Thomas Lynch
60cc35b389
block bypass assistance for users with SzPD
3 years ago
Thomas Lynch
d742486c06
nvm dont want to fuck my ass with EJS modules
3 years ago
Thomas Lynch
b08ab78c03
npm 8 package-lock, update some package versions, change some require()s to import()s, some package breaking changes might need reviewing
3 years ago
Thomas Lynch
6c7e850379
mongo driver change ops no longer available. we only used as boolean nayways so just set to true
3 years ago
Thomas Lynch
b17a83244b
tiny comment fix
3 years ago
Thomas Lynch
4ecab8994f
Better message and "link" added to dynamicResponse for dnsbl if blockbypass is allowed to bypass dnsbl
3 years ago
Thomas Lynch
addafd6b04
clse#339
4 years ago
Thomas Lynch
9b0b734bce
missing import
4 years ago
Thomas Lynch
849882a066
more model and form improvement
...
add a few missing field to paramconverter
make dnsbl cache time divided since it takes the time format
make redis print when it gets a message if debuglogs are on
4 years ago
Thomas Lynch
1c5f14e419
This did not go as planned
4 years ago
Thomas Lynch
32ec1152b4
more 'tor' -> 'anonymizer' rewording changes including some conditionals, comments and FAQ page text close #316
4 years ago
Thomas Lynch
d75fb8cb0f
rename some tor-specific stuff to "anonymizer" to be more general since i added lokinet to my site, will make easier to add others e.g. i2p in futuure
4 years ago
Thomas Lynch
6fa18c10ed
change bypasses not persisting on .onion, needs testing
4 years ago
Thomas Lynch
22055b6088
Make forceOnion for blockbypass, to enable it for .onion users even if disabled for clearnet. Effectively allows blockbypass for all, none, or .onion users only.
4 years ago
Thomas Lynch
a482000c1a
reference #279 , needs testing but this might be all it takes
4 years ago
Thomas Lynch
b5580edd9e
Allow sticky to be input as a number, 0 is disabled, higher numbers are a priority and threads will be sorted in descending order reference #289
4 years ago
Thomas Lynch
d12bed3dc2
add noscript warning to hcaptcha
...
add some missing checks for google to also check captcha type
adjust frontend scripts and gulpfile styling to support hcaptcha
4 years ago
dolphin
d51aa143a8
Add in hcaptcha support.
4 years ago
Thomas Lynch
a2fa19742d
configurable flood timers close #255
4 years ago
Thomas Lynch
a6653fbad9
How long has delete ip in thread been broken?
4 years ago
Thomas Lynch
a8ede39f80
secureCookies only try to set secure:true when x-forwarded-proto is https closes #223
4 years ago
Thomas Lynch
0d609623e3
make haspermsmiddleware actually cache params
4 years ago
Thomas Lynch
646cc551b7
More configuration and bit less ugly config layout for captcha
4 years ago
Thomas Lynch
60d36bbb6a
Make a bit more maintainable, support different captcha types with some config options
4 years ago
Thomas Lynch
f751436ae4
Tweak different captcha
4 years ago
Thomas Lynch
51084e1bc0
Test a different captcha
4 years ago
Thomas Lynch
28fdb8af81
small refactor, make captcha check separate. should be eaasier to add different captchas now
...
fix conditions for when to render bypass vs message page on failed captchas
use crypto timingsafeequal for comparing input to answer
4 years ago
Thomas Lynch
78f68f8baa
clear tempfiles in the pre bypass check because it might be after handlePostFilesEarlyTor
4 years ago
Thomas Lynch
786f5a2ffa
Bugfix for repeated getting new bypass when tor user didnt need one. not necessarily a big problem but it means they would keep getting new ids. this could actually be leveraged for a scuffed auto-refresh system in future
4 years ago
Thomas Lynch
b0797f0418
Beta testing .onion support
...
***DO NOT USE***
This still has some issues and needs testing.
- needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost
- need to make sure bans work properly still
- need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now
- im 99% sure post history of tor users is broken if viewed by non-global staff
- manual input ban form will also be broken for non-global staff
- could still use some improvement on the middleware having a little more complicated flor for tor users
But for the most part it works. Basically it will use the bypass id of a tor user as their "ip".
4 years ago
some random guy
0190ae5a0b
less garbage is session store
...
authenticated: same as `user != null`
user.authLevel, user.ownedBoards, user.modBoards: refreshed by sessionrefresh on
each request anyways, so it doesn't make much sense to store them in the session
store too.
4 years ago
some random guy
6f1ab5292f
safer redirects with login/logout
...
* properly escape goto parameter
* do not redirect to anywhere, only to the same server, no query parameters
This should still allow valid targets, like `/account.html`,
`/boardname/manage/whatever` while disallow things like `https://othersite.com `.
4 years ago
Thomas Lynch
8935ca5c28
Customisable header for IP and country code, and improve how country names are handled
4 years ago
fatchan
73a5241640
Add edit to action controllers and edit post view
4 years ago
fatchan
0edce10529
add more calls during some checks like dnsbl and blockbypass fails to remove temp files
5 years ago
fatchan
0df78e0a7f
make blockbypass modal look+sound better, check for success and auto close and make post when completed successfully
5 years ago
fatchan
1d1f42f94d
quick way to make bypasses in a frame
5 years ago
fatchan
5be8431d24
supporting stuff for modals, scripts, and urlencoded handling in forms.js
5 years ago
fatchan
6dc671998d
start of improving modals
5 years ago
fatchan
262100effa
allow custom message for link attribute in modal and message page
5 years ago
fatchan
13657a04cb
small fix check in hasperms
5 years ago
fatchan
73203db312
start option for unhashed ips
5 years ago
fatchan
da570c3fe6
fix bug in blockybpass when incorrect length
5 years ago
fatchan
3b452604e2
dont do 2 captchas, give bypass if already solved board captcha
5 years ago
fatchan
84971cd274
start work on blockbypass
5 years ago
fatchan
504fbd4496
dnsbl
5 years ago
fatchan
8659aa5baf
make bans show properly for js users because browsers are dumb
5 years ago
fatchan
4ac46b0003
make that actually work
5 years ago
fatchan
5784b4925f
bugfixes
5 years ago
fatchan
a41bc64987
hidden boards shown for global staff on board list
5 years ago