Commit Graph

1592 Commits

Author SHA1 Message Date
Bobby Wibowo
31beda4343
Added a new todo entry 2019-11-25 15:39:05 +07:00
Bobby Wibowo
ec7c160f31
Fixed uploads timing out without error after 30 s
As it turns out, Dropzone had a built-in timeout of 30 seconds.
There'll be no timeout now (thus respecting timeout settings of the
server and/or CDN).

While I was at it, I also refactored the bits for initializing Dropzone.

Also added a hacky method to handle Dropzone timeout,
in case someone wants to re-enable that.
"Hacky" due to lack of Dropzone's built-in timeout event handler.

Updated dev dependency:
eslint: 6.6.0 -> 6.7.1
2019-11-25 15:18:14 +07:00
Bobby Wibowo
5207df6123
Updated dependencies
bcrypt: 3.0.6 -> 3.0.7
knex: 0.20.1 -> 0.20.2
sharp: 0.23.2 -> 0.23.3

Dev dependency:
browserslist: 4.7.2 -> 4.7.3

As always, this was a full upgrade, so sub-dependencies were also
upgraded if applicable (more details in yarn.lock).

I noticed stylelint also got updated to v12, but I will be postponing
that till gulp-stylelint updates its peer dependency requirement.
2019-11-20 20:16:37 +07:00
Bobby Wibowo
ee920f942f
Cache system & disk stats longer
System stats will be cached for only 1000 ms (1 s)

Disk stats will be cached for 60000 ms (60 s)
2019-11-14 15:08:56 +07:00
Bobby Wibowo
2a81e899b4
Fixed stats not re-generating after errors 2019-11-14 14:53:33 +07:00
Bobby Wibowo
7aaf913166
Actually parse error messages of du & df to String 2019-11-14 14:46:49 +07:00
Bobby Wibowo
98d38d3402
Fixed broken disk stats in linux 2019-11-14 14:42:09 +07:00
Bobby Wibowo
3d09df501d
Updated
Better 'df' handling (check the TODO entry for more details).

Simplified a few lines in dashboard.js.

Bumped v1 version string.
2019-11-14 05:06:59 +07:00
Bobby Wibowo
d5cd5b7b5b
Updated
Uploads thumbs view (dashboard) will no longer use smooth scrolling on
page change, etc.
This used to cause all thumbs to be loaded anyway when navigating with
its bottom pagination bar.

Bumped v1 version string.

---

Updated dependency:
systeminformation: 4.14.17 -> 4.15.3
2019-11-13 13:21:36 +07:00
Bobby Wibowo
b646a4a82f
Updated uploadController.js
String updates.
2019-11-10 03:41:54 +07:00
Bobby Wibowo
a28d862c14
Added group bypass to virus scanning
Also better-ish scan results handling again, I guess

Updated dependency knex: 0.20.0 -> 0.20.1
2019-11-06 03:35:04 +07:00
Bobby Wibowo
e10ce7807f
Updated
Auto-close some Sweetalert success dialogs after 1.5s.

Fixed edit user not displaying user's new username properly.

Disabled eslint-plugin-compat on some lines that won't work in
Safari 5.1.
Optionally look into not supporting the browser altogether.

Bumped v1 version string.
2019-10-29 19:39:44 +07:00
Bobby Wibowo
8f48889c90
Updated dependencies 2019-10-29 05:37:25 +07:00
Bobby Wibowo
36763c2a77
Security fix
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.

All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.

Fortunately, they were only used in API routes that required staff
(moderators included) accounts.

---

Updated dependency:
helmet: 3.21.1 -> 3.21.2
2019-10-22 10:52:52 +07:00
Bobby Wibowo
cf8d2895f1
Updated dependencies
systeminformation: 4.14.12 -> 4.14.16
browserslist: 4.7.0 -> 4.7.1
2019-10-21 17:51:31 +07:00
Bobby Wibowo
a884ef8d01
Bug fix
Fixed #67

Changed default admin account to username root & password changeme,
for new installations.
Also updated README.md to mention it.
2019-10-21 17:49:52 +07:00
Bobby Wibowo
d1b70d6b14
Added 1 new entry to TODO.md 2019-10-15 18:02:32 +07:00
Bobby Wibowo
2443390199
Updated utilsController.js
Thumbnails generator: Skip video files that does not have valid duration
metadata, for some reason.
2019-10-15 17:53:23 +07:00
Bobby Wibowo
321e4557db
Updated dependencies
systeminformation: 4.14.11 -> 4.14.12
gulp-stylelint: 9.0.0 -> 10.0.0
2019-10-15 17:46:09 +07:00
Bobby Wibowo
b38bde3da0
Enabled verbose output for gulp linter tasks
Resolves #61
2019-10-15 01:45:04 +07:00
Bobby Wibowo
a701a2ab47
Added 3 new tasks to TODO.md 2019-10-12 14:40:14 +07:00
Bobby Wibowo
fbd8037c35
Updated config.sample.js
Updated sample API rate limits.
This will pretty much be the same ones used live in safe.fiery.me.

This rate limits ALL API calls to 10 requests per second,
but apply stricter limits to login & register endpoints, which are
2 requests per 5 seconds.
Also apply stricter limit to album ZIP download endpoint to
4 requests in 30 seconds.

Also removed forcing 200 HTTP status code from the error responses,
cause front-end will now handle any HTTP status codes properly.
It was previously set to 200 cause frontend couldn't handler
errors properly.

On a side note, rate limiting all API calls is important due to the fact
that any token-based endpoints can be used for brute-forcing tokens.
Some server firewalls can also be used to ban possible brute force
attacks through actively monitoring the HTTP server's access logs,
so you may also want to consider that kind of solution for your site
instead.
2019-10-12 13:55:38 +07:00
Bobby Wibowo
37266fb05b
Fixed chunk size message in FAQ
Updated background color of code HTML tag.

Bumped v1 version string.
2019-10-11 12:53:11 +07:00
Bobby Wibowo
7855801d62
Updated
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.

Upgrade stylelint dev dependency.

Bumped v1 version string.
2019-10-11 12:36:59 +07:00
Bobby Wibowo
b2f96360ae
Updated knex.js to 0.19.5
Renamed todo.md to TODO.md

Edited a todo task
2019-10-09 12:36:19 +07:00
Bobby Wibowo
0d51833bbc
Updated
Disable jump to page input when there is only 1 page.

Disable prev/next pagination buttons if applicable.

Updated styling of disabled inputs.

Bumped v1 version string.
2019-10-07 10:34:10 +07:00
Bobby Wibowo
e581edd5d7
Updated progress bar background color 2019-10-07 10:14:27 +07:00
Bobby Wibowo
3a8d170c3a
Elaborate some todo tasks and update priorities 2019-10-07 06:51:05 +07:00
Bobby Wibowo
f85390dd72
Added another entry to todo.md 2019-10-07 06:35:41 +07:00
Bobby Wibowo
69380c868e
Updated dashboard.js
Fixed not being able to delete disabled users.

Bumped v1 version string.
2019-10-07 06:16:47 +07:00
Bobby Wibowo
4f04225ba0
Updated
Added delete user feature.
API: /api/users/delete
json: id<number>, purge[boolean]
By default will not purge out files, but will still clear userid
attribute from the files.
All associated albums will also be marked, and have their ZIP archives
be unliked, if applicable.

Fixed purging albums not properly reporting amount of associated files
that could not be removed, if any.

Fixed moderators being able to disable users by manually sending API
requests, if they at least know of the user IDs.
They could only disable regular users however.
2019-10-07 06:11:07 +07:00
Bobby Wibowo
5e60b01fe6
Updated dashboard.css
I PROMISE THIS IS THE LAST COMMIT FOR TODAY
2019-10-06 05:37:22 +07:00
Bobby Wibowo
9d77a9b9b1
Updated dashboard.css 2019-10-06 05:35:29 +07:00
Bobby Wibowo
510f686250
Updated styling 2019-10-06 05:33:38 +07:00
Bobby Wibowo
256686f400
Updated dependencies 2019-10-06 05:24:20 +07:00
Bobby Wibowo
411d17e1fb
Updated
* Changed colorscheme to black (experimental).

* Fixed ClamAV failing to report names of dirty files.

* Removed built-in support for Google site verification (globals.njk).
Just use HTML verification with public directory,
or manually edit home.njk.

* Bumped v1 version string.
2019-10-06 05:20:59 +07:00
Bobby Wibowo
582440e5ef
Updated sharp to 0.23.1 2019-09-28 16:45:36 +07:00
Bobby Wibowo
84a3de0d8d
Updated
Fixed statistics columns width in browsers except Firefox.

And a few other things.
2019-09-28 16:42:49 +07:00
Bobby Wibowo
98a8d03a7f
Updated
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.

Added 2 new entries to todo.md.

Don't check "Select all" checkbox in dashboard when there are no
uploads.

Bumped v1 version string.
2019-09-23 15:09:15 +07:00
Bobby Wibowo
a233dd6bba
Updated helmet 2019-09-22 11:40:59 +07:00
Bobby Wibowo
0baf6b9275
Updated
Fixed Gulp not rebuilding fontello CSS on development mode.

Updated dashboard's thumbs view to only call LazyLoad's update function
once.

Bumped v1 version string.
2019-09-22 11:26:05 +07:00
Bobby Wibowo
2e40124c62
Updated logger.js
Manually parse date to actually print the dates in current timezone.
I actually never intended it to use UTC.
I wasn't really paying attention...

Also during development, shortened version will be used instead,
which is basically only showing hours, mins, and secs.
2019-09-21 14:29:08 +07:00
Bobby Wibowo
6a934627a2
Added loader icon on dashboard
It will be shown when token is still being verified.

Moved loader icon section from auth.njk to _partial/loader.njk,
which will also be included into dashboard.njk.

Bumped v1 version string.
2019-09-21 11:50:49 +07:00
Bobby Wibowo
6133554013
Updated stylelint dev dependency 2019-09-20 12:19:28 +07:00
Bobby Wibowo
4e20f28b78
Updated lolisafe.js
If config.cacheControl is enabled, remove Cache-Control header from
error pages.
Fallbacks to Express' default behavior of using "public, max-age=0".
2019-09-20 02:42:08 +07:00
Bobby Wibowo
b75deb268f
Updated nojs.js
Forgot to add version strings.
2019-09-20 01:27:00 +07:00
Bobby Wibowo
6803eb0812
Updated todo.md and nojs.njk
Added another todo entry.

Added required attribute to input file in No-JS uploader. This should
prevent submission when clicking Upload button before selecting any
files.

Removed built-in "safe" filter from some fields in nojs.njk, cause they
were unnecessary.
2019-09-20 01:25:01 +07:00
Bobby Wibowo
d52c5bc63c
Added another entry to todo.md 2019-09-19 21:11:09 +07:00
Bobby Wibowo
8f809e6cd5
Updated _layout.njk
Use "summary_large_image" type for Twitter Cards.
2019-09-19 20:54:27 +07:00
Bobby Wibowo
e22c180edd
Updated scripts/README.md again again
I'm so f'in drunk.
2019-09-19 20:44:48 +07:00