summaryrefslogtreecommitdiffstats
path: root/upgrading
AgeCommit message (Collapse)AuthorFilesLines
2018-02-24Add rate limit support to APIFlorian Pritz1-0/+11
This allows us to prevent users from hammering the API every few seconds to check if any of their packages were updated. Real world users check as often as every 5 or 10 seconds. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-30Add support for Terms of Service documentsLukas Fleischer1-0/+20
This allows for adding Terms of Service documents to the database that registered users need to accept before using the AUR. A revision field can be used to indicate whether a document was updated. If it is increased, all users are again asked to accept the new terms. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-23Render comments when storing them in the databaseLukas Fleischer1-0/+6
Instead of converting package comments from plain text to HTML code when they are displayed, do the conversion when the comment is posted and store the rendered result in the database. The conversion itself is done by a Python script which uses Bleach for sanitizing the text. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-19Store dependency descriptions in a separate columnLukas Fleischer1-0/+11
Split optional dependency descriptions from dependency names before storing them in the database and use a separate column to store the descriptions. This allows us to simplify and optimize the SQL queries in pkg_dependencies() as well as pkg_required(). Suggested-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Use bcrypt to hash passwordsLukas Fleischer1-0/+6
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25Store banned IP addresses as plain textLukas Fleischer1-0/+7
Inspired by commit 32c8d0c (Store last login address as plain text, 2016-03-13). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Save last SSH login date and IP addressLukas Fleischer1-1/+9
In addition to logging the last login date and IP address on the web interface, store the time stamp and IP address of the last SSH login in the database. This simplifies user banning if one of the new SSH interface features, such as the voting mechanism implemented in 7ee2fdd (git-serve: Add support for (un-)voting, 2017-01-23), is abused. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman1-0/+5
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Make maintenance scripts installableLukas Fleischer1-0/+3
Add wrappers for the maintenance scripts to the setuptools configuration. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Move configuration to /etc/aurweb/configLukas Fleischer1-0/+3
Since d4fe77a (Reorganize Git interface scripts, 2016-10-08), the key components of the aurweb SSH interface are installed system-wide. Update the default configuration path to point to a central location. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11upgrading/4.4.0.txt: Warn about new scriptsLukas Fleischer1-0/+5
The location of the Git interface wrapper scripts was changed by commit d4fe77a (Reorganize Git interface scripts, 2016-10-08). Add a note to the upgrade instructions to remind users to update their configuration files. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11Make URL columns 8000 characters wideLukas Fleischer1-0/+12
According to RFC 7230, URLs can be up too 8000 characters long. Resize all URL fields accordingly. Also, add a test to verify that URLs with more than 8000 characters are rejected by the update hook. Reported-by: Andreas Linz <klingt.net@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-07-24Make LangPreference DB field wide enough to fit es_419Johannes Löthberg1-0/+6
The language code for Latin American Spanish is es_419, which is longer than the 5 characters previously allowed. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-08Add a homepage field to accountsLukas Fleischer1-0/+6
Allow users to add a link to their homepage to their profile. Implements FS#22774. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-05-18Add repository information to official providersLukas Fleischer1-0/+6
When updating the list of packages provided by the official repositories, also save the repository names.
2016-03-15Resize the LastLoginIPAddress columnLukas Fleischer1-0/+6
Make sure that all valid IPv6 addresses fit into the LastLoginIPAddress field. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-13Merge branch 'maint'Lukas Fleischer1-0/+5
2016-03-13Store last login address as plain textLukas Fleischer1-0/+5
Directly store the information contained in $_SERVER['REMOTE_ADDR'] instead of using ip2long() which does not support IPv6 addresses. Note that the LastLoginIPAddress field is designed to be used by the administrator on rare occasions only (e.g. to fight spam) and is not displayed anywhere. Fixes FS#48557. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-21Send notifications when changing ownershipLukas Fleischer1-0/+5
Add a new option that makes it possible to subscribe to package ownership changes (adoption/disownment). Fixes FS#15412. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-11Add an example post-checkout hookLukas Fleischer1-0/+4
Add a shell script to rebuild the documentation and install translations. Can be executed manually or used as a post-checkout hook in Git. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add support for package update notificationsLukas Fleischer1-1/+2
Introduce a new notification option to receive notifications when a new commit is pushed to a package repository. Implements FS#30109. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add global comment notification settingLukas Fleischer1-0/+7
Add a configuration option to the account edit page that allows for globally enabling/disabling package base comment notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Rename the CommentNotify table to PackageNotificationsLukas Fleischer1-0/+6
As a preparatory step to adding support for package notifications on events other than comments, rename the database table accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07upgrading/4.2.0.txt: Fix numberingLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-15Change FlaggerComment to TEXTMark Weiman1-0/+6
Makes FlaggerComments a TEXT field to be more consistent with package comments. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Store current date and time when deleting commentsLukas Fleischer1-3/+10
Instead of modifying EditedTS when a comment is deleted, use a separate field DelTS. Use this field to determine whether a comment has been deleted, instead of checking DelUsersID which might be unset when the corresponding user is deleted. Fixes FS#47362. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Save comment when closing requestsLukas Fleischer1-0/+7
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-12Implement capability to pin comments above othersMark Weiman1-0/+6
Adds capability to pin comments before others. Implements FS#10863. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-11-12Shorten Email column to 254 charactersStefan Auditor1-1/+1
Using unique indexes on VARCHAR fields with a character count of more than 255 produces an error in MySQL with InnoDB tables and UTF-8 encoding. Also, as per https://www.rfc-editor.org/errata_search.php?eid=1690, the maximum length for email addresses is limited to 254 characters. Fixes FS#47038. Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-25Support long email addressesLukas Fleischer1-0/+6
According to RFC 3696 (and the associated errata), an email address can be up to 256 characters long. Change the database field and the length limit on all input fields accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-21Track providers in the official repositoriesLukas Fleischer1-0/+11
Maintain a list of virtual provisions of packages from the official binary package repositories. The list can be updated using the aurblup script, e.g. via a cronjob. This allows for adding proper links to package dependencies: If an AUR package depends on a package from the official repositories (or on a name provided by a package from the official repositories), add a link to the corresponding archweb package details page. If an AUR package depends on another AUR package (or on a name provided by another AUR package), add a link to the corresponding aurweb package details page. Otherwise, just display the name and do not add a link at all. Fixes FS#46549. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-20Add option to hide one's email addressMarcel Korpel1-0/+7
Implements FS#42343. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-19Fix type of FlaggerUID in table PackageBasesMarcel Korpel1-2/+3
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-11Require comments when flagging packages out-of-dateLukas Fleischer1-3/+4
Implements FS#42827. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-30Remember user ID when flagging package basesLukas Fleischer1-0/+8
Add a new FlaggerUID field to the database and use it to store the user ID of the account who recently flagged a package out-of-date. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Support comment editing in the backendMarcel Korpel1-0/+9
Create two new actions, do_AddComment and do_EditComment. When editing or deleting a comment, a timestamp is added. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-06-27Add support for multiple SSH public keysLukas Fleischer1-2/+8
Attaching more than one SSH public key to the same account is useful, e.g. if one uses different machines to access the AUR SSH interface. Multiple keys can now be specified by adding multiple lines to the text area on the account edit form. Implements FS#45469. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>
2015-06-20Make url and pkgdesc fields optionalJohannes Löthberg1-1/+8
The url and pkgdesc PKGBUILD variables are optional, so they should be in the AUR as well. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-06-15Store 10 significant digits of the popularity scoreLukas Fleischer1-1/+1
Even if we only display two digits after the decimal point, storing more digits internally allows us to order the search results more accurately. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-06-14Replace categories with keywordsLukas Fleischer1-1/+21
Remove package base categories. Instead, users can now specify up to twenty custom keywords that are taken into consideration when searching. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-06-11Add a field for package base popularityLukas Fleischer1-1/+8
Create a new field Popularity in the PackageBases table. The field is updated by the popupdate script and reflects the popularity of a package. Popularity is the sum of all votes with each vote being weighted with a factor of 0.98 per day since its creation. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-06-01Use gitnamespaces for efficient storageLukas Fleischer1-7/+4
Instead of using one Git repository per package, use a single large object storage for space efficiency. The refs of the individual package bases are divided using gitnamespaces(7) which allows for exposing each namespace as an independent repository easily. Also, git-serve is modified to create a branch for each package, allowing to browse the large repository with cgit. Helped-by: Florian Pritz <bluewind@xinu.at> Helped-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-05-22Store co-maintainer prioritiesLukas Fleischer1-0/+1
In addition to saving the list of package co-maintainers, also save their order. This makes it possible to define a "primary" co-maintainer. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-05-22Update upgrade instructions for 4.0.0Lukas Fleischer1-4/+8
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-01-07Add support for package base co-maintainersLukas Fleischer1-1/+14
This allows for having multiple co-maintainers for AUR packages. Co-maintainers have push access to the package base Git repository but are not allowed to change the package base category, disown the package or modify the list of co-maintainers. The primary maintainer of an AUR package can edit the list of co-maintainers from the Package Actions box. Implements FS#17911. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-28Update upgrade instructions for 4.0.0Lukas Fleischer1-0/+14
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-27Add support for adding SSH public keys to profilesLukas Fleischer1-0/+5
Users can now add an SSH public key on the account edit page. This will later be used to authenticate users via SSH. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-11-21Always use virtual URLsLukas Fleischer1-0/+2
Support for non-virtual URLs has been broken for a long time and is no longer used on the official AUR setup. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-24Use an INI-style configuration fileLukas Fleischer1-0/+4
Replace web/lib/config.inc.php with an INI-style configuration file. This allows us to get rid of several globals and makes it easier to use the same configuration file in external scripts. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-17Add a "wayland" package categoryLukas Fleischer1-0/+6
Implements FS#41372. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>