Thomas Lynch
e87754f67e
reference #256 unique message per board/thread option
...
strips quote, so starting post with quote isnt considered unique
4 years ago
Thomas Lynch
ecb9550693
update some deps
4 years ago
Thomas Lynch
a2d34ac4af
close #265 global and board setting to disable .onion file posting
4 years ago
Thomas Lynch
f9e15e23e8
option for boards to enforce unique files board wide or per thread
4 years ago
Thomas Lynch
26dd43f251
update express-fileupload middleware to fix issue with abort event incorrectly deleting temp files between file upload middleware and later middlewares
4 years ago
Thomas Lynch
48d6721ecc
update deps
4 years ago
Thomas Lynch
b963a1814f
forgot to update migrateVersion for #488c100ca443aa05623a7c2723376b2e88c5a67f
4 years ago
Thomas Lynch
24574862a2
Add file-type moodule to check file mime types strictly, with 2 optiosn in config about it
...
Update express-fileupload dependency to clean tempfiles on numFilesLimitHandler
Add a proper error message for max num files instead of allowing unlimited and limiting in board post method
4 years ago
Thomas Lynch
7d87819ad4
Update node-fetch dependency for security advisory https://npmjs.com/advisories/1556
4 years ago
Thomas Lynch
2d1af818aa
Update some deps
4 years ago
Thomas Lynch
14dc090e08
Migration, and a change that will make it not get completely destroyed by ddos over TOR
4 years ago
some random guy
e30ec2737e
normalize IP addresses
...
Currently jschan takes the IP address as a string from the `X-Real-Ip` header,
which based on the frontend proxy configuration, OS settings, etc. can take
various forms:
IPv4 addresses can be given in normal IPv4 dotted notation (e.g. `1.2.3.4`) or
as an IPv4-mapped IPv6 address (e.g. `::ffff:1.2.3.4`). The problem is, that in
the latter case, node's `isIP` will report 6, so the code will try to split it
along colons, breaking hrange and qrange.
With IPv6 addresses, it's possible to elide runs of zeroes, so `::1` and
`0:0:0:0:0:0:0:1` (and also `0000:0000:0000:0000:0000:0000:0000:0001`)
represents the same address. Since it's pretty easy to get a /64 IPv6 block, a
spammer can abuse it, by spamming from `a🅱️ c:d::1` (`qrange=a🅱️ c:d`,
`hrange=a🅱️ c`), then from `a🅱️ c:d::1:1` (`qrange=a🅱️ c:d:`, `hrange=a🅱️ c`),
`a🅱️ c:d::1:1:1` (`qrange=a🅱️ c:d::1`, `hrange=a🅱️ c:d`) and
`a🅱️ c:d:1:1:1:1` (`qrange=a🅱️ c:d:1:1`, `hrange=a🅱️ c:d`). He practically got
two hranges and qrange is pretty much pointless for IPv6 addresses.
This change uses the `ip6addr` package to parse IP addresses and convert it to
some canonical form. This means:
* IPv4 and IPv4-mapped IPv6 addresses are converted to normal IPv4 notation.
* Zero are not elided in IPv6 (so you'll never see `::`).
* IPv6 addresses are not zero padded (so `..:1` instead of `..:0001`).
* Even though it's not documented, it seems like `ip6addr` always generates
lower-case letters.
This will unfortunately mean that some IP hashes may change after the update.
Normal IPv4 hashes will most probably remain the same though.
4 years ago
Thomas Lynch
1f7e670c7c
modlog records for non-delete actions now link to posts closes #193
4 years ago
Thomas Lynch
8935ca5c28
Customisable header for IP and country code, and improve how country names are handled
4 years ago
Thomas Lynch
f4717b35a3
explicit version for express-fileupload, which should now be fixed
4 years ago
Thomas Lynch
39bbedfe53
Get session in websocket
4 years ago
Thomas Lynch
9f47b05f0d
update deps
4 years ago
Thomas Lynch
ce0bfab6c2
switch to getting packages from gitgud.io
4 years ago
Thomas Lynch
708a6e0b9b
remove dupe dependency with same path
4 years ago
dependabot-preview[bot]
d4705d6f3c
Bump bcrypt from 4.0.1 to 5.0.0 ( #166 )
...
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js ) from 4.0.1 to 5.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases )
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
Thomas Lynch
e6f11478ee
Dev auto reset triggers ( #152 )
...
* dev-auto-reset-triggers to test auto resetting trigger action at end of each hour references #130
* migration and comment change
* migrateVersion change
4 years ago
fatchan
5fde07163c
start on migration file and fixing ban index
4 years ago
fatchan
f4ca3563d5
Sage only email without force anon reference #130
4 years ago
fatchan
a35959a092
Sage only email without force anon reference #130
4 years ago
Thomas Lynch
b32f3a76c0
bring across dependabot merges ( #147 )
...
* Bump ioredis from 4.16.3 to 4.17.1
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.3 to 4.17.1.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.3...v4.17.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump sanitize-html from 1.23.0 to 1.24.0
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump pug from 2.0.4 to 3.0.0
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump mongodb from 3.5.7 to 3.5.8
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native ) from 3.5.7 to 3.5.8.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases )
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md )
- [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
c1ea23a6a8
Bump pug from 2.0.4 to 3.0.0
...
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
9f44f8aabc
country blocking per board
4 years ago
fatchan
8d49e2d815
Webring proxy support
4 years ago
fatchan
7b3b416cd6
add new migration
4 years ago
fatchan
d17670c857
potential fix for dumb palememe
4 years ago
dependabot-preview[bot]
17bcfa4621
Bump highlight.js from 9.18.1 to 10.0.0
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 9.18.1 to 10.0.0.
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/9.18.1...10.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
d725c3c573
update pm2 and add favicon changes for apple touch icon, etc and make it a separate gulp folder
4 years ago
fatchan
4e3e990904
update deps
5 years ago
dependabot-preview[bot]
c0e51d0e69
Bump fs-extra from 8.1.0 to 9.0.0
...
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra ) from 8.1.0 to 9.0.0.
- [Release notes](https://github.com/jprichardson/node-fs-extra/releases )
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/8.1.0...9.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
fatchan
e6d7785793
migration move files from /img to /file since it can contain more than just images
5 years ago
dependabot-preview[bot]
25a3e85c8e
Bump bcrypt from 3.0.8 to 4.0.0
...
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js ) from 3.0.8 to 4.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases )
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v3.0.8...v4.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
fatchan
73203db312
start option for unhashed ips
5 years ago
fatchan
de3651f83b
database migration script and first version to add bypass collection to db
5 years ago
fatchan
504fbd4496
dnsbl
5 years ago
fatchan
fede9813d2
update dependencies
5 years ago
fatchan
058d51a88b
actually update mongodb
5 years ago
fatchan
2c81037cb3
various minor changes and improve forms script for future use
5 years ago
dependabot-preview[bot]
7f4ea9fa1f
Bump gulp-uglify-es from 1.0.4 to 2.0.0 ( #62 )
...
Bumps [gulp-uglify-es](https://gitlab.com/itayronen/gulp-uglify-es ) from 1.0.4 to 2.0.0.
- [Release notes](https://gitlab.com/itayronen/gulp-uglify-es/tags )
- [Changelog](https://gitlab.com/itayronen/gulp-uglify-es/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/itayronen/gulp-uglify-es/commits/master )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
e2c298db30
Bump fs-extra from 7.0.1 to 8.1.0 ( #61 )
...
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra ) from 7.0.1 to 8.1.0.
- [Release notes](https://github.com/jprichardson/node-fs-extra/releases )
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/7.0.1...8.1.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
c472a01407
Bump del from 4.1.1 to 5.1.0 ( #60 )
...
Bumps [del](https://github.com/sindresorhus/del ) from 4.1.1 to 5.1.0.
- [Release notes](https://github.com/sindresorhus/del/releases )
- [Commits](https://github.com/sindresorhus/del/compare/v4.1.1...v5.1.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
Tom
d7f3825596
File limit error references #58 ( #59 )
...
* minor style change
* start fixing file form upload to show error instead of showing ugly nginx
* modify express-fileupload, udpate deps and now use dynamicresponse when upload too large files
5 years ago
fatchan
86851f3ffa
modify express-fileupload, udpate deps and now use dynamicresponse when upload too large files
5 years ago
fatchan
c073622eb6
local time, change some scripts names and orders, modal, footer, and udpate deps
5 years ago
fatchan
2bd241c6ab
try use referrer after actions to go back to correct page
5 years ago
fatchan
ea5be6036f
prototype post hiding and post menu
5 years ago