Commit Graph

2064 Commits

Author SHA1 Message Date
Bobby Wibowo
609753f1e9
Make Helmet's HSTS configurable from config file
Closed #115
2020-02-13 15:03:31 +07:00
Bobby Wibowo
783ac81bf7
Updated
lolisafe.js: fixed a logic

faq.njk: fixed typo
2020-02-13 14:37:19 +07:00
Bobby Wibowo
5adbe84896
Updated FAQ to remove bits about Cloudflare 2020-02-11 17:30:03 +07:00
Bobby Wibowo
d6d085d161
Removed git stash from yarn pull 2020-02-11 17:22:59 +07:00
Bobby Wibowo
2670db269d
Updated dependency systeminformation
And bumped all version strings to update latest cache control.
2020-02-11 17:20:43 +07:00
Bobby Wibowo
edce59243b
Better cache control when not using CDN 2020-02-11 17:18:04 +07:00
Bobby Wibowo
c0fc463595
Updated all dependencies
Rebuilt all CSS assets, not sure why.
Probably due to browserslist being updated?

While I was as it, I also updated safe.fiery.me's node version to
10.19.0.
2020-02-09 16:42:08 +07:00
Bobby Wibowo
eee024e0ca
Updated all dependencies 2020-01-11 02:14:23 +07:00
Bobby Wibowo
32e4f8a71c
Upgraded dependencies
knex: 0.20.3 -> 0.20.4
sharp: 0.23.3 -> 0.23.4
sqlite3: 4.1.0 -> 4.1.1

Upgraded dev dependencies:

browserslist: 4.7.3 -> 4.8.2
eslint: 6.7.1 -> 6.7.2
2019-12-08 15:25:26 +07:00
Bobby Wibowo
08751dd128
Checked DMCA request logs from TODO list
This was implemented in 5ff512bc7f.
2019-12-08 15:20:19 +07:00
Bobby Wibowo
2d400a77a1
Added 3 more entries to TODO list 2019-12-08 15:19:10 +07:00
Bobby Wibowo
5ff512bc7f
Updated FAQ 2019-12-05 03:19:23 +07:00
Bobby Wibowo
9d12fc7701
Added a new TODO entry and updated FAQ 2019-12-02 03:10:23 +07:00
Bobby Wibowo
806acecdbb
Updated explanation of stripTags option in config 2019-12-02 01:02:03 +07:00
Bobby Wibowo
d9ddfe8e9a
Implemented stripping tags from images
... and optionally videos using ffmpeg (still experimental).

Users can choose whether to strip tags of their uploads or not from
the home uploader's Config tab (safe.fiery.me will have it disabled
by default).

The behavior will also be applied to the downloadable ShareX config.

Server owners can choose to force either behavior.

Make sure to add the new config from config.sample.js.

---

Fixed all instances of "e.i." to "e.g.".
My English sucks okay.

Bumped v1 version string.
2019-11-29 20:42:53 +07:00
Bobby Wibowo
337a0a61ff
Implemented parallel URL uploads
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.

I figured this is a better implementation to shift queues faster.

---

Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.

Clients will also see better formatted error message for URL uploads'
file size limit errors.

---

Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0

Bumped v1 version string
2019-11-29 17:42:29 +07:00
Bobby Wibowo
df1e835272
Improved descriptive upload progress again
Bumped v1 version string
2019-11-27 00:57:55 +07:00
Bobby Wibowo
c4c45a5857
Slightly improved descriptive upload progress
Bumped v1 version string
2019-11-27 00:12:58 +07:00
Bobby Wibowo
78cea4a4b9
Fixed margins of upload entries
Previously, margins in "Newer files on top" were bigger due to
difference in handling margins when in flex mode.

I noticed margins are still different in IE on my tests, but bleh.

Bumped v1 version string
2019-11-26 22:15:18 +07:00
Bobby Wibowo
a8c702065f
Implemented descriptive upload progress
Say goodbye to upload progress bar 👋

Bumped v1 version string
2019-11-26 21:58:10 +07:00
Bobby Wibowo
603b6b4b83
Clean up 2019-11-26 19:47:15 +07:00
Bobby Wibowo
ac81a9b57f
Typo 2019-11-25 15:41:49 +07:00
Bobby Wibowo
31beda4343
Added a new todo entry 2019-11-25 15:39:05 +07:00
Bobby Wibowo
ec7c160f31
Fixed uploads timing out without error after 30 s
As it turns out, Dropzone had a built-in timeout of 30 seconds.
There'll be no timeout now (thus respecting timeout settings of the
server and/or CDN).

While I was at it, I also refactored the bits for initializing Dropzone.

Also added a hacky method to handle Dropzone timeout,
in case someone wants to re-enable that.
"Hacky" due to lack of Dropzone's built-in timeout event handler.

Updated dev dependency:
eslint: 6.6.0 -> 6.7.1
2019-11-25 15:18:14 +07:00
Bobby Wibowo
5207df6123
Updated dependencies
bcrypt: 3.0.6 -> 3.0.7
knex: 0.20.1 -> 0.20.2
sharp: 0.23.2 -> 0.23.3

Dev dependency:
browserslist: 4.7.2 -> 4.7.3

As always, this was a full upgrade, so sub-dependencies were also
upgraded if applicable (more details in yarn.lock).

I noticed stylelint also got updated to v12, but I will be postponing
that till gulp-stylelint updates its peer dependency requirement.
2019-11-20 20:16:37 +07:00
Bobby Wibowo
ee920f942f
Cache system & disk stats longer
System stats will be cached for only 1000 ms (1 s)

Disk stats will be cached for 60000 ms (60 s)
2019-11-14 15:08:56 +07:00
Bobby Wibowo
2a81e899b4
Fixed stats not re-generating after errors 2019-11-14 14:53:33 +07:00
Bobby Wibowo
7aaf913166
Actually parse error messages of du & df to String 2019-11-14 14:46:49 +07:00
Bobby Wibowo
98d38d3402
Fixed broken disk stats in linux 2019-11-14 14:42:09 +07:00
Bobby Wibowo
3d09df501d
Updated
Better 'df' handling (check the TODO entry for more details).

Simplified a few lines in dashboard.js.

Bumped v1 version string.
2019-11-14 05:06:59 +07:00
Bobby Wibowo
d5cd5b7b5b
Updated
Uploads thumbs view (dashboard) will no longer use smooth scrolling on
page change, etc.
This used to cause all thumbs to be loaded anyway when navigating with
its bottom pagination bar.

Bumped v1 version string.

---

Updated dependency:
systeminformation: 4.14.17 -> 4.15.3
2019-11-13 13:21:36 +07:00
Bobby Wibowo
b646a4a82f
Updated uploadController.js
String updates.
2019-11-10 03:41:54 +07:00
Bobby Wibowo
a28d862c14
Added group bypass to virus scanning
Also better-ish scan results handling again, I guess

Updated dependency knex: 0.20.0 -> 0.20.1
2019-11-06 03:35:04 +07:00
Bobby Wibowo
e10ce7807f
Updated
Auto-close some Sweetalert success dialogs after 1.5s.

Fixed edit user not displaying user's new username properly.

Disabled eslint-plugin-compat on some lines that won't work in
Safari 5.1.
Optionally look into not supporting the browser altogether.

Bumped v1 version string.
2019-10-29 19:39:44 +07:00
Bobby Wibowo
8f48889c90
Updated dependencies 2019-10-29 05:37:25 +07:00
Bobby Wibowo
36763c2a77
Security fix
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.

All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.

Fortunately, they were only used in API routes that required staff
(moderators included) accounts.

---

Updated dependency:
helmet: 3.21.1 -> 3.21.2
2019-10-22 10:52:52 +07:00
Bobby Wibowo
cf8d2895f1
Updated dependencies
systeminformation: 4.14.12 -> 4.14.16
browserslist: 4.7.0 -> 4.7.1
2019-10-21 17:51:31 +07:00
Bobby Wibowo
a884ef8d01
Bug fix
Fixed #67

Changed default admin account to username root & password changeme,
for new installations.
Also updated README.md to mention it.
2019-10-21 17:49:52 +07:00
Bobby Wibowo
d1b70d6b14
Added 1 new entry to TODO.md 2019-10-15 18:02:32 +07:00
Bobby Wibowo
2443390199
Updated utilsController.js
Thumbnails generator: Skip video files that does not have valid duration
metadata, for some reason.
2019-10-15 17:53:23 +07:00
Bobby Wibowo
321e4557db
Updated dependencies
systeminformation: 4.14.11 -> 4.14.12
gulp-stylelint: 9.0.0 -> 10.0.0
2019-10-15 17:46:09 +07:00
Bobby Wibowo
b38bde3da0
Enabled verbose output for gulp linter tasks
Resolves #61
2019-10-15 01:45:04 +07:00
Bobby Wibowo
a701a2ab47
Added 3 new tasks to TODO.md 2019-10-12 14:40:14 +07:00
Bobby Wibowo
fbd8037c35
Updated config.sample.js
Updated sample API rate limits.
This will pretty much be the same ones used live in safe.fiery.me.

This rate limits ALL API calls to 10 requests per second,
but apply stricter limits to login & register endpoints, which are
2 requests per 5 seconds.
Also apply stricter limit to album ZIP download endpoint to
4 requests in 30 seconds.

Also removed forcing 200 HTTP status code from the error responses,
cause front-end will now handle any HTTP status codes properly.
It was previously set to 200 cause frontend couldn't handler
errors properly.

On a side note, rate limiting all API calls is important due to the fact
that any token-based endpoints can be used for brute-forcing tokens.
Some server firewalls can also be used to ban possible brute force
attacks through actively monitoring the HTTP server's access logs,
so you may also want to consider that kind of solution for your site
instead.
2019-10-12 13:55:38 +07:00
Bobby Wibowo
37266fb05b
Fixed chunk size message in FAQ
Updated background color of code HTML tag.

Bumped v1 version string.
2019-10-11 12:53:11 +07:00
Bobby Wibowo
7855801d62
Updated
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.

Upgrade stylelint dev dependency.

Bumped v1 version string.
2019-10-11 12:36:59 +07:00
Bobby Wibowo
b2f96360ae
Updated knex.js to 0.19.5
Renamed todo.md to TODO.md

Edited a todo task
2019-10-09 12:36:19 +07:00
Bobby Wibowo
0d51833bbc
Updated
Disable jump to page input when there is only 1 page.

Disable prev/next pagination buttons if applicable.

Updated styling of disabled inputs.

Bumped v1 version string.
2019-10-07 10:34:10 +07:00
Bobby Wibowo
e581edd5d7
Updated progress bar background color 2019-10-07 10:14:27 +07:00
Bobby Wibowo
3a8d170c3a
Elaborate some todo tasks and update priorities 2019-10-07 06:51:05 +07:00