-content: center;
+    align-items: center;
+    box-sizing: border-box;
+    overflow: hidden;
 }
 
 .upload-area:hover,
@@ -46,6 +63,17 @@ body {
     background: #1c2128;
 }
 
+.upload-icon {
+    font-size: 32px;
+    color: var(--accent);
+    margin-bottom: 8px;
+}
+
+.upload-text {
+    font-weight: 500;
+    color: var(--header-white);
+}
+
 .progress-bar {
     height: 6px;
     background: var(--border);
@@ -53,6 +81,11 @@ body {
     margin: 25px 0;
     overflow: hidden;
     display: none;
+    width: 95%;
+}
+
+.progress-bar.visible {
+    display: block;
 }
 
 .progress-fill {
@@ -62,10 +95,37 @@ body {
     transition: width 0.3s;
 }
 
+#busy-state {
+    width: 100%;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+}
+
+#result-state {
+    width: 100%;
+    display: flex;
+    justify-content: center;
+}
+
+.result-container {
+    width: 100%;
+    max-width: 700px;
+    display: flex;
+    flex-direction: column;
+    padding: 0 20px;
+    box-sizing: border-box;
+}
+
+.result-label {
+    text-align: left;
+    margin-bottom: 8px;
+}
+
 .copy-box {
     display: flex;
-    margin-top: 20px;
     gap: 8px;
+    width: 100%;
 }
 
 input[type="text"] {
@@ -76,7 +136,10 @@ input[type="text"] {
     padding: 12px;
     border-radius: 6px;
     font-family: monospace;
+    font-size: 14px;
     outline: none;
+    min-width: 0;
+    width: 100%;
 }
 
 button {
@@ -87,16 +150,27 @@ button {
     border-radius: 6px;
     cursor: pointer;
     font-weight: 600;
+    white-space: nowrap;
+}
+
+.reset-wrapper {
+    margin-top: 20px;
+    display: flex;
+    justify-content: center;
 }
 
 .reset-btn {
     background: transparent;
     color: var(--fg);
     text-decoration: underline;
-    margin-top: 20px;
     border: none;
     cursor: pointer;
     opacity: 0.7;
+    font-size: 14px;
+}
+
+.reset-btn:hover {
+    opacity: 1;
 }
 
 .dim {
@@ -108,3 +182,66 @@ button {
     color: #f85149;
     margin-bottom: 10px;
 }
+
+.github-btn {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    padding: 6px 12px;
+    background: #21262d;
+    border: 1px solid var(--border);
+    border-radius: 6px;
+    color: var(--header-white);
+    text-decoration: none;
+    font-size: 13px;
+    font-weight: 500;
+    transition: 0.2s;
+}
+
+.github-btn:hover {
+    background: #30363d;
+    border-color: #8b949e;
+}
+
+.github-btn svg {
+    opacity: 0.9;
+}
+
+.cli-section {
+    margin-top: 40px;
+    padding-top: 24px;
+    border-top: 1px solid var(--border);
+}
+
+.cli-label {
+    text-transform: uppercase;
+    font-size: 11px;
+    font-weight: 700;
+    letter-spacing: 1px;
+}
+
+.cli-pre {
+    background: #161b22;
+    padding: 16px;
+    border-radius: 8px;
+    font-size: 13px;
+    overflow-x: auto;
+    border: 1px solid var(--border);
+}
+
+.status-text {
+    font-weight: 500;
+}
+
+.hidden {
+    display: none !important;
+}
+
+@media (max-width: 400px) {
+    .github-btn span {
+        display: none;
+    }
+    .github-btn {
+        padding: 6px;
+    }
+}

web/static/js/app.js

@@ -4,7 +4,7 @@ const fileInput = $("file-input");
 
 if (dropZone) {
   dropZone.onclick = () => {
-    if ($("idle-state").style.display !== "none") fileInput.click();
+    if (!$("idle-state").classList.contains("hidden")) fileInput.click();
   };
 
   fileInput.onchange = () => {
@@ -32,8 +32,23 @@ if (dropZone) {
 }
 
 async function handleUpload(file) {
-  $("idle-state").style.display = "none";
+  const maxMB = parseInt(dropZone.dataset.maxMb);
-  $("busy-state").style.display = "block";
+  if (file.size > maxMB * 1024 * 1024) {
+    $("idle-state").classList.add("hidden");
+    $("result-state").classList.remove("hidden");
+    $("result-state").innerHTML = `
+      <div class="result-container">
+        <div class="error-text">File too large (Max ${maxMB}MB)</div>
+        <div class="reset-wrapper">
+          <button class="reset-btn" onclick="resetUI()">Try again</button>
+        </div>
+      </div>`;
+    return;
+  }
+
+  $("idle-state").classList.add("hidden");
+  $("busy-state").classList.remove("hidden");
+  $("p-bar-container").classList.add("visible");
 
   const uploadID = Math.random().toString(36).substring(2, 15);
   const chunkSize = 1024 * 1024 * 8;
@@ -61,11 +76,19 @@ async function handleUpload(file) {
       headers: { "X-Requested-With": "XMLHttpRequest" },
     });
 
-    $("busy-state").style.display = "none";
+    $("busy-state").classList.add("hidden");
+    $("result-state").classList.remove("hidden");
     $("result-state").innerHTML = await res.text();
   } catch (e) {
-    $("busy-state").style.display = "none";
+    $("busy-state").classList.add("hidden");
-    $("result-state").innerHTML = `<div class="error-text">Upload Failed</div><button class="reset-btn" onclick="resetUI()">Try again</button>`;
+    $("result-state").classList.remove("hidden");
+    $("result-state").innerHTML = `
+      <div class="result-container">
+        <div class="error-text">Upload Failed</div>
+        <div class="reset-wrapper">
+          <button class="reset-btn" onclick="resetUI()">Try again</button>
+        </div>
+      </div>`;
   }
 }
 

web/templates/base.html

@@ -10,21 +10,26 @@
     <body>
         <div class="container">
             <header class="header">
-                <h2 style="margin: 0; color: var(--header-white)">safebin</h2>
+                <div>
-                <div class="dim">Encrypted Temporary File Storage</div>
+                    <h2 class="header-title">safebin</h2>
+                    <div class="dim">Encrypted Temporary File Storage</div>
+                </div>
+                <a href="https://github.com/skidoodle/safebin" class="github-btn" target="_blank" rel="noopener noreferrer">
+                    <svg height="16" width="16" viewBox="0 0 16 16" fill="currentColor">
+                        <path
+                            d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"
+                        ></path>
+                    </svg>
+                    <span>GitHub</span>
+                </a>
             </header>
-
             {{template "content" .}}
-
+            <section class="cli-section">
-            <section style="margin-top: 40px; padding-top: 24px; border-top: 1px solid var(--border)">
+                <div class="dim cli-label">CLI Usage</div>
-                <div class="dim" style="text-transform: uppercase; font-size: 11px; font-weight: 700; letter-spacing: 1px">CLI Usage</div>
+                <pre class="cli-pre">curl -F file=@yourfile {{.Host}}</pre>
-                <pre style="background: #161b22; padding: 16px; border-radius: 8px; font-size: 13px; overflow-x: auto; border: 1px solid var(--border)">
-curl -F file=@yourfile {{.Host}}</pre
-                >
             </section>
         </div>
-
+        <input type="file" id="file-input" class="hidden" />
-        <input type="file" id="file-input" style="display: none" />
         <script src="/static/js/app.js"></script>
     </body>
 </html>

web/templates/index.html

@@ -1,18 +1,16 @@
 {{define "content"}}
-<main class="upload-area" id="drop-zone">
+<main class="upload-area" id="drop-zone" data-max-mb="{{.MaxMB}}">
     <div id="idle-state">
-        <div style="font-size: 32px; color: var(--accent)">↑</div>
+        <div class="upload-icon">↑</div>
-        <div style="font-weight: 500; color: var(--header-white)">Click or drag to upload</div>
+        <div class="upload-text">Click or drag to upload</div>
         <div class="dim">Max size: {{.MaxMB}}MB</div>
     </div>
-
+    <div id="busy-state" class="hidden">
-    <div id="busy-state" style="display: none">
+        <div id="status-msg" class="status-text">Uploading...</div>
-        <div id="status-msg" style="font-weight: 500">Uploading...</div>
+        <div class="progress-bar" id="p-bar-container">
-        <div class="progress-bar" id="p-bar-container" style="display: block">
             <div class="progress-fill" id="p-fill"></div>
         </div>
     </div>
-
+    <div id="result-state" class="hidden"></div>
-    <div id="result-state"></div>
 </main>
 {{end}}