Bump version to 3.4.19

See https://github.com/timvisee/send/pull/83

Dockerfile

@@ -4,41 +4,57 @@
 # License https://gitlab.com/timvisee/send/blob/master/LICENSE
 ##
 
-
 # Build project
-FROM node:current-alpine AS builder
+FROM node:16.13-alpine3.13 AS builder
+
+RUN set -x \
+  # Change node uid/gid
+  && apk --no-cache add shadow \
+  && groupmod -g 1001 node \
+  && usermod -u 1001 -g 1001 node
+
 RUN set -x \
     # Add user
-    && addgroup --gid 10001 app \
+    && addgroup --gid 1000 app \
     && adduser --disabled-password \
         --gecos '' \
         --ingroup app \
         --home /app \
-        --uid 10001 \
+        --uid 1000 \
         app
+
 COPY --chown=app:app . /app
+
 USER app
 WORKDIR /app
+
 RUN set -x \
     # Build
     && PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true npm ci \
     && npm run build
 
-
 # Main image
-FROM node:current-alpine
+FROM node:16.13-alpine3.13
+
+RUN set -x \
+  # Change node uid/gid
+  && apk --no-cache add shadow \
+  && groupmod -g 1001 node \
+  && usermod -u 1001 -g 1001 node
+
 RUN set -x \
     # Add user
-    && addgroup --gid 10001 app \
+    && addgroup --gid 1000 app \
     && adduser --disabled-password \
         --gecos '' \
         --ingroup app \
         --home /app \
-        --uid 10001 \
+        --uid 1000 \
         app
 
 USER app
 WORKDIR /app
+
 COPY --chown=app:app package*.json ./
 COPY --chown=app:app app app
 COPY --chown=app:app common common

README.md

@@ -1,4 +1,4 @@
-# [![Send](./assets/icon.svg)](https://gitlab.com/timvisee/send/) Send
+# [![Send](./assets/icon-64x64.png)](https://gitlab.com/timvisee/send/) Send
 
 [![Build status on GitLab CI][gitlab-ci-master-badge]][gitlab-ci-link]
 [![Latest release][release-badge]][release-link]
@@ -81,7 +81,7 @@ A file sharing experiment which allows you to send encrypted files to other user
 
 ## Requirements
 
-- [Node.js 15.x](https://nodejs.org/)
+- [Node.js 16.x](https://nodejs.org/)
 - [Redis server](https://redis.io/) (optional for development)
 - [AWS S3](https://aws.amazon.com/s3/) or compatible service (optional)
 
@@ -152,6 +152,7 @@ AWS example using Ubuntu Server `20.04`: [docs/AWS.md](docs/AWS.md)
 - Web: _this repository_
 - Command-line: [`ffsend`](https://github.com/timvisee/ffsend)
 - Android: _see [Android](#android) section_
+- Thunderbird: [FileLink provider for Send](https://addons.thunderbird.net/en-US/thunderbird/addon/filelink-provider-for-send/)
 
 #### Android
 

app/fileReceiver.js

@@ -224,24 +224,6 @@ async function saveFile(file) {
     if (navigator.msSaveBlob) {
       navigator.msSaveBlob(blob, file.name);
       return resolve();
-    } else if (/iPhone|fxios/i.test(navigator.userAgent)) {
-      // This method is much slower but createObjectURL
-      // is buggy on iOS
-      const reader = new FileReader();
-      reader.addEventListener('loadend', function() {
-        if (reader.error) {
-          return reject(reader.error);
-        }
-        if (reader.result) {
-          const a = document.createElement('a');
-          a.href = reader.result;
-          a.download = file.name;
-          document.body.appendChild(a);
-          a.click();
-        }
-        resolve();
-      });
-      reader.readAsDataURL(blob);
     } else {
       const downloadUrl = URL.createObjectURL(blob);
       const a = document.createElement('a');

app/main.css

@@ -175,7 +175,6 @@ footer li a:hover {
   position: relative;
   max-width: 64rem;
   width: 100%;
-  height: 100%;
 }
 
 .main > section {
@@ -271,7 +270,6 @@ select {
     @apply m-auto;
     @apply py-8;
 
-    min-height: 42rem;
     max-height: 42rem;
     width: calc(100% - 3rem);
   }

app/ui/qr.js

@@ -2,7 +2,7 @@ const raw = require('choo/html/raw');
 const qrcode = require('../qrcode');
 
 module.exports = function(url) {
-  const gen = qrcode(5, 'L');
+  const gen = qrcode(0, 'L');
   gen.addData(url);
   gen.make();
   const qr = gen.createSvgTag({ scalable: true });

app/zip.js

@@ -29,7 +29,7 @@ class File {
     const v = new DataView(h);
     v.setUint32(0, 0x04034b50, true); // sig
     v.setUint16(4, 20, true); // version
-    v.setUint16(6, 8, true); // bit flags (8 = use data descriptor)
+    v.setUint16(6, 0x808, true); // bit flags (use data descriptor(8) + utf8-encoded(8 << 8))
     v.setUint16(8, 0, true); // compression
     v.setUint16(10, this.dateTime.time, true); // modified time
     v.setUint16(12, this.dateTime.date, true); // modified date
@@ -60,7 +60,7 @@ class File {
     v.setUint32(0, 0x02014b50, true); // sig
     v.setUint16(4, 20, true); // version made
     v.setUint16(6, 20, true); // version required
-    v.setUint16(8, 8, true); // bit flags (8 = use data descriptor)
+    v.setUint16(8, 0x808, true); // bit flags (use data descriptor(8) + utf8-encoded(8 << 8))
     v.setUint16(10, 0, true); // compression
     v.setUint16(12, this.dateTime.time, true); // modified time
     v.setUint16(14, this.dateTime.date, true); // modified date

docs/faq.md

@@ -1,12 +1,12 @@
 ## How big of a file can I transfer with Send?
 
-There is a 2.5GB file size limit built in to Send(1GB for non-signed in users), however, in practice you may
-be unable to send files that large.  Send encrypts and decrypts the files in
-the browser which is great for security but will tax your system resources.  In
-particular you can expect to see your memory usage go up by at least the size
-of the file when the transfer is processing.  You can see [the results of some
-testing](https://github.com/mozilla/send/issues/170#issuecomment-314107793).
-For the most reliable operation on common computers, it’s probably best to stay
+There is a 2GB file size limit built in to Send, but this may be changed by the
+hoster. Send encrypts and decrypts the files in the browser which is great for
+security but will tax your system resources.  In particular you can expect to
+see your memory usage go up by at least the size of the file when the transfer
+is processing.  You can see [the results of some
+testing](https://github.com/mozilla/send/issues/170#issuecomment-314107793). For
+the most reliable operation on common computers, it’s probably best to stay
 under a few hundred megabytes.
 
 ## Why is my browser not supported?

package.json

@@ -1,7 +1,7 @@
 {
   "name": "send",
   "description": "File Sharing Experiment",
-  "version": "3.4.12",
+  "version": "3.4.19",
   "author": "Mozilla (https://mozilla.org)",
   "contributors": [
     "Tim Visee <3a4fb3964f@sinenomine.email> (https://timvisee.com)"
@@ -37,9 +37,7 @@
   "husky": {
     "hooks": {
       "pre-commit": "lint-staged",
-      "pre-push": "npm test",
-      "post-merge": "npm install",
-      "post-checkout": "scripts/sync-npm-dependencies.sh"
+      "pre-push": "npm test"
     }
   },
   "lint-staged": {
@@ -61,24 +59,24 @@
     "cache": true
   },
   "engines": {
-    "node": "^15.5.1"
+    "node": "^16.13.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.14.3",
-    "@babel/plugin-proposal-class-properties": "^7.13.0",
+    "@babel/core": "^7.17.9",
+    "@babel/plugin-proposal-class-properties": "^7.16.7",
     "@babel/plugin-syntax-dynamic-import": "^7.2.0",
-    "@babel/preset-env": "^7.14.4",
+    "@babel/preset-env": "^7.16.11",
     "@dannycoates/webcrypto-liner": "^0.1.37",
     "@fullhuman/postcss-purgecss": "^1.3.0",
     "@mattiasbuelens/web-streams-polyfill": "0.2.1",
     "@sentry/browser": "^5.30.0",
     "asmcrypto.js": "^0.22.0",
-    "babel-loader": "^8.2.2",
+    "babel-loader": "^8.2.4",
     "babel-plugin-istanbul": "^5.2.0",
     "base64-js": "^1.5.1",
-    "content-disposition": "^0.5.3",
+    "content-disposition": "^0.5.4",
     "copy-webpack-plugin": "^5.1.2",
-    "core-js": "^3.13.1",
+    "core-js": "^3.21.1",
     "crc": "^3.8.0",
     "cross-env": "^6.0.3",
     "css-loader": "^3.6.0",
@@ -98,7 +96,7 @@
     "html-loader": "^0.5.5",
     "http_ece": "^1.1.0",
     "husky": "^3.0.9",
-    "intl-pluralrules": "^1.2.2",
+    "intl-pluralrules": "^1.3.1",
     "lint-staged": "^9.4.2",
     "mocha": "^6.2.2",
     "morgan": "^1.9.1",
@@ -108,7 +106,7 @@
     "npm-run-all": "^4.1.5",
     "nyc": "^14.1.1",
     "postcss-loader": "^3.0.0",
-    "postcss-preset-env": "^6.7.0",
+    "postcss-preset-env": "^6.7.1",
     "prettier": "^1.19.1",
     "proxyquire": "^2.1.3",
     "puppeteer": "^2.0.0",
@@ -127,7 +125,7 @@
     "webpack": "4.38.0",
     "webpack-cli": "^3.3.12",
     "webpack-dev-middleware": "^3.7.3",
-    "webpack-dev-server": "^3.11.2",
+    "webpack-dev-server": "^3.11.3",
     "webpack-manifest-plugin": "^2.2.0",
     "webpack-unassert-loader": "^1.2.0"
   },
@@ -135,23 +133,25 @@
     "@dannycoates/express-ws": "^5.0.3",
     "@fluent/bundle": "^0.13.0",
     "@fluent/langneg": "^0.3.0",
-    "@google-cloud/storage": "^5.8.5",
+    "@google-cloud/storage": "^5.19.0",
     "@sentry/node": "^5.30.0",
-    "aws-sdk": "^2.921.0",
-    "body-parser": "^1.19.0",
+    "aws-sdk": "^2.1109.0",
+    "body-parser": "^1.20.0",
     "choo": "^7.0.0",
     "cldr-core": "^35.1.0",
     "configstore": "github:dannycoates/configstore#master",
-    "convict": "^5.2.0",
-    "express": "^4.17.1",
+    "convict": "^6.2.2",
+    "convict-format-with-validator": "^6.2.0",
+    "double-ended-queue": "^2.1.0-0",
+    "express": "^4.17.3",
     "helmet": "^3.23.3",
-    "mkdirp": "^0.5.1",
+    "mkdirp": "^0.5.6",
     "mozlog": "^2.2.0",
-    "node-fetch": "^2.6.1",
-    "redis": "^2.8.0",
+    "node-fetch": "^2.6.7",
+    "redis": "^3.1.1",
     "redis-mock": "^0.47.0",
-    "selenium-standalone": "^6.23.0",
-    "ua-parser-js": "^0.7.28"
+    "selenium-standalone": "^6.24.0",
+    "ua-parser-js": "^0.7.31"
   },
   "availableLanguages": [
     "en-US",

server/config.js

@@ -1,8 +1,11 @@
 const convict = require('convict');
+const convict_format_with_validator = require('convict-format-with-validator');
 const { tmpdir } = require('os');
 const path = require('path');
 const { randomBytes } = require('crypto');
 
+convict.addFormats(convict_format_with_validator);
+
 convict.addFormat({
   name: 'positive-int-array',
   coerce: ints => {