w0zard/sync
1
0
Fork 0
mirror of https://github.com/Spengreb/sync.git synced 2026-06-16 09:32:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
2667 commits 21 branches 9 tags 15 MiB
Commit graph

99 commits

Author SHA1 Message Date
Speng Reb
36da4bdff1 Harden API and session security: enforce CSRF on cookie-auth /api/v1 writes, exempt bot bearer tokens, and set SameSite=Lax + conditional Secure on auth/CSRF/ip-session cookies 2026-05-21 16:25:34 +02:00
Speng Reb
6eeee342d7 Protect /api/v1 mutations with CSRF for cookie auth while exempting cbt_ bearer bot tokens and wiring UI X-CSRF-Token headers 2026-05-21 16:23:30 +02:00
Speng Reb
12696452aa Fix shows/bot API auth gaps, handle missing channels as 404, make recurrence DST-safe, and clear lint regressions 2026-05-21 16:13:56 +02:00
Speng Reb
c4ee655d15 Shows playlist editor now shows media title instead of ID 2026-05-20 21:10:49 +02:00
Speng Reb
56ab732f6b Better handling of TZ and Bot API added 2026-05-20 21:00:48 +02:00
Speng Reb
17f38874d1 Add a scheduled show concept to the project without bot API for now 2026-05-20 20:52:26 +02:00
Speng Reb
dc70e1236b Initial bot API v1 2026-05-04 16:07:59 +02:00
Speng Reb
6efb8902fa Remove bad protoswitching from previous commit 2026-04-21 00:27:20 +02:00
Speng Reb
f3cfe74cfa Add TV layout mode 2026-04-21 00:08:25 +02:00
Kethsar
87198bd4e7 Expand chat message length option to be consistent with other options 2023-03-25 14:31:25 -07:00
Kethsar
986207b46b Add max chat message length config option 2023-03-25 14:31:25 -07:00
Calvin Montgomery
99740a3673 Add cache, test 2022-09-23 21:39:38 -07:00
Calvin Montgomery
913348d46e Continue working on banned channels 2022-09-23 21:39:38 -07:00
Calvin Montgomery
8338fe2f25 Work on banned channels feature 2022-09-23 21:39:38 -07:00
Xaekai
25ddc336e0 Use child iframe for BitChute 
By using an iframe we can take advantage of the referrer meta tag,
while still being able to scaffold everything relatively easily because it's same-origin
 2022-09-18 19:10:36 -07:00
Calvin Montgomery
1f10f0f09c Fix eslint error 2021-08-19 20:55:40 -07:00
Calvin Montgomery
edb5f94b7c Add a POST flow to password recovery (#871) 2021-08-19 20:55:02 -07:00
Calvin Montgomery
1b7e7c74f5 Remove legacy counters 2021-08-19 20:36:04 -07:00
Calvin Montgomery
da53decdd5 Fix #885 2021-03-22 22:53:03 -07:00
Calvin Montgomery
801e54afa2 Tweak urlencoded body size limit 2020-09-22 20:23:46 -07:00
Calvin Montgomery
df82d2d4f1 Add registration captcha support 2020-09-22 20:11:34 -07:00
Calvin Montgomery
a81e4d1d16 Fix copyright year in LICENSE 2019-02-02 15:56:43 -08:00
Calvin Montgomery
aa2348656d Implement self-service account deletion 2018-12-07 20:35:00 -08:00
Calvin Montgomery
60a39890f0 Fix hostname comparison in /login 2018-11-11 16:11:51 -08:00
Calvin Montgomery
7b0427afa2 Remove code that was never finished and likely won't be used 2018-08-27 22:07:42 -07:00
Calvin Montgomery
db2361aee9 Misc fixes for password reset 
* Remove messaging about asking an administrator for help if no email
    is associated with the account (no longer correct or relevant)
  * Compare user-provided email with registered email case-insensitively
    (#755)
  * Replace antiquated hash generator with cryptographically secure
    random byte string generator
 2018-07-11 19:21:32 -07:00
Calvin Montgomery
3413c3bdaa Reject guest names matching the reserved usernames regex 2018-06-03 22:01:40 -07:00
Calvin Montgomery
62417f7fb8
Add eslint (#741) 2018-04-07 15:30:30 -07:00
Calvin Montgomery
81e1947656 Clear template cache on /reload (#734) 2018-03-05 21:46:58 -08:00
Calvin Montgomery
49661a95ab Upgrade dependencies 2018-02-15 19:58:33 -08:00
Calvin Montgomery
d706bf63b1 Fix ustream 2018-01-14 15:02:15 -08:00
Calvin Montgomery
875337d9a6 web/account: add referrer check 2017-11-05 16:17:37 -08:00
Calvin Montgomery
3cd8bfa8c7 Remove /sioconfig for real 2017-09-30 15:26:47 -07:00
Calvin Montgomery
a2be65aead Reset prometheus summaries for more accurate percentiles per 5 minutes 2017-09-27 21:55:42 -07:00
Calvin Montgomery
f975f7ef85 Update password reset to use new nodemailer impl 2017-09-26 21:22:15 -07:00
Calvin Montgomery
bfc7cfc193 Remove old /useragreement 2017-09-19 22:07:00 -07:00
Calvin Montgomery
c159fa8060 Remove old HTTPS redirect kludges 2017-09-19 20:49:33 -07:00
Calvin Montgomery
9e3426633d Support updating email via /account/data 2017-09-05 23:11:28 -07:00
Calvin Montgomery
5b6f86668a Refactoring 2017-09-05 22:47:29 -07:00
Calvin Montgomery
45d0e0b4c3 Guard unfinished web route with env variable 2017-09-03 17:22:57 -07:00
Calvin Montgomery
b76869e2d2 Add some basic tests for implemented /account/data handlers 2017-09-01 21:20:07 -07:00
Calvin Montgomery
8b1b501bbd Start working on /account/data controller 2017-08-30 22:45:48 -07:00
Calvin Montgomery
3d50b8f52e Fix getSafeReferrer when referrer is null 2017-08-24 20:55:18 -07:00
Calvin Montgomery
cc69b3c225 Revert "Remove legacy /sioconfig and user agreement link" 
ACP has a dependency on `/sioconfig`.  Reverting until that can be
fixed.

This reverts commit a48cab81b9.
 2017-08-23 23:15:30 -07:00
Calvin Montgomery
cacde7f72d Fix unhandled rejections in webserver 2017-08-23 23:02:08 -07:00
Calvin Montgomery
7e6312f9d1 Remove ?dest= redirect logic for /login and use referrer instead 2017-08-22 17:25:18 -07:00
Calvin Montgomery
a48cab81b9 Remove legacy /sioconfig and user agreement link 
- `/sioconfig` has been deprecated for ages in favor of
    `/socketconfig/${channel}.json`
  - Each website administrator should be responsible for determining the
    appropriate terms of service for their website instead of CyTube
    providing a default one.
 2017-08-21 23:19:19 -07:00
Calvin Montgomery
791a712a68 Move channel register/delete reload logic to message bus 2017-08-15 18:55:36 -07:00
Calvin Montgomery
d16cfb7328 Add message bus for #677 2017-08-15 18:23:03 -07:00
Calvin Montgomery
99076412b6 Fix unhandled rejection 2017-08-14 20:31:45 -07:00