Commit Graph

204 Commits

Author SHA1 Message Date
c4072a7e95 Sandbox: Remove multiple stages
While interesitng in theory, there is nothing to be gained here,
because we don't really have user input at those early stages.

As we are also not a privileged process, those early stage
sandboxes in the end are not worth it, since they increase
complexity while there is no benefit in practise.

So, reduce those 3 stages to a single one (enable()), which we
activate after CLI server has launched.
2021-10-03 23:53:56 +02:00
257675485d Template: Remove redundant debug output 2021-10-03 23:13:59 +02:00
94ade7238e CLI: Add 'version' command 2021-10-03 23:04:46 +02:00
fa5e75893f Add version.{h,cpp}: Returning version info 2021-10-03 23:01:19 +02:00
3d0fce590b Introduce CLI
main: Parse args using getopt_long() in main().

Begin implementation of a CLI. It can be launched
using ./qswiki config --cli.

Allow connecting to another instance using "attach" command.
This uses Unix domain sockets, and in the future can be used
to drop caches, reload template, etc.

Closes: #21
2021-10-03 17:05:46 +02:00
1082f8ac5a Permissions: Add toString()
Get a (reasonable) string representation of the permissions contained
in a Permissions object.
2021-10-03 17:01:48 +02:00
8b044d712b Authenticator: Introduce AUTH_DEFAULT_SALT_SIZE 2021-10-03 17:01:03 +02:00
5037a17fba utils: introduce trim() 2021-10-03 16:51:04 +02:00
164b2c19ee userDao: Implement list() 2021-10-03 16:51:04 +02:00
8d685dc581 Makefile: Remove -lseccomp as we don't need it anymore 2021-09-29 18:33:45 +02:00
ed43f5f700 submodules: update cpp-httplib 2021-09-29 18:28:18 +02:00
10f00aeb45 main: Pass absolute path of config file
As sandboxing code chroots and chdirs away,
2021-09-23 17:13:08 +02:00
67eb8b6428 sandbox: adjust to latest qssb.h 2021-09-23 17:13:08 +02:00
f26fd19fb4 submodules: sync with latest upstream 2021-09-23 17:13:08 +02:00
204a72da1f setup: Fix broken FTS DELETE op
Thie previous DELETE statement lead to strange
behaviours. It was pure luck this did not blow up
before all these years. It appears it may leave the index
in an undefined state, and the database recently started
to display strange behaviour in connection with newer sqlite
version.

Now, just remove the previous revision from the FTS index,
as for now, search only cares about the most recent revisions.

Also, remove redundant UPDATE trigger on revision table
We never update revisions, thus such trigger is simply
redundant.

Relevant: https://gitlab.gnome.org/GNOME/tracker/-/merge_requests/353
2021-09-23 17:13:08 +02:00
88816a4015 utils: html_xss(): Add ' and &
They REALLY should have been there from the beginning...
2021-06-15 18:37:52 +02:00
a930b7aea6 submodules: sync with latest upstream 2021-04-18 13:35:43 +02:00
250e4a94a6 Authenticator: pbkd5(): Mark as const 2021-04-18 13:35:43 +02:00
ac56b2f61d Random: Mark getRandom* const 2021-04-18 13:35:43 +02:00
4dc688f9eb utils: split: Rename all splitBy*() variants to split() 2021-04-18 13:35:02 +02:00
b995362d1f HandlerLogin: Remove dead code 2021-04-16 16:37:34 +02:00
9f9fd2920b template: Remove user_changepw, it's usersettings now 2021-04-16 16:37:34 +02:00
70c4bfaffa Introduce HandlerUserSettings to change user settings, e. g. pw changes 2021-04-16 16:37:34 +02:00
ac99894157 HandlerLogin: Use Authenticator, drop own logic 2021-03-26 23:02:03 +01:00
5693911e01 Introduce Authenticator: Centralizes Authentication/password check logic 2021-03-26 22:48:26 +01:00
e322587d07 Add usersettings template and config values 2021-03-26 22:45:09 +01:00
9840dbbeff Random: add getRandom(), returning std::vector<char> 2021-03-26 22:44:08 +01:00
d507c507e4 handlersearch: Allow all characters by escaping FTS
Escape FTS queries by simply treating everything as string.
Though this way a user cannot use operators, it's an improvement
over how it was done before.

Closes: #7
2021-03-25 21:44:02 +01:00
2aa11fc2b2 HandlerPageView: Add misisng check whether passed revision is most recent 2021-03-16 21:05:59 +01:00
e4562809a0 handlerpageedit: Retain comment when clicking preview 2021-03-08 11:37:45 +01:00
00392e2469 Parser: Add category to tagfinder to replace it with an empty str 2021-03-02 23:36:19 +01:00
dac07d23a9 HandlerPageView: Use revision from db, not query param, as template value.
Not a vulnerability, but more correct this way.
2021-01-29 16:46:13 +01:00
0c66fdf70d Handler: queryOption: Take default sort order param. History: default descending 2020-12-31 16:15:36 +01:00
b9ff4068bd Handler: QueryOptions: Change default to more natural ascending sort 2020-12-29 23:36:07 +01:00
821d799e3e submodules: sync each with latest repo HEAD 2020-11-20 15:53:16 +01:00
a6c08a3447 Parser: reformat and remove dead code 2020-11-15 20:27:48 +01:00
cd7e99bf30 template/quitesimple: insert missing space 2020-10-12 22:13:32 +02:00
bc24035f4d submodule/cpp-httplib: update to current release 2020-09-26 17:28:57 +02:00
75f76f58eb sandbox: First version using qssb.h 2020-09-26 17:13:29 +02:00
5abaaf67d0 HandlerPageView: Prevent viewing older revisions if not allowed 2020-09-21 21:44:26 +02:00
d974d4bfb6 Update git submodules 2020-09-06 12:19:12 +02:00
721348268a template/quitesimple: footer: Don't show login and edit time in portrait mode 2020-08-23 22:03:21 +02:00
de240786c7 Update README.md: Document build with git submodules 2020-08-23 17:38:06 +02:00
192c533f1f handlerlogin: Fix typo in error message 2020-08-23 17:29:33 +02:00
84b55f6e96 gitmodules: update qssb.h repo location 2020-08-23 17:20:25 +02:00
09ac87736d utils: localtime is not threadsafe, use localtime_r 2020-04-20 16:29:34 +02:00
3b2578b7f9 utils: simplify/optimize escaping 2020-04-19 22:45:51 +02:00
e435e84bfa random: cleanup, assume getrandom libc wrapper exists 2020-04-19 17:03:06 +02:00
f73dd3b295 Makefile: remove redundancies 2020-04-19 17:03:06 +02:00
c507c200a6 add qssb.h submodule 2020-04-19 17:03:06 +02:00