true fix

This reverts commit 6d60a8663e.

Dockerfile

@@ -1,5 +1,6 @@
 FROM golang:1.26-alpine AS builder
 
+ARG GIT_COMMIT=dev
 
 WORKDIR /app
 
@@ -13,7 +14,7 @@ COPY . .
 ENV CGO_ENABLED=1
 ENV GIN_MODE=release
 
-RUN go build -o app ./cmd/server
+RUN go build -ldflags "-X ResendIt/internal/buildinfo.Commit=${GIT_COMMIT}" -o app ./cmd/server
 
 FROM alpine:latest
 
@@ -24,7 +25,6 @@ RUN apk add --no-cache ca-certificates tzdata
 COPY --from=builder /app/app .
 COPY --from=builder /app/templates ./templates
 COPY --from=builder /app/static ./static
-COPY --from=builder /app/.env ./
 
 RUN mkdir -p /app/uploads
 

Jenkinsfile

@@ -0,0 +1,115 @@
+pipeline {
+  agent any
+
+  options {
+    timestamps()
+    disableConcurrentBuilds()
+  }
+
+  environment {
+    REGISTRY      = "git.brammie15.dev"
+    IMAGE_NAME    = "brammie15/resendit"
+    REGISTRY_CREDS = "registry-creds"
+    IMAGE         = "${REGISTRY}/${IMAGE_NAME}"
+    DD_URL        = "https://DD.brammie15.dev"
+    DD_API_KEY    = credentials('dd-api-key')
+    NVD_API_KEY   = credentials("nvd-api-key")
+  }
+
+  stages {
+
+    stage('Debug') {
+      steps {
+        sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la'
+      }
+    }
+
+    stage('Checkout') {
+      steps {
+        checkout scm
+      }
+    }
+
+    stage('SAST - Semgrep') {
+      steps {
+        sh """
+          docker run --rm -v "\$(pwd):/src" \
+            returntocorp/semgrep \
+            semgrep scan --config=p/ci --debug \
+            --sarif --output /src/semgrep.sarif \
+            /src/internal /src/cmd || true
+
+          echo "After semgrep:"
+          ls -la
+        """
+      }
+    }
+
+    stage('Upload to DefectDojo') {
+      steps {
+        sh """
+          curl -X POST "${DD_URL}/api/v2/import-scan/" \
+            -H "Authorization: Token ${DD_API_KEY}" \
+            -F "scan_type=SARIF" \
+            -F "file=@\$(pwd)/semgrep.sarif" \
+            -F "product_name=ReSendit" \
+            -F "engagement_name=Jenkins-CI" \
+            -F "auto_create_context=true" \
+            -F "close_old_findings=true"
+        """
+      }
+    }
+
+    stage('Build image') {
+      steps {
+        script {
+          def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim()
+          env.IMAGE_TAG_SHA = shortSha
+          sh """
+            docker build \
+              --build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \
+              -t ${IMAGE}:${IMAGE_TAG_SHA} .
+          """
+        }
+      }
+    }
+
+    stage('Login to registry') {
+      steps {
+        withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) {
+          sh 'echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin'
+        }
+      }
+    }
+
+    stage('Push image') {
+      steps {
+        script {
+          sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}"
+          def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim())
+          def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-')
+          sh """
+            docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch}
+            docker push ${IMAGE}:${safeBranch}
+          """
+          if (branch == 'master') {
+            sh """
+              docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest
+              docker push ${IMAGE}:latest
+            """
+          }
+        }
+      }
+    }
+
+  }
+
+  post {
+    always {
+      sh 'docker logout ${REGISTRY} || true'
+      sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
+      sh 'docker image prune -f || true'
+//       sh 'rm -f semgrep.sarif || true'
+    }
+  }
+}

cmd/server/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"ResendIt/internal/api/middleware"
 	"ResendIt/internal/auth"
+	"ResendIt/internal/config"
 	"ResendIt/internal/db"
 	"ResendIt/internal/file"
 	"ResendIt/internal/user"
@@ -15,6 +16,7 @@ import (
 	"html/template"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/gin-gonic/gin"
 	"github.com/joho/godotenv"
@@ -31,7 +33,7 @@ func main() {
 		panic(fmt.Errorf("failed to connect database: %w", err))
 	}
 
-	err = dbCon.AutoMigrate(&user.User{}, &file.FileRecord{})
+	err = dbCon.AutoMigrate(&user.User{}, &file.FileRecord{}, &config.ConfigEntry{})
 	if err != nil {
 		fmt.Printf("Error migrating database: %v\n", err)
 		return
@@ -39,9 +41,6 @@ func main() {
 
 	r := gin.Default()
 
-	// CSRF: set a token cookie for browsers and enforce it on unsafe /api calls.
-	r.Use(middleware.EnsureCSRFCookie())
-
 	r.MaxMultipartMemory = 10 << 30
 	r.SetFuncMap(template.FuncMap{
 		"add":       func(a, b int) int { return a + b },
@@ -71,20 +70,33 @@ func main() {
 	userService := user.NewService(userRepo)
 	userHandler := user.NewHandler(userService)
 
+	configRepo := config.NewRepository(dbCon)
+	configService := config.NewService(configRepo)
+
 	fileRepo := file.NewRepository(dbCon)
 	fileService := file.NewService(fileRepo, "./uploads")
-	fileHandler := file.NewHandler(fileService)
+	fileHandler := file.NewHandler(fileService, configService)
 
 	createAdminUser(userService)
 
 	apiRoute := r.Group("/api")
-	apiRoute.Use(middleware.CSRFMiddleware())
+	// General API rate limiting to reduce abuse/spam.
+	apiRoute.Use(middleware.RateLimitByIPDynamic(
+		func() int {
+			return configService.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute)
+		},
+		time.Minute,
+		func() int {
+			return configService.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst)
+		},
+		5*time.Minute,
+	))
 
-	auth.RegisterRoutes(apiRoute, authHandler)
+	auth.RegisterRoutes(apiRoute, authHandler, configService)
 	user.RegisterRoutes(apiRoute, userHandler)
 	file.RegisterRoutes(apiRoute, fileHandler)
 
-	webHandler := web.NewHandler(fileService)
+	webHandler := web.NewHandler(fileService, configService)
 	web.RegisterRoutes(r, webHandler, userService)
 
 	port := os.Getenv("PORT")

internal/api/middleware/csrf.go

@@ -1,98 +0,0 @@
-package middleware
-
-import (
-	"crypto/rand"
-	"encoding/base64"
-	"net/http"
-	"os"
-	"strings"
-
-	"github.com/gin-gonic/gin"
-)
-
-func randomToken(n int) (string, error) {
-	b := make([]byte, n)
-	if _, err := rand.Read(b); err != nil {
-		return "", err
-	}
-	return base64.RawURLEncoding.EncodeToString(b), nil
-}
-
-// EnsureCSRFCookie sets a csrf_token cookie if it's missing.
-//
-// Uses SameSite=Strict to reduce cross-site cookie sending.
-// HttpOnly must be false so browser JS can read it and send it back in a header.
-func EnsureCSRFCookie() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if tok, err := c.Cookie("csrf_token"); err != nil || tok == "" {
-			if tok, err := randomToken(32); err == nil {
-				secure := os.Getenv("USE_HTTPS") == "true"
-				http.SetCookie(c.Writer, &http.Cookie{
-					Name:     "csrf_token",
-					Value:    tok,
-					Path:     "/",
-					Secure:   secure,
-					HttpOnly: false,
-					SameSite: http.SameSiteStrictMode,
-				})
-			}
-		}
-		c.Next()
-	}
-}
-
-// CSRFMiddleware enforces CSRF checks on unsafe methods for cookie-authenticated requests.
-//
-// - Skips safe methods (GET/HEAD/OPTIONS).
-// - Skips requests using Authorization: Bearer (non-cookie API clients).
-// - Enforces only when auth_token cookie is present (browser session).
-//
-// Validation uses the double-submit cookie pattern:
-// cookie csrf_token must match X-CSRF-Token header OR _csrf form field.
-func CSRFMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		m := c.Request.Method
-		if m == http.MethodGet || m == http.MethodHead || m == http.MethodOptions {
-			c.Next()
-			return
-		}
-
-		if strings.HasPrefix(c.GetHeader("Authorization"), "Bearer ") {
-			c.Next()
-			return
-		}
-
-		// Only enforce when cookie auth is in play
-		if _, err := c.Cookie("auth_token"); err != nil {
-			c.Next()
-			return
-		}
-
-		// Extra hardening: basic Origin check when present.
-		if origin := c.GetHeader("Origin"); origin != "" {
-			host := c.Request.Host
-			if !strings.Contains(origin, host) {
-				c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "csrf origin blocked"})
-				return
-			}
-		}
-
-		cookieTok, err := c.Cookie("csrf_token")
-		if err != nil || cookieTok == "" {
-			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "missing csrf cookie"})
-			return
-		}
-
-		reqTok := c.GetHeader("X-CSRF-Token")
-		if reqTok == "" {
-			reqTok = c.PostForm("_csrf")
-		}
-
-		if reqTok == "" || reqTok != cookieTok {
-			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "bad csrf token"})
-			return
-		}
-
-		c.Next()
-	}
-}

internal/api/middleware/ratelimit.go

@@ -0,0 +1,140 @@
+package middleware
+
+import (
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+type tokenBucket struct {
+	mu     sync.Mutex
+	rate   float64 // tokens per second
+	burst  float64 // max tokens
+	tokens float64
+	last   time.Time
+}
+
+func newTokenBucket(max int, per time.Duration, burst int) *tokenBucket {
+	if burst <= 0 {
+		burst = max
+	}
+	rate := float64(max) / per.Seconds()
+	b := float64(burst)
+	now := time.Now()
+	return &tokenBucket{rate: rate, burst: b, tokens: b, last: now}
+}
+
+func (b *tokenBucket) allow() bool {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	now := time.Now()
+	delta := now.Sub(b.last).Seconds()
+	b.last = now
+
+	b.tokens += delta * b.rate
+	if b.tokens > b.burst {
+		b.tokens = b.burst
+	}
+
+	if b.tokens < 1 {
+		return false
+	}
+	b.tokens -= 1
+	return true
+}
+
+type ipClient struct {
+	bucket   *tokenBucket
+	max      int
+	burst    int
+	lastSeen time.Time
+}
+
+// RateLimitByIP returns a Gin middleware that rate limits requests per client IP.
+//
+// max: max requests per time window (per)
+// per: the time window duration
+// burst: optional burst capacity (defaults to max if <=0)
+// ttl: how long to keep idle IP buckets around
+func RateLimitByIP(max int, per time.Duration, burst int, ttl time.Duration) gin.HandlerFunc {
+	return RateLimitByIPDynamic(func() int { return max }, per, func() int { return burst }, ttl)
+}
+
+// RateLimitByIPDynamic is like RateLimitByIP but reads max/burst dynamically.
+// This allows changing limits at runtime (e.g. from an admin config page).
+func RateLimitByIPDynamic(maxFn func() int, per time.Duration, burstFn func() int, ttl time.Duration) gin.HandlerFunc {
+	var (
+		mu      sync.Mutex
+		clients = make(map[string]*ipClient)
+	)
+
+	// opportunistic cleanup (runs at most once per minute)
+	var (
+		cleanupMu   sync.Mutex
+		lastCleanup time.Time
+	)
+
+	cleanup := func(now time.Time) {
+		cleanupMu.Lock()
+		defer cleanupMu.Unlock()
+		if !lastCleanup.IsZero() && now.Sub(lastCleanup) < time.Minute {
+			return
+		}
+		lastCleanup = now
+
+		mu.Lock()
+		defer mu.Unlock()
+		for ip, c := range clients {
+			if now.Sub(c.lastSeen) > ttl {
+				delete(clients, ip)
+			}
+		}
+	}
+
+	getClient := func(ip string, now time.Time, max int, burst int) *ipClient {
+		mu.Lock()
+		defer mu.Unlock()
+		c, ok := clients[ip]
+		if !ok {
+			c = &ipClient{bucket: newTokenBucket(max, per, burst), max: max, burst: burst, lastSeen: now}
+			clients[ip] = c
+			return c
+		}
+		c.lastSeen = now
+		// If settings changed, reset the bucket.
+		if c.max != max || c.burst != burst {
+			c.bucket = newTokenBucket(max, per, burst)
+			c.max = max
+			c.burst = burst
+		}
+		return c
+	}
+
+	return func(c *gin.Context) {
+		now := time.Now()
+		cleanup(now)
+
+		ip := c.ClientIP()
+		max := maxFn()
+		if max <= 0 {
+			max = 1
+		}
+		burst := burstFn()
+		if burst <= 0 {
+			burst = max
+		}
+		client := getClient(ip, now, max, burst)
+
+		if !client.bucket.allow() {
+			c.AbortWithStatusJSON(http.StatusTooManyRequests, gin.H{
+				"error": "rate limit exceeded",
+			})
+			return
+		}
+
+		c.Next()
+	}
+}

internal/auth/handler.go

@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"net/http"
 	"os"
 
 	"github.com/gin-gonic/gin"
@@ -50,17 +49,15 @@ func (h *Handler) Login(c *gin.Context) {
 
 	isSecure := os.Getenv("USE_HTTPS") == "true"
 
-	// Use http.SetCookie so we can set SameSite.
+	c.SetCookie(
-	http.SetCookie(c.Writer, &http.Cookie{
+		"auth_token",
-		Name:     "auth_token",
+		token,
-		Value:    token,
+		3600*24,
-		Path:     "/",
+		"/",
-		Domain:   os.Getenv("DOMAIN"),
+		os.Getenv("DOMAIN"),
-		MaxAge:   3600 * 24,
+		isSecure,
-		Secure:   isSecure,
+		true, // httpOnly (IMPORTANT)
-		HttpOnly: true,
+	)
-		SameSite: http.SameSiteStrictMode,
-	})
 
 	c.JSON(200, gin.H{"token": token})
 }

internal/auth/routes.go

@@ -2,14 +2,30 @@ package auth
 
 import (
 	"ResendIt/internal/api/middleware"
+	"ResendIt/internal/config"
+	"time"
 
 	"github.com/gin-gonic/gin"
 )
 
-func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
+type ConfigService interface {
+	GetIntDefault(key string, def int) int
+}
+
+func RegisterRoutes(r *gin.RouterGroup, h *Handler, cfg ConfigService) {
 	auth := r.Group("/auth")
 
-	auth.POST("/login", h.Login)
+	// Stricter rate limit on login to reduce brute-force / log spam.
+	auth.POST("/login", middleware.RateLimitByIPDynamic(
+		func() int {
+			return cfg.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute)
+		},
+		time.Minute,
+		func() int {
+			return cfg.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst)
+		},
+		15*time.Minute,
+	), h.Login)
 
 	protected := auth.Group("/")
 	protected.Use(middleware.AuthMiddleware())

internal/buildinfo/buildinfo.go

@@ -0,0 +1,7 @@
+package buildinfo
+
+// Commit is the git commit SHA the binary was built from.
+//
+// Set at build time via:
+//   -ldflags "-X ResendIt/internal/buildinfo.Commit=<sha>"
+var Commit = "dev"

internal/config/defaults.go

@@ -0,0 +1,23 @@
+package config
+
+const (
+	KeyUploadMaxFileSizeBytes   = "upload.max_file_size_bytes"
+	KeyUploadMultiMaxFiles      = "upload.multi.max_files"
+	KeyUploadMaxHours           = "upload.max_hours"
+	KeyRateLimitLoginPerMinute  = "ratelimit.login.per_minute"
+	KeyRateLimitApiPerMinute    = "ratelimit.api.per_minute"
+	KeyRateLimitApiBurst        = "ratelimit.api.burst"
+	KeyRateLimitLoginBurst      = "ratelimit.login.burst"
+)
+
+// Defaults (used when DB does not have an override)
+const (
+	DefaultUploadMaxFileSizeBytes int64 = 10 << 30 // 10 GiB (matches MaxMultipartMemory intent)
+	DefaultUploadMultiMaxFiles          = 50
+	DefaultUploadMaxHours               = 24 * 7 // 7 days
+
+	DefaultRateLimitLoginPerMinute = 5
+	DefaultRateLimitLoginBurst     = 10
+	DefaultRateLimitApiPerMinute   = 60
+	DefaultRateLimitApiBurst       = 30
+)

internal/config/model.go

@@ -0,0 +1,18 @@
+package config
+
+import "time"
+
+// ConfigEntry stores runtime-tunable configuration in the database.
+// Values are stored as strings but helpers exist for ints/bools/durations.
+//
+// Example keys:
+// - upload.max_file_size_bytes
+// - upload.multi.max_files
+// - upload.max_hours
+// - ratelimit.login.per_minute
+// - ratelimit.api.per_minute
+type ConfigEntry struct {
+	Key       string `gorm:"primaryKey;size:128"`
+	Value     string `gorm:"size:2048"`
+	UpdatedAt time.Time
+}

internal/config/repository.go

@@ -0,0 +1,39 @@
+package config
+
+import "gorm.io/gorm"
+
+type Repository struct {
+	db *gorm.DB
+}
+
+func NewRepository(db *gorm.DB) *Repository {
+	return &Repository{db: db}
+}
+
+func (r *Repository) Get(key string) (*ConfigEntry, error) {
+	var e ConfigEntry
+	if err := r.db.First(&e, "key = ?", key).Error; err != nil {
+		return nil, err
+	}
+	return &e, nil
+}
+
+func (r *Repository) Upsert(key, value string) error {
+	// Try update first, then insert if nothing updated.
+	res := r.db.Model(&ConfigEntry{}).Where("key = ?", key).Update("value", value)
+	if res.Error != nil {
+		return res.Error
+	}
+	if res.RowsAffected > 0 {
+		return nil
+	}
+	return r.db.Create(&ConfigEntry{Key: key, Value: value}).Error
+}
+
+func (r *Repository) List() ([]ConfigEntry, error) {
+	var entries []ConfigEntry
+	if err := r.db.Order("key asc").Find(&entries).Error; err != nil {
+		return nil, err
+	}
+	return entries, nil
+}

internal/config/service.go

@@ -0,0 +1,125 @@
+package config
+
+import (
+	"errors"
+	"strconv"
+	"sync"
+	"time"
+
+	"gorm.io/gorm"
+)
+
+type Service struct {
+	repo *Repository
+
+	// Small in-memory cache to avoid hitting the DB on every request.
+	// Updated on SetString; lazy-filled on first Get.
+	mu    sync.RWMutex
+	cache map[string]string
+}
+
+func NewService(r *Repository) *Service {
+	return &Service{repo: r, cache: make(map[string]string)}
+}
+
+func (s *Service) List() ([]ConfigEntry, error) {
+	entries, err := s.repo.List()
+	if err != nil {
+		return nil, err
+	}
+	// refresh cache snapshot
+	s.mu.Lock()
+	for _, e := range entries {
+		s.cache[e.Key] = e.Value
+	}
+	s.mu.Unlock()
+	return entries, nil
+}
+
+func (s *Service) SetString(key, value string) error {
+	if err := s.repo.Upsert(key, value); err != nil {
+		return err
+	}
+	s.mu.Lock()
+	s.cache[key] = value
+	s.mu.Unlock()
+	return nil
+}
+
+func (s *Service) GetStringDefault(key, def string) string {
+	s.mu.RLock()
+	v, ok := s.cache[key]
+	s.mu.RUnlock()
+	if ok {
+		if v == "" {
+			return def
+		}
+		return v
+	}
+
+	e, err := s.repo.Get(key)
+	if err != nil {
+		return def
+	}
+
+	s.mu.Lock()
+	s.cache[key] = e.Value
+	s.mu.Unlock()
+
+	if e.Value == "" {
+		return def
+	}
+	return e.Value
+}
+
+func (s *Service) GetIntDefault(key string, def int) int {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	n, err := strconv.Atoi(v)
+	if err != nil {
+		return def
+	}
+	return n
+}
+
+func (s *Service) GetInt64Default(key string, def int64) int64 {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	n, err := strconv.ParseInt(v, 10, 64)
+	if err != nil {
+		return def
+	}
+	return n
+}
+
+func (s *Service) GetBoolDefault(key string, def bool) bool {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	b, err := strconv.ParseBool(v)
+	if err != nil {
+		return def
+	}
+	return b
+}
+
+func (s *Service) GetDurationSecondsDefault(key string, def time.Duration) time.Duration {
+	v := s.GetStringDefault(key, "")
+	if v == "" {
+		return def
+	}
+	n, err := strconv.Atoi(v)
+	if err != nil {
+		return def
+	}
+	return time.Duration(n) * time.Second
+}
+
+func IsNotFound(err error) bool {
+	return errors.Is(err, gorm.ErrRecordNotFound)
+}

internal/file/handlers.go

@@ -1,6 +1,8 @@
 package file
 
 import (
+	"ResendIt/internal/config"
+	"ResendIt/internal/util"
 	"fmt"
 	"net/http"
 	"path/filepath"
@@ -11,11 +13,19 @@ import (
 )
 
 type Handler struct {
-	service *Service
+	service       *Service
+	configService ConfigService
 }
 
-func NewHandler(s *Service) *Handler {
+// ConfigService is the small interface we need from the config package.
-	return &Handler{service: s}
+// Keeping it as an interface avoids import cycles and keeps file.Handler easy to test.
+type ConfigService interface {
+	GetIntDefault(key string, def int) int
+	GetInt64Default(key string, def int64) int64
+}
+
+func NewHandler(s *Service, cfg ConfigService) *Handler {
+	return &Handler{service: s, configService: cfg}
 }
 
 func (h *Handler) Upload(c *gin.Context) {
@@ -31,6 +41,12 @@ func (h *Handler) Upload(c *gin.Context) {
 		return
 	}
 
+	maxSize := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	if file.Size > maxSize {
+		c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "file too large"})
+		return
+	}
+
 	f, err := file.Open()
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "cannot open file"})
@@ -45,6 +61,10 @@ func (h *Handler) Upload(c *gin.Context) {
 	if err != nil || hours <= 0 {
 		hours = 24 // default
 	}
+	maxHours := h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours)
+	if hours > maxHours {
+		hours = maxHours
+	}
 
 	duration := time.Duration(hours) * time.Hour
 
@@ -77,27 +97,12 @@ func (h *Handler) View(c *gin.Context) {
 		c.HTML(http.StatusOK, "fileNotFound.html", nil)
 		return
 	}
-
+	name := util.SafeFilename(record.Filename)
-	c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, record.Filename))
+	c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
 	c.Header("X-Content-Type-Options", "nosniff")
 	c.File(record.Path)
 }
 
-func safeFilename(name string) string {
-	// keep it simple: drop control chars and quotes
-	out := make([]rune, 0, len(name))
-	for _, r := range name {
-		if r < 32 || r == 127 || r == '"' || r == '\\' {
-			continue
-		}
-		out = append(out, r)
-	}
-	if len(out) == 0 {
-		return "file"
-	}
-	return string(out)
-}
-
 func isXSSRisk(filename string) bool {
 	ext := filepath.Ext(filename)
 	switch ext {
@@ -116,8 +121,8 @@ func (h *Handler) Download(c *gin.Context) {
 		c.HTML(http.StatusOK, "fileNotFound.html", nil)
 		return
 	}
-
+	name := util.SafeFilename(record.Filename)
-	c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, record.Filename))
+	c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
 	c.Header("X-Content-Type-Options", "nosniff")
 	//c.Header("Content-Security-Policy", "default-src 'none'; img-src 'self'; media-src 'self'; script-src 'none'; style-src 'none';")
 	//c.Header("Content-Type", "application/octet-stream")
@@ -168,7 +173,7 @@ func (h *Handler) AdminDelete(c *gin.Context) {
 		return
 	}
 
-	c.Redirect(303, "/admin")
+	c.Redirect(301, "/admin")
 }
 
 func (h *Handler) AdminForceDelete(c *gin.Context) {
@@ -185,7 +190,7 @@ func (h *Handler) AdminForceDelete(c *gin.Context) {
 		return
 	}
 
-	c.Redirect(303, "/admin")
+	c.Redirect(301, "/admin")
 }
 
 func (h *Handler) Import(c *gin.Context) {

internal/file/routes.go

@@ -10,6 +10,7 @@ func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
 	files := r.Group("/files")
 
 	files.POST("/upload", h.Upload)
+	files.POST("/upload-multi", h.UploadMulti)
 	//files.GET("/download/:id", h.Download)
 
 	files.GET("/view/:id", h.View)
@@ -24,8 +25,8 @@ func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
 
 	adminRoutes.GET("/download/:id", h.AdminGet)
 
-	adminRoutes.POST("/delete/:id", h.AdminDelete)
+	adminRoutes.GET("/delete/:id", h.AdminDelete)
-	adminRoutes.POST("/delete/fr/:id", h.AdminForceDelete)
+	adminRoutes.GET("/delete/fr/:id", h.AdminForceDelete)
 
 	adminRoutes.POST("/import", h.Import)
 	adminRoutes.GET("/export", h.Export)

internal/file/upload_multi.go

@@ -0,0 +1,78 @@
+package file
+
+import (
+	"ResendIt/internal/config"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+// UploadMulti accepts up to 10 files, zips them server-side, and returns a single download/view key.
+func (h *Handler) UploadMulti(c *gin.Context) {
+	if err := c.Request.ParseMultipartForm(0); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	form, err := c.MultipartForm()
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid multipart form"})
+		return
+	}
+
+	files := form.File["files"]
+	if len(files) == 0 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "missing files"})
+		return
+	}
+	maxFiles := h.configService.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles)
+	if len(files) > maxFiles {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "too many files"})
+		return
+	}
+
+	maxSize := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	var total int64
+	for _, fh := range files {
+		if fh.Size > maxSize {
+			c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "file too large"})
+			return
+		}
+		total += fh.Size
+		if total > maxSize {
+			// crude guard against huge bundles; you can add a separate config later.
+			c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "bundle too large"})
+			return
+		}
+	}
+
+	once := c.PostForm("once") == "true"
+
+	durationStr := c.PostForm("duration")
+	hours, err := strconv.Atoi(durationStr)
+	if err != nil || hours <= 0 {
+		hours = 24
+	}
+	maxHours := h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours)
+	if hours > maxHours {
+		hours = maxHours
+	}
+	duration := time.Duration(hours) * time.Hour
+
+	record, err := h.service.UploadBundle(files, once, duration)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"id":          record.ID,
+		"deletion_id": record.DeletionID,
+		"filename":    record.Filename,
+		"size":        record.Size,
+		"expires_at":  record.ExpiresAt,
+		"view_key":    record.ViewID,
+	})
+}

internal/file/zip.go

@@ -0,0 +1,159 @@
+package file
+
+import (
+	"ResendIt/internal/util"
+	"archive/zip"
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+func safeZipName(name string) string {
+	name = filepath.Base(name)
+	name = strings.ReplaceAll(name, "\\", "_")
+	name = strings.ReplaceAll(name, "/", "_")
+	name = strings.TrimSpace(name)
+	if name == "" || name == "." {
+		return "file"
+	}
+	return name
+}
+
+func dedupeName(name string, seen map[string]int) string {
+	if _, ok := seen[name]; !ok {
+		seen[name] = 1
+		return name
+	}
+	seen[name]++
+	ext := filepath.Ext(name)
+	base := strings.TrimSuffix(name, ext)
+	return fmt.Sprintf("%s (%d)%s", base, seen[name], ext)
+}
+
+func cuteZipName(fileCount int) string {
+	adjective := util.RandomAdjective()
+	verb := util.RandomVerb()
+	thing := util.RandomThing()
+	return fmt.Sprintf("%d%s%s%s.zip", fileCount, adjective, verb, thing)
+}
+
+// UploadBundle zips multiple uploaded files into a single .zip stored on disk and tracked as one FileRecord.
+func (s *Service) UploadBundle(files []*multipart.FileHeader, deleteAfterDownload bool, expiresAfter time.Duration) (*FileRecord, error) {
+	if len(files) == 0 {
+		return nil, errors.New("no files")
+	}
+	if len(files) > 50 {
+		return nil, errors.New("too many files (max 50)")
+	}
+
+	folderID := uuid.NewString()
+	folderPath := filepath.Join(s.storageDir, folderID)
+	if err := os.MkdirAll(folderPath, os.ModePerm); err != nil {
+		return nil, err
+	}
+
+	zipDiskName := uuid.NewString() + ".zip"
+	zipPath := filepath.Join(folderPath, zipDiskName)
+
+	out, err := os.Create(zipPath)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		_ = out.Close()
+		if err != nil {
+			_ = os.Remove(zipPath)
+		}
+	}()
+
+	zw := zip.NewWriter(out)
+	defer func() { _ = zw.Close() }()
+
+	seen := map[string]int{}
+	for _, fh := range files {
+		rc, openErr := fh.Open()
+		if openErr != nil {
+			err = openErr
+			return nil, openErr
+		}
+
+		name := dedupeName(safeZipName(fh.Filename), seen)
+		h, _ := zip.FileInfoHeader(dummyFileInfo{name: name, size: fh.Size, mod: time.Now()})
+		h.Name = name
+		h.Method = zip.Deflate
+
+		w, createErr := zw.CreateHeader(h)
+		if createErr != nil {
+			_ = rc.Close()
+			err = createErr
+			return nil, createErr
+		}
+
+		if _, copyErr := io.Copy(w, rc); copyErr != nil {
+			_ = rc.Close()
+			err = copyErr
+			return nil, copyErr
+		}
+		_ = rc.Close()
+	}
+
+	if closeErr := zw.Close(); closeErr != nil {
+		err = closeErr
+		return nil, closeErr
+	}
+	if closeErr := out.Close(); closeErr != nil {
+		err = closeErr
+		return nil, closeErr
+	}
+
+	zipDisplayName := cuteZipName(len(files))
+
+	f := &FileRecord{
+		ID:                  folderID,
+		DeletionID:          uuid.NewString(),
+		ViewID:              uuid.NewString(),
+		Filename:            zipDisplayName,
+		Path:                zipPath,
+		Size:                fileSize(zipPath),
+		CreatedAt:           time.Now(),
+		ExpiresAt:           time.Now().Add(expiresAfter),
+		DeleteAfterDownload: deleteAfterDownload,
+	}
+
+	if err := s.repo.Create(f); err != nil {
+		return nil, err
+	}
+
+	return f, nil
+}
+
+func fileSize(path string) int64 {
+	st, err := os.Stat(path)
+	if err != nil {
+		return 0
+	}
+	return st.Size()
+}
+
+// dummyFileInfo provides minimal os.FileInfo for zip headers.
+// This avoids relying on the underlying uploaded file having a real modtime.
+// (zip.Writer can work without this too, but headers look nicer.)
+type dummyFileInfo struct {
+	name string
+	size int64
+	mod  time.Time
+}
+
+func (d dummyFileInfo) Name() string       { return d.name }
+func (d dummyFileInfo) Size() int64        { return d.size }
+func (d dummyFileInfo) Mode() os.FileMode  { return 0o644 }
+func (d dummyFileInfo) ModTime() time.Time { return d.mod }
+func (d dummyFileInfo) IsDir() bool        { return false }
+func (d dummyFileInfo) Sys() any           { return nil }

internal/util/util.go

@@ -1,6 +1,9 @@
 package util
 
-import "fmt"
+import (
+	"fmt"
+	"strings"
+)
 
 func HumanSize(size int64) string {
 	const unit = 1024
@@ -17,3 +20,24 @@ func HumanSize(size int64) string {
 		"KMGTPE"[exp],
 	)
 }
+
+func SafeFilename(name string) string {
+	name = strings.TrimSpace(name)
+
+	out := make([]rune, 0, len(name))
+	for _, r := range name {
+		// block control chars (incl CR/LF/TAB), DEL, quotes, backslash
+		if r < 32 || r == 127 || r == '"' || r == '\\' {
+			continue
+		}
+		out = append(out, r)
+	}
+	if len(out) == 0 {
+		return "file"
+	}
+	// optional: cap length
+	if len(out) > 200 {
+		out = out[:200]
+	}
+	return string(out)
+}

internal/util/worldlist.go

@@ -0,0 +1,47 @@
+package util
+
+import "math/rand"
+
+var Adjectives = []string{
+	"Cool", "Super", "Hot", "Spicy", "Sneaky", "Sleepy", "Tiny", "Mega", "Cosmic", "Silly",
+	"Cursed", "Blessed", "Wiggly", "Giga", "Chonky", "Shiny", "Angry", "Happy", "Soft", "Turbo",
+	"Zany", "Snappy", "Fluffy", "Cranky", "Glitchy", "Bubbly", "Frosty", "Electric", "Jolly", "Mystic",
+	"Weird", "Chunky", "Psycho", "Cheesy", "Smelly", "Slippery", "Fiery", "Wacky", "Vivid", "Hyper",
+	"Soggy", "Grumpy", "Luminous", "Spooky", "Funky", "Twisted", "Nifty", "Prickly", "Velvet", "Epic",
+	"Glorious", "Majestic", "Quirky", "Radiant", "Sneaky", "Bouncy", "Mysterious", "Noodle", "Raging", "Zesty",
+	"Shimmering", "Fabled", "Plush", "Snazzy", "Stormy", "Gleaming", "Vibrant", "Odd", "Tasty", "Whimsical",
+	"Feral", "Clever", "Jumpy", "Dizzy", "Wicked", "Chilly", "Hasty", "Bizarre", "Snug", "Cheerful",
+}
+
+var Things = []string{
+	"Potato", "Griefers", "Raccoons", "Pigeons", "Wizards", "Ninjas", "Pickles", "Dragons", "Goblins", "Burgers",
+	"Pancakes", "Hamsters", "Bananas", "Comets", "Robots", "Cats", "Kiwis", "Frogs", "Cupcakes", "Sprites",
+	"Monsters", "Aliens", "Slimes", "Tacos", "Unicorns", "Ghosts", "Snails", "Vampires", "Donuts", "Owls",
+	"Zombies", "Mermaids", "Beavers", "Octopuses", "Chickens", "Penguins", "Mushrooms", "Felines", "Llamas", "Waffles",
+	"Baboons", "Dragettes", "Pixies", "Sharks", "Elephants", "Squirrels", "Gnomes", "Wombats", "Cacti", "Puppets",
+	"Koalas", "Moose", "Yeti", "Bats", "Crabs", "Otters", "Trolls", "Geckos", "Parrots", "Snakes",
+	"Sloths", "Clowns", "Jellyfish", "Froggies", "Dragoneers", "Nuggets", "Sprites", "Critters", "Knights", "Squids",
+	"Tigers", "Foxes", "Penguinos", "Burglebugs", "Clouds", "Fireflies", "Shrooms", "Mice", "Wizards", "Berries",
+}
+
+var Verbs = []string{
+	"Zoom", "Bonk", "Yeet", "Vibe", "Hack", "Spark", "Bounce", "Nibble", "Smuggle", "Cook",
+	"Flick", "Slap", "Whack", "Zap", "Blast", "Slam", "Twist", "Flip", "Slide", "Crash",
+	"Pop", "Fling", "Snatch", "Boing", "Sizzle", "Clap", "Roar", "Sniff", "Swoop", "Blink",
+	"Dodge", "Smash", "Roll", "Twirl", "Snore", "Drip", "Slurp", "Chomp", "Shuffle", "Juggle",
+	"Bounce", "Whirl", "Gush", "Spit", "Frolic", "Honk", "Wiggle", "Crackle", "Pounce", "Sprinkle",
+	"Slam", "Zoomerang", "Flop", "Squish", "Boop", "Whiz", "Flipflop", "Snip", "Glide", "Zapzap",
+	"Bop", "Wobble", "Fumble", "Twinkle", "Splash", "Dribble", "Clobber", "Whackadoo", "Bounceback", "Snizzle",
+}
+
+func RandomAdjective() string {
+	return Adjectives[rand.Intn(len(Adjectives))]
+}
+
+func RandomThing() string {
+	return Things[rand.Intn(len(Things))]
+}
+
+func RandomVerb() string {
+	return Verbs[rand.Intn(len(Verbs))]
+}

internal/web/config.go

@@ -0,0 +1,151 @@
+package web
+
+import (
+	"ResendIt/internal/config"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+)
+
+type ConfigPageData struct {
+	Success bool
+	Error   string
+
+	UploadMaxFileSizeMB int64
+	UploadMultiMaxFiles int
+	UploadMaxHours      int
+
+	RateLimitLoginPerMinute int
+	RateLimitLoginBurst     int
+	RateLimitApiPerMinute   int
+	RateLimitApiBurst       int
+}
+
+// ConfigPage renders a modular admin config screen.
+func (h *Handler) ConfigPage(c *gin.Context) {
+	cfg := h.configService
+
+	maxBytes := cfg.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	data := ConfigPageData{
+		Success:             c.Query("saved") == "1",
+		UploadMaxFileSizeMB: maxBytes / (1024 * 1024),
+		UploadMultiMaxFiles: cfg.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles),
+		UploadMaxHours:      cfg.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours),
+		RateLimitLoginPerMinute: cfg.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute),
+		RateLimitLoginBurst:     cfg.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst),
+		RateLimitApiPerMinute:   cfg.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute),
+		RateLimitApiBurst:       cfg.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst),
+	}
+
+	c.HTML(http.StatusOK, "config.html", data)
+}
+
+func (h *Handler) ConfigSave(c *gin.Context) {
+	cfg := h.configService
+
+	// Parse + validate.
+	parseInt := func(name string, min, max int) (int, error) {
+		v := c.PostForm(name)
+		n, err := strconv.Atoi(v)
+		if err != nil {
+			return 0, err
+		}
+		if n < min {
+			n = min
+		}
+		if max > 0 && n > max {
+			n = max
+		}
+		return n, nil
+	}
+
+	parseInt64 := func(name string, min int64, max int64) (int64, error) {
+		v := c.PostForm(name)
+		n, err := strconv.ParseInt(v, 10, 64)
+		if err != nil {
+			return 0, err
+		}
+		if n < min {
+			n = min
+		}
+		if max > 0 && n > max {
+			n = max
+		}
+		return n, nil
+	}
+
+	maxMB, err := parseInt64("upload_max_file_size_mb", 1, 1024*1024)
+	if err != nil {
+		h.renderConfigError(c, "invalid max file size")
+		return
+	}
+	maxFiles, err := parseInt("upload_multi_max_files", 1, 500)
+	if err != nil {
+		h.renderConfigError(c, "invalid max files")
+		return
+	}
+	maxHours, err := parseInt("upload_max_hours", 1, 24*365)
+	if err != nil {
+		h.renderConfigError(c, "invalid max hours")
+		return
+	}
+
+	// Rate limits: stored, but not applied dynamically yet.
+	loginPerMin, err := parseInt("ratelimit_login_per_minute", 1, 10000)
+	if err != nil {
+		h.renderConfigError(c, "invalid login rate")
+		return
+	}
+	loginBurst, err := parseInt("ratelimit_login_burst", 1, 10000)
+	if err != nil {
+		h.renderConfigError(c, "invalid login burst")
+		return
+	}
+	apiPerMin, err := parseInt("ratelimit_api_per_minute", 1, 100000)
+	if err != nil {
+		h.renderConfigError(c, "invalid api rate")
+		return
+	}
+	apiBurst, err := parseInt("ratelimit_api_burst", 1, 100000)
+	if err != nil {
+		h.renderConfigError(c, "invalid api burst")
+		return
+	}
+
+	// Persist.
+	if err := cfg.SetString(config.KeyUploadMaxFileSizeBytes, strconv.FormatInt(maxMB*1024*1024, 10)); err != nil {
+		h.renderConfigError(c, err.Error())
+		return
+	}
+	if err := cfg.SetString(config.KeyUploadMultiMaxFiles, strconv.Itoa(maxFiles)); err != nil {
+		h.renderConfigError(c, err.Error())
+		return
+	}
+	if err := cfg.SetString(config.KeyUploadMaxHours, strconv.Itoa(maxHours)); err != nil {
+		h.renderConfigError(c, err.Error())
+		return
+	}
+
+	_ = cfg.SetString(config.KeyRateLimitLoginPerMinute, strconv.Itoa(loginPerMin))
+	_ = cfg.SetString(config.KeyRateLimitLoginBurst, strconv.Itoa(loginBurst))
+	_ = cfg.SetString(config.KeyRateLimitApiPerMinute, strconv.Itoa(apiPerMin))
+	_ = cfg.SetString(config.KeyRateLimitApiBurst, strconv.Itoa(apiBurst))
+
+	c.Redirect(http.StatusFound, "/config?saved=1")
+}
+
+func (h *Handler) renderConfigError(c *gin.Context, msg string) {
+	maxBytes := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
+	data := ConfigPageData{
+		Error:               msg,
+		UploadMaxFileSizeMB: maxBytes / (1024 * 1024),
+		UploadMultiMaxFiles: h.configService.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles),
+		UploadMaxHours:      h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours),
+		RateLimitLoginPerMinute: h.configService.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute),
+		RateLimitLoginBurst:     h.configService.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst),
+		RateLimitApiPerMinute:   h.configService.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute),
+		RateLimitApiBurst:       h.configService.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst),
+	}
+	c.HTML(http.StatusBadRequest, "config.html", data)
+}

internal/web/handler.go

@@ -1,19 +1,30 @@
 package web
 
 import (
+	"ResendIt/internal/buildinfo"
 	"ResendIt/internal/file"
+	"os"
 	"strconv"
 
 	"github.com/gin-gonic/gin"
 )
 
 type Handler struct {
-	fileService *file.Service
+	fileService   *file.Service
+	configService ConfigService
 }
 
-func NewHandler(fileService *file.Service) *Handler {
+// ConfigService is the small interface needed by the web layer.
+type ConfigService interface {
+	GetIntDefault(key string, def int) int
+	GetInt64Default(key string, def int64) int64
+	SetString(key, value string) error
+}
+
+func NewHandler(fileService *file.Service, cfg ConfigService) *Handler {
 	return &Handler{
-		fileService: fileService,
+		fileService:   fileService,
+		configService: cfg,
 	}
 }
 
@@ -70,12 +81,38 @@ func (h *Handler) AdminPage(c *gin.Context) {
 		return
 	}
 
+	// Only check files on the current page.
+	// Status meanings:
+	// - green: file exists on disk
+	// - red: file missing
+	// - rainbow: stat error (something unexpected)
+	type AdminFileView struct {
+		file.FileRecord
+		ActualStatus string
+	}
+
+	adminFiles := make([]AdminFileView, 0, len(files))
+	for _, f := range files {
+		status := "red"
+		if f.Path != "" {
+			if _, err := os.Stat(f.Path); err == nil {
+				status = "green"
+			} else if os.IsNotExist(err) {
+				status = "red"
+			} else {
+				status = "rainbow"
+			}
+		}
+		adminFiles = append(adminFiles, AdminFileView{FileRecord: f, ActualStatus: status})
+	}
+
 	totalPages := (totalCount + limit - 1) / limit
 
 	c.HTML(200, "admin.html", gin.H{
-		"Files":      files,
+		"Files":       adminFiles,
-		"Page":       page,
+		"Page":        page,
-		"TotalPages": totalPages,
+		"TotalPages":  totalPages,
+		"BuildCommit": buildinfo.Commit,
 	})
 }
 

internal/web/routes.go

@@ -20,6 +20,8 @@ func RegisterRoutes(r *gin.Engine, h *Handler, userService *user.Service) {
 	adminRoutes.Use(user.ForcePasswordChangeMiddleware(userService))
 
 	adminRoutes.GET("/admin", h.AdminPage)
+	adminRoutes.GET("/config", h.ConfigPage)
+	adminRoutes.POST("/config", h.ConfigSave)
 	adminRoutes.GET("/logout", h.Logout)
 	adminRoutes.GET("/change-password", h.ChangePasswordPage)
 }

templates/admin.html

@@ -16,6 +16,24 @@
         td { border: 1px solid #000; padding: 10px; font-size: 13px; font-weight: 500; }
         tr:hover { background: #ffff00; }
 
+        /* Actual file status dot */
+        .dot { width: 12px; height: 12px; border: 2px solid #000; display: inline-block; }
+        .dot-green { background: #00ff00; }
+        .dot-red { background: #ff0000; }
+        .dot-rainbow {
+            animation: rainbow 0.8s linear infinite;
+            background: red;
+        }
+        @keyframes rainbow {
+            0%   { background: #ff0000; }
+            16%  { background: #ff9900; }
+            33%  { background: #ffff00; }
+            50%  { background: #00ff00; }
+            66%  { background: #00ccff; }
+            83%  { background: #9900ff; }
+            100% { background: #ff0000; }
+        }
+
         /* Harsh Status Tags */
         .status-tag { font-weight: 900; font-size: 11px; padding: 3px 6px; border: 2px solid #000; display: inline-block; text-transform: uppercase; }
         .status-deleted { background: #000; color: #ff0000; }
@@ -95,6 +113,7 @@
         </div>
         <div class="flex flex-col items-end gap-2">
             <a href="/" class="nav-link">← BACK_TO_UPLOADER</a>
+            <a href="/config" class="nav-link">CONFIG_MODULE</a>
             <a href="/logout" class="nav-link text-red-600">LOGOUT_SESSION</a>
         </div>
     </header>
@@ -109,12 +128,13 @@
                 <th>Hits</th>
                 <th>Burn</th>
                 <th>Status</th>
+                <th>Actual</th>
                 <th>System_Actions</th>
             </tr>
             </thead>
             <tbody>
             {{if not .Files}}
-            <tr><td colspan="7" class="text-center py-10 font-bold uppercase italic">Zero files in buffer</td></tr>
+            <tr><td colspan="8" class="text-center py-10 font-bold uppercase italic">Zero files in buffer</td></tr>
             {{end}}
             {{range .Files}}
             <tr>
@@ -147,16 +167,24 @@
                     {{end}}
                 </td>
 
+                <td class="text-center">
+                    {{if eq .ActualStatus "green"}}
+                        <span class="dot dot-green" title="File exists"></span>
+                    {{else if eq .ActualStatus "red"}}
+                        <span class="dot dot-red" title="File missing"></span>
+                    {{else}}
+                        <span class="dot dot-rainbow" title="Stat error"></span>
+                    {{end}}
+                </td>
+
                 <td>
                     <div class="btn-group">
                         {{if not .Deleted}}
-                        <form action="/api/files/admin/delete/{{.ID}}" method="POST" onsubmit="return openConfirm(event, 'TERMINATE', 'Kill this file? It will be removed from active storage.')">
+                        <form action="/api/files/admin/delete/{{.ID}}" method="GET" onsubmit="return openConfirm(event, 'TERMINATE', 'Kill this file? It will be removed from active storage.')">
-                            <input type="hidden" name="_csrf" class="csrf-field">
                             <button type="submit" style="background: #ffcccc;">Terminate</button>
                         </form>
                         {{end}}
-                        <form action="/api/files/admin/delete/fr/{{.ID}}" method="POST" onsubmit="return openConfirm(event, 'FULL_WIPE', 'Wiping file and purging record? This is a permanent database scrub.')">
+                        <form action="/api/files/admin/delete/fr/{{.ID}}" method="GET" onsubmit="return openConfirm(event, 'FULL_WIPE', 'Wiping file and purging record? This is a permanent database scrub.')">
-                            <input type="hidden" name="_csrf" class="csrf-field">
                             <button type="submit">Full_Wipe</button>
                         </form>
                     </div>
@@ -181,6 +209,9 @@
             <div class="text-[12px] font-black uppercase">
                 Data_Density: {{len .Files}} records | Page: {{.Page}}/{{.TotalPages}}
             </div>
+            <div class="text-[11px] font-black uppercase text-gray-600">
+                Build_Commit: {{.BuildCommit}}
+            </div>
         </footer>
     </div>
 </div>
@@ -204,13 +235,6 @@
         currentForm = null;
     }
 
-    // Fill CSRF hidden inputs from cookie (double-submit pattern)
-    (function fillCSRF() {
-        const m = document.cookie.match('(^|;)\\s*csrf_token\\s*=\\s*([^;]+)');
-        const tok = m ? m.pop() : '';
-        document.querySelectorAll('.csrf-field').forEach(el => el.value = tok);
-    })();
-
     document.getElementById('modal-confirm-btn').addEventListener('click', () => {
         if (currentForm) {
             currentForm.submit();

templates/changePassword.html

@@ -258,12 +258,9 @@
         }
 
         try {
-            const m = document.cookie.match('(^|;)\\s*csrf_token\\s*=\\s*([^;]+)');
-            const csrf = m ? m.pop() : '';
-
             const res = await fetch('/api/user/change-password', {
                 method: 'POST',
-                headers: { 'Content-Type': 'application/json', 'X-CSRF-Token': csrf },
+                headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({
                     old_password: current,
                     new_password: nv

templates/config.html

@@ -0,0 +1,256 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Config Module</title>
+  <script src="https://cdn.tailwindcss.com"></script>
+  <link rel="icon" type="image/x-icon" href="/static/favicon.ico">
+
+  <style>
+    * { border-radius: 0 !important; }
+    body {
+      font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
+      background: #fff;
+      color: #000;
+      padding: 20px;
+    }
+
+    .box { border: 3px solid #000; background: #fff; padding: 20px; }
+
+    .section-title {
+      font-size: 18px;
+      font-weight: 900;
+      text-transform: uppercase;
+      border-bottom: 3px solid #000;
+      margin-bottom: 16px;
+      padding-bottom: 4px;
+    }
+
+    .row {
+      display: grid;
+      grid-template-columns: 300px 1fr;
+      gap: 10px;
+      margin-bottom: 12px;
+      align-items: center;
+    }
+
+    label {
+      font-weight: 900;
+      text-transform: uppercase;
+      font-size: 12px;
+    }
+
+    input {
+      border: 2px solid #000;
+      padding: 6px 8px;
+      font-size: 13px;
+      width: 100%;
+    }
+
+    .hint {
+      font-size: 11px;
+      font-style: italic;
+      margin-top: 4px;
+      border-left: 4px solid #000;
+      padding-left: 6px;
+    }
+
+    button, .button {
+      border: 2px solid #000;
+      background: #fff;
+      padding: 6px 12px;
+      cursor: pointer;
+      font-size: 11px;
+      font-weight: 900;
+      text-transform: uppercase;
+      box-shadow: 3px 3px 0px #000;
+    }
+
+    button:hover, .button:hover {
+      background: #000;
+      color: #fff;
+      box-shadow: none;
+      transform: translate(2px, 2px);
+    }
+
+    button:active {
+      background: #ff0000;
+      color: #fff;
+    }
+
+    .nav-link {
+      font-weight: 900;
+      text-decoration: underline;
+      text-transform: uppercase;
+      font-size: 12px;
+    }
+
+    .nav-link:hover {
+      background: #000;
+      color: #fff;
+    }
+
+    .ok {
+      border: 3px solid #000;
+      background: #00ff00;
+      padding: 10px;
+      font-weight: 900;
+      text-transform: uppercase;
+    }
+
+    .err {
+      border: 3px solid #000;
+      background: #ff0000;
+      color: #fff;
+      padding: 10px;
+      font-weight: 900;
+      text-transform: uppercase;
+    }
+  </style>
+</head>
+
+<body>
+
+<div class="max-w-4xl mx-auto">
+
+  <!-- HEADER -->
+  <header class="mb-6 border-b-8 border-black pb-4 flex justify-between items-start">
+    <h1 class="text-4xl font-black uppercase tracking-tighter leading-none">
+      Config_Settings
+    </h1>
+
+    <div class="flex flex-col items-end gap-2">
+      <a href="/admin" class="nav-link">Admin_Panel</a>
+      <a href="/config" class="nav-link">Reload_Config</a>
+      <a href="/logout" class="nav-link text-red-600">Logout</a>
+    </div>
+  </header>
+
+  <!-- STATUS -->
+  {{if .Success}}
+  <div class="ok mb-4">CONFIG_SAVED_SUCCESSFULLY</div>
+  {{end}}
+
+  {{if .Error}}
+  <div class="err mb-4">{{.Error}}</div>
+  {{end}}
+
+  <form method="POST" action="/config">
+
+    <!-- UPLOAD SETTINGS -->
+    <div class="box mb-6">
+      <div class="section-title">Upload_Control</div>
+
+      <div class="row">
+        <label>Max_File_Size_MB</label>
+        <div class="flex flex-col gap-1">
+          <div class="flex gap-2 items-center">
+            <input id="fileSizeMB" type="number" min="1" name="upload_max_file_size_mb" value="{{.UploadMaxFileSizeMB}}">
+
+            <input id="fileSizeGB" type="text" readonly placeholder="GB"
+                   class="w-24 bg-gray-100 cursor-not-allowed">
+          </div>
+
+          <div class="hint">Hard limit enforced by upload endpoints</div>
+        </div>
+      </div>
+
+      <div class="row">
+        <label>Multi_Upload_Limit</label>
+        <div>
+          <input type="number" min="1" name="upload_multi_max_files" value="{{.UploadMultiMaxFiles}}">
+          <div class="hint">Max files per multi-upload request</div>
+        </div>
+      </div>
+
+      <div class="row">
+        <label>Max_Expiry_Hours</label>
+        <div class="flex flex-col gap-1">
+          <div class="flex gap-2 items-center">
+            <input id="hoursInput" type="number" min="1" name="upload_max_hours" value="{{.UploadMaxHours}}">
+
+            <input id="daysOutput" type="text" readonly placeholder="Days" class="w-24 bg-gray-100 cursor-not-allowed">
+          </div>
+
+          <div class="hint">User duration capped to this value</div>
+        </div>
+      </div>
+    </div>
+
+    <!-- RATE LIMITS -->
+    <div class="box mb-6">
+      <div class="section-title">Rate_Limits_(Static)</div>
+
+      <div class="hint mb-4">
+        Changes require server restart to take effect
+      </div>
+
+      <div class="row">
+        <label>Login_Per_Minute</label>
+        <input type="number" min="1" name="ratelimit_login_per_minute" value="{{.RateLimitLoginPerMinute}}">
+      </div>
+
+      <div class="row">
+        <label>Login_Burst</label>
+        <input type="number" min="1" name="ratelimit_login_burst" value="{{.RateLimitLoginBurst}}">
+      </div>
+
+      <div class="row">
+        <label>API_Per_Minute</label>
+        <input type="number" min="1" name="ratelimit_api_per_minute" value="{{.RateLimitApiPerMinute}}">
+      </div>
+
+      <div class="row">
+        <label>API_Burst</label>
+        <input type="number" min="1" name="ratelimit_api_burst" value="{{.RateLimitApiBurst}}">
+      </div>
+    </div>
+
+    <!-- ACTIONS -->
+    <div class="flex justify-between items-center border-t-8 border-black pt-4">
+      <button type="submit">SAVE</button>
+    </div>
+
+  </form>
+
+</div>
+
+<a href="/change-password" class="fixed bottom-1 left-1 text-[10px] underline">
+  CHANGE_PASSWORD
+</a>
+
+<script>
+  function formatNumber(num) {
+    return parseFloat(num.toFixed(2));
+  }
+
+  function updateConversions() {
+    const mb = parseFloat(document.getElementById('fileSizeMB')?.value);
+    const gbField = document.getElementById('fileSizeGB');
+
+    if (!isNaN(mb) && gbField) {
+      gbField.value = formatNumber(mb / 1024) + " GB";
+    } else if (gbField) {
+      gbField.value = "";
+    }
+
+    const hours = parseFloat(document.getElementById('hoursInput')?.value);
+    const daysField = document.getElementById('daysOutput');
+
+    if (!isNaN(hours) && daysField) {
+      daysField.value = formatNumber(hours / 24) + " days";
+    } else if (daysField) {
+      daysField.value = "";
+    }
+  }
+
+  // Run on load
+  window.addEventListener('DOMContentLoaded', updateConversions);
+
+  // Listen for changes
+  document.addEventListener('input', updateConversions);
+</script>
+
+</body>
+</html>

templates/index.html

@@ -102,7 +102,7 @@
 
         <div id="upload-ui">
             <div id="drop-zone" class="drop-zone mb-4">
-                <input type="file" id="fileInput" class="hidden">
+                <input type="file" id="fileInput" class="hidden" multiple>
 
                 <div id="dz-content">
                     <span id="dz-text" class="text-sm">Click to select or drop file</span>
@@ -232,20 +232,36 @@
 
     input.onchange = () => {
         if (input.files.length) {
-            showFile(input.files[0]);
+            showFiles(input.files);
             uploadBtn.disabled = false;
         } else {
             uploadBtn.disabled = true;
         }
     };
 
-    function showFile(file) {
+    function showFiles(fileList) {
+        const files = Array.from(fileList || []);
+        if (files.length === 0) return;
+
+        const total = files.reduce((acc, f) => acc + f.size, 0);
+
+        if (files.length === 1) {
+            document.getElementById('dz-text').innerText =
+                `${files[0].name} (${formatBytes(files[0].size)})`;
+            return;
+        }
+
         document.getElementById('dz-text').innerText =
-            `${file.name} (${formatBytes(file.size)})`;
+            `${files.length} FILES (${formatBytes(total)}) — will be zipped`;
     }
 
     uploadBtn.onclick = () => {
-        if (input.files.length) handleUpload(input.files[0]);
+        if (!input.files.length) return;
+        if (input.files.length === 1) {
+            handleUploadSingle(input.files[0]);
+        } else {
+            handleUploadMulti(input.files);
+        }
     };
 
     cancelBtn.onclick = (e) => {
@@ -257,7 +273,15 @@
         }
     };
 
-    function handleUpload(file) {
+    function commonFormData() {
+        const fd = new FormData();
+        fd.append("once", document.getElementById("once").checked ? "true" : "false");
+        const hours = parseInt(document.getElementById("duration").value, 10);
+        fd.append("duration", hours);
+        return fd;
+    }
+
+    function startUploadUI() {
         uploadBtn.disabled = true;
         uploadBtn.innerText = "UPLOADING...";
         cancelBtn.classList.remove('hidden');
@@ -265,16 +289,9 @@
         progressContainer.classList.remove("hidden");
         progressText.classList.remove("hidden");
         statsText.classList.remove("hidden");
+    }
 
-        const fd = new FormData();
+    function setupXHRHandlers(xhr) {
-        fd.append("file", file);
-        fd.append("once", document.getElementById("once").checked ? "true" : "false");
-        const hours = parseInt(document.getElementById("duration").value, 10);
-        fd.append("duration", hours);
-
-        const xhr = new XMLHttpRequest();
-        currentXhr = xhr;
-
         let startTime = Date.now();
 
         xhr.upload.onprogress = (e) => {
@@ -301,7 +318,6 @@
                     const data = JSON.parse(xhr.responseText);
                     if (data.error) throw new Error(data.error);
 
-                    // Redirect using view key
                     window.location.href = "/f/" + data.view_key;
 
                 } catch (err) {
@@ -319,11 +335,38 @@
                 location.reload();
             }
         };
+    }
+
+    function handleUploadSingle(file) {
+        startUploadUI();
+
+        const fd = commonFormData();
+        fd.append("file", file);
+
+        const xhr = new XMLHttpRequest();
+        currentXhr = xhr;
+
+        setupXHRHandlers(xhr);
 
         xhr.open("POST", "/api/files/upload");
         xhr.send(fd);
     }
 
+    function handleUploadMulti(fileList) {
+        startUploadUI();
+
+        const fd = commonFormData();
+        Array.from(fileList).forEach(f => fd.append("files", f));
+
+        const xhr = new XMLHttpRequest();
+        currentXhr = xhr;
+
+        setupXHRHandlers(xhr);
+
+        xhr.open("POST", "/api/files/upload-multi");
+        xhr.send(fd);
+    }
+
     function copy(id) {
         const el = document.getElementById(id);
         el.select();

templates/login.html

@@ -127,14 +127,10 @@
         const password = document.getElementById("password").value;
 
         try {
-            const m = document.cookie.match('(^|;)\\s*csrf_token\\s*=\\s*([^;]+)');
-            const csrf = m ? m.pop() : '';
-
             const res = await fetch("/api/auth/login", {
                 method: "POST",
                 headers: {
-                    "Content-Type": "application/json",
+                    "Content-Type": "application/json"
-                    "X-CSRF-Token": csrf
                 },
                 body: JSON.stringify({
                     username: username,