Upgrade to 0.05.18~ynh1

README.md

@@ -23,7 +23,7 @@ The administrator of the Lufi instance you use will not be able to see what is i
 The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)
 
 
-**Shipped version:** 0.05.16~ynh2
+**Shipped version:** 0.05.18~ynh1
 
 **Demo:** https://demo.lufi.io/
 

README_fr.md

@@ -19,7 +19,7 @@ The administrator of the Lufi instance you use will not be able to see what is i
 The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)
 
 
-**Version incluse :** 0.05.16~ynh2
+**Version incluse :** 0.05.18~ynh1
 
 **Démo :** https://demo.lufi.io/
 

check_process

@@ -13,8 +13,10 @@
 		setup_private=1
 		setup_public=1
 		upgrade=1
-		# 0.03.5
+		# 0.03.5~ynh2
 		upgrade=1	from_commit=23e84578464b1fa09f79c98b6a9b5f19bbcf83f3
+		# 0.05.16~ynh2
+		upgrade=1	from_commit=b208e35276b861a78a28bb7d468dad9d11943023
 		backup_restore=1
 		multi_instance=1
 		port_already_use=0

conf/app.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/0.05.16/lufi-0.05.16.tar.gz
-SOURCE_SUM=bd8146e6062fb180897544c27f862b5de56840e3fe7cde41824538f1de55a2b6
+SOURCE_URL=https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/0.05.18/lufi-0.05.18.tar.gz
+SOURCE_SUM=da388595d8c39a82ae118c1c92bb7d8ad637f7351997392bbb645929852a3963
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true

conf/lufi.conf.template

@@ -18,17 +18,17 @@
         clients => 1,
     },
 
-    # put a way to contact you here and uncomment it
-    # you can put some HTML in it
+    # Put a way to contact you here and uncomment it
+    # You can put some HTML in it
     # MANDATORY
     contact       => '<a href="mailto:webmaster@__DOMAIN__">Contact page</a>',
 
-    # put an URL or an email address to receive file reports and uncomment it
-    # it's for make reporting illegal files easy for users
+    # Put an URL or an email address to receive file reports and uncomment it
+    # It's for make reporting illegal files easy for users
     # MANDATORY
     report => 'webmaster@__DOMAIN__',
 
-    # array of random strings used to encrypt cookies
+    # Array of random strings used to encrypt cookies
     # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
     secrets        => ['__SECRET__'],
 
@@ -36,53 +36,53 @@
     # optional, default is Lufi
     #instance_name => 'Lufi',
 
-    # choose a theme. See the available themes in `themes` directory
-    # optional, default is 'default'
+    # Choose a theme. See the available themes in `themes` directory
+    # Optional, default is 'default'
     #theme         => 'default',
 
-    # length of the random URL
+    # Length of the random URL
     # optional, default is 8
     #length            => 8,
 
-    # how many URLs will be provisioned in a batch ?
+    # How many URLs will be provisioned in a batch ?
     # optional, default is 5
     #provis_step       => 5,
 
-    # max number of URLs to be provisioned
+    # Max number of URLs to be provisioned
     # optional, default is 100
     #provisioning      => 100,
 
-    # length of the modify/delete token
+    # Length of the modify/delete token
     # optional, default is 32
     #token_length      => 32,
 
-    # max file size, in octets
-    # you can write it 100*1024*1024
+    # Max file size, in octets
+    # You can write it 100*1024*1024
     # optional, no default
     __MAX_SIZE_SET__max_file_size     => __MAX_FILE_SIZE__*1024*1024,
 
-    # if you want to have piwik statistics, provide a piwik image tracker
-    # only the image tracker is allowed, no javascript
+    # If you want to have piwik statistics, provide a piwik image tracker
+    # Only the image tracker is allowed, no javascript
     # optional, no default
     #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
 
-    # broadcast_message which will displayed on the index page
+    # Broadcast_message which will displayed on the index page
     # optional, no default
     #broadcast_message => 'Maintenance',
 
-    # default time limit for files
-    # valid values are 0, 1, 7, 30 and 365
+    # Default time limit for files
+    # Valid values are 0, 1, 7, 30 and 365
     # optional, default is 0 (no limit)
     default_delay     => 365,
 
     # Number of days after which the files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
-    # a warning message will be displayed on homepage
+    # A warning message will be displayed on homepage
     # optional, default is 0 (no limit)
     #max_delay         => 0,
 
-    # size thresholds: if you want to define max delays for different sizes of file
-    # the keys are size in Bytes, you can't have 10*1000*10000 as key
-    # if a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
+    # Size thresholds: if you want to define max delays for different sizes of file
+    # The keys are size in Bytes, you can't have 10*1000*10000 as key
+    # If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
     # optional, default is using max_delay (see above) for all sizes
     #delay_for_size  => {
     #    10000000   => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
@@ -96,33 +96,54 @@
     # optional, defaut is /
     prefix        => '__PATH__',
 
-    # array of authorized domains for API calls.
-    # if you want to authorize everyone to use the API: ['*']
+    # Array of authorized domains for API calls.
+    # If you want to authorize everyone to use the API: ['*']
     # optional, no domains allowed by default
-    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+    #allowed_domains => ['http://1.example.com', 'http://2.example.com'],
+
+    # String of the URL to be redirected to when accessing /logout
+    # optional, default is no redirection after logging out
+    #logout_custom => 'https://sso.example.com/logout?redirect_uri=https%3A%2F%2Fexample.com',
 
     # Define a path to the upload directory, where the uploaded files will be stored
     # You can define it relative to lufi directory or set an absolute path
     # Remember that it has to be in a directory writable by Lufi user
     # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
     # optional, default is 'files'
-    #upload_dir           => 'files',
+    #upload_dir => 'files',
 
-    # allow to add a password on files, asked before allowing to download files
+    #!!!!!!!!!!!!!!!
+    # EXPERIMENTAL !
+    #!!!!!!!!!!!!!!!
+    # You can store files on Swift object storage (https://en.wikipedia.org/wiki/OpenStack#Swift) instead of filesystem
+    # Please read https://metacpan.org/pod/Net::OpenStack::Swift#SYNOPSIS to know how to configure this setting
+    # IMPORTANT: add a `container` key in it, to let Lufi know which container to use. This is not a regular Net::OpenStack::Swift setting, but Lufi need it.
+    # EXPERIMENTAL: if the upload or download of files are stucked, reload Lufi and create a cron task to reload Lufi once a day
+    # You can copy Lufi files to Swift object storage by launching the command `carton exec script/lufi copyFilesToSwift` (can take a long time)
+    # optional, no default
+    #swift => {
+    #  auth_url    => 'https://auth-endpoint-url/v2.0',
+    #  user        => 'userid',
+    #  password    => 'password',
+    #  tenant_name => 'project_id',
+    #  container   => 'lufi'
+    #},
+
+    # Allow to add a password on files, asked before allowing to download files
     # optional, default is 0
     allow_pwd_on_files => 1,
 
-    # force all files to be in "Burn after reading mode"
+    # Force all files to be in "Burn after reading mode"
     # optional, default is 0
     #force_burn_after_reading => 0,
 
-    # if set, the files' URLs will always use this domain
+    # If set, the files' URLs will always use this domain
     # optional, no default
     #fixed_domain => 'example.org',
 
-    # abuse reasons
-    # set an integer in the abuse field of a file in the database and it will not be downloadable anymore
-    # the reason will be displayed to the downloader, according to the reasons you will configure here.
+    # Abuse reasons
+    # Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+    # The reason will be displayed to the downloader, according to the reasons you will configure here.
     # optional, no default
     #abuse => {
     #   0 => 'Copyright infringment',
@@ -135,7 +156,7 @@
 
     # Mail configuration
     # See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
-    # Optional, default to sendmail method with no arguments
+    # optional, default to sendmail method with no arguments
     #mail => {
     #    # Valid values are 'sendmail' and 'smtp'
     #    how => 'smtp',
@@ -143,27 +164,31 @@
     #},
 
     # Email sender address
-    # Optional, default to no-reply@lufi.io
+    # optional, default to no-reply@lufi.io
     #mail_sender => 'no-reply@lufi.io',
 
+    # Disable sending mail through the server
+    # optional, default is false
+    #disable_mail_sending => 0,
+
     #############
     # DB settings
     #############
 
-    # choose what database you want to use
-    # valid choices are sqlite, postgresql and mysql (all lowercase)
+    # Choose what database you want to use
+    # Valid choices are sqlite, postgresql and mysql (all lowercase)
     # optional, default is sqlite
     dbtype => 'postgresql',
 
     # SQLite ONLY - only used if dbtype is set to sqlite
-    # define a path to the SQLite database
-    # you can define it relative to lufi directory or set an absolute path
-    # remember that it has to be in a directory writable by Lufi user
+    # Define a path to the SQLite database
+    # You can define it relative to lufi directory or set an absolute path
+    # Remember that it has to be in a directory writable by Lufi user
     # optional, default is lufi.db
     #db_path           => 'lufi.db',
 
     # PostgreSQL ONLY - only used if dbtype is set to postgresql
-    # these are the credentials to access the PostgreSQL database
+    # These are the credentials to access the PostgreSQL database
     # mandatory if you choosed postgresql as dbtype
     pgdb => {
         database => '__DB_NAME__',
@@ -178,7 +203,7 @@
     },
 
     # MySQL ONLY - only used if dbtype is set to mysql
-    # these are the credentials to access the MySQL database
+    # These are the credentials to access the MySQL database
     # mandatory if you choosed mysql as dbtype
     #mysqldb => {
     #    database => 'lufi',
@@ -196,8 +221,8 @@
     # LDAP settings (authentication and features)
     #############################################
 
-    # set `ldap` if you want that only authenticated users can upload files
-    # please note that everybody can still download files
+    # Set `ldap` if you want that only authenticated users can upload files
+    # Please note that everybody can still download files
     # optional, no default
     __LDAP__ldap => {
     __LDAP__    uri         => 'ldap://localhost:389',                      # server URI
@@ -214,7 +239,7 @@
     __LDAP__    #}
     __LDAP__},
 
-    # if you've set ldap above, the session will last `session_duration` seconds before
+    # If you've set ldap above, the session will last `session_duration` seconds before
     # the user needs to reauthenticate
     # optional, default is 3600
     #session_duration => 3600,
@@ -271,10 +296,32 @@
     # Htpasswd authentication
     #########################
 
-    # set `htpasswd` if you want to use an htpasswd file instead of ldap
-    # see 'man htpasswd' to know how to create such file
+    # Set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # See 'man htpasswd' to know how to create such file
     #htpasswd => 'lufi.passwd',
 
+    ############################
+    # HTTP header authentication
+    ############################
+
+    # Set `auth_headers` if you want to use HTTP header auth.
+    # Typically, these headers are set by a reverse-proxy
+    # acting as an authentication server. Useful for SSO.
+    # `auth_headers` should contains the user's username.
+    #
+    # /!\ LUFI BLINDLY TRUSTS THESE HEADERS
+    # /!\ IT'S UP TO YOU TO SANITIZE INCOMING HEADERS TO SECURE YOUR INSTANCE
+    #
+    #auth_headers => 'X-AUTH-PREFERRED-USERNAME',
+    #auth_headers_map_value => {
+    #    # Like ldap_map_attr but for headers
+    #    displayname => 'X-AUTH-DISPLAYNAME',
+    #    firstname   => 'X-AUTH-GIVENNAME',
+    #    lastname    => 'X-AUTH-LASTNAME',
+    #    mail        => 'X-AUTH-EMAIL'
+    #},
+
+
     #######################
     # HTTP Headers settings
     #######################
@@ -311,24 +358,28 @@
     # Lufi cron jobs settings
     #########################
 
-    # number of days senders' IP addresses are kept in database
-    # after that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
+    # Expired files will be kept for 2 additional days after the expiration time has passed!
+    # The reasoning behind this is to allow downloads to complete and avoid deleting them while
+    # they are still being tranfered.
+
+    # Number of days senders' IP addresses are kept in database
+    # After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
     # optional, default is 365
     #keep_ip_during    => 365,
 
-    # max size of the files directory, in octets
-    # used by script/lufi cron watch to trigger an action
+    # Max size of the files directory, in octets
+    # Used by script/lufi cron watch to trigger an action
     # optional, no default
     #max_total_size    => 10*1024*1024*1024,
 
-    # default action when files directory is over max_total_size (used with script/lufi cron watch)
-    # valid values are 'warn', 'stop-upload' and 'delete'
+    # Default action when files directory is over max_total_size (used with script/lufi cron watch)
+    # Valid values are 'warn', 'stop-upload' and 'delete'
     # Please, see README.md
     # optional, default is 'warn'
     #policy_when_full  => 'warn',
 
     # Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
-    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
     # optional, no default
     #delete_no_longer_viewed_files => 90,
 };

manifest.json

@@ -6,7 +6,7 @@
         "en": "Self hosting files and sharing anonymous application",
         "fr": "Application d'hébergement et de partage de fichiers anonyme"
     },
-    "version": "0.05.16~ynh2",
+    "version": "0.05.18~ynh1",
     "url": "https://git.framasoft.org/luc/lufi",
     "upstream": {
         "license": "AGPL-3.0-or-later",