Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-26 01:09:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,328 Commits 72 Branches 489 Tags
18ae7cf719fba7dab4a7461894de9de1364b87ac
Commit Graph

11415 Commits

Author SHA1 Message Date
Barış Soner Uşaklı
567c5f2056 fix: #8869, dont escape category title,description twice 2020-11-11 12:48:22 -05:00
Julian Lam
f300c933a5 refactor: move session revocation route to write api 2020-11-10 14:27:38 -05:00
Barış Soner Uşaklı
9c5c32d4a5 feat: #8864, add action:events.log 2020-11-10 11:29:15 -05:00
Barış Soner Uşaklı
62c0454cfe feat: show db info side by side 2020-11-09 13:27:40 -05:00
Barış Soner Uşaklı
a0164b1c38 fix: use header/footer cache in prod 2020-11-08 19:46:36 -05:00
Barış Soner Uşaklı
05a92885f2 fix: add missing maxAge to cache 2020-11-08 08:35:40 -05:00
Barış Soner Uşaklı
2e44639210 fix: guest header/footer cache 
allow clearing individual caches
 2020-11-07 22:06:25 -05:00
Barış Soner Uşaklı
f1f9b225b0 feat: #8824, cache refactor (#8851) 
* feat: #8824, cache refactor

ability to disable caches
ability to download contents of cache
refactor cache modules to remove duplicated code

* fix: remove duplicate hit/miss tracking

check cacheEnabled in getUncachedKeys
 2020-11-06 23:13:12 -05:00
Barış Soner Uşaklı
6255874e32 feat: move mkdirp to beforeBuild so it doesnt get called twice 2020-11-06 13:44:29 -05:00
Barış Soner Uşaklı
74951f5967 fix: #8846, possible fix 2020-11-06 12:46:27 -05:00
Barış Soner Uşaklı
0b30efba31 Merge branch 'master' of https://github.com/NodeBB/NodeBB 2020-11-06 12:30:15 -05:00
Barış Soner Uşaklı
16d03975a0 fix: winston error message 2020-11-06 12:24:50 -05:00
Julian Lam
d263192271 feat: group exists API call in write api 2020-11-06 12:18:42 -05:00
Julian Lam
1446cec77f feat: user exist route in write api 2020-11-06 11:55:04 -05:00
Julian Lam
6b196a207f fix: permanent redirect on user api redirect shorthand 2020-11-06 11:54:46 -05:00
Julian Lam
f2bb42c076 fix: user exist route needs no authentication 2020-11-06 11:53:56 -05:00
Julian Lam
60e1e99b4f feat: new shorthand route /api/v3/users/bySlug/:userslug 
closes #8844
 2020-11-06 11:37:21 -05:00
Julian Lam
512f6de6de feat: allow passwords with length > 73 characters (#8818) 
* feat: allow passwords longer than 73 characters

Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.

https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

* feat: add additional test for passwords > 73 chars

* fix: remove 'password-too-long' error message and all invocations

* test: added test to show that a super long password won't bring down NodeBB

* fix: remove debug log

* Revert "fix: remove 'password-too-long' error message and all invocations"

This reverts commit 1e312bf7ef.

* fix: added back password length checks, but at 512 chars

As processing a large string still uses a lot of memory
 2020-11-06 08:40:00 -05:00
Barış Soner Uşaklı
c61dee4b62 fix: #8840, don't crash if /compose route is called with no query params 2020-11-05 21:01:19 -05:00
Barış Soner Uşaklı
9e3eb5d41a feat: #8821, allow guest topic views 2020-11-05 20:52:43 -05:00
Julian Lam
f68bce86a9 fix: XSS in event:banned messaging modal 2020-11-05 19:18:17 -05:00
Barış Soner Uşaklı
76cd5b0fc1 fix: #8836, truncate fullname 2020-11-05 16:25:55 -05:00
psychobunny
eec630f1ef fix(acp): max-height for plugin menu list 2020-11-05 11:44:23 -05:00
Julian Lam
891a1ea2af fix: #8827, do not require admin:users privilege to ban users 2020-11-05 10:22:07 -05:00
Barış Soner Uşaklı
4b63f9937c fix: check is banned in buildHeader 
remove unused banReason
remove generateHeader function
 2020-11-04 13:23:10 -05:00
Barış Soner Uşaklı
a338f52780 feat: #8823, remove hardcoded write concern 2020-11-04 11:10:23 -05:00
Barış Soner Uşaklı
08ff4041aa fix: missing await 2020-11-03 17:13:05 -05:00
Julian Lam
c0f699e655 fix: disallow registration attempts with password length > 4096 
This is a stopgap measure for v1.15.0
 2020-11-03 09:54:04 -05:00
Barış Soner Uşaklı
4818ec377e fix: missing await 2020-11-02 15:13:22 -05:00
Barış Soner Uşaklı
6e85920cb6 feat: allow mods/admins to see deleted posts on user profile 2020-11-02 12:03:21 -05:00
Julian Lam
87bff6cd65 fix: broken test 2020-10-30 17:17:31 -04:00
Julian Lam
dda5d42610 fix: restore old behaviour of empty json w/ 401 code in admin middleware 2020-10-30 14:07:47 -04:00
Julian Lam
15e0731dd9 fix: deprecate middleware.isAdmin 
Also, handle admin logout timer in middleware.admin.checkPrivileges
 2020-10-30 12:30:58 -04:00
Julian Lam
4439864ce0 fix: post editing not taking plugin hook results into account 2020-10-30 10:05:26 -04:00
Barış Soner Uşaklı
a02ae6f5df refactor: simpler check in user.blocks.filter 2020-10-29 22:33:28 -04:00
Barış Soner Uşaklı
27016d221c feat: rearrange buttons on manage/users 2020-10-29 13:39:08 -04:00
Julian Lam
57ed6be78b fix: #8805 define our own name for write API v3 2020-10-29 12:51:36 -04:00
Julian Lam
266d7587b2 refactor: remove usage of middlewares 
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
 2020-10-29 07:56:28 -04:00
Julian Lam
a6a52430ce fix: remove setCategorySort and setTopicSort 2020-10-28 17:21:54 -04:00
Julian Lam
aa8faf58a0 refactor: remove /users/{uid}/settings/{setting} route 
@baris Also, I am now allowing the following properties to be saved in User.saveSettings:
- categoryTopicSort
- topicPostSort
- setCategorySort
- setTopicSort
 2020-10-28 17:21:54 -04:00
Barış Soner Uşaklı
6ac73ccb7e feat: #8801, disable express compression by default 2020-10-27 21:40:21 -04:00
Julian Lam
3c98cd3d95 fix: topic object in post editing data return 2020-10-27 20:37:23 -04:00
Julian Lam
1392d064a1 fix(writeapi): normalizing data 2020-10-27 20:37:23 -04:00
Julian Lam
ec03af7a38 feat: allow passing subset of user settings on update route 2020-10-27 20:37:23 -04:00
Julian Lam
618e098305 fix: bug where token generation route would fail on null case 2020-10-27 20:37:23 -04:00
Julian Lam
b156b8b573 feat: wip, write api tests framework 
re-using read api tests if possible
 2020-10-27 20:37:23 -04:00
Barış Soner Uşaklı
2e9f27d8ff fix: typo 2020-10-27 10:59:08 -04:00
Barış Soner Uşaklı
93bdfe2f10 perf: reorder async calls 2020-10-26 21:09:51 -04:00
Barış Soner Uşaklı
88a07e69b5 feat: add filter:category.getFields 2020-10-26 15:14:54 -04:00
Barış Soner Uşaklı
a05905f196 performance improvements (#8795) 
* perf: nconf/winston/render

cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests

* fix: copy paste fail

* refactor: style and fire hook only log in dev mode

* fix: cache key, header changes based on template

* perf: change replace

* fix: add missing await

* perf: category

* perf: lodash clone

* perf: remove escapeRegexChars
 2020-10-26 10:43:18 -04:00