GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  1. 14 May, 2020 1 commit
    • peterh-gr's avatar
      Only do IP rate limiting if no other errors · c090f91a
      peterh-gr authored
      We don't really care if they pound the page with incorrect captcha or other
      fields, so let's only check the IP rate limit if they fill out the fields
      correctly. That way we don't get as many errors emailed to us.
      c090f91a
  2. 11 May, 2020 1 commit
    • peterh-gr's avatar
      Added captcha to subscription form · de457a63
      peterh-gr authored
      We've been getting what we think is a lot of spam from one of the Tor exit
      nodes, so we want to try a captcha on the subscription page to see if it calms
      down.
      
      Issue #46281
      de457a63
  3. 04 May, 2020 1 commit
    • peterh-gr's avatar
      Added a counter for subscription requests · fff600d9
      peterh-gr authored
      We're getting a ton of subscription request errors from the rate limiter
      and they seem to be coming from a Tor exit node. I'm curious to see how
      many of these are getting confirmed to get some idea about whether these
      are legitimate requests or not.
      fff600d9
  4. 04 Feb, 2020 2 commits
    • peterh-gr's avatar
      Turned off campaign totals fetching · fcd30b04
      peterh-gr authored
      The campaign is over for this year, so we can shut off the constant
      campaign totals fetching. They complained last year when I didn't shut
      it off.
      fcd30b04
    • peterh-gr's avatar
      Added subscription details to limiter error · 465154fb
      peterh-gr authored
      We're actually getting results that indicate someone is sending lots of
      requests to the /subscription-request thing. I want to print out more
      details in the log to see if we can get an idea if this is legitimate
      traffic or not.
      
      Issue #44700
      465154fb
  5. 23 Jan, 2020 2 commits
    • peterh-gr's avatar
      Fixed bug that let rate be exceeded · 631e9009
      peterh-gr authored
      If you started the rate limiter for an IP address and then let it sit
      for awhile, you could get the $allowance to build up over the rate
      limit for a small amount of time.
      
      Issue #44827
      631e9009
    • peterh-gr's avatar
      Rate limit number of subscription requests · 60a1b33d
      peterh-gr authored
      An attacker could use the /subscribe form to send tons of emails to
      anyone's email address. We want to limit that so it doesn't cause
      problem. This limits it to 10 emails per 6 hours. It's actually doing it
      by rate, so once you hit the limit of 10, then you can send another one
      about 36 minutes after that and keep sending one every 36 minutes.
      
      Issue #44700
      60a1b33d
  6. 22 Jan, 2020 1 commit
    • peterh-gr's avatar
      Added ip-address-middleware for rate limiting · 723f2af7
      peterh-gr authored
      We need to be able to get the IP address for the request. I wanted to
      use a library so that we can handle the case where the app gets moved
      behind a proxy. Right now the ip-address-middleware is configured to
      ignore the proxy (X-Forwarded-For) addresses because client can spoof
      those, but if we do put it behind a proxy then we can trust the header
      (assuming the proxy is configured correctly) and we just need to change
      the arguments to the constructor in src/middleware.php to adjust for the
      proxy.
      723f2af7
  7. 31 Dec, 2019 1 commit
  8. 28 Dec, 2019 1 commit
  9. 23 Dec, 2019 1 commit
  10. 04 Dec, 2019 2 commits
  11. 27 Nov, 2019 7 commits
  12. 26 Nov, 2019 3 commits
  13. 25 Nov, 2019 1 commit
  14. 14 Nov, 2019 1 commit
    • Stephanie Kirtiadi's avatar
      Styling changes post launch suggested by Tor. · a06c8660
      Stephanie Kirtiadi authored
      Input from Antonela.
      Includes changes to the counter styling.
      Changed lime hex code (styling) and matching header, post EoY2019.
      Removed deprecated link for snail mail, bitcoin and stock.
      Include transaction.pot
      
      Issue #43495
      Issue #43480
      Issue #43603
      Issue #43607
      a06c8660
  15. 11 Nov, 2019 2 commits
  16. 06 Nov, 2019 2 commits
  17. 25 Oct, 2019 4 commits
  18. 23 Oct, 2019 2 commits
    • Stephanie Kirtiadi's avatar
      Remove extra ; in the payment_controller.js · a9fc29aa
      Stephanie Kirtiadi authored
      Code review implementation.
      
      Issue #43405
      a9fc29aa
    • Stephanie Kirtiadi's avatar
      End of Year 2019 Campaign changes. · 2fcba5aa
      Stephanie Kirtiadi authored
      - Header changes for the EOY2019 campaign on landing page and the
      cryptocurrency page.
      - Change of perk option logic on both monthly-giving and landing page.
      Starting soon, the perks are going to be handled by fulfillment
      facility, no more options for the T Shirt Packs.
      Change metatag for End Of Year 2019 campaign sharing.
      Part of the EoY 2019 campaign changes.
      - Remove $10 on landing page for one time donation, default to $125.
      The client asked for this change to be applied when doing the
      review for EoY 2019 campaign on staging.
      Make image width larger for EoY2019 campaign header. #43402
      
      Issue #43101
      2fcba5aa
  19. 18 Oct, 2019 2 commits
  20. 17 Oct, 2019 1 commit
  21. 09 Oct, 2019 1 commit
  22. 07 Oct, 2019 1 commit