Commit Graph

7181 Commits (d87b4e0c20ccd03771833c878345edc4b39139a1)

Author SHA1 Message Date
Richard Hansen d40d59d9eb AttributeManager: Simplify logic 2021-05-03 01:42:03 -04:00
Richard Hansen e3d32a26b6 skiplist: Delete unused methods 2021-05-03 01:42:03 -04:00
Richard Hansen f650c3d73e editor: Delete unused `PROFILER` code 2021-05-03 01:42:03 -04:00
Richard Hansen ab4e99f67a editor: Delete commented-out code 2021-05-03 01:42:03 -04:00
Richard Hansen eeead46437 PadMessageHandler: Use a `Map` for `sessioninfos`
Maps are a bit more flexible, have clearer semantics, and have a
convenient `size` property.
2021-05-03 01:35:11 -04:00
Richard Hansen 14d4aadfe4 PadMessageHandler: Parallelize client updates
Multiple clients are updated in parallel, but multiple revisions sent
to a particular client are still sent sequentially.
2021-05-03 01:35:11 -04:00
Richard Hansen 770755debf PadMessageHandler: Assume sessioninfo stays valid during client update
...but add a try/catch around the message transmission just in case.
2021-05-03 01:35:11 -04:00
Richard Hansen c85391862b PadMessageHandler: Avoid unnecessary property lookups 2021-05-03 01:35:11 -04:00
Richard Hansen d5c6a44d9c PadMessageHandler: Improve documentation of `sessioninfos` 2021-05-03 01:35:11 -04:00
Richard Hansen 4c4415e14a PadMessageHandler: Register `activePads` metric only once 2021-05-03 01:35:11 -04:00
snyk-bot 6011d31b22 fix: upgrade underscore from 1.12.1 to 1.13.0
Snyk has created this PR to upgrade underscore from 1.12.1 to 1.13.0.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
2021-05-03 01:31:53 -04:00
Richard Hansen 8f236b8687 Minify: Avoid crash due to unhandled Promise rejection if stat fails 2021-05-03 01:26:49 -04:00
Richard Hansen e8df643d75 Minify: Treat `ENOTDIR` like `ENOENT` when statting a file
This avoids an exception when require-kernel requests a path like
`existing-file.js/index.js`.
2021-05-03 01:26:48 -04:00
Richard Hansen aaacbd3a7a Minify: Refactor `requestURI()` for readability 2021-05-03 01:26:48 -04:00
translatewiki.net 3a8d66ba6a Localisation updates from https://translatewiki.net. 2021-04-30 08:49:17 +02:00
translatewiki.net 3afc77dae7 Localisation updates from https://translatewiki.net. 2021-04-26 15:20:55 +02:00
Richard Hansen 8384a7a67b deps: Bump ueberdb2 2021-04-20 21:56:44 +02:00
Richard Hansen ea8846154f favicon: Redo favicon customization 2021-04-20 13:33:55 -04:00
Richard Hansen 92e0bff80c favicon: Refactor handler and add tests 2021-04-20 13:33:55 -04:00
Richard Hansen d0d4b95980 favicon: Only serve from `/favicon.ico` 2021-04-20 13:33:54 -04:00
Richard Hansen c2ac5e6145 tests: Fix missing commit in "Upgrade from latest release" workflow 2021-04-20 13:20:33 -04:00
Richard Hansen 96208e8239 tests: Rename workflow to "Upgrade from latest release" 2021-04-20 13:20:04 -04:00
webzwo0i 3a5af19492 AuthorManager: await for more db methods 2021-04-20 11:27:44 -04:00
webzwo0i 35797e57fc AuthorManager: await db.set in createAuthor 2021-04-20 11:27:44 -04:00
webzwo0i 20c512c8a9 test for await db.set in createAuthor 2021-04-20 11:27:43 -04:00
Chocobozzz a001a13411 fix(perf): Disable wtfnode dump by default
Consumes a lot of CPU so it's better to enable it on purpose
2021-04-13 16:01:41 +02:00
Richard Hansen 951d369e3f padaccess: Delete useless try/catch 2021-04-12 22:51:06 -04:00
Richard Hansen 329d037431 Simplify read-only pad ID checks 2021-04-12 22:51:06 -04:00
Richard Hansen f63610bb12 tests: Test access bypass via read-only pad ID 2021-04-12 22:51:06 -04:00
pcworld 3c71e8983b Fix read only pad access with authentication
Before this commit, webaccess.checkAccess saved the authorization in
user.padAuthorizations[padId] with padId being the read-only pad ID,
however later stages, e.g. in PadMessageHandler, use the real pad ID for
access checks. This led to authorization being denied.

This commit fixes it by only storing and comparing the real pad IDs and
not read-only pad IDs.

This fixes test case "authn user readonly pad -> 200, ok" in
src/tests/backend/specs/socketio.js.
2021-04-12 22:51:06 -04:00
pcworld 0d33793908 tests: readonly pastes must be readable+exportable with authentication
readonly paste links should be readable even if authentication is turned
on, as long as the user provides valid login data.
This test currently fails.

Also test that readonly paste IDs can be exported under the same
condition, which currently succeeds.
2021-04-12 22:51:06 -04:00
translatewiki.net 7d5cad6932 Localisation updates from https://translatewiki.net. 2021-04-12 15:43:27 +02:00
Richard Hansen d01b593d3c chat: Ensure that `ctx.text` is interpreted as HTML 2021-04-11 06:20:29 +02:00
Richard Hansen a3a0ff7bc1 chat: Use jQuery to build the chat message DOM object
This reduces the likelihood of accidentally introducing an XSS
vulnerability.
2021-04-11 06:20:29 +02:00
Richard Hansen 74554d36a5 chat: Allow `chatNewMessage` hook to modify more values 2021-04-11 06:20:29 +02:00
Richard Hansen 1ad134a538 PadMessageHandler: Improve logging of pre-CLIENT_READY drops
This should make it easier to see what is emitting the the messages so
it can be fixed.
2021-04-09 18:43:02 +02:00
Richard Hansen 91e99c84ca import: Reduce log spam from unsupported elements 2021-04-09 18:43:02 +02:00
Richard Hansen 09c349e2a1 import: Use a Set for supported elements 2021-04-09 18:43:02 +02:00
translatewiki.net e31da37d00 Localisation updates from https://translatewiki.net. 2021-04-08 14:54:44 +02:00
webzwo0i a796811558 escape userId before setting it as HTML attribute 2021-04-07 23:29:27 -04:00
webzwo0i 9408d4395f remove custom timeouts 2021-04-07 17:47:11 -04:00
Mikk Andresen af19a010c5 DOCS: Fix broken links in TOC - use Marked to generate ID slugs instead of local implementation that was giving out different IDs in some cases - https://github.com/citizenos/citizenos-fe/issues/535 2021-04-06 21:42:01 +02:00
Mikk Andresen 78ea888cb7 DOCS: Add basic styles for tables and resources section to Changeset docs - https://github.com/citizenos/citizenos-fe/issues/535 2021-04-06 21:42:01 +02:00
webzwo0i e483b91916 Don't make browsers fail on sync-xhr until require-kernel is dropped 2021-04-05 04:34:29 -04:00
snyk-bot e86547c4f5 fix: upgrade openapi-backend from 3.9.0 to 3.9.1
Snyk has created this PR to upgrade openapi-backend from 3.9.0 to 3.9.1.

See this package in npm:
https://www.npmjs.com/package/openapi-backend

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
2021-04-03 16:54:52 -04:00
Richard Hansen e4754eb9df tests: Fix race in `timeslider_revisions.js` 2021-04-02 15:46:27 +02:00
Richard Hansen 27e5373050 tests: Fix race in `change_user_name.js` 2021-04-02 15:46:27 +02:00
Richard Hansen 58dac4c0fc tests: Fix races in `inner_height.js` 2021-04-02 15:46:27 +02:00
Richard Hansen 4ad80d4072 tests: Delete overly aggressive frontend test timeouts
This should reduce test flakiness.
2021-04-02 15:46:27 +02:00
Richard Hansen 7cbb3f565d tests: Speed up `helper.edit()` and `helper.clearPad()` 2021-04-02 15:46:27 +02:00