Commit Graph

499 Commits

Author SHA1 Message Date
Bobby
09fea107f3
feat: env SERVE_STATIC_QUICK=0 yarn start
restore an older behavior of serving static files with
ServeLiveDirectory middleware instead of ServeStaticQuick, in case of
issues with streaming files from disk via createReadStream

if you do encounter this issue, serving uploaded files with node will
likely encounter issues as well, but you can choose to serve them
directly with nginx, etc., so i guess it's not beyond hope
2022-08-21 21:23:14 +07:00
Bobby Wibowo
bd71035517
fix: missing cpu temp and swap logic 2022-08-19 10:48:45 +07:00
Bobby Wibowo
991cfe134e
feat: add cpu temp and swap memory to statistics
temp is currently hard-coded to C

also increased system info caching to 1s
2022-08-19 10:38:24 +07:00
Bobby Wibowo
86d9db3137
feat: split service info in statistics
additionally add cpu detail in system info
2022-08-19 10:18:35 +07:00
Bobby Wibowo
ea30e5dee5
feat: enable persistent cache for nojs uploader
also slight improvement to NunjucksRenderer class
2022-08-19 09:50:08 +07:00
Bobby Wibowo
0d05da40b0
fix: fallback deletion url to relative path
if homeDomain is not configured via config file or env var

the deletion url is a frontend page, so it cannot simply assume it's on
the same domain as uploaded files
2022-08-19 09:29:11 +07:00
Bobby Wibowo
6c929efa7b
fix: less strict missing token header check
previously would still assume token is provided when the header is
simply an empty string, which may be unavoidable for some clients
2022-08-19 07:30:32 +07:00
Bobby Wibowo
59c5c8b7b0
fix: guest uploads hanging
caused by auth middleware not passing the request when token is missing
2022-08-19 07:01:45 +07:00
Bobby Wibowo
8142eae9df
refactor: /users/{delete,disable,edit} API routes
simplify self.assertPermission function to only assert permission

fixed hard-coded "root" user protection not being asserted first
2022-08-09 17:51:31 +07:00
Bobby Wibowo
0a62002a6e
fix: re-create "root" user if users table is empty
previously it'd always re-create it if "root" user itself is missing
from users table

this facilitates not having "root" user altogether
2022-08-09 17:28:21 +07:00
Bobby Wibowo
6ff735badb
feat: wrap add to album db query in transaction
additionally allow superadmins to arbitrarily add/remove files to/from
albums via manual API calls, instead of only allowing root user
2022-08-09 17:18:56 +07:00
Bobby Wibowo
4907ef9ad7
chore: indent albumsController.js 2022-08-09 17:00:26 +07:00
Bobby Wibowo
edf7c091e4
feat: wrap upload db insert within transaction 2022-08-09 16:57:55 +07:00
Bobby Wibowo
d8b78d29ed
feat: hard-code prevent registering as "root"
and allow migration script to not throw when root user is missing

this facilitates safely removing root user altogether via database query
if you don't use it
2022-08-08 06:22:18 +07:00
Bobby Wibowo
253042e24e
fix: improve filtering uploads by album ids
database logic and dashboard display
2022-08-08 06:08:40 +07:00
Bobby Wibowo
b21fa66e59
fix: possible event listeners memory leak 2022-08-05 00:54:44 +07:00
Bobby Wibowo
c6c485447f
feat: token failure rate limit on login/register
also removed default 2 reqs in 5s rate limiter for login/register routes
from sample config, as it's pretty much redundant now
2022-08-04 23:34:58 +07:00
Bobby Wibowo
a406f85215
feat: rate limit token auth failures
hard-coded to max 6 failures in 10 minutes
2022-08-04 23:09:14 +07:00
Bobby Wibowo
3e0aa1361d
fix: detect uploads timed out by uwebsockets 2022-08-04 22:08:40 +07:00
Bobby Wibowo
7381cac0e9
chore: indents and comments 2022-08-04 21:59:50 +07:00
Bobby Wibowo
d7d6a29123
feat: cleaned up routes init
asserting auth and JSON body will now be done via route-specific
mini middlewares (authController's requireUser or optionalUser)
2022-08-04 21:59:06 +07:00
Bobby Wibowo
2351528a42
fix: redundant logic 2022-08-03 17:31:49 +07:00
Bobby Wibowo
46c8867223
fix: internally prepend chunksData UUID with IP
even less chance for a collision to occur
2022-08-03 17:28:42 +07:00
Bobby Wibowo
0ebefe083a
refactor: removed clamscan passthrough support
unfortunately it simply was not reliable enough

and maintaining it is simply adding more complexity to the codes

moreover it was only possible to passthrough regular non-chunked uploads
2022-08-02 16:19:57 +07:00
Bobby Wibowo
164cadd8b9
feat: increased regular users' max sort keys to 2
possible use case, sorting by albumid, then size

moderators and above still have no limits
2022-08-01 15:21:23 +07:00
Bobby Wibowo
ac38b6f06e
feat: if sort uploads by album id, sort null last
also improved indenting on some lines of codes
2022-08-01 15:20:14 +07:00
Bobby Wibowo
323c107f64
fix: ServeStatic
init setContentDisposition and setContentType functions immediately as
private functions to reduce complexity

so instead check for the required map/store before using them

also fixed content-type override ending up with duplicate headers
2022-08-01 07:29:49 +07:00
Bobby Wibowo
21ec4a7479
fix: 416 status code handling 2022-07-31 16:46:35 +07:00
Bobby Wibowo
0598a63989
refactor: serve handlers/middlewares
moved shared codes into serveUtils to reduce complexity
2022-07-31 16:34:06 +07:00
Bobby Wibowo
527498bb1e
perf: list albums db query 2022-07-31 15:55:27 +07:00
Bobby Wibowo
285e79c5a7
feat: configurable uploads/albums/users per page
please check sample.config.js for new options

if missing from config, defaults to 25 per page (old defaults)
2022-07-31 15:51:32 +07:00
Bobby Wibowo
2389974c7d
feat: ServeStaticQuick
chokidar is now a production dependency

please read the comments in ServeStaticQuick.js for a description of
what the class does

public and dist directories are now served with that class by default

before starting hyper-express on the listen port, await for all
ServeLiveDirectory and ServeStaticQuick instances
2022-07-31 14:31:25 +07:00
Bobby Wibowo
d40d1e396f
fix: ServeStatic with zero bytes files 2022-07-31 14:17:06 +07:00
Bobby Wibowo
b1566c5abf
refactor: ServeLiveDirectory
ensure forward slashes path

refactored init method

ensure internal res.type is set before attempting to call external
setHeaders function, to allow overrides
2022-07-31 14:08:13 +07:00
Bobby Wibowo
b9badcc944
fix: ServeStatic ensure forward slashes path 2022-07-31 14:06:17 +07:00
Bobby
4591b8bb42
refactor: generateUniqueToken -> getUniqueToken
this now matches lifecycle with similar functions in upload and album
controllers

also added a new util function .mask() for basic string masking
2022-07-30 08:37:57 +07:00
Bobby
b7dcf30578
feat: console logs for identifiers on debug only 2022-07-30 08:35:26 +07:00
Bobby
548af312a7
chore: authController.js 2022-07-30 08:02:17 +07:00
Bobby
c23bc90412
refactor: album random identifier generation 2022-07-30 08:01:19 +07:00
Bobby Wibowo
8782a004d6
chore: uploadController.js 2022-07-29 10:17:17 +07:00
Bobby Wibowo
681a3ca32f
fix: ServeStatic content-length transfer-encoding
both headers cannot co-exist at the same time, so we pass the expected
content-length value into 2nd param of Response.stream(), so that the
internal can decide to add it only when required
2022-07-29 10:16:49 +07:00
Bobby Wibowo
8748dcefb0
feat: parse content-disposition on url uploads 2022-07-29 10:15:11 +07:00
Bobby Wibowo
fae28f9aa2
feat: deprecate uploads.cacheFileIdentifiers conf
maintaining it is an unnecessary complexity
it's a feature that doesn't scale too well anyways

also renamed "queryDbForFileCollisions" to
"queryDatabaseForIdentifierMatch"
and updated config description accordingly

this should also now properly free the internal onHold Set
2022-07-29 09:14:55 +07:00
Bobby Wibowo
03eff45e8c
refactor: uploadController.js
some logic improvements
2022-07-28 13:26:15 +07:00
Bobby
301cf3377d
fix: set upload name utf8 encoding via busboy conf
instead of converting from the default latin1 using Buffer

changing busboy config was not possible with express + multer,
so i did not notice it's instead possible with hyper-express
2022-07-28 10:19:28 +07:00
Bobby Wibowo
b9a1604440
refactor: rename handler/middleware class files 2022-07-25 07:48:31 +07:00
Bobby Wibowo
235a1c56e1
refactor: move devmode flag to utils 2022-07-25 07:39:35 +07:00
Bobby Wibowo
ec4d54573a
fix: errors thrown when url uploads get rejected 2022-07-25 07:32:39 +07:00
Bobby Wibowo
5bab3a495e
feat: allow to disable file hashing completely 2022-07-25 07:32:25 +07:00
Bobby Wibowo
6ba30a23c6
feat: improved chunked uploads lifecycle
added checks when there's an attempt to uploads chunks to same file in
parallel

improved final file size checks
2022-07-25 07:09:28 +07:00