path: root/data/
AgeCommit message (Collapse)AuthorFilesLines
2019-09-12Add VNDB::Config module and unified config fileYorhel1-41/+0
This gets rid of, and and uses the cleaner format for the config file. The config is easily accessible from anywhere by importing the new VNDB::Config module; The global $VNDB::S,O,M,ROOT variables have been removed. Sorry for all the churn... Move compression to "make prod"Yorhel1-7/+0
I think this is the last one. 'make' in a development environment is now beautifully fast and 'make prod' generates nicely small assets. (arguably we could have an even faster dev setup by not generating an icons.png in the first place, but then we'd need more code to differentiate between dev & prod, which is also a pain) This change does remove the "slow" option that would use the compressed image size in the optimization algorithm, but I hadn't used that option for a while anyway, it takes an hour and only saves about 100 bytes.
2019-09-09JS/Build: Move minification and compression to "make prod"Yorhel1-7/+0
Similar to previous commit.
2019-07-17Docker: Store Postgres DB in data/ + simplify the setup a bitYorhel1-1/+1
I initially wanted to move the static/.. files onto the Docker volume, so that all dynamic site data is stored in a single place. But that turned out to be impossible to do without some really ugly hacks. So instead I went with the opposite approach: get rid of the 'vndb-data' volume and instead store everything in the source directory. This also requires running PostgreSQL as the 'devuser', but that's fine for a development setup. All of this makes it more obvious what is going on and simplifies the init script.
2019-05-16Add password dictionary checkYorhel1-0/+3
This affects the following: - API login with a weak password is disallowed, affected users will have to change their password through the website to continue using the API. - Registration, password reset or password change forms require the new password to not be in the dictionary. - Attempting to log in to the website with a weak password will force-redirect to a password change form, allowing a new password to be set (using the weak-but-still-valid password as check).
2018-11-02Change Multi to use separate setting for db_login and to use UNIX socket for ↵alto1-0/+1
Postgres Update README with basic information on Multi (cherry picked from commit 01188a82ab736a8975c73ac5ec12621426bf6bf2)
2018-09-29Add default spoiler level to traits and use it on character editYorhel1-0/+1
2017-12-09Add Docker configYorhel1-1/+1
2017-12-06Add instructions for running VNDB as standalone web serverYorhel1-3/+3
2017-11-25Remove broken SQL functions from Makefile + add install instructionsYorhel1-2/+2
2016-01-10Support zopfli/zopflipng for all static asset generatorsYorhel1-2/+7
Compresses a little better. I reduced the number of iterations required to find the optimal image size in, but generating the icons.png is *incredibly slow* when combining zopflipng with the 'slow' option. It's possible to parallelize the calculation and use multiple cores to speed it up, but that seems overkill. Some icons.png compression stats: METHOD SIZE RUNTIME default 18103 <1sec slow 17941 few secs pngcrush 15385 <1sec pngcrush+slow 15148 few mins zopflipng 14986 few secs zopflipng+slow 14898 ~1 hour
2015-11-01Removed support for sha256-hashed passwordsYorhel1-3/+2
They had to be deleted from the database at some point, otherwise we still have thousands of easily-cracked password hashes in the database. Note that I could have opted to use scrypt on top of the sha256 hashes so the passwords would remain secure without needing to reset everything, but doing that after one year of switching to scrypt is likely not worth it. Everyone who still actively uses his account has already been converted to scrypt, everyone else should just reset their password whevener they decide to come back. Add pngcrush/slow options + force png32 + atomic replaceYorhel1-0/+4
A recent version of imagemagick creates 16 bit depth PNG images by default for some reason. This results in an unnecessarily large file size increase and pngcrush doesn't do much to counter it (and its -bit_depth option has been deprecated, too). The atomic replace is quite handy to avoid people seeing any wierd intermediate images while the slow+pngcrush options are being used.
2015-08-17jsgen: Support external command for JS compression (like uglifyjs)Yorhel1-1/+6
Tends to compress a bit better than JavaScript::Minifier::JS. But is also a lot slower, so not really useful when devving. Stats for en.js: raw gzip uglifyjs 68199 19446 JS::Minifier::XS 79862 21624 Uncompressed 107662 28663 On an unrelated note, I like how jQuery boasts about being "Only 32kB minified and gzipped.". That's quite a bit more than all of VNDB's Javascript combined. For a damn library. Add a cookie_defaults.pathYorhel1-0/+1
Looks like login won't always work correctly without.
2014-10-15Use scrypt for new password hashesYorhel1-0/+1
I increased the N parameter to approximate about 500ms to generate the hash. This is quite a paranoid setting for a website, but login attempts are throttled so there's not much of a DoS factor. (Alright, password changing feature isn't throttled so the DoS factor still exists. But really, there's some pages with longer page generation times anyway.) I did lower the size of the salt a bit (Crypt::ScryptKDF uses 256 bits by default), because 64 bits of randomness should have low enough chance of collision with only ~100k users (even with a million users, seriously).
2014-05-21Added a config_example.plYorhel1-0/+35