deepcrayon
/
lila
1
0
Fork 0
Code Releases Activity
45,022 Commits
472 Branches
4 Tags
480 MiB
Commit Graph

388 Commits (4282b6bcf31eba841d9548324ecb449351a464e7)

Author SHA1 Message Date
Thibault Duplessis 58863d9e35 refactor ping v4 2018-12-15 17:23:41 +08:00
Thibault Duplessis 4a2ee05e02 replace play.api.i18n.Lang with lila.common.Lang 
as to make sure their default implicit doesn't sneak
where it shouldn't.
Using a default lang is now made explicit by
lila.i18n.defaultLang
 2018-12-05 17:42:39 +07:00
Thibault Duplessis 5ac9ec8dee rewrite timeline templates 2018-12-03 19:26:27 +07:00
Thibault Duplessis 15c6548bfc fix doctype 2018-12-03 16:10:20 +07:00
Thibault Duplessis d8b5c3b4d1 more template rewrites 2018-12-02 19:37:13 +07:00
Thibault Duplessis 0cce215650 more scalatags integration 2018-12-02 18:05:31 +07:00
Thibault Duplessis c077322e60 setup scalatags and integrate with play html 2018-12-02 16:27:19 +07:00
Thibault Duplessis 0f9c6003e4 fix user TV race condition - closes #4614 
If the game finishes between page load and websocket connection,
the spectator can remain stuck on the finished game.

Now checking if a new game is available on websocket connection.
 2018-11-11 13:01:33 +01:00
Thibault Duplessis e2735f9365 put mobile app form errors both in json root AND error subobject 
because it uses a mix of both
 2018-10-07 20:21:53 +02:00
Thibault Duplessis 42c60a5730 fix API form error format - closes #4646 2018-09-29 13:31:39 +02:00
Thibault Duplessis accb4b0cbd simplify and randomize assets versions - closes #4561 
Requires replacing the following nginx config:

    rewrite ^/assets/\d+/(.*)$ /assets/$1;

with

    rewrite "^/assets/\w{6}/(.*)$" /assets/$1;
 2018-09-09 16:27:57 +02:00
Thibault Duplessis a5053e2d41 refactor json form error result 2018-08-21 10:31:13 +02:00
Thibault Duplessis f3c86900b1 import body parsers 2018-08-21 10:26:43 +02:00
Thibault Duplessis 5c47acf27c OAuth mod API 
Available endpoints:

POST  /mod/:username/engine/:v
POST  /mod/:username/booster/:v
POST  /mod/:username/troll/:v
POST  /mod/:username/ban/:v
POST  /mod/:username/delete-pms-and-chats
POST  /mod/:username/warn
POST  /mod/:username/close
POST  /mod/:username/reopen
POST  /mod/:username/rankban/:v
POST  /mod/:username/reportban/:v
POST  /mod/:username/notify-slack
POST  /mod/chat-panic
 2018-08-20 23:07:08 +02:00
Thibault Duplessis e0a60576ba permission selector type 2018-08-20 23:07:08 +02:00
Thibault Duplessis c3f0d2b38f /api/stream/mod 2018-07-30 07:01:25 +02:00
Thibault Duplessis 27975e0ec0 done removing Boolean.fold 2018-07-20 12:21:06 +02:00
Thibault Duplessis 40497b41e9 remove Boolean.fold - what's wrong with if-else? 2018-07-20 11:41:46 +02:00
Thibault Duplessis 0a775dee73 /api alias for /games/export - closes #4441 
See https://lichess.org/api#operation/apiGamesUser
 2018-07-13 19:48:20 +02:00
Thibault Duplessis 2d87373446 fix ipban login 2018-05-12 08:48:53 -05:00
Thibault Duplessis f9ac82f827 on dev and stage, every user has the Beta permission 2018-05-11 01:32:22 +02:00
Thibault Duplessis 049f8637e4 we should have HTTP 1.1 everywhere now 2018-05-09 04:39:07 +02:00
Thibault Duplessis 6c13e4431b reuse isPage 2018-05-08 03:08:22 +02:00
Niklas Fiekas 62e180a6b5 use Option[Nonce] instead of stub 2018-05-08 02:55:47 +02:00
Thibault Duplessis ba8996da19 only generate nonce for actual page requests (not XHR or WS) 2018-05-08 02:19:25 +02:00
Thibault Duplessis 134287091e move nonce from Context to PageData 2018-05-08 01:51:10 +02:00
Thibault Duplessis f83fedfc2e stream games as application/x-ndjson 2018-05-07 01:26:42 +02:00
Thibault Duplessis 8724766fc7 no longer mix cookies and oauth on any endpoint 
With an exception for /games/export/:username.

This endpoint works without any auth, with cookie auth, and with oauth.
The only difference is in throttling.
 2018-04-27 01:58:29 +02:00
Thibault Duplessis 4d76940d39 add support for bot chat messages 2018-04-18 16:02:23 +02:00
Thibault Duplessis 49c3663a24 restrict what a bot account can do 2018-04-18 01:15:58 +02:00
Thibault Duplessis 9a97fc9780 let everyone download everyone's games 
but throttle it depending on auth and whose games are DL
 2018-04-04 00:50:22 +02:00
Thibault Duplessis 061455e56a monitor oauth usage 2018-04-03 17:08:37 +02:00
Thibault Duplessis 92ef2b9ae9 require HTTP/1.1 for chunked responses 2018-04-03 06:27:40 +02:00
Thibault Duplessis 46d9ce72fe kid mode write API 2018-04-03 05:11:26 +02:00
Thibault Duplessis c709f92111 new kid API, OAuth2 compatible 2018-04-03 02:33:30 +02:00
Thibault Duplessis e7482e301c implement OAuth scopes 2018-04-01 03:48:52 +02:00
Thibault Duplessis aa1337d299 page hit monitoring 2018-03-28 16:52:27 +02:00
Thibault Duplessis 52ed5d08f3 better handle oauth failures 2018-03-07 15:37:05 -05:00
Thibault Duplessis 0fca0bcf99 streamer list WIP 2017-12-30 00:05:58 -05:00
Thibault Duplessis bac3292c74 implement runtime settings 2017-11-29 10:55:11 -05:00
Thibault Duplessis e03a5733a1 cascade garbage collection effects 2017-11-11 22:20:49 -05:00
Thibault Duplessis 81b8a5a344 fix 404 handler 2017-11-10 23:10:35 -05:00
Thibault Duplessis ec653582ab controller code cleanup 2017-11-10 00:18:23 -05:00
Thibault Duplessis 23bf3280c2 synchronous firewall 2017-10-23 09:36:17 -05:00
Thibault Duplessis a85bffaf22 apply playban to tournaments 2017-10-19 23:02:55 -05:00
Thibault Duplessis cdf2f56981 Revert "Merge branch 'scala-2.12-play-2.6' of github.com:ornicar/lila" 
This reverts commit 2d3b4872c7, reversing
changes made to 04f1d4ae6d.
 2017-09-09 10:01:35 -05:00
Thibault Duplessis 6976440040 replace Global object with new play handler classes 2017-08-30 14:30:21 -05:00
Thibault Duplessis 17dc9f1bab fix much migration deprecation warnings 2017-08-30 12:55:22 -05:00
Thibault Duplessis 26e8fe5850 migration WIP and manual wiring of play components 2017-08-26 17:03:02 -05:00
Thibault Duplessis ebfeeb55aa app compiles but crashes at runtime 2017-08-26 14:43:04 -05:00
Thibault Duplessis 2578a4f384 migration WIP - next: Websockets 2017-08-26 10:35:57 -05:00
Thibault Duplessis 664804bc47 reformat (scalariform upgrade) 2017-08-23 18:56:39 -05:00
Thibault Duplessis 597e17037c fix impersonation 2017-08-10 18:14:40 -05:00
Thibault Duplessis b461162408 implement admin impersonation 2017-08-03 12:43:29 +02:00
Thibault Duplessis bd9c997375 translation: multiple message DBs, start arena.xml 2017-07-06 14:12:34 +02:00
Raymond Wanyoike 7c2673fd28 Use `negotiate` to handle 403 errors, `isSynchronousHttp` 
API, XHR, and Socket requests get proper responses.
 2017-06-15 17:14:06 +03:00
Raymond Wanyoike 5adcbf6f30 Add a styled unauthorized page (403) 
The current 403 page returns a plain "no permission" text, this change adds a
styled 403 page to match the site design.
 2017-06-14 23:23:53 +03:00
Thibault Duplessis 4440ef438d fix mobile app form errors translations 2017-06-05 17:03:17 +02:00
Thibault Duplessis fc0f2ea06f make ?bg= query param even override session preferences 2017-05-30 14:41:39 +02:00
Thibault Duplessis fad609ceaf remove i18n subdomains, WIP 2017-05-26 17:15:15 +02:00
Thibault Duplessis 8455507988 more i18n rewrite WIP 2017-05-26 16:07:14 +02:00
Thibault Duplessis 40b65029e9 mod inquiry WIP 2017-05-10 01:23:10 +02:00
Thibault Duplessis 9d2ea0235c inquiry mode WIP 2017-05-09 22:59:28 +02:00
Thibault Duplessis eab7937adc refactor anon context preferences 2017-05-05 12:39:04 +02:00
Thibault Duplessis 5354e636f8 fix signin redirect to XHR /challenge 2017-03-24 11:58:02 +01:00
Thibault Duplessis f4179a0cda move OnlineFriends to the relation module - for #2681 2017-02-17 10:56:57 +01:00
Thibault Duplessis 800a508839 no longer ask the actor for a user's online friends - for #2681 2017-02-17 10:52:07 +01:00
Thibault Duplessis 5ce0a01066 more ip address type safety 2017-02-16 10:41:24 +01:00
Thibault Duplessis 12f3e93f89 rewrite language redirection code - fixes #2562 2017-02-15 17:12:17 +01:00
Thibault Duplessis 54cdf0ca65 reformat ALL the code, using sbt-scalariform 2017-02-14 16:34:07 +01:00
Thibault Duplessis 3f69c49362 let twitter export lichess boards as PNG 2017-02-05 13:25:05 +01:00
Thibault Duplessis 33152421eb make tournament schedule fetch users asynchronously 2017-01-30 12:37:06 +01:00
Thibault Duplessis e9fe78b1f0 map with direct execution context 2017-01-27 02:12:21 +01:00
Thibault Duplessis 1986cb3235 replace spray caching with AsyncCache2 in many places 2017-01-26 23:22:12 +01:00
Thibault Duplessis 4b8c3064e0 preload logged in user 2017-01-26 12:22:53 +01:00
Thibault Duplessis b4108e8cb7 typesafe asset version, load only once per page 2017-01-25 16:11:18 +01:00
Thibault Duplessis 6233c0f075 explicit synchronous access to LightUser cache 2017-01-25 12:33:04 +01:00
Thibault Duplessis ee1e881a18 remove dead code and unused imports 2017-01-15 13:26:08 +01:00
Thibault Duplessis 608c41f976 tournament api join feedback - closes #2481 2017-01-09 09:44:13 +01:00
Thibault Duplessis 838b48b741 {master} replace lobby socket token bucket consumer with memo rate limiter 2016-12-08 11:15:52 +01:00
Thibault Duplessis a7169d9627 relocate websocket controller code 2016-12-04 13:59:12 +01:00
Thibault Duplessis 554a10105c disallow TV embedding 
since the TV page reloads for each game,
it can be heavy on the server when embedded
on a popular page
 2016-11-12 00:14:46 +01:00
Thibault Duplessis 5b978129b3 rename controller logger 2016-11-02 13:15:41 +01:00
Thibault Duplessis d84827e1a7 use proper PGN content type in export endpoints 2016-10-21 15:23:59 +02:00
Thibault Duplessis a5ce477f5d Revert "Allow CSRF WS for BC (lichess4545) - REVERT ME" 
This reverts commit 47798abce2.
 2016-09-24 10:17:14 +02:00
Thibault Duplessis 47798abce2 Allow CSRF WS for BC (lichess4545) - REVERT ME 2016-09-23 12:29:49 +02:00
Thibault Duplessis 3ce402ec96 protect WS endpoints against CSRF - for #2270 2016-09-23 12:21:37 +02:00
Thibault Duplessis ca3284d4c3 don't forget lazy eval notation! 2016-09-12 09:46:53 +02:00
Thibault Duplessis 2e208e9d13 fix CSRF check 2016-09-12 09:35:36 +02:00
Thibault Duplessis d1f89e4147 CSRF small refactor 2016-09-12 09:33:44 +02:00
Niklas Fiekas f9d759c826 Open[Body] and Auth[Body] should cover it all 2016-09-12 00:46:10 +02:00
Thibault Duplessis 06d3c99743 only authenticate websockets with correct Origin - only log for now 2016-09-11 19:34:09 +02:00
Thibault Duplessis 338bfe3581 coach credentials WIP 2016-09-01 20:02:08 +02:00
Thibault Duplessis 4b96a923d2 monitor and ratelimit study PGN export 2016-08-18 11:16:54 +02:00
Thibault Duplessis 1e91acc491 show line icons in friends box 2016-07-24 18:25:11 +02:00
Thibault Duplessis 7cf8357735 prevent heavy forum DB queries 2016-07-18 11:07:18 +02:00
Thibault Duplessis 605f4a46b0 typesafe ApiVersion 2016-07-15 19:41:48 +02:00
Thibault Duplessis 685d31de67 fix mobile API versioning 2016-07-12 15:38:58 +02:00
Thibault Duplessis fb3a70f7c3 disallow expensive API calls to search crawlers 2016-07-10 10:08:02 +02:00
Gordon Martin 9ae946a759 implement ornicar's suggestions. 2016-07-04 22:25:58 +01:00
Gordon Martin 3a462df646 Add TV icon next to a friend on the user's friends list if they're playing a game to allow them to click it and spectate. 2016-07-04 20:32:22 +01:00
Thibault Duplessis f7e56a0270 allow login through TOR 2016-06-20 17:31:53 +02:00
Thibault Duplessis efed169648 make notifications behave more like challenges 2016-06-02 20:42:53 +02:00
Thibault Duplessis e92d6c9a21 fix notification cache 2016-06-01 00:25:21 +02:00
Thibault Duplessis 2a859495db remove rendered notifications 2016-05-31 15:49:23 +02:00
Thibault Duplessis 04e5807e4b fix compilation (import overwrites) 2016-05-30 15:35:40 +02:00
Gordon Martin 382c8f1812 Introducing a new notifications system for showing notifications for things like study invitations and forum post mentions - and much more in the future. 2016-05-30 13:51:36 +01:00
Thibault Duplessis a5252db5a7 display username when rate limiting the lobby socket 2016-03-21 14:41:03 +07:00
Thibault Duplessis 53135d41da completely rewrite logging: part 1 2016-03-20 15:55:26 +07:00
Thibault Duplessis 88ba7dcf92 Revert "rate limit player and watcher sockets" 
Apparently a terrible performance regression.
Production CPU went berserk.

How to reproduce in test env?

This reverts commit b66bb61380.
 2016-03-19 13:14:20 +07:00
Thibault Duplessis b66bb61380 rate limit player and watcher sockets 2016-03-19 12:21:58 +07:00
Thibault Duplessis 85adc5c408 name socket rate limiters 2016-03-07 13:00:45 +07:00
Thibault Duplessis e68db75cee rename token bucket 2016-03-07 12:05:51 +07:00
Thibault Duplessis 9d85b52950 rate limit lobby socket using a token bucket actor implementation 2016-03-07 11:48:59 +07:00
Thibault Duplessis 174aa46255 fix challenge rematch permissions - fixes #1652 
also some refactoring
and a close button on the modal box
 2016-02-29 08:55:07 +07:00
Thibault Duplessis a848314580 limit user API 2016-02-26 08:25:28 +07:00
Thibault Duplessis 1d7ac36b55 session IDs for all \o/ 2016-02-07 15:19:21 +07:00
Thibault Duplessis 086a684641 make sure the mobile anonymous user has an sid cookie 2016-02-06 20:35:11 +07:00
Thibault Duplessis 17edc5067c fix challenge cancel/decline from quicklist 2016-02-04 15:33:09 +07:00
Thibault Duplessis a2969fc919 more challenges refactoring 2016-02-01 12:40:31 +07:00
Thibault Duplessis c491861d3d fix JSON form errors - fixes #1222 
`{"":["Invalid username or password"]}`

is now

`{"global":["Invalid username or password"]}`
 2015-11-12 11:13:17 +07:00
Thibault Duplessis 616fec4da2 make extra-sure game pages and tournament pages are not cached 
even by back/next browser buttons,
as to avoid out of sync clocks
 2015-11-10 23:52:50 +07:00
Thibault Duplessis e4f0fbae5c more 404 2015-09-20 11:20:38 +02:00
Thibault Duplessis 863c1f9a18 parameterize request type 2015-09-17 11:32:37 +02:00
Thibault Duplessis 0eea631148 remove unused lang property of User.Active 2015-09-04 14:23:18 +02:00
Thibault Duplessis 16e9bef6fa prevent new game creation before completion of the former one 2015-08-15 22:25:49 +02:00
Thibault Duplessis e5fc633e2f can't change mod email 2015-08-13 00:51:31 +02:00
Thibault Duplessis a2c209fc6e ensure each user is fingerprinted only once 2015-08-12 12:27:45 +02:00
Thibault Duplessis 55c345064c so much work on this opening coach :o 2015-07-24 23:40:50 +02:00
Thibault Duplessis d21c62d364 more tournament schedule tweaks 2015-06-21 20:40:19 +02:00
Thibault Duplessis 11b51a2759 kick boosters out of tournaments - closes #610 2015-06-21 16:22:42 +02:00
Thibault Duplessis 0aca924ab1 some things are not meant to be cached 2015-06-19 17:36:31 +02:00
Jimmie Elvenmark d44e5517c3 support xhr POST requests without data 
fixes #561, fixes #396
Different browsers set different content-type when posting without data,
content-type shouldn't matter without data.
tested tournament/simul in chromium/firefox/surf(webkit)
 2015-06-11 17:50:05 +02:00
Thibault Duplessis 705e646103 enforce temporary play ban 2015-04-26 12:08:13 +02:00
Thibault Duplessis cb45563260 kid safety 2015-04-10 10:47:00 +02:00
Thibault Duplessis 050978e365 disallow sandbaggers in tournaments 2015-03-04 21:59:21 +01:00
Thibault Duplessis c1d6bceb3a report current app version in api/status 2015-01-24 11:36:05 +01:00
Thibault Duplessis fa1a1cf914 store mobile API version in security collection 2015-01-24 04:49:13 +01:00
Thibault Duplessis 6072b18c49 Merge branch 'master' into ScalaEvaluator 
* master:
  improve game widgets and sides, and TV history
  fix pt translation
  fix hook config color
  break lobby API BC for the lulz
  translate Q&A title
  show chess960 position number - closes #214
  catch pov priority sort errors
  disallow rated white seeks for some variants
  protect round xhr and websocket against theft
  protect round sockets - WIP

Conflicts:
	modules/chess
 2015-01-23 01:37:10 +01:00
Thibault Duplessis f3d35dbfb8 protect round xhr and websocket against theft 2015-01-22 14:39:17 +01:00
Thibault Duplessis 7a68d171e8 protect round sockets - WIP 2015-01-22 09:33:19 +01:00
clarkerubber 06a77ce18f Isolate side-effects 2015-01-20 02:37:42 +11:00
Thibault Duplessis 2f4f2bc4f2 implement SecureBody 2015-01-19 16:17:36 +01:00
Thibault Duplessis 12b855037d redirect to user preferred language domain 2014-12-31 16:36:16 +01:00
Thibault Duplessis 01b3dd99d0 api json 404 2014-12-11 14:41:55 +01:00
Thibault Duplessis 90e2398601 HTTP API should always return JSON 2014-12-03 20:22:52 +01:00
Thibault Duplessis 1e8749f049 remove firewall logging 2014-11-17 23:43:58 +01:00
Thibault Duplessis 25ac3fcaa5 Vary: Accept on API endpoints 2014-10-12 13:02:25 +02:00
Thibault Duplessis 9b780c0d5c accept API requests regardless of the accepts header order 2014-09-30 22:17:49 +02:00
Thibault Duplessis 48a1b4afef hack API accepts 2014-09-30 21:30:14 +02:00