Commit Graph

172 Commits

Author SHA1 Message Date
Bobby Wibowo
4862512471
Removed stray console.log() 2018-10-13 18:09:54 +07:00
Bobby Wibowo
4456ba4b4d
Fixed authController.js 2018-10-13 18:09:09 +07:00
Bobby Wibowo
fcf4c00de7
Moved permission-related functions to permissionController
Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 18:06:58 +07:00
Bobby Wibowo
8e46eaf4ac
Added disk usage column to manage users 2018-10-12 17:19:14 +07:00
Bobby Wibowo
31f44a1b91
Added ID and uploads count columns into manage users
Updated client-side check of user's enabled status to match server-side

Removed a bunch of console.log()'s from development
2018-10-12 16:42:16 +07:00
Bobby Wibowo
3708f53044
Added user group option to edit user modal
Also simplified selector for file's add to album modal
2018-10-11 00:33:11 +07:00
Bobby Wibowo
c3d4c237cb
Init account-manager branch 2018-10-10 02:52:41 +07:00
Bobby Wibowo
5bd343638a
Updates
Moved utils.getPrettyBytes() and utils.getPrettySize() to client's dashboard.js.

Thus, server will no longer return prettified size and date (it'll be prettified by the client instead).

To be honest, I don't even know why I had them in server-side, it's obviously better this way.
2018-10-09 01:54:16 +07:00
Bobby Wibowo
e2831f2181
Updates
* uploadController.js: expect some multer error codes and don't log their stack traces to console when they occur.

* yarn.lock: added integrity field (yarn's new addition).
2018-10-08 23:14:10 +07:00
Bobby Wibowo
30c011ce5c
Replaced snekfetch with node-fetch 2018-09-23 23:28:15 +07:00
Bobby Wibowo
d875a604be
Updated uploadController.js
Updated virus scan handling.
Virus name will now be reported to its uploader.
On the rare chance clamd suddenly dies while the safe is still running, it will now print a message to uploader with the error code, and telling them to contact sysadmin.
2018-09-20 17:45:16 +07:00
Bobby Wibowo
65442c18c5
Reworked extension parsing
Removed "path-complete-extname" module in favor of an in-house solution, utilsController.extname().

For now the function will attempt to preserve multi-archive extensions (.001, .002, and so on), as well as some known tarballs (.tar.gz and the likes).

The function will always return lower case extension. It should be fine, but do keep it in mind.
2018-09-18 02:32:27 +07:00
Bobby Wibowo
b47bbb90d6
Updated uploadController.js
Fixed upload breaking when clam scanning is disabled. This was due to me forgetting to update the if-logic after switching from "clam-engine" to "clamdjs", since the latter made me have to re-format the config option due to it also having IP and port.
2018-09-15 04:40:58 +07:00
Bobby Wibowo
7587bfa408
Updates
* Updated utilsController.js: Unlink thumb of type symlink whenever generateThumbs() is called.

* Updated thumbs.js: Add stats (success/error/skipped).
2018-09-05 00:29:53 +07:00
Bobby Wibowo
56bdd08ee7
Init 'browser-ecma5' branch (#7)
* Downgraded ecma version of client-side scripts to v5. This change means no more backtick strings and some others.

* Massively modified auth.js, dashboard.js and home.js to support the downgrade (dashboard.js had the most changes).

* Removed enter key event handler from auth page. The previous code had some small issues. I'd rather not have the handler than let the issues persist. I'll eventually look into adding this again in the future.

* Updated uploadController.js to handle some invalid requests into /api/delete and /api/bulkdelete.
2018-09-04 22:49:37 +07:00
Bobby Wibowo
a207c4a806
Init 'clamdjs' branch (#8)
Use clamdjs module instead of clam-engine. This module connects to clam daemon server.
2018-09-04 22:48:24 +07:00
Bobby Wibowo
36da76357e
Updates
* Added an experimental virus scanning feature using ClamAV. This has only been tested with an Ubuntu machine.

* File extensions will now be parsed with path-complete-extname module. This will ensure extensions such as .tar.gz are properly parsed.

Notice: It may take a minute or so to start the safe with virus scanning, as apparently the module takes a while to create the engine. I'm guessing since it'll be loaded to memory? Either way, once the engine is created, everything should work fine. Virus scanning should also not have that much of an impact to the upload time.
2018-09-02 03:37:26 +07:00
Bobby Wibowo
bdee00e1a4
Merge branch 'safe.fiery.me' into browser-ecma6 2018-07-14 11:21:30 +07:00
Bobby Wibowo
ff3a6d1fb0
Updated albumsController.js
Trying to purge empty albums (purge = also deleting all of the files associated with it) will no longer throw out warning about failing to delete any of the associated files (since there are supposed to be none for empty albums anyways).
2018-07-14 11:00:10 +07:00
Bobby Wibowo
be0167f4d4
Updated uploadController.js 2018-07-12 13:52:31 +07:00
Bobby Wibowo
b2d9efa744
Updated uploadController.js 2018-07-12 13:38:43 +07:00
Bobby Wibowo
917afdf7a8
Updated uploadController.js
Fixed a bug where error messages related to multer would not be displayed properly (it would instead print "undefined").
2018-07-12 13:34:22 +07:00
Bobby Wibowo
9396a9ab49
Updated uploadController.js
Better snekfetch's error handling, probably.
2018-06-06 00:40:33 +07:00
Bobby Wibowo
57834dd362
Updated uploadController.js
Added DuckDuckGo's proxy support for "Upload by URLs". Make sure you add the new option in config.sample.js into your config.js.

This may be considered a hack and not supported by DuckDuckGo, so USE AT YOUR OWN RISK.

Credits to Proxy#1337.
2018-06-06 00:16:41 +07:00
Bobby Wibowo
0cf8ff58d0
Updated uploadController.js 2018-05-13 02:16:04 +07:00
Bobby Wibowo
7f23734d67
Updates
* Faster upload response. Back-end will no longer wait for album timestamps to be updated before sending out response.

* Added a simple thumbnail generation script at scripts/thumbs.js. You can use this to generate thumbnails for existing files before enabling the option in config.js.

* Various other code improvements.
2018-05-12 21:01:14 +07:00
Bobby Wibowo
bd722129de
Updates, now supports uploading by URLs!
* Added upload by URLs. It has its own max size (config.uploads.urlMaxSize), make sure your config matches config.sample.js.
Here's a brief video showing it in action: https://i.fiery.me/CUhQ.mp4.

* /api/upload now supports uploading by URLs. Devs will only need to POST a JSON request containing a key named "urls", which is an array of the urls to upload.

* Added file extension filter to /api/upload/finishchunks.

* Added proper total chunks size check to /api/upload/finishchunks.

* Various code improvements.
2018-05-11 21:34:13 +07:00
Bobby Wibowo
479db54cd3
Updates (experimental)
* Possible performance improvement. Some bulk db queries will now be executed in a single query instead of spawning multiple async task for each query. This is sorta experimental though, use it at your own risk (though I'll use it right away at safe.fiery.me).

* It's now possible for root user to add files to other users' albums through the API route. I don't plan on allowing root user to list other users' album list from the dashboard, I just thought that there'd be no harm in extending the API a little bit.

* Kinda better error logging for uncaught exception and unhandled rejection. Their stack trace should be logged now.
2018-05-11 00:25:52 +07:00
Bobby Wibowo
c952e3e8ce
Updated utilsController.js
Possibly better Cloudflare error handling.
2018-05-09 17:18:16 +07:00
Bobby Wibowo
fbd38a8bdd
Updated utilsController.js
Forgot to symlink 'unavailable thumb' placeholder for failed video thumbs.
2018-05-09 17:07:23 +07:00
Bobby Wibowo
f043f65ca1
Updates
* Added Cloudflare purge cache support. Check configuration sample at config.sample.js.
When it's enabled, whenever files are being deleted, it will send a POST request to Cloudflare's API to purge cache of the deleted files.
This adds a new dependency called "snekfetch". It's lightweight though.

* uploadsController.delete() will now wrap uploadsController.bulkDelete() instead.
2018-05-09 16:53:27 +07:00
Bobby Wibowo
7991a63315
Updates (please update your config.js)
NOTICE: Please update your config.js. Use config.sample.js as the template.
There were a couple of renames and restructures.

* Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though.

* All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout.

* Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw.

* Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail).
This haven't been tested in Windows machines, but it'll probably work fine.
I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
2018-05-09 15:41:30 +07:00
Bobby Wibowo
9e069f5a9a
Updates
* Added "create new album" button at homepage uploader. Due to this, albums list will always be shown even when you don't have any albums (and of course the list will be empty).
Preview: https://i.fiery.me/ITQ5.mp4 (ignore the fact that the prompt says "Edit album", it's been fixed before this commit goes live)

* Refactored various bits of the codes to use async/await instead of Promise.then. This will obviously cause the browser's requirement to raise but hell, it's the modern browsers age.

* Various other code improvements.
2018-05-06 21:14:57 +07:00
Bobby Wibowo
08410faa9a
Updates (breaking changes!)
* Updated API route: /upload/bulkdelete.
It now accepts an additional property named "field". In it you can now enter either "id" or "name", which will set whether it will bulk delete by ids or names respectively. It also no longer accepts property named "ids", instead it has to be named "values" (which of course is an array of either ids or names). So yeah, now the API route can be used to bulk delete by ids and names.
In the future this will be expanded to bulk deleting files by username (only accessible by root of course).

* Added a form to bulk delete files by names for the hardcore user, like me (https://i.fiery.me/AHph.png).

* Some design update. Mainly forms restructuring aimed at tight screens.

* Changing file name length, requesting new token and setting new password will no longer reload the dashboard page on success. Instead it will simply silently reload the form.

* utils.bulkDeleteFilesByIds() replaced by utils.bulkDeleteFiles() which now can either by ids or names. This will be the one that will eventually be extended for deleting by username.

* Various other code improvements.
2018-05-06 02:44:58 +07:00
Bobby Wibowo
715c821c14
Updates
* Bumped node requirement to >= 8.0.0 (due to async/await).

* Moved ESLint config to .eslintrc.json.

* Moved ESLint ignore to .eslintignore.

* Bumped ESLint's ecmaVersion to 8, although it was probably already automatically set to that before.

* Bugfix line 110 of albumsController.js.
2018-05-01 00:32:50 +07:00
Bobby Wibowo
61e1896945
Updates
* A bunch of refactors in public JS files (home.js, dashboard.js, etcetera).

* Added lazyload to home page (for thumbs of uploaded images), dashboard (for thumbs view) and albums' public link.
Albums' public link will silently fallback to loading all thumbs at once if JavaScript is disabled.

* A bunch of others code improvements. Honestly I'm too lazy to track all the changes.
2018-04-29 19:47:24 +07:00
Bobby Wibowo
c51365adb5
Updated dashboard
Bulk deleting files and adding/removing selected files from album will no longer refresh the current view to the first page. It will now instead try to refresh the current page. There will be cases where the current page ends up empty (when bulk deleting or moving files from the current album), but I figured that isn't much of an issue when compared with the advantages.
2018-04-29 06:44:25 +07:00
Bobby Wibowo
4660200b1e
More improvements to albums, and others
Improvements related to albums:

* Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png).
This also adds a new API route: /api/albums/edit.
The old API route, /api/albums/rename, is still available but will silently be using the new API in backend.

* Deleting album will now also delete its zip archive if exists.

* Renaming albums will also rename its zip archive if exists.

* Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat.

* The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier.

* Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier.

* Added "download" and  "public" columns to "albums" table in database/db.js.
Existing users can run "node database/migration.js" to add the columns.

Others:

* uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise.

* Album name of disabled/deleted albums will no longer be shown in uploads list.

* Added "fileLength" column to "users" table in database/db.js.

* Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though.

* Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch).

* Updated icons (added download icon).

* Some other improvements/tweaks here and there.
2018-04-29 00:26:39 +07:00
Bobby Wibowo
64b04abbe9
Updates (a small breaking change with config file)
"generateZips" is no longer merely accepting boolean value, it's now an object with 2 properties: "enabled" and "maxTotalSize". The former is of course to enable/disable zip generation, while the latter is to limit the total size of all the files in an album. If the total size exceeds the set limit, it will not generate a zip file. It'll probably be useful when used alongside Cloudflare's Cache Everything (since Cloudflare will only cache files with a maximum size of 512MB).
2018-04-27 10:27:34 +07:00
Bobby Wibowo
535d3df73f
Updated some things involving album zipping
* When version string is not specified in the URL query of /api/zip/:identifier (the API route to generate and download ZIP archive of the album), it will redirect the request with the album's editedAt timestamp as the value in the version string (only if editedAt timestamp exists). This will ensure that any bare calls to the API (without version string) will always be redirected to its latest state. This is mainly useful when being used with CDN that respects query string.

* Download button and CDN notice will no longer be visible in empty album pages.

* Matched empty album phrase as the one being used with the zipping API.
2018-04-27 10:03:13 +07:00
Bobby Wibowo
e01b007ea1
Updates
Restored CDN warning to album pages. Turns out adding Page Rule to /api/album/zip/* with Cache Level set to Cache Everything and Origin Cache Control set to On will work just fine. The version string is still necessary to ensure that clients are downloading the very latest version of the archive though.
Also last time I was using zipGeneratedAt timestamp, which was dumb, this time it is using editedAt timestamp, which was my original plan but kinda forgotten.
2018-04-27 04:30:11 +07:00
Bobby Wibowo
d46611ee57
Updates
Experimental CDN support for album zip downloads.
2018-04-27 04:04:21 +07:00
Bobby Wibowo
00d05ce97b
Updates
* Dashboard will now display "N/A" when the file does not have an extension. Previously it would display the full name, which was of course a mistake.

* Updated static files' version string again.
2018-04-25 20:39:07 +07:00
Bobby Wibowo
5bb960756f
Updates
uploadController.js:

 * Fixed chunk uploads failing when "blockedExtensions" is missing from the config file.

config.sample.js:

* Renamed "blockedExtensions" to "extensionsFilter", and added a new option named "filterBlacklist". When "filterBlacklist" is set to 'true', all extensions in "extensionsFilter" array will be blacklisted, otherwise it will be a whitelist, so only files with those extensions that can be uploaded.

* Renamed "uploads.chunkedUploads.maxSize" to "uploads.chunkedUploads.chunkSize".

* Added "uploads.chunkedUploads.noJsMaxSize" which can be used to change the 'displayed' file size on the No-JS uploader page.

* Some other phrases updates.

_globals.njk:

* Updated static files' version string since there is a small update to home.js.

other files:

* Regular code improvements/tweaks.
2018-04-25 20:16:34 +07:00
Bobby Wibowo
674d20c62c
Updates
Regular code improvements.
2018-04-21 04:39:06 +07:00
Bobby Wibowo
09f51c8448
Updates~ 😉
Thanks to Zephyrrus for the hints about nunjucks, sort of (he did not really give out any specific hints to me, I stalked his fork, lmao).

* Replaced Handlebars with Nunjucks.

* Replaced all static HTML files with their NJK-equivalent (excluding error pages).

* Renamed "albumDomain" to "homeDomain" in config.sample.js (make sure you update your config.js too).

* Updated dependencies: knex and eslint-plugin-import (dev).

* Updated vscode's settings.json (I may update this again very soon).
2018-04-19 04:00:36 +07:00
Bobby Wibowo
dd43acecea
Updates
* Added VSCode settings to git repo. Now you can match yours with mine, if you want.

* Added .jsbeautifyrc for js-beautify (to be used by VSCode's Beautify extension).

* Refactored all instances of require('**/*.js') with require('**/*') wherever applicable (basically gotten rid of the .js extension).

* Refactored path in all instances of require() wherever applicable.

* Sorted instances of require() wherever applicable.

* Fixed 500 HTTP error trying to load an error page for 505 HTTP error.

* Removed special treatement of NoJS page from uploadsController.processFilesForDisplay().

* Updated version string of all static files.

* Beautified all HTML, HANDLEBARS and CSS files.

* Refactored the structure of footer links in homepage and No-JS uploader. This should now fix homepage going out-of-bound in smaller screens.

* Added CSS prefixes wherever applicable.

* Improved back-end side of No-JS uploader. This will now handle errors properly.

* No-JS uploader will now show max file size.

* No-JS uploader will now show a proper message when private mode is enabled and/or registration is disabled.
2018-04-13 23:20:57 +07:00
Bobby Wibowo
4923cf9800
Updates
* Added No-JS uploader page (it's on /nojs).

* Updated uploadsController.processFilesForDisplay() to support requests from No-JS uploader page.

* Added "Bash uploader" link to footer.

* Updated icons (added terminal icon for "Bash uploader" footer link).
2018-04-12 21:37:42 +07:00
Bobby Wibowo
7978325cd6
Updates
* Removed rimraf from dependency. Although really it'll still need to be used by other dependencies, such as eslint and bcrypt, so it'll still have to be downloaded by yarn either way.

* Updated dashboard.css. Added "overflow: hidden" to thumbnail container. Previously potrait thumbnails will be visible outside of their container.

* Removed notice about having "chunks" folder from config.sample.js. Added a line in lolisafe.js to create the folder if it doesn't exist instead.

* Updated bcrypt to v2.0.0. I'm not really sure whatever has changed, but I've tested that it didn't require any additional changes for our current usage.

* Chunks will no longer be saved with their original file's extension. Instead they'll only be saved as plain files named 0, 1, ..., n, without any extension whatsoever. Extension for joined chunks will be read from the original file's name in /api/upload/finishchunks. If the user doesn't pass that data when calling the API, the joined chunks will not have any extension.

* Since rimraf has been removed, uploadsController.actuallyFinishChunks() will now use a combination of fs.unlink() and fs.rmdir(). Promise.all() will be used when running fs.unlink() so that all chunks will be deleted at the same time through multiple instances of async tasks (probably).

* Some other small changes and tweaks in uploadController.js.
2018-04-09 01:30:25 +07:00
Bobby Wibowo
3ca692d8c7
Updates
* Refactored all instances of "failedIds" and "albumIds" to "failedids" and "albumids" respectively. Abandoning camel case for these ones.

* Refactored the way it looks into which albums the files are supposed to be added into.
For /api/upload/finishchunks, you can add "albumid" to each object in files[] to specify which album you want the finsihed chunks to be added into. Each object may have different album IDs.
For /api/upload, which is regular uploads, unfortunately you can only choose one album at a time (by adding "albumid" to the request headers, like usual). It uses the same function as the one used for finishchunks to add the files into album, so it shouldn't be hard to extend this ability to regular uploads, someday in the future.

* Fixed a bug in /api/upload/finishchunks. Previously you couldn't ever get it to work.

* Updated error message when successful uploads could not be added to album.

* "albumid" will no longer be added to request headers if they are chunked uploads. They'd have been ignored anyways.
2018-04-05 19:54:24 +07:00