bytewavemlp / sleeti Goto Github PK

View Code? Open in Web Editor NEW

16.0 5.0 4.0 653 KB

Simple, free, open source file sharing

License: Mozilla Public License 2.0

PHP 55.29% CSS 0.17% HTML 44.54%

pomf php slim-3 eloquent twig file-sharing upload website slim slim-framework

sleeti's Introduction

sleeti

Simple, free, open source file sharing

Welcome to sleeti, a summer project turned full-time learning experience. sleeti is my personal adventure into PHP MVC app design, and tries to incorporate various security and design "best-practices" into a fully-featured file sharing application. sleeti's development began in August 2016, sparked by Codecourse's Authentication with Slim 3 series, and has since evolved into a self-teaching tool that I've used to hack at and home my skills.

Background
Install
- Prerequisites
- Installation
Usage
Maintainers
Contribute
License

Background

Covered in-depth here, but you can find a summary below:

I started sleeti with the intent to clone eeti.me, an invite-only file sharing project by a friend of mine. It originated almost out of a joke, as I wasn't a fan of procedural PHP (which eeti was written in) and eeti's author wasn't a fan of MVC. sleeti started in the summer of 2016 (around August according to my git history), and since then it's grown into a fun learning tool for security and app design.

Install

Prerequisites

Apache/nginx
PHP >= 7.0
MySQL >= 5.5.3
CLI access + Composer

Installation

$ git clone https://github.com/BytewaveMLP/sleeti
$ cd sleeti
$ composer install
$ mysql -u <your MySQL user> -p
> CREATE DATABASE sleeti;
> SOURCE ./sleeti.sql;
> EXIT;

At this point, install your nginx configs if necessary and restart your webserver. Then, just browse to http://yourdomain.ext/install and fill out the form presented.

Usage

After setting up sleeti, you should be warned that the first account registered will be an administrative account. Go ahead and register an account at /auth/signup. As stated, your account will have full administrative access, and will be able to manage everything about the site.

From there? Explore! Go public if you want! The sky's the limit!*

* - Note: The sky is not actually the limit.

Maintainers

BytewaveMLP

Contribute

Issues, suggestions, or concerns? Submit a GitHub issue!

Want to add a feature? We accept PRs!

All upcoming and completed features, bugfixes, etc are listed on the Trello board

License

sleeti's People

Contributors

Stargazers

Watchers

Forkers

billyprice1old antigravities persianphilosopher cangsalak

sleeti's Issues

Broke my linux dev environment

please fix

Use flysystem for storage.

Using flysystem will allow sleeti to use storage solutions other than local disk storage, such AWS, Azure or similar.

To-do list

Migrated to Trello, at the suggestion of @LordNature.

Use a version of Parsedown designed to resist XSS

Hi there, just trying to track down things that are referencing my anti-xss PR in Parsedown.

I've implemented this security update via a class extension to Parsedown and made it available via composer, hopefully this should get a user-input-safe version of Parsedown out there a lot sooner (given the lack of any hint at a merge any time soon in the core repo 😞).

To grab it:

composer require aidantwoods/secureparsedown

To use it:

<?php

use Aidantwoods\SecureParsedown\SecureParsedown;

$Parsedown = new SecureParsedown;
$Parsedown->setSafeMode(true);

And then however you'd normally use Parsedown from then on out, enjoy!

Extension repo here: https://github.com/aidantwoods/SecureParsedown

Better Install System

What were your thoughts a better install system. I could create a shell script that you basically do curl https://website.org/install.sh | sudo bash that would try and install all dependancies like MariaDB/MySQL, nginx, php-fpm/hhvm, and run setup. Or I could create a deb file that you just add to the apt repo list and it installs from there. Or I could make an ncurses interface that installs the program using a pesudo gui. Up to you on how it goes.

Email Confirmation on Account Creation

Modify Auth.php to send emails (if configured) to the new account holders upon the creation of their accounts.

Possibly:

Email account holders upon important actions taking place on their accounts (i.e. password changes, etc.)

Breaking changes since file IDs were removed

I recently removed file IDs from all routes, favoring owner IDs instead. As a result, you will need to use the following two snippets of code to migrate your database schema. Run the following in order, the first being PHP and the second SQL.

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

require __DIR__ . '/../vendor/autoload.php';

use \Sleeti\Models\User;
use \Sleeti\Models\File;

$settings = json_decode(file_get_contents(__DIR__ . '/../config/config.json'), true);

$capsule = new \Illuminate\Database\Capsule\Manager;
$capsule->addConnection($settings['db'] ?? []);
$capsule->setAsGlobal();
$capsule->bootEloquent();

$files = File::all();

foreach ($files as $file) {
	$file->filename = $file->id . ($file->filename !== null ? '-' . $file->filename : '') . ($file->ext !== null ? '.' . $file->ext : '');
	$file->save();
}

ALTER TABLE `uploaded_files`
  DROP `ext`;