Commit graph

94 commits

Author SHA1 Message Date
mahmed2000
a7e5f20337
Implement admin password hashing with bcrypt (#3754)
* Add bcrypt hashing helpers

* SetAdminPassword now hashes the password before saving it

* BasicAuth now compares the bcrypt hash for the password

* Modify migration2 to avoid a double password hash when upgrading

* Add migration for bcrypt hashed password

* Do not show admin password hash as initial value

* Update api tests to compare the bcrypt hash of the admin password instead

* Remove old admin password api tests

---------

Co-authored-by: Gabe Kangas <gabek@real-ity.com>
2024-06-26 21:20:22 -07:00
Gabe Kangas
a450e62397
Optionally disable chat rate limiter and add optional chat slur/language filter (#3681)
* feat(chat): basic profanity filter. For #3139

* feat(chat): add setting for disabling chat spam protection. Closes #3523

* feat(chat): wire up the new chat slur filter to admin and chat. Closes #3139
2024-04-09 22:25:41 -07:00
Gabe Kangas
b4c73315fa
feat(log): point to passthrough as a potential issue when unable to generate thumbnails
Re: #3433 and #3431
2023-11-20 18:04:01 -08:00
Gabe Kangas
027f2544e3
fix(emoji): hopefully guard against the crash in #3331 2023-10-21 22:13:13 -07:00
Gabe Kangas
8e79e2acfa
chore(go): run betteralign and gofumpt on codebase 2023-10-08 14:22:28 -07:00
Gabe Kangas
169c11596c
feat(chat): add support for chat part messages. Closes #3201 (#3291) 2023-09-10 10:58:11 -07:00
Gabe Kangas
3174eb20e5
fix: updates for new linter rules. Closes #3277 2023-08-25 19:58:44 -07:00
John Regan
46ca5223f9
Chat wire protocol (#3125)
* core: remove file extension from emoji name

* web: transform emotes to labels when sending

* chat: replace br with line break

* core: implement emoji cache

* chat: send shortcodes for custom emoji

* chat: correct esling errors

* core: move emoji injection into dedicated function

* emoji: integrate emoji into markdown renderer, fix formatting

* chat protocol: correct golangci-lint findings

* chat field: specify that the contentEditable is an HTMLElement

* admin: mention that emoji should have unique names

* Prettified Code!

* regenerate pack-lock

* chat: correct the emphasis tag, provide fallback for other elements

---------

Co-authored-by: jprjr <jprjr@users.noreply.github.com>
2023-07-05 17:25:47 -07:00
Gabe Kangas
cd458630ec
Support using the custom video serving endpoint even if you don't use object storage (#2924)
* feat(video): refactor video serving endpoint

It can now be used without an object storage provider. Closes #2785

* fix: remove debug log
2023-05-30 14:05:24 -07:00
Gabe Kangas
15dc718e61
feat: add support for robots.txt disabling search indexing (#2929)
* feat: add support for robots.txt

Can toggle disabling search engine indexing. Closes #2684

* fix: unexport ts const
2023-05-30 11:09:51 -07:00
Gabe Kangas
85e7af3d5f
Update to Go 1.20 + run better align (#2927)
* chore(go): update go version to 1.20. Closes #2185

* chore(go): run better align against project

To optimize struct field order. Closes #2870

* chore(go): update CI jobs to use Go 1.20

* fix(go): linter warnings for Go 1.20 update
2023-05-30 10:31:43 -07:00
Gabe Kangas
19c228eaf6
Allow adding custom javascript to the page. Closes #2604 2023-01-18 22:38:24 -08:00
Michael David Kuckuk
59e5cfefd4
Remove twitter notification configuration (#2598) 2023-01-17 13:20:29 -08:00
Gabe Kangas
d5fd1bf169
Fix error handling for #1916 2022-12-16 20:30:24 -08:00
Gabe Kangas
0ebb968074
Handle subdirectories of emoji in copying, fetching and deleting. For #1916 2022-12-16 20:23:58 -08:00
Philipp
dc54dfe363
Feature: emoji editor (#2411)
* Custom emoji editor: implement backend

This reuses the logo upload code

* Implement emoji edit admin interface

Again reuse base64 logic from the logo upload

* Allow toggling between uploaded and default emojis

* Add route that always serves uploaded emojis

This is needed for the admin emoji interface,
as otherwise the emojis will 404 if custom emojis are disabled

* Fix linter warnings

* Remove custom/uploaded emoji logic

* Reset timer after emoji deletion

* Setup: copy built-in emojis to emoji directory
2022-12-12 08:40:43 -08:00
Gabe Kangas
269604ec75 Return non-fatal error if no stream keys are set 2022-11-29 16:05:44 -08:00
Gabe Kangas
c4dc802941 Make stream keys objects with comment instead of string slice 2022-11-29 16:05:44 -08:00
Gabe Kangas
c9e3ccad45 API + Data changes to support split up of stream keys and admin passwords 2022-11-29 16:05:44 -08:00
Gabe Kangas
efa24df299
Clean up default values for page content 2022-11-22 12:35:44 -08:00
Gabe Kangas
813f8692f0
Support color customization from the admin (#2338)
* Add user-customizable theming. Closes #1915

* Prettified Code!

* Add user-customizable theming. Closes #1915

* Add explicit color for page content background

* Prettified Code!

Co-authored-by: gabek <gabek@users.noreply.github.com>
2022-11-12 20:26:55 -08:00
Gabe Kangas
7ba541012f
Update default page content text. Closes #2178 2022-10-24 11:13:55 -07:00
Gabe Kangas
106e144cba
Add user color database migration. Closes #1984 2022-10-17 21:44:12 -07:00
Gabe Kangas
19e9895fe5
First pass at updated the default page content. For #2178 2022-10-08 16:25:20 -07:00
Gabe Kangas
681067ab93
Add custom offline message+api. Part of #1901 2022-08-09 22:09:43 -07:00
Gabe Kangas
68414445c2
Add support for changing user color in name modal. Closes #1805 2022-08-09 19:56:45 -07:00
Gabe Kangas
d12f25f556
Merge branch 'develop' into webv2 2022-08-09 14:14:45 -07:00
Gabe Kangas
0470403b71
Function has been re-exported for use 2022-08-03 11:30:06 -07:00
Gabe Kangas
b2b77f5eb9
Fix creating table indexes 2022-08-03 10:31:14 -07:00
Gabe Kangas
5d34279862
Add util for ungraceful sql execs 2022-08-03 10:31:11 -07:00
Gabe Kangas
eda62a91dc
Messages table fixes to improve query performance (#2026)
* Move to yaml sqlc config

* Add util for ungraceful sql execs

* Fix messages schema + add indexes

* Add migration to drop+recreate messages table

* Create index only if does not exist

* Fix typo

* Unexport function
2022-08-03 10:21:55 -07:00
Gabe Kangas
b08393295f
Add option to hide viewer count. Closes #1939 2022-06-26 00:46:55 -07:00
Gabe Kangas
86305c3028
Cleanup some warnings 2022-06-20 22:36:01 -07:00
Gabe Kangas
18a184eeb7
Use bundled images instead of old webroot files 2022-06-20 22:10:55 -07:00
Gabe Kangas
2c47ddeef0
Optimize chat history query. Helps #1890 2022-05-01 00:07:33 -07:00
Gabe Kangas
b6d575a286
Set value on cache miss 2022-04-30 23:16:08 -07:00
Gabe Kangas
e6804d0233
Fix cache warming not firing. Closes #1889 2022-04-30 23:15:57 -07:00
Gabe Kangas
b2b791b365
Migrate forbidden and suggested usernames list to string slice. Closes #1873 2022-04-25 14:31:29 -07:00
Gabe Kangas
529cba84fd
Refactor migration to loop over each user instead of bulk inserts 2022-04-23 18:12:59 -07:00
Gabe Kangas
514fd17ed9
Access token migration 2022-04-23 18:12:58 -07:00
Gabe Kangas
f173b8deca
do not make migration failure fatal temporarily 2022-04-21 21:05:49 -07:00
Gabe Kangas
b835de2dc4
IndieAuth support (#1811)
* Able to authenticate user against IndieAuth. For #1273

* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272

* Add migration to remove access tokens from user

* Add authenticated bool to user for display purposes

* Add indieauth modal and auth flair to display names. For #1273

* Validate URLs and display errors

* Renames, cleanups

* Handle relative auth endpoint paths. Add error handling for missing redirects.

* Disallow using display names in use by registered users. Closes #1810

* Verify code verifier via code challenge on callback

* Use relative path to authorization_endpoint

* Post-rebase fixes

* Use a timestamp instead of a bool for authenticated

* Propertly handle and display error in modal

* Use auth'ed timestamp to derive authenticated flag to display in chat

* don't redirect unless a URL is present

avoids redirecting to `undefined` if there was an error

* improve error message if owncast server URL isn't set

* fix IndieAuth PKCE implementation

use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding

* return real profile data for IndieAuth response

* check the code verifier in the IndieAuth server

* Linting

* Add new chat settings modal anad split up indieauth ui

* Remove logging error

* Update the IndieAuth modal UI. For #1273

* Add IndieAuth repsonse error checking

* Disable IndieAuth client if server URL is not set.

* Add explicit error messages for specific error types

* Fix bad logic

* Return OAuth-keyed error responses for indieauth server

* Display IndieAuth error in plain text with link to return to main page

* Remove redundant check

* Add additional detail to error

* Hide IndieAuth details behind disclosure details

* Break out migration into two steps because some people have been runing dev in production

* Add auth option to user dropdown

Co-authored-by: Aaron Parecki <aaron@parecki.com>
2022-04-21 14:55:26 -07:00
Gabe Kangas
e46f8e2a66
Troubleshoot misskey follows
Store the original follow request object and use it for approvals.
Closes #1690
2022-04-08 13:33:30 -07:00
Gabe Kangas
4a17f30da8
Outbound live stream notifications (#1663)
* First pass at browser, discord, twilio notifications

* Commit updated Javascript packages

* Remove twilio notification support

* Email notifications/smtp support

* Fix Firefox notification support, remove chrome checks

* WIP more email work

* Add support for twitter notifications

* Add stream title to discord and twitter notifications

* Update notification registration modal

* Fix hide/show email section

* Commit updated API documentation

* Commit updated Javascript packages

* Fix post-rebase missing var

* Remove unused var

* Handle unsubscribe errors for browser push

* Standardize email config prop names

* Allow overriding go live email template

* Some notifications cleanup

* Commit updated Javascript packages

* Remove email/smtp/mailjet support

* Remove more references to email notifications

Co-authored-by: Owncast <owncast@owncast.online>
2022-03-18 13:33:23 -07:00
Gabe Kangas
d1e39c4c1e
Force uniqueness with previews and logos on the fediverse. Closes #1777 and closes #1776 2022-03-17 13:22:44 -07:00
Gabe Kangas
e0a75d5d54
Add support for established chat user mode. #1587 (#1681)
* Add support for established user mode. #1587

* Tweak tests

* Tweak tests

* Update test

* Fix test.
2022-03-06 23:26:24 -08:00
Gabe Kangas
19b9a8bdf6
Add support for IP-based bans (#1703)
* Add support for IP-based bans. Closes #1534

* Linter cleanup
2022-03-06 20:34:49 -08:00
Gabe Kangas
92041c4c23
Add Prometheus for some Owncast metrics (#1744)
* Add Prometheus for some Owncast metrics. Closes #1303

* Wrap prometheus metrics endpoint in admin middleware
2022-03-06 17:26:52 -08:00
Gabe Kangas
d24ddc2b0a
Add support for and use socket host override. (#1682)
* Add support for and use socket host override. Closes #1378

* Fix embeds with the new websocket constructor
2022-03-06 17:11:51 -08:00
Gabe Kangas
d5a6267b1f
Add support to disable chat join messages. Closes #1582 (#1743) 2022-03-05 22:34:06 -08:00