Commit Graph

86 Commits

Author SHA1 Message Date
Chocobozzz c1340a6ac3
Add rate limit to registration and API endpoints 2019-07-04 16:42:40 +02:00
Chocobozzz e8bafea35b
Create a dedicated table to track video thumbnails 2019-04-24 16:25:52 +02:00
Chocobozzz 1eddc9a74f
Add user adminFlags 2019-04-15 14:39:52 +02:00
Chocobozzz cda03765fe
Add ability to delete old remote views 2019-04-12 08:31:06 +02:00
Chocobozzz 8f0bc73d7d
Add ability to limit videos history size 2019-04-11 15:38:53 +02:00
Chocobozzz 74dc3bca2b
Don't expose constants directly in initializers/ 2019-04-11 14:26:41 +02:00
Chocobozzz ae9bbed46d
Update P2P media loader peer version 2019-04-08 11:16:14 +02:00
Chocobozzz d74d29ad9e
Limit user tokens cache 2019-03-19 14:30:43 +01:00
Chocobozzz 418d092afa Playlist server API 2019-03-18 11:17:59 +01:00
Chocobozzz 539d3f4faa
BREAKING: update CSP configuration
Disable it by default and add ability to specify a custom report uri
2019-02-21 16:28:53 +01:00
Chocobozzz cef534ed53 Add user notification base code 2019-01-09 11:15:15 +01:00
Chocobozzz 2f5c6b2fc6
Optimize actor follow scores modifications 2018-12-20 14:31:11 +01:00
Rigel Kent 5e755fff9d add Content Security Policy (#1252)
* add Content Security Policy

* remove reflect-metadata on production builds to get rid of unsafe-eval

* fix baseCSP usage

* add SRI to CSP

* add blob: to media-src

* remove SRI

* CSP set to reportOnly

* adding data: to connect-src CSP

* remove block-all-mixed-content

* add report-uri support
2018-12-13 09:49:45 +01:00
Chocobozzz 2feebf3e6a
Add sitemap 2018-12-05 17:44:34 +01:00
Chocobozzz 0b2f03d371
Speedup peertube startup 2018-11-19 15:21:09 +01:00
Chocobozzz df66d81583
Add compatibility with other Linked Signature algorithms 2018-11-14 16:32:27 +01:00
Rigel Kent b83b8dd5ae add cli option to run without client 2018-11-14 15:59:56 +01:00
Chocobozzz e5565833f6
Improve redundancy: add 'min_lifetime' configuration 2018-09-24 13:38:39 +02:00
Chocobozzz c48e82b5e0 Basic video redundancy implementation 2018-09-13 14:05:49 +02:00
Rigel Kent 6328da8c01
make HSTS opt-in and leave it to the reverse-proxy 2018-09-09 22:10:38 +02:00
Chocobozzz 328e607d32
Add sql trace in error log on sequelize error 2018-08-31 11:43:46 +02:00
Rigel Kent aad0ec24e8 advertising PeerTube's rather simple DNT policy 2018-08-08 09:22:15 +02:00
Chocobozzz ed31c05985 Add ability to list video imports 2018-08-06 11:19:16 +02:00
Chocobozzz ce32426be9 Auto update youtube-dl 2018-08-06 11:19:16 +02:00
Chocobozzz 14f2b3ad11
Graceful job queue shutdown 2018-07-30 18:49:54 +02:00
Chocobozzz 3ac046e2a4
Fix peertube on chrome 2018-07-26 16:46:36 +02:00
Chocobozzz 57c36b277e Begin advanced search 2018-07-24 14:04:05 +02:00
Chocobozzz 57bf30a984
Fix CSP 2018-07-17 18:44:47 +02:00
Rigel Kent aa1c3d929f
(quickfix) loosening CSP 2018-07-17 16:36:07 +02:00
Chocobozzz 62945f067b
Add cors for static paths too 2018-07-17 15:04:54 +02:00
Rigel Kent 4bdd9473fd adding CSP, no-referrer policies and allow dns prefetching 2018-07-17 12:03:31 +02:00
Rigel Kent d00e2393d4 selective route permission to use embeds with x-frame-deny 2018-07-17 12:03:31 +02:00
Chocobozzz f4001cf408
Handle .srt subtitles 2018-07-16 14:31:40 +02:00
Chocobozzz 40e87e9ecc Implement captions/subtitles 2018-07-16 11:50:08 +02:00
Chocobozzz 3ff5a19b4c
Do not enable cors twice on /api in test mode 2018-06-29 09:48:19 +02:00
William Lahti 12daa83784 move CORS allowance to the REST API router 2018-06-29 09:46:44 +02:00
William Lahti b229e38d50 fix lint error on travis [let it be known, I disagree with this rule] 2018-06-29 09:46:44 +02:00
William Lahti 1fd2d96ff8 open CORS to allow in-browser apps to communicate w/ PeerTube instances 2018-06-29 09:46:44 +02:00
Chocobozzz 8afc19a612
Add ability to choose the language 2018-06-28 15:53:12 +02:00
Chocobozzz 9b67da3d9b
Add tracker rate limiter 2018-06-26 16:53:43 +02:00
Chocobozzz 23687332e6
Improve update host script and add warning if AP urls are invalid 2018-06-21 18:36:08 +02:00
Chocobozzz 2baea0c77c
Add ability for uploaders to schedule video update 2018-06-14 18:06:56 +02:00
Chocobozzz 989e526abf
Prepare i18n files 2018-06-05 08:43:01 +02:00
Chocobozzz 74af5a8361
Client E2E tests first step 2018-05-17 10:55:50 +02:00
Chocobozzz f55e5a7bf8
Process broadcast requests in parallel 2018-04-18 16:04:49 +02:00
Pierre-Alain TORET cff8b272b1 Support hostname binding in config
* Add basic support for hostname binding

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Make production example a bit more secure

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Make example config files compatible with hostname binding modification

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Fix typo

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Bind on 127.0.0.1 by default

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Update Docker configuration with hostname binding

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>
2018-04-17 11:14:32 +02:00
Rigel Kent 244e76a552
feature: initial syndication feeds support
Provides rss 2.0, atom 1.0 and json 1.0 feeds for videos (instance and account-wide) on listings and video-watch views.

* still lacks redis caching
* still lacks lastBuildDate support
* still lacks channel-wide support
* still lacks semantic annotation (for licenses, NSFW warnings, etc.)
* still lacks love ( ˘ ³˘)

* RSS: has MRSS support for torrent lists!
* RSS: includes the first torrent in an enclosure
* JSON: lists all torrents in the 'attachments' object
* ATOM: lacking torrent listing support

Advances #23
Partial implementation for the accountId generation in the client, which will need a hotfix to add a way to get the proper account id.
2018-04-17 01:09:06 +02:00
Chocobozzz 3d3441d6c7
Don't start application until all components were initialized 2018-04-04 11:04:14 +02:00
Chocobozzz 490b595a01
Prevent brute force login attack 2018-03-29 11:03:30 +02:00
Chocobozzz d5b7d9110d
Fix error logging 2018-03-26 16:04:14 +02:00