From 13bc6893059e541042b416dadf8c0871dc7ca153 Mon Sep 17 00:00:00 2001 From: Peter Cai Date: Wed, 19 Feb 2020 20:32:57 +0800 Subject: [PATCH] load max file size and file lifetime from a separate insecure config --- .gitignore | 3 ++- config.insecure.json.example | 5 +++++ src/util.coffee | 14 ++++++++++++-- src/web/helpButton.coffee | 2 +- 4 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 config.insecure.json.example diff --git a/.gitignore b/.gitignore index 276e4bd..f07eab2 100644 --- a/.gitignore +++ b/.gitignore @@ -9,4 +9,5 @@ worker/ node_modules/ .cargo-ok wrangler.toml -config.json \ No newline at end of file +config.json +config.insecure.json \ No newline at end of file diff --git a/config.insecure.json.example b/config.insecure.json.example new file mode 100644 index 0000000..1306ec8 --- /dev/null +++ b/config.insecure.json.example @@ -0,0 +1,5 @@ +{ + "comments": "This file contains configuration that will be load into the browser frontend. See src/util.coffee for details.", + "max_upload_size": 10485760, + "file_lifetime": "7 days" +} \ No newline at end of file diff --git a/src/util.coffee b/src/util.coffee index 1a7ae42..274f3dd 100644 --- a/src/util.coffee +++ b/src/util.coffee @@ -1,7 +1,16 @@ +import configInsec from "../config.insecure.json" import { detect as detectBrowser } from 'detect-browser' +# The following two items are read from `config.insecure.json` +# These configuration will be load into the frontend, so make sure +# no sensitive information is leaked through the json # Maximum upload size (in bytes) -MAX_UPLOAD_SIZE = 10 * 1024 * 1024 # 10 MB +MAX_UPLOAD_SIZE = configInsec.max_upload_size +# File lifetime (deleted after X days) +# This is only intended for human, any auto-deletion +# should be configured in your S3 bucket +FILE_LIFETIME = configInsec.file_lifetime + # Maximum file name length MAX_FILENAME_LENGTH = 255 # bytes @@ -91,5 +100,6 @@ export { isText, progressText, humanFileSize, - MAX_FILENAME_LENGTH + MAX_FILENAME_LENGTH, + FILE_LIFETIME } \ No newline at end of file diff --git a/src/web/helpButton.coffee b/src/web/helpButton.coffee index 8b89905..94ae5fb 100644 --- a/src/web/helpButton.coffee +++ b/src/web/helpButton.coffee @@ -19,7 +19,7 @@ class HelpButton extends React.Component There is absolutely no guarantee on its functionality, security and reliability.

- Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}, all uploads are kept for 7 days only. + Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}, all uploads are kept for {util.FILE_LIFETIME} only.

File uploads with "Encryption: ON" are encrypted with AES-128-GCM before uploading to server.