Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Somewhat hacked together, should better integrate this feature with
Auth.pm but the code is already annoying enough as it is. :(
|
|
Slightly helpful for account recovery scenarios when the user doesn't
know their *exact* sign-up address, but that's not too common.
This normalization should become more useful when I implement better
opt-out functionality.
|
|
This is IMO pretty user-hostile, but apparently there are people who
care about preventing email address enumeration. Whatever.
|
|
Yak shaving at its finest. I was working on an edit form for the new
franchises system, but then realized that the form JS and HTML kind of
sucked and a completely new form isn't the best way to experiment with a
new implementation. I also had some ideas to improve the user edit form,
so decided to rewrite that first, but then realized it's better to lay
down a smaller foundation before doing the complex stuff. So here we
are, a completely useless rewrite of a tiny little login form.
But I did improve error messages a bit while I was at it.
There's still a bunch of unknowns regarding form implementations: to see
if there's a more convenient way to set custom validations; to see if
HTML5 validation works well with form tabs; to see if URL fragments can
be used to select form tabs; mobile-friendly form layouts (should be
easier with this new approach); dropdown search improvements, etc. The
user edit form should prove a good testing ground for all of that.
|
|
The save/load mechanism should also work on ulists, but that's quite a
bunch of options: there's the global default, list owner's settings and
visitor's settings, and that times 3 for vnlist, votes and wishlist.
Meh.
|
|
Using local time is a bad idea now that we have user timezone
preferences implemented by changing the TZ variable.
|
|
This is in preparation for getting rid of the CREATE TEMPORARY VIEW
commands in order to switch title preferences:
https://dev.yorhel.nl/doc/vndbtitles
The JSON storage approach ended up being quite as mess, too.
Also "fixed" it so that selecting Chinese will automatically also select
the scripts, if there's enough slots.
|
|
|
|
|
|
Same as TUWF commit 1a32e51a1156266ccb5257dc7f53dd3923cc7e67
Saves about 1MB on resident memory use, whooptiedoo. \o/
(Only fixed this for vndb.pl, Multi still has the Encode module loaded,
w/e)
|
|
Fixes #37.
|
|
+ update filters and APIs to respect the 'listread' permission.
|
|
Not actually very useful yet, but I figured out how to handle
authentication with CORS, both for requests originating from vndb.org
(i.e. userscripts) and requests from other origins (which'll use an
Authorization header, not yet implemented).
|
|
It's looking pretty powerful and functional already.
|
|
This reduces potential the attack surface of HTML inlining... I hope,
and is also more efficient than including the users' CSS on every page.
|
|
This should save me considerable time in finding duplicate account
voters.
|
|
This reduces the average row size from 145.7 to 101.4 bytes (including
row headers). Probably not going to result in a noticeable performance
difference, but the table is referenced pretty often while many columns
are only ever read by direct id lookup. I could reduce the size even
further, but that'll get into diminishing returns territory. This split
makes it easier to add more preferences later on without having to worry
about performance.
Also improved user privacy a bit by moving the 'ip' field to a
write-only column in users_shadow, and deleted the unused changes.ip
column while I was at it.
|
|
Somewhat surprising I haven't implemented this earlier, I'm sure it
might have been useful during server migrations. Anyway, with my current
plans for a postgres 14 upgrade I could significantly reduce full
downtime by temporarily putting the site in read-only mode instead.
|
|
|
|
|
|
Usernames are now case-insensitive and name changes and new
registrations are now checked for homograph attacks.
|
|
There's no way to list or aggregate the votes yet, and I'm not fully
sure the data model is what it should be. Hence testing.
|
|
|
|
This simplifies permissions management somewhat.
|
|
I had wanted to split this up into multiple commits and roll out in
stages, but couldn't really find a natural way to do so. There are
several places that take a generic identifier and expect it to work the
same for all entries they support, so changing one entry at a time
wasn't going to be any easier. Only the tags & traits haven't been
updated yet, I'll convert those later.
While this is a major change and affects a lot of code, the individual
changes are all pretty simple. I'm surprised how much code did not have
to be updated at all. No doubt I've missed a few places, though, so this
commit will almost certainly break something.
|
|
Something I was planning to do in the v2rw rewrite. VNDB::Func used to
be a module intended for use inside TUWF (i.e. the web backend) while
VNDBUtil was for utility functions that could also be used outside of
that. Now that the web backend has moved to the VNWeb::* namespace,
the VNDB::Func module has taken over the role of VNDBUtil.
Also updated the API code to make use of the 'imgurl' function, which
is a nice additional cleanup.
|
|
Every page load needs some preferences, so lazily loading the list is
not a useful strategy. Removed some preferences that weren't referenced
anymore or that were only used rarely. Removed prefSet(), that's easier
to do with just an UPDATE.
|
|
(We never log during initialization... yet)
|
|
posts/reviews
The mark as read functionality was already present in some form for
threads, but is now made consistent among all notification types. This
removes the need for the redirect from the notification listing.
The deletion of notifications is intended to avoid pointless
notifications, especially in case of spam.
|
|
|
|
The boardmod flag will also determine the review moderation permissions.
|
|
So that users can bring up problems to the moderators. Only used for
forum posts for now, but I intend to extend it to other parts of the
site as well.
|
|
|
|
Auto-wiping request-local storage is easier and more reliable than using
hooks. (See TUWF commit 7cc84ca99b1d93f7f08cc95e9a776f1926e80417)
|
|
|
|
Includes failed logins (but not through the API...), password changes,
email changes, any user-related changes performed by a moderator and
post edits/deletions performed by a moderator.
|
|
|
|
|
|
So that I can more easily embed them inside URLs.
The old token format is still supported to avoid breaking forms.
|
|
This simplifies several actions and makes permission checks more
obvious. This is also yack shaving for another feature I've been
planning to add: boardmods should be able to set other users' "board"
permission, tagmods for tags, etc. So that partial user bans don't need
the full "usermod" permission.
|
|
This affects logs generated before the auth module is initialized or
(more commonly) after it has been de-initialized. This happens often for
requests exceeding TUWF's `log_slow_pages`. This change does mean that
the logged user ID did not necessarily pass authentication, but it's
good enough for debugging purposes.
|
|
And reduce the number of images given out randomly. That reduction makes
it more expensive for an abuser to get tokens for the images they want
(they'd hit the req/sec rate limiter much earlier), and also makes sense
now that the query has been optimized with the TABLESAMPLE trick (it's
faster, and more queries with less rows ought to give a better
distribution overall - it reduces the impact of a biased query).
|
|
So we can revoke voting rights. Unsetting this permission does not
currently invalidate the users' existing votes, that should probably
change (I mean, why else would you revoke someones voting rights?).
|
|
Old VNDB::* code still uses that preference in a few places, that needs
to be fixed.
|
|
People leave their window open for a while, and that's fine.
|
|
|
|
Only place where this isn't applied (yet?): Sorting user lists still
goes by the old username and board names don't use the new unicode
names.
I have to say, I quite like the sql_user() and user_() pattern. It's not
without problems when applied to everything, but it's good enough for
several use cases.
|
|
This ensures that the email address linked to a user is always valid and
actually belong(s|ed) to that user.
|
|
This improves the password reset workflow a bit.
The users.passwd field is now no longer used for reset tokens, meaning
that the current password isn't affected until the user actually clicks
the link and changes it.
It is now also possible to have multiple active password reset tokens,
in case one of the emails got lost. All existing tokens are invalidated
when the user finally changes their password.
Tokens are now valid for at most 1 week instead of indefinitely.
|