moon/sync - sync - Moon's Git Server

Commit Graph

Author	SHA1	Message	Date
Calvin Montgomery	62417f7fb8	Add eslint (#741 )	2018-04-07 15:30:30 -07:00
Calvin Montgomery	6043647cb7	Skip full user auth for most page renders Previously, the user's session cookie was being checked against the database for all non-static requests. However, this is not really needed and wastes resources (and is slow). For most page views (e.g. index, channel page), just parsing the value of the cookie is sufficient: * The cookies are already HMAC signed, so tampering with them ought to be for all reasonable purposes, impossible. * Assuming the worst case, all a nefarious user could manage to do is change the text of the "Welcome, {user}" and cause a (non-functional) ACP link to appear clientside, both of which are already possible by using the Inspect Element tool. For authenticated pages (currently, the ACP, and anything under /account/), the full database check is still performed (for now).	2017-08-01 21:40:26 -07:00
calzoneman	0109a87e55	package: build with babel for ES2015 support * Rename lib/ -> src/ * Add `postinstall` npm target for compiling src files to lib * Add `build-watch` npm target for development with babel --watch * Add `lib/` to .gitignore * Add `source-map-support` module for babel-generated sourcemaps	2015-09-23 19:27:04 -07:00

Author

SHA1

Message

Date

Calvin Montgomery

62417f7fb8

Add eslint (#741 )

2018-04-07 15:30:30 -07:00

Calvin Montgomery

6043647cb7

Skip full user auth for most page renders

Previously, the user's session cookie was being checked against the
database for all non-static requests.  However, this is not really
needed and wastes resources (and is slow).

For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:

  * The cookies are already HMAC signed, so tampering with them ought to
    be for all reasonable purposes, impossible.
  * Assuming the worst case, all a nefarious user could manage to do is
    change the text of the "Welcome, {user}" and cause a (non-functional)
    ACP link to appear clientside, both of which are already possible by
    using the Inspect Element tool.

For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).

2017-08-01 21:40:26 -07:00

calzoneman

0109a87e55

package: build with babel for ES2015 support

* Rename lib/ -> src/
* Add `postinstall` npm target for compiling src files to lib
* Add `build-watch` npm target for development with babel --watch
* Add `lib/` to .gitignore
* Add `source-map-support` module for babel-generated sourcemaps

2015-09-23 19:27:04 -07:00

3 Commits