With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.
Some more details: https://mathiasbynens.github.io/rel-noopener/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since the youtube video on our feature page seems to have vanished, this
patch replaces it with an video of the blender foundation
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Removing copyrigt sign since we are not copyrighting things.
Changing hackmd.io to codimd.org since HackMD is more and more dividing
from CodiMD and may brings up wrong expectations.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We broke the follow us before by removing Facebook and Twitter. Adding
POEditor should fix it and help to attract new translators.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)
Default gitlab api version to v4
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
The ToC generated broken HTML with unclosed `<li>` tags. This got fixed
as well as some minor optimisation and adding list elements for the
subentries so the elements appear in the ToC while scrolling.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This replaces the existing iterative implementation of the ToC
generation with an recursive one.
This also solves the problem of skipped headers which causes wrong
leveling of them.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We have some issues with night mode and the font color. This should fix
this in the permission table and the delete node modal. As well as some
picture styling.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
It wasn't possible to create unicode based URLs in freeurl mode, because
the noteid used for the websocket connection is double escaped. When we
decode it and let socketio-client reencode it, we get the real
shortid/noteid and can find the note in the database and open the
connection.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
It redirects the user to the print view of the document. I claim that
people should either be smart enough to use ctrl+P or ask someone who
knows how to print a webpage. I don't want to babysit our users.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Even when it looks a bit weird in first place to rename all internals
step by step, it makes sense to do so, because we run into confusion
afterwards.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since static path is providing with a high expiration data, we provide
configs via API. This shouldn't add any noticeable load while making it
uncached and this way working again.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
First fixed some linting issues. Also optimized some functions to be
undoable with one ctrl+z.
This should also speedup some operations
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We don't support it on CDN false instances, but it doesn't hurt to keep
it in for CDN-enabled instances
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This translation was contributed via POEditor by the user Basix.
Thanks a lot for your work!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
As we use various services and integration we should provide an example
privacy policy.
It has to be adjust when using it to match your setup.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This adds the UI for the export feature introduced in
bcbb8c67c9
It allows to download all notes from the main page in the default user
submenu.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This provides the UI for the delete user feature introduced in
4229084c62
Placing of the user delete button is not perfect, but can be moved to an
own user tab later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.
Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.
This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.
As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.
This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>