Commit Graph

312 Commits

Author SHA1 Message Date
Bobby
301cf3377d
fix: set upload name utf8 encoding via busboy conf
instead of converting from the default latin1 using Buffer

changing busboy config was not possible with express + multer,
so i did not notice it's instead possible with hyper-express
2022-07-28 10:19:28 +07:00
Bobby Wibowo
ec4d54573a
fix: errors thrown when url uploads get rejected 2022-07-25 07:32:39 +07:00
Bobby Wibowo
5bab3a495e
feat: allow to disable file hashing completely 2022-07-25 07:32:25 +07:00
Bobby Wibowo
6ba30a23c6
feat: improved chunked uploads lifecycle
added checks when there's an attempt to uploads chunks to same file in
parallel

improved final file size checks
2022-07-25 07:09:28 +07:00
Bobby Wibowo
ee8f1914ca
feat: req content-type for upload api 2022-07-25 06:13:12 +07:00
Bobby Wibowo
1b109e0dc0
feat: req content-type json -> application/json 2022-07-25 06:12:55 +07:00
Bobby
4ca64b141f
refactor: do not await assertRequestType
it's not an async function, lmao
2022-07-22 08:50:26 +07:00
Bobby
951737d7d0
feat: handle upload post api based on request type
it'd previously always try to parse as multipart first
now it'll immediately assume the upload post api is for url uploads if
the request type is json
2022-07-22 08:42:11 +07:00
Bobby
776ab8ab37
feat: assert request content-type in post apis 2022-07-22 08:40:40 +07:00
Bobby Wibowo
aa85d04d34
fix: url uploads failing 2022-07-22 04:20:37 +07:00
Bobby Wibowo
96d276b396
fix: check if req.path_parameters is set 2022-07-22 02:03:59 +07:00
Bobby Wibowo
7b9fca0bc3
refactor: req.params -> .path_parameters
direct hyper-express prop get
2022-07-22 01:44:15 +07:00
Bobby
e6753ab15d
fix: handle connection drop on multiform upload 2022-07-15 01:40:57 +07:00
Bobby
27f3bc3119
perf: don't wrap multipart handler in try-catch
fixed in https://github.com/kartikk221/hyper-express/releases/tag/6.3.0
2022-07-15 01:06:28 +07:00
Bobby Wibowo
7f6c29b136
fix: properly clean rejected empty files
should also now properly clean temp files from other unexpected errors
2022-07-14 18:18:39 +07:00
Bobby Wibowo
5ee82ce680
perf: don't wait for unlink promise in fail upload
just let it run in the background and respond to client immediately
2022-07-14 18:17:46 +07:00
Bobby Wibowo
7710e63d70
fix: prevent hashStream.update() after .dispose() 2022-07-14 17:01:59 +07:00
Bobby Wibowo
29b16edc04
perf: improve uploads flow
lessen temporary objects/variables creation,
and refactor some variable names to be more obvious
2022-07-14 16:35:06 +07:00
Bobby Wibowo
c32f18a697
fix: uploads mimetype not properly set 2022-07-12 15:26:53 +07:00
Bobby Wibowo
0f6409132a
feat: busboy limits and multipart errors handler
unfortunately to capture multipart errors, we have to wrap the entire
callback function with try-catch block

but it appears overall processing is still slightly faster than
expressjs + multer
2022-07-12 14:39:16 +07:00
Bobby Wibowo
7f9d05da26
feat: multer -> hyper-express multipartfield
get outta here multer, lmao
2022-07-12 13:07:13 +07:00
Bobby Wibowo
38d86779ae
refactor: HUGE REFACTOR for hyper-express 2022-07-10 19:46:25 +07:00
Bobby Wibowo
b3a304729f
refactor: uploadController pass errors 2022-07-10 14:20:49 +07:00
Bobby
2ca2fef301
feat: use SimpleDataStore for album pages cache
this should have better lifecycle and use less memory over time, since
we can define max items in cache
at the moment hard-coded to 10 cached pages (inclusive of nojs version
if ever generated)
2022-07-06 17:51:34 +07:00
Bobby Wibowo
1404cf9328
fix: utf-8 filename breaks
https://github.com/expressjs/multer/issues/1104
2022-07-03 10:18:04 +07:00
Bobby Wibowo
38e673226f
fix: inconsistent size field in DB !! yarn migrate
we used to store number directly into the string size field, and
during the conversion it seemed to always add ".0" at the final string,
probably because the driver or sqlite3 itself assumes float

please run yarn migrate after pulling this commit
if you skip converting the DB, file duplicates check will fail to
function

and in the future im planning to do size statistics in bigint, which
will also fail if not converted
2022-06-29 14:35:00 +07:00
Bobby Wibowo
b117fa9ad1
feat: expose utils to nunjucks templates
also fix nunjucks templates not adhering to env vars overrides for
domains config options, because they attempted to read config directly
2022-06-29 13:58:09 +07:00
Bobby
b17b24b159
feat: new page /file/:identifier
this will display all information recorded from the specified file, but
only to the users that own them (it requires token)

this page also has a delete file button, allowing us to provide link to
this page for sharex deletion url option

once again, this is only for authenticated users, and will only show
file that the users own, unless said user is a moderator or higher
2022-06-28 12:03:49 +07:00
Bobby
5d1bea39ef
feat: new api /api/upload/get/:identifier
this api only returns file that the user owns (thus token must be set)
2022-06-28 11:57:56 +07:00
Bobby Wibowo
9d4c08e460
feat: some env vars support 2022-06-22 13:27:38 +07:00
Bobby Wibowo
954df13aa2
fix: better null domain fallback logic 2022-06-22 11:22:35 +07:00
Bobby
8799189a04
feat: initiate db connection only once
db is now initiated via utilsController, and gets re-used by main
lolisafe.js script and the other controllers

this should now make sure we only have 1 active db connection pool ever

this is a pretty big refactor due to how we used to reference db,
but it should functionally be identical
2022-06-04 04:21:56 +07:00
Bobby
d2b8656800
fix: url uploads stricter error handling
this should properly dispose of unfinished write & hasher streams on
any errors if they have been initiated

also do content-length header check a bit more early
2022-05-08 15:35:28 +07:00
Bobby
ce71a9e8d6
feat: better size check for url uploads
first layer is via sending HEAD request to the url to determine its size
via content-length header
however not all hosts properly set the header, so we ignore it if
it isn't a valid number

next via size option in fetch(), which supposedly limits response body
size during the request itself (?)

lastly via checking actual bytes written to physical file as reported by
fs.createWriteStream()
2022-05-08 15:19:29 +07:00
Bobby
71a6adc3d3
fix: url uploads failing with missing content-type 2022-05-08 15:15:10 +07:00
Bobby
eeb1611b2a
fix: failsafes for chunks timeout 2022-05-08 12:01:18 +07:00
Bobby
f3b7d5e56d
fix: empty string for age header failing 2022-05-08 12:00:27 +07:00
Bobby
2d147e748b
feat: usergroup-based file retention periods
this supersedes the old temporaryUploadAges, while maintaining full
backwards-compatibility.

please consult config.sample.js if you want to start using this
2022-05-07 02:17:31 +07:00
Bobby
3d94ae599e
feat: debug log for clean files 2022-04-23 05:01:56 +07:00
Bobby
88d32a6dcf
refactor: uploadController.js 2022-04-23 04:48:59 +07:00
Bobby
86c26cb50c
feat: some bypass support to passthrough scanning
only usergroup and file extension bypass

real file size can't be determined before passthrough scan,
so there's no bypass by max file size
please read the comments in sample config file

refactored utils.clamscan into utils.scan
2022-04-23 04:44:01 +07:00
Bobby
9af52e068d
docs: config and uploadController 2022-04-16 23:06:25 +07:00
Bobby
4b9740cf5c
docs: uploadController.js 2022-04-16 20:44:11 +07:00
Bobby
b5aa8d0758
fix: passthrough scan 2022-04-16 13:33:11 +07:00
Bobby
db254c602b
feat: experimental clamscan passthrough support
when enabled, passthrough scanning will be used for non-chunked uploads

upload processing will be significantly faster if scanning is required
2022-04-15 16:41:05 +07:00
Bobby
6788dc2094
fix: align with clamscan v2 2022-04-15 15:36:50 +07:00
Bobby
ffc82f6a2a
feat: logger.debug() outputs only on dev mode 2022-04-15 15:30:32 +07:00
Bobby
b86aa8dc08
fix: private upload custom response config option 2021-06-08 08:01:11 +07:00
Bobby Wibowo
48488667c8
feat: limit upload to specific usergroups 2021-05-22 20:59:00 +07:00
Bobby Wibowo
5a74776978
fix: thumbnails not generated with mixed case
e.g. .jpG, .JPG, .PnG, etc.

Also simplified some codes.
2021-02-01 05:23:53 +07:00
Bobby Wibowo
631d14d887
feat: better extension names parsing
It will now preserve upper/lower/mixed case.

It will now properly preserve all tarballs (#370).
2021-01-29 23:15:24 +07:00
Bobby Wibowo
a5607c00f6
refactor: make use of improved utils.authorize() 2021-01-08 10:50:25 +07:00
Bobby Wibowo
b5af733dc2
refactor: Client/ServerError on uploadController 2021-01-08 09:44:04 +07:00
Bobby Wibowo
0dfdccb25e
refactor: move custom multer storage
controllers dir: multerStorageController.js to utils/multerStorage.js
2021-01-08 07:25:27 +07:00
Bobby Wibowo
51ab9a6fc5
fs.copyFile() for chunks data on non-default path
Closes #314
2020-11-21 06:31:36 +07:00
Bobby Wibowo
9c7241d145
Allow filtering audio files with is:audio
For now only support FLAC, MP3, WAV and WMA
More extensions will come at a later date
2020-11-03 22:51:29 +07:00
Bobby Wibowo
88f852584c
!! REPLACED ClamAV BACKEND: clamdjs -> clamscan !!
Update your config file!
2020-11-01 06:35:56 +07:00
Bobby Wibowo
47dd512910
Removed custom ESLint curly rule
Sigh, why did you do this, past me..?

Also fixed "Delete uploads by names".
2020-10-31 01:12:09 +07:00
Bobby Wibowo
22e6c2c3c6
Updated
Replaced all Array.concat() with spread operator and/or push().
Fixed some faulty search logics when using exclusion filters.
Fixed capitalization of mac font in _variables.scss. Stylelint somehow
fricked up again in my previous commit.
2020-10-11 17:32:22 +07:00
Bobby Wibowo
50dc747984
Bug fixed the new collision check
Geez.
2020-09-27 08:04:41 +07:00
Bobby Wibowo
ea15b145b1
Added alt stricter file name collision checks 2020-09-27 05:18:42 +07:00
Bobby Wibowo
08db3e55a8
Allow sorting by original names 2020-07-25 16:39:04 +07:00
Bobby Wibowo
49ec795941
Disabled file delete GET API
40dd66297612b2a8429c8fcad2b07170a3ba582b#commitcomment-40060391
2020-06-21 22:21:38 +07:00
Bobby Wibowo
40dd662976
Removed delete URL from upload response
I wasn't aware ShareX wouldn't do a basic GET request to the delete URL,
but would instead open your browser to it.
Unfortunately, due to the structure of lolisafe auth setting token
through HTTP header, which had always been done by JS as it has to get
the value from local storage, just visiting the API from browser will
merely respond with "No token provided".
We'd need cookie-based auth, which I do not want to add.
The old me that added deletion API long ago might have been aware of
this fact, but the me of a few hours ago already forgot..
I'll give this further thoughts at a later date, as ShareX isn't really
a priority to me.

Bumped v1 version string and rebuilt client assets.
2020-06-20 04:01:16 +07:00
Bobby Wibowo
51c8df71bc
Added deletion URL for ShareX or derivatives
For registered users only!
This requires adding a basic GET API for file deletion, so that I did.
Configs which guests download will not include pattern for delete URL,
so they won't get notified of unusable delete URL or anything like that.

dev: Improved logger.debug() to support specifying options for node's
Util.inspect() if an object is set as its last param
(assuming >1 params).
Default options now also includes enabling colors.

src/js/utils.js: Simplified dynamic ShareX config generator.
Among other things, it will now use JSON.stringify().
I don't even remember why we didn't use that in the first place..

Some logic improvements in src/js/home.js.

Bumped v1 version string and rebuilt client assets.
2020-06-20 01:28:23 +07:00
Bobby Wibowo
a4d33c67a2
Updated uploadController.js 2020-06-16 03:01:32 +07:00
Bobby Wibowo
585331c6e5
Added timeout on chunked uploads
The service will now automatically clean up any leftover data from any
inactive & unfinished chunked upload attempts.

Updated config.sample.js for updated description and new sub-option
for chunkSize option.
2020-06-15 23:48:43 +07:00
Bobby Wibowo
b4c8b1d90e
BLAZING FAST CHUNKED UPLOADS 🚀
Inspired by our recent switch to using blake3 for file hashing, chunks
will now be written to a tmp file directly as they're uploaded.
So no more waiting so long for "rebuilding chunks".
There will still be some delay on every following attempts of uploading
each chunks. I'm not sure the specifics, as we're already reusing the
write stream.
2020-06-15 23:14:33 +07:00
Bobby Wibowo
14b97ecbf1
Updated uploadController.js
Make sure .generateThumbs() is always on force mode.
There may be stray thumbnails that weren't stored in DB due to
unexpected errors and whatnot.
2020-06-15 21:10:40 +07:00
Bobby Wibowo
0851d71688
Fix SQLite not understanding escape char
I honestly expected Knex.js would've already handled this
2020-06-07 20:51:59 +07:00
Bobby Wibowo
8bcee712ac
A toggle button to show original file names
For admins, preference for your personal uploads list and Manage uploads
aren't shared, just like thumbs/lists toggle.

Non-keyed keywords for filtering will now apply to original names too.

Added a new fontello icon for this button.

Various other things I'm too lazy to write.
2020-06-07 12:29:17 +07:00
Bobby Wibowo
7f58d80cff
Fixed URL uploads
I forgot that getting rid of the old hashing system would break this
due to the lack of hashing.
So, fixed that.
2020-06-01 12:23:15 +07:00
Bobby Wibowo
5e5d5c5647
Manage albums admin page, and more!
Resolves #194.

Added pagination for Manage your albums page.

Albums sidebar will now only list 9 albums at most.
Use Manage your albums page to view the rest.
Albums in the list will now have View uploads button after all.

Delete album button for albums renamed to Disable album.
Since techincally the server would've always been disabling the albums
instead of deleting them.
It was something upstream dev's decided, and I haven't bothered changing
its behavior.

I'll work on actual Delete album feature some other days.

As the title says, added Manage albums admin page.

Viewing uploads of an album will hook into albumid: filter key.

I'll work on filter and bulk operations some other days.

Updated styling for disabled albums and users.
Instead of havine a line through them, they will be greyed out.
Disable public page of albums will still use line through however.

Links to album's disabled public page are now clickable.

Added a new button styling is-dangerish.
It'll be orange.

Renamed /api/albums/delete to /api/albums/disable.
For backwards compatibility, /api/albums/delete will still work
but automatically re-routed to /api/albums/disable.

/api/uploads/list will no longer print SQLite errors for moderators
or higher when encountering them.
It was originally used to inform moderators of non-existing colum names
when used for sorting.
But on one of the recent commits, I had added a check for allowed colum
names.

Improved some caching in dashboard page.

Added new entries to cookie policy.

Some other small things.

Bumped v1 version string and rebuilt client assets.
2020-06-01 11:44:16 +07:00
Bobby Wibowo
5f8bad907c
Code clean ups 2020-06-01 08:44:48 +07:00
Bobby Wibowo
867d005b34
Updated uploadController.js
Removed unnecessary check.
2020-05-29 02:56:11 +07:00
Bobby Wibowo
62a977542e
Switched to BLAKE3 for file hashing [MORE]
UPDATE YOUR CONFIG FILE IF YOU USE CHUNKED UPLOADS!
Read more about this at the end.

Added new dependency: blake3

Hashes will be created as the uploads are being written to disk.
With exception for chunked uploads!
For them specifically, their hashes will be created as they're being
rebuilt into a single file.
Should still be a lot better than the previous case where it had to
re-read the already written files.

To support that feature, added a new file
controllers/multerStorageController.js.
It's just a custom storage engine for Multer.

chunkSize option now allows setting max chunk size from config file.
Previously it was hardcoded to 95MB, but assuming you have paid
Cloudflare plans, you can actually have up to 500MB.

Also moved the option to be after maxSize and before urlMaxSize.
Made a lot more sense to me this way, as chunked uploads only work on
regular uploads.

Updated v1 version string and rebuilt client assets.
2020-05-29 02:52:58 +07:00
Bobby Wibowo
98b2f32ec5
Updated
Fixed browser's timezone offset not being sent with the proper header
name ("minOffset" -> "minoffset").

Server will now actually think client is on UTC timezone if "minoffset"
header is unset.

Stricter "all" header check for uploads list API endpoint.
It will now only accept the header if set to "1" (string).

Fixed server error when either date: or expiry: keys get parsed as
empty strings.

"minoffset" header when listing uploads will now only be sent if
date: or expiry: keys are properly used (i.e. match expected patterns).

Updated filters help message about wrapping with double quotes when
specifying both date and time (since there will be a space in between).

Filters input will now have some automatic clean ups other than trims.
- Replace all tabs with whitespaces.
- Remove whitespaces after "<key>:".

Bumped v1 version string and rebuilt client assets.
2020-05-24 08:28:54 +07:00
Bobby Wibowo
93ee4dae05
Fixed expiry filter breaking with only 1 date 2020-05-17 23:43:08 +07:00
Bobby Wibowo
ebf0037df5
Disallow albumid keys on albums' uploads lists 2020-05-16 22:42:08 +07:00
Bobby Wibowo
93c6031bb1
Accept orderby: as alternative for sort: 2020-05-16 22:07:15 +07:00
Bobby Wibowo
417adbde93
Fixed type-is and keyword exclusion logic 2020-05-03 04:51:22 +07:00
Bobby Wibowo
f189d86abc
Updated uploadController.js
Fixed filtering null albumid
2020-05-03 04:40:04 +07:00
Bobby Wibowo
126cfe0e15
Added type-is filter keys (is:image and is:video)
Fixed text queries threshold being applied to moderators

Bumped v1 version string and rebuilt client assets
2020-05-03 04:32:45 +07:00
Bobby Wibowo
d201b03f59
Added filtering uploads by albumid
This works when listing all uploads as well, but Album column will only
be shown when albumid key is used in the filters.
I plan to someday add Manage Albums menu, which will use "View uploads"
buttons, just like the ones in Manage Users.
2020-05-03 03:30:50 +07:00
Bobby Wibowo
1980d536db
Initialize upload filters for regular users (WIP)
Updated ESLint's ECMA version to 9 (2018).
I'll need to use some lookbehind regex directives from now on.
It's supported since Node 10, which is the oldest version I'll support.

Refactored "can not" -> "cannot".

Filtering for regular users is still work in progress.
Some features aren't working as expected yet.
2020-05-03 02:39:24 +07:00
Bobby Wibowo
41d52d947b
Added support for negative page num
e.g. -1 means last page, -2 means the 2nd from last, and so on
will only accept up to -N where N is the amount of pages
anything lower will alwasy return the first page
this works for both list uploads and list users APIs

fixed some Object.assign in dashboard.js

added bottom control buttons in manage users
2020-05-02 22:42:23 +07:00
Bobby Wibowo
922269181c
More improvements to uploads filtering!
Renamed "orderby" key to "sort" (for sorting uploads).

Fixed non-keyed keyword exclusions not working as expected when
more than one are used at the same time.

Support not specifying "from" date when filtering with range keys
(date and expiry).

Proper logic for NULL values inclusion/exclusion when filtering with
user and/or ip keys.

Improved Help? prompt again!!
Also clarify about timezone differences.

Added logger.debug() function.
Basically a shorthand for console.log(require('util').inspect()).

Rebuilt client asssets and bumped v1 version string.
2020-04-20 01:19:20 +07:00
Bobby Wibowo
3e3878b93c
Massively overhauled uploads filtering endpoint
Please consult the Help? button again to learn all the syntax changes!
The prompt will now also have its width expanded!

Updated dependency, knex: 0.20.13 -> 0.20.15.

Added new dependency: search-query-parser.

Updated all sub-dependencies.

Critical? Admins-only API /users/edit will no longer return NEW password
salt of the user when randomizing their password.

Added page.escape() function to js/misc/utils.js.
This will be used to escape input in upload filters input box.
The same function used in utilsController.js.

Pretty dates will now use / instead of - for date separator.
This is due to the fact that date range key for filtering uploads
can not accepts dates with - separator.
To avoid inconsistency, we will now use / separator.

Caching system of album public pages will now be disabled during
development (yarn develop).

Cleaned up domClick() function in js/dashboard.js.

If using date or expiry range keys when filtering uploads, attach
client's timezone offset to the API requets.
This will be used by the server to calculate timezone differences.

Success prompt when changing token will now auto-close.

Removed ID column from Manage Users.

Improved success prompt when editing users.
This will properly list all of the edited fields at once,
excluding user group change.
Success message for user group change will require a bit more changes
on the API endpoint, which is a bit annoying.

Rebuilt client-side assets and bumped v1 version string.
2020-04-19 02:52:11 +07:00
Bobby Wibowo
7389ac6c07
Init support for filtering with keywords (WIP) 2020-04-17 13:36:57 +07:00
Bobby Wibowo
940be1ad99
Updated uploadController.js
Filters input in Manage Uploads will now display error if it's filled
with invalid filter/sort keys.
SQLITE_ERROR will also now be forwarded to users if they're moderators.
The expectation is to only display it when used through Manage Uploads.
2020-04-12 16:30:33 +07:00
Bobby Wibowo
8f50ba49c0
Added sorting feature for Manage Uploads
This adds support for a new key named 'orderby'.
The key needs to be used with internal column names used in the db.
The key can be used more than once.
Help message in Dashboard's Manage Uploads have been updated to include
examples using the said key.
2020-04-04 23:36:43 +07:00
Bobby Wibowo
46fa9677ff
Extended configuration for virus scanning
Added whitelist extensions
Added max size limit
2020-04-04 21:20:01 +07:00
Bobby Wibowo
d9ddfe8e9a
Implemented stripping tags from images
... and optionally videos using ffmpeg (still experimental).

Users can choose whether to strip tags of their uploads or not from
the home uploader's Config tab (safe.fiery.me will have it disabled
by default).

The behavior will also be applied to the downloadable ShareX config.

Server owners can choose to force either behavior.

Make sure to add the new config from config.sample.js.

---

Fixed all instances of "e.i." to "e.g.".
My English sucks okay.

Bumped v1 version string.
2019-11-29 20:42:53 +07:00
Bobby Wibowo
337a0a61ff
Implemented parallel URL uploads
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.

I figured this is a better implementation to shift queues faster.

---

Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.

Clients will also see better formatted error message for URL uploads'
file size limit errors.

---

Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0

Bumped v1 version string
2019-11-29 17:42:29 +07:00
Bobby Wibowo
b646a4a82f
Updated uploadController.js
String updates.
2019-11-10 03:41:54 +07:00
Bobby Wibowo
a28d862c14
Added group bypass to virus scanning
Also better-ish scan results handling again, I guess

Updated dependency knex: 0.20.0 -> 0.20.1
2019-11-06 03:35:04 +07:00
Bobby Wibowo
36763c2a77
Security fix
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.

All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.

Fortunately, they were only used in API routes that required staff
(moderators included) accounts.

---

Updated dependency:
helmet: 3.21.1 -> 3.21.2
2019-10-22 10:52:52 +07:00
Bobby Wibowo
411d17e1fb
Updated
* Changed colorscheme to black (experimental).

* Fixed ClamAV failing to report names of dirty files.

* Removed built-in support for Google site verification (globals.njk).
Just use HTML verification with public directory,
or manually edit home.njk.

* Bumped v1 version string.
2019-10-06 05:20:59 +07:00
Bobby Wibowo
84a3de0d8d
Updated
Fixed statistics columns width in browsers except Firefox.

And a few other things.
2019-09-28 16:42:49 +07:00
Bobby Wibowo
98a8d03a7f
Updated
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.

Added 2 new entries to todo.md.

Don't check "Select all" checkbox in dashboard when there are no
uploads.

Bumped v1 version string.
2019-09-23 15:09:15 +07:00