Sharry

Sharry is a self‑hosted, web‑based file transfer service written in Scala that focuses on simplicity and security. At its core, the application exposes a minimal HTTP API for uploading files, generating short‑lived download links, and optionally notifying users via email. The UI is built with a lightweight server‑side rendering approach (Play Framework) and offers responsive drag‑and‑drop support for desktop and mobile browsers. The design deliberately keeps the attack surface small: only a handful of endpoints are public, all others require authentication via OAuth2 or OpenID Connect.

Technical Stack

• Language & Runtime: Scala 3 on the JVM, compiled with sbt. The codebase leverages functional programming idioms (Cats Effect, fs2) for robust error handling and back‑pressure.
• Web Framework: Play 3 (the Scala version of Play) provides routing, form handling, and templating. JSON serialization is handled by Circe.
• Persistence: A PostgreSQL database stores metadata (user accounts, file descriptors, alias pages). The application uses Slick for type‑safe SQL mapping. File contents are stored on the local filesystem or an external object store via a pluggable Storage abstraction.
• Authentication: Built‑in user management with password hashing (BCrypt) and optional LDAP/OAuth2 integration. Session cookies are signed and HTTP‑only.
• Email: SMTP client with templated notifications for alias uploads and password‑protected downloads.

Core Capabilities

• Public & Private Uploads: Authenticated users can upload files with optional expiration timestamps and download passwords. The generated URLs are cryptographically random, making them unguessable.
• Alias Pages: Users can expose a public upload endpoint that accepts files from anyone, optionally attaching a description. These pages are also protected by hard‑to‑guess URLs and can be disabled or deleted.
• API Hooks: Webhooks are available for external services to react to upload events (e.g., trigger a CI pipeline). A RESTful API exposes CRUD operations for files, aliases, and user settings.
• Fine‑grained Access Control: Per‑file permissions (read, delete) and per‑user roles (admin, user) are enforced by the service layer.

Deployment & Infrastructure

Sharry is designed for self‑hosting but ships with production‑ready Docker images, Helm charts (via NixOS module), and Debian packages. The application is stateless apart from the database, enabling horizontal scaling behind a load balancer. It supports environment‑variable configuration for secrets (DB URL, SMTP credentials) and offers a --debug flag to surface detailed logs. For high‑availability, you can run multiple replicas with a shared PostgreSQL cluster and a distributed file system (e.g., Ceph or MinIO) behind the storage abstraction.

Integration & Extensibility

The modular architecture allows developers to swap out core components without touching the rest of the codebase:

• Storage Backends: Implement the Storage trait to support S3, GCS, Azure Blob, or any custom object store.
• Authentication Providers: Plug in OpenID Connect providers (Keycloak, Auth0) or LDAP via a simple configuration change.
• Email Templates: Override the default templates in the templates/email directory or hook into a third‑party service via SMTP.
• Plugins: While Sharry does not expose a formal plugin API, the code is organized into small modules (core, web, storage) that can be forked and extended.

Developer Experience

The project follows semantic versioning and provides comprehensive documentation on the official site, including API reference, deployment guides, and a quickstart. The repository’s issue tracker is active, with contributors welcome to submit pull requests. Unit tests cover 80% of the core logic using ScalaTest and Specs2, ensuring reliability during refactoring. The build pipeline runs on GitHub Actions, automatically generating Docker images and publishing them to GitHub Packages.

Use Cases

• Internal File Sharing: Companies can host Sharry on their intranet to replace external transfer services, keeping data in-house.
• Event‑Based Uploads: Conferences or workshops can expose alias pages for attendees to submit materials without requiring accounts.
• Automated Workflows: CI/CD pipelines can POST artifacts to Sharry and retrieve them via the API for downstream processing.
• Secure Guest Access: Users can share time‑limited, password‑protected links with clients or partners without exposing the entire system.

Advantages

Developers choose Sharry for its simplicity, flexibility, and self‑hosting guarantees:

• Zero external dependencies: No SaaS provider; all data stays on your infrastructure.
• Fine‑grained control: Custom storage, authentication, and notification pipelines can be tailored to organizational policies.
• Performance: Scala’s concurrency model and Play’s non‑blocking I/O deliver low latency even under heavy upload loads.
• Open source license: MIT‑style permissive licensing allows commercial use without attribution requirements.

In summary, Sharry offers a lightweight yet extensible platform for secure file transfer that fits neatly into modern DevOps workflows while keeping data ownership entirely within the developer’s control.