3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00
Commit Graph

61 Commits

Author SHA1 Message Date
Shivaram Lingamneni
317720bfc8
Merge pull request #1632 from slingamn/mysql_safety
fix #1622
2021-04-25 23:14:40 -04:00
Shivaram Lingamneni
e14aace1da
Merge pull request #1635 from slingamn/pass
fix #1634 (forward-porting to master)
2021-04-25 21:34:12 -04:00
Shivaram Lingamneni
97ba1c3d63 fix #1634:
1. Fix auth bypass in the default configuration with the addition of
   server.password (the REGISTER command was allowed before connection
   registration, allowing unauthenticated users to REGISTER and then
   take advantage of skip-server-password)
2. Caution operators against the use of require-sasl without disabling
   user-initiated account registration. (Such a configuration is still valid
   in the case of a public server that requires everyone to register.)
2021-04-25 19:22:08 -04:00
Shivaram Lingamneni
5eed48c077 fix #1622
Allow users to set max MySQL connections and connection lifetime;
set a sane default for max connections if it's not present.
2021-04-23 13:54:44 -04:00
jesopo
c74a64b888 add massmessage oper capab to default.yaml 2021-04-20 10:50:52 +00:00
Shivaram Lingamneni
1a5d079670 fix #1611
Allow setting the minimum TLS version
2021-04-18 21:40:33 -04:00
Shivaram Lingamneni
1fc513cef0 document SNI 2021-04-07 23:30:24 -04:00
Shivaram Lingamneni
03185ea4a9 deprecate message truncation
Implements #1577, but the issue should remain open until we clean up
the debugging loglines.
2021-03-04 22:29:34 -05:00
Shivaram Lingamneni
42316bc04f fix #1176
Transition most "is an operator" checks to require a specific operator
capability
2021-02-09 22:07:06 -05:00
Shivaram Lingamneni
e191e67632 reduce recommended bcrypt cost to the lowest allowed value
Two objectives:

1. Reduce thundering-herd effects on server restart (a cost of 4 should be
approximately 1 millisecond of CPU time per reconnecting client)
2. Speed up mobile reattach as much as possible (see also #1420)
2021-01-21 01:42:28 -05:00
Shivaram Lingamneni
2e7cf3cc1e
Merge pull request #1496 from slingamn/jointime.1
fix #1490
2021-01-21 01:20:45 -05:00
Shivaram Lingamneni
4a48e52518 fix #1490
Track channel join times, use them to optionally enforce history access
restrictions
2021-01-20 21:13:18 -05:00
Shivaram Lingamneni
e195854851 fix #1442
strip local_ from oper capab names, also consolidate unban into ban
2021-01-19 06:45:30 -05:00
Shivaram Lingamneni
48166b5b4b Implement expiration for always-on clients
Fixes #810
2020-12-21 05:11:50 -05:00
Shivaram Lingamneni
b3daf51f0a clean up some config comments 2020-12-09 02:09:35 -05:00
Shivaram Lingamneni
84e3b5d77b stop autocreating d-lines for throttle violations
This didn't work correctly for IPv6 or custom nets.
/UNDLINE IP can temporarily be used to reset the throttle.
2020-12-08 22:01:23 -05:00
a68d4da5df
{default,traditional}.yaml: refer to IPs/CIDR instead of addrs
Whenever CIDR is mentioned in the config, it's in combination with IP so
talking about addressese in these points gives wrong impression that a
domain name would be valid as those are often thought as addresses.
2020-12-07 12:40:58 +02:00
Daniel Oaks
cd6d9826b2 Tweaked oper blocks.
I think that 'moderator vs admin' is a pretty common set of priv levels,
whereas 'oper vs admin' is a little confusing, esp. to less irc-savvy
people.

/SAJOIN and /SAMODE are really common for joining channels to check out
what's going on and for e.g. opping someone when nobody in the channel
is opered, so it makes sense for mods to have those. I feel similarly
about vhosts, they're usually something that's delegated to less-prived
opers.

Changed the whois line from 'a server admin' to 'the server admin' to
make it a bit more clear that this is one single user, rather than a set
of privs to be shared. And it's a tiny thing, but removed the 'less
privileged' term from alice's oper block because it felt a bit dodgy.
2020-12-06 17:01:32 +10:00
Shivaram Lingamneni
c8d999c95f clean up and clarify example operator blocks
See #1426
2020-12-05 20:40:44 -05:00
Shivaram Lingamneni
f9b842c88b fix #1421
Allow custom limit definitions that encompass multiple subnets
2020-12-04 14:24:19 -05:00
Shivaram Lingamneni
3ee6fd1f6c allow overriding services hostname
Fixes #1407
2020-11-29 00:02:26 -05:00
Shivaram Lingamneni
c57828eb62 documentation updates for proxy v2 2020-11-19 17:01:56 -05:00
Shivaram Lingamneni
3062f97c2b fix #1389
Support PROXY protocol v2, including ahead of plaintext connections
2020-11-19 12:31:58 -05:00
Shivaram Lingamneni
9c4b086113
Merge pull request #1355 from slingamn/invite
security enhancements for INVITE
2020-10-26 13:30:41 -07:00
Shivaram Lingamneni
42d246b557 improve security properties of INVITE
See #1171.
2020-10-25 22:09:17 -04:00
Shivaram Lingamneni
203fc580f4 fix #1049 2020-10-25 13:58:57 -04:00
Shivaram Lingamneni
dcb05ae0c2 update references to conventional.yaml 2020-10-23 00:27:55 -04:00
Shivaram Lingamneni
eb5a16821f review fix: remove config blocks for vhost requests 2020-10-23 00:12:53 -04:00
Shivaram Lingamneni
76e3d67b66 replace suppress-ident with coerce-ident 2020-10-20 13:48:19 -04:00
Shivaram Lingamneni
a37a91694c fix #1337 2020-10-19 10:52:38 -04:00
Shivaram Lingamneni
e69c6659b1 disable snomasks by default
See #1309
2020-10-09 08:44:24 -04:00
Shivaram Lingamneni
3346af2b36 change example oper vhost to 'staff' 2020-10-09 08:09:30 -04:00
Shivaram Lingamneni
78b2f61707 fix #1194 2020-10-09 08:03:26 -04:00
Shivaram Lingamneni
c470f63daf fix #1312 2020-10-08 16:33:27 -04:00
Shivaram Lingamneni
9ed789f67c fix #1075 2020-10-06 18:04:29 -04:00
Shivaram Lingamneni
a19324b948 fix #1293 2020-10-05 07:35:18 -04:00
Shivaram Lingamneni
127a03ccf3 fix #1295 2020-10-01 09:42:08 -04:00
Shivaram Lingamneni
1a98a37a75 scripting API for IP bans
See discussion on #68.
2020-09-14 04:28:12 -04:00
Shivaram Lingamneni
af056f26a9 fixes and refactoring 2020-09-09 05:35:04 -04:00
Shivaram Lingamneni
3962ff8643 deprecate roleplay commands
See #1240
2020-09-09 03:57:51 -04:00
Shivaram Lingamneni
8102d1ddb6 Merge remote-tracking branch 'origin/master' into master+relaymsg 2020-09-09 03:55:41 -04:00
Shivaram Lingamneni
307adba8bd fix #1213 2020-09-07 06:00:53 -04:00
Shivaram Lingamneni
20fcbe5147 remove stray references to timeout enforcement
These should have been removed in #1027.
2020-08-25 14:11:13 -04:00
Shivaram Lingamneni
6628a3d1c6 fix #1244 2020-08-23 18:11:10 -04:00
Shivaram Lingamneni
9d17ed41b5 clarify which option is the default 2020-08-19 15:32:32 -04:00
Shivaram Lingamneni
a4d119907e fix #1228 2020-08-18 22:35:44 -04:00
Shivaram Lingamneni
32c58c1e1f fix #1190 2020-07-17 04:19:33 -04:00
Shivaram Lingamneni
0a6c1f7cc6
Merge pull request #1189 from slingamn/tagmsg_storage.1
make TAGMSG storage configurable
2020-07-12 10:57:00 -07:00
Shivaram Lingamneni
205e8c1b76
Merge pull request #1187 from slingamn/defcon.2
fix #328 (implement DEFCON)
2020-07-09 19:44:15 -07:00
Shivaram Lingamneni
bca3dd0b41 make TAGMSG storage configurable 2020-07-09 20:17:50 -04:00