* Megacheck friendly
applied megacheck and fixed some unwanted behaviour (markdown)
* Forgot this file
* Captcha Audio
Should make #993 happen
* Fix style issue in comments
* Added margin auto and width on input
* Moved width on captcha div instead
* fixing width issue with audio tag
* Captcha final style fix
* Merge remote-tracking branch 'refs/remotes/origin/dev' into fix-for-csrf
Fix CSRF protection
Seems like it doesn't work anymore...
I tried to
fix it but couldn't get /api without csrf. So I changed the
dependency
for another csrf package (nosurf).
Behavior: Same as previously. You
just have to include the block
csrf_token
* changing dependency to nosurf
Main version can be set in config/default_config.yml
Build version need to be set by build command: go build -ldflags "-X
main.buildversion=$(date -u +.%Y%m%d.%H%M%S)"
Or by using package.sh
Or by using the godep command: godep go build -ldflags "-X
main.buildversion=$(date -u +.%Y%m%d.%H%M%S)"
* New config files
As decided, config files are parsed at runtime.
I decided to go for YAML config files because there can be comments in
it.
There are 2 files:
* config/default_config.yml <= which shouldn't be edited unless we add a
config parameter
* config/config.yml <= which is the user-defined config. This file
shouldn't be commited
Changed every call to config.XXX to config.Conf.XXX (look to the new
stucture of config in config/types.go)
Of course, putting config parameters in config.yml overrides config in
config_default.yml. You don't have to put everything in it, just add
what you want to override.
* Fixing test
Replacing conf.New by config.Conf
* Fixing call to config.Conf to config.Config{} in test files
* Might have fixed testing with this
Printf instead of Fatalf
* Renaming config.yml in example file
* Forbid commiting config.yml
* Should be now fixed
* Do not need this file anymore
As per suggestion of @yiiTT, CSRF is limited on users login,
registration, profile edit, comments post, torrent edit.
Uploads are not yet CSRF protected because api upload can't be used for
that
* Added new dep: gorilla/csrf
* CSRF field in forms
* CSRF variable in commontemplatevariables
* New key for messages and user context
Please change EnableSecureCSRF to false when testing locally and don't
merge config/env.go with the changes
http.Server.Shutdown gracefully closes listeners/clients, we do not have to
do it ourselves. Making util/signals accept func() instead of io.Closer
allowed for the removal of network/closer.go and util/signals/closers.go.
It is possible for an os.Interrupt signal to be raised after
signals.RegisterCloser() and before startup of goroutine signals.Handle().
Race is prevented by synchronously calling signal.Notify().
* added pagination
* cleanup
* indentation fix
* fix
* Loads theme from context
* Basic theme switching working
* working properly
* Fuck golint tbqh
* united language and theme into one settings page
* made the settings page a little nicer
* fixed it so it works properly now
* removed parts of inline js and fixed bug
* removed remains of other theme switching method
* fixed very minor bug
* fix
* Use ModeratorDir variable
* Rename cookieHelper to cookie_helper for consistency
* Use named constant instead of literals
* Fix ability to upload when uploads are disabled
The old code let people upload under the right conditions when uploads
were disabled. (ie: User is banned and config.AdminAreStillAllowedTo is
false)
* Increase timeout (fixes#517)
* Fix inconsistent indentation *.{js, css} (fix#583)
* Fix negative page
Temporary fix. The issue was that going to a negative page caused the
sql query to have a negative offset. This caused an error in the
database query.
We need to cleanup this code, but this will work for now.
* Fix wrong PG_DATA directory due to upgrade to 9.6
* Add server status link to FAQ
* Fix failing tests
* Clarify group_vars/all and hosts doc
* Add a wrapper to protect /mod route
* Fix login page not showing form errors
This consolidates the places where a default language has to be set.
- Removed import of the 'userService' package into the 'languages' util
package
This was required to prevent a cyclic import between the two packages.
- Added a 'UserRetriever' interface to read the language setting of users
inside the 'languages' package
- Fixed an error in the spanish and chinese translation file
- Refactored reading the translation files
Instead of ignoring errors in the non-default language files
the error will now be returned and the remaining files will
not be loaded.
- Added a unit test to check if all translation files are valid
- Added an i18n config to specify the translations dir and the
default language
This allows users to change the default logging verbosity (errors)
to either *detailed* (prints SQL statements) or *silent*.
Also added support for using a custom logger function.
- Fixed the gorm unit test that checks the automigrations
They will actually fail if any errors were logged now.
- Added a postgres unit test
Currently disabled because it would need a running local
postgres db and a change to the .travis.yml file to work
inside the CI build.
This makes systemd not put unit into fail mode when stopping
INFO:
* make sure to use signals.RegisterCloser for everything that should be closed on interrupt
* for any net.Listeners created make sure to wrap them with network.WrapListener and register with signals.RegisterCloser
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.