* Merge remote-tracking branch 'refs/remotes/origin/dev' into fix-for-csrf
Fix CSRF protection
Seems like it doesn't work anymore...
I tried to
fix it but couldn't get /api without csrf. So I changed the
dependency
for another csrf package (nosurf).
Behavior: Same as previously. You
just have to include the block
csrf_token
* changing dependency to nosurf
* Logout is now a posted form
Instead of using a get method, I've moved it to a post method.
Doing that made possible to use CSRF token and also fix#902
* Update _badgemenu.html
* Comments count number
* New Modpanel fix
Fixes#755 (@ilikecats)
modpanel tables have margins
modpanel delete buttons are red
some coloring for buttons
reassign form looks better
reassign form textarea have rows="20" cols="40"
"save changes" btn green
report reasons are now translated in modpanel
delete is a real button on modpanel users page
* moved getReportDescription
* This allows changing the nyaa, sukebei and status URL via config.
Previously only the nyaa address was configurable
* This helps testing changes locally without having to set up
a TLS terminating proxy
* Also refactored uses of hardcoded URLs in the html templates
The html templates will now also use the configured urls
* Mass Edit MOD api JS (WIP)
In continuity with the mass edit mod api, this is the javascript use of
it.
##What does it do?
* Delete of multiple torrents on index/search
* Category change of multiple torrents
* Change of owner of multiple torrents
* Lock & delete of multiple torrents
##How?
* New toolbar only visible for mods
* Checkboxes added only for mods
* Selection and click on the button in toolbar
* Nothing is submitted, you have to review the changes in a modal window
listing them.
* Then the ajax queries are initialized one at a time with a progression
bar
* You can always at any moment delete entries from the queuing list
* Improved progress bar
* Deleting part almost done
Improved modal design
All dom interactions should be done
Prepared Query for only one callback
Improved Modal to keep a link to the active modal
* Finished =D
Added some translation string
* Forgot the refreshing of the page
Just an option that can be disabled by making refreshTimeout to 0
Main version can be set in config/default_config.yml
Build version need to be set by build command: go build -ldflags "-X
main.buildversion=$(date -u +.%Y%m%d.%H%M%S)"
Or by using package.sh
Or by using the godep command: godep go build -ldflags "-X
main.buildversion=$(date -u +.%Y%m%d.%H%M%S)"
* New config files
As decided, config files are parsed at runtime.
I decided to go for YAML config files because there can be comments in
it.
There are 2 files:
* config/default_config.yml <= which shouldn't be edited unless we add a
config parameter
* config/config.yml <= which is the user-defined config. This file
shouldn't be commited
Changed every call to config.XXX to config.Conf.XXX (look to the new
stucture of config in config/types.go)
Of course, putting config parameters in config.yml overrides config in
config_default.yml. You don't have to put everything in it, just add
what you want to override.
* Fixing test
Replacing conf.New by config.Conf
* Fixing call to config.Conf to config.Config{} in test files
* Might have fixed testing with this
Printf instead of Fatalf
* Renaming config.yml in example file
* Forbid commiting config.yml
* Should be now fixed
* Do not need this file anymore
* Added a fiel torrentID in search param
* Search can be limited to torrentID > id provided
* Templates creation through simple JS object
* XHR management through simple JS object
* Torrents object that interface with Templates and Query to get new
torrent uploaded according to the search context
As per suggestion of @yiiTT, CSRF is limited on users login,
registration, profile edit, comments post, torrent edit.
Uploads are not yet CSRF protected because api upload can't be used for
that
* Added new dep: gorilla/csrf
* CSRF field in forms
* CSRF variable in commontemplatevariables
* New key for messages and user context
Please change EnableSecureCSRF to false when testing locally and don't
merge config/env.go with the changes
Calculate the info hash of the uploaded torrent file
instead of the re-encoded torrent file.
The re-encoded torrent files only contain a subset
of the original info values and thus have a different hash.
* Added a check on username and userId when converting torrent to JSON
* Added a checkbox for hidden in modepanel, torrent user edit and upload
* Added a Hidden field bool in torrent model and upload form
* added pagination
* cleanup
* indentation fix
* fix
* Loads theme from context
* Basic theme switching working
* working properly
* Fuck golint tbqh
* united language and theme into one settings page
* made the settings page a little nicer
* fixed it so it works properly now
* removed parts of inline js and fixed bug
* removed remains of other theme switching method
* fixed very minor bug
* fix
* Update README.md
Added a link to the db dump and IRC channels.
* Minor fix
* Update README.md
* disabling email links
* Killed github autolinking
* Update README.md
* Removed database link
* fixed a FF only bug with the carets
* added a static size to pagination
* worked on the pagination widget
* fixed the arrow buttons too
* fixed appearance on pages over 1000
* Added a new function to only update columns of table user (less
useless query)
* Changed method to GET instead of POST because it is a link not a
button anymore
* Display of user profile if changes are successful
* TorrentJSON.ID is uint now, fix weird page sorting
The bug was that ES would sort by ID in a weird manner because the id
was a string. The id is now a uint.
* Resolved the conflict for future merging
* Missing comments and Function renaming
* Added some missing comments
* Renamed functions to get user followers/following
* GetFollowers to get followers
* GetLikings to get who the user is following
* Renaming + Add support of previous trackers
* Renaming user.Likings in user.Followers
* Renaming user.Liked in user.Likings
* Add a new string field Trackers in torrent model
* Trackers from torrent file are now populated to the databse
* Needed trackers are added to the torrent trackers if not provided or
if trackers is empty in DB (backward compatibility)
* New check and url encoding
* No more regex for verifying tracker url
* Encodes tracker url for "&" & "?" character possibly existing in
tracker url and breaking magnet link
* Improvements
* Trackers are now encoded in torrent.ParseTrackers
* Faster check by using the for loop of checktrackers
* No more boolean, we need to check len of array returned
* torrent.Trackers can be directly used in url as they are encoded like
: tr=tracker1&tr=tracker2&tr=...
* Fixing user profile page
* Modified css rule word-break to break-word
* Modified torrents table in user page to look like home listing
* Made the button reset api look like a button according to actual
design
* Modified user menu to have the same spacing accross templates
* User menu is in another template file loaded dynamically
* Fixing the access to userprofile variable
* Menu needs to access the user profile with $.UserProfile
* User Notification template variable removed, instead using user
profile variable
* Reverting back theme flickering fix
* Gofmt friendly
Keeping Go source code in line with what they preconize
* Golint Friendly Next
So I have made some variables unexported
Added comments in every function that I know what it does
Removed some deprecated stuff that I was sure of
Added a comment on possible deprecated methods "Is it deprecated?"
Changed some variable/method name according to golint recommendations
* Update filelist.go
* Make tree-view work with CSS only
Changed the file list tree-view to use recursive templating instead of
an external function, and improved it so that it works with only CSS.
Striped lines won't work though.
* Remove inline-block from folder label
It breaks with the text-overflow: ellipsis.
* Rename makeFolderData to makeTreeViewData
* Update mapping to be similar to TorrentJSON
* Implement ES search for TorrentParam
* Add seeders/leechers/completed to es index
* Fix filter, use analyzer
* Use ES for the search route
* Add upload_id filtering with ES
* Create/update ES index on torrent upload/update
* Delete from ES index on Delete
* Use ES everywhere, fallback to postgres query
Use Elasticsearch to search the index whenever a call to searchByQuery
is made. Big cleanup needed, but _it werks_.
* Only fetch ids from ES, nothing else
* Use ColumnUpdate instead of Save
* Add FIXME/info to search
* Template needs []TorrentJSON not []Torrent
* Making the code Golint friendly
* No exported variables when not needed
* Same for functions
* Simplifying Templates variables with a form basic template variable
and a modelList basic template variable
* Adapted templates to new template variables
* use of .Models instead of model list
* use of .Form instead of modelform
* Small fix
* Small fix 2
Forgot $.Form
* Reverting templateDir as a var
