[Feature] Allow multiple files

[Mushoz]

I was looking into the possibility of adding multiple files to a single paste. I came across this issue: #665

It sounds like this was never implemented. Our use-case for our self-hosted privatebin instance is to secure send files over email. For most data we simply email the link to the file(s) that we want to share. While it doesn't offer a ton of extra security over simply sending over the files as a regular mail attachment, the fact that files are automatically deleted ensure that the files will never linger in different outboxes and inboxes.

Furthermore, for higher risk data, we can mail the link, and communicate a password over a separate communication channel (such as e2e encrypted chatting applications). This does give us additional security over regular emails.

While we can simply zip multiple files together, I think it would be nice to be able to send multiple files within a single paste. I understand our use-case might be a bit niche, but perhaps more users might be willing to chime in if this would be a useful feature for them? If it's a popular feature, it might be worth implementing. Thank you very much in advance for considering this!

[elrido]

[...] If it's a popular feature, it might be worth implementing. Thank you very much in advance for considering this!

I've added the relevant labels, but be aware that what will be required for such an enhancement to get implemented is somebody stepping up and start working on a branch. Given that everyone works on this in their spare time, the motivation isn't usually in upvoted issues, but in the fun of implementing the function.

This particular one requires introducing a new version of the paste format, ideally in a backward compatible fashion, that includes some new list of files and of course the UI changes to list them all - it will mostly require JavaScript skills. If anyone feels up to the challenge, I'm happy to provide pointers to the relevant docs and code sections or collaborate in a branch.

[johnnyq]

@elrido HTML5 supports multiple file uploads

<form enctype='multipart/form-data' method='POST' action='uploadFiles.php'> 
     <input type="file" name="files[]" multiple="multiple">
     <button type='submit'>Submit</button>
</form>

Then can be handled on the backend with a simple for loop, no javascript needed

[johnnyq]

Mentioned here but was dup of this one. #1253

[elrido]

@elrido HTML5 supports multiple file uploads

I'm well aware that browsers supported this even back with HTML 4 since the late naught's: https://caniuse.com/input-file-multiple

Then can be handled on the backend with a simple for loop, no javascript needed

This is not a backend limitation, rather the encrypted payload format and paste format version needs to get extended and the client code added to support reading multiple files.

ATM there are two attributes "attachment" and "attachment_name" in the JSON payload. This needs to be extended to either optionally become a list/array or a new set of attributes needs to be introduced and the "v" (version) attribute on the outside paste format get incremented. And of course the new client code needs to be able to handle both the old one-attachment format and the newer one that can contain multiple files.

I'm happy to give you more pointers which bits of privatebin.js you will want to look at. May I assign you this task?

[chodorenko]

It seems to me that this would be a popular feature. Maybe the developers could implement it?

[elrido]

@chodorenko would you be willing to become that developer?

We desperately need more developers in this project to get things done. My focus is on other issues and without outside help it is very unlikely I'll ever get around to this one. As I volunteered, I'm happy to provide any pointers to help anyone that would likes to pick this task up.

[9401adarsh]

@elrido, can I take this issue up ?

[elrido]

Sure, even just working out the new paste format required for this would be a step forward. As stated earlier:

[...] the encrypted payload format and paste format version needs to get extended and the client code added to support reading multiple files.

ATM there are two attributes "attachment" and "attachment_name" in the JSON payload. This needs to be extended to either optionally become a list/array or a new set of attributes needs to be introduced and the "v" (version) attribute on the outside paste format get incremented. And of course the new client code needs to be able to handle both the old one-attachment format and the newer one that can contain multiple files.

So I'd suggest you first plan how the message will differ. I'd suggest incrementing the version, just so clients know if they must handle possibly multiple attachments. The attachments are in the encrypted payload, that is the "ct" field, in a JSON structure, stringyfied, compressed, encrypted and base64 encoded. An example of the outer JSON can be found here:

PrivateBin/tst/Bootstrap.php

Lines 645 to 666 in 4875bed

	private static $pasteV2 = array(
	'adata' => array(
	array(
	'gMSNoLOk4z0RnmsYwXZ8mw==',
	'TZO+JWuIuxs=',
	100000,
	256,
	128,
	'aes',
	'gcm',
	'zlib',
	),
	'plaintext',
	1,
	0,
	),
	'meta' => array(
	'expire' => '5min',
	),
	'v' => 2,
	'ct' => 'ME5JF/YBEijp2uYMzLZozbKtWc5wfy6R59NBb7SmRig=',
	);

The fields used for the paste and their contents can be found in the paste's JSONLD schema:
https://github.com/PrivateBin/PrivateBin/blob/master/js/paste.jsonld

If you want to peek into the contents of the "ct", you can see it getting constructed here:

PrivateBin/js/privatebin.js

Lines 5071 to 5083 in 4875bed

	// prepare cypher message
	let file = AttachmentViewer.getAttachmentData(),
	cipherMessage = {
	'paste': plainText
	};
	if (typeof file !== 'undefined' && file !== null) {
	cipherMessage['attachment'] = file;
	cipherMessage['attachment_name'] = AttachmentViewer.getFile().name;
	} else if (AttachmentViewer.hasAttachment()) {
	// fall back to cloned part
	let attachment = AttachmentViewer.getAttachment();
	cipherMessage['attachment'] = attachment[0];
	cipherMessage['attachment_name'] = attachment[1];

In privatebin.js, support for both versions has to be maintained, since we want to display both the existing v2 pastes with no or only one attachment and the v3 ones with no, one or multiple attachements. I'm not sure how much the templates need to modified, or if the JS could just duplicate the HTML of the targeted ID and insert multiple such download links if provided?

[9401adarsh]

Thanks for the inputs, will keep you posted on the progress here.