Thibault Duplessis
58863d9e35
refactor ping v4
2018-12-15 17:23:41 +08:00
Thibault Duplessis
4a2ee05e02
replace play.api.i18n.Lang with lila.common.Lang
...
as to make sure their default implicit doesn't sneak
where it shouldn't.
Using a default lang is now made explicit by
lila.i18n.defaultLang
2018-12-05 17:42:39 +07:00
Thibault Duplessis
5ac9ec8dee
rewrite timeline templates
2018-12-03 19:26:27 +07:00
Thibault Duplessis
15c6548bfc
fix doctype
2018-12-03 16:10:20 +07:00
Thibault Duplessis
d8b5c3b4d1
more template rewrites
2018-12-02 19:37:13 +07:00
Thibault Duplessis
0cce215650
more scalatags integration
2018-12-02 18:05:31 +07:00
Thibault Duplessis
c077322e60
setup scalatags and integrate with play html
2018-12-02 16:27:19 +07:00
Thibault Duplessis
0f9c6003e4
fix user TV race condition - closes #4614
...
If the game finishes between page load and websocket connection,
the spectator can remain stuck on the finished game.
Now checking if a new game is available on websocket connection.
2018-11-11 13:01:33 +01:00
Thibault Duplessis
e2735f9365
put mobile app form errors both in json root AND error subobject
...
because it uses a mix of both
2018-10-07 20:21:53 +02:00
Thibault Duplessis
42c60a5730
fix API form error format - closes #4646
2018-09-29 13:31:39 +02:00
Thibault Duplessis
accb4b0cbd
simplify and randomize assets versions - closes #4561
...
Requires replacing the following nginx config:
rewrite ^/assets/\d+/(.*)$ /assets/$1;
with
rewrite "^/assets/\w{6}/(.*)$" /assets/$1;
2018-09-09 16:27:57 +02:00
Thibault Duplessis
a5053e2d41
refactor json form error result
2018-08-21 10:31:13 +02:00
Thibault Duplessis
f3c86900b1
import body parsers
2018-08-21 10:26:43 +02:00
Thibault Duplessis
5c47acf27c
OAuth mod API
...
Available endpoints:
POST /mod/:username/engine/:v
POST /mod/:username/booster/:v
POST /mod/:username/troll/:v
POST /mod/:username/ban/:v
POST /mod/:username/delete-pms-and-chats
POST /mod/:username/warn
POST /mod/:username/close
POST /mod/:username/reopen
POST /mod/:username/rankban/:v
POST /mod/:username/reportban/:v
POST /mod/:username/notify-slack
POST /mod/chat-panic
2018-08-20 23:07:08 +02:00
Thibault Duplessis
e0a60576ba
permission selector type
2018-08-20 23:07:08 +02:00
Thibault Duplessis
c3f0d2b38f
/api/stream/mod
2018-07-30 07:01:25 +02:00
Thibault Duplessis
27975e0ec0
done removing Boolean.fold
2018-07-20 12:21:06 +02:00
Thibault Duplessis
40497b41e9
remove Boolean.fold - what's wrong with if-else?
2018-07-20 11:41:46 +02:00
Thibault Duplessis
0a775dee73
/api alias for /games/export - closes #4441
...
See https://lichess.org/api#operation/apiGamesUser
2018-07-13 19:48:20 +02:00
Thibault Duplessis
2d87373446
fix ipban login
2018-05-12 08:48:53 -05:00
Thibault Duplessis
f9ac82f827
on dev and stage, every user has the Beta permission
2018-05-11 01:32:22 +02:00
Thibault Duplessis
049f8637e4
we should have HTTP 1.1 everywhere now
2018-05-09 04:39:07 +02:00
Thibault Duplessis
6c13e4431b
reuse isPage
2018-05-08 03:08:22 +02:00
Niklas Fiekas
62e180a6b5
use Option[Nonce] instead of stub
2018-05-08 02:55:47 +02:00
Thibault Duplessis
ba8996da19
only generate nonce for actual page requests (not XHR or WS)
2018-05-08 02:19:25 +02:00
Thibault Duplessis
134287091e
move nonce from Context to PageData
2018-05-08 01:51:10 +02:00
Thibault Duplessis
f83fedfc2e
stream games as application/x-ndjson
2018-05-07 01:26:42 +02:00
Thibault Duplessis
8724766fc7
no longer mix cookies and oauth on any endpoint
...
With an exception for /games/export/:username.
This endpoint works without any auth, with cookie auth, and with oauth.
The only difference is in throttling.
2018-04-27 01:58:29 +02:00
Thibault Duplessis
4d76940d39
add support for bot chat messages
2018-04-18 16:02:23 +02:00
Thibault Duplessis
49c3663a24
restrict what a bot account can do
2018-04-18 01:15:58 +02:00
Thibault Duplessis
9a97fc9780
let everyone download everyone's games
...
but throttle it depending on auth and whose games are DL
2018-04-04 00:50:22 +02:00
Thibault Duplessis
061455e56a
monitor oauth usage
2018-04-03 17:08:37 +02:00
Thibault Duplessis
92ef2b9ae9
require HTTP/1.1 for chunked responses
2018-04-03 06:27:40 +02:00
Thibault Duplessis
46d9ce72fe
kid mode write API
2018-04-03 05:11:26 +02:00
Thibault Duplessis
c709f92111
new kid API, OAuth2 compatible
2018-04-03 02:33:30 +02:00
Thibault Duplessis
e7482e301c
implement OAuth scopes
2018-04-01 03:48:52 +02:00
Thibault Duplessis
aa1337d299
page hit monitoring
2018-03-28 16:52:27 +02:00
Thibault Duplessis
52ed5d08f3
better handle oauth failures
2018-03-07 15:37:05 -05:00
Thibault Duplessis
0fca0bcf99
streamer list WIP
2017-12-30 00:05:58 -05:00
Thibault Duplessis
bac3292c74
implement runtime settings
2017-11-29 10:55:11 -05:00
Thibault Duplessis
e03a5733a1
cascade garbage collection effects
2017-11-11 22:20:49 -05:00
Thibault Duplessis
81b8a5a344
fix 404 handler
2017-11-10 23:10:35 -05:00
Thibault Duplessis
ec653582ab
controller code cleanup
2017-11-10 00:18:23 -05:00
Thibault Duplessis
23bf3280c2
synchronous firewall
2017-10-23 09:36:17 -05:00
Thibault Duplessis
a85bffaf22
apply playban to tournaments
2017-10-19 23:02:55 -05:00
Thibault Duplessis
cdf2f56981
Revert "Merge branch 'scala-2.12-play-2.6' of github.com:ornicar/lila"
...
This reverts commit 2d3b4872c7
, reversing
changes made to 04f1d4ae6d
.
2017-09-09 10:01:35 -05:00
Thibault Duplessis
6976440040
replace Global object with new play handler classes
2017-08-30 14:30:21 -05:00
Thibault Duplessis
17dc9f1bab
fix much migration deprecation warnings
2017-08-30 12:55:22 -05:00
Thibault Duplessis
26e8fe5850
migration WIP and manual wiring of play components
2017-08-26 17:03:02 -05:00
Thibault Duplessis
ebfeeb55aa
app compiles but crashes at runtime
2017-08-26 14:43:04 -05:00
Thibault Duplessis
2578a4f384
migration WIP - next: Websockets
2017-08-26 10:35:57 -05:00
Thibault Duplessis
664804bc47
reformat (scalariform upgrade)
2017-08-23 18:56:39 -05:00
Thibault Duplessis
597e17037c
fix impersonation
2017-08-10 18:14:40 -05:00
Thibault Duplessis
b461162408
implement admin impersonation
2017-08-03 12:43:29 +02:00
Thibault Duplessis
bd9c997375
translation: multiple message DBs, start arena.xml
2017-07-06 14:12:34 +02:00
Raymond Wanyoike
7c2673fd28
Use `negotiate` to handle 403 errors, `isSynchronousHttp`
...
API, XHR, and Socket requests get proper responses.
2017-06-15 17:14:06 +03:00
Raymond Wanyoike
5adcbf6f30
Add a styled unauthorized page (403)
...
The current 403 page returns a plain "no permission" text, this change adds a
styled 403 page to match the site design.
2017-06-14 23:23:53 +03:00
Thibault Duplessis
4440ef438d
fix mobile app form errors translations
2017-06-05 17:03:17 +02:00
Thibault Duplessis
fc0f2ea06f
make ?bg= query param even override session preferences
2017-05-30 14:41:39 +02:00
Thibault Duplessis
fad609ceaf
remove i18n subdomains, WIP
2017-05-26 17:15:15 +02:00
Thibault Duplessis
8455507988
more i18n rewrite WIP
2017-05-26 16:07:14 +02:00
Thibault Duplessis
40b65029e9
mod inquiry WIP
2017-05-10 01:23:10 +02:00
Thibault Duplessis
9d2ea0235c
inquiry mode WIP
2017-05-09 22:59:28 +02:00
Thibault Duplessis
eab7937adc
refactor anon context preferences
2017-05-05 12:39:04 +02:00
Thibault Duplessis
5354e636f8
fix signin redirect to XHR /challenge
2017-03-24 11:58:02 +01:00
Thibault Duplessis
f4179a0cda
move OnlineFriends to the relation module - for #2681
2017-02-17 10:56:57 +01:00
Thibault Duplessis
800a508839
no longer ask the actor for a user's online friends - for #2681
2017-02-17 10:52:07 +01:00
Thibault Duplessis
5ce0a01066
more ip address type safety
2017-02-16 10:41:24 +01:00
Thibault Duplessis
12f3e93f89
rewrite language redirection code - fixes #2562
2017-02-15 17:12:17 +01:00
Thibault Duplessis
54cdf0ca65
reformat ALL the code, using sbt-scalariform
2017-02-14 16:34:07 +01:00
Thibault Duplessis
3f69c49362
let twitter export lichess boards as PNG
2017-02-05 13:25:05 +01:00
Thibault Duplessis
33152421eb
make tournament schedule fetch users asynchronously
2017-01-30 12:37:06 +01:00
Thibault Duplessis
e9fe78b1f0
map with direct execution context
2017-01-27 02:12:21 +01:00
Thibault Duplessis
1986cb3235
replace spray caching with AsyncCache2 in many places
2017-01-26 23:22:12 +01:00
Thibault Duplessis
4b8c3064e0
preload logged in user
2017-01-26 12:22:53 +01:00
Thibault Duplessis
b4108e8cb7
typesafe asset version, load only once per page
2017-01-25 16:11:18 +01:00
Thibault Duplessis
6233c0f075
explicit synchronous access to LightUser cache
2017-01-25 12:33:04 +01:00
Thibault Duplessis
ee1e881a18
remove dead code and unused imports
2017-01-15 13:26:08 +01:00
Thibault Duplessis
608c41f976
tournament api join feedback - closes #2481
2017-01-09 09:44:13 +01:00
Thibault Duplessis
838b48b741
{master} replace lobby socket token bucket consumer with memo rate limiter
2016-12-08 11:15:52 +01:00
Thibault Duplessis
a7169d9627
relocate websocket controller code
2016-12-04 13:59:12 +01:00
Thibault Duplessis
554a10105c
disallow TV embedding
...
since the TV page reloads for each game,
it can be heavy on the server when embedded
on a popular page
2016-11-12 00:14:46 +01:00
Thibault Duplessis
5b978129b3
rename controller logger
2016-11-02 13:15:41 +01:00
Thibault Duplessis
d84827e1a7
use proper PGN content type in export endpoints
2016-10-21 15:23:59 +02:00
Thibault Duplessis
a5ce477f5d
Revert "Allow CSRF WS for BC (lichess4545) - REVERT ME"
...
This reverts commit 47798abce2
.
2016-09-24 10:17:14 +02:00
Thibault Duplessis
47798abce2
Allow CSRF WS for BC (lichess4545) - REVERT ME
2016-09-23 12:29:49 +02:00
Thibault Duplessis
3ce402ec96
protect WS endpoints against CSRF - for #2270
2016-09-23 12:21:37 +02:00
Thibault Duplessis
ca3284d4c3
don't forget lazy eval notation!
2016-09-12 09:46:53 +02:00
Thibault Duplessis
2e208e9d13
fix CSRF check
2016-09-12 09:35:36 +02:00
Thibault Duplessis
d1f89e4147
CSRF small refactor
2016-09-12 09:33:44 +02:00
Niklas Fiekas
f9d759c826
Open[Body] and Auth[Body] should cover it all
2016-09-12 00:46:10 +02:00
Thibault Duplessis
06d3c99743
only authenticate websockets with correct Origin - only log for now
2016-09-11 19:34:09 +02:00
Thibault Duplessis
338bfe3581
coach credentials WIP
2016-09-01 20:02:08 +02:00
Thibault Duplessis
4b96a923d2
monitor and ratelimit study PGN export
2016-08-18 11:16:54 +02:00
Thibault Duplessis
1e91acc491
show line icons in friends box
2016-07-24 18:25:11 +02:00
Thibault Duplessis
7cf8357735
prevent heavy forum DB queries
2016-07-18 11:07:18 +02:00
Thibault Duplessis
605f4a46b0
typesafe ApiVersion
2016-07-15 19:41:48 +02:00
Thibault Duplessis
685d31de67
fix mobile API versioning
2016-07-12 15:38:58 +02:00
Thibault Duplessis
fb3a70f7c3
disallow expensive API calls to search crawlers
2016-07-10 10:08:02 +02:00
Gordon Martin
9ae946a759
implement ornicar's suggestions.
2016-07-04 22:25:58 +01:00
Gordon Martin
3a462df646
Add TV icon next to a friend on the user's friends list if they're playing a game to allow them to click it and spectate.
2016-07-04 20:32:22 +01:00
Thibault Duplessis
f7e56a0270
allow login through TOR
2016-06-20 17:31:53 +02:00
Thibault Duplessis
efed169648
make notifications behave more like challenges
2016-06-02 20:42:53 +02:00
Thibault Duplessis
e92d6c9a21
fix notification cache
2016-06-01 00:25:21 +02:00
Thibault Duplessis
2a859495db
remove rendered notifications
2016-05-31 15:49:23 +02:00
Thibault Duplessis
04e5807e4b
fix compilation (import overwrites)
2016-05-30 15:35:40 +02:00
Gordon Martin
382c8f1812
Introducing a new notifications system for showing notifications for things like study invitations and forum post mentions - and much more in the future.
2016-05-30 13:51:36 +01:00
Thibault Duplessis
a5252db5a7
display username when rate limiting the lobby socket
2016-03-21 14:41:03 +07:00
Thibault Duplessis
53135d41da
completely rewrite logging: part 1
2016-03-20 15:55:26 +07:00
Thibault Duplessis
88ba7dcf92
Revert "rate limit player and watcher sockets"
...
Apparently a terrible performance regression.
Production CPU went berserk.
How to reproduce in test env?
This reverts commit b66bb61380
.
2016-03-19 13:14:20 +07:00
Thibault Duplessis
b66bb61380
rate limit player and watcher sockets
2016-03-19 12:21:58 +07:00
Thibault Duplessis
85adc5c408
name socket rate limiters
2016-03-07 13:00:45 +07:00
Thibault Duplessis
e68db75cee
rename token bucket
2016-03-07 12:05:51 +07:00
Thibault Duplessis
9d85b52950
rate limit lobby socket using a token bucket actor implementation
2016-03-07 11:48:59 +07:00
Thibault Duplessis
174aa46255
fix challenge rematch permissions - fixes #1652
...
also some refactoring
and a close button on the modal box
2016-02-29 08:55:07 +07:00
Thibault Duplessis
a848314580
limit user API
2016-02-26 08:25:28 +07:00
Thibault Duplessis
1d7ac36b55
session IDs for all \o/
2016-02-07 15:19:21 +07:00
Thibault Duplessis
086a684641
make sure the mobile anonymous user has an sid cookie
2016-02-06 20:35:11 +07:00
Thibault Duplessis
17edc5067c
fix challenge cancel/decline from quicklist
2016-02-04 15:33:09 +07:00
Thibault Duplessis
a2969fc919
more challenges refactoring
2016-02-01 12:40:31 +07:00
Thibault Duplessis
c491861d3d
fix JSON form errors - fixes #1222
...
`{"":["Invalid username or password"]}`
is now
`{"global":["Invalid username or password"]}`
2015-11-12 11:13:17 +07:00
Thibault Duplessis
616fec4da2
make extra-sure game pages and tournament pages are not cached
...
even by back/next browser buttons,
as to avoid out of sync clocks
2015-11-10 23:52:50 +07:00
Thibault Duplessis
e4f0fbae5c
more 404
2015-09-20 11:20:38 +02:00
Thibault Duplessis
863c1f9a18
parameterize request type
2015-09-17 11:32:37 +02:00
Thibault Duplessis
0eea631148
remove unused lang property of User.Active
2015-09-04 14:23:18 +02:00
Thibault Duplessis
16e9bef6fa
prevent new game creation before completion of the former one
2015-08-15 22:25:49 +02:00
Thibault Duplessis
e5fc633e2f
can't change mod email
2015-08-13 00:51:31 +02:00
Thibault Duplessis
a2c209fc6e
ensure each user is fingerprinted only once
2015-08-12 12:27:45 +02:00
Thibault Duplessis
55c345064c
so much work on this opening coach :o
2015-07-24 23:40:50 +02:00
Thibault Duplessis
d21c62d364
more tournament schedule tweaks
2015-06-21 20:40:19 +02:00
Thibault Duplessis
11b51a2759
kick boosters out of tournaments - closes #610
2015-06-21 16:22:42 +02:00
Thibault Duplessis
0aca924ab1
some things are not meant to be cached
2015-06-19 17:36:31 +02:00
Jimmie Elvenmark
d44e5517c3
support xhr POST requests without data
...
fixes #561 , fixes #396
Different browsers set different content-type when posting without data,
content-type shouldn't matter without data.
tested tournament/simul in chromium/firefox/surf(webkit)
2015-06-11 17:50:05 +02:00
Thibault Duplessis
705e646103
enforce temporary play ban
2015-04-26 12:08:13 +02:00
Thibault Duplessis
cb45563260
kid safety
2015-04-10 10:47:00 +02:00
Thibault Duplessis
050978e365
disallow sandbaggers in tournaments
2015-03-04 21:59:21 +01:00
Thibault Duplessis
c1d6bceb3a
report current app version in api/status
2015-01-24 11:36:05 +01:00
Thibault Duplessis
fa1a1cf914
store mobile API version in security collection
2015-01-24 04:49:13 +01:00
Thibault Duplessis
6072b18c49
Merge branch 'master' into ScalaEvaluator
...
* master:
improve game widgets and sides, and TV history
fix pt translation
fix hook config color
break lobby API BC for the lulz
translate Q&A title
show chess960 position number - closes #214
catch pov priority sort errors
disallow rated white seeks for some variants
protect round xhr and websocket against theft
protect round sockets - WIP
Conflicts:
modules/chess
2015-01-23 01:37:10 +01:00
Thibault Duplessis
f3d35dbfb8
protect round xhr and websocket against theft
2015-01-22 14:39:17 +01:00
Thibault Duplessis
7a68d171e8
protect round sockets - WIP
2015-01-22 09:33:19 +01:00
clarkerubber
06a77ce18f
Isolate side-effects
2015-01-20 02:37:42 +11:00
Thibault Duplessis
2f4f2bc4f2
implement SecureBody
2015-01-19 16:17:36 +01:00
Thibault Duplessis
12b855037d
redirect to user preferred language domain
2014-12-31 16:36:16 +01:00
Thibault Duplessis
01b3dd99d0
api json 404
2014-12-11 14:41:55 +01:00
Thibault Duplessis
90e2398601
HTTP API should always return JSON
2014-12-03 20:22:52 +01:00
Thibault Duplessis
1e8749f049
remove firewall logging
2014-11-17 23:43:58 +01:00
Thibault Duplessis
25ac3fcaa5
Vary: Accept on API endpoints
2014-10-12 13:02:25 +02:00
Thibault Duplessis
9b780c0d5c
accept API requests regardless of the accepts header order
2014-09-30 22:17:49 +02:00
Thibault Duplessis
48a1b4afef
hack API accepts
2014-09-30 21:30:14 +02:00