By default:
- `ssid_sessions[socket.ssid]` is now `session_data`
- `require` is no longer allowed in user scripts
To access global `socket_sessions` and `ssid_sessions`, as well as `require` additional modules, you must set `privileged: true` for the specific service. See `config.json`.
- likely adds new bug where users will be kicked to relogin after the
server restarts
- TODO: figure out a way to safely check the user login when session
data is unknown (eg restart) (hint: ticket?)
- fix broken session bust crap from before
- properly resume session as user when server restarted
- api available to store other things in the wtv-ticket
- fixed getUnreadMailCount
- added unread mail count to login screen
- added session busted detection (new bug that when you restart minisrv it loses the user_id, so we send the client to relog) (todo: maybe add api to add key/value to ticket so we can retain data over server restarts)
- move user accounts to subdir
- add password support
- implemented basics of multi-user support
- Can add users, edit them, and log in with them (password or not)
- Cannot delete users (with service) yet
- can get telly and reach stage-two
- narrow whitelist of allowed URLS in WTVClientSessionData constructor
- enough to show wtv-1800:/unauthorized with trust priv
- Times out lockeddown users really fast ;)
- untested disk error page
- proper gzip download for disk system (aka WNI reinventing the Content-Encoding: gzip wheel)
- send Last-Modified for static files
- send wtv-checksum for all disk system downloads
- other fixes
- rewrote sync system yet again
- more classes
- WTVShared class for shared functions
- clientShowAlert class for easy client:showalert urls
- User File Store
- Can upload with PUT commands in wtv-disk
- Programmically access files with new functions in WTVClientSessionData
- TODO: file browser
- other stuff I can't remember
- viewer seems to retain only wtv-* and wtv-head-waiter, so lets try to be closer to protocol and boot with a wtv-head-waiter address instead of wtv-1800
- we still handle via wtv-1800 but we accept wtv-head-waiter:/relogin and send the client on its way to the relogin path
- convert post_data to query if valid query data
- wtv-register system
- Store Session data as JSON flat file
- wtv-cookie support
- spent way too much time on a page no one will read
- move filterSSID to WTVClientSessionData
- disable compression until fixed
- do not delete WTVSec on last socket, instead recreate on prereg
- set 'wtv-bypass-proxy' to false
- rework header whitelist system for HTTP(s) proxy
- clean up SSID session data only if client is not seen for 3 minutes
- add shouldWeCompress() function
- add additional headers to wtv-setup:/get
- add initial blank wtv-music:/get-playlist
- update: app.js: fix for minibrowser connectivity
- update: app.js: enhance security
- update: wtv-home:/home: fix wtv-needs-upgrade -> wtv-need-upgrade
- update: wtv-head-waiter:/login-stage-two: do not send wtv-settings:/get to minibrowser
- update: wtv-1800:/preregister: Disconnect and clean up all previous sockets for the connecting SSID when hitting preregister. Also re-create wtvsec_login.
- feature: add SSID whitelist/blacklist as well as IP based SSID auth
- Add user_config_README.md
- Update user_config.example.json
- Update README.md
- update: wtv-1800:/finish-prereg: send tellyscript on relogin if tellyscripts are enabled, and wtv-script-id == 0 (no tellyscript)
- Allow definition of custom ServiceVault paths
- feature: app.js: add `bind_ip` option to specify an IP to bind to, instead of `0.0.0.0`
- feature: custom service logos and better wtv-home:/splash
