* CORS/CSP fix
* deprecate ALLOWED_IFRAME_ORIGINS
* Revert "deprecate ALLOWED_IFRAME_ORIGINS"
This reverts commit 9792f06691.
* Reapply "deprecate ALLOWED_IFRAME_ORIGINS"
This reverts commit 683ee93036.
* Add helmet config and deprecate previous ALLOWED_IFRAME_ORIGINS
* add build to docker compose for local builds
* set server to listen on 0.0.0.0 and control with cors
* Remove hsts from helmet and apply new pin status check limits
* add back allowed_iframe_origins env as a fallback for allowed_origins
* update readme for allowed_iframe_origins
* feat: Enhance chunk upload functionality with configurable retry logic
- Introduced MAX_RETRIES configuration to allow dynamic adjustment of retry attempts for chunk uploads.
- Updated index.html to read MAX_RETRIES from server-side configuration, providing a default value if not set.
- Implemented retry logic in uploadChunkWithRetry method, including exponential backoff and error handling for network issues.
- Added console warnings for invalid or missing MAX_RETRIES values to improve debugging.
This commit improves the robustness of file uploads by allowing configurable retry behavior, enhancing user experience during upload failures.
* feat: Enhance upload functionality with metadata management and improved error handling
- Introduced persistent metadata management for uploads, allowing resumability and better tracking of upload states.
- Added special handling for 404 responses during chunk uploads, logging warnings and marking uploads as complete if previously finished.
- Implemented metadata directory creation and validation in app.js to ensure proper upload management.
- Updated upload.js to include metadata read/write functions, improving the robustness of the upload process.
- Enhanced cleanup routines to handle stale metadata and incomplete uploads, ensuring a cleaner state.
This commit significantly improves the upload process by adding metadata support, enhancing error handling, and ensuring better resource management during uploads.
Fixes#24
* feat: Add ALLOWED_IFRAME_ORIGINS configuration and update security headers (#47)
- Introduced ALLOWED_IFRAME_ORIGINS environment variable to specify trusted origins for iframe embedding.
- Updated security headers middleware to conditionally allow specified origins in Content Security Policy.
- Enhanced documentation in README.md to explain the new configuration and its security implications.
Fixes#35
* feat: Update .env.example and .gitignore for improved configuration management
- Enhanced .env.example with detailed comments for environment variables, including upload settings, security options, and notification configurations.
- Updated .gitignore to include additional editor and OS-specific files, ensuring a cleaner repository.
- Modified package.json to add a predev script for Node.js version validation and adjusted the dev script for nodemon.
- Improved server.js shutdown handling to prevent multiple shutdowns and ensure graceful exits.
- Refactored config/index.js to log loaded environment variables and ensure the upload directory exists based on environment settings.
- Cleaned up fileUtils.js by removing unused functions and improving logging for directory creation.
This commit enhances clarity and maintainability of configuration settings and improves application shutdown behavior.
* feat: Update Docker configuration and documentation for upload handling
- Explicitly set the upload directory environment variable in docker-compose.yml to ensure clarity in file storage.
- Simplified the Dockerfile by removing the creation of the local_uploads directory, as it is now managed by the host system.
- Enhanced README.md to reflect changes in upload directory management and provide clearer instructions for users.
- Removed outdated development configuration files to streamline the development setup.
This commit improves the clarity and usability of the Docker setup for file uploads.
* feat: Add Local Development Guide and update README for clarity
- Introduced a comprehensive LOCAL_DEVELOPMENT.md file with setup instructions, testing guidelines, and troubleshooting tips for local development.
- Updated README.md to include a link to the new Local Development Guide and revised sections for clarity regarding upload directory management.
- Enhanced the Quick Start section to direct users to the dedicated local development documentation.
This commit improves the onboarding experience for developers and provides clear instructions for local setup.
* feat: Implement BASE_URL configuration for asset management and API requests
- Added BASE_URL configuration to README.md, emphasizing the need for a trailing slash when deploying under a subpath.
- Updated index.html and login.html to utilize BASE_URL for linking stylesheets, icons, and API requests, ensuring correct asset loading.
- Enhanced app.js to replace placeholders with the actual BASE_URL during HTML rendering.
- Implemented a validation check in config/index.js to ensure BASE_URL is a valid URL and ends with a trailing slash.
This commit improves the flexibility of the application for different deployment scenarios and enhances asset management.
Fixes#34, Fixes#39, Fixes#38
* Update app.js, borked some of the css n such
* resolved BASE_URL breaking frontend
* fix: Update BASE_URL handling and security headers
- Ensured BASE_URL has a trailing slash in app.js to prevent asset loading issues.
- Refactored index.html and login.html to remove leading slashes from API paths for correct concatenation with BASE_URL.
- Enhanced security headers middleware to include 'connect-src' directive in Content Security Policy.
This commit addresses issues with asset management and improves security configurations.
- Introduced ALLOWED_IFRAME_ORIGINS environment variable to specify trusted origins for iframe embedding.
- Updated security headers middleware to conditionally allow specified origins in Content Security Policy.
- Enhanced documentation in README.md to explain the new configuration and its security implications.
Fixes#35
- Added support for checking webkitRelativePath in folder uploads, alerting users if their browser does not support this feature.
- Introduced sanitizePathPreserveDirs function to sanitize filenames while preserving directory structure.
- Updated upload route to utilize the new sanitation function and ensure consistent folder naming during uploads.
Fixes#45
* feat: ratelimit pin not working with baseUrl fix
* Remove white space changes
* Refactor PIN verification error handling and input state management
- Improve error handling in login page JavaScript
- Standardize API response structure with explicit success and error fields
- Enhance user feedback for PIN authentication failures
- Implement more robust input state management during login attempts
* Fix PIN verification logic in root route
- Improve PIN verification check to handle missing cookie scenario
- Add explicit check for cookie existence before comparing PIN
- Enhance root route authentication logic for more robust access control
- Modify fetch URLs to use '/api/auth/' prefix for PIN verification endpoints
- Update '/api/pin-required' and '/api/verify-pin' to '/api/auth/pin-required' and '/api/auth/verify-pin'
- Ensure consistent routing for authentication-related API calls
Closes#31
- Introduce BASE_URL environment variable for flexible application URL configuration
- Update .env.example, docker-compose, and README with new configuration option
- Implement BASE_URL validation in config module
- Modify server logging to use configurable base URL
- Provide default base URL generation when not explicitly set
Chores & Configuration
• Enhanced development setup: optimized Dockerfile, refined scripts, and improved .gitignore.
• Updated docker-compose for better dev/prod separation.
• Improved documentation in README and source files.
Features & Enhancements
• Refactored project structure with modular architecture.
• Improved testing infrastructure and integration tests.
• Enhanced file upload logic, client-side handling, and API routes.
• Implemented robust server shutdown, rate limiting, and cleanup mechanisms.
• Improved upload progress tracking with UI enhancements.
• Strengthened security in PIN authentication and cookie handling.
Refactors & Fixes
• Cleaned up test infrastructure, logging, and error handling.
• Simplified API route paths and improved middleware.
• Fixed incorrect total storage size reporting.
• Optimized logging verbosity based on environment.
Documentation
• Expanded project documentation and comments for clarity.
* feat: Add development environment configuration
- Create dev/dev.sh script for simplified development workflow
- Add docker-compose.dev.yml for local development setup
- Update .gitignore to exclude dev directory except specific files
- Add development section to README.md with guide reference
* docs: Update README and docker-compose with comprehensive setup instructions and configuration options
- Add detailed upload progress tracking with speed and time remaining
- Implement dynamic waiting messages during upload initialization
- Create utility functions for file size and speed formatting
- Improve progress bar UI with more informative status details
- Add interval-based speed and progress updates for smoother UI
- Introduce AUTO_UPLOAD environment variable to enable automatic file uploads
- Update .env.example with new configuration options
- Modify docker-compose.yml to use new image and comment out default settings
- Update README.md to document AUTO_UPLOAD feature
- Implement client-side auto upload logic in index.html
- Add server-side logging for auto upload status
chore: Refactor notification message template and size unit handling
- Update server-side upload initialization to always refresh batch activity timestamp
- Enhance client-side file grouping to consistently track batch IDs for files and folders
- Modify drop and file selection handlers to generate batch IDs for all upload scenarios
- Ensure batch ID is preserved and used consistently across file upload groups
- Add automatic batch ID generation for single file uploads
- Generate unique batch ID using timestamp and random string
- Enhance batch ID validation to handle single file and multi-file upload scenarios
- Improve error handling for batch ID format validation
- Refactor getUniqueFilePath and getUniqueFolderPath to use async/await and atomic file operations
- Enhance upload initialization to handle file and folder naming conflicts more robustly
- Implement file handle management to prevent resource leaks
- Add error handling for file and folder creation scenarios
- Ensure parent directories are created recursively when needed
- Add batch ID validation function with specific format requirements
- Generate more secure and unique batch IDs using timestamp and random string
- Update client-side batch ID generation to create consistent, unique identifiers
- Enhance upload initialization route to validate batch ID before processing
- Modify FileUploader to use generated batch ID during uploads
