Commit Graph

567 Commits

Author SHA1 Message Date
calzoneman a049a7e2dc Fix login/logout redirects 2015-02-24 11:08:10 -06:00
calzoneman a0b7bff70c Fix 2015-02-24 10:48:51 -06:00
Calvin Montgomery 6ab609db71 Merge pull request #454 from calzoneman/gdocs-refactor
Gdocs refactor
2015-02-24 10:42:35 -06:00
Calvin Montgomery 62b81708ab Merge pull request #453 from calzoneman/csurf
Add csrf middleware
2015-02-24 10:42:11 -06:00
bush6 c2a00420f2 Merge remote-tracking branch 'upstream/3.0' into 3.0 2015-02-24 08:28:08 +10:00
bush6 ca0f0c4086 set uid timeout
Allow the timeout to be changed allowing more time before dropping root
privledges
2015-02-24 08:08:43 +10:00
calzoneman afc0ea0a58 Add csrf prevention 2015-02-22 18:15:22 -06:00
calzoneman 400e15dea8 Fix logins on raw IPs in chrome 2015-02-21 14:48:24 -06:00
bush 960f94bfb6 Forgot the new file :o 2015-02-21 19:13:55 +11:00
bush 2f6fb43152 added a feature to change uid/gid after startup to bind ports lower than
1024 on Linux
2015-02-21 19:12:26 +11:00
calzoneman a6eaa944c1 Fix improper null check 2015-02-20 23:23:10 -06:00
calzoneman c9025fbb44 Fix titles and error messages 2015-02-20 23:17:34 -06:00
calzoneman ad13896739 Make gdocs retrieval less janky 2015-02-20 22:59:11 -06:00
calzoneman 1b5f8d47aa Fix 2015-02-20 18:54:00 -06:00
calzoneman df62ee8d58 Fixes 2015-02-20 18:54:00 -06:00
calzoneman 08a9eae2d3 Change login sessions 2015-02-20 18:53:02 -06:00
calzoneman b579db5310 Change login sessions 2015-02-20 18:53:02 -06:00
calzoneman a31273be5c Initial 'remember me' support for logins 2015-02-20 18:53:02 -06:00
bush ff8a9d02fe fixed missing , xD 2015-02-20 08:10:04 +11:00
bush 407f8930c3 Fixed email not getting sent from correct email in config. Added way to
change the default name (CyTube Services) that email is sent from.
2015-02-20 07:53:33 +11:00
Xaekai ca17c82c8c Make doubly sure fixed calzoneman/sync#445 2015-02-16 00:50:15 -08:00
Calvin Montgomery 8c33818b36 Merge pull request #439 from Xaekai/3.0
Google+ metadata retrieval overhaul
2015-02-16 00:29:32 -06:00
Xaekai 26a9446d3d I commit this code in the name of Pinkie Pie. 2015-02-15 17:36:29 -08:00
Adam Lavin efb9d30de0 Added in ability to change mysql port 2015-02-14 22:20:26 +00:00
calzoneman 406717bb18 Update to work on node v0.12 2015-02-14 12:17:33 -06:00
Calvin Montgomery 93567c57f1 Merge pull request #432 from calzoneman/deps-upgrade
Upgrade dependencies
2015-01-31 11:44:38 -06:00
Calvin Montgomery 583e7e7616 Merge pull request #431 from calzoneman/hitbox
Add hitbox support
2015-01-27 00:29:44 -06:00
calzoneman 858207a6f8 Upgrade deps 2015-01-27 00:12:40 -06:00
Calvin Montgomery bbd03e4e0f Log aliases when someone logs in 2015-01-26 12:20:19 -06:00
calzoneman 50bf876010 Add hitbox support 2015-01-22 23:21:31 -06:00
calzoneman 5cde74cbd4 Fix potential cause for playlist timer problem 2015-01-22 16:53:36 -06:00
calzoneman 7d2015620a socket.io: upgrade to 1.3 2015-01-19 17:43:22 -06:00
calzoneman 9fc1cbd81c Whitelist <s> tags for filters 2015-01-19 01:26:46 -06:00
Calvin Montgomery d7ef0d1893 Merge pull request #428 from calzoneman/sanitize-html
Merge sanitize-html into 3.0 #yolo
2015-01-14 13:23:01 -06:00
calzoneman 139825168f Fix for private, but embeddable soundcloud tracks 2015-01-11 12:10:09 -06:00
calzoneman 80c4c90bcf Migrate old MOTDs and don't replace \n with <br> after 2015-01-08 20:07:02 -06:00
Calvin Montgomery 12f3161f50 XSS: Glob attributes data-*, aria-* 2015-01-08 20:07:01 -06:00
Calvin Montgomery 1c3a669279 Replace XSS filter with sanitize-html 2015-01-08 20:07:01 -06:00
calzoneman 8630c5972c deps: upgrade socket.io to 1.2.1 2015-01-08 17:57:44 -06:00
Erik 4135ec0bf8 Kick/Mute immunity should only be if globalRank is strictly greater 2015-01-08 09:58:44 -05:00
Calvin Montgomery 032f600746 Kick/Mute immunity should only be if globalRank is strictly greater 2015-01-08 08:48:00 -05:00
Erik 5d843358d2 site admins should be immune from kick/mute 2015-01-06 22:55:14 -05:00
Calvin Montgomery cf35c92391 Apparently this happens a lot, don't put it in the logfile 2015-01-06 10:58:15 -05:00
Calvin Montgomery 414cbfdc5d Add more safeguards for socket errors 2015-01-06 10:54:14 -05:00
Calvin Montgomery bf70d2760b Log when a video is added 2015-01-03 16:03:15 -05:00
Calvin Montgomery 829cc090fa Use graceful-fs to maybe prevent EMFILE 2015-01-02 23:22:48 -05:00
Calvin Montgomery 0c23b8a4c5 Update Copyright year; remove old junk 2014-12-31 12:06:29 -05:00
Calvin Montgomery 25eba6ab2b Improve filter handling code 2014-12-28 11:12:37 -05:00
Calvin Montgomery aa5e50f1d2 Cytubefilters, part 1 2014-12-27 01:39:30 -05:00
Calvin Montgomery 709724efd4 Warn moderators when a channel exceeds size limit
When the chandump is saved, the size of the file is checked.  If it is over the limit, moderators are displayed a message indicating that the channel is too large and they should remove extra playlist items, filters, and/or emotes.

This is a partial solution for #421.
2014-12-26 11:19:19 -05:00
Calvin Montgomery 3689aafe3b Fix all video adds getting stuck when one fails
Whenever a urlRetrieve() fails due to an unexpected error (ENOTFOUND, ETIMEDOUT, Socket hang up, etc.), the domain handler and the global exception handler would detect this and not crash the server, however the dirty internal state would somehow prevent future HTTP requests from completing successfully.

Removed domain usage since that feature is marked "unstable" and is rumored to be marked for deprecation in future versions of node.  Using the "error" event of the request object itself, which means errors are local in scope and won't pollute global state.  This should have been the solution originally, but when urlRetrieve() was written, I was not as familiar with node.
2014-12-26 10:39:47 -05:00
Calvin Montgomery c39c394f36 Add auto DB conversion for utf8mb4 2014-12-14 21:53:25 -05:00
Calvin Montgomery 9deff9bdb1 Change charset for certain fields to utf8mb4
The underlying cause of #419 is the default utf8 collation in MySQL/MariaDB, which only supports the base plane of Unicode (\u0000-\uffff).  By changing the collation to utf8mb4_general_ci, stuff like ban reasons and profile text may have emoji and other non-base-plane Unicode.

The charset for playlist titles is NOT changed, and non-base-plane characters are replaced by question marks.  This is because switching to utf8mb4 would make the primary key too long.
2014-12-14 21:53:25 -05:00
Calvin Montgomery 4b8681c2a4 Don't break if the profile is corrupt 2014-12-14 21:53:25 -05:00
calzoneman e8a2753e19 Don't log HTTP 413, just send it to the client and be done 2014-12-12 17:35:57 -06:00
calzoneman a3a9fa074e Improve behavior of custom embed w.r.t. https
Instead of silently failing when browser policy blocks HTTP embeds over HTTPS, pre-fill the video div with an error message and attempt to salvage the link with s/http/https/g.
2014-12-10 23:56:17 -06:00
calzoneman 2b800f2a9a Hopefully fix typecheckedOn bug 2014-12-07 00:08:53 -06:00
calzoneman 918b865a9b Slight tweak to urlRetrieve error handler 2014-12-04 00:42:25 -06:00
calzoneman b587da6701 Several fixes
- User playlists should now list correctly (fixed a race condition)
  - Livestream types can autoplay (no longer stuck at currentTime = -3)
  - Playlist items with NaN duration do not break user playlist saving
  - ffmpeg support can handle live media (e.g. icecast)
  - Invalid volume is sanitized and an error message is added
  - JWPlayer displays correctly for both HTML5 and Flash
  - JWPlayer volume synchronization is fixed
  - <audio> and <video> tags are scaled correctly with .embed-responsive-item
2014-12-02 22:21:52 -06:00
calzoneman 2f2ed8aaf9 Fix Twitch not working on HTTPS and allow HTTPS channel page 2014-11-24 19:24:47 -06:00
calzoneman da2d461941 Fix caching and add gzip 2014-11-16 21:06:10 -06:00
calzoneman 4514151ad2 Add a better error message for google drive 1hr 2014-11-13 20:08:01 -06:00
calzoneman 681fc717c3 Fix google+ 2014-11-03 12:56:15 -06:00
calzoneman 318a924b6d Extend blacklist to PMs 2014-10-29 15:07:57 -05:00
calzoneman 575b762ba1 Fix kick behavior 2014-10-25 22:49:22 -05:00
calzoneman 4967e46343 Fix socket.io issue; fix ACP announcements 2014-10-24 10:24:02 -05:00
calzoneman 289807535a Typo 2014-10-24 10:24:02 -05:00
calzoneman b4bcb7637b Reject sockets with no IP 2014-10-24 10:24:02 -05:00
calzoneman 50dd0982a4 Fix IP extraction for socket.io 2014-10-24 10:24:02 -05:00
calzoneman 6e0735f3fe Update to socket.io 1.0 2014-10-24 10:23:30 -05:00
calzoneman 029fa62af2 Don't log errors for bad http requests 2014-10-12 11:36:54 -05:00
calzoneman fa85030524 Fix borrow-rank 2014-10-09 20:46:16 -05:00
calzoneman 4505ca19da Auto unpause after leader is removed 2014-10-07 23:01:36 -05:00
calzoneman e13e695077 Allow limiting # items per user 2014-10-06 11:32:25 -05:00
calzoneman 309e5d8b46 Doing it live 2014-09-13 00:01:54 -05:00
calzoneman d2027d2e5a Fix /unmute with empty name 2014-09-12 11:49:30 -05:00
calzoneman 731ab3f9a5 Ok this should actually fix it 2014-09-11 19:00:27 -05:00
calzoneman 2ea9dbcb75 Fix IP address race condition for logging 2014-09-11 18:56:33 -05:00
calzoneman 2b60ab8e10 Add permission for #402; fix a strange jwplayer issue 2014-09-06 22:59:28 -05:00
calzoneman 71114b0060 Fix: don't search channel library if rank < seeplaylist 2014-09-04 20:53:18 -05:00
calzoneman ea9fa0a95a Fix /smute with 0 args throwing error 2014-09-02 16:46:53 -05:00
calzoneman 12447ce5dc Give up early if username is invalid for rank change 2014-09-01 20:33:11 -05:00
calzoneman 66865f718c Fix Error: Requested Range Not Satisfiable 2014-09-01 14:36:24 -05:00
calzoneman 91c24518c5 Conditionally allow ASCII characters (for Xaekai) 2014-08-29 16:38:57 -05:00
calzoneman 7002874bbb Minor fix for messages with spaces only 2014-08-29 15:49:32 -05:00
calzoneman 484b695965 Disallow ASCII control characters in messages 2014-08-29 15:47:56 -05:00
calzoneman 7b00ba10b9 Fixes at Xaekai's request 2014-08-27 18:45:11 -05:00
calzoneman c8684d58ed Fix handling of /mute with no name 2014-08-22 10:52:15 -05:00
calzoneman b3c3ee93ce Hopefully fix an error case
I have no idea why it's possible for sock.handshake to be defined and then undefined
2014-08-21 14:37:40 -05:00
calzoneman edac89b204 Fix x-forwarded-for resolution in http logging 2014-08-20 10:56:36 -05:00
calzoneman 088c547522 Update dependencies - execute npm update && npm rebuild after pulling 2014-08-19 22:27:59 -05:00
calzoneman ae42ac9c56 Remove ghost httpaccess.log file 2014-08-19 00:52:50 -05:00
calzoneman 6dfeab9657 Update rest of dependencies 2014-08-19 00:46:30 -05:00
calzoneman 4eb81a84d9 Update nodemailer, yamljs, q 2014-08-19 00:36:31 -05:00
calzoneman c693e84a46 Update bcrypt and fix a deprecated reference in auth 2014-08-19 00:25:36 -05:00
calzoneman 020e2326b5 Replace own static and log functions with serve-static and morgan 2014-08-19 00:21:32 -05:00
calzoneman 5f7adc98ba Update express dependency 2014-08-19 00:07:24 -05:00
calzoneman c2ba55ac0f Fail /kick, /ban if the target name is blank 2014-08-18 22:00:51 -05:00
Calvin Montgomery 5d624fa49f Merge pull request #396 from calzoneman/ipcloak
Change IP masking
2014-08-15 11:43:56 -05:00
calzoneman 0f2b93e5c5 Increment version number 2014-08-15 11:41:09 -05:00