Commit Graph

553 Commits

Author SHA1 Message Date
Bobby Wibowo
8f50ba49c0
Added sorting feature for Manage Uploads
This adds support for a new key named 'orderby'.
The key needs to be used with internal column names used in the db.
The key can be used more than once.
Help message in Dashboard's Manage Uploads have been updated to include
examples using the said key.
2020-04-04 23:36:43 +07:00
Bobby Wibowo
24b9a8ac78
Updated pathsController.js 2020-04-04 21:20:17 +07:00
Bobby Wibowo
46fa9677ff
Extended configuration for virus scanning
Added whitelist extensions
Added max size limit
2020-04-04 21:20:01 +07:00
Bobby Wibowo
edce59243b
Better cache control when not using CDN 2020-02-11 17:18:04 +07:00
Bobby Wibowo
d9ddfe8e9a
Implemented stripping tags from images
... and optionally videos using ffmpeg (still experimental).

Users can choose whether to strip tags of their uploads or not from
the home uploader's Config tab (safe.fiery.me will have it disabled
by default).

The behavior will also be applied to the downloadable ShareX config.

Server owners can choose to force either behavior.

Make sure to add the new config from config.sample.js.

---

Fixed all instances of "e.i." to "e.g.".
My English sucks okay.

Bumped v1 version string.
2019-11-29 20:42:53 +07:00
Bobby Wibowo
337a0a61ff
Implemented parallel URL uploads
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.

I figured this is a better implementation to shift queues faster.

---

Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.

Clients will also see better formatted error message for URL uploads'
file size limit errors.

---

Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0

Bumped v1 version string
2019-11-29 17:42:29 +07:00
Bobby Wibowo
ee920f942f
Cache system & disk stats longer
System stats will be cached for only 1000 ms (1 s)

Disk stats will be cached for 60000 ms (60 s)
2019-11-14 15:08:56 +07:00
Bobby Wibowo
2a81e899b4
Fixed stats not re-generating after errors 2019-11-14 14:53:33 +07:00
Bobby Wibowo
7aaf913166
Actually parse error messages of du & df to String 2019-11-14 14:46:49 +07:00
Bobby Wibowo
98d38d3402
Fixed broken disk stats in linux 2019-11-14 14:42:09 +07:00
Bobby Wibowo
3d09df501d
Updated
Better 'df' handling (check the TODO entry for more details).

Simplified a few lines in dashboard.js.

Bumped v1 version string.
2019-11-14 05:06:59 +07:00
Bobby Wibowo
b646a4a82f
Updated uploadController.js
String updates.
2019-11-10 03:41:54 +07:00
Bobby Wibowo
a28d862c14
Added group bypass to virus scanning
Also better-ish scan results handling again, I guess

Updated dependency knex: 0.20.0 -> 0.20.1
2019-11-06 03:35:04 +07:00
Bobby Wibowo
36763c2a77
Security fix
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.

All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.

Fortunately, they were only used in API routes that required staff
(moderators included) accounts.

---

Updated dependency:
helmet: 3.21.1 -> 3.21.2
2019-10-22 10:52:52 +07:00
Bobby Wibowo
2443390199
Updated utilsController.js
Thumbnails generator: Skip video files that does not have valid duration
metadata, for some reason.
2019-10-15 17:53:23 +07:00
Bobby Wibowo
4f04225ba0
Updated
Added delete user feature.
API: /api/users/delete
json: id<number>, purge[boolean]
By default will not purge out files, but will still clear userid
attribute from the files.
All associated albums will also be marked, and have their ZIP archives
be unliked, if applicable.

Fixed purging albums not properly reporting amount of associated files
that could not be removed, if any.

Fixed moderators being able to disable users by manually sending API
requests, if they at least know of the user IDs.
They could only disable regular users however.
2019-10-07 06:11:07 +07:00
Bobby Wibowo
411d17e1fb
Updated
* Changed colorscheme to black (experimental).

* Fixed ClamAV failing to report names of dirty files.

* Removed built-in support for Google site verification (globals.njk).
Just use HTML verification with public directory,
or manually edit home.njk.

* Bumped v1 version string.
2019-10-06 05:20:59 +07:00
Bobby Wibowo
84a3de0d8d
Updated
Fixed statistics columns width in browsers except Firefox.

And a few other things.
2019-09-28 16:42:49 +07:00
Bobby Wibowo
98a8d03a7f
Updated
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.

Added 2 new entries to todo.md.

Don't check "Select all" checkbox in dashboard when there are no
uploads.

Bumped v1 version string.
2019-09-23 15:09:15 +07:00
Bobby Wibowo
ea37e0b7d3
Updated
Reduced album title max length from 280 to 70.
Existing albums with longer titles will have their titles truncated in
their public pages, but the original titles will still remain in db.

"Load images for preview" will now properly display its saved value.

Increased max parallel uploads to 10.

"yarn develop" will now also restart safe if some Nunjuck templates are
edited (_globals.njk, _layout.njk, and album.njk).

Better meta tags generation.

Bumped v1 version string.
2019-09-19 08:27:19 +07:00
Bobby Wibowo
9e9b0d4439
Updated
Updated some dev dependencies.

---

Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.

Added dist-dev to ignore files.

---

The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.

Root domain for use in Nunjuck templates will now be parsed from config.

Better page titles.

Updated help message for "Uploads history order" option in
homepage's config tab.

Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.

Uploads' original names in homepage's uploads history are now
selectable.

Min/max length for user/pass are now enforced in auth's front-end.

Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.

File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.

Added video icons.
Homepage's uploads history will now display video icons for videos.

"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.

Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.

A few other small improvements.
2019-09-17 11:13:41 +07:00
Bobby Wibowo
c9ba16e1d6
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.

CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.

JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.

Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.

Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).

The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").

---

yarn lint -> gulp lint

yarn build -> gulp default

yarn watch -> gulp watch

yarn develop -> env NODE_ENV=development yarn watch

---

Fixed not being able to demote staff into normal users.

/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).

Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.

Removed is-breeze CSS class name, in favor of Bulma's is-info.

Removed custom styling from auth page, in favor of global styling.

Removed all usage of style HTML attribute in favor of CSS classes.

Renamed js/s/ to js/misc/.

Use loading spinners on dashboard's sidebar menus.

Disable all other sidebar menus when something is loading.

Changed title HTML attribute of disabled control buttons in
uploads & users list.

Hid checkboxes and WIP controls from users list.

Better error messages handling.
Especially homepage will now support CF's HTTP error codes.

Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.

Use Gatsby icon for my blog's link in homepage's footer.

A bunch of other improvements here & there.
2019-09-15 13:20:11 +07:00
Bobby Wibowo
4c741f811a
Add todo file, cause otherwise I'll always forget 2019-09-12 18:34:04 +07:00
Bobby Wibowo
2251f7b154
Stoppin' disk stats goin' to deep 😏 2019-09-10 23:47:34 +07:00
Bobby Wibowo
264bd88e88
Updated
Improved performance of /api/users/:id (admin's manage users).

Promisify fs.writeFile.

Improved performance of /api/stats.
By a lot in Linux, cause uploads size will be deferred to "du" binary.
In addition, total usage of whichever disk uploads path resides on will
also be queried using "df" binary.
Non-Linux will have to rely on manual calculation by querying DB
for each upload's size.
But logics related to uploads stats were also improved to be almost
twice as fast as before.

Improved parsing of /api/stats results on dashboard.js.
This allows ease of extending server's response by not having to update
dashboard.js by much, if at all.

Improved codes relating to item menus in dashboard's sidebar.
Finally much cleaner now 👍

No longer use /api/upload/delete API route from dashboard.
Single file deletion and bulk files deletion, both from uploads list or
by names, will now properly use a single function that will use
/api/upload/bulkdelete API route.

/api/upload/delete will still be kept indefinitely for backward support.

Fixed oddities with Select all checkbox.

Replaced all instances of modifying HTML element's style attribute with
adding/removing is-hidden CSS helper class.

Rephrased all instances of "files" to "uploads" in any display strings.

Fixed notice message when server is on private mode.

A few other improvements.
2019-09-10 23:31:27 +07:00
Bobby Wibowo
df8cac0f0b
Fixed some critical bugs 2019-09-09 01:33:07 +07:00
Bobby Wibowo
02e2e402c3
!!! MASSIVE OVERHAUL !!!
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.

Notable changes:

Added temporary uploads.

Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.

A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
2019-09-08 08:56:29 +07:00
Bobby Wibowo
05b905bc9b
Updated
Upgraded dependencies.

Stop adding cache-control header to album zip files unless
config.cacheControl is enabled.

Updated CSS files.
Moved thumbnail-related styling to thumbs.css.
Various other fixes & improvements.

Moved render.js from public/js to public/js/s.

Removed sharex.js in favor of public/js/s/utils.js.
Moved getPrettyDate() & getPrettyBytes() to that JS file as well.

Added lsKeys global variable wherever applicable.
Previously the idea was only used in dashboard.js.

Added No-JS version of album public pages.
You'll only have to add ?nojs to the URL.
Viewing the regular version with JS disabled will show a notice with
a link to the No-JS version of the particular album.
Overall page size of the regular version will now be lower as well,
since there'll be no need to add noscript tag for each thumbs.

No longer show Administrator section to non-admin in the dashboard.
Moderators will ONLY be able to see manage users menu as well.

Simplified FAQ wherever applicable.
Added a new FAQ about bug report or feature request.

Updated link for Firefox extension.
Also pushed Firefox link before Chrome, cause I like it more.

Added browser settings menu to dashboard.
This allows you to choose file size unit (kilobyte vs kibibyte) for that
specific browser.
The preference will be used on homepage, dashboard and album pages.
This also allows you to set chunk size and maximum parallel uploads
for the homepage uploader.

All menu links in the dashboard will now scroll to the content once
loaded.
Previously it would only do so with manage uploads/users when
switching pages.

Refactored all instances of for-in & for-of loop from browser JS files.
For the sake of uniformity, for now.
2019-09-02 02:23:16 +07:00
Bobby Wibowo
dcc393e7e0
Updated
Trim user & pass upon login / registration, on both client & server.
Users that might have already had whitespace prefix/suffix will need to
have their usernames manually updated in the database.

Warp various text inputs in the dashboard into HTML form.
This will make them be submittable when pressing Enter on the keyboard.

Switching page using the prev/next buttons, pagination, and jump to page
input, will now scroll the view to the top of the page element.

Bumped v1 version string.
2019-08-27 05:00:57 +07:00
Bobby Wibowo
7e3d177d00
Updated
Added logger.js to format console logs (adding timestamps).

Re-ordered modules loading in lolisafe.js, and a few other minor edits.

Updated dev dependencies.

A few other minor edits.
2019-08-27 00:02:06 +07:00
Bobby Wibowo
51f12ad900
Updated utilsController.js
Used .some() instead of .find().
Probably a tiny bit more efficient.
2019-08-23 20:35:28 +07:00
Bobby Wibowo
f4fa6b6a96
Updated
On video thumbnails generation, skip video files that do not have any
video streams/channels.
This will prevent unnecessary spawning of ffmpeg for those files.

Also suppress error logging when video streams/channels are not found.
2019-08-23 20:31:44 +07:00
Bobby Wibowo
e45d854c09
Updated
* Updated path resolving for upload folder option.
This SHOULD now allow using an absolute path, even those outside of
the lolisafe installation.

* Added a config option at uploads -> generateThumbs, named placeholder.
It's a string option that lets you set path of the placeholder image
for files whose thumbnail could not be generated.
It defaults to the old hard-coded path when set to falsy value.

* Fixed thumbs script not using upload folder from config file.

* Added filters for thumb generation error handling.
This is used to ignore some common error messages,
such as file formats not being supported.
2019-08-23 16:49:53 +07:00
Bobby Wibowo
3a398721b5
Updated
* Replaced all instances of getElementById and getElementsByClassName
with querySelector or querySelectorAll.

* Updated utilsController.js to stop disabling
no-async-promise-executor eslint rule.

* Removed unused lines in dashboard.njk.

* Refactored maxFileSize to maxSize in home.{css,js,njk}.

* Updated ClamAV codes in lolisafe.js. No more pinging.
Since querying version will also check connection anyway.

* Option "Upload to album" in homepage is now selectable.
Selecting this option will restore the uploader to not associate files
with an album.

* Fixed uploader to properly respect server's max file size.
Also updated error message of file size to use MB instead of MiB.

* Creating an album from homepage will automatically select the album.

* Updated Dropzone.js to v5.5.0.

* Bumped v1 & v3 version strings.

* Various other small fixes.
2019-08-20 09:16:34 +07:00
Bobby Wibowo
63e26462ea
Updated
Pressing Enter on the auth form will now properly make it try to login.

Slightly better error messages on auth page.

Bumped v1 version string.

Updated dependencies (knex & sqlite).
2019-08-18 16:57:56 +07:00
Bobby Wibowo
e6bb94692b
Oversights 2019-08-04 06:42:35 +07:00
Bobby Wibowo
6496b03b71
Updates
Updated deps.

Re-enabled eslint rule no-async-promise-executor.
Updated some codes to follow the said rule.
Though I had to disable the rule in a line at utilsController.js
due to complexity.
I'll give it more thoughts in the future.

Bumped v1 version string.
2019-08-04 06:37:55 +07:00
Bobby Wibowo
62b00210dc
Updated uploadController.js
Removed unnecessary slash from thumb URLs.
2019-07-26 23:54:45 +07:00
Bobby Wibowo
83eb4872e9
Updated utilsController.js
* Simplified some logics.

* Try to unlink thumbnail when failing to generate video thumbnail,
since ffmpeg may have already created an incomplete thumbnail.
2019-07-21 05:15:59 +07:00
Bobby Wibowo
cf20bdbd1a
Updated albumsController.js
Allow JSZip to be configured from config.js file.
2019-07-18 06:22:47 +07:00
Bobby Wibowo
0516ec2f2f
Updated
tokenController.js + authController.js:
+ Added a standalone function to generate unique token.
Despite tokens being 64 characters long, meaning the chance to generate
the same token twice have very small chances, I would rather not leave
it to chances.
+ Some spacings.

config.sample.js:
+ Self-explanatory.
2019-06-19 04:04:14 +07:00
Bobby Wibowo
add2970ae6
Updated
uploadController.js:
+ Close connection earlier when there are no upload when querying them.

dashboard.css + style.css:
+ Updated styling involving pagination and progress bar.

dashboard.js:
+ Fixed dashboard failing to handle cases where a user attemp to load
a next page when there are not enough uploads available.
+ Added a simple loading message as a placeholder when trying to view
Stastistics menu, since it may take a while in big servers.

bulma.min.css + LICENSE:
+ Updated bulma from 0.7.2 to 0.7.5.

_globals.njk:
+ Bumped v1 and v3 version strings.
2019-06-19 01:48:30 +07:00
Bobby Wibowo
f6cef67d9f
Updated
+ Do not query users table twice when filtering by usernames.
+ Removed redundant logic.
2019-06-18 02:48:42 +07:00
Bobby Wibowo
06ac31d02e
Updates (dashboard)
+ Better pagination.
+ Added more advanced filtering system in Manage Uploads.
It now supports filtering with multiple usernames and/or IPs.
It also supports refining the matches with wildcards.

Todo?
Perhaps add simple file name filtering for regular users in the future?
2019-06-18 02:34:15 +07:00
Bobby Wibowo
f48cbd1960
Updates
config.sample.js + uploadController.js:
+ Added option uploads > storeIP to toggle whether to store uploader's
IPs into the database.

uploadController.js + dashboard.js:
+ Added IP column when listing all uploads.
+ Improved album query when listing uploads. In addition, no longer
query album when listing all uploads.
+ Delegate some tasks to client when listing uploads to save server's
processing power, kek.
Such as building the file's full URLs, and assigning album/user names.

_globals.njk:
+ Bumped v1 version string.
2019-06-04 07:57:37 +07:00
Bobby Wibowo
5c41fc9249
Updates
utilsController.js:
+ /api/stats: Cache invalidation requests will now only store timestamp
of the request instead of purging the cache entirely.
Subsequent requests to the API will no longer attempt to generate stats
if a previous request before it is still generating, since it can
take a while in big sites.
So instead, the cached stats will be returned to them, regardless of
whether it's still valid.
This should avoid "race condition" in sites with multiple admins.

* dashboard.js:
+ Added an appendix into "Delete by names" feature in dashboard to
inform staffs that they can use the feature to delete files by other
users as well.
+ Added comments explaning the need of page.domClick() function.
+ Addition to the change regarding /api/stats route: If there is no
cached stats, but a previous request is still generating, inform
the user about it.

config.sample.js + lolisafe.js:
+ We now support configuring rate limits through config file.
No more hard-coded rate limits.
Don't forget to update your config.js accordingly.

package.json + yarn.lock:
+ Updated dependencies.
2019-06-04 02:40:24 +07:00
Bobby Wibowo
ecb8afbe40
Updates
Updated fontello (added block and doc-inv icons).

Upload results will now show either doc or block icon on top of the
file name depending on the status of the upload
(unless the uploads are images, in which case they will still show
thumbnails instead).

Added support for customizable timeout and chunkSize options for ClamAV
scanning to the config file.

Bumped v1 and v3 version strings.
2019-04-18 16:06:14 +07:00
Bobby Wibowo
13081ef38a
Re-worked caching for statistics
I guess I'll work on adding charts someday.
2019-04-12 07:45:33 +07:00
Bobby Wibowo
b7600ec3fb
Restored DuckDuckGo's proxy for URL uploads
Yes.

This gets rid of HEAD request prior to downloading the URL.

We will no longer check for Content-Length header, instead we will
forcibly limit maximum download size for the download stream to the
configured value.

So assuming someone try to download a bigger file, it will still try to
download up to the configured size, but then fail.

This will also speed up the general download process since sending HEAD
request delayed the whole operation.
2019-04-11 22:27:45 +07:00
Bobby Wibowo
3e336e8c6d
Updates
Got rid of caching of statistics.
The previous implementation wasn't perfect, and too lazy to improve it.
2019-04-06 00:42:38 +07:00
Bobby Wibowo
8c3fb78135
Upates
* Added Statistics menu to Administration items in dashboard.

* Added /api/stats route.

Imo, my implementation of this whole thing is rather dirty-ish, but hey
as long as it works.

I'll be using lolisafe2 for future devs tbh.
2019-04-06 00:32:52 +07:00
Bobby Wibowo
57c17d3157
Updates
Updated utilsController.bulkDeleteFiles() to chunk opeartion by a max of
999 values (which is SQLite's default var limit).
However, there's a risk of hitting SQLITE_BUSY since we attempt to
delete chunks all at once (as can be seen by how we use Promise.all
instead of patiently waiting the chunks one by one).
However, I'm not really sure why, but the operations will still
be finished eventually, so I'll let that be for now (?).

Fixed a silly concat in albumsController.js.
2019-02-05 10:36:14 +07:00
Bobby Wibowo
4f60b01676
Updated utilsController.js
Whoops.
2019-01-31 16:37:50 +07:00
Bobby Wibowo
d5c24165cf
Updates
Updated Cloudfalre's cache purge utility.
It will now split URLs into chunks of 30 URLs which then will be purged
one chunk at a time.
I just found out Cloudflare's API have a limit of 30 URLs for the API.
2019-01-31 16:29:34 +07:00
Bobby Wibowo
8140ff4d71
Updates
Rewritten function to generate video thumbnails with ffmpeg.
This should be much faster than ever.
This should also solve an issue where potrait videos could have their
thumbnails be taller than 200px, since it was only forcing width to be
no larger than 200px.

Updated dashboard's styling to make sure potrait thumbnails (only matter
for video thumbnails) not going out of its container.

Updated thumbs.js (yarn thumbs) script to display elapsed time for each
operation in seconds.

Bumped v1 version string (for dashboard.css).
2019-01-30 02:50:45 +07:00
Bobby Wibowo
e38037e660
Updates
Updated thumbs.js script to allow purging CF's cache of succeeded files

Updated utils.purgeCloudflareCache() function accordingly
2019-01-18 10:40:15 +07:00
Bobby Wibowo
8482049584
Updates
Removed .bmp from list of allowed image extensions for thumbs gen
Sharp doesn't support BMP format

Increased seek timestamp for video thumbs gen from 1% to 20%
2019-01-18 10:25:30 +07:00
Bobby Wibowo
209f5429cd
Updates
Added .tiff, .tif, and .svg to allowed image extensions for thumbs gen

Added .svg to allowed image extensions for preview in uploads result
2019-01-18 08:15:53 +07:00
Bobby Wibowo
8780d6429b
Updates
NoJS uploader will now display the original file names in the results.

lolisafe.js will now automaticaly purge Cloudflare's cache of frontend
pages everytime it launches.
Of course this only applies when cacheControl is on in config file.
This sorta makes scripts/cfpurge.js script obsolete.
2019-01-09 17:11:45 +07:00
Bobby Wibowo
b431d11eba
Updates
I think proper Cache-Control for frontend now.

Fixed the way it handles "home" when purging frontend cache.
2019-01-06 15:26:43 +07:00
Bobby Wibowo
e55a04c156
Updates
Added cfpurge.js to scripts directory.
This can be used to purge cache of frontend pages and uploads.
Do "node scripts/cfpurge.js --help" for usage.

Removed "randver" from package.js/scripts.
I've installed randomstring globally instead and just simply do:
randomstring n
Back then I didn't know it could be used that way.
2019-01-06 13:27:17 +07:00
Bobby Wibowo
2b0969dc77
Updates
Updated keys for local storage. They're now using camel case.
Not sure why I didn't use camel case in the first place.

View type and selected files of Uploads and Manage uploads (your own
uploads and all uploads, respectively) are now stored separately.

Added "filter by username" in Manage uploads.

Added "jump to page" in all uploads/users view.

Updated fontello (added filter icon).

Bumped v1 and v3 version string, due to dashboard.js and fontello
respectively.

Curly rule fix for routes/nojs.js.
2019-01-03 11:49:56 +07:00
Bobby Wibowo
765f8c9880
Better image thumbnailer
Images smaller than 200x200 will no longer be resized upwards, instead
they will be padded with transparent pixels.
This was the old behavior before we switched from GM to sharp.

With GM, its resize() function would do exactly that, but I couldn't
figure out how to do the same with only sharp's resize() function, so I
had to make do with a combination of resize() and extend().

Also updated error messages in dashboard when trying to load
out-of-index page in uploads/users lists.

Updated v1 version string due to dashboard.js being modified.
2019-01-03 08:54:46 +07:00
Bobby Wibowo
31a6940ab4
Updates
Added pagination to uploads and users list.
With that, /api/uploads and /api/users API routes will now add "count"
property to their response object.

Enabled Delete user button in users list.
With that also added /api/users/disable API route.
As usual, you can only disable users whose usergroup is lower than
your own.

Click event will no longer trigger on "disabled" elements (basically any
elements with "disabled" attribute).

Changed all arrow functions into regular functions in public JS files
(there were only a few that I somehow missed).

Bumped v1 version string.
2019-01-02 02:39:08 +07:00
Bobby Wibowo
00a4e44758
Updates 2018-12-20 19:25:41 +07:00
Bobby Wibowo
d723c0f562
Updates [!! update config.js !!]
Added extended support for URL uploads.
Namely URL proxy support and separate extensions filter (as in separate
from the primary extensions filter).
There's also a new option to set a disclaimer message that will be
printed underneath the URL uploads form.

Trust proxy is now toggleable from the configuration file.
I think they should only be enabled when you're behind proxy such as
Cloudflare or Incapsula.
I'm not sure how it behaves with only a bare nginx reverse proxy though.

Empty files can now be filtered.

Sorted preset extensions filter in config.sample.js.

Rephrased some options in config.sample.js as well.

maxTries now default to 3 in config.sample.js.

Various other small changes.
2018-12-20 18:53:37 +07:00
Bobby Wibowo
89ec426e71
Removed lines related to DuckDuckGo's proxy
I think I've let them sit for like a week or so. It should've been
enough of a buffer time for everyone else.
2018-12-19 01:19:04 +07:00
Bobby Wibowo
f3d1aa1c8c
Updates
Some small fixes

Removed GET route of /upload/delete.
I first wanted to implement a ShareX-compatible deletion URL,
but then I figured I'd need to setup delete token system,
and I was like, "screw that, I don't even use ShareX",
so yeah.
2018-12-19 01:14:24 +07:00
Bobby Wibowo
00cbd3e76c
Updates
Updated ESLint rule: curly, again.
Mainly to also enabled "consistent" rule, which enforces curly into
else/elseif blocks, if its if block requires curly.

Added support for GET requests to /api/delete route.
Its usage is /api/delete/identifier, where identifier is the filename.
Though just like its POST route, it needs token in the header.
2018-12-19 00:41:42 +07:00
Bobby Wibowo
52d336cc45
Updated ESLint rule: curly
No more enforced curly for if/else/for/while/do blocks w/ one statement.

With that said, auto-fixed all JS files to follow the rule.

I'd also like to apologize for the inconveniences this commit cause,
after all it was me who intentionally enforced curly rule back then.

Why the change of heart?
After doing some more non-JS codes recently, I realized it was
pretty stupid of me to enforce that.
2018-12-19 00:01:28 +07:00
Bobby Wibowo
7665836ef4
Updates
Added total size to album public pages.
2018-12-13 20:31:24 +07:00
Bobby Wibowo
da86f605c6
Updates [!! run database/migration.js !!]
Added description column into albums.
So yeah, now albums can have description.
It'll only be shown in the album's edit popup and public link.

HTML chars will now be escaped from album's name and description.

Removed message warning about CDN cache from album's public link.
A shortened version will be shown as the download button's tooltip.

Darkened color of textarea's placeholder.

Bumped v1 version string.
2018-12-13 16:09:46 +07:00
Bobby Wibowo
4193921b4e
Updated uploadController.js
The GET task of URL uploads will now limit the maximum size of the response body by the size reported in Content-Length header of the HEAD task.
This relies on node-fetch's way of handling it. I don't know the magic behind it.
2018-12-09 01:01:08 +07:00
Bobby Wibowo
53789a20c2
Updated uploadController.js
DuckDuckGo's proxy is no longer supported as it stops reporting Content-Length header, which is crucial so that the safe could predict the actual file size before downloading it.

If you have it enabled in your config file, it will now close the safe with error code 1. You can either disable url uploads completely or just disable duckduckgo's proxy (though I believe not many will choose the latter as to begin with it was implemented to hide origin IP).
2018-12-09 00:55:04 +07:00
Bobby Wibowo
9eb9ac288d
Updated uploadController.js
scanFiles() will now remove delete allocated identifiers from cache if the files are dirty.
2018-12-08 10:56:23 +07:00
Bobby Wibowo
d1a3935edb
Updated uploadController.js 2018-12-08 07:38:42 +07:00
Bobby Wibowo
2fab5becb0
Updates
Disabling cacheFileIdentifiers will now restore the old behavior of having less strict collision checks.
Fulfills https://github.com/BobbyWibowo/lolisafe/issues/12.
2018-12-08 07:38:12 +07:00
Bobby Wibowo
07b4ef8fc2
Updates
Added a new config entry named "cacheFileIdentifiers". More info in config.sample.js file.

Improved some descriptions in config.sample.js file.

Added some CSS animations wherever applicable.

Bumped v1 version string.
2018-12-04 18:58:53 +07:00
Bobby Wibowo
6af52341c9
Init ids-cache branch 2018-12-03 16:18:52 +07:00
Bobby Wibowo
b6bd833110
Replace graphicsmagick with sharp 2018-12-03 14:20:13 +07:00
Bobby Wibowo
6543a87b11
Updates
Reworked unique name generator to prevent the same unique identifier from being used if it was already used with a different extension (e.i. If a file named aBcD.jpg already exists, then files such as aBcD.png or aBcD.txt may not exist).
This is mainly to deal with the fact that thumbnails are only being saved as PNG, so if the same unique name is being used by multiple image/video extensions, then only one of them will have the proper thumbnail.
If you already have existing files with matching unique name but varying extensions, unfortunately you can only deal with them manually for now (either allocating new unique names or deleting them altogether).

Added a new config option to filter files with no extension.

Files with no extensions will no longer have their original name appended to the allocated random name (e.i. A file named "textfile" used to become something like "aBcDtextfile", where "aBcD" was the allocated random name. Now it will only just become "aBcD").
In relation to that, utils.extname() function will now always return blank string if the file name does not seem to have any extension.
Though files such as '.DS_Store' (basically anything that starts with a dot) will still be accepted.
Examples:
.hiddenfile => .hiddenfile
.hiddenfile.sh => .sh
.hiddenfile.001 => .hiddenfile.001
.hiddenfile.sh.001 => .sh.001

Simplified error messages of /api/upload/finishchunks.

Most, if not all, of the error responses for /api/upload* will now have HTTP status code 400 (bad request) instead of 200 (ok).
I plan to generalize this for the other API routes in the future.

Updated home.js to properly handle formatted error message when the response's status code is not 200 (ok).

Bumped v1 version string (due to home.js).
2018-11-29 00:52:12 +07:00
Bobby Wibowo
4862512471
Removed stray console.log() 2018-10-13 18:09:54 +07:00
Bobby Wibowo
4456ba4b4d
Fixed authController.js 2018-10-13 18:09:09 +07:00
Bobby Wibowo
fcf4c00de7
Moved permission-related functions to permissionController
Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 18:06:58 +07:00
Bobby Wibowo
8e46eaf4ac
Added disk usage column to manage users 2018-10-12 17:19:14 +07:00
Bobby Wibowo
31f44a1b91
Added ID and uploads count columns into manage users
Updated client-side check of user's enabled status to match server-side

Removed a bunch of console.log()'s from development
2018-10-12 16:42:16 +07:00
Bobby Wibowo
3708f53044
Added user group option to edit user modal
Also simplified selector for file's add to album modal
2018-10-11 00:33:11 +07:00
Bobby Wibowo
c3d4c237cb
Init account-manager branch 2018-10-10 02:52:41 +07:00
Bobby Wibowo
5bd343638a
Updates
Moved utils.getPrettyBytes() and utils.getPrettySize() to client's dashboard.js.

Thus, server will no longer return prettified size and date (it'll be prettified by the client instead).

To be honest, I don't even know why I had them in server-side, it's obviously better this way.
2018-10-09 01:54:16 +07:00
Bobby Wibowo
e2831f2181
Updates
* uploadController.js: expect some multer error codes and don't log their stack traces to console when they occur.

* yarn.lock: added integrity field (yarn's new addition).
2018-10-08 23:14:10 +07:00
Bobby Wibowo
30c011ce5c
Replaced snekfetch with node-fetch 2018-09-23 23:28:15 +07:00
Bobby Wibowo
d875a604be
Updated uploadController.js
Updated virus scan handling.
Virus name will now be reported to its uploader.
On the rare chance clamd suddenly dies while the safe is still running, it will now print a message to uploader with the error code, and telling them to contact sysadmin.
2018-09-20 17:45:16 +07:00
Bobby Wibowo
65442c18c5
Reworked extension parsing
Removed "path-complete-extname" module in favor of an in-house solution, utilsController.extname().

For now the function will attempt to preserve multi-archive extensions (.001, .002, and so on), as well as some known tarballs (.tar.gz and the likes).

The function will always return lower case extension. It should be fine, but do keep it in mind.
2018-09-18 02:32:27 +07:00
Bobby Wibowo
b47bbb90d6
Updated uploadController.js
Fixed upload breaking when clam scanning is disabled. This was due to me forgetting to update the if-logic after switching from "clam-engine" to "clamdjs", since the latter made me have to re-format the config option due to it also having IP and port.
2018-09-15 04:40:58 +07:00
Bobby Wibowo
7587bfa408
Updates
* Updated utilsController.js: Unlink thumb of type symlink whenever generateThumbs() is called.

* Updated thumbs.js: Add stats (success/error/skipped).
2018-09-05 00:29:53 +07:00
Bobby Wibowo
56bdd08ee7
Init 'browser-ecma5' branch (#7)
* Downgraded ecma version of client-side scripts to v5. This change means no more backtick strings and some others.

* Massively modified auth.js, dashboard.js and home.js to support the downgrade (dashboard.js had the most changes).

* Removed enter key event handler from auth page. The previous code had some small issues. I'd rather not have the handler than let the issues persist. I'll eventually look into adding this again in the future.

* Updated uploadController.js to handle some invalid requests into /api/delete and /api/bulkdelete.
2018-09-04 22:49:37 +07:00
Bobby Wibowo
a207c4a806
Init 'clamdjs' branch (#8)
Use clamdjs module instead of clam-engine. This module connects to clam daemon server.
2018-09-04 22:48:24 +07:00
Bobby Wibowo
36da76357e
Updates
* Added an experimental virus scanning feature using ClamAV. This has only been tested with an Ubuntu machine.

* File extensions will now be parsed with path-complete-extname module. This will ensure extensions such as .tar.gz are properly parsed.

Notice: It may take a minute or so to start the safe with virus scanning, as apparently the module takes a while to create the engine. I'm guessing since it'll be loaded to memory? Either way, once the engine is created, everything should work fine. Virus scanning should also not have that much of an impact to the upload time.
2018-09-02 03:37:26 +07:00
Bobby Wibowo
bdee00e1a4
Merge branch 'safe.fiery.me' into browser-ecma6 2018-07-14 11:21:30 +07:00
Bobby Wibowo
ff3a6d1fb0
Updated albumsController.js
Trying to purge empty albums (purge = also deleting all of the files associated with it) will no longer throw out warning about failing to delete any of the associated files (since there are supposed to be none for empty albums anyways).
2018-07-14 11:00:10 +07:00
Bobby Wibowo
be0167f4d4
Updated uploadController.js 2018-07-12 13:52:31 +07:00
Bobby Wibowo
b2d9efa744
Updated uploadController.js 2018-07-12 13:38:43 +07:00
Bobby Wibowo
917afdf7a8
Updated uploadController.js
Fixed a bug where error messages related to multer would not be displayed properly (it would instead print "undefined").
2018-07-12 13:34:22 +07:00
Bobby Wibowo
9396a9ab49
Updated uploadController.js
Better snekfetch's error handling, probably.
2018-06-06 00:40:33 +07:00
Bobby Wibowo
57834dd362
Updated uploadController.js
Added DuckDuckGo's proxy support for "Upload by URLs". Make sure you add the new option in config.sample.js into your config.js.

This may be considered a hack and not supported by DuckDuckGo, so USE AT YOUR OWN RISK.

Credits to Proxy#1337.
2018-06-06 00:16:41 +07:00
Bobby Wibowo
0cf8ff58d0
Updated uploadController.js 2018-05-13 02:16:04 +07:00
Bobby Wibowo
7f23734d67
Updates
* Faster upload response. Back-end will no longer wait for album timestamps to be updated before sending out response.

* Added a simple thumbnail generation script at scripts/thumbs.js. You can use this to generate thumbnails for existing files before enabling the option in config.js.

* Various other code improvements.
2018-05-12 21:01:14 +07:00
Bobby Wibowo
bd722129de
Updates, now supports uploading by URLs!
* Added upload by URLs. It has its own max size (config.uploads.urlMaxSize), make sure your config matches config.sample.js.
Here's a brief video showing it in action: https://i.fiery.me/CUhQ.mp4.

* /api/upload now supports uploading by URLs. Devs will only need to POST a JSON request containing a key named "urls", which is an array of the urls to upload.

* Added file extension filter to /api/upload/finishchunks.

* Added proper total chunks size check to /api/upload/finishchunks.

* Various code improvements.
2018-05-11 21:34:13 +07:00
Bobby Wibowo
479db54cd3
Updates (experimental)
* Possible performance improvement. Some bulk db queries will now be executed in a single query instead of spawning multiple async task for each query. This is sorta experimental though, use it at your own risk (though I'll use it right away at safe.fiery.me).

* It's now possible for root user to add files to other users' albums through the API route. I don't plan on allowing root user to list other users' album list from the dashboard, I just thought that there'd be no harm in extending the API a little bit.

* Kinda better error logging for uncaught exception and unhandled rejection. Their stack trace should be logged now.
2018-05-11 00:25:52 +07:00
Bobby Wibowo
c952e3e8ce
Updated utilsController.js
Possibly better Cloudflare error handling.
2018-05-09 17:18:16 +07:00
Bobby Wibowo
fbd38a8bdd
Updated utilsController.js
Forgot to symlink 'unavailable thumb' placeholder for failed video thumbs.
2018-05-09 17:07:23 +07:00
Bobby Wibowo
f043f65ca1
Updates
* Added Cloudflare purge cache support. Check configuration sample at config.sample.js.
When it's enabled, whenever files are being deleted, it will send a POST request to Cloudflare's API to purge cache of the deleted files.
This adds a new dependency called "snekfetch". It's lightweight though.

* uploadsController.delete() will now wrap uploadsController.bulkDelete() instead.
2018-05-09 16:53:27 +07:00
Bobby Wibowo
7991a63315
Updates (please update your config.js)
NOTICE: Please update your config.js. Use config.sample.js as the template.
There were a couple of renames and restructures.

* Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though.

* All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout.

* Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw.

* Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail).
This haven't been tested in Windows machines, but it'll probably work fine.
I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
2018-05-09 15:41:30 +07:00
Bobby Wibowo
9e069f5a9a
Updates
* Added "create new album" button at homepage uploader. Due to this, albums list will always be shown even when you don't have any albums (and of course the list will be empty).
Preview: https://i.fiery.me/ITQ5.mp4 (ignore the fact that the prompt says "Edit album", it's been fixed before this commit goes live)

* Refactored various bits of the codes to use async/await instead of Promise.then. This will obviously cause the browser's requirement to raise but hell, it's the modern browsers age.

* Various other code improvements.
2018-05-06 21:14:57 +07:00
Bobby Wibowo
08410faa9a
Updates (breaking changes!)
* Updated API route: /upload/bulkdelete.
It now accepts an additional property named "field". In it you can now enter either "id" or "name", which will set whether it will bulk delete by ids or names respectively. It also no longer accepts property named "ids", instead it has to be named "values" (which of course is an array of either ids or names). So yeah, now the API route can be used to bulk delete by ids and names.
In the future this will be expanded to bulk deleting files by username (only accessible by root of course).

* Added a form to bulk delete files by names for the hardcore user, like me (https://i.fiery.me/AHph.png).

* Some design update. Mainly forms restructuring aimed at tight screens.

* Changing file name length, requesting new token and setting new password will no longer reload the dashboard page on success. Instead it will simply silently reload the form.

* utils.bulkDeleteFilesByIds() replaced by utils.bulkDeleteFiles() which now can either by ids or names. This will be the one that will eventually be extended for deleting by username.

* Various other code improvements.
2018-05-06 02:44:58 +07:00
Bobby Wibowo
715c821c14
Updates
* Bumped node requirement to >= 8.0.0 (due to async/await).

* Moved ESLint config to .eslintrc.json.

* Moved ESLint ignore to .eslintignore.

* Bumped ESLint's ecmaVersion to 8, although it was probably already automatically set to that before.

* Bugfix line 110 of albumsController.js.
2018-05-01 00:32:50 +07:00
Bobby Wibowo
61e1896945
Updates
* A bunch of refactors in public JS files (home.js, dashboard.js, etcetera).

* Added lazyload to home page (for thumbs of uploaded images), dashboard (for thumbs view) and albums' public link.
Albums' public link will silently fallback to loading all thumbs at once if JavaScript is disabled.

* A bunch of others code improvements. Honestly I'm too lazy to track all the changes.
2018-04-29 19:47:24 +07:00
Bobby Wibowo
c51365adb5
Updated dashboard
Bulk deleting files and adding/removing selected files from album will no longer refresh the current view to the first page. It will now instead try to refresh the current page. There will be cases where the current page ends up empty (when bulk deleting or moving files from the current album), but I figured that isn't much of an issue when compared with the advantages.
2018-04-29 06:44:25 +07:00
Bobby Wibowo
4660200b1e
More improvements to albums, and others
Improvements related to albums:

* Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png).
This also adds a new API route: /api/albums/edit.
The old API route, /api/albums/rename, is still available but will silently be using the new API in backend.

* Deleting album will now also delete its zip archive if exists.

* Renaming albums will also rename its zip archive if exists.

* Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat.

* The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier.

* Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier.

* Added "download" and  "public" columns to "albums" table in database/db.js.
Existing users can run "node database/migration.js" to add the columns.

Others:

* uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise.

* Album name of disabled/deleted albums will no longer be shown in uploads list.

* Added "fileLength" column to "users" table in database/db.js.

* Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though.

* Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch).

* Updated icons (added download icon).

* Some other improvements/tweaks here and there.
2018-04-29 00:26:39 +07:00
Bobby Wibowo
64b04abbe9
Updates (a small breaking change with config file)
"generateZips" is no longer merely accepting boolean value, it's now an object with 2 properties: "enabled" and "maxTotalSize". The former is of course to enable/disable zip generation, while the latter is to limit the total size of all the files in an album. If the total size exceeds the set limit, it will not generate a zip file. It'll probably be useful when used alongside Cloudflare's Cache Everything (since Cloudflare will only cache files with a maximum size of 512MB).
2018-04-27 10:27:34 +07:00
Bobby Wibowo
535d3df73f
Updated some things involving album zipping
* When version string is not specified in the URL query of /api/zip/:identifier (the API route to generate and download ZIP archive of the album), it will redirect the request with the album's editedAt timestamp as the value in the version string (only if editedAt timestamp exists). This will ensure that any bare calls to the API (without version string) will always be redirected to its latest state. This is mainly useful when being used with CDN that respects query string.

* Download button and CDN notice will no longer be visible in empty album pages.

* Matched empty album phrase as the one being used with the zipping API.
2018-04-27 10:03:13 +07:00
Bobby Wibowo
e01b007ea1
Updates
Restored CDN warning to album pages. Turns out adding Page Rule to /api/album/zip/* with Cache Level set to Cache Everything and Origin Cache Control set to On will work just fine. The version string is still necessary to ensure that clients are downloading the very latest version of the archive though.
Also last time I was using zipGeneratedAt timestamp, which was dumb, this time it is using editedAt timestamp, which was my original plan but kinda forgotten.
2018-04-27 04:30:11 +07:00
Bobby Wibowo
d46611ee57
Updates
Experimental CDN support for album zip downloads.
2018-04-27 04:04:21 +07:00
Bobby Wibowo
00d05ce97b
Updates
* Dashboard will now display "N/A" when the file does not have an extension. Previously it would display the full name, which was of course a mistake.

* Updated static files' version string again.
2018-04-25 20:39:07 +07:00
Bobby Wibowo
5bb960756f
Updates
uploadController.js:

 * Fixed chunk uploads failing when "blockedExtensions" is missing from the config file.

config.sample.js:

* Renamed "blockedExtensions" to "extensionsFilter", and added a new option named "filterBlacklist". When "filterBlacklist" is set to 'true', all extensions in "extensionsFilter" array will be blacklisted, otherwise it will be a whitelist, so only files with those extensions that can be uploaded.

* Renamed "uploads.chunkedUploads.maxSize" to "uploads.chunkedUploads.chunkSize".

* Added "uploads.chunkedUploads.noJsMaxSize" which can be used to change the 'displayed' file size on the No-JS uploader page.

* Some other phrases updates.

_globals.njk:

* Updated static files' version string since there is a small update to home.js.

other files:

* Regular code improvements/tweaks.
2018-04-25 20:16:34 +07:00
Bobby Wibowo
674d20c62c
Updates
Regular code improvements.
2018-04-21 04:39:06 +07:00
Bobby Wibowo
09f51c8448
Updates~ 😉
Thanks to Zephyrrus for the hints about nunjucks, sort of (he did not really give out any specific hints to me, I stalked his fork, lmao).

* Replaced Handlebars with Nunjucks.

* Replaced all static HTML files with their NJK-equivalent (excluding error pages).

* Renamed "albumDomain" to "homeDomain" in config.sample.js (make sure you update your config.js too).

* Updated dependencies: knex and eslint-plugin-import (dev).

* Updated vscode's settings.json (I may update this again very soon).
2018-04-19 04:00:36 +07:00
Bobby Wibowo
dd43acecea
Updates
* Added VSCode settings to git repo. Now you can match yours with mine, if you want.

* Added .jsbeautifyrc for js-beautify (to be used by VSCode's Beautify extension).

* Refactored all instances of require('**/*.js') with require('**/*') wherever applicable (basically gotten rid of the .js extension).

* Refactored path in all instances of require() wherever applicable.

* Sorted instances of require() wherever applicable.

* Fixed 500 HTTP error trying to load an error page for 505 HTTP error.

* Removed special treatement of NoJS page from uploadsController.processFilesForDisplay().

* Updated version string of all static files.

* Beautified all HTML, HANDLEBARS and CSS files.

* Refactored the structure of footer links in homepage and No-JS uploader. This should now fix homepage going out-of-bound in smaller screens.

* Added CSS prefixes wherever applicable.

* Improved back-end side of No-JS uploader. This will now handle errors properly.

* No-JS uploader will now show max file size.

* No-JS uploader will now show a proper message when private mode is enabled and/or registration is disabled.
2018-04-13 23:20:57 +07:00
Bobby Wibowo
4923cf9800
Updates
* Added No-JS uploader page (it's on /nojs).

* Updated uploadsController.processFilesForDisplay() to support requests from No-JS uploader page.

* Added "Bash uploader" link to footer.

* Updated icons (added terminal icon for "Bash uploader" footer link).
2018-04-12 21:37:42 +07:00
Bobby Wibowo
7978325cd6
Updates
* Removed rimraf from dependency. Although really it'll still need to be used by other dependencies, such as eslint and bcrypt, so it'll still have to be downloaded by yarn either way.

* Updated dashboard.css. Added "overflow: hidden" to thumbnail container. Previously potrait thumbnails will be visible outside of their container.

* Removed notice about having "chunks" folder from config.sample.js. Added a line in lolisafe.js to create the folder if it doesn't exist instead.

* Updated bcrypt to v2.0.0. I'm not really sure whatever has changed, but I've tested that it didn't require any additional changes for our current usage.

* Chunks will no longer be saved with their original file's extension. Instead they'll only be saved as plain files named 0, 1, ..., n, without any extension whatsoever. Extension for joined chunks will be read from the original file's name in /api/upload/finishchunks. If the user doesn't pass that data when calling the API, the joined chunks will not have any extension.

* Since rimraf has been removed, uploadsController.actuallyFinishChunks() will now use a combination of fs.unlink() and fs.rmdir(). Promise.all() will be used when running fs.unlink() so that all chunks will be deleted at the same time through multiple instances of async tasks (probably).

* Some other small changes and tweaks in uploadController.js.
2018-04-09 01:30:25 +07:00
Bobby Wibowo
3ca692d8c7
Updates
* Refactored all instances of "failedIds" and "albumIds" to "failedids" and "albumids" respectively. Abandoning camel case for these ones.

* Refactored the way it looks into which albums the files are supposed to be added into.
For /api/upload/finishchunks, you can add "albumid" to each object in files[] to specify which album you want the finsihed chunks to be added into. Each object may have different album IDs.
For /api/upload, which is regular uploads, unfortunately you can only choose one album at a time (by adding "albumid" to the request headers, like usual). It uses the same function as the one used for finishchunks to add the files into album, so it shouldn't be hard to extend this ability to regular uploads, someday in the future.

* Fixed a bug in /api/upload/finishchunks. Previously you couldn't ever get it to work.

* Updated error message when successful uploads could not be added to album.

* "albumid" will no longer be added to request headers if they are chunked uploads. They'd have been ignored anyways.
2018-04-05 19:54:24 +07:00
Bobby Wibowo
b1dbb931c1
Updates
* Updated eslint-plugin-import dev dependency.

* Added 2 new ESLint rules: "prefer-const" and "object-shorthand".

* Refactor all JS files to follow the new ESLint rules.

* Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 17:52:57 +07:00
Bobby Wibowo
0f3551c3bd
Updated uploadController.js
Refactored all instances of forEach() to for-loop (there were 3 instances).
To be honest I kinda liked forEach() better in terms of readability, but oh well, let's aim for that likely tiny performance boost.
2018-04-05 17:31:07 +07:00
Bobby Wibowo
95de5ee3fd
Updates
* New uploads that can NOT be added to an album, for whatever reason, will print out message that they can not be added to the said album, but their links will still also be shown underneath the message. Previously it would only print out the message but not the link.

* Improved uploadController.processFilesForDisplay(). Previously it would loop through all uploaded files and update album info for EVERY file, even though to begin with it was designed so that every call would only have to access ONE album. So yeah, this time it will only update album info ONCE no matter how many files are being processed in that session.
2018-04-05 17:21:51 +07:00
Bobby Wibowo
aea89ecbd4
Updates and merged changes from 'master'
* Removing files from an album will now update the state of the said album. Which means, the Download Album as zip feature will properly make a new zip instead of re-using the old one which would obviously still have the said files.

* "migration.js" will no longer try to create column if it already exists.

* Changed type of all columns that used to be DATETIME to INTEGER. Apparently SQLite would have stored them as INTEGER anyways, so you don't have to change anything else.
2018-04-05 10:10:10 +07:00
Bobby Wibowo
7f10cccf70
Updates
* If files have to be added to an album on upload, it will now wait until they have either been succesfully added to the album or errored.

* File names in thumb view will now show their full URL on their tooltip.
2018-04-05 00:38:15 +07:00
Bobby Wibowo
a61060249f
Updates
* Updated README.md to get rid of all the warnings from linter. Just because.

* Removed an unnecessary logic check in albumsController.addFiles().

* Refactored "successIds" to "updateDbIds" in utilsController.bulkDeleteFilesByIds().
2018-04-03 22:01:19 +07:00
Bobby Wibowo
8724d45ce0
Updates
* Refactored all instances of "An error occurred" by appending an exclamation mark.

* Added the ability to add/remove files to/from album (API route: /api/albums/addfiles - https://s.fiery.me/dCAqLEQ9.mp4).

* Added the ability to purge files associated with an album when deleting the said album (set "purge" key to true in the JSON POST request to /api/albums/delete).

* Updated icons.

* Some other refactors, probably.
2018-03-30 09:39:53 +07:00
Bobby Wibowo
0067c8fe83
Updates
* Refactored all instances of "err" into "error".

* Added bulk delete feature (API route: /api/uploads/bulkdelete). It accepts an array of IDs (its key must be "ids" in the JSON POST request). Don't forget it still requires a token in the headers. (https://s.fiery.me/6rjMAYoC.mp4)

* Removed fontello.css from auth.html.

* Updated a bunch of styling.

* Added "copy link to clipboard" button to thumbs view.

* Added "view thumbnail" button to list view. Clicking the row will no longer trigger thumb view, instead you have to press that button.

* Updated icons.

* ... and perhaps some others that I can't remember?
2018-03-30 06:22:08 +07:00
Bobby Wibowo
2dd724f88f
Updates
* Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard).

* Added "curly" eslint rule with "all" option. I like it.

* Refactored all JS files to apply the new "curly" eslint rule.

* Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement.

* Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server.

* Updated README.md and .gitignore.
2018-03-29 00:40:50 +07:00
Bobby Wibowo
e81e706914
Bug fix for chunked uploads support
Previously chunks merging would end up with corrupted files if the files were chunked into more than 10 chunks. It had something to do with incorrect file names sorting. This commit would fix it by prepending zeros to the file names depending on the amount of chunks.
2018-03-28 21:10:20 +07:00
Bobby Wibowo
66a63ca6d6
Updates (YAY, CHUNKED UPLOADS!)
* Added new dependency: rimraf. This will be used by chunked upload support to bulk delete temporary chunk files.

* Added chunked uploads support :3

* Updated Dropzone to 5.2.0.

* More improvements to thumbnail view. Delete button will now only appear on hover. Some other details, such as file name, size and album/owner will also appear on hover. Touch devices will have all of those appear always visible by default.

* Image thumbnails will now appear on home page after successful uploads (only for WEBP, JPG, JPEG, BMP, GIF and PNG files). WEBP may not work properly in Firefox though.

* Refactored home.js to use const/let and some other stuff.

* Refactored album view. It will now display properly on mobile screen. Download Album button will also no longer be located at the top right, but right below the subtitle.

* Updated some version strings.

* And maybe some others that I can't remember.
2018-03-28 18:36:28 +07:00
Bobby Wibowo
3fa5b24ee5
Updates
* Better auth handling.

* Deleting a file will no longer cause the dashboard to load the very first page of uploaded files list. It will instead reload the currently viewed page.

* Updated dropzone (I guess).
2018-03-25 02:47:41 +07:00
Bobby Wibowo
83f3b36f15
Updates
* Added "Size" column to list view of uploaded files. The size will be use 'pretty' view (kB, MB, etc).

* Added delete button to thumbs view of uploaded files.

* All instances of "file length" in public views renamed to "file name length". The latter makes more sense.
2018-03-24 23:45:51 +07:00
Bobby Wibowo
616124446f
Updates (WARNING!)
WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options).

* generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties.

* fileLength option is now an object with min, max, default and userChangeable as its properties.

* User may now change their preferred file length (following the previous option, of course).

* Updated a bunch of responses messages. Mainly appending a dot to the messages.

* New APIs:
/fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file).
/fileLength/change to change user's preferred file length.

* And maybe some others ...?
2018-03-24 20:52:47 +07:00
Bobby Wibowo
288795c6e3
Merge branch 'pr-retry-names' into safe.fiery.me 2018-03-18 23:59:03 +07:00
Bobby Wibowo
5be27c129d
Uses async 2018-03-18 23:32:59 +07:00
Bobby Wibowo
070f4bdafd
Updates
* Updated file name checker to use for-loop instead of do-while-loop.

* Replaced all instances of eslint-disable-line with eslint-disable-next-line.
2018-03-18 20:13:08 +07:00
Bobby Wibowo
dcb72734fe
Patch to allow "retries" when generating random name 2018-03-18 19:21:04 +07:00
Bobby Wibowo
c2b2f5b14b
Updates
* Properly merged changes from master.

* database/migration.js will now exit after migartion.

* Replaced all instances of createTableIfNotExists() into a combination of hasTable() and createTable() in db.js.
2018-03-14 13:57:09 +07:00
Bobby Wibowo
cb0295e732
Updates
* Patched delete function to continue deleting the file from the database if the physical file is missing from the expected path.

* Patched delete function to not print any error message if the file does not have any thumbnail.

* Patched uploader to check the existence of file with the same name, then try to generate a new random name if true, up to 3 times. If it still can not generate a unique random name after 3 times, it will throw an error saying that it can not allocate a name to the client.
This will be useful when shortening file name in the config file.
2018-03-13 21:51:39 +07:00
Kana
496575dea0
Whoops 2018-03-05 01:40:45 -03:00
Kana
939b5c52f7 In theory this will enable us to disable users and not break already running instances 2018-02-16 23:50:23 -03:00
Bobby Wibowo
677d8717e7
Fixes to albums
* It will now properly create "editedAt" and "zipGeneratedAt" columns into "albums" table, which will then be used for the "Download Album" feature. Previously, due to the lack of those columns, people could not download albums. Existing installation will have to do some manual patches, which I will describe further in the commit's comments.

* Thumbnail-less files will properly show the extensions in albums. Previously it would have two dots.
2018-02-07 23:56:32 +07:00
Bobby Wibowo
62f142a046
Updates
Patching albums for installations which serve files through a different domain (experimental).
2018-02-07 13:45:18 +07:00
Bobby Wibowo
efbaa24b30
Updates
More experimental changes to compliment the previous commit.
2018-02-07 13:32:26 +07:00
Bobby Wibowo
66f3b0739d
Updates
Experimental changes to allow generating thumbnails only for EITHER images or videos.
2018-02-07 13:22:31 +07:00
Bobby Wibowo
fb63ed50ea
Sorry.
At first I was concerned due to a particular ESLint rule called "no-undefined", but then after looking more deeply into it, I realized using typeof was unnecessary since "no-global-assign" and "no-shadow-restricted-names" were enabled and thus the previous method surely would not cause any problems.
2018-01-24 19:57:17 +07:00
Bobby Wibowo
5052cd2651
Sorry.
At first I was concerned due to a particular ESLint rule called "no-undefined", but then after looking more deeply into it, I realized using typeof was unnecessary since "no-global-assign" and "no-shadow-restricted-names" were enabled and thus the previous method surely would not cause any problems.
2018-01-24 19:53:31 +07:00
Bobby Wibowo
8598001ee3
Proper undefined check 2018-01-24 19:39:22 +07:00
Bobby Wibowo
7de25210ce
Proper undefined check 2018-01-24 19:38:32 +07:00
Bobby Wibowo
d5fcb2ee26
Updated uploadController.js
Stricter comparison.
2018-01-24 05:29:52 +07:00
Bobby Wibowo
38d77fdfbb
Fix 2018-01-24 05:29:13 +07:00
Bobby Wibowo
bcdfcd7064
Various updates
* Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too.

* Lots of refactors to follow the rules of Standard.

* Fixed issue with uploading as a not logged in user.
2018-01-24 03:06:30 +07:00
Pitu
3c2ba4868a ugh, little mistake 2017-10-04 15:20:07 -03:00
Pitu
759943f798 whoops 2017-10-04 15:13:23 -03:00
Pitu
76d48602c6 Async who? 2017-10-04 02:51:55 -03:00
Pitu
09a5c6bf1e Added a little bit of logging 2017-10-04 02:46:31 -03:00
Pitu
149742ab61 Bypass file if not found when zipping an album 2017-10-04 02:45:45 -03:00
Pitu
992b632d1a Added album downloading through front-end 2017-10-04 02:05:38 -03:00
Pitu
e56ef97975 Return 404 for deleted albums 2017-10-04 00:59:05 -03:00
Pitu
702075b66d ES6 rewrite 2017-10-03 21:13:38 -03:00
Kel
8427d23807 Delete thumbnails when file deletes
Tested working with a couple file types. Fixed some coding errors from earlier revision.
2017-10-01 23:33:32 -06:00
Pascal Temel
b05dac6743 cleanup 2017-09-24 05:54:13 +02:00
Pascal Temel
4b63ea2d1b add wmv, avi and mov thumbnail support 2017-09-24 05:35:09 +02:00
Pitu
ad4eeb5eaa Fixed last night's fuckup 2017-08-30 19:35:40 -03:00
Pitu
80117235f9 Added album check to uploads 2017-08-30 04:48:17 -03:00
EpikPhailure
daf8f0130c Update uploadController.js
* fixed blacklist from being bypassed due to case insensitive extension names
2017-06-22 17:35:56 -07:00
Kanacchi
e2885bd37c Made it so user doesn't need to specify blockedExtensions.
This is useful if there are people already running lolisafe and updated to latest version
2017-04-03 18:45:56 -03:00
Pitu
14cf45c168 Fixed bug that caused people to upload as anon even if running private 2017-04-03 17:29:10 -03:00
Crawl
72c38749ca Update uploadController.js 2017-03-28 07:44:31 +02:00
Onestay
ad6b7d25de added array with blocked file extensions
Added an option to add file extensions to the config which will be rejected (https://github.com/WeebDev/loli-safe/issues/19)
2017-03-27 23:07:00 +02:00
Pitu
026e0a3ef0 Derps were made, and now fixed 2017-03-18 01:36:50 -03:00
Pitu
72fb9ec938 whoops 2017-03-17 01:19:33 -03:00
Pitu
1db1b06a48 Refactor 2017-03-17 01:14:24 -03:00
Pitu
8a96a0df1d Moved thumbnail processing to it's own utils file 2017-03-17 01:14:10 -03:00
Pitu
dd3b47ebc8 Added thumbnail processing while uploading 2017-03-16 21:53:29 -03:00
Pitu
7cf8b6899d Added ability to see who uploaded a file as root 2017-02-13 21:55:07 -03:00
Pitu
61a4e984de Little fix 2017-02-07 04:54:58 -03:00
Pitu
36e17b0372 Album stuff 2017-02-07 04:52:53 -03:00
Pitu
e05a7c751e Added public album sharing 👌 2017-02-07 04:32:55 -03:00
Kanacchi
f6869ff7c5 Merge pull request #11 from PascalTemel/master
support thumbnails for .webm and .mp4 files
2017-02-07 03:20:12 -03:00
Pitu
6396d42409 Changed the way repeated files work
From now on, same file upload is restricted per user. Meaning same user cant upload the same file twice, and upon trying to do so they will get the original link instead of an updated one. This works the same way for anonymous uploads, only 1 file of the same kind will be uploaded
2017-02-07 03:18:41 -03:00
Pascal Temel
b008f77d36 Remove unused parameter 2017-02-07 01:15:39 +01:00
Pascal Temel
facf4a29fc support thumbnails for .webm and .mp4 files 2017-02-07 00:53:22 +01:00
Pitu
d5c9b15ab9 Added username display on dashboard 2017-01-31 03:43:00 -03:00
Pitu
0540b0775d Fixed wrong error text 2017-01-30 05:16:08 -03:00
Pitu
418f4ffe79 Stuff 2017-01-30 05:10:39 -03:00
Pitu
4a4ca06366 Forgot it was an array 2017-01-30 04:42:15 -03:00
Pitu
0258c290ff WIP 2017-01-29 22:51:54 -03:00
Pitu
4cd076b4f6 derp 2017-01-29 22:50:44 -03:00
Pitu
c64aa8fa2e Added change password for users 2017-01-29 22:30:00 -03:00
Pitu
751a876360 Updated albumsController to use new auth 2017-01-29 22:17:49 -03:00
Pitu
16164115aa New token shananigans 2017-01-29 22:06:52 -03:00
Pitu
b3cdc406d2 Removed blank lines 2017-01-29 04:18:46 -03:00
Pitu
3a58b5b4b9 WIP changing from auth to just 1 token 2017-01-29 04:18:31 -03:00
Pitu
5f0ff7f6aa Created login/register controller 2017-01-29 04:16:56 -03:00
Pitu
3f4b879144 List and thumb view on uploads 2017-01-22 18:01:39 -03:00
Pitu
4d83ff5a28 Crawl :') 2017-01-21 17:24:20 -03:00
Pitu
cd123b4c11 Forced resolve, updated config.sample.js 2017-01-21 17:21:29 -03:00
Pitu
1b2af2282f Pagination is gucci 2017-01-21 05:17:29 -03:00
Pitu
6f06bc930b Made deleting files a promise-thingy 2017-01-21 03:57:25 -03:00
Pitu
cfba738995 Ignore file if it exists already, return its url 2017-01-21 03:49:04 -03:00
Pitu
bae03cdc25 File delete, album delete and album rename. Sugoooi! 2017-01-20 03:28:26 -03:00
Pitu
bb0f746598 Album delete WIP 2017-01-19 17:14:28 -03:00
Pitu
a8121f5d7c Small fix for listing 2017-01-19 03:34:48 -03:00
Pitu
0f058724f3 Reverse sorted links list to show newers first 2017-01-19 03:11:20 -03:00
Pitu
5d09892ec1 Ohboi 2017-01-19 03:04:22 -03:00
Pitu
83aaef0f82 Changed request system and post data
Changed from XMLHttpRequest to Axiios and made every POST call to look for params or json and not pass the values as headers. Token is still a header though
2017-01-19 02:37:35 -03:00
Pitu
93891ae1e5 Small fixes 2017-01-19 00:31:01 -03:00
Pitu
f55e9809b7 Yep, multi-domains is a thing 2017-01-18 21:52:24 -03:00
Pitu
d6c7aff21b Multi-domain fixes. Maybe it's ready? 2017-01-18 21:50:40 -03:00
Pitu
aae56e91c9 Added multi-domain support. Maybe 2017-01-18 21:35:31 -03:00
Pitu
368b40c9d1 Camelcased the config 2017-01-18 20:38:13 -03:00
Pitu
02be558683 Added enabled flag to create/list of albums 2017-01-18 05:07:20 -03:00
Pitu
de130602f9 Added changing of tokens from the dashboard 2017-01-18 04:51:42 -03:00
Pitu
0dcaf36332 Added browsing galleries from dashboard 2017-01-18 04:05:56 -03:00
Pitu
512e9f46eb lowercased headers 2017-01-18 03:40:16 -03:00
Pitu
0483684de5 removed debug messages 2017-01-18 03:30:02 -03:00
Pitu
cf98005c4f Better tables and showing album on upload view 2017-01-18 03:29:46 -03:00
Pitu
7e82e4304f added admin auth for uploading to an album 2017-01-18 03:00:36 -03:00
Pitu
84ff2241ba Shit ton of things on this update 2017-01-18 02:40:14 -03:00
Pitu
ddb6d0df7d Database now saves album 2017-01-17 19:05:00 -03:00
Pitu
c4b5457891 Change from gallery to album 2017-01-17 18:55:35 -03:00
kanadeko
a114d298d0 Rewrote token handling and upload.js 2017-01-17 16:54:25 -03:00
pitu
bdfd512c10 token handling and verification 2017-01-17 00:37:54 -03:00
kanadeko
14ddf495b3 Fixed frontend upload 2017-01-16 05:35:36 -03:00
kanadeko
f42202259d Changed upload from single file to array 2017-01-16 05:22:19 -03:00
kanadeko
3777c01465 Little fix 2017-01-16 04:56:56 -03:00
kanadeko
570f6c3ce3 Print and save tokens 2017-01-16 04:45:29 -03:00
kanadeko
9688c5ee52 Removed error code because is stupid 2017-01-16 04:22:26 -03:00
kanadeko
55e2d17636 Admin panel, pomf-standarization and stuff 2017-01-16 04:21:46 -03:00
pitu
0e0a1c6f35 Updated readme 2017-01-14 18:42:38 -03:00
kanadeko
b81cf72ac4 Changed from ip whitelist to token based auth 2017-01-14 18:13:58 -03:00
kanadeko
3b648ab45e Frontend ip blocking 2017-01-14 06:06:01 -03:00
kanadeko
d25193bb31 IP whitelisting 2017-01-14 05:51:56 -03:00
kanadeko
a246fc8365 Frontend done 2017-01-14 05:50:18 -03:00
kanadeko
07ba404dcb Frontend WIP 2017-01-14 03:01:23 -03:00
kanadeko
3f3505dee7 Gallery WIP 2017-01-13 18:40:08 -03:00
kanadeko
9bb621a773 Gallery WIP 2017-01-13 18:38:18 -03:00
kanadeko
dec004cc0a Gallery WIP 2017-01-13 18:36:54 -03:00
kanadeko
633948660c Gallery WIP 2017-01-13 18:33:49 -03:00
Pitu
376cf10663 First version 2017-01-13 04:34:21 -03:00