User: too2q

>>33
making a thread anonymous is super easy, making a thread restricted complicates every single query that returns posts to be displayed anywhere because now we must also check if the thread is restricted.
this is because an anonymous post is just a post with name, while there is no concept of a restricted post

>>29
/oc3/ for people who want the account requirement AND don't want their accounts attached to their posts

>>22
oh and hover braps itself if the linked post is too big

>>27
i mean just a logged-in board

>>20
see >>>/oc/4 for the feature list, make a post there if you have any suggestions or noticed a bug
i think the feature i will add next will be mentions and notification, see the post above, i don't get any notification while i should have

also I think we could have /oc2/ that would be just like /oc/, but not visible to outsiders

>>7
>Log in to access download
we can't have shit it seems

>>24
access to a restricted board, obviously

Introduction and retention of code. Most of changes are additive which means I got the design mostly right from the beginning and could focus on adding features instead of writing and rewriting the same lines of code all the time. The codebase is quite small for this kind of a project, slightly above 26k LOC. November and February were DNB months because I was busy with SNCA, also the progress accelerated somewhat in April because I finally started using Codex to burn through the backlog, but that was only possible because all the foundational infrastructural work around session management, authorization, database caching, templating etc. had already been done and what was left was adding some moderation buttons or administration endpoints. For instance, account deletion means that for each of deleted accounts the threads, posts, post edits, and reports have to be either detached from the account (which just means setting the user ID to NULL) or deleted. All invites, roles, notes, bookmarks, and sessions have be deleted and in case of moderators, wordfilters, bans, banned files, news items, and notes have to be detached. The exact kind of a repetitive work that doesn't have to be done manually.

More detailed stats:

───────────────────────────────────────────────────────────────────────────────
Language                 Files     Lines   Blanks  Comments     Code Complexity
───────────────────────────────────────────────────────────────────────────────
Scala                      143     21672     1972       402    19298       1601
(ULOC)                             12645
-------------------------------------------------------------------------------
SVG                         10        10        0         0       10          0
(ULOC)                                10
-------------------------------------------------------------------------------
JavaScript                   4      1686      257        70     1359        223
(ULOC)                              1109
-------------------------------------------------------------------------------
SQL                          4       644       90         0      554          0
(ULOC)                               355
-------------------------------------------------------------------------------
CSS                          3      1891      179        13     1699          0
(ULOC)                              1049
-------------------------------------------------------------------------------
Markdown                     2       411       88         0      323          0
(ULOC)                               250
-------------------------------------------------------------------------------
License                      1       661      117         0      544          0
(ULOC)                               545
-------------------------------------------------------------------------------
Properties File              1         1        0         0        1          0
(ULOC)                                 1
-------------------------------------------------------------------------------
Shell                        1         3        1         1        1          2
(ULOC)                                 3
-------------------------------------------------------------------------------
XML                          1        12        1         0       11          0
(ULOC)                                12
-------------------------------------------------------------------------------
YAML                         1        16        1         0       15          0
(ULOC)                                16
───────────────────────────────────────────────────────────────────────────────
Total                      171     27007     2706       486    23815       1826
───────────────────────────────────────────────────────────────────────────────
Unique Lines of Code (ULOC)        15963
───────────────────────────────────────────────────────────────────────────────

>>5
because you also have to increase the limit in Nginx, and then wait for the file to be actually uploaded, but if they are so big, revert the change back to 20MB and post a link to annas archive instead

>(((google drive)))
just upload the pdf
>>2
everyphono cares

>>22
That doesn't necessarily have to be a requirement, we can have some sort of a "trusted" role given after spending a month on the website or so, but in general having an account on itself is not that high barrier to entry.

In theory, yes, by creating a board that's visible only to logged-in users. But we don't have such a board yet, with the exception of the janny board.

Some more screenshots

A thread for bug reports and feature requests. Since the website is centered around OC I thought it would be kinda fitting to use software that's also original, to some extent at least.

Current features:

• optional user accounts: this is supposed to work as a forum and as a generic Vichan replacement, the account requirement can simply be disabled although here it won't
• role based forum access: users can have any number of roles assigned (currently only used for mod roles), every forum has read and write access settings which can either allow everyone to access the forum, only the logged-in users, or users with selected roles
• hierarchical global-category-forum settings with setting inheritance and preservation in case of higher-level settings change: SNCA from the perspective of a regular user, but quite handy when it comes to configuring stuff imho
• configurable roles with over 40 different permissions: also SNCA, but allows to create roles like Approver when neeed, also since a user can have multiple roles the permissions of all roles are taken into account
• media and post approval: depending on settings either the attached files or entire posts can go through approval, unapproved posts aren't visible at all which solves the problem of visible links, approval can be triggered either by settings (which can force approval for all posts or posts made through VPN/Tor) or a wordfilter; users with accounts can be manually allowed to skip approval, users without accounts can be manually approved based on their anonymous session identifier (which is basically a cookie), this allows to approve users that use VPN or mobile IPs
• post editing with post edit history: depending on settings either the last post in a thread or all posts (with age limit of course) can be edited by the author, the history link is visible then in the lower right corner
• markdown formatting for posts: regular formattings like arrows, glow, (((echo))), RED TEXT are available too, and so are >> and >>>/forum/ replies
• embeds: YouTube, Voocaroo, Odysse, suggest more to be added; they can be added through config and don't require source code changes
• user-moderated threads: in a user-moderated thread the OP can delete or spoiler files, delete posts, and thread ban users
• inline images: a markdown feature, you can link an image (a formatting guide to be added soon) from an allowed source and it will be shown in the body of the post, without thumbnails though
• websocket-based live thread updates: totally not chudded from JSChan I promise, OK the code is not chudded because it works completely different here, but the idea itself is
• IP pruning: IPs are deleted from old posts after 7 days by default
• max proxy ban length: no permanent bans for VPN and Tor IPs, but of course they will be long enough, don't worry about this part
• invites: the website can be made invite-only with a few clicks, also selected users can be manually allowed to invite others
• captcha: you all know it already, but this one can work also with JS disabled, also enables automatically in case of spam
• minimal JS: all the basic features, including theme changes, captcha, reply box, and image expanding work without JS
• visitor statistics: shown on the home page and at the bottom of threads
• wordfilter editor: wordfilters can match the text exactly, after normalization (ignoring punctation, whitespace, homoglyphs), or with regex, a match can result in the post being modified, rejected, the poster banned, and all files uploaded banned too, depending on how a given wordfilter is configured
• file banning: files can be banned based on their perceptual hash or SHA-256 to filter out 'p and similar
• bookmarks: self-explanatory
• floating and cyclical threads: a floating thread doesn't get slid, a cyclical thread has old post sliding enabled, those two features were merged into one in Vichan with post sliding not even working iirc
• PPH stats: self-explanatory
• file deduplication: based on SHA-256, I once calculated it should bring about 20% of disk space reduction as compared to having duplicate files as in Vichan
• optional anonymous posting: a forum can be set to be anonymous, which is completely separate from account requirement, also the name field can be enabled which when used makes the post anonymous, an anonymous post is not shown in the user's post history
• CTRL+Enter post form submission
• probably some more that I omitted

Of course all the regular SNCA imageboard features like flags, tripcodes, IDs (kinda redundant with accounts here, but it can in theory be also used without accounts mind you), page limits, moderation actions, moderation log, PPH and TPH limits, search form, thread length limits, EXIF removal etc. are implemented too.

Allowed file formats are: PNG, JPEG, WEBP, GIF, MP3, WAV, WEBM, MP4, TXT, and PDF. The default total file size limit is 20 MB.

Important stuff: by default if you are logged in and your IP changes, you will be logged out. You can change it by going to the Account tab and scrolling down. All account updates require providing the current password. The email can be used to send you a new password if you forget the current one, so you don't really have to specify it unless you plan to forget your password or don't know what a password manager is.

Features that I plan to add (so you don't need to ask):

• LaTeX rendering
• Oekaki: haven't added it yet because it's an abandoned DNB of a codebase that still uses JQuery in an ancient version and I had no patience to integrate it
• notifications and thread watching: including some form of users mentions (@ with discord formatting maybe?)
• follows: in a limited form of having a tab with posts from followed users in chronological order and optional notifications
• private messages
• thread, forum hiding on overboard: not a high priority because of course we are going to get only good posts
• public mod log, ban page: some day, maybe
• Varnish support or in memory HTML caching: SNCA I care about
• JSON API: I used to be against the idea, but realized it will allow for having an alternative frontend, which would be an interesting experiment to make

Features I don't plan to add (so you don't need to ask):

• avatars, backgrounds
• upvotes, reddit karma in any form
• encrypted PMs: the last thing I need here is a 'p sharing ring

The source code is here. Tech stack is Scala, PostgreSQL, and that's it. I don't use any kind of a frontend framework, I use server-side rendering with JS used only for websocket stuff, relative time, replies showing up on hover, character counter on the post form and similar stuff that requires some sort of dynamic DOM modification, but is not actually required to use the website.

The hardware requirements are: 1 vcpu, 1 GB of RAM, at least 1 GB of swap for compilation which is required for updates.

As for security: passwords are hashed with Argon2id, there are CSRF tokens for logged-in users (obfuscated to prevent BREACH) and tokenless CSRF checks for anonymous users modeled after this blogpost (which I recommend to read if you know anything about this kind of stuff), rate limits for everything, proper CSP excluding inline JS and CSS because it would be just a matter of time until someone would create custom CSS with background image from an IP logger, proper normalization for IPv6 for bans/limiting, proper file type validation not based on extensions or reported MIME types from the post form. We should be fine I hope.

>>17
I recognize this phono

>>11
detecting ai crawlers and serving them the most obsessed brownest slopjaks from the fieriest depths of soybooru

>>15
kek

>>4
and then some crawlers on top of that

>>11
stole the username award

MPA images will be needed too btw