Commit Graph

111 Commits

Author SHA1 Message Date
Bobby Wibowo
afdbc7e9a1
Added ClamAV version to Statistics 2020-11-01 07:10:43 +07:00
Bobby Wibowo
88f852584c
!! REPLACED ClamAV BACKEND: clamdjs -> clamscan !!
Update your config file!
2020-11-01 06:35:56 +07:00
Bobby Wibowo
47dd512910
Removed custom ESLint curly rule
Sigh, why did you do this, past me..?

Also fixed "Delete uploads by names".
2020-10-31 01:12:09 +07:00
Bobby Wibowo
22e6c2c3c6
Updated
Replaced all Array.concat() with spread operator and/or push().
Fixed some faulty search logics when using exclusion filters.
Fixed capitalization of mac font in _variables.scss. Stylelint somehow
fricked up again in my previous commit.
2020-10-11 17:32:22 +07:00
Bobby Wibowo
c113184385
Improved disk usage entry in statistics
Now will calculate usage as (total - avail).
In Linux, ext filesystems by default reserves 5% of the space to be
usable by root, making them essentially already "used" space.
Originally we didn't take that into account.

Disk usage percentage will now round down: Math.round() -> Math.floor().
The general behavior in other tools such as "df".
2020-09-08 19:04:12 +07:00
Bobby Wibowo
65847232c4
Added "time taken" info for Statistics menu 2020-08-24 08:08:21 +07:00
Bobby Wibowo
0b27babb31
Refactored "hhmmss" -> "uptime" 2020-08-22 01:39:04 +07:00
Bobby Wibowo
41fb14e865
Added system & node uptime to Statistics menu
src/js/misc/utils.js: Added page.getPrettyUptime().

Updated dependency:
helmet: 3.23.3 -> 4.1.0

lolisafe.js: Disabled CSP by default.
Since helmet 4, CSP would instead be enabled by default.
2020-08-22 01:35:30 +07:00
Bobby Wibowo
a93e34bf87
Init cf-api-token 2020-06-26 13:48:15 +07:00
Bobby Wibowo
0b8b1ed026
More fixes to thumbnailers
Use fluent-ffmpeg's .screenshots() function instead,
with some countermeasures for weird situations.

No more selective error suppressions.
2020-06-15 21:04:30 +07:00
Bobby Wibowo
6d5ee7dd63
Thumbs size 2020-06-06 19:43:20 +07:00
Bobby Wibowo
46c84db64f
Merge branch 'patch-3' of https://github.com/camjac251/lolisafe into camjac251-patch-3 2020-06-06 19:34:46 +07:00
Bobby Wibowo
28c64d531a
Potentially much better video thumbnails
Notable changes, use fluent-ffmpeg's functions instead of passing raw
ffmpeg switches with inputOptions() or outputOptions().

It seems fluent-ffmpeg may be doing some janks with outputOptions().
I can't get select="eq(pict_type\\,I)" to work with it, but it works
with videoFilters(). Weird stuff.
2020-06-06 19:28:42 +07:00
camjac251
cf2593465a Use top variable over config 2020-06-06 02:39:53 -05:00
Bobby Wibowo
8b4b0e79c5
Improved albums public page cache and more
Removed its dependency towards albums' editedAt property.
Editing album's metas (name, description, etc) will no longer update
its editedAt property.
Instead it will now ONLY be updated when adding/removing files to/from
it. Just like how it was meant to be, which was to be used to check
whether it's necessary to re-generate their downloadable ZIPs.

Albums public page cache will still be properly invalidated when
adding/removing files to/from it, as well as after editing their metas.

Added views/album-notice.njk to be used to render okay-ish notice when
an album's public page is still being generated.
I was originally thinking of using it for disabled albums as well, but
I refrained from it to reduce the possibility of disabled album IDs from
being easily scanned (as it just returns 404 now).

Removed invalidatedAt property from stats cache. Instead their caches
will immediately be nullified as they should (thus frees up memory
slightly as well).

Stats cache for albums will now only be cleared when truly necessary.
As in, adding/removing files to/from albums will no longer clear them.

Updated Nunjucks files to properly use h1, h2, h3 tags in actual
hierarchical orders.
Elements that don't need to use hX tags will now use P instead.
Nothing changes visually, only structurally.

Fixed some elements in Nunjucks using single quotes instead of
double quotes. They'd have worked the same, but consistency.

Added h1 title in FAQ page.

Make text for no JS warning a bit bigger, and improved the phrasing
a little bit.
2020-06-03 10:44:24 +07:00
camjac251
9a4c0d5cea Update utilsController.js 2020-06-01 04:27:57 -05:00
camjac251
776414814d add user config option for thumbnail size 2020-06-01 04:17:23 -05:00
camjac251
de70b93cc6
thumbnail generation fix and scale
ffmpeg can sometimes generate broken thumbnails (sometimes a full grey image) when it seeks in the input instead of the output. When it's added after the input, it is a bit slower but it is more stable and will fixes the issue for various formats like HEVC or Prores.

The resolution could benefit from being increased 3x for users who scale up the webpage in their browser or tablet views. It becomes scaled up 200% or 300% when viewed on a smaller screen.
2020-05-29 05:51:38 -05:00
camjac251
1efa8c4ebc
more video extensions for thumbs and reorder
added additional extensions to the video list for more support in thumbnails on files (all are common filetypes so ffmpeg should support the various codecs needed)
Also reordered the image and video list alphabetically
2020-05-25 22:47:24 -05:00
Bobby Wibowo
968fd74676
Updated
No longer initiate expired uploads check if
config.uploads.temporaryUploadsInterval is not set.

"yarn delete-expired" will now list names of the expired uploads too.
2020-05-16 21:45:14 +07:00
Bobby Wibowo
19b4a5e217
Updated Linux-only disk stats
Restore disk usage stats even when config.linuxDiskStats is off

The said config will now only toggle the 'extended' stats which are
disk usage of each directories within the uploads directory
2020-05-02 19:28:13 +07:00
Bobby Wibowo
dc59476592
Updated utilsController.js
Suppress more ffmpeg/ffprobe error messages
2020-04-19 21:52:34 +07:00
Bobby Wibowo
a6156da798
Added .m4v and .m2ts video extensions
Their thumbs can be made with ffmpeg
Run "yarn thumbs 2" to create thumbs for existing uploads with those
extensions

Rebuilt client assets and bumped v1 version string
2020-04-19 21:41:17 +07:00
Bobby Wibowo
3e3878b93c
Massively overhauled uploads filtering endpoint
Please consult the Help? button again to learn all the syntax changes!
The prompt will now also have its width expanded!

Updated dependency, knex: 0.20.13 -> 0.20.15.

Added new dependency: search-query-parser.

Updated all sub-dependencies.

Critical? Admins-only API /users/edit will no longer return NEW password
salt of the user when randomizing their password.

Added page.escape() function to js/misc/utils.js.
This will be used to escape input in upload filters input box.
The same function used in utilsController.js.

Pretty dates will now use / instead of - for date separator.
This is due to the fact that date range key for filtering uploads
can not accepts dates with - separator.
To avoid inconsistency, we will now use / separator.

Caching system of album public pages will now be disabled during
development (yarn develop).

Cleaned up domClick() function in js/dashboard.js.

If using date or expiry range keys when filtering uploads, attach
client's timezone offset to the API requets.
This will be used by the server to calculate timezone differences.

Success prompt when changing token will now auto-close.

Removed ID column from Manage Users.

Improved success prompt when editing users.
This will properly list all of the edited fields at once,
excluding user group change.
Success message for user group change will require a bit more changes
on the API endpoint, which is a bit annoying.

Rebuilt client-side assets and bumped v1 version string.
2020-04-19 02:52:11 +07:00
Bobby Wibowo
325ccfac81
Added config option to enable linux disk stats
The option is disabled by default.
Meaning you need to explicitly set it to true to restore
the old behavior.

The one that uses both "df" and "du" binaries.
I found them to be very slow with 100k+ uploads
on my ancient potato server.
2020-04-08 07:08:18 +07:00
Bobby Wibowo
46fa9677ff
Extended configuration for virus scanning
Added whitelist extensions
Added max size limit
2020-04-04 21:20:01 +07:00
Bobby Wibowo
d9ddfe8e9a
Implemented stripping tags from images
... and optionally videos using ffmpeg (still experimental).

Users can choose whether to strip tags of their uploads or not from
the home uploader's Config tab (safe.fiery.me will have it disabled
by default).

The behavior will also be applied to the downloadable ShareX config.

Server owners can choose to force either behavior.

Make sure to add the new config from config.sample.js.

---

Fixed all instances of "e.i." to "e.g.".
My English sucks okay.

Bumped v1 version string.
2019-11-29 20:42:53 +07:00
Bobby Wibowo
ee920f942f
Cache system & disk stats longer
System stats will be cached for only 1000 ms (1 s)

Disk stats will be cached for 60000 ms (60 s)
2019-11-14 15:08:56 +07:00
Bobby Wibowo
2a81e899b4
Fixed stats not re-generating after errors 2019-11-14 14:53:33 +07:00
Bobby Wibowo
7aaf913166
Actually parse error messages of du & df to String 2019-11-14 14:46:49 +07:00
Bobby Wibowo
98d38d3402
Fixed broken disk stats in linux 2019-11-14 14:42:09 +07:00
Bobby Wibowo
3d09df501d
Updated
Better 'df' handling (check the TODO entry for more details).

Simplified a few lines in dashboard.js.

Bumped v1 version string.
2019-11-14 05:06:59 +07:00
Bobby Wibowo
a28d862c14
Added group bypass to virus scanning
Also better-ish scan results handling again, I guess

Updated dependency knex: 0.20.0 -> 0.20.1
2019-11-06 03:35:04 +07:00
Bobby Wibowo
36763c2a77
Security fix
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.

All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.

Fortunately, they were only used in API routes that required staff
(moderators included) accounts.

---

Updated dependency:
helmet: 3.21.1 -> 3.21.2
2019-10-22 10:52:52 +07:00
Bobby Wibowo
2443390199
Updated utilsController.js
Thumbnails generator: Skip video files that does not have valid duration
metadata, for some reason.
2019-10-15 17:53:23 +07:00
Bobby Wibowo
98a8d03a7f
Updated
Updated controllers to use Promise.all (concurrent processing) wherever
applicable.

Added 2 new entries to todo.md.

Don't check "Select all" checkbox in dashboard when there are no
uploads.

Bumped v1 version string.
2019-09-23 15:09:15 +07:00
Bobby Wibowo
ea37e0b7d3
Updated
Reduced album title max length from 280 to 70.
Existing albums with longer titles will have their titles truncated in
their public pages, but the original titles will still remain in db.

"Load images for preview" will now properly display its saved value.

Increased max parallel uploads to 10.

"yarn develop" will now also restart safe if some Nunjuck templates are
edited (_globals.njk, _layout.njk, and album.njk).

Better meta tags generation.

Bumped v1 version string.
2019-09-19 08:27:19 +07:00
Bobby Wibowo
9e9b0d4439
Updated
Updated some dev dependencies.

---

Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.

Added dist-dev to ignore files.

---

The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.

Root domain for use in Nunjuck templates will now be parsed from config.

Better page titles.

Updated help message for "Uploads history order" option in
homepage's config tab.

Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.

Uploads' original names in homepage's uploads history are now
selectable.

Min/max length for user/pass are now enforced in auth's front-end.

Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.

File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.

Added video icons.
Homepage's uploads history will now display video icons for videos.

"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.

Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.

A few other small improvements.
2019-09-17 11:13:41 +07:00
Bobby Wibowo
c9ba16e1d6
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.

CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.

JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.

Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.

Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).

The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").

---

yarn lint -> gulp lint

yarn build -> gulp default

yarn watch -> gulp watch

yarn develop -> env NODE_ENV=development yarn watch

---

Fixed not being able to demote staff into normal users.

/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).

Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.

Removed is-breeze CSS class name, in favor of Bulma's is-info.

Removed custom styling from auth page, in favor of global styling.

Removed all usage of style HTML attribute in favor of CSS classes.

Renamed js/s/ to js/misc/.

Use loading spinners on dashboard's sidebar menus.

Disable all other sidebar menus when something is loading.

Changed title HTML attribute of disabled control buttons in
uploads & users list.

Hid checkboxes and WIP controls from users list.

Better error messages handling.
Especially homepage will now support CF's HTTP error codes.

Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.

Use Gatsby icon for my blog's link in homepage's footer.

A bunch of other improvements here & there.
2019-09-15 13:20:11 +07:00
Bobby Wibowo
4c741f811a
Add todo file, cause otherwise I'll always forget 2019-09-12 18:34:04 +07:00
Bobby Wibowo
2251f7b154
Stoppin' disk stats goin' to deep 😏 2019-09-10 23:47:34 +07:00
Bobby Wibowo
264bd88e88
Updated
Improved performance of /api/users/:id (admin's manage users).

Promisify fs.writeFile.

Improved performance of /api/stats.
By a lot in Linux, cause uploads size will be deferred to "du" binary.
In addition, total usage of whichever disk uploads path resides on will
also be queried using "df" binary.
Non-Linux will have to rely on manual calculation by querying DB
for each upload's size.
But logics related to uploads stats were also improved to be almost
twice as fast as before.

Improved parsing of /api/stats results on dashboard.js.
This allows ease of extending server's response by not having to update
dashboard.js by much, if at all.

Improved codes relating to item menus in dashboard's sidebar.
Finally much cleaner now 👍

No longer use /api/upload/delete API route from dashboard.
Single file deletion and bulk files deletion, both from uploads list or
by names, will now properly use a single function that will use
/api/upload/bulkdelete API route.

/api/upload/delete will still be kept indefinitely for backward support.

Fixed oddities with Select all checkbox.

Replaced all instances of modifying HTML element's style attribute with
adding/removing is-hidden CSS helper class.

Rephrased all instances of "files" to "uploads" in any display strings.

Fixed notice message when server is on private mode.

A few other improvements.
2019-09-10 23:31:27 +07:00
Bobby Wibowo
df8cac0f0b
Fixed some critical bugs 2019-09-09 01:33:07 +07:00
Bobby Wibowo
02e2e402c3
!!! MASSIVE OVERHAUL !!!
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.

Notable changes:

Added temporary uploads.

Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.

A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
2019-09-08 08:56:29 +07:00
Bobby Wibowo
7e3d177d00
Updated
Added logger.js to format console logs (adding timestamps).

Re-ordered modules loading in lolisafe.js, and a few other minor edits.

Updated dev dependencies.

A few other minor edits.
2019-08-27 00:02:06 +07:00
Bobby Wibowo
51f12ad900
Updated utilsController.js
Used .some() instead of .find().
Probably a tiny bit more efficient.
2019-08-23 20:35:28 +07:00
Bobby Wibowo
f4fa6b6a96
Updated
On video thumbnails generation, skip video files that do not have any
video streams/channels.
This will prevent unnecessary spawning of ffmpeg for those files.

Also suppress error logging when video streams/channels are not found.
2019-08-23 20:31:44 +07:00
Bobby Wibowo
e45d854c09
Updated
* Updated path resolving for upload folder option.
This SHOULD now allow using an absolute path, even those outside of
the lolisafe installation.

* Added a config option at uploads -> generateThumbs, named placeholder.
It's a string option that lets you set path of the placeholder image
for files whose thumbnail could not be generated.
It defaults to the old hard-coded path when set to falsy value.

* Fixed thumbs script not using upload folder from config file.

* Added filters for thumb generation error handling.
This is used to ignore some common error messages,
such as file formats not being supported.
2019-08-23 16:49:53 +07:00
Bobby Wibowo
3a398721b5
Updated
* Replaced all instances of getElementById and getElementsByClassName
with querySelector or querySelectorAll.

* Updated utilsController.js to stop disabling
no-async-promise-executor eslint rule.

* Removed unused lines in dashboard.njk.

* Refactored maxFileSize to maxSize in home.{css,js,njk}.

* Updated ClamAV codes in lolisafe.js. No more pinging.
Since querying version will also check connection anyway.

* Option "Upload to album" in homepage is now selectable.
Selecting this option will restore the uploader to not associate files
with an album.

* Fixed uploader to properly respect server's max file size.
Also updated error message of file size to use MB instead of MiB.

* Creating an album from homepage will automatically select the album.

* Updated Dropzone.js to v5.5.0.

* Bumped v1 & v3 version strings.

* Various other small fixes.
2019-08-20 09:16:34 +07:00
Bobby Wibowo
e6bb94692b
Oversights 2019-08-04 06:42:35 +07:00