The Flask-Caching cache can now properly be configured from the
config.py, and redis caching has experimentally been tested and
confirmed to be working in theory.
We also document that one may want to use CACHE_THRESHOLD to limit
the maximum number of items in the simple cache.
* Add trusted application functionality
This lets users apply for trusted status, given certain minimum
requirements. Moderators can then review the applications, giving
a recommendation, and administrators can accept or reject them.
If an application is accepted or rejected, the user receives an
e-mail about it.
Markdown images are not rendered in applications to prevent browsers
from sending automatic requests to untrusted webservers.
Users who have had their application rejected cannot re-apply for a set
amount of days.
* minor fixes
Adds a new config entry (EMAIL_SERVER_BLACKLIST, tuple of IPv4 addresses
as strings) and an email validator for registering, which will query all
the MX records for the domain and reject the registration if any of the
A records for any of the MX records are found in the blacklist.
If the query fails, the blacklist is ignored; the email is accepted.
* Add config option to enable/disable gravatar
This is useful when running a development instance behind a firewall
or NAT, where gravatar cannot reach you to serve up the default user
avatar.
* Pregenerate Gravatar default image URLs
If possible (i.e. SERVER_NAME is set), we can pregenerate the constant
gravatar default URL once at application startup, and re-use that,
as url_for calls are surprisingly expensive.
Especially on torrent view pages with lots of comments, this cuts down
on url_for calls massively, saving on my system about 0.3 ms per call.
Because reading warnings is overrated.
This does not fix people using custom domains, but it's more likely
they'll know what's up when their email is thrown into the void.
Fixes#437.
* Implement upload ratelimit for non-trusted uploaders
Users may upload X torrents in Y minutes after which they
will have to wait Z minutes between uploads.
* Show torrent period count when ratelimited
* Only ratelimit new accounts
Disables all POSTs, optionally allowing users to log in (without updating last login date)
Blocked POSTs will redirect to the GET endpoint if possible, otherwise to referrer or in last case, home page.
API requests will get a plaintext message with 405 status code.
MINIMUM_ANONYMOUS_TORRENT_SIZE can be used to require a minimum total
size of torrents uploaded by anonymous users (ie. without accounts).
Sets up a "framework" for post-WTForm torrent validation as well;
this can easily be extended into filename blacklists and such.