diff --git a/.codebeatignore b/.codebeatignore index 5978505e..b6fccf76 100644 --- a/.codebeatignore +++ b/.codebeatignore @@ -1,10 +1,10 @@ -/public/trumbowyg/* -/public/jquery-emojiarea/* -/public/font-awesome-4.7.0/* +/public/trumbowyg/** +/public/jquery-emojiarea/** +/public/font-awesome-4.7.0/** /public/jquery-3.1.1.min.js /public/EQCSS.min.js /public/EQCSS.js -/schema/* +/schema/** template_list.go template_forum.go diff --git a/install-linux b/install-linux index 6b23f0f3..be7b8f9f 100644 --- a/install-linux +++ b/install-linux @@ -25,6 +25,9 @@ go get -u github.com/robertkrimen/otto echo "Installing the Riot Search Engine" go get -u github.com/robertkrimen/otto +echo "Installing the Rez Image Resizer" +go get -u github.com/bamiaux/rez + echo "Building the installer" cd ./install diff --git a/install.bat b/install.bat index 2bbe9354..2e4832af 100644 --- a/install.bat +++ b/install.bat @@ -78,6 +78,13 @@ if %errorlevel% neq 0 ( exit /b %errorlevel% ) +echo Installing the Rez Image Resizer +go get -u github.com/bamiaux/rez +if %errorlevel% neq 0 ( + pause + exit /b %errorlevel% +) + echo Building the installer go generate diff --git a/member_routes.go b/member_routes.go index e31777b0..d42c26be 100644 --- a/member_routes.go +++ b/member_routes.go @@ -6,7 +6,6 @@ import ( "html" "io" "log" - "net" "net/http" "os" "path/filepath" @@ -134,12 +133,7 @@ func routeTopicCreateSubmit(w http.ResponseWriter, r *http.Request, user User) R topicName := html.EscapeString(r.PostFormValue("topic-name")) content := html.EscapeString(preparseMessage(r.PostFormValue("topic-content"))) - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - - tid, err := topics.Create(fid, topicName, content, user.ID, ipaddress) + tid, err := topics.Create(fid, topicName, content, user.ID, user.LastIP) if err != nil { switch err { case ErrNoRows: @@ -339,12 +333,7 @@ func routeCreateReply(w http.ResponseWriter, r *http.Request, user User) RouteEr } content := preparseMessage(html.EscapeString(r.PostFormValue("reply-content"))) - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - - _, err = rstore.Create(topic, content, ipaddress, user.ID) + _, err = rstore.Create(topic, content, user.LastIP, user.ID) if err != nil { return InternalError(err, w, r) } @@ -537,13 +526,8 @@ func routeProfileReplyCreate(w http.ResponseWriter, r *http.Request, user User) return LocalError("Invalid UID", w, r, user) } - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - content := html.EscapeString(preparseMessage(r.PostFormValue("reply-content"))) - _, err = prstore.Create(uid, content, user.ID, ipaddress) + _, err = prstore.Create(uid, content, user.ID, user.LastIP) if err != nil { return InternalError(err, w, r) } diff --git a/mod_routes.go b/mod_routes.go index 033bdafe..b3949467 100644 --- a/mod_routes.go +++ b/mod_routes.go @@ -6,7 +6,6 @@ import ( "encoding/json" "html" "log" - "net" "net/http" "strconv" "time" @@ -113,11 +112,7 @@ func routeDeleteTopic(w http.ResponseWriter, r *http.Request, user User) RouteEr return InternalErrorJSQ(err, w, r, isJs) } - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalErrorJSQ("Bad IP", w, r, user, isJs) - } - err = addModLog("delete", tid, "topic", ipaddress, user.ID) + err = addModLog("delete", tid, "topic", user.LastIP, user.ID) if err != nil { return InternalErrorJSQ(err, w, r, isJs) } @@ -161,16 +156,11 @@ func routeStickTopic(w http.ResponseWriter, r *http.Request, user User) RouteErr return InternalError(err, w, r) } - // ! - Can we use user.LastIP here? It might be racey, if another thread mutates it... We need to fix this. - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - err = addModLog("stick", tid, "topic", ipaddress, user.ID) + err = addModLog("stick", tid, "topic", user.LastIP, user.ID) if err != nil { return InternalError(err, w, r) } - err = topic.CreateActionReply("stick", ipaddress, user) + err = topic.CreateActionReply("stick", user.LastIP, user) if err != nil { return InternalError(err, w, r) } @@ -205,15 +195,11 @@ func routeUnstickTopic(w http.ResponseWriter, r *http.Request, user User) RouteE return InternalError(err, w, r) } - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - err = addModLog("unstick", tid, "topic", ipaddress, user.ID) + err = addModLog("unstick", tid, "topic", user.LastIP, user.ID) if err != nil { return InternalError(err, w, r) } - err = topic.CreateActionReply("unstick", ipaddress, user) + err = topic.CreateActionReply("unstick", user.LastIP, user) if err != nil { return InternalError(err, w, r) } @@ -268,16 +254,11 @@ func routeLockTopic(w http.ResponseWriter, r *http.Request, user User) RouteErro return InternalErrorJSQ(err, w, r, isJs) } - // ! - Can we use user.LastIP here? It might be racey, if another thread mutates it... We need to fix this. - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalErrorJSQ("Bad IP", w, r, user, isJs) - } - err = addModLog("lock", tid, "topic", ipaddress, user.ID) + err = addModLog("lock", tid, "topic", user.LastIP, user.ID) if err != nil { return InternalErrorJSQ(err, w, r, isJs) } - err = topic.CreateActionReply("lock", ipaddress, user) + err = topic.CreateActionReply("lock", user.LastIP, user) if err != nil { return InternalErrorJSQ(err, w, r, isJs) } @@ -316,16 +297,11 @@ func routeUnlockTopic(w http.ResponseWriter, r *http.Request, user User) RouteEr return InternalError(err, w, r) } - // ! - Can we use user.LastIP here? It might be racey, if another thread mutates it... We need to fix this. - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - err = addModLog("unlock", tid, "topic", ipaddress, user.ID) + err = addModLog("unlock", tid, "topic", user.LastIP, user.ID) if err != nil { return InternalError(err, w, r) } - err = topic.CreateActionReply("unlock", ipaddress, user) + err = topic.CreateActionReply("unlock", user.LastIP, user) if err != nil { return InternalError(err, w, r) } @@ -447,11 +423,7 @@ func routeReplyDeleteSubmit(w http.ResponseWriter, r *http.Request, user User) R return InternalErrorJSQ(err, w, r, isJs) } - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalErrorJSQ("Bad IP", w, r, user, isJs) - } - err = addModLog("delete", reply.ParentID, "reply", ipaddress, user.ID) + err = addModLog("delete", reply.ParentID, "reply", user.LastIP, user.ID) if err != nil { return InternalErrorJSQ(err, w, r, isJs) } @@ -694,11 +666,7 @@ func routeBanSubmit(w http.ResponseWriter, r *http.Request, user User) RouteErro return InternalError(err, w, r) } - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - err = addModLog("ban", uid, "user", ipaddress, user.ID) + err = addModLog("ban", uid, "user", user.LastIP, user.ID) if err != nil { return InternalError(err, w, r) } @@ -740,11 +708,7 @@ func routeUnban(w http.ResponseWriter, r *http.Request, user User) RouteError { return InternalError(err, w, r) } - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - err = addModLog("unban", uid, "user", ipaddress, user.ID) + err = addModLog("unban", uid, "user", user.LastIP, user.ID) if err != nil { return InternalError(err, w, r) } @@ -781,11 +745,7 @@ func routeActivate(w http.ResponseWriter, r *http.Request, user User) RouteError return InternalError(err, w, r) } - ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return LocalError("Bad IP", w, r, user) - } - err = addModLog("activate", targetUser.ID, "user", ipaddress, user.ID) + err = addModLog("activate", targetUser.ID, "user", user.LastIP, user.ID) if err != nil { return InternalError(err, w, r) } diff --git a/permissions.go b/permissions.go index d408f1de..b78fcb10 100644 --- a/permissions.go +++ b/permissions.go @@ -89,7 +89,8 @@ type Perms struct { // TODO: Add a permission for enabling avatars // Forum permissions - ViewTopic bool + ViewTopic bool + //ViewOwnTopic bool LikeItem bool CreateTopic bool EditTopic bool @@ -108,7 +109,8 @@ type Perms struct { /* Inherit from group permissions for ones we don't have */ type ForumPerms struct { - ViewTopic bool + ViewTopic bool + //ViewOwnTopic bool LikeItem bool CreateTopic bool EditTopic bool diff --git a/query_gen/lib/utils.go b/query_gen/lib/utils.go index fd0196a7..6f1fec80 100644 --- a/query_gen/lib/utils.go +++ b/query_gen/lib/utils.go @@ -81,12 +81,12 @@ func processJoiner(joinstr string) (joiner []DB_Joiner) { outjoin.Operator, parseOffset = getOperator(segment, parseOffset+1) right, parseOffset = getIdentifier(segment, parseOffset+1) - left_column := strings.Split(left, ".") - right_column := strings.Split(right, ".") - outjoin.LeftTable = strings.TrimSpace(left_column[0]) - outjoin.RightTable = strings.TrimSpace(right_column[0]) - outjoin.LeftColumn = strings.TrimSpace(left_column[1]) - outjoin.RightColumn = strings.TrimSpace(right_column[1]) + leftColumn := strings.Split(left, ".") + rightColumn := strings.Split(right, ".") + outjoin.LeftTable = strings.TrimSpace(leftColumn[0]) + outjoin.RightTable = strings.TrimSpace(rightColumn[0]) + outjoin.LeftColumn = strings.TrimSpace(leftColumn[1]) + outjoin.RightColumn = strings.TrimSpace(rightColumn[1]) joiner = append(joiner, outjoin) } @@ -102,14 +102,14 @@ func processWhere(wherestr string) (where []DB_Where) { var buffer string var optype int // 0: None, 1: Number, 2: Column, 3: Function, 4: String, 5: Operator for _, segment := range strings.Split(wherestr, " AND ") { - var tmp_where DB_Where + var tmpWhere DB_Where segment += ")" for i := 0; i < len(segment); i++ { char := segment[i] - //fmt.Println("optype",optype) + //fmt.Println("optype", optype) switch optype { case 0: // unknown - //fmt.Println("case 0:",char,string(char)) + //fmt.Println("case 0:", char, string(char)) if '0' <= char && char <= '9' { optype = 1 buffer = string(char) @@ -119,12 +119,12 @@ func processWhere(wherestr string) (where []DB_Where) { } else if char == '\'' { optype = 4 buffer = "" - } else if _is_op_byte(char) { + } else if isOpByte(char) { optype = 5 buffer = string(char) } else if char == '?' { //fmt.Println("Expr:","?") - tmp_where.Expr = append(tmp_where.Expr, DB_Token{"?", "substitute"}) + tmpWhere.Expr = append(tmpWhere.Expr, DB_Token{"?", "substitute"}) } case 1: // number if '0' <= char && char <= '9' { @@ -133,7 +133,7 @@ func processWhere(wherestr string) (where []DB_Where) { optype = 0 i-- //fmt.Println("Expr:",buffer) - tmp_where.Expr = append(tmp_where.Expr, DB_Token{buffer, "number"}) + tmpWhere.Expr = append(tmpWhere.Expr, DB_Token{buffer, "number"}) } case 2: // column if ('a' <= char && char <= 'z') || ('A' <= char && char <= 'Z') || char == '.' || char == '_' { @@ -144,23 +144,23 @@ func processWhere(wherestr string) (where []DB_Where) { } else { optype = 0 i-- - //fmt.Println("Expr:",buffer) - tmp_where.Expr = append(tmp_where.Expr, DB_Token{buffer, "column"}) + //fmt.Println("Expr:", buffer) + tmpWhere.Expr = append(tmpWhere.Expr, DB_Token{buffer, "column"}) } case 3: // function var preI = i - //fmt.Println("buffer",buffer) - //fmt.Println("len(halves)",len(halves[1])) - //fmt.Println("preI",string(halves[1][preI])) - //fmt.Println("msg prior to preI",halves[1][0:preI]) + //fmt.Println("buffer", buffer) + //fmt.Println("len(halves)", len(halves[1])) + //fmt.Println("preI", string(halves[1][preI])) + //fmt.Println("msg prior to preI", halves[1][0:preI]) i = skipFunctionCall(segment, i-1) //fmt.Println("i",i) - //fmt.Println("msg prior to i-1",halves[1][0:i-1]) - //fmt.Println("string(i-1)",string(halves[1][i-1])) - //fmt.Println("string(i)",string(halves[1][i])) + //fmt.Println("msg prior to i-1", halves[1][0:i-1]) + //fmt.Println("string(i-1)", string(halves[1][i-1])) + //fmt.Println("string(i)", string(halves[1][i])) buffer += segment[preI:i] + string(segment[i]) //fmt.Println("Expr:",buffer) - tmp_where.Expr = append(tmp_where.Expr, DB_Token{buffer, "function"}) + tmpWhere.Expr = append(tmpWhere.Expr, DB_Token{buffer, "function"}) optype = 0 case 4: // string if char != '\'' { @@ -168,22 +168,22 @@ func processWhere(wherestr string) (where []DB_Where) { } else { optype = 0 //fmt.Println("Expr:",buffer) - tmp_where.Expr = append(tmp_where.Expr, DB_Token{buffer, "string"}) + tmpWhere.Expr = append(tmpWhere.Expr, DB_Token{buffer, "string"}) } case 5: // operator - if _is_op_byte(char) { + if isOpByte(char) { buffer += string(char) } else { optype = 0 i-- //fmt.Println("Expr:",buffer) - tmp_where.Expr = append(tmp_where.Expr, DB_Token{buffer, "operator"}) + tmpWhere.Expr = append(tmpWhere.Expr, DB_Token{buffer, "operator"}) } default: panic("Bad optype in _process_where") } } - where = append(where, tmp_where) + where = append(where, tmpWhere) } return where } @@ -241,7 +241,7 @@ func processSet(setstr string) (setter []DB_Setter) { } else if char == '\'' { optype = 4 buffer = "" - } else if _is_op_byte(char) { + } else if isOpByte(char) { optype = 5 buffer = string(char) } else if char == '?' { @@ -289,20 +289,20 @@ func processSet(setstr string) (setter []DB_Setter) { buffer += string(char) } else { optype = 0 - //fmt.Println("Expr:",buffer) + //fmt.Println("Expr:", buffer) tmpSetter.Expr = append(tmpSetter.Expr, DB_Token{buffer, "string"}) } case 5: // operator - if _is_op_byte(char) { + if isOpByte(char) { buffer += string(char) } else { optype = 0 i-- - //fmt.Println("Expr:",buffer) + //fmt.Println("Expr:", buffer) tmpSetter.Expr = append(tmpSetter.Expr, DB_Token{buffer, "operator"}) } default: - panic("Bad optype in _process_set") + panic("Bad optype in processSet") } } setter = append(setter, tmpSetter) @@ -322,11 +322,11 @@ func processLimit(limitstr string) (limiter DB_Limit) { return limiter } -func _is_op_byte(char byte) bool { +func isOpByte(char byte) bool { return char == '<' || char == '>' || char == '=' || char == '!' || char == '*' || char == '%' || char == '+' || char == '-' || char == '/' } -func _is_op_rune(char rune) bool { +func isOpRune(char rune) bool { return char == '<' || char == '>' || char == '=' || char == '!' || char == '*' || char == '%' || char == '+' || char == '-' || char == '/' } @@ -375,7 +375,7 @@ func getIdentifier(segment string, startOffset int) (out string, i int) { i = skipFunctionCall(segment, i) return strings.TrimSpace(segment[startOffset:i]), (i - 1) } - if (segment[i] == ' ' || _is_op_byte(segment[i])) && i != startOffset { + if (segment[i] == ' ' || isOpByte(segment[i])) && i != startOffset { return strings.TrimSpace(segment[startOffset:i]), (i - 1) } } @@ -386,7 +386,7 @@ func getOperator(segment string, startOffset int) (out string, i int) { segment = strings.TrimSpace(segment) segment += " " // Avoid overflow bugs with slicing for i = startOffset; i < len(segment); i++ { - if !_is_op_byte(segment[i]) && i != startOffset { + if !isOpByte(segment[i]) && i != startOffset { return strings.TrimSpace(segment[startOffset:i]), (i - 1) } } diff --git a/router_gen/route_impl.go b/router_gen/route_impl.go new file mode 100644 index 00000000..96b4fd02 --- /dev/null +++ b/router_gen/route_impl.go @@ -0,0 +1,38 @@ +package main + +type RouteImpl struct { + Name string + Path string + Vars []string + RunBefore []Runnable +} + +type Runnable struct { + Contents string + Literal bool +} + +func addRoute(route *RouteImpl) { + routeList = append(routeList, route) +} + +func (route *RouteImpl) Before(item string, literal ...bool) *RouteImpl { + var litItem bool + if len(literal) > 0 { + litItem = literal[0] + } + route.RunBefore = append(route.RunBefore, Runnable{item, litItem}) + return route +} + +func addRouteGroup(routeGroup *RouteGroup) { + routeGroups = append(routeGroups, routeGroup) +} + +func blankRoute() *RouteImpl { + return &RouteImpl{"", "", []string{}, []Runnable{}} +} + +func Route(fname string, path string, args ...string) *RouteImpl { + return &RouteImpl{fname, path, args, []Runnable{}} +} diff --git a/router_gen/routes.go b/router_gen/routes.go index b96cafea..366d1ddb 100644 --- a/router_gen/routes.go +++ b/router_gen/routes.go @@ -1,42 +1,5 @@ package main -type RouteImpl struct { - Name string - Path string - Vars []string - RunBefore []Runnable -} - -type Runnable struct { - Contents string - Literal bool -} - -func addRoute(route *RouteImpl) { - routeList = append(routeList, route) -} - -func (route *RouteImpl) Before(item string, literal ...bool) *RouteImpl { - var litItem bool - if len(literal) > 0 { - litItem = literal[0] - } - route.RunBefore = append(route.RunBefore, Runnable{item, litItem}) - return route -} - -func addRouteGroup(routeGroup *RouteGroup) { - routeGroups = append(routeGroups, routeGroup) -} - -func blankRoute() *RouteImpl { - return &RouteImpl{"", "", []string{}, []Runnable{}} -} - -func Route(fname string, path string, args ...string) *RouteImpl { - return &RouteImpl{fname, path, args, []Runnable{}} -} - // TODO: How should we handle headerLite and headerVar? func routes() { //addRoute("default_route","","") diff --git a/routes.go b/routes.go index 6705bbbc..fa5e8f6e 100644 --- a/routes.go +++ b/routes.go @@ -12,7 +12,6 @@ import ( "bytes" "html" "io" - "net" "net/http" "strconv" "strings" @@ -808,12 +807,8 @@ func routeLoginSubmit(w http.ResponseWriter, r *http.Request, user User) RouteEr auth.SetCookies(w, uid, session) if user.IsAdmin { // Is this error check reundant? We already check for the error in PreRoute for the same IP - host, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return InternalError(err, w, r) - } // TODO: Should we be logging this? - log.Print("#" + strconv.Itoa(uid) + " has logged in with IP " + host) + log.Printf("#%d has logged in with IP %s", uid, user.LastIP) } http.Redirect(w, r, "/", http.StatusSeeOther) return nil diff --git a/routes_common.go b/routes_common.go index fc4d908a..9d5dad53 100644 --- a/routes_common.go +++ b/routes_common.go @@ -270,33 +270,40 @@ func userCheck(w http.ResponseWriter, r *http.Request, user *User) (headerVars * } func preRoute(w http.ResponseWriter, r *http.Request) (User, bool) { - user, halt := auth.SessionCheck(w, r) - if halt { - return *user, false - } - if user == &guestUser { + user, ok := func(w http.ResponseWriter, r *http.Request) (User, bool) { + user, halt := auth.SessionCheck(w, r) + if halt { + return *user, false + } + if user == &guestUser { + return *user, true + } + + h := w.Header() + h.Set("X-Frame-Options", "deny") + //h.Set("X-XSS-Protection", "1") + // TODO: Set the content policy header return *user, true + }(w, r) + if !ok { + return user, false } + // TODO: WIP. Refactor this to eliminate the unnecessary query host, _, err := net.SplitHostPort(r.RemoteAddr) if err != nil { PreError("Bad IP", w, r) - return *user, false + return user, false } if host != user.LastIP { _, err = stmts.updateLastIP.Exec(host, user.ID) if err != nil { InternalError(err, w, r) - return *user, false + return user, false } - user.LastIP = host // ! - Is this racey? + user.LastIP = host } - - h := w.Header() - h.Set("X-Frame-Options", "deny") - //h.Set("X-XSS-Protection", "1") - // TODO: Set the content policy header - return *user, true + return user, ok } // SuperModeOnly makes sure that only super mods or higher can access the panel routes diff --git a/template_list.go b/template_list.go index 4d87476b..c5bfbb55 100644 --- a/template_list.go +++ b/template_list.go @@ -509,48 +509,49 @@ var profile_0 = []byte(` -
`) -var profile_2 = []byte(` +
`) -var profile_3 = []byte(``) -var profile_4 = []byte(``) -var profile_5 = []byte(``) -var profile_6 = []byte(` +var profile_2 = []byte(``) +var profile_3 = []byte(``) +var profile_4 = []byte(``) +var profile_5 = []byte(`
-
- Add Friend -
- `) -var profile_7 = []byte(`
+
+ `) -var profile_8 = []byte(`Unban - `) -var profile_11 = []byte(`Ban`) +var profile_6 = []byte(`
+ `) +var profile_7 = []byte(`Unban + `) +var profile_10 = []byte(`Ban`) +var profile_11 = []byte(` +
`) var profile_12 = []byte(` -
`) -var profile_13 = []byte(` -
- Report +
+ Report +
`) -var profile_16 = []byte(` +var profile_15 = []byte(` `) -var profile_41 = []byte(` +var profile_40 = []byte(`
+var profile_41 = []byte(`' type="hidden" />
@@ -638,13 +639,13 @@ var profile_42 = []byte(`' type="hidden" />
`) -var profile_43 = []byte(` +var profile_42 = []byte(`
`) -var profile_44 = []byte(` +var profile_43 = []byte(`