Updated documentation

docs/changelog.rst

@@ -8,6 +8,25 @@ Overview of all Changes
 -----------------------
 
 
+v1.5.1: 10 Mar 2022
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* Fixed that selection of remote storage was not available during intitial setup
+* Fixed that "bind to localhost" could be selected on docker image during initial setup
+* Fixed that with Level 1 encryption remote files were encrypted as well
+* If Gokapi is hosted under a https URL, the serviceworker for remote decryption is now included, which fixes that Firefox users with restrictive settings could not download encrypted files from remote storage
+* Design improvements by @mraif13
+
+
+v1.5.0: 08 Mar 2022
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* Minimum version for upgrading is 1.3
+* Encryption support for local and remote files
+* Additional authentication methods: Header-Auth, OIDC and Reverse Proxy
+* Option to allow unlimited downloads of files
+* The configuration file has been partly replaced with a database. After the first start, the configuration file may be read-only
+* A web-based setup instead of command line
+
+
 v1.3.1: 03 Jul 2021
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 * Default upload limit is now 100GB and can be changed with environment variables on first start

docs/setup.rst

@@ -23,7 +23,7 @@ Stable version
 Unstable version
 """""""""""""""""
 
-Only recommended if you have expierence with the command line. Go 1.16+ needs to be installed.
+Only recommended if you have expierence with the command line. Go 1.18+ needs to be installed.
 
 Create a new folder and in this folder execute 
 ::
@@ -78,7 +78,7 @@ With the argument ``-p 127.0.0.1:53842:53842`` the service will only be accessib
 Initial Setup
 ^^^^^^^^^^^^^^^
 
-During the first start, a new configuration file will be created and you will be asked for several inputs.
+During the first start, a new configuration file will be created and you will be asked for several inputs. With your webbrowser open ``http://localhost:53842/setup`` (or the appropriate URL) and follow the setup.
 
 
 
@@ -88,7 +88,7 @@ Webserver
 The following configuration can be set:
 
 -  **Bind to localhost** Only allow the server to be accessed from the machine it is running on. Select this if you are running Gokapi behind a reverse proxy or for testing purposes
--  **Use SSL** Generates a self-signed SSL certificate (which can be replaced with a valid one). Select this if you are not running Gokapi behind a reverse proxy
+-  **Use SSL** Generates a self-signed SSL certificate (which can be replaced with a valid one). Select this if you are not running Gokapi behind a reverse proxy. Please note: Gokapi needs to be restarted in order to renew a certificate.
 -  **Webserver Port** Set the port that Gokapi can be accessed on
 -  **Public Facing URL** Enter the URL where users from an external network can use to reach Gokapi. The URL will be used for generating download links
 -  **Redirection URL**  By default Gokapi redirects to this URL instead of showing a generic page if no download link was passed
@@ -124,7 +124,7 @@ Use this to authenticate with an OIDC server, eg. Google, Github or an internal
 |               | Separate users with a semicolon or leave blank to allow any authenticated user  |                                             |
 +---------------+---------------------------------------------------------------------------------+---------------------------------------------+
 
-When creating an OIDC client on the server, you will need to provide a **redirection URL**. Enter http(s)://[gokapi URL]/oauth-callback
+When creating an OIDC client on the server, you will need to provide a **redirection URL**. Enter ``http[s]://[gokapi URL]/oauth-callback``
 
 You can find a guide on how to create an OIDC client with Github at `Setting up GitHub OAuth 2.0 <https://docs.readme.com/docs/setting-up-github-oauth>`_ and a guide for Google at `Setting up OAuth 2.0 <https://support.google.com/cloud/answer/6158849>`_.
 
@@ -134,7 +134,7 @@ Header Authentication
 
 Only use this if you are running Gokapi behind a reverse proxy that is capable of authenticating users, e.g. by using Authelia or Authentik.
 
-Enter the key of the header that returns the username. For Authelia this would be ``Remote-User`` and for Authentik `` X-authentik-username``.
+Enter the key of the header that returns the username. For Authelia this would be ``Remote-User`` and for Authentik ``X-authentik-username``.
 Separate users with a semicolon or leave blank to allow any authenticated user, e.g. ``[email protected];[email protected]``
 
 
@@ -152,14 +152,14 @@ This option disables Gokapis internal authentication completely, except for API
 - ``/delete``
 - ``/upload``
 
-**Warning:** This option has potential to be dangerous, only proceed if you know what you are doing!
+**Warning:** This option has potential to be *very* dangerous, only proceed if you know what you are doing!
 
 
 
 Storage
 """"""""""""""
 
-Here you can choose where uploaded files shall be stored
+Here you can choose where uploaded files shall be stored. Use the option to always store image files to the local storage, if you want to use encryption for cloudstorage, but require hotlink support. 
 
 Local Storage
 *********************
@@ -172,7 +172,7 @@ Stores files locally in the subdirectory ``data`` by default.
 Cloudstorage
 *********************
 
-Stores files remotely on an S3 compatible server, e.g. Amazon AWS S3 or Backblaze B2. Please note that currently no native encryption is available for Gokapi, therefore all files will be stored in plain text on the cloud server.
+Stores files remotely on an S3 compatible server, e.g. Amazon AWS S3 or Backblaze B2. Please note that files will be stored in plain-text, if no encryption is selected later on.
 
 
 It is highly recommended to create a new bucket for Gokapi and set it to "private", so that no file can be downloaded externally. For each download request Gokapi will create a public URL that is only valid for a couple of seconds, so that the file can be downloaded from the external server directly instead of routing it through the local server.

docs/usage.rst

@@ -31,7 +31,7 @@ Sharing files
 
 Once you uploaded an file, you will see the options *Copy URL* and *Copy Hotlink*. By clicking on *Copy URL*, you copy the URL for the Download page to your clipboard. A user can then download the file from that page.
 
-If you uploaded an image, you can also use the *Copy Hotlink* button. The hotlink URL is a direct link to the image and can for example be posted on a forum or on a website. Each view counts as a download. Although Gokapi sets a Header to explicitly disallow caching, some browsers or external caches may still cache the image if they are not complient.
+If a file does not require client-side decryption, you can also use the *Copy Hotlink* button. The hotlink URL is a direct link to the file and can for example be posted as an image on a forum or on a website. Each view counts as a download. Although Gokapi sets a Header to explicitly disallow caching, some browsers or external caches may still cache the image if they are not complient.
 
 
 File deletion

internal/configuration/setup/templates/setup.tmpl

@@ -407,7 +407,7 @@ function TestAWS(button) {
 					<ul>
 					  <li>All files are stored in plain text on the local or remote server</li>
 					  <li>Uses the least ressources</li>
-					  <li>Supports hotlinks to images</li>
+					  <li>Supports hotlinks to files</li>
 					  <li>Supports download progress bar</li>
 					  <li>Gokapi starts without user input</li>
 					</ul></p>
@@ -418,7 +418,7 @@ function TestAWS(button) {
 					<ul>
 					  <li>Local files are encrypted, remote files (S3) are stored in plain text</li>
 					  <li>Decryption is done server-side</li>
-					  <li>Supports hotlinks to images</li>
+					  <li>Supports hotlinks to files</li>
 					  <li>Does not support download progress bar</li>
 					  <li>Gokapi starts without user input</li>
 					  <li><b>Warning:</b> Password can be read with access to Gokapi configuration</li>
@@ -431,10 +431,10 @@ function TestAWS(button) {
 					<ul>
 					  <li>Local files are encrypted, remote files (S3) are stored in plain text</li>
 					  <li>Decryption is done server-side</li>
-					  <li>Supports hotlinks to images</li>
+					  <li>Supports hotlinks to files</li>
 					  <li>Does not support download progress bar</li>
 					  <li>Password cannot be read with access to Gokapi configuration</li>
-					  <li><b>Warning:</b> Gokapi requires user input to start</li>
+					  <li><span style="color:red"><b>Warning:</b></span> Gokapi requires user input to start</li>
 					  <li><b>Warning:</b> Encryption has not been audited.</li>
 					</ul></p>
 					</div>
@@ -445,7 +445,7 @@ function TestAWS(button) {
 					  <li>All files are encrypted</li>
 					  <li>Decryption for local files is done server-side</li>
 					  <li>Decryption for remote files (S3) is done client-side, requires 2MB file to load on first visit</li>
-					  <li>Only supports hotlinks to images saved locally</li>
+					  <li>Only supports hotlinks to files saved locally</li>
 					  <li>Does not support download progress bar</li>
 					  <li>Gokapi starts without user input</li>
 					  <li><b>Important:</b> For remote storage, CORS settings for the bucket need to allow access from the Gokapi URL</li>
@@ -460,11 +460,11 @@ function TestAWS(button) {
 					  <li>All files are encrypted</li>
 					  <li>Decryption for local files is done server-side</li>
 					  <li>Decryption for remote files (S3) is done client-side, requires 2MB file to load on first visit</li>
-					  <li>Only supports hotlinks to images saved locally</li>
+					  <li>Only supports hotlinks to files saved locally</li>
 					  <li>Does not support download progress bar</li>
 					  <li>Password cannot be read with access to Gokapi configuration</li>
 					  <li><b>Important:</b> For remote storage, CORS settings for the bucket need to allow access from the Gokapi URL</li>
-					  <li><b>Warning:</b> Gokapi requires user input to start</li>
+					  <li><span style="color:red"><b>Warning:</b></span> Gokapi requires user input to start</li>
 					  <li><b>Warning:</b> Encryption has not been audited.</li>
 					</ul></p>
 					</div>
@@ -475,7 +475,7 @@ function TestAWS(button) {
 					<ul>
 					  <li>All files are encrypted end-to-end</li>
 					  <li>Encryption and decryption is done client-side and requires 2MB file to load on first visit</li>
-					  <li>Does not support hotlinks to images</li>
+					  <li>Does not support hotlinks to files</li>
 					  <li>Does not support download progress bar</li>
 					  <li>Gokapi starts without user input</li>
 					  <li>Password cannot be read with access to Gokapi configuration</li>