Lightning Fast • Secure • Hassle-free File Sharing
Dropin is a modern, privacy-focused file sharing service that enables users to securely upload and share files without requiring sign-ups or compromising privacy. Built with end-to-end encryption and automatic file expiration.
- Files are encrypted client-side before upload
- Only you have the decryption key - we can't see your files
- AES-GCM 256-bit encryption for maximum security
- Drag, drop, and share instantly
- No accounts, no tracking, no personal information required
- Pure simplicity for quick file sharing
- Files auto-delete after download or based on time settings
- Configurable deletion policies:
- Delete on download
- Delete after 1 day
- Delete after 1 week
- Delete after 1 month
- Images: 4MB limit (PNG, JPG, GIF, etc.)
- Videos: 16MB limit (MP4, AVI, MOV, etc.)
- Audio: 8MB limit (MP3, WAV, etc.)
- Documents: 8MB limit (DOCX, TXT, etc.)
- PDFs: 4MB limit
- Text Files: 64KB limit
- Next.js 15 - React framework with App Router
- React 19 - UI library
- TypeScript - Type safety
- Tailwind CSS - Styling
- React Query - Data fetching and caching
- React Icons - Icon components
- tRPC - End-to-end type safe APIs
- Prisma - Database ORM
- UploadThing - File upload service
- Vercel Crons - Scheduled cleanup jobs
- Web Crypto API - Client-side encryption
- AES-GCM - Symmetric encryption algorithm
- Base64 encoding for key transmission
- Node.js 18+
- npm/yarn/pnpm
- Database (PostgreSQL recommended)
- UploadThing account
-
Clone the repository
git clone https://github.com/yourusername/dropin.git cd dropin -
Install dependencies
npm install # or yarn install # or pnpm install
-
Set up environment variables Create a
.env.localfile:# Database DATABASE_URL="your-database-url" # UploadThing UPLOADTHING_TOKEN="your-uploadthing-token" # Cron Jobs CRON_SECRET="your-cron-secret-key"
-
Set up the database
npx prisma generate npx prisma db push
-
Run the development server
npm run dev
-
Open your browser Navigate to
http://localhost:3000
| Variable | Description | Required |
|---|---|---|
DATABASE_URL |
Database connection string | ✅ |
UPLOADTHING_TOKEN |
UploadThing API token | ✅ |
CRON_SECRET |
Secret key for cron job authentication | ✅ |
- User selects file
- Generate AES-256-GCM key + IV on client
- Encrypt file data client-side
- Upload encrypted blob to UploadThing
- Store file metadata in database
- Generate shareable link with encryption key in URL fragment
- User visits download link
- Extract encryption key from URL fragment (#)
- Fetch encrypted file from UploadThing
- Decrypt file client-side using key
- Trigger download of decrypted file
- Optionally delete file record if "delete on download" enabled
- Zero-knowledge: Server never sees plaintext files
- Client-side keys: Encryption keys never sent to server
- URL fragments: Keys in # portion aren't sent in HTTP requests
- Temporary storage: Files auto-expire and delete
- No tracking: No user accounts or persistent data
Dropin includes automatic cleanup via Vercel Crons:
- Schedule: Daily at 5:00 AM UTC
- Function: Deletes expired files from both database and storage
- Authentication: Protected by
CRON_SECRETenvironment variable
- Built with Next.js
- File uploads powered by UploadThing
- Database management with Prisma
- Styling with Tailwind CSS
Made with ❤️ for secure, private file sharing