Commit Graph

228 Commits

Author SHA1 Message Date
Pavel Djundik
a3e448acf5 Enable no-var rule
Fixes #1961
2018-02-19 19:49:39 +02:00
Pavel Djundik
38bc8e6782 Display password field when displayNetwork is false
Fixes #509
2018-02-17 10:23:01 +02:00
Pavel Djundik
e6241556be Fix #2024 - Send visible defaults when displayNetwork is false 2018-01-31 23:14:26 +02:00
Jérémie Astori
dcdc1d150f
Merge pull request #1979 from thelounge/astorije/index
Do not statically serve the index template prior to rendering it
2018-01-30 19:21:07 -05:00
Al McKinlay
72fafc5b4f Allow https css
Fixed #2012
2018-01-30 09:23:34 +00:00
Jérémie Astori
33d82287be
Do not statically serve the index template prior to rendering it
Without this, going to `https://thelounge.example.com/index.html` would return the raw file. This now excludes it from the `public` folder so it cannot be rendered as is.
Renaming the file is for good measure, to indicate that this HTML file must be templated. Because it is a straight rename with no modification, rebasing PRs on it should not be to painful, as git re-applies changes on renamed files.
2018-01-14 13:02:27 -05:00
Pavel Djundik
1aaa9391db
Merge pull request #1970 from thelounge/astorije/fix-themes
Fix local themes not being found in theme selector dropdown, and serve local themes using the themes route instead of the public folder
2018-01-13 23:09:55 +02:00
Jérémie Astori
c49239b4f1
Fix themes not being found in theme selector dropdown 2018-01-13 13:45:30 -05:00
Pavel Djundik
8d0bdfc200 Fix #1902 - unable to enable push notifications on Firefox 57 2018-01-12 12:04:04 +02:00
Pavel Djundik
98c3108bde
Merge pull request #1940 from thelounge/xpaw/fix-1934
Hash user tokens, increase token entropy
2018-01-11 13:34:14 +02:00
Pavel Djundik
eac092e661 Hash user tokens, increase token entropy
Fixes #1934
2018-01-10 15:54:52 +02:00
Pavel Djundik
fc39a67e10 Only emit "more" history to the client that requested it 2018-01-07 15:06:59 +02:00
Al McKinlay
3510094665 Allow custom css from plugins 2018-01-05 17:40:47 +00:00
Jérémie Astori
dab4fc44ea
Make sure data URIs are allowed by CSP not to block video controls 2017-12-27 13:56:38 -05:00
Jérémie Astori
9691df67e3
Improve UI of the About section and changelog viewer
- Keep consistent width between the Help page and Changelog (which is already different from other windows 😠)
- Add icons to the About links
- Make sure `li` elements (i.e. all the lists in changelogs) are consistent in size with rest of the client
- Display version and release notes link on the "About The Lounge" header line, smaller, pushed to the right
- Check new releases when opening the Help window in order to display it without having to open the release notes. Release notes are being fed to the Changelog page at that moment to avoid fetching twice.
- Re-check version/fetch release notes after 24h. Since The Lounge can now run 24/7, reconnect when losing the network, we have to assume an "always-on" usage.
- Change icon, animate background color when getting response from GitHub to avoid flashing.
- Combine click handlers with our wonderful window management. These were the same handler, even with similar checks (`target` exists, etc.), just in 2 different places. This is necessary for the next item.
- Combine "Open release notes" and "Go back to Help" button behaviors with window management handlers. The window management code is gross as ever, and is in desperate need of a refactor, but at least there is no duplicated code for the same behavior + history management. This fixes the "Next" history behavior (however reloading the app while viewing the notes does not load on the notes, but this is a bug for a different PR!).
- Added a rule in the history management thingy: if a link we want to add history handling to has an `id`, store that in the state
- Added a button to go back to the Help window
- Fixed links to releases
- Send user to the GitHub issues *list* instead of *new issue form* because if they do not have a GitHub account, they will be redirected to the login page, which is a rather unpleasant experience when you are already confused...
- Fixed a bug that would return data about a new release in `latest` even though it is already the `current`. It was showing the current version as "The Lounge v... is now available".
- Added https://user-images.githubusercontent.com to the CSP rule when prefetch storage is enabled, because that is where we have stored screenshots in the changelog so far. Meh (we can improve that later if we decide to have a dedicated place for screenshots).
- Fetch changelog info even in public mode because users in public mode can access the release notes. They do not see the result of the version checker however.
2017-12-22 22:46:11 -05:00
Pavel Djundik
df858a5aaf
Add changelog viewing and update checking 2017-12-22 16:26:12 -05:00
Pavel Djundik
c06fb9a275 Clear storage folder after successful start and graceful exit 2017-12-18 16:59:05 +02:00
Jérémie Astori
844ca1fbe6
Merge pull request #1811 from thelounge/astorije/improve-helper
Clean up path helpers, expand defaults location in `thelounge --help`, add tests for `expandHome`
2017-12-08 21:53:14 -05:00
Jérémie Astori
0482747781
Only use helpers and not shared variables around path helpers
This refactor has a few benefits, for example there cannot be a rogue update of `Helper.CONFIG_PATH` or something.
2017-12-07 23:02:32 -05:00
Pavel Djundik
fb0f68f8a5 Harden content security policy even further 2017-12-07 20:45:45 +02:00
Pavel Djundik
552f3da67e Implement manual network/channel cloning for better performance 2017-12-03 16:31:37 +02:00
Pavel Djundik
01f524b7c5 Don't send defaults if not displaying network 2017-11-19 19:46:04 +02:00
Pavel Djundik
adab03f730 Fix test 2017-11-19 19:43:43 +02:00
Pavel Djundik
e86a155ec2 Remove express-handlebars, read manifest.json to get theme-color 2017-11-19 19:43:43 +02:00
Pavel Djundik
c30f4aaaeb Move help to view 2017-11-19 19:43:43 +02:00
Pavel Djundik
8d88779918 Fix options 2017-11-19 19:43:42 +02:00
Pavel Djundik
711b5e1d91 Make settings/options mostly work
Fixes #1672
2017-11-19 19:43:42 +02:00
Jérémie Astori
f2d9ef62cf
Merge pull request #1715 from thelounge/astorije/deprecate-node-v4
Deprecate support of Node v4 in preparation of The Lounge v3
2017-11-19 01:05:57 -05:00
Jérémie Astori
ef1c59072c
Deprecate support of Node v4 in preparation of The Lounge v3 2017-11-18 13:52:31 -05:00
Jérémie Astori
1dc92d8934
Enforce dangling commas with ESLint
¯\_(ツ)_/¯
2017-11-15 01:35:15 -05:00
Pavel Djundik
81e3e88391
Merge pull request #1636 from thelounge/xpaw/cleanup-clientmanager
Cleanup client manager functions
2017-10-29 10:25:42 +02:00
Pavel Djundik
3f2a017583 Create public folder with webpack 2017-10-18 21:20:12 +03:00
Pavel Djundik
50504ed09b Fix possible race condition when attaching clients 2017-10-17 12:45:18 +03:00
Pavel Djundik
280eea970a Get client ip address correctly 2017-10-17 10:35:28 +03:00
Pavel Djundik
5c45321cca Cleanup client manager functions 2017-10-15 19:05:19 +03:00
Pavel Djundik
44acc5cb00 Teardown sockets in tests 2017-10-06 12:53:08 +03:00
Pavel Djundik
2f15ab3999 Fix attached client not having token on login 2017-09-26 10:56:08 +03:00
Pavel Djundik
833bdfa2aa Fix session data not updating correctly 2017-09-26 10:56:08 +03:00
Pavel Djundik
d7e6db92b5 Implement session list 2017-09-26 10:56:08 +03:00
Jérémie Astori
637949ea55 Merge pull request #1471 from thelounge/xpaw/client-reconnection
Automatic client reconnection
2017-09-20 00:05:37 -04:00
Pavel Djundik
21c9919fa1 Print compatibility theme setting warning on startup 2017-09-19 12:21:08 +03:00
Pavel Djundik
cffa957e34 Only send messages newer than last seen id 2017-09-19 11:45:22 +03:00
Pavel Djundik
0c0df1efc9 Force reload the page if socket reconnects and server restarted 2017-09-19 11:45:22 +03:00
Alistair McKinlay
59d2f93f61
Allow themes from npm 2017-09-17 19:47:29 -04:00
Pavel Djundik
099fb058c6 Merge pull request #1478 from eliemichel/pr-proper-ldap--rebased
Implement a proper LDAP authentication process
2017-09-04 09:02:58 +03:00
Elie Michel
32e1a36980 Generalize auth plugin fallback mechanism
@astorije this is for you ;)
https://github.com/thelounge/lounge/pull/1478#discussion_r136492534
2017-09-03 23:00:25 +02:00
Elie Michel
00e54e49ac Add tests for LDAP auth plugin 2017-09-03 23:00:24 +02:00
Elie Michel
12ba10f688 Reorganize auth plugins 2017-09-03 23:00:23 +02:00
Élie Michel
cfa6db10c7 Make new LDAP options backward compatible
Also draft some kind of plugin system for auth, although it essentially consists in writing a function
and there is no mechanism to automatically fallback from one auth to another
2017-09-03 23:00:23 +02:00
Pavel Djundik
c845d5723d One line server startup errors 2017-09-03 15:13:56 +03:00
Pavel Djundik
9e1296d303 Merge pull request #1479 from thelounge/xpaw/unix-socket
Add support for binding to unix sockets
2017-09-01 11:25:00 +03:00
Jérémie Astori
ad8ec4b1e6
Remove the "Stay signed in" checkbox at login
This option is less and less the norm on modern webapps, it is fair to assume this is the default behavior. In fact, we were making it the default.

But more importantly, coming soon is the ability of remotely logging out of your other sessions, which is well handled through token deletion. That means we need to know about said tokens, which are not sent in no-"Stay signed in" version.
2017-08-31 23:07:43 -04:00
Pavel Djundik
b79a6cce0c Add support for binding to unix sockets
Fixes #686.
Fixes #691.
2017-08-31 21:56:20 +03:00
Pavel Djundik
0d57df81af Gracefully quit on Ctrl+C
Fixes #268
2017-08-30 20:26:45 +03:00
Élie Michel
19710b90c0 Merge branch 'master' into pr-proper-ldap 2017-08-29 08:42:26 +02:00
Jérémie Astori
684f1a641d
Make sure server is running before loading users 2017-08-23 13:21:14 -04:00
Pavel Djundik
0ac3ba28e1 Web Push Notifications 2017-08-22 10:54:18 +03:00
Pavel Djundik
3190fd00bf Refactor authentication flow 2017-08-13 21:37:12 +03:00
Pavel Djundik
c14f7da1b2 Generate unique tokens for each login and session 2017-07-31 02:02:15 +03:00
Jérémie Astori
157289258a
Keep track of preview visibility on the server so it persists at page reload 2017-07-26 18:16:50 -04:00
Pavel Djundik
f35a2809a7 Store preview images on disk for privacy, security and caching 2017-07-18 11:37:16 +03:00
Pavel Djundik
b0efbf8a1e Parse x-forwarded-for header correctly 2017-06-21 14:34:06 +03:00
Pavel Djundik
f6dd616d5e Update to eslint 4 and enforce extra rules 2017-06-19 09:58:29 +03:00
Pavel Djundik
ca54c40d0f Merge pull request #1197 from thelounge/xpaw/socketio-transports
Correctly configure client socket transports
2017-06-08 20:19:49 +03:00
Pavel Djundik
b46f92c7d8 Only update bcrypt password rounds if the password actually matches 2017-06-02 11:02:03 +03:00
Pavel Djundik
16fb118d02 Correctly configure client transports
Fixes #848
2017-06-01 22:43:23 +03:00
Alistair McKinlay
b4310dbc03 Review changes
(Should be squashed before merge)
2017-04-21 09:26:02 +01:00
Alistair McKinlay
cc85b2143c Change index.html to be rendered using handlebars 2017-04-21 09:16:24 +01:00
Metsjeesus
fa51a2c281 Add CA bundle option in SSL 2017-04-15 19:12:21 +03:00
Pavel Djundik
f645c32cb9 Use local variables to check length 2017-04-14 00:05:28 +03:00
Jérémie Astori
fe7c570cc9 Use Referrer-Policy header instead of CSP referrer
According to MDN:

> referrer
>   Used to specify information in the referer (sic) header for links away from a page.
>   Use the Referrer-Policy header instead.

See:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/referrer
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
2017-04-06 02:25:43 -04:00
S
001f96035b Switch to bcryptjs and make password comparison async
- PasswordCompareAsync prevents timeouts on resource constraint devices
- All password.compare calls are now async
- Updated tests to accept async functions
2017-04-01 03:06:09 -04:00
Élie Michel
ed3b4faa62 Fix eslint styling issues 2017-03-21 15:49:54 +01:00
Élie Michel
642442c041 Implement a proper LDAP authentication process
The Lounge first log as a special user in order to search (as in LDAP's
'"search" verb) for the user's full DN. It then attempts to bind using the
found user DN and the user provided password.
2017-03-21 15:15:33 +01:00
Pavel Djundik
c409328ddf Fix variable shuffling around ident handler
Fixes #965
2017-03-17 22:24:40 +02:00
Pavel Djundik
9997aafec7 Rewrite identd server, combine with oidentd 2017-03-12 12:02:22 +02:00
Jérémie Astori
bc8b699437 Add a basic check for bundled application when starting the server
Note that this will not detect if the client application was built with an old version of the repo.
2017-01-23 01:15:50 -05:00
Jérémie Astori
3e82994ae2 Make log style when referring user consistent with other places 2017-01-04 02:17:15 -05:00
Pavel Djundik
fb87bd3a58 Webpack 2016-12-27 19:15:30 +02:00
Pavel Djundik
3a3eebd61d Do not use backticks in strings when unnecessary 2016-12-20 02:09:53 +02:00
Jérémie Astori
b01517861d Remove autoload option and always autoload users
Since @xPaw provided a really nice way to watch user config files, there is now no need to be cheap about it (it used to be run every second, possibly why it could be disabled via settings?).

This commit also improves the function a little bit by making use of ES6 syntax.

A warning gets displayed on the server console when the `autoload` option is still present in the config file.
2016-12-11 03:29:30 -05:00
Jérémie Astori
303fab8519 Merge pull request #749 from thelounge/xpaw/hexip
Add support for hexip ilines and fix storing client ip in config
2016-12-10 19:50:33 -05:00
Pavel Djundik
463a63aed3 Avoid unnecessary disk writes if user object has not changed, make updateUser async 2016-12-10 11:05:34 +02:00
Jérémie Astori
adf93f9fad Merge pull request #746 from thelounge/xpaw/update-deps
Update depdencides to latest stable versions
2016-11-20 14:46:16 -05:00
Pavel Djundik
00548e65d7 Update existing networks with ip and hostmask if null 2016-11-19 22:34:05 +02:00
Pavel Djundik
708788338c Add support for hexip ilines 2016-11-19 20:32:47 +02:00
Pavel Djundik
6023035838 Update depdencides to latest stable versions 2016-11-19 10:49:16 +02:00
Pavel Djundik
b5db0abc18 Print node version and platform 2016-11-18 19:25:23 +02:00
William Boman
2f77d6981b src/server: log config path on start-up 2016-11-15 18:23:02 +01:00
Jérémie Astori
8ec6d969d1 Merge pull request #697 from cloudron-io/ldap_crashfix
Fix crash when LDAP server is unreachable
2016-10-23 10:10:48 -04:00
Pavel Djundik
c5e0dee3a3 Change bcrypt rounds from 8 to 11 2016-10-22 09:24:27 +03:00
Pavel Djundik
a1f56c7395 Improve support for opening multiple clients at once
- Synchornize unread counter with the server
- Fix unread marker on no attached clients
- Increase unread counter for server messages
2016-10-17 01:31:22 -04:00
Girish Ramakrishnan
09f2d069de Fix crash when LDAP server is unreachable
Fixes #667
2016-10-16 11:27:09 -07:00
William Boman
99218341ec consolidate version numbers throughout all interfaces 2016-10-10 21:56:57 +02:00
Pavel Djundik
aa02fd5180 Enforce more eslint rules 2016-10-09 17:55:37 -04:00
Pavel Djundik
3b8a478e34 Fix loading fonts in Microsoft Edge 2016-10-09 12:29:17 +03:00
toXel
5b6f5d5dce Check if SSL key and certificate files exist 2016-10-08 14:56:12 +02:00
Pavel Djundik
396a9cffb1 Display extra loading messages 2016-09-25 09:52:16 +03:00
Jérémie Astori
2b3b4ea924 Explicitly authorize websockets in CSP header
This follows a recent change in WebKit (see https://webkit.org/blog/6830/a-refined-content-security-policy/, section "More restrictive wildcard *") to remove websocket schemes from the connect-src directive.
Users of Safari v10 (to be publicly released in a few days) would be affected by this and could not load the app.
2016-09-09 01:17:31 -04:00
Jérémie Astori
b153d568a0 Add a theme selector in the settings
Power to the people!

There is now 2 ways to set the theme: on the app config file (defaults
for all users) and in the user settings.
All CSS files present in the `client/themes` folder will be given as
choices to the users.

This is temporary (as in, temporary for a fairly long time) until we
have proper theme management.
2016-09-06 01:11:31 -04:00