Commit Graph

490 Commits

Author SHA1 Message Date
Cohee f3cfc4c3c9 Disalow x-forwarded headers in CORS redirect 2024-07-22 14:19:20 +00:00
Cohee 02e65ff176 Configurable session expiration 2024-07-06 14:50:36 +03:00
steve green 46c91bec67
Update server.js to trust UserAccounts securely (#2447)
* Update server.js to trust UserAccounts securely

* Update zh-cn.json btw

* Clarify security logic

* update logic

* Fix filtering of enabled users.

* Fix account name logging

* More friendly log

* Even friendlier message

* Revert deleted keys

---------

Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>
2024-07-03 21:24:03 +03:00
Cohee 5b002c6e46 #2422 Move uploads under the data root 2024-06-26 23:22:42 +03:00
Cohee 8d5876c2c8 Rename endpoints for websearch 2024-06-19 22:37:51 +03:00
Cohee f5fccc0387 Add Azure TTS service 2024-05-22 01:37:51 +03:00
Cohee 4a70e68c22 Add ping endpoint 2024-05-07 01:27:17 +03:00
Cohee 943906d8a3 Fix UTF-8 file name uploads
https://github.com/expressjs/multer/issues/1104
2024-04-27 22:58:32 +03:00
Cohee 1bcdc2652c Split pre and post listen setup tasks. Only shutdown plugins once 2024-04-27 21:41:32 +03:00
Cohee 212e61d2a1 Lazy initialization of Claude tokenizer. Add JSDoc for tokenizer handlers 2024-04-26 15:17:02 +03:00
Cohee 1b60e4a013 Init user storage module before server listening 2024-04-26 14:09:40 +03:00
Cohee 153638c2cd Add error handling to auto login 2024-04-24 23:14:26 +03:00
Cohee 3dcea41c4e Preserve a query string when redirecting to and from login 2024-04-16 18:44:11 +03:00
Cohee 4e1a9da840 Merge branch 'staging' into neo-server 2024-04-13 21:52:23 +03:00
Cohee ef917ebe4e Add JSDoc comments 2024-04-13 21:51:36 +03:00
steve02081504 f48d90a9c9 some fixes 2024-04-14 01:39:28 +08:00
Cohee 790185f9e9 Add disable CSRF to config.yaml. Add basicAuthMode to console args. 2024-04-13 19:35:27 +03:00
Cohee afad169118 Default whitelist to null 2024-04-13 02:23:38 +03:00
Cohee 7183416d1f Check account protection status on startup 2024-04-12 22:04:20 +03:00
Cohee dcbeab0aef Fix absolute paths for data root. Allow setting data root via console args. 2024-04-12 19:53:46 +03:00
steve02081504 072e09d0ed fix #2071 2024-04-13 00:51:34 +08:00
Cohee 58359c9682 Control whitelist mode with console flag 2024-04-12 01:33:39 +03:00
Cohee 411a8ef8a7 Enable CSRF for public endpoints. Split users module. Add rate limiter. 2024-04-09 21:58:16 +03:00
Cohee 497f38111f Merge branch 'staging' into neo-server 2024-04-09 20:26:03 +03:00
Cohee 877824a4f9 Add deprecated endpoint redirection 2024-04-09 16:20:38 +03:00
Cohee 3f3e23420d Working login flow 2024-04-07 23:08:19 +03:00
Cohee 6be86be0a7 Save user session to cookies 2024-04-07 19:12:22 +03:00
Cohee 0f105e0300 Fix circular deps, add Helmet https://helmetjs.github.io/ 2024-04-07 18:11:23 +03:00
Cohee c6ffe4502a Add user management endpoints 2024-04-07 17:44:40 +03:00
Cohee b07aef02c7 Persist CSRF and cookie secrets across server launches 2024-04-07 16:41:23 +03:00
Cohee 11193896b2 Add data migration procedure 2024-04-07 03:01:55 +03:00
Cohee b07a6a9a78 Update all endpoints to use user directories 2024-04-07 01:47:07 +03:00
Cohee cd5aec7368 Split user directories from public, part 1 2024-04-06 20:09:39 +03:00
Cohee 59daeeb37a Move default backgrounds to content manager 2024-04-06 17:43:59 +03:00
Cohee f71ec73d56 Fix tpyo + add clarity + lint 2024-04-03 01:00:20 +03:00
Wolfsblvt 3ccb63dd21 Server logging utilize tracking branch
- Use tracking branch instead of hardcoded "origin"
- Remove dev logging message if not on "staging" or "release"
2024-04-02 22:51:43 +02:00
Wolfsblvt 514c40228c Improve server version logging info
- Capture commit date and print that next to the branch
- Info for being on a dev branch
- Info for not being on the latest commit (fetch should've gotten it, if update script was run)
2024-04-02 22:17:21 +02:00
Cohee 50670c1e6a + more reused config variable 2024-03-30 22:52:57 +02:00
Cohee af6deda64d Null safety + reuse variable 2024-03-30 22:46:18 +02:00
Cohee 98dbe3364c Merge branch 'staging' into patch-1 2024-03-30 22:44:02 +02:00
Cohee c94460714d Whitelist to check listen mode via console 2024-03-30 22:42:51 +02:00
Cohee 4d98310848 Limit console log depth again (a little bit) 2024-03-30 22:38:09 +02:00
Lumi a8388259ab
Update server.js
Print warning if basicAuth username or password fails to parse.

In a normal case the user has no way to be informed if the username or password fails to parse. While this might end up being a skill issue on the users side it could help them to troubleshoot the issue.
2024-03-30 19:57:23 +01:00
Cohee a17206dd38 Merge branch 'staging' into instruct-rework 2024-03-30 14:56:37 +02:00
Wolfsblvt a951f68c8d cli server args precedency fix + port/listen arg
- Fixes precedence: cli > (env) > yaml > default
- Add cli arguments for port and listen
2024-03-29 02:35:43 +01:00
Cohee 1c01aafd51 Unrestrict console depth nesting 2024-03-28 00:16:35 +02:00
Cohee abb8bdbc1e Extract API endpoint for moving UI 2024-03-20 01:07:28 +02:00
Cohee b261c8c4a9 Extract API endpoints for images 2024-03-20 00:59:06 +02:00
Cohee 7dcd39c806 Extract API endpoints for quick replies 2024-03-20 00:46:46 +02:00
Cohee d448d4f65b Extract API endpoints for user avatars 2024-03-20 00:39:48 +02:00