Thomas Lynch
536aecffcc
Bug in RNG causing blocking, and make captcha show properly in modal for mobile
4 years ago
Thomas Lynch
14dc090e08
Migration, and a change that will make it not get completely destroyed by ddos over TOR
4 years ago
Thomas Lynch
60d36bbb6a
Make a bit more maintainable, support different captcha types with some config options
4 years ago
Thomas Lynch
28fdb8af81
small refactor, make captcha check separate. should be eaasier to add different captchas now
...
fix conditions for when to render bypass vs message page on failed captchas
use crypto timingsafeequal for comparing input to answer
4 years ago
Thomas Lynch
09e0bcb518
references #209 , add optional google recaptcha. implementation could use some polish, but it will work for now.
4 years ago
Thomas Lynch
f1db4f7317
Fix post history for tor user and remove manual addban form from non-global manage pages (for now)
4 years ago
Thomas Lynch
b0797f0418
Beta testing .onion support
...
***DO NOT USE***
This still has some issues and needs testing.
- needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost
- need to make sure bans work properly still
- need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now
- im 99% sure post history of tor users is broken if viewed by non-global staff
- manual input ban form will also be broken for non-global staff
- could still use some improvement on the middleware having a little more complicated flor for tor users
But for the most part it works. Basically it will use the bypass id of a tor user as their "ip".
4 years ago
some_random_guy
0f20646833
use `redirect: false` in express.static
...
This prevents prolems like `/` giving 404 in devel mode (when
`static/html/index.html` is missing) or `/captcha` redirecting to
`/captcha/` (then breaking).
4 years ago
some random guy
cd789dba0c
remove unnecessary user object from session
...
It only had a single property, username.
4 years ago
some random guy
0190ae5a0b
less garbage is session store
...
authenticated: same as `user != null`
user.authLevel, user.ownedBoards, user.modBoards: refreshed by sessionrefresh on
each request anyways, so it doesn't make much sense to store them in the session
store too.
4 years ago
some random guy
6f1ab5292f
safer redirects with login/logout
...
* properly escape goto parameter
* do not redirect to anywhere, only to the same server, no query parameters
This should still allow valid targets, like `/account.html`,
`/boardname/manage/whatever` while disallow things like `https://othersite.com `.
4 years ago
Thomas Lynch
4e0fa3f092
apparently only one other place uses this hehe
4 years ago
Thomas Lynch
1f7e670c7c
modlog records for non-delete actions now link to posts closes #193
4 years ago
Thomas Lynch
8935ca5c28
Customisable header for IP and country code, and improve how country names are handled
4 years ago
Thomas Lynch
1b22fbb1de
no sticky posts on overboard #166
4 years ago
Thomas Lynch
36da8cc649
add a prefix just in case
4 years ago
Thomas Lynch
248b41081c
same shit for overboard
4 years ago
Thomas Lynch
a15b36c5b0
testing cache for board list #166
4 years ago
Thomas Lynch
ed5f8b7539
no sticky posts on overboard
4 years ago
Thomas Lynch
bf652855d0
no need to log that
4 years ago
Thomas Lynch
97ed9a91f0
seemsgood, closes #194
4 years ago
Thomas Lynch
fb5adeba06
remove debugging
4 years ago
Thomas Lynch
f1abc3c224
Start on selective spoilering references #170 filename stripping references #204
4 years ago
Thomas Lynch
f92b9f9ec9
Track listed boards and use to now show unlisted baords on overboard, could also use for optimisations in future such as queries for board list references #166
4 years ago
Thomas Lynch
0021ed02cc
Early version of overboard, /all.html. Still needs a small cache and moderation changes to support moderating references #166
4 years ago
fatchan
39a2db4178
Typo, close #162
4 years ago
Thomas Lynch
2e47790350
This should change it back closes #158 ( #160 )
4 years ago
fatchan
0dfb1cf22f
This should change it back closes #158
4 years ago
Thomas Lynch
e6f11478ee
Dev auto reset triggers ( #152 )
...
* dev-auto-reset-triggers to test auto resetting trigger action at end of each hour references #130
* migration and comment change
* migrateVersion change
4 years ago
fatchan
f4ca3563d5
Sage only email without force anon reference #130
4 years ago
fatchan
b21189f762
Change the wording of that because it wouldnt be correct for ipv6
4 years ago
fatchan
7974f1d8c3
Fix global report ban filtering and include subnet in report bans
4 years ago
fatchan
9d15ddf251
global reports and logs ip fixes
4 years ago
fatchan
a517a3659c
Bugfix & improve bans from filter to remove unnecessary queyr, use insertedId from insertOne instead of fetching again
4 years ago
fatchan
9cbf198772
let postid ip history work properly again, too
4 years ago
fatchan
cc16ceadb6
Fix post history, allow people with perms to use hash substring and show subnet in bans
4 years ago
fatchan
0307f69693
Start fixing my really dumb retard mistake of how ips and post histories work
4 years ago
fatchan
a35959a092
Sage only email without force anon reference #130
4 years ago
fatchan
9f44f8aabc
country blocking per board
4 years ago
fatchan
efe7451982
fix thumbnail for single frame video while maintaining 1% for others references #121
4 years ago
fatchan
a2f88e5b52
up default thumb size, use a variable in css for easier adjusting and thumbnail all pngs because APNG is dumb references #121
4 years ago
fatchan
6e1f552304
Bugfix quote difference/intersection when updating for edits references #121
4 years ago
fatchan
71d3cb8692
some uris disallowed for technical reasons
4 years ago
fatchan
b5b5c8bdf2
invert show/hide name option for modlog and edit
4 years ago
fatchan
7b3b416cd6
add new migration
4 years ago
fatchan
846bc63706
bump limit
4 years ago
fatchan
9ded8817d9
logout change
4 years ago
fatchan
2d2ce8f6a4
name showing on edit follow modlog setting
4 years ago
fatchan
9e768e8eac
bugfixhandlign arraysettings in board settings change
4 years ago
fatchan
3962e7d4dc
fix captcha ratelimit
4 years ago