add docker support

.dockerignore

@@ -0,0 +1,46 @@
+# Packages
+node_modules
+**/node_modules
+
+# Log files
+logs
+*.log
+npm-debug.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+
+# IDE
+.vscode
+
+# Docker (experimental)
+docker/
+Dockerfile
+.dockerignore
+docker-compose.yml
+docker-compose.config.yml
+docker-compose.config.example.yml
+
+# Tests
+coverage/
+jest-setup.ts
+jest.config.js
+
+# Linting
+.eslingignore
+.eslintrc.json
+tsconfig.eslint.json
+
+# Miscellaneous
+.tmp
+.vscode
+.git
+.gitattributes
+.gitignore
+README.md
+chibi.ps1
+chibi.sh
+dist
+.nuxt

.gitignore

@@ -10,3 +10,5 @@ uploads/
 !src/api/routes/uploads
 db
 database.sqlite-journal
+docker/nginx/chibisafe.moe.conf
+docker-compose.config.yml

.npmrc

@@ -0,0 +1,4 @@
+audit=false
+fund=false
+node-version=false
+legacy-peer-deps=true

docker/chibi.ps1

@@ -0,0 +1,3 @@
+$env = $args[0]
+$cmd = $args | Select-Object -Skip 1
+docker-compose -f docker-compose.yml -f docker-compose.$env.yml -f docker-compose.config.yml $cmd

docker/chibi.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+docker-compose -f docker-compose.yml -f docker-compose.$1.yml -f docker-compose.config.yml ${@%$1}

docker/chibisafe/Dockerfile

@@ -0,0 +1,20 @@
+FROM jrottenberg/ffmpeg:4.3-alpine312 as ffmpeg
+
+FROM node:alpine3.12
+
+WORKDIR /usr/chibisafe
+COPY package.json package-lock.json ./
+
+RUN apk add --update \
+&& apk add --no-cache ca-certificates libwebp libwebp-tools expat \
+&& apk add --no-cache vidstab-dev --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
+&& apk add --no-cache --virtual .build-deps git curl build-base python3 g++ make \
+&& npm ci \
+&& apk del .build-deps
+
+COPY --from=ffmpeg /usr/local /usr/local
+
+COPY . .
+RUN mkdir uploads && mkdir database
+
+CMD ["sh", "-c", "npm run migrate && npm run seed && npm run build && npm start"]

docker/docker-compose.config.example.yml

@@ -0,0 +1,37 @@
+version: "3.7"
+
+services:
+    chibisafe:
+        environment:
+            CHUNK_SIZE: 90
+            SECRET: "wowfcgMHqZHwOIMLadWrKu3liyqPOOILpDLSDvuxq3YGhJmiZXJCVpnF96l11WfR"
+            ADMIN_ACCOUNT: "admin"
+            ADMIN_PASSWORD: "admin"
+            # ROUTE_PREFIX: /api
+            # RATE_LIMIT_WINDOW: 2
+            # RATE_LIMIT_MAX: 5
+            # BLOCKED_EXTENSIONS: '.jar,.exe,.msi,.com,.bat,.cmd,.scr,.ps1,.sh'
+            # UPLOAD_FOLDER: uploads
+            # MAX_LINKS_PER_ALBUM: 5
+            # META_THEME_COLOR: '#20222b'
+            # META_DESCRIPTION: 'Blazing fast file uploader and bunker written in node! 🚀'
+            # META_KEYWORDS: 'chibisafe,upload,uploader,file,vue,images,ssr,file uploader,free'
+            # META_TWITTER_HANDLE: ''
+            # SERVER_PORT: 5000
+            # WEBSITE_PORT: 5001
+            # DOMAIN: 'http://chibisafe.moe'
+            # SERVICE_NAME: chibisafe
+            # MAX_SIZE: 5000
+            # GENERATE_THUMBNAILS: 'true'
+            # GENERATE_ZIPS: 'true'
+            # STRIP_EXIF: 'true'
+            # SERVE_WITH_NODE: 'true'
+            # GENERATED_FILENAME_LENGTH: 6
+            # GENERATED_ALBUM_LENGTH: 4
+            # PUBLIC_MODE: 'false'
+            # USER_ACCOUNTS: 'true'
+            # DB_CLIENT: 'sqlite3'
+            # DB_HOST: ''
+            # DB_USER: ''
+            # DB_PASSWORD: ''
+            # DB_DATABASE: ''

docker/docker-compose.local.yml

@@ -0,0 +1,19 @@
+version: "3.7"
+
+services:
+    nginx:
+        volumes:
+            - nginx-data:/etc/nginx
+
+    chibisafe:
+        volumes:
+            - chibisafe-data:/usr/chibisafe/uploads
+            - chibisafe-database:/usr/chibisafe/database
+
+volumes:
+    nginx-data:
+        name: "nginx-data"
+    chibisafe-data:
+        name: "chibisafe-data"
+    chibisafe-database:
+        name: "chibisafe-database"

docker/docker-compose.prod.yml

@@ -0,0 +1,11 @@
+version: "3.7"
+
+services:
+    nginx:
+        volumes:
+            - ./nginx-data:/etc/nginx
+
+    chibisafe:
+        volumes:
+            - ./chibisafe-data:/usr/chibisafe/uploads
+            - ./chibisafe-database:/usr/chibisafe/database

docker/docker-compose.yml

@@ -0,0 +1,63 @@
+version: "3.7"
+
+services:
+    nginx:
+        build:
+            context: ./nginx
+            dockerfile: Dockerfile
+        expose:
+            - "80"
+            - "443"
+        ports:
+            - "80:80"
+            - "443:443"
+        restart: unless-stopped
+        healthcheck:
+            test: ["CMD", "service", "nginx", "status"]
+            interval: 60s
+            timeout: 5s
+
+    chibisafe:
+        build:
+            context: ../
+            dockerfile: ./docker/chibisafe/Dockerfile
+        expose:
+            - "5000"
+            - "5001"
+        ports:
+            - "5000"
+            - "5001"
+        restart: unless-stopped
+        environment:
+            CHUNK_SIZE: 90
+            ROUTE_PREFIX: /api
+            RATE_LIMIT_WINDOW: 2
+            RATE_LIMIT_MAX: 5
+            BLOCKED_EXTENSIONS: ".jar,.exe,.msi,.com,.bat,.cmd,.scr,.ps1,.sh"
+            UPLOAD_FOLDER: uploads
+            SECRET: ""
+            MAX_LINKS_PER_ALBUM: 5
+            META_THEME_COLOR: "#20222b"
+            META_DESCRIPTION: "Blazing fast file uploader and bunker written in node! 🚀"
+            META_KEYWORDS: "chibisafe,upload,uploader,file,vue,images,ssr,file uploader,free"
+            META_TWITTER_HANDLE: ""
+            SERVER_PORT: 5000
+            WEBSITE_PORT: 5001
+            DOMAIN: "http://chibisafe.moe"
+            SERVICE_NAME: chibisafe
+            MAX_SIZE: 5000
+            GENERATE_THUMBNAILS: "true"
+            GENERATE_ZIPS: "true"
+            STRIP_EXIF: "true"
+            SERVE_WITH_NODE: "true"
+            GENERATED_FILENAME_LENGTH: 6
+            GENERATED_ALBUM_LENGTH: 4
+            PUBLIC_MODE: "false"
+            USER_ACCOUNTS: "true"
+            ADMIN_ACCOUNT: ""
+            ADMIN_PASSWORD: ""
+            DB_CLIENT: "sqlite3"
+            DB_HOST: ""
+            DB_USER: ""
+            DB_PASSWORD: ""
+            DB_DATABASE: ""

docker/nginx/Dockerfile

@@ -0,0 +1,5 @@
+FROM nginx
+
+COPY nginxconfig.io /etc/nginx/nginxconfig.io
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY chibisafe.moe.conf /etc/nginx/conf.d/chibisafe.moe.conf

docker/nginx/chibisafe.moe.http.example.conf

@@ -0,0 +1,21 @@
+server {
+    listen              80;
+    listen              [::]:80;
+    server_name         chibisafe.moe;
+
+    # security
+    include             nginxconfig.io/security.conf;
+
+    # logging
+    access_log          /var/log/nginx/chibisafe.moe.access.log;
+    error_log           /var/log/nginx/chibisafe.moe.error.log warn;
+
+    # reverse proxy
+    location / {
+        proxy_pass http://localhost:5000;
+        include    nginxconfig.io/proxy.conf;
+    }
+
+    # additional config
+    include nginxconfig.io/general.conf;
+}

docker/nginx/chibisafe.moe.https.example.conf

@@ -0,0 +1,32 @@
+server {
+    listen              443 ssl http2;
+    listen              [::]:443 ssl http2;
+    server_name         chibisafe.moe;
+
+    # SSL
+    ssl_certificate     /etc/nginx/ssl/chibisafe.moe.crt;
+    ssl_certificate_key /etc/nginx/ssl/chibisafe.moe.key;
+
+    # security
+    include             nginxconfig.io/security.conf;
+
+    # logging
+    access_log          /var/log/nginx/chibisafe.moe.access.log;
+    error_log           /var/log/nginx/chibisafe.moe.error.log warn;
+
+    # reverse proxy
+    location / {
+        proxy_pass http://localhost:5000;
+        include    nginxconfig.io/proxy.conf;
+    }
+
+    # additional config
+    include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen 80;
+    listen [::]:80;
+    return 301 https://$server_name$request_uri;
+}

docker/nginx/nginx.conf

@@ -0,0 +1,54 @@
+# Generated by nginxconfig.io
+# https://www.digitalocean.com/community/tools/nginx?domains.0.server.domain=tourneys.naval-base.com&domains.0.server.documentRoot=&domains.0.https.certType=custom&domains.0.php.php=false&domains.0.reverseProxy.reverseProxy=true&domains.0.reverseProxy.proxyPass=http%3A%2F%2F127.0.0.1%3A3001&domains.0.routing.root=false&domains.0.logging.accessLog=true&domains.0.logging.errorLog=true
+
+user                 www-data;
+pid                  /run/nginx.pid;
+worker_processes     auto;
+worker_rlimit_nofile 65535;
+
+events {
+    multi_accept       on;
+    worker_connections 65535;
+}
+
+http {
+    charset              utf-8;
+    sendfile             on;
+    tcp_nopush           on;
+    tcp_nodelay          on;
+    server_tokens        off;
+    log_not_found        off;
+    types_hash_max_size  2048;
+    client_max_body_size 90M;
+	client_body_timeout  600s;
+
+    # MIME
+    include              mime.types;
+    default_type         application/octet-stream;
+
+    # Logging
+    access_log           /var/log/nginx/access.log;
+    error_log            /var/log/nginx/error.log warn;
+
+    # SSL
+    ssl_session_timeout  1d;
+    ssl_session_cache    shared:SSL:10m;
+    ssl_session_tickets  off;
+
+    # Diffie-Hellman parameter for DHE ciphersuites
+    # ssl_dhparam          /etc/nginx/dhparam.pem;
+
+    # Mozilla Intermediate configuration
+    ssl_protocols        TLSv1.2 TLSv1.3;
+    ssl_ciphers          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+    # OCSP Stapling
+    ssl_stapling         off;
+    ssl_stapling_verify  off;
+    resolver             1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
+    resolver_timeout     2s;
+
+    # Load configs
+    include              /etc/nginx/conf.d/*.conf;
+    # include              /etc/nginx/sites-enabled/*;
+}

docker/nginx/nginxconfig.io/general.conf

@@ -0,0 +1,18 @@
+# favicon.ico
+location = /favicon.ico {
+    log_not_found off;
+    access_log    off;
+}
+
+# robots.txt
+location = /robots.txt {
+    log_not_found off;
+    access_log    off;
+}
+
+# gzip
+gzip            on;
+gzip_vary       on;
+gzip_proxied    any;
+gzip_comp_level 6;
+gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

docker/nginx/nginxconfig.io/proxy.conf

@@ -0,0 +1,18 @@
+proxy_http_version                 1.1;
+proxy_cache_bypass                 $http_upgrade;
+
+# Proxy headers
+proxy_set_header Upgrade           $http_upgrade;
+proxy_set_header Connection        "upgrade";
+proxy_set_header Host              $host;
+proxy_set_header X-Real-IP         $remote_addr;
+proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host  $host;
+proxy_set_header X-Forwarded-Port  $server_port;
+proxy_set_header X-NginX-Proxy     true;
+
+# Proxy timeouts
+proxy_connect_timeout              60s;
+proxy_send_timeout                 60s;
+proxy_read_timeout                 60s;

docker/nginx/nginxconfig.io/security.conf

@@ -0,0 +1,12 @@
+# security headers
+add_header X-Frame-Options           "SAMEORIGIN" always;
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# . files
+location ~ /\.(?!well-known) {
+    deny all;
+}

package.json

@@ -9,15 +9,15 @@
 		"url": "https://github.com/Pitu"
 	},
 	"scripts": {
-		"setup": "node src/setup.js && yarn build && yarn migrate && yarn seed",
+		"setup": "node src/setup.js && npm run migrate && npm run seed && npm run build",
 		"build": "nuxt build",
 		"start": "cross-env NODE_ENV=production node src/api/structures/Server",
 		"dev": "nuxt",
-		"migrate": "yarn knex migrate:latest",
-		"seed": "yarn knex seed:run",
+		"migrate": "knex migrate:latest",
+		"seed": "knex seed:run",
 		"api": "node src/api/structures/Server",
-		"update": "git pull && yarn install && yarn migrate && yarn build && yarn restart",
-		"restart": "pm2 restart chibisafe"
+		"update": "git pull && npm install && npm run migrate && npm run build && npm run restart",
+		"restart": "pm2 restart lolisafe"
 	},
 	"repository": {
 		"type": "git",
@@ -33,7 +33,7 @@
 		"@mdi/font": "^5.3.45",
 		"@nuxtjs/axios": "^5.4.1",
 		"adm-zip": "^0.4.13",
-		"bcrypt": "^4.0.1",
+		"bcrypt": "^5.0.0",
 		"body-parser": "^1.18.3",
 		"buefy": "^0.9.4",
 		"busboy": "^0.2.14",
@@ -67,8 +67,8 @@
 		"rotating-file-stream": "^2.1.3",
 		"search-query-parser": "^1.5.5",
 		"serve-static": "^1.13.2",
-		"sharp": "^0.25.2",
-		"sqlite3": "^4.0.6",
+		"sharp": "^0.27.0",
+		"sqlite3": "^5.0.0",
 		"uuid": "^3.3.2",
 		"v-clipboard": "^2.2.1",
 		"vue-axios": "^2.1.4",
@@ -86,11 +86,11 @@
 		"eslint-config-aqua": "^7.3.0",
 		"eslint-import-resolver-nuxt": "^1.0.1",
 		"eslint-plugin-vue": "^5.2.1",
-		"node-sass": "^4.11.0",
+		"node-sass": "^5.0.0",
 		"nodemon": "^1.19.3",
 		"postcss-css-variables": "^0.11.0",
 		"postcss-nested": "^3.0.0",
-		"sass-loader": "^7.1.0"
+		"sass-loader": "^10.1.0"
 	},
 	"eslintConfig": {
 		"extends": [

src/site/assets/styles/_bulma_colors_extender.scss

@@ -1,6 +1,6 @@
 // Import the initial variables
-@import "../../../node_modules/bulma/sass/utilities/initial-variables";
-@import "../../../node_modules/bulma/sass/utilities/functions";
+@import "../../../../node_modules/bulma/sass/utilities/initial-variables";
+@import "../../../../node_modules/bulma/sass/utilities/functions";
 
 // Setup our custom colors
 $chibisafe: #323846;

src/site/assets/styles/style.scss

@@ -3,7 +3,7 @@
 @import './_colors.scss';
 
 // Bulma/Buefy customization
-@import '../../../node_modules/bulma/sass/utilities/_all.sass';
+@import '../../../../node_modules/bulma/sass/utilities/_all.sass';
 
 $body-size: 14px !default;
 $family-primary: 'Nunito', BlinkMacSystemFont, -apple-system, 'Segoe UI', 'Roboto', 'Oxygen', 'Ubuntu', 'Cantarell',