Thomas Lynch
aa04faa25e
make global anonymizer file blocking apply to uploading board asset, banners, flags, adjust it for posting
1 year ago
Thomas Lynch
89ee952eb6
Move middleware to properly fix bypass success screen language, and update some code in gulp/res/js/forms.js to handle translated responses for e.g. missing captcha
1 year ago
Thomas Lynch
0b99e89522
Testing bypass success screen bugfix
1 year ago
Thomas Lynch
f0b1ce6f63
eslint fix
1 year ago
Thomas Lynch
612e7d0f3a
Add language set middleware to a bunch of routes, and make some minor middleware ordering changes to supprot
...
Add example translations in server.js, a controller for form submission, and in a middleware (file middleware in this case)
1 year ago
Thomas Lynch
5a7368a0a4
Add a new property to permissions metadata and reflect on frontend inability for users without that "parent" permission to edit roles/accounts to have some permissions e.g. root, edit roles, edit accs
...
Put the metadata into permissions.js (also TODO: key the metadata by bits instead? i.e [Permisions.whatever]: {})
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
216968b053
Add middlewares to fetch account on individual blockbypass form to allow bypass permission to work (no isLoggedIn needed)
2 years ago
Thomas Lynch
47083e149b
Fix the anonymizer bypass captcha permission issue (and fix the stupid pre-bypass and postsEarly in general)
2 years ago
Thomas Lynch
3a4737ad8e
Add account permission to bypass captcha ref #435 still TODO fixing it for anonymizers
2 years ago
Thomas Lynch
d8f2e8292f
add eslint rules
...
no-template-curly-in-string (+find and fix minor bug in redirect)
curly
no-multiple-empty-lines
2 years ago
Thomas Lynch
e7233d09e7
eslint controlers/, mostly removing all the unused schema check functions
2 years ago
Thomas Lynch
f75fd6dfad
add imageHashes middleware to modpost route
2 years ago
Thomas Lynch
bb582c2de8
"helpers" -> "lib
...
god help anybody who gets serious merge conflicts from this
close #434
2 years ago
Thomas Lynch
7b784283f8
tldr dnsbl and bypass sucks cock
2 years ago
Thomas Lynch
b886434c3d
implement deleting sessions
2 years ago
Thomas Lynch
993924a5f2
Start making roles editable ref #377
...
permtemplates are now roles.
They are in the db and can be edited.
Still have to do a few things like the migration, gulpfile and some small details.
2 years ago
Thomas Lynch
d1f9c78258
ref #377 , the fun begins
...
still a few things to do, see TODO (heh)
mostly working how i imagined, with a few quirks.
pretty happy with it.
2 years ago
Thomas Lynch
ddc816e35c
cleanup
2 years ago
Thomas Lynch
a93e42d90c
assets as last thing for manage assets page in boards
3 years ago
Thomas Lynch
52c189a153
allow board custom pages to be edited, like newspost editing
...
because rewriting the whole page can be annoying and you couldnt access the text without styling
also can change .html name, maybe that will get removed but it works atm.
still needs more tweaks and proper testing
3 years ago
Thomas Lynch
d959450865
add ip check to form
3 years ago
Thomas Lynch
42422d3d35
reference #355 changes to paramconverter
...
got the changes to itself done to return the middleware function,
and for most routes i updated them
still TODO the more complex routes, and change them to the refactored schema checking
3 years ago
Thomas Lynch
fc15fb2195
add paramconverter middleware to some more post routes
...
prevents would-be 400s causing internal server error or other potential issues due to e.g. array inputs
reminded me i should add an options arg to this middleware to list the allowed inputs, arrays, numbers, mongoId converts, date format converts, etc
3 years ago
Thomas Lynch
163522f02c
playing golf with file middleware helper. came out nice
3 years ago
Thomas Lynch
042445d28c
it works, with some kinks still to get through
3 years ago
Thomas Lynch
c4c2a1543d
start on adding custom banners
...
models and controllers arent done, things wont work yet.
added a migration and updated the template.js with some new needed values,
changed "banners" in manage to "assets" since it will hold both now
refactor the banners file form into a mixin since its basically repeated for flags,
and make it a tad more customisable
3 years ago
Thomas Lynch
d4ff40d715
finish errors for changing global settings
...
add back perm level check for delete board
3 years ago
Thomas Lynch
de8dcbb8be
progress on model, controller and the template
...
improve some helpers to load config properly on global config change including renderlocals, themes, etc
3 years ago
Thomas Lynch
1c5f14e419
This did not go as planned
3 years ago
Thomas Lynch
c49541598f
config to change perm level to delete board, close #311
4 years ago
Thomas Lynch
75888c79bd
case sensitive route... why does express have retarded defaults and how long has this been a thing? o.o
4 years ago
Thomas Lynch
cf43f650d6
Ability to edit newsposts reference #298
4 years ago
Thomas Lynch
9215dcbf17
test only, blockhash option
4 years ago
Thomas Lynch
44f69b8ba5
start per-board custom pages, mostly working could just use a lil more testing references #232
4 years ago
Thomas Lynch
3e2b361607
remove useless hasPerms(4) (4=not logged in or non-staff context) from form middlewares that already isLoggedIn e.g. create board and resign from board
4 years ago
Thomas Lynch
a89c25af24
Let people actually resign from boards
4 years ago
Thomas Lynch
18240670cf
Let users self-delete their account, provided they dont hold any staff positions closes #240
4 years ago
Thomas Lynch
25ce30dde8
fix issue posting bypass for non tor
4 years ago
Thomas Lynch
b597ac8159
ability to resign from a board you mod/own. previously you could not leave a mod position, and you could not leave owner position (unless you transfer) closes #196
4 years ago
Thomas Lynch
14dc090e08
Migration, and a change that will make it not get completely destroyed by ddos over TOR
4 years ago
Thomas Lynch
48565133d2
actually, remove that completely for now
4 years ago
Thomas Lynch
f1db4f7317
Fix post history for tor user and remove manual addban form from non-global manage pages (for now)
4 years ago
Thomas Lynch
786f5a2ffa
Bugfix for repeated getting new bypass when tor user didnt need one. not necessarily a big problem but it means they would keep getting new ids. this could actually be leveraged for a scuffed auto-refresh system in future
4 years ago
Thomas Lynch
b0797f0418
Beta testing .onion support
...
***DO NOT USE***
This still has some issues and needs testing.
- needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost
- need to make sure bans work properly still
- need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now
- im 99% sure post history of tor users is broken if viewed by non-global staff
- manual input ban form will also be broken for non-global staff
- could still use some improvement on the middleware having a little more complicated flor for tor users
But for the most part it works. Basically it will use the bypass id of a tor user as their "ip".
4 years ago
cfc97b8101
do not read session when not needed
4 years ago
Thomas Lynch
97ed9a91f0
seemsgood, closes #194
4 years ago
fatchan
5c606bf455
add process ip so modlog can be filled, closes #141
4 years ago
fatchan
b4d9411ab4
close #129
4 years ago
fatchan
5c7fc003ad
register.html/create.html hiding based on settings and fix broken captcha quota resetting for some forms references #124
4 years ago
some random guy