After some more thought, a response hook should be checking for
whether headers are sent, and executing (or not executing) the
default logic in that case.
Before, we were relying on hooks to call data.next() to continue
execution, but it makes more sense to have the listener either
send a response or not, and handle the behaviour afterwards.
* fix: #8142, broken site if no server-side session
During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session. If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.
Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.
* feat: exported method to get cookie config
* fix: don't clear cookie if cookie is being set
* fix: socket.io tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* Add view users info global privilege
* Show user ip only to global mods and admins
* fix missing comma
* Hide link for users without correct privilege
* move getting privilege information to getAllData
* Hide the link from Global Moderators as well
* Give Global Moderator view:users:info privilege
* Restrict ip in post menu to view:users:info
* add some trailing commas....
* Add privilege to categories test
* Add group privilege to categories test
* add upgrade script
* fix style for TravisCI
* more styling - change spaces to tabs
* some more styling fixes (hopefully final one)
* fix style for Travis CI
* hide ip in chat messages
* Don't show even hidden ips on user profile page
* feat: wip -- refresh meta tags on ajaxify
* feat: wrapped up meta tags update on ajaxify feature
* fix: removed commented-out line
* fix: removed another commented-out line
* auto unban when User.getUsersFields is called and the user is banned but has expired
* cleanups and removal of expiry_readable
* expiry_readable make an alias for backward compatibility
* User.bans.func vs User.*ban*Func
* console.log cleanups, plus todo message added
* use code util.deprecate
* fix: remove ununsed winston require
Used in authentication middleware. Instead of firing an action
hook, it now fires a response hook.
Response hooks are invoked serially, and if headers are sent from
one of the hook listeners, all subsequent hook methods are not
called.
Response hooks should only be used in situations where res.send
(or other like methods) are invoked. Existing plugin hooks that
pass in res purely for data retrieval purposes have not changed).
fixesnodebb/nodebb-plugin-write-api#101
A regression was identified where the skin was not shown in the
body class. This resolves the issue and adds a workaround so that
the fix does not become breaking for custom themes.
* fix: removal of timeago fallback middleware
Instead of loading English fallback on missing language, we opt
to not send a script tag for a missing language to begin with.
Timeago already loads with English as default, so it will just
continue to use English.
* fix: check userLang against supported language codes
* fix: cleaned up code as per @pitaj
* fix: added comments
* fix: more fixes as per @pitaj
* feat: added addl. test for timeago locales, fixed broken test
- RTL is applied (or unapplied) on login and logout depending on
user language/guest-detected language.
- config is automatically saved into res.locals.config whenever
loadConfig is called
- On login/logout, buildHeader is called instead of getting config
- On logout, req.uid is deleted instead of set to 0
