Thomas Lynch
6b394aca69
Bugfix to 2fa, code-reuse prevention was blocking all codes rather than only a recently used correct code.
2 years ago
Thomas Lynch
e521844123
Hotfix nginx for twofactor
2 years ago
Thomas Lynch
f26632f2a3
Merge branch 'develop' into 'master'
...
v0.10.0
See merge request fatchan/jschan!275
2 years ago
Thomas Lynch
0fca6a3d69
Update CHANGELOG, update dependencies
2 years ago
Thomas Lynch
d51bef9d37
Merge branch 'feature/2fa-totp' into 'develop'
...
Two Facor Authentication
See merge request fatchan/jschan!274
2 years ago
Thomas Lynch
f4328812f2
Add e2e tests for twofactor
...
Remove some cruft from package-lock from speakeasy
Add guard in dotwofactor for no/null (not blank) twofactor
2 years ago
Thomas Lynch
9a6c5ba9f8
.noselect class to twofactor on page
2 years ago
Thomas Lynch
29bb4856ab
2fa improvements
...
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
2 years ago
Thomas Lynch
e6346f9f53
Add twofactor input validation in changepassword controller
2 years ago
Thomas Lynch
d9288a137a
Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async
2 years ago
Thomas Lynch
e5d0f9871f
Add text version of secret to twofactor.html for people without/who dont want to use a camera or screenshot the image
...
Add warning to twofactor.html that other sessions will be logged out and they have to log in again
Change cache-control header to no-cache, even though private is secure (prevent showing cached page without outdated secret)
2 years ago
Thomas Lynch
b93bab7faf
Switch speakeasy -> otpauth (maintained, more modern, actively developed)
...
Remove dev debug skip of 2fa generation ratelimit
Shorten totp validity window
Remove ugly stuff from login/changepassword forms, change wording
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
f482156f8e
Merge branch 'develop' into 'master'
...
v0.9.4
Closes #493 and #502
See merge request fatchan/jschan!273
2 years ago
Thomas Lynch
d3507e6ae3
Merge branch 'master' into develop
2 years ago
Thomas Lynch
1e774a5b46
update CHANGELOG
2 years ago
Thomas Lynch
4c90d03dfa
update CHANGELOG, version bump, npm audit fix
2 years ago
Thomas Lynch
6db781e8b8
Limit ban note length to global limits log_message length
2 years ago
Thomas Lynch
78bd713274
Hide note from dynamicresponse in filteractions, and make seen default to true
2 years ago
Thomas Lynch
b69337e2f1
Show ban notes in mod view tables and allow editing them
2 years ago
Thomas Lynch
3b08cc684b
Start on ban notes
2 years ago
Thomas Lynch
6d2249c13a
Close #502 add some margin+padding to tabs area of settings to address strange firefox only css issue
2 years ago
Thomas Lynch
cada8600e0
Merge branch 'develop' into 'master'
...
v0.9.3
See merge request fatchan/jschan!271
2 years ago
Thomas Lynch
b8a260b0d6
typo
2 years ago
Thomas Lynch
9de7754c3b
update CHANGELOG, version bump, and npm audit
2 years ago
Thomas Lynch
868a59667c
Add mongodb and redis installation scripts (with authentication) and update secrets example with the same dummy passwords
...
Add direct nvm install instruction instead of github link only
Fix lokinet config overwriting tor by mistake
2 years ago
Thomas Lynch
33daee16db
Merge branch 'nginx-improvement' into develop
2 years ago
Thomas Lynch
e3e3609e33
Make nvm link go straight to installation section
2 years ago
Thomas Lynch
5967a0a430
Make lokinet SNApp key permanent
2 years ago
Thomas Lynch
da3709ddb1
INSTALLATION.md lokinet/tor section improvements
2 years ago
Thomas Lynch
7b830fe8fe
INSTALLATION.md update & improvement
2 years ago
Thomas Lynch
20e17ab2a5
put certbot first, and remove existing sites-available file so certbot doesnt fail to restart nginx
2 years ago
Thomas Lynch
bfafd2467b
more nginx improvement
2 years ago
Thomas Lynch
9bbe1ade7b
WIP improvement of nginx.sh to be smarter, fix a few broken things, and make it able to support self-signed or no https at all, support a subdomain hosted site, and make www optional
2 years ago
Thomas Lynch
91a842e43b
Merge branch 'develop'
2 years ago
Thomas Lynch
190410cc54
Bugfix issue with tor and renewing bypasses in some situations. Should be fetching *upserted* id from db or just using known ID.
2 years ago
Thomas Lynch
aed1abf36a
Merge branch 'develop' into 'master'
...
v0.9.1
Closes #489 and #495
See merge request fatchan/jschan!270
2 years ago
Thomas Lynch
45757dd51e
0.9.1, update CHANGELOG, move migration file, update package*.json
2 years ago
Thomas Lynch
568dd5f174
Allow providing file option overrides in addFile, use them to disable strip filename option for drawn tegaki
...
Bugfix checking if non existing box is checked
2 years ago
Thomas Lynch
caab78c0ef
Merge branch '489-more-captcha-customisation' into 'develop'
...
489-more-captcha-customisation
See merge request fatchan/jschan!269
2 years ago
Thomas Lynch
353926f44d
fix captcha tests, update to support new captchaOptions format with font
2 years ago
Thomas Lynch
32def31f76
update .gitlab-ci.yml
2 years ago
Thomas Lynch
0fc87e752d
make captcha font apply to text AND grid
...
set a new default font which is common on linux, in debian repos, and has the chess characters
remove 24MB font file that came from i dont even remember where
2 years ago
Thomas Lynch
ff7db40f42
make font size of grid captcha scale roughly to the current ratio of 20-30:120
2 years ago
Thomas Lynch
6b437d7159
Dont show replayable option if other files disabled on board
...
Rebuild board pages on file type for image/other changes, to account for tegaki in postform changes
2 years ago
Thomas Lynch
0ee959a81a
Remove duplicate link to download replay (jsonly tegaki replay link, since we already have the download button)
2 years ago
Thomas Lynch
3fe370dfdb
update CHANGELOG
2 years ago
Thomas Lynch
0c531867f7
"No subject" -> #${postId} in several places, much nicer idea
2 years ago
Thomas Lynch
6c8a5e7bdb
INSTALLATION improvements
...
more security points
update some links
move node.js update to updating section
2 years ago
Thomas Lynch
23e53886ef
README polish
2 years ago