Thomas Lynch
46358a3503
Add i18n to bumplock/lock/sticky/cycle, change board/globalsettings, changepassword, and create board pages
...
Update a bunch of middleware, pages and libs to destructure i18n funcs if used more than once to not repeat res.locals
ref #396 (going to try and remember this from now on)
2 years ago
Thomas Lynch
d20744d897
twofactor page model translation
2 years ago
Thomas Lynch
97e5ce53e8
Translate (just the template changes) for a ton of mixins and includes, and update country names to support multi language
2 years ago
Thomas Lynch
bc2816596d
remove excess whitespace
2 years ago
Thomas Lynch
00f6d3fdb0
convert relative times to support localisation
2 years ago
Thomas Lynch
277745a5ca
Fix the completely fucked up "my permission", the board equivalent, and staff permissions page since a recent permission update. Upside is it now considers the "parent" thing, which is nice.
2 years ago
Thomas Lynch
7c9f6257f8
Add setQueryLanguage mw, Make bypass_minimal language aware, TODO make form submissions know language and redirect to blockbypass for board with language query string
2 years ago
Thomas Lynch
e4dd53427e
Add language setting to global settings and board settings
2 years ago
Thomas Lynch
679d095d98
Start on localisation ref #396
2 years ago
Thomas Lynch
5a7368a0a4
Add a new property to permissions metadata and reflect on frontend inability for users without that "parent" permission to edit roles/accounts to have some permissions e.g. root, edit roles, edit accs
...
Put the metadata into permissions.js (also TODO: key the metadata by bits instead? i.e [Permisions.whatever]: {})
2 years ago
Thomas Lynch
bc53bc1e4a
Allow roles from globalmanage to be fetched as json
2 years ago
Thomas Lynch
b391c0cb66
Make post editing a GET endpoint with perm check like editstaff/editcustompages, much more sensible
2 years ago
Thomas Lynch
29bb4856ab
2fa improvements
...
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
2 years ago
Thomas Lynch
e5d0f9871f
Add text version of secret to twofactor.html for people without/who dont want to use a camera or screenshot the image
...
Add warning to twofactor.html that other sessions will be logged out and they have to log in again
Change cache-control header to no-cache, even though private is secure (prevent showing cached page without outdated secret)
2 years ago
Thomas Lynch
b93bab7faf
Switch speakeasy -> otpauth (maintained, more modern, actively developed)
...
Remove dev debug skip of 2fa generation ratelimit
Shorten totp validity window
Remove ugly stuff from login/changepassword forms, change wording
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
9a7053242d
Close #370 optional disable overboard reverse image links
2 years ago
Thomas Lynch
2a48b10054
Fix duplicate key in projectedsettings for board settings, and make custompages jsons get removed on deleting custom page.
...
Close #479 add endpoints for board and global settings.json to api with options that would be useful for a 3rd party app. Add the associated tasks, calls to them in settings.
Small change and add comments in lib/build/render.
2 years ago
Thomas Lynch
641c087ecc
Add public json for modlog list, logs, custompages
...
update the banners task to output json (not just render it), so it can be reached on first pageload
close #491
2 years ago
Thomas Lynch
3cb5e0197a
Revert "Close #480 dont show "register" on login page if not allowed for regular user, since users might reach it clicking "manage" after the login redirect"
...
This reverts commit 9c5dd5efa8
.
2 years ago
Thomas Lynch
9c5dd5efa8
Close #480 dont show "register" on login page if not allowed for regular user, since users might reach it clicking "manage" after the login redirect
2 years ago
Thomas Lynch
06828da6c0
Refactor captcha generators and captcha model
...
Generators changes:
- take captchaoptions as argument, so no longer require config.get or captchas db imports
- return the captcha object (gm instance) and solution (whatever).
The model itself inserts the solution to db, gets captchaid for filename and cookie, and writes the image to disk.
Slightly cleaner imo, and makes the captcha generators more testable without requiring any mocking for DB/config.
2 years ago
Thomas Lynch
c969814f54
First version of grid v2
2 years ago
Thomas Lynch
6ec6b32ed5
Change "wave" and "paint" text effect captcha options from toggle to slider
...
Add "noise" text captcha effect slider
Add font lib to get list of system fonts
Add "font" text captcha option
ref #469
2 years ago
Thomas Lynch
4022999966
Remove or update some no longer relevant todos.
...
re: the captcha one, roundrobin = too fast expiring, sampling expireAfter $gte some time = possible to not get returned a captcha. so stucking with random. been working fine.
2 years ago
Thomas Lynch
d8f2e8292f
add eslint rules
...
no-template-curly-in-string (+find and fix minor bug in redirect)
curly
no-multiple-empty-lines
2 years ago
Thomas Lynch
e047782249
eslint lib, migrations, db, models, test, schedules and root dir
2 years ago
Thomas Lynch
e2c68723b5
add back !dontStoreRawIps to manage pages, because the raw rooms dont get broadcasted to if raw ips are fully disabled, so joining them (Even for staff with raw ip perm) will not show any posts
2 years ago
Thomas Lynch
bb582c2de8
"helpers" -> "lib
...
god help anybody who gets serious merge conflicts from this
close #434
2 years ago
Thomas Lynch
0a8c8e3ed5
remove nonsense inconsistent check for recents pages only, pruning should be used in this case instead
2 years ago
Thomas Lynch
ed3f32d4a3
bugfix JIT built catalogs not having json
2 years ago
Thomas Lynch
db65093a61
error handling
3 years ago
Thomas Lynch
5bdc214716
add csrftoken to sessions page model
3 years ago
Thomas Lynch
f2b4ec2dd2
ability to show your login sessions, ref #353
3 years ago
Thomas Lynch
92c504e59c
rename ip.single -> ip.cloak
3 years ago
Thomas Lynch
00da66f95e
dont destructure roles, access it normally so load() callback will update them properly
...
and rename agian, why do i suck at naming stuff lol
3 years ago
Thomas Lynch
e511c67efa
Make roles update on edits and fix map imports, so the role names show correctly after edt
3 years ago
Thomas Lynch
993924a5f2
Start making roles editable ref #377
...
permtemplates are now roles.
They are in the db and can be edited.
Still have to do a few things like the migration, gulpfile and some small details.
3 years ago
Thomas Lynch
0fe3983d5f
apply template to user accounts ref #377
3 years ago
Thomas Lynch
159e67b430
ref #426 ip "cloaking"
...
still todo migration
"ips" will make more sense for staff now
qrange/hrange no longer need to be stored
bypass still work like before. will have .BP suffix, normal ips are .IP
filtering and stuff still works
bans page will now show .*'s in the cloaked view for range bans
in future version, this allows (even for those who cant see raw ips):
- modlog, bans, post hisory filters including per-range
- directly input ips/range cloak to ban, without selecting a post
- upgrading existing bans from single to ranges
3 years ago
Thomas Lynch
d1f9c78258
ref #377 , the fun begins
...
still a few things to do, see TODO (heh)
mostly working how i imagined, with a few quirks.
pretty happy with it.
3 years ago
Thomas Lynch
1813e8bda2
bugfix, typo
3 years ago
Thomas Lynch
be2f65c0b9
when webring not enabled, remove unnecessary call to Boards.webringSites() since the only site name will be the local meta.siteName
3 years ago
Thomas Lynch
5e15e5cdd5
csrf token only fetch, for API and will be added to jschan-docs
3 years ago
Thomas Lynch
9e62be3404
reports api endpoint ref #366
3 years ago
Thomas Lynch
1ef700630f
disable custom overboard toggle global setting, migration, improved forms
3 years ago
Thomas Lynch
ed75519a7b
serve overboard(catalog) as json
3 years ago
Thomas Lynch
fb3a6e4592
sort add/remove boardlists in overboard
3 years ago
Thomas Lynch
ac10f3f636
overboard upgrade to allow add/remove boards, both views and the link to each keeps the same.
3 years ago
Thomas Lynch
444f71c637
add missing board data to options in buildcustompage to prevent double fetch from db
...
and fix not rebuilding them on "rebuildOther" for example for customcsss change
3 years ago