Commit graph

20 commits

Author SHA1 Message Date
Shyam Sunder
1a8de9ef3a all: purge remaining elasticsearch artifacts 2020-03-13 22:45:11 -04:00
Shyam Sunder
4fe9c5f4ca server/docker: use Alpine-based image for space savings 2019-09-29 19:22:43 -04:00
Shyam Sunder
54eab0aa35 server/image-hash: optionally allow for elasticsearch authentication 2019-09-15 16:50:47 -04:00
Hunternif
9e7c77cd73 server/build: require elasticsearch >=5.0.0., <7.0.0. 2019-04-17 23:15:01 +07:00
Shyam Sunder
e80c482891 server/func/images: Fix Unicode Error 2018-12-22 12:31:25 +01:00
Shyam Sunder
9730aa5c05 client: clean up required Python packages
* Packages that are only used in testing or development
have been moved to `dev-requirements.txt`
* Closes #178
* Minor rewrite to drop the `scikit-image` package, which
saves around 200MB in install size
2018-07-22 14:02:30 +02:00
ReAnzu
2a69f0193f server/auth: add token authentication
* Users are only authenticated against their password on login,
  and to retrieve a token
* Passwords are wiped from the GUI frontend and cookies
  after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option,
  the token is stored in the cookie
* Tokens correctly delete themselves on logout
* Tokens can expire at user-specified date
* Tokens have their last usage time
* Tokens can have user defined descriptions
* Users can manage login tokens in their account settings
2018-03-25 22:23:29 +02:00
ReAnzu
3f52aceca4 server/users: harden password hashes
- Changed password setup to use libsodium and argon2id (regular SHA256
  hashing for passwords is inadequate as modern GPU's can hash generate
  billions of hashes per second).
- Added code to auto migrate old passwords to the new password_hash if
  the existing password_hash matches either of the legacy password
  generation schemes (SHA1 or SHA256).
- Added migration to support new password_hash format length
- Added column password_revision. This field will default to 0, which
  all passwords will have till they're updated. After that each password
  hash method has a revision.
2018-03-08 23:40:47 +01:00
rr-
72056e0cd2 server/requirements: fix skimage package name...
Brain fart during previous commit...
2017-02-05 23:27:59 +01:00
rr-
4caa980bf8 server/build: add missing dependency
Althought szurubooru is now no longer dependent from image-match, the
pulled code still needs the skimage library.
2017-02-05 22:38:05 +01:00
rr-
fd30675124 server/image-hash: do not depend on image-match
While I hold this library in great esteem for its excellent work on
implementing the original paper, I have several problems with it:

- as of this commit, it (again) has bug fixes unreleased on pip
- its code is badly structured
    - forces OOP and then proceeds @staticmethod everything
    - bad class design, parameters are repeated in several places
    - terrible contract of make_record() and generate_signature()
    - ambiguous parameters: path vs. image path vs. image content
    - doesn't adhere to PEP-8
- depends on cairo just to render svg images almost no one uses this
  library with
2017-02-03 21:20:52 +01:00
rr-
1a59a74d63 server/image-hash: add image search engine 2016-12-26 15:00:16 +01:00
rr-
663aacdf82 server/tools: add lint script
Integrated both pylint and pycodestyle.
2016-08-14 16:46:50 +02:00
rr-
af62f8c45a server/general: ditch falcon for in-house WSGI app
For quite some time, I hated Falcon's class maps approach that caused
more chaos than good for Szurubooru. I've taken a look at the other
frameworks (hug, flask, etc) again, but they all looked too
bloated/over-engineered. I decided to just talk to WSGI myself.

Regex-based routing may not be the fastest in the world, but I'm fine
with response time of 10 ms for cached /posts.
2016-08-14 16:43:35 +02:00
rr-
d813601d92 server/api: log queries in debug mode 2016-05-08 20:33:16 +02:00
rr-
1c064778c6 server/tests: adapt freezegun
The reason why this is added to the project is because it has turned out
mocking the time is not as trivial as I originally anticipated
(specifically, there are some problems with SQLite).
2016-04-18 19:42:24 +02:00
rr-
07ea920def server/tests: switch to pytest 2016-04-15 18:00:06 +02:00
rr-
55cc7b59e4 client+server: switch to yaml config 2016-04-06 22:36:04 +02:00
rr-
d44bcdf3da server/util: add date time parser 2016-04-03 12:12:57 +02:00
rr-
e487adcc97 split files into client/ and server/ 2016-04-01 18:48:16 +02:00
Renamed from requirements.txt (Browse further)