For many developers and individuals, managing files on S3-compatible object storage often lacks a user-friendly interface. While powerful, the command line or SDKs can be cumbersome for day-to-day tasks like uploading photos, audio, or integrating files into web applications and Jupyter notebooks. This is where open-source solutions like Filestash shine, offering a promising GUI. However, even with such tools, a common pain point arises: repeatedly entering credentials.

Recently, I embarked on a personal project to solve this exact problem with Filestash. My goal was simple yet profound: to configure a backend account once and eliminate the need to log in with my S3 credentials every single time I opened the application. This journey, as often happens in software development, proved to be more intricate than initially perceived, revealing the technical complexities beneath a seemingly simple product.

The Driving Force: Why a Custom Plugin?

My particular use case for S3 goes beyond typical cloud storage. I sought a dedicated GUI to manage diverse files, from personal photos and audio recordings to data for network-based experiments. Unlike common backup services, I needed seamless integration with custom web applications and data analysis environments. Crucially, I envisioned a friction-free experience where I was the sole user, needing to share specific files without exposing the Filestash UI itself. Existing solutions didn’t quite fit, and the enjoyment of coding with a clear purpose, coupled with budget constraints, propelled me to develop my own plugin.

The core problem was clear: I needed Filestash to initialize an S3 backend automatically, bypassing the manual login screen shown below. This automation would allow me to launch the app and immediately access my files, streamlining my workflow significantly.

The login screen I aimed to circumvent through automation.

Unraveling Filestash’s Architecture

My initial investigation began by scrutinizing GitHub issues, looking for similar problems or existing solutions. Finding none directly applicable, I delved into the application itself using browser developer tools. Observing the manual login process revealed key interactions: a redirect to /login (handled client-side), and a POST request to /api/session upon submitting credentials. Interestingly, a GET request to /api/session determines if a session is active, dictating whether the user sees the filesystem or the login page.

My first thought was to bypass authorization entirely and jump straight to the file view. However, this would necessitate modifying Filestash’s core, which I aimed to avoid. The path forward was clear: a plugin.

Key Architectural Discoveries:

• Routing: The `server/routes.go` file orchestrates primary routes: `GET /` (entry point), `POST /api/session` (authentication and cookie creation), and `GET /api/session` (session validation).
• Middlewares: `SessionStart` injects session context, crucial for backend availability. `BodyParser` handles request body injection, which was initially a head-scratcher.
• Hooks: Filestash’s undocumented hooks system was a challenge. While `Onload` seemed intuitive for initialisation, it lacked the necessary `App` context to persist the backend state. Ultimately, registering the logic as a `Middleware` proved effective. Although executed with every request, I designed it to run only once for a given path, allowing me to inject the authentication cookie into the frontend once the backend was initialized.
• Internal State: The `App` structure in `server/common/app.go` holds critical state, including `Backend` (storage client), `Body` (temporary storage for `BodyParser`), `Session` (storage credentials), and `Authorization` (cookie hash).
• Frontend Interaction: The `public/assets/pages/ctrl_homepage.js` script initiates the `GET /api/session` call on the home page to check for an active session. My plugin’s goal was to ensure this check found a valid cookie.

The Seamless Login: How the Plugin Works

The essence of the plugin lies in altering the application’s flow. Instead of the user providing credentials, the plugin programmatically initializes the S3 backend on the server side. Once the backend is configured and a session is established, the plugin sends the necessary authentication cookie to the frontend with the initial GET / request. This means when the frontend’s GET /api/session call is made, it finds the pre-existing cookie, granting immediate access to the file system without ever displaying the login page.

The desired automatic login flow, bypassing user input.

Authentication, a notoriously complex domain, required careful consideration. While Filestash offers various authorization and authentication middlewares, configuring them for my specific “fixed backend” scenario proved tricky. The challenge was to maintain server-side efficiency and security without exposing storage provider credentials directly to the browser, and to ensure the isAuthorized checks (which refer to storage provider authorization) worked seamlessly with the automatically established session.

Cookies, handled by server/common/crypto.go and secured with a secret from the admin panel, play a pivotal role in maintaining both user and admin sessions. By leveraging this mechanism, the plugin effectively “logs in” the user server-side, then signals this state to the frontend.

Conclusion and Future Horizons

This basic plugin successfully addresses my specific need for automated S3 login in Filestash. While currently limited to S3-compatible storage, it represents a significant step towards a truly friction-free user experience for my personal object storage management.

Future enhancements could include extending support to Filestash’s wide array of storage backends and, crucially, developing a dedicated plugin configuration page within the Filestash UI. For now, the immediate next steps involve integrating Filestash with a reverse proxy (Caddy) and deploying it to production, solidifying this custom solution into a robust and reliable system. This journey underscores the power of open-source projects and the rewards of tailoring them to unique requirements through thoughtful development.