lehnert.cloud/files
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

capping max duration for expiry now

Browse Source
This commit is contained in:
Ludwig Lehnert
2026-01-12 21:10:24 +01:00
parent 93037a68fc
commit 3d1a4eb950
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
expressjs/src/server.js
View File

@@ -19,6 +19,7 @@ const dataDir = process.env.DATA_DIR || path.join(__dirname, '..', 'data');
const dbPath = process.env.DB_PATH || path.join(__dirname, '..', 'data', 'uploads.sqlite'); const dbPath = process.env.DB_PATH || path.join(__dirname, '..', 'data', 'uploads.sqlite');
const adminHash = process.env.MANAGEMENT_ADMIN_HASH || ''; const adminHash = process.env.MANAGEMENT_ADMIN_HASH || '';
const uploadTtlSeconds = parseInt(process.env.UPLOAD_TTL_SECONDS || '604800', 10); const uploadTtlSeconds = parseInt(process.env.UPLOAD_TTL_SECONDS || '604800', 10);
const maxRetentionSeconds = 90 * 24 * 60 * 60;
const maxUploadBytes = parseInt(process.env.UPLOAD_MAX_BYTES || '0', 10); const maxUploadBytes = parseInt(process.env.UPLOAD_MAX_BYTES || '0', 10);
const shareDir = path.join(dataDir, '_share'); const shareDir = path.join(dataDir, '_share');
@@ -1262,8 +1263,10 @@ app.post(`${basePath}/admin/files/:id/extend`, requireAdminPage, async (req, res
? Math.round(override * 3600) ? Math.round(override * 3600)
: uploadTtlSeconds; : uploadTtlSeconds;
const base = Math.max(uploadEntry.expires_at, Date.now()); const now = Date.now();
const nextExpiry = base + extensionSeconds * 1000; const base = Math.max(uploadEntry.expires_at, now);
const maxExpiry = now + maxRetentionSeconds * 1000;
const nextExpiry = Math.min(base + extensionSeconds * 1000, maxExpiry);
await run('UPDATE uploads SET expires_at = ? WHERE id = ?', [nextExpiry, uploadEntry.id]); await run('UPDATE uploads SET expires_at = ? WHERE id = ?', [nextExpiry, uploadEntry.id]);
await logEvent('extend', 'admin', { id: uploadEntry.id, expires_at: nextExpiry }); await logEvent('extend', 'admin', { id: uploadEntry.id, expires_at: nextExpiry });
res.redirect(baseUrl('/admin/dashboard')); res.redirect(baseUrl('/admin/dashboard'));
@@ -1431,6 +1434,7 @@ app.post(`${basePath}/api/upload`, requireAuthApi, upload.single('file'), async
const retentionSeconds = Number.isFinite(retentionOverride) && retentionOverride > 0 const retentionSeconds = Number.isFinite(retentionOverride) && retentionOverride > 0
? Math.round(retentionOverride * 3600) ? Math.round(retentionOverride * 3600)
: uploadTtlSeconds; : uploadTtlSeconds;
const cappedRetention = Math.min(retentionSeconds, maxRetentionSeconds);
try { try {
await fs.promises.rename(req.file.path, storedPath); await fs.promises.rename(req.file.path, storedPath);
@@ -1453,7 +1457,7 @@ app.post(`${basePath}/api/upload`, requireAuthApi, upload.single('file'), async
storedPath, storedPath,
req.file.size, req.file.size,
now, now,
now + retentionSeconds * 1000, now + cappedRetention * 1000,
] ]
); );
await logEvent('upload', req.user.username, { name: storedName, size: req.file.size }); await logEvent('upload', req.user.username, { name: storedName, size: req.file.size });
@@ -1495,8 +1499,10 @@ app.post(`${basePath}/files/:id/extend`, requireAuthPage, async (req, res) => {
? Math.round(override * 3600) ? Math.round(override * 3600)
: uploadTtlSeconds; : uploadTtlSeconds;
const base = Math.max(uploadEntry.expires_at, Date.now()); const now = Date.now();
const nextExpiry = base + extensionSeconds * 1000; const base = Math.max(uploadEntry.expires_at, now);
const maxExpiry = now + maxRetentionSeconds * 1000;
const nextExpiry = Math.min(base + extensionSeconds * 1000, maxExpiry);
await run('UPDATE uploads SET expires_at = ? WHERE id = ?', [nextExpiry, uploadEntry.id]); await run('UPDATE uploads SET expires_at = ? WHERE id = ?', [nextExpiry, uploadEntry.id]);
await logEvent('extend', req.user.username, { id: uploadEntry.id, expires_at: nextExpiry }); await logEvent('extend', req.user.username, { id: uploadEntry.id, expires_at: nextExpiry });
res.redirect(baseUrl('/dashboard')); res.redirect(baseUrl('/dashboard'));