Uploads thumbs view (dashboard) will no longer use smooth scrolling on
page change, etc.
This used to cause all thumbs to be loaded anyway when navigating with
its bottom pagination bar.
Bumped v1 version string.
---
Updated dependency:
systeminformation: 4.14.17 -> 4.15.3
Auto-close some Sweetalert success dialogs after 1.5s.
Fixed edit user not displaying user's new username properly.
Disabled eslint-plugin-compat on some lines that won't work in
Safari 5.1.
Optionally look into not supporting the browser altogether.
Bumped v1 version string.
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.
All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.
Fortunately, they were only used in API routes that required staff
(moderators included) accounts.
---
Updated dependency:
helmet: 3.21.1 -> 3.21.2
Updated sample API rate limits.
This will pretty much be the same ones used live in safe.fiery.me.
This rate limits ALL API calls to 10 requests per second,
but apply stricter limits to login & register endpoints, which are
2 requests per 5 seconds.
Also apply stricter limit to album ZIP download endpoint to
4 requests in 30 seconds.
Also removed forcing 200 HTTP status code from the error responses,
cause front-end will now handle any HTTP status codes properly.
It was previously set to 200 cause frontend couldn't handler
errors properly.
On a side note, rate limiting all API calls is important due to the fact
that any token-based endpoints can be used for brute-forcing tokens.
Some server firewalls can also be used to ban possible brute force
attacks through actively monitoring the HTTP server's access logs,
so you may also want to consider that kind of solution for your site
instead.
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.
Upgrade stylelint dev dependency.
Bumped v1 version string.
Disable jump to page input when there is only 1 page.
Disable prev/next pagination buttons if applicable.
Updated styling of disabled inputs.
Bumped v1 version string.
Added delete user feature.
API: /api/users/delete
json: id<number>, purge[boolean]
By default will not purge out files, but will still clear userid
attribute from the files.
All associated albums will also be marked, and have their ZIP archives
be unliked, if applicable.
Fixed purging albums not properly reporting amount of associated files
that could not be removed, if any.
Fixed moderators being able to disable users by manually sending API
requests, if they at least know of the user IDs.
They could only disable regular users however.
* Changed colorscheme to black (experimental).
* Fixed ClamAV failing to report names of dirty files.
* Removed built-in support for Google site verification (globals.njk).
Just use HTML verification with public directory,
or manually edit home.njk.
* Bumped v1 version string.
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.
Added 2 new entries to todo.md.
Don't check "Select all" checkbox in dashboard when there are no
uploads.
Bumped v1 version string.
Fixed Gulp not rebuilding fontello CSS on development mode.
Updated dashboard's thumbs view to only call LazyLoad's update function
once.
Bumped v1 version string.
Manually parse date to actually print the dates in current timezone.
I actually never intended it to use UTC.
I wasn't really paying attention...
Also during development, shortened version will be used instead,
which is basically only showing hours, mins, and secs.
It will be shown when token is still being verified.
Moved loader icon section from auth.njk to _partial/loader.njk,
which will also be included into dashboard.njk.
Bumped v1 version string.
Added another todo entry.
Added required attribute to input file in No-JS uploader. This should
prevent submission when clicking Upload button before selecting any
files.
Removed built-in "safe" filter from some fields in nojs.njk, cause they
were unnecessary.
Added gulp-replace dev dependency.
Removed version strings of Fontello fonts from fontello.css
Added "build:fontello" Gulp task which will append version string to
Fontello fonts, then do the usual processing for CSS file.
It will use type 5 from versions.json, if available.
Also updated src/README.md about it.
Removed version strings from _globals.njk,
in favor of src/versions.json.
That versions in that file can be bumped with "yarn bump-versions".
v1 is automatically bumped when doing "yarn build" as well.
Added README file in src directory, explaining versions.json file.
Added README file in scripts directory, detailing usage of each scripts.
Version strings will no longer be appended when cacheControl is disabled
in config file.
After all, version strings are only needed when the static assets are
cached indefinitely in users' browsers.
Initial Cloudflare's cache purging will no longer be executed when
cloudflare -> purgeCache is disabled, even if cacheControl is enabled.
Just in case someone wants to use version strings for other use cases.
Actually use custom metaDesc variable on meta description tag.