Commit Graph

94 Commits

Author SHA1 Message Date
Bobby Wibowo
41fb14e865
Added system & node uptime to Statistics menu
src/js/misc/utils.js: Added page.getPrettyUptime().

Updated dependency:
helmet: 3.23.3 -> 4.1.0

lolisafe.js: Disabled CSP by default.
Since helmet 4, CSP would instead be enabled by default.
2020-08-22 01:35:30 +07:00
Bobby Wibowo
52bc0a7db2
Updated some dependencies
knex: 0.21.2 -> 0.21.5
systeminformation: 4.26.10 -> 4.26.11

browserslist: 4.13.0 -> 4.14.0
gulp-terser: 1.2.1 -> 1.3.2
2020-08-22 01:01:22 +07:00
Bobby Wibowo
34d3601c30
Transitioned styling to Sass
Added new dev dependencies:
bulma, gulp-sass, node-sass

Updated some dependencies

Various other things related to styling

Bumped v1 version string and rebuilt client assets
2020-07-28 21:47:48 +07:00
Bobby Wibowo
63330bdc3f
sqlite3/node-addon-api 2.0.0 -> 2.0.1 2020-07-19 19:03:07 +07:00
Bobby Wibowo
a200f81fd5
Updated dependencies
Rebuilt client assets and bumped v1 version string
2020-07-19 18:23:33 +07:00
Bobby Wibowo
2edb7f8bab
Updated dependencies
Bumped v1 version string and rebuilt client assets
2020-07-02 15:16:13 +07:00
Bobby Wibowo
e552017bfb
Change deps versions from major to minor ranges
Since I'd usually test for new versions of dependencies anyway, only
minor version updates that I personally support for self-update.
2020-06-20 00:17:16 +07:00
Bobby Wibowo
4aeb364d0d
Upgraded all dependencies
Consult package.json
2020-06-18 03:46:27 +07:00
Bobby Wibowo
e7fc354729
Updated dependencies
systeminformation: 4.26.4 -> 4.26.5
As always, full upgrade. So some sub-dependencies were updated as well.
2020-05-29 02:58:56 +07:00
Bobby Wibowo
62a977542e
Switched to BLAKE3 for file hashing [MORE]
UPDATE YOUR CONFIG FILE IF YOU USE CHUNKED UPLOADS!
Read more about this at the end.

Added new dependency: blake3

Hashes will be created as the uploads are being written to disk.
With exception for chunked uploads!
For them specifically, their hashes will be created as they're being
rebuilt into a single file.
Should still be a lot better than the previous case where it had to
re-read the already written files.

To support that feature, added a new file
controllers/multerStorageController.js.
It's just a custom storage engine for Multer.

chunkSize option now allows setting max chunk size from config file.
Previously it was hardcoded to 95MB, but assuming you have paid
Cloudflare plans, you can actually have up to 500MB.

Also moved the option to be after maxSize and before urlMaxSize.
Made a lot more sense to me this way, as chunked uploads only work on
regular uploads.

Updated v1 version string and rebuilt client assets.
2020-05-29 02:52:58 +07:00
Bobby Wibowo
feef65a165
Updated dependencies
systeminformation: 4.26.1 -> 4.26.4
eslint-plugin-compat: 3.6.0 -> 3.7.0
gulp-cli: 2.2.0 -> 2.2.1
2020-05-27 01:12:56 +07:00
Bobby Wibowo
559670bd83
Updated dependencies
Added SQLite's WAL files to .gitignore
2020-05-19 23:46:23 +07:00
Bobby Wibowo
9c56dd327a
Updated dependencies
systeminformation: 4.23.9 -> 4.26.1
eslint-plugin-compat: 3.5.1 -> 3.6.0

Renamed all .eslintrc.json to .eslintrc.js.

Removed unnecessary init for missing params in favor of default params.
Buble will take care of compiling that for old browsers.

Bumped ecmaVersion for client JS from 6 (2015) to 7 (2016).
Buble should support compiling ES2016 features as well.

Properly deny some actions when an online section is still loading.

Properly apply progress cursor on items/buttons that shouldn't be used
while an online section is still loading.

Bumped v1 version string and rebuilt client assets.
2020-05-17 00:11:10 +07:00
Bobby Wibowo
ee443b5108
Updated dependencies
express-rate-limit: 5.1.1 -> 5.1.3
systeminformation: 4.23.8 -> 4.23.9
2020-04-30 05:58:47 +07:00
Bobby Wibowo
ff54f088bd
Added client assets update detection
/api/check and /api/token/verify will now pass along v1 version string
if used (when config.cacheControl is used) for both home.js and
dashboard.js to use to compare version strings.
This should help notify users using browsers with a bit more overbearing
caching (generally mobile browsers).

Rebuilt client assets and bumped v1 version string

Slight update to yarn.lock (a small syntax change for node-gyp, idk why)
2020-04-30 05:56:28 +07:00
Bobby Wibowo
4759995ff3
Updated README.md
Updated screenshot.

Edited claim about node 12 not being tested, as I've tested it.
Couldn't find any issues.

Added a new section about updating when you have modified some files.

Rephrased ClamAV support section a bit.

Updated dependencies:
knex: 0.21.0 -> 0.21.1

Rebuilt yarn.lock file with node 12.
Nothing significant really changed.
Things seem to be backward compatible to node 10.
2020-04-29 13:31:13 +07:00
Bobby Wibowo
e73514b62e
Updated dependencies
sqlite3: 4.1.1 -> 4.2.0
systeminformation: 4.23.5 -> 4.23.8
stylelint: 13.3.1 -> 13.3.1
2020-04-28 06:10:25 +07:00
Bobby Wibowo
8932615fbb
Updated dependencies
Updated README.md to emphasize Node 10.x is the oldest supported version
and that Node 12.x have NOT been tested.

I'll work on testing Node 12.x in the near future though!
2020-04-21 17:12:00 +07:00
Bobby Wibowo
3e3878b93c
Massively overhauled uploads filtering endpoint
Please consult the Help? button again to learn all the syntax changes!
The prompt will now also have its width expanded!

Updated dependency, knex: 0.20.13 -> 0.20.15.

Added new dependency: search-query-parser.

Updated all sub-dependencies.

Critical? Admins-only API /users/edit will no longer return NEW password
salt of the user when randomizing their password.

Added page.escape() function to js/misc/utils.js.
This will be used to escape input in upload filters input box.
The same function used in utilsController.js.

Pretty dates will now use / instead of - for date separator.
This is due to the fact that date range key for filtering uploads
can not accepts dates with - separator.
To avoid inconsistency, we will now use / separator.

Caching system of album public pages will now be disabled during
development (yarn develop).

Cleaned up domClick() function in js/dashboard.js.

If using date or expiry range keys when filtering uploads, attach
client's timezone offset to the API requets.
This will be used by the server to calculate timezone differences.

Success prompt when changing token will now auto-close.

Removed ID column from Manage Users.

Improved success prompt when editing users.
This will properly list all of the edited fields at once,
excluding user group change.
Success message for user group change will require a bit more changes
on the API endpoint, which is a bit annoying.

Rebuilt client-side assets and bumped v1 version string.
2020-04-19 02:52:11 +07:00
Bobby Wibowo
e5041a6d0b
Updated dependencies
systeminformation: 4.23.1 -> 4.23.3
stylelint: 13.3.0 -> 13.3.1

Rebuilt client assets. Affected file:
dist/js/dashboard.js.map

Bumped v1 version string.
2020-04-12 15:29:14 +07:00
Bobby Wibowo
f534ac2e4d
Updated all dependencies
Updated lolisafe.js
2020-04-04 22:08:37 +07:00
Bobby Wibowo
6741798085
Updated all dependencies 2020-03-24 15:06:54 +07:00
Bobby Wibowo
3a787ade65
Dropped support for Node 8, and more
Updated all dependencies.

Some latest version of dependencies such as bcrypt and sharp
requires Node 10+.

Updated fontello.css to uses latest version string from versions.js.
When updating version strings in commit
2670db269d, I forgot to rebuild this css.
2020-03-10 00:10:36 +07:00
Bobby Wibowo
2670db269d
Updated dependency systeminformation
And bumped all version strings to update latest cache control.
2020-02-11 17:20:43 +07:00
Bobby Wibowo
c0fc463595
Updated all dependencies
Rebuilt all CSS assets, not sure why.
Probably due to browserslist being updated?

While I was as it, I also updated safe.fiery.me's node version to
10.19.0.
2020-02-09 16:42:08 +07:00
Bobby Wibowo
eee024e0ca
Updated all dependencies 2020-01-11 02:14:23 +07:00
Bobby Wibowo
32e4f8a71c
Upgraded dependencies
knex: 0.20.3 -> 0.20.4
sharp: 0.23.3 -> 0.23.4
sqlite3: 4.1.0 -> 4.1.1

Upgraded dev dependencies:

browserslist: 4.7.3 -> 4.8.2
eslint: 6.7.1 -> 6.7.2
2019-12-08 15:25:26 +07:00
Bobby Wibowo
337a0a61ff
Implemented parallel URL uploads
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.

I figured this is a better implementation to shift queues faster.

---

Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.

Clients will also see better formatted error message for URL uploads'
file size limit errors.

---

Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0

Bumped v1 version string
2019-11-29 17:42:29 +07:00
Bobby Wibowo
ec7c160f31
Fixed uploads timing out without error after 30 s
As it turns out, Dropzone had a built-in timeout of 30 seconds.
There'll be no timeout now (thus respecting timeout settings of the
server and/or CDN).

While I was at it, I also refactored the bits for initializing Dropzone.

Also added a hacky method to handle Dropzone timeout,
in case someone wants to re-enable that.
"Hacky" due to lack of Dropzone's built-in timeout event handler.

Updated dev dependency:
eslint: 6.6.0 -> 6.7.1
2019-11-25 15:18:14 +07:00
Bobby Wibowo
5207df6123
Updated dependencies
bcrypt: 3.0.6 -> 3.0.7
knex: 0.20.1 -> 0.20.2
sharp: 0.23.2 -> 0.23.3

Dev dependency:
browserslist: 4.7.2 -> 4.7.3

As always, this was a full upgrade, so sub-dependencies were also
upgraded if applicable (more details in yarn.lock).

I noticed stylelint also got updated to v12, but I will be postponing
that till gulp-stylelint updates its peer dependency requirement.
2019-11-20 20:16:37 +07:00
Bobby Wibowo
d5cd5b7b5b
Updated
Uploads thumbs view (dashboard) will no longer use smooth scrolling on
page change, etc.
This used to cause all thumbs to be loaded anyway when navigating with
its bottom pagination bar.

Bumped v1 version string.

---

Updated dependency:
systeminformation: 4.14.17 -> 4.15.3
2019-11-13 13:21:36 +07:00
Bobby Wibowo
a28d862c14
Added group bypass to virus scanning
Also better-ish scan results handling again, I guess

Updated dependency knex: 0.20.0 -> 0.20.1
2019-11-06 03:35:04 +07:00
Bobby Wibowo
8f48889c90
Updated dependencies 2019-10-29 05:37:25 +07:00
Bobby Wibowo
36763c2a77
Security fix
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.

All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.

Fortunately, they were only used in API routes that required staff
(moderators included) accounts.

---

Updated dependency:
helmet: 3.21.1 -> 3.21.2
2019-10-22 10:52:52 +07:00
Bobby Wibowo
cf8d2895f1
Updated dependencies
systeminformation: 4.14.12 -> 4.14.16
browserslist: 4.7.0 -> 4.7.1
2019-10-21 17:51:31 +07:00
Bobby Wibowo
321e4557db
Updated dependencies
systeminformation: 4.14.11 -> 4.14.12
gulp-stylelint: 9.0.0 -> 10.0.0
2019-10-15 17:46:09 +07:00
Bobby Wibowo
7855801d62
Updated
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.

Upgrade stylelint dev dependency.

Bumped v1 version string.
2019-10-11 12:36:59 +07:00
Bobby Wibowo
b2f96360ae
Updated knex.js to 0.19.5
Renamed todo.md to TODO.md

Edited a todo task
2019-10-09 12:36:19 +07:00
Bobby Wibowo
256686f400
Updated dependencies 2019-10-06 05:24:20 +07:00
Bobby Wibowo
582440e5ef
Updated sharp to 0.23.1 2019-09-28 16:45:36 +07:00
Bobby Wibowo
a233dd6bba
Updated helmet 2019-09-22 11:40:59 +07:00
Bobby Wibowo
6133554013
Updated stylelint dev dependency 2019-09-20 12:19:28 +07:00
Bobby Wibowo
a79803cbd6
Updated
Added gulp-replace dev dependency.

Removed version strings of Fontello fonts from fontello.css

Added "build:fontello" Gulp task which will append version string to
Fontello fonts, then do the usual processing for CSS file.
It will use type 5 from versions.json, if available.
Also updated src/README.md about it.
2019-09-19 20:39:23 +07:00
Bobby Wibowo
9e9b0d4439
Updated
Updated some dev dependencies.

---

Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.

Added dist-dev to ignore files.

---

The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.

Root domain for use in Nunjuck templates will now be parsed from config.

Better page titles.

Updated help message for "Uploads history order" option in
homepage's config tab.

Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.

Uploads' original names in homepage's uploads history are now
selectable.

Min/max length for user/pass are now enforced in auth's front-end.

Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.

File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.

Added video icons.
Homepage's uploads history will now display video icons for videos.

"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.

Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.

A few other small improvements.
2019-09-17 11:13:41 +07:00
Bobby Wibowo
c9ba16e1d6
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.

CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.

JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.

Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.

Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).

The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").

---

yarn lint -> gulp lint

yarn build -> gulp default

yarn watch -> gulp watch

yarn develop -> env NODE_ENV=development yarn watch

---

Fixed not being able to demote staff into normal users.

/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).

Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.

Removed is-breeze CSS class name, in favor of Bulma's is-info.

Removed custom styling from auth page, in favor of global styling.

Removed all usage of style HTML attribute in favor of CSS classes.

Renamed js/s/ to js/misc/.

Use loading spinners on dashboard's sidebar menus.

Disable all other sidebar menus when something is loading.

Changed title HTML attribute of disabled control buttons in
uploads & users list.

Hid checkboxes and WIP controls from users list.

Better error messages handling.
Especially homepage will now support CF's HTTP error codes.

Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.

Use Gatsby icon for my blog's link in homepage's footer.

A bunch of other improvements here & there.
2019-09-15 13:20:11 +07:00
Bobby Wibowo
10a464bc73
Updated
Moved authors info to AUTHORS file.

Updated Git urls in package.json file.

Added .stylelintrc.

Updated all CSS files to respect current Stylelint guidelines.

Updated dependency: knex.js.

Fixed notice message in no-js version of album public pages.

Bumped v1 version string.
2019-09-12 14:44:31 +07:00
Bobby Wibowo
02e2e402c3
!!! MASSIVE OVERHAUL !!!
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.

Notable changes:

Added temporary uploads.

Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.

A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
2019-09-08 08:56:29 +07:00
Bobby Wibowo
05b905bc9b
Updated
Upgraded dependencies.

Stop adding cache-control header to album zip files unless
config.cacheControl is enabled.

Updated CSS files.
Moved thumbnail-related styling to thumbs.css.
Various other fixes & improvements.

Moved render.js from public/js to public/js/s.

Removed sharex.js in favor of public/js/s/utils.js.
Moved getPrettyDate() & getPrettyBytes() to that JS file as well.

Added lsKeys global variable wherever applicable.
Previously the idea was only used in dashboard.js.

Added No-JS version of album public pages.
You'll only have to add ?nojs to the URL.
Viewing the regular version with JS disabled will show a notice with
a link to the No-JS version of the particular album.
Overall page size of the regular version will now be lower as well,
since there'll be no need to add noscript tag for each thumbs.

No longer show Administrator section to non-admin in the dashboard.
Moderators will ONLY be able to see manage users menu as well.

Simplified FAQ wherever applicable.
Added a new FAQ about bug report or feature request.

Updated link for Firefox extension.
Also pushed Firefox link before Chrome, cause I like it more.

Added browser settings menu to dashboard.
This allows you to choose file size unit (kilobyte vs kibibyte) for that
specific browser.
The preference will be used on homepage, dashboard and album pages.
This also allows you to set chunk size and maximum parallel uploads
for the homepage uploader.

All menu links in the dashboard will now scroll to the content once
loaded.
Previously it would only do so with manage uploads/users when
switching pages.

Refactored all instances of for-in & for-of loop from browser JS files.
For the sake of uniformity, for now.
2019-09-02 02:23:16 +07:00
Bobby Wibowo
7e3d177d00
Updated
Added logger.js to format console logs (adding timestamps).

Re-ordered modules loading in lolisafe.js, and a few other minor edits.

Updated dev dependencies.

A few other minor edits.
2019-08-27 00:02:06 +07:00
Bobby Wibowo
14d69bf1c1
Updated dev dependencies 2019-08-20 06:04:27 +07:00