Merge branch 'master' of https://github.com/designcreateplay/NodeBB

2025-11-03 20:45:58 +01:00 · 2014-02-13 19:42:00 -05:00
parent 075c6c01f2 fe2e86da81
commit bdc93409a7
7 changed files with 46 additions and 9 deletions
--- a/README.md
+++ b/README.md
@@ -58,19 +58,26 @@ Obtain all of the dependencies required by NodeBB:

 Initiate the setup script by running the app with the `--setup` flag:

-    $ node app --setup
+    $ ./nodebb setup

 The default settings are for a local server running on the default port, with a redis store on the same machine/port.

 Lastly, we run the forum.

-    $ node app
+    $ ./nodebb start

 NodeBB can also be started with helper programs, such as `supervisor` and `forever`. [Take a look at the options here](https://github.com/designcreateplay/NodeBB/wiki/How-to-run-NodeBB).

-*(Optional)* Some server configurations may install the node binary as `nodejs` instead of `node`. You can re-map it (so as to not break compatibility with `node-supervisor`) by running the following command:
+## Securing NodeBB

-    # update-alternatives --install /usr/bin/node node /usr/bin/nodejs 10
+It is important to ensure that your NodeBB and database servers are secured. Bear these points in mind:
+
+1. While some distributions set up Redis with a more restrictive configuration, Redis by default listens to all interfaces, which is especially dangerous when a server is open to the public. Some suggestions:
+    * Set `bind_address` to `127.0.0.1` so as to restrict access  to the local machine only
+    * Use `requirepass` to secure Redis behind a password (preferably a long one)
+    * Familiarise yourself with [Redis Security](http://redis.io/topics/security)
+2. Use `iptables` to secure your server from unintended open ports. In Ubuntu, `ufw` provides a friendlier interface to working with `iptables`.
+    * e.g. If your NodeBB is proxied, no ports should be open except 80 (and possibly 22, for SSH access)

 ## Upgrading NodeBB

--- a/5
+++ b/5
@@ -14,9 +14,14 @@ case "$1" in
 		ls -d node_modules/nodebb* | xargs -n1 basename | xargs npm install
 		ls -d node_modules/nodebb* | xargs -n1 basename | xargs npm update
 		node app --upgrade
+		touch package.json
 		echo -e "\n\e[00;32mNodeBB Dependencies up-to-date!\e[00;00m";
 		;;

+	setup)
+		node app --setup
+		;;
+
 	dev)
 		echo "Launching NodeBB in \"development\" mode."
 		echo "To run the production build of NodeBB, please use \"forever\"."
--- a/src/install.js
+++ b/src/install.js
@@ -121,6 +121,10 @@ var async = require('async'),
 									password: databaseConfig['redis:password'],
 									database: databaseConfig['redis:database']
 								};
+
+								if (config.redis.host.slice(0, 1) === '/') {
+									delete config.redis.port;
+								}
 							} else if (config.database === 'mongo') {
 								config.mongo = {
 									host: databaseConfig['mongo:host'],
--- a/src/posts.js
+++ b/src/posts.js
@@ -93,8 +93,13 @@ var db = require('./database'),
 		], callback);
 	};

-	Posts.getPostsByTid = function(tid, start, end, callback) {
-		db.getSortedSetRange('tid:' + tid + ':posts', start, end, function(err, pids) {
+	Posts.getPostsByTid = function(tid, start, end, reverse, callback) {
+		if (typeof reverse === 'function') {
+			callback = reverse;
+			reverse = false;
+		}
+
+		db[reverse ? 'getSortedSetRevRange' : 'getSortedSetRange']('tid:' + tid + ':posts', start, end, function(err, pids) {
 			if(err) {
 				return callback(err);
 			}
--- a/src/routes/user.js
+++ b/src/routes/user.js
@@ -411,6 +411,15 @@ var fs = require('fs'),
 			});
 		});

+
+		app.get('/api/user/uid/:uid', function(req, res, next) {
+			var uid = req.params.uid ? req.params.uid : 0;
+
+			user.getUserData(uid, function(err, userData) {
+				res.json(userData);
+			});
+		});
+
 		app.get('/api/user/:userslug', function (req, res, next) {
 			var callerUID = req.user ? req.user.uid : '0';

--- a/src/topics.js
+++ b/src/topics.js
@@ -306,8 +306,13 @@ var async = require('async'),
 		});
 	};

-	Topics.getTopicPosts = function(tid, start, end, current_user, callback) {
-		posts.getPostsByTid(tid, start, end, function(err, postData) {
+	Topics.getTopicPosts = function(tid, start, end, current_user, reverse, callback) {
+		if (typeof reverse === 'function') {
+			callback = reverse;
+			reverse = false;
+		}
+
+		posts.getPostsByTid(tid, start, end, reverse, function(err, postData) {
 			if(err) {
 				return callback(err);
 			}
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -178,7 +178,9 @@ module.exports.server = server;
 				meta.config['cache-buster'] = stdOut.trim();
 				// winston.info('[init] Cache buster value set to: ' + stdOut);
 			} else {
-				winston.warn('[init] Cache buster not set');
+				fs.stat(path.join(__dirname, '../package.json'), function(err, stats) {
+					meta.config['cache-buster'] = new Date(stats.mtime).getTime();
+				});
 			}
 		});
 	}