- /fr and /frt now behave as follows:
1) Regardless of whether they are used in a battle or in the lobby,
both commands show a message to all users in the lobby with the
`receiveauthmessages` permission (which is % and up by default).
2) If used in a battle, the message is also shown to all users in
the battle, even if they are not auth. In addition, the message
is written to the lobby file logs.
- use of /lockdown, /endlockdown, /kill, /crashfixed, and /crashnoted
is now written to the lobby file logs (including the identity of the
person who used the command)
If `loglobby` is enabled in the config file, lobby logs are written
to logs/lobby/yyyy-mm/yyyy-mm-dd.txt. Lobby logs are kept in their own
subdirectory of the 'logs' directory in order to avoid a namespace
clash with a format named 'logs', and also because there are many
reasons why one might want to copy the battle logs without copying
the lobby logs.
With the advent of challenge-response authentication, the `tokenhosts`
feature is no longer necessary. It can still be used for slightly
increased security, but since it makes it harder for users to get
the server up and running, it is now disabled by default.
The new default is that the hostname contained in the first assertion
sent to the server will be accepted, and it (and the corresponding IP
address, if it is a domain name) will be added to tokenhosts.
In addition, I have also added a better error message in the case of
an invalid token hostname, which should point users to the relevant
documentation.
I also have changed the default to localhost only. However, servers
which leave `exports.tokenhosts` undefined will continue to accept
all hostnames in assertions, so this commit will not break existing
servers that pull it.
Previously, access to /disableladder and /enableladder was controlled
by the `modchat` permission, which is available to the @, &, and ~
groups by default. However, /disableladder is a very disruptive command
and it is totally unlike modchat, so it is now governed by its own
permission, which is given to the & and ~ groups by default.
The console feature allows users with the 'console' permission
to execute arbitrary JavaScript in the context of the server
process. This allows for the execution of arbitrary code on the
local computer running the Pokemon Showdown server. As such,
the console permission is different from all other permissions
in that it gives power over more than just Pokemon Showdown.
It is likely that most users do not realise how powerful the
console permission is. As such, this commit alters the 'root'
permission so that it does not include the 'console' permission.
If a user intends to give a usergroup the console permission,
the server operator must add
console: true
to a usergroup's permissions in config.js.
This implementation also has the effect of disabling the
console feature on all current servers that pull this commit,
unless they explicitly enable it for a usergroup.
Please do not enable the console permission unless you fully
understand how powerful it is.
Previously, the default configuration allowed the % group and up
to bypass a user's challenge block preference according to each
respective group's default jurisdiction. This commit changes the
behaviour so that all groups with the bypassblocks permission can
bypass the challenge block of all groups, not just groups over
which they have default jurisdiction.
- reportjoins - whether to display "<user> joined"
- reportbattles - whether to display "Battle started between <user> and <other user>"
- lagmode - whether or not the user list should display every user, or just voiced/registered users
- modchat - moderated chat: enable to disallow unregistered+unvoiced users from speaking
Also limit the lobby battle list to only the first 24 battles.
These were in fact enough for PS to handle an influx of 1000+ users from Reddit, lag-free!
