Commit Graph

387 Commits

Author SHA1 Message Date
Bobby
5d1bea39ef
feat: new api /api/upload/get/:identifier
this api only returns file that the user owns (thus token must be set)
2022-06-28 11:57:56 +07:00
Bobby Wibowo
f37313a84c
fix: verify database dir 2022-06-22 14:23:54 +07:00
Bobby Wibowo
409d0c4ffd
refactor: relocate db scripts 2022-06-22 13:53:01 +07:00
Bobby Wibowo
9d4c08e460
feat: some env vars support 2022-06-22 13:27:38 +07:00
Bobby Wibowo
954df13aa2
fix: better null domain fallback logic 2022-06-22 11:22:35 +07:00
Bobby
8799189a04
feat: initiate db connection only once
db is now initiated via utilsController, and gets re-used by main
lolisafe.js script and the other controllers

this should now make sure we only have 1 active db connection pool ever

this is a pretty big refactor due to how we used to reference db,
but it should functionally be identical
2022-06-04 04:21:56 +07:00
Bobby
110aab097b
chore: versioned git urls in comments
future-proofing
2022-05-24 07:02:06 +07:00
Bobby
9cc4832717
feat: same error for invalid user or pass on login
every now and then i got curious of what people add to their forks,
and sometimes i'd be like, "hey, that makes sense!"

i remember that back in the days, i switched to nunjucks because of
someone's fork too
we used to use handlebars, which i've had some misgivings with for
awhile back then

either way all i'm saying is that it's the case this time around with
this commit
thanks for reading

49d12004e8
2022-05-24 06:56:58 +07:00
Bobby
d2b8656800
fix: url uploads stricter error handling
this should properly dispose of unfinished write & hasher streams on
any errors if they have been initiated

also do content-length header check a bit more early
2022-05-08 15:35:28 +07:00
Bobby
ce71a9e8d6
feat: better size check for url uploads
first layer is via sending HEAD request to the url to determine its size
via content-length header
however not all hosts properly set the header, so we ignore it if
it isn't a valid number

next via size option in fetch(), which supposedly limits response body
size during the request itself (?)

lastly via checking actual bytes written to physical file as reported by
fs.createWriteStream()
2022-05-08 15:19:29 +07:00
Bobby
71a6adc3d3
fix: url uploads failing with missing content-type 2022-05-08 15:15:10 +07:00
Bobby
eeb1611b2a
fix: failsafes for chunks timeout 2022-05-08 12:01:18 +07:00
Bobby
f3b7d5e56d
fix: empty string for age header failing 2022-05-08 12:00:27 +07:00
Bobby
2d147e748b
feat: usergroup-based file retention periods
this supersedes the old temporaryUploadAges, while maintaining full
backwards-compatibility.

please consult config.sample.js if you want to start using this
2022-05-07 02:17:31 +07:00
Bobby
4ecec788d0
feat: console logs of temp uploads check ups 2022-05-07 02:01:33 +07:00
Bobby
5d3ef6e566
feat: perms.group() to get user's group name 2022-05-07 01:36:38 +07:00
Bobby
b35f4ae6eb
fix: remove token from local storage if invalid
this required expanding our custom error classes with support for
arbitrary internal api error codes

however it'll only be used for invalid token errors for now (10001)

no plan to assign codes to other existing api errors
at that point it's probably better to redo the whole api infrastructure
2022-05-06 21:58:23 +07:00
Bobby
395361d5fc
fix: count of album zips generated in stats
change logic to list physical files instead, since the zipGeneratedAt
attribute may still exist despite site owners having already done
physical clean-ups
2022-05-05 14:54:21 +07:00
Bobby
ecdeaa8b8a
chore: logger.inspect 2022-05-05 14:33:16 +07:00
Bobby
30b8f0040c
fix: delete album only worked for own albums 2022-05-05 14:30:41 +07:00
Bobby
450bf72e7a
feat: allow mods to actually delete albums 2022-05-05 13:58:54 +07:00
Bobby
39b7d96b8f
feat: static preview of album description markdown
in dashboard's edit album prompt
2022-05-05 13:17:32 +07:00
Bobby
7dd4f50e9e
feat: allow markdown in album description 2022-05-05 12:55:21 +07:00
Bobby
3d94ae599e
feat: debug log for clean files 2022-04-23 05:01:56 +07:00
Bobby
88d32a6dcf
refactor: uploadController.js 2022-04-23 04:48:59 +07:00
Bobby
86c26cb50c
feat: some bypass support to passthrough scanning
only usergroup and file extension bypass

real file size can't be determined before passthrough scan,
so there's no bypass by max file size
please read the comments in sample config file

refactored utils.clamscan into utils.scan
2022-04-23 04:44:01 +07:00
Bobby
9af52e068d
docs: config and uploadController 2022-04-16 23:06:25 +07:00
Bobby
1c0fd26496
refactor: pass less data into user object 2022-04-16 21:36:34 +07:00
Bobby
4b9740cf5c
docs: uploadController.js 2022-04-16 20:44:11 +07:00
Bobby
b5aa8d0758
fix: passthrough scan 2022-04-16 13:33:11 +07:00
Bobby
dd6f225461
fix: missing default vars in multerStorage 2022-04-15 20:31:12 +07:00
Bobby
db254c602b
feat: experimental clamscan passthrough support
when enabled, passthrough scanning will be used for non-chunked uploads

upload processing will be significantly faster if scanning is required
2022-04-15 16:41:05 +07:00
Bobby
6788dc2094
fix: align with clamscan v2 2022-04-15 15:36:50 +07:00
Bobby
ffc82f6a2a
feat: logger.debug() outputs only on dev mode 2022-04-15 15:30:32 +07:00
Bobby
e31af2d267
fix: round down system uptime
invalidate system info cache quicker (1s to 0.5s)
2021-09-08 00:46:08 +07:00
Bobby
b86aa8dc08
fix: private upload custom response config option 2021-06-08 08:01:11 +07:00
Bobby Wibowo
48488667c8
feat: limit upload to specific usergroups 2021-05-22 20:59:00 +07:00
Bobby Wibowo
cf4a1af209
feat: list albums' total size and zip size 2021-02-12 15:48:40 +07:00
Bobby Wibowo
2addbb7b65
fix: album download throws set headers errors 2021-02-12 12:33:43 +07:00
Bobby Wibowo
ae6d7936c7
feat: blacklist extensions for strip tags
GIFs are known to not work without custom globally-installed libvips
with ImageMagick or GraphicsMagick support.
https://sharp.pixelplumbing.com/api-output#gif
https://sharp.pixelplumbing.com/install#custom-libvips

It's highly recommended to update your config following the changes to
the sample config file.

This also addressed a bug where images would still get recorded to DB
despite them not existing physically due to strip tags errors.
2021-02-01 06:13:37 +07:00
Bobby Wibowo
5a74776978
fix: thumbnails not generated with mixed case
e.g. .jpG, .JPG, .PnG, etc.

Also simplified some codes.
2021-02-01 05:23:53 +07:00
Bobby Wibowo
c921db7ee2
docs: better extension names parsing 2021-01-29 23:17:56 +07:00
Bobby Wibowo
631d14d887
feat: better extension names parsing
It will now preserve upper/lower/mixed case.

It will now properly preserve all tarballs (#370).
2021-01-29 23:15:24 +07:00
Bobby Wibowo
a752bb89e8
fix: added failsafe to available disk stats 2021-01-29 22:44:58 +07:00
Bobby Wibowo
968494bb37
fix: systeminformation v5 breaking changes
Made the codes for stats generation a bit more readable.

Usage percentage for file systems will now properly reflect "non-root"
usage percentage in ext2/3/4 file systems.
2021-01-27 23:50:45 +07:00
Bobby Wibowo
dd55d69612
fix: headers already sent errors 2021-01-09 03:50:03 +07:00
Bobby Wibowo
f52493291a
feat: same/higher group warning when editing user
Also Object.freeze() permissions object in permissionController.
I don't think it's much to be worried about, as no "set" will be done to
it during the service's operation, but oh well, might as well.
2021-01-09 02:51:23 +07:00
Bobby Wibowo
81cf940160
feat: added audios count to uploads stats
As always, this uses hardcoded whitelisted audio extensions (the ones
that are also internally used for "is:audio" filter).
2021-01-08 11:22:31 +07:00
Bobby Wibowo
991d743ef0
feat: add "files in albums" to albums stats 2021-01-08 11:18:50 +07:00
Bobby Wibowo
defa3f2a8c
perf: skip checking zips on disk for album stats
Closes #353.
2021-01-08 11:03:26 +07:00