refactor: db location

Signed-off-by: skidoodle <contact@albert.lol>
fix: relax chunk limits, support proxies, optimize reads
2026-04-28 19:27:41 +02:00 · 2026-01-19 00:44:03 +01:00 · 2026-01-19 00:33:09 +01:00 · 2026-01-18 23:39:53 +01:00 · 2026-01-18 22:30:20 +01:00 · 2026-01-18 22:10:07 +01:00
28 changed files with 1821 additions and 433 deletions
@@ -1,3 +1,2 @@
 storage/*
-# Added by goreleaser init:
 dist/
@@ -26,7 +26,6 @@ archives:
      {{- else }}{{ .Arch }}{{ end }}
    formats: ["tar.gz"]
    files:
-      - web/**/*
      - README.md

 dockers:
@@ -37,8 +36,6 @@ dockers:
    goos: linux
    goarch: amd64
    dockerfile: Dockerfile.release
-    extra_files:
-      - web
    build_flag_templates:
      - "--platform=linux/amd64"
      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
@@ -51,8 +48,6 @@ dockers:
    goos: linux
    goarch: arm64
    dockerfile: Dockerfile.release
-    extra_files:
-      - web
    build_flag_templates:
      - "--platform=linux/arm64"
      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
@@ -1,7 +1,10 @@
-FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.25.6 AS builder

 WORKDIR /app

+COPY go.mod go.sum ./
+RUN go mod download
+
 COPY . .

 ARG TARGETOS
@@ -28,7 +31,6 @@ RUN useradd -m -u 10001 -s /bin/bash appuser
 WORKDIR /app

 COPY --from=builder /app/safebin .
-COPY --from=builder /app/web ./web

 RUN mkdir -p /app/storage && chown 10001:10001 /app/storage
 VOLUME ["/app/storage"]
@@ -9,7 +9,6 @@ RUN useradd -m -u 10001 -s /bin/bash appuser
 WORKDIR /app

 COPY safebin .
-COPY web ./web

 RUN mkdir -p /app/storage && chown 10001:10001 /app/storage
 VOLUME ["/app/storage"]
@@ -1,3 +1,7 @@
 module github.com/skidoodle/safebin

-go 1.25.5
+go 1.25.6
+
+require go.etcd.io/bbolt v1.4.3
+
+require golang.org/x/sys v0.29.0 // indirect
@@ -0,0 +1,14 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
+go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -4,9 +4,43 @@ import (
 	"flag"
 	"fmt"
 	"html/template"
+	"io/fs"
 	"log/slog"
 	"os"
 	"strconv"
+	"time"
+
+	"go.etcd.io/bbolt"
+)
+
+const (
+	DefaultHost     = "0.0.0.0"
+	DefaultPort     = 8080
+	DefaultStorage  = "./storage"
+	DefaultMaxMB    = 512
+	ServerTimeout   = 10 * time.Minute
+	ShutdownTimeout = 10 * time.Second
+
+	UploadChunkSize    = 8 << 20
+	MinChunkSize       = 1 << 20
+	MaxRequestOverhead = 10 << 20
+	PermUserRWX        = 0o700
+	MegaByte           = 1 << 20
+	ChunkSafetyMargin  = 2
+
+	SlugLength = 22
+	KeyLength  = 16
+
+	CleanupInterval = 1 * time.Hour
+	TempExpiry      = 4 * time.Hour
+	MinRetention    = 24 * time.Hour
+	MaxRetention    = 365 * 24 * time.Hour
+
+	DBDirName         = "db"
+	DBFileName        = "safebin.db"
+	DBBucketName      = "files"
+	DBBucketIndexName = "expiry_index"
+	TempDirName       = "tmp"
 )

 type Config struct {
@@ -19,40 +53,51 @@ type App struct {
 	Conf   Config
 	Tmpl   *template.Template
 	Logger *slog.Logger
+	DB     *bbolt.DB
+	Assets fs.FS
 }

 func LoadConfig() Config {
-	h := getEnv("SAFEBIN_HOST", "0.0.0.0")
-	p := getEnvInt("SAFEBIN_PORT", 8080)
-	s := getEnv("SAFEBIN_STORAGE", "./storage")
-	mDefault := int64(getEnvInt("SAFEBIN_MAX_MB", 512))
+	hostEnv := getEnv("SAFEBIN_HOST", DefaultHost)
+	portEnv := getEnvInt("SAFEBIN_PORT", DefaultPort)
+	storageEnv := getEnv("SAFEBIN_STORAGE", DefaultStorage)
+	maxMBEnv := int64(getEnvInt("SAFEBIN_MAX_MB", DefaultMaxMB))

-	var m int64
-	flag.StringVar(&h, "h", h, "Bind address")
-	flag.IntVar(&p, "p", p, "Port")
-	flag.StringVar(&s, "s", s, "Storage directory")
-	flag.Int64Var(&m, "m", mDefault, "Max file size in MB")
+	var host string
+	var port int
+	var storage string
+	var maxMB int64
+
+	flag.StringVar(&host, "h", hostEnv, "Bind address")
+	flag.IntVar(&port, "p", portEnv, "Port")
+	flag.StringVar(&storage, "s", storageEnv, "Storage directory")
+	flag.Int64Var(&maxMB, "m", maxMBEnv, "Max file size in MB")
 	flag.Parse()

-	return Config{Addr: fmt.Sprintf("%s:%d", h, p), StorageDir: s, MaxMB: m}
-}
-
-func getEnv(k, f string) string {
-	if v, ok := os.LookupEnv(k); ok {
-		return v
+	return Config{
+		Addr:       fmt.Sprintf("%s:%d", host, port),
+		StorageDir: storage,
+		MaxMB:      maxMB,
 	}
-	return f
 }

-func getEnvInt(k string, f int) int {
-	if v, ok := os.LookupEnv(k); ok {
-		if i, err := strconv.Atoi(v); err == nil {
+func getEnv(key, fallback string) string {
+	if value, ok := os.LookupEnv(key); ok {
+		return value
+	}
+	return fallback
+}
+
+func getEnvInt(key string, fallback int) int {
+	if value, ok := os.LookupEnv(key); ok {
+		i, err := strconv.Atoi(value)
+		if err == nil {
 			return i
 		}
 	}
-	return f
+	return fallback
 }

-func ParseTemplates() *template.Template {
-	return template.Must(template.ParseGlob("./web/templates/*.html"))
+func ParseTemplates(fsys fs.FS) *template.Template {
+	return template.Must(template.ParseFS(fsys, "*.html"))
 }
@@ -0,0 +1,37 @@
+package app
+
+import (
+	"testing"
+)
+
+func TestGetEnv(t *testing.T) {
+	key := "SAFEBIN_TEST_KEY"
+	val := "somevalue"
+
+	if got := getEnv(key, "default"); got != "default" {
+		t.Errorf("Expected default, got %s", got)
+	}
+
+	t.Setenv(key, val)
+	if got := getEnv(key, "default"); got != val {
+		t.Errorf("Expected %s, got %s", val, got)
+	}
+}
+
+func TestGetEnvInt(t *testing.T) {
+	key := "SAFEBIN_TEST_INT"
+
+	if got := getEnvInt(key, 8080); got != 8080 {
+		t.Errorf("Expected default 8080, got %d", got)
+	}
+
+	t.Setenv(key, "9090")
+	if got := getEnvInt(key, 8080); got != 9090 {
+		t.Errorf("Expected 9090, got %d", got)
+	}
+
+	t.Setenv(key, "notanumber")
+	if got := getEnvInt(key, 8080); got != 8080 {
+		t.Errorf("Expected fallback on invalid input, got %d", got)
+	}
+}
@@ -0,0 +1,46 @@
+package app
+
+import (
+	"os"
+	"path/filepath"
+	"time"
+
+	"go.etcd.io/bbolt"
+)
+
+type FileMeta struct {
+	ID        string    `json:"id"`
+	Size      int64     `json:"size"`
+	CreatedAt time.Time `json:"created_at"`
+	ExpiresAt time.Time `json:"expires_at"`
+}
+
+func InitDB(storageDir string) (*bbolt.DB, error) {
+	dbDir := filepath.Join(storageDir, DBDirName)
+	if err := os.MkdirAll(dbDir, PermUserRWX); err != nil {
+		return nil, err
+	}
+
+	path := filepath.Join(dbDir, DBFileName)
+	db, err := bbolt.Open(path, 0600, &bbolt.Options{Timeout: 1 * time.Second})
+	if err != nil {
+		return nil, err
+	}
+
+	err = db.Update(func(tx *bbolt.Tx) error {
+		if _, err := tx.CreateBucketIfNotExists([]byte(DBBucketName)); err != nil {
+			return err
+		}
+		if _, err := tx.CreateBucketIfNotExists([]byte(DBBucketIndexName)); err != nil {
+			return err
+		}
+		return nil
+	})
+
+	if err != nil {
+		_ = db.Close()
+		return nil, err
+	}
+
+	return db, nil
+}
@@ -0,0 +1,104 @@
+package app
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"go.etcd.io/bbolt"
+)
+
+func TestInitDB(t *testing.T) {
+	tmpDir := t.TempDir()
+
+	db, err := InitDB(tmpDir)
+	if err != nil {
+		t.Fatalf("InitDB failed: %v", err)
+	}
+	defer func() {
+		if err := db.Close(); err != nil {
+			t.Errorf("Failed to close DB: %v", err)
+		}
+	}()
+
+	dbPath := filepath.Join(tmpDir, DBDirName, DBFileName)
+	if _, err := os.Stat(dbPath); os.IsNotExist(err) {
+		t.Error("Database file was not created")
+	}
+
+	err = db.View(func(tx *bbolt.Tx) error {
+		if b := tx.Bucket([]byte(DBBucketName)); b == nil {
+			t.Errorf("Bucket '%s' was not created", DBBucketName)
+		}
+		if b := tx.Bucket([]byte(DBBucketIndexName)); b == nil {
+			t.Errorf("Bucket '%s' was not created", DBBucketIndexName)
+		}
+		return nil
+	})
+	if err != nil {
+		t.Errorf("View failed: %v", err)
+	}
+}
+
+func TestDB_MetadataLifecycle(t *testing.T) {
+	tmpDir := t.TempDir()
+	db, err := InitDB(tmpDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := db.Close(); err != nil {
+			t.Errorf("Failed to close DB: %v", err)
+		}
+	}()
+
+	app := &App{
+		Conf: Config{StorageDir: tmpDir, MaxMB: 100},
+		DB:   db,
+	}
+
+	fileID := "test-file-id"
+	fileSize := int64(1024)
+
+	if err := app.RegisterFile(fileID, fileSize); err != nil {
+		t.Fatalf("RegisterFile failed: %v", err)
+	}
+
+	err = db.View(func(tx *bbolt.Tx) error {
+		b := tx.Bucket([]byte(DBBucketName))
+		data := b.Get([]byte(fileID))
+		if data == nil {
+			t.Fatal("Metadata not found in DB")
+		}
+
+		var meta FileMeta
+		if err := json.Unmarshal(data, &meta); err != nil {
+			t.Fatalf("Failed to unmarshal meta: %v", err)
+		}
+
+		if meta.ID != fileID {
+			t.Errorf("Want ID %s, got %s", fileID, meta.ID)
+		}
+		if meta.Size != fileSize {
+			t.Errorf("Want Size %d, got %d", fileSize, meta.Size)
+		}
+		if meta.ExpiresAt.Before(time.Now()) {
+			t.Error("Expiration time is in the past")
+		}
+
+		bIndex := tx.Bucket([]byte(DBBucketIndexName))
+		indexKey := []byte(meta.ExpiresAt.Format(time.RFC3339) + "_" + fileID)
+		if val := bIndex.Get(indexKey); val == nil {
+			t.Error("Index entry not found")
+		} else if string(val) != fileID {
+			t.Errorf("Index value mismatch: want %s, got %s", fileID, string(val))
+		}
+
+		return nil
+	})
+	if err != nil {
+		t.Error(err)
+	}
+}
@@ -0,0 +1,107 @@
+package app
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"mime"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"github.com/skidoodle/safebin/internal/crypto"
+	"go.etcd.io/bbolt"
+)
+
+func (app *App) HandleGetFile(writer http.ResponseWriter, request *http.Request) {
+	slug := request.PathValue("slug")
+	if len(slug) < SlugLength {
+		app.SendError(writer, request, http.StatusBadRequest)
+		return
+	}
+
+	keyBase64 := slug[:SlugLength]
+	ext := slug[SlugLength:]
+
+	key, err := base64.RawURLEncoding.DecodeString(keyBase64)
+	if err != nil || len(key) != KeyLength {
+		app.SendError(writer, request, http.StatusUnauthorized)
+		return
+	}
+
+	id := crypto.GetID(key, ext)
+
+	var meta FileMeta
+	err = app.DB.View(func(tx *bbolt.Tx) error {
+		b := tx.Bucket([]byte(DBBucketName))
+		if b == nil {
+			return fmt.Errorf("bucket not found")
+		}
+		data := b.Get([]byte(id))
+		if data == nil {
+			return fmt.Errorf("file not found")
+		}
+		return json.Unmarshal(data, &meta)
+	})
+
+	if err != nil {
+		app.SendError(writer, request, http.StatusNotFound)
+		return
+	}
+
+	path := filepath.Join(app.Conf.StorageDir, id)
+	info, err := os.Stat(path)
+	if err != nil {
+		app.SendError(writer, request, http.StatusNotFound)
+		return
+	}
+
+	if info.Size() != meta.Size {
+		app.Logger.Error("Integrity check failed: disk size mismatch",
+			"id", id,
+			"disk_bytes", info.Size(),
+			"expected_bytes", meta.Size,
+		)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	file, err := os.Open(path)
+
+	if err != nil {
+		app.Logger.Error("Failed to open file", "path", path, "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	defer func() {
+		if closeErr := file.Close(); closeErr != nil {
+			app.Logger.Error("Failed to close file", "err", closeErr)
+		}
+	}()
+
+	streamer, err := crypto.NewGCMStreamer(key)
+
+	if err != nil {
+		app.Logger.Error("Failed to create crypto streamer", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	decryptor := crypto.NewDecryptor(file, streamer.AEAD, info.Size())
+
+	contentType := mime.TypeByExtension(ext)
+	if contentType == "" {
+		contentType = "application/octet-stream"
+	}
+
+	csp := "default-src 'none'; img-src 'self' data:; media-src 'self' data:; " +
+		"style-src 'unsafe-inline'; sandbox allow-forms allow-scripts allow-downloads allow-same-origin"
+
+	writer.Header().Set("Content-Type", contentType)
+	writer.Header().Set("Content-Security-Policy", csp)
+	writer.Header().Set("X-Content-Type-Options", "nosniff")
+	writer.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=%q", slug))
+
+	http.ServeContent(writer, request, slug, info.ModTime(), decryptor)
+}
@@ -1,307 +0,0 @@
-package app
-
-import (
-	"encoding/base64"
-	"fmt"
-	"io"
-	"mime"
-	"net/http"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strconv"
-
-	"github.com/skidoodle/safebin/internal/crypto"
-)
-
-var reUploadID = regexp.MustCompile(`^[a-zA-Z0-9]{10,50}$`)
-
-func (app *App) HandleHome(w http.ResponseWriter, r *http.Request) {
-	err := app.Tmpl.ExecuteTemplate(w, "base", map[string]any{
-		"MaxMB": app.Conf.MaxMB,
-		"Host":  r.Host,
-	})
-	if err != nil {
-		app.Logger.Error("Template error", "err", err)
-	}
-}
-
-func (app *App) HandleUpload(w http.ResponseWriter, r *http.Request) {
-	limit := (app.Conf.MaxMB << 20) + (1 << 20)
-	r.Body = http.MaxBytesReader(w, r.Body, limit)
-
-	file, header, err := r.FormFile("file")
-	if err != nil {
-		if err.Error() == "http: request body too large" {
-			app.SendError(w, r, http.StatusRequestEntityTooLarge)
-			return
-		}
-		app.SendError(w, r, http.StatusBadRequest)
-		return
-	}
-	defer file.Close()
-
-	tmpPath := filepath.Join(app.Conf.StorageDir, "tmp", fmt.Sprintf("up_%d", os.Getpid()))
-	tmp, err := os.Create(tmpPath)
-	if err != nil {
-		app.Logger.Error("Failed to create temp file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-	defer os.Remove(tmpPath)
-	defer tmp.Close()
-
-	if _, err := io.Copy(tmp, file); err != nil {
-		app.Logger.Error("Failed to write temp file", "err", err)
-		app.SendError(w, r, http.StatusRequestEntityTooLarge)
-		return
-	}
-
-	app.FinalizeFile(w, r, tmp, header.Filename)
-}
-
-func (app *App) HandleChunk(w http.ResponseWriter, r *http.Request) {
-	r.Body = http.MaxBytesReader(w, r.Body, 10<<20)
-
-	uid := r.FormValue("upload_id")
-	idx, err := strconv.Atoi(r.FormValue("index"))
-	if err != nil {
-		app.SendError(w, r, http.StatusBadRequest)
-		return
-	}
-
-	const chunkSize = 8 << 20
-	maxChunks := int((app.Conf.MaxMB<<20)/chunkSize) + 2
-
-	if !reUploadID.MatchString(uid) || idx > maxChunks || idx < 0 {
-		app.SendError(w, r, http.StatusBadRequest)
-		return
-	}
-
-	file, _, err := r.FormFile("chunk")
-	if err != nil {
-		if err.Error() == "http: request body too large" {
-			app.SendError(w, r, http.StatusRequestEntityTooLarge)
-			return
-		}
-		app.SendError(w, r, http.StatusBadRequest)
-		return
-	}
-	defer file.Close()
-
-	dir := filepath.Join(app.Conf.StorageDir, "tmp", uid)
-	if err := os.MkdirAll(dir, 0700); err != nil {
-		app.Logger.Error("Failed to create chunk dir", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	dest, err := os.Create(filepath.Join(dir, strconv.Itoa(idx)))
-	if err != nil {
-		app.Logger.Error("Failed to create chunk file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-	defer dest.Close()
-
-	if _, err := io.Copy(dest, file); err != nil {
-		app.Logger.Error("Failed to save chunk", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-}
-
-func (app *App) HandleFinish(w http.ResponseWriter, r *http.Request) {
-	uid := r.FormValue("upload_id")
-	total, err := strconv.Atoi(r.FormValue("total"))
-	if err != nil {
-		app.SendError(w, r, http.StatusBadRequest)
-		return
-	}
-
-	const chunkSize = 8 << 20
-	maxChunks := int((app.Conf.MaxMB<<20)/chunkSize) + 2
-
-	if !reUploadID.MatchString(uid) || total > maxChunks || total <= 0 {
-		app.SendError(w, r, http.StatusBadRequest)
-		return
-	}
-
-	tmpPath := filepath.Join(app.Conf.StorageDir, "tmp", "m_"+uid)
-	merged, err := os.Create(tmpPath)
-	if err != nil {
-		app.Logger.Error("Failed to create merge file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-	defer os.Remove(tmpPath)
-	defer merged.Close()
-
-	limit := app.Conf.MaxMB << 20
-	var written int64
-
-	for i := range total {
-		partPath := filepath.Join(app.Conf.StorageDir, "tmp", uid, strconv.Itoa(i))
-		part, err := os.Open(partPath)
-		if err != nil {
-			app.Logger.Error("Missing chunk during merge", "uid", uid, "index", i, "err", err)
-			app.SendError(w, r, http.StatusBadRequest)
-			return
-		}
-
-		n, err := io.Copy(merged, part)
-		part.Close()
-		if err != nil {
-			app.Logger.Error("Failed to append chunk", "err", err)
-			app.SendError(w, r, http.StatusInternalServerError)
-			return
-		}
-
-		written += n
-		if written > limit {
-			app.SendError(w, r, http.StatusRequestEntityTooLarge)
-			return
-		}
-	}
-
-	if err := merged.Close(); err != nil {
-		app.Logger.Error("Failed to close merged file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	mergedRead, err := os.Open(tmpPath)
-	if err != nil {
-		app.Logger.Error("Failed to open merged file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-	defer mergedRead.Close()
-
-	app.FinalizeFile(w, r, mergedRead, r.FormValue("filename"))
-	os.RemoveAll(filepath.Join(app.Conf.StorageDir, "tmp", uid))
-}
-
-func (app *App) HandleGetFile(w http.ResponseWriter, r *http.Request) {
-	slug := r.PathValue("slug")
-	if len(slug) < 22 {
-		app.SendError(w, r, http.StatusBadRequest)
-		return
-	}
-
-	keyBase64 := slug[:22]
-	ext := slug[22:]
-
-	key, err := base64.RawURLEncoding.DecodeString(keyBase64)
-	if err != nil || len(key) != 16 {
-		app.SendError(w, r, http.StatusUnauthorized)
-		return
-	}
-
-	id := crypto.GetID(key, ext)
-	path := filepath.Join(app.Conf.StorageDir, id)
-
-	info, err := os.Stat(path)
-	if err != nil {
-		app.SendError(w, r, http.StatusNotFound)
-		return
-	}
-
-	f, err := os.Open(path)
-	if err != nil {
-		app.Logger.Error("Failed to open file", "path", path, "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-	defer f.Close()
-
-	streamer, err := crypto.NewGCMStreamer(key)
-	if err != nil {
-		app.Logger.Error("Failed to create crypto streamer", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	decryptor := crypto.NewDecryptor(f, streamer.AEAD, info.Size())
-
-	contentType := mime.TypeByExtension(ext)
-	if contentType == "" {
-		contentType = "application/octet-stream"
-	}
-
-	w.Header().Set("Content-Type", contentType)
-	w.Header().Set("Content-Security-Policy", "default-src 'none'; img-src 'self' data:; media-src 'self' data:; style-src 'unsafe-inline'; sandbox allow-forms allow-scripts allow-downloads allow-same-origin")
-	w.Header().Set("X-Content-Type-Options", "nosniff")
-	w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=%q", slug))
-
-	http.ServeContent(w, r, slug, info.ModTime(), decryptor)
-}
-
-func (app *App) FinalizeFile(w http.ResponseWriter, r *http.Request, src *os.File, filename string) {
-	if _, err := src.Seek(0, 0); err != nil {
-		app.Logger.Error("Seek failed", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	key, err := crypto.DeriveKey(src)
-	if err != nil {
-		app.Logger.Error("Key derivation failed", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	ext := filepath.Ext(filename)
-	id := crypto.GetID(key, ext)
-
-	if _, err := src.Seek(0, 0); err != nil {
-		app.Logger.Error("Seek failed", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	finalPath := filepath.Join(app.Conf.StorageDir, id)
-
-	if _, err := os.Stat(finalPath); err == nil {
-		app.RespondWithLink(w, r, key, filename)
-		return
-	}
-
-	out, err := os.Create(finalPath + ".tmp")
-	if err != nil {
-		app.Logger.Error("Failed to create final file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-	defer func() {
-		out.Close()
-		os.Remove(finalPath + ".tmp")
-	}()
-
-	streamer, err := crypto.NewGCMStreamer(key)
-	if err != nil {
-		app.Logger.Error("Failed to create streamer", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	if err := streamer.EncryptStream(out, src); err != nil {
-		app.Logger.Error("Encryption failed", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	if err := out.Close(); err != nil {
-		app.Logger.Error("Failed to close final file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	if err := os.Rename(finalPath+".tmp", finalPath); err != nil {
-		app.Logger.Error("Failed to rename final file", "err", err)
-		app.SendError(w, r, http.StatusInternalServerError)
-		return
-	}
-
-	app.RespondWithLink(w, r, key, filename)
-}
@@ -0,0 +1,52 @@
+package app
+
+import (
+	"testing"
+	"time"
+)
+
+func TestCalculateRetention(t *testing.T) {
+	maxMB := int64(100)
+
+	tests := []struct {
+		name     string
+		fileSize int64
+		wantMin  time.Duration
+		wantMax  time.Duration
+	}{
+		{
+			name:     "Tiny file (Max retention)",
+			fileSize: 1024,
+			wantMin:  MaxRetention - time.Hour,
+			wantMax:  MaxRetention,
+		},
+		{
+			name:     "Max size file (Min retention)",
+			fileSize: 100 * MegaByte,
+			wantMin:  MinRetention,
+			wantMax:  MinRetention + time.Minute,
+		},
+		{
+			name:     "Half size file (Somewhere in between)",
+			fileSize: 50 * MegaByte,
+			wantMin:  24 * time.Hour,
+			wantMax:  MaxRetention,
+		},
+		{
+			name:     "Oversized file (Min retention)",
+			fileSize: 200 * MegaByte,
+			wantMin:  MinRetention,
+			wantMax:  MinRetention + time.Minute,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := CalculateRetention(tc.fileSize, maxMB)
+			if got < tc.wantMin || got > tc.wantMax {
+				t.Errorf("Retention for size %d: got %v, want between %v and %v",
+					tc.fileSize, got, tc.wantMin, tc.wantMax)
+			}
+		})
+	}
+}
@@ -5,26 +5,56 @@ import (
 	"fmt"
 	"net/http"
 	"path/filepath"
+	"strings"
 )

 func (app *App) Routes() *http.ServeMux {
 	mux := http.NewServeMux()
-	fs := http.FileServer(http.Dir("./web/static"))
-	mux.Handle("GET /static/", http.StripPrefix("/static/", fs))
+
+	fileServer := http.FileServer(http.FS(app.Assets))
+
+	staticHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "" || strings.HasSuffix(r.URL.Path, "/") {
+			http.NotFound(w, r)
+			return
+		}
+
+		if strings.HasSuffix(r.URL.Path, ".html") {
+			http.NotFound(w, r)
+			return
+		}
+
+		fileServer.ServeHTTP(w, r)
+	})
+
+	mux.Handle("GET /static/", http.StripPrefix("/static/", staticHandler))
 	mux.HandleFunc("GET /{$}", app.HandleHome)
 	mux.HandleFunc("POST /{$}", app.HandleUpload)
 	mux.HandleFunc("POST /upload/chunk", app.HandleChunk)
 	mux.HandleFunc("POST /upload/finish", app.HandleFinish)
 	mux.HandleFunc("GET /{slug}", app.HandleGetFile)
+
 	return mux
 }

-func (app *App) RespondWithLink(w http.ResponseWriter, r *http.Request, key []byte, originalName string) {
+func (app *App) HandleHome(writer http.ResponseWriter, request *http.Request) {
+	err := app.Tmpl.ExecuteTemplate(writer, "layout", map[string]any{
+		"MaxMB": app.Conf.MaxMB,
+		"Host":  request.Host,
+	})
+
+	if err != nil {
+		app.Logger.Error("Template error", "err", err)
+	}
+}
+
+func (app *App) RespondWithLink(writer http.ResponseWriter, request *http.Request, key []byte, originalName string) {
 	keySlug := base64.RawURLEncoding.EncodeToString(key)
 	ext := filepath.Ext(originalName)
-	link := fmt.Sprintf("%s/%s%s", r.Host, keySlug, ext)
-	if r.Header.Get("X-Requested-With") == "XMLHttpRequest" {
-		fmt.Fprintf(w, `
+	link := fmt.Sprintf("%s/%s%s", request.Host, keySlug, ext)
+
+	if request.Header.Get("X-Requested-With") == "XMLHttpRequest" {
+		html := `
 			<div class="result-container">
 				<div class="dim result-label">Upload Complete:</div>
 				<div class="copy-box">
@@ -34,27 +64,44 @@ func (app *App) RespondWithLink(w http.ResponseWriter, r *http.Request, key []by
 				<div class="reset-wrapper">
 					<button class="reset-btn" onclick="resetUI()">Upload another</button>
 				</div>
-			</div>`, link)
+			</div>`
+
+		if _, err := fmt.Fprintf(writer, html, link); err != nil {
+			app.Logger.Error("Failed to write response", "err", err)
+		}
 		return
 	}
-	scheme := "https"
-	if r.TLS == nil {
+
+	scheme := request.Header.Get("X-Forwarded-Proto")
+	if scheme == "" {
+		scheme = "https"
+		if request.TLS == nil {
 			scheme = "http"
 		}
-	fmt.Fprintf(w, "%s://%s\n", scheme, link)
+	}
+
+	if _, err := fmt.Fprintf(writer, "%s://%s\n", scheme, link); err != nil {
+		app.Logger.Error("Failed to write response", "err", err)
+	}
 }

-func (app *App) SendError(w http.ResponseWriter, r *http.Request, code int) {
-	if r.Header.Get("X-Requested-With") == "XMLHttpRequest" {
-		w.WriteHeader(code)
-		fmt.Fprintf(w, `
+func (app *App) SendError(writer http.ResponseWriter, request *http.Request, code int) {
+	if request.Header.Get("X-Requested-With") == "XMLHttpRequest" {
+		writer.WriteHeader(code)
+
+		html := `
 			<div class="result-container">
 				<div class="error-text">Error %d</div>
 				<div class="reset-wrapper">
 					<button class="reset-btn" onclick="resetUI()">Try again</button>
 				</div>
-			</div>`, code)
+			</div>`
+
+		if _, err := fmt.Fprintf(writer, html, code); err != nil {
+			app.Logger.Error("Failed to write error response", "err", err)
+		}
 		return
 	}
-	http.Error(w, http.StatusText(code), code)
+
+	http.Error(writer, http.StatusText(code), code)
 }
@@ -0,0 +1,339 @@
+package app
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"log/slog"
+	"mime/multipart"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/skidoodle/safebin/internal/crypto"
+)
+
+func setupTestApp(t *testing.T) (*App, string) {
+	storageDir := t.TempDir()
+	if err := os.MkdirAll(filepath.Join(storageDir, TempDirName), 0700); err != nil {
+		t.Fatalf("Failed to create temp dir: %v", err)
+	}
+
+	webDir := filepath.Join(storageDir, "web")
+	if err := os.MkdirAll(webDir, 0700); err != nil {
+		t.Fatalf("Failed to create web dir: %v", err)
+	}
+
+	if err := os.WriteFile(filepath.Join(webDir, "layout.html"), []byte(`{{define "layout"}}{{template "content" .}}{{end}}`), 0600); err != nil {
+		t.Fatalf("Failed to write layout.html: %v", err)
+	}
+	if err := os.WriteFile(filepath.Join(webDir, "home.html"), []byte(`{{define "content"}}OK{{end}}`), 0600); err != nil {
+		t.Fatalf("Failed to write home.html: %v", err)
+	}
+
+	testFS := os.DirFS(webDir)
+	tmpl := ParseTemplates(testFS)
+
+	db, err := InitDB(storageDir)
+	if err != nil {
+		t.Fatalf("Failed to init db: %v", err)
+	}
+	t.Cleanup(func() {
+		if err := db.Close(); err != nil {
+			t.Errorf("Failed to close DB: %v", err)
+		}
+	})
+
+	app := &App{
+		Conf: Config{
+			StorageDir: storageDir,
+			MaxMB:      10,
+		},
+		Logger: discardLogger(),
+		Tmpl:   tmpl,
+		Assets: testFS,
+		DB:     db,
+	}
+
+	return app, storageDir
+}
+
+func discardLogger() *slog.Logger {
+	return slog.New(slog.NewTextHandler(io.Discard, nil))
+}
+
+func TestIntegration_StandardUploadAndDownload(t *testing.T) {
+	app, _ := setupTestApp(t)
+	server := httptest.NewServer(app.Routes())
+	defer server.Close()
+
+	body := &bytes.Buffer{}
+	writer := multipart.NewWriter(body)
+	part, err := writer.CreateFormFile("file", "test.txt")
+	if err != nil {
+		t.Fatalf("CreateFormFile failed: %v", err)
+	}
+	content := []byte("Hello Safebin")
+	if _, err := part.Write(content); err != nil {
+		t.Fatalf("Write part failed: %v", err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatalf("Writer close failed: %v", err)
+	}
+
+	req, _ := http.NewRequest("POST", server.URL+"/", body)
+	req.Header.Set("Content-Type", writer.FormDataContentType())
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("Upload request failed: %v", err)
+	}
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			t.Errorf("Failed to close response body: %v", err)
+		}
+	}()
+
+	if resp.StatusCode != http.StatusOK {
+		t.Fatalf("Upload failed status: %d", resp.StatusCode)
+	}
+
+	respBytes, _ := io.ReadAll(resp.Body)
+	respStr := string(respBytes)
+	parts := strings.Split(strings.TrimSpace(respStr), "/")
+	slugWithExt := parts[len(parts)-1]
+
+	downloadURL := fmt.Sprintf("%s/%s", server.URL, slugWithExt)
+	resp, err = http.Get(downloadURL)
+	if err != nil {
+		t.Fatalf("Download request failed: %v", err)
+	}
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			t.Errorf("Failed to close download response body: %v", err)
+		}
+	}()
+
+	if resp.StatusCode != http.StatusOK {
+		t.Fatalf("Download failed status: %d", resp.StatusCode)
+	}
+
+	downloadedContent, _ := io.ReadAll(resp.Body)
+	if !bytes.Equal(content, downloadedContent) {
+		t.Errorf("Content mismatch. Want %s, got %s", content, downloadedContent)
+	}
+}
+
+func TestIntegration_ChunkedUpload(t *testing.T) {
+	app, _ := setupTestApp(t)
+	server := httptest.NewServer(app.Routes())
+	defer server.Close()
+
+	uploadID := "testchunkid123"
+	content := []byte("Chunk1Content-Chunk2Content")
+	chunk1 := content[:13]
+	chunk2 := content[13:]
+
+	uploadChunk(t, server.URL, uploadID, 0, chunk1)
+	uploadChunk(t, server.URL, uploadID, 1, chunk2)
+
+	finishURL := fmt.Sprintf("%s/upload/finish", server.URL)
+	form := map[string]string{
+		"upload_id": uploadID,
+		"total":     "2",
+		"filename":  "chunked.txt",
+	}
+
+	resp := postForm(t, finishURL, form)
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			t.Errorf("Failed to close finish response body: %v", err)
+		}
+	}()
+
+	if resp.StatusCode != http.StatusOK {
+		t.Fatalf("Finish failed: %d", resp.StatusCode)
+	}
+
+	respBytes, _ := io.ReadAll(resp.Body)
+	respStr := string(respBytes)
+	parts := strings.Split(strings.TrimSpace(respStr), "/")
+	slugWithExt := parts[len(parts)-1]
+
+	downloadURL := fmt.Sprintf("%s/%s", server.URL, slugWithExt)
+	dlResp, err := http.Get(downloadURL)
+	if err != nil {
+		t.Fatalf("Download request failed: %v", err)
+	}
+	dlBytes, _ := io.ReadAll(dlResp.Body)
+	if err := dlResp.Body.Close(); err != nil {
+		t.Errorf("Failed to close download response body: %v", err)
+	}
+
+	if !bytes.Equal(content, dlBytes) {
+		t.Errorf("Chunked reassembly failed. Want %s, got %s", content, dlBytes)
+	}
+}
+
+func TestIntegration_ChunkedUpload_VerifyEncryption(t *testing.T) {
+	app, storageDir := setupTestApp(t)
+	server := httptest.NewServer(app.Routes())
+	defer server.Close()
+
+	uploadID := "securechunk123"
+	plaintext := []byte("This is a secret message that should be encrypted")
+
+	uploadChunk(t, server.URL, uploadID, 0, plaintext)
+
+	chunkPath := filepath.Join(storageDir, TempDirName, uploadID, "0")
+	encryptedData, err := os.ReadFile(chunkPath)
+	if err != nil {
+		t.Fatalf("Failed to read chunk file: %v", err)
+	}
+
+	if bytes.Contains(encryptedData, plaintext) {
+		t.Fatal("Chunk file contains plaintext data!")
+	}
+
+	if len(encryptedData) <= crypto.KeySize {
+		t.Fatalf("Chunk file too small: %d bytes", len(encryptedData))
+	}
+
+	key := encryptedData[:crypto.KeySize]
+	ciphertext := encryptedData[crypto.KeySize:]
+
+	streamer, err := crypto.NewGCMStreamer(key)
+	if err != nil {
+		t.Fatalf("Failed to create streamer: %v", err)
+	}
+
+	r := bytes.NewReader(ciphertext)
+	d := crypto.NewDecryptor(r, streamer.AEAD, int64(len(ciphertext)))
+
+	decrypted, err := io.ReadAll(d)
+	if err != nil {
+		t.Fatalf("Failed to decrypt chunk: %v", err)
+	}
+
+	if !bytes.Equal(decrypted, plaintext) {
+		t.Errorf("Decrypted data mismatch.\nWant: %s\nGot:  %s", plaintext, decrypted)
+	}
+}
+
+func TestIntegration_Upload_VerifyEncryption(t *testing.T) {
+	app, storageDir := setupTestApp(t)
+	server := httptest.NewServer(app.Routes())
+	defer server.Close()
+
+	plaintext := []byte("Sensitive Data For Full Upload")
+
+	body := &bytes.Buffer{}
+	writer := multipart.NewWriter(body)
+	part, err := writer.CreateFormFile("file", "secret.txt")
+	if err != nil {
+		t.Fatalf("CreateFormFile failed: %v", err)
+	}
+	if _, err := part.Write(plaintext); err != nil {
+		t.Fatalf("Write failed: %v", err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatalf("Writer close failed: %v", err)
+	}
+
+	req, _ := http.NewRequest("POST", server.URL+"/", body)
+	req.Header.Set("Content-Type", writer.FormDataContentType())
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			t.Errorf("Failed to close response body: %v", err)
+		}
+	}()
+
+	respBytes, _ := io.ReadAll(resp.Body)
+	slug := filepath.Base(strings.TrimSpace(string(respBytes)))
+
+	if len(slug) < SlugLength {
+		t.Fatalf("Invalid slug: %s", slug)
+	}
+	keyBase64 := slug[:SlugLength]
+	key, _ := base64.RawURLEncoding.DecodeString(keyBase64)
+	ext := filepath.Ext("secret.txt")
+	id := crypto.GetID(key, ext)
+
+	finalPath := filepath.Join(storageDir, id)
+	finalData, err := os.ReadFile(finalPath)
+	if err != nil {
+		t.Fatalf("Failed to read final file: %v", err)
+	}
+
+	if bytes.Contains(finalData, plaintext) {
+		t.Fatal("Final file contains plaintext!")
+	}
+
+	streamer, _ := crypto.NewGCMStreamer(key)
+	d := crypto.NewDecryptor(bytes.NewReader(finalData), streamer.AEAD, int64(len(finalData)))
+	decrypted, _ := io.ReadAll(d)
+
+	if !bytes.Equal(decrypted, plaintext) {
+		t.Error("Final file decryption failed")
+	}
+}
+
+func uploadChunk(t *testing.T, baseURL, uid string, idx int, data []byte) {
+	body := &bytes.Buffer{}
+	writer := multipart.NewWriter(body)
+	if err := writer.WriteField("upload_id", uid); err != nil {
+		t.Fatalf("WriteField upload_id failed: %v", err)
+	}
+	if err := writer.WriteField("index", fmt.Sprintf("%d", idx)); err != nil {
+		t.Fatalf("WriteField index failed: %v", err)
+	}
+	part, err := writer.CreateFormFile("chunk", "blob")
+	if err != nil {
+		t.Fatalf("CreateFormFile failed: %v", err)
+	}
+	if _, err := part.Write(data); err != nil {
+		t.Fatalf("Write part failed: %v", err)
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatalf("Writer close failed: %v", err)
+	}
+
+	req, _ := http.NewRequest("POST", baseURL+"/upload/chunk", body)
+	req.Header.Set("Content-Type", writer.FormDataContentType())
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil || resp.StatusCode != http.StatusOK {
+		t.Fatalf("Chunk %d upload failed: %v", idx, err)
+	}
+	if err := resp.Body.Close(); err != nil {
+		t.Errorf("Failed to close chunk response body: %v", err)
+	}
+}
+
+func postForm(t *testing.T, url string, fields map[string]string) *http.Response {
+	body := &bytes.Buffer{}
+	writer := multipart.NewWriter(body)
+	for k, v := range fields {
+		if err := writer.WriteField(k, v); err != nil {
+			t.Fatalf("WriteField %s failed: %v", k, err)
+		}
+	}
+	if err := writer.Close(); err != nil {
+		t.Fatalf("Writer close failed: %v", err)
+	}
+
+	req, _ := http.NewRequest("POST", url, body)
+	req.Header.Set("Content-Type", writer.FormDataContentType())
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("Post form failed: %v", err)
+	}
+	return resp
+}
@@ -2,49 +2,283 @@ package app

 import (
 	"context"
+	"crypto/rand"
+	"encoding/json"
+	"fmt"
+	"io"
 	"math"
 	"os"
 	"path/filepath"
+	"strconv"
 	"time"
+
+	"github.com/skidoodle/safebin/internal/crypto"
+	"go.etcd.io/bbolt"
 )

 func (app *App) StartCleanupTask(ctx context.Context) {
-	ticker := time.NewTicker(1 * time.Hour)
+	ticker := time.NewTicker(CleanupInterval)
+
 	for {
 		select {
 		case <-ctx.Done():
+			ticker.Stop()
 			return
 		case <-ticker.C:
-			app.CleanDir(app.Conf.StorageDir, false)
-			app.CleanDir(filepath.Join(app.Conf.StorageDir, "tmp"), true)
+			app.CleanStorage()
+			app.CleanTemp(filepath.Join(app.Conf.StorageDir, TempDirName))
 		}
 	}
 }

-func (app *App) CleanDir(path string, isTmp bool) {
-	entries, _ := os.ReadDir(path)
+func (app *App) saveChunk(uid string, idx int, src io.Reader) error {
+	dir := filepath.Join(app.Conf.StorageDir, TempDirName, uid)
+
+	if err := os.MkdirAll(dir, PermUserRWX); err != nil {
+		return fmt.Errorf("create chunk dir: %w", err)
+	}
+
+	dest, err := os.Create(filepath.Join(dir, strconv.Itoa(idx)))
+	if err != nil {
+		return fmt.Errorf("create chunk file: %w", err)
+	}
+
+	defer func() {
+		if closeErr := dest.Close(); closeErr != nil {
+			app.Logger.Error("Failed to close chunk dest", "err", closeErr)
+		}
+	}()
+
+	key := make([]byte, crypto.KeySize)
+	if _, err := rand.Read(key); err != nil {
+		return fmt.Errorf("generate chunk key: %w", err)
+	}
+
+	if _, err := dest.Write(key); err != nil {
+		return fmt.Errorf("write chunk key: %w", err)
+	}
+
+	streamer, err := crypto.NewGCMStreamer(key)
+	if err != nil {
+		return fmt.Errorf("create streamer: %w", err)
+	}
+
+	if err := streamer.EncryptStream(dest, src); err != nil {
+		return fmt.Errorf("encrypt chunk: %w", err)
+	}
+
+	return nil
+}
+
+func (app *App) getChunkDecryptors(uid string, total int) ([]io.ReadSeeker, func(), error) {
+	files := make([]*os.File, 0, total)
+	decryptors := make([]io.ReadSeeker, 0, total)
+
+	closeAll := func() {
+		for _, f := range files {
+			_ = f.Close()
+		}
+	}
+
+	for i := range total {
+		partPath := filepath.Join(app.Conf.StorageDir, TempDirName, uid, strconv.Itoa(i))
+		f, err := os.Open(partPath)
+		if err != nil {
+			closeAll()
+			return nil, nil, fmt.Errorf("open chunk %d: %w", i, err)
+		}
+		files = append(files, f)
+
+		key := make([]byte, crypto.KeySize)
+		if _, err := io.ReadFull(f, key); err != nil {
+			closeAll()
+			return nil, nil, fmt.Errorf("read chunk key %d: %w", i, err)
+		}
+
+		info, err := f.Stat()
+		if err != nil {
+			closeAll()
+			return nil, nil, fmt.Errorf("stat chunk %d: %w", i, err)
+		}
+
+		bodySize := info.Size() - int64(crypto.KeySize)
+		if bodySize < 0 {
+			closeAll()
+			return nil, nil, fmt.Errorf("invalid chunk size %d", i)
+		}
+
+		bodyReader := io.NewSectionReader(f, int64(crypto.KeySize), bodySize)
+
+		streamer, err := crypto.NewGCMStreamer(key)
+		if err != nil {
+			closeAll()
+			return nil, nil, fmt.Errorf("create streamer %d: %w", i, err)
+		}
+
+		decryptor := crypto.NewDecryptor(bodyReader, streamer.AEAD, bodySize)
+		decryptors = append(decryptors, decryptor)
+	}
+
+	return decryptors, closeAll, nil
+}
+
+func (app *App) encryptAndSave(src io.Reader, key []byte, finalPath string) error {
+	out, err := os.Create(finalPath + ".tmp")
+	if err != nil {
+		return fmt.Errorf("create final file: %w", err)
+	}
+
+	var closed bool
+
+	defer func() {
+		if !closed {
+			if closeErr := out.Close(); closeErr != nil {
+				app.Logger.Error("Failed to close final file", "err", closeErr)
+			}
+		}
+
+		if removeErr := os.Remove(finalPath + ".tmp"); removeErr != nil && !os.IsNotExist(removeErr) {
+			app.Logger.Error("Failed to remove temp final file", "err", removeErr)
+		}
+	}()
+
+	streamer, err := crypto.NewGCMStreamer(key)
+	if err != nil {
+		return fmt.Errorf("create streamer: %w", err)
+	}
+
+	if err := streamer.EncryptStream(out, src); err != nil {
+		return fmt.Errorf("encrypt stream: %w", err)
+	}
+
+	if err := out.Close(); err != nil {
+		return fmt.Errorf("close final file: %w", err)
+	}
+
+	closed = true
+
+	if err := os.Rename(finalPath+".tmp", finalPath); err != nil {
+		return fmt.Errorf("rename final file: %w", err)
+	}
+
+	return nil
+}
+
+func (app *App) RegisterFile(id string, size int64) error {
+	retention := CalculateRetention(size, app.Conf.MaxMB)
+	meta := FileMeta{
+		ID:        id,
+		Size:      size,
+		CreatedAt: time.Now(),
+		ExpiresAt: time.Now().Add(retention),
+	}
+
+	return app.DB.Update(func(tx *bbolt.Tx) error {
+		bFiles := tx.Bucket([]byte(DBBucketName))
+		bIndex := tx.Bucket([]byte(DBBucketIndexName))
+
+		data, err := json.Marshal(meta)
+		if err != nil {
+			return err
+		}
+
+		if err := bFiles.Put([]byte(id), data); err != nil {
+			return err
+		}
+
+		indexKey := []byte(meta.ExpiresAt.Format(time.RFC3339) + "_" + id)
+		return bIndex.Put(indexKey, []byte(id))
+	})
+}
+
+func (app *App) CleanStorage() {
+	now := time.Now().Format(time.RFC3339)
+	var toDeleteIDs []string
+	var toDeleteKeys []string
+
+	err := app.DB.View(func(tx *bbolt.Tx) error {
+		bIndex := tx.Bucket([]byte(DBBucketIndexName))
+		if bIndex == nil {
+			return nil
+		}
+		c := bIndex.Cursor()
+
+		for k, v := c.First(); k != nil; k, v = c.Next() {
+			if string(k) > now {
+				break
+			}
+
+			toDeleteKeys = append(toDeleteKeys, string(k))
+			toDeleteIDs = append(toDeleteIDs, string(v))
+		}
+		return nil
+	})
+
+	if err != nil {
+		app.Logger.Error("Failed to view DB for cleanup", "err", err)
+		return
+	}
+
+	if len(toDeleteIDs) == 0 {
+		return
+	}
+
+	err = app.DB.Update(func(tx *bbolt.Tx) error {
+		bFiles := tx.Bucket([]byte(DBBucketName))
+		bIndex := tx.Bucket([]byte(DBBucketIndexName))
+
+		for i, id := range toDeleteIDs {
+			path := filepath.Join(app.Conf.StorageDir, id)
+			if err := os.RemoveAll(path); err != nil {
+				app.Logger.Error("Failed to remove expired file", "path", id, "err", err)
+			}
+
+			if err := bFiles.Delete([]byte(id)); err != nil {
+				app.Logger.Error("Failed to delete metadata", "id", id, "err", err)
+			}
+
+			if err := bIndex.Delete([]byte(toDeleteKeys[i])); err != nil {
+				app.Logger.Error("Failed to delete index", "key", toDeleteKeys[i], "err", err)
+			}
+		}
+		return nil
+	})
+
+	if err != nil {
+		app.Logger.Error("Failed to update DB during cleanup", "err", err)
+	}
+}
+
+func (app *App) CleanTemp(path string) {
+	entries, err := os.ReadDir(path)
+	if err != nil {
+		app.Logger.Error("Failed to read temp dir", "err", err)
+		return
+	}
+
 	for _, entry := range entries {
-		info, _ := entry.Info()
-		expiry := 4 * time.Hour
-		if !isTmp {
-			expiry = CalculateRetention(info.Size(), app.Conf.MaxMB)
+		info, err := entry.Info()
+		if err != nil {
+			continue
 		}

-		if time.Since(info.ModTime()) > expiry {
-			os.RemoveAll(filepath.Join(path, entry.Name()))
+		if time.Since(info.ModTime()) > TempExpiry {
+			if err := os.RemoveAll(filepath.Join(path, entry.Name())); err != nil {
+				app.Logger.Error("Failed to remove expired temp file", "path", entry.Name(), "err", err)
+			}
 		}
 	}
 }

-func CalculateRetention(fileSize int64, maxMB int64) time.Duration {
-	const (
-		minAge = 24 * time.Hour
-		maxAge = 365 * 24 * time.Hour
-	)
-	ratio := math.Max(0, math.Min(1, float64(fileSize)/float64(maxMB<<20)))
-	retention := float64(maxAge) * math.Pow(1.0-ratio, 3)
-	if retention < float64(minAge) {
-		return minAge
+func CalculateRetention(fileSize, maxMB int64) time.Duration {
+	ratio := math.Max(0, math.Min(1, float64(fileSize)/float64(maxMB*MegaByte)))
+
+	invRatio := 1.0 - ratio
+	retention := float64(MaxRetention) * (invRatio * invRatio * invRatio)
+
+	if retention < float64(MinRetention) {
+		return MinRetention
 	}
+
 	return time.Duration(retention)
 }
@@ -0,0 +1,218 @@
+package app
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/json"
+	"io"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/skidoodle/safebin/internal/crypto"
+	"go.etcd.io/bbolt"
+)
+
+func TestCleanup_AbandonedChunks(t *testing.T) {
+	tmpDir := t.TempDir()
+	tmpStorage := filepath.Join(tmpDir, TempDirName)
+	if err := os.MkdirAll(tmpStorage, 0700); err != nil {
+		t.Fatalf("MkdirAll failed: %v", err)
+	}
+
+	db, err := InitDB(tmpDir)
+	if err != nil {
+		t.Fatalf("InitDB failed: %v", err)
+	}
+	defer func() {
+		if err := db.Close(); err != nil {
+			t.Errorf("Failed to close DB: %v", err)
+		}
+	}()
+
+	app := &App{
+		Conf:   Config{StorageDir: tmpDir},
+		Logger: discardLogger(),
+		DB:     db,
+	}
+
+	chunkDir := filepath.Join(tmpStorage, "some_upload_id")
+	if err := os.MkdirAll(chunkDir, 0700); err != nil {
+		t.Fatalf("MkdirAll chunkDir failed: %v", err)
+	}
+	if err := os.WriteFile(filepath.Join(chunkDir, "0"), []byte("chunk data"), 0600); err != nil {
+		t.Fatalf("WriteFile chunk failed: %v", err)
+	}
+
+	oldTime := time.Now().Add(-TempExpiry - time.Hour)
+	if err := os.Chtimes(chunkDir, oldTime, oldTime); err != nil {
+		t.Fatalf("Chtimes failed: %v", err)
+	}
+
+	app.CleanTemp(tmpStorage)
+
+	if _, err := os.Stat(chunkDir); !os.IsNotExist(err) {
+		t.Error("Cleanup failed to remove abandoned chunk directory")
+	}
+}
+
+func TestCleanup_ExpiredStorage(t *testing.T) {
+	storageDir := t.TempDir()
+	db, err := InitDB(storageDir)
+	if err != nil {
+		t.Fatalf("InitDB failed: %v", err)
+	}
+	defer func() {
+		if err := db.Close(); err != nil {
+			t.Errorf("Failed to close DB: %v", err)
+		}
+	}()
+
+	app := &App{
+		Conf: Config{
+			StorageDir: storageDir,
+			MaxMB:      100,
+		},
+		Logger: discardLogger(),
+		DB:     db,
+	}
+
+	filename := "large_file_id"
+	path := filepath.Join(storageDir, filename)
+	f, err := os.Create(path)
+	if err != nil {
+		t.Fatalf("Create file failed: %v", err)
+	}
+	if err := f.Truncate(100 * MegaByte); err != nil {
+		t.Fatalf("Truncate failed: %v", err)
+	}
+	if err := f.Close(); err != nil {
+		t.Fatalf("Close file failed: %v", err)
+	}
+
+	expiredMeta := FileMeta{
+		ID:        filename,
+		Size:      100 * MegaByte,
+		CreatedAt: time.Now().Add(-MinRetention - 2*time.Hour),
+		ExpiresAt: time.Now().Add(-time.Hour),
+	}
+
+	if err := app.DB.Update(func(tx *bbolt.Tx) error {
+		bFiles := tx.Bucket([]byte(DBBucketName))
+		bIndex := tx.Bucket([]byte(DBBucketIndexName))
+
+		data, _ := json.Marshal(expiredMeta)
+		if err := bFiles.Put([]byte(filename), data); err != nil {
+			return err
+		}
+
+		indexKey := []byte(expiredMeta.ExpiresAt.Format(time.RFC3339) + "_" + filename)
+		return bIndex.Put(indexKey, []byte(filename))
+	}); err != nil {
+		t.Fatalf("DB Update failed: %v", err)
+	}
+
+	app.CleanStorage()
+
+	if _, err := os.Stat(path); !os.IsNotExist(err) {
+		t.Error("Cleanup failed to remove expired large file")
+	}
+
+	if err := app.DB.View(func(tx *bbolt.Tx) error {
+		bFiles := tx.Bucket([]byte(DBBucketName))
+		if v := bFiles.Get([]byte(filename)); v != nil {
+			t.Error("Cleanup failed to remove metadata")
+		}
+
+		bIndex := tx.Bucket([]byte(DBBucketIndexName))
+		indexKey := []byte(expiredMeta.ExpiresAt.Format(time.RFC3339) + "_" + filename)
+		if v := bIndex.Get(indexKey); v != nil {
+			t.Error("Cleanup failed to remove index entry")
+		}
+		return nil
+	}); err != nil {
+		t.Fatalf("DB View failed: %v", err)
+	}
+}
+
+func TestSaveChunk_EncryptsData(t *testing.T) {
+	tmpDir := t.TempDir()
+	app := &App{
+		Conf:   Config{StorageDir: tmpDir},
+		Logger: discardLogger(),
+	}
+
+	uid := "test-encrypt-chunk"
+	plaintext := make([]byte, 1024)
+	if _, err := rand.Read(plaintext); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := app.saveChunk(uid, 0, bytes.NewReader(plaintext)); err != nil {
+		t.Fatalf("saveChunk failed: %v", err)
+	}
+
+	path := filepath.Join(tmpDir, TempDirName, uid, "0")
+	fileData, err := os.ReadFile(path)
+	if err != nil {
+		t.Fatalf("ReadFile failed: %v", err)
+	}
+
+	if bytes.Equal(fileData, plaintext) {
+		t.Fatal("Chunk stored as plaintext!")
+	}
+	if bytes.Contains(fileData, plaintext) {
+		t.Fatal("Chunk contains plaintext!")
+	}
+
+	expectedSize := crypto.KeySize + len(plaintext) + 16
+	if len(fileData) != expectedSize {
+		t.Errorf("Unexpected file size. Want %d, got %d", expectedSize, len(fileData))
+	}
+}
+
+func TestGetChunkDecryptors_RestoresData(t *testing.T) {
+	tmpDir := t.TempDir()
+	app := &App{
+		Conf:   Config{StorageDir: tmpDir},
+		Logger: discardLogger(),
+	}
+
+	uid := "test-restore"
+	data1 := []byte("chunk one data")
+	data2 := []byte("chunk two data")
+
+	if err := app.saveChunk(uid, 0, bytes.NewReader(data1)); err != nil {
+		t.Fatal(err)
+	}
+	if err := app.saveChunk(uid, 1, bytes.NewReader(data2)); err != nil {
+		t.Fatal(err)
+	}
+
+	decryptors, closeFn, err := app.getChunkDecryptors(uid, 2)
+	if err != nil {
+		t.Fatalf("getChunkDecryptors failed: %v", err)
+	}
+	defer closeFn()
+
+	if len(decryptors) != 2 {
+		t.Fatalf("Expected 2 decryptors, got %d", len(decryptors))
+	}
+
+	buf1, err := io.ReadAll(decryptors[0])
+	if err != nil {
+		t.Fatalf("Failed to read decryptor 1: %v", err)
+	}
+	if !bytes.Equal(buf1, data1) {
+		t.Errorf("Chunk 1 mismatch. Want %s, got %s", data1, buf1)
+	}
+
+	buf2, err := io.ReadAll(decryptors[1])
+	if err != nil {
+		t.Fatalf("Failed to read decryptor 2: %v", err)
+	}
+	if !bytes.Equal(buf2, data2) {
+		t.Errorf("Chunk 2 mismatch. Want %s, got %s", data2, buf2)
+	}
+}
@@ -0,0 +1,230 @@
+package app
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strconv"
+
+	"github.com/skidoodle/safebin/internal/crypto"
+)
+
+var reUploadID = regexp.MustCompile(`^[a-zA-Z0-9]{10,50}$`)
+
+func (app *App) HandleUpload(writer http.ResponseWriter, request *http.Request) {
+	limit := (app.Conf.MaxMB * MegaByte) + MegaByte
+	request.Body = http.MaxBytesReader(writer, request.Body, limit)
+
+	file, header, err := request.FormFile("file")
+	if err != nil {
+		if err.Error() == "http: request body too large" {
+			app.SendError(writer, request, http.StatusRequestEntityTooLarge)
+			return
+		}
+		app.SendError(writer, request, http.StatusBadRequest)
+		return
+	}
+	defer func() {
+		if closeErr := file.Close(); closeErr != nil {
+			app.Logger.Error("Failed to close upload file", "err", closeErr)
+		}
+	}()
+
+	tmp, err := os.CreateTemp(filepath.Join(app.Conf.StorageDir, TempDirName), "up_*")
+	if err != nil {
+		app.Logger.Error("Failed to create temp file", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+	tmpPath := tmp.Name()
+
+	defer func() {
+		_ = tmp.Close()
+		if removeErr := os.Remove(tmpPath); removeErr != nil && !os.IsNotExist(removeErr) {
+			app.Logger.Error("Failed to remove temp file", "err", removeErr)
+		}
+	}()
+
+	ephemeralKey := make([]byte, crypto.KeySize)
+	if _, err := rand.Read(ephemeralKey); err != nil {
+		app.Logger.Error("Failed to generate ephemeral key", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	pr, pw := io.Pipe()
+	hasher := sha256.New()
+
+	errChan := make(chan error, 1)
+
+	go func() {
+		_, err := io.Copy(io.MultiWriter(hasher, pw), file)
+		_ = pw.CloseWithError(err)
+		errChan <- err
+	}()
+
+	defer func() {
+		if closeErr := pr.Close(); closeErr != nil {
+			app.Logger.Error("Failed to close pipe reader", "err", closeErr)
+		}
+	}()
+
+	streamer, err := crypto.NewGCMStreamer(ephemeralKey)
+	if err != nil {
+		app.Logger.Error("Failed to create streamer", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	if err := streamer.EncryptStream(tmp, pr); err != nil {
+		app.Logger.Error("Failed to encrypt stream", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	if err := <-errChan; err != nil {
+		app.Logger.Error("Failed to read/hash upload", "err", err)
+		app.SendError(writer, request, http.StatusRequestEntityTooLarge)
+		return
+	}
+
+	convergentKey := hasher.Sum(nil)[:crypto.KeySize]
+
+	if _, err := tmp.Seek(0, 0); err != nil {
+		app.Logger.Error("Seek failed", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	info, _ := tmp.Stat()
+	decryptor := crypto.NewDecryptor(tmp, streamer.AEAD, info.Size())
+
+	app.finalizeUpload(writer, request, decryptor, convergentKey, header.Filename)
+}
+
+func (app *App) HandleChunk(writer http.ResponseWriter, request *http.Request) {
+	request.Body = http.MaxBytesReader(writer, request.Body, MaxRequestOverhead)
+
+	uid := request.FormValue("upload_id")
+	idx, err := strconv.Atoi(request.FormValue("index"))
+	if err != nil {
+		app.SendError(writer, request, http.StatusBadRequest)
+		return
+	}
+
+	maxChunks := int((app.Conf.MaxMB*MegaByte)/MinChunkSize) + ChunkSafetyMargin
+
+	if !reUploadID.MatchString(uid) || idx > maxChunks || idx < 0 {
+		app.SendError(writer, request, http.StatusBadRequest)
+		return
+	}
+
+	file, _, err := request.FormFile("chunk")
+	if err != nil {
+		if err.Error() == "http: request body too large" {
+			app.SendError(writer, request, http.StatusRequestEntityTooLarge)
+			return
+		}
+		app.SendError(writer, request, http.StatusBadRequest)
+		return
+	}
+	defer func() {
+		if closeErr := file.Close(); closeErr != nil {
+			app.Logger.Error("Failed to close chunk file", "err", closeErr)
+		}
+	}()
+
+	if err := app.saveChunk(uid, idx, file); err != nil {
+		app.Logger.Error("Failed to save chunk", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+	}
+}
+
+func (app *App) HandleFinish(writer http.ResponseWriter, request *http.Request) {
+	uid := request.FormValue("upload_id")
+	total, err := strconv.Atoi(request.FormValue("total"))
+	if err != nil {
+		app.SendError(writer, request, http.StatusBadRequest)
+		return
+	}
+
+	maxChunks := int((app.Conf.MaxMB*MegaByte)/MinChunkSize) + ChunkSafetyMargin
+
+	if !reUploadID.MatchString(uid) || total > maxChunks || total <= 0 {
+		app.SendError(writer, request, http.StatusBadRequest)
+		return
+	}
+
+	decryptors, closeAll, err := app.getChunkDecryptors(uid, total)
+	if err != nil {
+		app.Logger.Error("Failed to open chunks", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+	defer func() {
+		closeAll()
+		if err := os.RemoveAll(filepath.Join(app.Conf.StorageDir, TempDirName, uid)); err != nil {
+			app.Logger.Error("Failed to remove chunk dir", "err", err)
+		}
+	}()
+
+	readers := make([]io.Reader, len(decryptors))
+	for i, d := range decryptors {
+		readers[i] = d
+	}
+
+	hasher := sha256.New()
+	if _, err := io.Copy(hasher, io.MultiReader(readers...)); err != nil {
+		app.Logger.Error("Failed to hash chunks", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	convergentKey := hasher.Sum(nil)[:crypto.KeySize]
+
+	for _, d := range decryptors {
+		if _, err := d.Seek(0, io.SeekStart); err != nil {
+			app.Logger.Error("Failed to reset chunk decryptor", "err", err)
+			app.SendError(writer, request, http.StatusInternalServerError)
+			return
+		}
+	}
+
+	multiSrc := io.MultiReader(readers...)
+
+	app.finalizeUpload(writer, request, multiSrc, convergentKey, request.FormValue("filename"))
+}
+
+func (app *App) finalizeUpload(writer http.ResponseWriter, request *http.Request, src io.Reader, key []byte, filename string) {
+	ext := filepath.Ext(filename)
+	id := crypto.GetID(key, ext)
+	finalPath := filepath.Join(app.Conf.StorageDir, id)
+
+	if info, err := os.Stat(finalPath); err == nil {
+		if err := app.RegisterFile(id, info.Size()); err != nil {
+			app.Logger.Error("Failed to update metadata for existing file", "err", err)
+		}
+		app.RespondWithLink(writer, request, key, filename)
+		return
+	}
+
+	if err := app.encryptAndSave(src, key, finalPath); err != nil {
+		app.Logger.Error("Encryption failed", "err", err)
+		app.SendError(writer, request, http.StatusInternalServerError)
+		return
+	}
+
+	if info, err := os.Stat(finalPath); err == nil {
+		if err := app.RegisterFile(id, info.Size()); err != nil {
+			app.Logger.Error("Failed to save metadata", "err", err)
+		}
+	} else {
+		app.Logger.Error("Failed to stat new file", "err", err)
+	}
+
+	app.RespondWithLink(writer, request, key, filename)
+}
@@ -6,27 +6,34 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/binary"
+	"errors"
+	"fmt"
 	"io"
 )

 const (
 	GCMChunkSize = 64 * 1024
 	NonceSize    = 12
+	KeySize      = 16
+	IDSize       = 9
 )

-func DeriveKey(r io.Reader) ([]byte, error) {
-	h := sha256.New()
-	if _, err := io.Copy(h, r); err != nil {
-		return nil, err
+func DeriveKey(reader io.Reader) ([]byte, error) {
+	hasher := sha256.New()
+
+	if _, err := io.Copy(hasher, reader); err != nil {
+		return nil, fmt.Errorf("failed to copy to hasher: %w", err)
 	}
-	return h.Sum(nil)[:16], nil
+
+	return hasher.Sum(nil)[:KeySize], nil
 }

 func GetID(key []byte, ext string) string {
-	h := sha256.New()
-	h.Write(key)
-	h.Write([]byte(ext))
-	return base64.RawURLEncoding.EncodeToString(h.Sum(nil)[:9])
+	hasher := sha256.New()
+	hasher.Write(key)
+	hasher.Write([]byte(ext))
+
+	return base64.RawURLEncoding.EncodeToString(hasher.Sum(nil)[:IDSize])
 }

 type GCMStreamer struct {
@@ -34,37 +41,46 @@ type GCMStreamer struct {
 }

 func NewGCMStreamer(key []byte) (*GCMStreamer, error) {
-	b, err := aes.NewCipher(key)
+	block, err := aes.NewCipher(key)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create cipher: %w", err)
 	}
-	g, err := cipher.NewGCM(b)
+
+	gcm, err := cipher.NewGCM(block)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create GCM: %w", err)
 	}
-	return &GCMStreamer{AEAD: g}, nil
+
+	return &GCMStreamer{AEAD: gcm}, nil
 }

 func (g *GCMStreamer) EncryptStream(dst io.Writer, src io.Reader) error {
 	buf := make([]byte, GCMChunkSize)
-	var chunkIdx uint64 = 0
+	var chunkIdx uint64
+
 	for {
-		n, err := io.ReadFull(src, buf)
-		if n > 0 {
+		bytesRead, err := io.ReadFull(src, buf)
+		if bytesRead > 0 {
 			nonce := make([]byte, NonceSize)
 			binary.BigEndian.PutUint64(nonce[4:], chunkIdx)
-			ciphertext := g.AEAD.Seal(nil, nonce, buf[:n], nil)
+
+			ciphertext := g.AEAD.Seal(nil, nonce, buf[:bytesRead], nil)
+
 			if _, werr := dst.Write(ciphertext); werr != nil {
-				return werr
+				return fmt.Errorf("failed to write ciphertext: %w", werr)
 			}
+
 			chunkIdx++
 		}
-		if err == io.EOF || err == io.ErrUnexpectedEOF {
+
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
 			break
 		}
+
 		if err != nil {
-			return err
+			return fmt.Errorf("failed to read source: %w", err)
 		}
 	}
+
 	return nil
 }
@@ -0,0 +1,152 @@
+package crypto_test
+
+import (
+	"bytes"
+	"crypto/rand"
+	"io"
+	"testing"
+
+	"github.com/skidoodle/safebin/internal/crypto"
+)
+
+func TestDeriveKey(t *testing.T) {
+	data := []byte("some random file content")
+	reader := bytes.NewReader(data)
+
+	key1, err := crypto.DeriveKey(reader)
+	if err != nil {
+		t.Fatalf("DeriveKey failed: %v", err)
+	}
+
+	if len(key1) != 16 {
+		t.Errorf("Expected key length 16, got %d", len(key1))
+	}
+
+	if _, err := reader.Seek(0, 0); err != nil {
+		t.Fatalf("Seek failed: %v", err)
+	}
+	key2, err := crypto.DeriveKey(reader)
+	if err != nil {
+		t.Fatalf("DeriveKey failed second time: %v", err)
+	}
+
+	if !bytes.Equal(key1, key2) {
+		t.Error("DeriveKey is not deterministic")
+	}
+}
+
+func TestGetID(t *testing.T) {
+	key := make([]byte, 16)
+	ext := ".txt"
+	id1 := crypto.GetID(key, ext)
+	id2 := crypto.GetID(key, ext)
+
+	if id1 != id2 {
+		t.Error("GetID is not deterministic")
+	}
+
+	if len(id1) == 0 {
+		t.Error("GetID returned empty string")
+	}
+}
+
+func TestEncryptDecryptStream(t *testing.T) {
+	payloadSize := (64 * 1024) * 3
+	payload := make([]byte, payloadSize)
+	if _, err := rand.Read(payload); err != nil {
+		t.Fatalf("rand.Read payload failed: %v", err)
+	}
+
+	key := make([]byte, 16)
+	if _, err := rand.Read(key); err != nil {
+		t.Fatalf("rand.Read key failed: %v", err)
+	}
+
+	var encryptedBuf bytes.Buffer
+	streamer, err := crypto.NewGCMStreamer(key)
+	if err != nil {
+		t.Fatalf("Failed to create streamer: %v", err)
+	}
+
+	if err := streamer.EncryptStream(&encryptedBuf, bytes.NewReader(payload)); err != nil {
+		t.Fatalf("EncryptStream failed: %v", err)
+	}
+
+	encryptedReader := bytes.NewReader(encryptedBuf.Bytes())
+	decryptor := crypto.NewDecryptor(encryptedReader, streamer.AEAD, int64(encryptedBuf.Len()))
+
+	decrypted := make([]byte, payloadSize)
+	n, err := io.ReadFull(decryptor, decrypted)
+	if err != nil {
+		t.Fatalf("ReadFull failed: %v", err)
+	}
+
+	if n != payloadSize {
+		t.Errorf("Expected %d bytes, got %d", payloadSize, n)
+	}
+
+	if !bytes.Equal(payload, decrypted) {
+		t.Error("Decrypted content does not match original payload")
+	}
+}
+
+func TestDecryptorSeeking(t *testing.T) {
+	chunkSize := 64 * 1024
+	payload := make([]byte, chunkSize*4)
+	for i := range len(payload) {
+		payload[i] = byte(i % 255)
+	}
+
+	key := make([]byte, 16)
+	if _, err := rand.Read(key); err != nil {
+		t.Fatalf("rand.Read key failed: %v", err)
+	}
+
+	var encryptedBuf bytes.Buffer
+	streamer, _ := crypto.NewGCMStreamer(key)
+	if err := streamer.EncryptStream(&encryptedBuf, bytes.NewReader(payload)); err != nil {
+		t.Fatalf("EncryptStream failed: %v", err)
+	}
+
+	r := bytes.NewReader(encryptedBuf.Bytes())
+	d := crypto.NewDecryptor(r, streamer.AEAD, int64(encryptedBuf.Len()))
+
+	tests := []struct {
+		name   string
+		offset int64
+		whence int
+		read   int
+	}{
+		{"Start of file", 0, io.SeekStart, 100},
+		{"Middle of chunk 1", 1000, io.SeekStart, 100},
+		{"Start of chunk 2", int64(chunkSize), io.SeekStart, 100},
+		{"Middle of chunk 2", int64(chunkSize) + 50, io.SeekStart, 100},
+		{"Near end", int64(len(payload)) - 10, io.SeekStart, 10},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			pos, err := d.Seek(tc.offset, tc.whence)
+			if err != nil {
+				t.Fatalf("Seek failed: %v", err)
+			}
+			if pos != tc.offset {
+				t.Errorf("Expected pos %d, got %d", tc.offset, pos)
+			}
+
+			buf := make([]byte, tc.read)
+			n, err := io.ReadFull(d, buf)
+			if err != nil {
+				t.Fatalf("Read failed: %v", err)
+			}
+			if n != tc.read {
+				t.Errorf("Expected %d bytes, got %d", tc.read, n)
+			}
+
+			expected := payload[tc.offset : tc.offset+int64(tc.read)]
+			if !bytes.Equal(buf, expected) {
+				t.Errorf("Data mismatch at offset %d", tc.offset)
+			}
+		})
+	}
+}
@@ -4,34 +4,43 @@ import (
 	"crypto/cipher"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"io"
 )

+var ErrInvalidWhence = errors.New("invalid whence")
+var ErrNegativeBias = errors.New("negative bias")
+
 type Decryptor struct {
-	rs     io.ReadSeeker
+	readSeeker io.ReadSeeker
 	aead       cipher.AEAD
 	size       int64
 	offset     int64
+	phyOffset  int64
 }

-func NewDecryptor(rs io.ReadSeeker, aead cipher.AEAD, encryptedSize int64) *Decryptor {
+func NewDecryptor(readSeeker io.ReadSeeker, aead cipher.AEAD, encryptedSize int64) *Decryptor {
 	overhead := int64(aead.Overhead())
-	fullBlocks := encryptedSize / (GCMChunkSize + overhead)
-	remainder := encryptedSize % (GCMChunkSize + overhead)
+	chunkWithOverhead := int64(GCMChunkSize) + overhead

-	plainSize := (fullBlocks * GCMChunkSize)
+	fullBlocks := encryptedSize / chunkWithOverhead
+	remainder := encryptedSize % chunkWithOverhead
+
+	plainSize := fullBlocks * GCMChunkSize
 	if remainder > overhead {
 		plainSize += (remainder - overhead)
 	}

 	return &Decryptor{
-		rs:   rs,
+		readSeeker: readSeeker,
 		aead:       aead,
 		size:       plainSize,
+		offset:     0,
+		phyOffset:  -1,
 	}
 }

-func (d *Decryptor) Read(p []byte) (int, error) {
+func (d *Decryptor) Read(buf []byte) (int, error) {
 	if d.offset >= d.size {
 		return 0, io.EOF
 	}
@@ -40,25 +49,37 @@ func (d *Decryptor) Read(p []byte) (int, error) {
 	overhang := d.offset % GCMChunkSize

 	overhead := int64(d.aead.Overhead())
-	actualChunkSize := int64(GCMChunkSize + overhead)
+	actualChunkSize := int64(GCMChunkSize) + overhead

-	_, err := d.rs.Seek(chunkIdx*actualChunkSize, io.SeekStart)
-	if err != nil {
-		return 0, err
+	targetOffset := chunkIdx * actualChunkSize
+
+	if d.phyOffset != targetOffset {
+		if _, err := d.readSeeker.Seek(targetOffset, io.SeekStart); err != nil {
+			return 0, fmt.Errorf("failed to seek: %w", err)
+		}
+		d.phyOffset = targetOffset
 	}

 	encrypted := make([]byte, actualChunkSize)
-	n, err := io.ReadFull(d.rs, encrypted)
-	if err != nil && err != io.ErrUnexpectedEOF {
-		return 0, err
+
+	bytesRead, err := io.ReadFull(d.readSeeker, encrypted)
+	if bytesRead > 0 {
+		d.phyOffset += int64(bytesRead)
+	}
+
+	if err != nil && !errors.Is(err, io.ErrUnexpectedEOF) {
+		return 0, fmt.Errorf("failed to read encrypted data: %w", err)
 	}

 	nonce := make([]byte, NonceSize)
+	if chunkIdx < 0 {
+		return 0, fmt.Errorf("invalid chunk index")
+	}
 	binary.BigEndian.PutUint64(nonce[4:], uint64(chunkIdx))

-	plaintext, err := d.aead.Open(nil, nonce, encrypted[:n], nil)
+	plaintext, err := d.aead.Open(nil, nonce, encrypted[:bytesRead], nil)
 	if err != nil {
-		return 0, err
+		return 0, fmt.Errorf("failed to decrypt: %w", err)
 	}

 	if overhang >= int64(len(plaintext)) {
@@ -66,7 +87,7 @@ func (d *Decryptor) Read(p []byte) (int, error) {
 	}

 	available := plaintext[overhang:]
-	nCopied := copy(p, available)
+	nCopied := copy(buf, available)
 	d.offset += int64(nCopied)

 	return nCopied, nil
@@ -74,6 +95,7 @@ func (d *Decryptor) Read(p []byte) (int, error) {

 func (d *Decryptor) Seek(offset int64, whence int) (int64, error) {
 	var abs int64
+
 	switch whence {
 	case io.SeekStart:
 		abs = offset
@@ -82,11 +104,14 @@ func (d *Decryptor) Seek(offset int64, whence int) (int64, error) {
 	case io.SeekEnd:
 		abs = d.size + offset
 	default:
-		return 0, errors.New("invalid whence")
+		return 0, ErrInvalidWhence
 	}
+
 	if abs < 0 {
-		return 0, errors.New("negative bias")
+		return 0, ErrNegativeBias
 	}
+
 	d.offset = abs
+
 	return abs, nil
 }
@@ -2,35 +2,54 @@ package main

 import (
 	"context"
+	"errors"
 	"fmt"
 	"log/slog"
 	"net/http"
 	"os"
 	"os/signal"
+	"path/filepath"
 	"syscall"
-	"time"

 	"github.com/skidoodle/safebin/internal/app"
+	"github.com/skidoodle/safebin/web"
 )

 func main() {
 	cfg := app.LoadConfig()
-	logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelDebug}))
+	logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
+		Level:     slog.LevelDebug,
+		AddSource: true,
+	}))

 	logger.Info("Initializing Safebin Server",
 		"storage_dir", cfg.StorageDir,
 		"max_file_size", fmt.Sprintf("%dMB", cfg.MaxMB),
 	)

-	if err := os.MkdirAll(fmt.Sprintf("%s/tmp", cfg.StorageDir), 0700); err != nil {
+	tmpDir := filepath.Join(cfg.StorageDir, app.TempDirName)
+	if err := os.MkdirAll(tmpDir, app.PermUserRWX); err != nil {
 		logger.Error("Failed to initialize storage directory", "err", err)
 		os.Exit(1)
 	}

+	db, err := app.InitDB(cfg.StorageDir)
+	if err != nil {
+		logger.Error("Failed to initialize database", "err", err)
+		os.Exit(1)
+	}
+	defer func() {
+		if err := db.Close(); err != nil {
+			logger.Error("Failed to close database", "err", err)
+		}
+	}()
+
 	application := &app.App{
 		Conf:   cfg,
 		Logger: logger,
-		Tmpl:   app.ParseTemplates(),
+		Tmpl:   app.ParseTemplates(web.Assets),
+		Assets: web.Assets,
+		DB:     db,
 	}

 	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
@@ -41,13 +60,15 @@ func main() {
 	srv := &http.Server{
 		Addr:         cfg.Addr,
 		Handler:      application.Routes(),
-		ReadTimeout:  10 * time.Minute,
-		WriteTimeout: 10 * time.Minute,
+		ReadTimeout:  app.ServerTimeout,
+		WriteTimeout: app.ServerTimeout,
+		IdleTimeout:  app.ServerTimeout,
 	}

 	go func() {
 		application.Logger.Info("Server is ready and listening", "addr", cfg.Addr)
-		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+
+		if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			application.Logger.Error("Server failed to start", "err", err)
 			os.Exit(1)
 		}
@@ -56,10 +77,12 @@ func main() {
 	<-ctx.Done()
 	application.Logger.Info("Shutting down gracefully...")

-	shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	shutdownCtx, cancel := context.WithTimeout(context.Background(), app.ShutdownTimeout)
 	defer cancel()
+
 	if err := srv.Shutdown(shutdownCtx); err != nil {
 		application.Logger.Error("Forced shutdown", "err", err)
 	}
+
 	application.Logger.Info("Server stopped")
 }
@@ -50,7 +50,7 @@ async function handleUpload(file) {
  $("busy-state").classList.remove("hidden");
  $("p-bar-container").classList.add("visible");

-  const uploadID = Math.random().toString(36).substring(2, 15);
+  const uploadID = Array.from(window.crypto.getRandomValues(new Uint8Array(16)), (b) => b.toString(16).padStart(2, "0")).join("");
  const chunkSize = 1024 * 1024 * 8;
  const total = Math.ceil(file.size / chunkSize);

@@ -0,0 +1,6 @@
+package web
+
+import "embed"
+
+//go:embed *.html *.css *.js *.ico
+var Assets embed.FS
@@ -1,11 +1,12 @@
-{{define "base"}}
+{{define "layout"}}
 <!doctype html>
 <html lang="en">
    <head>
        <meta charset="UTF-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+        <link rel="icon" type="image/vnd.microsoft.icon" href="/static/favicon.ico" />
        <title>safebin</title>
-        <link rel="stylesheet" href="/static/css/style.css" />
+        <link rel="stylesheet" href="/static/style.css" />
    </head>
    <body>
        <div class="container">
@@ -30,7 +31,7 @@
            </section>
        </div>
        <input type="file" id="file-input" class="hidden" />
-        <script src="/static/js/app.js"></script>
+        <script src="/static/app.js"></script>
    </body>
 </html>
 {{end}}
Author	SHA1	Message	Date
x	2bcf339408	refactor: db location Signed-off-by: skidoodle <contact@albert.lol>	2026-01-19 00:44:03 +01:00
x	2df37e9002	fix: relax chunk limits, support proxies, optimize reads Signed-off-by: skidoodle <contact@albert.lol>	2026-01-19 00:33:09 +01:00
x	722dbaa6aa	feat: implement encrypted chunked storage and convergent encryption Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 23:39:53 +01:00
x	2d6a3ab216	fix(web): use web crypto for upload id's Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 22:30:20 +01:00
x	d18ef48bd4	perf(storage)!: optimize cleanup with secondary index BREAKING CHANGE: This change requires a fresh database. Existing databases will lack the index, and the cleanup routine will not function correctly for pre-existing files. Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 22:10:07 +01:00
x	e18be18029	fix(download): enforce integrity check using db metadata Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 21:54:08 +01:00
x	a69e5a52a3	perf: implement zero-copy merge for chunked uploads Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 21:45:41 +01:00
x	8b638275b8	fix: unhandled errors Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 21:19:42 +01:00
x	73ee7a9a14	refactor: embed web files Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 20:53:56 +01:00
x	954aec6d8e	feat: replace fs scans with bbolt for fast, persistent metadata management Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 20:27:33 +01:00
x	5a3846266e	feat: unit tests Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 19:53:29 +01:00
x	a115c49195	fix: add blank favicon Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 19:47:21 +01:00
x	00e5c95fe3	refactor: split handlers.go and centralize config Signed-off-by: skidoodle <contact@albert.lol>	2026-01-18 19:25:35 +01:00
x	aca7267301	refactor: internals Signed-off-by: skidoodle <contact@albert.lol>	2026-01-17 22:58:38 +01:00