chibisafe / chibisafe Goto Github PK

Right now when you try to upload an image that already exists on lolisafe, it doesn't get saved and in return it gives you the link of the one already in there. This is to save space. Now the thing is that if you are uploading to one of your albums, you get the url back and the file is not added to your albums nor to your upload list, which needs fixing.

Is there any way to set the baseURI for lolisafe? Right now if I have it reverse proxied to host.com/img and if I try to login it tries to go to host.com/auth instead of host.com/img/auth.

We should be able to block certain file extensions we don't want uploaded and have multer iterate through the array when processing an incoming file.

const upload = multer({
	storage: storage,
	limits: { 
		fileSize: config.uploads.maxSize 
	},
	fileFilter: function (req, file, cb) {
		if (path.extname(file.originalname) === '.exe') {
			return cb('This file extension is not allowed')
		}
		cb(null, true)
	}
}).array('files[]')

This already takes care of the rejection, config file and array iteration are missing.

Make it so when a user deletes an album, it's public link gets deleted as well

Soo, when I upload file to the server and open link of it, says me error 'Page not found.'

I'd like to let users download all files in an album. Now I could upload a zip of all the files that are in the album, however, I'd have to update that whenever I add files. I propose that all albums have a zip file that is hidden from the album view, but downloadable through a button. Of course, this would be optional and could be disabled in the config.

I'm not sure if anyone else is interested in this feature, but I might be able to make pull request for it if there's any interest.

Even with private mode disabled, nobody should be able to upload through the API UNLESS a valid token is specified. API uploading should only be allowed for users with registered accounts.

This may cause confusion for the administrator because he/she is unable to track who uploaded what.

Uploads using invalid tokens should be met with an error, or alternatively, something along the lines of having their uploads saved under a generic username such as "Anonymous".

IP logging is also very useful for administration purposes.

There could be a list of accounts, and we could ban/delete/etc them from the dashboard.

Also have the option to make an account from there.

Opengraph meta tags are used to generate previews for social platforms like facebook and discord. The bots that scrape this information do not execute javascript, so we can't change the tags once we have the album information - the information has to be there from the start.

I have a working but really ugly example for this feature locally. It uses prerender.io as a middleware and fetches the album information through a GET request in pages/album.html (express routing doesn't work apparently, so I can't do this in album.js), and then changes the tags. Problems with this implementation:

• It's REALLY ugly
• Users who want this feature would have to run their own prerender-node service locally or use the hosted prerender.io service, which might raise privacy issues

If you're interested in this feature I could show you what I've done and you could improve on it. Otherwise, feel free to just close this.

There are several problems with the current approach of loading all the data through an API call, like when you share an album link, the default metadata gets displayed since you can't get the details unless you get into the page and let it load. This is not acceptable if we want to reach a bigger audience.

Sometimes I create albums that later I don't need. Deleting all those uploads one by one is a pain. Would be nice to make it possible to delete albums along with their contents.

The blacklist can be easily bypassed by changing the case sensitivity of the extension.
For example, EXE instead of exe.

Parse the string in lowercases before making comparisons.

It's necessary to add rate limiting on login and register endpoints

As the root user, I'd like to see which user uploaded which file in the uploads overview.

Creating thumbnails of pictures is already supported through graphicsmagick. I'd like to be able to have previews for my .webm files aswell, using for example ffmpeg to create them.

Would be great to be able to select an already uploaded file and assign it to a specific album. This should work for files that are also already part of an album

Maybe I'm on a fake Github。。。

This is just a suggestion and it's specific to my wants, so it's probably not something that would be seen as a necessity.

I have limited space on my vps with multiple websites, backups, etc.

I want to open it to the public, but I don't want them to have 100mb upload limit, I want it at 10mb for non registered users, but 100mb for registered users.

For people with accounts, I don't want to delete their files, but I don't want public uploads to stay forever. I want it to expire after x amount of days ("pubExpire: 30" // public files expire after 30 days variable). (I think this is a request already?)

People with accounts I want them to be able to keep their uploads permanent but have a limit on how much they can upload. So registered users can have permanent uploads for say 5gb storage ("quota: 5GB").

Basically my suggestions are:

1. Public non registered max upload size
2. Registered max upload size
3. Account storage quotas

Also while I'm here, does anyone have a script I can have to add accounts to database so I don't have to change allow registrations in config and restart the service? Or any other scripts (deleting after x amount of days).

Thanks :)

There should be support for custom headers (when tracking IPs) for flexibility. Common header names include X-Real-IP, X-Forwarded-For, CF-Connecting-IP, and etc.

As some people won't use NGINX, some may use Apache, IIS, or just run it directly in a load-balanced environment and also behind reverse proxies such as CloudFlare, CloudFront, Flatly, Voxel, or KeyCDN.

Please also allow host verification when running without a reverse proxy, and send a 400 Bad Request when data that isn't properly formatted as an HTTP Request is sent to the Transmission Control Protocol Pipeline. Examples may include just some dude typing out telnet lolisafe.moe 80 and then typing out random characters.

I think that it would be useful to be able to purge any uploaded file(s) or blacklisting a client via IP address to quickly deal with malicious or illegal intents.

Change memory_limit to RLimitMEM.

(Syntax RLimitMEM bytes, e.g. RLimitMEM 100M)

It would be nice to be able to configure automatic file deletion, to use lolisafe as a temporary uploader or save on disk space.

The usual way of doing it is "delete after X days", but it could also be useful to have files delete themselves after X days of not being accessed, so that frequently accessed files aren't suddenly pulled down.

Add chunked file uploading to get around CF Size limits and such.

Ref:
-http://www.componentix.com/blog/13/file-uploads-using-nodejs-once-again

#enhancement

Hello, I installed with the directions provided and everything appears to be up and running. I can access the site, login, upload screenshots via ShareX but am unable to actually access my photos. Not completely sure what I did wrong.

• Copy of config https://pastebin.com/Ugb1zQFz
• Copy of nginx file https://pastebin.com/1mDFTxiX

Upload test fails after importing this file with the existing token. Error log as follows:

Error: Message:
The request was aborted: Could not create SSL/TLS secure channel.

Request URL:
https://safe.moe/api/upload

Stack trace:
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at ShareX.UploadersLib.Uploader.SendRequestFile(String url, Stream data, String fileName, String fileFormName, Dictionary`2 args, NameValueCollection headers, CookieCollection cookies, ResponseType responseType, HttpMethod method, String contentType, String metadata)

Front page of Safe.moe says at the current moment

502 Bad Gateway
nginx/1.10.3

Are you OK?

When files are directly viewed you're obviously unable to serve the necessary script to use analytics. Due to this inconvenience, I'd like to see Universal Analytics and Measurement Protocol integrated as a something easily configurable.
If you're able to confirm this is possible and that you approve of the feature, I'd be glad to put a bounty on it.
Thanks

Is there any interest of docker support? If so, I would be glad to create a pull request for this 'feature'!

Hello Weeb,

im thinking of adding clientside compression to speedup the upload.
The only bad thing is it doesnt really have any benefits for JPG, PNG, zip (obv.) as they are already compressed quite good. Where it really shines it with Text documents, some binary formats and RAW images.

would you like me to add it and make a PR?

Greetings from Germoney,
Michell

Recently (1 day ago) I have no issues in my ShareX or with website, but today I was tried to upload image, but ShareX return empty responce error, so I go to website and login normally, uploads page seems ok and recent uploads are accessible. After I go on main page of website and try to upload I got an error This account has been disabled. So... does it mean what you planning to compleately close your website or... something actually with my account?

Since we don't save the same file twice, if more than one user uploads the same file and one of them deletes it, it shouldn't delete the file from the system if another user also uploaded it.

Need to check if it's the last/only user that has that file on the database and if it is, then delete it. Of course if the admin deletes it, it goes away for everyone.

Right now this is only possible through the API

As you know in Dashboard we have 2 view mode: table and thumbinal, but both unconvinient: table is bad because I can't know what is file is that (name is random, date not say much about it, album may be not used), thumbinal is bad because in that mode I don't know what is name of that thumbinal and I don't have delete button on it.

I suggest that to improve both:

1. for table when hover on a line we will see baloon with thumbinal, so we can know what is image is that and it will not add extra space to a page.
2. for thumbinal mode when hover on thumbinal, at bottom we will see name of that thumbinal and at top-right will be appear delete button.

P.S. sorry for my English if it hard to understand.

Thumbnails seem to be broken or don't work at all.
The thumbs folder is empty, even after I upload files.

Copying the uploads to the thumbs folder solves it, but I would like to know why it doesn't make them automatically.

I'm not sure if this is useful for anybody else, but I only want to allow certain users to be able to upload files. To achieve this currently, I hid the registration button from the auth form, which is certainly not a proper way to do it.

Please evaluate if this is something you'd like to have in the project or if I should hack it into my implementation myself.

I am using blazing fast as a web host and I am unable to set this up since I dont know if I can install node on it

DOMAIN refused to connect.

root@vps:~/lolisafe# pm2 start lolisafe.js

                        -------------

__/\\\\\\\\\\\\\____/\\\\____________/\\\\____/\\\\\\\\\_____
 _\/\\\/////////\\\_\/\\\\\\________/\\\\\\__/\\\///////\\\___
  _\/\\\_______\/\\\_\/\\\//\\\____/\\\//\\\_\///______\//\\\__
   _\/\\\\\\\\\\\\\/__\/\\\\///\\\/\\\/_\/\\\___________/\\\/___
    _\/\\\/////////____\/\\\__\///\\\/___\/\\\________/\\\//_____
     _\/\\\_____________\/\\\____\///_____\/\\\_____/\\\//________
      _\/\\\_____________\/\\\_____________\/\\\___/\\\/___________
       _\/\\\_____________\/\\\_____________\/\\\__/\\\\\\\\\\\\\\\_
        _\///______________\///______________\///__\///////////////__


                          Community Edition

            Production Process Manager for Node.js applications
                     with a built-in Load Balancer.


                Start and Daemonize any application:
                $ pm2 start app.js

                Load Balance 4 instances of api.js:
                $ pm2 start api.js -i 4

                Monitor in production:
                $ pm2 monitor

                Make pm2 auto-boot at server restart:
                $ pm2 startup

                To go further checkout:
                http://pm2.io/


                        -------------

[PM2] Spawning PM2 daemon with pm2_home=/root/.pm2
[PM2] PM2 Successfully daemonized
[PM2] Starting /root/lolisafe/lolisafe.js in fork_mode (1 instance)
[PM2] Done.

but it gives this error when i try to access it by web
DOMAIN refused to connect.

In addition to #27 add the following:

• View permissions based on account (Requires #39 )
• Ability to contribute to another users album, and have the owner of that album able to have an accept/reject ability for the contribution.

As a user I'd like to be able to move my uploads between albums whenever I want. As far as I know, this is currently only possible while uploading through the chrome extension.

Being able to regenerate a link to an album is a much needed feature. Sometimes you want to share an album either for a limited period of time or for a limited amount of people. The way I see it there are 2 good approaches I can think of:

1. Have a unique link to an album and give the user the possibility to regenerate it so the previews link doesn't work anymore ( typical token functionality )
2. Let the user have a unlimited public links to the album like how Discord invites work, were they can share the same album with different people under different URL's and be able to revoke each of the links at any time. With this, we could even add a timer to links to make them last any amount of time the user wants.

Currently, the thumbnails are generated when a user opens the associated album (or user uploads if no album is specified). This results in broken images for the thumbnails the first time the user views the list.

I propse that the thumbnails should be generated on upload.

Sorry about the issue spam btw.

Someone tried to upload a whole bunch of images and got a You can not upload any more files. after the 999th one. Should be an easy fix.

Clicking this directs you to https://safe.moe/dashboard when the correct url would probably be https://safe.moe/panel

Can you manually register new users? I have some peoples what asked me how could they register on this website. I register on it before registration was closed.

Or when it will be possible again to register new users?

Hello!

When I go to my dashboard and click any links on the side, it just says "There was an error with the request, please check the console for more information."

I didn't change anything, I installed it and logged in.

Also, when I go back to the home page, it logs me out no matter what.

So first of all, you have a great site. Much cleaner and nicer than pomf.

I've had some trouble installing it. I'm relatively new to server stuff. I seem to have everything working fine http://i.idgaf.fyi/ apart from when i upload, my links come out as http://i.idgaf.fyi/i.idgaf.fyi/ke3mHtZLQy8KIqsTjyGlAFz6oV4Z818i.jpg rather than http://i.idgaf.fyi/ke3mHtZLQy8KIqsTjyGlAFz6oV4Z818i.jpg

Know where I went wrong?

thank you for your time ><

https://please-fuck.me/4941f2.png