initial migration to usergroup-system for root user is governed by
superadminAccount and superadminForcePromote fields in config file
those will have default values expected for non-fork installs, but
existing fork installs will not have them and thus will never trigger
superadmin force-promotion from migration script
always store incoming uploads to disk first before deciding whether to
reject and delete them depending on configured rejects/limits
doing this is more stable/reliable than attempting to immediately
reject the incoming connections, at least if we want to respond with
actual error messages
restore an older behavior of serving static files with
ServeLiveDirectory middleware instead of ServeStaticQuick, in case of
issues with streaming files from disk via createReadStream
if you do encounter this issue, serving uploaded files with node will
likely encounter issues as well, but you can choose to serve them
directly with nginx, etc., so i guess it's not beyond hope
unfortunately it simply was not reliable enough
and maintaining it is simply adding more complexity to the codes
moreover it was only possible to passthrough regular non-chunked uploads
maintaining it is an unnecessary complexity
it's a feature that doesn't scale too well anyways
also renamed "queryDbForFileCollisions" to
"queryDatabaseForIdentifierMatch"
and updated config description accordingly
this should also now properly free the internal onHold Set
this should have better lifecycle and use less memory over time, since
we can define max items in cache
at the moment hard-coded to 10 cached pages (inclusive of nojs version
if ever generated)
db is now initiated via utilsController, and gets re-used by main
lolisafe.js script and the other controllers
this should now make sure we only have 1 active db connection pool ever
this is a pretty big refactor due to how we used to reference db,
but it should functionally be identical
this supersedes the old temporaryUploadAges, while maintaining full
backwards-compatibility.
please consult config.sample.js if you want to start using this
change logic to list physical files instead, since the zipGeneratedAt
attribute may still exist despite site owners having already done
physical clean-ups
only usergroup and file extension bypass
real file size can't be determined before passthrough scan,
so there's no bypass by max file size
please read the comments in sample config file
refactored utils.clamscan into utils.scan
