initial migration to usergroup-system for root user is governed by
superadminAccount and superadminForcePromote fields in config file
those will have default values expected for non-fork installs, but
existing fork installs will not have them and thus will never trigger
superadmin force-promotion from migration script
unfortunately it simply was not reliable enough
and maintaining it is simply adding more complexity to the codes
moreover it was only possible to passthrough regular non-chunked uploads
maintaining it is an unnecessary complexity
it's a feature that doesn't scale too well anyways
also renamed "queryDbForFileCollisions" to
"queryDatabaseForIdentifierMatch"
and updated config description accordingly
this should also now properly free the internal onHold Set
this adds new production dependency rate-limiter-flexible
this deprecates old rateLimits option in config
to use the new rate limiters, the new option is named rateLimiters and
rateLimitersWhitelist
please consult config.sample.js
rate limiters will also be now processed before any other middlewares,
as only makes sense
this now properly sets only on the specific pages that deserves to be
cached in cdn
additionally update sample config file to remove warning about
cacheControl option
this is now mature enough to be simply toggled on/off depending on
your own necessity
please update your config.js file to match the change in sample config,
which is changing database.client option from sqlite3 to better-sqlite3
this should not require additional steps on your end, since knex.js
exists in between lolisafe and the database driver as an abstraction
this supersedes the old temporaryUploadAges, while maintaining full
backwards-compatibility.
please consult config.sample.js if you want to start using this
instead of only on some arbitrary routes
configurable via config, please check sample, disabled by default
i still recommend configuring from your own http server (nginx, etc.),
if you want to have a more complex per-routes headers
only usergroup and file extension bypass
real file size can't be determined before passthrough scan,
so there's no bypass by max file size
please read the comments in sample config file
refactored utils.clamscan into utils.scan
this is to align with original behavior pre-Helmet v5 update
this only changes sample config file, and fallback values when helmet
option is missing from config file
otherwise decide at your own discretion (refer to the comments)
GIFs are known to not work without custom globally-installed libvips
with ImageMagick or GraphicsMagick support.
https://sharp.pixelplumbing.com/api-output#gifhttps://sharp.pixelplumbing.com/install#custom-libvips
It's highly recommended to update your config following the changes to
the sample config file.
This also addressed a bug where images would still get recorded to DB
despite them not existing physically due to strip tags errors.
much more expandable, and should be easier to understand overall.
make more statistics operations run concurrently to speed them up.
make linuxDiskStats config key obsolete by using systeminformation
package to also query for any mounted file systems.
Resolves#192
This added 2 new dependencies:
content-disposition
BobbyWibowo/serve-static
content-disposition:
This has fallback generation for file names that are outside ISO-8859-1.
Plus it was already a sub-dependency due to express to begin with.
BobbyWibowo/serve-static:
A fork of express/serve-static to allow specifying an async setHeaders
function by the name preSetHeaders, that will be awaited before
creating send stream to clients.
