Thomas Lynch
646cc551b7
More configuration and bit less ugly config layout for captcha
4 years ago
Thomas Lynch
60d36bbb6a
Make a bit more maintainable, support different captcha types with some config options
4 years ago
Thomas Lynch
f751436ae4
Tweak different captcha
4 years ago
Thomas Lynch
51084e1bc0
Test a different captcha
4 years ago
Thomas Lynch
28fdb8af81
small refactor, make captcha check separate. should be eaasier to add different captchas now
...
fix conditions for when to render bypass vs message page on failed captchas
use crypto timingsafeequal for comparing input to answer
4 years ago
Thomas Lynch
78f68f8baa
clear tempfiles in the pre bypass check because it might be after handlePostFilesEarlyTor
4 years ago
Thomas Lynch
786f5a2ffa
Bugfix for repeated getting new bypass when tor user didnt need one. not necessarily a big problem but it means they would keep getting new ids. this could actually be leveraged for a scuffed auto-refresh system in future
4 years ago
Thomas Lynch
b0797f0418
Beta testing .onion support
...
***DO NOT USE***
This still has some issues and needs testing.
- needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost
- need to make sure bans work properly still
- need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now
- im 99% sure post history of tor users is broken if viewed by non-global staff
- manual input ban form will also be broken for non-global staff
- could still use some improvement on the middleware having a little more complicated flor for tor users
But for the most part it works. Basically it will use the bypass id of a tor user as their "ip".
4 years ago
some random guy
0190ae5a0b
less garbage is session store
...
authenticated: same as `user != null`
user.authLevel, user.ownedBoards, user.modBoards: refreshed by sessionrefresh on
each request anyways, so it doesn't make much sense to store them in the session
store too.
4 years ago
some random guy
6f1ab5292f
safer redirects with login/logout
...
* properly escape goto parameter
* do not redirect to anywhere, only to the same server, no query parameters
This should still allow valid targets, like `/account.html`,
`/boardname/manage/whatever` while disallow things like `https://othersite.com `.
4 years ago
Thomas Lynch
8935ca5c28
Customisable header for IP and country code, and improve how country names are handled
4 years ago
fatchan
73a5241640
Add edit to action controllers and edit post view
4 years ago
fatchan
0edce10529
add more calls during some checks like dnsbl and blockbypass fails to remove temp files
5 years ago
fatchan
0df78e0a7f
make blockbypass modal look+sound better, check for success and auto close and make post when completed successfully
5 years ago
fatchan
1d1f42f94d
quick way to make bypasses in a frame
5 years ago
fatchan
5be8431d24
supporting stuff for modals, scripts, and urlencoded handling in forms.js
5 years ago
fatchan
6dc671998d
start of improving modals
5 years ago
fatchan
262100effa
allow custom message for link attribute in modal and message page
5 years ago
fatchan
13657a04cb
small fix check in hasperms
5 years ago
fatchan
73203db312
start option for unhashed ips
5 years ago
fatchan
da570c3fe6
fix bug in blockybpass when incorrect length
5 years ago
fatchan
3b452604e2
dont do 2 captchas, give bypass if already solved board captcha
5 years ago
fatchan
84971cd274
start work on blockbypass
5 years ago
fatchan
504fbd4496
dnsbl
5 years ago
fatchan
8659aa5baf
make bans show properly for js users because browsers are dumb
5 years ago
fatchan
4ac46b0003
make that actually work
5 years ago
fatchan
5784b4925f
bugfixes
5 years ago
fatchan
a41bc64987
hidden boards shown for global staff on board list
5 years ago
fatchan
2b4e631756
accounts page, list owned and mod boards in accounts, show on global manage and accounts page
5 years ago
fatchan
503900594a
add relative time into mstime and rename it to timeutils and improve it. use relative times for board list
5 years ago
fatchan
48e761be46
add ip range bans
5 years ago
fatchan
485dc802aa
improve how errors shown when making a post, use modals and fix ban seen marking
5 years ago
fatchan
e802efb0be
redirect to pages more consistently when login is needed, with correct redirect
5 years ago
fatchan
fabab059de
early post moving, next up refactor to move re-markup for styling logic and backlinks out from deletepost into general case to use when moving posts that have quotes in them
5 years ago
fatchan
85de95bc31
fix names of sage/bumplock action in a few places
5 years ago
fatchan
0a95ff4b16
socket.io to make posting _actually_ live instead of polling the api. way mroe efficient
5 years ago
fatchan
8f5eaa45c5
change bans to not be a building action if there was no ban message
5 years ago
fatchan
957cc087c8
add column in ban table to show if a ban has been viewed
5 years ago
fatchan
9970a9b43a
dont show areas with no permissions to board vols
5 years ago
fatchan
7c0561d2ec
separate manage pages for bans, reports, settings and banners
5 years ago
fatchan
de61e95c64
early account management on global manage page. maybe list isnt necessary, could be changed to a simple input box to avoid getting too big, or having to make separate page/paginated
5 years ago
fatchan
71410ca48d
add ability to ban reporters e.g. for spamming reports
5 years ago
Tom
96597d558d
Appeals ( #52 )
...
* add ban appeals
* unnecessary ocmment from c/p
5 years ago
Tom
f0795a959f
Tags ( #51 )
...
* board tags, and limits to tags, moderators and filters
* increase max filters
* change page to match
* add board ownership transfers (#50 )
5 years ago
Tom
f0ca405236
Add modlogs ( #48 )
...
* public mod logs, per day and list of log days
* action handler variable names and logic changes, also dont duplicate modloglist code
5 years ago
fatchan
c7cd5eebbc
cache parameters for permission check
5 years ago
fatchan
04c784bc40
changes to actionchecker perms levels for file uinlinks, and reverse check for board exist in form
5 years ago
fatchan
12f1df0e9c
refactor, all orm controllers now separate ^-^
5 years ago
fatchan
8cdd235e8f
set perm level on middleware to not check it redundantly, easier to maintain
5 years ago
fatchan
87f59ed051
board moderators can now be assigned/removed
5 years ago