Thomas Lynch
a1ccd6f267
Try to integrate post moving a bit better into the existing combined actions flow
...
Bugfix some move issues
2 years ago
Thomas Lynch
058d7b1dbb
Eslint and bugfix unused crossBoardMovePages
2 years ago
Thomas Lynch
516884cf3e
Cross board post move bugfixes/changes
...
Make rebuilds work for both baords
2 years ago
Thomas Lynch
344ed5f662
Cross board post move bugfixes/changes
2 years ago
Thomas Lynch
b391c0cb66
Make post editing a GET endpoint with perm check like editstaff/editcustompages, much more sensible
2 years ago
Thomas Lynch
1191ec4dc8
Mostly functional cross board post moving
2 years ago
Thomas Lynch
0d6323669f
Start on cross board thread moves #250
2 years ago
Thomas Lynch
bdf5da0adc
Ban type ip display and storage improvement
2 years ago
Thomas Lynch
dc739b3cff
Bugfix, make editrole route actually allow you edit BYPASS_CAPTCHA perm
2 years ago
Thomas Lynch
f4328812f2
Add e2e tests for twofactor
...
Remove some cruft from package-lock from speakeasy
Add guard in dotwofactor for no/null (not blank) twofactor
2 years ago
Thomas Lynch
29bb4856ab
2fa improvements
...
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
2 years ago
Thomas Lynch
d9288a137a
Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async
2 years ago
Thomas Lynch
e5d0f9871f
Add text version of secret to twofactor.html for people without/who dont want to use a camera or screenshot the image
...
Add warning to twofactor.html that other sessions will be logged out and they have to log in again
Change cache-control header to no-cache, even though private is secure (prevent showing cached page without outdated secret)
2 years ago
Thomas Lynch
b93bab7faf
Switch speakeasy -> otpauth (maintained, more modern, actively developed)
...
Remove dev debug skip of 2fa generation ratelimit
Shorten totp validity window
Remove ugly stuff from login/changepassword forms, change wording
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
b69337e2f1
Show ban notes in mod view tables and allow editing them
2 years ago
Thomas Lynch
3b08cc684b
Start on ban notes
2 years ago
Thomas Lynch
190410cc54
Bugfix issue with tor and renewing bypasses in some situations. Should be fetching *upserted* id from db or just using known ID.
2 years ago
Thomas Lynch
0fc87e752d
make captcha font apply to text AND grid
...
set a new default font which is common on linux, in debian repos, and has the chess characters
remove 24MB font file that came from i dont even remember where
2 years ago
Thomas Lynch
6b437d7159
Dont show replayable option if other files disabled on board
...
Rebuild board pages on file type for image/other changes, to account for tegaki in postform changes
2 years ago
Thomas Lynch
05db1d898a
eslint fix remove debuglogs import, settings.json update is now logged as a render event rather than in debuglogs
2 years ago
Thomas Lynch
cc2eefc477
Bugfix showing correct amount of deleted asset/banner on board, deletedCount->modifiedCount because we are updating board object not deleting a document
2 years ago
Thomas Lynch
9a7053242d
Close #370 optional disable overboard reverse image links
2 years ago
Thomas Lynch
2a48b10054
Fix duplicate key in projectedsettings for board settings, and make custompages jsons get removed on deleting custom page.
...
Close #479 add endpoints for board and global settings.json to api with options that would be useful for a 3rd party app. Add the associated tasks, calls to them in settings.
Small change and add comments in lib/build/render.
2 years ago
Thomas Lynch
641c087ecc
Add public json for modlog list, logs, custompages
...
update the banners task to output json (not just render it), so it can be reached on first pageload
close #491
2 years ago
Thomas Lynch
3cb5e0197a
Revert "Close #480 dont show "register" on login page if not allowed for regular user, since users might reach it clicking "manage" after the login redirect"
...
This reverts commit 9c5dd5efa8
.
2 years ago
Thomas Lynch
35da2a9ff1
Close #478 option to hide banners and [banners] links board setting
2 years ago
Thomas Lynch
fd7fc1adbf
Close #470 ability to renew an existing bypass, which is slightly useful if you allow long living bypasses
2 years ago
Thomas Lynch
9c5dd5efa8
Close #480 dont show "register" on login page if not allowed for regular user, since users might reach it clicking "manage" after the login redirect
2 years ago
Thomas Lynch
9517ec2f05
Allow "other" files in addassets, to allow e.g. fonts
2 years ago
Thomas Lynch
47ab8d22c0
Configurable hot threads max age, update migration, changelog, etc
2 years ago
Thomas Lynch
47083e149b
Fix the anonymizer bypass captcha permission issue (and fix the stupid pre-bypass and postsEarly in general)
2 years ago
Thomas Lynch
3a4737ad8e
Add account permission to bypass captcha ref #435 still TODO fixing it for anonymizers
2 years ago
Thomas Lynch
962481845d
Bugfix double sending headers on return from create model, e.g. if board already exists
2 years ago
Thomas Lynch
06828da6c0
Refactor captcha generators and captcha model
...
Generators changes:
- take captchaoptions as argument, so no longer require config.get or captchas db imports
- return the captcha object (gm instance) and solution (whatever).
The model itself inserts the solution to db, gets captchaid for filename and cookie, and writes the image to disk.
Slightly cleaner imo, and makes the captcha generators more testable without requiring any mocking for DB/config.
2 years ago
Thomas Lynch
c969814f54
First version of grid v2
2 years ago
Thomas Lynch
8f74885ba2
Add noise and paint slider options to grid captcha
2 years ago
Thomas Lynch
3ab0a271c4
Inactive accounts handling schedule, globalsettings for it and migration.
...
Plus the same for abandoned boards handling, just still TODO the schedule.
ref #418
2 years ago
Thomas Lynch
6ec6b32ed5
Change "wave" and "paint" text effect captcha options from toggle to slider
...
Add "noise" text captcha effect slider
Add font lib to get list of system fonts
Add "font" text captcha option
ref #469
2 years ago
Thomas Lynch
c8ebf9a579
Improvement to grid v1 to allow customising, allowing for something like this.
...
-true characters
-false characters
-question text
Make optional (and add additional options for) some filters/effects
-paint
-line
-wave
2 years ago
Thomas Lynch
18ab7d24ee
When strict mime validation is enabled, actually tell the user what the server thinks the mime is in the mismatch error message.
...
note: only for making posts (for now), pending a refactor of some checks that are shared and duplicated between other file upload models e.g. banners/asset
2 years ago
Thomas Lynch
4022999966
Remove or update some no longer relevant todos.
...
re: the captcha one, roundrobin = too fast expiring, sampling expireAfter $gte some time = possible to not get returned a captcha. so stucking with random. been working fine.
2 years ago
Thomas Lynch
d8f2e8292f
add eslint rules
...
no-template-curly-in-string (+find and fix minor bug in redirect)
curly
no-multiple-empty-lines
2 years ago
Thomas Lynch
115679a4de
I guess my comment in lib/post/filteractions was right
...
+update CONTRIBUTING.md
2 years ago
Thomas Lynch
e047782249
eslint lib, migrations, db, models, test, schedules and root dir
2 years ago
Thomas Lynch
ec5eb65aa7
change return of getfilterstrings to object and destructure
2 years ago
Thomas Lynch
0a3515291b
yeah, it was pretty busted
2 years ago
Thomas Lynch
6c9f0a211f
hotfix editing broken filters
...
note: i am dumb and the testing account has BYPASS_FILTERS so what i broke in changing filters went unnoticed
in future, will add more tests w/ different permission levels
2 years ago
Thomas Lynch
452071ebb0
debugLogs logs board and global setting changes
2 years ago
Thomas Lynch
7893947ee6
refactor, dedup the combining of post data into strings for filtering, and blocking post/applying ban. also improve the comments. previously was ugly and duplicated between makepost and editpost model
2 years ago