Palmr.

Self-hosted, privacy-focused file sharing without limits

2.4Kstars
105forks
Apache License 2.0
TypeScript

Palmr. is a self-hosted file-sharing platform designed for users who prioritize privacy and control over their data. It offers a clean, modern interface for uploading, organizing files into folders, and sharing them via password-protected links—ideal for individuals and small teams avoiding third-party services like WeTransfer. Built as a beta project, it’s meant for those comfortable with self-hosting on their own server or VPS.

Technically, Palmr. uses Fastify for its high-performance Node.js backend, SQLite for zero-configuration metadata storage, and filesystem-based file storage with optional S3-compatible object storage. The frontend is built with Next.js 15, TypeScript, and Shadcn/ui, ensuring a responsive and secure user experience. Deployment is straightforward, requiring no external databases or cloud dependencies by default.

What You Get

  • Self-hosted deployment - Deploy on your own server or VPS with no third-party dependencies, ensuring full control over data and infrastructure.
  • Password-protected file links - Generate shareable links with optional password protection to restrict access to authorized recipients.
  • Folder organization - Create and manage folders to categorize and share groups of files, improving file management for teams or personal use.
  • S3-compatible object storage - Optionally integrate with S3-compatible services like MinIO or AWS S3 for scalable, enterprise-grade file storage.
  • Reverse share functionality - Allow others to upload files to your account via a shared link, mimicking WeTransfer’s reverse upload flow.
  • User management & profile settings - Create user accounts, manage profiles, reset passwords, and configure sharing preferences through a dedicated dashboard.
  • File list and card views - Switch between list and card layouts to browse uploaded files with metadata like size, date, and share status.
  • Admin dashboard - View all uploads, shares, and user activity in a centralized interface with settings for storage, security, and appearance.

Common Use Cases

  • Running a secure client file portal - A freelance designer uses Palmr. to share large project files with clients via password-protected links, avoiding cloud services that track user behavior.
  • Team file sharing within a small company - A startup team uses Palmr. to centrally store and share design assets, contracts, and reports without relying on Google Drive or Dropbox.
  • Privacy-conscious individuals sharing sensitive documents - A journalist uses Palmr. to send confidential files to sources without leaving traces on commercial platforms.
  • Self-hosted alternative to WeTransfer - A developer replaces WeTransfer with Palmr. to eliminate upload limits, ads, and data collection while maintaining a similar user experience.

Under The Hood

Architecture

  • Monorepo structure cleanly separates web and server applications with dedicated directories, enabling independent deployment pipelines
  • Server layer follows service-layer pattern with distinct controllers, services, and data access layers, though dependency injection is implicit rather than formalized
  • Prisma ORM is tightly integrated with a centralized schema and generated client, ensuring type-safe database interactions across the backend
  • Docker multi-stage builds and supervisor-based orchestration create production-ready containerized environments with isolated services for storage and application
  • React components are purely presentational with well-defined prop interfaces, decoupled from backend logic via dedicated API routes

Tech Stack

  • Node.js backend powered by Fastify with Zod for request validation and Prisma for type-safe data access
  • Next.js 14 frontend with TypeScript, built using pnpm and deployed as a standalone server
  • Multi-stage Docker builds with embedded MinIO for S3-compatible storage and mc CLI for object management
  • Supervisor manages multiple processes in production containers, including the application server and storage service
  • Monorepo coordinated via Makefile and custom scripts, with Husky hooks and pnpm for dependency and git workflow automation

Code Quality

  • Test suite is extensive but lacks assertions, rendering many tests ineffective for behavior validation
  • Error handling is inconsistent, relying on generic try-catch blocks without custom error classes or contextual logging
  • Naming conventions are inconsistent across the codebase, mixing camelCase and snake_case without clear guidelines
  • TypeScript usage is incomplete, with many interfaces and functions lacking proper type annotations or resorting to any
  • Minimal linting or formatting discipline results in inconsistent code style and potential anti-patterns

What Makes It Unique

  • Native API proxy in Next.js preserves session state by forwarding authentication headers, eliminating the need for client-side token management
  • Server-side dynamic key generation via OpenSSL removes dependency on external secret management systems
  • Embedded media sharing system generates direct-access URLs with copy-to-clipboard and i18n support for seamless content distribution
  • Unified authentication proxy endpoints abstract complex flows like 2FA and user activation behind a consistent API surface
  • Client-side embed URL generation uses window.location.origin to ensure environment portability without hardcoded domains

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search