Commit graph

1465 commits

Author SHA1 Message Date
Meisam
e1c4b452e6
test emoji title and alt tag sanitization (#1244) 2021-07-23 11:01:30 -07:00
Meisam
a8e93de134
Prevent remote image injection with /img/emoji/ in url (#1245)
* test remote img blocking with /img/emoji/ in url

* fix emoji filter

prevent injection of remote img with /img/emoji in url
2021-07-23 11:00:04 -07:00
Gabe Kangas
ae78283caf Remove extra log from displaying 2021-07-22 23:34:51 -07:00
Gabe Kangas
484098afda Some migration fixes and database optimizations 2021-07-22 23:30:25 -07:00
Meisam
c4c1ecfc7b
Allow alt and title tags in chat emojis (#1241)
* allow alt and title on chat imgs

* enforce non-empty alt&title tags for emojis
2021-07-22 22:22:33 -07:00
Gabe Kangas
a366923797 Update admin bundle 2021-07-22 18:42:19 -07:00
Gabe Kangas
3dc3ad75f6 Cleanup errors that are not fatal during filesystem cleanup 2021-07-22 16:50:30 -07:00
Gabe Kangas
c3e8e78dad Centralize chan closure to be done in the client, not the server. Set chan size to max message size. 2021-07-22 15:27:12 -07:00
Gabe Kangas
f782e82909 Fix potential concurrent access condition 2021-07-22 15:27:12 -07:00
dependabot[bot]
3c6fcb0de5
Bump postcss from 8.3.5 to 8.3.6 in /build/javascript (#1240)
Bumps [postcss](https://github.com/postcss/postcss) from 8.3.5 to 8.3.6.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.3.5...8.3.6)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-22 09:42:25 -07:00
Gabe Kangas
c1dd1b9bf3 fix exception 2021-07-21 23:19:33 -07:00
Gabe Kangas
e7e1758fa4 Force history messages to always be at the front of the messages array 2021-07-21 22:23:24 -07:00
Gabe Kangas
1d7b7727d2 Update admin bundle 2021-07-21 17:32:49 -07:00
Owncast
e38aa5935b Commit updated API documentation 2021-07-22 00:20:22 +00:00
Gabe Kangas
2cf761a3f1 Clarify in routes and names that it is chat clients being returned 2021-07-21 17:19:15 -07:00
Gabe Kangas
5f322c84f6 Update admin bundle 2021-07-21 10:05:05 -07:00
dependabot[bot]
e63703f670
Bump cssnano from 5.0.6 to 5.0.7 in /build/javascript (#1235)
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.0.6 to 5.0.7.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.0.6...cssnano@5.0.7)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-21 09:56:33 -07:00
Gabe Kangas
96993435d8 Add missing space. Closes #1231 2021-07-20 23:25:23 -07:00
Owncast
11b59fbb31 Commit updated Javascript packages 2021-07-20 20:28:01 +00:00
dependabot[bot]
1b575d6fdf
Bump @videojs/http-streaming from 2.9.2 to 2.9.3 in /build/javascript (#1227)
Bumps [@videojs/http-streaming](https://github.com/videojs/http-streaming) from 2.9.2 to 2.9.3.
- [Release notes](https://github.com/videojs/http-streaming/releases)
- [Changelog](https://github.com/videojs/http-streaming/blob/main/CHANGELOG.md)
- [Commits](https://github.com/videojs/http-streaming/compare/v2.9.2...v2.9.3)

---
updated-dependencies:
- dependency-name: "@videojs/http-streaming"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-20 13:27:01 -07:00
Gabe Kangas
4715598d7e
Override default protocol if one is set in settings (#1226)
* Default to http but use the protocol set in settings if available

* Add missing instance of the protocol
2021-07-20 10:34:59 -07:00
Gabe Kangas
44d6a36b77 Cleanup linter warnings 2021-07-19 23:49:16 -07:00
Owncast
4d64539b07 Commit updated API documentation 2021-07-20 05:53:46 +00:00
Gabe Kangas
b59d348adc Update api spec 2021-07-19 22:53:02 -07:00
Gabe Kangas
af0c6c0cb3 Update admin bundle 2021-07-19 22:04:11 -07:00
Gabe Kangas
bae469d513 Remove pointing to admin branch 2021-07-19 21:58:12 -07:00
Gabe Kangas
bf4d4c81f9 Add dependencies overview doc 2021-07-19 20:17:31 -07:00
gabek
7af5030f5b Prettified Code! 2021-07-20 02:23:06 +00:00
Gabe Kangas
b6f68628c0
Chat refactor + persistent backing chat users (#1163)
* First pass at chat user registration and validation

* Disable chat if the user is disabled/blocked or the server hits max connections

* Handle dropping sockets if chat is disabled

* Fix origin in automated chat test

* Work for updated chat moderation

* Chat message markdown rendering and fix tests

* Put /api/chat behind a chat user access token. Closes #1085

* Reject blocked username changes

* More WIP moderation

* Defer configuring chat until we know if it is enabled. Closes #1135

* chat user blocking. Closes #1096

* Add tests around user access for #1096

* Add external integration chat message API + update integration auth middleware to pass along integration name. Closes #1092

* Delete old chat messages from db as to not hold on to excessive data. Closes #1152

* Add schema migration for messages. Closes #1155

* Commit updated API documentation

* Add chat load test

* Shared db mutex and db optimizations

* Simplify past display name handling

* Use a new test db for each test run

* Wire up the external messages actions + add tests for them

* Move access tokens to be actual users

* Run message pruning at launch + fix comparison

* Do not return API users in disabled users response

* Fix incorrect highlighting. Closes #1160

* Consolidate user table statements

* Set the max process connection limit to 70% of maximum

* Fix wrong old display name being returned in name change event

* Delete the old chat server files

* Wire back up the webhooks

* Remove unused

* Invalidate user cache on changes

* Do not send rendered body as RawBody

* Some cleanup

* Standardize names for external API users to ExternalAPIUser

* Do not log token

* Checkout branch when building admin for testing

* Bundle in dev admin for testing

* Some cleanup

* Cleanup js logs

* Cleanup and standardize event names

* Clean up some logging

* Update API spec. Closes #1133

* Commit updated API documentation

* Change paths to be better named

* Commit updated API documentation

* Update admin bundle

* Fix duplicate event name

* Rename scope var

* Update admin bundle

* Move connected clients controller into admin package

* Fix collecting usernames for autocomplete purposes

* No longer generate username when it is empty

* Sort clients and users by timestamp

* Move file to admin controller package

* Swap, so the comments stay correct

Co-authored-by: Jannik <jannik@outlook.com>

* Use explicit type alias

Co-authored-by: Jannik <jannik@outlook.com>

* Remove commented code.

Co-authored-by: Jannik <jannik@outlook.com>

* Cleanup test

* Remove some extra logging

* Add some clarity

* Update dev instance of admin for testing

* Consolidate lines

Co-authored-by: Jannik <jannik@outlook.com>

* Remove commented unused vars

Co-authored-by: Jannik <jannik@outlook.com>

* Until needed do not return IP address with client list

* Fix typo of wrong var

* Typo led to a bad test. Fix typo and fix test.

* Guard against the socket reconnecting on error if previously set to shutdown

* Do not log access tokens

* Return success message on enable/disable user

* Clean up some inactionable error messages. Sent ban message. Sort banned users.

* fix styling for when chat is completely disabled

* Unused

* guard against nil clients

* Update dev admin bundle

* Do not unhide messages when unblocking user just to be safe. Send removal action from the controller

* Add convinience function for getting active connections for a single user

* Lock db on these mutations

* Cleanup force disconnect using GetClientsForUser and capture client reference explicitly

* No longer re-showing banned user messages for safety. Removing this test.

* Remove no longer needed comment

* Tweaks to forbidden username handling.

- Standardize naming to not use "block" but "forbidden" instead.
- Pass array over the wire instead of string.
- Add API test
- Fix default list incorrectly being appended to custom list.

* Logging cleanup

* Update dev admin bundle

* Add an artificial delay in order to visually see message being hidden when testing

* Remove the user cache as it is a premature optimization

* When connected to chat let the user know their current user details to sync the username in the UI

* On connected send current display name back to client.
- Move name change out of chat component.
- Add additional event type constants.

* Fix broken workflow due to typo

* Troubleshoot workflow

* Bump htm from 3.0.4 to 3.1.0 in /build/javascript (#1181)

* Bump htm from 3.0.4 to 3.1.0 in /build/javascript

Bumps [htm](https://github.com/developit/htm) from 3.0.4 to 3.1.0.
- [Release notes](https://github.com/developit/htm/releases)
- [Commits](https://github.com/developit/htm/compare/3.0.4...3.1.0)

---
updated-dependencies:
- dependency-name: htm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run npm run build and update libraries

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>

* Commit updated Javascript packages

* Re-send current user info when a rejected name change takes place

* All socket writes should be through the send chan and not directly

* Seed the random generator

* Add keys and indexes to users table

* a util to generate consistent emoji markup

* console clean up

* mod tidy

* Commit updated API documentation

* Handle the max payload size of a socket message.
- Only close socket if x2 greater than the max size.
- Send the user a message if a message is too large.
- Surface the max size in bytes in the config.

* Update admin bundle

* Force all events to be sent in their own socket message and do not concatinate in a single message

* Update chat embed to register for access token

* Use a different access token for embed chat

* Update the chat message bubble background color to be bolder

* add base tag to open links in new window, closes #1220

* Support text input of :emoji: in chat (#1190)

* Initial implementation of emoji injection

* fix bookkeeping with multiple emoji

* make the emoji lookup case-insensitive

* try another solution for Caretposition

* add title to emojis

minor refactoring

* bind moji injection to InputKeyUp

* simplify the code

replace all found emojis

* inject emoji if the modifer is released earlier

* more efficient emoji tag search

* use json emoji.emoji as url

* use createEmojiMarkup()

* move emojify() to chat.js

* emojify on paste

* cleanup emoji titles in paste

* update inputText in InputKeyup

* mark emoji titles with 2*zwnj

this way paste cleanup will not interfere with text which include zwnj

* emoji should not change the inputText

* Do not show join messages when chat is offline. Closes #1224
- Show stream starting/ending messages in chat.
- When stream starts show everyone the welcome message.

* Force scrolling chat to bottom after history is populated regardless of scroll position. Closes https://github.com/owncast/owncast/issues/1222

* use maxSocketPayloadSize to calculate total bytes of message payload (#1221)

* utilize maxSocketPayloadSize from config; update chatInput to calculate based on that value instead of text value; remove usage of inputText for counting

* add a buffer to account for entire websocket payload for message char counting; trim nbsp;'s from ends of messages when calculating count

Co-authored-by: Gabe Kangas <gabek@real-ity.com>

Co-authored-by: Owncast <owncast@owncast.online>
Co-authored-by: Jannik <jannik@outlook.com>
Co-authored-by: Ginger Wong <omqmail@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Meisam <39205857+MFTabriz@users.noreply.github.com>
2021-07-19 19:22:29 -07:00
gabek
e3dc736cf4 Prettified Code! 2021-07-20 01:51:46 +00:00
Gabe Kangas
6328fc6f90 Fix date comparison for showing last stream date. Closes https://github.com/owncast/owncast/issues/1223 2021-07-19 18:51:10 -07:00
Gabe Kangas
fcc25bd1e7 Clean up the github readme and add some fun badges for surfacing some links and info 2021-07-19 12:27:21 -07:00
Gabe Kangas
37fedb8ab8 Ignore some additional non-fatal errors 2021-07-18 13:10:08 -07:00
Meisam
617156b18d
link assets under the same protocol for bots (#1187)
* link assets under the same protocol

* use // for metadata  urls
2021-07-17 20:28:20 -07:00
dependabot[bot]
19514f2a62
Bump github.com/mattn/go-sqlite3 from 1.14.7 to 1.14.8 (#1198)
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-16 15:24:37 -07:00
Owncast
6d8e0ddfe5 Commit updated Javascript packages 2021-07-15 23:47:47 +00:00
dependabot[bot]
09a46289c0
Bump @videojs/http-streaming from 2.9.1 to 2.9.2 in /build/javascript (#1188)
Bumps [@videojs/http-streaming](https://github.com/videojs/http-streaming) from 2.9.1 to 2.9.2.
- [Release notes](https://github.com/videojs/http-streaming/releases)
- [Changelog](https://github.com/videojs/http-streaming/blob/main/CHANGELOG.md)
- [Commits](https://github.com/videojs/http-streaming/compare/v2.9.1...v2.9.2)

---
updated-dependencies:
- dependency-name: "@videojs/http-streaming"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-15 16:46:38 -07:00
dependabot[bot]
41273eff9a
Bump github.com/aws/aws-sdk-go from 1.39.0 to 1.40.0 (#1189)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-15 11:54:22 -07:00
Meisam
a00052ef89
set summary in metadata (#1185) 2021-07-13 14:44:03 -07:00
Owncast
72ad211ff8 Commit updated Javascript packages 2021-07-13 03:45:20 +00:00
dependabot[bot]
d0b1b604a0
Bump htm from 3.0.4 to 3.1.0 in /build/javascript (#1181)
* Bump htm from 3.0.4 to 3.1.0 in /build/javascript

Bumps [htm](https://github.com/developit/htm) from 3.0.4 to 3.1.0.
- [Release notes](https://github.com/developit/htm/releases)
- [Commits](https://github.com/developit/htm/compare/3.0.4...3.1.0)

---
updated-dependencies:
- dependency-name: htm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run npm run build and update libraries

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
2021-07-12 20:44:21 -07:00
gabek
cea07697f3 Prettified Code! 2021-07-12 17:25:14 +00:00
gingervitis
ab254a3902
put emojiPicker instance in state so page can correctly reflect updates when it has instantiated (#1182) 2021-07-12 10:24:41 -07:00
Gabe Kangas
0c6378976c
Troubleshoot workflow 2021-07-12 09:13:06 -07:00
Gabe Kangas
e84149ea50
Fix broken workflow due to typo 2021-07-12 09:04:28 -07:00
Gabe Kangas
5968aa49d2 Fix initial creation of logging directory 2021-07-11 17:08:51 -07:00
Meisam
d042fd70d1
Cache the custom emoji list (#1175)
* use emojiCache

* add emojiCacheTimestamp

* add function description

* better logging
2021-07-11 15:34:56 -07:00
Meisam
08b6c4e3cf
Better handling of os.Stat() errors (#1173) 2021-07-09 18:31:43 -07:00
Meisam
7361578412
style fix for error checking (#1170)
+additional linting
2021-07-09 11:16:44 -07:00
Meisam
a13e1e75e2
proper cleanup and permission check for the hls directory (#1167)
* check error on hls cleanup

* rm HLS directories before creating new ones

* don't mask the variable

* mv cleanupDirectory() to utils

* add user-friendly error messages
2021-07-08 12:35:53 -07:00