Thomas Lynch
29bb4856ab
2fa improvements
...
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
2 years ago
Thomas Lynch
d9288a137a
Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
78bd713274
Hide note from dynamicresponse in filteractions, and make seen default to true
2 years ago
Thomas Lynch
3b08cc684b
Start on ban notes
2 years ago
Thomas Lynch
190410cc54
Bugfix issue with tor and renewing bypasses in some situations. Should be fetching *upserted* id from db or just using known ID.
2 years ago
Thomas Lynch
353926f44d
fix captcha tests, update to support new captchaOptions format with font
2 years ago
Thomas Lynch
0fc87e752d
make captcha font apply to text AND grid
...
set a new default font which is common on linux, in debian repos, and has the chess characters
remove 24MB font file that came from i dont even remember where
2 years ago
Thomas Lynch
ff7db40f42
make font size of grid captcha scale roughly to the current ratio of 20-30:120
2 years ago
Thomas Lynch
2a48b10054
Fix duplicate key in projectedsettings for board settings, and make custompages jsons get removed on deleting custom page.
...
Close #479 add endpoints for board and global settings.json to api with options that would be useful for a 3rd party app. Add the associated tasks, calls to them in settings.
Small change and add comments in lib/build/render.
2 years ago
Thomas Lynch
641c087ecc
Add public json for modlog list, logs, custompages
...
update the banners task to output json (not just render it), so it can be reached on first pageload
close #491
2 years ago
Thomas Lynch
1e70a5aa62
Fix incorrect arg to Modlogs.deleteOld not pruning modlogs when updating modloglist. (the public page was still "correct" since it filtered the dates beforehand)
2 years ago
Thomas Lynch
df409471bb
Close #483 migrate from socket.io-redis to @socket.io/redis-adapter
2 years ago
Thomas Lynch
8061ffecb4
Add solvedCaptcha=true check also to blockbypass for the few routes which check block bypass w/o verifyCaptcha middleware before
2 years ago
Thomas Lynch
2de0c0021e
Ignore imghash failing close #481
2 years ago
Thomas Lynch
65c06cc39e
Remove cruft of old pre-bypass captcha verification skip
2 years ago
Thomas Lynch
47083e149b
Fix the anonymizer bypass captcha permission issue (and fix the stupid pre-bypass and postsEarly in general)
2 years ago
Thomas Lynch
3a4737ad8e
Add account permission to bypass captcha ref #435 still TODO fixing it for anonymizers
2 years ago
Thomas Lynch
fb5b9ddb1f
write the captchas to tmp in tests ref #469 !258
2 years ago
Thomas Lynch
fb57aa6fd5
Add captcha generators tests (doesnt write them to disk, but runs the generator function for catching issues like !255 ref #469
2 years ago
Thomas Lynch
b1751f1706
allow grid captcha yIconOffset=0
2 years ago
Thomas Lynch
06828da6c0
Refactor captcha generators and captcha model
...
Generators changes:
- take captchaoptions as argument, so no longer require config.get or captchas db imports
- return the captcha object (gm instance) and solution (whatever).
The model itself inserts the solution to db, gets captchaid for filename and cookie, and writes the image to disk.
Slightly cleaner imo, and makes the captcha generators more testable without requiring any mocking for DB/config.
2 years ago
Thomas Lynch
f0ae0691a4
Remove duplicate call to randomof and setting characters
...
Remove debug
ref #469
2 years ago
Thomas Lynch
c969814f54
First version of grid v2
2 years ago
Thomas Lynch
6e80af2eec
Fix another non integer argument to randomrange :^)
2 years ago
f6631068d1
captcha/getdistorts: randomRange requires integers
2 years ago
f0780291b6
captcha/getdistorts: randomRange requires integers
2 years ago
Thomas Lynch
8f74885ba2
Add noise and paint slider options to grid captcha
2 years ago
Thomas Lynch
05413d72c6
Ref #418 add the abandoned boards handling
...
Fix small bug with incorrect schema for the setting
Set both schedules to immediate: false
2 years ago
Thomas Lynch
6ec6b32ed5
Change "wave" and "paint" text effect captcha options from toggle to slider
...
Add "noise" text captcha effect slider
Add font lib to get list of system fonts
Add "font" text captcha option
ref #469
2 years ago
Thomas Lynch
70eb647321
Fix rng captcha generation error. Couldnt cherry-pick 0c2e99a96b because I decided to accidentally include an unrelated change
2 years ago
Thomas Lynch
0c2e99a96b
Fix issue of randomrange min < max constraint sometimes being violated
2 years ago
Thomas Lynch
c1dc877459
Set now non-default defParamCharset: "utf8" busboy option to correctly handle encoding of filenames that need utf8
2 years ago
Thomas Lynch
c8ebf9a579
Improvement to grid v1 to allow customising, allowing for something like this.
...
-true characters
-false characters
-question text
Make optional (and add additional options for) some filters/effects
-paint
-line
-wave
2 years ago
Thomas Lynch
18ab7d24ee
When strict mime validation is enabled, actually tell the user what the server thinks the mime is in the mismatch error message.
...
note: only for making posts (for now), pending a refactor of some checks that are shared and duplicated between other file upload models e.g. banners/asset
2 years ago
Thomas Lynch
cc21f9390f
Replace randomRange with native crypto.randomInt close #464
...
Cleanup the captcha generators a bit, add comments, refactor duplicate getting distortions code to separate file.
2 years ago
Thomas Lynch
36ed7a8fc4
Update some scoped packages and switch to using published npm rather than off git+https to gitgud
2 years ago
Thomas Lynch
aaae81ff5b
Move alphaNumericRegex to schema checker from todo
2 years ago
Thomas Lynch
4022999966
Remove or update some no longer relevant todos.
...
re: the captcha one, roundrobin = too fast expiring, sampling expireAfter $gte some time = possible to not get returned a captcha. so stucking with random. been working fine.
2 years ago
Thomas Lynch
d8f2e8292f
add eslint rules
...
no-template-curly-in-string (+find and fix minor bug in redirect)
curly
no-multiple-empty-lines
2 years ago
Thomas Lynch
e047782249
eslint lib, migrations, db, models, test, schedules and root dir
2 years ago
Thomas Lynch
ec5eb65aa7
change return of getfilterstrings to object and destructure
2 years ago
Thomas Lynch
6c9f0a211f
hotfix editing broken filters
...
note: i am dumb and the testing account has BYPASS_FILTERS so what i broke in changing filters went unnoticed
in future, will add more tests w/ different permission levels
2 years ago
Thomas Lynch
7893947ee6
refactor, dedup the combining of post data into strings for filtering, and blocking post/applying ban. also improve the comments. previously was ugly and duplicated between makepost and editpost model
2 years ago
Thomas Lynch
a9af02e105
bugfix incorrect fallback for arraysetting in board tags
...
undo a change in paramconverter that could mess with array inputs being unset
migration to unfuck any broken board tags from this
2 years ago
Thomas Lynch
3de70f05b9
fix tmp dir
2 years ago
Thomas Lynch
30c0bc9b7f
Session expiry 1 day -> 3 days
2 years ago
Thomas Lynch
cd254e7c40
cleanup and make hotposts more to my taste
2 years ago
af9a2232c1
...
2 years ago
3e1eaa87b4
fix hot threads dumb error when pasting
2 years ago
some random guy