The new default is that the hostname contained in the first assertion
sent to the server will be accepted, and it (and the corresponding IP
address, if it is a domain name) will be added to tokenhosts.
In addition, I have also added a better error message in the case of
an invalid token hostname, which should point users to the relevant
documentation.
I also have changed the default to localhost only. However, servers
which leave `exports.tokenhosts` undefined will continue to accept
all hostnames in assertions, so this commit will not break existing
servers that pull it.
Previously, access to /disableladder and /enableladder was controlled
by the `modchat` permission, which is available to the @, &, and ~
groups by default. However, /disableladder is a very disruptive command
and it is totally unlike modchat, so it is now governed by its own
permission, which is given to the & and ~ groups by default.
The console feature allows users with the 'console' permission
to execute arbitrary JavaScript in the context of the server
process. This allows for the execution of arbitrary code on the
local computer running the Pokemon Showdown server. As such,
the console permission is different from all other permissions
in that it gives power over more than just Pokemon Showdown.
It is likely that most users do not realise how powerful the
console permission is. As such, this commit alters the 'root'
permission so that it does not include the 'console' permission.
If a user intends to give a usergroup the console permission,
the server operator must add
console: true
to a usergroup's permissions in config.js.
This implementation also has the effect of disabling the
console feature on all current servers that pull this commit,
unless they explicitly enable it for a usergroup.
Please do not enable the console permission unless you fully
understand how powerful it is.
Previously, the default configuration allowed the % group and up
to bypass a user's challenge block preference according to each
respective group's default jurisdiction. This commit changes the
behaviour so that all groups with the bypassblocks permission can
bypass the challenge block of all groups, not just groups over
which they have default jurisdiction.
- reportjoins - whether to display "<user> joined"
- reportbattles - whether to display "Battle started between <user> and <other user>"
- lagmode - whether or not the user list should display every user, or just voiced/registered users
- modchat - moderated chat: enable to disallow unregistered+unvoiced users from speaking
Also limit the lobby battle list to only the first 24 battles.
These were in fact enough for PS to handle an influx of 1000+ users from Reddit, lag-free!
