🔖 — Bump version (0.17.0)

And update minified CSS files

.dockerignore

@@ -0,0 +1,8 @@
+.ash_history
+.git
+.cpan
+.cpanm
+/files/
+/local/
+/lutim.conf
+/lutim.db

.gitattributes

@@ -0,0 +1 @@
+zanata.xml merge=ours

.gitignore

@@ -1,9 +1,27 @@
+*.swp
 lutim.conf
-lutim.db
+*.db
+*.db-shm
+*.db-wal
 script/hypnotoad.pid
 local/*
 files/*
-templates/data.html.ep
-public/img/rezopole.png
-public/img/rezopole.xcf
-public/packed/*
+stop-upload
+tap.xml
+themes/*
+!themes/default
+!themes/default/*
+themes/default/templates/data.html.ep
+themes/default/templates/raw.html.ep
+themes/default/templates/stats.json.ep
+themes/default/templates/partial/raw.js.ep
+!themes/korrigan
+!themes/korrigan/*
+tmp/*
+.zanata-cache/*
+cover_db/*
+*.passwd
+.ash_history
+.vscode/
+.DS_Store
+.cpanm/

.gitlab-ci.yml

@@ -0,0 +1,154 @@
+image: hatsoftwares/lutim-test-ci:latest
+stages:
+  - create_release
+  - pouet_it
+  - podcheck
+  - carton
+  - carton_bdd
+  - tests
+  - cover
+before_script:
+  - rm -f *.db
+variables:
+  POSTGRES_DB: lutim_db
+  POSTGRES_USER: lutim
+  POSTGRES_PASSWORD: lutim_pwd
+
+### Jobs templates
+##
+#
+.retry: &retry
+  retry: 2
+  except:
+    - tags
+
+.carton_bdd_template: &carton_bdd_definition
+  <<: *retry
+  stage: carton_bdd
+  artifacts:
+    paths:
+      - local/
+  needs:
+    - carton
+
+.test_template: &test_definition
+  <<: *retry
+  stage: tests
+  script:
+    - MOJO_CONFIG=t/$CI_JOB_NAME.conf make test
+    - MOJO_CONFIG=t/$CI_JOB_NAME.conf make watch
+    - MOJO_CONFIG=t/$CI_JOB_NAME.conf make cleanbdd
+    - MOJO_CONFIG=t/$CI_JOB_NAME.conf make cleanfiles
+    - MOJO_CONFIG=t/$CI_JOB_NAME.conf make stats
+    - MOJO_CONFIG=t/$CI_JOB_NAME.conf make test-junit-output
+  artifacts:
+    paths:
+      - tap.xml
+      - cover_db/
+
+.sqlite_template: &sqlite_definition
+  <<: *test_definition
+  needs:
+    - carton_sqlite
+
+.pg_template: &pg_definition
+  <<: *test_definition
+  needs:
+    - carton_postgresql
+  services:
+    - name: postgres:9.6
+      alias: postgres
+
+### Publish tag changelog and create a toot
+##
+#
+include:
+  - 'https://framagit.org/fiat-tux/gitlabci-snippets/-/raw/2aac6c1f3dd725d9aed57549da67a92759f9f9ec/create-release-from-ci.gitlab-ci.yml'
+  - 'https://framagit.org/fiat-tux/gitlabci-snippets/-/raw/41345a919d3c927991782f5fd17e0c7b338a3f3a/pouet-it-from-ci.gitlab-ci.yml'
+
+### Podcheck
+##
+#
+podcheck:
+  <<: *retry
+  stage: podcheck
+  script:
+    - make podcheck
+
+### Install common dependencies
+##
+#
+carton:
+  <<: *retry
+  stage: carton
+  artifacts:
+    paths:
+      - local/
+  dependencies: []
+  script:
+    - cpanm -l local Devel::Cover~1.29
+    - carton install --deployment --without=sqlite --without=postgresql --without=minion --without=cache --without=memcached
+  when: always
+
+### Install DB related dependencies
+##
+#
+carton_sqlite:
+  <<: *carton_bdd_definition
+  script:
+    - carton install --deployment --without=postgresql --without=minion --without=cache --without=memcached
+carton_postgresql:
+  <<: *carton_bdd_definition
+  script:
+    - carton install --deployment --without=sqlite --without=minion --without=cache --without=memcached
+
+### SQLite tests
+##
+#
+sqlite1:
+  <<: *sqlite_definition
+  before_script:
+    - carton install --deployment --without=postgresql --without=minion --without=cache --without=memcached
+sqlite2:
+  <<: *sqlite_definition
+  before_script:
+    - carton install --deployment --without=postgresql --without=cache --without=memcached
+sqlite3:
+  <<: *sqlite_definition
+  services:
+    - name: postgres:9.6
+      alias: postgres
+  before_script:
+    - carton install --deployment --without=cache --without=memcached
+    - export PGPASSWORD=lutim_pwd; echo 'CREATE DATABASE lutim_minion WITH OWNER lutim;' | psql -h postgres -U lutim lutim_db
+
+### PostgreSQL tests
+##
+#
+postgresql1:
+  <<: *pg_definition
+  before_script:
+    - carton install --deployment --without=sqlite --without=minion --without=cache --without=memcached
+postgresql2:
+  <<: *pg_definition
+  before_script:
+    - carton install --deployment --without=cache --without=memcached
+postgresql3:
+  <<: *pg_definition
+  before_script:
+    - carton install --deployment --without=sqlite --without=cache --without=memcached
+    - export PGPASSWORD=lutim_pwd; echo 'CREATE DATABASE lutim_minion WITH OWNER lutim;' | psql -h postgres -U lutim lutim_db
+
+### Code coverage
+##
+#
+cover:
+  stage: cover
+  script:
+    - make cover
+  coverage: '/Total.* (\d+\.\d+)$/'
+  artifacts:
+    reports:
+      junit: tap.xml
+  except:
+    - tags

.provision/README.md

@@ -0,0 +1,7 @@
+## ansible-role-lutim
+
+An ansible role deploy the application on host machine(Ubuntu 20.04)
+
+## terraform-aws-lutim
+
+A terraform plan creates necessary AWS infrastructure and deploy the lutim. This terraform plan uses the `lutim_startup.sh` script to deploy lufi on AWS and also uses above ansible role `ansible-role-lutim` to configure the application on AWS.

.provision/ansible-role-lutim/README.md

@@ -0,0 +1,50 @@
+Ansible-Role-lutim
+=========
+This role installs the and configures lutim on Debian/Ubuntu servers with nginx web server configuration.
+
+Role Variables
+-------------- 
+| Variable name | Value | Description |
+| ------------- | ----- | ----------- |
+| `app_dir` | /var/www/lutim | Set the application directory for the best practice |
+| `lutim_owner` | www-data | Set the application user for the best practice |
+| `lutim_group` | www-data | Set the application group for the best practice |
+| `_contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
+| `_secrets` | ffyg7kbkjba | Secrets option (mandotory), which is array of random string. Used by Mojolicious for encrypting session cookies |
+| `_project_version` | master | We can chose the project version either Master branch, Dev branch or tag based |
+| `_server_name` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations |
+
+Sample example of use in a playbook
+--------------
+
+The following code has been tested with Ubuntu 20.04
+
+```yaml
+ 
+- name: "install lutim"
+  hosts: enter your hosts file
+  become: yes
+  role:
+    - ansible-role-lutim
+  vars:
+    lutim_owner: "www-data"
+    lutim_group: "www-data"
+    contact: "contact.example.com"
+    secrets: "yigavlvlivwe"
+    app_dir: "/var/www/lutim"
+    project_version: "master"
+    servername: "IP address (or) CNAME/FQDN"
+```   
+
+Contributing
+------------
+Don’t hesitate to create a pull request
+
+
+
+
+
+
+
+
+

.provision/ansible-role-lutim/files/cronjob

@@ -0,0 +1,6 @@
+#Path of the script
+PATH=/var/www/lutim
+
+carton exec script/lutim cron cleanbdd --mode production
+carton exec script/lutim cron cleanfiles --mode production
+carton exec script/lutim cron watch --mode production

.provision/ansible-role-lutim/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# handlers file for ansible-role-lutim
+
+- name: restart nginx
+  service: name=nginx state=restarted

.provision/ansible-role-lutim/tasks/apprun.yaml

@@ -0,0 +1,23 @@
+#apprun.yml
+---
+    - name: This command will install the postgress module
+      ansible.builtin.shell:
+        cmd: carton install --deployment --without=test --without=sqlite
+        chdir: "{{ app_dir }}"          
+
+    - name: Upload application config file
+      ansible.builtin.template:
+        src: ../templates/lutim.conf.j2
+        dest: "{{ app_dir }}/lutim.conf"
+
+    - name: App executes
+      ansible.builtin.shell:
+        cmd: carton exec hypnotoad script/lutim
+        chdir: "{{ app_dir }}" 
+
+    - name: Nginx configuration file add
+      ansible.builtin.template:
+        src: ../templates/app.conf
+        dest: /etc/nginx/conf.d/
+        mode: '0644'
+      notify: restart nginx

.provision/ansible-role-lutim/tasks/cronjob.yaml

@@ -0,0 +1,21 @@
+---
+  - name: Copy the cronjob file
+    ansible.builtin.copy:
+      src: ../files/cronjob
+      dest: /etc/cron.d/lutim
+      owner: www-data
+      group: www-data
+
+  - name: "example cronjob"
+    ansible.builtin.cron:
+      name: "cronjob"
+      state: present
+      user: www-data
+      minute: "0"
+      hour: "0"
+      day: "*"
+      month: "*"
+      weekday: "*"
+      job: |
+        carton exec script/lutim cron cleanbdd --mode production; carton exec script/lutim cron cleanfiles --mode production; carton exec script/lutim cron watch --mode production        
+        

.provision/ansible-role-lutim/tasks/dependencies.yaml

@@ -0,0 +1,23 @@
+# dependencies.yaml
+--- 
+ - name: Lutim | Update apt cache
+   ansible.builtin.apt: update_cache=yes 
+   changed_when: no
+ - name: Install Dependencies
+   ansible.builtin.apt:
+     name:
+       - nginx
+       - carton
+       - build-essential
+       - libssl-dev 
+       - libpq-dev
+       - libio-socket-ssl-perl 
+       - zlib1g-dev
+       - libmojo-sqlite-perl
+       - shared-mime-info
+       - perlmagick
+     state: present
+
+
+    
+    

.provision/ansible-role-lutim/tasks/gitclone.yaml

@@ -0,0 +1,18 @@
+#gitclone
+---
+
+- name: clone the repository
+  ansible.builtin.git:
+    repo: 'https://framagit.org/fiat-tux/hat-softwares/lutim.git'
+    dest: "{{ app_dir }}"
+    clone: yes
+    update: yes 
+    version: "{{ project_version }}"
+
+- name: Change the owner 
+  ansible.builtin.file:
+    path: "{{ app_dir }}"
+    owner: "{{ lutim_owner }}"
+    group: "{{ lutim_group }}"
+    state: directory
+    recurse: yes

.provision/ansible-role-lutim/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+# tasks file for ansible-role-lutim
+
+- include: dependencies.yaml
+- include: gitclone.yaml
+- include: apprun.yaml
+- include: cronjob.yaml

.provision/ansible-role-lutim/templates/app.conf

@@ -0,0 +1,43 @@
+server {
+    listen 80;
+    # No need to have a `root` parameter.
+    server_name {{ _server_name }};
+    # This is important for user's privacy !
+    access_log off;
+    error_log /var/log/nginx/lutim.error.log;
+    # This is important ! Make it OK with your Lutim configuration
+    client_max_body_size 40M;
+
+    location ~* ^/(img|css|font|js)/ {
+        try_files $uri @lutim;
+        add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
+        add_header Cache-Control "public, max-age=315360000";
+
+        # HTTPS only header, improves security
+        #add_header Strict-Transport-Security "max-age=15768000";
+    }
+
+    location / {
+        try_files $uri @lutim;
+
+        # HTTPS only header, improves security
+        #add_header Strict-Transport-Security "max-age=15768000";
+    }
+
+    location @lutim {
+        # Adapt this to your configuration
+        proxy_pass http://127.0.0.1:8080;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # If you want to log the remote port of the image senders, you'll need that
+        proxy_set_header X-Remote-Port $remote_port;
+
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
+        proxy_redirect off;
+    }
+}

.provision/ansible-role-lutim/templates/lutim.conf.j2

@@ -0,0 +1,317 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+    ####################
+    # Hypnotoad settings
+    ####################
+    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+    hypnotoad => {
+        # array of IP addresses and ports you want to listen to
+        listen => ['http://127.0.0.1:8080'],
+        # if you use Lutim behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lutim directly, let it commented
+        #proxy  => 1,
+    },
+
+    ################
+    # Lutim settings
+    ################
+
+    # put a way to contact you here and uncomment it
+    # mandatory
+    contact           => '{{ _contact }}',
+
+    # random string used to encrypt cookies
+    # mandatory
+    secrets           => ['{{ _secrets }}'],
+
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    #theme         => 'default',
+
+    # length of the images random URL
+    # optional, default is 8
+    #length            => 8,
+
+    # length of the encryption key
+    # optional, default is 8
+    #crypto_key_length => 8,
+
+    # how many URLs will be provisioned in a batch ?
+    # optional, default is 5
+    #provis_step       => 5,
+
+    # max number of URLs to be provisioned
+    # optional, default is 100
+    #provisioning      => 100,
+
+    # anti-flood protection delay, in seconds
+    # users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds
+    # optional, default is 5
+    #anti_flood_delay  => 5,
+
+    # twitter account which will appear on twitter cards
+    # see https://dev.twitter.com/docs/cards/validation/validator to register your Lutim instance on twitter
+    # optional, no default
+    #tweet_card_via    => '@foo',
+
+    # max image size, in octets
+    # you can write it 10*1024*1024
+    # optional, default is 10485760
+    #max_file_size     => 10485760,
+
+    # if you want to have piwik statistics, provide a piwik image tracker
+    # only the image tracker is allowed, no javascript
+    # optional, no default
+    #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
+
+    # if you want to include something in the right of the screen, put it here
+    # here's an example to put the logo of your hoster
+    # optional, no default
+    #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
+
+    # DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
+    # Lutim now checks if the X-Forwarded-Proto header is present and equal to https.
+    # set to 1 if you use Lutim behind a secure web server
+    # optional, default is 0
+    #https             => 0,
+
+    # broadcast_message which will displayed on all pages of Lutim (but no in json response)
+    # optional, no default
+    #broadcast_message => 'Maintenance',
+
+    # array of authorized domains for API calls.
+    # if you want to authorize everyone to use the API: ['*']
+    # optional, no domains allowed by default
+    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+
+    # default time limit for files
+    # valid values are 0, 1, 7, 30 and 365
+    # optional, default is 0 (no limit)
+    #default_delay     => 0,
+
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
+    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # a warning message will be displayed on homepage
+    # optional, default is 0 (no limit)
+    #max_delay         => 0,
+
+    # if set to 1, all the images will be encrypted and the encryption option will no be displayed
+    # optional, default is 0
+    #always_encrypt    => 0,
+
+    # you can allow to use a watermark on the uploaded images (or enforce its use)
+    # define a path to the watermark image (provide an image with alpha channel)
+    # you can define the path relative to lutim directory or set an absolute path
+    # to disable the usage of a watermark, leave it blank or commented
+    # optional, no default
+    #watermark_path              => '',
+
+    # the watermark can be a tiling one or a single one
+    # when using a small one, you can choose where to place it
+    # valid values are 'Center', 'North', 'NorthEast', 'East', 'SouthEast', 'South', 'SouthWest', 'West' and 'NorthWest' (case insensitive)
+    # optional, default is 'SouthEast'
+    #watermark_placement => 'SouthEast',
+
+    # choose which watermark (tiling, single or none) should be used by default
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_default => 'none',
+
+    # choose which watermark (tiling, single or none) should be enforced (users will always have a watermark and won’t be able to disable it)
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_enforce => 'none',
+
+    # length of the image's delete token
+    # optional, default is 24
+    #token_length      => 24,
+
+    # URL sub-directory in which you want Lutim to be accessible
+    # example: you want to have Lutim under https://example.org/lutim/
+    # => set prefix to '/lutim' or to '/lutim/', it doesn't matter
+    # optional, defaut is /
+    #prefix            => '/',
+
+    # choose what database you want to use
+    # valid choices are sqlite and postgresql (all lowercase)
+    # optional, default is sqlite
+    #dbtype => 'sqlite',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lutim directory or set an absolute path
+    # remember that it has to be in a directory writable by Lutim user
+    # optional, default is lutim.db
+    #db_path           => 'lutim.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    pgdb => {
+        database => 'lutim',
+        host     => 'localhost',
+        user     => 'DBUSER',
+        pwd      => 'DBPASSWORD'
+    },
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    minion => {
+        enabled => 0,
+    #    # Which Minion backend to use?
+    #    # valid values are sqlite and postgresql (all lowercase)
+    #    # mandatory if Minion is enabled, default is sqlite
+    #    dbtype  => 'sqlite',
+    #    # SQLite ONLY - only used if if you choose sqlite as Minion backend, define the path to the minion database
+    #    # you can define it relative to lutim directory or set an absolute path
+    #    # remember that it has to be in a directory writable by Lutim user
+    #    # optional, default is minion.db
+        db_path => 'minion.db',
+    #    # PostgreSQL ONLY - only used if you choose postgresql as Minion backend
+    #    # these are the credentials to access the Minion's PostgreSQL database
+    #    # mandatory if you choosed postgresql as Minion backend, no default
+        pgdb => {
+            database => 'lutim_minion',
+            host     => 'localhost',
+            user     => 'DBUSER',
+            pwd      => 'DBPASSWORD'
+        }
+    },
+
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    #ldap => {
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
+    #},
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lutim.passwd user`, update it with `htpasswd lutim.passwd user2`
+    # make sure that lutim can read the file!
+    # optional, no default
+    #htpasswd => 'lutim.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
+    # define the height of the thumbnails generated at users' will
+    # this is not the height of the thumbnails send after upload,
+    # we're talking about thumbnails generated when someone asked for
+    # https://example.org/lutim/tesrinp?thumb
+    # this works only if you have ImageMagick
+    # optional, default is 100 (pixels)
+    #thumbnail_size => 100,
+
+    # maximum number of files that can be downloaded as a single zip archive
+    # if too many files are asked, it results a timeout, so Lutim split the zip URL
+    # in multiple URLs, each with max_file_size images.
+    # timeout behavior depends heavily on your server ressources (CPU) and if images
+    # are encrypted
+    # optional, default is 15
+    #max_files_in_zip => 15,
+
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lstu
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lstu
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lstu
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lstu
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
+    ##########################
+    # Lutim cron jobs settings
+    ##########################
+
+    # number of days shown in /stats page (used with script/lutim cron stats)
+    # optional, default is 365
+    stats_day_num     => 365,
+
+    # number of days senders' IP addresses are kept in database
+    # after that delay, they will be deleted from database (used with script/lutim cron cleanbdd)
+    # optional, default is 365
+    keep_ip_during    => 365,
+
+    # max size of the files directory, in octets
+    # used by script/lutim cron watch to trigger an action
+    # optional, no default
+    max_total_size    => 10*1024*1024*1024,
+
+    # default action when files directory is over max_total_size (used with script/lutim cron watch)
+    # valid values are 'warn', 'stop-upload' and 'delete'
+    # please, see readme
+    # optional, default is 'warn'
+    #policy_when_full  => 'warn',
+
+    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # optional, no default
+    delete_no_longer_viewed_files => 90
+};

.provision/ansible-role-lutim/vars/main.yml

@@ -0,0 +1,16 @@
+---
+# vars file for ansible-role-lutim
+
+lutim_owner: "www-data"
+
+lutim_group: "www-data"
+
+app_dir: "/var/www/lutim"
+
+_contact: ""
+
+_secrets: ""
+
+_project_version: ""
+
+_servername: ""

.provision/terraform-aws-lutim/README.md

@@ -0,0 +1,92 @@
+# Terraform-AWS-Deploy
+
+ This terraform plan create the resourcess of EC2 instance
+
+## Terraform Variables
+ Edit the `vars.tf` file to add the variables as per your need.
+
+| Variable name | Value | Description |
+| ------------- | ----- | ----------- |
+| `aws_region` | us-east-1 | Set the region  |
+| `vpc_cidr` | 10.0.0.0/16 | Set the cidr value for the vpc |
+| `public_subnet_cidr` | 10.0.2.0/24 | Set the cidr value for the public subnet |
+| `user` | ubuntu | Set the EC2 instance user name |
+| `public_key` | /home/user_name/.ssh/id_rsa_pub | Set the publickey value for the ec2 instance from the host machine |
+| `private_key` | /home/user_name/.ssh/id_rsa | Set the private key value for the ec2 instance from the hostmachine |
+| `aws_access_key` | AWSACCESSKEY | Enter your aws access key |
+| `aws_secrete_key` | AWSSECRETEKEY | Enter your aws secrete key |
+| `instance_name` | lutim_app_instance | Set the name for instance |
+| `app_dir` | /var/www/lutim | Set the application directory for the best practice |
+| `lutim_owner` | www-data | Set the application user for the best practice |
+| `lutim_group` | www-data | Set the application group for the best practice |
+| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
+| `contact_user` | name | Name of the user |
+| `secrets` | ffyg7kbkjba | Secrets option (mandotory), which is array of random string. Used by Mojolicious for encrypting session cookies |
+| `app_dir` | /var/www/lutim | Set the application directory for the best practice |
+| `lutim_owner` | www-data | Set the application user for the best practice |
+| `lutim_group` | www-data | Set the application group for the best practice |
+| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
+| `contact_user` | name | Name of the user |
+| `secrets` | ffyg7kbkjba | Secrets option (mandotory), which is array of random string. Used by Mojolicious for encrypting session cookies |
+
+## Usage of terraform plan with lufi deploy script
+
+```sh 
+git clone https://framagit.org/fiat-tux/hat-softwares/lutim.git
+
+cd lutim/.provision/terraform-aws-lutim
+
+terraform init
+terraform plan
+terraform apply
+```
+## Usage of terraform plan with ansible role
+
+- Comment out the below `locals` and `user_data` source in __main.tf__ file
+
+```hcl
+locals {
+  user_data_vars = {
+    user = var.lutim_owner
+    group = var.lutim_group
+    directory = var.app_dir
+    contact_user = var.contact_user
+    contact_lutim = var.contact
+    secret_lutim = var.secret
+  }
+}
+```
+
+```hcl
+user_data  = templatefile("${path.module}/lutim_startup.sh", local.user_data_vars)
+```
+
+- Add the below provisioner data in __main.tf__ file at the `aws_instance` resource
+
+```sh
+ connection          {
+    agent            = false
+    type             = "ssh"
+    host             = aws_instance.ec2_instance.public_dns 
+    private_key      = "${file(var.private_key)}"
+    user             = "${var.user}"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo apt update -y",
+      "sudo apt install python3.9 -y",
+      ]
+  }
+
+  provisioner "local-exec" {
+    command = <<EOT
+      sleep 120 && \
+      > hosts && \
+      echo "[Lutim]" | tee -a hosts && \
+      echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \
+      export ANSIBLE_HOST_KEY_CHECKING=False && \
+      ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml
+    EOT
+  }
+```  

.provision/terraform-aws-lutim/lutim_startup.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+echo "**********************************************************************"
+echo "                                                                     *"
+echo "Install dependencies                                                 *"
+echo "                                                                     *"
+echo "**********************************************************************"
+
+SUDO=sudo
+$SUDO apt update
+$SUDO apt install jq -y
+$SUDO apt install wget -y
+$SUDO apt install unzip
+$SUDO apt install carton -y
+$SUDO apt install build-essential -y
+$SUDO apt install nginx -y
+$SUDO apt install libssl-dev -y
+$SUDO apt install libio-socket-ssl-perl -y
+$SUDO apt install liblwp-protocol-https-perl -y
+$SUDO apt install zlib1g-dev -y
+$SUDO apt install libmojo-sqlite-perl -y
+$SUDO apt install libpq-dev -y
+
+echo "**********************************************************************"
+echo "                                                                     *"
+echo "Configuring the Application                                          *"
+echo "                                                                     *"
+echo "**********************************************************************"
+
+sleep 10;
+version=$(curl -s https://framagit.org/api/v4/projects/1/releases | jq '.[]' | jq -r '.name' | head -1)
+echo $version
+pushd ${directory} 
+$SUDO wget https://framagit.org/fiat-tux/hat-softwares/lutim/-/archive/$version/lutim-$version.zip
+$SUDO unzip lutim-$version.zip
+$SUDO chown ${user} lutim-$version
+$SUDO chgrp ${group} lutim-$version
+pushd lutim-$version
+
+echo "**********************************************************************"
+echo "                                                                     *"
+echo "Install Carton Packages                                              *"
+echo "                                                                     *"
+echo "**********************************************************************"
+
+$SUDO carton install --deployment --without=test --without=sqlite --without=mysql
+
+sleep 10;
+
+$SUDO cp lutim.conf.template lutim.conf
+
+sed -i 's/127.0.0.1/0.0.0.0/'  lutim.conf
+sed -i 's/#contact/contact/g' lutim.conf
+sed -i "s/John Doe/${contact_user}/g" lutim.conf
+sed -i "s/admin[at]example.com/${contact_lutim}/g" lutim.conf
+sed -i "s/fdjsofjoihrei/${secret_lutim}/g" lutim.conf
+sed -i '153 , 158 s/#/ /g' lutim.conf
+
+echo "**********************************************************************"
+echo "                                                                     *"
+echo "Run the Application                                                  *"
+echo "                                                                     *"
+echo "**********************************************************************"
+
+$SUDO carton exec hypnotoad script/lutim
+

.provision/terraform-aws-lutim/main.tf

@@ -0,0 +1,123 @@
+locals {
+  user_data_vars = {
+    user = var.lutim_owner
+    group = var.lutim_group
+    directory = var.app_dir
+    contact_user = var.contact_user
+    contact_lutim = var.contact
+    secret_lutim = var.secret
+  }
+}
+
+#Create the VPC 
+resource "aws_vpc" "vpc" {
+  cidr_block           = "${var.vpc_cidr}"
+  enable_dns_hostnames = true 
+  enable_dns_support   = true
+  instance_tenancy     = "default"
+  tags                 = {
+      Name             = "lutim-master-vpc"
+  }
+}
+
+# Create InternetGateWay and attach to VPC
+
+resource "aws_internet_gateway" "IGW" {
+  vpc_id           = "${aws_vpc.vpc.id}"
+  tags = {
+    "Name"         = "lutim-master-igw"
+  } 
+}
+
+# Create a public subnet
+
+resource "aws_subnet" "publicsubnet" {
+  vpc_id                  = "${aws_vpc.vpc.id}" 
+  cidr_block              = "${var.public_subnet_cidr}"
+  map_public_ip_on_launch = true
+  tags                    = {
+      Name                = "lutim-master-us-east-1-public"
+  }  
+}
+
+# Create routeTable
+resource "aws_route_table" "publicroute" {
+    vpc_id         = "${aws_vpc.vpc.id}"
+    route {
+        cidr_block = "0.0.0.0/0"
+        gateway_id = "${aws_internet_gateway.IGW.id}"
+    }
+             
+    tags           = {
+      Name         = "lutim-master-us-east-1-public-rt"
+ }
+}
+
+resource "aws_main_route_table_association" "mainRTB" {
+  vpc_id         = "${aws_vpc.vpc.id}"
+  route_table_id = "${aws_route_table.publicroute.id}"
+}
+## Create security group
+resource "aws_security_group" "security" {
+  name             = "lutim-master-sg"  
+  description      = "allow all traffic"
+  vpc_id           = "${aws_vpc.vpc.id}"
+
+  ingress  {
+    description    =  "allow all traffic"
+    from_port      = "0"
+    to_port        = "65535"  
+    protocol       = "tcp"
+    cidr_blocks    = ["0.0.0.0/0"]
+  }
+  ingress  {
+    description    = "allow port SSH"
+    from_port      = "22"
+    to_port        = "22"
+    protocol       = "tcp"
+    cidr_blocks    = ["0.0.0.0/0"]
+  }
+  egress  {
+    from_port      = 0
+    to_port        = 0
+    protocol       = "-1"
+    cidr_blocks    = ["0.0.0.0/0"]
+  }
+  
+}
+
+# Add ubuntu AMI
+data "aws_ami" "ubuntu" {
+  most_recent = true
+  owners = ["099720109477"]
+
+    filter {
+        name   = "name"
+        values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+    }
+}
+
+#Create key_pair for the instance
+
+resource "aws_key_pair" "genkey" {
+  key_name           = "lutim.webapp"
+  public_key         = "${file(var.public_key)}"
+}
+
+# Craete ec2 instance
+resource "aws_instance" "ec2_instance" {
+  ami                = "${data.aws_ami.ubuntu.id}"
+  instance_type      = "t2.medium"
+  associate_public_ip_address = "true"
+  subnet_id          = "${aws_subnet.publicsubnet.id}"
+  vpc_security_group_ids = ["${aws_security_group.security.id}"]
+  user_data          = templatefile("${path.module}/lutim_startup.sh", local.user_data_vars)
+  key_name           = "lutim.webapp"
+  
+  tags               = {
+    Name             = "${var.instance_name}"
+  }
+}
+
+
+

.provision/terraform-aws-lutim/output.tf

@@ -0,0 +1,7 @@
+output "public_ip" {
+  value = "${aws_instance.ec2_instance.public_ip}"
+}
+
+output "App_running_at" {
+  value = "http://${aws_instance.ec2_instance.public_ip}:8080"
+}

.provision/terraform-aws-lutim/provider.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+access_key = "${var.aws_access_key}"
+secret_key = "${var.aws_secret_key}"
+region     = "${var.aws_region}"
+}

.provision/terraform-aws-lutim/vars.tf

@@ -0,0 +1,60 @@
+variable "aws_region" {
+    default = "aws_region"
+}
+variable "vpc_cidr" {
+    default = "cidr_value"
+}
+variable "public_subnet_cidr" {
+    default = "cidr_value"
+}
+variable "public_subnet1_cidr" {
+    default = "cidr_value"
+}
+
+variable "user" {
+    default = "user_of_instance" 
+}
+
+variable "public_key" {
+    default = "$PWD_publickey"
+}
+variable "private_key" {
+    default = "$PWD_privatekey"
+}
+variable "aws_access_key" {
+    default = "aws_access_key"
+}
+
+variable "aws_secret_key" {
+    default = "aws_secrete_key"
+}
+
+variable "instance_name" {
+    default = "instance_name"  
+}
+
+variable "lutim_owner" {
+    default = ""  
+}
+
+variable "lutim_group" {
+    default = ""  
+}
+
+variable "app_dir" {
+    default = ""  
+}
+
+variable "contact_user" {
+  default   = ""
+}
+
+variable "contact" {
+    default = ""  
+}
+
+variable "secret" {
+    default = ""  
+}
+
+

.weblate

@@ -0,0 +1,3 @@
+[weblate]
+url = https://weblate.framasoft.org/api/
+translation = lutim/development

AUTHORS.md

@@ -0,0 +1,21 @@
+# Lutim's authors
+
+## Main developers
+
+* Luc Didry, aka Sky (<http://www.fiat-tux.fr>), core developer, @framasky on [Mastodon](https://framapiaf.org/@framasky) and on [Diaspora*](https://framasphere.org/public/framasky)
+* Dattaz (<http://dattaz.fr>), webapp developer, [@dat_taz](https://twitter.com/dat_taz)
+
+## Contributors
+
+* Jean-Bernard Marcon, aka Goofy (<https://github.com/goofy-bz>)
+* Jean-Christophe Bach (<https://github.com/jcb>)
+* Florian Bigard, aka Chocobozzz (<https://github.com/Chocobozzz>)
+* Sandro Cazzaniga, aka Kharec (<http://sandrocazzaniga.fr>), [@Kharec](https://twitter.com/Kharec)
+* Laura Arjona Reina (<https://wiki.debian.org/LauraArjona>), spanish translation
+* Thor77 (<http://thor77.org>), german translation, among other things
+* Quentin Pagès, occitan translation
+* Alexis Clairet (<https://github.com/Turboconnard>), paste image to upload ability
+* ButterflyOfFire (<https://mastodon.tetaneutral.net/@BoF>), arabic translation
+* Alexander Sapozhnikov (<http://shoorick.ru>), russian translation
+* Arnaud de Mouhy, Docker support
+* Armando Lüscher (<https://noplanman.ch/>)

CHANGELOG

@@ -0,0 +1,261 @@
+Revision history for Lutim
+
+0.18.0 ????-??-??
+
+0.17.0 2023-12-30
+	- 🐛 — AVIF format support (#139)
+	- ✨ — Allow to configure the directory where to store the images (#125)
+	- ✨ — Ask for confirmation before deleting image on index page (#92)
+	- ✨ — Mass delete button in "My images" page (#47)
+	- ♿ — Improve accessibility on index page
+
+0.16.0 2023-12-29
+	- ⬆️ Update jQuery
+	- 💥 BREAKING CHANGE: no more twitter cards
+	- 🎨 — Use template literals in js
+	- 🐛 — Gallery, zip and random URLs are now updated when closing image dialog box
+	— ➖ — Replace moment.js with Date().toLocaleDateString(…)
+	- 🩹 — Replace old URL of the project
+
+0.15.0 2023-12-19
+	- ✨ — Add --nuke option to image command
+
+0.14.0 2023-12-18
+	- ⬆️ Update dependencies
+	- 💥 BREAKING CHANGE: Use `?_format=json` instead of `?format=json`
+	- 💥 BREAKING CHANGE: Use `?_format=json` instead of terminating the URL with `.json`
+
+0.13.0 2023-04-26
+	- 💄 — Add Korrigan theme (Nicolas Frandeboeuf)
+	- 🔥 — Remove zanata stuff
+	- ✨ — Add a config flag to disable API (@b_b)
+	- 🌐 — Update translations
+
+0.12.1 2020-10-08
+	- ⬆️ Update jQuery
+
+0.12.0 2020-04-17
+	- Add watermarking feature (#112)
+
+0.11.6 2019-11-16
+	- Remove the "Support the author" dropdown
+	- Add a "select all" checkbox on /myfiles (#105)
+	- Update arabic translation
+	- Group button links fixed to make the whole button a link (Armando Lüscher)
+	- Docker support (Arnaud de Mouhy)
+	- Bump toastify-js to version 1.4.0 (Armando Lüscher)
+
+0.11.5 2019-04-19
+	- Revert catching Image::Magick problems
+	- In gallery, use JS to find image's width and height if not provided by image's infos
+
+0.11.4 2018-11-18
+	- Catch Image::Magick problems
+	- Update arabic translation
+	- Add italian translation
+
+0.11.3 2018-07-31
+	- Fix gallery bug
+
+0.11.2 2018-07-31
+	- Fix stats graph if no upload happens in the time range
+
+0.11.1 2018-07-30
+	- Add upload_enabled info to server infos endpoint
+	- Add log message when failing to render an image
+
+0.11.0 2018-07-29
+	- Allow to install only needed deps
+	- Notification when copying to clipboard or deleting images
+	- Allow to use memcached as cache system
+	- Use Mojolicious::Plugin::Chi
+	- Gzip static assets with Mojolicious::Plugin::GzipStatic
+	- Fix scroll-to-top when clicking on delete image
+	- Add CSP header
+	- Add X-Content-Type-Options, X-XSS-Protection, X-Frame-Options headers
+	- Remove @framasky as default tweet_card_via setting
+	- Add a message saying how many images there is in the gallery
+	- Use ISO::639_1 for languages' native names
+	- Add CLI command to print informations about images
+	- Add CLI command to remove images
+	- Add CLI command to search images based on the uploader's IP address
+	- Add .zip file check in the tests
+	- Fix stats files place when using non-default theme
+	- Allow to use a fixed domain
+	- Add localStorage export and import feature
+	- Add link to generate random file in collection
+	- Add modal to modify expiration delay from "myfiles" page
+	- Add optional authentication (LDAP or htpasswd file)
+
+0.10.4 2018-05-07
+	- Fix bug in cache system that would allow someone to view an image with an incorrect decryption key
+
+0.10.3 2018-04-26
+	- Fix another bug on zip file creation
+
+0.10.2 2018-04-24
+	- Fix bug on zip file creation
+
+0.10.1 2018-04-15
+	- Fix bug on theme creation (#73)
+
+0.10.0 2018-04-07
+	- PostgreSQL performance improvments
+	- Move some tasks to recurring instead of being in after_dispatch hook
+	- Built-in image cache system \o/
+	- Disable logs option
+	- Disable images' counter option
+
+0.9.6  2018-03-12
+	- Update translations
+
+0.9.5  2018-03-11
+	- Add russian translation, thanks to Alexander Sapozhnikov
+
+0.9.4  2018-03-11
+	- Replace Twitter account URL with Mastodon one
+
+0.9.3  2018-03-11
+	- Use woff2 format for HennyPenny font
+
+0.9.2  2018-03-09
+	- Fix langage drop-down
+	- Allow to use HTML in broadcast message
+	- Remove old targets from Makefile
+
+0.9.1  2018-03-09
+	- Fix default setting bug (db_path)
+
+0.9.0  2018-03-09
+	- Added partial arabic translation (thx to ButterflyOfFire)
+	- Default theme is now non-fluid (ie don't take all the width of the screen)
+	- Use Photoswipe for the gallery instead of Unite gallery
+	- Use Zanata for translations (https://trad.framasoft.org)
+	- Add an option to personnalize proposed retention delays
+	- Use random Initialization Vector for encryption
+	- Use Mojo::SQLite instead of ORLite
+	- Fix various bugs
+
+0.8.8  2018-02-07
+	- Fix security issues, thanks to SecuNinja
+
+0.8.7  2017-12-22
+	- Fix bug if dbtype not configured in lutim.conf
+
+0.8.6  2017-11-18
+	- Fix bug resulting in no EXIF tags deletion
+
+0.8.5  2017-07-09
+	- Fix Henny Penny font path in css
+
+0.8.4  2017-06-24
+	- Mitigate a bug using the same empty record twice
+
+0.8.3  2017-06-15
+	- Fix the donuts charts in the /stats page.
+
+0.8.2  2017-06-14
+	- Enforce Mojolicious::Plugin::AssetPack version
+
+0.8.1  2017-06-13
+	- Fix #46
+
+0.8  2017-06-13
+	- Improve statistics page
+	- Add database abstraction layer (#42)
+	- Add PostgreSQL support (#42)
+	- Asks for Mojolicious 7.31 minimum (to install it: `carton update`)
+	- Add Liberapay and Tipeee buttons
+	- Remove Flattr button
+	- Handle MOJO_CONFIG env variable (#44)
+	- Fix bug #39
+	- Add gallery constructor to "my files" list (#33)
+	- Handle too much images in zip download URL (#27)
+	- LocalStorage is now updated if an image's delay is modified
+	- Allow user to paste image from clipboard to upload images (#14 and !5)
+	- Fix #40
+	- Add stats in JSON format (GET /stats.json)
+	- Add Cache-control headers for static files
+	- Put almost all js/css stuff outside templates
+	- Allow to use Minion to increment counter (#43)
+
+0.7.1  2016-06-21
+	- Fix dependency bug
+
+0.7  2016-06-21
+	- Use .po files for internationalization
+	- Add spanish translation (thx to Laura Arjona Reina)
+	- Allow Lutim to be on a sub-directory (like http://example.org/lutim/) (#46 and #57)
+	- Remove deprecated (due to typo) option "provisionning".
+	- Allow to upload svg images (no thumbnail for now, ImageMagick in Debian Jessie don't work with svg) (#47)
+	- Allow to change location of the database (#48)
+	- Autorotate images
+	- Purge images from their EXIF tags (for more privacy)
+	- Provide markdown syntax at upload for using lutim's hosted images
+	- Now using a wiki: makes README lighter (https://framagit.org/luc/lutim/wikis/home)
+	- Update twitter bootstrap
+	- Add "Copy to clipboard" buttons to each link
+	- Add "Copy all links" button
+	- Add file extension to view link
+	- Add list of user's images in localStorage and a page to list the user's images
+	- Use cryptographically secure random generator
+	- Allow to set the encryption length in lutim.conf
+	- Add the possibility of displaying images in a gallery
+	- Add the possibility to download a zip file
+	- bugfixes
+
+0.6  2014-10-03
+	- Add OpenGraph tags in social page (ex-twitter page)
+	- Update README.md
+	- Update info page
+
+0.5  2014-09-24
+	- Add support for animated gif in Twitter cards (#45)
+	- Update README.md with Twitter integration informations
+	- bugfixes
+
+0.4  2014-07-12
+	- Webapp ! Downloadable directly from the Lutim instance
+	- Configure expiration delay after uploading (#12)
+	- Twitter share button in the "upload success" message (#35)
+
+0.3  2014-06-01
+	- Add a delete link to images (#28)
+	- Concatenated css and js with Mojolicious::Plugin::AssetPack
+	- Antiflood protection for the "Download by URL" feature (#29)
+	- Stats page improved
+	- Self-documented configuration template
+	- Remote port detection can now use the X-Remote-Port header if set
+	- Lutim now uses the X-Forwarded-Proto header to set the scheme to https if needed
+	  The "https" option in configuration file is deprecated and will be removed in 0.4
+	- Optionally delete images that are no longer viewed after a configurable delay in order to avoid saturation (#27)
+	- Provide init script
+	- Update Shutter plugin
+	- Small bugfixes
+
+0.2  2014-03-07
+	- Server-side encryption available
+	- Thumbnails of uploaded images in response
+	- Bugfixes
+	- HTML validity
+	- Stats (via cron stats command)
+	- Anonymize IP in DB after a delay (via cron cleanbdd command)
+	- Watch files directory size (via cron watch command)
+	- Anonymize logs (log only the senders' IP address)
+	- Favicon and logo
+	- Better MIME type detection
+	- Broadcast message on all pages available
+	- File max size configurable
+	- Progress bar
+	- More options for suppression delay
+	- Updated documentation
+	- Cross-domain API
+	- Upload by image URL
+	- Add HTTP headers Expires and Content-Cache
+
+0.1  2014-02-15
+	- Image viewing link
+	- Image downloading link
+	- Image twitter card link
+	- Shutter Plugin
+	- Configurable "Hosted by" information

CONTRIBUTING.md

@@ -0,0 +1,3 @@
+# Contributing
+
+See how to contribute on the [wiki](https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/contribute).

Changes

@@ -1,57 +0,0 @@
-Revision history for Lutim
-
-0.6  2014-10-03
-	- Add OpenGraph tags in social page (ex-twitter page)
-	- Update README.md
-	- Update info page
-
-0.5  2014-09-24
-	- Add support for animated gif in Twitter cards (#45)
-	- Update README.md with Twitter integration informations
-	- bugfixes
-
-0.4  2014-07-12
-	- Webapp ! Downloadable directly from the Lutim instance
-	- Configure expiration delay after uploading (#12)
-	- Twitter share button in the "upload success" message (#35)
-
-0.3  2014-06-01
-	- Add a delete link to images (#28)
-	- Concatenated css and js with Mojolicious::Plugin::AssetPack
-	- Antiflood protection for the "Download by URL" feature (#29)
-	- Stats page improved
-	- Self-documented configuration template
-	- Remote port detection can now use the X-Remote-Port header if set
-	- Lutim now uses the X-Forwarded-Proto header to set the scheme to https if needed
-	  The "https" option in configuration file is deprecated and will be removed in 0.4
-	- Optionally delete images that are no longer viewed after a configurable delay in order to avoid saturation (#27)
-	- Provide init script
-	- Update Shutter plugin
-	- Small bugfixes
-
-0.2  2014-03-07
-	- Server-side encryption available
-	- Thumbnails of uploaded images in response
-	- Bugfixes
-	- HTML validity
-	- Stats (via cron stats command)
-	- Anonymize IP in DB after a delay (via cron cleanbdd command)
-	- Watch files directory size (via cron watch command)
-	- Anonymize logs (log only the senders' IP address)
-	- Favicon and logo
-	- Better MIME type detection
-	- Broadcast message on all pages available
-	- File max size configurable
-	- Progress bar
-	- More options for suppression delay
-	- Updated documentation
-	- Cross-domain API
-	- Upload by image URL
-	- Add HTTP headers Expires and Content-Cache
-
-0.1  2014-02-15
-	- Image viewing link
-	- Image downloading link
-	- Image twitter card link
-	- Shutter Plugin
-	- Configurable "Hosted by" information

Dockerfile

@@ -0,0 +1,48 @@
+FROM alpine:3.15
+
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="Lets Upload That Image" \
+      org.label-schema.url="https://lutim.fiat-tux.fr/" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vcs-url="https://framagit.org/fiat-tux/hat-softwares/lutim" \
+      org.label-schema.vendor="Luc Didry" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.schema-version="1.0"
+
+RUN adduser -D lutim \
+ && addgroup lutim root
+
+COPY . /home/lutim
+RUN chmod -R g+rwX /home/lutim
+
+WORKDIR /home/lutim
+RUN apk --no-cache add perl~=5 \
+                       libpq~=14 \
+                       perl-crypt-rijndael~=1 \
+                       perl-io-socket-ssl~=2 \
+                       perl-net-ssleay~=1 \
+                       su-exec~=0.2 \
+                       shared-mime-info~=2 \
+                       libretls~=3 \
+                       imagemagick~=7 \
+                       imagemagick-perlmagick~=7 \
+                       bash~=~5 \
+ && apk --no-cache add --virtual .build-deps build-base~=0.5 \
+                                             perl-utils~=5 \
+                                             perl-dev~=5 \
+                                             postgresql14-dev~=14 \
+                                             vim~=8 \
+                                             wget~=1 \
+                                             zlib-dev~=1 \
+ && cpan notest Carton Config::FromHash \
+ && carton install --without test \
+ && apk del .build-deps \
+ && rm -rf /var/cache/apk/* /root/.cpan*
+
+USER lutim
+EXPOSE 8080
+
+ENTRYPOINT ["/bin/sh", "/home/lutim/docker/entrypoint.sh"]

Makefile

@@ -0,0 +1,70 @@
+EXTRACTDIR=-D lib -D themes/default/templates
+POT=themes/default/lib/Lutim/I18N/lutim.pot
+ENPO=themes/default/lib/Lutim/I18N/en.po
+XGETTEXT=carton exec local/bin/xgettext.pl -u
+CARTON=carton exec
+LUTIM=script/lutim
+REAL_LUTIM=script/application
+HARNESS_PERL_SWITCHES=-MDevel::Cover=+ignore,local
+HEAD := $(shell git rev-parse --abbrev-ref HEAD)
+
+minify:
+	@echo "CSS concatenation"
+	@cd ./themes/default/public/css/ && cat bootstrap.min.css fontello.css hennypenny.css lutim.css toastify.css | csso > common.min.css
+	@cd ./themes/default/public/css/ && cat animation.css uploader.css markdown.css                              | csso > not_stats.min.css
+	@cd ./themes/default/public/css/ && cat photoswipe.css default-skin/default-skin.css                         | csso > gallery.min.css
+
+locales:
+	$(XGETTEXT) $(EXTRACTDIR) -o $(POT) 2>/dev/null
+	$(XGETTEXT) $(EXTRACTDIR) -o $(ENPO) 2>/dev/null
+
+podcheck:
+	podchecker lib/Lutim/DB/Image.pm
+
+check-syntax:
+	find lib/ themes/ -name \*.pm -exec $(CARTON) perl -Ilib -c {} \;
+	find t/ -name \*.t -exec $(CARTON) perl -Ilib -c {} \;
+
+cover:
+	PERL5OPT='-Ilib' $(CARTON) cover --ignore_re '^local'
+
+test:
+	@PERL5OPT='-Ilib/' HARNESS_PERL_SWITCHES='$(HARNESS_PERL_SWITCHES)' $(CARTON) -- prove -l --failures
+
+test-junit-output:
+	@PERL5OPT='-Ilib/' HARNESS_PERL_SWITCHES='$(HARNESS_PERL_SWITCHES)' $(CARTON) -- prove -l --failures --formatter TAP::Formatter::JUnit > tap.xml
+
+full-test: podcheck just-test
+
+clean:
+	rm -rf lutim.db files/
+
+dev: minify
+	$(CARTON) morbo $(LUTIM) --listen http://0.0.0.0:3000 --watch lib/ --watch script/ --watch themes/ --watch lutim.conf
+
+devlog:
+	multitail log/development.log
+
+prod:
+	$(CARTON) hypnotoad -f $(LUTIM)
+
+prodlog:
+	multitail log/production.log
+
+minion:
+	$(CARTON) $(REAL_LUTIM) minion worker
+
+create-pg-test-db:
+	 sudo -u postgres psql -f t/create-pg-testdb.sql
+
+stats:
+	$(CARTON) $(LUTIM) cron stats -m production
+
+watch:
+	$(CARTON) $(LUTIM) cron watch -m production
+
+cleanfiles:
+	$(CARTON) $(LUTIM) cron cleanfiles -m production
+
+cleanbdd:
+	$(CARTON) $(LUTIM) cron cleanbdd -m production

README.md

@@ -4,302 +4,68 @@
 It means Let's Upload That Image.
 
 ## What does it do?
-It stores images and allows you to see them, download them or share them on social networks. From version 0.5, the gif images can be displayed as animated gifs in Twitter, but you need a HTTPS server (Twitter requires that. Lutim detects if you have a HTTPS server and displays an static image twitter card if you don't);
+It stores images and allows you to see them, download them or share them on social networks.
 
-Images are indefinitly stored unless you request that they will be deleted at first view or after 24 hours / one week / one month / one year.
+Images are indefinitely stored unless you request that they will be deleted at first view or after 24 hours / one week / one month / one year.
 
 ## License
 Lutim is licensed under the terms of the AGPL. See the LICENSE file.
 
-## Official instance
-You can see it working at https://lut.im.
-
 ## Logo
 Lutim's logo is an adaptation of [Lutin](http://commons.wikimedia.org/wiki/File:Lutin_by_godo.jpg) by [Godo](http://godoillustrateur.wordpress.com/), licensed under the terms of the CC-BY-SA 3.0 license.
 
-![Lutim's logo](https://lut.im/img/Lutim_small.png)
+![Lutim's logo](https://lutim.fiat-tux.fr/img/Lutim_small.png)
 
-## Dependencies
-* Carton : Perl dependencies manager, it will get what you need, so don't bother for Perl modules dependencies (but you can read the file `cpanfile` if you want).
+## Wiki
 
-```shell
-sudo cpan Carton
-```
-
-or
-
-```shell
-sudo apt-get install carton
-```
-
-* But, on another hand, some modules that Carton will install need to be compiled. So you will need some tools:
-
-```shell
-sudo apt-get install build-essential
-```
-
-### Thumbnails and animated gifs in Twitter dependancy
-If you want to provide thumbnails of uploaded images or have animated gifs in Twitter, you have to install the *ImageMagick* image manipulation software (<http://www.imagemagick.org/>) and the Image::Magick CPAN module.
-
-On Debian, you can do:
-```shell
-sudo apt-get install perlmagick
-```
-
-## Twitter integration
-If you want to share images of your Lutim instance on Twitter, you have to register your site at <https://cards-dev.twitter.com/validator>.
-
-## Other social networks integration
-It seems that you only need to put the Lutim' social page link (the one with `?t`) in your post and it will be automatically embedded.
-
-## Installation
-After installing Carton :
-```shell
-git clone https://git.framasoft.org/luc/lutim.git
-cd lutim
-carton install
-cp lutim.conf.template lutim.conf
-vi lutim.conf
-```
-
-## Configuration
-The `lutim.conf.template` is self-documented but here is the options that you can set:
-
-* **hypnotoad :** address and port to listen to, user and group which runs hypnotoad (if you run Lutim with a different user from what is defined here, be sure that the user which launchs hypnotoad is able to setuid/setgid to the defined user/group, otherwise it will not work and you'll have 100% CPU consumption. Launch hypnotoad with the root user or with the user which is defined here);
-* **contact :**  write something which make people able to contact you (contact form URL, email address, whatever);
-* **secrets :**  an array of random string. Used by Mojolicious for encrypting session cookies.
-* **piwik_img :**  the Piwik image provides you records of visits without javascript (better privacy than js and cookies);
-* **length :**  length of the random string part of image's URL (default is 8);
-* **provis_step :**  Lutim provisions random strings for image's URL per pack of `provis_step` (default is 5);
-* **provisioning :**  number of random strings to provision (default is 100);
-* **hosted_by :**  if someone hosts your Lutim instance, you can add some HTML (a logo for example) to make it appear on index page;
-* **tweet_card_via :**  a Twitter account which will appear on Twitter cards;
-* **max_file_size :**  well, this is explicit (default is 10Mio = 10485760 octets);
-* **https :**  1 if you want to provide secure images URLs (default is 0) DEPRECATED, PASS A `X-Forwarded-Proto` HEADER TO LUTIM FROM YOUR REVERSE PROXY INSTEAD;
-* **token_length :**  length of the secret token used to allow people to delete their images when they want;
-* **stats_day_num :**  when you generate statistics with `script/lutim cron stats`, you will have stats for the last `stats_day_num` days (default is 365);
-* **keep_ip_during :**  when you delete IP addresses of image's senders with `script/lutim cron cleanbdd`, the IP addresses of images older than `keep_ip_during` days will be deleted (default is 365);
-* **broadcast_message :**  put some string (not HTML) here and this message will be displayed on all Lutim pages (not in JSON responses);
-* **allowed_domains :**  array of authorized domains for API calls. Example: `['http://1.example.com', 'http://2.example.com']`. If you want to authorize everyone to use the API: `['\*']`.
-* **default_delay :**  what is the default time limit for files? Valid values are 0, 1, 7, 30 and 365;
-* **max_delay :**  if defined, the images will be deleted after that delay (in days), even if they were uploaded with "no delay" (or value superior to max_delay) option and a warning message will be displayed on homepage;
-* **always_encrypt :**  if set to 1, all images will be encrypted.
-* **delete_no_longer_viewed_files :**  if set, the images which have not been viewed since `delete_no_longer_viewed_files` days will be deleted by the `script/lutim cron cleanfiles` command
-
-## Usage
-
-### Starting Lutim from Command line
-```
-carton exec hypnotoad script/lutim
-```
-
-### Starting Lutim with the init script
-```
-cp utilities/lutim.init /etc/init.d/lutim
-cp utilities/lutim.default /etc/default/lutim
-chmod +x /etc/init.d/lutim
-chown root:root /etc/init.d/lutim /etc/default/lutim
-vim /etc/default/lutim
-
-/etc/init.d/lutim start
-```
-
-## Update
-```
-git pull
-carton install
-carton exec hypnotoad script/lutim
-```
-
-Yup, that's all (Mojolicious magic), it will listen at "http://127.0.0.1:8080".
-
-For more options (interfaces, user, etc.), change the configuration in `lutim.conf` (have a look at http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad#SETTINGS for the available options).
-
-***Warning!!!***
-
-If you want to update to Lutim **0.3**, from a previous version, you'll have to modify the database.
+The official wiki contains all you need to know about Lutim (installation, API, etc.). Go to <https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/home> or clone it:
 
 ```
-sqlite3 lutim.db
-PRAGMA writable_schema = 1;
-UPDATE SQLITE_MASTER SET SQL = 'CREATE TABLE lutim ( short TEXT PRIMARY KEY, path TEXT, footprint TEXT, enabled INTEGER, mediatype TEXT, filename TEXT, counter INTEGER, delete_at_first_view INTEGER, delete_at_day INTEGER, created_at INTEGER, created_by TEXT, last_access_at INTEGER, mod_token TEXT)' WHERE NAME = 'lutim';
-PRAGMA writable_schema = 0;
+git clone https://framagit.org/fiat-tux/hat-softwares/lutim.wiki.git
 ```
 
-***Warning!!!***
-
-If you want to update to Lutim **0.5**, from a previous version, you'll have to modify the database.
-
-```
-sqlite3 lutim.db
-PRAGMA writable_schema = 1;
-UPDATE SQLITE_MASTER SET SQL = 'CREATE TABLE lutim ( short TEXT PRIMARY KEY, path TEXT, footprint TEXT, enabled INTEGER, mediatype TEXT, filename TEXT, counter INTEGER, delete_at_first_view INTEGER, delete_at_day INTEGER, created_at INTEGER, created_by TEXT, last_access_at INTEGER, mod_token TEXT, width INTEGER, height INTEGER)' WHERE NAME = 'lutim';
-PRAGMA writable_schema = 0;
-```
-
-## Reverse proxy
-You can use a reverse proxy like Nginx or Varnish (or Apache with the mod_proxy module). The web is full of tutos.
-
-Here's a valid *Nginx* configuration:
-```
-server {
-    listen 80;
-    root /path/to/lutim/public;
-
-    # This is important for user's privacy !
-    access_log off;
-    error_log /var/log/nginx/lutim.error.log;
-
-    # This is important ! Make it OK with your Lutim configuration
-    client_max_body_size 40M;
-
-    location ~* ^/(img|css|font|js)/ {
-        try_files $uri @lutim;
-        add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
-        add_header Cache-Control "public, max-age=315360000";
-
-        # HTTPS only header, improves security
-        #add_header Strict-Transport-Security "max-age=15768000";
-    }
-
-    location / {
-        try_files $uri @lutim;
-
-        # HTTPS only header, improves security
-        #add_header Strict-Transport-Security "max-age=15768000";
-    }
-
-    location @lutim {
-        # Adapt this to your configuration
-        # My advice: put a varnish between nginx and Lutim, it's really useful when images are widely viewed
-        proxy_pass  http://127.0.0.1:8080;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        # If you want to log the remote port of the image senders, you'll need that
-        proxy_set_header X-Remote-Port $remote_port;
-
-        # Lutim reads this header and understands that the current session is actually HTTPS.
-        # Enable it if you run a HTTPS server (in this case, don't forgot to change the listen port above)
-        #proxy_set_header X-Forwarded-Proto https;
-
-        # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
-        proxy_redirect     off;
-    }
-}
-```
-
-## Cron jobs
-Lutim have commands which can be used in cron jobs.
-
-To see what commands are available:
-```shell
-carton exec script/lutim cron
-```
-
-### Statistics
-To generate statistics which can be viewed at the address `/stats` (we need to reload hypnotoad after the stats generation):
-```shell
-carton exec script/lutim cron stats && carton exec hypnotoad script/lutim
-```
-
-### Delete IP adresses from database
-To automatically delete the IP addresses of image's senders after a configurable delay:
-```shell
-carton exec script/lutim cron cleanbdd
-```
-
-### Delete expired files
-To automatically delete files which availability delay is over (when you choose that your image will be deleted after 24h / one week / etc.)
-If `delete_no_longer_viewed_files`, the files not viewed since `delete_no_longer_viewed_files` days will be deleted too.
-```shell
-carton exec script/lutim cron cleanfiles
-```
-
-### Watch the size of the files directory
-To execute an action when the files directory is heavier than `max_total_size`.
-The available actions are `warn` and `stop-upload`:
-* `warn` prints a message on the standard out (which is normally mailed to you by `cron`) ;
-* `stop-upload` prints a message on the standard out and creates the `stop-upload` file which prevents uploading and put a warn on Lutim interface ;
-* **DANGEROUS OPTION!!!** `delete` prints a message on the standard out and delete older images until the files directory goes under quota.
-
-If the files directory go under quota, the `stop-upload` file is deleted. If you want to manually prevents uploading, create a file named `stop-upload.manual`.
-
-```shell
-carton exec script/lutim cron watch
-```
-
-## Broadcast message
-Set a string in the `broadcast_message` option of `lutim.conf` and reload the server with:
-```shell
-carton exec hypnotoad script/lutim
-```
-
-It may take a few reloads of page before the message is displayed.
-
 ## Encryption
+
 Lutim does encryption on the server if asked to, but does not store the key.
 
-The encryption is made on the server since Lutim is made to be usable even without javascript. If you want to add client-side encryption for javascript-enabled browsers, patches are welcome.
-
-## API
-You can add images by using the API. Here's the parameters of the `POST` request to `/` adress:.
-* format: json
-    MANDATORY if you want to get a json response, otherwise it will send a web page
-* file: the image file
-    MANDATORY
-* delete-day: number of days you want the image to stay
-    OPTIONAL if 0, it will be available undefinitely
-* first-view: 1
-    OPTIONAL if not 0, the image will be deleted at first view
-
-
-Exemple with curl:
-```shell
-curl -F "format=json" -F "file=@/tmp/snap0001.jpg" http://lut.im
-```
-
-You can allow people to use your instance of Lutim from other domains.
-Add the allowed domains as an array in the `allowed_domains` conf option. Put '`[\*]`' if you want to allow all domains.
-
-## Shutter integration
-See where Shutter (<http://en.wikipedia.org/wiki/Shutter_%28software%29>) keeps its plugins on your computer.
-On my computer, it's in `/usr/share/shutter/resources/system/upload_plugins/upload`.
-
-Then:
-```
-sudo cp utilities/Shutter.pm /usr/share/shutter/resources/system/upload_plugins/upload/Lutim.pm
-```
-
-And restart Shutter if it was running.
-
-Of course, this plugin is configured for the official instance of Lutim (<http://lut.im>), feel free to edit it for your own instance.
+The encryption is done on the server since Lutim is made to be usable even without javascript. If you want to add client-side encryption for javascript-enabled browsers, patches are welcome.
 
 ## Internationalization
-Lutim comes with English and French languages. It will choose the language to display from the browser's settings.
 
-If you want to add more languages, for example German:
-```shell
-cd lib/Lutim/I18N
-cp en.pm de.pm
-vim de.pm
-```
+Lutim comes with English, French and Spanish languages. It will choose the language to display from the browser's settings.
 
-There's just a few sentences, so it will be quick to translate. Please consider to send me you language file in order to help the other users :smile:.
+## Authors
 
-## Others projects dependancies
-Lutim is written in Perl with the [Mojolicious](http://mojolicio.us) framework, uses the [Twitter bootstrap](http://getbootstrap.com) framework to look not too ugly, [JQuery](http://jquery.com) and [JQuery File Uploader](https://github.com/danielm/uploader/) (slightly modified) to add some modernity, [Raphaël](http://raphaeljs.com/) and [morris.js](http://www.oesmith.co.uk/morris.js/) for stats graphs and [freezeframe.js](http://freezeframe.chrisantonellis.com/) (slightly modified) to be able to freeze animated gifs in twitter card.
+See [AUTHORS.md](AUTHORS.md) file.
 
-Licenses for the icons fonts are in `public/font/LICENSE.txt`.
+## Contribute!
 
-## Main developers
-* Luc Didry, aka Sky (<http://www.fiat-tux.fr>), core developer, @framasky on [Twitter](https://twitter.com/framasky) and on [Diaspora*](https://framasphere.org/public/framasky)
-* Dattaz (<http://dattaz.fr>), webapp developer, [@dat_taz](https://twitter.com/dat_taz)
+Please consider contributing, either by [reporting issues](https://framagit.org/fiat-tux/hat-softwares/lutim/issues) or by helping the [internationalization](https://weblate.framasoft.org/projects/lutim/). And of course, code contribution are welcome!
 
-## Contributors
-* Jean-Bernard Marcon, aka Goofy (<https://github.com/goofy-bz>)
-* Jean-Christophe Bach (<https://github.com/jcb>)
-* Florian Bigard, aka Chocobozzz (<https://github.com/Chocobozzz>)
-* Sandro CAZZANIGA, aka Kharec (<http://sandrocazzaniga.fr>), [@Kharec](https://twitter.com/Kharec)
+The details on how to contribute are on the [wiki](https://framagit.org/fiat-tux/hat-softwares/lutim/wikis/contribute).
+
+## Make a donation
+
+You can make a donation to the author on [Tipeee](https://www.tipeee.com/fiat-tux) or on [Liberapay](https://liberapay.com/sky/).
+
+## Others projects dependencies
+
+Lutim is written in Perl with the [Mojolicious](http://mojolicio.us) framework.
+
+It uses:
+
+* [Twitter bootstrap](http://getbootstrap.com) framework to look not too ugly
+* [JQuery](http://jquery.com) and [JQuery File Uploader](https://github.com/danielm/uploader/) (slightly modified) to add some modernity
+* [Raphaël](http://raphaeljs.com/) and [morris.js](https://morrisjs.github.io/morris.js/) for stats graphs
+* [freezeframe.js](http://freezeframe.chrisantonellis.com/) (slightly modified) to be able to freeze animated gifs in twitter card
+* [Moment.js](http://momentjs.com/) for displaying real dates instead of unix timestamps.
+* [Fontello](http://fontello.com/) and the [markdown font](https://github.com/dcurtis/markdown-mark/) for the icons, licenses for the fontello icons fonts are in `public/font/LICENSE.txt`
+* [Henny Penny](https://www.google.com/fonts/specimen/Henny+Penny) font designed by Olga Umpeleva for [Brownfox](http://brownfox.org)
+* [PhotoSwipe](http://photoswipe.com/) for the gallery
+* [JSZip](https://stuk.github.io/jszip/) for generating a zip containing all the images in the gallery
+* [FileSaver.js](https://github.com/eligrey/FileSaver.js/) for saving the zip
+* [Toastify JS](https://apvarun.github.io/toastify-js/) for notifications
+
+## Deploy lutim
+
+An ansible role and a terraform plan reside under the `.provision` directory. An user could utilize the terraform plan if they chose to deploy lutim on AWS, if that's not the goal, they could simply execute the ansible role in part. Usage docs for both are present in their respective directories.

cpanfile

@@ -1,15 +1,60 @@
-requires 'Mojolicious';
+requires 'Mojolicious', '>= 7.31';
 requires 'EV';
+requires 'IO::Socket::SSL';
+requires 'Net::SSLeay', '>= 1.81';
 requires 'Data::Validate::URI';
+requires 'Net::Domain::TLD', '>= 1.75'; # Must have the last version to handle (at least) .xyz and .link
 requires 'Mojolicious::Plugin::I18N';
-requires 'Mojolicious::Plugin::ConfigHashMerge';
-requires 'Mojolicious::Plugin::AssetPack';
-requires 'ORLite';
-requires 'File::Type';
+requires 'Mojolicious::Plugin::DebugDumperHelper';
+requires 'Mojolicious::Plugin::StaticCache';
+requires 'Mojolicious::Plugin::GzipStatic';
+requires 'Mojolicious::Plugin::CSPHeader';
 requires 'Text::Unidecode';
 requires 'DateTime';
 requires 'Filesys::DiskUsage';
 requires 'Switch';
-requires 'Data::Validate::URI';
 requires 'Crypt::CBC';
 requires 'Crypt::Blowfish';
+requires 'Digest::MD5';
+requires 'Locale::Maketext';
+requires 'Locale::Maketext::Extract';
+requires 'File::MimeInfo';
+requires 'IO::Scalar';
+requires 'Image::ExifTool';
+requires 'Data::Entropy';
+requires 'List::MoreUtils', '> 0.33';
+requires 'Archive::Zip';
+requires 'ISO::639_1';
+
+feature 'postgresql', 'PostgreSQL support' => sub {
+    requires 'Mojo::Pg';
+    requires 'Mojolicious::Plugin::PgURLHelper';
+};
+feature 'sqlite', 'SQLite support' => sub {
+    requires 'Mojo::SQLite', '>= 3.000';
+    requires 'Minion::Backend::SQLite', '>= 4.001';
+    requires 'DBD::SQLite', '>= 1.66';
+};
+feature 'minion', 'Minion support' => sub {
+    requires 'Minion';
+};
+feature 'cache', 'Cache system' => sub {
+    requires 'Mojolicious::Plugin::CHI';
+    requires 'Data::Serializer';
+};
+feature 'memcached', 'Cache system using Memcached' => sub {
+    requires 'Mojolicious::Plugin::CHI';
+    requires 'CHI::Driver::Memcached';
+    requires 'Cache::Memcached';
+};
+feature 'ldap', 'LDAP authentication support' => sub {
+    requires 'Net::LDAP';
+    requires 'Mojolicious::Plugin::Authentication';
+};
+feature 'htpasswd', 'Htpasswd authentication support' => sub {
+    requires 'Apache::Htpasswd';
+    requires 'Mojolicious::Plugin::Authentication';
+};
+feature 'test' => sub {
+    requires 'Devel::Cover';
+};

docker-compose.dev.yml

@@ -0,0 +1,22 @@
+version: '3.3'
+
+services:
+    app_dev:
+        build: .
+        ports:
+            - 8080:8080
+        volumes:
+            - .:/home/lutim
+        command: dev
+    postgres_dev:
+        image: postgres:11.2-alpine
+        environment:
+            POSTGRES_PASSWORD: password
+            POSTGRES_USER: lutim
+            POSTGRES_DB: lutim
+    memcached:
+        image: memcached:1.5-alpine
+    adminer:
+        image: dehy/adminer
+        ports:
+            - 8081:80

docker-compose.yml

@@ -0,0 +1,28 @@
+version: '3.3'
+
+services:
+    app:
+        build: .
+        ports:
+            - 8080:8080
+        volumes:
+            - ./lutim.conf:/home/lutim/lutim.conf:ro
+    db:
+        image: postgres:11.2-alpine
+        environment:
+            POSTGRES_PASSWORD: password
+            POSTGRES_USER: lutim
+            POSTGRES_DB: lutim
+    cache:
+        image: memcached:1.5-alpine
+    minion:
+        build: .
+        command: minion
+        volumes:
+            - ./lutim.conf:/home/lutim/lutim.conf:ro
+    minion_db:
+        image: postgres:11.2-alpine
+        environment:
+            POSTGRES_PASSWORD: password
+            POSTGRES_USER: lutim_minion
+            POSTGRES_DB: lutim_minion

docker-stack.yml

@@ -0,0 +1,39 @@
+version: '3.3'
+
+services:
+    app:
+        image: aquinum/lutim
+        configs:
+            - source: lutim.conf
+              target: /home/lutim/lutim.conf
+              uid: '1000'
+              gid: '1000'
+              mode: 0440
+        deploy:
+            replicas: 1
+    db:
+        image: postgres:11.2-alpine
+        environment:
+            POSTGRES_PASSWORD: <changeme>
+            POSTGRES_USER: lutim
+            POSTGRES_DB: lutim
+    cache:
+        image: memcached:1.5-alpine
+    minion:
+        image: aquinum/lutim
+        command: minion
+        configs:
+            - source: lutim.conf
+              target: /home/lutim/lutim.conf
+              uid: '1000'
+              gid: '1000'
+              mode: 0440
+    minion_db:
+        image: mariadb:10.3
+        environment:
+            MYSQL_ROOT_PASSWORD: <changeme>
+            MYSQL_DATABASE: lutim_minion
+
+configs:
+    lutim.conf:
+        file: ./lutim.conf

docker/entrypoint.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -eu
+
+cd ~lutim
+
+if [ "${1:-}" == "dev" ]
+then
+    echo ""
+    echo ""
+    echo "Container started in dev mode. Connect to the container with the following command:"
+    echo "    docker-compose -f docker-compose.dev.yml exec -u root app_dev sh"
+    echo ""
+    echo ""
+    echo "You can then install the build dependencies with this command"
+    echo "    sh ~lutim/docker/install-dev-env.sh"
+
+    tail -f /dev/null
+    exit 0
+fi
+
+# If MySQL/PostgreSQL, wait for database to be up
+DB_TYPE=$(perl utilities/read_conf.pl dbtype sqlite)
+DB_HOST=
+DB_PORT=
+if [ "$DB_TYPE" == "postgresql" ]
+then
+    DB_HOST=$(perl utilities/read_conf.pl pgdb/host db)
+    DB_PORT=$(perl utilities/read_conf.pl pgdb/port 5432)
+fi
+if [ -n "$DB_HOST" ] && [ -n "$DB_PORT" ]
+then
+    while ! nc -vz "${DB_HOST}" "${DB_PORT}"; do
+        echo "Waiting for database..."
+        sleep 1;
+    done
+fi
+
+if [ "${1:-}" == "minion" ]
+then
+    exec carton exec script/application minion worker
+fi
+
+exec carton exec hypnotoad -f script/lutim

lib/Lutim.pm

@@ -1,8 +1,20 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
 package Lutim;
 use Mojo::Base 'Mojolicious';
-use Mojo::Util qw(quote);
-use LutimModel;
-use Crypt::CBC;
+use Mojo::IOLoop;
+use Lutim::DB::Image;
+use Lutim::DefaultConfig qw($default_config);
+
+use vars qw($im_loaded);
+BEGIN {
+    eval "use Image::Magick";
+    if ($@) {
+        warn "You don't have Image::Magick installed so you won't have thumbnails.";
+        $im_loaded = 0;
+    } else {
+        $im_loaded = 1;
+    }
+}
 
 $ENV{MOJO_TMPDIR} = 'tmp';
 mkdir($ENV{MOJO_TMPDIR}, 0700) unless (-d $ENV{MOJO_TMPDIR});
@@ -10,31 +22,60 @@ mkdir($ENV{MOJO_TMPDIR}, 0700) unless (-d $ENV{MOJO_TMPDIR});
 sub startup {
     my $self = shift;
 
-    push @{$self->commands->namespaces}, 'Lutim::Command';
-
     $self->{wait_for_it} = {};
 
-    $self->plugin('I18N');
-    $self->plugin('AssetPack');
+    push @{$self->commands->namespaces}, 'Lutim::Command';
 
-    my $config = $self->plugin('ConfigHashMerge', {
-        default => {
-            provisioning     => 100,
-            provis_step      => 5,
-            length           => 8,
-            always_encrypt   => 0,
-            anti_flood_delay => 5,
-            tweet_card_via   => '@framasky',
-            max_file_size    => 10*1024*1024,
-            https            => 0,
-            default_delay    => 0,
-            max_delay        => 0,
-            token_length     => 24,
-        }
+    $self->plugin('DebugDumperHelper');
+
+    my $config = $self->plugin('Config', {
+        default => $default_config
     });
 
-    # Default values
-    $config->{provisioning}     = $config->{provisionning} if (defined($config->{provisionning}));
+    if ($config->{watermark_path}) {
+        die sprintf('%s does not exist or is not readable.', $config->{watermark_path}) unless -r $config->{watermark_path};
+        my $valid = {
+            center    => 1,
+            north     => 1,
+            northeast => 1,
+            east      => 1,
+            southeast => 1,
+            south     => 1,
+            southwest => 1,
+            west      => 1,
+            northwest => 1
+        };
+        die sprintf('%s is not a valid value for watermark_placement.', $config->{watermark_placement}) unless $valid->{lc($config->{watermark_placement})};
+        $valid = {
+            'tiling' => 1,
+            'single' => 1,
+            'none'   => 1
+        };
+        die sprintf('%s is not a valid value for watermark_default.', $config->{watermark_default}) unless $valid->{lc($config->{watermark_default})};
+        die sprintf('%s is not a valid value for watermark_enforce.', $config->{watermark_enforce}) unless $valid->{lc($config->{watermark_enforce})};
+    }
+
+    if (scalar(@{$config->{memcached_servers}})) {
+        $self->plugin(CHI => {
+            lutim_images_cache => {
+                driver             => 'Memcached',
+                servers            => $config->{memcached_servers},
+                expires_in         => '1 day',
+                expires_on_backend => 1,
+            }
+        });
+    } elsif ($config->{cache_max_size} != 0) {
+        my $cache_max_size = 8 * 1024 * 1024 * $config->{cache_max_size};
+        $self->plugin(CHI => {
+            lutim_images_cache => {
+                driver        => 'Memory',
+                global        => 1,
+                is_size_aware => 1,
+                max_size      => $cache_max_size,
+                expires_in    => '1 day'
+            }
+        });
+    }
 
     die "You need to provide a contact information in lutim.conf !" unless (defined($config->{contact}));
 
@@ -42,216 +83,59 @@ sub startup {
 
     $self->secrets($config->{secrets});
 
-    $self->helper(
-        render_file => sub {
-            my $c = shift;
-            my ($filename, $path, $mediatype, $dl, $expires, $nocache, $key) = @_;
+    # Themes handling
+    shift @{$self->renderer->paths};
+    shift @{$self->static->paths};
+    if ($config->{theme} ne 'default') {
+        my $theme = $self->home->rel_file('themes/'.$config->{theme});
+        push @{$self->renderer->paths}, $theme.'/templates' if -d $theme.'/templates';
+        push @{$self->static->paths}, $theme.'/public' if -d $theme.'/public';
+    }
+    push @{$self->renderer->paths}, $self->home->rel_file('themes/default/templates');
+    push @{$self->static->paths}, $self->home->rel_file('themes/default/public');
 
-            $filename = quote($filename);
+    # Internationalization
+    my $lib = $self->home->rel_file('themes/'.$config->{theme}.'/lib');
+    eval qq(use lib "$lib");
+    $self->plugin('I18N');
 
-            my $asset;
-            unless ( -f $path && -r _ ) {
-                $c->app->log->error("Cannot read file [$path]. error [$!]");
-                $c->flash(
-                    msg => $c->l('image_not_found')
-                );
-                return 500;
+    # Static assets gzipping
+    $self->plugin('GzipStatic');
+
+    # Headers
+    $self->plugin('Lutim::Plugin::Headers');
+
+    # Helpers
+    $self->plugin('Lutim::Plugin::Helpers');
+    $self->plugin('Lutim::Plugin::Lang');
+
+    # Create directory if needed
+    mkdir($self->config('upload_dir'), 0700) unless (-d $self->config('upload_dir'));
+    die ('The upload directory ('.$self->config('upload_dir').') is not writable') unless (-w $self->config('upload_dir'));
+
+    # Minion
+    if ($config->{minion}->{enabled}) {
+        $self->config->{minion}->{dbtype} = 'sqlite' unless defined $config->{minion}->{dbtype};
+        if ($config->{minion}->{dbtype} eq 'sqlite') {
+            $config->{minion}->{db_path} = 'minion.db' unless defined $config->{minion}->{db_path};
+            $self->plugin('Minion' => { SQLite => 'sqlite:'.$config->{minion}->{db_path} });
+        } elsif ($config->{minion}->{dbtype} eq 'postgresql') {
+            $self->plugin('PgURLHelper');
+            $self->plugin('Minion' => { Pg => $self->pg_url($config->{minion}->{'pgdb'}) });
+        }
+        $self->app->minion->add_task(
+            accessed => sub {
+                my $job   = shift;
+                my $short = $job->args->[0];
+                my $time  = $job->args->[1];
+
+                my $img = Lutim::DB::Image->new(app => $job->app, short => $short);
+                $img->accessed($time) if $img->path;
             }
+        );
+    }
 
-            $mediatype =~ s/x-//;
-
-            my $headers = Mojo::Headers->new();
-            if ($nocache) {
-                $headers->add('Cache-Control'   => 'no-cache, no-store, max-age=0, must-revalidate');
-            } else {
-                $headers->add('Expires'         => $expires);
-            }
-            $headers->add('Content-Type'        => $mediatype.';name='.$filename);
-            $headers->add('Content-Disposition' => $dl.';filename='.$filename);
-            $c->res->content->headers($headers);
-
-            $c->app->log->debug($key);
-            if ($key) {
-                $asset = $c->decrypt($key, $path);
-            } else {
-                $asset = Mojo::Asset::File->new(path => $path);
-            }
-            $c->res->content->asset($asset);
-            $headers->add('Content-Length' => $asset->size);
-
-            return $c->rendered(200);
-        }
-    );
-
-    $self->helper(
-        ip => sub {
-            my $c  = shift;
-            my $ip_only = shift || 0;
-
-            my $proxy = $c->req->headers->header('X-Forwarded-For');
-
-            my $ip = ($proxy) ? $proxy : $c->tx->remote_address;
-
-            my $remote_port = (defined($c->req->headers->header('X-Remote-Port'))) ? $c->req->headers->header('X-Remote-Port') : $c->tx->remote_port;
-
-            return ($ip_only) ? $ip : "$ip remote port:$remote_port";
-        }
-    );
-
-    $self->helper(
-        provisioning => sub {
-            my $c = shift;
-
-            # Create some short patterns for provisioning
-            if (LutimModel::Lutim->count('WHERE path IS NULL') < $c->config->{provisioning}) {
-                for (my $i = 0; $i < $c->config->{provis_step}; $i++) {
-                    if (LutimModel->begin) {
-                        my $short;
-                        do {
-                            $short= $c->shortener($c->config->{length});
-                        } while (LutimModel::Lutim->count('WHERE short = ?', $short) || $short eq 'about' || $short eq 'stats' || $short eq 'd' || $short eq 'm');
-
-                        LutimModel::Lutim->create(
-                            short                => $short,
-                            counter              => 0,
-                            enabled              => 1,
-                            delete_at_first_view => 0,
-                            delete_at_day        => 0,
-                            mod_token            => $c->shortener($c->config->{token_length})
-                        );
-                        LutimModel->commit;
-                    }
-                }
-            }
-        }
-    );
-
-    $self->helper(
-        shortener => sub {
-            my $c      = shift;
-            my $length = shift;
-
-            my @chars  = ('a'..'z','A'..'Z','0'..'9');
-            my $result = '';
-            foreach (1..$length) {
-                $result .= $chars[rand scalar(@chars)];
-            }
-            return $result;
-        }
-    );
-
-    $self->helper(
-        stop_upload => sub {
-            my $c = shift;
-
-            if (-f 'stop-upload' || -f 'stop-upload.manual') {
-                $c->stash(
-                    stop_upload => $c->l('stop_upload', $config->{contact})
-                );
-                return 1;
-            }
-            return 0;
-        }
-    );
-
-    $self->helper(
-        max_delay => sub {
-            my $c = shift;
-
-            return $c->config->{max_delay} if ($c->config->{max_delay} >= 0);
-
-            warn "max_delay set to a negative value. Default to 0.";
-            return 0;
-        }
-    );
-
-    $self->helper(
-        default_delay => sub {
-            my $c = shift;
-
-            return $c->config->{default_delay} if ($c->config->{default_delay} >= 0);
-
-            warn "default_delay set to a negative value. Default to 0.";
-            return 0;
-        }
-    );
-
-    $self->helper(
-        is_selected => sub {
-            my $c   = shift;
-            my $num = shift;
-
-            return ($num == $c->default_delay) ? 'selected="selected"' : '';
-        }
-    );
-
-    $self->helper(
-        crypt => sub {
-            my $c        = shift;
-            my $upload   = shift;
-            my $filename = shift;
-
-            my $key   = $c->shortener(8);
-
-            my $cipher = Crypt::CBC->new(
-                -key    => $key,
-                -cipher => 'Blowfish',
-                -header => 'none',
-                -iv     => 'dupajasi'
-            );
-
-            $cipher->start('encrypting');
-
-            my $crypt_asset = Mojo::Asset::File->new;
-
-            $crypt_asset->add_chunk($cipher->crypt($upload->slurp));
-            $crypt_asset->add_chunk($cipher->finish);
-
-            my $crypt_upload = Mojo::Upload->new;
-            $crypt_upload->filename($filename);
-            $crypt_upload->asset($crypt_asset);
-
-            return ($crypt_upload, $key);
-        }
-    );
-
-    $self->helper(
-        decrypt => sub {
-            my $c    = shift;
-            my $key  = shift;
-            my $file = shift;
-
-            my $cipher = Crypt::CBC->new(
-                -key    => $key,
-                -cipher => 'Blowfish',
-                -header => 'none',
-                -iv     => 'dupajasi'
-            );
-
-            $cipher->start('decrypting');
-
-            my $decrypt_asset = Mojo::Asset::File->new;
-
-            open(my $f, "<",$file) or die "Unable to read encrypted file: $!";
-            binmode $f;
-            while (read($f, my $buffer,1024)) {
-                  $decrypt_asset->add_chunk($cipher->crypt($buffer));
-            }
-            $decrypt_asset->add_chunk($cipher->finish) ;
-
-            return $decrypt_asset;
-        }
-    );
-
-    $self->helper(
-        delete_image => sub {
-            my $c = shift;
-            my $image = shift;
-            unlink $image->path();
-            $image->update(enabled => 0);
-        }
-    );
-
+    # Hooks
     $self->hook(
         before_dispatch => sub {
             my $c = shift;
@@ -278,24 +162,116 @@ sub startup {
         }
     );
 
-    $self->hook(
-        after_dispatch => sub {
-            my $c = shift;
-            $c->provisioning();
+    # Recurrent tasks
+    Mojo::IOLoop->recurring(5 => sub {
+        my $loop = shift;
 
-            # Purge expired anti-flood protection
-            my $wait_for_it = $c->app->{wait_for_it};
-            delete @{$wait_for_it}{grep { time - $wait_for_it->{$_} > $c->config->{anti_flood_delay} } keys %{$wait_for_it}} if (defined($wait_for_it));
+        $self->provisioning();
+
+        # Purge expired anti-flood protection
+        my $wait_for_it = $self->{wait_for_it};
+        delete @{$wait_for_it}{grep { time - $wait_for_it->{$_} > $self->config->{anti_flood_delay} } keys %{$wait_for_it}} if (defined($wait_for_it));
+    });
+
+    # Authentication (if configured)
+    if (defined($config->{ldap}) || defined($config->{htpasswd})) {
+        if (defined($config->{ldap})) {
+            require Net::LDAP;
         }
-    );
+        if (defined($config->{htpasswd})) {
+            require Apache::Htpasswd;
+        }
+        die sprintf('Unable to read %s', $config->{htpasswd}) if (defined($config->{htpasswd}) && !-r $config->{htpasswd});
+        $self->plugin('Authentication' =>
+            {
+                autoload_user => 1,
+                session_key   => 'Lutim',
+                load_user     => sub {
+                    my ($c, $username) = @_;
 
-    $self->asset('index.css' => 'css/bootstrap.min.css', 'css/fontello-embedded.css', 'css/animation.css', 'css/uploader.css', 'css/hennypenny.css', 'css/lutim.css');
-    $self->asset('stats.css' => 'css/bootstrap.min.css', 'css/fontello-embedded.css', 'css/morris-0.4.3.min.css', 'css/hennypenny.css', 'css/lutim.css');
-    $self->asset('about.css' => 'css/bootstrap.min.css', 'css/fontello-embedded.css', 'css/hennypenny.css', 'css/lutim.css');
+                    return $username;
+                },
+                validate_user => sub {
+                    my ($c, $username, $password, $extradata) = @_;
 
-    $self->asset('index.js'  => 'js/jquery-2.1.0.min.js', 'js/bootstrap.min.js', 'js/lutim.js', 'js/dmuploader.min.js');
-    $self->asset('stats.js'  => 'js/jquery-2.1.0.min.js', 'js/bootstrap.min.js', 'js/lutim.js', 'js/raphael-min.js', 'js/morris-0.4.3.min.js', 'js/stats.js');
-    $self->asset('freeze.js' => 'js/jquery-2.1.0.min.js', 'js/freezeframe.min.js');
+                    if (defined($c->config('ldap'))) {
+                        my $ldap = Net::LDAP->new($c->config->{ldap}->{uri});
+
+                        my $mesg;
+                        if (defined($c->config->{ldap}->{bind_dn}) && defined($c->config->{ldap}->{bind_pwd})) {
+                            # connect to the ldap server using the bind credentials
+                            $mesg = $ldap->bind(
+                                $c->config->{ldap}->{bind_dn},
+                                password => $c->config->{ldap}->{bind_pwd}
+                            );
+                        } else {
+                            # anonymous bind
+                            $mesg = $ldap->bind
+                        }
+
+                        if ($mesg->code) {
+                            $c->app->log->info('[LDAP INFO] Authenticated bind failed - Login: '.$c->config->{ldap}->{bind_dn}) if defined($c->config->{ldap}->{bind_dn});
+                            $c->app->log->error('[LDAP ERROR] Error on bind: '.$mesg->error);
+                            return undef;
+                        }
+
+                        my $ldap_user_attr   = $c->config->{ldap}->{user_attr};
+                        my $ldap_user_filter = $c->config->{ldap}->{user_filter};
+
+                        # search the ldap database for the user who is trying to login
+                        $mesg = $ldap->search(
+                            base   => $c->config->{ldap}->{user_tree},
+                            filter => "(&($ldap_user_attr=$username)$ldap_user_filter)"
+                        );
+
+                        if ($mesg->code) {
+                            $c->app->log->error('[LDAP ERROR] Error on search: '.$mesg->error);
+                            return undef;
+                        }
+
+                        # check to make sure that the ldap search returned at least one entry
+                        my @entries = $mesg->entries;
+                        my $entry   = $entries[0];
+
+                        unless (defined $entry) {
+                            $c->app->log->info("[LDAP INFO] Authentication failed - User $username filtered out, IP: ".$c->ip);
+                            return undef;
+                        }
+
+                        # retrieve the first user returned by the search
+                        $c->app->log->debug("[LDAP DEBUG] Found user dn: ".$entry->dn);
+
+                        # Now we know that the user exists
+                        $mesg = $ldap->bind($entry->dn,
+                            password => $password
+                        );
+
+                        if ($mesg->code) {
+                            $c->app->log->info("[LDAP INFO] Authentication failed - Login: $username, IP: ".$c->ip);
+                            $c->app->log->error('[LDAP ERROR] Authentication failed '.$mesg->error);
+                            return undef;
+                        }
+
+                        $c->app->log->info("[LDAP INFO] Authentication successful - Login: $username, IP: ".$c->ip);
+                    } elsif (defined($c->config('htpasswd'))) {
+                        my $htpasswd = new Apache::Htpasswd(
+                            {
+                                passwdFile => $c->config('htpasswd'),
+                                ReadOnly   => 1
+                            }
+                        );
+                        if (!$htpasswd->htCheckPassword($username, $password)) {
+                            return undef;
+                        }
+                        $c->app->log->info("[Simple authentication successful] login: $username, IP: ".$c->ip);
+                    }
+
+                    return $username;
+                }
+            }
+        );
+        $self->app->sessions->default_expiration($config->{session_duration});
+    }
 
     $self->defaults(layout => 'default');
 
@@ -304,6 +280,14 @@ sub startup {
     # Router
     my $r = $self->routes;
 
+    $r->add_condition(authorized => sub {
+        my ($r, $c, $captures) = @_;
+
+        return 1 unless (defined($config->{ldap}) || defined($config->{htpasswd}));
+
+        return $c->is_user_authenticated;
+    });
+
     $r->options(sub {
         my $c = shift;
         $c->res->headers->allow('POST') if (defined($c->config->{allowed_domains}));
@@ -311,39 +295,135 @@ sub startup {
     });
 
     $r->get('/')->
-        to('Controller#home')->
+        requires('authorized')->
+        to('Image#home')->
         name('index');
+    $r->get('/')->
+        to('Authent#index');
+
+
+    if (defined $config->{ldap} || defined $config->{htpasswd}) {
+        # Login page
+        $r->get('/login')
+            ->to('Authent#index')
+            ->name('login');
+
+        # Authentication
+        $r->post('/login')
+            ->to('Authent#login');
+
+        # Logout page
+        $r->get('/logout')
+            ->to('Authent#log_out')
+            ->name('logout');
+    }
 
     $r->get('/about')->
-        to('Controller#about')->
+        to('Image#about')->
         name('about');
 
+    $r->get('/infos')->
+        to('Image#infos')->
+        name('infos');
+
     $r->get('/stats')->
-        to('Controller#stats')->
+        to('Image#stats')->
         name('stats');
 
+    $r->get('/lang/:l')->
+        to('Image#change_lang')->
+        name('lang');
+
+    $r->get('/partial/<:file>.<:f>' => sub {
+        my $c = shift;
+        $c->render(
+            template => 'partial/'.$c->param('file'),
+            format   => 'js',
+            layout   => undef,
+            d        => {
+                delay_0   => $c->l('no time limit'),
+                delay_1   => $c->l('24 hours'),
+                delay_365 => $c->l('1 year')
+            }
+        );
+    })->name('partial');
+
+    $r->get('/gallery' => sub {
+        shift->render(
+            template => 'gallery',
+        );
+    })->name('gallery');
+
+    $r->get('/myfiles')->
+        requires('authorized')->
+        name('myfiles');
+    $r->get('/myfiles')->
+        to('Authent#index');
+
     $r->get('/manifest.webapp')->
-        to('Controller#webapp')->
+        to('Image#webapp')->
         name('manifest.webapp');
 
+    $r->get('/zip')
+        ->to('Image#zip')
+        ->name('zip');
+
+    $r->get('/random')
+        ->to('Image#random')
+        ->name('random');
+
     $r->post('/')->
-        to('Controller#add')->
+        requires('authorized')->
+        to('Image#add')->
         name('add');
+    $r->post('/')->
+        to('Authent#index');
 
     $r->get('/d/:short/:token')->
-        to('Controller#delete')->
+        requires('authorized')->
+        to('Image#delete')->
         name('delete');
+    $r->get('/d/:short/:token')->
+        to('Authent#index');
 
     $r->post('/m/:short/:token')->
-        to('Controller#modify')->
+        requires('authorized')->
+        to('Image#modify')->
         name('modify');
+    $r->post('/m/:short/:token')->
+        to('Authent#index');
 
-    $r->get('/:short')->
-        to('Controller#short')->
+    $r->post('/c')->
+        requires('authorized')->
+        to('Image#get_counter')->
+        name('counter');
+    $r->post('/c')->
+        to('Authent#index');
+
+    $r->get('/about/<:short>')->
+        to('Image#about_img')->
+        name('about_img');
+
+    $r->get('/about/<:short>.<:f>')->
+        to('Image#about_img')->
+        name('about_img');
+
+    $r->get('/about/:short/<:key>.<:f>')->
+        to('Image#about_img')->
+        name('about_img');
+
+    $r->get('/<:short>.<:f>')->
+        to('Image#short')->
         name('short');
 
+    $r->get('/:short')->
+        to('Image#short');
+
+    $r->get('/:short/<:key>.<:f>')->
+        to('Image#short');
+
     $r->get('/:short/:key')->
-        to('Controller#short');
+        to('Image#short');
 }
 
 1;

lib/Lutim/Command/cron.pm

@@ -1,3 +1,4 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
 package Lutim::Command::cron;
 use Mojo::Base 'Mojolicious::Commands';
 

lib/Lutim/Command/cron/cleanbdd.pm

@@ -1,7 +1,11 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
 package Lutim::Command::cron::cleanbdd;
 use Mojo::Base 'Mojolicious::Command';
-use LutimModel;
-use Mojo::Util qw(slurp decode);
+use Mojo::File;
+use Lutim::DB::Image;
+use Lutim::DefaultConfig qw($default_config);
+use FindBin qw($Bin);
+use File::Spec qw(catfile);
 
 has description => 'Delete IP addresses from database after configured delay.';
 has usage => sub { shift->extract_usage };
@@ -9,19 +13,23 @@ has usage => sub { shift->extract_usage };
 sub run {
     my $c = shift;
 
-    my $config = $c->app->plugin('ConfigHashMerge', {
-        default => {
-            keep_ip_during => 365,
+    my $cfile = Mojo::File->new($Bin, '..' , 'lutim.conf');
+    if (defined $ENV{MOJO_CONFIG}) {
+        $cfile = Mojo::File->new($ENV{MOJO_CONFIG});
+        unless (-e $cfile->to_abs) {
+            $cfile = Mojo::File->new($Bin, '..', $ENV{MOJO_CONFIG});
         }
+    }
+    my $config = $c->app->plugin('Config', {
+        file    => $cfile,
+        default => $default_config
     });
 
     my $separation = time() - $config->{keep_ip_during} * 86400;
 
-    LutimModel->do(
-        'UPDATE lutim SET created_by = "" WHERE path IS NOT NULL AND created_at < ?',
-        {},
-        $separation
-    );
+    my $dbi = Lutim::DB::Image->new(app => $c->app);
+
+    $dbi->clean_ips_until($separation);
 }
 
 =encoding utf8

lib/Lutim/Command/cron/cleanfiles.pm

@@ -1,7 +1,12 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
 package Lutim::Command::cron::cleanfiles;
 use Mojo::Base 'Mojolicious::Command';
-use LutimModel;
-use Mojo::Util qw(slurp decode);
+use Mojo::File;
+use Lutim::DB::Image;
+use Lutim::DefaultConfig qw($default_config);
+use Lutim;
+use FindBin qw($Bin);
+use File::Spec qw(catfile);
 
 has description => 'Delete expired files.';
 has usage => sub { shift->extract_usage };
@@ -9,22 +14,37 @@ has usage => sub { shift->extract_usage };
 sub run {
     my $c = shift;
 
-    my $time = time();
-    my @images = LutimModel::Lutim->select('WHERE enabled = 1 AND (delete_at_day * 86400) < (? - created_at) AND delete_at_day != 0', $time);
-
-    for my $image (@images) {
-        $c->app->delete_image($image);
+    my $cfile = Mojo::File->new($Bin, '..' , 'lutim.conf');
+    if (defined $ENV{MOJO_CONFIG}) {
+        $cfile = Mojo::File->new($ENV{MOJO_CONFIG});
+        unless (-e $cfile->to_abs) {
+            $cfile = Mojo::File->new($Bin, '..', $ENV{MOJO_CONFIG});
+        }
     }
+    my $config = $c->app->plugin('Config', {
+        file    => $cfile,
+        default => $default_config
+    });
 
-    my $config = $c->app->plugin('Config');
+    my $l = Lutim->new;
+
+    my $dbi = Lutim::DB::Image->new(app => $c->app);
+
+    $dbi->get_images_to_clean()->each(
+        sub {
+            my ($img, $num) = @_;
+            $l->app->delete_image($img);
+        }
+    );
 
     if (defined($config->{delete_no_longer_viewed_files}) && $config->{delete_no_longer_viewed_files} > 0) {
-        $time = time() - $config->{delete_no_longer_viewed_files} * 86400;
-        @images = LutimModel::Lutim->select('WHERE enabled = 1 AND last_access_at < ?', $time);
-
-        for my $image (@images) {
-            $c->app->delete_image($image);
-        }
+        my $time = time() - $config->{delete_no_longer_viewed_files} * 86400;
+        $dbi->get_no_longer_viewed_files($time)->each(
+            sub {
+                my ($img, $num) = @_;
+                $l->app->delete_image($img);
+            }
+        );
     }
 }
 

lib/Lutim/Command/cron/stats.pm

@@ -1,9 +1,16 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
 package Lutim::Command::cron::stats;
 use Mojo::Base 'Mojolicious::Command';
-use LutimModel;
 use Mojo::DOM;
-use Mojo::Util qw(slurp spurt decode);
+use Mojo::Util qw(encode);
+use Mojo::File;
+use Mojo::JSON qw(encode_json);
+use Lutim::DB::Image;
+use Lutim::DefaultConfig qw($default_config);
 use DateTime;
+use FindBin qw($Bin);
+use File::Spec qw(catfile);
+use POSIX;
 
 has description => 'Generate statistics about Lutim.';
 has usage => sub { shift->extract_usage };
@@ -11,13 +18,26 @@ has usage => sub { shift->extract_usage };
 sub run {
     my $c = shift;
 
-    my $config = $c->app->plugin('ConfigHashMerge', {
-        default => {
-            stats_day_num => 365
+    my $cfile = Mojo::File->new($Bin, '..' , 'lutim.conf');
+    if (defined $ENV{MOJO_CONFIG}) {
+        $cfile = Mojo::File->new($ENV{MOJO_CONFIG});
+        unless (-e $cfile->to_abs) {
+            $cfile = Mojo::File->new($Bin, '..', $ENV{MOJO_CONFIG});
         }
+    }
+    my $config = $c->app->plugin('Config', {
+        file    => $cfile,
+        default => $default_config
     });
 
-    my $text     = slurp('templates/data.html.ep.template');
+    my $template = 'themes/'.$config->{theme}.'/templates/data.html.ep.template';
+    unless (-e $template) {
+        $template = 'themes/default/templates/data.html.ep.template';
+    }
+
+    my $stats = {};
+
+    my $text     = Mojo::File->new($template)->slurp;
     my $dom      = Mojo::DOM->new($text);
     my $thead_tr = $dom->at('table thead tr');
     my $tbody_tr = $dom->at('table tbody tr');
@@ -26,29 +46,163 @@ sub run {
     my $separation = time() - $config->{stats_day_num} * 86400;
 
     my %data;
-    for my $img (LutimModel::Lutim->select('WHERE path IS NOT NULL AND created_at >= ?', $separation)) {
-        my $time                 = DateTime->from_epoch(epoch => $img->created_at);
-        my ($year, $month, $day) = ($time->year(), $time->month(), $time->day());
+    my $img = Lutim::DB::Image->new(app => $c->app);
+    my $sca = $img->select_created_after($separation);
 
-        if (defined($data{$year}->{$month}->{$day})) {
-            $data{$year}->{$month}->{$day} += 1;
-        } else {
-            $data{$year}->{$month}->{$day} = 1;
-        }
-    }
+    $stats->{total}    = $img->count_not_empty;
+    $stats->{average}  = floor($sca->size / $config->{stats_day_num}) if $config->{stats_day_num};
+    $stats->{for_days} = $config->{stats_day_num};
 
-    my $total = LutimModel::Lutim->count('WHERE path IS NOT NULL AND created_at < ?', $separation);
-    for my $year (sort {$a <=> $b} keys %data) {
-        for my $month (sort {$a <=> $b} keys %{$data{$year}}) {
-            for my $day (sort {$a <=> $b} keys %{$data{$year}->{$month}}) {
-                $thead_tr->append_content('<th>'."$day/$month/$year".'</th>'."\n");
-                $tbody_tr->append_content('<td>'.$data{$year}->{$month}->{$day}.'</td>'."\n");
-                $total += $data{$year}->{$month}->{$day};
-                $tbody_t2->append_content('<td>'.$total.'</td>'."\n");
+    $sca->each(
+        sub {
+            my ($e, $num) = @_;
+            my $time                 = DateTime->from_epoch(epoch => $e->created_at);
+            my ($year, $month, $day) = ($time->year(), $time->month(), $time->day());
+
+            if (defined($data{$year}->{$month}->{$day})) {
+                $data{$year}->{$month}->{$day} += 1;
+            } else {
+                $data{$year}->{$month}->{$day} = 1;
             }
         }
+    );
+
+    my $total = $img->count_created_before($separation);
+    if (scalar(keys %data)) {
+        for my $year (sort {$a <=> $b} keys %data) {
+            for my $month (sort {$a <=> $b} keys %{$data{$year}}) {
+                for my $day (sort {$a <=> $b} keys %{$data{$year}->{$month}}) {
+                    $thead_tr->append_content(sprintf("<th>%#.2d/%#.2d/%d</th>\n", $day, $month, $year));
+                    $tbody_tr->append_content(sprintf("<td>%d</td>\n", $data{$year}->{$month}->{$day}));
+                    $total += $data{$year}->{$month}->{$day};
+                    $tbody_t2->append_content(sprintf("<td>%d</td>\n", $total));
+                }
+            }
+        }
+    } else {
+        my $dt = DateTime->from_epoch(epoch => $separation);
+        $thead_tr->append_content(sprintf("<th>%#.2d/%#.2d/%d</th>\n", $dt->day(), $dt->month(), $dt->year()));
+        $tbody_tr->append_content("<td>0</td>\n");
+        $tbody_t2->append_content(sprintf("<td>%d</td>\n", $total));
+
+        $dt = DateTime->now();
+        $thead_tr->append_content(sprintf("<th>%#.2d/%#.2d/%d</th>\n", $dt->day(), $dt->month(), $dt->year()));
+        $tbody_tr->append_content("<td>0</td>\n");
+        $tbody_t2->append_content(sprintf("<td>%d</td>\n", $total));
     }
-    spurt $dom, 'templates/data.html.ep';
+
+    my $moy = $total / $config->{stats_day_num};
+
+    # Raw datas
+    my $template2 = 'themes/'.$config->{theme}.'/templates/raw.html.ep.template';
+    unless (-e $template2) {
+        $template2 = 'themes/default/templates/raw.html.ep.template';
+    }
+    my $text2    = Mojo::File->new($template2)->slurp;
+    my $dom2     = Mojo::DOM->new($text2);
+    my $raw      = $dom2->at('table tbody');
+    my $raw_foot = $dom2->at('table tfoot');
+    my $unlimited_enabled      = $img->count_delete_at_day_endis(0,   1);
+    my $unlimited_disabled     = $img->count_delete_at_day_endis(0,   0);
+    my $day_enabled            = $img->count_delete_at_day_endis(1,   1);
+    my $day_disabled           = $img->count_delete_at_day_endis(1,   0);
+    my $week_enabled           = $img->count_delete_at_day_endis(7,   1);
+    my $week_disabled          = $img->count_delete_at_day_endis(7,   0);
+    my $month_enabled          = $img->count_delete_at_day_endis(30,  1);
+    my $month_disabled         = $img->count_delete_at_day_endis(30,  0);
+    my $year_enabled           = $img->count_delete_at_day_endis(365, 1);
+    my $year_disabled          = $img->count_delete_at_day_endis(365, 0);
+    my $year_disabled_in_month = $img->count_delete_at_day_endis(365, 1, time - 335 * 86400);
+
+    $stats->{unlimited} = {
+        enabled  => $unlimited_enabled,
+        disabled => $unlimited_disabled
+    };
+    $stats->{day} = {
+        enabled  => $day_enabled,
+        disabled => $day_disabled
+    };
+    $stats->{week} = {
+        enabled  => $week_enabled,
+        disabled => $week_disabled
+    };
+    $stats->{month} = {
+        enabled  => $month_enabled,
+        disabled => $month_disabled
+    };
+    $stats->{year} = {
+        enabled  => $year_enabled,
+        disabled => $year_disabled
+    };
+
+    my $year_disabled_in_month_pct = ($year_enabled != 0) ? " (".sprintf('%.2f', 100*$year_disabled_in_month/$year_enabled)."%)" : '';
+
+    $raw->append_content("\n<tr><td><%= \$raw[4] %></td><td>".$unlimited_enabled."</td><td>".$unlimited_disabled."</td><td>ø</td></tr>\n");
+    $raw->append_content("<tr><td><%= \$raw[5] %></td><td>".$day_enabled."</td><td>".$day_disabled."</td><td>".$day_enabled." (100%)</td></tr>\n");
+    $raw->append_content("<tr><td><%= \$raw[6] %></td><td>".$week_enabled."</td><td>".$week_disabled."</td><td>".$week_enabled." (100%)</td></tr>\n");
+    $raw->append_content("<tr><td><%= \$raw[7] %></td><td>".$month_enabled."</td><td>".$month_disabled."</td><td>".$month_enabled." (100%)</td></tr>\n");
+    $raw->append_content("<tr><td><%= \$raw[8] %></td><td>".$year_enabled."</td><td>".$year_disabled."</td><td>".$year_disabled_in_month.$year_disabled_in_month_pct."</td></tr>\n");
+
+    $raw_foot->append_content("\n<tr><td><%= \$raw[9] %></td><td>".($unlimited_enabled + $day_enabled + $week_enabled + $month_enabled + $year_enabled)."</td><td>".($unlimited_disabled + $day_disabled + $week_disabled + $month_disabled + $year_disabled)."</td><td>".($day_enabled + $week_enabled + $month_enabled + $year_disabled_in_month)."</td></tr>\n");
+
+    $dom2 = <<EOF;
+% my \@raw = (
+%     l('Image delay'),
+%     l('Active images'),
+%     l('Deleted images'),
+%     l('Deleted images in 30 days'),
+%     l('no time limit'),
+%     l('24 hours'),
+%     l('%1 days', 7),
+%     l('%1 days', 30),
+%     l('1 year'),
+%     l('Total')
+% );
+$dom2
+EOF
+
+    my $js = <<EOF;
+var enabled_donut = {
+  element: 'raw-enabled-holder',
+  data: [
+    {label: "<%= l('no time limit') %>", value: $unlimited_enabled},
+    {label: "<%= l('24 hours') %>", value: $day_enabled},
+    {label: "<%= l('%1 days', 7) %>", value: $week_enabled},
+    {label: "<%= l('%1 days', 30) %>", value: $month_enabled},
+    {label: "<%= l('1 year') %>", value: $year_enabled},
+  ],
+  colors: [
+      '#40b489',
+      '#40b9b1',
+      '#40a1be',
+      '#427dc1',
+      '#455ac3',
+  ]
+};
+var disabled_donut = {
+  element: 'raw-disabled-holder',
+  data: [
+    {label: "<%= l('no time limit') %>", value: $unlimited_disabled},
+    {label: "<%= l('24 hours') %>", value: $day_disabled},
+    {label: "<%= l('%1 days', 7) %>", value: $week_disabled},
+    {label: "<%= l('%1 days', 30) %>", value: $month_disabled},
+    {label: "<%= l('1 year') %>", value: $year_disabled},
+  ],
+  colors: [
+      '#40b489',
+      '#40b9b1',
+      '#40a1be',
+      '#427dc1',
+      '#455ac3',
+  ]
+};
+EOF
+
+    Mojo::File->new('themes/'.$config->{theme}.'/templates/stats.json.ep')->spew(encode_json($stats));
+    Mojo::File->new('themes/'.$config->{theme}.'/templates/data.html.ep')->spew($dom);
+    Mojo::File->new('themes/'.$config->{theme}.'/templates/raw.html.ep')->spew(encode('UTF-8', $dom2));
+    mkdir 'themes/'.$config->{theme}.'/templates/partial/' unless -d 'themes/'.$config->{theme}.'/templates/partial/';
+    Mojo::File->new('themes/'.$config->{theme}.'/templates/partial/raw.js.ep')->spew(encode('UTF-8', $js));
 }
 
 =encoding utf8

lib/Lutim/Command/cron/watch.pm

@@ -1,9 +1,14 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
 package Lutim::Command::cron::watch;
 use Mojo::Base 'Mojolicious::Command';
-use Mojo::Util qw(slurp decode);
 use Filesys::DiskUsage qw/du/;
-use LutimModel;
+use Lutim::DB::Image;
+use Lutim::DefaultConfig qw($default_config);
+use Lutim;
+use Mojo::File;
 use Switch;
+use FindBin qw($Bin);
+use File::Spec qw(catfile);
 
 has description => 'Watch the files directory and take action when over quota';
 has usage => sub { shift->extract_usage };
@@ -11,10 +16,16 @@ has usage => sub { shift->extract_usage };
 sub run {
     my $c = shift;
 
-    my $config = $c->app->plugin('ConfigHashMerge', {
-        default => {
-            policy_when_full => 'warn'
+    my $cfile = Mojo::File->new($Bin, '..' , 'lutim.conf');
+    if (defined $ENV{MOJO_CONFIG}) {
+        $cfile = Mojo::File->new($ENV{MOJO_CONFIG});
+        unless (-e $cfile->to_abs) {
+            $cfile = Mojo::File->new($Bin, '..', $ENV{MOJO_CONFIG});
         }
+    }
+    my $config = $c->app->plugin('Config', {
+        file    => $cfile,
+        default => $default_config
     });
 
     if (defined($config->{max_total_size})) {
@@ -33,11 +44,15 @@ sub run {
                 }
                 case 'delete' {
                     say '[Lutim cron job watch] Older files are being deleted';
+                    my $dbi = Lutim::DB::Image->new(app => $c->app);
+                    my $l = Lutim->new;
                     do {
-                        for my $img (LutimModel::Lutim->select('WHERE path IS NOT NULL AND enabled = 1 ORDER BY created_at ASC LIMIT 50')) {
-                            unlink $img->path() or warn "Could not unlink ".$img->path.": $!";
-                            $img->update(enabled => 0);
-                        }
+                        $dbi->get_50_oldest()->each(
+                            sub {
+                                my ($img, $num) = @_;
+                                $l->app->delete_image($img);
+                            }
+                        );
                     } while (du(qw/files/) > $config->{max_total_size});
                 }
                 else {

lib/Lutim/Command/image.pm

@@ -0,0 +1,234 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::Command::image;
+use Mojo::Base 'Mojolicious::Command';
+use Mojo::Util qw(getopt);
+use Mojo::Collection 'c';
+use Lutim::DB::Image;
+use Lutim::DefaultConfig qw($default_config);
+use FindBin qw($Bin);
+use File::Spec qw(catfile);
+
+has description => 'Manage stored images';
+has usage => sub { shift->extract_usage };
+
+my $csv_header = 0;
+
+sub run {
+    my $c    = shift;
+    my @args = @_;
+
+    my $cfile = Mojo::File->new($Bin, '..' , 'lutim.conf');
+    if (defined $ENV{MOJO_CONFIG}) {
+        $cfile = Mojo::File->new($ENV{MOJO_CONFIG});
+        unless (-e $cfile->to_abs) {
+            $cfile = Mojo::File->new($Bin, '..', $ENV{MOJO_CONFIG});
+        }
+    }
+    my $config = $c->app->plugin('Config', {
+        file    => $cfile,
+        default => $default_config
+    });
+
+    if (scalar(@{$config->{memcached_servers}})) {
+        $c->app->plugin(CHI => {
+            lutim_images_cache => {
+                driver             => 'Memcached',
+                servers            => $config->{memcached_servers},
+                expires_in         => '1 day',
+                expires_on_backend => 1,
+            }
+        });
+    }
+
+    getopt \@args,
+      'i|info=s{1,}'   => \my @info,
+      'c|csv'          => \my $csv,
+      'r|remove=s{1,}' => \my @remove,
+      'y|yes'          => \my $yes,
+      'q|quiet'        => \my $quiet,
+      's|search=s'     => \my $ip,
+      'n|nuke=s'       => \my $nuke,
+    ;
+
+    if (scalar @info) {
+        c(@info)->each(
+            sub {
+                my ($e, $num) = @_;
+                my $i = get_short($c, $e);
+                print_infos($i, $csv) if $i;
+            }
+        );
+    }
+    if (scalar @remove) {
+        c(@remove)->each(
+            sub {
+                my ($e, $num) = @_;
+                my $i = get_short($c, $e);
+                if ($i) {
+                    if ($i->enabled) {
+                        print_infos($i, 0) unless $quiet;
+                        delete_short($c, $i, $yes);
+                    } else {
+                        say sprintf('The image %s is already disabled', $e);
+                    }
+                }
+            }
+        );
+        if ($config->{cache_max_size} && !scalar(@{$config->{memcached_servers}})) {
+            say "\nPlease reload Lutim to be sure that the deleted images are not in the cache anymore.";
+        }
+    }
+    if ($ip) {
+        my $u = Lutim::DB::Image->new(app => $c->app)->search_created_by($ip);
+        my @shorts;
+        $u->each(sub {
+            my ($e, $num) = @_;
+            push @shorts, $e->short;
+            print_infos($e, $csv);
+        });
+        say sprintf('%d matching images', $u->size);
+        say sprintf("If you want to delete those images, please do:\n  carton exec script/lutim image --remove %s", join(' ', @shorts)) if @shorts;
+    }
+    if ($nuke) {
+        my $i = get_short($c, $nuke);
+        if ($i && $i->created_by) {
+            my $u = Lutim::DB::Image->new(app => $c->app)->search_exact_created_by($i->created_by);
+            my @shorts;
+            say sprintf('%d images created by the same IP address (%s) than image %s', $u->size, $i->created_by, $nuke);
+            my $confirm = ($yes) ? 'yes' : undef;
+            unless (defined $confirm) {
+                printf('Are you sure you want to remove those %d images? [N/y] ', $u->size);
+                $confirm = <STDIN>;
+                chomp $confirm;
+            }
+            if ($confirm =~ m/^y(es)?$/i) {
+                $u->each(sub {
+                    my ($e, $num) = @_;
+                    my $i = get_short($c, $e->short);
+                    if ($i) {
+                        print_infos($i, $csv);
+                        if ($i->enabled) {
+                            delete_short($c, $i, 1);
+                        } else {
+                            say sprintf('The image %s is already disabled', $e->short);
+                        }
+                    }
+                });
+            } else {
+                say 'Answer was not "y" or "yes". Aborting deletion.';
+            }
+        } elsif (! $i->created_by) {
+            say sprintf('Image %s does not contain its creator’s IP address.', $nuke);
+        } else {
+            say sprintf('Sorry, can’t find image %s', $nuke);
+        }
+    }
+}
+
+sub get_short {
+    my $c     = shift;
+    my $short = shift;
+
+    my $i = Lutim::DB::Image->new(app => $c->app, short => $short);
+    if ($i->path) {
+        return $i;
+    } else {
+        say sprintf('Sorry, unable to find an image with short = %s', $short);
+        return undef;
+    }
+}
+
+sub print_infos {
+    my $i   = shift;
+    my $csv = shift;
+
+    my $msg;
+
+    if ($i) {
+        if ($csv) {
+            if (!$csv_header) {
+                say 'short,path,footprint,enabled,mediatype,filename,counter,delete_at_first_view,delete_at_day,created_at,created_by,last_access_at,width,height';
+                $csv_header = 1;
+            }
+            $msg = '"%s","%s","%s",%d,"%s","%s",%d,"%s",%d,"%s","%s","%s",%d,%d';
+        } else {
+            $msg = <<EOF;
+%s
+    path                 : %s
+    footprint            : %s
+    enabled              : %d
+    mediatype            : %s
+    filename             : %s
+    counter              : %d
+    delete_at_first_view : %d
+    delete_at_day        : %d
+    created_at           : %s
+    created_by           : %s
+    last_access_at       : %s
+    width                : %d
+    height               : %d
+EOF
+        }
+        my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime($i->created_at);
+        my $created_at = sprintf('%d-%d-%d %d:%d:%d GMT', $year + 1900, ++$mon, $mday, $hour, $min, $sec);
+
+        my $last_access_at = '';
+        if ($i->last_access_at) {
+            ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)    = gmtime($i->last_access_at);
+            $last_access_at = sprintf('%d-%d-%d %d:%d:%d GMT', $year + 1900, ++$mon, $mday, $hour, $min, $sec);
+        }
+        say sprintf($msg,
+            $i->short,
+            $i->path,
+            $i->footprint,
+            $i->enabled,
+            $i->mediatype,
+            $i->filename,
+            $i->counter,
+            $i->delete_at_first_view,
+            $i->delete_at_day,
+            $created_at,
+            $i->created_by,
+            $last_access_at,
+            $i->width,
+            $i->height
+        );
+    }
+}
+
+sub delete_short {
+    my $c = shift;
+    my $i = shift;
+    my $y = shift;
+
+    my $confirm = ($y) ? 'yes' : undef;
+    unless (defined $confirm) {
+        printf('Are you sure you want to remove this image (%s)? [N/y] ', $i->short);
+        $confirm = <STDIN>;
+        chomp $confirm;
+    }
+    if ($confirm =~ m/^y(es)?$/i) {
+        $c->app->delete_image($i);
+    } else {
+        say 'Answer was not "y" or "yes". Aborting deletion.';
+    }
+}
+
+=encoding utf8
+
+=head1 NAME
+
+Lutim::Command::image - Manage URL in Lutim's database
+
+=head1 SYNOPSIS
+
+  Usage:
+      carton exec script/lutim image --info <short> <short> [--csv]              Print infos about the space-separated images (--csv creates a CSV output)
+      carton exec script/lutim image --remove <short> <short> [--yes] [--quiet]  Delete the space-separated images (--yes disables confirmation, --quiet disables informations printing)
+      carton exec script/lutim image --search <ip>                               Print infos about the images uploaded by this IP (database LIKE, may include images uploaded by other IPs)
+      carton exec script/lutim image --nuke <short>                              Delete the image and all images sent by the same IP address and print infos about the deleted images
+
+=cut
+
+1;
+

lib/Lutim/Command/theme.pm

@@ -0,0 +1,124 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::Command::theme;
+use Mojo::Base 'Mojolicious::Commands';
+use FindBin qw($Bin);
+use File::Spec qw(catfile cat dir);
+use File::Path qw(make_path);
+
+has description => 'Create new theme skeleton.';
+has usage => sub { shift->extract_usage };
+has message    => sub { shift->extract_usage . "\nCreate new theme skeleton:\n" };
+has namespaces => sub { ['Lutim::Command::theme'] };
+
+sub run {
+    my $c    = shift;
+    my $name = shift;
+
+    unless (defined $name) {
+        say $c->extract_usage;
+        exit 1;
+    }
+
+    my $home = File::Spec->catdir($Bin, '..', 'themes', $name);
+
+    unless (-d $home) {
+
+        # Create skeleton
+        mkdir $home;
+        mkdir File::Spec->catdir($home, 'public');
+        make_path(File::Spec->catdir($home, 'templates', 'layouts'));
+        make_path(File::Spec->catdir($home, 'lib', 'Lutim', 'I18N'));
+
+        my $i18n = <<EOF;
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::I18N;
+
+use base 'Locale::Maketext';
+use File::Basename qw/dirname/;
+use Locale::Maketext::Lexicon {
+    _auto => 1,
+    _decode => 1,
+    _style  => 'gettext',
+    '*' => [
+        Gettext => dirname(__FILE__) . '/I18N/*.po',
+        Gettext => \$app_dir . 'themes/default/lib/Lutim/I18N/*.po',
+    ]
+};
+
+use vars qw(\$app_dir);
+BEGIN {
+    use Cwd;
+    my \$app_dir = getcwd;
+}
+
+1;
+EOF
+
+        open my $f, '>', File::Spec->catfile($home, 'lib', 'Lutim', 'I18N.pm') or die "Unable to open $home/lib/Lutim/I18N.pm: $!";
+        print $f $i18n;
+        close $f;
+
+        my $makefile = <<EOF;
+EN=lib/Lutim/I18N/en.po
+FR=lib/Lutim/I18N/fr.po
+DE=lib/Lutim/I18N/de.po
+ES=lib/Lutim/I18N/es.po
+OC=lib/Lutim/I18N/oc.po
+AR=lib/Lutim/I18N/ar.po
+SEDOPTS=-e "s\@SOME DESCRIPTIVE TITLE\@Lutim language file\@" \\
+		-e "s\@YEAR THE PACKAGE'S COPYRIGHT HOLDER\@2015 Luc Didry\@" \\
+		-e "s\@CHARSET\@utf8\@" \\
+		-e "s\@the PACKAGE package\@the Lutim package\@" \\
+		-e '/^\\#\\. (/{N;/\\n\\#\\. (/{N;/\\n.*\\.\\.\\/default\\//{s/\\#\\..*\\n.*\\#\\./\\#. (/g}}}' \\
+		-e '/^\\#\\. (/{N;/\\n.*\\.\\.\\/default\\//{s/\\n/ /}}' 
+SEDOPTS2=-e '/^\\#.*\\.\\.\\/default\\//,+3d'
+XGETTEXT=carton exec ../../local/bin/xgettext.pl
+CARTON=carton exec
+
+locales:
+		\$(XGETTEXT) -D templates -D ../default/templates -o \$(EN) 2>/dev/null
+		\$(XGETTEXT) -D templates -D ../default/templates -o \$(FR) 2>/dev/null
+		\$(XGETTEXT) -D templates -D ../default/templates -o \$(DE) 2>/dev/null
+		\$(XGETTEXT) -D templates -D ../default/templates -o \$(ES) 2>/dev/null
+		\$(XGETTEXT) -D templates -D ../default/templates -o \$(OC) 2>/dev/null
+		\$(XGETTEXT) -D templates -D ../default/templates -o \$(AR) 2>/dev/null
+		sed \$(SEDOPTS) -i \$(EN)
+		sed \$(SEDOPTS2) -i \$(EN)
+		sed \$(SEDOPTS) -i \$(FR)
+		sed \$(SEDOPTS2) -i \$(FR)
+		sed \$(SEDOPTS) -i \$(DE)
+		sed \$(SEDOPTS2) -i \$(DE)
+		sed \$(SEDOPTS) -i \$(ES)
+		sed \$(SEDOPTS2) -i \$(ES)
+		sed \$(SEDOPTS) -i \$(OC)
+		sed \$(SEDOPTS) -i \$(OC)
+		sed \$(SEDOPTS2) -i \$(AR)
+		sed \$(SEDOPTS2) -i \$(AR)
+EOF
+
+        open $f, '>', File::Spec->catfile($home, 'Makefile') or die "Unable to open $home/Makefile: $!";
+        print $f $makefile;
+        close $f;
+        open $f, '>', File::Spec->catfile($home, '.gitignore') or die "Unable to open $home/.gitignore: $!";
+        print $f "public/packed/\ntemplates/data.html.ep";
+        close $f;
+    } else {
+        say "$name theme already exists. Aborting.";
+        exit 1;
+    }
+}
+
+=encoding utf8
+
+=head1 NAME
+
+Lutim::Command::theme - Create new theme skeleton.
+
+=head1 SYNOPSIS
+
+  Usage: script/lutim theme THEME_NAME
+
+  Your new theme will be available in the themes directory.
+=cut
+
+1;

lib/Lutim/Controller.pm

@@ -1,512 +0,0 @@
-# vim:set sw=4 ts=4 sts=4 expandtab:
-package Lutim::Controller;
-use Mojo::Base 'Mojolicious::Controller';
-use Mojo::Util qw(url_unescape b64_encode);
-use DateTime;
-use File::Type;
-use Digest::file qw(digest_file_hex);
-use Text::Unidecode;
-use Data::Validate::URI qw(is_http_uri is_https_uri);
-
-use vars qw($im_loaded);
-BEGIN {
-    eval "use Image::Magick";
-    if ($@) {
-        warn "You don't have Image::Magick installed so you won't have thumbnails.";
-        $im_loaded = 0;
-    } else {
-        $im_loaded = 1;
-    }
-}
-
-sub home {
-    my $c = shift;
-
-    $c->render(
-        template      => 'index',
-        max_file_size => $c->req->max_message_size
-    );
-
-
-    $c->on(finish => sub {
-            my $c = shift;
-            $c->app->log->info('[HIT] someone visited site index');
-        }
-    );
-}
-
-sub about {
-    shift->render(template => 'about');
-}
-
-sub stats {
-    shift->render(
-        template => 'stats',
-        total    =>  LutimModel::Lutim->count('WHERE path IS NOT NULL')
-    );
-}
-
-sub webapp {
-    my $c = shift;
-
-    my $headers = Mojo::Headers->new();
-    $headers->add('Content-Type' => 'application/x-web-app-manifest+json');
-    $c->res->content->headers($headers);
-
-    $c->render(
-        template => 'manifest',
-        format   => 'webapp'
-    );
-}
-
-sub modify {
-    my $c     = shift;
-    my $short = $c->param('short');
-    my $token = $c->param('token');
-    my $url   = $c->param('url');
-
-    my @images = LutimModel::Lutim->select('WHERE short = ? AND path IS NOT NULL', $short);
-    if (scalar(@images)) {
-        my $image = $images[0];
-        my $msg;
-        if ($image->mod_token() ne $token || $token eq '') {
-            $msg = $c->l('invalid_token');
-        } else {
-            $c->app->log->info('[MODIFICATION] someone modify '.$image->filename.' with token method (path: '.$image->path.')');
-
-            $image->update(
-                delete_at_day        => ($c->param('delete-day') && $c->param('delete-day') <= $c->max_delay) ? $c->param('delete-day') : $c->max_delay,
-                delete_at_first_view => ($c->param('first-view')) ? 1 : 0,
-            );
-            $msg = $c->l('image_delay_modified');
-            if (defined($c->param('format')) && $c->param('format') eq 'json') {
-                return $c->render(
-                    json => {
-                        success => Mojo::JSON->true,
-                        msg     => $msg
-                    }
-                );
-            } else {
-                $msg .= ' (<a href="'.$url.'">'.$url.'</a>)' unless (!defined($url));
-                $c->flash(
-                    success => $msg
-                );
-                return $c->redirect_to('/');
-            }
-        }
-
-        if (defined($c->param('format')) && $c->param('format') eq 'json') {
-            return $c->render(
-                json => {
-                    success => Mojo::JSON->false,
-                    msg     => $msg
-                }
-            );
-        } else {
-            $c->flash(
-                msg => $msg
-            );
-            return $c->redirect_to('/');
-        }
-    } else {
-        $c->app->log->info('[UNSUCCESSFUL] someone tried to modify '.$short.' but it does\'nt exist.');
-
-        # Image never existed
-        my $msg = $c->l('image_mod_not_found', $short);
-        if (defined($c->param('format')) && $c->param('format') eq 'json') {
-            return $c->render(
-                json => {
-                    success => Mojo::JSON->false,
-                    msg     => $msg
-                }
-            );
-        } else {
-            $c->flash(
-                msg => $msg
-            );
-            return $c->redirect_to('/');
-        }
-    }
-}
-
-sub delete {
-    my $c     = shift;
-    my $short = $c->param('short');
-    my $token = $c->param('token');
-
-    my @images = LutimModel::Lutim->select('WHERE short = ? AND path IS NOT NULL', $short);
-    if (scalar(@images)) {
-        my $image = $images[0];
-        my $msg;
-        if ($image->mod_token() ne $token || $token eq '') {
-            $msg = $c->l('invalid_token');
-        } elsif ($image->enabled() == 0) {
-            $msg = $c->l('already_deleted', $image->filename);
-        } else {
-            $c->app->log->info('[DELETION] someone made '.$image->filename.' removed with token method (path: '.$image->path.')');
-
-            $c->delete_image($image);
-            $c->flash(
-                success => $c->l('image_deleted', $image->filename)
-            );
-            return $c->redirect_to('/');
-        }
-
-        $c->flash(
-            msg => $msg
-        );
-        return $c->redirect_to('/');
-    } else {
-        $c->app->log->info('[UNSUCCESSFUL] someone tried to delete '.$short.' but it does\'nt exist.');
-
-        # Image never existed
-        $c->render_not_found;
-    }
-}
-
-sub add {
-    my $c        = shift;
-    my $upload   = $c->param('file');
-    my $file_url = $c->param('lutim-file-url');
-
-    if(!defined($c->stash('stop_upload'))) {
-        if (defined($file_url) && $file_url) {
-            if (is_http_uri($file_url) || is_https_uri($file_url)) {
-                # Anti-flood protection
-                my $ip = $c->ip(1);
-                while (defined($c->app->{wait_for_it}->{$ip}) && (time - $c->app->{wait_for_it}->{$ip}) <= $c->config->{anti_flood_delay} ) {
-                    sleep($c->config->{anti_flood_delay});
-                }
-                my $ua = Mojo::UserAgent->new;
-                my $tx = $ua->get($file_url => {DNT => 1});
-                if (my $res = $tx->success) {
-                    $file_url    = url_unescape $file_url;
-                    $file_url    =~ m#^.*/([^/]*)$#;
-                    my $filename = $1;
-                    $filename    = 'uploaded.image' unless (defined($filename));
-                    $filename   .= '.image' if (index($filename, '.') == -1);
-                    $upload      = Mojo::Upload->new(
-                        asset    => $res->content->asset,
-                        filename => $filename
-                    );
-                    $c->app->{wait_for_it}->{$ip} = time;
-                } elsif ($tx->res->is_limit_exceeded) {
-                    my $msg = $c->l('file_too_big', $tx->res->max_message_size);
-                    if (defined($c->param('format')) && $c->param('format') eq 'json') {
-                        return $c->render(
-                            json => {
-                                success => Mojo::JSON->false,
-                                msg     => {
-                                    filename => $file_url,
-                                    msg      => $msg
-                                }
-                            }
-                        );
-                    } else {
-                        $c->flash(msg      => $msg);
-                        $c->flash(filename => $upload->filename);
-                        return $c->redirect_to('/');
-                    }
-                } else {
-                    my $msg = $c->l('download_error');
-                    $c->app->log->warn('[DOWNLOAD ERROR]'.$c->dumper($tx->error));
-                    if (defined($c->param('format')) && $c->param('format') eq 'json') {
-                        return $c->render(
-                            json => {
-                                success => Mojo::JSON->false,
-                                msg     => {
-                                    filename => $file_url,
-                                    msg      => $msg
-                                }
-                            }
-                        );
-                    } else {
-                        $c->flash(msg      => $msg);
-                        $c->flash(filename => $file_url);
-                        return $c->redirect_to('/');
-                    }
-                }
-            } else {
-                my $msg = $c->l('no_valid_url');
-                if (defined($c->param('format')) && $c->param('format') eq 'json') {
-                    return $c->render(
-                        json => {
-                            success => Mojo::JSON->false,
-                            msg     => {
-                                filename => $file_url,
-                                msg      => $msg
-                            }
-                        }
-                    );
-                } else {
-                    $c->flash(msg      => $msg);
-                    $c->flash(filename => $file_url);
-                    return $c->redirect_to('/');
-                }
-            }
-        }
-
-        my $ft = File::Type->new();
-        my $mediatype = $ft->mime_type($upload->slurp());
-
-        my $ip = $c->ip;
-
-        my ($msg, $short, $real_short, $token, $thumb);
-        # Check file type
-        if (index($mediatype, 'image/') >= 0) {
-            # Create directory if needed
-            mkdir('files', 0700) unless (-d 'files');
-
-            if ($c->req->is_limit_exceeded) {
-                $msg = $c->l('file_too_big', $c->req->max_message_size);
-                if (defined($c->param('format')) && $c->param('format') eq 'json') {
-                    return $c->render(
-                        json => {
-                            success => Mojo::JSON->false,
-                            msg     => $msg
-                        }
-                    );
-                } else {
-                    $c->flash(msg      => $msg);
-                    $c->flash(filename => $upload->filename);
-                    return $c->redirect_to('/');
-                }
-            }
-            if(LutimModel->begin) {
-                my @records = LutimModel::Lutim->select('WHERE path IS NULL LIMIT 1');
-                if (scalar(@records)) {
-                    # Save file and create record
-                    my $filename = unidecode($upload->filename);
-                    my $ext      = ($filename =~ m/([^.]+)$/)[0];
-                    my $path     = 'files/'.$records[0]->short.'.'.$ext;
-
-                    my ($width, $height);
-                    if ($im_loaded) {
-                        my $im  = Image::Magick->new;
-                        $im->BlobToImage($upload->slurp);
-                        $width  = $im->Get('width');
-                        $height = $im->Get('height');
-                        $im->Resize(geometry=>'x85');
-
-                        $thumb  = 'data:'.$mediatype.';base64,';
-                        $thumb .= b64_encode $im->ImageToBlob();
-                    }
-                    my $key;
-                    if ($c->param('crypt') || $c->config->{always_encrypt}) {
-                        ($upload, $key) = $c->crypt($upload, $filename);
-                    }
-                    $upload->move_to($path);
-                    $records[0]->update(
-                        path                 => $path,
-                        filename             => $filename,
-                        mediatype            => $mediatype,
-                        footprint            => digest_file_hex($path, 'SHA-512'),
-                        enabled              => 1,
-                        delete_at_day        => ($c->param('delete-day') && $c->param('delete-day') <= $c->max_delay) ? $c->param('delete-day') : $c->max_delay,
-                        delete_at_first_view => ($c->param('first-view')) ? 1 : 0,
-                        created_at           => time(),
-                        created_by           => $ip,
-                        width                => $width,
-                        height               => $height
-                    );
-
-                    # Log image creation
-                    $c->app->log->info('[CREATION] '.$ip.' pushed '.$filename.' (path: '.$path.')');
-
-                    # Give url to user
-                    $short      = $records[0]->short;
-                    $real_short = $short;
-                    if (!defined($records[0]->mod_token)) {
-                        $records[0]->update(
-                            mod_token => $c->shortener($c->config->{token_length})
-                        );
-                    }
-                    $token      = $records[0]->mod_token;
-                    $short     .= '/'.$key if (defined($key));
-                } else {
-                    # Houston, we have a problem
-                    $msg = $c->l('no_more_short', $c->config->{contact});
-                }
-            }
-            LutimModel->commit;
-        } else {
-            $msg = $c->l('no_valid_file', $upload->filename);
-        }
-
-        if (defined($c->param('format')) && $c->param('format') eq 'json') {
-            if (defined($short)) {
-                $msg = {
-                    filename   => $upload->filename,
-                    short      => $short,
-                    real_short => $real_short,
-                    token      => $token,
-                    thumb      => $thumb
-                };
-            } else {
-                $msg = {
-                    filename => $upload->filename,
-                    msg      => $msg
-                };
-            }
-            return $c->render(
-                json => {
-                    success => (defined($short)) ? Mojo::JSON->true : Mojo::JSON->false,
-                    msg     => $msg
-                }
-            );
-        } else {
-            if ((defined($msg))) {
-                $c->flash(msg      => $msg);
-                $c->flash(filename => $upload->filename);
-                return $c->redirect_to('/');
-            } else {
-                $c->stash(short      => $short) if (defined($short));
-                $c->stash(real_short => $real_short);
-                $c->stash(token      => $token);
-                $c->stash(thumb      => $thumb);
-                $c->stash(filename   => $upload->filename);
-                return $c->render(
-                    template      => 'index',
-                    max_file_size => $c->req->max_message_size
-                );
-            }
-        }
-    } else {
-        if (defined($c->param('format')) && $c->param('format') eq 'json') {
-            return $c->render(
-                json => {
-                    success => Mojo::JSON->false,
-                    msg     => {
-                        filename => $upload->filename,
-                        msg      => $c->stash('stop_upload')
-                    }
-                }
-            );
-        } else {
-            $c->flash(msg      => $c->stash('stop_upload'));
-            $c->flash(filename => $upload->filename);
-            return $c->redirect_to('/');
-        }
-    }
-}
-
-sub short {
-    my $c     = shift;
-    my $short = $c->param('short');
-    my $touit = $c->param('t');
-    my $key   = $c->param('key');
-    my $dl    = (defined($c->param('dl'))) ? 'attachment' : 'inline';
-
-    my @images = LutimModel::Lutim->select('WHERE short = ? AND ENABLED = 1 AND path IS NOT NULL', $short);
-
-    if (scalar(@images)) {
-        if($images[0]->delete_at_day && $images[0]->created_at + $images[0]->delete_at_day * 86400 <= time()) {
-            # Log deletion
-            $c->app->log->info('[DELETION] someone tried to view '.$images[0]->filename.' but it has been removed by expiration (path: '.$images[0]->path.')');
-
-            # Delete image
-            $c->delete_image($images[0]);
-
-            # Warn user
-            $c->flash(
-                msg => $c->l('image_not_found')
-            );
-            return $c->redirect_to('/');
-        }
-
-        my $test;
-        if (defined($touit)) {
-            $test = 1;
-            my $short  = $images[0]->short;
-               $short .= '/'.$key if (defined($key));
-            my ($width, $height) = (340,340);
-            if ($images[0]->mediatype eq 'image/gif') {
-                if (defined($images[0]->width) && defined($images[0]->height)) {
-                    ($width, $height) = ($images[0]->width, $images[0]->height);
-                } elsif ($im_loaded) {
-                    my $upload = $c->decrypt($key, $images[0]->path);
-                    my $im     = Image::Magick->new;
-                    $im->BlobToImage($upload->slurp);
-                    $width     = $im->Get('width');
-                    $height    = $im->Get('height');
-
-                    $images[0]->update(
-                        width  => $width,
-                        height => $height
-                    );
-                }
-            }
-            return $c->render(
-                template => 'twitter',
-                layout   => undef,
-                short    => $short,
-                filename => $images[0]->filename,
-                mimetype => ($c->req->url->to_abs()->scheme eq 'https') ? $images[0]->mediatype : '',
-                width    => $width,
-                height   => $height
-            );
-        } else {
-            # Delete image if needed
-            if ($images[0]->delete_at_first_view && $images[0]->counter >= 1) {
-                # Log deletion
-                $c->app->log->info('[DELETION] someone made '.$images[0]->filename.' removed (path: '.$images[0]->path.')');
-
-                # Delete image
-                $c->delete_image($images[0]);
-
-                $c->flash(
-                    msg => $c->l('image_not_found')
-                );
-                return $c->redirect_to('/');
-            } else {
-                my $expires = ($images[0]->delete_at_day) ? $images[0]->delete_at_day : 360;
-                my $dt = DateTime->from_epoch( epoch => $expires * 86400 + $images[0]->created_at);
-                $dt->set_time_zone('GMT');
-                $expires = $dt->strftime("%a, %d %b %Y %H:%M:%S GMT");
-
-                $test = $c->render_file($images[0]->filename, $images[0]->path, $images[0]->mediatype, $dl, $expires, $images[0]->delete_at_first_view, $key);
-            }
-        }
-
-        if ($test != 500) {
-            # Update counter
-            $c->on(finish => sub {
-                # Log access
-                $c->app->log->info('[VIEW] someone viewed '.$images[0]->filename.' (path: '.$images[0]->path.')');
-
-                # Update record
-                my $counter = $images[0]->counter + 1;
-                $images[0]->update(counter => $counter);
-
-                $images[0]->update(last_access_at => time());
-
-                # Delete image if needed
-                if ($images[0]->delete_at_first_view) {
-                    # Log deletion
-                    $c->app->log->info('[DELETION] someone made '.$images[0]->filename.' removed (path: '.$images[0]->path.')');
-
-                    # Delete image
-                    $c->delete_image($images[0]);
-                }
-            });
-        }
-    } else {
-        @images = LutimModel::Lutim->select('WHERE short = ? AND ENABLED = 0 AND path IS NOT NULL', $short);
-
-        if (scalar(@images)) {
-            # Log access try
-            $c->app->log->info('[NOT FOUND] someone tried to view '.$short.' but it does\'nt exist anymore.');
-
-            # Warn user
-            $c->flash(
-                msg => $c->l('image_not_found')
-            );
-            return $c->redirect_to('/');
-        } else {
-            # Image never existed
-            $c->render_not_found;
-        }
-    }
-}
-
-1;

lib/Lutim/Controller/Authent.pm

@@ -0,0 +1,76 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::Controller::Authent;
+use Mojo::Base 'Mojolicious::Controller';
+
+sub index {
+    my $c = shift;
+    if ($c->is_user_authenticated) {
+        $c->redirect_to('index');
+    } else {
+        $c->render(template => 'login');
+    }
+}
+
+sub login {
+    my $c     = shift;
+    my $login = $c->param('login');
+    my $pwd   = $c->param('password');
+    my $ref   = $c->req->headers->referrer;
+
+    if($c->authenticate($login, $pwd)) {
+        $c->respond_to(
+            json => sub {
+                my $c = shift;
+                $c->render(
+                    json => {
+                        success => Mojo::JSON->true,
+                        msg     => $c->l('You have been successfully logged in.')
+                    }
+                );
+            },
+            any => sub {
+                $c->redirect_to($ref);
+            }
+        );
+    } else {
+        my $msg = $c->l('Please, check your credentials: unable to authenticate.');
+        $c->respond_to(
+            json => sub {
+                my $c = shift;
+                $c->render(
+                    json => {
+                        success => Mojo::JSON->false,
+                        msg     => $msg
+                    }
+                );
+            },
+            any => sub {
+                $c->stash(msg => $msg);
+                $c->render(template => 'login')
+            }
+        );
+    }
+}
+
+sub log_out {
+    my $c = shift;
+    if ($c->is_user_authenticated) {
+        $c->logout;
+    }
+    $c->respond_to(
+        json => sub {
+            my $c = shift;
+            $c->render(
+                json => {
+                    success => Mojo::JSON->true,
+                    msg     => $c->l('You have been successfully logged out.')
+                }
+            );
+        },
+        any => sub {
+            $c->render(template => 'logout');
+        }
+    );
+}
+
+1;

lib/Lutim/Controller/Image.pm

@@ -0,0 +1,864 @@
+# vim:set sw=4 ts=4 sts=4 expandtab:
+package Lutim::Controller::Image;
+use Mojo::Asset::Memory;
+use Mojo::Base 'Mojolicious::Controller';
+use Mojo::File qw(path);
+use Mojo::Util qw(url_escape url_unescape b64_encode encode);
+use Mojo::JSON qw(true false);
+use Lutim::DB::Image;
+use DateTime;
+use Digest::file qw(digest_file_hex);
+use Text::Unidecode;
+use Data::Validate::URI qw(is_http_uri is_https_uri);
+use File::MimeInfo::Magic qw(mimetype extensions);
+use IO::Scalar;
+use Image::ExifTool;
+use Archive::Zip qw( :ERROR_CODES :CONSTANTS );
+use Data::Entropy qw(entropy_source);
+
+use vars qw($im_loaded);
+BEGIN {
+    eval "use Image::Magick";
+    if ($@) {
+        warn "You don't have Image::Magick installed so you won't have thumbnails.";
+        $im_loaded = 0;
+    } else {
+        $im_loaded = 1;
+    }
+}
+
+sub home {
+    my $c = shift;
+
+    $c->render(
+        template      => 'index',
+        max_file_size => $c->req->max_message_size
+    );
+
+
+    $c->on(finish => sub {
+            my $c = shift;
+            $c->app->log->info('[HIT] someone visited site index') unless $c->config('quiet_logs');
+        }
+    );
+}
+
+sub about {
+    shift->render(template => 'about');
+}
+
+sub change_lang {
+    my $c = shift;
+    my $l = $c->param('l');
+
+    $c->cookie(lutim_lang => $l, { path => $c->config('prefix') });
+
+    if ($c->req->headers->referrer) {
+        return $c->redirect_to($c->req->headers->referrer);
+    } else {
+        return $c->redirect_to('/');
+    }
+}
+
+sub stats {
+    my $c = shift;
+
+    my $img = Lutim::DB::Image->new(app => $c);
+    $c->render(
+        template => 'stats',
+        total    =>  $img->count_not_empty
+    );
+}
+
+sub infos {
+    my $c = shift;
+
+    $c->render(
+        json => {
+            broadcast_message => $c->config('broadcast_message'),
+            image_magick      => ($im_loaded) ? true : false,
+            contact           => $c->config('contact'),
+            max_file_size     => $c->config('max_file_size'),
+            default_delay     => $c->config('default_delay'),
+            max_delay         => $c->config('max_delay'),
+            always_encrypt    => ($c->config('always_encrypt')) ? true : false,
+            upload_enabled    => ($c->app->stop_upload()) ? false : true,
+        }
+    );
+}
+
+sub about_img {
+    my $c     = shift;
+    my $short = $c->param('short');
+
+    my $image = Lutim::DB::Image->new(app => $c->app, short => $short);
+    if ($image->enabled && $image->path) {
+        return $c->render(
+            json => {
+                success => true,
+                data    => {
+                    width  => $image->width,
+                    height => $image->height,
+                }
+            }
+        );
+    } else {
+        return $c->render(
+            json => {
+                success => false,
+                msg     => $c->l('Unable to find the image %1.', $short)
+            }
+        );
+    }
+}
+
+sub webapp {
+    my $c = shift;
+
+    my $headers = Mojo::Headers->new();
+    $headers->add('Content-Type' => 'application/x-web-app-manifest+json');
+    $c->res->content->headers($headers);
+
+    $c->render(
+        template => 'manifest',
+        format   => 'webapp'
+    );
+}
+
+sub get_counter {
+    my $c     = shift;
+    my $short = $c->param('short');
+    my $token = $c->param('token');
+
+    my $img = Lutim::DB::Image->new(app => $c->app, short => $short);
+    if (defined($img->mod_token) && $img->mod_token eq $token) {
+        return $c->render(
+            json => {
+                success => true,
+                counter => $img->counter,
+                enabled => ($img->enabled) ? true : false
+            }
+        );
+    }
+    $c->render(
+        json => {
+            success => false,
+            msg     => $c->l('Unable to get counter')
+        }
+    );
+}
+
+sub modify {
+    my $c     = shift;
+    my $short = $c->param('short');
+    my $token = $c->param('token');
+    my $url   = $c->param('url');
+
+    my $image = Lutim::DB::Image->new(app => $c->app, short => $short);
+    if ($image->path) {
+        my $msg;
+        if ($image->mod_token ne $token || $token eq '') {
+            $msg = $c->l('The delete token is invalid.');
+        } else {
+            $c->app->log->info('[MODIFICATION] someone modify '.$image->filename.' with token method (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+            $image->delete_at_day(($c->param('delete-day') && ($c->param('delete-day') <= $c->max_delay || $c->max_delay == 0)) ? $c->param('delete-day') : $c->max_delay);
+            $image->delete_at_first_view(($c->param('first-view')) ? 1 : 0);
+            $image->write;
+
+            $msg = $c->l('The image’s delay has been successfully modified');
+            if (defined($c->param('format')) && $c->param('format') eq 'json') {
+                return $c->render(
+                    json => {
+                        success => Mojo::JSON->true,
+                        msg     => $msg
+                    }
+                );
+            } else {
+                $msg .= ' (<a href="'.$url.'">'.$url.'</a>)' unless (!defined($url));
+                $c->flash(
+                    success => $msg
+                );
+                return $c->redirect_to('/');
+            }
+        }
+
+        if (defined($c->param('format')) && $c->param('format') eq 'json') {
+            return $c->render(
+                json => {
+                    success => Mojo::JSON->false,
+                    msg     => $msg
+                }
+            );
+        } else {
+            $c->flash(
+                msg => $msg
+            );
+            return $c->redirect_to('/');
+        }
+    } else {
+        $c->app->log->info('[UNSUCCESSFUL] someone tried to modify '.$short.' but it doesn’t exist.') unless $c->config('quiet_logs');
+
+        # Image never existed
+        my $msg = $c->l('Unable to find the image %1.', $short);
+        if (defined($c->param('format')) && $c->param('format') eq 'json') {
+            return $c->render(
+                json => {
+                    success => Mojo::JSON->false,
+                    msg     => $msg
+                }
+            );
+        } else {
+            $c->flash(
+                msg => $msg
+            );
+            return $c->redirect_to('/');
+        }
+    }
+}
+
+sub delete {
+    my $c     = shift;
+    my $short = $c->param('short');
+    my $token = $c->param('token');
+
+    my $image = Lutim::DB::Image->new(app => $c->app, short => $short);
+    if ($image->path) {
+        my $msg;
+        if ($image->mod_token ne $token || $token eq '') {
+            $msg = $c->l('The delete token is invalid.');
+        } elsif ($image->enabled() == 0) {
+            $msg = $c->l('The image %1 has already been deleted.', $image->filename);
+        } else {
+            $c->app->log->info('[DELETION] someone made '.$image->filename.' removed with token method (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+            $c->delete_image($image);
+            return $c->respond_to(
+                json => {
+                    json => {
+                        success => true,
+                        msg     => $c->l('The image %1 has been successfully deleted', $image->filename)
+                    }
+                },
+                any => sub {
+                    $c->flash(
+                        success => $c->l('The image %1 has been successfully deleted', $image->filename)
+                    );
+                    return $c->redirect_to('/');
+                }
+            );
+        }
+
+        return $c->respond_to(
+            json => {
+                json => {
+                    success => false,
+                    msg     => $msg
+                }
+            },
+            any => sub {
+                $c->flash(
+                    msg => $msg
+                );
+                return $c->redirect_to('/');
+            }
+        );
+    } else {
+        $c->app->log->info('[UNSUCCESSFUL] someone tried to delete '.$short.' but it doesn’t exist.') unless $c->config('quiet_logs');
+
+        # Image never existed
+        return $c->respond_to(
+            json => {
+                json => {
+                    success => false,
+                    msg     => $c->l('Unable to find the image %1.', $short)
+                }
+            },
+            any => sub {
+                $c->helpers->reply->not_found;
+            }
+        );
+    }
+}
+
+sub add {
+    my $c         = shift;
+    my $upload    = $c->param('file');
+    my $file_url  = $c->param('lutim-file-url');
+    my $keep_exif = $c->param('keep-exif');
+    my $wm        = $c->param('watermark');
+
+    if ($c->config('disable_api')) {
+        my $unauthorized_api = (!defined($c->req->headers->referrer) || Mojo::URL->new($c->req->headers->referrer)->host ne Mojo::URL->new('https://'.$c->req->headers->host)->host);
+        if ($unauthorized_api) {
+            my $msg = $c->l('Sorry, the API is disabled');
+            $c->app->log->info('Blocked API call for '.$c->ip(1));
+            return $c->respond_to(
+                json => { json => { success => Mojo::JSON->false, msg => $msg } },
+                any  => sub {
+                    shift->render(
+                        template => 'index',
+                        msg      => $msg,
+                    );
+                }
+            );
+        }
+    }
+    if(!defined($c->stash('stop_upload'))) {
+        if (defined($file_url) && $file_url) {
+            if (is_http_uri($file_url) || is_https_uri($file_url)) {
+                # Anti-flood protection
+                my $ip = $c->ip(1);
+                while (defined($c->app->{wait_for_it}->{$ip}) && (time - $c->app->{wait_for_it}->{$ip}) <= $c->config->{anti_flood_delay} ) {
+                    sleep($c->config->{anti_flood_delay});
+                }
+                my $ua = Mojo::UserAgent->new;
+                my $tx = $ua->get($file_url => {DNT => 1});
+                if (my $res = $tx->success) {
+                    $file_url    = url_unescape $file_url;
+                    $file_url    =~ m#^.*/([^/?]*)\??.*$#;
+                    my $filename = $1;
+                    $filename    = 'uploaded.image' unless (defined($filename));
+                    $filename   .= '.image' if (index($filename, '.') == -1);
+                    $upload      = Mojo::Upload->new(
+                        asset    => $res->content->asset,
+                        filename => $filename
+                    );
+                    $c->app->{wait_for_it}->{$ip} = time;
+                } elsif ($tx->res->is_limit_exceeded) {
+                    my $msg = $c->l('The file exceed the size limit (%1)', $tx->res->max_message_size);
+                    if (defined($c->param('format')) && $c->param('format') eq 'json') {
+                        return $c->render(
+                            json => {
+                                success => Mojo::JSON->false,
+                                msg     => {
+                                    filename => $file_url,
+                                    msg      => $msg
+                                }
+                            }
+                        );
+                    } else {
+                        $c->flash(msg      => $msg);
+                        $c->flash(filename => $upload->filename);
+                        return $c->redirect_to('/');
+                    }
+                } else {
+                    my $msg = $c->l('An error occured while downloading the image.');
+                    $c->app->log->warn('[DOWNLOAD ERROR]'.$c->dumper($tx->error));
+                    if (defined($c->param('format')) && $c->param('format') eq 'json') {
+                        return $c->render(
+                            json => {
+                                success => Mojo::JSON->false,
+                                msg     => {
+                                    filename => $file_url,
+                                    msg      => $msg
+                                }
+                            }
+                        );
+                    } else {
+                        $c->flash(msg      => $msg);
+                        $c->flash(filename => $file_url);
+                        return $c->redirect_to('/');
+                    }
+                }
+            } else {
+                my $msg = $c->l('The URL is not valid.');
+                if (defined($c->param('format')) && $c->param('format') eq 'json') {
+                    return $c->render(
+                        json => {
+                            success => Mojo::JSON->false,
+                            msg     => {
+                                filename => $file_url,
+                                msg      => $msg
+                            }
+                        }
+                    );
+                } else {
+                    $c->flash(msg      => $msg);
+                    $c->flash(filename => $file_url);
+                    return $c->redirect_to('/');
+                }
+            }
+        }
+
+        my $io_scalar = new IO::Scalar \$upload->slurp();
+        my $mediatype = mimetype($io_scalar);
+
+        my ($ext) = ($upload->filename =~ m/.*\.(.*)$/);
+
+        my $ip = $c->ip;
+
+        my ($msg, $short, $real_short, $token, $thumb, $limit, $created);
+        # Check file type
+        if (index($mediatype, 'image/') >= 0) {
+            if ($c->req->is_limit_exceeded) {
+                $msg = $c->l('The file exceed the size limit (%1)', $c->req->max_message_size);
+                if (defined($c->param('format')) && $c->param('format') eq 'json') {
+                    return $c->render(
+                        json => {
+                            success => Mojo::JSON->false,
+                            msg     => $msg
+                        }
+                    );
+                } else {
+                    $c->flash(msg      => $msg);
+                    $c->flash(filename => $upload->filename);
+                    return $c->redirect_to('/');
+                }
+            }
+            my $record  = Lutim::DB::Image->new(app => $c->app)->select_empty;
+            if ($record->short) {
+                # Save file and create record
+                my $filename = unidecode($upload->filename);
+                my $ext      = ($filename =~ m/([^.]+)$/)[0];
+                my $path     = path($c->config('upload_dir'), $record->short.'.'.$ext)->to_string;
+
+                my ($width, $height);
+                if ($im_loaded && $mediatype ne 'image/svg+xml' # ImageMagick doesn't work with SVG, xcf or avif files
+                               && $mediatype !~ m#image/(x-)?xcf#
+                               && $mediatype ne 'image/avif') {
+                    my $im  = Image::Magick->new;
+                    $im->BlobToImage($upload->slurp);
+
+                    # Automatic rotation from EXIF tag
+                    $im->AutoOrient();
+
+                    # Get dimensions
+                    $width  = $im->Get('width');
+                    $height = $im->Get('height');
+
+                    # Optionally add watermark
+                    if ($c->config('watermark_path') && (
+                            ($wm && $wm ne 'none') ||
+                            $c->config('watermark_enforce') ne 'none'
+                        )) {
+                        my $watermarkim = Image::Magick->new;
+                        $watermarkim->ReadImage($c->config('watermark_path'));
+                        $watermarkim->Evaluate(
+                            operator => 'Multiply',
+                            value    => 0.25,
+                            channel  => 'Alpha'
+                        );
+                        if ($height <= 80) {
+                            $watermarkim->Resize(geometry => 'x10');
+                        } else {
+                            $watermarkim->Resize(geometry => 'x80');
+                        }
+
+                        # Add one watermark or repeat it all over the image?
+                        my $tilingw = 1 if ($c->config('watermark_enforce') eq 'tiling' || $wm eq 'tiling');
+                        my $singlew = 1 if ($c->config('watermark_enforce') eq 'single' || $wm eq 'single');
+                        if ($tilingw) {
+                            $im->Composite(
+                                image   => $watermarkim,
+                                compose => 'Dissolve',
+                                tile    => 'True',
+                                gravity => 'Center'
+                            );
+                        } elsif ($singlew) {
+                            $im->Composite(
+                                image   => $watermarkim,
+                                compose => 'Dissolve',
+                                tile    => 'False',
+                                x       => '20',
+                                y       => '20',
+                                gravity => $c->config('watermark_placement')
+                            );
+                        }
+                    }
+
+                    # Update the uploaded file with it's auto-rotated/watermarked clone
+                    my $asset = Mojo::Asset::Memory->new->add_chunk($im->ImageToBlob());
+                    $upload->asset($asset);
+
+                    # Create the thumbnail
+                    $im->Resize(geometry => 'x85');
+
+                    $thumb  = 'data:'.$mediatype.';base64,';
+                    if ($mediatype eq 'image/gif') {
+                        $thumb .= b64_encode $im->[0]->ImageToBlob();
+                    } else {
+                        $thumb .= b64_encode $im->ImageToBlob();
+                    }
+
+                }
+
+                unless (defined($keep_exif) && $keep_exif) {
+                    # Exiftool can’t process SVG or xcf files
+                    if ($mediatype ne 'image/svg+xml'
+                        && $mediatype !~ m#image/(x-)?xcf#) {
+                        # Remove the EXIF tags
+                        my $data = new IO::Scalar \$upload->slurp();
+                        my $et   = Image::ExifTool->new;
+
+                        # Remove all metadata
+                        $et->SetNewValue('*');
+
+                        # Create a temporary IO::Scalar to write into
+                        my $temp;
+                        my $a = new IO::Scalar \$temp;
+                        $et->WriteInfo($data, $a);
+
+                        # Update the uploaded file with it's no-tags clone
+                        $data = Mojo::Asset::Memory->new->add_chunk($temp);
+                        $upload->asset($data);
+                    }
+                }
+
+                my ($key, $iv);
+                if ($c->param('crypt') || $c->config('always_encrypt')) {
+                    ($upload, $key, $iv) = $c->crypt($upload, $filename);
+                }
+                $upload->move_to($path);
+
+                $record->path($path)
+                       ->filename($filename)
+                       ->mediatype($mediatype)
+                       ->footprint(digest_file_hex($path, 'SHA-512'))
+                       ->enabled(1)
+                       ->delete_at_day(($c->param('delete-day') && ($c->param('delete-day') <= $c->max_delay || $c->max_delay == 0)) ? $c->param('delete-day') : $c->max_delay)
+                       ->delete_at_first_view(($c->param('first-view'))? 1 : 0)
+                       ->created_at(time())
+                       ->created_by($ip)
+                       ->width($width)
+                       ->height($height)
+                       ->iv($iv)
+                       ->write;
+
+                # Log image creation
+                $c->app->log->info('[CREATION] '.$ip.' pushed '.$filename.' (path: '.$path.')') unless $c->config('quiet_logs');
+
+                # Give url to user
+                $short      = $record->short;
+                $real_short = $short;
+                if (!defined($record->mod_token)) {
+                    $record->mod_token($c->shortener($c->config->{token_length}))->write;
+                }
+                $token      = $record->mod_token;
+                $short     .= '/'.$key if (defined($key));
+
+                $limit   = $record->delete_at_day;
+                $created = $record->created_at;
+            } else {
+                # Houston, we have a problem
+                $msg = $c->l('There is no more available URL. Retry or contact the administrator. %1', $c->config->{contact});
+            }
+        } else {
+            $msg = $c->l('The file %1 is not an image.', $upload->filename);
+        }
+
+        if (defined($c->param('format')) && $c->param('format') eq 'json') {
+            if (defined($short)) {
+                $msg = {
+                    filename    => $upload->filename,
+                    short       => $short,
+                    real_short  => $real_short,
+                    token       => $token,
+                    ext         => $ext || extensions($mediatype),
+                    thumb       => $thumb,
+                    del_at_view => ($c->param('first-view')) ? true : false,
+                    limit       => $limit,
+                    created_at  => $created
+                };
+            } else {
+                $msg = {
+                    filename => $upload->filename,
+                    msg      => $msg
+                };
+            }
+            return $c->render(
+                json => {
+                    success => (defined($short)) ? Mojo::JSON->true : Mojo::JSON->false,
+                    msg     => $msg
+                }
+            );
+        } else {
+            if ((defined($msg))) {
+                $c->flash(msg      => $msg);
+                $c->flash(filename => $upload->filename);
+                return $c->redirect_to('/');
+            } else {
+                $c->stash(short      => $short) if (defined($short));
+                $c->stash(real_short => $real_short);
+                $c->stash(token      => $token);
+                $c->stash(ext        => $ext || extensions($mediatype));
+                $c->stash(thumb      => $thumb);
+                $c->stash(filename   => $upload->filename);
+                return $c->render(
+                    template      => 'index',
+                    max_file_size => $c->req->max_message_size
+                );
+            }
+        }
+    } else {
+        if (defined($c->param('format')) && $c->param('format') eq 'json') {
+            return $c->render(
+                json => {
+                    success => Mojo::JSON->false,
+                    msg     => {
+                        filename => $upload->filename,
+                        msg      => $c->stash('stop_upload')
+                    }
+                }
+            );
+        } else {
+            $c->flash(msg      => $c->stash('stop_upload'));
+            $c->flash(filename => $upload->filename);
+            return $c->redirect_to('/');
+        }
+    }
+}
+
+sub short {
+    my $c     = shift;
+    my $short = $c->param('short');
+    my $touit = $c->param('t');
+    my $key   = $c->param('key');
+    my $thumb;
+       $thumb = '' if defined $c->param('thumb');
+       $thumb = $c->param('width') if defined $c->param('width');
+    my $dl    = (defined($c->param('dl'))) ? 'attachment' : 'inline';
+
+    my $image = Lutim::DB::Image->new(app => $c->app, short => $short);
+    if ($image->enabled && $image->path) {
+        if($image->delete_at_day && $image->created_at + $image->delete_at_day * 86400 <= time()) {
+            # Log deletion
+            $c->app->log->info('[DELETION] someone tried to view '.$image->filename.' but it has been removed by expiration (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+            # Delete image
+            $c->delete_image($image);
+
+            # Warn user
+            $c->flash(
+                msg => $c->l('Unable to find the image: it has been deleted.')
+            );
+            return $c->redirect_to('/');
+        }
+
+        my $test;
+        if (defined($touit) && $image->mediatype !~ m/svg/) {
+            $test = 1;
+            my $short  = $image->short;
+               $short .= '/'.$key if (defined($key));
+            my ($width, $height) = (340,340);
+            if ($image->mediatype eq 'image/gif') {
+                if (defined($image->width) && defined($image->height)) {
+                    ($width, $height) = ($image->width, $image->height);
+                } elsif ($im_loaded && $image->mediatype !~ m/xcf|avif/) {
+                    my $upload = $c->decrypt($key, $image->path, $image->iv);
+                    my $im     = Image::Magick->new;
+                    $im->BlobToImage($upload->slurp);
+                    $width     = $im->Get('width');
+                    $height    = $im->Get('height');
+
+                    $image->width($width)
+                          ->height($height)
+                          ->write;
+                }
+            }
+            return $c->render(
+                template => 'share',
+                layout   => undef,
+                short    => $short,
+                filename => $image->filename,
+                mimetype => $image->mediatype,
+                width    => $width,
+                height   => $height
+            );
+        } else {
+            # Delete image if needed
+            if ($image->delete_at_first_view && $image->counter >= 1) {
+                # Log deletion
+                $c->app->log->info('[DELETION] someone made '.$image->filename.' removed (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+                # Delete image
+                $c->delete_image($image);
+
+                $c->flash(
+                    msg => $c->l('Unable to find the image: it has been deleted.')
+                );
+                return $c->redirect_to('/');
+            } else {
+                $test = $c->render_file($im_loaded, $image, $dl, $key, $thumb);
+            }
+        }
+
+        if ($test != 500) {
+            # Update counter
+            $c->on(finish => sub {
+                # Log access
+                $c->app->log->info('[VIEW] someone viewed '.$image->filename.' (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+                # Update record
+                unless ($c->config('disable_img_stats')) {
+                    if ($c->config('minion')->{enabled}) {
+                        $c->app->minion->enqueue(accessed => [$image->short, time]);
+                    } else {
+                        $image->accessed(time);
+                    }
+                }
+
+                # Delete image if needed
+                if ($image->delete_at_first_view) {
+                    # Log deletion
+                    $c->app->log->info('[DELETION] someone made '.$image->filename.' removed (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+                    # Delete image
+                    $c->delete_image($image);
+                }
+            });
+        } else {
+            $c->app->log->error('[ERROR] Can’t render '.$image->short);
+        }
+    } elsif ($image->path && !$image->enabled) {
+        # Log access try
+        $c->app->log->info('[NOT FOUND] someone tried to view '.$short.' but it doesn’t exist anymore.') unless $c->config('quiet_logs');
+
+        # Warn user
+        $c->flash(
+            msg => $c->l('Unable to find the image: it has been deleted.')
+        );
+        return $c->redirect_to('/');
+    } else {
+        # Image never existed
+        $c->helpers->reply->not_found;
+    }
+}
+
+sub zip {
+    my $c     = shift;
+    my $imgs  = $c->every_param('i');
+
+    my $img_nb  = scalar(@{$imgs});
+    my $max_zip = $c->config('max_files_in_zip');
+
+    if ($img_nb <= $max_zip) {
+        my $zip = Archive::Zip->new();
+
+        # We HAVE to add a png file at the beginning, otherwise the $zip
+        # could use the mimetype of an SVG file if it's the first file asked.
+        $zip->addFile('themes/default/public/img/favicon.png', 'hosted_with_lutim.png');
+
+        $zip->addDirectory('images/');
+        for my $img (@{$imgs}) {
+            my ($short, $key) = split('/', $img);
+            if (defined $key) {
+                $key =~ s/\.[^.]*//;
+            } else {
+                $short =~ s/\.[^.]*//;
+            }
+            my $image = Lutim::DB::Image->new(app => $c->app, short => $short);
+
+            if ($image->enabled && $image->path) {
+                my $filename = $image->filename;
+                if($image->delete_at_day && $image->created_at + $image->delete_at_day * 86400 <= time()) {
+                    # Log deletion
+                    $c->app->log->info('[DELETION] someone tried to view '.$image->filename.' but it has been removed by expiration (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+                    # Delete image
+                    $c->delete_image($image);
+
+                    # Warn user
+                    $zip->addString(encode('UTF-8', $c->l('Unable to find the image: it has been deleted.')), 'images/'.$filename.'.txt');
+                    next;
+                }
+
+                # Delete image if needed
+                if ($image->delete_at_first_view && $image->counter >= 1) {
+                    # Log deletion
+                    $c->app->log->info('[DELETION] someone made '.$image->filename.' removed (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+                    # Delete image
+                    $c->delete_image($image);
+
+                    $zip->addString(encode('UTF-8', $c->l('Unable to find the image: it has been deleted.')), 'images/'.$filename.'.txt');
+                    next;
+                } else {
+                    my $expires = ($image->delete_at_day) ? $image->delete_at_day : 360;
+                    my $dt = DateTime->from_epoch( epoch => $expires * 86400 + $image->created_at);
+                    $dt->set_time_zone('GMT');
+                    $expires = $dt->strftime("%a, %d %b %Y %H:%M:%S GMT");
+
+                    my $path = $image->path;
+                    unless ( -f $path && -r $path ) {
+                        $c->app->log->error("Cannot read file [$path]. error [$!]");
+                        $zip->addString(encode('UTF-8', $c->l('Unable to find the image: it has been deleted.')), 'images/'.$filename.'.txt');
+                        next;
+                    }
+
+                    if ($key) {
+                        $zip->addString($c->decrypt($key, $path, $image->iv), "images/$filename");
+                    } else {
+                        $zip->addFile($path, "images/$filename");
+                    }
+
+                    # Log access
+                    $c->app->log->info('[VIEW] someone viewed '.$image->filename.' (path: '.$image->path.')') unless $c->config('quiet_logs');
+
+                    # Update counter and record
+                    unless ($c->config('disable_img_stats')) {
+                        if ($c->config('minion')->{enabled}) {
+                            $c->app->minion->enqueue(accessed => [$image->short, time]);
+                        } else {
+                            $image->accessed(time);
+                        }
+                    }
+                }
+            } elsif ($image->path && !$image->enabled) {
+                # Log access try
+                $c->app->log->info('[NOT FOUND] someone tried to view '.$short.' but it doesn’t exist anymore.') unless $c->config('quiet_logs');
+
+                # Warn user
+                $zip->addString(encode('UTF-8', $c->l('Unable to find the image: it has been deleted.')), 'images/'.$image->filename.'.txt');
+                next;
+            } else {
+                $zip->addString(encode('UTF-8', $c->l('Image not found.')), 'images/'.$short.'.txt');
+                next;
+            }
+        }
+        my ($fh, $zipfile) = Archive::Zip::tempFile();
+        unless ($zip->writeToFileNamed($zipfile) == AZ_OK) {
+            $c->flash(
+                msg => $c->l('Something went wrong when creating the zip file. Try again later or contact the administrator (%1).', $c->config('contact'))
+            );
+            return $c->redirect_to('/');
+        }
+        $c->res->content->headers->content_type('application/zip;name=images.zip');
+        $c->res->content->headers->content_disposition('attachment;filename=images.zip');;
+
+        my $asset = Mojo::Asset::File->new(path => $zipfile);
+        $c->res->content->asset($asset);
+        $c->res->content->headers->content_length($asset->size);
+
+        unlink $zipfile;
+
+        return $c->rendered(200);
+    } else {
+        my $i    = -1;
+        my @urls = ();
+        my @esc_imgs = map { my $e = $_; $e = url_escape($e); $e =~ s#%2F#/#g; $e } @{$imgs};
+        while (++$i < $img_nb) {
+            my $stop = ($i + $max_zip - 1 < $img_nb) ? $i + $max_zip - 1 : $img_nb - 1;
+            push @urls, $c->url_for('/zip')->to_abs->to_string.'?i='.join('&i=', @esc_imgs[$i..$stop]);
+            $i = $stop;
+        }
+        $c->render(
+            template => 'zip',
+            urls     => \@urls
+        );
+    }
+}
+
+sub random {
+    my $c     = shift;
+    my $imgs  = $c->every_param('i');
+
+    my $img_nb  = scalar(@{$imgs});
+    if ($img_nb) {
+        $c->redirect_to($c->prefix.$imgs->[entropy_source->get_int($img_nb)]);
+    } else {
+        $c->render_not_found;
+    }
+}
+
+1;

lib/Lutim/DB/Image.pm

@@ -0,0 +1,364 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::DB::Image;
+use Mojo::Base -base;
+
+has 'short';
+has 'path';
+has 'footprint';
+has 'enabled';
+has 'mediatype';
+has 'filename';
+has 'counter' => 0;
+has 'delete_at_first_view';
+has 'delete_at_day';
+has 'created_at';
+has 'created_by';
+has 'last_access_at';
+has 'mod_token';
+has 'width';
+has 'height';
+has 'iv';
+has 'app';
+
+=head1 NAME
+
+Lutim::DB::Image - DB abstraction layer for Lutim images
+
+=head1 Contributing
+
+When creating a new database accessor, make sure that it provides the following subroutines.
+After that, modify this file and modify the C<new> subroutine to allow to use your accessor.
+
+Have a look at Lutim::DB::Image::SQLite's code: it's simple and may be more understandable that this doc.
+
+=head1 Attributes
+
+=over 1
+
+=item B<short>                : random string
+
+=item B<path>                 : string, path to the image, relative to lutim's installation directory
+
+=item B<footprint>            : string, sha512 checksum of the image
+
+=item B<enabled>              : boolean, is the image accessible?
+
+=item B<mediatype>            : string, mimetype of the image
+
+=item B<filename>             : string
+
+=item B<counter>              : integer
+
+=item B<delete_at_first_view> : boolean
+
+=item B<delete_at_day>        : integer, number of days from image upload to deletion
+
+=item B<created_at>           : unix timestamp
+
+=item B<created_by>           : unix timestamp
+
+=item B<last_access_at>       : unix timestamp
+
+=item B<mod_token>            : random string
+
+=item B<width>                : integer
+
+=item B<height>               : integer
+
+=item B<iv>                   : initialization vector for the file encryption
+
+=item B<app>                  : a mojolicious object
+
+=back
+
+=head1 Sub routines
+
+=head2 new
+
+=over 1
+
+=item B<Usage>     : C<$c = Lutim::DB::Image-E<gt>new(app =E<gt> $self);>
+
+=item B<Arguments> : any of the attribute above
+
+=item B<Purpose>   : construct a new db accessor object. If the C<short> attribute is provided, it have to load the informations from the database.
+
+=item B<Returns>   : the db accessor object
+
+=item B<Info>      : the app argument is used by Lutim::DB::Image to choose which db accessor will be used, you don't need to use it in new(), but you can use it to access helpers or configuration settings in the other subroutines
+
+=back
+
+=cut
+
+sub new {
+    my $c = shift;
+
+    $c = $c->SUPER::new(@_);
+
+    if (ref($c) eq 'Lutim::DB::Image') {
+        my $dbtype = $c->app->config('dbtype');
+        if ($dbtype eq 'sqlite') {
+            use Lutim::DB::Image::SQLite;
+            $c = Lutim::DB::Image::SQLite->new(@_);
+        } elsif ($dbtype eq 'postgresql') {
+            use Lutim::DB::Image::Pg;
+            $c = Lutim::DB::Image::Pg->new(@_);
+        }
+    }
+
+    return $c;
+}
+
+sub to_hash {
+    my $c = shift;
+
+    return {
+        short                => $c->short,
+        path                 => $c->path,
+        footprint            => $c->footprint,
+        enabled              => $c->enabled,
+        mediatype            => $c->mediatype,
+        filename             => $c->filename,
+        counter              => $c->counter,
+        delete_at_first_view => $c->delete_at_first_view,
+        delete_at_day        => $c->delete_at_day,
+        created_at           => $c->created_at,
+        created_by           => $c->created_by,
+        last_access_at       => $c->last_access_at,
+        mod_token            => $c->mod_token,
+        width                => $c->width,
+        height               => $c->height,
+        iv                   => $c->iv
+    };
+}
+
+=head2 accessed
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>accessed($time)>
+
+=item B<Arguments> : an unix timestamp
+
+=item B<Purpose>   : increments the counter attribute by one, set the last_access_at attribute to $time and update the database
+
+=item B<Returns>   : the db accessor object
+
+=back
+
+=head2 count_delete_at_day_endis
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>count_delete_at_day_endis($delete_at_day, $enabled[, $time])>
+
+=item B<Arguments> : two mandatory parameters: one integer, the delete_at_day attribute, a boolean (0 or 1), the enabled attribute
+                     an optional parameter: an unix timestamp
+
+=item B<Purpose>   : count how many images there are with the given delete_at_day attribute, and enabled or disabled, depending on the given enabled attribute
+                     if the optional parameter is given, count only images according to the given mandatory parameters that were created before the timestamp
+
+=item B<Returns>   : integer
+
+=back
+
+=head2 count_created_before
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>count_created_before($time)>
+
+=item B<Arguments> : an unix timestamp
+
+=item B<Purpose>   : count how many images have been created before the given timestamp
+
+=item B<Returns>   : integer
+
+=back
+
+=head2 select_created_after
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>select_created_after($time)>
+
+=item B<Arguments> : an unix timestamp
+
+=item B<Purpose>   : select images created after the given timestamp
+
+=item B<Returns>   : a Mojo::Collection object containing the images created after the given timestamp
+
+=back
+
+=head2 select_empty
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>select_empty>
+
+=item B<Arguments> : none
+
+=item B<Purpose>   : select a ready-to-use empty record
+
+=item B<Returns>   : a db accessor object
+
+=back
+
+=head2 write
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>write>
+
+=item B<Arguments> : none
+
+=item B<Purpose>   : create or update a record in the database, with the values of the object's attributes
+
+=item B<Returns>   : the db accessor object
+
+=back
+
+=head2 count_short
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>count_short($short)>
+
+=item B<Arguments> : a random string, unique image identifier in the database
+
+=item B<Purpose>   : checks that an identifier isn't already used
+
+=item B<Returns>   : integer, number of records having this identifier (should be 0 or 1)
+
+=back
+
+=head2 count_empty
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>count_empty>
+
+=item B<Arguments> : none
+
+=item B<Purpose>   : counts the number of records whose path is null
+
+=item B<Returns>   : integer
+
+=back
+
+=head2 count_not_empty
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>count_not_empty>
+
+=item B<Arguments> : none
+
+=item B<Purpose>   : counts the number of records whose path is not null
+
+=item B<Returns>   : integer
+
+=back
+
+=head2 clean_ips_until
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>clean_ips_until($time)>
+
+=item B<Arguments> : unix timestamp
+
+=item B<Purpose>   : remove the image's sender information on images created before the given timestamp
+
+=item B<Returns>   : the db accessor object
+
+=back
+
+=head2 get_no_longer_viewed_files
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>get_no_longer_viewed_files($time)>
+
+=item B<Arguments> : unix timestamp
+
+=item B<Purpose>   : get images no longer viewed after the given timestamp
+
+=item B<Returns>   : a Mojo::Collection object containing the no longer viewed images as Lutim::DB::Image objects
+
+=back
+
+=head2 get_images_to_clean
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>get_images_to_clean>
+
+=item B<Arguments> : none
+
+=item B<Purpose>   : get images that are expired but not marked as it
+
+=item B<Returns>   : a Mojo::Collection object containing the images to clean as Lutim::DB::Image objects
+
+=back
+
+=head2 get_50_oldest
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>get_50_oldest>
+
+=item B<Arguments> : none
+
+=item B<Purpose>   : get the 50 oldest enabled images
+
+=item B<Returns>   : a Mojo::Collection object containing the 50 oldest enabled images as Lutim::DB::Image objects
+
+=back
+
+=head2 disable
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>disable>
+
+=item B<Arguments> : none
+
+=item B<Purpose>   : change the attribute C<enabled> to false and update the database record
+
+=item B<Returns>   : the db accessor object
+
+=back
+
+=head2 search_created_by
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>search_created_by($ip)>
+
+=item B<Arguments> : an IP address
+
+=item B<Purpose>   : get enabled images that have been uploaded by this IP address (database query: LIKE '$ip%', results may include images uploaded by similar IP addresses)
+
+=item B<Returns>   : a Mojo::Collection object containing the matching images as Lutim::DB::Image objects
+
+=back
+
+=head2 search_exact_created_by
+
+=over 1
+
+=item B<Usage>     : C<$c-E<gt>search_exact_created_by($ip)>
+
+=item B<Arguments> : an IP address
+
+=item B<Purpose>   : get enabled images that have been uploaded by this IP address
+
+=item B<Returns>   : a Mojo::Collection object containing the matching images as Lutim::DB::Image objects
+
+=back
+
+=cut
+
+1;

lib/Lutim/DB/Image/Pg.pm

@@ -0,0 +1,276 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::DB::Image::Pg;
+use Mojo::Base 'Lutim::DB::Image';
+use Mojo::Collection 'c';
+
+has 'record' => 0;
+
+sub new {
+    my $c = shift;
+
+    $c = $c->SUPER::new(@_);
+    $c = $c->_slurp if ($c->short);
+
+    return $c;
+}
+
+sub accessed {
+    my $c    = shift;
+    my $time = shift;
+
+    my $h = $c->app->pg->db->query('UPDATE lutim SET counter = counter + 1, last_access_at = ? WHERE short = ? RETURNING counter, last_access_at', $time, $c->short)->hashes->first;
+    $c->counter($h->{counter});
+    $c->last_access_at($h->{last_access_at});
+
+    return $c;
+}
+
+sub count_delete_at_day_endis {
+    my $c       = shift;
+    my $day     = shift;
+    my $enabled = shift;
+    my $created = shift;
+
+    if (defined $created) {
+        return $c->app->pg->db->query('SELECT count(short) FROM lutim WHERE path IS NOT NULL AND delete_at_day = ? AND enabled = ? AND created_at < ?', $day, $enabled, $created)->hashes->first->{count};
+    } else {
+        return $c->app->pg->db->query('SELECT count(short) FROM lutim WHERE path IS NOT NULL AND delete_at_day = ? AND enabled = ?', $day, $enabled)->hashes->first->{count};
+    }
+}
+
+sub count_created_before {
+    my $c    = shift;
+    my $time = shift;
+
+    return $c->app->pg->db->query('SELECT count(short) FROM lutim WHERE path IS NOT NULL AND created_at < ?', $time)->hashes->first->{count};
+}
+
+sub select_created_after {
+    my $c    = shift;
+    my $time = shift;
+
+    my @images;
+
+    my $records = $c->app->pg->db->query('SELECT * FROM lutim WHERE path IS NOT NULL AND created_at >= ?', $time)->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub select_empty {
+    my $c = shift;
+
+    my $record = $c->app->pg->db->query('SELECT * FROM lutim WHERE path IS NULL')->hashes->shuffle->first;
+    $c->app->pg->db->query('UPDATE lutim SET path = ? WHERE short = ?', 'used', $record->{short});
+
+    $c = $c->_slurp($record);
+
+    return $c;
+}
+
+sub write {
+    my $c            = shift;
+    my $provisioning = shift;
+
+    if ($c->record) {
+        $c->app->pg->db->query('UPDATE lutim SET counter = ?, created_at = ?, created_by = ?, delete_at_day = ?, delete_at_first_view = ?, enabled = ?, filename = ?, footprint = ?, height = ?, last_access_at = ?, mediatype = ?, mod_token = ?, path = ?, short = ?, width = ?, iv = ? WHERE short = ?', $c->counter, $c->created_at, $c->created_by, $c->delete_at_day, $c->delete_at_first_view, $c->enabled, $c->filename, $c->footprint, $c->height, $c->last_access_at, $c->mediatype, $c->mod_token, $c->path, $c->short, $c->width, $c->iv, $c->short);
+    } else {
+        my $query = 'INSERT INTO lutim (counter, created_at, created_by, delete_at_day, delete_at_first_view, enabled, filename, footprint, height, last_access_at, mediatype, mod_token, path, short, width, iv) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
+        $query .= ' ON CONFLICT DO NOTHING' if $provisioning;
+        $c->app->pg->db->query($query, $c->counter, $c->created_at, $c->created_by, $c->delete_at_day, $c->delete_at_first_view, $c->enabled, $c->filename, $c->footprint, $c->height, $c->last_access_at, $c->mediatype, $c->mod_token, $c->path, $c->short, $c->width, $c->iv);
+        $c->record(1);
+    }
+
+    return $c;
+}
+
+sub count_short {
+    my $c     = shift;
+    my $short = shift;
+
+    return $c->app->pg->db->query('SELECT count(short) FROM lutim WHERE short = ?', $short)->hashes->first->{count};
+}
+
+sub count_empty {
+    my $c = shift;
+
+    return $c->app->pg->db->query('SELECT count(short) FROM lutim WHERE path IS NULL')->hashes->first->{count};
+}
+
+sub count_not_empty {
+    my $c = shift;
+
+    return $c->app->pg->db->query('SELECT count(short) FROM lutim WHERE path IS NOT NULL')->hashes->first->{count};
+}
+
+sub clean_ips_until {
+    my $c    = shift;
+    my $time = shift;
+
+    $c->app->pg->db->query('UPDATE lutim SET created_by = NULL WHERE path IS NOT NULL AND created_at < ?', $time);
+
+    return $c;
+}
+
+sub get_no_longer_viewed_files {
+    my $c    = shift;
+    my $time = shift;
+
+    my @images;
+
+    my $records = $c->app->pg->db->query('SELECT * FROM lutim WHERE enabled = 1 AND last_access_at < ?', $time)->{hashes};
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->record(1);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub get_images_to_clean {
+    my $c = shift;
+
+    my @images;
+
+    my $records = $c->app->pg->db->query('SELECT * FROM lutim WHERE enabled = 1 AND (delete_at_day * 86400) < (? - created_at) AND delete_at_day != 0', time())->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub get_50_oldest {
+    my $c = shift;
+
+    my @images;
+
+    my $records = $c->app->pg->db->query('SELECT * FROM lutim WHERE path IS NOT NULL AND enabled = 1 ORDER BY created_at ASC LIMIT 50')->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub disable {
+    my $c = shift;
+
+    $c->app->pg->db->query('UPDATE lutim SET enabled = 0 WHERE short = ?', $c->short);
+    $c->enabled(0);
+
+    return $c;
+}
+
+sub search_created_by {
+    my $c  = shift;
+    my $ip = shift;
+
+    my @images;
+
+    my $records = $c->app->pg->db->select('lutim', undef, { enabled => 1, created_by => { -like => $ip.'%' } })->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub search_exact_created_by {
+    my $c  = shift;
+    my $ip = shift;
+
+    my @images;
+
+    my $records = $c->app->pg->db->select('lutim', undef, { enabled => 1, created_by => $ip })->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub _slurp {
+    my $c = shift;
+    my $r = shift;
+
+    my $image;
+    if (defined $r) {
+        $image = $r;
+    } else {
+        my $images = $c->app->pg->db->query('SELECT * FROM lutim WHERE short = ?', $c->short)->hashes;
+
+        if ($images->size) {
+            $image = $images->first;
+        }
+    }
+
+    if ($image) {
+        $c->short($image->{short});
+        $c->path($image->{path});
+        $c->footprint($image->{footprint});
+        $c->enabled($image->{enabled});
+        $c->mediatype($image->{mediatype});
+        $c->filename($image->{filename});
+        $c->counter($image->{counter});
+        $c->delete_at_first_view($image->{delete_at_first_view});
+        $c->delete_at_day($image->{delete_at_day});
+        $c->created_at($image->{created_at});
+        $c->created_by($image->{created_by});
+        $c->last_access_at($image->{last_access_at});
+        $c->mod_token($image->{mod_token});
+        $c->width($image->{width});
+        $c->height($image->{height});
+        $c->iv($image->{iv});
+
+        $c->record(1);
+    }
+
+    return $c;
+}
+
+1;

lib/Lutim/DB/Image/SQLite.pm

@@ -0,0 +1,277 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::DB::Image::SQLite;
+use Mojo::Base 'Lutim::DB::Image';
+use Mojo::Collection 'c';
+
+has 'record' => 0;
+
+sub new {
+    my $c = shift;
+
+    $c = $c->SUPER::new(@_);
+    $c = $c->_slurp if ($c->short);
+
+    return $c;
+}
+
+sub accessed {
+    my $c    = shift;
+    my $time = shift;
+
+    $c->app->sqlite->db->query('UPDATE lutim SET counter = counter + 1, last_access_at = ? WHERE short = ?', $time, $c->short);
+    my $h = $c->app->sqlite->db->query('SELECT counter, last_access_at FROM lutim WHERE short = ?', $c->short)->hashes->first;
+    $c->counter($h->{counter});
+    $c->last_access_at($h->{last_access_at});
+
+    return $c;
+}
+
+sub count_delete_at_day_endis {
+    my $c       = shift;
+    my $day     = shift;
+    my $enabled = shift;
+    my $created = shift;
+
+    if (defined $created) {
+        return $c->app->sqlite->db->query('SELECT count(short) AS count FROM lutim WHERE path IS NOT NULL AND delete_at_day = ? AND enabled = ? AND created_at < ?', $day, $enabled, $created)->hashes->first->{count};
+    } else {
+        return $c->app->sqlite->db->query('SELECT count(short) AS count FROM lutim WHERE path IS NOT NULL AND delete_at_day = ? AND enabled = ?', $day, $enabled)->hashes->first->{count};
+    }
+}
+
+sub count_created_before {
+    my $c    = shift;
+    my $time = shift;
+
+    return $c->app->sqlite->db->query('SELECT count(short) AS count FROM lutim WHERE path IS NOT NULL AND created_at < ?', $time)->hashes->first->{count};
+}
+
+sub select_created_after {
+    my $c    = shift;
+    my $time = shift;
+
+    my @images;
+
+    my $records = $c->app->sqlite->db->query('SELECT * FROM lutim WHERE path IS NOT NULL AND created_at >= ?', $time)->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub select_empty {
+    my $c = shift;
+
+    my $record = $c->app->sqlite->db->query('SELECT * FROM lutim WHERE path IS NULL')->hashes->shuffle->first;
+    $c->app->sqlite->db->query('UPDATE lutim SET path = ? WHERE short = ?', 'used', $record->{short});
+
+    $c = $c->_slurp($record);
+
+    return $c;
+}
+
+sub write {
+    my $c            = shift;
+    my $provisioning = shift;
+
+    if ($c->record) {
+        $c->app->sqlite->db->query('UPDATE lutim SET counter = ?, created_at = ?, created_by = ?, delete_at_day = ?, delete_at_first_view = ?, enabled = ?, filename = ?, footprint = ?, height = ?, last_access_at = ?, mediatype = ?, mod_token = ?, path = ?, short = ?, width = ?, iv = ? WHERE short = ?', $c->counter, $c->created_at, $c->created_by, $c->delete_at_day, $c->delete_at_first_view, $c->enabled, $c->filename, $c->footprint, $c->height, $c->last_access_at, $c->mediatype, $c->mod_token, $c->path, $c->short, $c->width, $c->iv, $c->short);
+    } else {
+        my $query = 'INSERT INTO lutim (counter, created_at, created_by, delete_at_day, delete_at_first_view, enabled, filename, footprint, height, last_access_at, mediatype, mod_token, path, short, width, iv) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
+        $query .= ' ON CONFLICT DO NOTHING' if $provisioning;
+        $c->app->sqlite->db->query($query, $c->counter, $c->created_at, $c->created_by, $c->delete_at_day, $c->delete_at_first_view, $c->enabled, $c->filename, $c->footprint, $c->height, $c->last_access_at, $c->mediatype, $c->mod_token, $c->path, $c->short, $c->width, $c->iv);
+        $c->record(1);
+    }
+
+    return $c;
+}
+
+sub count_short {
+    my $c     = shift;
+    my $short = shift;
+
+    return $c->app->sqlite->db->query('SELECT count(short) AS count FROM lutim WHERE short = ?', $short)->hashes->first->{count};
+}
+
+sub count_empty {
+    my $c = shift;
+
+    return $c->app->sqlite->db->query('SELECT count(short) AS count FROM lutim WHERE path IS NULL')->hashes->first->{count};
+}
+
+sub count_not_empty {
+    my $c = shift;
+
+    return $c->app->sqlite->db->query('SELECT count(short) AS count FROM lutim WHERE path IS NOT NULL')->hashes->first->{count};
+}
+
+sub clean_ips_until {
+    my $c    = shift;
+    my $time = shift;
+
+    $c->app->sqlite->db->query('UPDATE lutim SET created_by = NULL WHERE path IS NOT NULL AND created_at < ?', $time);
+
+    return $c;
+}
+
+sub get_no_longer_viewed_files {
+    my $c    = shift;
+    my $time = shift;
+
+    my @images;
+
+    my $records = $c->app->sqlite->db->query('SELECT * FROM lutim WHERE enabled = 1 AND last_access_at < ?', $time)->{hashes};
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->record(1);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub get_images_to_clean {
+    my $c = shift;
+
+    my @images;
+
+    my $records = $c->app->sqlite->db->query('SELECT * FROM lutim WHERE enabled = 1 AND (delete_at_day * 86400) < (? - created_at) AND delete_at_day != 0', time())->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub get_50_oldest {
+    my $c = shift;
+
+    my @images;
+
+    my $records = $c->app->sqlite->db->query('SELECT * FROM lutim WHERE path IS NOT NULL AND enabled = 1 ORDER BY created_at ASC LIMIT 50')->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub disable {
+    my $c = shift;
+
+    $c->app->sqlite->db->query('UPDATE lutim SET enabled = 0 WHERE short = ?', $c->short);
+    $c->enabled(0);
+
+    return $c;
+}
+
+sub search_created_by {
+    my $c  = shift;
+    my $ip = shift;
+
+    my @images;
+
+    my $records = $c->app->sqlite->db->select('lutim', undef, { enabled => 1, created_by => { -like => $ip.'%' } })->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub search_exact_created_by {
+    my $c  = shift;
+    my $ip = shift;
+
+    my @images;
+
+    my $records = $c->app->sqlite->db->select('lutim', undef, { enabled => 1, created_by => $ip })->hashes;
+
+    $records->each(
+        sub {
+            my ($e, $num) = @_;
+            my $i = Lutim::DB::Image->new(app => $c->app);
+            $i->_slurp($e);
+
+            push @images, $i;
+        }
+    );
+
+    return c(@images);
+}
+
+sub _slurp {
+    my $c = shift;
+    my $r = shift;
+
+    my $image;
+    if (defined $r) {
+        $image = $r;
+    } else {
+        my $images = $c->app->sqlite->db->query('SELECT * FROM lutim WHERE short = ?', $c->short)->hashes;
+
+        if ($images->size) {
+            $image = $images->first;
+        }
+    }
+
+    if ($image) {
+        $c->short($image->{short});
+        $c->path($image->{path});
+        $c->footprint($image->{footprint});
+        $c->enabled($image->{enabled});
+        $c->mediatype($image->{mediatype});
+        $c->filename($image->{filename});
+        $c->counter($image->{counter});
+        $c->delete_at_first_view($image->{delete_at_first_view});
+        $c->delete_at_day($image->{delete_at_day});
+        $c->created_at($image->{created_at});
+        $c->created_by($image->{created_by});
+        $c->last_access_at($image->{last_access_at});
+        $c->mod_token($image->{mod_token});
+        $c->width($image->{width});
+        $c->height($image->{height});
+        $c->iv($image->{iv});
+
+        $c->record(1);
+    }
+
+    return $c;
+}
+
+1;

lib/Lutim/DefaultConfig.pm

@@ -0,0 +1,49 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::DefaultConfig;
+require Exporter;
+@ISA = qw(Exporter);
+@EXPORT_OK = qw($default_config);
+our $default_config = {
+    provisioning        => 100,
+    provis_step         => 5,
+    length              => 8,
+    always_encrypt      => 0,
+    anti_flood_delay    => 5,
+    max_file_size       => 10*1024*1024,
+    https               => 0,
+    proposed_delays     => '0,1,7,30,365',
+    default_delay       => 0,
+    max_delay           => 0,
+    token_length        => 24,
+    crypto_key_length   => 8,
+    thumbnail_size      => 100,
+    watermark_path      => '',
+    watermark_placement => 'SouthEast',
+    watermark_default   => 'none',
+    watermark_enforce   => 'none',
+    theme               => 'default',
+    disable_api         => 0,
+    upload_dir          => 'files',
+    dbtype              => 'sqlite',
+    db_path             => 'lutim.db',
+    max_files_in_zip    => 15,
+    prefix              => '/',
+    minion              => {
+        enabled => 0,
+        dbtype  => 'sqlite',
+        db_path => 'minion.db'
+    },
+    session_duration       => 3600,
+    cache_max_size         => 0,
+    memcached_servers      => [],
+    quiet_logs             => 0,
+    disable_img_stats      => 0,
+    x_frame_options        => 'DENY',
+    x_content_type_options => 'nosniff',
+    x_xss_protection       => '1; mode=block',
+    stats_day_num          => 365,
+    keep_ip_during         => 365,
+    policy_when_full       => 'warn',
+};
+
+1;

lib/Lutim/I18N/en.pm

@@ -1,97 +0,0 @@
-package Lutim::I18N::en;
-use Mojo::Base 'Lutim::I18N';
-
-my $inf_body = <<EOF;
-<h4>What is Lutim?</h4>
-<p>Lutim is a free (as in free beer) and anonymous image hosting service. It's also the name of the free (as in free speech) software which provides this service.</p>
-<p>The images you post on Lutim can be stored indefinitely or be deleted at first view or after a delay selected from those proposed.</p>
-<h4>How does it work?</h4>
-<p>Drag and drop an image in the appropriate area or use the traditional way to send files and Lutim will provide you three URLs. One to view the image, an other to directly download it, one you can use on social networks and a last to delete the image when you want.</p>
-<p>You can, optionally, request that the image(s) posted on Lutim to be deleted at first view (or download) or after the delay selected from those proposed.</p>
-<h4>Is it really free (as in free beer)?</h4>
-<p>Yes, it is! On the other side, if you want to support the developer, you can do it via <a href="https://flattr.com/submit/auto?user_id=_SKy_&amp;url=[_1]&amp;title=Lutim&amp;category=software">Flattr</a> or with <a href="bitcoin:1K3n4MXNRSMHk28oTfXEvDunWFthePvd8v?label=lutim">BitCoin</a>.</p>
-<h4>Is it really anonymous?</h4>
-<p>Yes, it is! On the other side, for legal reasons, your IP address will be stored when you send an image. Don't panic, it is normally the case of all sites on which you send files!</p>
-<p>The IP address of the image's sender is retained for a delay which depends of the administrator's choice (for the official instance, which is located in France, it's one year).</p>
-<p>If the files are deleted if you ask it while posting it, their SHA512 footprint are retained.</p>
-<h4>Who owns rights on images uploaded on Lutim?</h4>
-<p>Only the uploader! (well, only if he's the only owner of the images' rights before the upload)</p>
-<p>Unlike many image sharing services, you don't give rights on uploaded images.</p>
-<h4>How to report an image?</h4>
-<p>Please contact the administrator: [_2]</p>
-<h4>How do you pronounce Lutim?</h4>
-<p>Juste like you pronounce the French word <a href="https://fr.wikipedia.org/wiki/Lutin">lutin</a> (/ly.tɛ̃/).</p>
-<h4>What about the software which provides the service?</h4>
-<p>The Lutim software is a <a href="http://en.wikipedia.org/wiki/Free_software">free software</a>, which allows you to download and install it on you own server. Have a look at the <a href="https://www.gnu.org/licenses/agpl-3.0.html">AGPL</a> to see what you can do.</p>
-<p>For more details, see the <a href="https://github.com/ldidry/lutim">Github</a> page of the project.</p>
-<h4>Main developers</h4>
-<ul>
-    <li>Luc Didry, aka Sky (<a href="http://www.fiat-tux.fr">http://www.fiat-tux.fr</a>), core developer, \@framasky on <a href="https://twitter.com/framasky">Twitter</a>, or on <a href="https://framasphere.org/public/framasky">Diaspora*</a></li>
-    <li>Dattaz (<a href="http://dattaz.fr">http://dattaz.fr</a>), webapp developer, <a href="https://twitter.com/dat_taz">\@dat_taz</a></li>
-</ul>
-<h4>Contributors</h4>
-<ul>
-    <li>Jean-Bernard Marcon, aka Goofy (<a href="https://github.com/goofy-bz">https://github.com/goofy-bz</a>)</li>
-    <li>Jean-Christophe Bach (<a href="https://github.com/jcb">https://github.com/jcb</a>)</li>
-    <li>Florian Bigard, aka Chocobozzz (<a href="https://github.com/Chocobozzz">https://github.com/Chocobozzz</a>)</li>
-    <li>Sandro CAZZANIGA, aka Kharec (<a href="http://sandrocazzaniga.fr">http://sandrocazzaniga.fr</a>), <a href="https://twitter.com/Kharec">\@Kharec</a></li>
-</ul>
-EOF
-
-our %Lexicon = (
-    'homepage'              => 'Homepage',
-    'license'               => 'License:',
-    'fork-me'               => 'Fork me on Github !',
-    'share-twitter'         => 'Share on Twitter',
-    'informations'          => 'Informations',
-    'informations-body'     => $inf_body,
-    'view-link'             => 'View link',
-    'download-link'         => 'Download link',
-    'share-link'            => 'Link for share on social networks',
-    'tweet_it'              => 'Tweet it!',
-    'share_it'              => 'Share it!',
-    'delete-link'           => 'Deletion link',
-    'some-bad'              => 'Something bad happened',
-    'delete-first'          => 'Delete at first view?',
-    'delete-day'            => 'Delete after 24 hours?',
-    'upload_image'          => 'Send an image',
-    'image-only'            => 'Only images are allowed',
-    'go'                    => 'Let\'s go!',
-    'drag-n-drop'           => 'Drag & drop images here',
-    'or'                    => '-or-',
-    'file-browser'          => 'Click to open the file browser',
-    'image_not_found'       => 'Unable to find the image: it has been deleted.',
-    'no_more_short'         => 'There is no more available URL. Retry or contact the administrator. [_1]',
-    'no_valid_file'         => 'The file [_1] is not an image.',
-    'file_too_big'          => 'The file exceed the size limit ([_1])',
-    'no_time_limit'         => 'No time limit',
-    '24_hours'              => '24 hours',
-    '7_days'                => '7 days',
-    '30_days'               => '30 days',
-    '1_year'                => 'One year',
-    'pushed-images'         => ' sent images on this instance from beginning.',
-    'graph-data-once-a-day' => 'The graph\'s datas are not updated in real-time.',
-    'lutim-stats'           => 'Lutim\'s statistics',
-    'back-to-index'         => 'Back to homepage',
-    'stop_upload'           => 'Uploading is currently disabled, please try later or contact the administrator ([_1]).',
-    'download_error'        => 'An error occured while downloading the image.',
-    'no_valid_url'          => 'The URL is not valid.',
-    'image_url'             => 'Image URL',
-    'upload_image_url'      => 'Upload an image with its URL',
-    'delay_0'               => 'no time limit',
-    'delay_1'               => '24 hours',
-    'delay_days'            => '[_1] days',
-    'delay_365'             => '1 year',
-    'max_delay'             => 'Warning! The maximum time limit for an image is [_1] day(s), even if you choose "no time limit".',
-    'crypt_image'           => 'Encrypt the image (Lutim does not keep the key).',
-    'always_encrypt'        => 'The images are encrypted on the server (Lutim does not keep the key).',
-    'image_deleted'         => 'The image [_1] has been successfully deleted',
-    'invalid_token'         => 'The delete token is invalid.',
-    'already_deleted'       => 'The image [_1] has already been deleted.',
-    'install_as_webapp'     => 'Install webapp',
-    'image_delay_modified'  => 'The image\'s delay has been successfully modified',
-    'image_mod_not_found'   => 'Unable to find the image [_1].',
-    'modify_image_error'    => 'Error while trying to modify the image.',
-);
-
-1;

lib/Lutim/I18N/fr.pm

@@ -1,97 +0,0 @@
-package Lutim::I18N::fr;
-use Mojo::Base 'Lutim::I18N';
-
-my $inf_body = <<EOF;
-<h4>Qu’est-ce que Lutim ?</h4>
-<p>Lutim est un service gratuit et anonyme d’hébergement d’images. Il s’agit aussi du nom du logiciel (libre) qui fournit ce service.</p>
-<p>Les images déposées sur Lutim peuvent être stockées indéfiniment, ou s’effacer dès le premier affichage ou au bout du délai choisi parmi ceux proposés.</p>
-<h4>Comment ça marche ?</h4>
-<p>Faites glisser des images dans la zone prévue à cet effet ou sélectionnez un fichier de façon classique et Lutim vous fournira troie URLs en retour. Une pour afficher l’image, une autre pour la télécharger directement, une pour l'utiliser sur les réseaux sociaux et une dernière pour supprimer votre image quand vous le souhaitez.</p>
-<p>Vous pouvez, de façon facultative, demander à ce que la ou les images déposées sur Lutim soient supprimées après leur premier affichage (ou téléchargement) ou au bout d'un délai choisi parmi ceux proposés.</p>
-<h4>C’est vraiment gratuit ?</h4>
-<p>Oui, ça l’est ! Par contre, si vous avez envie de soutenir le développeur, vous pouvez faire un microdon avec <a href="https://flattr.com/submit/auto?user_id=_SKy_&amp;url=[_1]&amp;title=Lutim&amp;category=software">Flattr</a> ou en <a href="bitcoin:1K3n4MXNRSMHk28oTfXEvDunWFthePvd8v?label=lutim">BitCoin</a>.</p>
-<h4>C’est vraiment anonyme ?</h4>
-<p>Oui, ça l’est ! Par contre, pour des raisons légales, votre adresse IP sera enregistrée lorsque vous enverrez une image. Ne vous affolez pas, c’est de toute façon normalement le cas de tous les sites sur lesquels vous envoyez des fichiers !</p>
-<p>L’IP de la personne ayant déposé l’image est stockée pendant un délai dépendant de l'administrateur de l'instance (pour l'instance officielle, dont le serveur est en France, c'est un délai d'un an).</p>
-<p>Si les fichiers sont bien supprimés si vous en avez exprimé le choix, leur empreinte SHA512 est toutefois conservée.</p>
-<h4>Qui possède des droits sur les images envoyées sur Lutim ?</h4>
-<p>Seulement l'envoyeur ! (enfin, seulement s'il possède des droits exclusifs sur les images avant de les envoyer)</p>
-<p>Au contraire de la majorité des services de partages d'image, vous ne cédez aucun droit sur les images envoyées.</p>
-<h4>Comment peut-on faire pour signaler une image ?</h4>
-<p>Veuillez contacter l’administrateur : [_2]</p>
-<h4>Comment doit-on prononcer Lutim ?</h4>
-<p>Comme on prononce <a href="https://fr.wikipedia.org/wiki/Lutin">lutin</a> !</p>
-<h4>Et à propos du logiciel qui fournit le service ?</h4>
-<p>Le logiciel Lutim est un <a href="https://fr.wikipedia.org/wiki/Logiciel_libre">logiciel libre</a>, ce qui vous permet de le télécharger et de l’installer sur votre propre serveur. Jetez un coup d’œil à l’<a href="https://www.gnu.org/licenses/agpl-3.0.html">AGPL</a> pour voir quels sont vos droits.</p>
-<p>Pour plus de détails, consultez la page <a href="https://github.com/ldidry/lutim">Github</a> du projet.</p>
-<h4>Développeurs de l'application</h4>
-<ul>
-    <li>Luc Didry, aka Sky (<a href="http://www.fiat-tux.fr">http://www.fiat-tux.fr</a>), développeur principal, \@framasky sur <a href="https://twitter.com/framasky">Twitter</a> ou sur <a href="https://framasphere.org/public/framasky">Diaspora*</a></li>
-    <li>Dattaz (<a href="http://dattaz.fr">http://dattaz.fr</a>), développeur de la webapp, <a href="https://twitter.com/dat_taz">\@dat_taz</a></li>
-</ul>
-<h4>Contributeurs</h4>
-<ul>
-    <li>Jean-Bernard Marcon, aka Goofy (<a href="https://github.com/goofy-bz">https://github.com/goofy-bz</a>)</li>
-    <li>Jean-Christophe Bach (<a href="https://github.com/jcb">https://github.com/jcb</a>)</li>
-    <li>Florian Bigard, aka Chocobozzz (<a href="https://github.com/Chocobozzz">https://github.com/Chocobozzz</a>)</li>
-    <li>Sandro CAZZANIGA, aka Kharec (<a href="http://sandrocazzaniga.fr">http://sandrocazzaniga.fr</a>), <a href="https://twitter.com/Kharec">\@Kharec</a></li>
-</ul>
-EOF
-
-our %Lexicon = (
-    'homepage'              => 'Accueil',
-    'license'               => 'Licence :',
-    'fork-me'               => 'Fork me on Github',
-    'share-twitter'         => 'Partager sur Twitter',
-    'informations'          => 'Informations',
-    'informations-body'     => $inf_body,
-    'view-link'             => 'Lien d\'affichage',
-    'download-link'         => 'Lien de téléchargement',
-    'share-link'            => 'Lien pour partager sur les réseaux sociaux',
-    'tweet_it'              => 'Tweetez !',
-    'share_it'              => 'Partagez !',
-    'delete-link'           => 'Lien de suppression',
-    'some-bad'              => 'Un problème est survenu',
-    'delete-first'          => 'Supprimer au premier accès ?',
-    'delete-day'            => 'Supprimer après 24 heures ?',
-    'upload_image'          => 'Envoyez une image',
-    'image-only'            => 'Seules les images sont acceptées',
-    'go'                    => 'Allons-y !',
-    'drag-n-drop'           => 'Déposez vos images ici',
-    'or'                    => '-ou-',
-    'file-browser'          => 'Cliquez pour utiliser le navigateur de fichier',
-    'image_not_found'       => 'Impossible de trouver l\'image : elle a été supprimée.',
-    'no_more_short'         => 'Il n\'y a plus d\'URL disponible. Veuillez réessayer ou contactez l\'administrateur. [_1].',
-    'no_valid_file'         => 'Le fichier [_1] n\'est pas une image.',
-    'file_too_big'          => 'Le fichier dépasse la limite de taille ([_1])',
-    'no_time_limit'         => 'Pas de limitation de durée',
-    '24_hours'              => '24 heures',
-    '7_days'                => '7 jours',
-    '30_days'               => '30 jours',
-    '1_year'                => 'Un an',
-    'pushed-images'         => ' images envoyées sur cette instance depuis le début.',
-    'graph-data-once-a-day' => 'Les données du graphique ne sont pas mises à jour en temps réél.',
-    'lutim-stats'           => 'Statistiques de Lutim',
-    'back-to-index'         => 'Retour à la page d\'accueil',
-    'stop_upload'           => 'L\'envoi d\'images est actuellement désactivé, veuillez réessayer plus tard ou contacter l\'administrateur ([_1]).',
-    'download_error'        => 'Une erreur est survenue lors du téléchargement de l\'image.',
-    'no_valid_url'          => 'l\'URL n\'est pas valide.',
-    'image_url'             => 'URL de l\'image',
-    'upload_image_url'      => 'Déposer une image par son URL',
-    'delay_0'               => 'pas de limitation de durée',
-    'delay_1'               => '24 heures',
-    'delay_days'            => '[_1] jours',
-    'delay_365'             => '1 an',
-    'max_delay'             => 'Attention ! Le délai maximal de rétention d\'une image est de [_1] jour(s), même si vous choisissez « pas de limitation de durée ».',
-    'crypt_image'           => 'Chiffrer l\'image (Lutim ne stocke pas la clé).',
-    'always_encrypt'        => 'Les images sont chiffrées sur le serveur (Lutim ne stocke pas la clé).',
-    'image_deleted'         => 'L\'image [_1] a été supprimée avec succès.',
-    'invalid_token'         => 'Le jeton de suppression est invalide.',
-    'already_deleted'       => 'L\'image [_1] a déjà été supprimée.',
-    'install_as_webapp'     => 'Installer la webapp',
-    'image_delay_modified'  => 'Le délai de l\'image a été modifié avec succès.',
-    'image_mod_not_found'   => 'Impossible de trouver l\'image [_1].',
-    'modify_image_error'    => 'Une erreur est survenue lors de la tentative de modification de l\'image.',
-);
-
-1;

lib/Lutim/Plugin/Headers.pm

@@ -0,0 +1,50 @@
+package Lutim::Plugin::Headers;
+use Mojo::Base 'Mojolicious::Plugin';
+
+sub register {
+    my ($self, $app) = @_;
+
+    # Assets Cache headers
+    $app->plugin('StaticCache' => { even_in_dev => 1 });
+
+    # Add CSP Header
+    if (!defined($app->config('csp')) || (defined($app->config('csp')) && $app->config('csp') ne '')) {
+        my $directives = {
+            'default-src'     => "'none'",
+            'script-src'      => "'self' 'unsafe-eval'",
+            'style-src'       => "'self' 'unsafe-inline'",
+            'connect-src'     => "'self'",
+            'img-src'         => "'self' data:",
+            'font-src'        => "'self'",
+            'form-action'     => "'self'",
+            'base-uri'        => "'self'",
+        };
+
+        my $frame_ancestors = '';
+        $frame_ancestors = "'none'" if $app->config('x_frame_options') eq 'DENY';
+        $frame_ancestors = "'self'" if $app->config('x_frame_options') eq 'SAMEORIGIN';
+        if ($app->config('x_frame_options') =~ m#^ALLOW-FROM#) {
+            $frame_ancestors = $app->config('x_frame_options');
+            $frame_ancestors =~ s#ALLOW-FROM +##;
+        }
+        $directives->{'frame-ancestors'} = $frame_ancestors if $frame_ancestors;
+
+        $app->plugin('CSPHeader',
+            csp        => $app->config('csp'),
+            directives => $directives
+        );
+    }
+
+    # Add other headers
+    $app->hook(
+        before_dispatch => sub {
+            my $c = shift;
+
+            $c->res->headers->header('X-Frame-Options'        => $app->config('x_frame_options'))        if $app->config('x_frame_options');
+            $c->res->headers->header('X-Content-Type-Options' => $app->config('x_content_type_options')) if $app->config('x_content_type_options');
+            $c->res->headers->header('X-XSS-Protection'       => $app->config('x_xss_protection'))       if $app->config('x_xss_protection');
+        }
+    );
+}
+
+1;

lib/Lutim/Plugin/Helpers.pm

@@ -0,0 +1,361 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::Plugin::Helpers;
+use Mojo::Base 'Mojolicious::Plugin';
+use Mojo::Util qw(quote);
+use Mojo::File;
+use Crypt::CBC;
+use Data::Entropy qw(entropy_source);
+use DateTime;
+use Mojo::Util qw(decode);
+use ISO::639_1;
+use Digest::MD5 'md5';
+
+sub register {
+    my ($self, $app) = @_;
+
+
+    if ($app->config('dbtype') eq 'postgresql') {
+        require Mojo::Pg;
+        $app->plugin('PgURLHelper');
+        $app->helper(pg => \&_pg);
+
+        # Database migration
+        my $migrations = Mojo::Pg::Migrations->new(pg => $app->pg);
+        if ($app->mode eq 'development' && $ENV{LUTIM_DEBUG}) {
+            $migrations->from_file('utilities/migrations/postgresql.sql')->migrate(0)->migrate(3);
+        } else {
+            $migrations->from_file('utilities/migrations/postgresql.sql')->migrate(3);
+        }
+    } elsif ($app->config('dbtype') eq 'sqlite') {
+        # SQLite database migration if needed
+        require Mojo::SQLite;
+        $app->helper(sqlite => \&_sqlite);
+
+        my $sql = Mojo::SQLite->new('sqlite:'.$app->config('db_path'));
+        my $migrations = $sql->migrations;
+        if ($app->mode eq 'development' && $ENV{LUTIM_DEBUG}) {
+            $migrations->from_file('utilities/migrations/sqlite.sql')->migrate(0)->migrate(2);
+        } else {
+            $migrations->from_file('utilities/migrations/sqlite.sql')->migrate(2);
+        }
+    }
+
+    $app->helper(render_file        => \&_render_file);
+    $app->helper(ip                 => \&_ip);
+    $app->helper(provisioning       => \&_provisioning);
+    $app->helper(shortener          => \&_shortener);
+    $app->helper(stop_upload        => \&_stop_upload);
+    $app->helper(max_delay          => \&_max_delay);
+    $app->helper(default_delay      => \&_default_delay);
+    $app->helper(is_selected        => \&_is_selected);
+    $app->helper(is_wm_selected     => \&_is_wm_selected);
+    $app->helper(crypt              => \&_crypt);
+    $app->helper(decrypt            => \&_decrypt);
+    $app->helper(delete_image       => \&_delete_image);
+    $app->helper(iso639_native_name => \&_iso639_native_name);
+    $app->helper(prefix             => \&_prefix);
+}
+
+sub _pg {
+    my $c     = shift;
+
+    state $pg = Mojo::Pg->new($c->app->pg_url($c->app->config('pgdb')));
+    return $pg;
+}
+
+sub _sqlite {
+    my $c     = shift;
+
+    state $sqlite = Mojo::SQLite->new('sqlite:'.$c->app->config('db_path'));
+    return $sqlite;
+}
+
+sub _render_file {
+    my $c = shift;
+    my ($im_loaded, $img, $dl, $key, $thumb) = @_;
+
+    my ($filename, $path, $iv, $mediatype, $no_cache) = ($img->filename, $img->path, $img->iv, $img->mediatype, $img->delete_at_first_view);
+
+    my $expires = ($img->delete_at_day) ? $img->delete_at_day : 360;
+    my $dt = DateTime->from_epoch( epoch => $expires * 86400 + $img->created_at);
+    $dt->set_time_zone('GMT');
+    $expires = $dt->strftime("%a, %d %b %Y %H:%M:%S GMT");
+
+    $dl       = 'attachment' if ($mediatype =~ m/svg/);
+    $filename = quote($filename);
+
+    unless (-f $path && -r $path) {
+        $c->app->log->error("Cannot read file [$path]. error [$!]");
+        $c->flash(
+            msg => $c->l('Unable to find the image: it has been deleted.')
+        );
+        return 500;
+    }
+
+    $mediatype =~ s/x-//;
+
+    my $headers = Mojo::Headers->new();
+    if ($no_cache || defined($thumb)) {
+        $headers->add('Cache-Control'   => 'no-cache, no-store, max-age=0, must-revalidate');
+    } else {
+        $headers->add('Expires'         => $expires);
+    }
+    $headers->add('Content-Type'        => $mediatype.';name='.$filename);
+    $headers->add('Content-Disposition' => $dl.';filename='.$filename);
+    $c->res->content->headers($headers);
+
+    my $cache;
+    if ($c->config('cache_max_size') != 0 || scalar(@{$c->config('memcached_servers')})) {
+        $cache = $c->chi('lutim_images_cache')->compute($img->short, undef, sub {
+            if ($key) {
+                return {
+                    asset => $c->decrypt($key, $path, $iv),
+                    key   => $key
+                };
+            } else {
+                return {
+                    asset => Mojo::File->new($path)->slurp,
+                };
+            }
+        });
+        if ($key && $key ne $cache->{key}) {
+            my $tmp = $c->decrypt($key, $path, $iv);
+            $cache->{asset} = $tmp;
+            $c->chi('lutim_images_cache')->replace(
+                $img->short,
+                {
+                    asset => $tmp,
+                    key   => $key
+                },
+            );
+        }
+    } else {
+        if ($key) {
+            $cache = {
+                asset => $c->decrypt($key, $path, $iv),
+            };
+        } else {
+            $cache = {
+                asset => Mojo::File->new($path)->slurp,
+            };
+        }
+    }
+    # Extend expiration time
+    my $asset = Mojo::Asset::Memory->new;
+    $asset->add_chunk($cache->{asset});
+
+    if (defined $thumb && $im_loaded && $mediatype ne 'image/svg+xml' && $mediatype !~ m#image/(x-)?xcf# && $mediatype ne 'image/avif') { # ImageMagick don't work in Debian with svg (for now?)
+        my $im  = Image::Magick->new;
+        $im->BlobToImage($asset->slurp);
+
+        # Create the thumbnail
+        if ($thumb eq '') {
+            $im->Resize(geometry => 'x'.$c->config('thumbnail_size'));
+        } else {
+            $im->Resize(geometry => $thumb);
+        }
+
+        # Replace the asset with the thumbnail
+        $asset = Mojo::Asset::Memory->new->add_chunk($im->ImageToBlob());
+    }
+
+    $c->res->content->asset($asset);
+    $headers->add('Content-Length' => $asset->size);
+
+    return $c->rendered(200);
+}
+
+sub _ip {
+    my $c  = shift;
+    my $ip_only = shift || 0;
+
+    my $proxy = $c->req->headers->header('X-Forwarded-For');
+
+    my $ip = ($proxy) ? $proxy : $c->tx->remote_address;
+
+    my $remote_port = (defined($c->req->headers->header('X-Remote-Port'))) ? $c->req->headers->header('X-Remote-Port') : $c->tx->remote_port;
+
+    return ($ip_only) ? $ip : "$ip remote port:$remote_port";
+}
+
+sub _provisioning {
+    my $c = shift;
+
+    # Create some short patterns for provisioning
+    my $img = Lutim::DB::Image->new(app => $c->app);
+    if ($img->count_empty < $c->app->config('provisioning')) {
+        for (my $i = 0; $i < $c->app->config('provis_step'); $i++) {
+            my $short;
+            do {
+                $short = $c->shortener($c->app->config('length'));
+            } while ($img->count_short($short) || $short eq 'about' || $short eq 'stats' || $short eq 'd' || $short eq 'm' || $short eq 'gallery' || $short eq 'zip' || $short eq 'infos');
+
+            $img->short($short)
+                ->counter(0)
+                ->enabled(1)
+                ->delete_at_first_view(0)
+                ->delete_at_day(0)
+                ->mod_token($c->shortener($c->app->config('token_length')))
+                ->write('provisioning');
+
+            $img = Lutim::DB::Image->new(app => $c->app);
+        }
+    }
+}
+
+sub _shortener {
+    my $c      = shift;
+    my $length = shift;
+
+    my @chars  = ('a'..'z','A'..'Z','0'..'9');
+    my $result = '';
+    foreach (1..$length) {
+        $result .= $chars[entropy_source->get_int(scalar(@chars))];
+    }
+    return $result;
+}
+
+sub _stop_upload {
+    my $c = shift;
+
+    if (-f 'stop-upload' || -f 'stop-upload.manual') {
+        $c->stash(
+            stop_upload => $c->l('Uploading is currently disabled, please try later or contact the administrator (%1).', $c->app->config('contact'))
+        );
+        return 1;
+    }
+    return 0;
+}
+
+sub _max_delay {
+    my $c = shift;
+
+    return $c->app->config('max_delay') if ($c->app->config('max_delay') >= 0);
+
+    warn "max_delay set to a negative value. Default to 0.";
+    return 0;
+}
+
+sub _default_delay {
+    my $c = shift;
+
+    return $c->app->config('default_delay') if ($c->app->config('default_delay') >= 0);
+
+    warn "default_delay set to a negative value. Default to 0.";
+    return 0;
+}
+
+sub _is_selected {
+    my $c   = shift;
+    my $num = shift;
+
+    return ($num == $c->default_delay) ? 'selected="selected"' : '';
+}
+
+sub _is_wm_selected {
+    my $c  = shift;
+    my $wm = shift;
+
+    return ($wm eq $c->config('watermark_default')) ? 'selected="selected"' : '';
+}
+
+sub _key_from_key {
+    my $key = shift;
+
+    # Key size for Blowfish is 56
+    my $ks = 56;
+    my $material = md5($key);
+    while (length($material) < $ks) {
+        $material .= md5($material);
+    }
+    return substr($material,0,$ks);
+}
+
+sub _crypt {
+    my $c        = shift;
+    my $upload   = shift;
+    my $filename = shift;
+
+    my $key   = $c->shortener($c->config('crypto_key_length'));
+    my $iv    = $c->shortener(8);
+
+    my $cipher = Crypt::CBC->new(
+        -key         => _key_from_key($key),
+        -cipher      => 'Blowfish',
+        -header      => 'none',
+        -literal_key => 1,
+        -pbkdf       => 'pbkdf2',
+        -iv          => $iv
+    );
+
+    $cipher->start('encrypting');
+
+    my $crypt_asset = Mojo::Asset::File->new;
+
+    $crypt_asset->add_chunk($cipher->crypt($upload->slurp));
+    $crypt_asset->add_chunk($cipher->finish);
+
+    my $crypt_upload = Mojo::Upload->new;
+    $crypt_upload->filename($filename);
+    $crypt_upload->asset($crypt_asset);
+
+    return ($crypt_upload, $key, $iv);
+}
+
+sub _decrypt {
+    my $c    = shift;
+    my $key  = _key_from_key(shift);
+    my $file = shift;
+    my $iv   = shift;
+    $iv = 'dupajasi' unless $iv;
+
+    my $cipher = Crypt::CBC->new(
+        -key         => $key,
+        -cipher      => 'Blowfish',
+        -header      => 'none',
+        -literal_key => 1,
+        -pbkdf       => 'pbkdf2',
+        -iv          => $iv
+    );
+
+    $cipher->start('decrypting');
+
+    my $decrypt_asset = Mojo::Asset::File->new;
+
+    open(my $f, "<",$file) or die "Unable to read encrypted file: $!";
+    binmode $f;
+    while (read($f, my $buffer, 1024)) {
+          $decrypt_asset->add_chunk($cipher->crypt($buffer));
+    }
+    $decrypt_asset->add_chunk($cipher->finish) ;
+
+    return $decrypt_asset->slurp;
+}
+
+sub _delete_image {
+    my $c   = shift;
+    my $img = shift;
+    if ($c->config('cache_max_size') != 0 || scalar(@{$c->config('memcached_servers')})) {
+        $c->chi('lutim_images_cache')->remove($img->short);
+    }
+    unlink $img->path or warn "Could not unlink ".$img->path.": $!";
+    $img->disable();
+}
+
+sub _iso639_native_name {
+    my $c = shift;
+    return ucfirst(decode 'UTF-8', get_iso639_1(shift)->{nativeName});
+}
+
+sub _prefix {
+    my $c = shift;
+
+    my $prefix = $c->url_for('/')->to_abs;
+    # Forced domain
+    $prefix->host($c->config('fixed_domain')) if (defined($c->config('fixed_domain')) && $c->config('fixed_domain') ne '');
+    # Hack for prefix (subdir) handling
+    $prefix .= '/' unless ($prefix =~ m#/$#);
+    return $prefix;
+}
+
+1;

lib/Lutim/Plugin/Lang.pm

@@ -0,0 +1,38 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Lutim::Plugin::Lang;
+use Mojo::Base 'Mojolicious::Plugin';
+use Mojo::Collection;
+use Mojo::File;
+
+sub register {
+    my ($self, $app) = @_;
+
+    $app->helper(available_langs => \&_available_langs);
+
+    $app->hook(
+        before_dispatch => sub {
+            my $c = shift;
+            $c->languages($c->cookie('lutim_lang')) if $c->cookie('lutim_lang');
+        }
+    );
+}
+
+sub _available_langs {
+    my $c = shift;
+
+    state $langs = Mojo::Collection->new(
+        glob($c->app->home->rel_file('themes/'.$c->config('theme').'/lib/Lutim/I18N/*po')),
+        glob($c->app->home->rel_file('themes/default/lib/Lutim/I18N/*po'))
+    )->map(
+        sub {
+            Mojo::File->new($_)->basename('.po');
+        }
+    )->uniq->sort(
+        sub {
+            $c->l($a) cmp $c->l($b)
+        }
+    )->to_array;
+}
+
+1;
+

lib/LutimModel.pm

@@ -1,31 +0,0 @@
-package LutimModel;
-
-# Create database
-use ORLite {
-      file => 'lutim.db',
-      unicode => 1,
-      create => sub {
-          my $dbh = shift;
-          $dbh->do(
-              'CREATE TABLE lutim (
-               short                 TEXT PRIMARY KEY,
-               path                  TEXT,
-               footprint             TEXT,
-               enabled               INTEGER,
-               mediatype             TEXT,
-               filename              TEXT,
-               counter               INTEGER,
-               delete_at_first_view  INTEGER,
-               delete_at_day         INTEGER,
-               created_at            INTEGER,
-               created_by            TEXT,
-               last_access_at        INTEGER,
-               mod_token             TEXT,
-               width                 INTEGER,
-               height                INTEGER)'
-          );
-          return 1;
-        }
-};
-
-1;

lib/Mounter.pm

@@ -0,0 +1,51 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+package Mounter;
+use Mojo::Base 'Mojolicious';
+use Mojo::File;
+use FindBin qw($Bin);
+use File::Spec qw(catfile);
+use Lutim::DefaultConfig qw($default_config);
+
+# This method will run once at server start
+sub startup {
+    my $self = shift;
+
+    push @{$self->commands->namespaces}, 'Lutim::Command';
+
+    my $cfile = Mojo::File->new($Bin, '..' , 'lutim.conf');
+    if (defined $ENV{MOJO_CONFIG}) {
+        $cfile = Mojo::File->new($ENV{MOJO_CONFIG});
+        unless (-e $cfile->to_abs) {
+            $cfile = Mojo::File->new($Bin, '..', $ENV{MOJO_CONFIG});
+        }
+    }
+    my $config = $self->plugin('Config', {
+        file    => $cfile,
+        default => $default_config
+    });
+
+    $config->{prefix} = $config->{url_sub_dir} if (defined($config->{url_sub_dir}) && $config->{prefix} eq '/');
+
+    $self->app->log->warn('"url_sub_dir" configuration option is deprecated. Use "prefix" instead. "url_sub_dir" will be removed in the future') if (defined($config->{url_sub_dir}));
+
+    # Themes handling
+    shift @{$self->static->paths};
+    if ($config->{theme} ne 'default') {
+        my $theme = $self->home->rel_file('themes/'.$config->{theme});
+        push @{$self->static->paths}, $theme.'/public' if -d $theme.'/public';
+    }
+    push @{$self->static->paths}, $self->home->rel_file('themes/default/public');
+
+    # Static assets gzipping
+    $self->plugin('GzipStatic');
+
+    # Headers
+    $self->plugin('Lutim::Plugin::Headers');
+
+    # Helpers
+    $self->plugin('Lutim::Plugin::Helpers');
+
+    $self->plugin('Mount' => {$config->{prefix} => File::Spec->catfile($Bin, '..', 'script', 'application')});
+}
+
+1;

lutim.conf.template

@@ -7,12 +7,9 @@
     hypnotoad => {
         # array of IP addresses and ports you want to listen to
         listen => ['http://127.0.0.1:8080'],
-        # user and group you want for Lutim to run with
-        # be sure that this user/group have rights on the lutim directory
-        # if you launch lutim from a different user, be sure that this user have the right to su this user/group
-        # => if current_user is not the user that you sets here and is not root, there's chances that it will fail (see https://github.com/ldidry/lutim/issues/25)
-        user   => 'www-data',
-        group  => 'www-data'
+        # if you use Lutim behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lutim directly, let it commented
+        #proxy  => 1,
     },
 
     ################
@@ -27,18 +24,23 @@
     # mandatory
     secrets           => ['fdjsofjoihrei'],
 
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    #theme         => 'default',
+
     # length of the images random URL
     # optional, default is 8
     #length            => 8,
 
+    # length of the encryption key
+    # optional, default is 8
+    #crypto_key_length => 8,
+
     # how many URLs will be provisioned in a batch ?
     # optional, default is 5
     #provis_step       => 5,
 
     # max number of URLs to be provisioned
-    # WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-    # in the first version, this option was provisionning with two 'n'. While the option with the typo is still valid, it is deprecated.
-    # in the next version (0.4), only provisioning with ine 'n' will be accepted
     # optional, default is 100
     #provisioning      => 100,
 
@@ -47,11 +49,6 @@
     # optional, default is 5
     #anti_flood_delay  => 5,
 
-    # twitter account which will appear on twitter cards
-    # see https://dev.twitter.com/docs/cards/validation/validator to register your Lutim instance on twitter
-    # optional, default is @framasky
-    #tweet_card_via    => '@framasky',
-
     # max image size, in octets
     # you can write it 10*1024*1024
     # optional, default is 10485760
@@ -63,7 +60,7 @@
     #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
 
     # if you want to include something in the right of the screen, put it here
-    # here's an exemple to put the logo of your hoster
+    # here's an example to put the logo of your hoster
     # optional, no default
     #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
 
@@ -87,6 +84,10 @@
     # optional, default is 0 (no limit)
     #default_delay     => 0,
 
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
     # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
     # a warning message will be displayed on homepage
     # optional, default is 0 (no limit)
@@ -96,10 +97,203 @@
     # optional, default is 0
     #always_encrypt    => 0,
 
+    # you can allow to use a watermark on the uploaded images (or enforce its use)
+    # define a path to the watermark image (provide an image with alpha channel)
+    # you can define the path relative to lutim directory or set an absolute path
+    # to disable the usage of a watermark, leave it blank or commented
+    # optional, no default
+    #watermark_path              => '',
+
+    # the watermark can be a tiling one or a single one
+    # when using a small one, you can choose where to place it
+    # valid values are 'Center', 'North', 'NorthEast', 'East', 'SouthEast', 'South', 'SouthWest', 'West' and 'NorthWest' (case insensitive)
+    # optional, default is 'SouthEast'
+    #watermark_placement => 'SouthEast',
+
+    # choose which watermark (tiling, single or none) should be used by default
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_default => 'none',
+
+    # choose which watermark (tiling, single or none) should be enforced (users will always have a watermark and won’t be able to disable it)
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_enforce => 'none',
+
     # length of the image's delete token
     # optional, default is 24
     #token_length      => 24,
 
+    # URL sub-directory in which you want Lutim to be accessible
+    # example: you want to have Lutim under https://example.org/lutim/
+    # => set prefix to '/lutim' or to '/lutim/', it doesn't matter
+    # optional, defaut is /
+    #prefix            => '/',
+
+    # if set to 1, Lutim will try to prevent its use without using the web interface
+    # optional, default is 0
+    #disable_api => 0,
+
+    # Define a path to the upload directory, where the uploaded images will be stored.
+    # You can define it relative to lutim directory or set an absolute path.
+    # The path is stored in database for each uploaded file, so you’ll need to do some
+    # SQL commands if you move the images in an other directory (if you keep the old directory
+    # where it was, you have nothing to do).
+    # Remember that it has to be in a directory writable by Lutim user
+    # optional, default is 'files'
+    #upload_dir => 'files',
+
+    # choose what database you want to use
+    # valid choices are sqlite and postgresql (all lowercase)
+    # optional, default is sqlite
+    #dbtype => 'sqlite',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lutim directory or set an absolute path
+    # remember that it has to be in a directory writable by Lutim user
+    # optional, default is lutim.db
+    #db_path           => 'lutim.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    #pgdb => {
+    #    database => 'lutim',
+    #    host     => 'localhost',
+    #    #user     => 'DBUSER',
+    #    #pwd      => 'DBPASSWORD'
+    #},
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    #minion => {
+    #    enabled => 0,
+    #    # Which Minion backend to use?
+    #    # valid values are sqlite and postgresql (all lowercase)
+    #    # mandatory if Minion is enabled, default is sqlite
+    #    dbtype  => 'sqlite',
+    #    # SQLite ONLY - only used if if you choose sqlite as Minion backend, define the path to the minion database
+    #    # you can define it relative to lutim directory or set an absolute path
+    #    # remember that it has to be in a directory writable by Lutim user
+    #    # optional, default is minion.db
+    #    db_path => 'minion.db',
+    #    # PostgreSQL ONLY - only used if you choose postgresql as Minion backend
+    #    # these are the credentials to access the Minion's PostgreSQL database
+    #    # mandatory if you choosed postgresql as Minion backend, no default
+    #    pgdb => {
+    #        database => 'lutim_minion',
+    #        host     => 'localhost',
+    #        #user     => 'DBUSER',
+    #        #pwd      => 'DBPASSWORD'
+    #    }
+    #},
+
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    #ldap => {
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
+    #},
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lutim.passwd user`, update it with `htpasswd lutim.passwd user2`
+    # make sure that lutim can read the file!
+    # optional, no default
+    #htpasswd => 'lutim.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
+    # define the height of the thumbnails generated at users' will
+    # this is not the height of the thumbnails send after upload,
+    # we're talking about thumbnails generated when someone asked for
+    # https://example.org/lutim/tesrinp?thumb
+    # this works only if you have ImageMagick
+    # optional, default is 100 (pixels)
+    #thumbnail_size => 100,
+
+    # maximum number of files that can be downloaded as a single zip archive
+    # if too many files are asked, it results a timeout, so Lutim split the zip URL
+    # in multiple URLs, each with max_file_size images.
+    # timeout behavior depends heavily on your server ressources (CPU) and if images
+    # are encrypted
+    # optional, default is 15
+    #max_files_in_zip => 15,
+
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lutim
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lutim
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
     ##########################
     # Lutim cron jobs settings
     ##########################

public/css/fontello-codes.css

@@ -1,10 +0,0 @@
-
-.icon-twitter:before { content: '\e800'; } /* '' */
-.icon-github-circled:before { content: '\e801'; } /* '' */
-.icon-flattr:before { content: '\e802'; } /* '' */
-.icon-bitcoin:before { content: '\e803'; } /* '' */
-.icon-trash:before { content: '\e804'; } /* '' */
-.icon-download:before { content: '\e805'; } /* '' */
-.icon-spinner:before { content: '\e806'; } /* '' */
-.icon-eye:before { content: '\e807'; } /* '' */
-.icon-share:before { content: '\e808'; } /* '' */

public/css/fontello-ie7-codes.css

@@ -1,10 +0,0 @@
-
-.icon-twitter { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-github-circled { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-flattr { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-bitcoin { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-trash { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-download { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-spinner { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-eye { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-share { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }

public/css/fontello-ie7.css

@@ -1,21 +0,0 @@
-[class^="icon-"], [class*=" icon-"] {
-  font-family: 'fontello';
-  font-style: normal;
-  font-weight: normal;
- 
-  /* fix buttons height */
-  line-height: 1em;
- 
-  /* you can be more comfortable with increased icons size */
-  /* font-size: 120%; */
-}
- 
-.icon-twitter { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-github-circled { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-flattr { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-bitcoin { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-trash { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-download { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-spinner { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-eye { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }
-.icon-share { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = ' '); }

public/css/fontello.css

@@ -1,61 +0,0 @@
-@font-face {
-  font-family: 'fontello';
-  src: url('../font/fontello.eot?96982888');
-  src: url('../font/fontello.eot?96982888#iefix') format('embedded-opentype'),
-       url('../font/fontello.woff?96982888') format('woff'),
-       url('../font/fontello.ttf?96982888') format('truetype'),
-       url('../font/fontello.svg?96982888#fontello') format('svg');
-  font-weight: normal;
-  font-style: normal;
-}
-/* Chrome hack: SVG is rendered more smooth in Windozze. 100% magic, uncomment if you need it. */
-/* Note, that will break hinting! In other OS-es font will be not as sharp as it could be */
-/*
-@media screen and (-webkit-min-device-pixel-ratio:0) {
-  @font-face {
-    font-family: 'fontello';
-    src: url('../font/fontello.svg?96982888#fontello') format('svg');
-  }
-}
-*/
- 
- [class^="icon-"]:before, [class*=" icon-"]:before {
-  font-family: "fontello";
-  font-style: normal;
-  font-weight: normal;
-  speak: none;
- 
-  display: inline-block;
-  text-decoration: inherit;
-  width: 1em;
-  margin-right: .2em;
-  text-align: center;
-  /* opacity: .8; */
- 
-  /* For safety - reset parent styles, that can break glyph codes*/
-  font-variant: normal;
-  text-transform: none;
-     
-  /* fix buttons height, for twitter bootstrap */
-  line-height: 1em;
- 
-  /* Animation center compensation - margins should be symmetric */
-  /* remove if not needed */
-  margin-left: .2em;
- 
-  /* you can be more comfortable with increased icons size */
-  /* font-size: 120%; */
- 
-  /* Uncomment for 3D effect */
-  /* text-shadow: 1px 1px 1px rgba(127, 127, 127, 0.3); */
-}
- 
-.icon-twitter:before { content: '\e800'; } /* '' */
-.icon-github-circled:before { content: '\e801'; } /* '' */
-.icon-flattr:before { content: '\e802'; } /* '' */
-.icon-bitcoin:before { content: '\e803'; } /* '' */
-.icon-trash:before { content: '\e804'; } /* '' */
-.icon-download:before { content: '\e805'; } /* '' */
-.icon-spinner:before { content: '\e806'; } /* '' */
-.icon-eye:before { content: '\e807'; } /* '' */
-.icon-share:before { content: '\e808'; } /* '' */

public/css/hennypenny.css

@@ -1,6 +0,0 @@
-@font-face {
-  font-family: 'Henny_Penny';
-  font-style: normal;
-  font-weight: 400;
-  src: local('Henny Penny'), local('HennyPenny-Regular'), url(../font/hennypenny.ttf) format('truetype');
-}

public/css/lutim.css

@@ -1,50 +0,0 @@
-@media (max-width: 767px) {
-    body {
-        padding-top: 5px;
-        padding-bottom: 5px;
-    }
-}
-
-@media (min-width: 768px) {
-    body {
-        padding-top: 40px;
-        padding-bottom: 40px;
-    }
-}
-
-.container {
-    padding: 15px;
-    margin: 0 auto;
-}
-
-.jsonly {
-    display: none;
-}
-
-.thumbnail {
-    margin-right: 8px;
-}
-
-.hennypenny {
-    font-family: 'Henny_Penny', cursive;
-    font-size: 42px;
-}
-
-.logo {
-    margin-right: 10px;
-}
-label.always-encrypt {
-    display: none;
-}
-.link_nocol,
-.link_nocol:hover{
-    color: #000000;
-    text-decoration: none;
-}
-
-#install-app img {
-    height: 22px;
-}
-#install-app {
-    display: none;
-}

public/css/morris-0.4.3.min.css

@@ -1,2 +0,0 @@
-.morris-hover{position:absolute;z-index:1000;}.morris-hover.morris-default-style{border-radius:10px;padding:6px;color:#666;background:rgba(255, 255, 255, 0.8);border:solid 2px rgba(230, 230, 230, 0.8);font-family:sans-serif;font-size:12px;text-align:center;}.morris-hover.morris-default-style .morris-hover-row-label{font-weight:bold;margin:0.25em 0;}
-.morris-hover.morris-default-style .morris-hover-point{white-space:nowrap;margin:0.1em 0;}

public/font/LICENSE.txt

@@ -1,30 +0,0 @@
-Font license info
-
-
-## Font Awesome
-
-   Copyright (C) 2012 by Dave Gandy
-
-   Author:    Dave Gandy
-   License:   SIL ()
-   Homepage:  http://fortawesome.github.com/Font-Awesome/
-
-
-## Zocial
-
-   Copyright (C) 2012 by Sam Collins
-
-   Author:    Sam Collins
-   License:   MIT (http://opensource.org/licenses/mit-license.php)
-   Homepage:  http://zocial.smcllns.com/
-
-
-## MFG Labs
-
-   Copyright (C) 2012 by Daniel Bruce
-
-   Author:    MFG Labs
-   License:   SIL (http://scripts.sil.org/OFL)
-   Homepage:  http://www.mfglabs.com/
-
-

public/font/fontello.svg

@@ -1,20 +0,0 @@
-<?xml version="1.0" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg">
-<metadata>Copyright (C) 2014 by original authors @ fontello.com</metadata>
-<defs>
-<font id="fontello" horiz-adv-x="1000" >
-<font-face font-family="fontello" font-weight="400" font-stretch="normal" units-per-em="1000" ascent="850" descent="-150" />
-<missing-glyph horiz-adv-x="1000" />
-<glyph glyph-name="twitter" unicode="&#xe800;" d="m25 74q19-2 43-2 126 0 224 77-59 1-105 36t-64 89q19-3 34-3 24 0 48 6-63 13-104 62t-41 115v2q38-21 82-23-37 25-59 64t-22 86q0 49 25 91 67-83 164-133t208-55q-5 21-5 41 0 75 53 127t127 53q78 0 132-57 61 12 114 44-20-64-79-100 52 6 104 28-37-54-90-93 0-8 0-23 0-73-21-145t-64-139-103-117-144-82-181-30q-151 0-276 81z" horiz-adv-x="928.6" />
-<glyph glyph-name="github-circled" unicode="&#xe801;" d="m0 350q0 117 58 215t155 156 216 58 215-58 156-156 57-215q0-140-82-252t-211-155q-15-3-22 4t-7 17v118q0 54-29 79 32 3 57 10t53 22 45 37 30 58 11 84q0 68-44 115 21 51-5 114-15 5-45-6t-51-25l-21-13q-52 15-107 15t-108-15q-8 6-23 15t-47 22-48 7q-24-63-4-114-44-47-44-115 0-47 12-83t29-59 45-37 52-22 57-10q-22-20-27-58-12-5-25-8t-32-3-36 12-31 35q-11 18-27 29t-28 14l-11 1q-12 0-16-2t-3-7 5-8 7-6l4-3q12-6 24-21t18-29l5-13q8-21 25-34t37-17 39-4 31 2l13 3q0-22 0-50t1-30q0-10-8-17t-22-4q-129 43-211 155t-82 252z" horiz-adv-x="857.1" />
-<glyph glyph-name="flattr" unicode="&#xe802;" d="m0-37l0 514q0 179 85 278t259 99l548 0q-5-5-52-53t-100-101-109-109-95-93-42-37q-15 0-15 16l0 156-48 0q-59 0-94-6t-63-26-39-57-12-96l0-262z m67-117q5 5 53 53t100 101 109 110 95 93 41 36q15 0 15-16l0-156 48 0q116 0 162 36t45 149l0 262 224 223 0-514q0-179-84-278t-260-99l-548 0z" horiz-adv-x="959" />
-<glyph glyph-name="bitcoin" unicode="&#xe803;" d="m31-7l18 102h62q27 0 32 28v225h9q-4 0-9 0v160q-7 38-50 38h-62v92l119-1q35 0 54 1v141h86v-138q45 1 68 1v137h86v-141q44-4 78-13t63-25 46-43 20-64q10-102-73-144 65-16 98-58t25-119q-4-40-18-70t-36-49-54-33-68-19-81-9v-142h-86v140q-45 0-68 1v-141h-86v142q-10 0-30 1t-31 0h-112z m260 101q5 0 21 0t27 0 29 1 33 2 32 5 31 8 26 11 22 17 14 22 5 29q0 20-8 35t-21 26-32 17-36 10-42 6-38 1-36 0-27-1v-189z m0 275q3 0 20 0t26 0 27 1 31 3 29 6 27 10 21 15 15 22 5 28q0 19-7 33t-17 23-27 16-31 9-34 5-33 1-30 0-22-1v-171z" horiz-adv-x="714.3" />
-<glyph glyph-name="trash" unicode="&#xe804;" d="m0 582v36q0 8 5 13t13 5h172l39 93q9 21 31 35t44 15h178q22 0 44-15t30-35l39-93h173q8 0 13-5t5-13v-36q0-8-5-13t-13-5h-54v-529q0-46-26-80t-63-34h-464q-37 0-63 33t-27 79v531h-53q-8 0-13 5t-5 13z m143-547q0-12 4-22t8-15 6-5h464q2 0 6 5t8 15 4 22v529h-500v-529z m71 83v321q0 8 5 13t13 5h36q8 0 13-5t5-13v-321q0-8-5-13t-13-5h-36q-8 0-13 5t-5 13z m54 518h250l-27 65q-4 5-9 6h-177q-6-1-10-6z m89-518v321q0 8 5 13t13 5h36q8 0 13-5t5-13v-321q0-8-5-13t-13-5h-36q-8 0-13 5t-5 13z m143 0v321q0 8 5 13t13 5h36q7 0 12-5t5-13v-321q0-8-5-13t-12-5h-36q-8 0-13 5t-5 13z" horiz-adv-x="785.7" />
-<glyph glyph-name="download" unicode="&#xe805;" d="m0 46v179q0 22 16 38t38 16h259l75-76q33-32 76-32t76 32l76 76h259q22 0 38-16t16-38v-179q0-22-16-37t-38-16h-821q-23 0-38 16t-16 37z m181 497q10 21 33 21h143v250q0 15 11 25t25 11h143q14 0 25-11t10-25v-250h143q24 0 33-21 10-23-8-40l-250-250q-10-10-25-10t-25 10l-250 250q-17 17-8 40z m462-443q0-14 10-25t26-11 25 11 10 25-10 25-25 11-26-11-10-25z m143 0q0-14 10-25t25-11 26 11 10 25-10 25-26 11-25-11-10-25z" horiz-adv-x="928.6" />
-<glyph glyph-name="spinner" unicode="&#xe806;" d="m469 614v204q129 0 237-61t169-170 62-237h-204q0 72-36 133t-95 96-133 35z" horiz-adv-x="937.5" />
-<glyph glyph-name="eye" unicode="&#xe807;" d="m0 314q0 19 11 39 78 128 210 205t279 78 279-78 210-205q11-20 11-39t-11-38q-78-129-210-206t-279-77-279 77-210 206q-11 19-11 38z m71 0q75-114 187-182t242-68 242 68 187 182q-85 132-213 197 34-58 34-125 0-104-73-177t-177-73-177 73-73 177q0 67 34 125-128-65-213-197z m259 72q0-11 8-19t19-8 19 8 8 19q0 48 34 82t82 34q11 0 19 8t8 19-8 19-19 7q-70 0-120-50t-50-119z" horiz-adv-x="1000" />
-<glyph glyph-name="share" unicode="&#xe808;" d="m0 350q0 74 52 126t127 53q70 0 121-48l201 100q-1 12-1 19 0 74 52 126t127 53 126-53 52-126-52-126-126-53q-71 0-122 48l-201-100q1-12 1-19t-1-19l201-100q51 48 122 48 74 0 126-53t52-126-52-126-126-53-127 53-52 126q0 7 1 19l-201 100q-51-48-121-48-75 0-127 53t-52 126z" horiz-adv-x="857.1" />
-</font>
-</defs>
-</svg>

public/js/bootstrap.js

@@ -1,137 +0,0 @@
-/* ========================================================================
- * Bootstrap: alert.js v3.1.1
- * http://getbootstrap.com/javascript/#alerts
- * ========================================================================
- * Copyright 2011-2014 Twitter, Inc.
- * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
- * ======================================================================== */
-
-
-+function ($) {
-  'use strict';
-
-  // ALERT CLASS DEFINITION
-  // ======================
-
-  var dismiss = '[data-dismiss="alert"]'
-  var Alert   = function (el) {
-    $(el).on('click', dismiss, this.close)
-  }
-
-  Alert.prototype.close = function (e) {
-    var $this    = $(this)
-    var selector = $this.attr('data-target')
-
-    if (!selector) {
-      selector = $this.attr('href')
-      selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
-    }
-
-    var $parent = $(selector)
-
-    if (e) e.preventDefault()
-
-    if (!$parent.length) {
-      $parent = $this.hasClass('alert') ? $this : $this.parent()
-    }
-
-    $parent.trigger(e = $.Event('close.bs.alert'))
-
-    if (e.isDefaultPrevented()) return
-
-    $parent.removeClass('in')
-
-    function removeElement() {
-      $parent.trigger('closed.bs.alert').remove()
-    }
-
-    $.support.transition && $parent.hasClass('fade') ?
-      $parent
-        .one($.support.transition.end, removeElement)
-        .emulateTransitionEnd(150) :
-      removeElement()
-  }
-
-
-  // ALERT PLUGIN DEFINITION
-  // =======================
-
-  var old = $.fn.alert
-
-  $.fn.alert = function (option) {
-    return this.each(function () {
-      var $this = $(this)
-      var data  = $this.data('bs.alert')
-
-      if (!data) $this.data('bs.alert', (data = new Alert(this)))
-      if (typeof option == 'string') data[option].call($this)
-    })
-  }
-
-  $.fn.alert.Constructor = Alert
-
-
-  // ALERT NO CONFLICT
-  // =================
-
-  $.fn.alert.noConflict = function () {
-    $.fn.alert = old
-    return this
-  }
-
-
-  // ALERT DATA-API
-  // ==============
-
-  $(document).on('click.bs.alert.data-api', dismiss, Alert.prototype.close)
-
-}(jQuery);
-
-/* ========================================================================
- * Bootstrap: transition.js v3.1.1
- * http://getbootstrap.com/javascript/#transitions
- * ========================================================================
- * Copyright 2011-2014 Twitter, Inc.
- * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
- * ======================================================================== */
-
-
-+function ($) {
-  'use strict';
-
-  // CSS TRANSITION SUPPORT (Shoutout: http://www.modernizr.com/)
-  // ============================================================
-
-  function transitionEnd() {
-    var el = document.createElement('bootstrap')
-
-    var transEndEventNames = {
-      'WebkitTransition' : 'webkitTransitionEnd',
-      'MozTransition'    : 'transitionend',
-      'OTransition'      : 'oTransitionEnd otransitionend',
-      'transition'       : 'transitionend'
-    }
-
-    for (var name in transEndEventNames) {
-      if (el.style[name] !== undefined) {
-        return { end: transEndEventNames[name] }
-      }
-    }
-
-    return false // explicit for ie8 (  ._.)
-  }
-
-  // http://blog.alexmaccaw.com/css-transitions
-  $.fn.emulateTransitionEnd = function (duration) {
-    var called = false, $el = this
-    $(this).one($.support.transition.end, function () { called = true })
-    var callback = function () { if (!called) $($el).trigger($.support.transition.end) }
-    setTimeout(callback, duration)
-    return this
-  }
-
-  $(function () {
-    $.support.transition = transitionEnd()
-  })
-
-}(jQuery);

public/js/bootstrap.min.js

@@ -1,7 +0,0 @@
-/*!
- * Bootstrap v3.1.1 (http://getbootstrap.com)
- * Copyright 2011-2014 Twitter, Inc.
- * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
- */
-
-+function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function f(){e.trigger("closed.bs.alert").remove()}var c=a(this),d=c.attr("data-target");d||(d=c.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,""));var e=a(d);b&&b.preventDefault(),e.length||(e=c.hasClass("alert")?c:c.parent()),e.trigger(b=a.Event("close.bs.alert"));if(b.isDefaultPrevented())return;e.removeClass("in"),a.support.transition&&e.hasClass("fade")?e.one(a.support.transition.end,f).emulateTransitionEnd(150):f()};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("bs.alert");e||d.data("bs.alert",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.bs.alert.data-api",b,c.prototype.close)}(jQuery),+function(a){function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(a.style[c]!==undefined)return{end:b[c]};return!1}"use strict",a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one(a.support.transition.end,function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b()})}(jQuery);

public/js/lutim.js

@@ -1,26 +0,0 @@
-$('document').ready(function() {
-    $('.jsonly').show();
-    // Are we in a mozilla navigator? (well, are we in a navigator which can handle webapps?)
-    if (navigator.mozApps !== undefined) {
-        var installCheck = navigator.mozApps.checkInstalled(manifestUrl);
-        installCheck.onsuccess = function() {
-            if(installCheck.result === null) {
-                var button = $('#install-app');
-                // Show app install button when app is not installed
-                button.css('display','inline-block');
-                button.click(function() {
-                    var request = window.navigator.mozApps.install(manifestUrl);
-                    request.onsuccess = function () {
-                        // Save the App object that is returned
-                        var appRecord = this.result;
-                        button.css('display','none');
-                    };
-                    request.onerror = function () {
-                        // Display the error information from the DOMError object
-                        alert('Install failed, error: ' + this.error.name);
-                    };
-                });
-            }
-        }
-    }
-});

script/application

@@ -0,0 +1,11 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+
+use FindBin;
+BEGIN { unshift @INC, "$FindBin::Bin/../lib" }
+
+# Start command line interface for application
+require Mojolicious::Commands;
+Mojolicious::Commands->start_app('Lutim');

script/lutim

@@ -8,4 +8,4 @@ BEGIN { unshift @INC, "$FindBin::Bin/../lib" }
 
 # Start command line interface for application
 require Mojolicious::Commands;
-Mojolicious::Commands->start_app('Lutim');
+Mojolicious::Commands->start_app('Mounter');

t/basic.t

@@ -1,9 +0,0 @@
-use Mojo::Base -strict;
-
-use Test::More;
-use Test::Mojo;
-
-my $t = Test::Mojo->new('Lutim');
-$t->get_ok('/')->status_is(200)->content_like(qr/Mojolicious/i);
-
-done_testing();

t/create-pg-testdb.sql

@@ -0,0 +1,4 @@
+CREATE USER lutim WITH PASSWORD 'lutim';
+CREATE DATABASE lutimtest OWNER lutim;
+CREATE DATABASE lutim_miniontest OWNER lutim;
+

t/postgresql1.conf

@@ -0,0 +1,324 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+    ####################
+    # Hypnotoad settings
+    ####################
+    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+    hypnotoad => {
+        # array of IP addresses and ports you want to listen to
+        listen => ['http://127.0.0.1:8080'],
+        # if you use Lutim behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lutim directly, let it commented
+        #proxy  => 1,
+    },
+
+    ################
+    # Lutim settings
+    ################
+
+    # put a way to contact you here and uncomment it
+    # mandatory
+    contact           => 'John Doe, admin[at]example.com',
+
+    # random string used to encrypt cookies
+    # mandatory
+    secrets           => ['fdjsofjoihrei'],
+
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    #theme         => 'default',
+
+    # length of the images random URL
+    # optional, default is 8
+    #length            => 8,
+
+    # length of the encryption key
+    # optional, default is 8
+    #crypto_key_length => 8,
+
+    # how many URLs will be provisioned in a batch ?
+    # optional, default is 5
+    #provis_step       => 5,
+
+    # max number of URLs to be provisioned
+    # optional, default is 100
+    #provisioning      => 100,
+
+    # anti-flood protection delay, in seconds
+    # users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds
+    # optional, default is 5
+    #anti_flood_delay  => 5,
+
+    # max image size, in octets
+    # you can write it 10*1024*1024
+    # optional, default is 10485760
+    max_file_size     => 1048576,
+
+    # if you want to have piwik statistics, provide a piwik image tracker
+    # only the image tracker is allowed, no javascript
+    # optional, no default
+    #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
+
+    # if you want to include something in the right of the screen, put it here
+    # here's an example to put the logo of your hoster
+    # optional, no default
+    #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
+
+    # DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
+    # Lutim now checks if the X-Forwarded-Proto header is present and equal to https.
+    # set to 1 if you use Lutim behind a secure web server
+    # optional, default is 0
+    #https             => 0,
+
+    # broadcast_message which will displayed on all pages of Lutim (but no in json response)
+    # optional, no default
+    broadcast_message => 'test broadcast message',
+
+    # array of authorized domains for API calls.
+    # if you want to authorize everyone to use the API: ['*']
+    # optional, no domains allowed by default
+    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+
+    # default time limit for files
+    # valid values are 0, 1, 7, 30 and 365
+    # optional, default is 0 (no limit)
+    default_delay     => 30,
+
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
+    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # a warning message will be displayed on homepage
+    # optional, default is 0 (no limit)
+    max_delay         => 200,
+
+    # if set to 1, all the images will be encrypted and the encryption option will no be displayed
+    # optional, default is 0
+    #always_encrypt    => 0,
+
+    # you can allow to use a watermark on the uploaded images (or enforce its use)
+    # define a path to the watermark image (provide an image with alpha channel)
+    # you can define the path relative to lutim directory or set an absolute path
+    # to disable the usage of a watermark, leave it blank or commented
+    # optional, no default
+    #watermark_path              => '',
+
+    # the watermark can be a tiling one or a single one
+    # when using a small one, you can choose where to place it
+    # valid values are 'Center', 'North', 'NorthEast', 'East', 'SouthEast', 'South', 'SouthWest', 'West' and 'NorthWest' (case insensitive)
+    # optional, default is 'SouthEast'
+    #watermark_placement => 'SouthEast',
+
+    # choose which watermark (tiling, single or none) should be used by default
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_default => 'none',
+
+    # choose which watermark (tiling, single or none) should be enforced (users will always have a watermark and won’t be able to disable it)
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_enforce => 'none',
+
+    # length of the image's delete token
+    # optional, default is 24
+    #token_length      => 24,
+
+    # URL sub-directory in which you want Lutim to be accessible
+    # example: you want to have Lutim under https://example.org/lutim/
+    # => set prefix to '/lutim' or to '/lutim/', it doesn't matter
+    # optional, defaut is /
+    #prefix            => '/',
+
+    # if set to 1, Lutim will try to prevent its use without using the web interface
+    # optional, default is 0
+    #disable_api => 0,
+
+    # Define a path to the upload directory, where the uploaded images will be stored
+    # You can define it relative to lutim directory or set an absolute path
+    # The path is stored in database for each uploaded file, so you’ll need to do some
+    # SQL commands if you change the upload_dir after getting images uploaded.
+    # Remember that it has to be in a directory writable by Lutim user
+    # optional, default is 'files'
+    #upload_dir => 'files',
+
+    # choose what database you want to use
+    # valid choices are sqlite and postgresql (all lowercase)
+    # optional, default is sqlite
+    dbtype => 'postgresql',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lutim directory or set an absolute path
+    # remember that it has to be in a directory writable by Lutim user
+    # optional, default is lutim.db
+    #db_path           => 'lutim.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    pgdb => {
+        database => 'lutim_db',
+        host     => 'postgres',
+        user     => 'lutim',
+        pwd      => 'lutim_pwd'
+    },
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    #minion => {
+    #    enabled => 0,
+    #    # Which Minion backend to use?
+    #    # valid values are sqlite and postgresql (all lowercase)
+    #    # mandatory if Minion is enabled, default is sqlite
+    #    dbtype  => 'sqlite',
+    #    # SQLite ONLY - only used if if you choose sqlite as Minion backend, define the path to the minion database
+    #    # you can define it relative to lutim directory or set an absolute path
+    #    # remember that it has to be in a directory writable by Lutim user
+    #    # optional, default is minion.db
+    #    db_path => 'minion.db',
+    #    # PostgreSQL ONLY - only used if you choose postgresql as Minion backend
+    #    # these are the credentials to access the Minion's PostgreSQL database
+    #    # mandatory if you choosed postgresql as Minion backend, no default
+    #    pgdb => {
+    #        database => 'lutim_minion',
+    #        host     => 'localhost',
+    #        #user     => 'DBUSER',
+    #        #pwd      => 'DBPASSWORD'
+    #    }
+    #},
+
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    #ldap => {
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
+    #},
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lutim.passwd user`, update it with `htpasswd lutim.passwd user2`
+    # make sure that lutim can read the file!
+    # optional, no default
+    #htpasswd => 'lutim.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
+    # define the height of the thumbnails generated at users' will
+    # this is not the height of the thumbnails send after upload,
+    # we're talking about thumbnails generated when someone asked for
+    # https://example.org/lutim/tesrinp?thumb
+    # this works only if you have ImageMagick
+    # optional, default is 100 (pixels)
+    #thumbnail_size => 100,
+
+    # maximum number of files that can be downloaded as a single zip archive
+    # if too many files are asked, it results a timeout, so Lutim split the zip URL
+    # in multiple URLs, each with max_file_size images.
+    # timeout behavior depends heavily on your server ressources (CPU) and if images
+    # are encrypted
+    # optional, default is 15
+    #max_files_in_zip => 15,
+
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lutim
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lutim
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
+    ##########################
+    # Lutim cron jobs settings
+    ##########################
+
+    # number of days shown in /stats page (used with script/lutim cron stats)
+    # optional, default is 365
+    #stats_day_num     => 365,
+
+    # number of days senders' IP addresses are kept in database
+    # after that delay, they will be deleted from database (used with script/lutim cron cleanbdd)
+    # optional, default is 365
+    #keep_ip_during    => 365,
+
+    # max size of the files directory, in octets
+    # used by script/lutim cron watch to trigger an action
+    # optional, no default
+    max_total_size    => 10*1024*1024*1024,
+
+    # default action when files directory is over max_total_size (used with script/lutim cron watch)
+    # valid values are 'warn', 'stop-upload' and 'delete'
+    # please, see readme
+    # optional, default is 'warn'
+    #policy_when_full  => 'warn',
+
+    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # optional, no default
+    #delete_no_longer_viewed_files => 90
+};

t/postgresql2.conf

@@ -0,0 +1,324 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+    ####################
+    # Hypnotoad settings
+    ####################
+    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+    hypnotoad => {
+        # array of IP addresses and ports you want to listen to
+        listen => ['http://127.0.0.1:8080'],
+        # if you use Lutim behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lutim directly, let it commented
+        #proxy  => 1,
+    },
+
+    ################
+    # Lutim settings
+    ################
+
+    # put a way to contact you here and uncomment it
+    # mandatory
+    contact           => 'John Doe, admin[at]example.com',
+
+    # random string used to encrypt cookies
+    # mandatory
+    secrets           => ['fdjsofjoihrei'],
+
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    #theme         => 'default',
+
+    # length of the images random URL
+    # optional, default is 8
+    #length            => 8,
+
+    # length of the encryption key
+    # optional, default is 8
+    #crypto_key_length => 8,
+
+    # how many URLs will be provisioned in a batch ?
+    # optional, default is 5
+    #provis_step       => 5,
+
+    # max number of URLs to be provisioned
+    # optional, default is 100
+    #provisioning      => 100,
+
+    # anti-flood protection delay, in seconds
+    # users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds
+    # optional, default is 5
+    #anti_flood_delay  => 5,
+
+    # max image size, in octets
+    # you can write it 10*1024*1024
+    # optional, default is 10485760
+    max_file_size     => 1048576,
+
+    # if you want to have piwik statistics, provide a piwik image tracker
+    # only the image tracker is allowed, no javascript
+    # optional, no default
+    #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
+
+    # if you want to include something in the right of the screen, put it here
+    # here's an example to put the logo of your hoster
+    # optional, no default
+    #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
+
+    # DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
+    # Lutim now checks if the X-Forwarded-Proto header is present and equal to https.
+    # set to 1 if you use Lutim behind a secure web server
+    # optional, default is 0
+    #https             => 0,
+
+    # broadcast_message which will displayed on all pages of Lutim (but no in json response)
+    # optional, no default
+    broadcast_message => 'test broadcast message',
+
+    # array of authorized domains for API calls.
+    # if you want to authorize everyone to use the API: ['*']
+    # optional, no domains allowed by default
+    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+
+    # default time limit for files
+    # valid values are 0, 1, 7, 30 and 365
+    # optional, default is 0 (no limit)
+    default_delay     => 30,
+
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
+    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # a warning message will be displayed on homepage
+    # optional, default is 0 (no limit)
+    max_delay         => 200,
+
+    # if set to 1, all the images will be encrypted and the encryption option will no be displayed
+    # optional, default is 0
+    #always_encrypt    => 0,
+
+    # you can allow to use a watermark on the uploaded images (or enforce its use)
+    # define a path to the watermark image (provide an image with alpha channel)
+    # you can define the path relative to lutim directory or set an absolute path
+    # to disable the usage of a watermark, leave it blank or commented
+    # optional, no default
+    #watermark_path              => '',
+
+    # the watermark can be a tiling one or a single one
+    # when using a small one, you can choose where to place it
+    # valid values are 'Center', 'North', 'NorthEast', 'East', 'SouthEast', 'South', 'SouthWest', 'West' and 'NorthWest' (case insensitive)
+    # optional, default is 'SouthEast'
+    #watermark_placement => 'SouthEast',
+
+    # choose which watermark (tiling, single or none) should be used by default
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_default => 'none',
+
+    # choose which watermark (tiling, single or none) should be enforced (users will always have a watermark and won’t be able to disable it)
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_enforce => 'none',
+
+    # length of the image's delete token
+    # optional, default is 24
+    #token_length      => 24,
+
+    # URL sub-directory in which you want Lutim to be accessible
+    # example: you want to have Lutim under https://example.org/lutim/
+    # => set prefix to '/lutim' or to '/lutim/', it doesn't matter
+    # optional, defaut is /
+    #prefix            => '/',
+
+    # if set to 1, Lutim will try to prevent its use without using the web interface
+    # optional, default is 0
+    #disable_api => 0,
+
+    # Define a path to the upload directory, where the uploaded images will be stored
+    # You can define it relative to lutim directory or set an absolute path
+    # The path is stored in database for each uploaded file, so you’ll need to do some
+    # SQL commands if you change the upload_dir after getting images uploaded.
+    # Remember that it has to be in a directory writable by Lutim user
+    # optional, default is 'files'
+    #upload_dir => 'files',
+
+    # choose what database you want to use
+    # valid choices are sqlite and postgresql (all lowercase)
+    # optional, default is sqlite
+    dbtype => 'postgresql',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lutim directory or set an absolute path
+    # remember that it has to be in a directory writable by Lutim user
+    # optional, default is lutim.db
+    db_path           => 'testpg2.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    pgdb => {
+        database => 'lutim_db',
+        host     => 'postgres',
+        user     => 'lutim',
+        pwd      => 'lutim_pwd'
+    },
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    minion => {
+        enabled => 1,
+    #    # Which Minion backend to use?
+    #    # valid values are sqlite and postgresql (all lowercase)
+    #    # mandatory if Minion is enabled, default is sqlite
+    #    dbtype  => 'sqlite',
+    #    # SQLite ONLY - only used if if you choose sqlite as Minion backend, define the path to the minion database
+    #    # you can define it relative to lutim directory or set an absolute path
+    #    # remember that it has to be in a directory writable by Lutim user
+    #    # optional, default is minion.db
+    #    db_path => 'minion.db',
+    #    # PostgreSQL ONLY - only used if you choose postgresql as Minion backend
+    #    # these are the credentials to access the Minion's PostgreSQL database
+    #    # mandatory if you choosed postgresql as Minion backend, no default
+    #    pgdb => {
+    #        database => 'lutim_minion',
+    #        host     => 'localhost',
+    #        #user     => 'DBUSER',
+    #        #pwd      => 'DBPASSWORD'
+    #    }
+    },
+
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    #ldap => {
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
+    #},
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lutim.passwd user`, update it with `htpasswd lutim.passwd user2`
+    # make sure that lutim can read the file!
+    # optional, no default
+    #htpasswd => 'lutim.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
+    # define the height of the thumbnails generated at users' will
+    # this is not the height of the thumbnails send after upload,
+    # we're talking about thumbnails generated when someone asked for
+    # https://example.org/lutim/tesrinp?thumb
+    # this works only if you have ImageMagick
+    # optional, default is 100 (pixels)
+    #thumbnail_size => 100,
+
+    # maximum number of files that can be downloaded as a single zip archive
+    # if too many files are asked, it results a timeout, so Lutim split the zip URL
+    # in multiple URLs, each with max_file_size images.
+    # timeout behavior depends heavily on your server ressources (CPU) and if images
+    # are encrypted
+    # optional, default is 15
+    #max_files_in_zip => 15,
+
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lutim
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lutim
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
+    ##########################
+    # Lutim cron jobs settings
+    ##########################
+
+    # number of days shown in /stats page (used with script/lutim cron stats)
+    # optional, default is 365
+    #stats_day_num     => 365,
+
+    # number of days senders' IP addresses are kept in database
+    # after that delay, they will be deleted from database (used with script/lutim cron cleanbdd)
+    # optional, default is 365
+    #keep_ip_during    => 365,
+
+    # max size of the files directory, in octets
+    # used by script/lutim cron watch to trigger an action
+    # optional, no default
+    max_total_size    => 10*1024*1024*1024,
+
+    # default action when files directory is over max_total_size (used with script/lutim cron watch)
+    # valid values are 'warn', 'stop-upload' and 'delete'
+    # please, see readme
+    # optional, default is 'warn'
+    #policy_when_full  => 'warn',
+
+    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # optional, no default
+    #delete_no_longer_viewed_files => 90
+};

t/postgresql3.conf

@@ -0,0 +1,301 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+    ####################
+    # Hypnotoad settings
+    ####################
+    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+    hypnotoad => {
+        # array of IP addresses and ports you want to listen to
+        listen => ['http://127.0.0.1:8080'],
+        # if you use Lutim behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lutim directly, let it commented
+        #proxy  => 1,
+    },
+
+    ################
+    # Lutim settings
+    ################
+
+    # put a way to contact you here and uncomment it
+    # mandatory
+    contact           => 'John Doe, admin[at]example.com',
+
+    # random string used to encrypt cookies
+    # mandatory
+    secrets           => ['fdjsofjoihrei'],
+
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    #theme         => 'default',
+
+    # length of the images random URL
+    # optional, default is 8
+    #length            => 8,
+
+    # length of the encryption key
+    # optional, default is 8
+    #crypto_key_length => 8,
+
+    # how many URLs will be provisioned in a batch ?
+    # optional, default is 5
+    #provis_step       => 5,
+
+    # max number of URLs to be provisioned
+    # optional, default is 100
+    #provisioning      => 100,
+
+    # anti-flood protection delay, in seconds
+    # users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds
+    # optional, default is 5
+    #anti_flood_delay  => 5,
+
+    # max image size, in octets
+    # you can write it 10*1024*1024
+    # optional, default is 10485760
+    max_file_size     => 1048576,
+
+    # if you want to have piwik statistics, provide a piwik image tracker
+    # only the image tracker is allowed, no javascript
+    # optional, no default
+    #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
+
+    # if you want to include something in the right of the screen, put it here
+    # here's an example to put the logo of your hoster
+    # optional, no default
+    #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
+
+    # DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
+    # Lutim now checks if the X-Forwarded-Proto header is present and equal to https.
+    # set to 1 if you use Lutim behind a secure web server
+    # optional, default is 0
+    #https             => 0,
+
+    # broadcast_message which will displayed on all pages of Lutim (but no in json response)
+    # optional, no default
+    broadcast_message => 'test broadcast message',
+
+    # array of authorized domains for API calls.
+    # if you want to authorize everyone to use the API: ['*']
+    # optional, no domains allowed by default
+    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+
+    # default time limit for files
+    # valid values are 0, 1, 7, 30 and 365
+    # optional, default is 0 (no limit)
+    default_delay     => 30,
+
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
+    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # a warning message will be displayed on homepage
+    # optional, default is 0 (no limit)
+    max_delay         => 200,
+
+    # if set to 1, all the images will be encrypted and the encryption option will no be displayed
+    # optional, default is 0
+    #always_encrypt    => 0,
+
+    # you can allow to use a watermark on the uploaded images (or enforce its use)
+    # define a path to the watermark image (provide an image with alpha channel)
+    # you can define the path relative to lutim directory or set an absolute path
+    # to disable the usage of a watermark, leave it blank or commented
+    # optional, no default
+    #watermark_path              => '',
+
+    # the watermark can be a tiling one or a single one
+    # when using a small one, you can choose where to place it
+    # valid values are 'Center', 'North', 'NorthEast', 'East', 'SouthEast', 'South', 'SouthWest', 'West' and 'NorthWest' (case insensitive)
+    # optional, default is 'SouthEast'
+    #watermark_placement => 'SouthEast',
+
+    # choose which watermark (tiling, single or none) should be used by default
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_default => 'none',
+
+    # choose which watermark (tiling, single or none) should be enforced (users will always have a watermark and won’t be able to disable it)
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_enforce => 'none',
+
+    # length of the image's delete token
+    # optional, default is 24
+    #token_length      => 24,
+
+    # URL sub-directory in which you want Lutim to be accessible
+    # example: you want to have Lutim under https://example.org/lutim/
+    # => set prefix to '/lutim' or to '/lutim/', it doesn't matter
+    # optional, defaut is /
+    #prefix            => '/',
+
+    # if set to 1, Lutim will try to prevent its use without using the web interface
+    # optional, default is 0
+    #disable_api => 0,
+
+    # Define a path to the upload directory, where the uploaded images will be stored
+    # You can define it relative to lutim directory or set an absolute path
+    # The path is stored in database for each uploaded file, so you’ll need to do some
+    # SQL commands if you change the upload_dir after getting images uploaded.
+    # Remember that it has to be in a directory writable by Lutim user
+    # optional, default is 'files'
+    #upload_dir => 'files',
+
+    # choose what database you want to use
+    # valid choices are sqlite and postgresql (all lowercase)
+    # optional, default is sqlite
+    dbtype => 'postgresql',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lutim directory or set an absolute path
+    # remember that it has to be in a directory writable by Lutim user
+    # optional, default is lutim.db
+    db_path           => 'testpg3.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    pgdb => {
+        database => 'lutim_db',
+        host     => 'postgres',
+        user     => 'lutim',
+        pwd      => 'lutim_pwd'
+    },
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    minion => {
+        enabled => 1,
+        # Which Minion backend to use?
+        # valid values are sqlite and postgresql (all lowercase)
+        # mandatory if Minion is enabled, default is sqlite
+        dbtype  => 'postgresql',
+        # SQLite ONLY - only used if if you choose sqlite as Minion backend, define the path to the minion database
+        # you can define it relative to lutim directory or set an absolute path
+        # remember that it has to be in a directory writable by Lutim user
+        # optional, default is minion.db
+        db_path => 'minion.db',
+        # PostgreSQL ONLY - only used if you choose postgresql as Minion backend
+        # these are the credentials to access the Minion's PostgreSQL database
+        # mandatory if you choosed postgresql as Minion backend, no default
+        pgdb => {
+            database => 'lutim_minion',
+            host     => 'postgres',
+            user     => 'lutim',
+            pwd      => 'lutim_pwd'
+        }
+    },
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
+    # define the height of the thumbnails generated at users' will
+    # this is not the height of the thumbnails send after upload,
+    # we're talking about thumbnails generated when someone asked for
+    # https://example.org/lutim/tesrinp?thumb
+    # this works only if you have ImageMagick
+    # optional, default is 100 (pixels)
+    #thumbnail_size => 100,
+
+    # maximum number of files that can be downloaded as a single zip archive
+    # if too many files are asked, it results a timeout, so Lutim split the zip URL
+    # in multiple URLs, each with max_file_size images.
+    # timeout behavior depends heavily on your server ressources (CPU) and if images
+    # are encrypted
+    # optional, default is 15
+    #max_files_in_zip => 15,
+
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lutim
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lutim
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
+    ##########################
+    # Lutim cron jobs settings
+    ##########################
+
+    # number of days shown in /stats page (used with script/lutim cron stats)
+    # optional, default is 365
+    #stats_day_num     => 365,
+
+    # number of days senders' IP addresses are kept in database
+    # after that delay, they will be deleted from database (used with script/lutim cron cleanbdd)
+    # optional, default is 365
+    #keep_ip_during    => 365,
+
+    # max size of the files directory, in octets
+    # used by script/lutim cron watch to trigger an action
+    # optional, no default
+    max_total_size    => 10*1024*1024*1024,
+
+    # default action when files directory is over max_total_size (used with script/lutim cron watch)
+    # valid values are 'warn', 'stop-upload' and 'delete'
+    # please, see readme
+    # optional, default is 'warn'
+    #policy_when_full  => 'warn',
+
+    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # optional, no default
+    #delete_no_longer_viewed_files => 90
+};

t/sqlite1.conf

@@ -0,0 +1,324 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+    ####################
+    # Hypnotoad settings
+    ####################
+    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+    hypnotoad => {
+        # array of IP addresses and ports you want to listen to
+        listen => ['http://127.0.0.1:8080'],
+        # if you use Lutim behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lutim directly, let it commented
+        #proxy  => 1,
+    },
+
+    ################
+    # Lutim settings
+    ################
+
+    # put a way to contact you here and uncomment it
+    # mandatory
+    contact           => 'John Doe, admin[at]example.com',
+
+    # random string used to encrypt cookies
+    # mandatory
+    secrets           => ['fdjsofjoihrei'],
+
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    #theme         => 'default',
+
+    # length of the images random URL
+    # optional, default is 8
+    #length            => 8,
+
+    # length of the encryption key
+    # optional, default is 8
+    #crypto_key_length => 8,
+
+    # how many URLs will be provisioned in a batch ?
+    # optional, default is 5
+    #provis_step       => 5,
+
+    # max number of URLs to be provisioned
+    # optional, default is 100
+    #provisioning      => 100,
+
+    # anti-flood protection delay, in seconds
+    # users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds
+    # optional, default is 5
+    #anti_flood_delay  => 5,
+
+    # max image size, in octets
+    # you can write it 10*1024*1024
+    # optional, default is 10485760
+    max_file_size     => 1048576,
+
+    # if you want to have piwik statistics, provide a piwik image tracker
+    # only the image tracker is allowed, no javascript
+    # optional, no default
+    #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
+
+    # if you want to include something in the right of the screen, put it here
+    # here's an example to put the logo of your hoster
+    # optional, no default
+    #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
+
+    # DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
+    # Lutim now checks if the X-Forwarded-Proto header is present and equal to https.
+    # set to 1 if you use Lutim behind a secure web server
+    # optional, default is 0
+    #https             => 0,
+
+    # broadcast_message which will displayed on all pages of Lutim (but no in json response)
+    # optional, no default
+    broadcast_message => 'test broadcast message',
+
+    # array of authorized domains for API calls.
+    # if you want to authorize everyone to use the API: ['*']
+    # optional, no domains allowed by default
+    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+
+    # default time limit for files
+    # valid values are 0, 1, 7, 30 and 365
+    # optional, default is 0 (no limit)
+    default_delay     => 30,
+
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
+    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # a warning message will be displayed on homepage
+    # optional, default is 0 (no limit)
+    max_delay         => 200,
+
+    # if set to 1, all the images will be encrypted and the encryption option will no be displayed
+    # optional, default is 0
+    #always_encrypt    => 0,
+
+    # you can allow to use a watermark on the uploaded images (or enforce its use)
+    # define a path to the watermark image (provide an image with alpha channel)
+    # you can define the path relative to lutim directory or set an absolute path
+    # to disable the usage of a watermark, leave it blank or commented
+    # optional, no default
+    #watermark_path              => '',
+
+    # the watermark can be a tiling one or a single one
+    # when using a small one, you can choose where to place it
+    # valid values are 'Center', 'North', 'NorthEast', 'East', 'SouthEast', 'South', 'SouthWest', 'West' and 'NorthWest' (case insensitive)
+    # optional, default is 'SouthEast'
+    #watermark_placement => 'SouthEast',
+
+    # choose which watermark (tiling, single or none) should be used by default
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_default => 'none',
+
+    # choose which watermark (tiling, single or none) should be enforced (users will always have a watermark and won’t be able to disable it)
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_enforce => 'none',
+
+    # length of the image's delete token
+    # optional, default is 24
+    #token_length      => 24,
+
+    # URL sub-directory in which you want Lutim to be accessible
+    # example: you want to have Lutim under https://example.org/lutim/
+    # => set prefix to '/lutim' or to '/lutim/', it doesn't matter
+    # optional, defaut is /
+    #prefix            => '/',
+
+    # if set to 1, Lutim will try to prevent its use without using the web interface
+    # optional, default is 0
+    #disable_api => 0,
+
+    # Define a path to the upload directory, where the uploaded images will be stored
+    # You can define it relative to lutim directory or set an absolute path
+    # The path is stored in database for each uploaded file, so you’ll need to do some
+    # SQL commands if you change the upload_dir after getting images uploaded.
+    # Remember that it has to be in a directory writable by Lutim user
+    # optional, default is 'files'
+    #upload_dir => 'files',
+
+    # choose what database you want to use
+    # valid choices are sqlite and postgresql (all lowercase)
+    # optional, default is sqlite
+    dbtype => 'sqlite',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lutim directory or set an absolute path
+    # remember that it has to be in a directory writable by Lutim user
+    # optional, default is lutim.db
+    db_path           => 'testsqlite1.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    #pgdb => {
+    #    database => 'lutim',
+    #    host     => 'localhost',
+    #    #user     => 'DBUSER',
+    #    #pwd      => 'DBPASSWORD'
+    #},
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    #minion => {
+    #    enabled => 0,
+    #    # Which Minion backend to use?
+    #    # valid values are sqlite and postgresql (all lowercase)
+    #    # mandatory if Minion is enabled, default is sqlite
+    #    dbtype  => 'sqlite',
+    #    # SQLite ONLY - only used if if you choose sqlite as Minion backend, define the path to the minion database
+    #    # you can define it relative to lutim directory or set an absolute path
+    #    # remember that it has to be in a directory writable by Lutim user
+    #    # optional, default is minion.db
+    #    db_path => 'minion.db',
+    #    # PostgreSQL ONLY - only used if you choose postgresql as Minion backend
+    #    # these are the credentials to access the Minion's PostgreSQL database
+    #    # mandatory if you choosed postgresql as Minion backend, no default
+    #    pgdb => {
+    #        database => 'lutim_minion',
+    #        host     => 'localhost',
+    #        #user     => 'DBUSER',
+    #        #pwd      => 'DBPASSWORD'
+    #    }
+    #},
+
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    #ldap => {
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
+    #},
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lutim.passwd user`, update it with `htpasswd lutim.passwd user2`
+    # make sure that lutim can read the file!
+    # optional, no default
+    #htpasswd => 'lutim.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
+    # define the height of the thumbnails generated at users' will
+    # this is not the height of the thumbnails send after upload,
+    # we're talking about thumbnails generated when someone asked for
+    # https://example.org/lutim/tesrinp?thumb
+    # this works only if you have ImageMagick
+    # optional, default is 100 (pixels)
+    #thumbnail_size => 100,
+
+    # maximum number of files that can be downloaded as a single zip archive
+    # if too many files are asked, it results a timeout, so Lutim split the zip URL
+    # in multiple URLs, each with max_file_size images.
+    # timeout behavior depends heavily on your server ressources (CPU) and if images
+    # are encrypted
+    # optional, default is 15
+    #max_files_in_zip => 15,
+
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lutim
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lutim
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
+    ##########################
+    # Lutim cron jobs settings
+    ##########################
+
+    # number of days shown in /stats page (used with script/lutim cron stats)
+    # optional, default is 365
+    #stats_day_num     => 365,
+
+    # number of days senders' IP addresses are kept in database
+    # after that delay, they will be deleted from database (used with script/lutim cron cleanbdd)
+    # optional, default is 365
+    #keep_ip_during    => 365,
+
+    # max size of the files directory, in octets
+    # used by script/lutim cron watch to trigger an action
+    # optional, no default
+    max_total_size    => 10*1024*1024*1024,
+
+    # default action when files directory is over max_total_size (used with script/lutim cron watch)
+    # valid values are 'warn', 'stop-upload' and 'delete'
+    # please, see readme
+    # optional, default is 'warn'
+    #policy_when_full  => 'warn',
+
+    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # optional, no default
+    #delete_no_longer_viewed_files => 90
+};

t/sqlite2.conf

@@ -0,0 +1,324 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+    ####################
+    # Hypnotoad settings
+    ####################
+    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+    hypnotoad => {
+        # array of IP addresses and ports you want to listen to
+        listen => ['http://127.0.0.1:8080'],
+        # if you use Lutim behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lutim directly, let it commented
+        #proxy  => 1,
+    },
+
+    ################
+    # Lutim settings
+    ################
+
+    # put a way to contact you here and uncomment it
+    # mandatory
+    contact           => 'John Doe, admin[at]example.com',
+
+    # random string used to encrypt cookies
+    # mandatory
+    secrets           => ['fdjsofjoihrei'],
+
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    #theme         => 'default',
+
+    # length of the images random URL
+    # optional, default is 8
+    #length            => 8,
+
+    # length of the encryption key
+    # optional, default is 8
+    #crypto_key_length => 8,
+
+    # how many URLs will be provisioned in a batch ?
+    # optional, default is 5
+    #provis_step       => 5,
+
+    # max number of URLs to be provisioned
+    # optional, default is 100
+    #provisioning      => 100,
+
+    # anti-flood protection delay, in seconds
+    # users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds
+    # optional, default is 5
+    #anti_flood_delay  => 5,
+
+    # max image size, in octets
+    # you can write it 10*1024*1024
+    # optional, default is 10485760
+    max_file_size     => 1048576,
+
+    # if you want to have piwik statistics, provide a piwik image tracker
+    # only the image tracker is allowed, no javascript
+    # optional, no default
+    #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
+
+    # if you want to include something in the right of the screen, put it here
+    # here's an example to put the logo of your hoster
+    # optional, no default
+    #hosted_by         => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
+
+    # DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
+    # Lutim now checks if the X-Forwarded-Proto header is present and equal to https.
+    # set to 1 if you use Lutim behind a secure web server
+    # optional, default is 0
+    #https             => 0,
+
+    # broadcast_message which will displayed on all pages of Lutim (but no in json response)
+    # optional, no default
+    broadcast_message => 'test broadcast message',
+
+    # array of authorized domains for API calls.
+    # if you want to authorize everyone to use the API: ['*']
+    # optional, no domains allowed by default
+    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+
+    # default time limit for files
+    # valid values are 0, 1, 7, 30 and 365
+    # optional, default is 0 (no limit)
+    default_delay     => 30,
+
+    # comma-separated values proposed for delays
+    # optional, default is '0,1,7,30,365'
+    #proposed_delays         => '0,1,7,30,365',
+
+    # number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+    # a warning message will be displayed on homepage
+    # optional, default is 0 (no limit)
+    max_delay         => 200,
+
+    # if set to 1, all the images will be encrypted and the encryption option will no be displayed
+    # optional, default is 0
+    #always_encrypt    => 0,
+
+    # you can allow to use a watermark on the uploaded images (or enforce its use)
+    # define a path to the watermark image (provide an image with alpha channel)
+    # you can define the path relative to lutim directory or set an absolute path
+    # to disable the usage of a watermark, leave it blank or commented
+    # optional, no default
+    #watermark_path              => '',
+
+    # the watermark can be a tiling one or a single one
+    # when using a small one, you can choose where to place it
+    # valid values are 'Center', 'North', 'NorthEast', 'East', 'SouthEast', 'South', 'SouthWest', 'West' and 'NorthWest' (case insensitive)
+    # optional, default is 'SouthEast'
+    #watermark_placement => 'SouthEast',
+
+    # choose which watermark (tiling, single or none) should be used by default
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_default => 'none',
+
+    # choose which watermark (tiling, single or none) should be enforced (users will always have a watermark and won’t be able to disable it)
+    # valid values are 'tiling', 'single' or 'none' (case insensitive)
+    # optional, default is 'none'
+    #watermark_enforce => 'none',
+
+    # length of the image's delete token
+    # optional, default is 24
+    #token_length      => 24,
+
+    # URL sub-directory in which you want Lutim to be accessible
+    # example: you want to have Lutim under https://example.org/lutim/
+    # => set prefix to '/lutim' or to '/lutim/', it doesn't matter
+    # optional, defaut is /
+    #prefix            => '/',
+
+    # if set to 1, Lutim will try to prevent its use without using the web interface
+    # optional, default is 0
+    #disable_api => 0,
+
+    # Define a path to the upload directory, where the uploaded images will be stored
+    # You can define it relative to lutim directory or set an absolute path
+    # The path is stored in database for each uploaded file, so you’ll need to do some
+    # SQL commands if you change the upload_dir after getting images uploaded.
+    # Remember that it has to be in a directory writable by Lutim user
+    # optional, default is 'files'
+    #upload_dir => 'files',
+
+    # choose what database you want to use
+    # valid choices are sqlite and postgresql (all lowercase)
+    # optional, default is sqlite
+    dbtype => 'sqlite',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lutim directory or set an absolute path
+    # remember that it has to be in a directory writable by Lutim user
+    # optional, default is lutim.db
+    db_path           => 'testsqlite2.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    #pgdb => {
+    #    database => 'lutim',
+    #    host     => 'localhost',
+    #    #user     => 'DBUSER',
+    #    #pwd      => 'DBPASSWORD'
+    #},
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    minion => {
+        enabled => 1,
+    #    # Which Minion backend to use?
+    #    # valid values are sqlite and postgresql (all lowercase)
+    #    # mandatory if Minion is enabled, default is sqlite
+    #    dbtype  => 'sqlite',
+    #    # SQLite ONLY - only used if if you choose sqlite as Minion backend, define the path to the minion database
+    #    # you can define it relative to lutim directory or set an absolute path
+    #    # remember that it has to be in a directory writable by Lutim user
+    #    # optional, default is minion.db
+    #    db_path => 'minion.db',
+    #    # PostgreSQL ONLY - only used if you choose postgresql as Minion backend
+    #    # these are the credentials to access the Minion's PostgreSQL database
+    #    # mandatory if you choosed postgresql as Minion backend, no default
+    #    pgdb => {
+    #        database => 'lutim_minion',
+    #        host     => 'localhost',
+    #        #user     => 'DBUSER',
+    #        #pwd      => 'DBPASSWORD'
+    #    }
+    },
+
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    #ldap => {
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
+    #},
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lutim.passwd user`, update it with `htpasswd lutim.passwd user2`
+    # make sure that lutim can read the file!
+    # optional, no default
+    #htpasswd => 'lutim.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # disable counters of images
+    # set to 1 to disable counters
+    # optional, counters are enabled by default
+    #disable_img_stats => 0,
+
+    # define the height of the thumbnails generated at users' will
+    # this is not the height of the thumbnails send after upload,
+    # we're talking about thumbnails generated when someone asked for
+    # https://example.org/lutim/tesrinp?thumb
+    # this works only if you have ImageMagick
+    # optional, default is 100 (pixels)
+    #thumbnail_size => 100,
+
+    # maximum number of files that can be downloaded as a single zip archive
+    # if too many files are asked, it results a timeout, so Lutim split the zip URL
+    # in multiple URLs, each with max_file_size images.
+    # timeout behavior depends heavily on your server ressources (CPU) and if images
+    # are encrypted
+    # optional, default is 15
+    #max_files_in_zip => 15,
+
+    # maximum size (in MB) of memory allowed for the image cache
+    # Lutim has a built-in memory-based image cache to accelerate responses to often-viewed images.
+    # This setting makes the cache remove oldest viewed image if the cache size is over it.
+    # WARNING: a cache is created for each hypnotoad worker, which by default is twice the number of
+    # CPUs you have. See http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers for details
+    # So, if you have 4 workers and set cache_max_size to 100, the real maximum size of RAM used for
+    # cache is 400MB.
+    # If set to 0, the cache is disabled
+    # optional, default is 0
+    #cache_max_size => 0,
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the use of memcached is disabled.
+    # If you use memcached, the internal cache (see cache_max_size option above) will not be used.
+    # Please see https://framagit.org/fiat-tux/hat-softwares/lutim/-/wikis/memcached to know how to configure your memcached
+    # servers.
+    # exemple of valid value: ['127.0.0.1:11211']
+    # optional, default is []
+    #memcached_servers => [],
+
+    # enable or disable Lutim built-in logs
+    # set to 1 to disable logs
+    # optional, default is 0
+    #quiet_logs => 0,
+
+    # Content-Security-Policy header that will be sent by Lutim
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    # NB: unsafe-inline for script-src and style-src are here only because morris,
+    # the graph library used in the stats page requires it
+    # the default value is good for `default` theme
+    #csp => "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'",
+
+    # X-Frame-Options header that will be sent by Lutim
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lutim
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # if set, the uploaded images will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
+    ##########################
+    # Lutim cron jobs settings
+    ##########################
+
+    # number of days shown in /stats page (used with script/lutim cron stats)
+    # optional, default is 365
+    #stats_day_num     => 365,
+
+    # number of days senders' IP addresses are kept in database
+    # after that delay, they will be deleted from database (used with script/lutim cron cleanbdd)
+    # optional, default is 365
+    #keep_ip_during    => 365,
+
+    # max size of the files directory, in octets
+    # used by script/lutim cron watch to trigger an action
+    # optional, no default
+    max_total_size    => 10*1024*1024*1024,
+
+    # default action when files directory is over max_total_size (used with script/lutim cron watch)
+    # valid values are 'warn', 'stop-upload' and 'delete'
+    # please, see readme
+    # optional, default is 'warn'
+    #policy_when_full  => 'warn',
+
+    # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+    # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+    # optional, no default
+    #delete_no_longer_viewed_files => 90
+};