Commit graph

86 commits

Author SHA1 Message Date
a2147cc964
Remove broken tests
Will be readded after some major refactoring and modernization.
2024-09-27 18:30:31 +02:00
45a414c5ee
Implement request filters
This moves preexisting blacklists to the database, and adds the
following filter types:

    * IP address
    * IP network
    * MIME type
    * User agent

In addition, IP address handling is now done with the ipaddress
module.
2024-09-27 18:30:28 +02:00
6393538333
Replace NSFW detector implementation 2024-09-27 06:34:14 +02:00
3330a85c2c
ModUI: Update for Textual 0.54.0 2024-03-30 18:23:37 +01:00
polina4096
8a912e8744
Fix remote URL content length check off-by-one
Fixes #85
2023-06-04 06:35:11 +02:00
c2b5e95903
ModUI: Handle opening filter panel with NULL user agent 2023-03-29 07:49:56 +02:00
c189c47306
ModUI: Allow LIKE matching for address filtering 2023-03-29 07:38:36 +02:00
3d1facaec3
Store user agent with files
Needed for moderation.
2023-03-29 07:36:49 +02:00
e00866f5e4
URL: Explicitly set upper-case table name
Looks like recent SQLAlchemy/Alembic chose to lower-case it by
default. Try not to break existing schemas.
2023-03-29 07:19:47 +02:00
3950f6e8eb
fix 500 error when file extension could not be guessed
when a file without an extension was uploaded
and the mimetypes.guess_extension returned None
because there is no official file extension
for that mimetype a NoneType was subscripted
which yielded a 500 http error
2023-01-15 20:36:39 +01:00
e1e99957b6
ModUI: Fix crash when encountering null NSFW score
Fixes #78
2022-12-29 19:51:04 +01:00
647e3a54f1
ModUI: Add application/xml to text handler 2022-12-22 09:55:41 +01:00
0e4f0206ab
ModUI: Fix jinja2 func call in ban action 2022-12-22 09:44:32 +01:00
53249df28d
README: Kitty support was merged in mpv 2022-12-21 19:47:49 +01:00
556cd8aeae
README: Add ModUI screenshot 2022-12-20 16:57:07 +01:00
8b04e08fd6
ModUI: Add application/json to text handler 2022-12-20 16:23:35 +01:00
455863c138
Update requirements.txt 2022-12-20 16:19:49 +01:00
eebd5d8c6d
Add moderation TUI
This ended up way fancier than I imagined.
2022-12-20 16:19:49 +01:00
dcea8bffe1
migrations: Fix file expirations on SQLite
Well that was what we feared. I love arbitrary hardcoded limits.
2022-12-20 14:23:14 +01:00
f76dbef82f
Fix NSFW detection 2022-12-17 02:32:51 +01:00
57c4b6853f
Prevent unreasonably long MIME types 2022-12-13 23:41:12 +01:00
77801efd21
Fix URL test issue 2022-12-13 23:18:40 +01:00
d5763a9854
File: Fix 404 case with secret URLs 2022-12-13 23:17:56 +01:00
aaf0e4492a
Record file sizes in db
Moderation interface is going to use this.
2022-12-13 23:04:48 +01:00
6055a50948
File: Add is_nsfw property 2022-12-13 21:51:39 +01:00
b1ed63c401
README: Add note about StreamMaxLength in clamd.conf 2022-12-12 07:40:38 +01:00
a904922cbd
Add support for ClamAV 2022-12-12 07:35:05 +01:00
da30c8f8ff
index.html: Document appending file names 2022-12-01 03:28:25 +01:00
0b80a62f80
Add support for “secret” file URLs
Closes #47
2022-12-01 02:49:28 +01:00
ed84d3752c
Fix 500 on invalid paths 2022-12-01 01:26:32 +01:00
7661216bc0
Fix handling double file name extensions
Long names would get truncated at the end, causing problems
including unresolvable file URLs. Example with default settings:
    .package.lst → .package.

Fixes #61
2022-12-01 01:19:05 +01:00
9214bb4832
Add X-Expires to file response headers
Tells clients when files will expire, in milliseconds since Unix epoch.

Closes #50.
2022-11-30 02:30:52 +01:00
e168534258
Allow changing expiration date 2022-11-30 02:19:29 +01:00
afe2329bf5
templates/index: Remove unnecessary escaping 2022-11-30 02:19:29 +01:00
a182b6199b
Allow management operations like deleting files
This introduces the X-Token header field in the response of newly
uploaded files as a simple way for users to manage their own files.

It does not need to be particularly secure.
2022-11-30 02:19:29 +01:00
eb0b1d2f69
nsfw_detect: Use PyAV instead of ffmpegthumbnailer 2022-11-29 21:54:43 +01:00
14cfe3da58
nsfw_detect: Use pathlib, fix deprecation warning
Also fix glog suppression
2022-11-29 21:44:07 +01:00
aa443178e1
README: Also run db upgrade after git pull! 2022-11-29 17:23:56 +01:00
db9a20c94d
Add example systemd unit files for prune job 2022-11-29 17:23:30 +01:00
f25619b7e3
nsfw_detect: Tolerate score computation failure 2022-11-29 13:31:35 +01:00
af4b3b06c0
Add support for expiring files
SUPPLEMENTALLY:
- Add an `expiration` field to the `file` table of the database
- Produce a migration for the above change
- Overhaul the cleanup script, and integrate into fhost.py
  (now run using FLASK_APP=fhost flask prune)
- Replace the old cleanup script with a deprecation notice
- Add information about how to expire files to the index
- Update the README with information about the new script

Squashed commits:

Add a note explaining that expired files aren't immediately removed

Show correct times on the index page graph

Improve the migration script, removing the need for --legacy

Use automap in place of an explicit file map in migration

Remove vestigial `touch()`

Don't crash when upgrading a fresh database

Remove vestigial warning about legacy files

More efficiently filter to unexpired files when migrating

#72 (comment)

Coalesce updates to the database during migration

#72 (comment)

Remove vestigial database model

#72 (comment)

prune:  Stream expired files from the database

(as opposed to collecting them all first)

config.example.py:  Add min & max expiration + description
2022-11-29 13:09:26 +01:00
00dba0e189
config.example.py: Clarify MIME ext mapping 2022-11-28 22:30:53 +01:00
be796b9b5b
Add example configuration file
See #73.
2022-11-28 22:30:43 +01:00
b5f0cfdf6f
README: Clarify why serving file requests from the app is bad 2022-11-20 16:54:46 +01:00
4ba18146e1
README: Clarify how to change configuration 2022-11-20 13:05:17 +01:00
afb5811879
README: Warn users about URL fetch network security implications 2022-08-19 22:27:29 +02:00
c7a728ce84
Fix non-seekable file handles
Closes #59
2022-08-11 05:49:46 +02:00
5216e9ebaf
Open upload blacklist in text mode
This wasn’t working since Flask opens files in bin mode by default.
2022-08-01 18:26:35 +02:00
Alexey Sakovets
0db6e4b895 Fix mime splitting
mime[:mime.find(";")]   will remove last character if mime does not contain ";".
Use mime.split(";") instead.
2022-01-01 23:46:41 +03:00
mia
9c4a0fd5a6 remove short_url and add in-tree URLencoder (#53)
This PR removes the short_url dependency as per issue #41.
This implementation is pretty much the same as in short_url except I've rewritten the enbase() function to be iterative instead of recursive.
The only functions of the class are enbase() and debase() since those were the only functions being used by fhost.

Co-authored-by: 7415963987456321 <hrs70@hi.is>
Reviewed-on: #53
Co-authored-by: mia <mia@0x0.st>
Co-committed-by: mia <mia@0x0.st>
2021-12-01 13:25:33 +01:00