Commit Graph

1022 Commits

Author SHA1 Message Date
Bobby Wibowo
a701a2ab47
Added 3 new tasks to TODO.md 2019-10-12 14:40:14 +07:00
Bobby Wibowo
fbd8037c35
Updated config.sample.js
Updated sample API rate limits.
This will pretty much be the same ones used live in safe.fiery.me.

This rate limits ALL API calls to 10 requests per second,
but apply stricter limits to login & register endpoints, which are
2 requests per 5 seconds.
Also apply stricter limit to album ZIP download endpoint to
4 requests in 30 seconds.

Also removed forcing 200 HTTP status code from the error responses,
cause front-end will now handle any HTTP status codes properly.
It was previously set to 200 cause frontend couldn't handler
errors properly.

On a side note, rate limiting all API calls is important due to the fact
that any token-based endpoints can be used for brute-forcing tokens.
Some server firewalls can also be used to ban possible brute force
attacks through actively monitoring the HTTP server's access logs,
so you may also want to consider that kind of solution for your site
instead.
2019-10-12 13:55:38 +07:00
Bobby Wibowo
37266fb05b
Fixed chunk size message in FAQ
Updated background color of code HTML tag.

Bumped v1 version string.
2019-10-11 12:53:11 +07:00
Bobby Wibowo
7855801d62
Updated
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.

Upgrade stylelint dev dependency.

Bumped v1 version string.
2019-10-11 12:36:59 +07:00
Bobby Wibowo
b2f96360ae
Updated knex.js to 0.19.5
Renamed todo.md to TODO.md

Edited a todo task
2019-10-09 12:36:19 +07:00
Bobby Wibowo
0d51833bbc
Updated
Disable jump to page input when there is only 1 page.

Disable prev/next pagination buttons if applicable.

Updated styling of disabled inputs.

Bumped v1 version string.
2019-10-07 10:34:10 +07:00
Bobby Wibowo
e581edd5d7
Updated progress bar background color 2019-10-07 10:14:27 +07:00
Bobby Wibowo
3a8d170c3a
Elaborate some todo tasks and update priorities 2019-10-07 06:51:05 +07:00
Bobby Wibowo
f85390dd72
Added another entry to todo.md 2019-10-07 06:35:41 +07:00
Bobby Wibowo
69380c868e
Updated dashboard.js
Fixed not being able to delete disabled users.

Bumped v1 version string.
2019-10-07 06:16:47 +07:00
Bobby Wibowo
4f04225ba0
Updated
Added delete user feature.
API: /api/users/delete
json: id<number>, purge[boolean]
By default will not purge out files, but will still clear userid
attribute from the files.
All associated albums will also be marked, and have their ZIP archives
be unliked, if applicable.

Fixed purging albums not properly reporting amount of associated files
that could not be removed, if any.

Fixed moderators being able to disable users by manually sending API
requests, if they at least know of the user IDs.
They could only disable regular users however.
2019-10-07 06:11:07 +07:00
Bobby Wibowo
5e60b01fe6
Updated dashboard.css
I PROMISE THIS IS THE LAST COMMIT FOR TODAY
2019-10-06 05:37:22 +07:00
Bobby Wibowo
9d77a9b9b1
Updated dashboard.css 2019-10-06 05:35:29 +07:00
Bobby Wibowo
510f686250
Updated styling 2019-10-06 05:33:38 +07:00
Bobby Wibowo
256686f400
Updated dependencies 2019-10-06 05:24:20 +07:00
Bobby Wibowo
411d17e1fb
Updated
* Changed colorscheme to black (experimental).

* Fixed ClamAV failing to report names of dirty files.

* Removed built-in support for Google site verification (globals.njk).
Just use HTML verification with public directory,
or manually edit home.njk.

* Bumped v1 version string.
2019-10-06 05:20:59 +07:00
Bobby Wibowo
582440e5ef
Updated sharp to 0.23.1 2019-09-28 16:45:36 +07:00
Bobby Wibowo
84a3de0d8d
Updated
Fixed statistics columns width in browsers except Firefox.

And a few other things.
2019-09-28 16:42:49 +07:00
Bobby Wibowo
98a8d03a7f
Updated
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.

Added 2 new entries to todo.md.

Don't check "Select all" checkbox in dashboard when there are no
uploads.

Bumped v1 version string.
2019-09-23 15:09:15 +07:00
Bobby Wibowo
a233dd6bba
Updated helmet 2019-09-22 11:40:59 +07:00
Bobby Wibowo
0baf6b9275
Updated
Fixed Gulp not rebuilding fontello CSS on development mode.

Updated dashboard's thumbs view to only call LazyLoad's update function
once.

Bumped v1 version string.
2019-09-22 11:26:05 +07:00
Bobby Wibowo
2e40124c62
Updated logger.js
Manually parse date to actually print the dates in current timezone.
I actually never intended it to use UTC.
I wasn't really paying attention...

Also during development, shortened version will be used instead,
which is basically only showing hours, mins, and secs.
2019-09-21 14:29:08 +07:00
Bobby Wibowo
6a934627a2
Added loader icon on dashboard
It will be shown when token is still being verified.

Moved loader icon section from auth.njk to _partial/loader.njk,
which will also be included into dashboard.njk.

Bumped v1 version string.
2019-09-21 11:50:49 +07:00
Bobby Wibowo
6133554013
Updated stylelint dev dependency 2019-09-20 12:19:28 +07:00
Bobby Wibowo
4e20f28b78
Updated lolisafe.js
If config.cacheControl is enabled, remove Cache-Control header from
error pages.
Fallbacks to Express' default behavior of using "public, max-age=0".
2019-09-20 02:42:08 +07:00
Bobby Wibowo
b75deb268f
Updated nojs.js
Forgot to add version strings.
2019-09-20 01:27:00 +07:00
Bobby Wibowo
6803eb0812
Updated todo.md and nojs.njk
Added another todo entry.

Added required attribute to input file in No-JS uploader. This should
prevent submission when clicking Upload button before selecting any
files.

Removed built-in "safe" filter from some fields in nojs.njk, cause they
were unnecessary.
2019-09-20 01:25:01 +07:00
Bobby Wibowo
d52c5bc63c
Added another entry to todo.md 2019-09-19 21:11:09 +07:00
Bobby Wibowo
8f809e6cd5
Updated _layout.njk
Use "summary_large_image" type for Twitter Cards.
2019-09-19 20:54:27 +07:00
Bobby Wibowo
e22c180edd
Updated scripts/README.md again again
I'm so f'in drunk.
2019-09-19 20:44:48 +07:00
Bobby Wibowo
d43f238c28
Updated scripts/README.md again
Man, screw relative paths.
2019-09-19 20:43:53 +07:00
Bobby Wibowo
61fd280b68
Updated scripts/README.md 2019-09-19 20:42:21 +07:00
Bobby Wibowo
a79803cbd6
Updated
Added gulp-replace dev dependency.

Removed version strings of Fontello fonts from fontello.css

Added "build:fontello" Gulp task which will append version string to
Fontello fonts, then do the usual processing for CSS file.
It will use type 5 from versions.json, if available.
Also updated src/README.md about it.
2019-09-19 20:39:23 +07:00
Bobby Wibowo
8ab77a6464
Updated
Removed version strings from _globals.njk,
in favor of src/versions.json.
That versions in that file can be bumped with "yarn bump-versions".
v1 is automatically bumped when doing "yarn build" as well.

Added README file in src directory, explaining versions.json file.

Added README file in scripts directory, detailing usage of each scripts.

Version strings will no longer be appended when cacheControl is disabled
in config file.
After all, version strings are only needed when the static assets are
cached indefinitely in users' browsers.

Initial Cloudflare's cache purging will no longer be executed when
cloudflare -> purgeCache is disabled, even if cacheControl is enabled.
Just in case someone wants to use version strings for other use cases.

Actually use custom metaDesc variable on meta description tag.
2019-09-19 19:10:37 +07:00
Bobby Wibowo
386787c6ce
Updated
Description in album public pages will no longer use h2 tag.
Descriptions that can go up to 4000 chars kinda made no sense to use
that tag.

Use Nunjucks' built-in nl2br tag to replace newlines with <br> tag.

Removed unused macro from faq.njk.

Better extensions filter list in URL uploads tab.

Updated config.sample.js with sample usage of the URL uploads extensions
filter.
2019-09-19 15:30:00 +07:00
Bobby Wibowo
1ff1a4463c
Make original names selectable in nojs uploader 2019-09-19 14:33:50 +07:00
Bobby Wibowo
6c4a99f2e9
Bumped v2 version string
Forgot this was necessary when updating fb_share.png
2019-09-19 14:27:13 +07:00
Bobby Wibowo
6e27115f38
Enforce pass min/max lengths in dashboard 2019-09-19 14:23:48 +07:00
Bobby Wibowo
c3d61733af
Updated
Added iamdustan/smoothscroll polyfill in dashboard pages.
This will polyfill smooth scroll (when executed programmatically)
for older browers.

No-JS uploader's notice button when on private mode will now also say
"Log in to upload", although auth page will still require JS.

All front-end buttons will now use outlined version. I'm lovin' it.

Auth page will now show a loading spinner if the user has a saved token.
Afterwards, they will still be redirected to dashboard.

Better error handlers in home, dashboard, and auth pages.

Removed <hr> from uploads & users lists in dashboard.

"Manage your token" menu will no longer try to make an API request prior
to displaying its page.
Reloading the page will already trigger token verification anyway.

Updated public/images/fb_share.png.

Updated README.md.

A few other tweaks.
2019-09-19 14:19:11 +07:00
Bobby Wibowo
c3d4bc766e
Updated album.njk 2019-09-19 08:30:02 +07:00
Bobby Wibowo
ea37e0b7d3
Updated
Reduced album title max length from 280 to 70.
Existing albums with longer titles will have their titles truncated in
their public pages, but the original titles will still remain in db.

"Load images for preview" will now properly display its saved value.

Increased max parallel uploads to 10.

"yarn develop" will now also restart safe if some Nunjuck templates are
edited (_globals.njk, _layout.njk, and album.njk).

Better meta tags generation.

Bumped v1 version string.
2019-09-19 08:27:19 +07:00
Bobby Wibowo
e6d4d96693
Fixed URLs uploader being disabled & updated todo
etc.
2019-09-17 12:14:25 +07:00
Bobby Wibowo
9e9b0d4439
Updated
Updated some dev dependencies.

---

Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.

Added dist-dev to ignore files.

---

The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.

Root domain for use in Nunjuck templates will now be parsed from config.

Better page titles.

Updated help message for "Uploads history order" option in
homepage's config tab.

Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.

Uploads' original names in homepage's uploads history are now
selectable.

Min/max length for user/pass are now enforced in auth's front-end.

Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.

File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.

Added video icons.
Homepage's uploads history will now display video icons for videos.

"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.

Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.

A few other small improvements.
2019-09-17 11:13:41 +07:00
Bobby Wibowo
21f39dff9d
Updated
Updated axios to v0.18.1.
Also added its source map.

Updated lazyload to v12.0.0.
Also added its source map.

Added bulma's source map.

---

Moved fontello.css from public/libs/fontello to src/libs/fontello,
to make use of CSS builder.

Updated thumbnails styling to properly make sure the thumbnails are
displayed as 200x200 (their actual configured dimension).

Added fixes to some flexbox's bugs that affect IE 10/11.
The safe should display much better in those browsers now.

Show files' expiry dates in thumbs view.

Updated global error handlers in home.js.
I will do similar setup with dashboard.js in the future.
Just not now, I'm tired.

Only load renders after API request to /api/check has been initiated.

Used native lazyloading on album pages' nojs version.

Removed unnecessary is-expanded class.

Rephrased max upload size disclaimer in nojs uploader page.

Bumped v1 and v3 version strings.
2019-09-16 01:18:22 +07:00
Bobby Wibowo
0e5a64d81d
Updated lolisafe.js
Fixed cache-control.
I only noticed that I had "immutable" on pages that were supposed to be
cached by proxy only.
For some reason that did nothing on my Firefox desktop,
but I noticed it worked in my phone's browsers, including Firefox.
Odd.
2019-09-15 14:43:56 +07:00
Bobby Wibowo
43026fd5b9
Fixed todo.md 2019-09-15 14:23:04 +07:00
Bobby Wibowo
4d308206c7
Updated
Added new option "Uploads history order" into homepage's config tab.
When set to "Newer files on top", this will use flex-direction CSS
property to reverse sort the uploads history.

Added new entires to todo.md.

Bumped v1 version string.
2019-09-15 14:20:55 +07:00
Bobby Wibowo
a362d63e25
Updated dashboard.js
Fixed table row when file is not in an album.

Sigh, I always miss something..
2019-09-15 13:39:03 +07:00
Bobby Wibowo
c9ba16e1d6
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.

CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.

JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.

Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.

Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).

The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").

---

yarn lint -> gulp lint

yarn build -> gulp default

yarn watch -> gulp watch

yarn develop -> env NODE_ENV=development yarn watch

---

Fixed not being able to demote staff into normal users.

/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).

Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.

Removed is-breeze CSS class name, in favor of Bulma's is-info.

Removed custom styling from auth page, in favor of global styling.

Removed all usage of style HTML attribute in favor of CSS classes.

Renamed js/s/ to js/misc/.

Use loading spinners on dashboard's sidebar menus.

Disable all other sidebar menus when something is loading.

Changed title HTML attribute of disabled control buttons in
uploads & users list.

Hid checkboxes and WIP controls from users list.

Better error messages handling.
Especially homepage will now support CF's HTTP error codes.

Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.

Use Gatsby icon for my blog's link in homepage's footer.

A bunch of other improvements here & there.
2019-09-15 13:20:11 +07:00
Bobby Wibowo
f5445a639c
Updated todo again, I failed patience management 2019-09-12 18:38:48 +07:00