b8cafefce2
fix: winston usages
5 years ago
906d7d734b
refactor: move API banned response handler to separate internal method
5 years ago
afb26bfe48
feat: show ban reason and expiry in write api responses, if user is banned
5 years ago
6e5ec3f895
feat: automatically unban users in onSuccessfulLogin
...
This allows write API (and probably SSO login) to go through unimpeded if a user's ban has expired. Closes nodebb/nodebb-plugin-write-api#126
5 years ago
77f0bff54f
fix : #8929 , fix popular, top rss feed urls
5 years ago
b18e7e319b
fix: spec
5 years ago
3f337b5d7c
feat: #8925 , #8924
5 years ago
5fa098326f
fix: https://github.com/NodeBB/NodeBB/pull/8685
...
fix category link redirect on cold load
fix helpers.redirect if passed in url is external
fix ajaxify so it doesn't slice first character of external url
5 years ago
9ee1fb490e
fix: https://github.com/NodeBB/NodeBB/pull/8759
5 years ago
672d4da078
feat: human readable uptime
5 years ago
6e2da9966e
refactor: move plugin hook methods to plugin.hooks.*
5 years ago
046d0b1637
feat: allow pins to expire (if set) ( #8908 )
...
* fix: add back topic assert middleware for pin route
* feat: server-side handling of pin expiries
* refactor: togglePin to not require uid parameter [breaking]
* feat: automatic unpinning if pin has expiration set
* feat: client-side modal for setting pin expiration
* refactor: categories.getPinnedTids to accept multiple cids
... in preparation for pin expiry logic, direct access to *:pinned zsets is discouraged
* fix: remove references to since-removed jobs file for topics
* feat: expire pins when getPinnedTids is called
* refactor: make the togglePin change non-breaking
The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid
5 years ago
8d060065a0
fix: spec
5 years ago
e9585b9be2
fix: group userTitles translation escapes
5 years ago
a0b7a82350
feat(api): account deletion routes for the Write API ( #8881 )
...
* feat(api): account deletion routes for the Write API
* refactor: rewrite client-side calls to account deletion to use api
* style: apply DRY
5 years ago
120999bf63
feat: #7550 , show message if post is queued when js is disabled
5 years ago
35f932cd64
feat: #8171 , add oldCategory if topic is moved
5 years ago
1d6bcbebde
feat: https://github.com/NodeBB/NodeBB/issues/8147
5 years ago
e1d7c4d8aa
fix: internal helper method hasGlobalPrivilege, DRY
5 years ago
3ccebf112e
feat: invites regardless of registration type, invite privilege, groups to join on acceptance ( #8786 )
...
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
5 years ago
e4d2764d4c
fix : #8884 , remove header/footer cache
5 years ago
5598130a92
refactor: async/await controllers/index.js
5 years ago
f14e42d8bc
fix : #8883
5 years ago
51b7eca119
fix: run every hour, dont show message if average_time is 0
5 years ago
04f4429f72
Resolve #7514 - optional timer for registration queue ( #8796 )
...
* feat: #7514 Optional timer for registration queue
* feat: show minutes in average time
* fix: don't show total number of minutes
* feat: implement requested changes
* fix: just store minutes instead of milliseconds
* feat: set default values
5 years ago
567c5f2056
fix : #8869 , dont escape category title,description twice
5 years ago
f300c933a5
refactor: move session revocation route to write api
5 years ago
2e44639210
fix: guest header/footer cache
...
allow clearing individual caches
5 years ago
f1f9b225b0
feat: #8824 , cache refactor ( #8851 )
...
* feat: #8824 , cache refactor
ability to disable caches
ability to download contents of cache
refactor cache modules to remove duplicated code
* fix: remove duplicate hit/miss tracking
check cacheEnabled in getUncachedKeys
5 years ago
d263192271
feat: group exists API call in write api
5 years ago
1446cec77f
feat: user exist route in write api
5 years ago
6b196a207f
fix: permanent redirect on user api redirect shorthand
5 years ago
60e1e99b4f
feat: new shorthand route /api/v3/users/bySlug/:userslug
...
closes #8844
5 years ago
512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
5 years ago
c61dee4b62
fix : #8840 , don't crash if /compose route is called with no query params
5 years ago
9e3eb5d41a
feat: #8821 , allow guest topic views
5 years ago
891a1ea2af
fix : #8827 , do not require admin:users privilege to ban users
5 years ago
c0f699e655
fix: disallow registration attempts with password length > 4096
...
This is a stopgap measure for v1.15.0
5 years ago
6e85920cb6
feat: allow mods/admins to see deleted posts on user profile
5 years ago
266d7587b2
refactor: remove usage of middlewares
...
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
5 years ago
aa8faf58a0
refactor: remove /users/{uid}/settings/{setting} route
...
@baris Also, I am now allowing the following properties to be saved in User.saveSettings:
- categoryTopicSort
- topicPostSort
- setCategorySort
- setTopicSort
5 years ago
618e098305
fix: bug where token generation route would fail on null case
5 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
5 years ago
a7b6d0dfe5
feat: add free and total mem usage to info
5 years ago
c26f2b6599
feat(writeapi): user settings API
5 years ago
7bddec93ec
fix: sortby
5 years ago
b3619d3d47
fix : #8774
5 years ago
d9a16855d0
refactor: posts api
5 years ago
272e73da53
refactor: post restore/delete/purge
5 years ago
9738e20207
refactor: merge post.edit
...
fix: dont fadeout/fadeint if title/post didnt change
5 years ago
2279e37261
refactor: deprecate socket.emit('users.search') use api route
5 years ago
083c74e059
refactor: api categories
5 years ago
e78c498e84
fix: missing doTopicAction, fix wrong api params
5 years ago
bc880ee0ca
refactor: remove sockets.reqFromSocket
5 years ago
9ee3cb9b62
refactor: topic follow/ignore to use api lib
5 years ago
68d6818bca
refactor: topic tools' actions to use api lib
5 years ago
21974a77f8
feat: topic reply to use api lib (also + missing file)
5 years ago
40598b368e
refactor: topic creation to use api lib
5 years ago
ede9435f0e
feat: send 401 for invalid-uid
5 years ago
14f9d8b0e5
feat: send back 403 on no-privileges error
5 years ago
2d252f2fa4
refactor: user bans to use api lib
5 years ago
e367c5403e
refactor: move groups.leave, fix some tests
5 years ago
bbbd9fee85
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
960e925e40
refactor: change password/user follow to use api lib
5 years ago
081c4fa6d4
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
430e7f5834
refactor: user deletion to use api lib
5 years ago
8ae1f81cf4
feat: refactor groups.delete
5 years ago
31ae8a8323
refactor: socket profile update to use api lib
5 years ago
d69e503d21
feat: move groups.join to api
5 years ago
23086daead
refactor: user create and profile update to use api lib
5 years ago
5e2caf19f5
refactor: use single function for api code
5 years ago
25e4a09816
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
4418ff0716
fix : #8768
5 years ago
cc6e995ee2
fix: api bug where user profile editing continued even if not allowed
5 years ago
e6ea71c95a
fix: test
5 years ago
8c6a559188
fix: timestamp
5 years ago
331d236f6e
fix : #8763
5 years ago
a481024d27
fix: lastonline again
5 years ago
97628e2ff2
fix: lastonline values
5 years ago
59bbede8c7
fix: cant join system groups
5 years ago
a411df1321
fix: tests
5 years ago
a2edb86dfb
feat: change user search to use filters array
5 years ago
959314c921
feat: add filter
5 years ago
682e926c6b
feat: #8662 , verified/unverified user groups
5 years ago
700e1e4340
feat: more fixes
5 years ago
40a05b70ef
feat: more work
5 years ago
b038ac07d8
feat: wip admin/users
5 years ago
30d6a2b84e
fix : #8756 , pass missing req to mock
5 years ago
dc29f4dca2
refactor: switch to using slugify module
5 years ago
4a63c20a72
chore: some optimizations for codeclimate
5 years ago
f870721fca
feat(writeapi): file deletion route
5 years ago
a55b381791
feat(writeapi): admin settings update route
5 years ago
2ec838fc59
feat(writeapi): token generation/delete routes, ACP updates
5 years ago
0973feea16
feat(writeapi): post bookmarking
5 years ago
9942c248eb
feat(writeapi): post voting
5 years ago
5e2a3ea6ec
refactor(writeapi): post.tools.purge no longer a method
5 years ago
414169fdfa
feat(writeapi): post delete/restore/purge
5 years ago
f66c2fb60f
feat(writeapi): post editing
5 years ago
1605e5e443
feat(writeapi): topic tags
5 years ago
9be5629458
feat(writeapi): topic follow/ignore
5 years ago
da25ce4d09
feat: topic delete/restore/purge/(un)pin/(un)lock
5 years ago
49652e6f1b
feat: management of API tokens via ACP
5 years ago
7757f965eb
fix: errors thrown if no password sent in to profile edit route
5 years ago
6096f74ab2
feat(writeapi): adding missing files
5 years ago
4c833d0bf0
feat(writeapi): topic posting and replying
5 years ago
40dc1c38d3
feat(writeapi): added DELETE /groups/:slug/membership/:uid route
5 years ago
68ecf41ecf
fix(writeapi): client-side group join API call
5 years ago
952dc211dd
feat(writeapi): added group joining and deletion
5 years ago
d044c3223e
feat(writeapi): abstracted ajax calls out to new api module
5 years ago
ba345e53e8
feat(writeapi): added POST /api/v1/groups
5 years ago
3072de4812
feat: added DELETE /api/v1/categories/:cid route
5 years ago
e942ad8101
feat: added PUT /api/v1/categories/:cid route
...
Deprecated admin.categories.update socket call
Showing stack trace in console for errors, when in development mode
5 years ago
dc666fd8a9
feat: added POST /api/v1/categories route
5 years ago
a5af2dc819
feat: added PUT/DELETE /api/v1/users/:uid/ban routes
5 years ago
b5bbcbaeaa
feat: added POST and DELETE /api/v1/users/:uid/follow routes
5 years ago
7aed174ebc
feat: added PUT /api/v1/users/:uid/password route
5 years ago
a1ddc210b2
feat: added DELETE /api/v1/users/:uid and DELETE /api/v1/users
5 years ago
d15d9e4492
fix(refactor): patching helpers.tryRoute for API routes, some re-org
...
Thanks @barisusakli for the tip
5 years ago
f6433ef2c5
fix(refactor): merging write-api auth middlewares with core middlewares
5 years ago
ec5c48b188
feat: migrating write-api skeleton into core
5 years ago
cb2f6f7c4a
fix: test
5 years ago
7bf6d3b8eb
fix: dont let mods load postqueue for a cid they are not a mod of
5 years ago
2ea9768e00
fix: show disabled categories in admin&mods
5 years ago
fbd85680fb
fix: spec
5 years ago
5d9a868142
feat: category filter on post queue ( #8710 )
...
* feat: category filter on post queue
category filter module
* feat: add spec
5 years ago
1aa336d837
refactor: shared constants ( #8707 )
...
define plugin name and theme name regexs in one location for consistency
define various shared paths in one place for consistency
5 years ago
55d5cccf2e
Document deprecations and remove old ones ( #8706 )
...
* chore: document deprecation removal versions
* chore: remove deprecations 2+ versions old
5 years ago
38f88fc563
fix : #8699 tags route is case sensitive, though tags are not
5 years ago
6478b32d0e
feat: upload maskable icon for PWA
5 years ago
b12e8d6312
feat: show top 5 trending plugins in new tab in Extend > Plugins
5 years ago
07af621381
fix: typo in getCompatiblePlugins
5 years ago
31528a5202
fix: manifest - use absolute URL for start_url
5 years ago
0fffe28941
fix: issue where the last flag filter could not be removed
5 years ago
22cd265434
fix: tests
5 years ago
220297d501
fix: use correct topic count for category
5 years ago
de824007d9
feat: allow custom req.query.filter on /unread /recent
5 years ago
4be693f2e7
feat: fullname search ( #8641 )
...
* feat: fullname search
* fix: take last element
* fix: attempt to fix psql like query
* feat: upgrade sript, another fix attempt
* fix: psql test
* fix: psql scan
* feat: add debug for test
* feat: test collate
* feat: cleanup
* fix: upgrade script
5 years ago
0891236142
fix: typo
5 years ago
c1c617b323
feat: add topicIndex to category page
5 years ago
5f10d67db5
Remove sounds ( #8617 )
...
* feat: remove sounds
* feat: remove more sounds
* feat: disable sounds plugin
* fix: openapi
5 years ago
0c20351702
feat: additional sorting options for flags
...
+ upvotes, +downvotes, +replies
5 years ago
0e58d2b866
fix: update post-queue hook names
5 years ago
b6b94a56dc
refactor: moved ip-blacklist and post-queue styles/tpls to themes
...
This is a breaking change!, re: #8580
5 years ago
3efe2362e2
fix: sorting the flags list by newest is not considered a filter
...
... as it is default
5 years ago
346db0d84d
feat: flags list sorting, closes #8569
5 years ago
cabe62a06c
fix : #8568 perPage not acting like a filter
5 years ago
0189945996
refactor: remove util.promisify calls
5 years ago
0903eb4b8c
feat: limit privileges column to superadmins only
5 years ago
9adaccd036
feat: +assetBaseUrl, -l10BaseUrl, -requireBaseUrl
...
Additional base URLs were necessary for benchpress and translator,
and in order to not clutter the API response with needless one-
time use base URLs, I decided to use a single base that is used
by all of the services, assetBaseUrl.
5 years ago
9e3fd0e479
Revert "feat: #8493 , plugin helper for standardised link/button injection"
...
This reverts commit 0bbb813e4b
5 years ago
0bbb813e4b
feat: #8493 , plugin helper for standardised link/button injection
5 years ago
9f3b78118a
fix: send hard 404 instead of soft 404 for missing modules
...
We used to send a soft 404 because require.js would error out on
a 404, but it seems years ago, error handling was added to the
require() call, so a hard 404 will not throw errors to the console
5 years ago
68f8d6e3a1
fix : #8549 send 308 Permanent Redirect on topic/category shortlinks
5 years ago
def16f9e97
feat: introduce overridable l10nBaseUrl config value
5 years ago
2c35d0ba87
refactor: change incrementViewCount and markAsRead to async/await
5 years ago
dfabd0a3fe
feat: remove administrator property from public routes
5 years ago
fb7bb8d400
feat: use category selector in category page
...
fix privilege shortcuts in group page after search
5 years ago
91411cc47c
feat: add privileges shortcut to groups list
...
fix issues with escape group names
5 years ago
c4829fd8c2
feat: allow changing requirejs base url
5 years ago
bbc7737e14
feat: ability to clear cache from acp
5 years ago
69fb15276c
fix: tests
5 years ago
8d8117ffa1
feat: reduce amount of data loaded on acp admin page
...
get rid of socket call and use ajaxify.data.categories
5 years ago
5e5815f051
fix : #8515 , fix login redirect on subfolder
5 years ago
fd4c3cda42
fix : #4695 , remove new notif alert
5 years ago
37e56d94ce
feat: series upload
5 years ago
4eae927d14
feat: remove deprecated hooks
5 years ago
a6ae69737b
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
2c83278f97
feat: quick access dropdown on groups page to access privileges page
5 years ago
844f2b4ed0
feat: #8524 , allow editing category of queued topic
5 years ago
7260646d6c
fix : #8500 , allow regular users select topics on unread
5 years ago
23a9a334cd
feat: short more info
5 years ago
00d39fb32c
feat: #8460 , export groups members as csv
5 years ago
3dcf538773
feat: #8023 , allow wildcard search for uid/email
5 years ago
658dd03b03
feat: add tools to recent/unread ( #8477 )
...
* feat: add tools to recent/unread
* fix: open api spec
* fix: more api spec
5 years ago
ac6b571ed5
fix: dont allow searching by email/ip if not privileged
5 years ago
59a2ace6f7
fix: only add blocksCount for self and admins
5 years ago
fd20e5c62c
fix: tests
5 years ago
eb9704f85e
feat: #8450 , next/prev link tags on /unread /recent
5 years ago
2355d9d5dd
fix: escape navigation item fields, theme:id, category fields
5 years ago
023de94ef8
fix: show controls @julianlam
5 years ago
e53a18f219
fix : #8437 , #8433
5 years ago
8383992dcc
feat: move export functions into child processes
5 years ago
e80379dc0e
feat: display stack trace on winston.error
5 years ago
35a06a8419
feat: #8412 breadcrumbs for ip-blacklist/post queue/flags
5 years ago
53a9517d54
fix: crash in export posts if post content is undefined
5 years ago
4acb3fb210
feat: #8387 expose global and admin privs to flags detail page
5 years ago
a82e9bd7f6
feat: privileges for Admin Control Panel ( #8355 )
...
* feat: acp privileges (WIP)
* fix: restore global privilege hooks
* refactor: using cid 0 in admin privs
* fix: no need for zebrastripe-reset
* feat: manage:categories privilege WIP
* feat: renamed prefix to admin:, settigns and dashboard privs
* fix: nofocus on acp privs group find modal
* refactor: privileges.x.get() to not used hardcoded privs
* fix: crash if unable to get latest version
* feat: setting acp priv
* Revert "fix: crash if unable to get latest version"
This reverts commit afdb235f48eb0072d88de45f3a1e0151281095b3.
* feat: user/privilege acp privs
* fix: category selector in manage/privileges
* fix: guests potentially becoming admins
* fix: bug in setting admin privs
* fix: some last minute things + api docs
* fix: some more last minute fixes
5 years ago
3a078f59ec
fix: tests
5 years ago
1b5d5425b4
fix: handle search tag permission as well
5 years ago
2100a03c1a
refactor: change name to privileges to match other apis
5 years ago
f6b92d241a
fix: checking correct permissions for user search ( #8371 )
...
* fix: checking correct permissions for user search
* fix: missing permissions porperty in openapi /api/search
5 years ago
842b8abb84
feat: add buildHeaderAsync ( #8367 )
...
* feat: add buildHeaderAsync
make helphers.notAllowed async
* fix: remove csrf from buildHeader
* fix: remove unused method, use middleware
* fix: /post/pid redirect doesn't need buildHeader
use buildHeaderAsync
5 years ago
922d49be0b
fix(style): switch..case
5 years ago
0633ad3277
fix: acp menu items
...
- Shuffled items in settings
- Moved post-queue and ip-blacklist to front-end
- Removed Settings > Sockets, merged with Settings > Advanced
5 years ago
a51fff8bd1
refactor: remove general menu from ACP ( #8347 )
...
* refactor: remove general menu from ACP
* fix: incorrect translation keys, fixed tests
5 years ago
5781a2dc65
feat: fix session mismatch errors by clearing cookie on logout ( #8338 )
...
* feat: fix session mismatch errors by clearing cookie on logout
* feat: remove app.upateHeader
ported from 2.0
* feat: handle if user doesn't click button and just refreshes page
5 years ago
0a31e3e6b0
fix : #8320 , dont load moderators separately for each category
5 years ago
7f24200c73
feat: add folder to filter:uploadImage and filter:uploadFile
5 years ago
6f504c4142
Remove allowFileUploads ACP option ( #8324 )
...
* feat: allow awaitable upgrade scripts
* feat: allowFileUploads removal upgrade script
* refactor: remove unnecessary ACP option `allowFileUploads`
* fix: updated upgrade script template to not use callback arg
* fix: upgrade script as per @baris
* fix: add missing await
* fix: add missing await
5 years ago
8bf980cb63
fix: tests, handle no sessions
5 years ago
Barış Soner Uşaklı
Julian Lam
gasoved
Opliko
Barış Soner Uşaklı
Peter Jaszkowiak
psychobunny
Sam Thompson
cryptoethic