Thomas Lynch
d04f61e356
make migrateversion separate again close #341 so i can increment version more now
4 years ago
Thomas Lynch
e103c71478
publish scoped gulp-pug package to use gulp 3, 3.0.2 to fix vuln that this POS outdated package wont update
4 years ago
Thomas Lynch
fc525c6a04
update package.json
4 years ago
Thomas Lynch
a34340ea00
move the settings to mongo instead of redis (like it should have been in the first place tbh)
...
i *think* the migration from previous version will work.
made the version to 0.1.0 because im sick of 0.0.10000 and this is kinda a big change.
close #334
4 years ago
Thomas Lynch
b474134ed1
ability to change permissions for any markdown, this can be extended nicely in future close #303
4 years ago
Thomas Lynch
f1eabe64fc
change what we use for version, and add it properly to the locals for custompages
4 years ago
Thomas Lynch
67e50bdb8e
dont duplicate codethemes, improve gulpfile and theme helper
...
now only css files are listed as themes, othe extensions are copied to /file
and gulp-replace is used to prepend /file/ to all the url( paths in the codethemes
4 years ago
Thomas Lynch
1b1883be1e
fix the webring and the rest of the options to the new panel
4 years ago
Thomas Lynch
46d07a486f
update readme for config changes
...
make sure gulp will init defaults settings from tempalte on new install
migration to import old settings into redis
4 years ago
Thomas Lynch
edd2f0392d
npm update
4 years ago
Thomas Lynch
d31a60e69a
put thumbs in a folder, tests would have been nice to have cos this will probably cause regressions, heh... reference #307
4 years ago
Thomas Lynch
523fbac0d7
fix custompages index issue
4 years ago
Thomas Lynch
d75fb8cb0f
rename some tor-specific stuff to "anonymizer" to be more general since i added lokinet to my site, will make easier to add others e.g. i2p in futuure
4 years ago
Thomas Lynch
56562a9e52
update deps
4 years ago
Thomas Lynch
9215dcbf17
test only, blockhash option
4 years ago
Thomas Lynch
32967db91a
migration and bump version for board custom pages
4 years ago
Thomas Lynch
0bc6a80c96
update deps
4 years ago
Thomas Lynch
22f582f3a7
Insecure tripcodes reference #282
4 years ago
Thomas Lynch
fed92d6621
separate trigger action for when tph vs pph is exceeded
...
option for lock reset and captcha reset, to pick what you want the lock mode and captcha mod to go back to at the end of the hour
also fix avuln in boardsettings where pph trigger/mode settings were not range checked
4 years ago
Thomas Lynch
e87754f67e
reference #256 unique message per board/thread option
...
strips quote, so starting post with quote isnt considered unique
4 years ago
Thomas Lynch
ecb9550693
update some deps
4 years ago
Thomas Lynch
a2d34ac4af
close #265 global and board setting to disable .onion file posting
4 years ago
Thomas Lynch
f9e15e23e8
option for boards to enforce unique files board wide or per thread
4 years ago
Thomas Lynch
26dd43f251
update express-fileupload middleware to fix issue with abort event incorrectly deleting temp files between file upload middleware and later middlewares
4 years ago
Thomas Lynch
48d6721ecc
update deps
4 years ago
Thomas Lynch
b963a1814f
forgot to update migrateVersion for #488c100ca443aa05623a7c2723376b2e88c5a67f
4 years ago
Thomas Lynch
24574862a2
Add file-type moodule to check file mime types strictly, with 2 optiosn in config about it
...
Update express-fileupload dependency to clean tempfiles on numFilesLimitHandler
Add a proper error message for max num files instead of allowing unlimited and limiting in board post method
4 years ago
Thomas Lynch
7d87819ad4
Update node-fetch dependency for security advisory https://npmjs.com/advisories/1556
4 years ago
Thomas Lynch
2d1af818aa
Update some deps
4 years ago
Thomas Lynch
14dc090e08
Migration, and a change that will make it not get completely destroyed by ddos over TOR
4 years ago
some random guy
e30ec2737e
normalize IP addresses
...
Currently jschan takes the IP address as a string from the `X-Real-Ip` header,
which based on the frontend proxy configuration, OS settings, etc. can take
various forms:
IPv4 addresses can be given in normal IPv4 dotted notation (e.g. `1.2.3.4`) or
as an IPv4-mapped IPv6 address (e.g. `::ffff:1.2.3.4`). The problem is, that in
the latter case, node's `isIP` will report 6, so the code will try to split it
along colons, breaking hrange and qrange.
With IPv6 addresses, it's possible to elide runs of zeroes, so `::1` and
`0:0:0:0:0:0:0:1` (and also `0000:0000:0000:0000:0000:0000:0000:0001`)
represents the same address. Since it's pretty easy to get a /64 IPv6 block, a
spammer can abuse it, by spamming from `a🅱️ c:d::1` (`qrange=a🅱️ c:d`,
`hrange=a🅱️ c`), then from `a🅱️ c:d::1:1` (`qrange=a🅱️ c:d:`, `hrange=a🅱️ c`),
`a🅱️ c:d::1:1:1` (`qrange=a🅱️ c:d::1`, `hrange=a🅱️ c:d`) and
`a🅱️ c:d:1:1:1:1` (`qrange=a🅱️ c:d:1:1`, `hrange=a🅱️ c:d`). He practically got
two hranges and qrange is pretty much pointless for IPv6 addresses.
This change uses the `ip6addr` package to parse IP addresses and convert it to
some canonical form. This means:
* IPv4 and IPv4-mapped IPv6 addresses are converted to normal IPv4 notation.
* Zero are not elided in IPv6 (so you'll never see `::`).
* IPv6 addresses are not zero padded (so `..:1` instead of `..:0001`).
* Even though it's not documented, it seems like `ip6addr` always generates
lower-case letters.
This will unfortunately mean that some IP hashes may change after the update.
Normal IPv4 hashes will most probably remain the same though.
4 years ago
Thomas Lynch
1f7e670c7c
modlog records for non-delete actions now link to posts closes #193
4 years ago
Thomas Lynch
8935ca5c28
Customisable header for IP and country code, and improve how country names are handled
4 years ago
Thomas Lynch
f4717b35a3
explicit version for express-fileupload, which should now be fixed
4 years ago
Thomas Lynch
39bbedfe53
Get session in websocket
4 years ago
Thomas Lynch
9f47b05f0d
update deps
4 years ago
Thomas Lynch
ce0bfab6c2
switch to getting packages from gitgud.io
4 years ago
Thomas Lynch
708a6e0b9b
remove dupe dependency with same path
4 years ago
dependabot-preview[bot]
d4705d6f3c
Bump bcrypt from 4.0.1 to 5.0.0 ( #166 )
...
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js ) from 4.0.1 to 5.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases )
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
Thomas Lynch
e6f11478ee
Dev auto reset triggers ( #152 )
...
* dev-auto-reset-triggers to test auto resetting trigger action at end of each hour references #130
* migration and comment change
* migrateVersion change
4 years ago
fatchan
5fde07163c
start on migration file and fixing ban index
4 years ago
fatchan
f4ca3563d5
Sage only email without force anon reference #130
4 years ago
fatchan
a35959a092
Sage only email without force anon reference #130
4 years ago
Thomas Lynch
b32f3a76c0
bring across dependabot merges ( #147 )
...
* Bump ioredis from 4.16.3 to 4.17.1
Bumps [ioredis](https://github.com/luin/ioredis ) from 4.16.3 to 4.17.1.
- [Release notes](https://github.com/luin/ioredis/releases )
- [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md )
- [Commits](https://github.com/luin/ioredis/compare/v4.16.3...v4.17.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump sanitize-html from 1.23.0 to 1.24.0
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/apostrophecms/sanitize-html/releases )
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md )
- [Commits](https://github.com/apostrophecms/sanitize-html/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump pug from 2.0.4 to 3.0.0
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump mongodb from 3.5.7 to 3.5.8
Bumps [mongodb](https://github.com/mongodb/node-mongodb-native ) from 3.5.7 to 3.5.8.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases )
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md )
- [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
c1ea23a6a8
Bump pug from 2.0.4 to 3.0.0
...
Bumps [pug](https://github.com/pugjs/pug ) from 2.0.4 to 3.0.0.
- [Release notes](https://github.com/pugjs/pug/releases )
- [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
fatchan
9f44f8aabc
country blocking per board
4 years ago
fatchan
8d49e2d815
Webring proxy support
4 years ago
fatchan
7b3b416cd6
add new migration
4 years ago
fatchan
d17670c857
potential fix for dumb palememe
4 years ago
dependabot-preview[bot]
17bcfa4621
Bump highlight.js from 9.18.1 to 10.0.0
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 9.18.1 to 10.0.0.
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/9.18.1...10.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago