Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• body-parser:1.19.0
        └─ debug:2.6.9

• eslint-config-next:11.1.2
        └─ eslint-plugin-import:2.24.2
              └─ debug:2.6.9

• express:4.17.1
        └─ debug:2.6.9
        └─ finalhandler:1.1.2
              └─ debug:2.6.9
        └─ send:0.17.1
              └─ debug:2.6.9

• next:11.1.2
        └─ get-orientation:1.1.2
              └─ stream-parser:0.3.1
                    └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Not sure if this is ever going to work but I would be cool to add. Saves a lot of ssh login time

Tracking issue for:

• https://github.com/ijsKoud/PaperPlane/security/code-scanning/13

Roadmap: v3.0.0

This is the roadmap for version 3.0.0. Every item added to this list will be part of this update.

Requested feature not on the list?

Check the lists below or open an issue!

Vulnerabilities

DepShield reports that this application's usage of lodash.sortby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.sortby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• next:11.1.2
        └─ @next/react-dev-overlay:11.1.2
              └─ source-map:0.8.0-beta.0
                    └─ whatwg-url:7.1.0
                          └─ lodash.sortby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Implementation PR

No response

Reference Issues

No response

Summary

Option to reset authentication and backup-codes of a user.

Basic Example

N/A

Drawbacks

N/A

Unresolved questions

No response

Hi.
How can I move PaperPlane to another server? I’m moving to another host, and I want to keep all my previous photos.

Thanks :)

Tracking issue for:

• https://github.com/ijsKoud/PaperPlane/security/code-scanning/12

Vulnerabilities

DepShield reports that this application's usage of express:4.17.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Idea:

First you make a GET request to /api/user to check if the client is logged in. If not, then return { loggedIn: false } else { loggedIn: true }
This will stop the need for re-opening a websocket everytime. And makes loading state much easier. It will redirect the user when not logged in to /login

Open a websocket when user is found, get data.
Close websocket when logged out or when connection is dead (using ping pong method)

Update events via websocket
POST, PATCH events via rest API

Vulnerabilities

DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• eslint:7.32.0
        └─ table:6.7.2
              └─ lodash.clonedeep:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Implementation PR

#444

Reference Issues

No response

Summary

Add the following api routes:

• Delete files
• Get file details

Basic Example

n/a

Drawbacks

n/a

Unresolved questions

No response

Hi.
Whenever I try to login to the CDN, it won't accept my password (or username). I've tried both the password I set in the .env file and the one I set while setting up the user (because I don't know which one works).

I'm not the most experienced person in this, so I've probably just done something wrong.

Hi, i am trying to deploy paperplane to my raspberry pi 4, and no matter what i try when i access the web panel it just gets stuck on 3 bouncing dots or nothing happens after i press login. in the javascript console it says this:
[Error] WebSocket connection to 'wss://hypere.app/websocket' failed: There was a bad response from the server.
[Log] ws connection closed – 1006 (_app-bc7ad50d2ae2a128.js, line 1)

i tried via docker, same thing.
is there something i'm doing wrong?
thanks!

Description

Due to an unknown bug with Prisma the linux/arm64 have been disabled temporarily. I will be looking into this issue as soon as possible.

Reproduction URL

No response

Reproduction steps

N/A

Screenshots

No response

Logs

No response

Environment

Server

OS

Linux

Implementation PR

#445

Reference Issues

No response

Summary

Add the option to upload files in chunks again. Feature was removed with last version release.

Basic Example

n/a

Drawbacks

Annoying to setup.

Unresolved questions

No response

Hello, it's me again :)
I'm getting this error when I run the node scripts/install command when installing PaperPlane.

[INFO] - Installing the required dependencies...
[INFO] - Building web application...
[ERROR] - An error occured while building the web application, please try again.
later Error: Command failed: yarn build
Failed to compile.

./src/lib/hooks/useAuth.tsx:1:15
Type error: Module '"@prisma/client"' has no exported member 'User'.

> 1 | import type { User } from "@prisma/client";
    |               ^
  2 | import React, { useState, useContext, createContext, useEffect } from "react";
  3 | import { fetch, getCancelToken } from "../fetch";
  4 |

    at ChildProcess.exithandler (node:child_process:398:12)
    at ChildProcess.emit (node:events:527:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5) {
  code: 1,
  killed: false,
  signal: null,
  cmd: 'yarn build'
}

Not sure whether it's a problem with my VPS, because this hasn't happened before.
Strange.

yo started paper plane and cant get into websit

Implementation PR

#442

Reference Issues

No response

Summary

Add the following api routes:

• Create shortcut
• Get shortcut details
• Delete shortcut

Basic Example

n/a

Drawbacks

n/a

Unresolved questions

No response

Implementation PR

No response

Reference Issues

No response

Summary

Add documentation again, current version (docs) is outdated (made for version v3.x.x).

Basic Example

n/a

Drawbacks

n/a

Unresolved questions

No response

Right now, you get redirected to repo when you visit the index route. At first I thought it wouldn't be annoying but I was completely wrong and I keep forgetting about it.

Make a landing page that allows you to visit the dashboard or get to the repo

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• chore(deps): update all non-major dependencies (@next/font, @tanstack/react-query, @tanstack/react-table, express, lucide-react, next)
• chore(deps): update nextjs monorepo to ^14.1.4 (@next/font, next)
• chore(deps): update dependency @typescript-eslint/eslint-plugin to ^7.3.1
• chore(deps): update dependency rc-progress to v4

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update all non-major dev-dependencies (@sapphire/eslint-config, @sapphire/ts-config, @types/cron, @types/lodash, @types/node, @types/react, @types/react-dom, @typescript-eslint/eslint-plugin, @typescript-eslint/parser, eslint-config-next, turbo, typescript)
• chore(deps): update dependency husky to v9
• chore(deps): update dependency winston-daily-rotate-file to v5
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• chore(deps): update node.js to v20

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Implementation PR

#443

Reference Issues

No response

Summary

Add the following api routes:

• Create pastebin
• Get pastebin details
• Delete pastebin

Basic Example

n/a

Drawbacks

n/a

Unresolved questions

No response

To Do list for version 2:
Version 1 was trash and the short URL was not really a short URL (more like a long URL because it was /:userId/r/:id/), this version removes the multi user compatibility as it was useless anyways (for me then at least. The project was created to be more like a single user system)

• Add .github directory contents
  • Workflows
  • md files
  • yml files
• Add upload settings
  • Add allowed extensions
  • Add max file size
  • Add max file uploads per request
  • Custom file name or auto generated ID name
• Add run scripts
  • Install script
  • create/reset user (excluding the files)
• Express server
  • Being able to view a file
  • Redirect when a shortlink is found
• Frontend Next.js server
  • Everything behind auth checks
  • Main page redirects to https://github.com/DaanGamesDG/PaperPlane/
  • Navigation bar
    • Logo
    • User
    • dropdown
    • with auth
    • logout system
    • responsive for mobile
  • Dashboard page
    • Behind auth check
    • Data statics
      • Responsive
      • Showing real time data
    • File table (https://cdn.daangamesdg.xyz/blNjHIfG/chrome_oKwEWY4TWH.png)
      • Search system
      • Filter system
      • Paging
      • Functional buttons
    • URL table (https://cdn.daangamesdg.xyz/blNjHIfG/zdew7Yoxq2.png)
      • Search system
      • Filter system
      • Paging
      • Functional buttons
  • Authorization
    • Auth using password and username
  • Settings page
    • Behind auth check
    • Config download component
    • User settings component
      • Password
      • Username
      • Theme
      • Token
      • Embed
  • Frontend upload page
    • Behind auth check
    • File uploading
    • Link creation
  • Login page
    • Login using default creds
  • File uploading route
    • File uploading
    • URL creation

More will be added soon:tm: