65c5504193
fix: 403/400/500 page not generating csrf_token
3 years ago
7434cbf66f
test: add api token tests
3 years ago
6c07433dea
refactor: use routePrefixMap instead of routeRegexpMap, +tests ( #10035 )
...
* refactor: use routePrefixMap instead of routeRegexpMap, +tests
Currently tests fail because privilege pages resolve if passed garbage... hmm
* fix: priv check paths
remove /v3 from path as well
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
3 years ago
29b3587d91
test: middleware/expose.js
3 years ago
fb363957d1
refactor: tab rules
3 years ago
e368feef51
refactor: dont expost entire res._locals to client side
3 years ago
1719bff89c
feat: use auto-generated meta and link tags in ACP, closes #9991
3 years ago
dd4e66e22c
fix: push back some deprecations, remove deprecated stuff scheduled for v1.18.0
4 years ago
3df79683f5
feat: create folders in ACP uploads #9638 ( #9750 )
...
* feat: create folders in ACP uploads #9638
* fix: openapi
* test: missing tests
* fix: eslint
* fix: tests
4 years ago
a288f51f42
fix: allow smaller than 5mins for admin relogin duration
...
setting the value to 1min in ACP wasn't working
4 years ago
d509a307f0
Remove some deprecated/unnecessary code ( #9688 )
...
* refactor: remove mkdirp promisify
* refactor: remove old session deletion API route
* refactor: remove middleware.isAdmin
* refactor: remove templateValues.config.bootswatchSkin
* fix: unused dependencies
4 years ago
afd2d8dab1
feat(emails): pass req in to filter:registration.interstitial
4 years ago
b4b65ecd98
fix(emails): remove debug log
4 years ago
087e6020e4
refactor(email): validation checking methods, +tests fix
4 years ago
69c96dd23c
refactor(emails): more work in update email interstitial, interstitial skipping, email change on confirmation, deprecation of requireEmailConfirmation
4 years ago
04b1f702cd
feat: add loggedin/guest class to body
4 years ago
cc6cbfcdc4
Flags API ( #9666 )
...
* feat: new routes for flags API
+ flag get
+ flag creation, migration from socket method
+ flag update, migration from socket method
* fixed bug where you could not unassign someone from a flag
* feat: tests for new flags API
added missing files for schema update
* fix: flag tests to use Write API instead of sockets
* feat: flag notes API + tests
* chore: remove debug line
* test: fix breaking test on mongo
4 years ago
7036c3751e
feat: internationalize API error messages
4 years ago
a54a3ee1ca
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking]
4 years ago
3cd9434b56
fix: scope
4 years ago
1eda538da5
fix : #9615 , catch exceptions in renderOverride
4 years ago
3d5fef6e80
feat: pass req.query to getUnreadData
4 years ago
9ebfdeb7ee
fix : #9580 , proper 404 when ajaxifying
4 years ago
3d6bdeb3df
feat: add req.query to flags.list/getCount
4 years ago
f6b583bb9d
feat: #9533 , allow redirect in build hooks
4 years ago
6ed8890c2e
fix : #9512 , fix chat icon if no privileges
4 years ago
a478dc7ee8
feat: add filter:middleware.autoLocale
4 years ago
435067aa5f
test: remove logs
4 years ago
2ea468daa3
test: clear cache between runs, require middleware later in helpers
4 years ago
d15e27107e
test: log
4 years ago
354e0a822d
test: remove equals
4 years ago
4dd3844680
fix: logic is hard
4 years ago
2e9efc0e8a
fix: wrong variable for cache
4 years ago
fa0c92a7c4
fix: eslint
4 years ago
ea22cd302a
fix: use req.ip instead, since guests can upload as well
4 years ago
a9978fcfd2
feat: rate limit file uploads
4 years ago
36f119a96a
fix : #9492 , keep query params on redirect
4 years ago
9c52fd2e74
fix : #9450 express session saved even if saveUninitialized explicitly passed in
4 years ago
166d65a1ba
fix: add back middleware.authenticateOrGuest
4 years ago
e3b2c00db1
fix: request authentication called twice in account routes
4 years ago
7da061f0d7
refactor: automatically authenticate all requests setup through route helpers ( #9357 )
...
* refactor: automatically authenticate all requests setup through route helpers
* fix: removed connect-ensure-login dependency
* fix: bug with some middlewares not defined outside route helper methods
4 years ago
cc9d6fd08b
chore: eslint max-len
4 years ago
5c2f0f0557
chore: eslint no-restricted-syntax
4 years ago
23f212a4c0
chore: eslint prefer-destructuring
4 years ago
dab3b23575
chore: eslint no-var, vars-on-top
4 years ago
b56d9e12b5
chore: eslint prefer-arrow-callback
4 years ago
707b55b6a5
chore: eslint prefer-template
4 years ago
53e0d4d2e0
feat: banned-users group
4 years ago
5f9f241e37
chore: remove deprecated `filter:admin/header.build` hook [breaking]
...
Use `filter:middleware.renderAdminHeader` instead.
4 years ago
f975063b7d
fix : #7125 , allow list for page route, configurable via plugin hook
4 years ago
966c4117ec
refactor(api): post move to write API
4 years ago
1374e0eeba
refactor: change var to const
4 years ago
c07e1e16af
feat: add unread-count badge if navigator contains /flags route
4 years ago
6cb5888c13
fix: unescape header navigation originalRoute [breaking]
4 years ago
03a0e72fae
refactor: split out logic dedicated to calculating unread counts, to a separate local method
4 years ago
223f0a5515
feat(acp): admin tags privilege
4 years ago
fb46a8d975
feat(acp): admins-mods privilege
4 years ago
fcc1e24ad0
feat: rename admin middleware header hook
4 years ago
da191341e8
feat(acp): added new admin privilege for groups management
4 years ago
34ccabe3ab
fix: bad assignment logic in middleware.renderHeader
4 years ago
75b1bbd09f
feat: explicitly add filter:admin/header.build hook
...
As it is not fired during middleware.processRender
4 years ago
4c87f30184
feat: allow plugins to override ACP relogin challenge
...
- used in 2factor
4 years ago
90497e3ef5
feat: more work on topic thumbs refactor
...
- addThumb and deleteThumb are now protected routes (duh)
- new getThumbs route GET /api/v3/topics/<tid>/thumbs
- Updated `assert.path` middleware to better handle if relative paths are received with upload_url
- Slight refactor of thumbs lib to use validator to differentiate between tid and UUID
4 years ago
708b1c338f
fix : #9040
4 years ago
7e9e08f718
feat: server-side routes for handling multiple topic thumbnails
...
closes #8994 , requires 'topic-thumb-refactor' branch of composer-default
4 years ago
6037f5ee2c
chore: add comment for clarification
4 years ago
970ccb5a68
fix : #9063 , missing handler for passwordless accounts in admin.checkPrivileges middleware
4 years ago
3ea66f84e1
fix: use file lib instead of directly accessing fs (for Assert.path)
4 years ago
6e2da9966e
refactor: move plugin hook methods to plugin.hooks.*
4 years ago
120999bf63
feat: #7550 , show message if post is queued when js is disabled
4 years ago
e4d2764d4c
fix : #8884 , remove header/footer cache
4 years ago
a0164b1c38
fix: use header/footer cache in prod
4 years ago
2e44639210
fix: guest header/footer cache
...
allow clearing individual caches
4 years ago
4b63f9937c
fix: check is banned in buildHeader
...
remove unused banReason
remove generateHeader function
4 years ago
87bff6cd65
fix: broken test
4 years ago
dda5d42610
fix: restore old behaviour of empty json w/ 401 code in admin middleware
4 years ago
15e0731dd9
fix: deprecate middleware.isAdmin
...
Also, handle admin logout timer in middleware.admin.checkPrivileges
4 years ago
57ed6be78b
fix : #8805 define our own name for write API v3
4 years ago
266d7587b2
refactor: remove usage of middlewares
...
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
4 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
5 years ago
d68ffea80d
feat: send 'Vary' header when ACAO header set
5 years ago
bbafa1b82a
Revert "fix: [breaking] send configured config URL as origin if not custom"
...
This reverts commit 205a10308e
5 years ago
205a10308e
fix: [breaking] send configured config URL as origin if not custom
...
This is a breaking change if your install uses multiple URLs to access. You will need to update the Access-Control-Allow-Origin header in ACP > Advanced > Headers to supply all URLs you use to access your site
5 years ago
ff4fcc23b6
Update bundled logos with new branding ( #8702 )
...
* feat: updating logo assets, square logos missing still
* fix: squared logo for touch icon and notification fallback
* fix: update link to favicon
* feat: add default touch icon sizes, if one isn't uploaded
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
5 years ago
1fd2eba6f2
refactor: async/await
...
src/cli/manage.js
src/meta/build.js
src/meta/css.js
src/meta/js.js
5 years ago
1e07886f30
feat: require csrf token if not using bearer token
5 years ago
dc29f4dca2
refactor: switch to using slugify module
5 years ago
fda2aedfd8
feat: #8734 , jquery-ui, jquery-form, timeago ( #8748 )
...
* feat: #8734 , jquery-ui, jquery-form, timeago
get rid of forum/footer.js move that code to app.js & wait for app to load before calling ajaxify.end
make sockets.js a requirejs module
move jquery-ui to node_modules and load via requirejs
move jquery-form to node_modules and load via requirejs
move timeago to node_modules and load via requirejs
only include the css for needed jquery-ui widgets
* feat: keep socket/io global for backwards compat
* refactor: move socket listener to chat
5 years ago
8ecef7b891
refactor: middleware.assert.*
5 years ago
f870721fca
feat(writeapi): file deletion route
5 years ago
2ec838fc59
feat(writeapi): token generation/delete routes, ACP updates
5 years ago
414169fdfa
feat(writeapi): post delete/restore/purge
5 years ago
8e89f34dbf
fix: bad logic in group assertion middleware
5 years ago
8e7baac6ef
fix(writeapi): calls to profile editing routes 200 even if user DNE
5 years ago
549ca11056
fix: bug where middlewares seemingly ran in parallel
5 years ago
4c833d0bf0
feat(writeapi): topic posting and replying
5 years ago
952dc211dd
feat(writeapi): added group joining and deletion
5 years ago
ba345e53e8
feat(writeapi): added POST /api/v1/groups
5 years ago
a1ddc210b2
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users
5 years ago
bba2a4638c
fix: user creation POST route returns user data, updated openapi spec
5 years ago
Barış Soner Uşaklı
Julian Lam
gasoved
Opliko
Barış Soner Uşaklı
psychobunny
Peter Jaszkowiak