Replaced all Array.concat() with spread operator and/or push().
Fixed some faulty search logics when using exclusion filters.
Fixed capitalization of mac font in _variables.scss. Stylelint somehow
fricked up again in my previous commit.
Now will calculate usage as (total - avail).
In Linux, ext filesystems by default reserves 5% of the space to be
usable by root, making them essentially already "used" space.
Originally we didn't take that into account.
Disk usage percentage will now round down: Math.round() -> Math.floor().
The general behavior in other tools such as "df".
node-fetch: 2.6.0 -> 2.6.1 (security)
browserslist: 4.14.0 -> 4.14.1
stylelint: 13.6.1 -> 13.7.0
Obligatory bump to versions.json as this commit requires rebuilding
client assets (dev dependencies updates affect style.css).
As usual, rebuilds will be in the next commit by the build bot.
src/js/misc/utils.js: Added page.getPrettyUptime().
Updated dependency:
helmet: 3.23.3 -> 4.1.0
lolisafe.js: Disabled CSP by default.
Since helmet 4, CSP would instead be enabled by default.
Added new dev dependencies:
bulma, gulp-sass, node-sass
Updated some dependencies
Various other things related to styling
Bumped v1 version string and rebuilt client assets
I wasn't aware ShareX wouldn't do a basic GET request to the delete URL,
but would instead open your browser to it.
Unfortunately, due to the structure of lolisafe auth setting token
through HTTP header, which had always been done by JS as it has to get
the value from local storage, just visiting the API from browser will
merely respond with "No token provided".
We'd need cookie-based auth, which I do not want to add.
The old me that added deletion API long ago might have been aware of
this fact, but the me of a few hours ago already forgot..
I'll give this further thoughts at a later date, as ShareX isn't really
a priority to me.
Bumped v1 version string and rebuilt client assets.
Also fixed undefined vars check, as var === undefined throws error
when truly not defined.
It's probably specific to browsers (don't recall seeing this in node).
Bumped v1 version string and rebuilt client assets.
Despite that, it still expects the existence of a so-called main script
in "page" variable, and also expects to be loaded by it instead,
with an internal check to load itself if the main script fails to call
itself within the expected conditions.
Improved button colors in SweetAlert prompts.
Refactored window.onload() to DOMContentLoaded's event listener.
This should essentially allow pages to have multiple scripts that listen
to that event.
Bumped v1 version string and rebuilt client assets.
For registered users only!
This requires adding a basic GET API for file deletion, so that I did.
Configs which guests download will not include pattern for delete URL,
so they won't get notified of unusable delete URL or anything like that.
dev: Improved logger.debug() to support specifying options for node's
Util.inspect() if an object is set as its last param
(assuming >1 params).
Default options now also includes enabling colors.
src/js/utils.js: Simplified dynamic ShareX config generator.
Among other things, it will now use JSON.stringify().
I don't even remember why we didn't use that in the first place..
Some logic improvements in src/js/home.js.
Bumped v1 version string and rebuilt client assets.
Basically, when you're on the very last page of either uploads or users
lists, and then you decide to delete all uploads/users in the list, by
default it will automatically load the latest valid page (e.g. page - 1,
or more if it has to).
Unfortunately, that behavior will get cancelled out by "Something else
is still loading" warning. This fixed that.
Bumped v1 version string and rebuilt client assets.
For admins, preference for your personal uploads list and Manage uploads
aren't shared, just like thumbs/lists toggle.
Non-keyed keywords for filtering will now apply to original names too.
Added a new fontello icon for this button.
Various other things I'm too lazy to write.
Also apply strikethrough to their public links.
Though similar with albums that have their public links explicitly
disabled, despite having strikethrough, they're still clickable.
Of course they'll just lead to 404 page regardless.
Resolves#194.
Added pagination for Manage your albums page.
Albums sidebar will now only list 9 albums at most.
Use Manage your albums page to view the rest.
Albums in the list will now have View uploads button after all.
Delete album button for albums renamed to Disable album.
Since techincally the server would've always been disabling the albums
instead of deleting them.
It was something upstream dev's decided, and I haven't bothered changing
its behavior.
I'll work on actual Delete album feature some other days.
As the title says, added Manage albums admin page.
Viewing uploads of an album will hook into albumid: filter key.
I'll work on filter and bulk operations some other days.
Updated styling for disabled albums and users.
Instead of havine a line through them, they will be greyed out.
Disable public page of albums will still use line through however.
Links to album's disabled public page are now clickable.
Added a new button styling is-dangerish.
It'll be orange.
Renamed /api/albums/delete to /api/albums/disable.
For backwards compatibility, /api/albums/delete will still work
but automatically re-routed to /api/albums/disable.
/api/uploads/list will no longer print SQLite errors for moderators
or higher when encountering them.
It was originally used to inform moderators of non-existing colum names
when used for sorting.
But on one of the recent commits, I had added a check for allowed colum
names.
Improved some caching in dashboard page.
Added new entries to cookie policy.
Some other small things.
Bumped v1 version string and rebuilt client assets.
UPDATE YOUR CONFIG FILE IF YOU USE CHUNKED UPLOADS!
Read more about this at the end.
Added new dependency: blake3
Hashes will be created as the uploads are being written to disk.
With exception for chunked uploads!
For them specifically, their hashes will be created as they're being
rebuilt into a single file.
Should still be a lot better than the previous case where it had to
re-read the already written files.
To support that feature, added a new file
controllers/multerStorageController.js.
It's just a custom storage engine for Multer.
chunkSize option now allows setting max chunk size from config file.
Previously it was hardcoded to 95MB, but assuming you have paid
Cloudflare plans, you can actually have up to 500MB.
Also moved the option to be after maxSize and before urlMaxSize.
Made a lot more sense to me this way, as chunked uploads only work on
regular uploads.
Updated v1 version string and rebuilt client assets.
Updated options in _globals.njk to NOT use camelCase.
Rephrased banned categories.
Added toggle option for banned categories into faq.njk.
Added FAQ message about Tor and/or VPNs being blocked.
Updated faq.njk and cookiepolicy.njk for updated option names.
Updated cookie settings for Cookie Consent in home.js.
Now it will only enable Secure cookie if on HTTPS protocol.
This should properly store the cookie in local installations.
Bumped v1 version string and rebuilt client assets.
Moved floating home button codes to views/_partial/floating-home.njk.
Added some variables support into some partial NJK files.
album.njk now uses partial versions for noscript codes.
A few other things.
Bumped v1 version string and rebuilt client assets.
"Login or register" subtitle and Register button will no longer be shown
if enableUserAccounts are disabled in config.
Updated auth.js to continue working even when register and/or login
buttons cannot be found.
Added .is-wrappable support for .button elements.
This makes the text inside the buttons "wrappable" to next lines.
Do note that this will cause the buttons to get taller when they do need
to wrap their texts.
Updated "Log in to upload" button in homepage uploader use the new
.is-wrappable class.
Their texts will also now be split into two lines.
Anonymous upload warning specifically will now instead say
"Log in or register".
Bumped v1 version string and rebuilt client assets.
Fixed browser's timezone offset not being sent with the proper header
name ("minOffset" -> "minoffset").
Server will now actually think client is on UTC timezone if "minoffset"
header is unset.
Stricter "all" header check for uploads list API endpoint.
It will now only accept the header if set to "1" (string).
Fixed server error when either date: or expiry: keys get parsed as
empty strings.
"minoffset" header when listing uploads will now only be sent if
date: or expiry: keys are properly used (i.e. match expected patterns).
Updated filters help message about wrapping with double quotes when
specifying both date and time (since there will be a space in between).
Filters input will now have some automatic clean ups other than trims.
- Replace all tabs with whitespaces.
- Remove whitespaces after "<key>:".
Bumped v1 version string and rebuilt client assets.
This adds Cookie Consent library at public/libs/cookieconsent.
Added views/cookiepolicy.njk.
Added a new config option cookiePolicy. Disabled by default.
Updated views/faq.njk to use variables wherever applicable.
The variables are initiated at views/_globals.njk.
The said file also contains variables used at views/cookiepolicy.njk.
Restored messages about Cloudflare to FAQ.
They will be shown only if config.cloudflare.purgeCache is enabled.
Statistics will now capitalize first letters of the keys instead.
Updated background color of SweetAlert modals.
Moved table styling from dashboard.css to style.css (global),
since table will also be used in Cookie Policy page.
Bumped v1 version string and rebuilt client assets.
Also "fixed" some more Object.assign().
Not exactly fixed since they didn't really break, but they weren't
written in the way they were logically intended for.
Bumped v1 version string and rebuilt client assets.
table headers of uploads lists.
They will merely serve as reminders for those who want to use the sort
keys.
Fixed registration and token change dates displaying when unset.
Bumped v1 version string and rebuilt client assets.
systeminformation: 4.23.9 -> 4.26.1
eslint-plugin-compat: 3.5.1 -> 3.6.0
Renamed all .eslintrc.json to .eslintrc.js.
Removed unnecessary init for missing params in favor of default params.
Buble will take care of compiling that for old browsers.
Bumped ecmaVersion for client JS from 6 (2015) to 7 (2016).
Buble should support compiling ES2016 features as well.
Properly deny some actions when an online section is still loading.
Properly apply progress cursor on items/buttons that shouldn't be used
while an online section is still loading.
Bumped v1 version string and rebuilt client assets.
Added "yarn migrate" as alias for "node ./database/migration.js".
Updated README.md about it.
Added a new column to users database: registration.
It will be used to store user's registration timestamp.
Registration date will be displayed in Dashboard's Manage Users.
Since this is a new column,
existing users will not have registration dates.
Last token change date will now be displayed in Dashboard as well.
<code> elements will now properly have relative font size.
User ID will now be displayed in Edit user dialog for reference purpose.
Bumped v1 version string and rebuilt client assets.
This works when listing all uploads as well, but Album column will only
be shown when albumid key is used in the filters.
I plan to someday add Manage Albums menu, which will use "View uploads"
buttons, just like the ones in Manage Users.
Updated ESLint's ECMA version to 9 (2018).
I'll need to use some lookbehind regex directives from now on.
It's supported since Node 10, which is the oldest version I'll support.
Refactored "can not" -> "cannot".
Filtering for regular users is still work in progress.
Some features aren't working as expected yet.
e.g. -1 means last page, -2 means the 2nd from last, and so on
will only accept up to -N where N is the amount of pages
anything lower will alwasy return the first page
this works for both list uploads and list users APIs
fixed some Object.assign in dashboard.js
added bottom control buttons in manage users
/api/check and /api/token/verify will now pass along v1 version string
if used (when config.cacheControl is used) for both home.js and
dashboard.js to use to compare version strings.
This should help notify users using browsers with a bit more overbearing
caching (generally mobile browsers).
Rebuilt client assets and bumped v1 version string
Slight update to yarn.lock (a small syntax change for node-gyp, idk why)
Hmm...
This should theoretically be more accurate.
This will keep uploadprogress data of the past >1s to calculate
total bytes sent in 1s, in real time.
As opposed to only calculating per second.
But hmm...
I'm starting to feel like I'm spending too much time on this feature.
Disable all pagination buttons when any pagination button is still
loading (this includes jump to page input).
Rebuilt client assets and bumped v1 version string.
Renamed "orderby" key to "sort" (for sorting uploads).
Fixed non-keyed keyword exclusions not working as expected when
more than one are used at the same time.
Support not specifying "from" date when filtering with range keys
(date and expiry).
Proper logic for NULL values inclusion/exclusion when filtering with
user and/or ip keys.
Improved Help? prompt again!!
Also clarify about timezone differences.
Added logger.debug() function.
Basically a shorthand for console.log(require('util').inspect()).
Rebuilt client asssets and bumped v1 version string.
Their thumbs can be made with ffmpeg
Run "yarn thumbs 2" to create thumbs for existing uploads with those
extensions
Rebuilt client assets and bumped v1 version string
Please consult the Help? button again to learn all the syntax changes!
The prompt will now also have its width expanded!
Updated dependency, knex: 0.20.13 -> 0.20.15.
Added new dependency: search-query-parser.
Updated all sub-dependencies.
Critical? Admins-only API /users/edit will no longer return NEW password
salt of the user when randomizing their password.
Added page.escape() function to js/misc/utils.js.
This will be used to escape input in upload filters input box.
The same function used in utilsController.js.
Pretty dates will now use / instead of - for date separator.
This is due to the fact that date range key for filtering uploads
can not accepts dates with - separator.
To avoid inconsistency, we will now use / separator.
Caching system of album public pages will now be disabled during
development (yarn develop).
Cleaned up domClick() function in js/dashboard.js.
If using date or expiry range keys when filtering uploads, attach
client's timezone offset to the API requets.
This will be used by the server to calculate timezone differences.
Success prompt when changing token will now auto-close.
Removed ID column from Manage Users.
Improved success prompt when editing users.
This will properly list all of the edited fields at once,
excluding user group change.
Success message for user group change will require a bit more changes
on the API endpoint, which is a bit annoying.
Rebuilt client-side assets and bumped v1 version string.
New admins-only API route: /api/users/create
Restored checkboxes and bulk buttons in Manage Users
Currently useless, as bulk operators are still WIP
Added filter input in Manage Users, currently WIP
Rebuilt client-side assets and bumped v1 version string
Added categories
Added more questions (including link to my brand new Patreon)
Added a floating button to return to the homepage uploader
A bit of CSS prettifying (style.css)
This adds support for a new key named 'orderby'.
The key needs to be used with internal column names used in the db.
The key can be used more than once.
Help message in Dashboard's Manage Uploads have been updated to include
examples using the said key.
Updated all dependencies.
Some latest version of dependencies such as bcrypt and sharp
requires Node 10+.
Updated fontello.css to uses latest version string from versions.js.
When updating version strings in commit
2670db269d, I forgot to rebuild this css.
Rebuilt all CSS assets, not sure why.
Probably due to browserslist being updated?
While I was as it, I also updated safe.fiery.me's node version to
10.19.0.
... and optionally videos using ffmpeg (still experimental).
Users can choose whether to strip tags of their uploads or not from
the home uploader's Config tab (safe.fiery.me will have it disabled
by default).
The behavior will also be applied to the downloadable ShareX config.
Server owners can choose to force either behavior.
Make sure to add the new config from config.sample.js.
---
Fixed all instances of "e.i." to "e.g.".
My English sucks okay.
Bumped v1 version string.
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.
I figured this is a better implementation to shift queues faster.
---
Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.
Clients will also see better formatted error message for URL uploads'
file size limit errors.
---
Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0
Bumped v1 version string
Previously, margins in "Newer files on top" were bigger due to
difference in handling margins when in flex mode.
I noticed margins are still different in IE on my tests, but bleh.
Bumped v1 version string
As it turns out, Dropzone had a built-in timeout of 30 seconds.
There'll be no timeout now (thus respecting timeout settings of the
server and/or CDN).
While I was at it, I also refactored the bits for initializing Dropzone.
Also added a hacky method to handle Dropzone timeout,
in case someone wants to re-enable that.
"Hacky" due to lack of Dropzone's built-in timeout event handler.
Updated dev dependency:
eslint: 6.6.0 -> 6.7.1
Uploads thumbs view (dashboard) will no longer use smooth scrolling on
page change, etc.
This used to cause all thumbs to be loaded anyway when navigating with
its bottom pagination bar.
Bumped v1 version string.
---
Updated dependency:
systeminformation: 4.14.17 -> 4.15.3
Auto-close some Sweetalert success dialogs after 1.5s.
Fixed edit user not displaying user's new username properly.
Disabled eslint-plugin-compat on some lines that won't work in
Safari 5.1.
Optionally look into not supporting the browser altogether.
Bumped v1 version string.
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.
Upgrade stylelint dev dependency.
Bumped v1 version string.
Disable jump to page input when there is only 1 page.
Disable prev/next pagination buttons if applicable.
Updated styling of disabled inputs.
Bumped v1 version string.
Added delete user feature.
API: /api/users/delete
json: id<number>, purge[boolean]
By default will not purge out files, but will still clear userid
attribute from the files.
All associated albums will also be marked, and have their ZIP archives
be unliked, if applicable.
Fixed purging albums not properly reporting amount of associated files
that could not be removed, if any.
Fixed moderators being able to disable users by manually sending API
requests, if they at least know of the user IDs.
They could only disable regular users however.
* Changed colorscheme to black (experimental).
* Fixed ClamAV failing to report names of dirty files.
* Removed built-in support for Google site verification (globals.njk).
Just use HTML verification with public directory,
or manually edit home.njk.
* Bumped v1 version string.
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.
Added 2 new entries to todo.md.
Don't check "Select all" checkbox in dashboard when there are no
uploads.
Bumped v1 version string.
Fixed Gulp not rebuilding fontello CSS on development mode.
Updated dashboard's thumbs view to only call LazyLoad's update function
once.
Bumped v1 version string.
It will be shown when token is still being verified.
Moved loader icon section from auth.njk to _partial/loader.njk,
which will also be included into dashboard.njk.
Bumped v1 version string.
Added gulp-replace dev dependency.
Removed version strings of Fontello fonts from fontello.css
Added "build:fontello" Gulp task which will append version string to
Fontello fonts, then do the usual processing for CSS file.
It will use type 5 from versions.json, if available.
Also updated src/README.md about it.
Removed version strings from _globals.njk,
in favor of src/versions.json.
That versions in that file can be bumped with "yarn bump-versions".
v1 is automatically bumped when doing "yarn build" as well.
Added README file in src directory, explaining versions.json file.
Added README file in scripts directory, detailing usage of each scripts.
Version strings will no longer be appended when cacheControl is disabled
in config file.
After all, version strings are only needed when the static assets are
cached indefinitely in users' browsers.
Initial Cloudflare's cache purging will no longer be executed when
cloudflare -> purgeCache is disabled, even if cacheControl is enabled.
Just in case someone wants to use version strings for other use cases.
Actually use custom metaDesc variable on meta description tag.
Added iamdustan/smoothscroll polyfill in dashboard pages.
This will polyfill smooth scroll (when executed programmatically)
for older browers.
No-JS uploader's notice button when on private mode will now also say
"Log in to upload", although auth page will still require JS.
All front-end buttons will now use outlined version. I'm lovin' it.
Auth page will now show a loading spinner if the user has a saved token.
Afterwards, they will still be redirected to dashboard.
Better error handlers in home, dashboard, and auth pages.
Removed <hr> from uploads & users lists in dashboard.
"Manage your token" menu will no longer try to make an API request prior
to displaying its page.
Reloading the page will already trigger token verification anyway.
Updated public/images/fb_share.png.
Updated README.md.
A few other tweaks.
Reduced album title max length from 280 to 70.
Existing albums with longer titles will have their titles truncated in
their public pages, but the original titles will still remain in db.
"Load images for preview" will now properly display its saved value.
Increased max parallel uploads to 10.
"yarn develop" will now also restart safe if some Nunjuck templates are
edited (_globals.njk, _layout.njk, and album.njk).
Better meta tags generation.
Bumped v1 version string.
Updated some dev dependencies.
---
Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.
Added dist-dev to ignore files.
---
The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.
Root domain for use in Nunjuck templates will now be parsed from config.
Better page titles.
Updated help message for "Uploads history order" option in
homepage's config tab.
Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.
Uploads' original names in homepage's uploads history are now
selectable.
Min/max length for user/pass are now enforced in auth's front-end.
Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.
File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.
Added video icons.
Homepage's uploads history will now display video icons for videos.
"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.
Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.
A few other small improvements.
Updated axios to v0.18.1.
Also added its source map.
Updated lazyload to v12.0.0.
Also added its source map.
Added bulma's source map.
---
Moved fontello.css from public/libs/fontello to src/libs/fontello,
to make use of CSS builder.
Updated thumbnails styling to properly make sure the thumbnails are
displayed as 200x200 (their actual configured dimension).
Added fixes to some flexbox's bugs that affect IE 10/11.
The safe should display much better in those browsers now.
Show files' expiry dates in thumbs view.
Updated global error handlers in home.js.
I will do similar setup with dashboard.js in the future.
Just not now, I'm tired.
Only load renders after API request to /api/check has been initiated.
Used native lazyloading on album pages' nojs version.
Removed unnecessary is-expanded class.
Rephrased max upload size disclaimer in nojs uploader page.
Bumped v1 and v3 version strings.
Added new option "Uploads history order" into homepage's config tab.
When set to "Newer files on top", this will use flex-direction CSS
property to reverse sort the uploads history.
Added new entires to todo.md.
Bumped v1 version string.