Commit Graph

110 Commits

Author SHA1 Message Date
Bobby Wibowo
896f74e0ca
allow overriding location of chunks
Closes #302
2020-11-10 01:07:10 +07:00
Bobby Wibowo
c16dac81ea
Updated config.sample.js
Didn't mean to have it enabled by default
2020-11-03 23:56:04 +07:00
Bobby Wibowo
b63836c89d
Added Content-Type override when serving with node
Closes #274
2020-11-03 23:53:56 +07:00
Bobby Wibowo
21fae10306
Updated config.sample.js 2020-11-01 07:38:36 +07:00
Bobby Wibowo
88f852584c
!! REPLACED ClamAV BACKEND: clamdjs -> clamscan !!
Update your config file!
2020-11-01 06:35:56 +07:00
Bobby Wibowo
57207493a2
Fixed setContentDisposition throwing errors 2020-10-02 04:58:35 +07:00
Bobby Wibowo
ce599aea19
Updated config.sample.js
It was weird to have both cacheFileIdentifiers and
queryDbForFileCollisions enabled by default.
2020-09-27 05:24:48 +07:00
Bobby Wibowo
ea15b145b1
Added alt stricter file name collision checks 2020-09-27 05:18:42 +07:00
Bobby Wibowo
c8a5f7be16
Added setContentDisposition option
Resolves #192

This added 2 new dependencies:
content-disposition
BobbyWibowo/serve-static

content-disposition:
This has fallback generation for file names that are outside ISO-8859-1.
Plus it was already a sub-dependency due to express to begin with.

BobbyWibowo/serve-static:
A fork of express/serve-static to allow specifying an async setHeaders
function by the name preSetHeaders, that will be awaited before
creating send stream to clients.
2020-09-27 04:33:42 +07:00
Bobby Wibowo
69664b05c2
Clean ups 2020-07-03 22:55:43 +07:00
evanmn
603c9f54e2
Update config.sample.js 2020-07-03 22:50:24 +07:00
Evan McCarthy
8ea0e491cd
add docker-compose stack 2020-07-03 22:50:24 +07:00
Bobby Wibowo
bd3c86c1bb
Fix typos in config.sample.js 2020-06-26 13:58:23 +07:00
Bobby Wibowo
a93e34bf87
Init cf-api-token 2020-06-26 13:48:15 +07:00
Bobby Wibowo
585331c6e5
Added timeout on chunked uploads
The service will now automatically clean up any leftover data from any
inactive & unfinished chunked upload attempts.

Updated config.sample.js for updated description and new sub-option
for chunkSize option.
2020-06-15 23:48:43 +07:00
camjac251
776414814d add user config option for thumbnail size 2020-06-01 04:17:23 -05:00
Bobby Wibowo
62a977542e
Switched to BLAKE3 for file hashing [MORE]
UPDATE YOUR CONFIG FILE IF YOU USE CHUNKED UPLOADS!
Read more about this at the end.

Added new dependency: blake3

Hashes will be created as the uploads are being written to disk.
With exception for chunked uploads!
For them specifically, their hashes will be created as they're being
rebuilt into a single file.
Should still be a lot better than the previous case where it had to
re-read the already written files.

To support that feature, added a new file
controllers/multerStorageController.js.
It's just a custom storage engine for Multer.

chunkSize option now allows setting max chunk size from config file.
Previously it was hardcoded to 95MB, but assuming you have paid
Cloudflare plans, you can actually have up to 500MB.

Also moved the option to be after maxSize and before urlMaxSize.
Made a lot more sense to me this way, as chunked uploads only work on
regular uploads.

Updated v1 version string and rebuilt client assets.
2020-05-29 02:52:58 +07:00
Bobby Wibowo
86b51fe5f5
Added Cookie Consent, among other things
This adds Cookie Consent library at public/libs/cookieconsent.

Added views/cookiepolicy.njk.

Added a new config option cookiePolicy. Disabled by default.

Updated views/faq.njk to use variables wherever applicable.
The variables are initiated at views/_globals.njk.
The said file also contains variables used at views/cookiepolicy.njk.

Restored messages about Cloudflare to FAQ.
They will be shown only if config.cloudflare.purgeCache is enabled.

Statistics will now capitalize first letters of the keys instead.

Updated background color of SweetAlert modals.

Moved table styling from dashboard.css to style.css (global),
since table will also be used in Cookie Policy page.

Bumped v1 version string and rebuilt client assets.
2020-05-17 03:35:54 +07:00
Bobby Wibowo
19b4a5e217
Updated Linux-only disk stats
Restore disk usage stats even when config.linuxDiskStats is off

The said config will now only toggle the 'extended' stats which are
disk usage of each directories within the uploads directory
2020-05-02 19:28:13 +07:00
Bobby Wibowo
325ccfac81
Added config option to enable linux disk stats
The option is disabled by default.
Meaning you need to explicitly set it to true to restore
the old behavior.

The one that uses both "df" and "du" binaries.
I found them to be very slow with 100k+ uploads
on my ancient potato server.
2020-04-08 07:08:18 +07:00
Bobby Wibowo
46fa9677ff
Extended configuration for virus scanning
Added whitelist extensions
Added max size limit
2020-04-04 21:20:01 +07:00
Bobby Wibowo
609753f1e9
Make Helmet's HSTS configurable from config file
Closed #115
2020-02-13 15:03:31 +07:00
Bobby Wibowo
edce59243b
Better cache control when not using CDN 2020-02-11 17:18:04 +07:00
Bobby Wibowo
806acecdbb
Updated explanation of stripTags option in config 2019-12-02 01:02:03 +07:00
Bobby Wibowo
d9ddfe8e9a
Implemented stripping tags from images
... and optionally videos using ffmpeg (still experimental).

Users can choose whether to strip tags of their uploads or not from
the home uploader's Config tab (safe.fiery.me will have it disabled
by default).

The behavior will also be applied to the downloadable ShareX config.

Server owners can choose to force either behavior.

Make sure to add the new config from config.sample.js.

---

Fixed all instances of "e.i." to "e.g.".
My English sucks okay.

Bumped v1 version string.
2019-11-29 20:42:53 +07:00
Bobby Wibowo
a28d862c14
Added group bypass to virus scanning
Also better-ish scan results handling again, I guess

Updated dependency knex: 0.20.0 -> 0.20.1
2019-11-06 03:35:04 +07:00
Bobby Wibowo
fbd8037c35
Updated config.sample.js
Updated sample API rate limits.
This will pretty much be the same ones used live in safe.fiery.me.

This rate limits ALL API calls to 10 requests per second,
but apply stricter limits to login & register endpoints, which are
2 requests per 5 seconds.
Also apply stricter limit to album ZIP download endpoint to
4 requests in 30 seconds.

Also removed forcing 200 HTTP status code from the error responses,
cause front-end will now handle any HTTP status codes properly.
It was previously set to 200 cause frontend couldn't handler
errors properly.

On a side note, rate limiting all API calls is important due to the fact
that any token-based endpoints can be used for brute-forcing tokens.
Some server firewalls can also be used to ban possible brute force
attacks through actively monitoring the HTTP server's access logs,
so you may also want to consider that kind of solution for your site
instead.
2019-10-12 13:55:38 +07:00
Bobby Wibowo
386787c6ce
Updated
Description in album public pages will no longer use h2 tag.
Descriptions that can go up to 4000 chars kinda made no sense to use
that tag.

Use Nunjucks' built-in nl2br tag to replace newlines with <br> tag.

Removed unused macro from faq.njk.

Better extensions filter list in URL uploads tab.

Updated config.sample.js with sample usage of the URL uploads extensions
filter.
2019-09-19 15:30:00 +07:00
Bobby Wibowo
19dcd4fd02
Updated 2019-09-09 01:27:14 +07:00
Bobby Wibowo
1a0d85cc6c
Updated 2019-09-09 01:21:01 +07:00
Bobby Wibowo
4bad86003c
Updated
I forgot to update sample config file in the previous commit.
config.uploads.fileLength -> config.uploads.fileIdentifierLength.

Updated README.md.
2019-09-08 09:28:13 +07:00
Bobby Wibowo
02e2e402c3
!!! MASSIVE OVERHAUL !!!
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.

Notable changes:

Added temporary uploads.

Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.

A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
2019-09-08 08:56:29 +07:00
Bobby Wibowo
e45d854c09
Updated
* Updated path resolving for upload folder option.
This SHOULD now allow using an absolute path, even those outside of
the lolisafe installation.

* Added a config option at uploads -> generateThumbs, named placeholder.
It's a string option that lets you set path of the placeholder image
for files whose thumbnail could not be generated.
It defaults to the old hard-coded path when set to falsy value.

* Fixed thumbs script not using upload folder from config file.

* Added filters for thumb generation error handling.
This is used to ignore some common error messages,
such as file formats not being supported.
2019-08-23 16:49:53 +07:00
Bobby Wibowo
cf20bdbd1a
Updated albumsController.js
Allow JSZip to be configured from config.js file.
2019-07-18 06:22:47 +07:00
Bobby Wibowo
0516ec2f2f
Updated
tokenController.js + authController.js:
+ Added a standalone function to generate unique token.
Despite tokens being 64 characters long, meaning the chance to generate
the same token twice have very small chances, I would rather not leave
it to chances.
+ Some spacings.

config.sample.js:
+ Self-explanatory.
2019-06-19 04:04:14 +07:00
Bobby Wibowo
f48cbd1960
Updates
config.sample.js + uploadController.js:
+ Added option uploads > storeIP to toggle whether to store uploader's
IPs into the database.

uploadController.js + dashboard.js:
+ Added IP column when listing all uploads.
+ Improved album query when listing uploads. In addition, no longer
query album when listing all uploads.
+ Delegate some tasks to client when listing uploads to save server's
processing power, kek.
Such as building the file's full URLs, and assigning album/user names.

_globals.njk:
+ Bumped v1 version string.
2019-06-04 07:57:37 +07:00
Bobby Wibowo
d185265c0d
Updated config.sample.js
I blame vscode for weird paste behavior
when I copied-pasted this from my config.js.
2019-06-04 02:43:54 +07:00
Bobby Wibowo
5c41fc9249
Updates
utilsController.js:
+ /api/stats: Cache invalidation requests will now only store timestamp
of the request instead of purging the cache entirely.
Subsequent requests to the API will no longer attempt to generate stats
if a previous request before it is still generating, since it can
take a while in big sites.
So instead, the cached stats will be returned to them, regardless of
whether it's still valid.
This should avoid "race condition" in sites with multiple admins.

* dashboard.js:
+ Added an appendix into "Delete by names" feature in dashboard to
inform staffs that they can use the feature to delete files by other
users as well.
+ Added comments explaning the need of page.domClick() function.
+ Addition to the change regarding /api/stats route: If there is no
cached stats, but a previous request is still generating, inform
the user about it.

config.sample.js + lolisafe.js:
+ We now support configuring rate limits through config file.
No more hard-coded rate limits.
Don't forget to update your config.js accordingly.

package.json + yarn.lock:
+ Updated dependencies.
2019-06-04 02:40:24 +07:00
Bobby Wibowo
ecb8afbe40
Updates
Updated fontello (added block and doc-inv icons).

Upload results will now show either doc or block icon on top of the
file name depending on the status of the upload
(unless the uploads are images, in which case they will still show
thumbnails instead).

Added support for customizable timeout and chunkSize options for ClamAV
scanning to the config file.

Bumped v1 and v3 version strings.
2019-04-18 16:06:14 +07:00
Bobby Wibowo
b7600ec3fb
Restored DuckDuckGo's proxy for URL uploads
Yes.

This gets rid of HEAD request prior to downloading the URL.

We will no longer check for Content-Length header, instead we will
forcibly limit maximum download size for the download stream to the
configured value.

So assuming someone try to download a bigger file, it will still try to
download up to the configured size, but then fail.

This will also speed up the general download process since sending HEAD
request delayed the whole operation.
2019-04-11 22:27:45 +07:00
Bobby Wibowo
2f51954024
Updates
Experimental cache control
2019-01-06 04:09:47 +07:00
Bobby Wibowo
bd38b78331
Updated config.sample.js 2018-12-20 21:48:39 +07:00
Bobby Wibowo
f17d375107
Fixed some types in config.sample.js 2018-12-20 19:01:30 +07:00
Bobby Wibowo
d723c0f562
Updates [!! update config.js !!]
Added extended support for URL uploads.
Namely URL proxy support and separate extensions filter (as in separate
from the primary extensions filter).
There's also a new option to set a disclaimer message that will be
printed underneath the URL uploads form.

Trust proxy is now toggleable from the configuration file.
I think they should only be enabled when you're behind proxy such as
Cloudflare or Incapsula.
I'm not sure how it behaves with only a bare nginx reverse proxy though.

Empty files can now be filtered.

Sorted preset extensions filter in config.sample.js.

Rephrased some options in config.sample.js as well.

maxTries now default to 3 in config.sample.js.

Various other small changes.
2018-12-20 18:53:37 +07:00
Bobby Wibowo
89ec426e71
Removed lines related to DuckDuckGo's proxy
I think I've let them sit for like a week or so. It should've been
enough of a buffer time for everyone else.
2018-12-19 01:19:04 +07:00
Bobby Wibowo
742ae43622
Updated config.sample.js 2018-12-09 00:56:08 +07:00
Bobby Wibowo
2fab5becb0
Updates
Disabling cacheFileIdentifiers will now restore the old behavior of having less strict collision checks.
Fulfills https://github.com/BobbyWibowo/lolisafe/issues/12.
2018-12-08 07:38:12 +07:00
Bobby Wibowo
07b4ef8fc2
Updates
Added a new config entry named "cacheFileIdentifiers". More info in config.sample.js file.

Improved some descriptions in config.sample.js file.

Added some CSS animations wherever applicable.

Bumped v1 version string.
2018-12-04 18:58:53 +07:00
Bobby Wibowo
b6bd833110
Replace graphicsmagick with sharp 2018-12-03 14:20:13 +07:00
Bobby Wibowo
6543a87b11
Updates
Reworked unique name generator to prevent the same unique identifier from being used if it was already used with a different extension (e.i. If a file named aBcD.jpg already exists, then files such as aBcD.png or aBcD.txt may not exist).
This is mainly to deal with the fact that thumbnails are only being saved as PNG, so if the same unique name is being used by multiple image/video extensions, then only one of them will have the proper thumbnail.
If you already have existing files with matching unique name but varying extensions, unfortunately you can only deal with them manually for now (either allocating new unique names or deleting them altogether).

Added a new config option to filter files with no extension.

Files with no extensions will no longer have their original name appended to the allocated random name (e.i. A file named "textfile" used to become something like "aBcDtextfile", where "aBcD" was the allocated random name. Now it will only just become "aBcD").
In relation to that, utils.extname() function will now always return blank string if the file name does not seem to have any extension.
Though files such as '.DS_Store' (basically anything that starts with a dot) will still be accepted.
Examples:
.hiddenfile => .hiddenfile
.hiddenfile.sh => .sh
.hiddenfile.001 => .hiddenfile.001
.hiddenfile.sh.001 => .sh.001

Simplified error messages of /api/upload/finishchunks.

Most, if not all, of the error responses for /api/upload* will now have HTTP status code 400 (bad request) instead of 200 (ok).
I plan to generalize this for the other API routes in the future.

Updated home.js to properly handle formatted error message when the response's status code is not 200 (ok).

Bumped v1 version string (due to home.js).
2018-11-29 00:52:12 +07:00