uploadController.js:
+ Close connection earlier when there are no upload when querying them.
dashboard.css + style.css:
+ Updated styling involving pagination and progress bar.
dashboard.js:
+ Fixed dashboard failing to handle cases where a user attemp to load
a next page when there are not enough uploads available.
+ Added a simple loading message as a placeholder when trying to view
Stastistics menu, since it may take a while in big servers.
bulma.min.css + LICENSE:
+ Updated bulma from 0.7.2 to 0.7.5.
_globals.njk:
+ Bumped v1 and v3 version strings.
+ Better pagination.
+ Added more advanced filtering system in Manage Uploads.
It now supports filtering with multiple usernames and/or IPs.
It also supports refining the matches with wildcards.
Todo?
Perhaps add simple file name filtering for regular users in the future?
config.sample.js + uploadController.js:
+ Added option uploads > storeIP to toggle whether to store uploader's
IPs into the database.
uploadController.js + dashboard.js:
+ Added IP column when listing all uploads.
+ Improved album query when listing uploads. In addition, no longer
query album when listing all uploads.
+ Delegate some tasks to client when listing uploads to save server's
processing power, kek.
Such as building the file's full URLs, and assigning album/user names.
_globals.njk:
+ Bumped v1 version string.
Updated fontello (added block and doc-inv icons).
Upload results will now show either doc or block icon on top of the
file name depending on the status of the upload
(unless the uploads are images, in which case they will still show
thumbnails instead).
Added support for customizable timeout and chunkSize options for ClamAV
scanning to the config file.
Bumped v1 and v3 version strings.
Yes.
This gets rid of HEAD request prior to downloading the URL.
We will no longer check for Content-Length header, instead we will
forcibly limit maximum download size for the download stream to the
configured value.
So assuming someone try to download a bigger file, it will still try to
download up to the configured size, but then fail.
This will also speed up the general download process since sending HEAD
request delayed the whole operation.
* Added Statistics menu to Administration items in dashboard.
* Added /api/stats route.
Imo, my implementation of this whole thing is rather dirty-ish, but hey
as long as it works.
I'll be using lolisafe2 for future devs tbh.
Updated Cloudfalre's cache purge utility.
It will now split URLs into chunks of 30 URLs which then will be purged
one chunk at a time.
I just found out Cloudflare's API have a limit of 30 URLs for the API.
NoJS uploader will now display the original file names in the results.
lolisafe.js will now automaticaly purge Cloudflare's cache of frontend
pages everytime it launches.
Of course this only applies when cacheControl is on in config file.
This sorta makes scripts/cfpurge.js script obsolete.
Updated keys for local storage. They're now using camel case.
Not sure why I didn't use camel case in the first place.
View type and selected files of Uploads and Manage uploads (your own
uploads and all uploads, respectively) are now stored separately.
Added "filter by username" in Manage uploads.
Added "jump to page" in all uploads/users view.
Updated fontello (added filter icon).
Bumped v1 and v3 version string, due to dashboard.js and fontello
respectively.
Curly rule fix for routes/nojs.js.
Added pagination to uploads and users list.
With that, /api/uploads and /api/users API routes will now add "count"
property to their response object.
Enabled Delete user button in users list.
With that also added /api/users/disable API route.
As usual, you can only disable users whose usergroup is lower than
your own.
Click event will no longer trigger on "disabled" elements (basically any
elements with "disabled" attribute).
Changed all arrow functions into regular functions in public JS files
(there were only a few that I somehow missed).
Bumped v1 version string.
Added extended support for URL uploads.
Namely URL proxy support and separate extensions filter (as in separate
from the primary extensions filter).
There's also a new option to set a disclaimer message that will be
printed underneath the URL uploads form.
Trust proxy is now toggleable from the configuration file.
I think they should only be enabled when you're behind proxy such as
Cloudflare or Incapsula.
I'm not sure how it behaves with only a bare nginx reverse proxy though.
Empty files can now be filtered.
Sorted preset extensions filter in config.sample.js.
Rephrased some options in config.sample.js as well.
maxTries now default to 3 in config.sample.js.
Various other small changes.
Some small fixes
Removed GET route of /upload/delete.
I first wanted to implement a ShareX-compatible deletion URL,
but then I figured I'd need to setup delete token system,
and I was like, "screw that, I don't even use ShareX",
so yeah.
Updated ESLint rule: curly, again.
Mainly to also enabled "consistent" rule, which enforces curly into
else/elseif blocks, if its if block requires curly.
Added support for GET requests to /api/delete route.
Its usage is /api/delete/identifier, where identifier is the filename.
Though just like its POST route, it needs token in the header.
No more enforced curly for if/else/for/while/do blocks w/ one statement.
With that said, auto-fixed all JS files to follow the rule.
I'd also like to apologize for the inconveniences this commit cause,
after all it was me who intentionally enforced curly rule back then.
Why the change of heart?
After doing some more non-JS codes recently, I realized it was
pretty stupid of me to enforce that.
The GET task of URL uploads will now limit the maximum size of the response body by the size reported in Content-Length header of the HEAD task.
This relies on node-fetch's way of handling it. I don't know the magic behind it.
DuckDuckGo's proxy is no longer supported as it stops reporting Content-Length header, which is crucial so that the safe could predict the actual file size before downloading it.
If you have it enabled in your config file, it will now close the safe with error code 1. You can either disable url uploads completely or just disable duckduckgo's proxy (though I believe not many will choose the latter as to begin with it was implemented to hide origin IP).
Added a new config entry named "cacheFileIdentifiers". More info in config.sample.js file.
Improved some descriptions in config.sample.js file.
Added some CSS animations wherever applicable.
Bumped v1 version string.
Reworked unique name generator to prevent the same unique identifier from being used if it was already used with a different extension (e.i. If a file named aBcD.jpg already exists, then files such as aBcD.png or aBcD.txt may not exist).
This is mainly to deal with the fact that thumbnails are only being saved as PNG, so if the same unique name is being used by multiple image/video extensions, then only one of them will have the proper thumbnail.
If you already have existing files with matching unique name but varying extensions, unfortunately you can only deal with them manually for now (either allocating new unique names or deleting them altogether).
Added a new config option to filter files with no extension.
Files with no extensions will no longer have their original name appended to the allocated random name (e.i. A file named "textfile" used to become something like "aBcDtextfile", where "aBcD" was the allocated random name. Now it will only just become "aBcD").
In relation to that, utils.extname() function will now always return blank string if the file name does not seem to have any extension.
Though files such as '.DS_Store' (basically anything that starts with a dot) will still be accepted.
Examples:
.hiddenfile => .hiddenfile
.hiddenfile.sh => .sh
.hiddenfile.001 => .hiddenfile.001
.hiddenfile.sh.001 => .sh.001
Simplified error messages of /api/upload/finishchunks.
Most, if not all, of the error responses for /api/upload* will now have HTTP status code 400 (bad request) instead of 200 (ok).
I plan to generalize this for the other API routes in the future.
Updated home.js to properly handle formatted error message when the response's status code is not 200 (ok).
Bumped v1 version string (due to home.js).
Moved utils.getPrettyBytes() and utils.getPrettySize() to client's dashboard.js.
Thus, server will no longer return prettified size and date (it'll be prettified by the client instead).
To be honest, I don't even know why I had them in server-side, it's obviously better this way.
* uploadController.js: expect some multer error codes and don't log their stack traces to console when they occur.
* yarn.lock: added integrity field (yarn's new addition).
Updated virus scan handling.
Virus name will now be reported to its uploader.
On the rare chance clamd suddenly dies while the safe is still running, it will now print a message to uploader with the error code, and telling them to contact sysadmin.
Removed "path-complete-extname" module in favor of an in-house solution, utilsController.extname().
For now the function will attempt to preserve multi-archive extensions (.001, .002, and so on), as well as some known tarballs (.tar.gz and the likes).
The function will always return lower case extension. It should be fine, but do keep it in mind.
Fixed upload breaking when clam scanning is disabled. This was due to me forgetting to update the if-logic after switching from "clam-engine" to "clamdjs", since the latter made me have to re-format the config option due to it also having IP and port.
* Downgraded ecma version of client-side scripts to v5. This change means no more backtick strings and some others.
* Massively modified auth.js, dashboard.js and home.js to support the downgrade (dashboard.js had the most changes).
* Removed enter key event handler from auth page. The previous code had some small issues. I'd rather not have the handler than let the issues persist. I'll eventually look into adding this again in the future.
* Updated uploadController.js to handle some invalid requests into /api/delete and /api/bulkdelete.
* Added an experimental virus scanning feature using ClamAV. This has only been tested with an Ubuntu machine.
* File extensions will now be parsed with path-complete-extname module. This will ensure extensions such as .tar.gz are properly parsed.
Notice: It may take a minute or so to start the safe with virus scanning, as apparently the module takes a while to create the engine. I'm guessing since it'll be loaded to memory? Either way, once the engine is created, everything should work fine. Virus scanning should also not have that much of an impact to the upload time.
Added DuckDuckGo's proxy support for "Upload by URLs". Make sure you add the new option in config.sample.js into your config.js.
This may be considered a hack and not supported by DuckDuckGo, so USE AT YOUR OWN RISK.
Credits to Proxy#1337.
* Faster upload response. Back-end will no longer wait for album timestamps to be updated before sending out response.
* Added a simple thumbnail generation script at scripts/thumbs.js. You can use this to generate thumbnails for existing files before enabling the option in config.js.
* Various other code improvements.
* Added upload by URLs. It has its own max size (config.uploads.urlMaxSize), make sure your config matches config.sample.js.
Here's a brief video showing it in action: https://i.fiery.me/CUhQ.mp4.
* /api/upload now supports uploading by URLs. Devs will only need to POST a JSON request containing a key named "urls", which is an array of the urls to upload.
* Added file extension filter to /api/upload/finishchunks.
* Added proper total chunks size check to /api/upload/finishchunks.
* Various code improvements.
* Possible performance improvement. Some bulk db queries will now be executed in a single query instead of spawning multiple async task for each query. This is sorta experimental though, use it at your own risk (though I'll use it right away at safe.fiery.me).
* It's now possible for root user to add files to other users' albums through the API route. I don't plan on allowing root user to list other users' album list from the dashboard, I just thought that there'd be no harm in extending the API a little bit.
* Kinda better error logging for uncaught exception and unhandled rejection. Their stack trace should be logged now.
* Added Cloudflare purge cache support. Check configuration sample at config.sample.js.
When it's enabled, whenever files are being deleted, it will send a POST request to Cloudflare's API to purge cache of the deleted files.
This adds a new dependency called "snekfetch". It's lightweight though.
* uploadsController.delete() will now wrap uploadsController.bulkDelete() instead.
NOTICE: Please update your config.js. Use config.sample.js as the template.
There were a couple of renames and restructures.
* Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though.
* All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout.
* Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw.
* Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail).
This haven't been tested in Windows machines, but it'll probably work fine.
I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
