From 13bc6893059e541042b416dadf8c0871dc7ca153 Mon Sep 17 00:00:00 2001
From: Peter Cai
Date: Wed, 19 Feb 2020 20:32:57 +0800
Subject: [PATCH] load max file size and file lifetime from a separate insecure
config
---
.gitignore | 3 ++-
config.insecure.json.example | 5 +++++
src/util.coffee | 14 ++++++++++++--
src/web/helpButton.coffee | 2 +-
4 files changed, 20 insertions(+), 4 deletions(-)
create mode 100644 config.insecure.json.example
diff --git a/.gitignore b/.gitignore
index 276e4bd..f07eab2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,4 +9,5 @@ worker/
node_modules/
.cargo-ok
wrangler.toml
-config.json
\ No newline at end of file
+config.json
+config.insecure.json
\ No newline at end of file
diff --git a/config.insecure.json.example b/config.insecure.json.example
new file mode 100644
index 0000000..1306ec8
--- /dev/null
+++ b/config.insecure.json.example
@@ -0,0 +1,5 @@
+{
+ "comments": "This file contains configuration that will be load into the browser frontend. See src/util.coffee for details.",
+ "max_upload_size": 10485760,
+ "file_lifetime": "7 days"
+}
\ No newline at end of file
diff --git a/src/util.coffee b/src/util.coffee
index 1a7ae42..274f3dd 100644
--- a/src/util.coffee
+++ b/src/util.coffee
@@ -1,7 +1,16 @@
+import configInsec from "../config.insecure.json"
import { detect as detectBrowser } from 'detect-browser'
+# The following two items are read from `config.insecure.json`
+# These configuration will be load into the frontend, so make sure
+# no sensitive information is leaked through the json
# Maximum upload size (in bytes)
-MAX_UPLOAD_SIZE = 10 * 1024 * 1024 # 10 MB
+MAX_UPLOAD_SIZE = configInsec.max_upload_size
+# File lifetime (deleted after X days)
+# This is only intended for human, any auto-deletion
+# should be configured in your S3 bucket
+FILE_LIFETIME = configInsec.file_lifetime
+
# Maximum file name length
MAX_FILENAME_LENGTH = 255 # bytes
@@ -91,5 +100,6 @@ export {
isText,
progressText,
humanFileSize,
- MAX_FILENAME_LENGTH
+ MAX_FILENAME_LENGTH,
+ FILE_LIFETIME
}
\ No newline at end of file
diff --git a/src/web/helpButton.coffee b/src/web/helpButton.coffee
index 8b89905..94ae5fb 100644
--- a/src/web/helpButton.coffee
+++ b/src/web/helpButton.coffee
@@ -19,7 +19,7 @@ class HelpButton extends React.Component
There is absolutely no guarantee on its functionality, security and reliability.
- Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}, all uploads are kept for 7 days only.
+ Maximum file size: {util.humanFileSize util.MAX_UPLOAD_SIZE}, all uploads are kept for {util.FILE_LIFETIME} only.
File uploads with "Encryption: ON" are encrypted with AES-128-GCM before uploading to server.