zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-24 17:22:35 +02:00
Code Issues Projects Releases Packages Wiki Activity

remove scrypt, update ext gems, fix legal info doc

Browse source
This commit is contained in:
Kyle Drake 2017-07-07 14:05:00 -07:00
parent 3da57195c6
commit 45834176c1
4 changed files with 12 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Gemfile
View file

@ -21,7 +21,6 @@ gem 'sass', require: nil
gem 'dav4rack', git: 'https://github.com/planio-gmbh/dav4rack.git', branch: 'redmine-storage'
gem 'filesize'
gem 'thread'
gem 'scrypt'
gem 'rack-cache'
gem 'rest-client', require: 'rest_client'
gem 'addressable', require: 'addressable/uri'

22
Gemfile.lock
View file

@ -77,9 +77,6 @@ GEM
loofah (>= 2.0)
sax-machine (>= 1.0)
ffi (1.9.18)
ffi-compiler (1.0.1)
ffi (>= 1.0.0)
rake
filesize (0.1.1)
fspath (3.1.0)
gandi (3.3.27)
@ -133,7 +130,7 @@ GEM
metaclass (0.0.4)
method_source (0.8.2)
mime-types (2.99.3)
mini_portile2 (2.1.0)
mini_portile2 (2.2.0)
minitest (5.10.2)
minitest-reporters (1.1.14)
ansi
@ -155,13 +152,13 @@ GEM
net-ssh (>= 2.6.5)
net-ssh (4.1.0)
netrc (0.11.0)
nokogiri (1.7.2)
mini_portile2 (~> 2.1.0)
nokogumbo (1.4.11)
nokogiri (1.8.0)
mini_portile2 (~> 2.2.0)
nokogumbo (1.4.13)
nokogiri
ox (2.5.0)
paypal-recurring (1.1.0)
pg (0.20.0)
pg (0.21.0)
poltergeist (1.15.0)
capybara (~> 2.1)
cliver (~> 0.3.1)
@ -213,10 +210,8 @@ GEM
nokogumbo (~> 1.4.1)
sass (3.4.24)
sax-machine (1.3.2)
scrypt (3.0.5)
ffi-compiler (>= 1.0, < 2.0)
sequel (4.46.0)
sequel_pg (1.6.18)
sequel (4.48.0)
sequel_pg (1.7.0)
pg (>= 0.8.0)
sequel (>= 4.0.0)
shotgun (0.9.2)
@ -340,7 +335,6 @@ DEPENDENCIES
rye
sanitize
sass
scrypt
sequel
sequel_pg
shotgun
@ -361,4 +355,4 @@ DEPENDENCIES
zipruby
BUNDLED WITH
1.14.6
1.15.1

5
models/site.rb
View file

@ -310,7 +310,6 @@ class Site < Sequel::Model
return false if ENV['RACK_ENV'] == 'production' && ip == '127.0.0.1'
return false if ip.blank?
return true if Site.where(is_banned: true).
where(ip: [ip, hash_ip(ip)]).
where(['updated_at > ?', Time.now-BANNED_TIME]).
first
@ -319,10 +318,6 @@ class Site < Sequel::Model
false
end
def hash_ip(ip)
SCrypt::Engine.hash_secret ip, $config['ip_hash_salt']
end
def ssl_sites
select(:id, :username, :domain, :ssl_key, :ssl_cert).
exclude(domain: nil).

7
views/legal.erb
View file

@ -115,12 +115,13 @@
</p>
<p>
<strong>Retention of IP address information</strong>. For security and privacy reasons, Neocities does not store plain-text IP addresses. All IP addresses stored in Neocities are cryptographically hashed using <a href="http://en.wikipedia.org/wiki/Scrypt">scrypt</a> before being inserted into our database. You are invited to <a href="https://github.com/neocities/neocities/commit/4983a9b24eac00b8d8bfd300a18cdcee0152a271">inspect the code</a> that does this in our code repository.
<strong>Retention of IP address information</strong>. For security and privacy reasons, Neocities does not archive plain-text IP addresses. All IP addresses stored in Neocities are deleted after a certain time. You are invited to <a href="https://github.com/neocities/neocities/commit/4983a9b24eac00b8d8bfd300a18cdcee0152a271">inspect the code</a> that does this in our code repository.
</p>
<p>
We currently store these hashes permanently, but soon will be removing them after 30 days.
After 30 days, those hashes are removed from our database. That means that we can never provide a plain-text IP address, because we lack the means to derive it from the cryptographic one-way hash. And after 30 days, we will have no information on the user's IP address, not even a hash.
<strong>Retention of IP address information</strong>.
We currently store IP addresses of who created a site, but soon will be removing them after 30 days.
That means that we will not be able to provide a plain-text IP address, because we lack the means to provide it.
</p>
<p>