Original Content
Share your personal projects or collaborate with others.
[Return] [Thread list] [Index] [Catalog] [Bottom] | Replies: 20 | Views: 318 | Currently viewing: 2
A thread for bug reports and feature requests. Since the website is centered around OC I thought it would be kinda fitting to use software that's also original, to some extent at least.
Current features:
- optional user accounts: this is supposed to work as a forum and as a generic Vichan replacement, the account requirement can simply be disabled although here it won't
- role based forum access: users can have any number of roles assigned (currently only used for mod roles), every forum has read and write access settings which can either allow everyone to access the forum, only the logged-in users, or users with selected roles
- hierarchical global-category-forum settings with setting inheritance and preservation in case of higher-level settings change: SNCA from the perspective of a regular user, but quite handy when it comes to configuring stuff imho
- configurable roles with over 40 different permissions: also SNCA, but allows to create roles like Approver when neeed, also since a user can have multiple roles the permissions of all roles are taken into account
- media and post approval: depending on settings either the attached files or entire posts can go through approval, unapproved posts aren't visible at all which solves the problem of visible links, approval can be triggered either by settings (which can force approval for all posts or posts made through VPN/Tor) or a wordfilter; users with accounts can be manually allowed to skip approval, users without accounts can be manually approved based on their anonymous session identifier (which is basically a cookie), this allows to approve users that use VPN or mobile IPs
- post editing with post edit history: depending on settings either the last post in a thread or all posts (with age limit of course) can be edited by the author, the history link is visible then in the lower right corner
- markdown formatting for posts: regular formattings like arrows, glow, (((echo))), RED TEXT are available too, and so are >> and >>>/forum/ replies
- embeds: YouTube, Voocaroo, Odysse, suggest more to be added; they can be added through config and don't require source code changes
- user-moderated threads: in a user-moderated thread the OP can delete or spoiler files, delete posts, and thread ban users
- inline images: a markdown feature, you can link an image (a formatting guide to be added soon) from an allowed source and it will be shown in the body of the post, without thumbnails though
- websocket-based live thread updates: totally not chudded from JSChan I promise, OK the code is not chudded because it works completely different here, but the idea itself is
- IP pruning: IPs are deleted from old posts after 7 days by default
- max proxy ban length: no permanent bans for VPN and Tor IPs, but of course they will be long enough, don't worry about this part
- invites: the website can be made invite-only with a few clicks, also selected users can be manually allowed to invite others
- captcha: you all know it already, but this one can work also with JS disabled, also enables automatically in case of spam
- minimal JS: all the basic features, including theme changes, captcha, reply box, and image expanding work without JS
- visitor statistics: shown on the home page and at the bottom of threads
- wordfilter editor: wordfilters can match the text exactly, after normalization (ignoring punctation, whitespace, homoglyphs), or with regex, a match can result in the post being modified, rejected, the poster banned, and all files uploaded banned too, depending on how a given wordfilter is configured
- file banning: files can be banned based on their perceptual hash or SHA-256 to filter out 'p and similar
- bookmarks: self-explanatory
- floating and cyclical threads: a floating thread doesn't get slid, a cyclical thread has old post sliding enabled, those two features were merged into one in Vichan with post sliding not even working iirc
- PPH stats: self-explanatory
- file deduplication: based on SHA-256, I once calculated it should bring about 20% of disk space reduction as compared to having duplicate files as in Vichan
- optional anonymous posting: a forum can be set to be anonymous, which is completely separate from account requirement, also the name field can be enabled which when used makes the post anonymous, an anonymous post is not shown in the user's post history
- CTRL+Enter post form submission
- probably some more that I omitted
Of course all the regular SNCA imageboard features like flags, tripcodes, IDs (kinda redundant with accounts here, but it can in theory be also used without accounts mind you), page limits, moderation actions, moderation log, PPH and TPH limits, search form, thread length limits, EXIF removal etc. are implemented too.
Allowed file formats are: PNG, JPEG, WEBP, GIF, MP3, WAV, WEBM, MP4, TXT, and PDF. The default total file size limit is 20 MB.
Important stuff: by default if you are logged in and your IP changes, you will be logged out. You can change it by going to the Account tab and scrolling down. All account updates require providing the current password. The email can be used to send you a new password if you forget the current one, so you don't really have to specify it unless you plan to forget your password or don't know what a password manager is.
Features that I plan to add (so you don't need to ask):
- LaTeX rendering
- Oekaki: haven't added it yet because it's an abandoned DNB of a codebase that still uses JQuery in an ancient version and I had no patience to integrate it
- notifications and thread watching: including some form of users mentions (@ with discord formatting maybe?)
- follows: in a limited form of having a tab with posts from followed users in chronological order and optional notifications
- private messages
- thread, forum hiding on overboard: not a high priority because of course we are going to get only good posts
- public mod log, ban page: some day, maybe
- Varnish support or in memory HTML caching: SNCA I care about
- JSON API: I used to be against the idea, but realized it will allow for having an alternative frontend, which would be an interesting experiment to make
Features I don't plan to add (so you don't need to ask):
- avatars, backgrounds
- upvotes, reddit karma in any form
- encrypted PMs: the last thing I need here is a 'p sharing ring
The source code is here. Tech stack is Scala, PostgreSQL, and that's it. I don't use any kind of a frontend framework, I use server-side rendering with JS used only for websocket stuff, relative time, replies showing up on hover, character counter on the post form and similar stuff that requires some sort of dynamic DOM modification, but is not actually required to use the website.
The hardware requirements are: 1 vcpu, 1 GB of RAM, at least 1 GB of swap for compilation which is required for updates.
As for security: passwords are hashed with Argon2id, there are CSRF tokens for logged-in users (obfuscated to prevent BREACH) and tokenless CSRF checks for anonymous users modeled after this blogpost (which I recommend to read if you know anything about this kind of stuff), rate limits for everything, proper CSP excluding inline JS and CSS because it would be just a matter of time until someone would create custom CSS with background image from an IP logger, proper normalization for IPv6 for bans/limiting, proper file type validation not based on extensions or reported MIME types from the post form. We should be fine I hope.
so much work done, thank you devGOD
Introduction and retention of code. Most of changes are additive which means I got the design mostly right from the beginning and could focus on adding features instead of writing and rewriting the same lines of code all the time. The codebase is quite small for this kind of a project, slightly above 26k LOC. November and February were DNB months because I was busy with SNCA, also the progress accelerated somewhat in April because I finally started using Codex to burn through the backlog, but that was only possible because all the foundational infrastructural work around session management, authorization, database caching, templating etc. had already been done and what was left was adding some moderation buttons or administration endpoints. For instance, account deletion means that for each of deleted accounts the threads, posts, post edits, and reports have to be either detached from the account (which just means setting the user ID to NULL) or deleted. All invites, roles, notes, bookmarks, and sessions have be deleted and in case of moderators, wordfilters, bans, banned files, news items, and notes have to be detached. The exact kind of a repetitive work that doesn't have to be done manually.
More detailed stats:
───────────────────────────────────────────────────────────────────────────────
Language Files Lines Blanks Comments Code Complexity
───────────────────────────────────────────────────────────────────────────────
Scala 143 21672 1972 402 19298 1601
(ULOC) 12645
-------------------------------------------------------------------------------
SVG 10 10 0 0 10 0
(ULOC) 10
-------------------------------------------------------------------------------
JavaScript 4 1686 257 70 1359 223
(ULOC) 1109
-------------------------------------------------------------------------------
SQL 4 644 90 0 554 0
(ULOC) 355
-------------------------------------------------------------------------------
CSS 3 1891 179 13 1699 0
(ULOC) 1049
-------------------------------------------------------------------------------
Markdown 2 411 88 0 323 0
(ULOC) 250
-------------------------------------------------------------------------------
License 1 661 117 0 544 0
(ULOC) 545
-------------------------------------------------------------------------------
Properties File 1 1 0 0 1 0
(ULOC) 1
-------------------------------------------------------------------------------
Shell 1 3 1 1 1 2
(ULOC) 3
-------------------------------------------------------------------------------
XML 1 12 1 0 11 0
(ULOC) 12
-------------------------------------------------------------------------------
YAML 1 16 1 0 15 0
(ULOC) 16
───────────────────────────────────────────────────────────────────────────────
Total 171 27007 2706 486 23815 1826
───────────────────────────────────────────────────────────────────────────────
Unique Lines of Code (ULOC) 15963
───────────────────────────────────────────────────────────────────────────────
New features:
- Anonymous threads: posts in an anonymous thread do not have the author's account linked; they are also not visible on user pages.
- Restricted threads: visible only to logged-in and activated users.
- Inline references to uploaded attachments: attachments can be referenced using
, where<index>designates the specific attachment to use. - Button to show/hide mod controls: located in the top bar, this button toggles the visibility of control buttons, IP hashes, etc.
Misc. improvements:
- Inline images now have the
no-referrerattribute; the Referer header will not be sent when downloading an image from an external source. - Removed the flickering effect caused by post timestamps being replaced with relative times during page refreshes.
>! [] (<index>)
Ok so it's not index but rather just an ordered number. I saw index and assumed you meant an array index, which starts with a 0. This is perfectly okay and intuitive, it just tripped me up. No need to change it.
kek, I actually subtract 1 from that index to get the proper internal array index, but thought starting with 1 will be consistent with page numbering
saar i made a merge request because I'm a 90 year old boomer who still uses RSS.
This website is COMPLETELY unusable until you update it
I'm not at home now and just took a look from phone, looks OK and will merge tomorrow, just check if you can replace the XML escaping method with
org.owasp.encoder.Encode which I already use for escaping embed links, if not, put a comment above so I don't wonder later why do I have a special method for that.Of course it makes sense it's like that
Actually scratch that I don't get it at all wtf
>>102
>As is by replacing what's between the arrows to the name of the file you want to see in that line?
No.
What you need to do is replace whats between the brackets with the sequence number of the attached file.
For example, I have dropped a pic on the "Files" section. I wish to put it on the next paragraph. I will write  and the pic will appear. If i have two pics uploaded and i want to also put the second pic right now, i will write .
You can also drag a pic directly onto the text area and it will automatically write , where x is the sequence number of the file.
>ok, i see what the (x) is for, but what about [y]?
In Markdown (a markup language), the [y] section is where you'd put the name of the file y, while (x) would be either the location of the file on the server or a link that leads to the pic. [y] is sort of a backup text description that appears in cases where the pic cannot load. In other words, if we have  and the picture is missing from the path "D:/pictures/cabbit.png", then instead of a picture of a glorious cabbit, a text saying "cabbit" will be there instead.
words words words basically @too2q recycled markdown code (since we already use it) and the [y] part is a leftover. You can search Markdown syntax to learn more about it (to make EPIC threads on the club).
I hope this explains it.
Edit Note: Forgor to but ` around the code parts.
Post actions
[Return] [Thread list] [Index] [Catalog] [Top] | Replies: 20 | Views: 318 | Currently viewing: 2