Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0

Prevent session cookie from existing on .pantsu.cat & other things (#1658)

* Update user.go

* Update main.css

* add comment

* fix JS function that did not  behave as intended

* Update classic.css

* Update classic.css

* Update search.jet.html

* Update en-us.all.json

* Update site.jet.html

* Update router.go

* Update search.go

* Update helpers.go

* Update search.go
Cette révision appartient à :
kilo 2017-10-14 03:16:34 +02:00 révisé par ewhal
Parent 06ce41f04f
révision ba058ec3e1
10 fichiers modifiés avec 58 ajouts et 28 suppressions

Voir le fichier

@ -4,6 +4,7 @@ import (
"html"
"net/http"
"strconv"
"fmt"
"math"
@ -14,15 +15,6 @@ import (
"github.com/gin-gonic/gin"
"github.com/pkg/errors"
)
// UserSearchHandler : Controller called when search done through user profile URL, userID parameters are accessed differently so we need this
func UserSearchHandler(c *gin.Context) {
query := c.Request.URL.Query()
query.Set("userID", c.Param("id"))
c.Request.URL.RawQuery = query.Encode()
SearchHandler(c)
}
// SearchHandler : Controller for displaying search result page, accepting common search arguments
func SearchHandler(c *gin.Context) {
var err error
@ -44,25 +36,43 @@ func SearchHandler(c *gin.Context) {
return
}
}
searchForm := templates.NewSearchForm(c)
if c.Param("id") != "" {
query := c.Request.URL.Query()
query.Set("userID", c.Param("id"))
c.Request.URL.RawQuery = query.Encode()
searchForm.SearchURL = fmt.Sprintf("/user/%s/%s/search", c.Param("id"), c.Param("username"))
searchForm.UserName = c.Param("username") //Only add username if user search route
}
userID, err := strconv.ParseUint(c.Query("userID"), 10, 32)
if err != nil {
userID = 0
}
if userID == 0 && c.Param("id") != "" && c.Param("id") != "0" {
c.Redirect(http.StatusSeeOther, fmt.Sprintf("/user/%s/%s", c.Param("id"), c.Param("username")))
//User is trying to use the user search route with an inexisting user
//Must redirect him to user search instead of simply showing "no torrents found!"
}
searchParam, torrents, nbTorrents, err := search.AuthorizedQuery(c, pagenum, currentUser.CurrentOrAdmin(uint(userID)))
if err != nil {
c.AbortWithError(http.StatusInternalServerError, err)
return
}
// Convert back to strings for now.
category := ""
if len(searchParam.Category) > 0 {
category = searchParam.Category[0].String()
}
nav := templates.Navigation{int(nbTorrents), int(searchParam.Max), int(searchParam.Offset), "search"}
searchForm := templates.NewSearchForm(c)
searchForm.TorrentParam, searchForm.Category = searchParam, category
if c.Query("refine") == "1" {

Voir le fichier

@ -32,8 +32,8 @@ func init() {
userRoutes.GET("/:id/:username/edit", UserDetailsHandler)
userRoutes.POST("/:id/:username/edit", UserProfileFormHandler)
userRoutes.GET("/:id/:username/apireset", UserAPIKeyResetHandler)
userRoutes.GET("/:id/:username/search", searchController.UserSearchHandler)
userRoutes.GET("/:id/:username/search/:page", searchController.UserSearchHandler)
userRoutes.GET("/:id/:username/search", searchController.SearchHandler)
userRoutes.GET("/:id/:username/search/:page", searchController.SearchHandler)
userRoutes.GET("/:id/:username/feed", feedController.RSSHandler)
userRoutes.GET("/:id/:username/feed/:page", feedController.RSSHandler)
userRoutes.POST("/:id/:username/delete", UserProfileDelete)

Voir le fichier

@ -1360,6 +1360,10 @@ input.filelist-checkbox:checked+table.table-filelist {
/* Mod Tools */
.content-admin .modtools {
display: block;
}
.modtools {
position: fixed;
top: 65px;
@ -1369,6 +1373,8 @@ input.filelist-checkbox:checked+table.table-filelist {
border-style: solid;
height: 50px;
border-radius: 5px;
z-index: 1;
display: none;
}
.tr-cb {

Voir le fichier

@ -16,6 +16,9 @@ body, .header {
margin-top: 0!important;
}
}
.modtools {
top: 43px;
}
.torrent-info-data {
font-family: Arial, sans-serif!important;
}
@ -58,9 +61,6 @@ a:hover {
text-decoration: underline;
}
#content {
top: 31px!important;
}
.upload-form-table .checkbox-container+input {
width: 385px;
}
@ -123,14 +123,20 @@ th.tr-name a {
.icon-magnet:before {
font-size: 14px;
}
}.upload-tag-table
.icon-floppy::before {
content: '';
}
.icon-floppy {
background: url("/img/dl-link.png") no-repeat center;
}
.upload-tag-table .input-label {
font-size: 12px;
}
.header, #header-height-offset {
height: 40px;
}
.header {
background: url("/img/topbar.png") repeat-x black;
background: linear-gradient(to bottom, #6d6d6d 0%, #000000 72%);
@ -677,9 +683,9 @@ span.tag {
padding: 7px 3px;
}
.upload-tag-table .form-group {
margin-right: 8px;
margin-right: 11px;
}
.upload-tag-table .form-group input, .upload-tag-table .form-group select {
width: 118px!important;
width: 128px!important;
height: 20px;
}

Voir le fichier

@ -285,9 +285,11 @@ function humanFileSize(bytes, si) {
}
function getCookieValue(cookieName) {
var startPos = document.cookie.indexOf(cookieName + "=") + cookieName.length + 1
var startPos = document.cookie.indexOf(cookieName + "=")
if(startPos == -1) return ""
startPos += cookieName.length + 1
var endPos = document.cookie.substring(startPos).indexOf(";")
return endPos == "-1" ? document.cookie.substring(startPos) : document.cookie.substring(startPos, endPos + startPos)
return endPos == -1 ? document.cookie.substring(startPos) : document.cookie.substring(startPos, endPos + startPos)
}
// @license-end

Voir le fichier

@ -33,6 +33,8 @@ type SearchForm struct {
FromDate string
ToDate string
User string
UserName string
SearchURL string
}
// NewNavigation return a navigation struct with
@ -53,10 +55,12 @@ func NewSearchForm(c *gin.Context) SearchForm {
ShowRefine: false,
SizeType: sizeType,
User: c.Query("user"),
UserName: "",
DateType: c.Query("dateType"),
MinSize: c.Query("minSize"), // We need to overwrite the value here, since size are formatted
MaxSize: c.Query("maxSize"), // We need to overwrite the value here, since size are formatted
FromDate: c.Query("fromDate"), // We need to overwrite the value here, since we can have toDate instead and date are formatted
ToDate: c.Query("toDate"), // We need to overwrite the value here, since date are formatted
SearchURL: "/search",
}
}

Voir le fichier

@ -8,7 +8,7 @@
</select>
{{end}}
{{block search_button() }}
<input class="form-input search-box" name="q" placeholder="{{ T("search")}}" type="text" value="{{Search.NameLike}}"/>
<input class="form-input search-box" name="q" placeholder="{{ if Search.UserName == ""}}{{ T("search")}}{{else}}{{ T("search_from_specific_user", Search.UserName)}}{{end}}" type="text" value="{{Search.NameLike}}"/>
<button type="submit" class="form-input icon-search"></button><button type="submit" class="form-input refine" name="refine" value="1">{{ T("refine")}}</button>
{{end}}
{{block search_refine(url="") }}

Voir le fichier

@ -40,7 +40,7 @@
<div class="h-right">
{{ include "layouts/partials/helpers/badgemenu" }}
<div class="h-search">
<form role="search" action="{{URL.Parse("/search")}}" id="header-form" method="get">
<form role="search" action="{{URL.Parse(Search.SearchURL)}}" id="header-form" method="get">
{{ yield search_common() }} {{ yield search_button() }}
</form>
</div>

Voir le fichier

@ -2162,5 +2162,9 @@
{
"id": "no_api_token",
"translation": "No API token"
},
{
"id": "search_from_specific_user",
"translation": "Search from %s"
}
]

Voir le fichier

@ -106,15 +106,13 @@ func SetLogin(c *gin.Context, user *models.User) (int, error) {
maxAge = getMaxAge(true)
}
validUntil := timeHelper.FewDurationLater(time.Duration(maxAge) * time.Second)
InstantDeletion := timeHelper.FewDurationLater(time.Second)
encoded, err := Encode(user.ID, validUntil)
encodedDeletion, err := Encode(user.ID, InstantDeletion)
if err != nil {
return http.StatusInternalServerError, err
}
//Delete session cookie shared between nyaa & sukebei because it should not exist and used to for some users
c.SetCookie(CookieName, encodedDeletion, 0, "/", getDomainName(), false, true)
//Delete session cookie shared between nyaa & sukebei (or current session cookie if no domain name in config) because it should not exist and used to for some users
http.SetCookie(c.Writer, &http.Cookie{Name: "session", Value: "", Domain: getDomainName(), Path: "/", Expires: time.Now().AddDate(-1, -1, -1)})
c.SetCookie(CookieName, encoded, maxAge, "/", "", false, true)
// also set response header for convenience
c.Header("X-Auth-Token", encoded)