Plugins

Without enabling an authentication plugin, users are exposed to the underlying authentication of the storage. This make Filestash the browser based equivalent of desktop tools like Filezilla FTP or Cloudberry where users must know the details of your storage such as hostname, port, access key ID and other storage specific details which might confuse non experts who expect the "Dropbox experience".

Authorise only the Filestash admin user. Typical usage is for single user instance where the admin password protects everything.

This plugin is compatible with Apache Htpasswd where you supply a file containing a series of username / password (with an optional role for RBAC in the enterprise version of the plugin) and that file become the source against which users are authenticated against.

Enable users to authenticate via your existing LDAP directory (including Active Directory / Microsoft Entra). It returns all the attributes a the user which you can used to provide fine grained access control.

Alongside plg_authenticate_htpasswd, that's your best option for local authentication where Filestash will act as the identity provider. When enabled, the plugin gives you a GUI to manage users with options for MFA authentication and roles based access control.

SSO Authentication via OIDC. When using this plugin, Filestash delegates the authentication to your existing IDP. Depending on the scope, the plugin returns back the list of attributes associated to a user which you can use to provide fine grained access to your users.

Delegate the authentication to your storage server. There is 2 typical examples:
1. Enable automatic login so users are not asked for any kind of credentials
2. Simplify the authentication for your users so they areonly ask either for a "username" and / or a "password" and everything else is automatically set for them: hostname, port, whatever other parameter + option to create jail / chroots

If you use Filestash behind a proxy and your proxy is sending the information about the user through HTTP headers (typically via a X-Remote-User and X-Remote-Role header), then you can use that information to authenticate users. Typical example of this plugin is if you use some cloud proxy that block public traffic and handles user authentication and some setup we have work on involving Kerberos

SSO Authentication via SAML. Filestash will delegates the authentication to your IDP. At the end of the authentication, you will have a range of attributes available to discriminate who can do what and where

This is to delegate authentication to a SQL database which can be either Mysql / Postgres or Oracle. Typical example is to leverage your existing wordpress instance as the source of users so you can provide access to people who are already users of your system.

Authentication is about answering the "who" part of the whole equation. With this plugin, the who is made of the attribute you are sending through URL parameters with options to sign URLs for more security. Typical use case is to provide access via QR code, parametrised deeps links, shared links where the URL parameter is a JWT token and authorisation which can be verified dynamically and authorisation rules to be made via JWT claims

This plugin adds an authorization field to your storage so you can control all the base actions possible for a user: ls,cat,mkdir,save,rm,mv,touch. This enables RBAC via this syntax: {{ if eq .role "ADMIN" }}mkdir,rm,mv,save,touch, {{ end }}ls,cat. This is the recommended solution for simple use case where you can express the authorisation rules using the go templating language

This plugin adds an "path" field to your storage which act as a chroot / jail. In our "who can do what and where", this fixes the "where" portion to enforce various views of the filesystem for different users. This has 4 typical models:
1. the global shared space. Everyone has access to the same thing
2. group based access. example: marketing and sales have their own shared space
3. isolated user. Every user has a private space
4. a mix of 1, 2 and 3 altogether with various rules associated to those

This plugin delegate authorisation to a third party service via an API. This enables integration with third party authorisation solutions such as IAM or cerbos

This is to enforce all your storage to be read only with no option to mutate anything. It is like plg_authorizaton where the only possible actions are "ls" and "cat"

Sometime authorisation is more complicated and you need room to create a lot of rules without having to shoehorn an existing plugin. In that scenario, custom plugin can fill the gap. One example we deployed at DHL was to provide access based on a matrix of parameters, half coming from the IDP, half coming from calling some web services. Another example is for a strata company in California who was representing properties as buckets in their system and had 5 type of users, each capable of getting different kind of access to different properties with different view for each.

Of course we can create theme that replicate the look and feel of your company but we can go above and beyond changing colors and a little bit of CSS, custom functionalities like custom banners, interactive buttons and a range of other functions that would be either very costly or straight up not possible with the other options in the market. Reach out to us here, we'd love to transform your vision into a reality

This plugin has 2 main functions:
1. keep user from being able to reach the file viewer at all and keep them in the list of files view
2. disable all the default viewer apps so it always show the basic download button

It knows how to open and render 3d related files like: fbx, gltf, obj, stl, step, mesh, ifc, dae

It knows how to open / render adobe files like: psd, ai, xd, dng, postscript, aco, ase, swf

It will render your autodesk files for both dwg and dxf files

It knows how to open files like: dicom, sam, bam, cif, pdb, xyz, sdf, mol, mol2 and mmtf

It knows how to open files like: svg, psd, ai, sketch, cdr, woff, woff2, ttf, otf, eot, exr, tga, pgm, ppm, dds, ktx, dpx, pcx, xpm, pnm, xbm, aai, xwd, cin, pbm, pcd, sgi, wbmp and rgb

It knows how to open files like: .a, .so, .o, .dylib, .dll, .har, .cap, .pcap, .pcapng and sqlite

It knows how to open embroidery files like: .dgt, .dst, .dsb, .dsz, .edr, .exp, .10o, .col, .hus, .inf, .jef, .ksm, .pcm, .pcs, .pes, .sew, .shv, .sst, .tap, .u01, .vip, .vp3. and .xxx

It knows how to open files like: .parquet, .arrow, .feather, .avro, .orc, .hdf5, .h5, .netcdf, .nc, .rds, .rda and .rdata

It knows how to open files like: .geojson, .shp, .gpx, .wms and .dbf

It knows how to open files like: .mid, .midi, .gp4 and .gp5

There are many way to open office document, this particular version handles through wasm file like: .doc, .docx, .rtf, .odt, .xlsx, .xls, .ods, .ppt, .pptx and .odp

It knows how to open files like: .heif, .nef, .raf, .tiff, .raw, .fits, .xisf, .arw, .sr2, .srf, .nrw, .cr2, .crw, .x3f, .pef, .rw2, .orf, .mrw, .mdc, .mef, .mos, .dcr, .kdc, .3fr, .erf and .srw

It knows how to compile files through latex, pandoc, plantuml

Expose your instance over HTTPS with an automatic letsencrypt certificate. It is intended for those who want to spin off an instance with all the certificates stuff being handled witout any maintenance work

Default starter plugin using a HTTPS server and a self signed certificate

Expose your instance over HTTPS where your certificates must be mounted manually in case you already have those

Default starter plugin using a HTTP2 server and a self signed certificate

Expose your Filestash instance as a .onion service

This enable mounting another storage and provide a virtual file system kind of experience where the structure of the underlying storage is different than what the users actually see from the app

Support for FTP and FTPS server

Support for Artifactory

Support for Azure Blob Storage

Support for Backblaze B2 Storage

Support for WebDAV, calDAV and cardDAV servers

Support for Dropbox

Support for Google Cloud Storage

Support for Google Drive

Support for GIT remote

Support for LDAP Directories. It shows xx as folder and xx as files which you can fill

Local File Storage

Support for Mysql

Support for NFS server

In memory test server handy for performance testing / identifying bottlenecks

Support for AWS S3 and S3 compatible servers like minio, Dell ECS, backblaze, cloudflare, versity, ...

Support for Microsoft Sharepoint

Support for SMB servers

Support for SFTP servers

Support for Storj Storage

To create temporary storage

Support for opendirectories

Support for WebDAV servers

By default, configuration is stored on config.json file

You can push / pull configuration in a S3 bucket

You can configure everything from a environment variable

The search feature only show if you have a search plugin installed. If you don't have any search plugin installed, the search feature disappear entirely

Recursive search when the user search for something

A complete full text search solution with its own crawlers, indexer, search engine

Query search through elastic search

Query search results through solr

If you don't have what you want as an off the shelf part, we can customise something for your needs

If you don't want to generate any thumbnails at all

Our fastest thumbnailer build with custom C code made to be fast

Our fastest thumbnailer build with custom C code made to be fast and supporting a wide range of image format: webp, tiff, raw, psd, png, jpeg, heif, gif

Another thumbnailer that's much slower but implemented in a memory safe language: golang

Another thumbnailer using the bimg library

Generate video thubmanil from video files

The legacy thumbnailer built of libvips

You don't need to have any transcoding plugin installed

To transcode image in various format like bmp, dicom, svg, and tiff

To transcode your video files onto HLS stream

Support for the only office editor

Support for a readonly microsoft edited solution

A solution based of libre office wasm, running entirely from the browser

Implement the WOPI protocol that's compatible with ms word online

Add a killswitch if we were to discover a major security flow like what happenned during the infamous Log4J RCE

Enforce a captcha for people using the app

Disable the entire admin console

A complete auditing interface to see who did what and when

Change the default list of ciphers to FIPS compliant ones

Automatic detection of unwanted activity

Block connections based on euristics like IP location, IP blacklist

Run your files through the clamav antivirus solution

Create fingerprints of your files through Steganography

Use Filestash as a tool for AI agent with its MCP capabilities

Enable the generation of electronic signatures and seals as per eidas

Adds a web based terminal to control your instance via the admin console

We have ton of other small plugins available, things like changing sending notifications, changing cookie policies, use other implementation of the zip algorithm based of fastzip, ...