Filestash is an open-source, self-hosted file management platform designed for organizations that need unified access to diverse storage systems—from cloud buckets like S3 and Azure Blob to on-premises protocols like SMB, NFS, and FTP. It solves the fragmentation problem of managing files across incompatible systems by providing a single web interface with plugin-based extensibility. Built in Go, it runs as a standalone server and supports deployment via Docker, Kubernetes, or bare metal.
The platform’s architecture is built around a plugin system that allows deep customization of storage backends, authentication (LDAP, SAML, OIDC, WordPress), authorization (RBAC), search, file viewers, and gateways. It exposes data via SFTP, MCP, and S3 APIs, enabling integration with existing tools without requiring changes to underlying infrastructure.
What You Get
- Universal Storage Integrations - Supports 20+ storage protocols including S3, SFTP, FTP, SMB, WebDAV, NFS, SharePoint, Dropbox, Google Drive, Minio, Azure Blob, Git, GitHub, GitLab, and IPFS—all accessible through a unified interface.
- Plugin-Driven Architecture - Every feature (storage, auth, search, file viewers) is implemented as a plugin; users can swap, extend, or build custom plugins using documented Go interfaces and JavaScript patches.
- File Apps for Specialized Formats - Built-in viewers for 50+ file types including PSD, DWG, DXF, FITS, TIFF, RAW, PDF, SVG, GeoJSON, SHP, Parquet, Arrow, HDF5, DCM (DICOM), embroidery files (DST, PES), and 3D models (GLTF, STL, FBX).
- SFTP, MCP, and S3 Gateways - Expose any connected storage as standard protocols so users and applications can access files using existing tools like FileZilla, rclone, or AWS CLI without modifying the backend.
- Workflow Engine - Automate file operations by chaining actions on events (e.g., upload → OCR → notify Slack → archive), with extensibility via plugins for custom triggers and actions.
- AI-Powered Search & Smart Folders - Use semantic search and AI-driven metadata extraction with OCR support, including integration with local Ollama models for on-premises AI processing.
- SSO & RBAC Authentication - Integrate with LDAP, SAML, OIDC, and WordPress for single sign-on, with granular role-based access control (RBAC) to enforce permissions across storage systems.
- Audit & Compliance Logging - Immutable, timestamped, non-repudiable audit logs track all file access and modifications to meet GDPR and enterprise compliance requirements.
- White-Label Branding - Customize the UI theme to match your brand with pre-built themes (GitHub, Apple, Dropbox, IBM) and full CSS/JS override capabilities for deep branding control.
- Virtual Filesystem & Delegated Auth - Create virtual filesystems that proxy authentication to external systems like WordPress or LDAP, enabling centralized identity management without changing storage backends.
Common Use Cases
- Managing petabytes of research data - A university uses Filestash to provide a web interface to its NFS and S3-based data cluster, with DICOM and FITS viewers for scientific files and LDAP SSO for faculty access.
- Securing SMB access with 2FA - MIT deployed Filestash to add Duo 2FA and LDAP authentication to legacy SMB shares, solving the native lack of 2FA in SMB while preserving existing file structures.
- Building a custom MFT pipeline - A media company automates file ingestion from FTP uploads to S3 archiving, with AI OCR for metadata extraction and Slack notifications using Filestash’s workflow engine.
- Replacing Dropbox for enterprise compliance - A regulated firm uses Filestash to unify SharePoint, S3, and WebDAV storage with audit logs, RBAC, and white-label branding to meet internal security policies and client requirements.
Under The Hood
Architecture
- Go-based server with clear separation between routing, business logic, and plugin systems via a hook-based extension model
- Dynamic plugin registration for HTTP endpoints, startup, and shutdown events enables modular feature expansion without core modification
- Dependency injection achieved through function hooks rather than containers, enhancing testability and reducing coupling
- Model layer abstracts storage operations with plugin discovery, allowing runtime swapping of backend storage systems
- Frontend components are decoupled from the backend via REST APIs, with client-side JavaScript managing UI state independently
- Centralized configuration and logging initialization ensures consistent environment setup before service startup
Tech Stack
- Go backend leveraging net/http and Gorilla Mux for routing, with FTS5 full-text search support via build tags
- React and Vite-powered frontend with TypeScript and RxJS for reactive state management
- SQLite as embedded database with go-sqlite3 and sqlx for migration and ORM-like operations
- Vitest used for unified unit testing across frontend and backend
- Docker-based multi-stage builds with Makefile automation for cross-platform binary generation
- Nunjucks templating for server-side HTML rendering, integrated with Vite for static asset bundling
Code Quality
- Limited testing coverage with minimal unit or integration tests, relying on benchmark scripts in C
- Poor error handling with abrupt exit() calls and no structured recovery or propagation mechanisms
- Inconsistent naming conventions across components and languages, with no enforced style guide
- Weak type safety due to raw pointer usage and lack of validation in critical paths
- Absence of linting, static analysis, or automated code quality checks in the build pipeline
- Modular boundaries are blurred with plugin-specific binaries mixed into core logic
What Makes It Unique
- Plugin-driven architecture with extensible hooks allows dynamic extension of HTTP endpoints and lifecycle events without touching core code
- Metadata engine treats file tags as first-class searchable entities with real-time indexing and cross-file aggregation
- Unified interface integrating Web Share API, Chromecast, and document viewers into a seamless file experience platform
- Reactive UI powered by RxJS enables real-time updates for tagging, filtering, and configuration without page reloads
- Deeply embedded dark mode and touch optimizations with dynamic theming and gesture-aware layouts for cross-device adaptability
- Native NFSv4 protocol and ACL parsing in backend eliminates need for external middleware when accessing enterprise storage