feat(v3.7.12): version

* fix: update to @types/node@18

this fixes the type error at  line 14 of lib/datasources/Local.ts

* feat: proper range request handling

* fix: docker casing warnings

* fix: infinity in header and cleanup

* fix: types for s3 and supabase size return value

* chore: remove unneeded newline

* chore: remove leftover dev comment

* fix: don't use 206 & content-range when client did not request it

.devcontainer/Dockerfile

@@ -7,4 +7,6 @@ RUN usermod -l zipline node \
     && chmod 0440 /etc/sudoers.d/zipline \
     && sudo apt-get update && apt-get install gnupg2 -y
 
-USER zipline
+EXPOSE 3000
+
+USER zipline

.devcontainer/devcontainer.json

@@ -41,7 +41,7 @@
   "remoteUser": "zipline",
   "updateRemoteUserUID": true,
   "remoteEnv": {
-    "CORE_DATABASE_URL": "postgres://postgres:postgres@localhost/zip10"
+    "CORE_DATABASE_URL": "postgres://postgres:postgres@db/zip10"
   },
   "portsAttributes": {
     "3000": {

.env.local.example

@@ -7,7 +7,7 @@ CORE_RETURN_HTTPS=true
 CORE_SECRET="changethis"
 CORE_HOST=0.0.0.0
 CORE_PORT=3000
-CORE_DATABASE_URL="postgres://postgres:postgres@localhost/zip10"
+CORE_DATABASE_URL="postgres://postgres:postgres@db/zip10"
 CORE_LOGGER=false
 CORE_STATS_INTERVAL=1800
 CORE_INVITES_INTERVAL=1800
@@ -47,4 +47,4 @@ URLS_LENGTH=6
 RATELIMIT_USER=5
 RATELIMIT_ADMIN=3
 
-# for more variables checkout the docs
+# for more variables checkout the docs

.github/workflows/docker-release.yml

@@ -13,8 +13,8 @@ on:
   workflow_dispatch:
 
 jobs:
-  push_to_ghcr:
-    name: Push Release Image to GitHub Packages
+  push:
+    name: Push Release Image
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
@@ -32,14 +32,20 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Login to Github Packages
+      - name: Login to GitHub Packages
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build Docker Image
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and Push Docker Image
         uses: docker/build-push-action@v3
         with:
           push: true
@@ -47,5 +53,7 @@ jobs:
           tags: |
             ghcr.io/diced/zipline:latest
             ghcr.io/diced/zipline:${{ steps.version.outputs.zipline_version }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/zipline:latest
+            ${{ secrets.DOCKERHUB_USERNAME }}/zipline:${{ steps.version.outputs.zipline_version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max

.github/workflows/docker.yml

@@ -12,8 +12,8 @@ on:
   workflow_dispatch:
 
 jobs:
-  push_to_ghcr:
-    name: Push Image to GitHub Packages
+  push:
+    name: Push Image
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
@@ -38,7 +38,13 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build Docker Image
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and Push Docker Image
         uses: docker/build-push-action@v3
         with:
           push: true
@@ -46,5 +52,7 @@ jobs:
           tags: |
             ghcr.io/diced/zipline:trunk
             ghcr.io/diced/zipline:trunk-${{ steps.version.outputs.zipline_version }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/zipline:trunk
+            ${{ secrets.DOCKERHUB_USERNAME }}/zipline:trunk-${{ steps.version.outputs.zipline_version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max

Dockerfile

@@ -1,8 +1,8 @@
 # Use the Prisma binaries image as the first stage
-FROM ghcr.io/diced/prisma-binaries:5.1.x as prisma
+FROM ghcr.io/diced/prisma-binaries:5.1.x AS prisma
 
 # Use Alpine Linux as the second stage
-FROM node:18-alpine3.16 as base
+FROM node:18-alpine3.16 AS base
 
 # Set the working directory
 WORKDIR /zipline
@@ -27,7 +27,7 @@ ENV PRISMA_QUERY_ENGINE_BINARY=/prisma-engines/query-engine \
 # Install the dependencies
 RUN yarn install --immutable
 
-FROM base as builder
+FROM base AS builder
 
 COPY src ./src
 COPY next.config.js ./next.config.js

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 dicedtomato
+Copyright (c) 2024 dicedtomato
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -121,7 +121,7 @@ This section requires [Flameshot](https://www.flameshot.org/), [jq](https://sted
   
 If using wayland you will need to have [wl-clipboard](https://github.com/bugaevc/wl-clipboard) installed, for the `wl-copy` command.
 
-If you are not using GNOME/KDE/Qtile/Sway, and are using something like a wlroots-based compositor (ex. [Hyprland](https://github.com/hyprwm/Hyprland/), [River](https://github.com/riverwm/river), etc), you will need to set the `XDG_CURRENT_DESKTOP` environment variable to `sway`, which will just override it for this script. Adding `export XDG_CURRENT_DESKTOP=sway` to the start of the script will work.
+If you are not using GNOME/KDE/Qtile/Sway, and are using something like a wlroots-based or wlroots-compatible compositor (ex. [Hyprland](https://github.com/hyprwm/Hyprland/), [River](https://github.com/riverwm/river), etc), you will need to set the `XDG_CURRENT_DESKTOP` environment variable to `sway`, which will just override it for this script. Adding `export XDG_CURRENT_DESKTOP=sway` to the start of the script will work.
 
 After this, replace the `xsel -ib` with `wl-copy` in the script.
 
@@ -141,7 +141,7 @@ To upload files using flameshot we will use a script. Replace $TOKEN and $HOST w
 DATE=$(date '+%h_%Y_%d_%I_%m_%S.png');
 flameshot gui -r > ~/Pictures/$DATE;
 
-curl -H "Content-Type: multipart/form-data" -H "authorization: $TOKEN" -F file=@$1 $HOST/api/upload | jq -r 'files[0].url' | xsel -ib
+curl -H "Content-Type: multipart/form-data" -H "authorization: $TOKEN" -F file=@$1 $HOST/api/upload | jq -r '.files[0]' | xsel -ib
 ```
 
 # Contributing
@@ -169,4 +169,4 @@ Create a pull request on GitHub. If your PR does not pass the action checks, the
 
 # Documentation
 
-Documentation source code is located in [diced/zipline-docs](https://github.com/diced/zipline-docs), and can be accessed [here](https://zipl.vercel.app).
+Documentation source code is located in [diced/zipline-docs](https://github.com/diced/zipline-docs), and can be accessed [here](https://zipline.diced.sh/docs/get-started).

mimes.json

@@ -42,6 +42,9 @@
   ["afm", ["application/octet-stream"]],
   ["afp", ["application/vnd.ibm.modcap"]],
   ["ahead", ["application/vnd.ahead.space"]],
+  ["ahk", ["text/autohotkey"]],
+  ["ahk1", ["text/autohotkey"]],
+  ["ahk2", ["text/autohotkey"]],
   ["ai", ["application/postscript"]],
   ["aif", ["audio/aiff"]],
   ["aifc", ["audio/aiff"]],

package.json

@@ -1,6 +1,6 @@
 {
   "name": "zipline",
-  "version": "3.7.7",
+  "version": "3.7.12",
   "license": "MIT",
   "scripts": {
     "dev": "npm-run-all build:server dev:run",
@@ -79,7 +79,7 @@
     "@types/katex": "^0.16.6",
     "@types/minio": "^7.1.1",
     "@types/multer": "^1.4.10",
-    "@types/node": "^18.18.10",
+    "@types/node": "18",
     "@types/qrcode": "^1.5.5",
     "@types/react": "^18.2.37",
     "@types/sharp": "^0.32.0",

prisma/migrations/20240912180249_exports/migration.sql

@@ -0,0 +1,14 @@
+-- CreateTable
+CREATE TABLE "Export" (
+    "id" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+    "complete" BOOLEAN NOT NULL DEFAULT false,
+    "path" TEXT NOT NULL,
+    "userId" INTEGER NOT NULL,
+
+    CONSTRAINT "Export_pkey" PRIMARY KEY ("id")
+);
+
+-- AddForeignKey
+ALTER TABLE "Export" ADD CONSTRAINT "Export_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/schema.prisma

@@ -27,6 +27,20 @@ model User {
   Invite         Invite[]
   Folder         Folder[]
   IncompleteFile IncompleteFile[]
+  Exports        Export[]
+}
+
+model Export {
+  id        String   @id @default(cuid())
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  complete  Boolean  @default(false)
+
+  path String
+
+  user   User @relation(fields: [userId], references: [id], onDelete: Cascade)
+  userId Int
 }
 
 model Folder {

src/components/File/index.tsx

@@ -72,6 +72,9 @@ export default function File({
           },
           transition: 'filter 0.2s ease-in-out',
           cursor: 'pointer',
+          display: 'flex',
+          alignItems: 'center',
+          justifyContent: 'center',
         }}
         shadow='md'
         onClick={() => setOpen(true)}

src/components/Layout.tsx

@@ -356,7 +356,7 @@ export default function Layout({ children, props }) {
                       )
                     }
                     variant='subtle'
-                    color='gray'
+                    color={theme.colorScheme === 'dark' ? 'dark' : 'gray'}
                     compact
                     size='xl'
                     p='sm'

src/components/Theming.tsx

@@ -4,6 +4,10 @@ import { useEffect } from 'react';
 import ayu_dark from 'lib/themes/ayu_dark';
 import ayu_light from 'lib/themes/ayu_light';
 import ayu_mirage from 'lib/themes/ayu_mirage';
+import catppuccin_mocha from 'lib/themes/catppuccin_mocha';
+import catppuccin_macchiato from 'lib/themes/catppuccin_macchiato';
+import catppuccin_frappe from 'lib/themes/catppuccin_frappe';
+import catppuccin_latte from 'lib/themes/catppuccin_latte';
 import dark from 'lib/themes/dark';
 import dark_blue from 'lib/themes/dark_blue';
 import dracula from 'lib/themes/dracula';
@@ -32,6 +36,10 @@ export const themes = {
   ayu_dark,
   ayu_mirage,
   ayu_light,
+  catppuccin_mocha,
+  catppuccin_macchiato,
+  catppuccin_frappe,
+  catppuccin_latte,
   nord,
   dracula,
   matcha_dark_azul,
@@ -46,6 +54,10 @@ export const friendlyThemeName = {
   ayu_dark: 'Ayu Dark',
   ayu_mirage: 'Ayu Mirage',
   ayu_light: 'Ayu Light',
+  catppuccin_mocha: 'Catppuccin Mocha',
+  catppuccin_macchiato: 'Catppuccin Macchiato',
+  catppuccin_frappe: 'Catppuccin Frappé',
+  catppuccin_latte: 'Catppuccin Latte',
   nord: 'Nord',
   dracula: 'Dracula',
   matcha_dark_azul: 'Matcha Dark Azul',

src/components/Type.tsx

@@ -60,7 +60,7 @@ function VideoThumbnailPlaceholder({ file, mediaPreview, ...props }) {
   return (
     <Box sx={{ position: 'relative' }}>
       <Image
-        src={file.thumbnail}
+        src={typeof file.thumbnail === 'string' ? file.thumbnail : `/r/${file.thumbnail.name}`}
         sx={{
           width: '100%',
           height: 'auto',

src/components/pages/Manage/index.tsx

@@ -1,14 +1,17 @@
 import {
   ActionIcon,
+  Alert,
   Anchor,
   Box,
   Button,
   Card,
+  Code,
   ColorInput,
   CopyButton,
   FileInput,
   Group,
   Image,
+  List,
   PasswordInput,
   SimpleGrid,
   Space,
@@ -22,6 +25,7 @@ import { randomId, useInterval, useMediaQuery } from '@mantine/hooks';
 import { useModals } from '@mantine/modals';
 import { showNotification, updateNotification } from '@mantine/notifications';
 import {
+  IconAlertCircle,
   IconBrandDiscordFilled,
   IconBrandGithubFilled,
   IconBrandGoogle,
@@ -41,6 +45,7 @@ import {
   IconUserExclamation,
   IconUserMinus,
   IconUserX,
+  IconX,
 } from '@tabler/icons-react';
 import AnchorNext from 'components/AnchorNext';
 import { FlameshotIcon, ShareXIcon } from 'components/icons';
@@ -264,7 +269,7 @@ export default function Manage({ oauth_registration, oauth_providers: raw_oauth_
     setExports(
       res.exports
         ?.map((s) => ({
-          date: new Date(Number(s.name.split('_')[3].slice(0, -4))),
+          date: new Date(s.createdAt),
           size: s.size,
           full: s.name,
         }))
@@ -272,6 +277,26 @@ export default function Manage({ oauth_registration, oauth_providers: raw_oauth_
     );
   };
 
+  const deleteExport = async (name) => {
+    const res = await useFetch('/api/user/export?name=' + name, 'DELETE');
+    if (res.error) {
+      showNotification({
+        title: 'Error deleting export',
+        message: res.error,
+        color: 'red',
+        icon: <IconX size='1rem' />,
+      });
+    } else {
+      showNotification({
+        message: 'Deleted export',
+        color: 'green',
+        icon: <IconFileZip size='1rem' />,
+      });
+
+      await getExports();
+    }
+  };
+
   const handleDelete = async () => {
     const res = await useFetch('/api/user/files', 'DELETE', {
       all: true,
@@ -355,6 +380,129 @@ export default function Manage({ oauth_registration, oauth_providers: raw_oauth_
     }
   };
 
+  const startFullExport = () => {
+    modals.openConfirmModal({
+      title: <Title>Are you sure?</Title>,
+      size: 'xl',
+      children: (
+        <Box px='md'>
+          <Alert color='red' icon={<IconAlertCircle size='1rem' />} title='Warning'>
+            This export contains a significant amount of sensitive data, including user information,
+            passwords, metadata, and system details. It is crucial to handle this file with care to prevent
+            unauthorized access or misuse. Ensure it is stored securely and shared only with trusted parties.
+          </Alert>
+
+          <p>
+            The export provides a snapshot of Zipline&apos;s data and environment. Specifically, it includes:
+          </p>
+
+          <List>
+            <List.Item>
+              <b>User Data:</b> Information about users, avatars, passwords, and registered OAuth providers.
+            </List.Item>
+            <List.Item>
+              <b>Files:</b> Metadata about uploaded files including filenames, passwords, sizes, and
+              timestamps, linked users. <i>(Note: the actual contents of the files are not included.)</i>
+            </List.Item>
+            <List.Item>
+              <b>URLs:</b> Metadata about shortened URLs, including the original URL, short URL, and vanity.
+            </List.Item>
+            <List.Item>
+              <b>Folders:</b> Metadata about folders, including names, visibility settings, and files.
+            </List.Item>
+            <List.Item>
+              <b>Thumbnails:</b> Metadata about thumbnails, includes the name and creation timestamp.{' '}
+              <i>(Actual image data is excluded.)</i>
+            </List.Item>
+            <List.Item>
+              <b>Invites:</b> Metadata about invites, includes the invite code, creator, and expiration date.
+            </List.Item>
+            <List.Item>
+              <b>Statistics:</b> Usage data that is used on the statistics page, including upload counts and
+              such.
+            </List.Item>
+          </List>
+          <p>
+            Additionally, the export captures <b>system-specific information</b>:
+          </p>
+          <List>
+            <List.Item>
+              <b>CPU Count:</b> The number of processing cores available on the host system.
+            </List.Item>
+            <List.Item>
+              <b>Hostname:</b> The network identifier of the host system.
+            </List.Item>
+            <List.Item>
+              <b>Architecture:</b> The hardware architecture (e.g., <Code>x86</Code>, <Code>arm</Code>) on
+              which Zipline is running.
+            </List.Item>
+            <List.Item>
+              <b>Platform:</b> The operating system platform (e.g., <Code>linux</Code>, <Code>darwin</Code>)
+              on which Zipline is running.
+            </List.Item>
+            <List.Item>
+              <b>Version:</b> The current version of the operating system (kernel version)
+            </List.Item>
+            <List.Item>
+              <b>Environment Variables:</b> The configuration settings and variables defined at the time of
+              execution.
+            </List.Item>
+          </List>
+
+          <p>
+            <i>Note:</i> By omitting the actual contents of files and thumbnails while including their
+            metadata, the export ensures it captures enough detail for migration to another instance, or for
+            v4.
+          </p>
+        </Box>
+      ),
+      labels: { confirm: 'Yes', cancel: 'No' },
+      cancelProps: { color: 'red' },
+      onConfirm: async () => {
+        modals.closeAll();
+        showNotification({
+          title: 'Exporting all server data...',
+          message: 'This may take a while depending on the amount of data.',
+          loading: true,
+          id: 'export-all',
+          autoClose: false,
+        });
+
+        const res = await useFetch('/api/admin/export', 'GET');
+        if (res.error) {
+          updateNotification({
+            id: 'export-all',
+            title: 'Error exporting data',
+            message: res.error,
+            color: 'red',
+            icon: <IconFileExport size='1rem' />,
+            autoClose: true,
+          });
+        } else {
+          updateNotification({
+            title: 'Export created',
+            message: 'Your browser will prompt you to download a JSON file with all the server data.',
+            id: 'export-all',
+            color: 'green',
+            icon: <IconFileExport size='1rem' />,
+            autoClose: true,
+          });
+
+          const blob = new Blob([JSON.stringify(res)], { type: 'application/json' });
+          const a = document.createElement('a');
+          a.style.display = 'none';
+          const url = URL.createObjectURL(blob);
+          console.log(url, res);
+          a.setAttribute('download', `zipline_export_${Date.now()}.json`);
+          a.setAttribute('href', url);
+          a.click();
+
+          URL.revokeObjectURL(url);
+        }
+      },
+    });
+  };
+
   const interval = useInterval(() => getExports(), 30000);
   useEffect(() => {
     getExports();
@@ -580,6 +728,7 @@ export default function Manage({ oauth_registration, oauth_providers: raw_oauth_
               { id: 'name', name: 'Name' },
               { id: 'date', name: 'Date' },
               { id: 'size', name: 'Size' },
+              { id: 'actions', name: '' },
             ]}
             rows={
               exports
@@ -591,6 +740,11 @@ export default function Manage({ oauth_registration, oauth_providers: raw_oauth_
                     ),
                     date: x.date.toLocaleString(),
                     size: bytesToHuman(x.size),
+                    actions: (
+                      <ActionIcon onClick={() => deleteExport(x.full)}>
+                        <IconTrash size='1rem' />
+                      </ActionIcon>
+                    ),
                   }))
                 : []
             }
@@ -615,6 +769,11 @@ export default function Manage({ oauth_registration, oauth_providers: raw_oauth_
             >
               Delete all uploads
             </Button>
+            {user.superAdmin && (
+              <Button size='md' onClick={startFullExport} rightIcon={<IconFileExport size='1rem' />}>
+                Export all server data (JSON)
+              </Button>
+            )}
           </Group>
         </Box>
       )}

src/components/pages/Upload/File.tsx

@@ -364,7 +364,8 @@ export default function File({ chunks: chunks_config }) {
               <Button
                 leftIcon={<IconFileUpload size='1rem' />}
                 onClick={handleUpload}
-                disabled={files.length === 0 ? true : false}
+                loading={loading}
+                disabled={files.length === 0 || loading}
               >
                 Upload
               </Button>

src/components/pages/Upload/Text.tsx

@@ -22,6 +22,7 @@ export default function Text() {
 
   const [value, setValue] = useState('');
   const [lang, setLang] = useState('txt');
+  const [loading, setLoading] = useState(false);
 
   const [options, setOpened, OptionsModal] = useUploadOptions();
 
@@ -29,6 +30,9 @@ export default function Text() {
   const shouldRenderTex = lang === 'tex';
 
   const handleUpload = async () => {
+    if (value.trim().length === 0) return;
+
+    setLoading(true);
     const file = new File([value], 'text.' + lang);
 
     const expiresAt = options.expires === 'never' ? null : expireReadToDate(options.expires);
@@ -53,6 +57,16 @@ export default function Text() {
           message: '',
         });
         showFilesModal(clipboard, modals, json.files);
+        setLoading(false);
+        setValue('');
+      } else {
+        updateNotification({
+          id: 'upload-text',
+          title: 'Upload Failed',
+          message: json.error,
+          color: 'red',
+        });
+        setLoading(false);
       }
     });
 
@@ -136,7 +150,8 @@ export default function Text() {
         <Button
           leftIcon={<IconFileUpload size='1rem' />}
           onClick={handleUpload}
-          disabled={value.trim().length === 0 ? true : false}
+          disabled={value.trim().length === 0 || loading}
+          loading={loading}
         >
           Upload
         </Button>

src/components/pages/Users/CreateUserModal.tsx

@@ -26,7 +26,7 @@ export function CreateUserModal({ open, setOpen, updateUsers }) {
     };
 
     setOpen(false);
-    const res = await useFetch('/api/auth/create', 'POST', data);
+    const res = await useFetch('/api/auth/register', 'POST', data);
     if (res.error) {
       showNotification({
         title: 'Failed to create user',

src/components/render/PrismCode.tsx

@@ -15,7 +15,7 @@ export default function PrismCode({ code, ext, ...props }) {
 
   return (
     <Prism
-      sx={(t) => ({ height: '100vh', backgroundColor: t.colors.dark[8] })}
+      sx={(t) => ({ height: '100vh', overflow: 'scroll', backgroundColor: t.colors.dark[8] })}
       withLineNumbers
       language={exts[ext]?.toLowerCase()}
       {...props}

src/lib/config/validateConfig.ts

@@ -278,7 +278,7 @@ export default function validate(config): Config {
       }
     }
 
-    const reserved = ['/view', '/dashboard', '/code', '/folder', '/api', '/auth'];
+    const reserved = ['/view', '/dashboard', '/code', '/folder', '/api', '/auth', '/r'];
     if (reserved.some((r) => validated.uploader.route.startsWith(r))) {
       throw {
         errors: [`The uploader route cannot be ${validated.uploader.route}, this is a reserved route.`],

src/lib/datasources/Datasource.ts

@@ -3,10 +3,10 @@ import { Readable } from 'stream';
 export abstract class Datasource {
   public name: string;
 
-  public abstract save(file: string, data: Buffer): Promise<void>;
+  public abstract save(file: string, data: Buffer, options?: { type: string }): Promise<void>;
   public abstract delete(file: string): Promise<void>;
   public abstract clear(): Promise<void>;
-  public abstract size(file: string): Promise<number>;
-  public abstract get(file: string): Readable | Promise<Readable>;
+  public abstract size(file: string): Promise<number | null>;
+  public abstract get(file: string, start?: number, end?: number): Readable | Promise<Readable>;
   public abstract fullSize(): Promise<number>;
 }

src/lib/datasources/Local.ts

@@ -26,20 +26,20 @@ export class Local extends Datasource {
     }
   }
 
-  public get(file: string): ReadStream {
+  public get(file: string, start: number = 0, end: number = Infinity): ReadStream {
     const full = join(this.path, file);
     if (!existsSync(full)) return null;
 
     try {
-      return createReadStream(full);
+      return createReadStream(full, { start, end });
     } catch (e) {
       return null;
     }
   }
 
-  public async size(file: string): Promise<number> {
+  public async size(file: string): Promise<number | null> {
     const full = join(this.path, file);
-    if (!existsSync(full)) return 0;
+    if (!existsSync(full)) return null;
     const stats = await stat(full);
 
     return stats.size;

src/lib/datasources/S3.ts

@@ -1,7 +1,7 @@
 import { Datasource } from '.';
 import { Readable } from 'stream';
 import { ConfigS3Datasource } from 'lib/config/Config';
-import { Client } from 'minio';
+import { BucketItemStat, Client } from 'minio';
 
 export class S3 extends Datasource {
   public name = 'S3';
@@ -20,8 +20,13 @@ export class S3 extends Datasource {
     });
   }
 
-  public async save(file: string, data: Buffer): Promise<void> {
-    await this.s3.putObject(this.config.bucket, file, data);
+  public async save(file: string, data: Buffer, options?: { type: string }): Promise<void> {
+    await this.s3.putObject(
+      this.config.bucket,
+      file,
+      data,
+      options ? { 'Content-Type': options.type } : undefined,
+    );
   }
 
   public async delete(file: string): Promise<void> {
@@ -40,19 +45,43 @@ export class S3 extends Datasource {
     });
   }
 
-  public get(file: string): Promise<Readable> {
-    return new Promise((res) => {
-      this.s3.getObject(this.config.bucket, file, (err, stream) => {
-        if (err) res(null);
-        else res(stream);
+  public get(file: string, start: number = 0, end: number = Infinity): Promise<Readable> {
+    if (start === 0 && end === Infinity) {
+      return new Promise((res) => {
+        this.s3.getObject(this.config.bucket, file, (err, stream) => {
+          if (err) res(null);
+          else res(stream);
+        });
       });
+    }
+
+    return new Promise((res) => {
+      this.s3.getPartialObject(
+        this.config.bucket,
+        file,
+        start,
+        // undefined means to read the rest of the file from the start (offset)
+        end === Infinity ? undefined : end,
+        (err, stream) => {
+          if (err) res(null);
+          else res(stream);
+        },
+      );
     });
   }
 
-  public async size(file: string): Promise<number> {
-    const stat = await this.s3.statObject(this.config.bucket, file);
-
-    return stat.size;
+  public size(file: string): Promise<number | null> {
+    return new Promise((res) => {
+      this.s3.statObject(
+        this.config.bucket,
+        file,
+        // @ts-expect-error this callback is not in the types but the code for it is there
+        (err: unknown, stat: BucketItemStat) => {
+          if (err) res(null);
+          else res(stat.size);
+        },
+      );
+    });
   }
 
   public async fullSize(): Promise<number> {

src/lib/datasources/Supabase.ts

@@ -72,12 +72,13 @@ export class Supabase extends Datasource {
     }
   }
 
-  public async get(file: string): Promise<Readable> {
+  public async get(file: string, start: number = 0, end: number = Infinity): Promise<Readable> {
     // get a readable stream from the request
     const r = await fetch(`${this.config.url}/storage/v1/object/${this.config.bucket}/${file}`, {
       method: 'GET',
       headers: {
         Authorization: `Bearer ${this.config.key}`,
+        Range: `bytes=${start}-${end === Infinity ? '' : end}`,
       },
     });
 
@@ -85,7 +86,7 @@ export class Supabase extends Datasource {
     return Readable.fromWeb(r.body as any);
   }
 
-  public size(file: string): Promise<number> {
+  public size(file: string): Promise<number | null> {
     return new Promise(async (res) => {
       fetch(`${this.config.url}/storage/v1/object/list/${this.config.bucket}`, {
         method: 'POST',
@@ -102,11 +103,11 @@ export class Supabase extends Datasource {
         .then((j) => {
           if (j.error) {
             this.logger.error(`${j.error}: ${j.message}`);
-            res(0);
+            res(null);
           }
 
           if (j.length === 0) {
-            res(0);
+            res(null);
           } else {
             res(j[0].metadata.size);
           }

src/lib/middleware/withOAuth.ts

@@ -67,26 +67,7 @@ export const withOAuth =
         },
       });
     } catch (e) {
-      logger.debug(`Failed to find existing oauth. Using fallback. ${e}`);
-      if (e.code === 'P2022' || e.code === 'P2025') {
-        const existing = await prisma.user.findFirst({
-          where: {
-            oauth: {
-              some: {
-                provider: provider.toUpperCase() as OauthProviders,
-                username: oauth_resp.username,
-              },
-            },
-          },
-          include: {
-            oauth: true,
-          },
-        });
-        existingOauth = existing?.oauth?.find((o) => o.provider === provider.toUpperCase());
-        if (existingOauth) existingOauth.fallback = true;
-      } else {
-        logger.error(`Failed to find existing oauth. ${e}`);
-      }
+      logger.error(`Failed to find existing oauth, this likely will result in a failure: ${e}`);
     }
 
     const existingUser = await prisma.user.findFirst({
@@ -157,7 +138,7 @@ export const withOAuth =
       logger.info(`User ${user.username} (${user.id}) logged in via oauth(${provider})`);
 
       return res.redirect('/dashboard');
-    } else if ((existingOauth && existingOauth.fallback) || existingOauth) {
+    } else if (existingOauth) {
       await prisma.oAuth.update({
         where: {
           id: existingOauth?.id,

src/lib/themes/catppuccin_frappe.ts

@@ -0,0 +1,39 @@
+// https://github.com/SeaswimmerTheFsh
+// https://catppuccin.com/palette
+
+import createTheme from '.';
+
+export default createTheme({
+  colorScheme: 'dark',
+  primaryColor: 'blue',
+  other: {
+    AppShell_backgroundColor: '#232634',
+    hover: '#414559',
+  },
+  colors: {
+    dark: [
+      '#c6d0f5',
+      '#949cbb',
+      '#838ba7',
+      '#737994',
+      '#626880',
+      '#51576d',
+      '#414559',
+      '#303446',
+      '#292c3c',
+      '#232634',
+    ],
+    blue: [
+      '#FFFFFF',
+      '#b8caf4',
+      '#a2baf1',
+      '#7599ea',
+      '#5f89e7',
+      '#8c99ee',
+      '#8ca1ee',
+      '#8cb2ee',
+      '#8cbaee',
+      '#8caaee',
+    ],
+  },
+});

src/lib/themes/catppuccin_latte.ts

@@ -0,0 +1,39 @@
+// https://github.com/SeaswimmerTheFsh
+// https://catppuccin.com/palette
+
+import createTheme from '.';
+
+export default createTheme({
+  colorScheme: 'dark',
+  primaryColor: 'blue',
+  other: {
+    AppShell_backgroundColor: '#dce0e8',
+    hover: '#ccd0da',
+  },
+  colors: {
+    dark: [
+      '#4c4f69',
+      '#8c8fa1',
+      '#8c8fa1',
+      '#9ca0b0',
+      '#acb0be',
+      '#bcc0cc',
+      '#ccd0da',
+      '#eff1f5',
+      '#e6e9ef',
+      '#dce0e8',
+    ],
+    blue: [
+      '#FFFFFF',
+      '#3676f6',
+      '#0a57ee',
+      '#094ed6',
+      '#1d42f5',
+      '#1d54f5',
+      '#1d65f5',
+      '#1d77f5',
+      '#1d89f5',
+      '#1e66f5',
+    ],
+  },
+});

src/lib/themes/catppuccin_macchiato.ts

@@ -0,0 +1,39 @@
+// https://github.com/SeaswimmerTheFsh
+// https://catppuccin.com/palette
+
+import createTheme from '.';
+
+export default createTheme({
+  colorScheme: 'dark',
+  primaryColor: 'blue',
+  other: {
+    AppShell_backgroundColor: '#181926',
+    hover: '#363a4f',
+  },
+  colors: {
+    dark: [
+      '#cad3f5',
+      '#8087a2',
+      '#8087a2',
+      '#6e738d',
+      '#5b6078',
+      '#494d64',
+      '#363a4f',
+      '#24273a',
+      '#1e2030',
+      '#181926',
+    ],
+    blue: [
+      '#FFFFFF',
+      '#a1bdf6',
+      '#729cf1',
+      '#5b8cef',
+      '#899bf4',
+      '#89a4f4',
+      '#89acf4',
+      '#89b5f4',
+      '#89bef4',
+      '#8aadf4',
+    ],
+  },
+});

src/lib/themes/catppuccin_mocha.ts

@@ -0,0 +1,39 @@
+// https://github.com/SeaswimmerTheFsh
+// https://catppuccin.com/palette
+
+import createTheme from '.';
+
+export default createTheme({
+  colorScheme: 'dark',
+  primaryColor: 'blue',
+  other: {
+    AppShell_backgroundColor: '#11111b',
+    hover: '#313244',
+  },
+  colors: {
+    dark: [
+      '#cdd6f4',
+      '#9399b2',
+      '#7f849c',
+      '#6c7086',
+      '#585b70',
+      '#45475a',
+      '#313244',
+      '#1e1e2e',
+      '#181825',
+      '#11111b',
+    ],
+    blue: [
+      '#FFFFFF',
+      '#b9d3fc',
+      '#a1c3fb',
+      '#70a4f8',
+      '#5894f7',
+      '#89a1fa',
+      '#89aafa',
+      '#89b4fa',
+      '#89bdfa',
+      '#89c6fa',
+    ],
+  },
+});

src/lib/utils/bytes.ts

@@ -24,16 +24,16 @@ export function humanToBytes(value: string): number {
   return bytes;
 }
 
-export function bytesToHuman(value: number): string {
-  if (isNaN(value)) return '0.0 B';
+export function bytesToHuman(value: number | bigint): string {
+  if (typeof value !== 'bigint' && isNaN(value)) return '0.0 B';
   if (value === Infinity) return '0.0 B';
-  const units = ['B', 'kB', 'MB', 'GB', 'TB', 'PB'];
+  const units = ['B', 'kB', 'MB', 'GB', 'TB', 'PB']; // if people upload stuff bigger than a petabyte then idk
   let num = 0;
 
   while (value > 1024) {
-    value /= 1024;
+    value = Number(value) / 1024;
     ++num;
   }
 
-  return `${value.toFixed(1)} ${units[num]}`;
+  return `${Number(value).toFixed(1)} ${units[num] || ''}`;
 }

src/lib/utils/client.ts

@@ -51,22 +51,22 @@ export function humanTime(string: StringValue | string): Date {
   }
 }
 
-export function parseExpiry(header: string): Date | null {
-  if (!header) return null;
+export function parseExpiry(header: string): Date {
+  if (!header) throw new Error('no expiry provided');
   header = header.toLowerCase();
 
   if (header.startsWith('date=')) {
     const date = new Date(header.substring(5));
 
-    if (!date.getTime()) return null;
-    if (date.getTime() < Date.now()) return null;
+    if (!date.getTime()) throw new Error('invalid date');
+    if (date.getTime() < Date.now()) throw new Error('expiry must be in the future');
     return date;
   }
 
   const human = humanTime(header);
 
-  if (!human) return null;
-  if (human.getTime() < Date.now()) return null;
+  if (!human) throw new Error('failed to parse human time');
+  if (human.getTime() < Date.now()) throw new Error('expiry must be in the future');
 
   return human;
 }

src/lib/utils/exif.ts

@@ -87,7 +87,7 @@ export async function removeGPSData(image: File): Promise<void> {
 
   logger.debug(`reading file to upload to datasource: ${file} -> ${image.name}`);
   const buffer = await readFile(file);
-  await datasource.save(image.name, buffer);
+  await datasource.save(image.name, buffer, { type: image.mimetype });
 
   logger.debug(`removing temp file: ${file}`);
   await rm(file);

src/lib/utils/parser.ts

@@ -1,5 +1,6 @@
 import type { File, User, Url } from '@prisma/client';
 import { bytesToHuman } from './bytes';
+import Logger from 'lib/logger';
 
 export type ParseValue = {
   file?: File;
@@ -10,6 +11,8 @@ export type ParseValue = {
   raw_link?: string;
 };
 
+const logger = Logger.get('parser');
+
 export function parseString(str: string, value: ParseValue) {
   if (!str) return null;
   str = str
@@ -17,7 +20,7 @@ export function parseString(str: string, value: ParseValue) {
     .replace(/\{raw_link\}/gi, value.raw_link)
     .replace(/\\n/g, '\n');
 
-  const re = /\{(?<type>file|url|user)\.(?<prop>\w+)(::(?<mod>\w+))?\}/gi;
+  const re = /\{(?<type>file|url|user)\.(?<prop>\w+)(::(?<mod>\w+))?(::(?<mod_tzlocale>\S+))?\}/gi;
   let matches: RegExpMatchArray;
 
   while ((matches = re.exec(str))) {
@@ -54,7 +57,12 @@ export function parseString(str: string, value: ParseValue) {
     }
 
     if (matches.groups.mod) {
-      str = replaceCharsFromString(str, modifier(matches.groups.mod, v), matches.index, re.lastIndex);
+      str = replaceCharsFromString(
+        str,
+        modifier(matches.groups.mod, v, matches.groups.mod_tzlocale ?? undefined),
+        matches.index,
+        re.lastIndex,
+      );
       re.lastIndex = matches.index;
       continue;
     }
@@ -66,17 +74,42 @@ export function parseString(str: string, value: ParseValue) {
   return str;
 }
 
-function modifier(mod: string, value: unknown): string {
+function modifier(mod: string, value: unknown, tzlocale?: string): string {
   mod = mod.toLowerCase();
 
   if (value instanceof Date) {
+    const args = [undefined, undefined];
+
+    if (tzlocale) {
+      const [locale, tz] = tzlocale.split(/\s?,\s?/).map((v) => v.trim());
+
+      if (locale) {
+        try {
+          Intl.DateTimeFormat.supportedLocalesOf(locale);
+          args[0] = locale;
+        } catch (e) {
+          args[0] = undefined;
+          logger.error(`invalid locale provided ${locale}`);
+        }
+      }
+
+      if (tz) {
+        const intlTz = Intl.supportedValuesOf('timeZone').find((v) => v.toLowerCase() === tz.toLowerCase());
+        if (intlTz) args[1] = { timeZone: intlTz };
+        else {
+          args[1] = undefined;
+          logger.error(`invalid timezone provided ${tz}`);
+        }
+      }
+    }
+
     switch (mod) {
       case 'locale':
-        return value.toLocaleString();
+        return value.toLocaleString(...args);
       case 'time':
-        return value.toLocaleTimeString();
+        return value.toLocaleTimeString(...args);
       case 'date':
-        return value.toLocaleDateString();
+        return value.toLocaleDateString(...args);
       case 'unix':
         return Math.floor(value.getTime() / 1000).toString();
       case 'iso':
@@ -95,6 +128,10 @@ function modifier(mod: string, value: unknown): string {
         return value.getMinutes().toString();
       case 'second':
         return value.getSeconds().toString();
+      case 'ampm':
+        return value.getHours() < 12 ? 'am' : 'pm';
+      case 'AMPM':
+        return value.getHours() < 12 ? 'AM' : 'PM';
       default:
         return '{unknown_date_modifier}';
     }
@@ -117,7 +154,7 @@ function modifier(mod: string, value: unknown): string {
       default:
         return '{unknown_str_modifier}';
     }
-  } else if (typeof value === 'number') {
+  } else if (typeof value === 'number' || typeof value === 'bigint') {
     switch (mod) {
       case 'comma':
         return value.toLocaleString();

src/lib/utils/range.ts

@@ -0,0 +1,9 @@
+export function parseRangeHeader(header?: string): [number, number] {
+  if (!header || !header.startsWith('bytes=')) return [0, Infinity];
+
+  const range = header.replace('bytes=', '').split('-');
+  const start = Number(range[0]) || 0;
+  const end = Number(range[1]) || Infinity;
+
+  return [start, end];
+}

src/pages/api/admin/export.ts

@@ -0,0 +1,315 @@
+import { readFile } from 'fs/promises';
+import Logger from 'lib/logger';
+import prisma from 'lib/prisma';
+import { randomChars } from 'lib/util';
+import { bytesToHuman } from 'lib/utils/bytes';
+import { NextApiReq, NextApiRes, UserExtended, withZipline } from 'middleware/withZipline';
+import os from 'os';
+
+const logger = Logger.get('admin').child('export');
+
+type Zipline3Export = {
+  versions: {
+    zipline: string;
+    node: string;
+    export: '3';
+  };
+
+  request: {
+    user: string;
+    date: string;
+    os: {
+      platform: 'aix' | 'darwin' | 'freebsd' | 'linux' | 'openbsd' | 'sunos' | 'win32';
+      arch:
+        | 'arm'
+        | 'arm64'
+        | 'ia32'
+        | 'loong64'
+        | 'mips'
+        | 'mipsel'
+        | 'ppc'
+        | 'ppc64'
+        | 'riscv64'
+        | 's390'
+        | 's390x'
+        | 'x64';
+      cpus: number;
+      hostname: string;
+      release: string;
+    };
+    env: NodeJS.ProcessEnv;
+  };
+
+  // Creates a unique identifier for each model
+  // used to map the user's stuff to other data owned by the user
+  user_map: Record<number, string>;
+  thumbnail_map: Record<number, string>;
+  folder_map: Record<number, string>;
+  file_map: Record<number, string>;
+  url_map: Record<number, string>;
+  invite_map: Record<number, string>;
+
+  users: {
+    [id: string]: {
+      username: string;
+      password: string;
+      avatar: string;
+      administrator: boolean;
+      super_administrator: boolean;
+      embed: {
+        title?: string;
+        site_name?: string;
+        description?: string;
+        color?: string;
+      };
+      totp_secret: string;
+      oauth: {
+        provider: 'DISCORD' | 'GITHUB' | 'GOOGLE';
+        username: string;
+        oauth_id: string;
+        access_token: string;
+        refresh_token: string;
+      }[];
+    };
+  };
+
+  files: {
+    [id: string]: {
+      name: string;
+      original_name: string;
+      type: `${string}/${string}`;
+      size: number | bigint;
+      user: string | null;
+      thumbnail?: string;
+      max_views: number;
+      views: number;
+      expires_at?: string;
+      created_at: string;
+      favorite: boolean;
+      password?: string;
+    };
+  };
+
+  thumbnails: {
+    [id: string]: {
+      name: string;
+      created_at: string;
+    };
+  };
+
+  folders: {
+    [id: string]: {
+      name: string;
+      public: boolean;
+      created_at: string;
+      user: string;
+      files: string[];
+    };
+  };
+
+  urls: {
+    [id: number]: {
+      destination: string;
+      vanity?: string;
+      code: string;
+      created_at: string;
+      max_views: number;
+      views: number;
+      user: string;
+    };
+  };
+
+  invites: {
+    [id: string]: {
+      code: string;
+      expites_at?: string;
+      created_at: string;
+      used: boolean;
+
+      created_by_user: string;
+    };
+  };
+
+  stats: {
+    created_at: string;
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    data: any;
+  }[];
+};
+
+async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
+  if (!user.superAdmin) return res.forbidden('You must be a super administrator to export data');
+
+  const pkg = JSON.parse(await readFile('package.json', 'utf8'));
+
+  const exportData: Partial<Zipline3Export> = {
+    versions: {
+      zipline: pkg.version,
+      node: process.version,
+      export: '3',
+    },
+    request: {
+      user: '',
+      date: new Date().toISOString(),
+      os: {
+        platform: os.platform() as Zipline3Export['request']['os']['platform'],
+        arch: os.arch() as Zipline3Export['request']['os']['arch'],
+        cpus: os.cpus().length,
+        hostname: os.hostname(),
+        release: os.release(),
+      },
+      env: process.env,
+    },
+    user_map: {},
+    thumbnail_map: {},
+    folder_map: {},
+    file_map: {},
+    url_map: {},
+    invite_map: {},
+
+    users: {},
+    files: {},
+    thumbnails: {},
+    folders: {},
+    urls: {},
+    invites: {},
+    stats: [],
+  };
+
+  const users = await prisma.user.findMany({
+    include: {
+      oauth: true,
+    },
+  });
+
+  for (const user of users) {
+    const uniqueId = randomChars(32);
+    exportData.user_map[user.id] = uniqueId;
+
+    exportData.users[uniqueId] = {
+      username: user.username,
+      password: user.password,
+      avatar: user.avatar,
+      administrator: user.administrator,
+      super_administrator: user.superAdmin,
+      embed: user.embed as Zipline3Export['users'][string]['embed'],
+      totp_secret: user.totpSecret,
+      oauth: user.oauth.map((oauth) => ({
+        provider: oauth.provider as Zipline3Export['users'][string]['oauth'][0]['provider'],
+        username: oauth.username,
+        oauth_id: oauth.oauthId,
+        access_token: oauth.token,
+        refresh_token: oauth.refresh,
+      })),
+    };
+  }
+
+  const folders = await prisma.folder.findMany({ include: { files: true } });
+  for (const folder of folders) {
+    const uniqueId = randomChars(32);
+    exportData.folder_map[folder.id] = uniqueId;
+
+    exportData.folders[uniqueId] = {
+      name: folder.name,
+      public: folder.public,
+      created_at: folder.createdAt.toISOString(),
+      user: exportData.user_map[folder.userId],
+      files: [], // mapped later
+    };
+  }
+
+  const thumbnails = await prisma.thumbnail.findMany();
+  for (const thumbnail of thumbnails) {
+    const uniqueId = randomChars(32);
+    exportData.thumbnail_map[thumbnail.id] = uniqueId;
+
+    exportData.thumbnails[uniqueId] = {
+      name: thumbnail.name,
+      created_at: thumbnail.createdAt.toISOString(),
+    };
+  }
+
+  const files = await prisma.file.findMany({ include: { thumbnail: true } });
+
+  for (const file of files) {
+    const uniqueId = randomChars(32);
+    exportData.file_map[file.id] = uniqueId;
+
+    exportData.files[uniqueId] = {
+      name: file.name,
+      original_name: file.originalName,
+      type: file.mimetype as Zipline3Export['files'][0]['type'],
+      size: file.size,
+      user: file.userId ? exportData.user_map[file.userId] : null,
+      thumbnail: file.thumbnail ? exportData.thumbnail_map[file.thumbnail.id] : undefined,
+      max_views: file.maxViews,
+      views: file.views,
+      expires_at: file.expiresAt?.toISOString(),
+      created_at: file.createdAt.toISOString(),
+      favorite: file.favorite,
+      password: file.password,
+    };
+  }
+
+  const urls = await prisma.url.findMany();
+
+  for (const url of urls) {
+    const uniqueId = randomChars(32);
+    exportData.url_map[url.id] = uniqueId;
+
+    exportData.urls[uniqueId] = {
+      destination: url.destination,
+      vanity: url.vanity,
+      created_at: url.createdAt.toISOString(),
+      max_views: url.maxViews,
+      views: url.views,
+      user: exportData.user_map[url.userId],
+      code: url.id,
+    };
+  }
+
+  const invites = await prisma.invite.findMany();
+
+  for (const invite of invites) {
+    const uniqueId = randomChars(32);
+    exportData.invite_map[invite.id] = uniqueId;
+
+    exportData.invites[uniqueId] = {
+      code: invite.code,
+      expites_at: invite.expiresAt?.toISOString() ?? undefined,
+      created_at: invite.createdAt.toISOString(),
+      used: invite.used,
+      created_by_user: exportData.user_map[invite.createdById],
+    };
+  }
+
+  const stats = await prisma.stats.findMany();
+  for (const stat of stats) {
+    exportData.stats.push({
+      created_at: stat.createdAt.toISOString(),
+      data: stat.data,
+    });
+  }
+
+  exportData.request.user = exportData.user_map[user.id];
+
+  for (const folder of folders) {
+    exportData.folders[exportData.folder_map[folder.id]].files = folder.files.map(
+      (file) => exportData.file_map[file.id],
+    );
+  }
+
+  const stringed = JSON.stringify(exportData);
+  logger.info(`${user.id} created export of size ${bytesToHuman(stringed.length)}`);
+
+  return res
+    .setHeader('Content-Disposition', `attachment; filename="zipline_export_${Date.now()}.json"`)
+    .setHeader('Content-Type', 'application/json')
+    .send(stringed);
+}
+
+export default withZipline(handler, {
+  methods: ['GET'],
+  user: true,
+  administrator: true,
+});

src/pages/api/auth/create.ts

@@ -1,132 +0,0 @@
-import { readFile } from 'fs/promises';
-import config from 'lib/config';
-import Logger from 'lib/logger';
-import { NextApiReq, NextApiRes, withZipline } from 'lib/middleware/withZipline';
-import { guess } from 'lib/mimes';
-import prisma from 'lib/prisma';
-import { createToken, hashPassword } from 'lib/util';
-import { jsonUserReplacer } from 'lib/utils/client';
-import { extname } from 'path';
-
-const logger = Logger.get('user');
-
-async function handler(req: NextApiReq, res: NextApiRes) {
-  // handle invites
-  if (req.body.code) {
-    if (!config.features.invites) return res.badRequest('invites are disabled');
-
-    const { code, username, password } = req.body as {
-      code?: string;
-      username: string;
-      password: string;
-    };
-    const invite = await prisma.invite.findUnique({
-      where: { code: code ?? '' },
-    });
-    if (!invite && code) return res.badRequest('invalid invite code');
-
-    const user = await prisma.user.findFirst({
-      where: { username },
-    });
-
-    if (user) return res.badRequest('username already exists');
-    const hashed = await hashPassword(password);
-
-    let avatar;
-    if (config.features.default_avatar) {
-      logger.debug(`using default avatar ${config.features.default_avatar}`);
-
-      const buf = await readFile(config.features.default_avatar);
-      const mimetype = await guess(extname(config.features.default_avatar));
-      logger.debug(`guessed mimetype ${mimetype} for ${config.features.default_avatar}`);
-
-      avatar = `data:${mimetype};base64,${buf.toString('base64')}`;
-    }
-
-    const newUser = await prisma.user.create({
-      data: {
-        password: hashed,
-        username,
-        token: createToken(),
-        administrator: false,
-        avatar,
-      },
-    });
-
-    if (code) {
-      await prisma.invite.update({
-        where: {
-          code,
-        },
-        data: {
-          used: true,
-        },
-      });
-    }
-
-    logger.debug(`created user via invite ${code} ${JSON.stringify(newUser, jsonUserReplacer)}`);
-
-    logger.info(
-      `Created user ${newUser.username} (${newUser.id}) ${
-        code ? `from invite code ${code}` : 'via registration'
-      }`,
-    );
-
-    return res.json({ success: true });
-  }
-
-  const user = await req.user();
-  if (!user) return res.unauthorized('not logged in');
-  if (!user.administrator) return res.forbidden('you arent an administrator');
-
-  const { username, password, administrator } = req.body as {
-    username: string;
-    password: string;
-    administrator: boolean;
-  };
-
-  if (!username) return res.badRequest('no username');
-  if (!password) return res.badRequest('no password');
-
-  const existing = await prisma.user.findFirst({
-    where: {
-      username,
-    },
-  });
-  if (existing) return res.badRequest('user exists');
-
-  const hashed = await hashPassword(password);
-
-  let avatar;
-  if (config.features.default_avatar) {
-    logger.debug(`using default avatar ${config.features.default_avatar}`);
-
-    const buf = await readFile(config.features.default_avatar);
-    const mimetype = await guess(extname(config.features.default_avatar));
-    logger.debug(`guessed mimetype ${mimetype} for ${config.features.default_avatar}`);
-
-    avatar = `data:${mimetype};base64,${buf.toString('base64')}`;
-  }
-
-  const newUser = await prisma.user.create({
-    data: {
-      password: hashed,
-      username,
-      token: createToken(),
-      administrator,
-      avatar,
-    },
-  });
-
-  logger.debug(`created user ${JSON.stringify(newUser, jsonUserReplacer)}`);
-
-  delete newUser.password;
-
-  logger.info(`Created user ${newUser.username} (${newUser.id})`);
-
-  return res.json(newUser);
-}
-
-export default withZipline(handler, {
-  methods: ['POST'],
-});

src/pages/api/auth/invite.ts

@@ -1,3 +1,4 @@
+import { PrismaClientKnownRequestError } from '@prisma/client/runtime/library';
 import config from 'lib/config';
 import Logger from 'lib/logger';
 import { NextApiReq, NextApiRes, UserExtended, withZipline } from 'lib/middleware/withZipline';
@@ -16,8 +17,12 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
       count: number;
     };
 
-    const expiry = parseExpiry(expiresAt);
-    if (!expiry) return res.badRequest('invalid date');
+    let expiry: Date;
+    try {
+      expiry = parseExpiry(expiresAt);
+    } catch (error) {
+      return res.badRequest(error.message);
+    }
     const counts = count ? count : 1;
 
     if (counts > 1) {
@@ -60,19 +65,22 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
     const { code } = req.query as { code: string };
     if (!code) return res.badRequest('no code');
 
-    const invite = await prisma.invite.delete({
-      where: {
-        code,
-      },
-    });
+    try {
+      const invite = await prisma.invite.delete({
+        where: {
+          code,
+        },
+      });
 
-    if (!invite) return res.notFound('invite not found');
+      logger.debug(`deleted invite ${JSON.stringify(invite)}`);
 
-    logger.debug(`deleted invite ${JSON.stringify(invite)}`);
+      logger.info(`${user.username} (${user.id}) deleted invite ${invite.code}`);
 
-    logger.info(`${user.username} (${user.id}) deleted invite ${invite.code}`);
-
-    return res.json(invite);
+      return res.json(invite);
+    } catch (error) {
+      if (error instanceof PrismaClientKnownRequestError) return res.notFound('invite not found');
+      else throw error;
+    }
   } else {
     const invites = await prisma.invite.findMany({
       orderBy: {

src/pages/api/auth/login.ts

@@ -14,8 +14,8 @@ async function handler(req: NextApiReq, res: NextApiRes) {
     code?: string;
   };
 
-  const users = await prisma.user.findMany();
-  if (users.length === 0) {
+  const users = await prisma.user.count();
+  if (users === 0) {
     logger.debug('no users found... creating default user...');
     await prisma.user.create({
       data: {

src/pages/api/auth/register.ts

@@ -11,23 +11,49 @@ import { extname } from 'path';
 const logger = Logger.get('user');
 
 async function handler(req: NextApiReq, res: NextApiRes) {
-  if (!config.features.user_registration) return res.badRequest('user registration is disabled');
+  const user = await req.user();
+  let badRequest,
+    usedInvite = false;
 
-  const { username, password, administrator } = req.body as {
+  if (!config.features.user_registration && !config.features.invites && !user?.administrator)
+    return res.badRequest('This endpoint is unavailable due to current configurations');
+  else if (!!user && !user?.administrator) return res.badRequest('Already logged in');
+
+  const { username, password, administrator, code } = req.body as {
     username: string;
     password: string;
     administrator: boolean;
+    code?: string;
   };
 
-  if (!username) return res.badRequest('no username');
-  if (!password) return res.badRequest('no password');
+  if (!username) badRequest = true;
+  if (!password) badRequest = true;
 
   const existing = await prisma.user.findFirst({
     where: {
       username,
     },
+    select: {
+      username: true,
+    },
   });
-  if (existing) return res.badRequest('user exists');
+
+  if (existing) badRequest = true;
+
+  if (badRequest) return res.badRequest('Bad Username/Password');
+
+  if (code) {
+    if (config.features.invites) {
+      const invite = await prisma.invite.findUnique({
+        where: {
+          code,
+        },
+      });
+
+      if (!invite || invite?.used) return res.badRequest('Bad invite');
+      usedInvite = true;
+    } else return res.badRequest('Bad Username/Password');
+  } else if (config.features.invites && !user?.administrator) return res.badRequest('Bad invite');
 
   const hashed = await hashPassword(password);
 
@@ -47,12 +73,20 @@ async function handler(req: NextApiReq, res: NextApiRes) {
       password: hashed,
       username,
       token: createToken(),
-      administrator,
+      administrator: user?.superAdmin ? administrator : false,
       avatar,
     },
   });
 
-  logger.debug(`registered user ${JSON.stringify(newUser, jsonUserReplacer)}`);
+  if (usedInvite)
+    await prisma.invite.update({
+      where: { code },
+      data: { used: true },
+    });
+
+  logger.debug(
+    `registered user${usedInvite ? ' via invite ' + code : ''} ${JSON.stringify(newUser, jsonUserReplacer)}`,
+  );
 
   delete newUser.password;
 

src/pages/api/shorten.ts

@@ -54,7 +54,7 @@ async function handler(req: NextApiReq, res: NextApiRes) {
 
   logger.debug(`shortened ${JSON.stringify(url)}`);
 
-  logger.info(`User ${user.username} (${user.id}) shortenned a url ${url.destination} (${url.id})`);
+  logger.info(`User ${user.username} (${user.id}) shortened a url ${url.destination} (${url.id})`);
 
   let domain;
   if (req.headers['override-domain']) {

src/pages/api/upload.ts

@@ -30,6 +30,45 @@ async function handler(req: NextApiReq, res: NextApiRes) {
 
   if (!user) return res.forbidden('authorization incorrect');
 
+  if (user.ratelimit && !req.headers['content-range']) {
+    const remaining = user.ratelimit.getTime() - Date.now();
+    logger.debug(`${user.id} encountered ratelimit, ${remaining}ms remaining`);
+    if (remaining <= 0) {
+      await prisma.user.update({
+        where: {
+          id: user.id,
+        },
+        data: {
+          ratelimit: null,
+        },
+      });
+    } else {
+      return res.ratelimited(remaining);
+    }
+  } else if (!user.ratelimit && !req.headers['content-range']) {
+    if (user.administrator && zconfig.ratelimit.admin > 0) {
+      await prisma.user.update({
+        where: {
+          id: user.id,
+        },
+        data: {
+          ratelimit: new Date(Date.now() + zconfig.ratelimit.admin * 1000),
+        },
+      });
+    } else if (!user.administrator && zconfig.ratelimit.user > 0) {
+      if (user.administrator && zconfig.ratelimit.user > 0) {
+        await prisma.user.update({
+          where: {
+            id: user.id,
+          },
+          data: {
+            ratelimit: new Date(Date.now() + zconfig.ratelimit.user * 1000),
+          },
+        });
+      }
+    }
+  }
+
   await new Promise((resolve, reject) => {
     uploader.array('file')(req as never, res as never, (result: unknown) => {
       if (result instanceof Error) reject(result.message);
@@ -42,6 +81,7 @@ async function handler(req: NextApiReq, res: NextApiRes) {
     expiresAt?: Date;
     removed_gps?: boolean;
     assumed_mimetype?: string | boolean;
+    folder?: number;
   } = {
     files: [],
   };
@@ -49,16 +89,20 @@ async function handler(req: NextApiReq, res: NextApiRes) {
   let expiry: Date;
 
   if (expiresAt) {
-    expiry = parseExpiry(expiresAt);
-    if (!expiry) return res.badRequest('invalid date');
-    else {
+    try {
+      expiry = parseExpiry(expiresAt);
       response.expiresAt = expiry;
+    } catch (error) {
+      return res.badRequest(error.message);
     }
   }
 
   if (zconfig.uploader.default_expiration) {
-    expiry = parseExpiry(zconfig.uploader.default_expiration);
-    if (!expiry) return res.badRequest('invalid date (UPLOADER_DEFAULT_EXPIRATION)');
+    try {
+      expiry = parseExpiry(zconfig.uploader.default_expiration);
+    } catch (error) {
+      return res.badRequest(`${error.message} (UPLOADER_DEFAULT_EXPIRATION)`);
+    }
   }
 
   const rawFormat = ((req.headers['format'] as string) || zconfig.uploader.default_format).toLowerCase();
@@ -78,6 +122,20 @@ async function handler(req: NextApiReq, res: NextApiRes) {
   if (isNaN(fileMaxViews)) return res.badRequest('invalid max views (invalid number)');
   if (fileMaxViews < 0) return res.badRequest('invalid max views (max views < 0)');
 
+  const folderToAdd = req.headers['x-zipline-folder'] ? Number(req.headers['x-zipline-folder']) : null;
+  if (folderToAdd) {
+    if (isNaN(folderToAdd)) return res.badRequest('invalid folder id (invalid number)');
+    const folder = await prisma.folder.findFirst({
+      where: {
+        id: folderToAdd,
+        userId: user.id,
+      },
+    });
+    if (!folder) return res.badRequest('invalid folder id (no folder found)');
+
+    response.folder = folder.id;
+  }
+
   // handle partial uploads before ratelimits
   if (req.headers['content-range'] && zconfig.chunks.enabled) {
     if (format === 'name') {
@@ -128,6 +186,9 @@ async function handler(req: NextApiReq, res: NextApiRes) {
           mimetype: req.headers.uploadtext ? 'text/plain' : mimetype,
           userId: user.id,
           originalName: req.headers['original-name'] ? filename ?? null : null,
+          ...(folderToAdd && {
+            folderId: folderToAdd,
+          }),
         },
       });
 
@@ -175,23 +236,6 @@ async function handler(req: NextApiReq, res: NextApiRes) {
     });
   }
 
-  if (user.ratelimit) {
-    const remaining = user.ratelimit.getTime() - Date.now();
-    logger.debug(`${user.id} encountered ratelimit, ${remaining}ms remaining`);
-    if (remaining <= 0) {
-      await prisma.user.update({
-        where: {
-          id: user.id,
-        },
-        data: {
-          ratelimit: null,
-        },
-      });
-    } else {
-      return res.ratelimited(remaining);
-    }
-  }
-
   if (!req.files) return res.badRequest('no files');
   if (req.files && req.files.length === 0) return res.badRequest('no files');
 
@@ -262,6 +306,9 @@ async function handler(req: NextApiReq, res: NextApiRes) {
         maxViews: fileMaxViews,
         originalName: req.headers['original-name'] ? decodedName ?? null : null,
         size: file.size,
+        ...(folderToAdd && {
+          folderId: folderToAdd,
+        }),
       },
     });
 
@@ -270,12 +317,12 @@ async function handler(req: NextApiReq, res: NextApiRes) {
 
     if (compressionUsed) {
       const buffer = await sharp(file.buffer).jpeg({ quality: imageCompressionPercent }).toBuffer();
-      await datasource.save(fileUpload.name, buffer);
+      await datasource.save(fileUpload.name, buffer, { type: 'image/jpeg' });
       logger.info(
         `User ${user.username} (${user.id}) compressed image from ${file.buffer.length} -> ${buffer.length} bytes`,
       );
     } else {
-      await datasource.save(fileUpload.name, file.buffer);
+      await datasource.save(fileUpload.name, file.buffer, { type: file.mimetype });
     }
 
     logger.info(`User ${user.username} (${user.id}) uploaded ${fileUpload.name} (${fileUpload.id})`);
@@ -315,28 +362,6 @@ async function handler(req: NextApiReq, res: NextApiRes) {
     }
   }
 
-  if (user.administrator && zconfig.ratelimit.admin > 0) {
-    await prisma.user.update({
-      where: {
-        id: user.id,
-      },
-      data: {
-        ratelimit: new Date(Date.now() + zconfig.ratelimit.admin * 1000),
-      },
-    });
-  } else if (!user.administrator && zconfig.ratelimit.user > 0) {
-    if (user.administrator && zconfig.ratelimit.user > 0) {
-      await prisma.user.update({
-        where: {
-          id: user.id,
-        },
-        data: {
-          ratelimit: new Date(Date.now() + zconfig.ratelimit.user * 1000),
-        },
-      });
-    }
-  }
-
   if (req.headers['no-json']) {
     res.setHeader('Content-Type', 'text/plain');
     return res.end(response.files.join(','));

src/pages/api/user/[id].ts

@@ -21,6 +21,9 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
         include: {
           thumbnail: true,
         },
+        orderBy: {
+          createdAt: 'desc',
+        },
       },
       Folder: true,
     },

src/pages/api/user/export.ts

@@ -1,6 +1,6 @@
 import { Zip, ZipPassThrough } from 'fflate';
 import { createReadStream, createWriteStream } from 'fs';
-import { readdir, stat } from 'fs/promises';
+import { rm, stat } from 'fs/promises';
 import datasource from 'lib/datasource';
 import Logger from 'lib/logger';
 import prisma from 'lib/prisma';
@@ -23,6 +23,13 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
     const export_name = `zipline_export_${user.id}_${Date.now()}.zip`;
     const path = join(config.core.temp_directory, export_name);
 
+    const exportDb = await prisma.export.create({
+      data: {
+        path: export_name,
+        userId: user.id,
+      },
+    });
+
     logger.debug(`creating write stream at ${path}`);
     const write_stream = createWriteStream(path);
 
@@ -79,11 +86,27 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
           logger.info(
             `Export for ${user.username} (${user.id}) has completed and is available at ${export_name}`,
           );
+
+          await prisma.export.update({
+            where: {
+              id: exportDb.id,
+            },
+            data: {
+              complete: true,
+            },
+          });
         }
       } else {
         write_stream.close();
-        logger.debug(`error while writing to zip: ${err}`);
-        logger.error(`Export for ${user.username} (${user.id}) has failed\n${err}`);
+        logger.error(
+          `Export for ${user.username} (${user.id}) has failed and has been removed from the database\n${err}`,
+        );
+
+        await prisma.export.delete({
+          where: {
+            id: exportDb.id,
+          },
+        });
       }
     };
 
@@ -114,27 +137,62 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
     res.json({
       url: '/api/user/export?name=' + export_name,
     });
-  } else {
-    const export_name = req.query.name as string;
-    if (export_name) {
-      const parts = export_name.split('_');
-      if (Number(parts[2]) !== user.id) return res.unauthorized('cannot access export owned by another user');
+  } else if (req.method === 'DELETE') {
+    const name = req.query.name as string;
+    if (!name) return res.badRequest('no name provided');
 
-      const stream = createReadStream(join(config.core.temp_directory, export_name));
+    const exportDb = await prisma.export.findFirst({
+      where: {
+        userId: user.id,
+        path: name,
+      },
+    });
+
+    if (!exportDb) return res.notFound('export not found');
+
+    await prisma.export.delete({
+      where: {
+        id: exportDb.id,
+      },
+    });
+
+    try {
+      await rm(join(config.core.temp_directory, exportDb.path));
+    } catch (e) {
+      logger
+        .error(`export file ${exportDb.path} has been removed from the database`)
+        .error(`but failed to remove the file from the filesystem: ${e}`);
+    }
+
+    res.json({
+      success: true,
+    });
+  } else {
+    const exportsDb = await prisma.export.findMany({
+      where: {
+        userId: user.id,
+      },
+    });
+
+    const name = req.query.name as string;
+    if (name) {
+      const exportDb = exportsDb.find((e) => e.path === name);
+      if (!exportDb) return res.notFound('export not found');
+
+      const stream = createReadStream(join(config.core.temp_directory, exportDb.path));
 
       res.setHeader('Content-Type', 'application/zip');
-      res.setHeader('Content-Disposition', `attachment; filename="${export_name}"`);
+      res.setHeader('Content-Disposition', `attachment; filename="${exportDb.path}"`);
       stream.pipe(res);
     } else {
-      const files = await readdir(config.core.temp_directory);
-      const exp = files.filter((f) => f.startsWith('zipline_export_'));
       const exports = [];
-      for (let i = 0; i !== exp.length; ++i) {
-        const name = exp[i];
-        const stats = await stat(join(config.core.temp_directory, name));
 
-        if (Number(exp[i].split('_')[2]) !== user.id) continue;
-        exports.push({ name, size: stats.size });
+      for (let i = 0; i !== exportsDb.length; ++i) {
+        const exportDb = exportsDb[i];
+        if (!exportDb.complete) continue;
+
+        const stats = await stat(join(config.core.temp_directory, exportDb.path));
+        exports.push({ name: exportDb.path, size: stats.size, createdAt: exportDb.createdAt });
       }
 
       res.json({
@@ -145,6 +203,6 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
 }
 
 export default withZipline(handler, {
-  methods: ['GET', 'POST'],
+  methods: ['GET', 'POST', 'DELETE'],
   user: true,
 });

src/pages/api/user/folders/[id].ts

@@ -16,7 +16,13 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
       id: idParsed,
     },
     select: {
-      files: !!req.query.files,
+      files: req.query.files
+        ? {
+            include: {
+              thumbnail: true,
+            },
+          }
+        : false,
       id: true,
       name: true,
       userId: true,
@@ -70,7 +76,13 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
         },
       },
       select: {
-        files: !!req.query.files,
+        files: req.query.files
+          ? {
+              include: {
+                thumbnail: true,
+              },
+            }
+          : false,
         id: true,
         name: true,
         userId: true,
@@ -111,7 +123,13 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
         public: !!publicFolder,
       },
       select: {
-        files: !!req.query.files,
+        files: req.query.files
+          ? {
+              include: {
+                thumbnail: true,
+              },
+            }
+          : false,
         id: true,
         name: true,
         userId: true,
@@ -200,7 +218,13 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
           },
         },
         select: {
-          files: !!req.query.files,
+          files: req.query.files
+            ? {
+                include: {
+                  thumbnail: true,
+                },
+              }
+            : false,
           id: true,
           name: true,
           userId: true,

src/pages/api/user/urls.ts

@@ -1,3 +1,4 @@
+import { PrismaClientKnownRequestError } from '@prisma/client/runtime/library';
 import config from 'lib/config';
 import Logger from 'lib/logger';
 import prisma from 'lib/prisma';
@@ -8,15 +9,22 @@ async function handler(req: NextApiReq, res: NextApiRes, user: UserExtended) {
   if (req.method === 'DELETE') {
     if (!req.body.id) return res.badRequest('no url id');
 
-    const url = await prisma.url.delete({
-      where: {
-        id: req.body.id,
-      },
-    });
+    try {
+      const url = await prisma.url.delete({
+        where: {
+          id: req.body.id,
+        },
+      });
 
-    Logger.get('url').info(`User ${user.username} (${user.id}) deleted a url ${url.destination} (${url.id})`);
+      Logger.get('url').info(
+        `User ${user.username} (${user.id}) deleted a url ${url.destination} (${url.id})`,
+      );
 
-    return res.json(url);
+      return res.json(url);
+    } catch (err) {
+      if (err instanceof PrismaClientKnownRequestError) return res.notFound('url not found');
+      else throw err;
+    }
   } else {
     const urls = await prisma.url.findMany({
       where: {

src/pages/auth/login.tsx

@@ -96,7 +96,10 @@ export default function Login({
         setLoading(false);
       }
     } else {
-      await router.push((router.query.url as string) || '/dashboard');
+      let redirectUrl = (router.query.url as string) || '/dashboard';
+      if (!redirectUrl.startsWith('/dashboard')) redirectUrl = '/dashboard';
+
+      await router.push(redirectUrl);
     }
   };
 

src/pages/auth/register.tsx

@@ -50,7 +50,7 @@ export default function Register({ code = undefined, title, user_registration })
   };
 
   const createUser = async () => {
-    const res = await useFetch(`/api/auth/${user_registration ? 'register' : 'create'}`, 'POST', {
+    const res = await useFetch('/api/auth/register', 'POST', {
       code: user_registration ? null : code,
       username,
       password,

src/pages/code/[id].tsx

@@ -58,7 +58,7 @@ export default function Code({ code, id, title, render, renderType }) {
 
       {!render && (
         <PrismCode
-          sx={(t) => ({ height: '100vh', backgroundColor: t.colors.dark[8] })}
+          sx={(t) => ({ height: '100vh', overflow: 'scroll', backgroundColor: t.colors.dark[8] })}
           code={code}
           ext={id.split('.').pop()}
         />
@@ -66,7 +66,7 @@ export default function Code({ code, id, title, render, renderType }) {
 
       {render && overrideRender && (
         <PrismCode
-          sx={(t) => ({ height: '100vh', backgroundColor: t.colors.dark[8] })}
+          sx={(t) => ({ height: '100vh', overflow: 'scroll', backgroundColor: t.colors.dark[8] })}
           code={code}
           ext={id.split('.').pop()}
         />
@@ -115,6 +115,17 @@ export const getServerSideProps: GetServerSideProps = async (context) => {
     renderType = null;
   }
 
+  await prisma.file.update({
+    where: {
+      id: file.id,
+    },
+    data: {
+      views: {
+        increment: 1,
+      },
+    },
+  });
+
   return {
     props: {
       code: await streamToString(data),

src/pages/folder/[id].tsx

@@ -85,6 +85,12 @@ export const getServerSideProps: GetServerSideProps<Props> = async (context) =>
           createdAt: true,
           password: true,
           size: true,
+          thumbnail: {
+            select: {
+              name: true,
+              id: true,
+            },
+          },
         },
       },
       user: {
@@ -106,6 +112,9 @@ export const getServerSideProps: GetServerSideProps<Props> = async (context) =>
       folder.files[j].name,
     );
 
+    // @ts-ignore
+    folder.files[j].size = Number(folder.files[j].size);
+
     // @ts-ignore
     if (folder.files[j].password) folder.files[j].password = true;
 

src/pages/view/[id].tsx

@@ -11,6 +11,7 @@ import Link from 'next/link';
 import { useRouter } from 'next/router';
 import { useEffect, useState } from 'react';
 import zconfig from 'lib/config';
+import { log } from 'server/util';
 
 export default function EmbeddedFile({
   file,
@@ -63,11 +64,20 @@ export default function EmbeddedFile({
 
     const img = new Image();
     img.addEventListener('load', function () {
-      if (this.naturalWidth > innerWidth)
-        imageEl.width = Math.floor(
-          this.naturalWidth * Math.min(innerHeight / this.naturalHeight, innerWidth / this.naturalWidth),
-        );
-      else imageEl.width = this.naturalWidth;
+      // my best attempt of recreating
+      // firefox: https://searchfox.org/mozilla-central/source/dom/html/ImageDocument.cpp#271-276
+      // chromium-based: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/html/image_document.cc
+
+      // keeps image original if smaller than screen
+      if (this.width <= window.innerWidth && this.height <= window.innerHeight) return;
+
+      // resizes to fit screen
+      const ratio = Math.min(innerHeight / this.naturalHeight, innerWidth / this.naturalWidth);
+      const newWidth = Math.max(1, Math.floor(ratio * this.naturalWidth));
+      const newHeight = Math.max(1, Math.floor(ratio * this.naturalHeight));
+
+      imageEl.width = newWidth;
+      imageEl.height = newHeight;
     });
 
     img.src = url || dataURL('/r');
@@ -80,11 +90,19 @@ export default function EmbeddedFile({
   useEffect(() => {
     if (pass) {
       setOpened(true);
-    } else {
-      updateImage();
     }
   }, []);
 
+  useEffect(() => {
+    if (!file?.mimetype?.startsWith('image')) return;
+
+    updateImage();
+    window.addEventListener('resize', () => updateImage());
+    return () => {
+      window.removeEventListener('resize', () => updateImage());
+    };
+  }, []);
+
   return (
     <>
       <Head>
@@ -124,8 +142,6 @@ export default function EmbeddedFile({
             <meta name='twitter:card' content='player' />
             <meta name='twitter:player' content={`${host}/r/${file.name}`} />
             <meta name='twitter:player:stream' content={`${host}/r/${file.name}`} />
-            <meta name='twitter:player:width' content='720' />
-            <meta name='twitter:player:height' content='480' />
             <meta name='twitter:player:stream:content_type' content={file.mimetype} />
             <meta name='twitter:title' content={file.name} />
 
@@ -142,8 +158,6 @@ export default function EmbeddedFile({
             <meta property='og:video:url' content={`${host}/r/${file.name}`} />
             <meta property='og:video:secure_url' content={`${host}/r/${file.name}`} />
             <meta property='og:video:type' content={file.mimetype} />
-            <meta property='og:video:width' content='720' />
-            <meta property='og:video:height' content='480' />
           </>
         )}
         {file.mimetype.startsWith('audio') && (
@@ -200,7 +214,17 @@ export default function EmbeddedFile({
         )}
 
         {file.mimetype.startsWith('video') && (
-          <video src={dataURL('/r')} controls autoPlay muted id='video_content' />
+          <video
+            style={{
+              maxHeight: '100vh',
+              maxWidth: '100vw',
+            }}
+            src={dataURL('/r')}
+            controls
+            autoPlay
+            muted
+            id='video_content'
+          />
         )}
 
         {file.mimetype.startsWith('audio') && (
@@ -233,6 +257,17 @@ export const getServerSideProps: GetServerSideProps = async (context) => {
   let host = context.req.headers.host;
   if (!file) return { notFound: true };
 
+  const logger = log('view');
+
+  if (file.maxViews && file.views >= file.maxViews) {
+    await datasource.delete(file.name);
+    await prisma.file.delete({ where: { id: file.id } });
+
+    logger.child('file').info(`File ${file.name} has been deleted due to max views (${file.maxViews})`);
+
+    return { notFound: true };
+  }
+
   // @ts-ignore
   file.size = Number(file.size);
 
@@ -258,6 +293,7 @@ export const getServerSideProps: GetServerSideProps = async (context) => {
   delete user.password;
   delete user.totpSecret;
   delete user.token;
+  delete user.ratelimit;
 
   // @ts-ignore workaround because next wont allow date
   file.createdAt = file.createdAt.toString();
@@ -306,6 +342,17 @@ export const getServerSideProps: GetServerSideProps = async (context) => {
   // @ts-ignore
   if (file.password) file.password = true;
 
+  await prisma.file.update({
+    where: {
+      id: file.id,
+    },
+    data: {
+      views: {
+        increment: 1,
+      },
+    },
+  });
+
   return {
     props: {
       file,

src/scripts/import-dir.ts

@@ -29,12 +29,12 @@ async function main() {
     const mime = await guess(files[i].split('.').pop());
     const { size } = statSync(join(directory, files[i]));
 
-    data.push({
+    data[i] = {
       name: files[i],
       mimetype: mime,
       userId,
       size,
-    });
+    };
 
     console.log(`Imported ${files[i]} (${bytesToHuman(size)}) (${mime} mimetype) to user ${userId}`);
   }
@@ -54,7 +54,9 @@ async function main() {
   console.log(`Copying files to ${config.datasource.type} storage..`);
   for (let i = 0; i !== files.length; ++i) {
     const file = files[i];
-    await datasource.save(file, await readFile(join(directory, file)));
+    await datasource.save(file, await readFile(join(directory, file)), {
+      type: data[i]?.mimetype ?? 'application/octet-stream',
+    });
   }
   console.log(`Finished copying files to ${config.datasource.type} storage.`);
 

src/server/decorators/dbFile.ts

@@ -2,6 +2,7 @@ import { File } from '@prisma/client';
 import { FastifyInstance, FastifyReply } from 'fastify';
 import fastifyPlugin from 'fastify-plugin';
 import exts from 'lib/exts';
+import { parseRangeHeader } from 'lib/utils/range';
 
 function dbFileDecorator(fastify: FastifyInstance, _, done) {
   fastify.decorateReply('dbFile', dbFile);
@@ -13,14 +14,29 @@ function dbFileDecorator(fastify: FastifyInstance, _, done) {
     const ext = file.name.split('.').pop();
     if (Object.keys(exts).includes(ext)) return this.server.nextHandle(this.request.raw, this.raw);
 
-    const data = await this.server.datasource.get(file.name);
-    if (!data) return this.notFound();
-
     const size = await this.server.datasource.size(file.name);
+    if (size === null) return this.notFound();
 
-    this.header('Content-Length', size);
+    // eslint-disable-next-line prefer-const
+    let [rangeStart, rangeEnd] = parseRangeHeader(this.request.headers.range);
+    if (rangeStart >= rangeEnd)
+      return this.code(416)
+        .header('Content-Range', `bytes 0/${size - 1}`)
+        .send();
+    if (rangeEnd === Infinity) rangeEnd = size - 1;
+
+    const data = await this.server.datasource.get(file.name, rangeStart, rangeEnd);
+
+    // only send content-range if the client asked for it
+    if (this.request.headers.range) {
+      this.code(206);
+      this.header('Content-Range', `bytes ${rangeStart}-${rangeEnd}/${size}`);
+    }
+
+    this.header('Content-Length', rangeEnd - rangeStart + 1);
     this.header('Content-Type', download ? 'application/octet-stream' : file.mimetype);
     this.header('Content-Disposition', `inline; filename="${encodeURI(file.originalName || file.name)}"`);
+    this.header('Accept-Ranges', 'bytes');
 
     return this.send(data);
   }

src/server/decorators/rawFile.ts

@@ -5,6 +5,7 @@ import fastifyPlugin from 'fastify-plugin';
 import { createBrotliCompress, createDeflate, createGzip } from 'zlib';
 import pump from 'pump';
 import { Transform } from 'stream';
+import { parseRangeHeader } from 'lib/utils/range';
 
 function rawFileDecorator(fastify: FastifyInstance, _, done) {
   fastify.decorateReply('rawFile', rawFile);
@@ -12,13 +13,30 @@ function rawFileDecorator(fastify: FastifyInstance, _, done) {
 
   async function rawFile(this: FastifyReply, id: string) {
     const { download, compress = 'false' } = this.request.query as { download?: string; compress?: string };
-
-    const data = await this.server.datasource.get(id);
-    if (!data) return this.notFound();
+    const size = await this.server.datasource.size(id);
+    if (size === null) return this.notFound();
 
     const mimetype = await guess(extname(id).slice(1));
-    const size = await this.server.datasource.size(id);
+
+    // eslint-disable-next-line prefer-const
+    let [rangeStart, rangeEnd] = parseRangeHeader(this.request.headers.range);
+    if (rangeStart >= rangeEnd)
+      return this.code(416)
+        .header('Content-Range', `bytes 0/${size - 1}`)
+        .send();
+    if (rangeEnd === Infinity) rangeEnd = size - 1;
+
+    const data = await this.server.datasource.get(id, rangeStart, rangeEnd + 1);
+
+    // only send content-range if the client asked for it
+    if (this.request.headers.range) {
+      this.code(206);
+      this.header('Content-Range', `bytes ${rangeStart}-${rangeEnd}/${size}`);
+    }
+
+    this.header('Content-Length', rangeEnd - rangeStart + 1);
     this.header('Content-Type', download ? 'application/octet-stream' : mimetype);
+    this.header('Accept-Ranges', 'bytes');
 
     if (
       this.server.config.core.compression.enabled &&
@@ -28,7 +46,7 @@ function rawFileDecorator(fastify: FastifyInstance, _, done) {
     )
       if (size > this.server.config.core.compression.threshold && mimetype.match(/^(image|video|text)/))
         return this.send(useCompress.call(this, data));
-    this.header('Content-Length', size);
+
     return this.send(data);
   }
 }

src/server/index.ts

@@ -100,6 +100,16 @@ async function start() {
     done();
   });
 
+  server.setErrorHandler((error, request, reply) => {
+    console.error(error);
+
+    reply.status(500).send({
+      statusCode: 500,
+      error: 'Internal Server Error',
+      message: error.message,
+    });
+  });
+
   server.get('/favicon.ico', async (_, reply) => {
     if (!existsSync('./public/favicon.ico')) return reply.notFound();
 

src/worker/thumbnail.ts

@@ -28,23 +28,42 @@ if (isMainThread) {
 async function loadThumbnail(path) {
   const args = ['-i', path, '-frames:v', '1', '-f', 'mjpeg', 'pipe:1'];
 
-  const child = spawn(ffmpeg, args, { stdio: ['ignore', 'pipe', 'ignore'] });
+  const child = spawn(ffmpeg, args, { stdio: ['ignore', 'pipe', 'pipe'] });
 
   const data: Buffer = await new Promise((resolve, reject) => {
     const buffers = [];
+    const errorBuffers = [];
+
+    child.stderr.on('data', (chunk) => {
+      errorBuffers.push(chunk);
+    });
 
     child.stdout.on('data', (chunk) => {
       buffers.push(chunk);
     });
 
-    child.once('error', reject);
+    child.once('error', (...a) => {
+      console.log(a);
+
+      reject();
+    });
     child.once('close', (code) => {
       if (code !== 0) {
-        const msg = buffers.join('').trim();
-        logger.debug(`cmd: ${ffmpeg} ${args.join(' ')}`);
-        logger.error(`while ${path} child exited with code ${code}: ${msg}`);
+        const msg = errorBuffers.join('').trim().split('\n');
 
-        reject(new Error(`child exited with code ${code}`));
+        logger.debug(`cmd: ${ffmpeg} ${args.join(' ')}\n${msg.join('\n')}`);
+        logger.error(`child exited with code ${code}: ${msg[msg.length - 1]}`);
+
+        if (msg[msg.length - 1].includes('does not contain any stream')) {
+          // mismatched mimetype, for example a video/ogg (.ogg) file with no video stream since
+          // for this specific case just set the mimetype to audio/ogg
+          // the method will return an empty buffer since there is no video stream
+
+          logger.error(`file ${path} does not contain any video stream, it is probably an audio file`);
+          resolve(Buffer.alloc(0));
+        }
+
+        reject(new Error(`child exited with code ${code} ffmpeg output:\n${msg.join('\n')}`));
       } else {
         const buffer = Buffer.allocUnsafe(buffers.reduce((acc, val) => acc + val.length, 0));
 
@@ -99,6 +118,22 @@ async function start() {
     const thumbnail = await loadThumbnail(tmpFile);
     logger.debug(`loaded thumbnail: ${thumbnail.length} bytes mjpeg`);
 
+    if (thumbnail.length === 0 && file.mimetype === 'video/ogg') {
+      logger.info('file might be an audio file, setting mimetype to audio/ogg to avoid future errors');
+      await prisma.file.update({
+        where: {
+          id: file.id,
+        },
+        data: {
+          mimetype: 'audio/ogg',
+        },
+      });
+
+      await rm(tmpFile);
+      await prisma.$disconnect();
+      process.exit(0);
+    }
+
     const { thumbnail: thumb } = await prisma.file.update({
       where: {
         id: file.id,
@@ -115,7 +150,7 @@ async function start() {
       },
     });
 
-    await datasource.save(thumb.name, thumbnail);
+    await datasource.save(thumb.name, thumbnail, { type: 'image/jpeg' });
 
     logger.info(`thumbnail saved - ${thumb.name}`);
     logger.debug(`thumbnail ${JSON.stringify(thumb)}`);

src/worker/upload.ts

@@ -121,7 +121,9 @@ async function start() {
     await fd.close();
   } else {
     logger.debug('writing file to datasource');
-    await datasource.save(file.filename, Buffer.from(fd as Uint8Array));
+    await datasource.save(file.filename, Buffer.from(fd as Uint8Array), {
+      type: file.mimetype ?? 'application/octet-stream',
+    });
   }
 
   const final = await prisma.incompleteFile.update({

yarn.lock

@@ -1956,6 +1956,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/node@npm:18":
+  version: 18.19.67
+  resolution: "@types/node@npm:18.19.67"
+  dependencies:
+    undici-types: ~5.26.4
+  checksum: 700f92c6a0b63352ce6327286392adab30bb17623c2a788811e9cf092c4dc2fb5e36ca4727247a981b3f44185fdceef20950a3b7a8ab72721e514ac037022a08
+  languageName: node
+  linkType: hard
+
 "@types/node@npm:^10.0.3":
   version: 10.17.60
   resolution: "@types/node@npm:10.17.60"
@@ -1970,15 +1979,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/node@npm:^18.18.10":
-  version: 18.18.10
-  resolution: "@types/node@npm:18.18.10"
-  dependencies:
-    undici-types: ~5.26.4
-  checksum: 1245a14a38bfbe115b8af9792dbe87a1c015f2532af5f0a25a073343fefa7b2edfd95ff3830003d1a1278ce7f9ee0e78d4e5454d7a60af65832c8d77f4032ac8
-  languageName: node
-  linkType: hard
-
 "@types/normalize-package-data@npm:^2.4.0":
   version: 2.4.4
   resolution: "@types/normalize-package-data@npm:2.4.4"
@@ -3063,9 +3063,9 @@ __metadata:
   linkType: hard
 
 "caniuse-lite@npm:^1.0.30001406":
-  version: 1.0.30001561
-  resolution: "caniuse-lite@npm:1.0.30001561"
-  checksum: 949829fe037e23346595614e01d362130245920503a12677f2506ce68e1240360113d6383febed41e8aa38cd0f5fd9c69c21b0af65a71c0246d560db489f1373
+  version: 1.0.30001642
+  resolution: "caniuse-lite@npm:1.0.30001642"
+  checksum: 23f823ec115306eaf9299521328bb6ad0c4ce65254c375b14fd497ceda759ee8ee5b8763b7b622cb36b6b5fb53c6cb8569785fba842fe289be7dc3fcf008eb4f
   languageName: node
   linkType: hard
 
@@ -11827,7 +11827,7 @@ __metadata:
     "@types/katex": ^0.16.6
     "@types/minio": ^7.1.1
     "@types/multer": ^1.4.10
-    "@types/node": ^18.18.10
+    "@types/node": 18
     "@types/qrcode": ^1.5.5
     "@types/react": ^18.2.37
     "@types/sharp": ^0.32.0