Thomas Lynch
7d87819ad4
Update node-fetch dependency for security advisory https://npmjs.com/advisories/1556
4 years ago
Thomas Lynch
2d1af818aa
Update some deps
4 years ago
Thomas Lynch
14dc090e08
Migration, and a change that will make it not get completely destroyed by ddos over TOR
4 years ago
some random guy
e30ec2737e
normalize IP addresses
...
Currently jschan takes the IP address as a string from the `X-Real-Ip` header,
which based on the frontend proxy configuration, OS settings, etc. can take
various forms:
IPv4 addresses can be given in normal IPv4 dotted notation (e.g. `1.2.3.4`) or
as an IPv4-mapped IPv6 address (e.g. `::ffff:1.2.3.4`). The problem is, that in
the latter case, node's `isIP` will report 6, so the code will try to split it
along colons, breaking hrange and qrange.
With IPv6 addresses, it's possible to elide runs of zeroes, so `::1` and
`0:0:0:0:0:0:0:1` (and also `0000:0000:0000:0000:0000:0000:0000:0001`)
represents the same address. Since it's pretty easy to get a /64 IPv6 block, a
spammer can abuse it, by spamming from `a🅱️ c:d::1` (`qrange=a🅱️ c:d`,
`hrange=a🅱️ c`), then from `a🅱️ c:d::1:1` (`qrange=a🅱️ c:d:`, `hrange=a🅱️ c`),
`a🅱️ c:d::1:1:1` (`qrange=a🅱️ c:d::1`, `hrange=a🅱️ c:d`) and
`a🅱️ c:d:1:1:1:1` (`qrange=a🅱️ c:d:1:1`, `hrange=a🅱️ c:d`). He practically got
two hranges and qrange is pretty much pointless for IPv6 addresses.
This change uses the `ip6addr` package to parse IP addresses and convert it to
some canonical form. This means:
* IPv4 and IPv4-mapped IPv6 addresses are converted to normal IPv4 notation.
* Zero are not elided in IPv6 (so you'll never see `::`).
* IPv6 addresses are not zero padded (so `..:1` instead of `..:0001`).
* Even though it's not documented, it seems like `ip6addr` always generates
lower-case letters.
This will unfortunately mean that some IP hashes may change after the update.
Normal IPv4 hashes will most probably remain the same though.
4 years ago
Thomas Lynch
1f7e670c7c
modlog records for non-delete actions now link to posts closes #193
4 years ago
Thomas Lynch
8935ca5c28
Customisable header for IP and country code, and improve how country names are handled
4 years ago
Thomas Lynch
f4717b35a3
explicit version for express-fileupload, which should now be fixed
4 years ago
Thomas Lynch
39bbedfe53
Get session in websocket
4 years ago
Thomas Lynch
9f47b05f0d
update deps
4 years ago
Thomas Lynch
ce0bfab6c2
switch to getting packages from gitgud.io
4 years ago
Thomas Lynch
708a6e0b9b
remove dupe dependency with same path
4 years ago
dependabot-preview[bot]
d4705d6f3c
Bump bcrypt from 4.0.1 to 5.0.0 ( #166 )
...
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js ) from 4.0.1 to 5.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases )
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
Thomas Lynch
e6f11478ee
Dev auto reset triggers ( #152 )
...
* dev-auto-reset-triggers to test auto resetting trigger action at end of each hour references #130
* migration and comment change
* migrateVersion change
4 years ago
fatchan
5fde07163c
start on migration file and fixing ban index
4 years ago
fatchan
f4ca3563d5
Sage only email without force anon reference #130
4 years ago
fatchan
a35959a092
Sage only email without force anon reference #130
4 years ago
Thomas Lynch
b32f3a76c0
bring across dependabot merges ( #147 )
...
* Bump ioredis from 4.16.3 to 4.17.1
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.3 to 4.17.1.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.3...v4.17.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump sanitize-html from 1.23.0 to 1.24.0
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump pug from 2.0.4 to 3.0.0
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump mongodb from 3.5.7 to 3.5.8
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native ) from 3.5.7 to 3.5.8.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases )
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md )
- [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
c1ea23a6a8
Bump pug from 2.0.4 to 3.0.0
...
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
9f44f8aabc
country blocking per board
4 years ago
fatchan
8d49e2d815
Webring proxy support
4 years ago
fatchan
7b3b416cd6
add new migration
4 years ago
fatchan
d17670c857
potential fix for dumb palememe
4 years ago
dependabot-preview[bot]
17bcfa4621
Bump highlight.js from 9.18.1 to 10.0.0
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 9.18.1 to 10.0.0.
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/9.18.1...10.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
d725c3c573
update pm2 and add favicon changes for apple touch icon, etc and make it a separate gulp folder
4 years ago
fatchan
4e3e990904
update deps
5 years ago
dependabot-preview[bot]
c0e51d0e69
Bump fs-extra from 8.1.0 to 9.0.0
...
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra ) from 8.1.0 to 9.0.0.
- [Release notes](https://github.com/jprichardson/node-fs-extra/releases )
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/8.1.0...9.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
fatchan
e6d7785793
migration move files from /img to /file since it can contain more than just images
5 years ago
dependabot-preview[bot]
25a3e85c8e
Bump bcrypt from 3.0.8 to 4.0.0
...
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js ) from 3.0.8 to 4.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases )
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v3.0.8...v4.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
fatchan
73203db312
start option for unhashed ips
5 years ago
fatchan
de3651f83b
database migration script and first version to add bypass collection to db
5 years ago
fatchan
504fbd4496
dnsbl
5 years ago
fatchan
fede9813d2
update dependencies
5 years ago
fatchan
058d51a88b
actually update mongodb
5 years ago
fatchan
2c81037cb3
various minor changes and improve forms script for future use
5 years ago
dependabot-preview[bot]
7f4ea9fa1f
Bump gulp-uglify-es from 1.0.4 to 2.0.0 ( #62 )
...
Bumps [gulp-uglify-es](https://gitlab.com/itayronen/gulp-uglify-es ) from 1.0.4 to 2.0.0.
- [Release notes](https://gitlab.com/itayronen/gulp-uglify-es/tags )
- [Changelog](https://gitlab.com/itayronen/gulp-uglify-es/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/itayronen/gulp-uglify-es/commits/master )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
e2c298db30
Bump fs-extra from 7.0.1 to 8.1.0 ( #61 )
...
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra ) from 7.0.1 to 8.1.0.
- [Release notes](https://github.com/jprichardson/node-fs-extra/releases )
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/7.0.1...8.1.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
c472a01407
Bump del from 4.1.1 to 5.1.0 ( #60 )
...
Bumps [del](https://github.com/sindresorhus/del ) from 4.1.1 to 5.1.0.
- [Release notes](https://github.com/sindresorhus/del/releases )
- [Commits](https://github.com/sindresorhus/del/compare/v4.1.1...v5.1.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
Tom
d7f3825596
File limit error references #58 ( #59 )
...
* minor style change
* start fixing file form upload to show error instead of showing ugly nginx
* modify express-fileupload, udpate deps and now use dynamicresponse when upload too large files
5 years ago
fatchan
86851f3ffa
modify express-fileupload, udpate deps and now use dynamicresponse when upload too large files
5 years ago
fatchan
c073622eb6
local time, change some scripts names and orders, modal, footer, and udpate deps
5 years ago
fatchan
2bd241c6ab
try use referrer after actions to go back to correct page
5 years ago
fatchan
ea5be6036f
prototype post hiding and post menu
5 years ago
fatchan
23c9079c03
use highlight.js for syntax highlighting in code blocks of posts
5 years ago
fatchan
b6a8703621
some changes to make it at least _possible_ to run in dev without https
5 years ago
fatchan
2ce527c7a2
update deps
5 years ago
fatchan
9e5e57cc3b
update express-fileupload minus the unnecessary timer changes, and small fix in post mixin:
5 years ago
fatchan
0a95ff4b16
socket.io to make posting _actually_ live instead of polling the api. way mroe efficient
5 years ago
fatchan
d9559c76e6
fix exploit; no longer use extended body parser mode and remove unneeded array prefix from array body fields, since we use different lib to parse body now. also upgrade express and dont allow body for modlog actions to be entered into modlog, replace with non user controlled text
5 years ago
fatchan
f7d1ba9470
webring support, optional. currently adds webringed boards to homepage list. in future will move to board list page
5 years ago
fatchan
7d2acf017c
pug-cache-templates actually helps
5 years ago