2022-03-03 19:04:46 +00:00
|
|
|
const logger = require('./logger')
|
|
|
|
|
|
|
|
// Stray errors and exceptions capturers
|
|
|
|
process.on('uncaughtException', error => {
|
|
|
|
logger.error(error, { prefix: 'Uncaught Exception: ' })
|
|
|
|
})
|
|
|
|
|
|
|
|
process.on('unhandledRejection', error => {
|
|
|
|
logger.error(error, { prefix: 'Unhandled Rejection (Promise): ' })
|
|
|
|
})
|
|
|
|
|
|
|
|
// Require libraries
|
2020-09-26 21:33:42 +00:00
|
|
|
const contentDisposition = require('content-disposition')
|
2018-04-18 21:00:36 +00:00
|
|
|
const helmet = require('helmet')
|
2022-07-10 12:46:25 +00:00
|
|
|
const HyperExpress = require('hyper-express')
|
|
|
|
const LiveDirectory = require('live-directory')
|
2022-04-15 08:36:50 +00:00
|
|
|
const NodeClam = require('clamscan')
|
2018-04-18 21:00:36 +00:00
|
|
|
const nunjucks = require('nunjucks')
|
2022-07-10 12:46:25 +00:00
|
|
|
// const rateLimit = require('express-rate-limit') // FIXME: Find alternative
|
2022-03-03 19:04:46 +00:00
|
|
|
const { accessSync, constants } = require('fs')
|
|
|
|
|
|
|
|
// Check required config files
|
|
|
|
const configFiles = ['config.js', 'views/_globals.njk']
|
2022-06-28 04:48:22 +00:00
|
|
|
for (const _file of configFiles) {
|
2022-03-03 19:04:46 +00:00
|
|
|
try {
|
2022-06-28 04:48:22 +00:00
|
|
|
accessSync(_file, constants.R_OK)
|
2022-03-03 19:04:46 +00:00
|
|
|
} catch (error) {
|
2022-06-28 04:48:22 +00:00
|
|
|
logger.error(`Config file '${_file}' cannot be found or read.`)
|
2022-03-03 19:04:46 +00:00
|
|
|
logger.error('Please copy the provided sample file and modify it according to your needs.')
|
|
|
|
process.exit(1)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Require config files
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
const config = require('./config')
|
2019-09-19 12:10:37 +00:00
|
|
|
const versions = require('./src/versions')
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2022-03-03 19:04:46 +00:00
|
|
|
// lolisafe
|
2020-05-09 07:54:09 +00:00
|
|
|
logger.log('Starting lolisafe\u2026')
|
2022-07-10 12:46:25 +00:00
|
|
|
const safe = new HyperExpress.Server({
|
|
|
|
trust_proxy: Boolean(config.trustProxy)
|
|
|
|
})
|
2018-09-20 11:41:17 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const paths = require('./controllers/pathsController')
|
2022-06-22 07:23:54 +00:00
|
|
|
paths.initSync()
|
2019-08-26 17:02:06 +00:00
|
|
|
const utils = require('./controllers/utilsController')
|
|
|
|
|
|
|
|
const album = require('./routes/album')
|
|
|
|
const api = require('./routes/api')
|
2022-06-28 05:03:49 +00:00
|
|
|
const file = require('./routes/file')
|
2019-08-26 17:02:06 +00:00
|
|
|
const nojs = require('./routes/nojs')
|
2020-11-03 13:56:32 +00:00
|
|
|
const player = require('./routes/player')
|
2019-08-26 17:02:06 +00:00
|
|
|
|
2022-04-16 14:37:17 +00:00
|
|
|
const isDevMode = process.env.NODE_ENV === 'development'
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2022-03-03 19:04:16 +00:00
|
|
|
// Helmet security headers
|
2022-04-30 05:01:12 +00:00
|
|
|
if (config.helmet instanceof Object) {
|
|
|
|
// If an empty object, simply do not use Helmet
|
|
|
|
if (Object.keys(config.helmet).length) {
|
|
|
|
safe.use(helmet(config.helmet))
|
|
|
|
}
|
2022-03-03 19:04:16 +00:00
|
|
|
} else {
|
|
|
|
// Fallback to old behavior when the whole helmet option was not configurable from the config file
|
2022-04-30 05:01:12 +00:00
|
|
|
const defaults = {
|
2022-03-03 19:04:46 +00:00
|
|
|
contentSecurityPolicy: false,
|
2022-04-20 11:37:10 +00:00
|
|
|
crossOriginEmbedderPolicy: false,
|
|
|
|
crossOriginOpenerPolicy: false,
|
|
|
|
crossOriginResourcePolicy: false,
|
|
|
|
hsts: false,
|
|
|
|
originAgentCluster: false
|
2022-04-30 05:01:12 +00:00
|
|
|
}
|
2020-02-13 08:03:31 +00:00
|
|
|
|
2022-03-03 19:04:46 +00:00
|
|
|
if (config.hsts instanceof Object && Object.keys(config.hsts).length) {
|
2022-04-30 05:01:12 +00:00
|
|
|
defaults.hsts = config.hsts
|
2022-03-03 19:04:16 +00:00
|
|
|
}
|
2022-04-30 05:01:12 +00:00
|
|
|
|
|
|
|
safe.use(helmet(defaults))
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2020-02-13 08:03:31 +00:00
|
|
|
|
2022-05-02 06:58:04 +00:00
|
|
|
// Access-Control-Allow-Origin
|
|
|
|
if (config.accessControlAllowOrigin) {
|
|
|
|
if (config.accessControlAllowOrigin === true) {
|
|
|
|
config.accessControlAllowOrigin = '*'
|
|
|
|
}
|
|
|
|
safe.use((req, res, next) => {
|
|
|
|
res.set('Access-Control-Allow-Origin', config.accessControlAllowOrigin)
|
|
|
|
if (config.accessControlAllowOrigin !== '*') {
|
|
|
|
res.vary('Origin')
|
|
|
|
}
|
|
|
|
next()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-07-10 12:46:25 +00:00
|
|
|
const initLiveDirectory = (options = {}) => {
|
|
|
|
if (!options.ignore) {
|
|
|
|
options.ignore = path => {
|
|
|
|
// ignore dot files
|
|
|
|
return path.startsWith('.')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return new LiveDirectory(options)
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2018-10-09 19:52:41 +00:00
|
|
|
// https://mozilla.github.io/nunjucks/api.html#configure
|
2022-07-10 12:46:25 +00:00
|
|
|
const nunjucksEnv = nunjucks.configure('views', {
|
2018-04-18 21:00:36 +00:00
|
|
|
autoescape: true,
|
2022-04-16 14:37:17 +00:00
|
|
|
watch: isDevMode
|
|
|
|
// noCache: isDevMode
|
2018-04-18 21:00:36 +00:00
|
|
|
})
|
2022-07-10 12:46:25 +00:00
|
|
|
|
|
|
|
const renderNunjucks = (res, path, params) => {
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
nunjucksEnv.render(`${path}.njk`, params, (err, html) => {
|
|
|
|
if (err) return reject(err)
|
|
|
|
resolve(html)
|
|
|
|
})
|
|
|
|
}).then(html => {
|
|
|
|
return res.type('html').send(html)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bind a global middleware which will attach to our helper method into all incoming requests
|
|
|
|
safe.use((req, res, next) => {
|
|
|
|
// Inject the render method onto the response object on each requet
|
|
|
|
res.render = (path, params) => renderNunjucks(res, path, params)
|
|
|
|
next()
|
|
|
|
})
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2022-04-16 14:37:39 +00:00
|
|
|
// Configure rate limits (disabled during development)
|
2022-07-10 12:46:25 +00:00
|
|
|
// FIXME: express-rate-limit does not work with hyper-express, find alternative
|
|
|
|
/*
|
2022-04-16 14:37:39 +00:00
|
|
|
if (!isDevMode && Array.isArray(config.rateLimits) && config.rateLimits.length) {
|
2022-04-15 07:15:32 +00:00
|
|
|
for (const _rateLimit of config.rateLimits) {
|
|
|
|
const limiter = rateLimit(_rateLimit.config)
|
|
|
|
for (const route of _rateLimit.routes) {
|
2019-06-03 19:40:24 +00:00
|
|
|
safe.use(route, limiter)
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2019-06-03 19:40:24 +00:00
|
|
|
}
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2022-07-10 12:46:25 +00:00
|
|
|
*/
|
2017-01-19 05:37:35 +00:00
|
|
|
|
2020-10-11 10:32:22 +00:00
|
|
|
const cdnPages = [...config.pages]
|
2022-05-02 06:58:04 +00:00
|
|
|
let setHeaders
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
|
2022-07-03 03:23:55 +00:00
|
|
|
const contentTypes = typeof config.overrideContentTypes === 'object' &&
|
|
|
|
Object.keys(config.overrideContentTypes)
|
|
|
|
const overrideContentTypes = contentTypes && contentTypes.length && function (res, path) {
|
2020-11-03 16:53:56 +00:00
|
|
|
// Do only if accessing files from uploads' root directory (i.e. not thumbs, etc.)
|
|
|
|
const relpath = path.replace(paths.uploads, '')
|
|
|
|
if (relpath.indexOf('/', 1) === -1) {
|
|
|
|
const name = relpath.substring(1)
|
|
|
|
const extname = utils.extname(name).substring(1)
|
|
|
|
for (const contentType of contentTypes) {
|
|
|
|
if (config.overrideContentTypes[contentType].includes(extname)) {
|
|
|
|
res.set('Content-Type', contentType)
|
2020-12-27 09:49:22 +00:00
|
|
|
break
|
2020-11-03 16:53:56 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-26 21:33:42 +00:00
|
|
|
const initServeStaticUploads = (opts = {}) => {
|
|
|
|
if (config.setContentDisposition) {
|
2022-07-03 03:35:36 +00:00
|
|
|
const SimpleDataStore = require('./controllers/utils/SimpleDataStore')
|
|
|
|
utils.contentDispositionStore = new SimpleDataStore(
|
|
|
|
config.contentDispositionOptions || {
|
|
|
|
limit: 50,
|
2022-07-03 04:08:00 +00:00
|
|
|
strategy: SimpleDataStore.STRATEGIES[0]
|
2022-07-03 03:35:36 +00:00
|
|
|
}
|
|
|
|
)
|
2020-10-01 21:58:35 +00:00
|
|
|
opts.preSetHeaders = async (res, req, path, stat) => {
|
2022-07-06 09:38:35 +00:00
|
|
|
// Do only if accessing files from uploads' root directory (i.e. not thumbs, etc.),
|
|
|
|
// AND only if GET requests
|
|
|
|
const relpath = path.replace(paths.uploads, '')
|
|
|
|
if (relpath.indexOf('/', 1) !== -1 || req.method !== 'GET') return
|
|
|
|
const name = relpath.substring(1)
|
2020-10-01 21:58:35 +00:00
|
|
|
try {
|
2022-07-06 09:38:35 +00:00
|
|
|
let original = utils.contentDispositionStore.get(name)
|
|
|
|
if (original === undefined) {
|
|
|
|
utils.contentDispositionStore.hold(name)
|
|
|
|
original = await utils.db.table('files')
|
|
|
|
.where('name', name)
|
|
|
|
.select('original')
|
|
|
|
.first()
|
|
|
|
.then(_file => {
|
|
|
|
utils.contentDispositionStore.set(name, _file.original)
|
|
|
|
return _file.original
|
|
|
|
})
|
|
|
|
}
|
|
|
|
if (original) {
|
|
|
|
res.set('Content-Disposition', contentDisposition(original, { type: 'inline' }))
|
2020-09-26 21:33:42 +00:00
|
|
|
}
|
2020-10-01 21:58:35 +00:00
|
|
|
} catch (error) {
|
2022-07-06 09:38:35 +00:00
|
|
|
utils.contentDispositionStore.delete(name)
|
2020-10-01 21:58:35 +00:00
|
|
|
logger.error(error)
|
2020-09-26 21:33:42 +00:00
|
|
|
}
|
|
|
|
}
|
2022-03-03 19:57:21 +00:00
|
|
|
// serveStatic is provided with @bobbywibowo/serve-static, a fork of express/serve-static.
|
2022-07-03 03:35:36 +00:00
|
|
|
// The fork allows specifying an async function by the name preSetHeaders,
|
|
|
|
// which it will await before creating 'send' stream to client.
|
|
|
|
// This is necessary due to database queries being async tasks,
|
|
|
|
// and express/serve-static not having the functionality by default.
|
2022-07-10 12:46:25 +00:00
|
|
|
// safe.use('/', require('@bobbywibowo/serve-static')(paths.uploads, opts))
|
|
|
|
// logger.debug('Inititated SimpleDataStore for Content-Disposition: ' +
|
|
|
|
// `{ limit: ${utils.contentDispositionStore.limit}, strategy: "${utils.contentDispositionStore.strategy}" }`)
|
|
|
|
logger.error('initServeStaticUploads() was called, but still WIP')
|
2020-09-26 21:33:42 +00:00
|
|
|
} else {
|
2022-07-10 12:46:25 +00:00
|
|
|
// safe.use('/', express.static(paths.uploads, opts))
|
|
|
|
logger.error('initServeStaticUploads() was called, but still WIP')
|
2020-09-26 21:33:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-07-10 12:46:25 +00:00
|
|
|
// Cache control
|
2019-01-05 21:09:47 +00:00
|
|
|
if (config.cacheControl) {
|
2019-01-09 10:11:45 +00:00
|
|
|
const cacheControls = {
|
2020-02-11 10:18:04 +00:00
|
|
|
// max-age: 6 months
|
2020-10-12 15:02:29 +00:00
|
|
|
static: 'public, max-age=15778800, immutable',
|
2020-02-11 10:18:04 +00:00
|
|
|
// s-max-age: 6 months (only cache in CDN)
|
2020-10-12 15:02:29 +00:00
|
|
|
cdn: 's-max-age=15778800, proxy-revalidate',
|
2020-02-11 10:18:04 +00:00
|
|
|
// validate cache's validity before using them (soft cache)
|
|
|
|
validate: 'no-cache',
|
|
|
|
// do not use cache at all
|
2019-01-09 10:11:45 +00:00
|
|
|
disable: 'no-store'
|
|
|
|
}
|
|
|
|
|
2020-02-11 10:18:04 +00:00
|
|
|
// By default soft cache everything
|
2019-01-09 10:11:45 +00:00
|
|
|
safe.use('/', (req, res, next) => {
|
2020-02-11 10:18:04 +00:00
|
|
|
res.set('Cache-Control', cacheControls.validate)
|
2019-01-05 21:09:47 +00:00
|
|
|
next()
|
|
|
|
})
|
|
|
|
|
2022-06-28 06:38:55 +00:00
|
|
|
switch (config.cacheControl) {
|
|
|
|
case 1:
|
|
|
|
case true:
|
|
|
|
// If using CDN, cache public pages in CDN
|
|
|
|
cdnPages.push('api/check')
|
|
|
|
for (const page of cdnPages) {
|
2022-07-10 12:46:25 +00:00
|
|
|
safe.get(`/${page === 'home' ? '' : page}`, async (req, res) => {
|
2022-06-28 06:38:55 +00:00
|
|
|
res.set('Cache-Control', cacheControls.cdn)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
break
|
2020-02-11 10:18:04 +00:00
|
|
|
}
|
2019-01-09 10:11:45 +00:00
|
|
|
|
2020-02-11 10:18:04 +00:00
|
|
|
// If serving uploads with node
|
2020-10-30 18:12:09 +00:00
|
|
|
if (config.serveFilesWithNode) {
|
2020-09-26 21:33:42 +00:00
|
|
|
initServeStaticUploads({
|
2020-11-03 16:53:56 +00:00
|
|
|
setHeaders: (res, path) => {
|
2022-07-03 03:23:55 +00:00
|
|
|
// Override Content-Type header if necessary
|
|
|
|
if (overrideContentTypes) {
|
2020-11-03 16:53:56 +00:00
|
|
|
overrideContentTypes(res, path)
|
|
|
|
}
|
2020-02-11 10:18:04 +00:00
|
|
|
// If using CDN, cache uploads in CDN as well
|
|
|
|
// Use with cloudflare.purgeCache enabled in config file
|
2020-10-30 18:12:09 +00:00
|
|
|
if (config.cacheControl !== 2) {
|
2020-02-11 10:18:04 +00:00
|
|
|
res.set('Cache-Control', cacheControls.cdn)
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2020-02-11 10:18:04 +00:00
|
|
|
}
|
2020-09-26 21:33:42 +00:00
|
|
|
})
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2019-01-05 21:09:47 +00:00
|
|
|
|
2020-02-11 10:18:04 +00:00
|
|
|
// Function for static assets.
|
|
|
|
// This requires the assets to use version in their query string,
|
|
|
|
// as they will be cached by clients for a very long time.
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
setHeaders = res => {
|
2020-02-11 10:18:04 +00:00
|
|
|
res.set('Cache-Control', cacheControls.static)
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
}
|
2017-09-20 06:03:31 +00:00
|
|
|
|
2020-02-11 10:18:04 +00:00
|
|
|
// Consider album ZIPs static as well, since they use version in their query string
|
|
|
|
safe.use(['/api/album/zip'], (req, res, next) => {
|
|
|
|
const versionString = parseInt(req.query.v)
|
2020-10-30 18:12:09 +00:00
|
|
|
if (versionString > 0) {
|
2020-02-11 10:18:04 +00:00
|
|
|
res.set('Cache-Control', cacheControls.static)
|
2020-10-30 18:12:09 +00:00
|
|
|
} else {
|
2020-02-11 10:18:04 +00:00
|
|
|
res.set('Cache-Control', cacheControls.disable)
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2020-02-11 10:18:04 +00:00
|
|
|
next()
|
|
|
|
})
|
|
|
|
} else if (config.serveFilesWithNode) {
|
2022-07-03 03:23:55 +00:00
|
|
|
const opts = {}
|
|
|
|
// Override Content-Type header if necessary
|
|
|
|
if (overrideContentTypes) {
|
|
|
|
opts.setHeaders = overrideContentTypes
|
|
|
|
}
|
|
|
|
initServeStaticUploads(opts)
|
2020-02-11 10:18:04 +00:00
|
|
|
}
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
|
2020-02-11 10:18:04 +00:00
|
|
|
// Static assets
|
2022-07-10 12:46:25 +00:00
|
|
|
const liveDirectoryPublic = initLiveDirectory({ path: paths.public })
|
|
|
|
const liveDirectoryDist = initLiveDirectory({ path: paths.dist })
|
|
|
|
safe.use('/', (req, res, next) => {
|
|
|
|
// Only process GET and HEAD requests
|
|
|
|
if (req.method !== 'GET' && req.method !== 'HEAD') {
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
// Try to find asset from public directory, then dist directory
|
|
|
|
const file = liveDirectoryPublic.get(req.path) || liveDirectoryDist.get(req.path)
|
|
|
|
if (file === undefined) {
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
if (typeof setHeaders === 'function') {
|
|
|
|
setHeaders(res)
|
|
|
|
}
|
|
|
|
return res.type(file.extension).send(file.buffer)
|
|
|
|
})
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
|
2022-07-10 12:46:25 +00:00
|
|
|
// Routes
|
2018-01-23 20:06:30 +00:00
|
|
|
safe.use('/', album)
|
2022-06-28 05:03:49 +00:00
|
|
|
safe.use('/', file)
|
2018-04-12 14:37:42 +00:00
|
|
|
safe.use('/', nojs)
|
2020-11-03 13:56:32 +00:00
|
|
|
safe.use('/', player)
|
2018-01-23 20:06:30 +00:00
|
|
|
safe.use('/api', api)
|
2017-01-14 06:01:23 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
;(async () => {
|
|
|
|
try {
|
2019-10-21 10:49:52 +00:00
|
|
|
// Init database
|
2022-07-10 12:46:25 +00:00
|
|
|
await require('./controllers/utils/initDatabase')(utils.db)
|
2019-10-21 10:49:52 +00:00
|
|
|
|
2022-06-22 07:23:54 +00:00
|
|
|
// Purge any leftover in chunks directory, do not wait
|
|
|
|
paths.purgeChunks()
|
2017-02-06 03:06:33 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
if (!Array.isArray(config.pages) || !config.pages.length) {
|
|
|
|
logger.error('Config file does not have any frontend pages enabled')
|
|
|
|
process.exit(1)
|
|
|
|
}
|
2018-12-20 12:25:41 +00:00
|
|
|
|
2019-09-19 12:10:37 +00:00
|
|
|
// Re-map version strings if cache control is enabled (safe.fiery.me)
|
|
|
|
utils.versionStrings = {}
|
2020-04-29 22:56:28 +00:00
|
|
|
if (config.cacheControl) {
|
2020-10-30 18:12:09 +00:00
|
|
|
for (const type in versions) {
|
2019-09-19 12:10:37 +00:00
|
|
|
utils.versionStrings[type] = `?_=${versions[type]}`
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
|
|
|
if (versions['1']) {
|
2020-04-29 22:56:28 +00:00
|
|
|
utils.clientVersion = versions['1']
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2020-04-29 22:56:28 +00:00
|
|
|
}
|
2019-09-19 12:10:37 +00:00
|
|
|
|
2022-07-10 12:46:25 +00:00
|
|
|
const liveDirectoryCustomPages = initLiveDirectory({
|
|
|
|
path: paths.customPages,
|
|
|
|
keep: ['.html']
|
|
|
|
})
|
|
|
|
|
2020-05-16 20:35:54 +00:00
|
|
|
// Cookie Policy
|
2020-10-30 18:12:09 +00:00
|
|
|
if (config.cookiePolicy) {
|
2020-05-16 20:35:54 +00:00
|
|
|
config.pages.push('cookiepolicy')
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2020-05-16 20:35:54 +00:00
|
|
|
|
2019-09-19 12:10:37 +00:00
|
|
|
// Check for custom pages, otherwise fallback to Nunjucks templates
|
2019-09-08 01:56:29 +00:00
|
|
|
for (const page of config.pages) {
|
2022-07-10 12:46:25 +00:00
|
|
|
// FIXME: Have this update on-the-fly or don't use LiveDirectory
|
|
|
|
const customPage = liveDirectoryCustomPages.get(`${page}.html`)
|
|
|
|
if (customPage) {
|
|
|
|
safe.get(`/${page === 'home' ? '' : page}`, (req, res) => {
|
|
|
|
res.type('html').send(customPage.buffer)
|
|
|
|
})
|
2020-10-30 18:12:09 +00:00
|
|
|
} else if (page === 'home') {
|
2022-07-10 12:46:25 +00:00
|
|
|
safe.get('/', (req, res) => res.render(page, {
|
2022-06-29 06:58:09 +00:00
|
|
|
config, utils, versions: utils.versionStrings
|
2019-09-19 12:10:37 +00:00
|
|
|
}))
|
2020-10-30 18:12:09 +00:00
|
|
|
} else {
|
2022-07-10 12:46:25 +00:00
|
|
|
safe.get(`/${page}`, (req, res) => res.render(page, {
|
2022-06-29 06:58:09 +00:00
|
|
|
config, utils, versions: utils.versionStrings
|
2019-09-19 12:10:37 +00:00
|
|
|
}))
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2019-09-08 01:56:29 +00:00
|
|
|
}
|
|
|
|
|
2022-07-10 12:46:25 +00:00
|
|
|
// Web server error handlers (must always be set after all routes/routers)
|
|
|
|
const errorsController = require('./controllers/errorsController')
|
|
|
|
safe.set_not_found_handler(errorsController.handlerNotFound)
|
|
|
|
safe.set_error_handler(errorsController.handlerError)
|
2018-09-01 20:37:26 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
// Git hash
|
|
|
|
if (config.showGitHash) {
|
|
|
|
utils.gitHash = await new Promise((resolve, reject) => {
|
|
|
|
require('child_process').exec('git rev-parse HEAD', (error, stdout) => {
|
|
|
|
if (error) return reject(error)
|
|
|
|
resolve(stdout.replace(/\n$/, ''))
|
|
|
|
})
|
2018-09-20 11:41:17 +00:00
|
|
|
})
|
2019-09-08 01:56:29 +00:00
|
|
|
logger.log(`Git commit: ${utils.gitHash}`)
|
|
|
|
}
|
2018-09-20 11:41:17 +00:00
|
|
|
|
2020-10-31 23:35:56 +00:00
|
|
|
// ClamAV scanner
|
2019-09-08 01:56:29 +00:00
|
|
|
if (config.uploads.scan && config.uploads.scan.enabled) {
|
2020-10-31 23:35:56 +00:00
|
|
|
if (!config.uploads.scan.clamOptions) {
|
2021-01-08 02:20:00 +00:00
|
|
|
logger.error('Missing object config.uploads.scan.clamOptions (check config.sample.js)')
|
|
|
|
process.exit(1)
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2022-04-22 21:44:01 +00:00
|
|
|
utils.scan.instance = await new NodeClam().init(config.uploads.scan.clamOptions)
|
|
|
|
utils.scan.version = await utils.scan.instance.getVersion().then(s => s.trim())
|
|
|
|
logger.log(`Connection established with ${utils.scan.version}`)
|
2019-09-08 01:56:29 +00:00
|
|
|
}
|
2019-08-20 02:16:34 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
// Cache file identifiers
|
|
|
|
if (config.uploads.cacheFileIdentifiers) {
|
2022-06-03 21:21:56 +00:00
|
|
|
utils.idSet = await utils.db.table('files')
|
2019-09-08 01:56:29 +00:00
|
|
|
.select('name')
|
|
|
|
.then(rows => {
|
|
|
|
return new Set(rows.map(row => row.name.split('.')[0]))
|
|
|
|
})
|
|
|
|
logger.log(`Cached ${utils.idSet.size} file identifiers`)
|
2019-08-20 02:16:34 +00:00
|
|
|
}
|
2018-09-01 20:37:26 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
// Binds Express to port
|
2022-07-10 12:46:25 +00:00
|
|
|
await safe.listen(utils.conf.port)
|
2022-06-22 06:27:38 +00:00
|
|
|
logger.log(`lolisafe started on port ${utils.conf.port}`)
|
2019-01-09 10:11:45 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
// Cache control (safe.fiery.me)
|
2020-02-11 10:18:04 +00:00
|
|
|
// Purge Cloudflare cache
|
2020-10-30 18:12:09 +00:00
|
|
|
if (config.cacheControl && config.cacheControl !== 2) {
|
2019-09-19 12:10:37 +00:00
|
|
|
if (config.cloudflare.purgeCache) {
|
|
|
|
logger.log('Cache control enabled, purging Cloudflare\'s cache...')
|
2020-02-11 10:18:04 +00:00
|
|
|
const results = await utils.purgeCloudflareCache(cdnPages)
|
2019-09-19 12:10:37 +00:00
|
|
|
let errored = false
|
|
|
|
let succeeded = 0
|
|
|
|
for (const result of results) {
|
|
|
|
if (result.errors.length) {
|
|
|
|
if (!errored) errored = true
|
|
|
|
result.errors.forEach(error => logger.log(`[CF]: ${error}`))
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
succeeded += result.files.length
|
2019-01-31 09:36:16 +00:00
|
|
|
}
|
2020-10-30 18:12:09 +00:00
|
|
|
if (!errored) {
|
2019-09-19 12:10:37 +00:00
|
|
|
logger.log(`Successfully purged ${succeeded} cache`)
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2019-09-19 12:10:37 +00:00
|
|
|
} else {
|
|
|
|
logger.log('Cache control enabled without Cloudflare\'s cache purging')
|
2019-01-31 09:36:16 +00:00
|
|
|
}
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2019-01-09 10:11:45 +00:00
|
|
|
|
2022-05-06 19:17:31 +00:00
|
|
|
// Initiate internal periodical check ups of temporary uploads if required
|
|
|
|
if (utils.retentions && utils.retentions.enabled && config.uploads.temporaryUploadsInterval > 0) {
|
2019-09-08 01:56:29 +00:00
|
|
|
let temporaryUploadsInProgress = false
|
|
|
|
const temporaryUploadCheck = async () => {
|
2020-10-30 18:12:09 +00:00
|
|
|
if (temporaryUploadsInProgress) return
|
2019-09-08 01:56:29 +00:00
|
|
|
|
|
|
|
temporaryUploadsInProgress = true
|
2020-05-26 18:18:25 +00:00
|
|
|
try {
|
2022-05-06 19:01:33 +00:00
|
|
|
const result = await utils.bulkDeleteExpired(false, isDevMode)
|
|
|
|
|
|
|
|
if (result.expired.length || result.failed.length) {
|
|
|
|
if (isDevMode) {
|
2022-06-28 04:48:22 +00:00
|
|
|
let logMessage = `Expired uploads (${result.expired.length}): ${result.expired.map(_file => _file.name).join(', ')}`
|
2022-05-06 19:01:33 +00:00
|
|
|
if (result.failed.length) {
|
2022-06-28 04:48:22 +00:00
|
|
|
logMessage += `\nErrored (${result.failed.length}): ${result.failed.map(_file => _file.name).join(', ')}`
|
2022-05-06 19:01:33 +00:00
|
|
|
}
|
|
|
|
logger.debug(logMessage)
|
|
|
|
} else {
|
|
|
|
let logMessage = `Expired uploads: ${result.expired.length} deleted`
|
|
|
|
if (result.failed.length) {
|
|
|
|
logMessage += `, ${result.failed.length} errored`
|
|
|
|
}
|
|
|
|
logger.log(logMessage)
|
2020-10-30 18:12:09 +00:00
|
|
|
}
|
2020-05-26 18:18:25 +00:00
|
|
|
}
|
|
|
|
} catch (error) {
|
|
|
|
// Simply print-out errors, then continue
|
|
|
|
logger.error(error)
|
2019-09-08 01:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
temporaryUploadsInProgress = false
|
|
|
|
}
|
|
|
|
|
2020-05-16 14:45:14 +00:00
|
|
|
temporaryUploadCheck()
|
|
|
|
setInterval(temporaryUploadCheck, config.uploads.temporaryUploadsInterval)
|
2019-09-08 01:56:29 +00:00
|
|
|
}
|
|
|
|
|
2019-01-01 05:34:16 +00:00
|
|
|
// NODE_ENV=development yarn start
|
2022-04-16 14:37:17 +00:00
|
|
|
if (isDevMode) {
|
2022-05-06 18:35:07 +00:00
|
|
|
const { inspect } = require('util')
|
2018-12-18 17:41:42 +00:00
|
|
|
// Add readline interface to allow evaluating arbitrary JavaScript from console
|
2022-05-06 18:35:07 +00:00
|
|
|
require('readline').createInterface({
|
|
|
|
input: process.stdin
|
2018-12-18 17:41:42 +00:00
|
|
|
}).on('line', line => {
|
|
|
|
try {
|
2020-10-30 18:12:09 +00:00
|
|
|
if (line === 'rs') return
|
|
|
|
if (line === '.exit') return process.exit(0)
|
2018-12-18 17:41:42 +00:00
|
|
|
// eslint-disable-next-line no-eval
|
2022-05-06 18:35:07 +00:00
|
|
|
const evaled = eval(line)
|
|
|
|
process.stdout.write(`${typeof evaled === 'string' ? evaled : inspect(evaled)}\n`)
|
2018-12-18 17:41:42 +00:00
|
|
|
} catch (error) {
|
2022-05-06 18:35:07 +00:00
|
|
|
process.stderr.write(`${error.stack}\n`)
|
2018-12-18 17:41:42 +00:00
|
|
|
}
|
|
|
|
}).on('SIGINT', () => {
|
|
|
|
process.exit(0)
|
|
|
|
})
|
2022-05-06 18:35:07 +00:00
|
|
|
logger.log(utils.stripIndents(`!!! DEVELOPMENT MODE !!!
|
|
|
|
[=] Nunjucks will auto rebuild (not live reload)
|
|
|
|
[=] HTTP rate limits disabled
|
|
|
|
[=] Readline interface enabled (eval arbitrary JS input)`))
|
2018-10-09 19:52:41 +00:00
|
|
|
}
|
2019-09-08 01:56:29 +00:00
|
|
|
} catch (error) {
|
|
|
|
logger.error(error)
|
|
|
|
process.exit(1)
|
|
|
|
}
|
|
|
|
})()
|