2017-01-13 07:48:18 +00:00
module . exports = {
2018-01-23 20:06:30 +00:00
/ *
If set to true the user will need to specify the auto - generated token
2018-03-24 19:47:41 +00:00
on each API call , meaning random strangers won ' t be able to use the service
2018-04-04 16:47:20 +00:00
unless they have the token lolisafe provides you with .
2018-01-23 20:06:30 +00:00
If it ' s set to false , then upload will be public for anyone to use .
* /
private : true ,
2018-05-09 08:41:30 +00:00
/ *
If true , users will be able to create accounts and access their uploaded files .
* /
2018-01-23 20:06:30 +00:00
enableUserAccounts : true ,
/ *
Here you can decide if you want lolisafe to serve the files or if you prefer doing so via nginx .
The main difference between the two is the ease of use and the chance of analytics in the future .
If you set it to ` true ` , the uploaded files will be located after the host like :
https : //lolisafe.moe/yourFile.jpg
If you set it to ` false ` , you need to set nginx to directly serve whatever folder it is you are serving your
downloads in . This also gives you the ability to serve them , for example , like this :
https : //files.lolisafe.moe/yourFile.jpg
Both cases require you to type the domain where the files will be served on the ` domain ` key below .
Which one you use is ultimately up to you .
* /
serveFilesWithNode : false ,
domain : 'https://lolisafe.moe' ,
2018-02-07 06:45:18 +00:00
/ *
If you are serving your files with a different domain than your lolisafe homepage ,
2018-12-20 11:53:37 +00:00
then fill this option with your lolisafe homepage , otherwise any falsy value .
2018-04-18 21:00:36 +00:00
This will be used when listing album links in the dashboard .
2018-02-07 06:45:18 +00:00
* /
2018-04-18 21:00:36 +00:00
homeDomain : null ,
2018-02-07 06:45:18 +00:00
2018-05-09 08:41:30 +00:00
/ *
Port on which to run the server .
* /
2018-01-23 20:06:30 +00:00
port : 9999 ,
2018-05-09 08:41:30 +00:00
/ *
Pages to process for the frontend .
* /
2018-01-23 20:06:30 +00:00
pages : [ 'home' , 'auth' , 'dashboard' , 'faq' ] ,
2018-04-25 13:16:34 +00:00
/ *
2018-12-20 11:53:37 +00:00
This can be either 'blacklist' or 'whitelist' , which should be self - explanatory .
When this is set to neither , this will fallback to 'blacklist' .
2018-04-25 13:16:34 +00:00
* /
2018-12-20 11:53:37 +00:00
extensionsFilterMode : 'blacklist' ,
2018-04-25 13:16:34 +00:00
extensionsFilter : [
2018-12-20 11:53:37 +00:00
'.bash_profile' ,
'.bash' ,
'.bashrc' ,
'.bat' ,
'.bsh' ,
'.cmd' ,
'.com' ,
'.csh' ,
2018-01-23 20:06:30 +00:00
'.exe' ,
2018-09-22 14:04:07 +00:00
'.exec' ,
2018-12-20 11:53:37 +00:00
'.jar' ,
2018-03-15 07:54:14 +00:00
'.msi' ,
2018-06-06 01:51:53 +00:00
'.nt' ,
2018-12-20 11:53:37 +00:00
'.profile' ,
2018-03-15 07:54:14 +00:00
'.ps1' ,
2018-06-06 01:51:53 +00:00
'.psm1' ,
2018-12-20 11:53:37 +00:00
'.scr' ,
'.sh'
2018-01-23 20:06:30 +00:00
] ,
2018-11-28 17:52:12 +00:00
/ *
If set to true , files with no extensions will always be rejected .
* /
filterNoExtension : false ,
2018-12-20 11:53:37 +00:00
/ *
If set to true , files with zero bytes size will always be rejected .
NOTE : Even if the files only contain whitespaces , as long as they aren ' t
zero bytes , they will be accepted .
* /
filterEmptyFile : true ,
2018-09-20 11:41:17 +00:00
/ *
Show hash of the current git commit in homepage .
* /
showGitHash : false ,
/ *
Path to error pages . Only 404 and 500 will be used .
2018-12-20 11:53:37 +00:00
NOTE : rootDir can either be relative or absolute path .
2018-09-20 11:41:17 +00:00
* /
errorPages : {
rootDir : './pages/error' ,
404 : '404.html' ,
500 : '500.html'
} ,
2018-12-20 11:53:37 +00:00
/ *
Trust proxy .
Only enable if you are running this behind a proxy like Cloudflare , Incapsula , etc .
* /
trustProxy : true ,
2019-06-03 19:40:24 +00:00
/ *
Rate limits .
Please be aware that these apply to all users , including site owners .
https : //github.com/nfriedly/express-rate-limit#configuration-options
* /
rateLimits : [
{
2019-06-03 19:43:54 +00:00
// 2 requests in 5 seconds
2019-06-03 19:40:24 +00:00
routes : [
'/api/login/' ,
'/api/register'
] ,
config : {
windowMs : 5 * 1000 ,
max : 2
}
} ,
{
2019-06-03 19:43:54 +00:00
// 2 requests in 30 seconds
2019-06-03 19:40:24 +00:00
routes : [
'/api/album/zip'
] ,
config : {
windowMs : 30 * 1000 ,
2019-06-18 21:04:14 +00:00
max : 2
2019-06-03 19:40:24 +00:00
}
}
] ,
2018-05-09 08:41:30 +00:00
/ *
Uploads config .
* /
2018-01-23 20:06:30 +00:00
uploads : {
2018-05-09 08:41:30 +00:00
/ *
2018-12-20 11:53:37 +00:00
Folder where files should be stored .
2018-05-09 08:41:30 +00:00
* /
2018-01-23 20:06:30 +00:00
folder : 'uploads' ,
/ *
2018-05-09 08:41:30 +00:00
Max file size allowed . Needs to be in MB .
2018-12-20 11:53:37 +00:00
NOTE : When maxSize is greater than 1 MiB and using nginx as reverse proxy ,
2018-12-04 11:58:53 +00:00
you must set client _max _body _size to the same as maxSize .
https : //nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
2018-01-23 20:06:30 +00:00
* /
maxSize : '512MB' ,
2018-05-11 14:34:13 +00:00
/ *
Max file size allowed for upload by URLs . Needs to be in MB .
2018-12-20 11:53:37 +00:00
NOTE : Set to falsy value to disable upload by URLs .
2018-05-11 14:34:13 +00:00
* /
urlMaxSize : '32MB' ,
2018-12-20 11:53:37 +00:00
/ *
Proxy URL uploads .
NOTE : Set to falsy value to disable .
Available templates :
{ url } = full URL ( encoded & with protocol )
{ url - noprot } = URL without protocol ( images . weserv . nl prefers this format )
Example :
https : //images.weserv.nl/?url={url-noprot}
will become :
2019-04-11 15:27:45 +00:00
https : //images.weserv.nl/?url=example.com%2Fassets%2Fimage.png
2018-12-20 11:53:37 +00:00
* /
2019-04-11 15:27:45 +00:00
urlProxy : 'https://proxy.duckduckgo.com/iu/?u={url}' ,
2018-12-20 11:53:37 +00:00
/ *
2019-04-11 15:27:45 +00:00
Disclaimer message that will be printed underneath the URL uploads form .
Supports HTML . Be safe though .
2018-12-20 11:53:37 +00:00
* /
2019-04-11 15:27:45 +00:00
urlDisclaimerMessage : 'URL uploads are being proxied by <a href="https://duckduckgo.com/" target="_blank" rel="noopener">DuckDuckGo</a>. The proxy can only process direct links, and generally it can only proxy images.' ,
2018-12-20 11:53:37 +00:00
/ *
2019-04-11 15:27:45 +00:00
Filter mode for URL uploads .
Can be 'blacklist' , 'whitelist' , or 'inherit' .
'inherit' => inherit primary extensions filter ( extensionsFilter option ) .
The rest are paired with urlExtensionsFilter option below and should be self - explanatory .
When this is not set to any of the 3 values , this will fallback to 'inherit' .
2018-12-20 11:53:37 +00:00
* /
2019-04-11 15:27:45 +00:00
urlExtensionsFilterMode : 'inherit' ,
2018-12-20 11:53:37 +00:00
/ *
2019-04-11 15:27:45 +00:00
Mainly intended for URL proxies that only support certain extensions .
This will parse the extensions from the URLs , so URLs that do not end with
the file ' s extensions will always be rejected .
Queries and segments in the URLs will be bypassed .
NOTE : Can not be empty when using either 'blacklist' or 'whitelist' mode .
2018-12-20 11:53:37 +00:00
* /
2019-04-11 15:27:45 +00:00
urlExtensionsFilter : [ ] ,
2018-12-20 11:53:37 +00:00
2019-09-08 01:56:29 +00:00
/ *
An array of allowed ages for uploads ( in hours ) .
Default age will be the value at the very top of the array .
If the array is populated but do not have a zero value ,
permanent uploads will be rejected .
This only applies to new files uploaded after enabling the option .
If the array is empty or is set to falsy value , temporary uploads
feature will be disabled , and all uploads will be permanent ( original behavior ) .
When temporary uploads feature is disabled , any existing temporary uploads
will not ever be automatically deleted , since the safe will not start the
periodical checkup task .
* /
temporaryUploadAges : [
0 , // permanent
1 / 60 * 15 , // 15 minutes
1 / 60 * 30 , // 30 minutes
1 , // 1 hour
6 , // 6 hours
12 , // 12 hours
24 , // 24 hours (1 day)
168 // 168 hours (7 days)
] ,
/ *
Interval of the periodical check up tasks for temporary uploads ( in milliseconds ) .
NOTE : Set to falsy value if you prefer to use your own external script .
* /
temporaryUploadsInterval : 1 * 60000 , // 1 minute
2018-09-01 20:37:26 +00:00
/ *
2018-09-04 16:11:20 +00:00
Scan files using ClamAV through clamd .
2018-09-01 20:37:26 +00:00
* /
2018-09-04 16:11:20 +00:00
scan : {
enabled : false ,
ip : '127.0.0.1' ,
2019-04-18 09:06:14 +00:00
port : 3310 ,
timeout : 180 * 1000 ,
chunkSize : 64 * 1024
2018-09-04 16:11:20 +00:00
} ,
2018-09-01 20:37:26 +00:00
2019-06-04 00:57:37 +00:00
/ *
Store uploader ' s IPs into the database .
NOTE : Dashboard ' s Manage Uploads will display IP column regardless of whether
this is set to true or false .
* /
storeIP : true ,
2018-03-28 11:36:28 +00:00
/ *
2018-05-09 08:41:30 +00:00
Chunk size for chunk uploads . Needs to be in MB .
2018-04-25 13:16:34 +00:00
If this is enabled , every files uploaded from the homepage uploader will forcibly be chunked
by the size specified in "chunkSize" . People will still be able to upload bigger files with
the API as long as they don ' t surpass the limit specified in the "maxSize" option above .
Total size of the whole chunks will also later be checked against the "maxSize" option .
2018-12-20 11:53:37 +00:00
NOTE : Set to falsy value to disable chunked uploads .
2018-03-28 11:36:28 +00:00
* /
2018-05-09 08:41:30 +00:00
chunkSize : '10MB' ,
2018-03-28 11:36:28 +00:00
2018-03-24 13:52:47 +00:00
/ *
2018-12-04 11:58:53 +00:00
The length of the randomly generated identifier for uploaded files .
2019-09-08 02:28:13 +00:00
If "force" is set to true , files will always use "default" .
2018-03-24 13:52:47 +00:00
* /
2019-09-08 02:28:13 +00:00
fileIdentifierLength : {
2018-03-24 13:52:47 +00:00
min : 4 ,
max : 32 ,
2019-09-08 02:28:13 +00:00
default : 8 ,
force : false
2018-03-24 13:52:47 +00:00
} ,
2018-01-23 20:06:30 +00:00
2018-12-04 11:58:53 +00:00
/ *
Cache file identifiers .
2018-12-08 00:38:12 +00:00
They will be used for stricter collision checks , such that a single identifier
2018-12-04 11:58:53 +00:00
may not be used by more than a single file ( e . i . if "abcd.jpg" already exists , a new PNG
file may not be named as "abcd.png" ) .
2019-09-08 01:56:29 +00:00
If this is enabled , the safe will query files from the database during first launch ,
parse their names , then cache the identifiers into memory .
Its downside is that it will use a bit more memory .
2018-12-04 11:58:53 +00:00
2018-12-08 00:38:12 +00:00
If this is disabled , collision check will become less strict .
As in , the same identifier may be used by multiple different extensions ( e . i . if "abcd.jpg"
already exists , new files can be possibly be named as "abcd.png" , "abcd.mp4" , etc ) .
Its downside will be , in the rare chance that multiple image / video files are sharing the same
identifier , they will end up with the same thumbnail in dashboard , since thumbnails will
only be saved as PNG in storage ( e . i . "abcd.jpg" and "abcd.png" will share a single thumbnail
named "abcd.png" in thumbs directory , in which case , the file that ' s uploaded the earliest will
be the source for the thumbnail ) .
2018-12-04 11:58:53 +00:00
2018-12-08 00:38:12 +00:00
Unless you do not use thumbnails , it is highly recommended to enable this feature .
2018-12-04 11:58:53 +00:00
* /
cacheFileIdentifiers : true ,
2018-05-09 08:41:30 +00:00
/ *
The length of the randomly generated identifier for albums .
* /
2018-04-28 17:29:47 +00:00
albumIdentifierLength : 8 ,
2018-03-18 13:13:08 +00:00
/ *
2018-04-28 17:29:47 +00:00
This option will limit how many times it will try to
2018-12-20 12:01:30 +00:00
generate a new random name when a collision occurs .
2018-12-20 11:53:37 +00:00
Generally , the shorter the length is , the higher the chance for a collision to occur .
2018-12-04 11:58:53 +00:00
This applies to both file name and album identifier .
2018-04-28 17:29:47 +00:00
* /
2018-12-20 11:53:37 +00:00
maxTries : 3 ,
2018-03-18 13:13:08 +00:00
2018-01-23 20:06:30 +00:00
/ *
2018-12-20 11:53:37 +00:00
Thumbnails are only used in the dashboard and album ' s public pages .
2018-12-03 07:20:13 +00:00
You need to install a separate binary called ffmpeg ( https : //ffmpeg.org/) for video thumbnails.
2019-08-23 09:49:53 +00:00
NOTE : Placeholder defaults to 'public/images/unavailable.png' .
2018-01-23 20:06:30 +00:00
* /
2018-05-09 08:41:30 +00:00
generateThumbs : {
2018-03-24 13:52:47 +00:00
image : true ,
2019-08-23 09:49:53 +00:00
video : false ,
placeholder : null
2018-03-24 13:52:47 +00:00
} ,
2018-01-23 20:06:30 +00:00
/ *
2018-12-04 11:58:53 +00:00
Allow users to download a ZIP archive of all files in an album .
2018-01-23 20:06:30 +00:00
The file is generated when the user clicks the download button in the view
2018-04-27 03:27:34 +00:00
and is re - used if the album has not changed between download requests .
2018-01-23 20:06:30 +00:00
* /
2019-07-17 23:22:47 +00:00
generateZips : true ,
/ *
JSZip ' s options to use when generating album ZIPs .
https : //stuk.github.io/jszip/documentation/api_jszip/generate_async.html
NOTE : Changing this option will not re - generate existing ZIPs .
* /
jsZipOptions : {
streamFiles : true ,
compression : 'DEFLATE' ,
compressionOptions : {
level : 1
}
}
2018-05-09 08:41:30 +00:00
} ,
/ *
Cloudflare support .
* /
cloudflare : {
/ *
No - JS uploader page will not chunk the uploads , so it ' s recommended to change this
into the maximum upload size you have in Cloudflare .
This limit will only be applied to the subtitle in the page .
2018-12-20 11:53:37 +00:00
NOTE : Set to falsy value to inherit "maxSize" option .
2018-05-09 08:41:30 +00:00
* /
noJsMaxSize : '100MB' ,
/ *
2018-12-04 11:58:53 +00:00
If you have a Page Rule in Cloudflare to cache everything in the album zip
API route ( homeDomain / api / album / zip / * ) , with this option you can limit the
2018-05-09 08:41:30 +00:00
maximum total size of files in an album that can be zipped .
Cloudflare will not cache files bigger than 512 MB .
2018-12-20 11:53:37 +00:00
NOTE : Set to falsy value to disable max total size .
2018-05-09 08:41:30 +00:00
* /
2018-05-09 09:53:27 +00:00
zipMaxTotalSize : '512MB' ,
/ *
2018-12-04 11:58:53 +00:00
If you want to make it automatically call Cloudflare ' s API to purge cache on file delete ,
fill your API key , email and your site ' s zone ID below , then set "purgeCache" to true .
2018-05-09 09:53:27 +00:00
This will only purge cache of the deleted file and its associated thumb .
* /
apiKey : '' ,
email : '' ,
zoneId : '' ,
purgeCache : false
2018-01-23 20:06:30 +00:00
} ,
2019-01-05 21:09:47 +00:00
/ *
ADVANCED : Use safe . fiery . me - exclusive cache control .
This will only work properly with certain settings in nginx reverse proxy and Cloudflare .
Do NOT enable unless you know what you are doing .
* /
cacheControl : false ,
2018-05-09 08:41:30 +00:00
/ *
Folder where to store logs .
2018-12-04 11:58:53 +00:00
NOTE : This is currently unused .
2018-05-09 08:41:30 +00:00
* /
2018-01-23 20:06:30 +00:00
logsFolder : 'logs' ,
2018-05-09 08:41:30 +00:00
/ *
The following values shouldn ' t be touched , unless you know what you are doing .
* /
2018-01-23 20:06:30 +00:00
database : {
client : 'sqlite3' ,
connection : { filename : './database/db' } ,
useNullAsDefault : true
}
}