they'll also be collapsed on initial page load
this uses a new client-side dependency, bulma-collapsible
https://github.com/creativebulma/bulma-collapsible
/api/albums to fetch albums list now support simple reply, where only
their ids and names will be returned.
this simple reply will also return all of the user's albums, instead of
being limited to only 9 or 25 entires like before.
fixed add to album in dashboard, and album selector in homepage uploader
being limited to only 25 albums.
Added new dev dependencies:
bulma, gulp-sass, node-sass
Updated some dependencies
Various other things related to styling
Bumped v1 version string and rebuilt client assets
Removed its dependency towards albums' editedAt property.
Editing album's metas (name, description, etc) will no longer update
its editedAt property.
Instead it will now ONLY be updated when adding/removing files to/from
it. Just like how it was meant to be, which was to be used to check
whether it's necessary to re-generate their downloadable ZIPs.
Albums public page cache will still be properly invalidated when
adding/removing files to/from it, as well as after editing their metas.
Added views/album-notice.njk to be used to render okay-ish notice when
an album's public page is still being generated.
I was originally thinking of using it for disabled albums as well, but
I refrained from it to reduce the possibility of disabled album IDs from
being easily scanned (as it just returns 404 now).
Removed invalidatedAt property from stats cache. Instead their caches
will immediately be nullified as they should (thus frees up memory
slightly as well).
Stats cache for albums will now only be cleared when truly necessary.
As in, adding/removing files to/from albums will no longer clear them.
Updated Nunjucks files to properly use h1, h2, h3 tags in actual
hierarchical orders.
Elements that don't need to use hX tags will now use P instead.
Nothing changes visually, only structurally.
Fixed some elements in Nunjucks using single quotes instead of
double quotes. They'd have worked the same, but consistency.
Added h1 title in FAQ page.
Make text for no JS warning a bit bigger, and improved the phrasing
a little bit.
Resolves#194.
Added pagination for Manage your albums page.
Albums sidebar will now only list 9 albums at most.
Use Manage your albums page to view the rest.
Albums in the list will now have View uploads button after all.
Delete album button for albums renamed to Disable album.
Since techincally the server would've always been disabling the albums
instead of deleting them.
It was something upstream dev's decided, and I haven't bothered changing
its behavior.
I'll work on actual Delete album feature some other days.
As the title says, added Manage albums admin page.
Viewing uploads of an album will hook into albumid: filter key.
I'll work on filter and bulk operations some other days.
Updated styling for disabled albums and users.
Instead of havine a line through them, they will be greyed out.
Disable public page of albums will still use line through however.
Links to album's disabled public page are now clickable.
Added a new button styling is-dangerish.
It'll be orange.
Renamed /api/albums/delete to /api/albums/disable.
For backwards compatibility, /api/albums/delete will still work
but automatically re-routed to /api/albums/disable.
/api/uploads/list will no longer print SQLite errors for moderators
or higher when encountering them.
It was originally used to inform moderators of non-existing colum names
when used for sorting.
But on one of the recent commits, I had added a check for allowed colum
names.
Improved some caching in dashboard page.
Added new entries to cookie policy.
Some other small things.
Bumped v1 version string and rebuilt client assets.
/api/check and /api/token/verify will now pass along v1 version string
if used (when config.cacheControl is used) for both home.js and
dashboard.js to use to compare version strings.
This should help notify users using browsers with a bit more overbearing
caching (generally mobile browsers).
Rebuilt client assets and bumped v1 version string
Slight update to yarn.lock (a small syntax change for node-gyp, idk why)
Moved <style> tag from <noscript> tag into <head> tag.
Auto-redirect visitors with JS disabled to either No-JS uploader or
No-JS version of album pages after 3 seconds.
Those changes can be found in a new NJK file at the location below:
views/_partial/noscript-refresh.njk
Made the warning a lot more concise.
It will be shown when token is still being verified.
Moved loader icon section from auth.njk to _partial/loader.njk,
which will also be included into dashboard.njk.
Bumped v1 version string.
Removed version strings from _globals.njk,
in favor of src/versions.json.
That versions in that file can be bumped with "yarn bump-versions".
v1 is automatically bumped when doing "yarn build" as well.
Added README file in src directory, explaining versions.json file.
Added README file in scripts directory, detailing usage of each scripts.
Version strings will no longer be appended when cacheControl is disabled
in config file.
After all, version strings are only needed when the static assets are
cached indefinitely in users' browsers.
Initial Cloudflare's cache purging will no longer be executed when
cloudflare -> purgeCache is disabled, even if cacheControl is enabled.
Just in case someone wants to use version strings for other use cases.
Actually use custom metaDesc variable on meta description tag.
Added iamdustan/smoothscroll polyfill in dashboard pages.
This will polyfill smooth scroll (when executed programmatically)
for older browers.
No-JS uploader's notice button when on private mode will now also say
"Log in to upload", although auth page will still require JS.
All front-end buttons will now use outlined version. I'm lovin' it.
Auth page will now show a loading spinner if the user has a saved token.
Afterwards, they will still be redirected to dashboard.
Better error handlers in home, dashboard, and auth pages.
Removed <hr> from uploads & users lists in dashboard.
"Manage your token" menu will no longer try to make an API request prior
to displaying its page.
Reloading the page will already trigger token verification anyway.
Updated public/images/fb_share.png.
Updated README.md.
A few other tweaks.
Reduced album title max length from 280 to 70.
Existing albums with longer titles will have their titles truncated in
their public pages, but the original titles will still remain in db.
"Load images for preview" will now properly display its saved value.
Increased max parallel uploads to 10.
"yarn develop" will now also restart safe if some Nunjuck templates are
edited (_globals.njk, _layout.njk, and album.njk).
Better meta tags generation.
Bumped v1 version string.
Updated some dev dependencies.
---
Gulp will now build CSS/JS files during development into dist-dev
directory, to prevent IDE's Git from unnecessarily building diff's.
Added dist-dev to ignore files.
---
The entire config fille will now be passed to Nunjuck templates for ease
of access of config values.
Root domain for use in Nunjuck templates will now be parsed from config.
Better page titles.
Updated help message for "Uploads history order" option in
homepage's config tab.
Added "Load images for preview" option to homepage's config tab.
Setting this to false will now prevent image uploads from loading
themselves for previews.
Uploads' original names in homepage's uploads history are now
selectable.
Min/max length for user/pass are now enforced in auth's front-end.
Improved performance of album public pages.
Their generated HTML pages will now be cached into memory.
Unfortunately, No-JS version of their pages will be cached separately,
so each album may take up to double the memory space.
File names in thumbnails no longer have their full URLs as tooltips.
I saw no point in that behavior.
Added video icons.
Homepage's uploads history will now display video icons for videos.
"View thumbnail" button in Dashboard is now renamed to "Show preview".
Their icons will also be changed depending on their file types.
Added max length for albums' title & description.
These will be enforced both in front-end and back-end.
Existing albums that have surpassed the limits will not be enforced.
A few other small improvements.
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
Improved performance of /api/users/:id (admin's manage users).
Promisify fs.writeFile.
Improved performance of /api/stats.
By a lot in Linux, cause uploads size will be deferred to "du" binary.
In addition, total usage of whichever disk uploads path resides on will
also be queried using "df" binary.
Non-Linux will have to rely on manual calculation by querying DB
for each upload's size.
But logics related to uploads stats were also improved to be almost
twice as fast as before.
Improved parsing of /api/stats results on dashboard.js.
This allows ease of extending server's response by not having to update
dashboard.js by much, if at all.
Improved codes relating to item menus in dashboard's sidebar.
Finally much cleaner now 👍
No longer use /api/upload/delete API route from dashboard.
Single file deletion and bulk files deletion, both from uploads list or
by names, will now properly use a single function that will use
/api/upload/bulkdelete API route.
/api/upload/delete will still be kept indefinitely for backward support.
Fixed oddities with Select all checkbox.
Replaced all instances of modifying HTML element's style attribute with
adding/removing is-hidden CSS helper class.
Rephrased all instances of "files" to "uploads" in any display strings.
Fixed notice message when server is on private mode.
A few other improvements.
As the title says, this commit is a massive overhaul.
I've rewritten/restrucuted almost everything in the controller scripts.
Because of that, there's a considerable possibility that I've broken
something somewhere.
Notable changes:
Added temporary uploads.
Removed file name length changer from dashboard,
in favor of an equivalent in homepage config tab.
This allows non-registered users to also set file name length.
A bunch of other undocmented stuff.
I don't know, I'm too tired to remember them all.
Removed browser settings from dashboard,
in favor of config tab in homepage.
With this even non-registered users can configure the uploader.
Fixed homepage breaking when URL uploader is disabled.
Updated fontello.
Added link, cog-alt, and floppy icons.
Better tabs design in homepage.
Bumped v1 & v3 version strings.
Upgraded dependencies.
Stop adding cache-control header to album zip files unless
config.cacheControl is enabled.
Updated CSS files.
Moved thumbnail-related styling to thumbs.css.
Various other fixes & improvements.
Moved render.js from public/js to public/js/s.
Removed sharex.js in favor of public/js/s/utils.js.
Moved getPrettyDate() & getPrettyBytes() to that JS file as well.
Added lsKeys global variable wherever applicable.
Previously the idea was only used in dashboard.js.
Added No-JS version of album public pages.
You'll only have to add ?nojs to the URL.
Viewing the regular version with JS disabled will show a notice with
a link to the No-JS version of the particular album.
Overall page size of the regular version will now be lower as well,
since there'll be no need to add noscript tag for each thumbs.
No longer show Administrator section to non-admin in the dashboard.
Moderators will ONLY be able to see manage users menu as well.
Simplified FAQ wherever applicable.
Added a new FAQ about bug report or feature request.
Updated link for Firefox extension.
Also pushed Firefox link before Chrome, cause I like it more.
Added browser settings menu to dashboard.
This allows you to choose file size unit (kilobyte vs kibibyte) for that
specific browser.
The preference will be used on homepage, dashboard and album pages.
This also allows you to set chunk size and maximum parallel uploads
for the homepage uploader.
All menu links in the dashboard will now scroll to the content once
loaded.
Previously it would only do so with manage uploads/users when
switching pages.
Refactored all instances of for-in & for-of loop from browser JS files.
For the sake of uniformity, for now.
* Replaced all instances of getElementById and getElementsByClassName
with querySelector or querySelectorAll.
* Updated utilsController.js to stop disabling
no-async-promise-executor eslint rule.
* Removed unused lines in dashboard.njk.
* Refactored maxFileSize to maxSize in home.{css,js,njk}.
* Updated ClamAV codes in lolisafe.js. No more pinging.
Since querying version will also check connection anyway.
* Option "Upload to album" in homepage is now selectable.
Selecting this option will restore the uploader to not associate files
with an album.
* Fixed uploader to properly respect server's max file size.
Also updated error message of file size to use MB instead of MiB.
* Creating an album from homepage will automatically select the album.
* Updated Dropzone.js to v5.5.0.
* Bumped v1 & v3 version strings.
* Various other small fixes.
* Added Statistics menu to Administration items in dashboard.
* Added /api/stats route.
Imo, my implementation of this whole thing is rather dirty-ish, but hey
as long as it works.
I'll be using lolisafe2 for future devs tbh.
* Fixed home page going out of bound due to git commit message.
* Git commit message will no longer have dotted underline. The old solution by using border-bottom wasn't suitable when the text is being split by word-break, but text-decoration-style wouldn't look as good due to its distance from the text being too close.
* Updated bulma to 0.7.2.
* Bumped v1 and v3 version strings.
* Various other small tweaks.
Moved page.prepareShareX() to a single JS file named sharex.js. It'll be loaded in home and dashboard pages, and both home.js and dashboard.js will rely on the function provided by it.
The generated ShareX config file will also properly support cases where the safe is being hosted in a subdir now (e.i. https://example.com/lolisafe).
* Added "ShareX user profile" menu item to administration sidebar. This do the same thing as the ShareX icon in the homepage, which is to download a ShareX config.
* Updated version string in _globals.njk. A few of the previous commits also modified some JS files, but I forgot to update the version string back then.
* Added globals.v3 to _globals.njk, which will be used for CSS/JS files of libs (bulma, lazyload, etc.). globals.v1 will now only be used for lolisafe's JS and CSS files.
Since CSS/JS files of libs receive much less updates than lolisafe's (mainly since I push updates a lot), this will decrease the amount of files that users need to re-fetch on every updates.
* Added public/js/album.js which will be used by album.njk (albums public link). I'm going to disable inline scripts in safe.fiery.me.
* Better FAQ. Some points will now dynamically changes depending on the settings you have in your config.js. It's not perfect but certainly much better than before.
* Updated API route: /upload/bulkdelete.
It now accepts an additional property named "field". In it you can now enter either "id" or "name", which will set whether it will bulk delete by ids or names respectively. It also no longer accepts property named "ids", instead it has to be named "values" (which of course is an array of either ids or names). So yeah, now the API route can be used to bulk delete by ids and names.
In the future this will be expanded to bulk deleting files by username (only accessible by root of course).
* Added a form to bulk delete files by names for the hardcore user, like me (https://i.fiery.me/AHph.png).
* Some design update. Mainly forms restructuring aimed at tight screens.
* Changing file name length, requesting new token and setting new password will no longer reload the dashboard page on success. Instead it will simply silently reload the form.
* utils.bulkDeleteFilesByIds() replaced by utils.bulkDeleteFiles() which now can either by ids or names. This will be the one that will eventually be extended for deleting by username.
* Various other code improvements.
* View thumbnail button will now use SweetAlert instead of Bulma's modal (preview: https://i.fiery.me/HDwX.png). It can be made more pretty but this will do for now.
* Fixed a bug where "Copy link to clipboard" button in albums list would only copy its identifier instead of the full URL.
Some other code improvements:
* All instances of adding/removing class names with Element.className will now use Element.classList. So instead of appending and replacing the string, it will now use add/remove functions, thus making it much easier to understand.
* "onkeypress" in auth page moved into a single addEventListener, sort of.
* Removed VSCode's discord extension entry from workspace settings. Eh, I'll go with user settings for this one.
* A bunch of refactors in public JS files (home.js, dashboard.js, etcetera).
* Added lazyload to home page (for thumbs of uploaded images), dashboard (for thumbs view) and albums' public link.
Albums' public link will silently fallback to loading all thumbs at once if JavaScript is disabled.
* A bunch of others code improvements. Honestly I'm too lazy to track all the changes.
Improvements related to albums:
* Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png).
This also adds a new API route: /api/albums/edit.
The old API route, /api/albums/rename, is still available but will silently be using the new API in backend.
* Deleting album will now also delete its zip archive if exists.
* Renaming albums will also rename its zip archive if exists.
* Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat.
* The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier.
* Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier.
* Added "download" and "public" columns to "albums" table in database/db.js.
Existing users can run "node database/migration.js" to add the columns.
Others:
* uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise.
* Album name of disabled/deleted albums will no longer be shown in uploads list.
* Added "fileLength" column to "users" table in database/db.js.
* Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though.
* Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch).
* Updated icons (added download icon).
* Some other improvements/tweaks here and there.
* Updated screenshot in README.md, as well as replaced fb_share.png with the same image.
* Removed 512px.png and replaced it with 512pxr.png (a round version) in manifest.json.
* globals.v is now split into globals.v1 and globals.v2. The former for CSS and JS files, the latter for images and config files (manifest.json, etcetera).
* All static images that are part of the layout will now have their URLs appended with globals.v2 (which means this does not include dynamically generated images such as thumbnails of uploaded files).
* Added "short_name" to manifest.json.
* Added 512px icon to manifest.json.
* Increased brightness of links to satisfy WCAG 2 AA standard.
* Added 'rel="noopener"' to all instances of a[target="_blank"].
* Added 'alt' to all instances of img.
* Updated static files' version string yet again.
* Added 'lang="en"' to html (_layout.njk).
* You can now disable using icons in home's footer links by setting "home_icons" to false in _globals.njk.
* Renamed "meta" block to "opengraph" in _layout.njk, since the block only represents opengraph tags anyways.
* Moved noscript warning to its own file at views/_partial/noscript.njk. It's also now being included in dashboard and auth pages.
* No-JS uploader will no longer use icons in its footer links. It will also no longer load fontello.css.
* Updated static files' version string in _globals.njk.
* Some other tweaks, mainly to get no-icons mode to work properly.
* Moved links.njk to _partial/links.njk.
* Renamed layout.njk to _layout.njk.
* Cleaned some formatting in links.njk and nojs.njk (mainly had something to do with extraneous whitespaces).
Thanks to Zephyrrus for the hints about nunjucks, sort of (he did not really give out any specific hints to me, I stalked his fork, lmao).
* Replaced Handlebars with Nunjucks.
* Replaced all static HTML files with their NJK-equivalent (excluding error pages).
* Renamed "albumDomain" to "homeDomain" in config.sample.js (make sure you update your config.js too).
* Updated dependencies: knex and eslint-plugin-import (dev).
* Updated vscode's settings.json (I may update this again very soon).
