By default the buffer is exhausted every 4 seconds. This should defend against
a potential DoS against clients with JavaScript enabled. Before this, any
request with no token would generate a new user and immediately broadcast the
new user to all the websockets. It's best to lock down as much as possible the
number of places a client can cause the server to broadcasts to all the
websockets.
Any single-user tripcode update deleted all existing tripcode display css
rules, because of one place where there was `stylesheet_color` (the global
variable) where it should have been `stylesheet` (the function argument).
Also now using proper js function named-argument syntax. (Why is it legal
to declare global variables in the arguments of a function call? What?)
In JavaScript, declaring a global variable in a function call is not OK:
> function f(x) {
... console.log(typeof n);
... return x;
... }
> f(var n = 42)
Uncaught SyntaxError: Unexpected token 'var'
> f(let n = 42)
Uncaught SyntaxError: missing ) after argument list
> f(const n = 42)
Uncaught SyntaxError: Unexpected token 'const'
Unless of course you elide the variable keyword:
> f(7)
undefined
7
> f(n = 42)
number
42
> n
42
Not even once.
Incoming requests are handled in anonstream/routes/. Route handlers
mainly depend on files in anonstream/, which in turn depend on files in
anonstream/helpers/ and anonstream/utils/. Utils are pure functions and
helpers are almost pure functions; they don't mutate state but they
do depend on the global app config.