Prevent session cookie from existing on .pantsu.cat & other things (#1658)
* Update user.go * Update main.css * add comment * fix JS function that did not behave as intended * Update classic.css * Update classic.css * Update search.jet.html * Update en-us.all.json * Update site.jet.html * Update router.go * Update search.go * Update helpers.go * Update search.go
Cette révision appartient à :
Parent
06ce41f04f
révision
ba058ec3e1
10 fichiers modifiés avec 58 ajouts et 28 suppressions
|
@ -4,6 +4,7 @@ import (
|
|||
"html"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"fmt"
|
||||
|
||||
"math"
|
||||
|
||||
|
@ -14,15 +15,6 @@ import (
|
|||
"github.com/gin-gonic/gin"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// UserSearchHandler : Controller called when search done through user profile URL, userID parameters are accessed differently so we need this
|
||||
func UserSearchHandler(c *gin.Context) {
|
||||
query := c.Request.URL.Query()
|
||||
query.Set("userID", c.Param("id"))
|
||||
c.Request.URL.RawQuery = query.Encode()
|
||||
SearchHandler(c)
|
||||
}
|
||||
|
||||
// SearchHandler : Controller for displaying search result page, accepting common search arguments
|
||||
func SearchHandler(c *gin.Context) {
|
||||
var err error
|
||||
|
@ -44,25 +36,43 @@ func SearchHandler(c *gin.Context) {
|
|||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
searchForm := templates.NewSearchForm(c)
|
||||
|
||||
if c.Param("id") != "" {
|
||||
query := c.Request.URL.Query()
|
||||
query.Set("userID", c.Param("id"))
|
||||
c.Request.URL.RawQuery = query.Encode()
|
||||
searchForm.SearchURL = fmt.Sprintf("/user/%s/%s/search", c.Param("id"), c.Param("username"))
|
||||
searchForm.UserName = c.Param("username") //Only add username if user search route
|
||||
}
|
||||
|
||||
userID, err := strconv.ParseUint(c.Query("userID"), 10, 32)
|
||||
if err != nil {
|
||||
userID = 0
|
||||
}
|
||||
|
||||
if userID == 0 && c.Param("id") != "" && c.Param("id") != "0" {
|
||||
c.Redirect(http.StatusSeeOther, fmt.Sprintf("/user/%s/%s", c.Param("id"), c.Param("username")))
|
||||
//User is trying to use the user search route with an inexisting user
|
||||
//Must redirect him to user search instead of simply showing "no torrents found!"
|
||||
}
|
||||
|
||||
|
||||
searchParam, torrents, nbTorrents, err := search.AuthorizedQuery(c, pagenum, currentUser.CurrentOrAdmin(uint(userID)))
|
||||
if err != nil {
|
||||
c.AbortWithError(http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
// Convert back to strings for now.
|
||||
category := ""
|
||||
if len(searchParam.Category) > 0 {
|
||||
category = searchParam.Category[0].String()
|
||||
}
|
||||
nav := templates.Navigation{int(nbTorrents), int(searchParam.Max), int(searchParam.Offset), "search"}
|
||||
searchForm := templates.NewSearchForm(c)
|
||||
|
||||
searchForm.TorrentParam, searchForm.Category = searchParam, category
|
||||
|
||||
if c.Query("refine") == "1" {
|
||||
|
|
|
@ -32,8 +32,8 @@ func init() {
|
|||
userRoutes.GET("/:id/:username/edit", UserDetailsHandler)
|
||||
userRoutes.POST("/:id/:username/edit", UserProfileFormHandler)
|
||||
userRoutes.GET("/:id/:username/apireset", UserAPIKeyResetHandler)
|
||||
userRoutes.GET("/:id/:username/search", searchController.UserSearchHandler)
|
||||
userRoutes.GET("/:id/:username/search/:page", searchController.UserSearchHandler)
|
||||
userRoutes.GET("/:id/:username/search", searchController.SearchHandler)
|
||||
userRoutes.GET("/:id/:username/search/:page", searchController.SearchHandler)
|
||||
userRoutes.GET("/:id/:username/feed", feedController.RSSHandler)
|
||||
userRoutes.GET("/:id/:username/feed/:page", feedController.RSSHandler)
|
||||
userRoutes.POST("/:id/:username/delete", UserProfileDelete)
|
||||
|
|
|
@ -1360,6 +1360,10 @@ input.filelist-checkbox:checked+table.table-filelist {
|
|||
|
||||
/* Mod Tools */
|
||||
|
||||
.content-admin .modtools {
|
||||
display: block;
|
||||
}
|
||||
|
||||
.modtools {
|
||||
position: fixed;
|
||||
top: 65px;
|
||||
|
@ -1369,6 +1373,8 @@ input.filelist-checkbox:checked+table.table-filelist {
|
|||
border-style: solid;
|
||||
height: 50px;
|
||||
border-radius: 5px;
|
||||
z-index: 1;
|
||||
display: none;
|
||||
}
|
||||
|
||||
.tr-cb {
|
||||
|
|
|
@ -16,6 +16,9 @@ body, .header {
|
|||
margin-top: 0!important;
|
||||
}
|
||||
}
|
||||
.modtools {
|
||||
top: 43px;
|
||||
}
|
||||
.torrent-info-data {
|
||||
font-family: Arial, sans-serif!important;
|
||||
}
|
||||
|
@ -58,9 +61,6 @@ a:hover {
|
|||
text-decoration: underline;
|
||||
}
|
||||
|
||||
#content {
|
||||
top: 31px!important;
|
||||
}
|
||||
.upload-form-table .checkbox-container+input {
|
||||
width: 385px;
|
||||
}
|
||||
|
@ -123,14 +123,20 @@ th.tr-name a {
|
|||
|
||||
.icon-magnet:before {
|
||||
font-size: 14px;
|
||||
}
|
||||
}.upload-tag-table
|
||||
|
||||
.icon-floppy::before {
|
||||
content: '';
|
||||
}
|
||||
.icon-floppy {
|
||||
background: url("/img/dl-link.png") no-repeat center;
|
||||
}
|
||||
|
||||
.upload-tag-table .input-label {
|
||||
font-size: 12px;
|
||||
}
|
||||
.header, #header-height-offset {
|
||||
height: 40px;
|
||||
}
|
||||
.header {
|
||||
background: url("/img/topbar.png") repeat-x black;
|
||||
background: linear-gradient(to bottom, #6d6d6d 0%, #000000 72%);
|
||||
|
@ -677,9 +683,9 @@ span.tag {
|
|||
padding: 7px 3px;
|
||||
}
|
||||
.upload-tag-table .form-group {
|
||||
margin-right: 8px;
|
||||
margin-right: 11px;
|
||||
}
|
||||
.upload-tag-table .form-group input, .upload-tag-table .form-group select {
|
||||
width: 118px!important;
|
||||
width: 128px!important;
|
||||
height: 20px;
|
||||
}
|
||||
|
|
|
@ -285,9 +285,11 @@ function humanFileSize(bytes, si) {
|
|||
}
|
||||
|
||||
function getCookieValue(cookieName) {
|
||||
var startPos = document.cookie.indexOf(cookieName + "=") + cookieName.length + 1
|
||||
var startPos = document.cookie.indexOf(cookieName + "=")
|
||||
if(startPos == -1) return ""
|
||||
startPos += cookieName.length + 1
|
||||
var endPos = document.cookie.substring(startPos).indexOf(";")
|
||||
return endPos == "-1" ? document.cookie.substring(startPos) : document.cookie.substring(startPos, endPos + startPos)
|
||||
return endPos == -1 ? document.cookie.substring(startPos) : document.cookie.substring(startPos, endPos + startPos)
|
||||
}
|
||||
|
||||
// @license-end
|
||||
|
|
|
@ -33,6 +33,8 @@ type SearchForm struct {
|
|||
FromDate string
|
||||
ToDate string
|
||||
User string
|
||||
UserName string
|
||||
SearchURL string
|
||||
}
|
||||
|
||||
// NewNavigation return a navigation struct with
|
||||
|
@ -53,10 +55,12 @@ func NewSearchForm(c *gin.Context) SearchForm {
|
|||
ShowRefine: false,
|
||||
SizeType: sizeType,
|
||||
User: c.Query("user"),
|
||||
UserName: "",
|
||||
DateType: c.Query("dateType"),
|
||||
MinSize: c.Query("minSize"), // We need to overwrite the value here, since size are formatted
|
||||
MaxSize: c.Query("maxSize"), // We need to overwrite the value here, since size are formatted
|
||||
FromDate: c.Query("fromDate"), // We need to overwrite the value here, since we can have toDate instead and date are formatted
|
||||
ToDate: c.Query("toDate"), // We need to overwrite the value here, since date are formatted
|
||||
SearchURL: "/search",
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
</select>
|
||||
{{end}}
|
||||
{{block search_button() }}
|
||||
<input class="form-input search-box" name="q" placeholder="{{ T("search")}}" type="text" value="{{Search.NameLike}}"/>
|
||||
<input class="form-input search-box" name="q" placeholder="{{ if Search.UserName == ""}}{{ T("search")}}{{else}}{{ T("search_from_specific_user", Search.UserName)}}{{end}}" type="text" value="{{Search.NameLike}}"/>
|
||||
<button type="submit" class="form-input icon-search"></button><button type="submit" class="form-input refine" name="refine" value="1">{{ T("refine")}}</button>
|
||||
{{end}}
|
||||
{{block search_refine(url="") }}
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
<div class="h-right">
|
||||
{{ include "layouts/partials/helpers/badgemenu" }}
|
||||
<div class="h-search">
|
||||
<form role="search" action="{{URL.Parse("/search")}}" id="header-form" method="get">
|
||||
<form role="search" action="{{URL.Parse(Search.SearchURL)}}" id="header-form" method="get">
|
||||
{{ yield search_common() }} {{ yield search_button() }}
|
||||
</form>
|
||||
</div>
|
||||
|
|
|
@ -2162,5 +2162,9 @@
|
|||
{
|
||||
"id": "no_api_token",
|
||||
"translation": "No API token"
|
||||
},
|
||||
{
|
||||
"id": "search_from_specific_user",
|
||||
"translation": "Search from %s"
|
||||
}
|
||||
]
|
||||
|
|
|
@ -106,15 +106,13 @@ func SetLogin(c *gin.Context, user *models.User) (int, error) {
|
|||
maxAge = getMaxAge(true)
|
||||
}
|
||||
validUntil := timeHelper.FewDurationLater(time.Duration(maxAge) * time.Second)
|
||||
InstantDeletion := timeHelper.FewDurationLater(time.Second)
|
||||
encoded, err := Encode(user.ID, validUntil)
|
||||
encodedDeletion, err := Encode(user.ID, InstantDeletion)
|
||||
if err != nil {
|
||||
return http.StatusInternalServerError, err
|
||||
}
|
||||
|
||||
//Delete session cookie shared between nyaa & sukebei because it should not exist and used to for some users
|
||||
c.SetCookie(CookieName, encodedDeletion, 0, "/", getDomainName(), false, true)
|
||||
//Delete session cookie shared between nyaa & sukebei (or current session cookie if no domain name in config) because it should not exist and used to for some users
|
||||
http.SetCookie(c.Writer, &http.Cookie{Name: "session", Value: "", Domain: getDomainName(), Path: "/", Expires: time.Now().AddDate(-1, -1, -1)})
|
||||
c.SetCookie(CookieName, encoded, maxAge, "/", "", false, true)
|
||||
// also set response header for convenience
|
||||
c.Header("X-Auth-Token", encoded)
|
||||
|
|
Référencer dans un nouveau ticket