Commit Graph

97 Commits

Author SHA1 Message Date
Bobby Wibowo
cc122f63b8
Updated lolisafe.js
https://blog.fiery.me/recent-disturbance-with-temporary-uploads
Fix for temporary uploads failing forever just due to errors not being
caugh.
2020-05-27 01:18:25 +07:00
Bobby Wibowo
86b51fe5f5
Added Cookie Consent, among other things
This adds Cookie Consent library at public/libs/cookieconsent.

Added views/cookiepolicy.njk.

Added a new config option cookiePolicy. Disabled by default.

Updated views/faq.njk to use variables wherever applicable.
The variables are initiated at views/_globals.njk.
The said file also contains variables used at views/cookiepolicy.njk.

Restored messages about Cloudflare to FAQ.
They will be shown only if config.cloudflare.purgeCache is enabled.

Statistics will now capitalize first letters of the keys instead.

Updated background color of SweetAlert modals.

Moved table styling from dashboard.css to style.css (global),
since table will also be used in Cookie Policy page.

Bumped v1 version string and rebuilt client assets.
2020-05-17 03:35:54 +07:00
Bobby Wibowo
968fd74676
Updated
No longer initiate expired uploads check if
config.uploads.temporaryUploadsInterval is not set.

"yarn delete-expired" will now list names of the expired uploads too.
2020-05-16 21:45:14 +07:00
Bobby Wibowo
38b8109210
Added starting message to lolisafe.js
Most of the times, connecting to ClamAV takes a bit too long and causes
misunderstanding due to a long period of silence
Generally with PM2 logs, due to the lack of indicator
of a successful restart
2020-05-09 14:54:09 +07:00
Bobby Wibowo
ff54f088bd
Added client assets update detection
/api/check and /api/token/verify will now pass along v1 version string
if used (when config.cacheControl is used) for both home.js and
dashboard.js to use to compare version strings.
This should help notify users using browsers with a bit more overbearing
caching (generally mobile browsers).

Rebuilt client assets and bumped v1 version string

Slight update to yarn.lock (a small syntax change for node-gyp, idk why)
2020-04-30 05:56:28 +07:00
Bobby Wibowo
2d1db2bd01
Updated log message for expired uploads deletion 2020-04-07 02:46:04 +07:00
Bobby Wibowo
f534ac2e4d
Updated all dependencies
Updated lolisafe.js
2020-04-04 22:08:37 +07:00
Bobby Wibowo
609753f1e9
Make Helmet's HSTS configurable from config file
Closed #115
2020-02-13 15:03:31 +07:00
Bobby Wibowo
783ac81bf7
Updated
lolisafe.js: fixed a logic

faq.njk: fixed typo
2020-02-13 14:37:19 +07:00
Bobby Wibowo
edce59243b
Better cache control when not using CDN 2020-02-11 17:18:04 +07:00
Bobby Wibowo
a884ef8d01
Bug fix
Fixed #67

Changed default admin account to username root & password changeme,
for new installations.
Also updated README.md to mention it.
2019-10-21 17:49:52 +07:00
Bobby Wibowo
4e20f28b78
Updated lolisafe.js
If config.cacheControl is enabled, remove Cache-Control header from
error pages.
Fallbacks to Express' default behavior of using "public, max-age=0".
2019-09-20 02:42:08 +07:00
Bobby Wibowo
8ab77a6464
Updated
Removed version strings from _globals.njk,
in favor of src/versions.json.
That versions in that file can be bumped with "yarn bump-versions".
v1 is automatically bumped when doing "yarn build" as well.

Added README file in src directory, explaining versions.json file.

Added README file in scripts directory, detailing usage of each scripts.

Version strings will no longer be appended when cacheControl is disabled
in config file.
After all, version strings are only needed when the static assets are
cached indefinitely in users' browsers.

Initial Cloudflare's cache purging will no longer be executed when
cloudflare -> purgeCache is disabled, even if cacheControl is enabled.
Just in case someone wants to use version strings for other use cases.

Actually use custom metaDesc variable on meta description tag.
2019-09-19 19:10:37 +07:00
Bobby Wibowo
9e9b0d4439
Updated
Updated some dev dependencies.

---

Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.

Added dist-dev to ignore files.

---

The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.

Root domain for use in Nunjuck templates will now be parsed from config.

Better page titles.

Updated help message for "Uploads history order" option in
homepage's config tab.

Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.

Uploads' original names in homepage's uploads history are now
selectable.

Min/max length for user/pass are now enforced in auth's front-end.

Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.

File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.

Added video icons.
Homepage's uploads history will now display video icons for videos.

"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.

Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.

A few other small improvements.
2019-09-17 11:13:41 +07:00
Bobby Wibowo
0e5a64d81d
Updated lolisafe.js
Fixed cache-control.
I only noticed that I had "immutable" on pages that were supposed to be
cached by proxy only.
For some reason that did nothing on my Firefox desktop,
but I noticed it worked in my phone's browsers, including Firefox.
Odd.
2019-09-15 14:43:56 +07:00
Bobby Wibowo
c9ba16e1d6
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.

CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.

JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.

Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.

Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).

The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").

---

yarn lint -> gulp lint

yarn build -> gulp default

yarn watch -> gulp watch

yarn develop -> env NODE_ENV=development yarn watch

---

Fixed not being able to demote staff into normal users.

/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).

Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.

Removed is-breeze CSS class name, in favor of Bulma's is-info.

Removed custom styling from auth page, in favor of global styling.

Removed all usage of style HTML attribute in favor of CSS classes.

Renamed js/s/ to js/misc/.

Use loading spinners on dashboard's sidebar menus.

Disable all other sidebar menus when something is loading.

Changed title HTML attribute of disabled control buttons in
uploads & users list.

Hid checkboxes and WIP controls from users list.

Better error messages handling.
Especially homepage will now support CF's HTTP error codes.

Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.

Use Gatsby icon for my blog's link in homepage's footer.

A bunch of other improvements here & there.
2019-09-15 13:20:11 +07:00
Bobby Wibowo
02e2e402c3
!!! MASSIVE OVERHAUL !!!
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.

Notable changes:

Added temporary uploads.

Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.

A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
2019-09-08 08:56:29 +07:00
Bobby Wibowo
7e3d177d00
Updated
Added logger.js to format console logs (adding timestamps).

Re-ordered modules loading in lolisafe.js, and a few other minor edits.

Updated dev dependencies.

A few other minor edits.
2019-08-27 00:02:06 +07:00
Bobby Wibowo
3a398721b5
Updated
* Replaced all instances of getElementById and getElementsByClassName
with querySelector or querySelectorAll.

* Updated utilsController.js to stop disabling
no-async-promise-executor eslint rule.

* Removed unused lines in dashboard.njk.

* Refactored maxFileSize to maxSize in home.{css,js,njk}.

* Updated ClamAV codes in lolisafe.js. No more pinging.
Since querying version will also check connection anyway.

* Option "Upload to album" in homepage is now selectable.
Selecting this option will restore the uploader to not associate files
with an album.

* Fixed uploader to properly respect server's max file size.
Also updated error message of file size to use MB instead of MiB.

* Creating an album from homepage will automatically select the album.

* Updated Dropzone.js to v5.5.0.

* Bumped v1 & v3 version strings.

* Various other small fixes.
2019-08-20 09:16:34 +07:00
Bobby Wibowo
5c41fc9249
Updates
utilsController.js:
+ /api/stats: Cache invalidation requests will now only store timestamp
of the request instead of purging the cache entirely.
Subsequent requests to the API will no longer attempt to generate stats
if a previous request before it is still generating, since it can
take a while in big sites.
So instead, the cached stats will be returned to them, regardless of
whether it's still valid.
This should avoid "race condition" in sites with multiple admins.

* dashboard.js:
+ Added an appendix into "Delete by names" feature in dashboard to
inform staffs that they can use the feature to delete files by other
users as well.
+ Added comments explaning the need of page.domClick() function.
+ Addition to the change regarding /api/stats route: If there is no
cached stats, but a previous request is still generating, inform
the user about it.

config.sample.js + lolisafe.js:
+ We now support configuring rate limits through config file.
No more hard-coded rate limits.
Don't forget to update your config.js accordingly.

package.json + yarn.lock:
+ Updated dependencies.
2019-06-04 02:40:24 +07:00
Bobby Wibowo
e74fb3811f
Updated lolisafe.js
Goddamn, I screwed up so bad.
2019-01-31 16:38:43 +07:00
Bobby Wibowo
e479ac53ff
Updated lolisafe.js
Forgot to update this to take into account the changes in Cloudflare's
cache purge utility.
2019-01-31 16:36:16 +07:00
Bobby Wibowo
8780d6429b
Updates
NoJS uploader will now display the original file names in the results.

lolisafe.js will now automaticaly purge Cloudflare's cache of frontend
pages everytime it launches.
Of course this only applies when cacheControl is on in config file.
This sorta makes scripts/cfpurge.js script obsolete.
2019-01-09 17:11:45 +07:00
Bobby Wibowo
b431d11eba
Updates
I think proper Cache-Control for frontend now.

Fixed the way it handles "home" when purging frontend cache.
2019-01-06 15:26:43 +07:00
Bobby Wibowo
f166a70d71
Updated lolisafe.js
Updated cache control
2019-01-06 04:16:19 +07:00
Bobby Wibowo
874ddba665
Updated lolisafe.js
Cache control album ZIPs
2019-01-06 04:14:33 +07:00
Bobby Wibowo
2f51954024
Updates
Experimental cache control
2019-01-06 04:09:47 +07:00
Bobby Wibowo
8a1fa9f8fb
clean up lolisafe.js 2019-01-01 12:34:16 +07:00
Bobby Wibowo
adb2ff7e71
Updated lolisafe.js 2018-12-20 21:43:31 +07:00
Bobby Wibowo
00a4e44758
Updates 2018-12-20 19:25:41 +07:00
Bobby Wibowo
d723c0f562
Updates [!! update config.js !!]
Added extended support for URL uploads.
Namely URL proxy support and separate extensions filter (as in separate
from the primary extensions filter).
There's also a new option to set a disclaimer message that will be
printed underneath the URL uploads form.

Trust proxy is now toggleable from the configuration file.
I think they should only be enabled when you're behind proxy such as
Cloudflare or Incapsula.
I'm not sure how it behaves with only a bare nginx reverse proxy though.

Empty files can now be filtered.

Sorted preset extensions filter in config.sample.js.

Rephrased some options in config.sample.js as well.

maxTries now default to 3 in config.sample.js.

Various other small changes.
2018-12-20 18:53:37 +07:00
Bobby Wibowo
89ec426e71
Removed lines related to DuckDuckGo's proxy
I think I've let them sit for like a week or so. It should've been
enough of a buffer time for everyone else.
2018-12-19 01:19:04 +07:00
Bobby Wibowo
00cbd3e76c
Updates
Updated ESLint rule: curly, again.
Mainly to also enabled "consistent" rule, which enforces curly into
else/elseif blocks, if its if block requires curly.

Added support for GET requests to /api/delete route.
Its usage is /api/delete/identifier, where identifier is the filename.
Though just like its POST route, it needs token in the header.
2018-12-19 00:41:42 +07:00
Bobby Wibowo
53789a20c2
Updated uploadController.js
DuckDuckGo's proxy is no longer supported as it stops reporting Content-Length header, which is crucial so that the safe could predict the actual file size before downloading it.

If you have it enabled in your config file, it will now close the safe with error code 1. You can either disable url uploads completely or just disable duckduckgo's proxy (though I believe not many will choose the latter as to begin with it was implemented to hide origin IP).
2018-12-09 00:55:04 +07:00
Bobby Wibowo
2ee1c40868
Whoops, bugfix 2018-12-04 20:35:49 +07:00
Bobby Wibowo
07b4ef8fc2
Updates
Added a new config entry named "cacheFileIdentifiers". More info in config.sample.js file.

Improved some descriptions in config.sample.js file.

Added some CSS animations wherever applicable.

Bumped v1 version string.
2018-12-04 18:58:53 +07:00
Bobby Wibowo
a17cfb83a2
Enable ids caching by default 2018-12-03 16:32:26 +07:00
Bobby Wibowo
6af52341c9
Init ids-cache branch 2018-12-03 16:18:52 +07:00
Bobby Wibowo
c3d4c237cb
Init account-manager branch 2018-10-10 02:52:41 +07:00
Bobby Wibowo
d4b6933891
Improved help message for URL upload
* Hide notice about max size if it's equal to max size of regular uploads.

* Show notice about DuckDuckGo's proxy if it's turned on.

* Also updated description in config.sample.js to further emphasize about the limitation of using DuckDuckGo's proxy.
2018-09-30 05:38:13 +07:00
Bobby Wibowo
0d38995b2b
Updates
* When gitHash in config.js is set to true, latest commit hash of the currently enabled git repo/branch will be displayed in home and nojs uploader pages.

* Error pages can now be configured with errorPages option (their root directory and their file names).
2018-09-20 18:41:17 +07:00
Bobby Wibowo
a207c4a806
Init 'clamdjs' branch (#8)
Use clamdjs module instead of clam-engine. This module connects to clam daemon server.
2018-09-04 22:48:24 +07:00
Bobby Wibowo
36da76357e
Updates
* Added an experimental virus scanning feature using ClamAV. This has only been tested with an Ubuntu machine.

* File extensions will now be parsed with path-complete-extname module. This will ensure extensions such as .tar.gz are properly parsed.

Notice: It may take a minute or so to start the safe with virus scanning, as apparently the module takes a while to create the engine. I'm guessing since it'll be loaded to memory? Either way, once the engine is created, everything should work fine. Virus scanning should also not have that much of an impact to the upload time.
2018-09-02 03:37:26 +07:00
Bobby Wibowo
4d7b23bb39
Initial commit at browser-ecma6 branch
This commit is intended to downgrade codes in JS files used for browser to increase browsers compatibility.

This branch is still experimental and may require much more testing.
2018-07-14 10:42:18 +07:00
Bobby Wibowo
c4eed6e478
Updates
* Added globals.v3 to _globals.njk, which will be used for CSS/JS files of libs (bulma, lazyload, etc.). globals.v1 will now only be used for lolisafe's JS and CSS files.
Since CSS/JS files of libs receive much less updates than lolisafe's (mainly since I push updates a lot), this will decrease the amount of files that users need to re-fetch on every updates.

* Added public/js/album.js which will be used by album.njk (albums public link). I'm going to disable inline scripts in safe.fiery.me.

* Better FAQ. Some points will now dynamically changes depending on the settings you have in your config.js. It's not perfect but certainly much better than before.
2018-05-12 23:34:19 +07:00
Bobby Wibowo
bd722129de
Updates, now supports uploading by URLs!
* Added upload by URLs. It has its own max size (config.uploads.urlMaxSize), make sure your config matches config.sample.js.
Here's a brief video showing it in action: https://i.fiery.me/CUhQ.mp4.

* /api/upload now supports uploading by URLs. Devs will only need to POST a JSON request containing a key named "urls", which is an array of the urls to upload.

* Added file extension filter to /api/upload/finishchunks.

* Added proper total chunks size check to /api/upload/finishchunks.

* Various code improvements.
2018-05-11 21:34:13 +07:00
Bobby Wibowo
479db54cd3
Updates (experimental)
* Possible performance improvement. Some bulk db queries will now be executed in a single query instead of spawning multiple async task for each query. This is sorta experimental though, use it at your own risk (though I'll use it right away at safe.fiery.me).

* It's now possible for root user to add files to other users' albums through the API route. I don't plan on allowing root user to list other users' album list from the dashboard, I just thought that there'd be no harm in extending the API a little bit.

* Kinda better error logging for uncaught exception and unhandled rejection. Their stack trace should be logged now.
2018-05-11 00:25:52 +07:00
Bobby Wibowo
7991a63315
Updates (please update your config.js)
NOTICE: Please update your config.js. Use config.sample.js as the template.
There were a couple of renames and restructures.

* Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though.

* All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout.

* Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw.

* Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail).
This haven't been tested in Windows machines, but it'll probably work fine.
I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
2018-05-09 15:41:30 +07:00
Bobby Wibowo
4660200b1e
More improvements to albums, and others
Improvements related to albums:

* Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png).
This also adds a new API route: /api/albums/edit.
The old API route, /api/albums/rename, is still available but will silently be using the new API in backend.

* Deleting album will now also delete its zip archive if exists.

* Renaming albums will also rename its zip archive if exists.

* Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat.

* The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier.

* Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier.

* Added "download" and  "public" columns to "albums" table in database/db.js.
Existing users can run "node database/migration.js" to add the columns.

Others:

* uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise.

* Album name of disabled/deleted albums will no longer be shown in uploads list.

* Added "fileLength" column to "users" table in database/db.js.

* Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though.

* Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch).

* Updated icons (added download icon).

* Some other improvements/tweaks here and there.
2018-04-29 00:26:39 +07:00
Bobby Wibowo
6cc6928c62
Merging all the changes from 'master'
There's nothing much really. Here's a summary:
* Added dmca.gripe to README.md.
* Updated chrome extension's instruction in README.md.
* Bumped year in LICENSE.
* Moved error pages from /pages/errors to /pages/error.
* Added a README.md to /pages/error clarifying the fact that this repo is using symlinks for error pages.
2018-04-26 19:28:31 +07:00