Commit Graph

142 Commits

Author SHA1 Message Date
Bobby Wibowo
21d75f71f3
refactor: some cache-control headers related 2022-07-12 06:27:02 +07:00
Bobby Wibowo
af754d7d71
feat: NunjucksRenderer custom middleware class 2022-07-12 06:24:04 +07:00
Bobby Wibowo
7733967624
refactor: errorsController func names 2022-07-12 06:21:21 +07:00
Bobby Wibowo
38d86779ae
refactor: HUGE REFACTOR for hyper-express 2022-07-10 19:46:25 +07:00
Bobby Wibowo
d970f1d0a5
feat: errorsController
errors should instead be passed along to express via next(), to let
express call the errorsController
2022-07-10 14:10:59 +07:00
Bobby
617dc6a056
feat: pre-hold content-disposition before db query 2022-07-06 16:38:35 +07:00
Bobby Wibowo
d31181b4be
refactor: SimpleDataStore.STRATEGIES 2022-07-03 11:08:00 +07:00
Bobby Wibowo
8a1ff434d9
feat: in-memory caching of content-disposition
please read config.sample.js
ignore if not serving files with node or not having the option turned on
2022-07-03 10:35:36 +07:00
Bobby Wibowo
ad4c2c2e96
refactor: overrideContentTypes 2022-07-03 10:23:55 +07:00
Bobby Wibowo
b117fa9ad1
feat: expose utils to nunjucks templates
also fix nunjucks templates not adhering to env vars overrides for
domains config options, because they attempted to read config directly
2022-06-29 13:58:09 +07:00
Bobby
cb2d7b99f7
fix: cache-control was set to all frontend pages
this now properly sets only on the specific pages that deserves to be
cached in cdn

additionally update sample config file to remove warning about
cacheControl option
this is now mature enough to be simply toggled on/off depending on
your own necessity
2022-06-28 13:38:55 +07:00
Bobby
b17b24b159
feat: new page /file/:identifier
this will display all information recorded from the specified file, but
only to the users that own them (it requires token)

this page also has a delete file button, allowing us to provide link to
this page for sharex deletion url option

once again, this is only for authenticated users, and will only show
file that the users own, unless said user is a moderator or higher
2022-06-28 12:03:49 +07:00
Bobby
7463a72840
refactor: lolisafe.js file -> _file 2022-06-28 11:48:22 +07:00
Bobby Wibowo
f37313a84c
fix: verify database dir 2022-06-22 14:23:54 +07:00
Bobby Wibowo
66e44f5eb3
fix: relocate db scripts 2022-06-22 13:54:20 +07:00
Bobby Wibowo
9d4c08e460
feat: some env vars support 2022-06-22 13:27:38 +07:00
Bobby
8799189a04
feat: initiate db connection only once
db is now initiated via utilsController, and gets re-used by main
lolisafe.js script and the other controllers

this should now make sure we only have 1 active db connection pool ever

this is a pretty big refactor due to how we used to reference db,
but it should functionally be identical
2022-06-04 04:21:56 +07:00
Bobby
851eaacd8e
fix(deps): @bobbywibowo/serve-static v0.18.0-alpha
align to versions used in express@4.18.1

additionally no longer always require() the package even when not needed
2022-05-08 13:03:24 +07:00
Bobby
2d147e748b
feat: usergroup-based file retention periods
this supersedes the old temporaryUploadAges, while maintaining full
backwards-compatibility.

please consult config.sample.js if you want to start using this
2022-05-07 02:17:31 +07:00
Bobby
4ecec788d0
feat: console logs of temp uploads check ups 2022-05-07 02:01:33 +07:00
Bobby
b4e32a6001
fix: removed readline dependency
it was honestly never supposed to be written that way
but i very rarely used it so i never noticed

the actual readline module that we use is a node core module
https://nodejs.org/docs/latest-v12.x/api/readline.html#readline_readline_createinterface_options

additionally improved its formatting and whatnot
2022-05-07 01:35:07 +07:00
Bobby
595dd81455
feat: apply access-control-allow-origin globally
instead of only on some arbitrary routes

configurable via config, please check sample, disabled by default

i still recommend configuring from your own http server (nginx, etc.),
if you want to have a more complex per-routes headers
2022-05-02 13:58:04 +07:00
Bobby
007ad3ddc0
feat: allow helmet to be disabled entirely
by setting the config value into an empty object

if otherwise falsy value, old behavior will still be used for
backwards-compatibility
2022-04-30 12:01:12 +07:00
Bobby
86c26cb50c
feat: some bypass support to passthrough scanning
only usergroup and file extension bypass

real file size can't be determined before passthrough scan,
so there's no bypass by max file size
please read the comments in sample config file

refactored utils.clamscan into utils.scan
2022-04-23 04:44:01 +07:00
Bobby
f6a86226a2
fix: re-disable new default helmet modules
this is to align with original behavior pre-Helmet v5 update

this only changes sample config file, and fallback values when helmet
option is missing from config file

otherwise decide at your own discretion (refer to the comments)
2022-04-20 18:37:10 +07:00
Bobby
edb7367ad3
feat: disable reat limits on dev mode 2022-04-16 21:37:39 +07:00
Bobby
d878d161c0
style: dev mode messages 2022-04-16 21:37:17 +07:00
Bobby
6788dc2094
fix: align with clamscan v2 2022-04-15 15:36:50 +07:00
Bobby
be345e3d34
fix: align with express-rate-limit v6 2022-04-15 14:15:32 +07:00
Bobby
06d79a646b
feat: use chokidar with nunjucks during dev
to make nunjucks recompiles templates only when it detects changes,
as opposed to compiling everytime due to not using caching.

reminder that this is NOT a live reload feature!
2022-03-07 01:41:10 +07:00
Bobby
3050de43c4
fix(deps): @bobbywibowo/serve-static
the fork is now named under @bobbywibowo tag to allow it co-existing
with upstream version within the same scope if required

it and @bobbywibowo/send have also been aligned with their respective
latest master commits as of this commit date
2022-03-04 02:57:21 +07:00
Bobby
f6d85b05ac
feat: verify config files exist on startup 2022-03-04 02:04:46 +07:00
Bobby
2ddd97541e
refactor: config.hsts -> config.helmet
this allows full config to the helmet library

it will fallback to old behavior if helmet entry is not found in
config file, but hsts entry is
2022-03-04 02:04:16 +07:00
Bobby Wibowo
dd55d69612
fix: headers already sent errors 2021-01-09 03:50:03 +07:00
Bobby Wibowo
5781c45a3d
refactor: no throw literal in lolisafe.js 2021-01-08 09:20:00 +07:00
Bobby Wibowo
a8cc0b9534
updated lolisafe.js
break loop early
2020-12-27 16:49:22 +07:00
Bobby Wibowo
b63836c89d
Added Content-Type override when serving with node
Closes #274
2020-11-03 23:53:56 +07:00
Bobby Wibowo
f5e70b2d96
Added experimental embedded video.js player thingy 2020-11-03 20:56:32 +07:00
Bobby Wibowo
88f852584c
!! REPLACED ClamAV BACKEND: clamdjs -> clamscan !!
Update your config file!
2020-11-01 06:35:56 +07:00
Bobby Wibowo
47dd512910
Removed custom ESLint curly rule
Sigh, why did you do this, past me..?

Also fixed "Delete uploads by names".
2020-10-31 01:12:09 +07:00
Bobby Wibowo
ff063a5373
Simplified cache-control 2020-10-12 22:02:29 +07:00
Bobby Wibowo
22e6c2c3c6
Updated
Replaced all Array.concat() with spread operator and/or push().
Fixed some faulty search logics when using exclusion filters.
Fixed capitalization of mac font in _variables.scss. Stylelint somehow
fricked up again in my previous commit.
2020-10-11 17:32:22 +07:00
Bobby Wibowo
57207493a2
Fixed setContentDisposition throwing errors 2020-10-02 04:58:35 +07:00
Bobby Wibowo
c8a5f7be16
Added setContentDisposition option
Resolves #192

This added 2 new dependencies:
content-disposition
BobbyWibowo/serve-static

content-disposition:
This has fallback generation for file names that are outside ISO-8859-1.
Plus it was already a sub-dependency due to express to begin with.

BobbyWibowo/serve-static:
A fork of express/serve-static to allow specifying an async setHeaders
function by the name preSetHeaders, that will be awaited before
creating send stream to clients.
2020-09-27 04:33:42 +07:00
Bobby Wibowo
41fb14e865
Added system & node uptime to Statistics menu
src/js/misc/utils.js: Added page.getPrettyUptime().

Updated dependency:
helmet: 3.23.3 -> 4.1.0

lolisafe.js: Disabled CSP by default.
Since helmet 4, CSP would instead be enabled by default.
2020-08-22 01:35:30 +07:00
Bobby Wibowo
cc122f63b8
Updated lolisafe.js
https://blog.fiery.me/recent-disturbance-with-temporary-uploads
Fix for temporary uploads failing forever just due to errors not being
caugh.
2020-05-27 01:18:25 +07:00
Bobby Wibowo
86b51fe5f5
Added Cookie Consent, among other things
This adds Cookie Consent library at public/libs/cookieconsent.

Added views/cookiepolicy.njk.

Added a new config option cookiePolicy. Disabled by default.

Updated views/faq.njk to use variables wherever applicable.
The variables are initiated at views/_globals.njk.
The said file also contains variables used at views/cookiepolicy.njk.

Restored messages about Cloudflare to FAQ.
They will be shown only if config.cloudflare.purgeCache is enabled.

Statistics will now capitalize first letters of the keys instead.

Updated background color of SweetAlert modals.

Moved table styling from dashboard.css to style.css (global),
since table will also be used in Cookie Policy page.

Bumped v1 version string and rebuilt client assets.
2020-05-17 03:35:54 +07:00
Bobby Wibowo
968fd74676
Updated
No longer initiate expired uploads check if
config.uploads.temporaryUploadsInterval is not set.

"yarn delete-expired" will now list names of the expired uploads too.
2020-05-16 21:45:14 +07:00
Bobby Wibowo
38b8109210
Added starting message to lolisafe.js
Most of the times, connecting to ClamAV takes a bit too long and causes
misunderstanding due to a long period of silence
Generally with PM2 logs, due to the lack of indicator
of a successful restart
2020-05-09 14:54:09 +07:00
Bobby Wibowo
ff54f088bd
Added client assets update detection
/api/check and /api/token/verify will now pass along v1 version string
if used (when config.cacheControl is used) for both home.js and
dashboard.js to use to compare version strings.
This should help notify users using browsers with a bit more overbearing
caching (generally mobile browsers).

Rebuilt client assets and bumped v1 version string

Slight update to yarn.lock (a small syntax change for node-gyp, idk why)
2020-04-30 05:56:28 +07:00