Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2024-12-14 16:36:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,833 Commits 13 Branches 4 Tags 41 MiB
2952765513
Commit Graph

511 Commits

Author SHA1 Message Date
Bobby
47727f3ca8
feat: allow specifying api token in nojs uploader 2022-09-21 08:03:28 +07:00
Bobby
7147afc309
feat: better props override for auth helepr functs 2022-09-21 08:02:13 +07:00
Bobby
ffe6d6ed88
feat: console log incoming requests on dev mode 2022-09-21 07:44:40 +07:00
Bobby
bf077f4aa3
fix: typos in ServeStatic.js 2022-09-21 06:09:27 +07:00
Bobby
cc5625fabf
fix: url upload fetch timeout failsafe 2022-09-14 06:04:18 +07:00
Bobby
93dc820368
feat: fetch() with AbortController for timeout 
to be used with URL uploads

please consult the comments in the source files

this adds new dependency abort-controller
 2022-09-14 01:33:31 +07:00
Bobby
3df67f87be
feat: timeout url uploads to 10s 
uwebsockets.js has a 10s timeout of no communication between client and
server, for it to simply drop the connection

there's no point waiting any further at that point since we can't reply
to client anymore
 2022-08-24 04:37:13 +07:00
Bobby
6ad8ed7ae6
fix: only accept files upload with files[] field 
was always supposed to only accept said field, but i forgot to include
the logic during migration from expressjs to hyper-express
 2022-08-24 04:17:07 +07:00
Bobby
96522a425f
chore: indents 2022-08-23 15:16:02 +07:00
Bobby
ab4f8263de
feat: ignore option for ServeStaticQuick class 2022-08-23 15:13:04 +07:00
Bobby
414afc7ae6
feat: allow specifying root path in serve classes 
when used on non-root paths
 2022-08-23 15:12:25 +07:00
Bobby
ff7ec4aeaf
fix: /users/edit throw with empty edits 2022-08-23 15:09:47 +07:00
Bobby
09fea107f3
feat: env SERVE_STATIC_QUICK=0 yarn start 
restore an older behavior of serving static files with
ServeLiveDirectory middleware instead of ServeStaticQuick, in case of
issues with streaming files from disk via createReadStream

if you do encounter this issue, serving uploaded files with node will
likely encounter issues as well, but you can choose to serve them
directly with nginx, etc., so i guess it's not beyond hope
 2022-08-21 21:23:14 +07:00
Bobby Wibowo
bd71035517
fix: missing cpu temp and swap logic 2022-08-19 10:48:45 +07:00
Bobby Wibowo
991cfe134e
feat: add cpu temp and swap memory to statistics 
temp is currently hard-coded to C

also increased system info caching to 1s
 2022-08-19 10:38:24 +07:00
Bobby Wibowo
86d9db3137
feat: split service info in statistics 
additionally add cpu detail in system info
 2022-08-19 10:18:35 +07:00
Bobby Wibowo
ea30e5dee5
feat: enable persistent cache for nojs uploader 
also slight improvement to NunjucksRenderer class
 2022-08-19 09:50:08 +07:00
Bobby Wibowo
0d05da40b0
fix: fallback deletion url to relative path 
if homeDomain is not configured via config file or env var

the deletion url is a frontend page, so it cannot simply assume it's on
the same domain as uploaded files
 2022-08-19 09:29:11 +07:00
Bobby Wibowo
6c929efa7b
fix: less strict missing token header check 
previously would still assume token is provided when the header is
simply an empty string, which may be unavoidable for some clients
 2022-08-19 07:30:32 +07:00
Bobby Wibowo
59c5c8b7b0
fix: guest uploads hanging 
caused by auth middleware not passing the request when token is missing
 2022-08-19 07:01:45 +07:00
Bobby Wibowo
8142eae9df
refactor: /users/{delete,disable,edit} API routes 
simplify self.assertPermission function to only assert permission

fixed hard-coded "root" user protection not being asserted first
 2022-08-09 17:51:31 +07:00
Bobby Wibowo
0a62002a6e
fix: re-create "root" user if users table is empty 
previously it'd always re-create it if "root" user itself is missing
from users table

this facilitates not having "root" user altogether
 2022-08-09 17:28:21 +07:00
Bobby Wibowo
6ff735badb
feat: wrap add to album db query in transaction 
additionally allow superadmins to arbitrarily add/remove files to/from
albums via manual API calls, instead of only allowing root user
 2022-08-09 17:18:56 +07:00
Bobby Wibowo
4907ef9ad7
chore: indent albumsController.js 2022-08-09 17:00:26 +07:00
Bobby Wibowo
edf7c091e4
feat: wrap upload db insert within transaction 2022-08-09 16:57:55 +07:00
Bobby Wibowo
d8b78d29ed
feat: hard-code prevent registering as "root" 
and allow migration script to not throw when root user is missing

this facilitates safely removing root user altogether via database query
if you don't use it
 2022-08-08 06:22:18 +07:00
Bobby Wibowo
253042e24e
fix: improve filtering uploads by album ids 
database logic and dashboard display
 2022-08-08 06:08:40 +07:00
Bobby Wibowo
b21fa66e59
fix: possible event listeners memory leak 2022-08-05 00:54:44 +07:00
Bobby Wibowo
c6c485447f
feat: token failure rate limit on login/register 
also removed default 2 reqs in 5s rate limiter for login/register routes
from sample config, as it's pretty much redundant now
 2022-08-04 23:34:58 +07:00
Bobby Wibowo
a406f85215
feat: rate limit token auth failures 
hard-coded to max 6 failures in 10 minutes
 2022-08-04 23:09:14 +07:00
Bobby Wibowo
3e0aa1361d
fix: detect uploads timed out by uwebsockets 2022-08-04 22:08:40 +07:00
Bobby Wibowo
7381cac0e9
chore: indents and comments 2022-08-04 21:59:50 +07:00
Bobby Wibowo
d7d6a29123
feat: cleaned up routes init 
asserting auth and JSON body will now be done via route-specific
mini middlewares (authController's requireUser or optionalUser)
 2022-08-04 21:59:06 +07:00
Bobby Wibowo
2351528a42
fix: redundant logic 2022-08-03 17:31:49 +07:00
Bobby Wibowo
46c8867223
fix: internally prepend chunksData UUID with IP 
even less chance for a collision to occur
 2022-08-03 17:28:42 +07:00
Bobby Wibowo
0ebefe083a
refactor: removed clamscan passthrough support 
unfortunately it simply was not reliable enough

and maintaining it is simply adding more complexity to the codes

moreover it was only possible to passthrough regular non-chunked uploads
 2022-08-02 16:19:57 +07:00
Bobby Wibowo
164cadd8b9
feat: increased regular users' max sort keys to 2 
possible use case, sorting by albumid, then size

moderators and above still have no limits
 2022-08-01 15:21:23 +07:00
Bobby Wibowo
ac38b6f06e
feat: if sort uploads by album id, sort null last 
also improved indenting on some lines of codes
 2022-08-01 15:20:14 +07:00
Bobby Wibowo
323c107f64
fix: ServeStatic 
init setContentDisposition and setContentType functions immediately as
private functions to reduce complexity

so instead check for the required map/store before using them

also fixed content-type override ending up with duplicate headers
 2022-08-01 07:29:49 +07:00
Bobby Wibowo
21ec4a7479
fix: 416 status code handling 2022-07-31 16:46:35 +07:00
Bobby Wibowo
0598a63989
refactor: serve handlers/middlewares 
moved shared codes into serveUtils to reduce complexity
 2022-07-31 16:34:06 +07:00
Bobby Wibowo
527498bb1e
perf: list albums db query 2022-07-31 15:55:27 +07:00
Bobby Wibowo
285e79c5a7
feat: configurable uploads/albums/users per page 
please check sample.config.js for new options

if missing from config, defaults to 25 per page (old defaults)
 2022-07-31 15:51:32 +07:00
Bobby Wibowo
2389974c7d
feat: ServeStaticQuick 
chokidar is now a production dependency

please read the comments in ServeStaticQuick.js for a description of
what the class does

public and dist directories are now served with that class by default

before starting hyper-express on the listen port, await for all
ServeLiveDirectory and ServeStaticQuick instances
 2022-07-31 14:31:25 +07:00
Bobby Wibowo
d40d1e396f
fix: ServeStatic with zero bytes files 2022-07-31 14:17:06 +07:00
Bobby Wibowo
b1566c5abf
refactor: ServeLiveDirectory 
ensure forward slashes path

refactored init method

ensure internal res.type is set before attempting to call external
setHeaders function, to allow overrides
 2022-07-31 14:08:13 +07:00
Bobby Wibowo
b9badcc944
fix: ServeStatic ensure forward slashes path 2022-07-31 14:06:17 +07:00
Bobby
4591b8bb42
refactor: generateUniqueToken -> getUniqueToken 
this now matches lifecycle with similar functions in upload and album
controllers

also added a new util function .mask() for basic string masking
 2022-07-30 08:37:57 +07:00
Bobby
b7dcf30578
feat: console logs for identifiers on debug only 2022-07-30 08:35:26 +07:00
Bobby
548af312a7
chore: authController.js 2022-07-30 08:02:17 +07:00