Mon Nov 04 16:15 2013 CDT * lib/xss.js, tests/xss.js: Merge work-in-progress XSS filter from xss branch * lib/torblocker.js: Allow blocking of socket connections from Tor IPs Thu Oct 31 18:10 2013 CDT * package.json: Require node-validator < 2.0.0 as a temporary measure while in-house XSS filtering is developed. Wed Oct 30 19:28 2013 CDT * www/assets/js/util.js: Fix mod permission check breaking chat box in chat only mode Mon Oct 20 21:48 2013 CDT * www/channel.html: Fix padding for channel.html on small screens Thu Oct 24 17:29 2013 CDT * www/assets/js/player.js: Add a special of special checks for dailymotion because their player can only seek to the nearest 2 seconds Tue Oct 22 13:41 2013 CDT * lib/channel.js: Fix a channel dead race condition Sun Oct 20 20:02 2013 CDT * lib/channel.js: Fix MOTD XSS filter stripping style tags Sat Oct 19 12:20 2013 CDT * lib/channel.js: Remove some unnecessary packets Wed Oct 16 23:29 2013 CDT * www/assets/js/callbacks.js, www/channel.html, www/assets/css/ytsync.css: Make queuefail errors always show in a consistently visible location. Wed Oct 16 23:21 2013 CDT * www/assets/js/util.js: Add an errDialog function that shows an error message over the chatbox (instead of alert()) Wed Oct 16 23:09 2013 CDT * www/assets/js/util.js: Add a special handler so that clicking anywhere on the page clears a userlist dropdown, not just right clicking the same name. Wed Oct 16 21:48 2013 CDT * www/assets/js/player.js: Add a stupid timeout hack to address a race condition in YouTube's HTML5 player. Seriously? Wed Oct 16 17:34 2013 CDT * lib/utilities.js: Add a "Set" wrapper around objects to represent sets. * lib/channel.js, lib/user.js: Change the way muting works- muted users are stored in a set and are automatically muted when they join (this set is not persisted across restarts, however). Wed Oct 16 17:19 2013 CDT * lib/channel.js, lib/user.js: Only kick users on permissions violations. Fail silently on bad packets. Mon Oct 14 18:13 2013 CDT * lib/channel.js, lib/database.js: Add a separate database query for saving ranks on login (insert only, do nothing if the name exists). Should make it actually impossible to ever lose rank when logging in (I thought it was impossible before but someone claimed it happened). Mon Oct 14 16:37 2013 CDT * lib/bgtask.js: Add an interval for dumping all loaded channels * lib/channel.js: Remove per-channel dump interval * lib/config.js: Add config key for channel save interval Mon Oct 14 16:30 2013 CDT * lib/server.js: Rate-limit socket.io connections * lib/bgtask.js: Periodically clear out old rate limiters Sat Oct 12 19:43 2013 CDT * lib/user.js: Fix jumpTo kick bug (and delete) * lib/api.js: Fix unloaded channel API listing bug Sat Oct 12 19:02 2013 CDT * lib/chatcommand.js: Fix poll import Sat Oct 12 18:58 2013 CDT * lib/user.js, lib/channel.js: Improve strictness of data checking to prevent errors from incoming bad data. Kick users who send bad data or attempt channel moderation with insufficient rank. Sat Oct 12 18:24 2013 CDT * lib/user.js: Fix bad chatMsg packet causing exceptions Sat Oct 12 15:53 2013 CDT * lib/channel.js: Add a try-catch to playlist loading to catch the mysterious error that's been coming up (corrupt pl?) Mon Oct 07 19:00 2013 CDT * lib/channel.js: Rearrange the callback order to prevent database lookups from racing with the playlist queue. * tests/naokosimulator2013.js: Flood the first 10 videos all at once. Should provide better test coverage for race conditions (especially on localhost where the latency is ~0) Mon Oct 07 10:02 2013 CDT * lib/channel.js: Fix several cases where an unregistered channel might attempt to make a database call which then fails. Mon Oct 07 00:08 2013 CDT * lib/playlist.js: Fix /clean not behaving properly (actually was a consequence of the remove() function) * lib/get-info.js: Send more specific error messages * www/assets/js/callbacks.js: Minor fix to the queueFail callback Sun Oct 06 01:42 2013 CDT * lib/channel.js, www/assets/js/callbacks.js: Include the link that failed with the queueFail packet. Clicking the "+ n more" tag shows all links that failed for stacked messages * lib/utilities.js: Add a formatLink function Sat Oct 05 20:41 2013 CDT * lib/user.js: Fix a bug where duplicate guestnames were allowed with different capitalizations Thu Oct 03 22:09 2013 CDT * www/assets/js/ui.js: Use sortable("cancel") to remove the need for the `moveby` field of the movement packet * www/assets/js/util.js, www/assets/js/callbacks.js, lib/channel.js: Remove references to moveby Thu Oct 03 22:05 2013 CDT * lib/channel.js, lib/playlist.js: Fix 'next' bumping not properly telling clients that the old item was deleted Wed Oct 02 22:25 2013 CDT * www/channel.html, www/assets/js/ui.js, www/assets/js/callbacks.js: Add a small toggle for the MOTD Wed Oct 02 09:35 2013 CDT * lib/channel.js: Fix the use of the wrong variable when checking for maximum video length Tue Oct 01 22:57 2013 CDT * lib/asyncqueue.js: Add a generalized queue class for queueing async functions to execute in order * lib/channel.js, lib/playlist.js: Clean up playlist addition/move/ deletion. Should fix #285. * lib/server.js: Fix announcement initialization to null * tests/naokosimulator2013.js: Add a simple bot that authenticates and vomits a giant list of videos into a channel * www/assets/js/callbacks.js, www/assets/js/util.js: Clean up playlist add/move/delete * www/assets/js/data.js: Update CL_VERSION which I always forget to do. * www/assets/js/ui.js: Small fix to comply with server changes Sun Sep 29 21:30 2013 CDT * lib/get-info.js: Add an extra check to ytv2 to make sure embedding is allowed. If not, send a queueFail. Fri Sep 27 10:27 2013 CDT * lib/channel.js: Change the link regex, change the way 'affects links' works. The default link filter will only transform a link of no previous filters transform it (and filters will only transform a link if 'affects links' is ticked). Thu Sep 26 23:40 2013 CDT * lib/config.js: Add config keys for statistics interval & max age, alias purge interval & max age. * lib/bgtask.js: Update intervals to reflect new config keys Thu Sep 26 23:33 2013 CDT * lib/stats.js: Remove this file, move the statistics tracking interval to the new bgtask.js * lib/bgtask.js: Generalize background tasks to this module. Add tasks for statistics tracking and clearing old aliases. * lib/database.js: Modify the way aliases work a bit. Rather than constantly deleting to keep 5 aliases per person, have a function that is periodically called to delete aliases more than one month old, and have the listAliases function explicitly sort and request the most recent 5 aliases. * lib/server.js: Update references accordingly Thu Sep 26 23:08 2013 CDT * lib/acp.js, lib/api.js, lib/server.js, lib/stats.js, www/acp.html, www/assets/js/acp.js: Remove the [realtime] 'connection stats' tracking that was pretty worthless anyways. Thu Sep 26 21:42 2013 CDT * www/assets/js/player.js: Keep track of the duration of the current video and use this information to prevent the player restarting when it receives an out of range timestamp Thu Sep 26 13:29 2013 CDT * lib/user.js: Some code style cleanup Thu Sep 26 13:17 2013 CDT * lib/user.js: A few minor cleanups to login functions * lib/api.js: Pass the login failure reason to the action log Tue Sep 24 15:18 2013 CDT * www/assets/js/callbacks.js: Double fix search result buttons because the paginator was being duplicated Tue Sep 24 13:45 2013 CDT * lib/acp.js: Emit announcements to SSL sockets in addition to regular ones. Tue Sep 24 13:15 2013 CDT * www/assets/js/callbacks.js: Instantiate a new paginator for every search result- prevents buttons being incorrectly added or omitted. Mon Sep 23 16:22 2013 CDT * lib/user.js: distinguish search result return packets with a 'source' field that specifies where the item came from (e.g 'yt' for youtube search, 'library' for library search) * www/assets/js/callbacks.js: account for the change in lib/user.js which adds a 'source' field to library search results * www/assets/js/util.js: don't add delete buttons for youtube search results. Apparently people keep clicking them... Sat Sep 21 23:53 2013 CDT * lib/playlist.js, www/assets/js/player.js: Modify the server lead function to have a 3 second lead-in period (to allow buffering). Videos start at -3 seconds; the client is paused until the time reaches 0 seconds. Sat Sep 21 02:21 2013 CDT * www/assets/js/ui.js, www/assets/js/ui.js, www/assets/js/util.js, www/channel.html, www/assets/css/ytsync.css: Add quick buttons for modflair and adminflair Sat Sep 21 00:29 2013 CDT * www/assets/js/util.js: support a "Nobody" permission level (set arbitrarily high) Sat Sep 21 00:23 2013 CDT * www/assets/js/callbacks.js, www/assets/css/ytsync.css: make it more obvious which option was voted for Sat Sep 21 00:08 2013 CDT * lib/playlist.js: Make .clean(filter) an instance method * lib/chatcommand.js: Make a few minor changes to unbibium's /clean Wed Sep 18 18:26 2013 CDT * lib/user.js: Change channel checks to include checking for whether the channel is dead Wed Sep 18 18:14 2013 CDT * lib/channel.js: Add a bunch of checks to prevent callbacks from doing things with a dead channel * tests/channelDeadRace.js: Add a few client tests that cause exceptions in the pre-patched channel code Tue Sep 17 22:24 2013 CDT * lib/user.js: Fix what I assume was a race condition that caused an error message when a user's login callback fired after the channel unloaded. Tue Sep 17 13:16 2013 CDT * lib/get-info.js: Fix ustream for channels that have /channel/ in the path. Fri Sep 13 10:10 2013 CDT * www/reset.html: Fix data.js dependency * lib/api.js: Fix ActionLog trying to record wrong data. How long has this been broken? * www/assets/js/acp.js: Prepend "/reset.html?" in case admins can't remember what the URL is Thu Sep 12 18:41 2013 CDT * www/index.html: Fix index page not showing public channels Thu Sep 12 16:25 2013 CDT * lib/channel.js: Fix an error resulting from calcVoteskipMax being run when the usercount is 0 Thu Sep 12 13:01 2013 CDT * lib/channel.js: Fix the XSS filter hack that allows style attributes to allow more than one in a chat filter replacement Wed Sep 11 22:13 2013 CDT * lib/channel.js, lib/user.js: Remove "afkers" array, replace afkcount with a function that calculates how many users are eligible to voteskip (not AFK + have permission). Check permission before allowing voteskip * lib/api.js: Replace "afkcount" in /api/channels/:channel with voteskip_eligible * www/assets/js/util.js: Add a permissions option for voteskip Wed Sep 11 20:19 2013 CDT * lib/poll.js: Add support for hidden polls * lib/channel.js: Check permissions for viewing hidden polls * lib/chatcommand.js: Add /hpoll for opening hidden polls * www/assets/js/util.js: Update poll interface to include a checkbox for whether or not to hide a poll. Update permissions interface to allow for changing the permission to view obscured polls. Tue Sep 10 22:40 2013 CDT * www/account.html, www/acp.html, www/login.html: Import www/assets/js/data.js for easy access to user preferences * www/assets/js/account.js, www/assets/js/acp.js: remove redundant cookie util functions * www/assets/js/data.js, www/assets/js/util.js, www/assets/js/iourl.js: Add a user option to enable SSL for websockets and API calls * www/assets/js/ui.js: Add a warning if the user loaded the page over SSL (because some media players throw warnings and others don't work at all (Twitch.tv, Justin.tv: go eat a dick) * www/assets/js/player.js: Prevent race conditions for media types that depend on swfobject Tue Sep 10 17:17 2013 CDT * www/assets/js/player.js: Fix loading over SSL for everything except TwitchTV and JustinTV Tue Sep 10 16:45 2013 CDT * lib/channel.js: Don't attempt to emit to SSL sockets if it's disabled Tue Sep 10 16:34 2013 CDT * www/channel.html, www/assets/js/jwplayer.js: Cache jwplayer script locally since their server doesn't support SSL Tue Sep 10 16:10 2013 CDT * lib/server.js, lib/api.js: Implicitly trust X-Forwarded-For when the source ip is 127.0.0.1 Tue Sep 10 14:09 2013 CDT * lib/config.js, lib/server.js: Add a config key for the passphrase to the ssl key. Mon Sep 9 22:10 2013 CDT * lib/acp.js: Change acp-channel-unload callback to duplicate the list of users in the channel to prevent concurrent modification while kicking * lib/channel.js: As an extra precaution, set user.channel = null after kicking a user Mon Sep 9 17:11 2013 CDT * lib/server.js: If SSL is enabled in config, create an additional server listening with SSL for websockets and HTTPS traffic * lib/config.js: Add config keys for SSL * lib/channel.js: Broadcast messages to both regular and SSL sockets * www/assets/js/iourl.js: Add SSL_URL and automatically set WEB_URL and IO_URL to SSL_URL when the protocol is HTTPS * www/assets/js/callbacks.js: Automatically set the secure option on io.connect() * www/assets/js/ui.js, www/index.html, www/channel.html: Fix links to be dependent on the protocol Sun Sep 8 17:41 2013 CDT * lib/server.js: Change behavior of unloadChannel - deletes all object keys in the channel object and then sets channel.dead = true * lib/channel.js: Add extra checks in callbacks to ensure certain things don't happen if the channel is dead * lib/playlist.js: Add extra checks to kill the playlist if the channel it is associated with is dead * lib/database.js: Add extra checks to prevent loading channel data into a dead channel object * tests/fastQuit.js: A simple script to open a connection, join a channel, and disconnect immediately to test for race conditions Sat Sep 7 23:38 2013 CDT * lib/user.js: Add "loggingIn" field to act as a lock on async logins. Delay further login attempts until the current login attempt finishes. Should prevent cases where sending multiple logins quickly in succession caused race conditions and thus odd "duplicate login" kicks. Sat Sep 7 15:43 2013 CDT * lib/channel.js, lib/user.js: Add an extra check for channel.users[i] to write an error message (instead of kicking) when the same user that is connecting is the one being kicked. Fri Sep 6 16:29 2013 CDT * lib/config.js: Add an io-host option to allow binding socket.io to a different IP than the webserver Fri Sep 6 15:51 2013 CDT * lib/utilities.js: Tweak the throttle code for rate limiters to fix incorrect behavior of the burst cap after the cooldown period has been passed * tests/rateLimiter.js: Write a couple quick test cases to ensure that rate limiting is handled properly Thu Sep 5 22:52 2013 CDT * www/assets/js/callbacks.js: Disable the channel registration button and change its text while a registration attempt is being processed (prevents DB errors from impatient people spamming the button) (addresses Issue #276 ) Thu Sep 5 13:45 2013 CDT * acp.js, actionlog.js, api.js, channel.js, chatcommand.js, config.js, customembed.js, database.js, filter.js, get-info.js, logger.js, media.js, notwebsocket.js, playlist.js, poll.js, rank.js, server.js, stats.js, ullist.js, user.js, utilities.js: move server files into lib/ folder to clean up the root directory of the project. * api.js: replace regex with $util.isValidChannelName (L68); fix relative file paths (per moving api.js to lib/) * server.js: fix relative file paths * channel.js: fix relative file paths Wed Sep 4 22:45 2013 CDT * changelog: initialize changelog file Wed Sep 4 17:47 2013 CDT * www/assets/js/data.js: add CHANNEL.usercount variable * www/assets/js/callbacks.js: update CHANNEL.usercount variable when the usercount changes * www/assets/js/util.js: add "Anonymous" to the usercount breakdown display (addresses Issue #270 ) Changelog established on Wed Sep 4 2013