Pavel Djundik
f35a2809a7
Store preview images on disk for privacy, security and caching
2017-07-18 11:37:16 +03:00
Pavel Djundik
b0efbf8a1e
Parse x-forwarded-for header correctly
2017-06-21 14:34:06 +03:00
Pavel Djundik
f6dd616d5e
Update to eslint 4 and enforce extra rules
2017-06-19 09:58:29 +03:00
Pavel Djundik
ca54c40d0f
Merge pull request #1197 from thelounge/xpaw/socketio-transports
...
Correctly configure client socket transports
2017-06-08 20:19:49 +03:00
Pavel Djundik
b46f92c7d8
Only update bcrypt password rounds if the password actually matches
2017-06-02 11:02:03 +03:00
Pavel Djundik
16fb118d02
Correctly configure client transports
...
Fixes #848
2017-06-01 22:43:23 +03:00
Alistair McKinlay
b4310dbc03
Review changes
...
(Should be squashed before merge)
2017-04-21 09:26:02 +01:00
Alistair McKinlay
cc85b2143c
Change index.html to be rendered using handlebars
2017-04-21 09:16:24 +01:00
Metsjeesus
fa51a2c281
Add CA bundle option in SSL
2017-04-15 19:12:21 +03:00
Pavel Djundik
f645c32cb9
Use local variables to check length
2017-04-14 00:05:28 +03:00
Jérémie Astori
fe7c570cc9
Use Referrer-Policy header instead of CSP referrer
...
According to MDN:
> referrer
> Used to specify information in the referer (sic) header for links away from a page.
> Use the Referrer-Policy header instead.
See:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/referrer
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
2017-04-06 02:25:43 -04:00
S
001f96035b
Switch to bcryptjs and make password comparison async
...
- PasswordCompareAsync prevents timeouts on resource constraint devices
- All password.compare calls are now async
- Updated tests to accept async functions
2017-04-01 03:06:09 -04:00
Élie Michel
ed3b4faa62
Fix eslint styling issues
2017-03-21 15:49:54 +01:00
Élie Michel
642442c041
Implement a proper LDAP authentication process
...
The Lounge first log as a special user in order to search (as in LDAP's
'"search" verb) for the user's full DN. It then attempts to bind using the
found user DN and the user provided password.
2017-03-21 15:15:33 +01:00
Pavel Djundik
c409328ddf
Fix variable shuffling around ident handler
...
Fixes #965
2017-03-17 22:24:40 +02:00
Pavel Djundik
9997aafec7
Rewrite identd server, combine with oidentd
2017-03-12 12:02:22 +02:00
Jérémie Astori
bc8b699437
Add a basic check for bundled application when starting the server
...
Note that this will not detect if the client application was built with an old version of the repo.
2017-01-23 01:15:50 -05:00
Jérémie Astori
3e82994ae2
Make log style when referring user consistent with other places
2017-01-04 02:17:15 -05:00
Pavel Djundik
fb87bd3a58
Webpack
2016-12-27 19:15:30 +02:00
Pavel Djundik
3a3eebd61d
Do not use backticks in strings when unnecessary
2016-12-20 02:09:53 +02:00
Jérémie Astori
b01517861d
Remove autoload option and always autoload users
...
Since @xPaw provided a really nice way to watch user config files, there is now no need to be cheap about it (it used to be run every second, possibly why it could be disabled via settings?).
This commit also improves the function a little bit by making use of ES6 syntax.
A warning gets displayed on the server console when the `autoload` option is still present in the config file.
2016-12-11 03:29:30 -05:00
Jérémie Astori
303fab8519
Merge pull request #749 from thelounge/xpaw/hexip
...
Add support for hexip ilines and fix storing client ip in config
2016-12-10 19:50:33 -05:00
Pavel Djundik
463a63aed3
Avoid unnecessary disk writes if user object has not changed, make updateUser async
2016-12-10 11:05:34 +02:00
Jérémie Astori
adf93f9fad
Merge pull request #746 from thelounge/xpaw/update-deps
...
Update depdencides to latest stable versions
2016-11-20 14:46:16 -05:00
Pavel Djundik
00548e65d7
Update existing networks with ip and hostmask if null
2016-11-19 22:34:05 +02:00
Pavel Djundik
708788338c
Add support for hexip ilines
2016-11-19 20:32:47 +02:00
Pavel Djundik
6023035838
Update depdencides to latest stable versions
2016-11-19 10:49:16 +02:00
Pavel Djundik
b5db0abc18
Print node version and platform
2016-11-18 19:25:23 +02:00
William Boman
2f77d6981b
src/server: log config path on start-up
2016-11-15 18:23:02 +01:00
Jérémie Astori
8ec6d969d1
Merge pull request #697 from cloudron-io/ldap_crashfix
...
Fix crash when LDAP server is unreachable
2016-10-23 10:10:48 -04:00
Pavel Djundik
c5e0dee3a3
Change bcrypt rounds from 8 to 11
2016-10-22 09:24:27 +03:00
Pavel Djundik
a1f56c7395
Improve support for opening multiple clients at once
...
- Synchornize unread counter with the server
- Fix unread marker on no attached clients
- Increase unread counter for server messages
2016-10-17 01:31:22 -04:00
Girish Ramakrishnan
09f2d069de
Fix crash when LDAP server is unreachable
...
Fixes #667
2016-10-16 11:27:09 -07:00
William Boman
99218341ec
consolidate version numbers throughout all interfaces
2016-10-10 21:56:57 +02:00
Pavel Djundik
aa02fd5180
Enforce more eslint rules
2016-10-09 17:55:37 -04:00
Pavel Djundik
3b8a478e34
Fix loading fonts in Microsoft Edge
2016-10-09 12:29:17 +03:00
toXel
5b6f5d5dce
Check if SSL key and certificate files exist
2016-10-08 14:56:12 +02:00
Pavel Djundik
396a9cffb1
Display extra loading messages
2016-09-25 09:52:16 +03:00
Jérémie Astori
2b3b4ea924
Explicitly authorize websockets in CSP header
...
This follows a recent change in WebKit (see https://webkit.org/blog/6830/a-refined-content-security-policy/ , section "More restrictive wildcard *") to remove websocket schemes from the connect-src directive.
Users of Safari v10 (to be publicly released in a few days) would be affected by this and could not load the app.
2016-09-09 01:17:31 -04:00
Jérémie Astori
b153d568a0
Add a theme selector in the settings
...
Power to the people!
There is now 2 ways to set the theme: on the app config file (defaults
for all users) and in the user settings.
All CSS files present in the `client/themes` folder will be given as
choices to the users.
This is temporary (as in, temporary for a fairly long time) until we
have proper theme management.
2016-09-06 01:11:31 -04:00
Jérémie Astori
40b8f0c293
Make sure users with wrong tokens are locked out instead of crashing the app
2016-08-18 00:02:40 -04:00
Jérémie Astori
f824036225
Merge pull request #535 from thelounge/PR/fix-webirc-4in6
...
Fix webirc and 4-in-6 addresses
2016-08-12 00:39:26 -04:00
Maxime Poulin
bec0c74772
Merge pull request #552 from thelounge/astorije/logger
...
Use our logger instead of console.{log,error} for LDAP logs
2016-08-11 01:44:54 -04:00
Jérémie Astori
14782a56b7
Use our logger instead of console.{log,error}
2016-08-10 02:40:28 -04:00
Jérémie Astori
cf64cb04c4
Fix token persistency across server restarts
...
This fixes a regression introduced by LDAP support addition
(https://github.com/thelounge/lounge/pull/477 ), which forces
users to re-login when the server restarts. This was originally
implemented in https://github.com/thelounge/lounge/pull/370 .
2016-08-10 02:26:47 -04:00
Maxime Poulin
d42ac23c55
Fix webirc and 4-in-6 addresses
2016-07-30 20:54:09 -04:00
Johan Lindskogen
987474cfc1
implementing LDAP support
2016-07-29 21:28:00 -04:00
Jérémie Astori
9e188bad4b
Make sure git commit check would not send stderr to the console
...
Before that change, running a release would display this in the console:
```
fatal: Not a git repository (or any of the parent directories): .git
```
Also, this adds strict mode for that file, and make sure `gitCommit` never throws a `ReferenceError`.
2016-07-18 21:35:02 -04:00
Jérémie Astori
71577cf55e
Display whether instance is running from a release or from git on About section
2016-07-13 03:17:55 -04:00
Alistair McKinlay
9c07f2b0f2
Merge pull request #387 from thelounge/xpaw/config
...
Cache loaded config and merge it with defaults
2016-07-04 08:18:55 +01:00
William Boman
32b46bb32d
src/client: make sure config is always an object
2016-06-30 15:06:14 +02:00
Pavel Djundik
100262ad1f
Cache loaded config and merge it with defaults
...
Fixes #249
2016-06-26 19:30:25 +03:00
Maxime Poulin
1b9c5d8996
Fix default configuration for host
.
...
Similarly to kiwiirc/irc-framework#55 , passing `undefined` there instead of `"0.0.0.0"` allows the OS to decide and use both IPv4 and IPv6.
2016-06-24 06:25:51 -04:00
Pavel Djundik
f0adee1700
Fix crash in public mode introduced by #370 ( #413 )
2016-06-19 10:59:10 +03:00
Maxime Poulin
deba6f3aa1
Fix crash in public mode introduced by #370
2016-06-18 23:35:32 -04:00
Jérémie Astori
75c578c02c
Merge pull request #369 from thelounge/xpaw/fix-losing-auth
...
Do not lose authentication token when the connection gets lost
2016-06-18 22:35:12 -04:00
Pavel Djundik
12551c06b6
Perform node version check as soon as possible
2016-06-16 11:13:34 +03:00
Pavel Djundik
2008abc0e8
Do not lose authentication token when the connection gets lost
2016-06-13 10:39:01 +03:00
Pavel Djundik
9384cd9ca6
Implement user token persistency
2016-06-13 10:33:39 +03:00
Daniel
084b269865
Rename package variable to pkg, as "package" is reserved.
2016-06-12 02:46:51 +01:00
Maxime Poulin
22d4f40613
Warn the user when both ident handlers are enabled
2016-06-03 00:11:20 -04:00
Maxime Poulin
fabb758985
Add support for oidentd spoofing
2016-06-02 23:59:19 -04:00
Maxime Poulin
0b6d13d22d
Don't check for existing password emptyness
...
Pointed out by @PugaBear, it's possible for a user to have an empty password. There isn't really a need to check for password emptyness, it will simply fail with wrong old password instead.
2016-05-10 18:00:07 -04:00
Pavel Djundik
d143542fe5
Add security headers to minimize XSS damage
2016-05-06 11:08:45 +03:00
Maxime Poulin
96d282e73c
Add WEBIRC support
...
Fixes #181
2016-05-02 00:45:19 -04:00
Maxime Poulin
6d1e81b324
Remove "trust proxy" as it does litterally nothing
2016-05-02 00:42:03 -04:00
Pavel Djundik
e75a8f40a6
Stricter eslint rule for curly brackets
2016-05-01 12:41:17 +03:00
Jérémie Astori
177041c9bb
Merge pull request #280 from thelounge/min-node-ver
...
Document supported node version
2016-04-27 10:03:43 -04:00
Maxime Poulin
96d180077c
Add support for ~ home folder expansion
2016-04-27 04:23:54 -04:00
Pavel Djundik
d428bb7511
Document supported node version
2016-04-27 10:07:43 +03:00
Pavel Djundik
ede3131168
Add global logging helper
2016-04-27 00:05:55 +03:00
Jérémie Astori
05be0ff57f
Merge pull request #174 from thelounge/xpaw/http2
...
Add support for HTTP2
2016-03-19 18:06:34 -04:00
xPaw
9e8bc44e3a
Fix default socket.io transports
2016-03-19 18:48:36 +02:00
Pavel Djundik
689b018079
Add support for HTTP2
2016-03-09 14:04:05 +02:00
Pavel Djundik
52bc324a63
Update eslint to 2.3.0 and add stricter rules
2016-03-09 10:50:20 +02:00
Jérémie Astori
5f11c26223
Fix complete crash when refreshing a public instance
2016-02-29 01:19:11 +00:00
Daniel Llewellyn
b79a918be8
frontend password change functionality
...
- refactor clientManager.js to allow configuration parsing as a serparate
function.
- refactor clientManager.js to add configuration writing function.
- add server.js changes to allow for new password-change functionality
- add password change ui to "settings" screen
- refactor client.js to use new clientManager functionality for saving
the configuration files
2016-02-26 18:38:15 +00:00
Alistair McKinlay
b2625aebae
Merge pull request #38 from xPaw/lodash
...
Update lodash
2016-02-21 15:31:44 +00:00
Pavel Djundik
19bc4f37e0
Update lodash
2016-02-19 15:13:53 +02:00
Maxime Poulin
5bf205195d
Only update the users list when needed
...
Currently, for join/part/kick/nick/... the server will send an updated list of users and the client will re-render the list entirely. This ends up being a very expensive operation when joined on large channels and causes the client to slow down a lot.
2016-02-17 04:35:55 -05:00
Jérémie Astori
39dc4e8957
Update name and link to repo to new project
2016-02-10 06:20:05 +00:00
William Boman
8fdfd70c7e
Comply with ESLint
2015-10-26 03:01:47 +01:00
Mattias Erming
53faab2f41
Ignore query variables
2014-12-11 23:19:09 +01:00
Riku Rouvila
9416c492dd
add socket.io transports to configuration
2014-11-01 22:06:01 +02:00
Mattias Erming
1a620e1d54
Change 'users/' folder structure
2014-10-14 22:05:16 +02:00
Mattias Erming
95bebfe12c
Refactoring
2014-10-11 19:33:28 +02:00
Mattias Erming
3918c0ab61
Merge pull request #226 from wizardfrag/identd
2014-10-11 17:26:41 +02:00
Mattias Erming
d1296abf12
Clean up server options
2014-10-11 14:35:28 +02:00
David White
ea0e66afd0
Set up identd and make it work on connection 😎
2014-10-11 11:09:27 +01:00
XeonCore
dbd423e5a1
Allow binding to a local IP
2014-10-11 17:17:41 +11:00
Mattias Erming
2e964ca629
Prevent multiple logins
2014-10-08 22:16:10 +02:00
Mattias Erming
2ed7d6364c
Added '--home <path>' option
2014-10-03 16:33:44 -07:00
Mattias Erming
316fba3c08
Use 'bcrypt-nodejs' package
2014-10-03 02:57:35 -07:00
Shell Turner
7e4534afa9
Always go through the Helper object to load config
2014-10-01 18:53:54 +02:00
Mattias Erming
3e22b6e88a
Added https support
2014-09-26 16:26:21 -07:00
Mattias Erming
4c94a67d49
Use express
2014-09-26 15:12:53 -07:00
Mattias Erming
4d9b58ecd5
Autoload users
2014-09-24 15:23:54 -07:00
Mattias Erming
8793551371
Sync sidebar order
2014-09-24 12:42:36 -07:00
Mattias Erming
11f3d452dd
Server-side tracking of new message count
2014-09-21 09:46:43 -07:00
Mattias Erming
56b72071ec
Fix login
2014-09-16 10:43:02 -07:00
Mattias Erming
78d36d6750
Added 'Remember' login option
2014-09-15 14:13:03 -07:00
Mattias Erming
b52b860167
Fix login
2014-09-14 12:13:34 -07:00
Mattias Erming
221ed4b980
Change config.json to config.js
2014-09-13 09:41:11 -07:00
Sascha Depold
aa2406eb4b
Load home directory from helper and make it configurable.
2014-09-13 14:26:45 +02:00
Chris Moeller
1076ee4e06
Server correctly sends text/html MIME type and response code 200 for the root index.
2014-09-13 05:54:17 +01:00
Mattias Erming
428f63946b
Added password hashing
2014-09-11 13:37:16 -07:00
Mattias Erming
05a51f74a7
Fix the 'Show More' button
2014-09-10 12:23:56 -07:00
Mattias Erming
c66fab06a4
Allow commands on connect
2014-09-09 12:31:23 -07:00
Mattias Erming
965981e112
Fix login
2014-09-09 10:23:46 -07:00
Mattias Erming
404442f138
Bump version
2014-09-09 01:21:09 -07:00
Jonathan Huot
3a093dacd8
Added listen IP parameter. Listening on localhost allow to put Nginx/Varnish in front of shout server
2014-09-09 09:48:53 +02:00
Mattias Erming
b36e069895
Update cli commands
2014-08-17 06:33:48 -07:00
Mattias Erming
ac156544f0
Fetch remote images
2014-08-16 14:19:15 -07:00
Mattias Erming
eb7c40276e
Run private server by default
...
Use `shout start --public` or edit your `config.json` to override.
2014-08-14 09:37:26 -07:00
Mattias Erming
43b6310481
Added user loading
2014-08-13 18:52:02 -07:00
Mattias Erming
cd1383c1f0
Added --port option
2014-08-05 01:44:29 -07:00
Mattias Erming
4b21c319c2
Turn index.js into an executable
2014-08-05 01:32:50 -07:00
Mattias Erming
928220c6c1
Rename lib to src
2014-08-05 00:48:14 -07:00