Commit graph

469 commits

Author SHA1 Message Date
Sheogorath
57e6d3a482
Set default to v4
Seems like we didn't fix the problem with the last patch. This should
finally fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-27 21:57:12 +02:00
Claudius
bb80bc2292
removing superfluous config parameters for template files
Signed-off-by: Claudius <opensource@amenthes.de>
2018-09-26 21:01:15 +02:00
WilliButz
12cd747270
imageRouter/filesystem: make callback path-independent
Images are now properly served when `config.uploadsPath`
differs from its default value.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 20:55:15 +02:00
WilliButz
556783ffad
lib/config: use path.resolve instead of path.join
While paths like `tmpPath` could previously be configured,
they were all interpreted relative to `appRootPath` because
of `path.join`.

Now the configurable paths can be canonical and therefore
independent of the `appRootPath`.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:37 +02:00
WilliButz
e48852e0e2
lib/config: add environment variable to set config file
Previously it was assumed that `config.json` would be placed in
the same directory as the rest of CodiMD without any optional override.

This allows to override the path to the `config.json` by setting
`CMD_CONFIG_FILE` to the canonical path of the desired config file.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:37 +02:00
WilliButz
bd2f7cef49
lib/models/revision.js: make independent of exec-path
Previously calling `app.js` from another directory than
the base directory of CodiMD would result in an error being
thrown because `lib/workers/dmpWorker.js` could not be found.

This change makes the function call independent of the path CodiMD
is started from.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:36 +02:00
Sheogorath
353642c870
Fix document length limit on post
We recently introduced a new way to create notes using a post requeest
to the `/new` endpoint. This is not limited in size, other than pasting
a note in the editor. This patch should enforce this limit also on this
way.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-26 16:08:24 +02:00
Sheogorath
7e0be69abb
Omit unneeded warning if no gitlab is configured
This patch should fix the unneeded warning of the wrong API version,
when gitlab isn't configured at all.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-25 00:26:40 +02:00
Sheogorath
6fdb9eea46
Fix server crash on PDF creation
`markdown-pdf` seems to fail to provide the PDFs on tmpfs. This leads
crashing codimd which expects the file to be there. This patch should
add some proper error handling when expectation and reality don't fit
together.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-24 20:25:25 +02:00
Sheogorath
81e3d7bd00
Extend migration error handling
The current error handling seems to conflict with some sequelize
versions. So we add a second version of it in our excemptions.

I'm not happy about it, but when it helps to prevent further migration
breaking, it's worth it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 16:19:35 +01:00
Christoph (Sheogorath) Kern
007f252273
Merge pull request #906 from SISheogorath/fix/letterAvatarMail
Fix possible weird objects as email
2018-09-05 11:36:29 +01:00
Alexander Hesse
f728fdb8ab BUGFIX: wrong version check for gitlab api
Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
2018-08-23 14:06:26 +02:00
Christoph (Sheogorath) Kern
881ca88c51
Merge pull request #908 from micedre/gitlabV4
Add possibility to choose between version v3 or v4 for the gitlab api.
2018-07-31 10:55:08 +02:00
Cédric Couralet
66d374b128 Add possibility to choose between version v3 or v4 for the gitlab api.
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)

Default gitlab api version to v4

Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-07-31 08:36:56 +00:00
Christoph (Sheogorath) Kern
48ddcef31c
Merge pull request #894 from hcaloto/fixMigrationIssues
Add missing catch blocks for migration from 1.1.1 to 1.2.0
2018-07-31 10:26:39 +02:00
Hugo Caloto
26a14dd987 Add missing catch blocks for migration from 1.1.1 to 1.2.0
Signed-off-by: Hugo Caloto <hcaloto@gmail.com>
2018-07-31 08:19:57 +02:00
Christoph (Sheogorath) Kern
93a3ce1164
Merge pull request #907 from SISheogorath/fix/historyLZString
Some minor improvements for LZString handling
2018-07-28 15:03:06 +02:00
Sheogorath
db5b86df4c
Further improvement of error handling for LZString
This does some more in depth check on the error message and minimizes
the log noise that is caused by LZString.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 15:42:58 +02:00
Miranda Kastemaa
70e8df5c04 Support 'host' & 'path' config options
Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
2018-07-27 15:35:29 +03:00
Sheogorath
1f85017625
Minimize number of errors in LZString parsing errors for history
Right now we still see a lot of LZString parsing errors in the logs. 
They probably come from the user history. We should minimize the number 
by add the basic length check there as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 13:59:55 +02:00
Sheogorath
187401a876
Fix possible weird objects as email
It seems like some providers return strange types for emails which cause
problems. We default to something that is definitely a string.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 13:36:22 +02:00
Maxence Ahlouche
972a81aa6f Upload images to the filesystem by default, rather than to imgur
Signed-off-by: Maxence Ahlouche <maxence.ahlouche@gmail.com>
2018-07-09 20:31:14 +02:00
Max Wu
b7e5a82f52 Add script src hash for speaker note to CSP directives
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-07-05 18:41:27 +08:00
Sheogorath
d76ea5440a
Fixing content types in status router
As it turns out, expressjs doesn't detect the right mimetype and it
seems like I didn't bother to test this enough. So lets fix it for the
next release.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-03 20:38:52 +02:00
Sheogorath
562985a115
Update passport-ldap
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
2184491f4a
Final replacements
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 14:13:46 +02:00
Sheogorath
a762928e97
Do final internal renameing
A little minor change, by moving the CodiMD version header in its own
middleware. Should simplify to determine the version number of the
Backend in future.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 14:05:41 +02:00
Sheogorath
23c33c0c04
Rename HackMD view to CodiMD
Even when it looks a bit weird in first place to rename all internals
step by step, it makes sense to do so, because we run into confusion
afterwards.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:40:18 +02:00
Sheogorath
b242b59db4
Rename environment variables and add legacy support.
As we are no longer HackMD the short tag `HMD` doesn't match anymore. We
move it to the matching prefix `CMD` and inform our users about the
change.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:40:18 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Christoph (Sheogorath) Kern
d87505d583
Merge pull request #854 from hackmdio/feature/disableGravatar
Allow to disable gravatar
2018-06-24 01:59:06 +02:00
Christoph (Sheogorath) Kern
b8726bbe8d
Merge pull request #855 from hackmdio/fix/constants
Move config out of statics path
2018-06-24 01:58:08 +02:00
Christoph (Sheogorath) Kern
cfdfafdb79
Merge pull request #856 from hackmdio/fix/lineEndings
Fix possible line-ending issues for init note
2018-06-24 01:57:47 +02:00
Christoph (Sheogorath) Kern
ec78c4f2fc
Merge pull request #857 from hackmdio/fix/pdf-links
Fix broken images in PDF caused by misconfigred server URL
2018-06-24 01:57:26 +02:00
Sheogorath
bf9400e107
Fix breaking regex
The image upload regex breaks with the new path for uploads.

This commit fixes it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 01:03:45 +02:00
Sheogorath
f69e77de42
Fix broken images in PDF caused by misconfigred server URL
As it turns out, if the serverURL can't be generated correctly, HackMD
will use relative paths in image upload. This causes broken links in
PDF.

With this commit we force absolute links during PDF creation which
hopefully fixes the problem.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 01:00:29 +02:00
Sheogorath
b7b621822c
Fix possible line-ending issues for init note
By uploading a malicous note currently it is possible to prevent this
note from being edited. This happens when using Windows line endings.

With this commit we remove all `\r` characters from the notes and this
way prevent this problem.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 00:32:50 +02:00
Sheogorath
0ed4b50098
Move config out of statics path
Since static path is providing with a high expiration data, we provide
configs via API. This shouldn't add any noticeable load while making it
uncached and this way working again.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 00:07:32 +02:00
Sheogorath
318b2d378f
Allow to disable gravatar
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.

This commit also simplifies and optimizes the avatar code.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:40:55 +02:00
Sheogorath
a2608c319a
Fix possible error if HackMD is started with wrong workdir
In https://github.com/hackmdio/hackmd/issues/834 is described how
starting HackMD crashes when using the wrong working dir.

This is caused by a relative path in our upload routine. This change
should fix it and prevent future crashes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:01:01 +02:00
Christoph (Sheogorath) Kern
56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
Sheogorath
634b3c9cea
Fix i18n writing locale files in production
This commit should prevent the i18n module from adding missing
translations to the local files in setups that are not for development.
This way we keep the directory clean and idempotent.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-05 01:40:50 +02:00
Christoph (Sheogorath) Kern
551840ad57
Merge pull request #784 from pferreir/add-oauth2-support
Add "generic" OAuth2 support
2018-06-04 15:54:47 +02:00
Adam Hoka
b5574466cd Fix callback validation
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 14:26:28 +02:00
Ádám Hóka
376fcab2ca Add Azure Blob Storage support
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 10:07:52 +02:00
Christoph (Sheogorath) Kern
12ab90020a
Merge pull request #785 from pferreir/redirect-to-login
403: Redirect user to login page if not logged in
2018-05-31 12:16:11 +02:00
Sheogorath
bcbb8c67c9
Add note export function
This function is the first step to get out data following GDPR about the
transportability of data.

Details: https://gdpr-info.eu/art-20-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-26 03:12:21 +02:00
Sheogorath
70df29790a
Add token based security feature
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.

We can add a GUI that shows it later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 18:26:06 +02:00
Sheogorath
e31d204d74
Fix requests for deleted users
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 16:15:18 +02:00
Sheogorath
4229084c62
Add delete function for authenticated users
Allow users to delete themselbes. This is require to be GDPR compliant.

See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 15:24:47 +02:00
Sheogorath
408ab7ae1d
Use cascaded deletes
When we delete a user we should delete all the notes that belong to this
user including the revisions of these notes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 14:55:18 +02:00
Sheogorath
8aa5c03213
Use hard delete instead of soft delete
Right now we only flag notes as deleted. This is no longer allowed under
GDPR. Make sure you do regular backups!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 14:50:37 +02:00
Sheogorath
41a36e2e18
Add privacy and ToS links
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.

Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.

This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-24 18:10:36 +02:00
Christoph (Sheogorath) Kern
6d44ded269
Revert "Workaround Google API problems" 2018-05-16 01:31:50 +02:00
Christoph (Sheogorath) Kern
e4e198c819
Merge pull request #813 from SISheogorath/fix/googleAPI
Workaround Google API problems
2018-05-10 00:13:23 +02:00
Max Wu
e0629c7d27
Fix typo of "grouptAttribute" in saml auth module
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-04-27 21:52:05 +08:00
Christoph (Sheogorath) Kern
763479bea8
Merge pull request #803 from SISheogorath/fix/letterAvatarCSP
Move letter-avatars into own request
2018-04-17 22:29:37 +02:00
Sheogorath
69aed93282
Move letter-avatars into own request
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.

This implementation probably needs some beautification. But already fixes
the bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-17 19:06:59 +02:00
Sheogorath
ef86bf5cba
Use API key instead of clientSecret
As recently discovered we send the clientSecret to the webclient which
is potentionally dangerous. This patch should fix the problem and
replace the clientSecret with the originally intended and correct way to
implement it using the API key.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-13 09:38:59 +02:00
Christoph (Sheogorath) Kern
10121118fb
Merge pull request #797 from SISheogorath/fix/LZErrorLog
Add check for noteId length
2018-04-11 22:48:40 +02:00
Sheogorath
735b806d5d
Add check for noteId length
As we know the length of an UUID we can check if the base64 string
of the provided UUID is long enough for a legacy base64 encoded nodeId
and stop processing it in legacy mode, if it's not the case.

This should make the ugly warning way less common.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-10 16:10:34 +02:00
Sheogorath
2492cf2cdf
Fix typos for allowAnonymousEdits
Looks like we lost some variables during the refactoring of the configs
to camel case.

This should fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-10 14:40:27 +02:00
Christoph (Sheogorath) Kern
96af23fa31
Merge pull request #791 from SISheogorath/fix/extendedCSPPolicies
Fix CSP for disqus and Google Analytics
2018-04-05 01:13:15 +02:00
Sheogorath
d939de17df
Fix CSP for disqus and Google Analytics
This commit should fix existing problems with Disqus and Google
Analytics enabled in the meta-yaml section of a note.

Before this commit they were blocked by the strict CSP. It's still
possible to disable the added directives using `addDisqus` and
`addGoogleAnalytics` in the `csp` config section.

They are enabled by default to prevent breaking changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-30 16:33:52 +02:00
Sheogorath
30b5ff0d96
Add session data to env vars
Currently the session secret can only be set by config.json or docker
secrets. This creates a problem on Heroku hosted instances that can not
set a session secret.

Since we automatically generate them on startup this results in an
logout of all users on every config change in Heroku.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-29 19:34:32 +02:00
Christoph (Sheogorath) Kern
d2cce7638a
Merge pull request #780 from SISheogorath/fix/sessionSecret
Automatically generate a session secret if default is used
2018-03-28 12:25:01 +02:00
Christoph (Sheogorath) Kern
1649a9b742
Merge pull request #786 from SISheogorath/fix/compatiblityConfig
Fix some issues with legacy config compatiblity
2018-03-27 19:38:21 +02:00
Pedro Ferreira
99abac343b 403: redirect user to login page if not logged in
Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-27 08:53:37 +02:00
Sheogorath
10a81e7db2
Fix logical error in legacy config expression
We should check for an undefined and not just for a logical true or
false.

Example: When `usecdn` was set to false it was impossible to overwrite
the new config value because the if statement becomes false.

Thanks @davidmehren for pointing me to this issue.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-26 20:49:37 +02:00
Sheogorath
4eef661c15
Rename forgotten values
Looks like we forgot something during the migration. This should fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-26 20:15:45 +02:00
Pedro Ferreira
34df7ccce8 Use TEXT instead of STRING for tokens
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26 15:55:39 +02:00
Pedro Ferreira
40b3855702 Add support for generic OAuth2 providers
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26 15:55:39 +02:00
Sheogorath
3599fb79b4
Automatically generate a session secret if default is used
The session secret is used to sign and authenticate the session cookie
and this way very important for the authentication process.

By default the session secret is set to `secret` and never changes. This
commit will add a generator for a dynamic session secret if it stays
unchanged.

It prevents session hijacking this way and will warn the user about
the missing secret.

This also implies that on a restart without configured session secret
will log out all users. While it may seems annoying, it's for the users
best.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-26 00:36:28 +02:00
Sheogorath
450262c4ab
Allow embedding of video and audio tags
Adding mediaSrc to CSP so video and audio files can be embedded without
problems.

From a security perspective it should be fine to load audio and video
data without introducing a high security issue. Only from a privacy
perspective it allows another way to track users if there are data
embedded. But it doesn't introduce any new attack vector as pictures are
also allowed from everywhere.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 20:51:56 +02:00
Sheogorath
2411dffa2c
Change config to camel case with backwards compatibility
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 19:08:14 +02:00
Christoph (Sheogorath) Kern
6485f96659
Merge pull request #771 from SISheogorath/refactor/imageRouter
Refactoring imageRouter to modularity
2018-03-21 14:13:32 +01:00
Sheogorath
1756e76dc3
Refactoring imageRouter to modularity
This should make the imageRouter more modular and easier to extent. Also
a lot of code duplication was removed which should simplify maintenance
in future.

In the new setup we only need to provide a new module file which exports
a function called `uploadImage` and takes a filePath and a callback as
argument. The callback itself takes an error and an url as parameter.
This eliminates the need of a try-catch-block around the statement and
re-enabled the optimization in NodeJS.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-20 11:00:11 +01:00
Christoph (Sheogorath) Kern
5361a97188
Merge pull request #770 from SISheogorath/fix/ldapUUID
Add check for undefined UUID
2018-03-18 15:13:51 +01:00
Christoph (Sheogorath) Kern
f6df2deb84
Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64
Fix to use url-safe base64 in note url
2018-03-18 15:13:06 +01:00
Sheogorath
638eae0dfb
Add check for undefined UUID
This check is needed at there are tons of LDAP implementations out there
and none has at least one guaranteed unique field. As we currently check
three fields and added an option to select one yourself, it's still not
said that any of these fields is set. This will now create an error
and fail the authentication instead of letting people may get access to
other people's notes which are stored under a this way deterministic
wrong userid named `LDAP-undefined`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-18 00:27:07 +01:00
Christoph (Sheogorath) Kern
6b30f66272
Merge pull request #757 from SISheogorath/fix/migration
Add missing migration for permissions
2018-03-17 21:33:02 +01:00
Sheogorath
d682695bf1
Add helper function to fix number problems
As minio causes various problem if you configure it using environment
variables and leave the port setting out, which will evaluate to NaN,
this change should fix this in a clean way for this time and helps to
support numbers in general in future.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-16 20:37:59 +01:00
Christoph (Sheogorath) Kern
9cbe03d8a8
Merge pull request #761 from SISheogorath/feature/reportURI
Add config option for report URI in CSP
2018-03-14 22:10:23 +01:00
vazontang
070dd27f95
Convert HMD_MINIO_PORT into Number type.
fix hackmdio/hackmd#763

Signed-off-by: Tang TsungYi <vazontang@gmail.com>
2018-03-15 04:07:45 +08:00
Sheogorath
efa490a50f
Add config option for report URI in CSP
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-14 17:57:41 +01:00
Max Wu
5e975cbe69 Fix to log instead of throwing error on parse note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-11 02:52:24 +08:00
Max Wu
c7657ae81e Fix parseNoteId order to fix some edge case
that LZString note url could be parsed by base64url note url and thus return wrong note id

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-10 16:52:24 +08:00
Max Wu
16cb842b94 Improve history migration performance
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-10 16:51:00 +08:00
Felix Schäfer
12dae4465f Multiple emails from LDAP are already an Array
Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-09 14:39:08 +01:00
Sheogorath
f85ba6df53
Add missing migration for permissions
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-06 16:31:41 +01:00
Felix Schäfer
6094c61871 Remove unused LDAP option tokenSecret
hackmdio/hackmd#754

Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-05 14:06:05 +01:00
Dustin Frisch
d6ee10d176
Introduce ldap.useridField
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-03-01 23:51:47 +01:00
Max Wu
fe429e9ac1 Update to use buffer in encode/decode note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-27 20:57:31 +08:00
Max Wu
44298baa93 Add migration for LZString compressed note id in history
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:46:59 +08:00
Max Wu
baa0418fb5 Remove and replace all note id compression in LZString with base64url
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Max Wu
15ef54c2dc Fix to show 500 message when got error in parseNoteId
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-17 00:57:00 +08:00
Max Wu
bb5e021f20 Fix field type to prevent data truncation of authorship (#721)
* Fix field type to prevent data truncation of authorship
2018-02-09 14:27:06 +01:00
Takeaki Matsumoto
a9973cabc4 Fix typo of DB migration script
Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
2018-02-08 10:15:05 +09:00
Stefan Bühler
c4f8fb78ee don't require referer to find note id in socket.io connections (fixes #623)
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
2018-02-05 14:26:42 +01:00
Sheogorath
eddf8a3a33
Fix uncaught exception for non-existent user
Since we added user management it's possible to get non-existent users
which can cause a crash of the Backend server.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 21:53:36 +01:00