fatchan/jschan - jschan - TurnKey Gitea

Author	SHA1	Message	Date
Thomas Lynch	9d695b902c	eslint fix	1 year ago
Thomas Lynch	3f53c60a73	Handle form submissions to login with no twofactor body field because otp moduel wants at least a string	1 year ago
Thomas Lynch	79c45eda4d	Change login flow to always check both 2FA, update CHANGELOG	1 year ago
Thomas Lynch	f4328812f2	Add e2e tests for twofactor Remove some cruft from package-lock from speakeasy Add guard in dotwofactor for no/null (not blank) twofactor	2 years ago
Thomas Lynch	29bb4856ab	2fa improvements - Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time - Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor() - Better names for some keys of twofactor redis stuff	2 years ago
Thomas Lynch	d9288a137a	Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async	2 years ago
Thomas Lynch	b93bab7faf	Switch speakeasy -> otpauth (maintained, more modern, actively developed) Remove dev debug skip of 2fa generation ratelimit Shorten totp validity window Remove ugly stuff from login/changepassword forms, change wording	2 years ago
Thomas Lynch	4d86406483	Initial commit of 2FA for accounts, TOTP-based	2 years ago
Thomas Lynch	e047782249	eslint lib, migrations, db, models, test, schedules and root dir	2 years ago
Thomas Lynch	bb582c2de8	"helpers" -> "lib god help anybody who gets serious merge conflicts from this close #434	2 years ago
Thomas Lynch	18b58202e7	show last active date for accounts in globalnamage accounts page close #236 NOTE: based on last time session was refreshed and updated from db ~1h, or when a user logs in	4 years ago
some random guy	cd789dba0c	remove unnecessary user object from session It only had a single property, username.	4 years ago
some random guy	0190ae5a0b	less garbage is session store authenticated: same as `user != null` user.authLevel, user.ownedBoards, user.modBoards: refreshed by sessionrefresh on each request anyways, so it doesn't make much sense to store them in the session store too.	4 years ago
some random guy	6f1ab5292f	safer redirects with login/logout * properly escape goto parameter * do not redirect to anywhere, only to the same server, no query parameters This should still allow valid targets, like `/account.html`, `/boardname/manage/whatever` while disallow things like `https://othersite.com`.	4 years ago
fatchan	a0d0394e62	dynamicresponse everything	4 years ago
fatchan	2b4e631756	accounts page, list owned and mod boards in accounts, show on global manage and accounts page	5 years ago
fatchan	8c09b8bd58	add db index file and destructure to reduce repetitive imports	5 years ago
fatchan	12f1df0e9c	refactor, all orm controllers now separate ^-^	5 years ago
fatchan	f5d859c71e	redirect to correct page on login or manage	5 years ago
fatchan	a818a25e91	generate and save html to disk. actions that would cause a page to change delete the html. on the next visit, nginx will try_files, else pass to the backend which will generate the page again. CURRENTLY DOES NOT SUPPORT POST ACTIONS e.g. deletes, spoiler, sticky, etc will not cause pages to be deleted for future rebuilding. thats coming in next commits. consider this the start of actual smart building strategy to prevent templating and db hits unnecessarily. where its possible to serve a plain html page, we will do so.	5 years ago
fatchan	ff4f6c4758	stop calling that a model	5 years ago
fatchan	c4243d1f81	markdown fix and simpler login check/redirect	5 years ago
fatchan	3c327862d9	some pages redirect after logging in	5 years ago
fatchan	db963d4607	global and board IP bans, improved error handling, improved permissions checks	5 years ago
fatchan	b42a7eafdf	rename, restructure api vs forms naming + correct delete permissions	5 years ago
fatchan	e00c6d2fff	Basic registration and login with model and controllers	5 years ago