mirror of
https://github.com/wassname/talk.git
synced 2026-07-02 08:13:45 +08:00
Merge branch 'master' into fix-modqueue-counts
This commit is contained in:
+4
-1
@@ -161,7 +161,10 @@ async function searchUsers() {
|
||||
}
|
||||
|
||||
return data.users.nodes.map(user => {
|
||||
const emails = user.emails.join(', ');
|
||||
const emails = user.profiles
|
||||
.filter(({ provider }) => provider === 'local')
|
||||
.map(({ id }) => id)
|
||||
.join(', ');
|
||||
return {
|
||||
name: `${user.username} (${emails}) ${user.id.gray} - ${
|
||||
user.role.gray
|
||||
|
||||
@@ -209,10 +209,6 @@ const UserSchema = new Schema(
|
||||
delete ret.__v;
|
||||
delete ret._id;
|
||||
delete ret.password;
|
||||
delete ret.status.username.history;
|
||||
delete ret.status.banned.history;
|
||||
delete ret.status.suspension.history;
|
||||
delete ret.tokens;
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@@ -92,6 +92,7 @@
|
||||
"dotenv": "^4.0.0",
|
||||
"ejs": "^2.5.7",
|
||||
"env-rewrite": "^1.0.2",
|
||||
"escape-html": "^1.0.3",
|
||||
"eventemitter2": "^4.1.2",
|
||||
"exports-loader": "^0.6.4",
|
||||
"express": "4.16.0",
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
document.addEventListener('DOMContentLoaded', function(event) {
|
||||
localStorage.setItem('auth', document.getElementById('auth').innerText);
|
||||
setTimeout(function() { window.close(); }, 50);
|
||||
});
|
||||
+23
-3
@@ -12,6 +12,8 @@ const debug = require('debug')('talk:services:passport');
|
||||
const bowser = require('bowser');
|
||||
const ms = require('ms');
|
||||
const _ = require('lodash');
|
||||
const { attachStaticLocals } = require('../middleware/staticTemplate');
|
||||
const { encodeJSONForHTML } = require('./response');
|
||||
|
||||
// Create a redis client to use for authentication.
|
||||
const { createClientFactory } = require('./redis');
|
||||
@@ -81,6 +83,11 @@ const HandleGenerateCredentials = (req, res, next) => (err, user) => {
|
||||
|
||||
SetTokenForSafari(req, res, token);
|
||||
|
||||
// Set the cache control headers.
|
||||
res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate');
|
||||
res.header('Expires', '-1');
|
||||
res.header('Pragma', 'no-cache');
|
||||
|
||||
// Send back the details!
|
||||
res.json({ user, token });
|
||||
};
|
||||
@@ -89,15 +96,28 @@ const HandleGenerateCredentials = (req, res, next) => (err, user) => {
|
||||
* Returns the response to the login attempt via a popup callback with some JS.
|
||||
*/
|
||||
const HandleAuthPopupCallback = (req, res, next) => (err, user) => {
|
||||
res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate');
|
||||
res.header('Expires', '-1');
|
||||
res.header('Pragma', 'no-cache');
|
||||
|
||||
// Ensure the only scripts that can run here are those on the Talk domain.
|
||||
res.header('Content-Security-Policy', "default-src 'self';");
|
||||
|
||||
// Attach static locals to the response locals object.
|
||||
attachStaticLocals(res.locals);
|
||||
|
||||
// Attach the encoder on the response locals object.
|
||||
res.locals.encodeJSONForHTML = encodeJSONForHTML;
|
||||
|
||||
if (err) {
|
||||
return res.render('auth-callback', {
|
||||
auth: JSON.stringify({ err, data: null }),
|
||||
auth: { err, data: null },
|
||||
});
|
||||
}
|
||||
|
||||
if (!user) {
|
||||
return res.render('auth-callback', {
|
||||
auth: JSON.stringify({ err: errors.ErrNotAuthorized, data: null }),
|
||||
auth: { err: errors.ErrNotAuthorized, data: null },
|
||||
});
|
||||
}
|
||||
|
||||
@@ -108,7 +128,7 @@ const HandleAuthPopupCallback = (req, res, next) => (err, user) => {
|
||||
|
||||
// We logged in the user! Let's send back the user data.
|
||||
res.render('auth-callback', {
|
||||
auth: JSON.stringify({ err: null, data: { user, token } }),
|
||||
auth: { err: null, data: { user, token } },
|
||||
});
|
||||
};
|
||||
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
const escapeHTMLEntities = require('escape-html');
|
||||
|
||||
/**
|
||||
* encodeJSONForHTML will encode an object to be loaded on an HTML page.
|
||||
*
|
||||
* @param {Object} obj javascript object to encode
|
||||
*/
|
||||
const encodeJSONForHTML = obj => escapeHTMLEntities(JSON.stringify(obj));
|
||||
|
||||
module.exports = { escapeHTMLEntities, encodeJSONForHTML };
|
||||
@@ -1,12 +1,7 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<body>
|
||||
<script type="text/javascript">
|
||||
<%/* set the auth data in localStorage, this will ensure that only
|
||||
javascript on the same domain can access the data, they can listen
|
||||
for updates by attaching to localStorage event changes */%>
|
||||
localStorage.setItem('auth', '<%- auth %>');
|
||||
setTimeout(function() { window.close(); }, 50);
|
||||
</script>
|
||||
<script type="application/json" id="auth"><%- encodeJSONForHTML(auth) %></script>
|
||||
<script type="text/javascript" src="<%= STATIC_URL %>public/javascripts/auth-callback.js"></script>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -2931,7 +2931,7 @@ es6-weak-map@^2.0.1:
|
||||
es6-iterator "^2.0.1"
|
||||
es6-symbol "^3.1.1"
|
||||
|
||||
escape-html@~1.0.3:
|
||||
escape-html@^1.0.3, escape-html@~1.0.3:
|
||||
version "1.0.3"
|
||||
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user