X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/208418c2e083ff46b0de2e5db64844db68112cc1..refs/heads/master:/lib/config.original.php?ds=sidebyside diff --git a/lib/config.original.php b/lib/config.original.php index 736790a..bfa76af 100644 --- a/lib/config.original.php +++ b/lib/config.original.php @@ -2,7 +2,7 @@ /* * Jirafeau, your web file repository * Copyright (C) 2008 Julien "axolotl" BERNARD - * Copyright (C) 2015 Jerome Jutteau + * Copyright (C) 2015 Jerome Jutteau * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -25,7 +25,7 @@ * rename it to »config.local.php« and adapt the parameters. **/ -/* URL of installation, with traling slash (eg. »https://exmaple.com/jirafeau/«) +/* URL of installation, with trailing slash (eg. »https://example.com/jirafeau/«) */ $cfg['web_root'] = ''; @@ -33,16 +33,17 @@ $cfg['web_root'] = ''; */ $cfg['var_root'] = ''; -/* Language - choice between 'auto' or any language located in the /lib/locales/ folder. +/* Language - choose between 'auto' or any language located in the /lib/locales/ folder. * The mode »auto« will cause the script to detect the user's browser information - * and offer a matching language, and use »en« if it is not available. - * Forcing to a specific lang lightly reduce lang computation. + * and offer a matching language, or use »en« if it is not available. + * Forcing a specific lang will slightly reduce computation time. */ $cfg['lang'] = 'auto'; /* Select a theme - see media folder for available themes */ $cfg['style'] = 'courgette'; +$cfg['dark_style'] = 'dark-courgette'; /* Name the organisation running this installation, eg. 'ACME' */ @@ -70,7 +71,7 @@ $cfg['enable_crypt'] = false; $cfg['link_name_length'] = 8; /* Upload password(s). - * An empty array will disable the password authentification. + * An empty array will disable password authentication. * $cfg['upload_password'] = array(); // No password * $cfg['upload_password'] = array('psw1'); // One password * $cfg['upload_password'] = array('psw1', 'psw2'); // Two passwords @@ -93,18 +94,29 @@ $cfg['upload_ip'] = array(); $cfg['upload_ip_nopassword'] = array(); /* Password for the admin interface. - * An empty password will disable the password authentification. + * An empty password will disable password authentication. * The password is a sha256 hash of the original version. + * Example: echo -n "myVerySecretAdminPassword" | sha256sum */ $cfg['admin_password'] = ''; -/* If set, let the user be authenticated as administrator. - * The user provided here is the user authenticated by HTTP authentication. +/* If set, let the users be authenticated as administrator. + * The users provided here are authenticated by HTTP authentication. * Note that Jirafeau does not manage the HTTP login part, it just checks - * that the provided user is logged in. + * that one of the provided users is logged in. + * May be an array for multiple users or a string for a single user. + * The option to provide a string is for backward compatibility. * If »admin_password« parameter is set, then the »admin_password« is ignored. */ -$cfg['admin_http_auth_user'] = ''; +$cfg['admin_http_auth_user'] = array(); + +/* List of IP allowed to access the admin interface. + * If the list is empty, then there is no admin interface restriction based on IP. + * Elements of the list can be a single IP (e.g. "123.45.67.89") or + * an IP range (e.g. "123.45.0.0/16"). + * Note that CIDR notation is available for IPv4 only for the moment. + */ +$cfg['admin_ip'] = array(); /* Allow user to select different options for file expiration time. * Possible values in array: @@ -112,8 +124,9 @@ $cfg['admin_http_auth_user'] = ''; * 'hour': file available for one hour * 'day': file available for one day * 'week': file available for one week + * 'fortnight': file is available for two weeks * 'month': file is available for one month - * 'quarter': file is available for three month + * 'quarter': file is available for three months * 'year': file available for one year * 'none': unlimited availability */ @@ -122,6 +135,7 @@ $cfg['availabilities'] = array( 'hour' => true, 'day' => true, 'week' => true, + 'fortnight' => true, 'month' => true, 'quarter' => false, 'year' => false, @@ -154,16 +168,93 @@ $cfg['proxy_ip'] = array(); /* File hash * In order to make file deduplication work, files can be hashed through different methods. - * By default, files are hashed through md5 but other methods are available. - * Possible values are 'md5' and 'md5_outside'. + * To enable file deduplication feature, set this option to `md5`. + * + * Possible values are 'md5', 'md5_outside' and 'random'. + * * With 'md5' option, the whole file is hashed through md5. This is the default. - * With 'md5_outside', md5 is used to hash the first part of the file, the last part of the file. This method offer file deduplication at minimal cost but can be dangerous as files with the same partial hash can be mistaken. - * With 'random', file hash not set to a random value and file deduplication cannot work anymore but it is fast and safe. - * and the file's size. This method is fast for large files but cannot be perfect. + * With 'md5_outside', hash is computed using: + * - md5 of the first part of the file, + * - md5 of the last part of the file and + * - file's size. + * This method offer file deduplication at minimal cost but can be dangerous as files with the same partial hash can be mistaken. + * With 'random' option, file hash is set to a random value and file deduplication cannot work but it is fast and safe. + */ +$cfg['file_hash'] = 'random'; + +/* Work around that LiteSpeed truncates large files when downloading. + * Only for use with the LiteSpeed web server! + * An internal redirect is made using X-LiteSpeed-Location instead + * of streaming the file from PHP. + * Limitations: + * - The Jirafeau files folder has to be placed under the document root and should be + * protected from unauthorized access using rewrite rules. + * See https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:internal-redirect#protection_from_direct_access + * - Incompatible with server side encryption. + * - Incompatible with one time download. + */ +$cfg['litespeed_workaround'] = false; + +/* Use the X-Sendfile header which should cause your webserver to handle + * the sending of the file. The webserver must be configured to do this + * using the mod_xsendfile module in Apache or the appropriate config in + * lighttpd. The offload will not happen in the case of server-side encrypted + * files, but all other cases should work. Benefits include being able + * to resume downloads and seek instantly in media players like VLC or + * the Firefox/Discord/Chrome embedded player. + */ +$cfg['use_xsendfile'] = false; + +/* Store uploader's IP along with 'link' file. + * Depending of your legislation, you may have to adjust this parameter. */ -$cfg['file_hash'] = 'md5'; +$cfg['store_uploader_ip'] = true; /* Required flag to test if the installation is already installed * or needs to start the installation script */ $cfg['installation_done'] = false; + +/* Enable this debug flag to allow eventual PHP error reporting. + * This is disabled by default permission misconfiguration might generate warnings or errors. + * Those warnings can break Jirafeau and also show path to var- folder in debug messages. + * var- folder should kept secret and accessing it may lead to data leak if unprotected. + */ +$cfg['debug'] = false; + +/** Set Jirafeau's maximal upload chunk + * When Jirafeau upload a large file, Jirafeau sends several data chunks to fit server's capabilities. + * Jirafeau tries to upload each data chunk with the maximal size allowed by PHP (post_max_size and upload_max_filesize). + * However, too large PHP configuration values are not needed and could induce unwanted side effects (see #303). + * This parameter set Jirafeau's own maximal chunk size with a reasonable value. + * Option is only used for async uploads and won't be used for browsers without html5 support. + * You should not touch this parameter unless you have good reason to do so. Feel free to open an issue to ask questions. + * Set to 0 to remove limitation. + */ +$cfg['max_upload_chunk_size_bytes'] = 100000000; // 100MB + +/* Set password requirement policy for downloading files + * Possible values: + * optional (default): Password may be set by the uploader, but is not mandatory + * required: Setting a password is mandatory to upload a file. + * generated: Passwords are automatically generated and shown to the uploader, when uploading a file + */ +$cfg['download_password_requirement'] = 'optional'; + +/* Set length of generated passwords + */ +$cfg['download_password_gen_len'] = 10; + +/* Set allowed chars for password generation + */ +$cfg['download_password_gen_chars'] = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%&*()_-=+;:,.?'; +/* Set password complexity policy for downloading files + * possible values: + * none (default): Passwords for downloading files can be of arbitrary complexity + * regex: Passwords are checked with a regex for complexity constraints + */ +$cfg['download_password_policy'] = 'none'; +/* Set the regex for regex download password policy + * Delimiters are need, but modifiers should not be used + */ +$cfg['download_password_policy_regex'] = '/.*/';