Commit Graph

63 Commits

Author SHA1 Message Date
Azareal b66a494f1c Revert "Revert "will a pointer make this faster...?""
This reverts commit 501bcc2425.
2020-03-18 19:21:34 +10:00
Azareal 501bcc2425 Revert "will a pointer make this faster...?"
This reverts commit 8e414486b8.
2020-03-15 21:34:57 +10:00
Azareal 8e414486b8 will a pointer make this faster...? 2020-03-15 17:06:44 +10:00
Azareal f83da97fb9 run group promotions on registration
run group promotions on activation
2020-02-09 23:48:33 +10:00
Azareal a569772e9c Add DisableRegLog configuration setting.
Unit tests for DisablePostIP. Awkward but does the job for now.
2020-01-04 15:30:25 +10:00
Azareal 35ddc89009 Optimise the database layer.
Refactor database adapters.
Experimental last ip cutoff.

More parser test cases.
2020-01-01 07:57:54 +10:00
Azareal 0dede6a329 NoEmbeds privacy and config settings.
Phase out url_prefix and url_name.
Eliminate some boilerplate and allocations while we're at it.
Reduce the number of conditional statements in url validator loops.
Better parsing of Site.URL to handle user error better.

You will have to run the patcher / updater for this commit.
2019-12-08 13:40:56 +10:00
Azareal 430df1e325 Add blocklist page.
Add account_blocked phrase.
Add account_menu_blocked phrase.
Add account_blocked_head phrase.
Add account_blocked_remove phrase.
Add account_blocked_no_users phrase.
2019-11-12 16:17:46 +10:00
Azareal 142359ce11 Add SslSchema config setting.
Reject URL usernames on registration.

Reduce length of char variable name.
2019-11-04 21:55:52 +10:00
Azareal 1da6d3db09 Don't send activation emails on blank emails.
Begin work on the Email Manager.
2019-10-30 16:37:51 +10:00
Azareal d2be6b220e Support for optional emails.
Reduce boilerplate and allocations.
Fix the error shown on AccountEditEmailTokenSubmit when there aren't any emails rows.

Add register_account_email_optional phrase.
Add account_email_none phrase.
2019-10-30 08:13:45 +10:00
Azareal 5705252029 Add UseConvos permission.
Use UseConvos permission instead of ban flags in convo perm checks.
Stop users without the UseConvos permission from editing convo replies, although they can still delete them for privacy reasons.

Shorten some things and reduce the amount of boilerplate.
Add a few misc parser test cases.
Fix footer and tweak indentation.
2019-10-06 10:34:09 +10:00
Azareal f1bebb7326 Shorten the names of the IP fields.
Shorten some other things.
2019-09-01 08:34:43 +10:00
Azareal ee3c29b136 Let admins change and revoke user avatars.
Linkify avatars in the user manager too.

Add the panel_user_avatar phrase.
2019-06-11 08:00:57 +10:00
Azareal 199a841bc3 Add the UploadAvatars permission.
Let users revoke their own avatars, work in progress.
Reduce boilerplate in debug.go

Add the UploadAvatars phrase.
Add the account_penalties phrase.
Add the account_menu_penalties phrase.
Add the account_avatar_revoke_button phrase.

More Vue and Conversations Work.
2019-06-09 13:21:48 +10:00
Azareal fdd223d9cf Rewrite the pagination algorithm so it works properly.
Shorten a few bits of JS.
Get the topic store methods to call BypassGet instead of duplicating logic.
2019-06-04 15:48:12 +10:00
Azareal 05c2ac3ce4 Add the disk and database sections to the debug page.
Add the ActivityStream interface to abstract Get, Add and Count.
Rename the GlobalCount methods to Count for simplicity.
Simplify the variable names in the Count methods.
Rename the GlobalCount method to Count and rename the original Count method to CountUser in LoginLogStore.
Add a float64 case for bunit, sort of.
Theme.RunTmpl now returns ErrBadDefaultTemplate instead of panicking when an interpreted template doesn't exist.
Widget.Allowed now checks the zoneid.
Fire the alert off in the background in AddActivityAndNotifyTarget instead of blocking the request.
Use ErrBadDefaultTemplate instead of calling DefaultTemplates.Lookup directly for custom pages.
Split the page struct for the debug page into multiple structs to make things more organised.

Add the Count method to ProfileReplyStore.
Add the Count method to ReplyStore.
Add the DirSize utility function.

Add a few ActivityStream tests.

Secret gallery stuff.
2019-06-01 22:31:48 +10:00
Azareal d0e40ae81b Split some of the member only logic out of global.js and into member.js
Moved the script in register.html into an external file.
Client hooks can now be dynamically created thus reducing the burden on init.js to pre-define all of them.
The current user is now passed in as an argument to the action_end_create_topic hook.
Shorted more common. to c.

Added the almost_end_init client hook.
2019-04-25 16:02:51 +10:00
Azareal 42b9f27c45 Defer setting headers to renderTemplate to avoid wasting resources for JSON requests and for future optimisations.
Error pages now use routes.renderTemplate bringing them in line with the other standard routes.
Every route should use a renderTemplate function now instead of calling RunTmpl.
Merged some pi and renderTemplate lines in routes to reduce the amount of vertical space used.
2019-04-19 19:34:16 +10:00
Azareal 20a6a22e78 Shorten the common namespaces in some areas to reduce the amount of boilerplate. 2019-04-19 16:36:26 +10:00
Azareal 23a0bf3f41 Try hash based cache busting with stylesheets too.
Use a semantic blockquote element instead of span in plugin_bbcode for [quote]
You can now use <blockquote> elements directly in posts.
Added styling for quotes to Shadow, Cosora and Nox.
Experimenting with the padding on Nox's Control Panel Menu.
Tweaked the padding for the User Manager items on Nox.
Fixed #back filling up all the space it can on Tempra Simple.
Added a bit of padding below the last element before the footer on Tempra Simple.

Tempra Simple's misc.js is now loaded asynchronously.
Shadow's misc.js is now loaded asynchronously.
profile_member.js is now loaded asynchronously.
account.js is now loaded asynchronously.
2019-03-24 17:23:38 +10:00
Azareal cb58c1c83f The number of unread alerts now appears in the page title.
Added the Back to Site link to Nox's Control Panel.
Added the panel_group_menu template and used it to de-dupe the group menu HTML.
Fixed a potential race condition with dismiss alert.
Fixed a strange bug where new alerts wouldn't appear.
Fixed a race condition where client templates sometimes wouldn't load.
Dramatically cut down on the number of DOM rebuilds for the alert list.
Added some missing error handling for ajax page block loads.
Fixed a bug where the dimiss alert endpoint wasn't sending a success payload.

Made the register_might_be_machine phrase more descriptive.
Added the panel_menu_aria phrase.
2019-03-16 21:31:10 +10:00
Azareal 414d9c4817 Tighter ratelimiting for password resets.
Eliminated a line in agents.go
Added the DateCutoff method to accCountBuilder.
Function columns should now work for ComplexSelect.
Added type=search to the Search and Filter Widget search box.

Began cleaning some prebuilder logic up.
Began work on the generic ratelimit interface.
2019-03-12 19:13:57 +10:00
Azareal e22ddfec40 Added support for password resets.
Sha256 hashes are now stored in the SFile structures, this will come of use later.
Rows should be properly closed in DefaultTopicStore.BulkGetMap.
All errors should be properly reported now in DefaultTopicStore.BulkGetMap.
Rows should be properly closed in DefaultUserStore.BulkGetMap.
All errors should be properly reported now in DefaultUserStore.BulkGetMap.
Don't have an account on the login page should now be linkified.
Renamed tempra-simple to tempra_simple to avoid breaking the template transpiler.
Fixed up bits and pieces of login.html on every theme.
Removed an old commented code chunk from template_init.go
widget_wol widgets should now get minified.
bindToAlerts() should now unbind the alert items before attempting to bind to them.
Tweaked the SendValidationEmail phrase.
Removed a layer of indentation from DefaultAuth.ValidateMFAToken and added the ErrNoMFAToken error for when MFA isn't setup on the specified account.
Email validation now uses a constant time compare to mitigate certain classes of timing attacks.

Added the /accounts/password-reset/ route.
Added the /accounts/password-reset/submit/ route.
Added the /accounts/password-reset/token/ route.
Added the /accounts/password-reset/token/submit/ route.
Added the password_resets table.

Added the password_reset_email_fail phrase.
Added the password_reset phrase.
Added the password_reset_token phrase.
Added the password_reset_email_sent phrase.
Added the password_reset_token_token_verified phrase.
Added the login_forgot_password phrase.
Added the password_reset_head phrase.
Added the password_reset_username phrase.
Added the password_reset_button phrase.
Added the password_reset_subject phrase.
Added the password_reset_body phrase.
Added the password_reset_token_head phrase.
Added the password_reset_token_password phrase.
Added the password_reset_token_confirm_password phrase.
Added the password_reset_mfa_token phrase.
Added the password_reset_token_button phrase.

You will need to run the updater or patcher for this commit.
2019-03-11 18:47:45 +10:00
Azareal 836a148ee8 Delete old avatar files to avoid dead files from building up in /uploads/ and potentially causing issues.
Make the thumbnailer more resiliant when the avatar it's supposed to be thumbnailing doesn't exist.
/uploads/ should be set to 2755 to reduce the probability of permission issues.

WebSockets now re-connects after a while after the connection drops. This is slightly experimental.
2019-03-05 14:46:43 +10:00
Azareal 3cb5896316 Tighten the content security policies for profiles.
Use template variables instead of CSS variables in Nox for better browser backwards compatibility.
Emit a local error instead of an internal error when submitting an activation token as a guest or invalid user.
Moved the inline profile scripts into profile_member.js
2019-03-04 16:43:07 +10:00
Azareal 0e5ea2035e Activation tokens should work again now.
Document the SMTPEnableTLS setting and update the documentation for SMTPPort.
2019-03-03 16:10:26 +10:00
Azareal e9b46e1cd6 Email errors should be logged now.
Reordered the registration logic so the session is created before any, if any, email errors fire.
Fixed a bug where the analytics phrases would load after the graph is drawn.
2019-03-03 13:19:32 +10:00
Azareal fe33112827 Added an experimental content security policy.
Added support for Open Graph Descriptions.
Nox now officially supports notices.
Tweaked the language detection algorithm to cover more cases.
Tweaked the user agent parser to accomodate DotBot better.
Added a non-JS fallback for the theme selector.
Tweaked the padding on widget simple.
Scripts should now execute properly for individual language charts in the analytics panel.
2019-02-24 18:02:00 +10:00
Azareal 1fb497adf8 Deployed multi-series charts across the entirety of the analytics panel.
Added the one year time range to the analytics panes.
Dates are now shown on detail panes for Request, Topic and Post analytics instead of times for higher time ranges.
The labels should now show up properly for the three month time range charts.
The paginator should now work properly for login logs.
Pushed a potential fix for subsequent pages with only one item not showing. up.
Executing a search query should now change the title.
Fixed a bug where the user agent parser choked on : characters.
Fixed the ordering of items in the multi-series charts which caused the most important items to get booted out rather then the least important ones.
Tweaked the padding on the User Manager items for Nox so they won't break onto multiple lines so readily.
Fixed a potential issue with topic list titles.
Fixed a potential crash bug in the Forum Analytics for deleted forums.

Added the Count method to LoginLogStore.
Continued work on the ElasticSearch mapping setup utility.

Added the topic_list.search_head phrase.
Added the panel_statistics_time_range_one_year phrase.
2019-02-24 11:29:06 +10:00
Azareal 543ad8a018 Added the login log.
Added a better paginator for view topic.
The last post on the topic list and forum pages now link to the last page of a topic for quicker navigation.
The Account Manager now utilises dyntmpl in more areas.
More tooltips.
Tweaked the colour for the validated emails in the Email Manager so it looks nicer on dark themes.
Moved some inline styles from the Email Manager into the stylesheets and removed obsolete ones.
Added the mixed BenchmarkTopicGuestAdminRouteParallelWithRouter benchmark.
The bad route benchmark should no longer abort when erroring, something which doesn't make sense as it's always expected to error.
Reduce a bit more boilerplate with renderTemplate()
Added the *CTemplateSet.addText method and used it to optimise the generated templates a tiny bit more.
The forums route now has guest and member variants generated for it.
Turned the experimental template optimisation back on for more data.

Added the routes.AccountLogins route.

Added the account_logins phrase.
Added the account_menu_logins phrase.
Added the account_logins_head phrase.
Added the account_logins_success phrase.
Added the account_logins_failure phrase.

You need to run the patcher / updater for this commit.
2018-12-17 14:58:55 +10:00
Azareal 99012e8961 Replaced RunThemeTemplate and GetThemeTemplate with methods on *Theme and refactored their implementations to make them more predictable.
Added the Elapsed1 route timer.
2018-12-08 10:45:27 +10:00
Azareal 9f273a99f5 Trying to reduce the amount of UserCheck() boilerplate in the routes.
Reduced the amount of boilerplate in routes with renderTemplate()
Reduced the amount of boilerplate in routes with ParseSEOURL()
Removed some dated commented bits of code.
Used StashConfig in a few more places in the benchmarks to reduce the amount of boilerplate.

Renamed the pre_render_forum_list hook to pre_render_forums.
Renamed the pre_render_topic_list hook to pre_render_topics.
Renamed a few benchmark variables to simplify the code.
2018-11-12 19:23:36 +10:00
Azareal 76cfcb509b Moved the phrase logic to the phrases package.
Removed some initialisation boilerplate from the test code.
De-duplicated some of the common portions of the benchmarks.
Added miscinit to reduce the amount of initialisation boilerplate in the tests and to better catch initialisation errors.
Added a profile benchmark.
2018-11-01 16:43:56 +10:00
Azareal bf851bd9fc We now use Go 1.11 modules. This should help with build times, deployment and development, although it does mean that the minimum requirement for Gosora has been bumped up from Go 1.10 to Go 1.11
Added support for dyntmpl to the template system.
The Account Dashboard now sort of uses dyntmpl, more work needed here.
Renamed the pre_render_view_topic hook to pre_render_topic.
Added the GetCurrentLangPack() function.
Added the alerts_no_new_alerts phrase.
Added the account_level_list phrase.

Refactored the route rename logic in the patcher to cut down on the amount of boilerplate.
Added more route renames to the patcher. You will need to run the patcher / updater in this commit.
2018-10-27 13:40:36 +10:00
Azareal 218070fceb Added the DisableJSAntispam config.json setting. 2018-10-16 20:02:51 +10:00
Azareal aabfbe3622 Highlight the currently active zone in the menu for Nox.
Replaced the Level Progress widget in the Account Dashboard with a similar progressbar to the one in the level progress page.
2018-10-14 15:08:44 +10:00
Azareal 05ab585d41 Added the level list page.
Levels can now be localised individually.
Added the level template function.
Fixed the padding on alerts without avatars.
The level data is now in it's own block in the profiles.
Removed three level phrases and replaced them with the new Level API.
2018-10-10 17:33:51 +10:00
Azareal de78268b20 Added level progress indicators, still WIP.
Fixed a bug where GetLevelScore wouldn't work and simplified it slightly.
Removed the account_dash_next_level phrase.
Added the account_dash_level phrase.
2018-10-08 15:34:25 +10:00
Azareal dea74eb32a Localised the registration errors. 2018-09-30 19:48:31 +10:00
Azareal d675b2720f Began localising the id_must_be_integer and url_id_must_be_integer error pages.
Fixed the punctuation on a couple of registration errors, these will be localised too soon enough.
Removed a bit of boiletplate in groups.go with buildBasePage.
2018-09-30 10:42:33 +10:00
Azareal 47d1010a53 Added the AddHashLinkType function so that plugins can add custom hash link types in an efficient manner.
Moved the hashLinkMap, etc. out of ParseMessage so that we can make them more pluggable.
The first word in usernames can no longer be purely numeric.
Added some ID mention tests.
2018-09-20 14:36:50 +10:00
Azareal 01a692ab5b Added the word filter store and moved the word filter routes into the route package.
Added tests for the word filter store.
Added qgen.NewAcc() to reduce the amount of boilerplate needed for creating an accumulator.
Exposed the RecordError method on the accumulator.
Added an Add method to PluginList and removed AddPlugin() in favour of that.

More panel buttons on Nox should be styled now.
Added the panel_update_button_text phrase for future use.

More errors might be caught in the thumbnailer now.
Removed ls from .travis.yml, it was there for debugging Code Climate.
2018-08-04 21:46:36 +10:00
Azareal 0a628f7201 PNG and JPG avatars are now encoded as JPG images leading to a dramatic drop in the amount of bandwidth used.
Did some work on image thumbnailing, but our dependencies are acting up delaying this from being released.

Fixed the positions of the topic list bits for Nox on mobile.
Removed APNG as an accepted image format, as we don't currently have a good way of optimising these images.
Added a comment regarding the constant time compare for sessions.
Added a warning about putting Gosora in www folders.
Noavatars can now take a width parameters.
Added a bit of missing validation for the avatar uploader.
Refactored the multiple file detector for the avatar uploader.

Added a Run method to accDeleteBuilder.
Added an EachInt method to AccSelectBuilder.
Added a Run method to accInsertBuilder.

Added the users_avatar_queue table, you will need to run the patcher / update script.
You might also want to update the Noavatar field in your config.json file with the new one.
2018-07-28 22:52:23 +10:00
Azareal 0f2503a20c Made it harder to parse the antispam script.
Used Unicode magic to make it harder to parse the antispam trap question.
Added more shady email substrings.
Tweaked the contributing guidelines, no more await allowed... For now.
Might already have Git, note that.
Added the the_form class to the login form, registration form and login mfa form.
Made the titles on the Control Panel Dashboard and Debug page a little softer on Cosora.

Added the quick topic form to Nox.
Made the topic pages somewhat usable on Nox.
2018-07-05 19:54:01 +10:00
Azareal 2319548e1f Added some heuristics for detecting suspicious emails. 2018-06-30 20:22:39 +10:00
Azareal f8f46b3c48 Added support for two-factor authentication.
Added the Account Dashboard and merged a few account views into it.
BREAKING CHANGE: We now use config/config.json instead of config/config.go, be sure to setup one of these files, you can config_default.json as an example of what a config.json should look like. If you don't have an existing installation, you can just rely on the installer to do this for you.

CSS Changes (does not include Nox Theme):
Sidebar should no longer show up in the account manager in some odd situations or themes.
Made a few CSS rules more generic.
Forms have a new look in Cosora now.

Config Changes:
Removed the DefaultRoute config field.
Added the DefaultPath config field.
Added the MaxRequestSizeStr config field to make it easier for users to input custom max request sizes without having to use a calculator or figure out how many bytes there are in a megabyte.
Removed the CacheTopicUser config field.
Added the UserCache config field.
Added the TopicCache config field

Phrases:
Removed ten english phrases.
Added 21 english phrases.
Changed eleven english phrases.
Removed some duplicate indices in the english phrase pack.

Removed some old benchmark code.
Tweaked some things to make the linter happy.
Added comments for all the MemoryUserCache and MemoryTopicCache methods.
Added a comment for the null caches, consult the other caches for further information on the methods.
Added a client-side check to make sure the user doesn't upload too much data in a single post. The server already did this, but it might be a while before feedback arrives from it.
Simplified a lot of the control panel route code with the buildBasePage function.
Renamed /user/edit/critical/ to /user/edit/password/
Renamed /user/edit/critical/submit/ to /user/edit/password/submit/
Made some small improvements to SEO with a couple of meta tags.
Renamed some of the control panel templates so that they use _ instead of -.
Fixed a bug where notices were being moved to the wrong place in some areas in Cosora.
Added the writeJsonError function to help abstract writing json errors.
Moved routePanelUsers to panel.Users
Moved routePanelUsersEdit to panel.UsersEdit
Moved routePanelUsersEditSubmit to panel.UsersEditSubmit
Renamed routes.AccountEditCritical to routes.AccountEditPassword
Renamed routes.AccountEditCriticalSubmit to routes.AccountEditPasswordSubmit
Removed the routes.AccountEditAvatar and routes.AccountEditUsername routes.
Fixed a data race in MemoryTopicCache.Add which could lead to the capacity limit being bypassed.
Tweaked MemoryTopicCache.AddUnsafe under the assumption that it's not going to be safe anyway, but we might as-well try in case this call is properly synchronised.
Fixed a data race in MemoryTopicCache.Remove which could lead to the length counter being decremented twice.
Tweaked the behaviour of MemoryTopicCache.RemoveUnsafe to mirror that of Remove.
Fixed a data race in MemoryUserCache.Add which could lead to the capacity limit being bypassed.
User can no longer change their usernames to blank.

Made a lot of progress on the Nox theme.
Added modified FA5 SVGs as a dependency for Nox.
Be sure to run the patcher or update script and don't forget to create a customised config/config.json file.
2018-06-17 17:28:18 +10:00
Azareal dd75bf9ad9 All the notices now use AddNotice. 2018-06-06 10:29:12 +10:00
Azareal a5f5f4af7e Added the Page Manager for faster and easier custom page creation.
Added the PageStore.

Renamed account_own_edit.html to account_own_edit_password.html
Renamed custom-page.html to custom_page.html
Renamed the pre_render_custom_page hook to pre_render_tmpl_page.
Added a new pre_render_custom_page hook, not to be confused with the previous one.
Renamed the pre_render_account_own_edit_critical hook to pre_render_account_own_edit_password.
Moved the report forum ID into a constant.
Renamed todaysReportCount to topicsTopicCountByForum and made it more generic.
Renamed panel-menu.html to panel_menu.html
Renamed panel-inner-menu.html to panel_inner_menu.html
Removed an irrelevant editable_parent in a no results row.
Fixed the profile page loading the wrong profile.css
Fixed a bug where the last poster avatar would break on the forum page.
Added the AddNotice method to *Header.
Greatly simplified many of the page struct definitions.
Added the ErrorPage page struct and refactored the error pages to use it.
Added the BasePanelPage page struct and refactored the panel page structs to use it.
Tweaked the DefaultHeader function to set the user on the spot rather than after the fact.
Simplified AccountEditAvatarSubmit into a redirect.
Add the addElement closure in the control panel dashboard to reduce the amount of complexity.
Tweaked LogWarning to better handle nils.

Added the account_username phrase.
Added the account_avatar phrase.
Added the account_email phrase.
Added the panel_pages phrase.
Added the panel_pages_edit phrase.
Added the panel_page_created phrase.
Added the panel_page_updated phrase.
Added the panel_page_deleted phrase.
Added the account_menu_security phrase.
Added the panel_menu_pages phrase.
Added the panel_pages_head phrase.
Added the panel_pages_edit_button_aria phrase.
Added the panel_pages_delete_button_aria phrase.
Added the panel_pages_no_pages phrase.
Added the panel_pages_create_head phrase.
Added the panel_pages_create_name phrase.
Added the panel_pages_create_name_placeholder phrase.
Added the panel_pages_create_title phrase.
Added the panel_pages_create_title_placeholder phrase.
Added the panel_pages_create_body_placeholder phrase.
Added the panel_pages_create_submit_button phrase.
Added the panel_pages_edit_head phrase.
Added the panel_pages_name phrase.
Added the panel_pages_title phrase.
Added the panel_pages_edit_update_button phrase.

Began work on two-factor authentication.
Made more progress with the Nox Theme.
2018-06-06 10:21:22 +10:00
Azareal d897e05256 Users can no longer post or edit posts in locked topics.
Permissions should cascade properly now in the topic template, should have no actual effects on security given the particular nature of this one.
Tiny bit of work on Nox.

Began work on trimming down the page structs to only the necessary parts.
2018-06-01 15:02:29 +10:00