Commit Graph

273 Commits

Author SHA1 Message Date
Rigel Kent 5e755fff9d add Content Security Policy (#1252)
* add Content Security Policy

* remove reflect-metadata on production builds to get rid of unsafe-eval

* fix baseCSP usage

* add SRI to CSP

* add blob: to media-src

* remove SRI

* CSP set to reportOnly

* adding data: to connect-src CSP

* remove block-all-mixed-content

* add report-uri support
2018-12-13 09:49:45 +01:00
Chocobozzz 14e2014acc Support additional video extensions 2018-12-11 15:11:09 +01:00
Chocobozzz 6040f87d14
Add tmp and redundancy directories 2018-12-04 16:04:15 +01:00
Chocobozzz 8d4273463f
Check follow constraints when getting a video 2018-11-16 15:49:16 +01:00
Chocobozzz e5565833f6
Improve redundancy: add 'min_lifetime' configuration 2018-09-24 13:38:39 +02:00
Chocobozzz f9f899b9f8
Add redundancy check interval in config 2018-09-19 16:21:30 +02:00
Chocobozzz d9bdd007d7
Put config redundancy strategies in "strategies" subkey 2018-09-19 16:12:07 +02:00
Rigel Kent df182b373f
normalize robot.txt and specify test servers as scope of security audits 2018-09-18 11:18:51 +02:00
Chocobozzz 3f6b6a565d
Add recently added redundancy strategy 2018-09-14 11:05:38 +02:00
Chocobozzz b36f41ca09
Add trending videos strategy 2018-09-14 09:57:21 +02:00
Chocobozzz c48e82b5e0 Basic video redundancy implementation 2018-09-13 14:05:49 +02:00
Rigel Kent 1f4f151019
add vulnerability disclosure policy 2018-09-06 14:25:27 +02:00
Austin Heap 5447516b9a draft "security.txt" spec integration (#1020) 2018-09-06 14:23:46 +02:00
Chocobozzz 9a629c6efb
Trending by interval 2018-08-31 17:22:01 +02:00
Josh Morel d9eaee3939 add user account email verificiation (#977)
* add user account email verificiation

includes server and client code to:

* enable verificationRequired via custom config
* send verification email with registration
* ask for verification email
* verify via email
* prevent login if not verified and required
* conditional client links to ask for new verification email

* allow login for verified=null

these are users created when verification not required
should still be able to login when verification is enabled

* refactor email verifcation pr

* change naming from verified to emailVerified
* change naming from askVerifyEmail to askSendVerifyEmail
* undo unrelated automatic prettier formatting on api/config
* use redirectService for home
* remove redundant success notification on email verified

* revert test.yaml smpt host
2018-08-31 09:18:19 +02:00
Felix Ableitner bee0abffff Implement daily upload limit (#956)
* Implement daily upload limit (ref #652)

* remove duplicate code

* review fixes

* fix tests?

* whitespace fixes, finish leftover todo

* fix tests

* added some new tests

* use different config value for tests

* remove todo
2018-08-28 09:01:35 +02:00
Chocobozzz 1297eb5db6 Add refresh video on search 2018-08-27 09:41:54 +02:00
Chocobozzz a84b8fa5cf Add import.video.torrent configuration 2018-08-08 09:30:31 +02:00
Chocobozzz 5d08a6a74e Add import http enabled configuration 2018-08-06 11:19:16 +02:00
Chocobozzz fbad87b047 Add ability to import video with youtube-dl 2018-08-06 11:19:16 +02:00
Rigel Kent 1c3386e87f adding ORM pool configuration 2018-07-31 15:38:08 +02:00
Chocobozzz f842e810b4
Update default config cache 2018-07-25 15:11:06 +02:00
Chocobozzz 40e87e9ecc Implement captions/subtitles 2018-07-16 11:50:08 +02:00
Rigel Kent 19f7b248d8 adding redis unix connection 2018-07-14 15:00:56 +02:00
Chocobozzz 09f35e2a6f
Add warning regarding transcoding 2018-06-07 16:44:22 +02:00
Chocobozzz 351d5225d6
Improve Twitter config help 2018-05-31 11:04:34 +02:00
Chocobozzz 6401417d6c
Add help in conf file regarding SMTP 2018-05-29 10:28:08 +02:00
Rigel Kent ff2c1fe813 feature: IP filtering on signup page
disable registration form on IP not in range
checking the CIDR list before filtering with it
placing the cidr filters as an attribute object in the config
2018-05-22 19:44:34 +02:00
Chocobozzz 78881bc4fa
Allow crawling by default 2018-05-22 11:02:10 +02:00
Rigel Kent 30c82f0d2e feature: db selection in redis
resolves #579
2018-05-21 17:49:56 +02:00
Rigel Kent ac235c37e2 robots.txt config and route 2018-05-16 10:50:55 +02:00
Chocobozzz 8be1afa12b
Add ability to embed a video in Twitter
The instance should be whitelisted first
2018-05-11 08:48:20 +02:00
Chocobozzz 0883b3245b
Add ability to choose what policy we have for NSFW videos
There is a global instance setting and a per user setting
2018-04-19 11:01:34 +02:00
Pierre-Alain TORET cff8b272b1 Support hostname binding in config
* Add basic support for hostname binding

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Make production example a bit more secure

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Make example config files compatible with hostname binding modification

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Fix typo

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Bind on 127.0.0.1 by default

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>

* Update Docker configuration with hostname binding

Signed-off-by: Pierre-Alain TORET <pierre-alain.toret@protonmail.com>
2018-04-17 11:14:32 +02:00
Chocobozzz 490b595a01
Prevent brute force login attack 2018-03-29 11:03:30 +02:00
Chocobozzz bebf2d89d3
Add option to disable starttls 2018-03-22 16:12:52 +01:00
Chocobozzz 2e3a0215d0
Add short description in config 2018-03-15 14:34:47 +01:00
Chocobozzz 901637bb87
Add ability to change the homepage 2018-03-01 13:57:29 +01:00
Chocobozzz 98f535a508
Only use 1 thread for transcoding by default 2018-02-26 12:12:49 +01:00
Chocobozzz 1125c40a32
Change transcoding default conf options 2018-02-26 10:49:27 +01:00
Chocobozzz 00b5556c18
Add ability to add custom css/javascript 2018-02-22 10:22:53 +01:00
Chocobozzz a0922eb9b3
Change default logging 2018-02-14 16:03:09 +01:00
Chocobozzz bf874e33da
Add default description and default terms 2018-02-09 09:44:38 +01:00
Chocobozzz 66b16cafb3
Add new name/terms/description config options 2018-01-31 16:42:40 +01:00
Chocobozzz ecb4e35f4e
Add ability to reset our password 2018-01-30 13:27:07 +01:00
Chocobozzz 94a5ff8a4a
Move job queue to redis
We'll use it as cache in the future.

/!\ You'll loose your old jobs (pending jobs too) so upgrade only when
you don't have pending job anymore.
2018-01-25 18:41:17 +01:00
Chocobozzz 23e27dd535
Add ability to configure log level 2018-01-19 13:58:13 +01:00
Chocobozzz 48be26e1fc
Remove unused keys in configuration 2018-01-15 18:07:08 +01:00
Chocobozzz 6b2ef589ed
Prepare production workflow 2018-01-15 11:28:41 +01:00
Chocobozzz 2295ce6c4e
Add account avatar 2017-12-04 10:34:40 +01:00
Chocobozzz 40298b0254 Implement video transcoding on server side 2017-10-03 15:31:26 +02:00
Chocobozzz b0f9f39ed7 Begin user quota 2017-09-04 20:07:54 +02:00
Chocobozzz 291e8d3eed Add ability to limit user registrations 2017-07-25 20:17:28 +02:00
Chocobozzz f981dae861 Add previews cache system between pods 2017-07-12 11:56:02 +02:00
Chocobozzz fce897f326 Server: add tests to video transcoder 2017-05-04 21:51:00 +02:00
Chocobozzz 227d02fead Server: add job scheduler to transcode video files 2017-05-04 21:12:32 +02:00
Chocobozzz e22528aca6 Server: add config endpoint 2017-03-10 11:32:39 +01:00
Chocobozzz 4793c343fd Add email to pods 2017-02-16 19:19:56 +01:00
Luc Didry 98dffd102e Add hint about database name in config files 2017-01-16 09:53:05 +01:00
Chocobozzz 55fa55a9be Server: add video abuse support 2017-01-04 21:05:13 +01:00
Chocobozzz b769007f73 Update migrations code 2016-12-25 09:44:57 +01:00
Chocobozzz feb4bdfd9b First version with PostgreSQL 2016-12-19 21:22:28 +01:00
Chocobozzz 6a94a109b4 Server: add video preview 2016-11-16 20:29:26 +01:00
Chocobozzz 3737bbafb1 Server: host -> hostname (host = hostname + port) 2016-10-26 20:28:34 +02:00
Chocobozzz b3d9251015 Server: Uploads -> Videos 2016-10-21 11:33:31 +02:00
Chocobozzz 5683534893 Remove references to Electron 2016-10-13 21:48:55 +02:00
Chocobozzz a6375e6966 Merge branch 'master' into webseed-merged 2016-10-02 15:39:09 +02:00
Chocobozzz 1e2564d392 Server: make friends urls come from the request instead of the
configuration file
2016-08-20 17:11:38 +02:00
Chocobozzz 052937db8a First draft using only webseed for server 2016-07-27 21:21:57 +02:00
Chocobozzz 09bc69df7a Add debug electron setting 2016-05-13 14:23:11 +02:00
Chocobozzz cbe2f7c348 Refractoring and add thumbnails support (without tests) 2016-05-10 21:19:24 +02:00
Chocobozzz 9353449515 Use scripty instead of writing shell commands in package.json 2016-04-30 12:56:36 +02:00
Chocobozzz 8c308c2bf7 Spawn 2015-10-29 23:14:54 +01:00