Adds setup/login auth-logo elements that share applyLogo's existence
check, so the brand image appears on the unauthenticated screens too
when one is configured and quietly stays hidden otherwise.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The upload page now polls /info and /files every 20s while visible:
new uploads (also via WebDAV), expiry changes and link deactivation
appear without a manual reload. A pollBusy flag prevents overlapping
fetches on slow connections, and visibilitychange stops the timer in
backgrounded tabs. /info and /files get Cache-Control: no-store so the
browser cannot serve stale state, plus a 60/min/IP customerPollLimiter
to cap abuse from leaked tokens.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
uploadAuth now only blocks archived/missing tokens. A new
requireNotExpired middleware sits in front of /files, /file and /zip,
so the file browser closes (410 Gone) once the link expires while the
upload form stays open. /info reports the expired flag so the page can
hide the browser section and show a warning banner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- /u/:token/files now lists a single directory level with type info,
/u/:token/zip streams a ZIP of any folder (whole customer dir by
default). Both paths apply realpath containment so a symlink dropped
into the customer folder via WebDAV cannot escape — listing now 404s
on out-of-base symlinks the same way the file download already did.
- Frontend gets breadcrumbs, folder navigation and per-folder/whole-
current-folder ZIP buttons; UNC \\HOST@PORT\DavWWWRoot\ form is
derived from the configured WebDAV URL and shown next to it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Files in the customer dir can come from uploads or be placed there by
staff via WebDAV — say so explicitly in the heading.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- /u/:token/files lists files in the customer folder, /u/:token/file
streams a download. Iterative walker with depth limit; symlinks are
rejected at enumeration and via realpath containment on download;
Content-Disposition filename is sanitized with an RFC 5987 fallback
- New "Private WebDAV-URL" field in admin settings, displayed under
the customer table. Served via authenticated /status (not public
/branding) so it does not leak to upload visitors
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New smtp_notify_customer toggle in the SMTP section. Defaults to true
to preserve existing behavior. When unchecked, customers no longer
receive the upload summary even if they have an email on file; staff
and (optionally) admins keep getting their notifications.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entrypoint runs as root, ensures /data/{db,uploads,logo} and
/webdav-config exist with UID 1000 ownership, then drops privileges
via gosu. Removes the manual sudo chown step from the README and
makes a fresh docker compose up succeed without prep.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Explorer optimistically removes icons on a rejected DELETE, and apps
that LOCK before open get stuck for 30-60s on the WebClient negative
cache when the user only has read access. New disable-webdav-locking.reg
turns SupportLocking off as an opt-in workaround for view-only setups.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- helmet, express-rate-limit (login/setup/customer-auth/me-password)
- Constant-time login (bcrypt always runs against a dummy hash on miss)
- Cookie secure flag follows req.protocol; trust proxy is env-gated to
prevent X-Forwarded-For spoofing on direct exposure
- Drop SVG from accepted logo types (same-origin XSS) and resolve the
served logo path against LOGO_DIR as defense in depth
- Self-service /me/password endpoint plus header button; bumps minimum
password length to 8 across backend, prompts and edit modal
- Multer 1.x → 2.x for current security backports
- Customer edit modal replaces stacked prompts; user role is now an
inline dropdown with a confirm-and-revert flow
- Windows .reg helper plus README section for Basic-Auth-over-HTTP and
the http:// vs \\HOST@PORT\DavWWWRoot\ mapping syntax
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Optional email field on users and customers
- SMTP config in admin settings with test-mail button and an opt-in
"notify admins on upload" toggle
- Debounced upload notifier sends one summary email per customer session
to the customer, assigned staff and (optionally) admins
- Two-step customer lifecycle: "Deaktivieren" archives the link and
keeps data, "Dateien löschen" purges files and the DB entry after a
name-typed confirmation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Modern dark/light theme with CSS variables, pills, cards and a sticky nav
- New Branding section in admin settings: upload logo (png/jpg/svg/webp/gif,
2 MB) plus width/height sliders, proportional scale and reset
- Logo served publicly via /logo and displayed on admin portal and the
customer upload page; files persist under ./data/logo
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Customer upload via token link (no login), optional password + expiry,
drag & drop for files and folders with preserved structure
- Admin portal with setup wizard, role-based users (admin/staff),
per-customer WebDAV access rules (read/write), session auth
- WebDAV container (Debian apache2) with htpasswd + access.conf
auto-generated from the SQLite DB and reloaded via inotifywait
- Configurable public base URL and janitor cron interval in admin UI;
janitor reconciles the uploads table with the filesystem
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Stefan Hacker