restore an older behavior of serving static files with
ServeLiveDirectory middleware instead of ServeStaticQuick, in case of
issues with streaming files from disk via createReadStream
if you do encounter this issue, serving uploaded files with node will
likely encounter issues as well, but you can choose to serve them
directly with nginx, etc., so i guess it's not beyond hope
chokidar is now a production dependency
please read the comments in ServeStaticQuick.js for a description of
what the class does
public and dist directories are now served with that class by default
before starting hyper-express on the listen port, await for all
ServeLiveDirectory and ServeStaticQuick instances
when cacheControl is disabled in config
this behavior makes more sense, and will then properly rely on our
internal conditinal GETs handlers and whatnot
ensure forward slashes path
refactored init method
ensure internal res.type is set before attempting to call external
setHeaders function, to allow overrides
maintaining it is an unnecessary complexity
it's a feature that doesn't scale too well anyways
also renamed "queryDbForFileCollisions" to
"queryDatabaseForIdentifierMatch"
and updated config description accordingly
this should also now properly free the internal onHold Set
also moved it from middlewares to handlers directory
reasoning is that this class is better suited to handle routes directly
instead of being a global middleware
since IO stat to check if request path matches a physical file in the
disk every single time is not very performant
custom pages may now override any built-in pages on the fly as lolisafe
is running
also added internal persistent cache feature into NunjucksRenderer
front-end pages will now be persistently cached during production
this adds new production dependency rate-limiter-flexible
this deprecates old rateLimits option in config
to use the new rate limiters, the new option is named rateLimiters and
rateLimitersWhitelist
please consult config.sample.js
rate limiters will also be now processed before any other middlewares,
as only makes sense
this now properly sets only on the specific pages that deserves to be
cached in cdn
additionally update sample config file to remove warning about
cacheControl option
this is now mature enough to be simply toggled on/off depending on
your own necessity
this will display all information recorded from the specified file, but
only to the users that own them (it requires token)
this page also has a delete file button, allowing us to provide link to
this page for sharex deletion url option
once again, this is only for authenticated users, and will only show
file that the users own, unless said user is a moderator or higher
db is now initiated via utilsController, and gets re-used by main
lolisafe.js script and the other controllers
this should now make sure we only have 1 active db connection pool ever
this is a pretty big refactor due to how we used to reference db,
but it should functionally be identical
this supersedes the old temporaryUploadAges, while maintaining full
backwards-compatibility.
please consult config.sample.js if you want to start using this
instead of only on some arbitrary routes
configurable via config, please check sample, disabled by default
i still recommend configuring from your own http server (nginx, etc.),
if you want to have a more complex per-routes headers
only usergroup and file extension bypass
real file size can't be determined before passthrough scan,
so there's no bypass by max file size
please read the comments in sample config file
refactored utils.clamscan into utils.scan
this is to align with original behavior pre-Helmet v5 update
this only changes sample config file, and fallback values when helmet
option is missing from config file
otherwise decide at your own discretion (refer to the comments)
