Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2024-12-13 07:56:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,152 Commits 13 Branches 4 Tags 41 MiB
c60ff87a1c
Commit Graph

566 Commits

Author SHA1 Message Date
Bobby
a44af208aa
feat: click on table headers to sort uploads 
fairly robust logic, with auto toggling of asc or desc sort direction
 2022-09-24 08:09:27 +07:00
Bobby
a646d6731a
fix: possible upload stream starting early 2022-09-24 06:41:31 +07:00
Bobby
518b29c8df
feat: better albums.onHold debugging messages 2022-09-24 06:35:41 +07:00
Bobby
c47d3f5437
feat: better upload.onHold debugging messages 
expose util.inspect via utils when on dev mode
 2022-09-24 06:33:58 +07:00
Bobby
32efacd411
feat: configure timemark for video thumbnails 2022-09-24 06:24:56 +07:00
Bobby
47727f3ca8
feat: allow specifying api token in nojs uploader 2022-09-21 08:03:28 +07:00
Bobby
7147afc309
feat: better props override for auth helepr functs 2022-09-21 08:02:13 +07:00
Bobby
ffe6d6ed88
feat: console log incoming requests on dev mode 2022-09-21 07:44:40 +07:00
Bobby
bf077f4aa3
fix: typos in ServeStatic.js 2022-09-21 06:09:27 +07:00
Bobby
cc5625fabf
fix: url upload fetch timeout failsafe 2022-09-14 06:04:18 +07:00
Bobby
93dc820368
feat: fetch() with AbortController for timeout 
to be used with URL uploads

please consult the comments in the source files

this adds new dependency abort-controller
 2022-09-14 01:33:31 +07:00
Bobby
3df67f87be
feat: timeout url uploads to 10s 
uwebsockets.js has a 10s timeout of no communication between client and
server, for it to simply drop the connection

there's no point waiting any further at that point since we can't reply
to client anymore
 2022-08-24 04:37:13 +07:00
Bobby
6ad8ed7ae6
fix: only accept files upload with files[] field 
was always supposed to only accept said field, but i forgot to include
the logic during migration from expressjs to hyper-express
 2022-08-24 04:17:07 +07:00
Bobby
96522a425f
chore: indents 2022-08-23 15:16:02 +07:00
Bobby
ab4f8263de
feat: ignore option for ServeStaticQuick class 2022-08-23 15:13:04 +07:00
Bobby
414afc7ae6
feat: allow specifying root path in serve classes 
when used on non-root paths
 2022-08-23 15:12:25 +07:00
Bobby
ff7ec4aeaf
fix: /users/edit throw with empty edits 2022-08-23 15:09:47 +07:00
Bobby
09fea107f3
feat: env SERVE_STATIC_QUICK=0 yarn start 
restore an older behavior of serving static files with
ServeLiveDirectory middleware instead of ServeStaticQuick, in case of
issues with streaming files from disk via createReadStream

if you do encounter this issue, serving uploaded files with node will
likely encounter issues as well, but you can choose to serve them
directly with nginx, etc., so i guess it's not beyond hope
 2022-08-21 21:23:14 +07:00
Bobby Wibowo
bd71035517
fix: missing cpu temp and swap logic 2022-08-19 10:48:45 +07:00
Bobby Wibowo
991cfe134e
feat: add cpu temp and swap memory to statistics 
temp is currently hard-coded to C

also increased system info caching to 1s
 2022-08-19 10:38:24 +07:00
Bobby Wibowo
86d9db3137
feat: split service info in statistics 
additionally add cpu detail in system info
 2022-08-19 10:18:35 +07:00
Bobby Wibowo
ea30e5dee5
feat: enable persistent cache for nojs uploader 
also slight improvement to NunjucksRenderer class
 2022-08-19 09:50:08 +07:00
Bobby Wibowo
0d05da40b0
fix: fallback deletion url to relative path 
if homeDomain is not configured via config file or env var

the deletion url is a frontend page, so it cannot simply assume it's on
the same domain as uploaded files
 2022-08-19 09:29:11 +07:00
Bobby Wibowo
6c929efa7b
fix: less strict missing token header check 
previously would still assume token is provided when the header is
simply an empty string, which may be unavoidable for some clients
 2022-08-19 07:30:32 +07:00
Bobby Wibowo
59c5c8b7b0
fix: guest uploads hanging 
caused by auth middleware not passing the request when token is missing
 2022-08-19 07:01:45 +07:00
Bobby Wibowo
8142eae9df
refactor: /users/{delete,disable,edit} API routes 
simplify self.assertPermission function to only assert permission

fixed hard-coded "root" user protection not being asserted first
 2022-08-09 17:51:31 +07:00
Bobby Wibowo
0a62002a6e
fix: re-create "root" user if users table is empty 
previously it'd always re-create it if "root" user itself is missing
from users table

this facilitates not having "root" user altogether
 2022-08-09 17:28:21 +07:00
Bobby Wibowo
6ff735badb
feat: wrap add to album db query in transaction 
additionally allow superadmins to arbitrarily add/remove files to/from
albums via manual API calls, instead of only allowing root user
 2022-08-09 17:18:56 +07:00
Bobby Wibowo
4907ef9ad7
chore: indent albumsController.js 2022-08-09 17:00:26 +07:00
Bobby Wibowo
edf7c091e4
feat: wrap upload db insert within transaction 2022-08-09 16:57:55 +07:00
Bobby Wibowo
d8b78d29ed
feat: hard-code prevent registering as "root" 
and allow migration script to not throw when root user is missing

this facilitates safely removing root user altogether via database query
if you don't use it
 2022-08-08 06:22:18 +07:00
Bobby Wibowo
253042e24e
fix: improve filtering uploads by album ids 
database logic and dashboard display
 2022-08-08 06:08:40 +07:00
Bobby Wibowo
b21fa66e59
fix: possible event listeners memory leak 2022-08-05 00:54:44 +07:00
Bobby Wibowo
c6c485447f
feat: token failure rate limit on login/register 
also removed default 2 reqs in 5s rate limiter for login/register routes
from sample config, as it's pretty much redundant now
 2022-08-04 23:34:58 +07:00
Bobby Wibowo
a406f85215
feat: rate limit token auth failures 
hard-coded to max 6 failures in 10 minutes
 2022-08-04 23:09:14 +07:00
Bobby Wibowo
3e0aa1361d
fix: detect uploads timed out by uwebsockets 2022-08-04 22:08:40 +07:00
Bobby Wibowo
7381cac0e9
chore: indents and comments 2022-08-04 21:59:50 +07:00
Bobby Wibowo
d7d6a29123
feat: cleaned up routes init 
asserting auth and JSON body will now be done via route-specific
mini middlewares (authController's requireUser or optionalUser)
 2022-08-04 21:59:06 +07:00
Bobby Wibowo
2351528a42
fix: redundant logic 2022-08-03 17:31:49 +07:00
Bobby Wibowo
46c8867223
fix: internally prepend chunksData UUID with IP 
even less chance for a collision to occur
 2022-08-03 17:28:42 +07:00
Bobby Wibowo
0ebefe083a
refactor: removed clamscan passthrough support 
unfortunately it simply was not reliable enough

and maintaining it is simply adding more complexity to the codes

moreover it was only possible to passthrough regular non-chunked uploads
 2022-08-02 16:19:57 +07:00
Bobby Wibowo
164cadd8b9
feat: increased regular users' max sort keys to 2 
possible use case, sorting by albumid, then size

moderators and above still have no limits
 2022-08-01 15:21:23 +07:00
Bobby Wibowo
ac38b6f06e
feat: if sort uploads by album id, sort null last 
also improved indenting on some lines of codes
 2022-08-01 15:20:14 +07:00
Bobby Wibowo
323c107f64
fix: ServeStatic 
init setContentDisposition and setContentType functions immediately as
private functions to reduce complexity

so instead check for the required map/store before using them

also fixed content-type override ending up with duplicate headers
 2022-08-01 07:29:49 +07:00
Bobby Wibowo
21ec4a7479
fix: 416 status code handling 2022-07-31 16:46:35 +07:00
Bobby Wibowo
0598a63989
refactor: serve handlers/middlewares 
moved shared codes into serveUtils to reduce complexity
 2022-07-31 16:34:06 +07:00
Bobby Wibowo
527498bb1e
perf: list albums db query 2022-07-31 15:55:27 +07:00
Bobby Wibowo
285e79c5a7
feat: configurable uploads/albums/users per page 
please check sample.config.js for new options

if missing from config, defaults to 25 per page (old defaults)
 2022-07-31 15:51:32 +07:00
Bobby Wibowo
2389974c7d
feat: ServeStaticQuick 
chokidar is now a production dependency

please read the comments in ServeStaticQuick.js for a description of
what the class does

public and dist directories are now served with that class by default

before starting hyper-express on the listen port, await for all
ServeLiveDirectory and ServeStaticQuick instances
 2022-07-31 14:31:25 +07:00
Bobby Wibowo
d40d1e396f
fix: ServeStatic with zero bytes files 2022-07-31 14:17:06 +07:00
Bobby Wibowo
b1566c5abf
refactor: ServeLiveDirectory 
ensure forward slashes path

refactored init method

ensure internal res.type is set before attempting to call external
setHeaders function, to allow overrides
 2022-07-31 14:08:13 +07:00
Bobby Wibowo
b9badcc944
fix: ServeStatic ensure forward slashes path 2022-07-31 14:06:17 +07:00
Bobby
4591b8bb42
refactor: generateUniqueToken -> getUniqueToken 
this now matches lifecycle with similar functions in upload and album
controllers

also added a new util function .mask() for basic string masking
 2022-07-30 08:37:57 +07:00
Bobby
b7dcf30578
feat: console logs for identifiers on debug only 2022-07-30 08:35:26 +07:00
Bobby
548af312a7
chore: authController.js 2022-07-30 08:02:17 +07:00
Bobby
c23bc90412
refactor: album random identifier generation 2022-07-30 08:01:19 +07:00
Bobby Wibowo
8782a004d6
chore: uploadController.js 2022-07-29 10:17:17 +07:00
Bobby Wibowo
681a3ca32f
fix: ServeStatic content-length transfer-encoding 
both headers cannot co-exist at the same time, so we pass the expected
content-length value into 2nd param of Response.stream(), so that the
internal can decide to add it only when required
 2022-07-29 10:16:49 +07:00
Bobby Wibowo
8748dcefb0
feat: parse content-disposition on url uploads 2022-07-29 10:15:11 +07:00
Bobby Wibowo
fae28f9aa2
feat: deprecate uploads.cacheFileIdentifiers conf 
maintaining it is an unnecessary complexity
it's a feature that doesn't scale too well anyways

also renamed "queryDbForFileCollisions" to
"queryDatabaseForIdentifierMatch"
and updated config description accordingly

this should also now properly free the internal onHold Set
 2022-07-29 09:14:55 +07:00
Bobby Wibowo
03eff45e8c
refactor: uploadController.js 
some logic improvements
 2022-07-28 13:26:15 +07:00
Bobby
301cf3377d
fix: set upload name utf8 encoding via busboy conf 
instead of converting from the default latin1 using Buffer

changing busboy config was not possible with express + multer,
so i did not notice it's instead possible with hyper-express
 2022-07-28 10:19:28 +07:00
Bobby Wibowo
b9a1604440
refactor: rename handler/middleware class files 2022-07-25 07:48:31 +07:00
Bobby Wibowo
235a1c56e1
refactor: move devmode flag to utils 2022-07-25 07:39:35 +07:00
Bobby Wibowo
ec4d54573a
fix: errors thrown when url uploads get rejected 2022-07-25 07:32:39 +07:00
Bobby Wibowo
5bab3a495e
feat: allow to disable file hashing completely 2022-07-25 07:32:25 +07:00
Bobby Wibowo
6ba30a23c6
feat: improved chunked uploads lifecycle 
added checks when there's an attempt to uploads chunks to same file in
parallel

improved final file size checks
 2022-07-25 07:09:28 +07:00
Bobby Wibowo
ee8f1914ca
feat: req content-type for upload api 2022-07-25 06:13:12 +07:00
Bobby Wibowo
1b109e0dc0
feat: req content-type json -> application/json 2022-07-25 06:12:55 +07:00
Bobby
4ca64b141f
refactor: do not await assertRequestType 
it's not an async function, lmao
 2022-07-22 08:50:26 +07:00
Bobby
951737d7d0
feat: handle upload post api based on request type 
it'd previously always try to parse as multipart first
now it'll immediately assume the upload post api is for url uploads if
the request type is json
 2022-07-22 08:42:11 +07:00
Bobby
776ab8ab37
feat: assert request content-type in post apis 2022-07-22 08:40:40 +07:00
Bobby Wibowo
aa85d04d34
fix: url uploads failing 2022-07-22 04:20:37 +07:00
Bobby Wibowo
96d276b396
fix: check if req.path_parameters is set 2022-07-22 02:03:59 +07:00
Bobby Wibowo
07d0237031
refactor: res.query -> .query_parameters 
direct hyper-express prop get
 2022-07-22 02:02:59 +07:00
Bobby Wibowo
25f87b3a49
chore: albumsController.js 2022-07-22 01:44:53 +07:00
Bobby Wibowo
7b9fca0bc3
refactor: req.params -> .path_parameters 
direct hyper-express prop get
 2022-07-22 01:44:15 +07:00
Bobby Wibowo
76a73b7e83
refactor: ServeStatic.middleware -> .handler 
also moved it from middlewares to handlers directory

reasoning is that this class is better suited to handle routes directly
instead of being a global middleware
since IO stat to check if request path matches a physical file in the
disk every single time is not very performant
 2022-07-22 01:12:35 +07:00
Bobby Wibowo
30e9227a78
feat: custom pages use ServeLiveDirectory 
they now have conditional GET suppor too
 2022-07-22 01:09:17 +07:00
Bobby Wibowo
51e12e13c0
refactor: rateLimiter.js 2022-07-22 00:57:57 +07:00
Bobby Wibowo
d6020d81ae
feat: serveStatic with accept-ranges support 
for streaming support

and with conditional GET support
 2022-07-22 00:01:25 +07:00
Bobby Wibowo
d9fd98f7de
feat: improved serveLiveDirectory 
allow disabling etag and lastModified headers if required
 2022-07-21 23:56:57 +07:00
Bobby Wibowo
1b4b73b67c
feat: improved errorsController.js 
mainly handling generic errors
 2022-07-21 23:56:08 +07:00
Bobby Wibowo
c0e91e205c
chore: rateLimiter.js 2022-07-21 23:55:48 +07:00
Bobby Wibowo
97bd8f9e5a
chore: serveLiveDirectory.js 2022-07-21 21:14:56 +07:00
Bobby Wibowo
e7a15ecc47
feat: custom livedirectory middleware 
with conditional gets support
 2022-07-21 21:13:46 +07:00
Bobby Wibowo
ad22285661
refactor: res.set -> res.header 
res.set() is an expressjs-compat function with unnecessary checks for
our use case
 2022-07-21 20:28:10 +07:00
Bobby
e6753ab15d
fix: handle connection drop on multiform upload 2022-07-15 01:40:57 +07:00
Bobby
27f3bc3119
perf: don't wrap multipart handler in try-catch 
fixed in https://github.com/kartikk221/hyper-express/releases/tag/6.3.0
 2022-07-15 01:06:28 +07:00
Bobby Wibowo
f40c9e0287
chore: serveStatic.js 2022-07-14 18:34:25 +07:00
Bobby Wibowo
7f6c29b136
fix: properly clean rejected empty files 
should also now properly clean temp files from other unexpected errors
 2022-07-14 18:18:39 +07:00
Bobby Wibowo
5ee82ce680
perf: don't wait for unlink promise in fail upload 
just let it run in the background and respond to client immediately
 2022-07-14 18:17:46 +07:00
Bobby Wibowo
7710e63d70
fix: prevent hashStream.update() after .dispose() 2022-07-14 17:01:59 +07:00
Bobby Wibowo
29b16edc04
perf: improve uploads flow 
lessen temporary objects/variables creation,
and refactor some variable names to be more obvious
 2022-07-14 16:35:06 +07:00
Bobby Wibowo
ac63f8b76d
perf: no try-catch block on cloudflare cache purge 2022-07-14 14:41:55 +07:00
Bobby Wibowo
c32f18a697
fix: uploads mimetype not properly set 2022-07-12 15:26:53 +07:00
Bobby Wibowo
0f6409132a
feat: busboy limits and multipart errors handler 
unfortunately to capture multipart errors, we have to wrap the entire
callback function with try-catch block

but it appears overall processing is still slightly faster than
expressjs + multer
 2022-07-12 14:39:16 +07:00
Bobby Wibowo
7f9d05da26
feat: multer -> hyper-express multipartfield 
get outta here multer, lmao
 2022-07-12 13:07:13 +07:00
Bobby Wibowo
e9736f436c
feat: have res.render return the compiled html 2022-07-12 10:41:58 +07:00
Bobby Wibowo
80d59ff2f0
feat: front-end pages middleware 
custom pages may now override any built-in pages on the fly as lolisafe
is running

also added internal persistent cache feature into NunjucksRenderer
front-end pages will now be persistently cached during production
 2022-07-12 10:31:59 +07:00