load max file size and file lifetime from a separate insecure config

.gitignore

@@ -9,4 +9,5 @@ worker/
 node_modules/
 .cargo-ok
 wrangler.toml
-config.json
+config.json
+config.insecure.json

config.insecure.json.example

@@ -0,0 +1,5 @@
+{
+  "comments": "This file contains configuration that will be load into the browser frontend. See src/util.coffee for details.",
+  "max_upload_size": 10485760,
+  "file_lifetime": "7 days"
+}

src/util.coffee

@@ -1,7 +1,16 @@
+import configInsec from "../config.insecure.json"
 import { detect as detectBrowser } from 'detect-browser'
 
+# The following two items are read from `config.insecure.json`
+# These configuration will be load into the frontend, so make sure
+# no sensitive information is leaked through the json
 # Maximum upload size (in bytes)
-MAX_UPLOAD_SIZE = 10 * 1024 * 1024 # 10 MB
+MAX_UPLOAD_SIZE = configInsec.max_upload_size
+# File lifetime (deleted after X days)
+# This is only intended for human, any auto-deletion
+# should be configured in your S3 bucket
+FILE_LIFETIME = configInsec.file_lifetime
+
 # Maximum file name length
 MAX_FILENAME_LENGTH = 255 # bytes
 
@@ -91,5 +100,6 @@ export {
   isText,
   progressText,
   humanFileSize,
-  MAX_FILENAME_LENGTH
+  MAX_FILENAME_LENGTH,
+  FILE_LIFETIME
 }

src/web/helpButton.coffee

@@ -19,7 +19,7 @@ class HelpButton extends React.Component
           There is <strong>absolutely no guarantee</strong> on its functionality, security and reliability.
         </p>
         <p>
-          <strong>Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}</strong>, all uploads are kept for <strong>7 days</strong> only.
+          <strong>Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}</strong>, all uploads are kept for <strong>{util.FILE_LIFETIME}</strong> only.
         </p>
         <p>
           File uploads with <strong>"Encryption: ON"</strong> are encrypted with <i>AES-128-GCM</i> before uploading to server.