This repository has been archived on 2023-08-21. You can view files and clone it, but cannot push or open issues/pull-requests.
Go to file
Bobby Wibowo e85e8e886d
added lolisafe upstream compat to /api/album/:id
it will re-map body of /api/album/get/:id into upstream-compatible body.
prep for lolisafe albums support for magane plugin.

/api/album/:id/:page will stil respond with the old format as that's
what the dashboard use and expect.

list views of uploads, users and albums in dashboard will now show
total items count on the table's top right corner.
2020-12-26 19:54:41 +07:00
.github Update actions/setup-node action to v2 (#336) 2020-12-19 12:03:27 +07:00
controllers added lolisafe upstream compat to /api/album/:id 2020-12-26 19:54:41 +07:00
database expanded gulp linter to lint server-side JS files 2020-11-10 22:56:18 +07:00
dist AUTO: Rebuilt client assets and bumped v1 version string 2020-12-26 11:50:53 +00:00
pages/error Updated built-in error pages 2020-05-24 03:45:36 +07:00
public albums sidebar in dashboard is now collapsible 2020-12-26 18:49:51 +07:00
routes added lolisafe upstream compat to /api/album/:id 2020-12-26 19:54:41 +07:00
scripts expanded gulp linter to lint server-side JS files 2020-11-10 22:56:18 +07:00
src added lolisafe upstream compat to /api/album/:id 2020-12-26 19:54:41 +07:00
views albums sidebar in dashboard is now collapsible 2020-12-26 18:49:51 +07:00
.browserslistrc Updates (very important to read) 2019-09-15 13:20:11 +07:00
.dockerignore Ignore .git and .github directories when run dockerfile copy command. 2020-08-21 12:17:15 -03:00
.editorconfig Updates 2018-04-13 23:20:57 +07:00
.env.example add docker-compose stack 2020-07-03 22:50:24 +07:00
.eslintignore Updated 2019-09-17 11:13:41 +07:00
.eslintrc.js Removed custom ESLint curly rule 2020-10-31 01:12:09 +07:00
.gitignore Updated .gitignore 2020-09-27 03:22:31 +07:00
.stylelintignore Updated 2019-09-17 11:13:41 +07:00
.stylelintrc.json Transitioned styling to Sass 2020-07-28 21:47:48 +07:00
AUTHORS Updated 2019-09-12 14:44:31 +07:00
Dockerfile Improved the image creation and reduced final size from 718MB to 241MB. 2020-08-21 12:35:16 -03:00
LICENSE De loli-safe (#77) 2018-04-26 08:54:07 +02:00 !! REPLACED ClamAV BACKEND: clamdjs -> clamscan !! 2020-11-01 06:35:56 +07:00
config.sample.js scanner should NOT be enabled by default 2020-12-26 15:21:49 +07:00
docker-compose.yaml Update docker-compose.yaml 2020-07-03 22:50:24 +07:00
gulpfile.js replaced gulp-sass with gulp-dart-sass 2020-11-18 01:13:30 +07:00
logger.js Removed custom ESLint curly rule 2020-10-31 01:12:09 +07:00
lolisafe.js Added Content-Type override when serving with node 2020-11-03 23:53:56 +07:00
nginx-ssl.sample.conf Updated Nginx sample configs 2020-05-28 09:54:40 +07:00
nginx.docker.conf Fixed typos in sample nginx conf files 2020-08-22 00:46:11 +07:00
nginx.sample.conf Fixed typos in sample nginx conf files 2020-08-22 00:46:11 +07:00
package.json Update dependency sharp to ~0.27.0 (#340) 2020-12-25 21:08:43 +07:00
real-ip-from-cf Updated real-ip-from-cf 2020-07-02 15:22:22 +07:00
renovate.json Updated renovate.json 2020-09-27 05:58:17 +07:00
yarn.lock Update dependency sharp to ~0.27.0 (#340) 2020-12-25 21:08:43 +07:00

lolisafe, a small safe worth protecting

GitHub license

JavaScript Style Guide

This fork is the one being used at If you are looking for the original, head to WeebDev/lolisafe.

If you want to use an existing lolisafe database with this fork, run node ./database/migration.js (or yarn migrate) at least once to create the new columns introduced in this branch (don't forget to make a backup).

Configuration file of lolisafe, config.js, is also NOT fully compatible with this fork. There are some options that had been renamed and/or restructured. Please make sure your config matches the sample in config.sample.js before starting.

Running in production mode

  1. Ensure you have at least Node v10.x installed (v12.x works fine, but v14.x will likely have issues for now).
  2. Clone this repo.
  3. Copy config.sample.js as config.js.
  4. Modify port, domain and privacy options if desired.
  5. Run yarn install --production to install all production dependencies (Yes, use yarn).
  6. Run yarn start to start the service.

Default admin account:
Username: root
Password: changeme

You can also start it with yarn pm2 if you have PM2.

When running in production mode, the safe will use pre-built client-side CSS/JS files from dist directory, while the actual source codes are in src directory.

The pre-built files were processed with postcss-preset-env, cssnano, bublé, and terser.

Running in development mode

This fork has a separate development mode, with which client-side CSS/JS files in src directory will be automatically rebuilt using Gulp tasks.

  1. Follow step 1 to 4 from the production instructions above.
  2. Run yarn install to install all dependencies (including development ones).
  3. Run yarn develop to start the service in development mode.

You can configure the Gulp tasks through gulpfile.js file.

During development, the rebuilt files will be saved in dist-dev directory instead of dist directory. The service will also automatically serve the files from dist-dev directory instead. This is to avoid your IDE's Git from unnecessarily rebuilding diff of the modified files.

Once you feel like your modifications are ready for production usage, you can then run yarn build to build production-ready files that will actually go to dist directory.

If you are submitting a Pull Request, running yarn build before pushing the commit is NOT necessary. As long as the changes already work well in development mode, you may push the commit as-is.
This fork uses GitHub Actions to automatically rebuild client assets after every commit that modifies the source files in src directory.

Failing to build dependencies

Some dependencies may fail to build with Python 2.x, in particular sqlite3 package.

If that happens, I recommend building dependencies with Python 3.x instead.

To force Python 3.x for dependencies building, you can choose to create a file named .npmrc in your lolisafe root directory, and fill it with:


Or you can try the alternative solutions listed in here:

Note: Despite the file being named .npmrc, that preference will also be used when installing dependencies with yarn, so I still recommend sticking with it.

Updating when you have modified some files

Try to use git stash.

Basically you'll be doing this:

  1. git stash to stash away your changes.
  2. git pull to pull updates.
  3. yarn install (or yarn install --production) to install dependencies matching the updated yarn.lock file.
  4. git stash pop (or git stash apply) to restore your changes.

Be warned that some files may have been updated too heavily that they will require manual merging.

If you only do some small modifications such as editing views/_globals.njk and not much else, it's generally safe to do this even in a live production environment. But it's still best practice to at least review just what have been updated, and whether you will need to do some manual merging beforehand.

Still, I heavily recommend simply forking this repository and manually merging upstream changes whenever you feel like doing so. Read more about syncing a fork.

Afterwards, you can instead clone your fork in your production server and pull updates from there. You can then choose to only install production dependencies with yarn install --production there (hint: this is how I setup

Script for missing thumbnails

Thumbnails will not be automatically generated for files that were uploaded before enabling thumbnails generation in the config file.

To generate thumbnails for those files, you can use yarn thumbs.

$ yarn thumbs
$ node ./scripts/thumbs.js

Generate thumbnails.

Usage  :
node scripts/thumbs.js <mode=1|2|3> [force=0|1] [verbose=0|1] [cfcache=0|1]

mode   : 1 = images only, 2 = videos only, 3 = both images and videos
force  : 0 = no force (default), 1 = overwrite existing thumbnails
verbose: 0 = only print missing thumbs (default), 1 = print all
cfcache: 0 = do not clear cloudflare cache (default), 1 = clear cloudflare cache

For example, if you only want to generate thumbnails for image files without overwriting existing ones, you can run yarn thumbs 1, or if you want to generate thumbnails for both image and video files, while also overwriting existsing ones, you can run yarn thumbs 3 1.

You will also need to use this script to overwrite existing thumbnails if you want to change thumbnail size.

ClamAV support

This fork has an optional virus scanning support using ClamAV, utilizing clamscan library (Linux and OS X only).

It will scan new files right after they are uploaded. It will then alert the uploaders of the virus names in ClamAV's database if their files are dirty.

Unfortunately, this will slow down uploads processing as it has to wait for the scans before responding the uploaders. However, it's still highly recommended for public usage, or if you're like me who find the constant buzzing from Google Safe Search too annoying.

To enable this, make sure you have ClamAV installed, or additionally have ClamAV daemon running. Afterwards configure uploads.scan options, and more importantly its sub-option clamOptions. Read more about it in the config.sample.js file.

Additionally, you can also configure usergroups bypass, extensions whitelist, and max file size, to lessen the burden on your server.