Repository files navigation

• Powered byuWebSockets.js &HyperExpress for a much more performant web server, due to being a Node.js binding ofuWebSockets written in C & C++.
• Powered bybetter-sqlite3 for performant SQLite3 database (usingKnex.js for abstraction, thus support for other database enginesmay also come in the future).
• Faster file hashing for duplicates detection by usingBLAKE3 hash function.
• ClamAV virus scanning support for Linux/OS X servers (read more).
• Front-end pages templating withNunjucks.
• A more integrated Cloudflare support (automatically purge files remote cache upon deletion, and more).
• Chunked uploads to support 100MB+ files when hosted behind Cloudflare, or any other proxies with file upload size limits.
• Upload remote URLs (have lolisafe download those remote files for you).
• Performant & configurable rate limits powered byrate-limiter-flexible.
• Albums with shareable pretty public pages.
• User dashboard to manage own uploads and albums.
• Admin dashboard to manage all uploads, albums, and users.
• Robust files search/filters and sorting in the dashboard.
• Usergroups-based permissions.
• Configurable file retention periods per-usergroups.
• Strip images EXIF tags if required (can be forced or toggleable by users, and with experimental support for stripping videos tags as well).
• Various options configurable via header tags upon file uploads (selected file retention period, whether to strip EXIF tags, and more).
• ShareX support with config file builder in the homepage.
• Token-based authentication on all APIs, allowing you to easily integrate lolisafe with anything.
• ... and more!

This fork is the one being used athttps://safe.fiery.me.

It was originally based onWeebDev/lolisafe v3, but later have been so heavily rewritten that it is now simply its own thing.

Chibisafe is an upstream rewrite & rebrand, and technically is lolisafe v4.

If you want to use an existing lolisafe v3 database with this fork, copy overdatabase/db file from your previous installation, then runyarn migrate at least once to create the new database columns introduced in this fork (don't forget to make a backup).

Configuration file of lolisafe v3 (config.js) is also NOT fully compatible with this fork. There are some options that had been renamed and/or restructured

Please make sure your config matches the sample inconfig.sample.js before starting and/or migrating your previous database (hint: this fork's default config assumes your database file is nameddb.sqlite3 instead ofdb).

1. Ensure you have at leastNode.js v18.x or newer, andYarn v1.x installed (incompatible with Yarn v2.x).

2. Clone this repo.
3. Copyconfig.sample.js asconfig.js.
4. Modify port, domain, and other options if desired.
5. Copyviews/_globals.sample.njk asviews/_globals.njk.
6. Modify front-end strings and options if desired.
7. Runyarn install --production to install all production dependencies.
8. Runyarn start to start lolisafe. Alternatively, you can also start lolisafe withyarn pm2 if you havePM2 installed.

When running in production mode, lolisafe will use pre-built client-side CSS/JS files fromdist directory, while the actual source codes are insrc directory.

The pre-built files are processed withpostcss-preset-env,cssnano,bublé, andterser, and done automatically withGitHub Actions.

This fork has a separate development mode, with which client-side CSS/JS files insrc directory will be automatically rebuilt usingGulp tasks.

1. Follow steps1 to 6 from the production instructions above.
2. Runyarn install to install all dependencies (by omitting--production option, Yarn will also install development dependencies).
3. Runyarn dev to start lolisafe in development mode (oryarn dev:reload to also watch file changes).

You can further modify the Gulp tasks throughgulpfile.js file.

During development, the rebuilt files will be saved indist-dev directory instead ofdist directory. Lolisafe will also automatically serve the files fromdist-dev directory instead.
This is to ensure that your IDE's Git extension will not unnecessarily rebuild diffs of the modified files.

Once you feel like your modifications are ready for production usage, you can then runyarn build to build production-ready files that will actually go todist directory.

Try to usegit stash.

Basically you'll be doing this:

1. git stash to stash away your changes.
2. git pull to pull updates.
3. yarn install (oryarn install --production) to install dependencies matching the updatedyarn.lock file.
4. git stash pop (orgit stash apply) to restore your changes.

Be warned that some files may have been updated too heavily that they will require manual merging.

If you only do some small modifications such as editing.njk files and not much else, it's generally safe to do this even in a live production environment. But it's still best practice to at least review just what have been updated, and whether you will need to do some manual merging beforehand.

Still, I heavily recommend simply forking this repository and manually merging upstream changes whenever you feel like doing so. Read more aboutsyncing a fork. Especially if you intend to modify client-side CSS/JS files insrc directory, since you will then need to rebuild assets that go intodist directory, which are guaranteed to always conflict with every updates from this fork that modify them.

Afterwards, you can instead clone your fork into your production server and pull updates from there. You can then choose to only install production dependencies withyarn install --production there to save some disk space (hint: this is the workflow I use forhttps://safe.fiery.me).

This fork has an optional virus scanning support usingClamAV, utilizingclamscan library (Linux and OS X only).

It will scan new files right after they are uploaded, then alert the uploaders of the virus names in ClamAV's database if the files are dirty.

Unfortunately, this will slow down uploads processing as it has to wait for the scans before responding the uploaders. However, it's still highly recommended for public usage, or if you're like me who find the constant buzzing from Google Safe Search too annoying.

To enable this, make sure you haveClamAV installed, or additionally haveClamAV daemon running (using daemon is considerably faster). Afterwards, configureuploads.scan options, and more importantly its sub-optionclamOptions. Read more about them inconfig.sample.js.

Additionally, you can also configure usergroups bypass, extensions whitelist, and max file size, to lessen the burden on your server.