Commit Graph

160 Commits

Author SHA1 Message Date
Bobby Wibowo
c9ba16e1d6
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.

CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.

JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.

Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.

Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).

The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").

---

yarn lint -> gulp lint

yarn build -> gulp default

yarn watch -> gulp watch

yarn develop -> env NODE_ENV=development yarn watch

---

Fixed not being able to demote staff into normal users.

/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).

Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.

Removed is-breeze CSS class name, in favor of Bulma's is-info.

Removed custom styling from auth page, in favor of global styling.

Removed all usage of style HTML attribute in favor of CSS classes.

Renamed js/s/ to js/misc/.

Use loading spinners on dashboard's sidebar menus.

Disable all other sidebar menus when something is loading.

Changed title HTML attribute of disabled control buttons in
uploads & users list.

Hid checkboxes and WIP controls from users list.

Better error messages handling.
Especially homepage will now support CF's HTTP error codes.

Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.

Use Gatsby icon for my blog's link in homepage's footer.

A bunch of other improvements here & there.
2019-09-15 13:20:11 +07:00
Bobby Wibowo
264bd88e88
Updated
Improved performance of /api/users/:id (admin's manage users).

Promisify fs.writeFile.

Improved performance of /api/stats.
By a lot in Linux, cause uploads size will be deferred to "du" binary.
In addition, total usage of whichever disk uploads path resides on will
also be queried using "df" binary.
Non-Linux will have to rely on manual calculation by querying DB
for each upload's size.
But logics related to uploads stats were also improved to be almost
twice as fast as before.

Improved parsing of /api/stats results on dashboard.js.
This allows ease of extending server's response by not having to update
dashboard.js by much, if at all.

Improved codes relating to item menus in dashboard's sidebar.
Finally much cleaner now 👍

No longer use /api/upload/delete API route from dashboard.
Single file deletion and bulk files deletion, both from uploads list or
by names, will now properly use a single function that will use
/api/upload/bulkdelete API route.

/api/upload/delete will still be kept indefinitely for backward support.

Fixed oddities with Select all checkbox.

Replaced all instances of modifying HTML element's style attribute with
adding/removing is-hidden CSS helper class.

Rephrased all instances of "files" to "uploads" in any display strings.

Fixed notice message when server is on private mode.

A few other improvements.
2019-09-10 23:31:27 +07:00
Bobby Wibowo
02e2e402c3
!!! MASSIVE OVERHAUL !!!
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.

Notable changes:

Added temporary uploads.

Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.

A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
2019-09-08 08:56:29 +07:00
Bobby Wibowo
7e3d177d00
Updated
Added logger.js to format console logs (adding timestamps).

Re-ordered modules loading in lolisafe.js, and a few other minor edits.

Updated dev dependencies.

A few other minor edits.
2019-08-27 00:02:06 +07:00
Bobby Wibowo
3a398721b5
Updated
* Replaced all instances of getElementById and getElementsByClassName
with querySelector or querySelectorAll.

* Updated utilsController.js to stop disabling
no-async-promise-executor eslint rule.

* Removed unused lines in dashboard.njk.

* Refactored maxFileSize to maxSize in home.{css,js,njk}.

* Updated ClamAV codes in lolisafe.js. No more pinging.
Since querying version will also check connection anyway.

* Option "Upload to album" in homepage is now selectable.
Selecting this option will restore the uploader to not associate files
with an album.

* Fixed uploader to properly respect server's max file size.
Also updated error message of file size to use MB instead of MiB.

* Creating an album from homepage will automatically select the album.

* Updated Dropzone.js to v5.5.0.

* Bumped v1 & v3 version strings.

* Various other small fixes.
2019-08-20 09:16:34 +07:00
Bobby Wibowo
e6bb94692b
Oversights 2019-08-04 06:42:35 +07:00
Bobby Wibowo
6496b03b71
Updates
Updated deps.

Re-enabled eslint rule no-async-promise-executor.
Updated some codes to follow the said rule.
Though I had to disable the rule in a line at utilsController.js
due to complexity.
I'll give it more thoughts in the future.

Bumped v1 version string.
2019-08-04 06:37:55 +07:00
Bobby Wibowo
62b00210dc
Updated uploadController.js
Removed unnecessary slash from thumb URLs.
2019-07-26 23:54:45 +07:00
Bobby Wibowo
add2970ae6
Updated
uploadController.js:
+ Close connection earlier when there are no upload when querying them.

dashboard.css + style.css:
+ Updated styling involving pagination and progress bar.

dashboard.js:
+ Fixed dashboard failing to handle cases where a user attemp to load
a next page when there are not enough uploads available.
+ Added a simple loading message as a placeholder when trying to view
Stastistics menu, since it may take a while in big servers.

bulma.min.css + LICENSE:
+ Updated bulma from 0.7.2 to 0.7.5.

_globals.njk:
+ Bumped v1 and v3 version strings.
2019-06-19 01:48:30 +07:00
Bobby Wibowo
f6cef67d9f
Updated
+ Do not query users table twice when filtering by usernames.
+ Removed redundant logic.
2019-06-18 02:48:42 +07:00
Bobby Wibowo
06ac31d02e
Updates (dashboard)
+ Better pagination.
+ Added more advanced filtering system in Manage Uploads.
It now supports filtering with multiple usernames and/or IPs.
It also supports refining the matches with wildcards.

Todo?
Perhaps add simple file name filtering for regular users in the future?
2019-06-18 02:34:15 +07:00
Bobby Wibowo
f48cbd1960
Updates
config.sample.js + uploadController.js:
+ Added option uploads > storeIP to toggle whether to store uploader's
IPs into the database.

uploadController.js + dashboard.js:
+ Added IP column when listing all uploads.
+ Improved album query when listing uploads. In addition, no longer
query album when listing all uploads.
+ Delegate some tasks to client when listing uploads to save server's
processing power, kek.
Such as building the file's full URLs, and assigning album/user names.

_globals.njk:
+ Bumped v1 version string.
2019-06-04 07:57:37 +07:00
Bobby Wibowo
ecb8afbe40
Updates
Updated fontello (added block and doc-inv icons).

Upload results will now show either doc or block icon on top of the
file name depending on the status of the upload
(unless the uploads are images, in which case they will still show
thumbnails instead).

Added support for customizable timeout and chunkSize options for ClamAV
scanning to the config file.

Bumped v1 and v3 version strings.
2019-04-18 16:06:14 +07:00
Bobby Wibowo
13081ef38a
Re-worked caching for statistics
I guess I'll work on adding charts someday.
2019-04-12 07:45:33 +07:00
Bobby Wibowo
b7600ec3fb
Restored DuckDuckGo's proxy for URL uploads
Yes.

This gets rid of HEAD request prior to downloading the URL.

We will no longer check for Content-Length header, instead we will
forcibly limit maximum download size for the download stream to the
configured value.

So assuming someone try to download a bigger file, it will still try to
download up to the configured size, but then fail.

This will also speed up the general download process since sending HEAD
request delayed the whole operation.
2019-04-11 22:27:45 +07:00
Bobby Wibowo
3e336e8c6d
Updates
Got rid of caching of statistics.
The previous implementation wasn't perfect, and too lazy to improve it.
2019-04-06 00:42:38 +07:00
Bobby Wibowo
8c3fb78135
Upates
* Added Statistics menu to Administration items in dashboard.

* Added /api/stats route.

Imo, my implementation of this whole thing is rather dirty-ish, but hey
as long as it works.

I'll be using lolisafe2 for future devs tbh.
2019-04-06 00:32:52 +07:00
Bobby Wibowo
d5c24165cf
Updates
Updated Cloudfalre's cache purge utility.
It will now split URLs into chunks of 30 URLs which then will be purged
one chunk at a time.
I just found out Cloudflare's API have a limit of 30 URLs for the API.
2019-01-31 16:29:34 +07:00
Bobby Wibowo
8780d6429b
Updates
NoJS uploader will now display the original file names in the results.

lolisafe.js will now automaticaly purge Cloudflare's cache of frontend
pages everytime it launches.
Of course this only applies when cacheControl is on in config file.
This sorta makes scripts/cfpurge.js script obsolete.
2019-01-09 17:11:45 +07:00
Bobby Wibowo
2b0969dc77
Updates
Updated keys for local storage. They're now using camel case.
Not sure why I didn't use camel case in the first place.

View type and selected files of Uploads and Manage uploads (your own
uploads and all uploads, respectively) are now stored separately.

Added "filter by username" in Manage uploads.

Added "jump to page" in all uploads/users view.

Updated fontello (added filter icon).

Bumped v1 and v3 version string, due to dashboard.js and fontello
respectively.

Curly rule fix for routes/nojs.js.
2019-01-03 11:49:56 +07:00
Bobby Wibowo
31a6940ab4
Updates
Added pagination to uploads and users list.
With that, /api/uploads and /api/users API routes will now add "count"
property to their response object.

Enabled Delete user button in users list.
With that also added /api/users/disable API route.
As usual, you can only disable users whose usergroup is lower than
your own.

Click event will no longer trigger on "disabled" elements (basically any
elements with "disabled" attribute).

Changed all arrow functions into regular functions in public JS files
(there were only a few that I somehow missed).

Bumped v1 version string.
2019-01-02 02:39:08 +07:00
Bobby Wibowo
00a4e44758
Updates 2018-12-20 19:25:41 +07:00
Bobby Wibowo
d723c0f562
Updates [!! update config.js !!]
Added extended support for URL uploads.
Namely URL proxy support and separate extensions filter (as in separate
from the primary extensions filter).
There's also a new option to set a disclaimer message that will be
printed underneath the URL uploads form.

Trust proxy is now toggleable from the configuration file.
I think they should only be enabled when you're behind proxy such as
Cloudflare or Incapsula.
I'm not sure how it behaves with only a bare nginx reverse proxy though.

Empty files can now be filtered.

Sorted preset extensions filter in config.sample.js.

Rephrased some options in config.sample.js as well.

maxTries now default to 3 in config.sample.js.

Various other small changes.
2018-12-20 18:53:37 +07:00
Bobby Wibowo
89ec426e71
Removed lines related to DuckDuckGo's proxy
I think I've let them sit for like a week or so. It should've been
enough of a buffer time for everyone else.
2018-12-19 01:19:04 +07:00
Bobby Wibowo
f3d1aa1c8c
Updates
Some small fixes

Removed GET route of /upload/delete.
I first wanted to implement a ShareX-compatible deletion URL,
but then I figured I'd need to setup delete token system,
and I was like, "screw that, I don't even use ShareX",
so yeah.
2018-12-19 01:14:24 +07:00
Bobby Wibowo
00cbd3e76c
Updates
Updated ESLint rule: curly, again.
Mainly to also enabled "consistent" rule, which enforces curly into
else/elseif blocks, if its if block requires curly.

Added support for GET requests to /api/delete route.
Its usage is /api/delete/identifier, where identifier is the filename.
Though just like its POST route, it needs token in the header.
2018-12-19 00:41:42 +07:00
Bobby Wibowo
52d336cc45
Updated ESLint rule: curly
No more enforced curly for if/else/for/while/do blocks w/ one statement.

With that said, auto-fixed all JS files to follow the rule.

I'd also like to apologize for the inconveniences this commit cause,
after all it was me who intentionally enforced curly rule back then.

Why the change of heart?
After doing some more non-JS codes recently, I realized it was
pretty stupid of me to enforce that.
2018-12-19 00:01:28 +07:00
Bobby Wibowo
7665836ef4
Updates
Added total size to album public pages.
2018-12-13 20:31:24 +07:00
Bobby Wibowo
4193921b4e
Updated uploadController.js
The GET task of URL uploads will now limit the maximum size of the response body by the size reported in Content-Length header of the HEAD task.
This relies on node-fetch's way of handling it. I don't know the magic behind it.
2018-12-09 01:01:08 +07:00
Bobby Wibowo
53789a20c2
Updated uploadController.js
DuckDuckGo's proxy is no longer supported as it stops reporting Content-Length header, which is crucial so that the safe could predict the actual file size before downloading it.

If you have it enabled in your config file, it will now close the safe with error code 1. You can either disable url uploads completely or just disable duckduckgo's proxy (though I believe not many will choose the latter as to begin with it was implemented to hide origin IP).
2018-12-09 00:55:04 +07:00
Bobby Wibowo
9eb9ac288d
Updated uploadController.js
scanFiles() will now remove delete allocated identifiers from cache if the files are dirty.
2018-12-08 10:56:23 +07:00
Bobby Wibowo
d1a3935edb
Updated uploadController.js 2018-12-08 07:38:42 +07:00
Bobby Wibowo
2fab5becb0
Updates
Disabling cacheFileIdentifiers will now restore the old behavior of having less strict collision checks.
Fulfills https://github.com/BobbyWibowo/lolisafe/issues/12.
2018-12-08 07:38:12 +07:00
Bobby Wibowo
07b4ef8fc2
Updates
Added a new config entry named "cacheFileIdentifiers". More info in config.sample.js file.

Improved some descriptions in config.sample.js file.

Added some CSS animations wherever applicable.

Bumped v1 version string.
2018-12-04 18:58:53 +07:00
Bobby Wibowo
6af52341c9
Init ids-cache branch 2018-12-03 16:18:52 +07:00
Bobby Wibowo
6543a87b11
Updates
Reworked unique name generator to prevent the same unique identifier from being used if it was already used with a different extension (e.i. If a file named aBcD.jpg already exists, then files such as aBcD.png or aBcD.txt may not exist).
This is mainly to deal with the fact that thumbnails are only being saved as PNG, so if the same unique name is being used by multiple image/video extensions, then only one of them will have the proper thumbnail.
If you already have existing files with matching unique name but varying extensions, unfortunately you can only deal with them manually for now (either allocating new unique names or deleting them altogether).

Added a new config option to filter files with no extension.

Files with no extensions will no longer have their original name appended to the allocated random name (e.i. A file named "textfile" used to become something like "aBcDtextfile", where "aBcD" was the allocated random name. Now it will only just become "aBcD").
In relation to that, utils.extname() function will now always return blank string if the file name does not seem to have any extension.
Though files such as '.DS_Store' (basically anything that starts with a dot) will still be accepted.
Examples:
.hiddenfile => .hiddenfile
.hiddenfile.sh => .sh
.hiddenfile.001 => .hiddenfile.001
.hiddenfile.sh.001 => .sh.001

Simplified error messages of /api/upload/finishchunks.

Most, if not all, of the error responses for /api/upload* will now have HTTP status code 400 (bad request) instead of 200 (ok).
I plan to generalize this for the other API routes in the future.

Updated home.js to properly handle formatted error message when the response's status code is not 200 (ok).

Bumped v1 version string (due to home.js).
2018-11-29 00:52:12 +07:00
Bobby Wibowo
fcf4c00de7
Moved permission-related functions to permissionController
Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 18:06:58 +07:00
Bobby Wibowo
c3d4c237cb
Init account-manager branch 2018-10-10 02:52:41 +07:00
Bobby Wibowo
5bd343638a
Updates
Moved utils.getPrettyBytes() and utils.getPrettySize() to client's dashboard.js.

Thus, server will no longer return prettified size and date (it'll be prettified by the client instead).

To be honest, I don't even know why I had them in server-side, it's obviously better this way.
2018-10-09 01:54:16 +07:00
Bobby Wibowo
e2831f2181
Updates
* uploadController.js: expect some multer error codes and don't log their stack traces to console when they occur.

* yarn.lock: added integrity field (yarn's new addition).
2018-10-08 23:14:10 +07:00
Bobby Wibowo
30c011ce5c
Replaced snekfetch with node-fetch 2018-09-23 23:28:15 +07:00
Bobby Wibowo
d875a604be
Updated uploadController.js
Updated virus scan handling.
Virus name will now be reported to its uploader.
On the rare chance clamd suddenly dies while the safe is still running, it will now print a message to uploader with the error code, and telling them to contact sysadmin.
2018-09-20 17:45:16 +07:00
Bobby Wibowo
65442c18c5
Reworked extension parsing
Removed "path-complete-extname" module in favor of an in-house solution, utilsController.extname().

For now the function will attempt to preserve multi-archive extensions (.001, .002, and so on), as well as some known tarballs (.tar.gz and the likes).

The function will always return lower case extension. It should be fine, but do keep it in mind.
2018-09-18 02:32:27 +07:00
Bobby Wibowo
b47bbb90d6
Updated uploadController.js
Fixed upload breaking when clam scanning is disabled. This was due to me forgetting to update the if-logic after switching from "clam-engine" to "clamdjs", since the latter made me have to re-format the config option due to it also having IP and port.
2018-09-15 04:40:58 +07:00
Bobby Wibowo
56bdd08ee7
Init 'browser-ecma5' branch (#7)
* Downgraded ecma version of client-side scripts to v5. This change means no more backtick strings and some others.

* Massively modified auth.js, dashboard.js and home.js to support the downgrade (dashboard.js had the most changes).

* Removed enter key event handler from auth page. The previous code had some small issues. I'd rather not have the handler than let the issues persist. I'll eventually look into adding this again in the future.

* Updated uploadController.js to handle some invalid requests into /api/delete and /api/bulkdelete.
2018-09-04 22:49:37 +07:00
Bobby Wibowo
a207c4a806
Init 'clamdjs' branch (#8)
Use clamdjs module instead of clam-engine. This module connects to clam daemon server.
2018-09-04 22:48:24 +07:00
Bobby Wibowo
36da76357e
Updates
* Added an experimental virus scanning feature using ClamAV. This has only been tested with an Ubuntu machine.

* File extensions will now be parsed with path-complete-extname module. This will ensure extensions such as .tar.gz are properly parsed.

Notice: It may take a minute or so to start the safe with virus scanning, as apparently the module takes a while to create the engine. I'm guessing since it'll be loaded to memory? Either way, once the engine is created, everything should work fine. Virus scanning should also not have that much of an impact to the upload time.
2018-09-02 03:37:26 +07:00
Bobby Wibowo
be0167f4d4
Updated uploadController.js 2018-07-12 13:52:31 +07:00
Bobby Wibowo
b2d9efa744
Updated uploadController.js 2018-07-12 13:38:43 +07:00
Bobby Wibowo
917afdf7a8
Updated uploadController.js
Fixed a bug where error messages related to multer would not be displayed properly (it would instead print "undefined").
2018-07-12 13:34:22 +07:00