Commit Graph

30 Commits

Author SHA1 Message Date
Azareal 08d5e2e0d8 add more weak password definitions
move the weak password logic to it's own file
add another weak password test case and split the test function
2020-06-18 12:39:21 +10:00
Azareal f0c9544af6 make it easier to define weak password definitions
add tests for weak passwords
make it easier to check values of errors returned from weak password
loosen weak password requirements for long passwords
reduce boilerplate when loading json files
only check for email in passwords when it is longer than two chars
more canonemail tests
2020-06-18 08:03:36 +10:00
Azareal 0254687d5b oh 2020-06-16 13:25:38 +10:00
Azareal 9c185cd1fd add missing perf units 2020-02-24 18:28:43 +10:00
Azareal 0dede6a329 NoEmbeds privacy and config settings.
Phase out url_prefix and url_name.
Eliminate some boilerplate and allocations while we're at it.
Reduce the number of conditional statements in url validator loops.
Better parsing of Site.URL to handle user error better.

You will have to run the patcher / updater for this commit.
2019-12-08 13:40:56 +10:00
Azareal d2be6b220e Support for optional emails.
Reduce boilerplate and allocations.
Fix the error shown on AccountEditEmailTokenSubmit when there aren't any emails rows.

Add register_account_email_optional phrase.
Add account_email_none phrase.
2019-10-30 08:13:45 +10:00
Azareal a465850adb simplify the agents, forums, memory and referrer counters
move DirSize into it's own file
2019-07-28 14:01:33 +10:00
Azareal 084f1bbeca Use strings.Builder in NameToSlug. 2019-06-05 15:10:42 +10:00
Azareal 05c2ac3ce4 Add the disk and database sections to the debug page.
Add the ActivityStream interface to abstract Get, Add and Count.
Rename the GlobalCount methods to Count for simplicity.
Simplify the variable names in the Count methods.
Rename the GlobalCount method to Count and rename the original Count method to CountUser in LoginLogStore.
Add a float64 case for bunit, sort of.
Theme.RunTmpl now returns ErrBadDefaultTemplate instead of panicking when an interpreted template doesn't exist.
Widget.Allowed now checks the zoneid.
Fire the alert off in the background in AddActivityAndNotifyTarget instead of blocking the request.
Use ErrBadDefaultTemplate instead of calling DefaultTemplates.Lookup directly for custom pages.
Split the page struct for the debug page into multiple structs to make things more organised.

Add the Count method to ProfileReplyStore.
Add the Count method to ReplyStore.
Add the DirSize utility function.

Add a few ActivityStream tests.

Secret gallery stuff.
2019-06-01 22:31:48 +10:00
Azareal 5dc238f196 Added Mem to the dashboard and added a historic process memory use analytics pane.
Added the memchunks table.
Eliminated some unnecessary indentation in the analytics templates.

Added the panel_menu_statistics_memory phrase.
Added the panel_dashboard_memused phrase.
Added the panel_dashboard_memused_desc phrase.
Added the panel_statistics_memory_head phrase.

You will need to run the updater / patcher for this commit.
2019-05-01 16:59:51 +10:00
Azareal 8f2f47e8aa Added the In-Progress Widget Manager UI.
Added the IsoCode field to phrase files.
Rewrote a good portion of the widget system logic.
Added some tests for the widget system.
Added the Online Users widget.
Added a few sealed incomplete widgets like the Search & Filter Widget.
Added the AllUsers method to WsHubImpl for Online Users. Please don't abuse it.

Added the optional *DBTableKey field to AddColumn.
Added the panel_analytics_time_range template to reduce the amount of duplication.
Failed registrations now show up in red in the registration logs for Nox.
Failed logins now show up in red in the login logs for Nox.
Added basic h2 CSS to the other themes.
Added .show_on_block_edit and .hide_on_block_edit to the other themes.
Updated contributing.
Updated a bunch of dates to 2019.
Replaced tblKey{} with nil where possible.
Switched out some &s for &s to reduce the number of possible bugs.
Fixed a bug with selector messages where the inspector would get really jittery due to unnecessary DOM updates.
Moved header.Zone and associated fields to the bottom of ViewTopic to reduce the chances of problems arising.
Added the ZoneData field to *Header.
Added IDs to the items in the forum list template.
Split the fetchPhrases function into the initPhrases and fetchPhrases functions in init.js
Added .colstack_sub_head.
Fixed the CSS in the menu list.
Removed an inline style from the simple topic like and unlike buttons.
Removed an inline style from the simple topic IP button.
Simplified the LoginRequired error handler.
Fixed a typo in the comment prior to DatabaseError()
Reduce the number of false leaves for WebSocket page transitions.
Added the error zone.
De-duped the logic in WsHubImpl.getUsers.
Fixed a potential widget security issue.

Added twenty new phrases.
Added the wid column to the widgets table.

You will need to run the patcher / updater for this commit.
2019-01-21 22:27:59 +10:00
Azareal 3465e4c08f You can now manage the attachments for an opening post by hitting edit.
The update system now uses the database as the source of truth for the last version rather than lastSchema.json
Refactored several structs and bits of code, so we can avoid allocations for contexts where we never use a relative time.
Clicking on the relative times on the topic list and the forum page should now take you to the post on the last page rather than just the last page.
Added the reltime template function.
Fixed some obsolete bits of code.
Fixed some spelling mistakes.
Fixed a bug where MaxBytesReader was capped at the maxFileSize rather than r.ContentLength.
All of the client side templates should work again now.
Shortened some statement names to save some horizontal space.
accUpdateBuilder and SimpleUpdate now use updatePrebuilder behind the scenes to simplify things.
Renamed selectItem to builder in AccSelectBuilder.
Added a Total() method to accCountBuilder to reduce the amount of boilerplate used for row count queries.
The "_builder" strings have been replaced with empty strings to help save memory, to make things slightly faster and to open the door to removing the query name in many contexts down the line.
Added the open_edit and close_edit client hooks.
Removed many query name checks.
Split the attachment logic into separate functions and de-duplicated it between replies and topics.
Improved the UI for editing topics in Nox.
Used type aliases to reduce the amount of boilerplate in tables.go and patches.go
Reduced the amount of boilerplate in the action post logic.
Eliminated a map and a slice in the topic page for users who haven't given any likes. E.g. Guests.
Fixed some long out-dated parts of the update instructions.
Updated the update instructions to remove mention of the obsolete lastSchema.json
Fixed a bug in init.js where /api/me was being loaded for guests.
Added the MiniTopicGet, GlobalCount and CountInTopic methods to AttachmentStore.
Added the MiniAttachment struct.
Split the mod floaters out into their own template to reduce duplication.
Removed a couple of redundant ParseForms.

Added the common.skipUntilIfExistsOrLine function.
Added the NotFoundJS and NotFoundJSQ functions.
Added the lastReplyID and attachCount columns to the topics table.
2018-12-27 15:42:41 +10:00
Azareal bdf7fa40d5 Improved the datetimes on the log pages.
Added an experimental template fragment optimisation.
The template generator can handle time.Time
The forum and profile templates now have guest and member variants generated for them.
Interpreted templates are no longer loaded, if there's a generated version of it.

Added absolute time on hover to the topic, topics, forum, and forums templates.
We now use lang instead of index in the stylesheets for phrases.
Renamed the .trash_label CSS class to .delete_label
Use the new toArr and concat template functions to reduce the amount of boilerplate in the theme stylesheets.
Removed bits of redundant code here and there in the stylesheets.
Added a .CurrentUser.Loggedin to profiles to make them slightly faster.
Shortened some themeStmt names.
Moved GzipResponseWriter, theme.RunTmpl and theme.GetTmpl from theme_list.go to theme.go
The fallback theme now falls back onto the last theme loaded, if the fallback theme doesn't exist.
Added the abstime template function for formatting absolute times a little more nicely.

Began work on the login logs.

Removed the alerts_no_new_alerts phrase.
Renamed the forums_topics_suffix phrase to forums.topics_suffix.
2018-12-14 14:08:53 +10:00
Azareal de78268b20 Added level progress indicators, still WIP.
Fixed a bug where GetLevelScore wouldn't work and simplified it slightly.
Removed the account_dash_next_level phrase.
Added the account_dash_level phrase.
2018-10-08 15:34:25 +10:00
Azareal be66ac4c8d Added tests for the word counter. 2018-10-04 19:01:07 +10:00
Azareal 00059194a5 Punctuation should demarcate word endings too. 2018-09-24 09:40:52 +10:00
Azareal 0f2503a20c Made it harder to parse the antispam script.
Used Unicode magic to make it harder to parse the antispam trap question.
Added more shady email substrings.
Tweaked the contributing guidelines, no more await allowed... For now.
Might already have Git, note that.
Added the the_form class to the login form, registration form and login mfa form.
Made the titles on the Control Panel Dashboard and Debug page a little softer on Cosora.

Added the quick topic form to Nox.
Made the topic pages somewhat usable on Nox.
2018-07-05 19:54:01 +10:00
Azareal 2319548e1f Added some heuristics for detecting suspicious emails. 2018-06-30 20:22:39 +10:00
Azareal f8f46b3c48 Added support for two-factor authentication.
Added the Account Dashboard and merged a few account views into it.
BREAKING CHANGE: We now use config/config.json instead of config/config.go, be sure to setup one of these files, you can config_default.json as an example of what a config.json should look like. If you don't have an existing installation, you can just rely on the installer to do this for you.

CSS Changes (does not include Nox Theme):
Sidebar should no longer show up in the account manager in some odd situations or themes.
Made a few CSS rules more generic.
Forms have a new look in Cosora now.

Config Changes:
Removed the DefaultRoute config field.
Added the DefaultPath config field.
Added the MaxRequestSizeStr config field to make it easier for users to input custom max request sizes without having to use a calculator or figure out how many bytes there are in a megabyte.
Removed the CacheTopicUser config field.
Added the UserCache config field.
Added the TopicCache config field

Phrases:
Removed ten english phrases.
Added 21 english phrases.
Changed eleven english phrases.
Removed some duplicate indices in the english phrase pack.

Removed some old benchmark code.
Tweaked some things to make the linter happy.
Added comments for all the MemoryUserCache and MemoryTopicCache methods.
Added a comment for the null caches, consult the other caches for further information on the methods.
Added a client-side check to make sure the user doesn't upload too much data in a single post. The server already did this, but it might be a while before feedback arrives from it.
Simplified a lot of the control panel route code with the buildBasePage function.
Renamed /user/edit/critical/ to /user/edit/password/
Renamed /user/edit/critical/submit/ to /user/edit/password/submit/
Made some small improvements to SEO with a couple of meta tags.
Renamed some of the control panel templates so that they use _ instead of -.
Fixed a bug where notices were being moved to the wrong place in some areas in Cosora.
Added the writeJsonError function to help abstract writing json errors.
Moved routePanelUsers to panel.Users
Moved routePanelUsersEdit to panel.UsersEdit
Moved routePanelUsersEditSubmit to panel.UsersEditSubmit
Renamed routes.AccountEditCritical to routes.AccountEditPassword
Renamed routes.AccountEditCriticalSubmit to routes.AccountEditPasswordSubmit
Removed the routes.AccountEditAvatar and routes.AccountEditUsername routes.
Fixed a data race in MemoryTopicCache.Add which could lead to the capacity limit being bypassed.
Tweaked MemoryTopicCache.AddUnsafe under the assumption that it's not going to be safe anyway, but we might as-well try in case this call is properly synchronised.
Fixed a data race in MemoryTopicCache.Remove which could lead to the length counter being decremented twice.
Tweaked the behaviour of MemoryTopicCache.RemoveUnsafe to mirror that of Remove.
Fixed a data race in MemoryUserCache.Add which could lead to the capacity limit being bypassed.
User can no longer change their usernames to blank.

Made a lot of progress on the Nox theme.
Added modified FA5 SVGs as a dependency for Nox.
Be sure to run the patcher or update script and don't forget to create a customised config/config.json file.
2018-06-17 17:28:18 +10:00
Azareal f85bf51103 Added a couple of simple anti-spam measures.
Made progress with an internal error logging component for the Control Panel.
Made LogWarning less susceptible to races and slightly improved log contention.
Revamped the registration page on Cosora.
Added the SanitiseSingleLine and SanitiseBody functions to better centralise sanitisation and to ensure more consistent sanitisation.
Zero length spaces are no longer permitted in usernames to help prevent impersonation. More to come in this area.
Plugins / internal components can now schedule hourly tasks.
Reduced the chances of newlines breaking the visual layout in areas which expect none.

Added the register_account_anti_spam phrase.
2018-05-31 16:51:31 +10:00
Azareal e311e088c2 Reverted back to URL safe randomly generated strings.
Removed the redundant conditional.
2018-05-28 21:31:19 +10:00
Azareal 23a686fe96 UNSTABLE: Began work on the Nox Theme.
Removed the Tempra Cursive Theme.
You can now do bulk moderation actions with Shadow.

Added:
Argon2 as a dependency.
The EmailStore.
The ReportStore.
The Copy method to *Setting.
The AddColumn method to the query builder and adapters.
The textarea setting type.
More logging to better debug issues.
The GetOffset method to the UserStore.

Removed:
Sortable from Code Climate's Analysis.
MemberCheck and memberCheck as they're obsolete now.
The obsolete url_tags setting.
The BcryptGeneratePasswordNoSalt function.
Some redundant fields from some of the page structs.

Revamped:
The Control Panel Setting List and Editor.

Refactored:
The password hashing logic to make it more amenable to multiple hashing algorithms.
The email portion of the Account Manager.
The Control Panel User List.
The report system.
simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing.

Fixed:
Missing slugs in the profile links in the User Manager.
A few template initialisers potentially reducing the number of odd template edge cases.
Some problems with the footer.
Custom selection colour not applying to images on Shadow.
The avatars of the bottom row of the topic list on Conflux leaking out.

Other:
Moved the startTime variable into package common and exported it.
Moved the password hashing logic from user.go to auth.go
Split common/themes.go into common/theme.go and common/theme_list.go
Replaced the SettingLabels phrase category with the more generic SettingPhrases category.
Moved a load of routes, including panel ones into the routes and panel packages.
Hid the notifications link from the Account Menu.
Moved more inline CSS into the CSS files and made things a little more flexible here and there.
Continued work on PgSQL, still a ways away.
Guests now have a default avatar like everyone else.
Tweaked some of the font sizes on Cosora to make the text look a little nicer.
Partially implemented the theme dock override logic.
Partially implemented a "symlink" like feature for theme directories.
... And a bunch of other things I might have missed.

You will need to run this update script / patcher for this commit.
Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 19:36:35 +10:00
Azareal ba98b0c952 Added the registration logs.
Tweaked the h1 CSS for the Control Panel in Cosora.
Improved the support for autocompleters.
Reverted some of the int64s back to ints.
The per-request user variable should now have the IPs for guests.
Removed some obsolete statements.
Removed a couple obsolete phrases.
Moved a couple more accumulator initializers out of the store initializers.
Refactored one of the report statements to use a store instead of a statement.
Created the menuhead CSS class.
Added the GetOffset method to the LogStore interface and refactored the mod and admin log pages to use it.
Changed the labels on the adminlog and modlog pages to make them more understandable.
Removed the generated templates from Git.

Run the patcher / update script to get the new table.
2018-05-16 20:46:14 +10:00
Azareal 9075798128 Alerts are now rendered via a client side transpiled template rather than being hard-coded.
Tweaked some bits to make them more 32-bit friendly for GopherJS, but this might not be necessary now.
Added notice.html
Added an alerts package to fix the import cycles, more things may be moved here soon.
Saved a few lines of accumulator code in a few stores.
Moved the AccountEditCriticalSubmit, AccountEditAvatar, AccountEditAvatarSubmit, AccountEditUsername, and AccountEditUsernameSubmit routes into the routes package.
Added a QueryRow method to AccSelectBuilder.
Tweaked the indentation in the generated templates.
Simplified the template render in the AccountEditUsernameSubmit route into a redirect back to the previous page.

Run the update script / patcher to replace the route names in the viewchunks table.
2018-05-14 18:56:56 +10:00
Azareal b32e8d6c21 You can now disable slugs.
Split ops.log into ops.log and requests.log
Moved the logs into the logs directory.
Moved more password validation logic in the registration route into WeakPassword().
Tweaked the WeakPassword algorithm to cover more cases and to reduce the number of false positives.
Fixed the error grammer in WeakPassword now that the linter isn't bothering me about that anymore.
Fixed BuildGuildURL().
Removed some commented logging logic.
Bad requests are no longer logged to the console.
All bad routes are logged now.
We now track the instance uptime on the Control Panel Debug Page.
Added the executables for Linux to the .gitignore file.
Added GopherJS as a dependency.

Began work on transpiling WeakPassword to JavaScript in use in the client-side logic.
2018-04-03 05:34:07 +01:00
Azareal c7df616f5b Profiles are less broken now.
Renamed RouteViewCounterImpl to DefaultRouteViewCounter.
Added the bot_routes.go file and moved routeRobotsTxt into it.
Added /report/ to robots.txt to stop Googlebot going there.

Began work on the sitemaps. I plan to move the routes into their own package, but I don't want to break too many things right now.
2017-12-24 07:38:46 +00:00
Azareal 10a0c62823 The Cosora Theme is almost complete and is being rolled out on the site to demo it.
We now track the views on a per-route basis. We have plans for an admin UI for this, global views, etc. which will come in a future commit.

The local error JSON is now properly formed.
Fixed an outdated line in topic.go which was using the old cache system.
We now use fuzzy dates for relative times between three months ago and a year ago.
Added the super admin middleware and the associated tests.
Added the route column to the viewchunks table.
Added more alt attributes to images.
Added a few missing ARIA attributes.

Began refactoring the route generator to use text/template instead of generating everything procedurally.
Began work on per-topic view counts.
2017-12-19 03:53:13 +00:00
Azareal 6bae378db0 Moved the modlog and admin log logic to their own file.
Refactored the code to use the new builder syntax.
Fixed the DbInit logic.
Made sure the prepared statements are cleaned up.
Added the AdminOnly middleware and added it to the routes.
Added the Query method to the selectBuilder.
2017-11-11 23:34:27 +00:00
Azareal f30ea7a9bb Finished moving the files into the subpackage, this should open more doors to us.
Moved more queries out of the global stmt holder.
Refactored several things.
2017-11-11 04:06:16 +00:00
Azareal 20bb909c54 Moving the files into subpackages 1/?
Moved more routes into the router generator.
Renamed a few of the routes.
Refactored the router generator.
Fixed PreRoute.

Began work on letting plugins plug into the template transpiler.
2017-11-10 03:33:11 +00:00