Commit Graph

111 Commits

Author SHA1 Message Date
Bobby Wibowo
6543a87b11
Updates
Reworked unique name generator to prevent the same unique identifier from being used if it was already used with a different extension (e.i. If a file named aBcD.jpg already exists, then files such as aBcD.png or aBcD.txt may not exist).
This is mainly to deal with the fact that thumbnails are only being saved as PNG, so if the same unique name is being used by multiple image/video extensions, then only one of them will have the proper thumbnail.
If you already have existing files with matching unique name but varying extensions, unfortunately you can only deal with them manually for now (either allocating new unique names or deleting them altogether).

Added a new config option to filter files with no extension.

Files with no extensions will no longer have their original name appended to the allocated random name (e.i. A file named "textfile" used to become something like "aBcDtextfile", where "aBcD" was the allocated random name. Now it will only just become "aBcD").
In relation to that, utils.extname() function will now always return blank string if the file name does not seem to have any extension.
Though files such as '.DS_Store' (basically anything that starts with a dot) will still be accepted.
Examples:
.hiddenfile => .hiddenfile
.hiddenfile.sh => .sh
.hiddenfile.001 => .hiddenfile.001
.hiddenfile.sh.001 => .sh.001

Simplified error messages of /api/upload/finishchunks.

Most, if not all, of the error responses for /api/upload* will now have HTTP status code 400 (bad request) instead of 200 (ok).
I plan to generalize this for the other API routes in the future.

Updated home.js to properly handle formatted error message when the response's status code is not 200 (ok).

Bumped v1 version string (due to home.js).
2018-11-29 00:52:12 +07:00
Bobby Wibowo
d4b6933891
Improved help message for URL upload
* Hide notice about max size if it's equal to max size of regular uploads.

* Show notice about DuckDuckGo's proxy if it's turned on.

* Also updated description in config.sample.js to further emphasize about the limitation of using DuckDuckGo's proxy.
2018-09-30 05:38:13 +07:00
Bobby Wibowo
db015c87aa
Merge branch 'master' into safe.fiery.me 2018-09-22 21:04:07 +07:00
Kayo
3e0be53c62
Added .exec to blacklist
Mac/Unix executable files.
2018-09-20 15:07:31 -07:00
Bobby Wibowo
0d38995b2b
Updates
* When gitHash in config.js is set to true, latest commit hash of the currently enabled git repo/branch will be displayed in home and nojs uploader pages.

* Error pages can now be configured with errorPages option (their root directory and their file names).
2018-09-20 18:41:17 +07:00
Bobby Wibowo
ace263be03
Updated config.sample.js
This is the new format of the scan option for the previous clamdjs commit. I forgot to include changes to the sample config file.
2018-09-04 23:11:20 +07:00
Bobby Wibowo
36da76357e
Updates
* Added an experimental virus scanning feature using ClamAV. This has only been tested with an Ubuntu machine.

* File extensions will now be parsed with path-complete-extname module. This will ensure extensions such as .tar.gz are properly parsed.

Notice: It may take a minute or so to start the safe with virus scanning, as apparently the module takes a while to create the engine. I'm guessing since it'll be loaded to memory? Either way, once the engine is created, everything should work fine. Virus scanning should also not have that much of an impact to the upload time.
2018-09-02 03:37:26 +07:00
Bobby Wibowo
0b6df9efe4
Merged changes from master
Summary:
* Added 3 new sites to README.md.
* Added some new file extensions to filter.
* Some additions to nginx sample conf files.

Changes such as delete buttons and whatnots for the dashboard were not added.
2018-06-06 08:51:53 +07:00
Bobby Wibowo
57834dd362
Updated uploadController.js
Added DuckDuckGo's proxy support for "Upload by URLs". Make sure you add the new option in config.sample.js into your config.js.

This may be considered a hack and not supported by DuckDuckGo, so USE AT YOUR OWN RISK.

Credits to Proxy#1337.
2018-06-06 00:16:41 +07:00
Shumatsu
a9ac6b1574
Adjusting to recommendations 2018-05-21 23:22:54 +02:00
Shumatsu
df6d5459e0
File extension bans
`.nt` - turns out there's more Windows batch file extensions.
`.psm1` - PowerScript extension.
`.bash`, `.bsh`, `.csh`, `.bash_profile`, `.bashrc`, `.profile` - apparently those are valid bash script extensions.
`.reg` - overwrites Windows registry keys upon execution.
2018-05-21 23:13:39 +02:00
Bobby Wibowo
bd722129de
Updates, now supports uploading by URLs!
* Added upload by URLs. It has its own max size (config.uploads.urlMaxSize), make sure your config matches config.sample.js.
Here's a brief video showing it in action: https://i.fiery.me/CUhQ.mp4.

* /api/upload now supports uploading by URLs. Devs will only need to POST a JSON request containing a key named "urls", which is an array of the urls to upload.

* Added file extension filter to /api/upload/finishchunks.

* Added proper total chunks size check to /api/upload/finishchunks.

* Various code improvements.
2018-05-11 21:34:13 +07:00
Bobby Wibowo
f043f65ca1
Updates
* Added Cloudflare purge cache support. Check configuration sample at config.sample.js.
When it's enabled, whenever files are being deleted, it will send a POST request to Cloudflare's API to purge cache of the deleted files.
This adds a new dependency called "snekfetch". It's lightweight though.

* uploadsController.delete() will now wrap uploadsController.bulkDelete() instead.
2018-05-09 16:53:27 +07:00
Bobby Wibowo
7991a63315
Updates (please update your config.js)
NOTICE: Please update your config.js. Use config.sample.js as the template.
There were a couple of renames and restructures.

* Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though.

* All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout.

* Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw.

* Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail).
This haven't been tested in Windows machines, but it'll probably work fine.
I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
2018-05-09 15:41:30 +07:00
Bobby Wibowo
4b7feb4c08
Updated config.sample.js
Oops, I forgot to add "uploads.albumIdentifierLength" from the previous commit.
2018-04-29 00:29:47 +07:00
Bobby Wibowo
8496e69955
Updated config.sample.js 2018-04-27 10:32:36 +07:00
Bobby Wibowo
64b04abbe9
Updates (a small breaking change with config file)
"generateZips" is no longer merely accepting boolean value, it's now an object with 2 properties: "enabled" and "maxTotalSize". The former is of course to enable/disable zip generation, while the latter is to limit the total size of all the files in an album. If the total size exceeds the set limit, it will not generate a zip file. It'll probably be useful when used alongside Cloudflare's Cache Everything (since Cloudflare will only cache files with a maximum size of 512MB).
2018-04-27 10:27:34 +07:00
Shumatsu
44ca2dd53d De loli-safe (#77)
* Change all occurences of loli-safe to lolisafe

Saw that repository was renamed, links were changed, but a lot of files of lolisafe were unchanged. So I followed the links and changed what seemed safe to change. Which turned out to be all occurences. 

Also, bumped the copyright.

* Change year in LICENSE

This seems to be the proper format.

* Image fix

It was out of focus.

* Relative image path

Heard on StackOverflow it can be done like this.
2018-04-26 08:54:07 +02:00
Bobby Wibowo
5bb960756f
Updates
uploadController.js:

 * Fixed chunk uploads failing when "blockedExtensions" is missing from the config file.

config.sample.js:

* Renamed "blockedExtensions" to "extensionsFilter", and added a new option named "filterBlacklist". When "filterBlacklist" is set to 'true', all extensions in "extensionsFilter" array will be blacklisted, otherwise it will be a whitelist, so only files with those extensions that can be uploaded.

* Renamed "uploads.chunkedUploads.maxSize" to "uploads.chunkedUploads.chunkSize".

* Added "uploads.chunkedUploads.noJsMaxSize" which can be used to change the 'displayed' file size on the No-JS uploader page.

* Some other phrases updates.

_globals.njk:

* Updated static files' version string since there is a small update to home.js.

other files:

* Regular code improvements/tweaks.
2018-04-25 20:16:34 +07:00
Bobby Wibowo
09f51c8448
Updates~ 😉
Thanks to Zephyrrus for the hints about nunjucks, sort of (he did not really give out any specific hints to me, I stalked his fork, lmao).

* Replaced Handlebars with Nunjucks.

* Replaced all static HTML files with their NJK-equivalent (excluding error pages).

* Renamed "albumDomain" to "homeDomain" in config.sample.js (make sure you update your config.js too).

* Updated dependencies: knex and eslint-plugin-import (dev).

* Updated vscode's settings.json (I may update this again very soon).
2018-04-19 04:00:36 +07:00
Bobby Wibowo
7978325cd6
Updates
* Removed rimraf from dependency. Although really it'll still need to be used by other dependencies, such as eslint and bcrypt, so it'll still have to be downloaded by yarn either way.

* Updated dashboard.css. Added "overflow: hidden" to thumbnail container. Previously potrait thumbnails will be visible outside of their container.

* Removed notice about having "chunks" folder from config.sample.js. Added a line in lolisafe.js to create the folder if it doesn't exist instead.

* Updated bcrypt to v2.0.0. I'm not really sure whatever has changed, but I've tested that it didn't require any additional changes for our current usage.

* Chunks will no longer be saved with their original file's extension. Instead they'll only be saved as plain files named 0, 1, ..., n, without any extension whatsoever. Extension for joined chunks will be read from the original file's name in /api/upload/finishchunks. If the user doesn't pass that data when calling the API, the joined chunks will not have any extension.

* Since rimraf has been removed, uploadsController.actuallyFinishChunks() will now use a combination of fs.unlink() and fs.rmdir(). Promise.all() will be used when running fs.unlink() so that all chunks will be deleted at the same time through multiple instances of async tasks (probably).

* Some other small changes and tweaks in uploadController.js.
2018-04-09 01:30:25 +07:00
Bobby Wibowo
b31f28ddcf
Updates
* De loli-safe wherever it's safe to do so.

* Removed bulma tooltip. Sigh, it came from an impulsive decision out of boredom to begin with.

* Chrome extension and GitHub links in home page will now open in new tab.

* File's link in the dashboard's list will still show the full URL in its tooltip, but it will no longer use bulma tooltip extension.
2018-04-04 23:47:20 +07:00
Bobby Wibowo
4217cf4b0f
Updated description about chunkedUploads in config.sample.js. 2018-03-31 23:05:39 +07:00
Bobby Wibowo
66a63ca6d6
Updates (YAY, CHUNKED UPLOADS!)
* Added new dependency: rimraf. This will be used by chunked upload support to bulk delete temporary chunk files.

* Added chunked uploads support :3

* Updated Dropzone to 5.2.0.

* More improvements to thumbnail view. Delete button will now only appear on hover. Some other details, such as file name, size and album/owner will also appear on hover. Touch devices will have all of those appear always visible by default.

* Image thumbnails will now appear on home page after successful uploads (only for WEBP, JPG, JPEG, BMP, GIF and PNG files). WEBP may not work properly in Firefox though.

* Refactored home.js to use const/let and some other stuff.

* Refactored album view. It will now display properly on mobile screen. Download Album button will also no longer be located at the top right, but right below the subtitle.

* Updated some version strings.

* And maybe some others that I can't remember.
2018-03-28 18:36:28 +07:00
Bobby Wibowo
3fa5b24ee5
Updates
* Better auth handling.

* Deleting a file will no longer cause the dashboard to load the very first page of uploaded files list. It will instead reload the currently viewed page.

* Updated dropzone (I guess).
2018-03-25 02:47:41 +07:00
Bobby Wibowo
616124446f
Updates (WARNING!)
WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options).

* generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties.

* fileLength option is now an object with min, max, default and userChangeable as its properties.

* User may now change their preferred file length (following the previous option, of course).

* Updated a bunch of responses messages. Mainly appending a dot to the messages.

* New APIs:
/fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file).
/fileLength/change to change user's preferred file length.

* And maybe some others ...?
2018-03-24 20:52:47 +07:00
Bobby Wibowo
070f4bdafd
Updates
* Updated file name checker to use for-loop instead of do-while-loop.

* Replaced all instances of eslint-disable-line with eslint-disable-next-line.
2018-03-18 20:13:08 +07:00
Bobby Wibowo
dcb72734fe
Patch to allow "retries" when generating random name 2018-03-18 19:21:04 +07:00
Bobby Wibowo
f8459d2b75
Updates
Merge changes from master (add more blocked extensions).
2018-03-15 14:54:14 +07:00
Unknown
56e2f3ff5c Adding .jar and .scr files
JAR - java and friends' executable.
SCR - Windows script executable, commonly used in "screenshot" trick.
2018-03-09 21:27:09 +01:00
Unknown
ba8500144b Ban of .com and .ps1 uploads
It seems that COM files can still be run in Windows, and they behave like any other executable.
PS1 files are scripts, so I put them on the list.
2018-03-06 22:29:40 +01:00
Bobby Wibowo
62f142a046
Updates
Patching albums for installations which serve files through a different domain (experimental).
2018-02-07 13:45:18 +07:00
Bobby Wibowo
66f3b0739d
Updates
Experimental changes to allow generating thumbnails only for EITHER images or videos.
2018-02-07 13:22:31 +07:00
Bobby Wibowo
bcdfcd7064
Various updates
* Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too.

* Lots of refactors to follow the rules of Standard.

* Fixed issue with uploading as a not logged in user.
2018-01-24 03:06:30 +07:00
Bobby Wibowo
47f2f30682
More breaking changes
* Added Editor Config file.

* Added ".vscode/" to .gitignore.

* Added final newline to some files.

* Added KDE Breeze Dark colors.

 * Applied various ESLint autofixes. There were still plenty of non-auto-fixable issues though. I'm not sure why this project had ESLint dev dependency but still ended up with countless issues.

* ... and maybe some others.
2018-01-24 01:00:55 +07:00
Pitu
992b632d1a Added album downloading through front-end 2017-10-04 02:05:38 -03:00
Pitu
07bc306506 New sample config 2017-10-03 21:13:03 -03:00
Pitu
c1963b2809 Changed how domains are handled 2017-10-03 19:48:26 -03:00
Caroline
55ae8c3288 Updated blocked extensions. (#23)
* Update config.sample.js

* Update config.sample.js

* Update config.sample.js
2017-03-29 22:54:45 +02:00
Onestay
ad6b7d25de added array with blocked file extensions
Added an option to add file extensions to the config which will be rejected (https://github.com/WeebDev/loli-safe/issues/19)
2017-03-27 23:07:00 +02:00
Crawl
652365497d Update config.sample.js 2017-03-26 12:07:11 +02:00
Caroline
823e53e77f client_max_body_size reminder 2017-03-26 03:05:00 -07:00
Kanacchi
f6869ff7c5 Merge pull request #11 from PascalTemel/master
support thumbnails for .webm and .mp4 files
2017-02-07 03:20:12 -03:00
Pascal Temel
facf4a29fc support thumbnails for .webm and .mp4 files 2017-02-07 00:53:22 +01:00
Pitu
18c66d27fb Added support for custom html files
There's a new folder that gets created upon running lolisafe for the first time. On said folder any html file with the same name as the default ones will be loaded instead, letting you place custom frontend files without messing with git.
2017-02-06 00:06:33 -03:00
Pitu
93e5f6ab31 Added enableUserAccounts 2017-01-30 05:10:13 -03:00
Pitu
3f4b879144 List and thumb view on uploads 2017-01-22 18:01:39 -03:00
Pitu
cd123b4c11 Forced resolve, updated config.sample.js 2017-01-21 17:21:29 -03:00
Pitu
93891ae1e5 Small fixes 2017-01-19 00:31:01 -03:00
Pitu
aae56e91c9 Added multi-domain support. Maybe 2017-01-18 21:35:31 -03:00
Pitu
11d6c00d89 Better config.sample.js 2017-01-18 20:37:53 -03:00
pitu
bdfd512c10 token handling and verification 2017-01-17 00:37:54 -03:00
kanadeko
f42202259d Changed upload from single file to array 2017-01-16 05:22:19 -03:00
kanadeko
7b72c3e560 Added generation of random token 2017-01-16 04:37:42 -03:00
kanadeko
55e2d17636 Admin panel, pomf-standarization and stuff 2017-01-16 04:21:46 -03:00
kanadeko
0c6912d2c3 stuff 2017-01-15 03:15:08 -03:00
pitu
e5af2bd04c whoops 2017-01-14 20:47:50 -03:00
kanadeko
b81cf72ac4 Changed from ip whitelist to token based auth 2017-01-14 18:13:58 -03:00
Kanacchi
3afa24ddaf Update config.sample.js 2017-01-14 16:23:54 -03:00
kanadeko
a246fc8365 Frontend done 2017-01-14 05:50:18 -03:00
Pitu
de975f0f62 Updated readme 2017-01-13 04:48:18 -03:00