Thomas Lynch
cb4c74b7cf
less dumb logic for the captcha loop and make it a bit stronger
4 years ago
Thomas Lynch
5a6114014f
grid captcha instructions
4 years ago
Thomas Lynch
14dc090e08
Migration, and a change that will make it not get completely destroyed by ddos over TOR
4 years ago
Thomas Lynch
60d36bbb6a
Make a bit more maintainable, support different captcha types with some config options
4 years ago
Thomas Lynch
f751436ae4
Tweak different captcha
4 years ago
Thomas Lynch
ce069077f8
locals for recaptcha to compiledclients, captcha preload and adding missing captcha changes
4 years ago
Thomas Lynch
908cbc97ee
Tweak different captcha
4 years ago
Thomas Lynch
2f185deee7
Tweak different captcha
4 years ago
Thomas Lynch
51084e1bc0
Test a different captcha
4 years ago
Thomas Lynch
acb7f56972
Merge optional google captcha, integrate into captcha check refactor, will allow for more captcha provider in future
...
More tor fixes and changes, and add some basic nginx config for tor
4 years ago
Thomas Lynch
bcc5cdcccb
Merge branch 'master' into tor-testing
4 years ago
Thomas Lynch
28fdb8af81
small refactor, make captcha check separate. should be eaasier to add different captchas now
...
fix conditions for when to render bypass vs message page on failed captchas
use crypto timingsafeequal for comparing input to answer
4 years ago
Thomas Lynch
6d7c8d5989
smooth scrolling option in settings
4 years ago
Thomas Lynch
8e30513af1
remove some useless logic
4 years ago
Thomas Lynch
81fe9787dd
no need for dnsbl on tor user
4 years ago
Thomas Lynch
82cb45c2c6
bypass height bigger for when you need to click boxes
4 years ago
Thomas Lynch
09e0bcb518
references #209 , add optional google recaptcha. implementation could use some polish, but it will work for now.
4 years ago
Thomas Lynch
900665f1d0
more traditional and nicer looking hide arrow/post menu
4 years ago
Thomas Lynch
d938acd567
show processing for button on all forms, better for slower connections
4 years ago
Thomas Lynch
c87ec97737
make thumb hiding apply to catalog
4 years ago
Thomas Lynch
679cfc1ec2
make thumb hiding apply to catalog
4 years ago
Thomas Lynch
652888587b
show processing for button on all forms, better for slower connections
4 years ago
Thomas Lynch
af67ed5fe7
more traditional and nicer looking hide arrow/post menu
4 years ago
Thomas Lynch
d307124237
add moz prefix property on noselect class, fixes some styling behaviour for firefox
4 years ago
Thomas Lynch
9b01ba2657
better affordance on captcha refresh icon
4 years ago
Thomas Lynch
78f68f8baa
clear tempfiles in the pre bypass check because it might be after handlePostFilesEarlyTor
4 years ago
Thomas Lynch
f4b6ef9919
better affordance on captcha refresh icon
4 years ago
Thomas Lynch
1216e20e56
Fix that for tor
4 years ago
Thomas Lynch
48565133d2
actually, remove that completely for now
4 years ago
Thomas Lynch
546582b54e
delete cache properly in setlevel
4 years ago
Thomas Lynch
f1db4f7317
Fix post history for tor user and remove manual addban form from non-global manage pages (for now)
4 years ago
Thomas Lynch
b50d39250a
delete cache properly in setlevel
4 years ago
Thomas Lynch
f263310dc3
Rmove old test logging and add note to frontend captcha script
4 years ago
Thomas Lynch
786f5a2ffa
Bugfix for repeated getting new bypass when tor user didnt need one. not necessarily a big problem but it means they would keep getting new ids. this could actually be leveraged for a scuffed auto-refresh system in future
4 years ago
Thomas Lynch
b0797f0418
Beta testing .onion support
...
***DO NOT USE***
This still has some issues and needs testing.
- needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost
- need to make sure bans work properly still
- need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now
- im 99% sure post history of tor users is broken if viewed by non-global staff
- manual input ban form will also be broken for non-global staff
- could still use some improvement on the middleware having a little more complicated flor for tor users
But for the most part it works. Basically it will use the bypass id of a tor user as their "ip".
4 years ago
Thomas Lynch
ad2c1e030e
Merge branch 'master' into dev
4 years ago
Thomas Lynch
a564ca69a1
Merge branch 'random-fixes' into 'master'
...
Random fixes
See merge request fatchan/jschan!173
4 years ago
some_random_guy
0f20646833
use `redirect: false` in express.static
...
This prevents prolems like `/` giving 404 in devel mode (when
`static/html/index.html` is missing) or `/captcha` redirecting to
`/captcha/` (then breaking).
4 years ago
Thomas Lynch
16f7b3dbe6
Merge branch 'master' into dev
4 years ago
Thomas Lynch
e98713c26f
Merge branch 'user-info-cache-fix' into 'master'
...
Fix session cache (!171 )
See merge request fatchan/jschan!172
4 years ago
some random guy
8b08f565cf
actually use session cache
4 years ago
Thomas Lynch
41a22809fc
Merge branch 'master' into dev
4 years ago
Thomas Lynch
f674f20390
Merge branch 'ip-address-normalize' into 'master'
...
normalize IP addresses
See merge request fatchan/jschan!169
4 years ago
Thomas Lynch
fed813d50f
Merge branch 'safer-redirects' into 'master'
...
safer redirects with login/logout
See merge request fatchan/jschan!170
4 years ago
Thomas Lynch
c5b10f7d5e
Merge branch 'user-info-cache' into 'master'
...
User/session info cache
See merge request fatchan/jschan!171
4 years ago
some random guy
5dc3fe9504
cache account info in redis db
4 years ago
some random guy
cd789dba0c
remove unnecessary user object from session
...
It only had a single property, username.
4 years ago
some random guy
0190ae5a0b
less garbage is session store
...
authenticated: same as `user != null`
user.authLevel, user.ownedBoards, user.modBoards: refreshed by sessionrefresh on
each request anyways, so it doesn't make much sense to store them in the session
store too.
4 years ago
some random guy
cfc97b8101
do not read session when not needed
4 years ago
some random guy
6f1ab5292f
safer redirects with login/logout
...
* properly escape goto parameter
* do not redirect to anywhere, only to the same server, no query parameters
This should still allow valid targets, like `/account.html`,
`/boardname/manage/whatever` while disallow things like `https://othersite.com `.
4 years ago