Commit Graph

1999 Commits

Author SHA1 Message Date
Bobby Wibowo
c6c485447f
feat: token failure rate limit on login/register
also removed default 2 reqs in 5s rate limiter for login/register routes
from sample config, as it's pretty much redundant now
2022-08-04 23:34:58 +07:00
Bobby Wibowo
a406f85215
feat: rate limit token auth failures
hard-coded to max 6 failures in 10 minutes
2022-08-04 23:09:14 +07:00
Bobby Wibowo
abe27b746c
fix: routes/nojs 2022-08-04 22:17:49 +07:00
Bobby Wibowo
3e0aa1361d
fix: detect uploads timed out by uwebsockets 2022-08-04 22:08:40 +07:00
Bobby Wibowo
7381cac0e9
chore: indents and comments 2022-08-04 21:59:50 +07:00
Bobby Wibowo
d7d6a29123
feat: cleaned up routes init
asserting auth and JSON body will now be done via route-specific
mini middlewares (authController's requireUser or optionalUser)
2022-08-04 21:59:06 +07:00
Bobby Wibowo
2dccaacf33
fix(deps): force hyper-express@6.4.2
i forgot merely reverting isn't enough for those that does not use
stock yarn.lock file
2022-08-04 21:50:48 +07:00
Bobby Wibowo
3a597cc51f
revert: "fix(deps): update dependency hyper-express to ~6.4.4 (#556)"
this reverts commit 13f9178438

i'm getting some weird issue with request stream timing
2022-08-04 21:48:43 +07:00
renovate[bot]
13f9178438
fix(deps): update dependency hyper-express to ~6.4.4 (#556)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 18:50:07 +07:00
renovate[bot]
d618286913
fix(deps): update dependency systeminformation to ~5.12.3 (#557)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 18:49:57 +07:00
Bobby Wibowo
bc76d93ac4
revert: "fix(deps): update dependency hyper-express to ~6.4.3 (#552)"
this reverts commit 80cfea0e83

relevant issue: https://github.com/kartikk221/hyper-express/issues/101
2022-08-03 17:44:39 +07:00
renovate[bot]
80cfea0e83
fix(deps): update dependency hyper-express to ~6.4.3 (#552)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:37:04 +07:00
renovate[bot]
971cf82d68
fix(deps): update dependency jszip to ~3.10.1 (#553)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:34:38 +07:00
renovate[bot]
0dc408f82c
fix(deps): update dependency systeminformation to ~5.12.2 (#554)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:34:19 +07:00
renovate[bot]
48dbe5a2ed
chore(deps): update dependency eslint to ~8.21.0 (#555)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:33:44 +07:00
Bobby Wibowo
2351528a42
fix: redundant logic 2022-08-03 17:31:49 +07:00
Bobby Wibowo
46c8867223
fix: internally prepend chunksData UUID with IP
even less chance for a collision to occur
2022-08-03 17:28:42 +07:00
Bobby Wibowo
2f48becf23
feat: ms time resolution in log when on dev mode 2022-08-03 17:26:09 +07:00
Bobby Wibowo
0ebefe083a
refactor: removed clamscan passthrough support
unfortunately it simply was not reliable enough

and maintaining it is simply adding more complexity to the codes

moreover it was only possible to passthrough regular non-chunked uploads
2022-08-02 16:19:57 +07:00
BobbyWibowo
238e6b9bc3 dist: rebuilt client assets and bumped v1 version string 2022-08-01 08:22:10 +00:00
Bobby Wibowo
164cadd8b9
feat: increased regular users' max sort keys to 2
possible use case, sorting by albumid, then size

moderators and above still have no limits
2022-08-01 15:21:23 +07:00
Bobby Wibowo
ac38b6f06e
feat: if sort uploads by album id, sort null last
also improved indenting on some lines of codes
2022-08-01 15:20:14 +07:00
Bobby Wibowo
d833ec26e7
feat: show album id in dashboard's uploads list 2022-08-01 15:18:45 +07:00
Bobby Wibowo
323c107f64
fix: ServeStatic
init setContentDisposition and setContentType functions immediately as
private functions to reduce complexity

so instead check for the required map/store before using them

also fixed content-type override ending up with duplicate headers
2022-08-01 07:29:49 +07:00
Bobby Wibowo
21ec4a7479
fix: 416 status code handling 2022-07-31 16:46:35 +07:00
Bobby Wibowo
0598a63989
refactor: serve handlers/middlewares
moved shared codes into serveUtils to reduce complexity
2022-07-31 16:34:06 +07:00
BobbyWibowo
2b2a7c407d dist: rebuilt client assets and bumped v1 version string 2022-07-31 09:04:15 +00:00
Bobby Wibowo
40675e2a40
fix: dashboard select all checkbox logic 2022-07-31 16:03:02 +07:00
BobbyWibowo
4add610864 dist: rebuilt client assets and bumped v1 version string 2022-07-31 08:56:32 +00:00
Bobby Wibowo
527498bb1e
perf: list albums db query 2022-07-31 15:55:27 +07:00
Bobby Wibowo
285e79c5a7
feat: configurable uploads/albums/users per page
please check sample.config.js for new options

if missing from config, defaults to 25 per page (old defaults)
2022-07-31 15:51:32 +07:00
Bobby Wibowo
a6e1943655
chore: init dist static assets before public 2022-07-31 14:49:58 +07:00
Bobby Wibowo
2389974c7d
feat: ServeStaticQuick
chokidar is now a production dependency

please read the comments in ServeStaticQuick.js for a description of
what the class does

public and dist directories are now served with that class by default

before starting hyper-express on the listen port, await for all
ServeLiveDirectory and ServeStaticQuick instances
2022-07-31 14:31:25 +07:00
Bobby Wibowo
d40d1e396f
fix: ServeStatic with zero bytes files 2022-07-31 14:17:06 +07:00
Bobby Wibowo
bea63b07d8
fix: no-cache cache-control for static assets
when cacheControl is disabled in config

this behavior makes more sense, and will then properly rely on our
internal conditinal GETs handlers and whatnot
2022-07-31 14:10:44 +07:00
Bobby Wibowo
b1566c5abf
refactor: ServeLiveDirectory
ensure forward slashes path

refactored init method

ensure internal res.type is set before attempting to call external
setHeaders function, to allow overrides
2022-07-31 14:08:13 +07:00
Bobby Wibowo
b9badcc944
fix: ServeStatic ensure forward slashes path 2022-07-31 14:06:17 +07:00
Bobby
4591b8bb42
refactor: generateUniqueToken -> getUniqueToken
this now matches lifecycle with similar functions in upload and album
controllers

also added a new util function .mask() for basic string masking
2022-07-30 08:37:57 +07:00
Bobby
b7dcf30578
feat: console logs for identifiers on debug only 2022-07-30 08:35:26 +07:00
Bobby
548af312a7
chore: authController.js 2022-07-30 08:02:17 +07:00
Bobby
c23bc90412
refactor: album random identifier generation 2022-07-30 08:01:19 +07:00
Bobby
5fd6685e44
chore: lolisafe.js 2022-07-30 07:53:38 +07:00
renovate[bot]
fa9ca96d66
chore(deps): update dependency browserslist to ~4.21.3 (#548)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-30 05:05:48 +07:00
renovate[bot]
d1e61f0ec8
fix(deps): update dependency rate-limiter-flexible to ~2.3.8 (#549)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-30 05:05:37 +07:00
Bobby Wibowo
8782a004d6
chore: uploadController.js 2022-07-29 10:17:17 +07:00
Bobby Wibowo
681a3ca32f
fix: ServeStatic content-length transfer-encoding
both headers cannot co-exist at the same time, so we pass the expected
content-length value into 2nd param of Response.stream(), so that the
internal can decide to add it only when required
2022-07-29 10:16:49 +07:00
Bobby Wibowo
8748dcefb0
feat: parse content-disposition on url uploads 2022-07-29 10:15:11 +07:00
Bobby Wibowo
dbb4547105
chore: keep comments of deprecated opts in config
as easy reminders for older users
2022-07-29 09:56:11 +07:00
Bobby Wibowo
fae28f9aa2
feat: deprecate uploads.cacheFileIdentifiers conf
maintaining it is an unnecessary complexity
it's a feature that doesn't scale too well anyways

also renamed "queryDbForFileCollisions" to
"queryDatabaseForIdentifierMatch"
and updated config description accordingly

this should also now properly free the internal onHold Set
2022-07-29 09:14:55 +07:00
Bobby Wibowo
03eff45e8c
refactor: uploadController.js
some logic improvements
2022-07-28 13:26:15 +07:00