Commit Graph

156 Commits

Author SHA1 Message Date
Bobby Wibowo
fc1783fa12
chore: lolisafe.js 2022-07-22 01:12:41 +07:00
Bobby Wibowo
76a73b7e83
refactor: ServeStatic.middleware -> .handler
also moved it from middlewares to handlers directory

reasoning is that this class is better suited to handle routes directly
instead of being a global middleware
since IO stat to check if request path matches a physical file in the
disk every single time is not very performant
2022-07-22 01:12:35 +07:00
Bobby Wibowo
06178cc2c4
chore: lolisafe.js 2022-07-22 01:09:34 +07:00
Bobby Wibowo
30e9227a78
feat: custom pages use ServeLiveDirectory
they now have conditional GET suppor too
2022-07-22 01:09:17 +07:00
Bobby Wibowo
d6020d81ae
feat: serveStatic with accept-ranges support
for streaming support

and with conditional GET support
2022-07-22 00:01:25 +07:00
Bobby Wibowo
33d0428e74
refactor: unset pattern in / middlewares
not having it set equals to having it be on / pattern to begin with
2022-07-21 23:59:46 +07:00
Bobby Wibowo
e7a15ecc47
feat: custom livedirectory middleware
with conditional gets support
2022-07-21 21:13:46 +07:00
Bobby Wibowo
ad22285661
refactor: res.set -> res.header
res.set() is an expressjs-compat function with unnecessary checks for
our use case
2022-07-21 20:28:10 +07:00
Bobby Wibowo
f0856239c3
feat: warn when deprecated rateLimits is in config 2022-07-14 18:34:50 +07:00
Bobby Wibowo
e82cf714dd
fix: cache-control broken with cloudflare setting 2022-07-12 14:52:46 +07:00
Bobby Wibowo
80d59ff2f0
feat: front-end pages middleware
custom pages may now override any built-in pages on the fly as lolisafe
is running

also added internal persistent cache feature into NunjucksRenderer
front-end pages will now be persistently cached during production
2022-07-12 10:31:59 +07:00
Bobby Wibowo
c95173b323
fix(deps): update hyper-express to ~6.2.5
this fixes headers can have duplicates
2022-07-12 08:56:24 +07:00
Bobby Wibowo
79631ce624
feat: RateLimiter custom middleware class
this adds new production dependency rate-limiter-flexible

this deprecates old rateLimits option in config

to use the new rate limiters, the new option is named rateLimiters and
rateLimitersWhitelist
please consult config.sample.js

rate limiters will also be now processed before any other middlewares,
as only makes sense
2022-07-12 08:48:09 +07:00
Bobby Wibowo
b0913eaf59
refactor: ServeStatic custom middleware (WIP)
currently when enabled will force-close lolisafe

i still need to find a decent backend library to make life easier
2022-07-12 06:29:21 +07:00
Bobby Wibowo
21d75f71f3
refactor: some cache-control headers related 2022-07-12 06:27:02 +07:00
Bobby Wibowo
af754d7d71
feat: NunjucksRenderer custom middleware class 2022-07-12 06:24:04 +07:00
Bobby Wibowo
7733967624
refactor: errorsController func names 2022-07-12 06:21:21 +07:00
Bobby Wibowo
38d86779ae
refactor: HUGE REFACTOR for hyper-express 2022-07-10 19:46:25 +07:00
Bobby Wibowo
d970f1d0a5
feat: errorsController
errors should instead be passed along to express via next(), to let
express call the errorsController
2022-07-10 14:10:59 +07:00
Bobby
617dc6a056
feat: pre-hold content-disposition before db query 2022-07-06 16:38:35 +07:00
Bobby Wibowo
d31181b4be
refactor: SimpleDataStore.STRATEGIES 2022-07-03 11:08:00 +07:00
Bobby Wibowo
8a1ff434d9
feat: in-memory caching of content-disposition
please read config.sample.js
ignore if not serving files with node or not having the option turned on
2022-07-03 10:35:36 +07:00
Bobby Wibowo
ad4c2c2e96
refactor: overrideContentTypes 2022-07-03 10:23:55 +07:00
Bobby Wibowo
b117fa9ad1
feat: expose utils to nunjucks templates
also fix nunjucks templates not adhering to env vars overrides for
domains config options, because they attempted to read config directly
2022-06-29 13:58:09 +07:00
Bobby
cb2d7b99f7
fix: cache-control was set to all frontend pages
this now properly sets only on the specific pages that deserves to be
cached in cdn

additionally update sample config file to remove warning about
cacheControl option
this is now mature enough to be simply toggled on/off depending on
your own necessity
2022-06-28 13:38:55 +07:00
Bobby
b17b24b159
feat: new page /file/:identifier
this will display all information recorded from the specified file, but
only to the users that own them (it requires token)

this page also has a delete file button, allowing us to provide link to
this page for sharex deletion url option

once again, this is only for authenticated users, and will only show
file that the users own, unless said user is a moderator or higher
2022-06-28 12:03:49 +07:00
Bobby
7463a72840
refactor: lolisafe.js file -> _file 2022-06-28 11:48:22 +07:00
Bobby Wibowo
f37313a84c
fix: verify database dir 2022-06-22 14:23:54 +07:00
Bobby Wibowo
66e44f5eb3
fix: relocate db scripts 2022-06-22 13:54:20 +07:00
Bobby Wibowo
9d4c08e460
feat: some env vars support 2022-06-22 13:27:38 +07:00
Bobby
8799189a04
feat: initiate db connection only once
db is now initiated via utilsController, and gets re-used by main
lolisafe.js script and the other controllers

this should now make sure we only have 1 active db connection pool ever

this is a pretty big refactor due to how we used to reference db,
but it should functionally be identical
2022-06-04 04:21:56 +07:00
Bobby
851eaacd8e
fix(deps): @bobbywibowo/serve-static v0.18.0-alpha
align to versions used in express@4.18.1

additionally no longer always require() the package even when not needed
2022-05-08 13:03:24 +07:00
Bobby
2d147e748b
feat: usergroup-based file retention periods
this supersedes the old temporaryUploadAges, while maintaining full
backwards-compatibility.

please consult config.sample.js if you want to start using this
2022-05-07 02:17:31 +07:00
Bobby
4ecec788d0
feat: console logs of temp uploads check ups 2022-05-07 02:01:33 +07:00
Bobby
b4e32a6001
fix: removed readline dependency
it was honestly never supposed to be written that way
but i very rarely used it so i never noticed

the actual readline module that we use is a node core module
https://nodejs.org/docs/latest-v12.x/api/readline.html#readline_readline_createinterface_options

additionally improved its formatting and whatnot
2022-05-07 01:35:07 +07:00
Bobby
595dd81455
feat: apply access-control-allow-origin globally
instead of only on some arbitrary routes

configurable via config, please check sample, disabled by default

i still recommend configuring from your own http server (nginx, etc.),
if you want to have a more complex per-routes headers
2022-05-02 13:58:04 +07:00
Bobby
007ad3ddc0
feat: allow helmet to be disabled entirely
by setting the config value into an empty object

if otherwise falsy value, old behavior will still be used for
backwards-compatibility
2022-04-30 12:01:12 +07:00
Bobby
86c26cb50c
feat: some bypass support to passthrough scanning
only usergroup and file extension bypass

real file size can't be determined before passthrough scan,
so there's no bypass by max file size
please read the comments in sample config file

refactored utils.clamscan into utils.scan
2022-04-23 04:44:01 +07:00
Bobby
f6a86226a2
fix: re-disable new default helmet modules
this is to align with original behavior pre-Helmet v5 update

this only changes sample config file, and fallback values when helmet
option is missing from config file

otherwise decide at your own discretion (refer to the comments)
2022-04-20 18:37:10 +07:00
Bobby
edb7367ad3
feat: disable reat limits on dev mode 2022-04-16 21:37:39 +07:00
Bobby
d878d161c0
style: dev mode messages 2022-04-16 21:37:17 +07:00
Bobby
6788dc2094
fix: align with clamscan v2 2022-04-15 15:36:50 +07:00
Bobby
be345e3d34
fix: align with express-rate-limit v6 2022-04-15 14:15:32 +07:00
Bobby
06d79a646b
feat: use chokidar with nunjucks during dev
to make nunjucks recompiles templates only when it detects changes,
as opposed to compiling everytime due to not using caching.

reminder that this is NOT a live reload feature!
2022-03-07 01:41:10 +07:00
Bobby
3050de43c4
fix(deps): @bobbywibowo/serve-static
the fork is now named under @bobbywibowo tag to allow it co-existing
with upstream version within the same scope if required

it and @bobbywibowo/send have also been aligned with their respective
latest master commits as of this commit date
2022-03-04 02:57:21 +07:00
Bobby
f6d85b05ac
feat: verify config files exist on startup 2022-03-04 02:04:46 +07:00
Bobby
2ddd97541e
refactor: config.hsts -> config.helmet
this allows full config to the helmet library

it will fallback to old behavior if helmet entry is not found in
config file, but hsts entry is
2022-03-04 02:04:16 +07:00
Bobby Wibowo
dd55d69612
fix: headers already sent errors 2021-01-09 03:50:03 +07:00
Bobby Wibowo
5781c45a3d
refactor: no throw literal in lolisafe.js 2021-01-08 09:20:00 +07:00
Bobby Wibowo
a8cc0b9534
updated lolisafe.js
break loop early
2020-12-27 16:49:22 +07:00