Comment by ๐ jsreed5
Re: "New smolweb file transfer service"
I finally tried the service with a test file and it worked perfectly. Thanks again for creating this! The only suggestion I might make is that when only using a share code, the original name of the file is lost. Might it be possible to supply the file name in an optional second field?
Edit: I realize that wouldn't be feasible for SSH transfers, since the service simply writes a data stream to STDOUT and it's up to the user to redirect it to a file. But on the Gemini side, the service could redirect the share code to a URL with the intended file name.
2025-09-18 ยท 8 months ago
4 Later Comments โ
๐ ingrix [OP] ยท 2025-09-18 at 14:32:
@jsreed5 that's a possibility, but I'm trying to keep the logic as simple as possible to reduce any attack surface either on the server end or for users. I am guessing the filename loss is a concern with accessing it via Gemini? With ssh you could tell someone to access it via 'ssh ft@ingrix.info identifier > The_Offspring_-_Original_Prankster.mp3'. I could probably relax the restrictions on the identifier to allow any printable ascii character except '/'. Would that be a sufficient tradeoff/improvement?
Edit: just saw your edit, so that does clarify things. Would still love your input re the changes to identifier and whether that'd be sufficient
Edit 2: after thinking a few minutes I do think that would be sufficient. If the identifier only forbids / that may be sufficient to do 99% of what you'd want. I'll have to add code to do percent-encoding for the gemini url and a few other safety checks.
๐ jsreed5 ยท 2025-09-18 at 14:48:
@ingrix I don't know how the backend is programmed, but my initial thought would be to escape the given file name into a URL-safe form. For example, supplying the name "My Dad's File.txt" would yield the escaped name My[%]20Dad[%]27s[%]20File.txt. (Ignore the brackets around each percent sign; I have to do that on BBS to stop it from interpreting the code.) Perl, Python and other languages have tools to do that, and if you store the file name server-side already escaped, it'll sanitize the input too.
Suppose the file code is "dadfile". Then on the Gemini side, visiting the URL "gemini://ingrix.info/ft/dadfile" would return a 30 status that redirects to gemini://ingrix.info/ft/My[%]20Dad[%]27s[%]20File.txt (again, ignoring brackets). When the user downloads it, most clients will convert the escaped file name to unescaped form--and even if it doesn't, it can be converted later.
๐ ingrix [OP] ยท 2025-09-18 at 14:53:
@jsreed5 The utility is written in C and statically linked so that it can be aggressively chrooted. The redirect is a good idea that hadn't occured to me, thanks! I'll have to think on how to implement it but I like the idea.
๐ jsreed5 ยท 2025-09-18 at 15:44:
The more I think about it, providing separate file names might introduce too much complexity. How should collisions be resolved? If a share code matches a file name, one runs the risk of either an infinite redirect loop or serving the wrong file. Unless you're willing to implement separate URLs for inputting the code versus downloading the file, it might be better to stick with only a share code.
Original Post
New smolweb file transfer service โ Have you ever needed to transfer a file to someone, or maybe yourself, but you haven't had access to dropbox or whatever at the time? Or maybe you need to transfer something to or from a machine that you only have terminal access to? I ran into these issues, so I set up a service for piping data from the command line - literally, it acts like a unix pipe - using ingrix.info as a proxy. You also don't need to sign up for it! (Unless you want to send me a...