Bump version to 3.4.10

Fixes https://github.com/timvisee/send/issues/29

.gitattributes

@@ -1,2 +1,2 @@
-public/locales/* linguist-documentation
+public/locales/*/*.ftl linguist-documentation
-docs/* linguist-documentation
+docs/** linguist-documentation

Dockerfile

@@ -6,7 +6,7 @@
 
 
 # Build project
-FROM node:15.5.1-alpine AS builder
+FROM node:current-alpine AS builder
 RUN set -x \
     # Add user
     && addgroup --gid 10001 app \
@@ -26,7 +26,7 @@ RUN set -x \
 
 
 # Main image
-FROM node:15.5.1-alpine
+FROM node:current-alpine
 RUN set -x \
     # Add user
     && addgroup --gid 10001 app \

README.md

@@ -66,6 +66,7 @@ Thanks [Mozilla][mozilla] for building this amazing tool!
 * [Configuration](#configuration)
 * [Localization](#localization)
 * [Contributing](#contributing)
+* [Instances](#instances)
 * [Deployment](#deployment)
 * [Clients](#clients)
 * [License](#license)
@@ -120,21 +121,25 @@ The server is configured with environment variables. See [server/config.js](serv
 
 ## Localization
 
-Send localization is managed via [Pontoon](https://pontoon.mozilla.org/projects/test-pilot-firefox-send/), not direct pull requests to the repository. If you want to fix a typo, add a new language, or simply know more about localization, please get in touch with the [existing localization team](https://pontoon.mozilla.org/teams/) for your language or Mozilla’s [l10n-drivers](https://wiki.mozilla.org/L10n:Mozilla_Team#Mozilla_Corporation) for guidance.
+see [docs/localization.md](docs/localization.md)
-
-see also [docs/localization.md](docs/localization.md)
 
 ---
 
 ## Contributing
 
-Pull requests are always welcome! Feel free to check out the list of ["good first issues"](https://github.com/mozilla/send/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22).
+Pull requests are always welcome! Feel free to check out the list of "good first issues" (to be implemented).
+
+---
+
+## Instances
+
+Find a list of public instances here: https://github.com/timvisee/send-instances/
 
 ---
 
 ## Deployment
 
-see also [docs/deployment.md](docs/deployment.md)
+See also [docs/deployment.md](docs/deployment.md)
 
 ---
 

app/main.css

@@ -118,7 +118,7 @@ details {
   overflow: hidden;
 }
 
-details > summary::-webkit-details-marker {
+details > summary::marker {
   display: none;
 }
 

app/user.js

@@ -81,21 +81,15 @@ export default class User {
   }
 
   get maxSize() {
-    return this.loggedIn
+    return this.limits.MAX_FILE_SIZE;
-      ? this.limits.MAX_FILE_SIZE
-      : this.limits.ANON.MAX_FILE_SIZE;
   }
 
   get maxExpireSeconds() {
-    return this.loggedIn
+    return this.limits.MAX_EXPIRE_SECONDS;
-      ? this.limits.MAX_EXPIRE_SECONDS
-      : this.limits.ANON.MAX_EXPIRE_SECONDS;
   }
 
   get maxDownloads() {
-    return this.loggedIn
+    return this.limits.MAX_DOWNLOADS;
-      ? this.limits.MAX_DOWNLOADS
-      : this.limits.ANON.MAX_DOWNLOADS;
   }
 
   async metricId() {

docs/deployment.md

@@ -13,7 +13,7 @@ For Debian/Ubuntu systems this probably just means something like this:
 ## Building
 * We assume an already configured virtual-host on your webserver with an existing empty htdocs folder
 * First, remove that htdocs folder - we will replace it with Send's version now
-* git clone https://github.com/mozilla/send.git htdocs
+* git clone https://github.com/timvisee/send.git htdocs
 * Make now sure you are NOT root but rather the user your webserver is serving files under (e.g. "su www-data" or whoever the owner of your htdocs folder is)
 * npm install
 * npm run build

docs/localization.md

@@ -1,6 +1,6 @@
 # Localization
 
-Send is localized in over 50 languages. We use the [fluent](http://projectfluent.org/) library and store our translations in [FTL](http://projectfluent.org/fluent/guide/) files in `public/locales/`. `en-US` is our base language, and other languages are managed by [pontoon](https://pontoon.mozilla.org/projects/test-pilot-firefox-send/).
+Send is localized in over 50 languages. We use the [fluent](http://projectfluent.org/) library and store our translations in [FTL](http://projectfluent.org/fluent/guide/) files in `public/locales/`. `en-US` is our base language.
 
 ## Process
 

package.json

@@ -1,7 +1,7 @@
 {
   "name": "send",
   "description": "File Sharing Experiment",
-  "version": "3.4.5",
+  "version": "3.4.10",
   "author": "Mozilla (https://mozilla.org)",
   "contributors": [
     "Tim Visee <3a4fb3964f@sinenomine.email> (https://timvisee.com)"
@@ -30,7 +30,7 @@
     "test:report": "nyc report --reporter=html",
     "test-integration": "cross-env NODE_ENV=development wdio test/wdio.docker.conf.js",
     "circleci-test-integration": "echo 'webdriverio tests need to be updated to node 12'",
-    "start": "npm run clean && cross-env NODE_ENV=development L10N_DEV=true FXA_CLIENT_ID=fced6b5e3f4c66b9 BASE_URL=http://localhost:8080 webpack-dev-server --mode=development",
+    "start": "npm run clean && cross-env NODE_ENV=development L10N_DEV=true BASE_URL=http://localhost:8080 DETECT_BASE_URL=true webpack-dev-server --mode=development",
     "android": "cross-env ANDROID=1 npm start",
     "prod": "node server/bin/prod.js"
   },
@@ -64,10 +64,10 @@
     "node": "^15.5.1"
   },
   "devDependencies": {
-    "@babel/core": "^7.13.10",
+    "@babel/core": "^7.14.0",
     "@babel/plugin-proposal-class-properties": "^7.13.0",
     "@babel/plugin-syntax-dynamic-import": "^7.2.0",
-    "@babel/preset-env": "^7.13.10",
+    "@babel/preset-env": "^7.14.1",
     "@dannycoates/webcrypto-liner": "^0.1.37",
     "@fullhuman/postcss-purgecss": "^1.3.0",
     "@mattiasbuelens/web-streams-polyfill": "0.2.1",
@@ -78,12 +78,12 @@
     "base64-js": "^1.5.1",
     "content-disposition": "^0.5.3",
     "copy-webpack-plugin": "^5.1.2",
-    "core-js": "^3.9.1",
+    "core-js": "^3.12.0",
     "crc": "^3.8.0",
     "cross-env": "^6.0.3",
     "css-loader": "^3.6.0",
     "css-mqpacker": "^7.0.0",
-    "cssnano": "^4.1.10",
+    "cssnano": "^4.1.11",
     "eslint": "^6.6.0",
     "eslint-config-prettier": "^6.15.0",
     "eslint-plugin-mocha": "^6.2.1",
@@ -117,7 +117,7 @@
     "script-loader": "^0.7.2",
     "sinon": "^7.5.0",
     "string-hash": "^1.1.3",
-    "stylelint": "^13.12.0",
+    "stylelint": "^13.13.1",
     "stylelint-config-standard": "^19.0.0",
     "stylelint-no-unsupported-browser-features": "^4.1.4",
     "svgo": "^1.3.2",
@@ -135,9 +135,9 @@
     "@dannycoates/express-ws": "^5.0.3",
     "@fluent/bundle": "^0.13.0",
     "@fluent/langneg": "^0.3.0",
-    "@google-cloud/storage": "^5.8.1",
+    "@google-cloud/storage": "^5.8.5",
     "@sentry/node": "^5.30.0",
-    "aws-sdk": "^2.864.0",
+    "aws-sdk": "^2.902.0",
     "body-parser": "^1.19.0",
     "choo": "^7.0.0",
     "cldr-core": "^35.1.0",
@@ -151,7 +151,7 @@
     "redis": "^2.8.0",
     "redis-mock": "^0.47.0",
     "selenium-standalone": "^6.23.0",
-    "ua-parser-js": "^0.7.24"
+    "ua-parser-js": "^0.7.28"
   },
   "availableLanguages": [
     "en-US",

public/locales/nl/send.ftl

@@ -28,7 +28,7 @@ notSupportedOutdatedDetail = Helaas ondersteunt deze versie van Firefox de webte
 updateFirefox = Firefox bijwerken
 deletePopupCancel = Annuleren
 deleteButtonHover = Verwijderen
-footerText = Niet aangesloten aan Mozilla of Firefox.
+footerText = Niet gelieerd aan Mozilla of Firefox.
 footerLinkDonate = Doneren
 footerLinkCli = CLI
 footerLinkDmca = DMCA
@@ -52,7 +52,7 @@ passwordSetError = Dit wachtwoord kon niet worden ingesteld
 -send-short-brand = Send
 -firefox = Firefox
 -mozilla = Mozilla
-introTitle = Eenvoudig, privé bestanden delen
+introTitle = Bestanden delen, eenvoudig en privé 
 introDescription = Met { -send-brand } kunt u bestanden delen met end-to-endversleuteling en een koppeling die automatisch verloopt. Hierdoor kunt u privé houden wat u wilt delen en er zeker van zijn dat uw zaken niet voor altijd online blijven.
 notifyUploadEncryptDone = Uw bestand is versleuteld en klaar voor verzending
 # downloadCount is from the downloadCount string and timespan is a timespanMinutes string. ex. 'Expires after 2 downloads or 25 minutes'

server/clientConstants.js

@@ -2,11 +2,6 @@ const config = require('./config');
 
 module.exports = {
   LIMITS: {
-    ANON: {
-      MAX_FILE_SIZE: config.anon_max_file_size,
-      MAX_DOWNLOADS: config.anon_max_downloads,
-      MAX_EXPIRE_SECONDS: config.anon_max_expire_seconds
-    },
     MAX_FILE_SIZE: config.max_file_size,
     MAX_DOWNLOADS: config.max_downloads,
     MAX_EXPIRE_SECONDS: config.max_expire_seconds,

server/config.js

@@ -39,11 +39,6 @@ const conf = convict({
     default: 86400 * 7,
     env: 'MAX_EXPIRE_SECONDS'
   },
-  anon_max_expire_seconds: {
-    format: Number,
-    default: 86400,
-    env: 'ANON_MAX_EXPIRE_SECONDS'
-  },
   download_counts: {
     format: Array,
     default: [1, 2, 3, 4, 5, 20, 50, 100],
@@ -54,11 +49,6 @@ const conf = convict({
     default: 100,
     env: 'MAX_DOWNLOADS'
   },
-  anon_max_downloads: {
-    format: Number,
-    default: 5,
-    env: 'ANON_MAX_DOWNLOADS'
-  },
   max_files_per_archive: {
     format: Number,
     default: 64,
@@ -74,6 +64,16 @@ const conf = convict({
     default: 'localhost',
     env: 'REDIS_HOST'
   },
+  redis_port: {
+    format: Number,
+    default: 6379,
+    env: 'REDIS_PORT'
+  },
+  redis_password: {
+    format: String,
+    default: '',
+    env: 'REDIS_PASSWORD'
+  },
   redis_event_expire: {
     format: Boolean,
     default: false,
@@ -120,11 +120,6 @@ const conf = convict({
     default: 1024 * 1024 * 1024 * 2.5,
     env: 'MAX_FILE_SIZE'
   },
-  anon_max_file_size: {
-    format: Number,
-    default: 1024 * 1024 * 1024,
-    env: 'ANON_MAX_FILE_SIZE'
-  },
   l10n_dev: {
     format: Boolean,
     default: false,
@@ -135,6 +130,11 @@ const conf = convict({
     default: 'https://send.firefox.com',
     env: 'BASE_URL'
   },
+  detect_base_url: {
+    format: Boolean,
+    default: false,
+    env: 'DETECT_BASE_URL'
+  },
   file_dir: {
     format: 'String',
     default: `${tmpdir()}${path.sep}send-${randomBytes(4).toString('hex')}`,
@@ -211,4 +211,17 @@ const conf = convict({
 conf.validate({ allowed: 'strict' });
 
 const props = conf.getProperties();
-module.exports = props;
+
+const deriveBaseUrl = req => {
+  if (!props.detect_base_url) {
+    return props.base_url;
+  }
+
+  const protocol = req.secure ? 'https://' : 'http://';
+  return `${protocol}${req.headers.host}`;
+};
+
+module.exports = {
+  ...props,
+  deriveBaseUrl
+};

server/routes/index.js

@@ -36,9 +36,14 @@ module.exports = function(app) {
         defaultSrc: ["'self'"],
         connectSrc: [
           "'self'",
-          config.base_url.replace(/^https:\/\//, 'wss://')
+          function(req) {
+            const baseUrl = config.deriveBaseUrl(req);
+            const r = baseUrl.replace(/^http(s?):\/\//, 'ws$1://');
+            console.log([baseUrl, r]);
+            return r;
+          }
         ],
-        imgSrc: ["'self'"],
+        imgSrc: ["'self'", 'data:'],
         scriptSrc: [
           "'self'",
           function(req) {
@@ -52,10 +57,6 @@ module.exports = function(app) {
       }
     };
 
-    csp.directives.connectSrc.push(
-      config.base_url.replace(/^https:\/\//, 'wss://')
-    );
-
     app.use(helmet.contentSecurityPolicy(csp));
   }
 

server/routes/params.js

@@ -2,7 +2,7 @@ const config = require('../config');
 const storage = require('../storage');
 
 module.exports = function(req, res) {
-  const max = req.user ? config.max_downloads : config.anon_max_downloads;
+  const max = config.max_downloads;
   const dlimit = req.body.dlimit;
   if (!dlimit || dlimit > max) {
     return res.sendStatus(400);

server/routes/upload.js

@@ -28,8 +28,7 @@ module.exports = async function(req, res) {
     //this hasn't been updated to expiration time setting yet
     //if you want to fallback to this code add this
     await storage.set(newId, fileStream, meta, config.default_expire_seconds);
-    const protocol = config.env === 'production' ? 'https' : req.protocol;
+    const url = `${config.deriveBaseUrl(req)}/download/${newId}/`;
-    const url = `${protocol}://${req.get('host')}/download/${newId}/`;
     res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
     res.json({
       url,

server/routes/ws.js

@@ -30,15 +30,9 @@ module.exports = function(ws, req) {
       const metadata = fileInfo.fileMetadata;
       const auth = fileInfo.authorization;
       const user = await fxa.verify(fileInfo.bearer);
-      const maxFileSize = user
+      const maxFileSize = config.max_file_size;
-        ? config.max_file_size
+      const maxExpireSeconds = config.max_expire_seconds;
-        : config.anon_max_file_size;
+      const maxDownloads = config.max_downloads;
-      const maxExpireSeconds = user
-        ? config.max_expire_seconds
-        : config.anon_max_expire_seconds;
-      const maxDownloads = user
-        ? config.max_downloads
-        : config.anon_max_downloads;
 
       if (config.fxa_required && !user) {
         ws.send(
@@ -71,8 +65,7 @@ module.exports = function(ws, req) {
         nonce: crypto.randomBytes(16).toString('base64')
       };
 
-      const protocol = config.env === 'production' ? 'https' : req.protocol;
+      const url = `${config.deriveBaseUrl(req)}/download/${newId}/`;
-      const url = `${protocol}://${req.get('host')}/download/${newId}/`;
 
       ws.send(
         JSON.stringify({

server/state.js

@@ -23,6 +23,7 @@ module.exports = async function(req) {
   if (config.survey_url) {
     prefs.surveyUrl = config.survey_url;
   }
+  const baseUrl = config.deriveBaseUrl(req);
   return {
     archive: {
       numFiles: 0
@@ -33,7 +34,7 @@ module.exports = async function(req) {
     title: 'Send',
     description:
       'Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.',
-    baseUrl: config.base_url,
+    baseUrl,
     ui: {},
     storage: {
       files: []

server/storage/redis.js

@@ -8,8 +8,10 @@ module.exports = function(config) {
 
   //eslint-disable-next-line security/detect-non-literal-require
   const redis = require(redis_lib);
-  const client = redis.createClient({
+
+  var client_config = {
     host: config.redis_host,
+    port: config.redis_port,
     retry_strategy: options => {
       if (options.total_retry_time > config.redis_retry_time) {
         client.emit('error', 'Retry time exhausted');
@@ -18,7 +20,10 @@ module.exports = function(config) {
 
       return config.redis_retry_delay;
     }
-  });
+  };
+  if (config.redis_password != null && config.redis_password.length > 0)
+    client_config.password = config.redis_password;
+  const client = redis.createClient(client_config);
 
   client.ttlAsync = promisify(client.ttl);
   client.hgetallAsync = promisify(client.hgetall);