Project info
Understand how DiscordDrive works
A self-hosted drive that uses Discord as free cloud storage. Encryption/decryption stays in your browser, with optional password-locked Cloud Key Backup for multi-device use. Settings are split into General & Encryption tabs for worker tuning, key management, and PBKDF2 strength.
Zero-knowledge encryption
AES-256-GCM happens in your browser. Keys stay local unless you opt into Cloud Key Backup.
Cloud Key Backup (opt-in)
Password-locked key sync. We encrypt the key with your account password using PBKDF2 + AES-256-GCM before storing it.
Settings hub
Tabbed General & Encryption settings for key management, PBKDF2 tiers, worker tuning, and debug overlay.
Multi-bot parallelism
Unlimited DISCORD_TOKEN_* bots work together with automatic load balancing and least-busy selection.
Live progress & ETA
Real-time upload/download progress with speed calculation, ETA, and instant cancellation.
Folders, shares, ZIP export
Organize into folders, move files freely, share links publicly, and download folders as ZIP after client-side decryption.
Worker-accelerated transfers
Web Workers keep the UI responsive while chunking & encrypting. Worker count is configurable per device.
Mobile friendly
Responsive layout with touch controls, slide-out navigation, and bulk selection for managing files on the go.
200% vibe coded
Built with mass cursor-tabbing, mass prompting, and mass amounts of coffee. Don't trust, verify. (should be safe but yk)
- File is split into ~8MB chunks in the browser using Web Workers for non-blocking operation.
- Each chunk is encrypted with AES-256-GCM using a unique IV. Your password never leaves the browser.
- Encrypted chunks are batched and uploaded to Discord via multiple bots in parallel.
- Discord stores chunks as message attachments. Only references (message IDs, URLs) are saved in SQLite.
- Downloads fetch encrypted parts in parallel (6 concurrent by default), then decrypt client-side.
- ZIP downloads bundle multiple files - each decrypted in browser before adding to archive.
- Optional Cloud Key Backup: key is password-verified, AES-256-GCM encrypted with PBKDF2 (100k), uploaded, and auto-restored after login when missing locally.
- Opt-in only: your encryption key stays in localStorage until you enable sync in Settings > Encryption.
- Password check runs before saving so the key cannot be encrypted with a wrong credential.
- Key is encrypted client-side with AES-256-GCM; PBKDF2 (100k, SHA-256) derives the wrapping key from your account password.
- Server keeps only the encrypted blob and salt - no plaintext password or key is stored.
- Auto-restore after login when no local key is found; disabling backup deletes the server copy immediately.
Backend
- Express.js API server
- Discord.js for bot management
- SQLite (better-sqlite3) database
- Nodemailer SMTP for signup/reset emails
- Multer for file uploads
Frontend
- Next.js with React
- WebCrypto API for encryption
- Web Workers for parallel processing
- Tailwind CSS + Radix UI