Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0
Graphe des révisions

123 commits

Auteur SHA1 Message Date
akuma06
38a55e88e9 Fix for csrf (#923)
* Merge remote-tracking branch 'refs/remotes/origin/dev' into fix-for-csrf

Fix CSRF protection

Seems like it doesn't work anymore...
I tried to
fix it but couldn't get /api without csrf. So I changed the
dependency
for another csrf package (nosurf).
Behavior: Same as previously. You
just have to include the block
csrf_token

* changing dependency to nosurf
2017-06-05 11:33:48 +10:00
tomleb
e60eceba63 Reduce number of queries, update systemd unit service (#925)
* Update/add systemd services

* Avoid roundtrip back to postgresql when doing ES search

* Use only one ES client
2017-06-05 11:33:02 +10:00
akuma06
9e0424ec5e Add Build version
Main version can be set in config/default_config.yml
Build version need to be set by build command: go build -ldflags "-X
main.buildversion=$(date -u +.%Y%m%d.%H%M%S)"
Or by using package.sh
Or by using the godep command: godep go build -ldflags "-X
main.buildversion=$(date -u +.%Y%m%d.%H%M%S)"
2017-05-31 12:20:06 +02:00
akuma06
5376b9e271 New config files (#854)
* New config files

As decided, config files are parsed at runtime.
I decided to go for YAML config files because there can be comments in
it.
There are 2 files:
* config/default_config.yml <= which shouldn't be edited unless we add a
config parameter
* config/config.yml <= which is the user-defined config. This file
shouldn't be commited

Changed every call to config.XXX to config.Conf.XXX (look to the new
stucture of config in config/types.go)

Of course, putting config parameters in config.yml overrides config in
config_default.yml. You don't have to put everything in it, just add
what you want to override.

* Fixing test

Replacing conf.New by config.Conf

* Fixing call to config.Conf to config.Config{} in test files

* Might have fixed testing with this

Printf instead of Fatalf

* Renaming config.yml in example file

* Forbid commiting config.yml

* Should be now fixed

* Do not need this file anymore
2017-05-30 21:21:57 -05:00
akuma06
ad7439283c CSRF Exclusion
As per suggestion of @yiiTT, CSRF is limited on users login,
registration, profile edit, comments post, torrent edit.
Uploads are not yet CSRF protected because api upload can't be used for
that
2017-05-30 00:18:43 +02:00
akuma06
bd59f3afd1 Forgot to move Token config
Tokens config are now in config/tokens.go
2017-05-29 17:39:13 +02:00
akuma06
3ec367a759 CSRF Support + better key for context
* Added new dep: gorilla/csrf
* CSRF field in forms
* CSRF variable in commontemplatevariables
* New key for messages and user context

Please change EnableSecureCSRF to false when testing locally and don't
merge config/env.go with the changes
2017-05-29 17:07:18 +02:00
John Smith
0bdd915f9a
Let net/http gracefully close
http.Server.Shutdown gracefully closes listeners/clients, we do not have to
do it ourselves. Making util/signals accept func() instead of io.Closer
allowed for the removal of network/closer.go and util/signals/closers.go.
2017-05-29 16:29:34 +10:00
Eliot Whalan
cdd382cd34
Merge branch 'dev' of https://github.com/NyaaPantsu/nyaa into dev 2017-05-28 19:57:38 +10:00
John Smith
92c92e09c1
Prevent race condition.
It is possible for an os.Interrupt signal to be raised after
signals.RegisterCloser() and before startup of goroutine signals.Handle().

Race is prevented by synchronously calling signal.Notify().
2017-05-28 19:57:07 +10:00
Steindór
25562e0d54 Account theme switcher (Pls merge) (#750)
* added pagination

* cleanup

* indentation fix

* fix

* Loads theme from context

* Basic theme switching working

* working properly

* Fuck golint tbqh

* united language and theme into one settings page

* made the settings page a little nicer

* fixed it so it works properly now

* removed parts of inline js and fixed bug

* removed remains of other theme switching method

* fixed very minor bug

* fix
2017-05-27 12:08:47 -05:00
tomleb
7eee47b0d3 Fix bug, remove literals (#629)
* Use ModeratorDir variable

* Rename cookieHelper to cookie_helper for consistency

* Use named constant instead of literals

* Fix ability to upload when uploads are disabled

The old code let people upload under the right conditions when uploads
were disabled. (ie: User is banned and config.AdminAreStillAllowedTo is
false)

* Increase timeout (fixes #517)

* Fix inconsistent indentation *.{js, css} (fix #583)

* Fix negative page

Temporary fix. The issue was that going to a negative page caused the
sql query to have a negative offset. This caused an error in the
database query.

We need to cleanup this code, but this will work for now.

* Fix wrong PG_DATA directory due to upgrade to 9.6

* Add server status link to FAQ

* Fix failing tests

* Clarify group_vars/all and hosts doc

* Add a wrapper to protect /mod route

* Fix login page not showing form errors
2017-05-20 09:10:16 +10:00
tomleb
9c6c66d0e9 Don't make path configurable, detect empty directory 2017-05-17 19:05:58 -04:00
PantsuDev
70f87e7aac finish repo transfer 2017-05-17 15:58:40 +10:00
akuma06
b7aaddf91e Fix filesize fetcher 2017-05-17 00:47:55 +02:00
ElegantMonkey
df2c9bc2f7 Fix conflicts 2017-05-14 21:19:29 -03:00
Atvaark
cd844aec45 Replace 'en-us' literals with the default language
This consolidates the places where a default language has to be set.

- Removed import of the 'userService' package into the 'languages' util
  package
  This was required to prevent a cyclic import between the two packages.
- Added a 'UserRetriever' interface to read the language setting of users
  inside the 'languages' package
2017-05-14 22:10:07 +02:00
ElegantMonkey
f64ecb3d0f Fix conflict 2017-05-14 09:23:16 -03:00
ElegantMonkey
2da2ad4214 FilesizeFetcher -> MetainfoFetcher 2017-05-14 08:20:34 -03:00
Eliot Whalan
f0582f13c2 rename filesize_fetcher to metadata_fetcher 2017-05-14 15:32:02 +10:00
Eliot Whalan
b4eeb1836a Merge branch 'dev' of https://github.com/ewhal/nyaa into dev 2017-05-14 15:09:02 +10:00
Eliot Whalan
7533a66f4e Merge branch 'dev' of https://github.com/ewhal/nyaa into dev 2017-05-14 09:23:28 +10:00
akuma06
ed26ee81eb Merge branch 'dev' into dev 2017-05-14 00:55:17 +02:00
Atvaark
6e546facc0 Fix i18n file errors
- Fixed an error in the spanish and chinese translation file
- Refactored reading the translation files
  Instead of ignoring errors in the non-default language files
  the error will now be returned and the remaining files will
  not be loaded.
- Added a unit test to check if all translation files are valid
- Added an i18n config to specify the translations dir and the
  default language
2017-05-13 22:52:17 +02:00
ElegantMonkey
fb677d4d9d Use sync.WaitGroup for FetchOperations 2017-05-13 16:07:39 -03:00
ElegantMonkey
a068984af3 Add filesize fetcher mode 2017-05-13 14:58:48 -03:00
Eliot Whalan
bf5fc7edd0 lower timeouts 2017-05-13 16:28:17 +10:00
sfan5
eb10a9baa3 Adjust read & write timeouts 2017-05-12 17:56:22 +02:00
Atvaark
b12e812b36 Add database logmode to the config
This allows users to change the default logging verbosity (errors)
to either *detailed* (prints SQL statements) or *silent*.
Also added support for using a custom logger function.

- Fixed the gorm unit test that checks the automigrations
  They will actually fail if any errors were logged now.
- Added a postgres unit test
  Currently disabled because it would need a running local
  postgres db and  a change to the .travis.yml file to work
  inside the CI build.
2017-05-11 22:28:09 +02:00
Jeff Becker
0e8a3cde3b Merge branch 'cache-interface' into merge-cache-interface 2017-05-11 09:24:20 -04:00
Jeff Becker
059ea7d2a8 abstract out cache 2017-05-11 09:01:53 -04:00
Eliot Whalan
c1cafb9d9a Remove broken caching stuff 2017-05-11 22:22:49 +10:00
Jeff Becker
57895251a3 fix torrent swarm ordering and add timeouts for udp scrape 2017-05-11 07:40:50 -04:00
Jeff Becker
604cf57677 make it work 2017-05-10 18:06:21 -04:00
Jeff Becker
1089883ed5 initial 2017-05-10 13:29:35 -04:00
Jeff Becker
73f77f1624 properly handle os.Interrupt Signal
This makes systemd not put unit into fail mode when stopping

INFO:

* make sure to use signals.RegisterCloser for everything that should be closed on interrupt

* for any net.Listeners created make sure to wrap them with network.WrapListener and register with signals.RegisterCloser
2017-05-10 08:23:29 -04:00
bakape
7af373b849 cache: Integrate with home handler and add size flag 2017-05-10 13:06:32 +03:00
Chris MacLeod
c9b72206a5 Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds

The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.

* Style changes and old code removal in router

Router needs a lot of work done to its (lack of) error handling.

* Dead code removal and style changes

Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.

* Finish dead code removal and style changes

Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.

* Fix accidental find-and-replace

* Style, error checking, saftey, bug fix changes

* Redo error checking erased during merge

* Re-add merge-erased fix. Make Safe safe.
2017-05-09 21:34:40 -05:00
PantsuDev
9e09dff4d4 Merge pull request #223 from ElegantMonkey/load-translations
Load translations from folder
2017-05-10 06:45:33 +10:00
ElegantMonkey
960ef9babf Load translations from folder 2017-05-09 14:46:16 -03:00
bakape
c46c386981 Better DB error handling 2017-05-09 20:23:21 +03:00
Jeff
18d6ad3992 make rss fast again :^) 2017-05-09 11:07:42 -04:00
akuma06
be6e573465 Moved translations in appropriate directory 2017-05-09 04:12:48 +02:00
Eliot Whalan
eca5079080 Optimize sql queries 2017-05-08 23:50:18 +10:00
akuma06
efb12315a8 Merge pull request #161 from majestrate/i2p-listener
optionally provide i2p connectivity
2017-05-08 03:34:19 +02:00
sfan5
ae89508f23 Search case-sensitivity hotfix 2017-05-07 23:01:06 +02:00
Jeff Becker
37350a1233 add initial optional i2p connectivity 2017-05-07 15:51:37 -04:00
sfan5
9b6b25e7df Allow storage of uploaded .torrent files (disabled by default) 2017-05-07 15:57:24 +02:00
Jeff Becker
1e567c74ca wire up signal handlers for sighup 2017-05-07 08:07:20 -04:00
akuma06
7ffde7a8e1 Merge branch 'master' into master 2017-05-07 02:44:49 +02:00