From cc69b3c22562ac317eb57c62b066474325e77547 Mon Sep 17 00:00:00 2001 From: Calvin Montgomery Date: Wed, 23 Aug 2017 23:15:30 -0700 Subject: [PATCH] Revert "Remove legacy /sioconfig and user agreement link" ACP has a dependency on `/sioconfig`. Reverting until that can be fixed. This reverts commit a48cab81b91678ad4a94f9a30e73fa2e7a02c067. --- src/config.js | 14 ++++++++++ src/web/webserver.js | 39 ++++++++++++++++++++++++++ templates/footer.pug | 2 +- templates/privacy-policy.pug | 53 ++++++++++++++++++++++++++++++++++++ templates/tos.pug | 41 ++++++++++++++++++++++++++++ 5 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 templates/privacy-policy.pug create mode 100644 templates/tos.pug diff --git a/src/config.js b/src/config.js index 28b97fcb..46328e4e 100644 --- a/src/config.js +++ b/src/config.js @@ -375,6 +375,20 @@ function preprocessConfig(cfg) { cfg.io["ipv4-default"] = cfg.io["ipv4-ssl"] || cfg.io["ipv4-nossl"]; cfg.io["ipv6-default"] = cfg.io["ipv6-ssl"] || cfg.io["ipv6-nossl"]; + // sioconfig + // TODO this whole thing is messy, need to redo how the socket address is sent + var sioconfigjson = { + "ipv4-nossl": cfg.io["ipv4-nossl"], + "ipv4-ssl": cfg.io["ipv4-ssl"], + "ipv6-nossl": cfg.io["ipv6-nossl"], + "ipv6-ssl": cfg.io["ipv6-ssl"] + }; + + var sioconfig = JSON.stringify(sioconfigjson); + sioconfig = "var IO_URLS=" + sioconfig + ";"; + cfg.sioconfigjson = sioconfigjson; + cfg.sioconfig = sioconfig; + // Generate RegExps for reserved names var reserved = cfg["reserved-names"]; for (var key in reserved) { diff --git a/src/web/webserver.js b/src/web/webserver.js index d1c1762c..0c03f88d 100644 --- a/src/web/webserver.js +++ b/src/web/webserver.js @@ -76,6 +76,43 @@ function redirectHttps(req, res) { return false; } +/** + * Legacy socket.io configuration endpoint. This is being migrated to + * /socketconfig/.json (see ./routes/socketconfig.js) + */ +function handleLegacySocketConfig(req, res) { + if (/\.json$/.test(req.path)) { + res.json(Config.get('sioconfigjson')); + return; + } + + res.type('application/javascript'); + + var sioconfig = Config.get('sioconfig'); + var iourl; + var ip = req.realIP; + var ipv6 = false; + + if (net.isIPv6(ip)) { + iourl = Config.get('io.ipv6-default'); + ipv6 = true; + } + + if (!iourl) { + iourl = Config.get('io.ipv4-default'); + } + + sioconfig += 'var IO_URL=\'' + iourl + '\';'; + sioconfig += 'var IO_V6=' + ipv6 + ';'; + res.send(sioconfig); +} + +function handleUserAgreement(req, res) { + sendPug(res, 'tos', { + domain: Config.get('http.domain') + }); +} + function initializeErrorHandlers(app) { app.use((req, res, next) => { return next(new HTTPError(`No route for ${req.path}`, { @@ -206,7 +243,9 @@ module.exports = { require('./routes/channel')(app, ioConfig, chanPath); require('./routes/index')(app, channelIndex, webConfig.getMaxIndexEntries()); + app.get('/sioconfig(.json)?', handleLegacySocketConfig); require('./routes/socketconfig')(app, clusterClient); + app.get('/useragreement', handleUserAgreement); require('./routes/contact')(app, webConfig); require('./auth').init(app); require('./account').init(app, globalMessageBus); diff --git a/templates/footer.pug b/templates/footer.pug index 155f9632..61d272aa 100644 --- a/templates/footer.pug +++ b/templates/footer.pug @@ -2,7 +2,7 @@ mixin footer footer#footer .container p.text-muted.credit. - Copyright © 2013-2017 Calvin Montgomery · GitHub · Contact · Wiki + Copyright © 2013-2017 Calvin Montgomery · GitHub · User Agreement · Contact · Wiki script(src="/js/jquery-1.11.0.min.js") // Must be included before jQuery-UI since jQuery-UI overrides jQuery.fn.button // I should really abandon this crap one day diff --git a/templates/privacy-policy.pug b/templates/privacy-policy.pug new file mode 100644 index 00000000..a67426be --- /dev/null +++ b/templates/privacy-policy.pug @@ -0,0 +1,53 @@ +doctype html +html(lang="en") + head + include head + +head() + body + #wrap + nav.navbar.navbar-inverse.navbar-fixed-top(role="navigation") + include nav + +navheader() + #nav-collapsible.collapse.navbar-collapse + ul.nav.navbar-nav + +navdefaultlinks("/policies/privacy") + +navloginlogout("/policies/privacy") + section#mainpage + .container + .col-md-12 + h1 Privacy Policy + p. + Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate, and disclose and make use of personal information. Some of this information is collected automatically, while other information is provided by you. By visiting #{siteTitle} (#{domain}), you agree to allow #{siteTitle} to collect and use the information in the manner described in this policy. + h2 Collected Automatically + h4 Browser Information + p + | When you visit #{siteTitle}, certain information is automatically sent by your browser, including: + ul + li Your IP (Internet Protocol) address, which may be associated with an Internet Service Provider and country of residence + li The name and version of the browser you are connecting with (User-Agent string) + li The page or resource you are requesting + | This information is not shared with third parties, except if you consent to disclosure or we are required by law to disclose this information. Your IP address may be logged and used to identify you for administrative purposes, such as revoking access to abusive users. It may also be used in aggregation of anonymous statistics. Your browser's name and version number (User-Agent string) may be used to provide content best suited for your device, in the case of resources which have multiple representations. + h4 Cookies + p + | Certain information, such as authentication tokens used to identify your account after logging in, and your theme preference are stored in "cookies" on your browser. This information is sent to #{siteTitle}'s servers automatically when you request a page. The login cookie is used to verify your identity with respect to your account, and the theme cookie is used to present the page using your preferred theme. Neither cookie is explicitly shared with third parties, however it is possible they may be observed by an intermediary, especially if you are browsing on an insecure network. + h4 localStorage + | Information about your website preferences, such as those configurable from the Options dialog on a channel page, is stored in your browser via the HTML5 localStorage interface. This information is used to persist your desired settings across multiple sessions on the website. This information is not explicitly shared with third parties, however any entity which has access to your browser, including userscripts, may read or modify it. + h2 Provided by You + h4 Account Information + p + | In order to register an account, you must provide the following information: + ul + li A username, which uniquely identifies the account + li A password + | Your username and password will be stored on #{siteTitle}'s servers and used for the purposes of authentication. Passwords are hashed with bcrypt before storage; at no time is the plain password recorded in persistent storage. Usernames and passwords are never shared with third parties, to the extent permitted by United States law. + | You may optionally provide additional information associated with your account: + ul + li An email address + li A profile image + li A brief profile summary (text) + | All of this information is stored on #{siteTitle}'s servers. Your email address will only be used for the purposes of verifying your identity in case you are unable to login to your account. It is not shared with third parties, nor will it be used to communicate arbitrary information to you. Your profile image and summary are visible publicly. + h4 Channel Information + p + | When you register a channel on #{siteTitle}, you may optionally provide certain information + include footer + +footer() diff --git a/templates/tos.pug b/templates/tos.pug new file mode 100644 index 00000000..a077bce0 --- /dev/null +++ b/templates/tos.pug @@ -0,0 +1,41 @@ +doctype html +html(lang="en") + head + include head + +head() + body + #wrap + nav.navbar.navbar-inverse.navbar-fixed-top(role="navigation") + include nav + +navheader() + #nav-collapsible.collapse.navbar-collapse + ul.nav.navbar-nav + +navdefaultlinks("/useragreement") + +navloginlogout("/useragreement") + section#mainpage + .container + .col-md-12 + h1 User Agreement + p. + By visiting #{siteTitle} (#{domain}), you agree to the following user agreement. + h3 Legal Stuff + ul + li All content and activity this website must comply with United States law, and where applicable, local laws. Prohibited content and activities include, but are not limited to: + ul + li Child pornography + li Warez + li Copyright infringement + li Blackmail, slander, or other defamatory statements + li Phishing + li Content on #{siteTitle} is provided "as-is". #{siteTitle} makes no warranties, express or implied, and hereby disclaims and negates all other warranties, including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Furthermore, #{siteTitle} does not make any representations concerning the accuracy or reliability of content present on #{siteTitle}. + li #{siteTitle} permits users to share links, embedded content, or other content insofar as the shared content complies with this user agreement, United States law, and where applicable, local laws. #{siteTitle} is not responsible for the content shared, or any consequences of sharing such content. #{siteTitle} does not endorse any user-provided content. Viewing shared content is done at the user's own risk. + h3 General Rules + p. + While moderation is largely left to the discretion of channel moderators and administrators, the following rules apply globally and must be observed at all times on the site. Failure to comply with these rules may result in temporary or permanent removal of your user account from the website. + ul + li Trolling, spamming, or otherwise intentionally disrupting any channel is not allowed + li Bullying or otherwise intending to hurt other users is not allowed + li Attempting to exploit the site in order to gain unauthorized access or interrupt service is not allowed. If you believe you have found an exploit, please responsibly disclose it to an administrator. + li Use good judgement when representing #{siteTitle} on other websites. Do not spam links to your channel. + include footer + +footer()