nicoeri/filebrowser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,908 Commits 5 Branches 175 Tags 102 MiB
20312ff18e
Commit Graph

217 Commits

Author SHA1 Message Date
Anchit Bajaj
b508ac3d4f
fix: xss vulnerability in /api/raw (#2570) (#2572) 2023-07-27 11:42:27 +02:00
Oleg Lobanov
10d628aecc
chore: upgrade golangci-lint to 1.51.1 2023-02-16 09:19:44 +01:00
Gabriel Alencar
428c1c606d
feat: add a new setting that disables the display of the disk usage (#2136) 2023-02-15 23:30:48 +01:00
Ramires Viana
dda9a389f3 feat: hook authentication method 2022-07-20 16:40:49 +02:00
Oleg Lobanov
80030dee32
fix: disable cookie auth for non GET requests 2022-07-19 00:39:02 +02:00
Oleg Lobanov
d94acdd89a
fix: use correct field name in user put api (#2026) 2022-07-05 16:55:31 +02:00
Oleg Lobanov
8118afd0ac
build(backend): upgrade golangci-lint to 1.46.2 (#1991) 2022-06-13 16:13:10 +02:00
langren1353
577c0efa9c
fix: don't calculate usage for files (#1973) 
* fix: use incorrect suffix and return no 500(#1972、#1967)

* chore: set progress bar to small

Co-authored-by: Ramires Viana <59319979+ramiresviana@users.noreply.github.com>

* chore: refactoring

Co-authored-by: Oleg Lobanov <oleg@lobanov.me>
Co-authored-by: Ramires Viana <59319979+ramiresviana@users.noreply.github.com>
 2022-06-13 12:50:39 +02:00
Oleg Lobanov
02730bb9bf
fix: set correct scope when user home creation is enabled 2022-06-03 16:04:15 +02:00
Oleg Lobanov
d1d8e3e340
feat: add disk usage information to the sidebar 2022-06-02 13:16:37 +02:00
Ramires Viana
5da9d74da6 fix: allow CSP inline styling 2022-05-05 15:38:39 +00:00
Ramires Viana
c3bd1188aa fix: expired token error 2022-05-04 12:58:19 +00:00
Oleg Lobanov
7c9a75e725
build(backend): bump dependency versions 2022-05-04 01:00:42 +04:00
Oleg Lobanov
bcef7d3f73
chore: make linter happy 2022-04-30 13:49:33 +04:00
Oleg Lobanov
6366cf0b18
fix: display user scope for admin users (#1834) 2022-02-22 10:58:22 +01:00
Oleg Lobanov
c782f21b0f
fix: correctly handle non-ascii passwords for shared resources 2022-02-21 20:47:28 +01:00
Oleg Lobanov
0942fc7042
fix: don't expose scope for non-admin users 2022-02-21 20:17:42 +01:00
Oleg Lobanov
c1987237d0
feat: use real image path to calculate cache key 2022-02-21 19:59:22 +01:00
Adrian
8888b9f446 feat: add gallery view mode 2022-02-10 17:11:24 +01:00
Oleg Lobanov
6eb3ab0635
fix: upgrade vulnerable versions of the library 2021-12-21 00:17:26 +01:00
Oleg Lobanov
f81857acce
build: refactor makefile 2021-12-20 23:36:50 +01:00
Oleg Lobanov
74b7cd8e81
fix: security issue in command runner (closes #1621) 2021-10-31 17:13:16 +01:00
lilihx
0426629a59
feat: add ability to select file modified time format (#1536) 2021-09-11 14:12:51 +02:00
Ryan Qian
0358e42d2c
feat: add manifest theme color param (#1542) 2021-09-10 17:08:15 +02:00
Oleg Lobanov
4c3099a086
fix: internal server error if --disable-preview-resize flag is set (closes #1510) 2021-08-23 10:03:11 +02:00
Ramires Viana
23d646c456 fix: escape quote on index template 
fixes #1501
 2021-08-20 14:43:06 +02:00
Ramires Viana
c63cc5a2d2 fix: file caching directive 2021-08-20 14:43:06 +02:00
Oleg Lobanov
34d7d2c8c4
chore: upgrade golangci-lint 2021-07-26 12:00:05 +02:00
Oleg Lobanov
201329abce
chore: add Content-Security-Policy header 2021-07-26 11:08:39 +02:00
Oleg Lobanov
f2b5dd3787
chore: don't break folder download if any file processing causes an error 2021-07-26 10:41:56 +02:00
Oleg Lobanov
5072bbb2cb
fix: break resource create/update handlers on error (closes #1464) 2021-07-24 15:33:54 +02:00
Oleg Lobanov
6b19ab6613
fix: don't remove files on unsuccessful updates (closes #1456) 2021-07-24 15:32:24 +02:00
Ramires Viana
209f9fa77f fix: omit file content 2021-04-23 12:04:02 +00:00
Ramires Viana
aa172b8bb5 feat: gzip encoding for static js files 2021-04-22 12:48:45 +00:00
Ramires Viana
4711e7bcd5 chore: set public path on the fly 2021-04-20 19:51:10 +00:00
Ramires Viana
8a47aee137 chore: split preview creation logic 2021-04-19 13:16:48 +00:00
Ramires Viana
190cb99a79 feat: browser cache directives 2021-04-19 12:49:40 +00:00
Ramires Viana
b92152693f chore: split action on resource patch handler 2021-04-16 12:04:06 +00:00
Ramires Viana
7ec24d9d77 feat: support for IE11 browser 2021-04-15 12:28:19 +00:00
Ramires Viana
8973c4598f fix: delete image cache when moving 2021-04-14 15:20:38 +00:00
Ramires Viana
2697093ac1 fix: empty archive name on directory download 2021-03-26 14:45:18 +00:00
Ramires Viana
59f9964e80 fix: check modify permission on file overwrite 2021-03-26 13:30:14 +00:00
Ramires Viana
e1a6f593e1 fix: error causes panic on upload 2021-03-23 13:13:46 +00:00
Oleg Lobanov
a721dc1f31
feat: add health check handler 2021-03-21 12:30:48 +01:00
Ramires Viana
93a35ad251 fix: prefix handling on http router 2021-03-17 17:54:25 +00:00
Ramires Viana
426b38bb33 fix: root path name on archive 2021-03-12 15:52:52 +00:00
Ramires Viana
e017a19985 fix: full file path on share 2021-03-12 12:14:58 +00:00
Ramires Viana
5bf15548d0 fix: check rules on http resource handlers 2021-03-10 17:38:11 +00:00
Ramires Viana
81b6f4d6f6 fix: update image cache when replacing 2021-03-10 15:14:01 +00:00
Ramires Viana
0b92d94570 chore: split POST method on resource http handler 2021-03-10 13:32:11 +00:00
Ramires Viana
54f35701a2 fix: archive contains parent path on Windows 2021-03-09 15:54:54 +00:00
Oleg Lobanov
fc5506179a
refactor: migrate from rice to embed.FS 2021-03-09 19:09:32 +01:00
Ramires Viana
1819377897 feat: improved sharing prompt 2021-02-16 15:39:11 +00:00
Oleg Lobanov
23f84642e6
build: use make for building the project (#1304) 2021-03-04 00:10:08 +01:00
Alvaro Aleman
d8f415f8ab
feat: allow to password protect shares (#1252) 
This changes allows to password protect shares. It works by:
* Allowing to optionally pass a password when creating a share
* If set, the password + salt that is configured via a new flag will be
  hashed via bcrypt and the hash stored together with the rest of the
  share
* Additionally, a random 96 byte long token gets generated and stored
  as part of the share
* When the backend retrieves an unauthenticated request for a share that
  has authentication configured, it will return a http 401
* The frontend detects this and will show a login prompt
* The actual download links are protected via an url arg that contains
  the previously generated token. This allows us to avoid buffering the
  download in the browser and allows pasting the link without breaking
  it
 2021-03-02 12:00:18 +01:00
Oleg Lobanov
019ce80fc5
fix: don't allow to remove root user 2021-01-11 22:33:36 +01:00
WeidiDeng
6914063853
feat: allow disabling file detections by reading header (#1175) 2021-01-07 11:30:17 +01:00
WeidiDeng
fb5b28d9cb
feat: download shared subdirectory (#1184) 
Co-authored-by: Oleg Lobanov <oleg@lobanov.me>
 2020-12-28 17:35:29 +01:00
WeidiDeng
677bce376b
feat: add sharing management (#1178) (closes #1000) 2020-12-24 19:02:28 +01:00
WeidiDeng
f62806f6c9
fix: check user input to prevent permission elevation (#1196) (closes #1195) 2020-12-24 18:22:48 +01:00
Oleg Lobanov
58835b7e53
fix: move files between different volumes (closes #1177) 2020-12-24 17:50:27 +01:00
Oleg Lobanov
586d198d47
fix: fix hanging when reading a named pipe file (closes #1155) 2020-11-24 11:37:31 +01:00
Julien Loir
e8b4e9af46
feat: add single click mode (#1139) 2020-11-23 19:06:37 +01:00
Tiger Nie
10e399b3c3
feat: add hide dotfiles param (#1148) 2020-11-20 11:51:28 +01:00
Ramires Viana
7096b3dab9 fix: empty folder in archive 2020-11-04 15:56:27 +00:00
Ramires Viana
e119bc55ea feat: shared folder file listing 2020-11-04 15:56:05 +00:00
Ramires Viana
1ce3068a99 fix: resource rename action invalid path 2020-11-03 12:30:56 +00:00
Xabi
ad99bf1801
fix: fix panic when accessing nonexistent .js file in static path (#1105) 2020-10-02 15:09:03 +02:00
Keagan McClelland
97693cc611
feat: add disable exec flag (#1090) 2020-10-01 16:45:24 +02:00
Oleg Lobanov
8142b32f38
feat: put selected files in the root of the archive (closes #1065) 2020-09-11 16:54:22 +02:00
Ramires Viana
3d2cb838d1 feat: preview size button 2020-08-25 14:14:15 +00:00
Davide Maggio
c3450f4614
chore: return text/plain header in auth response (#1051) 2020-08-05 10:48:03 +02:00
Oleg Lobanov
411a928fea
chore: fix lint errors 2020-07-28 13:40:06 +02:00
Oleg Lobanov
f5d02cdde9
fix: delete cached previews when deleting file 2020-07-28 11:59:55 +02:00
Oleg Lobanov
95bc92955f
feat: cache resized images 2020-07-27 19:26:45 +02:00
Oleg Lobanov
cb8ac5ebf1
chore: add resize tests 2020-07-27 19:26:44 +02:00
Oleg Lobanov
aa78e3ab1f
feat: add param to disable img resizing 2020-07-27 19:26:44 +02:00
Oleg Lobanov
94ef59602f
feat: limit image resize workers 2020-07-27 19:26:44 +02:00
Ramires Viana
727c63b98e fix: parent verification on copy 2020-07-23 12:02:02 +00:00
Ramires Viana
34dfb49b71 fix: path separator inconsistency on rename 2020-07-20 17:45:45 +00:00
Henrique Dias
0b0a704d44
chore: remove hacdias/fileutils dep (#1037) 2020-07-18 20:10:22 +02:00
Ramires Viana
2636f876ab feat: rename option on replace prompt 2020-07-17 14:11:15 +00:00
Ramires Viana
eed9da1471 feat: file copy, move and paste conflict checking 2020-07-17 12:37:52 +00:00
Ramires Viana
0727496601 fix: remove incomplete uploaded files 2020-07-14 00:21:15 +00:00
Fabian Fritzsche
453636dfe2
fix: add preview bypass for .gif files (#1012) 2020-07-07 16:47:11 +02:00
monkeyWie
6b0d49b1fc
feat: add image thumbnails support (#980) 
* set max image preview size to 1080x1080px
 2020-06-25 09:37:13 +02:00
Oleg Lobanov
68f8348dde
fix: apply all fs user rulles 2020-06-22 18:46:22 +02:00
Ramires Viana
82c883f95e fix: save event hook 
fix filebrowser/filebrowser#696
 2020-06-17 22:57:13 +00:00
Ramires Viana
89773447a5
feat: add folder upload (#981) 
* feat: folder upload
fix filebrowser/filebrowser#741

* fix: apply gofmt formater

* feat: upload button prompt

* feat: empty folder upload
 2020-06-16 21:56:44 +02:00
Oleg Lobanov
28672c0114
fix(security): check user permission to rename files 2020-06-06 17:45:51 +02:00
Oleg Lobanov
700f32718e
refactor: add more go linters (#970) 2020-06-01 01:12:36 +02:00
Oleg Lobanov
ba47e3b2fe
fix: fix static assets url generation (#965) 2020-05-31 22:26:10 +02:00
Henrique Dias
a9e715dc50
Merge branch 'master' into remove-logout-button 2020-01-09 17:27:49 +00:00
Ramires Viana
55a9d945cc Add dark theme 2020-01-09 17:24:59 +00:00
Ovidiu Predescu
b42b09ccbe Disable the logout method for authentication methods other than 'json' (currently 'proxy' and 'none'.) 2019-12-03 17:31:11 -08:00
A Kirkpatrick
5fb7207d65 Determine the real IP address of the client for logging 
When running behind a reverse proxy such as nginx, the remote IP as
logged is always that of the proxy. Figuring out the correct address
in this context is a little tricky, hence the following module is
used:

https://github.com/tomasen/realip
 2019-11-17 14:14:15 +10:30
ttys3
be902be453 fix: prevent maliciously constructed parameters like /api/public/dl/XZzCDnK2_not_exists_hash_name cause panic (#791) 2019-07-05 12:15:57 +01:00
ttys3
fc5e2247f6 http/auth.go: new user signup: support auto user dir creation (#788) 2019-06-21 11:43:21 +01:00
dom3k
ffd8a3a637 fix: use ParseFromRequest instead of ParseFromRequestWithClaims (#771) 
ParseFromRequestWithClaims is DEPRECATED
 2019-06-06 12:22:04 +01:00
Alexandre Stein
b3b5db351f Update download names file for weak clients 2019-05-13 16:30:18 +02:00