Commit Graph

726 Commits

Author SHA1 Message Date
Azareal
5d810c1e3b We now use SameSite cookies for sessions #security 2018-06-29 14:14:51 +10:00
Azareal
65ceaef4ea Tightened the preparser up a little and wrote more tests to cover more bases.
Green is a little misleading, as we Gosora doesn't call home to check for new versions yet.
2018-06-26 14:54:20 +10:00
Azareal
6eb3429c25 Added i as an alias for em in the HTML parser.
b is now an alias for strong in the HTML parser rather than being it's own thing.
Fixed a bug where tags weren't being closed.
Fixed a bug where the right entities weren't being written all the time.

Added tests for the preparser.
2018-06-26 12:30:29 +10:00
Azareal
1f28ecb804 Rewrote the reverse HTML parser and also fixed the bug with Trumbowyg's span tags sometimes becoming visible. Fixes #9 2018-06-26 00:28:04 +10:00
Azareal
0306c8bf44 Things have changed since 2017, so we need to update the README to reflect them.
We also want to make things a little friendlier for those who don't understand as much programming terminology.
2018-06-25 17:13:39 +10:00
Azareal
89a16beebd Keep expectations realistic, but don't understate our stability either. 2018-06-25 16:49:26 +10:00
Azareal
7851724937 / should be mapped properly to the default route for WebSockets events now #11
Updated the README.
2018-06-25 16:24:38 +10:00
Azareal
7be011a30d Almost finished live topic lists, you can find them at /topics/. You can disable them via config.json
The topic list cache can handle more groups now, but don't go too crazy with groups (e.g. thousands of them).

Make the suspicious request logs more descriptive.
Added the phrases API endpoint.
Split the template phrases up by prefix, more work on this coming up.
Removed #dash_saved and part of #dash_username.
Removed some temporary artifacts from trying to implement FA5 in Nox.
Removed some commented CSS.
Fixed template artifact deletion on Windows.
Tweaked HTTPSRedirect to make it more compact.
Fixed NullUserCache not complying with the expectations for BulkGet.
Swapped out a few RunVhook calls for more appropriate RunVhookNoreturn calls.
Removed a few redundant IsAdmin checks when IsMod would suffice.
Commented out a few pushers.
Desktop notification permission requests are no longer served to guests.
Split topics.html into topics.html and topics_topic.html
RunThemeTemplate should now fallback to interpreted templates properly when the transpiled variants aren't avaialb.e
Changed TopicsRow.CreatedAt from a string to a time.Time
Added SkipTmplPtrMap to CTemplateConfig.
Added SetBuildTags to CTemplateSet.
A bit more data is dumped when something goes wrong while transpiling templates now.
topics_topic, topic_posts, and topic_alt_posts are now transpiled for the client, although not all of them are ready to be served to the client yet.
Client rendered templates now support phrases.
Client rendered templates now support loops.
Fixed loadAlerts in global.js
Refactored some of the template initialisation code to make it less repetitive.
Split topic.html into topic.html and topic_posts.html
Split topic_alt.html into topic_alt.html and topic_alt_posts.html
Added comments for PollCache.
Fixed a data race in the MemoryPollCache.
The writer is now closed properly in WsHubImpl.broadcastMessage.
Fixed a potential deadlock in WsHubImpl.broadcastMessage.
Removed some old commented code in websockets.go

Added the DisableLiveTopicList config setting.
2018-06-24 23:49:29 +10:00
Azareal
163d417831 Oh, Travis wants a blank password. 2018-06-17 18:41:36 +10:00
Azareal
1308027c34 This should do it 2018-06-17 18:12:39 +10:00
Azareal
97cd88d02b Oops typo 2018-06-17 17:39:31 +10:00
Azareal
abea872806 Fix Travis. 2018-06-17 17:34:14 +10:00
Azareal
f8f46b3c48 Added support for two-factor authentication.
Added the Account Dashboard and merged a few account views into it.
BREAKING CHANGE: We now use config/config.json instead of config/config.go, be sure to setup one of these files, you can config_default.json as an example of what a config.json should look like. If you don't have an existing installation, you can just rely on the installer to do this for you.

CSS Changes (does not include Nox Theme):
Sidebar should no longer show up in the account manager in some odd situations or themes.
Made a few CSS rules more generic.
Forms have a new look in Cosora now.

Config Changes:
Removed the DefaultRoute config field.
Added the DefaultPath config field.
Added the MaxRequestSizeStr config field to make it easier for users to input custom max request sizes without having to use a calculator or figure out how many bytes there are in a megabyte.
Removed the CacheTopicUser config field.
Added the UserCache config field.
Added the TopicCache config field

Phrases:
Removed ten english phrases.
Added 21 english phrases.
Changed eleven english phrases.
Removed some duplicate indices in the english phrase pack.

Removed some old benchmark code.
Tweaked some things to make the linter happy.
Added comments for all the MemoryUserCache and MemoryTopicCache methods.
Added a comment for the null caches, consult the other caches for further information on the methods.
Added a client-side check to make sure the user doesn't upload too much data in a single post. The server already did this, but it might be a while before feedback arrives from it.
Simplified a lot of the control panel route code with the buildBasePage function.
Renamed /user/edit/critical/ to /user/edit/password/
Renamed /user/edit/critical/submit/ to /user/edit/password/submit/
Made some small improvements to SEO with a couple of meta tags.
Renamed some of the control panel templates so that they use _ instead of -.
Fixed a bug where notices were being moved to the wrong place in some areas in Cosora.
Added the writeJsonError function to help abstract writing json errors.
Moved routePanelUsers to panel.Users
Moved routePanelUsersEdit to panel.UsersEdit
Moved routePanelUsersEditSubmit to panel.UsersEditSubmit
Renamed routes.AccountEditCritical to routes.AccountEditPassword
Renamed routes.AccountEditCriticalSubmit to routes.AccountEditPasswordSubmit
Removed the routes.AccountEditAvatar and routes.AccountEditUsername routes.
Fixed a data race in MemoryTopicCache.Add which could lead to the capacity limit being bypassed.
Tweaked MemoryTopicCache.AddUnsafe under the assumption that it's not going to be safe anyway, but we might as-well try in case this call is properly synchronised.
Fixed a data race in MemoryTopicCache.Remove which could lead to the length counter being decremented twice.
Tweaked the behaviour of MemoryTopicCache.RemoveUnsafe to mirror that of Remove.
Fixed a data race in MemoryUserCache.Add which could lead to the capacity limit being bypassed.
User can no longer change their usernames to blank.

Made a lot of progress on the Nox theme.
Added modified FA5 SVGs as a dependency for Nox.
Be sure to run the patcher or update script and don't forget to create a customised config/config.json file.
2018-06-17 17:28:18 +10:00
Azareal
2d7f302768 Build artifacts are now cleaned up on Windows too.
Tests should be a lot less noisy now.

Fixed a bug where BulkGetMap didn't return any users if you opted out of using a memory cache for the user store.
Used new() in a few more places.
Fixed a test which didn't work properly.
Tweaked the panel_pages_no_pages phrase.
2018-06-06 16:13:55 +10:00
Azareal
7e935b6df0 I forgot this is Linux not Windows, this should do it. 2018-06-06 14:42:57 +10:00
Azareal
83ae671948 Added some missing commands from the scripts for Linux.
Removed some unnecessary messages when cleaning up build artifacts.
Added the binary as a build artifact to be cleaned up.
git stash is now used for updates to better deal with changes to chmodded files.
2018-06-06 14:33:47 +10:00
Azareal
aa073ced48 The scripts for Linux now clear out previously generated files so they shouldn't cause hassles after upgrades anymore. 2018-06-06 14:16:27 +10:00
Azareal
dd75bf9ad9 All the notices now use AddNotice. 2018-06-06 10:29:12 +10:00
Azareal
a5f5f4af7e Added the Page Manager for faster and easier custom page creation.
Added the PageStore.

Renamed account_own_edit.html to account_own_edit_password.html
Renamed custom-page.html to custom_page.html
Renamed the pre_render_custom_page hook to pre_render_tmpl_page.
Added a new pre_render_custom_page hook, not to be confused with the previous one.
Renamed the pre_render_account_own_edit_critical hook to pre_render_account_own_edit_password.
Moved the report forum ID into a constant.
Renamed todaysReportCount to topicsTopicCountByForum and made it more generic.
Renamed panel-menu.html to panel_menu.html
Renamed panel-inner-menu.html to panel_inner_menu.html
Removed an irrelevant editable_parent in a no results row.
Fixed the profile page loading the wrong profile.css
Fixed a bug where the last poster avatar would break on the forum page.
Added the AddNotice method to *Header.
Greatly simplified many of the page struct definitions.
Added the ErrorPage page struct and refactored the error pages to use it.
Added the BasePanelPage page struct and refactored the panel page structs to use it.
Tweaked the DefaultHeader function to set the user on the spot rather than after the fact.
Simplified AccountEditAvatarSubmit into a redirect.
Add the addElement closure in the control panel dashboard to reduce the amount of complexity.
Tweaked LogWarning to better handle nils.

Added the account_username phrase.
Added the account_avatar phrase.
Added the account_email phrase.
Added the panel_pages phrase.
Added the panel_pages_edit phrase.
Added the panel_page_created phrase.
Added the panel_page_updated phrase.
Added the panel_page_deleted phrase.
Added the account_menu_security phrase.
Added the panel_menu_pages phrase.
Added the panel_pages_head phrase.
Added the panel_pages_edit_button_aria phrase.
Added the panel_pages_delete_button_aria phrase.
Added the panel_pages_no_pages phrase.
Added the panel_pages_create_head phrase.
Added the panel_pages_create_name phrase.
Added the panel_pages_create_name_placeholder phrase.
Added the panel_pages_create_title phrase.
Added the panel_pages_create_title_placeholder phrase.
Added the panel_pages_create_body_placeholder phrase.
Added the panel_pages_create_submit_button phrase.
Added the panel_pages_edit_head phrase.
Added the panel_pages_name phrase.
Added the panel_pages_title phrase.
Added the panel_pages_edit_update_button phrase.

Began work on two-factor authentication.
Made more progress with the Nox Theme.
2018-06-06 10:21:22 +10:00
Azareal
d897e05256 Users can no longer post or edit posts in locked topics.
Permissions should cascade properly now in the topic template, should have no actual effects on security given the particular nature of this one.
Tiny bit of work on Nox.

Began work on trimming down the page structs to only the necessary parts.
2018-06-01 15:02:29 +10:00
Azareal
f85bf51103 Added a couple of simple anti-spam measures.
Made progress with an internal error logging component for the Control Panel.
Made LogWarning less susceptible to races and slightly improved log contention.
Revamped the registration page on Cosora.
Added the SanitiseSingleLine and SanitiseBody functions to better centralise sanitisation and to ensure more consistent sanitisation.
Zero length spaces are no longer permitted in usernames to help prevent impersonation. More to come in this area.
Plugins / internal components can now schedule hourly tasks.
Reduced the chances of newlines breaking the visual layout in areas which expect none.

Added the register_account_anti_spam phrase.
2018-05-31 16:51:31 +10:00
Azareal
e311e088c2 Reverted back to URL safe randomly generated strings.
Removed the redundant conditional.
2018-05-28 21:31:19 +10:00
Azareal
4d6a7bfda1 You can now change someone's group again.
The background no longer randomly vanishes on Shadow.
Fixed the small margins on the paginator on Shadow.
Tweaked the padding for the paginator in the Control Panel on Shadow.
The footer is no longer 100% wide on Shadow.
Fixed a misplaced ':' in Shadow.
Added the BlankProfileReply function for tests.
Tests now run once more.
Made it easier to trace test errors which use recordMustExist and recordMustNotExist.

Added tests for profile reply deletion.
Added tests for GeneratePassword in addition to the existing ones for BcryptGeneratePassword.
Added tests for Auth.Authenticate.
Added tests for Auth.CreateSession.

Added a contributor convention for highly unstable builds.
This can be considered a stable build.
2018-05-28 16:27:12 +10:00
Azareal
55c10e0da2 You can now login / change passwords / etc. again.
Fixed the installer.

Shadow theme is still borked.
2018-05-27 20:16:43 +10:00
Azareal
80ba8e2134 Merge branch 'master' of https://github.com/Azareal/Gosora
# Conflicts:
#	gen_tables.go
2018-05-27 19:41:43 +10:00
Azareal
8ba633326b UNSTABLE: Go back two commits, if you want stability. This commit is to test something. 2018-05-27 19:38:01 +10:00
Azareal
23a686fe96 UNSTABLE: Began work on the Nox Theme.
Removed the Tempra Cursive Theme.
You can now do bulk moderation actions with Shadow.

Added:
Argon2 as a dependency.
The EmailStore.
The ReportStore.
The Copy method to *Setting.
The AddColumn method to the query builder and adapters.
The textarea setting type.
More logging to better debug issues.
The GetOffset method to the UserStore.

Removed:
Sortable from Code Climate's Analysis.
MemberCheck and memberCheck as they're obsolete now.
The obsolete url_tags setting.
The BcryptGeneratePasswordNoSalt function.
Some redundant fields from some of the page structs.

Revamped:
The Control Panel Setting List and Editor.

Refactored:
The password hashing logic to make it more amenable to multiple hashing algorithms.
The email portion of the Account Manager.
The Control Panel User List.
The report system.
simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing.

Fixed:
Missing slugs in the profile links in the User Manager.
A few template initialisers potentially reducing the number of odd template edge cases.
Some problems with the footer.
Custom selection colour not applying to images on Shadow.
The avatars of the bottom row of the topic list on Conflux leaking out.

Other:
Moved the startTime variable into package common and exported it.
Moved the password hashing logic from user.go to auth.go
Split common/themes.go into common/theme.go and common/theme_list.go
Replaced the SettingLabels phrase category with the more generic SettingPhrases category.
Moved a load of routes, including panel ones into the routes and panel packages.
Hid the notifications link from the Account Menu.
Moved more inline CSS into the CSS files and made things a little more flexible here and there.
Continued work on PgSQL, still a ways away.
Guests now have a default avatar like everyone else.
Tweaked some of the font sizes on Cosora to make the text look a little nicer.
Partially implemented the theme dock override logic.
Partially implemented a "symlink" like feature for theme directories.
... And a bunch of other things I might have missed.

You will need to run this update script / patcher for this commit.
Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 19:36:35 +10:00
Azareal
ca80d0dd6f Began work on the Nox Theme.
Removed the Tempra Cursive Theme.
You can now do bulk moderation actions with Shadow.

Added:
Argon2 as a dependency.
The EmailStore.
The ReportStore.
The Copy method to *Setting.
The AddColumn method to the query builder and adapters.
The textarea setting type.
More logging to better debug issues.
The GetOffset method to the UserStore.

Removed:
Sortable from Code Climate's Analysis.
MemberCheck and memberCheck as they're obsolete now.
The obsolete url_tags setting.
The BcryptGeneratePasswordNoSalt function.
Some redundant fields from some of the page structs.

Revamped:
The Control Panel Setting List and Editor.

Refactored:
The password hashing logic to make it more amenable to multiple hashing algorithms.
The email portion of the Account Manager.
The Control Panel User List.
The report system.
simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing.

Fixed:
Missing slugs in the profile links in the User Manager.
A few template initialisers potentially reducing the number of odd template edge cases.
Some problems with the footer.
Custom selection colour not applying to images on Shadow.
The avatars of the bottom row of the topic list on Conflux leaking out.

Other:
Moved the startTime variable into package common and exported it.
Moved the password hashing logic from user.go to auth.go
Split common/themes.go into common/theme.go and common/theme_list.go
Replaced the SettingLabels phrase category with the more generic SettingPhrases category.
Moved a load of routes, including panel ones into the routes and panel packages.
Hid the notifications link from the Account Menu.
Moved more inline CSS into the CSS files and made things a little more flexible here and there.
Continued work on PgSQL, still a ways away.
Guests now have a default avatar like everyone else.
Tweaked some of the font sizes on Cosora to make the text look a little nicer.
Partially implemented the theme dock override logic.
Partially implemented a "symlink" like feature for theme directories.
... And a bunch of other things I might have missed.

You will need to run this update script / patcher for this commit.
Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 19:18:29 +10:00
Azareal
8ff8ce8e51 Solve the chicken and the egg problem with the templates. 2018-05-16 21:44:32 +10:00
Azareal
8035c27445 Does Travis work now? 2018-05-16 21:36:22 +10:00
Azareal
b7618ba4d7 Don't forget the schema files. 2018-05-16 21:27:06 +10:00
Azareal
e861ef9bfe Added the missing column on the menu_items table in the installer. 2018-05-16 20:50:29 +10:00
Azareal
ba98b0c952 Added the registration logs.
Tweaked the h1 CSS for the Control Panel in Cosora.
Improved the support for autocompleters.
Reverted some of the int64s back to ints.
The per-request user variable should now have the IPs for guests.
Removed some obsolete statements.
Removed a couple obsolete phrases.
Moved a couple more accumulator initializers out of the store initializers.
Refactored one of the report statements to use a store instead of a statement.
Created the menuhead CSS class.
Added the GetOffset method to the LogStore interface and refactored the mod and admin log pages to use it.
Changed the labels on the adminlog and modlog pages to make them more understandable.
Removed the generated templates from Git.

Run the patcher / update script to get the new table.
2018-05-16 20:46:14 +10:00
Azareal
2be884edc1 Commented out more debug code.
Main Menu is now shown on the main menu in the menu list for extra clarity.
Travis should now be able to run it's tests.
Moved routeChangeTheme to the routes package.
Moved routeShowAttachment to the routes package and partially refactored it.
Moved routeLikeTopicSubmit to the routes package.
Moved routeReplyLikeSubmit to the routes package and partially refactored it.
Moved routeProfileReplyCreateSubmit to the routes package.
Moved routeLogout to the routes package, now known as routes.AccountLogout.
Moved the routeDynamic stub to the routes package, now known as routes.DynamicRoute.
Moved the routeUploads stub to the routes package, now known as routes.UploadedFile.
Moved the BadRoute stub to the routes package, now known as routes.BadRoute.
All routes moved to the routes package have had the route prefix dropped from their name.
Simplified the email token route to redirect back to the main email route instead of rendering the same template.
Refactored the panel menus to use the new submenu system instead of the old one which had a lot of menu duplication.
Added a stub directory for Nox, the next major theme after Cosora.
Fixed a bug where the alerts wouldn't load outside of the index.

Tweaked the CSS in the topic creation and reply forms on Shadow.
Tweaked the padding on the stickies on Shadow.
Improved the submenu CSS on every theme.
Fixed the submitrow CSS on Shadow, Tempra Conflux.
Fixed some double borders on Tempra Conflux.
The frontend sidebar should no longer show up in the Control Panel in Tempra Conflux and Tempra Simple.
Tweaked the title CSS on Cosora.
Tweaked the user manager CSS on Cosora.
Changed the primary text colour on Cosora.
Fixed attachment images taking up too much space on Cosora.

Run the patcher or update script for this commit.
2018-05-15 15:59:52 +10:00
Azareal
3976c49054 Removed GopherJS as a dependency. 2018-05-14 21:13:34 +10:00
Azareal
c6de9b92be Hopefully this'll work. 2018-05-14 20:59:18 +10:00
Azareal
a78613b63b Does Git recognise this folder now...? 2018-05-14 20:21:18 +10:00
Azareal
9075798128 Alerts are now rendered via a client side transpiled template rather than being hard-coded.
Tweaked some bits to make them more 32-bit friendly for GopherJS, but this might not be necessary now.
Added notice.html
Added an alerts package to fix the import cycles, more things may be moved here soon.
Saved a few lines of accumulator code in a few stores.
Moved the AccountEditCriticalSubmit, AccountEditAvatar, AccountEditAvatarSubmit, AccountEditUsername, and AccountEditUsernameSubmit routes into the routes package.
Added a QueryRow method to AccSelectBuilder.
Tweaked the indentation in the generated templates.
Simplified the template render in the AccountEditUsernameSubmit route into a redirect back to the previous page.

Run the update script / patcher to replace the route names in the viewchunks table.
2018-05-14 18:56:56 +10:00
Azareal
185f00e019 You can now reorder menu items by dragging them around in the menu item manager.
You can now create menu items.
You can now delete menu items.

Renamed ID to MenuID on PanelMenuPage struct.
Bumped the copyright year in a place in advance.
The footer is no longer hidden in the Control Panel in Tempra Simple.
Fixed the notifications URL, although that page still isn't implemented yet.
Fixed config_default.noparse so that Travis won't error over that.
Refactored some user queries.
2018-05-13 16:56:59 +10:00
Azareal
3801232d93 Fixed the "bad file" bugs #7 2018-05-11 17:22:42 +10:00
Azareal
b1d28b3046 Fixed the ability to change usernames #?
Fixed the ability to change passwords #4
You are now redirected to the index after changing your password.
Removed a new obsolete phrase.
2018-05-11 16:53:31 +10:00
Azareal
73c4f373e5 Redirect to index when logged out via the Control Panel #5 2018-05-11 16:18:49 +10:00
Azareal
ed4a90f138 Fixes #8 2018-05-11 15:53:21 +10:00
Azareal
d0318191c9 Added the menu manager and menu item editor.
Refactored the menu system.
Updated the README and revamped it a tad to make it easier to understand. Also, added manual instructions for patching.
Revamped the update scripts, especially on Windows.
Merged the CSS and Tmpl phrase namespaces.
Added lastSchema to .gitignore
Added DropTable to the database adapters.
Implemented DbVersion in the PgSQL Adapter.
Swapped out the checkboxes for cleaner looking yes-no dropdowns.
Began revamping small bits of the user logic.

We now open to contributions, just open a pull request and sign the CLA.
Schema has been updated, run the patcher or update script.
2018-05-11 15:41:51 +10:00
Azareal
894e545973 Okay, now the forum permissions should be fixed x.x 2018-04-24 05:09:31 +01:00
Azareal
d6f6c362f7 The default forum permissions should now cascade properly from groups to forums without overrides.
Added the generated template files to the .gitignore file.
Added the GetAllMap method to the ForumPermsStore.
Fixed several editors.
2018-04-24 04:47:39 +01:00
Azareal
15420d4d89 The patcher (schema updating part of the updater) finally works, yay.
Partially rewrote the forum permissions system to make it more stable.

Moved config.go into it's own package in /config/
Removed Go Git as a dependency.
Tweaked the GopherJS pulling.
Fixed inserts where all the columns have default values.
Reverted a silly tweak I made thinking that mOrder == order.
Removed the /common/ hack from the patcher.
Fixed a bug where the forum creator would ignore the visiblity value you provided.
The tests now work again.
Swapped a misplaced fmt.Println with a fmt.Printf.
Fixed a bug in the installer where all the table logs would be on one line in the console.
Added more logging to the installer.
2018-04-23 22:08:31 +01:00
Azareal
dbf2b8606e All the menu items are dynamic now, all that needs to be done now is the Control Panel part of the Menu Manager.
Travis should now build the patcher to see if that works.
Merged menu.html into header.html
Removed a redundant SetAdapter call in mysql.go.
Fixed a bug where inserting will sometimes strip the spaces in strings.
Bumped the minimum Go Version in schema.json to 1.10
Bumped the DBVersion to 1, so that we don't install these patches twice.

The patcher was botched in the previous commit, drop menus and menu_items and run it again
2018-04-23 09:38:25 +01:00
Azareal
f102c97606 The patcher can now update the schema for MySQL.
Added the adapter config value, to be used in the main system soon.
Commented out the debug code for the menus.

We're pushing some schema changes in this commit, so we'll see how well the patcher goes and whether it'll need to be patched.
2018-04-22 15:27:04 +01:00
Azareal
10f4c59cb5 Fixed the Go Version in the Travis file.
Added the Go and Database versions to the Control Panel Debug Page.
Renamed common.TopicsPage to common.TopicListPage.
Renamed *HeaderVars to *Header.
Added the Paginator struct and refactored the code to use it.
io.Writers are now used instead of http.ResponseWriters in transpiled templates for greater flexibility.
Added the alert, menu_alerts, and menu_item templates.
Added support for more integer types in the arithmetic functions for the transpiled templates.
Exported AccSelectBuilder.
Added an Each method to AccSelectBuilder.
Added column quoting to the order by portions of queries for the MySQL Adapter.

Began work on the client side rendering of alerts.
Began work on the Menu Manager and associated functionality.
2018-04-22 13:33:56 +01:00