Commit graph

85 commits

Author SHA1 Message Date
dependabot[bot]
01555c6140 Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-05 18:12:10 +01:00
dependabot[bot]
869fee520f Bump actions/setup-node from 2.5.1 to 3.0.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.5.1...v3.0.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-25 06:03:20 +01:00
Wolvan
6212400a46 Release v1.3.2 2022-02-13 02:57:56 +01:00
Wolvan
c9ef07880a Fix IP Deduplication check behind proxy
Turns out using `X-Forwarded-For` appends each proxy's IP. This leads
to being able to easily circumvent IP duplication checking especially
behind hosts like cloudflare that use different routes each time to
reach the destination server.
Now the IP is being split at all commas, as hosts are comma separated in
the header and uses the first IP it can get.
2022-02-13 02:51:21 +01:00
Wolvan
4788087a3e Update README to mention release zip
No longer must the project be built from source when downloading a
release. The user only has to install the dependencies with npm.
2022-02-04 22:54:01 +01:00
dependabot[bot]
7cc845b34b Bump actions/setup-node from 1 to 2.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 1 to 2.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v1...v2.5.1)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-04 22:29:26 +01:00
Wolvan
934112de95 Only run tests on npm version 7+
NPM 7 introduced `set-script` which is needed to avoid running the
prepublish script on installation.
2022-02-04 22:19:57 +01:00
Wolvan
bb6004f219 Create script to quickly create release zip files 2022-02-04 22:10:58 +01:00
Wolvan
8e0dcbf232 Move favicons to dev dependencies
This is only needed for building the project, not running it.
2022-02-04 21:57:16 +01:00
Wolvan
af8163541a Add tests and automatic image publishing
A couple of github action files have been added that (hopefully)
run tests and CI for the docker images on push to dev and master.
2022-02-04 21:28:10 +01:00
Wolvan
fbd4dbdc6c Release v1.3.1 2022-02-04 20:38:20 +01:00
Wolvan
8bf0155142 Fix multiple MySQL issues
The first issue is an invalid option to the MySQL connector in the form
of the table prefix. It instead gets set as a private prop on the
storage class and then removed from the options object.

The second and more important issue is that the field to store the
duplication check data ended up being too small too quickly, causing it
to quickly fail to write a full JSON string and leading to an error
while retrieving the poll. An `ALTER` statement during init is used to
make sure the datatype is now a `MEDIUMTEXT`. With 16MB it should fill
up way less quickly than previously.
2022-02-04 20:34:21 +01:00
Wolvan
2f4cacf5d0 Release v1.3.0 2022-02-03 21:32:30 +01:00
Wolvan
8b6ccdcbb7 Update Readme to describe self-hosting 2022-02-03 21:30:25 +01:00
Wolvan
d34c50c8f1 Dockerize Application
Now poll.horse is available as a docker image!
To persist data, mount `/data` to a host directory.
A config file can be specified via binding `/usr/src/app/config.json` to
a config file on the host.
2022-02-03 21:12:07 +01:00
Wolvan
afe6da1ae4 Update icon
A slight update to the icon has been done by dotkwa.
The checkmark is a darker, more powerful green to stand out a bit
more in front of the bright background.
2022-02-03 18:05:04 +01:00
Wolvan
217c889a5e Release v1.2.0 2022-02-02 22:26:11 +01:00
Wolvan
3f642530ad Add special thanks section
Thanks dot and shy for helping me with giving the site a bit of
personality full of snowpity.
2022-02-02 22:24:07 +01:00
Wolvan
f68ff6dbd2 Implement favicon and embbed icon
Thanks to Shydale for lending me their OC checkbox.
She a cute.
2022-02-02 22:13:07 +01:00
Wolvan
8042cfb4ff Release v1.1.0 2022-02-02 18:17:01 +01:00
Wolvan
8e8b263c62 Sort data in pie chart
Due to the nature of redrawing, the biggest piece of the pie chart will
always be the first one. Locations are not static.
2022-01-30 19:54:16 +01:00
Wolvan
a1c4d06845 Update README.md to include links to live version 2022-01-30 19:40:10 +01:00
Wolvan
a8958dc7ec Add table prefix option to heroku start script
This allows decoupling multiple instances via a table prefix on heroku
2022-01-30 19:31:53 +01:00
Wolvan
59a2733df6 Use git commit hash instead of version for dev
This way people can go straight to the commit that has caused the dev
page to be built and it is clear what version the site is based on.
2022-01-30 19:24:54 +01:00
Wolvan
ee4e83bebc Implement MySQL table prefix
The table prefix can be used to differentiate installs on the same
MySQL database. By default, no prefix is set.
2022-01-30 17:54:18 +01:00
Wolvan
59f1c7db6e Appease crawlers and embbeders
`<meta>` tags have been added to relay information for websites trying
to pull information from the page (like discord) as well as web crawlers
to index the page.
2022-01-30 17:46:59 +01:00
Wolvan
afc7bbad01 Implement header based safety features
Using the `helmet` package, a certain set of security critical headers
are set to prevent XSS attacks and the like.
2022-01-30 16:59:11 +01:00
Wolvan
26a42333fe Add QR Code to poll pages
This way, people can easily just use their QR readers to reach the
voting page. The QR is constructed via Google Charts API and the URL is
based on the HOST header of the request.
2022-01-30 16:49:05 +01:00
Wolvan
19606025e2 Release v1.0.4 2022-01-29 22:27:47 +01:00
Wolvan
2f40091c6f Sort entries by votes
The entries on the result page are now ordered by the amount of
votes they got. This should make discerning a winner much easier.
2022-01-29 22:16:49 +01:00
Wolvan
6764a0af63 Release v1.0.3 2022-01-12 21:16:14 +01:00
Wolvan
74a0910d11 Fix NaN on result refresh
With 0 total votes, the results page would show NaN after the first
refresh. Don't divide by 0, children.
2022-01-12 21:14:44 +01:00
Wolvan
cfa150cc42 Move API and document it
The API has been moved to a /api path to distinguish it from the form
submission path and make it clear it is a callable API.
The API also has been rudimentarily documented.
2022-01-12 21:11:09 +01:00
Wolvan
5260cfb7da Remove unecessary ID column
The strings are unique and do that job just fine.
2022-01-12 19:57:51 +01:00
Wolvan
ce2601642b Add version of software to footer
The version also includes a link to the github repo tag of that
version's release build.
2022-01-12 19:53:30 +01:00
Wolvan
ab151cb732 Use CSRF token to discourage botting
A suggestion to avoid stupid bots to vote on polls was a token that gets
checked to a session cookie on vote submission.
2022-01-12 19:46:45 +01:00
Wolvan
6a155f2eb4 Remove vote API
This could easily be used to rig votes and doesn't really make sense.
2022-01-12 19:20:59 +01:00
Wolvan
9e8a93a449 Release v1.0.2
THIS PATCH FIXES A SECURITY VULNERABILITY
2022-01-11 22:11:42 +01:00
Wolvan
9e706fb484 Make header backlink to home 2022-01-11 22:05:37 +01:00
Wolvan
39d14aff1c Deduplicate entries
Duplicate entries were deduplicated during saving but not checked for
when verifying for at least 2 options set. This lead to being able to
have polls with only a single vote.
Now deduplication is run at the start of the creation function.
2022-01-11 22:04:10 +01:00
Wolvan
cb0ec9dfa1 Add non-JS way of adding options
A new button has been added (which gets automatically removed by JS)
that lets a user add a new option.
Also, an XSS exploit has been fixed.
2022-01-11 21:00:44 +01:00
Wolvan
071a35814b Release v1.0.1 2022-01-10 21:57:01 +01:00
Wolvan
059d82e2cc Add changelog file 2022-01-10 21:55:19 +01:00
Wolvan
23445f7509 Fix options not appearing
The options only appeared when at least 2 letters were typed into the
input field as the event triggered before a value was set into the input
field. Using `keyup` instead of `keydown` delays the event after a
letter has been typed into it.
2022-01-10 21:47:35 +01:00
Wolvan
1ad2c8c1a0 Fix SQL connection on wakeup in heroku
When a heroku dyno goes into sleep mode it loses connection to the
backend database. Once it is woken back up, no more reads or
writes could be done anymore due to a dead connection. This change
reinstates a new db connection when the connection is fatally
terminated.
2022-01-10 21:46:22 +01:00
Wolvan
33c9ca168e Release v1.0.0 2022-01-08 18:03:47 +01:00
Wolvan
361230c554 Fix fs-extra being a dev dependency 2022-01-08 18:03:47 +01:00
Wolvan
7047db51d8 Make app heroku-ready
Add a procfile and make the start not try to build the project.
2022-01-08 17:59:04 +01:00
Wolvan
bdf5ad1b1c Fix number parsing from replacer vars 2022-01-08 17:44:39 +01:00
Wolvan
74729b1e9c Add a couple more projects to the footer
As well as optimize the footer for small screens.
2022-01-08 16:23:27 +01:00