Thomas Lynch
2d1af818aa
Update some deps
4 years ago
some random guy
e30ec2737e
normalize IP addresses
...
Currently jschan takes the IP address as a string from the `X-Real-Ip` header,
which based on the frontend proxy configuration, OS settings, etc. can take
various forms:
IPv4 addresses can be given in normal IPv4 dotted notation (e.g. `1.2.3.4`) or
as an IPv4-mapped IPv6 address (e.g. `::ffff:1.2.3.4`). The problem is, that in
the latter case, node's `isIP` will report 6, so the code will try to split it
along colons, breaking hrange and qrange.
With IPv6 addresses, it's possible to elide runs of zeroes, so `::1` and
`0:0:0:0:0:0:0:1` (and also `0000:0000:0000:0000:0000:0000:0000:0001`)
represents the same address. Since it's pretty easy to get a /64 IPv6 block, a
spammer can abuse it, by spamming from `a🅱️ c:d::1` (`qrange=a🅱️ c:d`,
`hrange=a🅱️ c`), then from `a🅱️ c:d::1:1` (`qrange=a🅱️ c:d:`, `hrange=a🅱️ c`),
`a🅱️ c:d::1:1:1` (`qrange=a🅱️ c:d::1`, `hrange=a🅱️ c:d`) and
`a🅱️ c:d:1:1:1:1` (`qrange=a🅱️ c:d:1:1`, `hrange=a🅱️ c:d`). He practically got
two hranges and qrange is pretty much pointless for IPv6 addresses.
This change uses the `ip6addr` package to parse IP addresses and convert it to
some canonical form. This means:
* IPv4 and IPv4-mapped IPv6 addresses are converted to normal IPv4 notation.
* Zero are not elided in IPv6 (so you'll never see `::`).
* IPv6 addresses are not zero padded (so `..:1` instead of `..:0001`).
* Even though it's not documented, it seems like `ip6addr` always generates
lower-case letters.
This will unfortunately mean that some IP hashes may change after the update.
Normal IPv4 hashes will most probably remain the same though.
4 years ago
Thomas Lynch
1f7e670c7c
modlog records for non-delete actions now link to posts closes #193
4 years ago
Thomas Lynch
8935ca5c28
Customisable header for IP and country code, and improve how country names are handled
4 years ago
Thomas Lynch
f4717b35a3
explicit version for express-fileupload, which should now be fixed
4 years ago
Thomas Lynch
39bbedfe53
Get session in websocket
4 years ago
Thomas Lynch
9f47b05f0d
update deps
4 years ago
Thomas Lynch
ce0bfab6c2
switch to getting packages from gitgud.io
4 years ago
Thomas Lynch
708a6e0b9b
remove dupe dependency with same path
4 years ago
dependabot-preview[bot]
d4705d6f3c
Bump bcrypt from 4.0.1 to 5.0.0 ( #166 )
...
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js ) from 4.0.1 to 5.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases )
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
bd427b929e
Bump socket.io-redis from 5.2.0 to 5.3.0 ( #159 )
...
Bumps [socket.io-redis](https://github.com/socketio/socket.io-redis ) from 5.2.0 to 5.3.0.
- [Release notes](https://github.com/socketio/socket.io-redis/releases )
- [Changelog](https://github.com/socketio/socket.io-redis/blob/master/CHANGELOG.md )
- [Commits](https://github.com/socketio/socket.io-redis/compare/5.2.0...5.3.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
ec76dfa0fe
Bump sanitize-html from 1.25.0 to 1.26.0 ( #157 )
...
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.25.0 to 1.26.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
285bee3f31
Bump fs-extra from 9.0.0 to 9.0.1 ( #156 )
...
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra ) from 9.0.0 to 9.0.1.
- [Release notes](https://github.com/jprichardson/node-fs-extra/releases )
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/9.0.0...9.0.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
523d0975f7
Bump ioredis from 4.17.1 to 4.17.3 ( #150 )
...
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.17.1 to 4.17.3.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.17.1...v4.17.3 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
0351b9c688
Bump sanitize-html from 1.24.0 to 1.25.0 ( #151 )
...
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
fatchan
eed27c414a
Update package-lock.json closes #148
4 years ago
Thomas Lynch
b32f3a76c0
bring across dependabot merges ( #147 )
...
* Bump ioredis from 4.16.3 to 4.17.1
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.3 to 4.17.1.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.3...v4.17.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump sanitize-html from 1.23.0 to 1.24.0
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump pug from 2.0.4 to 3.0.0
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump mongodb from 3.5.7 to 3.5.8
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native ) from 3.5.7 to 3.5.8.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases )
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md )
- [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
ec2f3a68c7
Bump mongodb from 3.5.7 to 3.5.8
...
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native ) from 3.5.7 to 3.5.8.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases )
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md )
- [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
c1ea23a6a8
Bump pug from 2.0.4 to 3.0.0
...
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
f5961af0b0
Bump sanitize-html from 1.23.0 to 1.24.0
...
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
c73c306068
Bump ioredis from 4.16.3 to 4.17.1
...
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.3 to 4.17.1.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.3...v4.17.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
d72e9e9df4
Bump highlight.js from 10.0.2 to 10.0.3
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 10.0.2 to 10.0.3.
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/10.0.3/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.0.2...10.0.3 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
4e0915b172
Bump bull from 3.13.0 to 3.14.0
...
Bumps [bull](https://github.com/OptimalBits/bull ) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/OptimalBits/bull/releases )
- [Changelog](https://github.com/OptimalBits/bull/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/OptimalBits/bull/compare/v3.13.0...v3.14.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
2576586e51
Bump highlight.js from 10.0.1 to 10.0.2
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 10.0.1 to 10.0.2.
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.0.1...10.0.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
6e1f552304
Bugfix quote difference/intersection when updating for edits references #121
4 years ago
dependabot-preview[bot]
87fad7e661
Bump socks-proxy-agent from 4.0.2 to 5.0.0
...
Bumps [socks-proxy-agent](https://github.com/TooTallNate/node-socks-proxy-agent ) from 4.0.2 to 5.0.0.
- [Release notes](https://github.com/TooTallNate/node-socks-proxy-agent/releases )
- [Commits](https://github.com/TooTallNate/node-socks-proxy-agent/compare/4.0.2...5.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
588e63d51f
Bump mongodb from 3.5.6 to 3.5.7
...
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native ) from 3.5.6 to 3.5.7.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases )
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md )
- [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.6...v3.5.7 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
caed7de6a8
Bump highlight.js from 10.0.0 to 10.0.1
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 10.0.0 to 10.0.1.
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.0.0...10.0.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
cef5d352b1
Bump pm2 from 4.3.1 to 4.4.0
...
Bumps [pm2](https://github.com/Unitech/pm2 ) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/Unitech/pm2/releases )
- [Changelog](https://github.com/Unitech/pm2/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Unitech/pm2/compare/4.3.1...4.4.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
51450aa0dd
Bump express-fileupload from `9aada2e` to `ecc5ad4`
...
Bumps [express-fileupload](https://github.com/fatchan/express-fileupload ) from `9aada2e` to `ecc5ad4`.
- [Release notes](https://github.com/fatchan/express-fileupload/releases )
- [Commits](9aada2ecde...ecc5ad4f41
)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
17bcfa4621
Bump highlight.js from 9.18.1 to 10.0.0
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 9.18.1 to 10.0.0.
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/9.18.1...10.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
966aba4e6d
Bump ioredis from 4.16.2 to 4.16.3
...
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.2 to 4.16.3.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.2...v4.16.3 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
88d27a848f
fix tht forms script being broken and forcing nonjs blockbypass when no files form
4 years ago
dependabot-preview[bot]
28c4455820
Bump pm2 from 4.3.0 to 4.3.1
...
Bumps [pm2](https://github.com/Unitech/pm2 ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/Unitech/pm2/releases )
- [Changelog](https://github.com/Unitech/pm2/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Unitech/pm2/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
d725c3c573
update pm2 and add favicon changes for apple touch icon, etc and make it a separate gulp folder
4 years ago
dependabot-preview[bot]
953cc3c7f9
Bump express-session from 1.17.0 to 1.17.1
...
Bumps [express-session](https://github.com/expressjs/session ) from 1.17.0 to 1.17.1.
- [Release notes](https://github.com/expressjs/session/releases )
- [Changelog](https://github.com/expressjs/session/blob/master/HISTORY.md )
- [Commits](https://github.com/expressjs/session/compare/v1.17.0...v1.17.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
4ad5617d4c
Bump mongodb from 3.5.5 to 3.5.6
...
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native ) from 3.5.5 to 3.5.6.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases )
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md )
- [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.5...v3.5.6 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
06a5387e4c
Bump ioredis from 4.16.1 to 4.16.2
...
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.1 to 4.16.2.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.1...v4.16.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
612c4250d3
Bump sanitize-html from 1.22.1 to 1.23.0
...
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.22.1 to 1.23.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
dependabot-preview[bot]
1e962f0053
Bump express-fileupload from `9aada2e` to `ecc5ad4`
...
Bumps [express-fileupload](https://github.com/fatchan/express-fileupload ) from `9aada2e` to `ecc5ad4`.
- [Release notes](https://github.com/fatchan/express-fileupload/releases )
- [Commits](9aada2ecde...ecc5ad4f41
)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
9630982ce8
Bump ioredis from 4.16.0 to 4.16.1
...
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.0 to 4.16.1.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.0...v4.16.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
fatchan
4e3e990904
update deps
5 years ago
fatchan
0edce10529
add more calls during some checks like dnsbl and blockbypass fails to remove temp files
5 years ago
fatchan
a0e0d9f12b
more logic and projections ips for manage pages and style fixes
5 years ago
dependabot-preview[bot]
c0e51d0e69
Bump fs-extra from 8.1.0 to 9.0.0
...
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra ) from 8.1.0 to 9.0.0.
- [Release notes](https://github.com/jprichardson/node-fs-extra/releases )
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/8.1.0...9.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
fbaa0156f7
Bump gm from `07df8fb` to `c2ffb2c`
...
Bumps [gm](https://github.com/fatchan/gm ) from `07df8fb` to `c2ffb2c`.
- [Release notes](https://github.com/fatchan/gm/releases )
- [Commits](07df8fbf13...c2ffb2ce0d
)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
4cd5345cea
Bump @tohru/gm from `07df8fb` to `c2ffb2c`
...
Bumps [@tohru/gm ](https://github.com/fatchan/gm ) from `07df8fb` to `c2ffb2c`.
- [Release notes](https://github.com/fatchan/gm/releases )
- [Commits](07df8fbf13...c2ffb2ce0d
)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
cab9194321
Bump cookie-parser from 1.4.4 to 1.4.5
...
Bumps [cookie-parser](https://github.com/expressjs/cookie-parser ) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/expressjs/cookie-parser/releases )
- [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md )
- [Commits](https://github.com/expressjs/cookie-parser/compare/1.4.4...1.4.5 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
718aefb6cb
Bump gulp-clean-css from 4.2.0 to 4.3.0
...
Bumps [gulp-clean-css](https://github.com/scniro/gulp-clean-css ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/scniro/gulp-clean-css/releases )
- [Commits](https://github.com/scniro/gulp-clean-css/compare/4.2.0...4.3.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
fatchan
585ab6ce0c
package lock
5 years ago