2021.7.7.1419 - SignalR Messasing system improvements, security improvements
Do you guys ever get a day where you start working on a thing, then someone needs you to do another thing so you switch focus on that, you find you need to do another thing to do that, then in middle of that someone needs you to do another thing so you focus on that one and as you do another thing comes up. And you finish that one, go back to other things and more things come up and you never even get to the original set of things?
Long story short, no weekly update today, but at least here's a build with a bunch of additions and improvements for the new SignalR message delivery system to solve some initial issues and add a few options based on community feedback. Also some security improvements and bunch of other tweaks and additions! :smile:
[h2]New Features:[/h2]
- Added "Don't send realtime message read status" setting which allows disabling sending message read status to the other user in realtime (requested by @Yellow, @Electronus and @H3BO3)
-- Note that they will still be able to eventually tell that you read them at some point since it's updated in the database, but the status won't change for them the moment you open them
-- When enabled, you don't see any read status on your end either (meaning all messages stay yellow)
- Added SetDateTimeKindNode (implemented by @ProbablePrime | Docs)
-- This allows setting the Kind property on a DateTime instance
- Added VBLFC badge (requested by @Shifty | Quality Control Lead on behalf of @Kulza)
[h2]Security:[/h2]
- Improved ban evasion detection system, preventing users from bypassing public bans by logging out of their accounts (based on reports by the moderation team)
- Added salts to various ID's, to increase difficulty of matching them through a rainbow table (based on report by @runtime)
- Improved the global moderation system to apply account restrictions immediatelly, rather than having to wait for the user to leave and/or rejoin (based on request from @CanadianGit | Moderation Team, @Veer | CMO and rest of the moderation team)
- Added pathWhitelist setting to Config.json which allows restricting (or completely disabling) locations accessible via the built-in File Browser (requested by @Earthmark)
-- This is an array of root paths that can be browsed. E.g. C:\Data\Neos will allow browsing everything in and under that folder, but nowhere else
-- Providing empty array ([ ]) will disable the File Browser functionality completely
-- This can be useful also for events and other situations where you don't want other people browsing everything on your computer
[h2]Tweaks:[/h2]
- When set to Invisible, you automatically don't send realtime message read status to the other user
- Tweaked CosmosDB timeouts and other settings to potentially reduce number of failed requests (based on recent partial outage and community reports)
- Added better REST message API rate limiting mechanism to prevent bad requests from 3rd party applications from causing cloud unresponsiveness
-- If you're making such application, please note that we currently do not officially support this. At very least we ask you to be considerate of how you use the API (e.g. avoid frequently fetching large amounts of messages), otherwise we'll have to tighten the restrictions more or even add a lockout mechanism if too many problematic requests come from your app
- Registration button on auth.neos.com now links to account.neos.com, since the registration on the new website isn't fully implemented yet (based on report by @Levi)
- Removed developer notification message form the Error page on auth.neos.com (based on report by @Levi)
- UserTime node now outputs DateTime with Unspecified kind, rather than UTC (based on report by @I'm Erin., implemented by @ProbablePrime | Docs)
- Merged Japanese locale update by @Aesc
- Merged Russian locale update by @Shadow Panther [RU/EN, UTC+3]
- Merged Czech locale additions and update by @rampa_3 (UTC +1, DST UTC +2)
[h2]Bugfixes:[/h2]
- Fixed Twitch dialog buttons not working after recent change (reported by @LemonCement and @Fuzzy, fixed by @ProbablePrime | Docs)
- Fixed some messages not being properly mark as read on the next login despite reading them, due to the marking as read being processed before the message is fully persisted in the database
- Fixed AdminX not working due to missing some SignalR related libraries
Long story short, no weekly update today, but at least here's a build with a bunch of additions and improvements for the new SignalR message delivery system to solve some initial issues and add a few options based on community feedback. Also some security improvements and bunch of other tweaks and additions! :smile:
[h2]New Features:[/h2]
- Added "Don't send realtime message read status" setting which allows disabling sending message read status to the other user in realtime (requested by @Yellow, @Electronus and @H3BO3)
-- Note that they will still be able to eventually tell that you read them at some point since it's updated in the database, but the status won't change for them the moment you open them
-- When enabled, you don't see any read status on your end either (meaning all messages stay yellow)
- Added SetDateTimeKindNode (implemented by @ProbablePrime | Docs)
-- This allows setting the Kind property on a DateTime instance
- Added VBLFC badge (requested by @Shifty | Quality Control Lead on behalf of @Kulza)
[h2]Security:[/h2]
- Improved ban evasion detection system, preventing users from bypassing public bans by logging out of their accounts (based on reports by the moderation team)
- Added salts to various ID's, to increase difficulty of matching them through a rainbow table (based on report by @runtime)
- Improved the global moderation system to apply account restrictions immediatelly, rather than having to wait for the user to leave and/or rejoin (based on request from @CanadianGit | Moderation Team, @Veer | CMO and rest of the moderation team)
- Added pathWhitelist setting to Config.json which allows restricting (or completely disabling) locations accessible via the built-in File Browser (requested by @Earthmark)
-- This is an array of root paths that can be browsed. E.g. C:\Data\Neos will allow browsing everything in and under that folder, but nowhere else
-- Providing empty array ([ ]) will disable the File Browser functionality completely
-- This can be useful also for events and other situations where you don't want other people browsing everything on your computer
[h2]Tweaks:[/h2]
- When set to Invisible, you automatically don't send realtime message read status to the other user
- Tweaked CosmosDB timeouts and other settings to potentially reduce number of failed requests (based on recent partial outage and community reports)
- Added better REST message API rate limiting mechanism to prevent bad requests from 3rd party applications from causing cloud unresponsiveness
-- If you're making such application, please note that we currently do not officially support this. At very least we ask you to be considerate of how you use the API (e.g. avoid frequently fetching large amounts of messages), otherwise we'll have to tighten the restrictions more or even add a lockout mechanism if too many problematic requests come from your app
- Registration button on auth.neos.com now links to account.neos.com, since the registration on the new website isn't fully implemented yet (based on report by @Levi)
- Removed developer notification message form the Error page on auth.neos.com (based on report by @Levi)
- UserTime node now outputs DateTime with Unspecified kind, rather than UTC (based on report by @I'm Erin., implemented by @ProbablePrime | Docs)
- Merged Japanese locale update by @Aesc
- Merged Russian locale update by @Shadow Panther [RU/EN, UTC+3]
- Merged Czech locale additions and update by @rampa_3 (UTC +1, DST UTC +2)
[h2]Bugfixes:[/h2]
- Fixed Twitch dialog buttons not working after recent change (reported by @LemonCement and @Fuzzy, fixed by @ProbablePrime | Docs)
- Fixed some messages not being properly mark as read on the next login despite reading them, due to the marking as read being processed before the message is fully persisted in the database
- Fixed AdminX not working due to missing some SignalR related libraries