0ct0pu5/healthchecks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3129 commits 2 branches 66 tags 26 MiB
Commit graph

607 commits

Author SHA1 Message Date
Pēteris Caune
e2e289da2a
Add form double submit protection when registering a WebAuthn key 2023-02-20 11:05:55 +02:00
Pēteris Caune
04c9398da3
Fix the "Test" button in the Integrations screen for read-only users 
(I broke it by accident in 963f1758de)
 2023-02-20 10:21:41 +02:00
Pēteris Caune
3d728325fe
Fix the SameSite and Secure attributes on the "auto-login" cookie 
The "auto-login" cookie is a part of a work-around for
some email clients automatically clicking links in emails:

- when sending an one-time sign-in link, server also sends the
  "auto-login" cookie to the client
- when end user clicks on the sign-in link, the server checks
  if client's request contains the "auto-login" cookie
- if the "auto-login" cookie is present, log the user in
- if the "auto-login" cookie is absent, serve a HTTP POST form
  with a submit button. The user must click the button to log in.

This commit fixes attributes on the "auto-login" cookie:

- it sets SameSite=Lax
- it sets Secure=true if SESSION_COOKIE_SECURE=True
 2023-02-15 09:17:09 +02:00
Pēteris Caune
e46cf3725b
Add CSRF protection in the signup view 2023-02-14 09:15:46 +02:00
Pēteris Caune
0d0087d898
Update Telegram notification template to include more data 2023-02-08 15:28:39 +02:00
Pēteris Caune
311f7064dc
Fix a race condition in Check.ping method 
The code in Check.ping() updates a Check object, then
creates a Ping object. There's a possible race condition
where the "sendalerts" command sees# the updated Check object
before the Ping object is created. This is especially likely
when offloading ping bodies to S3, because Ping gets created
*after* the upload completes, which can take some time.

To avoid this, put both operations inside a transaction,
but keep the S3 upload *outside* the transaction--uploads
can hang, and we want to avoid long transactions.
 2023-02-08 13:12:05 +02:00
Pēteris Caune
08849d6f22
Update Docker image's uwsgi.ini to use SMTPD_PORT env var 
Fixes: #791
 2023-02-07 13:38:05 +02:00
Pēteris Caune
19383d0414
Improve the error message about rejected private IPs 2023-02-03 10:08:06 +02:00
Pēteris Caune
ba9ebc5a96
Update CHANGELOG 2023-02-01 13:25:15 +02:00
Pēteris Caune
3992c0927b
Add handling for ProtocolError exceptions in hc.lib.s3.get_object 2023-02-01 09:31:15 +02:00
Pēteris Caune
f4bd1d69f2
Fix URL validation to allow hostnames with no TLD 
Fixes: #782
 2023-01-30 11:19:51 +02:00
Pēteris Caune
09593c80d9
Fix a crash in the "createsuperuser" management command 
Fixes: #779
 2023-01-26 09:20:35 +02:00
Pēteris Caune
6c40ff8684
Update package versions 2023-01-24 09:14:20 +02:00
Pēteris Caune
d67144ed3a
Update CHANGELOG for release 2023-01-23 15:01:53 +02:00
Pēteris Caune
2cfb37f097
Add rate limiting by client IP in the signup and login views 2023-01-23 14:35:45 +02:00
Pēteris Caune
359edbd270
Fix login and signup views to make email enumeration harder 2023-01-23 13:05:49 +02:00
Pēteris Caune
a9b084ec9a
Add "Start Keyword" filtering for inbound emails 
Fixes: #716
 2023-01-16 13:19:35 +02:00
Pēteris Caune
f849c5e1a1
Fix wording in the invite email when inviting read-only users 2023-01-12 10:14:18 +02:00
Pēteris Caune
4716168da2
Fix check transfer between same account's projects when at check limit 2023-01-12 09:46:02 +02:00
Pēteris Caune
2bf0d0dbc5
Fix special character encoding in project invite emails 2022-12-22 12:05:37 +02:00
Pēteris Caune
18c17fb4b5
Fix project sort order to be case-insensitive everywhere in the UI 
Fixes: #768
 2022-12-22 11:39:20 +02:00
Pēteris Caune
d19156801f
Fix special character encoding in Signal notifications 
Fixes: #767
 2022-12-21 15:58:52 +02:00
Pēteris Caune
a49bc4ef3a
Fix the Signal integration to handle unexpected RPC messages better 
Fixes: #763
cc: #758
 2022-12-21 12:18:03 +02:00
Pēteris Caune
ae53aaaa3a
Update settings.py to read the ADMINS setting from an env variable 2022-12-20 16:23:33 +02:00
Pēteris Caune
506ffa2278
Update CHANGELOG 2022-12-20 10:30:25 +02:00
Pēteris Caune
1d7f4a50ad
Add signal-cli TCP socket test and update docs 2022-12-15 19:29:00 +02:00
Pēteris Caune
73a5cb0d57
Add support for communicating with signal-cli over TCP 
cc: #732
 2022-12-15 17:46:37 +02:00
Pēteris Caune
43a900c802
Improve layout in "My Checks" for checks with long ping URLs 
Fixes: #745
 2022-12-15 11:40:57 +02:00
Pēteris Caune
30e88beda3
Update CHANGELOG for release 2022-12-14 15:53:40 +02:00
Pēteris Caune
15cbb39bd3
Change "Settings - Email Reports" page to allow manual tz selection 2022-12-01 16:12:32 +02:00
Pēteris Caune
818ccad56f
Fix week, month boundary calculation to use user's timezone 2022-12-01 13:46:21 +02:00
Pēteris Caune
91c7321f38
Update CHANGELOG 2022-11-30 14:05:17 +02:00
Pēteris Caune
144d50417c
Update CHANGELOG 2022-11-28 14:50:51 +02:00
Pēteris Caune
646aa1cb48
Add ".txt" suffix to the filename when downloading ping body 
Fixes: #738
 2022-11-24 18:22:34 +02:00
Pēteris Caune
3dcc7d60a2
Add ntfy integration 
Fixes: #728
 2022-11-24 12:09:53 +02:00
Pēteris Caune
e962429e79
Update CHANGELOG 2022-11-22 17:52:22 +02:00
Pēteris Caune
e58a9ee71e
Add protection for n queries problem in _get_events 
If every fetched ping is a success event, and has an unique
run ID, then we cannot determine the duration just from the
fetched data, and must fall back to Ping.duration(). This
would generate a SQL query per displayed ping.

The solution is to count how many times we would need to use
the fallback, and if it goes above some threshold (currently,
10 times), then disable duration display altogether.
 2022-11-08 12:41:46 +02:00
Pēteris Caune
ccfcf26e65
Update Mattermost setup instructions 2022-11-02 14:45:44 +02:00
Pēteris Caune
d3406aef25
Fix the most recent ping lookup in the "Ping Details" dialog 2022-11-01 13:42:09 +02:00
Pēteris Caune
e29235c5a5
Improve tests 2022-11-01 12:15:54 +02:00
Pēteris Caune
8d75f1adc3
Add a form for submitting Signal CAPTCHA solutions 2022-10-27 11:57:52 +03:00
Pēteris Caune
e4a956679e
Move port scrubbing to hc.api.views.ping, add test case 
cc: #714
 2022-10-20 11:59:19 +03:00
Pēteris Caune
a944c05f68
Upgrade to fido2 1.1.0 and simplify hc.lib.webauthn 2022-10-19 09:16:01 +03:00
Pēteris Caune
85dcadd053
Update CHANGELOG for v2.4.1 2022-10-18 17:45:52 +03:00
Pēteris Caune
414d5a9424
Fix MySQL 8 support in the Docker image (#717) 2022-10-18 14:06:05 +03:00
Pēteris Caune
4d69ff937e
Add support for custom topics in Zulip notifications 
Fixes: #583
 2022-10-09 11:23:14 +03:00
Pēteris Caune
291323a531
Implement the "Clear Events" function 2022-10-07 11:19:08 +03:00
Pēteris Caune
51d7216e30
Upgrade to cronsim 2.3 2022-09-29 08:35:41 +03:00
Pēteris Caune
e5e369257c
Update the "Supported Placeholders" dialog 2022-09-26 10:35:04 +03:00
Pēteris Caune
ec25b319ab
Upgrade to cronsim 2.2 2022-09-22 16:16:39 +03:00