🏗️ Update CI + CI conf files + cpanfile.snapshot

.gitlab-ci.yml

@@ -41,6 +41,7 @@ variables:
   coverage: '/Total.* (\d+\.\d+)$/'
   before_script:
     - tar xf local.tar && rm local.tar
+    - which mariadb_config && cd $(dirname $(which mariadb_config)) && ln -s mariadb_config mysql_config
   script:
     - MOJO_CONFIG="t/${CI_JOB_NAME}.conf" make test
     - MOJO_CONFIG="t/${CI_JOB_NAME}.conf" make cover
@@ -96,6 +97,19 @@ podcheck:
   except:
     - tags
 
+### Cpanfile.snapshot
+## Used to get a cpanfile.snapshot from a fresh server (not like my dev VM)
+#
+#cpanfile_snapshot:
+#  stage: carton
+#  script:
+#    - rm cpanfile.snapshot
+#    - which mariadb_config && cd $(dirname $(which mariadb_config)) && ln -s mariadb_config mysql_config
+#    - carton install
+#    - cat cpanfile.snapshot
+#  except:
+#    - tags
+
 ### Install common dependencies
 ##
 #

t/mysql.conf

@@ -6,6 +6,7 @@
     # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
     hypnotoad => {
         # array of IP addresses and ports you want to listen to
+        # you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
         listen => ['http://127.0.0.1:8081'],
         # if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
         # if you use Lufi directly, let it commented
@@ -17,67 +18,67 @@
         clients => 1,
     },
 
-    # put a way to contact you here and uncomment it
+    # Put a way to contact you here and uncomment it
-    # you can put some HTML in it
+    # You can put some HTML in it
     # MANDATORY
     contact       => '<a href="https://contact.example.com">Contact page</a>',
 
-    # put an URL or an email address to receive file reports and uncomment it
+    # Put an URL or an email address to receive file reports and uncomment it
-    # it's for make reporting illegal files easy for users
+    # It's for make reporting illegal files easy for users
     # MANDATORY
     report => 'report@example.com',
 
-    # array of random strings used to encrypt cookies
+    # Array of random strings used to encrypt cookies
     # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
     #secrets        => ['fdjsofjoihrei'],
 
-    # choose a theme. See the available themes in `themes` directory
+    # Choose a theme. See the available themes in `themes` directory
-    # optional, default is 'default'
+    # Optional, default is 'default'
     #theme         => 'default',
 
-    # length of the random URL
+    # Length of the random URL
     # optional, default is 8
     #length            => 8,
 
-    # how many URLs will be provisioned in a batch ?
+    # How many URLs will be provisioned in a batch ?
     # optional, default is 5
     #provis_step       => 5,
 
-    # max number of URLs to be provisioned
+    # Max number of URLs to be provisioned
     # optional, default is 100
     #provisioning      => 100,
 
-    # length of the modify/delete token
+    # Length of the modify/delete token
     # optional, default is 32
     #token_length      => 32,
 
-    # max file size, in octets
+    # Max file size, in octets
-    # you can write it 100*1024*1024
+    # You can write it 100*1024*1024
     # optional, no default
     #max_file_size     => 104857600,
 
-    # if you want to have piwik statistics, provide a piwik image tracker
+    # If you want to have piwik statistics, provide a piwik image tracker
-    # only the image tracker is allowed, no javascript
+    # Only the image tracker is allowed, no javascript
     # optional, no default
     #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
 
-    # broadcast_message which will displayed on the index page
+    # Broadcast_message which will displayed on the index page
     # optional, no default
     #broadcast_message => 'Maintenance',
 
-    # default time limit for files
+    # Default time limit for files
-    # valid values are 0, 1, 7, 30 and 365
+    # Valid values are 0, 1, 7, 30 and 365
     # optional, default is 0 (no limit)
     #default_delay     => 0,
 
-    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # Number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
-    # a warning message will be displayed on homepage
+    # A warning message will be displayed on homepage
     # optional, default is 0 (no limit)
     #max_delay         => 0,
 
-    # size thresholds: if you want to define max delays for different sizes of file
+    # Size thresholds: if you want to define max delays for different sizes of file
-    # the keys are size in Bytes, you can't have 10*1000*10000 as key
+    # The keys are size in Bytes, you can't have 10*1000*10000 as key
-    # if a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
+    # If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
     # optional, default is using max_delay (see above) for all sizes
     #delay_for_size  => {
     #    10000000   => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
@@ -91,18 +92,54 @@
     # optional, defaut is /
     #prefix        => '/',
 
-    # array of authorized domains for API calls.
+    # Array of authorized domains for API calls.
-    # if you want to authorize everyone to use the API: ['*']
+    # If you want to authorize everyone to use the API: ['*']
     # optional, no domains allowed by default
     #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
 
-    # if set, the shortened URLs will use this domain
+    # If set, the shortened URLs will use this domain
     # optional
     #fixed_domain => 'example.org',
 
+    # Define a path to the upload directory, where the uploaded files will be stored
+    # You can define it relative to lufi directory or set an absolute path
+    # Remember that it has to be in a directory writable by Lufi user
+    # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
+    # optional, default is 'files'
+    #upload_dir           => 'files',
+
+    # Allow to add a password on files, asked before allowing to download files
+    # optional, default is 0
+    allow_pwd_on_files => 1,
+
+    # Force all files to be in "Burn after reading mode"
+    # optional, default is 0
+    #force_burn_after_reading => 0,
+
+    # If set, the files' URLs will always use this domain
+    # optional, no default
+    #fixed_domain => 'example.org',
+
+    # Abuse reasons
+    # Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+    # The reason will be displayed to the downloader, according to the reasons you will configure here.
+    # optional, no default
+    #abuse => {
+    #   0 => 'Copyright infringment',
+    #   1 => 'Illegal content',
+    #},
+    abuse => {
+       0 => 'Copyright infringment',
+       1 => 'Illegal content',
+    },
+
+    ###############
+    # Mail settings
+    ###############
+
     # Mail configuration
     # See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
-    # Optional, default to sendmail method with no arguments
+    # optional, default to sendmail method with no arguments
     #mail => {
     #    # Valid values are 'sendmail' and 'smtp'
     #    how => 'smtp',
@@ -110,23 +147,28 @@
     #},
 
     # Email sender address
-    # Optional, default to no-reply@lufi.io
+    # optional, default to no-reply@lufi.io
     #mail_sender => 'no-reply@lufi.io',
 
-    # choose what database you want to use
+    #############
-    # valid choices are sqlite, postgresql and mysql (all lowercase)
+    # DB settings
+    #############
+
+    # Choose what database you want to use
+    # Valid choices are sqlite, postgresql and mysql (all lowercase)
     # optional, default is sqlite
+    #dbtype => 'sqlite',
     dbtype => 'mysql',
 
     # SQLite ONLY - only used if dbtype is set to sqlite
-    # define a path to the SQLite database
+    # Define a path to the SQLite database
-    # you can define it relative to lufi directory or set an absolute path
+    # You can define it relative to lufi directory or set an absolute path
-    # remember that it has to be in a directory writable by Lufi user
+    # Remember that it has to be in a directory writable by Lufi user
     # optional, default is lufi.db
     #db_path           => 'lufi.db',
 
     # PostgreSQL ONLY - only used if dbtype is set to postgresql
-    # these are the credentials to access the PostgreSQL database
+    # These are the credentials to access the PostgreSQL database
     # mandatory if you choosed postgresql as dbtype
     #pgdb => {
     #    database => 'lufi',
@@ -135,13 +177,25 @@
     #    #port     => 5432,
     #    user     => 'DBUSER',
     #    pwd      => 'DBPASSWORD',
+    #    # https://mojolicious.org/perldoc/Mojo/Pg#max_connections
     #    # optional, default is 1
     #    #max_connections => 1,
     #},
 
     # MySQL ONLY - only used if dbtype is set to mysql
-    # these are the credentials to access the MySQL database
+    # These are the credentials to access the MySQL database
     # mandatory if you choosed mysql as dbtype
+    #mysqldb => {
+    #    database => 'lufi',
+    #    host     => 'localhost',
+    #    # optional, default is 3306
+    #    #port     => 3306,
+    #    user     => 'DBUSER',
+    #    pwd      => 'DBPASSWORD',
+    #    # https://metacpan.org/pod/Mojo::mysql#max_connections
+    #    # optional, default is 5 (set to 0 to disable persistent connections)
+    #    #max_connections => 5,
+    #},
     mysqldb => {
         database => 'lufi_db',
         host     => 'mariadb',
@@ -153,55 +207,50 @@
     #    #max_connections => 5,
     },
 
-    # define a path to the upload directory, where the uploaded files will be stored
+    #############################################
-    # you can define it relative to lufi directory or set an absolute path
+    # LDAP settings (authentication and features)
-    # remember that it has to be in a directory writable by Lufi user
+    #############################################
-    # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
-    # optional, default is 'files'
-    #upload_dir           => 'files',
 
-    # set `ldap` if you want that only authenticated users can upload files
+    # Set `ldap` if you want that only authenticated users can upload files
-    # please note that everybody can still download files
+    # Please note that everybody can still download files
     # optional, no default
     #ldap => { uri => 'ldap://rroemhild-test-openldap', user_tree => 'ou=people,dc=planetexpress,dc=com', bind_dn => 'cn=admin,dc=planetexpress,dc=com', bind_pwd => 'GoodNewsEveryone', user_attr => 'uid', user_filter => '' },
 
-    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # If you've set ldap above, the session will last `session_duration` seconds before
-    # see 'man htpasswd' to know how to create such file
-    #htpasswd => 't/lstu.passwd',
-
-    # if you've set ldap above, the session will last `session_duration` seconds before
     # the user needs to reauthenticate
     # optional, default is 3600
     #session_duration => 3600,
 
-    # allow to add a password on files, asked before allowing to download files
+    # If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
-    # optional, default is 0
+    # Those attributes will be accessible with:
-    allow_pwd_on_files => 1,
+    #   $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
+    #   <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
+    #
+    # Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
+    # Note that you can’t use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
+    #ldap_map_attr => {
+    #    displayname => 'cn',
+    #    mail        => 'mail'
+    #},
 
-    # force all files to be in "Burn after reading mode"
+    #########################
-    # optional, default is 0
+    # Htpasswd authentication
-    #force_burn_after_reading => 0,
+    #########################
 
-    # if set, the files' URLs will always use this domain
+    # Set `htpasswd` if you want to use an htpasswd file instead of ldap
-    # optional, no default
+    # See 'man htpasswd' to know how to create such file
-    #fixed_domain => 'example.org',
+    #htpasswd => 't/lstu.passwd',
 
-    # abuse reasons
+    #######################
-    # set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+    # HTTP Headers settings
-    # the reason will be displayed to the downloader, according to the reasons you will configure here.
+    #######################
-    # optional, no default
-    abuse => {
-       0 => 'Copyright infringment',
-       1 => 'Illegal content',
-    },
 
     # Content-Security-Policy header that will be sent by Lufi
     # Set to '' to disable CSP header
     # https://content-security-policy.com/ provides a good documentation about CSP.
     # https://report-uri.com/home/generate provides a tool to generate a CSP header.
-    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
-    # the default value is good for `default` and `milligram` themes
+    #csp => "",
-    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
 
     # X-Frame-Options header that will be sent by Lufi
     # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
@@ -228,24 +277,24 @@
     # Lufi cron jobs settings
     #########################
 
-    # number of days senders' IP addresses are kept in database
+    # Number of days senders' IP addresses are kept in database
-    # after that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
+    # After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
     # optional, default is 365
     #keep_ip_during    => 365,
 
-    # max size of the files directory, in octets
+    # Max size of the files directory, in octets
-    # used by script/lufi cron watch to trigger an action
+    # Used by script/lufi cron watch to trigger an action
     # optional, no default
     #max_total_size    => 10*1024*1024*1024,
 
-    # default action when files directory is over max_total_size (used with script/lufi cron watch)
+    # Default action when files directory is over max_total_size (used with script/lufi cron watch)
-    # valid values are 'warn', 'stop-upload' and 'delete'
+    # Valid values are 'warn', 'stop-upload' and 'delete'
-    # please, see readme
+    # Please, see README.md
     # optional, default is 'warn'
     #policy_when_full  => 'warn',
 
-    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
-    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
     # optional, no default
     #delete_no_longer_viewed_files => 90,
 };

t/postgresql.conf

@@ -6,6 +6,7 @@
     # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
     hypnotoad => {
         # array of IP addresses and ports you want to listen to
+        # you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
         listen => ['http://127.0.0.1:8081'],
         # if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
         # if you use Lufi directly, let it commented
@@ -17,67 +18,67 @@
         clients => 1,
     },
 
-    # put a way to contact you here and uncomment it
+    # Put a way to contact you here and uncomment it
-    # you can put some HTML in it
+    # You can put some HTML in it
     # MANDATORY
     contact       => '<a href="https://contact.example.com">Contact page</a>',
 
-    # put an URL or an email address to receive file reports and uncomment it
+    # Put an URL or an email address to receive file reports and uncomment it
-    # it's for make reporting illegal files easy for users
+    # It's for make reporting illegal files easy for users
     # MANDATORY
     report => 'report@example.com',
 
-    # array of random strings used to encrypt cookies
+    # Array of random strings used to encrypt cookies
     # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
     #secrets        => ['fdjsofjoihrei'],
 
-    # choose a theme. See the available themes in `themes` directory
+    # Choose a theme. See the available themes in `themes` directory
-    # optional, default is 'default'
+    # Optional, default is 'default'
     #theme         => 'default',
 
-    # length of the random URL
+    # Length of the random URL
     # optional, default is 8
     #length            => 8,
 
-    # how many URLs will be provisioned in a batch ?
+    # How many URLs will be provisioned in a batch ?
     # optional, default is 5
     #provis_step       => 5,
 
-    # max number of URLs to be provisioned
+    # Max number of URLs to be provisioned
     # optional, default is 100
     #provisioning      => 100,
 
-    # length of the modify/delete token
+    # Length of the modify/delete token
     # optional, default is 32
     #token_length      => 32,
 
-    # max file size, in octets
+    # Max file size, in octets
-    # you can write it 100*1024*1024
+    # You can write it 100*1024*1024
     # optional, no default
     #max_file_size     => 104857600,
 
-    # if you want to have piwik statistics, provide a piwik image tracker
+    # If you want to have piwik statistics, provide a piwik image tracker
-    # only the image tracker is allowed, no javascript
+    # Only the image tracker is allowed, no javascript
     # optional, no default
     #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
 
-    # broadcast_message which will displayed on the index page
+    # Broadcast_message which will displayed on the index page
     # optional, no default
     #broadcast_message => 'Maintenance',
 
-    # default time limit for files
+    # Default time limit for files
-    # valid values are 0, 1, 7, 30 and 365
+    # Valid values are 0, 1, 7, 30 and 365
     # optional, default is 0 (no limit)
     #default_delay     => 0,
 
-    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # Number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
-    # a warning message will be displayed on homepage
+    # A warning message will be displayed on homepage
     # optional, default is 0 (no limit)
     #max_delay         => 0,
 
-    # size thresholds: if you want to define max delays for different sizes of file
+    # Size thresholds: if you want to define max delays for different sizes of file
-    # the keys are size in Bytes, you can't have 10*1000*10000 as key
+    # The keys are size in Bytes, you can't have 10*1000*10000 as key
-    # if a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
+    # If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
     # optional, default is using max_delay (see above) for all sizes
     #delay_for_size  => {
     #    10000000   => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
@@ -91,18 +92,50 @@
     # optional, defaut is /
     #prefix        => '/',
 
-    # array of authorized domains for API calls.
+    # Array of authorized domains for API calls.
-    # if you want to authorize everyone to use the API: ['*']
+    # If you want to authorize everyone to use the API: ['*']
     # optional, no domains allowed by default
     #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
 
-    # if set, the shortened URLs will use this domain
+    # If set, the shortened URLs will use this domain
     # optional
     #fixed_domain => 'example.org',
 
+    # Define a path to the upload directory, where the uploaded files will be stored
+    # You can define it relative to lufi directory or set an absolute path
+    # Remember that it has to be in a directory writable by Lufi user
+    # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
+    # optional, default is 'files'
+    #upload_dir           => 'files',
+
+    # Allow to add a password on files, asked before allowing to download files
+    # optional, default is 0
+    allow_pwd_on_files => 1,
+
+    # Force all files to be in "Burn after reading mode"
+    # optional, default is 0
+    #force_burn_after_reading => 0,
+
+    # If set, the files' URLs will always use this domain
+    # optional, no default
+    #fixed_domain => 'example.org',
+
+    # Abuse reasons
+    # Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+    # The reason will be displayed to the downloader, according to the reasons you will configure here.
+    # optional, no default
+    abuse => {
+       0 => 'Copyright infringment',
+       1 => 'Illegal content',
+    },
+
+    ###############
+    # Mail settings
+    ###############
+
     # Mail configuration
     # See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
-    # Optional, default to sendmail method with no arguments
+    # optional, default to sendmail method with no arguments
     #mail => {
     #    # Valid values are 'sendmail' and 'smtp'
     #    how => 'smtp',
@@ -110,23 +143,27 @@
     #},
 
     # Email sender address
-    # Optional, default to no-reply@lufi.io
+    # optional, default to no-reply@lufi.io
     #mail_sender => 'no-reply@lufi.io',
 
-    # choose what database you want to use
+    #############
-    # valid choices are sqlite, postgresql and mysql (all lowercase)
+    # DB settings
+    #############
+
+    # Choose what database you want to use
+    # Valid choices are sqlite, postgresql and mysql (all lowercase)
     # optional, default is sqlite
     dbtype => 'postgresql',
 
     # SQLite ONLY - only used if dbtype is set to sqlite
-    # define a path to the SQLite database
+    # Define a path to the SQLite database
-    # you can define it relative to lufi directory or set an absolute path
+    # You can define it relative to lufi directory or set an absolute path
-    # remember that it has to be in a directory writable by Lufi user
+    # Remember that it has to be in a directory writable by Lufi user
     # optional, default is lufi.db
     #db_path           => 'lufi.db',
 
     # PostgreSQL ONLY - only used if dbtype is set to postgresql
-    # these are the credentials to access the PostgreSQL database
+    # These are the credentials to access the PostgreSQL database
     # mandatory if you choosed postgresql as dbtype
     pgdb => {
         database => 'lufi_db',
@@ -140,7 +177,7 @@
     },
 
     # MySQL ONLY - only used if dbtype is set to mysql
-    # these are the credentials to access the MySQL database
+    # These are the credentials to access the MySQL database
     # mandatory if you choosed mysql as dbtype
     #mysqldb => {
     #    database => 'lufi',
@@ -149,59 +186,55 @@
     #    #port     => 3306,
     #    user     => 'DBUSER',
     #    pwd      => 'DBPASSWORD',
+    #    # https://metacpan.org/pod/Mojo::mysql#max_connections
     #    # optional, default is 5 (set to 0 to disable persistent connections)
     #    #max_connections => 5,
     #},
 
-    # define a path to the upload directory, where the uploaded files will be stored
+    #############################################
-    # you can define it relative to lufi directory or set an absolute path
+    # LDAP settings (authentication and features)
-    # remember that it has to be in a directory writable by Lufi user
+    #############################################
-    # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
-    # optional, default is 'files'
-    #upload_dir           => 'files',
 
-    # set `ldap` if you want that only authenticated users can upload files
+    # Set `ldap` if you want that only authenticated users can upload files
-    # please note that everybody can still download files
+    # Please note that everybody can still download files
     # optional, no default
     #ldap => { uri => 'ldap://rroemhild-test-openldap', user_tree => 'ou=people,dc=planetexpress,dc=com', bind_dn => 'cn=admin,dc=planetexpress,dc=com', bind_pwd => 'GoodNewsEveryone', user_attr => 'uid', user_filter => '' },
 
-    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # If you've set ldap above, the session will last `session_duration` seconds before
-    # see 'man htpasswd' to know how to create such file
-    #htpasswd => 't/lstu.passwd',
-
-    # if you've set ldap above, the session will last `session_duration` seconds before
     # the user needs to reauthenticate
     # optional, default is 3600
     #session_duration => 3600,
 
-    # allow to add a password on files, asked before allowing to download files
+    # If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
-    # optional, default is 0
+    # Those attributes will be accessible with:
-    allow_pwd_on_files => 1,
+    #   $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
+    #   <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
+    #
+    # Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
+    # Note that you can’t use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
+    #ldap_map_attr => {
+    #    displayname => 'cn',
+    #    mail        => 'mail'
+    #},
 
-    # force all files to be in "Burn after reading mode"
+    #########################
-    # optional, default is 0
+    # Htpasswd authentication
-    #force_burn_after_reading => 0,
+    #########################
 
-    # if set, the files' URLs will always use this domain
+    # Set `htpasswd` if you want to use an htpasswd file instead of ldap
-    # optional, no default
+    # See 'man htpasswd' to know how to create such file
-    #fixed_domain => 'example.org',
+    #htpasswd => 'lufi.passwd',
 
-    # abuse reasons
+    #######################
-    # set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+    # HTTP Headers settings
-    # the reason will be displayed to the downloader, according to the reasons you will configure here.
+    #######################
-    # optional, no default
-    abuse => {
-       0 => 'Copyright infringment',
-       1 => 'Illegal content',
-    },
 
     # Content-Security-Policy header that will be sent by Lufi
     # Set to '' to disable CSP header
     # https://content-security-policy.com/ provides a good documentation about CSP.
     # https://report-uri.com/home/generate provides a tool to generate a CSP header.
-    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
-    # the default value is good for `default` and `milligram` themes
+    #csp => "",
-    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
 
     # X-Frame-Options header that will be sent by Lufi
     # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
@@ -228,24 +261,24 @@
     # Lufi cron jobs settings
     #########################
 
-    # number of days senders' IP addresses are kept in database
+    # Number of days senders' IP addresses are kept in database
-    # after that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
+    # After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
     # optional, default is 365
     #keep_ip_during    => 365,
 
-    # max size of the files directory, in octets
+    # Max size of the files directory, in octets
-    # used by script/lufi cron watch to trigger an action
+    # Used by script/lufi cron watch to trigger an action
     # optional, no default
     #max_total_size    => 10*1024*1024*1024,
 
-    # default action when files directory is over max_total_size (used with script/lufi cron watch)
+    # Default action when files directory is over max_total_size (used with script/lufi cron watch)
-    # valid values are 'warn', 'stop-upload' and 'delete'
+    # Valid values are 'warn', 'stop-upload' and 'delete'
-    # please, see readme
+    # Please, see README.md
     # optional, default is 'warn'
     #policy_when_full  => 'warn',
 
-    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
-    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
     # optional, no default
     #delete_no_longer_viewed_files => 90,
 };

t/sqlite.conf

@@ -6,6 +6,7 @@
     # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
     hypnotoad => {
         # array of IP addresses and ports you want to listen to
+        # you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
         listen => ['http://127.0.0.1:8081'],
         # if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
         # if you use Lufi directly, let it commented
@@ -17,67 +18,67 @@
         clients => 1,
     },
 
-    # put a way to contact you here and uncomment it
+    # Put a way to contact you here and uncomment it
-    # you can put some HTML in it
+    # You can put some HTML in it
     # MANDATORY
     contact       => '<a href="https://contact.example.com">Contact page</a>',
 
-    # put an URL or an email address to receive file reports and uncomment it
+    # Put an URL or an email address to receive file reports and uncomment it
-    # it's for make reporting illegal files easy for users
+    # It's for make reporting illegal files easy for users
     # MANDATORY
     report => 'report@example.com',
 
-    # array of random strings used to encrypt cookies
+    # Array of random strings used to encrypt cookies
     # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
     #secrets        => ['fdjsofjoihrei'],
 
-    # choose a theme. See the available themes in `themes` directory
+    # Choose a theme. See the available themes in `themes` directory
-    # optional, default is 'default'
+    # Optional, default is 'default'
     #theme         => 'default',
 
-    # length of the random URL
+    # Length of the random URL
     # optional, default is 8
     #length            => 8,
 
-    # how many URLs will be provisioned in a batch ?
+    # How many URLs will be provisioned in a batch ?
     # optional, default is 5
     #provis_step       => 5,
 
-    # max number of URLs to be provisioned
+    # Max number of URLs to be provisioned
     # optional, default is 100
     #provisioning      => 100,
 
-    # length of the modify/delete token
+    # Length of the modify/delete token
     # optional, default is 32
     #token_length      => 32,
 
-    # max file size, in octets
+    # Max file size, in octets
-    # you can write it 100*1024*1024
+    # You can write it 100*1024*1024
     # optional, no default
     #max_file_size     => 104857600,
 
-    # if you want to have piwik statistics, provide a piwik image tracker
+    # If you want to have piwik statistics, provide a piwik image tracker
-    # only the image tracker is allowed, no javascript
+    # Only the image tracker is allowed, no javascript
     # optional, no default
     #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
 
-    # broadcast_message which will displayed on the index page
+    # Broadcast_message which will displayed on the index page
     # optional, no default
     #broadcast_message => 'Maintenance',
 
-    # default time limit for files
+    # Default time limit for files
-    # valid values are 0, 1, 7, 30 and 365
+    # Valid values are 0, 1, 7, 30 and 365
     # optional, default is 0 (no limit)
     #default_delay     => 0,
 
-    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # Number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
-    # a warning message will be displayed on homepage
+    # A warning message will be displayed on homepage
     # optional, default is 0 (no limit)
     #max_delay         => 0,
 
-    # size thresholds: if you want to define max delays for different sizes of file
+    # Size thresholds: if you want to define max delays for different sizes of file
-    # the keys are size in Bytes, you can't have 10*1000*10000 as key
+    # The keys are size in Bytes, you can't have 10*1000*10000 as key
-    # if a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
+    # If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
     # optional, default is using max_delay (see above) for all sizes
     #delay_for_size  => {
     #    10000000   => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
@@ -91,18 +92,54 @@
     # optional, defaut is /
     #prefix        => '/',
 
-    # array of authorized domains for API calls.
+    # Array of authorized domains for API calls.
-    # if you want to authorize everyone to use the API: ['*']
+    # If you want to authorize everyone to use the API: ['*']
     # optional, no domains allowed by default
     #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
 
-    # if set, the shortened URLs will use this domain
+    # If set, the shortened URLs will use this domain
     # optional
     #fixed_domain => 'example.org',
 
+    # Define a path to the upload directory, where the uploaded files will be stored
+    # You can define it relative to lufi directory or set an absolute path
+    # Remember that it has to be in a directory writable by Lufi user
+    # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
+    # optional, default is 'files'
+    #upload_dir           => 'files',
+
+    # Allow to add a password on files, asked before allowing to download files
+    # optional, default is 0
+    allow_pwd_on_files => 1,
+
+    # Force all files to be in "Burn after reading mode"
+    # optional, default is 0
+    #force_burn_after_reading => 0,
+
+    # If set, the files' URLs will always use this domain
+    # optional, no default
+    #fixed_domain => 'example.org',
+
+    # Abuse reasons
+    # Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+    # The reason will be displayed to the downloader, according to the reasons you will configure here.
+    # optional, no default
+    #abuse => {
+    #   0 => 'Copyright infringment',
+    #   1 => 'Illegal content',
+    #},
+    abuse => {
+       0 => 'Copyright infringment',
+       1 => 'Illegal content',
+    },
+
+    ###############
+    # Mail settings
+    ###############
+
     # Mail configuration
     # See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
-    # Optional, default to sendmail method with no arguments
+    # optional, default to sendmail method with no arguments
     #mail => {
     #    # Valid values are 'sendmail' and 'smtp'
     #    how => 'smtp',
@@ -110,23 +147,27 @@
     #},
 
     # Email sender address
-    # Optional, default to no-reply@lufi.io
+    # optional, default to no-reply@lufi.io
     #mail_sender => 'no-reply@lufi.io',
 
-    # choose what database you want to use
+    #############
-    # valid choices are sqlite, postgresql and mysql (all lowercase)
+    # DB settings
+    #############
+
+    # Choose what database you want to use
+    # Valid choices are sqlite, postgresql and mysql (all lowercase)
     # optional, default is sqlite
     #dbtype => 'sqlite',
 
     # SQLite ONLY - only used if dbtype is set to sqlite
-    # define a path to the SQLite database
+    # Define a path to the SQLite database
-    # you can define it relative to lufi directory or set an absolute path
+    # You can define it relative to lufi directory or set an absolute path
-    # remember that it has to be in a directory writable by Lufi user
+    # Remember that it has to be in a directory writable by Lufi user
     # optional, default is lufi.db
     db_path           => 'sqlite.db',
 
     # PostgreSQL ONLY - only used if dbtype is set to postgresql
-    # these are the credentials to access the PostgreSQL database
+    # These are the credentials to access the PostgreSQL database
     # mandatory if you choosed postgresql as dbtype
     #pgdb => {
     #    database => 'lufi',
@@ -141,7 +182,7 @@
     #},
 
     # MySQL ONLY - only used if dbtype is set to mysql
-    # these are the credentials to access the MySQL database
+    # These are the credentials to access the MySQL database
     # mandatory if you choosed mysql as dbtype
     #mysqldb => {
     #    database => 'lufi',
@@ -155,55 +196,50 @@
     #    #max_connections => 5,
     #},
 
-    # define a path to the upload directory, where the uploaded files will be stored
+    #############################################
-    # you can define it relative to lufi directory or set an absolute path
+    # LDAP settings (authentication and features)
-    # remember that it has to be in a directory writable by Lufi user
+    #############################################
-    # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
-    # optional, default is 'files'
-    #upload_dir           => 'files',
 
-    # set `ldap` if you want that only authenticated users can upload files
+    # Set `ldap` if you want that only authenticated users can upload files
-    # please note that everybody can still download files
+    # Please note that everybody can still download files
     # optional, no default
     #ldap => { uri => 'ldap://rroemhild-test-openldap', user_tree => 'ou=people,dc=planetexpress,dc=com', bind_dn => 'cn=admin,dc=planetexpress,dc=com', bind_pwd => 'GoodNewsEveryone', user_attr => 'uid', user_filter => '' },
 
-    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # If you've set ldap above, the session will last `session_duration` seconds before
-    # see 'man htpasswd' to know how to create such file
-    #htpasswd => 't/lstu.passwd',
-
-    # if you've set ldap above, the session will last `session_duration` seconds before
     # the user needs to reauthenticate
     # optional, default is 3600
     #session_duration => 3600,
 
-    # allow to add a password on files, asked before allowing to download files
+    # If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
-    # optional, default is 0
+    # Those attributes will be accessible with:
-    allow_pwd_on_files => 1,
+    #   $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
+    #   <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
+    #
+    # Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
+    # Note that you can’t use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
+    #ldap_map_attr => {
+    #    displayname => 'cn',
+    #    mail        => 'mail'
+    #},
 
-    # force all files to be in "Burn after reading mode"
+    #########################
-    # optional, default is 0
+    # Htpasswd authentication
-    #force_burn_after_reading => 0,
+    #########################
 
-    # if set, the files' URLs will always use this domain
+    # Set `htpasswd` if you want to use an htpasswd file instead of ldap
-    # optional, no default
+    # See 'man htpasswd' to know how to create such file
-    #fixed_domain => 'example.org',
+    #htpasswd => 't/lstu.passwd',
 
-    # abuse reasons
+    #######################
-    # set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+    # HTTP Headers settings
-    # the reason will be displayed to the downloader, according to the reasons you will configure here.
+    #######################
-    # optional, no default
-    abuse => {
-       0 => 'Copyright infringment',
-       1 => 'Illegal content',
-    },
 
     # Content-Security-Policy header that will be sent by Lufi
     # Set to '' to disable CSP header
     # https://content-security-policy.com/ provides a good documentation about CSP.
     # https://report-uri.com/home/generate provides a tool to generate a CSP header.
-    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
-    # the default value is good for `default` and `milligram` themes
+    #csp => "",
-    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
 
     # X-Frame-Options header that will be sent by Lufi
     # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
@@ -230,24 +266,24 @@
     # Lufi cron jobs settings
     #########################
 
-    # number of days senders' IP addresses are kept in database
+    # Number of days senders' IP addresses are kept in database
-    # after that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
+    # After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
     # optional, default is 365
     #keep_ip_during    => 365,
 
-    # max size of the files directory, in octets
+    # Max size of the files directory, in octets
-    # used by script/lufi cron watch to trigger an action
+    # Used by script/lufi cron watch to trigger an action
     # optional, no default
     #max_total_size    => 10*1024*1024*1024,
 
-    # default action when files directory is over max_total_size (used with script/lufi cron watch)
+    # Default action when files directory is over max_total_size (used with script/lufi cron watch)
-    # valid values are 'warn', 'stop-upload' and 'delete'
+    # Valid values are 'warn', 'stop-upload' and 'delete'
-    # please, see readme
+    # Please, see README.md
     # optional, default is 'warn'
     #policy_when_full  => 'warn',
 
-    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
-    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
     # optional, no default
     #delete_no_longer_viewed_files => 90,
 };