* fix: #8142, broken site if no server-side session
During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session. If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.
Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.
* feat: exported method to get cookie config
* fix: don't clear cookie if cookie is being set
* fix: socket.io tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* Add view users info global privilege
* Show user ip only to global mods and admins
* fix missing comma
* Hide link for users without correct privilege
* move getting privilege information to getAllData
* Hide the link from Global Moderators as well
* Give Global Moderator view:users:info privilege
* Restrict ip in post menu to view:users:info
* add some trailing commas....
* Add privilege to categories test
* Add group privilege to categories test
* add upgrade script
* fix style for TravisCI
* more styling - change spaces to tabs
* some more styling fixes (hopefully final one)
* fix style for Travis CI
* hide ip in chat messages
* Don't show even hidden ips on user profile page
* feat: wip -- refresh meta tags on ajaxify
* feat: wrapped up meta tags update on ajaxify feature
* fix: removed commented-out line
* fix: removed another commented-out line
* auto unban when User.getUsersFields is called and the user is banned but has expired
* cleanups and removal of expiry_readable
* expiry_readable make an alias for backward compatibility
* User.bans.func vs User.*ban*Func
* console.log cleanups, plus todo message added
* use code util.deprecate
* fix: remove ununsed winston require
Used in authentication middleware. Instead of firing an action
hook, it now fires a response hook.
Response hooks are invoked serially, and if headers are sent from
one of the hook listeners, all subsequent hook methods are not
called.
Response hooks should only be used in situations where res.send
(or other like methods) are invoked. Existing plugin hooks that
pass in res purely for data retrieval purposes have not changed).
fixesnodebb/nodebb-plugin-write-api#101
A regression was identified where the skin was not shown in the
body class. This resolves the issue and adds a workaround so that
the fix does not become breaking for custom themes.
* fix: removal of timeago fallback middleware
Instead of loading English fallback on missing language, we opt
to not send a script tag for a missing language to begin with.
Timeago already loads with English as default, so it will just
continue to use English.
* fix: check userLang against supported language codes
* fix: cleaned up code as per @pitaj
* fix: added comments
* fix: more fixes as per @pitaj
* feat: added addl. test for timeago locales, fixed broken test
- RTL is applied (or unapplied) on login and logout depending on
user language/guest-detected language.
- config is automatically saved into res.locals.config whenever
loadConfig is called
- On login/logout, buildHeader is called instead of getting config
- On logout, req.uid is deleted instead of set to 0
* fix: #7038, autoLocale logic not playing nicely with no-refresh auths
- on login, req.query.lang is deleted (since it seems to be left over)
- on logout, the middleware.autoLocale is executed, which resets
req.query.lang
- middleware.autoLocale is new, just refactored existing logic in
webserver.js into new middleware method.
* style: tests, use lodash
* fix: timeago strings not switching languages on login or out
During regular processing, a timestamp is prepended to the filename
for any uploaded files. We don't want this to be part of the filename
if an end-user elects to download the file.
This commit adds a middleware to strip out that portion of the
basename and adds the appropriate Content-Disposition header for
files in /uploads/files
Fixes#6953
* WIP
* using bootswatch from npm instead of bootswatch CDN url
* feat: on-demand client css building for skins
* added ability for client-side to select a skin
* updated loading and saving logic of bootstrapSkin on client side user settings
* fix: broken test for #6849
* no-refresh login as well, plus lots of fixes for missing config on login
* replace config with new set on logout as well
* passing new payload data into new action:app.loggedIn hook, and old action:app.loggedOut hook
* fixed issues with socket.io not properly representing uid on server
* some light refactoring and cleanup
* minor cleanup, fixed spa logout not working after login
* have reconnection handler for socket.io wait 2s to confirm disconnection before reporting -- stops flicker if reconnecting immediately
* Dynamically replace chat and slideout menu on updateHeader()
... instead of just the menu items.
* more efficient calls to Benchpress and translator /cc @pitaj
* fix: chats and notification handlers not working after login
* fix: accidentally calling cb multiple times
* Store config fields as JSON in the db
Fewer parseInts
* Remove unnecessary parseInts
* remove some dupe code add tests
* remove console.log
* remove more parseInts
* WIP: read meta.configs defaults from defaults.json
remove more parseInts
* more work
* add log for failing test
* update admin pwd
* fix tests, dont require posts/cache before configs are initialized
* handle saves
* Test boolean conditions
* remove more parseInts
* Fix boolean values
* remove lots more parseInts
* removed json parsing
* renamed var to number
* categories dont have timestamp
* WIP
* more unread work
* faster teaser block handling
if user doesn't have anyone blocked don't check
* much faster filtering of blocked posts
* add missing uid
* add tidsByFilter to return
* dont load all pids to find previous non-blocked teaser
* fix unread filters
they no longer use unread/new unread/watched etc they are query strings now
* shorter nav item code
* add unreplied to filters
fix icons not clearing to 0
dont increment unread counters if there is a reply in a topic where you ignored the topic creator
* DRY req props that depend on auth (fix#6727)
authentication leads to req.loggedIn and req.uid being set. However, a
later authentication event might outdate them. Here, I create one
function for setting those properties, and make sure it also is called
on the `action:middleware.authenticate` hook, which would be such an
authentication event. If there are other places, those should be added
as well.
* fix lint errors
* fix lint error
* change exports
- Benchpress compilation is 33x faster now
- Native module with JS fallback and pre-built binaries
- Dev template build is <1sec now
- Minified template build is ~5sec (uglify accounts for almost all)
* ACP quick actions
- Moved restart, build & restart, and logout into separate buttons
- Moved buttons on mobile into the side menu
- Added version and upgrade alert to header / mobile menu
- Moved version checking to server-side with a cache for rate limiting
- Changed "reload" translations to "rebuild and restart"
* Change info alert to black-on-white to match focused search bar
* Fix tests
* Fallback for failed fetch of latest version
* `setup` command fixes and improvements
- Enable using the `./nodebb setup` command for auto-setup with a JSON argument
- Change CLI so package-install and dependency install are separate steps
- Fix#6142
* Prevent compiling templates multiple times
- Multiple requests for same template get pooled
- Hopefully fixes the "templateFunction is not a function" error which happens if site is restarted during high-traffic times
* More helpful upgrade template
* Change languages build to use less memory
Add graceful-fs so no ned to worry about fs limits
* Specify encoding for fs.readFile
Use eachLimit since graceful-fs handles that now
* Add `/me*` route which redirects to the current user's information
- `/me` -> `/user/[usertslug]`
- `/me/bookmarks` -> `/user/[userslug]/bookmarks`
- `/me/settings` -> `/user/[userslug]/settings`
etc
* Add tests for `/me/*`
* Use Benchpress
* Use Benchpress.compileParse
* Error for template load failure
* Use benchpressjs package
* Compile templates on demand
* Fix user settings page
* Fix admin search to exclude `.jst` files
* Fix 500-embed
So ajaxify can still show an error if the server goes down
This fixes the following error:
$ wget https://nodebb.yourdomain/apple-touch-icon
28/6 09:57:06 [28332] - error: /apple-touch-icon
Error: ENOENT: no such file or directory, stat '/home/sweet/nodebb/public/assets/uploads/system/touchicon-orig.png'
at Error (native)
Barış Soner Uşaklı
Julian Lam
Opliko
Aziz Khoury
Barış Soner Uşaklı
Peter Jaszkowiak
renovate[bot]
LudwikJaniuk
Marc-Aurèle DARCHE
psychobunny