Config Hub Reference - softerfish/fyuhls GitHub Wiki

Config Hub Reference

Config Hub is the main settings surface for fyuhls.

Tabs:

  • General
  • Security
  • Email
  • Storage
  • Monetization
  • SEO
  • Cron
  • Downloads
  • Uploads
  • Link Checker

General

Use this for:

  • site name
  • registration behavior
  • maintenance mode
  • email verification requirements
  • reserved usernames
  • footer branding
  • FFmpeg path and enablement
  • demo mode

Notes:

  • maintenance mode still respects the revalidated admin auth path
  • demo mode is designed for controlled read-only walkthroughs, not normal operations

Security

Use this for:

  • encryption notices and migration visibility
  • VPN and proxy handling
  • Cloudflare trust behavior
  • Turnstile and captcha placements
  • rate limits
  • 2FA policy
  • database drift and schema health visibility

Current structure to remember:

  • Identity & VPN holds Protection Mode, ProxyCheck key, whitelist, and login or registration rate limits
  • Two-Factor Authentication is saved separately inside the Security area
  • Captcha stores Turnstile keys and placements
  • Cloudflare handles trusted-header behavior and IP-range sync
  • Migration and Database Health are action areas, not normal settings forms

The Security area can now also surface migration and database-health notices into:

  • the Security tab badge
  • the main Config Hub sidebar notice
  • Attention Needed on the admin dashboard

Protection Mode now has three clear states:

  • None: do not query ProxyCheck and do not block VPN/proxy traffic
  • Enforcement: block suspicious VPN/proxy traffic before it reaches normal app flows
  • Intelligence: query ProxyCheck and store the result for fraud scoring without blocking by itself

Email

Use this for:

  • SMTP host, port, auth, and encryption mode
  • sender address
  • email rate limit
  • SMTP test connection
  • test email sending
  • system email templates

The app validates SMTP host and port more aggressively now, including private-address safety checks.

When mail is partly configured but still failing, the admin dashboard can surface SMTP Failures instead of only the older "SMTP Missing" style warning.

Storage

Use this for:

  • server inventory
  • active and read-only status
  • capacity planning
  • migration entry points
  • provider-specific setup notes

Detailed operational guidance lives in Storage Nodes.

Monetization

Use this for:

  • rewards enablement
  • affiliate enablement
  • PPD and PPS model settings
  • retention windows
  • payout methods
  • Stripe and PayPal settings

Payment gateway readiness is stricter now:

  • Stripe is only treated as ready when it is enabled and has a saved secret key
  • PayPal is only treated as ready when it is enabled and has a saved client ID and client secret
  • the PayPal sandbox toggle only switches environment; it does not enable checkout by itself

When rewards are enabled, cron also controls:

  • reward queue flush
  • reward rollup
  • fraud scoring
  • held-earnings clearance
  • fraud event cleanup

SEO

Use this for:

  • canonical base URL
  • homepage metadata
  • sitemap output
  • robots behavior
  • verification tags
  • custom head code

Current behavior:

  • the app uses a more trustworthy base URL path than older host-derived fallbacks
  • internal page indexing controls are stronger

Cron

Use this for:

  • heartbeat visibility
  • task intervals
  • last-run timestamps
  • manual task execution

If a task shows Never, check:

  • whether the cron command path is correct
  • whether the code deployed to the cron path matches the live install
  • whether the feature gate for that task is enabled

Downloads

Use this for:

  • account-required downloads
  • country download blocks
  • active download tracking
  • remote URL background processing
  • CDN redirect behavior
  • Nginx completion log path
  • Nginx completion retention and ingestion limits
  • stream support

This is also where the operator-facing rules behind the shared download-state pages live, including:

  • account-required downloads
  • region blocking
  • VPN/proxy enforcement mode effects
  • link-generation and delivery behavior
  • download-page save actions

Current safety rules:

  • CDN base URL must be a clean absolute HTTPS origin
  • Nginx completion log path is validated much more strictly

Human-facing download-state pages are now more unified, so blocked, missing, private, and unavailable states stay closer to the normal file page layout and ad behavior.

Uploads

Use this for:

  • allowed extensions
  • concurrent upload behavior
  • chunking
  • duplicate detection
  • guest upload rules
  • hide upload popup behavior
  • original filename in URL behavior
  • download-page save actions for free, premium, and admin users

Deduplication now deserves special operator attention:

  • it reuses an existing stored object when the uploaded file hash already exists
  • it still creates a separate file record for the user
  • it still counts against that user's storage quota

That means dedup saves backend storage without turning separate user uploads into one shared file record.

Link Checker

Use this for:

  • enabling or disabling the public footer link checker
  • setting the maximum links per check
  • setting the maximum links processed per second per IP
  • allowing or disallowing Copy To Account from the checker

The public checker is intentionally narrower and safer than an old-school file-host enumerator:

  • non-public or unavailable file states collapse into generic availability results
  • the footer link disappears when the checker is disabled
  • copy-to-account is optional and controlled here

Operator habit

When changing Config Hub settings:

  • save one category at a time
  • test the related user flow immediately
  • if the setting affects storage, downloads, rewards, or email, check cron and status after the change
⚠️ **GitHub.com Fallback** ⚠️