Christoph (Sheogorath) Kern
12ab90020a
Merge pull request #785 from pferreir/redirect-to-login
...
403: Redirect user to login page if not logged in
2018-05-31 12:16:11 +02:00
Sheogorath
2492cf2cdf
Fix typos for allowAnonymousEdits
...
Looks like we lost some variables during the refactoring of the configs
to camel case.
This should fix it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-10 14:40:27 +02:00
Sheogorath
d939de17df
Fix CSP for disqus and Google Analytics
...
This commit should fix existing problems with Disqus and Google
Analytics enabled in the meta-yaml section of a note.
Before this commit they were blocked by the strict CSP. It's still
possible to disable the added directives using `addDisqus` and
`addGoogleAnalytics` in the `csp` config section.
They are enabled by default to prevent breaking changes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-30 16:33:52 +02:00
Pedro Ferreira
99abac343b
403: redirect user to login page if not logged in
...
Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-27 08:53:37 +02:00
Sheogorath
2411dffa2c
Change config to camel case with backwards compatibility
...
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 19:08:14 +02:00
Max Wu
baa0418fb5
Remove and replace all note id compression in LZString with base64url
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Max Wu
15ef54c2dc
Fix to show 500 message when got error in parseNoteId
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-17 00:57:00 +08:00
Sheogorath
e44751b3f1
Fix ldap provider name in template
...
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 10:46:22 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
...
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Christoph (Sheogorath) Kern
268c81a323
Merge pull request #673 from fooker/master
...
Allow posting new note with content
2018-01-20 19:45:41 +01:00
Dario Ernst
6ae4b8bf13
Add option to enable freely
permission in closed instance
...
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.
Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Dustin Frisch
f47601857e
Allow posting new note with content
...
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-01-18 10:41:58 +01:00
Peter Dave Hello
76873d3f7e
Fix file permission, remove useless executable
2017-12-14 05:05:18 +08:00
Norihito Nakae
4a4ae9d332
Initial support for SAML authentication
2017-11-28 18:52:24 +09:00
Sheogorath
8808399c48
Fix mattermost breaking notes
2017-10-31 13:48:35 +01:00
Christoph Witzany
5cda55086a
Add mattermost authentication
2017-10-31 10:34:51 +01:00
geekyd
f7d2ef970a
Adds 403 response if PDF export is disabled
2017-10-25 19:21:34 +05:30
geekyd
d63e6780eb
Adds PDF export via config
2017-10-25 19:19:37 +05:30
Literallie
080436aebb
CSP: Add nonce to slide view inline JS
2017-10-22 00:03:45 +02:00
Wu Cheng-Han
ca95901204
Fix slide might not provide slideOptions meta
2017-06-05 01:12:40 +08:00
butlerx
c531d96f66
check if reveal theme exists
2017-06-01 10:12:40 +01:00
butlerx
e5834c077f
add the ability to set slide theme in slide options
2017-05-31 23:28:43 +01:00
BoHong Li
ecb0533605
refactor(config.js): Extract config file
...
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li
aca01f064d
refactor: Remove require
extension filename
2017-05-08 19:29:06 +08:00
BoHong Li
5870d988b5
Use strict mode in all backend files
...
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li
4889e9732d
Use JavaScript Standard Style
...
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
Wu Cheng-Han
1473437295
Refactor checkViewPermission to fix limited & protected permission check bug and fix code style
2017-01-16 23:47:53 +08:00
Wu Cheng-Han
3c0667813c
Fix missing config in hackmd response
2017-01-16 12:41:34 +08:00
Sheogorath
747629e549
Add allowemailregister
option
2017-01-12 13:54:45 +01:00
Max Wu
a8068d38d5
Merge pull request #313 from elct9620/feature/disable_anonymous_view
...
WIP: Add options to limit anonymous view note
2017-01-10 20:23:47 +08:00
蒼時弦也
89b8ddeaba
Add limited and protected permission
2017-01-10 10:02:37 +08:00
蒼時弦也
c21fb8e2a0
Recovery tariling spaces
2017-01-10 09:35:21 +08:00
蒼時弦也
f8e5b54767
Remove temporary change
2017-01-10 09:32:44 +08:00
Max Wu
b13635aac9
Merge pull request #279 from alecdwm/ldap-auth
...
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
蒼時弦也
1fbecbb03d
Fix anonymouse view permission check
2017-01-05 23:37:10 +08:00
蒼時弦也
aaf1ff4b2f
Add limit for constrain anonymous view note
2017-01-05 22:36:40 +08:00
Wu Cheng-Han
c1b5e74cf9
Fix and refactor extracting content using metaMarked directly might lead in invalid object
2017-01-04 23:57:16 +08:00
Wu Cheng-Han
10a8448c6a
Fix yaml metadata description not able to show
2017-01-02 11:13:41 +08:00
Wu Cheng-Han
f6d8e3ab00
Remove LZString compression for data storage
2017-01-02 10:59:53 +08:00
Florian Rhiem
fdea226159
Fixed typo: anonmyous
2016-12-21 14:36:54 +01:00
Wu Cheng-Han
5bb3de2675
Add support of allow free url config option with correspond modifications
2016-12-16 15:38:05 +08:00
Wu Cheng-Han
5c7eb48319
Add support of allow anonymous config option with correspond modifications
2016-12-15 14:11:23 +08:00
alecdwm
02e9927714
Initial support for LDAP server authentication
...
Limitations as of this commit:
- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
- instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
because we aren't using oauth. The currently generated
tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Wu Cheng-Han
a73d9ce39e
Update to support optional email register and signin
2016-12-02 01:58:14 +08:00
Wu Cheng-Han
71a356552f
Update to auto generate meta description based on content in publish note and slide
2016-11-26 23:04:29 +08:00
Wu Cheng-Han
9d4ede4cff
Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]
2016-11-26 22:55:31 +08:00
Wu Cheng-Han
f86a9e0c4b
Fix slide might trigger script when processing markdown which cause XSS [Security Issue]
2016-11-26 22:46:08 +08:00
Wu Cheng-Han
1d2a9826af
Update to improve history api error and bad request handling
2016-10-10 20:52:31 +08:00
Wu Cheng-Han
55ac4dcccb
Update to allow CORS as API on revision actions
2016-10-10 20:33:48 +08:00
Wu Cheng-Han
3175616573
Update to support showing owner on the infobar
2016-10-10 20:32:20 +08:00