3cd9434b56
fix: scope
4 years ago
1eda538da5
fix : #9615 , catch exceptions in renderOverride
4 years ago
3d5fef6e80
feat: pass req.query to getUnreadData
4 years ago
9ebfdeb7ee
fix : #9580 , proper 404 when ajaxifying
4 years ago
3d6bdeb3df
feat: add req.query to flags.list/getCount
4 years ago
f6b583bb9d
feat: #9533 , allow redirect in build hooks
4 years ago
6ed8890c2e
fix : #9512 , fix chat icon if no privileges
4 years ago
a478dc7ee8
feat: add filter:middleware.autoLocale
4 years ago
435067aa5f
test: remove logs
4 years ago
2ea468daa3
test: clear cache between runs, require middleware later in helpers
4 years ago
d15e27107e
test: log
4 years ago
354e0a822d
test: remove equals
4 years ago
4dd3844680
fix: logic is hard
4 years ago
2e9efc0e8a
fix: wrong variable for cache
4 years ago
fa0c92a7c4
fix: eslint
4 years ago
ea22cd302a
fix: use req.ip instead, since guests can upload as well
4 years ago
a9978fcfd2
feat: rate limit file uploads
4 years ago
36f119a96a
fix : #9492 , keep query params on redirect
4 years ago
9c52fd2e74
fix : #9450 express session saved even if saveUninitialized explicitly passed in
4 years ago
166d65a1ba
fix: add back middleware.authenticateOrGuest
4 years ago
e3b2c00db1
fix: request authentication called twice in account routes
4 years ago
7da061f0d7
refactor: automatically authenticate all requests setup through route helpers ( #9357 )
...
* refactor: automatically authenticate all requests setup through route helpers
* fix: removed connect-ensure-login dependency
* fix: bug with some middlewares not defined outside route helper methods
4 years ago
cc9d6fd08b
chore: eslint max-len
4 years ago
5c2f0f0557
chore: eslint no-restricted-syntax
4 years ago
23f212a4c0
chore: eslint prefer-destructuring
4 years ago
dab3b23575
chore: eslint no-var, vars-on-top
4 years ago
b56d9e12b5
chore: eslint prefer-arrow-callback
4 years ago
707b55b6a5
chore: eslint prefer-template
4 years ago
53e0d4d2e0
feat: banned-users group
4 years ago
5f9f241e37
chore: remove deprecated `filter:admin/header.build` hook [breaking]
...
Use `filter:middleware.renderAdminHeader` instead.
4 years ago
f975063b7d
fix : #7125 , allow list for page route, configurable via plugin hook
4 years ago
966c4117ec
refactor(api): post move to write API
4 years ago
1374e0eeba
refactor: change var to const
4 years ago
c07e1e16af
feat: add unread-count badge if navigator contains /flags route
4 years ago
6cb5888c13
fix: unescape header navigation originalRoute [breaking]
4 years ago
03a0e72fae
refactor: split out logic dedicated to calculating unread counts, to a separate local method
4 years ago
223f0a5515
feat(acp): admin tags privilege
4 years ago
fb46a8d975
feat(acp): admins-mods privilege
4 years ago
fcc1e24ad0
feat: rename admin middleware header hook
4 years ago
da191341e8
feat(acp): added new admin privilege for groups management
4 years ago
34ccabe3ab
fix: bad assignment logic in middleware.renderHeader
4 years ago
75b1bbd09f
feat: explicitly add filter:admin/header.build hook
...
As it is not fired during middleware.processRender
4 years ago
4c87f30184
feat: allow plugins to override ACP relogin challenge
...
- used in 2factor
4 years ago
90497e3ef5
feat: more work on topic thumbs refactor
...
- addThumb and deleteThumb are now protected routes (duh)
- new getThumbs route GET /api/v3/topics/<tid>/thumbs
- Updated `assert.path` middleware to better handle if relative paths are received with upload_url
- Slight refactor of thumbs lib to use validator to differentiate between tid and UUID
4 years ago
708b1c338f
fix : #9040
4 years ago
7e9e08f718
feat: server-side routes for handling multiple topic thumbnails
...
closes #8994 , requires 'topic-thumb-refactor' branch of composer-default
4 years ago
6037f5ee2c
chore: add comment for clarification
4 years ago
970ccb5a68
fix : #9063 , missing handler for passwordless accounts in admin.checkPrivileges middleware
4 years ago
3ea66f84e1
fix: use file lib instead of directly accessing fs (for Assert.path)
4 years ago
6e2da9966e
refactor: move plugin hook methods to plugin.hooks.*
4 years ago
120999bf63
feat: #7550 , show message if post is queued when js is disabled
4 years ago
e4d2764d4c
fix : #8884 , remove header/footer cache
4 years ago
a0164b1c38
fix: use header/footer cache in prod
4 years ago
2e44639210
fix: guest header/footer cache
...
allow clearing individual caches
4 years ago
4b63f9937c
fix: check is banned in buildHeader
...
remove unused banReason
remove generateHeader function
4 years ago
87bff6cd65
fix: broken test
4 years ago
dda5d42610
fix: restore old behaviour of empty json w/ 401 code in admin middleware
4 years ago
15e0731dd9
fix: deprecate middleware.isAdmin
...
Also, handle admin logout timer in middleware.admin.checkPrivileges
4 years ago
57ed6be78b
fix : #8805 define our own name for write API v3
4 years ago
266d7587b2
refactor: remove usage of middlewares
...
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
4 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
4 years ago
d68ffea80d
feat: send 'Vary' header when ACAO header set
4 years ago
bbafa1b82a
Revert "fix: [breaking] send configured config URL as origin if not custom"
...
This reverts commit 205a10308e
4 years ago
205a10308e
fix: [breaking] send configured config URL as origin if not custom
...
This is a breaking change if your install uses multiple URLs to access. You will need to update the Access-Control-Allow-Origin header in ACP > Advanced > Headers to supply all URLs you use to access your site
4 years ago
ff4fcc23b6
Update bundled logos with new branding ( #8702 )
...
* feat: updating logo assets, square logos missing still
* fix: squared logo for touch icon and notification fallback
* fix: update link to favicon
* feat: add default touch icon sizes, if one isn't uploaded
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
4 years ago
1fd2eba6f2
refactor: async/await
...
src/cli/manage.js
src/meta/build.js
src/meta/css.js
src/meta/js.js
4 years ago
1e07886f30
feat: require csrf token if not using bearer token
4 years ago
dc29f4dca2
refactor: switch to using slugify module
4 years ago
fda2aedfd8
feat: #8734 , jquery-ui, jquery-form, timeago ( #8748 )
...
* feat: #8734 , jquery-ui, jquery-form, timeago
get rid of forum/footer.js move that code to app.js & wait for app to load before calling ajaxify.end
make sockets.js a requirejs module
move jquery-ui to node_modules and load via requirejs
move jquery-form to node_modules and load via requirejs
move timeago to node_modules and load via requirejs
only include the css for needed jquery-ui widgets
* feat: keep socket/io global for backwards compat
* refactor: move socket listener to chat
4 years ago
8ecef7b891
refactor: middleware.assert.*
4 years ago
f870721fca
feat(writeapi): file deletion route
4 years ago
2ec838fc59
feat(writeapi): token generation/delete routes, ACP updates
4 years ago
414169fdfa
feat(writeapi): post delete/restore/purge
4 years ago
8e89f34dbf
fix: bad logic in group assertion middleware
4 years ago
8e7baac6ef
fix(writeapi): calls to profile editing routes 200 even if user DNE
4 years ago
549ca11056
fix: bug where middlewares seemingly ran in parallel
4 years ago
4c833d0bf0
feat(writeapi): topic posting and replying
4 years ago
952dc211dd
feat(writeapi): added group joining and deletion
4 years ago
ba345e53e8
feat(writeapi): added POST /api/v1/groups
4 years ago
a1ddc210b2
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users
4 years ago
bba2a4638c
fix: user creation POST route returns user data, updated openapi spec
4 years ago
7b6d43bcc8
feat: added checkRequired middleware for API calls
4 years ago
fd67355b03
fix(writeapi): authenticate middleware logic to work better with await
4 years ago
f6433ef2c5
fix(refactor): merging write-api auth middlewares with core middlewares
4 years ago
ec5c48b188
feat: migrating write-api skeleton into core
4 years ago
46ab2711d4
fix : #8432 , add CSP frame-ancestors
5 years ago
6fc31df033
feat: use const/let
5 years ago
4b0cb26b34
fix: empty "manage" menu showing in ACP
...
... if no privileges corresponding to those menu items
are given
5 years ago
cf2f1e956a
refactor: changed way middleware was exported
5 years ago
f00595b32d
fix: change how admin middlewares are exported
5 years ago
ae68a254d7
fix: one less return, to appease codeclimate
5 years ago
03bd76dea2
fix: inability to access /admin if not superadmin
...
There was an odd issue where non-superadmins could not use
the /admin route to access the ACP, even though they had
appropriate access. For whatever reason, it could not
be reliably reproduced on my dev. As it turns out, the
reason was because I was checking the wrong privilege,
and my dev database had this wrong privilege leftover
from the initial development of the ACP admin privileges
feature. Dumb.
Anyhow, that fixes this issue.
5 years ago
6521e4dac4
Revert "feat: expose global/admin privileges to all routes"
...
This reverts commit 4737f937ee
5 years ago
4737f937ee
feat: expose global/admin privileges to all routes
...
@barisusakli revert if necessary 😬
5 years ago
6e91885836
feat: use assetBaseUrl instead of hardcoding
5 years ago
3f01f4a2b8
Revert "feat: load timeago strings client-side"
...
This reverts commit 558a2d739c
5 years ago
558a2d739c
feat: load timeago strings client-side
...
9adaccd036
5 years ago
3761f05c98
feat: change invalid language codes to default lang
5 years ago
0cea713691
feat: remove deprecated checkGlobalPrivacySettings
5 years ago
a0da2ba774
feat: remove deprecated isAdmin method
5 years ago
Barış Soner Uşaklı
Barış Soner Uşaklı
psychobunny
Julian Lam
Peter Jaszkowiak
gasoved