Releases: zekroTJA/shinpuru
1.6.0
MAJOR PATCH
Major Implementations
"Anonymous" Reports [#189]
Now, it is possible to report members by ID which are not actually on the guild. These reports are handled as same as "normal" reports without actual user validation.
This is especially useful to report members which violate the rules of your guild but leave the guild before you are able to report them.
Also, you are actually able to ban members which are not on the guild so you are able to ban members which left the guild or never were a member of the guild.
guildinfo Command [#191]
shinpuru now has a new command: guild.
It simply outputs some general information about the guild where the command was executed on.
Minor Updates
-
Some features like the vote command or color embed system now take advantage of the new reply feature of Discord.
-
The header of the web interface now uses the new logo of shinpuru. Also some spacings issues are fixed now.
Bug Fixes
- Fix guild tile titles in web interface [#190]
- Fix API token route layout
Backstage
- Add package embedbuilder to
/pkg
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.6.0
1.5.0
MAJOR PATCH
Major Implementations
Landing Page
shinpurus /login page is now decorated by a landing page which shows off some of shinpurus core features, some invite links and options to self host as well as some links to dive deeper.
This page is still in a kind of beta state. A lot of stuff is still missing like proper support for mobile devices as well as further feature spotlights.
Minor Updates
-
Two imporvements of the color feature:
- A name of the color which is closest to the specified color is now displayed. This is provided by the
zekroTJA/colornamepackage. - The name of the embed executor is now displayed in the embed footer. [#183]
- A name of the color which is closest to the specified color is now displayed. This is provided by the
-
You are now able to chat mute/unmute members via the web interface. [#187]
-
The web server endpoint
/invitenow redirects to the invite link of the current shinpuru instance (e.g. https://shnp.de/invite). -
The
execcommand now shows the ammount of consumed JDoodle API tokens, when activated.
Bug Fixes
- Fix hex notation of color reaction embeds.
- Fix a bug in the jdoodle listener which caused missing line breaks on pushing the snippet to the JDoodle API. [#186]
- Fix the label of the Prometheus metric
discord_commands_processed_total.
Backstage
- Moved
stringutilspackage topkg/stringutils. - Moved
jdoodlepackage topkg/jdoodle.
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.5.0
1.4.0
MAJOR PATCH
Major Implementations
Antiraid System [#159]
A new guild security feature has been added to shinpuru: The Antiraid System.
What is a "Raid"?
A guild raid is mostly refered to a large, burst-like ammount of accounts joining the guild in a short period of time. This is mostly caused by a single user or a group of users which utilize bot-created or hijacked accounts to flood a guild.
To counteract this, the antiraid system constantly checks the rate of users joining your guild. If the rate increases over a certain threshold, the antiraid system triggers. Following, the guilds security level is raised to verry high and for the following 24 hours, all users joining the guild are logged in a list which is accessable via the web interface. Also, all admins of the guild will be informed about the incident.
Of course, the antiraid system can be toggled and the trigger threshold values can be managed in the web interface (if you have the sp.guild.config.antiraid permission).
Metrics Monitoring [#170]
You are now able to monitor core metrics of shinpuru using Prometheus and Grafana.
You can enable the prometheus scraping endpoint by adding this to your shinpuru config:
metrics:
enable: true
addr: ":9091"Here you can find an example Prometheus configuration and here you can find an example grafana dashboard to monitor shinpuru's metrics.
Example dashboard. Data from shinpuru Canary instance.
Minor Updates
- Add aliases to
karmacommand:leaderboard,lb,sbandtop. [#181] - The
karmacommand now shows the karma points of a user when specified as argument. [#179]
Bug Fixes
- The web frontend route
/guilds/:guildid/guildadminnow redirects to/guilds/:guildid/guildadmin/antiraidinstead of firing errors. [#180]
Backstage
- Updated a bit of the project structure: The packages
listenersandwebserverare now moved into theinternal/corepackage.
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.4.0
1.4.0-rc1
MAJOR PATCH
Major Implementations
Antiraid System [#159]
A new guild security feature has been added to shinpuru: The Antiraid System.
What is a "Raid"?
A guild raid is mostly refered to a large, burst-like ammount of accounts joining the guild in a short period of time. This is mostly caused by a single user or a group of users which utilize bot-created or hijacked accounts to flood a guild.
To counteract this, the antiraid system constantly checks the rate of users joining your guild. If the rate increases over a certain threshold, the antiraid system triggers. Following, the guilds security level is raised to verry high and for the following 24 hours, all users joining the guild are logged in a list which is accessable via the web interface. Also, all admins of the guild will be informed about the incident.
Of course, the antiraid system can be toggled and the trigger threshold values can be managed in the web interface (if you have the sp.guild.config.antiraid permission).
Metrics Monitoring
You are now able to monitor core metrics of shinpuru using Prometheus and Grafana.
You can enable the prometheus scraping endpoint by adding this to your shinpuru config:
metrics:
enable: true
addr: ":9091"Here you can find an example Prometheus configuration and here you can find an example grafana dashboard to monitor shinpuru's metrics.
Example dashboard. Data from shinpuru Canary instance.
Backstage
- Updated a bit of the project structure: The packages
listenersandwebserverare now moved into theinternal/corepackage.
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.4.0-rc1
1.3.3
1.3.2
1.3.1
MINOR PATCH
Minor Improvements
- The
lockcommand now has a process visualization for better clarity.
Bug Fixes
- A critical flaw in the permissions middleware which would practically bypass the whole permission system is now fixed. [#169]
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.3.1
1.3.0
MAJOR PATCH
Major Implementations
Karma System Settings [#146]
The Karma System is now configurable via the web interface. If you have the permission sp.guild.config.karma, you will see this entry in the guild settings of the web interface:
There, you can enter the advanced guild settings interface where you can define preferences like enable or disable the karma system, emojis used to increase or decrease karma or the ammount of tokens available per hour per user.
Channel Locking [#165]
Added the lock command to write-lock text channels. By either typing sp!lock into the channel which shall be locked or remotely by passing a channel resolvable (i.e. sp!lock general), you can write-lock channels. That means, that all roles in this channel (below the role of the executor) are explicitly disallowed to write messages in this channel. When hitting the same command again onto this channel, the permission state before the first execution of the lock command are restored.
Security
Because shinpuru is using cookies containing a singed JWT with session information to authenticate requests against the HTTP REST API, it was vulnerable to XSRF (Cross-site request forgery) attacks. This is now fixed by generating session-bound anti-forgery tokens, which are set using the XSRF-TOKEN cookie, which is readable by JavaScript. Angular then reads the cookie and sets it as X-XSRF-TOKEN header for each following POST, PUT or DELETE request. API-Token based authentications do not need to send the X-XSRF-TOKEN, be cause they are already authenticated using headers.
Bug Fixes
- Permission rules bound to
@everyoneare now correctly processed. - Also non-command specific permission rules are now correctly listed by the
GET /api/guilds/:guildID/:userID/permissions/allowedendpoint.
Backstage
- Refactored the SQLite3 database middleware so that it inherits all bindings from the MySQL middleware which redured it from 952 to only 161 lines of code.
- API handlers are now split up in seperate files for better overview.
- The
GetMemberPermissionsfunction is now moved from the database middlewares to the permission middleware.
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.3.0
1.2.1
MINOR PATCH
Minor Improvements
- Discord assets in web interface are now requested with a proper resolution. [#163]
- Report revoke link in web interface is now only shown if the user has the permission to do so.
Bug Fixes
- Fix permission update handling when adding the same permission rule as existent. [#161]
- Fix dropdown style in web interface (old vs new).
- Fix color reaction spam on message edit. [#162]
Backstage
- Moved the permissions and the twitchnotify packages to the
pkgpublic package domain.
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.2.1
1.2.0
MAJOR PATCH
Major
-
Karma system implementation. [#134, #145]
Karma is a value which shall provide a scale of the trustworthyness of a user on the guild. The system works similar to the karma system of Reddit or Stackoverflow, for example.
You can gain karma when other users react to your messages with👍, 👌, ⭐, ✔and you lose karma when users react with👎, ❌to your message.
The value of karma is shown in the profile command and in the web interface. Also, you can view a scoreboard of the members with most karma.
You can read the full proposal here in this issue: #134.
-
shireikan implementation. [#152]
shireikan is a command handler package which replaces the internal command handler of shinpuru. Read more about the advantages of this implementation in issue #152. In order of this implementation, a lot of commands and modules needed to be refactored. -
Web frontend changes. [#151, #153]
The layout of the front end is now kept at a max width and centered which leads to a way more clear and nice-looking design. Also, it is now possible to revoke reports via the web interface.
-
Add color reactions. [#155]
Color reactions are a system which, when enabled by thecolorcommand, scrapes messages for hexadecimal color codes. Then, a reaction is added which shows the color. After clicking the reaction, more information about the color is shown.
-
Command overview in web interface. [#158]
Add a command list in the web interface where you have a clear overview over all commands of shinpuru and how they are used.
Minor
- Add edit flag to say command. [#142]
- Update Header in Web Interface which is now static at the top of the window and has a drop shadow for better visual seperation.
- Optimize permission role input in web interface. [#148]
- Add fuzzy search for help command. [#157]
Fixes
- Fix typo in security cards in web interface. [#140]
- Fix self-member button in web interface. [#141]
- Unify command descriptions.
Backstage
- Database drivers are now moved to the internal package
internal/core/middlewareto make middleware drivers available for usage as database and general purpose cache or other use cases. - Add service which starts the Angular dev server alongside with shinpuru when passing the
-devmodeflag on start.
Docker
Here you can find the docker hub page of shinpuru.
Pull the docker image of this release:
$ docker pull zekro/shinpuru:1.2.0