Commit Graph

504 Commits

Author SHA1 Message Date
Azareal
7691078ce5 Fixed a bug in AddHook where the indices of the hooks would be off by one.
RemoveHook now panics under conditions which should normally never happen, but which when it does, gives off a far more useful message.
Changed the order of the conditional after BypassActive in PluginsDeactivate, so the error message will show up now.
The deactivation handler is optional again for plugins.

Added more tests for the plugin system.
2018-07-29 23:02:48 +10:00
Azareal
50d5be6f32 Moved the plugin manager to the routes package.
Added many, many tests for the plugin system.
Refactored some of the plugin system queries.

Fixed a bug where prepared statements would build up and crash Gosora.
Removed the inline CSS from the plugin rows.
2018-07-29 20:54:12 +10:00
Azareal
d74a221467 Move the thumbnailer task closure into thumbnailer.go 2018-07-29 14:34:28 +10:00
Azareal
f9a579ae4d Move the tickloop logic into it's own file. 2018-07-29 14:17:17 +10:00
Azareal
c25b289076 Moved the HTTP server initialisation logic into it's own function and made it a little more flexible for some upcoming changes. 2018-07-29 13:31:09 +10:00
Azareal
3aeee419c1 Added support for re-encoding GIFs, hopefully this'll work with animated avatars.
Fixed a bug where jpgs wouldn't get re-encoded.
2018-07-29 00:51:24 +10:00
Azareal
0a628f7201 PNG and JPG avatars are now encoded as JPG images leading to a dramatic drop in the amount of bandwidth used.
Did some work on image thumbnailing, but our dependencies are acting up delaying this from being released.

Fixed the positions of the topic list bits for Nox on mobile.
Removed APNG as an accepted image format, as we don't currently have a good way of optimising these images.
Added a comment regarding the constant time compare for sessions.
Added a warning about putting Gosora in www folders.
Noavatars can now take a width parameters.
Added a bit of missing validation for the avatar uploader.
Refactored the multiple file detector for the avatar uploader.

Added a Run method to accDeleteBuilder.
Added an EachInt method to AccSelectBuilder.
Added a Run method to accInsertBuilder.

Added the users_avatar_queue table, you will need to run the patcher / update script.
You might also want to update the Noavatar field in your config.json file with the new one.
2018-07-28 22:52:23 +10:00
Azareal
cee027cc7f Added more information on hardening the database. 2018-07-26 16:44:04 +10:00
Azareal
2e77ef716d Go for the safer and faster curves for HTTPS. 2018-07-26 16:15:49 +10:00
Azareal
3b0b2485d7 Move some bits around and fix other bits. 2018-07-25 19:53:24 +10:00
Azareal
a5761f1679 Added some new installation instructions, we might want to harden some of these guidelines, although we might create trouble in some environments where we don't have root, if we go too overboard. 2018-07-25 19:44:23 +10:00
Azareal
5dcfd2633b The systemd example service file should work now. 2018-07-24 18:45:01 +10:00
Azareal
35d0facf06 Reverted the changes to run-linux due to scoping issues breaking it. 2018-07-24 16:52:55 +10:00
Azareal
affdf67273 Made progress on Nox, fixed a phrase, and added a couple of missing phrases.
Nox now supports bulk moderations.
Began work on mobile with Nox.
Made several visual improvements for Nox.
Updated the service example.
2018-07-24 15:41:08 +10:00
Azareal
17892ba906 Tweaked the phrases for the actions to make them flow better, we still need to localise these. 2018-07-20 18:00:17 +10:00
Azareal
60bf821f8a Do constant time compares for sessions for security reasons. 2018-07-20 17:58:59 +10:00
Azareal
e62f6a4868 Added an experimental systemd service file. 2018-07-20 14:59:11 +10:00
Azareal
75a6ceca84 Added a missing bounds check in peekMatch. 2018-07-18 16:36:16 +10:00
Azareal
e5ef86b59c Added user sharding to WsHubImpl to help reduce the amount of lock contention in the upcoming features which will rely heavily on it. 2018-07-18 16:32:48 +10:00
Azareal
101d4522fa Trying to reduce the number of duplicate commands in the shell files. 2018-07-16 16:27:34 +10:00
Azareal
d0907134ef Database connection drops are handled better now. 2018-07-15 20:29:31 +10:00
Azareal
9c6af9dd01 Design update. I'm trying to break the commits into more chunks to get a better idea of what's going on
Moved the topic_closed and topic_sticky classes to the topic_row element to make things more flexible.
Tweaked the padding in the account manager for Nox.
Removed some text which is immediately overwritten anyway in mod_floater.

Began work on bulk moderation for Nox.
2018-07-15 15:00:48 +10:00
Azareal
2a5ab2969c Added Caire and pkg/errors as dependencies.
Made the initialisers and the task runner in main.go easier to debug.

Added form_button_row to a few forms.
Bumped up the attachment image size for Cosora.
Hid the formlabels for the setting editor for Cosora to make it cleaner.
Revamped the account manager with the same CSS as in the Control Panel for Nox.
Started adding the_form to more forms.
Removed the account_emails CSS class from the email editor.
Continued tweaking the Control Panel in Nox to make it look nicer.
Tweaked some of the headers in the Nox Theme.
Added the Create Topic and Moderate options to the topic list on the Nox Theme, although the bulk moderation tools aren't available yet.
Tweaked the padding and sticky shades on the topics on the topic list on the Nox Theme.
Closed topics are now somewhat styled on the topic list on the Nox Theme.
Continued work on the topic pages for Nox.

Renamed Admin Approval to Staff Approval in the English Language Pack.
Added more phrases for the Group Manager and Panel Menu in spots I overlooked.

Began work on the dyntmpl template function.
Be sure to run the patcher / update script to get the new setting.
2018-07-13 21:27:58 +10:00
Azareal
0f2503a20c Made it harder to parse the antispam script.
Used Unicode magic to make it harder to parse the antispam trap question.
Added more shady email substrings.
Tweaked the contributing guidelines, no more await allowed... For now.
Might already have Git, note that.
Added the the_form class to the login form, registration form and login mfa form.
Made the titles on the Control Panel Dashboard and Debug page a little softer on Cosora.

Added the quick topic form to Nox.
Made the topic pages somewhat usable on Nox.
2018-07-05 19:54:01 +10:00
Azareal
3043ce083d Basic proxy IP support.
Switched out a couple of <a>s in the Control Panel with <h1>s, we might want to use <h2> here instead.
Added graphs for Nox.
Tweaked header markup for Nox.
Added support for live topic list to Nox.
Added styling for stickies on Nox.
Fixed topic list text overflow on Nox.
2018-07-03 20:01:49 +10:00
Azareal
2319548e1f Added some heuristics for detecting suspicious emails. 2018-06-30 20:22:39 +10:00
Azareal
c640a73afd Fixed a crash bug in the post preparser.
Moved tryStepForward out of PreparseMessage()
Added another test for PreparseMessage()
2018-06-30 14:34:07 +10:00
Azareal
bf40d61474 Live Topic List should work properly now with replies too, not just new topics.
Tweaked the visuals for the live topic list on Cosora. More to come with this.
Nox Theme is now present on the theme selector, although it's still under construction.

Improved SEO for social media.
Added the topic_list tmpl phrase prefix.
Added the topic_list.changed_topics phrase.
Added a few more PreparseMessage tests.
Session cookies should now be deleted after you logout, not just blanked.
2018-06-30 13:40:50 +10:00
Azareal
5d810c1e3b We now use SameSite cookies for sessions #security 2018-06-29 14:14:51 +10:00
Azareal
65ceaef4ea Tightened the preparser up a little and wrote more tests to cover more bases.
Green is a little misleading, as we Gosora doesn't call home to check for new versions yet.
2018-06-26 14:54:20 +10:00
Azareal
6eb3429c25 Added i as an alias for em in the HTML parser.
b is now an alias for strong in the HTML parser rather than being it's own thing.
Fixed a bug where tags weren't being closed.
Fixed a bug where the right entities weren't being written all the time.

Added tests for the preparser.
2018-06-26 12:30:29 +10:00
Azareal
1f28ecb804 Rewrote the reverse HTML parser and also fixed the bug with Trumbowyg's span tags sometimes becoming visible. Fixes #9 2018-06-26 00:28:04 +10:00
Azareal
0306c8bf44 Things have changed since 2017, so we need to update the README to reflect them.
We also want to make things a little friendlier for those who don't understand as much programming terminology.
2018-06-25 17:13:39 +10:00
Azareal
89a16beebd Keep expectations realistic, but don't understate our stability either. 2018-06-25 16:49:26 +10:00
Azareal
7851724937 / should be mapped properly to the default route for WebSockets events now #11
Updated the README.
2018-06-25 16:24:38 +10:00
Azareal
7be011a30d Almost finished live topic lists, you can find them at /topics/. You can disable them via config.json
The topic list cache can handle more groups now, but don't go too crazy with groups (e.g. thousands of them).

Make the suspicious request logs more descriptive.
Added the phrases API endpoint.
Split the template phrases up by prefix, more work on this coming up.
Removed #dash_saved and part of #dash_username.
Removed some temporary artifacts from trying to implement FA5 in Nox.
Removed some commented CSS.
Fixed template artifact deletion on Windows.
Tweaked HTTPSRedirect to make it more compact.
Fixed NullUserCache not complying with the expectations for BulkGet.
Swapped out a few RunVhook calls for more appropriate RunVhookNoreturn calls.
Removed a few redundant IsAdmin checks when IsMod would suffice.
Commented out a few pushers.
Desktop notification permission requests are no longer served to guests.
Split topics.html into topics.html and topics_topic.html
RunThemeTemplate should now fallback to interpreted templates properly when the transpiled variants aren't avaialb.e
Changed TopicsRow.CreatedAt from a string to a time.Time
Added SkipTmplPtrMap to CTemplateConfig.
Added SetBuildTags to CTemplateSet.
A bit more data is dumped when something goes wrong while transpiling templates now.
topics_topic, topic_posts, and topic_alt_posts are now transpiled for the client, although not all of them are ready to be served to the client yet.
Client rendered templates now support phrases.
Client rendered templates now support loops.
Fixed loadAlerts in global.js
Refactored some of the template initialisation code to make it less repetitive.
Split topic.html into topic.html and topic_posts.html
Split topic_alt.html into topic_alt.html and topic_alt_posts.html
Added comments for PollCache.
Fixed a data race in the MemoryPollCache.
The writer is now closed properly in WsHubImpl.broadcastMessage.
Fixed a potential deadlock in WsHubImpl.broadcastMessage.
Removed some old commented code in websockets.go

Added the DisableLiveTopicList config setting.
2018-06-24 23:49:29 +10:00
Azareal
163d417831 Oh, Travis wants a blank password. 2018-06-17 18:41:36 +10:00
Azareal
1308027c34 This should do it 2018-06-17 18:12:39 +10:00
Azareal
97cd88d02b Oops typo 2018-06-17 17:39:31 +10:00
Azareal
abea872806 Fix Travis. 2018-06-17 17:34:14 +10:00
Azareal
f8f46b3c48 Added support for two-factor authentication.
Added the Account Dashboard and merged a few account views into it.
BREAKING CHANGE: We now use config/config.json instead of config/config.go, be sure to setup one of these files, you can config_default.json as an example of what a config.json should look like. If you don't have an existing installation, you can just rely on the installer to do this for you.

CSS Changes (does not include Nox Theme):
Sidebar should no longer show up in the account manager in some odd situations or themes.
Made a few CSS rules more generic.
Forms have a new look in Cosora now.

Config Changes:
Removed the DefaultRoute config field.
Added the DefaultPath config field.
Added the MaxRequestSizeStr config field to make it easier for users to input custom max request sizes without having to use a calculator or figure out how many bytes there are in a megabyte.
Removed the CacheTopicUser config field.
Added the UserCache config field.
Added the TopicCache config field

Phrases:
Removed ten english phrases.
Added 21 english phrases.
Changed eleven english phrases.
Removed some duplicate indices in the english phrase pack.

Removed some old benchmark code.
Tweaked some things to make the linter happy.
Added comments for all the MemoryUserCache and MemoryTopicCache methods.
Added a comment for the null caches, consult the other caches for further information on the methods.
Added a client-side check to make sure the user doesn't upload too much data in a single post. The server already did this, but it might be a while before feedback arrives from it.
Simplified a lot of the control panel route code with the buildBasePage function.
Renamed /user/edit/critical/ to /user/edit/password/
Renamed /user/edit/critical/submit/ to /user/edit/password/submit/
Made some small improvements to SEO with a couple of meta tags.
Renamed some of the control panel templates so that they use _ instead of -.
Fixed a bug where notices were being moved to the wrong place in some areas in Cosora.
Added the writeJsonError function to help abstract writing json errors.
Moved routePanelUsers to panel.Users
Moved routePanelUsersEdit to panel.UsersEdit
Moved routePanelUsersEditSubmit to panel.UsersEditSubmit
Renamed routes.AccountEditCritical to routes.AccountEditPassword
Renamed routes.AccountEditCriticalSubmit to routes.AccountEditPasswordSubmit
Removed the routes.AccountEditAvatar and routes.AccountEditUsername routes.
Fixed a data race in MemoryTopicCache.Add which could lead to the capacity limit being bypassed.
Tweaked MemoryTopicCache.AddUnsafe under the assumption that it's not going to be safe anyway, but we might as-well try in case this call is properly synchronised.
Fixed a data race in MemoryTopicCache.Remove which could lead to the length counter being decremented twice.
Tweaked the behaviour of MemoryTopicCache.RemoveUnsafe to mirror that of Remove.
Fixed a data race in MemoryUserCache.Add which could lead to the capacity limit being bypassed.
User can no longer change their usernames to blank.

Made a lot of progress on the Nox theme.
Added modified FA5 SVGs as a dependency for Nox.
Be sure to run the patcher or update script and don't forget to create a customised config/config.json file.
2018-06-17 17:28:18 +10:00
Azareal
2d7f302768 Build artifacts are now cleaned up on Windows too.
Tests should be a lot less noisy now.

Fixed a bug where BulkGetMap didn't return any users if you opted out of using a memory cache for the user store.
Used new() in a few more places.
Fixed a test which didn't work properly.
Tweaked the panel_pages_no_pages phrase.
2018-06-06 16:13:55 +10:00
Azareal
7e935b6df0 I forgot this is Linux not Windows, this should do it. 2018-06-06 14:42:57 +10:00
Azareal
83ae671948 Added some missing commands from the scripts for Linux.
Removed some unnecessary messages when cleaning up build artifacts.
Added the binary as a build artifact to be cleaned up.
git stash is now used for updates to better deal with changes to chmodded files.
2018-06-06 14:33:47 +10:00
Azareal
aa073ced48 The scripts for Linux now clear out previously generated files so they shouldn't cause hassles after upgrades anymore. 2018-06-06 14:16:27 +10:00
Azareal
dd75bf9ad9 All the notices now use AddNotice. 2018-06-06 10:29:12 +10:00
Azareal
a5f5f4af7e Added the Page Manager for faster and easier custom page creation.
Added the PageStore.

Renamed account_own_edit.html to account_own_edit_password.html
Renamed custom-page.html to custom_page.html
Renamed the pre_render_custom_page hook to pre_render_tmpl_page.
Added a new pre_render_custom_page hook, not to be confused with the previous one.
Renamed the pre_render_account_own_edit_critical hook to pre_render_account_own_edit_password.
Moved the report forum ID into a constant.
Renamed todaysReportCount to topicsTopicCountByForum and made it more generic.
Renamed panel-menu.html to panel_menu.html
Renamed panel-inner-menu.html to panel_inner_menu.html
Removed an irrelevant editable_parent in a no results row.
Fixed the profile page loading the wrong profile.css
Fixed a bug where the last poster avatar would break on the forum page.
Added the AddNotice method to *Header.
Greatly simplified many of the page struct definitions.
Added the ErrorPage page struct and refactored the error pages to use it.
Added the BasePanelPage page struct and refactored the panel page structs to use it.
Tweaked the DefaultHeader function to set the user on the spot rather than after the fact.
Simplified AccountEditAvatarSubmit into a redirect.
Add the addElement closure in the control panel dashboard to reduce the amount of complexity.
Tweaked LogWarning to better handle nils.

Added the account_username phrase.
Added the account_avatar phrase.
Added the account_email phrase.
Added the panel_pages phrase.
Added the panel_pages_edit phrase.
Added the panel_page_created phrase.
Added the panel_page_updated phrase.
Added the panel_page_deleted phrase.
Added the account_menu_security phrase.
Added the panel_menu_pages phrase.
Added the panel_pages_head phrase.
Added the panel_pages_edit_button_aria phrase.
Added the panel_pages_delete_button_aria phrase.
Added the panel_pages_no_pages phrase.
Added the panel_pages_create_head phrase.
Added the panel_pages_create_name phrase.
Added the panel_pages_create_name_placeholder phrase.
Added the panel_pages_create_title phrase.
Added the panel_pages_create_title_placeholder phrase.
Added the panel_pages_create_body_placeholder phrase.
Added the panel_pages_create_submit_button phrase.
Added the panel_pages_edit_head phrase.
Added the panel_pages_name phrase.
Added the panel_pages_title phrase.
Added the panel_pages_edit_update_button phrase.

Began work on two-factor authentication.
Made more progress with the Nox Theme.
2018-06-06 10:21:22 +10:00
Azareal
d897e05256 Users can no longer post or edit posts in locked topics.
Permissions should cascade properly now in the topic template, should have no actual effects on security given the particular nature of this one.
Tiny bit of work on Nox.

Began work on trimming down the page structs to only the necessary parts.
2018-06-01 15:02:29 +10:00
Azareal
f85bf51103 Added a couple of simple anti-spam measures.
Made progress with an internal error logging component for the Control Panel.
Made LogWarning less susceptible to races and slightly improved log contention.
Revamped the registration page on Cosora.
Added the SanitiseSingleLine and SanitiseBody functions to better centralise sanitisation and to ensure more consistent sanitisation.
Zero length spaces are no longer permitted in usernames to help prevent impersonation. More to come in this area.
Plugins / internal components can now schedule hourly tasks.
Reduced the chances of newlines breaking the visual layout in areas which expect none.

Added the register_account_anti_spam phrase.
2018-05-31 16:51:31 +10:00
Azareal
e311e088c2 Reverted back to URL safe randomly generated strings.
Removed the redundant conditional.
2018-05-28 21:31:19 +10:00