Fixed browser's timezone offset not being sent with the proper header
name ("minOffset" -> "minoffset").
Server will now actually think client is on UTC timezone if "minoffset"
header is unset.
Stricter "all" header check for uploads list API endpoint.
It will now only accept the header if set to "1" (string).
Fixed server error when either date: or expiry: keys get parsed as
empty strings.
"minoffset" header when listing uploads will now only be sent if
date: or expiry: keys are properly used (i.e. match expected patterns).
Updated filters help message about wrapping with double quotes when
specifying both date and time (since there will be a space in between).
Filters input will now have some automatic clean ups other than trims.
- Replace all tabs with whitespaces.
- Remove whitespaces after "<key>:".
Bumped v1 version string and rebuilt client assets.
This works when listing all uploads as well, but Album column will only
be shown when albumid key is used in the filters.
I plan to someday add Manage Albums menu, which will use "View uploads"
buttons, just like the ones in Manage Users.
Updated ESLint's ECMA version to 9 (2018).
I'll need to use some lookbehind regex directives from now on.
It's supported since Node 10, which is the oldest version I'll support.
Refactored "can not" -> "cannot".
Filtering for regular users is still work in progress.
Some features aren't working as expected yet.
e.g. -1 means last page, -2 means the 2nd from last, and so on
will only accept up to -N where N is the amount of pages
anything lower will alwasy return the first page
this works for both list uploads and list users APIs
fixed some Object.assign in dashboard.js
added bottom control buttons in manage users
Renamed "orderby" key to "sort" (for sorting uploads).
Fixed non-keyed keyword exclusions not working as expected when
more than one are used at the same time.
Support not specifying "from" date when filtering with range keys
(date and expiry).
Proper logic for NULL values inclusion/exclusion when filtering with
user and/or ip keys.
Improved Help? prompt again!!
Also clarify about timezone differences.
Added logger.debug() function.
Basically a shorthand for console.log(require('util').inspect()).
Rebuilt client asssets and bumped v1 version string.
Please consult the Help? button again to learn all the syntax changes!
The prompt will now also have its width expanded!
Updated dependency, knex: 0.20.13 -> 0.20.15.
Added new dependency: search-query-parser.
Updated all sub-dependencies.
Critical? Admins-only API /users/edit will no longer return NEW password
salt of the user when randomizing their password.
Added page.escape() function to js/misc/utils.js.
This will be used to escape input in upload filters input box.
The same function used in utilsController.js.
Pretty dates will now use / instead of - for date separator.
This is due to the fact that date range key for filtering uploads
can not accepts dates with - separator.
To avoid inconsistency, we will now use / separator.
Caching system of album public pages will now be disabled during
development (yarn develop).
Cleaned up domClick() function in js/dashboard.js.
If using date or expiry range keys when filtering uploads, attach
client's timezone offset to the API requets.
This will be used by the server to calculate timezone differences.
Success prompt when changing token will now auto-close.
Removed ID column from Manage Users.
Improved success prompt when editing users.
This will properly list all of the edited fields at once,
excluding user group change.
Success message for user group change will require a bit more changes
on the API endpoint, which is a bit annoying.
Rebuilt client-side assets and bumped v1 version string.
Filters input in Manage Uploads will now display error if it's filled
with invalid filter/sort keys.
SQLITE_ERROR will also now be forwarded to users if they're moderators.
The expectation is to only display it when used through Manage Uploads.
This adds support for a new key named 'orderby'.
The key needs to be used with internal column names used in the db.
The key can be used more than once.
Help message in Dashboard's Manage Uploads have been updated to include
examples using the said key.
... and optionally videos using ffmpeg (still experimental).
Users can choose whether to strip tags of their uploads or not from
the home uploader's Config tab (safe.fiery.me will have it disabled
by default).
The behavior will also be applied to the downloadable ShareX config.
Server owners can choose to force either behavior.
Make sure to add the new config from config.sample.js.
---
Fixed all instances of "e.i." to "e.g.".
My English sucks okay.
Bumped v1 version string.
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.
I figured this is a better implementation to shift queues faster.
---
Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.
Clients will also see better formatted error message for URL uploads'
file size limit errors.
---
Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0
Bumped v1 version string
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.
All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.
Fortunately, they were only used in API routes that required staff
(moderators included) accounts.
---
Updated dependency:
helmet: 3.21.1 -> 3.21.2
* Changed colorscheme to black (experimental).
* Fixed ClamAV failing to report names of dirty files.
* Removed built-in support for Google site verification (globals.njk).
Just use HTML verification with public directory,
or manually edit home.njk.
* Bumped v1 version string.
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.
Added 2 new entries to todo.md.
Don't check "Select all" checkbox in dashboard when there are no
uploads.
Bumped v1 version string.
Reduced album title max length from 280 to 70.
Existing albums with longer titles will have their titles truncated in
their public pages, but the original titles will still remain in db.
"Load images for preview" will now properly display its saved value.
Increased max parallel uploads to 10.
"yarn develop" will now also restart safe if some Nunjuck templates are
edited (_globals.njk, _layout.njk, and album.njk).
Better meta tags generation.
Bumped v1 version string.
Updated some dev dependencies.
---
Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.
Added dist-dev to ignore files.
---
The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.
Root domain for use in Nunjuck templates will now be parsed from config.
Better page titles.
Updated help message for "Uploads history order" option in
homepage's config tab.
Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.
Uploads' original names in homepage's uploads history are now
selectable.
Min/max length for user/pass are now enforced in auth's front-end.
Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.
File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.
Added video icons.
Homepage's uploads history will now display video icons for videos.
"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.
Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.
A few other small improvements.
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
Improved performance of /api/users/:id (admin's manage users).
Promisify fs.writeFile.
Improved performance of /api/stats.
By a lot in Linux, cause uploads size will be deferred to "du" binary.
In addition, total usage of whichever disk uploads path resides on will
also be queried using "df" binary.
Non-Linux will have to rely on manual calculation by querying DB
for each upload's size.
But logics related to uploads stats were also improved to be almost
twice as fast as before.
Improved parsing of /api/stats results on dashboard.js.
This allows ease of extending server's response by not having to update
dashboard.js by much, if at all.
Improved codes relating to item menus in dashboard's sidebar.
Finally much cleaner now 👍
No longer use /api/upload/delete API route from dashboard.
Single file deletion and bulk files deletion, both from uploads list or
by names, will now properly use a single function that will use
/api/upload/bulkdelete API route.
/api/upload/delete will still be kept indefinitely for backward support.
Fixed oddities with Select all checkbox.
Replaced all instances of modifying HTML element's style attribute with
adding/removing is-hidden CSS helper class.
Rephrased all instances of "files" to "uploads" in any display strings.
Fixed notice message when server is on private mode.
A few other improvements.
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.
Notable changes:
Added temporary uploads.
Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.
A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
Added logger.js to format console logs (adding timestamps).
Re-ordered modules loading in lolisafe.js, and a few other minor edits.
Updated dev dependencies.
A few other minor edits.
* Replaced all instances of getElementById and getElementsByClassName
with querySelector or querySelectorAll.
* Updated utilsController.js to stop disabling
no-async-promise-executor eslint rule.
* Removed unused lines in dashboard.njk.
* Refactored maxFileSize to maxSize in home.{css,js,njk}.
* Updated ClamAV codes in lolisafe.js. No more pinging.
Since querying version will also check connection anyway.
* Option "Upload to album" in homepage is now selectable.
Selecting this option will restore the uploader to not associate files
with an album.
* Fixed uploader to properly respect server's max file size.
Also updated error message of file size to use MB instead of MiB.
* Creating an album from homepage will automatically select the album.
* Updated Dropzone.js to v5.5.0.
* Bumped v1 & v3 version strings.
* Various other small fixes.
Updated deps.
Re-enabled eslint rule no-async-promise-executor.
Updated some codes to follow the said rule.
Though I had to disable the rule in a line at utilsController.js
due to complexity.
I'll give it more thoughts in the future.
Bumped v1 version string.
uploadController.js:
+ Close connection earlier when there are no upload when querying them.
dashboard.css + style.css:
+ Updated styling involving pagination and progress bar.
dashboard.js:
+ Fixed dashboard failing to handle cases where a user attemp to load
a next page when there are not enough uploads available.
+ Added a simple loading message as a placeholder when trying to view
Stastistics menu, since it may take a while in big servers.
bulma.min.css + LICENSE:
+ Updated bulma from 0.7.2 to 0.7.5.
_globals.njk:
+ Bumped v1 and v3 version strings.
+ Better pagination.
+ Added more advanced filtering system in Manage Uploads.
It now supports filtering with multiple usernames and/or IPs.
It also supports refining the matches with wildcards.
Todo?
Perhaps add simple file name filtering for regular users in the future?
config.sample.js + uploadController.js:
+ Added option uploads > storeIP to toggle whether to store uploader's
IPs into the database.
uploadController.js + dashboard.js:
+ Added IP column when listing all uploads.
+ Improved album query when listing uploads. In addition, no longer
query album when listing all uploads.
+ Delegate some tasks to client when listing uploads to save server's
processing power, kek.
Such as building the file's full URLs, and assigning album/user names.
_globals.njk:
+ Bumped v1 version string.
Updated fontello (added block and doc-inv icons).
Upload results will now show either doc or block icon on top of the
file name depending on the status of the upload
(unless the uploads are images, in which case they will still show
thumbnails instead).
Added support for customizable timeout and chunkSize options for ClamAV
scanning to the config file.
Bumped v1 and v3 version strings.
Yes.
This gets rid of HEAD request prior to downloading the URL.
We will no longer check for Content-Length header, instead we will
forcibly limit maximum download size for the download stream to the
configured value.
So assuming someone try to download a bigger file, it will still try to
download up to the configured size, but then fail.
This will also speed up the general download process since sending HEAD
request delayed the whole operation.
* Added Statistics menu to Administration items in dashboard.
* Added /api/stats route.
Imo, my implementation of this whole thing is rather dirty-ish, but hey
as long as it works.
I'll be using lolisafe2 for future devs tbh.
Updated Cloudfalre's cache purge utility.
It will now split URLs into chunks of 30 URLs which then will be purged
one chunk at a time.
I just found out Cloudflare's API have a limit of 30 URLs for the API.
NoJS uploader will now display the original file names in the results.
lolisafe.js will now automaticaly purge Cloudflare's cache of frontend
pages everytime it launches.
Of course this only applies when cacheControl is on in config file.
This sorta makes scripts/cfpurge.js script obsolete.
Updated keys for local storage. They're now using camel case.
Not sure why I didn't use camel case in the first place.
View type and selected files of Uploads and Manage uploads (your own
uploads and all uploads, respectively) are now stored separately.
Added "filter by username" in Manage uploads.
Added "jump to page" in all uploads/users view.
Updated fontello (added filter icon).
Bumped v1 and v3 version string, due to dashboard.js and fontello
respectively.
Curly rule fix for routes/nojs.js.
Added pagination to uploads and users list.
With that, /api/uploads and /api/users API routes will now add "count"
property to their response object.
Enabled Delete user button in users list.
With that also added /api/users/disable API route.
As usual, you can only disable users whose usergroup is lower than
your own.
Click event will no longer trigger on "disabled" elements (basically any
elements with "disabled" attribute).
Changed all arrow functions into regular functions in public JS files
(there were only a few that I somehow missed).
Bumped v1 version string.
Added extended support for URL uploads.
Namely URL proxy support and separate extensions filter (as in separate
from the primary extensions filter).
There's also a new option to set a disclaimer message that will be
printed underneath the URL uploads form.
Trust proxy is now toggleable from the configuration file.
I think they should only be enabled when you're behind proxy such as
Cloudflare or Incapsula.
I'm not sure how it behaves with only a bare nginx reverse proxy though.
Empty files can now be filtered.
Sorted preset extensions filter in config.sample.js.
Rephrased some options in config.sample.js as well.
maxTries now default to 3 in config.sample.js.
Various other small changes.
Some small fixes
Removed GET route of /upload/delete.
I first wanted to implement a ShareX-compatible deletion URL,
but then I figured I'd need to setup delete token system,
and I was like, "screw that, I don't even use ShareX",
so yeah.
Updated ESLint rule: curly, again.
Mainly to also enabled "consistent" rule, which enforces curly into
else/elseif blocks, if its if block requires curly.
Added support for GET requests to /api/delete route.
Its usage is /api/delete/identifier, where identifier is the filename.
Though just like its POST route, it needs token in the header.
No more enforced curly for if/else/for/while/do blocks w/ one statement.
With that said, auto-fixed all JS files to follow the rule.
I'd also like to apologize for the inconveniences this commit cause,
after all it was me who intentionally enforced curly rule back then.
Why the change of heart?
After doing some more non-JS codes recently, I realized it was
pretty stupid of me to enforce that.
The GET task of URL uploads will now limit the maximum size of the response body by the size reported in Content-Length header of the HEAD task.
This relies on node-fetch's way of handling it. I don't know the magic behind it.
DuckDuckGo's proxy is no longer supported as it stops reporting Content-Length header, which is crucial so that the safe could predict the actual file size before downloading it.
If you have it enabled in your config file, it will now close the safe with error code 1. You can either disable url uploads completely or just disable duckduckgo's proxy (though I believe not many will choose the latter as to begin with it was implemented to hide origin IP).
Added a new config entry named "cacheFileIdentifiers". More info in config.sample.js file.
Improved some descriptions in config.sample.js file.
Added some CSS animations wherever applicable.
Bumped v1 version string.
Reworked unique name generator to prevent the same unique identifier from being used if it was already used with a different extension (e.i. If a file named aBcD.jpg already exists, then files such as aBcD.png or aBcD.txt may not exist).
This is mainly to deal with the fact that thumbnails are only being saved as PNG, so if the same unique name is being used by multiple image/video extensions, then only one of them will have the proper thumbnail.
If you already have existing files with matching unique name but varying extensions, unfortunately you can only deal with them manually for now (either allocating new unique names or deleting them altogether).
Added a new config option to filter files with no extension.
Files with no extensions will no longer have their original name appended to the allocated random name (e.i. A file named "textfile" used to become something like "aBcDtextfile", where "aBcD" was the allocated random name. Now it will only just become "aBcD").
In relation to that, utils.extname() function will now always return blank string if the file name does not seem to have any extension.
Though files such as '.DS_Store' (basically anything that starts with a dot) will still be accepted.
Examples:
.hiddenfile => .hiddenfile
.hiddenfile.sh => .sh
.hiddenfile.001 => .hiddenfile.001
.hiddenfile.sh.001 => .sh.001
Simplified error messages of /api/upload/finishchunks.
Most, if not all, of the error responses for /api/upload* will now have HTTP status code 400 (bad request) instead of 200 (ok).
I plan to generalize this for the other API routes in the future.
Updated home.js to properly handle formatted error message when the response's status code is not 200 (ok).
Bumped v1 version string (due to home.js).
Moved utils.getPrettyBytes() and utils.getPrettySize() to client's dashboard.js.
Thus, server will no longer return prettified size and date (it'll be prettified by the client instead).
To be honest, I don't even know why I had them in server-side, it's obviously better this way.
* uploadController.js: expect some multer error codes and don't log their stack traces to console when they occur.
* yarn.lock: added integrity field (yarn's new addition).
Updated virus scan handling.
Virus name will now be reported to its uploader.
On the rare chance clamd suddenly dies while the safe is still running, it will now print a message to uploader with the error code, and telling them to contact sysadmin.
Removed "path-complete-extname" module in favor of an in-house solution, utilsController.extname().
For now the function will attempt to preserve multi-archive extensions (.001, .002, and so on), as well as some known tarballs (.tar.gz and the likes).
The function will always return lower case extension. It should be fine, but do keep it in mind.
Fixed upload breaking when clam scanning is disabled. This was due to me forgetting to update the if-logic after switching from "clam-engine" to "clamdjs", since the latter made me have to re-format the config option due to it also having IP and port.
* Downgraded ecma version of client-side scripts to v5. This change means no more backtick strings and some others.
* Massively modified auth.js, dashboard.js and home.js to support the downgrade (dashboard.js had the most changes).
* Removed enter key event handler from auth page. The previous code had some small issues. I'd rather not have the handler than let the issues persist. I'll eventually look into adding this again in the future.
* Updated uploadController.js to handle some invalid requests into /api/delete and /api/bulkdelete.
* Added an experimental virus scanning feature using ClamAV. This has only been tested with an Ubuntu machine.
* File extensions will now be parsed with path-complete-extname module. This will ensure extensions such as .tar.gz are properly parsed.
Notice: It may take a minute or so to start the safe with virus scanning, as apparently the module takes a while to create the engine. I'm guessing since it'll be loaded to memory? Either way, once the engine is created, everything should work fine. Virus scanning should also not have that much of an impact to the upload time.
Added DuckDuckGo's proxy support for "Upload by URLs". Make sure you add the new option in config.sample.js into your config.js.
This may be considered a hack and not supported by DuckDuckGo, so USE AT YOUR OWN RISK.
Credits to Proxy#1337.
* Faster upload response. Back-end will no longer wait for album timestamps to be updated before sending out response.
* Added a simple thumbnail generation script at scripts/thumbs.js. You can use this to generate thumbnails for existing files before enabling the option in config.js.
* Various other code improvements.
* Added upload by URLs. It has its own max size (config.uploads.urlMaxSize), make sure your config matches config.sample.js.
Here's a brief video showing it in action: https://i.fiery.me/CUhQ.mp4.
* /api/upload now supports uploading by URLs. Devs will only need to POST a JSON request containing a key named "urls", which is an array of the urls to upload.
* Added file extension filter to /api/upload/finishchunks.
* Added proper total chunks size check to /api/upload/finishchunks.
* Various code improvements.
* Possible performance improvement. Some bulk db queries will now be executed in a single query instead of spawning multiple async task for each query. This is sorta experimental though, use it at your own risk (though I'll use it right away at safe.fiery.me).
* It's now possible for root user to add files to other users' albums through the API route. I don't plan on allowing root user to list other users' album list from the dashboard, I just thought that there'd be no harm in extending the API a little bit.
* Kinda better error logging for uncaught exception and unhandled rejection. Their stack trace should be logged now.
* Added Cloudflare purge cache support. Check configuration sample at config.sample.js.
When it's enabled, whenever files are being deleted, it will send a POST request to Cloudflare's API to purge cache of the deleted files.
This adds a new dependency called "snekfetch". It's lightweight though.
* uploadsController.delete() will now wrap uploadsController.bulkDelete() instead.
NOTICE: Please update your config.js. Use config.sample.js as the template.
There were a couple of renames and restructures.
* Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though.
* All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout.
* Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw.
* Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail).
This haven't been tested in Windows machines, but it'll probably work fine.
I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
* Updated API route: /upload/bulkdelete.
It now accepts an additional property named "field". In it you can now enter either "id" or "name", which will set whether it will bulk delete by ids or names respectively. It also no longer accepts property named "ids", instead it has to be named "values" (which of course is an array of either ids or names). So yeah, now the API route can be used to bulk delete by ids and names.
In the future this will be expanded to bulk deleting files by username (only accessible by root of course).
* Added a form to bulk delete files by names for the hardcore user, like me (https://i.fiery.me/AHph.png).
* Some design update. Mainly forms restructuring aimed at tight screens.
* Changing file name length, requesting new token and setting new password will no longer reload the dashboard page on success. Instead it will simply silently reload the form.
* utils.bulkDeleteFilesByIds() replaced by utils.bulkDeleteFiles() which now can either by ids or names. This will be the one that will eventually be extended for deleting by username.
* Various other code improvements.
* A bunch of refactors in public JS files (home.js, dashboard.js, etcetera).
* Added lazyload to home page (for thumbs of uploaded images), dashboard (for thumbs view) and albums' public link.
Albums' public link will silently fallback to loading all thumbs at once if JavaScript is disabled.
* A bunch of others code improvements. Honestly I'm too lazy to track all the changes.
Bulk deleting files and adding/removing selected files from album will no longer refresh the current view to the first page. It will now instead try to refresh the current page. There will be cases where the current page ends up empty (when bulk deleting or moving files from the current album), but I figured that isn't much of an issue when compared with the advantages.
Improvements related to albums:
* Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png).
This also adds a new API route: /api/albums/edit.
The old API route, /api/albums/rename, is still available but will silently be using the new API in backend.
* Deleting album will now also delete its zip archive if exists.
* Renaming albums will also rename its zip archive if exists.
* Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat.
* The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier.
* Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier.
* Added "download" and "public" columns to "albums" table in database/db.js.
Existing users can run "node database/migration.js" to add the columns.
Others:
* uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise.
* Album name of disabled/deleted albums will no longer be shown in uploads list.
* Added "fileLength" column to "users" table in database/db.js.
* Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though.
* Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch).
* Updated icons (added download icon).
* Some other improvements/tweaks here and there.
* Dashboard will now display "N/A" when the file does not have an extension. Previously it would display the full name, which was of course a mistake.
* Updated static files' version string again.
uploadController.js:
* Fixed chunk uploads failing when "blockedExtensions" is missing from the config file.
config.sample.js:
* Renamed "blockedExtensions" to "extensionsFilter", and added a new option named "filterBlacklist". When "filterBlacklist" is set to 'true', all extensions in "extensionsFilter" array will be blacklisted, otherwise it will be a whitelist, so only files with those extensions that can be uploaded.
* Renamed "uploads.chunkedUploads.maxSize" to "uploads.chunkedUploads.chunkSize".
* Added "uploads.chunkedUploads.noJsMaxSize" which can be used to change the 'displayed' file size on the No-JS uploader page.
* Some other phrases updates.
_globals.njk:
* Updated static files' version string since there is a small update to home.js.
other files:
* Regular code improvements/tweaks.
* Added VSCode settings to git repo. Now you can match yours with mine, if you want.
* Added .jsbeautifyrc for js-beautify (to be used by VSCode's Beautify extension).
* Refactored all instances of require('**/*.js') with require('**/*') wherever applicable (basically gotten rid of the .js extension).
* Refactored path in all instances of require() wherever applicable.
* Sorted instances of require() wherever applicable.
* Fixed 500 HTTP error trying to load an error page for 505 HTTP error.
* Removed special treatement of NoJS page from uploadsController.processFilesForDisplay().
* Updated version string of all static files.
* Beautified all HTML, HANDLEBARS and CSS files.
* Refactored the structure of footer links in homepage and No-JS uploader. This should now fix homepage going out-of-bound in smaller screens.
* Added CSS prefixes wherever applicable.
* Improved back-end side of No-JS uploader. This will now handle errors properly.
* No-JS uploader will now show max file size.
* No-JS uploader will now show a proper message when private mode is enabled and/or registration is disabled.
* Removed rimraf from dependency. Although really it'll still need to be used by other dependencies, such as eslint and bcrypt, so it'll still have to be downloaded by yarn either way.
* Updated dashboard.css. Added "overflow: hidden" to thumbnail container. Previously potrait thumbnails will be visible outside of their container.
* Removed notice about having "chunks" folder from config.sample.js. Added a line in lolisafe.js to create the folder if it doesn't exist instead.
* Updated bcrypt to v2.0.0. I'm not really sure whatever has changed, but I've tested that it didn't require any additional changes for our current usage.
* Chunks will no longer be saved with their original file's extension. Instead they'll only be saved as plain files named 0, 1, ..., n, without any extension whatsoever. Extension for joined chunks will be read from the original file's name in /api/upload/finishchunks. If the user doesn't pass that data when calling the API, the joined chunks will not have any extension.
* Since rimraf has been removed, uploadsController.actuallyFinishChunks() will now use a combination of fs.unlink() and fs.rmdir(). Promise.all() will be used when running fs.unlink() so that all chunks will be deleted at the same time through multiple instances of async tasks (probably).
* Some other small changes and tweaks in uploadController.js.
* Refactored all instances of "failedIds" and "albumIds" to "failedids" and "albumids" respectively. Abandoning camel case for these ones.
* Refactored the way it looks into which albums the files are supposed to be added into.
For /api/upload/finishchunks, you can add "albumid" to each object in files[] to specify which album you want the finsihed chunks to be added into. Each object may have different album IDs.
For /api/upload, which is regular uploads, unfortunately you can only choose one album at a time (by adding "albumid" to the request headers, like usual). It uses the same function as the one used for finishchunks to add the files into album, so it shouldn't be hard to extend this ability to regular uploads, someday in the future.
* Fixed a bug in /api/upload/finishchunks. Previously you couldn't ever get it to work.
* Updated error message when successful uploads could not be added to album.
* "albumid" will no longer be added to request headers if they are chunked uploads. They'd have been ignored anyways.
* Updated eslint-plugin-import dev dependency.
* Added 2 new ESLint rules: "prefer-const" and "object-shorthand".
* Refactor all JS files to follow the new ESLint rules.
* Refactored all instances of for-i into for-of wherever applicable.
Refactored all instances of forEach() to for-loop (there were 3 instances).
To be honest I kinda liked forEach() better in terms of readability, but oh well, let's aim for that likely tiny performance boost.
* New uploads that can NOT be added to an album, for whatever reason, will print out message that they can not be added to the said album, but their links will still also be shown underneath the message. Previously it would only print out the message but not the link.
* Improved uploadController.processFilesForDisplay(). Previously it would loop through all uploaded files and update album info for EVERY file, even though to begin with it was designed so that every call would only have to access ONE album. So yeah, this time it will only update album info ONCE no matter how many files are being processed in that session.
* If files have to be added to an album on upload, it will now wait until they have either been succesfully added to the album or errored.
* File names in thumb view will now show their full URL on their tooltip.
* Refactored all instances of "An error occurred" by appending an exclamation mark.
* Added the ability to add/remove files to/from album (API route: /api/albums/addfiles - https://s.fiery.me/dCAqLEQ9.mp4).
* Added the ability to purge files associated with an album when deleting the said album (set "purge" key to true in the JSON POST request to /api/albums/delete).
* Updated icons.
* Some other refactors, probably.