Commit Graph

230 Commits

Author SHA1 Message Date
Jérémie Astori
2b3b4ea924 Explicitly authorize websockets in CSP header
This follows a recent change in WebKit (see https://webkit.org/blog/6830/a-refined-content-security-policy/, section "More restrictive wildcard *") to remove websocket schemes from the connect-src directive.
Users of Safari v10 (to be publicly released in a few days) would be affected by this and could not load the app.
2016-09-09 01:17:31 -04:00
Jérémie Astori
b153d568a0 Add a theme selector in the settings
Power to the people!

There is now 2 ways to set the theme: on the app config file (defaults
for all users) and in the user settings.
All CSS files present in the `client/themes` folder will be given as
choices to the users.

This is temporary (as in, temporary for a fairly long time) until we
have proper theme management.
2016-09-06 01:11:31 -04:00
Jérémie Astori
40b8f0c293 Make sure users with wrong tokens are locked out instead of crashing the app 2016-08-18 00:02:40 -04:00
Jérémie Astori
f824036225 Merge pull request #535 from thelounge/PR/fix-webirc-4in6
Fix webirc and 4-in-6 addresses
2016-08-12 00:39:26 -04:00
Maxime Poulin
bec0c74772 Merge pull request #552 from thelounge/astorije/logger
Use our logger instead of console.{log,error} for LDAP logs
2016-08-11 01:44:54 -04:00
Jérémie Astori
14782a56b7 Use our logger instead of console.{log,error} 2016-08-10 02:40:28 -04:00
Jérémie Astori
cf64cb04c4 Fix token persistency across server restarts
This fixes a regression introduced by LDAP support addition
(https://github.com/thelounge/lounge/pull/477), which forces
users to re-login when the server restarts. This was originally
implemented in https://github.com/thelounge/lounge/pull/370.
2016-08-10 02:26:47 -04:00
Maxime Poulin
d42ac23c55
Fix webirc and 4-in-6 addresses 2016-07-30 20:54:09 -04:00
Johan Lindskogen
987474cfc1 implementing LDAP support 2016-07-29 21:28:00 -04:00
Jérémie Astori
9e188bad4b Make sure git commit check would not send stderr to the console
Before that change, running a release would display this in the console:
```
fatal: Not a git repository (or any of the parent directories): .git
```

Also, this adds strict mode for that file, and make sure `gitCommit` never throws a `ReferenceError`.
2016-07-18 21:35:02 -04:00
Jérémie Astori
71577cf55e Display whether instance is running from a release or from git on About section 2016-07-13 03:17:55 -04:00
Alistair McKinlay
9c07f2b0f2 Merge pull request #387 from thelounge/xpaw/config
Cache loaded config and merge it with defaults
2016-07-04 08:18:55 +01:00
William Boman
32b46bb32d src/client: make sure config is always an object 2016-06-30 15:06:14 +02:00
Pavel Djundik
100262ad1f Cache loaded config and merge it with defaults
Fixes #249
2016-06-26 19:30:25 +03:00
Maxime Poulin
1b9c5d8996
Fix default configuration for host.
Similarly to kiwiirc/irc-framework#55, passing `undefined` there instead of `"0.0.0.0"` allows the OS to decide and use both IPv4 and IPv6.
2016-06-24 06:25:51 -04:00
Pavel Djundik
f0adee1700 Fix crash in public mode introduced by #370 (#413) 2016-06-19 10:59:10 +03:00
Maxime Poulin
deba6f3aa1
Fix crash in public mode introduced by #370 2016-06-18 23:35:32 -04:00
Jérémie Astori
75c578c02c Merge pull request #369 from thelounge/xpaw/fix-losing-auth
Do not lose authentication token when the connection gets lost
2016-06-18 22:35:12 -04:00
Pavel Djundik
12551c06b6 Perform node version check as soon as possible 2016-06-16 11:13:34 +03:00
Pavel Djundik
2008abc0e8 Do not lose authentication token when the connection gets lost 2016-06-13 10:39:01 +03:00
Pavel Djundik
9384cd9ca6 Implement user token persistency 2016-06-13 10:33:39 +03:00
Daniel
084b269865 Rename package variable to pkg, as "package" is reserved. 2016-06-12 02:46:51 +01:00
Maxime Poulin
22d4f40613
Warn the user when both ident handlers are enabled 2016-06-03 00:11:20 -04:00
Maxime Poulin
fabb758985 Add support for oidentd spoofing 2016-06-02 23:59:19 -04:00
Maxime Poulin
0b6d13d22d
Don't check for existing password emptyness
Pointed out by @PugaBear, it's possible for a user to have an empty password. There isn't really a need to check for password emptyness, it will simply fail with wrong old password instead.
2016-05-10 18:00:07 -04:00
Pavel Djundik
d143542fe5 Add security headers to minimize XSS damage 2016-05-06 11:08:45 +03:00
Maxime Poulin
96d282e73c
Add WEBIRC support
Fixes #181
2016-05-02 00:45:19 -04:00
Maxime Poulin
6d1e81b324 Remove "trust proxy" as it does litterally nothing 2016-05-02 00:42:03 -04:00
Pavel Djundik
e75a8f40a6 Stricter eslint rule for curly brackets 2016-05-01 12:41:17 +03:00
Jérémie Astori
177041c9bb Merge pull request #280 from thelounge/min-node-ver
Document supported node version
2016-04-27 10:03:43 -04:00
Maxime Poulin
96d180077c
Add support for ~ home folder expansion 2016-04-27 04:23:54 -04:00
Pavel Djundik
d428bb7511 Document supported node version 2016-04-27 10:07:43 +03:00
Pavel Djundik
ede3131168 Add global logging helper 2016-04-27 00:05:55 +03:00
Jérémie Astori
05be0ff57f Merge pull request #174 from thelounge/xpaw/http2
Add support for HTTP2
2016-03-19 18:06:34 -04:00
xPaw
9e8bc44e3a Fix default socket.io transports 2016-03-19 18:48:36 +02:00
Pavel Djundik
689b018079 Add support for HTTP2 2016-03-09 14:04:05 +02:00
Pavel Djundik
52bc324a63 Update eslint to 2.3.0 and add stricter rules 2016-03-09 10:50:20 +02:00
Jérémie Astori
5f11c26223 Fix complete crash when refreshing a public instance 2016-02-29 01:19:11 +00:00
Daniel Llewellyn
b79a918be8 frontend password change functionality
- refactor clientManager.js to allow configuration parsing as a serparate
  function.
  - refactor clientManager.js to add configuration writing function.
  - add server.js changes to allow for new password-change functionality
  - add password change ui to "settings" screen
  - refactor client.js to use new clientManager functionality for saving
    the configuration files
2016-02-26 18:38:15 +00:00
Alistair McKinlay
b2625aebae Merge pull request #38 from xPaw/lodash
Update lodash
2016-02-21 15:31:44 +00:00
Pavel Djundik
19bc4f37e0 Update lodash 2016-02-19 15:13:53 +02:00
Maxime Poulin
5bf205195d Only update the users list when needed
Currently, for join/part/kick/nick/... the server will send an updated list of users and the client will re-render the list entirely. This ends up being a very expensive operation when joined on large channels and causes the client to slow down a lot.
2016-02-17 04:35:55 -05:00
Jérémie Astori
39dc4e8957 Update name and link to repo to new project 2016-02-10 06:20:05 +00:00
William Boman
8fdfd70c7e Comply with ESLint 2015-10-26 03:01:47 +01:00
Mattias Erming
53faab2f41 Ignore query variables 2014-12-11 23:19:09 +01:00
Riku Rouvila
9416c492dd add socket.io transports to configuration 2014-11-01 22:06:01 +02:00
Mattias Erming
1a620e1d54 Change 'users/' folder structure 2014-10-14 22:05:16 +02:00
Mattias Erming
95bebfe12c Refactoring 2014-10-11 19:33:28 +02:00
Mattias Erming
3918c0ab61 Merge pull request #226 from wizardfrag/identd 2014-10-11 17:26:41 +02:00
Mattias Erming
d1296abf12 Clean up server options 2014-10-11 14:35:28 +02:00
David White
ea0e66afd0 Set up identd and make it work on connection 😎 2014-10-11 11:09:27 +01:00
XeonCore
dbd423e5a1 Allow binding to a local IP 2014-10-11 17:17:41 +11:00
Mattias Erming
2e964ca629 Prevent multiple logins 2014-10-08 22:16:10 +02:00
Mattias Erming
2ed7d6364c Added '--home <path>' option 2014-10-03 16:33:44 -07:00
Mattias Erming
316fba3c08 Use 'bcrypt-nodejs' package 2014-10-03 02:57:35 -07:00
Shell Turner
7e4534afa9 Always go through the Helper object to load config 2014-10-01 18:53:54 +02:00
Mattias Erming
3e22b6e88a Added https support 2014-09-26 16:26:21 -07:00
Mattias Erming
4c94a67d49 Use express 2014-09-26 15:12:53 -07:00
Mattias Erming
4d9b58ecd5 Autoload users 2014-09-24 15:23:54 -07:00
Mattias Erming
8793551371 Sync sidebar order 2014-09-24 12:42:36 -07:00
Mattias Erming
11f3d452dd Server-side tracking of new message count 2014-09-21 09:46:43 -07:00
Mattias Erming
56b72071ec Fix login 2014-09-16 10:43:02 -07:00
Mattias Erming
78d36d6750 Added 'Remember' login option 2014-09-15 14:13:03 -07:00
Mattias Erming
b52b860167 Fix login 2014-09-14 12:13:34 -07:00
Mattias Erming
221ed4b980 Change config.json to config.js 2014-09-13 09:41:11 -07:00
Sascha Depold
aa2406eb4b Load home directory from helper and make it configurable. 2014-09-13 14:26:45 +02:00
Chris Moeller
1076ee4e06 Server correctly sends text/html MIME type and response code 200 for the root index. 2014-09-13 05:54:17 +01:00
Mattias Erming
428f63946b Added password hashing 2014-09-11 13:37:16 -07:00
Mattias Erming
05a51f74a7 Fix the 'Show More' button 2014-09-10 12:23:56 -07:00
Mattias Erming
c66fab06a4 Allow commands on connect 2014-09-09 12:31:23 -07:00
Mattias Erming
965981e112 Fix login 2014-09-09 10:23:46 -07:00
Mattias Erming
404442f138 Bump version 2014-09-09 01:21:09 -07:00
Jonathan Huot
3a093dacd8 Added listen IP parameter. Listening on localhost allow to put Nginx/Varnish in front of shout server 2014-09-09 09:48:53 +02:00
Mattias Erming
b36e069895 Update cli commands 2014-08-17 06:33:48 -07:00
Mattias Erming
ac156544f0 Fetch remote images 2014-08-16 14:19:15 -07:00
Mattias Erming
eb7c40276e Run private server by default
Use `shout start --public` or edit your `config.json` to override.
2014-08-14 09:37:26 -07:00
Mattias Erming
43b6310481 Added user loading 2014-08-13 18:52:02 -07:00
Mattias Erming
cd1383c1f0 Added --port option 2014-08-05 01:44:29 -07:00
Mattias Erming
4b21c319c2 Turn index.js into an executable 2014-08-05 01:32:50 -07:00
Mattias Erming
928220c6c1 Rename lib to src 2014-08-05 00:48:14 -07:00