oftc / oftc-servicesweb Goto Github PK

View Code? Open in Web Editor NEW

3.0 10.0 3.0 345 KB

Web Interface for OFTC IRC Services

CSS 0.79% JavaScript 88.20% HTML 11.01% Vim Script 0.01%

oftc-servicesweb's People

Contributors

Stargazers

Watchers

Forkers

global-localhost global19 global19-atlassian-net

oftc-servicesweb's Issues

Known moderate severity security vulnerability in jquery v< 3.0.0

From: GitHub [email protected]

We found a potential security vulnerability in a repository which you have been granted security alert access.

oftc/oftc-servicesweb
https://github.com/oftc/oftc-servicesweb
Known moderate severity security vulnerability in jquery v< 3.0.0, defined in
https://github.com/oftc/oftc-servicesweb/blob/master/package.json
https://github.com/oftc/oftc-servicesweb/blob/master/package.json update suggested: jquery v3.0.0
Always verify the validity and compatibility of suggestions with your codebase.
Review the vulnerable dependency:
https://github.com/oftc/oftc-servicesweb/network/dependencies

Open source, privacy-respecting CAPTCHA?

Could a CAPTCHA other than ReCAPTCHA be used? ReCAPTCHA is very difficult to complete over Tor (if you try it will often make you go through many times more tries than normal), and it is impossible to complete without running proprietary JavaScript. In addition I would prefer not to help train Google's AI :) Is there any chance a more privacy-respecting CAPTCHA could be used instead?

I am not much of a programmer so I don't know if this would suit the project well, but trekjs/captcha seems to be a decent option in JS with no extra C/C++/ImageMagick dependencies.

Redirect to login

At the moment https://services.oftc.net/account/verify throws status code 401 'unauthorized' as json for not-logged-in users. It should either say something less confusing, or redirect to the login page.

Redirect to /login

Servicesweb should redirect to /login on any unauthed access to private pages. @cryogen had actually implemented this, but unfortunately it redirected /login as well. The commits 2a9e970, 6421ce4, and cdf634c have been reverted for now, but we should look into resurrecting them once someone figures out how to properly do the redirects.

error running query { [error: invalid byte sequence for encoding "UTF8": 0xeb 0x6c 0x20]

If a user's ircname isn't valid UTF-8, we fail login using a non-helpful error message on the user's end: "An error occured submitting your information". Internally, it's "invalid byte sequence for encoding "UTF8": 0xeb 0x6c 0x20]".

The internet (brianc/node-postgres#906) says the database config would accept client_encoding, but that didn't work here. (The user reported sending the POST request, just not getting a response at that point. Not sure if the setting made any difference, though.)

TypeError: Uncaught error: Cannot read property 'primary_nickname' of undefined

Mar 26 14:46:27 mosaic nodejs[13907]: success validating 154817
Mar 26 14:47:13 mosaic nodejs[13907]: Debug: internal, implementation, error
Mar 26 14:47:13 mosaic nodejs[13907]: TypeError: Uncaught error: Cannot read property 'primary_nickname' of undefined
Mar 26 14:47:13 mosaic nodejs[13907]: at /home/oftc/servicesweb/oftc-servicesweb/server/controllers/api/account.js:42:37
Mar 26 14:47:13 mosaic nodejs[13907]: at /home/oftc/servicesweb/oftc-servicesweb/server/accountrepository.js:39:20
Mar 26 14:47:13 mosaic nodejs[13907]: at null.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/server/database.js:19:13)
Mar 26 14:47:13 mosaic nodejs[13907]: at b [as callback] (domain.js:183:18)
Mar 26 14:47:13 mosaic nodejs[13907]: at Query.handleReadyForQuery (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/query.js:89:10)
Mar 26 14:47:13 mosaic nodejs[13907]: at null.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/client.js:163:19)
Mar 26 14:47:13 mosaic nodejs[13907]: at emit (events.js:117:20)
Mar 26 14:47:13 mosaic nodejs[13907]: at CleartextStream.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/connection.js:109:12)
Mar 26 14:47:13 mosaic nodejs[13907]: at CleartextStream.emit (events.js:95:17)
Mar 26 14:47:13 mosaic nodejs[13907]: at CleartextStream.<anonymous> (_stream_readable.js:748:14)
Mar 26 14:47:23 mosaic nodejs[13907]: Debug: internal, implementation, error
Mar 26 14:47:23 mosaic nodejs[13907]: TypeError: Uncaught error: Cannot read property 'primary_nickname' of undefined
Mar 26 14:47:23 mosaic nodejs[13907]: at /home/oftc/servicesweb/oftc-servicesweb/server/controllers/api/account.js:42:37
Mar 26 14:47:23 mosaic nodejs[13907]: at /home/oftc/servicesweb/oftc-servicesweb/server/accountrepository.js:39:20
Mar 26 14:47:23 mosaic nodejs[13907]: at null.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/server/database.js:19:13)
Mar 26 14:47:23 mosaic nodejs[13907]: at b [as callback] (domain.js:183:18)
Mar 26 14:47:23 mosaic nodejs[13907]: at Query.handleReadyForQuery (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/query.js:89:10)
Mar 26 14:47:23 mosaic nodejs[13907]: at null.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/client.js:163:19)
Mar 26 14:47:23 mosaic nodejs[13907]: at emit (events.js:117:20)
Mar 26 14:47:23 mosaic nodejs[13907]: at CleartextStream.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/connection.js:109:12)
Mar 26 14:47:23 mosaic nodejs[13907]: at CleartextStream.emit (events.js:95:17)
Mar 26 14:47:23 mosaic nodejs[13907]: at CleartextStream.<anonymous> (_stream_readable.js:748:14)
Mar 26 14:47:26 mosaic nodejs[13907]: Debug: internal, implementation, error
Mar 26 14:47:26 mosaic nodejs[13907]: TypeError: Uncaught error: Cannot read property 'primary_nickname' of undefined
Mar 26 14:47:26 mosaic nodejs[13907]: at /home/oftc/servicesweb/oftc-servicesweb/server/controllers/api/account.js:42:37
Mar 26 14:47:26 mosaic nodejs[13907]: at /home/oftc/servicesweb/oftc-servicesweb/server/accountrepository.js:39:20
Mar 26 14:47:26 mosaic nodejs[13907]: at null.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/server/database.js:19:13)
Mar 26 14:47:26 mosaic nodejs[13907]: at b [as callback] (domain.js:183:18)
Mar 26 14:47:26 mosaic nodejs[13907]: at Query.handleReadyForQuery (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/query.js:89:10)
Mar 26 14:47:26 mosaic nodejs[13907]: at null.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/client.js:163:19)
Mar 26 14:47:26 mosaic nodejs[13907]: at emit (events.js:117:20)
Mar 26 14:47:26 mosaic nodejs[13907]: at CleartextStream.<anonymous> (/home/oftc/servicesweb/oftc-servicesweb/node_modules/pg/lib/connection.js:109:12)
Mar 26 14:47:26 mosaic nodejs[13907]: at CleartextStream.emit (events.js:95:17)
Mar 26 14:47:26 mosaic nodejs[13907]: at CleartextStream.<anonymous> (_stream_readable.js:748:14)
Mar 26 15:40:53 mosaic nodejs[13907]: success validating 154667

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.