8bbb320867
feat: handle HTTP 429 as a response code
4 years ago
56f929ed4f
feat: add write API route for checking login credentials
4 years ago
1cf0032d9f
feat: allow override of local fns in login controller, 400 instead of 500 for wrong login type [breaking]
4 years ago
6cbb77afda
fix: add missing breadcrumb on /user/<slug>/categories
4 years ago
edb8da1ef9
feat(api): closes #9123 category and topic routes migrated to Write API
4 years ago
9ecfac9b68
feat(api): #9123 , migrate rest of the getObject controllers to Write API
4 years ago
cdff8d286a
chore(api): add deprecation notices re: #9123
4 years ago
e267f29584
feat(api): #9123 , migrate /api/post/pid/:pid to Write API
4 years ago
c1ecfd1ebf
feat: #9135 , don't try to reconnect forever
4 years ago
d27815a8c0
fix : #9149 , incorrect client-side `disableChatMessageEditing` value for admins/gmods
4 years ago
223f0a5515
feat(acp): admin tags privilege
4 years ago
fb46a8d975
feat(acp): admins-mods privilege
4 years ago
da191341e8
feat(acp): added new admin privilege for groups management
4 years ago
32e36f7b2e
feat(api): group ownership API route, switch client-side to use API route
4 years ago
1cd2689cf6
refactor(api): deprecated groups update socket in favour of API lib
4 years ago
438fa5c88f
fix: send fewer items to client-side for ACP settings/email page
4 years ago
4404e32ed9
fix : #9117 , lower query before search
4 years ago
8f938eba19
fix : #9074 , fix svg uploads
4 years ago
ab98740821
fix : #9100 topic thumbs in OG image tags
4 years ago
80de572aa1
feat: add user.email.confirmByUid for sso plugins
4 years ago
bd5c4a5cff
fix: tests
5 years ago
3e54b70c06
fix : #9092 , Topic thumbnails do not work with third-party uploaders
5 years ago
a30c8ab5c8
feat: clent-side modal for managing topic thumbs
...
closes #9087
5 years ago
67cf5e83b7
fix: changes to thumb resizing logic
...
- Resized thumb no longer skews aspect ratio
- Thumbs resized down to maximum thumb size by WIDTH only
- image.checkDimensions() now returns dimensions
5 years ago
c043cfebd6
fix: added back missing topic thumb tests that were removed in last commit
5 years ago
340387c18a
fix : #9055 , non-standard API response from addThumbs route
...
Also removed old thumb upload router handler, and updated uploadPost handling in composer to match new response schema
5 years ago
5950683316
feat: closes #9048 , tests for topic thumbs routes, write API schema
5 years ago
4152aa552e
feat: tests for topic thumbs
...
Also added some error checking to addThumbs controller
5 years ago
ef7d6db912
feat: server-side work for #9047
...
- rename Thumbs.commit to Thumbs.migrate
- new PUT method that calls Thumbs.migrate
- `checkThumbPrivileges` now takes a single object parameter (ins. of req/res)
5 years ago
b5d910f53b
feat: core work for #9042 , thumb deletion now accepts uuids
...
+ common data validation for thumb addition and deletion
5 years ago
90497e3ef5
feat: more work on topic thumbs refactor
...
- addThumb and deleteThumb are now protected routes (duh)
- new getThumbs route GET /api/v3/topics/<tid>/thumbs
- Updated `assert.path` middleware to better handle if relative paths are received with upload_url
- Slight refactor of thumbs lib to use validator to differentiate between tid and UUID
5 years ago
708b1c338f
fix : #9040
5 years ago
7e9e08f718
feat: server-side routes for handling multiple topic thumbnails
...
closes #8994 , requires 'topic-thumb-refactor' branch of composer-default
5 years ago
98cd9e3549
feat: allow uploadThumb controller to be called in code
...
it, and uploadsController.upload() now return the results of their operation
5 years ago
efa4eca0fe
fix : #9045 , no post usage info if '/files/' path received
5 years ago
d2888d1d1f
Category tags ( #8938 )
...
* feat: wip category tags
* fix: tag search
* feat: remove debug
* fix: returns of searchTags and autocomplete
* fix: alpha sort
* fix: redis
* fix: delete zsets on category purge, fix another test
* fix: test
5 years ago
648f6215ef
fix: redirect external with absolute urls
5 years ago
458bfc0faf
fix: external path for subfolder installs
5 years ago
64ac483ddd
fix : #9032
5 years ago
5d00b0895b
fix: sso redirect on /login & /api/login
5 years ago
6f68f4d20a
fix : #9032 , fix login redirect for sso plugins
5 years ago
5f0f476b57
feat: #9005 , use timestamp in profile/cover images
...
delete current one if keepAllUserImages is turned off
fix typo in data
5 years ago
954dc5b7be
feat: #8983 , update pin tooltip in topic
5 years ago
1eb5fabdb1
feat: #8900 , postQueue setting for category
5 years ago
202dcef42e
fix : #9010 , show rest of info even if clusterMonitor priv is not granted
5 years ago
acb576662e
fix(spec): from 6e6a7a8f8a
5 years ago
6e6a7a8f8a
fix : #8969 , export csv to file
5 years ago
007a3258a0
feat: add handler for 501 api response
5 years ago
bf171adc83
fix : #8979
5 years ago
1e7cf1cbc4
fix : #8971 , disallow flags of privileged users (mods, gmods, admins)
5 years ago
b8cafefce2
fix: winston usages
5 years ago
906d7d734b
refactor: move API banned response handler to separate internal method
5 years ago
afb26bfe48
feat: show ban reason and expiry in write api responses, if user is banned
5 years ago
6e5ec3f895
feat: automatically unban users in onSuccessfulLogin
...
This allows write API (and probably SSO login) to go through unimpeded if a user's ban has expired. Closes nodebb/nodebb-plugin-write-api#126
5 years ago
77f0bff54f
fix : #8929 , fix popular, top rss feed urls
5 years ago
b18e7e319b
fix: spec
5 years ago
3f337b5d7c
feat: #8925 , #8924
5 years ago
5fa098326f
fix: https://github.com/NodeBB/NodeBB/pull/8685
...
fix category link redirect on cold load
fix helpers.redirect if passed in url is external
fix ajaxify so it doesn't slice first character of external url
5 years ago
9ee1fb490e
fix: https://github.com/NodeBB/NodeBB/pull/8759
5 years ago
672d4da078
feat: human readable uptime
5 years ago
6e2da9966e
refactor: move plugin hook methods to plugin.hooks.*
5 years ago
046d0b1637
feat: allow pins to expire (if set) ( #8908 )
...
* fix: add back topic assert middleware for pin route
* feat: server-side handling of pin expiries
* refactor: togglePin to not require uid parameter [breaking]
* feat: automatic unpinning if pin has expiration set
* feat: client-side modal for setting pin expiration
* refactor: categories.getPinnedTids to accept multiple cids
... in preparation for pin expiry logic, direct access to *:pinned zsets is discouraged
* fix: remove references to since-removed jobs file for topics
* feat: expire pins when getPinnedTids is called
* refactor: make the togglePin change non-breaking
The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid
5 years ago
8d060065a0
fix: spec
5 years ago
e9585b9be2
fix: group userTitles translation escapes
5 years ago
a0b7a82350
feat(api): account deletion routes for the Write API ( #8881 )
...
* feat(api): account deletion routes for the Write API
* refactor: rewrite client-side calls to account deletion to use api
* style: apply DRY
5 years ago
120999bf63
feat: #7550 , show message if post is queued when js is disabled
5 years ago
35f932cd64
feat: #8171 , add oldCategory if topic is moved
5 years ago
1d6bcbebde
feat: https://github.com/NodeBB/NodeBB/issues/8147
5 years ago
e1d7c4d8aa
fix: internal helper method hasGlobalPrivilege, DRY
5 years ago
3ccebf112e
feat: invites regardless of registration type, invite privilege, groups to join on acceptance ( #8786 )
...
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
5 years ago
e4d2764d4c
fix : #8884 , remove header/footer cache
5 years ago
5598130a92
refactor: async/await controllers/index.js
5 years ago
f14e42d8bc
fix : #8883
5 years ago
51b7eca119
fix: run every hour, dont show message if average_time is 0
5 years ago
04f4429f72
Resolve #7514 - optional timer for registration queue ( #8796 )
...
* feat: #7514 Optional timer for registration queue
* feat: show minutes in average time
* fix: don't show total number of minutes
* feat: implement requested changes
* fix: just store minutes instead of milliseconds
* feat: set default values
5 years ago
567c5f2056
fix : #8869 , dont escape category title,description twice
5 years ago
f300c933a5
refactor: move session revocation route to write api
5 years ago
2e44639210
fix: guest header/footer cache
...
allow clearing individual caches
5 years ago
f1f9b225b0
feat: #8824 , cache refactor ( #8851 )
...
* feat: #8824 , cache refactor
ability to disable caches
ability to download contents of cache
refactor cache modules to remove duplicated code
* fix: remove duplicate hit/miss tracking
check cacheEnabled in getUncachedKeys
5 years ago
d263192271
feat: group exists API call in write api
5 years ago
1446cec77f
feat: user exist route in write api
5 years ago
6b196a207f
fix: permanent redirect on user api redirect shorthand
5 years ago
60e1e99b4f
feat: new shorthand route /api/v3/users/bySlug/:userslug
...
closes #8844
5 years ago
512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
5 years ago
c61dee4b62
fix : #8840 , don't crash if /compose route is called with no query params
5 years ago
9e3eb5d41a
feat: #8821 , allow guest topic views
5 years ago
891a1ea2af
fix : #8827 , do not require admin:users privilege to ban users
5 years ago
c0f699e655
fix: disallow registration attempts with password length > 4096
...
This is a stopgap measure for v1.15.0
5 years ago
6e85920cb6
feat: allow mods/admins to see deleted posts on user profile
5 years ago
266d7587b2
refactor: remove usage of middlewares
...
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
5 years ago
aa8faf58a0
refactor: remove /users/{uid}/settings/{setting} route
...
@baris Also, I am now allowing the following properties to be saved in User.saveSettings:
- categoryTopicSort
- topicPostSort
- setCategorySort
- setTopicSort
5 years ago
618e098305
fix: bug where token generation route would fail on null case
5 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
5 years ago
a7b6d0dfe5
feat: add free and total mem usage to info
5 years ago
c26f2b6599
feat(writeapi): user settings API
5 years ago
7bddec93ec
fix: sortby
5 years ago
b3619d3d47
fix : #8774
5 years ago
d9a16855d0
refactor: posts api
5 years ago
272e73da53
refactor: post restore/delete/purge
5 years ago
9738e20207
refactor: merge post.edit
...
fix: dont fadeout/fadeint if title/post didnt change
5 years ago
2279e37261
refactor: deprecate socket.emit('users.search') use api route
5 years ago
083c74e059
refactor: api categories
5 years ago
e78c498e84
fix: missing doTopicAction, fix wrong api params
5 years ago
bc880ee0ca
refactor: remove sockets.reqFromSocket
5 years ago
9ee3cb9b62
refactor: topic follow/ignore to use api lib
5 years ago
68d6818bca
refactor: topic tools' actions to use api lib
5 years ago
21974a77f8
feat: topic reply to use api lib (also + missing file)
5 years ago
40598b368e
refactor: topic creation to use api lib
5 years ago
ede9435f0e
feat: send 401 for invalid-uid
5 years ago
14f9d8b0e5
feat: send back 403 on no-privileges error
5 years ago
2d252f2fa4
refactor: user bans to use api lib
5 years ago
e367c5403e
refactor: move groups.leave, fix some tests
5 years ago
bbbd9fee85
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
960e925e40
refactor: change password/user follow to use api lib
5 years ago
081c4fa6d4
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
430e7f5834
refactor: user deletion to use api lib
5 years ago
8ae1f81cf4
feat: refactor groups.delete
5 years ago
31ae8a8323
refactor: socket profile update to use api lib
5 years ago
d69e503d21
feat: move groups.join to api
5 years ago
23086daead
refactor: user create and profile update to use api lib
5 years ago
5e2caf19f5
refactor: use single function for api code
5 years ago
25e4a09816
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
4418ff0716
fix : #8768
5 years ago
cc6e995ee2
fix: api bug where user profile editing continued even if not allowed
5 years ago
e6ea71c95a
fix: test
5 years ago
8c6a559188
fix: timestamp
5 years ago
331d236f6e
fix : #8763
5 years ago
a481024d27
fix: lastonline again
5 years ago
97628e2ff2
fix: lastonline values
5 years ago
59bbede8c7
fix: cant join system groups
5 years ago
a411df1321
fix: tests
5 years ago
a2edb86dfb
feat: change user search to use filters array
5 years ago
959314c921
feat: add filter
5 years ago
682e926c6b
feat: #8662 , verified/unverified user groups
5 years ago
700e1e4340
feat: more fixes
5 years ago
40a05b70ef
feat: more work
5 years ago
b038ac07d8
feat: wip admin/users
5 years ago
30d6a2b84e
fix : #8756 , pass missing req to mock
5 years ago
dc29f4dca2
refactor: switch to using slugify module
5 years ago
4a63c20a72
chore: some optimizations for codeclimate
5 years ago
f870721fca
feat(writeapi): file deletion route
5 years ago
a55b381791
feat(writeapi): admin settings update route
5 years ago
2ec838fc59
feat(writeapi): token generation/delete routes, ACP updates
5 years ago
0973feea16
feat(writeapi): post bookmarking
5 years ago
9942c248eb
feat(writeapi): post voting
5 years ago
5e2a3ea6ec
refactor(writeapi): post.tools.purge no longer a method
5 years ago
414169fdfa
feat(writeapi): post delete/restore/purge
5 years ago
f66c2fb60f
feat(writeapi): post editing
5 years ago
1605e5e443
feat(writeapi): topic tags
5 years ago
9be5629458
feat(writeapi): topic follow/ignore
5 years ago
Julian Lam
Barış Soner Uşaklı
Barış Soner Uşaklı
gasoved
Opliko