to make nunjucks recompiles templates only when it detects changes,
as opposed to compiling everytime due to not using caching.
reminder that this is NOT a live reload feature!
the fork is now named under @bobbywibowo tag to allow it co-existing
with upstream version within the same scope if required
it and @bobbywibowo/send have also been aligned with their respective
latest master commits as of this commit date
stylelint: 13 -> 14
postcss-preset-env: 6 -> 7
eslint-plugin-compat: 3 -> 4
replaced stylelint-config-standard with
stylelint-config-standard-scss
switched to @ronilaukkarinen/gulp-stylelint, a fork of gulp-stylelint,
due to the upstream's maintainer going missing
temporarily disabled some stylelint rules to ease transition
removed node-sass as explicit dev dependency
gulp-dart-sass will already require sass (new dart sass, not node-sass)
added fibers as a new dev dependency
this is a requirement to speed up async sass compiling
https://sass-lang.com/dart-sass
full sub-dependencies upgrade (deleted yarn.lock then did yarn install)
bumped v1 version string to trigger auto rebuild
Resolves#192
This added 2 new dependencies:
content-disposition
BobbyWibowo/serve-static
content-disposition:
This has fallback generation for file names that are outside ISO-8859-1.
Plus it was already a sub-dependency due to express to begin with.
BobbyWibowo/serve-static:
A fork of express/serve-static to allow specifying an async setHeaders
function by the name preSetHeaders, that will be awaited before
creating send stream to clients.
node-fetch: 2.6.0 -> 2.6.1 (security)
browserslist: 4.14.0 -> 4.14.1
stylelint: 13.6.1 -> 13.7.0
Obligatory bump to versions.json as this commit requires rebuilding
client assets (dev dependencies updates affect style.css).
As usual, rebuilds will be in the next commit by the build bot.
src/js/misc/utils.js: Added page.getPrettyUptime().
Updated dependency:
helmet: 3.23.3 -> 4.1.0
lolisafe.js: Disabled CSP by default.
Since helmet 4, CSP would instead be enabled by default.
Added new dev dependencies:
bulma, gulp-sass, node-sass
Updated some dependencies
Various other things related to styling
Bumped v1 version string and rebuilt client assets
UPDATE YOUR CONFIG FILE IF YOU USE CHUNKED UPLOADS!
Read more about this at the end.
Added new dependency: blake3
Hashes will be created as the uploads are being written to disk.
With exception for chunked uploads!
For them specifically, their hashes will be created as they're being
rebuilt into a single file.
Should still be a lot better than the previous case where it had to
re-read the already written files.
To support that feature, added a new file
controllers/multerStorageController.js.
It's just a custom storage engine for Multer.
chunkSize option now allows setting max chunk size from config file.
Previously it was hardcoded to 95MB, but assuming you have paid
Cloudflare plans, you can actually have up to 500MB.
Also moved the option to be after maxSize and before urlMaxSize.
Made a lot more sense to me this way, as chunked uploads only work on
regular uploads.
Updated v1 version string and rebuilt client assets.
systeminformation: 4.23.9 -> 4.26.1
eslint-plugin-compat: 3.5.1 -> 3.6.0
Renamed all .eslintrc.json to .eslintrc.js.
Removed unnecessary init for missing params in favor of default params.
Buble will take care of compiling that for old browsers.
Bumped ecmaVersion for client JS from 6 (2015) to 7 (2016).
Buble should support compiling ES2016 features as well.
Properly deny some actions when an online section is still loading.
Properly apply progress cursor on items/buttons that shouldn't be used
while an online section is still loading.
Bumped v1 version string and rebuilt client assets.
/api/check and /api/token/verify will now pass along v1 version string
if used (when config.cacheControl is used) for both home.js and
dashboard.js to use to compare version strings.
This should help notify users using browsers with a bit more overbearing
caching (generally mobile browsers).
Rebuilt client assets and bumped v1 version string
Slight update to yarn.lock (a small syntax change for node-gyp, idk why)
Updated screenshot.
Edited claim about node 12 not being tested, as I've tested it.
Couldn't find any issues.
Added a new section about updating when you have modified some files.
Rephrased ClamAV support section a bit.
Updated dependencies:
knex: 0.21.0 -> 0.21.1
Rebuilt yarn.lock file with node 12.
Nothing significant really changed.
Things seem to be backward compatible to node 10.
Updated README.md to emphasize Node 10.x is the oldest supported version
and that Node 12.x have NOT been tested.
I'll work on testing Node 12.x in the near future though!
Please consult the Help? button again to learn all the syntax changes!
The prompt will now also have its width expanded!
Updated dependency, knex: 0.20.13 -> 0.20.15.
Added new dependency: search-query-parser.
Updated all sub-dependencies.
Critical? Admins-only API /users/edit will no longer return NEW password
salt of the user when randomizing their password.
Added page.escape() function to js/misc/utils.js.
This will be used to escape input in upload filters input box.
The same function used in utilsController.js.
Pretty dates will now use / instead of - for date separator.
This is due to the fact that date range key for filtering uploads
can not accepts dates with - separator.
To avoid inconsistency, we will now use / separator.
Caching system of album public pages will now be disabled during
development (yarn develop).
Cleaned up domClick() function in js/dashboard.js.
If using date or expiry range keys when filtering uploads, attach
client's timezone offset to the API requets.
This will be used by the server to calculate timezone differences.
Success prompt when changing token will now auto-close.
Removed ID column from Manage Users.
Improved success prompt when editing users.
This will properly list all of the edited fields at once,
excluding user group change.
Success message for user group change will require a bit more changes
on the API endpoint, which is a bit annoying.
Rebuilt client-side assets and bumped v1 version string.
Updated all dependencies.
Some latest version of dependencies such as bcrypt and sharp
requires Node 10+.
Updated fontello.css to uses latest version string from versions.js.
When updating version strings in commit
2670db269d, I forgot to rebuild this css.
Rebuilt all CSS assets, not sure why.
Probably due to browserslist being updated?
While I was as it, I also updated safe.fiery.me's node version to
10.19.0.
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.
I figured this is a better implementation to shift queues faster.
---
Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.
Clients will also see better formatted error message for URL uploads'
file size limit errors.
---
Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0
Bumped v1 version string
As it turns out, Dropzone had a built-in timeout of 30 seconds.
There'll be no timeout now (thus respecting timeout settings of the
server and/or CDN).
While I was at it, I also refactored the bits for initializing Dropzone.
Also added a hacky method to handle Dropzone timeout,
in case someone wants to re-enable that.
"Hacky" due to lack of Dropzone's built-in timeout event handler.
Updated dev dependency:
eslint: 6.6.0 -> 6.7.1
bcrypt: 3.0.6 -> 3.0.7
knex: 0.20.1 -> 0.20.2
sharp: 0.23.2 -> 0.23.3
Dev dependency:
browserslist: 4.7.2 -> 4.7.3
As always, this was a full upgrade, so sub-dependencies were also
upgraded if applicable (more details in yarn.lock).
I noticed stylelint also got updated to v12, but I will be postponing
that till gulp-stylelint updates its peer dependency requirement.
Uploads thumbs view (dashboard) will no longer use smooth scrolling on
page change, etc.
This used to cause all thumbs to be loaded anyway when navigating with
its bottom pagination bar.
Bumped v1 version string.
---
Updated dependency:
systeminformation: 4.14.17 -> 4.15.3
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.
All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.
Fortunately, they were only used in API routes that required staff
(moderators included) accounts.
---
Updated dependency:
helmet: 3.21.1 -> 3.21.2
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.
Upgrade stylelint dev dependency.
Bumped v1 version string.
Added gulp-replace dev dependency.
Removed version strings of Fontello fonts from fontello.css
Added "build:fontello" Gulp task which will append version string to
Fontello fonts, then do the usual processing for CSS file.
It will use type 5 from versions.json, if available.
Also updated src/README.md about it.
Updated some dev dependencies.
---
Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.
Added dist-dev to ignore files.
---
The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.
Root domain for use in Nunjuck templates will now be parsed from config.
Better page titles.
Updated help message for "Uploads history order" option in
homepage's config tab.
Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.
Uploads' original names in homepage's uploads history are now
selectable.
Min/max length for user/pass are now enforced in auth's front-end.
Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.
File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.
Added video icons.
Homepage's uploads history will now display video icons for videos.
"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.
Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.
A few other small improvements.
