Commit Graph

1925 Commits

Author SHA1 Message Date
Bobby Wibowo
0d05da40b0
fix: fallback deletion url to relative path
if homeDomain is not configured via config file or env var

the deletion url is a frontend page, so it cannot simply assume it's on
the same domain as uploaded files
2022-08-19 09:29:11 +07:00
BobbyWibowo
b18b2ee312 dist: rebuilt client assets and bumped v1 version string 2022-08-19 00:42:07 +00:00
Bobby Wibowo
29c05a9046
fix: home uploader standardized headers set
it'd previously set the string-representation for non-string values
e.g. "null" for null, etc.

auth token is now also set on as axios' default common headers,
just like in dashboard.js, etc., to avoid re-setting it everytime
2022-08-19 07:40:48 +07:00
Bobby Wibowo
6c929efa7b
fix: less strict missing token header check
previously would still assume token is provided when the header is
simply an empty string, which may be unavoidable for some clients
2022-08-19 07:30:32 +07:00
Bobby Wibowo
59c5c8b7b0
fix: guest uploads hanging
caused by auth middleware not passing the request when token is missing
2022-08-19 07:01:45 +07:00
Bobby
4c850f4731
fix: default sharex config download url
used to be always appended with ?v=undefined regardless of cacheControl
option's value in config file

this never came into attention usually, because the default url would
only be presented to non-logged in users when the safe is private
2022-08-10 09:17:48 +07:00
Bobby Wibowo
8142eae9df
refactor: /users/{delete,disable,edit} API routes
simplify self.assertPermission function to only assert permission

fixed hard-coded "root" user protection not being asserted first
2022-08-09 17:51:31 +07:00
Bobby Wibowo
0a62002a6e
fix: re-create "root" user if users table is empty
previously it'd always re-create it if "root" user itself is missing
from users table

this facilitates not having "root" user altogether
2022-08-09 17:28:21 +07:00
Bobby Wibowo
6ff735badb
feat: wrap add to album db query in transaction
additionally allow superadmins to arbitrarily add/remove files to/from
albums via manual API calls, instead of only allowing root user
2022-08-09 17:18:56 +07:00
Bobby Wibowo
4907ef9ad7
chore: indent albumsController.js 2022-08-09 17:00:26 +07:00
Bobby Wibowo
edf7c091e4
feat: wrap upload db insert within transaction 2022-08-09 16:57:55 +07:00
Bobby Wibowo
d8b78d29ed
feat: hard-code prevent registering as "root"
and allow migration script to not throw when root user is missing

this facilitates safely removing root user altogether via database query
if you don't use it
2022-08-08 06:22:18 +07:00
BobbyWibowo
493d2a8df3 dist: rebuilt client assets and bumped v1 version string 2022-08-07 23:09:47 +00:00
Bobby Wibowo
253042e24e
fix: improve filtering uploads by album ids
database logic and dashboard display
2022-08-08 06:08:40 +07:00
Bobby Wibowo
e0d0694a30
fix: frontend errors handling 2022-08-08 05:42:40 +07:00
BobbyWibowo
52299408ae dist: rebuilt client assets and bumped v1 version string 2022-08-07 14:50:44 +00:00
Bobby
b48d8678fd
fix: bump version string for fontello font files
i forgot this is required
2022-08-07 21:50:05 +07:00
BobbyWibowo
b352de8395 dist: rebuilt client assets and bumped v1 version string 2022-08-07 14:45:42 +00:00
Bobby
d86501996b
chore: updated _globals.sample.njk
other than showing how the new server icon is being used, it's also
because paste.fiery.me is currently offline
2022-08-07 21:44:25 +07:00
Bobby
a46a488dfd
feat: added server icon to fontello 2022-08-07 21:43:18 +07:00
Bobby Wibowo
4bb0af4ca7
revert: last 2 commits
this reverts commit 0e4f483506 and aca4a02f53

lel, im going crazy with this
2022-08-05 01:12:58 +07:00
Bobby Wibowo
0e4f483506
refactor: some routes init
this format is now fixed with hyper-express@6.4.5
2022-08-05 01:01:18 +07:00
renovate[bot]
aca4a02f53
fix(deps): update dependency hyper-express to v6.4.5 (#558)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-05 00:59:16 +07:00
Bobby Wibowo
b21fa66e59
fix: possible event listeners memory leak 2022-08-05 00:54:44 +07:00
BobbyWibowo
bdf6557368 dist: rebuilt client assets and bumped v1 version string 2022-08-04 16:49:25 +00:00
Bobby Wibowo
8c26fa4ffa
feat: better axios errors handling 2022-08-04 23:47:48 +07:00
Bobby Wibowo
c6c485447f
feat: token failure rate limit on login/register
also removed default 2 reqs in 5s rate limiter for login/register routes
from sample config, as it's pretty much redundant now
2022-08-04 23:34:58 +07:00
Bobby Wibowo
a406f85215
feat: rate limit token auth failures
hard-coded to max 6 failures in 10 minutes
2022-08-04 23:09:14 +07:00
Bobby Wibowo
abe27b746c
fix: routes/nojs 2022-08-04 22:17:49 +07:00
Bobby Wibowo
3e0aa1361d
fix: detect uploads timed out by uwebsockets 2022-08-04 22:08:40 +07:00
Bobby Wibowo
7381cac0e9
chore: indents and comments 2022-08-04 21:59:50 +07:00
Bobby Wibowo
d7d6a29123
feat: cleaned up routes init
asserting auth and JSON body will now be done via route-specific
mini middlewares (authController's requireUser or optionalUser)
2022-08-04 21:59:06 +07:00
Bobby Wibowo
2dccaacf33
fix(deps): force hyper-express@6.4.2
i forgot merely reverting isn't enough for those that does not use
stock yarn.lock file
2022-08-04 21:50:48 +07:00
Bobby Wibowo
3a597cc51f
revert: "fix(deps): update dependency hyper-express to ~6.4.4 (#556)"
this reverts commit 13f9178438

i'm getting some weird issue with request stream timing
2022-08-04 21:48:43 +07:00
renovate[bot]
13f9178438
fix(deps): update dependency hyper-express to ~6.4.4 (#556)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 18:50:07 +07:00
renovate[bot]
d618286913
fix(deps): update dependency systeminformation to ~5.12.3 (#557)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 18:49:57 +07:00
Bobby Wibowo
bc76d93ac4
revert: "fix(deps): update dependency hyper-express to ~6.4.3 (#552)"
this reverts commit 80cfea0e83

relevant issue: https://github.com/kartikk221/hyper-express/issues/101
2022-08-03 17:44:39 +07:00
renovate[bot]
80cfea0e83
fix(deps): update dependency hyper-express to ~6.4.3 (#552)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:37:04 +07:00
renovate[bot]
971cf82d68
fix(deps): update dependency jszip to ~3.10.1 (#553)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:34:38 +07:00
renovate[bot]
0dc408f82c
fix(deps): update dependency systeminformation to ~5.12.2 (#554)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:34:19 +07:00
renovate[bot]
48dbe5a2ed
chore(deps): update dependency eslint to ~8.21.0 (#555)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 17:33:44 +07:00
Bobby Wibowo
2351528a42
fix: redundant logic 2022-08-03 17:31:49 +07:00
Bobby Wibowo
46c8867223
fix: internally prepend chunksData UUID with IP
even less chance for a collision to occur
2022-08-03 17:28:42 +07:00
Bobby Wibowo
2f48becf23
feat: ms time resolution in log when on dev mode 2022-08-03 17:26:09 +07:00
Bobby Wibowo
0ebefe083a
refactor: removed clamscan passthrough support
unfortunately it simply was not reliable enough

and maintaining it is simply adding more complexity to the codes

moreover it was only possible to passthrough regular non-chunked uploads
2022-08-02 16:19:57 +07:00
BobbyWibowo
238e6b9bc3 dist: rebuilt client assets and bumped v1 version string 2022-08-01 08:22:10 +00:00
Bobby Wibowo
164cadd8b9
feat: increased regular users' max sort keys to 2
possible use case, sorting by albumid, then size

moderators and above still have no limits
2022-08-01 15:21:23 +07:00
Bobby Wibowo
ac38b6f06e
feat: if sort uploads by album id, sort null last
also improved indenting on some lines of codes
2022-08-01 15:20:14 +07:00
Bobby Wibowo
d833ec26e7
feat: show album id in dashboard's uploads list 2022-08-01 15:18:45 +07:00
Bobby Wibowo
323c107f64
fix: ServeStatic
init setContentDisposition and setContentType functions immediately as
private functions to reduce complexity

so instead check for the required map/store before using them

also fixed content-type override ending up with duplicate headers
2022-08-01 07:29:49 +07:00